diff options
| author | Malfurious <m@lfurio.us> | 2024-10-24 06:44:24 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2024-10-24 06:44:24 -0400 |
| commit | 512aa4c77b3dc0d72db713a9215ff65a98a99ec3 (patch) | |
| tree | 6db82e0109dc987b5b021f81d4e8a0926eb75ff7 | |
| parent | 428471d39fb8c205a9fad899c88c30a2cb7df685 (diff) | |
| parent | 10affea371406c0ae4c080e5a19390a8e9bd154b (diff) | |
| download | compass-512aa4c77b3dc0d72db713a9215ff65a98a99ec3.tar.gz compass-512aa4c77b3dc0d72db713a9215ff65a98a99ec3.zip | |
Merge branch 'mbedtls'
Replace Crypto++ 5.6.2 with Mbed TLS 3.6.0
Newer compilers are starting to show the age of the crypto library we've
been using, as it is sometimes a pain to recompile compass lately. So,
the tracked version of Crypto++ was at least due for an upgrade.
However, I plan to soon begin reimplementing compass in C. So, I'm
taking this opportunity to first just migrate the cryptography library
to a newer C alternative. This branch does so, and integrates its use
into the current C++ version of compass.
* mbedtls:
Remove unnecessary exception handler catch block
Refactor random password generation to use mbedtls entropy source
Refactor SHA256 function to use mbedtls
Refactor AES functions to use mbedtls
Add Mbedtls library
Remove Crypto++ library
278 files changed, 130 insertions, 74109 deletions
diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..f1b208d --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "mbedtls"] + path = mbedtls + url = https://github.com/Mbed-TLS/mbedtls diff --git a/CMakeLists.txt b/CMakeLists.txt index ffea003..e0fd0a8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,10 @@ cmake_minimum_required(VERSION 3.0) -project(compass CXX) +project(compass LANGUAGES CXX) + +set(ENABLE_PROGRAMS OFF CACHE BOOL "Build mbedtls exemplary programs") +set(ENABLE_TESTING OFF CACHE BOOL "Build mbedtls testing harness") +add_subdirectory(mbedtls) +include_directories(mbedtls/include) add_executable(compass main.cpp @@ -9,142 +14,8 @@ add_executable(compass Keychain.cpp Options.cpp Socket.cpp - cryptopp562/3way.cpp - cryptopp562/adler32.cpp - cryptopp562/algebra.cpp - cryptopp562/algparam.cpp - cryptopp562/arc4.cpp - cryptopp562/asn.cpp - cryptopp562/authenc.cpp - cryptopp562/base32.cpp - cryptopp562/base64.cpp - cryptopp562/basecode.cpp - cryptopp562/bench2.cpp - cryptopp562/bench.cpp - cryptopp562/bfinit.cpp - cryptopp562/blowfish.cpp - cryptopp562/blumshub.cpp - cryptopp562/camellia.cpp - cryptopp562/cast.cpp - cryptopp562/casts.cpp - cryptopp562/cbcmac.cpp - cryptopp562/ccm.cpp - cryptopp562/channels.cpp - cryptopp562/cmac.cpp - cryptopp562/cpu.cpp - cryptopp562/crc.cpp - cryptopp562/cryptlib_bds.cpp - cryptopp562/cryptlib.cpp - cryptopp562/datatest.cpp - cryptopp562/default.cpp - cryptopp562/des.cpp - cryptopp562/dessp.cpp - cryptopp562/dh2.cpp - cryptopp562/dh.cpp - cryptopp562/dll.cpp - cryptopp562/dlltest.cpp - cryptopp562/dsa.cpp - cryptopp562/eax.cpp - cryptopp562/ec2n.cpp - cryptopp562/eccrypto.cpp - cryptopp562/ecp.cpp - cryptopp562/elgamal.cpp - cryptopp562/emsa2.cpp - cryptopp562/eprecomp.cpp - cryptopp562/esign.cpp - cryptopp562/files.cpp - cryptopp562/filters.cpp - cryptopp562/fips140.cpp - cryptopp562/fipsalgt.cpp - cryptopp562/fipstest.cpp - cryptopp562/gcm.cpp - cryptopp562/gf2_32.cpp - cryptopp562/gf256.cpp - cryptopp562/gf2n.cpp - cryptopp562/gfpcrypt.cpp - cryptopp562/gost.cpp - cryptopp562/gzip.cpp - cryptopp562/hex.cpp - cryptopp562/hmac.cpp - cryptopp562/hrtimer.cpp - cryptopp562/ida.cpp - cryptopp562/idea.cpp - cryptopp562/integer.cpp - cryptopp562/iterhash.cpp - cryptopp562/luc.cpp - cryptopp562/mars.cpp - cryptopp562/marss.cpp - cryptopp562/md2.cpp - cryptopp562/md4.cpp - cryptopp562/md5.cpp - cryptopp562/misc.cpp - cryptopp562/modes.cpp - cryptopp562/mqueue.cpp - cryptopp562/mqv.cpp - cryptopp562/nbtheory.cpp - cryptopp562/network.cpp - cryptopp562/oaep.cpp - cryptopp562/osrng.cpp - cryptopp562/panama.cpp - cryptopp562/pch.cpp - cryptopp562/pkcspad.cpp - cryptopp562/polynomi.cpp - cryptopp562/pssr.cpp - cryptopp562/pubkey.cpp - cryptopp562/queue.cpp - cryptopp562/rabin.cpp - cryptopp562/randpool.cpp - cryptopp562/rc2.cpp - cryptopp562/rc5.cpp - cryptopp562/rc6.cpp - cryptopp562/rdtables.cpp - cryptopp562/regtest.cpp - cryptopp562/rijndael.cpp - cryptopp562/ripemd.cpp - cryptopp562/rng.cpp - cryptopp562/rsa.cpp - cryptopp562/rw.cpp - cryptopp562/safer.cpp - cryptopp562/salsa.cpp - cryptopp562/seal.cpp - cryptopp562/seed.cpp - cryptopp562/serpent.cpp - cryptopp562/sha3.cpp - cryptopp562/shacal2.cpp - cryptopp562/sha.cpp - cryptopp562/sharkbox.cpp - cryptopp562/shark.cpp - cryptopp562/simple.cpp - cryptopp562/skipjack.cpp - cryptopp562/socketft.cpp - cryptopp562/sosemanuk.cpp - cryptopp562/square.cpp - cryptopp562/squaretb.cpp - cryptopp562/strciphr.cpp - cryptopp562/tea.cpp - cryptopp562/test.cpp - cryptopp562/tftables.cpp - cryptopp562/tiger.cpp - cryptopp562/tigertab.cpp - cryptopp562/trdlocal.cpp - cryptopp562/ttmac.cpp - cryptopp562/twofish.cpp - cryptopp562/validat1.cpp - cryptopp562/validat2.cpp - cryptopp562/validat3.cpp - cryptopp562/vmac.cpp - cryptopp562/wait.cpp - cryptopp562/wake.cpp - cryptopp562/whrlpool.cpp - cryptopp562/winpipes.cpp - cryptopp562/xtr.cpp - cryptopp562/xtrcrypt.cpp - cryptopp562/zdeflate.cpp - cryptopp562/zinflate.cpp - cryptopp562/zlib.cpp ) -# TODO - Windows needs winsock -find_library(PTHREAD_LIB pthread) -target_link_libraries(compass ${PTHREAD_LIB}) +target_link_libraries(compass mbedtls) + install(TARGETS compass) diff --git a/Compass.cpp b/Compass.cpp index c5d2a3d..9a27d55 100644 --- a/Compass.cpp +++ b/Compass.cpp @@ -112,9 +112,6 @@ void Compass::perform(int argc, char* argv[]) { catch (const int e) {
std::cerr << ERR_GENERIC << std::endl;
}
- catch (const CryptoPP::Exception& e) {
- std::cerr << ERR_GENERIC << std::endl;
- }
catch (const double e) {
std::cerr << ERR_INPUT << std::endl;
}
diff --git a/Cryptor.cpp b/Cryptor.cpp index 57ded9a..9db2bdc 100644 --- a/Cryptor.cpp +++ b/Cryptor.cpp @@ -1,54 +1,98 @@ #include "Cryptor.h"
bool Cryptor::haveKey = false;
-unsigned char Cryptor::key[CryptoPP::AES::DEFAULT_KEYLENGTH];
+unsigned char Cryptor::key[AES_BLOCK_LENGTH];
+
+static void toHex(char *output, const void *input, size_t size) {
+ const unsigned char *_input = (const unsigned char *)input;
+ for (size_t i = 0; i < size; i++) {
+ sprintf(output+(i*2), "%02hhX", _input[i]);
+ }
+}
+
+static void fromHex(void *output, const char *input) {
+ unsigned char *_output = (unsigned char *)output;
+ size_t size = strlen(input);
+ if (size & 1) {
+ throw 1;
+ } else {
+ size /= 2;
+ }
+ for (size_t i = 0; i < size; i++) {
+ if (sscanf(input+(i*2), "%02hhx", &_output[i]) != 1) {
+ throw 1;
+ }
+ }
+}
void Cryptor::encryptAndSave(std::string remoteHost, std::string port, std::string directory, std::string payload) {
// Key
- if (!haveKey)
+ if (!haveKey) {
assembleKey(true);
+ }
// IV
- unsigned char iv[CryptoPP::AES::BLOCKSIZE];
- CryptoPP::AutoSeededRandomPool randl;
- randl.GenerateBlock(iv, sizeof(iv));
+ unsigned char iv[AES_BLOCK_LENGTH];
+ generateRandom(iv, sizeof(iv));
// Encrypt
- std::string cipher;
- CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption enc(key, sizeof(key), iv);
- CryptoPP::StringSource(payload, true, new CryptoPP::StreamTransformationFilter(enc, new CryptoPP::StringSink(cipher)));
+ size_t ciphertextLen = 0;
+ unsigned char *ciphertext = new unsigned char[payload.size() + 64];
+ const mbedtls_cipher_info_t *cipherInfo = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC);
+ mbedtls_cipher_context_t cipher;
+
+ mbedtls_cipher_init(&cipher);
+ mbedtls_cipher_setup(&cipher, cipherInfo);
+ mbedtls_cipher_setkey(&cipher, key, sizeof(key)*8, MBEDTLS_ENCRYPT);
+ mbedtls_cipher_set_padding_mode(&cipher, MBEDTLS_PADDING_PKCS7);
+ mbedtls_cipher_crypt(&cipher, iv, sizeof(iv),
+ (const unsigned char *)payload.c_str(), payload.size(),
+ ciphertext, &ciphertextLen);
+ mbedtls_cipher_free(&cipher);
// Save Data
- std::string encIV, encCipher;
- CryptoPP::StringSource(iv, sizeof(iv), true, new CryptoPP::HexEncoder(new CryptoPP::StringSink(encIV)));
- CryptoPP::StringSource(cipher, true, new CryptoPP::HexEncoder(new CryptoPP::StringSink(encCipher)));
+ char encIV[(AES_BLOCK_LENGTH * 2) + 1];
+ char *encCipher = new char[(ciphertextLen * 2) + 1];
+ toHex(encIV, iv, sizeof(iv));
+ toHex(encCipher, ciphertext, ciphertextLen);
+ std::string _encIV(encIV);
+ std::string _encCipher(encCipher);
+
+ delete[] encCipher;
+ delete[] ciphertext;
+
if (remoteHost == "") {
- if (directory[directory.size() - 1] != '/') directory += "/";
+ if (directory[directory.size() - 1] != '/') {
+ directory += "/";
+ }
directory += KEYCHAIN_FILE;
std::ofstream f(directory.c_str());
- f << encIV << std::endl;
- f << encCipher << std::endl;
+ f << _encIV << std::endl;
+ f << _encCipher << std::endl;
f.close();
- }
- else {
+ } else {
Socket s;
std::string err = "";
s.conn(remoteHost, port);
s.sendline("store");
s.sendline(directory);
- s.sendline(encIV);
- s.sendline(encCipher);
+ s.sendline(_encIV);
+ s.sendline(_encCipher);
err = s.readline();
s.clo();
- if (err != "OK") throw 1;
+ if (err != "OK") {
+ throw 1;
+ }
}
}
std::string Cryptor::loadAndDecrypt(std::string remoteHost, std::string port, std::string directory) {
// Load Data
- std::string encIV, encCipher, ivstr, cipher;
+ std::string encIV, encCipher;
if (remoteHost == "") {
- if (directory[directory.size() - 1] != '/') directory += "/";
+ if (directory[directory.size() - 1] != '/') {
+ directory += "/";
+ }
directory += KEYCHAIN_FILE;
std::ifstream f(directory.c_str());
if (!f.good()) {
@@ -58,8 +102,7 @@ std::string Cryptor::loadAndDecrypt(std::string remoteHost, std::string port, st f >> encIV;
f >> encCipher;
f.close();
- }
- else {
+ } else {
Socket s;
std::string err = "";
s.conn(remoteHost, port);
@@ -74,29 +117,43 @@ std::string Cryptor::loadAndDecrypt(std::string remoteHost, std::string port, st encCipher = s.readline();
s.clo();
}
- CryptoPP::StringSource(encIV, true, new CryptoPP::HexDecoder(new CryptoPP::StringSink(ivstr)));
- CryptoPP::StringSource(encCipher, true, new CryptoPP::HexDecoder(new CryptoPP::StringSink(cipher)));
+
+ // Decode data
+ unsigned char *ciphertext = new unsigned char[encCipher.size() / 2];
+ unsigned char iv[AES_BLOCK_LENGTH];
+ fromHex(ciphertext, encCipher.c_str());
+ fromHex(iv, encIV.c_str());
// Key
- if (!haveKey)
+ if (!haveKey) {
assembleKey();
-
- // IV
- unsigned char iv[CryptoPP::AES::BLOCKSIZE];
- memcpy(iv, ivstr.c_str(), ivstr.size());
+ }
// Decrypt
- std::string payload;
- CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption dec(key, sizeof(key), iv);
- CryptoPP::StringSource(cipher, true, new CryptoPP::StreamTransformationFilter(dec, new CryptoPP::StringSink(payload)));
+ size_t plaintextLen = 0;
+ char *plaintext = new char[(encCipher.size() / 2) + 64];
+ const mbedtls_cipher_info_t *cipherInfo = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC);
+ mbedtls_cipher_context_t cipher;
+
+ mbedtls_cipher_init(&cipher);
+ mbedtls_cipher_setup(&cipher, cipherInfo);
+ mbedtls_cipher_setkey(&cipher, key, sizeof(key)*8, MBEDTLS_DECRYPT);
+ mbedtls_cipher_set_padding_mode(&cipher, MBEDTLS_PADDING_PKCS7);
+ mbedtls_cipher_crypt(&cipher, iv, sizeof(iv),
+ ciphertext, (encCipher.size() / 2),
+ (unsigned char *)plaintext, &plaintextLen);
+ mbedtls_cipher_free(&cipher);
+
+ std::string payload(plaintext, plaintextLen);
+
+ delete[] plaintext;
+ delete[] ciphertext;
return payload;
}
std::string Cryptor::createRandomPassword(PasswordSpec spec) {
- CryptoPP::AutoSeededRandomPool randl;
std::string password;
-
std::vector<char> validChars;
// Always allow lower-case alphabetic characters
@@ -149,14 +206,11 @@ std::string Cryptor::createRandomPassword(PasswordSpec spec) { validChars.push_back('0' + i);
}
-
// Build string
for (int i = 0; i < spec.ml; i++) {
- unsigned char r[1];
- char c;
- randl.GenerateBlock(r, sizeof(r));
- c = validChars[r[0] % validChars.size()];
- password += c;
+ unsigned char c;
+ generateRandom(&c, sizeof(c));
+ password += validChars[c % validChars.size()];
}
return password;
@@ -167,13 +221,24 @@ void Cryptor::rekey() { }
void Cryptor::sha256(std::string str) {
- CryptoPP::SHA256 hash;
- std::string rtr;
- CryptoPP::StringSource(str, true, new CryptoPP::HashFilter(hash, new CryptoPP::StringSink(rtr), false, CryptoPP::AES::DEFAULT_KEYLENGTH));
- memcpy(key, rtr.c_str(), rtr.size());
+ unsigned char hashbuf[32];
+ mbedtls_sha256((const unsigned char *)str.c_str(), str.size(), hashbuf, 0);
+ memcpy(key, hashbuf, sizeof(key));
haveKey = true;
}
+void Cryptor::generateRandom(void *output, size_t size) {
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context random;
+
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&random);
+ mbedtls_ctr_drbg_seed(&random, mbedtls_entropy_func, &entropy, NULL, 0);
+ mbedtls_ctr_drbg_random(&random, (unsigned char *)output, size);
+ mbedtls_ctr_drbg_free(&random);
+ mbedtls_entropy_free(&entropy);
+}
+
std::string Cryptor::readPassword(bool confirm) {
std::string password;
@@ -4,6 +4,7 @@ #include <iostream>
#include <string>
#include <fstream>
+#include <vector>
#ifdef WIN32
#include <windows.h>
@@ -12,17 +13,17 @@ #include <unistd.h>
#endif // WIN32
-#include "cryptopp562/osrng.h"
-#include "cryptopp562/cryptlib.h"
-#include "cryptopp562/hex.h"
-#include "cryptopp562/filters.h"
-#include "cryptopp562/aes.h"
-#include "cryptopp562/ccm.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/sha256.h"
#include "Socket.h"
#define DEF_PASSWD_LENGTH 50
+#define AES_BLOCK_LENGTH 16
+
#define KEYCHAIN_FILE ".compasskeychain"
#define PASSWORD_PROMPT "ComPASS Password: "
#define PASSWORD_CONF "Confirm Password: "
@@ -49,9 +50,10 @@ public: private:
static bool haveKey;
- static unsigned char key[CryptoPP::AES::DEFAULT_KEYLENGTH];
+ static unsigned char key[AES_BLOCK_LENGTH];
static void sha256(std::string str);
+ static void generateRandom(void *output, size_t size);
static std::string readPassword(bool confirm);
static std::string readPassword();
static void assembleKey(bool confirm);
diff --git a/cryptopp562/3way.cpp b/cryptopp562/3way.cpp deleted file mode 100644 index 725b682..0000000 --- a/cryptopp562/3way.cpp +++ /dev/null @@ -1,139 +0,0 @@ -// 3way.cpp - modifed by Wei Dai from Joan Daemen's 3way.c -// The original code and all modifications are in the public domain. - -#include "pch.h" -#include "3way.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void ThreeWay_TestInstantiations() -{ - ThreeWay::Encryption x1; - ThreeWay::Decryption x2; -} - -static const word32 START_E = 0x0b0b; // round constant of first encryption round -static const word32 START_D = 0xb1b1; // round constant of first decryption round -static const word32 RC_MODULUS = 0x11011; - -static inline word32 reverseBits(word32 a) -{ - a = ((a & 0xAAAAAAAA) >> 1) | ((a & 0x55555555) << 1); - a = ((a & 0xCCCCCCCC) >> 2) | ((a & 0x33333333) << 2); - return ((a & 0xF0F0F0F0) >> 4) | ((a & 0x0F0F0F0F) << 4); -} - -#define mu(a0, a1, a2) \ -{ \ - a1 = reverseBits(a1); \ - word32 t = reverseBits(a0); \ - a0 = reverseBits(a2); \ - a2 = t; \ -} - -#define pi_gamma_pi(a0, a1, a2) \ -{ \ - word32 b0, b2; \ - b2 = rotlFixed(a2, 1U); \ - b0 = rotlFixed(a0, 22U); \ - a0 = rotlFixed(b0 ^ (a1|(~b2)), 1U); \ - a2 = rotlFixed(b2 ^ (b0|(~a1)), 22U);\ - a1 ^= (b2|(~b0)); \ -} - -// thanks to Paulo Barreto for this optimized theta() -#define theta(a0, a1, a2) \ -{ \ - word32 b0, b1, c; \ - c = a0 ^ a1 ^ a2; \ - c = rotlFixed(c, 16U) ^ rotlFixed(c, 8U); \ - b0 = (a0 << 24) ^ (a2 >> 8) ^ (a1 << 8) ^ (a0 >> 24); \ - b1 = (a1 << 24) ^ (a0 >> 8) ^ (a2 << 8) ^ (a1 >> 24); \ - a0 ^= c ^ b0; \ - a1 ^= c ^ b1; \ - a2 ^= c ^ (b0 >> 16) ^ (b1 << 16); \ -} - -#define rho(a0, a1, a2) \ -{ \ - theta(a0, a1, a2); \ - pi_gamma_pi(a0, a1, a2); \ -} - -void ThreeWay::Base::UncheckedSetKey(const byte *uk, unsigned int length, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(length); - - m_rounds = GetRoundsAndThrowIfInvalid(params, this); - - for (unsigned int i=0; i<3; i++) - m_k[i] = (word32)uk[4*i+3] | ((word32)uk[4*i+2]<<8) | ((word32)uk[4*i+1]<<16) | ((word32)uk[4*i]<<24); - - if (!IsForwardTransformation()) - { - theta(m_k[0], m_k[1], m_k[2]); - mu(m_k[0], m_k[1], m_k[2]); - m_k[0] = ByteReverse(m_k[0]); - m_k[1] = ByteReverse(m_k[1]); - m_k[2] = ByteReverse(m_k[2]); - } -} - -void ThreeWay::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - typedef BlockGetAndPut<word32, BigEndian> Block; - - word32 a0, a1, a2; - Block::Get(inBlock)(a0)(a1)(a2); - - word32 rc = START_E; - - for(unsigned i=0; i<m_rounds; i++) - { - a0 ^= m_k[0] ^ (rc<<16); - a1 ^= m_k[1]; - a2 ^= m_k[2] ^ rc; - rho(a0, a1, a2); - - rc <<= 1; - if (rc&0x10000) rc ^= 0x11011; - } - a0 ^= m_k[0] ^ (rc<<16); - a1 ^= m_k[1]; - a2 ^= m_k[2] ^ rc; - theta(a0, a1, a2); - - Block::Put(xorBlock, outBlock)(a0)(a1)(a2); -} - -void ThreeWay::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - typedef BlockGetAndPut<word32, LittleEndian> Block; - - word32 a0, a1, a2; - Block::Get(inBlock)(a0)(a1)(a2); - - word32 rc = START_D; - - mu(a0, a1, a2); - for(unsigned i=0; i<m_rounds; i++) - { - a0 ^= m_k[0] ^ (rc<<16); - a1 ^= m_k[1]; - a2 ^= m_k[2] ^ rc; - rho(a0, a1, a2); - - rc <<= 1; - if (rc&0x10000) rc ^= 0x11011; - } - a0 ^= m_k[0] ^ (rc<<16); - a1 ^= m_k[1]; - a2 ^= m_k[2] ^ rc; - theta(a0, a1, a2); - mu(a0, a1, a2); - - Block::Put(xorBlock, outBlock)(a0)(a1)(a2); -} - -NAMESPACE_END diff --git a/cryptopp562/3way.h b/cryptopp562/3way.h deleted file mode 100644 index 33a619e..0000000 --- a/cryptopp562/3way.h +++ /dev/null @@ -1,53 +0,0 @@ -#ifndef CRYPTOPP_THREEWAY_H -#define CRYPTOPP_THREEWAY_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct ThreeWay_Info : public FixedBlockSize<12>, public FixedKeyLength<12>, public VariableRounds<11> -{ - static const char *StaticAlgorithmName() {return "3-Way";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#3-Way">3-Way</a> -class ThreeWay : public ThreeWay_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<ThreeWay_Info> - { - public: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - - protected: - unsigned int m_rounds; - FixedSizeSecBlock<word32, 3> m_k; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef ThreeWay::Encryption ThreeWayEncryption; -typedef ThreeWay::Decryption ThreeWayDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/License.txt b/cryptopp562/License.txt deleted file mode 100644 index c5d3f34..0000000 --- a/cryptopp562/License.txt +++ /dev/null @@ -1,51 +0,0 @@ -Compilation Copyright (c) 1995-2013 by Wei Dai. All rights reserved. -This copyright applies only to this software distribution package -as a compilation, and does not imply a copyright on any particular -file in the package. - -All individual files in this compilation are placed in the public domain by -Wei Dai and other contributors. - -I would like to thank the following authors for placing their works into -the public domain: - -Joan Daemen - 3way.cpp -Leonard Janke - cast.cpp, seal.cpp -Steve Reid - cast.cpp -Phil Karn - des.cpp -Andrew M. Kuchling - md2.cpp, md4.cpp -Colin Plumb - md5.cpp -Seal Woods - rc6.cpp -Chris Morgan - rijndael.cpp -Paulo Baretto - rijndael.cpp, skipjack.cpp, square.cpp -Richard De Moliner - safer.cpp -Matthew Skala - twofish.cpp -Kevin Springle - camellia.cpp, shacal2.cpp, ttmac.cpp, whrlpool.cpp, ripemd.cpp -Ronny Van Keer - sha3.cpp - -The Crypto++ Library (as a compilation) is currently licensed under the Boost -Software License 1.0 (http://www.boost.org/users/license.html). - -Boost Software License - Version 1.0 - August 17th, 2003 - -Permission is hereby granted, free of charge, to any person or organization -obtaining a copy of the software and accompanying documentation covered by -this license (the "Software") to use, reproduce, display, distribute, -execute, and transmit the Software, and to prepare derivative works of the -Software, and to permit third-parties to whom the Software is furnished to -do so, all subject to the following: - -The copyright notices in the Software and this entire statement, including -the above license grant, this restriction and the following disclaimer, -must be included in all copies of the Software, in whole or in part, and -all derivative works of the Software, unless such copies or derivative -works are solely in the form of machine-executable object code generated by -a source language processor. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT -SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE -FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -DEALINGS IN THE SOFTWARE.
\ No newline at end of file diff --git a/cryptopp562/Readme.txt b/cryptopp562/Readme.txt deleted file mode 100644 index 5f3b452..0000000 --- a/cryptopp562/Readme.txt +++ /dev/null @@ -1,452 +0,0 @@ -Crypto++: a C++ Class Library of Cryptographic Schemes -Version 5.6.2 - 2/20/2013 - -Crypto++ Library is a free C++ class library of cryptographic schemes. -Currently the library contains the following algorithms: - - algorithm type name - - authenticated encryption schemes GCM, CCM, EAX - - high speed stream ciphers Panama, Sosemanuk, Salsa20, XSalsa20 - - AES and AES candidates AES (Rijndael), RC6, MARS, Twofish, Serpent, - CAST-256 - - IDEA, Triple-DES (DES-EDE2 and DES-EDE3), - other block ciphers Camellia, SEED, RC5, Blowfish, TEA, XTEA, - Skipjack, SHACAL-2 - - block cipher modes of operation ECB, CBC, CBC ciphertext stealing (CTS), - CFB, OFB, counter mode (CTR) - - message authentication codes VMAC, HMAC, GMAC, CMAC, CBC-MAC, DMAC, - Two-Track-MAC - - SHA-1, SHA-2 (SHA-224, SHA-256, SHA-384, and - hash functions SHA-512), SHA-3, Tiger, WHIRLPOOL, RIPEMD-128, - RIPEMD-256, RIPEMD-160, RIPEMD-320 - - RSA, DSA, ElGamal, Nyberg-Rueppel (NR), - public-key cryptography Rabin-Williams (RW), LUC, LUCELG, - DLIES (variants of DHAES), ESIGN - - padding schemes for public-key PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363 - systems EMSA2 and EMSA5 - - Diffie-Hellman (DH), Unified Diffie-Hellman - key agreement schemes (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, - XTR-DH - - elliptic curve cryptography ECDSA, ECNR, ECIES, ECDH, ECMQV - - insecure or obsolescent MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL -algorithms retained for backwards 3.0, WAKE-OFB, DESX (DES-XEX3), RC2, - compatibility and historical SAFER, 3-WAY, GOST, SHARK, CAST-128, Square - value - -Other features include: - - * pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool - * password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5, - PBKDF from PKCS #12 appendix B - * Shamir's secret sharing scheme and Rabin's information dispersal algorithm - (IDA) - * fast multi-precision integer (bignum) and polynomial operations - * finite field arithmetics, including GF(p) and GF(2^n) - * prime number generation and verification - * useful non-cryptographic algorithms - + DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and - zlib (RFC 1950) format support - + hex, base-32, and base-64 coding/decoding - + 32-bit CRC and Adler32 checksum - * class wrappers for these operating system features (optional): - + high resolution timers on Windows, Unix, and Mac OS - + Berkeley and Windows style sockets - + Windows named pipes - + /dev/random, /dev/urandom, /dev/srandom - + Microsoft's CryptGenRandom on Windows - * A high level interface for most of the above, using a filter/pipeline - metaphor - * benchmarks and validation testing - * x86, x86-64 (x64), MMX, and SSE2 assembly code for the most commonly used - algorithms, with run-time CPU feature detection and code selection - * some versions are available in FIPS 140-2 validated form - -You are welcome to use it for any purpose without paying me, but see -License.txt for the fine print. - -The following compilers are supported for this release. Please visit -http://www.cryptopp.com the most up to date build instructions and porting notes. - - * MSVC 6.0 - 2010 - * GCC 3.3 - 4.5 - * C++Builder 2010 - * Intel C++ Compiler 9 - 11.1 - * Sun Studio 12u1, Express 11/08, Express 06/10 - -*** Important Usage Notes *** - -1. If a constructor for A takes a pointer to an object B (except primitive -types such as int and char), then A owns B and will delete B at A's -destruction. If a constructor for A takes a reference to an object B, -then the caller retains ownership of B and should not destroy it until -A no longer needs it. - -2. Crypto++ is thread safe at the class level. This means you can use -Crypto++ safely in a multithreaded application, but you must provide -synchronization when multiple threads access a common Crypto++ object. - -*** MSVC-Specific Information *** - -On Windows, Crypto++ can be compiled into 3 forms: a static library -including all algorithms, a DLL with only FIPS Approved algorithms, and -a static library with only algorithms not in the DLL. -(FIPS Approved means Approved according to the FIPS 140-2 standard.) -The DLL may be used by itself, or it may be used together with the second -form of the static library. MSVC project files are included to build -all three forms, and sample applications using each of the three forms -are also included. - -To compile Crypto++ with MSVC, open the "cryptest.dsw" (for MSVC 6 and MSVC .NET -2003) or "cryptest.sln" (for MSVC 2005 - 2010) workspace file and build one or -more of the following projects: - -cryptopp - This builds the DLL. Please note that if you wish to use Crypto++ - as a FIPS validated module, you must use a pre-built DLL that has undergone - the FIPS validation process instead of building your own. -dlltest - This builds a sample application that only uses the DLL. -cryptest Non-DLL-Import Configuration - This builds the full static library - along with a full test driver. -cryptest DLL-Import Configuration - This builds a static library containing - only algorithms not in the DLL, along with a full test driver that uses - both the DLL and the static library. - -To use the Crypto++ DLL in your application, #include "dll.h" before including -any other Crypto++ header files, and place the DLL in the same directory as -your .exe file. dll.h includes the line #pragma comment(lib, "cryptopp") -so you don't have to explicitly list the import library in your project -settings. To use a static library form of Crypto++, make the "cryptlib" -project a dependency of your application project, or specify it as -an additional library to link with in your project settings. -In either case you should check the compiler options to -make sure that the library and your application are using the same C++ -run-time libraries and calling conventions. - -*** DLL Memory Management *** - -Because it's possible for the Crypto++ DLL to delete objects allocated -by the calling application, they must use the same C++ memory heap. Three -methods are provided to achieve this. -1. The calling application can tell Crypto++ what heap to use. This method - is required when the calling application uses a non-standard heap. -2. Crypto++ can tell the calling application what heap to use. This method - is required when the calling application uses a statically linked C++ Run - Time Library. (Method 1 does not work in this case because the Crypto++ DLL - is initialized before the calling application's heap is initialized.) -3. Crypto++ can automatically use the heap provided by the calling application's - dynamically linked C++ Run Time Library. The calling application must - make sure that the dynamically linked C++ Run Time Library is initialized - before Crypto++ is loaded. (At this time it is not clear if it is possible - to control the order in which DLLs are initialized on Windows 9x machines, - so it might be best to avoid using this method.) - -When Crypto++ attaches to a new process, it searches all modules loaded -into the process space for exported functions "GetNewAndDeleteForCryptoPP" -and "SetNewAndDeleteFromCryptoPP". If one of these functions is found, -Crypto++ uses methods 1 or 2, respectively, by calling the function. -Otherwise, method 3 is used. - -*** GCC-Specific Information *** - -A makefile is included for you to compile Crypto++ with GCC. Make sure -you are using GNU Make and GNU ld. The make process will produce two files, -libcryptopp.a and cryptest.exe. Run "cryptest.exe v" for the validation -suite. - -*** Documentation and Support *** - -Crypto++ is documented through inline comments in header files, which are -processed through Doxygen to produce an HTML reference manual. You can find -a link to the manual from http://www.cryptopp.com. Also at that site is -the Crypto++ FAQ, which you should browse through before attempting to -use this library, because it will likely answer many of questions that -may come up. - -If you run into any problems, please try the Crypto++ mailing list. -The subscription information and the list archive are available on -http://www.cryptopp.com. You can also email me directly by visiting -http://www.weidai.com, but you will probably get a faster response through -the mailing list. - -*** History *** - -1.0 - First public release. Withdrawn at the request of RSA DSI. - - included Blowfish, BBS, DES, DH, Diamond, DSA, ElGamal, IDEA, - MD5, RC4, RC5, RSA, SHA, WAKE, secret sharing, DEFLATE compression - - had a serious bug in the RSA key generation code. - -1.1 - Removed RSA, RC4, RC5 - - Disabled calls to RSAREF's non-public functions - - Minor bugs fixed - -2.0 - a completely new, faster multiprecision integer class - - added MD5-MAC, HAVAL, 3-WAY, TEA, SAFER, LUC, Rabin, BlumGoldwasser, - elliptic curve algorithms - - added the Lucas strong probable primality test - - ElGamal encryption and signature schemes modified to avoid weaknesses - - Diamond changed to Diamond2 because of key schedule weakness - - fixed bug in WAKE key setup - - SHS class renamed to SHA - - lots of miscellaneous optimizations - -2.1 - added Tiger, HMAC, GOST, RIPE-MD160, LUCELG, LUCDIF, XOR-MAC, - OAEP, PSSR, SHARK - - added precomputation to DH, ElGamal, DSA, and elliptic curve algorithms - - added back RC5 and a new RSA - - optimizations in elliptic curves over GF(p) - - changed Rabin to use OAEP and PSSR - - changed many classes to allow copy constructors to work correctly - - improved exception generation and handling - -2.2 - added SEAL, CAST-128, Square - - fixed bug in HAVAL (padding problem) - - fixed bug in triple-DES (decryption order was reversed) - - fixed bug in RC5 (couldn't handle key length not a multiple of 4) - - changed HMAC to conform to RFC-2104 (which is not compatible - with the original HMAC) - - changed secret sharing and information dispersal to use GF(2^32) - instead of GF(65521) - - removed zero knowledge prover/verifier for graph isomorphism - - removed several utility classes in favor of the C++ standard library - -2.3 - ported to EGCS - - fixed incomplete workaround of min/max conflict in MSVC - -3.0 - placed all names into the "CryptoPP" namespace - - added MD2, RC2, RC6, MARS, RW, DH2, MQV, ECDHC, CBC-CTS - - added abstract base classes PK_SimpleKeyAgreementDomain and - PK_AuthenticatedKeyAgreementDomain - - changed DH and LUCDIF to implement the PK_SimpleKeyAgreementDomain - interface and to perform domain parameter and key validation - - changed interfaces of PK_Signer and PK_Verifier to sign and verify - messages instead of message digests - - changed OAEP to conform to PKCS#1 v2.0 - - changed benchmark code to produce HTML tables as output - - changed PSSR to track IEEE P1363a - - renamed ElGamalSignature to NR and changed it to track IEEE P1363 - - renamed ECKEP to ECMQVC and changed it to track IEEE P1363 - - renamed several other classes for clarity - - removed support for calling RSAREF - - removed option to compile old SHA (SHA-0) - - removed option not to throw exceptions - -3.1 - added ARC4, Rijndael, Twofish, Serpent, CBC-MAC, DMAC - - added interface for querying supported key lengths of symmetric ciphers - and MACs - - added sample code for RSA signature and verification - - changed CBC-CTS to be compatible with RFC 2040 - - updated SEAL to version 3.0 of the cipher specification - - optimized multiprecision squaring and elliptic curves over GF(p) - - fixed bug in MARS key setup - - fixed bug with attaching objects to Deflator - -3.2 - added DES-XEX3, ECDSA, DefaultEncryptorWithMAC - - renamed DES-EDE to DES-EDE2 and TripleDES to DES-EDE3 - - optimized ARC4 - - generalized DSA to allow keys longer than 1024 bits - - fixed bugs in GF2N and ModularArithmetic that can cause calculation errors - - fixed crashing bug in Inflator when given invalid inputs - - fixed endian bug in Serpent - - fixed padding bug in Tiger - -4.0 - added Skipjack, CAST-256, Panama, SHA-2 (SHA-256, SHA-384, and SHA-512), - and XTR-DH - - added a faster variant of Rabin's Information Dispersal Algorithm (IDA) - - added class wrappers for these operating system features: - - high resolution timers on Windows, Unix, and MacOS - - Berkeley and Windows style sockets - - Windows named pipes - - /dev/random and /dev/urandom on Linux and FreeBSD - - Microsoft's CryptGenRandom on Windows - - added support for SEC 1 elliptic curve key format and compressed points - - added support for X.509 public key format (subjectPublicKeyInfo) for - RSA, DSA, and elliptic curve schemes - - added support for DER and OpenPGP signature format for DSA - - added support for ZLIB compressed data format (RFC 1950) - - changed elliptic curve encryption to use ECIES (as defined in SEC 1) - - changed MARS key schedule to reflect the latest specification - - changed BufferedTransformation interface to support multiple channels - and messages - - changed CAST and SHA-1 implementations to use public domain source code - - fixed bug in StringSource - - optmized multi-precision integer code for better performance - -4.1 - added more support for the recommended elliptic curve parameters in SEC 2 - - added Panama MAC, MARC4 - - added IV stealing feature to CTS mode - - added support for PKCS #8 private key format for RSA, DSA, and elliptic - curve schemes - - changed Deflate, MD5, Rijndael, and Twofish to use public domain code - - fixed a bug with flushing compressed streams - - fixed a bug with decompressing stored blocks - - fixed a bug with EC point decompression using non-trinomial basis - - fixed a bug in NetworkSource::GeneralPump() - - fixed a performance issue with EC over GF(p) decryption - - fixed syntax to allow GCC to compile without -fpermissive - - relaxed some restrictions in the license - -4.2 - added support for longer HMAC keys - - added MD4 (which is not secure so use for compatibility purposes only) - - added compatibility fixes/workarounds for STLport 4.5, GCC 3.0.2, - and MSVC 7.0 - - changed MD2 to use public domain code - - fixed a bug with decompressing multiple messages with the same object - - fixed a bug in CBC-MAC with MACing multiple messages with the same object - - fixed a bug in RC5 and RC6 with zero-length keys - - fixed a bug in Adler32 where incorrect checksum may be generated - -5.0 - added ESIGN, DLIES, WAKE-OFB, PBKDF1 and PBKDF2 from PKCS #5 - - added key validation for encryption and signature public/private keys - - renamed StreamCipher interface to SymmetricCipher, which is now implemented - by both stream ciphers and block cipher modes including ECB and CBC - - added keying interfaces to support resetting of keys and IVs without - having to destroy and recreate objects - - changed filter interface to support non-blocking input/output - - changed SocketSource and SocketSink to use overlapped I/O on Microsoft Windows - - grouped related classes inside structs to help templates, for example - AESEncryption and AESDecryption are now AES::Encryption and AES::Decryption - - where possible, typedefs have been added to improve backwards - compatibility when the CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY macro is defined - - changed Serpent, HAVAL and IDEA to use public domain code - - implemented SSE2 optimizations for Integer operations - - fixed a bug in HMAC::TruncatedFinal() - - fixed SKIPJACK byte ordering following NIST clarification dated 5/9/02 - -5.01 - added known answer test for X9.17 RNG in FIPS 140 power-up self test - - submitted to NIST/CSE, but not publicly released - -5.02 - changed EDC test to MAC integrity check using HMAC/SHA1 - - improved performance of integrity check - - added blinding to defend against RSA timing attack - -5.03 - created DLL version of Crypto++ for FIPS 140-2 validation - - fixed vulnerabilities in GetNextIV for CTR and OFB modes - -5.0.4 - Removed DES, SHA-256, SHA-384, SHA-512 from DLL - -5.1 - added PSS padding and changed PSSR to track IEEE P1363a draft standard - - added blinding for RSA and Rabin to defend against timing attacks - on decryption operations - - changed signing and decryption APIs to support the above - - changed WaitObjectContainer to allow waiting for more than 64 - objects at a time on Win32 platforms - - fixed a bug in CBC and ECB modes with processing non-aligned data - - fixed standard conformance bugs in DLIES (DHAES mode) and RW/EMSA2 - signature scheme (these fixes are not backwards compatible) - - fixed a number of compiler warnings, minor bugs, and portability problems - - removed Sapphire - -5.2 - merged in changes for 5.01 - 5.0.4 - - added support for using encoding parameters and key derivation parameters - with public key encryption (implemented by OAEP and DL/ECIES) - - added Camellia, SHACAL-2, Two-Track-MAC, Whirlpool, RIPEMD-320, - RIPEMD-128, RIPEMD-256, Base-32 coding, FIPS variant of CFB mode - - added ThreadUserTimer for timing thread CPU usage - - added option for password-based key derivation functions - to iterate until a mimimum elapsed thread CPU time is reached - - added option (on by default) for DEFLATE compression to detect - uncompressible files and process them more quickly - - improved compatibility and performance on 64-bit platforms, - including Alpha, IA-64, x86-64, PPC64, Sparc64, and MIPS64 - - fixed ONE_AND_ZEROS_PADDING to use 0x80 instead 0x01 as padding. - - fixed encoding/decoding of PKCS #8 privateKeyInfo to properly - handle optional attributes - -5.2.1 - fixed bug in the "dlltest" DLL testing program - - fixed compiling with STLport using VC .NET - - fixed compiling with -fPIC using GCC - - fixed compiling with -msse2 on systems without memalign() - - fixed inability to instantiate PanamaMAC - - fixed problems with inline documentation - -5.2.2 - added SHA-224 - - put SHA-256, SHA-384, SHA-512, RSASSA-PSS into DLL - -5.2.3 - fixed issues with FIPS algorithm test vectors - - put RSASSA-ISO into DLL - -5.3 - ported to MSVC 2005 with support for x86-64 - - added defense against AES timing attacks, and more AES test vectors - - changed StaticAlgorithmName() of Rijndael to "AES", CTR to "CTR" - -5.4 - added Salsa20 - - updated Whirlpool to version 3.0 - - ported to GCC 4.1, Sun C++ 5.8, and Borland C++Builder 2006 - -5.5 - added VMAC and Sosemanuk (with x86-64 and SSE2 assembly) - - improved speed of integer arithmetic, AES, SHA-512, Tiger, Salsa20, - Whirlpool, and PANAMA cipher using assembly (x86-64, MMX, SSE2) - - optimized Camellia and added defense against timing attacks - - updated benchmarks code to show cycles per byte and to time key/IV setup - - started using OpenMP for increased multi-core speed - - enabled GCC optimization flags by default in GNUmakefile - - added blinding and computational error checking for RW signing - - changed RandomPool, X917RNG, GetNextIV, DSA/NR/ECDSA/ECNR to reduce - the risk of reusing random numbers and IVs after virtual machine state - rollback - - changed default FIPS mode RNG from AutoSeededX917RNG<DES_EDE3> to - AutoSeededX917RNG<AES> - - fixed PANAMA cipher interface to accept 256-bit key and 256-bit IV - - moved MD2, MD4, MD5, PanamaHash, ARC4, WAKE_CFB into the namespace "Weak" - - removed HAVAL, MD5-MAC, XMAC - -5.5.1 - fixed VMAC validation failure on 32-bit big-endian machines - -5.5.2 - ported x64 assembly language code for AES, Salsa20, Sosemanuk, and Panama - to MSVC 2005 (using MASM since MSVC doesn't support inline assembly on x64) - - fixed Salsa20 initialization crash on non-SSE2 machines - - fixed Whirlpool crash on Pentium 2 machines - - fixed possible branch prediction analysis (BPA) vulnerability in - MontgomeryReduce(), which may affect security of RSA, RW, LUC - - fixed link error with MSVC 2003 when using "debug DLL" form of runtime library - - fixed crash in SSE2_Add on P4 machines when compiled with - MSVC 6.0 SP5 with Processor Pack - - ported to MSVC 2008, GCC 4.2, Sun CC 5.9, Intel C++ Compiler 10.0, - and Borland C++Builder 2007 - -5.6.0 - added AuthenticatedSymmetricCipher interface class and Filter wrappers - - added CCM, GCM (with SSE2 assembly), EAX, CMAC, XSalsa20, and SEED - - added support for variable length IVs - - added OIDs for Brainpool elliptic curve parameters - - improved AES and SHA-256 speed on x86 and x64 - - changed BlockTransformation interface to no longer assume data alignment - - fixed incorrect VMAC computation on message lengths - that are >64 mod 128 (x86 assembly version is not affected) - - fixed compiler error in vmac.cpp on x86 with GCC -fPIC - - fixed run-time validation error on x86-64 with GCC 4.3.2 -O2 - - fixed HashFilter bug when putMessage=true - - fixed AES-CTR data alignment bug that causes incorrect encryption on ARM - - removed WORD64_AVAILABLE; compiler support for 64-bit int is now required - - ported to GCC 4.3, C++Builder 2009, Sun CC 5.10, Intel C++ Compiler 11 - -5.6.1 - added support for AES-NI and CLMUL instruction sets in AES and GMAC/GCM - - removed WAKE-CFB - - fixed several bugs in the SHA-256 x86/x64 assembly code: - * incorrect hash on non-SSE2 x86 machines on non-aligned input - * incorrect hash on x86 machines when input crosses 0x80000000 - * incorrect hash on x64 when compiled with GCC with optimizations enabled - - fixed bugs in AES x86 and x64 assembly causing crashes in some MSVC build configurations - - switched to a public domain implementation of MARS - - ported to MSVC 2010, GCC 4.5.1, Sun Studio 12u1, C++Builder 2010, Intel C++ Compiler 11.1 - - renamed the MSVC DLL project to "cryptopp" for compatibility with MSVC 2010 - -5.6.2 - changed license to Boost Software License 1.0 - - added SHA-3 (Keccak) - - updated DSA to FIPS 186-3 (see DSA2 class) - - fixed Blowfish minimum keylength to be 4 bytes (32 bits) - - fixed Salsa validation failure when compiling with GCC 4.6 - - fixed infinite recursion when on x64, assembly disabled, and no AESNI - - ported to MSVC 2012, GCC 4.7, Clang 3.2, Solaris Studio 12.3, Intel C++ Compiler 13.0 - -Written by Wei Dai diff --git a/cryptopp562/adler32.cpp b/cryptopp562/adler32.cpp deleted file mode 100644 index 0d52c08..0000000 --- a/cryptopp562/adler32.cpp +++ /dev/null @@ -1,77 +0,0 @@ -// adler32.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "adler32.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Adler32::Update(const byte *input, size_t length) -{ - const unsigned long BASE = 65521; - - unsigned long s1 = m_s1; - unsigned long s2 = m_s2; - - if (length % 8 != 0) - { - do - { - s1 += *input++; - s2 += s1; - length--; - } while (length % 8 != 0); - - if (s1 >= BASE) - s1 -= BASE; - s2 %= BASE; - } - - while (length > 0) - { - s1 += input[0]; s2 += s1; - s1 += input[1]; s2 += s1; - s1 += input[2]; s2 += s1; - s1 += input[3]; s2 += s1; - s1 += input[4]; s2 += s1; - s1 += input[5]; s2 += s1; - s1 += input[6]; s2 += s1; - s1 += input[7]; s2 += s1; - - length -= 8; - input += 8; - - if (s1 >= BASE) - s1 -= BASE; - if (length % 0x8000 == 0) - s2 %= BASE; - } - - assert(s1 < BASE); - assert(s2 < BASE); - - m_s1 = (word16)s1; - m_s2 = (word16)s2; -} - -void Adler32::TruncatedFinal(byte *hash, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - switch (size) - { - default: - hash[3] = byte(m_s1); - case 3: - hash[2] = byte(m_s1 >> 8); - case 2: - hash[1] = byte(m_s2); - case 1: - hash[0] = byte(m_s2 >> 8); - case 0: - ; - } - - Reset(); -} - -NAMESPACE_END diff --git a/cryptopp562/adler32.h b/cryptopp562/adler32.h deleted file mode 100644 index 0ed803d..0000000 --- a/cryptopp562/adler32.h +++ /dev/null @@ -1,28 +0,0 @@ -#ifndef CRYPTOPP_ADLER32_H -#define CRYPTOPP_ADLER32_H - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! ADLER-32 checksum calculations -class Adler32 : public HashTransformation -{ -public: - CRYPTOPP_CONSTANT(DIGESTSIZE = 4) - Adler32() {Reset();} - void Update(const byte *input, size_t length); - void TruncatedFinal(byte *hash, size_t size); - unsigned int DigestSize() const {return DIGESTSIZE;} - static const char * StaticAlgorithmName() {return "Adler32";} - std::string AlgorithmName() const {return StaticAlgorithmName();} - -private: - void Reset() {m_s1 = 1; m_s2 = 0;} - - word16 m_s1, m_s2; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/aes.h b/cryptopp562/aes.h deleted file mode 100644 index 0087542..0000000 --- a/cryptopp562/aes.h +++ /dev/null @@ -1,16 +0,0 @@ -#ifndef CRYPTOPP_AES_H -#define CRYPTOPP_AES_H - -#include "rijndael.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! <a href="http://www.cryptolounge.org/wiki/AES">AES</a> winner, announced on 10/2/2000 -DOCUMENTED_TYPEDEF(Rijndael, AES); - -typedef RijndaelEncryption AESEncryption; -typedef RijndaelDecryption AESDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/algebra.cpp b/cryptopp562/algebra.cpp deleted file mode 100644 index 958e637..0000000 --- a/cryptopp562/algebra.cpp +++ /dev/null @@ -1,340 +0,0 @@ -// algebra.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_ALGEBRA_CPP // SunCC workaround: compiler could cause this file to be included twice -#define CRYPTOPP_ALGEBRA_CPP - -#include "algebra.h" -#include "integer.h" - -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -template <class T> const T& AbstractGroup<T>::Double(const Element &a) const -{ - return this->Add(a, a); -} - -template <class T> const T& AbstractGroup<T>::Subtract(const Element &a, const Element &b) const -{ - // make copy of a in case Inverse() overwrites it - Element a1(a); - return this->Add(a1, Inverse(b)); -} - -template <class T> T& AbstractGroup<T>::Accumulate(Element &a, const Element &b) const -{ - return a = this->Add(a, b); -} - -template <class T> T& AbstractGroup<T>::Reduce(Element &a, const Element &b) const -{ - return a = this->Subtract(a, b); -} - -template <class T> const T& AbstractRing<T>::Square(const Element &a) const -{ - return this->Multiply(a, a); -} - -template <class T> const T& AbstractRing<T>::Divide(const Element &a, const Element &b) const -{ - // make copy of a in case MultiplicativeInverse() overwrites it - Element a1(a); - return this->Multiply(a1, this->MultiplicativeInverse(b)); -} - -template <class T> const T& AbstractEuclideanDomain<T>::Mod(const Element &a, const Element &b) const -{ - Element q; - this->DivisionAlgorithm(result, q, a, b); - return result; -} - -template <class T> const T& AbstractEuclideanDomain<T>::Gcd(const Element &a, const Element &b) const -{ - Element g[3]={b, a}; - unsigned int i0=0, i1=1, i2=2; - - while (!this->Equal(g[i1], this->Identity())) - { - g[i2] = this->Mod(g[i0], g[i1]); - unsigned int t = i0; i0 = i1; i1 = i2; i2 = t; - } - - return result = g[i0]; -} - -template <class T> const typename QuotientRing<T>::Element& QuotientRing<T>::MultiplicativeInverse(const Element &a) const -{ - Element g[3]={m_modulus, a}; - Element v[3]={m_domain.Identity(), m_domain.MultiplicativeIdentity()}; - Element y; - unsigned int i0=0, i1=1, i2=2; - - while (!this->Equal(g[i1], this->Identity())) - { - // y = g[i0] / g[i1]; - // g[i2] = g[i0] % g[i1]; - m_domain.DivisionAlgorithm(g[i2], y, g[i0], g[i1]); - // v[i2] = v[i0] - (v[i1] * y); - v[i2] = m_domain.Subtract(v[i0], m_domain.Multiply(v[i1], y)); - unsigned int t = i0; i0 = i1; i1 = i2; i2 = t; - } - - return m_domain.IsUnit(g[i0]) ? m_domain.Divide(v[i0], g[i0]) : m_domain.Identity(); -} - -template <class T> T AbstractGroup<T>::ScalarMultiply(const Element &base, const Integer &exponent) const -{ - Element result; - this->SimultaneousMultiply(&result, base, &exponent, 1); - return result; -} - -template <class T> T AbstractGroup<T>::CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const -{ - const unsigned expLen = STDMAX(e1.BitCount(), e2.BitCount()); - if (expLen==0) - return this->Identity(); - - const unsigned w = (expLen <= 46 ? 1 : (expLen <= 260 ? 2 : 3)); - const unsigned tableSize = 1<<w; - std::vector<Element> powerTable(tableSize << w); - - powerTable[1] = x; - powerTable[tableSize] = y; - if (w==1) - powerTable[3] = this->Add(x,y); - else - { - powerTable[2] = this->Double(x); - powerTable[2*tableSize] = this->Double(y); - - unsigned i, j; - - for (i=3; i<tableSize; i+=2) - powerTable[i] = Add(powerTable[i-2], powerTable[2]); - for (i=1; i<tableSize; i+=2) - for (j=i+tableSize; j<(tableSize<<w); j+=tableSize) - powerTable[j] = Add(powerTable[j-tableSize], y); - - for (i=3*tableSize; i<(tableSize<<w); i+=2*tableSize) - powerTable[i] = Add(powerTable[i-2*tableSize], powerTable[2*tableSize]); - for (i=tableSize; i<(tableSize<<w); i+=2*tableSize) - for (j=i+2; j<i+tableSize; j+=2) - powerTable[j] = Add(powerTable[j-1], x); - } - - Element result; - unsigned power1 = 0, power2 = 0, prevPosition = expLen-1; - bool firstTime = true; - - for (int i = expLen-1; i>=0; i--) - { - power1 = 2*power1 + e1.GetBit(i); - power2 = 2*power2 + e2.GetBit(i); - - if (i==0 || 2*power1 >= tableSize || 2*power2 >= tableSize) - { - unsigned squaresBefore = prevPosition-i; - unsigned squaresAfter = 0; - prevPosition = i; - while ((power1 || power2) && power1%2 == 0 && power2%2==0) - { - power1 /= 2; - power2 /= 2; - squaresBefore--; - squaresAfter++; - } - if (firstTime) - { - result = powerTable[(power2<<w) + power1]; - firstTime = false; - } - else - { - while (squaresBefore--) - result = this->Double(result); - if (power1 || power2) - Accumulate(result, powerTable[(power2<<w) + power1]); - } - while (squaresAfter--) - result = this->Double(result); - power1 = power2 = 0; - } - } - return result; -} - -template <class Element, class Iterator> Element GeneralCascadeMultiplication(const AbstractGroup<Element> &group, Iterator begin, Iterator end) -{ - if (end-begin == 1) - return group.ScalarMultiply(begin->base, begin->exponent); - else if (end-begin == 2) - return group.CascadeScalarMultiply(begin->base, begin->exponent, (begin+1)->base, (begin+1)->exponent); - else - { - Integer q, t; - Iterator last = end; - --last; - - std::make_heap(begin, end); - std::pop_heap(begin, end); - - while (!!begin->exponent) - { - // last->exponent is largest exponent, begin->exponent is next largest - t = last->exponent; - Integer::Divide(last->exponent, q, t, begin->exponent); - - if (q == Integer::One()) - group.Accumulate(begin->base, last->base); // avoid overhead of ScalarMultiply() - else - group.Accumulate(begin->base, group.ScalarMultiply(last->base, q)); - - std::push_heap(begin, end); - std::pop_heap(begin, end); - } - - return group.ScalarMultiply(last->base, last->exponent); - } -} - -struct WindowSlider -{ - WindowSlider(const Integer &expIn, bool fastNegate, unsigned int windowSizeIn=0) - : exp(expIn), windowModulus(Integer::One()), windowSize(windowSizeIn), windowBegin(0), fastNegate(fastNegate), firstTime(true), finished(false) - { - if (windowSize == 0) - { - unsigned int expLen = exp.BitCount(); - windowSize = expLen <= 17 ? 1 : (expLen <= 24 ? 2 : (expLen <= 70 ? 3 : (expLen <= 197 ? 4 : (expLen <= 539 ? 5 : (expLen <= 1434 ? 6 : 7))))); - } - windowModulus <<= windowSize; - } - - void FindNextWindow() - { - unsigned int expLen = exp.WordCount() * WORD_BITS; - unsigned int skipCount = firstTime ? 0 : windowSize; - firstTime = false; - while (!exp.GetBit(skipCount)) - { - if (skipCount >= expLen) - { - finished = true; - return; - } - skipCount++; - } - - exp >>= skipCount; - windowBegin += skipCount; - expWindow = word32(exp % (word(1) << windowSize)); - - if (fastNegate && exp.GetBit(windowSize)) - { - negateNext = true; - expWindow = (word32(1) << windowSize) - expWindow; - exp += windowModulus; - } - else - negateNext = false; - } - - Integer exp, windowModulus; - unsigned int windowSize, windowBegin; - word32 expWindow; - bool fastNegate, negateNext, firstTime, finished; -}; - -template <class T> -void AbstractGroup<T>::SimultaneousMultiply(T *results, const T &base, const Integer *expBegin, unsigned int expCount) const -{ - std::vector<std::vector<Element> > buckets(expCount); - std::vector<WindowSlider> exponents; - exponents.reserve(expCount); - unsigned int i; - - for (i=0; i<expCount; i++) - { - assert(expBegin->NotNegative()); - exponents.push_back(WindowSlider(*expBegin++, InversionIsFast(), 0)); - exponents[i].FindNextWindow(); - buckets[i].resize(1<<(exponents[i].windowSize-1), Identity()); - } - - unsigned int expBitPosition = 0; - Element g = base; - bool notDone = true; - - while (notDone) - { - notDone = false; - for (i=0; i<expCount; i++) - { - if (!exponents[i].finished && expBitPosition == exponents[i].windowBegin) - { - Element &bucket = buckets[i][exponents[i].expWindow/2]; - if (exponents[i].negateNext) - Accumulate(bucket, Inverse(g)); - else - Accumulate(bucket, g); - exponents[i].FindNextWindow(); - } - notDone = notDone || !exponents[i].finished; - } - - if (notDone) - { - g = Double(g); - expBitPosition++; - } - } - - for (i=0; i<expCount; i++) - { - Element &r = *results++; - r = buckets[i][buckets[i].size()-1]; - if (buckets[i].size() > 1) - { - for (int j = (int)buckets[i].size()-2; j >= 1; j--) - { - Accumulate(buckets[i][j], buckets[i][j+1]); - Accumulate(r, buckets[i][j]); - } - Accumulate(buckets[i][0], buckets[i][1]); - r = Add(Double(r), buckets[i][0]); - } - } -} - -template <class T> T AbstractRing<T>::Exponentiate(const Element &base, const Integer &exponent) const -{ - Element result; - SimultaneousExponentiate(&result, base, &exponent, 1); - return result; -} - -template <class T> T AbstractRing<T>::CascadeExponentiate(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const -{ - return MultiplicativeGroup().AbstractGroup<T>::CascadeScalarMultiply(x, e1, y, e2); -} - -template <class Element, class Iterator> Element GeneralCascadeExponentiation(const AbstractRing<Element> &ring, Iterator begin, Iterator end) -{ - return GeneralCascadeMultiplication<Element>(ring.MultiplicativeGroup(), begin, end); -} - -template <class T> -void AbstractRing<T>::SimultaneousExponentiate(T *results, const T &base, const Integer *exponents, unsigned int expCount) const -{ - MultiplicativeGroup().AbstractGroup<T>::SimultaneousMultiply(results, base, exponents, expCount); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/algebra.h b/cryptopp562/algebra.h deleted file mode 100644 index 13038bd..0000000 --- a/cryptopp562/algebra.h +++ /dev/null @@ -1,285 +0,0 @@ -#ifndef CRYPTOPP_ALGEBRA_H -#define CRYPTOPP_ALGEBRA_H - -#include "config.h" - -NAMESPACE_BEGIN(CryptoPP) - -class Integer; - -// "const Element&" returned by member functions are references -// to internal data members. Since each object may have only -// one such data member for holding results, the following code -// will produce incorrect results: -// abcd = group.Add(group.Add(a,b), group.Add(c,d)); -// But this should be fine: -// abcd = group.Add(a, group.Add(b, group.Add(c,d)); - -//! Abstract Group -template <class T> class CRYPTOPP_NO_VTABLE AbstractGroup -{ -public: - typedef T Element; - - virtual ~AbstractGroup() {} - - virtual bool Equal(const Element &a, const Element &b) const =0; - virtual const Element& Identity() const =0; - virtual const Element& Add(const Element &a, const Element &b) const =0; - virtual const Element& Inverse(const Element &a) const =0; - virtual bool InversionIsFast() const {return false;} - - virtual const Element& Double(const Element &a) const; - virtual const Element& Subtract(const Element &a, const Element &b) const; - virtual Element& Accumulate(Element &a, const Element &b) const; - virtual Element& Reduce(Element &a, const Element &b) const; - - virtual Element ScalarMultiply(const Element &a, const Integer &e) const; - virtual Element CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const; - - virtual void SimultaneousMultiply(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; -}; - -//! Abstract Ring -template <class T> class CRYPTOPP_NO_VTABLE AbstractRing : public AbstractGroup<T> -{ -public: - typedef T Element; - - AbstractRing() {m_mg.m_pRing = this;} - AbstractRing(const AbstractRing &source) {m_mg.m_pRing = this;} - AbstractRing& operator=(const AbstractRing &source) {return *this;} - - virtual bool IsUnit(const Element &a) const =0; - virtual const Element& MultiplicativeIdentity() const =0; - virtual const Element& Multiply(const Element &a, const Element &b) const =0; - virtual const Element& MultiplicativeInverse(const Element &a) const =0; - - virtual const Element& Square(const Element &a) const; - virtual const Element& Divide(const Element &a, const Element &b) const; - - virtual Element Exponentiate(const Element &a, const Integer &e) const; - virtual Element CascadeExponentiate(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const; - - virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; - - virtual const AbstractGroup<T>& MultiplicativeGroup() const - {return m_mg;} - -private: - class MultiplicativeGroupT : public AbstractGroup<T> - { - public: - const AbstractRing<T>& GetRing() const - {return *m_pRing;} - - bool Equal(const Element &a, const Element &b) const - {return GetRing().Equal(a, b);} - - const Element& Identity() const - {return GetRing().MultiplicativeIdentity();} - - const Element& Add(const Element &a, const Element &b) const - {return GetRing().Multiply(a, b);} - - Element& Accumulate(Element &a, const Element &b) const - {return a = GetRing().Multiply(a, b);} - - const Element& Inverse(const Element &a) const - {return GetRing().MultiplicativeInverse(a);} - - const Element& Subtract(const Element &a, const Element &b) const - {return GetRing().Divide(a, b);} - - Element& Reduce(Element &a, const Element &b) const - {return a = GetRing().Divide(a, b);} - - const Element& Double(const Element &a) const - {return GetRing().Square(a);} - - Element ScalarMultiply(const Element &a, const Integer &e) const - {return GetRing().Exponentiate(a, e);} - - Element CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const - {return GetRing().CascadeExponentiate(x, e1, y, e2);} - - void SimultaneousMultiply(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const - {GetRing().SimultaneousExponentiate(results, base, exponents, exponentsCount);} - - const AbstractRing<T> *m_pRing; - }; - - MultiplicativeGroupT m_mg; -}; - -// ******************************************************** - -//! Base and Exponent -template <class T, class E = Integer> -struct BaseAndExponent -{ -public: - BaseAndExponent() {} - BaseAndExponent(const T &base, const E &exponent) : base(base), exponent(exponent) {} - bool operator<(const BaseAndExponent<T, E> &rhs) const {return exponent < rhs.exponent;} - T base; - E exponent; -}; - -// VC60 workaround: incomplete member template support -template <class Element, class Iterator> - Element GeneralCascadeMultiplication(const AbstractGroup<Element> &group, Iterator begin, Iterator end); -template <class Element, class Iterator> - Element GeneralCascadeExponentiation(const AbstractRing<Element> &ring, Iterator begin, Iterator end); - -// ******************************************************** - -//! Abstract Euclidean Domain -template <class T> class CRYPTOPP_NO_VTABLE AbstractEuclideanDomain : public AbstractRing<T> -{ -public: - typedef T Element; - - virtual void DivisionAlgorithm(Element &r, Element &q, const Element &a, const Element &d) const =0; - - virtual const Element& Mod(const Element &a, const Element &b) const =0; - virtual const Element& Gcd(const Element &a, const Element &b) const; - -protected: - mutable Element result; -}; - -// ******************************************************** - -//! EuclideanDomainOf -template <class T> class EuclideanDomainOf : public AbstractEuclideanDomain<T> -{ -public: - typedef T Element; - - EuclideanDomainOf() {} - - bool Equal(const Element &a, const Element &b) const - {return a==b;} - - const Element& Identity() const - {return Element::Zero();} - - const Element& Add(const Element &a, const Element &b) const - {return result = a+b;} - - Element& Accumulate(Element &a, const Element &b) const - {return a+=b;} - - const Element& Inverse(const Element &a) const - {return result = -a;} - - const Element& Subtract(const Element &a, const Element &b) const - {return result = a-b;} - - Element& Reduce(Element &a, const Element &b) const - {return a-=b;} - - const Element& Double(const Element &a) const - {return result = a.Doubled();} - - const Element& MultiplicativeIdentity() const - {return Element::One();} - - const Element& Multiply(const Element &a, const Element &b) const - {return result = a*b;} - - const Element& Square(const Element &a) const - {return result = a.Squared();} - - bool IsUnit(const Element &a) const - {return a.IsUnit();} - - const Element& MultiplicativeInverse(const Element &a) const - {return result = a.MultiplicativeInverse();} - - const Element& Divide(const Element &a, const Element &b) const - {return result = a/b;} - - const Element& Mod(const Element &a, const Element &b) const - {return result = a%b;} - - void DivisionAlgorithm(Element &r, Element &q, const Element &a, const Element &d) const - {Element::Divide(r, q, a, d);} - - bool operator==(const EuclideanDomainOf<T> &rhs) const - {return true;} - -private: - mutable Element result; -}; - -//! Quotient Ring -template <class T> class QuotientRing : public AbstractRing<typename T::Element> -{ -public: - typedef T EuclideanDomain; - typedef typename T::Element Element; - - QuotientRing(const EuclideanDomain &domain, const Element &modulus) - : m_domain(domain), m_modulus(modulus) {} - - const EuclideanDomain & GetDomain() const - {return m_domain;} - - const Element& GetModulus() const - {return m_modulus;} - - bool Equal(const Element &a, const Element &b) const - {return m_domain.Equal(m_domain.Mod(m_domain.Subtract(a, b), m_modulus), m_domain.Identity());} - - const Element& Identity() const - {return m_domain.Identity();} - - const Element& Add(const Element &a, const Element &b) const - {return m_domain.Add(a, b);} - - Element& Accumulate(Element &a, const Element &b) const - {return m_domain.Accumulate(a, b);} - - const Element& Inverse(const Element &a) const - {return m_domain.Inverse(a);} - - const Element& Subtract(const Element &a, const Element &b) const - {return m_domain.Subtract(a, b);} - - Element& Reduce(Element &a, const Element &b) const - {return m_domain.Reduce(a, b);} - - const Element& Double(const Element &a) const - {return m_domain.Double(a);} - - bool IsUnit(const Element &a) const - {return m_domain.IsUnit(m_domain.Gcd(a, m_modulus));} - - const Element& MultiplicativeIdentity() const - {return m_domain.MultiplicativeIdentity();} - - const Element& Multiply(const Element &a, const Element &b) const - {return m_domain.Mod(m_domain.Multiply(a, b), m_modulus);} - - const Element& Square(const Element &a) const - {return m_domain.Mod(m_domain.Square(a), m_modulus);} - - const Element& MultiplicativeInverse(const Element &a) const; - - bool operator==(const QuotientRing<T> &rhs) const - {return m_domain == rhs.m_domain && m_modulus == rhs.m_modulus;} - -protected: - EuclideanDomain m_domain; - Element m_modulus; -}; - -NAMESPACE_END - -#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES -#include "algebra.cpp" -#endif - -#endif diff --git a/cryptopp562/algparam.cpp b/cryptopp562/algparam.cpp deleted file mode 100644 index a70d5dd..0000000 --- a/cryptopp562/algparam.cpp +++ /dev/null @@ -1,75 +0,0 @@ -// algparam.