added libtomcrypt-1.14

Author: Tom St Denis

Doxyfile

@@ -23,7 +23,7 @@ PROJECT_NAME           = LibTomCrypt
 # This could be handy for archiving the generated documentation or 
 # if some version control system is used.
 
-PROJECT_NUMBER         = 1.13
+PROJECT_NUMBER         = 1.14
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
 # base path where the generated documentation will be put. 

TODO

@@ -1,2 +1,4 @@
 - long term, start moving macros like CTR over to LTC_CTR to make LTC a bit more "drop-in-able".
+- F8 mode could use some LTC_FAST love
+
 

changes

@@ -1,3 +1,23 @@
+August 0x1E, 0x07D6
+v1.14 -- Renamed the chaining mode macros from XXX to LTC_XXX_MODE.  Should help avoid polluting the macro name space.
+      -- clean up of SHA-256
+      -- Chris Colman pointed out that der_decode_sequence_* allows LTC_ASN1_SETOF to accept SEQUENCEs and vice versa.
+         Decoder [non-flexi decoder that is] is more strict now and requires a match.
+      -- Steffen Jaeckel pointed out a typo in the user manual (re: rsa_exptmod).  Fixed.  This disproves the notion that
+         nobody reads it.  :-)
+      -- Made GCM a bit more portable w.r.t. handling the CTR IV (e.g. & with 255)
+      -- Add LTC_VERBOSE if you really want to see what test is doing :-)
+      -- Added SSE2 support to GCM [use GCM_TABLES_SSE2 to enable], shaves 2 cycles per byte on Opteron processors
+         Shaved 4 cycles on a Prescott (Intel P4)
+         Requires you align your gcm_state on a 16 byte boundary, see gcm_memory() for more info
+      -- Added missing prototype for f8_test_mode()
+      -- two fixes to CCM for corner cases [L+noncelen > 15] and fixing the CTR pad to encrypt the CBC-MAC tag
+      -- Franz Glasner pointed out the ARGTYPE=4 is not actually valid.  Fixed.
+      -- Fixed bug in f8_start() if your key < saltkey unspecified behaviour occurs.  :-(
+      -- Documented F8 mode.  Yeah, because you read the manual.  
+      -- Minor updates to the technotes.
+
+
 June 17th, 2005
 v1.13 -- Fixed to fortuna_start() to clean up state if an error occurs.  Not really useful at this stage (sha256 can't fail) but useful
          if I ever make fortuna pluggable
@@ -1464,6 +1484,6 @@ v0.02  -- Changed RC5 to only allow 12 to 24 rounds
 v0.01  -- We will call this the first version.
 
 /* $Source: /cvs/libtom/libtomcrypt/changes,v $ */
-/* $Revision: 1.213 $ */
-/* $Date: 2006/06/18 01:42:59 $ */
+/* $Revision: 1.224 $ */
+/* $Date: 2006/08/30 23:23:20 $ */
 

crypt.tex

@@ -47,7 +47,7 @@
 \def\gap{\vspace{0.5ex}}
 \makeindex
 \begin{document}
-\title{LibTomCrypt \\ Version 1.13}
+\title{LibTomCrypt \\ Version 1.14}
 \author{Tom St Denis \\
 \\
 tomstdenis@gmail.com \\
@@ -1007,6 +1007,55 @@ \subsection{LRW Mode}
 int lrw_done(symmetric_LRW *lrw);
 \end{verbatim}
 
+\subsection{F8 Mode}
+\index{F8 Mode}
+The F8 Chaining mode (see RFC 3711 for instance) is yet another chaining mode for block ciphers.  It behaves much like CTR mode in that it XORs a keystream
+against the plaintext to encrypt.  F8 mode comes with the additional twist that the counter value is secret, encrypted by a \textit{salt key}.  We
+initialize F8 mode with the fuollowing function call:
+
+\index{f8\_start()}
+\begin{verbatim}
+int f8_start(                int  cipher, const unsigned char *IV, 
+             const unsigned char *key,                    int  keylen, 
+             const unsigned char *salt_key,               int  skeylen,
+                             int  num_rounds,   symmetric_F8  *f8);
+\end{verbatim}
+This will start the F8 mode state using ``key'' as the secret key, ``IV'' as the counter.  It uses the ``salt\_key`` as IV encryption key (``m'' in the RFC 3711).
+The salt\_key can be shorter than the secret key but it should not be longer.  
+
+To encrypt or decrypt data we use the following two functions:
+
+\index{f8\_encrypt()} \index{f8\_decrypt()}
+\begin{verbatim}
+int f8_encrypt(const unsigned char *pt, unsigned char *ct, 
+                     unsigned long  len, symmetric_F8 *f8);
+
+int f8_decrypt(const unsigned char *ct, unsigned char *pt, 
+                     unsigned long  len, symmetric_F8 *f8);
+\end{verbatim}
+These will encrypt or decrypt a variable length array of bytes using the F8 mode state specified.  The length is specified in bytes and does not have to be a multiple 
+of the ciphers block size.
+
+To change or retrieve the current counter IV value use the following functions:
+
+\index{f8\_getiv()}
+\index{f8\_setiv()}
+\begin{verbatim}
+int f8_getiv(unsigned char *IV, unsigned long *len, symmetric_F8 *f8);
+int f8_setiv(const unsigned char *IV, unsigned long len, symmetric_F8 *f8);
+\end{verbatim}
+These work with the current IV value only and not the encrypted IV value specifed during the call to f8\_start().  The purpose of these two functions is to be
+able to seek within a current session only.  If you want to change the session IV you will have to call f8\_done() and then start a new state with
+f8\_start().
+
+To terminate an F8 state call the following function:
+
+\index{f8\_done()}
+\begin{verbatim}
+int f8_done(symmetric_F8 *f8);
+\end{verbatim}
+
+\vbox{}
 \section{Encrypt and Authenticate Modes}
 
