added libtomcrypt-1.00

Doxyfile

@@ -0,0 +1,1155 @@
+# Doxyfile 1.3.9.1
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+#       TAG = value [value, ...]
+# For lists items can also be appended using:
+#       TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded 
+# by quotes) that should identify the project.
+
+PROJECT_NAME           = LibTomCrypt
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number. 
+# This could be handy for archiving the generated documentation or 
+# if some version control system is used.
+
+PROJECT_NUMBER         = 1.00rc1
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
+# base path where the generated documentation will be put. 
+# If a relative path is entered, it will be relative to the location 
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY       = doc/doxygen
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 
+# 4096 sub-directories (in 2 levels) under the output directory of each output 
+# format and will distribute the generated files over these directories. 
+# Enabling this option can be useful when feeding doxygen a huge amount of source 
+# files, where putting all generated files in the same directory would otherwise 
+# cause performance problems for the file system.
+
+CREATE_SUBDIRS         = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all 
+# documentation generated by doxygen is written. Doxygen will use this 
+# information to generate all constant output in the proper language. 
+# The default language is English, other supported languages are: 
+# Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, 
+# Dutch, Finnish, French, German, Greek, Hungarian, Italian, Japanese, 
+# Japanese-en (Japanese with English messages), Korean, Korean-en, Norwegian, 
+# Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, 
+# Swedish, and Ukrainian.
+
+OUTPUT_LANGUAGE        = English
+
+# This tag can be used to specify the encoding used in the generated output. 
+# The encoding is not always determined by the language that is chosen, 
+# but also whether or not the output is meant for Windows or non-Windows users. 
+# In case there is a difference, setting the USE_WINDOWS_ENCODING tag to YES 
+# forces the Windows encoding (this is the default for the Windows binary), 
+# whereas setting the tag to NO uses a Unix-style encoding (the default for 
+# all platforms other than Windows).
+
+USE_WINDOWS_ENCODING   = NO
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will 
+# include brief member descriptions after the members that are listed in 
+# the file and class documentation (similar to JavaDoc). 
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC      = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend 
+# the brief description of a member or function before the detailed description. 
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the 
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF           = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator 
+# that is used to form the text in various listings. Each string 
+# in this list, if found as the leading text of the brief description, will be 
+# stripped from the text and the result after processing the whole list, is used 
+# as the annotated text. Otherwise, the brief description is used as-is. If left 
+# blank, the following values are used ("$name" is automatically replaced with the 
+# name of the entity): "The $name class" "The $name widget" "The $name file" 
+# "is" "provides" "specifies" "contains" "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF       = 
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then 
+# Doxygen will generate a detailed section even if there is only a brief 
+# description.
+
+ALWAYS_DETAILED_SEC    = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all inherited 
+# members of a class in the documentation of that class as if those members were 
+# ordinary class members. Constructors, destructors and assignment operators of 
+# the base classes will not be shown.
+
+INLINE_INHERITED_MEMB  = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full 
+# path before files name in the file list and in the header files. If set 
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES        = YES
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag 
+# can be used to strip a user-defined part of the path. Stripping is 
+# only done if one of the specified strings matches the left-hand part of 
+# the path. The tag can be used to show relative paths in the file list. 
+# If left blank the directory from which doxygen is run is used as the 
+# path to strip.
+
+STRIP_FROM_PATH        = src
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of 
+# the path mentioned in the documentation of a class, which tells 
+# the reader which header file to include in order to use a class. 
+# If left blank only the name of the header file containing the class 
+# definition is used. Otherwise one should specify the include paths that 
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH    = src/headers
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter 
+# (but less readable) file names. This can be useful is your file systems 
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES            = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen 
+# will interpret the first line (until the first dot) of a JavaDoc-style 
+# comment as the brief description. If set to NO, the JavaDoc 
+# comments will behave just like the Qt-style comments (thus requiring an 
+# explicit @brief command for a brief description.
+
+JAVADOC_AUTOBRIEF      = YES
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen 
+# treat a multi-line C++ special comment block (i.e. a block of //! or /// 
+# comments) as a brief description. This used to be the default behaviour. 
+# The new default is to treat a multi-line C++ comment block as a detailed 
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the DETAILS_AT_TOP tag is set to YES then Doxygen 
+# will output the detailed description near the top, like JavaDoc.
+# If set to NO, the detailed description appears after the member 
+# documentation.
+
+DETAILS_AT_TOP         = YES
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented 
+# member inherits the documentation from any documented member that it 
+# re-implements.
+
+INHERIT_DOCS           = YES
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC 
+# tag is set to YES, then doxygen will reuse the documentation of the first 
+# member in the group (if any) for the other members of the group. By default 
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC   = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab. 
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE               = 4
+
+# This tag can be used to specify a number of aliases that acts 
+# as commands in the documentation. An alias has the form "name=value". 
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to 
+# put the command \sideeffect (or @sideeffect) in the documentation, which 
+# will result in a user-defined paragraph with heading "Side Effects:". 
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES                = 
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources 
+# only. Doxygen will then generate output that is more tailored for C. 
+# For instance, some of the names that are used will be different. The list 
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C  = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java sources 
+# only. Doxygen will then generate output that is more tailored for Java. 
+# For instance, namespaces will be presented as packages, qualified scopes 
+# will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA   = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of 
+# the same type (for instance a group of public functions) to be put as a 
+# subgroup of that type (e.g. under the Public Functions section). Set it to 
+# NO to prevent subgrouping. Alternatively, this can be done per class using 
+# the \nosubgrouping command.
+
+SUBGROUPING            = YES
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in 
+# documentation are documented, even if no documentation was available. 
+# Private class members and static file members will be hidden unless 
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL            = YES
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class 
+# will be included in the documentation.
+
+EXTRACT_PRIVATE        = YES
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file 
+# will be included in the documentation.
+
+EXTRACT_STATIC         = YES
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) 
+# defined locally in source files will be included in the documentation. 
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES  = YES
+
+# This flag is only useful for Objective-C code. When set to YES local 
+# methods, which are defined in the implementation section but not in 
+# the interface are included in the documentation. 
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS  = YES
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all 
+# undocumented members of documented classes, files or namespaces. 
+# If set to NO (the default) these members will be included in the 
+# various overviews, but no documentation section is generated. 
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS     = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all 
+# undocumented classes that are normally visible in the class hierarchy. 
+# If set to NO (the default) these classes will be included in the various 
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES     = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all 
+# friend (class|struct|union) declarations. 
+# If set to NO (the default) these declarations will be included in the 
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS  = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any 
+# documentation blocks found inside the body of a function. 
+# If set to NO (the default) these blocks will be appended to the 
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS      = NO
+
+# The INTERNAL_DOCS tag determines if documentation 
+# that is typed after a \internal command is included. If the tag is set 
+# to NO (the default) then the documentation will be excluded. 
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS          = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate 
+# file names in lower-case letters. If set to YES upper-case letters are also 
+# allowed. This is useful if you have classes or files whose names only differ 
+# in case and if your file system supports case sensitive file names. Windows 
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES       = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen 
+# will show members with their full class and namespace scopes in the 
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES       = NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen 
+# will put a list of the files that are included by a file in the documentation 
+# of that file.
+
+SHOW_INCLUDE_FILES     = YES
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] 
+# is inserted in the documentation for inline members.
+
+INLINE_INFO            = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen 
+# will sort the (detailed) documentation of file and class members 
+# alphabetically by member name. If set to NO the members will appear in 
+# declaration order.
+
+SORT_MEMBER_DOCS       = YES
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the 
+# brief documentation of file, namespace and class members alphabetically 
+# by member name. If set to NO (the default) the members will appear in 
+# declaration order.
+
+SORT_BRIEF_DOCS        = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be 
+# sorted by fully-qualified names, including namespaces. If set to 
+# NO (the default), the class list will be sorted only by class name, 
+# not including the namespace part. 
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the 
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME     = YES
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or 
+# disable (NO) the todo list. This list is created by putting \todo 
+# commands in the documentation.
+
+GENERATE_TODOLIST      = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or 
+# disable (NO) the test list. This list is created by putting \test 
+# commands in the documentation.
+
+GENERATE_TESTLIST      = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or 
+# disable (NO) the bug list. This list is created by putting \bug 
+# commands in the documentation.
+
+GENERATE_BUGLIST       = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or 
+# disable (NO) the deprecated list. This list is created by putting 
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional 
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS       = 
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines 
+# the initial value of a variable or define consists of for it to appear in 
+# the documentation. If the initializer consists of more lines than specified 
+# here it will be hidden. Use a value of 0 to hide initializers completely. 
+# The appearance of the initializer of individual variables and defines in the 
+# documentation can be controlled using \showinitializer or \hideinitializer 
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES  = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated 
+# at the bottom of the documentation of classes and structs. If set to YES the 
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES        = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated 
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET                  = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are 
+# generated by doxygen. Possible values are YES and NO. If left blank 
+# NO is used.
+
+WARNINGS               = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings 
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will 
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED   = YES
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for 
+# potential errors in the documentation, such as not documenting some 
+# parameters in a documented function, or documenting parameters that 
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR      = YES
+
+# The WARN_FORMAT tag determines the format of the warning messages that 
+# doxygen can produce. The string should contain the $file, $line, and $text 
+# tags, which will be replaced by the file and line number from which the 
+# warning originated and the warning text.
+
+WARN_FORMAT            = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning 
+# and error messages should be written. If left blank the output is written 
+# to stderr.
+
+WARN_LOGFILE           = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain 
+# documented source files. You may enter file names like "myfile.cpp" or 
+# directories like "/usr/src/myproject". Separate the files or directories 
+# with spaces.
+
+INPUT                  = src
+
+# If the value of the INPUT tag contains directories, you can use the 
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
+# and *.h) to filter out the source-files in the directories. If left 
+# blank the following patterns are tested: 
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx *.hpp 
+# *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm
+
+FILE_PATTERNS          = 
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories 
+# should be searched for input files as well. Possible values are YES and NO. 
+# If left blank NO is used.
+
+RECURSIVE              = YES
+
+# The EXCLUDE tag can be used to specify files and/or directories that should 
+# excluded from the INPUT source files. This way you can easily exclude a 
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE                = 
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or directories 
+# that are symbolic links (a Unix filesystem feature) are excluded from the input.
+
+EXCLUDE_SYMLINKS       = NO
+
+# If the value of the INPUT tag contains directories, you can use the 
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude 
+# certain files from those directories.
+
+EXCLUDE_PATTERNS       = 
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or 
+# directories that contain example code fragments that are included (see 
+# the \include command).
+
+EXAMPLE_PATH           = 
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the 
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
+# and *.h) to filter out the source-files in the directories. If left 
+# blank all files are included.
+
+EXAMPLE_PATTERNS       = 
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be 
+# searched for input files to be used with the \include or \dontinclude 
+# commands irrespective of the value of the RECURSIVE tag. 
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE      = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or 
+# directories that contain image that are included in the documentation (see 
+# the \image command).
+
+IMAGE_PATH             = 
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should 
+# invoke to filter for each input file. Doxygen will invoke the filter program 
+# by executing (via popen()) the command <filter> <input-file>, where <filter> 
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an 
+# input file. Doxygen will then use the output that the filter program writes 
+# to standard output.  If FILTER_PATTERNS is specified, this tag will be 
+# ignored.
+
+INPUT_FILTER           = 
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern 
+# basis.  Doxygen will compare the file name with each pattern and apply the 
+# filter if there is a match.  The filters are a list of the form: 
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further 
+# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER 
+# is applied to all files.
+
+FILTER_PATTERNS        = 
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using 
+# INPUT_FILTER) will be used to filter the input files when producing source 
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES    = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will 
+# be generated. Documented entities will be cross-referenced with these sources. 
+# Note: To get rid of all source code in the generated output, make sure also 
+# VERBATIM_HEADERS is set to NO.
+
+SOURCE_BROWSER         = YES
+
+# Setting the INLINE_SOURCES tag to YES will include the body 
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES         = YES
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct 
+# doxygen to hide any special comment blocks from generated source code 
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS    = NO
+
+# If the REFERENCED_BY_RELATION tag is set to YES (the default) 
+# then for each documented function all documented 
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES (the default) 
+# then for each documented function all documented entities 
+# called/used by that function will be listed.
+
+REFERENCES_RELATION    = YES
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen 
+# will generate a verbatim copy of the header file for each class for 
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS       = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index 
+# of all compounds will be generated. Enable this if the project 
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX     = YES
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then 
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns 
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX    = 5
+
+# In case all classes in a project start with a common prefix, all 
+# classes will be put under the same header in the alphabetical index. 
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that 
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX          = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will 
+# generate HTML output.
+
+GENERATE_HTML          = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT            = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for 
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank 
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION    = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for 
+# each generated HTML page. If it is left blank doxygen will generate a 
+# standard header.
+
+HTML_HEADER            = doc/header.html
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for 
+# each generated HTML page. If it is left blank doxygen will generate a 
+# standard footer.
+
+HTML_FOOTER            = doc/footer.html
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading 
+# style sheet that is used by each HTML page. It can be used to 
+# fine-tune the look of the HTML output. If the tag is left blank doxygen 
+# will generate a default style sheet. Note that doxygen will try to copy 
+# the style sheet file to the HTML output directory, so don't put your own 
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET        = 
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, 
+# files or namespaces will be aligned in HTML using tables. If set to 
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS     = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files 
+# will be generated that can be used as input for tools like the 
+# Microsoft HTML help workshop to generate a compressed HTML help file (.chm) 
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP      = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can 
+# be used to specify the file name of the resulting .chm file. You 
+# can add a path in front of the file if the result should not be 
+# written to the html output directory.
+
+CHM_FILE               = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can 
+# be used to specify the location (absolute path including file name) of 
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run 
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION           = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag 
+# controls if a separate .chi index file is generated (YES) or that 
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI           = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag 
+# controls whether a binary table of contents is generated (YES) or a 
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC             = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members 
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND             = NO
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at 
+# top of each HTML page. The value NO (the default) enables the index and 
+# the value YES disables it.
+
+DISABLE_INDEX          = NO
+
+# This tag can be used to set the number of enum values (range [1..20]) 
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE   = 1
+
+# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
+# generated containing a tree-like index structure (just like the one that 
+# is generated for HTML Help). For this to work a browser that supports 
+# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, 
+# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are 
+# probably better off using the HTML help feature.
+
+GENERATE_TREEVIEW      = YES
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be 
+# used to set the initial width (in pixels) of the frame in which the tree 
+# is shown.
+
+TREEVIEW_WIDTH         = 250
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will 
+# generate Latex output.
+
+GENERATE_LATEX         = YES
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT           = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be 
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME         = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to 
+# generate index for LaTeX. If left blank `makeindex' will be used as the 
+# default command name.
+
+MAKEINDEX_CMD_NAME     = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact 
+# LaTeX documents. This may be useful for small projects and may help to 
+# save some trees in general.
+
+COMPACT_LATEX          = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used 
+# by the printer. Possible values are: a4, a4wide, letter, legal and 
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE             = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX 
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES         = 
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for 
+# the generated latex document. The header should contain everything until 
+# the first chapter. If it is left blank doxygen will generate a 
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER           = 
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated 
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will 
+# contain links (just like the HTML output) instead of page references 
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS         = YES
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of 
+# plain latex in the generated Makefile. Set this option to YES to get a 
+# higher quality PDF documentation.
+
+USE_PDFLATEX           = YES
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. 
+# command to the generated LaTeX files. This will instruct LaTeX to keep 
+# running if errors occur, instead of asking the user for help. 
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE        = NO
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not 
+# include the index chapters (such as File Index, Compound Index, etc.) 
+# in the output.
+
+LATEX_HIDE_INDICES     = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output 
+# The RTF output is optimized for Word 97 and may not look very pretty with 
+# other RTF readers or editors.
+
+GENERATE_RTF           = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT             = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact 
+# RTF documents. This may be useful for small projects and may help to 
+# save some trees in general.
+
+COMPACT_RTF            = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated 
+# will contain hyperlink fields. The RTF file will 
+# contain links (just like the HTML output) instead of page references. 
+# This makes the output suitable for online browsing using WORD or other 
+# programs which support those fields. 
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS         = YES
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's 
+# config file, i.e. a series of assignments. You only have to provide 
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE    = 
+
+# Set optional variables used in the generation of an rtf document. 
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE    = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will 
+# generate man pages
+
+GENERATE_MAN           = NO
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT             = man
+
+# The MAN_EXTENSION tag determines the extension that is added to 
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION          = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output, 
+# then it will generate one additional man file for each entity 
+# documented in the real man page(s). These additional files 
+# only source the real man page, but without them the man command 
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS              = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will 
+# generate an XML file that captures the structure of 
+# the code including all documentation.
+
+GENERATE_XML           = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT             = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_SCHEMA             = 
+
+# The XML_DTD tag can be used to specify an XML DTD, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_DTD                = 
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will 
+# dump the program listings (including syntax highlighting 
+# and cross-referencing information) to the XML output. Note that 
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING     = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will 
+# generate an AutoGen Definitions (see autogen.sf.net) file 
+# that captures the structure of the code including all 
+# documentation. Note that this feature is still experimental 
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF   = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will 
+# generate a Perl module file that captures the structure of 
+# the code including all documentation. Note that this 
+# feature is still experimental and incomplete at the 
+# moment.
+
+GENERATE_PERLMOD       = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate 
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able 
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX          = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be 
+# nicely formatted so it can be parsed by a human reader.  This is useful 
+# if you want to understand what is going on.  On the other hand, if this 
+# tag is set to NO the size of the Perl module output will be much smaller 
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY         = YES
+
+# The names of the make variables in the generated doxyrules.make file 
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. 
+# This is useful so different doxyrules.make files included by the same 
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX = 
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor   
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will 
+# evaluate all C-preprocessor directives found in the sources and include 
+# files.
+
+ENABLE_PREPROCESSING   = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro 
+# names in the source code. If set to NO (the default) only conditional 
+# compilation will be performed. Macro expansion can be done in a controlled 
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION        = NO
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES 
+# then the macro expansion is limited to the macros specified with the 
+# PREDEFINED and EXPAND_AS_PREDEFINED tags.
+
+EXPAND_ONLY_PREDEF     = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files 
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES        = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that 
+# contain include files that are not input files but should be processed by 
+# the preprocessor.
+
+INCLUDE_PATH           = src/headers
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard 
+# patterns (like *.h and *.hpp) to filter out the header-files in the 
+# directories. If left blank, the patterns specified with FILE_PATTERNS will 
+# be used.
+
+INCLUDE_FILE_PATTERNS  = 
+
+# The PREDEFINED tag can be used to specify one or more macro names that 
+# are defined before the preprocessor is started (similar to the -D option of 
+# gcc). The argument of the tag is a list of macros of the form: name 
+# or name=definition (no spaces). If the definition and the = are 
+# omitted =1 is assumed. To prevent a macro definition from being 
+# undefined via #undef or recursively expanded use the := operator 
+# instead of the = operator.
+
+PREDEFINED             = 
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then 
+# this tag can be used to specify a list of macro names that should be expanded. 
+# The macro definition that is found in the sources will be used. 
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED      = 
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then 
+# doxygen's preprocessor will remove all function-like macros that are alone 
+# on a line, have an all uppercase name, and do not end with a semicolon. Such 
+# function macros are typically used for boiler-plate code, and will confuse the 
+# parser if not removed.
+
+SKIP_FUNCTION_MACROS   = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references   
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles. 
+# Optionally an initial location of the external documentation 
+# can be added for each tagfile. The format of a tag file without 
+# this location is as follows: 
+#   TAGFILES = file1 file2 ... 
+# Adding location for the tag files is done as follows: 
+#   TAGFILES = file1=loc1 "file2 = loc2" ... 
+# where "loc1" and "loc2" can be relative or absolute paths or 
+# URLs. If a location is present for each tag, the installdox tool 
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen 
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES               = 
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create 
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE       = 
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed 
+# in the class index. If set to NO only the inherited external classes 
+# will be listed.
+
+ALLEXTERNALS           = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed 
+# in the modules index. If set to NO, only the current project's groups will 
+# be listed.
+
+EXTERNAL_GROUPS        = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script 
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH              = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool   
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will 
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base or 
+# super classes. Setting the tag to NO turns the diagrams off. Note that this 
+# option is superseded by the HAVE_DOT option below. This is only a fallback. It is 
+# recommended to install and use dot, since it yields more powerful graphs.
+
+CLASS_DIAGRAMS         = YES
+
+# If set to YES, the inheritance and collaboration graphs will hide 
+# inheritance and usage relations if the target is undocumented 
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS   = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is 
+# available from the path. This tool is part of Graphviz, a graph visualization 
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section 
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT               = YES
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for each documented class showing the direct and 
+# indirect inheritance relations. Setting this tag to YES will force the 
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH            = YES
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for each documented class showing the direct and 
+# indirect implementation dependencies (inheritance, containment, and 
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH    = YES
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and 
+# collaboration diagrams in a style similar to the OMG's Unified Modeling 
+# Language.
+
+UML_LOOK               = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the 
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS     = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT 
+# tags are set to YES then doxygen will generate a graph for each documented 
+# file showing the direct and indirect include dependencies of the file with 
+# other documented files.
+
+INCLUDE_GRAPH          = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and 
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each 
+# documented header file showing the documented files that directly or 
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH      = YES
+
+# If the CALL_GRAPH and HAVE_DOT tags are set to YES then doxygen will 
+# generate a call dependency graph for every global function or class method. 
+# Note that enabling this option will significantly increase the time of a run. 
+# So in most cases it will be better to enable call graphs for selected 
+# functions only using the \callgraph command.
+
+CALL_GRAPH             = YES
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen 
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY    = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images 
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT       = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be 
+# found. If left blank, it is assumed the dot tool can be found on the path.
+
+DOT_PATH               = 
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that 
+# contain dot files that are included in the documentation (see the 
+# \dotfile command).
+
+DOTFILE_DIRS           = 
+
+# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width 
+# (in pixels) of the graphs generated by dot. If a graph becomes larger than 
+# this value, doxygen will try to truncate the graph, so that it fits within 
+# the specified constraint. Beware that most browsers cannot cope with very 
+# large images.
+
+MAX_DOT_GRAPH_WIDTH    = 1024
+
+# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height 
+# (in pixels) of the graphs generated by dot. If a graph becomes larger than 
+# this value, doxygen will try to truncate the graph, so that it fits within 
+# the specified constraint. Beware that most browsers cannot cope with very 
+# large images.
+
+MAX_DOT_GRAPH_HEIGHT   = 1024
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the 
+# graphs generated by dot. A depth value of 3 means that only nodes reachable 
+# from the root by following a path via at most 3 edges will be shown. Nodes that 
+# lay further from the root node will be omitted. Note that setting this option to 
+# 1 or 2 may greatly reduce the computation time needed for large code bases. Also 
+# note that a graph may be further truncated if the graph's image dimensions are 
+# not sufficient to fit the graph (see MAX_DOT_GRAPH_WIDTH and MAX_DOT_GRAPH_HEIGHT). 
+# If 0 is used for the depth value (the default), the graph is not depth-constrained.
+
+MAX_DOT_GRAPH_DEPTH    = 0
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will 
+# generate a legend page explaining the meaning of the various boxes and 
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND        = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will 
+# remove the intermediate dot files that are used to generate 
+# the various graphs.
+
+DOT_CLEANUP            = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine   
+#---------------------------------------------------------------------------
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be 
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE           = NO

authors

@@ -1,55 +0,0 @@
-This is a list of people who have contributed [directly or indirectly] to the project
-[in no partcular order].  If you have helped and your name is not here email me at
[email protected].
-
-
-1) [email protected]
-
-   Gave help porting the lib to MSVC particularly pointed out various warnings and errors.
-
-2) Richard Heathfield
-
-   Gave a lot of help concerning valid C portable code.  
-
-3) Ajay K. Agrawal
-
-   Helped port the library to MSVC and spotted a few bugs and errors.
-
-4) Brian Gladman
-
-   Wrote the AES and Serpent code used.  Found a bug in the hash code for certain types of inputs.
-
-5) Svante Seleborg
-
-   Submitted the "ampi.c" code as well as many suggestions on improving the readability of the source code.
-
-6) Clay Culver
-
-   Submitted a fix for "rsa.c" which cleaned up some code.  Submited some other fixes too.  :-)
-   Clay has helped find bugs in various pieces of code including the registry functions, base64 routines 
-   and the make process.  He is also now the primary author of the libtomcrypt reference manual and has plan
-   at making a HTML version.
-
-7) Jason Klapste
-
-   Submitted fixes to the yarrow, hash, make process and test code as well as other subtle bug fixes.  The 
-yarrow code can now default to any cipher/hash that is left after you remove them from a build.
-
-8) Dobes Vandermeer <[email protected]>
-
-   Submitted HMAC code that worked flawlessly out of the box... good job!  Also submitted a MD4 routine.
-   Submitted some modified DES code that was merged into the code base [using the libtomcrypt API]
-
-9) Wayne Scott ([email protected])
-  
-   Submitted base64 that complies with the RFC standards.  Submitted some ideas to improve the RSA key generation
-   as well.
-   
-10) Sky Schulz ([email protected])
-
-   Has submitted a set of ideas to improve the library and make it more attractive for professional users.
-   
-11) Mike Frysinger 
-
-   Together with Clay came up with a more "unix friendly" makefile.  Mike Frysinger has been keeping copies of 
-   the library for the Gentoo linux distribution.

changes

@@ -1,3 +1,61 @@
+December 31st, 2004
+v1.00  
+       -- Added "r,s == 0" check to dsa_verify_hash()
+       -- Added "multi block" helpers for hash, hmac, pmac and omac routines so you can process multiple non-adjacent
+          blocks of data with one call (added demos/multi.c to make sure they work)
+          -- Note these are not documented but they do have doxygen comments inside them
+          -- Also I don't use them in other functions (like pkcs_5_2()) because I didn't have the time.  Job for the new LTC maintainer ;-)
+       -- Added tweaked Anubis test vectors and made it default (undefined ANUBIS_TWEAK to get original Anubis)
+       -- Merged in fix for mp_prime_random_ex() to deal with MSB and LSB "bugs"
+       -- Removed tim_exptmod() completely, updated several RSA functions (notably v15 and the decrypt/verify) so they 
+          don't require a prng now
+       -- This release brought to you by the fine tunes of Macy Gray.  We miss you.
+
+December 23rd, 2004
+v1.00rc1
+       -- Renamed "mycrypt_*" to "tomcrypt_*" to be more specific and professional
+          Now just include "tomcrypt.h" instead of "mycrypt.h" to get LTC ;-)
+       -- Cleaned up makefiles to ensure all headers are correctly installed
+       -- Added "rotate by constant" macros for portable, x86-32 and x86-64
+          You can disable this new code with LTC_NO_ROLC which is useful for older GCCs
+       -- Cleaned up detection of x86-64 so it works for ROL/ROR macros
+       -- Fixed rsa_import() so that it would detect multi-prime RSA keys and error appropriately
+       -- Sorted the source files by category and updated the makefiles appropriately
+       -- Added LTC_DER define so you can trim out DER code if not required
+       -- Fixed up RSA's decrypt functions changing "res" to "stat" to be more in sync
+          with the signature variables nomenclature. (no code change just renamed the arguments)
+       -- Removed all labels starting with __ and replaced with LBL_ to avoid namespace conflicts (Randy Howard)
+       -- Merged in LTM fix to mp_prime_random_ex() which zap'ed the most significant byte if the bit size
+          requested was a multiple of eight.
+       -- Made RSA_TIMING off by default as it's not terribly useful [and likely to be deprecated]
+       -- Renamed SMALL_CODE, CLEAN_STACK and NO_FILE to have a LTC_ prefix to avoid namespace collisions
+          with other programs.  e.g. SMALL_CODE => LTC_SMALL_CODE
+       -- Zed Shaw pointed out that on certain systems installing libs as "root" isn't possible as the super-user
+          is not root.  Now the makefiles allow this to be changed easily.
+       -- Renamed "struct _*_descriptor" to "struct ltc_*_descriptor" to avoid using a leading _
+          Also renamed _ARGCHK to LTC_ARGCHK
+       -- Zed Shaw pointed out that I still defined the prng structs in tomcrypt_prng.h even if they 
+          weren't defined.  This made undef'ing FORTUNA break the build.
+       -- Added LTC_NO_ASM to disable inline asm macros [ROL/ROR/etc]
+       -- Changed RSA decrypt functions to change the output length variable name from "keylen" to "outlen" to make 
+          it more consistent.
+       -- Added the 64-bit Khazad block cipher [NESSIE]
+       -- Added the 128-bit Anubis block cipher [with key support for 128...320 bit keys] [NESSIE]
+       -- Changes to several MAC functions to rename input arguments to more sensible names
+       -- Removed FAST_PK support from dh_sys.c
+       -- Declared deskey() from des.c as static instead of a global
+       -- Added pretty much all practical GCC warning tests to the GCC [related] makefiles.  These additional
+          warnings can easily be disabled for those with older copies of GCC [or even non GNU cc's]
+       -- Added doxygen @ tags to the code...  phew that was a hell of a lot of [repetitive] work
+       -- Also added pre-configured Doxygen script.
+       -- Cleaned up quite a few functions [ciphers, pk, etc] to make the parameters naming style consistent
+          E.g. ciphers keys are called "skey" consistently now.  The input to PK encryption is called "in", etc.
+          These changes require no code changes on the behalf of developers fortunately
+       -- Started a SAFER+ optimizer [does encrypt only] which shaves a good 30 or so cycles/byte on my AMD64
+          at an expense of huge code.  It's in notes/etc/saferp_optimizer.c
+       -- DSA sign/verify now uses DER encoded output/inputs and no LTC style headers.  
+       -- Matt Johnston found a missing semi-colon in mp_exptmod().  Fix has been merged in.  
+
 October 29th, 2004
 v0.99  -- Merged in the latest version of LTM which includes all of the recent bug fixes
        -- Deprecated LTMSSE and removed it (to be replaced with TFM later on)

crypt.tex

@@ -47,7 +47,7 @@
 \def\gap{\vspace{0.5ex}}
 \makeindex
 \begin{document}
-\title{LibTomCrypt \\ Version 0.99}
+\title{LibTomCrypt \\ Version 1.00}
 \author{Tom St Denis \\
 \\
 [email protected] \\
@@ -79,56 +79,22 @@ Canada
 \tableofcontents
 \chapter{Introduction}
 \section{What is the LibTomCrypt?}
-LibTomCrypt is a portable ANSI C cryptographic library that supports symmetric ciphers, one-way hashes, 
-pseudo-random number generators, public key cryptography (via RSA,DH or ECC/DH) and a plethora of support 
-routines.  It is designed to compile out of the box with the GNU C Compiler (GCC) version 2.95.3 (and higher) 
-and with MSVC version 6 in win32.
+LibTomCrypt is a portable ISO C cryptographic library that is meant to be a toolset for cryptographers who are 
+designing a cryptosystem.  It supports symmetric ciphers, one-way hashes, pseudo-random number generators, 
+public key cryptography (via PKCS \#1 RSA, DH or ECCDH) and a plethora of support 
+routines.  
 
-The library has been successfully tested on quite a few other platforms ranging from the ARM7TDMI in a 
-Gameboy Advanced to various PowerPC processors and even the MIPS processor in the PlayStation 2.  Suffice it
-to say the code is portable.
-
-The library is designed so new ciphers/hashes/PRNGs can be added at runtime and the existing API (and helper API functions) will 
-be able to use the new designs automatically.  There exist self-check functions for each cipher and hash to ensure that
-they compile and execute to the published design specifications.  The library also performs extensive parameter error checking
-and will give verbose error messages when possible.
-
-Essentially the library saves the time of having to implement the ciphers, hashes, prngs yourself.  Typically implementing
-useful cryptography is an error prone business which means anything that can save considerable time and effort is a good
-thing.
+The library was designed such that new ciphers/hashes/PRNGs can be added at runtime and the existing API 
+(and helper API functions) are able to use the new designs automatically.  There exists self-check functions for each 
+block cipher and hash function to ensure that they compile and execute to the published design specifications.  The library 
+also performs extensive parameter error checking to prevent any number of runtime exploits or errors.
 
 \subsection{What the library IS for?}
 
-The library typically serves as a basis for other protocols and message formats.  For example, it should be possible to 
-take the RSA routines out of this library, apply the appropriate message padding and get PKCS compliant RSA routines.  
-Similarly SSL protocols could be formed on top  of the low-level symmetric cipher functions.  The goal of this package is 
-to provide these low level core functions in a robust and easy to use fashion.
-
-The library also serves well as a toolkit for applications where they don't need to be OpenPGP, PKCS, etc. compliant.
-Included are fully operational public key routines for encryption, decryption, signature generation and verification.  
-These routines are fully portable but are not conformant to any known set of standards\footnote{With the exception of 
-the RSA code which is based on the PKCS \#1 standards.}.  They are all based on established
-number theory and cryptography.  
-
-\subsection{What the library IS NOT for?}
-
-The library is not designed to be in anyway an implementation of the SSL or OpenPGP standards.  The library 
-is not designed to be compliant with any known form of API or programming hierarchy.  It is not a port of any other 
-library and it is not platform specific (like the MS CSP).  So if you're looking to drop in some buzzword 
-compliant crypto library this is not for you.  The library has been written from scratch to provide basic functions as 
-well as non-standard higher level functions.  
-
-This is not to say that the library is a ``homebrew'' project.  All of the symmetric ciphers and one-way hash functions
-conform to published test vectors.  The public key functions are derived from publicly available material and the majority
-of the code has been reviewed by a growing community of developers.
-
-\subsubsection{Why not?}
-You may be asking why I didn't choose to go all out and support standards like P1363, PKCS and the whole lot.  The reason
-is quite simple too much money gets in the way.  When I tried to access the P1363 draft documents and was denied (it 
-requires a password) I realized that they're just a business anyways.  See what happens is a company will sit down and
-invent a ``standard''.  Then they try to sell it to as many people as they can.  All of a sudden this ``standard'' is 
-everywhere.  Then the standard is updated every so often to keep people dependent.  Then you become RSA.  If people are 
-supposed to support these standards they had better make them more accessible.
+The library serves as a toolkit for developers who have to solve cryptographic problems.  Out of the box LibTomCrypt
+does not process SSL or OpenPGP messages, it doesn't read x.591 certificates or write PEM encoded data.  It does, however,
+provide all of the tools required to build such functionality.  LibTomCrypt was designed to be a flexible library that 
+was not tied to any particular cryptographic problem.  
 
 \section{Why did I write it?}
 You may be wondering, ``Tom, why did you write a crypto library.  I already have one.''.  Well the reason falls into
@@ -143,24 +109,35 @@ The idea is that I am not striving to replace OpenSSL or Crypto++ or Cryptlib or
 
 With this library all core functions (ciphers, hashes, prngs) have the {\bf exact} same prototype definition.  They all load
 and store data in a format independent of the platform.  This means if you encrypt with Blowfish on a PPC it should decrypt
-on an x86 with zero problems.  The consistent API also means that if you learn how to use blowfish with my library you 
+on an x86 with zero problems.  The consistent API also means that if you learn how to use Blowfish with my library you 
 know how to use Safer+ or RC6 or Serpent or ... as well.  With all of the core functions there are central descriptor tables 
 that can be used to make a program automatically pick between ciphers, hashes and PRNGs at runtime.  That means your 
 application can support all ciphers/hashes/prngs without changing the source code.
 
+Not only did I strive to make a consistent and simple API to work with but I also strived to make the library
+configurable in terms of its build options.  Out of the box the library will build with any modern version of GCC
+without having to use configure scripts.  This means that the library will work with platforms where development
+tools may be limited (e.g. no autoconf).
+
+On top of making the build simple and the API approachable I've also strived for a reasonably high level of
+robustness and efficiency.  LibTomCrypt traps and returns a series of errors ranging from invalid
+arguments to buffer overflows/overruns.  It is mostly thread safe and has been clocked on various platforms
+with ``cycles per byte'' timings that are comparable (and often favourable) to other libraries such as OpenSSL and
+Crypto++.
+
 \subsection{Modular}
-The LibTomCrypt package has also been written to be very modular.  The block ciphers, one-way hashes and
-pseudo-random number generators (PRNG) are all used within the API through ``descriptor'' tables which 
+The LibTomCrypt package has also been written to be very modular.  The block ciphers, one--way hashes and
+pseudo--random number generators (PRNG) are all used within the API through ``descriptor'' tables which 
 are essentially structures with pointers to functions.  While you can still call particular functions
 directly (\textit{e.g. sha256\_process()}) this descriptor interface allows the developer to customize their
 usage of the library.
 
 For example, consider a hardware platform with a specialized RNG device.  Obviously one would like to tap
-that for the PRNG needs within the library (\textit{e.g. making a RSA key}).  All the developer has todo
+that for the PRNG needs within the library (\textit{e.g. making a RSA key}).  All the developer has to do
 is write a descriptor and the few support routines required for the device.  After that the rest of the 
-API can make use of it without change.  Similiarly imagine a few years down the road when AES2 (\textit{or whatever they call it}) is
-invented.  It can be added to the library and used within applications with zero modifications to the
-end applications provided they are written properly.
+API can make use of it without change.  Similiarly imagine a few years down the road when AES2 
+(\textit{or whatever they call it}) has been invented.  It can be added to the library and used within applications 
+with zero modifications to the end applications provided they are written properly.
 
 This flexibility within the library means it can be used with any combination of primitive algorithms and 
 unlike libraries like OpenSSL is not tied to direct routines.  For instance, in OpenSSL there are CBC block
@@ -170,7 +147,6 @@ are not directly tied to the ciphers.  That is a new cipher can be added to the
 the key setup, ECB decrypt and encrypt and test vector routines.  After that all five chaining mode routines
 can make use of the cipher right away.
 
-
 \section{License}
 
 All of the source code except for the following files have been written by the author or donated to the project
@@ -181,8 +157,8 @@ under a public domain license:
    \item safer.c
 \end{enumerate}
 
-`mpi.c'' was originally written by Michael Fromberger ([email protected]) but has since been replaced with my LibTomMath
-library.
+`mpi.c'' was originally written by Michael Fromberger ([email protected]) but has since been replaced with 
+my LibTomMath library which is public domain.
 
 ``rc2.c'' is based on publicly available code that is not attributed to a person from the given source.  ``safer.c''
 was written by Richard De Moliner ([email protected]) and seems to be free for use.
@@ -221,7 +197,6 @@ early on:
 There have been quite a few other people as well.  Please check the change log to see who else has contributed from
 time to time.
 
-
 \chapter{The Application Programming Interface (API)}
 \section{Introduction}
 \index{CRYPT\_ERROR} \index{CRYPT\_OK}
@@ -255,16 +230,16 @@ There is no initialization routine for the library and for the most part the cod
 related issue is if you use the same symmetric cipher, hash or public key state data in multiple threads.  Normally
 that is not an issue.
 
-To include the prototypes for ``LibTomCrypt.a'' into your own program simply include ``mycrypt.h'' like so:
+To include the prototypes for ``LibTomCrypt.a'' into your own program simply include ``tomcrypt.h'' like so:
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void) {
     return 0;
 }
 \end{verbatim}
 
-The header file ``mycrypt.h'' also includes ``stdio.h'', ``string.h'', ``stdlib.h'', ``time.h'', ``ctype.h'' and ``mpi.h''
-(the bignum library routines).
+The header file ``tomcrypt.h'' also includes ``stdio.h'', ``string.h'', ``stdlib.h'', ``time.h'', ``ctype.h'' and 
+``ltc\_tommath.h'' (the bignum library routines).
 
 \section{Macros}
 
@@ -290,12 +265,19 @@ There are a few helper macros to make the coding process a bit easier.  The firs
 \end{center}
 \end{small}
 
-There are 32-bit cyclic rotations as well:
+There are 32 and 64-bit cyclic rotations as well:
 \index{ROL} \index{ROR}
 \begin{center}
 \begin{tabular}{|c|c|c|}
-     \hline ROL(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x << y$ \\
-     \hline ROR(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x >> y$ \\
+     \hline ROL(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x << y, 0 \le y \le 31$ \\
+     \hline ROLc(x, y) & {\bf unsigned long} x, {\bf const unsigned long} y & $x << y, 0 \le y \le 31$ \\
+     \hline ROR(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x >> y, 0 \le y \le 31$ \\
+     \hline RORc(x, y) & {\bf unsigned long} x, {\bf const unsigned long} y & $x >> y, 0 \le y \le 31$ \\
+     \hline && \\
+     \hline ROL64(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x << y, 0 \le y \le 63$ \\
+     \hline ROL64c(x, y) & {\bf unsigned long} x, {\bf const unsigned long} y & $x << y, 0 \le y \le 63$ \\
+     \hline ROR64(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x >> y, 0 \le y \le 63$ \\
+     \hline ROR64c(x, y) & {\bf unsigned long} x, {\bf const unsigned long} y & $x >> y, 0 \le y \le 63$ \\
      \hline
 \end{tabular}
 \end{center}
@@ -306,7 +288,7 @@ must pass it the length of the buffer\footnote{Extensive error checking is not i
 the output will be stored.  For example:
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void) {
     rsa_key key;
     unsigned char buffer[1024];
@@ -331,13 +313,17 @@ int main(void) {
 }
 \end{verbatim}
 \end{small}
-In the above example if the size of the RSA public key was more than 1024 bytes this function would not store anything in
-either ``buffer'' or ``x'' and simply return an error code.  If the function suceeds it stores the length of the output
-back into ``x'' so that the calling application will know how many bytes used.
+In the above example if the size of the RSA public key was more than 1024 bytes this function would return an error code
+indicating a buffer overflow would have occurred.  If the function succeeds it stores the length of the output
+back into ``x'' so that the calling application will know how many bytes were used.
 
 \section{Functions that need a PRNG}
-Certain functions such as ``rsa\_make\_key()'' require a PRNG.  These functions do not setup the PRNG themselves so it is 
-the responsibility of the calling function to initialize the PRNG before calling them.
+\index{Pseudo Random Number Generator} \index{PRNG}
+Certain functions such as ``rsa\_make\_key()'' require a Pseudo Random Number Generator (PRNG).  These functions do not setup 
+the PRNG themselves so it is the responsibility of the calling function to initialize the PRNG before calling them.
+
+Certain PRNG algorithms do not require a ``prng\_state'' argument (sprng for example).  The ``prng\_state'' argument
+may be passed as \textbf{NULL} in such situations.
 
 \section{Functions that use Arrays of Octets}
 Most functions require inputs that are arrays of the data type ``unsigned char''.  Whether it is a symmetric key, IV
@@ -352,14 +338,15 @@ type ``byte'' will be synonymous with an array of type ``unsigned char''.
 \chapter{Symmetric Block Ciphers}
 \section{Core Functions}
 
-Libtomcrypt provides several block ciphers all in a plain vanilla ECB block mode.  Its important to first note that you 
+LibTomCrypt provides several block ciphers with an ECB block mode interface.  It's important to first note that you 
 should never use the ECB modes directly to encrypt data.  Instead you should use the ECB functions to make a chaining mode
 or use one of the provided chaining modes.  All of the ciphers are written as ECB interfaces since it allows the rest of
 the API to grow in a modular fashion.
 
 All ciphers store their scheduled keys in a single data type called ``symmetric\_key''.  This allows all ciphers to 
-have the same prototype and store their keys as  naturally as possible.  All ciphers provide five visible functions which
-are (given that XXX is the name of the cipher):
+have the same prototype and store their keys as naturally as possible.  This also removes the need for dynamic memory
+allocation and allows you to allocate a fixed sized buffer for storing scheduled keys.  All ciphers provide five visible 
+functions which are (given that XXX is the name of the cipher):
 \index{Cipher Setup}
 \begin{verbatim}
 int XXX_setup(const unsigned char *key, int keylen, int rounds,
@@ -369,12 +356,12 @@ int XXX_setup(const unsigned char *key, int keylen, int rounds,
 The XXX\_setup() routine will setup the cipher to be used with a given number of rounds and a given key length (in bytes).
 The number of rounds can be set to zero to use the default, which is generally a good idea.
 
-If the function returns successfully the variable ``skey'' will have a scheduled key stored in it.  Its important to note
-that you should only used this scheduled key with the intended cipher.  For example, if you call 
-``blowfish\_setup()'' do not pass the scheduled key onto ``rc5\_ecb\_encrypt()''.  All setup functions do not allocate 
-memory off the heap so when you are done with a key you can simply discard it (e.g. they can be on the stack).
+If the function returns successfully the variable ``skey'' will have a scheduled key stored in it.  It's important to note
+that you should only used this scheduled key with the intended cipher.  For example, if you call ``blowfish\_setup()'' do not 
+pass the scheduled key onto ``rc5\_ecb\_encrypt()''.  All setup functions do not allocate memory off the heap so when you are 
+done with a key you can simply discard it (e.g. they can be on the stack).
 
-To encrypt or decrypt a block in ECB mode there are these two functions:
+To encrypt or decrypt a block in ECB mode there are these two function classes
 \index{Cipher Encrypt} \index{Cipher Decrypt}
 \begin{verbatim}
 void XXX_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
@@ -385,8 +372,11 @@ void XXX_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
 \end{verbatim}
 These two functions will encrypt or decrypt (respectively) a single block of text\footnote{The size of which depends on
 which cipher you are using.} and store the result where you want it.  It is possible that the input and output buffer are 
-the same buffer.  For the encrypt function ``pt''\footnote{pt stands for plaintext.} is the input and ``ct'' is the output.
-For the decryption function its the opposite.  To test a particular cipher against test vectors\footnote{As published in their design papers.} call: \index{Cipher Testing}
+the same buffer.  For the encrypt function ``pt''\footnote{pt stands for plaintext.} is the input and 
+``ct''\footnote{ct stands for ciphertext.} is the output.  For the decryption function it's the opposite.  To test a particular 
+cipher against test vectors\footnote{As published in their design papers.} call the self-test function
+ 
+\index{Cipher Testing}
 \begin{verbatim}
 int XXX_test(void);
 \end{verbatim}
@@ -399,7 +389,7 @@ Essentially it will round the input keysize in ``keysize'' down to the next appr
 return {\bf CRYPT\_OK} if the key size specified is acceptable.  For example:
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    int keysize, err;
@@ -415,12 +405,14 @@ int main(void)
 }
 \end{verbatim}
 \end{small}
-This should indicate a keysize of sixteen bytes is suggested.  An example snippet that encodes a block with 
-Blowfish in ECB mode is below.
+This should indicate a keysize of sixteen bytes is suggested.  
+
+\subsection{Simple Encryption Demonstration}
+An example snippet that encodes a block with Blowfish in ECB mode is below.
 
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 { 
    unsigned char pt[8], ct[8], key[8];
@@ -444,12 +436,15 @@ int main(void)
    blowfish_ecb_encrypt(pt,             /* encrypt this 8-byte array */
                         ct,             /* store encrypted data here */ 
                         &skey);         /* our previously scheduled key */
+                        
+   /* now ct holds the encrypted version of pt */                        
 
    /* decrypt the block */
    blowfish_ecb_decrypt(ct,             /* decrypt this 8-byte array */
                         pt,             /* store decrypted data here */
                         &skey);         /* our previously scheduled key */
 
+   /* now we have decrypted ct to the original plaintext in pt */                        
    return 0;
 }
 \end{verbatim}
@@ -459,7 +454,7 @@ int main(void)
 \index{Symmetric Keys}
 As a general rule of thumb do not use symmetric keys under 80 bits if you can.  Only a few of the ciphers support smaller
 keys (mainly for test vectors anyways).  Ideally your application should be making at least 256 bit keys.  This is not
-because you're supposed to be paranoid.  Its because if your PRNG has a bias of any sort the more bits the better.  For
+because you're supposed to be paranoid.  It's because if your PRNG has a bias of any sort the more bits the better.  For
 example, if you have $\mbox{Pr}\left[X = 1\right] = {1 \over 2} \pm \gamma$ where $\vert \gamma \vert > 0$ then the
 total amount of entropy in N bits is $N \cdot -log_2\left ({1 \over 2} + \vert \gamma \vert \right)$.  So if $\gamma$
 were $0.25$ (a severe bias) a 256-bit string would have about 106 bits of entropy whereas a 128-bit string would have
@@ -467,7 +462,8 @@ only 53 bits of entropy.
 
 The number of rounds of most ciphers is not an option you can change.  Only RC5 allows you to change the number of
 rounds.  By passing zero as the number of rounds all ciphers will use their default number of rounds.  Generally the
-ciphers are configured such that the default number of rounds provide adequate security for the given block size.
+ciphers are configured such that the default number of rounds provide adequate security for the given block and key 
+size.
 
 \section{The Cipher Descriptors}
 \index{Cipher Descriptor}
@@ -477,21 +473,25 @@ of this array has the following format:
 \begin{verbatim}
 struct _cipher_descriptor {
    char *name;
-   unsigned long min_key_length, max_key_length, 
-                 block_length, default_rounds;
-   int  (*setup)      (const unsigned char *key, int keylength, 
-                       int num_rounds, symmetric_key *skey);
+   unsigned char ID;
+   int  min_key_length, 
+        max_key_length, 
+        block_length, 
+        default_rounds;
+   int  (*setup)(const unsigned char *key, int keylen, int num_rounds, 
+                 symmetric_key *skey);
    void (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, 
-                       symmetric_key *key);
-   void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt,
-                       symmetric_key *key);
-   int  (*test)       (void);
-   int  (*keysize)    (int *desired_keysize);
+                 symmetric_key *skey);
+   void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, 
+                 symmetric_key *skey);
+   int (*test)(void);
+   int  (*keysize)(int *keysize);
 };
 \end{verbatim}
 
-Where ``name'' is the lower case ASCII version of the name.  The fields ``min\_key\_length'', ``max\_key\_length'' and
-``block\_length'' are all the number of bytes not bits.  As a good rule of thumb it is assumed that the cipher supports
+Where ``name'' is the lower case ASCII version of the name.  The fields ``min\_key\_length'' and ``max\_key\_length'' 
+are the minimum and maximum key sizes in bytes.  The ``block\_length'' member is the block size of the cipher
+in bytes.  As a good rule of thumb it is assumed that the cipher supports
 the min and max key lengths but not always everything in between.  The ``default\_rounds'' field is the default number
 of rounds that will be used.
 
@@ -511,10 +511,6 @@ As of this release the current cipher\_descriptors elements are
      \hline RC5-32/12/b & rc5\_desc & 8 & 8 $\ldots$ 128 & 12 $\ldots$ 24 \\
      \hline RC6-32/20/b & rc6\_desc & 16 & 8 $\ldots$ 128 & 20 \\
      \hline SAFER+ & saferp\_desc &16 & 16, 24, 32 & 8, 12, 16 \\
-     \hline Safer K64   & safer\_k64\_desc & 8 & 8 & 6 $\ldots$ 13 \\
-     \hline Safer SK64  & safer\_sk64\_desc & 8 & 8 & 6 $\ldots$ 13 \\
-     \hline Safer K128  & safer\_k128\_desc & 8 & 16 & 6 $\ldots$ 13 \\
-     \hline Safer SK128 & safer\_sk128\_desc & 8 & 16 & 6 $\ldots$ 13 \\
      \hline AES & aes\_desc & 16 & 16, 24, 32 & 10, 12, 14 \\
                 & aes\_enc\_desc & 16 & 16, 24, 32 & 10, 12, 14 \\
      \hline Twofish & twofish\_desc & 16 & 16, 24, 32 & 16 \\
@@ -523,6 +519,8 @@ As of this release the current cipher\_descriptors elements are
      \hline CAST5 (CAST-128) & cast5\_desc & 8 & 5 $\ldots$ 16 & 12, 16 \\
      \hline Noekeon & noekeon\_desc & 16 & 16 & 16 \\
      \hline Skipjack & skipjack\_desc & 8 & 10 & 32 \\
+     \hline Anubis & anubis\_desc & 16 & 16 $\ldots$ 40 & 12 $\ldots$ 18 \\
+     \hline Khazad & khazad\_desc & 8 & 16 & 8 \\
      \hline
 \end{tabular}
 \end{center}
@@ -544,11 +542,6 @@ The ``encrypt only'' descriptors are useful for applications that only use the e
 as EAX, PMAC and OMAC only require the encryption function.  So far this ``encrypt only'' functionality has only been implemented for
 Rijndael as it makes the most sense for this cipher.
 
-\item
-For the 64-bit SAFER famliy of ciphers (e.g K64, SK64, K128, SK128) the ecb\_encrypt() and ecb\_decrypt()
-functions are the same.  So if you want to use those functions directly just call safer\_ecb\_encrypt()
-or safer\_ecb\_decrypt() respectively.
-
 \item
 Note that for ``DES'' and ``3DES'' they use 8 and 24 byte keys but only 7 and 21 [respectively] bytes of the keys are in
 fact used for the purposes of encryption.  My suggestion is just to use random 8/24 byte keys instead of trying to make a 8/24
@@ -590,7 +583,7 @@ Which will search for a given name in the array.  It returns negative one if the
 the location in the array where the cipher was found.  For example, to indirectly setup Blowfish you can also use:
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    unsigned char key[8];
@@ -631,7 +624,7 @@ int unregister_cipher(const struct _cipher_descriptor *cipher);
 Which returns {\bf CRYPT\_OK} if it removes it otherwise it returns {\bf CRYPT\_ERROR}.  Consider:
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    int err;
@@ -794,7 +787,7 @@ The XXX\_setiv functions are handy if you wish to change the IV without re--keyi
 \newpage
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    unsigned char key[16], IV[16], buffer[512];
@@ -944,7 +937,7 @@ int eax_test(void);
 This requires that the AES (or Rijndael) block cipher be registered with the cipher\_descriptor table first.
 
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    int           err;
@@ -1132,7 +1125,7 @@ void XXX_init(hash_state *md);
 This simply sets up the hash to the default state governed by the specifications of the hash.  To add data to the 
 message being hashed call:
 \begin{verbatim}
-int XXX_process(hash_state *md, const unsigned char *in, unsigned long len);
+int XXX_process(hash_state *md, const unsigned char *in, unsigned long inlen);
 \end{verbatim}
 
 Essentially all hash messages are virtually infinitely\footnote{Most hashes are limited to $2^{64}$ bits or 2,305,843,009,213,693,952 bytes.} long message which 
@@ -1167,7 +1160,7 @@ This will return {\bf CRYPTO\_OK} if the hash matches the test vectors, otherwis
 example snippet that hashes a message with md5 is given below.
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
     hash_state md;
@@ -1195,9 +1188,10 @@ struct _hash_descriptor {
     char *name;
     unsigned long hashsize;    /* digest output size in bytes  */
     unsigned long blocksize;   /* the block size the hash uses */
-    void (*init)   (hash_state *);
-    int  (*process)(hash_state *, const unsigned char *, unsigned long);
-    int  (*done)   (hash_state *, unsigned char *);
+    void (*init)   (hash_state *hash);
+    int  (*process)(hash_state *hash, 
+                    const unsigned char *in, unsigned long inlen);
+    int  (*done)   (hash_state *hash, unsigned char *out);
     int  (*test)   (void);
 };
 \end{verbatim}
@@ -1210,7 +1204,7 @@ position in the descriptor table of the hash.
 You can use the table to indirectly call a hash function that is chosen at runtime.  For example:
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    unsigned char buffer[100], hash[MAXBLOCKSIZE];
@@ -1258,29 +1252,27 @@ length.  This provides a simple size you can set your automatic arrays to that w
 There are three helper functions as well:
 \index{hash\_memory()} \index{hash\_file()}
 \begin{verbatim}
-int hash_memory(int hash, const unsigned char *data, 
-                unsigned long len, unsigned char *dst,
-                unsigned long *outlen);
+int hash_memory(int hash, 
+                const unsigned char *in,   unsigned long inlen, 
+                      unsigned char *out,  unsigned long *outlen);
 
 int hash_file(int hash, const char *fname, 
-              unsigned char *dst,
-              unsigned long *outlen);
+              unsigned char *out, unsigned long *outlen);
 
 int hash_filehandle(int hash, FILE *in, 
-                    unsigned char *dst, unsigned long *outlen);
+                    unsigned char *out, unsigned long *outlen);
 \end{verbatim}
 
 The ``hash'' parameter is the location in the descriptor table of the hash (\textit{e.g. the return of find\_hash()}).  
-The ``*outlen'' variable is used to keep track of the output size.  You
-must set it to the size of your output buffer before calling the functions.  When they complete succesfully they store
-the length of the message digest back in it.  The functions are otherwise straightforward.  The ``hash\_filehandle'' 
-function assumes that ``in'' is an file handle opened in binary mode.  It will hash to the end of file and not reset
-the file position when finished.
+The ``*outlen'' variable is used to keep track of the output size.  You must set it to the size of your output buffer before 
+calling the functions.  When they complete succesfully they store the length of the message digest back in it.  The functions 
+are otherwise straightforward.  The ``hash\_filehandle'' function assumes that ``in'' is an file handle opened in binary mode.  
+It will hash to the end of file and not reset the file position when finished.
 
 To perform the above hash with md5 the following code could be used:
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    int idx, err;
@@ -1364,7 +1356,7 @@ be bound to the CHC hash at a time.  There are additional requirements for the s
 Example of using CHC with the AES block cipher.
 
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    int err; 
@@ -1417,18 +1409,18 @@ to use to authenticate the message.  ``key'' is the pointer to the array of char
 length (in octets) of the key you want to use to authenticate the message.  To send octets of a message through the HMAC system you must use the following function:
 \index{hmac\_process()}
 \begin{verbatim}
-int hmac_process(hmac_state *hmac, const unsigned char *buf,
-                  unsigned long len);
+int hmac_process(hmac_state *hmac, 
+                 const unsigned char *in, unsigned long inlen);
 \end{verbatim}
 ``hmac'' is the HMAC state you are working with. ``buf'' is the array of octets to send into the HMAC process.  ``len'' is the
 number of octets to process.  Like the hash process routines you can send the data in arbitrarly sized chunks. When you 
 are finished with the HMAC process you must call the following function to get the HMAC code:
 \index{hmac\_done()}
 \begin{verbatim}
-int hmac_done(hmac_state *hmac, unsigned char *hashOut,
-              unsigned long *outlen);
+int hmac_done(hmac_state *hmac, 
+              unsigned char *out, unsigned long *outlen);
 \end{verbatim}
-``hmac'' is the HMAC state you are working with.  ``hashOut'' is the array of octets where the HMAC code should be stored.  You must
+``hmac'' is the HMAC state you are working with.  ``out'' is the array of octets where the HMAC code should be stored.  You must
 set ``outlen'' to the size of the destination buffer before calling this function.  It is updated with the length of the HMAC code
 produced (depending on which hash was picked).  If ``outlen'' is less than the size of the message digest (and ultimately
 the HMAC code) then the HMAC code is truncated as per FIPS-198 specifications (e.g. take the first ``outlen'' bytes).
@@ -1439,22 +1431,23 @@ calling the three step process yourself.
 
 \index{hmac\_memory()}
 \begin{verbatim}
-int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
-                const unsigned char *data, unsigned long len, 
-                unsigned char *dst, unsigned long *dstlen);
+int hmac_memory(int hash, 
+                const unsigned char *key, unsigned long  keylen,
+                const unsigned char *in,  unsigned long  inlen, 
+                      unsigned char *out, unsigned long *outlen);
 \end{verbatim}
-This will produce an HMAC code for the array of octets in ``data'' of length ``len''.  The index into the hash descriptor 
+This will produce an HMAC code for the array of octets in ``in'' of length ``inlen''.  The index into the hash descriptor 
 table must be provided in ``hash''.  It uses the key from ``key'' with a key length of ``keylen''.  
-The result is stored in the array of octets ``dst'' and the length in ``dstlen''.  The value of ``dstlen'' must be set
+The result is stored in the array of octets ``out'' and the length in ``outlen''.  The value of ``outlen'' must be set
 to the size of the destination buffer before calling this function.  Similarly for files there is the  following function:
 \index{hmac\_file()}
 \begin{verbatim}
-int hmac_file(int hash, const char *fname, const unsigned char *key,
-              unsigned long keylen, 
-              unsigned char *dst, unsigned long *dstlen);
+int hmac_file(int hash, const char *fname, 
+              const unsigned char *key, unsigned long  keylen, 
+                    unsigned char *out, unsigned long *outlen);
 \end{verbatim}
 ``hash'' is the index into the hash descriptor table of the hash you want to use.  ``fname'' is the filename to process.  
-``key'' is the array of octets to use as the key of length ``keylen''.  ``dst'' is the array of octets where the 
+``key'' is the array of octets to use as the key of length ``keylen''.  ``out'' is the array of octets where the 
 result should be stored.
 
 To test if the HMAC code is working there is the following function:
@@ -1467,7 +1460,7 @@ HMAC system is given below.
 
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    int idx, err;
@@ -1531,9 +1524,9 @@ To send data through the algorithm call
 \index{omac\_process()}
 \begin{verbatim}
 int omac_process(omac_state *state, 
-                 const unsigned char *buf, unsigned long len);
+                 const unsigned char *in, unsigned long inlen);
 \end{verbatim}
-This will send ``len'' bytes from ``buf'' through the active OMAC state ``state''.  Returns \textbf{CRYPT\_OK} if the 
+This will send ``inlen'' bytes from ``in'' through the active OMAC state ``state''.  Returns \textbf{CRYPT\_OK} if the 
 function succeeds.  The function is not sensitive to the granularity of the data.  For example,
 
 \begin{verbatim}
@@ -1567,10 +1560,10 @@ following function.
 \begin{verbatim}
 int omac_memory(int cipher, 
                 const unsigned char *key, unsigned long keylen,
-                const unsigned char *msg, unsigned long msglen,
-                unsigned char *out, unsigned long *outlen);
+                const unsigned char *in,  unsigned long inlen,
+                      unsigned char *out, unsigned long *outlen);
 \end{verbatim}
-This will compute the OMAC of ``msglen'' bytes of ``msg'' using the key ``key'' of length ``keylen'' bytes and the cipher
+This will compute the OMAC of ``inlen'' bytes of ``in'' using the key ``key'' of length ``keylen'' bytes and the cipher
 specified by the ``cipher'''th entry in the cipher\_descriptor table.  It will store the MAC in ``out'' with the same
 rules as omac\_done.
 
@@ -1580,7 +1573,7 @@ To OMAC a file use
 int omac_file(int cipher, 
               const unsigned char *key, unsigned long keylen,
               const char *filename, 
-              unsigned char *out, unsigned long *outlen);
+                    unsigned char *out, unsigned long *outlen);
 \end{verbatim}
 
 Which will OMAC the entire contents of the file specified by ``filename'' using the key ``key'' of length ``keylen'' bytes
@@ -1597,7 +1590,7 @@ OMAC system is given below.
 
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    int idx, err;
@@ -1662,9 +1655,9 @@ To MAC data simply send it through the process function.
 \index{pmac\_process()}
 \begin{verbatim}
 int pmac_process(pmac_state *state, 
-                 const unsigned char *buf, unsigned long len);
+                 const unsigned char *in, unsigned long inlen);
 \end{verbatim}
-This will process ``len'' bytes of ``buf'' in the given ``state''.  The function is not sensitive to the granularity of the
+This will process ``inlen'' bytes of ``in'' in the given ``state''.  The function is not sensitive to the granularity of the
 data.  For example,
 
 \begin{verbatim}
@@ -1694,9 +1687,9 @@ following function.
 \index{pmac\_memory()}
 \begin{verbatim}
 int pmac_memory(int cipher, 
-                const unsigned char *key, unsigned long keylen,
-                const unsigned char *msg, unsigned long msglen,
-                unsigned char *out, unsigned long *outlen);
+                const unsigned char *key, unsigned long  keylen,
+                const unsigned char *in,  unsigned long  inlen,
+                      unsigned char *out, unsigned long *outlen);
 \end{verbatim}
 This will compute the PMAC of ``msglen'' bytes of ``msg'' using the key ``key'' of length ``keylen'' bytes and the cipher
 specified by the ``cipher'''th entry in the cipher\_descriptor table.  It will store the MAC in ``out'' with the same
@@ -1722,9 +1715,6 @@ int pmac_test(void);
 Which returns {\bf CRYPT\_OK} if the code passes otherwise it returns an error code.
 
 
-
-
-
 \chapter{Pseudo-Random Number Generators}
 \section{Core Functions}
 The library provides an array of core functions for Pseudo-Random Number Generators (PRNGs) as well.  A cryptographic PRNG is
@@ -1735,12 +1725,11 @@ key generation.  There is a universal structure called ``prng\_state''.  To init
 int XXX_start(prng_state *prng);
 \end{verbatim}
 
-This will setup the PRNG for future use and not seed it.  In order 
-for the PRNG to be cryptographically useful you must give it entropy.  Ideally you'd have some OS level source to tap 
-like in UNIX (see section 5.3).  To add entropy to the PRNG call:
+This will setup the PRNG for future use and not seed it.  In order for the PRNG to be cryptographically useful you must give it 
+entropy.  Ideally you'd have some OS level source to tap like in UNIX.  To add entropy to the PRNG call:
 \index{PRNG add\_entropy}
 \begin{verbatim}
-int XXX_add_entropy(const unsigned char *in, unsigned long len, 
+int XXX_add_entropy(const unsigned char *in, unsigned long inlen, 
                     prng_state *prng);
 \end{verbatim}
 
@@ -1754,7 +1743,7 @@ int XXX_ready(prng_state *prng);
 Which returns {\bf CRYPTO\_OK} if it is ready.  Finally to actually read bytes call:
 \index{PRNG read}
 \begin{verbatim}
-unsigned long XXX_read(unsigned char *out, unsigned long len,
+unsigned long XXX_read(unsigned char *out, unsigned long outlen,
                        prng_state *prng);
 \end{verbatim}
 
@@ -1831,7 +1820,7 @@ Below is a simple snippet to read 10 bytes from yarrow.  Its important to note t
 {\bf NOT} secure since the entropy added is not random.
 
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    prng_state prng;
@@ -1961,7 +1950,7 @@ simulations which need a high quality (and fast) stream of bytes.
 \subsubsection{Example Usage}
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    prng_state prng;
@@ -2029,7 +2018,7 @@ platform where the RNG doesn't work well.  Example usage of this function is giv
 
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    ecc_key mykey;
@@ -2066,7 +2055,7 @@ the previous example using this PRNG.
 
 \begin{small}
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    ecc_key mykey;
@@ -2088,6 +2077,8 @@ int main(void)
 \end{verbatim}
 \end{small}
 
+
+
 \chapter{RSA Public Key Cryptography}
 
 \section{Introduction}
@@ -2307,8 +2298,8 @@ To do raw work with the RSA function call:
 \index{rsa\_exptmod()}
 \begin{verbatim}
 int rsa_exptmod(const unsigned char *in,   unsigned long inlen,
-                      unsigned char *out,  unsigned long *outlen, int which,
-                      prng_state    *prng, int           prng_idx,
+                      unsigned char *out,  unsigned long *outlen, 
+                      int which, prng_state *prng, int prng_idx,
                       rsa_key *key);
 \end{verbatim}
 This loads the bignum from ``in'' as a big endian word in the format PKCS specifies, raises it to either ``e'' or ``d'' and stores the result
@@ -2324,26 +2315,26 @@ To facilitate encrypting short keys the following functions have been provided.
 
 \index{rsa\_encrypt\_key()}
 \begin{verbatim}
-int rsa_encrypt_key(const unsigned char *inkey,  unsigned long inlen,
-                          unsigned char *outkey, unsigned long *outlen,
+int rsa_encrypt_key(const unsigned char *in,  unsigned long inlen,
+                          unsigned char *out, unsigned long *outlen,
                     const unsigned char *lparam, unsigned long lparamlen,
                     prng_state *prng, int prng_idx, int hash_idx, rsa_key *key);
 \end{verbatim}
-This function will OAEP pad ``inkey'' of length inlen bytes then RSA encrypt it and store the ciphertext
-in ``outkey'' of length ``outlen''.  The ``lparam'' and ``lparamlen'' are the same parameters you would pass
+This function will OAEP pad ``in'' of length inlen bytes then RSA encrypt it and store the ciphertext
+in ``out'' of length ``outlen''.  The ``lparam'' and ``lparamlen'' are the same parameters you would pass
 to pkcs\_1\_oaep\_encode().
 
 \index{rsa\_decrypt\_key()}
 \begin{verbatim}
-int rsa_decrypt_key(const unsigned char *in,     unsigned long inlen,
-                          unsigned char *outkey, unsigned long *keylen, 
+int rsa_decrypt_key(const unsigned char *in,  unsigned long inlen,
+                          unsigned char *out, unsigned long *outlen, 
                     const unsigned char *lparam, unsigned long lparamlen,
                           prng_state    *prng,   int           prng_idx,
                           int            hash_idx, int *res,
                           rsa_key       *key);
 \end{verbatim}
 This function will RSA decrypt ``in'' of length ``inlen'' then OAEP depad the resulting data and store it in
-``outkey'' of length ``outlen''.  The ``lparam'' and ``lparamlen'' are the same parameters you would pass
+``out'' of length ``outlen''.  The ``lparam'' and ``lparamlen'' are the same parameters you would pass
 to pkcs\_1\_oaep\_decode().
 
 If the RSA decrypted data isn't a valid OAEP packet then ``res'' is set to $0$.  Otherwise, it is set to $1$.
@@ -2354,15 +2345,15 @@ process the following functions have been provided.
 
 \index{rsa\_sign\_hash()}
 \begin{verbatim}
-int rsa_sign_hash(const unsigned char *msghash,  unsigned long  msghashlen, 
-                        unsigned char *sig,      unsigned long *siglen, 
+int rsa_sign_hash(const unsigned char *in,   unsigned long  inlen, 
+                        unsigned char *out,  unsigned long *outlen, 
                         prng_state    *prng,     int            prng_idx,
                         int            hash_idx, unsigned long  saltlen,
                         rsa_key *key);
 \end{verbatim}
 
-This will PSS encode the message hash ``msghash'' of length ``msghashlen''.  Next the PSS encoded message is
-RSA ``signed'' and the output is stored in ``sig'' of length ``siglen''.  
+This will PSS encode the message hash ``in'' of length ``inlen''.  Next the PSS encoded message will be RSA ``signed'' and 
+the output is stored in ``out'' of length ``outlen''.  
 
 
 \index{rsa\_verify\_hash()}
@@ -2382,7 +2373,7 @@ the value ``res'' is set to $0$.  Otherwise, if the function succeeds and signat
 to $1$.
 
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    int           err, hash_idx, prng_idx, res;
@@ -2646,16 +2637,16 @@ Similar to the RSA related functions there are functions to encrypt or decrypt s
 algorithms.  
 \index{dh\_encrypt\_key()} \index{dh\_decrypt\_key()}
 \begin{verbatim}
-int dh_encrypt_key(const unsigned char *inkey, unsigned long keylen,
+int dh_encrypt_key(const unsigned char *in,   unsigned long  inlen,
                          unsigned char *out,  unsigned long *len, 
                          prng_state *prng, int wprng, int hash, 
                          dh_key *key);
 
-int dh_decrypt_key(const unsigned char *in, unsigned long inlen,
-                         unsigned char *outkey, unsigned long *keylen, 
+int dh_decrypt_key(const unsigned char *in,  unsigned long  inlen,
+                         unsigned char *out, unsigned long *outlen, 
                          dh_key *key);
 \end{verbatim}
-Where ``inkey'' is an input symmetric key of no more than 32 bytes.  Essentially these routines created a random public key
+Where ``in'' is an input symmetric key of no more than 32 bytes.  Essentially these routines created a random public key
 and find the hash of the shared secret.  The message digest is than XOR'ed against the symmetric key.  All of the 
 required data is placed in ``out'' by ``dh\_encrypt\_key()''.   The hash must produce a message digest at least as large
 as the symmetric key you are trying to share.
@@ -2759,17 +2750,17 @@ algorithms.
 
 \index{ecc\_encrypt\_key()} \index{ecc\_decrypt\_key()}
 \begin{verbatim}
-int ecc_encrypt_key(const unsigned char *inkey, unsigned long keylen,
-                          unsigned char *out,  unsigned long *len, 
+int ecc_encrypt_key(const unsigned char *in,   unsigned long  inlen,
+                          unsigned char *out,  unsigned long *outlen, 
                           prng_state *prng, int wprng, int hash, 
                           ecc_key *key);
 
-int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
-                          unsigned char *outkey, unsigned long *keylen, 
+int ecc_decrypt_key(const unsigned char *in,  unsigned long  inlen,
+                          unsigned char *out, unsigned long *outlen, 
                           ecc_key *key);
 \end{verbatim}
 
-Where ``inkey'' is an input symmetric key of no more than 32 bytes.  Essentially these routines created a random public key
+Where ``in'' is an input symmetric key of no more than 32 bytes.  Essentially these routines created a random public key
 and find the hash of the shared secret.  The message digest is than XOR'ed against the symmetric key.  All of the required
 data is placed in ``out'' by ``ecc\_encrypt\_key()''.   The hash chosen must produce a message digest at least as large
 as the symmetric key you are trying to share.
@@ -2975,7 +2966,7 @@ These will handle multiple encodings/decodings at once.  They work like their si
 except they handle a \textbf{NULL} terminated list of operands.
 
 \begin{verbatim}
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 {
    mp_int        a, b, c, d;
@@ -3047,7 +3038,7 @@ on the password.  The ``hash\_idx'' is the index of the hash you wish to use in
 
 \begin{alltt}
 /* demo to show how to make session state material from a password */
-#include <mycrypt.h>
+#include <tomcrypt.h>
 int main(void)
 \{
     unsigned char password[100], salt[100],
@@ -3115,7 +3106,7 @@ for all uses and is distributed freely.
 At the heart of all the functions is the data type ``mp\_int'' (defined in tommath.h).  This data type is what 
 will hold all large integers.  In order to use an mp\_int one must initialize it first, for example:
 \begin{verbatim}
-#include <mycrypt.h> /* mycrypt.h includes mpi.h automatically */
+#include <tomcrypt.h> /* tomcrypt.h includes mpi.h automatically */
 int main(void)
 { 
    mp_int bignum;
@@ -3327,7 +3318,7 @@ make install_lib
 Which will build the library and install it in /usr/lib (as well as the headers in /usr/include).  The destination
 directory of the library and headers can be changed by editing ``makefile''.  The variable LIBNAME controls
 where the library is to be installed and INCNAME controls where the headers are to be installed.  A developer can 
-then use the library by including ``mycrypt.h'' in their program and linking against ``libtomcrypt.a''.
+then use the library by including ``tomcrypt.h'' in their program and linking against ``libtomcrypt.a''.
 
