Lines Matching refs:be
119 LibTomCrypt is a portable ISO C cryptographic library meant to be a tool set for cryptographers who are
123 The library was designed such that new ciphers/hashes/PRNGs can be added at run-time and the existing API
132 provide all of the tools required to build such functionality. LibTomCrypt was designed to be a flexible library that
136 You may be wondering, \textit{Tom, why did you write a crypto library. I already have one.} Well the reason falls into
150 that can be used to make a program automatically pick between ciphers, hashes and PRNGs at run-time. That means your
156 tools may be limited (e.g. no autoconf).
165 The LibTomCrypt package has also been written to be very modular. The block ciphers, one--way hashes,
175 (\textit{or whatever they call it}) has been invented. It can be added to the library and used within applications
178 This flexibility within the library means it can be used with any combination of primitive algorithms and
182 are not directly tied to the ciphers. That is a new cipher can be added to the library by simply providing
192 The author (Tom St Denis) is not a patent lawyer so this section is not to be treated as legal advice. To the best
194 They can be removed from a build by simply commenting out the two appropriate lines in \textit{tomcrypt\_custom.h}. The rest
228 if it failed. Certain functions that return int will return $-1$ to indicate an error. These functions will be explicitly
229 commented upon. When a function does return a CRYPT error code it can be translated into a string with
320 must pass it the length of the buffer where the output will be stored. For example:
364 may be passed as \textbf{NULL} in such situations.
399 type \textit{byte} will be synonymous with an array of type \textit{unsigned char.}
421 The XXX\_setup() routine will setup the cipher to be used with a given number of rounds and a given key length (in bytes).
422 The number of rounds can be set to zero to use the default, which is generally a good idea.
427 when you are done with a key you can simply discard it (e.g. they can be on the stack). However, to maintain proper coding
492 cipher descriptors may require to be called for resource management purposes. To be compliant, all functions which call a cipher
546 keys (mainly for test vectors anyways). Ideally, your application should be making at least 256 bit keys. This is not
547 because you are to be paranoid. It is because if your PRNG has a bias of any sort the more bits the better. For
592 of rounds that will be used.
594 For a plugin to be compliant it must provide at least each function listed before the accelerators begin. Accelerators are optional,
595 and if missing will be emulated in software.
645 should not be called.
660 key will require less ram but the resulting cipher will be slower. The second option is \textit{TWOFISH\_TABLES} which when
723 A good safety would be to check the return value of \textit{find\_cipher()} before accessing the desired function. In order
766 A typical symmetric block cipher can be used in chaining modes to effectively encrypt messages larger than the block
786 It is important that the initial vector be unique and preferably random for each message encrypted under the same key.
876 the initialization vector to be used with the cipher. You must fill the IV yourself and it is assumed they are the same
878 of the cipher you choose. It is important that the IV be random for each unique message you want to encrypt. The
883 In the case of CTR mode there is an additional parameter \textit{ctr\_mode} which specifies the mode that the counter is to be used in.
884 If \textbf{CTR\_COUNTER\_ LITTLE\_ENDIAN} was specified then the counter will be treated as a little endian value. Otherwise, if
885 \textbf{CTR\_COUNTER\_BIG\_ENDIAN} was specified the counter will be treated as a big endian value. As of v1.15 the RFC 3686 style of
913 In the ECB and CBC cases, \textit{len} must be a multiple of the ciphers block size. In the CBC case, you must manually pad the end of your message (either with
934 of the IV passed in must be the size of the ciphers block size.
1036 The key is specified as two strings the first key $K_1$ is the (normally AES) key and can be any length (typically 16, 24 or 32 octets long). The second key
1037 $K_2$ is the \textit{tweak} key and is always 16 octets long. The tweak value is \textbf{NOT} a nonce or IV value it must be random and secret.
1053 While LRW was specified to be used only with AES, LibTomCrypt will allow any 128--bit block cipher to be specified as indexed by \textit{cipher}. The
1054 number of rounds for the block cipher \textit{num\_rounds} can be 0 to use the default number of rounds for the given cipher.
1071 These will encrypt (or decrypt) the plaintext to the ciphertext buffer (or vice versa). The length is specified by \textit{len} in octets but must be a multiple
1114 (\textit{m} in the RFC 3711). The salt\_key can be shorter than the secret key but it should not be longer.