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "algparam.h" - -NAMESPACE_BEGIN(CryptoPP) - -PAssignIntToInteger g_pAssignIntToInteger = NULL; - -bool CombinedNameValuePairs::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - if (strcmp(name, "ValueNames") == 0) - return m_pairs1.GetVoidValue(name, valueType, pValue) && m_pairs2.GetVoidValue(name, valueType, pValue); - else - return m_pairs1.GetVoidValue(name, valueType, pValue) || m_pairs2.GetVoidValue(name, valueType, pValue); -} - -void AlgorithmParametersBase::operator=(const AlgorithmParametersBase& rhs) -{ - assert(false); -} - -bool AlgorithmParametersBase::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - if (strcmp(name, "ValueNames") == 0) - { - NameValuePairs::ThrowIfTypeMismatch(name, typeid(std::string), valueType); - if (m_next.get()) - m_next->GetVoidValue(name, valueType, pValue); - (*reinterpret_cast<std::string *>(pValue) += m_name) += ";"; - return true; - } - else if (strcmp(name, m_name) == 0) - { - AssignValue(name, valueType, pValue); - m_used = true; - return true; - } - else if (m_next.get()) - return m_next->GetVoidValue(name, valueType, pValue); - else - return false; -} - -AlgorithmParameters::AlgorithmParameters() - : m_defaultThrowIfNotUsed(true) -{ -} - -AlgorithmParameters::AlgorithmParameters(const AlgorithmParameters &x) - : m_defaultThrowIfNotUsed(x.m_defaultThrowIfNotUsed) -{ - m_next.reset(const_cast<AlgorithmParameters &>(x).m_next.release()); -} - -AlgorithmParameters & AlgorithmParameters::operator=(const AlgorithmParameters &x) -{ - m_next.reset(const_cast<AlgorithmParameters &>(x).m_next.release()); - return *this; -} - -bool AlgorithmParameters::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - if (m_next.get()) - return m_next->GetVoidValue(name, valueType, pValue); - else - return false; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/algparam.h b/cryptopp562/algparam.h deleted file mode 100644 index ea5129c..0000000 --- a/cryptopp562/algparam.h +++ /dev/null @@ -1,398 +0,0 @@ -#ifndef CRYPTOPP_ALGPARAM_H -#define CRYPTOPP_ALGPARAM_H - -#include "cryptlib.h" -#include "smartptr.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! used to pass byte array input as part of a NameValuePairs object -/*! the deepCopy option is used when the NameValuePairs object can't - keep a copy of the data available */ -class ConstByteArrayParameter -{ -public: - ConstByteArrayParameter(const char *data = NULL, bool deepCopy = false) - { - Assign((const byte *)data, data ? strlen(data) : 0, deepCopy); - } - ConstByteArrayParameter(const byte *data, size_t size, bool deepCopy = false) - { - Assign(data, size, deepCopy); - } - template <class T> ConstByteArrayParameter(const T &string, bool deepCopy = false) - { - CRYPTOPP_COMPILE_ASSERT(sizeof(CPP_TYPENAME T::value_type) == 1); - Assign((const byte *)string.data(), string.size(), deepCopy); - } - - void Assign(const byte *data, size_t size, bool deepCopy) - { - if (deepCopy) - m_block.Assign(data, size); - else - { - m_data = data; - m_size = size; - } - m_deepCopy = deepCopy; - } - - const byte *begin() const {return m_deepCopy ? m_block.begin() : m_data;} - const byte *end() const {return m_deepCopy ? m_block.end() : m_data + m_size;} - size_t size() const {return m_deepCopy ? m_block.size() : m_size;} - -private: - bool m_deepCopy; - const byte *m_data; - size_t m_size; - SecByteBlock m_block; -}; - -class ByteArrayParameter -{ -public: - ByteArrayParameter(byte *data = NULL, unsigned int size = 0) - : m_data(data), m_size(size) {} - ByteArrayParameter(SecByteBlock &block) - : m_data(block.begin()), m_size(block.size()) {} - - byte *begin() const {return m_data;} - byte *end() const {return m_data + m_size;} - size_t size() const {return m_size;} - -private: - byte *m_data; - size_t m_size; -}; - -class CRYPTOPP_DLL CombinedNameValuePairs : public NameValuePairs -{ -public: - CombinedNameValuePairs(const NameValuePairs &pairs1, const NameValuePairs &pairs2) - : m_pairs1(pairs1), m_pairs2(pairs2) {} - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - -private: - const NameValuePairs &m_pairs1, &m_pairs2; -}; - -template <class T, class BASE> -class GetValueHelperClass -{ -public: - GetValueHelperClass(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst) - : m_pObject(pObject), m_name(name), m_valueType(&valueType), m_pValue(pValue), m_found(false), m_getValueNames(false) - { - if (strcmp(m_name, "ValueNames") == 0) - { - m_found = m_getValueNames = true; - NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(std::string), *m_valueType); - if (searchFirst) - searchFirst->GetVoidValue(m_name, valueType, pValue); - if (typeid(T) != typeid(BASE)) - pObject->BASE::GetVoidValue(m_name, valueType, pValue); - ((*reinterpret_cast<std::string *>(m_pValue) += "ThisPointer:") += typeid(T).name()) += ';'; - } - - if (!m_found && strncmp(m_name, "ThisPointer:", 12) == 0 && strcmp(m_name+12, typeid(T).name()) == 0) - { - NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(T *), *m_valueType); - *reinterpret_cast<const T **>(pValue) = pObject; - m_found = true; - return; - } - - if (!m_found && searchFirst) - m_found = searchFirst->GetVoidValue(m_name, valueType, pValue); - - if (!m_found && typeid(T) != typeid(BASE)) - m_found = pObject->BASE::GetVoidValue(m_name, valueType, pValue); - } - - operator bool() const {return m_found;} - - template <class R> - GetValueHelperClass<T,BASE> & operator()(const char *name, const R & (T::*pm)() const) - { - if (m_getValueNames) - (*reinterpret_cast<std::string *>(m_pValue) += name) += ";"; - if (!m_found && strcmp(name, m_name) == 0) - { - NameValuePairs::ThrowIfTypeMismatch(name, typeid(R), *m_valueType); - *reinterpret_cast<R *>(m_pValue) = (m_pObject->*pm)(); - m_found = true; - } - return *this; - } - - GetValueHelperClass<T,BASE> &Assignable() - { -#ifndef __INTEL_COMPILER // ICL 9.1 workaround: Intel compiler copies the vTable pointer for some reason - if (m_getValueNames) - ((*reinterpret_cast<std::string *>(m_pValue) += "ThisObject:") += typeid(T).name()) += ';'; - if (!m_found && strncmp(m_name, "ThisObject:", 11) == 0 && strcmp(m_name+11, typeid(T).name()) == 0) - { - NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(T), *m_valueType); - *reinterpret_cast<T *>(m_pValue) = *m_pObject; - m_found = true; - } -#endif - return *this; - } - -private: - const T *m_pObject; - const char *m_name; - const std::type_info *m_valueType; - void *m_pValue; - bool m_found, m_getValueNames; -}; - -template <class BASE, class T> -GetValueHelperClass<T, BASE> GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst=NULL, BASE *dummy=NULL) -{ - return GetValueHelperClass<T, BASE>(pObject, name, valueType, pValue, searchFirst); -} - -template <class T> -GetValueHelperClass<T, T> GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst=NULL) -{ - return GetValueHelperClass<T, T>(pObject, name, valueType, pValue, searchFirst); -} - -// ******************************************************** - -template <class R> -R Hack_DefaultValueFromConstReferenceType(const R &) -{ - return R(); -} - -template <class R> -bool Hack_GetValueIntoConstReference(const NameValuePairs &source, const char *name, const R &value) -{ - return source.GetValue(name, const_cast<R &>(value)); -} - -template <class T, class BASE> -class AssignFromHelperClass -{ -public: - AssignFromHelperClass(T *pObject, const NameValuePairs &source) - : m_pObject(pObject), m_source(source), m_done(false) - { - if (source.GetThisObject(*pObject)) - m_done = true; - else if (typeid(BASE) != typeid(T)) - pObject->BASE::AssignFrom(source); - } - - template <class R> - AssignFromHelperClass & operator()(const char *name, void (T::*pm)(R)) // VC60 workaround: "const R &" here causes compiler error - { - if (!m_done) - { - R value = Hack_DefaultValueFromConstReferenceType(reinterpret_cast<R>(*(int *)NULL)); - if (!Hack_GetValueIntoConstReference(m_source, name, value)) - throw InvalidArgument(std::string(typeid(T).name()) + ": Missing required parameter '" + name + "'"); - (m_pObject->*pm)(value); - } - return *this; - } - - template <class R, class S> - AssignFromHelperClass & operator()(const char *name1, const char *name2, void (T::*pm)(R, S)) // VC60 workaround: "const R &" here causes compiler error - { - if (!m_done) - { - R value1 = Hack_DefaultValueFromConstReferenceType(reinterpret_cast<R>(*(int *)NULL)); - if (!Hack_GetValueIntoConstReference(m_source, name1, value1)) - throw InvalidArgument(std::string(typeid(T).name()) + ": Missing required parameter '" + name1 + "'"); - S value2 = Hack_DefaultValueFromConstReferenceType(reinterpret_cast<S>(*(int *)NULL)); - if (!Hack_GetValueIntoConstReference(m_source, name2, value2)) - throw InvalidArgument(std::string(typeid(T).name()) + ": Missing required parameter '" + name2 + "'"); - (m_pObject->*pm)(value1, value2); - } - return *this; - } - -private: - T *m_pObject; - const NameValuePairs &m_source; - bool m_done; -}; - -template <class BASE, class T> -AssignFromHelperClass<T, BASE> AssignFromHelper(T *pObject, const NameValuePairs &source, BASE *dummy=NULL) -{ - return AssignFromHelperClass<T, BASE>(pObject, source); -} - -template <class T> -AssignFromHelperClass<T, T> AssignFromHelper(T *pObject, const NameValuePairs &source) -{ - return AssignFromHelperClass<T, T>(pObject, source); -} - -// ******************************************************** - -// to allow the linker to discard Integer code if not needed. -typedef bool (CRYPTOPP_API * PAssignIntToInteger)(const std::type_info &valueType, void *pInteger, const void *pInt); -CRYPTOPP_DLL extern PAssignIntToInteger g_pAssignIntToInteger; - -CRYPTOPP_DLL const std::type_info & CRYPTOPP_API IntegerTypeId(); - -class CRYPTOPP_DLL AlgorithmParametersBase -{ -public: - class ParameterNotUsed : public Exception - { - public: - ParameterNotUsed(const char *name) : Exception(OTHER_ERROR, std::string("AlgorithmParametersBase: parameter \"") + name + "\" not used") {} - }; - - // this is actually a move, not a copy - AlgorithmParametersBase(const AlgorithmParametersBase &x) - : m_name(x.m_name), m_throwIfNotUsed(x.m_throwIfNotUsed), m_used(x.m_used) - { - m_next.reset(const_cast<AlgorithmParametersBase &>(x).m_next.release()); - x.m_used = true; - } - - AlgorithmParametersBase(const char *name, bool throwIfNotUsed) - : m_name(name), m_throwIfNotUsed(throwIfNotUsed), m_used(false) {} - - virtual ~AlgorithmParametersBase() - { -#ifdef CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE - if (!std::uncaught_exception()) -#else - try -#endif - { - if (m_throwIfNotUsed && !m_used) - throw ParameterNotUsed(m_name); - } -#ifndef CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE - catch(...) - { - } -#endif - } - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - -protected: - friend class AlgorithmParameters; - void operator=(const AlgorithmParametersBase& rhs); // assignment not allowed, declare this for VC60 - - virtual void AssignValue(const char *name, const std::type_info &valueType, void *pValue) const =0; - virtual void MoveInto(void *p) const =0; // not really const - - const char *m_name; - bool m_throwIfNotUsed; - mutable bool m_used; - member_ptr<AlgorithmParametersBase> m_next; -}; - -template <class T> -class AlgorithmParametersTemplate : public AlgorithmParametersBase -{ -public: - AlgorithmParametersTemplate(const char *name, const T &value, bool throwIfNotUsed) - : AlgorithmParametersBase(name, throwIfNotUsed), m_value(value) - { - } - - void AssignValue(const char *name, const std::type_info &valueType, void *pValue) const - { - // special case for retrieving an Integer parameter when an int was passed in - if (!(g_pAssignIntToInteger != NULL && typeid(T) == typeid(int) && g_pAssignIntToInteger(valueType, pValue, &m_value))) - { - NameValuePairs::ThrowIfTypeMismatch(name, typeid(T), valueType); - *reinterpret_cast<T *>(pValue) = m_value; - } - } - - void MoveInto(void *buffer) const - { - AlgorithmParametersTemplate<T>* p = new(buffer) AlgorithmParametersTemplate<T>(*this); - } - -protected: - T m_value; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS AlgorithmParametersTemplate<bool>; -CRYPTOPP_DLL_TEMPLATE_CLASS AlgorithmParametersTemplate<int>; -CRYPTOPP_DLL_TEMPLATE_CLASS AlgorithmParametersTemplate<ConstByteArrayParameter>; - -class CRYPTOPP_DLL AlgorithmParameters : public NameValuePairs -{ -public: - AlgorithmParameters(); - -#ifdef __BORLANDC__ - template <class T> - AlgorithmParameters(const char *name, const T &value, bool throwIfNotUsed=true) - : m_next(new AlgorithmParametersTemplate<T>(name, value, throwIfNotUsed)) - , m_defaultThrowIfNotUsed(throwIfNotUsed) - { - } -#endif - - AlgorithmParameters(const AlgorithmParameters &x); - - AlgorithmParameters & operator=(const AlgorithmParameters &x); - - template <class T> - AlgorithmParameters & operator()(const char *name, const T &value, bool throwIfNotUsed) - { - member_ptr<AlgorithmParametersBase> p(new AlgorithmParametersTemplate<T>(name, value, throwIfNotUsed)); - p->m_next.reset(m_next.release()); - m_next.reset(p.release()); - m_defaultThrowIfNotUsed = throwIfNotUsed; - return *this; - } - - template <class T> - AlgorithmParameters & operator()(const char *name, const T &value) - { - return operator()(name, value, m_defaultThrowIfNotUsed); - } - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - -protected: - member_ptr<AlgorithmParametersBase> m_next; - bool m_defaultThrowIfNotUsed; -}; - -//! Create an object that implements NameValuePairs for passing parameters -/*! \param throwIfNotUsed if true, the object will throw an exception if the value is not accessed - \note throwIfNotUsed is ignored if using a compiler that does not support std::uncaught_exception(), - such as MSVC 7.0 and earlier. - \note A NameValuePairs object containing an arbitrary number of name value pairs may be constructed by - repeatedly using operator() on the object returned by MakeParameters, for example: - AlgorithmParameters parameters = MakeParameters(name1, value1)(name2, value2)(name3, value3); -*/ -#ifdef __BORLANDC__ -typedef AlgorithmParameters MakeParameters; -#else -template <class T> -AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed = true) -{ - return AlgorithmParameters()(name, value, throwIfNotUsed); -} -#endif - -#define CRYPTOPP_GET_FUNCTION_ENTRY(name) (Name::name(), &ThisClass::Get##name) -#define CRYPTOPP_SET_FUNCTION_ENTRY(name) (Name::name(), &ThisClass::Set##name) -#define CRYPTOPP_SET_FUNCTION_ENTRY2(name1, name2) (Name::name1(), Name::name2(), &ThisClass::Set##name1##And##name2) - -NAMESPACE_END - -#endif diff --git a/cryptopp562/arc4.cpp b/cryptopp562/arc4.cpp deleted file mode 100644 index b5c2730..0000000 --- a/cryptopp562/arc4.cpp +++ /dev/null @@ -1,120 +0,0 @@ -// arc4.cpp - written and placed in the public domain by Wei Dai - -// The ARC4 algorithm was first revealed in an anonymous email to the -// cypherpunks mailing list. This file originally contained some -// code copied from this email. The code has since been rewritten in order -// to clarify the copyright status of this file. It should now be -// completely in the public domain. - -#include "pch.h" -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "arc4.h" - -NAMESPACE_BEGIN(CryptoPP) -namespace Weak1 { - -void ARC4_TestInstantiations() -{ - ARC4 x; -} - -ARC4_Base::~ARC4_Base() -{ - m_x = m_y = 0; -} - -void ARC4_Base::UncheckedSetKey(const byte *key, unsigned int keyLen, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(keyLen); - - m_x = 1; - m_y = 0; - - unsigned int i; - for (i=0; i<256; i++) - m_state[i] = i; - - unsigned int keyIndex = 0, stateIndex = 0; - for (i=0; i<256; i++) - { - unsigned int a = m_state[i]; - stateIndex += key[keyIndex] + a; - stateIndex &= 0xff; - m_state[i] = m_state[stateIndex]; - m_state[stateIndex] = a; - if (++keyIndex >= keyLen) - keyIndex = 0; - } - - int discardBytes = params.GetIntValueWithDefault("DiscardBytes", GetDefaultDiscardBytes()); - DiscardBytes(discardBytes); -} - -template <class T> -static inline unsigned int MakeByte(T &x, T &y, byte *s) -{ - unsigned int a = s[x]; - y = (y+a) & 0xff; - unsigned int b = s[y]; - s[x] = b; - s[y] = a; - x = (x+1) & 0xff; - return s[(a+b) & 0xff]; -} - -void ARC4_Base::GenerateBlock(byte *output, size_t size) -{ - while (size--) - *output++ = MakeByte(m_x, m_y, m_state); -} - -void ARC4_Base::ProcessData(byte *outString, const byte *inString, size_t length) -{ - if (length == 0) - return; - - byte *const s = m_state; - unsigned int x = m_x; - unsigned int y = m_y; - - if (inString == outString) - { - do - { - *outString++ ^= MakeByte(x, y, s); - } while (--length); - } - else - { - do - { - *outString++ = *inString++ ^ MakeByte(x, y, s); - } - while(--length); - } - - m_x = x; - m_y = y; -} - -void ARC4_Base::DiscardBytes(size_t length) -{ - if (length == 0) - return; - - byte *const s = m_state; - unsigned int x = m_x; - unsigned int y = m_y; - - do - { - MakeByte(x, y, s); - } - while(--length); - - m_x = x; - m_y = y; -} - -} -NAMESPACE_END diff --git a/cryptopp562/arc4.h b/cryptopp562/arc4.h deleted file mode 100644 index 9dcc92e..0000000 --- a/cryptopp562/arc4.h +++ /dev/null @@ -1,71 +0,0 @@ -#ifndef CRYPTOPP_ARC4_H -#define CRYPTOPP_ARC4_H - -#include "strciphr.h" - -NAMESPACE_BEGIN(CryptoPP) - -namespace Weak1 { - -//! _ -class CRYPTOPP_NO_VTABLE ARC4_Base : public VariableKeyLength<16, 1, 256>, public RandomNumberGenerator, public SymmetricCipher, public SymmetricCipherDocumentation -{ -public: - ~ARC4_Base(); - - static const char *StaticAlgorithmName() {return "ARC4";} - - void GenerateBlock(byte *output, size_t size); - void DiscardBytes(size_t n); - - void ProcessData(byte *outString, const byte *inString, size_t length); - - bool IsRandomAccess() const {return false;} - bool IsSelfInverting() const {return true;} - bool IsForwardTransformation() const {return true;} - - typedef SymmetricCipherFinal<ARC4_Base> Encryption; - typedef SymmetricCipherFinal<ARC4_Base> Decryption; - -protected: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - virtual unsigned int GetDefaultDiscardBytes() const {return 0;} - - FixedSizeSecBlock<byte, 256> m_state; - byte m_x, m_y; -}; - -//! <a href="http://www.weidai.com/scan-mirror/cs.html#RC4">Alleged RC4</a> -DOCUMENTED_TYPEDEF(SymmetricCipherFinal<ARC4_Base>, ARC4) - -//! _ -class CRYPTOPP_NO_VTABLE MARC4_Base : public ARC4_Base -{ -public: - static const char *StaticAlgorithmName() {return "MARC4";} - - typedef SymmetricCipherFinal<MARC4_Base> Encryption; - typedef SymmetricCipherFinal<MARC4_Base> Decryption; - -protected: - unsigned int GetDefaultDiscardBytes() const {return 256;} -}; - -//! Modified ARC4: it discards the first 256 bytes of keystream which may be weaker than the rest -DOCUMENTED_TYPEDEF(SymmetricCipherFinal<MARC4_Base>, MARC4) - -} -#if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1 -namespace Weak {using namespace Weak1;} // import Weak1 into CryptoPP::Weak -#else -using namespace Weak1; // import Weak1 into CryptoPP with warning -#ifdef __GNUC__ -#warning "You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning." -#else -#pragma message("You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning.") -#endif -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/argnames.h b/cryptopp562/argnames.h deleted file mode 100644 index e961725..0000000 --- a/cryptopp562/argnames.h +++ /dev/null @@ -1,81 +0,0 @@ -#ifndef CRYPTOPP_ARGNAMES_H -#define CRYPTOPP_ARGNAMES_H - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -DOCUMENTED_NAMESPACE_BEGIN(Name) - -#define CRYPTOPP_DEFINE_NAME_STRING(name) inline const char *name() {return #name;} - -CRYPTOPP_DEFINE_NAME_STRING(ValueNames) //!< string, a list of value names with a semicolon (';') after each name -CRYPTOPP_DEFINE_NAME_STRING(Version) //!< int -CRYPTOPP_DEFINE_NAME_STRING(Seed) //!< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(Key) //!< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(IV) //!< ConstByteArrayParameter, also accepts const byte * for backwards compatibility -CRYPTOPP_DEFINE_NAME_STRING(StolenIV) //!< byte * -CRYPTOPP_DEFINE_NAME_STRING(Rounds) //!< int -CRYPTOPP_DEFINE_NAME_STRING(FeedbackSize) //!< int -CRYPTOPP_DEFINE_NAME_STRING(WordSize) //!< int, in bytes -CRYPTOPP_DEFINE_NAME_STRING(BlockSize) //!< int, in bytes -CRYPTOPP_DEFINE_NAME_STRING(EffectiveKeyLength) //!< int, in bits -CRYPTOPP_DEFINE_NAME_STRING(KeySize) //!< int, in bits -CRYPTOPP_DEFINE_NAME_STRING(ModulusSize) //!< int, in bits -CRYPTOPP_DEFINE_NAME_STRING(SubgroupOrderSize) //!< int, in bits -CRYPTOPP_DEFINE_NAME_STRING(PrivateExponentSize)//!< int, in bits -CRYPTOPP_DEFINE_NAME_STRING(Modulus) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(PublicExponent) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(PrivateExponent) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(PublicElement) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(SubgroupOrder) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(Cofactor) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(SubgroupGenerator) //!< Integer, ECP::Point, or EC2N::Point -CRYPTOPP_DEFINE_NAME_STRING(Curve) //!< ECP or EC2N -CRYPTOPP_DEFINE_NAME_STRING(GroupOID) //!< OID -CRYPTOPP_DEFINE_NAME_STRING(PointerToPrimeSelector) //!< const PrimeSelector * -CRYPTOPP_DEFINE_NAME_STRING(Prime1) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(Prime2) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(ModPrime1PrivateExponent) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(ModPrime2PrivateExponent) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(MultiplicativeInverseOfPrime2ModPrime1) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(QuadraticResidueModPrime1) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(QuadraticResidueModPrime2) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(PutMessage) //!< bool -CRYPTOPP_DEFINE_NAME_STRING(TruncatedDigestSize) //!< int -CRYPTOPP_DEFINE_NAME_STRING(BlockPaddingScheme) //!< StreamTransformationFilter::BlockPaddingScheme -CRYPTOPP_DEFINE_NAME_STRING(HashVerificationFilterFlags) //!< word32 -CRYPTOPP_DEFINE_NAME_STRING(AuthenticatedDecryptionFilterFlags) //!< word32 -CRYPTOPP_DEFINE_NAME_STRING(SignatureVerificationFilterFlags) //!< word32 -CRYPTOPP_DEFINE_NAME_STRING(InputBuffer) //!< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(OutputBuffer) //!< ByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(InputFileName) //!< const char * -CRYPTOPP_DEFINE_NAME_STRING(InputFileNameWide) //!< const wchar_t * -CRYPTOPP_DEFINE_NAME_STRING(InputStreamPointer) //!< std::istream * -CRYPTOPP_DEFINE_NAME_STRING(InputBinaryMode) //!< bool -CRYPTOPP_DEFINE_NAME_STRING(OutputFileName) //!< const char * -CRYPTOPP_DEFINE_NAME_STRING(OutputFileNameWide) //!< const wchar_t * -CRYPTOPP_DEFINE_NAME_STRING(OutputStreamPointer) //!< std::ostream * -CRYPTOPP_DEFINE_NAME_STRING(OutputBinaryMode) //!< bool -CRYPTOPP_DEFINE_NAME_STRING(EncodingParameters) //!< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(KeyDerivationParameters) //!< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(Separator) //< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(Terminator) //< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(Uppercase) //< bool -CRYPTOPP_DEFINE_NAME_STRING(GroupSize) //< int -CRYPTOPP_DEFINE_NAME_STRING(Pad) //< bool -CRYPTOPP_DEFINE_NAME_STRING(PaddingByte) //< byte -CRYPTOPP_DEFINE_NAME_STRING(Log2Base) //< int -CRYPTOPP_DEFINE_NAME_STRING(EncodingLookupArray) //< const byte * -CRYPTOPP_DEFINE_NAME_STRING(DecodingLookupArray) //< const byte * -CRYPTOPP_DEFINE_NAME_STRING(InsertLineBreaks) //< bool -CRYPTOPP_DEFINE_NAME_STRING(MaxLineLength) //< int -CRYPTOPP_DEFINE_NAME_STRING(DigestSize) //!< int, in bytes -CRYPTOPP_DEFINE_NAME_STRING(L1KeyLength) //!< int, in bytes -CRYPTOPP_DEFINE_NAME_STRING(TableSize) //!< int, in bytes - -DOCUMENTED_NAMESPACE_END - -NAMESPACE_END - -#endif diff --git a/cryptopp562/asn.cpp b/cryptopp562/asn.cpp deleted file mode 100644 index 8ae1ad6..0000000 --- a/cryptopp562/asn.cpp +++ /dev/null @@ -1,597 +0,0 @@ -// asn.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "asn.h" - -#include <iomanip> -#include <time.h> - -NAMESPACE_BEGIN(CryptoPP) -USING_NAMESPACE(std) - -/// DER Length -size_t DERLengthEncode(BufferedTransformation &bt, lword length) -{ - size_t i=0; - if (length <= 0x7f) - { - bt.Put(byte(length)); - i++; - } - else - { - bt.Put(byte(BytePrecision(length) | 0x80)); - i++; - for (int j=BytePrecision(length); j; --j) - { - bt.Put(byte(length >> (j-1)*8)); - i++; - } - } - return i; -} - -bool BERLengthDecode(BufferedTransformation &bt, lword &length, bool &definiteLength) -{ - byte b; - - if (!bt.Get(b)) - return false; - - if (!(b & 0x80)) - { - definiteLength = true; - length = b; - } - else - { - unsigned int lengthBytes = b & 0x7f; - - if (lengthBytes == 0) - { - definiteLength = false; - return true; - } - - definiteLength = true; - length = 0; - while (lengthBytes--) - { - if (length >> (8*(sizeof(length)-1))) - BERDecodeError(); // length about to overflow - - if (!bt.Get(b)) - return false; - - length = (length << 8) | b; - } - } - return true; -} - -bool BERLengthDecode(BufferedTransformation &bt, size_t &length) -{ - lword lw; - bool definiteLength; - if (!BERLengthDecode(bt, lw, definiteLength)) - BERDecodeError(); - if (!SafeConvert(lw, length)) - BERDecodeError(); - return definiteLength; -} - -void DEREncodeNull(BufferedTransformation &out) -{ - out.Put(TAG_NULL); - out.Put(0); -} - -void BERDecodeNull(BufferedTransformation &in) -{ - byte b; - if (!in.Get(b) || b != TAG_NULL) - BERDecodeError(); - size_t length; - if (!BERLengthDecode(in, length) || length != 0) - BERDecodeError(); -} - -/// ASN Strings -size_t DEREncodeOctetString(BufferedTransformation &bt, const byte *str, size_t strLen) -{ - bt.Put(OCTET_STRING); - size_t lengthBytes = DERLengthEncode(bt, strLen); - bt.Put(str, strLen); - return 1+lengthBytes+strLen; -} - -size_t DEREncodeOctetString(BufferedTransformation &bt, const SecByteBlock &str) -{ - return DEREncodeOctetString(bt, str.begin(), str.size()); -} - -size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str) -{ - byte b; - if (!bt.Get(b) || b != OCTET_STRING) - BERDecodeError(); - - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); - - str.resize(bc); - if (bc != bt.Get(str, bc)) - BERDecodeError(); - return bc; -} - -size_t BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation &str) -{ - byte b; - if (!bt.Get(b) || b != OCTET_STRING) - BERDecodeError(); - - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); - - bt.TransferTo(str, bc); - return bc; -} - -size_t DEREncodeTextString(BufferedTransformation &bt, const std::string &str, byte asnTag) -{ - bt.Put(asnTag); - size_t lengthBytes = DERLengthEncode(bt, str.size()); - bt.Put((const byte *)str.data(), str.size()); - return 1+lengthBytes+str.size(); -} - -size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte asnTag) -{ - byte b; - if (!bt.Get(b) || b != asnTag) - BERDecodeError(); - - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); - - SecByteBlock temp(bc); - if (bc != bt.Get(temp, bc)) - BERDecodeError(); - str.assign((char *)temp.begin(), bc); - return bc; -} - -/// ASN BitString -size_t DEREncodeBitString(BufferedTransformation &bt, const byte *str, size_t strLen, unsigned int unusedBits) -{ - bt.Put(BIT_STRING); - size_t lengthBytes = DERLengthEncode(bt, strLen+1); - bt.Put((byte)unusedBits); - bt.Put(str, strLen); - return 2+lengthBytes+strLen; -} - -size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigned int &unusedBits) -{ - byte b; - if (!bt.Get(b) || b != BIT_STRING) - BERDecodeError(); - - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); - - byte unused; - if (!bt.Get(unused)) - BERDecodeError(); - unusedBits = unused; - str.resize(bc-1); - if ((bc-1) != bt.Get(str, bc-1)) - BERDecodeError(); - return bc-1; -} - -void DERReencode(BufferedTransformation &source, BufferedTransformation &dest) -{ - byte tag; - source.Peek(tag); - BERGeneralDecoder decoder(source, tag); - DERGeneralEncoder encoder(dest, tag); - if (decoder.IsDefiniteLength()) - decoder.TransferTo(encoder, decoder.RemainingLength()); - else - { - while (!decoder.EndReached()) - DERReencode(decoder, encoder); - } - decoder.MessageEnd(); - encoder.MessageEnd(); -} - -void OID::EncodeValue(BufferedTransformation &bt, word32 v) -{ - for (unsigned int i=RoundUpToMultipleOf(STDMAX(7U,BitPrecision(v)), 7U)-7; i != 0; i-=7) - bt.Put((byte)(0x80 | ((v >> i) & 0x7f))); - bt.Put((byte)(v & 0x7f)); -} - -size_t OID::DecodeValue(BufferedTransformation &bt, word32 &v) -{ - byte b; - size_t i=0; - v = 0; - while (true) - { - if (!bt.Get(b)) - BERDecodeError(); - i++; - if (v >> (8*sizeof(v)-7)) // v about to overflow - BERDecodeError(); - v <<= 7; - v += b & 0x7f; - if (!(b & 0x80)) - return i; - } -} - -void OID::DEREncode(BufferedTransformation &bt) const -{ - assert(m_values.size() >= 2); - ByteQueue temp; - temp.Put(byte(m_values[0] * 40 + m_values[1])); - for (size_t i=2; i<m_values.size(); i++) - EncodeValue(temp, m_values[i]); - bt.Put(OBJECT_IDENTIFIER); - DERLengthEncode(bt, temp.CurrentSize()); - temp.TransferTo(bt); -} - -void OID::BERDecode(BufferedTransformation &bt) -{ - byte b; - if (!bt.Get(b) || b != OBJECT_IDENTIFIER) - BERDecodeError(); - - size_t length; - if (!BERLengthDecode(bt, length) || length < 1) - BERDecodeError(); - - if (!bt.Get(b)) - BERDecodeError(); - - length--; - m_values.resize(2); - m_values[0] = b / 40; - m_values[1] = b % 40; - - while (length > 0) - { - word32 v; - size_t valueLen = DecodeValue(bt, v); - if (valueLen > length) - BERDecodeError(); - m_values.push_back(v); - length -= valueLen; - } -} - -void OID::BERDecodeAndCheck(BufferedTransformation &bt) const -{ - OID oid(bt); - if (*this != oid) - BERDecodeError(); -} - -inline BufferedTransformation & EncodedObjectFilter::CurrentTarget() -{ - if (m_flags & PUT_OBJECTS) - return *AttachedTransformation(); - else - return TheBitBucket(); -} - -void EncodedObjectFilter::Put(const byte *inString, size_t length) -{ - if (m_nCurrentObject == m_nObjects) - { - AttachedTransformation()->Put(inString, length); - return; - } - - LazyPutter lazyPutter(m_queue, inString, length); - - while (m_queue.AnyRetrievable()) - { - switch (m_state) - { - case IDENTIFIER: - if (!m_queue.Get(m_id)) - return; - m_queue.TransferTo(CurrentTarget(), 1); - m_state = LENGTH; // fall through - case LENGTH: - { - byte b; - if (m_level > 0 && m_id == 0 && m_queue.Peek(b) && b == 0) - { - m_queue.TransferTo(CurrentTarget(), 1); - m_level--; - m_state = IDENTIFIER; - break; - } - ByteQueue::Walker walker(m_queue); - bool definiteLength; - if (!BERLengthDecode(walker, m_lengthRemaining, definiteLength)) - return; - m_queue.TransferTo(CurrentTarget(), walker.GetCurrentPosition()); - if (!((m_id & CONSTRUCTED) || definiteLength)) - BERDecodeError(); - if (!definiteLength) - { - if (!(m_id & CONSTRUCTED)) - BERDecodeError(); - m_level++; - m_state = IDENTIFIER; - break; - } - m_state = BODY; // fall through - } - case BODY: - m_lengthRemaining -= m_queue.TransferTo(CurrentTarget(), m_lengthRemaining); - - if (m_lengthRemaining == 0) - m_state = IDENTIFIER; - } - - if (m_state == IDENTIFIER && m_level == 0) - { - // just finished processing a level 0 object - ++m_nCurrentObject; - - if (m_flags & PUT_MESSANGE_END_AFTER_EACH_OBJECT) - AttachedTransformation()->MessageEnd(); - - if (m_nCurrentObject == m_nObjects) - { - if (m_flags & PUT_MESSANGE_END_AFTER_ALL_OBJECTS) - AttachedTransformation()->MessageEnd(); - - if (m_flags & PUT_MESSANGE_SERIES_END_AFTER_ALL_OBJECTS) - AttachedTransformation()->MessageSeriesEnd(); - - m_queue.TransferAllTo(*AttachedTransformation()); - return; - } - } - } -} - -BERGeneralDecoder::BERGeneralDecoder(BufferedTransformation &inQueue, byte asnTag) - : m_inQueue(inQueue), m_finished(false) -{ - Init(asnTag); -} - -BERGeneralDecoder::BERGeneralDecoder(BERGeneralDecoder &inQueue, byte asnTag) - : m_inQueue(inQueue), m_finished(false) -{ - Init(asnTag); -} - -void BERGeneralDecoder::Init(byte asnTag) -{ - byte b; - if (!m_inQueue.Get(b) || b != asnTag) - BERDecodeError(); - - if (!BERLengthDecode(m_inQueue, m_length, m_definiteLength)) - BERDecodeError(); - - if (!m_definiteLength && !(asnTag & CONSTRUCTED)) - BERDecodeError(); // cannot be primitive and have indefinite length -} - -BERGeneralDecoder::~BERGeneralDecoder() -{ - try // avoid throwing in constructor - { - if (!m_finished) - MessageEnd(); - } - catch (...) - { - } -} - -bool BERGeneralDecoder::EndReached() const -{ - if (m_definiteLength) - return m_length == 0; - else - { // check end-of-content octets - word16 i; - return (m_inQueue.PeekWord16(i)==2 && i==0); - } -} - -byte BERGeneralDecoder::PeekByte() const -{ - byte b; - if (!Peek(b)) - BERDecodeError(); - return b; -} - -void BERGeneralDecoder::CheckByte(byte check) -{ - byte b; - if (!Get(b) || b != check) - BERDecodeError(); -} - -void BERGeneralDecoder::MessageEnd() -{ - m_finished = true; - if (m_definiteLength) - { - if (m_length != 0) - BERDecodeError(); - } - else - { // remove end-of-content octets - word16 i; - if (m_inQueue.GetWord16(i) != 2 || i != 0) - BERDecodeError(); - } -} - -size_t BERGeneralDecoder::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - if (m_definiteLength && transferBytes > m_length) - transferBytes = m_length; - size_t blockedBytes = m_inQueue.TransferTo2(target, transferBytes, channel, blocking); - ReduceLength(transferBytes); - return blockedBytes; -} - -size_t BERGeneralDecoder::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - if (m_definiteLength) - end = STDMIN(m_length, end); - return m_inQueue.CopyRangeTo2(target, begin, end, channel, blocking); -} - -lword BERGeneralDecoder::ReduceLength(lword delta) -{ - if (m_definiteLength) - { - if (m_length < delta) - BERDecodeError(); - m_length -= delta; - } - return delta; -} - -DERGeneralEncoder::DERGeneralEncoder(BufferedTransformation &outQueue, byte asnTag) - : m_outQueue(outQueue), m_finished(false), m_asnTag(asnTag) -{ -} - -DERGeneralEncoder::DERGeneralEncoder(DERGeneralEncoder &outQueue, byte asnTag) - : m_outQueue(outQueue), m_finished(false), m_asnTag(asnTag) -{ -} - -DERGeneralEncoder::~DERGeneralEncoder() -{ - try // avoid throwing in constructor - { - if (!m_finished) - MessageEnd(); - } - catch (...) - { - } -} - -void DERGeneralEncoder::MessageEnd() -{ - m_finished = true; - lword length = CurrentSize(); - m_outQueue.Put(m_asnTag); - DERLengthEncode(m_outQueue, length); - TransferTo(m_outQueue); -} - -// ************************************************************* - -void X509PublicKey::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder subjectPublicKeyInfo(bt); - BERSequenceDecoder algorithm(subjectPublicKeyInfo); - GetAlgorithmID().BERDecodeAndCheck(algorithm); - bool parametersPresent = algorithm.EndReached() ? false : BERDecodeAlgorithmParameters(algorithm); - algorithm.MessageEnd(); - - BERGeneralDecoder subjectPublicKey(subjectPublicKeyInfo, BIT_STRING); - subjectPublicKey.CheckByte(0); // unused bits - BERDecodePublicKey(subjectPublicKey, parametersPresent, (size_t)subjectPublicKey.RemainingLength()); - subjectPublicKey.MessageEnd(); - subjectPublicKeyInfo.MessageEnd(); -} - -void X509PublicKey::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder subjectPublicKeyInfo(bt); - - DERSequenceEncoder algorithm(subjectPublicKeyInfo); - GetAlgorithmID().DEREncode(algorithm); - DEREncodeAlgorithmParameters(algorithm); - algorithm.MessageEnd(); - - DERGeneralEncoder subjectPublicKey(subjectPublicKeyInfo, BIT_STRING); - subjectPublicKey.Put(0); // unused bits - DEREncodePublicKey(subjectPublicKey); - subjectPublicKey.MessageEnd(); - - subjectPublicKeyInfo.MessageEnd(); -} - -void PKCS8PrivateKey::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder privateKeyInfo(bt); - word32 version; - BERDecodeUnsigned<word32>(privateKeyInfo, version, INTEGER, 0, 0); // check version - - BERSequenceDecoder algorithm(privateKeyInfo); - GetAlgorithmID().BERDecodeAndCheck(algorithm); - bool parametersPresent = algorithm.EndReached() ? false : BERDecodeAlgorithmParameters(algorithm); - algorithm.MessageEnd(); - - BERGeneralDecoder octetString(privateKeyInfo, OCTET_STRING); - BERDecodePrivateKey(octetString, parametersPresent, (size_t)privateKeyInfo.RemainingLength()); - octetString.MessageEnd(); - - if (!privateKeyInfo.EndReached()) - BERDecodeOptionalAttributes(privateKeyInfo); - privateKeyInfo.MessageEnd(); -} - -void PKCS8PrivateKey::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder privateKeyInfo(bt); - DEREncodeUnsigned<word32>(privateKeyInfo, 0); // version - - DERSequenceEncoder algorithm(privateKeyInfo); - GetAlgorithmID().DEREncode(algorithm); - DEREncodeAlgorithmParameters(algorithm); - algorithm.MessageEnd(); - - DERGeneralEncoder octetString(privateKeyInfo, OCTET_STRING); - DEREncodePrivateKey(octetString); - octetString.MessageEnd(); - - DEREncodeOptionalAttributes(privateKeyInfo); - privateKeyInfo.MessageEnd(); -} - -void PKCS8PrivateKey::BERDecodeOptionalAttributes(BufferedTransformation &bt) -{ - DERReencode(bt, m_optionalAttributes); -} - -void PKCS8PrivateKey::DEREncodeOptionalAttributes(BufferedTransformation &bt) const -{ - m_optionalAttributes.CopyTo(bt); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/asn.h b/cryptopp562/asn.h deleted file mode 100644 index c35126b..0000000 --- a/cryptopp562/asn.h +++ /dev/null @@ -1,369 +0,0 @@ -#ifndef CRYPTOPP_ASN_H -#define CRYPTOPP_ASN_H - -#include "filters.h" -#include "queue.h" -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -// these tags and flags are not complete -enum ASNTag -{ - BOOLEAN = 0x01, - INTEGER = 0x02, - BIT_STRING = 0x03, - OCTET_STRING = 0x04, - TAG_NULL = 0x05, - OBJECT_IDENTIFIER = 0x06, - OBJECT_DESCRIPTOR = 0x07, - EXTERNAL = 0x08, - REAL = 0x09, - ENUMERATED = 0x0a, - UTF8_STRING = 0x0c, - SEQUENCE = 0x10, - SET = 0x11, - NUMERIC_STRING = 0x12, - PRINTABLE_STRING = 0x13, - T61_STRING = 0x14, - VIDEOTEXT_STRING = 0x15, - IA5_STRING = 0x16, - UTC_TIME = 0x17, - GENERALIZED_TIME = 0x18, - GRAPHIC_STRING = 0x19, - VISIBLE_STRING = 0x1a, - GENERAL_STRING = 0x1b -}; - -enum ASNIdFlag -{ - UNIVERSAL = 0x00, -// DATA = 0x01, -// HEADER = 0x02, - CONSTRUCTED = 0x20, - APPLICATION = 0x40, - CONTEXT_SPECIFIC = 0x80, - PRIVATE = 0xc0 -}; - -inline void BERDecodeError() {throw BERDecodeErr();} - -class CRYPTOPP_DLL UnknownOID : public BERDecodeErr -{ -public: - UnknownOID() : BERDecodeErr("BER decode error: unknown object identifier") {} - UnknownOID(const char *err) : BERDecodeErr(err) {} -}; - -// unsigned int DERLengthEncode(unsigned int length, byte *output=0); -CRYPTOPP_DLL size_t CRYPTOPP_API DERLengthEncode(BufferedTransformation &out, lword length); -// returns false if indefinite length -CRYPTOPP_DLL bool CRYPTOPP_API BERLengthDecode(BufferedTransformation &in, size_t &length); - -CRYPTOPP_DLL void CRYPTOPP_API DEREncodeNull(BufferedTransformation &out); -CRYPTOPP_DLL void CRYPTOPP_API BERDecodeNull(BufferedTransformation &in); - -CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeOctetString(BufferedTransformation &out, const byte *str, size_t strLen); -CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeOctetString(BufferedTransformation &out, const SecByteBlock &str); -CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &in, SecByteBlock &str); -CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &in, BufferedTransformation &str); - -// for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING -CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeTextString(BufferedTransformation &out, const std::string &str, byte asnTag); -CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeTextString(BufferedTransformation &in, std::string &str, byte asnTag); - -CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeBitString(BufferedTransformation &out, const byte *str, size_t strLen, unsigned int unusedBits=0); -CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeBitString(BufferedTransformation &in, SecByteBlock &str, unsigned int &unusedBits); - -// BER decode from source and DER reencode into dest -CRYPTOPP_DLL void CRYPTOPP_API DERReencode(BufferedTransformation &source, BufferedTransformation &dest); - -//! Object Identifier -class CRYPTOPP_DLL OID -{ -public: - OID() {} - OID(word32 v) : m_values(1, v) {} - OID(BufferedTransformation &bt) {BERDecode(bt);} - - inline OID & operator+=(word32 rhs) {m_values.push_back(rhs); return *this;} - - void DEREncode(BufferedTransformation &bt) const; - void BERDecode(BufferedTransformation &bt); - - // throw BERDecodeErr() if decoded value doesn't equal this OID - void BERDecodeAndCheck(BufferedTransformation &bt) const; - - std::vector<word32> m_values; - -private: - static void EncodeValue(BufferedTransformation &bt, word32 v); - static size_t DecodeValue(BufferedTransformation &bt, word32 &v); -}; - -class EncodedObjectFilter : public Filter -{ -public: - enum Flag {PUT_OBJECTS=1, PUT_MESSANGE_END_AFTER_EACH_OBJECT=2, PUT_MESSANGE_END_AFTER_ALL_OBJECTS=4, PUT_MESSANGE_SERIES_END_AFTER_ALL_OBJECTS=8}; - EncodedObjectFilter(BufferedTransformation *attachment = NULL, unsigned int nObjects = 1, word32 flags = 0); - - void Put(const byte *inString, size_t length); - - unsigned int GetNumberOfCompletedObjects() const {return m_nCurrentObject;} - unsigned long GetPositionOfObject(unsigned int i) const {return m_positions[i];} - -private: - BufferedTransformation & CurrentTarget(); - - word32 m_flags; - unsigned int m_nObjects, m_nCurrentObject, m_level; - std::vector<unsigned int> m_positions; - ByteQueue m_queue; - enum State {IDENTIFIER, LENGTH, BODY, TAIL, ALL_DONE} m_state; - byte m_id; - lword m_lengthRemaining; -}; - -//! BER General Decoder -class CRYPTOPP_DLL BERGeneralDecoder : public Store -{ -public: - explicit BERGeneralDecoder(BufferedTransformation &inQueue, byte asnTag); - explicit BERGeneralDecoder(BERGeneralDecoder &inQueue, byte asnTag); - ~BERGeneralDecoder(); - - bool IsDefiniteLength() const {return m_definiteLength;} - lword RemainingLength() const {assert(m_definiteLength); return m_length;} - bool EndReached() const; - byte PeekByte() const; - void CheckByte(byte b); - - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - - // call this to denote end of sequence - void MessageEnd(); - -protected: - BufferedTransformation &m_inQueue; - bool m_finished, m_definiteLength; - lword m_length; - -private: - void Init(byte asnTag); - void StoreInitialize(const NameValuePairs ¶meters) {assert(false);} - lword ReduceLength(lword delta); -}; - -//! DER General Encoder -class CRYPTOPP_DLL DERGeneralEncoder : public ByteQueue -{ -public: - explicit DERGeneralEncoder(BufferedTransformation &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED); - explicit DERGeneralEncoder(DERGeneralEncoder &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED); - ~DERGeneralEncoder(); - - // call this to denote end of sequence - void MessageEnd(); - -private: - BufferedTransformation &m_outQueue; - bool m_finished; - - byte m_asnTag; -}; - -//! BER Sequence Decoder -class CRYPTOPP_DLL BERSequenceDecoder : public BERGeneralDecoder -{ -public: - explicit BERSequenceDecoder(BufferedTransformation &inQueue, byte asnTag = SEQUENCE | CONSTRUCTED) - : BERGeneralDecoder(inQueue, asnTag) {} - explicit BERSequenceDecoder(BERSequenceDecoder &inQueue, byte asnTag = SEQUENCE | CONSTRUCTED) - : BERGeneralDecoder(inQueue, asnTag) {} -}; - -//! DER Sequence Encoder -class CRYPTOPP_DLL DERSequenceEncoder : public DERGeneralEncoder -{ -public: - explicit DERSequenceEncoder(BufferedTransformation &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED) - : DERGeneralEncoder(outQueue, asnTag) {} - explicit DERSequenceEncoder(DERSequenceEncoder &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED) - : DERGeneralEncoder(outQueue, asnTag) {} -}; - -//! BER Set Decoder -class CRYPTOPP_DLL BERSetDecoder : public BERGeneralDecoder -{ -public: - explicit BERSetDecoder(BufferedTransformation &inQueue, byte asnTag = SET | CONSTRUCTED) - : BERGeneralDecoder(inQueue, asnTag) {} - explicit BERSetDecoder(BERSetDecoder &inQueue, byte asnTag = SET | CONSTRUCTED) - : BERGeneralDecoder(inQueue, asnTag) {} -}; - -//! DER Set Encoder -class CRYPTOPP_DLL DERSetEncoder : public DERGeneralEncoder -{ -public: - explicit DERSetEncoder(BufferedTransformation &outQueue, byte asnTag = SET | CONSTRUCTED) - : DERGeneralEncoder(outQueue, asnTag) {} - explicit DERSetEncoder(DERSetEncoder &outQueue, byte asnTag = SET | CONSTRUCTED) - : DERGeneralEncoder(outQueue, asnTag) {} -}; - -template <class T> -class ASNOptional : public member_ptr<T> -{ -public: - void BERDecode(BERSequenceDecoder &seqDecoder, byte tag, byte mask = ~CONSTRUCTED) - { - byte b; - if (seqDecoder.Peek(b) && (b & mask) == tag) - reset(new T(seqDecoder)); - } - void DEREncode(BufferedTransformation &out) - { - if (this->get() != NULL) - this->get()->DEREncode(out); - } -}; - -//! _ -template <class BASE> -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ASN1CryptoMaterial : public ASN1Object, public BASE -{ -public: - void Save(BufferedTransformation &bt) const - {BEREncode(bt);} - void Load(BufferedTransformation &bt) - {BERDecode(bt);} -}; - -//! encodes/decodes subjectPublicKeyInfo -class CRYPTOPP_DLL X509PublicKey : public ASN1CryptoMaterial<PublicKey> -{ -public: - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - virtual OID GetAlgorithmID() const =0; - virtual bool BERDecodeAlgorithmParameters(BufferedTransformation &bt) - {BERDecodeNull(bt); return false;} - virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const - {DEREncodeNull(bt); return false;} // see RFC 2459, section 7.3.1 - - //! decode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header - virtual void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size) =0; - //! encode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header - virtual void DEREncodePublicKey(BufferedTransformation &bt) const =0; -}; - -//! encodes/decodes privateKeyInfo -class CRYPTOPP_DLL PKCS8PrivateKey : public ASN1CryptoMaterial<PrivateKey> -{ -public: - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - virtual OID GetAlgorithmID() const =0; - virtual bool BERDecodeAlgorithmParameters(BufferedTransformation &bt) - {BERDecodeNull(bt); return false;} - virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const - {DEREncodeNull(bt); return false;} // see RFC 2459, section 7.3.1 - - //! decode privateKey part of privateKeyInfo, without the OCTET STRING header - virtual void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size) =0; - //! encode privateKey part of privateKeyInfo, without the OCTET STRING header - virtual void DEREncodePrivateKey(BufferedTransformation &bt) const =0; - - //! decode optional attributes including context-specific tag - /*! /note default implementation stores attributes to be output in DEREncodeOptionalAttributes */ - virtual void BERDecodeOptionalAttributes(BufferedTransformation &bt); - //! encode optional attributes including context-specific tag - virtual void DEREncodeOptionalAttributes(BufferedTransformation &bt) const; - -protected: - ByteQueue m_optionalAttributes; -}; - -// ******************************************************** - -//! DER Encode Unsigned -/*! for INTEGER, BOOLEAN, and ENUM */ -template <class T> -size_t DEREncodeUnsigned(BufferedTransformation &out, T w, byte asnTag = INTEGER) -{ - byte buf[sizeof(w)+1]; - unsigned int bc; - if (asnTag == BOOLEAN) - { - buf[sizeof(w)] = w ? 0xff : 0; - bc = 1; - } - else - { - buf[0] = 0; - for (unsigned int i=0; i<sizeof(w); i++) - buf[i+1] = byte(w >> (sizeof(w)-1-i)*8); - bc = sizeof(w); - while (bc > 1 && buf[sizeof(w)+1-bc] == 0) - --bc; - if (buf[sizeof(w)+1-bc] & 0x80) - ++bc; - } - out.Put(asnTag); - size_t lengthBytes = DERLengthEncode(out, bc); - out.Put(buf+sizeof(w)+1-bc, bc); - return 1+lengthBytes+bc; -} - -//! BER Decode Unsigned -// VC60 workaround: std::numeric_limits<T>::max conflicts with MFC max macro -// CW41 workaround: std::numeric_limits<T>::max causes a template error -template <class T> -void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER, - T minValue = 0, T maxValue = 0xffffffff) -{ - byte b; - if (!in.Get(b) || b != asnTag) - BERDecodeError(); - - size_t bc; - BERLengthDecode(in, bc); - - SecByteBlock buf(bc); - - if (bc != in.Get(buf, bc)) - BERDecodeError(); - - const byte *ptr = buf; - while (bc > sizeof(w) && *ptr == 0) - { - bc--; - ptr++; - } - if (bc > sizeof(w)) - BERDecodeError(); - - w = 0; - for (unsigned int i=0; i<bc; i++) - w = (w << 8) | ptr[i]; - - if (w < minValue || w > maxValue) - BERDecodeError(); -} - -inline bool operator==(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs) - {return lhs.m_values == rhs.m_values;} -inline bool operator!=(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs) - {return lhs.m_values != rhs.m_values;} -inline bool operator<(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs) - {return std::lexicographical_compare(lhs.m_values.begin(), lhs.m_values.end(), rhs.m_values.begin(), rhs.m_values.end());} -inline ::CryptoPP::OID operator+(const ::CryptoPP::OID &lhs, unsigned long rhs) - {return ::CryptoPP::OID(lhs)+=rhs;} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/authenc.cpp b/cryptopp562/authenc.cpp deleted file mode 100644 index 0ca5da6..0000000 --- a/cryptopp562/authenc.cpp +++ /dev/null @@ -1,180 +0,0 @@ -// authenc.cpp - written and placed in the public domain by Wei Dai
-
-#include "pch.h"
-
-#ifndef CRYPTOPP_IMPORTS
-
-#include "authenc.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-void AuthenticatedSymmetricCipherBase::AuthenticateData(const byte *input, size_t len)
-{
- unsigned int blockSize = AuthenticationBlockSize();
- unsigned int &num = m_bufferedDataLength;
- byte* data = m_buffer.begin();
-
- if (num != 0) // process left over data
- {
- if (num+len >= blockSize)
- {
- memcpy(data+num, input, blockSize-num);
- AuthenticateBlocks(data, blockSize);
- input += (blockSize-num);
- len -= (blockSize-num);
- num = 0;
- // drop through and do the rest
- }
- else
- {
- memcpy(data+num, input, len);
- num += (unsigned int)len;
- return;
- }
- }
-
- // now process the input data in blocks of blockSize bytes and save the leftovers to m_data
- if (len >= blockSize)
- {
- size_t leftOver = AuthenticateBlocks(input, len);
- input += (len - leftOver);
- len = leftOver;
- }
-
- memcpy(data, input, len);
- num = (unsigned int)len;
-}
-
-void AuthenticatedSymmetricCipherBase::SetKey(const byte *userKey, size_t keylength, const NameValuePairs ¶ms)
-{
- m_bufferedDataLength = 0;
- m_state = State_Start;
-
- SetKeyWithoutResync(userKey, keylength, params);
- m_state = State_KeySet;
-
- size_t length;
- const byte *iv = GetIVAndThrowIfInvalid(params, length);
- if (iv)
- Resynchronize(iv, (int)length);
-}
-
-void AuthenticatedSymmetricCipherBase::Resynchronize(const byte *iv, int length)
-{
- if (m_state < State_KeySet)
- throw BadState(AlgorithmName(), "Resynchronize", "key is set");
-
- m_bufferedDataLength = 0;
- m_totalHeaderLength = m_totalMessageLength = m_totalFooterLength = 0;
- m_state = State_KeySet;
-
- Resync(iv, this->ThrowIfInvalidIVLength(length));
- m_state = State_IVSet;
-}
-
-void AuthenticatedSymmetricCipherBase::Update(const byte *input, size_t length)
-{
- if (length == 0)
- return;
-
- switch (m_state)
- {
- case State_Start:
- case State_KeySet:
- throw BadState(AlgorithmName(), "Update", "setting key and IV");
- case State_IVSet:
- AuthenticateData(input, length);
- m_totalHeaderLength += length;
- break;
- case State_AuthUntransformed:
- case State_AuthTransformed:
- AuthenticateLastConfidentialBlock();
- m_bufferedDataLength = 0;
- m_state = State_AuthFooter;
- // fall through
- case State_AuthFooter:
- AuthenticateData(input, length);
- m_totalFooterLength += length;
- break;
- default:
- assert(false);
- }
-}
-
-void AuthenticatedSymmetricCipherBase::ProcessData(byte *outString, const byte *inString, size_t length)
-{
- m_totalMessageLength += length;
- if (m_state >= State_IVSet && m_totalMessageLength > MaxMessageLength())
- throw InvalidArgument(AlgorithmName() + ": message length exceeds maximum");
-
-reswitch:
- switch (m_state)
- {
- case State_Start:
- case State_KeySet:
- throw BadState(AlgorithmName(), "ProcessData", "setting key and IV");
- case State_AuthFooter:
- throw BadState(AlgorithmName(), "ProcessData was called after footer input has started");
- case State_IVSet:
- AuthenticateLastHeaderBlock();
- m_bufferedDataLength = 0;
- m_state = AuthenticationIsOnPlaintext()==IsForwardTransformation() ? State_AuthUntransformed : State_AuthTransformed;
- goto reswitch;
- case State_AuthUntransformed:
- AuthenticateData(inString, length);
- AccessSymmetricCipher().ProcessData(outString, inString, length);
- break;
- case State_AuthTransformed:
- AccessSymmetricCipher().ProcessData(outString, inString, length);
- AuthenticateData(outString, length);
- break;
- default:
- assert(false);
- }
-}
-
-void AuthenticatedSymmetricCipherBase::TruncatedFinal(byte *mac, size_t macSize)
-{
- if (m_totalHeaderLength > MaxHeaderLength())
- throw InvalidArgument(AlgorithmName() + ": header length of " + IntToString(m_totalHeaderLength) + " exceeds the maximum of " + IntToString(MaxHeaderLength()));
-
- if (m_totalFooterLength > MaxFooterLength())
- {
- if (MaxFooterLength() == 0)
- throw InvalidArgument(AlgorithmName() + ": additional authenticated data (AAD) cannot be input after data to be encrypted or decrypted");
- else
- throw InvalidArgument(AlgorithmName() + ": footer length of " + IntToString(m_totalFooterLength) + " exceeds the maximum of " + IntToString(MaxFooterLength()));
- }
-
- switch (m_state)
- {
- case State_Start:
- case State_KeySet:
- throw BadState(AlgorithmName(), "TruncatedFinal", "setting key and IV");
-
- case State_IVSet:
- AuthenticateLastHeaderBlock();
- m_bufferedDataLength = 0;
- // fall through
-
- case State_AuthUntransformed:
- case State_AuthTransformed:
- AuthenticateLastConfidentialBlock();
- m_bufferedDataLength = 0;
- // fall through
-
- case State_AuthFooter:
- AuthenticateLastFooterBlock(mac, macSize);
- m_bufferedDataLength = 0;
- break;
-
- default:
- assert(false);
- }
-
- m_state = State_KeySet;
-}
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/authenc.h b/cryptopp562/authenc.h deleted file mode 100644 index f726716..0000000 --- a/cryptopp562/authenc.h +++ /dev/null @@ -1,49 +0,0 @@ -#ifndef CRYPTOPP_AUTHENC_H
-#define CRYPTOPP_AUTHENC_H
-
-#include "cryptlib.h"
-#include "secblock.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-//! .