 A static library can also be built with the Intel C Compiler  (ICC) by issuing the following
 

cscope.tmplst

@@ -1,219 +0,0 @@
-./aes.c
-./aes_tab.c
-./base64_decode.c
-./base64_encode.c
-./blowfish.c
-./burn_stack.c
-./cast5.c
-./cbc_decrypt.c
-./cbc_encrypt.c
-./cbc_getiv.c
-./cbc_setiv.c
-./cbc_start.c
-./cfb_decrypt.c
-./cfb_encrypt.c
-./cfb_getiv.c
-./cfb_setiv.c
-./cfb_start.c
-./chc.c
-./crypt.c
-./crypt_argchk.c
-./crypt_cipher_descriptor.c
-./crypt_cipher_is_valid.c
-./crypt_find_cipher.c
-./crypt_find_cipher_any.c
-./crypt_find_cipher_id.c
-./crypt_find_hash.c
-./crypt_find_hash_any.c
-./crypt_find_hash_id.c
-./crypt_find_prng.c
-./crypt_hash_descriptor.c
-./crypt_hash_is_valid.c
-./crypt_prng_descriptor.c
-./crypt_prng_is_valid.c
-./crypt_register_cipher.c
-./crypt_register_hash.c
-./crypt_register_prng.c
-./crypt_unregister_cipher.c
-./crypt_unregister_hash.c
-./crypt_unregister_prng.c
-./ctr_decrypt.c
-./ctr_encrypt.c
-./ctr_getiv.c
-./ctr_setiv.c
-./ctr_start.c
-./demos/encrypt.c
-./demos/hashsum.c
-./demos/small.c
-./demos/test/base64_test.c
-./demos/test/cipher_hash_test.c
-./demos/test/der_tests.c
-./demos/test/dh_tests.c
-./demos/test/dsa_test.c
-./demos/test/ecc_test.c
-./demos/test/mac_test.c
-./demos/test/makefile
-./demos/test/makefile.icc
-./demos/test/makefile.msvc
-./demos/test/makefile.shared
-./demos/test/modes_test.c
-./demos/test/pkcs_1_test.c
-./demos/test/rsa_test.c
-./demos/test/store_test.c
-./demos/test/test.c
-./demos/test/test.h
-./demos/tv_gen.c
-./demos/x86_prof.c
-./der_decode_integer.c
-./der_encode_integer.c
-./der_get_multi_integer.c
-./der_length_integer.c
-./der_put_multi_integer.c
-./des.c
-./dh.c
-./dh_sys.c
-./dsa_export.c
-./dsa_free.c
-./dsa_import.c
-./dsa_make_key.c
-./dsa_sign_hash.c
-./dsa_verify_hash.c
-./dsa_verify_key.c
-./eax_addheader.c
-./eax_decrypt.c
-./eax_decrypt_verify_memory.c
-./eax_done.c
-./eax_encrypt.c
-./eax_encrypt_authenticate_memory.c
-./eax_init.c
-./eax_test.c
-./ecb_decrypt.c
-./ecb_encrypt.c
-./ecb_start.c
-./ecc.c
-./ecc_sys.c
-./error_to_string.c
-./fortuna.c
-./hash_file.c
-./hash_filehandle.c
-./hash_memory.c
-./hmac_done.c
-./hmac_file.c
-./hmac_init.c
-./hmac_memory.c
-./hmac_process.c
-./hmac_test.c
-./is_prime.c
-./ltc_tommath.h
-./makefile
-./makefile.cygwin_dll
-./makefile.icc
-./makefile.msvc
-./makefile.shared
-./md2.c
-./md4.c
-./md5.c
-./mpi.c
-./mpi_to_ltc_error.c
-./mycrypt.h
-./mycrypt_argchk.h
-./mycrypt_cfg.h
-./mycrypt_cipher.h
-./mycrypt_custom.h
-./mycrypt_hash.h
-./mycrypt_macros.h
-./mycrypt_misc.h
-./mycrypt_pk.h
-./mycrypt_pkcs.h
-./mycrypt_prng.h
-./noekeon.c
-./notes/etc/whirlgen.c
-./notes/etc/whirltest.c
-./ocb_decrypt.c
-./ocb_decrypt_verify_memory.c
-./ocb_done_decrypt.c
-./ocb_done_encrypt.c
-./ocb_encrypt.c
-./ocb_encrypt_authenticate_memory.c
-./ocb_init.c
-./ocb_ntz.c
-./ocb_shift_xor.c
-./ocb_test.c
-./ofb_decrypt.c
-./ofb_encrypt.c
-./ofb_getiv.c
-./ofb_setiv.c
-./ofb_start.c
-./omac_done.c
-./omac_file.c
-./omac_init.c
-./omac_memory.c
-./omac_process.c
-./omac_test.c
-./packet_store_header.c
-./packet_valid_header.c
-./pkcs_1_i2osp.c
-./pkcs_1_mgf1.c
-./pkcs_1_oaep_decode.c
-./pkcs_1_oaep_encode.c
-./pkcs_1_os2ip.c
-./pkcs_1_pss_decode.c
-./pkcs_1_pss_encode.c
-./pkcs_1_v15_es_decode.c
-./pkcs_1_v15_es_encode.c
-./pkcs_1_v15_sa_decode.c
-./pkcs_1_v15_sa_encode.c
-./pkcs_5_1.c
-./pkcs_5_2.c
-./pmac_done.c
-./pmac_file.c
-./pmac_init.c
-./pmac_memory.c
-./pmac_ntz.c
-./pmac_process.c
-./pmac_shift_xor.c
-./pmac_test.c
-./rand_prime.c
-./rc2.c
-./rc4.c
-./rc5.c
-./rc6.c
-./rmd128.c
-./rmd160.c
-./rng_get_bytes.c
-./rng_make_prng.c
-./rsa_decrypt_key.c
-./rsa_encrypt_key.c
-./rsa_export.c
-./rsa_exptmod.c
-./rsa_free.c
-./rsa_import.c
-./rsa_make_key.c
-./rsa_sign_hash.c
-./rsa_v15_decrypt_key.c
-./rsa_v15_encrypt_key.c
-./rsa_v15_sign_hash.c
-./rsa_v15_verify_hash.c
-./rsa_verify_hash.c
-./s_ocb_done.c
-./safer.c
-./safer_tab.c
-./saferp.c
-./sha1.c
-./sha224.c
-./sha256.c
-./sha384.c
-./sha512.c
-./skipjack.c
-./sober128.c
-./sober128tab.c
-./sprng.c
-./tiger.c
-./tim_exptmod.c
-./twofish.c
-./twofish_tab.c
-./whirl.c
-./whirltab.c
-./xtea.c
-./yarrow.c
-./zeromem.c

demos/encrypt.c

@@ -7,7 +7,7 @@
 /* ie: ./encrypt blowfish story.txt story.ct */
 /* ./encrypt -d blowfish story.ct story.pt */
 
-#include <mycrypt.h>
+#include <tomcrypt.h>
 
 int errno;
 
@@ -69,6 +69,12 @@ void register_algs(void)
 #ifdef SKIPJACK
   register_cipher (&skipjack_desc);
 #endif
+#ifdef KHAZAD
+  register_cipher (&khazad_desc);
+#endif
+#ifdef ANUBIS
+  register_cipher (&anubis_desc);
+#endif
 
    if (register_hash(&sha256_desc) == -1) {
       printf("Error registering SHA256\n");

demos/hashsum.c

@@ -7,7 +7,7 @@
  * more functions ;)
 */
 
-#include <mycrypt.h>
+#include <tomcrypt.h>
 
 int errno;
 

demos/multi.c

@@ -0,0 +1,106 @@
+/* test the multi helpers... */
+#include <tomcrypt.h>
+
+int main(void)
+{
+   unsigned char key[16], buf[2][MAXBLOCKSIZE];
+   unsigned long len, len2;
+
+
+/* register algos */
+   register_hash(&sha256_desc);
+   register_cipher(&aes_desc);
+
+/* HASH testing */
+   len = sizeof(buf[0]);
+   hash_memory(find_hash("sha256"), "hello", 5, buf[0], &len);
+   len2 = sizeof(buf[0]);
+   hash_memory_multi(find_hash("sha256"), buf[1], &len2, "hello", 5, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   hash_memory_multi(find_hash("sha256"), buf[1], &len2, "he", 2, "llo", 3, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   hash_memory_multi(find_hash("sha256"), buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+
+/* HMAC */
+   len = sizeof(buf[0]);
+   hmac_memory(find_hash("sha256"), key, 16, "hello", 5, buf[0], &len);
+   len2 = sizeof(buf[0]);
+   hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, "hello", 5, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, "he", 2, "llo", 3, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+
+/* OMAC */
+   len = sizeof(buf[0]);
+   omac_memory(find_cipher("aes"), key, 16, "hello", 5, buf[0], &len);
+   len2 = sizeof(buf[0]);
+   omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "hello", 5, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "he", 2, "llo", 3, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+
+/* PMAC */
+   len = sizeof(buf[0]);
+   pmac_memory(find_cipher("aes"), key, 16, "hello", 5, buf[0], &len);
+   len2 = sizeof(buf[0]);
+   pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "hello", 5, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "he", 2, "llo", 3, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+
+
+   printf("All passed\n");
+   return EXIT_SUCCESS;
+}
+

demos/small.c

@@ -1,6 +1,5 @@
 // small demo app that just includes a cipher/hash/prng
-
-#include <mycrypt.h>
+#include <tomcrypt.h>
 
 int main(void)
 {

demos/test/der_tests.c

@@ -1,5 +1,15 @@
 #include "test.h"
 
+#ifndef LTC_DER
+
+int der_tests(void)
+{
+   printf("NOP");
+   return 0;
+}
+
+#else
+
 int der_tests(void)
 {
    unsigned long x, y, z, zz;
@@ -80,3 +90,5 @@ int der_tests(void)
    mp_clear_multi(&a, &b, &c, &d, &e, &f, &g, NULL);
    return 0;
 }
+
+#endif

demos/test/ecc_test.c

@@ -7,7 +7,7 @@ int ecc_tests (void)
   unsigned char buf[4][4096];
   unsigned long x, y, z;
   int           stat, stat2;
-  ecc_key usera, userb;
+  ecc_key usera, userb, pubKey, privKey;
 	
   DO(ecc_test ());
 
@@ -55,15 +55,24 @@ int ecc_tests (void)
   ecc_free (&userb);
 
 /* test encrypt_key */
-  ecc_make_key (&test_yarrow, find_prng ("yarrow"), 65, &usera);
+  DO(ecc_make_key (&test_yarrow, find_prng ("yarrow"), 65, &usera));
+
+/* export key */
+  x = sizeof(buf[0]);
+  DO(ecc_export(buf[0], &x, PK_PUBLIC, &usera));
+  DO(ecc_import(buf[0], x, &pubKey));
+  x = sizeof(buf[0]);
+  DO(ecc_export(buf[0], &x, PK_PRIVATE, &usera));
+  DO(ecc_import(buf[0], x, &privKey));
+
   for (x = 0; x < 32; x++) {
     buf[0][x] = x;
   }
   y = sizeof (buf[1]);
-  DO(ecc_encrypt_key (buf[0], 32, buf[1], &y, &test_yarrow, find_prng ("yarrow"), find_hash ("sha256"), &usera));
+  DO(ecc_encrypt_key (buf[0], 32, buf[1], &y, &test_yarrow, find_prng ("yarrow"), find_hash ("sha256"), &pubKey));
   zeromem (buf[0], sizeof (buf[0]));
   x = sizeof (buf[0]);
-  DO(ecc_decrypt_key (buf[1], y, buf[0], &x, &usera));
+  DO(ecc_decrypt_key (buf[1], y, buf[0], &x, &privKey));
   if (x != 32) {
     printf ("Failed (length)");
     return 1;
@@ -78,15 +87,17 @@ int ecc_tests (void)
     buf[0][x] = x;
   }
   x = sizeof (buf[1]);
-  DO(ecc_sign_hash (buf[0], 16, buf[1], &x, &test_yarrow, find_prng ("yarrow"), &usera));
-  DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat, &usera));
+  DO(ecc_sign_hash (buf[0], 16, buf[1], &x, &test_yarrow, find_prng ("yarrow"), &privKey));
+  DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat, &pubKey));
   buf[0][0] ^= 1;
-  DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat2, &usera));
+  DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat2, &privKey));
   if (!(stat == 1 && stat2 == 0)) { 
     printf("ecc_verify_hash failed");
     return 1;
   }
-  ecc_free (&usera);
+  ecc_free (&usera); 
+  ecc_free (&pubKey);
+  ecc_free (&privKey);
   return 0;
 }
 

demos/test/makefile

@@ -1,5 +1,5 @@
 # make test harness, it is good.
-CFLAGS += -Wall -W -Os -I../../ -I./
+CFLAGS += -Wall -W -Os -I../../src/headers/ -I./
 
 # add -g3 for ccmalloc debugging 
 #CFLAGS += -g3
@@ -19,7 +19,7 @@ pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests
 #CCMALLOC = -lccmalloc -ldl
 
 test: $(OBJECTS)
-	$(CC) $(OBJECTS) /usr/lib/libtomcrypt.a  $(CCMALLOC) -o test
+	$(CC) $(CFLAGS) $(OBJECTS) /usr/lib/libtomcrypt.a  $(CCMALLOC) -o test
 	
 clean:
 	rm -rf test *.o *.obj *.exe *~	.libs

demos/test/makefile.icc

@@ -1,5 +1,5 @@
 # make test harness, it is good.
-CFLAGS += -O3 -xN -ip -I../../ -I./
+CFLAGS += -O3 -xN -ip -I../../src/headers/ -I./
 CC=icc
 
 default: test

demos/test/makefile.msvc

@@ -1,5 +1,5 @@
 # make test harness, it is good.
-CFLAGS = $(CFLAGS) /W3 /Ox -I../../ -I./
+CFLAGS = $(CFLAGS) /W3 /Ox /I../../src/headers/ /I./
 
 default: test.exe
 

demos/test/makefile.shared

@@ -1,5 +1,5 @@
 # make test harness, it is good.
-CFLAGS += -Wall -W -Os -I../../ -I./
+CFLAGS += -Wall -W -Os -I../../src/headers/ -I./
 
 # if you're not debugging
 CFLAGS += -fomit-frame-pointer

demos/test/rsa_test.c

@@ -8,7 +8,7 @@ int rsa_test(void)
 {
    unsigned char in[1024], out[1024], tmp[1024];
    rsa_key       key, privKey, pubKey;
-   int           hash_idx, prng_idx, stat, stat2;
+   int           hash_idx, prng_idx, stat, stat2, cnt;
    unsigned long rsa_msgsize, len, len2;
    static unsigned char lparam[] = { 0x01, 0x02, 0x03, 0x04 };
       
@@ -23,6 +23,7 @@ int rsa_test(void)
    DO(rsa_make_key(&test_yarrow, prng_idx, 1024/8, 65537, &key));
    
    /* test PKCS #1 v1.5 */
+   for (cnt = 0; cnt < 4; cnt++) {
    for (rsa_msgsize = 1; rsa_msgsize <= 117; rsa_msgsize++) {
       /* make a random key/msg */
       yarrow_read(in, rsa_msgsize, &test_yarrow);
@@ -32,26 +33,28 @@ int rsa_test(void)
 
       /* encrypt */
       DO(rsa_v15_encrypt_key(in, rsa_msgsize, out, &len, &test_yarrow, prng_idx, &key));
-      DO(rsa_v15_decrypt_key(out, len, tmp, rsa_msgsize, &test_yarrow, prng_idx, &stat, &key));
+      DO(rsa_v15_decrypt_key(out, len, tmp, rsa_msgsize, &stat, &key));
       if (stat != 1 || memcmp(tmp, in, rsa_msgsize)) {
          printf("PKCS #1 v1.5 encrypt/decrypt failure (rsa_msgsize: %lu, stat: %d)\n", rsa_msgsize, stat);
-	 return 1;
+         return 1;
       }
    }
-   
+   }
+
    /* signature */
    len = sizeof(out);
-   DO(rsa_v15_sign_hash(in, 20, out, &len, &test_yarrow, prng_idx, hash_idx, &key));
+   DO(rsa_v15_sign_hash(in, 20, out, &len, hash_idx, &key));
    in[1] ^= 1;
-   DO(rsa_v15_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, &stat, &key));
+   DO(rsa_v15_verify_hash(out, len, in, 20, hash_idx, &stat, &key));
    in[1] ^= 1;
-   DO(rsa_v15_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, &stat2, &key));
+   DO(rsa_v15_verify_hash(out, len, in, 20, hash_idx, &stat2, &key));
    if (!(stat == 0 && stat2 == 1)) {
       printf("PKCS #1 v1.5 sign/verify failure (stat %d, stat2 %d)\n", stat, stat2);
       return 1;
    }
    
    /* encrypt the key (without lparam) */
+   for (cnt = 0; cnt < 4; cnt++) {
    for (rsa_msgsize = 1; rsa_msgsize <= 86; rsa_msgsize++) {
       /* make a random key/msg */
       yarrow_read(in, rsa_msgsize, &test_yarrow);
@@ -62,7 +65,7 @@ int rsa_test(void)
       DO(rsa_encrypt_key(in, rsa_msgsize, out, &len, NULL, 0, &test_yarrow, prng_idx, hash_idx, &key));
       /* change a byte */
       out[8] ^= 1;
-      DO(rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, &test_yarrow, prng_idx, hash_idx, &stat2, &key));
+      DO(rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, hash_idx, &stat2, &key));
       /* change a byte back */
       out[8] ^= 1;
       if (len2 != rsa_msgsize) {
@@ -71,7 +74,7 @@ int rsa_test(void)
       }
 
       len2 = rsa_msgsize;
-      DO(rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, &test_yarrow, prng_idx, hash_idx, &stat, &key));
+      DO(rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, hash_idx, &stat, &key));
       if (!(stat == 1 && stat2 == 0)) {
          printf("rsa_decrypt_key failed");
          return 1;
@@ -98,6 +101,7 @@ int rsa_test(void)
          return 1;
       }
    }
+   }
 
    /* encrypt the key (with lparam) */
    for (rsa_msgsize = 1; rsa_msgsize <= 86; rsa_msgsize++) {
@@ -106,7 +110,7 @@ int rsa_test(void)
       DO(rsa_encrypt_key(in, rsa_msgsize, out, &len, lparam, sizeof(lparam), &test_yarrow, prng_idx, hash_idx, &key));
       /* change a byte */
       out[8] ^= 1;
-      DO(rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), &test_yarrow, prng_idx, hash_idx, &stat2, &key));
+      DO(rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), hash_idx, &stat2, &key));
       if (len2 != rsa_msgsize) {
          printf("\nrsa_decrypt_key mismatch len %lu (first decrypt)", len2);
          return 1;
@@ -115,7 +119,7 @@ int rsa_test(void)
       out[8] ^= 1;
 
       len2 = rsa_msgsize;
-      DO(rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), &test_yarrow, prng_idx, hash_idx, &stat, &key));
+      DO(rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), hash_idx, &stat, &key));
       if (!(stat == 1 && stat2 == 0)) {
          printf("rsa_decrypt_key failed");
          return 1;
@@ -139,10 +143,10 @@ int rsa_test(void)
    DO(rsa_import(tmp, len2, &pubKey));
 
    /* verify with original */
-   DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat, &key));
+   DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &key));
    /* change a byte */
    in[0] ^= 1;
-   DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat2, &key));
+   DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &key));
    
    if (!(stat == 1 && stat2 == 0)) {
       printf("rsa_verify_hash (unsalted, origKey) failed, %d, %d", stat, stat2);
@@ -155,10 +159,10 @@ int rsa_test(void)
    /* verify with privKey */
    /* change a byte */
    in[0] ^= 1;
-   DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat, &privKey));
+   DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &privKey));
    /* change a byte */
    in[0] ^= 1;
-   DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat2, &privKey));
+   DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &privKey));
    
    if (!(stat == 1 && stat2 == 0)) {
       printf("rsa_verify_hash (unsalted, privKey) failed, %d, %d", stat, stat2);
@@ -171,10 +175,10 @@ int rsa_test(void)
    /* verify with pubKey */
    /* change a byte */
    in[0] ^= 1;
-   DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat, &pubKey));
+   DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &pubKey));
    /* change a byte */
    in[0] ^= 1;
-   DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat2, &pubKey));
+   DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &pubKey));
    
    if (!(stat == 1 && stat2 == 0)) {
       printf("rsa_verify_hash (unsalted, pubkey) failed, %d, %d", stat, stat2);
@@ -187,10 +191,10 @@ int rsa_test(void)
    /* sign a message (salted) now (use privKey to make, pubKey to verify) */
    len = sizeof(out);
    DO(rsa_sign_hash(in, 20, out, &len, &test_yarrow, prng_idx, hash_idx, 8, &privKey));
-   DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 8, &stat, &pubKey));
+   DO(rsa_verify_hash(out, len, in, 20, hash_idx, 8, &stat, &pubKey));
    /* change a byte */
    in[0] ^= 1;
-   DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 8, &stat2, &pubKey));
+   DO(rsa_verify_hash(out, len, in, 20, hash_idx, 8, &stat2, &pubKey));
    
    if (!(stat == 1 && stat2 == 0)) {
       printf("rsa_verify_hash (salted) failed, %d, %d", stat, stat2);

demos/test/test.c

@@ -78,6 +78,13 @@ void register_algs(void)
 #ifdef SKIPJACK
   register_cipher (&skipjack_desc);
 #endif
+#ifdef KHAZAD
+  register_cipher (&khazad_desc);
+#endif
+#ifdef ANUBIS
+  register_cipher (&anubis_desc);
+#endif
+
 #ifdef TIGER
   register_hash (&tiger_desc);
 #endif
@@ -228,30 +235,32 @@ int main(void)
    DO(yarrow_add_entropy(buf, 16, &test_yarrow));
    DO(yarrow_ready(&test_yarrow));
 
-   // output sizes 
+   // output sizes (this will crash MSVC... go figure.)
+#ifndef _MSC_VER 
    printf("Sizes of objects (in bytes)\n");
-   printf("\tsymmetric_key\t=\t%5lu\n", sizeof(symmetric_key));
-   printf("\thash_state\t=\t%5lu\n", sizeof(hash_state));
-   printf("\thmac_state\t=\t%5lu\n", sizeof(hmac_state));
-   printf("\tomac_state\t=\t%5lu\n", sizeof(omac_state));
-   printf("\tpmac_state\t=\t%5lu\n", sizeof(pmac_state));
-   printf("\tocb_state\t=\t%5lu\n", sizeof(ocb_state));
-   printf("\teax_state\t=\t%5lu\n", sizeof(eax_state));
-   printf("\tmp_int\t\t=\t%5lu\n", sizeof(mp_int));
+   printf("\tsymmetric_key\t=\t%5Zu\n", sizeof(symmetric_key));
+   printf("\thash_state\t=\t%5Zu\n", sizeof(hash_state));
+   printf("\thmac_state\t=\t%5Zu\n", sizeof(hmac_state));
+   printf("\tomac_state\t=\t%5Zu\n", sizeof(omac_state));
+   printf("\tpmac_state\t=\t%5Zu\n", sizeof(pmac_state));
+   printf("\tocb_state\t=\t%5Zu\n", sizeof(ocb_state));
+   printf("\teax_state\t=\t%5Zu\n", sizeof(eax_state));
+   printf("\tmp_int\t\t=\t%5Zu\n", sizeof(mp_int));
 #ifdef MRSA
-   printf("\trsa_key\t\t=\t%5lu\n", sizeof(rsa_key));
+   printf("\trsa_key\t\t=\t%5Zu\n", sizeof(rsa_key));
 #endif
 #ifdef MDSA
-   printf("\tdsa_key\t\t=\t%5lu\n", sizeof(dsa_key));
+   printf("\tdsa_key\t\t=\t%5Zu\n", sizeof(dsa_key));
 #endif
 #ifdef MDH
-   printf("\tdh_key\t\t=\t%5lu\n", sizeof(dh_key));
+   printf("\tdh_key\t\t=\t%5Zu\n", sizeof(dh_key));
 #endif
 #ifdef MECC
-   printf("\tecc_key\t\t=\t%5lu\n", sizeof(ecc_key));
+   printf("\tecc_key\t\t=\t%5Zu\n", sizeof(ecc_key));
 #endif
-
    printf("\n\n");
+#endif
+
    // do tests
    for (current_test = 0; tests[current_test].name != NULL; current_test++) {
        printf("[%-20s]: ", tests[current_test].name); fflush(stdout);

demos/test/test.h

@@ -1,7 +1,8 @@
+
 #ifndef __TEST_H_
 #define __TEST_H_
 
-#include "mycrypt.h"
+#include "tomcrypt.h"
 
 /* enable stack testing */
 // #define STACK_TEST

demos/tv_gen.c

@@ -1,4 +1,4 @@
-#include <mycrypt.h>
+#include <tomcrypt.h>
 
 void reg_algs(void)
 {
@@ -47,6 +47,12 @@ void reg_algs(void)
 #ifdef SKIPJACK
   register_cipher (&skipjack_desc);
 #endif
+#ifdef ANUBIS
+  register_cipher (&anubis_desc);
+#endif
+#ifdef KHAZAD
+  register_cipher (&khazad_desc);
+#endif
 
 #ifdef TIGER
   register_hash (&tiger_desc);

demos/tv_gen.lo

@@ -1,12 +0,0 @@
-# demos/tv_gen.lo - a libtool object file
-# Generated by ltmain.sh - GNU libtool 1.5.2 (1.1220.2.60 2004/01/25 12:25:08)
-#
-# Please DO NOT delete this file!
-# It is necessary for linking the library.
-
-# Name of the PIC object.
-pic_object='.libs/tv_gen.o'
-
-# Name of the non-PIC object.
-non_pic_object='tv_gen.o'
-

demos/x86_prof.c

@@ -1,4 +1,4 @@
-#include <mycrypt.h>
+#include <tomcrypt.h>
 
 #define KTIMES  25
 #define TIMES   100000
@@ -35,7 +35,7 @@ void tally_results(int type)
    } else if (type == 1) {
       for (x = 0; x < no_results; x++) {
         printf
-          ("%-20s: Encrypt at %5lu, Decrypt at %5lu\n", cipher_descriptor[results[x].id].name, results[x].spd1, results[x].spd2);
+          ("%-20s[%2d]: Encrypt at %5lu, Decrypt at %5lu\n", cipher_descriptor[results[x].id].name, cipher_descriptor[results[x].id].ID, results[x].spd1, results[x].spd2);
       }
    } else {
       for (x = 0; x < no_results; x++) {
@@ -154,6 +154,12 @@ void reg_algs(void)
 #ifdef SKIPJACK
   register_cipher (&skipjack_desc);
 #endif
+#ifdef KHAZAD
+  register_cipher (&khazad_desc);
+#endif
+#ifdef ANUBIS
+  register_cipher (&anubis_desc);
+#endif
 
 #ifdef TIGER
   register_hash (&tiger_desc);
@@ -382,7 +388,7 @@ void time_mult(void)
 
    printf("Timing Multiplying:\n");
    mp_init_multi(&a,&b,&c,NULL);
-   for (x = 128/DIGIT_BIT; x <= 1024/DIGIT_BIT; x += 128/DIGIT_BIT) {
+   for (x = 128/DIGIT_BIT; x <= 1536/DIGIT_BIT; x += 128/DIGIT_BIT) {
        mp_rand(&a, x);
        mp_rand(&b, x);
 
@@ -397,7 +403,7 @@ void time_mult(void)
            t1 = (t_read() - t1)>>1;
            if (t1 < t2) t2 = t1;
        }
-       printf("%3lu digits: %9llu cycles\n", x, t2);
+       printf("%4lu bits: %9llu cycles\n", x*DIGIT_BIT, t2);
    }
    mp_clear_multi(&a,&b,&c,NULL);
 
@@ -413,7 +419,7 @@ void time_sqr(void)
 
    printf("Timing Squaring:\n");
    mp_init_multi(&a,&b,NULL);
-   for (x = 128/DIGIT_BIT; x <= 1024/DIGIT_BIT; x += 128/DIGIT_BIT) {
+   for (x = 128/DIGIT_BIT; x <= 1536/DIGIT_BIT; x += 128/DIGIT_BIT) {
        mp_rand(&a, x);
 
 #define DO1 mp_sqr(&a, &b);
@@ -427,7 +433,7 @@ void time_sqr(void)
            t1 = (t_read() - t1)>>1;
            if (t1 < t2) t2 = t1;
        }
-       printf("%3lu digits: %9llu cycles\n", x, t2);
+       printf("%4lu bits: %9llu cycles\n", x*DIGIT_BIT, t2);
    }
    mp_clear_multi(&a,&b,NULL);
 
@@ -537,8 +543,7 @@ void time_rsa(void)
            t_start();
            t1 = t_read();
            zzz = sizeof(buf[0]);
-           if ((err = rsa_decrypt_key(buf[1], z, buf[0], &zzz, "testprog", 8, &prng,
-                                      find_prng("yarrow"), find_hash("sha1"), 
+           if ((err = rsa_decrypt_key(buf[1], z, buf[0], &zzz, "testprog", 8,  find_hash("sha1"), 
                                       &zz, &key)) != CRYPT_OK) {
               fprintf(stderr, "\n\nrsa_decrypt_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK));
               exit(EXIT_FAILURE);

doc/footer.html

@@ -0,0 +1,4 @@
+<hr width="80%">
+Code by <a href="http://www.libtomcrypt.org/">Tom</a><br>
+Docs using <img src="doxygen.png" alt="doxygen" align="middle" border=0>
+<a href="http://jlcooke.ca/tom/hidden_image.png">

doc/header.html

@@ -0,0 +1,6 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
+<title>LibTomCrypt: Main Page</title>
+<link href="doxygen.css" rel="stylesheet" type="text/css">
+</head><body>
+<!-- Generated by Doxygen 1.3.8 -->

eax_addheader.c

@@ -1,25 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-/* EAX Implementation by Tom St Denis */
-#include "mycrypt.h"
-
-#ifdef EAX_MODE
-
-/* add header (metadata) to the stream */
-int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length)
-{
-   _ARGCHK(eax    != NULL);
-   _ARGCHK(header != NULL);
-   return omac_process(&eax->headeromac, header, length);
-}
-
-#endif

eax_encrypt_authenticate_memory.c

@@ -1,53 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-/* EAX Implementation by Tom St Denis */
-#include "mycrypt.h"
-
-#ifdef EAX_MODE
-
-int eax_encrypt_authenticate_memory(int cipher,
-    const unsigned char *key,    unsigned long keylen,
-    const unsigned char *nonce,  unsigned long noncelen,
-    const unsigned char *header, unsigned long headerlen,
-    const unsigned char *pt,     unsigned long ptlen,
-          unsigned char *ct,
-          unsigned char *tag,    unsigned long *taglen)
-{
-   int err;
-   eax_state *eax;
-
-   eax = XMALLOC(sizeof(eax_state));
-
-   if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
-      goto __ERR; 
-   }
-
-   if ((err = eax_encrypt(eax, pt, ct, ptlen)) != CRYPT_OK) {
-      goto __ERR; 
-   }
- 
-   if ((err = eax_done(eax, tag, taglen)) != CRYPT_OK) {
-      goto __ERR; 
-   }
-
-   err = CRYPT_OK;
-__ERR:
-#ifdef CLEAN_STACK
-   zeromem(eax, sizeof(eax_state));
-#endif
-
-   XFREE(eax);
-
-   return err;   
-}
-
-#endif

genlist.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# aes_tab.o is a pseudo object as it's made from aes.o and MPI is optional
+export a=`echo -n "src/ciphers/aes/aes_enc.o *(MPIOBJECT) " ; find . -type f | sort | grep "[.]/src" | grep "[.]c" | grep -v "sha224" | grep -v "sha384" | grep -v "aes_tab" | grep -v "twofish_tab" | grep -v "whirltab" | grep -v "dh_sys" | grep -v "ecc_sys" | grep -v "mpi[.]c" | grep -v "sober128tab" | sed -e 'sE\./EE' | sed -e 's/\.c/\.o/' | xargs`
+./parsenames.pl OBJECTS "$a"
+export a=`find . -type f | grep [.]/src | grep [.]h | sed -e 'se\./ee' | xargs`
+./parsenames.pl HEADERS "$a"

hmac_memory.c

@@ -1,58 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-/* Submited by Dobes Vandermeer  ([email protected]) */
-
-#include "mycrypt.h"
-
-#ifdef HMAC
-
-int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
-                const unsigned char *data, unsigned long len, 
-                unsigned char *dst, unsigned long *dstlen)
-{
-    hmac_state *hmac;
-    int err;
-
-    _ARGCHK(key    != NULL);
-    _ARGCHK(data   != NULL);
-    _ARGCHK(dst    != NULL); 
-    _ARGCHK(dstlen != NULL);
-
-    /* allocate ram for hmac state */
-    hmac = XMALLOC(sizeof(hmac_state));
-    if (hmac == NULL) {
-       return CRYPT_MEM;
-    }
-
-    if ((err = hmac_init(hmac, hash, key, keylen)) != CRYPT_OK) {
-       goto __ERR;
-    }
-
-    if ((err = hmac_process(hmac, data, len)) != CRYPT_OK) {
-       goto __ERR;
-    }
-
-    if ((err = hmac_done(hmac, dst, dstlen)) != CRYPT_OK) {
-       goto __ERR;
-    }
-
-   err = CRYPT_OK;
-__ERR:
-#ifdef CLEAN_STACK
-   zeromem(hmac, sizeof(hmac_state));
-#endif
-
-   XFREE(hmac);
-   return err;   
-}
-
-#endif
-

hmac_process.c

@@ -1,29 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-/* Submited by Dobes Vandermeer  ([email protected]) */
-
-#include "mycrypt.h"
-
-#ifdef HMAC
-
-int hmac_process(hmac_state *hmac, const unsigned char *buf, unsigned long len)
-{
-    int err;
-    _ARGCHK(hmac != NULL);
-    _ARGCHK(buf != NULL);
-    if ((err = hash_is_valid(hmac->hash)) != CRYPT_OK) {
-        return err;
-    }
-    return hash_descriptor[hmac->hash].process(&hmac->md, buf, len);
-}
-
-#endif
-

makefile

@@ -4,7 +4,7 @@
 # Modified by Clay Culver
 
 # The version
-VERSION=0.99
+VERSION=1.00
 
 # Compiler and Linker Names
 #CC=gcc
@@ -15,22 +15,27 @@ VERSION=0.99
 #ARFLAGS=r
 
 # Compilation flags. Note the += does not write over the user's CFLAGS!
-CFLAGS += -c -I./ -Wall -Wsign-compare -W -Wshadow 
-# -Werror
+CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow 
+
+# additional warnings (newer GCC 3.4 and higher)
+#CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \
+#		  -Wmissing-declarations -Wpointer-arith 
 
 # optimize for SPEED
 #CFLAGS += -O3 -funroll-all-loops
 
-#add -fomit-frame-pointer.  hinders debugging!
-#CFLAGS += -fomit-frame-pointer
+# add -fomit-frame-pointer.  hinders debugging!
+CFLAGS += -fomit-frame-pointer
 
 # optimize for SIZE
-CFLAGS += -Os -DSMALL_CODE
+CFLAGS += -Os -DLTC_SMALL_CODE
 
-# compile for DEBUGING (required for ccmalloc checking!!!)
-#CFLAGS += -g3
+# older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
+# define this to help
+#CFLAGS += -DLTC_NO_ROLC
 
-#These flags control how the library gets built.
+# compile for DEBUGING (required for ccmalloc checking!!!)
+#CFLAGS += -g3 -DLTC_NO_ASM
 
 #Output filenames for various targets.
 LIBNAME=libtomcrypt.a
@@ -39,6 +44,7 @@ CRYPT=encrypt
 SMALL=small
 PROF=x86_prof
 TV=tv_gen
+MULTI=multi
 
 #LIBPATH-The directory for libtomcrypt to be installed to.
 #INCPATH-The directory to install the header files for libtomcrypt.
@@ -48,78 +54,87 @@ LIBPATH=/usr/lib
 INCPATH=/usr/include
 DATAPATH=/usr/share/doc/libtomcrypt/pdf
 
+#Who do we install as?
+USER=root
+GROUP=root
+
 #List of objects to compile.
 
 #Leave MPI built-in or force developer to link against libtommath?
-MPIOBJECT=mpi.o
-
-OBJECTS=error_to_string.o mpi_to_ltc_error.o base64_encode.o base64_decode.o \
-\
-crypt.o                    crypt_find_cipher.o      crypt_find_hash_any.o      \
-crypt_hash_is_valid.o      crypt_register_hash.o    crypt_unregister_prng.o    \
-crypt_argchk.o             crypt_find_cipher_any.o  crypt_find_hash_id.o       \
-crypt_prng_descriptor.o    crypt_register_prng.o    crypt_cipher_descriptor.o  \
-crypt_find_cipher_id.o     crypt_find_prng.o        crypt_prng_is_valid.o      \
-crypt_unregister_cipher.o  crypt_cipher_is_valid.o  crypt_find_hash.o          \
-crypt_hash_descriptor.o    crypt_register_cipher.o  crypt_unregister_hash.o    \
-\
-sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o  rng_make_prng.o \
-\
-rand_prime.o is_prime.o \
-\
-ecc.o  dh.o \
-\
-rsa_decrypt_key.o  rsa_encrypt_key.o  rsa_exptmod.o  rsa_free.o  rsa_make_key.o  \
-rsa_sign_hash.o  rsa_verify_hash.o rsa_export.o rsa_import.o tim_exptmod.o \
-rsa_v15_encrypt_key.o rsa_v15_decrypt_key.o rsa_v15_sign_hash.o rsa_v15_verify_hash.o \
-\
-dsa_export.o  dsa_free.o  dsa_import.o  dsa_make_key.o  dsa_sign_hash.o  \
-dsa_verify_hash.o  dsa_verify_key.o \
-\
-aes.o aes_enc.o \
-\
-blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \
-rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \
-\
-md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
-rmd128.o rmd160.o chc.o \
-\
-packet_store_header.o  packet_valid_header.o \
-\
-eax_addheader.o  eax_decrypt.o  eax_decrypt_verify_memory.o  eax_done.o  eax_encrypt.o  \
-eax_encrypt_authenticate_memory.o  eax_init.o  eax_test.o \
-\
-ocb_decrypt.o  ocb_decrypt_verify_memory.o  ocb_done_decrypt.o  ocb_done_encrypt.o  \
-ocb_encrypt.o  ocb_encrypt_authenticate_memory.o  ocb_init.o  ocb_ntz.o  \
-ocb_shift_xor.o  ocb_test.o s_ocb_done.o \
-\
-omac_done.o  omac_file.o  omac_init.o  omac_memory.o  omac_process.o  omac_test.o \
-\
-pmac_done.o  pmac_file.o  pmac_init.o  pmac_memory.o  pmac_ntz.o  pmac_process.o  \
-pmac_shift_xor.o  pmac_test.o \
-\
-cbc_start.o cbc_encrypt.o cbc_decrypt.o cbc_getiv.o cbc_setiv.o \
-cfb_start.o cfb_encrypt.o cfb_decrypt.o cfb_getiv.o cfb_setiv.o \
-ofb_start.o ofb_encrypt.o ofb_decrypt.o ofb_getiv.o ofb_setiv.o \
-ctr_start.o ctr_encrypt.o ctr_decrypt.o ctr_getiv.o ctr_setiv.o \
-ecb_start.o ecb_encrypt.o ecb_decrypt.o \
-\
-hash_file.o  hash_filehandle.o  hash_memory.o \
-\
-hmac_done.o  hmac_file.o  hmac_init.o  hmac_memory.o  hmac_process.o  hmac_test.o \
-\
-pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o  \
-pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
-pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_sa_decode.o \
-\
-pkcs_5_1.o pkcs_5_2.o \
-\
-der_encode_integer.o der_decode_integer.o der_length_integer.o \
-der_put_multi_integer.o der_get_multi_integer.o \
-\
-burn_stack.o zeromem.o \
-\
-$(MPIOBJECT)
+MPIOBJECT=src/misc/mpi/mpi.o
+
+
+OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \
+src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \
+src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \
+src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \
+src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
+src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
+src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
+src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \
+src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \
+src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
+src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \
+src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
+src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \
+src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
+src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \
+src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \
+src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \
+src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \
+src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \
+src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
+src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
+src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \
+src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \
+src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \
+src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \
+src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
+src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
+src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
+src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \
+src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \
+src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
+src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
+src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \
+src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \
+src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \
+src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
+src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
+src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
+src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \
+src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \
+src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
+src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
+src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \
+src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
+src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
+src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
+src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \
+src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \
+src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \
+src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \
+src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \
+src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
+src/prngs/sprng.o src/prngs/yarrow.o
 
 TESTOBJECTS=demos/test.o
 HASHOBJECTS=demos/hashsum.o
@@ -127,6 +142,7 @@ CRYPTOBJECTS=demos/encrypt.o
 SMALLOBJECTS=demos/small.o
 PROFS=demos/x86_prof.o
 TVS=demos/tv_gen.o
+MULTIS=demos/multi.o
 
 #Files left over from making the crypt.pdf.
 LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
@@ -135,32 +151,33 @@ LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
 COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip
 
 #Header files used by libtomcrypt.
-HEADERS=ltc_tommath.h mycrypt_cfg.h \
-mycrypt_misc.h  mycrypt_prng.h mycrypt_cipher.h  mycrypt_hash.h \
-mycrypt_macros.h  mycrypt_pk.h mycrypt.h mycrypt_argchk.h \
-mycrypt_custom.h mycrypt_pkcs.h tommath_class.h tommath_superclass.h
+HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_misc.h  src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h  src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_macros.h  src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \
+src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h
 
 #The default rule for make builds the libtomcrypt library.
 default:library
 
 #ciphers come in two flavours... enc+dec and enc 
-aes_enc.o: aes.c aes_tab.c
-	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c aes.c -o aes_enc.o
+src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
 
 #These are the rules to make certain object files.
-aes.o: aes.c aes_tab.c
-twofish.o: twofish.c twofish_tab.c
-whirl.o: whirl.c whirltab.c
-ecc.o: ecc.c ecc_sys.c
-dh.o: dh.c dh_sys.c
-sha512.o: sha512.c sha384.c
-sha256.o: sha256.c sha224.c
+src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
+src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
+src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
+src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
+src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
 
 #This rule makes the libtomcrypt library.
 library: $(LIBNAME)
 
 $(LIBNAME): $(OBJECTS)
 	$(AR) $(ARFLAGS) $@ $(OBJECTS) 
+	ranlib $(LIBNAME)
 
 #This rule makes the hash program included with libtomcrypt
 hashsum: library $(HASHOBJECTS)
@@ -180,32 +197,48 @@ x86_prof: library $(PROFS)
 tv_gen: library $(TVS)
 	$(CC) $(TVS) $(LIBNAME) $(EXTRALIBS) -o $(TV)
 
+multi: library $(MULTIS)
+	$(CC) $(MULTIS) $(LIBNAME) -o multi
+
 #This rule installs the library and the header files. This must be run
 #as root in order to have a high enough permission to write to the correct
 #directories and to set the owner and group to root.
 install: library docs
-	install -d -g root -o root $(DESTDIR)$(LIBPATH)
-	install -d -g root -o root $(DESTDIR)$(INCPATH)
-	install -d -g root -o root $(DESTDIR)$(DATAPATH)
-	install -g root -o root $(LIBNAME) $(DESTDIR)$(LIBPATH)
-	install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
-	install -g root -o root doc/crypt.pdf $(DESTDIR)$(DATAPATH)
+	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
+	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
+	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(DATAPATH)
+	install -g $(GROUP) -o $(USER) $(LIBNAME) $(DESTDIR)$(LIBPATH)
+	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
+	install -g $(GROUP) -o $(USER) doc/crypt.pdf $(DESTDIR)$(DATAPATH)
 
 install_lib: library
-	install -d -g root -o root $(DESTDIR)$(LIBPATH)
-	install -d -g root -o root $(DESTDIR)$(INCPATH)
-	install -g root -o root $(LIBNAME) $(DESTDIR)$(LIBPATH)
-	install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
+	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
+	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
+	install -g $(GROUP) -o $(USER) $(LIBNAME) $(DESTDIR)$(LIBPATH)
+	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
 
 #This rule cleans the source tree of all compiled code, not including the pdf
 #documentation.
 clean:
-	rm -f $(OBJECTS) $(TESTOBJECTS) $(HASHOBJECTS) $(CRYPTOBJECTS) $(SMALLOBJECTS) $(LEFTOVERS) $(LIBNAME)
-	rm -f $(TEST) $(HASH) $(COMPRESSED) $(PROFS) $(PROF) $(TVS) $(TV)
-	rm -f *.la *.lo *.o *.a *.dll *stackdump *.lib *.exe *.obj demos/*.obj demos/*.o *.bat *.txt *.il *.da demos/*.il demos/*.da *.dyn *.dpi \
-	*.gcda *.gcno demos/*.gcno demos/*.gcda *~ doc/*
-	cd demos/test ; make clean   
-	rm -rf .libs demos/.libs demos/test/.libs
+	rm -f `find . -type f | grep "[.]o" | xargs`
+	rm -f `find . -type f | grep "[.]lo"  | xargs`
+	rm -f `find . -type f | grep "[.]a" | xargs`
+	rm -f `find . -type f | grep "[.]la"  | xargs`
+	rm -f `find . -type f | grep "[.]obj" | xargs`
+	rm -f `find . -type f | grep "[.]lib" | xargs`
+	rm -f `find . -type f | grep "[.]exe" | xargs`
+	rm -rf `find . -type d | grep "[.]libs" | xargs`
+	rm -f crypt.aux  crypt.dvi  crypt.idx  crypt.ilg  crypt.ind  crypt.log crypt.toc
+	rm -f $(TV) $(PROF) $(SMALL) $(CRYPT) $(HASHSUM) $(MULTI)
+	cd demos/test ; make clean
+	rm -rf doc/doxygen
+	rm -f doc/*.pdf
+
+#build the doxy files (requires Doxygen, tetex and patience)
+doxy:
+	doxygen
+	cd doc/doxygen/latex ; make ; mv -f refman.pdf ../../.
+	echo The huge doxygen PDF should be available as doc/refman.pdf
 	
 #This builds the crypt.pdf file. Note that the rm -f *.pdf has been removed
 #from the clean command! This is because most people would like to keep the
@@ -229,10 +262,6 @@ docdvi: crypt.tex
 	makeindex crypt.idx
 	latex crypt > /dev/null
 
-#pretty build
-pretty:
-	perl pretty.build
-
 #for GCC 3.4+
 profiled:
 	make clean
@@ -244,6 +273,7 @@ profiled:
 #zipup the project (take that!)
 zipup: clean docs
 	cd .. ; rm -rf crypt* libtomcrypt-$(VERSION) ; mkdir libtomcrypt-$(VERSION) ; \
-	cp -R ./libtomcrypt/* ./libtomcrypt-$(VERSION)/ ; tar -c libtomcrypt-$(VERSION)/* > crypt-$(VERSION).tar ; \
-	bzip2 -9vv crypt-$(VERSION).tar ; zip -9 -r crypt-$(VERSION).zip libtomcrypt-$(VERSION)/* ; \
+	cp -R ./libtomcrypt/* ./libtomcrypt-$(VERSION)/ ; \
+	tar -cjvf crypt-$(VERSION).tar.bz2 libtomcrypt-$(VERSION)/* ; \
+	zip -9 -r crypt-$(VERSION).zip libtomcrypt-$(VERSION)/* ; \
 	gpg -b -a crypt-$(VERSION).tar.bz2 ; gpg -b -a crypt-$(VERSION).zip

makefile.cygwin_dll

@@ -4,7 +4,7 @@ default: ltc_dll
 
 
 # Compilation flags. Note the += does not write over the user's CFLAGS!
-CFLAGS += -I./ -Wall -Wsign-compare -W -Wno-unused -Wshadow -mno-cygwin -DWIN32
+CFLAGS += -I./src/headers/ -Wall -Wsign-compare -W -Wno-unused -Wshadow -mno-cygwin -DWIN32 -DLTC_NO_ROLC
 
 # optimize for SPEED
 CFLAGS += -O3 -funroll-all-loops
@@ -16,80 +16,102 @@ CFLAGS += -fomit-frame-pointer
 #CFLAGS += -Os
 
 #Leave MPI built-in or force developer to link against libtommath?
-MPIOBJECT=mpi.o
+MPIOBJECT=src/misc/mpi/mpi.o
 
-OBJECTS=error_to_string.o mpi_to_ltc_error.o base64_encode.o base64_decode.o \
-\
-crypt.o                    crypt_find_cipher.o      crypt_find_hash_any.o      \
-crypt_hash_is_valid.o      crypt_register_hash.o    crypt_unregister_prng.o    \
-crypt_argchk.o             crypt_find_cipher_any.o  crypt_find_hash_id.o       \
-crypt_prng_descriptor.o    crypt_register_prng.o    crypt_cipher_descriptor.o  \
-crypt_find_cipher_id.o     crypt_find_prng.o        crypt_prng_is_valid.o      \
-crypt_unregister_cipher.o  crypt_cipher_is_valid.o  crypt_find_hash.o          \
-crypt_hash_descriptor.o    crypt_register_cipher.o  crypt_unregister_hash.o    \
-\
-sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o  rng_make_prng.o \
-\
-rand_prime.o is_prime.o \
-\
-ecc.o  dh.o \
-\
-rsa_decrypt_key.o  rsa_encrypt_key.o  rsa_exptmod.o  rsa_free.o  rsa_make_key.o  \
-rsa_sign_hash.o  rsa_verify_hash.o rsa_export.o rsa_import.o tim_exptmod.o \
-rsa_v15_encrypt_key.o rsa_v15_decrypt_key.o rsa_v15_sign_hash.o rsa_v15_verify_hash.o \
-\
-dsa_export.o  dsa_free.o  dsa_import.o  dsa_make_key.o  dsa_sign_hash.o  \
-dsa_verify_hash.o  dsa_verify_key.o \
-\
-aes.o aes_enc.o \
-\
-blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \
-rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \
-\
-md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
-rmd128.o rmd160.o chc.o \
-\
-packet_store_header.o  packet_valid_header.o \
-\
-eax_addheader.o  eax_decrypt.o  eax_decrypt_verify_memory.o  eax_done.o  eax_encrypt.o  \
-eax_encrypt_authenticate_memory.o  eax_init.o  eax_test.o \
-\
-ocb_decrypt.o  ocb_decrypt_verify_memory.o  ocb_done_decrypt.o  ocb_done_encrypt.o  \
-ocb_encrypt.o  ocb_encrypt_authenticate_memory.o  ocb_init.o  ocb_ntz.o  \
-ocb_shift_xor.o  ocb_test.o s_ocb_done.o \
-\
-omac_done.o  omac_file.o  omac_init.o  omac_memory.o  omac_process.o  omac_test.o \
-\
-pmac_done.o  pmac_file.o  pmac_init.o  pmac_memory.o  pmac_ntz.o  pmac_process.o  \
-pmac_shift_xor.o  pmac_test.o \
-\
-cbc_start.o cbc_encrypt.o cbc_decrypt.o cbc_getiv.o cbc_setiv.o \
-cfb_start.o cfb_encrypt.o cfb_decrypt.o cfb_getiv.o cfb_setiv.o \
-ofb_start.o ofb_encrypt.o ofb_decrypt.o ofb_getiv.o ofb_setiv.o \
-ctr_start.o ctr_encrypt.o ctr_decrypt.o ctr_getiv.o ctr_setiv.o \
-ecb_start.o ecb_encrypt.o ecb_decrypt.o \
-\
-hash_file.o  hash_filehandle.o  hash_memory.o \
-\
-hmac_done.o  hmac_file.o  hmac_init.o  hmac_memory.o  hmac_process.o  hmac_test.o \
-\
-pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o  \
-pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
-pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_sa_decode.o \
-\
-pkcs_5_1.o pkcs_5_2.o \
-\
-der_encode_integer.o der_decode_integer.o der_length_integer.o \
-der_put_multi_integer.o der_get_multi_integer.o \
-\
-burn_stack.o zeromem.o \
-\
-$(MPIOBJECT)
+OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \
+src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \
+src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \
+src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \
+src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
+src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
+src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
+src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \
+src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \
+src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
+src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \
+src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
+src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \
+src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
+src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \
+src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \
+src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \
+src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \
+src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \
+src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
+src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
+src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \
+src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \
+src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \
+src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \
+src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
+src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
+src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
+src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \
+src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \
+src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
+src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
+src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \
+src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \
+src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \
+src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
+src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
+src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
+src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \
+src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \
+src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
+src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
+src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \
+src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
+src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
+src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
+src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \
+src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \
+src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \
+src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \
+src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \
+src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
+src/prngs/sprng.o src/prngs/yarrow.o
+
+#Header files used by libtomcrypt.
+HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_misc.h  src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h  src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_macros.h  src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \
+src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h
 
 #ciphers come in two flavours... enc+dec and enc 
-aes_enc.o: aes.c aes_tab.c
-	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c aes.c -o aes_enc.o
+src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
+
+#These are the rules to make certain object files.
+src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
+src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
+src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
+src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
+src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
 
 ltc_dll: $(OBJECTS) $(MPIOBJECT)
-	gcc -mno-cygwin -mdll -o libtomcrypt.dll -Wl,--out-implib=libtomcrypt.dll.a -Wl,--export-all-symbols *.o -ladvapi32
+	gcc -mno-cygwin -mdll -o libtomcrypt.dll -Wl,--out-implib=libtomcrypt.dll.a -Wl,--export-all-symbols `find . -type f | grep [.]o | xargs` -ladvapi32
 	ranlib libtomcrypt.dll.a
+	cp -fv src/headers/* /usr/include
+	cp -fv *.a /usr/lib
+	cp -fv *.dll /usr/bin

makefile.icc

@@ -22,7 +22,7 @@ CC=icc
 #ARFLAGS=r
 
 # Compilation flags. Note the += does not write over the user's CFLAGS!
-CFLAGS += -c -I./ -DINTEL_CC
+CFLAGS += -c -I./src/headers/ -DINTEL_CC
 
 #The default rule for make builds the libtomcrypt library.
 default:library
@@ -30,15 +30,15 @@ default:library
 # optimize for SPEED
 #
 # -mcpu= can be pentium, pentiumpro (covers PII through PIII) or pentium4
-# -ax?   specifies make code specifically for ? but compatible with IA-32
-# -x?    specifies compile solely for ? [not specifically IA-32 compatible]
+# -ax?	specifies make code specifically for ? but compatible with IA-32
+# -x?	 specifies compile solely for ? [not specifically IA-32 compatible]
 #
 # where ? is 
-#   K - PIII
-#   W - first P4 [Williamette]
-#   N - P4 Northwood
-#   P - P4 Prescott
-#   B - Blend of P4 and PM [mobile]
+#	K - PIII
+#	W - first P4 [Williamette]
+#	N - P4 Northwood
+#	P - P4 Prescott
+#	B - Blend of P4 and PM [mobile]
 #
 # Default to just generic max opts
 CFLAGS += -O3 -xN -ip 
@@ -67,76 +67,79 @@ DATAPATH=/usr/share/doc/libtomcrypt/pdf
 #List of objects to compile.
 
 #Leave MPI built-in or force developer to link against libtommath?
-MPIOBJECT=mpi.o
-
-OBJECTS=error_to_string.o mpi_to_ltc_error.o base64_encode.o base64_decode.o \
-\
-crypt.o                    crypt_find_cipher.o      crypt_find_hash_any.o      \
-crypt_hash_is_valid.o      crypt_register_hash.o    crypt_unregister_prng.o    \
-crypt_argchk.o             crypt_find_cipher_any.o  crypt_find_hash_id.o       \
-crypt_prng_descriptor.o    crypt_register_prng.o    crypt_cipher_descriptor.o  \
-crypt_find_cipher_id.o     crypt_find_prng.o        crypt_prng_is_valid.o      \
-crypt_unregister_cipher.o  crypt_cipher_is_valid.o  crypt_find_hash.o          \
-crypt_hash_descriptor.o    crypt_register_cipher.o  crypt_unregister_hash.o    \
-\
-sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o  rng_make_prng.o \
-\
-rand_prime.o is_prime.o \
-\
-ecc.o  dh.o \
-\
-rsa_decrypt_key.o  rsa_encrypt_key.o  rsa_exptmod.o  rsa_free.o  rsa_make_key.o  \
-rsa_sign_hash.o  rsa_verify_hash.o rsa_export.o rsa_import.o tim_exptmod.o \
-rsa_v15_encrypt_key.o rsa_v15_decrypt_key.o rsa_v15_sign_hash.o rsa_v15_verify_hash.o \
-\
-dsa_export.o  dsa_free.o  dsa_import.o  dsa_make_key.o  dsa_sign_hash.o  \
-dsa_verify_hash.o  dsa_verify_key.o \
-\
-aes.o aes_enc.o \
-\
-blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \
-rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \
-\
-md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
-rmd128.o rmd160.o chc.o \
-\
-packet_store_header.o  packet_valid_header.o \
-\
-eax_addheader.o  eax_decrypt.o  eax_decrypt_verify_memory.o  eax_done.o  eax_encrypt.o  \
-eax_encrypt_authenticate_memory.o  eax_init.o  eax_test.o \
-\
-ocb_decrypt.o  ocb_decrypt_verify_memory.o  ocb_done_decrypt.o  ocb_done_encrypt.o  \
-ocb_encrypt.o  ocb_encrypt_authenticate_memory.o  ocb_init.o  ocb_ntz.o  \
-ocb_shift_xor.o  ocb_test.o s_ocb_done.o \
-\
-omac_done.o  omac_file.o  omac_init.o  omac_memory.o  omac_process.o  omac_test.o \
-\
-pmac_done.o  pmac_file.o  pmac_init.o  pmac_memory.o  pmac_ntz.o  pmac_process.o  \
-pmac_shift_xor.o  pmac_test.o \
-\
-cbc_start.o cbc_encrypt.o cbc_decrypt.o cbc_getiv.o cbc_setiv.o \
-cfb_start.o cfb_encrypt.o cfb_decrypt.o cfb_getiv.o cfb_setiv.o \
-ofb_start.o ofb_encrypt.o ofb_decrypt.o ofb_getiv.o ofb_setiv.o \
-ctr_start.o ctr_encrypt.o ctr_decrypt.o ctr_getiv.o ctr_setiv.o \
-ecb_start.o ecb_encrypt.o ecb_decrypt.o \
-\
-hash_file.o  hash_filehandle.o  hash_memory.o \
-\
-hmac_done.o  hmac_file.o  hmac_init.o  hmac_memory.o  hmac_process.o  hmac_test.o \
-\
-pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o  \
-pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
-pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_sa_decode.o \
-\
-pkcs_5_1.o pkcs_5_2.o \
-\
-der_encode_integer.o der_decode_integer.o der_length_integer.o \
-der_put_multi_integer.o der_get_multi_integer.o \
-\
-burn_stack.o zeromem.o \
-\
-$(MPIOBJECT)
-
+MPIOBJECT=src/misc/mpi/mpi.o
+
+OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \
+src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \
+src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \
+src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \
+src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
+src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
+src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
+src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \
+src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \
+src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
+src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \
+src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
+src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \
+src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
+src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \
+src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \
+src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \
+src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \
+src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \
+src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
+src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
+src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \
+src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \
+src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \
+src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \
+src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
+src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
+src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
+src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \
+src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \
+src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
+src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
+src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \
+src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \
+src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \
+src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
+src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
+src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
+src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \
+src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \
+src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
+src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
+src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \
+src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
+src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
+src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
+src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \
+src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \
+src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \
+src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \
+src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \
+src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
+src/prngs/sprng.o src/prngs/yarrow.o
 
 #ciphers come in two flavours... enc+dec and enc 
 aes_enc.o: aes.c aes_tab.c
@@ -155,24 +158,30 @@ LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind
 COMPRESSED=crypt.tar.bz2 crypt.zip crypt.tar.gz
 
 #Header files used by libtomcrypt.
-HEADERS=ltc_tommath.h mycrypt_cfg.h \
-mycrypt_misc.h  mycrypt_prng.h mycrypt_cipher.h  mycrypt_hash.h \
-mycrypt_macros.h  mycrypt_pk.h mycrypt.h mycrypt_argchk.h mycrypt_custom.h
+HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_misc.h  src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h  src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_macros.h  src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \
+src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h
+
+#ciphers come in two flavours... enc+dec and enc 
+src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
 
 #These are the rules to make certain object files.
-rsa.o: rsa.c rsa_sys.c
-ecc.o: ecc.c ecc_sys.c
-dh.o: dh.c dh_sys.c
-aes.o: aes.c aes_tab.c
-twofish.o: twofish.c twofish_tab.c
-sha512.o: sha512.c sha384.c
-sha256.o: sha256.c sha224.c
+src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
+src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
+src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
+src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
+src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
 
 #This rule makes the libtomcrypt library.
 library: $(LIBNAME)
 
 $(LIBNAME): $(OBJECTS)
-	$(AR) $(ARFLAGS) $@ $(OBJECTS) 
+	$(AR) $(ARFLAGS) $@ $(OBJECTS)
+	ranlib $(LIBNAME)
 
 #This rule makes the hash program included with libtomcrypt
 hashsum: library $(HASHOBJECTS)
@@ -194,10 +203,10 @@ tv_gen: library $(TVS)
 
 profiled:
 	make clean
-	make CFLAGS="$(CFLAGS) -prof_gen" x86_prof
+	make -f makefile.icc CFLAGS="$(CFLAGS) -prof_gen" x86_prof
 	./x86_prof
 	rm *.o *.a x86_prof
-	make CFLAGS="$(CFLAGS) -prof_use" x86_prof
+	make -f makefile.icc CFLAGS="$(CFLAGS) -prof_use" x86_prof
 
   
 #This rule installs the library and the header files. This must be run
@@ -208,10 +217,3 @@ install: library
 	install -d -g root -o root $(DESTDIR)$(INCPATH)
 	install -g root -o root $(LIBNAME) $(DESTDIR)$(LIBPATH)
 	install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
-
-#This rule cleans the source tree of all compiled code, not including the pdf
-#documentation.
-clean:
-	rm -f $(OBJECTS) $(TESTOBJECTS) $(HASHOBJECTS) $(CRYPTOBJECTS) $(SMALLOBJECTS) $(LEFTOVERS) $(LIBNAME)
-	rm -f $(TEST) $(HASH) $(COMPRESSED) $(PROFS) $(PROF) $(TVS) $(TV)
-	rm -f *.a *.dll *stackdump *.lib *.exe *.obj demos/*.obj demos/*.o *.bat *.txt *.il *.da demos/*.il demos/*.da *.dyn

makefile.msvc

@@ -1,84 +1,88 @@
 #MSVC Makefile [tested with MSVC 6.00 with SP5]
 #
 #Tom St Denis
-CFLAGS = /I. /Ox /DWIN32 /W3
+CFLAGS = /Isrc/headers/ /Ox /DWIN32 /W3 /Fo$@
 
 default: library
 
 # leave this blank and link against libtommath if you want better link resolution
-MPIOBJECT=mpi.obj
+MPIOBJECT=src/misc/mpi/mpi.obj
 
-OBJECTS=error_to_string.obj mpi_to_ltc_error.obj base64_encode.obj base64_decode.obj \
-\
-crypt.obj                    crypt_find_cipher.obj      crypt_find_hash_any.obj      \
-crypt_hash_is_valid.obj      crypt_register_hash.obj    crypt_unregister_prng.obj    \
-crypt_argchk.obj             crypt_find_cipher_any.obj  crypt_find_hash_id.obj       \
-crypt_prng_descriptor.obj    crypt_register_prng.obj    crypt_cipher_descriptor.obj  \
-crypt_find_cipher_id.obj     crypt_find_prng.obj        crypt_prng_is_valid.obj      \
-crypt_unregister_cipher.obj  crypt_cipher_is_valid.obj  crypt_find_hash.obj          \
-crypt_hash_descriptor.obj    crypt_register_cipher.obj  crypt_unregister_hash.obj    \
-\
-sober128.obj fortuna.obj sprng.obj yarrow.obj rc4.obj rng_get_bytes.obj  rng_make_prng.obj \
-\
-rand_prime.obj is_prime.obj \
-\
-ecc.obj  dh.obj \
-\
-rsa_decrypt_key.obj  rsa_encrypt_key.obj  rsa_exptmod.obj  rsa_free.obj  rsa_make_key.obj  \
-rsa_sign_hash.obj  rsa_verify_hash.obj rsa_export.obj rsa_import.obj tim_exptmod.obj \
-rsa_v15_encrypt_key.obj rsa_v15_decrypt_key.obj rsa_v15_sign_hash.obj rsa_v15_verify_hash.obj \
-\
-dsa_export.obj  dsa_free.obj  dsa_import.obj  dsa_make_key.obj  dsa_sign_hash.obj  \
-dsa_verify_hash.obj  dsa_verify_key.obj \
-\
-aes.obj aes_enc.obj \
-\
-blowfish.obj des.obj safer_tab.obj safer.obj saferp.obj rc2.obj xtea.obj \
-rc6.obj rc5.obj cast5.obj noekeon.obj twofish.obj skipjack.obj \
-\
-md2.obj md4.obj md5.obj sha1.obj sha256.obj sha512.obj tiger.obj whirl.obj \
-rmd128.obj rmd160.obj chc.obj \
-\
-packet_store_header.obj  packet_valid_header.obj \
-\
-eax_addheader.obj  eax_decrypt.obj  eax_decrypt_verify_memory.obj  eax_done.obj  eax_encrypt.obj  \
-eax_encrypt_authenticate_memory.obj  eax_init.obj  eax_test.obj \
-\
-ocb_decrypt.obj  ocb_decrypt_verify_memory.obj  ocb_done_decrypt.obj  ocb_done_encrypt.obj  \
-ocb_encrypt.obj  ocb_encrypt_authenticate_memory.obj  ocb_init.obj  ocb_ntz.obj  \
-ocb_shift_xor.obj  ocb_test.obj s_ocb_done.obj \
-\
-omac_done.obj  omac_file.obj  omac_init.obj  omac_memory.obj  omac_process.obj  omac_test.obj \
-\
-pmac_done.obj  pmac_file.obj  pmac_init.obj  pmac_memory.obj  pmac_ntz.obj  pmac_process.obj  \
-pmac_shift_xor.obj  pmac_test.obj \
-\
-cbc_start.obj cbc_encrypt.obj cbc_decrypt.obj cbc_getiv.obj cbc_setiv.obj \
-cfb_start.obj cfb_encrypt.obj cfb_decrypt.obj cfb_getiv.obj cfb_setiv.obj \
-ofb_start.obj ofb_encrypt.obj ofb_decrypt.obj ofb_getiv.obj ofb_setiv.obj \
-ctr_start.obj ctr_encrypt.obj ctr_decrypt.obj ctr_getiv.obj ctr_setiv.obj \
-ecb_start.obj ecb_encrypt.obj ecb_decrypt.obj \
-\
-hash_file.obj  hash_filehandle.obj  hash_memory.obj \
-\
-hmac_done.obj  hmac_file.obj  hmac_init.obj  hmac_memory.obj  hmac_process.obj  hmac_test.obj \
-\
-pkcs_1_mgf1.obj pkcs_1_oaep_encode.obj pkcs_1_oaep_decode.obj  \
-pkcs_1_pss_encode.obj pkcs_1_pss_decode.obj pkcs_1_i2osp.obj pkcs_1_os2ip.obj \
-pkcs_1_v15_es_encode.obj pkcs_1_v15_es_decode.obj pkcs_1_v15_sa_encode.obj pkcs_1_v15_sa_decode.obj \
-\
-pkcs_5_1.obj pkcs_5_2.obj \
-\
-der_encode_integer.obj der_decode_integer.obj der_length_integer.obj \
-der_put_multi_integer.obj der_get_multi_integer.obj \
-\
-burn_stack.obj zeromem.obj \
-\
-$(MPIOBJECT)
+OBJECTS=src/ciphers/aes/aes_enc.obj $(MPIOBJECT) src/ciphers/aes/aes.obj \
+src/ciphers/anubis.obj src/ciphers/blowfish.obj src/ciphers/cast5.obj src/ciphers/des.obj \
+src/ciphers/khazad.obj src/ciphers/noekeon.obj src/ciphers/rc2.obj src/ciphers/rc5.obj \
+src/ciphers/rc6.obj src/ciphers/safer/safer.obj src/ciphers/safer/safer_tab.obj \
+src/ciphers/safer/saferp.obj src/ciphers/skipjack.obj src/ciphers/twofish/twofish.obj \
+src/ciphers/xtea.obj src/encauth/eax/eax_addheader.obj src/encauth/eax/eax_decrypt.obj \
+src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj \
+src/encauth/eax/eax_encrypt.obj src/encauth/eax/eax_encrypt_authenticate_memory.obj \
+src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj \
+src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \
+src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj \
+src/encauth/ocb/ocb_encrypt.obj src/encauth/ocb/ocb_encrypt_authenticate_memory.obj \
+src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
+src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj \
+src/encauth/ocb/s_ocb_done.obj src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj \
+src/hashes/helper/hash_filehandle.obj src/hashes/helper/hash_memory.obj \
+src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj \
+src/hashes/md5.obj src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/sha1.obj \
+src/hashes/sha2/sha256.obj src/hashes/sha2/sha512.obj src/hashes/tiger.obj \
+src/hashes/whirl/whirl.obj src/mac/hmac/hmac_done.obj src/mac/hmac/hmac_file.obj \
+src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj \
+src/mac/hmac/hmac_memory_multi.obj src/mac/hmac/hmac_process.obj \
+src/mac/hmac/hmac_test.obj src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj \
+src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj \
+src/mac/omac/omac_memory_multi.obj src/mac/omac/omac_process.obj \
+src/mac/omac/omac_test.obj src/mac/pmac/pmac_done.obj src/mac/pmac/pmac_file.obj \
+src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \
+src/mac/pmac/pmac_memory_multi.obj src/mac/pmac/pmac_ntz.obj \
+src/mac/pmac/pmac_process.obj src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj \
+src/misc/base64/base64_decode.obj src/misc/base64/base64_encode.obj \
+src/misc/burn_stack.obj src/misc/crypt/crypt.obj src/misc/crypt/crypt_argchk.obj \
+src/misc/crypt/crypt_cipher_descriptor.obj src/misc/crypt/crypt_cipher_is_valid.obj \
+src/misc/crypt/crypt_find_cipher.obj src/misc/crypt/crypt_find_cipher_any.obj \
+src/misc/crypt/crypt_find_cipher_id.obj src/misc/crypt/crypt_find_hash.obj \
+src/misc/crypt/crypt_find_hash_any.obj src/misc/crypt/crypt_find_hash_id.obj \
+src/misc/crypt/crypt_find_prng.obj src/misc/crypt/crypt_hash_descriptor.obj \
+src/misc/crypt/crypt_hash_is_valid.obj src/misc/crypt/crypt_prng_descriptor.obj \
+src/misc/crypt/crypt_prng_is_valid.obj src/misc/crypt/crypt_register_cipher.obj \
+src/misc/crypt/crypt_register_hash.obj src/misc/crypt/crypt_register_prng.obj \
+src/misc/crypt/crypt_unregister_cipher.obj src/misc/crypt/crypt_unregister_hash.obj \
+src/misc/crypt/crypt_unregister_prng.obj src/misc/error_to_string.obj \
+src/misc/mpi/is_prime.obj src/misc/mpi/mpi_to_ltc_error.obj src/misc/mpi/rand_prime.obj \
+src/misc/pkcs5/pkcs_5_1.obj src/misc/pkcs5/pkcs_5_2.obj src/misc/zeromem.obj \
+src/modes/cbc/cbc_decrypt.obj src/modes/cbc/cbc_encrypt.obj src/modes/cbc/cbc_getiv.obj \
+src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj src/modes/cfb/cfb_decrypt.obj \
+src/modes/cfb/cfb_encrypt.obj src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj \
+src/modes/cfb/cfb_start.obj src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_encrypt.obj \
+src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj \
+src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_encrypt.obj src/modes/ecb/ecb_start.obj \
+src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj \
+src/modes/ofb/ofb_setiv.obj src/modes/ofb/ofb_start.obj \
+src/pk/asn1/der/der_decode_integer.obj src/pk/asn1/der/der_encode_integer.obj \
+src/pk/asn1/der/der_get_multi_integer.obj src/pk/asn1/der/der_length_integer.obj \
+src/pk/asn1/der/der_put_multi_integer.obj src/pk/dh/dh.obj src/pk/dsa/dsa_export.obj \
+src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_import.obj src/pk/dsa/dsa_make_key.obj \
+src/pk/dsa/dsa_sign_hash.obj src/pk/dsa/dsa_verify_hash.obj \
+src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj src/pk/packet_store_header.obj \
+src/pk/packet_valid_header.obj src/pk/pkcs1/pkcs_1_i2osp.obj \
+src/pk/pkcs1/pkcs_1_mgf1.obj src/pk/pkcs1/pkcs_1_oaep_decode.obj \
+src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/pkcs1/pkcs_1_os2ip.obj \
+src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj \
+src/pk/pkcs1/pkcs_1_v15_es_decode.obj src/pk/pkcs1/pkcs_1_v15_es_encode.obj \
+src/pk/pkcs1/pkcs_1_v15_sa_decode.obj src/pk/pkcs1/pkcs_1_v15_sa_encode.obj \
+src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj src/pk/rsa/rsa_export.obj \
+src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_import.obj \
+src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj \
+src/pk/rsa/rsa_v15_decrypt_key.obj src/pk/rsa/rsa_v15_encrypt_key.obj \
+src/pk/rsa/rsa_v15_sign_hash.obj src/pk/rsa/rsa_v15_verify_hash.obj \
+src/pk/rsa/rsa_verify_hash.obj src/prngs/fortuna.obj src/prngs/rc4.obj \
+src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/prngs/sober128.obj \
+src/prngs/sprng.obj src/prngs/yarrow.obj
 
-#ciphers come in two flavours... enc+dec and enc 
-aes_enc.obj: aes.c aes_tab.c
-	$(CC) $(CFLAGS) /DENCRYPT_ONLY /c aes.c /Foaes_enc.obj
+#ciphers come in two flavours... enc+dec and enc
+src/ciphers/aes/aes_enc.obj: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+	$(CC) $(CFLAGS) /DENCRYPT_ONLY /c src/ciphers/aes/aes.c /Fosrc/ciphers/aes/aes_enc.obj
 
 library: $(OBJECTS)
 	lib /out:tomcrypt.lib $(OBJECTS)

makefile.shared

@@ -1,25 +1,27 @@
 # MAKEFILE for linux GCC
 #
+# This makefile produces a shared object and requires libtool to be installed.
+#
+# Thanks to Zed Shaw for helping debug this on BSD/OSX.  
 # Tom St Denis
-# Modified by Clay Culver
 
 # The version
-VERSION=0:99
+VERSION=0:100
 
 # Compiler and Linker Names
-CC=libtool --mode=compile gcc
-
-# Archiver [makes .a files]
-AR=libtool --mode=link 
+CC=libtool --silent --mode=compile gcc
 
 # Compilation flags. Note the += does not write over the user's CFLAGS!
-CFLAGS += -c -I./ -Wall -Wsign-compare -W -Wshadow 
-# -Werror
+CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow 
+
+# additional warnings (newer GCC 3.4 and higher)
+#CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \
+#			 -Wmissing-declarations -Wpointer-arith 
 
 # optimize for SPEED
 CFLAGS += -O3 -funroll-all-loops
 
-#add -fomit-frame-pointer.  hinders debugging!
+# add -fomit-frame-pointer.  hinders debugging!
 CFLAGS += -fomit-frame-pointer
 
 # optimize for SIZE
@@ -28,7 +30,9 @@ CFLAGS += -fomit-frame-pointer
 # compile for DEBUGING (required for ccmalloc checking!!!)
 #CFLAGS += -g3
 
-#These flags control how the library gets built.
+# older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
+# define this to help
+#CFLAGS += -DLTC_NO_ROLC
 
 #Output filenames for various targets.
 LIBNAME=libtomcrypt.la
@@ -46,81 +50,89 @@ LIBPATH=/usr/lib
 INCPATH=/usr/include
 DATAPATH=/usr/share/doc/libtomcrypt/pdf
 
+#Who do we install as?
+USER=root
+GROUP=root
+
 #List of objects to compile.
 