1130 These will encrypt or decrypt a variable length array of bytes using the F8 mode state specified. The length is specified in bytes and does not have to be a multiple
1144 These work with the current IV value only and not the encrypted IV value specified during the call to f8\_start(). The purpose of these two functions is to be
1160 M. Bellare, P. Rogaway, D. Wagner, A Conventional Authenticated-Encryption Mode.} in a manner similar to the way it was intended to be used
1164 It is initialized with a random \textit{nonce} that can be shared publicly, a \textit{header} which can be fixed and public, and a random secret symmetric key.
1166 The \textit{header} data is meant to be meta--data associated with a stream that isn't private (e.g., protocol messages). It can
1167 be added at anytime during an EAX stream, and is part of the authentication tag. That is, changes in the meta-data can be detected by changes in the output tag.
1192 When this function completes, the \textit{eax} state will be initialized such that you can now either have data decrypted or
1209 \textit{ct}. Note: \textit{ct} and \textit{pt} may be the same region in memory. This function will also send the ciphertext
1211 \textit{pt} and \textit{ct} to be the same region in memory.
1227 \textit{tag} (checksum) may be computed with the following function:
1238 The EAX mode code can be tested to ensure it matches the test vectors by calling the following function:
1243 This requires that the AES (or Rijndael) block cipher be registered with the cipher\_descriptor table first.
1346 and the random \textit{nonce}. Note that \textit{nonce} must be a random (public) string the same length as the block ciphers
1386 Note that \textit{ptlen} must be less than or equal to the block size of block cipher chosen. Also note that if you have
1403 \textit{res} is set to zero. If all \textit{taglen} bytes of \textit{tag} can be verified then \textit{res} is set to one (authenticated
1421 can be any arbitrary length.
1460 The key can be specified in one of two fashions. First, it can be passed as an array of octets in \textit{key} of length \textit{keylen}. Alternatively,
1461 it can be passed in as a previously scheduled key in \textit{uskey}. The latter fashion saves time when the same key is used for multiple packets. If
1462 \textit{uskey} is not \textbf{NULL}, then \textit{key} may be \textbf{NULL} (and vice-versa).
1465 encrypted, it is stored in \textit{header} of length \textit{headerlen} octets. The header can be zero octets long (if $headerlen = 0$ then
1468 The plaintext is stored in \textit{pt}, and the ciphertext in \textit{ct}. The length of both are expected to be equal and is passed in as \textit{ptlen}. It is
1470 decryption (direction $=$ \textbf{CCM\_DECRYPT}) is to be performed.
1481 This will return \textbf{CRYPT\_OK} if the CCM routine passes known test vectors. It requires AES or Rijndael to be registered previously, otherwise it will
1542 Galois counter mode is an IEEE proposal for authenticated encryption (also it is a planned NIST standard). Like EAX and OCB mode, it can be used in a streaming capacity
1546 A GCM stream is meant to be processed in three modes, one after another. First, the initial vector (per session) data is processed. This should be
1563 After the state has been initialized (or reset) the next step is to add the session (or packet) initial vector. It should be unique per packet encrypted.
1574 Note: the GCM protocols provides a \textit{shortcut} for 12--byte IVs where no pre-processing is to be done. If you want to minimize per packet latency it is ideal
1578 After the entire IV has been processed, the additional authentication data can be processed. Unlike the IV, a packet/session does not require additional
1579 authentication data (AAD) for security. The AAD is meant to be used as side--channel data you want to be authenticated with the packet. Note: once
1591 After the AAD has been processed, the plaintext (or ciphertext depending on the direction) can be processed.
1617 The call to gcm\_init() will perform considerable pre--computation (when \textbf{GCM\_TABLES} is defined) and if you're going to be dealing with a lot of packets
1628 To process a single packet under any given key the following helper function can be used.
1675 /* Add the AAD (note: aad can be NULL if aadlen == 0) */
1765 are buffered. The data can be passed in any sized chunks as long as the order of the bytes are the same the message digest (hash output) will be the same. For example,
1927 This will hash the file named by \textit{fname} using the hash indexed by \textit{hash}. The file named in this function call must be readable by the
1928 user owning the process performing the request. This function can be omitted by the \textbf{LTC\_NO\_FILE} define, which forces it to return \textbf{CRYPT\_NOP}
1940 will not rewind the file pointer when finished. This function can be omitted by the \textbf{LTC\_NO\_FILE} define, which forces it to return \textbf{CRYPT\_NOP}
1943 To perform the above hash with md5 the following code could be used:
2015 applicable block ciphers (such as AES) can be turned into hash functions that other LTC functions can use. In
2016 particular this allows a cryptosystem to be designed using very few moving parts.