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedSymmetricCipherBase : public AuthenticatedSymmetricCipher
-{
-public:
- AuthenticatedSymmetricCipherBase() : m_state(State_Start) {}
-
- bool IsRandomAccess() const {return false;}
- bool IsSelfInverting() const {return true;}
- void UncheckedSetKey(const byte *,unsigned int,const CryptoPP::NameValuePairs &) {assert(false);}
-
- void SetKey(const byte *userKey, size_t keylength, const NameValuePairs ¶ms);
- void Restart() {if (m_state > State_KeySet) m_state = State_KeySet;}
- void Resynchronize(const byte *iv, int length=-1);
- void Update(const byte *input, size_t length);
- void ProcessData(byte *outString, const byte *inString, size_t length);
- void TruncatedFinal(byte *mac, size_t macSize);
-
-protected:
- void AuthenticateData(const byte *data, size_t len);
- const SymmetricCipher & GetSymmetricCipher() const {return const_cast<AuthenticatedSymmetricCipherBase *>(this)->AccessSymmetricCipher();};
-
- virtual SymmetricCipher & AccessSymmetricCipher() =0;
- virtual bool AuthenticationIsOnPlaintext() const =0;
- virtual unsigned int AuthenticationBlockSize() const =0;
- virtual void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms) =0;
- virtual void Resync(const byte *iv, size_t len) =0;
- virtual size_t AuthenticateBlocks(const byte *data, size_t len) =0;
- virtual void AuthenticateLastHeaderBlock() =0;
- virtual void AuthenticateLastConfidentialBlock() {}
- virtual void AuthenticateLastFooterBlock(byte *mac, size_t macSize) =0;
-
- enum State {State_Start, State_KeySet, State_IVSet, State_AuthUntransformed, State_AuthTransformed, State_AuthFooter};
- State m_state;
- unsigned int m_bufferedDataLength;
- lword m_totalHeaderLength, m_totalMessageLength, m_totalFooterLength;
- AlignedSecByteBlock m_buffer;
-};
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/base32.cpp b/cryptopp562/base32.cpp deleted file mode 100644 index 0568f07..0000000 --- a/cryptopp562/base32.cpp +++ /dev/null @@ -1,39 +0,0 @@ -// base32.cpp - written and placed in the public domain by Frank Palazzolo, based on hex.cpp by Wei Dai - -#include "pch.h" -#include "base32.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const byte s_vecUpper[] = "ABCDEFGHIJKMNPQRSTUVWXYZ23456789"; -static const byte s_vecLower[] = "abcdefghijkmnpqrstuvwxyz23456789"; - -void Base32Encoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - bool uppercase = parameters.GetValueWithDefault(Name::Uppercase(), true); - m_filter->Initialize(CombinedNameValuePairs( - parameters, - MakeParameters(Name::EncodingLookupArray(), uppercase ? &s_vecUpper[0] : &s_vecLower[0], false)(Name::Log2Base(), 5, true))); -} - -void Base32Decoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - BaseN_Decoder::Initialize(CombinedNameValuePairs( - parameters, - MakeParameters(Name::DecodingLookupArray(), GetDefaultDecodingLookupArray(), false)(Name::Log2Base(), 5, true))); -} - -const int *Base32Decoder::GetDefaultDecodingLookupArray() -{ - static volatile bool s_initialized = false; - static int s_array[256]; - - if (!s_initialized) - { - InitializeDecodingLookupArray(s_array, s_vecUpper, 32, true); - s_initialized = true; - } - return s_array; -} - -NAMESPACE_END diff --git a/cryptopp562/base32.h b/cryptopp562/base32.h deleted file mode 100644 index cb1e1af..0000000 --- a/cryptopp562/base32.h +++ /dev/null @@ -1,38 +0,0 @@ -#ifndef CRYPTOPP_BASE32_H -#define CRYPTOPP_BASE32_H - -#include "basecode.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Converts given data to base 32, the default code is based on draft-ietf-idn-dude-02.txt -/*! To specify alternative code, call Initialize() with EncodingLookupArray parameter. */ -class Base32Encoder : public SimpleProxyFilter -{ -public: - Base32Encoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int outputGroupSize = 0, const std::string &separator = ":", const std::string &terminator = "") - : SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment) - { - IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), outputGroupSize)(Name::Separator(), ConstByteArrayParameter(separator))); - } - - void IsolatedInitialize(const NameValuePairs ¶meters); -}; - -//! Decode base 32 data back to bytes, the default code is based on draft-ietf-idn-dude-02.txt -/*! To specify alternative code, call Initialize() with DecodingLookupArray parameter. */ -class Base32Decoder : public BaseN_Decoder -{ -public: - Base32Decoder(BufferedTransformation *attachment = NULL) - : BaseN_Decoder(GetDefaultDecodingLookupArray(), 5, attachment) {} - - void IsolatedInitialize(const NameValuePairs ¶meters); - -private: - static const int * CRYPTOPP_API GetDefaultDecodingLookupArray(); -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/base64.cpp b/cryptopp562/base64.cpp deleted file mode 100644 index 7571f2b..0000000 --- a/cryptopp562/base64.cpp +++ /dev/null @@ -1,42 +0,0 @@ -// base64.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "base64.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const byte s_vec[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -static const byte s_padding = '='; - -void Base64Encoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - bool insertLineBreaks = parameters.GetValueWithDefault(Name::InsertLineBreaks(), true); - int maxLineLength = parameters.GetIntValueWithDefault(Name::MaxLineLength(), 72); - - const char *lineBreak = insertLineBreaks ? "\n" : ""; - - m_filter->Initialize(CombinedNameValuePairs( - parameters, - MakeParameters(Name::EncodingLookupArray(), &s_vec[0], false) - (Name::PaddingByte(), s_padding) - (Name::GroupSize(), insertLineBreaks ? maxLineLength : 0) - (Name::Separator(), ConstByteArrayParameter(lineBreak)) - (Name::Terminator(), ConstByteArrayParameter(lineBreak)) - (Name::Log2Base(), 6, true))); -} - -const int *Base64Decoder::GetDecodingLookupArray() -{ - static volatile bool s_initialized = false; - static int s_array[256]; - - if (!s_initialized) - { - InitializeDecodingLookupArray(s_array, s_vec, 64, false); - s_initialized = true; - } - return s_array; -} - -NAMESPACE_END diff --git a/cryptopp562/base64.h b/cryptopp562/base64.h deleted file mode 100644 index 5a9e184..0000000 --- a/cryptopp562/base64.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef CRYPTOPP_BASE64_H -#define CRYPTOPP_BASE64_H - -#include "basecode.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Base64 Encoder Class -class Base64Encoder : public SimpleProxyFilter -{ -public: - Base64Encoder(BufferedTransformation *attachment = NULL, bool insertLineBreaks = true, int maxLineLength = 72) - : SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment) - { - IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), insertLineBreaks)(Name::MaxLineLength(), maxLineLength)); - } - - void IsolatedInitialize(const NameValuePairs ¶meters); -}; - -//! Base64 Decoder Class -class Base64Decoder : public BaseN_Decoder -{ -public: - Base64Decoder(BufferedTransformation *attachment = NULL) - : BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) {} - - void IsolatedInitialize(const NameValuePairs ¶meters) {} - -private: - static const int * CRYPTOPP_API GetDecodingLookupArray(); -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/basecode.cpp b/cryptopp562/basecode.cpp deleted file mode 100644 index 0c98b22..0000000 --- a/cryptopp562/basecode.cpp +++ /dev/null @@ -1,238 +0,0 @@ -// basecode.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "basecode.h" -#include "fltrimpl.h" -#include <ctype.h> - -NAMESPACE_BEGIN(CryptoPP) - -void BaseN_Encoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - parameters.GetRequiredParameter("BaseN_Encoder", Name::EncodingLookupArray(), m_alphabet); - - parameters.GetRequiredIntParameter("BaseN_Encoder", Name::Log2Base(), m_bitsPerChar); - if (m_bitsPerChar <= 0 || m_bitsPerChar >= 8) - throw InvalidArgument("BaseN_Encoder: Log2Base must be between 1 and 7 inclusive"); - - byte padding; - bool pad; - if (parameters.GetValue(Name::PaddingByte(), padding)) - pad = parameters.GetValueWithDefault(Name::Pad(), true); - else - pad = false; - m_padding = pad ? padding : -1; - - m_bytePos = m_bitPos = 0; - - int i = 8; - while (i%m_bitsPerChar != 0) - i += 8; - m_outputBlockSize = i/m_bitsPerChar; - - m_outBuf.New(m_outputBlockSize); -} - -size_t BaseN_Encoder::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - FILTER_BEGIN; - while (m_inputPosition < length) - { - if (m_bytePos == 0) - memset(m_outBuf, 0, m_outputBlockSize); - - { - unsigned int b = begin[m_inputPosition++], bitsLeftInSource = 8; - while (true) - { - assert(m_bitPos < m_bitsPerChar); - unsigned int bitsLeftInTarget = m_bitsPerChar-m_bitPos; - m_outBuf[m_bytePos] |= b >> (8-bitsLeftInTarget); - if (bitsLeftInSource >= bitsLeftInTarget) - { - m_bitPos = 0; - ++m_bytePos; - bitsLeftInSource -= bitsLeftInTarget; - if (bitsLeftInSource == 0) - break; - b <<= bitsLeftInTarget; - b &= 0xff; - } - else - { - m_bitPos += bitsLeftInSource; - break; - } - } - } - - assert(m_bytePos <= m_outputBlockSize); - if (m_bytePos == m_outputBlockSize) - { - int i; - for (i=0; i<m_bytePos; i++) - { - assert(m_outBuf[i] < (1 << m_bitsPerChar)); - m_outBuf[i] = m_alphabet[m_outBuf[i]]; - } - FILTER_OUTPUT(1, m_outBuf, m_outputBlockSize, 0); - - m_bytePos = m_bitPos = 0; - } - } - if (messageEnd) - { - if (m_bitPos > 0) - ++m_bytePos; - - int i; - for (i=0; i<m_bytePos; i++) - m_outBuf[i] = m_alphabet[m_outBuf[i]]; - - if (m_padding != -1 && m_bytePos > 0) - { - memset(m_outBuf+m_bytePos, m_padding, m_outputBlockSize-m_bytePos); - m_bytePos = m_outputBlockSize; - } - FILTER_OUTPUT(2, m_outBuf, m_bytePos, messageEnd); - m_bytePos = m_bitPos = 0; - } - FILTER_END_NO_MESSAGE_END; -} - -void BaseN_Decoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - parameters.GetRequiredParameter("BaseN_Decoder", Name::DecodingLookupArray(), m_lookup); - - parameters.GetRequiredIntParameter("BaseN_Decoder", Name::Log2Base(), m_bitsPerChar); - if (m_bitsPerChar <= 0 || m_bitsPerChar >= 8) - throw InvalidArgument("BaseN_Decoder: Log2Base must be between 1 and 7 inclusive"); - - m_bytePos = m_bitPos = 0; - - int i = m_bitsPerChar; - while (i%8 != 0) - i += m_bitsPerChar; - m_outputBlockSize = i/8; - - m_outBuf.New(m_outputBlockSize); -} - -size_t BaseN_Decoder::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - FILTER_BEGIN; - while (m_inputPosition < length) - { - unsigned int value; - value = m_lookup[begin[m_inputPosition++]]; - if (value >= 256) - continue; - - if (m_bytePos == 0 && m_bitPos == 0) - memset(m_outBuf, 0, m_outputBlockSize); - - { - int newBitPos = m_bitPos + m_bitsPerChar; - if (newBitPos <= 8) - m_outBuf[m_bytePos] |= value << (8-newBitPos); - else - { - m_outBuf[m_bytePos] |= value >> (newBitPos-8); - m_outBuf[m_bytePos+1] |= value << (16-newBitPos); - } - - m_bitPos = newBitPos; - while (m_bitPos >= 8) - { - m_bitPos -= 8; - ++m_bytePos; - } - } - - if (m_bytePos == m_outputBlockSize) - { - FILTER_OUTPUT(1, m_outBuf, m_outputBlockSize, 0); - m_bytePos = m_bitPos = 0; - } - } - if (messageEnd) - { - FILTER_OUTPUT(2, m_outBuf, m_bytePos, messageEnd); - m_bytePos = m_bitPos = 0; - } - FILTER_END_NO_MESSAGE_END; -} - -void BaseN_Decoder::InitializeDecodingLookupArray(int *lookup, const byte *alphabet, unsigned int base, bool caseInsensitive) -{ - std::fill(lookup, lookup+256, -1); - - for (unsigned int i=0; i<base; i++) - { - if (caseInsensitive && isalpha(alphabet[i])) - { - assert(lookup[toupper(alphabet[i])] == -1); - lookup[toupper(alphabet[i])] = i; - assert(lookup[tolower(alphabet[i])] == -1); - lookup[tolower(alphabet[i])] = i; - } - else - { - assert(lookup[alphabet[i]] == -1); - lookup[alphabet[i]] = i; - } - } -} - -void Grouper::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_groupSize = parameters.GetIntValueWithDefault(Name::GroupSize(), 0); - ConstByteArrayParameter separator, terminator; - if (m_groupSize) - parameters.GetRequiredParameter("Grouper", Name::Separator(), separator); - else - parameters.GetValue(Name::Separator(), separator); - parameters.GetValue(Name::Terminator(), terminator); - - m_separator.Assign(separator.begin(), separator.size()); - m_terminator.Assign(terminator.begin(), terminator.size()); - m_counter = 0; -} - -size_t Grouper::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - FILTER_BEGIN; - if (m_groupSize) - { - while (m_inputPosition < length) - { - if (m_counter == m_groupSize) - { - FILTER_OUTPUT(1, m_separator, m_separator.size(), 0); - m_counter = 0; - } - - size_t len; - FILTER_OUTPUT2(2, len = STDMIN(length-m_inputPosition, m_groupSize-m_counter), - begin+m_inputPosition, len, 0); - m_inputPosition += len; - m_counter += len; - } - } - else - FILTER_OUTPUT(3, begin, length, 0); - - if (messageEnd) - { - FILTER_OUTPUT(4, m_terminator, m_terminator.size(), messageEnd); - m_counter = 0; - } - FILTER_END_NO_MESSAGE_END -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/basecode.h b/cryptopp562/basecode.h deleted file mode 100644 index cc44c43..0000000 --- a/cryptopp562/basecode.h +++ /dev/null @@ -1,86 +0,0 @@ -#ifndef CRYPTOPP_BASECODE_H -#define CRYPTOPP_BASECODE_H - -#include "filters.h" -#include "algparam.h" -#include "argnames.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! base n encoder, where n is a power of 2 -class CRYPTOPP_DLL BaseN_Encoder : public Unflushable<Filter> -{ -public: - BaseN_Encoder(BufferedTransformation *attachment=NULL) - {Detach(attachment);} - - BaseN_Encoder(const byte *alphabet, int log2base, BufferedTransformation *attachment=NULL, int padding=-1) - { - Detach(attachment); - IsolatedInitialize(MakeParameters(Name::EncodingLookupArray(), alphabet) - (Name::Log2Base(), log2base) - (Name::Pad(), padding != -1) - (Name::PaddingByte(), byte(padding))); - } - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - -private: - const byte *m_alphabet; - int m_padding, m_bitsPerChar, m_outputBlockSize; - int m_bytePos, m_bitPos; - SecByteBlock m_outBuf; -}; - -//! base n decoder, where n is a power of 2 -class CRYPTOPP_DLL BaseN_Decoder : public Unflushable<Filter> -{ -public: - BaseN_Decoder(BufferedTransformation *attachment=NULL) - {Detach(attachment);} - - BaseN_Decoder(const int *lookup, int log2base, BufferedTransformation *attachment=NULL) - { - Detach(attachment); - IsolatedInitialize(MakeParameters(Name::DecodingLookupArray(), lookup)(Name::Log2Base(), log2base)); - } - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - - static void CRYPTOPP_API InitializeDecodingLookupArray(int *lookup, const byte *alphabet, unsigned int base, bool caseInsensitive); - -private: - const int *m_lookup; - int m_padding, m_bitsPerChar, m_outputBlockSize; - int m_bytePos, m_bitPos; - SecByteBlock m_outBuf; -}; - -//! filter that breaks input stream into groups of fixed size -class CRYPTOPP_DLL Grouper : public Bufferless<Filter> -{ -public: - Grouper(BufferedTransformation *attachment=NULL) - {Detach(attachment);} - - Grouper(int groupSize, const std::string &separator, const std::string &terminator, BufferedTransformation *attachment=NULL) - { - Detach(attachment); - IsolatedInitialize(MakeParameters(Name::GroupSize(), groupSize) - (Name::Separator(), ConstByteArrayParameter(separator)) - (Name::Terminator(), ConstByteArrayParameter(terminator))); - } - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - -private: - SecByteBlock m_separator, m_terminator; - size_t m_groupSize, m_counter; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/bench.cpp b/cryptopp562/bench.cpp deleted file mode 100644 index 34c0d61..0000000 --- a/cryptopp562/bench.cpp +++ /dev/null @@ -1,343 +0,0 @@ -// bench.cpp - written and placed in the public domain by Wei Dai - -#define _CRT_SECURE_NO_DEPRECATE - -#include "bench.h" -#include "validate.h" -#include "aes.h" -#include "blumshub.h" -#include "files.h" -#include "hex.h" -#include "modes.h" -#include "factory.h" -#include "cpu.h" - -#include <time.h> -#include <math.h> -#include <iostream> -#include <iomanip> - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -#ifdef CLOCKS_PER_SEC -const double CLOCK_TICKS_PER_SECOND = (double)CLOCKS_PER_SEC; -#elif defined(CLK_TCK) -const double CLOCK_TICKS_PER_SECOND = (double)CLK_TCK; -#else -const double CLOCK_TICKS_PER_SECOND = 1000000.0; -#endif - -double logtotal = 0, g_allocatedTime, g_hertz; -unsigned int logcount = 0; - -static const byte *const key=(byte *)"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; - -void OutputResultBytes(const char *name, double length, double timeTaken) -{ - double mbs = length / timeTaken / (1024*1024); - cout << "\n<TR><TH>" << name; -// cout << "<TD>" << setprecision(3) << length / (1024*1024); - cout << setiosflags(ios::fixed); -// cout << "<TD>" << setprecision(3) << timeTaken; - cout << "<TD>" << setprecision(0) << setiosflags(ios::fixed) << mbs; - if (g_hertz) - cout << "<TD>" << setprecision(1) << setiosflags(ios::fixed) << timeTaken * g_hertz / length; - cout << resetiosflags(ios::fixed); - logtotal += log(mbs); - logcount++; -} - -void OutputResultKeying(double iterations, double timeTaken) -{ - cout << "<TD>" << setprecision(3) << setiosflags(ios::fixed) << (1000*1000*timeTaken/iterations); - if (g_hertz) - cout << "<TD>" << setprecision(0) << setiosflags(ios::fixed) << timeTaken * g_hertz / iterations; -} - -void OutputResultOperations(const char *name, const char *operation, bool pc, unsigned long iterations, double timeTaken) -{ - cout << "\n<TR><TH>" << name << " " << operation << (pc ? " with precomputation" : ""); -// cout << "<TD>" << iterations; -// cout << setiosflags(ios::fixed); -// cout << "<TD>" << setprecision(3) << timeTaken; - cout << "<TD>" << setprecision(2) << setiosflags(ios::fixed) << (1000*timeTaken/iterations); - if (g_hertz) - cout << "<TD>" << setprecision(2) << setiosflags(ios::fixed) << timeTaken * g_hertz / iterations / 1000000; - cout << resetiosflags(ios::fixed); - - logtotal += log(iterations/timeTaken); - logcount++; -} - -/* -void BenchMark(const char *name, BlockTransformation &cipher, double timeTotal) -{ - const int BUF_SIZE = RoundUpToMultipleOf(2048U, cipher.OptimalNumberOfParallelBlocks() * cipher.BlockSize()); - AlignedSecByteBlock buf(BUF_SIZE); - const int nBlocks = BUF_SIZE / cipher.BlockSize(); - clock_t start = clock(); - - unsigned long i=0, blocks=1; - double timeTaken; - do - { - blocks *= 2; - for (; i<blocks; i++) - cipher.ProcessAndXorMultipleBlocks(buf, NULL, buf, nBlocks); - timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND; - } - while (timeTaken < 2.0/3*timeTotal); - - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); -} -*/ - -void BenchMark(const char *name, StreamTransformation &cipher, double timeTotal) -{ - const int BUF_SIZE=RoundUpToMultipleOf(2048U, cipher.OptimalBlockSize()); - AlignedSecByteBlock buf(BUF_SIZE); - GlobalRNG().GenerateBlock(buf, BUF_SIZE); - clock_t start = clock(); - - unsigned long i=0, blocks=1; - double timeTaken; - do - { - blocks *= 2; - for (; i<blocks; i++) - cipher.ProcessString(buf, BUF_SIZE); - timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND; - } - while (timeTaken < 2.0/3*timeTotal); - - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); -} - -void BenchMark(const char *name, AuthenticatedSymmetricCipher &cipher, double timeTotal) -{ - if (cipher.NeedsPrespecifiedDataLengths()) - cipher.SpecifyDataLengths(0, cipher.MaxMessageLength(), 0); - - BenchMark(name, static_cast<StreamTransformation &>(cipher), timeTotal); -} - -void BenchMark(const char *name, HashTransformation &ht, double timeTotal) -{ - const int BUF_SIZE=2048U; - AlignedSecByteBlock buf(BUF_SIZE); - GlobalRNG().GenerateBlock(buf, BUF_SIZE); - clock_t start = clock(); - - unsigned long i=0, blocks=1; - double timeTaken; - do - { - blocks *= 2; - for (; i<blocks; i++) - ht.Update(buf, BUF_SIZE); - timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND; - } - while (timeTaken < 2.0/3*timeTotal); - - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); -} - -void BenchMark(const char *name, BufferedTransformation &bt, double timeTotal) -{ - const int BUF_SIZE=2048U; - AlignedSecByteBlock buf(BUF_SIZE); - GlobalRNG().GenerateBlock(buf, BUF_SIZE); - clock_t start = clock(); - - unsigned long i=0, blocks=1; - double timeTaken; - do - { - blocks *= 2; - for (; i<blocks; i++) - bt.Put(buf, BUF_SIZE); - timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND; - } - while (timeTaken < 2.0/3*timeTotal); - - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); -} - -void BenchMarkKeying(SimpleKeyingInterface &c, size_t keyLength, const NameValuePairs ¶ms) -{ - unsigned long iterations = 0; - clock_t start = clock(); - double timeTaken; - do - { - for (unsigned int i=0; i<1024; i++) - c.SetKey(key, keyLength, params); - timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND; - iterations += 1024; - } - while (timeTaken < g_allocatedTime); - - OutputResultKeying(iterations, timeTaken); -} - -//VC60 workaround: compiler bug triggered without the extra dummy parameters -// on VC60 also needs to be named differently from BenchMarkByName -template <class T_FactoryOutput, class T_Interface> -void BenchMarkByName2(const char *factoryName, size_t keyLength = 0, const char *displayName=NULL, const NameValuePairs ¶ms = g_nullNameValuePairs, T_FactoryOutput *x=NULL, T_Interface *y=NULL) -{ - std::string name = factoryName; - if (displayName) - name = displayName; - else if (keyLength) - name += " (" + IntToString(keyLength * 8) + "-bit key)"; - - std::auto_ptr<T_FactoryOutput> obj(ObjectFactoryRegistry<T_FactoryOutput>::Registry().CreateObject(factoryName)); - if (!keyLength) - keyLength = obj->DefaultKeyLength(); - obj->SetKey(key, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(key, obj->IVSize()), false))); - BenchMark(name.c_str(), *static_cast<T_Interface *>(obj.get()), g_allocatedTime); - BenchMarkKeying(*obj, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(key, obj->IVSize()), false))); -} - -//VC60 workaround: compiler bug triggered without the extra dummy parameters -template <class T_FactoryOutput> -void BenchMarkByName(const char *factoryName, size_t keyLength = 0, const char *displayName=NULL, const NameValuePairs ¶ms = g_nullNameValuePairs, T_FactoryOutput *x=NULL) -{ - BenchMarkByName2<T_FactoryOutput, T_FactoryOutput>(factoryName, keyLength, displayName, params, x, x); -} - -template <class T> -void BenchMarkByNameKeyLess(const char *factoryName, const char *displayName=NULL, const NameValuePairs ¶ms = g_nullNameValuePairs, T *x=NULL) -{ - std::string name = factoryName; - if (displayName) - name = displayName; - - std::auto_ptr<T> obj(ObjectFactoryRegistry<T>::Registry().CreateObject(factoryName)); - BenchMark(name.c_str(), *obj, g_allocatedTime); -} - -void BenchmarkAll(double t, double hertz) -{ -#if 1 - logtotal = 0; - logcount = 0; - g_allocatedTime = t; - g_hertz = hertz; - - const char *cpb, *cpk; - if (g_hertz) - { - cpb = "<TH>Cycles Per Byte"; - cpk = "<TH>Cycles to<br>Setup Key and IV"; - cout << "CPU frequency of the test platform is " << g_hertz << " Hz.\n"; - } - else - { - cpb = cpk = ""; - cout << "CPU frequency of the test platform was not provided.\n"; - } - - cout << "<TABLE border=1><COLGROUP><COL align=left><COL align=right><COL align=right><COL align=right><COL align=right>" << endl; - cout << "<THEAD><TR><TH>Algorithm<TH>MiB/Second" << cpb << "<TH>Microseconds to<br>Setup Key and IV" << cpk << endl; - - cout << "\n<TBODY style=\"background: yellow\">"; -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - if (HasCLMUL()) - BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM"); - else -#endif - { - BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM (2K tables)", MakeParameters(Name::TableSize(), 2048)); - BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM (64K tables)", MakeParameters(Name::TableSize(), 64*1024)); - } - BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/CCM"); - BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/EAX"); - - cout << "\n<TBODY style=\"background: white\">"; -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - if (HasCLMUL()) - BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES)"); - else -#endif - { - BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES) (2K tables)", MakeParameters(Name::TableSize(), 2048)); - BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES) (64K tables)", MakeParameters(Name::TableSize(), 64*1024)); - } - BenchMarkByName<MessageAuthenticationCode>("VMAC(AES)-64"); - BenchMarkByName<MessageAuthenticationCode>("VMAC(AES)-128"); - BenchMarkByName<MessageAuthenticationCode>("HMAC(SHA-1)"); - BenchMarkByName<MessageAuthenticationCode>("Two-Track-MAC"); - BenchMarkByName<MessageAuthenticationCode>("CMAC(AES)"); - BenchMarkByName<MessageAuthenticationCode>("DMAC(AES)"); - - cout << "\n<TBODY style=\"background: yellow\">"; - BenchMarkByNameKeyLess<HashTransformation>("CRC32"); - BenchMarkByNameKeyLess<HashTransformation>("Adler32"); - BenchMarkByNameKeyLess<HashTransformation>("MD5"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-1"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-256"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-512"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-3-224"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-3-256"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-3-384"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-3-512"); - BenchMarkByNameKeyLess<HashTransformation>("Tiger"); - BenchMarkByNameKeyLess<HashTransformation>("Whirlpool"); - BenchMarkByNameKeyLess<HashTransformation>("RIPEMD-160"); - BenchMarkByNameKeyLess<HashTransformation>("RIPEMD-320"); - BenchMarkByNameKeyLess<HashTransformation>("RIPEMD-128"); - BenchMarkByNameKeyLess<HashTransformation>("RIPEMD-256"); - - cout << "\n<TBODY style=\"background: white\">"; - BenchMarkByName<SymmetricCipher>("Panama-LE"); - BenchMarkByName<SymmetricCipher>("Panama-BE"); - BenchMarkByName<SymmetricCipher>("Salsa20"); - BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20/12", MakeParameters(Name::Rounds(), 12)); - BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20/8", MakeParameters(Name::Rounds(), 8)); - BenchMarkByName<SymmetricCipher>("Sosemanuk"); - BenchMarkByName<SymmetricCipher>("MARC4"); - BenchMarkByName<SymmetricCipher>("SEAL-3.0-LE"); - BenchMarkByName<SymmetricCipher>("WAKE-OFB-LE"); - - cout << "\n<TBODY style=\"background: yellow\">"; - BenchMarkByName<SymmetricCipher>("AES/CTR", 16); - BenchMarkByName<SymmetricCipher>("AES/CTR", 24); - BenchMarkByName<SymmetricCipher>("AES/CTR", 32); - BenchMarkByName<SymmetricCipher>("AES/CBC", 16); - BenchMarkByName<SymmetricCipher>("AES/CBC", 24); - BenchMarkByName<SymmetricCipher>("AES/CBC", 32); - BenchMarkByName<SymmetricCipher>("AES/OFB", 16); - BenchMarkByName<SymmetricCipher>("AES/CFB", 16); - BenchMarkByName<SymmetricCipher>("AES/ECB", 16); - BenchMarkByName<SymmetricCipher>("Camellia/CTR", 16); - BenchMarkByName<SymmetricCipher>("Camellia/CTR", 32); - BenchMarkByName<SymmetricCipher>("Twofish/CTR"); - BenchMarkByName<SymmetricCipher>("Serpent/CTR"); - BenchMarkByName<SymmetricCipher>("CAST-256/CTR"); - BenchMarkByName<SymmetricCipher>("RC6/CTR"); - BenchMarkByName<SymmetricCipher>("MARS/CTR"); - BenchMarkByName<SymmetricCipher>("SHACAL-2/CTR", 16); - BenchMarkByName<SymmetricCipher>("SHACAL-2/CTR", 64); - BenchMarkByName<SymmetricCipher>("DES/CTR"); - BenchMarkByName<SymmetricCipher>("DES-XEX3/CTR"); - BenchMarkByName<SymmetricCipher>("DES-EDE3/CTR"); - BenchMarkByName<SymmetricCipher>("IDEA/CTR"); - BenchMarkByName<SymmetricCipher>("RC5/CTR", 0, "RC5 (r=16)"); - BenchMarkByName<SymmetricCipher>("Blowfish/CTR"); - BenchMarkByName<SymmetricCipher>("TEA/CTR"); - BenchMarkByName<SymmetricCipher>("XTEA/CTR"); - BenchMarkByName<SymmetricCipher>("CAST-128/CTR"); - BenchMarkByName<SymmetricCipher>("SKIPJACK/CTR"); - BenchMarkByName<SymmetricCipher>("SEED/CTR", 0, "SEED/CTR (1/2 K table)"); - cout << "</TABLE>" << endl; - - BenchmarkAll2(t, hertz); - - cout << "Throughput Geometric Average: " << setiosflags(ios::fixed) << exp(logtotal/logcount) << endl; - - time_t endTime = time(NULL); - cout << "\nTest ended at " << asctime(localtime(&endTime)); -#endif -} diff --git a/cryptopp562/bench.h b/cryptopp562/bench.h deleted file mode 100644 index 8bb6ab9..0000000 --- a/cryptopp562/bench.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef CRYPTOPP_BENCH_H -#define CRYPTOPP_BENCH_H - -#include "cryptlib.h" - -extern const double CLOCK_TICKS_PER_SECOND; - -void BenchmarkAll(double t, double hertz); -void BenchmarkAll2(double t, double hertz); - -#endif diff --git a/cryptopp562/bench2.cpp b/cryptopp562/bench2.cpp deleted file mode 100644 index ca08a99..0000000 --- a/cryptopp562/bench2.cpp +++ /dev/null @@ -1,317 +0,0 @@ -// bench2.cpp - written and placed in the public domain by Wei Dai - -#include "bench.h" -#include "validate.h" -#include "files.h" -#include "hex.h" - -#include "rsa.h" -#include "nr.h" -#include "dsa.h" -#include "luc.h" -#include "rw.h" -#include "eccrypto.h" -#include "ecp.h" -#include "ec2n.h" -#include "asn.h" -#include "dh.h" -#include "mqv.h" -#include "xtrcrypt.h" -#include "esign.h" -#include "pssr.h" -#include "oids.h" -#include "randpool.h" - -#include <time.h> -#include <math.h> -#include <iostream> -#include <iomanip> - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -void OutputResultOperations(const char *name, const char *operation, bool pc, unsigned long iterations, double timeTaken); - -void BenchMarkEncryption(const char *name, PK_Encryptor &key, double timeTotal, bool pc=false) -{ - unsigned int len = 16; - SecByteBlock plaintext(len), ciphertext(key.CiphertextLength(len)); - GlobalRNG().GenerateBlock(plaintext, len); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - key.Encrypt(GlobalRNG(), plaintext, len, ciphertext); - - OutputResultOperations(name, "Encryption", pc, i, timeTaken); - - if (!pc && key.GetMaterial().SupportsPrecomputation()) - { - key.AccessMaterial().Precompute(16); - BenchMarkEncryption(name, key, timeTotal, true); - } -} - -void BenchMarkDecryption(const char *name, PK_Decryptor &priv, PK_Encryptor &pub, double timeTotal) -{ - unsigned int len = 16; - SecByteBlock ciphertext(pub.CiphertextLength(len)); - SecByteBlock plaintext(pub.MaxPlaintextLength(ciphertext.size())); - GlobalRNG().GenerateBlock(plaintext, len); - pub.Encrypt(GlobalRNG(), plaintext, len, ciphertext); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - priv.Decrypt(GlobalRNG(), ciphertext, ciphertext.size(), plaintext); - - OutputResultOperations(name, "Decryption", false, i, timeTaken); -} - -void BenchMarkSigning(const char *name, PK_Signer &key, double timeTotal, bool pc=false) -{ - unsigned int len = 16; - AlignedSecByteBlock message(len), signature(key.SignatureLength()); - GlobalRNG().GenerateBlock(message, len); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - key.SignMessage(GlobalRNG(), message, len, signature); - - OutputResultOperations(name, "Signature", pc, i, timeTaken); - - if (!pc && key.GetMaterial().SupportsPrecomputation()) - { - key.AccessMaterial().Precompute(16); - BenchMarkSigning(name, key, timeTotal, true); - } -} - -void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false) -{ - unsigned int len = 16; - AlignedSecByteBlock message(len), signature(pub.SignatureLength()); - GlobalRNG().GenerateBlock(message, len); - priv.SignMessage(GlobalRNG(), message, len, signature); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - pub.VerifyMessage(message, len, signature, signature.size()); - - OutputResultOperations(name, "Verification", pc, i, timeTaken); - - if (!pc && pub.GetMaterial().SupportsPrecomputation()) - { - pub.AccessMaterial().Precompute(16); - BenchMarkVerification(name, priv, pub, timeTotal, true); - } -} - -void BenchMarkKeyGen(const char *name, SimpleKeyAgreementDomain &d, double timeTotal, bool pc=false) -{ - SecByteBlock priv(d.PrivateKeyLength()), pub(d.PublicKeyLength()); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - d.GenerateKeyPair(GlobalRNG(), priv, pub); - - OutputResultOperations(name, "Key-Pair Generation", pc, i, timeTaken); - - if (!pc && d.GetMaterial().SupportsPrecomputation()) - { - d.AccessMaterial().Precompute(16); - BenchMarkKeyGen(name, d, timeTotal, true); - } -} - -void BenchMarkKeyGen(const char *name, AuthenticatedKeyAgreementDomain &d, double timeTotal, bool pc=false) -{ - SecByteBlock priv(d.EphemeralPrivateKeyLength()), pub(d.EphemeralPublicKeyLength()); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - d.GenerateEphemeralKeyPair(GlobalRNG(), priv, pub); - - OutputResultOperations(name, "Key-Pair Generation", pc, i, timeTaken); - - if (!pc && d.GetMaterial().SupportsPrecomputation()) - { - d.AccessMaterial().Precompute(16); - BenchMarkKeyGen(name, d, timeTotal, true); - } -} - -void BenchMarkAgreement(const char *name, SimpleKeyAgreementDomain &d, double timeTotal, bool pc=false) -{ - SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength()); - SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength()); - d.GenerateKeyPair(GlobalRNG(), priv1, pub1); - d.GenerateKeyPair(GlobalRNG(), priv2, pub2); - SecByteBlock val(d.AgreedValueLength()); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i+=2) - { - d.Agree(val, priv1, pub2); - d.Agree(val, priv2, pub1); - } - - OutputResultOperations(name, "Key Agreement", pc, i, timeTaken); -} - -void BenchMarkAgreement(const char *name, AuthenticatedKeyAgreementDomain &d, double timeTotal, bool pc=false) -{ - SecByteBlock spriv1(d.StaticPrivateKeyLength()), spriv2(d.StaticPrivateKeyLength()); - SecByteBlock epriv1(d.EphemeralPrivateKeyLength()), epriv2(d.EphemeralPrivateKeyLength()); - SecByteBlock spub1(d.StaticPublicKeyLength()), spub2(d.StaticPublicKeyLength()); - SecByteBlock epub1(d.EphemeralPublicKeyLength()), epub2(d.EphemeralPublicKeyLength()); - d.GenerateStaticKeyPair(GlobalRNG(), spriv1, spub1); - d.GenerateStaticKeyPair(GlobalRNG(), spriv2, spub2); - d.GenerateEphemeralKeyPair(GlobalRNG(), epriv1, epub1); - d.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2); - SecByteBlock val(d.AgreedValueLength()); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i+=2) - { - d.Agree(val, spriv1, epriv1, spub2, epub2); - d.Agree(val, spriv2, epriv2, spub1, epub1); - } - - OutputResultOperations(name, "Key Agreement", pc, i, timeTaken); -} - -//VC60 workaround: compiler bug triggered without the extra dummy parameters -template <class SCHEME> -void BenchMarkCrypto(const char *filename, const char *name, double timeTotal, SCHEME *x=NULL) -{ - FileSource f(filename, true, new HexDecoder()); - typename SCHEME::Decryptor priv(f); - typename SCHEME::Encryptor pub(priv); - BenchMarkEncryption(name, pub, timeTotal); - BenchMarkDecryption(name, priv, pub, timeTotal); -} - -//VC60 workaround: compiler bug triggered without the extra dummy parameters -template <class SCHEME> -void BenchMarkSignature(const char *filename, const char *name, double timeTotal, SCHEME *x=NULL) -{ - FileSource f(filename, true, new HexDecoder()); - typename SCHEME::Signer priv(f); - typename SCHEME::Verifier pub(priv); - BenchMarkSigning(name, priv, timeTotal); - BenchMarkVerification(name, priv, pub, timeTotal); -} - -//VC60 workaround: compiler bug triggered without the extra dummy parameters -template <class D> -void BenchMarkKeyAgreement(const char *filename, const char *name, double timeTotal, D *x=NULL) -{ - FileSource f(filename, true, new HexDecoder()); - D d(f); - BenchMarkKeyGen(name, d, timeTotal); - BenchMarkAgreement(name, d, timeTotal); -} - -extern double g_hertz; - -void BenchmarkAll2(double t, double hertz) -{ - g_hertz = hertz; - - cout << "<TABLE border=1><COLGROUP><COL align=left><COL align=right><COL align=right>" << endl; - cout << "<THEAD><TR><TH>Operation<TH>Milliseconds/Operation" << (g_hertz ? "<TH>Megacycles/Operation" : "") << endl; - - cout << "\n<TBODY style=\"background: yellow\">"; - BenchMarkCrypto<RSAES<OAEP<SHA> > >("TestData/rsa1024.dat", "RSA 1024", t); - BenchMarkCrypto<LUCES<OAEP<SHA> > >("TestData/luc1024.dat", "LUC 1024", t); - BenchMarkCrypto<DLIES<> >("TestData/dlie1024.dat", "DLIES 1024", t); - BenchMarkCrypto<LUC_IES<> >("TestData/lucc512.dat", "LUCELG 512", t); - - cout << "\n<TBODY style=\"background: white\">"; - BenchMarkCrypto<RSAES<OAEP<SHA> > >("TestData/rsa2048.dat", "RSA 2048", t); - BenchMarkCrypto<LUCES<OAEP<SHA> > >("TestData/luc2048.dat", "LUC 2048", t); - BenchMarkCrypto<DLIES<> >("TestData/dlie2048.dat", "DLIES 2048", t); - BenchMarkCrypto<LUC_IES<> >("TestData/lucc1024.dat", "LUCELG 1024", t); - - cout << "\n<TBODY style=\"background: yellow\">"; - BenchMarkSignature<RSASS<PSSR, SHA> >("TestData/rsa1024.dat", "RSA 1024", t); - BenchMarkSignature<RWSS<PSSR, SHA> >("TestData/rw1024.dat", "RW 1024", t); - BenchMarkSignature<LUCSS<PSSR, SHA> >("TestData/luc1024.dat", "LUC 1024", t); - BenchMarkSignature<NR<SHA> >("TestData/nr1024.dat", "NR 1024", t); - BenchMarkSignature<DSA>("TestData/dsa1024.dat", "DSA 1024", t); - BenchMarkSignature<LUC_HMP<SHA> >("TestData/lucs512.dat", "LUC-HMP 512", t); - BenchMarkSignature<ESIGN<SHA> >("TestData/esig1023.dat", "ESIGN 1023", t); - BenchMarkSignature<ESIGN<SHA> >("TestData/esig1536.dat", "ESIGN 1536", t); - - cout << "\n<TBODY style=\"background: white\">"; - BenchMarkSignature<RSASS<PSSR, SHA> >("TestData/rsa2048.dat", "RSA 2048", t); - BenchMarkSignature<RWSS<PSSR, SHA> >("TestData/rw2048.dat", "RW 2048", t); - BenchMarkSignature<LUCSS<PSSR, SHA> >("TestData/luc2048.dat", "LUC 2048", t); - BenchMarkSignature<NR<SHA> >("TestData/nr2048.dat", "NR 2048", t); - BenchMarkSignature<LUC_HMP<SHA> >("TestData/lucs1024.dat", "LUC-HMP 1024", t); - BenchMarkSignature<ESIGN<SHA> >("TestData/esig2046.dat", "ESIGN 2046", t); - - cout << "\n<TBODY style=\"background: yellow\">"; - BenchMarkKeyAgreement<XTR_DH>("TestData/xtrdh171.dat", "XTR-DH 171", t); - BenchMarkKeyAgreement<XTR_DH>("TestData/xtrdh342.dat", "XTR-DH 342", t); - BenchMarkKeyAgreement<DH>("TestData/dh1024.dat", "DH 1024", t); - BenchMarkKeyAgreement<DH>("TestData/dh2048.dat", "DH 2048", t); - BenchMarkKeyAgreement<LUC_DH>("TestData/lucd512.dat", "LUCDIF 512", t); - BenchMarkKeyAgreement<LUC_DH>("TestData/lucd1024.dat", "LUCDIF 1024", t); - BenchMarkKeyAgreement<MQV>("TestData/mqv1024.dat", "MQV 1024", t); - BenchMarkKeyAgreement<MQV>("TestData/mqv2048.dat", "MQV 2048", t); - - cout << "\n<TBODY style=\"background: white\">"; - { - ECIES<ECP>::Decryptor cpriv(GlobalRNG(), ASN1::secp256k1()); - ECIES<ECP>::Encryptor cpub(cpriv); - ECDSA<ECP, SHA>::Signer spriv(cpriv); - ECDSA<ECP, SHA>::Verifier spub(spriv); - ECDH<ECP>::Domain ecdhc(ASN1::secp256k1()); - ECMQV<ECP>::Domain ecmqvc(ASN1::secp256k1()); - - BenchMarkEncryption("ECIES over GF(p) 256", cpub, t); - BenchMarkDecryption("ECIES over GF(p) 256", cpriv, cpub, t); - BenchMarkSigning("ECDSA over GF(p) 256", spriv, t); - BenchMarkVerification("ECDSA over GF(p) 256", spriv, spub, t); - BenchMarkKeyGen("ECDHC over GF(p) 256", ecdhc, t); - BenchMarkAgreement("ECDHC over GF(p) 256", ecdhc, t); - BenchMarkKeyGen("ECMQVC over GF(p) 256", ecmqvc, t); - BenchMarkAgreement("ECMQVC over GF(p) 256", ecmqvc, t); - } - - cout << "<TBODY style=\"background: yellow\">" << endl; - { - ECIES<EC2N>::Decryptor cpriv(GlobalRNG(), ASN1::sect233r1()); - ECIES<EC2N>::Encryptor cpub(cpriv); - ECDSA<EC2N, SHA>::Signer spriv(cpriv); - ECDSA<EC2N, SHA>::Verifier spub(spriv); - ECDH<EC2N>::Domain ecdhc(ASN1::sect233r1()); - ECMQV<EC2N>::Domain ecmqvc(ASN1::sect233r1()); - - BenchMarkEncryption("ECIES over GF(2^n) 233", cpub, t); - BenchMarkDecryption("ECIES over GF(2^n) 233", cpriv, cpub, t); - BenchMarkSigning("ECDSA over GF(2^n) 233", spriv, t); - BenchMarkVerification("ECDSA over GF(2^n) 233", spriv, spub, t); - BenchMarkKeyGen("ECDHC over GF(2^n) 233", ecdhc, t); - BenchMarkAgreement("ECDHC over GF(2^n) 233", ecdhc, t); - BenchMarkKeyGen("ECMQVC over GF(2^n) 233", ecmqvc, t); - BenchMarkAgreement("ECMQVC over GF(2^n) 233", ecmqvc, t); - } - cout << "</TABLE>" << endl; -} diff --git a/cryptopp562/bfinit.cpp b/cryptopp562/bfinit.cpp deleted file mode 100644 index 714570a..0000000 --- a/cryptopp562/bfinit.cpp +++ /dev/null @@ -1,277 +0,0 @@ -#include "pch.h" -#include "blowfish.h" - -NAMESPACE_BEGIN(CryptoPP) - -const word32 Blowfish::Base::p_init[Blowfish::ROUNDS+2] = -{ - 608135816U, 2242054355U, 320440878U, 57701188U, - 2752067618U, 698298832U, 137296536U, 3964562569U, - 1160258022U, 953160567U, 3193202383U, 887688300U, - 3232508343U, 3380367581U, 1065670069U, 3041331479U, - 2450970073U, 2306472731U -} ; - -const word32 Blowfish::Base::s_init[4*256] = { - 3509652390U, 2564797868U, 805139163U, 3491422135U, - 3101798381U, 1780907670U, 3128725573U, 4046225305U, - 614570311U, 3012652279U, 134345442U, 2240740374U, - 1667834072U, 1901547113U, 2757295779U, 4103290238U, - 227898511U, 1921955416U, 1904987480U, 2182433518U, - 2069144605U, 3260701109U, 2620446009U, 720527379U, - 3318853667U, 677414384U, 3393288472U, 3101374703U, - 2390351024U, 1614419982U, 1822297739U, 2954791486U, - 3608508353U, 3174124327U, 2024746970U, 1432378464U, - 3864339955U, 2857741204U, 1464375394U, 1676153920U, - 1439316330U, 715854006U, 3033291828U, 289532110U, - 2706671279U, 2087905683U, 3018724369U, 1668267050U, - 732546397U, 1947742710U, 3462151702U, 2609353502U, - 2950085171U, 1814351708U, 2050118529U, 680887927U, - 999245976U, 1800124847U, 3300911131U, 1713906067U, - 1641548236U, 4213287313U, 1216130144U, 1575780402U, - 4018429277U, 3917837745U, 3693486850U, 3949271944U, - 596196993U, 3549867205U, 258830323U, 2213823033U, - 772490370U, 2760122372U, 1774776394U, 2652871518U, - 566650946U, 4142492826U, 1728879713U, 2882767088U, - 1783734482U, 3629395816U, 2517608232U, 2874225571U, - 1861159788U, 326777828U, 3124490320U, 2130389656U, - 2716951837U, 967770486U, 1724537150U, 2185432712U, - 2364442137U, 1164943284U, 2105845187U, 998989502U, - 3765401048U, 2244026483U, 1075463327U, 1455516326U, - 1322494562U, 910128902U, 469688178U, 1117454909U, - 936433444U, 3490320968U, 3675253459U, 1240580251U, - 122909385U, 2157517691U, 634681816U, 4142456567U, - 3825094682U, 3061402683U, 2540495037U, 79693498U, - 3249098678U, 1084186820U, 1583128258U, 426386531U, - 1761308591U, 1047286709U, 322548459U, 995290223U, - 1845252383U, 2603652396U, 3431023940U, 2942221577U, - 3202600964U, 3727903485U, 1712269319U, 422464435U, - 3234572375U, 1170764815U, 3523960633U, 3117677531U, - 1434042557U, 442511882U, 3600875718U, 1076654713U, - 1738483198U, 4213154764U, 2393238008U, 3677496056U, - 1014306527U, 4251020053U, 793779912U, 2902807211U, - 842905082U, 4246964064U, 1395751752U, 1040244610U, - 2656851899U, 3396308128U, 445077038U, 3742853595U, - 3577915638U, 679411651U, 2892444358U, 2354009459U, - 1767581616U, 3150600392U, 3791627101U, 3102740896U, - 284835224U, 4246832056U, 1258075500U, 768725851U, - 2589189241U, 3069724005U, 3532540348U, 1274779536U, - 3789419226U, 2764799539U, 1660621633U, 3471099624U, - 4011903706U, 913787905U, 3497959166U, 737222580U, - 2514213453U, 2928710040U, 3937242737U, 1804850592U, - 3499020752U, 2949064160U, 2386320175U, 2390070455U, - 2415321851U, 4061277028U, 2290661394U, 2416832540U, - 1336762016U, 1754252060U, 3520065937U, 3014181293U, - 791618072U, 3188594551U, 3933548030U, 2332172193U, - 3852520463U, 3043980520U, 413987798U, 3465142937U, - 3030929376U, 4245938359U, 2093235073U, 3534596313U, - 375366246U, 2157278981U, 2479649556U, 555357303U, - 3870105701U, 2008414854U, 3344188149U, 4221384143U, - 3956125452U, 2067696032U, 3594591187U, 2921233993U, - 2428461U, 544322398U, 577241275U, 1471733935U, - 610547355U, 4027169054U, 1432588573U, 1507829418U, - 2025931657U, 3646575487U, 545086370U, 48609733U, - 2200306550U, 1653985193U, 298326376U, 1316178497U, - 3007786442U, 2064951626U, 458293330U, 2589141269U, - 3591329599U, 3164325604U, 727753846U, 2179363840U, - 146436021U, 1461446943U, 4069977195U, 705550613U, - 3059967265U, 3887724982U, 4281599278U, 3313849956U, - 1404054877U, 2845806497U, 146425753U, 1854211946U, - - 1266315497U, 3048417604U, 3681880366U, 3289982499U, - 2909710000U, 1235738493U, 2632868024U, 2414719590U, - 3970600049U, 1771706367U, 1449415276U, 3266420449U, - 422970021U, 1963543593U, 2690192192U, 3826793022U, - 1062508698U, 1531092325U, 1804592342U, 2583117782U, - 2714934279U, 4024971509U, 1294809318U, 4028980673U, - 1289560198U, 2221992742U, 1669523910U, 35572830U, - 157838143U, 1052438473U, 1016535060U, 1802137761U, - 1753167236U, 1386275462U, 3080475397U, 2857371447U, - 1040679964U, 2145300060U, 2390574316U, 1461121720U, - 2956646967U, 4031777805U, 4028374788U, 33600511U, - 2920084762U, 1018524850U, 629373528U, 3691585981U, - 3515945977U, 2091462646U, 2486323059U, 586499841U, - 988145025U, 935516892U, 3367335476U, 2599673255U, - 2839830854U, 265290510U, 3972581182U, 2759138881U, - 3795373465U, 1005194799U, 847297441U, 406762289U, - 1314163512U, 1332590856U, 1866599683U, 4127851711U, - 750260880U, 613907577U, 1450815602U, 3165620655U, - 3734664991U, 3650291728U, 3012275730U, 3704569646U, - 1427272223U, 778793252U, 1343938022U, 2676280711U, - 2052605720U, 1946737175U, 3164576444U, 3914038668U, - 3967478842U, 3682934266U, 1661551462U, 3294938066U, - 4011595847U, 840292616U, 3712170807U, 616741398U, - 312560963U, 711312465U, 1351876610U, 322626781U, - 1910503582U, 271666773U, 2175563734U, 1594956187U, - 70604529U, 3617834859U, 1007753275U, 1495573769U, - 4069517037U, 2549218298U, 2663038764U, 504708206U, - 2263041392U, 3941167025U, 2249088522U, 1514023603U, - 1998579484U, 1312622330U, 694541497U, 2582060303U, - 2151582166U, 1382467621U, 776784248U, 2618340202U, - 3323268794U, 2497899128U, 2784771155U, 503983604U, - 4076293799U, 907881277U, 423175695U, 432175456U, - 1378068232U, 4145222326U, 3954048622U, 3938656102U, - 3820766613U, 2793130115U, 2977904593U, 26017576U, - 3274890735U, 3194772133U, 1700274565U, 1756076034U, - 4006520079U, 3677328699U, 720338349U, 1533947780U, - 354530856U, 688349552U, 3973924725U, 1637815568U, - 332179504U, 3949051286U, 53804574U, 2852348879U, - 3044236432U, 1282449977U, 3583942155U, 3416972820U, - 4006381244U, 1617046695U, 2628476075U, 3002303598U, - 1686838959U, 431878346U, 2686675385U, 1700445008U, - 1080580658U, 1009431731U, 832498133U, 3223435511U, - 2605976345U, 2271191193U, 2516031870U, 1648197032U, - 4164389018U, 2548247927U, 300782431U, 375919233U, - 238389289U, 3353747414U, 2531188641U, 2019080857U, - 1475708069U, 455242339U, 2609103871U, 448939670U, - 3451063019U, 1395535956U, 2413381860U, 1841049896U, - 1491858159U, 885456874U, 4264095073U, 4001119347U, - 1565136089U, 3898914787U, 1108368660U, 540939232U, - 1173283510U, 2745871338U, 3681308437U, 4207628240U, - 3343053890U, 4016749493U, 1699691293U, 1103962373U, - 3625875870U, 2256883143U, 3830138730U, 1031889488U, - 3479347698U, 1535977030U, 4236805024U, 3251091107U, - 2132092099U, 1774941330U, 1199868427U, 1452454533U, - 157007616U, 2904115357U, 342012276U, 595725824U, - 1480756522U, 206960106U, 497939518U, 591360097U, - 863170706U, 2375253569U, 3596610801U, 1814182875U, - 2094937945U, 3421402208U, 1082520231U, 3463918190U, - 2785509508U, 435703966U, 3908032597U, 1641649973U, - 2842273706U, 3305899714U, 1510255612U, 2148256476U, - 2655287854U, 3276092548U, 4258621189U, 236887753U, - 3681803219U, 274041037U, 1734335097U, 3815195456U, - 3317970021U, 1899903192U, 1026095262U, 4050517792U, - 356393447U, 2410691914U, 3873677099U, 3682840055U, - - 3913112168U, 2491498743U, 4132185628U, 2489919796U, - 1091903735U, 1979897079U, 3170134830U, 3567386728U, - 3557303409U, 857797738U, 1136121015U, 1342202287U, - 507115054U, 2535736646U, 337727348U, 3213592640U, - 1301675037U, 2528481711U, 1895095763U, 1721773893U, - 3216771564U, 62756741U, 2142006736U, 835421444U, - 2531993523U, 1442658625U, 3659876326U, 2882144922U, - 676362277U, 1392781812U, 170690266U, 3921047035U, - 1759253602U, 3611846912U, 1745797284U, 664899054U, - 1329594018U, 3901205900U, 3045908486U, 2062866102U, - 2865634940U, 3543621612U, 3464012697U, 1080764994U, - 553557557U, 3656615353U, 3996768171U, 991055499U, - 499776247U, 1265440854U, 648242737U, 3940784050U, - 980351604U, 3713745714U, 1749149687U, 3396870395U, - 4211799374U, 3640570775U, 1161844396U, 3125318951U, - 1431517754U, 545492359U, 4268468663U, 3499529547U, - 1437099964U, 2702547544U, 3433638243U, 2581715763U, - 2787789398U, 1060185593U, 1593081372U, 2418618748U, - 4260947970U, 69676912U, 2159744348U, 86519011U, - 2512459080U, 3838209314U, 1220612927U, 3339683548U, - 133810670U, 1090789135U, 1078426020U, 1569222167U, - 845107691U, 3583754449U, 4072456591U, 1091646820U, - 628848692U, 1613405280U, 3757631651U, 526609435U, - 236106946U, 48312990U, 2942717905U, 3402727701U, - 1797494240U, 859738849U, 992217954U, 4005476642U, - 2243076622U, 3870952857U, 3732016268U, 765654824U, - 3490871365U, 2511836413U, 1685915746U, 3888969200U, - 1414112111U, 2273134842U, 3281911079U, 4080962846U, - 172450625U, 2569994100U, 980381355U, 4109958455U, - 2819808352U, 2716589560U, 2568741196U, 3681446669U, - 3329971472U, 1835478071U, 660984891U, 3704678404U, - 4045999559U, 3422617507U, 3040415634U, 1762651403U, - 1719377915U, 3470491036U, 2693910283U, 3642056355U, - 3138596744U, 1364962596U, 2073328063U, 1983633131U, - 926494387U, 3423689081U, 2150032023U, 4096667949U, - 1749200295U, 3328846651U, 309677260U, 2016342300U, - 1779581495U, 3079819751U, 111262694U, 1274766160U, - 443224088U, 298511866U, 1025883608U, 3806446537U, - 1145181785U, 168956806U, 3641502830U, 3584813610U, - 1689216846U, 3666258015U, 3200248200U, 1692713982U, - 2646376535U, 4042768518U, 1618508792U, 1610833997U, - 3523052358U, 4130873264U, 2001055236U, 3610705100U, - 2202168115U, 4028541809U, 2961195399U, 1006657119U, - 2006996926U, 3186142756U, 1430667929U, 3210227297U, - 1314452623U, 4074634658U, 4101304120U, 2273951170U, - 1399257539U, 3367210612U, 3027628629U, 1190975929U, - 2062231137U, 2333990788U, 2221543033U, 2438960610U, - 1181637006U, 548689776U, 2362791313U, 3372408396U, - 3104550113U, 3145860560U, 296247880U, 1970579870U, - 3078560182U, 3769228297U, 1714227617U, 3291629107U, - 3898220290U, 166772364U, 1251581989U, 493813264U, - 448347421U, 195405023U, 2709975567U, 677966185U, - 3703036547U, 1463355134U, 2715995803U, 1338867538U, - 1343315457U, 2802222074U, 2684532164U, 233230375U, - 2599980071U, 2000651841U, 3277868038U, 1638401717U, - 4028070440U, 3237316320U, 6314154U, 819756386U, - 300326615U, 590932579U, 1405279636U, 3267499572U, - 3150704214U, 2428286686U, 3959192993U, 3461946742U, - 1862657033U, 1266418056U, 963775037U, 2089974820U, - 2263052895U, 1917689273U, 448879540U, 3550394620U, - 3981727096U, 150775221U, 3627908307U, 1303187396U, - 508620638U, 2975983352U, 2726630617U, 1817252668U, - 1876281319U, 1457606340U, 908771278U, 3720792119U, - 3617206836U, 2455994898U, 1729034894U, 1080033504U, - - 976866871U, 3556439503U, 2881648439U, 1522871579U, - 1555064734U, 1336096578U, 3548522304U, 2579274686U, - 3574697629U, 3205460757U, 3593280638U, 3338716283U, - 3079412587U, 564236357U, 2993598910U, 1781952180U, - 1464380207U, 3163844217U, 3332601554U, 1699332808U, - 1393555694U, 1183702653U, 3581086237U, 1288719814U, - 691649499U, 2847557200U, 2895455976U, 3193889540U, - 2717570544U, 1781354906U, 1676643554U, 2592534050U, - 3230253752U, 1126444790U, 2770207658U, 2633158820U, - 2210423226U, 2615765581U, 2414155088U, 3127139286U, - 673620729U, 2805611233U, 1269405062U, 4015350505U, - 3341807571U, 4149409754U, 1057255273U, 2012875353U, - 2162469141U, 2276492801U, 2601117357U, 993977747U, - 3918593370U, 2654263191U, 753973209U, 36408145U, - 2530585658U, 25011837U, 3520020182U, 2088578344U, - 530523599U, 2918365339U, 1524020338U, 1518925132U, - 3760827505U, 3759777254U, 1202760957U, 3985898139U, - 3906192525U, 674977740U, 4174734889U, 2031300136U, - 2019492241U, 3983892565U, 4153806404U, 3822280332U, - 352677332U, 2297720250U, 60907813U, 90501309U, - 3286998549U, 1016092578U, 2535922412U, 2839152426U, - 457141659U, 509813237U, 4120667899U, 652014361U, - 1966332200U, 2975202805U, 55981186U, 2327461051U, - 676427537U, 3255491064U, 2882294119U, 3433927263U, - 1307055953U, 942726286U, 933058658U, 2468411793U, - 3933900994U, 4215176142U, 1361170020U, 2001714738U, - 2830558078U, 3274259782U, 1222529897U, 1679025792U, - 2729314320U, 3714953764U, 1770335741U, 151462246U, - 3013232138U, 1682292957U, 1483529935U, 471910574U, - 1539241949U, 458788160U, 3436315007U, 1807016891U, - 3718408830U, 978976581U, 1043663428U, 3165965781U, - 1927990952U, 4200891579U, 2372276910U, 3208408903U, - 3533431907U, 1412390302U, 2931980059U, 4132332400U, - 1947078029U, 3881505623U, 4168226417U, 2941484381U, - 1077988104U, 1320477388U, 886195818U, 18198404U, - 3786409000U, 2509781533U, 112762804U, 3463356488U, - 1866414978U, 891333506U, 18488651U, 661792760U, - 1628790961U, 3885187036U, 3141171499U, 876946877U, - 2693282273U, 1372485963U, 791857591U, 2686433993U, - 3759982718U, 3167212022U, 3472953795U, 2716379847U, - 445679433U, 3561995674U, 3504004811U, 3574258232U, - 54117162U, 3331405415U, 2381918588U, 3769707343U, - 4154350007U, 1140177722U, 4074052095U, 668550556U, - 3214352940U, 367459370U, 261225585U, 2610173221U, - 4209349473U, 3468074219U, 3265815641U, 314222801U, - 3066103646U, 3808782860U, 282218597U, 3406013506U, - 3773591054U, 379116347U, 1285071038U, 846784868U, - 2669647154U, 3771962079U, 3550491691U, 2305946142U, - 453669953U, 1268987020U, 3317592352U, 3279303384U, - 3744833421U, 2610507566U, 3859509063U, 266596637U, - 3847019092U, 517658769U, 3462560207U, 3443424879U, - 370717030U, 4247526661U, 2224018117U, 4143653529U, - 4112773975U, 2788324899U, 2477274417U, 1456262402U, - 2901442914U, 1517677493U, 1846949527U, 2295493580U, - 3734397586U, 2176403920U, 1280348187U, 1908823572U, - 3871786941U, 846861322U, 1172426758U, 3287448474U, - 3383383037U, 1655181056U, 3139813346U, 901632758U, - 1897031941U, 2986607138U, 3066810236U, 3447102507U, - 1393639104U, 373351379U, 950779232U, 625454576U, - 3124240540U, 4148612726U, 2007998917U, 544563296U, - 2244738638U, 2330496472U, 2058025392U, 1291430526U, - 424198748U, 50039436U, 29584100U, 3605783033U, - 2429876329U, 2791104160U, 1057563949U, 3255363231U, - 3075367218U, 3463963227U, 1469046755U, 985887462U -}; - -NAMESPACE_END diff --git a/cryptopp562/blowfish.cpp b/cryptopp562/blowfish.cpp deleted file mode 100644 index aaa637c..0000000 --- a/cryptopp562/blowfish.cpp +++ /dev/null @@ -1,99 +0,0 @@ -// blowfish.