 #Leave MPI built-in or force developer to link against libtommath?
-MPIOBJECT=mpi.o
+MPIOBJECT=src/misc/mpi/mpi.o
 
 #If you don't want mpi.o then add this
 #MPISHARED=$(LIBPATH)/libtommath.la
 
-OBJECTS=error_to_string.o mpi_to_ltc_error.o base64_encode.o base64_decode.o \
-\
-crypt.o                    crypt_find_cipher.o      crypt_find_hash_any.o      \
-crypt_hash_is_valid.o      crypt_register_hash.o    crypt_unregister_prng.o    \
-crypt_argchk.o             crypt_find_cipher_any.o  crypt_find_hash_id.o       \
-crypt_prng_descriptor.o    crypt_register_prng.o    crypt_cipher_descriptor.o  \
-crypt_find_cipher_id.o     crypt_find_prng.o        crypt_prng_is_valid.o      \
-crypt_unregister_cipher.o  crypt_cipher_is_valid.o  crypt_find_hash.o          \
-crypt_hash_descriptor.o    crypt_register_cipher.o  crypt_unregister_hash.o    \
-\
-sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o  rng_make_prng.o \
-\
-rand_prime.o is_prime.o \
-\
-ecc.o  dh.o \
-\
-rsa_decrypt_key.o  rsa_encrypt_key.o  rsa_exptmod.o  rsa_free.o  rsa_make_key.o  \
-rsa_sign_hash.o  rsa_verify_hash.o rsa_export.o rsa_import.o tim_exptmod.o \
-rsa_v15_encrypt_key.o rsa_v15_decrypt_key.o rsa_v15_sign_hash.o rsa_v15_verify_hash.o \
-\
-dsa_export.o  dsa_free.o  dsa_import.o  dsa_make_key.o  dsa_sign_hash.o  \
-dsa_verify_hash.o  dsa_verify_key.o \
-\
-aes.o aes_enc.o \
-\
-blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \
-rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \
-\
-md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
-rmd128.o rmd160.o chc.o \
-\
-packet_store_header.o  packet_valid_header.o \
-\
-eax_addheader.o  eax_decrypt.o  eax_decrypt_verify_memory.o  eax_done.o  eax_encrypt.o  \
-eax_encrypt_authenticate_memory.o  eax_init.o  eax_test.o \
-\
-ocb_decrypt.o  ocb_decrypt_verify_memory.o  ocb_done_decrypt.o  ocb_done_encrypt.o  \
-ocb_encrypt.o  ocb_encrypt_authenticate_memory.o  ocb_init.o  ocb_ntz.o  \
-ocb_shift_xor.o  ocb_test.o s_ocb_done.o \
-\
-omac_done.o  omac_file.o  omac_init.o  omac_memory.o  omac_process.o  omac_test.o \
-\
-pmac_done.o  pmac_file.o  pmac_init.o  pmac_memory.o  pmac_ntz.o  pmac_process.o  \
-pmac_shift_xor.o  pmac_test.o \
-\
-cbc_start.o cbc_encrypt.o cbc_decrypt.o cbc_getiv.o cbc_setiv.o \
-cfb_start.o cfb_encrypt.o cfb_decrypt.o cfb_getiv.o cfb_setiv.o \
-ofb_start.o ofb_encrypt.o ofb_decrypt.o ofb_getiv.o ofb_setiv.o \
-ctr_start.o ctr_encrypt.o ctr_decrypt.o ctr_getiv.o ctr_setiv.o \
-ecb_start.o ecb_encrypt.o ecb_decrypt.o \
-\
-hash_file.o  hash_filehandle.o  hash_memory.o \
-\
-hmac_done.o  hmac_file.o  hmac_init.o  hmac_memory.o  hmac_process.o  hmac_test.o \
-\
-pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o  \
-pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
-pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_sa_decode.o \
-\
-pkcs_5_1.o pkcs_5_2.o \
-\
-der_encode_integer.o der_decode_integer.o der_length_integer.o \
-der_put_multi_integer.o der_get_multi_integer.o \
-\
-burn_stack.o zeromem.o \
-\
-$(MPIOBJECT)
+OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \
+src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \
+src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \
+src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \
+src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
+src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
+src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
+src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \
+src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \
+src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
+src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \
+src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
+src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \
+src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
+src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \
+src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \
+src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \
+src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \
+src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \
+src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
+src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
+src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \
+src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \
+src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \
+src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \
+src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
+src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
+src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
+src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \
+src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \
+src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
+src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
+src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \
+src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \
+src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \
+src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
+src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
+src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
+src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \
+src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \
+src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
+src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
+src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \
+src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
+src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
+src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
+src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \
+src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \
+src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \
+src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \
+src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \
+src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
+src/prngs/sprng.o src/prngs/yarrow.o
 
 TESTOBJECTS=demos/test.o
 HASHOBJECTS=demos/hashsum.o
@@ -129,43 +141,38 @@ SMALLOBJECTS=demos/small.o
 PROFS=demos/x86_prof.o
 TVS=demos/tv_gen.o
 
-#Files left over from making the crypt.pdf.
-LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
-
-#Compressed filenames
-COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip
-
 #Header files used by libtomcrypt.
-HEADERS=ltc_tommath.h mycrypt_cfg.h \
-mycrypt_misc.h  mycrypt_prng.h mycrypt_cipher.h  mycrypt_hash.h \
-mycrypt_macros.h  mycrypt_pk.h mycrypt.h mycrypt_argchk.h \
-mycrypt_custom.h mycrypt_pkcs.h tommath_class.h tommath_superclass.h
+HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_misc.h  src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h  src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_macros.h  src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \
+src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h
 
 #The default rule for make builds the libtomcrypt library.
 default:library
 
 #ciphers come in two flavours... enc+dec and enc 
-aes_enc.o: aes.c aes_tab.c
-	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c aes.c -o aes_enc.o
+src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
 
 #These are the rules to make certain object files.
-aes.o: aes.c aes_tab.c
-twofish.o: twofish.c twofish_tab.c
-whirl.o: whirl.c whirltab.c
-ecc.o: ecc.c ecc_sys.c
-dh.o: dh.c dh_sys.c
-sha512.o: sha512.c sha384.c
-sha256.o: sha256.c sha224.c
+src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
+src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
+src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
+src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
+src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
 
 #This rule makes the libtomcrypt library.
 library: $(LIBNAME)
 
 $(LIBNAME): $(OBJECTS)
-	libtool --mode=link gcc $(CFLAGS) *.lo -o libtomcrypt.la -rpath $(LIBPATH) -version-info $(VERSION)
-	libtool --mode=link gcc $(CFLAGS) *.o  -o libtomcrypt.a
-	libtool --mode=install install -c libtomcrypt.la $(LIBPATH)/libtomcrypt.la
-	install -d -g root -o root $(DESTDIR)$(INCPATH)
-	install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
+	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | xargs` -o libtomcrypt.la -rpath $(LIBPATH) -version-info $(VERSION)
+	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]o" | xargs`  -o libtomcrypt.a
+	ranlib libtomcrypt.a
+	libtool --silent --mode=install install -c libtomcrypt.la $(LIBPATH)/libtomcrypt.la
+	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
+	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
 
 #This rule makes the hash program included with libtomcrypt
 hashsum: library

mycrypt_cipher.h

@@ -1,396 +0,0 @@
-/* ---- SYMMETRIC KEY STUFF -----
- *
- * We put each of the ciphers scheduled keys in their own structs then we put all of 
- * the key formats in one union.  This makes the function prototypes easier to use.
- */
-#ifdef BLOWFISH
-struct blowfish_key {
-   ulong32 S[4][256];
-   ulong32 K[18];
-};
-#endif
-
-#ifdef RC5
-struct rc5_key {
-   int rounds;
-   ulong32 K[50];
-};
-#endif
-
-#ifdef RC6
-struct rc6_key {
-   ulong32 K[44];
-};
-#endif
-
-#ifdef SAFERP
-struct saferp_key {
-   unsigned char K[33][16];
-   long rounds;
-};
-#endif
-
-#ifdef RIJNDAEL
-struct rijndael_key {
-   ulong32 eK[64], dK[64];
-   int Nr;
-};
-#endif
-
-#ifdef XTEA
-struct xtea_key {
-   unsigned long A[32], B[32];
-};
-#endif
-
-#ifdef TWOFISH
-#ifndef TWOFISH_SMALL
-   struct twofish_key {
-      ulong32 S[4][256], K[40];
-   };
-#else
-   struct twofish_key {
-      ulong32 K[40];
-      unsigned char S[32], start;
-   };
-#endif
-#endif
-
-#ifdef SAFER
-#define SAFER_K64_DEFAULT_NOF_ROUNDS     6
-#define SAFER_K128_DEFAULT_NOF_ROUNDS   10
-#define SAFER_SK64_DEFAULT_NOF_ROUNDS    8
-#define SAFER_SK128_DEFAULT_NOF_ROUNDS  10
-#define SAFER_MAX_NOF_ROUNDS            13
-#define SAFER_BLOCK_LEN                  8
-#define SAFER_KEY_LEN     (1 + SAFER_BLOCK_LEN * (1 + 2 * SAFER_MAX_NOF_ROUNDS))
-typedef unsigned char safer_block_t[SAFER_BLOCK_LEN];
-typedef unsigned char safer_key_t[SAFER_KEY_LEN];
-struct safer_key { safer_key_t key; };
-#endif
-
-#ifdef RC2
-struct rc2_key { unsigned xkey[64]; };
-#endif
-
-#ifdef DES
-struct des_key {
-    ulong32 ek[32], dk[32];
-};
-
-struct des3_key {
-    ulong32 ek[3][32], dk[3][32];
-};
-#endif
-
-#ifdef CAST5
-struct cast5_key {
-    ulong32 K[32], keylen;
-};
-#endif
-
-#ifdef NOEKEON
-struct noekeon_key {
-    ulong32 K[4], dK[4];
-};
-#endif
-
-#ifdef SKIPJACK 
-struct skipjack_key {
-    unsigned char key[10];
-};
-#endif
-
-typedef union Symmetric_key {
-#ifdef DES
-   struct des_key des;
-   struct des3_key des3;
-#endif
-#ifdef RC2
-   struct rc2_key rc2;
-#endif
-#ifdef SAFER
-   struct safer_key safer;
-#endif
-#ifdef TWOFISH
-   struct twofish_key  twofish;
-#endif
-#ifdef BLOWFISH
-   struct blowfish_key blowfish;
-#endif
-#ifdef RC5
-   struct rc5_key      rc5;
-#endif
-#ifdef RC6
-   struct rc6_key      rc6;
-#endif
-#ifdef SAFERP
-   struct saferp_key   saferp;
-#endif
-#ifdef RIJNDAEL
-   struct rijndael_key rijndael;
-#endif
-#ifdef XTEA
-   struct xtea_key     xtea;
-#endif
-#ifdef CAST5
-   struct cast5_key    cast5;
-#endif
-#ifdef NOEKEON
-   struct noekeon_key  noekeon;
-#endif   
-#ifdef SKIPJACK
-   struct skipjack_key skipjack;
-#endif
-} symmetric_key;
-
-/* A block cipher ECB structure */
-typedef struct {
-   int                 cipher, blocklen;
-   symmetric_key       key;
-} symmetric_ECB;
-
-/* A block cipher CFB structure */
-typedef struct {
-   int                 cipher, blocklen, padlen;
-   unsigned char       IV[MAXBLOCKSIZE], pad[MAXBLOCKSIZE];
-   symmetric_key       key;
-} symmetric_CFB;
-
-/* A block cipher OFB structure */
-typedef struct {
-   int                 cipher, blocklen, padlen;
-   unsigned char       IV[MAXBLOCKSIZE];
-   symmetric_key       key;
-} symmetric_OFB;
-
-/* A block cipher CBC structure */
-typedef struct Symmetric_CBC {
-   int                 cipher, blocklen;
-   unsigned char       IV[MAXBLOCKSIZE];
-   symmetric_key       key;
-} symmetric_CBC;
-
-/* A block cipher CTR structure */
-typedef struct Symmetric_CTR {
-   int                 cipher, blocklen, padlen, mode;
-   unsigned char       ctr[MAXBLOCKSIZE], pad[MAXBLOCKSIZE];
-   symmetric_key       key;
-} symmetric_CTR;
-
-/* cipher descriptor table, last entry has "name == NULL" to mark the end of table */
-extern struct _cipher_descriptor {
-   char *name;
-   unsigned char ID;
-   int  min_key_length, max_key_length, block_length, default_rounds;
-   int  (*setup)(const unsigned char *key, int keylength, int num_rounds, symmetric_key *skey);
-   void (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
-   void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
-   int (*test)(void);
-   int  (*keysize)(int *desired_keysize);
-} cipher_descriptor[];
-
-#ifdef BLOWFISH
- int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int blowfish_test(void);
- int blowfish_keysize(int *desired_keysize);
- extern const struct _cipher_descriptor blowfish_desc;
-#endif
-
-#ifdef RC5
- int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int rc5_test(void);
- int rc5_keysize(int *desired_keysize);
- extern const struct _cipher_descriptor rc5_desc;
-#endif
-
-#ifdef RC6
- int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int rc6_test(void);
- int rc6_keysize(int *desired_keysize);
- extern const struct _cipher_descriptor rc6_desc;
-#endif
-
-#ifdef RC2
- int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void rc2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void rc2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int rc2_test(void);
- int rc2_keysize(int *desired_keysize);
- extern const struct _cipher_descriptor rc2_desc;
-#endif
-
-#ifdef SAFERP
- int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int saferp_test(void);
- int saferp_keysize(int *desired_keysize);
- extern const struct _cipher_descriptor saferp_desc;
-#endif
-
-#ifdef SAFER
- int safer_k64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- int safer_sk64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- int safer_k128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- int safer_sk128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void safer_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void safer_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
-
- int safer_k64_test(void);
- int safer_sk64_test(void);
- int safer_sk128_test(void);
-
- int safer_64_keysize(int *desired_keysize);
- int safer_128_keysize(int *desired_keysize);
- extern const struct _cipher_descriptor safer_k64_desc, safer_k128_desc, safer_sk64_desc, safer_sk128_desc;
-#endif
-
-#ifdef RIJNDAEL
-
-/* make aes an alias */
-#define aes_setup           rijndael_setup
-#define aes_ecb_encrypt     rijndael_ecb_encrypt
-#define aes_ecb_decrypt     rijndael_ecb_decrypt
-#define aes_test            rijndael_test
-#define aes_keysize         rijndael_keysize
-
-#define aes_enc_setup           rijndael_enc_setup
-#define aes_enc_ecb_encrypt     rijndael_enc_ecb_encrypt
-#define aes_enc_keysize         rijndael_enc_keysize
-
- int rijndael_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int rijndael_test(void);
- int rijndael_keysize(int *desired_keysize);
-
- int rijndael_enc_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void rijndael_enc_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- int rijndael_enc_keysize(int *desired_keysize);
-
- extern const struct _cipher_descriptor rijndael_desc, aes_desc;
- extern const struct _cipher_descriptor rijndael_enc_desc, aes_enc_desc;
-#endif
-
-#ifdef XTEA
- int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int xtea_test(void);
- int xtea_keysize(int *desired_keysize);
- extern const struct _cipher_descriptor xtea_desc;
-#endif
-
-#ifdef TWOFISH
- int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int twofish_test(void);
- int twofish_keysize(int *desired_keysize);
- extern const struct _cipher_descriptor twofish_desc;
-#endif
-
-#ifdef DES
- int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int des_test(void);
- int des_keysize(int *desired_keysize);
-
- int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int des3_test(void);
- int des3_keysize(int *desired_keysize);
-
- extern const struct _cipher_descriptor des_desc, des3_desc;
-#endif
-
-#ifdef CAST5
- int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int cast5_test(void);
- int cast5_keysize(int *desired_keysize);
- extern const struct _cipher_descriptor cast5_desc;
-#endif
-
-#ifdef NOEKEON
- int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int noekeon_test(void);
- int noekeon_keysize(int *desired_keysize);
- extern const struct _cipher_descriptor noekeon_desc;
-#endif
-
-#ifdef SKIPJACK
- int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
- void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
- void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
- int skipjack_test(void);
- int skipjack_keysize(int *desired_keysize);
- extern const struct _cipher_descriptor skipjack_desc;
-#endif
-
-#ifdef ECB
- int ecb_start(int cipher, const unsigned char *key, 
-                     int keylen, int num_rounds, symmetric_ECB *ecb);
- int ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ECB *ecb);
- int ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ECB *ecb);
-#endif
-
-#ifdef CFB
- int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, 
-                     int keylen, int num_rounds, symmetric_CFB *cfb);
- int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb);
- int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb);
- int cfb_getiv(unsigned char *IV, unsigned long *len, symmetric_CFB *cfb);
- int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb);
-#endif
-
-#ifdef OFB
- int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key, 
-                     int keylen, int num_rounds, symmetric_OFB *ofb);
- int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_OFB *ofb);
- int ofb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_OFB *ofb);
- int ofb_getiv(unsigned char *IV, unsigned long *len, symmetric_OFB *ofb);
- int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb);
-#endif
-
-#ifdef CBC
- int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key,
-                     int keylen, int num_rounds, symmetric_CBC *cbc);
- int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc);
- int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc);
- int cbc_getiv(unsigned char *IV, unsigned long *len, symmetric_CBC *cbc);
- int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc);
-#endif
-
-#ifdef CTR
- int ctr_start(int cipher, const unsigned char *IV, const unsigned char *key, 
-                     int keylen, int num_rounds, symmetric_CTR *ctr);
- int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr);
- int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr);
- int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr);
- int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr);
-#endif
-
-
-    
- int find_cipher(const char *name);
- int find_cipher_any(const char *name, int blocklen, int keylen);
- int find_cipher_id(unsigned char ID);
-
- int register_cipher(const struct _cipher_descriptor *cipher);
- int unregister_cipher(const struct _cipher_descriptor *cipher);
-
- int cipher_is_valid(int idx);
-

mycrypt_hash.h

@@ -1,472 +0,0 @@
-/* ---- HASH FUNCTIONS ---- */
-#ifdef SHA512
-struct sha512_state {
-    ulong64  length, state[8];
-    unsigned long curlen;
-    unsigned char buf[128];
-};
-#endif
-
-#ifdef SHA256
-struct sha256_state {
-    ulong64 length;
-    ulong32 state[8], curlen;
-    unsigned char buf[64];
-};
-#endif
-
-#ifdef SHA1
-struct sha1_state {
-    ulong64 length;
-    ulong32 state[5], curlen;
-    unsigned char buf[64];
-};
-#endif
-
-#ifdef MD5
-struct md5_state {
-    ulong64 length;
-    ulong32 state[4], curlen;
-    unsigned char buf[64];
-};
-#endif
-
-#ifdef MD4
-struct md4_state {
-    ulong64 length;
-    ulong32 state[4], curlen;
-    unsigned char buf[64];
-};
-#endif
-
-#ifdef TIGER
-struct tiger_state {
-    ulong64 state[3], length;
-    unsigned long curlen;
-    unsigned char buf[64];
-};
-#endif
-
-#ifdef MD2
-struct md2_state {
-    unsigned char chksum[16], X[48], buf[16];
-    unsigned long curlen;
-};
-#endif
-
-#ifdef RIPEMD128
-struct rmd128_state {
-    ulong64 length;
-    unsigned char buf[64];
-    ulong32 curlen, state[4];
-};
-#endif
-
-#ifdef RIPEMD160
-struct rmd160_state {
-    ulong64 length;
-    unsigned char buf[64];
-    ulong32 curlen, state[5];
-};
-#endif
-
-#ifdef WHIRLPOOL
-struct whirlpool_state {
-    ulong64 length, state[8];
-    unsigned char buf[64];
-    ulong32 curlen;
-};
-#endif
-
-#ifdef CHC_HASH
-struct chc_state {
-    ulong64 length;
-    unsigned char state[MAXBLOCKSIZE], buf[MAXBLOCKSIZE];
-    ulong32 curlen;
-};
-#endif
-
-typedef union Hash_state {
-#ifdef CHC_HASH
-    struct chc_state chc;
-#endif
-#ifdef WHIRLPOOL
-    struct whirlpool_state whirlpool;
-#endif
-#ifdef SHA512
-    struct sha512_state sha512;
-#endif
-#ifdef SHA256
-    struct sha256_state sha256;
-#endif
-#ifdef SHA1
-    struct sha1_state   sha1;
-#endif
-#ifdef MD5
-    struct md5_state    md5;
-#endif
-#ifdef MD4
-    struct md4_state    md4;
-#endif
-#ifdef MD2
-    struct md2_state    md2;
-#endif
-#ifdef TIGER
-    struct tiger_state  tiger;
-#endif
-#ifdef RIPEMD128
-    struct rmd128_state rmd128;
-#endif
-#ifdef RIPEMD160
-    struct rmd160_state rmd160;
-#endif
-} hash_state;
-
-extern  struct _hash_descriptor {
-    char *name;
-    unsigned char ID;
-    unsigned long hashsize;       /* digest output size in bytes  */
-    unsigned long blocksize;      /* the block size the hash uses */
-    unsigned char DER[64];        /* DER encoded identifier */
-    unsigned long DERlen;         /* length of DER encoding */
-    int (*init)(hash_state *);
-    int (*process)(hash_state *, const unsigned char *, unsigned long);
-    int (*done)(hash_state *, unsigned char *);
-    int (*test)(void);
-} hash_descriptor[];
-
-#ifdef CHC_HASH
- int chc_register(int cipher);
- int chc_init(hash_state * md);
- int chc_process(hash_state * md, const unsigned char *buf, unsigned long len);
- int chc_done(hash_state * md, unsigned char *hash);
- int chc_test(void);
- extern const struct _hash_descriptor chc_desc;
-#endif
-
-#ifdef WHIRLPOOL
- int whirlpool_init(hash_state * md);
- int whirlpool_process(hash_state * md, const unsigned char *buf, unsigned long len);
- int whirlpool_done(hash_state * md, unsigned char *hash);
- int whirlpool_test(void);
- extern const struct _hash_descriptor whirlpool_desc;
-#endif
-
-#ifdef SHA512
- int sha512_init(hash_state * md);
- int sha512_process(hash_state * md, const unsigned char *buf, unsigned long len);
- int sha512_done(hash_state * md, unsigned char *hash);
- int sha512_test(void);
- extern const struct _hash_descriptor sha512_desc;
-#endif
-
-#ifdef SHA384
-#ifndef SHA512
-   #error SHA512 is required for SHA384
-#endif
- int sha384_init(hash_state * md);
-#define sha384_process sha512_process
- int sha384_done(hash_state * md, unsigned char *hash);
- int sha384_test(void);
- extern const struct _hash_descriptor sha384_desc;
-#endif
-
-#ifdef SHA256
- int sha256_init(hash_state * md);
- int sha256_process(hash_state * md, const unsigned char *buf, unsigned long len);
- int sha256_done(hash_state * md, unsigned char *hash);
- int sha256_test(void);
- extern const struct _hash_descriptor sha256_desc;
-
-#ifdef SHA224
-#ifndef SHA256
-   #error SHA256 is required for SHA224
-#endif
- int sha224_init(hash_state * md);
-#define sha224_process sha256_process
- int sha224_done(hash_state * md, unsigned char *hash);
- int sha224_test(void);
- extern const struct _hash_descriptor sha224_desc;
-#endif
-#endif
-
-#ifdef SHA1
- int sha1_init(hash_state * md);
- int sha1_process(hash_state * md, const unsigned char *buf, unsigned long len);
- int sha1_done(hash_state * md, unsigned char *hash);
- int sha1_test(void);
- extern const struct _hash_descriptor sha1_desc;
-#endif
-
-#ifdef MD5
- int md5_init(hash_state * md);
- int md5_process(hash_state * md, const unsigned char *buf, unsigned long len);
- int md5_done(hash_state * md, unsigned char *hash);
- int md5_test(void);
- extern const struct _hash_descriptor md5_desc;
-#endif
-
-#ifdef MD4
- int md4_init(hash_state * md);
- int md4_process(hash_state * md, const unsigned char *buf, unsigned long len);
- int md4_done(hash_state * md, unsigned char *hash);
- int md4_test(void);
- extern const struct _hash_descriptor md4_desc;
-#endif
-
-#ifdef MD2
- int md2_init(hash_state * md);
- int md2_process(hash_state * md, const unsigned char *buf, unsigned long len);
- int md2_done(hash_state * md, unsigned char *hash);
- int md2_test(void);
- extern const struct _hash_descriptor md2_desc;
-#endif
-
-#ifdef TIGER
- int tiger_init(hash_state * md);
- int tiger_process(hash_state * md, const unsigned char *buf, unsigned long len);
- int tiger_done(hash_state * md, unsigned char *hash);
- int tiger_test(void);
- extern const struct _hash_descriptor tiger_desc;
-#endif
-
-#ifdef RIPEMD128
- int rmd128_init(hash_state * md);
- int rmd128_process(hash_state * md, const unsigned char *buf, unsigned long len);
- int rmd128_done(hash_state * md, unsigned char *hash);
- int rmd128_test(void);
- extern const struct _hash_descriptor rmd128_desc;
-#endif
-
-#ifdef RIPEMD160
- int rmd160_init(hash_state * md);
- int rmd160_process(hash_state * md, const unsigned char *buf, unsigned long len);
- int rmd160_done(hash_state * md, unsigned char *hash);
- int rmd160_test(void);
- extern const struct _hash_descriptor rmd160_desc;
-#endif
-
- int find_hash(const char *name);
- int find_hash_id(unsigned char ID);
- int find_hash_any(const char *name, int digestlen);
- int register_hash(const struct _hash_descriptor *hash);
- int unregister_hash(const struct _hash_descriptor *hash);
- int hash_is_valid(int idx);
-
- int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned char *dst, unsigned long *outlen);
- int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outlen);
- int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *outlen);
-
-/* a simple macro for making hash "process" functions */
-#define HASH_PROCESS(func_name, compress_name, state_var, block_size)                       \
-int func_name (hash_state * md, const unsigned char *buf, unsigned long len)               \
-{                                                                                           \
-    unsigned long n;                                                                        \
-    int           err;                                                                      \
-    _ARGCHK(md != NULL);                                                                    \
-    _ARGCHK(buf != NULL);                                                                   \
-    if (md-> state_var .curlen > sizeof(md-> state_var .buf)) {                             \
-       return CRYPT_INVALID_ARG;                                                            \
-    }                                                                                       \
-    while (len > 0) {                                                                       \
-        if (md-> state_var .curlen == 0 && len >= block_size) {                             \
-           if ((err = compress_name (md, (unsigned char *)buf)) != CRYPT_OK) { \
-              return err;         \
-           }                                        \
-           md-> state_var .length += block_size * 8;                                        \
-           buf             += block_size;                                                   \
-           len             -= block_size;                                                   \
-        } else {                                                                            \
-           n = MIN(len, (block_size - md-> state_var .curlen));                             \
-           memcpy(md-> state_var .buf + md-> state_var.curlen, buf, (size_t)n);             \
-           md-> state_var .curlen += n;                                                     \
-           buf             += n;                                                            \
-           len             -= n;                                                            \
-           if (md-> state_var .curlen == block_size) {                                      \
-              if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) {\
-                 return err;                                      \
-              } \
-              md-> state_var .length += 8*block_size;                                       \
-              md-> state_var .curlen = 0;                                                   \
-           }                                                                                \
-       }                                                                                    \
-    }                                                                                       \
-    return CRYPT_OK;                                                                        \
-}
-
-#ifdef HMAC
-typedef struct Hmac_state {
-     hash_state     md;
-     int            hash;
-     hash_state     hashstate;
-     unsigned char  *key;
-} hmac_state;
-
- int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen);
- int hmac_process(hmac_state *hmac, const unsigned char *buf, unsigned long len);
- int hmac_done(hmac_state *hmac, unsigned char *hashOut, unsigned long *outlen);
- int hmac_test(void);
- int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
-                       const unsigned char *data, unsigned long len, 
-                       unsigned char *dst, unsigned long *dstlen);
- int hmac_file(int hash, const char *fname, const unsigned char *key,
-                     unsigned long keylen, 
-                     unsigned char *dst, unsigned long *dstlen);
-#endif
-
-#ifdef OMAC
-
-typedef struct {
-   int             cipher_idx, 
-                   buflen,
-                   blklen;
-   unsigned char   block[MAXBLOCKSIZE],
-                   prev[MAXBLOCKSIZE],
-                   Lu[2][MAXBLOCKSIZE];
-   symmetric_key   key;
-} omac_state;
-
- int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned long keylen);
- int omac_process(omac_state *state, const unsigned char *buf, unsigned long len);
- int omac_done(omac_state *state, unsigned char *out, unsigned long *outlen);
- int omac_memory(int cipher, const unsigned char *key, unsigned long keylen,
-                const unsigned char *msg, unsigned long msglen,
-                unsigned char *out, unsigned long *outlen);
- int omac_file(int cipher, const unsigned char *key, unsigned long keylen,
-              const char *filename, unsigned char *out, unsigned long *outlen);
- int omac_test(void);
-#endif /* OMAC */
-
-#ifdef PMAC
-
-typedef struct {
-   unsigned char     Ls[32][MAXBLOCKSIZE],    /* L shifted by i bits to the left */
-                     Li[MAXBLOCKSIZE],        /* value of Li [current value, we calc from previous recall] */
-                     Lr[MAXBLOCKSIZE],        /* L * x^-1 */
-                     block[MAXBLOCKSIZE],     /* currently accumulated block */
-                     checksum[MAXBLOCKSIZE];  /* current checksum */
-
-   symmetric_key     key;                     /* scheduled key for cipher */
-   unsigned long     block_index;             /* index # for current block */
-   int               cipher_idx,              /* cipher idx */
-                     block_len,               /* length of block */
-                     buflen;                  /* number of bytes in the buffer */
-} pmac_state;
-
- int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned long keylen);
- int pmac_process(pmac_state *state, const unsigned char *buf, unsigned long len);
- int pmac_done(pmac_state *state, unsigned char *out, unsigned long *outlen);
-
- int pmac_memory(int cipher, const unsigned char *key, unsigned long keylen,
-                const unsigned char *msg, unsigned long msglen,
-                unsigned char *out, unsigned long *outlen);
-
- int pmac_file(int cipher, const unsigned char *key, unsigned long keylen,
-              const char *filename, unsigned char *out, unsigned long *outlen);
-
- int pmac_test(void);
-
-/* internal functions */
- int pmac_ntz(unsigned long x);
- void pmac_shift_xor(pmac_state *pmac);
-
-#endif /* PMAC */
-
-#ifdef EAX_MODE
-
-#if !(defined(OMAC) && defined(CTR))
-   #error EAX_MODE requires OMAC and CTR
-#endif
-
-typedef struct {
-   unsigned char N[MAXBLOCKSIZE];
-   symmetric_CTR ctr;
-   omac_state    headeromac, ctomac;
-} eax_state;
-
- int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
-                    const unsigned char *nonce, unsigned long noncelen,
-                    const unsigned char *header, unsigned long headerlen);
-
- int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length);
- int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length);
- int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length);
- int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen);
-
- int eax_encrypt_authenticate_memory(int cipher,
-    const unsigned char *key,    unsigned long keylen,
-    const unsigned char *nonce,  unsigned long noncelen,
-    const unsigned char *header, unsigned long headerlen,
-    const unsigned char *pt,     unsigned long ptlen,
-          unsigned char *ct,
-          unsigned char *tag,    unsigned long *taglen);
-
- int eax_decrypt_verify_memory(int cipher,
-    const unsigned char *key,    unsigned long keylen,
-    const unsigned char *nonce,  unsigned long noncelen,
-    const unsigned char *header, unsigned long headerlen,
-    const unsigned char *ct,     unsigned long ctlen,
-          unsigned char *pt,
-          unsigned char *tag,    unsigned long taglen,
-          int           *res);
-
- int eax_test(void);
-#endif /* EAX MODE */
-
-#ifdef OCB_MODE
-typedef struct {
-   unsigned char     L[MAXBLOCKSIZE],         /* L value */
-                     Ls[32][MAXBLOCKSIZE],    /* L shifted by i bits to the left */
-                     Li[MAXBLOCKSIZE],        /* value of Li [current value, we calc from previous recall] */
-                     Lr[MAXBLOCKSIZE],        /* L * x^-1 */
-                     R[MAXBLOCKSIZE],         /* R value */
-                     checksum[MAXBLOCKSIZE];  /* current checksum */
-
-   symmetric_key     key;                     /* scheduled key for cipher */
-   unsigned long     block_index;             /* index # for current block */
-   int               cipher,                  /* cipher idx */
-                     block_len;               /* length of block */
-} ocb_state;
-
- int ocb_init(ocb_state *ocb, int cipher, 
-             const unsigned char *key, unsigned long keylen, const unsigned char *nonce);
-
- int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct);
- int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
-
- int ocb_done_encrypt(ocb_state *ocb, 
-                     const unsigned char *pt,  unsigned long ptlen,
-                           unsigned char *ct, 
-                           unsigned char *tag, unsigned long *taglen);
-
- int ocb_done_decrypt(ocb_state *ocb, 
-                     const unsigned char *ct,  unsigned long ctlen,
-                           unsigned char *pt, 
-                     const unsigned char *tag, unsigned long taglen, int *res);
-
- int ocb_encrypt_authenticate_memory(int cipher,
-    const unsigned char *key,    unsigned long keylen,
-    const unsigned char *nonce,  
-    const unsigned char *pt,     unsigned long ptlen,
-          unsigned char *ct,
-          unsigned char *tag,    unsigned long *taglen);
-
- int ocb_decrypt_verify_memory(int cipher,
-    const unsigned char *key,    unsigned long keylen,
-    const unsigned char *nonce,  
-    const unsigned char *ct,     unsigned long ctlen,
-          unsigned char *pt,
-    const unsigned char *tag,    unsigned long taglen,
-          int           *res);
-
- int ocb_test(void);
-
-/* internal functions */
- void ocb_shift_xor(ocb_state *ocb, unsigned char *Z);
- int ocb_ntz(unsigned long x);
- int __ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
-                     unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode);
-
-#endif /* OCB_MODE */
-
-

mycrypt_misc.h

@@ -1,17 +0,0 @@
-/* ---- BASE64 Routines ---- */
-#ifdef BASE64
- int base64_encode(const unsigned char *in,  unsigned long len, 
-                               unsigned char *out, unsigned long *outlen);
-
- int base64_decode(const unsigned char *in,  unsigned long len, 
-                               unsigned char *out, unsigned long *outlen);
-#endif
-
-/* ---- MEM routines ---- */
- void zeromem(void *dst, size_t len);
- void burn_stack(unsigned long len);
-
- const char *error_to_string(int err);
- int mpi_to_ltc_error(int err);
-
- extern const char *crypt_build_settings;

mycrypt_prng.h

@@ -1,141 +0,0 @@
-/* ---- PRNG Stuff ---- */
-struct yarrow_prng {
-    int                   cipher, hash;
-    unsigned char         pool[MAXBLOCKSIZE];
-    symmetric_CTR         ctr;
-};
-
-struct rc4_prng {
-    int x, y;
-    unsigned char buf[256];
-};
-
-struct fortuna_prng {
-    hash_state pool[FORTUNA_POOLS];     /* the  pools */
-
-    symmetric_key skey;
-
-    unsigned char K[32],      /* the current key */
-                  IV[16];     /* IV for CTR mode */
-    
-    unsigned long pool_idx,   /* current pool we will add to */
-                  pool0_len,  /* length of 0'th pool */
-                  wd;            
-
-    ulong64       reset_cnt;  /* number of times we have reset */
-};
-
-struct sober128_prng {
-    ulong32      R[17],          /* Working storage for the shift register */
-                 initR[17],      /* saved register contents */ 
-                 konst,          /* key dependent constant */
-                 sbuf;           /* partial word encryption buffer */
-
-    int          nbuf,           /* number of part-word stream bits buffered */
-                 flag,           /* first add_entropy call or not? */
-                 set;            /* did we call add_entropy to set key? */
-    
-};
-
-typedef union Prng_state {
-#ifdef YARROW
-    struct yarrow_prng    yarrow;
-#endif
-#ifdef RC4
-    struct rc4_prng       rc4;
-#endif
-#ifdef FORTUNA
-    struct fortuna_prng   fortuna;
-#endif
-#ifdef SOBER128
-    struct sober128_prng  sober128;
-#endif
-} prng_state;
-
-extern struct _prng_descriptor {
-    char *name;
-    int  export_size;    /* size in bytes of exported state */
-    int (*start)(prng_state *);
-    int (*add_entropy)(const unsigned char *, unsigned long, prng_state *);
-    int (*ready)(prng_state *);
-    unsigned long (*read)(unsigned char *, unsigned long, prng_state *);
-    int (*done)(prng_state *);
-    int (*pexport)(unsigned char *, unsigned long *, prng_state *);
-    int (*pimport)(const unsigned char *, unsigned long, prng_state *);
-    int (*test)(void);
-} prng_descriptor[];
-
-#ifdef YARROW
- int yarrow_start(prng_state *prng);
- int yarrow_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
- int yarrow_ready(prng_state *prng);
- unsigned long yarrow_read(unsigned char *buf, unsigned long len, prng_state *prng);
- int yarrow_done(prng_state *prng);
- int  yarrow_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
- int  yarrow_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
- int  yarrow_test(void);
- extern const struct _prng_descriptor yarrow_desc;
-#endif
-
-#ifdef FORTUNA
- int fortuna_start(prng_state *prng);
- int fortuna_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
- int fortuna_ready(prng_state *prng);
- unsigned long fortuna_read(unsigned char *buf, unsigned long len, prng_state *prng);
- int fortuna_done(prng_state *prng);
- int  fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
- int  fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
- int  fortuna_test(void);
- extern const struct _prng_descriptor fortuna_desc;
-#endif
-
-#ifdef RC4
- int rc4_start(prng_state *prng);
- int rc4_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
- int rc4_ready(prng_state *prng);
- unsigned long rc4_read(unsigned char *buf, unsigned long len, prng_state *prng);
- int  rc4_done(prng_state *prng);
- int  rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
- int  rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
- int  rc4_test(void);
- extern const struct _prng_descriptor rc4_desc;
-#endif
-
-#ifdef SPRNG
- int sprng_start(prng_state *prng);
- int sprng_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
- int sprng_ready(prng_state *prng);
- unsigned long sprng_read(unsigned char *buf, unsigned long len, prng_state *prng);
- int sprng_done(prng_state *prng);
- int  sprng_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
- int  sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
- int  sprng_test(void);
- extern const struct _prng_descriptor sprng_desc;
-#endif
-
-#ifdef SOBER128
- int sober128_start(prng_state *prng);
- int sober128_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
- int sober128_ready(prng_state *prng);
- unsigned long sober128_read(unsigned char *buf, unsigned long len, prng_state *prng);
- int sober128_done(prng_state *prng);
- int  sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
- int  sober128_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
- int  sober128_test(void);
- extern const struct _prng_descriptor sober128_desc;
-#endif
-
- int find_prng(const char *name);
- int register_prng(const struct _prng_descriptor *prng);
- int unregister_prng(const struct _prng_descriptor *prng);
- int prng_is_valid(int idx);
-
-/* Slow RNG you **might** be able to use to seed a PRNG with.  Be careful as this
- * might not work on all platforms as planned
- */
-unsigned long rng_get_bytes(unsigned char *buf, 
-                                   unsigned long len, 
-                                   void (*callback)(void));
-
-int rng_make_prng(int bits, int wprng, prng_state *prng, void (*callback)(void));
-

notes/cipher_tv.txt

@@ -1537,3 +1537,215 @@ Key Size: 10 bytes
 49: 0AAB29DF65861F4C
 
 
+Cipher: anubis
+Key Size: 16 bytes
+ 0: 30FF064629BF7EF5B010830BF3D4E1E9
+ 1: DD7A8E87CFD352AF9F63EA24ADA7E353
+ 2: 0D0BE8F05510EBD6A3EC842E5BD9FC2A
+ 3: 330F09581FDC897B3FE6EC1A5056A410
+ 4: 30349D965F43C295B9484C389C4D942C
+ 5: 9225343F0056BC355060C0282C638D02
+ 6: E3A85D41B5337533C4D87730948A9D4E
+ 7: 09DA0DDB65FF431081CAB08A28010B76
+ 8: 6C0D0BD6CEAFB9783B31023FD455DAC6
+ 9: FBE6F26B7CA322A45312856D586DE2EE
+10: 1F269EC072D0FBA72E87CA77F8B983FB
+11: CFFAE9ADE3006BD511ED172D42F16D05
+12: 73F0E9DE89F4C7541506F052D181BAC2
+13: FCFA3E2E89FF769834295C77431EF7CE
+14: 0452360383D56F827C81263F6B0855BC
+15: 40744E07299D6A2A210BE5598835221B
+16: 2F0FC61148C36F4C7B42DF274AD0DDE0
+17: 2EA0E9BE9E4E4DF85488FE6E7CFCD6E3
+18: 0AD1254FA64C3996BBD485D41A3687A0
+19: 5B55988652DF200348A114F802FD3C03
+20: C32906AF76934C1436CA60BAD58A0C66
+21: 59D87987DE9DD485C4537F3A95A164A0
+22: 0A706ADF488D84632C96F4BEC43D9FA8
+23: 0B74E0CDD14D984B37491E2D9FA63CAE
+24: 47CB1827D151A60473E67BD5D233102F
+25: F455B4B665D3D0AFB25FDE4A3312AFF6
+26: F9A0649421D45DF604206854F681DBDB
+27: 21477F5546339E4B6D8215368EE9F884
+28: 577640F23CA73345701B0906DFABA4B7
+29: 89F8D08A6E173759020DD7301E0FE361
+30: 44EF7AF7043FD4B8112345CEE42BC969
+31: D7CF0CE04A57253F4C63CABC4A5CB034
+32: AF73D3F4CED32593B315E27079131D22
+33: F6E603E3455359FE43A3B83AAF3AF0C5
+34: DCC3FB557F2C301B631DEF499097E4FD
+35: 8285A25CF6F7E701644708E12081C62C
+36: EC702DD0293F4C646B1C9C2606762816
+37: 289491E5A65DCA605B78E88DA8A9F8AB
+38: D82FBC14452BE34C5840DAD81FC2A65E
+39: B88A340EB1BF8D5ADE6A4E6C16104FC8
+40: C9FC3D70D2BA26C4059BD3D34134264C
+41: 18CE3D2920E3BDEFA91C369E9DE57BF4
+42: 50917AE58278E15A18A47B284D8027A3
+43: BDA6F9DE33704302CE056412143B4F82
+44: C287898C1451774675EB7A964C004E0D
+45: 3BDE73E0D357319AB06D3675F1D3E28D
+46: 30FF4326C89C0FFE4D31D2E92CC0BF9B
+47: F69816F304ED892232F220F290320A8D
+48: 1368153F1A54EFF8D61F93A2D6AF21E3
+49: 06DD274894B6EDF3159A1403F47F09C7
+
+Key Size: 28 bytes
+ 0: 7828B1997D3D050201DC6EE45C8521B5
+ 1: 0D77F896F9CEF16DAAFCF962C2257AAE
+ 2: 89C27B0623F5EECCA38BAE1AD86AE156
+ 3: 44EC09834052009CC3CD66E1BA11AF01
+ 4: F922BFDB03FB186A069C1E7B48222E3D
+ 5: 277F7971955D8984AAECF287C32B8211
+ 6: E77ED0144A3ED827B71453B91562FE25
+ 7: 1760EFD04477AE527BC37F72C8BBBCAE
+ 8: 26259425ACD58207AE328B3F1A217AC1
+ 9: 0876C4DC51D22657C4121E9067C2C3BA
+10: 0214981592C9CEDD4D654F84AF1793A5
+11: 3E11FA027BC4F15048D27B187062259A
+12: 24E7D61BB21EA90B5282B43AAFB0DBDC
+13: 688F56ECB45B7C242000653460F04A23
+14: DFA587501A875ACDE8687A04AE404861
+15: 4C21CC3FBB768CC9AF2242FA206FE406
+16: 5CA0B03FA7751DEBBE70CB21AA61765A
+17: 4879B3AC26270C422645B9CA29CAD8BB
+18: 24F941E1B9AF84C18D03885EAACE16E3
+19: 05E163A0150123C2664131A81B20AFC1
+20: D606CAA85362E23598E5B8BD60C60506
+21: 33BD0AE751019BB751C151AE47BD5811
+22: 75DA523F5F793F90034144A3599DC5E6
+23: CD4709B56521EA306F5AD95CCA878183
+24: 6A4EC2EDDEBBBFEB62C1F13F7A59BF20
+25: 2A36272DC4EFDFC03F4DCF049ED2ADFF
+26: FD4F3904E8E37E7C31508E5829482965
+27: BA64BAE1C2ABB8599A31B245DBAD1153
+28: 757E0151783A50FC92AE55861DCD797D
+29: 5E63BDA3217ECB544972CA14A9074DA5
+30: E52F1195921767FA2410BA095EA5C328
+31: 6D7E42D67E329D669299B5A590017E8D
+32: 0516F6F7D99ADE5DC42E635BB5832E80
+33: 57FB4E6B82ED2A3091248DCEF9C27F14
+34: 25231D0E9B96534977D2F2AF93DD10AB
+35: 847C4C524A586568D19EFA3ECA343F1C
+36: 52448814064E0F33A4EA89368C2E1ACC
+37: 461275466FAA7BC16ABAD9EC459BD67A
+38: 16C8324A383A00DA06DBEC419B69C551
+39: 5F26F7CF715FF2649DCC3C71EB6B92DF
+40: 575363411FB07C067CD4357A1CD1D695
+41: AB70F08BAB51C5F57139A107EE858A12
+42: 887F62AE3D700EC5323EDA231C6B4C48
+43: 7B9851B01DC9083293F3B226690A54F4
+44: 36E03DF51C574E35EF2077DB7A49548E
+45: E238A564246B163F97EDD733A235EDEB
+46: 30679CE080915DC3BFA91D0DAFF5E82E
+47: 7C2E8145D803D4FE18EE32995AAC16B0
+48: 24D6F61ECC87206804885D33BFA7B2CA
+49: 1F4F81751CB3FAFDC9F9C27E639F370B
+
+Key Size: 40 bytes
+ 0: 31C3221C218E4CA1762B0DE77B964528
+ 1: 0B6E4BD937773597647FFE0A3859BB12
+ 2: 67A116E5F762619DE72F99AD1562A943
+ 3: B6A841663FB466ACAF89C8DA5BA080F0
+ 4: 0442708BF804642B9B1C69F5D905817E
+ 5: BC77391EAB530B96CA35319E510DB306
+ 6: AED37991A50AECB70C1B99137D5B38F2
+ 7: 8735F7AF0BF6C5C7E3C98021E83A31EE
+ 8: A614243B1B871D80BDCE4A23AD00F9FA
+ 9: 16AC67B139A92AD777871C990D3DA571
+10: B1774A2A12A8CAB25D28A575B67CEF5D
+11: 4C9B1A120BC6A33C62AF903FEEC3AF5F
+12: 7B128F00480E497C5754EE333457EE5E
+13: AB56D578229492B95ED309C0EC566658
+14: 42FAF577855FEDB3446D40B4B6677445
+15: 84E0C19B4A4512001F663E22D3184F0A
+16: 8B01680D049F5A9421BA9BED100CC272
+17: 2B1D70B92A5DF12CE0FA6A7AA43E4CEE
+18: C7F61340D1B2321A1884E54D74576657
+19: 153C07C56B32530866722C4DEAC86A50
+20: 2EACBEFC4A29D1250EEAFD12A1D4AE77
+21: FCCB40B0997E47512295066F1A0344DD
+22: C149A543345E2A1B8249F71CB9F903A4
+23: 3FD0688A8D0BE5F06F157C234C29BF9A
+24: 6A3F813F396D77C7F4641ECC3E0BF3AA
+25: E2888B9D2A6D819367F61C5792866A8F
+26: 1A8A000F91AF4E600DDD88E098BD938B
+27: 2283E758C04548EF8C37FA9F5700A7AD
+28: 4FD6D8E1678D2B85520B96C038C582BF
+29: D13C0B228F792EF88F09ED192C571029
+30: 1A2A06B1987BE0DADA4B558AE5E6A128
+31: 097B0460C47F1801986F5706A69EB01C
+32: DD17BAC0737515C6386ECA6A6D6C02B6
+33: 5989BD1D46FD6EC14D4C55D5D6D17F99
+34: 431002E0224BD34B0B93988356C19E7C
+35: 37DB7570296DCCE45ABDDE36EBE4731D
+36: 4731DE78EEBAA1D02568EEEA2E04A2F5
+37: 1F879753A7964AF44C84FD5765D8E080
+38: 54F120726F68EA4B0501365CD2A84759
+39: 366E43BB744C615999E896D01A0D1D0E
+40: 18747BD79F1D0529D09CAC70F4D08948
+41: 4F9854BAE0834A0C5FD12381225958F2
+42: 7C14ADF94A0B61828996D902E4CCFF3E
+43: 242F0E9CE96E4E208A9E0C5D76F8E698
+44: 27EE179E2A9301B521B2C94ED3D36A77
+45: 892C84A5E77E88A67F5F00F3597F4C04
+46: FC7880D7860E90DE17E935700FC8C030
+47: BC49373F775BF9CD6BDC22C87F71E192
+48: 365646D0DE092AF42EC8F12A19840342
+49: 62D0E9C210A20ECD2FF191AD3495DE6F
+
+
+Cipher: khazad
+Key Size: 16 bytes
+ 0: 9C4C292A989175FC
+ 1: F49E366AF89BD6B7
+ 2: 9E859C8F323666F9
+ 3: 349EC57A02451059
+ 4: 59E34CF03134A662
+ 5: 436C16BAB80E3E2D
+ 6: 81C35012B08A194C
+ 7: 056CCC9991C1F087
+ 8: 0A59F24C4715B303
+ 9: 3C2CFF98AE8500FD
+10: 9136C3FCC332D974
+11: FA3FA726E6BEBA65
+12: DD84E4F9F39FB7EE
+13: A3F397CC9FB771F5
+14: E2D6ECC1F40A51C7
+15: 6704A1A705163A02
+16: BD820F5AF7DEEB04
+17: E21E37CC122027FF
+18: E319085D8E2C1F4F
+19: 0DDFE55B199A49A9
+20: B70F39CCCB2BA9A6
+21: 3F2F25723AED2E29
+22: 751FACD5F517AB2F
+23: D32CE55FBF217CE9
+24: 91393018EA847012
+25: D50F1C54BABE7081
+26: C73350FBC5B3A82B
+27: E9A054F709FD5C57
+28: 94BD5121B25746D4
+29: EE19F88B28BEB4B7
+30: CE6845FD13A3B78A
+31: 566729D0183496BC
+32: DC0E1D38CB5E03A8
+33: 251AD2B2842C75E3
+34: D344AC41190F3594
+35: 579B956A36ADA3A8
+36: 5F83D3AFEE9A6F25
+37: 2D3FF8708A03C600
+38: 32A732C7BEEBB693
+39: F437276FAA05BB39
+40: 58DDD4CD0281C5FD
+41: ECC2C84BD8C0A4DC
+42: BAB24C2CEFE23531
+43: 5244BFA3E2821E7D
+44: A4B273E960946B2C
+45: 039376D02A8D6788
+46: D3EB7074E3B05206
+47: 89C18FFA26ED0836
+48: 1F05A2D2D78927D9
+49: 0133E1745856C44C
+
+

notes/eax_tv.txt

@@ -329,3 +329,57 @@ EAX-skipjack (10 byte key)
  15: 07AF486D1C458AAB2DBF13C3243FAD, 87288E41A9E64089
  16: 84059283DF9A2A8563E7AF69235F26DF, 351652A0DBCE9D6E
 
+EAX-anubis (16 byte key)
+  0: , 8E20F19D9BA22ABA09FB86FDE6B9EF38
+  1: 3B, F4201E546A9160F989191942EC8FD1D3
+  2: 9F38, 4E3CEAE3E1CB954E021A10E814B71732
+  3: 4F4769, 3E8F35A6A5B11200E9F1AA38590066CD
+  4: AB41F5FC, EC4C97A8892AAF5433106D4AC8A49843
+  5: 414F95D61B, BF831E34D1E3FECB973A8C730ECA2E6D
+  6: 4798322F06D1, 005BBC30BFEDBE6463536C4F80D1A071
+  7: F256B6CD1BF4F5, 468A28F0661884B846B191B530C8D064
+  8: 90906F27A633ADDE, 6D9200A37A7F6A456CB103673184C2E5
+  9: 16CD3C17C9B4EAB135, 6D716E23D7B35109F55B036EDFA7742E
+ 10: 7AD1C22F1F06298DFB25, B076990F8193543C8F3185D3792BCE56
+ 11: 0476F2ABCD057FE6FEE39D, BB2876DB18C00038FADBBD9B264ACC3C
+ 12: B69EDE336407DBC2EE735857, AB63E5906116A8BE22C52B5DA31B1839
+ 13: C3864C1354065A56470669E602, C72BFD3A0BC73BFF051C9AB2F0DFED93
+ 14: 296D8F183A59020D33890420DD7B, C9D90B9EB42C32EDCF6223587D1598A6
+ 15: 256ED8E9D982616680559979BDF2E9, 179FE4E7BA7E966050D35900317E9916
+ 16: D4ED8F30FF9C0470D75B3B16750A3AE4, 5D50F05BB270A292DFF9F67A3BA84675
+ 17: 40CDEB6388274143CA3C4F6020BD9A4875, B27C7DFB1BFBB3FCCEE0171852C7924E
+ 18: 54EF262EC1801D505C7629D038654EBA0594, 9D2060FCD0A2C577511C7752ADE60BBE
+ 19: F39EE54A37F16DD38B624D7AB8F0D9CBD4B981, BC056C7D2C09D813703CDD63C1C69F44
+ 20: F4E7AD474FCA153ABD670E43081ED09EB2C4CC1A, F244BD4D630272F0D98FCA04226C04F1
+ 21: 039ECC36A0A16273E7246CA1FF19D213AC87B53F29, 3056DB6916C925DF220B6C9980EE141A
+ 22: 7DE1DCDEF01447CA2FE83375A48DD84E4A7CB7C01992, 79AFEA4816EAF8DAC8A5E93960F1594F
+ 23: A886C4B914BF0983003272F226F9B2197EF2DC05ACDDE0, B59D85A0FDA5FA4422F7203C055B97A9
+ 24: 00B3E1E91448E250AAFB695C0643A6577AB453EFECFABF53, 4A7EFF1CBC1AB535122A017203616D85
+ 25: 85E972E774D66D0531E40B8FE9E264A77B50FA883AB0943080, B18E164BF89B7E7AB0DC256DFEC7C72F
+ 26: 004849E39334969B392CB0CF3FDEFB3D792DCBBC15F8328C7EDC, 3C51295711F5F878DE8F0B2B5A26A227
+ 27: A0BAD6C2264AB1578993BA49E59D4598822FFED20A57D88F756FF1, 2EB9D525697A419A10DB2A84AEEA5FBC
+ 28: C34DD806EAB5AD823D78BCA78A7709A705FC94ECC521A367D76C9588, 3C57580C7903039D645C06DBAF07B477
+ 29: C447EC77512938CF7862388C32AF22ACE6B5E4CBAA998BE4F5CBC4D215, 43425D09B7ACFD90371C08953946A955
+ 30: 2C16993AAE624CBA4CDAF34FE3D368559E6BE548292B281439866375013B, 3B7360C3FA8FB1C15D19F567153CB46C
+ 31: 538E5DFAF14854A786851E4165F2E01CDDA963E318FCE4FB58E31A6B5CFC33, 2F8EA13B7A6873FE556CA535ABA0968B
+ 32: 5E29CDB7D9695A110043E9C260104BDF020A3A2A139D4112E918AB584BDD7EDA, 9133213AA7BCF062D2BD37F866683D3F
+
+EAX-khazad (16 byte key)
+  0: , 75968E54452F6781
+  1: 95, ADAF5949F09B5A22
+  2: 6B8F, A06B201947424A11
+  3: 5BE668, 3251416625DF347A
+  4: 5A92E82B, 33E25772427D9786
+  5: 62F9F2ABCC, DE714F5F5D17D6D0
+  6: 0E3CD825BD8D, A7991C8CB8975ED9
+  7: 4AD0D999503AAD, 53A827D7886F7227
+  8: BB08E6FAED1DAEE8, 91A118749B7AB9F3
+  9: 16E30CB12E20D18495, F8F8B8C1280158F9
+ 10: 616DBCC6346959D89E4A, 506BF35A70297D53
+ 11: F86B022D4B28FDB1F0B7D3, EA42220C805FD759
+ 12: 9B8A3D9CDBADD9BBCCCD2B28, BB478D3CE9A229C9
+ 13: CDC4AB4EF2D5B46E87827241F0, 658EDB9497A91823
+ 14: 1A113D96B21B4AEBDB13E34C381A, 63AD0C4084AC84B0
+ 15: 14DA751E5AF7E01F35B3CE74EE1ACF, 3C76AB64E1724DCE
+ 16: A13BBC7E408D2C550634CBC64690B8FE, 3D4BBC0C76536730
+

notes/etc/saferp_optimizer.c

@@ -0,0 +1,173 @@
+/* emits an optimized version of SAFER+ ... only does encrypt so far... */
+
+#include <stdio.h>
+#include <string.h>
+
+/* This is the "Armenian" Shuffle.  It takes the input from b and stores it in b2 */
+#define SHUF\
+    b2[0] = b[8]; b2[1] = b[11]; b2[2] = b[12]; b2[3] = b[15];   \
+    b2[4] = b[2]; b2[5] = b[1]; b2[6] = b[6]; b2[7] = b[5];      \
+    b2[8] = b[10]; b2[9] = b[9]; b2[10] = b[14]; b2[11] = b[13]; \
+    b2[12] = b[0]; b2[13] = b[7]; b2[14] = b[4]; b2[15] = b[3]; memcpy(b, b2, sizeof(b));
+
+/* This is the inverse shuffle.  It takes from b and gives to b2 */
+#define iSHUF(b, b2)                                               \
+    b2[0] = b[12]; b2[1] = b[5]; b2[2] = b[4]; b2[3] = b[15];      \
+    b2[4] = b[14]; b2[5] = b[7]; b2[6] = b[6]; b2[7] = b[13];      \
+    b2[8] = b[0]; b2[9] = b[9]; b2[10] = b[8]; b2[11] = b[1];      \
+    b2[12] = b[2]; b2[13] = b[11]; b2[14] = b[10]; b2[15] = b[3]; memcpy(b, b2, sizeof(b));
+    
+#define ROUND(b, i)                                                                        \
+    b[0]  = (safer_ebox[(b[0] ^ skey->saferp.K[i][0]) & 255] + skey->saferp.K[i+1][0]) & 255;    \
+    b[1]  = safer_lbox[(b[1] + skey->saferp.K[i][1]) & 255] ^ skey->saferp.K[i+1][1];            \
+    b[2]  = safer_lbox[(b[2] + skey->saferp.K[i][2]) & 255] ^ skey->saferp.K[i+1][2];            \
+    b[3]  = (safer_ebox[(b[3] ^ skey->saferp.K[i][3]) & 255] + skey->saferp.K[i+1][3]) & 255;    \
+    b[4]  = (safer_ebox[(b[4] ^ skey->saferp.K[i][4]) & 255] + skey->saferp.K[i+1][4]) & 255;    \
+    b[5]  = safer_lbox[(b[5] + skey->saferp.K[i][5]) & 255] ^ skey->saferp.K[i+1][5];            \
+    b[6]  = safer_lbox[(b[6] + skey->saferp.K[i][6]) & 255] ^ skey->saferp.K[i+1][6];            \
+    b[7]  = (safer_ebox[(b[7] ^ skey->saferp.K[i][7]) & 255] + skey->saferp.K[i+1][7]) & 255;    \
+    b[8]  = (safer_ebox[(b[8] ^ skey->saferp.K[i][8]) & 255] + skey->saferp.K[i+1][8]) & 255;    \
+    b[9]  = safer_lbox[(b[9] + skey->saferp.K[i][9]) & 255] ^ skey->saferp.K[i+1][9];            \
+    b[10] = safer_lbox[(b[10] + skey->saferp.K[i][10]) & 255] ^ skey->saferp.K[i+1][10];         \
+    b[11] = (safer_ebox[(b[11] ^ skey->saferp.K[i][11]) & 255] + skey->saferp.K[i+1][11]) & 255; \
+    b[12] = (safer_ebox[(b[12] ^ skey->saferp.K[i][12]) & 255] + skey->saferp.K[i+1][12]) & 255; \
+    b[13] = safer_lbox[(b[13] + skey->saferp.K[i][13]) & 255] ^ skey->saferp.K[i+1][13];         \
+    b[14] = safer_lbox[(b[14] + skey->saferp.K[i][14]) & 255] ^ skey->saferp.K[i+1][14];         \
+    b[15] = (safer_ebox[(b[15] ^ skey->saferp.K[i][15]) & 255] + skey->saferp.K[i+1][15]) & 255;        
+
+int main(void)
+{
+   int b[16], b2[16], x, y, z;
+   
+/* -- ENCRYPT ---  */
+   for (x = 0; x < 16; x++) b[x] = x;
+   /* emit encrypt preabmle  */
+printf(
+"void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)\n"
+"{\n"
+"   int x;\n"
+"   unsigned char b[16];\n"
+"\n"
+"   LTC_ARGCHK(pt   != NULL);\n"
+"   LTC_ARGCHK(ct   != NULL);\n"
+"   LTC_ARGCHK(skey != NULL);\n"
+"\n"
+"   /* do eight rounds */\n"
+"   for (x = 0; x < 16; x++) {\n"
+"       b[x] = pt[x];\n"
+"   }\n");   
+
+   /* do 8 rounds of ROUND; LT; */
+   for (x = 0; x < 8; x++) {
+       /* ROUND(..., x*2) */
+       for (y = 0; y < 16; y++) {
+printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
+          b[y], "elle"[y&3], b[y], "^++^"[y&3],      x*2, y, "+^^+"[y&3], x*2+1, y);
+       }
+       
+       /* LT */
+       for (y = 0; y < 4; y++) {
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
+      if (y < 3) {
+         SHUF;
+      }         
+      }   
+  }
+  
+printf(
+"   if (skey->saferp.rounds <= 8) {\n");
+/* finish */
+   for (x = 0; x < 16; x++) {
+   printf(
+"      ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
+       x, b[x], "^++^"[x&3], x);
+   }   
+   printf("      return;\n   }\n");
+  
+  /* 192-bit keys */
+printf(  
+"   /* 192-bit key? */\n"
+"   if (skey->saferp.rounds > 8) {\n");
+  
+   /* do 4 rounds of ROUND; LT; */
+   for (x = 8; x < 12; x++) {
+       /* ROUND(..., x*2) */
+       for (y = 0; y < 16; y++) {
+printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
+          b[y], "elle"[y&3], b[y], "^++^"[y&3],      x*2, y, "+^^+"[y&3], x*2+1, y);
+       }
+       
+       /* LT */
+       for (y = 0; y < 4; y++) {
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
+      if (y < 3) {
+         SHUF;
+      }         
+      }   
+  }
+printf("}\n");
+  
+printf(
+"   if (skey->saferp.rounds <= 12) {\n");
+/* finish */
+   for (x = 0; x < 16; x++) {
+   printf(
+"      ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
+       x, b[x], "^++^"[x&3], x);
+   }   
+   printf("      return;\n   }\n");
+
+  /* 256-bit keys */
+printf(  
+"   /* 256-bit key? */\n"
+"   if (skey->saferp.rounds > 12) {\n");
+  
+   /* do 4 rounds of ROUND; LT; */
+   for (x = 12; x < 16; x++) {
+       /* ROUND(..., x*2) */
+       for (y = 0; y < 16; y++) {
+printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
+          b[y], "elle"[y&3], b[y], "^++^"[y&3],      x*2, y, "+^^+"[y&3], x*2+1, y);
+       }
+       
+       /* LT */
+       for (y = 0; y < 4; y++) {
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
+      if (y < 3) {
+         SHUF;
+      }         
+      }   
+  }
+/* finish */
+   for (x = 0; x < 16; x++) {
+   printf(
+"      ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
+       x, b[x], "^++^"[x&3], x);
+   }   
+   printf("   return;\n");
+printf("   }\n}\n\n");
+
+   return 0;
+}
+

notes/ocb_tv.txt

@@ -329,3 +329,57 @@ OCB-skipjack (10 byte key)
  15: 1D5A7AD556FF3078284BB21A536DAA, 01FAE2F4936ED9D2
  16: 4B8B71396924880CB33EA6EC6593F969, A0F4B1BE3B9B4CCE
 
+OCB-anubis (16 byte key)
+  0: , D22ACF880B297DB0513DFAF0D2DF57D9
+  1: 59, 210A179469D6568AB9470C760415574E
+  2: AFA5, 1223F9CD160ABE2F257164C6E5533C87
+  3: 969BEC, A57EC767543CA2ADBA4F5A7423ECA78A
+  4: CF8B31F1, 13B5BF9CD87CE15CE696F3AF1B082650
+  5: 9B22DF3852, 4937FDDA0AFDDA04CCD53CCBB0A82745
+  6: E11719B2F0F8, 6847931DBF0223F5CEF66AE3F4DFCF9B
+  7: 5A85E0F6DD2266, A1A0AF45A68A681CC396615FE1E1DFB5
+  8: 7F2DFCC65ED86976, 13614A3C6E0E08611D8DF8EE5B7D788F
+  9: 1DAF10DFA3F1D53E50, 673632B6DD553BAE90E9E6CC8CDE0FA5
+ 10: AF74FD9671F9C0A9879C, B8B4DD448FE967207227B84E42126D90
+ 11: 49421CED1167A882E26297, 21C8951A1761E4BD13BC85CBD14D30BD
+ 12: BC0BC779B83F07D30CB340DA, FAABD25E14FFD8D468AD6616021F604C
+ 13: 843D7E00F94E61AE950B9AA191, 08933ED5FBDCAF72F788393CD5422D0F
+ 14: 296F15C383C511C36258F528E331, 8BFFADF5655C1864057D69A6706D1739
+ 15: E31D2E80B2DBA4FBFAF52DB0513838, C4CD36821EC631CCBF1F258EE9931288
+ 16: 87F319FE9A48E2D087EDF95563896EE5, 517960488E5A118D150A1573E76C290A
+ 17: 9632B7DC1740BBE0A7AEEFD0F535B5AE8A, 0C24D0950873621D319A928862D3A6AC
+ 18: 359431ED4B3AC537238CAC2F86126972D403, 4A0CED2F4BFA3355C17D6C5DF9FABFAA
+ 19: E15B50172EE8DA9C552D448A5A48BEEAA2F11D, 8166B2A2D3A0745D1055F9F503FD6C03
+ 20: 75842DDC0D5E3BD80225E4BFBD1298421244D7EF, BB957BB2582B67B63978BCFD7A949EDD
+ 21: 3DD69162716D5F3E096E614991CAD7ED8E01F926B8, 40A954F31F5B0A2C5DD220ACED8D2B3E
+ 22: 8A49AC14F59593D5399A10F9346E2FD36F47F64ED419, 4324D408CE7F86370495AF14FBD1A859
+ 23: 6AA8FA353BCAAB4262211D75F13D27BE173526B8BC3CFC, BA3A27D79EC8ECBC5A78CB9FD095B766
+ 24: B918192BB72CFEF980298EEE570460356A4BA1755576FEAA, EB341ECE0A070E769F498600EE4EBF77
+ 25: BEFAE0B77E42A2FD18958D9E43202E8A338562AFF8317461B0, 444C1D6BDC026A01012BB2CEEAD89C2C
+ 26: 07E86D49CFFE6FB08FDF44584033AF321447003D8AD3862C00C9, DA9355A79B224EF662DA65F19BE494A7
+ 27: 911BB223AC6F6E54082FBFEDEC300D73FCAF715CCA35949212B372, 3496160A46A21DCDB5A4C179F159D860
+ 28: ABB563FC803715F59AA35460E98470E2E94E4270455ACEBF4297641B, 899CFE1946A060DE620879B8A7464718
+ 29: 47D98E83B5849CDE19B14ABCF9EA6CA9684AB49A3AB36BD14F328D808C, 6D76CD5EFF6D4AD3B67A56DF1EB42E05
+ 30: C8BF0B71A95884FFB93D64C57E327A4754EC5A1EE26632CF8E0B6B26CBDE, 2B3BE785263B1A400E5893273AFD09AE
+ 31: 9804D668CF2D75CA58C9671F65630E33909269B9511AF9119BE88EBB35F00C, 3DDA028B1A2339CA817DC8D9371E0FF8
+ 32: F6E038A82A09BCD20BAAC7926B2296B78F9CBA9DD12C497C47EA08DBCD8CEA3A, A203FC1E68E21A52E72224891AC10EE2
+
+OCB-khazad (16 byte key)
+  0: , BDEDFF7AA0070063
+  1: 00, 67E951582D66ED93
+  2: 5FED, 09DC8AEAD70673DE
+  3: 26A7CC, CE1436CE1E37D4B0
+  4: 3D2BD063, 574C24395F31511A
+  5: 597F1AFCB1, 6FBBE820C6F26CDB
+  6: 202DAE442DF6, 58CA6E5706C9852D
+  7: 7C20EDA18E9444, AABF0DA252A1BAAD
+  8: DEC02BF76DFD5B77, A0A97446B80EACB6
+  9: 5D7A42F73843F9200E, A1DD603372D124CB
+ 10: 0D4710E454C19B68369E, CC78E9D7EAA6A39F
+ 11: 126694191BF09A29DCF40E, 76C9B84FA3E8913F
+ 12: A94EBB86BD325B4FA1942FA5, 613DE312DB1666F7
+ 13: 4F9462386469EA0EFDC1BFAFE9, 5247244FD4BBAA6F
+ 14: 4EB794DFCF3823BDC38FA5EF3B23, 0C12017B5E058398
+ 15: D870479780CC5B3B13A7A39029A56F, 003D3FCD31D497B5
+ 16: A47BF1218AC86A60F6002CE004AF5E50, B4EC27091D5DCD58
+

notes/omac_tv.txt

@@ -329,3 +329,57 @@ OMAC-skipjack (10 byte key)
  15: ED91F98DA98F42C4
  16: D8D0FA5CE96B08BF
 
+OMAC-anubis (16 byte key)
+  0: E672617CAA1E641C0E7B4B4CC4787455
+  1: C0C16E8FD63907C08A8ABBB7B73376D3
+  2: 23F97CED54939361830396224A7BDD91
+  3: 7FD87DEA9F05E07212DDF61292D9E13D
+  4: 929A11A4D0991A6446B1051926A6048D
+  5: 4EB74F1CC0150D86126BC6FE1FC8253D
+  6: 33C2C3C072D05BB6D54F87579C23B116
+  7: DE350181C9E90A79879813A609BE77E2
+  8: DB519EB9EF0E154D9D248734FD3D3724
+  9: 4F7F2E6D3FC72BA94FE24EC0ABBF4E66
+ 10: D646389DBCEEDD59EBB6E8F09C422930
+ 11: 8547658AE1CE6A8B8D010A1E1FEA7AF4
+ 12: C9BE2B7F3630EFDFBD3AEA6A108C86EA
+ 13: 290417C57096B8B9A1BA3C20FD91285B
+ 14: 9AF60E99692C5F911CBF969A6E11DC14
+ 15: CDA433BE58C98E49EBA8A7108E50DE2B
+ 16: 7430D0EE631A4659351B8A4489A78D46
+ 17: DCC74C0FD0415768FE00225CA14B7DC2
+ 18: 0CF2432B1B465F2A8C5FACAAF2FEF619
+ 19: DA020680C64E93AE5FCA3D71466D01C1
+ 20: B9C33A86E6ED9FCCDCD973382DD1B6A3
+ 21: 6631236B9F2F810DD4D97E6046F41AF2
+ 22: 0312C322F4D634CF4FBC0C2624E3E9F2
+ 23: 111E3E9F8FBDC1E4364622723F1CB524
+ 24: 6D2608D7AAF243D5219E14513895BFF6
+ 25: 683BD01B43CBC0430A007ACBAB357DC9
+ 26: 01B8FC65C56B0F1A5BFEBEDCCF6748D9
+ 27: 4D6298D63A80D55491697A6DD8E3694C
+ 28: 6F0205E4E083CAB00747D723300510DF
+ 29: 5183BAEEF05E9402A935EB9AFF0AA2A9
+ 30: 1E673BFAD4944643A740C59D96A5925C
+ 31: 940FB4000E34EEE78E8DB402E4A76502
+ 32: 87B0C48F3D155AD85D0502D94A4572DE
+
+OMAC-khazad (16 byte key)
+  0: 4EBEFA460499424F
+  1: 97AEEAD51E541D16
+  2: 29A35212910C9595
+  3: ABD1577D622074EA
+  4: 70A537DE14DD765C
+  5: 240A19016DE99C51
+  6: 4D42C10A9F803177
+  7: F464BC3E0DB5A909
+  8: 1C65A01A7C08DAC7
+  9: E49A1428C230C209
+ 10: 16DD0FEB7A6505B8
+ 11: 2DDDB3E35A05C220
+ 12: EC88910C799AC6CC
+ 13: B2A65C9EF39BEC8A
+ 14: F0D2366BA91DFFD5
+ 15: BCAB623CAB7AAA23
+ 16: 9BCEAB857596E478
+

notes/pmac_tv.txt

@@ -329,3 +329,57 @@ PMAC-skipjack (10 byte key)
  15: 2C5BD475AAC44C77
  16: FEB892DA66D31A84
 