2019 descriptor must be registered with register\_hash(). At this point the CHC hash cannot be used to hash
2028 A cipher has to be registered with CHC (and also in the cipher descriptor tables with
2030 be bound to the CHC hash at a time. There are additional requirements for the system to work.
2069 These hashes are provided for completeness and they still can be used for the purposes of password hashing or one-way accumulators
2078 of a message is a keyed authentication code that only the owner of a private symmetric key will be able to verify. The purpose is
2080 eavesdropper will not be able to verify the authenticity of a message.
2110 The \textit{hmac} parameter is the HMAC state you are working with. The \textit{out} parameter is the array of octets where the HMAC code should be stored.
2128 table must be provided in \textit{hash}. It uses the key from \textit{key} with a key length of \textit{keylen}.
2129 The result is stored in the array of octets \textit{out} and the length in \textit{outlen}. The value of \textit{outlen} must be set
2141 result should be stored.
2247 \textit{outlen} can be smaller than the default MAC size (for instance AES would make a 16-byte tag). Part of the OMAC
2248 specification states that the output may be truncated. So if you pass in $outlen = 5$ and use AES as your cipher than
2249 the output MAC code will only be five bytes long. If \textit{outlen} is larger than the default size it is set to the default
2375 When a complete message has been processed the following function can be called to compute the message tag.
2424 rate of processing and is potentially very secure. It requires AES to be enabled to function. You do not have to register\_cipher() AES first though
2512 by the \textit{cipher} index can be either a 64 or 128--bit block cipher. This will return \textbf{CRYPT\_OK} on success.
2572 This will return \textbf{CRYPT\_OK} on success. This requires the AES or Rijndael descriptor be previously registered, otherwise, it will return
2576 The F9--MAC is yet another CBC--MAC variant proposed for the 3GPP standard. Originally specified to be used with the KASUMI block cipher, it can also be used
2584 If the user simply wants a MAC function (hint: use OMAC) padding with a single 0x40 byte should be sufficient for security purposes and still be reasonably compatible
2598 by the \textit{cipher} index can be either a 64 or 128--bit block cipher. This will return \textbf{CRYPT\_OK} on success.
2658 This will return \textbf{CRYPT\_OK} on success. This requires the AES or Rijndael descriptor be
2671 This will setup the PRNG for future use and not seed it. In order for the PRNG to be cryptographically useful you must give it
2713 the export is meant to be used as a \textit{seed file}. That is, when the program starts up there will not likely
2714 be that much entropy available. To import a state to seed a PRNG call the following function.
2758 It is possible to be adding entropy and reading from a PRNG at the same time. For example, if you first seed the PRNG
2759 and call ready() you can now read from it. You can also keep adding new entropy to it. The new entropy will not be used
2760 in the PRNG until ready() is called again. This allows the PRNG to be used and re-seeded at the same time. No real error
2796 PRNGs have descriptors that allow plugin driven functions to be created using PRNGs. The plugin descriptors are stored in the structure \textit{prng\_descriptor}. The
2823 To find a PRNG in the descriptor table the following function can be used:
2976 used when the slower ANSI C RNG must be used so the calling application can still work. This is useful since the ANSI C RNG has a throughput of roughly three
2977 bytes a second. The callback pointer may be set to {\bf NULL} to avoid using it if you do not want to. The function returns the number of bytes actually read from
3026 requires to be started, that is you need not call the start, add\_entropy, or ready functions. For example, consider
3081 This will encode the message pointed to by \textit{msg} of length \textit{msglen} octets. The \textit{block\_type} parameter must be set to
3082 \textbf{LTC\_PKCS\_1\_EME} to perform encryption padding. It must be set to \textbf{LTC\_PKCS\_1\_EMSA} to perform signature padding. The \textit{modulus\_bitlen}
3083 parameter indicates the length of the modulus in bits. The padded data is stored in \textit{out} with a length of \textit{outlen} octets. The output will not be
3086 Only encryption padding requires a PRNG. When performing signature padding the \textit{prng\_idx} parameter may be left to zero as it is not checked for validity.