 \subsection{EAX Mode}
@@ -2719,8 +2768,7 @@ \subsection{RSA Exponentiation}
 \begin{verbatim}
 int rsa_exptmod(const unsigned char *in,   unsigned long inlen,
                       unsigned char *out,  unsigned long *outlen, 
-                      int which, prng_state *prng, int prng_idx,
-                      rsa_key *key);
+                      int which, rsa_key *key);
 \end{verbatim}
 This loads the bignum from ``in'' as a big endian word in the format PKCS specifies, raises it to either ``e'' or ``d'' and stores the result
 in ``out'' and the size of the result in ``outlen''. ``which'' is set to {\bf PK\_PUBLIC} to use ``e'' 
@@ -5241,5 +5289,5 @@ \subsection{RSA Functions}
 \end{document}
 
 % $Source: /cvs/libtom/libtomcrypt/crypt.tex,v $   
-% $Revision: 1.74 $   
-% $Date: 2006/06/18 01:35:41 $ 
+% $Revision: 1.77 $   
+% $Date: 2006/08/30 23:23:20 $ 

demos/timing.c

@@ -16,13 +16,6 @@ reg_algs();
    extern ltc_math_descriptor EXT_MATH_LIB;
    ltc_mp = EXT_MATH_LIB;
 #endif
-time_cipher();
-time_hash();
-time_encmacs();
-time_rsa();
-time_ecc();
-time_ecc();
-return 0;
 time_keysched();
 time_cipher();
 time_cipher2();

doc/crypt.pdf

@@ -4,7 +4,7 @@
 # Modified by Clay Culver
 
 # The version
-VERSION=1.13
+VERSION=1.14
 
 # Compiler and Linker Names
 #CC=gcc
@@ -367,5 +367,5 @@ zipup: no_oops docs
 
 
 # $Source: /cvs/libtom/libtomcrypt/makefile,v $ 
-# $Revision: 1.126 $ 
-# $Date: 2006/06/16 23:52:08 $ 
+# $Revision: 1.127 $ 
+# $Date: 2006/06/29 01:59:34 $ 

makefile

@@ -6,7 +6,7 @@
 # Tom St Denis
 
 # The version
-VERSION=0:113
+VERSION=0:114
 
 # Compiler and Linker Names
 CC=libtool --mode=compile --tag=CC gcc 
@@ -265,5 +265,5 @@ timing: library testprof/$(LIBTEST) $(TIMINGS)
 	gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(EXTRALIBS)
 
 # $Source: /cvs/libtom/libtomcrypt/makefile.shared,v $   
-# $Revision: 1.58 $   
-# $Date: 2006/06/16 23:52:08 $ 
+# $Revision: 1.59 $   
+# $Date: 2006/06/29 01:59:34 $ 

makefile.shared

@@ -12,7 +12,7 @@ You can disable whole classes of algorithms on the command line with the LTC_NO_
 The following build with GCC 3.4.4 on an AMD64 box gets you AES, CTR mode, SHA-256, HMAC, Yarrow, full RSA PKCS #1, PKCS #5 and ASN.1 DER in 
 roughly 40KB of code (49KB on the ARMv4) (both excluding the math library).
 
-CFLAGS="-DLTC_NO_CIPHERS -DLTC_NO_HASHES -DLTC_NO_PRNGS -DLTC_NO_MACS -DLTC_NO_MODES -DLTC_NO_PK -DRIJNDAEL -DCTR -DSHA256 \
+CFLAGS="-DLTC_NO_CIPHERS -DLTC_NO_HASHES -DLTC_NO_PRNGS -DLTC_NO_MACS -DLTC_NO_MODES -DLTC_NO_PK -DRIJNDAEL -DLTC_CTR_MODE -DSHA256 \
 -DHMAC -DYARROW -DMRSA -DMPI -DTFM_DESC -DARGTYPE=3 -Os -DLTC_SMALL_CODE -fomit-frame-pointer" make IGNORE_SPEED=1
 
 Obviously this won't get you performance but if you need to pack a crypto lib in a device with limited means it's more than enough...

notes/tech0005.txt

@@ -1,5 +1,5 @@
 Tech Note #7
 Quick building for testing with LTM
 
-EXTRALIBS=-ltommath CFLAGS="-g3 -DLTC_NO_ASM" make -j3 IGNORE_SPEED=1 test
+EXTRALIBS=-ltommath CFLAGS="-g3 -DLTC_NO_ASM -DUSE_LTM -DLTM_DESC" make -j3 IGNORE_SPEED=1 test