+PMAC-anubis (16 byte key)
+  0: DF33EE541FFEE6A97FE3A1F72F7A38FC
+  1: 0AB28675AC3923C6DD9F5A8E1E2928D0
+  2: 2DABF75D6403E1E1CFAB3E6869FB1088
+  3: 95835D49E09740180B79E394FC2AA744
+  4: F364D6DC2C2078A519E5BAEFE858AFCA
+  5: DA4C66A4805FC91FABAECC0D3AEAD850
+  6: 487660FADCAC7B326C492AA051A1DF49
+  7: BF07835AA1A548FA7312509AF35CE3F3
+  8: 3CE8A8B1F324A700923AC0B830D53D99
+  9: 3C54D99AACFAB26E34FC1B0B6BB9EB22
+ 10: 0A559F9D107ED76FD19227FDD0752B8A
+ 11: BFD9E74ADC40B9C7446FDD09558FA584
+ 12: F1130F663BC0FA3B1066129E0D1910E9
+ 13: 535EAD786F0D211DE7AA78F3CB480803
+ 14: CDF5855F00A4C310D95B26751B01A28B
+ 15: EF6686E999D5A9C35A96D25BB9DBBF57
+ 16: E795733AA0AAF16D8F7AB1A8E9C55E54
+ 17: E03CA85727D5CF06F56BB6465BB3E5C5
+ 18: 6EDDDB6D2292EFF584E382E1BACD1A49
+ 19: 7B7FE0D8821836C1AA95578071FF2FD2
+ 20: 5F8CC568338400746B61A9286B7CF262
+ 21: 32DEE5A11E9EDB04BDF911837CE0FA4D
+ 22: F1A99914F13B17ABF383F36157FEB170
+ 23: 99F541647F382390043CAE5332E3114D
+ 24: 34C5EBB85693A1979F8CFDF8B431A5BB
+ 25: 1BA7266568F1E7B4A77A869D3021AC0F
+ 26: 0FC675C99C24E859F8CE714E86BF5289
+ 27: CBFAB21F5ABC47356A43BED806D873C0
+ 28: 9659AB1A4D334B622629721F98EECE3A
+ 29: 644C8BEE41F03BDE7652B03CAEA31E37
+ 30: 5B3447AFAD934B4D1E4910A8DFD588E7
+ 31: BFF403342E8D50D0447627AEA2F56B23
+ 32: 19F468F0FB05184D00FABD40A18DB7B2
+
+PMAC-khazad (16 byte key)
+  0: F40CEF2E392BEAEB
+  1: C6E086BD1CFA0992
+  2: 513F2851583AD69A
+  3: 07279D57695D78FF
+  4: 051E94FE4CC847B6
+  5: 5E9AAA5989D5C951
+  6: 310D5D740143369A
+  7: 9BB1EA8ECD4AF34B
+  8: CF886800AF0526C8
+  9: 0B03E2C94729E643
+ 10: 42815B308A900EC7
+ 11: 9A38A58C438D26DD
+ 12: 044BFF68FD2BFF76
+ 13: 7F5ABBDC29852729
+ 14: F81A7D6F7B788A5D
+ 15: 93098DA8A180AA35
+ 16: BACE2F4DA8A89E32
+

ocb_decrypt_verify_memory.c

@@ -1,65 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-/* OCB Implementation by Tom St Denis */
-#include "mycrypt.h"
-
-#ifdef OCB_MODE
-
-int ocb_decrypt_verify_memory(int cipher,
-    const unsigned char *key,    unsigned long keylen,
-    const unsigned char *nonce,  
-    const unsigned char *ct,     unsigned long ctlen,
-          unsigned char *pt,
-    const unsigned char *tag,    unsigned long taglen,
-          int           *res)
-{
-   int err;
-   ocb_state *ocb;
-
-   _ARGCHK(key    != NULL);
-   _ARGCHK(nonce  != NULL);
-   _ARGCHK(pt     != NULL);
-   _ARGCHK(ct     != NULL);
-   _ARGCHK(tag    != NULL);
-   _ARGCHK(res    != NULL);
-
-   /* allocate memory */
-   ocb = XMALLOC(sizeof(ocb_state));
-   if (ocb == NULL) {
-      return CRYPT_MEM;
-   }
-
-   if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
-      goto __ERR; 
-   }
-
-   while (ctlen > (unsigned long)ocb->block_len) {
-        if ((err = ocb_decrypt(ocb, ct, pt)) != CRYPT_OK) {
-            goto __ERR; 
-        }
-        ctlen   -= ocb->block_len;
-        pt      += ocb->block_len;
-        ct      += ocb->block_len;
-   }
-
-   err = ocb_done_decrypt(ocb, ct, ctlen, pt, tag, taglen, res);
-__ERR:
-#ifdef CLEAN_STACK
-   zeromem(ocb, sizeof(ocb_state));
-#endif
- 
-   XFREE(ocb);
-
-   return err;
-}
-
-#endif

ocb_done_encrypt.c

@@ -1,29 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-/* OCB Implementation by Tom St Denis */
-#include "mycrypt.h"
-
-#ifdef OCB_MODE
-
-int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
-                     unsigned char *ct, unsigned char *tag, unsigned long *taglen)
-{
-   _ARGCHK(ocb    != NULL);
-   _ARGCHK(pt     != NULL);
-   _ARGCHK(ct     != NULL);
-   _ARGCHK(tag    != NULL);
-   _ARGCHK(taglen != NULL);
-   return __ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0);
-}
-
-#endif
-

omac_done.c

@@ -1,68 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-/* OMAC1 Support by Tom St Denis (for 64 and 128 bit block ciphers only) */
-#include "mycrypt.h"
-
-#ifdef OMAC
-
-int omac_done(omac_state *state, unsigned char *out, unsigned long *outlen)
-{
-   int       err, mode;
-   unsigned  x;
-
-   _ARGCHK(state  != NULL);
-   _ARGCHK(out    != NULL);
-   _ARGCHK(outlen != NULL);
-   if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) {
-      return err;
-   }
-
-   if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) ||
-       (state->blklen > (int)sizeof(state->block)) || (state->buflen > state->blklen)) {
-      return CRYPT_INVALID_ARG;
-   }
-
-   /* figure out mode */
-   if (state->buflen != state->blklen) {
-      /* add the 0x80 byte */
-      state->block[state->buflen++] = 0x80;
-
-      /* pad with 0x00 */
-      while (state->buflen < state->blklen) {
-         state->block[state->buflen++] = 0x00;
-      }
-      mode = 1;
-   } else {
-      mode = 0;
-   }
-
-   /* now xor prev + Lu[mode] */
-   for (x = 0; x < (unsigned)state->blklen; x++) {
-       state->block[x] ^= state->prev[x] ^ state->Lu[mode][x];
-   }
-
-   /* encrypt it */
-   cipher_descriptor[state->cipher_idx].ecb_encrypt(state->block, state->block, &state->key);
- 
-   /* output it */
-   for (x = 0; x < (unsigned)state->blklen && x < *outlen; x++) {
-       out[x] = state->block[x];
-   }
-   *outlen = x;
-
-#ifdef CLEAN_STACK
-   zeromem(state, sizeof(*state));
-#endif
-   return CRYPT_OK;
-}
-
-#endif
-

omac_process.c

@@ -1,53 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-/* OMAC1 Support by Tom St Denis (for 64 and 128 bit block ciphers only) */
-#include "mycrypt.h"
-
-#ifdef OMAC
-
-int omac_process(omac_state *state, const unsigned char *buf, unsigned long len)
-{
-   int err, n, x;
-
-   _ARGCHK(state != NULL);
-   _ARGCHK(buf   != NULL);
-   if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) {
-      return err;
-   }
-
-   if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) ||
-       (state->blklen > (int)sizeof(state->block)) || (state->buflen > state->blklen)) {
-      return CRYPT_INVALID_ARG;
-   }
-
-   while (len != 0) { 
-       /* ok if the block is full we xor in prev, encrypt and replace prev */
-       if (state->buflen == state->blklen) {
-          for (x = 0; x < state->blklen; x++) {
-              state->block[x] ^= state->prev[x];
-          }
-          cipher_descriptor[state->cipher_idx].ecb_encrypt(state->block, state->prev, &state->key);
-          state->buflen = 0;
-       }
-
-       /* add bytes */
-       n = MIN(len, (unsigned long)(state->blklen - state->buflen));
-       XMEMCPY(state->block + state->buflen, buf, n);
-       state->buflen += n;
-       len           -= n;
-       buf           += n;
-   }
-
-   return CRYPT_OK;
-}
-
-#endif
-

parsenames.pl

@@ -0,0 +1,20 @@
+#!/usr/bin/perl
+#
+# Splits the list of files and outputs for makefile type files 
+# wrapped at 80 chars 
+# 
+# Tom St Denis
+@a = split(" ", $ARGV[1]);
+$b = "$ARGV[0]=";
+$len = length($b);
+print $b;
+foreach my $obj (@a) {
+   $len = $len + length($obj);
+   $obj =~ s/\*/\$/;
+   if ($len > 80) {
+      printf "\\\n";
+      $len = length($obj);
+   }
+   print "$obj ";
+}
+print "\n\n";

pmac_memory.c

@@ -1,56 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-/* PMAC implementation by Tom St Denis */
-#include "mycrypt.h"
-
-#ifdef PMAC
-
-int pmac_memory(int cipher, 
-                const unsigned char *key, unsigned long keylen,
-                const unsigned char *msg, unsigned long msglen,
-                      unsigned char *out, unsigned long *outlen)
-{
-   int err;
-   pmac_state *pmac;
-
-   _ARGCHK(key    != NULL);
-   _ARGCHK(msg    != NULL);
-   _ARGCHK(out    != NULL);
-   _ARGCHK(outlen != NULL);
-
-   /* allocate ram for pmac state */
-   pmac = XMALLOC(sizeof(pmac_state));
-   if (pmac == NULL) {
-      return CRYPT_MEM;
-   }
-   
-   if ((err = pmac_init(pmac, cipher, key, keylen)) != CRYPT_OK) {
-      goto __ERR;
-   }
-   if ((err = pmac_process(pmac, msg, msglen)) != CRYPT_OK) {
-      goto __ERR;
-   }
-   if ((err = pmac_done(pmac, out, outlen)) != CRYPT_OK) {
-      goto __ERR;
-   }
-
-   err = CRYPT_OK;
-__ERR:
-#ifdef CLEAN_STACK
-   zeromem(pmac, sizeof(pmac_state));
-#endif
-
-   XFREE(pmac);
-   return err;   
-}
-
-#endif

pmac_process.c

@@ -1,62 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-/* PMAC implementation by Tom St Denis */
-#include "mycrypt.h"
-
-#ifdef PMAC
-
-int pmac_process(pmac_state *state, const unsigned char *buf, unsigned long len)
-{
-   int err, n, x;
-   unsigned char Z[MAXBLOCKSIZE];
-
-   _ARGCHK(state != NULL);
-   _ARGCHK(buf   != NULL);
-   if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) {
-      return err;
-   }
-
-   if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) ||
-       (state->block_len > (int)sizeof(state->block)) || (state->buflen > state->block_len)) {
-      return CRYPT_INVALID_ARG;
-   }
-
-   while (len != 0) { 
-       /* ok if the block is full we xor in prev, encrypt and replace prev */
-       if (state->buflen == state->block_len) {
-          pmac_shift_xor(state);
-          for (x = 0; x < state->block_len; x++) {
-              Z[x] = state->Li[x] ^ state->block[x];
-          }
-          cipher_descriptor[state->cipher_idx].ecb_encrypt(Z, Z, &state->key);
-          for (x = 0; x < state->block_len; x++) {
-              state->checksum[x] ^= Z[x];
-          }
-          state->buflen = 0;
-       }
-
-       /* add bytes */
-       n = MIN(len, (unsigned long)(state->block_len - state->buflen));
-       XMEMCPY(state->block + state->buflen, buf, n);
-       state->buflen += n;
-       len           -= n;
-       buf           += n;
-   }
-
-#ifdef CLEAN_STACK
-   zeromem(Z, sizeof(Z));
-#endif
-
-   return CRYPT_OK;
-}
-
-#endif

pretty.build

@@ -1,84 +0,0 @@
-#!/bin/perl -w
-#
-# Cute little builder for perl 
-# Total waste of development time...
-#
-# This will build all the object files and then the archive .a file
-# requires GCC, GNU make and a sense of humour.
-#
-# Tom St Denis
-use strict;
-
-my $count = 0;
-my $starttime = time;
-my $rate  = 0;
-print "Scanning for source files...\n";
-foreach my $filename (glob "*.c") {
-    if (!($filename =~ "aes_tab.c")) {
-    if (!($filename =~ "twofish_tab.c")) {
-    if (!($filename =~ "whirltab.c")) {
-    if (!($filename =~ "sha224.c")) {
-    if (!($filename =~ "sha384.c")) {
-    if (!($filename =~ "dh_sys.c")) {
-    if (!($filename =~ "ecc_sys.c")) {
-    if (!($filename =~ "sober128tab.c")) {
-       ++$count;
-    }}}}}}}}
-}
-print "Source files to build: $count\nBuilding...\n";
-my $i = 0;
-my $lines = 0;
-my $filesbuilt = 0;
-foreach my $filename (glob "*.c") {
-    if (!($filename =~ "aes_tab.c")) {
-    if (!($filename =~ "twofish_tab.c")) {
-    if (!($filename =~ "whirltab.c")) {
-    if (!($filename =~ "sha224.c")) {
-    if (!($filename =~ "sha384.c")) {
-    if (!($filename =~ "dh_sys.c")) {
-    if (!($filename =~ "ecc_sys.c")) {
-    if (!($filename =~ "sober128tab.c")) {
-       printf("Building %3.2f%%, ", (++$i/$count)*100.0);
-       if ($i % 4 == 0) { print "/, "; }
-       if ($i % 4 == 1) { print "-, "; }
-       if ($i % 4 == 2) { print "\\, "; }
-       if ($i % 4 == 3) { print "|, "; }
-       if ($rate > 0) {
-           my $tleft = ($count - $i) / $rate;
-           my $tsec  = $tleft%60;
-           my $tmin  = ($tleft/60)%60;
-           my $thour = ($tleft/3600)%60;
-           printf("%2d:%02d:%02d left, ", $thour, $tmin, $tsec);
-       }
-       my $cnt = ($i/$count)*30.0;
-       my $x   = 0;
-       print "[";
-       for (; $x < $cnt; $x++) { print "#"; }
-       for (; $x < 30; $x++)   { print " "; }
-       print "]\r";
-       my $tmp = $filename;
-       $tmp =~ s/\.c/".o"/ge;
-       if (open(SRC, "<$tmp")) {
-          close SRC;
-       } else {
-          !system("make $tmp > /dev/null 2>/dev/null") or die "\nERROR: Failed to make $tmp!!!\n";
-          open( SRC, "<$filename" ) or die "Couldn't open $filename for reading: $!";
-          ++$lines while (<SRC>);
-          close SRC or die "Error closing $filename after reading: $!";
-          ++$filesbuilt;
-       }      
-
-       # update timer 
-       if (time != $starttime) {
-          my $delay = time - $starttime;
-          $rate = $i/$delay;
-       }
-    }}}}}}}}
-}
-
-# finish building the library 
-printf("\nFinished building source (%d seconds, %3.2f files per second).\n", time - $starttime, $rate);
-print "Compiled approximately $filesbuilt files and $lines lines of code.\n";
-print "Doing final make (building archive...)\n";
-!system("make > /dev/null 2>/dev/null") or die "\nERROR: Failed to perform last make command!!!\n";
-print "done.\n";

rsa_decrypt_key.c

@@ -1,77 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-#include "mycrypt.h"
-
-#ifdef MRSA
-
-/* (PKCS #1 v2.0) decrypt then OAEP depad  */
-int rsa_decrypt_key(const unsigned char *in,     unsigned long inlen,
-                          unsigned char *outkey, unsigned long *keylen, 
-                    const unsigned char *lparam, unsigned long lparamlen,
-                          prng_state    *prng,   int           prng_idx,
-                          int            hash_idx, int *res,
-                          rsa_key       *key)
-{
-  unsigned long modulus_bitlen, modulus_bytelen, x;
-  int           err;
-  unsigned char *tmp;
-  
-  _ARGCHK(outkey != NULL);
-  _ARGCHK(keylen != NULL);
-  _ARGCHK(key    != NULL);
-  _ARGCHK(res    != NULL);
-
-  /* default to invalid */
-  *res = 0;
-
-  /* valid hash/prng ? */
-  if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
-     return err;
-  }
-  if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
-     return err;
-  }
-  
-  /* get modulus len in bits */
-  modulus_bitlen = mp_count_bits(&(key->N));
-
-  /* outlen must be at least the size of the modulus */
-  modulus_bytelen = mp_unsigned_bin_size(&(key->N));
-  if (modulus_bytelen != inlen) {
-     return CRYPT_INVALID_PACKET;
-  }
-
-  /* allocate ram */
-  tmp = XMALLOC(inlen);
-  if (tmp == NULL) {
-     return CRYPT_MEM;
-  }
-
-  /* rsa decode the packet */
-  x = inlen;
-  if ((err = rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, prng, prng_idx, key)) != CRYPT_OK) {
-     XFREE(tmp);
-     return err;
-  }
-
-  /* now OAEP decode the packet */
-  err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx,
-                           outkey, keylen, res);
-  XFREE(tmp);
-  return err;
-}
-
-#endif /* MRSA */
-
-
-
-

rsa_sign_hash.c

@@ -1,59 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-#include "mycrypt.h"
-
-#ifdef MRSA
-
-/* (PKCS #1, v2.0) PSS pad then sign */
-int rsa_sign_hash(const unsigned char *msghash,  unsigned long  msghashlen, 
-                        unsigned char *sig,      unsigned long *siglen, 
-                        prng_state    *prng,     int            prng_idx,
-                        int            hash_idx, unsigned long  saltlen,
-                        rsa_key *key)
-{
-   unsigned long modulus_bitlen, modulus_bytelen, x;
-   int           err;
-   
-  _ARGCHK(msghash  != NULL);
-  _ARGCHK(sig      != NULL);
-  _ARGCHK(siglen   != NULL);
-  _ARGCHK(key      != NULL);
-  
-  /* valid prng and hash ? */
-  if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
-     return err;
-  }
-  if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
-     return err;
-  }
-  
-  /* get modulus len in bits */
-  modulus_bitlen = mp_count_bits(&(key->N));
-
-  /* outlen must be at least the size of the modulus */
-  modulus_bytelen = mp_unsigned_bin_size(&(key->N));
-  if (modulus_bytelen > *siglen) {
-     return CRYPT_BUFFER_OVERFLOW;
-  }
-      
-  /* PSS pad the key */
-  x = *siglen;
-  if ((err = pkcs_1_pss_encode(msghash, msghashlen, saltlen, prng, prng_idx,
-                               hash_idx, modulus_bitlen, sig, &x)) != CRYPT_OK) {
-     return err;
-  }
-
-  /* RSA encode it */
-  return rsa_exptmod(sig, x, sig, siglen, PK_PRIVATE, prng, prng_idx, key);
-}
-
-#endif /* MRSA */

rsa_v15_decrypt_key.c

@@ -1,66 +0,0 @@
-	/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-#include "mycrypt.h"
-
-#ifdef MRSA
-
-/* decrypt then PKCS #1 v1.5 depad  */
-int rsa_v15_decrypt_key(const unsigned char *in,     unsigned long  inlen,
-                              unsigned char *outkey, unsigned long keylen, 
-                              prng_state    *prng,   int            prng_idx,
-                              int           *res,    rsa_key       *key)
-{
-  unsigned long modulus_bitlen, modulus_bytelen, x;
-  int           err;
-  unsigned char *tmp;
-  
-  _ARGCHK(outkey != NULL);
-  _ARGCHK(key    != NULL);
-  _ARGCHK(res    != NULL);
- 
-  /* default to invalid */
-  *res = 0;
-
-  /* valid prng ? */
-  if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
-     return err;
-  }
-  
-  /* get modulus len in bits */
-  modulus_bitlen = mp_count_bits(&(key->N));
-
-  /* outlen must be at least the size of the modulus */
-  modulus_bytelen = mp_unsigned_bin_size(&(key->N));
-  if (modulus_bytelen != inlen) {
-     return CRYPT_INVALID_PACKET;
-  }
-
-  /* allocate ram */
-  tmp = XMALLOC(inlen);
-  if (tmp == NULL) {
-     return CRYPT_MEM;
-  }
-
-  /* rsa decode the packet */
-  x = inlen;
-  if ((err = rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, prng, prng_idx, key)) != CRYPT_OK) {
-     XFREE(tmp);
-     return err;
-  }
-
-  /* PKCS #1 v1.5 depad */
-  err = pkcs_1_v15_es_decode(tmp, x, modulus_bitlen, outkey, keylen, res);
-  XFREE(tmp);
-  return err;
-}
-
-#endif

rsa_v15_encrypt_key.c

@@ -1,54 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-#include "mycrypt.h"
-
-#ifdef MRSA
-
-/* PKCS #1 v1.5 pad then encrypt */
-int rsa_v15_encrypt_key(const unsigned char *inkey,    unsigned long  inlen,
-                              unsigned char *outkey,   unsigned long *outlen,
-                              prng_state    *prng,     int            prng_idx, 
-                              rsa_key       *key)
-{
-  unsigned long modulus_bitlen, modulus_bytelen, x;
-  int           err;
-  
-  _ARGCHK(inkey  != NULL);
-  _ARGCHK(outkey != NULL);
-  _ARGCHK(outlen != NULL);
-  _ARGCHK(key    != NULL);
-  
-  /* valid prng? */
-  if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
-     return err;
-  }
-  
-  /* get modulus len in bits */
-  modulus_bitlen = mp_count_bits(&(key->N));
-
-  /* outlen must be at least the size of the modulus */
-  modulus_bytelen = mp_unsigned_bin_size(&(key->N));
-  if (modulus_bytelen > *outlen) {
-     return CRYPT_BUFFER_OVERFLOW;
-  }
-  
-  /* pad it */
-  x = *outlen;
-  if ((err = pkcs_1_v15_es_encode(inkey, inlen, modulus_bitlen, prng, prng_idx, outkey, &x)) != CRYPT_OK) {
-     return err;
-  }
-  
-  /* encrypt it */
-  return rsa_exptmod(outkey, x, outkey, outlen, PK_PUBLIC, prng, prng_idx, key);
-}
-
-#endif

rsa_v15_sign_hash.c

@@ -1,57 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-#include "mycrypt.h"
-
-#ifdef MRSA
-
-/* PKCS #1 v1.5 pad then sign */
-int rsa_v15_sign_hash(const unsigned char *msghash,  unsigned long  msghashlen, 
-                            unsigned char *sig,      unsigned long *siglen, 
-                            prng_state    *prng,     int            prng_idx,
-                            int            hash_idx, rsa_key       *key)
-{
-   unsigned long modulus_bitlen, modulus_bytelen, x;
-   int           err;
-   
-  _ARGCHK(msghash  != NULL);
-  _ARGCHK(sig      != NULL);
-  _ARGCHK(siglen   != NULL);
-  _ARGCHK(key      != NULL);
-  
-  /* valid prng and hash ? */
-  if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
-     return err;
-  }
-  if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
-     return err;
-  }
-  
-  /* get modulus len in bits */
-  modulus_bitlen = mp_count_bits(&(key->N));
-
-  /* outlen must be at least the size of the modulus */
-  modulus_bytelen = mp_unsigned_bin_size(&(key->N));
-  if (modulus_bytelen > *siglen) {
-     return CRYPT_BUFFER_OVERFLOW;
-  }
-      
-  /* PKCS #1 v1.5 pad the key */
-  x = *siglen;
-  if ((err = pkcs_1_v15_sa_encode(msghash, msghashlen, hash_idx, modulus_bitlen, sig, &x)) != CRYPT_OK) {
-     return err;
-  }
-
-  /* RSA encode it */
-  return rsa_exptmod(sig, x, sig, siglen, PK_PRIVATE, prng, prng_idx, key);
-}
-
-#endif

sprng.c

@@ -1,80 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-/* A secure PRNG using the RNG functions.  Basically this is a
- * wrapper that allows you to use a secure RNG as a PRNG
- * in the various other functions.
- */
-#include "mycrypt.h"
-
-#ifdef SPRNG
-
-const struct _prng_descriptor sprng_desc =
-{
-    "sprng", 0,
-    &sprng_start,
-    &sprng_add_entropy,
-    &sprng_ready,
-    &sprng_read,
-    &sprng_done,
-    &sprng_export,
-    &sprng_import,
-    &sprng_test
-};
-
-int sprng_start(prng_state *prng)
-{
-   return CRYPT_OK;  
-}
-
-int sprng_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng)
-{
-   return CRYPT_OK;
-}
-
-int sprng_ready(prng_state *prng)
-{
-   return CRYPT_OK;
-}
-
-unsigned long sprng_read(unsigned char *buf, unsigned long len, prng_state *prng)
-{
-   _ARGCHK(buf != NULL);
-   return rng_get_bytes(buf, len, NULL);
-}
-
-int sprng_done(prng_state *prng)
-{
-   return CRYPT_OK;
-}
-
-int sprng_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
-{
-   _ARGCHK(outlen != NULL);
-
-   *outlen = 0;
-   return CRYPT_OK;
-}
- 
-int sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
-{
-   return CRYPT_OK;
-}
-
-int sprng_test(void)
-{
-   return CRYPT_OK;
-}
-
-#endif
-
-
- 

aes.c → src/ciphers/aes/aes.c

@@ -25,8 +25,12 @@
   * @author Paulo Barreto <[email protected]>
 ---
  */
+/**
+  @file aes.c
+  Implementation of AES
+*/   
 
-#include "mycrypt.h"
+#include "tomcrypt.h"
 
 #ifdef RIJNDAEL
 
@@ -38,7 +42,7 @@
 #define ECB_TEST rijndael_test
 #define ECB_KS   rijndael_keysize
 
-const struct _cipher_descriptor rijndael_desc =
+const struct ltc_cipher_descriptor rijndael_desc =
 {
     "rijndael",
     6,
@@ -46,7 +50,7 @@ const struct _cipher_descriptor rijndael_desc =
     SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_KS
 };
 
-const struct _cipher_descriptor aes_desc =
+const struct ltc_cipher_descriptor aes_desc =
 {
     "aes",
     6,
@@ -60,7 +64,7 @@ const struct _cipher_descriptor aes_desc =
 #define ECB_ENC  rijndael_enc_ecb_encrypt
 #define ECB_KS   rijndael_enc_keysize
 
-const struct _cipher_descriptor rijndael_enc_desc =
+const struct ltc_cipher_descriptor rijndael_enc_desc =
 {
     "rijndael",
     6,
@@ -68,7 +72,7 @@ const struct _cipher_descriptor rijndael_enc_desc =
     SETUP, ECB_ENC, NULL, NULL, ECB_KS
 };
 
-const struct _cipher_descriptor aes_enc_desc =
+const struct ltc_cipher_descriptor aes_enc_desc =
 {
     "aes",
     6,
@@ -89,7 +93,7 @@ static ulong32 setup_mix(ulong32 temp)
 }
 
 #ifndef ENCRYPT_ONLY
-#ifdef SMALL_CODE
+#ifdef LTC_SMALL_CODE
 static ulong32 setup_mix2(ulong32 temp)
 {
    return Td0(255 & Te4[byte(temp, 3)]) ^
@@ -100,21 +104,29 @@ static ulong32 setup_mix2(ulong32 temp)
 #endif
 #endif
 
-int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
+ /**
+    Initialize the AES (Rijndael) block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
+int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
     int i, j;
     ulong32 temp, *rk;
 #ifndef ENCRYPT_ONLY
     ulong32 *rrk;
 #endif    
-    _ARGCHK(key  != NULL);
-    _ARGCHK(skey != NULL);
+    LTC_ARGCHK(key  != NULL);
+    LTC_ARGCHK(skey != NULL);
     
     if (keylen != 16 && keylen != 24 && keylen != 32) {
        return CRYPT_INVALID_KEYSIZE;
     }
     
-    if (rounds != 0 && rounds != (10 + ((keylen/8)-2)*2)) {
+    if (num_rounds != 0 && num_rounds != (10 + ((keylen/8)-2)*2)) {
        return CRYPT_INVALID_ROUNDS;
     }
     
@@ -181,7 +193,7 @@ int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
                 break;
             }
             temp = rk[11];
-            rk[12] = rk[ 4] ^ setup_mix(ROR(temp, 8));
+            rk[12] = rk[ 4] ^ setup_mix(RORc(temp, 8));
             rk[13] = rk[ 5] ^ rk[12];
             rk[14] = rk[ 6] ^ rk[13];
             rk[15] = rk[ 7] ^ rk[14];
@@ -189,7 +201,7 @@ int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
         }
     } else {
        /* this can't happen */
-       j = 4;
+       return CRYPT_ERROR;
     }
 
 #ifndef ENCRYPT_ONLY    
@@ -208,7 +220,7 @@ int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
     for (i = 1; i < skey->rijndael.Nr; i++) {
         rrk -= 4;
         rk  += 4;
-    #ifdef SMALL_CODE        
+    #ifdef LTC_SMALL_CODE        
         temp = rrk[0];
         rk[0] = setup_mix2(temp);
         temp = rrk[1];
@@ -258,7 +270,13 @@ int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
     return CRYPT_OK;   
 }
 
-#ifdef CLEAN_STACK
+/**
+  Encrypts a block of text with AES
+  @param pt The input plaintext (16 bytes)
+  @param ct The output ciphertext (16 bytes)
+  @param skey The key as scheduled
+*/
+#ifdef LTC_CLEAN_STACK
 static void _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) 
 #else
 void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
@@ -267,9 +285,9 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
     ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk;
     int Nr, r;
    
-    _ARGCHK(pt != NULL);
-    _ARGCHK(ct != NULL);
-    _ARGCHK(skey != NULL);
+    LTC_ARGCHK(pt != NULL);
+    LTC_ARGCHK(ct != NULL);
+    LTC_ARGCHK(skey != NULL);
     
     Nr = skey->rijndael.Nr;
     rk = skey->rijndael.eK;
@@ -284,7 +302,7 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
     LOAD32H(s3, pt  + 12); s3 ^= rk[3];
 
 
-#ifdef SMALL_CODE
+#ifdef LTC_SMALL_CODE
 
     for (r = 0; ; r++) {
         rk += 4;
@@ -418,7 +436,7 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
     STORE32H(s3, ct+12);
 }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) 
 {
    _rijndael_ecb_encrypt(pt, ct, skey);
@@ -428,7 +446,13 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 
 #ifndef ENCRYPT_ONLY 
 
-#ifdef CLEAN_STACK
+/**
+  Decrypts a block of text with AES
+  @param ct The input ciphertext (16 bytes)
+  @param pt The output plaintext (16 bytes)
+  @param skey The key as scheduled 
+*/
+#ifdef LTC_CLEAN_STACK
 static void _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) 
 #else
 void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
@@ -437,9 +461,9 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
     ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk;
     int Nr, r;
 
-    _ARGCHK(pt != NULL);
-    _ARGCHK(ct != NULL);
-    _ARGCHK(skey != NULL);
+    LTC_ARGCHK(pt != NULL);
+    LTC_ARGCHK(ct != NULL);
+    LTC_ARGCHK(skey != NULL);
     
     Nr = skey->rijndael.Nr;
     rk = skey->rijndael.dK;
@@ -453,7 +477,7 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
     LOAD32H(s2, ct  +  8); s2 ^= rk[2];
     LOAD32H(s3, ct  + 12); s3 ^= rk[3];
 
-#ifdef SMALL_CODE
+#ifdef LTC_SMALL_CODE
     for (r = 0; ; r++) {
         rk += 4;
         t0 =
@@ -588,7 +612,7 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 }
 
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) 
 {
    _rijndael_ecb_decrypt(ct, pt, skey);
@@ -596,6 +620,10 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 }
 #endif
 
+/**
+  Performs a self-test of the AES block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
 int ECB_TEST(void)
 {
  #ifndef LTC_TEST
@@ -679,20 +707,25 @@ int ECB_TEST(void)
 
 #endif /* ENCRYPT_ONLY */
 
-int ECB_KS(int *desired_keysize)
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int ECB_KS(int *keysize)
 {
-   _ARGCHK(desired_keysize != NULL);
+   LTC_ARGCHK(keysize != NULL);
 
-   if (*desired_keysize < 16)
+   if (*keysize < 16)
       return CRYPT_INVALID_KEYSIZE;
-   if (*desired_keysize < 24) {
-      *desired_keysize = 16;
+   if (*keysize < 24) {
+      *keysize = 16;
       return CRYPT_OK;
-   } else if (*desired_keysize < 32) {
-      *desired_keysize = 24;
+   } else if (*keysize < 32) {
+      *keysize = 24;
       return CRYPT_OK;
    } else {
-      *desired_keysize = 32;
+      *keysize = 32;
       return CRYPT_OK;
    }
 }

aes_tab.c → src/ciphers/aes/aes_tab.c

@@ -23,6 +23,10 @@ Td3[x] = Si[x].[09, 0d, 0b, 0e];
 Td4[x] = Si[x].[01, 01, 01, 01];
 */
 
+/**
+  @file aes_tab.c
+  AES tables
+*/  
 static const ulong32 TE0[256] = {
     0xc66363a5UL, 0xf87c7c84UL, 0xee777799UL, 0xf67b7b8dUL,
     0xfff2f20dUL, 0xd66b6bbdUL, 0xde6f6fb1UL, 0x91c5c554UL,
@@ -295,17 +299,17 @@ static const ulong32 Td4[256] = {
 
 #endif /* ENCRYPT_ONLY */
 
-#ifdef SMALL_CODE
+#ifdef LTC_SMALL_CODE
 
 #define Te0(x) TE0[x]
-#define Te1(x) ROR(TE0[x], 8)
-#define Te2(x) ROR(TE0[x], 16)
-#define Te3(x) ROR(TE0[x], 24)
+#define Te1(x) RORc(TE0[x], 8)
+#define Te2(x) RORc(TE0[x], 16)
+#define Te3(x) RORc(TE0[x], 24)
 
 #define Td0(x) TD0[x]
-#define Td1(x) ROR(TD0[x], 8)
-#define Td2(x) ROR(TD0[x], 16)
-#define Td3(x) ROR(TD0[x], 24)
+#define Td1(x) RORc(TD0[x], 8)
+#define Td2(x) RORc(TD0[x], 16)
+#define Td3(x) RORc(TD0[x], 24)
 