3103 \textit{outlen}. If the padding is valid, a 1 is stored in \textit{is\_valid}, otherwise, a 0 is stored. The \textit{block\_type} parameter must be set to either
3129 This accepts \textit{msg} as input of length \textit{msglen} which will be OAEP padded. The \textit{lparam} variable is an additional system specific
3130 tag that can be applied to the encoding. This is useful to identify which system encoded the message. If no variance is desired then
3131 \textit{lparam} can be set to \textbf{NULL}.
3134 \textit{modulus\_bitlen}. \textit{hash\_idx} is the index into the hash descriptor table of the hash desired. PKCS \#1 allows any hash to be
3174 PSS encoding is the second half of the PKCS \#1 standard which is padding to be applied to messages that are signed.
3190 This function assumes the message to be PSS encoded has previously been hashed. The input hash \textit{msghash} is of length
3191 \textit{msghashlen}. PSS allows a variable length random salt (it can be zero length) to be introduced in the signature process.
3196 of the modulus $h$ the length of the hash output (in octets) then there can be $m - h - 2$ bytes of salt.
3198 This function does not actually sign the data it merely pads the hash of a message so that it can be processed by rsa\_exptmod().
3230 multiplicative sub-group formed modulo $N$ is given as $\phi(N) = (p - 1)(q - 1)$ which can be reduced to
3237 given only $N$ and $e$ appears to be intractable only the owner of the private key can decrypt the ciphertext and compute
3242 Ideally $e$ should be larger than $100$ to prevent direct analysis. For example, if $e$ is three and you do not pad
3243 the plaintext to be encrypted than it is possible that $M^3 < N$ in which case finding the cube-root would be trivial.
3248 $M_1^dM_2^d = (M_1M_2)^d$ which can be used to forge a signature. Suppose $M_3 = M_1M_2$ is a message you want
3250 together. Similar tricks can be used to deduce plaintexts from ciphertexts. It is important not only to sign
3267 trivial math attacks, and not super slow. The \textit{key} parameter is where the constructed key is placed. All keys must be at
3341 The parameters are all the same as for rsa\_encrypt\_key() except for the addition of the \textit{padding} parameter. It must be set to
3344 When performing v1.5 encryption, the hash and lparam parameters are totally ignored and can be set to \textbf{NULL} or zero (respectively).
3386 It must be set to \textbf{LTC\_PKCS\_1\_V1\_5} to perform v1.5 decryption, or set to \textbf{LTC\_PKCS\_1\_OAEP} to perform v2.1 decryption.
3388 When performing v1.5 decryption, the hash and lparam parameters are totally ignored and can be set to \textbf{NULL} or zero (respectively).
3408 This will PSS encode the message digest pointed to by \textit{in} of length \textit{inlen} octets. Next, the PSS encoded hash will be RSA
3411 The \textit{hash\_idx} parameter indicates which hash will be used to create the PSS encoding. It should be the same as the hash used to
3412 hash the message being signed. The \textit{saltlen} parameter indicates the length of the desired salt, and should typically be small. A good
3413 default value is between 8 and 16 octets. Strictly, it must be small than $modulus\_len - hLen - 2$ where \textit{modulus\_len} is the size of
3435 This will PKCS encode the message digest pointed to by \textit{in} of length \textit{inlen} octets. Next, the PKCS encoded hash will be RSA
3437 must be set to \textbf{LTC\_PKCS\_1\_V1\_5} to produce a v1.5 signature, otherwise, it must be set to \textbf{LTC\_PKCS\_1\_PSS} to produce a
3440 When performing a v1.5 signature the \textit{prng}, \textit{prng\_idx}, and \textit{hash\_idx} parameters are not checked and can be left to any
3486 The \textit{padding} parameter must be set to \textbf{LTC\_PKCS\_1\_V1\_5} to perform a v1.5 verification. Otherwise, it must be set to
3580 set to \textbf{PK\_PRIVATE} the export format will be RSAPrivateKey and otherwise it will be RSAPublicKey.