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "blowfish.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Blowfish::Base::UncheckedSetKey(const byte *key_string, unsigned int keylength, const NameValuePairs &) -{ - AssertValidKeyLength(keylength); - - unsigned i, j=0, k; - word32 data, dspace[2] = {0, 0}; - - memcpy(pbox, p_init, sizeof(p_init)); - memcpy(sbox, s_init, sizeof(s_init)); - - // Xor key string into encryption key vector - for (i=0 ; i<ROUNDS+2 ; ++i) - { - data = 0 ; - for (k=0 ; k<4 ; ++k ) - data = (data << 8) | key_string[j++ % keylength]; - pbox[i] ^= data; - } - - crypt_block(dspace, pbox); - - for (i=0; i<ROUNDS; i+=2) - crypt_block(pbox+i, pbox+i+2); - - crypt_block(pbox+ROUNDS, sbox); - - for (i=0; i<4*256-2; i+=2) - crypt_block(sbox+i, sbox+i+2); - - if (!IsForwardTransformation()) - for (i=0; i<(ROUNDS+2)/2; i++) - std::swap(pbox[i], pbox[ROUNDS+1-i]); -} - -// this version is only used to make pbox and sbox -void Blowfish::Base::crypt_block(const word32 in[2], word32 out[2]) const -{ - word32 left = in[0]; - word32 right = in[1]; - - const word32 *const s=sbox; - const word32 *p=pbox; - - left ^= p[0]; - - for (unsigned i=0; i<ROUNDS/2; i++) - { - right ^= (((s[GETBYTE(left,3)] + s[256+GETBYTE(left,2)]) - ^ s[2*256+GETBYTE(left,1)]) + s[3*256+GETBYTE(left,0)]) - ^ p[2*i+1]; - - left ^= (((s[GETBYTE(right,3)] + s[256+GETBYTE(right,2)]) - ^ s[2*256+GETBYTE(right,1)]) + s[3*256+GETBYTE(right,0)]) - ^ p[2*i+2]; - } - - right ^= p[ROUNDS+1]; - - out[0] = right; - out[1] = left; -} - -void Blowfish::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - typedef BlockGetAndPut<word32, BigEndian> Block; - - word32 left, right; - Block::Get(inBlock)(left)(right); - - const word32 *const s=sbox; - const word32 *p=pbox; - - left ^= p[0]; - - for (unsigned i=0; i<ROUNDS/2; i++) - { - right ^= (((s[GETBYTE(left,3)] + s[256+GETBYTE(left,2)]) - ^ s[2*256+GETBYTE(left,1)]) + s[3*256+GETBYTE(left,0)]) - ^ p[2*i+1]; - - left ^= (((s[GETBYTE(right,3)] + s[256+GETBYTE(right,2)]) - ^ s[2*256+GETBYTE(right,1)]) + s[3*256+GETBYTE(right,0)]) - ^ p[2*i+2]; - } - - right ^= p[ROUNDS+1]; - - Block::Put(xorBlock, outBlock)(right)(left); -} - -NAMESPACE_END diff --git a/cryptopp562/blowfish.h b/cryptopp562/blowfish.h deleted file mode 100644 index ebc4f94..0000000 --- a/cryptopp562/blowfish.h +++ /dev/null @@ -1,46 +0,0 @@ -#ifndef CRYPTOPP_BLOWFISH_H -#define CRYPTOPP_BLOWFISH_H - -/** \file */ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Blowfish_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 4, 56>, public FixedRounds<16> -{ - static const char *StaticAlgorithmName() {return "Blowfish";} -}; - -//! <a href="http://www.weidai.com/scan-mirror/cs.html#Blowfish">Blowfish</a> -class Blowfish : public Blowfish_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<Blowfish_Info> - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - void UncheckedSetKey(const byte *key_string, unsigned int keylength, const NameValuePairs ¶ms); - - private: - void crypt_block(const word32 in[2], word32 out[2]) const; - - static const word32 p_init[ROUNDS+2]; - static const word32 s_init[4*256]; - - FixedSizeSecBlock<word32, ROUNDS+2> pbox; - FixedSizeSecBlock<word32, 4*256> sbox; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -typedef Blowfish::Encryption BlowfishEncryption; -typedef Blowfish::Decryption BlowfishDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/blumshub.cpp b/cryptopp562/blumshub.cpp deleted file mode 100644 index be9b758..0000000 --- a/cryptopp562/blumshub.cpp +++ /dev/null @@ -1,63 +0,0 @@ -// blumshub.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "blumshub.h" - -NAMESPACE_BEGIN(CryptoPP) - -PublicBlumBlumShub::PublicBlumBlumShub(const Integer &n, const Integer &seed) - : modn(n), - maxBits(BitPrecision(n.BitCount())-1) -{ - current = modn.Square(modn.Square(seed)); - bitsLeft = maxBits; -} - -unsigned int PublicBlumBlumShub::GenerateBit() -{ - if (bitsLeft==0) - { - current = modn.Square(current); - bitsLeft = maxBits; - } - - return current.GetBit(--bitsLeft); -} - -byte PublicBlumBlumShub::GenerateByte() -{ - byte b=0; - for (int i=0; i<8; i++) - b = (b << 1) | PublicBlumBlumShub::GenerateBit(); - return b; -} - -void PublicBlumBlumShub::GenerateBlock(byte *output, size_t size) -{ - while (size--) - *output++ = PublicBlumBlumShub::GenerateByte(); -} - -void PublicBlumBlumShub::ProcessData(byte *outString, const byte *inString, size_t length) -{ - while (length--) - *outString++ = *inString++ ^ PublicBlumBlumShub::GenerateByte(); -} - -BlumBlumShub::BlumBlumShub(const Integer &p, const Integer &q, const Integer &seed) - : PublicBlumBlumShub(p*q, seed), - p(p), q(q), - x0(modn.Square(seed)) -{ -} - -void BlumBlumShub::Seek(lword index) -{ - Integer i(Integer::POSITIVE, index); - i *= 8; - Integer e = a_exp_b_mod_c (2, i / maxBits + 1, (p-1)*(q-1)); - current = modn.Exponentiate(x0, e); - bitsLeft = maxBits - i % maxBits; -} - -NAMESPACE_END diff --git a/cryptopp562/blumshub.h b/cryptopp562/blumshub.h deleted file mode 100644 index 5e50747..0000000 --- a/cryptopp562/blumshub.h +++ /dev/null @@ -1,53 +0,0 @@ -#ifndef CRYPTOPP_BLUMSHUB_H -#define CRYPTOPP_BLUMSHUB_H - -#include "modarith.h" - -NAMESPACE_BEGIN(CryptoPP) - -class BlumGoldwasserPublicKey; -class BlumGoldwasserPrivateKey; - -//! BlumBlumShub without factorization of the modulus -class PublicBlumBlumShub : public RandomNumberGenerator, - public StreamTransformation -{ -public: - PublicBlumBlumShub(const Integer &n, const Integer &seed); - - unsigned int GenerateBit(); - byte GenerateByte(); - void GenerateBlock(byte *output, size_t size); - void ProcessData(byte *outString, const byte *inString, size_t length); - - bool IsSelfInverting() const {return true;} - bool IsForwardTransformation() const {return true;} - -protected: - ModularArithmetic modn; - word maxBits, bitsLeft; - Integer current; - - friend class BlumGoldwasserPublicKey; - friend class BlumGoldwasserPrivateKey; -}; - -//! BlumBlumShub with factorization of the modulus -class BlumBlumShub : public PublicBlumBlumShub -{ -public: - // Make sure p and q are both primes congruent to 3 mod 4 and at least 512 bits long, - // seed is the secret key and should be about as big as p*q - BlumBlumShub(const Integer &p, const Integer &q, const Integer &seed); - - bool IsRandomAccess() const {return true;} - void Seek(lword index); - -protected: - const Integer p, q; - const Integer x0; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/camellia.cpp b/cryptopp562/camellia.cpp deleted file mode 100644 index 80b3e28..0000000 --- a/cryptopp562/camellia.cpp +++ /dev/null @@ -1,524 +0,0 @@ -// camellia.cpp - by Kevin Springle, 2003 -// This code is hereby placed in the public domain. - -/* -Optimisations and defense against timing attacks added in Jan 2007 by Wei Dai. - -The first 2 rounds and the last round seem especially vulnerable to timing -attacks. The protection is similar to what was implemented for Rijndael. -See comments at top of rijndael.cpp for more details. -*/ - -#include "pch.h" - -#include "camellia.h" -#include "misc.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -// round implementation that uses a small table for protection against timing attacks -#define SLOW_ROUND(lh, ll, rh, rl, kh, kl) { \ - word32 zr = ll ^ kl; \ - word32 zl = lh ^ kh; \ - zr= rotlFixed(s1[GETBYTE(zr, 3)], 1) | \ - (rotrFixed(s1[GETBYTE(zr, 2)], 1) << 24) | \ - (s1[rotlFixed(CRYPTOPP_GET_BYTE_AS_BYTE(zr, 1),1)] << 16) | \ - (s1[GETBYTE(zr, 0)] << 8); \ - zl= (s1[GETBYTE(zl, 3)] << 24) | \ - (rotlFixed(s1[GETBYTE(zl, 2)], 1) << 16) | \ - (rotrFixed(s1[GETBYTE(zl, 1)], 1) << 8) | \ - s1[rotlFixed(CRYPTOPP_GET_BYTE_AS_BYTE(zl, 0), 1)]; \ - zl ^= zr; \ - zr = zl ^ rotlFixed(zr, 8); \ - zl = zr ^ rotrFixed(zl, 8); \ - rh ^= rotlFixed(zr, 16); \ - rh ^= zl; \ - rl ^= rotlFixed(zl, 8); \ - } - -// normal round - same output as above but using larger tables for faster speed -#define ROUND(lh, ll, rh, rl, kh, kl) { \ - word32 th = lh ^ kh; \ - word32 tl = ll ^ kl; \ - word32 d = SP[0][GETBYTE(tl,0)] ^ SP[1][GETBYTE(tl,3)] ^ SP[2][GETBYTE(tl,2)] ^ SP[3][GETBYTE(tl,1)]; \ - word32 u = SP[0][GETBYTE(th,3)] ^ SP[1][GETBYTE(th,2)] ^ SP[2][GETBYTE(th,1)] ^ SP[3][GETBYTE(th,0)]; \ - d ^= u; \ - rh ^= d; \ - rl ^= d; \ - rl ^= rotrFixed(u, 8);} - -#define DOUBLE_ROUND(lh, ll, rh, rl, k0, k1, k2, k3) \ - ROUND(lh, ll, rh, rl, k0, k1) \ - ROUND(rh, rl, lh, ll, k2, k3) - -#ifdef IS_LITTLE_ENDIAN -#define EFI(i) (1-(i)) -#else -#define EFI(i) (i) -#endif - -void Camellia::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &) -{ - m_rounds = (keylen >= 24) ? 4 : 3; - unsigned int kslen = (8 * m_rounds + 2); - m_key.New(kslen*2); - word32 *ks32 = m_key.data(); - int m=0, a=0; - if (!IsForwardTransformation()) - m = -1, a = kslen-1; - - word32 kl0, kl1, kl2, kl3; - GetBlock<word32, BigEndian> getBlock(key); - getBlock(kl0)(kl1)(kl2)(kl3); - word32 k0=kl0, k1=kl1, k2=kl2, k3=kl3; - -#define CALC_ADDR2(base, i, j) ((byte *)(base)+8*(i)+4*(j)+((-16*(i))&m)) -#define CALC_ADDR(base, i) CALC_ADDR2(base, i, 0) - -#if 1 - word64 kwl, kwr; - ks32 += 2*a; -#define PREPARE_KS_ROUNDS \ - kwl = (word64(k0) << 32) | k1; \ - kwr = (word64(k2) << 32) | k3 -#define KS_ROUND_0(i) \ - *(word64*)CALC_ADDR(ks32, i+EFI(0)) = kwl; \ - *(word64*)CALC_ADDR(ks32, i+EFI(1)) = kwr -#define KS_ROUND(i, r, which) \ - if (which & (1<<int(r<64))) *(word64*)CALC_ADDR(ks32, i+EFI(r<64)) = (kwr << (r%64)) | (kwl >> (64 - (r%64))); \ - if (which & (1<<int(r>64))) *(word64*)CALC_ADDR(ks32, i+EFI(r>64)) = (kwl << (r%64)) | (kwr >> (64 - (r%64))) -#else - // SSE2 version is 30% faster on Intel Core 2. Doesn't seem worth the hassle of maintenance, but left here - // #if'd out in case someone needs it. - __m128i kw, kw2; - __m128i *ks128 = (__m128i *)ks32+a/2; - ks32 += 2*a; -#define PREPARE_KS_ROUNDS \ - kw = _mm_set_epi32(k0, k1, k2, k3); \ - if (m) kw2 = kw, kw = _mm_shuffle_epi32(kw, _MM_SHUFFLE(1, 0, 3, 2)); \ - else kw2 = _mm_shuffle_epi32(kw, _MM_SHUFFLE(1, 0, 3, 2)) -#define KS_ROUND_0(i) \ - _mm_store_si128((__m128i *)CALC_ADDR(ks128, i), kw) -#define KS_ROUND(i, r, which) { \ - __m128i temp; \ - if (r<64 && (which!=1 || m)) temp = _mm_or_si128(_mm_slli_epi64(kw, r%64), _mm_srli_epi64(kw2, 64-r%64)); \ - else temp = _mm_or_si128(_mm_slli_epi64(kw2, r%64), _mm_srli_epi64(kw, 64-r%64)); \ - if (which & 2) _mm_store_si128((__m128i *)CALC_ADDR(ks128, i), temp); \ - else _mm_storel_epi64((__m128i*)CALC_ADDR(ks32, i+EFI(0)), temp); \ - } -#endif - - if (keylen == 16) - { - // KL - PREPARE_KS_ROUNDS; - KS_ROUND_0(0); - KS_ROUND(4, 15, 3); - KS_ROUND(10, 45, 3); - KS_ROUND(12, 60, 2); - KS_ROUND(16, 77, 3); - KS_ROUND(18, 94, 3); - KS_ROUND(22, 111, 3); - - // KA - k0=kl0, k1=kl1, k2=kl2, k3=kl3; - DOUBLE_ROUND(k0, k1, k2, k3, 0xA09E667Ful, 0x3BCC908Bul, 0xB67AE858ul, 0x4CAA73B2ul); - k0^=kl0, k1^=kl1, k2^=kl2, k3^=kl3; - DOUBLE_ROUND(k0, k1, k2, k3, 0xC6EF372Ful, 0xE94F82BEul, 0x54FF53A5ul, 0xF1D36F1Cul); - - PREPARE_KS_ROUNDS; - KS_ROUND_0(2); - KS_ROUND(6, 15, 3); - KS_ROUND(8, 30, 3); - KS_ROUND(12, 45, 1); - KS_ROUND(14, 60, 3); - KS_ROUND(20, 94, 3); - KS_ROUND(24, 47, 3); - } - else - { - // KL - PREPARE_KS_ROUNDS; - KS_ROUND_0(0); - KS_ROUND(12, 45, 3); - KS_ROUND(16, 60, 3); - KS_ROUND(22, 77, 3); - KS_ROUND(30, 111, 3); - - // KR - word32 kr0, kr1, kr2, kr3; - GetBlock<word32, BigEndian>(key+16)(kr0)(kr1); - if (keylen == 24) - kr2 = ~kr0, kr3 = ~kr1; - else - GetBlock<word32, BigEndian>(key+24)(kr2)(kr3); - k0=kr0, k1=kr1, k2=kr2, k3=kr3; - - PREPARE_KS_ROUNDS; - KS_ROUND(4, 15, 3); - KS_ROUND(8, 30, 3); - KS_ROUND(18, 60, 3); - KS_ROUND(26, 94, 3); - - // KA - k0^=kl0, k1^=kl1, k2^=kl2, k3^=kl3; - DOUBLE_ROUND(k0, k1, k2, k3, 0xA09E667Ful, 0x3BCC908Bul, 0xB67AE858ul, 0x4CAA73B2ul); - k0^=kl0, k1^=kl1, k2^=kl2, k3^=kl3; - DOUBLE_ROUND(k0, k1, k2, k3, 0xC6EF372Ful, 0xE94F82BEul, 0x54FF53A5ul, 0xF1D36F1Cul); - - PREPARE_KS_ROUNDS; - KS_ROUND(6, 15, 3); - KS_ROUND(14, 45, 3); - KS_ROUND(24, 77, 3); - KS_ROUND(28, 94, 3); - - // KB - k0^=kr0, k1^=kr1, k2^=kr2, k3^=kr3; - DOUBLE_ROUND(k0, k1, k2, k3, 0x10E527FAul, 0xDE682D1Dul, 0xB05688C2ul, 0xB3E6C1FDul); - - PREPARE_KS_ROUNDS; - KS_ROUND_0(2); - KS_ROUND(10, 30, 3); - KS_ROUND(20, 60, 3); - KS_ROUND(32, 47, 3); - } -} - -void Camellia::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ -#define KS(i, j) ks[i*4 + EFI(j/2)*2 + EFI(j%2)] - -#define FL(klh, kll, krh, krl) \ - ll ^= rotlFixed(lh & klh, 1); \ - lh ^= (ll | kll); \ - rh ^= (rl | krl); \ - rl ^= rotlFixed(rh & krh, 1); - - word32 lh, ll, rh, rl; - typedef BlockGetAndPut<word32, BigEndian> Block; - Block::Get(inBlock)(lh)(ll)(rh)(rl); - const word32 *ks = m_key.data(); - lh ^= KS(0,0); - ll ^= KS(0,1); - rh ^= KS(0,2); - rl ^= KS(0,3); - - // timing attack countermeasure. see comments at top for more details - const int cacheLineSize = GetCacheLineSize(); - unsigned int i; - word32 u = 0; - for (i=0; i<256; i+=cacheLineSize) - u &= *(const word32 *)(s1+i); - u &= *(const word32 *)(s1+252); - lh |= u; ll |= u; - - SLOW_ROUND(lh, ll, rh, rl, KS(1,0), KS(1,1)) - SLOW_ROUND(rh, rl, lh, ll, KS(1,2), KS(1,3)) - for (i = m_rounds-1; i > 0; --i) - { - DOUBLE_ROUND(lh, ll, rh, rl, KS(2,0), KS(2,1), KS(2,2), KS(2,3)) - DOUBLE_ROUND(lh, ll, rh, rl, KS(3,0), KS(3,1), KS(3,2), KS(3,3)) - FL(KS(4,0), KS(4,1), KS(4,2), KS(4,3)); - DOUBLE_ROUND(lh, ll, rh, rl, KS(5,0), KS(5,1), KS(5,2), KS(5,3)) - ks += 16; - } - DOUBLE_ROUND(lh, ll, rh, rl, KS(2,0), KS(2,1), KS(2,2), KS(2,3)) - ROUND(lh, ll, rh, rl, KS(3,0), KS(3,1)) - SLOW_ROUND(rh, rl, lh, ll, KS(3,2), KS(3,3)) - lh ^= KS(4,0); - ll ^= KS(4,1); - rh ^= KS(4,2); - rl ^= KS(4,3); - Block::Put(xorBlock, outBlock)(rh)(rl)(lh)(ll); -} - -// The Camellia s-boxes - -const byte Camellia::Base::s1[256] = -{ - 112,130,44,236,179,39,192,229,228,133,87,53,234,12,174,65, - 35,239,107,147,69,25,165,33,237,14,79,78,29,101,146,189, - 134,184,175,143,124,235,31,206,62,48,220,95,94,197,11,26, - 166,225,57,202,213,71,93,61,217,1,90,214,81,86,108,77, - 139,13,154,102,251,204,176,45,116,18,43,32,240,177,132,153, - 223,76,203,194,52,126,118,5,109,183,169,49,209,23,4,215, - 20,88,58,97,222,27,17,28,50,15,156,22,83,24,242,34, - 254,68,207,178,195,181,122,145,36,8,232,168,96,252,105,80, - 170,208,160,125,161,137,98,151,84,91,30,149,224,255,100,210, - 16,196,0,72,163,247,117,219,138,3,230,218,9,63,221,148, - 135,92,131,2,205,74,144,51,115,103,246,243,157,127,191,226, - 82,155,216,38,200,55,198,59,129,150,111,75,19,190,99,46, - 233,121,167,140,159,110,188,142,41,245,249,182,47,253,180,89, - 120,152,6,106,231,70,113,186,212,37,171,66,136,162,141,250, - 114,7,185,85,248,238,172,10,54,73,42,104,60,56,241,164, - 64,40,211,123,187,201,67,193,21,227,173,244,119,199,128,158 -}; - -const word32 Camellia::Base::SP[4][256] = { - { - 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, - 0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500, - 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, - 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, - 0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300, - 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, - 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, - 0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00, - 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, - 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, - 0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00, - 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, - 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, - 0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00, - 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, - 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, - 0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600, - 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, - 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, - 0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900, - 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, - 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, - 0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100, - 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, - 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, - 0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00, - 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, - 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, - 0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200, - 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, - 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, - 0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000, - 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, - 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, - 0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500, - 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, - 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, - 0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00, - 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, - 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, - 0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200, - 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, - 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, - 0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200, - 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, - 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, - 0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00, - 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, - 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, - 0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00, - 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, - 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, - 0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00, - 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, - 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, - 0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00, - 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, - 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, - 0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800, - 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, - 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, - 0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100, - 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, - 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00 - }, - { - 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, - 0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb, - 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, - 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, - 0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727, - 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, - 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, - 0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b, - 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, - 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, - 0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe, - 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, - 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, - 0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a, - 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, - 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, - 0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc, - 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, - 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, - 0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333, - 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, - 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, - 0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262, - 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, - 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, - 0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838, - 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, - 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, - 0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565, - 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, - 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, - 0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0, - 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, - 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, - 0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b, - 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, - 0x00202020, 0x00898989, 0x00000000, 0x00909090, - 0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7, - 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, - 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, - 0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404, - 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, - 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, - 0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5, - 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, - 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, - 0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696, - 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, - 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, - 0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d, - 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, - 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, - 0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4, - 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, - 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, - 0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5, - 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, - 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, - 0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0, - 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, - 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, - 0x00777777, 0x00939393, 0x00868686, 0x00838383, - 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, - 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d - }, - { - 0x38003838, 0x41004141, 0x16001616, 0x76007676, - 0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2, - 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, - 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, - 0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9, - 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, - 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, - 0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede, - 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, - 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, - 0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf, - 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, - 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, - 0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e, - 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, - 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, - 0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333, - 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, - 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, - 0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc, - 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, - 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, - 0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898, - 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, - 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, - 0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e, - 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, - 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, - 0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959, - 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, - 0x12001212, 0x04000404, 0x74007474, 0x54005454, - 0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828, - 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, - 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, - 0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca, - 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, - 0x08000808, 0x62006262, 0x00000000, 0x24002424, - 0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded, - 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, - 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, - 0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101, - 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, - 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, - 0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171, - 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, - 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, - 0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5, - 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, - 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, - 0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747, - 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, - 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, - 0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535, - 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, - 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, - 0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d, - 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, - 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, - 0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434, - 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, - 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, - 0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0, - 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, - 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f - }, - { - 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, - 0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae, - 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, - 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, - 0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f, - 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, - 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, - 0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c, - 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, - 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, - 0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076, - 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, - 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, - 0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2, - 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, - 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, - 0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062, - 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, - 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, - 0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd, - 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, - 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, - 0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6, - 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, - 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, - 0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4, - 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, - 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, - 0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac, - 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, - 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, - 0x15150015, 0xadad00ad, 0x77770077, 0x80800080, - 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, - 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, - 0xefef00ef, 0x93930093, 0x19190019, 0x21210021, - 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, - 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, - 0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a, - 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, - 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, - 0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d, - 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, - 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, - 0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7, - 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, - 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, - 0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091, - 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, - 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, - 0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2, - 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, - 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, - 0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033, - 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, - 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, - 0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e, - 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, - 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, - 0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba, - 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, - 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, - 0x49490049, 0x68680068, 0x38380038, 0xa4a400a4, - 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, - 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e - }}; - -NAMESPACE_END diff --git a/cryptopp562/camellia.h b/cryptopp562/camellia.h deleted file mode 100644 index d8700cb..0000000 --- a/cryptopp562/camellia.h +++ /dev/null @@ -1,47 +0,0 @@ -#ifndef CRYPTOPP_CAMELLIA_H -#define CRYPTOPP_CAMELLIA_H - -#include "config.h" - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Camellia_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8> -{ - static const char *StaticAlgorithmName() {return "Camellia";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#Camellia">Camellia</a> -class Camellia : public Camellia_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<Camellia_Info> - { - public: - void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - protected: - static const byte s1[256]; - static const word32 SP[4][256]; - - unsigned int m_rounds; - SecBlock<word32> m_key; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -typedef Camellia::Encryption CamelliaEncryption; -typedef Camellia::Decryption CamelliaDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cast.cpp b/cryptopp562/cast.cpp deleted file mode 100644 index ef0a5ef..0000000 --- a/cryptopp562/cast.cpp +++ /dev/null @@ -1,296 +0,0 @@ -// cast.cpp - written and placed in the public domain by Wei Dai and Leonard Janke -// based on Steve Reid's public domain cast.c - -#include "pch.h" -#include "cast.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -/* Macros to access 8-bit bytes out of a 32-bit word */ -#define U8a(x) GETBYTE(x,3) -#define U8b(x) GETBYTE(x,2) -#define U8c(x) GETBYTE(x,1) -#define U8d(x) GETBYTE(x,0) - -/* CAST uses three different round functions */ -#define f1(l, r, km, kr) \ - t = rotlVariable(km + r, kr); \ - l ^= ((S[0][U8a(t)] ^ S[1][U8b(t)]) - \ - S[2][U8c(t)]) + S[3][U8d(t)]; -#define f2(l, r, km, kr) \ - t = rotlVariable(km ^ r, kr); \ - l ^= ((S[0][U8a(t)] - S[1][U8b(t)]) + \ - S[2][U8c(t)]) ^ S[3][U8d(t)]; -#define f3(l, r, km, kr) \ - t = rotlVariable(km - r, kr); \ - l ^= ((S[0][U8a(t)] + S[1][U8b(t)]) ^ \ - S[2][U8c(t)]) - S[3][U8d(t)]; - -#define F1(l, r, i, j) f1(l, r, K[i], K[i+j]) -#define F2(l, r, i, j) f2(l, r, K[i], K[i+j]) -#define F3(l, r, i, j) f3(l, r, K[i], K[i+j]) - -typedef BlockGetAndPut<word32, BigEndian> Block; - -void CAST128::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 t, l, r; - - /* Get inblock into l,r */ - Block::Get(inBlock)(l)(r); - /* Do the work */ - F1(l, r, 0, 16); - F2(r, l, 1, 16); - F3(l, r, 2, 16); - F1(r, l, 3, 16); - F2(l, r, 4, 16); - F3(r, l, 5, 16); - F1(l, r, 6, 16); - F2(r, l, 7, 16); - F3(l, r, 8, 16); - F1(r, l, 9, 16); - F2(l, r, 10, 16); - F3(r, l, 11, 16); - /* Only do full 16 rounds if key length > 80 bits */ - if (!reduced) { - F1(l, r, 12, 16); - F2(r, l, 13, 16); - F3(l, r, 14, 16); - F1(r, l, 15, 16); - } - /* Put l,r into outblock */ - Block::Put(xorBlock, outBlock)(r)(l); -} - -void CAST128::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 t, l, r; - - /* Get inblock into l,r */ - Block::Get(inBlock)(r)(l); - /* Only do full 16 rounds if key length > 80 bits */ - if (!reduced) { - F1(r, l, 15, 16); - F3(l, r, 14, 16); - F2(r, l, 13, 16); - F1(l, r, 12, 16); - } - F3(r, l, 11, 16); - F2(l, r, 10, 16); - F1(r, l, 9, 16); - F3(l, r, 8, 16); - F2(r, l, 7, 16); - F1(l, r, 6, 16); - F3(r, l, 5, 16); - F2(l, r, 4, 16); - F1(r, l, 3, 16); - F3(l, r, 2, 16); - F2(r, l, 1, 16); - F1(l, r, 0, 16); - /* Put l,r into outblock */ - Block::Put(xorBlock, outBlock)(l)(r); - /* Wipe clean */ - t = l = r = 0; -} - -void CAST128::Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &) -{ - AssertValidKeyLength(keylength); - - reduced = (keylength <= 10); - - word32 X[4], Z[4]; - GetUserKey(BIG_ENDIAN_ORDER, X, 4, userKey, keylength); - -#define x(i) GETBYTE(X[i/4], 3-i%4) -#define z(i) GETBYTE(Z[i/4], 3-i%4) - - unsigned int i; - for (i=0; i<=16; i+=16) - { - // this part is copied directly from RFC 2144 (with some search and replace) by Wei Dai - Z[0] = X[0] ^ S[4][x(0xD)] ^ S[5][x(0xF)] ^ S[6][x(0xC)] ^ S[7][x(0xE)] ^ S[6][x(0x8)]; - Z[1] = X[2] ^ S[4][z(0x0)] ^ S[5][z(0x2)] ^ S[6][z(0x1)] ^ S[7][z(0x3)] ^ S[7][x(0xA)]; - Z[2] = X[3] ^ S[4][z(0x7)] ^ S[5][z(0x6)] ^ S[6][z(0x5)] ^ S[7][z(0x4)] ^ S[4][x(0x9)]; - Z[3] = X[1] ^ S[4][z(0xA)] ^ S[5][z(0x9)] ^ S[6][z(0xB)] ^ S[7][z(0x8)] ^ S[5][x(0xB)]; - K[i+0] = S[4][z(0x8)] ^ S[5][z(0x9)] ^ S[6][z(0x7)] ^ S[7][z(0x6)] ^ S[4][z(0x2)]; - K[i+1] = S[4][z(0xA)] ^ S[5][z(0xB)] ^ S[6][z(0x5)] ^ S[7][z(0x4)] ^ S[5][z(0x6)]; - K[i+2] = S[4][z(0xC)] ^ S[5][z(0xD)] ^ S[6][z(0x3)] ^ S[7][z(0x2)] ^ S[6][z(0x9)]; - K[i+3] = S[4][z(0xE)] ^ S[5][z(0xF)] ^ S[6][z(0x1)] ^ S[7][z(0x0)] ^ S[7][z(0xC)]; - X[0] = Z[2] ^ S[4][z(0x5)] ^ S[5][z(0x7)] ^ S[6][z(0x4)] ^ S[7][z(0x6)] ^ S[6][z(0x0)]; - X[1] = Z[0] ^ S[4][x(0x0)] ^ S[5][x(0x2)] ^ S[6][x(0x1)] ^ S[7][x(0x3)] ^ S[7][z(0x2)]; - X[2] = Z[1] ^ S[4][x(0x7)] ^ S[5][x(0x6)] ^ S[6][x(0x5)] ^ S[7][x(0x4)] ^ S[4][z(0x1)]; - X[3] = Z[3] ^ S[4][x(0xA)] ^ S[5][x(0x9)] ^ S[6][x(0xB)] ^ S[7][x(0x8)] ^ S[5][z(0x3)]; - K[i+4] = S[4][x(0x3)] ^ S[5][x(0x2)] ^ S[6][x(0xC)] ^ S[7][x(0xD)] ^ S[4][x(0x8)]; - K[i+5] = S[4][x(0x1)] ^ S[5][x(0x0)] ^ S[6][x(0xE)] ^ S[7][x(0xF)] ^ S[5][x(0xD)]; - K[i+6] = S[4][x(0x7)] ^ S[5][x(0x6)] ^ S[6][x(0x8)] ^ S[7][x(0x9)] ^ S[6][x(0x3)]; - K[i+7] = S[4][x(0x5)] ^ S[5][x(0x4)] ^ S[6][x(0xA)] ^ S[7][x(0xB)] ^ S[7][x(0x7)]; - Z[0] = X[0] ^ S[4][x(0xD)] ^ S[5][x(0xF)] ^ S[6][x(0xC)] ^ S[7][x(0xE)] ^ S[6][x(0x8)]; - Z[1] = X[2] ^ S[4][z(0x0)] ^ S[5][z(0x2)] ^ S[6][z(0x1)] ^ S[7][z(0x3)] ^ S[7][x(0xA)]; - Z[2] = X[3] ^ S[4][z(0x7)] ^ S[5][z(0x6)] ^ S[6][z(0x5)] ^ S[7][z(0x4)] ^ S[4][x(0x9)]; - Z[3] = X[1] ^ S[4][z(0xA)] ^ S[5][z(0x9)] ^ S[6][z(0xB)] ^ S[7][z(0x8)] ^ S[5][x(0xB)]; - K[i+8] = S[4][z(0x3)] ^ S[5][z(0x2)] ^ S[6][z(0xC)] ^ S[7][z(0xD)] ^ S[4][z(0x9)]; - K[i+9] = S[4][z(0x1)] ^ S[5][z(0x0)] ^ S[6][z(0xE)] ^ S[7][z(0xF)] ^ S[5][z(0xC)]; - K[i+10] = S[4][z(0x7)] ^ S[5][z(0x6)] ^ S[6][z(0x8)] ^ S[7][z(0x9)] ^ S[6][z(0x2)]; - K[i+11] = S[4][z(0x5)] ^ S[5][z(0x4)] ^ S[6][z(0xA)] ^ S[7][z(0xB)] ^ S[7][z(0x6)]; - X[0] = Z[2] ^ S[4][z(0x5)] ^ S[5][z(0x7)] ^ S[6][z(0x4)] ^ S[7][z(0x6)] ^ S[6][z(0x0)]; - X[1] = Z[0] ^ S[4][x(0x0)] ^ S[5][x(0x2)] ^ S[6][x(0x1)] ^ S[7][x(0x3)] ^ S[7][z(0x2)]; - X[2] = Z[1] ^ S[4][x(0x7)] ^ S[5][x(0x6)] ^ S[6][x(0x5)] ^ S[7][x(0x4)] ^ S[4][z(0x1)]; - X[3] = Z[3] ^ S[4][x(0xA)] ^ S[5][x(0x9)] ^ S[6][x(0xB)] ^ S[7][x(0x8)] ^ S[5][z(0x3)]; - K[i+12] = S[4][x(0x8)] ^ S[5][x(0x9)] ^ S[6][x(0x7)] ^ S[7][x(0x6)] ^ S[4][x(0x3)]; - K[i+13] = S[4][x(0xA)] ^ S[5][x(0xB)] ^ S[6][x(0x5)] ^ S[7][x(0x4)] ^ S[5][x(0x7)]; - K[i+14] = S[4][x(0xC)] ^ S[5][x(0xD)] ^ S[6][x(0x3)] ^ S[7][x(0x2)] ^ S[6][x(0x8)]; - K[i+15] = S[4][x(0xE)] ^ S[5][x(0xF)] ^ S[6][x(0x1)] ^ S[7][x(0x0)] ^ S[7][x(0xD)]; - } - - for (i=16; i<32; i++) - K[i] &= 0x1f; -} - -// The following CAST-256 implementation was contributed by Leonard Janke - -const word32 CAST256::Base::t_m[8][24]={ -{ 0x5a827999, 0xd151d6a1, 0x482133a9, 0xbef090b1, 0x35bfedb9, 0xac8f4ac1, - 0x235ea7c9, 0x9a2e04d1, 0x10fd61d9, 0x87ccbee1, 0xfe9c1be9, 0x756b78f1, - 0xec3ad5f9, 0x630a3301, 0xd9d99009, 0x50a8ed11, 0xc7784a19, 0x3e47a721, - 0xb5170429, 0x2be66131, 0xa2b5be39, 0x19851b41, 0x90547849, 0x0723d551}, -{ 0xc95c653a, 0x402bc242, 0xb6fb1f4a, 0x2dca7c52, 0xa499d95a, 0x1b693662, - 0x9238936a, 0x0907f072, 0x7fd74d7a, 0xf6a6aa82, 0x6d76078a, 0xe4456492, - 0x5b14c19a, 0xd1e41ea2, 0x48b37baa, 0xbf82d8b2, 0x365235ba, 0xad2192c2, - 0x23f0efca, 0x9ac04cd2, 0x118fa9da, 0x885f06e2, 0xff2e63ea, 0x75fdc0f2}, -{ 0x383650db, 0xaf05ade3, 0x25d50aeb, 0x9ca467f3, 0x1373c4fb, 0x8a432203, - 0x01127f0b, 0x77e1dc13, 0xeeb1391b, 0x65809623, 0xdc4ff32b, 0x531f5033, - 0xc9eead3b, 0x40be0a43, 0xb78d674b, 0x2e5cc453, 0xa52c215b, 0x1bfb7e63, - 0x92cadb6b, 0x099a3873, 0x8069957b, 0xf738f283, 0x6e084f8b, 0xe4d7ac93}, -{ 0xa7103c7c, 0x1ddf9984, 0x94aef68c, 0x0b7e5394, 0x824db09c, 0xf91d0da4, - 0x6fec6aac, 0xe6bbc7b4, 0x5d8b24bc, 0xd45a81c4, 0x4b29decc, 0xc1f93bd4, - 0x38c898dc, 0xaf97f5e4, 0x266752ec, 0x9d36aff4, 0x14060cfc, 0x8ad56a04, - 0x01a4c70c, 0x78742414, 0xef43811c, 0x6612de24, 0xdce23b2c, 0x53b19834}, -{ 0x15ea281d, 0x8cb98525, 0x0388e22d, 0x7a583f35, 0xf1279c3d, 0x67f6f945, - 0xdec6564d, 0x5595b355, 0xcc65105d, 0x43346d65, 0xba03ca6d, 0x30d32775, - 0xa7a2847d, 0x1e71e185, 0x95413e8d, 0x0c109b95, 0x82dff89d, 0xf9af55a5, - 0x707eb2ad, 0xe74e0fb5, 0x5e1d6cbd, 0xd4ecc9c5, 0x4bbc26cd, 0xc28b83d5}, -{ 0x84c413be, 0xfb9370c6, 0x7262cdce, 0xe9322ad6, 0x600187de, 0xd6d0e4e6, - 0x4da041ee, 0xc46f9ef6, 0x3b3efbfe, 0xb20e5906, 0x28ddb60e, 0x9fad1316, - 0x167c701e, 0x8d4bcd26, 0x041b2a2e, 0x7aea8736, 0xf1b9e43e, 0x68894146, - 0xdf589e4e, 0x5627fb56, 0xccf7585e, 0x43c6b566, 0xba96126e, 0x31656f76}, -{ 0xf39dff5f, 0x6a6d5c67, 0xe13cb96f, 0x580c1677, 0xcedb737f, 0x45aad087, - 0xbc7a2d8f, 0x33498a97, 0xaa18e79f, 0x20e844a7, 0x97b7a1af, 0x0e86feb7, - 0x85565bbf, 0xfc25b8c7, 0x72f515cf, 0xe9c472d7, 0x6093cfdf, 0xd7632ce7, - 0x4e3289ef, 0xc501e6f7, 0x3bd143ff, 0xb2a0a107, 0x296ffe0f, 0xa03f5b17}, -{ 0x6277eb00, 0xd9474808, 0x5016a510, 0xc6e60218, 0x3db55f20, 0xb484bc28, - 0x2b541930, 0xa2237638, 0x18f2d340, 0x8fc23048, 0x06918d50, 0x7d60ea58, - 0xf4304760, 0x6affa468, 0xe1cf0170, 0x589e5e78, 0xcf6dbb80, 0x463d1888, - 0xbd0c7590, 0x33dbd298, 0xaaab2fa0, 0x217a8ca8, 0x9849e9b0, 0x0f1946b8} -}; - -const unsigned int CAST256::Base::t_r[8][24]={ - {19, 27, 3, 11, 19, 27, 3, 11, 19, 27, 3, 11, 19, 27, 3, 11, 19, 27, 3, 11, 19, 27, 3, 11}, - {4, 12, 20, 28, 4, 12, 20, 28, 4, 12, 20, 28, 4, 12, 20, 28, 4, 12, 20, 28, 4, 12, 20, 28}, - {21, 29, 5, 13, 21, 29, 5, 13, 21, 29, 5, 13, 21, 29, 5, 13, 21, 29, 5, 13, 21, 29, 5, 13}, - {6, 14, 22, 30, 6, 14, 22, 30, 6, 14, 22, 30, 6, 14, 22, 30, 6, 14, 22, 30, 6, 14, 22, 30}, - {23, 31, 7, 15, 23, 31, 7, 15, 23, 31, 7, 15, 23, 31, 7, 15, 23, 31, 7, 15, 23, 31, 7, 15}, - {8, 16, 24, 0, 8, 16, 24, 0, 8, 16, 24, 0, 8, 16, 24, 0, 8, 16, 24, 0, 8, 16, 24, 0}, - {25, 1, 9, 17, 25, 1, 9, 17, 25, 1, 9, 17, 25, 1, 9, 17, 25, 1, 9, 17, 25, 1, 9, 17}, - {10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2} -}; - -#define Q(i) \ - F1(block[2],block[3],8*i+4,-4); \ - F2(block[1],block[2],8*i+5,-4); \ - F3(block[0],block[1],8*i+6,-4); \ - F1(block[3],block[0],8*i+7,-4); - -#define QBar(i) \ - F1(block[3],block[0],8*i+7,-4); \ - F3(block[0],block[1],8*i+6,-4); \ - F2(block[1],block[2],8*i+5,-4); \ - F1(block[2],block[3],8*i+4,-4); - -/* CAST256's encrypt/decrypt functions are identical except for the order that -the keys are used */ - -void CAST256::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 t, block[4]; - Block::Get(inBlock)(block[0])(block[1])(block[2])(block[3]); - - // Perform 6 forward quad rounds - Q(0); - Q(1); - Q(2); - Q(3); - Q(4); - Q(5); - - // Perform 6 reverse quad rounds - QBar(6); - QBar(7); - QBar(8); - QBar(9); - QBar(10); - QBar(11); - - Block::Put(xorBlock, outBlock)(block[0])(block[1])(block[2])(block[3]); -} - -/* Set up a CAST-256 key */ - -void CAST256::Base::Omega(int i, word32 kappa[8]) -{ - word32 t; - - f1(kappa[6],kappa[7],t_m[0][i],t_r[0][i]); - f2(kappa[5],kappa[6],t_m[1][i],t_r[1][i]); - f3(kappa[4],kappa[5],t_m[2][i],t_r[2][i]); - f1(kappa[3],kappa[4],t_m[3][i],t_r[3][i]); - f2(kappa[2],kappa[3],t_m[4][i],t_r[4][i]); - f3(kappa[1],kappa[2],t_m[5][i],t_r[5][i]); - f1(kappa[0],kappa[1],t_m[6][i],t_r[6][i]); - f2(kappa[7],kappa[0],t_m[7][i],t_r[7][i]); -} - -void CAST256::Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &) -{ - AssertValidKeyLength(keylength); - - word32 kappa[8]; - GetUserKey(BIG_ENDIAN_ORDER, kappa, 8, userKey, keylength); - - for(int i=0; i<12; ++i) - { - Omega(2*i,kappa); - Omega(2*i+1,kappa); - - K[8*i]=kappa[0] & 31; - K[8*i+1]=kappa[2] & 31; - K[8*i+2]=kappa[4] & 31; - K[8*i+3]=kappa[6] & 31; - K[8*i+4]=kappa[7]; - K[8*i+5]=kappa[5]; - K[8*i+6]=kappa[3]; - K[8*i+7]=kappa[1]; - } - - if (!IsForwardTransformation()) - { - for(int j=0; j<6; ++j) - { - for(int i=0; i<4; ++i) - { - int i1=8*j+i; - int i2=8*(11-j)+i; - - assert(i1<i2); - - std::swap(K[i1],K[i2]); - std::swap(K[i1+4],K[i2+4]); - } - } - } - - memset(kappa, 0, sizeof(kappa)); -} - -NAMESPACE_END diff --git a/cryptopp562/cast.h b/cryptopp562/cast.h deleted file mode 100644 index 98bb5d6..0000000 --- a/cryptopp562/cast.h +++ /dev/null @@ -1,91 +0,0 @@ -#ifndef CRYPTOPP_CAST_H -#define CRYPTOPP_CAST_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -class CAST -{ -protected: - static const word32 S[8][256]; -}; - -//! algorithm info -struct CAST128_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 5, 16> -{ - static const char *StaticAlgorithmName() {return "CAST-128";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#CAST-128">CAST-128</a> -class CAST128 : public CAST128_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public CAST, public BlockCipherImpl<CAST128_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - bool reduced; - FixedSizeSecBlock<word32, 32> K; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -//! algorithm info -struct CAST256_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32> -{ - static const char *StaticAlgorithmName() {return "CAST-256";} -}; - -//! <a href="http://www.weidai.com/scan-mirror/cs.html#CAST-256">CAST-256</a> -class CAST256 : public CAST256_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public CAST, public BlockCipherImpl<CAST256_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - protected: - static const word32 t_m[8][24]; - static const unsigned int t_r[8][24]; - - static void Omega(int i, word32 kappa[8]); - - FixedSizeSecBlock<word32, 8*12> K; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -typedef CAST128::Encryption CAST128Encryption; -typedef CAST128::Decryption CAST128Decryption; - -typedef CAST256::Encryption CAST256Encryption; -typedef CAST256::Decryption CAST256Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/casts.cpp b/cryptopp562/casts.cpp deleted file mode 100644 index 16fa2b1..0000000 --- a/cryptopp562/casts.cpp +++ /dev/null @@ -1,545 +0,0 @@ -#include "pch.h" -#include "cast.h" - -NAMESPACE_BEGIN(CryptoPP) - -// CAST S-boxes - -const word32 CAST::S[8][256] = { -{ - 0x30FB40D4UL, 0x9FA0FF0BUL, 0x6BECCD2FUL, 0x3F258C7AUL, - 0x1E213F2FUL, 0x9C004DD3UL, 0x6003E540UL, 0xCF9FC949UL, - 0xBFD4AF27UL, 0x88BBBDB5UL, 0xE2034090UL, 0x98D09675UL, - 0x6E63A0E0UL, 0x15C361D2UL, 0xC2E7661DUL, 0x22D4FF8EUL, - 0x28683B6FUL, 0xC07FD059UL, 0xFF2379C8UL, 0x775F50E2UL, - 0x43C340D3UL, 0xDF2F8656UL, 0x887CA41AUL, 0xA2D2BD2DUL, - 0xA1C9E0D6UL, 0x346C4819UL, 0x61B76D87UL, 0x22540F2FUL, - 0x2ABE32E1UL, 0xAA54166BUL, 0x22568E3AUL, 0xA2D341D0UL, - 0x66DB40C8UL, 0xA784392FUL, 0x004DFF2FUL, 0x2DB9D2DEUL, - 0x97943FACUL, 0x4A97C1D8UL, 0x527644B7UL, 0xB5F437A7UL, - 0xB82CBAEFUL, 0xD751D159UL, 0x6FF7F0EDUL, 0x5A097A1FUL, - 0x827B68D0UL, 0x90ECF52EUL, 0x22B0C054UL, 0xBC8E5935UL, - 0x4B6D2F7FUL, 0x50BB64A2UL, 0xD2664910UL, 0xBEE5812DUL, - 0xB7332290UL, 0xE93B159FUL, 0xB48EE411UL, 0x4BFF345DUL, - 0xFD45C240UL, 0xAD31973FUL, 0xC4F6D02EUL, 0x55FC8165UL, - 0xD5B1CAADUL, 0xA1AC2DAEUL, 0xA2D4B76DUL, 0xC19B0C50UL, - 0x882240F2UL, 0x0C6E4F38UL, 0xA4E4BFD7UL, 0x4F5BA272UL, - 0x564C1D2FUL, 0xC59C5319UL, 0xB949E354UL, 0xB04669FEUL, - 0xB1B6AB8AUL, 0xC71358DDUL, 0x6385C545UL, 0x110F935DUL, - 0x57538AD5UL, 0x6A390493UL, 0xE63D37E0UL, 0x2A54F6B3UL, - 0x3A787D5FUL, 0x6276A0B5UL, 0x19A6FCDFUL, 0x7A42206AUL, - 0x29F9D4D5UL, 0xF61B1891UL, 0xBB72275EUL, 0xAA508167UL, - 0x38901091UL, 0xC6B505EBUL, 0x84C7CB8CUL, 0x2AD75A0FUL, - 0x874A1427UL, 0xA2D1936BUL, 0x2AD286AFUL, 0xAA56D291UL, - 0xD7894360UL, 0x425C750DUL, 0x93B39E26UL, 0x187184C9UL, - 0x6C00B32DUL, 0x73E2BB14UL, 0xA0BEBC3CUL, 0x54623779UL, - 0x64459EABUL, 0x3F328B82UL, 0x7718CF82UL, 0x59A2CEA6UL, - 0x04EE002EUL, 0x89FE78E6UL, 0x3FAB0950UL, 0x325FF6C2UL, - 0x81383F05UL, 0x6963C5C8UL, 0x76CB5AD6UL, 0xD49974C9UL, - 0xCA180DCFUL, 0x380782D5UL, 0xC7FA5CF6UL, 0x8AC31511UL, - 0x35E79E13UL, 0x47DA91D0UL, 0xF40F9086UL, 0xA7E2419EUL, - 0x31366241UL, 0x051EF495UL, 0xAA573B04UL, 0x4A805D8DUL, - 0x548300D0UL, 0x00322A3CUL, 0xBF64CDDFUL, 0xBA57A68EUL, - 0x75C6372BUL, 0x50AFD341UL, 0xA7C13275UL, 0x915A0BF5UL, - 0x6B54BFABUL, 0x2B0B1426UL, 0xAB4CC9D7UL, 0x449CCD82UL, - 0xF7FBF265UL, 0xAB85C5F3UL, 0x1B55DB94UL, 0xAAD4E324UL, - 0xCFA4BD3FUL, 0x2DEAA3E2UL, 0x9E204D02UL, 0xC8BD25ACUL, - 0xEADF55B3UL, 0xD5BD9E98UL, 0xE31231B2UL, 0x2AD5AD6CUL, - 0x954329DEUL, 0xADBE4528UL, 0xD8710F69UL, 0xAA51C90FUL, - 0xAA786BF6UL, 0x22513F1EUL, 0xAA51A79BUL, 0x2AD344CCUL, - 0x7B5A41F0UL, 0xD37CFBADUL, 0x1B069505UL, 0x41ECE491UL, - 0xB4C332E6UL, 0x032268D4UL, 0xC9600ACCUL, 0xCE387E6DUL, - 0xBF6BB16CUL, 0x6A70FB78UL, 0x0D03D9C9UL, 0xD4DF39DEUL, - 0xE01063DAUL, 0x4736F464UL, 0x5AD328D8UL, 0xB347CC96UL, - 0x75BB0FC3UL, 0x98511BFBUL, 0x4FFBCC35UL, 0xB58BCF6AUL, - 0xE11F0ABCUL, 0xBFC5FE4AUL, 0xA70AEC10UL, 0xAC39570AUL, - 0x3F04442FUL, 0x6188B153UL, 0xE0397A2EUL, 0x5727CB79UL, - 0x9CEB418FUL, 0x1CACD68DUL, 0x2AD37C96UL, 0x0175CB9DUL, - 0xC69DFF09UL, 0xC75B65F0UL, 0xD9DB40D8UL, 0xEC0E7779UL, - 0x4744EAD4UL, 0xB11C3274UL, 0xDD24CB9EUL, 0x7E1C54BDUL, - 0xF01144F9UL, 0xD2240EB1UL, 0x9675B3FDUL, 0xA3AC3755UL, - 0xD47C27AFUL, 0x51C85F4DUL, 0x56907596UL, 0xA5BB15E6UL, - 0x580304F0UL, 0xCA042CF1UL, 0x011A37EAUL, 0x8DBFAADBUL, - 0x35BA3E4AUL, 0x3526FFA0UL, 0xC37B4D09UL, 0xBC306ED9UL, - 0x98A52666UL, 0x5648F725UL, 0xFF5E569DUL, 0x0CED63D0UL, - 0x7C63B2CFUL, 0x700B45E1UL, 0xD5EA50F1UL, 0x85A92872UL, - 0xAF1FBDA7UL, 0xD4234870UL, 0xA7870BF3UL, 0x2D3B4D79UL, - 0x42E04198UL, 0x0CD0EDE7UL, 0x26470DB8UL, 0xF881814CUL, - 0x474D6AD7UL, 0x7C0C5E5CUL, 0xD1231959UL, 0x381B7298UL, - 0xF5D2F4DBUL, 0xAB838653UL, 0x6E2F1E23UL, 0x83719C9EUL, - 0xBD91E046UL, 0x9A56456EUL, 0xDC39200CUL, 0x20C8C571UL, - 0x962BDA1CUL, 0xE1E696FFUL, 0xB141AB08UL, 0x7CCA89B9UL, - 0x1A69E783UL, 0x02CC4843UL, 0xA2F7C579UL, 0x429EF47DUL, - 0x427B169CUL, 0x5AC9F049UL, 0xDD8F0F00UL, 0x5C8165BFUL -}, - -{ - 0x1F201094UL, 0xEF0BA75BUL, 0x69E3CF7EUL, 0x393F4380UL, - 0xFE61CF7AUL, 0xEEC5207AUL, 0x55889C94UL, 0x72FC0651UL, - 0xADA7EF79UL, 0x4E1D7235UL, 0xD55A63CEUL, 0xDE0436BAUL, - 0x99C430EFUL, 0x5F0C0794UL, 0x18DCDB7DUL, 0xA1D6EFF3UL, - 0xA0B52F7BUL, 0x59E83605UL, 0xEE15B094UL, 0xE9FFD909UL, - 0xDC440086UL, 0xEF944459UL, 0xBA83CCB3UL, 0xE0C3CDFBUL, - 0xD1DA4181UL, 0x3B092AB1UL, 0xF997F1C1UL, 0xA5E6CF7BUL, - 0x01420DDBUL, 0xE4E7EF5BUL, 0x25A1FF41UL, 0xE180F806UL, - 0x1FC41080UL, 0x179BEE7AUL, 0xD37AC6A9UL, 0xFE5830A4UL, - 0x98DE8B7FUL, 0x77E83F4EUL, 0x79929269UL, 0x24FA9F7BUL, - 0xE113C85BUL, 0xACC40083UL, 0xD7503525UL, 0xF7EA615FUL, - 0x62143154UL, 0x0D554B63UL, 0x5D681121UL, 0xC866C359UL, - 0x3D63CF73UL, 0xCEE234C0UL, 0xD4D87E87UL, 0x5C672B21UL, - 0x071F6181UL, 0x39F7627FUL, 0x361E3084UL, 0xE4EB573BUL, - 0x602F64A4UL, 0xD63ACD9CUL, 0x1BBC4635UL, 0x9E81032DUL, - 0x2701F50CUL, 0x99847AB4UL, 0xA0E3DF79UL, 0xBA6CF38CUL, - 0x10843094UL, 0x2537A95EUL, 0xF46F6FFEUL, 0xA1FF3B1FUL, - 0x208CFB6AUL, 0x8F458C74UL, 0xD9E0A227UL, 0x4EC73A34UL, - 0xFC884F69UL, 0x3E4DE8DFUL, 0xEF0E0088UL, 0x3559648DUL, - 0x8A45388CUL, 0x1D804366UL, 0x721D9BFDUL, 0xA58684BBUL, - 0xE8256333UL, 0x844E8212UL, 0x128D8098UL, 0xFED33FB4UL, - 0xCE280AE1UL, 0x27E19BA5UL, 0xD5A6C252UL, 0xE49754BDUL, - 0xC5D655DDUL, 0xEB667064UL, 0x77840B4DUL, 0xA1B6A801UL, - 0x84DB26A9UL, 0xE0B56714UL, 0x21F043B7UL, 0xE5D05860UL, - 0x54F03084UL, 0x066FF472UL, 0xA31AA153UL, 0xDADC4755UL, - 0xB5625DBFUL, 0x68561BE6UL, 0x83CA6B94UL, 0x2D6ED23BUL, - 0xECCF01DBUL, 0xA6D3D0BAUL, 0xB6803D5CUL, 0xAF77A709UL, - 0x33B4A34CUL, 0x397BC8D6UL, 0x5EE22B95UL, 0x5F0E5304UL, - 0x81ED6F61UL, 0x20E74364UL, 0xB45E1378UL, 0xDE18639BUL, - 0x881CA122UL, 0xB96726D1UL, 0x8049A7E8UL, 0x22B7DA7BUL, - 0x5E552D25UL, 0x5272D237UL, 0x79D2951CUL, 0xC60D894CUL, - 0x488CB402UL, 0x1BA4FE5BUL, 0xA4B09F6BUL, 0x1CA815CFUL, - 0xA20C3005UL, 0x8871DF63UL, 0xB9DE2FCBUL, 0x0CC6C9E9UL, - 0x0BEEFF53UL, 0xE3214517UL, 0xB4542835UL, 0x9F63293CUL, - 0xEE41E729UL, 0x6E1D2D7CUL, 0x50045286UL, 0x1E6685F3UL, - 0xF33401C6UL, 0x30A22C95UL, 0x31A70850UL, 0x60930F13UL, - 0x73F98417UL, 0xA1269859UL, 0xEC645C44UL, 0x52C877A9UL, - 0xCDFF33A6UL, 0xA02B1741UL, 0x7CBAD9A2UL, 0x2180036FUL, - 0x50D99C08UL, 0xCB3F4861UL, 0xC26BD765UL, 0x64A3F6ABUL, - 0x80342676UL, 0x25A75E7BUL, 0xE4E6D1FCUL, 0x20C710E6UL, - 0xCDF0B680UL, 0x17844D3BUL, 0x31EEF84DUL, 0x7E0824E4UL, - 0x2CCB49EBUL, 0x846A3BAEUL, 0x8FF77888UL, 0xEE5D60F6UL, - 0x7AF75673UL, 0x2FDD5CDBUL, 0xA11631C1UL, 0x30F66F43UL, - 0xB3FAEC54UL, 0x157FD7FAUL, 0xEF8579CCUL, 0xD152DE58UL, - 0xDB2FFD5EUL, 0x8F32CE19UL, 0x306AF97AUL, 0x02F03EF8UL, - 0x99319AD5UL, 0xC242FA0FUL, 0xA7E3EBB0UL, 0xC68E4906UL, - 0xB8DA230CUL, 0x80823028UL, 0xDCDEF3C8UL, 0xD35FB171UL, - 0x088A1BC8UL, 0xBEC0C560UL, 0x61A3C9E8UL, 0xBCA8F54DUL, - 0xC72FEFFAUL, 0x22822E99UL, 0x82C570B4UL, 0xD8D94E89UL, - 0x8B1C34BCUL, 0x301E16E6UL, 0x273BE979UL, 0xB0FFEAA6UL, - 0x61D9B8C6UL, 0x00B24869UL, 0xB7FFCE3FUL, 0x08DC283BUL, - 0x43DAF65AUL, 0xF7E19798UL, 0x7619B72FUL, 0x8F1C9BA4UL, - 0xDC8637A0UL, 0x16A7D3B1UL, 0x9FC393B7UL, 0xA7136EEBUL, - 0xC6BCC63EUL, 0x1A513742UL, 0xEF6828BCUL, 0x520365D6UL, - 0x2D6A77ABUL, 0x3527ED4BUL, 0x821FD216UL, 0x095C6E2EUL, - 0xDB92F2FBUL, 0x5EEA29CBUL, 0x145892F5UL, 0x91584F7FUL, - 0x5483697BUL, 0x2667A8CCUL, 0x85196048UL, 0x8C4BACEAUL, - 0x833860D4UL, 0x0D23E0F9UL, 0x6C387E8AUL, 0x0AE6D249UL, - 0xB284600CUL, 0xD835731DUL, 0xDCB1C647UL, 0xAC4C56EAUL, - 0x3EBD81B3UL, 0x230EABB0UL, 0x6438BC87UL, 0xF0B5B1FAUL, - 0x8F5EA2B3UL, 0xFC184642UL, 0x0A036B7AUL, 0x4FB089BDUL, - 0x649DA589UL, 0xA345415EUL, 0x5C038323UL, 0x3E5D3BB9UL, - 0x43D79572UL, 0x7E6DD07CUL, 0x06DFDF1EUL, 0x6C6CC4EFUL, - 0x7160A539UL, 0x73BFBE70UL, 0x83877605UL, 0x4523ECF1UL -}, - -{ - 0x8DEFC240UL, 0x25FA5D9FUL, 0xEB903DBFUL, 0xE810C907UL, - 0x47607FFFUL, 0x369FE44BUL, 0x8C1FC644UL, 0xAECECA90UL, - 0xBEB1F9BFUL, 0xEEFBCAEAUL, 0xE8CF1950UL, 0x51DF07AEUL, - 0x920E8806UL, 0xF0AD0548UL, 0xE13C8D83UL, 0x927010D5UL, - 0x11107D9FUL, 0x07647DB9UL, 0xB2E3E4D4UL, 0x3D4F285EUL, - 0xB9AFA820UL, 0xFADE82E0UL, 0xA067268BUL, 0x8272792EUL, - 0x553FB2C0UL, 0x489AE22BUL, 0xD4EF9794UL, 0x125E3FBCUL, - 0x21FFFCEEUL, 0x825B1BFDUL, 0x9255C5EDUL, 0x1257A240UL, - 0x4E1A8302UL, 0xBAE07FFFUL, 0x528246E7UL, 0x8E57140EUL, - 0x3373F7BFUL, 0x8C9F8188UL, 0xA6FC4EE8UL, 0xC982B5A5UL, - 0xA8C01DB7UL, 0x579FC264UL, 0x67094F31UL, 0xF2BD3F5FUL, - 0x40FFF7C1UL, 0x1FB78DFCUL, 0x8E6BD2C1UL, 0x437BE59BUL, - 0x99B03DBFUL, 0xB5DBC64BUL, 0x638DC0E6UL, 0x55819D99UL, - 0xA197C81CUL, 0x4A012D6EUL, 0xC5884A28UL, 0xCCC36F71UL, - 0xB843C213UL, 0x6C0743F1UL, 0x8309893CUL, 0x0FEDDD5FUL, - 0x2F7FE850UL, 0xD7C07F7EUL, 0x02507FBFUL, 0x5AFB9A04UL, - 0xA747D2D0UL, 0x1651192EUL, 0xAF70BF3EUL, 0x58C31380UL, - 0x5F98302EUL, 0x727CC3C4UL, 0x0A0FB402UL, 0x0F7FEF82UL, - 0x8C96FDADUL, 0x5D2C2AAEUL, 0x8EE99A49UL, 0x50DA88B8UL, - 0x8427F4A0UL, 0x1EAC5790UL, 0x796FB449UL, 0x8252DC15UL, - 0xEFBD7D9BUL, 0xA672597DUL, 0xADA840D8UL, 0x45F54504UL, - 0xFA5D7403UL, 0xE83EC305UL, 0x4F91751AUL, 0x925669C2UL, - 0x23EFE941UL, 0xA903F12EUL, 0x60270DF2UL, 0x0276E4B6UL, - 0x94FD6574UL, 0x927985B2UL, 0x8276DBCBUL, 0x02778176UL, - 0xF8AF918DUL, 0x4E48F79EUL, 0x8F616DDFUL, 0xE29D840EUL, - 0x842F7D83UL, 0x340CE5C8UL, 0x96BBB682UL, 0x93B4B148UL, - 0xEF303CABUL, 0x984FAF28UL, 0x779FAF9BUL, 0x92DC560DUL, - 0x224D1E20UL, 0x8437AA88UL, 0x7D29DC96UL, 0x2756D3DCUL, - 0x8B907CEEUL, 0xB51FD240UL, 0xE7C07CE3UL, 0xE566B4A1UL, - 0xC3E9615EUL, 0x3CF8209DUL, 0x6094D1E3UL, 0xCD9CA341UL, - 0x5C76460EUL, 0x00EA983BUL, 0xD4D67881UL, 0xFD47572CUL, - 0xF76CEDD9UL, 0xBDA8229CUL, 0x127DADAAUL, 0x438A074EUL, - 0x1F97C090UL, 0x081BDB8AUL, 0x93A07EBEUL, 0xB938CA15UL, - 0x97B03CFFUL, 0x3DC2C0F8UL, 0x8D1AB2ECUL, 0x64380E51UL, - 0x68CC7BFBUL, 0xD90F2788UL, 0x12490181UL, 0x5DE5FFD4UL, - 0xDD7EF86AUL, 0x76A2E214UL, 0xB9A40368UL, 0x925D958FUL, - 0x4B39FFFAUL, 0xBA39AEE9UL, 0xA4FFD30BUL, 0xFAF7933BUL, - 0x6D498623UL, 0x193CBCFAUL, 0x27627545UL, 0x825CF47AUL, - 0x61BD8BA0UL, 0xD11E42D1UL, 0xCEAD04F4UL, 0x127EA392UL, - 0x10428DB7UL, 0x8272A972UL, 0x9270C4A8UL, 0x127DE50BUL, - 0x285BA1C8UL, 0x3C62F44FUL, 0x35C0EAA5UL, 0xE805D231UL, - 0x428929FBUL, 0xB4FCDF82UL, 0x4FB66A53UL, 0x0E7DC15BUL, - 0x1F081FABUL, 0x108618AEUL, 0xFCFD086DUL, 0xF9FF2889UL, - 0x694BCC11UL, 0x236A5CAEUL, 0x12DECA4DUL, 0x2C3F8CC5UL, - 0xD2D02DFEUL, 0xF8EF5896UL, 0xE4CF52DAUL, 0x95155B67UL, - 0x494A488CUL, 0xB9B6A80CUL, 0x5C8F82BCUL, 0x89D36B45UL, - 0x3A609437UL, 0xEC00C9A9UL, 0x44715253UL, 0x0A874B49UL, - 0xD773BC40UL, 0x7C34671CUL, 0x02717EF6UL, 0x4FEB5536UL, - 0xA2D02FFFUL, 0xD2BF60C4UL, 0xD43F03C0UL, 0x50B4EF6DUL, - 0x07478CD1UL, 0x006E1888UL, 0xA2E53F55UL, 0xB9E6D4BCUL, - 0xA2048016UL, 0x97573833UL, 0xD7207D67UL, 0xDE0F8F3DUL, - 0x72F87B33UL, 0xABCC4F33UL, 0x7688C55DUL, 0x7B00A6B0UL, - 0x947B0001UL, 0x570075D2UL, 0xF9BB88F8UL, 0x8942019EUL, - 0x4264A5FFUL, 0x856302E0UL, 0x72DBD92BUL, 0xEE971B69UL, - 0x6EA22FDEUL, 0x5F08AE2BUL, 0xAF7A616DUL, 0xE5C98767UL, - 0xCF1FEBD2UL, 0x61EFC8C2UL, 0xF1AC2571UL, 0xCC8239C2UL, - 0x67214CB8UL, 0xB1E583D1UL, 0xB7DC3E62UL, 0x7F10BDCEUL, - 0xF90A5C38UL, 0x0FF0443DUL, 0x606E6DC6UL, 0x60543A49UL, - 0x5727C148UL, 0x2BE98A1DUL, 0x8AB41738UL, 0x20E1BE24UL, - 0xAF96DA0FUL, 0x68458425UL, 0x99833BE5UL, 0x600D457DUL, - 0x282F9350UL, 0x8334B362UL, 0xD91D1120UL, 0x2B6D8DA0UL, - 0x642B1E31UL, 0x9C305A00UL, 0x52BCE688UL, 0x1B03588AUL, - 0xF7BAEFD5UL, 0x4142ED9CUL, 0xA4315C11UL, 0x83323EC5UL, - 0xDFEF4636UL, 0xA133C501UL, 0xE9D3531CUL, 0xEE353783UL -}, - -{ - 0x9DB30420UL, 0x1FB6E9DEUL, 0xA7BE7BEFUL, 0xD273A298UL, - 0x4A4F7BDBUL, 0x64AD8C57UL, 0x85510443UL, 0xFA020ED1UL, - 0x7E287AFFUL, 0xE60FB663UL, 0x095F35A1UL, 0x79EBF120UL, - 0xFD059D43UL, 0x6497B7B1UL, 0xF3641F63UL, 0x241E4ADFUL, - 0x28147F5FUL, 0x4FA2B8CDUL, 0xC9430040UL, 0x0CC32220UL, - 0xFDD30B30UL, 0xC0A5374FUL, 0x1D2D00D9UL, 0x24147B15UL, - 0xEE4D111AUL, 0x0FCA5167UL, 0x71FF904CUL, 0x2D195FFEUL, - 0x1A05645FUL, 0x0C13FEFEUL, 0x081B08CAUL, 0x05170121UL, - 0x80530100UL, 0xE83E5EFEUL, 0xAC9AF4F8UL, 0x7FE72701UL, - 0xD2B8EE5FUL, 0x06DF4261UL, 0xBB9E9B8AUL, 0x7293EA25UL, - 0xCE84FFDFUL, 0xF5718801UL, 0x3DD64B04UL, 0xA26F263BUL, - 0x7ED48400UL, 0x547EEBE6UL, 0x446D4CA0UL, 0x6CF3D6F5UL, - 0x2649ABDFUL, 0xAEA0C7F5UL, 0x36338CC1UL, 0x503F7E93UL, - 0xD3772061UL, 0x11B638E1UL, 0x72500E03UL, 0xF80EB2BBUL, - 0xABE0502EUL, 0xEC8D77DEUL, 0x57971E81UL, 0xE14F6746UL, - 0xC9335400UL, 0x6920318FUL, 0x081DBB99UL, 0xFFC304A5UL, - 0x4D351805UL, 0x7F3D5CE3UL, 0xA6C866C6UL, 0x5D5BCCA9UL, - 0xDAEC6FEAUL, 0x9F926F91UL, 0x9F46222FUL, 0x3991467DUL, - 0xA5BF6D8EUL, 0x1143C44FUL, 0x43958302UL, 0xD0214EEBUL, - 0x022083B8UL, 0x3FB6180CUL, 0x18F8931EUL, 0x281658E6UL, - 0x26486E3EUL, 0x8BD78A70UL, 0x7477E4C1UL, 0xB506E07CUL, - 0xF32D0A25UL, 0x79098B02UL, 0xE4EABB81UL, 0x28123B23UL, - 0x69DEAD38UL, 0x1574CA16UL, 0xDF871B62UL, 0x211C40B7UL, - 0xA51A9EF9UL, 0x0014377BUL, 0x041E8AC8UL, 0x09114003UL, - 0xBD59E4D2UL, 0xE3D156D5UL, 0x4FE876D5UL, 0x2F91A340UL, - 0x557BE8DEUL, 0x00EAE4A7UL, 0x0CE5C2ECUL, 0x4DB4BBA6UL, - 0xE756BDFFUL, 0xDD3369ACUL, 0xEC17B035UL, 0x06572327UL, - 0x99AFC8B0UL, 0x56C8C391UL, 0x6B65811CUL, 0x5E146119UL, - 0x6E85CB75UL, 0xBE07C002UL, 0xC2325577UL, 0x893FF4ECUL, - 0x5BBFC92DUL, 0xD0EC3B25UL, 0xB7801AB7UL, 0x8D6D3B24UL, - 0x20C763EFUL, 0xC366A5FCUL, 0x9C382880UL, 0x0ACE3205UL, - 0xAAC9548AUL, 0xECA1D7C7UL, 0x041AFA32UL, 0x1D16625AUL, - 0x6701902CUL, 0x9B757A54UL, 0x31D477F7UL, 0x9126B031UL, - 0x36CC6FDBUL, 0xC70B8B46UL, 0xD9E66A48UL, 0x56E55A79UL, - 0x026A4CEBUL, 0x52437EFFUL, 0x2F8F76B4UL, 0x0DF980A5UL, - 0x8674CDE3UL, 0xEDDA04EBUL, 0x17A9BE04UL, 0x2C18F4DFUL, - 0xB7747F9DUL, 0xAB2AF7B4UL, 0xEFC34D20UL, 0x2E096B7CUL, - 0x1741A254UL, 0xE5B6A035UL, 0x213D42F6UL, 0x2C1C7C26UL, - 0x61C2F50FUL, 0x6552DAF9UL, 0xD2C231F8UL, 0x25130F69UL, - 0xD8167FA2UL, 0x0418F2C8UL, 0x001A96A6UL, 0x0D1526ABUL, - 0x63315C21UL, 0x5E0A72ECUL, 0x49BAFEFDUL, 0x187908D9UL, - 0x8D0DBD86UL, 0x311170A7UL, 0x3E9B640CUL, 0xCC3E10D7UL, - 0xD5CAD3B6UL, 0x0CAEC388UL, 0xF73001E1UL, 0x6C728AFFUL, - 0x71EAE2A1UL, 0x1F9AF36EUL, 0xCFCBD12FUL, 0xC1DE8417UL, - 0xAC07BE6BUL, 0xCB44A1D8UL, 0x8B9B0F56UL, 0x013988C3UL, - 0xB1C52FCAUL, 0xB4BE31CDUL, 0xD8782806UL, 0x12A3A4E2UL, - 0x6F7DE532UL, 0x58FD7EB6UL, 0xD01EE900UL, 0x24ADFFC2UL, - 0xF4990FC5UL, 0x9711AAC5UL, 0x001D7B95UL, 0x82E5E7D2UL, - 0x109873F6UL, 0x00613096UL, 0xC32D9521UL, 0xADA121FFUL, - 0x29908415UL, 0x7FBB977FUL, 0xAF9EB3DBUL, 0x29C9ED2AUL, - 0x5CE2A465UL, 0xA730F32CUL, 0xD0AA3FE8UL, 0x8A5CC091UL, - 0xD49E2CE7UL, 0x0CE454A9UL, 0xD60ACD86UL, 0x015F1919UL, - 0x77079103UL, 0xDEA03AF6UL, 0x78A8565EUL, 0xDEE356DFUL, - 0x21F05CBEUL, 0x8B75E387UL, 0xB3C50651UL, 0xB8A5C3EFUL, - 0xD8EEB6D2UL, 0xE523BE77UL, 0xC2154529UL, 0x2F69EFDFUL, - 0xAFE67AFBUL, 0xF470C4B2UL, 0xF3E0EB5BUL, 0xD6CC9876UL, - 0x39E4460CUL, 0x1FDA8538UL, 0x1987832FUL, 0xCA007367UL, - 0xA99144F8UL, 0x296B299EUL, 0x492FC295UL, 0x9266BEABUL, - 0xB5676E69UL, 0x9BD3DDDAUL, 0xDF7E052FUL, 0xDB25701CUL, - 0x1B5E51EEUL, 0xF65324E6UL, 0x6AFCE36CUL, 0x0316CC04UL, - 0x8644213EUL, 0xB7DC59D0UL, 0x7965291FUL, 0xCCD6FD43UL, - 0x41823979UL, 0x932BCDF6UL, 0xB657C34DUL, 0x4EDFD282UL, - 0x7AE5290CUL, 0x3CB9536BUL, 0x851E20FEUL, 0x9833557EUL, - 0x13ECF0B0UL, 0xD3FFB372UL, 0x3F85C5C1UL, 0x0AEF7ED2UL -}, - -{ - 0x7EC90C04UL, 0x2C6E74B9UL, 0x9B0E66DFUL, 0xA6337911UL, - 0xB86A7FFFUL, 0x1DD358F5UL, 0x44DD9D44UL, 0x1731167FUL, - 0x08FBF1FAUL, 0xE7F511CCUL, 0xD2051B00UL, 0x735ABA00UL, - 0x2AB722D8UL, 0x386381CBUL, 0xACF6243AUL, 0x69BEFD7AUL, - 0xE6A2E77FUL, 0xF0C720CDUL, 0xC4494816UL, 0xCCF5C180UL, - 0x38851640UL, 0x15B0A848UL, 0xE68B18CBUL, 0x4CAADEFFUL, - 0x5F480A01UL, 0x0412B2AAUL, 0x259814FCUL, 0x41D0EFE2UL, - 0x4E40B48DUL, 0x248EB6FBUL, 0x8DBA1CFEUL, 0x41A99B02UL, - 0x1A550A04UL, 0xBA8F65CBUL, 0x7251F4E7UL, 0x95A51725UL, - 0xC106ECD7UL, 0x97A5980AUL, 0xC539B9AAUL, 0x4D79FE6AUL, - 0xF2F3F763UL, 0x68AF8040UL, 0xED0C9E56UL, 0x11B4958BUL, - 0xE1EB5A88UL, 0x8709E6B0UL, 0xD7E07156UL, 0x4E29FEA7UL, - 0x6366E52DUL, 0x02D1C000UL, 0xC4AC8E05UL, 0x9377F571UL, - 0x0C05372AUL, 0x578535F2UL, 0x2261BE02UL, 0xD642A0C9UL, - 0xDF13A280UL, 0x74B55BD2UL, 0x682199C0UL, 0xD421E5ECUL, - 0x53FB3CE8UL, 0xC8ADEDB3UL, 0x28A87FC9UL, 0x3D959981UL, - 0x5C1FF900UL, 0xFE38D399UL, 0x0C4EFF0BUL, 0x062407EAUL, - 0xAA2F4FB1UL, 0x4FB96976UL, 0x90C79505UL, 0xB0A8A774UL, - 0xEF55A1FFUL, 0xE59CA2C2UL, 0xA6B62D27UL, 0xE66A4263UL, - 0xDF65001FUL, 0x0EC50966UL, 0xDFDD55BCUL, 0x29DE0655UL, - 0x911E739AUL, 0x17AF8975UL, 0x32C7911CUL, 0x89F89468UL, - 0x0D01E980UL, 0x524755F4UL, 0x03B63CC9UL, 0x0CC844B2UL, - 0xBCF3F0AAUL, 0x87AC36E9UL, 0xE53A7426UL, 0x01B3D82BUL, - 0x1A9E7449UL, 0x64EE2D7EUL, 0xCDDBB1DAUL, 0x01C94910UL, - 0xB868BF80UL, 0x0D26F3FDUL, 0x9342EDE7UL, 0x04A5C284UL, - 0x636737B6UL, 0x50F5B616UL, 0xF24766E3UL, 0x8ECA36C1UL, - 0x136E05DBUL, 0xFEF18391UL, 0xFB887A37UL, 0xD6E7F7D4UL, - 0xC7FB7DC9UL, 0x3063FCDFUL, 0xB6F589DEUL, 0xEC2941DAUL, - 0x26E46695UL, 0xB7566419UL, 0xF654EFC5UL, 0xD08D58B7UL, - 0x48925401UL, 0xC1BACB7FUL, 0xE5FF550FUL, 0xB6083049UL, - 0x5BB5D0E8UL, 0x87D72E5AUL, 0xAB6A6EE1UL, 0x223A66CEUL, - 0xC62BF3CDUL, 0x9E0885F9UL, 0x68CB3E47UL, 0x086C010FUL, - 0xA21DE820UL, 0xD18B69DEUL, 0xF3F65777UL, 0xFA02C3F6UL, - 0x407EDAC3UL, 0xCBB3D550UL, 0x1793084DUL, 0xB0D70EBAUL, - 0x0AB378D5UL, 0xD951FB0CUL, 0xDED7DA56UL, 0x4124BBE4UL, - 0x94CA0B56UL, 0x0F5755D1UL, 0xE0E1E56EUL, 0x6184B5BEUL, - 0x580A249FUL, 0x94F74BC0UL, 0xE327888EUL, 0x9F7B5561UL, - 0xC3DC0280UL, 0x05687715UL, 0x646C6BD7UL, 0x44904DB3UL, - 0x66B4F0A3UL, 0xC0F1648AUL, 0x697ED5AFUL, 0x49E92FF6UL, - 0x309E374FUL, 0x2CB6356AUL, 0x85808573UL, 0x4991F840UL, - 0x76F0AE02UL, 0x083BE84DUL, 0x28421C9AUL, 0x44489406UL, - 0x736E4CB8UL, 0xC1092910UL, 0x8BC95FC6UL, 0x7D869CF4UL, - 0x134F616FUL, 0x2E77118DUL, 0xB31B2BE1UL, 0xAA90B472UL, - 0x3CA5D717UL, 0x7D161BBAUL, 0x9CAD9010UL, 0xAF462BA2UL, - 0x9FE459D2UL, 0x45D34559UL, 0xD9F2DA13UL, 0xDBC65487UL, - 0xF3E4F94EUL, 0x176D486FUL, 0x097C13EAUL, 0x631DA5C7UL, - 0x445F7382UL, 0x175683F4UL, 0xCDC66A97UL, 0x70BE0288UL, - 0xB3CDCF72UL, 0x6E5DD2F3UL, 0x20936079UL, 0x459B80A5UL, - 0xBE60E2DBUL, 0xA9C23101UL, 0xEBA5315CUL, 0x224E42F2UL, - 0x1C5C1572UL, 0xF6721B2CUL, 0x1AD2FFF3UL, 0x8C25404EUL, - 0x324ED72FUL, 0x4067B7FDUL, 0x0523138EUL, 0x5CA3BC78UL, - 0xDC0FD66EUL, 0x75922283UL, 0x784D6B17UL, 0x58EBB16EUL, - 0x44094F85UL, 0x3F481D87UL, 0xFCFEAE7BUL, 0x77B5FF76UL, - 0x8C2302BFUL, 0xAAF47556UL, 0x5F46B02AUL, 0x2B092801UL, - 0x3D38F5F7UL, 0x0CA81F36UL, 0x52AF4A8AUL, 0x66D5E7C0UL, - 0xDF3B0874UL, 0x95055110UL, 0x1B5AD7A8UL, 0xF61ED5ADUL, - 0x6CF6E479UL, 0x20758184UL, 0xD0CEFA65UL, 0x88F7BE58UL, - 0x4A046826UL, 0x0FF6F8F3UL, 0xA09C7F70UL, 0x5346ABA0UL, - 0x5CE96C28UL, 0xE176EDA3UL, 0x6BAC307FUL, 0x376829D2UL, - 0x85360FA9UL, 0x17E3FE2AUL, 0x24B79767UL, 0xF5A96B20UL, - 0xD6CD2595UL, 0x68FF1EBFUL, 0x7555442CUL, 0xF19F06BEUL, - 0xF9E0659AUL, 0xEEB9491DUL, 0x34010718UL, 0xBB30CAB8UL, - 0xE822FE15UL, 0x88570983UL, 0x750E6249UL, 0xDA627E55UL, - 0x5E76FFA8UL, 0xB1534546UL, 0x6D47DE08UL, 0xEFE9E7D4UL -}, - -{ - 0xF6FA8F9DUL, 0x2CAC6CE1UL, 0x4CA34867UL, 0xE2337F7CUL, - 0x95DB08E7UL, 0x016843B4UL, 0xECED5CBCUL, 0x325553ACUL, - 0xBF9F0960UL, 0xDFA1E2EDUL, 0x83F0579DUL, 0x63ED86B9UL, - 0x1AB6A6B8UL, 0xDE5EBE39UL, 0xF38FF732UL, 0x8989B138UL, - 0x33F14961UL, 0xC01937BDUL, 0xF506C6DAUL, 0xE4625E7EUL, - 0xA308EA99UL, 0x4E23E33CUL, 0x79CBD7CCUL, 0x48A14367UL, - 0xA3149619UL, 0xFEC94BD5UL, 0xA114174AUL, 0xEAA01866UL, - 0xA084DB2DUL, 0x09A8486FUL, 0xA888614AUL, 0x2900AF98UL, - 0x01665991UL, 0xE1992863UL, 0xC8F30C60UL, 0x2E78EF3CUL, - 0xD0D51932UL, 0xCF0FEC14UL, 0xF7CA07D2UL, 0xD0A82072UL, - 0xFD41197EUL, 0x9305A6B0UL, 0xE86BE3DAUL, 0x74BED3CDUL, - 0x372DA53CUL, 0x4C7F4448UL, 0xDAB5D440UL, 0x6DBA0EC3UL, - 0x083919A7UL, 0x9FBAEED9UL, 0x49DBCFB0UL, 0x4E670C53UL, - 0x5C3D9C01UL, 0x64BDB941UL, 0x2C0E636AUL, 0xBA7DD9CDUL, - 0xEA6F7388UL, 0xE70BC762UL, 0x35F29ADBUL, 0x5C4CDD8DUL, - 0xF0D48D8CUL, 0xB88153E2UL, 0x08A19866UL, 0x1AE2EAC8UL, - 0x284CAF89UL, 0xAA928223UL, 0x9334BE53UL, 0x3B3A21BFUL, - 0x16434BE3UL, 0x9AEA3906UL, 0xEFE8C36EUL, 0xF890CDD9UL, - 0x80226DAEUL, 0xC340A4A3UL, 0xDF7E9C09UL, 0xA694A807UL, - 0x5B7C5ECCUL, 0x221DB3A6UL, 0x9A69A02FUL, 0x68818A54UL, - 0xCEB2296FUL, 0x53C0843AUL, 0xFE893655UL, 0x25BFE68AUL, - 0xB4628ABCUL, 0xCF222EBFUL, 0x25AC6F48UL, 0xA9A99387UL, - 0x53BDDB65UL, 0xE76FFBE7UL, 0xE967FD78UL, 0x0BA93563UL, - 0x8E342BC1UL, 0xE8A11BE9UL, 0x4980740DUL, 0xC8087DFCUL, - 0x8DE4BF99UL, 0xA11101A0UL, 0x7FD37975UL, 0xDA5A26C0UL, - 0xE81F994FUL, 0x9528CD89UL, 0xFD339FEDUL, 0xB87834BFUL, - 0x5F04456DUL, 0x22258698UL, 0xC9C4C83BUL, 0x2DC156BEUL, - 0x4F628DAAUL, 0x57F55EC5UL, 0xE2220ABEUL, 0xD2916EBFUL, - 0x4EC75B95UL, 0x24F2C3C0UL, 0x42D15D99UL, 0xCD0D7FA0UL, - 0x7B6E27FFUL, 0xA8DC8AF0UL, 0x7345C106UL, 0xF41E232FUL, - 0x35162386UL, 0xE6EA8926UL, 0x3333B094UL, 0x157EC6F2UL, - 0x372B74AFUL, 0x692573E4UL, 0xE9A9D848UL, 0xF3160289UL, - 0x3A62EF1DUL, 0xA787E238UL, 0xF3A5F676UL, 0x74364853UL, - 0x20951063UL, 0x4576698DUL, 0xB6FAD407UL, 0x592AF950UL, - 0x36F73523UL, 0x4CFB6E87UL, 0x7DA4CEC0UL, 0x6C152DAAUL, - 0xCB0396A8UL, 0xC50DFE5DUL, 0xFCD707ABUL, 0x0921C42FUL, - 0x89DFF0BBUL, 0x5FE2BE78UL, 0x448F4F33UL, 0x754613C9UL, - 0x2B05D08DUL, 0x48B9D585UL, 0xDC049441UL, 0xC8098F9BUL, - 0x7DEDE786UL, 0xC39A3373UL, 0x42410005UL, 0x6A091751UL, - 0x0EF3C8A6UL, 0x890072D6UL, 0x28207682UL, 0xA9A9F7BEUL, - 0xBF32679DUL, 0xD45B5B75UL, 0xB353FD00UL, 0xCBB0E358UL, - 0x830F220AUL, 0x1F8FB214UL, 0xD372CF08UL, 0xCC3C4A13UL, - 0x8CF63166UL, 0x061C87BEUL, 0x88C98F88UL, 0x6062E397UL, - 0x47CF8E7AUL, 0xB6C85283UL, 0x3CC2ACFBUL, 0x3FC06976UL, - 0x4E8F0252UL, 0x64D8314DUL, 0xDA3870E3UL, 0x1E665459UL, - 0xC10908F0UL, 0x513021A5UL, 0x6C5B68B7UL, 0x822F8AA0UL, - 0x3007CD3EUL, 0x74719EEFUL, 0xDC872681UL, 0x073340D4UL, - 0x7E432FD9UL, 0x0C5EC241UL, 0x8809286CUL, 0xF592D891UL, - 0x08A930F6UL, 0x957EF305UL, 0xB7FBFFBDUL, 0xC266E96FUL, - 0x6FE4AC98UL, 0xB173ECC0UL, 0xBC60B42AUL, 0x953498DAUL, - 0xFBA1AE12UL, 0x2D4BD736UL, 0x0F25FAABUL, 0xA4F3FCEBUL, - 0xE2969123UL, 0x257F0C3DUL, 0x9348AF49UL, 0x361400BCUL, - 0xE8816F4AUL, 0x3814F200UL, 0xA3F94043UL, 0x9C7A54C2UL, - 0xBC704F57UL, 0xDA41E7F9UL, 0xC25AD33AUL, 0x54F4A084UL, - 0xB17F5505UL, 0x59357CBEUL, 0xEDBD15C8UL, 0x7F97C5ABUL, - 0xBA5AC7B5UL, 0xB6F6DEAFUL, 0x3A479C3AUL, 0x5302DA25UL, - 0x653D7E6AUL, 0x54268D49UL, 0x51A477EAUL, 0x5017D55BUL, - 0xD7D25D88UL, 0x44136C76UL, 0x0404A8C8UL, 0xB8E5A121UL, - 0xB81A928AUL, 0x60ED5869UL, 0x97C55B96UL, 0xEAEC991BUL, - 0x29935913UL, 0x01FDB7F1UL, 0x088E8DFAUL, 0x9AB6F6F5UL, - 0x3B4CBF9FUL, 0x4A5DE3ABUL, 0xE6051D35UL, 0xA0E1D855UL, - 0xD36B4CF1UL, 0xF544EDEBUL, 0xB0E93524UL, 0xBEBB8FBDUL, - 0xA2D762CFUL, 0x49C92F54UL, 0x38B5F331UL, 0x7128A454UL, - 0x48392905UL, 0xA65B1DB8UL, 0x851C97BDUL, 0xD675CF2FUL -}, - -{ - 0x85E04019UL, 0x332BF567UL, 0x662DBFFFUL, 0xCFC65693UL, - 0x2A8D7F6FUL, 0xAB9BC912UL, 0xDE6008A1UL, 0x2028DA1FUL, - 0x0227BCE7UL, 0x4D642916UL, 0x18FAC300UL, 0x50F18B82UL, - 0x2CB2CB11UL, 0xB232E75CUL, 0x4B3695F2UL, 0xB28707DEUL, - 0xA05FBCF6UL, 0xCD4181E9UL, 0xE150210CUL, 0xE24EF1BDUL, - 0xB168C381UL, 0xFDE4E789UL, 0x5C79B0D8UL, 0x1E8BFD43UL, - 0x4D495001UL, 0x38BE4341UL, 0x913CEE1DUL, 0x92A79C3FUL, - 0x089766BEUL, 0xBAEEADF4UL, 0x1286BECFUL, 0xB6EACB19UL, - 0x2660C200UL, 0x7565BDE4UL, 0x64241F7AUL, 0x8248DCA9UL, - 0xC3B3AD66UL, 0x28136086UL, 0x0BD8DFA8UL, 0x356D1CF2UL, - 0x107789BEUL, 0xB3B2E9CEUL, 0x0502AA8FUL, 0x0BC0351EUL, - 0x166BF52AUL, 0xEB12FF82UL, 0xE3486911UL, 0xD34D7516UL, - 0x4E7B3AFFUL, 0x5F43671BUL, 0x9CF6E037UL, 0x4981AC83UL, - 0x334266CEUL, 0x8C9341B7UL, 0xD0D854C0UL, 0xCB3A6C88UL, - 0x47BC2829UL, 0x4725BA37UL, 0xA66AD22BUL, 0x7AD61F1EUL, - 0x0C5CBAFAUL, 0x4437F107UL, 0xB6E79962UL, 0x42D2D816UL, - 0x0A961288UL, 0xE1A5C06EUL, 0x13749E67UL, 0x72FC081AUL, - 0xB1D139F7UL, 0xF9583745UL, 0xCF19DF58UL, 0xBEC3F756UL, - 0xC06EBA30UL, 0x07211B24UL, 0x45C28829UL, 0xC95E317FUL, - 0xBC8EC511UL, 0x38BC46E9UL, 0xC6E6FA14UL, 0xBAE8584AUL, - 0xAD4EBC46UL, 0x468F508BUL, 0x7829435FUL, 0xF124183BUL, - 0x821DBA9FUL, 0xAFF60FF4UL, 0xEA2C4E6DUL, 0x16E39264UL, - 0x92544A8BUL, 0x009B4FC3UL, 0xABA68CEDUL, 0x9AC96F78UL, - 0x06A5B79AUL, 0xB2856E6EUL, 0x1AEC3CA9UL, 0xBE838688UL, - 0x0E0804E9UL, 0x55F1BE56UL, 0xE7E5363BUL, 0xB3A1F25DUL, - 0xF7DEBB85UL, 0x61FE033CUL, 0x16746233UL, 0x3C034C28UL, - 0xDA6D0C74UL, 0x79AAC56CUL, 0x3CE4E1ADUL, 0x51F0C802UL, - 0x98F8F35AUL, 0x1626A49FUL, 0xEED82B29UL, 0x1D382FE3UL, - 0x0C4FB99AUL, 0xBB325778UL, 0x3EC6D97BUL, 0x6E77A6A9UL, - 0xCB658B5CUL, 0xD45230C7UL, 0x2BD1408BUL, 0x60C03EB7UL, - 0xB9068D78UL, 0xA33754F4UL, 0xF430C87DUL, 0xC8A71302UL, - 0xB96D8C32UL, 0xEBD4E7BEUL, 0xBE8B9D2DUL, 0x7979FB06UL, - 0xE7225308UL, 0x8B75CF77UL, 0x11EF8DA4UL, 0xE083C858UL, - 0x8D6B786FUL, 0x5A6317A6UL, 0xFA5CF7A0UL, 0x5DDA0033UL, - 0xF28EBFB0UL, 0xF5B9C310UL, 0xA0EAC280UL, 0x08B9767AUL, - 0xA3D9D2B0UL, 0x79D34217UL, 0x021A718DUL, 0x9AC6336AUL, - 0x2711FD60UL, 0x438050E3UL, 0x069908A8UL, 0x3D7FEDC4UL, - 0x826D2BEFUL, 0x4EEB8476UL, 0x488DCF25UL, 0x36C9D566UL, - 0x28E74E41UL, 0xC2610ACAUL, 0x3D49A9CFUL, 0xBAE3B9DFUL, - 0xB65F8DE6UL, 0x92AEAF64UL, 0x3AC7D5E6UL, 0x9EA80509UL, - 0xF22B017DUL, 0xA4173F70UL, 0xDD1E16C3UL, 0x15E0D7F9UL, - 0x50B1B887UL, 0x2B9F4FD5UL, 0x625ABA82UL, 0x6A017962UL, - 0x2EC01B9CUL, 0x15488AA9UL, 0xD716E740UL, 0x40055A2CUL, - 0x93D29A22UL, 0xE32DBF9AUL, 0x058745B9UL, 0x3453DC1EUL, - 0xD699296EUL, 0x496CFF6FUL, 0x1C9F4986UL, 0xDFE2ED07UL, - 0xB87242D1UL, 0x19DE7EAEUL, 0x053E561AUL, 0x15AD6F8CUL, - 0x66626C1CUL, 0x7154C24CUL, 0xEA082B2AUL, 0x93EB2939UL, - 0x17DCB0F0UL, 0x58D4F2AEUL, 0x9EA294FBUL, 0x52CF564CUL, - 0x9883FE66UL, 0x2EC40581UL, 0x763953C3UL, 0x01D6692EUL, - 0xD3A0C108UL, 0xA1E7160EUL, 0xE4F2DFA6UL, 0x693ED285UL, - 0x74904698UL, 0x4C2B0EDDUL, 0x4F757656UL, 0x5D393378UL, - 0xA132234FUL, 0x3D321C5DUL, 0xC3F5E194UL, 0x4B269301UL, - 0xC79F022FUL, 0x3C997E7EUL, 0x5E4F9504UL, 0x3FFAFBBDUL, - 0x76F7AD0EUL, 0x296693F4UL, 0x3D1FCE6FUL, 0xC61E45BEUL, - 0xD3B5AB34UL, 0xF72BF9B7UL, 0x1B0434C0UL, 0x4E72B567UL, - 0x5592A33DUL, 0xB5229301UL, 0xCFD2A87FUL, 0x60AEB767UL, - 0x1814386BUL, 0x30BCC33DUL, 0x38A0C07DUL, 0xFD1606F2UL, - 0xC363519BUL, 0x589DD390UL, 0x5479F8E6UL, 0x1CB8D647UL, - 0x97FD61A9UL, 0xEA7759F4UL, 0x2D57539DUL, 0x569A58CFUL, - 0xE84E63ADUL, 0x462E1B78UL, 0x6580F87EUL, 0xF3817914UL, - 0x91DA55F4UL, 0x40A230F3UL, 0xD1988F35UL, 0xB6E318D2UL, - 0x3FFA50BCUL, 0x3D40F021UL, 0xC3C0BDAEUL, 0x4958C24CUL, - 0x518F36B2UL, 0x84B1D370UL, 0x0FEDCE83UL, 0x878DDADAUL, - 0xF2A279C7UL, 0x94E01BE8UL, 0x90716F4BUL, 0x954B8AA3UL -}, - -{ - 0xE216300DUL, 0xBBDDFFFCUL, 0xA7EBDABDUL, 0x35648095UL, - 0x7789F8B7UL, 0xE6C1121BUL, 0x0E241600UL, 0x052CE8B5UL, - 0x11A9CFB0UL, 0xE5952F11UL, 0xECE7990AUL, 0x9386D174UL, - 0x2A42931CUL, 0x76E38111UL, 0xB12DEF3AUL, 0x37DDDDFCUL, - 0xDE9ADEB1UL, 0x0A0CC32CUL, 0xBE197029UL, 0x84A00940UL, - 0xBB243A0FUL, 0xB4D137CFUL, 0xB44E79F0UL, 0x049EEDFDUL, - 0x0B15A15DUL, 0x480D3168UL, 0x8BBBDE5AUL, 0x669DED42UL, - 0xC7ECE831UL, 0x3F8F95E7UL, 0x72DF191BUL, 0x7580330DUL, - 0x94074251UL, 0x5C7DCDFAUL, 0xABBE6D63UL, 0xAA402164UL, - 0xB301D40AUL, 0x02E7D1CAUL, 0x53571DAEUL, 0x7A3182A2UL, - 0x12A8DDECUL, 0xFDAA335DUL, 0x176F43E8UL, 0x71FB46D4UL, - 0x38129022UL, 0xCE949AD4UL, 0xB84769ADUL, 0x965BD862UL, - 0x82F3D055UL, 0x66FB9767UL, 0x15B80B4EUL, 0x1D5B47A0UL, - 0x4CFDE06FUL, 0xC28EC4B8UL, 0x57E8726EUL, 0x647A78FCUL, - 0x99865D44UL, 0x608BD593UL, 0x6C200E03UL, 0x39DC5FF6UL, - 0x5D0B00A3UL, 0xAE63AFF2UL, 0x7E8BD632UL, 0x70108C0CUL, - 0xBBD35049UL, 0x2998DF04UL, 0x980CF42AUL, 0x9B6DF491UL, - 0x9E7EDD53UL, 0x06918548UL, 0x58CB7E07UL, 0x3B74EF2EUL, - 0x522FFFB1UL, 0xD24708CCUL, 0x1C7E27CDUL, 0xA4EB215BUL, - 0x3CF1D2E2UL, 0x19B47A38UL, 0x424F7618UL, 0x35856039UL, - 0x9D17DEE7UL, 0x27EB35E6UL, 0xC9AFF67BUL, 0x36BAF5B8UL, - 0x09C467CDUL, 0xC18910B1UL, 0xE11DBF7BUL, 0x06CD1AF8UL, - 0x7170C608UL, 0x2D5E3354UL, 0xD4DE495AUL, 0x64C6D006UL, - 0xBCC0C62CUL, 0x3DD00DB3UL, 0x708F8F34UL, 0x77D51B42UL, - 0x264F620FUL, 0x24B8D2BFUL, 0x15C1B79EUL, 0x46A52564UL, - 0xF8D7E54EUL, 0x3E378160UL, 0x7895CDA5UL, 0x859C15A5UL, - 0xE6459788UL, 0xC37BC75FUL, 0xDB07BA0CUL, 0x0676A3ABUL, - 0x7F229B1EUL, 0x31842E7BUL, 0x24259FD7UL, 0xF8BEF472UL, - 0x835FFCB8UL, 0x6DF4C1F2UL, 0x96F5B195UL, 0xFD0AF0FCUL, - 0xB0FE134CUL, 0xE2506D3DUL, 0x4F9B12EAUL, 0xF215F225UL, - 0xA223736FUL, 0x9FB4C428UL, 0x25D04979UL, 0x34C713F8UL, - 0xC4618187UL, 0xEA7A6E98UL, 0x7CD16EFCUL, 0x1436876CUL, - 0xF1544107UL, 0xBEDEEE14UL, 0x56E9AF27UL, 0xA04AA441UL, - 0x3CF7C899UL, 0x92ECBAE6UL, 0xDD67016DUL, 0x151682EBUL, - 0xA842EEDFUL, 0xFDBA60B4UL, 0xF1907B75UL, 0x20E3030FUL, - 0x24D8C29EUL, 0xE139673BUL, 0xEFA63FB8UL, 0x71873054UL, - 0xB6F2CF3BUL, 0x9F326442UL, 0xCB15A4CCUL, 0xB01A4504UL, - 0xF1E47D8DUL, 0x844A1BE5UL, 0xBAE7DFDCUL, 0x42CBDA70UL, - 0xCD7DAE0AUL, 0x57E85B7AUL, 0xD53F5AF6UL, 0x20CF4D8CUL, - 0xCEA4D428UL, 0x79D130A4UL, 0x3486EBFBUL, 0x33D3CDDCUL, - 0x77853B53UL, 0x37EFFCB5UL, 0xC5068778UL, 0xE580B3E6UL, - 0x4E68B8F4UL, 0xC5C8B37EUL, 0x0D809EA2UL, 0x398FEB7CUL, - 0x132A4F94UL, 0x43B7950EUL, 0x2FEE7D1CUL, 0x223613BDUL, - 0xDD06CAA2UL, 0x37DF932BUL, 0xC4248289UL, 0xACF3EBC3UL, - 0x5715F6B7UL, 0xEF3478DDUL, 0xF267616FUL, 0xC148CBE4UL, - 0x9052815EUL, 0x5E410FABUL, 0xB48A2465UL, 0x2EDA7FA4UL, - 0xE87B40E4UL, 0xE98EA084UL, 0x5889E9E1UL, 0xEFD390FCUL, - 0xDD07D35BUL, 0xDB485694UL, 0x38D7E5B2UL, 0x57720101UL, - 0x730EDEBCUL, 0x5B643113UL, 0x94917E4FUL, 0x503C2FBAUL, - 0x646F1282UL, 0x7523D24AUL, 0xE0779695UL, 0xF9C17A8FUL, - 0x7A5B2121UL, 0xD187B896UL, 0x29263A4DUL, 0xBA510CDFUL, - 0x81F47C9FUL, 0xAD1163EDUL, 0xEA7B5965UL, 0x1A00726EUL, - 0x11403092UL, 0x00DA6D77UL, 0x4A0CDD61UL, 0xAD1F4603UL, - 0x605BDFB0UL, 0x9EEDC364UL, 0x22EBE6A8UL, 0xCEE7D28AUL, - 0xA0E736A0UL, 0x5564A6B9UL, 0x10853209UL, 0xC7EB8F37UL, - 0x2DE705CAUL, 0x8951570FUL, 0xDF09822BUL, 0xBD691A6CUL, - 0xAA12E4F2UL, 0x87451C0FUL, 0xE0F6A27AUL, 0x3ADA4819UL, - 0x4CF1764FUL, 0x0D771C2BUL, 0x67CDB156UL, 0x350D8384UL, - 0x5938FA0FUL, 0x42399EF3UL, 0x36997B07UL, 0x0E84093DUL, - 0x4AA93E61UL, 0x8360D87BUL, 0x1FA98B0CUL, 0x1149382CUL, - 0xE97625A5UL, 0x0614D1B7UL, 0x0E25244BUL, 0x0C768347UL, - 0x589E8D82UL, 0x0D2059D1UL, 0xA466BB1EUL, 0xF8DA0A82UL, - 0x04F19130UL, 0xBA6E4EC0UL, 0x99265164UL, 0x1EE7230DUL, - 0x50B2AD80UL, 0xEAEE6801UL, 0x8DB2A283UL, 0xEA8BF59EUL -}}; - -NAMESPACE_END diff --git a/cryptopp562/cbcmac.cpp b/cryptopp562/cbcmac.cpp deleted file mode 100644 index 6b0e885..0000000 --- a/cryptopp562/cbcmac.cpp +++ /dev/null @@ -1,62 +0,0 @@ -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "cbcmac.h" - -NAMESPACE_BEGIN(CryptoPP) - -void CBC_MAC_Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) -{ - AccessCipher().SetKey(key, length, params); - m_reg.CleanNew(AccessCipher().BlockSize()); - m_counter = 0; -} - -void CBC_MAC_Base::Update(const byte *input, size_t length) -{ - unsigned int blockSize = AccessCipher().BlockSize(); - - while (m_counter && length) - { - m_reg[m_counter++] ^= *input++; - if (m_counter == blockSize) - ProcessBuf(); - length--; - } - - if (length >= blockSize) - { - size_t leftOver = AccessCipher().AdvancedProcessBlocks(m_reg, input, m_reg, length, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput); - input += (length - leftOver); - length = leftOver; - } - - while (length--) - { - m_reg[m_counter++] ^= *input++; - if (m_counter == blockSize) - ProcessBuf(); - } -} - -void CBC_MAC_Base::TruncatedFinal(byte *mac, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - if (m_counter) - ProcessBuf(); - - memcpy(mac, m_reg, size); - memset(m_reg, 0, AccessCipher().BlockSize()); -} - -void CBC_MAC_Base::ProcessBuf() -{ - AccessCipher().ProcessBlock(m_reg); - m_counter = 0; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cbcmac.h b/cryptopp562/cbcmac.h deleted file mode 100644 index 4675dcb..0000000 --- a/cryptopp562/cbcmac.h +++ /dev/null @@ -1,50 +0,0 @@ -#ifndef CRYPTOPP_CBCMAC_H -#define CRYPTOPP_CBCMAC_H - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_MAC_Base : public MessageAuthenticationCode -{ -public: - CBC_MAC_Base() {} - - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - void Update(const byte *input, size_t length); - void TruncatedFinal(byte *mac, size_t size); - unsigned int DigestSize() const {return const_cast<CBC_MAC_Base*>(this)->AccessCipher().BlockSize();} - -protected: - virtual BlockCipher & AccessCipher() =0; - -private: - void ProcessBuf(); - SecByteBlock m_reg; - unsigned int m_counter; -}; - -//! <a href="http://www.weidai.com/scan-mirror/mac.html#CBC-MAC">CBC-MAC</a> -/*! Compatible with FIPS 113. T should be a class derived from BlockCipherDocumentation. - Secure only for fixed length messages. For variable length messages use CMAC or DMAC. -*/ -template <class T> -class CBC_MAC : public MessageAuthenticationCodeImpl<CBC_MAC_Base, CBC_MAC<T> >, public SameKeyLengthAs<T> -{ -public: - CBC_MAC() {} - CBC_MAC(const byte *key, size_t length=SameKeyLengthAs<T>::DEFAULT_KEYLENGTH) - {this->SetKey(key, length);} - - static std::string StaticAlgorithmName() {return std::string("CBC-MAC(") + T::StaticAlgorithmName() + ")";} - -private: - BlockCipher & AccessCipher() {return m_cipher;} - typename T::Encryption m_cipher; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ccm.cpp b/cryptopp562/ccm.cpp deleted file mode 100644 index 0368787..0000000 --- a/cryptopp562/ccm.cpp +++ /dev/null @@ -1,140 +0,0 @@ -// ccm.cpp - written and placed in the public domain by Wei Dai
-
-#include "pch.h"
-
-#ifndef CRYPTOPP_IMPORTS
-
-#include "ccm.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-void CCM_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms)
-{
- BlockCipher &blockCipher = AccessBlockCipher();
-
- blockCipher.SetKey(userKey, keylength, params);
-
- if (blockCipher.BlockSize() != REQUIRED_BLOCKSIZE)
- throw InvalidArgument(AlgorithmName() + ": block size of underlying block cipher is not 16");
-
- m_digestSize = params.GetIntValueWithDefault(Name::DigestSize(), DefaultDigestSize());
- if (m_digestSize % 2 > 0 || m_digestSize < 4 || m_digestSize > 16)
- throw InvalidArgument(AlgorithmName() + ": DigestSize must be 4, 6, 8, 10, 12, 14, or 16");
-
- m_buffer.Grow(2*REQUIRED_BLOCKSIZE);
- m_L = 8;
-}
-
-void CCM_Base::Resync(const byte *iv, size_t len)
-{
- BlockCipher &cipher = AccessBlockCipher();
-
- m_L = REQUIRED_BLOCKSIZE-1-(int)len;
- assert(m_L >= 2);
- if (m_L > 8)
- m_L = 8;
-
- m_buffer[0] = byte(m_L-1); // flag
- memcpy(m_buffer+1, iv, len);
- memset(m_buffer+1+len, 0, REQUIRED_BLOCKSIZE-1-len);
-
- if (m_state >= State_IVSet)
- m_ctr.Resynchronize(m_buffer, REQUIRED_BLOCKSIZE);
- else
- m_ctr.SetCipherWithIV(cipher, m_buffer);
-
- m_ctr.Seek(REQUIRED_BLOCKSIZE);
- m_aadLength = 0;
- m_messageLength = 0;
-}
-
-void CCM_Base::UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength)
-{
- if (m_state != State_IVSet)
- throw BadState(AlgorithmName(), "SpecifyDataLengths", "or after State_IVSet");
-
- m_aadLength = headerLength;
- m_messageLength = messageLength;
-
- byte *cbcBuffer = CBC_Buffer();
- const BlockCipher &cipher = GetBlockCipher();
-
- cbcBuffer[0] = byte(64*(headerLength>0) + 8*((m_digestSize-2)/2) + (m_L-1)); // flag
- PutWord<word64>(true, BIG_ENDIAN_ORDER, cbcBuffer+REQUIRED_BLOCKSIZE-8, m_messageLength);
- memcpy(cbcBuffer+1, m_buffer+1, REQUIRED_BLOCKSIZE-1-m_L);
- cipher.ProcessBlock(cbcBuffer);
-
- if (headerLength>0)
- {
- assert(m_bufferedDataLength == 0);
-
- if (headerLength < ((1<<16) - (1<<8)))
- {
- PutWord<word16>(true, BIG_ENDIAN_ORDER, m_buffer, (word16)headerLength);
- m_bufferedDataLength = 2;
- }
- else if (headerLength < (W64LIT(1)<<32))
- {
- m_buffer[0] = 0xff;
- m_buffer[1] = 0xfe;
- PutWord<word32>(false, BIG_ENDIAN_ORDER, m_buffer+2, (word32)headerLength);
- m_bufferedDataLength = 6;
- }
- else
- {
- m_buffer[0] = 0xff;
- m_buffer[1] = 0xff;
- PutWord<word64>(false, BIG_ENDIAN_ORDER, m_buffer+2, headerLength);
- m_bufferedDataLength = 10;
- }
- }
-}
-
-size_t CCM_Base::AuthenticateBlocks(const byte *data, size_t len)
-{
- byte *cbcBuffer = CBC_Buffer();
- const BlockCipher &cipher = GetBlockCipher();
- return cipher.AdvancedProcessBlocks(cbcBuffer, data, cbcBuffer, len, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
-}
-
-void CCM_Base::AuthenticateLastHeaderBlock()
-{
- byte *cbcBuffer = CBC_Buffer();
- const BlockCipher &cipher = GetBlockCipher();
-
- if (m_aadLength != m_totalHeaderLength)
- throw InvalidArgument(AlgorithmName() + ": header length doesn't match that given in SpecifyDataLengths");
-
- if (m_bufferedDataLength > 0)
- {
- xorbuf(cbcBuffer, m_buffer, m_bufferedDataLength);
- cipher.ProcessBlock(cbcBuffer);
- m_bufferedDataLength = 0;
- }
-}
-
-void CCM_Base::AuthenticateLastConfidentialBlock()
-{
- byte *cbcBuffer = CBC_Buffer();
- const BlockCipher &cipher = GetBlockCipher();
-
- if (m_messageLength != m_totalMessageLength)
- throw InvalidArgument(AlgorithmName() + ": message length doesn't match that given in SpecifyDataLengths");
-
- if (m_bufferedDataLength > 0)
- {
- xorbuf(cbcBuffer, m_buffer, m_bufferedDataLength);
- cipher.ProcessBlock(cbcBuffer);
- m_bufferedDataLength = 0;
- }
-}
-
-void CCM_Base::AuthenticateLastFooterBlock(byte *mac, size_t macSize)
-{
- m_ctr.Seek(0);
- m_ctr.ProcessData(mac, CBC_Buffer(), macSize);
-}
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/ccm.h b/cryptopp562/ccm.h deleted file mode 100644 index 2f3c56b..0000000 --- a/cryptopp562/ccm.h +++ /dev/null @@ -1,101 +0,0 @@ -#ifndef CRYPTOPP_CCM_H
-#define CRYPTOPP_CCM_H
-
-#include "authenc.h"
-#include "modes.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-//! .
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CCM_Base : public AuthenticatedSymmetricCipherBase
-{
-public:
- CCM_Base()
- : m_digestSize(0), m_L(0) {}
-
- // AuthenticatedSymmetricCipher
- std::string AlgorithmName() const
- {return GetBlockCipher().AlgorithmName() + std::string("/CCM");}
- size_t MinKeyLength() const
- {return GetBlockCipher().MinKeyLength();}
- size_t MaxKeyLength() const
- {return GetBlockCipher().MaxKeyLength();}
- size_t DefaultKeyLength() const
- {return GetBlockCipher().DefaultKeyLength();}
- size_t GetValidKeyLength(size_t n) const
- {return GetBlockCipher().GetValidKeyLength(n);}
- bool IsValidKeyLength(size_t n) const
- {return GetBlockCipher().IsValidKeyLength(n);}
- unsigned int OptimalDataAlignment() const
- {return GetBlockCipher().OptimalDataAlignment();}
- IV_Requirement IVRequirement() const
- {return UNIQUE_IV;}
- unsigned int IVSize() const
- {return 8;}
- unsigned int MinIVLength() const
- {return 7;}
- unsigned int MaxIVLength() const
- {return 13;}
- unsigned int DigestSize() const
- {return m_digestSize;}
- lword MaxHeaderLength() const
- {return W64LIT(0)-1;}
- lword MaxMessageLength() const
- {return m_L<8 ? (W64LIT(1)<<(8*m_L))-1 : W64LIT(0)-1;}
- bool NeedsPrespecifiedDataLengths() const
- {return true;}
- void UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength);
-
-protected:
- // AuthenticatedSymmetricCipherBase
- bool AuthenticationIsOnPlaintext() const
- {return true;}
- unsigned int AuthenticationBlockSize() const
- {return GetBlockCipher().BlockSize();}
- void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms);
- void Resync(const byte *iv, size_t len);
- size_t AuthenticateBlocks(const byte *data, size_t len);
- void AuthenticateLastHeaderBlock();
- void AuthenticateLastConfidentialBlock();
- void AuthenticateLastFooterBlock(byte *mac, size_t macSize);
- SymmetricCipher & AccessSymmetricCipher() {return m_ctr;}
-
- virtual BlockCipher & AccessBlockCipher() =0;
- virtual int DefaultDigestSize() const =0;
-
- const BlockCipher & GetBlockCipher() const {return const_cast<CCM_Base *>(this)->AccessBlockCipher();};
- byte *CBC_Buffer() {return m_buffer+REQUIRED_BLOCKSIZE;}
-
- enum {REQUIRED_BLOCKSIZE = 16};
- int m_digestSize, m_L;
- word64 m_messageLength, m_aadLength;
- CTR_Mode_ExternalCipher::Encryption m_ctr;
-};
-
-//! .
-template <class T_BlockCipher, int T_DefaultDigestSize, bool T_IsEncryption>
-class CCM_Final : public CCM_Base
-{
-public:
- static std::string StaticAlgorithmName()
- {return T_BlockCipher::StaticAlgorithmName() + std::string("/CCM");}
- bool IsForwardTransformation() const
- {return T_IsEncryption;}
-
-private:
- BlockCipher & AccessBlockCipher() {return m_cipher;}
- int DefaultDigestSize() const {return T_DefaultDigestSize;}
- typename T_BlockCipher::Encryption m_cipher;
-};
-
-/// <a href="http://www.cryptolounge.org/wiki/CCM">CCM</a>
-template <class T_BlockCipher, int T_DefaultDigestSize = 16>
-struct CCM : public AuthenticatedSymmetricCipherDocumentation
-{
- typedef CCM_Final<T_BlockCipher, T_DefaultDigestSize, true> Encryption;
- typedef CCM_Final<T_BlockCipher, T_DefaultDigestSize, false> Decryption;
-};