 #define Te4_0 0x000000FF & Te4
 #define Te4_1 0x0000FF00 & Te4

src/ciphers/anubis.c

@@ -0,0 +1,1541 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+  @file anubis.c
+  Anubis implementation derived from public domain source
+  Authors: Paulo S.L.M. Barreto and Vincent Rijmen.
+*/
+
+#include "tomcrypt.h"
+
+#ifdef ANUBIS
+
+const struct ltc_cipher_descriptor anubis_desc = {
+   "anubis",
+   19,
+   16, 40, 16, 12,
+   &anubis_setup,
+   &anubis_ecb_encrypt,
+   &anubis_ecb_decrypt,
+   &anubis_test,
+   &anubis_keysize
+};
+
+#define MIN_N           4 
+#define MAX_N           10 
+#define MIN_ROUNDS      (8 + MIN_N) 
+#define MAX_ROUNDS      (8 + MAX_N) 
+#define MIN_KEYSIZEB    (4*MIN_N) 
+#define MAX_KEYSIZEB    (4*MAX_N) 
+#define BLOCKSIZE       128 
+#define BLOCKSIZEB      (BLOCKSIZE/8) 
+
+
+/*
+ * Though Anubis is endianness-neutral, the encryption tables are listed
+ * in BIG-ENDIAN format, which is adopted throughout this implementation
+ * (but little-endian notation would be equally suitable if consistently
+ * employed).
+ */
+#if defined(ANUBIS_TWEAK)
+
+static const ulong32 T0[256] = {
+    0xba69d2bbU, 0x54a84de5U, 0x2f5ebce2U, 0x74e8cd25U,
+    0x53a651f7U, 0xd3bb6bd0U, 0xd2b96fd6U, 0x4d9a29b3U,
+    0x50a05dfdU, 0xac458acfU, 0x8d070e09U, 0xbf63c6a5U,
+    0x70e0dd3dU, 0x52a455f1U, 0x9a29527bU, 0x4c982db5U,
+    0xeac98f46U, 0xd5b773c4U, 0x97336655U, 0xd1bf63dcU,
+    0x3366ccaaU, 0x51a259fbU, 0x5bb671c7U, 0xa651a2f3U,
+    0xdea15ffeU, 0x48903dadU, 0xa84d9ad7U, 0x992f5e71U,
+    0xdbab4be0U, 0x3264c8acU, 0xb773e695U, 0xfce5d732U,
+    0xe3dbab70U, 0x9e214263U, 0x913f7e41U, 0x9b2b567dU,
+    0xe2d9af76U, 0xbb6bd6bdU, 0x4182199bU, 0x6edca579U,
+    0xa557aef9U, 0xcb8b0b80U, 0x6bd6b167U, 0x95376e59U,
+    0xa15fbee1U, 0xf3fbeb10U, 0xb17ffe81U, 0x0204080cU,
+    0xcc851792U, 0xc49537a2U, 0x1d3a744eU, 0x14285078U,
+    0xc39b2bb0U, 0x63c69157U, 0xdaa94fe6U, 0x5dba69d3U,
+    0x5fbe61dfU, 0xdca557f2U, 0x7dfae913U, 0xcd871394U,
+    0x7ffee11fU, 0x5ab475c1U, 0x6cd8ad75U, 0x5cb86dd5U,
+    0xf7f3fb08U, 0x264c98d4U, 0xffe3db38U, 0xedc79354U,
+    0xe8cd874aU, 0x9d274e69U, 0x6fdea17fU, 0x8e010203U,
+    0x19326456U, 0xa05dbae7U, 0xf0fde71aU, 0x890f1e11U,
+    0x0f1e3c22U, 0x070e1c12U, 0xaf4386c5U, 0xfbebcb20U,
+    0x08102030U, 0x152a547eU, 0x0d1a342eU, 0x04081018U,
+    0x01020406U, 0x64c88d45U, 0xdfa35bf8U, 0x76ecc529U,
+    0x79f2f90bU, 0xdda753f4U, 0x3d7af48eU, 0x162c5874U,
+    0x3f7efc82U, 0x376edcb2U, 0x6ddaa973U, 0x3870e090U,
+    0xb96fdeb1U, 0x73e6d137U, 0xe9cf834cU, 0x356ad4beU,
+    0x55aa49e3U, 0x71e2d93bU, 0x7bf6f107U, 0x8c050a0fU,
+    0x72e4d531U, 0x880d1a17U, 0xf6f1ff0eU, 0x2a54a8fcU,
+    0x3e7cf884U, 0x5ebc65d9U, 0x274e9cd2U, 0x468c0589U,
+    0x0c183028U, 0x65ca8943U, 0x68d0bd6dU, 0x61c2995bU,
+    0x03060c0aU, 0xc19f23bcU, 0x57ae41efU, 0xd6b17fceU,
+    0xd9af43ecU, 0x58b07dcdU, 0xd8ad47eaU, 0x66cc8549U,
+    0xd7b37bc8U, 0x3a74e89cU, 0xc88d078aU, 0x3c78f088U,
+    0xfae9cf26U, 0x96316253U, 0xa753a6f5U, 0x982d5a77U,
+    0xecc59752U, 0xb86ddab7U, 0xc7933ba8U, 0xae4182c3U,
+    0x69d2b96bU, 0x4b9631a7U, 0xab4b96ddU, 0xa94f9ed1U,
+    0x67ce814fU, 0x0a14283cU, 0x478e018fU, 0xf2f9ef16U,
+    0xb577ee99U, 0x224488ccU, 0xe5d7b364U, 0xeec19f5eU,
+    0xbe61c2a3U, 0x2b56acfaU, 0x811f3e21U, 0x1224486cU,
+    0x831b362dU, 0x1b366c5aU, 0x0e1c3824U, 0x23468ccaU,
+    0xf5f7f304U, 0x458a0983U, 0x214284c6U, 0xce811f9eU,
+    0x499239abU, 0x2c58b0e8U, 0xf9efc32cU, 0xe6d1bf6eU,
+    0xb671e293U, 0x2850a0f0U, 0x172e5c72U, 0x8219322bU,
+    0x1a34685cU, 0x8b0b161dU, 0xfee1df3eU, 0x8a09121bU,
+    0x09122436U, 0xc98f038cU, 0x87132635U, 0x4e9c25b9U,
+    0xe1dfa37cU, 0x2e5cb8e4U, 0xe4d5b762U, 0xe0dda77aU,
+    0xebcb8b40U, 0x903d7a47U, 0xa455aaffU, 0x1e3c7844U,
+    0x85172e39U, 0x60c09d5dU, 0x00000000U, 0x254a94deU,
+    0xf4f5f702U, 0xf1ffe31cU, 0x94356a5fU, 0x0b162c3aU,
+    0xe7d3bb68U, 0x75eac923U, 0xefc39b58U, 0x3468d0b8U,
+    0x3162c4a6U, 0xd4b577c2U, 0xd0bd67daU, 0x86112233U,
+    0x7efce519U, 0xad478ec9U, 0xfde7d334U, 0x2952a4f6U,
+    0x3060c0a0U, 0x3b76ec9aU, 0x9f234665U, 0xf8edc72aU,
+    0xc6913faeU, 0x13264c6aU, 0x060c1814U, 0x050a141eU,
+    0xc59733a4U, 0x11224466U, 0x77eec12fU, 0x7cf8ed15U,
+    0x7af4f501U, 0x78f0fd0dU, 0x366cd8b4U, 0x1c387048U,
+    0x3972e496U, 0x59b279cbU, 0x18306050U, 0x56ac45e9U,
+    0xb37bf68dU, 0xb07dfa87U, 0x244890d8U, 0x204080c0U,
+    0xb279f28bU, 0x9239724bU, 0xa35bb6edU, 0xc09d27baU,
+    0x44880d85U, 0x62c49551U, 0x10204060U, 0xb475ea9fU,
+    0x84152a3fU, 0x43861197U, 0x933b764dU, 0xc2992fb6U,
+    0x4a9435a1U, 0xbd67cea9U, 0x8f030605U, 0x2d5ab4eeU,
+    0xbc65caafU, 0x9c254a6fU, 0x6ad4b561U, 0x40801d9dU,
+    0xcf831b98U, 0xa259b2ebU, 0x801d3a27U, 0x4f9e21bfU,
+    0x1f3e7c42U, 0xca890f86U, 0xaa4992dbU, 0x42841591U,
+};
+
+static const ulong32 T1[256] = {
+    0x69babbd2U, 0xa854e54dU, 0x5e2fe2bcU, 0xe87425cdU,
+    0xa653f751U, 0xbbd3d06bU, 0xb9d2d66fU, 0x9a4db329U,
+    0xa050fd5dU, 0x45accf8aU, 0x078d090eU, 0x63bfa5c6U,
+    0xe0703dddU, 0xa452f155U, 0x299a7b52U, 0x984cb52dU,
+    0xc9ea468fU, 0xb7d5c473U, 0x33975566U, 0xbfd1dc63U,
+    0x6633aaccU, 0xa251fb59U, 0xb65bc771U, 0x51a6f3a2U,
+    0xa1defe5fU, 0x9048ad3dU, 0x4da8d79aU, 0x2f99715eU,
+    0xabdbe04bU, 0x6432acc8U, 0x73b795e6U, 0xe5fc32d7U,
+    0xdbe370abU, 0x219e6342U, 0x3f91417eU, 0x2b9b7d56U,
+    0xd9e276afU, 0x6bbbbdd6U, 0x82419b19U, 0xdc6e79a5U,
+    0x57a5f9aeU, 0x8bcb800bU, 0xd66b67b1U, 0x3795596eU,
+    0x5fa1e1beU, 0xfbf310ebU, 0x7fb181feU, 0x04020c08U,
+    0x85cc9217U, 0x95c4a237U, 0x3a1d4e74U, 0x28147850U,
+    0x9bc3b02bU, 0xc6635791U, 0xa9dae64fU, 0xba5dd369U,
+    0xbe5fdf61U, 0xa5dcf257U, 0xfa7d13e9U, 0x87cd9413U,
+    0xfe7f1fe1U, 0xb45ac175U, 0xd86c75adU, 0xb85cd56dU,
+    0xf3f708fbU, 0x4c26d498U, 0xe3ff38dbU, 0xc7ed5493U,
+    0xcde84a87U, 0x279d694eU, 0xde6f7fa1U, 0x018e0302U,
+    0x32195664U, 0x5da0e7baU, 0xfdf01ae7U, 0x0f89111eU,
+    0x1e0f223cU, 0x0e07121cU, 0x43afc586U, 0xebfb20cbU,
+    0x10083020U, 0x2a157e54U, 0x1a0d2e34U, 0x08041810U,
+    0x02010604U, 0xc864458dU, 0xa3dff85bU, 0xec7629c5U,
+    0xf2790bf9U, 0xa7ddf453U, 0x7a3d8ef4U, 0x2c167458U,
+    0x7e3f82fcU, 0x6e37b2dcU, 0xda6d73a9U, 0x703890e0U,
+    0x6fb9b1deU, 0xe67337d1U, 0xcfe94c83U, 0x6a35bed4U,
+    0xaa55e349U, 0xe2713bd9U, 0xf67b07f1U, 0x058c0f0aU,
+    0xe47231d5U, 0x0d88171aU, 0xf1f60effU, 0x542afca8U,
+    0x7c3e84f8U, 0xbc5ed965U, 0x4e27d29cU, 0x8c468905U,
+    0x180c2830U, 0xca654389U, 0xd0686dbdU, 0xc2615b99U,
+    0x06030a0cU, 0x9fc1bc23U, 0xae57ef41U, 0xb1d6ce7fU,
+    0xafd9ec43U, 0xb058cd7dU, 0xadd8ea47U, 0xcc664985U,
+    0xb3d7c87bU, 0x743a9ce8U, 0x8dc88a07U, 0x783c88f0U,
+    0xe9fa26cfU, 0x31965362U, 0x53a7f5a6U, 0x2d98775aU,
+    0xc5ec5297U, 0x6db8b7daU, 0x93c7a83bU, 0x41aec382U,
+    0xd2696bb9U, 0x964ba731U, 0x4babdd96U, 0x4fa9d19eU,
+    0xce674f81U, 0x140a3c28U, 0x8e478f01U, 0xf9f216efU,
+    0x77b599eeU, 0x4422cc88U, 0xd7e564b3U, 0xc1ee5e9fU,
+    0x61bea3c2U, 0x562bfaacU, 0x1f81213eU, 0x24126c48U,
+    0x1b832d36U, 0x361b5a6cU, 0x1c0e2438U, 0x4623ca8cU,
+    0xf7f504f3U, 0x8a458309U, 0x4221c684U, 0x81ce9e1fU,
+    0x9249ab39U, 0x582ce8b0U, 0xeff92cc3U, 0xd1e66ebfU,
+    0x71b693e2U, 0x5028f0a0U, 0x2e17725cU, 0x19822b32U,
+    0x341a5c68U, 0x0b8b1d16U, 0xe1fe3edfU, 0x098a1b12U,
+    0x12093624U, 0x8fc98c03U, 0x13873526U, 0x9c4eb925U,
+    0xdfe17ca3U, 0x5c2ee4b8U, 0xd5e462b7U, 0xdde07aa7U,
+    0xcbeb408bU, 0x3d90477aU, 0x55a4ffaaU, 0x3c1e4478U,
+    0x1785392eU, 0xc0605d9dU, 0x00000000U, 0x4a25de94U,
+    0xf5f402f7U, 0xfff11ce3U, 0x35945f6aU, 0x160b3a2cU,
+    0xd3e768bbU, 0xea7523c9U, 0xc3ef589bU, 0x6834b8d0U,
+    0x6231a6c4U, 0xb5d4c277U, 0xbdd0da67U, 0x11863322U,
+    0xfc7e19e5U, 0x47adc98eU, 0xe7fd34d3U, 0x5229f6a4U,
+    0x6030a0c0U, 0x763b9aecU, 0x239f6546U, 0xedf82ac7U,
+    0x91c6ae3fU, 0x26136a4cU, 0x0c061418U, 0x0a051e14U,
+    0x97c5a433U, 0x22116644U, 0xee772fc1U, 0xf87c15edU,
+    0xf47a01f5U, 0xf0780dfdU, 0x6c36b4d8U, 0x381c4870U,
+    0x723996e4U, 0xb259cb79U, 0x30185060U, 0xac56e945U,
+    0x7bb38df6U, 0x7db087faU, 0x4824d890U, 0x4020c080U,
+    0x79b28bf2U, 0x39924b72U, 0x5ba3edb6U, 0x9dc0ba27U,
+    0x8844850dU, 0xc4625195U, 0x20106040U, 0x75b49feaU,
+    0x15843f2aU, 0x86439711U, 0x3b934d76U, 0x99c2b62fU,
+    0x944aa135U, 0x67bda9ceU, 0x038f0506U, 0x5a2deeb4U,
+    0x65bcafcaU, 0x259c6f4aU, 0xd46a61b5U, 0x80409d1dU,
+    0x83cf981bU, 0x59a2ebb2U, 0x1d80273aU, 0x9e4fbf21U,
+    0x3e1f427cU, 0x89ca860fU, 0x49aadb92U, 0x84429115U,
+};
+
+static const ulong32 T2[256] = {
+    0xd2bbba69U, 0x4de554a8U, 0xbce22f5eU, 0xcd2574e8U,
+    0x51f753a6U, 0x6bd0d3bbU, 0x6fd6d2b9U, 0x29b34d9aU,
+    0x5dfd50a0U, 0x8acfac45U, 0x0e098d07U, 0xc6a5bf63U,
+    0xdd3d70e0U, 0x55f152a4U, 0x527b9a29U, 0x2db54c98U,
+    0x8f46eac9U, 0x73c4d5b7U, 0x66559733U, 0x63dcd1bfU,
+    0xccaa3366U, 0x59fb51a2U, 0x71c75bb6U, 0xa2f3a651U,
+    0x5ffedea1U, 0x3dad4890U, 0x9ad7a84dU, 0x5e71992fU,
+    0x4be0dbabU, 0xc8ac3264U, 0xe695b773U, 0xd732fce5U,
+    0xab70e3dbU, 0x42639e21U, 0x7e41913fU, 0x567d9b2bU,
+    0xaf76e2d9U, 0xd6bdbb6bU, 0x199b4182U, 0xa5796edcU,
+    0xaef9a557U, 0x0b80cb8bU, 0xb1676bd6U, 0x6e599537U,
+    0xbee1a15fU, 0xeb10f3fbU, 0xfe81b17fU, 0x080c0204U,
+    0x1792cc85U, 0x37a2c495U, 0x744e1d3aU, 0x50781428U,
+    0x2bb0c39bU, 0x915763c6U, 0x4fe6daa9U, 0x69d35dbaU,
+    0x61df5fbeU, 0x57f2dca5U, 0xe9137dfaU, 0x1394cd87U,
+    0xe11f7ffeU, 0x75c15ab4U, 0xad756cd8U, 0x6dd55cb8U,
+    0xfb08f7f3U, 0x98d4264cU, 0xdb38ffe3U, 0x9354edc7U,
+    0x874ae8cdU, 0x4e699d27U, 0xa17f6fdeU, 0x02038e01U,
+    0x64561932U, 0xbae7a05dU, 0xe71af0fdU, 0x1e11890fU,
+    0x3c220f1eU, 0x1c12070eU, 0x86c5af43U, 0xcb20fbebU,
+    0x20300810U, 0x547e152aU, 0x342e0d1aU, 0x10180408U,
+    0x04060102U, 0x8d4564c8U, 0x5bf8dfa3U, 0xc52976ecU,
+    0xf90b79f2U, 0x53f4dda7U, 0xf48e3d7aU, 0x5874162cU,
+    0xfc823f7eU, 0xdcb2376eU, 0xa9736ddaU, 0xe0903870U,
+    0xdeb1b96fU, 0xd13773e6U, 0x834ce9cfU, 0xd4be356aU,
+    0x49e355aaU, 0xd93b71e2U, 0xf1077bf6U, 0x0a0f8c05U,
+    0xd53172e4U, 0x1a17880dU, 0xff0ef6f1U, 0xa8fc2a54U,
+    0xf8843e7cU, 0x65d95ebcU, 0x9cd2274eU, 0x0589468cU,
+    0x30280c18U, 0x894365caU, 0xbd6d68d0U, 0x995b61c2U,
+    0x0c0a0306U, 0x23bcc19fU, 0x41ef57aeU, 0x7fced6b1U,
+    0x43ecd9afU, 0x7dcd58b0U, 0x47ead8adU, 0x854966ccU,
+    0x7bc8d7b3U, 0xe89c3a74U, 0x078ac88dU, 0xf0883c78U,
+    0xcf26fae9U, 0x62539631U, 0xa6f5a753U, 0x5a77982dU,
+    0x9752ecc5U, 0xdab7b86dU, 0x3ba8c793U, 0x82c3ae41U,
+    0xb96b69d2U, 0x31a74b96U, 0x96ddab4bU, 0x9ed1a94fU,
+    0x814f67ceU, 0x283c0a14U, 0x018f478eU, 0xef16f2f9U,
+    0xee99b577U, 0x88cc2244U, 0xb364e5d7U, 0x9f5eeec1U,
+    0xc2a3be61U, 0xacfa2b56U, 0x3e21811fU, 0x486c1224U,
+    0x362d831bU, 0x6c5a1b36U, 0x38240e1cU, 0x8cca2346U,
+    0xf304f5f7U, 0x0983458aU, 0x84c62142U, 0x1f9ece81U,
+    0x39ab4992U, 0xb0e82c58U, 0xc32cf9efU, 0xbf6ee6d1U,
+    0xe293b671U, 0xa0f02850U, 0x5c72172eU, 0x322b8219U,
+    0x685c1a34U, 0x161d8b0bU, 0xdf3efee1U, 0x121b8a09U,
+    0x24360912U, 0x038cc98fU, 0x26358713U, 0x25b94e9cU,
+    0xa37ce1dfU, 0xb8e42e5cU, 0xb762e4d5U, 0xa77ae0ddU,
+    0x8b40ebcbU, 0x7a47903dU, 0xaaffa455U, 0x78441e3cU,
+    0x2e398517U, 0x9d5d60c0U, 0x00000000U, 0x94de254aU,
+    0xf702f4f5U, 0xe31cf1ffU, 0x6a5f9435U, 0x2c3a0b16U,
+    0xbb68e7d3U, 0xc92375eaU, 0x9b58efc3U, 0xd0b83468U,
+    0xc4a63162U, 0x77c2d4b5U, 0x67dad0bdU, 0x22338611U,
+    0xe5197efcU, 0x8ec9ad47U, 0xd334fde7U, 0xa4f62952U,
+    0xc0a03060U, 0xec9a3b76U, 0x46659f23U, 0xc72af8edU,
+    0x3faec691U, 0x4c6a1326U, 0x1814060cU, 0x141e050aU,
+    0x33a4c597U, 0x44661122U, 0xc12f77eeU, 0xed157cf8U,
+    0xf5017af4U, 0xfd0d78f0U, 0xd8b4366cU, 0x70481c38U,
+    0xe4963972U, 0x79cb59b2U, 0x60501830U, 0x45e956acU,
+    0xf68db37bU, 0xfa87b07dU, 0x90d82448U, 0x80c02040U,
+    0xf28bb279U, 0x724b9239U, 0xb6eda35bU, 0x27bac09dU,
+    0x0d854488U, 0x955162c4U, 0x40601020U, 0xea9fb475U,
+    0x2a3f8415U, 0x11974386U, 0x764d933bU, 0x2fb6c299U,
+    0x35a14a94U, 0xcea9bd67U, 0x06058f03U, 0xb4ee2d5aU,
+    0xcaafbc65U, 0x4a6f9c25U, 0xb5616ad4U, 0x1d9d4080U,
+    0x1b98cf83U, 0xb2eba259U, 0x3a27801dU, 0x21bf4f9eU,
+    0x7c421f3eU, 0x0f86ca89U, 0x92dbaa49U, 0x15914284U,
+};
+
+static const ulong32 T3[256] = {
+    0xbbd269baU, 0xe54da854U, 0xe2bc5e2fU, 0x25cde874U,
+    0xf751a653U, 0xd06bbbd3U, 0xd66fb9d2U, 0xb3299a4dU,
+    0xfd5da050U, 0xcf8a45acU, 0x090e078dU, 0xa5c663bfU,
+    0x3ddde070U, 0xf155a452U, 0x7b52299aU, 0xb52d984cU,
+    0x468fc9eaU, 0xc473b7d5U, 0x55663397U, 0xdc63bfd1U,
+    0xaacc6633U, 0xfb59a251U, 0xc771b65bU, 0xf3a251a6U,
+    0xfe5fa1deU, 0xad3d9048U, 0xd79a4da8U, 0x715e2f99U,
+    0xe04babdbU, 0xacc86432U, 0x95e673b7U, 0x32d7e5fcU,
+    0x70abdbe3U, 0x6342219eU, 0x417e3f91U, 0x7d562b9bU,
+    0x76afd9e2U, 0xbdd66bbbU, 0x9b198241U, 0x79a5dc6eU,
+    0xf9ae57a5U, 0x800b8bcbU, 0x67b1d66bU, 0x596e3795U,
+    0xe1be5fa1U, 0x10ebfbf3U, 0x81fe7fb1U, 0x0c080402U,
+    0x921785ccU, 0xa23795c4U, 0x4e743a1dU, 0x78502814U,
+    0xb02b9bc3U, 0x5791c663U, 0xe64fa9daU, 0xd369ba5dU,
+    0xdf61be5fU, 0xf257a5dcU, 0x13e9fa7dU, 0x941387cdU,
+    0x1fe1fe7fU, 0xc175b45aU, 0x75add86cU, 0xd56db85cU,
+    0x08fbf3f7U, 0xd4984c26U, 0x38dbe3ffU, 0x5493c7edU,
+    0x4a87cde8U, 0x694e279dU, 0x7fa1de6fU, 0x0302018eU,
+    0x56643219U, 0xe7ba5da0U, 0x1ae7fdf0U, 0x111e0f89U,
+    0x223c1e0fU, 0x121c0e07U, 0xc58643afU, 0x20cbebfbU,
+    0x30201008U, 0x7e542a15U, 0x2e341a0dU, 0x18100804U,
+    0x06040201U, 0x458dc864U, 0xf85ba3dfU, 0x29c5ec76U,
+    0x0bf9f279U, 0xf453a7ddU, 0x8ef47a3dU, 0x74582c16U,
+    0x82fc7e3fU, 0xb2dc6e37U, 0x73a9da6dU, 0x90e07038U,
+    0xb1de6fb9U, 0x37d1e673U, 0x4c83cfe9U, 0xbed46a35U,
+    0xe349aa55U, 0x3bd9e271U, 0x07f1f67bU, 0x0f0a058cU,
+    0x31d5e472U, 0x171a0d88U, 0x0efff1f6U, 0xfca8542aU,
+    0x84f87c3eU, 0xd965bc5eU, 0xd29c4e27U, 0x89058c46U,
+    0x2830180cU, 0x4389ca65U, 0x6dbdd068U, 0x5b99c261U,
+    0x0a0c0603U, 0xbc239fc1U, 0xef41ae57U, 0xce7fb1d6U,
+    0xec43afd9U, 0xcd7db058U, 0xea47add8U, 0x4985cc66U,
+    0xc87bb3d7U, 0x9ce8743aU, 0x8a078dc8U, 0x88f0783cU,
+    0x26cfe9faU, 0x53623196U, 0xf5a653a7U, 0x775a2d98U,
+    0x5297c5ecU, 0xb7da6db8U, 0xa83b93c7U, 0xc38241aeU,
+    0x6bb9d269U, 0xa731964bU, 0xdd964babU, 0xd19e4fa9U,
+    0x4f81ce67U, 0x3c28140aU, 0x8f018e47U, 0x16eff9f2U,
+    0x99ee77b5U, 0xcc884422U, 0x64b3d7e5U, 0x5e9fc1eeU,
+    0xa3c261beU, 0xfaac562bU, 0x213e1f81U, 0x6c482412U,
+    0x2d361b83U, 0x5a6c361bU, 0x24381c0eU, 0xca8c4623U,
+    0x04f3f7f5U, 0x83098a45U, 0xc6844221U, 0x9e1f81ceU,
+    0xab399249U, 0xe8b0582cU, 0x2cc3eff9U, 0x6ebfd1e6U,
+    0x93e271b6U, 0xf0a05028U, 0x725c2e17U, 0x2b321982U,
+    0x5c68341aU, 0x1d160b8bU, 0x3edfe1feU, 0x1b12098aU,
+    0x36241209U, 0x8c038fc9U, 0x35261387U, 0xb9259c4eU,
+    0x7ca3dfe1U, 0xe4b85c2eU, 0x62b7d5e4U, 0x7aa7dde0U,
+    0x408bcbebU, 0x477a3d90U, 0xffaa55a4U, 0x44783c1eU,
+    0x392e1785U, 0x5d9dc060U, 0x00000000U, 0xde944a25U,
+    0x02f7f5f4U, 0x1ce3fff1U, 0x5f6a3594U, 0x3a2c160bU,
+    0x68bbd3e7U, 0x23c9ea75U, 0x589bc3efU, 0xb8d06834U,
+    0xa6c46231U, 0xc277b5d4U, 0xda67bdd0U, 0x33221186U,
+    0x19e5fc7eU, 0xc98e47adU, 0x34d3e7fdU, 0xf6a45229U,
+    0xa0c06030U, 0x9aec763bU, 0x6546239fU, 0x2ac7edf8U,
+    0xae3f91c6U, 0x6a4c2613U, 0x14180c06U, 0x1e140a05U,
+    0xa43397c5U, 0x66442211U, 0x2fc1ee77U, 0x15edf87cU,
+    0x01f5f47aU, 0x0dfdf078U, 0xb4d86c36U, 0x4870381cU,
+    0x96e47239U, 0xcb79b259U, 0x50603018U, 0xe945ac56U,
+    0x8df67bb3U, 0x87fa7db0U, 0xd8904824U, 0xc0804020U,
+    0x8bf279b2U, 0x4b723992U, 0xedb65ba3U, 0xba279dc0U,
+    0x850d8844U, 0x5195c462U, 0x60402010U, 0x9fea75b4U,
+    0x3f2a1584U, 0x97118643U, 0x4d763b93U, 0xb62f99c2U,
+    0xa135944aU, 0xa9ce67bdU, 0x0506038fU, 0xeeb45a2dU,
+    0xafca65bcU, 0x6f4a259cU, 0x61b5d46aU, 0x9d1d8040U,
+    0x981b83cfU, 0xebb259a2U, 0x273a1d80U, 0xbf219e4fU,
+    0x427c3e1fU, 0x860f89caU, 0xdb9249aaU, 0x91158442U,
+};
+
+static const ulong32 T4[256] = {
+    0xbabababaU, 0x54545454U, 0x2f2f2f2fU, 0x74747474U,
+    0x53535353U, 0xd3d3d3d3U, 0xd2d2d2d2U, 0x4d4d4d4dU,
+    0x50505050U, 0xacacacacU, 0x8d8d8d8dU, 0xbfbfbfbfU,
+    0x70707070U, 0x52525252U, 0x9a9a9a9aU, 0x4c4c4c4cU,
+    0xeaeaeaeaU, 0xd5d5d5d5U, 0x97979797U, 0xd1d1d1d1U,
+    0x33333333U, 0x51515151U, 0x5b5b5b5bU, 0xa6a6a6a6U,
+    0xdedededeU, 0x48484848U, 0xa8a8a8a8U, 0x99999999U,
+    0xdbdbdbdbU, 0x32323232U, 0xb7b7b7b7U, 0xfcfcfcfcU,
+    0xe3e3e3e3U, 0x9e9e9e9eU, 0x91919191U, 0x9b9b9b9bU,
+    0xe2e2e2e2U, 0xbbbbbbbbU, 0x41414141U, 0x6e6e6e6eU,
+    0xa5a5a5a5U, 0xcbcbcbcbU, 0x6b6b6b6bU, 0x95959595U,
+    0xa1a1a1a1U, 0xf3f3f3f3U, 0xb1b1b1b1U, 0x02020202U,
+    0xccccccccU, 0xc4c4c4c4U, 0x1d1d1d1dU, 0x14141414U,
+    0xc3c3c3c3U, 0x63636363U, 0xdadadadaU, 0x5d5d5d5dU,
+    0x5f5f5f5fU, 0xdcdcdcdcU, 0x7d7d7d7dU, 0xcdcdcdcdU,
+    0x7f7f7f7fU, 0x5a5a5a5aU, 0x6c6c6c6cU, 0x5c5c5c5cU,
+    0xf7f7f7f7U, 0x26262626U, 0xffffffffU, 0xededededU,
+    0xe8e8e8e8U, 0x9d9d9d9dU, 0x6f6f6f6fU, 0x8e8e8e8eU,
+    0x19191919U, 0xa0a0a0a0U, 0xf0f0f0f0U, 0x89898989U,
+    0x0f0f0f0fU, 0x07070707U, 0xafafafafU, 0xfbfbfbfbU,
+    0x08080808U, 0x15151515U, 0x0d0d0d0dU, 0x04040404U,
+    0x01010101U, 0x64646464U, 0xdfdfdfdfU, 0x76767676U,
+    0x79797979U, 0xddddddddU, 0x3d3d3d3dU, 0x16161616U,
+    0x3f3f3f3fU, 0x37373737U, 0x6d6d6d6dU, 0x38383838U,
+    0xb9b9b9b9U, 0x73737373U, 0xe9e9e9e9U, 0x35353535U,
+    0x55555555U, 0x71717171U, 0x7b7b7b7bU, 0x8c8c8c8cU,
+    0x72727272U, 0x88888888U, 0xf6f6f6f6U, 0x2a2a2a2aU,
+    0x3e3e3e3eU, 0x5e5e5e5eU, 0x27272727U, 0x46464646U,
+    0x0c0c0c0cU, 0x65656565U, 0x68686868U, 0x61616161U,
+    0x03030303U, 0xc1c1c1c1U, 0x57575757U, 0xd6d6d6d6U,
+    0xd9d9d9d9U, 0x58585858U, 0xd8d8d8d8U, 0x66666666U,
+    0xd7d7d7d7U, 0x3a3a3a3aU, 0xc8c8c8c8U, 0x3c3c3c3cU,
+    0xfafafafaU, 0x96969696U, 0xa7a7a7a7U, 0x98989898U,
+    0xececececU, 0xb8b8b8b8U, 0xc7c7c7c7U, 0xaeaeaeaeU,
+    0x69696969U, 0x4b4b4b4bU, 0xababababU, 0xa9a9a9a9U,
+    0x67676767U, 0x0a0a0a0aU, 0x47474747U, 0xf2f2f2f2U,
+    0xb5b5b5b5U, 0x22222222U, 0xe5e5e5e5U, 0xeeeeeeeeU,
+    0xbebebebeU, 0x2b2b2b2bU, 0x81818181U, 0x12121212U,
+    0x83838383U, 0x1b1b1b1bU, 0x0e0e0e0eU, 0x23232323U,
+    0xf5f5f5f5U, 0x45454545U, 0x21212121U, 0xcecececeU,
+    0x49494949U, 0x2c2c2c2cU, 0xf9f9f9f9U, 0xe6e6e6e6U,
+    0xb6b6b6b6U, 0x28282828U, 0x17171717U, 0x82828282U,
+    0x1a1a1a1aU, 0x8b8b8b8bU, 0xfefefefeU, 0x8a8a8a8aU,
+    0x09090909U, 0xc9c9c9c9U, 0x87878787U, 0x4e4e4e4eU,
+    0xe1e1e1e1U, 0x2e2e2e2eU, 0xe4e4e4e4U, 0xe0e0e0e0U,
+    0xebebebebU, 0x90909090U, 0xa4a4a4a4U, 0x1e1e1e1eU,
+    0x85858585U, 0x60606060U, 0x00000000U, 0x25252525U,
+    0xf4f4f4f4U, 0xf1f1f1f1U, 0x94949494U, 0x0b0b0b0bU,
+    0xe7e7e7e7U, 0x75757575U, 0xefefefefU, 0x34343434U,
+    0x31313131U, 0xd4d4d4d4U, 0xd0d0d0d0U, 0x86868686U,
+    0x7e7e7e7eU, 0xadadadadU, 0xfdfdfdfdU, 0x29292929U,
+    0x30303030U, 0x3b3b3b3bU, 0x9f9f9f9fU, 0xf8f8f8f8U,
+    0xc6c6c6c6U, 0x13131313U, 0x06060606U, 0x05050505U,
+    0xc5c5c5c5U, 0x11111111U, 0x77777777U, 0x7c7c7c7cU,
+    0x7a7a7a7aU, 0x78787878U, 0x36363636U, 0x1c1c1c1cU,
+    0x39393939U, 0x59595959U, 0x18181818U, 0x56565656U,
+    0xb3b3b3b3U, 0xb0b0b0b0U, 0x24242424U, 0x20202020U,
+    0xb2b2b2b2U, 0x92929292U, 0xa3a3a3a3U, 0xc0c0c0c0U,
+    0x44444444U, 0x62626262U, 0x10101010U, 0xb4b4b4b4U,
+    0x84848484U, 0x43434343U, 0x93939393U, 0xc2c2c2c2U,
+    0x4a4a4a4aU, 0xbdbdbdbdU, 0x8f8f8f8fU, 0x2d2d2d2dU,
+    0xbcbcbcbcU, 0x9c9c9c9cU, 0x6a6a6a6aU, 0x40404040U,
+    0xcfcfcfcfU, 0xa2a2a2a2U, 0x80808080U, 0x4f4f4f4fU,
+    0x1f1f1f1fU, 0xcacacacaU, 0xaaaaaaaaU, 0x42424242U,
+};
+
+static const ulong32 T5[256] = {
+    0x00000000U, 0x01020608U, 0x02040c10U, 0x03060a18U,
+    0x04081820U, 0x050a1e28U, 0x060c1430U, 0x070e1238U,
+    0x08103040U, 0x09123648U, 0x0a143c50U, 0x0b163a58U,
+    0x0c182860U, 0x0d1a2e68U, 0x0e1c2470U, 0x0f1e2278U,
+    0x10206080U, 0x11226688U, 0x12246c90U, 0x13266a98U,
+    0x142878a0U, 0x152a7ea8U, 0x162c74b0U, 0x172e72b8U,
+    0x183050c0U, 0x193256c8U, 0x1a345cd0U, 0x1b365ad8U,
+    0x1c3848e0U, 0x1d3a4ee8U, 0x1e3c44f0U, 0x1f3e42f8U,
+    0x2040c01dU, 0x2142c615U, 0x2244cc0dU, 0x2346ca05U,
+    0x2448d83dU, 0x254ade35U, 0x264cd42dU, 0x274ed225U,
+    0x2850f05dU, 0x2952f655U, 0x2a54fc4dU, 0x2b56fa45U,
+    0x2c58e87dU, 0x2d5aee75U, 0x2e5ce46dU, 0x2f5ee265U,
+    0x3060a09dU, 0x3162a695U, 0x3264ac8dU, 0x3366aa85U,
+    0x3468b8bdU, 0x356abeb5U, 0x366cb4adU, 0x376eb2a5U,
+    0x387090ddU, 0x397296d5U, 0x3a749ccdU, 0x3b769ac5U,
+    0x3c7888fdU, 0x3d7a8ef5U, 0x3e7c84edU, 0x3f7e82e5U,
+    0x40809d3aU, 0x41829b32U, 0x4284912aU, 0x43869722U,
+    0x4488851aU, 0x458a8312U, 0x468c890aU, 0x478e8f02U,
+    0x4890ad7aU, 0x4992ab72U, 0x4a94a16aU, 0x4b96a762U,
+    0x4c98b55aU, 0x4d9ab352U, 0x4e9cb94aU, 0x4f9ebf42U,
+    0x50a0fdbaU, 0x51a2fbb2U, 0x52a4f1aaU, 0x53a6f7a2U,
+    0x54a8e59aU, 0x55aae392U, 0x56ace98aU, 0x57aeef82U,
+    0x58b0cdfaU, 0x59b2cbf2U, 0x5ab4c1eaU, 0x5bb6c7e2U,
+    0x5cb8d5daU, 0x5dbad3d2U, 0x5ebcd9caU, 0x5fbedfc2U,
+    0x60c05d27U, 0x61c25b2fU, 0x62c45137U, 0x63c6573fU,
+    0x64c84507U, 0x65ca430fU, 0x66cc4917U, 0x67ce4f1fU,
+    0x68d06d67U, 0x69d26b6fU, 0x6ad46177U, 0x6bd6677fU,
+    0x6cd87547U, 0x6dda734fU, 0x6edc7957U, 0x6fde7f5fU,
+    0x70e03da7U, 0x71e23bafU, 0x72e431b7U, 0x73e637bfU,
+    0x74e82587U, 0x75ea238fU, 0x76ec2997U, 0x77ee2f9fU,
+    0x78f00de7U, 0x79f20befU, 0x7af401f7U, 0x7bf607ffU,
+    0x7cf815c7U, 0x7dfa13cfU, 0x7efc19d7U, 0x7ffe1fdfU,
+    0x801d2774U, 0x811f217cU, 0x82192b64U, 0x831b2d6cU,
+    0x84153f54U, 0x8517395cU, 0x86113344U, 0x8713354cU,
+    0x880d1734U, 0x890f113cU, 0x8a091b24U, 0x8b0b1d2cU,
+    0x8c050f14U, 0x8d07091cU, 0x8e010304U, 0x8f03050cU,
+    0x903d47f4U, 0x913f41fcU, 0x92394be4U, 0x933b4decU,
+    0x94355fd4U, 0x953759dcU, 0x963153c4U, 0x973355ccU,
+    0x982d77b4U, 0x992f71bcU, 0x9a297ba4U, 0x9b2b7dacU,
+    0x9c256f94U, 0x9d27699cU, 0x9e216384U, 0x9f23658cU,
+    0xa05de769U, 0xa15fe161U, 0xa259eb79U, 0xa35bed71U,
+    0xa455ff49U, 0xa557f941U, 0xa651f359U, 0xa753f551U,
+    0xa84dd729U, 0xa94fd121U, 0xaa49db39U, 0xab4bdd31U,
+    0xac45cf09U, 0xad47c901U, 0xae41c319U, 0xaf43c511U,
+    0xb07d87e9U, 0xb17f81e1U, 0xb2798bf9U, 0xb37b8df1U,
+    0xb4759fc9U, 0xb57799c1U, 0xb67193d9U, 0xb77395d1U,
+    0xb86db7a9U, 0xb96fb1a1U, 0xba69bbb9U, 0xbb6bbdb1U,
+    0xbc65af89U, 0xbd67a981U, 0xbe61a399U, 0xbf63a591U,
+    0xc09dba4eU, 0xc19fbc46U, 0xc299b65eU, 0xc39bb056U,
+    0xc495a26eU, 0xc597a466U, 0xc691ae7eU, 0xc793a876U,
+    0xc88d8a0eU, 0xc98f8c06U, 0xca89861eU, 0xcb8b8016U,
+    0xcc85922eU, 0xcd879426U, 0xce819e3eU, 0xcf839836U,
+    0xd0bddaceU, 0xd1bfdcc6U, 0xd2b9d6deU, 0xd3bbd0d6U,
+    0xd4b5c2eeU, 0xd5b7c4e6U, 0xd6b1cefeU, 0xd7b3c8f6U,
+    0xd8adea8eU, 0xd9afec86U, 0xdaa9e69eU, 0xdbabe096U,
+    0xdca5f2aeU, 0xdda7f4a6U, 0xdea1febeU, 0xdfa3f8b6U,
+    0xe0dd7a53U, 0xe1df7c5bU, 0xe2d97643U, 0xe3db704bU,
+    0xe4d56273U, 0xe5d7647bU, 0xe6d16e63U, 0xe7d3686bU,
+    0xe8cd4a13U, 0xe9cf4c1bU, 0xeac94603U, 0xebcb400bU,
+    0xecc55233U, 0xedc7543bU, 0xeec15e23U, 0xefc3582bU,
+    0xf0fd1ad3U, 0xf1ff1cdbU, 0xf2f916c3U, 0xf3fb10cbU,
+    0xf4f502f3U, 0xf5f704fbU, 0xf6f10ee3U, 0xf7f308ebU,
+    0xf8ed2a93U, 0xf9ef2c9bU, 0xfae92683U, 0xfbeb208bU,
+    0xfce532b3U, 0xfde734bbU, 0xfee13ea3U, 0xffe338abU,
+};
+
+/**
+ * The round constants.
+ */
+static const ulong32 rc[] = {
+    0xba542f74U, 0x53d3d24dU, 0x50ac8dbfU, 0x70529a4cU,
+    0xead597d1U, 0x33515ba6U, 0xde48a899U, 0xdb32b7fcU,
+    0xe39e919bU, 0xe2bb416eU, 0xa5cb6b95U, 0xa1f3b102U,
+    0xccc41d14U, 0xc363da5dU, 0x5fdc7dcdU, 0x7f5a6c5cU,
+    0xf726ffedU, 0xe89d6f8eU, 0x19a0f089U,
+};
+
+
+
+#else
+
+
+static const ulong32 T0[256] = {
+    0xa753a6f5U, 0xd3bb6bd0U, 0xe6d1bf6eU, 0x71e2d93bU,
+    0xd0bd67daU, 0xac458acfU, 0x4d9a29b3U, 0x79f2f90bU,
+    0x3a74e89cU, 0xc98f038cU, 0x913f7e41U, 0xfce5d732U,
+    0x1e3c7844U, 0x478e018fU, 0x54a84de5U, 0xbd67cea9U,
+    0x8c050a0fU, 0xa557aef9U, 0x7af4f501U, 0xfbebcb20U,
+    0x63c69157U, 0xb86ddab7U, 0xdda753f4U, 0xd4b577c2U,
+    0xe5d7b364U, 0xb37bf68dU, 0xc59733a4U, 0xbe61c2a3U,
+    0xa94f9ed1U, 0x880d1a17U, 0x0c183028U, 0xa259b2ebU,
+    0x3972e496U, 0xdfa35bf8U, 0x2952a4f6U, 0xdaa94fe6U,
+    0x2b56acfaU, 0xa84d9ad7U, 0xcb8b0b80U, 0x4c982db5U,
+    0x4b9631a7U, 0x224488ccU, 0xaa4992dbU, 0x244890d8U,
+    0x4182199bU, 0x70e0dd3dU, 0xa651a2f3U, 0xf9efc32cU,
+    0x5ab475c1U, 0xe2d9af76U, 0xb07dfa87U, 0x366cd8b4U,
+    0x7dfae913U, 0xe4d5b762U, 0x3366ccaaU, 0xffe3db38U,
+    0x60c09d5dU, 0x204080c0U, 0x08102030U, 0x8b0b161dU,
+    0x5ebc65d9U, 0xab4b96ddU, 0x7ffee11fU, 0x78f0fd0dU,
+    0x7cf8ed15U, 0x2c58b0e8U, 0x57ae41efU, 0xd2b96fd6U,
+    0xdca557f2U, 0x6ddaa973U, 0x7efce519U, 0x0d1a342eU,
+    0x53a651f7U, 0x94356a5fU, 0xc39b2bb0U, 0x2850a0f0U,
+    0x274e9cd2U, 0x060c1814U, 0x5fbe61dfU, 0xad478ec9U,
+    0x67ce814fU, 0x5cb86dd5U, 0x55aa49e3U, 0x48903dadU,
+    0x0e1c3824U, 0x52a455f1U, 0xeac98f46U, 0x42841591U,
+    0x5bb671c7U, 0x5dba69d3U, 0x3060c0a0U, 0x58b07dcdU,
+    0x51a259fbU, 0x59b279cbU, 0x3c78f088U, 0x4e9c25b9U,
+    0x3870e090U, 0x8a09121bU, 0x72e4d531U, 0x14285078U,
+    0xe7d3bb68U, 0xc6913faeU, 0xdea15ffeU, 0x50a05dfdU,
+    0x8e010203U, 0x9239724bU, 0xd1bf63dcU, 0x77eec12fU,
+    0x933b764dU, 0x458a0983U, 0x9a29527bU, 0xce811f9eU,
+    0x2d5ab4eeU, 0x03060c0aU, 0x62c49551U, 0xb671e293U,
+    0xb96fdeb1U, 0xbf63c6a5U, 0x96316253U, 0x6bd6b167U,
+    0x3f7efc82U, 0x070e1c12U, 0x1224486cU, 0xae4182c3U,
+    0x40801d9dU, 0x3468d0b8U, 0x468c0589U, 0x3e7cf884U,
+    0xdbab4be0U, 0xcf831b98U, 0xecc59752U, 0xcc851792U,
+    0xc19f23bcU, 0xa15fbee1U, 0xc09d27baU, 0xd6b17fceU,
+    0x1d3a744eU, 0xf4f5f702U, 0x61c2995bU, 0x3b76ec9aU,
+    0x10204060U, 0xd8ad47eaU, 0x68d0bd6dU, 0xa05dbae7U,
+    0xb17ffe81U, 0x0a14283cU, 0x69d2b96bU, 0x6cd8ad75U,
+    0x499239abU, 0xfae9cf26U, 0x76ecc529U, 0xc49537a2U,
+    0x9e214263U, 0x9b2b567dU, 0x6edca579U, 0x992f5e71U,
+    0xc2992fb6U, 0xb773e695U, 0x982d5a77U, 0xbc65caafU,
+    0x8f030605U, 0x85172e39U, 0x1f3e7c42U, 0xb475ea9fU,
+    0xf8edc72aU, 0x11224466U, 0x2e5cb8e4U, 0x00000000U,
+    0x254a94deU, 0x1c387048U, 0x2a54a8fcU, 0x3d7af48eU,
+    0x050a141eU, 0x4f9e21bfU, 0x7bf6f107U, 0xb279f28bU,
+    0x3264c8acU, 0x903d7a47U, 0xaf4386c5U, 0x19326456U,
+    0xa35bb6edU, 0xf7f3fb08U, 0x73e6d137U, 0x9d274e69U,
+    0x152a547eU, 0x74e8cd25U, 0xeec19f5eU, 0xca890f86U,
+    0x9f234665U, 0x0f1e3c22U, 0x1b366c5aU, 0x75eac923U,
+    0x86112233U, 0x84152a3fU, 0x9c254a6fU, 0x4a9435a1U,
+    0x97336655U, 0x1a34685cU, 0x65ca8943U, 0xf6f1ff0eU,
+    0xedc79354U, 0x09122436U, 0xbb6bd6bdU, 0x264c98d4U,
+    0x831b362dU, 0xebcb8b40U, 0x6fdea17fU, 0x811f3e21U,
+    0x04081018U, 0x6ad4b561U, 0x43861197U, 0x01020406U,
+    0x172e5c72U, 0xe1dfa37cU, 0x87132635U, 0xf5f7f304U,
+    0x8d070e09U, 0xe3dbab70U, 0x23468ccaU, 0x801d3a27U,
+    0x44880d85U, 0x162c5874U, 0x66cc8549U, 0x214284c6U,
+    0xfee1df3eU, 0xd5b773c4U, 0x3162c4a6U, 0xd9af43ecU,
+    0x356ad4beU, 0x18306050U, 0x0204080cU, 0x64c88d45U,
+    0xf2f9ef16U, 0xf1ffe31cU, 0x56ac45e9U, 0xcd871394U,
+    0x8219322bU, 0xc88d078aU, 0xba69d2bbU, 0xf0fde71aU,
+    0xefc39b58U, 0xe9cf834cU, 0xe8cd874aU, 0xfde7d334U,
+    0x890f1e11U, 0xd7b37bc8U, 0xc7933ba8U, 0xb577ee99U,
+    0xa455aaffU, 0x2f5ebce2U, 0x95376e59U, 0x13264c6aU,
+    0x0b162c3aU, 0xf3fbeb10U, 0xe0dda77aU, 0x376edcb2U,
+};
+
+static const ulong32 T1[256] = {
+    0x53a7f5a6U, 0xbbd3d06bU, 0xd1e66ebfU, 0xe2713bd9U,
+    0xbdd0da67U, 0x45accf8aU, 0x9a4db329U, 0xf2790bf9U,
+    0x743a9ce8U, 0x8fc98c03U, 0x3f91417eU, 0xe5fc32d7U,
+    0x3c1e4478U, 0x8e478f01U, 0xa854e54dU, 0x67bda9ceU,
+    0x058c0f0aU, 0x57a5f9aeU, 0xf47a01f5U, 0xebfb20cbU,
+    0xc6635791U, 0x6db8b7daU, 0xa7ddf453U, 0xb5d4c277U,
+    0xd7e564b3U, 0x7bb38df6U, 0x97c5a433U, 0x61bea3c2U,
+    0x4fa9d19eU, 0x0d88171aU, 0x180c2830U, 0x59a2ebb2U,
+    0x723996e4U, 0xa3dff85bU, 0x5229f6a4U, 0xa9dae64fU,
+    0x562bfaacU, 0x4da8d79aU, 0x8bcb800bU, 0x984cb52dU,
+    0x964ba731U, 0x4422cc88U, 0x49aadb92U, 0x4824d890U,
+    0x82419b19U, 0xe0703dddU, 0x51a6f3a2U, 0xeff92cc3U,
+    0xb45ac175U, 0xd9e276afU, 0x7db087faU, 0x6c36b4d8U,
+    0xfa7d13e9U, 0xd5e462b7U, 0x6633aaccU, 0xe3ff38dbU,
+    0xc0605d9dU, 0x4020c080U, 0x10083020U, 0x0b8b1d16U,
+    0xbc5ed965U, 0x4babdd96U, 0xfe7f1fe1U, 0xf0780dfdU,
+    0xf87c15edU, 0x582ce8b0U, 0xae57ef41U, 0xb9d2d66fU,
+    0xa5dcf257U, 0xda6d73a9U, 0xfc7e19e5U, 0x1a0d2e34U,
+    0xa653f751U, 0x35945f6aU, 0x9bc3b02bU, 0x5028f0a0U,
+    0x4e27d29cU, 0x0c061418U, 0xbe5fdf61U, 0x47adc98eU,
+    0xce674f81U, 0xb85cd56dU, 0xaa55e349U, 0x9048ad3dU,
+    0x1c0e2438U, 0xa452f155U, 0xc9ea468fU, 0x84429115U,
+    0xb65bc771U, 0xba5dd369U, 0x6030a0c0U, 0xb058cd7dU,
+    0xa251fb59U, 0xb259cb79U, 0x783c88f0U, 0x9c4eb925U,
+    0x703890e0U, 0x098a1b12U, 0xe47231d5U, 0x28147850U,
+    0xd3e768bbU, 0x91c6ae3fU, 0xa1defe5fU, 0xa050fd5dU,
+    0x018e0302U, 0x39924b72U, 0xbfd1dc63U, 0xee772fc1U,
+    0x3b934d76U, 0x8a458309U, 0x299a7b52U, 0x81ce9e1fU,
+    0x5a2deeb4U, 0x06030a0cU, 0xc4625195U, 0x71b693e2U,
+    0x6fb9b1deU, 0x63bfa5c6U, 0x31965362U, 0xd66b67b1U,
+    0x7e3f82fcU, 0x0e07121cU, 0x24126c48U, 0x41aec382U,
+    0x80409d1dU, 0x6834b8d0U, 0x8c468905U, 0x7c3e84f8U,
+    0xabdbe04bU, 0x83cf981bU, 0xc5ec5297U, 0x85cc9217U,
+    0x9fc1bc23U, 0x5fa1e1beU, 0x9dc0ba27U, 0xb1d6ce7fU,
+    0x3a1d4e74U, 0xf5f402f7U, 0xc2615b99U, 0x763b9aecU,
+    0x20106040U, 0xadd8ea47U, 0xd0686dbdU, 0x5da0e7baU,
+    0x7fb181feU, 0x140a3c28U, 0xd2696bb9U, 0xd86c75adU,
+    0x9249ab39U, 0xe9fa26cfU, 0xec7629c5U, 0x95c4a237U,
+    0x219e6342U, 0x2b9b7d56U, 0xdc6e79a5U, 0x2f99715eU,
+    0x99c2b62fU, 0x73b795e6U, 0x2d98775aU, 0x65bcafcaU,
+    0x038f0506U, 0x1785392eU, 0x3e1f427cU, 0x75b49feaU,
+    0xedf82ac7U, 0x22116644U, 0x5c2ee4b8U, 0x00000000U,
+    0x4a25de94U, 0x381c4870U, 0x542afca8U, 0x7a3d8ef4U,
+    0x0a051e14U, 0x9e4fbf21U, 0xf67b07f1U, 0x79b28bf2U,
+    0x6432acc8U, 0x3d90477aU, 0x43afc586U, 0x32195664U,
+    0x5ba3edb6U, 0xf3f708fbU, 0xe67337d1U, 0x279d694eU,
+    0x2a157e54U, 0xe87425cdU, 0xc1ee5e9fU, 0x89ca860fU,
+    0x239f6546U, 0x1e0f223cU, 0x361b5a6cU, 0xea7523c9U,
+    0x11863322U, 0x15843f2aU, 0x259c6f4aU, 0x944aa135U,
+    0x33975566U, 0x341a5c68U, 0xca654389U, 0xf1f60effU,
+    0xc7ed5493U, 0x12093624U, 0x6bbbbdd6U, 0x4c26d498U,
+    0x1b832d36U, 0xcbeb408bU, 0xde6f7fa1U, 0x1f81213eU,
+    0x08041810U, 0xd46a61b5U, 0x86439711U, 0x02010604U,
+    0x2e17725cU, 0xdfe17ca3U, 0x13873526U, 0xf7f504f3U,
+    0x078d090eU, 0xdbe370abU, 0x4623ca8cU, 0x1d80273aU,
+    0x8844850dU, 0x2c167458U, 0xcc664985U, 0x4221c684U,
+    0xe1fe3edfU, 0xb7d5c473U, 0x6231a6c4U, 0xafd9ec43U,
+    0x6a35bed4U, 0x30185060U, 0x04020c08U, 0xc864458dU,
+    0xf9f216efU, 0xfff11ce3U, 0xac56e945U, 0x87cd9413U,
+    0x19822b32U, 0x8dc88a07U, 0x69babbd2U, 0xfdf01ae7U,
+    0xc3ef589bU, 0xcfe94c83U, 0xcde84a87U, 0xe7fd34d3U,
+    0x0f89111eU, 0xb3d7c87bU, 0x93c7a83bU, 0x77b599eeU,
+    0x55a4ffaaU, 0x5e2fe2bcU, 0x3795596eU, 0x26136a4cU,
+    0x160b3a2cU, 0xfbf310ebU, 0xdde07aa7U, 0x6e37b2dcU,
+};
+
+static const ulong32 T2[256] = {
+    0xa6f5a753U, 0x6bd0d3bbU, 0xbf6ee6d1U, 0xd93b71e2U,
+    0x67dad0bdU, 0x8acfac45U, 0x29b34d9aU, 0xf90b79f2U,
+    0xe89c3a74U, 0x038cc98fU, 0x7e41913fU, 0xd732fce5U,
+    0x78441e3cU, 0x018f478eU, 0x4de554a8U, 0xcea9bd67U,
+    0x0a0f8c05U, 0xaef9a557U, 0xf5017af4U, 0xcb20fbebU,
+    0x915763c6U, 0xdab7b86dU, 0x53f4dda7U, 0x77c2d4b5U,
+    0xb364e5d7U, 0xf68db37bU, 0x33a4c597U, 0xc2a3be61U,
+    0x9ed1a94fU, 0x1a17880dU, 0x30280c18U, 0xb2eba259U,
+    0xe4963972U, 0x5bf8dfa3U, 0xa4f62952U, 0x4fe6daa9U,
+    0xacfa2b56U, 0x9ad7a84dU, 0x0b80cb8bU, 0x2db54c98U,
+    0x31a74b96U, 0x88cc2244U, 0x92dbaa49U, 0x90d82448U,
+    0x199b4182U, 0xdd3d70e0U, 0xa2f3a651U, 0xc32cf9efU,
+    0x75c15ab4U, 0xaf76e2d9U, 0xfa87b07dU, 0xd8b4366cU,
+    0xe9137dfaU, 0xb762e4d5U, 0xccaa3366U, 0xdb38ffe3U,
+    0x9d5d60c0U, 0x80c02040U, 0x20300810U, 0x161d8b0bU,
+    0x65d95ebcU, 0x96ddab4bU, 0xe11f7ffeU, 0xfd0d78f0U,
+    0xed157cf8U, 0xb0e82c58U, 0x41ef57aeU, 0x6fd6d2b9U,
+    0x57f2dca5U, 0xa9736ddaU, 0xe5197efcU, 0x342e0d1aU,
+    0x51f753a6U, 0x6a5f9435U, 0x2bb0c39bU, 0xa0f02850U,
+    0x9cd2274eU, 0x1814060cU, 0x61df5fbeU, 0x8ec9ad47U,
+    0x814f67ceU, 0x6dd55cb8U, 0x49e355aaU, 0x3dad4890U,
+    0x38240e1cU, 0x55f152a4U, 0x8f46eac9U, 0x15914284U,
+    0x71c75bb6U, 0x69d35dbaU, 0xc0a03060U, 0x7dcd58b0U,
+    0x59fb51a2U, 0x79cb59b2U, 0xf0883c78U, 0x25b94e9cU,
+    0xe0903870U, 0x121b8a09U, 0xd53172e4U, 0x50781428U,
+    0xbb68e7d3U, 0x3faec691U, 0x5ffedea1U, 0x5dfd50a0U,
+    0x02038e01U, 0x724b9239U, 0x63dcd1bfU, 0xc12f77eeU,
+    0x764d933bU, 0x0983458aU, 0x527b9a29U, 0x1f9ece81U,
+    0xb4ee2d5aU, 0x0c0a0306U, 0x955162c4U, 0xe293b671U,
+    0xdeb1b96fU, 0xc6a5bf63U, 0x62539631U, 0xb1676bd6U,
+    0xfc823f7eU, 0x1c12070eU, 0x486c1224U, 0x82c3ae41U,
+    0x1d9d4080U, 0xd0b83468U, 0x0589468cU, 0xf8843e7cU,
+    0x4be0dbabU, 0x1b98cf83U, 0x9752ecc5U, 0x1792cc85U,
+    0x23bcc19fU, 0xbee1a15fU, 0x27bac09dU, 0x7fced6b1U,
+    0x744e1d3aU, 0xf702f4f5U, 0x995b61c2U, 0xec9a3b76U,
+    0x40601020U, 0x47ead8adU, 0xbd6d68d0U, 0xbae7a05dU,
+    0xfe81b17fU, 0x283c0a14U, 0xb96b69d2U, 0xad756cd8U,
+    0x39ab4992U, 0xcf26fae9U, 0xc52976ecU, 0x37a2c495U,
+    0x42639e21U, 0x567d9b2bU, 0xa5796edcU, 0x5e71992fU,
+    0x2fb6c299U, 0xe695b773U, 0x5a77982dU, 0xcaafbc65U,
+    0x06058f03U, 0x2e398517U, 0x7c421f3eU, 0xea9fb475U,
+    0xc72af8edU, 0x44661122U, 0xb8e42e5cU, 0x00000000U,
+    0x94de254aU, 0x70481c38U, 0xa8fc2a54U, 0xf48e3d7aU,
+    0x141e050aU, 0x21bf4f9eU, 0xf1077bf6U, 0xf28bb279U,
+    0xc8ac3264U, 0x7a47903dU, 0x86c5af43U, 0x64561932U,
+    0xb6eda35bU, 0xfb08f7f3U, 0xd13773e6U, 0x4e699d27U,
+    0x547e152aU, 0xcd2574e8U, 0x9f5eeec1U, 0x0f86ca89U,
+    0x46659f23U, 0x3c220f1eU, 0x6c5a1b36U, 0xc92375eaU,
+    0x22338611U, 0x2a3f8415U, 0x4a6f9c25U, 0x35a14a94U,
+    0x66559733U, 0x685c1a34U, 0x894365caU, 0xff0ef6f1U,
+    0x9354edc7U, 0x24360912U, 0xd6bdbb6bU, 0x98d4264cU,
+    0x362d831bU, 0x8b40ebcbU, 0xa17f6fdeU, 0x3e21811fU,
+    0x10180408U, 0xb5616ad4U, 0x11974386U, 0x04060102U,
+    0x5c72172eU, 0xa37ce1dfU, 0x26358713U, 0xf304f5f7U,
+    0x0e098d07U, 0xab70e3dbU, 0x8cca2346U, 0x3a27801dU,
+    0x0d854488U, 0x5874162cU, 0x854966ccU, 0x84c62142U,
+    0xdf3efee1U, 0x73c4d5b7U, 0xc4a63162U, 0x43ecd9afU,
+    0xd4be356aU, 0x60501830U, 0x080c0204U, 0x8d4564c8U,
+    0xef16f2f9U, 0xe31cf1ffU, 0x45e956acU, 0x1394cd87U,
+    0x322b8219U, 0x078ac88dU, 0xd2bbba69U, 0xe71af0fdU,
+    0x9b58efc3U, 0x834ce9cfU, 0x874ae8cdU, 0xd334fde7U,
+    0x1e11890fU, 0x7bc8d7b3U, 0x3ba8c793U, 0xee99b577U,
+    0xaaffa455U, 0xbce22f5eU, 0x6e599537U, 0x4c6a1326U,
+    0x2c3a0b16U, 0xeb10f3fbU, 0xa77ae0ddU, 0xdcb2376eU,
+};
+
+static const ulong32 T3[256] = {
+    0xf5a653a7U, 0xd06bbbd3U, 0x6ebfd1e6U, 0x3bd9e271U,
+    0xda67bdd0U, 0xcf8a45acU, 0xb3299a4dU, 0x0bf9f279U,
+    0x9ce8743aU, 0x8c038fc9U, 0x417e3f91U, 0x32d7e5fcU,
+    0x44783c1eU, 0x8f018e47U, 0xe54da854U, 0xa9ce67bdU,
+    0x0f0a058cU, 0xf9ae57a5U, 0x01f5f47aU, 0x20cbebfbU,
+    0x5791c663U, 0xb7da6db8U, 0xf453a7ddU, 0xc277b5d4U,
+    0x64b3d7e5U, 0x8df67bb3U, 0xa43397c5U, 0xa3c261beU,
+    0xd19e4fa9U, 0x171a0d88U, 0x2830180cU, 0xebb259a2U,
+    0x96e47239U, 0xf85ba3dfU, 0xf6a45229U, 0xe64fa9daU,
+    0xfaac562bU, 0xd79a4da8U, 0x800b8bcbU, 0xb52d984cU,
+    0xa731964bU, 0xcc884422U, 0xdb9249aaU, 0xd8904824U,
+    0x9b198241U, 0x3ddde070U, 0xf3a251a6U, 0x2cc3eff9U,
+    0xc175b45aU, 0x76afd9e2U, 0x87fa7db0U, 0xb4d86c36U,
+    0x13e9fa7dU, 0x62b7d5e4U, 0xaacc6633U, 0x38dbe3ffU,
+    0x5d9dc060U, 0xc0804020U, 0x30201008U, 0x1d160b8bU,
+    0xd965bc5eU, 0xdd964babU, 0x1fe1fe7fU, 0x0dfdf078U,
+    0x15edf87cU, 0xe8b0582cU, 0xef41ae57U, 0xd66fb9d2U,
+    0xf257a5dcU, 0x73a9da6dU, 0x19e5fc7eU, 0x2e341a0dU,
+    0xf751a653U, 0x5f6a3594U, 0xb02b9bc3U, 0xf0a05028U,
+    0xd29c4e27U, 0x14180c06U, 0xdf61be5fU, 0xc98e47adU,
+    0x4f81ce67U, 0xd56db85cU, 0xe349aa55U, 0xad3d9048U,
+    0x24381c0eU, 0xf155a452U, 0x468fc9eaU, 0x91158442U,
+    0xc771b65bU, 0xd369ba5dU, 0xa0c06030U, 0xcd7db058U,
+    0xfb59a251U, 0xcb79b259U, 0x88f0783cU, 0xb9259c4eU,
+    0x90e07038U, 0x1b12098aU, 0x31d5e472U, 0x78502814U,
+    0x68bbd3e7U, 0xae3f91c6U, 0xfe5fa1deU, 0xfd5da050U,
+    0x0302018eU, 0x4b723992U, 0xdc63bfd1U, 0x2fc1ee77U,
+    0x4d763b93U, 0x83098a45U, 0x7b52299aU, 0x9e1f81ceU,
+    0xeeb45a2dU, 0x0a0c0603U, 0x5195c462U, 0x93e271b6U,
+    0xb1de6fb9U, 0xa5c663bfU, 0x53623196U, 0x67b1d66bU,
+    0x82fc7e3fU, 0x121c0e07U, 0x6c482412U, 0xc38241aeU,
+    0x9d1d8040U, 0xb8d06834U, 0x89058c46U, 0x84f87c3eU,
+    0xe04babdbU, 0x981b83cfU, 0x5297c5ecU, 0x921785ccU,
+    0xbc239fc1U, 0xe1be5fa1U, 0xba279dc0U, 0xce7fb1d6U,
+    0x4e743a1dU, 0x02f7f5f4U, 0x5b99c261U, 0x9aec763bU,
+    0x60402010U, 0xea47add8U, 0x6dbdd068U, 0xe7ba5da0U,
+    0x81fe7fb1U, 0x3c28140aU, 0x6bb9d269U, 0x75add86cU,
+    0xab399249U, 0x26cfe9faU, 0x29c5ec76U, 0xa23795c4U,
+    0x6342219eU, 0x7d562b9bU, 0x79a5dc6eU, 0x715e2f99U,
+    0xb62f99c2U, 0x95e673b7U, 0x775a2d98U, 0xafca65bcU,
+    0x0506038fU, 0x392e1785U, 0x427c3e1fU, 0x9fea75b4U,
+    0x2ac7edf8U, 0x66442211U, 0xe4b85c2eU, 0x00000000U,
+    0xde944a25U, 0x4870381cU, 0xfca8542aU, 0x8ef47a3dU,
+    0x1e140a05U, 0xbf219e4fU, 0x07f1f67bU, 0x8bf279b2U,
+    0xacc86432U, 0x477a3d90U, 0xc58643afU, 0x56643219U,
+    0xedb65ba3U, 0x08fbf3f7U, 0x37d1e673U, 0x694e279dU,
+    0x7e542a15U, 0x25cde874U, 0x5e9fc1eeU, 0x860f89caU,
+    0x6546239fU, 0x223c1e0fU, 0x5a6c361bU, 0x23c9ea75U,
+    0x33221186U, 0x3f2a1584U, 0x6f4a259cU, 0xa135944aU,
+    0x55663397U, 0x5c68341aU, 0x4389ca65U, 0x0efff1f6U,
+    0x5493c7edU, 0x36241209U, 0xbdd66bbbU, 0xd4984c26U,
+    0x2d361b83U, 0x408bcbebU, 0x7fa1de6fU, 0x213e1f81U,
+    0x18100804U, 0x61b5d46aU, 0x97118643U, 0x06040201U,
+    0x725c2e17U, 0x7ca3dfe1U, 0x35261387U, 0x04f3f7f5U,
+    0x090e078dU, 0x70abdbe3U, 0xca8c4623U, 0x273a1d80U,
+    0x850d8844U, 0x74582c16U, 0x4985cc66U, 0xc6844221U,
+    0x3edfe1feU, 0xc473b7d5U, 0xa6c46231U, 0xec43afd9U,
+    0xbed46a35U, 0x50603018U, 0x0c080402U, 0x458dc864U,
+    0x16eff9f2U, 0x1ce3fff1U, 0xe945ac56U, 0x941387cdU,
+    0x2b321982U, 0x8a078dc8U, 0xbbd269baU, 0x1ae7fdf0U,
+    0x589bc3efU, 0x4c83cfe9U, 0x4a87cde8U, 0x34d3e7fdU,
+    0x111e0f89U, 0xc87bb3d7U, 0xa83b93c7U, 0x99ee77b5U,
+    0xffaa55a4U, 0xe2bc5e2fU, 0x596e3795U, 0x6a4c2613U,
+    0x3a2c160bU, 0x10ebfbf3U, 0x7aa7dde0U, 0xb2dc6e37U,
+};
+
+static const ulong32 T4[256] = {
+    0xa7a7a7a7U, 0xd3d3d3d3U, 0xe6e6e6e6U, 0x71717171U,
+    0xd0d0d0d0U, 0xacacacacU, 0x4d4d4d4dU, 0x79797979U,
+    0x3a3a3a3aU, 0xc9c9c9c9U, 0x91919191U, 0xfcfcfcfcU,
+    0x1e1e1e1eU, 0x47474747U, 0x54545454U, 0xbdbdbdbdU,
+    0x8c8c8c8cU, 0xa5a5a5a5U, 0x7a7a7a7aU, 0xfbfbfbfbU,
+    0x63636363U, 0xb8b8b8b8U, 0xddddddddU, 0xd4d4d4d4U,
+    0xe5e5e5e5U, 0xb3b3b3b3U, 0xc5c5c5c5U, 0xbebebebeU,
+    0xa9a9a9a9U, 0x88888888U, 0x0c0c0c0cU, 0xa2a2a2a2U,
+    0x39393939U, 0xdfdfdfdfU, 0x29292929U, 0xdadadadaU,
+    0x2b2b2b2bU, 0xa8a8a8a8U, 0xcbcbcbcbU, 0x4c4c4c4cU,
+    0x4b4b4b4bU, 0x22222222U, 0xaaaaaaaaU, 0x24242424U,
+    0x41414141U, 0x70707070U, 0xa6a6a6a6U, 0xf9f9f9f9U,
+    0x5a5a5a5aU, 0xe2e2e2e2U, 0xb0b0b0b0U, 0x36363636U,
+    0x7d7d7d7dU, 0xe4e4e4e4U, 0x33333333U, 0xffffffffU,
+    0x60606060U, 0x20202020U, 0x08080808U, 0x8b8b8b8bU,
+    0x5e5e5e5eU, 0xababababU, 0x7f7f7f7fU, 0x78787878U,
+    0x7c7c7c7cU, 0x2c2c2c2cU, 0x57575757U, 0xd2d2d2d2U,
+    0xdcdcdcdcU, 0x6d6d6d6dU, 0x7e7e7e7eU, 0x0d0d0d0dU,
+    0x53535353U, 0x94949494U, 0xc3c3c3c3U, 0x28282828U,
+    0x27272727U, 0x06060606U, 0x5f5f5f5fU, 0xadadadadU,
+    0x67676767U, 0x5c5c5c5cU, 0x55555555U, 0x48484848U,
+    0x0e0e0e0eU, 0x52525252U, 0xeaeaeaeaU, 0x42424242U,
+    0x5b5b5b5bU, 0x5d5d5d5dU, 0x30303030U, 0x58585858U,
+    0x51515151U, 0x59595959U, 0x3c3c3c3cU, 0x4e4e4e4eU,
+    0x38383838U, 0x8a8a8a8aU, 0x72727272U, 0x14141414U,
+    0xe7e7e7e7U, 0xc6c6c6c6U, 0xdedededeU, 0x50505050U,
+    0x8e8e8e8eU, 0x92929292U, 0xd1d1d1d1U, 0x77777777U,
+    0x93939393U, 0x45454545U, 0x9a9a9a9aU, 0xcecececeU,
+    0x2d2d2d2dU, 0x03030303U, 0x62626262U, 0xb6b6b6b6U,
+    0xb9b9b9b9U, 0xbfbfbfbfU, 0x96969696U, 0x6b6b6b6bU,
+    0x3f3f3f3fU, 0x07070707U, 0x12121212U, 0xaeaeaeaeU,
+    0x40404040U, 0x34343434U, 0x46464646U, 0x3e3e3e3eU,
+    0xdbdbdbdbU, 0xcfcfcfcfU, 0xececececU, 0xccccccccU,
+    0xc1c1c1c1U, 0xa1a1a1a1U, 0xc0c0c0c0U, 0xd6d6d6d6U,
+    0x1d1d1d1dU, 0xf4f4f4f4U, 0x61616161U, 0x3b3b3b3bU,
+    0x10101010U, 0xd8d8d8d8U, 0x68686868U, 0xa0a0a0a0U,
+    0xb1b1b1b1U, 0x0a0a0a0aU, 0x69696969U, 0x6c6c6c6cU,
+    0x49494949U, 0xfafafafaU, 0x76767676U, 0xc4c4c4c4U,
+    0x9e9e9e9eU, 0x9b9b9b9bU, 0x6e6e6e6eU, 0x99999999U,
+    0xc2c2c2c2U, 0xb7b7b7b7U, 0x98989898U, 0xbcbcbcbcU,
+    0x8f8f8f8fU, 0x85858585U, 0x1f1f1f1fU, 0xb4b4b4b4U,
+    0xf8f8f8f8U, 0x11111111U, 0x2e2e2e2eU, 0x00000000U,
+    0x25252525U, 0x1c1c1c1cU, 0x2a2a2a2aU, 0x3d3d3d3dU,
+    0x05050505U, 0x4f4f4f4fU, 0x7b7b7b7bU, 0xb2b2b2b2U,
+    0x32323232U, 0x90909090U, 0xafafafafU, 0x19191919U,
+    0xa3a3a3a3U, 0xf7f7f7f7U, 0x73737373U, 0x9d9d9d9dU,
+    0x15151515U, 0x74747474U, 0xeeeeeeeeU, 0xcacacacaU,
+    0x9f9f9f9fU, 0x0f0f0f0fU, 0x1b1b1b1bU, 0x75757575U,
+    0x86868686U, 0x84848484U, 0x9c9c9c9cU, 0x4a4a4a4aU,
+    0x97979797U, 0x1a1a1a1aU, 0x65656565U, 0xf6f6f6f6U,
+    0xededededU, 0x09090909U, 0xbbbbbbbbU, 0x26262626U,
+    0x83838383U, 0xebebebebU, 0x6f6f6f6fU, 0x81818181U,
+    0x04040404U, 0x6a6a6a6aU, 0x43434343U, 0x01010101U,
+    0x17171717U, 0xe1e1e1e1U, 0x87878787U, 0xf5f5f5f5U,
+    0x8d8d8d8dU, 0xe3e3e3e3U, 0x23232323U, 0x80808080U,
+    0x44444444U, 0x16161616U, 0x66666666U, 0x21212121U,
+    0xfefefefeU, 0xd5d5d5d5U, 0x31313131U, 0xd9d9d9d9U,
+    0x35353535U, 0x18181818U, 0x02020202U, 0x64646464U,
+    0xf2f2f2f2U, 0xf1f1f1f1U, 0x56565656U, 0xcdcdcdcdU,
+    0x82828282U, 0xc8c8c8c8U, 0xbabababaU, 0xf0f0f0f0U,
+    0xefefefefU, 0xe9e9e9e9U, 0xe8e8e8e8U, 0xfdfdfdfdU,
+    0x89898989U, 0xd7d7d7d7U, 0xc7c7c7c7U, 0xb5b5b5b5U,
+    0xa4a4a4a4U, 0x2f2f2f2fU, 0x95959595U, 0x13131313U,
+    0x0b0b0b0bU, 0xf3f3f3f3U, 0xe0e0e0e0U, 0x37373737U,
+};
+
+static const ulong32 T5[256] = {
+    0x00000000U, 0x01020608U, 0x02040c10U, 0x03060a18U,
+    0x04081820U, 0x050a1e28U, 0x060c1430U, 0x070e1238U,
+    0x08103040U, 0x09123648U, 0x0a143c50U, 0x0b163a58U,
+    0x0c182860U, 0x0d1a2e68U, 0x0e1c2470U, 0x0f1e2278U,
+    0x10206080U, 0x11226688U, 0x12246c90U, 0x13266a98U,
+    0x142878a0U, 0x152a7ea8U, 0x162c74b0U, 0x172e72b8U,
+    0x183050c0U, 0x193256c8U, 0x1a345cd0U, 0x1b365ad8U,
+    0x1c3848e0U, 0x1d3a4ee8U, 0x1e3c44f0U, 0x1f3e42f8U,
+    0x2040c01dU, 0x2142c615U, 0x2244cc0dU, 0x2346ca05U,
+    0x2448d83dU, 0x254ade35U, 0x264cd42dU, 0x274ed225U,
+    0x2850f05dU, 0x2952f655U, 0x2a54fc4dU, 0x2b56fa45U,
+    0x2c58e87dU, 0x2d5aee75U, 0x2e5ce46dU, 0x2f5ee265U,
+    0x3060a09dU, 0x3162a695U, 0x3264ac8dU, 0x3366aa85U,
+    0x3468b8bdU, 0x356abeb5U, 0x366cb4adU, 0x376eb2a5U,
+    0x387090ddU, 0x397296d5U, 0x3a749ccdU, 0x3b769ac5U,
+    0x3c7888fdU, 0x3d7a8ef5U, 0x3e7c84edU, 0x3f7e82e5U,
+    0x40809d3aU, 0x41829b32U, 0x4284912aU, 0x43869722U,
+    0x4488851aU, 0x458a8312U, 0x468c890aU, 0x478e8f02U,
+    0x4890ad7aU, 0x4992ab72U, 0x4a94a16aU, 0x4b96a762U,
+    0x4c98b55aU, 0x4d9ab352U, 0x4e9cb94aU, 0x4f9ebf42U,
+    0x50a0fdbaU, 0x51a2fbb2U, 0x52a4f1aaU, 0x53a6f7a2U,
+    0x54a8e59aU, 0x55aae392U, 0x56ace98aU, 0x57aeef82U,
+    0x58b0cdfaU, 0x59b2cbf2U, 0x5ab4c1eaU, 0x5bb6c7e2U,
+    0x5cb8d5daU, 0x5dbad3d2U, 0x5ebcd9caU, 0x5fbedfc2U,
+    0x60c05d27U, 0x61c25b2fU, 0x62c45137U, 0x63c6573fU,
+    0x64c84507U, 0x65ca430fU, 0x66cc4917U, 0x67ce4f1fU,
+    0x68d06d67U, 0x69d26b6fU, 0x6ad46177U, 0x6bd6677fU,
+    0x6cd87547U, 0x6dda734fU, 0x6edc7957U, 0x6fde7f5fU,
+    0x70e03da7U, 0x71e23bafU, 0x72e431b7U, 0x73e637bfU,
+    0x74e82587U, 0x75ea238fU, 0x76ec2997U, 0x77ee2f9fU,
+    0x78f00de7U, 0x79f20befU, 0x7af401f7U, 0x7bf607ffU,
+    0x7cf815c7U, 0x7dfa13cfU, 0x7efc19d7U, 0x7ffe1fdfU,
+    0x801d2774U, 0x811f217cU, 0x82192b64U, 0x831b2d6cU,
+    0x84153f54U, 0x8517395cU, 0x86113344U, 0x8713354cU,
+    0x880d1734U, 0x890f113cU, 0x8a091b24U, 0x8b0b1d2cU,
+    0x8c050f14U, 0x8d07091cU, 0x8e010304U, 0x8f03050cU,
+    0x903d47f4U, 0x913f41fcU, 0x92394be4U, 0x933b4decU,
+    0x94355fd4U, 0x953759dcU, 0x963153c4U, 0x973355ccU,
+    0x982d77b4U, 0x992f71bcU, 0x9a297ba4U, 0x9b2b7dacU,
+    0x9c256f94U, 0x9d27699cU, 0x9e216384U, 0x9f23658cU,
+    0xa05de769U, 0xa15fe161U, 0xa259eb79U, 0xa35bed71U,
+    0xa455ff49U, 0xa557f941U, 0xa651f359U, 0xa753f551U,
+    0xa84dd729U, 0xa94fd121U, 0xaa49db39U, 0xab4bdd31U,
+    0xac45cf09U, 0xad47c901U, 0xae41c319U, 0xaf43c511U,
+    0xb07d87e9U, 0xb17f81e1U, 0xb2798bf9U, 0xb37b8df1U,
+    0xb4759fc9U, 0xb57799c1U, 0xb67193d9U, 0xb77395d1U,
+    0xb86db7a9U, 0xb96fb1a1U, 0xba69bbb9U, 0xbb6bbdb1U,
+    0xbc65af89U, 0xbd67a981U, 0xbe61a399U, 0xbf63a591U,
+    0xc09dba4eU, 0xc19fbc46U, 0xc299b65eU, 0xc39bb056U,
+    0xc495a26eU, 0xc597a466U, 0xc691ae7eU, 0xc793a876U,
+    0xc88d8a0eU, 0xc98f8c06U, 0xca89861eU, 0xcb8b8016U,
+    0xcc85922eU, 0xcd879426U, 0xce819e3eU, 0xcf839836U,
+    0xd0bddaceU, 0xd1bfdcc6U, 0xd2b9d6deU, 0xd3bbd0d6U,
+    0xd4b5c2eeU, 0xd5b7c4e6U, 0xd6b1cefeU, 0xd7b3c8f6U,
+    0xd8adea8eU, 0xd9afec86U, 0xdaa9e69eU, 0xdbabe096U,
+    0xdca5f2aeU, 0xdda7f4a6U, 0xdea1febeU, 0xdfa3f8b6U,
+    0xe0dd7a53U, 0xe1df7c5bU, 0xe2d97643U, 0xe3db704bU,
+    0xe4d56273U, 0xe5d7647bU, 0xe6d16e63U, 0xe7d3686bU,
+    0xe8cd4a13U, 0xe9cf4c1bU, 0xeac94603U, 0xebcb400bU,
+    0xecc55233U, 0xedc7543bU, 0xeec15e23U, 0xefc3582bU,
+    0xf0fd1ad3U, 0xf1ff1cdbU, 0xf2f916c3U, 0xf3fb10cbU,
+    0xf4f502f3U, 0xf5f704fbU, 0xf6f10ee3U, 0xf7f308ebU,
+    0xf8ed2a93U, 0xf9ef2c9bU, 0xfae92683U, 0xfbeb208bU,
+    0xfce532b3U, 0xfde734bbU, 0xfee13ea3U, 0xffe338abU,
+};
+
+/**
+ * The round constants.
+ */
+static const ulong32 rc[] = {
+   0xa7d3e671U, 0xd0ac4d79U, 0x3ac991fcU, 0x1e4754bdU,
+   0x8ca57afbU, 0x63b8ddd4U, 0xe5b3c5beU, 0xa9880ca2U,
+   0x39df29daU, 0x2ba8cb4cU, 0x4b22aa24U, 0x4170a6f9U,
+   0x5ae2b036U, 0x7de433ffU, 0x6020088bU, 0x5eab7f78U,
+   0x7c2c57d2U, 0xdc6d7e0dU, 0x5394c328U,
+};
+
+#endif
+
+ /**
+    Initialize the Anubis block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
+#ifdef CLEAN_STACK
+static int _anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
+#else
+int  anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
+#endif
+{
+   int N, R, i, pos, r;
+   ulong32 kappa[MAX_N];
+   ulong32 inter[MAX_N];
+   ulong32 v, K0, K1, K2, K3;
+
+   LTC_ARGCHK(key  != NULL);
+   LTC_ARGCHK(skey != NULL);
+
+   /* Valid sizes (in bytes) are 16, 20, 24, 28, 32, 36, and 40. */
+   if ((keylen & 3) || (keylen < 16) || (keylen > 40)) {
+      return CRYPT_INVALID_KEYSIZE;
+   }
+   skey->anubis.keyBits = keylen*8;
+
+   /*
+    * determine the N length parameter:
+    * (N.B. it is assumed that the key length is valid!)
+    */
+   N = skey->anubis.keyBits >> 5;
+
+   /*
+    * determine number of rounds from key size:
+    */
+   skey->anubis.R = R = 8 + N;
+
+   if (num_rounds != 0 && num_rounds != skey->anubis.R) {
+      return CRYPT_INVALID_ROUNDS;
+   }
+
+    /*
+    * map cipher key to initial key state (mu):
+    */
+    for (i = 0, pos = 0; i < N; i++, pos += 4) {
+      kappa[i] =
+         (key[pos    ] << 24) ^
+         (key[pos + 1] << 16) ^
+         (key[pos + 2] <<  8) ^
+         (key[pos + 3]      );
+    }
+
+   /*
+    * generate R + 1 round keys:
+    */
+   for (r = 0; r <= R; r++) {
+      /*
+       * generate r-th round key K^r:
+       */
+      K0 = T4[(kappa[N - 1] >> 24)       ];
+      K1 = T4[(kappa[N - 1] >> 16) & 0xff];
+      K2 = T4[(kappa[N - 1] >>  8) & 0xff];
+      K3 = T4[(kappa[N - 1]      ) & 0xff];
+      for (i = N - 2; i >= 0; i--) {
+         K0 = T4[(kappa[i] >> 24)       ] ^
+            (T5[(K0 >> 24)       ] & 0xff000000U) ^
+            (T5[(K0 >> 16) & 0xff] & 0x00ff0000U) ^
+            (T5[(K0 >>  8) & 0xff] & 0x0000ff00U) ^
+            (T5[(K0      ) & 0xff] & 0x000000ffU);
+         K1 = T4[(kappa[i] >> 16) & 0xff] ^
+            (T5[(K1 >> 24)       ] & 0xff000000U) ^
+            (T5[(K1 >> 16) & 0xff] & 0x00ff0000U) ^
+            (T5[(K1 >>  8) & 0xff] & 0x0000ff00U) ^
+            (T5[(K1      ) & 0xff] & 0x000000ffU);
+         K2 = T4[(kappa[i] >>  8) & 0xff] ^
+            (T5[(K2 >> 24)       ] & 0xff000000U) ^
+            (T5[(K2 >> 16) & 0xff] & 0x00ff0000U) ^
+            (T5[(K2 >>  8) & 0xff] & 0x0000ff00U) ^
+            (T5[(K2      ) & 0xff] & 0x000000ffU);
+         K3 = T4[(kappa[i]      ) & 0xff] ^
+            (T5[(K3 >> 24)       ] & 0xff000000U) ^
+            (T5[(K3 >> 16) & 0xff] & 0x00ff0000U) ^
+            (T5[(K3 >>  8) & 0xff] & 0x0000ff00U) ^
+            (T5[(K3      ) & 0xff] & 0x000000ffU);
+      }
+      /*
+      -- this is the code to use with the large U tables:
+      K0 = K1 = K2 = K3 = 0;
+      for (i = 0; i < N; i++) {
+         K0 ^= U[i][(kappa[i] >> 24)       ];
+         K1 ^= U[i][(kappa[i] >> 16) & 0xff];
+         K2 ^= U[i][(kappa[i] >>  8) & 0xff];
+         K3 ^= U[i][(kappa[i]      ) & 0xff];
+      }
+      */
+      skey->anubis.roundKeyEnc[r][0] = K0;
+      skey->anubis.roundKeyEnc[r][1] = K1;
+      skey->anubis.roundKeyEnc[r][2] = K2;
+      skey->anubis.roundKeyEnc[r][3] = K3;
+
+      /*
+       * compute kappa^{r+1} from kappa^r:
+       */
+      if (r == R) {
+         break;
+      }
+      for (i = 0; i < N; i++) {
+         int j = i;
+         inter[i]  = T0[(kappa[j--] >> 24)       ]; if (j < 0) j = N - 1;
+         inter[i] ^= T1[(kappa[j--] >> 16) & 0xff]; if (j < 0) j = N - 1;
+         inter[i] ^= T2[(kappa[j--] >>  8) & 0xff]; if (j < 0) j = N - 1;
+         inter[i] ^= T3[(kappa[j  ]      ) & 0xff];
+      }
+      kappa[0] = inter[0] ^ rc[r];
+      for (i = 1; i < N; i++) {
+         kappa[i] = inter[i];
+      }
+   }
+
+   /*
+    * generate inverse key schedule: K'^0 = K^R, K'^R = K^0, K'^r = theta(K^{R-r}):
+    */
+   for (i = 0; i < 4; i++) {
+      skey->anubis.roundKeyDec[0][i] = skey->anubis.roundKeyEnc[R][i];
+      skey->anubis.roundKeyDec[R][i] = skey->anubis.roundKeyEnc[0][i];
+   }
+   for (r = 1; r < R; r++) {
+      for (i = 0; i < 4; i++) {
+         v = skey->anubis.roundKeyEnc[R - r][i];
+         skey->anubis.roundKeyDec[r][i] =
+            T0[T4[(v >> 24)       ] & 0xff] ^
+            T1[T4[(v >> 16) & 0xff] & 0xff] ^
+            T2[T4[(v >>  8) & 0xff] & 0xff] ^
+            T3[T4[(v      ) & 0xff] & 0xff];
+      }
+   }
+
+   return CRYPT_OK;
+}
+
+#ifdef CLEAN_STACK
+int  anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
+{
+  int err;
+  err = _anubis_setup(key, keylen, num_rounds, skey);
+  burn_stack(sizeof(int) * 5 + sizeof(ulong32) * (MAX_N + MAX_N + 5));
+  return err;
+}
+#endif
+  
+
+static void anubis_crypt(const unsigned char *plaintext, unsigned char *ciphertext,
+                         ulong32 roundKey[18 + 1][4], int R) {
+   int i, pos, r;
+   ulong32 state[4];
+   ulong32 inter[4];
+
+    /*
+    * map plaintext block to cipher state (mu)
+    * and add initial round key (sigma[K^0]):
+    */
+    for (i = 0, pos = 0; i < 4; i++, pos += 4) {
+      state[i] =
+         (plaintext[pos    ] << 24) ^
+         (plaintext[pos + 1] << 16) ^
+         (plaintext[pos + 2] <<  8) ^
+         (plaintext[pos + 3]      ) ^
+         roundKey[0][i];
+    }
+
+    /*
+     * R - 1 full rounds:
+     */
+    for (r = 1; r < R; r++) {
+      inter[0] =
+         T0[(state[0] >> 24)       ] ^
+         T1[(state[1] >> 24)       ] ^
+         T2[(state[2] >> 24)       ] ^
+         T3[(state[3] >> 24)       ] ^
+         roundKey[r][0];
+      inter[1] =
+         T0[(state[0] >> 16) & 0xff] ^
+         T1[(state[1] >> 16) & 0xff] ^
+         T2[(state[2] >> 16) & 0xff] ^
+         T3[(state[3] >> 16) & 0xff] ^
+         roundKey[r][1];
+      inter[2] =
+         T0[(state[0] >>  8) & 0xff] ^
+         T1[(state[1] >>  8) & 0xff] ^
+         T2[(state[2] >>  8) & 0xff] ^
+         T3[(state[3] >>  8) & 0xff] ^
+         roundKey[r][2];
+      inter[3] =
+         T0[(state[0]      ) & 0xff] ^
+         T1[(state[1]      ) & 0xff] ^
+         T2[(state[2]      ) & 0xff] ^
+         T3[(state[3]      ) & 0xff] ^
+         roundKey[r][3];
+      state[0] = inter[0];
+      state[1] = inter[1];
+      state[2] = inter[2];
+      state[3] = inter[3];
+    }
+
+    /*
+    * last round:
+    */
+   inter[0] =
+      (T0[(state[0] >> 24)       ] & 0xff000000U) ^
+      (T1[(state[1] >> 24)       ] & 0x00ff0000U) ^
+      (T2[(state[2] >> 24)       ] & 0x0000ff00U) ^
+      (T3[(state[3] >> 24)       ] & 0x000000ffU) ^
+      roundKey[R][0];
+   inter[1] =
+      (T0[(state[0] >> 16) & 0xff] & 0xff000000U) ^
+      (T1[(state[1] >> 16) & 0xff] & 0x00ff0000U) ^
+      (T2[(state[2] >> 16) & 0xff] & 0x0000ff00U) ^
+      (T3[(state[3] >> 16) & 0xff] & 0x000000ffU) ^
+      roundKey[R][1];
+   inter[2] =
+      (T0[(state[0] >>  8) & 0xff] & 0xff000000U) ^
+      (T1[(state[1] >>  8) & 0xff] & 0x00ff0000U) ^
+      (T2[(state[2] >>  8) & 0xff] & 0x0000ff00U) ^
+      (T3[(state[3] >>  8) & 0xff] & 0x000000ffU) ^
+      roundKey[R][2];
+   inter[3] =
+      (T0[(state[0]      ) & 0xff] & 0xff000000U) ^
+      (T1[(state[1]      ) & 0xff] & 0x00ff0000U) ^
+      (T2[(state[2]      ) & 0xff] & 0x0000ff00U) ^
+      (T3[(state[3]      ) & 0xff] & 0x000000ffU) ^
+      roundKey[R][3];
+
+   /*
+    * map cipher state to ciphertext block (mu^{-1}):
+    */
+    for (i = 0, pos = 0; i < 4; i++, pos += 4) {
+        ulong32 w = inter[i];
+        ciphertext[pos    ] = (unsigned char)(w >> 24);
+        ciphertext[pos + 1] = (unsigned char)(w >> 16);
+        ciphertext[pos + 2] = (unsigned char)(w >>  8);
+        ciphertext[pos + 3] = (unsigned char)(w      );
+    }
+}
+
+/**
+  Encrypts a block of text with Anubis
+  @param pt The input plaintext (16 bytes)
+  @param ct The output ciphertext (16 bytes)
+  @param skey The key as scheduled
+*/
+void anubis_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+{
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(skey != NULL);
+   anubis_crypt(pt, ct, skey->anubis.roundKeyEnc, skey->anubis.R);
+}
+
+/**
+  Decrypts a block of text with Anubis
+  @param ct The input ciphertext (16 bytes)
+  @param pt The output plaintext (16 bytes)
+  @param skey The key as scheduled 
+*/
+void anubis_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+{
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(skey != NULL);
+   anubis_crypt(ct, pt, skey->anubis.roundKeyDec, skey->anubis.R);
+}
+
+/**
+  Performs a self-test of the Anubis block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
+int anubis_test(void)
+{
+#if !defined(LTC_TEST)
+  return CRYPT_NOP;
+#else
+  static const struct test {
+     int keylen;
+     unsigned char pt[16], ct[16], key[40];
+  } tests[] = {
+#ifndef ANUBIS_TWEAK
+  /**** ORIGINAL ANUBIS ****/
+  /* 128 bit keys */
+{
+   16,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xF0, 0x68, 0x60, 0xFC, 0x67, 0x30, 0xE8, 0x18, 
+     0xF1, 0x32, 0xC7, 0x8A, 0xF4, 0x13, 0x2A, 0xFE },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+   16,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xA8, 0x66, 0x84, 0x80, 0x07, 0x74, 0x5C, 0x89, 
+     0xFC, 0x5E, 0xB5, 0xBA, 0xD4, 0xFE, 0x32, 0x6D },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+},
+
+   /* 160-bit keys */
+{
+   20,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xBD, 0x5E, 0x32, 0xBE, 0x51, 0x67, 0xA8, 0xE2,
+     0x72, 0xD7, 0x95, 0x0F, 0x83, 0xC6, 0x8C, 0x31 },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00 }
+}, {
+   20,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x4C, 0x1F, 0x86, 0x2E, 0x11, 0xEB, 0xCE, 0xEB,
+     0xFE, 0xB9, 0x73, 0xC9, 0xDF, 0xEF, 0x7A, 0xDB },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x01 }
+},
+
+  /* 192-bit keys */
+{
+   24,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x17, 0xAC, 0x57, 0x44, 0x9D, 0x59, 0x61, 0x66, 
+     0xD0, 0xC7, 0x9E, 0x04, 0x7C, 0xC7, 0x58, 0xF0 },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+   24,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x71, 0x52, 0xB4, 0xEB, 0x1D, 0xAA, 0x36, 0xFD, 
+     0x57, 0x14, 0x5F, 0x57, 0x04, 0x9F, 0x70, 0x74 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+},
+
+  /* 224-bit keys */
+{
+   28,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xA2, 0xF0, 0xA6, 0xB9, 0x17, 0x93, 0x2A, 0x3B, 
+     0xEF, 0x08, 0xE8, 0x7A, 0x58, 0xD6, 0xF8, 0x53 },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00 }
+}, {
+   28,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xF0, 0xCA, 0xFC, 0x78, 0x8B, 0x4B, 0x4E, 0x53, 
+     0x8B, 0xC4, 0x32, 0x6A, 0xF5, 0xB9, 0x1B, 0x5F },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x01 }
+},
+
+  /* 256-bit keys */
+{
+   32,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xE0, 0x86, 0xAC, 0x45, 0x6B, 0x3C, 0xE5, 0x13, 
+     0xED, 0xF5, 0xDF, 0xDD, 0xD6, 0x3B, 0x71, 0x93 },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+   32,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x50, 0x01, 0xB9, 0xF5, 0x21, 0xC1, 0xC1, 0x29, 
+     0x00, 0xD5, 0xEC, 0x98, 0x2B, 0x9E, 0xE8, 0x21 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+},
+
+  /* 288-bit keys */
+{
+   36,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xE8, 0xF4, 0xAF, 0x2B, 0x21, 0xA0, 0x87, 0x9B, 
+     0x41, 0x95, 0xB9, 0x71, 0x75, 0x79, 0x04, 0x7C },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00 }
+}, {
+   36,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xE6, 0xA6, 0xA5, 0xBC, 0x8B, 0x63, 0x6F, 0xE2, 
+     0xBD, 0xA7, 0xA7, 0x53, 0xAB, 0x40, 0x22, 0xE0 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x01 }
+},
+
+  /* 320-bit keys */
+{
+   40,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x17, 0x04, 0xD7, 0x2C, 0xC6, 0x85, 0x76, 0x02, 
+     0x4B, 0xCC, 0x39, 0x80, 0xD8, 0x22, 0xEA, 0xA4 },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+   40,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x7A, 0x41, 0xE6, 0x7D, 0x4F, 0xD8, 0x64, 0xF0, 
+     0x44, 0xA8, 0x3C, 0x73, 0x81, 0x7E, 0x53, 0xD8 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+}
+#else
+  /**** Tweaked ANUBIS ****/
+  /* 128 bit keys */
+{
+   16,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xB8, 0x35, 0xBD, 0xC3, 0x34, 0x82, 0x9D, 0x83,
+     0x71, 0xBF, 0xA3, 0x71, 0xE4, 0xB3, 0xC4, 0xFD },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+   16,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xE6, 0x14, 0x1E, 0xAF, 0xEB, 0xE0, 0x59, 0x3C,
+     0x48, 0xE1, 0xCD, 0xF2, 0x1B, 0xBA, 0xA1, 0x89 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+},
+
+   /* 160-bit keys */
+{
+   20,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x97, 0x59, 0x79, 0x4B, 0x5C, 0xA0, 0x70, 0x73,
+     0x24, 0xEF, 0xB3, 0x58, 0x67, 0xCA, 0xD4, 0xB3 },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00 }
+}, {
+   20,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xB8, 0x0D, 0xFB, 0x9B, 0xE4, 0xA1, 0x58, 0x87,
+     0xB3, 0x76, 0xD5, 0x02, 0x18, 0x95, 0xC1, 0x2E },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x01 }
+},
+
+  /* 192-bit keys */
+{
+   24,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x7D, 0x62, 0x3B, 0x52, 0xC7, 0x4C, 0x64, 0xD8,
+     0xEB, 0xC7, 0x2D, 0x57, 0x97, 0x85, 0x43, 0x8F },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+   24,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xB1, 0x0A, 0x59, 0xDD, 0x5D, 0x5D, 0x8D, 0x67,
+     0xEC, 0xEE, 0x4A, 0xC4, 0xBE, 0x4F, 0xA8, 0x4F },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+},
+
+  /* 224-bit keys */
+{
+   28,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x68, 0x9E, 0x05, 0x94, 0x6A, 0x94, 0x43, 0x8F,
+     0xE7, 0x8E, 0x37, 0x3D, 0x24, 0x97, 0x92, 0xF5 },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00 }
+}, {
+   28,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xDD, 0xB7, 0xB0, 0xB4, 0xE9, 0xB4, 0x9B, 0x9C,
+     0x38, 0x20, 0x25, 0x0B, 0x47, 0xC2, 0x1F, 0x89 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x01 }
+},
+
+  /* 256-bit keys */
+{
+   32,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x96, 0x00, 0xF0, 0x76, 0x91, 0x69, 0x29, 0x87,
+     0xF5, 0xE5, 0x97, 0xDB, 0xDB, 0xAF, 0x1B, 0x0A },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+   32,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x69, 0x9C, 0xAF, 0xDD, 0x94, 0xC7, 0xBC, 0x60,
+     0x44, 0xFE, 0x02, 0x05, 0x8A, 0x6E, 0xEF, 0xBD },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+},
+
+  /* 288-bit keys */
+{
+   36,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x0F, 0xC7, 0xA2, 0xC0, 0x11, 0x17, 0xAC, 0x43,
+     0x52, 0x5E, 0xDF, 0x6C, 0xF3, 0x96, 0x33, 0x6C },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00 }
+}, {
+   36,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xAD, 0x08, 0x4F, 0xED, 0x55, 0xA6, 0x94, 0x3E,
+     0x7E, 0x5E, 0xED, 0x05, 0xA1, 0x9D, 0x41, 0xB4 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x01 }
+},
+
+  /* 320-bit keys */
+{
+   40,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0xFE, 0xE2, 0x0E, 0x2A, 0x9D, 0xC5, 0x83, 0xBA,
+     0xA3, 0xA6, 0xD6, 0xA6, 0xF2, 0xE8, 0x06, 0xA5 },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+   40,
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x86, 0x3D, 0xCC, 0x4A, 0x60, 0x34, 0x9C, 0x28,
+     0xA7, 0xDA, 0xA4, 0x3B, 0x0A, 0xD7, 0xFD, 0xC7 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+}
+#endif
+};
+   int x, y;
+   unsigned char buf[2][16];
+   symmetric_key skey;
+
+   for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+       anubis_setup(tests[x].key, tests[x].keylen, 0, &skey);
+       anubis_ecb_encrypt(tests[x].pt, buf[0], &skey);
+       anubis_ecb_decrypt(buf[0], buf[1], &skey);
+       if (memcmp(buf[0], tests[x].ct, 16) || memcmp(buf[1], tests[x].pt, 16)) {
+          return CRYPT_FAIL_TESTVECTOR;
+       }
+
+       for (y = 0; y < 1000; y++) anubis_ecb_encrypt(buf[0], buf[0], &skey);
+       for (y = 0; y < 1000; y++) anubis_ecb_decrypt(buf[0], buf[0], &skey);
+       if (memcmp(buf[0], tests[x].ct, 16)) {
+          return CRYPT_FAIL_TESTVECTOR;
+       }
+
+   }
+   return CRYPT_OK;
+#endif
+}
+
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int anubis_keysize(int *keysize)
+{
+   LTC_ARGCHK(keysize != NULL);
+   if (*keysize >= 40) {
+      *keysize = 40;
+   } else if (*keysize >= 36) {
+      *keysize = 36;
+   } else if (*keysize >= 32) {
+      *keysize = 32;
+   } else if (*keysize >= 28) {
+      *keysize = 28;
+   } else if (*keysize >= 24) {
+      *keysize = 24;
+   } else if (*keysize >= 20) {
+      *keysize = 20;
+   } else if (*keysize >= 16) {
+      *keysize = 16;
+   } else {
+      return CRYPT_INVALID_KEYSIZE;
+   }
+   return CRYPT_OK;
+}
+
+#endif
+

blowfish.c → src/ciphers/blowfish.c

@@ -8,11 +8,15 @@
  *
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
-#include "mycrypt.h"
+/**
+  @file blowfish.c
+  Implementation of the Blowfish block cipher, Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef BLOWFISH
 
-const struct _cipher_descriptor blowfish_desc =
+const struct ltc_cipher_descriptor blowfish_desc =
 {
     "blowfish",
     0,
@@ -291,14 +295,22 @@ static const ulong32 ORIG_S[4][256] = {
         0xB74E6132UL, 0xCE77E25BUL, 0x578FDFE3UL, 0x3AC372E6UL  }
 };
 
+ /**
+    Initialize the Blowfish block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
 int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
                    symmetric_key *skey)
 {
    ulong32 x, y, z, A;
    unsigned char B[8];
 
-   _ARGCHK(key != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(key != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    /* check key length */
    if (keylen < 8 || keylen > 56) {
@@ -353,7 +365,7 @@ int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
        }
    }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
    zeromem(B, sizeof(B));
 #endif
 
@@ -363,13 +375,19 @@ int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
 #ifndef __GNUC__
 #define F(x) ((S1[byte(x,3)] + S2[byte(x,2)]) ^ S3[byte(x,1)]) + S4[byte(x,0)]
 #else
-#define F(x) ((key->blowfish.S[0][byte(x,3)] + key->blowfish.S[1][byte(x,2)]) ^ key->blowfish.S[2][byte(x,1)]) + key->blowfish.S[3][byte(x,0)]
+#define F(x) ((skey->blowfish.S[0][byte(x,3)] + skey->blowfish.S[1][byte(x,2)]) ^ skey->blowfish.S[2][byte(x,1)]) + skey->blowfish.S[3][byte(x,0)]
 #endif
 
-#ifdef CLEAN_STACK
-static void _blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+/**
+  Encrypts a block of text with Blowfish
+  @param pt The input plaintext (8 bytes)
+  @param ct The output ciphertext (8 bytes)
+  @param skey The key as scheduled
+*/
+#ifdef LTC_CLEAN_STACK
+static void _blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #else
-void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #endif
 {
    ulong32 L, R;
@@ -378,15 +396,15 @@ void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
    ulong32 *S1, *S2, *S3, *S4;
 #endif
 
-    _ARGCHK(pt != NULL);
-    _ARGCHK(ct != NULL);
-    _ARGCHK(key != NULL);
+    LTC_ARGCHK(pt   != NULL);
+    LTC_ARGCHK(ct   != NULL);
+    LTC_ARGCHK(skey != NULL);
 
 #ifndef __GNUC__
-    S1 = key->blowfish.S[0];
-    S2 = key->blowfish.S[1];
-    S3 = key->blowfish.S[2];
-    S4 = key->blowfish.S[3];
+    S1 = skey->blowfish.S[0];
+    S2 = skey->blowfish.S[1];
+    S3 = skey->blowfish.S[2];
+    S4 = skey->blowfish.S[3];
 #endif
 
    /* load it */
@@ -395,33 +413,39 @@ void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
 
    /* do 16 rounds */
    for (r = 0; r < 16; ) {
-      L ^= key->blowfish.K[r++];  R ^= F(L);
-      R ^= key->blowfish.K[r++];  L ^= F(R);
-      L ^= key->blowfish.K[r++];  R ^= F(L);
-      R ^= key->blowfish.K[r++];  L ^= F(R);
+      L ^= skey->blowfish.K[r++];  R ^= F(L);
+      R ^= skey->blowfish.K[r++];  L ^= F(R);
+      L ^= skey->blowfish.K[r++];  R ^= F(L);
+      R ^= skey->blowfish.K[r++];  L ^= F(R);
    }
 
    /* last keying */
-   R ^= key->blowfish.K[17];
-   L ^= key->blowfish.K[16];
+   R ^= skey->blowfish.K[17];
+   L ^= skey->blowfish.K[16];
 
    /* store */
    STORE32H(R, &ct[0]);
    STORE32H(L, &ct[4]);
 }
 
-#ifdef CLEAN_STACK
-void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 {
-    _blowfish_ecb_encrypt(pt, ct, key);
+    _blowfish_ecb_encrypt(pt, ct, skey);
     burn_stack(sizeof(ulong32) * 2 + sizeof(int));
 }
 #endif
 
-#ifdef CLEAN_STACK
-static void _blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+/**
+  Decrypts a block of text with Blowfish
+  @param ct The input ciphertext (8 bytes)
+  @param pt The output plaintext (8 bytes)
+  @param skey The key as scheduled 
+*/
+#ifdef LTC_CLEAN_STACK
+static void _blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #else
-void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #endif
 {
    ulong32 L, R;
@@ -430,15 +454,15 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
    ulong32 *S1, *S2, *S3, *S4;
 #endif
 
-    _ARGCHK(pt != NULL);
-    _ARGCHK(ct != NULL);
-    _ARGCHK(key != NULL);
+    LTC_ARGCHK(pt   != NULL);
+    LTC_ARGCHK(ct   != NULL);
+    LTC_ARGCHK(skey != NULL);
     
 #ifndef __GNUC__
-    S1 = key->blowfish.S[0];
-    S2 = key->blowfish.S[1];
-    S3 = key->blowfish.S[2];
-    S4 = key->blowfish.S[3];
+    S1 = skey->blowfish.S[0];
+    S2 = skey->blowfish.S[1];
+    S3 = skey->blowfish.S[2];
+    S4 = skey->blowfish.S[3];
 #endif
 
    /* load it */
@@ -446,15 +470,15 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
    LOAD32H(L, &ct[4]);
 
    /* undo last keying */
-   R ^= key->blowfish.K[17];
-   L ^= key->blowfish.K[16];
+   R ^= skey->blowfish.K[17];
+   L ^= skey->blowfish.K[16];
 
    /* do 16 rounds */
    for (r = 15; r > 0; ) {
-      L ^= F(R); R ^= key->blowfish.K[r--];
-      R ^= F(L); L ^= key->blowfish.K[r--];
-      L ^= F(R); R ^= key->blowfish.K[r--];
-      R ^= F(L); L ^= key->blowfish.K[r--];
+      L ^= F(R); R ^= skey->blowfish.K[r--];
+      R ^= F(L); L ^= skey->blowfish.K[r--];
+      L ^= F(R); R ^= skey->blowfish.K[r--];
+      R ^= F(L); L ^= skey->blowfish.K[r--];
    }
 
    /* store */
@@ -462,15 +486,19 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
    STORE32H(R, &pt[4]);
 }
 
-#ifdef CLEAN_STACK
-void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 {
-    _blowfish_ecb_decrypt(ct, pt, key);
+    _blowfish_ecb_decrypt(ct, pt, skey);
     burn_stack(sizeof(ulong32) * 2 + sizeof(int));
 }
 #endif
 
 
+/**
+  Performs a self-test of the Blowfish block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
 int blowfish_test(void)
 {
  #ifndef LTC_TEST
@@ -525,14 +553,19 @@ int blowfish_test(void)
  #endif
 }
 
-int blowfish_keysize(int *desired_keysize)
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int blowfish_keysize(int *keysize)
 {
-   _ARGCHK(desired_keysize != NULL);
+   LTC_ARGCHK(keysize != NULL);
 
-   if (*desired_keysize < 8) {
+   if (*keysize < 8) {
       return CRYPT_INVALID_KEYSIZE;
-   } else if (*desired_keysize > 56) {
-      *desired_keysize = 56;
+   } else if (*keysize > 56) {
+      *keysize = 56;
    }
    return CRYPT_OK;
 }

cast5.c → src/ciphers/cast5.c

@@ -8,12 +8,16 @@
  *
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
-/* Implementation of CAST5 (RFC 2144) by Tom St Denis */
-#include "mycrypt.h"
+ 
+ /** 
+   @file cast5.c
+   Implementation of CAST5 (RFC 2144) by Tom St Denis 
+ */
+#include "tomcrypt.h"
 
 #ifdef CAST5
 
-const struct _cipher_descriptor cast5_desc = {
+const struct ltc_cipher_descriptor cast5_desc = {
    "cast5",
    15,
    5, 16, 8, 16,
@@ -391,7 +395,15 @@ static const ulong32 S8[256] = {
    #define GB(x, i) (((x[(15-i)>>2])>>(unsigned)(8*((15-i)&3)))&255)
 #endif   
 
-#ifdef CLEAN_STACK
+ /**
+    Initialize the CAST5 block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
+#ifdef LTC_CLEAN_STACK
 static int _cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 #else
 int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@@ -401,8 +413,8 @@ int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_
    unsigned char buf[16];
    int y, i;
 
-   _ARGCHK(key != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(key != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    if (num_rounds != 12 && num_rounds != 16 && num_rounds != 0) {
       return CRYPT_INVALID_ROUNDS; 
@@ -466,7 +478,7 @@ int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_
 
    skey->cast5.keylen = keylen;
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
    zeromem(buf, sizeof(buf));
    zeromem(x, sizeof(x));
    zeromem(z, sizeof(z));
@@ -475,7 +487,7 @@ int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_
    return CRYPT_OK;
 }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
    int z;
@@ -515,95 +527,111 @@ INLINE static ulong32 FIII(ulong32 R, ulong32 Km, ulong32 Kr)
    return ((S1[byte(I, 3)] + S2[byte(I,2)]) ^ S3[byte(I,1)]) - S4[byte(I,0)];
 }
 
-#ifdef CLEAN_STACK
-static void _cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+/**
+  Encrypts a block of text with CAST5
+  @param pt The input plaintext (8 bytes)
+  @param ct The output ciphertext (8 bytes)
+  @param skey The key as scheduled
+*/
+#ifdef LTC_CLEAN_STACK
+static void _cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #else
-void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #endif
 {
    ulong32 R, L;
 
-   _ARGCHK(pt != NULL);
-   _ARGCHK(ct != NULL);
-   _ARGCHK(key != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    LOAD32H(L,&pt[0]); 
    LOAD32H(R,&pt[4]);
-   L ^= FI(R, key->cast5.K[0], key->cast5.K[16]);
-   R ^= FII(L, key->cast5.K[1], key->cast5.K[17]);
-   L ^= FIII(R, key->cast5.K[2], key->cast5.K[18]);
-   R ^= FI(L, key->cast5.K[3], key->cast5.K[19]);
-   L ^= FII(R, key->cast5.K[4], key->cast5.K[20]);
-   R ^= FIII(L, key->cast5.K[5], key->cast5.K[21]);
-   L ^= FI(R, key->cast5.K[6], key->cast5.K[22]);
-   R ^= FII(L, key->cast5.K[7], key->cast5.K[23]);
-   L ^= FIII(R, key->cast5.K[8], key->cast5.K[24]);
-   R ^= FI(L, key->cast5.K[9], key->cast5.K[25]);
-   L ^= FII(R, key->cast5.K[10], key->cast5.K[26]);
-   R ^= FIII(L, key->cast5.K[11], key->cast5.K[27]);
-   if (key->cast5.keylen > 10) {
-      L ^= FI(R, key->cast5.K[12], key->cast5.K[28]);
-      R ^= FII(L, key->cast5.K[13], key->cast5.K[29]);
-      L ^= FIII(R, key->cast5.K[14], key->cast5.K[30]);
-      R ^= FI(L, key->cast5.K[15], key->cast5.K[31]);
+   L ^= FI(R, skey->cast5.K[0], skey->cast5.K[16]);
+   R ^= FII(L, skey->cast5.K[1], skey->cast5.K[17]);
+   L ^= FIII(R, skey->cast5.K[2], skey->cast5.K[18]);
+   R ^= FI(L, skey->cast5.K[3], skey->cast5.K[19]);
+   L ^= FII(R, skey->cast5.K[4], skey->cast5.K[20]);
+   R ^= FIII(L, skey->cast5.K[5], skey->cast5.K[21]);
+   L ^= FI(R, skey->cast5.K[6], skey->cast5.K[22]);
+   R ^= FII(L, skey->cast5.K[7], skey->cast5.K[23]);
+   L ^= FIII(R, skey->cast5.K[8], skey->cast5.K[24]);
+   R ^= FI(L, skey->cast5.K[9], skey->cast5.K[25]);
+   L ^= FII(R, skey->cast5.K[10], skey->cast5.K[26]);
+   R ^= FIII(L, skey->cast5.K[11], skey->cast5.K[27]);
+   if (skey->cast5.keylen > 10) {
+      L ^= FI(R, skey->cast5.K[12], skey->cast5.K[28]);
+      R ^= FII(L, skey->cast5.K[13], skey->cast5.K[29]);
+      L ^= FIII(R, skey->cast5.K[14], skey->cast5.K[30]);
+      R ^= FI(L, skey->cast5.K[15], skey->cast5.K[31]);
    }
    STORE32H(R,&ct[0]);
    STORE32H(L,&ct[4]);
 }
 
 
-#ifdef CLEAN_STACK
-void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 {
-   _cast5_ecb_encrypt(pt,ct,key);
+   _cast5_ecb_encrypt(pt,ct,skey);
    burn_stack(sizeof(ulong32)*3);
 }
 #endif
 
-#ifdef CLEAN_STACK
-static void _cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+/**
+  Decrypts a block of text with CAST5
+  @param ct The input ciphertext (8 bytes)
+  @param pt The output plaintext (8 bytes)
+  @param skey The key as scheduled 
+*/
+#ifdef LTC_CLEAN_STACK
+static void _cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #else
-void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #endif
 {
    ulong32 R, L;
 