3602 The library provides a set of core ECC functions as well that are designed to be the Elliptic Curve analogy of all of the
3641 cache (of FP\_ENTRIES entries) which it uses to hold recent bases passed to ltc\_ecc\_mulmod(). Any base detected to be used twice is sent through the
3642 pre--computation phase, and then the fixed point algorithm can be used. For example, if you use a NIST base point twice in a row, the 2$^{nd}$ and
3647 value the faster the algorithm will be but the more memory it will take. The memory usage is $3 \cdot 2^{FP\_LUT}$ integers which by default
3723 The curve must be of the form $y^2 = x^3 - 3x + b$, and all of the integer parameters are encoded in hexadecimal format.
3869 hash algorithm indexed by \textit{hash} to construct a shared secret which may be XOR'ed against the plaintext. The ciphertext is stored in
3885 This function will decrypt an encrypted payload. The \textit{key} provided must be the private key corresponding to the public key
3921 will be stored in the array pointed to by \textit{out} of length \textit{outlen} octets. The function requires a properly seeded PRNG, and
3922 the ECC \textit{key} provided must be a private key.
3938 The ECC \textit{key} must be the public (or private) ECC key corresponding to the key that performed the signature.
3963 publicFlags BIT STRING(0), -- must be 0
3969 -- (must be prime)
3977 publicFlags BIT STRING(1), -- must be 1
3983 -- (must be prime)
4035 \item $g = h^r \mbox{ (mod }p\mbox{)}$ a generator of order $q$ modulo $p$. $h$ can be any non-trivial random
4044 \item $q$ must be prime.
4045 \item $p$ must be prime.
4046 \item $g$ cannot be one of $\lbrace -1, 0, 1 \rbrace$ (modulo $p$).
4047 \item $g$ must be less than $p$.
4069 and should not be used at all. If the result is $stat = 1$ the DSA key is valid (as far as valid mathematics are concerned).
4088 is stored and the function returns an error code. The DSA \textit{key} must be of the \textbf{PK\_PRIVATE} persuasion.
4106 As of version 1.07, the DSA keys can be used to encrypt and decrypt small payloads. It works similar to the ECC encryption where
4126 length of the ciphertext \textit{outlen} must be originally set to the length of the output buffer. The DSA \textit{key} can be
4140 The DSA \textit{key} must be a private key.
4145 To export a DSA key so that it can be transported use the following function:
4154 initialized to the maximum buffer size). The \textit{type} variable may be either \textbf{PK\_PRIVATE} or \textbf{PK\_PUBLIC}
4192 The \textit{type} field is one of the following ASN.1 field definitions. The \textit{data} pointer is a void pointer to the data to be encoded (or the destination) and the
4197 It will assign to the \textit{index}th position in the \textit{list} the triplet (Type, Data, Size). An example usage would be:
4257 To encode a sequence a \textbf{ltc\_asn1\_list} array must be initialized with the members of the sequence and their respective pointers. The encoding is performed
4267 This encodes a sequence of items pointed to by \textit{list} where the list has \textit{inlen} items in it. The SEQUENCE will be encoded to \textit{out} and of length \textit{outlen}. The
4270 The \textit{data} pointer in the list would be the same pointer you would pass to the respective ASN.1 encoder (e.g. der\_encode\_bit\_string()) and it is simply passed on
4292 For the following types the \textit{size} field will be updated to reflect the number of units read of the given type.
4303 The length of a SEQUENCE can be determined with the following function.
4316 For small or simple sequences an encoding or decoding can be performed with one of the following two functions.
4332 and \textit{data} is \textbf{void} pointer. The list of items must be terminated with an item with the type \textbf{LTC\_ASN1\_EOL}.
4360 SET and SET OF are related to the SEQUENCE type in that they can be pretty much be decoded with the same code. However, they are different, and they should
4361 be carefully noted. The SET type is an unordered array of ASN.1 types sorted by the TAG (type identifier), whereas the SET OF type is an ordered array of
4384 The SET type can be decoded with the following function.
4399 The length of a SET can be determined by calling der\_length\_sequence() since they have the same encoding length.
4420 Since the decoding of a \textit{SET OF} object is unambiguous it can be decoded with der\_decode\_sequence().
4423 Like the SET type the der\_length\_sequence() function can be used to determine the length of a \textit{SET OF} object.