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/channels.cpp b/cryptopp562/channels.cpp deleted file mode 100644 index 7359f54..0000000 --- a/cryptopp562/channels.cpp +++ /dev/null @@ -1,309 +0,0 @@ -// channels.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "channels.h" - -NAMESPACE_BEGIN(CryptoPP) -USING_NAMESPACE(std) - -#if 0 -void MessageSwitch::AddDefaultRoute(BufferedTransformation &destination, const std::string &channel) -{ - m_defaultRoutes.push_back(Route(&destination, channel)); -} - -void MessageSwitch::AddRoute(unsigned int begin, unsigned int end, BufferedTransformation &destination, const std::string &channel) -{ - RangeRoute route(begin, end, Route(&destination, channel)); - RouteList::iterator it = upper_bound(m_routes.begin(), m_routes.end(), route); - m_routes.insert(it, route); -} - -/* -class MessageRouteIterator -{ -public: - typedef MessageSwitch::RouteList::const_iterator RouteIterator; - typedef MessageSwitch::DefaultRouteList::const_iterator DefaultIterator; - - bool m_useDefault; - RouteIterator m_itRouteCurrent, m_itRouteEnd; - DefaultIterator m_itDefaultCurrent, m_itDefaultEnd; - - MessageRouteIterator(MessageSwitch &ms, const std::string &channel) - : m_channel(channel) - { - pair<MapIterator, MapIterator> range = cs.m_routeMap.equal_range(channel); - if (range.first == range.second) - { - m_useDefault = true; - m_itListCurrent = cs.m_defaultRoutes.begin(); - m_itListEnd = cs.m_defaultRoutes.end(); - } - else - { - m_useDefault = false; - m_itMapCurrent = range.first; - m_itMapEnd = range.second; - } - } - - bool End() const - { - return m_useDefault ? m_itListCurrent == m_itListEnd : m_itMapCurrent == m_itMapEnd; - } - - void Next() - { - if (m_useDefault) - ++m_itListCurrent; - else - ++m_itMapCurrent; - } - - BufferedTransformation & Destination() - { - return m_useDefault ? *m_itListCurrent->first : *m_itMapCurrent->second.first; - } - - const std::string & Message() - { - if (m_useDefault) - return m_itListCurrent->second.get() ? *m_itListCurrent->second.get() : m_channel; - else - return m_itMapCurrent->second.second; - } -}; - -void MessageSwitch::Put(byte inByte); -void MessageSwitch::Put(const byte *inString, unsigned int length); - -void MessageSwitch::Flush(bool completeFlush, int propagation=-1); -void MessageSwitch::MessageEnd(int propagation=-1); -void MessageSwitch::PutMessageEnd(const byte *inString, unsigned int length, int propagation=-1); -void MessageSwitch::MessageSeriesEnd(int propagation=-1); -*/ -#endif - - -// -// ChannelRouteIterator -////////////////////////// - -void ChannelRouteIterator::Reset(const std::string &channel) -{ - m_channel = channel; - pair<MapIterator, MapIterator> range = m_cs.m_routeMap.equal_range(channel); - if (range.first == range.second) - { - m_useDefault = true; - m_itListCurrent = m_cs.m_defaultRoutes.begin(); - m_itListEnd = m_cs.m_defaultRoutes.end(); - } - else - { - m_useDefault = false; - m_itMapCurrent = range.first; - m_itMapEnd = range.second; - } -} - -bool ChannelRouteIterator::End() const -{ - return m_useDefault ? m_itListCurrent == m_itListEnd : m_itMapCurrent == m_itMapEnd; -} - -void ChannelRouteIterator::Next() -{ - if (m_useDefault) - ++m_itListCurrent; - else - ++m_itMapCurrent; -} - -BufferedTransformation & ChannelRouteIterator::Destination() -{ - return m_useDefault ? *m_itListCurrent->first : *m_itMapCurrent->second.first; -} - -const std::string & ChannelRouteIterator::Channel() -{ - if (m_useDefault) - return m_itListCurrent->second.get() ? *m_itListCurrent->second.get() : m_channel; - else - return m_itMapCurrent->second.second; -} - - -// -// ChannelSwitch -/////////////////// - -size_t ChannelSwitch::ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (m_blocked) - { - m_blocked = false; - goto WasBlocked; - } - - m_it.Reset(channel); - - while (!m_it.End()) - { -WasBlocked: - if (m_it.Destination().ChannelPut2(m_it.Channel(), begin, length, messageEnd, blocking)) - { - m_blocked = true; - return 1; - } - - m_it.Next(); - } - - return 0; -} - -void ChannelSwitch::IsolatedInitialize(const NameValuePairs ¶meters/* =g_nullNameValuePairs */) -{ - m_routeMap.clear(); - m_defaultRoutes.clear(); - m_blocked = false; -} - -bool ChannelSwitch::ChannelFlush(const std::string &channel, bool completeFlush, int propagation, bool blocking) -{ - if (m_blocked) - { - m_blocked = false; - goto WasBlocked; - } - - m_it.Reset(channel); - - while (!m_it.End()) - { - WasBlocked: - if (m_it.Destination().ChannelFlush(m_it.Channel(), completeFlush, propagation, blocking)) - { - m_blocked = true; - return true; - } - - m_it.Next(); - } - - return false; -} - -bool ChannelSwitch::ChannelMessageSeriesEnd(const std::string &channel, int propagation, bool blocking) -{ - if (m_blocked) - { - m_blocked = false; - goto WasBlocked; - } - - m_it.Reset(channel); - - while (!m_it.End()) - { - WasBlocked: - if (m_it.Destination().ChannelMessageSeriesEnd(m_it.Channel(), propagation)) - { - m_blocked = true; - return true; - } - - m_it.Next(); - } - - return false; -} - -byte * ChannelSwitch::ChannelCreatePutSpace(const std::string &channel, size_t &size) -{ - m_it.Reset(channel); - if (!m_it.End()) - { - BufferedTransformation &target = m_it.Destination(); - const std::string &channel = m_it.Channel(); - m_it.Next(); - if (m_it.End()) // there is only one target channel - return target.ChannelCreatePutSpace(channel, size); - } - size = 0; - return NULL; -} - -size_t ChannelSwitch::ChannelPutModifiable2(const std::string &channel, byte *inString, size_t length, int messageEnd, bool blocking) -{ - ChannelRouteIterator it(*this); - it.Reset(channel); - - if (!it.End()) - { - BufferedTransformation &target = it.Destination(); - const std::string &targetChannel = it.Channel(); - it.Next(); - if (it.End()) // there is only one target channel - return target.ChannelPutModifiable2(targetChannel, inString, length, messageEnd, blocking); - } - - return ChannelPut2(channel, inString, length, messageEnd, blocking); -} - -void ChannelSwitch::AddDefaultRoute(BufferedTransformation &destination) -{ - m_defaultRoutes.push_back(DefaultRoute(&destination, value_ptr<std::string>(NULL))); -} - -void ChannelSwitch::RemoveDefaultRoute(BufferedTransformation &destination) -{ - for (DefaultRouteList::iterator it = m_defaultRoutes.begin(); it != m_defaultRoutes.end(); ++it) - if (it->first == &destination && !it->second.get()) - { - m_defaultRoutes.erase(it); - break; - } -} - -void ChannelSwitch::AddDefaultRoute(BufferedTransformation &destination, const std::string &outChannel) -{ - m_defaultRoutes.push_back(DefaultRoute(&destination, outChannel)); -} - -void ChannelSwitch::RemoveDefaultRoute(BufferedTransformation &destination, const std::string &outChannel) -{ - for (DefaultRouteList::iterator it = m_defaultRoutes.begin(); it != m_defaultRoutes.end(); ++it) - if (it->first == &destination && (it->second.get() && *it->second == outChannel)) - { - m_defaultRoutes.erase(it); - break; - } -} - -void ChannelSwitch::AddRoute(const std::string &inChannel, BufferedTransformation &destination, const std::string &outChannel) -{ - m_routeMap.insert(RouteMap::value_type(inChannel, Route(&destination, outChannel))); -} - -void ChannelSwitch::RemoveRoute(const std::string &inChannel, BufferedTransformation &destination, const std::string &outChannel) -{ - typedef ChannelSwitch::RouteMap::iterator MapIterator; - pair<MapIterator, MapIterator> range = m_routeMap.equal_range(inChannel); - - for (MapIterator it = range.first; it != range.second; ++it) - if (it->second.first == &destination && it->second.second == outChannel) - { - m_routeMap.erase(it); - break; - } -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/channels.h b/cryptopp562/channels.h deleted file mode 100644 index 8374156..0000000 --- a/cryptopp562/channels.h +++ /dev/null @@ -1,123 +0,0 @@ -#ifndef CRYPTOPP_CHANNELS_H -#define CRYPTOPP_CHANNELS_H - -#include "simple.h" -#include "smartptr.h" -#include <map> -#include <list> - -NAMESPACE_BEGIN(CryptoPP) - -#if 0 -//! Route input on default channel to different and/or multiple channels based on message sequence number -class MessageSwitch : public Sink -{ -public: - void AddDefaultRoute(BufferedTransformation &destination, const std::string &channel); - void AddRoute(unsigned int begin, unsigned int end, BufferedTransformation &destination, const std::string &channel); - - void Put(byte inByte); - void Put(const byte *inString, unsigned int length); - - void Flush(bool completeFlush, int propagation=-1); - void MessageEnd(int propagation=-1); - void PutMessageEnd(const byte *inString, unsigned int length, int propagation=-1); - void MessageSeriesEnd(int propagation=-1); - -private: - typedef std::pair<BufferedTransformation *, std::string> Route; - struct RangeRoute - { - RangeRoute(unsigned int begin, unsigned int end, const Route &route) - : begin(begin), end(end), route(route) {} - bool operator<(const RangeRoute &rhs) const {return begin < rhs.begin;} - unsigned int begin, end; - Route route; - }; - - typedef std::list<RangeRoute> RouteList; - typedef std::list<Route> DefaultRouteList; - - RouteList m_routes; - DefaultRouteList m_defaultRoutes; - unsigned int m_nCurrentMessage; -}; -#endif - -class ChannelSwitchTypedefs -{ -public: - typedef std::pair<BufferedTransformation *, std::string> Route; - typedef std::multimap<std::string, Route> RouteMap; - - typedef std::pair<BufferedTransformation *, value_ptr<std::string> > DefaultRoute; - typedef std::list<DefaultRoute> DefaultRouteList; - - // SunCC workaround: can't use const_iterator here - typedef RouteMap::iterator MapIterator; - typedef DefaultRouteList::iterator ListIterator; -}; - -class ChannelSwitch; - -class ChannelRouteIterator : public ChannelSwitchTypedefs -{ -public: - ChannelSwitch& m_cs; - std::string m_channel; - bool m_useDefault; - MapIterator m_itMapCurrent, m_itMapEnd; - ListIterator m_itListCurrent, m_itListEnd; - - ChannelRouteIterator(ChannelSwitch &cs) : m_cs(cs) {} - void Reset(const std::string &channel); - bool End() const; - void Next(); - BufferedTransformation & Destination(); - const std::string & Channel(); -}; - -//! Route input to different and/or multiple channels based on channel ID -class CRYPTOPP_DLL ChannelSwitch : public Multichannel<Sink>, public ChannelSwitchTypedefs -{ -public: - ChannelSwitch() : m_it(*this), m_blocked(false) {} - ChannelSwitch(BufferedTransformation &destination) : m_it(*this), m_blocked(false) - { - AddDefaultRoute(destination); - } - ChannelSwitch(BufferedTransformation &destination, const std::string &outChannel) : m_it(*this), m_blocked(false) - { - AddDefaultRoute(destination, outChannel); - } - - void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); - - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); - size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking); - - bool ChannelFlush(const std::string &channel, bool completeFlush, int propagation=-1, bool blocking=true); - bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true); - - byte * ChannelCreatePutSpace(const std::string &channel, size_t &size); - - void AddDefaultRoute(BufferedTransformation &destination); - void RemoveDefaultRoute(BufferedTransformation &destination); - void AddDefaultRoute(BufferedTransformation &destination, const std::string &outChannel); - void RemoveDefaultRoute(BufferedTransformation &destination, const std::string &outChannel); - void AddRoute(const std::string &inChannel, BufferedTransformation &destination, const std::string &outChannel); - void RemoveRoute(const std::string &inChannel, BufferedTransformation &destination, const std::string &outChannel); - -private: - RouteMap m_routeMap; - DefaultRouteList m_defaultRoutes; - - ChannelRouteIterator m_it; - bool m_blocked; - - friend class ChannelRouteIterator; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cmac.cpp b/cryptopp562/cmac.cpp deleted file mode 100644 index e8fa6fe..0000000 --- a/cryptopp562/cmac.cpp +++ /dev/null @@ -1,122 +0,0 @@ -// cmac.cpp - written and placed in the public domain by Wei Dai
-
-#include "pch.h"
-
-#ifndef CRYPTOPP_IMPORTS
-
-#include "cmac.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-static void MulU(byte *k, unsigned int length)
-{
- byte carry = 0;
-
- for (int i=length-1; i>=1; i-=2)
- {
- byte carry2 = k[i] >> 7;
- k[i] += k[i] + carry;
- carry = k[i-1] >> 7;
- k[i-1] += k[i-1] + carry2;
- }
-
- if (carry)
- {
- switch (length)
- {
- case 8:
- k[7] ^= 0x1b;
- break;
- case 16:
- k[15] ^= 0x87;
- break;
- case 32:
- k[30] ^= 4;
- k[31] ^= 0x23;
- break;
- default:
- throw InvalidArgument("CMAC: " + IntToString(length) + " is not a supported cipher block size");
- }
- }
-}
-
-void CMAC_Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms)
-{
- BlockCipher &cipher = AccessCipher();
- unsigned int blockSize = cipher.BlockSize();
-
- cipher.SetKey(key, length, params);
- m_reg.CleanNew(3*blockSize);
- m_counter = 0;
-
- cipher.ProcessBlock(m_reg, m_reg+blockSize);
- MulU(m_reg+blockSize, blockSize);
- memcpy(m_reg+2*blockSize, m_reg+blockSize, blockSize);
- MulU(m_reg+2*blockSize, blockSize);
-}
-
-void CMAC_Base::Update(const byte *input, size_t length)
-{
- if (!length)
- return;
-
- BlockCipher &cipher = AccessCipher();
- unsigned int blockSize = cipher.BlockSize();
-
- if (m_counter > 0)
- {
- unsigned int len = UnsignedMin(blockSize - m_counter, length);
- xorbuf(m_reg+m_counter, input, len);
- length -= len;
- input += len;
- m_counter += len;
-
- if (m_counter == blockSize && length > 0)
- {
- cipher.ProcessBlock(m_reg);
- m_counter = 0;
- }
- }
-
- if (length > blockSize)
- {
- assert(m_counter == 0);
- size_t leftOver = 1 + cipher.AdvancedProcessBlocks(m_reg, input, m_reg, length-1, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
- input += (length - leftOver);
- length = leftOver;
- }
-
- if (length > 0)
- {
- assert(m_counter + length <= blockSize);
- xorbuf(m_reg+m_counter, input, length);
- m_counter += (unsigned int)length;
- }
-
- assert(m_counter > 0);
-}
-
-void CMAC_Base::TruncatedFinal(byte *mac, size_t size)
-{
- ThrowIfInvalidTruncatedSize(size);
-
- BlockCipher &cipher = AccessCipher();
- unsigned int blockSize = cipher.BlockSize();
-
- if (m_counter < blockSize)
- {
- m_reg[m_counter] ^= 0x80;
- cipher.AdvancedProcessBlocks(m_reg, m_reg+2*blockSize, m_reg, blockSize, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
- }
- else
- cipher.AdvancedProcessBlocks(m_reg, m_reg+blockSize, m_reg, blockSize, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
-
- memcpy(mac, m_reg, size);
-
- m_counter = 0;
- memset(m_reg, 0, blockSize);
-}
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/cmac.h b/cryptopp562/cmac.h deleted file mode 100644 index ab3ecf8..0000000 --- a/cryptopp562/cmac.h +++ /dev/null @@ -1,52 +0,0 @@ -#ifndef CRYPTOPP_CMAC_H
-#define CRYPTOPP_CMAC_H
-
-#include "seckey.h"
-#include "secblock.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-//! _
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CMAC_Base : public MessageAuthenticationCode
-{
-public:
- CMAC_Base() {}
-
- void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms);
- void Update(const byte *input, size_t length);
- void TruncatedFinal(byte *mac, size_t size);
- unsigned int DigestSize() const {return GetCipher().BlockSize();}
- unsigned int OptimalBlockSize() const {return GetCipher().BlockSize();}
- unsigned int OptimalDataAlignment() const {return GetCipher().OptimalDataAlignment();}
-
-protected:
- friend class EAX_Base;
-
- const BlockCipher & GetCipher() const {return const_cast<CMAC_Base*>(this)->AccessCipher();}
- virtual BlockCipher & AccessCipher() =0;
-
- void ProcessBuf();
- SecByteBlock m_reg;
- unsigned int m_counter;
-};
-
-/// <a href="http://www.cryptolounge.org/wiki/CMAC">CMAC</a>
-/*! Template parameter T should be a class derived from BlockCipherDocumentation, for example AES, with a block size of 8, 16, or 32 */
-template <class T>
-class CMAC : public MessageAuthenticationCodeImpl<CMAC_Base, CMAC<T> >, public SameKeyLengthAs<T>
-{
-public:
- CMAC() {}
- CMAC(const byte *key, size_t length=SameKeyLengthAs<T>::DEFAULT_KEYLENGTH)
- {this->SetKey(key, length);}
-
- static std::string StaticAlgorithmName() {return std::string("CMAC(") + T::StaticAlgorithmName() + ")";}
-
-private:
- BlockCipher & AccessCipher() {return m_cipher;}
- typename T::Encryption m_cipher;
-};
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/config.h b/cryptopp562/config.h deleted file mode 100644 index 4554a1c..0000000 --- a/cryptopp562/config.h +++ /dev/null @@ -1,457 +0,0 @@ -#ifndef CRYPTOPP_CONFIG_H -#define CRYPTOPP_CONFIG_H - -// ***************** Important Settings ******************** - -// define this if running on a big-endian CPU -#if !defined(IS_LITTLE_ENDIAN) && (defined(__BIG_ENDIAN__) || defined(__sparc) || defined(__sparc__) || defined(__hppa__) || defined(__MIPSEB__) || defined(__ARMEB__) || (defined(__MWERKS__) && !defined(__INTEL__))) -# define IS_BIG_ENDIAN -#endif - -// define this if running on a little-endian CPU -// big endian will be assumed if IS_LITTLE_ENDIAN is not defined -#ifndef IS_BIG_ENDIAN -# define IS_LITTLE_ENDIAN -#endif - -// define this if you want to disable all OS-dependent features, -// such as sockets and OS-provided random number generators -// #define NO_OS_DEPENDENCE - -// Define this to use features provided by Microsoft's CryptoAPI. -// Currently the only feature used is random number generation. -// This macro will be ignored if NO_OS_DEPENDENCE is defined. -#define USE_MS_CRYPTOAPI - -// ***************** Less Important Settings *************** - -// define this to retain (as much as possible) old deprecated function and class names -// #define CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - -#define GZIP_OS_CODE 0 - -// Try this if your CPU has 256K internal cache or a slow multiply instruction -// and you want a (possibly) faster IDEA implementation using log tables -// #define IDEA_LARGECACHE - -// Define this if, for the linear congruential RNG, you want to use -// the original constants as specified in S.K. Park and K.W. Miller's -// CACM paper. -// #define LCRNG_ORIGINAL_NUMBERS - -// choose which style of sockets to wrap (mostly useful for cygwin which has both) -#define PREFER_BERKELEY_STYLE_SOCKETS -// #define PREFER_WINDOWS_STYLE_SOCKETS - -// set the name of Rijndael cipher, was "Rijndael" before version 5.3 -#define CRYPTOPP_RIJNDAEL_NAME "AES" - -// ***************** Important Settings Again ******************** -// But the defaults should be ok. - -// namespace support is now required -#ifdef NO_NAMESPACE -# error namespace support is now required -#endif - -// Define this to workaround a Microsoft CryptoAPI bug where -// each call to CryptAcquireContext causes a 100 KB memory leak. -// Defining this will cause Crypto++ to make only one call to CryptAcquireContext. -#define WORKAROUND_MS_BUG_Q258000 - -#ifdef CRYPTOPP_DOXYGEN_PROCESSING -// Avoid putting "CryptoPP::" in front of everything in Doxygen output -# define CryptoPP -# define NAMESPACE_BEGIN(x) -# define NAMESPACE_END -// Get Doxygen to generate better documentation for these typedefs -# define DOCUMENTED_TYPEDEF(x, y) class y : public x {}; -#else -# define NAMESPACE_BEGIN(x) namespace x { -# define NAMESPACE_END } -# define DOCUMENTED_TYPEDEF(x, y) typedef x y; -#endif -#define ANONYMOUS_NAMESPACE_BEGIN namespace { -#define USING_NAMESPACE(x) using namespace x; -#define DOCUMENTED_NAMESPACE_BEGIN(x) namespace x { -#define DOCUMENTED_NAMESPACE_END } - -// What is the type of the third parameter to bind? -// For Unix, the new standard is ::socklen_t (typically unsigned int), and the old standard is int. -// Unfortunately there is no way to tell whether or not socklen_t is defined. -// To work around this, TYPE_OF_SOCKLEN_T is a macro so that you can change it from the makefile. -#ifndef TYPE_OF_SOCKLEN_T -# if defined(_WIN32) || defined(__CYGWIN__) -# define TYPE_OF_SOCKLEN_T int -# else -# define TYPE_OF_SOCKLEN_T ::socklen_t -# endif -#endif - -#if defined(__CYGWIN__) && defined(PREFER_WINDOWS_STYLE_SOCKETS) -# define __USE_W32_SOCKETS -#endif - -typedef unsigned char byte; // put in global namespace to avoid ambiguity with other byte typedefs - -NAMESPACE_BEGIN(CryptoPP) - -typedef unsigned short word16; -typedef unsigned int word32; - -#if defined(_MSC_VER) || defined(__BORLANDC__) - typedef unsigned __int64 word64; - #define W64LIT(x) x##ui64 -#else - typedef unsigned long long word64; - #define W64LIT(x) x##ULL -#endif - -// define large word type, used for file offsets and such -typedef word64 lword; -const lword LWORD_MAX = W64LIT(0xffffffffffffffff); - -#ifdef __GNUC__ - #define CRYPTOPP_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) -#endif - -// define hword, word, and dword. these are used for multiprecision integer arithmetic -// Intel compiler won't have _umul128 until version 10.0. See http://softwarecommunity.intel.com/isn/Community/en-US/forums/thread/30231625.aspx -#if (defined(_MSC_VER) && (!defined(__INTEL_COMPILER) || __INTEL_COMPILER >= 1000) && (defined(_M_X64) || defined(_M_IA64))) || (defined(__DECCXX) && defined(__alpha__)) || (defined(__INTEL_COMPILER) && defined(__x86_64__)) || (defined(__SUNPRO_CC) && defined(__x86_64__)) - typedef word32 hword; - typedef word64 word; -#else - #define CRYPTOPP_NATIVE_DWORD_AVAILABLE - #if defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || defined(__x86_64__) || defined(__mips64) || defined(__sparc64__) - #if defined(__GNUC__) && !defined(__INTEL_COMPILER) && !(CRYPTOPP_GCC_VERSION == 40001 && defined(__APPLE__)) && CRYPTOPP_GCC_VERSION >= 30400 - // GCC 4.0.1 on MacOS X is missing __umodti3 and __udivti3 - // mode(TI) division broken on amd64 with GCC earlier than GCC 3.4 - typedef word32 hword; - typedef word64 word; - typedef __uint128_t dword; - typedef __uint128_t word128; - #define CRYPTOPP_WORD128_AVAILABLE - #else - // if we're here, it means we're on a 64-bit CPU but we don't have a way to obtain 128-bit multiplication results - typedef word16 hword; - typedef word32 word; - typedef word64 dword; - #endif - #else - // being here means the native register size is probably 32 bits or less - #define CRYPTOPP_BOOL_SLOW_WORD64 1 - typedef word16 hword; - typedef word32 word; - typedef word64 dword; - #endif -#endif -#ifndef CRYPTOPP_BOOL_SLOW_WORD64 - #define CRYPTOPP_BOOL_SLOW_WORD64 0 -#endif - -const unsigned int WORD_SIZE = sizeof(word); -const unsigned int WORD_BITS = WORD_SIZE * 8; - -NAMESPACE_END - -#ifndef CRYPTOPP_L1_CACHE_LINE_SIZE - // This should be a lower bound on the L1 cache line size. It's used for defense against timing attacks. - #if defined(_M_X64) || defined(__x86_64__) - #define CRYPTOPP_L1_CACHE_LINE_SIZE 64 - #else - // L1 cache line size is 32 on Pentium III and earlier - #define CRYPTOPP_L1_CACHE_LINE_SIZE 32 - #endif -#endif - -#if defined(_MSC_VER) - #if _MSC_VER == 1200 - #include <malloc.h> - #endif - #if _MSC_VER > 1200 || defined(_mm_free) - #define CRYPTOPP_MSVC6PP_OR_LATER // VC 6 processor pack or later - #else - #define CRYPTOPP_MSVC6_NO_PP // VC 6 without processor pack - #endif -#endif - -#ifndef CRYPTOPP_ALIGN_DATA - #if defined(CRYPTOPP_MSVC6PP_OR_LATER) - #define CRYPTOPP_ALIGN_DATA(x) __declspec(align(x)) - #elif defined(__GNUC__) - #define CRYPTOPP_ALIGN_DATA(x) __attribute__((aligned(x))) - #else - #define CRYPTOPP_ALIGN_DATA(x) - #endif -#endif - -#ifndef CRYPTOPP_SECTION_ALIGN16 - #if defined(__GNUC__) && !defined(__APPLE__) - // the alignment attribute doesn't seem to work without this section attribute when -fdata-sections is turned on - #define CRYPTOPP_SECTION_ALIGN16 __attribute__((section ("CryptoPP_Align16"))) - #else - #define CRYPTOPP_SECTION_ALIGN16 - #endif -#endif - -#if defined(_MSC_VER) || defined(__fastcall) - #define CRYPTOPP_FASTCALL __fastcall -#else - #define CRYPTOPP_FASTCALL -#endif - -// VC60 workaround: it doesn't allow typename in some places -#if defined(_MSC_VER) && (_MSC_VER < 1300) -#define CPP_TYPENAME -#else -#define CPP_TYPENAME typename -#endif - -// VC60 workaround: can't cast unsigned __int64 to float or double -#if defined(_MSC_VER) && !defined(CRYPTOPP_MSVC6PP_OR_LATER) -#define CRYPTOPP_VC6_INT64 (__int64) -#else -#define CRYPTOPP_VC6_INT64 -#endif - -#ifdef _MSC_VER -#define CRYPTOPP_NO_VTABLE __declspec(novtable) -#else -#define CRYPTOPP_NO_VTABLE -#endif - -#ifdef _MSC_VER - // 4231: nonstandard extension used : 'extern' before template explicit instantiation - // 4250: dominance - // 4251: member needs to have dll-interface - // 4275: base needs to have dll-interface - // 4660: explicitly instantiating a class that's already implicitly instantiated - // 4661: no suitable definition provided for explicit template instantiation request - // 4786: identifer was truncated in debug information - // 4355: 'this' : used in base member initializer list - // 4910: '__declspec(dllexport)' and 'extern' are incompatible on an explicit instantiation -# pragma warning(disable: 4231 4250 4251 4275 4660 4661 4786 4355 4910) -#endif - -#ifdef __BORLANDC__ -// 8037: non-const function called for const object. needed to work around BCB2006 bug -# pragma warn -8037 -#endif - -#if (defined(_MSC_VER) && _MSC_VER <= 1300) || defined(__MWERKS__) || defined(_STLPORT_VERSION) -#define CRYPTOPP_DISABLE_UNCAUGHT_EXCEPTION -#endif - -#ifndef CRYPTOPP_DISABLE_UNCAUGHT_EXCEPTION -#define CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE -#endif - -#ifdef CRYPTOPP_DISABLE_X86ASM // for backwards compatibility: this macro had both meanings -#define CRYPTOPP_DISABLE_ASM -#define CRYPTOPP_DISABLE_SSE2 -#endif - -#if !defined(CRYPTOPP_DISABLE_ASM) && ((defined(_MSC_VER) && defined(_M_IX86)) || (defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)))) - // C++Builder 2010 does not allow "call label" where label is defined within inline assembly - #define CRYPTOPP_X86_ASM_AVAILABLE - - #if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || CRYPTOPP_GCC_VERSION >= 30300) - #define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 1 - #else - #define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 0 - #endif - - // SSSE3 was actually introduced in GNU as 2.17, which was released 6/23/2006, but we can't tell what version of binutils is installed. - // GCC 4.1.2 was released on 2/13/2007, so we'll use that as a proxy for the binutils version. - #if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1400 || CRYPTOPP_GCC_VERSION >= 40102) - #define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 1 - #else - #define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 0 - #endif -#endif - -#if !defined(CRYPTOPP_DISABLE_ASM) && defined(_MSC_VER) && defined(_M_X64) - #define CRYPTOPP_X64_MASM_AVAILABLE -#endif - -#if !defined(CRYPTOPP_DISABLE_ASM) && defined(__GNUC__) && defined(__x86_64__) - #define CRYPTOPP_X64_ASM_AVAILABLE -#endif - -#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__)) - #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 1 -#else - #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 0 -#endif - -#if !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(CRYPTOPP_DISABLE_AESNI) && CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && (CRYPTOPP_GCC_VERSION >= 40400 || _MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110) - #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1 -#else - #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 0 -#endif - -#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - #define CRYPTOPP_BOOL_ALIGN16_ENABLED 1 -#else - #define CRYPTOPP_BOOL_ALIGN16_ENABLED 0 -#endif - -// how to allocate 16-byte aligned memory (for SSE2) -#if defined(CRYPTOPP_MSVC6PP_OR_LATER) - #define CRYPTOPP_MM_MALLOC_AVAILABLE -#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) - #define CRYPTOPP_MALLOC_ALIGNMENT_IS_16 -#elif defined(__linux__) || defined(__sun__) || defined(__CYGWIN__) - #define CRYPTOPP_MEMALIGN_AVAILABLE -#else - #define CRYPTOPP_NO_ALIGNED_ALLOC -#endif - -// how to disable inlining -#if defined(_MSC_VER) && _MSC_VER >= 1300 -# define CRYPTOPP_NOINLINE_DOTDOTDOT -# define CRYPTOPP_NOINLINE __declspec(noinline) -#elif defined(__GNUC__) -# define CRYPTOPP_NOINLINE_DOTDOTDOT -# define CRYPTOPP_NOINLINE __attribute__((noinline)) -#else -# define CRYPTOPP_NOINLINE_DOTDOTDOT ... -# define CRYPTOPP_NOINLINE -#endif - -// how to declare class constants -#if (defined(_MSC_VER) && _MSC_VER <= 1300) || defined(__INTEL_COMPILER) -# define CRYPTOPP_CONSTANT(x) enum {x}; -#else -# define CRYPTOPP_CONSTANT(x) static const int x; -#endif - -#if defined(_M_X64) || defined(__x86_64__) - #define CRYPTOPP_BOOL_X64 1 -#else - #define CRYPTOPP_BOOL_X64 0 -#endif - -// see http://predef.sourceforge.net/prearch.html -#if defined(_M_IX86) || defined(__i386__) || defined(__i386) || defined(_X86_) || defined(__I86__) || defined(__INTEL__) - #define CRYPTOPP_BOOL_X86 1 -#else - #define CRYPTOPP_BOOL_X86 0 -#endif - -#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || defined(__powerpc__) - #define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS -#endif - -#define CRYPTOPP_VERSION 562 - -// ***************** determine availability of OS features ******************** - -#ifndef NO_OS_DEPENDENCE - -#if defined(_WIN32) || defined(__CYGWIN__) -#define CRYPTOPP_WIN32_AVAILABLE -#endif - -#if defined(__unix__) || defined(__MACH__) || defined(__NetBSD__) || defined(__sun) -#define CRYPTOPP_UNIX_AVAILABLE -#endif - -#if defined(CRYPTOPP_WIN32_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE) -# define HIGHRES_TIMER_AVAILABLE -#endif - -#ifdef CRYPTOPP_UNIX_AVAILABLE -# define HAS_BERKELEY_STYLE_SOCKETS -#endif - -#ifdef CRYPTOPP_WIN32_AVAILABLE -# define HAS_WINDOWS_STYLE_SOCKETS -#endif - -#if defined(HIGHRES_TIMER_AVAILABLE) && (defined(HAS_BERKELEY_STYLE_SOCKETS) || defined(HAS_WINDOWS_STYLE_SOCKETS)) -# define SOCKETS_AVAILABLE -#endif - -#if defined(HAS_WINDOWS_STYLE_SOCKETS) && (!defined(HAS_BERKELEY_STYLE_SOCKETS) || defined(PREFER_WINDOWS_STYLE_SOCKETS)) -# define USE_WINDOWS_STYLE_SOCKETS -#else -# define USE_BERKELEY_STYLE_SOCKETS -#endif - -#if defined(HIGHRES_TIMER_AVAILABLE) && defined(CRYPTOPP_WIN32_AVAILABLE) && !defined(USE_BERKELEY_STYLE_SOCKETS) -# define WINDOWS_PIPES_AVAILABLE -#endif - -#if defined(CRYPTOPP_WIN32_AVAILABLE) && defined(USE_MS_CRYPTOAPI) -# define NONBLOCKING_RNG_AVAILABLE -# define OS_RNG_AVAILABLE -#endif - -#if defined(CRYPTOPP_UNIX_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) -# define NONBLOCKING_RNG_AVAILABLE -# define BLOCKING_RNG_AVAILABLE -# define OS_RNG_AVAILABLE -# define HAS_PTHREADS -# define THREADS_AVAILABLE -#endif - -#ifdef CRYPTOPP_WIN32_AVAILABLE -# define HAS_WINTHREADS -# define THREADS_AVAILABLE -#endif - -#endif // NO_OS_DEPENDENCE - -// ***************** DLL related ******************** - -#if defined(CRYPTOPP_WIN32_AVAILABLE) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) - -#ifdef CRYPTOPP_EXPORTS -#define CRYPTOPP_IS_DLL -#define CRYPTOPP_DLL __declspec(dllexport) -#elif defined(CRYPTOPP_IMPORTS) -#define CRYPTOPP_IS_DLL -#define CRYPTOPP_DLL __declspec(dllimport) -#else -#define CRYPTOPP_DLL -#endif - -#define CRYPTOPP_API __cdecl - -#else // CRYPTOPP_WIN32_AVAILABLE - -#define CRYPTOPP_DLL -#define CRYPTOPP_API - -#endif // CRYPTOPP_WIN32_AVAILABLE - -#if defined(__MWERKS__) -#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS extern class CRYPTOPP_DLL -#elif defined(__BORLANDC__) || defined(__SUNPRO_CC) -#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS template class CRYPTOPP_DLL -#else -#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS extern template class CRYPTOPP_DLL -#endif - -#if defined(CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES) && !defined(CRYPTOPP_IMPORTS) -#define CRYPTOPP_DLL_TEMPLATE_CLASS template class CRYPTOPP_DLL -#else -#define CRYPTOPP_DLL_TEMPLATE_CLASS CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS -#endif - -#if defined(__MWERKS__) -#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS extern class -#elif defined(__BORLANDC__) || defined(__SUNPRO_CC) -#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS template class -#else -#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS extern template class -#endif - -#if defined(CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES) && !defined(CRYPTOPP_EXPORTS) -#define CRYPTOPP_STATIC_TEMPLATE_CLASS template class -#else -#define CRYPTOPP_STATIC_TEMPLATE_CLASS CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS -#endif - -#endif diff --git a/cryptopp562/cpu.cpp b/cryptopp562/cpu.cpp deleted file mode 100644 index 3610a7c..0000000 --- a/cryptopp562/cpu.cpp +++ /dev/null @@ -1,199 +0,0 @@ -// cpu.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "cpu.h" -#include "misc.h" -#include <algorithm> - -#ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY -#include <signal.h> -#include <setjmp.h> -#endif - -#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE -#include <emmintrin.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef CRYPTOPP_CPUID_AVAILABLE - -#if _MSC_VER >= 1400 && CRYPTOPP_BOOL_X64 - -bool CpuId(word32 input, word32 *output) -{ - __cpuid((int *)output, input); - return true; -} - -#else - -#ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY -extern "C" { -typedef void (*SigHandler)(int); - -static jmp_buf s_jmpNoCPUID; -static void SigIllHandlerCPUID(int) -{ - longjmp(s_jmpNoCPUID, 1); -} - -static jmp_buf s_jmpNoSSE2; -static void SigIllHandlerSSE2(int) -{ - longjmp(s_jmpNoSSE2, 1); -} -} -#endif - -bool CpuId(word32 input, word32 *output) -{ -#ifdef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY - __try - { - __asm - { - mov eax, input - cpuid - mov edi, output - mov [edi], eax - mov [edi+4], ebx - mov [edi+8], ecx - mov [edi+12], edx - } - } - __except (1) - { - return false; - } - return true; -#else - SigHandler oldHandler = signal(SIGILL, SigIllHandlerCPUID); - if (oldHandler == SIG_ERR) - return false; - - bool result = true; - if (setjmp(s_jmpNoCPUID)) - result = false; - else - { - asm - ( - // save ebx in case -fPIC is being used -#if CRYPTOPP_BOOL_X86 - "push %%ebx; cpuid; mov %%ebx, %%edi; pop %%ebx" -#else - "pushq %%rbx; cpuid; mov %%ebx, %%edi; popq %%rbx" -#endif - : "=a" (output[0]), "=D" (output[1]), "=c" (output[2]), "=d" (output[3]) - : "a" (input) - ); - } - - signal(SIGILL, oldHandler); - return result; -#endif -} - -#endif - -static bool TrySSE2() -{ -#if CRYPTOPP_BOOL_X64 - return true; -#elif defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY) - __try - { -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - AS2(por xmm0, xmm0) // executing SSE2 instruction -#elif CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE - __m128i x = _mm_setzero_si128(); - return _mm_cvtsi128_si32(x) == 0; -#endif - } - __except (1) - { - return false; - } - return true; -#else - SigHandler oldHandler = signal(SIGILL, SigIllHandlerSSE2); - if (oldHandler == SIG_ERR) - return false; - - bool result = true; - if (setjmp(s_jmpNoSSE2)) - result = false; - else - { -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - __asm __volatile ("por %xmm0, %xmm0"); -#elif CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE - __m128i x = _mm_setzero_si128(); - result = _mm_cvtsi128_si32(x) == 0; -#endif - } - - signal(SIGILL, oldHandler); - return result; -#endif -} - -bool g_x86DetectionDone = false; -bool g_hasISSE = false, g_hasSSE2 = false, g_hasSSSE3 = false, g_hasMMX = false, g_hasAESNI = false, g_hasCLMUL = false, g_isP4 = false; -word32 g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE; - -void DetectX86Features() -{ - word32 cpuid[4], cpuid1[4]; - if (!CpuId(0, cpuid)) - return; - if (!CpuId(1, cpuid1)) - return; - - g_hasMMX = (cpuid1[3] & (1 << 23)) != 0; - if ((cpuid1[3] & (1 << 26)) != 0) - g_hasSSE2 = TrySSE2(); - g_hasSSSE3 = g_hasSSE2 && (cpuid1[2] & (1<<9)); - g_hasAESNI = g_hasSSE2 && (cpuid1[2] & (1<<25)); - g_hasCLMUL = g_hasSSE2 && (cpuid1[2] & (1<<1)); - - if ((cpuid1[3] & (1 << 25)) != 0) - g_hasISSE = true; - else - { - word32 cpuid2[4]; - CpuId(0x080000000, cpuid2); - if (cpuid2[0] >= 0x080000001) - { - CpuId(0x080000001, cpuid2); - g_hasISSE = (cpuid2[3] & (1 << 22)) != 0; - } - } - - std::swap(cpuid[2], cpuid[3]); - if (memcmp(cpuid+1, "GenuineIntel", 12) == 0) - { - g_isP4 = ((cpuid1[0] >> 8) & 0xf) == 0xf; - g_cacheLineSize = 8 * GETBYTE(cpuid1[1], 1); - } - else if (memcmp(cpuid+1, "AuthenticAMD", 12) == 0) - { - CpuId(0x80000005, cpuid); - g_cacheLineSize = GETBYTE(cpuid[2], 0); - } - - if (!g_cacheLineSize) - g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE; - - g_x86DetectionDone = true; -} - -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cpu.h b/cryptopp562/cpu.h deleted file mode 100644 index 65029d3..0000000 --- a/cryptopp562/cpu.h +++ /dev/null @@ -1,345 +0,0 @@ -#ifndef CRYPTOPP_CPU_H -#define CRYPTOPP_CPU_H - -#ifdef CRYPTOPP_GENERATE_X64_MASM - -#define CRYPTOPP_X86_ASM_AVAILABLE -#define CRYPTOPP_BOOL_X64 1 -#define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 1 -#define NAMESPACE_END - -#else - -#include "config.h" - -#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE -#include <emmintrin.h> -#endif - -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE -#if !defined(__GNUC__) || defined(__SSSE3__) || defined(__INTEL_COMPILER) -#include <tmmintrin.h> -#else -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_shuffle_epi8 (__m128i a, __m128i b) -{ - asm ("pshufb %1, %0" : "+x"(a) : "xm"(b)); - return a; -} -#endif -#if !defined(__GNUC__) || defined(__SSE4_1__) || defined(__INTEL_COMPILER) -#include <smmintrin.h> -#else -__inline int __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_extract_epi32 (__m128i a, const int i) -{ - int r; - asm ("pextrd %2, %1, %0" : "=rm"(r) : "x"(a), "i"(i)); - return r; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_insert_epi32 (__m128i a, int b, const int i) -{ - asm ("pinsrd %2, %1, %0" : "+x"(a) : "rm"(b), "i"(i)); - return a; -} -#endif -#if !defined(__GNUC__) || (defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER) -#include <wmmintrin.h> -#else -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_clmulepi64_si128 (__m128i a, __m128i b, const int i) -{ - asm ("pclmulqdq %2, %1, %0" : "+x"(a) : "xm"(b), "i"(i)); - return a; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_aeskeygenassist_si128 (__m128i a, const int i) -{ - __m128i r; - asm ("aeskeygenassist %2, %1, %0" : "=x"(r) : "xm"(a), "i"(i)); - return r; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_aesimc_si128 (__m128i a) -{ - __m128i r; - asm ("aesimc %1, %0" : "=x"(r) : "xm"(a)); - return r; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_aesenc_si128 (__m128i a, __m128i b) -{ - asm ("aesenc %1, %0" : "+x"(a) : "xm"(b)); - return a; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_aesenclast_si128 (__m128i a, __m128i b) -{ - asm ("aesenclast %1, %0" : "+x"(a) : "xm"(b)); - return a; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_aesdec_si128 (__m128i a, __m128i b) -{ - asm ("aesdec %1, %0" : "+x"(a) : "xm"(b)); - return a; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_aesdeclast_si128 (__m128i a, __m128i b) -{ - asm ("aesdeclast %1, %0" : "+x"(a) : "xm"(b)); - return a; -} -#endif -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 - -#define CRYPTOPP_CPUID_AVAILABLE - -// these should not be used directly -extern CRYPTOPP_DLL bool g_x86DetectionDone; -extern CRYPTOPP_DLL bool g_hasSSSE3; -extern CRYPTOPP_DLL bool g_hasAESNI; -extern CRYPTOPP_DLL bool g_hasCLMUL; -extern CRYPTOPP_DLL bool g_isP4; -extern CRYPTOPP_DLL word32 g_cacheLineSize; -CRYPTOPP_DLL void CRYPTOPP_API DetectX86Features(); -CRYPTOPP_DLL bool CRYPTOPP_API CpuId(word32 input, word32 *output); - -#if CRYPTOPP_BOOL_X64 -inline bool HasSSE2() {return true;} -inline bool HasISSE() {return true;} -inline bool HasMMX() {return true;} -#else - -extern CRYPTOPP_DLL bool g_hasSSE2; -extern CRYPTOPP_DLL bool g_hasISSE; -extern CRYPTOPP_DLL bool g_hasMMX; - -inline bool HasSSE2() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_hasSSE2; -} - -inline bool HasISSE() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_hasISSE; -} - -inline bool HasMMX() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_hasMMX; -} - -#endif - -inline bool HasSSSE3() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_hasSSSE3; -} - -inline bool HasAESNI() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_hasAESNI; -} - -inline bool HasCLMUL() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_hasCLMUL; -} - -inline bool IsP4() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_isP4; -} - -inline int GetCacheLineSize() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_cacheLineSize; -} - -#else - -inline int GetCacheLineSize() -{ - return CRYPTOPP_L1_CACHE_LINE_SIZE; -} - -#endif - -#endif - -#ifdef CRYPTOPP_GENERATE_X64_MASM - #define AS1(x) x*newline* - #define AS2(x, y) x, y*newline* - #define AS3(x, y, z) x, y, z*newline* - #define ASS(x, y, a, b, c, d) x, y, a*64+b*16+c*4+d*newline* - #define ASL(x) label##x:*newline* - #define ASJ(x, y, z) x label##y*newline* - #define ASC(x, y) x label##y*newline* - #define AS_HEX(y) 0##y##h -#elif defined(_MSC_VER) || defined(__BORLANDC__) - #define CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY - #define AS1(x) __asm {x} - #define AS2(x, y) __asm {x, y} - #define AS3(x, y, z) __asm {x, y, z} - #define ASS(x, y, a, b, c, d) __asm {x, y, (a)*64+(b)*16+(c)*4+(d)} - #define ASL(x) __asm {label##x:} - #define ASJ(x, y, z) __asm {x label##y} - #define ASC(x, y) __asm {x label##y} - #define CRYPTOPP_NAKED __declspec(naked) - #define AS_HEX(y) 0x##y -#else - #define CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY - // define these in two steps to allow arguments to be expanded - #define GNU_AS1(x) #x ";" - #define GNU_AS2(x, y) #x ", " #y ";" - #define GNU_AS3(x, y, z) #x ", " #y ", " #z ";" - #define GNU_ASL(x) "\n" #x ":" - #define GNU_ASJ(x, y, z) #x " " #y #z ";" - #define AS1(x) GNU_AS1(x) - #define AS2(x, y) GNU_AS2(x, y) - #define AS3(x, y, z) GNU_AS3(x, y, z) - #define ASS(x, y, a, b, c, d) #x ", " #y ", " #a "*64+" #b "*16+" #c "*4+" #d ";" - #define ASL(x) GNU_ASL(x) - #define ASJ(x, y, z) GNU_ASJ(x, y, z) - #define ASC(x, y) #x " " #y ";" - #define CRYPTOPP_NAKED - #define AS_HEX(y) 0x##y -#endif - -#define IF0(y) -#define IF1(y) y - -#ifdef CRYPTOPP_GENERATE_X64_MASM -#define ASM_MOD(x, y) ((x) MOD (y)) -#define XMMWORD_PTR XMMWORD PTR -#else -// GNU assembler doesn't seem to have mod operator -#define ASM_MOD(x, y) ((x)-((x)/(y))*(y)) -// GAS 2.15 doesn't support XMMWORD PTR. it seems necessary only for MASM -#define XMMWORD_PTR -#endif - -#if CRYPTOPP_BOOL_X86 - #define AS_REG_1 ecx - #define AS_REG_2 edx - #define AS_REG_3 esi - #define AS_REG_4 edi - #define AS_REG_5 eax - #define AS_REG_6 ebx - #define AS_REG_7 ebp - #define AS_REG_1d ecx - #define AS_REG_2d edx - #define AS_REG_3d esi - #define AS_REG_4d edi - #define AS_REG_5d eax - #define AS_REG_6d ebx - #define AS_REG_7d ebp - #define WORD_SZ 4 - #define WORD_REG(x) e##x - #define WORD_PTR DWORD PTR - #define AS_PUSH_IF86(x) AS1(push e##x) - #define AS_POP_IF86(x) AS1(pop e##x) - #define AS_JCXZ jecxz -#elif CRYPTOPP_BOOL_X64 - #ifdef CRYPTOPP_GENERATE_X64_MASM - #define AS_REG_1 rcx - #define AS_REG_2 rdx - #define AS_REG_3 r8 - #define AS_REG_4 r9 - #define AS_REG_5 rax - #define AS_REG_6 r10 - #define AS_REG_7 r11 - #define AS_REG_1d ecx - #define AS_REG_2d edx - #define AS_REG_3d r8d - #define AS_REG_4d r9d - #define AS_REG_5d eax - #define AS_REG_6d r10d - #define AS_REG_7d r11d - #else - #define AS_REG_1 rdi - #define AS_REG_2 rsi - #define AS_REG_3 rdx - #define AS_REG_4 rcx - #define AS_REG_5 r8 - #define AS_REG_6 r9 - #define AS_REG_7 r10 - #define AS_REG_1d edi - #define AS_REG_2d esi - #define AS_REG_3d edx - #define AS_REG_4d ecx - #define AS_REG_5d r8d - #define AS_REG_6d r9d - #define AS_REG_7d r10d - #endif - #define WORD_SZ 8 - #define WORD_REG(x) r##x - #define WORD_PTR QWORD PTR - #define AS_PUSH_IF86(x) - #define AS_POP_IF86(x) - #define AS_JCXZ jrcxz -#endif - -// helper macro for stream cipher output -#define AS_XMM_OUTPUT4(labelPrefix, inputPtr, outputPtr, x0, x1, x2, x3, t, p0, p1, p2, p3, increment)\ - AS2( test inputPtr, inputPtr)\ - ASC( jz, labelPrefix##3)\ - AS2( test inputPtr, 15)\ - ASC( jnz, labelPrefix##7)\ - AS2( pxor xmm##x0, [inputPtr+p0*16])\ - AS2( pxor xmm##x1, [inputPtr+p1*16])\ - AS2( pxor xmm##x2, [inputPtr+p2*16])\ - AS2( pxor xmm##x3, [inputPtr+p3*16])\ - AS2( add inputPtr, increment*16)\ - ASC( jmp, labelPrefix##3)\ - ASL(labelPrefix##7)\ - AS2( movdqu xmm##t, [inputPtr+p0*16])\ - AS2( pxor xmm##x0, xmm##t)\ - AS2( movdqu xmm##t, [inputPtr+p1*16])\ - AS2( pxor xmm##x1, xmm##t)\ - AS2( movdqu xmm##t, [inputPtr+p2*16])\ - AS2( pxor xmm##x2, xmm##t)\ - AS2( movdqu xmm##t, [inputPtr+p3*16])\ - AS2( pxor xmm##x3, xmm##t)\ - AS2( add inputPtr, increment*16)\ - ASL(labelPrefix##3)\ - AS2( test outputPtr, 15)\ - ASC( jnz, labelPrefix##8)\ - AS2( movdqa [outputPtr+p0*16], xmm##x0)\ - AS2( movdqa [outputPtr+p1*16], xmm##x1)\ - AS2( movdqa [outputPtr+p2*16], xmm##x2)\ - AS2( movdqa [outputPtr+p3*16], xmm##x3)\ - ASC( jmp, labelPrefix##9)\ - ASL(labelPrefix##8)\ - AS2( movdqu [outputPtr+p0*16], xmm##x0)\ - AS2( movdqu [outputPtr+p1*16], xmm##x1)\ - AS2( movdqu [outputPtr+p2*16], xmm##x2)\ - AS2( movdqu [outputPtr+p3*16], xmm##x3)\ - ASL(labelPrefix##9)\ - AS2( add outputPtr, increment*16) - -NAMESPACE_END - -#endif diff --git a/cryptopp562/crc.cpp b/cryptopp562/crc.cpp deleted file mode 100644 index 10c25c2..0000000 --- a/cryptopp562/crc.cpp +++ /dev/null @@ -1,160 +0,0 @@ -// crc.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "crc.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -/* Table of CRC-32's of all single byte values (made by makecrc.c) */ -const word32 CRC32::m_tab[] = { -#ifdef IS_LITTLE_ENDIAN - 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, - 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, - 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, - 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, - 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L, - 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L, - 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, - 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, - 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L, - 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL, - 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, - 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, - 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L, - 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL, - 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, - 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, - 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL, - 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L, - 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, - 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, - 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL, - 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L, - 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L, - 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, - 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L, - 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L, - 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L, - 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, - 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L, - 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL, - 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, - 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, - 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L, - 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL, - 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, - 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, - 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL, - 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L, - 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, - 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, - 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL, - 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L, - 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, - 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, - 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L, - 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L, - 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, - 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, - 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L, - 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L, - 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, - 0x2d02ef8dL -#else - 0x00000000L, 0x96300777L, 0x2c610eeeL, 0xba510999L, 0x19c46d07L, - 0x8ff46a70L, 0x35a563e9L, 0xa395649eL, 0x3288db0eL, 0xa4b8dc79L, - 0x1ee9d5e0L, 0x88d9d297L, 0x2b4cb609L, 0xbd7cb17eL, 0x072db8e7L, - 0x911dbf90L, 0x6410b71dL, 0xf220b06aL, 0x4871b9f3L, 0xde41be84L, - 0x7dd4da1aL, 0xebe4dd6dL, 0x51b5d4f4L, 0xc785d383L, 0x56986c13L, - 0xc0a86b64L, 0x7af962fdL, 0xecc9658aL, 0x4f5c0114L, 0xd96c0663L, - 0x633d0ffaL, 0xf50d088dL, 0xc8206e3bL, 0x5e10694cL, 0xe44160d5L, - 0x727167a2L, 0xd1e4033cL, 0x47d4044bL, 0xfd850dd2L, 0x6bb50aa5L, - 0xfaa8b535L, 0x6c98b242L, 0xd6c9bbdbL, 0x40f9bcacL, 0xe36cd832L, - 0x755cdf45L, 0xcf0dd6dcL, 0x593dd1abL, 0xac30d926L, 0x3a00de51L, - 0x8051d7c8L, 0x1661d0bfL, 0xb5f4b421L, 0x23c4b356L, 0x9995bacfL, - 0x0fa5bdb8L, 0x9eb80228L, 0x0888055fL, 0xb2d90cc6L, 0x24e90bb1L, - 0x877c6f2fL, 0x114c6858L, 0xab1d61c1L, 0x3d2d66b6L, 0x9041dc76L, - 0x0671db01L, 0xbc20d298L, 0x2a10d5efL, 0x8985b171L, 0x1fb5b606L, - 0xa5e4bf9fL, 0x33d4b8e8L, 0xa2c90778L, 0x34f9000fL, 0x8ea80996L, - 0x18980ee1L, 0xbb0d6a7fL, 0x2d3d6d08L, 0x976c6491L, 0x015c63e6L, - 0xf4516b6bL, 0x62616c1cL, 0xd8306585L, 0x4e0062f2L, 0xed95066cL, - 0x7ba5011bL, 0xc1f40882L, 0x57c40ff5L, 0xc6d9b065L, 0x50e9b712L, - 0xeab8be8bL, 0x7c88b9fcL, 0xdf1ddd62L, 0x492dda15L, 0xf37cd38cL, - 0x654cd4fbL, 0x5861b24dL, 0xce51b53aL, 0x7400bca3L, 0xe230bbd4L, - 0x41a5df4aL, 0xd795d83dL, 0x6dc4d1a4L, 0xfbf4d6d3L, 0x6ae96943L, - 0xfcd96e34L, 0x468867adL, 0xd0b860daL, 0x732d0444L, 0xe51d0333L, - 0x5f4c0aaaL, 0xc97c0dddL, 0x3c710550L, 0xaa410227L, 0x10100bbeL, - 0x86200cc9L, 0x25b56857L, 0xb3856f20L, 0x09d466b9L, 0x9fe461ceL, - 0x0ef9de5eL, 0x98c9d929L, 0x2298d0b0L, 0xb4a8d7c7L, 0x173db359L, - 0x810db42eL, 0x3b5cbdb7L, 0xad6cbac0L, 0x2083b8edL, 0xb6b3bf9aL, - 0x0ce2b603L, 0x9ad2b174L, 0x3947d5eaL, 0xaf77d29dL, 0x1526db04L, - 0x8316dc73L, 0x120b63e3L, 0x843b6494L, 0x3e6a6d0dL, 0xa85a6a7aL, - 0x0bcf0ee4L, 0x9dff0993L, 0x27ae000aL, 0xb19e077dL, 0x44930ff0L, - 0xd2a30887L, 0x68f2011eL, 0xfec20669L, 0x5d5762f7L, 0xcb676580L, - 0x71366c19L, 0xe7066b6eL, 0x761bd4feL, 0xe02bd389L, 0x5a7ada10L, - 0xcc4add67L, 0x6fdfb9f9L, 0xf9efbe8eL, 0x43beb717L, 0xd58eb060L, - 0xe8a3d6d6L, 0x7e93d1a1L, 0xc4c2d838L, 0x52f2df4fL, 0xf167bbd1L, - 0x6757bca6L, 0xdd06b53fL, 0x4b36b248L, 0xda2b0dd8L, 0x4c1b0aafL, - 0xf64a0336L, 0x607a0441L, 0xc3ef60dfL, 0x55df67a8L, 0xef8e6e31L, - 0x79be6946L, 0x8cb361cbL, 0x1a8366bcL, 0xa0d26f25L, 0x36e26852L, - 0x95770cccL, 0x03470bbbL, 0xb9160222L, 0x2f260555L, 0xbe3bbac5L, - 0x280bbdb2L, 0x925ab42bL, 0x046ab35cL, 0xa7ffd7c2L, 0x31cfd0b5L, - 0x8b9ed92cL, 0x1daede5bL, 0xb0c2649bL, 0x26f263ecL, 0x9ca36a75L, - 0x0a936d02L, 0xa906099cL, 0x3f360eebL, 0x85670772L, 0x13570005L, - 0x824abf95L, 0x147ab8e2L, 0xae2bb17bL, 0x381bb60cL, 0x9b8ed292L, - 0x0dbed5e5L, 0xb7efdc7cL, 0x21dfdb0bL, 0xd4d2d386L, 0x42e2d4f1L, - 0xf8b3dd68L, 0x6e83da1fL, 0xcd16be81L, 0x5b26b9f6L, 0xe177b06fL, - 0x7747b718L, 0xe65a0888L, 0x706a0fffL, 0xca3b0666L, 0x5c0b0111L, - 0xff9e658fL, 0x69ae62f8L, 0xd3ff6b61L, 0x45cf6c16L, 0x78e20aa0L, - 0xeed20dd7L, 0x5483044eL, 0xc2b30339L, 0x612667a7L, 0xf71660d0L, - 0x4d476949L, 0xdb776e3eL, 0x4a6ad1aeL, 0xdc5ad6d9L, 0x660bdf40L, - 0xf03bd837L, 0x53aebca9L, 0xc59ebbdeL, 0x7fcfb247L, 0xe9ffb530L, - 0x1cf2bdbdL, 0x8ac2bacaL, 0x3093b353L, 0xa6a3b424L, 0x0536d0baL, - 0x9306d7cdL, 0x2957de54L, 0xbf67d923L, 0x2e7a66b3L, 0xb84a61c4L, - 0x021b685dL, 0x942b6f2aL, 0x37be0bb4L, 0xa18e0cc3L, 0x1bdf055aL, - 0x8def022dL -#endif -}; - -CRC32::CRC32() -{ - Reset(); -} - -void CRC32::Update(const byte *s, size_t n) -{ - word32 crc = m_crc; - - for(; !IsAligned<word32>(s) && n > 0; n--) - crc = m_tab[CRC32_INDEX(crc) ^ *s++] ^ CRC32_SHIFTED(crc); - - while (n >= 4) - { - crc ^= *(const word32 *)s; - crc = m_tab[CRC32_INDEX(crc)] ^ CRC32_SHIFTED(crc); - crc = m_tab[CRC32_INDEX(crc)] ^ CRC32_SHIFTED(crc); - crc = m_tab[CRC32_INDEX(crc)] ^ CRC32_SHIFTED(crc); - crc = m_tab[CRC32_INDEX(crc)] ^ CRC32_SHIFTED(crc); - n -= 4; - s += 4; - } - - while (n--) - crc = m_tab[CRC32_INDEX(crc) ^ *s++] ^ CRC32_SHIFTED(crc); - - m_crc = crc; -} - -void CRC32::TruncatedFinal(byte *hash, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - m_crc ^= CRC32_NEGL; - for (size_t i=0; i<size; i++) - hash[i] = GetCrcByte(i); - - Reset(); -} - -NAMESPACE_END diff --git a/cryptopp562/crc.h b/cryptopp562/crc.h deleted file mode 100644 index f75ea38..0000000 --- a/cryptopp562/crc.h +++ /dev/null @@ -1,42 +0,0 @@ -#ifndef CRYPTOPP_CRC32_H -#define CRYPTOPP_CRC32_H - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -const word32 CRC32_NEGL = 0xffffffffL; - -#ifdef IS_LITTLE_ENDIAN -#define CRC32_INDEX(c) (c & 0xff) -#define CRC32_SHIFTED(c) (c >> 8) -#else -#define CRC32_INDEX(c) (c >> 24) -#define CRC32_SHIFTED(c) (c << 8) -#endif - -//! CRC Checksum Calculation -class CRC32 : public HashTransformation -{ -public: - CRYPTOPP_CONSTANT(DIGESTSIZE = 4) - CRC32(); - void Update(const byte *input, size_t length); - void TruncatedFinal(byte *hash, size_t size); - unsigned int DigestSize() const {return DIGESTSIZE;} - static const char * StaticAlgorithmName() {return "CRC32";} - std::string AlgorithmName() const {return StaticAlgorithmName();} - - void UpdateByte(byte b) {m_crc = m_tab[CRC32_INDEX(m_crc) ^ b] ^ CRC32_SHIFTED(m_crc);} - byte GetCrcByte(size_t i) const {return ((byte *)&(m_crc))[i];} - -private: - void Reset() {m_crc = CRC32_NEGL;} - - static const word32 m_tab[256]; - word32 m_crc; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cryptlib.cpp b/cryptopp562/cryptlib.cpp deleted file mode 100644 index df138dd..0000000 --- a/cryptopp562/cryptlib.cpp +++ /dev/null @@ -1,828 +0,0 @@ -// cryptlib.