-   _ARGCHK(pt != NULL);
-   _ARGCHK(ct != NULL);
-   _ARGCHK(key != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    LOAD32H(R,&ct[0]); 
    LOAD32H(L,&ct[4]);
-   if (key->cast5.keylen > 10) {
-      R ^= FI(L, key->cast5.K[15], key->cast5.K[31]);
-      L ^= FIII(R, key->cast5.K[14], key->cast5.K[30]);
-      R ^= FII(L, key->cast5.K[13], key->cast5.K[29]);
-      L ^= FI(R, key->cast5.K[12], key->cast5.K[28]);
+   if (skey->cast5.keylen > 10) {
+      R ^= FI(L, skey->cast5.K[15], skey->cast5.K[31]);
+      L ^= FIII(R, skey->cast5.K[14], skey->cast5.K[30]);
+      R ^= FII(L, skey->cast5.K[13], skey->cast5.K[29]);
+      L ^= FI(R, skey->cast5.K[12], skey->cast5.K[28]);
    }
-   R ^= FIII(L, key->cast5.K[11], key->cast5.K[27]);
-   L ^= FII(R, key->cast5.K[10], key->cast5.K[26]);
-   R ^= FI(L, key->cast5.K[9], key->cast5.K[25]);
-   L ^= FIII(R, key->cast5.K[8], key->cast5.K[24]);
-   R ^= FII(L, key->cast5.K[7], key->cast5.K[23]);
-   L ^= FI(R, key->cast5.K[6], key->cast5.K[22]);
-   R ^= FIII(L, key->cast5.K[5], key->cast5.K[21]);
-   L ^= FII(R, key->cast5.K[4], key->cast5.K[20]);
-   R ^= FI(L, key->cast5.K[3], key->cast5.K[19]);
-   L ^= FIII(R, key->cast5.K[2], key->cast5.K[18]);
-   R ^= FII(L, key->cast5.K[1], key->cast5.K[17]);
-   L ^= FI(R, key->cast5.K[0], key->cast5.K[16]);
+   R ^= FIII(L, skey->cast5.K[11], skey->cast5.K[27]);
+   L ^= FII(R, skey->cast5.K[10], skey->cast5.K[26]);
+   R ^= FI(L, skey->cast5.K[9], skey->cast5.K[25]);
+   L ^= FIII(R, skey->cast5.K[8], skey->cast5.K[24]);
+   R ^= FII(L, skey->cast5.K[7], skey->cast5.K[23]);
+   L ^= FI(R, skey->cast5.K[6], skey->cast5.K[22]);
+   R ^= FIII(L, skey->cast5.K[5], skey->cast5.K[21]);
+   L ^= FII(R, skey->cast5.K[4], skey->cast5.K[20]);
+   R ^= FI(L, skey->cast5.K[3], skey->cast5.K[19]);
+   L ^= FIII(R, skey->cast5.K[2], skey->cast5.K[18]);
+   R ^= FII(L, skey->cast5.K[1], skey->cast5.K[17]);
+   L ^= FI(R, skey->cast5.K[0], skey->cast5.K[16]);
    STORE32H(L,&pt[0]);
    STORE32H(R,&pt[4]);
 }
 
-#ifdef CLEAN_STACK
-void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 {
-   _cast5_ecb_decrypt(ct,pt,key);
+   _cast5_ecb_decrypt(ct,pt,skey);
    burn_stack(sizeof(ulong32)*3);
 }
 #endif
 
+/**
+  Performs a self-test of the CAST5 block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
 int cast5_test(void)
 {
  #ifndef LTC_TEST
@@ -655,13 +683,18 @@ int cast5_test(void)
  #endif
 }
 
-int cast5_keysize(int *desired_keysize)
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int cast5_keysize(int *keysize)
 {
-   _ARGCHK(desired_keysize != NULL);
-   if (*desired_keysize < 5) {
+   LTC_ARGCHK(keysize != NULL);
+   if (*keysize < 5) {
       return CRYPT_INVALID_KEYSIZE;
-   } else if (*desired_keysize > 16) {
-      *desired_keysize = 16;
+   } else if (*keysize > 16) {
+      *keysize = 16;
    }
    return CRYPT_OK;
 } 

des.c → src/ciphers/des.c

@@ -8,15 +8,19 @@
  *
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
-/* DES code submitted by Dobes Vandermeer */
-#include "mycrypt.h"
+#include "tomcrypt.h"
+
+/** 
+  @file des.c
+  DES code submitted by Dobes Vandermeer 
+*/
 
 #ifdef DES
 
 #define EN0 0 
 #define DE1 1
 
-const struct _cipher_descriptor des_desc =
+const struct ltc_cipher_descriptor des_desc =
 {
     "des",
     13,
@@ -28,7 +32,7 @@ const struct _cipher_descriptor des_desc =
     &des_keysize
 };
 
-const struct _cipher_descriptor des3_desc =
+const struct ltc_cipher_descriptor des3_desc =
 {
     "3des",
     14,
@@ -239,7 +243,7 @@ static const ulong32 SP8[64] =
     0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL
 };
 
-#ifndef SMALL_CODE
+#ifndef LTC_SMALL_CODE
 
 static const ulong64 des_ip[8][256] = {
 
@@ -1292,10 +1296,10 @@ static const ulong64 des_fp[8][256] = {
 
 static void cookey(const ulong32 *raw1, ulong32 *keyout);
 
-#ifdef CLEAN_STACK
-void _deskey(const unsigned char *key, short edf, ulong32 *keyout)
+#ifdef LTC_CLEAN_STACK
+static void _deskey(const unsigned char *key, short edf, ulong32 *keyout)
 #else
-void deskey(const unsigned char *key, short edf, ulong32 *keyout)
+static void deskey(const unsigned char *key, short edf, ulong32 *keyout)
 #endif
 {
     ulong32 i, j, l, m, n, kn[32];
@@ -1344,15 +1348,15 @@ void deskey(const unsigned char *key, short edf, ulong32 *keyout)
     cookey(kn, keyout);
 }
 
-#ifdef CLEAN_STACK
-void deskey(const unsigned char *key, short edf, ulong32 *keyout)
+#ifdef LTC_CLEAN_STACK
+static void deskey(const unsigned char *key, short edf, ulong32 *keyout)
 {
    _deskey(key, edf, keyout);
    burn_stack(sizeof(int)*5 + sizeof(ulong32)*32 + sizeof(unsigned char)*112);
 }
 #endif
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 static void _cookey(const ulong32 *raw1, ulong32 *keyout)
 #else
 static void cookey(const ulong32 *raw1, ulong32 *keyout)
@@ -1380,7 +1384,7 @@ static void cookey(const ulong32 *raw1, ulong32 *keyout)
     XMEMCPY(keyout, dough, sizeof dough);
 }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 static void cookey(const ulong32 *raw1, ulong32 *keyout)
 {
    _cookey(raw1, keyout);
@@ -1388,7 +1392,7 @@ static void cookey(const ulong32 *raw1, ulong32 *keyout)
 }
 #endif
 
-#ifndef CLEAN_STACK
+#ifndef LTC_CLEAN_STACK
 static void desfunc(ulong32 *block, const ulong32 *keys)
 #else
 static void _desfunc(ulong32 *block, const ulong32 *keys)
@@ -1400,7 +1404,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
     leftt = block[0];
     right = block[1];
 
-#ifdef SMALL_CODE
+#ifdef LTC_SMALL_CODE
     work = ((leftt >> 4)  ^ right) & 0x0f0f0f0fL;
     right ^= work;
     leftt ^= (work << 4);
@@ -1417,12 +1421,12 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
     leftt ^= work;
     right ^= (work << 8);
 
-    right = ROL(right, 1);
+    right = ROLc(right, 1);
     work = (leftt ^ right) & 0xaaaaaaaaL;
     
     leftt ^= work;
     right ^= work;
-    leftt = ROL(leftt, 1);
+    leftt = ROLc(leftt, 1);
 #else 
    {
       ulong64 tmp;
@@ -1440,7 +1444,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
 #endif
 
     for (cur_round = 0; cur_round < 8; cur_round++) {
-        work  = ROR(right, 4) ^ *keys++;
+        work  = RORc(right, 4) ^ *keys++;
         leftt ^= SP7[work        & 0x3fL]
               ^ SP5[(work >>  8) & 0x3fL]
               ^ SP3[(work >> 16) & 0x3fL]
@@ -1451,7 +1455,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
               ^  SP4[(work >> 16) & 0x3fL]
               ^  SP2[(work >> 24) & 0x3fL];
 
-        work = ROR(leftt, 4) ^ *keys++;
+        work = RORc(leftt, 4) ^ *keys++;
         right ^= SP7[ work        & 0x3fL]
               ^  SP5[(work >>  8) & 0x3fL]
               ^  SP3[(work >> 16) & 0x3fL]
@@ -1463,12 +1467,12 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
               ^  SP2[(work >> 24) & 0x3fL];
     }
 
-#ifdef SMALL_CODE    
-    right = ROR(right, 1);
+#ifdef LTC_SMALL_CODE    
+    right = RORc(right, 1);
     work = (leftt ^ right) & 0xaaaaaaaaL;
     leftt ^= work;
     right ^= work;
-    leftt = ROR(leftt, 1);
+    leftt = RORc(leftt, 1);
     work = ((leftt >> 8) ^ right) & 0x00ff00ffL;
     right ^= work;
     leftt ^= (work << 8);
@@ -1502,7 +1506,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
     block[1] = leftt;
 }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 static void desfunc(ulong32 *block, const ulong32 *keys)
 {
    _desfunc(block, keys);
@@ -1510,10 +1514,18 @@ static void desfunc(ulong32 *block, const ulong32 *keys)
 }
 #endif
 
+ /**
+    Initialize the DES block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
 int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
-    _ARGCHK(key != NULL);
-    _ARGCHK(skey != NULL);
+    LTC_ARGCHK(key != NULL);
+    LTC_ARGCHK(skey != NULL);
 
     if (num_rounds != 0 && num_rounds != 16) {
         return CRYPT_INVALID_ROUNDS;
@@ -1529,10 +1541,18 @@ int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
     return CRYPT_OK;
 }
 
+ /**
+    Initialize the 3DES-EDE block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
 int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
-    _ARGCHK(key != NULL);
-    _ARGCHK(skey != NULL);
+    LTC_ARGCHK(key != NULL);
+    LTC_ARGCHK(skey != NULL);
 
     if(num_rounds != 0 && num_rounds != 16) {
         return CRYPT_INVALID_ROUNDS;
@@ -1553,63 +1573,91 @@ int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
     return CRYPT_OK;
 }
 
-void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+/**
+  Encrypts a block of text with DES
+  @param pt The input plaintext (8 bytes)
+  @param ct The output ciphertext (8 bytes)
+  @param skey The key as scheduled
+*/
+void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 {
     ulong32 work[2];
-    _ARGCHK(pt != NULL);
-    _ARGCHK(ct != NULL);
-    _ARGCHK(key != NULL);
+    LTC_ARGCHK(pt   != NULL);
+    LTC_ARGCHK(ct   != NULL);
+    LTC_ARGCHK(skey != NULL);
     LOAD32H(work[0], pt+0);
     LOAD32H(work[1], pt+4);
-    desfunc(work, key->des.ek);
+    desfunc(work, skey->des.ek);
     STORE32H(work[0],ct+0);
     STORE32H(work[1],ct+4);
 }
 
-void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+/**
+  Decrypts a block of text with DES
+  @param ct The input ciphertext (8 bytes)
+  @param pt The output plaintext (8 bytes)
+  @param skey The key as scheduled 
+*/
+void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 {
     ulong32 work[2];
-    _ARGCHK(pt != NULL);
-    _ARGCHK(ct != NULL);
-    _ARGCHK(key != NULL);
+    LTC_ARGCHK(pt   != NULL);
+    LTC_ARGCHK(ct   != NULL);
+    LTC_ARGCHK(skey != NULL);
     LOAD32H(work[0], ct+0);
     LOAD32H(work[1], ct+4);
-    desfunc(work, key->des.dk);
+    desfunc(work, skey->des.dk);
     STORE32H(work[0],pt+0);
     STORE32H(work[1],pt+4);
 }
 
-void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+/**
+  Encrypts a block of text with 3DES-EDE
+  @param pt The input plaintext (8 bytes)
+  @param ct The output ciphertext (8 bytes)
+  @param skey The key as scheduled
+*/
+void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 {
     ulong32 work[2];
     
-    _ARGCHK(pt != NULL);
-    _ARGCHK(ct != NULL);
-    _ARGCHK(key != NULL);
+    LTC_ARGCHK(pt   != NULL);
+    LTC_ARGCHK(ct   != NULL);
+    LTC_ARGCHK(skey != NULL);
     LOAD32H(work[0], pt+0);
     LOAD32H(work[1], pt+4);
-    desfunc(work, key->des3.ek[0]);
-    desfunc(work, key->des3.ek[1]);
-    desfunc(work, key->des3.ek[2]);
+    desfunc(work, skey->des3.ek[0]);
+    desfunc(work, skey->des3.ek[1]);
+    desfunc(work, skey->des3.ek[2]);
     STORE32H(work[0],ct+0);
     STORE32H(work[1],ct+4);
 }
 
-void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+/**
+  Decrypts a block of text with 3DES-EDE
+  @param ct The input ciphertext (8 bytes)
+  @param pt The output plaintext (8 bytes)
+  @param skey The key as scheduled 
+*/
+void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 {
     ulong32 work[2];
-    _ARGCHK(pt != NULL);
-    _ARGCHK(ct != NULL);
-    _ARGCHK(key != NULL);
+    LTC_ARGCHK(pt   != NULL);
+    LTC_ARGCHK(ct   != NULL);
+    LTC_ARGCHK(skey != NULL);
     LOAD32H(work[0], ct+0);
     LOAD32H(work[1], ct+4);
-    desfunc(work, key->des3.dk[0]);
-    desfunc(work, key->des3.dk[1]);
-    desfunc(work, key->des3.dk[2]);
+    desfunc(work, skey->des3.dk[0]);
+    desfunc(work, skey->des3.dk[1]);
+    desfunc(work, skey->des3.dk[2]);
     STORE32H(work[0],pt+0);
     STORE32H(work[1],pt+4);
 }
 
+/**
+  Performs a self-test of the DES block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
 int des_test(void)
 {
  #ifndef LTC_TEST
@@ -1789,23 +1837,33 @@ int des3_test(void)
  #endif
 }
 
-int des_keysize(int *desired_keysize)
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int des_keysize(int *keysize)
 {
-    _ARGCHK(desired_keysize != NULL);
-    if(*desired_keysize < 8) {
+    LTC_ARGCHK(keysize != NULL);
+    if(*keysize < 8) {
         return CRYPT_INVALID_KEYSIZE;
     }
-    *desired_keysize = 8;
+    *keysize = 8;
     return CRYPT_OK;
 }
 
-int des3_keysize(int *desired_keysize)
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int des3_keysize(int *keysize)
 {
-    _ARGCHK(desired_keysize != NULL);
-    if(*desired_keysize < 24) {
+    LTC_ARGCHK(keysize != NULL);
+    if(*keysize < 24) {
         return CRYPT_INVALID_KEYSIZE;
     }
-    *desired_keysize = 24;
+    *keysize = 24;
     return CRYPT_OK;
 }
 

src/ciphers/khazad.c

@@ -0,0 +1,838 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+#include "tomcrypt.h"
+
+/**
+  @file khazad.c
+  Khazad implementation derived from public domain source
+  Authors: Paulo S.L.M. Barreto and Vincent Rijmen.
+*/
+
+#ifdef KHAZAD
+
+const struct ltc_cipher_descriptor khazad_desc = {
+   "khazad",
+   18,
+   16, 16, 8, 8,
+   &khazad_setup,
+   &khazad_ecb_encrypt,
+   &khazad_ecb_decrypt,
+   &khazad_test,
+   &khazad_keysize
+};
+
+#define R      8 
+#define KEYSIZE      128 
+#define KEYSIZEB   (KEYSIZE/8) 
+#define BLOCKSIZE   64 
+#define BLOCKSIZEB   (BLOCKSIZE/8) 
+
+static const ulong64 T0[256] = {
+    CONST64(0xbad3d268bbb96a01), CONST64(0x54fc4d19e59a66b1), CONST64(0x2f71bc93e26514cd), CONST64(0x749ccdb925871b51),
+    CONST64(0x53f55102f7a257a4), CONST64(0xd3686bb8d0d6be03), CONST64(0xd26b6fbdd6deb504), CONST64(0x4dd72964b35285fe),
+    CONST64(0x50f05d0dfdba4aad), CONST64(0xace98a26cf09e063), CONST64(0x8d8a0e83091c9684), CONST64(0xbfdcc679a5914d1a),
+    CONST64(0x7090ddad3da7374d), CONST64(0x52f65507f1aa5ca3), CONST64(0x9ab352c87ba417e1), CONST64(0x4cd42d61b55a8ef9),
+    CONST64(0xea238f65460320ac), CONST64(0xd56273a6c4e68411), CONST64(0x97a466f155cc68c2), CONST64(0xd16e63b2dcc6a80d),
+    CONST64(0x3355ccffaa85d099), CONST64(0x51f35908fbb241aa), CONST64(0x5bed712ac7e20f9c), CONST64(0xa6f7a204f359ae55),
+    CONST64(0xde7f5f81febec120), CONST64(0x48d83d75ad7aa2e5), CONST64(0xa8e59a32d729cc7f), CONST64(0x99b65ec771bc0ae8),
+    CONST64(0xdb704b90e096e63b), CONST64(0x3256c8faac8ddb9e), CONST64(0xb7c4e65195d11522), CONST64(0xfc19d72b32b3aace),
+    CONST64(0xe338ab48704b7393), CONST64(0x9ebf42dc63843bfd), CONST64(0x91ae7eef41fc52d0), CONST64(0x9bb056cd7dac1ce6),
+    CONST64(0xe23baf4d76437894), CONST64(0xbbd0d66dbdb16106), CONST64(0x41c319589b32f1da), CONST64(0x6eb2a5cb7957e517),
+    CONST64(0xa5f2ae0bf941b35c), CONST64(0xcb400bc08016564b), CONST64(0x6bbdb1da677fc20c), CONST64(0x95a26efb59dc7ecc),
+    CONST64(0xa1febe1fe1619f40), CONST64(0xf308eb1810cbc3e3), CONST64(0xb1cefe4f81e12f30), CONST64(0x0206080a0c10160e),
+    CONST64(0xcc4917db922e675e), CONST64(0xc45137f3a26e3f66), CONST64(0x1d2774694ee8cf53), CONST64(0x143c504478a09c6c),
+    CONST64(0xc3582be8b0560e73), CONST64(0x63a591f2573f9a34), CONST64(0xda734f95e69eed3c), CONST64(0x5de76934d3d2358e),
+    CONST64(0x5fe1613edfc22380), CONST64(0xdc79578bf2aed72e), CONST64(0x7d87e99413cf486e), CONST64(0xcd4a13de94266c59),
+    CONST64(0x7f81e19e1fdf5e60), CONST64(0x5aee752fc1ea049b), CONST64(0x6cb4adc17547f319), CONST64(0x5ce46d31d5da3e89),
+    CONST64(0xf704fb0c08ebefff), CONST64(0x266a98bed42d47f2), CONST64(0xff1cdb2438abb7c7), CONST64(0xed2a937e543b11b9),
+    CONST64(0xe825876f4a1336a2), CONST64(0x9dba4ed3699c26f4), CONST64(0x6fb1a1ce7f5fee10), CONST64(0x8e8f028c03048b8d),
+    CONST64(0x192b647d56c8e34f), CONST64(0xa0fdba1ae7699447), CONST64(0xf00de7171ad3deea), CONST64(0x89861e97113cba98),
+    CONST64(0x0f113c332278692d), CONST64(0x07091c1b12383115), CONST64(0xafec8629c511fd6a), CONST64(0xfb10cb30208b9bdb),
+    CONST64(0x0818202830405838), CONST64(0x153f54417ea8976b), CONST64(0x0d1734392e687f23), CONST64(0x040c101418202c1c),
+    CONST64(0x0103040506080b07), CONST64(0x64ac8de94507ab21), CONST64(0xdf7c5b84f8b6ca27), CONST64(0x769ac5b329970d5f),
+    CONST64(0x798bf9800bef6472), CONST64(0xdd7a538ef4a6dc29), CONST64(0x3d47f4c98ef5b2b3), CONST64(0x163a584e74b08a62),
+    CONST64(0x3f41fcc382e5a4bd), CONST64(0x3759dcebb2a5fc85), CONST64(0x6db7a9c4734ff81e), CONST64(0x3848e0d890dd95a8),
+    CONST64(0xb9d6de67b1a17708), CONST64(0x7395d1a237bf2a44), CONST64(0xe926836a4c1b3da5), CONST64(0x355fd4e1beb5ea8b),
+    CONST64(0x55ff491ce3926db6), CONST64(0x7193d9a83baf3c4a), CONST64(0x7b8df18a07ff727c), CONST64(0x8c890a860f149d83),
+    CONST64(0x7296d5a731b72143), CONST64(0x88851a921734b19f), CONST64(0xf607ff090ee3e4f8), CONST64(0x2a7ea882fc4d33d6),
+    CONST64(0x3e42f8c684edafba), CONST64(0x5ee2653bd9ca2887), CONST64(0x27699cbbd2254cf5), CONST64(0x46ca0543890ac0cf),
+    CONST64(0x0c14303c28607424), CONST64(0x65af89ec430fa026), CONST64(0x68b8bdd56d67df05), CONST64(0x61a399f85b2f8c3a),
+    CONST64(0x03050c0f0a181d09), CONST64(0xc15e23e2bc46187d), CONST64(0x57f94116ef827bb8), CONST64(0xd6677fa9cefe9918),
+    CONST64(0xd976439aec86f035), CONST64(0x58e87d25cdfa1295), CONST64(0xd875479fea8efb32), CONST64(0x66aa85e34917bd2f),
+    CONST64(0xd7647bacc8f6921f), CONST64(0x3a4ee8d29ccd83a6), CONST64(0xc84507cf8a0e4b42), CONST64(0x3c44f0cc88fdb9b4),
+    CONST64(0xfa13cf35268390dc), CONST64(0x96a762f453c463c5), CONST64(0xa7f4a601f551a552), CONST64(0x98b55ac277b401ef),
+    CONST64(0xec29977b52331abe), CONST64(0xb8d5da62b7a97c0f), CONST64(0xc7543bfca876226f), CONST64(0xaeef822cc319f66d),
+    CONST64(0x69bbb9d06b6fd402), CONST64(0x4bdd317aa762bfec), CONST64(0xabe0963ddd31d176), CONST64(0xa9e69e37d121c778),
+    CONST64(0x67a981e64f1fb628), CONST64(0x0a1e28223c504e36), CONST64(0x47c901468f02cbc8), CONST64(0xf20bef1d16c3c8e4),
+    CONST64(0xb5c2ee5b99c1032c), CONST64(0x226688aacc0d6bee), CONST64(0xe532b356647b4981), CONST64(0xee2f9f715e230cb0),
+    CONST64(0xbedfc27ca399461d), CONST64(0x2b7dac87fa4538d1), CONST64(0x819e3ebf217ce2a0), CONST64(0x1236485a6c90a67e),
+    CONST64(0x839836b52d6cf4ae), CONST64(0x1b2d6c775ad8f541), CONST64(0x0e1238362470622a), CONST64(0x23658cafca0560e9),
+    CONST64(0xf502f30604fbf9f1), CONST64(0x45cf094c8312ddc6), CONST64(0x216384a5c61576e7), CONST64(0xce4f1fd19e3e7150),
+    CONST64(0x49db3970ab72a9e2), CONST64(0x2c74b09ce87d09c4), CONST64(0xf916c33a2c9b8dd5), CONST64(0xe637bf596e635488),
+    CONST64(0xb6c7e25493d91e25), CONST64(0x2878a088f05d25d8), CONST64(0x17395c4b72b88165), CONST64(0x829b32b02b64ffa9),
+    CONST64(0x1a2e68725cd0fe46), CONST64(0x8b80169d1d2cac96), CONST64(0xfe1fdf213ea3bcc0), CONST64(0x8a8312981b24a791),
+    CONST64(0x091b242d3648533f), CONST64(0xc94603ca8c064045), CONST64(0x879426a1354cd8b2), CONST64(0x4ed2256bb94a98f7),
+    CONST64(0xe13ea3427c5b659d), CONST64(0x2e72b896e46d1fca), CONST64(0xe431b75362734286), CONST64(0xe03da7477a536e9a),
+    CONST64(0xeb208b60400b2bab), CONST64(0x90ad7aea47f459d7), CONST64(0xa4f1aa0eff49b85b), CONST64(0x1e22786644f0d25a),
+    CONST64(0x85922eab395ccebc), CONST64(0x60a09dfd5d27873d), CONST64(0x0000000000000000), CONST64(0x256f94b1de355afb),
+    CONST64(0xf401f70302f3f2f6), CONST64(0xf10ee3121cdbd5ed), CONST64(0x94a16afe5fd475cb), CONST64(0x0b1d2c273a584531),
+    CONST64(0xe734bb5c686b5f8f), CONST64(0x759fc9bc238f1056), CONST64(0xef2c9b74582b07b7), CONST64(0x345cd0e4b8bde18c),
+    CONST64(0x3153c4f5a695c697), CONST64(0xd46177a3c2ee8f16), CONST64(0xd06d67b7dacea30a), CONST64(0x869722a43344d3b5),
+    CONST64(0x7e82e59b19d75567), CONST64(0xadea8e23c901eb64), CONST64(0xfd1ad32e34bba1c9), CONST64(0x297ba48df6552edf),
+    CONST64(0x3050c0f0a09dcd90), CONST64(0x3b4decd79ac588a1), CONST64(0x9fbc46d9658c30fa), CONST64(0xf815c73f2a9386d2),
+    CONST64(0xc6573ff9ae7e2968), CONST64(0x13354c5f6a98ad79), CONST64(0x060a181e14303a12), CONST64(0x050f14111e28271b),
+    CONST64(0xc55233f6a4663461), CONST64(0x113344556688bb77), CONST64(0x7799c1b62f9f0658), CONST64(0x7c84ed9115c74369),
+    CONST64(0x7a8ef58f01f7797b), CONST64(0x7888fd850de76f75), CONST64(0x365ad8eeb4adf782), CONST64(0x1c24706c48e0c454),
+    CONST64(0x394be4dd96d59eaf), CONST64(0x59eb7920cbf21992), CONST64(0x1828607850c0e848), CONST64(0x56fa4513e98a70bf),
+    CONST64(0xb3c8f6458df1393e), CONST64(0xb0cdfa4a87e92437), CONST64(0x246c90b4d83d51fc), CONST64(0x206080a0c01d7de0),
+    CONST64(0xb2cbf2408bf93239), CONST64(0x92ab72e04be44fd9), CONST64(0xa3f8b615ed71894e), CONST64(0xc05d27e7ba4e137a),
+    CONST64(0x44cc0d49851ad6c1), CONST64(0x62a695f751379133), CONST64(0x103040506080b070), CONST64(0xb4c1ea5e9fc9082b),
+    CONST64(0x84912aae3f54c5bb), CONST64(0x43c511529722e7d4), CONST64(0x93a876e54dec44de), CONST64(0xc25b2fedb65e0574),
+    CONST64(0x4ade357fa16ab4eb), CONST64(0xbddace73a9815b14), CONST64(0x8f8c0689050c808a), CONST64(0x2d77b499ee7502c3),
+    CONST64(0xbcd9ca76af895013), CONST64(0x9cb94ad66f942df3), CONST64(0x6abeb5df6177c90b), CONST64(0x40c01d5d9d3afadd),
+    CONST64(0xcf4c1bd498367a57), CONST64(0xa2fbb210eb798249), CONST64(0x809d3aba2774e9a7), CONST64(0x4fd1216ebf4293f0),
+    CONST64(0x1f217c6342f8d95d), CONST64(0xca430fc5861e5d4c), CONST64(0xaae39238db39da71), CONST64(0x42c61557912aecd3),
+};
+
+static const ulong64 T1[256] = {
+    CONST64(0xd3ba68d2b9bb016a), CONST64(0xfc54194d9ae5b166), CONST64(0x712f93bc65e2cd14), CONST64(0x9c74b9cd8725511b),
+    CONST64(0xf5530251a2f7a457), CONST64(0x68d3b86bd6d003be), CONST64(0x6bd2bd6fded604b5), CONST64(0xd74d642952b3fe85),
+    CONST64(0xf0500d5dbafdad4a), CONST64(0xe9ac268a09cf63e0), CONST64(0x8a8d830e1c098496), CONST64(0xdcbf79c691a51a4d),
+    CONST64(0x9070addda73d4d37), CONST64(0xf6520755aaf1a35c), CONST64(0xb39ac852a47be117), CONST64(0xd44c612d5ab5f98e),
+    CONST64(0x23ea658f0346ac20), CONST64(0x62d5a673e6c41184), CONST64(0xa497f166cc55c268), CONST64(0x6ed1b263c6dc0da8),
+    CONST64(0x5533ffcc85aa99d0), CONST64(0xf3510859b2fbaa41), CONST64(0xed5b2a71e2c79c0f), CONST64(0xf7a604a259f355ae),
+    CONST64(0x7fde815fbefe20c1), CONST64(0xd848753d7aade5a2), CONST64(0xe5a8329a29d77fcc), CONST64(0xb699c75ebc71e80a),
+    CONST64(0x70db904b96e03be6), CONST64(0x5632fac88dac9edb), CONST64(0xc4b751e6d1952215), CONST64(0x19fc2bd7b332ceaa),
+    CONST64(0x38e348ab4b709373), CONST64(0xbf9edc428463fd3b), CONST64(0xae91ef7efc41d052), CONST64(0xb09bcd56ac7de61c),
+    CONST64(0x3be24daf43769478), CONST64(0xd0bb6dd6b1bd0661), CONST64(0xc3415819329bdaf1), CONST64(0xb26ecba5577917e5),
+    CONST64(0xf2a50bae41f95cb3), CONST64(0x40cbc00b16804b56), CONST64(0xbd6bdab17f670cc2), CONST64(0xa295fb6edc59cc7e),
+    CONST64(0xfea11fbe61e1409f), CONST64(0x08f318ebcb10e3c3), CONST64(0xceb14ffee181302f), CONST64(0x06020a08100c0e16),
+    CONST64(0x49ccdb172e925e67), CONST64(0x51c4f3376ea2663f), CONST64(0x271d6974e84e53cf), CONST64(0x3c144450a0786c9c),
+    CONST64(0x58c3e82b56b0730e), CONST64(0xa563f2913f57349a), CONST64(0x73da954f9ee63ced), CONST64(0xe75d3469d2d38e35),
+    CONST64(0xe15f3e61c2df8023), CONST64(0x79dc8b57aef22ed7), CONST64(0x877d94e9cf136e48), CONST64(0x4acdde132694596c),
+    CONST64(0x817f9ee1df1f605e), CONST64(0xee5a2f75eac19b04), CONST64(0xb46cc1ad477519f3), CONST64(0xe45c316ddad5893e),
+    CONST64(0x04f70cfbeb08ffef), CONST64(0x6a26be982dd4f247), CONST64(0x1cff24dbab38c7b7), CONST64(0x2aed7e933b54b911),
+    CONST64(0x25e86f87134aa236), CONST64(0xba9dd34e9c69f426), CONST64(0xb16fcea15f7f10ee), CONST64(0x8f8e8c0204038d8b),
+    CONST64(0x2b197d64c8564fe3), CONST64(0xfda01aba69e74794), CONST64(0x0df017e7d31aeade), CONST64(0x8689971e3c1198ba),
+    CONST64(0x110f333c78222d69), CONST64(0x09071b1c38121531), CONST64(0xecaf298611c56afd), CONST64(0x10fb30cb8b20db9b),
+    CONST64(0x1808282040303858), CONST64(0x3f154154a87e6b97), CONST64(0x170d3934682e237f), CONST64(0x0c04141020181c2c),
+    CONST64(0x030105040806070b), CONST64(0xac64e98d074521ab), CONST64(0x7cdf845bb6f827ca), CONST64(0x9a76b3c597295f0d),
+    CONST64(0x8b7980f9ef0b7264), CONST64(0x7add8e53a6f429dc), CONST64(0x473dc9f4f58eb3b2), CONST64(0x3a164e58b074628a),
+    CONST64(0x413fc3fce582bda4), CONST64(0x5937ebdca5b285fc), CONST64(0xb76dc4a94f731ef8), CONST64(0x4838d8e0dd90a895),
+    CONST64(0xd6b967dea1b10877), CONST64(0x9573a2d1bf37442a), CONST64(0x26e96a831b4ca53d), CONST64(0x5f35e1d4b5be8bea),
+    CONST64(0xff551c4992e3b66d), CONST64(0x9371a8d9af3b4a3c), CONST64(0x8d7b8af1ff077c72), CONST64(0x898c860a140f839d),
+    CONST64(0x9672a7d5b7314321), CONST64(0x8588921a34179fb1), CONST64(0x07f609ffe30ef8e4), CONST64(0x7e2a82a84dfcd633),
+    CONST64(0x423ec6f8ed84baaf), CONST64(0xe25e3b65cad98728), CONST64(0x6927bb9c25d2f54c), CONST64(0xca4643050a89cfc0),
+    CONST64(0x140c3c3060282474), CONST64(0xaf65ec890f4326a0), CONST64(0xb868d5bd676d05df), CONST64(0xa361f8992f5b3a8c),
+    CONST64(0x05030f0c180a091d), CONST64(0x5ec1e22346bc7d18), CONST64(0xf957164182efb87b), CONST64(0x67d6a97ffece1899),
+    CONST64(0x76d99a4386ec35f0), CONST64(0xe858257dfacd9512), CONST64(0x75d89f478eea32fb), CONST64(0xaa66e38517492fbd),
+    CONST64(0x64d7ac7bf6c81f92), CONST64(0x4e3ad2e8cd9ca683), CONST64(0x45c8cf070e8a424b), CONST64(0x443cccf0fd88b4b9),
+    CONST64(0x13fa35cf8326dc90), CONST64(0xa796f462c453c563), CONST64(0xf4a701a651f552a5), CONST64(0xb598c25ab477ef01),
+    CONST64(0x29ec7b973352be1a), CONST64(0xd5b862daa9b70f7c), CONST64(0x54c7fc3b76a86f22), CONST64(0xefae2c8219c36df6),
+    CONST64(0xbb69d0b96f6b02d4), CONST64(0xdd4b7a3162a7ecbf), CONST64(0xe0ab3d9631dd76d1), CONST64(0xe6a9379e21d178c7),
+    CONST64(0xa967e6811f4f28b6), CONST64(0x1e0a2228503c364e), CONST64(0xc9474601028fc8cb), CONST64(0x0bf21defc316e4c8),
+    CONST64(0xc2b55beec1992c03), CONST64(0x6622aa880dccee6b), CONST64(0x32e556b37b648149), CONST64(0x2fee719f235eb00c),
+    CONST64(0xdfbe7cc299a31d46), CONST64(0x7d2b87ac45fad138), CONST64(0x9e81bf3e7c21a0e2), CONST64(0x36125a48906c7ea6),
+    CONST64(0x9883b5366c2daef4), CONST64(0x2d1b776cd85a41f5), CONST64(0x120e363870242a62), CONST64(0x6523af8c05cae960),
+    CONST64(0x02f506f3fb04f1f9), CONST64(0xcf454c091283c6dd), CONST64(0x6321a58415c6e776), CONST64(0x4fced11f3e9e5071),
+    CONST64(0xdb49703972abe2a9), CONST64(0x742c9cb07de8c409), CONST64(0x16f93ac39b2cd58d), CONST64(0x37e659bf636e8854),
+    CONST64(0xc7b654e2d993251e), CONST64(0x782888a05df0d825), CONST64(0x39174b5cb8726581), CONST64(0x9b82b032642ba9ff),
+    CONST64(0x2e1a7268d05c46fe), CONST64(0x808b9d162c1d96ac), CONST64(0x1ffe21dfa33ec0bc), CONST64(0x838a9812241b91a7),
+    CONST64(0x1b092d2448363f53), CONST64(0x46c9ca03068c4540), CONST64(0x9487a1264c35b2d8), CONST64(0xd24e6b254ab9f798),
+    CONST64(0x3ee142a35b7c9d65), CONST64(0x722e96b86de4ca1f), CONST64(0x31e453b773628642), CONST64(0x3de047a7537a9a6e),
+    CONST64(0x20eb608b0b40ab2b), CONST64(0xad90ea7af447d759), CONST64(0xf1a40eaa49ff5bb8), CONST64(0x221e6678f0445ad2),
+    CONST64(0x9285ab2e5c39bcce), CONST64(0xa060fd9d275d3d87), CONST64(0x0000000000000000), CONST64(0x6f25b19435defb5a),
+    CONST64(0x01f403f7f302f6f2), CONST64(0x0ef112e3db1cedd5), CONST64(0xa194fe6ad45fcb75), CONST64(0x1d0b272c583a3145),
+    CONST64(0x34e75cbb6b688f5f), CONST64(0x9f75bcc98f235610), CONST64(0x2cef749b2b58b707), CONST64(0x5c34e4d0bdb88ce1),
+    CONST64(0x5331f5c495a697c6), CONST64(0x61d4a377eec2168f), CONST64(0x6dd0b767ceda0aa3), CONST64(0x9786a4224433b5d3),
+    CONST64(0x827e9be5d7196755), CONST64(0xeaad238e01c964eb), CONST64(0x1afd2ed3bb34c9a1), CONST64(0x7b298da455f6df2e),
+    CONST64(0x5030f0c09da090cd), CONST64(0x4d3bd7ecc59aa188), CONST64(0xbc9fd9468c65fa30), CONST64(0x15f83fc7932ad286),
+    CONST64(0x57c6f93f7eae6829), CONST64(0x35135f4c986a79ad), CONST64(0x0a061e183014123a), CONST64(0x0f051114281e1b27),
+    CONST64(0x52c5f63366a46134), CONST64(0x33115544886677bb), CONST64(0x9977b6c19f2f5806), CONST64(0x847c91edc7156943),
+    CONST64(0x8e7a8ff5f7017b79), CONST64(0x887885fde70d756f), CONST64(0x5a36eed8adb482f7), CONST64(0x241c6c70e04854c4),
+    CONST64(0x4b39dde4d596af9e), CONST64(0xeb592079f2cb9219), CONST64(0x28187860c05048e8), CONST64(0xfa5613458ae9bf70),
+    CONST64(0xc8b345f6f18d3e39), CONST64(0xcdb04afae9873724), CONST64(0x6c24b4903dd8fc51), CONST64(0x6020a0801dc0e07d),
+    CONST64(0xcbb240f2f98b3932), CONST64(0xab92e072e44bd94f), CONST64(0xf8a315b671ed4e89), CONST64(0x5dc0e7274eba7a13),
+    CONST64(0xcc44490d1a85c1d6), CONST64(0xa662f79537513391), CONST64(0x30105040806070b0), CONST64(0xc1b45eeac99f2b08),
+    CONST64(0x9184ae2a543fbbc5), CONST64(0xc54352112297d4e7), CONST64(0xa893e576ec4dde44), CONST64(0x5bc2ed2f5eb67405),
+    CONST64(0xde4a7f356aa1ebb4), CONST64(0xdabd73ce81a9145b), CONST64(0x8c8f89060c058a80), CONST64(0x772d99b475eec302),
+    CONST64(0xd9bc76ca89af1350), CONST64(0xb99cd64a946ff32d), CONST64(0xbe6adfb577610bc9), CONST64(0xc0405d1d3a9dddfa),
+    CONST64(0x4ccfd41b3698577a), CONST64(0xfba210b279eb4982), CONST64(0x9d80ba3a7427a7e9), CONST64(0xd14f6e2142bff093),
+    CONST64(0x211f637cf8425dd9), CONST64(0x43cac50f1e864c5d), CONST64(0xe3aa389239db71da), CONST64(0xc64257152a91d3ec),
+};
+
+static const ulong64 T2[256] = {
+    CONST64(0xd268bad36a01bbb9), CONST64(0x4d1954fc66b1e59a), CONST64(0xbc932f7114cde265), CONST64(0xcdb9749c1b512587),
+    CONST64(0x510253f557a4f7a2), CONST64(0x6bb8d368be03d0d6), CONST64(0x6fbdd26bb504d6de), CONST64(0x29644dd785feb352),
+    CONST64(0x5d0d50f04aadfdba), CONST64(0x8a26ace9e063cf09), CONST64(0x0e838d8a9684091c), CONST64(0xc679bfdc4d1aa591),
+    CONST64(0xddad7090374d3da7), CONST64(0x550752f65ca3f1aa), CONST64(0x52c89ab317e17ba4), CONST64(0x2d614cd48ef9b55a),
+    CONST64(0x8f65ea2320ac4603), CONST64(0x73a6d5628411c4e6), CONST64(0x66f197a468c255cc), CONST64(0x63b2d16ea80ddcc6),
+    CONST64(0xccff3355d099aa85), CONST64(0x590851f341aafbb2), CONST64(0x712a5bed0f9cc7e2), CONST64(0xa204a6f7ae55f359),
+    CONST64(0x5f81de7fc120febe), CONST64(0x3d7548d8a2e5ad7a), CONST64(0x9a32a8e5cc7fd729), CONST64(0x5ec799b60ae871bc),
+    CONST64(0x4b90db70e63be096), CONST64(0xc8fa3256db9eac8d), CONST64(0xe651b7c4152295d1), CONST64(0xd72bfc19aace32b3),
+    CONST64(0xab48e3387393704b), CONST64(0x42dc9ebf3bfd6384), CONST64(0x7eef91ae52d041fc), CONST64(0x56cd9bb01ce67dac),
+    CONST64(0xaf4de23b78947643), CONST64(0xd66dbbd06106bdb1), CONST64(0x195841c3f1da9b32), CONST64(0xa5cb6eb2e5177957),
+    CONST64(0xae0ba5f2b35cf941), CONST64(0x0bc0cb40564b8016), CONST64(0xb1da6bbdc20c677f), CONST64(0x6efb95a27ecc59dc),
+    CONST64(0xbe1fa1fe9f40e161), CONST64(0xeb18f308c3e310cb), CONST64(0xfe4fb1ce2f3081e1), CONST64(0x080a0206160e0c10),
+    CONST64(0x17dbcc49675e922e), CONST64(0x37f3c4513f66a26e), CONST64(0x74691d27cf534ee8), CONST64(0x5044143c9c6c78a0),
+    CONST64(0x2be8c3580e73b056), CONST64(0x91f263a59a34573f), CONST64(0x4f95da73ed3ce69e), CONST64(0x69345de7358ed3d2),
+    CONST64(0x613e5fe12380dfc2), CONST64(0x578bdc79d72ef2ae), CONST64(0xe9947d87486e13cf), CONST64(0x13decd4a6c599426),
+    CONST64(0xe19e7f815e601fdf), CONST64(0x752f5aee049bc1ea), CONST64(0xadc16cb4f3197547), CONST64(0x6d315ce43e89d5da),
+    CONST64(0xfb0cf704efff08eb), CONST64(0x98be266a47f2d42d), CONST64(0xdb24ff1cb7c738ab), CONST64(0x937eed2a11b9543b),
+    CONST64(0x876fe82536a24a13), CONST64(0x4ed39dba26f4699c), CONST64(0xa1ce6fb1ee107f5f), CONST64(0x028c8e8f8b8d0304),
+    CONST64(0x647d192be34f56c8), CONST64(0xba1aa0fd9447e769), CONST64(0xe717f00ddeea1ad3), CONST64(0x1e978986ba98113c),
+    CONST64(0x3c330f11692d2278), CONST64(0x1c1b070931151238), CONST64(0x8629afecfd6ac511), CONST64(0xcb30fb109bdb208b),
+    CONST64(0x2028081858383040), CONST64(0x5441153f976b7ea8), CONST64(0x34390d177f232e68), CONST64(0x1014040c2c1c1820),
+    CONST64(0x040501030b070608), CONST64(0x8de964acab214507), CONST64(0x5b84df7cca27f8b6), CONST64(0xc5b3769a0d5f2997),
+    CONST64(0xf980798b64720bef), CONST64(0x538edd7adc29f4a6), CONST64(0xf4c93d47b2b38ef5), CONST64(0x584e163a8a6274b0),
+    CONST64(0xfcc33f41a4bd82e5), CONST64(0xdceb3759fc85b2a5), CONST64(0xa9c46db7f81e734f), CONST64(0xe0d8384895a890dd),
+    CONST64(0xde67b9d67708b1a1), CONST64(0xd1a273952a4437bf), CONST64(0x836ae9263da54c1b), CONST64(0xd4e1355fea8bbeb5),
+    CONST64(0x491c55ff6db6e392), CONST64(0xd9a871933c4a3baf), CONST64(0xf18a7b8d727c07ff), CONST64(0x0a868c899d830f14),
+    CONST64(0xd5a77296214331b7), CONST64(0x1a928885b19f1734), CONST64(0xff09f607e4f80ee3), CONST64(0xa8822a7e33d6fc4d),
+    CONST64(0xf8c63e42afba84ed), CONST64(0x653b5ee22887d9ca), CONST64(0x9cbb27694cf5d225), CONST64(0x054346cac0cf890a),
+    CONST64(0x303c0c1474242860), CONST64(0x89ec65afa026430f), CONST64(0xbdd568b8df056d67), CONST64(0x99f861a38c3a5b2f),
+    CONST64(0x0c0f03051d090a18), CONST64(0x23e2c15e187dbc46), CONST64(0x411657f97bb8ef82), CONST64(0x7fa9d6679918cefe),
+    CONST64(0x439ad976f035ec86), CONST64(0x7d2558e81295cdfa), CONST64(0x479fd875fb32ea8e), CONST64(0x85e366aabd2f4917),
+    CONST64(0x7bacd764921fc8f6), CONST64(0xe8d23a4e83a69ccd), CONST64(0x07cfc8454b428a0e), CONST64(0xf0cc3c44b9b488fd),
+    CONST64(0xcf35fa1390dc2683), CONST64(0x62f496a763c553c4), CONST64(0xa601a7f4a552f551), CONST64(0x5ac298b501ef77b4),
+    CONST64(0x977bec291abe5233), CONST64(0xda62b8d57c0fb7a9), CONST64(0x3bfcc754226fa876), CONST64(0x822caeeff66dc319),
+    CONST64(0xb9d069bbd4026b6f), CONST64(0x317a4bddbfeca762), CONST64(0x963dabe0d176dd31), CONST64(0x9e37a9e6c778d121),
+    CONST64(0x81e667a9b6284f1f), CONST64(0x28220a1e4e363c50), CONST64(0x014647c9cbc88f02), CONST64(0xef1df20bc8e416c3),
+    CONST64(0xee5bb5c2032c99c1), CONST64(0x88aa22666beecc0d), CONST64(0xb356e5324981647b), CONST64(0x9f71ee2f0cb05e23),
+    CONST64(0xc27cbedf461da399), CONST64(0xac872b7d38d1fa45), CONST64(0x3ebf819ee2a0217c), CONST64(0x485a1236a67e6c90),
+    CONST64(0x36b58398f4ae2d6c), CONST64(0x6c771b2df5415ad8), CONST64(0x38360e12622a2470), CONST64(0x8caf236560e9ca05),
+    CONST64(0xf306f502f9f104fb), CONST64(0x094c45cfddc68312), CONST64(0x84a5216376e7c615), CONST64(0x1fd1ce4f71509e3e),
+    CONST64(0x397049dba9e2ab72), CONST64(0xb09c2c7409c4e87d), CONST64(0xc33af9168dd52c9b), CONST64(0xbf59e63754886e63),
+    CONST64(0xe254b6c71e2593d9), CONST64(0xa088287825d8f05d), CONST64(0x5c4b1739816572b8), CONST64(0x32b0829bffa92b64),
+    CONST64(0x68721a2efe465cd0), CONST64(0x169d8b80ac961d2c), CONST64(0xdf21fe1fbcc03ea3), CONST64(0x12988a83a7911b24),
+    CONST64(0x242d091b533f3648), CONST64(0x03cac94640458c06), CONST64(0x26a18794d8b2354c), CONST64(0x256b4ed298f7b94a),
+    CONST64(0xa342e13e659d7c5b), CONST64(0xb8962e721fcae46d), CONST64(0xb753e43142866273), CONST64(0xa747e03d6e9a7a53),
+    CONST64(0x8b60eb202bab400b), CONST64(0x7aea90ad59d747f4), CONST64(0xaa0ea4f1b85bff49), CONST64(0x78661e22d25a44f0),
+    CONST64(0x2eab8592cebc395c), CONST64(0x9dfd60a0873d5d27), CONST64(0x0000000000000000), CONST64(0x94b1256f5afbde35),
+    CONST64(0xf703f401f2f602f3), CONST64(0xe312f10ed5ed1cdb), CONST64(0x6afe94a175cb5fd4), CONST64(0x2c270b1d45313a58),
+    CONST64(0xbb5ce7345f8f686b), CONST64(0xc9bc759f1056238f), CONST64(0x9b74ef2c07b7582b), CONST64(0xd0e4345ce18cb8bd),
+    CONST64(0xc4f53153c697a695), CONST64(0x77a3d4618f16c2ee), CONST64(0x67b7d06da30adace), CONST64(0x22a48697d3b53344),
+    CONST64(0xe59b7e82556719d7), CONST64(0x8e23adeaeb64c901), CONST64(0xd32efd1aa1c934bb), CONST64(0xa48d297b2edff655),
+    CONST64(0xc0f03050cd90a09d), CONST64(0xecd73b4d88a19ac5), CONST64(0x46d99fbc30fa658c), CONST64(0xc73ff81586d22a93),
+    CONST64(0x3ff9c6572968ae7e), CONST64(0x4c5f1335ad796a98), CONST64(0x181e060a3a121430), CONST64(0x1411050f271b1e28),
+    CONST64(0x33f6c5523461a466), CONST64(0x44551133bb776688), CONST64(0xc1b6779906582f9f), CONST64(0xed917c84436915c7),
+    CONST64(0xf58f7a8e797b01f7), CONST64(0xfd8578886f750de7), CONST64(0xd8ee365af782b4ad), CONST64(0x706c1c24c45448e0),
+    CONST64(0xe4dd394b9eaf96d5), CONST64(0x792059eb1992cbf2), CONST64(0x60781828e84850c0), CONST64(0x451356fa70bfe98a),
+    CONST64(0xf645b3c8393e8df1), CONST64(0xfa4ab0cd243787e9), CONST64(0x90b4246c51fcd83d), CONST64(0x80a020607de0c01d),
+    CONST64(0xf240b2cb32398bf9), CONST64(0x72e092ab4fd94be4), CONST64(0xb615a3f8894eed71), CONST64(0x27e7c05d137aba4e),
+    CONST64(0x0d4944ccd6c1851a), CONST64(0x95f762a691335137), CONST64(0x40501030b0706080), CONST64(0xea5eb4c1082b9fc9),
+    CONST64(0x2aae8491c5bb3f54), CONST64(0x115243c5e7d49722), CONST64(0x76e593a844de4dec), CONST64(0x2fedc25b0574b65e),
+    CONST64(0x357f4adeb4eba16a), CONST64(0xce73bdda5b14a981), CONST64(0x06898f8c808a050c), CONST64(0xb4992d7702c3ee75),
+    CONST64(0xca76bcd95013af89), CONST64(0x4ad69cb92df36f94), CONST64(0xb5df6abec90b6177), CONST64(0x1d5d40c0fadd9d3a),
+    CONST64(0x1bd4cf4c7a579836), CONST64(0xb210a2fb8249eb79), CONST64(0x3aba809de9a72774), CONST64(0x216e4fd193f0bf42),
+    CONST64(0x7c631f21d95d42f8), CONST64(0x0fc5ca435d4c861e), CONST64(0x9238aae3da71db39), CONST64(0x155742c6ecd3912a),
+};
+
+static const ulong64 T3[256] = {
+    CONST64(0x68d2d3ba016ab9bb), CONST64(0x194dfc54b1669ae5), CONST64(0x93bc712fcd1465e2), CONST64(0xb9cd9c74511b8725),
+    CONST64(0x0251f553a457a2f7), CONST64(0xb86b68d303bed6d0), CONST64(0xbd6f6bd204b5ded6), CONST64(0x6429d74dfe8552b3),
+    CONST64(0x0d5df050ad4abafd), CONST64(0x268ae9ac63e009cf), CONST64(0x830e8a8d84961c09), CONST64(0x79c6dcbf1a4d91a5),
+    CONST64(0xaddd90704d37a73d), CONST64(0x0755f652a35caaf1), CONST64(0xc852b39ae117a47b), CONST64(0x612dd44cf98e5ab5),
+    CONST64(0x658f23eaac200346), CONST64(0xa67362d51184e6c4), CONST64(0xf166a497c268cc55), CONST64(0xb2636ed10da8c6dc),
+    CONST64(0xffcc553399d085aa), CONST64(0x0859f351aa41b2fb), CONST64(0x2a71ed5b9c0fe2c7), CONST64(0x04a2f7a655ae59f3),
+    CONST64(0x815f7fde20c1befe), CONST64(0x753dd848e5a27aad), CONST64(0x329ae5a87fcc29d7), CONST64(0xc75eb699e80abc71),
+    CONST64(0x904b70db3be696e0), CONST64(0xfac856329edb8dac), CONST64(0x51e6c4b72215d195), CONST64(0x2bd719fcceaab332),
+    CONST64(0x48ab38e393734b70), CONST64(0xdc42bf9efd3b8463), CONST64(0xef7eae91d052fc41), CONST64(0xcd56b09be61cac7d),
+    CONST64(0x4daf3be294784376), CONST64(0x6dd6d0bb0661b1bd), CONST64(0x5819c341daf1329b), CONST64(0xcba5b26e17e55779),
+    CONST64(0x0baef2a55cb341f9), CONST64(0xc00b40cb4b561680), CONST64(0xdab1bd6b0cc27f67), CONST64(0xfb6ea295cc7edc59),
+    CONST64(0x1fbefea1409f61e1), CONST64(0x18eb08f3e3c3cb10), CONST64(0x4ffeceb1302fe181), CONST64(0x0a0806020e16100c),
+    CONST64(0xdb1749cc5e672e92), CONST64(0xf33751c4663f6ea2), CONST64(0x6974271d53cfe84e), CONST64(0x44503c146c9ca078),
+    CONST64(0xe82b58c3730e56b0), CONST64(0xf291a563349a3f57), CONST64(0x954f73da3ced9ee6), CONST64(0x3469e75d8e35d2d3),
+    CONST64(0x3e61e15f8023c2df), CONST64(0x8b5779dc2ed7aef2), CONST64(0x94e9877d6e48cf13), CONST64(0xde134acd596c2694),
+    CONST64(0x9ee1817f605edf1f), CONST64(0x2f75ee5a9b04eac1), CONST64(0xc1adb46c19f34775), CONST64(0x316de45c893edad5),
+    CONST64(0x0cfb04f7ffefeb08), CONST64(0xbe986a26f2472dd4), CONST64(0x24db1cffc7b7ab38), CONST64(0x7e932aedb9113b54),
+    CONST64(0x6f8725e8a236134a), CONST64(0xd34eba9df4269c69), CONST64(0xcea1b16f10ee5f7f), CONST64(0x8c028f8e8d8b0403),
+    CONST64(0x7d642b194fe3c856), CONST64(0x1abafda0479469e7), CONST64(0x17e70df0eaded31a), CONST64(0x971e868998ba3c11),
+    CONST64(0x333c110f2d697822), CONST64(0x1b1c090715313812), CONST64(0x2986ecaf6afd11c5), CONST64(0x30cb10fbdb9b8b20),
+    CONST64(0x2820180838584030), CONST64(0x41543f156b97a87e), CONST64(0x3934170d237f682e), CONST64(0x14100c041c2c2018),
+    CONST64(0x05040301070b0806), CONST64(0xe98dac6421ab0745), CONST64(0x845b7cdf27cab6f8), CONST64(0xb3c59a765f0d9729),
+    CONST64(0x80f98b797264ef0b), CONST64(0x8e537add29dca6f4), CONST64(0xc9f4473db3b2f58e), CONST64(0x4e583a16628ab074),
+    CONST64(0xc3fc413fbda4e582), CONST64(0xebdc593785fca5b2), CONST64(0xc4a9b76d1ef84f73), CONST64(0xd8e04838a895dd90),
+    CONST64(0x67ded6b90877a1b1), CONST64(0xa2d19573442abf37), CONST64(0x6a8326e9a53d1b4c), CONST64(0xe1d45f358beab5be),
+    CONST64(0x1c49ff55b66d92e3), CONST64(0xa8d993714a3caf3b), CONST64(0x8af18d7b7c72ff07), CONST64(0x860a898c839d140f),
+    CONST64(0xa7d596724321b731), CONST64(0x921a85889fb13417), CONST64(0x09ff07f6f8e4e30e), CONST64(0x82a87e2ad6334dfc),
+    CONST64(0xc6f8423ebaafed84), CONST64(0x3b65e25e8728cad9), CONST64(0xbb9c6927f54c25d2), CONST64(0x4305ca46cfc00a89),
+    CONST64(0x3c30140c24746028), CONST64(0xec89af6526a00f43), CONST64(0xd5bdb86805df676d), CONST64(0xf899a3613a8c2f5b),
+    CONST64(0x0f0c0503091d180a), CONST64(0xe2235ec17d1846bc), CONST64(0x1641f957b87b82ef), CONST64(0xa97f67d61899fece),
+    CONST64(0x9a4376d935f086ec), CONST64(0x257de8589512facd), CONST64(0x9f4775d832fb8eea), CONST64(0xe385aa662fbd1749),
+    CONST64(0xac7b64d71f92f6c8), CONST64(0xd2e84e3aa683cd9c), CONST64(0xcf0745c8424b0e8a), CONST64(0xccf0443cb4b9fd88),
+    CONST64(0x35cf13fadc908326), CONST64(0xf462a796c563c453), CONST64(0x01a6f4a752a551f5), CONST64(0xc25ab598ef01b477),
+    CONST64(0x7b9729ecbe1a3352), CONST64(0x62dad5b80f7ca9b7), CONST64(0xfc3b54c76f2276a8), CONST64(0x2c82efae6df619c3),
+    CONST64(0xd0b9bb6902d46f6b), CONST64(0x7a31dd4becbf62a7), CONST64(0x3d96e0ab76d131dd), CONST64(0x379ee6a978c721d1),
+    CONST64(0xe681a96728b61f4f), CONST64(0x22281e0a364e503c), CONST64(0x4601c947c8cb028f), CONST64(0x1def0bf2e4c8c316),
+    CONST64(0x5beec2b52c03c199), CONST64(0xaa886622ee6b0dcc), CONST64(0x56b332e581497b64), CONST64(0x719f2feeb00c235e),
+    CONST64(0x7cc2dfbe1d4699a3), CONST64(0x87ac7d2bd13845fa), CONST64(0xbf3e9e81a0e27c21), CONST64(0x5a4836127ea6906c),
+    CONST64(0xb5369883aef46c2d), CONST64(0x776c2d1b41f5d85a), CONST64(0x3638120e2a627024), CONST64(0xaf8c6523e96005ca),
+    CONST64(0x06f302f5f1f9fb04), CONST64(0x4c09cf45c6dd1283), CONST64(0xa5846321e77615c6), CONST64(0xd11f4fce50713e9e),
+    CONST64(0x7039db49e2a972ab), CONST64(0x9cb0742cc4097de8), CONST64(0x3ac316f9d58d9b2c), CONST64(0x59bf37e68854636e),
+    CONST64(0x54e2c7b6251ed993), CONST64(0x88a07828d8255df0), CONST64(0x4b5c39176581b872), CONST64(0xb0329b82a9ff642b),
+    CONST64(0x72682e1a46fed05c), CONST64(0x9d16808b96ac2c1d), CONST64(0x21df1ffec0bca33e), CONST64(0x9812838a91a7241b),
+    CONST64(0x2d241b093f534836), CONST64(0xca0346c94540068c), CONST64(0xa1269487b2d84c35), CONST64(0x6b25d24ef7984ab9),
+    CONST64(0x42a33ee19d655b7c), CONST64(0x96b8722eca1f6de4), CONST64(0x53b731e486427362), CONST64(0x47a73de09a6e537a),
+    CONST64(0x608b20ebab2b0b40), CONST64(0xea7aad90d759f447), CONST64(0x0eaaf1a45bb849ff), CONST64(0x6678221e5ad2f044),
+    CONST64(0xab2e9285bcce5c39), CONST64(0xfd9da0603d87275d), CONST64(0x0000000000000000), CONST64(0xb1946f25fb5a35de),
+    CONST64(0x03f701f4f6f2f302), CONST64(0x12e30ef1edd5db1c), CONST64(0xfe6aa194cb75d45f), CONST64(0x272c1d0b3145583a),
+    CONST64(0x5cbb34e78f5f6b68), CONST64(0xbcc99f7556108f23), CONST64(0x749b2cefb7072b58), CONST64(0xe4d05c348ce1bdb8),
+    CONST64(0xf5c4533197c695a6), CONST64(0xa37761d4168feec2), CONST64(0xb7676dd00aa3ceda), CONST64(0xa4229786b5d34433),
+    CONST64(0x9be5827e6755d719), CONST64(0x238eeaad64eb01c9), CONST64(0x2ed31afdc9a1bb34), CONST64(0x8da47b29df2e55f6),
+    CONST64(0xf0c0503090cd9da0), CONST64(0xd7ec4d3ba188c59a), CONST64(0xd946bc9ffa308c65), CONST64(0x3fc715f8d286932a),
+    CONST64(0xf93f57c668297eae), CONST64(0x5f4c351379ad986a), CONST64(0x1e180a06123a3014), CONST64(0x11140f051b27281e),
+    CONST64(0xf63352c5613466a4), CONST64(0x5544331177bb8866), CONST64(0xb6c1997758069f2f), CONST64(0x91ed847c6943c715),
+    CONST64(0x8ff58e7a7b79f701), CONST64(0x85fd8878756fe70d), CONST64(0xeed85a3682f7adb4), CONST64(0x6c70241c54c4e048),
+    CONST64(0xdde44b39af9ed596), CONST64(0x2079eb599219f2cb), CONST64(0x7860281848e8c050), CONST64(0x1345fa56bf708ae9),
+    CONST64(0x45f6c8b33e39f18d), CONST64(0x4afacdb03724e987), CONST64(0xb4906c24fc513dd8), CONST64(0xa0806020e07d1dc0),
+    CONST64(0x40f2cbb23932f98b), CONST64(0xe072ab92d94fe44b), CONST64(0x15b6f8a34e8971ed), CONST64(0xe7275dc07a134eba),
+    CONST64(0x490dcc44c1d61a85), CONST64(0xf795a66233913751), CONST64(0x5040301070b08060), CONST64(0x5eeac1b42b08c99f),
+    CONST64(0xae2a9184bbc5543f), CONST64(0x5211c543d4e72297), CONST64(0xe576a893de44ec4d), CONST64(0xed2f5bc274055eb6),
+    CONST64(0x7f35de4aebb46aa1), CONST64(0x73cedabd145b81a9), CONST64(0x89068c8f8a800c05), CONST64(0x99b4772dc30275ee),
+    CONST64(0x76cad9bc135089af), CONST64(0xd64ab99cf32d946f), CONST64(0xdfb5be6a0bc97761), CONST64(0x5d1dc040ddfa3a9d),
+    CONST64(0xd41b4ccf577a3698), CONST64(0x10b2fba2498279eb), CONST64(0xba3a9d80a7e97427), CONST64(0x6e21d14ff09342bf),
+    CONST64(0x637c211f5dd9f842), CONST64(0xc50f43ca4c5d1e86), CONST64(0x3892e3aa71da39db), CONST64(0x5715c642d3ec2a91),
+};
+
+static const ulong64 T4[256] = {
+    CONST64(0xbbb96a01bad3d268), CONST64(0xe59a66b154fc4d19), CONST64(0xe26514cd2f71bc93), CONST64(0x25871b51749ccdb9),
+    CONST64(0xf7a257a453f55102), CONST64(0xd0d6be03d3686bb8), CONST64(0xd6deb504d26b6fbd), CONST64(0xb35285fe4dd72964),
+    CONST64(0xfdba4aad50f05d0d), CONST64(0xcf09e063ace98a26), CONST64(0x091c96848d8a0e83), CONST64(0xa5914d1abfdcc679),
+    CONST64(0x3da7374d7090ddad), CONST64(0xf1aa5ca352f65507), CONST64(0x7ba417e19ab352c8), CONST64(0xb55a8ef94cd42d61),
+    CONST64(0x460320acea238f65), CONST64(0xc4e68411d56273a6), CONST64(0x55cc68c297a466f1), CONST64(0xdcc6a80dd16e63b2),
+    CONST64(0xaa85d0993355ccff), CONST64(0xfbb241aa51f35908), CONST64(0xc7e20f9c5bed712a), CONST64(0xf359ae55a6f7a204),
+    CONST64(0xfebec120de7f5f81), CONST64(0xad7aa2e548d83d75), CONST64(0xd729cc7fa8e59a32), CONST64(0x71bc0ae899b65ec7),
+    CONST64(0xe096e63bdb704b90), CONST64(0xac8ddb9e3256c8fa), CONST64(0x95d11522b7c4e651), CONST64(0x32b3aacefc19d72b),
+    CONST64(0x704b7393e338ab48), CONST64(0x63843bfd9ebf42dc), CONST64(0x41fc52d091ae7eef), CONST64(0x7dac1ce69bb056cd),
+    CONST64(0x76437894e23baf4d), CONST64(0xbdb16106bbd0d66d), CONST64(0x9b32f1da41c31958), CONST64(0x7957e5176eb2a5cb),
+    CONST64(0xf941b35ca5f2ae0b), CONST64(0x8016564bcb400bc0), CONST64(0x677fc20c6bbdb1da), CONST64(0x59dc7ecc95a26efb),
+    CONST64(0xe1619f40a1febe1f), CONST64(0x10cbc3e3f308eb18), CONST64(0x81e12f30b1cefe4f), CONST64(0x0c10160e0206080a),
+    CONST64(0x922e675ecc4917db), CONST64(0xa26e3f66c45137f3), CONST64(0x4ee8cf531d277469), CONST64(0x78a09c6c143c5044),
+    CONST64(0xb0560e73c3582be8), CONST64(0x573f9a3463a591f2), CONST64(0xe69eed3cda734f95), CONST64(0xd3d2358e5de76934),
+    CONST64(0xdfc223805fe1613e), CONST64(0xf2aed72edc79578b), CONST64(0x13cf486e7d87e994), CONST64(0x94266c59cd4a13de),
+    CONST64(0x1fdf5e607f81e19e), CONST64(0xc1ea049b5aee752f), CONST64(0x7547f3196cb4adc1), CONST64(0xd5da3e895ce46d31),
+    CONST64(0x08ebeffff704fb0c), CONST64(0xd42d47f2266a98be), CONST64(0x38abb7c7ff1cdb24), CONST64(0x543b11b9ed2a937e),
+    CONST64(0x4a1336a2e825876f), CONST64(0x699c26f49dba4ed3), CONST64(0x7f5fee106fb1a1ce), CONST64(0x03048b8d8e8f028c),
+    CONST64(0x56c8e34f192b647d), CONST64(0xe7699447a0fdba1a), CONST64(0x1ad3deeaf00de717), CONST64(0x113cba9889861e97),
+    CONST64(0x2278692d0f113c33), CONST64(0x1238311507091c1b), CONST64(0xc511fd6aafec8629), CONST64(0x208b9bdbfb10cb30),
+    CONST64(0x3040583808182028), CONST64(0x7ea8976b153f5441), CONST64(0x2e687f230d173439), CONST64(0x18202c1c040c1014),
+    CONST64(0x06080b0701030405), CONST64(0x4507ab2164ac8de9), CONST64(0xf8b6ca27df7c5b84), CONST64(0x29970d5f769ac5b3),
+    CONST64(0x0bef6472798bf980), CONST64(0xf4a6dc29dd7a538e), CONST64(0x8ef5b2b33d47f4c9), CONST64(0x74b08a62163a584e),
+    CONST64(0x82e5a4bd3f41fcc3), CONST64(0xb2a5fc853759dceb), CONST64(0x734ff81e6db7a9c4), CONST64(0x90dd95a83848e0d8),
+    CONST64(0xb1a17708b9d6de67), CONST64(0x37bf2a447395d1a2), CONST64(0x4c1b3da5e926836a), CONST64(0xbeb5ea8b355fd4e1),
+    CONST64(0xe3926db655ff491c), CONST64(0x3baf3c4a7193d9a8), CONST64(0x07ff727c7b8df18a), CONST64(0x0f149d838c890a86),
+    CONST64(0x31b721437296d5a7), CONST64(0x1734b19f88851a92), CONST64(0x0ee3e4f8f607ff09), CONST64(0xfc4d33d62a7ea882),
+    CONST64(0x84edafba3e42f8c6), CONST64(0xd9ca28875ee2653b), CONST64(0xd2254cf527699cbb), CONST64(0x890ac0cf46ca0543),
+    CONST64(0x286074240c14303c), CONST64(0x430fa02665af89ec), CONST64(0x6d67df0568b8bdd5), CONST64(0x5b2f8c3a61a399f8),
+    CONST64(0x0a181d0903050c0f), CONST64(0xbc46187dc15e23e2), CONST64(0xef827bb857f94116), CONST64(0xcefe9918d6677fa9),
+    CONST64(0xec86f035d976439a), CONST64(0xcdfa129558e87d25), CONST64(0xea8efb32d875479f), CONST64(0x4917bd2f66aa85e3),
+    CONST64(0xc8f6921fd7647bac), CONST64(0x9ccd83a63a4ee8d2), CONST64(0x8a0e4b42c84507cf), CONST64(0x88fdb9b43c44f0cc),
+    CONST64(0x268390dcfa13cf35), CONST64(0x53c463c596a762f4), CONST64(0xf551a552a7f4a601), CONST64(0x77b401ef98b55ac2),
+    CONST64(0x52331abeec29977b), CONST64(0xb7a97c0fb8d5da62), CONST64(0xa876226fc7543bfc), CONST64(0xc319f66daeef822c),
+    CONST64(0x6b6fd40269bbb9d0), CONST64(0xa762bfec4bdd317a), CONST64(0xdd31d176abe0963d), CONST64(0xd121c778a9e69e37),
+    CONST64(0x4f1fb62867a981e6), CONST64(0x3c504e360a1e2822), CONST64(0x8f02cbc847c90146), CONST64(0x16c3c8e4f20bef1d),
+    CONST64(0x99c1032cb5c2ee5b), CONST64(0xcc0d6bee226688aa), CONST64(0x647b4981e532b356), CONST64(0x5e230cb0ee2f9f71),
+    CONST64(0xa399461dbedfc27c), CONST64(0xfa4538d12b7dac87), CONST64(0x217ce2a0819e3ebf), CONST64(0x6c90a67e1236485a),
+    CONST64(0x2d6cf4ae839836b5), CONST64(0x5ad8f5411b2d6c77), CONST64(0x2470622a0e123836), CONST64(0xca0560e923658caf),
+    CONST64(0x04fbf9f1f502f306), CONST64(0x8312ddc645cf094c), CONST64(0xc61576e7216384a5), CONST64(0x9e3e7150ce4f1fd1),
+    CONST64(0xab72a9e249db3970), CONST64(0xe87d09c42c74b09c), CONST64(0x2c9b8dd5f916c33a), CONST64(0x6e635488e637bf59),
+    CONST64(0x93d91e25b6c7e254), CONST64(0xf05d25d82878a088), CONST64(0x72b8816517395c4b), CONST64(0x2b64ffa9829b32b0),
+    CONST64(0x5cd0fe461a2e6872), CONST64(0x1d2cac968b80169d), CONST64(0x3ea3bcc0fe1fdf21), CONST64(0x1b24a7918a831298),
+    CONST64(0x3648533f091b242d), CONST64(0x8c064045c94603ca), CONST64(0x354cd8b2879426a1), CONST64(0xb94a98f74ed2256b),
+    CONST64(0x7c5b659de13ea342), CONST64(0xe46d1fca2e72b896), CONST64(0x62734286e431b753), CONST64(0x7a536e9ae03da747),
+    CONST64(0x400b2babeb208b60), CONST64(0x47f459d790ad7aea), CONST64(0xff49b85ba4f1aa0e), CONST64(0x44f0d25a1e227866),
+    CONST64(0x395ccebc85922eab), CONST64(0x5d27873d60a09dfd), CONST64(0x0000000000000000), CONST64(0xde355afb256f94b1),
+    CONST64(0x02f3f2f6f401f703), CONST64(0x1cdbd5edf10ee312), CONST64(0x5fd475cb94a16afe), CONST64(0x3a5845310b1d2c27),
+    CONST64(0x686b5f8fe734bb5c), CONST64(0x238f1056759fc9bc), CONST64(0x582b07b7ef2c9b74), CONST64(0xb8bde18c345cd0e4),
+    CONST64(0xa695c6973153c4f5), CONST64(0xc2ee8f16d46177a3), CONST64(0xdacea30ad06d67b7), CONST64(0x3344d3b5869722a4),
+    CONST64(0x19d755677e82e59b), CONST64(0xc901eb64adea8e23), CONST64(0x34bba1c9fd1ad32e), CONST64(0xf6552edf297ba48d),
+    CONST64(0xa09dcd903050c0f0), CONST64(0x9ac588a13b4decd7), CONST64(0x658c30fa9fbc46d9), CONST64(0x2a9386d2f815c73f),
+    CONST64(0xae7e2968c6573ff9), CONST64(0x6a98ad7913354c5f), CONST64(0x14303a12060a181e), CONST64(0x1e28271b050f1411),
+    CONST64(0xa4663461c55233f6), CONST64(0x6688bb7711334455), CONST64(0x2f9f06587799c1b6), CONST64(0x15c743697c84ed91),
+    CONST64(0x01f7797b7a8ef58f), CONST64(0x0de76f757888fd85), CONST64(0xb4adf782365ad8ee), CONST64(0x48e0c4541c24706c),
+    CONST64(0x96d59eaf394be4dd), CONST64(0xcbf2199259eb7920), CONST64(0x50c0e84818286078), CONST64(0xe98a70bf56fa4513),
+    CONST64(0x8df1393eb3c8f645), CONST64(0x87e92437b0cdfa4a), CONST64(0xd83d51fc246c90b4), CONST64(0xc01d7de0206080a0),
+    CONST64(0x8bf93239b2cbf240), CONST64(0x4be44fd992ab72e0), CONST64(0xed71894ea3f8b615), CONST64(0xba4e137ac05d27e7),
+    CONST64(0x851ad6c144cc0d49), CONST64(0x5137913362a695f7), CONST64(0x6080b07010304050), CONST64(0x9fc9082bb4c1ea5e),
+    CONST64(0x3f54c5bb84912aae), CONST64(0x9722e7d443c51152), CONST64(0x4dec44de93a876e5), CONST64(0xb65e0574c25b2fed),
+    CONST64(0xa16ab4eb4ade357f), CONST64(0xa9815b14bddace73), CONST64(0x050c808a8f8c0689), CONST64(0xee7502c32d77b499),
+    CONST64(0xaf895013bcd9ca76), CONST64(0x6f942df39cb94ad6), CONST64(0x6177c90b6abeb5df), CONST64(0x9d3afadd40c01d5d),
+    CONST64(0x98367a57cf4c1bd4), CONST64(0xeb798249a2fbb210), CONST64(0x2774e9a7809d3aba), CONST64(0xbf4293f04fd1216e),
+    CONST64(0x42f8d95d1f217c63), CONST64(0x861e5d4cca430fc5), CONST64(0xdb39da71aae39238), CONST64(0x912aecd342c61557),
+};
+
+static const ulong64 T5[256] = {
+    CONST64(0xb9bb016ad3ba68d2), CONST64(0x9ae5b166fc54194d), CONST64(0x65e2cd14712f93bc), CONST64(0x8725511b9c74b9cd),
+    CONST64(0xa2f7a457f5530251), CONST64(0xd6d003be68d3b86b), CONST64(0xded604b56bd2bd6f), CONST64(0x52b3fe85d74d6429),
+    CONST64(0xbafdad4af0500d5d), CONST64(0x09cf63e0e9ac268a), CONST64(0x1c0984968a8d830e), CONST64(0x91a51a4ddcbf79c6),
+    CONST64(0xa73d4d379070addd), CONST64(0xaaf1a35cf6520755), CONST64(0xa47be117b39ac852), CONST64(0x5ab5f98ed44c612d),
+    CONST64(0x0346ac2023ea658f), CONST64(0xe6c4118462d5a673), CONST64(0xcc55c268a497f166), CONST64(0xc6dc0da86ed1b263),
+    CONST64(0x85aa99d05533ffcc), CONST64(0xb2fbaa41f3510859), CONST64(0xe2c79c0fed5b2a71), CONST64(0x59f355aef7a604a2),
+    CONST64(0xbefe20c17fde815f), CONST64(0x7aade5a2d848753d), CONST64(0x29d77fcce5a8329a), CONST64(0xbc71e80ab699c75e),
+    CONST64(0x96e03be670db904b), CONST64(0x8dac9edb5632fac8), CONST64(0xd1952215c4b751e6), CONST64(0xb332ceaa19fc2bd7),
+    CONST64(0x4b70937338e348ab), CONST64(0x8463fd3bbf9edc42), CONST64(0xfc41d052ae91ef7e), CONST64(0xac7de61cb09bcd56),
+    CONST64(0x437694783be24daf), CONST64(0xb1bd0661d0bb6dd6), CONST64(0x329bdaf1c3415819), CONST64(0x577917e5b26ecba5),
+    CONST64(0x41f95cb3f2a50bae), CONST64(0x16804b5640cbc00b), CONST64(0x7f670cc2bd6bdab1), CONST64(0xdc59cc7ea295fb6e),
+    CONST64(0x61e1409ffea11fbe), CONST64(0xcb10e3c308f318eb), CONST64(0xe181302fceb14ffe), CONST64(0x100c0e1606020a08),
+    CONST64(0x2e925e6749ccdb17), CONST64(0x6ea2663f51c4f337), CONST64(0xe84e53cf271d6974), CONST64(0xa0786c9c3c144450),
+    CONST64(0x56b0730e58c3e82b), CONST64(0x3f57349aa563f291), CONST64(0x9ee63ced73da954f), CONST64(0xd2d38e35e75d3469),
+    CONST64(0xc2df8023e15f3e61), CONST64(0xaef22ed779dc8b57), CONST64(0xcf136e48877d94e9), CONST64(0x2694596c4acdde13),
+    CONST64(0xdf1f605e817f9ee1), CONST64(0xeac19b04ee5a2f75), CONST64(0x477519f3b46cc1ad), CONST64(0xdad5893ee45c316d),
+    CONST64(0xeb08ffef04f70cfb), CONST64(0x2dd4f2476a26be98), CONST64(0xab38c7b71cff24db), CONST64(0x3b54b9112aed7e93),
+    CONST64(0x134aa23625e86f87), CONST64(0x9c69f426ba9dd34e), CONST64(0x5f7f10eeb16fcea1), CONST64(0x04038d8b8f8e8c02),
+    CONST64(0xc8564fe32b197d64), CONST64(0x69e74794fda01aba), CONST64(0xd31aeade0df017e7), CONST64(0x3c1198ba8689971e),
+    CONST64(0x78222d69110f333c), CONST64(0x3812153109071b1c), CONST64(0x11c56afdecaf2986), CONST64(0x8b20db9b10fb30cb),
+    CONST64(0x4030385818082820), CONST64(0xa87e6b973f154154), CONST64(0x682e237f170d3934), CONST64(0x20181c2c0c041410),
+    CONST64(0x0806070b03010504), CONST64(0x074521abac64e98d), CONST64(0xb6f827ca7cdf845b), CONST64(0x97295f0d9a76b3c5),
+    CONST64(0xef0b72648b7980f9), CONST64(0xa6f429dc7add8e53), CONST64(0xf58eb3b2473dc9f4), CONST64(0xb074628a3a164e58),
+    CONST64(0xe582bda4413fc3fc), CONST64(0xa5b285fc5937ebdc), CONST64(0x4f731ef8b76dc4a9), CONST64(0xdd90a8954838d8e0),
+    CONST64(0xa1b10877d6b967de), CONST64(0xbf37442a9573a2d1), CONST64(0x1b4ca53d26e96a83), CONST64(0xb5be8bea5f35e1d4),
+    CONST64(0x92e3b66dff551c49), CONST64(0xaf3b4a3c9371a8d9), CONST64(0xff077c728d7b8af1), CONST64(0x140f839d898c860a),
+    CONST64(0xb73143219672a7d5), CONST64(0x34179fb18588921a), CONST64(0xe30ef8e407f609ff), CONST64(0x4dfcd6337e2a82a8),
+    CONST64(0xed84baaf423ec6f8), CONST64(0xcad98728e25e3b65), CONST64(0x25d2f54c6927bb9c), CONST64(0x0a89cfc0ca464305),
+    CONST64(0x60282474140c3c30), CONST64(0x0f4326a0af65ec89), CONST64(0x676d05dfb868d5bd), CONST64(0x2f5b3a8ca361f899),
+    CONST64(0x180a091d05030f0c), CONST64(0x46bc7d185ec1e223), CONST64(0x82efb87bf9571641), CONST64(0xfece189967d6a97f),
+    CONST64(0x86ec35f076d99a43), CONST64(0xfacd9512e858257d), CONST64(0x8eea32fb75d89f47), CONST64(0x17492fbdaa66e385),
+    CONST64(0xf6c81f9264d7ac7b), CONST64(0xcd9ca6834e3ad2e8), CONST64(0x0e8a424b45c8cf07), CONST64(0xfd88b4b9443cccf0),
+    CONST64(0x8326dc9013fa35cf), CONST64(0xc453c563a796f462), CONST64(0x51f552a5f4a701a6), CONST64(0xb477ef01b598c25a),
+    CONST64(0x3352be1a29ec7b97), CONST64(0xa9b70f7cd5b862da), CONST64(0x76a86f2254c7fc3b), CONST64(0x19c36df6efae2c82),
+    CONST64(0x6f6b02d4bb69d0b9), CONST64(0x62a7ecbfdd4b7a31), CONST64(0x31dd76d1e0ab3d96), CONST64(0x21d178c7e6a9379e),
+    CONST64(0x1f4f28b6a967e681), CONST64(0x503c364e1e0a2228), CONST64(0x028fc8cbc9474601), CONST64(0xc316e4c80bf21def),
+    CONST64(0xc1992c03c2b55bee), CONST64(0x0dccee6b6622aa88), CONST64(0x7b64814932e556b3), CONST64(0x235eb00c2fee719f),
+    CONST64(0x99a31d46dfbe7cc2), CONST64(0x45fad1387d2b87ac), CONST64(0x7c21a0e29e81bf3e), CONST64(0x906c7ea636125a48),
+    CONST64(0x6c2daef49883b536), CONST64(0xd85a41f52d1b776c), CONST64(0x70242a62120e3638), CONST64(0x05cae9606523af8c),
+    CONST64(0xfb04f1f902f506f3), CONST64(0x1283c6ddcf454c09), CONST64(0x15c6e7766321a584), CONST64(0x3e9e50714fced11f),
+    CONST64(0x72abe2a9db497039), CONST64(0x7de8c409742c9cb0), CONST64(0x9b2cd58d16f93ac3), CONST64(0x636e885437e659bf),
+    CONST64(0xd993251ec7b654e2), CONST64(0x5df0d825782888a0), CONST64(0xb872658139174b5c), CONST64(0x642ba9ff9b82b032),
+    CONST64(0xd05c46fe2e1a7268), CONST64(0x2c1d96ac808b9d16), CONST64(0xa33ec0bc1ffe21df), CONST64(0x241b91a7838a9812),
+    CONST64(0x48363f531b092d24), CONST64(0x068c454046c9ca03), CONST64(0x4c35b2d89487a126), CONST64(0x4ab9f798d24e6b25),
+    CONST64(0x5b7c9d653ee142a3), CONST64(0x6de4ca1f722e96b8), CONST64(0x7362864231e453b7), CONST64(0x537a9a6e3de047a7),
+    CONST64(0x0b40ab2b20eb608b), CONST64(0xf447d759ad90ea7a), CONST64(0x49ff5bb8f1a40eaa), CONST64(0xf0445ad2221e6678),
+    CONST64(0x5c39bcce9285ab2e), CONST64(0x275d3d87a060fd9d), CONST64(0x0000000000000000), CONST64(0x35defb5a6f25b194),
+    CONST64(0xf302f6f201f403f7), CONST64(0xdb1cedd50ef112e3), CONST64(0xd45fcb75a194fe6a), CONST64(0x583a31451d0b272c),
+    CONST64(0x6b688f5f34e75cbb), CONST64(0x8f2356109f75bcc9), CONST64(0x2b58b7072cef749b), CONST64(0xbdb88ce15c34e4d0),
+    CONST64(0x95a697c65331f5c4), CONST64(0xeec2168f61d4a377), CONST64(0xceda0aa36dd0b767), CONST64(0x4433b5d39786a422),
+    CONST64(0xd7196755827e9be5), CONST64(0x01c964ebeaad238e), CONST64(0xbb34c9a11afd2ed3), CONST64(0x55f6df2e7b298da4),
+    CONST64(0x9da090cd5030f0c0), CONST64(0xc59aa1884d3bd7ec), CONST64(0x8c65fa30bc9fd946), CONST64(0x932ad28615f83fc7),
+    CONST64(0x7eae682957c6f93f), CONST64(0x986a79ad35135f4c), CONST64(0x3014123a0a061e18), CONST64(0x281e1b270f051114),
+    CONST64(0x66a4613452c5f633), CONST64(0x886677bb33115544), CONST64(0x9f2f58069977b6c1), CONST64(0xc7156943847c91ed),
+    CONST64(0xf7017b798e7a8ff5), CONST64(0xe70d756f887885fd), CONST64(0xadb482f75a36eed8), CONST64(0xe04854c4241c6c70),
+    CONST64(0xd596af9e4b39dde4), CONST64(0xf2cb9219eb592079), CONST64(0xc05048e828187860), CONST64(0x8ae9bf70fa561345),
+    CONST64(0xf18d3e39c8b345f6), CONST64(0xe9873724cdb04afa), CONST64(0x3dd8fc516c24b490), CONST64(0x1dc0e07d6020a080),
+    CONST64(0xf98b3932cbb240f2), CONST64(0xe44bd94fab92e072), CONST64(0x71ed4e89f8a315b6), CONST64(0x4eba7a135dc0e727),
+    CONST64(0x1a85c1d6cc44490d), CONST64(0x37513391a662f795), CONST64(0x806070b030105040), CONST64(0xc99f2b08c1b45eea),
+    CONST64(0x543fbbc59184ae2a), CONST64(0x2297d4e7c5435211), CONST64(0xec4dde44a893e576), CONST64(0x5eb674055bc2ed2f),
+    CONST64(0x6aa1ebb4de4a7f35), CONST64(0x81a9145bdabd73ce), CONST64(0x0c058a808c8f8906), CONST64(0x75eec302772d99b4),
+    CONST64(0x89af1350d9bc76ca), CONST64(0x946ff32db99cd64a), CONST64(0x77610bc9be6adfb5), CONST64(0x3a9dddfac0405d1d),
+    CONST64(0x3698577a4ccfd41b), CONST64(0x79eb4982fba210b2), CONST64(0x7427a7e99d80ba3a), CONST64(0x42bff093d14f6e21),
+    CONST64(0xf8425dd9211f637c), CONST64(0x1e864c5d43cac50f), CONST64(0x39db71dae3aa3892), CONST64(0x2a91d3ecc6425715),
+};
+
+static const ulong64 T6[256] = {
+    CONST64(0x6a01bbb9d268bad3), CONST64(0x66b1e59a4d1954fc), CONST64(0x14cde265bc932f71), CONST64(0x1b512587cdb9749c),
+    CONST64(0x57a4f7a2510253f5), CONST64(0xbe03d0d66bb8d368), CONST64(0xb504d6de6fbdd26b), CONST64(0x85feb35229644dd7),
+    CONST64(0x4aadfdba5d0d50f0), CONST64(0xe063cf098a26ace9), CONST64(0x9684091c0e838d8a), CONST64(0x4d1aa591c679bfdc),
+    CONST64(0x374d3da7ddad7090), CONST64(0x5ca3f1aa550752f6), CONST64(0x17e17ba452c89ab3), CONST64(0x8ef9b55a2d614cd4),
+    CONST64(0x20ac46038f65ea23), CONST64(0x8411c4e673a6d562), CONST64(0x68c255cc66f197a4), CONST64(0xa80ddcc663b2d16e),
+    CONST64(0xd099aa85ccff3355), CONST64(0x41aafbb2590851f3), CONST64(0x0f9cc7e2712a5bed), CONST64(0xae55f359a204a6f7),
+    CONST64(0xc120febe5f81de7f), CONST64(0xa2e5ad7a3d7548d8), CONST64(0xcc7fd7299a32a8e5), CONST64(0x0ae871bc5ec799b6),
+    CONST64(0xe63be0964b90db70), CONST64(0xdb9eac8dc8fa3256), CONST64(0x152295d1e651b7c4), CONST64(0xaace32b3d72bfc19),
+    CONST64(0x7393704bab48e338), CONST64(0x3bfd638442dc9ebf), CONST64(0x52d041fc7eef91ae), CONST64(0x1ce67dac56cd9bb0),
+    CONST64(0x78947643af4de23b), CONST64(0x6106bdb1d66dbbd0), CONST64(0xf1da9b32195841c3), CONST64(0xe5177957a5cb6eb2),
+    CONST64(0xb35cf941ae0ba5f2), CONST64(0x564b80160bc0cb40), CONST64(0xc20c677fb1da6bbd), CONST64(0x7ecc59dc6efb95a2),
+    CONST64(0x9f40e161be1fa1fe), CONST64(0xc3e310cbeb18f308), CONST64(0x2f3081e1fe4fb1ce), CONST64(0x160e0c10080a0206),
+    CONST64(0x675e922e17dbcc49), CONST64(0x3f66a26e37f3c451), CONST64(0xcf534ee874691d27), CONST64(0x9c6c78a05044143c),
+    CONST64(0x0e73b0562be8c358), CONST64(0x9a34573f91f263a5), CONST64(0xed3ce69e4f95da73), CONST64(0x358ed3d269345de7),
+    CONST64(0x2380dfc2613e5fe1), CONST64(0xd72ef2ae578bdc79), CONST64(0x486e13cfe9947d87), CONST64(0x6c59942613decd4a),
+    CONST64(0x5e601fdfe19e7f81), CONST64(0x049bc1ea752f5aee), CONST64(0xf3197547adc16cb4), CONST64(0x3e89d5da6d315ce4),
+    CONST64(0xefff08ebfb0cf704), CONST64(0x47f2d42d98be266a), CONST64(0xb7c738abdb24ff1c), CONST64(0x11b9543b937eed2a),
+    CONST64(0x36a24a13876fe825), CONST64(0x26f4699c4ed39dba), CONST64(0xee107f5fa1ce6fb1), CONST64(0x8b8d0304028c8e8f),
+    CONST64(0xe34f56c8647d192b), CONST64(0x9447e769ba1aa0fd), CONST64(0xdeea1ad3e717f00d), CONST64(0xba98113c1e978986),
+    CONST64(0x692d22783c330f11), CONST64(0x311512381c1b0709), CONST64(0xfd6ac5118629afec), CONST64(0x9bdb208bcb30fb10),
+    CONST64(0x5838304020280818), CONST64(0x976b7ea85441153f), CONST64(0x7f232e6834390d17), CONST64(0x2c1c18201014040c),
+    CONST64(0x0b07060804050103), CONST64(0xab2145078de964ac), CONST64(0xca27f8b65b84df7c), CONST64(0x0d5f2997c5b3769a),
+    CONST64(0x64720beff980798b), CONST64(0xdc29f4a6538edd7a), CONST64(0xb2b38ef5f4c93d47), CONST64(0x8a6274b0584e163a),
+    CONST64(0xa4bd82e5fcc33f41), CONST64(0xfc85b2a5dceb3759), CONST64(0xf81e734fa9c46db7), CONST64(0x95a890dde0d83848),
+    CONST64(0x7708b1a1de67b9d6), CONST64(0x2a4437bfd1a27395), CONST64(0x3da54c1b836ae926), CONST64(0xea8bbeb5d4e1355f),
+    CONST64(0x6db6e392491c55ff), CONST64(0x3c4a3bafd9a87193), CONST64(0x727c07fff18a7b8d), CONST64(0x9d830f140a868c89),
+    CONST64(0x214331b7d5a77296), CONST64(0xb19f17341a928885), CONST64(0xe4f80ee3ff09f607), CONST64(0x33d6fc4da8822a7e),
+    CONST64(0xafba84edf8c63e42), CONST64(0x2887d9ca653b5ee2), CONST64(0x4cf5d2259cbb2769), CONST64(0xc0cf890a054346ca),
+    CONST64(0x74242860303c0c14), CONST64(0xa026430f89ec65af), CONST64(0xdf056d67bdd568b8), CONST64(0x8c3a5b2f99f861a3),
+    CONST64(0x1d090a180c0f0305), CONST64(0x187dbc4623e2c15e), CONST64(0x7bb8ef82411657f9), CONST64(0x9918cefe7fa9d667),
+    CONST64(0xf035ec86439ad976), CONST64(0x1295cdfa7d2558e8), CONST64(0xfb32ea8e479fd875), CONST64(0xbd2f491785e366aa),
+    CONST64(0x921fc8f67bacd764), CONST64(0x83a69ccde8d23a4e), CONST64(0x4b428a0e07cfc845), CONST64(0xb9b488fdf0cc3c44),
+    CONST64(0x90dc2683cf35fa13), CONST64(0x63c553c462f496a7), CONST64(0xa552f551a601a7f4), CONST64(0x01ef77b45ac298b5),
+    CONST64(0x1abe5233977bec29), CONST64(0x7c0fb7a9da62b8d5), CONST64(0x226fa8763bfcc754), CONST64(0xf66dc319822caeef),
+    CONST64(0xd4026b6fb9d069bb), CONST64(0xbfeca762317a4bdd), CONST64(0xd176dd31963dabe0), CONST64(0xc778d1219e37a9e6),
+    CONST64(0xb6284f1f81e667a9), CONST64(0x4e363c5028220a1e), CONST64(0xcbc88f02014647c9), CONST64(0xc8e416c3ef1df20b),
+    CONST64(0x032c99c1ee5bb5c2), CONST64(0x6beecc0d88aa2266), CONST64(0x4981647bb356e532), CONST64(0x0cb05e239f71ee2f),
+    CONST64(0x461da399c27cbedf), CONST64(0x38d1fa45ac872b7d), CONST64(0xe2a0217c3ebf819e), CONST64(0xa67e6c90485a1236),
+    CONST64(0xf4ae2d6c36b58398), CONST64(0xf5415ad86c771b2d), CONST64(0x622a247038360e12), CONST64(0x60e9ca058caf2365),
+    CONST64(0xf9f104fbf306f502), CONST64(0xddc68312094c45cf), CONST64(0x76e7c61584a52163), CONST64(0x71509e3e1fd1ce4f),
+    CONST64(0xa9e2ab72397049db), CONST64(0x09c4e87db09c2c74), CONST64(0x8dd52c9bc33af916), CONST64(0x54886e63bf59e637),
+    CONST64(0x1e2593d9e254b6c7), CONST64(0x25d8f05da0882878), CONST64(0x816572b85c4b1739), CONST64(0xffa92b6432b0829b),
+    CONST64(0xfe465cd068721a2e), CONST64(0xac961d2c169d8b80), CONST64(0xbcc03ea3df21fe1f), CONST64(0xa7911b2412988a83),
+    CONST64(0x533f3648242d091b), CONST64(0x40458c0603cac946), CONST64(0xd8b2354c26a18794), CONST64(0x98f7b94a256b4ed2),
+    CONST64(0x659d7c5ba342e13e), CONST64(0x1fcae46db8962e72), CONST64(0x42866273b753e431), CONST64(0x6e9a7a53a747e03d),
+    CONST64(0x2bab400b8b60eb20), CONST64(0x59d747f47aea90ad), CONST64(0xb85bff49aa0ea4f1), CONST64(0xd25a44f078661e22),
+    CONST64(0xcebc395c2eab8592), CONST64(0x873d5d279dfd60a0), CONST64(0x0000000000000000), CONST64(0x5afbde3594b1256f),
+    CONST64(0xf2f602f3f703f401), CONST64(0xd5ed1cdbe312f10e), CONST64(0x75cb5fd46afe94a1), CONST64(0x45313a582c270b1d),
+    CONST64(0x5f8f686bbb5ce734), CONST64(0x1056238fc9bc759f), CONST64(0x07b7582b9b74ef2c), CONST64(0xe18cb8bdd0e4345c),
+    CONST64(0xc697a695c4f53153), CONST64(0x8f16c2ee77a3d461), CONST64(0xa30adace67b7d06d), CONST64(0xd3b5334422a48697),
+    CONST64(0x556719d7e59b7e82), CONST64(0xeb64c9018e23adea), CONST64(0xa1c934bbd32efd1a), CONST64(0x2edff655a48d297b),
+    CONST64(0xcd90a09dc0f03050), CONST64(0x88a19ac5ecd73b4d), CONST64(0x30fa658c46d99fbc), CONST64(0x86d22a93c73ff815),
+    CONST64(0x2968ae7e3ff9c657), CONST64(0xad796a984c5f1335), CONST64(0x3a121430181e060a), CONST64(0x271b1e281411050f),
+    CONST64(0x3461a46633f6c552), CONST64(0xbb77668844551133), CONST64(0x06582f9fc1b67799), CONST64(0x436915c7ed917c84),
+    CONST64(0x797b01f7f58f7a8e), CONST64(0x6f750de7fd857888), CONST64(0xf782b4add8ee365a), CONST64(0xc45448e0706c1c24),
+    CONST64(0x9eaf96d5e4dd394b), CONST64(0x1992cbf2792059eb), CONST64(0xe84850c060781828), CONST64(0x70bfe98a451356fa),
+    CONST64(0x393e8df1f645b3c8), CONST64(0x243787e9fa4ab0cd), CONST64(0x51fcd83d90b4246c), CONST64(0x7de0c01d80a02060),
+    CONST64(0x32398bf9f240b2cb), CONST64(0x4fd94be472e092ab), CONST64(0x894eed71b615a3f8), CONST64(0x137aba4e27e7c05d),
+    CONST64(0xd6c1851a0d4944cc), CONST64(0x9133513795f762a6), CONST64(0xb070608040501030), CONST64(0x082b9fc9ea5eb4c1),
+    CONST64(0xc5bb3f542aae8491), CONST64(0xe7d49722115243c5), CONST64(0x44de4dec76e593a8), CONST64(0x0574b65e2fedc25b),
+    CONST64(0xb4eba16a357f4ade), CONST64(0x5b14a981ce73bdda), CONST64(0x808a050c06898f8c), CONST64(0x02c3ee75b4992d77),
+    CONST64(0x5013af89ca76bcd9), CONST64(0x2df36f944ad69cb9), CONST64(0xc90b6177b5df6abe), CONST64(0xfadd9d3a1d5d40c0),
+    CONST64(0x7a5798361bd4cf4c), CONST64(0x8249eb79b210a2fb), CONST64(0xe9a727743aba809d), CONST64(0x93f0bf42216e4fd1),
+    CONST64(0xd95d42f87c631f21), CONST64(0x5d4c861e0fc5ca43), CONST64(0xda71db399238aae3), CONST64(0xecd3912a155742c6),
+};
+
+static const ulong64 T7[256] = {
+    CONST64(0x016ab9bb68d2d3ba), CONST64(0xb1669ae5194dfc54), CONST64(0xcd1465e293bc712f), CONST64(0x511b8725b9cd9c74),
+    CONST64(0xa457a2f70251f553), CONST64(0x03bed6d0b86b68d3), CONST64(0x04b5ded6bd6f6bd2), CONST64(0xfe8552b36429d74d),
+    CONST64(0xad4abafd0d5df050), CONST64(0x63e009cf268ae9ac), CONST64(0x84961c09830e8a8d), CONST64(0x1a4d91a579c6dcbf),
+    CONST64(0x4d37a73daddd9070), CONST64(0xa35caaf10755f652), CONST64(0xe117a47bc852b39a), CONST64(0xf98e5ab5612dd44c),
+    CONST64(0xac200346658f23ea), CONST64(0x1184e6c4a67362d5), CONST64(0xc268cc55f166a497), CONST64(0x0da8c6dcb2636ed1),
+    CONST64(0x99d085aaffcc5533), CONST64(0xaa41b2fb0859f351), CONST64(0x9c0fe2c72a71ed5b), CONST64(0x55ae59f304a2f7a6),
+    CONST64(0x20c1befe815f7fde), CONST64(0xe5a27aad753dd848), CONST64(0x7fcc29d7329ae5a8), CONST64(0xe80abc71c75eb699),
+    CONST64(0x3be696e0904b70db), CONST64(0x9edb8dacfac85632), CONST64(0x2215d19551e6c4b7), CONST64(0xceaab3322bd719fc),
+    CONST64(0x93734b7048ab38e3), CONST64(0xfd3b8463dc42bf9e), CONST64(0xd052fc41ef7eae91), CONST64(0xe61cac7dcd56b09b),
+    CONST64(0x947843764daf3be2), CONST64(0x0661b1bd6dd6d0bb), CONST64(0xdaf1329b5819c341), CONST64(0x17e55779cba5b26e),
+    CONST64(0x5cb341f90baef2a5), CONST64(0x4b561680c00b40cb), CONST64(0x0cc27f67dab1bd6b), CONST64(0xcc7edc59fb6ea295),
+    CONST64(0x409f61e11fbefea1), CONST64(0xe3c3cb1018eb08f3), CONST64(0x302fe1814ffeceb1), CONST64(0x0e16100c0a080602),
+    CONST64(0x5e672e92db1749cc), CONST64(0x663f6ea2f33751c4), CONST64(0x53cfe84e6974271d), CONST64(0x6c9ca07844503c14),
+    CONST64(0x730e56b0e82b58c3), CONST64(0x349a3f57f291a563), CONST64(0x3ced9ee6954f73da), CONST64(0x8e35d2d33469e75d),
+    CONST64(0x8023c2df3e61e15f), CONST64(0x2ed7aef28b5779dc), CONST64(0x6e48cf1394e9877d), CONST64(0x596c2694de134acd),
+    CONST64(0x605edf1f9ee1817f), CONST64(0x9b04eac12f75ee5a), CONST64(0x19f34775c1adb46c), CONST64(0x893edad5316de45c),
+    CONST64(0xffefeb080cfb04f7), CONST64(0xf2472dd4be986a26), CONST64(0xc7b7ab3824db1cff), CONST64(0xb9113b547e932aed),
+    CONST64(0xa236134a6f8725e8), CONST64(0xf4269c69d34eba9d), CONST64(0x10ee5f7fcea1b16f), CONST64(0x8d8b04038c028f8e),
+    CONST64(0x4fe3c8567d642b19), CONST64(0x479469e71abafda0), CONST64(0xeaded31a17e70df0), CONST64(0x98ba3c11971e8689),
+    CONST64(0x2d697822333c110f), CONST64(0x153138121b1c0907), CONST64(0x6afd11c52986ecaf), CONST64(0xdb9b8b2030cb10fb),
+    CONST64(0x3858403028201808), CONST64(0x6b97a87e41543f15), CONST64(0x237f682e3934170d), CONST64(0x1c2c201814100c04),
+    CONST64(0x070b080605040301), CONST64(0x21ab0745e98dac64), CONST64(0x27cab6f8845b7cdf), CONST64(0x5f0d9729b3c59a76),
+    CONST64(0x7264ef0b80f98b79), CONST64(0x29dca6f48e537add), CONST64(0xb3b2f58ec9f4473d), CONST64(0x628ab0744e583a16),
+    CONST64(0xbda4e582c3fc413f), CONST64(0x85fca5b2ebdc5937), CONST64(0x1ef84f73c4a9b76d), CONST64(0xa895dd90d8e04838),
+    CONST64(0x0877a1b167ded6b9), CONST64(0x442abf37a2d19573), CONST64(0xa53d1b4c6a8326e9), CONST64(0x8beab5bee1d45f35),
+    CONST64(0xb66d92e31c49ff55), CONST64(0x4a3caf3ba8d99371), CONST64(0x7c72ff078af18d7b), CONST64(0x839d140f860a898c),
+    CONST64(0x4321b731a7d59672), CONST64(0x9fb13417921a8588), CONST64(0xf8e4e30e09ff07f6), CONST64(0xd6334dfc82a87e2a),
+    CONST64(0xbaafed84c6f8423e), CONST64(0x8728cad93b65e25e), CONST64(0xf54c25d2bb9c6927), CONST64(0xcfc00a894305ca46),
+    CONST64(0x247460283c30140c), CONST64(0x26a00f43ec89af65), CONST64(0x05df676dd5bdb868), CONST64(0x3a8c2f5bf899a361),
+    CONST64(0x091d180a0f0c0503), CONST64(0x7d1846bce2235ec1), CONST64(0xb87b82ef1641f957), CONST64(0x1899fecea97f67d6),
+    CONST64(0x35f086ec9a4376d9), CONST64(0x9512facd257de858), CONST64(0x32fb8eea9f4775d8), CONST64(0x2fbd1749e385aa66),
+    CONST64(0x1f92f6c8ac7b64d7), CONST64(0xa683cd9cd2e84e3a), CONST64(0x424b0e8acf0745c8), CONST64(0xb4b9fd88ccf0443c),
+    CONST64(0xdc90832635cf13fa), CONST64(0xc563c453f462a796), CONST64(0x52a551f501a6f4a7), CONST64(0xef01b477c25ab598),
+    CONST64(0xbe1a33527b9729ec), CONST64(0x0f7ca9b762dad5b8), CONST64(0x6f2276a8fc3b54c7), CONST64(0x6df619c32c82efae),
+    CONST64(0x02d46f6bd0b9bb69), CONST64(0xecbf62a77a31dd4b), CONST64(0x76d131dd3d96e0ab), CONST64(0x78c721d1379ee6a9),
+    CONST64(0x28b61f4fe681a967), CONST64(0x364e503c22281e0a), CONST64(0xc8cb028f4601c947), CONST64(0xe4c8c3161def0bf2),
+    CONST64(0x2c03c1995beec2b5), CONST64(0xee6b0dccaa886622), CONST64(0x81497b6456b332e5), CONST64(0xb00c235e719f2fee),
+    CONST64(0x1d4699a37cc2dfbe), CONST64(0xd13845fa87ac7d2b), CONST64(0xa0e27c21bf3e9e81), CONST64(0x7ea6906c5a483612),
+    CONST64(0xaef46c2db5369883), CONST64(0x41f5d85a776c2d1b), CONST64(0x2a6270243638120e), CONST64(0xe96005caaf8c6523),
+    CONST64(0xf1f9fb0406f302f5), CONST64(0xc6dd12834c09cf45), CONST64(0xe77615c6a5846321), CONST64(0x50713e9ed11f4fce),
+    CONST64(0xe2a972ab7039db49), CONST64(0xc4097de89cb0742c), CONST64(0xd58d9b2c3ac316f9), CONST64(0x8854636e59bf37e6),
+    CONST64(0x251ed99354e2c7b6), CONST64(0xd8255df088a07828), CONST64(0x6581b8724b5c3917), CONST64(0xa9ff642bb0329b82),
+    CONST64(0x46fed05c72682e1a), CONST64(0x96ac2c1d9d16808b), CONST64(0xc0bca33e21df1ffe), CONST64(0x91a7241b9812838a),
+    CONST64(0x3f5348362d241b09), CONST64(0x4540068cca0346c9), CONST64(0xb2d84c35a1269487), CONST64(0xf7984ab96b25d24e),
+    CONST64(0x9d655b7c42a33ee1), CONST64(0xca1f6de496b8722e), CONST64(0x8642736253b731e4), CONST64(0x9a6e537a47a73de0),
+    CONST64(0xab2b0b40608b20eb), CONST64(0xd759f447ea7aad90), CONST64(0x5bb849ff0eaaf1a4), CONST64(0x5ad2f0446678221e),
+    CONST64(0xbcce5c39ab2e9285), CONST64(0x3d87275dfd9da060), CONST64(0x0000000000000000), CONST64(0xfb5a35deb1946f25),
+    CONST64(0xf6f2f30203f701f4), CONST64(0xedd5db1c12e30ef1), CONST64(0xcb75d45ffe6aa194), CONST64(0x3145583a272c1d0b),
+    CONST64(0x8f5f6b685cbb34e7), CONST64(0x56108f23bcc99f75), CONST64(0xb7072b58749b2cef), CONST64(0x8ce1bdb8e4d05c34),
+    CONST64(0x97c695a6f5c45331), CONST64(0x168feec2a37761d4), CONST64(0x0aa3cedab7676dd0), CONST64(0xb5d34433a4229786),
+    CONST64(0x6755d7199be5827e), CONST64(0x64eb01c9238eeaad), CONST64(0xc9a1bb342ed31afd), CONST64(0xdf2e55f68da47b29),
+    CONST64(0x90cd9da0f0c05030), CONST64(0xa188c59ad7ec4d3b), CONST64(0xfa308c65d946bc9f), CONST64(0xd286932a3fc715f8),
+    CONST64(0x68297eaef93f57c6), CONST64(0x79ad986a5f4c3513), CONST64(0x123a30141e180a06), CONST64(0x1b27281e11140f05),
+    CONST64(0x613466a4f63352c5), CONST64(0x77bb886655443311), CONST64(0x58069f2fb6c19977), CONST64(0x6943c71591ed847c),
+    CONST64(0x7b79f7018ff58e7a), CONST64(0x756fe70d85fd8878), CONST64(0x82f7adb4eed85a36), CONST64(0x54c4e0486c70241c),
+    CONST64(0xaf9ed596dde44b39), CONST64(0x9219f2cb2079eb59), CONST64(0x48e8c05078602818), CONST64(0xbf708ae91345fa56),
+    CONST64(0x3e39f18d45f6c8b3), CONST64(0x3724e9874afacdb0), CONST64(0xfc513dd8b4906c24), CONST64(0xe07d1dc0a0806020),
+    CONST64(0x3932f98b40f2cbb2), CONST64(0xd94fe44be072ab92), CONST64(0x4e8971ed15b6f8a3), CONST64(0x7a134ebae7275dc0),
+    CONST64(0xc1d61a85490dcc44), CONST64(0x33913751f795a662), CONST64(0x70b0806050403010), CONST64(0x2b08c99f5eeac1b4),
+    CONST64(0xbbc5543fae2a9184), CONST64(0xd4e722975211c543), CONST64(0xde44ec4de576a893), CONST64(0x74055eb6ed2f5bc2),
+    CONST64(0xebb46aa17f35de4a), CONST64(0x145b81a973cedabd), CONST64(0x8a800c0589068c8f), CONST64(0xc30275ee99b4772d),
+    CONST64(0x135089af76cad9bc), CONST64(0xf32d946fd64ab99c), CONST64(0x0bc97761dfb5be6a), CONST64(0xddfa3a9d5d1dc040),
+    CONST64(0x577a3698d41b4ccf), CONST64(0x498279eb10b2fba2), CONST64(0xa7e97427ba3a9d80), CONST64(0xf09342bf6e21d14f),
+    CONST64(0x5dd9f842637c211f), CONST64(0x4c5d1e86c50f43ca), CONST64(0x71da39db3892e3aa), CONST64(0xd3ec2a915715c642),
+};
+
+static const ulong64 c[R + 1] = {
+    CONST64(0xba542f7453d3d24d),
+    CONST64(0x50ac8dbf70529a4c),
+    CONST64(0xead597d133515ba6),
+    CONST64(0xde48a899db32b7fc),
+    CONST64(0xe39e919be2bb416e),
+    CONST64(0xa5cb6b95a1f3b102),
+    CONST64(0xccc41d14c363da5d),
+    CONST64(0x5fdc7dcd7f5a6c5c),
+    CONST64(0xf726ffede89d6f8e),
+};
+
+ /**
+    Initialize the Khazad block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
+int khazad_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
+{
+   int               r;
+   const ulong64    *S;
+   ulong64           K2, K1;
+
+   LTC_ARGCHK(key  != NULL);
+   LTC_ARGCHK(skey != NULL);
+   if (keylen != 16) {
+      return CRYPT_INVALID_KEYSIZE;
+   }
+   if (num_rounds != 8 && num_rounds != 0) {
+      return CRYPT_INVALID_ROUNDS;
+   }
+
+   /* use 7th table */
+   S = T7;
+
+    /*
+    * map unsigned char array cipher key to initial key state (mu):
+    */
+   K2 =
+      ((ulong64)key[ 0] << 56) ^
+      ((ulong64)key[ 1] << 48) ^
+      ((ulong64)key[ 2] << 40) ^
+      ((ulong64)key[ 3] << 32) ^
+      ((ulong64)key[ 4] << 24) ^
+      ((ulong64)key[ 5] << 16) ^
+      ((ulong64)key[ 6] <<  8) ^
+      ((ulong64)key[ 7]      );
+   K1 =
+      ((ulong64)key[ 8] << 56) ^
+      ((ulong64)key[ 9] << 48) ^
+      ((ulong64)key[10] << 40) ^
+      ((ulong64)key[11] << 32) ^
+      ((ulong64)key[12] << 24) ^
+      ((ulong64)key[13] << 16) ^
+      ((ulong64)key[14] <<  8) ^
+      ((ulong64)key[15]      );
+
+   /*
+    * compute the round keys:
+    */
+   for (r = 0; r <= R; r++) {
+      /*
+       * K[r] = rho(c[r], K1) ^ K2;
+       */
+      skey->khazad.roundKeyEnc[r] =
+         T0[(int)(K1 >> 56)       ] ^
+         T1[(int)(K1 >> 48) & 0xff] ^
+         T2[(int)(K1 >> 40) & 0xff] ^
+         T3[(int)(K1 >> 32) & 0xff] ^
+         T4[(int)(K1 >> 24) & 0xff] ^
+         T5[(int)(K1 >> 16) & 0xff] ^
+         T6[(int)(K1 >>  8) & 0xff] ^
+         T7[(int)(K1      ) & 0xff] ^
+         c[r] ^ K2;
+      K2 = K1; K1 = skey->khazad.roundKeyEnc[r];
+   }
+   /*
+    * compute the inverse key schedule:
+    * K'^0 = K^R, K'^R = K^0, K'^r = theta(K^{R-r})
+    */
+   skey->khazad.roundKeyDec[0] = skey->khazad.roundKeyEnc[R];
+   for (r = 1; r < R; r++) {
+      K1 = skey->khazad.roundKeyEnc[R - r];
+      skey->khazad.roundKeyDec[r] =
+         T0[(int)S[(int)(K1 >> 56)       ] & 0xff] ^
+         T1[(int)S[(int)(K1 >> 48) & 0xff] & 0xff] ^
+         T2[(int)S[(int)(K1 >> 40) & 0xff] & 0xff] ^
+         T3[(int)S[(int)(K1 >> 32) & 0xff] & 0xff] ^
+         T4[(int)S[(int)(K1 >> 24) & 0xff] & 0xff] ^
+         T5[(int)S[(int)(K1 >> 16) & 0xff] & 0xff] ^
+         T6[(int)S[(int)(K1 >>  8) & 0xff] & 0xff] ^
+         T7[(int)S[(int)(K1      ) & 0xff] & 0xff];
+   }
+   skey->khazad.roundKeyDec[R] = skey->khazad.roundKeyEnc[0];
+
+   return CRYPT_OK;
+}
+
+static void khazad_crypt(const unsigned char *plaintext, unsigned char *ciphertext,
+                         const ulong64       *roundKey) {
+   int     r;
+   ulong64 state;
+    /*
+    * map plaintext block to cipher state (mu)
+    * and add initial round key (sigma[K^0]):
+    */
+   state =
+      ((ulong64)plaintext[0] << 56) ^
+      ((ulong64)plaintext[1] << 48) ^
+      ((ulong64)plaintext[2] << 40) ^
+      ((ulong64)plaintext[3] << 32) ^
+      ((ulong64)plaintext[4] << 24) ^
+      ((ulong64)plaintext[5] << 16) ^
+      ((ulong64)plaintext[6] <<  8) ^
+      ((ulong64)plaintext[7]      ) ^
+      roundKey[0];
+
+    /*
+    * R - 1 full rounds:
+    */
+    for (r = 1; r < R; r++) {
+      state =
+         T0[(int)(state >> 56)       ] ^
+         T1[(int)(state >> 48) & 0xff] ^
+         T2[(int)(state >> 40) & 0xff] ^
+         T3[(int)(state >> 32) & 0xff] ^
+         T4[(int)(state >> 24) & 0xff] ^
+         T5[(int)(state >> 16) & 0xff] ^
+         T6[(int)(state >>  8) & 0xff] ^
+         T7[(int)(state      ) & 0xff] ^
+         roundKey[r];
+    }
+
+    /*
+    * last round:
+    */
+   state =
+      (T0[(int)(state >> 56)       ] & CONST64(0xff00000000000000)) ^
+      (T1[(int)(state >> 48) & 0xff] & CONST64(0x00ff000000000000)) ^
+      (T2[(int)(state >> 40) & 0xff] & CONST64(0x0000ff0000000000)) ^
+      (T3[(int)(state >> 32) & 0xff] & CONST64(0x000000ff00000000)) ^
+      (T4[(int)(state >> 24) & 0xff] & CONST64(0x00000000ff000000)) ^
+      (T5[(int)(state >> 16) & 0xff] & CONST64(0x0000000000ff0000)) ^
+      (T6[(int)(state >>  8) & 0xff] & CONST64(0x000000000000ff00)) ^
+      (T7[(int)(state      ) & 0xff] & CONST64(0x00000000000000ff)) ^
+      roundKey[R];
+
+   /*
+    * map cipher state to ciphertext block (mu^{-1}):
+    */
+   ciphertext[0] = (unsigned char)(state >> 56);
+   ciphertext[1] = (unsigned char)(state >> 48);
+   ciphertext[2] = (unsigned char)(state >> 40);
+   ciphertext[3] = (unsigned char)(state >> 32);
+   ciphertext[4] = (unsigned char)(state >> 24);
+   ciphertext[5] = (unsigned char)(state >> 16);
+   ciphertext[6] = (unsigned char)(state >>  8);
+   ciphertext[7] = (unsigned char)(state      );
+}
+
+/**
+  Encrypts a block of text with Khazad
+  @param pt The input plaintext (8 bytes)
+  @param ct The output ciphertext (8 bytes)
+  @param skey The key as scheduled
+*/
+void khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+{
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(skey != NULL);
+   khazad_crypt(pt, ct, skey->khazad.roundKeyEnc);
+}
+
+/**
+  Decrypts a block of text with Khazad
+  @param ct The input ciphertext (8 bytes)
+  @param pt The output plaintext (8 bytes)
+  @param skey The key as scheduled 
+*/
+void khazad_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+{
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(skey != NULL);
+   khazad_crypt(ct, pt, skey->khazad.roundKeyDec);
+}
+
+/**
+  Performs a self-test of the Khazad block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
+int khazad_test(void)
+{
+#ifndef LTC_TEST
+  return CRYPT_NOP;
+#else
+  static const struct test {
+     unsigned char pt[8], ct[8], key[16];
+  } tests[] = {
+{
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x49, 0xA4, 0xCE, 0x32, 0xAC, 0x19, 0x0E, 0x3F },
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x64, 0x5D, 0x77, 0x3E, 0x40, 0xAB, 0xDD, 0x53 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+}, {
+   { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+   { 0x9E, 0x39, 0x98, 0x64, 0xF7, 0x8E, 0xCA, 0x02 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
+   { 0xA9, 0xDF, 0x3D, 0x2C, 0x64, 0xD3, 0xEA, 0x28 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}
+};
+   int x, y;
+   unsigned char buf[2][8];
+   symmetric_key skey;
+
+   for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+       khazad_setup(tests[x].key, 16, 0, &skey);
+       khazad_ecb_encrypt(tests[x].pt, buf[0], &skey);
+       khazad_ecb_decrypt(buf[0], buf[1], &skey);
+       if (memcmp(buf[0], tests[x].ct, 8) || memcmp(buf[1], tests[x].pt, 8)) {
+          return CRYPT_FAIL_TESTVECTOR;
+       }
+
+       for (y = 0; y < 1000; y++) khazad_ecb_encrypt(buf[0], buf[0], &skey);
+       for (y = 0; y < 1000; y++) khazad_ecb_decrypt(buf[0], buf[0], &skey);
+       if (memcmp(buf[0], tests[x].ct, 8)) {
+          return CRYPT_FAIL_TESTVECTOR;
+       }
+
+   }
+   return CRYPT_OK;
+#endif
+}
+
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int khazad_keysize(int *keysize)
+{
+   LTC_ARGCHK(keysize != NULL);
+   if (*keysize >= 16) {
+      *keysize = 16;
+      return CRYPT_OK;
+   } else {
+      return CRYPT_INVALID_KEYSIZE;
+   }
+}
+
+#endif