4481 These will encode or decode a BIT STRING data type. The bits are passed in (or read out) using one \textbf{char} per bit. A non--zero value will be interpreted
4523 These will encode or decode an OBJECT IDENTIFIER object. The words of the OID are stored in individual \textbf{unsigned long} elements, and must be in the range
4546 to numerical conversions based on the conventions of the compiler being used. For instance, on an x86\_32 machine 'A' == 65 but the same may not be true on
4570 to numerical conversions based on the conventions of the compiler being used. For instance, on an x86\_32 machine 'A' == 65 but the same may not be true on
4618 The time can be offset plus or minus a set amount of hours (off\_hh) and minutes (off\_mm). When \textit{off\_dir} is zero, the time will be added otherwise it
4619 will be subtracted. For instance, the array $\lbrace 5, 6, 20, 22, 4, 00, 0, 5, 0 \rbrace$ represents the current time of
4639 It is suggested that decoded data be further scrutinized (e.g. days of month in particular).
4658 \textit{outlen} elements. The \textit{inlen} field will be updated with the length of the decoded data type, as well as the respective entry in the \textit{list} field
4670 When a SEQUENCE or SET has been encountered a SEQUENCE (or SET resp.) item will be added as a sibling (e.g. list.type == LTC\_ASN1\_SEQUENCE) and the child
4684 normally. The decoded list \textit{out} will point to the very first element of the list (e.g. both parent and prev pointers will be \textbf{NULL}).
4731 that of an IA5 STRING. The sibbling will now be the \textit{LoginToken} SEQUENCE. The sibbling has a child node which points to the \textit{passwdHash} OCTET STRING.
4786 The \textit{salt} is a fixed size 8--byte array which should be random for each user and session. The \textit{iteration\_count} is the delay desired
4795 hash functions output. As such, it can easily be used to derive session keys for ciphers and MACs as well initial vectors as required
4810 The \textit{salt} is an array of size \textit{salt\_len}. It should be random for each user and session. The \textit{iteration\_count} is the delay desired
4854 Those characters are supported in the 7-bit ASCII map, which means they can be used for transport over
4898 as $\phi(pq)$ or $(p - 1)(q - 1)$. The decryption exponent $d$ is found as $de \equiv 1\mbox{ }(\mbox{mod } \phi(pq))$. If either $p$ or $q$ is composite the value of $d$ will be incorrect and the user
4899 will not be able to sign or decrypt messages at all. Suppose $p$ was prime and $q$ was composite this is just a variation of
4926 would be impossible. The requirement that one be setup correctly is vitally important, and to address this point the library
4931 entropy. This manual is not designed to be a text on cryptography. I would just like to highlight that when you design
4959 $n$ is estimated to be
5016 The library is not fully thread safe but several simple precautions can be taken to avoid any problems. The registry functions
5025 The only sticky issue is a shared PRNG which can be alleviated with the careful use of mutex devices. Defining LTC\_PTHREAD for instance, enables
5030 The library is fairly flexible about how it can be built, used, and generally distributed. Additions are being made with
5031 each new release that will make the library even more flexible. Each of the classes of functions can be disabled during
5038 configured. Note that LibTomCrypt can be built with no internal math descriptors. This means that one must be provided at either
5045 settings can be overwritten from the command line which makes custom installation a breeze.
5049 The MAKE, CC and AR flags can all be overwritten. They default to \textit{make}, \textit{\$CC} and \textit{\$AR} respectively.
5050 Changing MAKE allows you to change what program will be invoked to handle sub--directories. For example, this
5066 When \textbf{IGNORE\_SPEED} has been defined the default optimization flags for CFLAGS will be disabled which allows the developer to specify new
5090 All four can be used to create custom install locations depending on the nature of the OS and file system in use.
5166 In this case, no math descriptors are present in the library and they will have to be made available at build or run time before you can use any of the
5176 we define \textbf{TFM\_DESC} for compilation. This is so that the TFM descriptor symbol will be defined for the client application to make use of without
5181 LibTomCrypt can also be built as a shared library through the \textit{makefile.shared} make script. It is similar to use as the static script except
5188 This will build and install the library and link the shared object against the TomsFastMath library (which must be installed as a shared object as well). The
5189 shared build process requires libtool to be installed.
5201 if you handle signals on your own. When set to 3, it will resolve to a empty macro and no error checking will be performed. Finally, when set
5240 If LTC\_NO\_TEST has been defined, the testing routines will be compacted and only return CRYPT\_NOP.
5244 which can be auto-detected. This macro ensures that they are never enabled.