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "cryptlib.h" -#include "misc.h" -#include "filters.h" -#include "algparam.h" -#include "fips140.h" -#include "argnames.h" -#include "fltrimpl.h" -#include "trdlocal.h" -#include "osrng.h" - -#include <memory> - -NAMESPACE_BEGIN(CryptoPP) - -CRYPTOPP_COMPILE_ASSERT(sizeof(byte) == 1); -CRYPTOPP_COMPILE_ASSERT(sizeof(word16) == 2); -CRYPTOPP_COMPILE_ASSERT(sizeof(word32) == 4); -CRYPTOPP_COMPILE_ASSERT(sizeof(word64) == 8); -#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE -CRYPTOPP_COMPILE_ASSERT(sizeof(dword) == 2*sizeof(word)); -#endif - -const std::string DEFAULT_CHANNEL; -const std::string AAD_CHANNEL = "AAD"; -const std::string &BufferedTransformation::NULL_CHANNEL = DEFAULT_CHANNEL; - -class NullNameValuePairs : public NameValuePairs -{ -public: - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const {return false;} -}; - -simple_ptr<NullNameValuePairs> s_pNullNameValuePairs(new NullNameValuePairs); -const NameValuePairs &g_nullNameValuePairs = *s_pNullNameValuePairs.m_p; - -BufferedTransformation & TheBitBucket() -{ - static BitBucket bitBucket; - return bitBucket; -} - -Algorithm::Algorithm(bool checkSelfTestStatus) -{ - if (checkSelfTestStatus && FIPS_140_2_ComplianceEnabled()) - { - if (GetPowerUpSelfTestStatus() == POWER_UP_SELF_TEST_NOT_DONE && !PowerUpSelfTestInProgressOnThisThread()) - throw SelfTestFailure("Cryptographic algorithms are disabled before the power-up self tests are performed."); - - if (GetPowerUpSelfTestStatus() == POWER_UP_SELF_TEST_FAILED) - throw SelfTestFailure("Cryptographic algorithms are disabled after a power-up self test failed."); - } -} - -void SimpleKeyingInterface::SetKey(const byte *key, size_t length, const NameValuePairs ¶ms) -{ - this->ThrowIfInvalidKeyLength(length); - this->UncheckedSetKey(key, (unsigned int)length, params); -} - -void SimpleKeyingInterface::SetKeyWithRounds(const byte *key, size_t length, int rounds) -{ - SetKey(key, length, MakeParameters(Name::Rounds(), rounds)); -} - -void SimpleKeyingInterface::SetKeyWithIV(const byte *key, size_t length, const byte *iv, size_t ivLength) -{ - SetKey(key, length, MakeParameters(Name::IV(), ConstByteArrayParameter(iv, ivLength))); -} - -void SimpleKeyingInterface::ThrowIfInvalidKeyLength(size_t length) -{ - if (!IsValidKeyLength(length)) - throw InvalidKeyLength(GetAlgorithm().AlgorithmName(), length); -} - -void SimpleKeyingInterface::ThrowIfResynchronizable() -{ - if (IsResynchronizable()) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": this object requires an IV"); -} - -void SimpleKeyingInterface::ThrowIfInvalidIV(const byte *iv) -{ - if (!iv && IVRequirement() == UNPREDICTABLE_RANDOM_IV) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": this object cannot use a null IV"); -} - -size_t SimpleKeyingInterface::ThrowIfInvalidIVLength(int size) -{ - if (size < 0) - return IVSize(); - else if ((size_t)size < MinIVLength()) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": IV length " + IntToString(size) + " is less than the minimum of " + IntToString(MinIVLength())); - else if ((size_t)size > MaxIVLength()) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": IV length " + IntToString(size) + " exceeds the maximum of " + IntToString(MaxIVLength())); - else - return size; -} - -const byte * SimpleKeyingInterface::GetIVAndThrowIfInvalid(const NameValuePairs ¶ms, size_t &size) -{ - ConstByteArrayParameter ivWithLength; - const byte *iv; - bool found = false; - - try {found = params.GetValue(Name::IV(), ivWithLength);} - catch (const NameValuePairs::ValueTypeMismatch &) {} - - if (found) - { - iv = ivWithLength.begin(); - ThrowIfInvalidIV(iv); - size = ThrowIfInvalidIVLength((int)ivWithLength.size()); - return iv; - } - else if (params.GetValue(Name::IV(), iv)) - { - ThrowIfInvalidIV(iv); - size = IVSize(); - return iv; - } - else - { - ThrowIfResynchronizable(); - size = 0; - return NULL; - } -} - -void SimpleKeyingInterface::GetNextIV(RandomNumberGenerator &rng, byte *IV) -{ - rng.GenerateBlock(IV, IVSize()); -} - -size_t BlockTransformation::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const -{ - size_t blockSize = BlockSize(); - size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; - size_t xorIncrement = xorBlocks ? blockSize : 0; - size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; - - if (flags & BT_ReverseDirection) - { - assert(length % blockSize == 0); - inBlocks += length - blockSize; - xorBlocks += length - blockSize; - outBlocks += length - blockSize; - inIncrement = 0-inIncrement; - xorIncrement = 0-xorIncrement; - outIncrement = 0-outIncrement; - } - - while (length >= blockSize) - { - if (flags & BT_XorInput) - { - xorbuf(outBlocks, xorBlocks, inBlocks, blockSize); - ProcessBlock(outBlocks); - } - else - ProcessAndXorBlock(inBlocks, xorBlocks, outBlocks); - if (flags & BT_InBlockIsCounter) - const_cast<byte *>(inBlocks)[blockSize-1]++; - inBlocks += inIncrement; - outBlocks += outIncrement; - xorBlocks += xorIncrement; - length -= blockSize; - } - - return length; -} - -unsigned int BlockTransformation::OptimalDataAlignment() const -{ - return GetAlignmentOf<word32>(); -} - -unsigned int StreamTransformation::OptimalDataAlignment() const -{ - return GetAlignmentOf<word32>(); -} - -unsigned int HashTransformation::OptimalDataAlignment() const -{ - return GetAlignmentOf<word32>(); -} - -void StreamTransformation::ProcessLastBlock(byte *outString, const byte *inString, size_t length) -{ - assert(MinLastBlockSize() == 0); // this function should be overriden otherwise - - if (length == MandatoryBlockSize()) - ProcessData(outString, inString, length); - else if (length != 0) - throw NotImplemented(AlgorithmName() + ": this object does't support a special last block"); -} - -void AuthenticatedSymmetricCipher::SpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength) -{ - if (headerLength > MaxHeaderLength()) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": header length " + IntToString(headerLength) + " exceeds the maximum of " + IntToString(MaxHeaderLength())); - - if (messageLength > MaxMessageLength()) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": message length " + IntToString(messageLength) + " exceeds the maximum of " + IntToString(MaxMessageLength())); - - if (footerLength > MaxFooterLength()) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": footer length " + IntToString(footerLength) + " exceeds the maximum of " + IntToString(MaxFooterLength())); - - UncheckedSpecifyDataLengths(headerLength, messageLength, footerLength); -} - -void AuthenticatedSymmetricCipher::EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength) -{ - Resynchronize(iv, ivLength); - SpecifyDataLengths(headerLength, messageLength); - Update(header, headerLength); - ProcessString(ciphertext, message, messageLength); - TruncatedFinal(mac, macSize); -} - -bool AuthenticatedSymmetricCipher::DecryptAndVerify(byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength) -{ - Resynchronize(iv, ivLength); - SpecifyDataLengths(headerLength, ciphertextLength); - Update(header, headerLength); - ProcessString(message, ciphertext, ciphertextLength); - return TruncatedVerify(mac, macLength); -} - -unsigned int RandomNumberGenerator::GenerateBit() -{ - return GenerateByte() & 1; -} - -byte RandomNumberGenerator::GenerateByte() -{ - byte b; - GenerateBlock(&b, 1); - return b; -} - -word32 RandomNumberGenerator::GenerateWord32(word32 min, word32 max) -{ - word32 range = max-min; - const int maxBits = BitPrecision(range); - - word32 value; - - do - { - GenerateBlock((byte *)&value, sizeof(value)); - value = Crop(value, maxBits); - } while (value > range); - - return value+min; -} - -void RandomNumberGenerator::GenerateBlock(byte *output, size_t size) -{ - ArraySink s(output, size); - GenerateIntoBufferedTransformation(s, DEFAULT_CHANNEL, size); -} - -void RandomNumberGenerator::DiscardBytes(size_t n) -{ - GenerateIntoBufferedTransformation(TheBitBucket(), DEFAULT_CHANNEL, n); -} - -void RandomNumberGenerator::GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length) -{ - FixedSizeSecBlock<byte, 256> buffer; - while (length) - { - size_t len = UnsignedMin(buffer.size(), length); - GenerateBlock(buffer, len); - target.ChannelPut(channel, buffer, len); - length -= len; - } -} - -//! see NullRNG() -class ClassNullRNG : public RandomNumberGenerator -{ -public: - std::string AlgorithmName() const {return "NullRNG";} - void GenerateBlock(byte *output, size_t size) {throw NotImplemented("NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes");} -}; - -RandomNumberGenerator & NullRNG() -{ - static ClassNullRNG s_nullRNG; - return s_nullRNG; -} - -bool HashTransformation::TruncatedVerify(const byte *digestIn, size_t digestLength) -{ - ThrowIfInvalidTruncatedSize(digestLength); - SecByteBlock digest(digestLength); - TruncatedFinal(digest, digestLength); - return VerifyBufsEqual(digest, digestIn, digestLength); -} - -void HashTransformation::ThrowIfInvalidTruncatedSize(size_t size) const -{ - if (size > DigestSize()) - throw InvalidArgument("HashTransformation: can't truncate a " + IntToString(DigestSize()) + " byte digest to " + IntToString(size) + " bytes"); -} - -unsigned int BufferedTransformation::GetMaxWaitObjectCount() const -{ - const BufferedTransformation *t = AttachedTransformation(); - return t ? t->GetMaxWaitObjectCount() : 0; -} - -void BufferedTransformation::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - BufferedTransformation *t = AttachedTransformation(); - if (t) - t->GetWaitObjects(container, callStack); // reduce clutter by not adding to stack here -} - -void BufferedTransformation::Initialize(const NameValuePairs ¶meters, int propagation) -{ - assert(!AttachedTransformation()); - IsolatedInitialize(parameters); -} - -bool BufferedTransformation::Flush(bool hardFlush, int propagation, bool blocking) -{ - assert(!AttachedTransformation()); - return IsolatedFlush(hardFlush, blocking); -} - -bool BufferedTransformation::MessageSeriesEnd(int propagation, bool blocking) -{ - assert(!AttachedTransformation()); - return IsolatedMessageSeriesEnd(blocking); -} - -byte * BufferedTransformation::ChannelCreatePutSpace(const std::string &channel, size_t &size) -{ - if (channel.empty()) - return CreatePutSpace(size); - else - throw NoChannelSupport(AlgorithmName()); -} - -size_t BufferedTransformation::ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (channel.empty()) - return Put2(begin, length, messageEnd, blocking); - else - throw NoChannelSupport(AlgorithmName()); -} - -size_t BufferedTransformation::ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (channel.empty()) - return PutModifiable2(begin, length, messageEnd, blocking); - else - return ChannelPut2(channel, begin, length, messageEnd, blocking); -} - -bool BufferedTransformation::ChannelFlush(const std::string &channel, bool completeFlush, int propagation, bool blocking) -{ - if (channel.empty()) - return Flush(completeFlush, propagation, blocking); - else - throw NoChannelSupport(AlgorithmName()); -} - -bool BufferedTransformation::ChannelMessageSeriesEnd(const std::string &channel, int propagation, bool blocking) -{ - if (channel.empty()) - return MessageSeriesEnd(propagation, blocking); - else - throw NoChannelSupport(AlgorithmName()); -} - -lword BufferedTransformation::MaxRetrievable() const -{ - if (AttachedTransformation()) - return AttachedTransformation()->MaxRetrievable(); - else - return CopyTo(TheBitBucket()); -} - -bool BufferedTransformation::AnyRetrievable() const -{ - if (AttachedTransformation()) - return AttachedTransformation()->AnyRetrievable(); - else - { - byte b; - return Peek(b) != 0; - } -} - -size_t BufferedTransformation::Get(byte &outByte) -{ - if (AttachedTransformation()) - return AttachedTransformation()->Get(outByte); - else - return Get(&outByte, 1); -} - -size_t BufferedTransformation::Get(byte *outString, size_t getMax) -{ - if (AttachedTransformation()) - return AttachedTransformation()->Get(outString, getMax); - else - { - ArraySink arraySink(outString, getMax); - return (size_t)TransferTo(arraySink, getMax); - } -} - -size_t BufferedTransformation::Peek(byte &outByte) const -{ - if (AttachedTransformation()) - return AttachedTransformation()->Peek(outByte); - else - return Peek(&outByte, 1); -} - -size_t BufferedTransformation::Peek(byte *outString, size_t peekMax) const -{ - if (AttachedTransformation()) - return AttachedTransformation()->Peek(outString, peekMax); - else - { - ArraySink arraySink(outString, peekMax); - return (size_t)CopyTo(arraySink, peekMax); - } -} - -lword BufferedTransformation::Skip(lword skipMax) -{ - if (AttachedTransformation()) - return AttachedTransformation()->Skip(skipMax); - else - return TransferTo(TheBitBucket(), skipMax); -} - -lword BufferedTransformation::TotalBytesRetrievable() const -{ - if (AttachedTransformation()) - return AttachedTransformation()->TotalBytesRetrievable(); - else - return MaxRetrievable(); -} - -unsigned int BufferedTransformation::NumberOfMessages() const -{ - if (AttachedTransformation()) - return AttachedTransformation()->NumberOfMessages(); - else - return CopyMessagesTo(TheBitBucket()); -} - -bool BufferedTransformation::AnyMessages() const -{ - if (AttachedTransformation()) - return AttachedTransformation()->AnyMessages(); - else - return NumberOfMessages() != 0; -} - -bool BufferedTransformation::GetNextMessage() -{ - if (AttachedTransformation()) - return AttachedTransformation()->GetNextMessage(); - else - { - assert(!AnyMessages()); - return false; - } -} - -unsigned int BufferedTransformation::SkipMessages(unsigned int count) -{ - if (AttachedTransformation()) - return AttachedTransformation()->SkipMessages(count); - else - return TransferMessagesTo(TheBitBucket(), count); -} - -size_t BufferedTransformation::TransferMessagesTo2(BufferedTransformation &target, unsigned int &messageCount, const std::string &channel, bool blocking) -{ - if (AttachedTransformation()) - return AttachedTransformation()->TransferMessagesTo2(target, messageCount, channel, blocking); - else - { - unsigned int maxMessages = messageCount; - for (messageCount=0; messageCount < maxMessages && AnyMessages(); messageCount++) - { - size_t blockedBytes; - lword transferredBytes; - - while (AnyRetrievable()) - { - transferredBytes = LWORD_MAX; - blockedBytes = TransferTo2(target, transferredBytes, channel, blocking); - if (blockedBytes > 0) - return blockedBytes; - } - - if (target.ChannelMessageEnd(channel, GetAutoSignalPropagation(), blocking)) - return 1; - - bool result = GetNextMessage(); - assert(result); - } - return 0; - } -} - -unsigned int BufferedTransformation::CopyMessagesTo(BufferedTransformation &target, unsigned int count, const std::string &channel) const -{ - if (AttachedTransformation()) - return AttachedTransformation()->CopyMessagesTo(target, count, channel); - else - return 0; -} - -void BufferedTransformation::SkipAll() -{ - if (AttachedTransformation()) - AttachedTransformation()->SkipAll(); - else - { - while (SkipMessages()) {} - while (Skip()) {} - } -} - -size_t BufferedTransformation::TransferAllTo2(BufferedTransformation &target, const std::string &channel, bool blocking) -{ - if (AttachedTransformation()) - return AttachedTransformation()->TransferAllTo2(target, channel, blocking); - else - { - assert(!NumberOfMessageSeries()); - - unsigned int messageCount; - do - { - messageCount = UINT_MAX; - size_t blockedBytes = TransferMessagesTo2(target, messageCount, channel, blocking); - if (blockedBytes) - return blockedBytes; - } - while (messageCount != 0); - - lword byteCount; - do - { - byteCount = ULONG_MAX; - size_t blockedBytes = TransferTo2(target, byteCount, channel, blocking); - if (blockedBytes) - return blockedBytes; - } - while (byteCount != 0); - - return 0; - } -} - -void BufferedTransformation::CopyAllTo(BufferedTransformation &target, const std::string &channel) const -{ - if (AttachedTransformation()) - AttachedTransformation()->CopyAllTo(target, channel); - else - { - assert(!NumberOfMessageSeries()); - while (CopyMessagesTo(target, UINT_MAX, channel)) {} - } -} - -void BufferedTransformation::SetRetrievalChannel(const std::string &channel) -{ - if (AttachedTransformation()) - AttachedTransformation()->SetRetrievalChannel(channel); -} - -size_t BufferedTransformation::ChannelPutWord16(const std::string &channel, word16 value, ByteOrder order, bool blocking) -{ - PutWord(false, order, m_buf, value); - return ChannelPut(channel, m_buf, 2, blocking); -} - -size_t BufferedTransformation::ChannelPutWord32(const std::string &channel, word32 value, ByteOrder order, bool blocking) -{ - PutWord(false, order, m_buf, value); - return ChannelPut(channel, m_buf, 4, blocking); -} - -size_t BufferedTransformation::PutWord16(word16 value, ByteOrder order, bool blocking) -{ - return ChannelPutWord16(DEFAULT_CHANNEL, value, order, blocking); -} - -size_t BufferedTransformation::PutWord32(word32 value, ByteOrder order, bool blocking) -{ - return ChannelPutWord32(DEFAULT_CHANNEL, value, order, blocking); -} - -size_t BufferedTransformation::PeekWord16(word16 &value, ByteOrder order) const -{ - byte buf[2] = {0, 0}; - size_t len = Peek(buf, 2); - - if (order) - value = (buf[0] << 8) | buf[1]; - else - value = (buf[1] << 8) | buf[0]; - - return len; -} - -size_t BufferedTransformation::PeekWord32(word32 &value, ByteOrder order) const -{ - byte buf[4] = {0, 0, 0, 0}; - size_t len = Peek(buf, 4); - - if (order) - value = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf [3]; - else - value = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf [0]; - - return len; -} - -size_t BufferedTransformation::GetWord16(word16 &value, ByteOrder order) -{ - return (size_t)Skip(PeekWord16(value, order)); -} - -size_t BufferedTransformation::GetWord32(word32 &value, ByteOrder order) -{ - return (size_t)Skip(PeekWord32(value, order)); -} - -void BufferedTransformation::Attach(BufferedTransformation *newOut) -{ - if (AttachedTransformation() && AttachedTransformation()->Attachable()) - AttachedTransformation()->Attach(newOut); - else - Detach(newOut); -} - -void GeneratableCryptoMaterial::GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize) -{ - GenerateRandom(rng, MakeParameters("KeySize", (int)keySize)); -} - -class PK_DefaultEncryptionFilter : public Unflushable<Filter> -{ -public: - PK_DefaultEncryptionFilter(RandomNumberGenerator &rng, const PK_Encryptor &encryptor, BufferedTransformation *attachment, const NameValuePairs ¶meters) - : m_rng(rng), m_encryptor(encryptor), m_parameters(parameters) - { - Detach(attachment); - } - - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) - { - FILTER_BEGIN; - m_plaintextQueue.Put(inString, length); - - if (messageEnd) - { - { - size_t plaintextLength; - if (!SafeConvert(m_plaintextQueue.CurrentSize(), plaintextLength)) - throw InvalidArgument("PK_DefaultEncryptionFilter: plaintext too long"); - size_t ciphertextLength = m_encryptor.CiphertextLength(plaintextLength); - - SecByteBlock plaintext(plaintextLength); - m_plaintextQueue.Get(plaintext, plaintextLength); - m_ciphertext.resize(ciphertextLength); - m_encryptor.Encrypt(m_rng, plaintext, plaintextLength, m_ciphertext, m_parameters); - } - - FILTER_OUTPUT(1, m_ciphertext, m_ciphertext.size(), messageEnd); - } - FILTER_END_NO_MESSAGE_END; - } - - RandomNumberGenerator &m_rng; - const PK_Encryptor &m_encryptor; - const NameValuePairs &m_parameters; - ByteQueue m_plaintextQueue; - SecByteBlock m_ciphertext; -}; - -BufferedTransformation * PK_Encryptor::CreateEncryptionFilter(RandomNumberGenerator &rng, BufferedTransformation *attachment, const NameValuePairs ¶meters) const -{ - return new PK_DefaultEncryptionFilter(rng, *this, attachment, parameters); -} - -class PK_DefaultDecryptionFilter : public Unflushable<Filter> -{ -public: - PK_DefaultDecryptionFilter(RandomNumberGenerator &rng, const PK_Decryptor &decryptor, BufferedTransformation *attachment, const NameValuePairs ¶meters) - : m_rng(rng), m_decryptor(decryptor), m_parameters(parameters) - { - Detach(attachment); - } - - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) - { - FILTER_BEGIN; - m_ciphertextQueue.Put(inString, length); - - if (messageEnd) - { - { - size_t ciphertextLength; - if (!SafeConvert(m_ciphertextQueue.CurrentSize(), ciphertextLength)) - throw InvalidArgument("PK_DefaultDecryptionFilter: ciphertext too long"); - size_t maxPlaintextLength = m_decryptor.MaxPlaintextLength(ciphertextLength); - - SecByteBlock ciphertext(ciphertextLength); - m_ciphertextQueue.Get(ciphertext, ciphertextLength); - m_plaintext.resize(maxPlaintextLength); - m_result = m_decryptor.Decrypt(m_rng, ciphertext, ciphertextLength, m_plaintext, m_parameters); - if (!m_result.isValidCoding) - throw InvalidCiphertext(m_decryptor.AlgorithmName() + ": invalid ciphertext"); - } - - FILTER_OUTPUT(1, m_plaintext, m_result.messageLength, messageEnd); - } - FILTER_END_NO_MESSAGE_END; - } - - RandomNumberGenerator &m_rng; - const PK_Decryptor &m_decryptor; - const NameValuePairs &m_parameters; - ByteQueue m_ciphertextQueue; - SecByteBlock m_plaintext; - DecodingResult m_result; -}; - -BufferedTransformation * PK_Decryptor::CreateDecryptionFilter(RandomNumberGenerator &rng, BufferedTransformation *attachment, const NameValuePairs ¶meters) const -{ - return new PK_DefaultDecryptionFilter(rng, *this, attachment, parameters); -} - -size_t PK_Signer::Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const -{ - std::auto_ptr<PK_MessageAccumulator> m(messageAccumulator); - return SignAndRestart(rng, *m, signature, false); -} - -size_t PK_Signer::SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const -{ - std::auto_ptr<PK_MessageAccumulator> m(NewSignatureAccumulator(rng)); - m->Update(message, messageLen); - return SignAndRestart(rng, *m, signature, false); -} - -size_t PK_Signer::SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, - const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const -{ - std::auto_ptr<PK_MessageAccumulator> m(NewSignatureAccumulator(rng)); - InputRecoverableMessage(*m, recoverableMessage, recoverableMessageLength); - m->Update(nonrecoverableMessage, nonrecoverableMessageLength); - return SignAndRestart(rng, *m, signature, false); -} - -bool PK_Verifier::Verify(PK_MessageAccumulator *messageAccumulator) const -{ - std::auto_ptr<PK_MessageAccumulator> m(messageAccumulator); - return VerifyAndRestart(*m); -} - -bool PK_Verifier::VerifyMessage(const byte *message, size_t messageLen, const byte *signature, size_t signatureLength) const -{ - std::auto_ptr<PK_MessageAccumulator> m(NewVerificationAccumulator()); - InputSignature(*m, signature, signatureLength); - m->Update(message, messageLen); - return VerifyAndRestart(*m); -} - -DecodingResult PK_Verifier::Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const -{ - std::auto_ptr<PK_MessageAccumulator> m(messageAccumulator); - return RecoverAndRestart(recoveredMessage, *m); -} - -DecodingResult PK_Verifier::RecoverMessage(byte *recoveredMessage, - const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, - const byte *signature, size_t signatureLength) const -{ - std::auto_ptr<PK_MessageAccumulator> m(NewVerificationAccumulator()); - InputSignature(*m, signature, signatureLength); - m->Update(nonrecoverableMessage, nonrecoverableMessageLength); - return RecoverAndRestart(recoveredMessage, *m); -} - -void SimpleKeyAgreementDomain::GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const -{ - GeneratePrivateKey(rng, privateKey); - GeneratePublicKey(rng, privateKey, publicKey); -} - -void AuthenticatedKeyAgreementDomain::GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const -{ - GenerateStaticPrivateKey(rng, privateKey); - GenerateStaticPublicKey(rng, privateKey, publicKey); -} - -void AuthenticatedKeyAgreementDomain::GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const -{ - GenerateEphemeralPrivateKey(rng, privateKey); - GenerateEphemeralPublicKey(rng, privateKey, publicKey); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cryptlib.h b/cryptopp562/cryptlib.h deleted file mode 100644 index 4068722..0000000 --- a/cryptopp562/cryptlib.h +++ /dev/null @@ -1,1655 +0,0 @@ -// cryptlib.h - written and placed in the public domain by Wei Dai -/*! \file - This file contains the declarations for the abstract base - classes that provide a uniform interface to this library. -*/ - -/*! \mainpage Crypto++ Library 5.6.2 API Reference -<dl> -<dt>Abstract Base Classes<dd> - cryptlib.h -<dt>Authenticated Encryption<dd> - AuthenticatedSymmetricCipherDocumentation -<dt>Symmetric Ciphers<dd> - SymmetricCipherDocumentation -<dt>Hash Functions<dd> - SHA1, SHA224, SHA256, SHA384, SHA512, Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak1::MD2, Weak1::MD4, Weak1::MD5 -<dt>Non-Cryptographic Checksums<dd> - CRC32, Adler32 -<dt>Message Authentication Codes<dd> - VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, GCM (GMAC) -<dt>Random Number Generators<dd> - NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG, #DefaultAutoSeededRNG -<dt>Password-based Cryptography<dd> - PasswordBasedKeyDerivationFunction -<dt>Public Key Cryptosystems<dd> - DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES -<dt>Public Key Signature Schemes<dd> - DSA2, GDSA, ECDSA, NR, ECNR, LUCSS, RSASS, RSASS_ISO, RabinSS, RWSS, ESIGN -<dt>Key Agreement<dd> - #DH, DH2, #MQV, ECDH, ECMQV, XTR_DH -<dt>Algebraic Structures<dd> - Integer, PolynomialMod2, PolynomialOver, RingOfPolynomialsOver, - ModularArithmetic, MontgomeryRepresentation, GFP2_ONB, - GF2NP, GF256, GF2_32, EC2N, ECP -<dt>Secret Sharing and Information Dispersal<dd> - SecretSharing, SecretRecovery, InformationDispersal, InformationRecovery -<dt>Compression<dd> - Deflator, Inflator, Gzip, Gunzip, ZlibCompressor, ZlibDecompressor -<dt>Input Source Classes<dd> - StringSource, #ArraySource, FileSource, SocketSource, WindowsPipeSource, RandomNumberSource -<dt>Output Sink Classes<dd> - StringSinkTemplate, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink -<dt>Filter Wrappers<dd> - StreamTransformationFilter, HashFilter, HashVerificationFilter, SignerFilter, SignatureVerificationFilter -<dt>Binary to Text Encoders and Decoders<dd> - HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base32Encoder, Base32Decoder -<dt>Wrappers for OS features<dd> - Timer, Socket, WindowsHandle, ThreadLocalStorage, ThreadUserTimer -<dt>FIPS 140 related<dd> - fips140.h -</dl> - -In the DLL version of Crypto++, only the following implementation class are available. -<dl> -<dt>Block Ciphers<dd> - AES, DES_EDE2, DES_EDE3, SKIPJACK -<dt>Cipher Modes (replace template parameter BC with one of the block ciphers above)<dd> - ECB_Mode\<BC\>, CTR_Mode\<BC\>, CBC_Mode\<BC\>, CFB_FIPS_Mode\<BC\>, OFB_Mode\<BC\>, GCM\<AES\> -<dt>Hash Functions<dd> - SHA1, SHA224, SHA256, SHA384, SHA512 -<dt>Public Key Signature Schemes (replace template parameter H with one of the hash functions above)<dd> - RSASS\<PKCS1v15, H\>, RSASS\<PSS, H\>, RSASS_ISO\<H\>, RWSS\<P1363_EMSA2, H\>, DSA, ECDSA\<ECP, H\>, ECDSA\<EC2N, H\> -<dt>Message Authentication Codes (replace template parameter H with one of the hash functions above)<dd> - HMAC\<H\>, CBC_MAC\<DES_EDE2\>, CBC_MAC\<DES_EDE3\>, GCM\<AES\> -<dt>Random Number Generators<dd> - #DefaultAutoSeededRNG (AutoSeededX917RNG\<AES\>) -<dt>Key Agreement<dd> - #DH -<dt>Public Key Cryptosystems<dd> - RSAES\<OAEP\<SHA1\> \> -</dl> - -<p>This reference manual is a work in progress. Some classes are still lacking detailed descriptions. -<p>Click <a href="CryptoPPRef.zip">here</a> to download a zip archive containing this manual. -<p>Thanks to Ryan Phillips for providing the Doxygen configuration file -and getting me started with this manual. -*/ - -#ifndef CRYPTOPP_CRYPTLIB_H -#define CRYPTOPP_CRYPTLIB_H - -#include "config.h" -#include "stdcpp.h" - -NAMESPACE_BEGIN(CryptoPP) - -// forward declarations -class Integer; -class RandomNumberGenerator; -class BufferedTransformation; - -//! used to specify a direction for a cipher to operate in (encrypt or decrypt) -enum CipherDir {ENCRYPTION, DECRYPTION}; - -//! used to represent infinite time -const unsigned long INFINITE_TIME = ULONG_MAX; - -// VC60 workaround: using enums as template parameters causes problems -template <typename ENUM_TYPE, int VALUE> -struct EnumToType -{ - static ENUM_TYPE ToEnum() {return (ENUM_TYPE)VALUE;} -}; - -enum ByteOrder {LITTLE_ENDIAN_ORDER = 0, BIG_ENDIAN_ORDER = 1}; -typedef EnumToType<ByteOrder, LITTLE_ENDIAN_ORDER> LittleEndian; -typedef EnumToType<ByteOrder, BIG_ENDIAN_ORDER> BigEndian; - -//! base class for all exceptions thrown by Crypto++ -class CRYPTOPP_DLL Exception : public std::exception -{ -public: - //! error types - enum ErrorType { - //! a method is not implemented - NOT_IMPLEMENTED, - //! invalid function argument - INVALID_ARGUMENT, - //! BufferedTransformation received a Flush(true) signal but can't flush buffers - CANNOT_FLUSH, - //! data integerity check (such as CRC or MAC) failed - DATA_INTEGRITY_CHECK_FAILED, - //! received input data that doesn't conform to expected format - INVALID_DATA_FORMAT, - //! error reading from input device or writing to output device - IO_ERROR, - //! some error not belong to any of the above categories - OTHER_ERROR - }; - - explicit Exception(ErrorType errorType, const std::string &s) : m_errorType(errorType), m_what(s) {} - virtual ~Exception() throw() {} - const char *what() const throw() {return (m_what.c_str());} - const std::string &GetWhat() const {return m_what;} - void SetWhat(const std::string &s) {m_what = s;} - ErrorType GetErrorType() const {return m_errorType;} - void SetErrorType(ErrorType errorType) {m_errorType = errorType;} - -private: - ErrorType m_errorType; - std::string m_what; -}; - -//! exception thrown when an invalid argument is detected -class CRYPTOPP_DLL InvalidArgument : public Exception -{ -public: - explicit InvalidArgument(const std::string &s) : Exception(INVALID_ARGUMENT, s) {} -}; - -//! exception thrown when input data is received that doesn't conform to expected format -class CRYPTOPP_DLL InvalidDataFormat : public Exception -{ -public: - explicit InvalidDataFormat(const std::string &s) : Exception(INVALID_DATA_FORMAT, s) {} -}; - -//! exception thrown by decryption filters when trying to decrypt an invalid ciphertext -class CRYPTOPP_DLL InvalidCiphertext : public InvalidDataFormat -{ -public: - explicit InvalidCiphertext(const std::string &s) : InvalidDataFormat(s) {} -}; - -//! exception thrown by a class if a non-implemented method is called -class CRYPTOPP_DLL NotImplemented : public Exception -{ -public: - explicit NotImplemented(const std::string &s) : Exception(NOT_IMPLEMENTED, s) {} -}; - -//! exception thrown by a class when Flush(true) is called but it can't completely flush its buffers -class CRYPTOPP_DLL CannotFlush : public Exception -{ -public: - explicit CannotFlush(const std::string &s) : Exception(CANNOT_FLUSH, s) {} -}; - -//! error reported by the operating system -class CRYPTOPP_DLL OS_Error : public Exception -{ -public: - OS_Error(ErrorType errorType, const std::string &s, const std::string& operation, int errorCode) - : Exception(errorType, s), m_operation(operation), m_errorCode(errorCode) {} - ~OS_Error() throw() {} - - // the operating system API that reported the error - const std::string & GetOperation() const {return m_operation;} - // the error code return by the operating system - int GetErrorCode() const {return m_errorCode;} - -protected: - std::string m_operation; - int m_errorCode; -}; - -//! used to return decoding results -struct CRYPTOPP_DLL DecodingResult -{ - explicit DecodingResult() : isValidCoding(false), messageLength(0) {} - explicit DecodingResult(size_t len) : isValidCoding(true), messageLength(len) {} - - bool operator==(const DecodingResult &rhs) const {return isValidCoding == rhs.isValidCoding && messageLength == rhs.messageLength;} - bool operator!=(const DecodingResult &rhs) const {return !operator==(rhs);} - - bool isValidCoding; - size_t messageLength; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - operator size_t() const {return isValidCoding ? messageLength : 0;} -#endif -}; - -//! interface for retrieving values given their names -/*! \note This class is used to safely pass a variable number of arbitrarily typed arguments to functions - and to read values from keys and crypto parameters. - \note To obtain an object that implements NameValuePairs for the purpose of parameter - passing, use the MakeParameters() function. - \note To get a value from NameValuePairs, you need to know the name and the type of the value. - Call GetValueNames() on a NameValuePairs object to obtain a list of value names that it supports. - Then look at the Name namespace documentation to see what the type of each value is, or - alternatively, call GetIntValue() with the value name, and if the type is not int, a - ValueTypeMismatch exception will be thrown and you can get the actual type from the exception object. -*/ -class CRYPTOPP_NO_VTABLE NameValuePairs -{ -public: - virtual ~NameValuePairs() {} - - //! exception thrown when trying to retrieve a value using a different type than expected - class CRYPTOPP_DLL ValueTypeMismatch : public InvalidArgument - { - public: - ValueTypeMismatch(const std::string &name, const std::type_info &stored, const std::type_info &retrieving) - : InvalidArgument("NameValuePairs: type mismatch for '" + name + "', stored '" + stored.name() + "', trying to retrieve '" + retrieving.name() + "'") - , m_stored(stored), m_retrieving(retrieving) {} - - const std::type_info & GetStoredTypeInfo() const {return m_stored;} - const std::type_info & GetRetrievingTypeInfo() const {return m_retrieving;} - - private: - const std::type_info &m_stored; - const std::type_info &m_retrieving; - }; - - //! get a copy of this object or a subobject of it - template <class T> - bool GetThisObject(T &object) const - { - return GetValue((std::string("ThisObject:")+typeid(T).name()).c_str(), object); - } - - //! get a pointer to this object, as a pointer to T - template <class T> - bool GetThisPointer(T *&p) const - { - return GetValue((std::string("ThisPointer:")+typeid(T).name()).c_str(), p); - } - - //! get a named value, returns true if the name exists - template <class T> - bool GetValue(const char *name, T &value) const - { - return GetVoidValue(name, typeid(T), &value); - } - - //! get a named value, returns the default if the name doesn't exist - template <class T> - T GetValueWithDefault(const char *name, T defaultValue) const - { - GetValue(name, defaultValue); - return defaultValue; - } - - //! get a list of value names that can be retrieved - CRYPTOPP_DLL std::string GetValueNames() const - {std::string result; GetValue("ValueNames", result); return result;} - - //! get a named value with type int - /*! used to ensure we don't accidentally try to get an unsigned int - or some other type when we mean int (which is the most common case) */ - CRYPTOPP_DLL bool GetIntValue(const char *name, int &value) const - {return GetValue(name, value);} - - //! get a named value with type int, with default - CRYPTOPP_DLL int GetIntValueWithDefault(const char *name, int defaultValue) const - {return GetValueWithDefault(name, defaultValue);} - - //! used by derived classes to check for type mismatch - CRYPTOPP_DLL static void CRYPTOPP_API ThrowIfTypeMismatch(const char *name, const std::type_info &stored, const std::type_info &retrieving) - {if (stored != retrieving) throw ValueTypeMismatch(name, stored, retrieving);} - - template <class T> - void GetRequiredParameter(const char *className, const char *name, T &value) const - { - if (!GetValue(name, value)) - throw InvalidArgument(std::string(className) + ": missing required parameter '" + name + "'"); - } - - CRYPTOPP_DLL void GetRequiredIntParameter(const char *className, const char *name, int &value) const - { - if (!GetIntValue(name, value)) - throw InvalidArgument(std::string(className) + ": missing required parameter '" + name + "'"); - } - - //! to be implemented by derived classes, users should use one of the above functions instead - CRYPTOPP_DLL virtual bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const =0; -}; - -//! namespace containing value name definitions -/*! value names, types and semantics: - - ThisObject:ClassName (ClassName, copy of this object or a subobject) - ThisPointer:ClassName (const ClassName *, pointer to this object or a subobject) -*/ -DOCUMENTED_NAMESPACE_BEGIN(Name) -// more names defined in argnames.h -DOCUMENTED_NAMESPACE_END - -//! empty set of name-value pairs -extern CRYPTOPP_DLL const NameValuePairs &g_nullNameValuePairs; - -// ******************************************************** - -//! interface for cloning objects, this is not implemented by most classes yet -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Clonable -{ -public: - virtual ~Clonable() {} - //! this is not implemented by most classes yet - virtual Clonable* Clone() const {throw NotImplemented("Clone() is not implemented yet.");} // TODO: make this =0 -}; - -//! interface for all crypto algorithms - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Algorithm : public Clonable -{ -public: - /*! When FIPS 140-2 compliance is enabled and checkSelfTestStatus == true, - this constructor throws SelfTestFailure if the self test hasn't been run or fails. */ - Algorithm(bool checkSelfTestStatus = true); - //! returns name of this algorithm, not universally implemented yet - virtual std::string AlgorithmName() const {return "unknown";} -}; - -//! keying interface for crypto algorithms that take byte strings as keys -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyingInterface -{ -public: - virtual ~SimpleKeyingInterface() {} - - //! returns smallest valid key length in bytes */ - virtual size_t MinKeyLength() const =0; - //! returns largest valid key length in bytes */ - virtual size_t MaxKeyLength() const =0; - //! returns default (recommended) key length in bytes */ - virtual size_t DefaultKeyLength() const =0; - - //! returns the smallest valid key length in bytes that is >= min(n, GetMaxKeyLength()) - virtual size_t GetValidKeyLength(size_t n) const =0; - - //! returns whether n is a valid key length - virtual bool IsValidKeyLength(size_t n) const - {return n == GetValidKeyLength(n);} - - //! set or reset the key of this object - /*! \param params is used to specify Rounds, BlockSize, etc. */ - virtual void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms = g_nullNameValuePairs); - - //! calls SetKey() with an NameValuePairs object that just specifies "Rounds" - void SetKeyWithRounds(const byte *key, size_t length, int rounds); - - //! calls SetKey() with an NameValuePairs object that just specifies "IV" - void SetKeyWithIV(const byte *key, size_t length, const byte *iv, size_t ivLength); - - //! calls SetKey() with an NameValuePairs object that just specifies "IV" - void SetKeyWithIV(const byte *key, size_t length, const byte *iv) - {SetKeyWithIV(key, length, iv, IVSize());} - - enum IV_Requirement {UNIQUE_IV = 0, RANDOM_IV, UNPREDICTABLE_RANDOM_IV, INTERNALLY_GENERATED_IV, NOT_RESYNCHRONIZABLE}; - //! returns the minimal requirement for secure IVs - virtual IV_Requirement IVRequirement() const =0; - - //! returns whether this object can be resynchronized (i.e. supports initialization vectors) - /*! If this function returns true, and no IV is passed to SetKey() and CanUseStructuredIVs()==true, an IV of all 0's will be assumed. */ - bool IsResynchronizable() const {return IVRequirement() < NOT_RESYNCHRONIZABLE;} - //! returns whether this object can use random IVs (in addition to ones returned by GetNextIV) - bool CanUseRandomIVs() const {return IVRequirement() <= UNPREDICTABLE_RANDOM_IV;} - //! returns whether this object can use random but possibly predictable IVs (in addition to ones returned by GetNextIV) - bool CanUsePredictableIVs() const {return IVRequirement() <= RANDOM_IV;} - //! returns whether this object can use structured IVs, for example a counter (in addition to ones returned by GetNextIV) - bool CanUseStructuredIVs() const {return IVRequirement() <= UNIQUE_IV;} - - virtual unsigned int IVSize() const {throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");} - //! returns default length of IVs accepted by this object - unsigned int DefaultIVLength() const {return IVSize();} - //! returns minimal length of IVs accepted by this object - virtual unsigned int MinIVLength() const {return IVSize();} - //! returns maximal length of IVs accepted by this object - virtual unsigned int MaxIVLength() const {return IVSize();} - //! resynchronize with an IV. ivLength=-1 means use IVSize() - virtual void Resynchronize(const byte *iv, int ivLength=-1) {throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");} - //! get a secure IV for the next message - /*! This method should be called after you finish encrypting one message and are ready to start the next one. - After calling it, you must call SetKey() or Resynchronize() before using this object again. - This method is not implemented on decryption objects. */ - virtual void GetNextIV(RandomNumberGenerator &rng, byte *IV); - -protected: - virtual const Algorithm & GetAlgorithm() const =0; - virtual void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) =0; - - void ThrowIfInvalidKeyLength(size_t length); - void ThrowIfResynchronizable(); // to be called when no IV is passed - void ThrowIfInvalidIV(const byte *iv); // check for NULL IV if it can't be used - size_t ThrowIfInvalidIVLength(int size); - const byte * GetIVAndThrowIfInvalid(const NameValuePairs ¶ms, size_t &size); - inline void AssertValidKeyLength(size_t length) const - {assert(IsValidKeyLength(length));} -}; - -//! interface for the data processing part of block ciphers - -/*! Classes derived from BlockTransformation are block ciphers - in ECB mode (for example the DES::Encryption class), which are stateless. - These classes should not be used directly, but only in combination with - a mode class (see CipherModeDocumentation in modes.h). -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockTransformation : public Algorithm -{ -public: - //! encrypt or decrypt inBlock, xor with xorBlock, and write to outBlock - virtual void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const =0; - - //! encrypt or decrypt one block - /*! \pre size of inBlock and outBlock == BlockSize() */ - void ProcessBlock(const byte *inBlock, byte *outBlock) const - {ProcessAndXorBlock(inBlock, NULL, outBlock);} - - //! encrypt or decrypt one block in place - void ProcessBlock(byte *inoutBlock) const - {ProcessAndXorBlock(inoutBlock, NULL, inoutBlock);} - - //! block size of the cipher in bytes - virtual unsigned int BlockSize() const =0; - - //! returns how inputs and outputs should be aligned for optimal performance - virtual unsigned int OptimalDataAlignment() const; - - //! returns true if this is a permutation (i.e. there is an inverse transformation) - virtual bool IsPermutation() const {return true;} - - //! returns true if this is an encryption object - virtual bool IsForwardTransformation() const =0; - - //! return number of blocks that can be processed in parallel, for bit-slicing implementations - virtual unsigned int OptimalNumberOfParallelBlocks() const {return 1;} - - enum {BT_InBlockIsCounter=1, BT_DontIncrementInOutPointers=2, BT_XorInput=4, BT_ReverseDirection=8, BT_AllowParallel=16} FlagsForAdvancedProcessBlocks; - - //! encrypt and xor blocks according to flags (see FlagsForAdvancedProcessBlocks) - /*! /note If BT_InBlockIsCounter is set, last byte of inBlocks may be modified. */ - virtual size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; - - inline CipherDir GetCipherDirection() const {return IsForwardTransformation() ? ENCRYPTION : DECRYPTION;} -}; - -//! interface for the data processing part of stream ciphers - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE StreamTransformation : public Algorithm -{ -public: - //! return a reference to this object, useful for passing a temporary object to a function