noekeon.c → src/ciphers/noekeon.c

@@ -8,12 +8,15 @@
  *
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
-/* Implementation of the Noekeon block cipher by Tom St Denis */
-#include "mycrypt.h"
+/**
+   @file noekeon.c
+   Implementation of the Noekeon block cipher by Tom St Denis 
+*/
+#include "tomcrypt.h"
 
 #ifdef NOEKEON
 
-const struct _cipher_descriptor noekeon_desc =
+const struct ltc_cipher_descriptor noekeon_desc =
 {
     "noekeon",
     16,
@@ -34,15 +37,15 @@ static const ulong32 RC[] = {
 };
 
 #define kTHETA(a, b, c, d)                                 \
-    temp = a^c; temp = temp ^ ROL(temp, 8) ^ ROR(temp, 8); \
+    temp = a^c; temp = temp ^ ROLc(temp, 8) ^ RORc(temp, 8); \
     b ^= temp; d ^= temp;                                  \
-    temp = b^d; temp = temp ^ ROL(temp, 8) ^ ROR(temp, 8); \
+    temp = b^d; temp = temp ^ ROLc(temp, 8) ^ RORc(temp, 8); \
     a ^= temp; c ^= temp;
 
 #define THETA(k, a, b, c, d)                               \
-    temp = a^c; temp = temp ^ ROL(temp, 8) ^ ROR(temp, 8); \
+    temp = a^c; temp = temp ^ ROLc(temp, 8) ^ RORc(temp, 8); \
     b ^= temp ^ k[1]; d ^= temp ^ k[3];                    \
-    temp = b^d; temp = temp ^ ROL(temp, 8) ^ ROR(temp, 8); \
+    temp = b^d; temp = temp ^ ROLc(temp, 8) ^ RORc(temp, 8); \
     a ^= temp ^ k[0]; c ^= temp ^ k[2];
     
 #define GAMMA(a, b, c, d)     \
@@ -54,17 +57,25 @@ static const ulong32 RC[] = {
     a ^= c&b;
     
 #define PI1(a, b, c, d) \
-    a = ROL(a, 1); c = ROL(c, 5); d = ROL(d, 2);
+    a = ROLc(a, 1); c = ROLc(c, 5); d = ROLc(d, 2);
     
 #define PI2(a, b, c, d) \
-    a = ROR(a, 1); c = ROR(c, 5); d = ROR(d, 2);
+    a = RORc(a, 1); c = RORc(c, 5); d = RORc(d, 2);
     
+ /**
+    Initialize the Noekeon block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
 int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
    ulong32 temp;
    
-   _ARGCHK(key != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(key != NULL);
+   LTC_ARGCHK(skey != NULL);
    
    if (keylen != 16) {
       return CRYPT_INVALID_KEYSIZE;
@@ -89,25 +100,31 @@ int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
    return CRYPT_OK;
 }
 
-#ifdef CLEAN_STACK
-static void _noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+/**
+  Encrypts a block of text with Noekeon
+  @param pt The input plaintext (16 bytes)
+  @param ct The output ciphertext (16 bytes)
+  @param skey The key as scheduled
+*/
+#ifdef LTC_CLEAN_STACK
+static void _noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #else
-void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #endif
 {
    ulong32 a,b,c,d,temp;
    int r;
 
-   _ARGCHK(key != NULL);
-   _ARGCHK(pt != NULL);
-   _ARGCHK(ct != NULL);
+   LTC_ARGCHK(skey != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
    
    LOAD32H(a,&pt[0]); LOAD32H(b,&pt[4]);
    LOAD32H(c,&pt[8]); LOAD32H(d,&pt[12]);
    
 #define ROUND(i) \
        a ^= RC[i]; \
-       THETA(key->noekeon.K, a,b,c,d); \
+       THETA(skey->noekeon.K, a,b,c,d); \
        PI1(a,b,c,d); \
        GAMMA(a,b,c,d); \
        PI2(a,b,c,d);
@@ -119,39 +136,45 @@ void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
 #undef ROUND
 
    a ^= RC[16];
-   THETA(key->noekeon.K, a, b, c, d);
+   THETA(skey->noekeon.K, a, b, c, d);
    
    STORE32H(a,&ct[0]); STORE32H(b,&ct[4]);
    STORE32H(c,&ct[8]); STORE32H(d,&ct[12]);
 }
 
-#ifdef CLEAN_STACK
-void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 {
-   _noekeon_ecb_encrypt(pt, ct, key);
+   _noekeon_ecb_encrypt(pt, ct, skey);
    burn_stack(sizeof(ulong32) * 5 + sizeof(int));
 }
 #endif
 
-#ifdef CLEAN_STACK
-static void _noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+/**
+  Decrypts a block of text with Noekeon
+  @param ct The input ciphertext (16 bytes)
+  @param pt The output plaintext (16 bytes)
+  @param skey The key as scheduled 
+*/
+#ifdef LTC_CLEAN_STACK
+static void _noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #else
-void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #endif
 {
    ulong32 a,b,c,d, temp;
    int r;
 
-   _ARGCHK(key != NULL);
-   _ARGCHK(pt != NULL);
-   _ARGCHK(ct != NULL);
+   LTC_ARGCHK(skey != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
    
    LOAD32H(a,&ct[0]); LOAD32H(b,&ct[4]);
    LOAD32H(c,&ct[8]); LOAD32H(d,&ct[12]);
    
 
 #define ROUND(i) \
-       THETA(key->noekeon.dK, a,b,c,d); \
+       THETA(skey->noekeon.dK, a,b,c,d); \
        a ^= RC[i]; \
        PI1(a,b,c,d); \
        GAMMA(a,b,c,d); \
@@ -163,20 +186,24 @@ void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
 
 #undef ROUND
 
-   THETA(key->noekeon.dK, a,b,c,d);
+   THETA(skey->noekeon.dK, a,b,c,d);
    a ^= RC[0];
    STORE32H(a,&pt[0]); STORE32H(b, &pt[4]);
    STORE32H(c,&pt[8]); STORE32H(d, &pt[12]);
 }
 
-#ifdef CLEAN_STACK
-void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 {
-   _noekeon_ecb_decrypt(ct, pt, key);
+   _noekeon_ecb_decrypt(ct, pt, skey);
    burn_stack(sizeof(ulong32) * 5 + sizeof(int));
 }
 #endif
 
+/**
+  Performs a self-test of the Noekeon block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
 int noekeon_test(void)
 {
  #ifndef LTC_TEST
@@ -236,13 +263,18 @@ int noekeon_test(void)
  #endif
 }
 
-int noekeon_keysize(int *desired_keysize)
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int noekeon_keysize(int *keysize)
 {
-   _ARGCHK(desired_keysize != NULL);
-   if (*desired_keysize < 16) {
+   LTC_ARGCHK(keysize != NULL);
+   if (*keysize < 16) {
       return CRYPT_INVALID_KEYSIZE;
    } else {
-      *desired_keysize = 16;
+      *keysize = 16;
       return CRYPT_OK;
    }
 }

rc2.c → src/ciphers/rc2.c

@@ -18,12 +18,16 @@
 * Thanks to CodeView, SoftIce, and D86 for helping bring this code to  *
 * the public.                                                          *
 \**********************************************************************/
+#include <tomcrypt.h>
 
-#include <mycrypt.h>
+/**
+  @file rc2.c
+  Implementation of RC2
+*/  
 
 #ifdef RC2
 
-const struct _cipher_descriptor rc2_desc = {
+const struct ltc_cipher_descriptor rc2_desc = {
    "rc2",
    12, 8, 128, 8, 16,
    &rc2_setup,
@@ -53,21 +57,29 @@ static const unsigned char permute[256] = {
         197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173
 };
 
-int rc2_setup(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
+ /**
+    Initialize the RC2 block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
+int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
    unsigned *xkey = skey->rc2.xkey;
    unsigned char tmp[128];
    unsigned T8, TM;
    int i, bits;
 
-   _ARGCHK(key  != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(key  != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    if (keylen < 8 || keylen > 128) {
       return CRYPT_INVALID_KEYSIZE;
    }
 
-   if (rounds != 0 && rounds != 16) {
+   if (num_rounds != 0 && num_rounds != 16) {
       return CRYPT_INVALID_ROUNDS;
    }
 
@@ -96,7 +108,7 @@ int rc2_setup(const unsigned char *key, int keylen, int rounds, symmetric_key *s
         xkey[i] =  (unsigned)tmp[2*i] + ((unsigned)tmp[2*i+1] << 8);
     }        
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
     zeromem(tmp, sizeof(tmp));
 #endif
     
@@ -106,29 +118,35 @@ int rc2_setup(const unsigned char *key, int keylen, int rounds, symmetric_key *s
 /**********************************************************************\
 * Encrypt an 8-byte block of plaintext using the given key.            *
 \**********************************************************************/
-#ifdef CLEAN_STACK
-static void _rc2_ecb_encrypt( const unsigned char *plain,
-                            unsigned char *cipher,
+/**
+  Encrypts a block of text with RC2
+  @param pt The input plaintext (8 bytes)
+  @param ct The output ciphertext (8 bytes)
+  @param skey The key as scheduled
+*/
+#ifdef LTC_CLEAN_STACK
+static void _rc2_ecb_encrypt( const unsigned char *pt,
+                            unsigned char *ct,
                             symmetric_key *skey)
 #else
-void rc2_ecb_encrypt( const unsigned char *plain,
-                            unsigned char *cipher,
+void rc2_ecb_encrypt( const unsigned char *pt,
+                            unsigned char *ct,
                             symmetric_key *skey)
 #endif
 {
     unsigned *xkey;
     unsigned x76, x54, x32, x10, i;
 
-    _ARGCHK(plain  != NULL);
-    _ARGCHK(cipher != NULL);
-    _ARGCHK(skey   != NULL);
+    LTC_ARGCHK(pt  != NULL);
+    LTC_ARGCHK(ct != NULL);
+    LTC_ARGCHK(skey   != NULL);
 
     xkey = skey->rc2.xkey;
 
-    x76 = ((unsigned)plain[7] << 8) + (unsigned)plain[6];
-    x54 = ((unsigned)plain[5] << 8) + (unsigned)plain[4];
-    x32 = ((unsigned)plain[3] << 8) + (unsigned)plain[2];
-    x10 = ((unsigned)plain[1] << 8) + (unsigned)plain[0];
+    x76 = ((unsigned)pt[7] << 8) + (unsigned)pt[6];
+    x54 = ((unsigned)pt[5] << 8) + (unsigned)pt[4];
+    x32 = ((unsigned)pt[3] << 8) + (unsigned)pt[2];
+    x10 = ((unsigned)pt[1] << 8) + (unsigned)pt[0];
 
     for (i = 0; i < 16; i++) {
         x10 = (x10 + (x32 & ~x76) + (x54 & x76) + xkey[4*i+0]) & 0xFFFF;
@@ -151,22 +169,22 @@ void rc2_ecb_encrypt( const unsigned char *plain,
         }
     }
 
-    cipher[0] = (unsigned char)x10;
-    cipher[1] = (unsigned char)(x10 >> 8);
-    cipher[2] = (unsigned char)x32;
-    cipher[3] = (unsigned char)(x32 >> 8);
-    cipher[4] = (unsigned char)x54;
-    cipher[5] = (unsigned char)(x54 >> 8);
-    cipher[6] = (unsigned char)x76;
-    cipher[7] = (unsigned char)(x76 >> 8);
+    ct[0] = (unsigned char)x10;
+    ct[1] = (unsigned char)(x10 >> 8);
+    ct[2] = (unsigned char)x32;
+    ct[3] = (unsigned char)(x32 >> 8);
+    ct[4] = (unsigned char)x54;
+    ct[5] = (unsigned char)(x54 >> 8);
+    ct[6] = (unsigned char)x76;
+    ct[7] = (unsigned char)(x76 >> 8);
 }
 
-#ifdef CLEAN_STACK
-void rc2_ecb_encrypt( const unsigned char *plain,
-                            unsigned char *cipher,
+#ifdef LTC_CLEAN_STACK
+void rc2_ecb_encrypt( const unsigned char *pt,
+                            unsigned char *ct,
                             symmetric_key *skey)
 {
-    _rc2_ecb_encrypt(plain, cipher, skey);
+    _rc2_ecb_encrypt(pt, ct, skey);
     burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 5);
 }
 #endif
@@ -174,14 +192,19 @@ void rc2_ecb_encrypt( const unsigned char *plain,
 /**********************************************************************\
 * Decrypt an 8-byte block of ciphertext using the given key.           *
 \**********************************************************************/
-
-#ifdef CLEAN_STACK
-static void _rc2_ecb_decrypt( const unsigned char *cipher,
-                            unsigned char *plain,
+/**
+  Decrypts a block of text with RC2
+  @param ct The input ciphertext (8 bytes)
+  @param pt The output plaintext (8 bytes)
+  @param skey The key as scheduled 
+*/
+#ifdef LTC_CLEAN_STACK
+static void _rc2_ecb_decrypt( const unsigned char *ct,
+                            unsigned char *pt,
                             symmetric_key *skey)
 #else
-void rc2_ecb_decrypt( const unsigned char *cipher,
-                            unsigned char *plain,
+void rc2_ecb_decrypt( const unsigned char *ct,
+                            unsigned char *pt,
                             symmetric_key *skey)
 #endif
 {
@@ -189,16 +212,16 @@ void rc2_ecb_decrypt( const unsigned char *cipher,
     unsigned *xkey;
     int i;
 
-    _ARGCHK(plain  != NULL);
-    _ARGCHK(cipher != NULL);
-    _ARGCHK(skey   != NULL);
+    LTC_ARGCHK(pt  != NULL);
+    LTC_ARGCHK(ct != NULL);
+    LTC_ARGCHK(skey   != NULL);
 
     xkey = skey->rc2.xkey;
 
-    x76 = ((unsigned)cipher[7] << 8) + (unsigned)cipher[6];
-    x54 = ((unsigned)cipher[5] << 8) + (unsigned)cipher[4];
-    x32 = ((unsigned)cipher[3] << 8) + (unsigned)cipher[2];
-    x10 = ((unsigned)cipher[1] << 8) + (unsigned)cipher[0];
+    x76 = ((unsigned)ct[7] << 8) + (unsigned)ct[6];
+    x54 = ((unsigned)ct[5] << 8) + (unsigned)ct[4];
+    x32 = ((unsigned)ct[3] << 8) + (unsigned)ct[2];
+    x10 = ((unsigned)ct[1] << 8) + (unsigned)ct[0];
 
     for (i = 15; i >= 0; i--) {
         if (i == 4 || i == 10) {
@@ -221,26 +244,30 @@ void rc2_ecb_decrypt( const unsigned char *cipher,
         x10 = (x10 - ((x32 & ~x76) + (x54 & x76) + xkey[4*i+0])) & 0xFFFF;
     }
 
-    plain[0] = (unsigned char)x10;
-    plain[1] = (unsigned char)(x10 >> 8);
-    plain[2] = (unsigned char)x32;
-    plain[3] = (unsigned char)(x32 >> 8);
-    plain[4] = (unsigned char)x54;
-    plain[5] = (unsigned char)(x54 >> 8);
-    plain[6] = (unsigned char)x76;
-    plain[7] = (unsigned char)(x76 >> 8);
+    pt[0] = (unsigned char)x10;
+    pt[1] = (unsigned char)(x10 >> 8);
+    pt[2] = (unsigned char)x32;
+    pt[3] = (unsigned char)(x32 >> 8);
+    pt[4] = (unsigned char)x54;
+    pt[5] = (unsigned char)(x54 >> 8);
+    pt[6] = (unsigned char)x76;
+    pt[7] = (unsigned char)(x76 >> 8);
 }
 
-#ifdef CLEAN_STACK
-void rc2_ecb_decrypt( const unsigned char *cipher,
-                            unsigned char *plain,
+#ifdef LTC_CLEAN_STACK
+void rc2_ecb_decrypt( const unsigned char *ct,
+                            unsigned char *pt,
                             symmetric_key *skey)
 {
-    _rc2_ecb_decrypt(cipher, plain, skey);
+    _rc2_ecb_decrypt(ct, pt, skey);
     burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 4 + sizeof(int));
 }
 #endif
 
+/**
+  Performs a self-test of the RC2 block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
 int rc2_test(void)
 {
  #ifndef LTC_TEST
@@ -292,9 +319,14 @@ int rc2_test(void)
    #endif
 }
 
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
 int rc2_keysize(int *keysize)
 {
-   _ARGCHK(keysize != NULL);
+   LTC_ARGCHK(keysize != NULL);
    if (*keysize < 8) {
        return CRYPT_INVALID_KEYSIZE;
    } else if (*keysize > 128) {

rc5.c → src/ciphers/rc5.c

@@ -9,13 +9,16 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* RC5 code by Tom St Denis */
+/**
+   @file rc5.c
+   RC5 code by Tom St Denis 
+*/
 
-#include "mycrypt.h"
+#include "tomcrypt.h"
 
 #ifdef RC5
 
-const struct _cipher_descriptor rc5_desc =
+const struct ltc_cipher_descriptor rc5_desc =
 {
     "rc5",
     2,
@@ -37,7 +40,15 @@ static const ulong32 stab[50] = {
 0x62482413UL, 0x007f9dccUL
 };
 
-#ifdef CLEAN_STACK
+ /**
+    Initialize the RC5 block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
+#ifdef LTC_CLEAN_STACK
 static int _rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 #else
 int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@@ -45,8 +56,8 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
 {
     ulong32 L[64], *S, A, B, i, j, v, s, t, l;
 
-    _ARGCHK(skey != NULL);
-    _ARGCHK(key  != NULL);
+    LTC_ARGCHK(skey != NULL);
+    LTC_ARGCHK(key  != NULL);
     
     /* test parameters */
     if (num_rounds == 0) { 
@@ -87,7 +98,7 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
     s = 3 * MAX(t, j);
     l = j;
     for (A = B = i = j = v = 0; v < s; v++) { 
-        A = S[i] = ROL(S[i] + A + B, 3);
+        A = S[i] = ROLc(S[i] + A + B, 3);
         B = L[j] = ROL(L[j] + A + B, (A+B));
         if (++i == t) { i = 0; }
         if (++j == l) { j = 0; }
@@ -95,7 +106,7 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
     return CRYPT_OK;
 }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
    int x;
@@ -105,26 +116,32 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
 }
 #endif
 
-#ifdef CLEAN_STACK
-static void _rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+/**
+  Encrypts a block of text with RC5
+  @param pt The input plaintext (8 bytes)
+  @param ct The output ciphertext (8 bytes)
+  @param skey The key as scheduled
+*/
+#ifdef LTC_CLEAN_STACK
+static void _rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #else
-void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #endif
 {
    ulong32 A, B, *K;
    int r;
-   _ARGCHK(key != NULL);
-   _ARGCHK(pt != NULL);
-   _ARGCHK(ct != NULL);
+   LTC_ARGCHK(skey != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
 
    LOAD32L(A, &pt[0]);
    LOAD32L(B, &pt[4]);
-   A += key->rc5.K[0];
-   B += key->rc5.K[1];
-   K  = key->rc5.K + 2;
+   A += skey->rc5.K[0];
+   B += skey->rc5.K[1];
+   K  = skey->rc5.K + 2;
    
-   if ((key->rc5.rounds & 1) == 0) {
-      for (r = 0; r < key->rc5.rounds; r += 2) {
+   if ((skey->rc5.rounds & 1) == 0) {
+      for (r = 0; r < skey->rc5.rounds; r += 2) {
           A = ROL(A ^ B, B) + K[0];
           B = ROL(B ^ A, A) + K[1];
           A = ROL(A ^ B, B) + K[2];
@@ -132,7 +149,7 @@ void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
           K += 4;
       }
    } else {
-      for (r = 0; r < key->rc5.rounds; r++) {
+      for (r = 0; r < skey->rc5.rounds; r++) {
           A = ROL(A ^ B, B) + K[0];
           B = ROL(B ^ A, A) + K[1];
           K += 2;
@@ -142,33 +159,39 @@ void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
    STORE32L(B, &ct[4]);
 }
 
-#ifdef CLEAN_STACK
-void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 {
-   _rc5_ecb_encrypt(pt, ct, key);
+   _rc5_ecb_encrypt(pt, ct, skey);
    burn_stack(sizeof(ulong32) * 2 + sizeof(int));
 }
 #endif
 
-#ifdef CLEAN_STACK
-static void _rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+/**
+  Decrypts a block of text with RC5
+  @param ct The input ciphertext (8 bytes)
+  @param pt The output plaintext (8 bytes)
+  @param skey The key as scheduled 
+*/
+#ifdef LTC_CLEAN_STACK
+static void _rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #else
-void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #endif
 {
    ulong32 A, B, *K;
    int r;
-   _ARGCHK(key != NULL);
-   _ARGCHK(pt != NULL);
-   _ARGCHK(ct != NULL);
+   LTC_ARGCHK(skey != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
 
    LOAD32L(A, &ct[0]);
    LOAD32L(B, &ct[4]);
-   K = key->rc5.K + (key->rc5.rounds << 1);
+   K = skey->rc5.K + (skey->rc5.rounds << 1);
    
-   if ((key->rc5.rounds & 1) == 0) {
+   if ((skey->rc5.rounds & 1) == 0) {
        K -= 2;
-       for (r = key->rc5.rounds - 1; r >= 0; r -= 2) {
+       for (r = skey->rc5.rounds - 1; r >= 0; r -= 2) {
           B = ROR(B - K[3], A) ^ A;
           A = ROR(A - K[2], B) ^ B;
           B = ROR(B - K[1], A) ^ A;
@@ -176,26 +199,30 @@ void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
           K -= 4;
         }
    } else {
-      for (r = key->rc5.rounds - 1; r >= 0; r--) {
+      for (r = skey->rc5.rounds - 1; r >= 0; r--) {
           B = ROR(B - K[1], A) ^ A;
           A = ROR(A - K[0], B) ^ B;
           K -= 2;
       }
    }
-   A -= key->rc5.K[0];
-   B -= key->rc5.K[1];
+   A -= skey->rc5.K[0];
+   B -= skey->rc5.K[1];
    STORE32L(A, &pt[0]);
    STORE32L(B, &pt[4]);
 }
 
-#ifdef CLEAN_STACK
-void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 {
-   _rc5_ecb_decrypt(ct, pt, key);
+   _rc5_ecb_decrypt(ct, pt, skey);
    burn_stack(sizeof(ulong32) * 2 + sizeof(int));
 }
 #endif
 
+/**
+  Performs a self-test of the RC5 block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
 int rc5_test(void)
 {
  #ifndef LTC_TEST
@@ -252,13 +279,18 @@ int rc5_test(void)
   #endif
 }
 
-int rc5_keysize(int *desired_keysize)
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int rc5_keysize(int *keysize)
 {
-   _ARGCHK(desired_keysize != NULL);
-   if (*desired_keysize < 8) {
+   LTC_ARGCHK(keysize != NULL);
+   if (*keysize < 8) {
       return CRYPT_INVALID_KEYSIZE;
-   } else if (*desired_keysize > 128) {
-      *desired_keysize = 128;
+   } else if (*keysize > 128) {
+      *keysize = 128;
    }
    return CRYPT_OK;
 }

rc6.c → src/ciphers/rc6.c

@@ -9,12 +9,15 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* RC6 code by Tom St Denis */
-#include "mycrypt.h"
+/**
+   @file rc6.c
+   RC6 code by Tom St Denis 
+*/
+#include "tomcrypt.h"
 
 #ifdef RC6
 
-const struct _cipher_descriptor rc6_desc =
+const struct ltc_cipher_descriptor rc6_desc =
 {
     "rc6",
     3,
@@ -34,7 +37,15 @@ static const ulong32 stab[44] = {
 0x7ed08883UL, 0x1d08023cUL, 0xbb3f7bf5UL, 0x5976f5aeUL, 0xf7ae6f67UL, 0x95e5e920UL, 0x341d62d9UL, 0xd254dc92UL,
 0x708c564bUL, 0x0ec3d004UL, 0xacfb49bdUL, 0x4b32c376UL };
 
-#ifdef CLEAN_STACK
+ /**
+    Initialize the RC6 block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
+#ifdef LTC_CLEAN_STACK
 static int _rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 #else
 int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@@ -42,8 +53,8 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
 {
     ulong32 L[64], S[50], A, B, i, j, v, s, l;
 
-    _ARGCHK(key != NULL);
-    _ARGCHK(skey != NULL);
+    LTC_ARGCHK(key != NULL);
+    LTC_ARGCHK(skey != NULL);
 
     /* test parameters */
     if (num_rounds != 0 && num_rounds != 20) { 
@@ -77,7 +88,7 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
     s = 3 * MAX(44, j);
     l = j;
     for (A = B = i = j = v = 0; v < s; v++) { 
-        A = S[i] = ROL(S[i] + A + B, 3);
+        A = S[i] = ROLc(S[i] + A + B, 3);
         B = L[j] = ROL(L[j] + A + B, (A+B));
         if (++i == 44) { i = 0; }
         if (++j == l)  { j = 0; }
@@ -90,7 +101,7 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
     return CRYPT_OK;
 }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
    int x;
@@ -100,30 +111,36 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
 }
 #endif
 
-#ifdef CLEAN_STACK
-static void _rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+/**
+  Encrypts a block of text with RC6
+  @param pt The input plaintext (16 bytes)
+  @param ct The output ciphertext (16 bytes)
+  @param skey The key as scheduled
+*/
+#ifdef LTC_CLEAN_STACK
+static void _rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #else
-void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #endif
 {
    ulong32 a,b,c,d,t,u, *K;
    int r;
    
-   _ARGCHK(key != NULL);
-   _ARGCHK(pt != NULL);
-   _ARGCHK(ct != NULL);
+   LTC_ARGCHK(skey != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
    LOAD32L(a,&pt[0]);LOAD32L(b,&pt[4]);LOAD32L(c,&pt[8]);LOAD32L(d,&pt[12]);
 
-   b += key->rc6.K[0];
-   d += key->rc6.K[1];
+   b += skey->rc6.K[0];
+   d += skey->rc6.K[1];
 
 #define RND(a,b,c,d) \
-       t = (b * (b + b + 1)); t = ROL(t, 5); \
-       u = (d * (d + d + 1)); u = ROL(u, 5); \
+       t = (b * (b + b + 1)); t = ROLc(t, 5); \
+       u = (d * (d + d + 1)); u = ROLc(u, 5); \
        a = ROL(a^t,u) + K[0];                \
        c = ROL(c^u,t) + K[1]; K += 2;   
     
-   K = key->rc6.K + 2;
+   K = skey->rc6.K + 2;
    for (r = 0; r < 20; r += 4) {
        RND(a,b,c,d);
        RND(b,c,d,a);
@@ -133,43 +150,49 @@ void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
    
 #undef RND
 
-   a += key->rc6.K[42];
-   c += key->rc6.K[43];
+   a += skey->rc6.K[42];
+   c += skey->rc6.K[43];
    STORE32L(a,&ct[0]);STORE32L(b,&ct[4]);STORE32L(c,&ct[8]);STORE32L(d,&ct[12]);
 }
 
-#ifdef CLEAN_STACK
-void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 {
-   _rc6_ecb_encrypt(pt, ct, key);
+   _rc6_ecb_encrypt(pt, ct, skey);
    burn_stack(sizeof(ulong32) * 6 + sizeof(int));
 }
 #endif
 
-#ifdef CLEAN_STACK
-static void _rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+/**
+  Decrypts a block of text with RC6
+  @param ct The input ciphertext (16 bytes)
+  @param pt The output plaintext (16 bytes)
+  @param skey The key as scheduled 
+*/
+#ifdef LTC_CLEAN_STACK
+static void _rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #else
-void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #endif
 {
    ulong32 a,b,c,d,t,u, *K;
    int r;
 
-   _ARGCHK(key != NULL);
-   _ARGCHK(pt != NULL);
-   _ARGCHK(ct != NULL);
+   LTC_ARGCHK(skey != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
    
    LOAD32L(a,&ct[0]);LOAD32L(b,&ct[4]);LOAD32L(c,&ct[8]);LOAD32L(d,&ct[12]);
-   a -= key->rc6.K[42];
-   c -= key->rc6.K[43];
+   a -= skey->rc6.K[42];
+   c -= skey->rc6.K[43];
    
 #define RND(a,b,c,d) \
-       t = (b * (b + b + 1)); t = ROL(t, 5); \
-       u = (d * (d + d + 1)); u = ROL(u, 5); \
+       t = (b * (b + b + 1)); t = ROLc(t, 5); \
+       u = (d * (d + d + 1)); u = ROLc(u, 5); \
        c = ROR(c - K[1], t) ^ u; \
        a = ROR(a - K[0], u) ^ t; K -= 2;
    
-   K = key->rc6.K + 40;
+   K = skey->rc6.K + 40;
    
    for (r = 0; r < 20; r += 4) {
        RND(d,a,b,c);
@@ -180,19 +203,23 @@ void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
    
 #undef RND
 
-   b -= key->rc6.K[0];
-   d -= key->rc6.K[1];
+   b -= skey->rc6.K[0];
+   d -= skey->rc6.K[1];
    STORE32L(a,&pt[0]);STORE32L(b,&pt[4]);STORE32L(c,&pt[8]);STORE32L(d,&pt[12]);
 }
 
-#ifdef CLEAN_STACK
-void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 {
-   _rc6_ecb_decrypt(ct, pt, key);
+   _rc6_ecb_decrypt(ct, pt, skey);
    burn_stack(sizeof(ulong32) * 6 + sizeof(int));
 }
 #endif
 
+/**
+  Performs a self-test of the RC6 block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
 int rc6_test(void)
 {
  #ifndef LTC_TEST
@@ -282,13 +309,18 @@ int rc6_test(void)
   #endif
 }
 