5259 call ctr\_encrypt() with an odd amount of plaintext then call it again the CTR pad (the IV) will be partially used. This will
5261 whole word XOR operations. These operations will be unaligned.
5268 data type you can perform integer operations with. Ideally it should be four or eight bytes since it must properly divide the size
5294 tables at a cost of 4KB of memory. The cipher will be much faster as a result.
5318 Generally the rule of thumb is to setup the tables once at startup and then leave them be. This added build flag simply makes updating
5331 In the test demos that use the libraries the additional flags \textbf{USE\_GMP}, \textbf{USE\_LTM}, and \textbf{USE\_TFM} can be defined
5332 to tell the program which library to use. Only one of the USE flags can be defined at once.
5348 to be highly portable and easy to build out of the box on pretty much any platform. As such there are no assembler inlines throughout the code, I make no assumptions
5351 That works well for most cases but there are times where performance is of the essence. This API allows optimized routines to be dropped in--place of the existing
5352 portable routines. For instance, hand optimized assembler versions of AES could be provided. Any existing function that uses the cipher could automatically use
5538 @param uskey A previously scheduled key [can be NULL]
5641 The minimum key length is \textit{min\_key\_length} and is measured in octets. Similarly the maximum key length is \textit{max\_key\_length}. They can be equal
5642 and both must valid key sizes for the cipher. Values in between are not assumed to be valid though they may be.
5648 Some ciphers allow different number of rounds to be used. Usually you just use the default. The default round count is \textit{default\_rounds}.
5670 cannot be mapped to a valid key size for the cipher.
5673 The next set of functions cover the accelerated functionality of the cipher descriptor. Any combination of these functions may be set to \textbf{NULL} to indicate
5682 The \textit{blocks} value is the number of complete blocks to process. The \textit{IV} is the CBC initial vector. It is an input upon calling this function and must be
5687 The \textit{blocks} value is the number of complete blocks to process. The \textit{IV} is the CTR counter vector. It is an input upon calling this function and must be
5691 This function (and the way it's called) differs from the other two since ctr\_encrypt() allows any size input plaintext. The accelerator will only be
5701 pass in a minimum of nine extra bytes before the accelerator could be called. The CTR accelerator must increment the counter (and store it back into the
5704 The accelerator will only be used to encrypt whole blocks. Partial blocks are always handled in software.
5741 be called prior to this. This function must handle scheduling the key provided on its own. It is called when the user calls gcm\_memory().
5846 guaranteed to be a multiple of the block size in length.
5856 to be able to process multiple blocks per MAC then you will have to simply provide a process() callback and use hmac\_memory() as provided in LibTomCrypt.
5941 When an PRNG state is to be exported for future use you specify the space required in this variable.
6086 @param radix The radix the integer is to be represented in (2-64)
6178 @param c The quotient (can be NULL to signify don't care)
6179 @param d The remainder (can be NULL to signify don't care)
6274 @param b The power (can be negative) integer
6296 (can be ignored if you work in affine only)
6337 @remark The mapping can be different but keep in mind a
6378 @param out The destination (to be stored in an octet array format)
6397 the init calls a \textit{void **} will be passed where you allocate your structure and set the pointer then initialize the number to zero. During the deinit calls you must
6402 All functions (except where noted otherwise) return \textbf{CRYPT\_OK} to signify a successful operation. All error codes must be valid LibTomCrypt error codes.
6405 then partition your digits. Normally this does not matter as \textit{unsigned long} will be the same size as your register size. Note that if your digit is smaller
6426 over how the ECC math will be implemented. Out of the box you only have three parameters per point to use $(x, y, z)$ however, these are just void pointers. They
6427 could point to anything you want. The only further exception is the export functions which expects the values to be in affine format.
6430 This will multiply the point $G$ by the scalar $k$ and store the result in the point $R$. The value should be mapped to affine only if $map$ is set to one.
6434 may be in either affine (with $z = 1$) or projective format and the output point is always projective.
6437 This will map the point $P$ back from projective to affine. The output point $P$ must be of the form $(x, y, 1)$.
6476 to the \textit{out} buffer. The output must be zero padded (leading bytes) so that the length of the output matches the length of the modulus (in bytes). For example,