-int rc6_keysize(int *desired_keysize)
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int rc6_keysize(int *keysize)
 {
-   _ARGCHK(desired_keysize != NULL);
-   if (*desired_keysize < 8) {
+   LTC_ARGCHK(keysize != NULL);
+   if (*keysize < 8) {
       return CRYPT_INVALID_KEYSIZE;
-   } else if (*desired_keysize > 128) {
-      *desired_keysize = 128;
+   } else if (*keysize > 128) {
+      *keysize = 128;
    }
    return CRYPT_OK;
 }

safer.c → src/ciphers/safer/safer.c

@@ -28,11 +28,11 @@
 *
 *******************************************************************************/
 
-#include <mycrypt.h>
+#include <tomcrypt.h>
 
 #ifdef SAFER
 
-const struct _cipher_descriptor 
+const struct ltc_cipher_descriptor 
    safer_k64_desc = {
    "safer-k64", 
    8, 8, 8, 8, SAFER_K64_DEFAULT_NOF_ROUNDS,
@@ -89,7 +89,7 @@ const struct _cipher_descriptor
 /******************* Types ****************************************************/
 extern const unsigned char safer_ebox[], safer_lbox[];
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 static void _Safer_Expand_Userkey(const unsigned char *userkey_1,
                                  const unsigned char *userkey_2,
                                  unsigned int nof_rounds,
@@ -151,13 +151,13 @@ static void Safer_Expand_Userkey(const unsigned char *userkey_1,
         }
     }
     
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
     zeromem(ka, sizeof(ka));
     zeromem(kb, sizeof(kb));
 #endif
 }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 static void Safer_Expand_Userkey(const unsigned char *userkey_1,
                                  const unsigned char *userkey_2,
                                  unsigned int nof_rounds,
@@ -171,8 +171,8 @@ static void Safer_Expand_Userkey(const unsigned char *userkey_1,
 
 int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
 {
-   _ARGCHK(key != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(key != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
       return CRYPT_INVALID_ROUNDS;
@@ -188,8 +188,8 @@ int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetr
    
 int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
 {
-   _ARGCHK(key != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(key != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
       return CRYPT_INVALID_ROUNDS;
@@ -205,8 +205,8 @@ int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmet
 
 int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
 {
-   _ARGCHK(key != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(key != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
       return CRYPT_INVALID_ROUNDS;
@@ -222,8 +222,8 @@ int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmet
 
 int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
 {
-   _ARGCHK(key != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(key != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
       return CRYPT_INVALID_ROUNDS;
@@ -237,7 +237,7 @@ int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symme
    return CRYPT_OK;
 }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 static void _safer_ecb_encrypt(const unsigned char *block_in,
                              unsigned char *block_out,
                              symmetric_key *skey)
@@ -250,9 +250,9 @@ void safer_ecb_encrypt(const unsigned char *block_in,
     unsigned int round;
     unsigned char *key;
 
-    _ARGCHK(block_in != NULL);
-    _ARGCHK(block_out != NULL);
-    _ARGCHK(skey != NULL);
+    LTC_ARGCHK(block_in != NULL);
+    LTC_ARGCHK(block_out != NULL);
+    LTC_ARGCHK(skey != NULL);
 
     key = skey->safer.key;
     a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3];
@@ -279,7 +279,7 @@ void safer_ecb_encrypt(const unsigned char *block_in,
     block_out[6] = g & 0xFF; block_out[7] = h & 0xFF;
 }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 void safer_ecb_encrypt(const unsigned char *block_in,
                              unsigned char *block_out,
                              symmetric_key *skey)
@@ -289,7 +289,7 @@ void safer_ecb_encrypt(const unsigned char *block_in,
 }
 #endif
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 static void _safer_ecb_decrypt(const unsigned char *block_in,
                              unsigned char *block_out,
                              symmetric_key *skey)
@@ -302,9 +302,9 @@ void safer_ecb_decrypt(const unsigned char *block_in,
     unsigned int round;
     unsigned char *key;
 
-    _ARGCHK(block_in != NULL);
-    _ARGCHK(block_out != NULL);
-    _ARGCHK(skey != NULL);
+    LTC_ARGCHK(block_in != NULL);
+    LTC_ARGCHK(block_out != NULL);
+    LTC_ARGCHK(skey != NULL);
 
     key = skey->safer.key;
     a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3];
@@ -332,7 +332,7 @@ void safer_ecb_decrypt(const unsigned char *block_in,
     block_out[6] = g & 0xFF; block_out[7] = h & 0xFF;
 }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 void safer_ecb_decrypt(const unsigned char *block_in,
                              unsigned char *block_out,
                              symmetric_key *skey)
@@ -344,7 +344,7 @@ void safer_ecb_decrypt(const unsigned char *block_in,
 
 int safer_64_keysize(int *keysize)
 {
-   _ARGCHK(keysize != NULL);
+   LTC_ARGCHK(keysize != NULL);
    if (*keysize < 8) {
       return CRYPT_INVALID_KEYSIZE;
    } else {
@@ -355,7 +355,7 @@ int safer_64_keysize(int *keysize)
 
 int safer_128_keysize(int *keysize)
 {
-   _ARGCHK(keysize != NULL);
+   LTC_ARGCHK(keysize != NULL);
    if (*keysize < 16) {
       return CRYPT_INVALID_KEYSIZE;
    } else {

safer_tab.c → src/ciphers/safer/safer_tab.c

@@ -9,7 +9,12 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-#include "mycrypt.h"
+/**
+  @file safer_tab.c
+  Tables for SAFER block ciphers
+*/ 
+ 
+#include "tomcrypt.h"
 
 #if defined(SAFERP) || defined(SAFER)
 

saferp.c → src/ciphers/safer/saferp.c

@@ -9,12 +9,15 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* SAFER+ Implementation by Tom St Denis */
-#include "mycrypt.h"
+/** 
+   @file saferp.c
+   SAFER+ Implementation by Tom St Denis 
+*/
+#include "tomcrypt.h"
 
 #ifdef SAFERP
 
-const struct _cipher_descriptor saferp_desc =
+const struct ltc_cipher_descriptor saferp_desc =
 {
     "safer+",
     4,
@@ -129,7 +132,7 @@ extern const unsigned char safer_ebox[], safer_lbox[];
     iSHUF(b2, b); iPHT(b);    \
     iSHUF(b, b2); iPHT(b2);
     
-#ifdef SMALL_CODE    
+#ifdef LTC_SMALL_CODE    
 
 static void _round(unsigned char *b, int i, symmetric_key *skey) 
 {
@@ -200,14 +203,22 @@ static const unsigned char safer_bias[33][16] = {
 {  53,  72, 156,  81,  47,  59,  85, 227, 192, 159, 216, 211, 243, 141, 177, 255},
 {  62, 220, 134, 119, 215, 166,  17, 251, 244, 186, 146, 145, 100, 131, 241,  51}};
 
+ /**
+    Initialize the SAFER+ block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
 int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
    unsigned x, y, z;
    unsigned char t[33];
    static const int rounds[3] = { 8, 12, 16 };
 
-   _ARGCHK(key  != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(key  != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    /* check arguments */
    if (keylen != 16 && keylen != 24 && keylen != 32) {
@@ -305,20 +316,26 @@ int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric
        }
        skey->saferp.rounds = 16;
    }
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
    zeromem(t, sizeof(t));
 #endif
    return CRYPT_OK;
 }
 
+/**
+  Encrypts a block of text with SAFER+
+  @param pt The input plaintext (16 bytes)
+  @param ct The output ciphertext (16 bytes)
+  @param skey The key as scheduled
+*/
 void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 {
    unsigned char b[16];
    int x;
 
-   _ARGCHK(pt   != NULL);
-   _ARGCHK(ct   != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    /* do eight rounds */
    for (x = 0; x < 16; x++) {
@@ -362,19 +379,25 @@ void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ke
    ct[13] = (b[13] + skey->saferp.K[skey->saferp.rounds*2][13]) & 255;
    ct[14] = (b[14] + skey->saferp.K[skey->saferp.rounds*2][14]) & 255;
    ct[15] = b[15] ^ skey->saferp.K[skey->saferp.rounds*2][15];
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
    zeromem(b, sizeof(b));
 #endif
 }
 
+/**
+  Decrypts a block of text with SAFER+
+  @param ct The input ciphertext (16 bytes)
+  @param pt The output plaintext (16 bytes)
+  @param skey The key as scheduled 
+*/
 void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 {
    unsigned char b[16];
    int x;
 
-   _ARGCHK(pt   != NULL);
-   _ARGCHK(ct   != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    /* do eight rounds */
    b[0] = ct[0] ^ skey->saferp.K[skey->saferp.rounds*2][0];
@@ -418,11 +441,15 @@ void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ke
    for (x = 0; x < 16; x++) {
        pt[x] = b[x];
    }
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
    zeromem(b, sizeof(b));
 #endif
 }
 
+/**
+  Performs a self-test of the SAFER+ block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
 int saferp_test(void)
 {
  #ifndef LTC_TEST
@@ -489,18 +516,23 @@ int saferp_test(void)
  #endif
 }
 
-int saferp_keysize(int *desired_keysize)
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int saferp_keysize(int *keysize)
 {
-   _ARGCHK(desired_keysize != NULL);
+   LTC_ARGCHK(keysize != NULL);
    
-   if (*desired_keysize < 16)
+   if (*keysize < 16)
       return CRYPT_INVALID_KEYSIZE;
-   if (*desired_keysize < 24) {
-      *desired_keysize = 16;
-   } else if (*desired_keysize < 32) {
-      *desired_keysize = 24;
+   if (*keysize < 24) {
+      *keysize = 16;
+   } else if (*keysize < 32) {
+      *keysize = 24;
    } else {
-      *desired_keysize = 32;
+      *keysize = 32;
    }
    return CRYPT_OK;
 }

skipjack.c → src/ciphers/skipjack.c

@@ -9,12 +9,15 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* Skipjack Implementation by Tom St Denis */
-#include "mycrypt.h"
+/**
+  @file skipjack.c
+  Skipjack Implementation by Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef SKIPJACK
 
-const struct _cipher_descriptor skipjack_desc =
+const struct ltc_cipher_descriptor skipjack_desc =
 {
     "skipjack",
     17,
@@ -51,12 +54,20 @@ static const int keystep[] =  { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 };
 /* simple x - 1 (mod 10) in one step */
 static const int ikeystep[] = { 9, 0, 1, 2, 3, 4, 5, 6, 7, 8 };
 
+ /**
+    Initialize the Skipjack block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
 int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
    int x;
 
-   _ARGCHK(key  != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(key  != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    if (keylen != 10) {
       return CRYPT_INVALID_KEYSIZE;
@@ -75,24 +86,24 @@ int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetr
 }
 
 #define RULE_A \
-   tmp = g_func(w1, &kp, key->skipjack.key);      \
+   tmp = g_func(w1, &kp, skey->skipjack.key);      \
    w1  = tmp ^ w4 ^ x;                            \
    w4  = w3; w3 = w2;                             \
    w2  = tmp;
 
 #define RULE_B \
-   tmp  = g_func(w1, &kp, key->skipjack.key);     \
+   tmp  = g_func(w1, &kp, skey->skipjack.key);     \
    tmp1 = w4; w4  = w3;                           \
    w3   = w1 ^ w2 ^ x;                            \
    w1   = tmp1; w2 = tmp;
 
 #define RULE_A1 \
    tmp = w1 ^ w2 ^ x;                             \
-   w1  = ig_func(w2, &kp, key->skipjack.key);     \
+   w1  = ig_func(w2, &kp, skey->skipjack.key);     \
    w2  = w3; w3 = w4; w4 = tmp;
 
 #define RULE_B1 \
-   tmp = ig_func(w2, &kp, key->skipjack.key);     \
+   tmp = ig_func(w2, &kp, skey->skipjack.key);     \
    w2  = tmp ^ w3 ^ x;                            \
    w3  = w4; w4 = w1; w1 = tmp;
 
@@ -120,18 +131,24 @@ static unsigned ig_func(unsigned w, int *kp, unsigned char *key)
    return ((unsigned)g1<<8)|(unsigned)g2;
 }
 
-#ifdef CLEAN_STACK
-static void _skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+/**
+  Encrypts a block of text with Skipjack
+  @param pt The input plaintext (8 bytes)
+  @param ct The output ciphertext (8 bytes)
+  @param skey The key as scheduled
+*/
+#ifdef LTC_CLEAN_STACK
+static void _skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #else
-void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #endif
 {
    unsigned w1,w2,w3,w4,tmp,tmp1;
    int x, kp;
 
-   _ARGCHK(pt != NULL);
-   _ARGCHK(ct != NULL);
-   _ARGCHK(key != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    /* load block */
    w1 = ((unsigned)pt[0]<<8)|pt[1];
@@ -166,26 +183,32 @@ void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
    ct[6] = (w4>>8)&255; ct[7] = w4&255;
 }
 
-#ifdef CLEAN_STACK
-void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 {
-   _skipjack_ecb_encrypt(pt, ct, key);
+   _skipjack_ecb_encrypt(pt, ct, skey);
    burn_stack(sizeof(unsigned) * 8 + sizeof(int) * 2);
 }
 #endif
 
-#ifdef CLEAN_STACK
-static void _skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+/**
+  Decrypts a block of text with Skipjack
+  @param ct The input ciphertext (8 bytes)
+  @param pt The output plaintext (8 bytes)
+  @param skey The key as scheduled 
+*/
+#ifdef LTC_CLEAN_STACK
+static void _skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #else
-void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #endif
 {
    unsigned w1,w2,w3,w4,tmp;
    int x, kp;
 
-   _ARGCHK(pt != NULL);
-   _ARGCHK(ct != NULL);
-   _ARGCHK(key != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    /* load block */
    w1 = ((unsigned)ct[0]<<8)|ct[1];
@@ -224,14 +247,18 @@ void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
    pt[6] = (w4>>8)&255; pt[7] = w4&255;
 }
 
-#ifdef CLEAN_STACK
-void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 {
-   _skipjack_ecb_decrypt(ct, pt, key);
+   _skipjack_ecb_decrypt(ct, pt, skey);
    burn_stack(sizeof(unsigned) * 7 + sizeof(int) * 2);
 }
 #endif
 
+/**
+  Performs a self-test of the Skipjack block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
 int skipjack_test(void)
 {
  #ifndef LTC_TEST
@@ -276,13 +303,18 @@ int skipjack_test(void)
   #endif
 }
 
-int skipjack_keysize(int *desired_keysize)
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int skipjack_keysize(int *keysize)
 {
-   _ARGCHK(desired_keysize != NULL);
-   if (*desired_keysize < 10) {
+   LTC_ARGCHK(keysize != NULL);
+   if (*keysize < 10) {
       return CRYPT_INVALID_KEYSIZE;
-   } else if (*desired_keysize > 10) {
-      *desired_keysize = 10;
+   } else if (*keysize > 10) {
+      *keysize = 10;
    }
    return CRYPT_OK;
 }

twofish.c → src/ciphers/twofish/twofish.c

@@ -9,8 +9,11 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* Implementation of Twofish by Tom St Denis */
-#include "mycrypt.h"
+ /** 
+   @file twofish.c
+   Implementation of Twofish by Tom St Denis 
+ */
+#include "tomcrypt.h"
 
 #ifdef TWOFISH
 
@@ -21,7 +24,7 @@
 #endif
 #endif
 
-const struct _cipher_descriptor twofish_desc =
+const struct ltc_cipher_descriptor twofish_desc =
 {
     "twofish",
     7,
@@ -86,7 +89,7 @@ static const unsigned char qbox[2][4][16] = {
 };
 
 /* computes S_i[x] */
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 static ulong32 _sbox(int i, ulong32 x)
 #else
 static ulong32 sbox(int i, ulong32 x)
@@ -125,7 +128,7 @@ static ulong32 sbox(int i, ulong32 x)
    return (ulong32)y;
 }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 static ulong32 sbox(int i, ulong32 x)
 {
    ulong32 y;
@@ -133,7 +136,7 @@ static ulong32 sbox(int i, ulong32 x)
    burn_stack(sizeof(unsigned char) * 11);
    return y;
 }
-#endif /* CLEAN_STACK */
+#endif /* LTC_CLEAN_STACK */
 
 #endif /* TWOFISH_TABLES */
 
@@ -270,10 +273,10 @@ static void h_func(const unsigned char *in, unsigned char *out, unsigned char *M
 
 /* for GCC we don't use pointer aliases */
 #if defined(__GNUC__)
-    #define S1 key->twofish.S[0]
-    #define S2 key->twofish.S[1]
-    #define S3 key->twofish.S[2]
-    #define S4 key->twofish.S[3]
+    #define S1 skey->twofish.S[0]
+    #define S2 skey->twofish.S[1]
+    #define S3 skey->twofish.S[2]
+    #define S4 skey->twofish.S[3]
 #endif
 
 /* the G function */
@@ -282,7 +285,7 @@ static void h_func(const unsigned char *in, unsigned char *out, unsigned char *M
 
 #else
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 static ulong32 _g_func(ulong32 x, symmetric_key *key)
 #else
 static ulong32 g_func(ulong32 x, symmetric_key *key)
@@ -313,9 +316,9 @@ static ulong32 g_func(ulong32 x, symmetric_key *key)
    return res;
 }
 
-#define g1_func(x, key) g_func(ROL(x, 8), key)
+#define g1_func(x, key) g_func(ROLc(x, 8), key)
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 static ulong32 g_func(ulong32 x, symmetric_key *key)
 {
     ulong32 y;
@@ -323,11 +326,19 @@ static ulong32 g_func(ulong32 x, symmetric_key *key)
     burn_stack(sizeof(unsigned char) * 4 + sizeof(ulong32));
     return y;
 }
-#endif /* CLEAN_STACK */
+#endif /* LTC_CLEAN_STACK */
 
 #endif /* TWOFISH_SMALL */
 
-#ifdef CLEAN_STACK
+ /**
+    Initialize the Twofish block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
+#ifdef LTC_CLEAN_STACK
 static int _twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 #else
 int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@@ -340,8 +351,8 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
    unsigned char tmp[4], tmp2[4], M[8*4];
    ulong32 A, B;
 
-   _ARGCHK(key  != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(key  != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    /* invalid arguments? */
    if (num_rounds != 16 && num_rounds != 0) {
@@ -386,13 +397,13 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
        }
        h_func(tmp, tmp2, M, k, 1);
        LOAD32L(B, tmp2);
-       B = ROL(B, 8);
+       B = ROLc(B, 8);
 
        /* K[2i]   = A + B */
        skey->twofish.K[x+x] = (A + B) & 0xFFFFFFFFUL;
 
        /* K[2i+1] = (A + 2B) <<< 9 */
-       skey->twofish.K[x+x+1] = ROL(B + B + A, 9);
+       skey->twofish.K[x+x+1] = ROLc(B + B + A, 9);
    }
 
 #ifndef TWOFISH_SMALL
@@ -437,7 +448,7 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
    return CRYPT_OK;
 }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
 int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
    int x;
@@ -447,10 +458,16 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
 }
 #endif
 
-#ifdef CLEAN_STACK
-static void _twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+/**
+  Encrypts a block of text with Twofish
+  @param pt The input plaintext (16 bytes)
+  @param ct The output ciphertext (16 bytes)
+  @param skey The key as scheduled
+*/
+#ifdef LTC_CLEAN_STACK
+static void _twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #else
-void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 #endif
 {
     ulong32 a,b,c,d,ta,tb,tc,td,t1,t2, *k;
@@ -459,61 +476,67 @@ void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
     ulong32 *S1, *S2, *S3, *S4;
 #endif    
 
-    _ARGCHK(pt  != NULL);
-    _ARGCHK(ct  != NULL);
-    _ARGCHK(key != NULL);
+    LTC_ARGCHK(pt   != NULL);
+    LTC_ARGCHK(ct   != NULL);
+    LTC_ARGCHK(skey != NULL);
     
 #if !defined(TWOFISH_SMALL) && !defined(__GNUC__)
-    S1 = key->twofish.S[0];
-    S2 = key->twofish.S[1];
-    S3 = key->twofish.S[2];
-    S4 = key->twofish.S[3];
+    S1 = skey->twofish.S[0];
+    S2 = skey->twofish.S[1];
+    S3 = skey->twofish.S[2];
+    S4 = skey->twofish.S[3];
 #endif    
 
     LOAD32L(a,&pt[0]); LOAD32L(b,&pt[4]);
     LOAD32L(c,&pt[8]); LOAD32L(d,&pt[12]);
-    a ^= key->twofish.K[0];
-    b ^= key->twofish.K[1];
-    c ^= key->twofish.K[2];
-    d ^= key->twofish.K[3];
+    a ^= skey->twofish.K[0];
+    b ^= skey->twofish.K[1];
+    c ^= skey->twofish.K[2];
+    d ^= skey->twofish.K[3];
     
-    k  = key->twofish.K + 8;
+    k  = skey->twofish.K + 8;
     for (r = 8; r != 0; --r) {
-        t2 = g1_func(b, key);
-        t1 = g_func(a, key) + t2;
-        c  = ROR(c ^ (t1 + k[0]), 1);
-        d  = ROL(d, 1) ^ (t2 + t1 + k[1]);
+        t2 = g1_func(b, skey);
+        t1 = g_func(a, skey) + t2;
+        c  = RORc(c ^ (t1 + k[0]), 1);
+        d  = ROLc(d, 1) ^ (t2 + t1 + k[1]);
         
-        t2 = g1_func(d, key);
-        t1 = g_func(c, key) + t2;
-        a  = ROR(a ^ (t1 + k[2]), 1);
-        b  = ROL(b, 1) ^ (t2 + t1 + k[3]);
+        t2 = g1_func(d, skey);
+        t1 = g_func(c, skey) + t2;
+        a  = RORc(a ^ (t1 + k[2]), 1);
+        b  = ROLc(b, 1) ^ (t2 + t1 + k[3]);
         k += 4;
    }
 
     /* output with "undo last swap" */
-    ta = c ^ key->twofish.K[4];
-    tb = d ^ key->twofish.K[5];
-    tc = a ^ key->twofish.K[6];
-    td = b ^ key->twofish.K[7];
+    ta = c ^ skey->twofish.K[4];
+    tb = d ^ skey->twofish.K[5];
+    tc = a ^ skey->twofish.K[6];
+    td = b ^ skey->twofish.K[7];
 
     /* store output */
     STORE32L(ta,&ct[0]); STORE32L(tb,&ct[4]);
     STORE32L(tc,&ct[8]); STORE32L(td,&ct[12]);
 }
 
-#ifdef CLEAN_STACK
-void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 {
-   _twofish_ecb_encrypt(pt, ct, key);
+   _twofish_ecb_encrypt(pt, ct, skey);
    burn_stack(sizeof(ulong32) * 10 + sizeof(int));
 }
 #endif
 
-#ifdef CLEAN_STACK
-static void _twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+/**
+  Decrypts a block of text with Twofish
+  @param ct The input ciphertext (16 bytes)
+  @param pt The output plaintext (16 bytes)
+  @param skey The key as scheduled 
+*/
+#ifdef LTC_CLEAN_STACK
+static void _twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #else
-void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 #endif
 {
     ulong32 a,b,c,d,ta,tb,tc,td,t1,t2, *k;
@@ -522,15 +545,15 @@ void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
     ulong32 *S1, *S2, *S3, *S4;
 #endif    
 
-    _ARGCHK(pt != NULL);
-    _ARGCHK(ct != NULL);
-    _ARGCHK(key != NULL);
+    LTC_ARGCHK(pt   != NULL);
+    LTC_ARGCHK(ct   != NULL);
+    LTC_ARGCHK(skey != NULL);
     
 #if !defined(TWOFISH_SMALL) && !defined(__GNUC__)
-    S1 = key->twofish.S[0];
-    S2 = key->twofish.S[1];
-    S3 = key->twofish.S[2];
-    S4 = key->twofish.S[3];
+    S1 = skey->twofish.S[0];
+    S2 = skey->twofish.S[1];
+    S3 = skey->twofish.S[2];
+    S4 = skey->twofish.S[3];
 #endif    
 
     /* load input */
@@ -538,44 +561,48 @@ void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
     LOAD32L(tc,&ct[8]); LOAD32L(td,&ct[12]);
 
     /* undo undo final swap */
-    a = tc ^ key->twofish.K[6];
-    b = td ^ key->twofish.K[7];
-    c = ta ^ key->twofish.K[4];
-    d = tb ^ key->twofish.K[5];
+    a = tc ^ skey->twofish.K[6];
+    b = td ^ skey->twofish.K[7];
+    c = ta ^ skey->twofish.K[4];
+    d = tb ^ skey->twofish.K[5];
 
-    k = key->twofish.K + 36;
+    k = skey->twofish.K + 36;
     for (r = 8; r != 0; --r) {
-        t2 = g1_func(d, key);
-        t1 = g_func(c, key) + t2;
-        a = ROL(a, 1) ^ (t1 + k[2]);
-        b = ROR(b ^ (t2 + t1 + k[3]), 1);
+        t2 = g1_func(d, skey);
+        t1 = g_func(c, skey) + t2;
+        a = ROLc(a, 1) ^ (t1 + k[2]);
+        b = RORc(b ^ (t2 + t1 + k[3]), 1);
 
-        t2 = g1_func(b, key);
+        t2 = g1_func(b, skey);
         t1 = g_func(a, key) + t2;
-        c = ROL(c, 1) ^ (t1 + k[0]);
-        d = ROR(d ^ (t2 +  t1 + k[1]), 1);
+        c = ROLc(c, 1) ^ (t1 + k[0]);
+        d = RORc(d ^ (t2 +  t1 + k[1]), 1);
         k -= 4;
     }
 
     /* pre-white */
-    a ^= key->twofish.K[0];
-    b ^= key->twofish.K[1];
-    c ^= key->twofish.K[2];
-    d ^= key->twofish.K[3];
+    a ^= skey->twofish.K[0];
+    b ^= skey->twofish.K[1];
+    c ^= skey->twofish.K[2];
+    d ^= skey->twofish.K[3];
     
     /* store */
     STORE32L(a, &pt[0]); STORE32L(b, &pt[4]);
     STORE32L(c, &pt[8]); STORE32L(d, &pt[12]);
 }
 
-#ifdef CLEAN_STACK
-void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+#ifdef LTC_CLEAN_STACK
+void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 {
-   _twofish_ecb_decrypt(ct, pt, key);
+   _twofish_ecb_decrypt(ct, pt, skey);
    burn_stack(sizeof(ulong32) * 10 + sizeof(int));
 }
 #endif
 
+/**
+  Performs a self-test of the Twofish block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
 int twofish_test(void)
 {
  #ifndef LTC_TEST
@@ -638,19 +665,24 @@ int twofish_test(void)
 #endif 
 }
 
-int twofish_keysize(int *desired_keysize)
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int twofish_keysize(int *keysize)
 {
-   _ARGCHK(desired_keysize);
-   if (*desired_keysize < 16)
+   LTC_ARGCHK(keysize);
+   if (*keysize < 16)
       return CRYPT_INVALID_KEYSIZE;
-   if (*desired_keysize < 24) {
-      *desired_keysize = 16;
+   if (*keysize < 24) {
+      *keysize = 16;
       return CRYPT_OK;
-   } else if (*desired_keysize < 32) {
-      *desired_keysize = 24;
+   } else if (*keysize < 32) {
+      *keysize = 24;
       return CRYPT_OK;
    } else {
-      *desired_keysize = 32;
+      *keysize = 32;
       return CRYPT_OK;
    }
 }

twofish_tab.c → src/ciphers/twofish/twofish_tab.c

@@ -9,6 +9,10 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
+ /**
+    @file twofish_tab.c
+    Twofish tables, Tom St Denis
+ */
 #ifdef TWOFISH_TABLES
 
 /* pre generated 8x8 tables from the four 4x4s */

xtea.c → src/ciphers/xtea.c

@@ -9,11 +9,15 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-#include "mycrypt.h"
+/**
+  @file xtea.c
+  Implementation of XTEA, Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef XTEA
 
-const struct _cipher_descriptor xtea_desc =
+const struct ltc_cipher_descriptor xtea_desc =
 {
     "xtea",
     1,
@@ -29,8 +33,8 @@ int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
 {
    unsigned long x, sum, K[4];
    
-   _ARGCHK(key != NULL);
-   _ARGCHK(skey != NULL);
+   LTC_ARGCHK(key != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    /* check arguments */
    if (keylen != 16) {
@@ -53,69 +57,85 @@ int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
        skey->xtea.B[x] = (sum + K[(sum>>11)&3]) & 0xFFFFFFFFUL;
    }
    
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
    zeromem(&K, sizeof(K));
 #endif   
    
    return CRYPT_OK;
 }
 
-void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
+/**
+  Encrypts a block of text with XTEA
+  @param pt The input plaintext (8 bytes)
+  @param ct The output ciphertext (8 bytes)
+  @param skey The key as scheduled
+*/
+void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
 {
    unsigned long y, z;
    int r;
 
-   _ARGCHK(pt != NULL);
-   _ARGCHK(ct != NULL);
-   _ARGCHK(key != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    LOAD32L(y, &pt[0]);
    LOAD32L(z, &pt[4]);
    for (r = 0; r < 32; r += 4) {
-       y = (y + ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r])) & 0xFFFFFFFFUL;
-       z = (z + ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r])) & 0xFFFFFFFFUL;
+       y = (y + ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r])) & 0xFFFFFFFFUL;
+       z = (z + ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r])) & 0xFFFFFFFFUL;
 
-       y = (y + ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r+1])) & 0xFFFFFFFFUL;
-       z = (z + ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r+1])) & 0xFFFFFFFFUL;
+       y = (y + ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r+1])) & 0xFFFFFFFFUL;
+       z = (z + ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r+1])) & 0xFFFFFFFFUL;
 
-       y = (y + ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r+2])) & 0xFFFFFFFFUL;
-       z = (z + ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r+2])) & 0xFFFFFFFFUL;
+       y = (y + ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r+2])) & 0xFFFFFFFFUL;
+       z = (z + ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r+2])) & 0xFFFFFFFFUL;
 
-       y = (y + ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r+3])) & 0xFFFFFFFFUL;
-       z = (z + ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r+3])) & 0xFFFFFFFFUL;
+       y = (y + ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r+3])) & 0xFFFFFFFFUL;
+       z = (z + ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r+3])) & 0xFFFFFFFFUL;
    }
    STORE32L(y, &ct[0]);
    STORE32L(z, &ct[4]);
 }
 
-void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
+/**
+  Decrypts a block of text with XTEA
+  @param ct The input ciphertext (8 bytes)
+  @param pt The output plaintext (8 bytes)
+  @param skey The key as scheduled 
+*/
+void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 {
    unsigned long y, z;
    int r;
 
-   _ARGCHK(pt != NULL);
-   _ARGCHK(ct != NULL);
-   _ARGCHK(key != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(skey != NULL);
 
    LOAD32L(y, &ct[0]);
    LOAD32L(z, &ct[4]);
    for (r = 31; r >= 0; r -= 4) {
-       z = (z - ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r])) & 0xFFFFFFFFUL;
-       y = (y - ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r])) & 0xFFFFFFFFUL;
+       z = (z - ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r])) & 0xFFFFFFFFUL;
+       y = (y - ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r])) & 0xFFFFFFFFUL;
 
-       z = (z - ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r-1])) & 0xFFFFFFFFUL;
-       y = (y - ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r-1])) & 0xFFFFFFFFUL;
+       z = (z - ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r-1])) & 0xFFFFFFFFUL;
+       y = (y - ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r-1])) & 0xFFFFFFFFUL;
 
-       z = (z - ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r-2])) & 0xFFFFFFFFUL;
-       y = (y - ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r-2])) & 0xFFFFFFFFUL;
+       z = (z - ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r-2])) & 0xFFFFFFFFUL;
+       y = (y - ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r-2])) & 0xFFFFFFFFUL;
 
-       z = (z - ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r-3])) & 0xFFFFFFFFUL;
-       y = (y - ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r-3])) & 0xFFFFFFFFUL;
+       z = (z - ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r-3])) & 0xFFFFFFFFUL;
+       y = (y - ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r-3])) & 0xFFFFFFFFUL;
    }
    STORE32L(y, &pt[0]);
    STORE32L(z, &pt[4]);
 }
 
+/**
+  Performs a self-test of the XTEA block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
 int xtea_test(void)
 {
  #ifndef LTC_TEST
@@ -152,13 +172,18 @@ int xtea_test(void)
  #endif
 }
 
-int xtea_keysize(int *desired_keysize)
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int xtea_keysize(int *keysize)
 {
-   _ARGCHK(desired_keysize != NULL);
-   if (*desired_keysize < 16) {
+   LTC_ARGCHK(keysize != NULL);
+   if (*keysize < 16) {
       return CRYPT_INVALID_KEYSIZE; 
    }
-   *desired_keysize = 16;
+   *keysize = 16;
    return CRYPT_OK;
 }
 

src/encauth/eax/eax_addheader.c

@@ -0,0 +1,34 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+/** 
+    @file eax_addheader.c
+    EAX implementation, add meta-data, by Tom St Denis 
+*/
+#include "tomcrypt.h"
+
+#ifdef EAX_MODE
+
+/** 
+    add header (metadata) to the stream 
+    @param eax    The current EAX state
+    @param header The header (meta-data) data you wish to add to the state
+    @param length The length of the header data
+    @return CRYPT_OK if successful
+*/
+int eax_addheader(eax_state *eax, const unsigned char *header, 
+                  unsigned long length)
+{
+   LTC_ARGCHK(eax    != NULL);
+   LTC_ARGCHK(header != NULL);
+   return omac_process(&eax->headeromac, header, length);
+}
+
+#endif

eax_decrypt.c → src/encauth/eax/eax_decrypt.c

@@ -9,18 +9,30 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* EAX Implementation by Tom St Denis */
-#include "mycrypt.h"
+/** 
+    @file eax_decrypt.c
+    EAX implementation, decrypt block, by Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef EAX_MODE
 
-int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length)
+/**  
+   Decrypt data with the EAX protocol
+   @param eax     The EAX state
+   @param ct      The ciphertext
+   @param pt      [out] The plaintext
+   @param length  The length (octets) of the ciphertext
+   @return CRYPT_OK if successful
+*/
+int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, 
+                unsigned long length)
 {
    int err;
    
-   _ARGCHK(eax != NULL);
-   _ARGCHK(pt  != NULL);
-   _ARGCHK(ct  != NULL);
+   LTC_ARGCHK(eax != NULL);
+   LTC_ARGCHK(pt  != NULL);
+   LTC_ARGCHK(ct  != NULL);
 
    /* omac ciphertext */
    if ((err = omac_process(&eax->ctomac, ct, length)) != CRYPT_OK) {

eax_decrypt_verify_memory.c → src/encauth/eax/eax_decrypt_verify_memory.c

@@ -9,11 +9,31 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* EAX Implementation by Tom St Denis */
-#include "mycrypt.h"
+/**
+    @file eax_decrypt_verify_memory.c
+    EAX implementation, decrypt block of memory, by Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef EAX_MODE
 
+/**
+   Decrypt a block of memory and verify the provided MAC tag with EAX
+   @param cipher     The index of the cipher desired
+   @param key        The secret key
+   @param keylen     The length of the key (octets)
+   @param nonce      The nonce data (use once) for the session
+   @param noncelen   The length of the nonce data.
+   @param header     The session header data
+   @param headerlen  The length of the header (octets)
+   @param ct         The ciphertext
+   @param ctlen      The length of the ciphertext (octets)
+   @param pt         [out] The plaintext
+   @param tag        The authentication tag provided by the encoder
+   @param taglen     [in/out] The length of the tag (octets)
+   @param stat       [out] The result of the decryption (1==valid tag, 0==invalid)
+   @return CRYPT_OK if successful regardless of the resulting tag comparison
+*/
 int eax_decrypt_verify_memory(int cipher,
     const unsigned char *key,    unsigned long keylen,
     const unsigned char *nonce,  unsigned long noncelen,
@@ -21,21 +41,25 @@ int eax_decrypt_verify_memory(int cipher,
     const unsigned char *ct,     unsigned long ctlen,
           unsigned char *pt,
           unsigned char *tag,    unsigned long taglen,
-          int           *res)
+          int           *stat)
 {
    int            err;
    eax_state     *eax;
    unsigned char *buf;
    unsigned long  buflen;
 
-   _ARGCHK(res != NULL);
+   LTC_ARGCHK(stat != NULL);
+   LTC_ARGCHK(key  != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(tag  != NULL);
 
    /* default to zero */
-   *res = 0;
+   *stat = 0;
 
    /* allocate ram */
    buf = XMALLOC(taglen);
-   eax = XMALLOC(sizeof(eax_state));
+   eax = XMALLOC(sizeof(*eax));
    if (eax == NULL || buf == NULL) {
       if (eax != NULL) {
          XFREE(eax);
@@ -47,28 +71,28 @@ int eax_decrypt_verify_memory(int cipher,
    }
 
    if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
-      goto __ERR;
+      goto LBL_ERR;
    }
 
    if ((err = eax_decrypt(eax, ct, pt, ctlen)) != CRYPT_OK) {
-      goto __ERR;
+      goto LBL_ERR;
    }
  
    buflen = taglen;
    if ((err = eax_done(eax, buf, &buflen)) != CRYPT_OK) {
-      goto __ERR;
+      goto LBL_ERR;
    }
 
    /* compare tags */
    if (buflen >= taglen && memcmp(buf, tag, taglen) == 0) {
-      *res = 1;
+      *stat = 1;
    }
    
    err = CRYPT_OK;
-__ERR:
-#ifdef CLEAN_STACK
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
    zeromem(buf, taglen);
-   zeromem(eax, sizeof(eax_state));
+   zeromem(eax, sizeof(*eax));
 #endif
 
    XFREE(eax);

eax_done.c → src/encauth/eax/eax_done.c

@@ -9,20 +9,30 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* EAX Implementation by Tom St Denis */
-#include "mycrypt.h"
+/**
+   @file eax_done.c
+   EAX implementation, terminate session, by Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef EAX_MODE
 
+/**
+   Terminate an EAX session and get the tag.
+   @param eax       The EAX state
+   @param tag       [out] The destination of the authentication tag
+   @param taglen    [in/out] The max length and resulting length of the authentication tag
+   @return CRYPT_OK if successful
+*/
 int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
 {
    int           err;
    unsigned char *headermac, *ctmac;
    unsigned long x, len;
 
-   _ARGCHK(eax    != NULL);
-   _ARGCHK(tag    != NULL);
-   _ARGCHK(taglen != NULL);
+   LTC_ARGCHK(eax    != NULL);
+   LTC_ARGCHK(tag    != NULL);
+   LTC_ARGCHK(taglen != NULL);
 
    /* allocate ram */
    headermac = XMALLOC(MAXBLOCKSIZE);
@@ -41,7 +51,7 @@ int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
    /* finish ctomac */
    len = MAXBLOCKSIZE;
    if ((err = omac_done(&eax->ctomac, ctmac, &len)) != CRYPT_OK) {
-      goto __ERR; 
+      goto LBL_ERR; 
    }
 
    /* finish headeromac */
@@ -49,7 +59,7 @@ int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
    /* note we specifically don't reset len so the two lens are minimal */
 
    if ((err = omac_done(&eax->headeromac, headermac, &len)) != CRYPT_OK) {
-      goto __ERR; 
+      goto LBL_ERR; 
    }
 
    /* compute N xor H xor C */
@@ -59,8 +69,8 @@ int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
    *taglen = x;
 
    err = CRYPT_OK;
-__ERR:
-#ifdef CLEAN_STACK
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
    zeromem(ctmac,     MAXBLOCKSIZE);
    zeromem(headermac, MAXBLOCKSIZE);
    zeromem(eax,       sizeof(*eax));

eax_encrypt.c → src/encauth/eax/eax_encrypt.c

@@ -9,18 +9,30 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* EAX Implementation by Tom St Denis */
-#include "mycrypt.h"
+/**
+   @file eax_encrypt.c
+   EAX implementation, encrypt block by Tom St Denis 
+*/
+#include "tomcrypt.h"
 
 #ifdef EAX_MODE
 
-int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length)
+/**
+   Encrypt with EAX a block of data.
+   @param eax        The EAX state
+   @param pt         The plaintext to encrypt
+   @param ct         [out] The ciphertext as encrypted
+   @param length     The length of the plaintext (octets)
+   @return CRYPT_OK if successful
+*/
+int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, 
+                unsigned long length)
 {
    int err;
    
-   _ARGCHK(eax != NULL);
-   _ARGCHK(pt  != NULL);
-   _ARGCHK(ct  != NULL);
+   LTC_ARGCHK(eax != NULL);
+   LTC_ARGCHK(pt  != NULL);
+   LTC_ARGCHK(ct  != NULL);
 
    /* encrypt */
    if ((err = ctr_encrypt(pt, ct, length, &eax->ctr)) != CRYPT_OK) {

src/encauth/eax/eax_encrypt_authenticate_memory.c

@@ -0,0 +1,78 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+  @file eax_encrypt_authenticate_memory.c
+  EAX implementation, encrypt a block of memory, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef EAX_MODE
+
+/**
+   EAX encrypt and produce an authentication tag
+   @param cipher     The index of the cipher desired
+   @param key        The secret key to use
+   @param keylen     The length of the secret key (octets)
+   @param nonce      The session nonce [use once]
+   @param noncelen   The length of the nonce
+   @param header     The header for the session
+   @param headerlen  The length of the header (octets)
+   @param pt         The plaintext
+   @param ptlen      The length of the plaintext (octets)
+   @param ct         [out] The ciphertext
+   @param tag        [out] The destination tag
+   @param taglen     [in/out] The max size and resulting size of the authentication tag
+   @return CRYPT_OK if successful
+*/
+int eax_encrypt_authenticate_memory(int cipher,
+    const unsigned char *key,    unsigned long keylen,
+    const unsigned char *nonce,  unsigned long noncelen,
+    const unsigned char *header, unsigned long headerlen,
+    const unsigned char *pt,     unsigned long ptlen,
+          unsigned char *ct,
+          unsigned char *tag,    unsigned long *taglen)
+{
+   int err;
+   eax_state *eax;
+
+   LTC_ARGCHK(key    != NULL);
+   LTC_ARGCHK(pt     != NULL);
+   LTC_ARGCHK(ct     != NULL);
+   LTC_ARGCHK(tag    != NULL);
+   LTC_ARGCHK(taglen != NULL);
+
+   eax = XMALLOC(sizeof(*eax));
+
+   if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
+      goto LBL_ERR; 
+   }
+
+   if ((err = eax_encrypt(eax, pt, ct, ptlen)) != CRYPT_OK) {
+      goto LBL_ERR; 
+   }
+ 
+   if ((err = eax_done(eax, tag, taglen)) != CRYPT_OK) {
+      goto LBL_ERR; 
+   }
+
+   err = CRYPT_OK;
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(eax, sizeof(*eax));
+#endif
+
+   XFREE(eax);
+
+   return err;   
+}
+
+#endif

eax_init.c → src/encauth/eax/eax_init.c

@@ -9,13 +9,29 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* EAX Implementation by Tom St Denis */
-#include "mycrypt.h"
+/** 
+   @file eax_init.c
+   EAX implementation, initialized EAX state, by Tom St Denis 
+*/
+#include "tomcrypt.h"
 
 #ifdef EAX_MODE
 
-int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
-             const unsigned char *nonce, unsigned long noncelen,
+/** 
+   Initialized an EAX state
+   @param eax       [out] The EAX state to initialize
+   @param cipher    The index of the desired cipher
+   @param key       The secret key
+   @param keylen    The length of the secret key (octets)
+   @param nonce     The use-once nonce for the session
+   @param noncelen  The length of the nonce (octets)
+   @param header    The header for the EAX state
+   @param headerlen The header length (octets)
+   @return CRYPT_OK if successful
+*/
+int eax_init(eax_state *eax, int cipher, 
+             const unsigned char *key,    unsigned long keylen,
+             const unsigned char *nonce,  unsigned long noncelen,
              const unsigned char *header, unsigned long headerlen)
 {
    unsigned char *buf;
@@ -24,11 +40,11 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
    unsigned long len;
 
 
-   _ARGCHK(eax   != NULL);
-   _ARGCHK(key   != NULL);
-   _ARGCHK(nonce != NULL);
+   LTC_ARGCHK(eax   != NULL);
+   LTC_ARGCHK(key   != NULL);
+   LTC_ARGCHK(nonce != NULL);
    if (headerlen > 0) {
-      _ARGCHK(header != NULL);
+      LTC_ARGCHK(header != NULL);
    }
 
    if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
@@ -38,7 +54,7 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
 
    /* allocate ram */
    buf  = XMALLOC(MAXBLOCKSIZE);
-   omac = XMALLOC(sizeof(omac_state));
+   omac = XMALLOC(sizeof(*omac));
 
    if (buf == NULL || omac == NULL) {
       if (buf != NULL) {
@@ -53,21 +69,21 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
    /* N = OMAC_0K(nonce) */
    zeromem(buf, MAXBLOCKSIZE);
    if ((err = omac_init(omac, cipher, key, keylen)) != CRYPT_OK) {
-      goto __ERR; 
+      goto LBL_ERR; 
    }
 
    /* omac the [0]_n */
    if ((err = omac_process(omac, buf, blklen)) != CRYPT_OK) {
-      goto __ERR; 
+      goto LBL_ERR; 
    }
    /* omac the nonce */
    if ((err = omac_process(omac, nonce, noncelen)) != CRYPT_OK) {
-      goto __ERR; 
+      goto LBL_ERR; 
    }
    /* store result */
    len = sizeof(eax->N);
    if ((err = omac_done(omac, eax->N, &len)) != CRYPT_OK) {
-      goto __ERR; 
+      goto LBL_ERR; 
    }
 
    /* H = OMAC_1K(header) */
@@ -75,17 +91,17 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
    buf[blklen - 1] = 1;
 
    if ((err = omac_init(&eax->headeromac, cipher, key, keylen)) != CRYPT_OK) {
-      goto __ERR; 
+      goto LBL_ERR; 
    }
 
    /* omac the [1]_n */
    if ((err = omac_process(&eax->headeromac, buf, blklen)) != CRYPT_OK) {
-      goto __ERR; 
+      goto LBL_ERR; 
    }
    /* omac the header */
    if (headerlen != 0) {
       if ((err = omac_process(&eax->headeromac, header, headerlen)) != CRYPT_OK) {
-          goto __ERR; 
+          goto LBL_ERR; 
       }
    }
 
@@ -93,28 +109,28 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
 
    /* setup the CTR mode */
    if ((err = ctr_start(cipher, eax->N, key, keylen, 0, &eax->ctr)) != CRYPT_OK) {
-      goto __ERR; 
+      goto LBL_ERR; 
    }
    /* use big-endian counter */
    eax->ctr.mode = 1;
 
    /* setup the OMAC for the ciphertext */
    if ((err = omac_init(&eax->ctomac, cipher, key, keylen)) != CRYPT_OK) { 
-      goto __ERR; 
+      goto LBL_ERR; 
    }
 
    /* omac [2]_n */
    zeromem(buf, MAXBLOCKSIZE);
    buf[blklen-1] = 2;
    if ((err = omac_process(&eax->ctomac, buf, blklen)) != CRYPT_OK) {
-      goto __ERR; 
+      goto LBL_ERR; 
    }
 
    err = CRYPT_OK;
-__ERR:
-#ifdef CLEAN_STACK
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
    zeromem(buf,  MAXBLOCKSIZE);
-   zeromem(omac, sizeof(omac_state));
+   zeromem(omac, sizeof(*omac));
 #endif
 
    XFREE(omac);

eax_test.c → src/encauth/eax/eax_test.c

@@ -9,11 +9,18 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* EAX Implementation by Tom St Denis */
-#include "mycrypt.h"
+/** 
+    @file eax_test.c
+    EAX implementation, self-test, by Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef EAX_MODE
 
+/**
+   Test the EAX implementation
+   @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
+*/
 int eax_test(void)
 {
 #ifndef LTC_TEST

ocb_decrypt.c → src/encauth/ocb/ocb_decrypt.c

@@ -9,25 +9,35 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* OCB Implementation by Tom St Denis */
-#include "mycrypt.h"
+/**
+   @file ocb_decrypt.c
+   OCB implementation, decrypt data, by Tom St Denis 
+*/
+#include "tomcrypt.h"
 
 #ifdef OCB_MODE
 
+/**
+  Decrypt a block with OCB.
+  @param ocb    The OCB state
+  @param ct     The ciphertext (length of the block size of the block cipher)
+  @param pt     [out] The plaintext (length of ct)
+  @return CRYPT_OK if successful
+*/
 int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt)
 {
    unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE];
    int err, x;
 
-   _ARGCHK(ocb != NULL);
-   _ARGCHK(pt  != NULL);
-   _ARGCHK(ct  != NULL);
+   LTC_ARGCHK(ocb != NULL);
+   LTC_ARGCHK(pt  != NULL);
+   LTC_ARGCHK(ct  != NULL);
 
    /* check if valid cipher */
    if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
       return err;
    }
-   _ARGCHK(cipher_descriptor[ocb->cipher].ecb_decrypt != NULL);
+   LTC_ARGCHK(cipher_descriptor[ocb->cipher].ecb_decrypt != NULL);
    
    /* check length */
    if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) {
@@ -52,7 +62,7 @@ int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt)
    }
 
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
    zeromem(Z, sizeof(Z));
    zeromem(tmp, sizeof(tmp));
 #endif

src/encauth/ocb/ocb_decrypt_verify_memory.c

@@ -0,0 +1,82 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/** 
+  @file ocb_decrypt_verify_memory.c
+  OCB implementation, helper to decrypt block of memory, by Tom St Denis 
+*/
+#include "tomcrypt.h"
+
+#ifdef OCB_MODE
+
+/**
+   Decrypt and compare the tag with OCB.
+   @param cipher     The index of the cipher desired
+   @param key        The secret key
+   @param keylen     The length of the secret key (octets)
+   @param nonce      The session nonce (length of the block size of the block cipher)
+   @param ct         The ciphertext
+   @param ctlen      The length of the ciphertext (octets)
+   @param pt         [out] The plaintext
+   @param tag        The tag to compare against
+   @param taglen     The length of the tag (octets)
+   @param stat       [out] The result of the tag comparison (1==valid, 0==invalid)
+   @return CRYPT_OK if successful regardless of the tag comparison
+*/
+int ocb_decrypt_verify_memory(int cipher,
+    const unsigned char *key,    unsigned long keylen,
+    const unsigned char *nonce,  
+    const unsigned char *ct,     unsigned long ctlen,
+          unsigned char *pt,
+    const unsigned char *tag,    unsigned long taglen,
+          int           *stat)
+{
+   int err;
+   ocb_state *ocb;
+
+   LTC_ARGCHK(key    != NULL);
+   LTC_ARGCHK(nonce  != NULL);
+   LTC_ARGCHK(pt     != NULL);
+   LTC_ARGCHK(ct     != NULL);
+   LTC_ARGCHK(tag    != NULL);
+   LTC_ARGCHK(stat    != NULL);
+
+   /* allocate memory */
+   ocb = XMALLOC(sizeof(ocb_state));
+   if (ocb == NULL) {
+      return CRYPT_MEM;
+   }
+
+   if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
+      goto LBL_ERR; 
+   }
+
+   while (ctlen > (unsigned long)ocb->block_len) {
+        if ((err = ocb_decrypt(ocb, ct, pt)) != CRYPT_OK) {
+            goto LBL_ERR; 
+        }
+        ctlen   -= ocb->block_len;
+        pt      += ocb->block_len;
+        ct      += ocb->block_len;
+   }
+
+   err = ocb_done_decrypt(ocb, ct, ctlen, pt, tag, taglen, stat);
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(ocb, sizeof(ocb_state));
+#endif
+ 
+   XFREE(ocb);
+
+   return err;
+}
+
+#endif

ocb_done_decrypt.c → src/encauth/ocb/ocb_done_decrypt.c

@@ -9,28 +9,42 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* OCB Implementation by Tom St Denis */
-#include "mycrypt.h"
+/** 
+   @file ocb_done_decrypt.c
+   OCB implementation, terminate decryption, by Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef OCB_MODE
 
+/**
+   Terminate a decrypting OCB state
+   @param ocb    The OCB state
+   @param ct     The ciphertext (if any)
+   @param ctlen  The length of the ciphertext (octets)
+   @param pt     [out] The plaintext
+   @param tag    The authentication tag (to compare against)
+   @param taglen The length of the authentication tag provided
+   @param stat    [out] The result of the tag comparison
+   @return CRYPT_OK if the process was successful regardless if the tag is valid
+*/
 int ocb_done_decrypt(ocb_state *ocb, 
                      const unsigned char *ct,  unsigned long ctlen,
                            unsigned char *pt, 
-                     const unsigned char *tag, unsigned long taglen, int *res)
+                     const unsigned char *tag, unsigned long taglen, int *stat)
 {
    int err;
    unsigned char *tagbuf;
    unsigned long tagbuflen;
 
-   _ARGCHK(ocb != NULL);
-   _ARGCHK(pt  != NULL);
-   _ARGCHK(ct  != NULL);
-   _ARGCHK(tag != NULL);
-   _ARGCHK(res != NULL);
+   LTC_ARGCHK(ocb  != NULL);
+   LTC_ARGCHK(pt   != NULL);
+   LTC_ARGCHK(ct   != NULL);
+   LTC_ARGCHK(tag  != NULL);
+   LTC_ARGCHK(stat != NULL);
 
    /* default to failed */
-   *res = 0;
+   *stat = 0;
 
    /* allocate memory */
    tagbuf = XMALLOC(MAXBLOCKSIZE);
@@ -39,17 +53,17 @@ int ocb_done_decrypt(ocb_state *ocb,
    }
 
    tagbuflen = MAXBLOCKSIZE;
-   if ((err = __ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) {
-      goto __ERR;
+   if ((err = s_ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) {
+      goto LBL_ERR;
    }
 
    if (taglen <= tagbuflen && memcmp(tagbuf, tag, taglen) == 0) {
-      *res = 1;
+      *stat = 1;
    }
 
    err = CRYPT_OK;
-__ERR:
-#ifdef CLEAN_STACK
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
    zeromem(tagbuf, MAXBLOCKSIZE);
 #endif
 

src/encauth/ocb/ocb_done_encrypt.c

@@ -0,0 +1,42 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/** 
+   @file ocb_done_encrypt.c
+   OCB implementation, terminate encryption, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef OCB_MODE
+
+/** 
+   Terminate an encryption OCB state
+   @param ocb       The OCB state
+   @param pt        Remaining plaintext (if any)
+   @param ptlen     The length of the plaintext (octets)
+   @param ct        [out] The ciphertext (if any)
+   @param tag       [out] The tag for the OCB stream
+   @param taglen    [in/out] The max size and resulting size of the tag
+   @return CRYPT_OK if successful
+*/
+int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
+                     unsigned char *ct, unsigned char *tag, unsigned long *taglen)
+{
+   LTC_ARGCHK(ocb    != NULL);
+   LTC_ARGCHK(pt     != NULL);
+   LTC_ARGCHK(ct     != NULL);
+   LTC_ARGCHK(tag    != NULL);
+   LTC_ARGCHK(taglen != NULL);
+   return s_ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0);
+}
+
+#endif
+

ocb_encrypt.c → src/encauth/ocb/ocb_encrypt.c

@@ -9,19 +9,29 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* OCB Implementation by Tom St Denis */
-#include "mycrypt.h"
+/** 
+   @file ocb_encrypt.c
+   OCB implementation, encrypt data, by Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef OCB_MODE
 
+/**
+   Encrypt a block of data with OCB.
+   @param ocb     The OCB state
+   @param pt      The plaintext (length of the block size of the block cipher)
+   @param ct      [out] The ciphertext (same size as the pt)
+   @return CRYPT_OK if successful
+*/
 int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct)
 {
    unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE];
    int err, x;
 
-   _ARGCHK(ocb != NULL);
-   _ARGCHK(pt  != NULL);
-   _ARGCHK(ct  != NULL);
+   LTC_ARGCHK(ocb != NULL);
+   LTC_ARGCHK(pt  != NULL);
+   LTC_ARGCHK(ct  != NULL);
    if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
       return err;
    }
@@ -46,7 +56,7 @@ int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct)
        ct[x] ^= Z[x];
    }
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
    zeromem(Z, sizeof(Z));
    zeromem(tmp, sizeof(tmp));
 #endif

ocb_encrypt_authenticate_memory.c → src/encauth/ocb/ocb_encrypt_authenticate_memory.c

@@ -9,11 +9,27 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* OCB Implementation by Tom St Denis */
-#include "mycrypt.h"
+/** 
+  @file ocb_encrypt_authenticate_memory.c
+  OCB implementation, encrypt block of memory, by Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef OCB_MODE
 
+/**
+   Encrypt and generate an authentication code for a buffer of memory
+   @param cipher     The index of the cipher desired
+   @param key        The secret key
+   @param keylen     The length of the secret key (octets)
+   @param nonce      The session nonce (length of the block ciphers block size)
+   @param pt         The plaintext
+   @param ptlen      The length of the plaintext (octets)
+   @param ct         [out] The ciphertext
+   @param tag        [out] The authentication tag
+   @param taglen     [in/out] The max size and resulting size of the authentication tag
+   @return CRYPT_OK if successful
+*/
 int ocb_encrypt_authenticate_memory(int cipher,
     const unsigned char *key,    unsigned long keylen,
     const unsigned char *nonce,  
@@ -24,12 +40,12 @@ int ocb_encrypt_authenticate_memory(int cipher,
    int err;
    ocb_state *ocb;
 
-   _ARGCHK(key    != NULL);
-   _ARGCHK(nonce  != NULL);
-   _ARGCHK(pt     != NULL);
-   _ARGCHK(ct     != NULL);
-   _ARGCHK(tag    != NULL);
-   _ARGCHK(taglen != NULL);
+   LTC_ARGCHK(key    != NULL);
+   LTC_ARGCHK(nonce  != NULL);
+   LTC_ARGCHK(pt     != NULL);
+   LTC_ARGCHK(ct     != NULL);
+   LTC_ARGCHK(tag    != NULL);
+   LTC_ARGCHK(taglen != NULL);
 
    /* allocate ram */
    ocb = XMALLOC(sizeof(ocb_state));
@@ -38,12 +54,12 @@ int ocb_encrypt_authenticate_memory(int cipher,
    }
 
    if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
-      goto __ERR;
+      goto LBL_ERR;
    }
 
    while (ptlen > (unsigned long)ocb->block_len) {
         if ((err = ocb_encrypt(ocb, pt, ct)) != CRYPT_OK) {
-           goto __ERR;
+           goto LBL_ERR;
         }
         ptlen   -= ocb->block_len;
         pt      += ocb->block_len;
@@ -51,8 +67,8 @@ int ocb_encrypt_authenticate_memory(int cipher,
    }
 
    err = ocb_done_encrypt(ocb, pt, ptlen, ct, tag, taglen);
-__ERR:
-#ifdef CLEAN_STACK
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
    zeromem(ocb, sizeof(ocb_state));
 #endif
 

ocb_init.c → src/encauth/ocb/ocb_init.c

@@ -9,8 +9,11 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* OCB Implementation by Tom St Denis */
-#include "mycrypt.h"
+/**
+   @file ocb_init.c
+   OCB implementation, initialize state, by Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef OCB_MODE
 
@@ -32,14 +35,23 @@ static const struct {
 }
 };
 
+/**
+  Initialize an OCB context.
+  @param ocb     [out] The destination of the OCB state
+  @param cipher  The index of the desired cipher
+  @param key     The secret key
+  @param keylen  The length of the secret key (octets)
+  @param nonce   The session nonce (length of the block size of the cipher)
+  @return CRYPT_OK if successful
+*/
 int ocb_init(ocb_state *ocb, int cipher, 
              const unsigned char *key, unsigned long keylen, const unsigned char *nonce)
 {
    int poly, x, y, m, err;
 
-   _ARGCHK(ocb   != NULL);
-   _ARGCHK(key   != NULL);
-   _ARGCHK(nonce != NULL);
+   LTC_ARGCHK(ocb   != NULL);
+   LTC_ARGCHK(key   != NULL);
+   LTC_ARGCHK(nonce != NULL);
 
    /* valid cipher? */
    if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {

ocb_ntz.c → src/encauth/ocb/ocb_ntz.c

@@ -9,11 +9,20 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* OCB Implementation by Tom St Denis */
-#include "mycrypt.h"
+/**
+   @file ocb_ntz.c
+   OCB implementation, internal function, by Tom St Denis
+*/
+
+#include "tomcrypt.h"
 
 #ifdef OCB_MODE
 
+/**
+   Returns the number of leading zero bits [from lsb up]
+   @param x  The 32-bit value to observe
+   @return   The number of bits [from the lsb up] that are zero
+*/
 int ocb_ntz(unsigned long x)
 {
    int c;

ocb_shift_xor.c → src/encauth/ocb/ocb_shift_xor.c

@@ -9,11 +9,19 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* OCB Implementation by Tom St Denis */
-#include "mycrypt.h"
+/** 
+   @file ocb_shift_xor.c
+   OCB implementation, internal function, by Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef OCB_MODE
 
+/**
+   Compute the shift/xor for OCB (internal function)
+   @param ocb  The OCB state 
+   @param Z    The destination of the shift
+*/
 void ocb_shift_xor(ocb_state *ocb, unsigned char *Z)
 {
    int x, y;

ocb_test.c → src/encauth/ocb/ocb_test.c

@@ -9,11 +9,18 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* OCB Implementation by Tom St Denis */
-#include "mycrypt.h"
+/** 
+   @file ocb_test.c
+   OCB implementation, self-test by Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef OCB_MODE
 
+/** 
+  Test the OCB protocol
+  @return   CRYPT_OK if successful
+*/
 int ocb_test(void)
 {
 #ifndef LTC_TEST

s_ocb_done.c → src/encauth/ocb/s_ocb_done.c

@@ -9,8 +9,11 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-/* OCB Implementation by Tom St Denis */
-#include "mycrypt.h"
+/** 
+   @file s_ocb_done.c
+   OCB implementation, internal helper, by Tom St Denis
+*/
+#include "tomcrypt.h"
 
 #ifdef OCB_MODE
 
@@ -21,18 +24,30 @@
  *
  * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it... 
  */
-int __ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
-                     unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode)
+
+/**
+   Shared code to finish an OCB stream
+   @param ocb    The OCB state
+   @param pt     The remaining plaintext [or input]
+   @param ptlen  The length of the input (octets)
+   @param ct     [out] The output buffer
+   @param tag    [out] The destination for the authentication tag
+   @param taglen [in/out] The max size and resulting size of the authentication tag
+   @param mode   The mode we are terminating, 0==encrypt, 1==decrypt
+   @return       CRYPT_OK if successful
+*/
+int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
+               unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode)
 
 {
    unsigned char *Z, *Y, *X;
    int err, x;
 
-   _ARGCHK(ocb    != NULL);
-   _ARGCHK(pt     != NULL);
-   _ARGCHK(ct     != NULL);
-   _ARGCHK(tag    != NULL);
-   _ARGCHK(taglen != NULL);
+   LTC_ARGCHK(ocb    != NULL);
+   LTC_ARGCHK(pt     != NULL);
+   LTC_ARGCHK(ct     != NULL);
+   LTC_ARGCHK(tag    != NULL);
+   LTC_ARGCHK(taglen != NULL);
    if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
       return err;
    }
@@ -106,7 +121,7 @@ int __ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
    }
    *taglen = x;
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
    zeromem(X, MAXBLOCKSIZE);
    zeromem(Y, MAXBLOCKSIZE);
    zeromem(Z, MAXBLOCKSIZE);

chc.c → src/hashes/chc/chc.c

@@ -9,7 +9,12 @@
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
 
-#include "mycrypt.h"
+#include "tomcrypt.h"
+
+/**
+  @file chc.c
+  CHC support. (Tom St Denis)
+*/
 
 #ifdef CHC_HASH
 
@@ -20,7 +25,7 @@ static int            cipher_idx=UNDEFED_HASH,        /* which cipher */
                       cipher_blocksize;               /* blocksize of cipher */
 
 
-const struct _hash_descriptor chc_desc = {
+const struct ltc_hash_descriptor chc_desc = {
    "chc_hash", 12, 0, 0, { 0 }, 0,
    &chc_init,
    &chc_process,
@@ -28,7 +33,11 @@ const struct _hash_descriptor chc_desc = {
    &chc_test
 };
 
-/* initialize the CHC state with a given cipher */
+/**
+  Initialize the CHC state with a given cipher 
+  @param cipher  The index of the cipher you wish to bind 
+  @return CRYPT_OK if successful
+*/
 int chc_register(int cipher)
 {
    int err, kl, idx;
@@ -69,14 +78,18 @@ int chc_register(int cipher)
    return CRYPT_OK;
 }
 
-/* "hash init" is simply encrypt 0 with the 0 key.  Simple way to make an IV */
+/**
+   Initialize the hash state
+   @param md   The hash state you wish to initialize
+   @return CRYPT_OK if successful
+*/
 int chc_init(hash_state *md)
 {
    symmetric_key *key;
    unsigned char  buf[MAXBLOCKSIZE];
    int            err;
  
-   _ARGCHK(md != NULL);
+   LTC_ARGCHK(md != NULL);
 
    /* is the cipher valid? */
    if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
@@ -134,21 +147,30 @@ static int chc_compress(hash_state *md, unsigned char *buf)
        md->chc.state[x] ^= T[0][x] ^ T[1][x];
    }
    XFREE(key);
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
    zeromem(T, sizeof(T));
    zeromem(&key, sizeof(key));
 #endif
    return CRYPT_OK;
 }
 
+/* function for processing blocks */
+int _chc_process(hash_state * md, const unsigned char *buf, unsigned long len);
 HASH_PROCESS(_chc_process, chc_compress, chc, (unsigned long)cipher_blocksize)
 
-int chc_process(hash_state * md, const unsigned char *buf, unsigned long len)
+/**
+   Process a block of memory though the hash
+   @param md   The hash state
+   @param in   The data to hash
+   @param inlen  The length of the data (octets)
+   @return CRYPT_OK if successful
+*/
+int chc_process(hash_state * md, const unsigned char *in, unsigned long inlen)
 {
    int err;
 
-   _ARGCHK(md   != NULL);
-   _ARGCHK(buf  != NULL);
+   LTC_ARGCHK(md   != NULL);
+   LTC_ARGCHK(in  != NULL);
 
    /* is the cipher valid? */
    if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
@@ -158,15 +180,21 @@ int chc_process(hash_state * md, const unsigned char *buf, unsigned long len)
       return CRYPT_INVALID_CIPHER;
    }
 
-   return _chc_process(md, buf, len);
+   return _chc_process(md, in, inlen);
 }
 
-int chc_done(hash_state *md, unsigned char *buf)
+/**
+   Terminate the hash to get the digest
+   @param md   The hash state
+   @param out [out] The destination of the hash (length of the block size of the block cipher)
+   @return CRYPT_OK if successful
+*/
+int chc_done(hash_state *md, unsigned char *out)
 {
     int err;
 
-    _ARGCHK(md   != NULL);
-    _ARGCHK(buf  != NULL);
+    LTC_ARGCHK(md   != NULL);
+    LTC_ARGCHK(out  != NULL);
 
     /* is the cipher valid? */
     if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
@@ -208,19 +236,23 @@ int chc_done(hash_state *md, unsigned char *buf)
     chc_compress(md, md->chc.buf);
 
     /* copy output */
-    XMEMCPY(buf, md->chc.state, cipher_blocksize);
+    XMEMCPY(out, md->chc.state, cipher_blocksize);
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
     zeromem(md, sizeof(hash_state));
 #endif
     return CRYPT_OK;
 }
 
+/**
+  Self-test the hash
+  @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
+*/  
 int chc_test(void)
 {
    static const struct {
       unsigned char *msg,
-                    md[MAXBLOCKSIZE];
+                     md[MAXBLOCKSIZE];
       int            len;
    } tests[] = {
 {

hash_file.c → src/hashes/helper/hash_file.c

@@ -8,18 +8,30 @@
  *
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
-#include "mycrypt.h"
+#include "tomcrypt.h"
 
-int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *outlen)
+/** 
+  @file hash_file.c
+  Hash a file, Tom St Denis
+*/
+
+/**
+  @param hash   The index of the hash desired
+  @param fname  The name of the file you wish to hash
+  @param out    [out] The destination of the digest
+  @param outlen [in/out] The max size and resulting size of the message digest
+  @result CRYPT_OK if successful
+*/
+int hash_file(int hash, const char *fname, unsigned char *out, unsigned long *outlen)
 {
-#ifdef NO_FILE
+#ifdef LTC_NO_FILE
     return CRYPT_NOP;
 #else
     FILE *in;
     int err;
-    _ARGCHK(fname  != NULL);
-    _ARGCHK(dst    != NULL);
-    _ARGCHK(outlen != NULL);
+    LTC_ARGCHK(fname  != NULL);
+    LTC_ARGCHK(out    != NULL);
+    LTC_ARGCHK(outlen != NULL);
 
     if ((err = hash_is_valid(hash)) != CRYPT_OK) {
         return err;
@@ -30,7 +42,7 @@ int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *ou
        return CRYPT_FILE_NOTFOUND;
     }
 
-    err = hash_filehandle(hash, in, dst, outlen);
+    err = hash_filehandle(hash, in, out, outlen);
     if (fclose(in) != 0) {
        return CRYPT_ERROR;
     }

hash_filehandle.c → src/hashes/helper/hash_filehandle.c

@@ -8,11 +8,24 @@
  *
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
-#include "mycrypt.h"
+#include "tomcrypt.h"
 
-int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outlen)
+/**
+   @file hash_filehandle.c
+   Hash open files, Tom St Denis
+*/
+
+/** 
+  Hash data from an open file handle.  
+  @param hash   The index of the hash you want to use
+  @param in     The FILE* handle of the file you want to hash
+  @param out    [out] The destination of the digest
+  @param outlen [in/out] The max size and resulting size of the digest
+  @result CRYPT_OK if successful   
+*/
+int hash_filehandle(int hash, FILE *in, unsigned char *out, unsigned long *outlen)
 {
-#ifdef NO_FILE
+#ifdef LTC_NO_FILE
     return CRYPT_NOP;
 #else
     hash_state md;
@@ -20,9 +33,9 @@ int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outle
     size_t x;
     int err;
 
-    _ARGCHK(dst    != NULL);
-    _ARGCHK(outlen != NULL);
-    _ARGCHK(in     != NULL);
+    LTC_ARGCHK(out    != NULL);
+    LTC_ARGCHK(outlen != NULL);
+    LTC_ARGCHK(in     != NULL);
 
     if ((err = hash_is_valid(hash)) != CRYPT_OK) {
         return err;
@@ -42,9 +55,9 @@ int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outle
            return err;
         }
     } while (x == sizeof(buf));
-    err = hash_descriptor[hash].done(&md, dst);
+    err = hash_descriptor[hash].done(&md, out);
 
-#ifdef CLEAN_STACK
+#ifdef LTC_CLEAN_STACK
     zeromem(buf, sizeof(buf));
 #endif
     return err;

hash_memory.c → src/hashes/helper/hash_memory.c

@@ -8,16 +8,30 @@
  *
  * Tom St Denis, [email protected], http://libtomcrypt.org
  */
-#include "mycrypt.h"
+#include "tomcrypt.h"
 
-int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned char *dst, unsigned long *outlen)
+/**
+  @file hash_memory.c
+  Hash memory helper, Tom St Denis
+*/
+
+/**
+  Hash a block of memory and store the digest.
+  @param hash   The index of the hash you wish to use
+  @param in     The data you wish to hash
+  @param inlen  The length of the data to hash (octets)
+  @param out    [out] Where to store the digest
+  @param outlen [in/out] Max size and resulting size of the digest
+  @return CRYPT_OK if successful
+*/
+int hash_memory(int hash, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen)
 {
     hash_state *md;
     int err;
 
-    _ARGCHK(data   != NULL);
-    _ARGCHK(dst    != NULL);
-    _ARGCHK(outlen != NULL);
+    LTC_ARGCHK(in     != NULL);
+    LTC_ARGCHK(out    != NULL);
+    LTC_ARGCHK(outlen != NULL);
 
     if ((err = hash_is_valid(hash)) != CRYPT_OK) {
         return err;
@@ -33,15 +47,15 @@ int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned
     }
 
     if ((err = hash_descriptor[hash].init(md)) != CRYPT_OK) {
-       goto __ERR;
+       goto LBL_ERR;
     }
-    if ((err = hash_descriptor[hash].process(md, data, len)) != CRYPT_OK) {
-       goto __ERR;
+    if ((err = hash_descriptor[hash].process(md, in, inlen)) != CRYPT_OK) {
+       goto LBL_ERR;
     }
-    err = hash_descriptor[hash].done(md, dst);
+    err = hash_descriptor[hash].done(md, out);
     *outlen = hash_descriptor[hash].hashsize;
-__ERR:
-#ifdef CLEAN_STACK
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
     zeromem(md, sizeof(hash_state));
 #endif
     XFREE(md);

src/hashes/helper/hash_memory_multi.c

@@ -0,0 +1,82 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+#include "tomcrypt.h"
+#include <stdarg.h>
+/**
+  @file hash_memory_multi.c
+  Hash (multiple buffers) memory helper, Tom St Denis
+*/
+
+/**
+  Hash multiple (non-adjacent) blocks of memory at once.  
+  @param hash   The index of the hash you wish to use
+  @param out    [out] Where to store the digest
+  @param outlen [in/out] Max size and resulting size of the digest
+  @param in     The data you wish to hash
+  @param inlen  The length of the data to hash (octets)
+  @param ...    tuples of (data,len) pairs to hash, terminated with a (NULL,x) (x=don't care)
+  @return CRYPT_OK if successful
+*/  
+int hash_memory_multi(int hash, unsigned char *out, unsigned long *outlen,
+                      const unsigned char *in, unsigned long inlen, ...)
+{
+    hash_state          *md;
+    int                  err;
+    va_list              args;
+    const unsigned char *curptr;
+    unsigned long        curlen;
+
+    LTC_ARGCHK(in     != NULL);
+    LTC_ARGCHK(out    != NULL);
+    LTC_ARGCHK(outlen != NULL);
+
+    if ((err = hash_is_valid(hash)) != CRYPT_OK) {
+        return err;
+    }
+
+    if (*outlen < hash_descriptor[hash].hashsize) {
+       return CRYPT_BUFFER_OVERFLOW;
+    }
+
+    md = XMALLOC(sizeof(hash_state));
+    if (md == NULL) {
+       return CRYPT_MEM;
+    }
+
+    if ((err = hash_descriptor[hash].init(md)) != CRYPT_OK) {
+       goto LBL_ERR;
+    }
+
+    va_start(args, inlen);
+    curptr = in; 
+    curlen = inlen;
+    for (;;) {
+       /* process buf */
+       if ((err = hash_descriptor[hash].process(md, curptr, curlen)) != CRYPT_OK) {
+          goto LBL_ERR;
+       }
+       /* step to next */
+       curptr = va_arg(args, const unsigned char*);
+       if (curptr == NULL) {
+          break;
+       }
+       curlen = va_arg(args, unsigned long);
+    }
+    err = hash_descriptor[hash].done(md, out);
+    *outlen = hash_descriptor[hash].hashsize;
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+    zeromem(md, sizeof(hash_state));
+#endif
+    XFREE(md);
+    va_end(args);
+    return err;
+}