that takes a non-const reference - StreamTransformation& Ref() {return *this;} - - //! returns block size, if input must be processed in blocks, otherwise 1 - virtual unsigned int MandatoryBlockSize() const {return 1;} - - //! returns the input block size that is most efficient for this cipher - /*! \note optimal input length is n * OptimalBlockSize() - GetOptimalBlockSizeUsed() for any n > 0 */ - virtual unsigned int OptimalBlockSize() const {return MandatoryBlockSize();} - //! returns how much of the current block is used up - virtual unsigned int GetOptimalBlockSizeUsed() const {return 0;} - - //! returns how input should be aligned for optimal performance - virtual unsigned int OptimalDataAlignment() const; - - //! encrypt or decrypt an array of bytes of specified length - /*! \note either inString == outString, or they don't overlap */ - virtual void ProcessData(byte *outString, const byte *inString, size_t length) =0; - - //! for ciphers where the last block of data is special, encrypt or decrypt the last block of data - /*! For now the only use of this function is for CBC-CTS mode. */ - virtual void ProcessLastBlock(byte *outString, const byte *inString, size_t length); - //! returns the minimum size of the last block, 0 indicating the last block is not special - virtual unsigned int MinLastBlockSize() const {return 0;} - - //! same as ProcessData(inoutString, inoutString, length) - inline void ProcessString(byte *inoutString, size_t length) - {ProcessData(inoutString, inoutString, length);} - //! same as ProcessData(outString, inString, length) - inline void ProcessString(byte *outString, const byte *inString, size_t length) - {ProcessData(outString, inString, length);} - //! implemented as {ProcessData(&input, &input, 1); return input;} - inline byte ProcessByte(byte input) - {ProcessData(&input, &input, 1); return input;} - - //! returns whether this cipher supports random access - virtual bool IsRandomAccess() const =0; - //! for random access ciphers, seek to an absolute position - virtual void Seek(lword n) - { - assert(!IsRandomAccess()); - throw NotImplemented("StreamTransformation: this object doesn't support random access"); - } - - //! returns whether this transformation is self-inverting (e.g. xor with a keystream) - virtual bool IsSelfInverting() const =0; - //! returns whether this is an encryption object - virtual bool IsForwardTransformation() const =0; -}; - -//! interface for hash functions and data processing part of MACs - -/*! HashTransformation objects are stateful. They are created in an initial state, - change state as Update() is called, and return to the initial - state when Final() is called. This interface allows a large message to - be hashed in pieces by calling Update() on each piece followed by - calling Final(). -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE HashTransformation : public Algorithm -{ -public: - //! return a reference to this object, useful for passing a temporary object to a function that takes a non-const reference - HashTransformation& Ref() {return *this;} - - //! process more input - virtual void Update(const byte *input, size_t length) =0; - - //! request space to write input into - virtual byte * CreateUpdateSpace(size_t &size) {size=0; return NULL;} - - //! compute hash for current message, then restart for a new message - /*! \pre size of digest == DigestSize(). */ - virtual void Final(byte *digest) - {TruncatedFinal(digest, DigestSize());} - - //! discard the current state, and restart with a new message - virtual void Restart() - {TruncatedFinal(NULL, 0);} - - //! size of the hash/digest/MAC returned by Final() - virtual unsigned int DigestSize() const =0; - - //! same as DigestSize() - unsigned int TagSize() const {return DigestSize();} - - - //! block size of underlying compression function, or 0 if not block based - virtual unsigned int BlockSize() const {return 0;} - - //! input to Update() should have length a multiple of this for optimal speed - virtual unsigned int OptimalBlockSize() const {return 1;} - - //! returns how input should be aligned for optimal performance - virtual unsigned int OptimalDataAlignment() const; - - //! use this if your input is in one piece and you don't want to call Update() and Final() separately - virtual void CalculateDigest(byte *digest, const byte *input, size_t length) - {Update(input, length); Final(digest);} - - //! verify that digest is a valid digest for the current message, then reinitialize the object - /*! Default implementation is to call Final() and do a bitwise comparison - between its output and digest. */ - virtual bool Verify(const byte *digest) - {return TruncatedVerify(digest, DigestSize());} - - //! use this if your input is in one piece and you don't want to call Update() and Verify() separately - virtual bool VerifyDigest(const byte *digest, const byte *input, size_t length) - {Update(input, length); return Verify(digest);} - - //! truncated version of Final() - virtual void TruncatedFinal(byte *digest, size_t digestSize) =0; - - //! truncated version of CalculateDigest() - virtual void CalculateTruncatedDigest(byte *digest, size_t digestSize, const byte *input, size_t length) - {Update(input, length); TruncatedFinal(digest, digestSize);} - - //! truncated version of Verify() - virtual bool TruncatedVerify(const byte *digest, size_t digestLength); - - //! truncated version of VerifyDigest() - virtual bool VerifyTruncatedDigest(const byte *digest, size_t digestLength, const byte *input, size_t length) - {Update(input, length); return TruncatedVerify(digest, digestLength);} - -protected: - void ThrowIfInvalidTruncatedSize(size_t size) const; -}; - -typedef HashTransformation HashFunction; - -//! interface for one direction (encryption or decryption) of a block cipher -/*! \note These objects usually should not be used directly. See BlockTransformation for more details. */ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockCipher : public SimpleKeyingInterface, public BlockTransformation -{ -protected: - const Algorithm & GetAlgorithm() const {return *this;} -}; - -//! interface for one direction (encryption or decryption) of a stream cipher or cipher mode -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SymmetricCipher : public SimpleKeyingInterface, public StreamTransformation -{ -protected: - const Algorithm & GetAlgorithm() const {return *this;} -}; - -//! interface for message authentication codes -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE MessageAuthenticationCode : public SimpleKeyingInterface, public HashTransformation -{ -protected: - const Algorithm & GetAlgorithm() const {return *this;} -}; - -//! interface for for one direction (encryption or decryption) of a stream cipher or block cipher mode with authentication -/*! The StreamTransformation part of this interface is used to encrypt/decrypt the data, and the MessageAuthenticationCode part of this - interface is used to input additional authenticated data (AAD, which is MAC'ed but not encrypted), and to generate/verify the MAC. */ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedSymmetricCipher : public MessageAuthenticationCode, public StreamTransformation -{ -public: - //! this indicates that a member function was called in the wrong state, for example trying to encrypt a message before having set the key or IV - class BadState : public Exception - { - public: - explicit BadState(const std::string &name, const char *message) : Exception(OTHER_ERROR, name + ": " + message) {} - explicit BadState(const std::string &name, const char *function, const char *state) : Exception(OTHER_ERROR, name + ": " + function + " was called before " + state) {} - }; - - //! the maximum length of AAD that can be input before the encrypted data - virtual lword MaxHeaderLength() const =0; - //! the maximum length of encrypted data - virtual lword MaxMessageLength() const =0; - //! the maximum length of AAD that can be input after the encrypted data - virtual lword MaxFooterLength() const {return 0;} - //! if this function returns true, SpecifyDataLengths() must be called before attempting to input data - /*! This is the case for some schemes, such as CCM. */ - virtual bool NeedsPrespecifiedDataLengths() const {return false;} - //! this function only needs to be called if NeedsPrespecifiedDataLengths() returns true - void SpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength=0); - //! encrypt and generate MAC in one call. will truncate MAC if macSize < TagSize() - virtual void EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength); - //! decrypt and verify MAC in one call, returning true iff MAC is valid. will assume MAC is truncated if macLength < TagSize() - virtual bool DecryptAndVerify(byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength); - - // redeclare this to avoid compiler ambiguity errors - virtual std::string AlgorithmName() const =0; - -protected: - const Algorithm & GetAlgorithm() const {return *static_cast<const MessageAuthenticationCode *>(this);} - virtual void UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength) {} -}; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY -typedef SymmetricCipher StreamCipher; -#endif - -//! interface for random number generators -/*! All return values are uniformly distributed over the range specified. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomNumberGenerator : public Algorithm -{ -public: - //! update RNG state with additional unpredictable values - virtual void IncorporateEntropy(const byte *input, size_t length) {throw NotImplemented("RandomNumberGenerator: IncorporateEntropy not implemented");} - - //! returns true if IncorporateEntropy is implemented - virtual bool CanIncorporateEntropy() const {return false;} - - //! generate new random byte and return it - virtual byte GenerateByte(); - - //! generate new random bit and return it - /*! Default implementation is to call GenerateByte() and return its lowest bit. */ - virtual unsigned int GenerateBit(); - - //! generate a random 32 bit word in the range min to max, inclusive - virtual word32 GenerateWord32(word32 a=0, word32 b=0xffffffffL); - - //! generate random array of bytes - virtual void GenerateBlock(byte *output, size_t size); - - //! generate and discard n bytes - virtual void DiscardBytes(size_t n); - - //! generate random bytes as input to a BufferedTransformation - virtual void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length); - - //! randomly shuffle the specified array, resulting permutation is uniformly distributed - template <class IT> void Shuffle(IT begin, IT end) - { - for (; begin != end; ++begin) - std::iter_swap(begin, begin + GenerateWord32(0, end-begin-1)); - } - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - byte GetByte() {return GenerateByte();} - unsigned int GetBit() {return GenerateBit();} - word32 GetLong(word32 a=0, word32 b=0xffffffffL) {return GenerateWord32(a, b);} - word16 GetShort(word16 a=0, word16 b=0xffff) {return (word16)GenerateWord32(a, b);} - void GetBlock(byte *output, size_t size) {GenerateBlock(output, size);} -#endif -}; - -//! returns a reference that can be passed to functions that ask for a RNG but doesn't actually use it -CRYPTOPP_DLL RandomNumberGenerator & CRYPTOPP_API NullRNG(); - -class WaitObjectContainer; -class CallStack; - -//! interface for objects that you can wait for - -class CRYPTOPP_NO_VTABLE Waitable -{ -public: - virtual ~Waitable() {} - - //! maximum number of wait objects that this object can return - virtual unsigned int GetMaxWaitObjectCount() const =0; - //! put wait objects into container - /*! \param callStack is used for tracing no wait loops, example: - something.GetWaitObjects(c, CallStack("my func after X", 0)); - - or in an outer GetWaitObjects() method that itself takes a callStack parameter: - innerThing.GetWaitObjects(c, CallStack("MyClass::GetWaitObjects at X", &callStack)); */ - virtual void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) =0; - //! wait on this object - /*! same as creating an empty container, calling GetWaitObjects(), and calling Wait() on the container */ - bool Wait(unsigned long milliseconds, CallStack const& callStack); -}; - -//! the default channel for BufferedTransformation, equal to the empty string -extern CRYPTOPP_DLL const std::string DEFAULT_CHANNEL; - -//! channel for additional authenticated data, equal to "AAD" -extern CRYPTOPP_DLL const std::string AAD_CHANNEL; - -//! interface for buffered transformations - -/*! BufferedTransformation is a generalization of BlockTransformation, - StreamTransformation, and HashTransformation. - - A buffered transformation is an object that takes a stream of bytes - as input (this may be done in stages), does some computation on them, and - then places the result into an internal buffer for later retrieval. Any - partial result already in the output buffer is not modified by further - input. - - If a method takes a "blocking" parameter, and you - pass "false" for it, the method will return before all input has been processed if - the input cannot be processed without waiting (for network buffers to become available, for example). - In this case the method will return true - or a non-zero integer value. When this happens you must continue to call the method with the same - parameters until it returns false or zero, before calling any other method on it or - attached BufferedTransformation. The integer return value in this case is approximately - the number of bytes left to be processed, and can be used to implement a progress bar. - - For functions that take a "propagation" parameter, propagation != 0 means pass on the signal to attached - BufferedTransformation objects, with propagation decremented at each step until it reaches 0. - -1 means unlimited propagation. - - \nosubgrouping -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BufferedTransformation : public Algorithm, public Waitable -{ -public: - // placed up here for CW8 - static const std::string &NULL_CHANNEL; // same as DEFAULT_CHANNEL, for backwards compatibility - - BufferedTransformation() : Algorithm(false) {} - - //! return a reference to this object, useful for passing a temporary object to a function that takes a non-const reference - BufferedTransformation& Ref() {return *this;} - - //! \name INPUT - //@{ - //! input a byte for processing - size_t Put(byte inByte, bool blocking=true) - {return Put(&inByte, 1, blocking);} - //! input multiple bytes - size_t Put(const byte *inString, size_t length, bool blocking=true) - {return Put2(inString, length, 0, blocking);} - - //! input a 16-bit word - size_t PutWord16(word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); - //! input a 32-bit word - size_t PutWord32(word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); - - //! request space which can be written into by the caller, and then used as input to Put() - /*! \param size is requested size (as a hint) for input, and size of the returned space for output */ - /*! \note The purpose of this method is to help avoid doing extra memory allocations. */ - virtual byte * CreatePutSpace(size_t &size) {size=0; return NULL;} - - virtual bool CanModifyInput() const {return false;} - - //! input multiple bytes that may be modified by callee - size_t PutModifiable(byte *inString, size_t length, bool blocking=true) - {return PutModifiable2(inString, length, 0, blocking);} - - bool MessageEnd(int propagation=-1, bool blocking=true) - {return !!Put2(NULL, 0, propagation < 0 ? -1 : propagation+1, blocking);} - size_t PutMessageEnd(const byte *inString, size_t length, int propagation=-1, bool blocking=true) - {return Put2(inString, length, propagation < 0 ? -1 : propagation+1, blocking);} - - //! input multiple bytes for blocking or non-blocking processing - /*! \param messageEnd means how many filters to signal MessageEnd to, including this one */ - virtual size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) =0; - //! input multiple bytes that may be modified by callee for blocking or non-blocking processing - /*! \param messageEnd means how many filters to signal MessageEnd to, including this one */ - virtual size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking) - {return Put2(inString, length, messageEnd, blocking);} - - //! thrown by objects that have not implemented nonblocking input processing - struct BlockingInputOnly : public NotImplemented - {BlockingInputOnly(const std::string &s) : NotImplemented(s + ": Nonblocking input is not implemented by this object.") {}}; - //@} - - //! \name WAITING - //@{ - unsigned int GetMaxWaitObjectCount() const; - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - //@} - - //! \name SIGNALS - //@{ - virtual void IsolatedInitialize(const NameValuePairs ¶meters) {throw NotImplemented("BufferedTransformation: this object can't be reinitialized");} - virtual bool IsolatedFlush(bool hardFlush, bool blocking) =0; - virtual bool IsolatedMessageSeriesEnd(bool blocking) {return false;} - - //! initialize or reinitialize this object - virtual void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1); - //! flush buffered input and/or output - /*! \param hardFlush is used to indicate whether all data should be flushed - \note Hard flushes must be used with care. It means try to process and output everything, even if - there may not be enough data to complete the action. For example, hard flushing a HexDecoder would - cause an error if you do it after inputing an odd number of hex encoded characters. - For some types of filters, for example ZlibDecompressor, hard flushes can only - be done at "synchronization points". These synchronization points are positions in the data - stream that are created by hard flushes on the corresponding reverse filters, in this - example ZlibCompressor. This is useful when zlib compressed data is moved across a - network in packets and compression state is preserved across packets, as in the ssh2 protocol. - */ - virtual bool Flush(bool hardFlush, int propagation=-1, bool blocking=true); - //! mark end of a series of messages - /*! There should be a MessageEnd immediately before MessageSeriesEnd. */ - virtual bool MessageSeriesEnd(int propagation=-1, bool blocking=true); - - //! set propagation of automatically generated and transferred signals - /*! propagation == 0 means do not automaticly generate signals */ - virtual void SetAutoSignalPropagation(int propagation) {} - - //! - virtual int GetAutoSignalPropagation() const {return 0;} -public: - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - void Close() {MessageEnd();} -#endif - //@} - - //! \name RETRIEVAL OF ONE MESSAGE - //@{ - //! returns number of bytes that is currently ready for retrieval - /*! All retrieval functions return the actual number of bytes - retrieved, which is the lesser of the request number and - MaxRetrievable(). */ - virtual lword MaxRetrievable() const; - - //! returns whether any bytes are currently ready for retrieval - virtual bool AnyRetrievable() const; - - //! try to retrieve a single byte - virtual size_t Get(byte &outByte); - //! try to retrieve multiple bytes - virtual size_t Get(byte *outString, size_t getMax); - - //! peek at the next byte without removing it from the output buffer - virtual size_t Peek(byte &outByte) const; - //! peek at multiple bytes without removing them from the output buffer - virtual size_t Peek(byte *outString, size_t peekMax) const; - - //! try to retrieve a 16-bit word - size_t GetWord16(word16 &value, ByteOrder order=BIG_ENDIAN_ORDER); - //! try to retrieve a 32-bit word - size_t GetWord32(word32 &value, ByteOrder order=BIG_ENDIAN_ORDER); - - //! try to peek at a 16-bit word - size_t PeekWord16(word16 &value, ByteOrder order=BIG_ENDIAN_ORDER) const; - //! try to peek at a 32-bit word - size_t PeekWord32(word32 &value, ByteOrder order=BIG_ENDIAN_ORDER) const; - - //! move transferMax bytes of the buffered output to target as input - lword TransferTo(BufferedTransformation &target, lword transferMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) - {TransferTo2(target, transferMax, channel); return transferMax;} - - //! discard skipMax bytes from the output buffer - virtual lword Skip(lword skipMax=LWORD_MAX); - - //! copy copyMax bytes of the buffered output to target as input - lword CopyTo(BufferedTransformation &target, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const - {return CopyRangeTo(target, 0, copyMax, channel);} - - //! copy copyMax bytes of the buffered output, starting at position (relative to current position), to target as input - lword CopyRangeTo(BufferedTransformation &target, lword position, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const - {lword i = position; CopyRangeTo2(target, i, i+copyMax, channel); return i-position;} - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - unsigned long MaxRetrieveable() const {return MaxRetrievable();} -#endif - //@} - - //! \name RETRIEVAL OF MULTIPLE MESSAGES - //@{ - //! - virtual lword TotalBytesRetrievable() const; - //! number of times MessageEnd() has been received minus messages retrieved or skipped - virtual unsigned int NumberOfMessages() const; - //! returns true if NumberOfMessages() > 0 - virtual bool AnyMessages() const; - //! start retrieving the next message - /*! - Returns false if no more messages exist or this message - is not completely retrieved. - */ - virtual bool GetNextMessage(); - //! skip count number of messages - virtual unsigned int SkipMessages(unsigned int count=UINT_MAX); - //! - unsigned int TransferMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) - {TransferMessagesTo2(target, count, channel); return count;} - //! - unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const; - - //! - virtual void SkipAll(); - //! - void TransferAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) - {TransferAllTo2(target, channel);} - //! - void CopyAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) const; - - virtual bool GetNextMessageSeries() {return false;} - virtual unsigned int NumberOfMessagesInThisSeries() const {return NumberOfMessages();} - virtual unsigned int NumberOfMessageSeries() const {return 0;} - //@} - - //! \name NON-BLOCKING TRANSFER OF OUTPUT - //@{ - //! upon return, byteCount contains number of bytes that have finished being transfered, and returns the number of bytes left in the current transfer block - virtual size_t TransferTo2(BufferedTransformation &target, lword &byteCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) =0; - //! upon return, begin contains the start position of data yet to be finished copying, and returns the number of bytes left in the current transfer block - virtual size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const =0; - //! upon return, messageCount contains number of messages that have finished being transfered, and returns the number of bytes left in the current transfer block - size_t TransferMessagesTo2(BufferedTransformation &target, unsigned int &messageCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - //! returns the number of bytes left in the current transfer block - size_t TransferAllTo2(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - //@} - - //! \name CHANNELS - //@{ - struct NoChannelSupport : public NotImplemented - {NoChannelSupport(const std::string &name) : NotImplemented(name + ": this object doesn't support multiple channels") {}}; - struct InvalidChannelName : public InvalidArgument - {InvalidChannelName(const std::string &name, const std::string &channel) : InvalidArgument(name + ": unexpected channel name \"" + channel + "\"") {}}; - - size_t ChannelPut(const std::string &channel, byte inByte, bool blocking=true) - {return ChannelPut(channel, &inByte, 1, blocking);} - size_t ChannelPut(const std::string &channel, const byte *inString, size_t length, bool blocking=true) - {return ChannelPut2(channel, inString, length, 0, blocking);} - - size_t ChannelPutModifiable(const std::string &channel, byte *inString, size_t length, bool blocking=true) - {return ChannelPutModifiable2(channel, inString, length, 0, blocking);} - - size_t ChannelPutWord16(const std::string &channel, word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); - size_t ChannelPutWord32(const std::string &channel, word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); - - bool ChannelMessageEnd(const std::string &channel, int propagation=-1, bool blocking=true) - {return !!ChannelPut2(channel, NULL, 0, propagation < 0 ? -1 : propagation+1, blocking);} - size_t ChannelPutMessageEnd(const std::string &channel, const byte *inString, size_t length, int propagation=-1, bool blocking=true) - {return ChannelPut2(channel, inString, length, propagation < 0 ? -1 : propagation+1, blocking);} - - virtual byte * ChannelCreatePutSpace(const std::string &channel, size_t &size); - - virtual size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); - virtual size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking); - - virtual bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true); - virtual bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true); - - virtual void SetRetrievalChannel(const std::string &channel); - //@} - - //! \name ATTACHMENT - /*! Some BufferedTransformation objects (e.g. Filter objects) - allow other BufferedTransformation objects to be attached. When - this is done, the first object instead of buffering its output, - sents that output to the attached object as input. The entire - attachment chain is deleted when the anchor object is destructed. - */ - //@{ - //! returns whether this object allows attachment - virtual bool Attachable() {return false;} - //! returns the object immediately attached to this object or NULL for no attachment - virtual BufferedTransformation *AttachedTransformation() {assert(!Attachable()); return 0;} - //! - virtual const BufferedTransformation *AttachedTransformation() const - {return const_cast<BufferedTransformation *>(this)->AttachedTransformation();} - //! delete the current attachment chain and replace it with newAttachment - virtual void Detach(BufferedTransformation *newAttachment = 0) - {assert(!Attachable()); throw NotImplemented("BufferedTransformation: this object is not attachable");} - //! add newAttachment to the end of attachment chain - virtual void Attach(BufferedTransformation *newAttachment); - //@} - -protected: - static int DecrementPropagation(int propagation) - {return propagation != 0 ? propagation - 1 : 0;} - -private: - byte m_buf[4]; // for ChannelPutWord16 and ChannelPutWord32, to ensure buffer isn't deallocated before non-blocking operation completes -}; - -//! returns a reference to a BufferedTransformation object that discards all input -BufferedTransformation & TheBitBucket(); - -//! interface for crypto material, such as public and private keys, and crypto parameters - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoMaterial : public NameValuePairs -{ -public: - //! exception thrown when invalid crypto material is detected - class CRYPTOPP_DLL InvalidMaterial : public InvalidDataFormat - { - public: - explicit InvalidMaterial(const std::string &s) : InvalidDataFormat(s) {} - }; - - //! assign values from source to this object - /*! \note This function can be used to create a public key from a private key. */ - virtual void AssignFrom(const NameValuePairs &source) =0; - - //! check this object for errors - /*! \param level denotes the level of thoroughness: - 0 - using this object won't cause a crash or exception (rng is ignored) - 1 - this object will probably function (encrypt, sign, etc.) correctly (but may not check for weak keys and such) - 2 - make sure this object will function correctly, and do reasonable security checks - 3 - do checks that may take a long time - \return true if the tests pass */ - virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0; - - //! throws InvalidMaterial if this object fails Validate() test - virtual void ThrowIfInvalid(RandomNumberGenerator &rng, unsigned int level) const - {if (!Validate(rng, level)) throw InvalidMaterial("CryptoMaterial: this object contains invalid values");} - -// virtual std::vector<std::string> GetSupportedFormats(bool includeSaveOnly=false, bool includeLoadOnly=false); - - //! save key into a BufferedTransformation - virtual void Save(BufferedTransformation &bt) const - {throw NotImplemented("CryptoMaterial: this object does not support saving");} - - //! load key from a BufferedTransformation - /*! \throws KeyingErr if decode fails - \note Generally does not check that the key is valid. - Call ValidateKey() or ThrowIfInvalidKey() to check that. */ - virtual void Load(BufferedTransformation &bt) - {throw NotImplemented("CryptoMaterial: this object does not support loading");} - - //! \return whether this object supports precomputation - virtual bool SupportsPrecomputation() const {return false;} - //! do precomputation - /*! The exact semantics of Precompute() is varies, but - typically it means calculate a table of n objects - that can be used later to speed up computation. */ - virtual void Precompute(unsigned int n) - {assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");} - //! retrieve previously saved precomputation - virtual void LoadPrecomputation(BufferedTransformation &storedPrecomputation) - {assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");} - //! save precomputation for later use - virtual void SavePrecomputation(BufferedTransformation &storedPrecomputation) const - {assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");} - - // for internal library use - void DoQuickSanityCheck() const {ThrowIfInvalid(NullRNG(), 0);} - -#if (defined(__SUNPRO_CC) && __SUNPRO_CC < 0x590) - // Sun Studio 11/CC 5.8 workaround: it generates incorrect code when casting to an empty virtual base class - char m_sunCCworkaround; -#endif -}; - -//! interface for generatable crypto material, such as private keys and crypto parameters - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GeneratableCryptoMaterial : virtual public CryptoMaterial -{ -public: - //! generate a random key or crypto parameters - /*! \throws KeyingErr if algorithm parameters are invalid, or if a key can't be generated - (e.g., if this is a public key object) */ - virtual void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs) - {throw NotImplemented("GeneratableCryptoMaterial: this object does not support key/parameter generation");} - - //! calls the above function with a NameValuePairs object that just specifies "KeySize" - void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize); -}; - -//! interface for public keys - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKey : virtual public CryptoMaterial -{ -}; - -//! interface for private keys - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKey : public GeneratableCryptoMaterial -{ -}; - -//! interface for crypto prameters - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoParameters : public GeneratableCryptoMaterial -{ -}; - -//! interface for asymmetric algorithms - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AsymmetricAlgorithm : public Algorithm -{ -public: - //! returns a reference to the crypto material used by this object - virtual CryptoMaterial & AccessMaterial() =0; - //! returns a const reference to the crypto material used by this object - virtual const CryptoMaterial & GetMaterial() const =0; - - //! for backwards compatibility, calls AccessMaterial().Load(bt) - void BERDecode(BufferedTransformation &bt) - {AccessMaterial().Load(bt);} - //! for backwards compatibility, calls GetMaterial().Save(bt) - void DEREncode(BufferedTransformation &bt) const - {GetMaterial().Save(bt);} -}; - -//! interface for asymmetric algorithms using public keys - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKeyAlgorithm : public AsymmetricAlgorithm -{ -public: - // VC60 workaround: no co-variant return type - CryptoMaterial & AccessMaterial() {return AccessPublicKey();} - const CryptoMaterial & GetMaterial() const {return GetPublicKey();} - - virtual PublicKey & AccessPublicKey() =0; - virtual const PublicKey & GetPublicKey() const {return const_cast<PublicKeyAlgorithm *>(this)->AccessPublicKey();} -}; - -//! interface for asymmetric algorithms using private keys - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKeyAlgorithm : public AsymmetricAlgorithm -{ -public: - CryptoMaterial & AccessMaterial() {return AccessPrivateKey();} - const CryptoMaterial & GetMaterial() const {return GetPrivateKey();} - - virtual PrivateKey & AccessPrivateKey() =0; - virtual const PrivateKey & GetPrivateKey() const {return const_cast<PrivateKeyAlgorithm *>(this)->AccessPrivateKey();} -}; - -//! interface for key agreement algorithms - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE KeyAgreementAlgorithm : public AsymmetricAlgorithm -{ -public: - CryptoMaterial & AccessMaterial() {return AccessCryptoParameters();} - const CryptoMaterial & GetMaterial() const {return GetCryptoParameters();} - - virtual CryptoParameters & AccessCryptoParameters() =0; - virtual const CryptoParameters & GetCryptoParameters() const {return const_cast<KeyAgreementAlgorithm *>(this)->AccessCryptoParameters();} -}; - -//! interface for public-key encryptors and decryptors - -/*! This class provides an interface common to encryptors and decryptors - for querying their plaintext and ciphertext lengths. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_CryptoSystem -{ -public: - virtual ~PK_CryptoSystem() {} - - //! maximum length of plaintext for a given ciphertext length - /*! \note This function returns 0 if ciphertextLength is not valid (too long or too short). */ - virtual size_t MaxPlaintextLength(size_t ciphertextLength) const =0; - - //! calculate length of ciphertext given length of plaintext - /*! \note This function returns 0 if plaintextLength is not valid (too long). */ - virtual size_t CiphertextLength(size_t plaintextLength) const =0; - - //! this object supports the use of the parameter with the given name - /*! some possible parameter names: EncodingParameters, KeyDerivationParameters */ - virtual bool ParameterSupported(const char *name) const =0; - - //! return fixed ciphertext length, if one exists, otherwise return 0 - /*! \note "Fixed" here means length of ciphertext does not depend on length of plaintext. - It usually does depend on the key length. */ - virtual size_t FixedCiphertextLength() const {return 0;} - - //! return maximum plaintext length given the fixed ciphertext length, if one exists, otherwise return 0 - virtual size_t FixedMaxPlaintextLength() const {return 0;} - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - size_t MaxPlainTextLength(size_t cipherTextLength) const {return MaxPlaintextLength(cipherTextLength);} - size_t CipherTextLength(size_t plainTextLength) const {return CiphertextLength(plainTextLength);} -#endif -}; - -//! interface for public-key encryptors -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Encryptor : public PK_CryptoSystem, public PublicKeyAlgorithm -{ -public: - //! exception thrown when trying to encrypt plaintext of invalid length - class CRYPTOPP_DLL InvalidPlaintextLength : public Exception - { - public: - InvalidPlaintextLength() : Exception(OTHER_ERROR, "PK_Encryptor: invalid plaintext length") {} - }; - - //! encrypt a byte string - /*! \pre CiphertextLength(plaintextLength) != 0 (i.e., plaintext isn't too long) - \pre size of ciphertext == CiphertextLength(plaintextLength) - */ - virtual void Encrypt(RandomNumberGenerator &rng, - const byte *plaintext, size_t plaintextLength, - byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0; - - //! create a new encryption filter - /*! \note The caller is responsible for deleting the returned pointer. - \note Encoding parameters should be passed in the "EP" channel. - */ - virtual BufferedTransformation * CreateEncryptionFilter(RandomNumberGenerator &rng, - BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const; -}; - -//! interface for public-key decryptors - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Decryptor : public PK_CryptoSystem, public PrivateKeyAlgorithm -{ -public: - //! decrypt a byte string, and return the length of plaintext - /*! \pre size of plaintext == MaxPlaintextLength(ciphertextLength) bytes. - \return the actual length of the plaintext, indication that decryption failed. - */ - virtual DecodingResult Decrypt(RandomNumberGenerator &rng, - const byte *ciphertext, size_t ciphertextLength, - byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0; - - //! create a new decryption filter - /*! \note caller is responsible for deleting the returned pointer - */ - virtual BufferedTransformation * CreateDecryptionFilter(RandomNumberGenerator &rng, - BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const; - - //! decrypt a fixed size ciphertext - DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *ciphertext, byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const - {return Decrypt(rng, ciphertext, FixedCiphertextLength(), plaintext, parameters);} -}; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY -typedef PK_CryptoSystem PK_FixedLengthCryptoSystem; -typedef PK_Encryptor PK_FixedLengthEncryptor; -typedef PK_Decryptor PK_FixedLengthDecryptor; -#endif - -//! interface for public-key signers and verifiers - -/*! This class provides an interface common to signers and verifiers - for querying scheme properties. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_SignatureScheme -{ -public: - //! invalid key exception, may be thrown by any function in this class if the private or public key has a length that can't be used - class CRYPTOPP_DLL InvalidKeyLength : public Exception - { - public: - InvalidKeyLength(const std::string &message) : Exception(OTHER_ERROR, message) {} - }; - - //! key too short exception, may be thrown by any function in this class if the private or public key is too short to sign or verify anything - class CRYPTOPP_DLL KeyTooShort : public InvalidKeyLength - { - public: - KeyTooShort() : InvalidKeyLength("PK_Signer: key too short for this signature scheme") {} - }; - - virtual ~PK_SignatureScheme() {} - - //! signature length if it only depends on the key, otherwise 0 - virtual size_t SignatureLength() const =0; - - //! maximum signature length produced for a given length of recoverable message part - virtual size_t MaxSignatureLength(size_t recoverablePartLength = 0) const {return SignatureLength();} - - //! length of longest message that can be recovered, or 0 if this signature scheme does not support message recovery - virtual size_t MaxRecoverableLength() const =0; - - //! length of longest message that can be recovered from a signature of given length, or 0 if this signature scheme does not support message recovery - virtual size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const =0; - - //! requires a random number generator to sign - /*! if this returns false, NullRNG() can be passed to functions that take RandomNumberGenerator & */ - virtual bool IsProbabilistic() const =0; - - //! whether or not a non-recoverable message part can be signed - virtual bool AllowNonrecoverablePart() const =0; - - //! if this function returns true, during verification you must input the signature before the message, otherwise you can input it at anytime */ - virtual bool SignatureUpfront() const {return false;} - - //! whether you must input the recoverable part before the non-recoverable part during signing - virtual bool RecoverablePartFirst() const =0; -}; - -//! interface for accumulating messages to be signed or verified -/*! Only Update() should be called - on this class. No other functions inherited from HashTransformation should be called. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_MessageAccumulator : public HashTransformation -{ -public: - //! should not be called on PK_MessageAccumulator - unsigned int DigestSize() const - {throw NotImplemented("PK_MessageAccumulator: DigestSize() should not be called");} - //! should not be called on PK_MessageAccumulator - void TruncatedFinal(byte *digest, size_t digestSize) - {throw NotImplemented("PK_MessageAccumulator: TruncatedFinal() should not be called");} -}; - -//! interface for public-key signers - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Signer : public PK_SignatureScheme, public PrivateKeyAlgorithm -{ -public: - //! create a new HashTransformation to accumulate the message to be signed - virtual PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const =0; - - virtual void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const =0; - - //! sign and delete messageAccumulator (even in case of exception thrown) - /*! \pre size of signature == MaxSignatureLength() - \return actual signature length - */ - virtual size_t Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const; - - //! sign and restart messageAccumulator - /*! \pre size of signature == MaxSignatureLength() - \return actual signature length - */ - virtual size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const =0; - - //! sign a message - /*! \pre size of signature == MaxSignatureLength() - \return actual signature length - */ - virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const; - - //! sign a recoverable message - /*! \pre size of signature == MaxSignatureLength(recoverableMessageLength) - \return actual signature length - */ - virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, - const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const; -}; - -//! interface for public-key signature verifiers -/*! The Recover* functions throw NotImplemented if the signature scheme does not support - message recovery. - The Verify* functions throw InvalidDataFormat if the scheme does support message - recovery and the signature contains a non-empty recoverable message part. The - Recovery* functions should be used in that case. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Verifier : public PK_SignatureScheme, public PublicKeyAlgorithm -{ -public: - //! create a new HashTransformation to accumulate the message to be verified - virtual PK_MessageAccumulator * NewVerificationAccumulator() const =0; - - //! input signature into a message accumulator - virtual void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const =0; - - //! check whether messageAccumulator contains a valid signature and message, and delete messageAccumulator (even in case of exception thrown) - virtual bool Verify(PK_MessageAccumulator *messageAccumulator) const; - - //! check whether messageAccumulator contains a valid signature and message, and restart messageAccumulator - virtual bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const =0; - - //! check whether input signature is a valid signature for input message - virtual bool VerifyMessage(const byte *message, size_t messageLen, - const byte *signature, size_t signatureLength) const; - - //! recover a message from its signature - /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength) - */ - virtual DecodingResult Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const; - - //! recover a message from its signature - /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength) - */ - virtual DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const =0; - - //! recover a message from its signature - /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength) - */ - virtual DecodingResult RecoverMessage(byte *recoveredMessage, - const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, - const byte *signature, size_t signatureLength) const; -}; - -//! interface for domains of simple key agreement protocols - -/*! A key agreement domain is a set of parameters that must be shared - by two parties in a key agreement protocol, along with the algorithms - for generating key pairs and deriving agreed values. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyAgreementDomain : public KeyAgreementAlgorithm -{ -public: - //! return length of agreed value produced - virtual unsigned int AgreedValueLength() const =0; - //! return length of private keys in this domain - virtual unsigned int PrivateKeyLength() const =0; - //! return length of public keys in this domain - virtual unsigned int PublicKeyLength() const =0; - //! generate private key - /*! \pre size of privateKey == PrivateKeyLength() */ - virtual void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0; - //! generate public key - /*! \pre size of publicKey == PublicKeyLength() */ - virtual void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0; - //! generate private/public key pair - /*! \note equivalent to calling GeneratePrivateKey() and then GeneratePublicKey() */ - virtual void GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const; - //! derive agreed value from your private key and couterparty's public key, return false in case of failure - /*! \note If you have previously validated the public key, use validateOtherPublicKey=false to save time. - \pre size of agreedValue == AgreedValueLength() - \pre length of privateKey == PrivateKeyLength() - \pre length of otherPublicKey == PublicKeyLength() - */ - virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - bool ValidateDomainParameters(RandomNumberGenerator &rng) const - {return GetCryptoParameters().Validate(rng, 2);} -#endif -}; - -//! interface for domains of authenticated key agreement protocols - -/*! In an authenticated key agreement protocol, each party has two - key pairs. The long-lived key pair is called the static key pair, - and the short-lived key pair is called the ephemeral key pair. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedKeyAgreementDomain : public KeyAgreementAlgorithm -{ -public: - //! return length of agreed value produced - virtual unsigned int AgreedValueLength() const =0; - - //! return length of static private keys in this domain - virtual unsigned int StaticPrivateKeyLength() const =0; - //! return length of static public keys in this domain - virtual unsigned int StaticPublicKeyLength() const =0; - //! generate static private key - /*! \pre size of privateKey == PrivateStaticKeyLength() */ - virtual void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0; - //! generate static public key - /*! \pre size of publicKey == PublicStaticKeyLength() */ - virtual void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0; - //! generate private/public key pair - /*! \note equivalent to calling GenerateStaticPrivateKey() and then GenerateStaticPublicKey() */ - virtual void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const; - - //! return length of ephemeral private keys in this domain - virtual unsigned int EphemeralPrivateKeyLength() const =0; - //! return length of ephemeral public keys in this domain - virtual unsigned int EphemeralPublicKeyLength() const =0; - //! generate ephemeral private key - /*! \pre size of privateKey == PrivateEphemeralKeyLength() */ - virtual void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0; - //! generate ephemeral public key - /*! \pre size of publicKey == PublicEphemeralKeyLength() */ - virtual void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0; - //! generate private/public key pair - /*! \note equivalent to calling GenerateEphemeralPrivateKey() and then GenerateEphemeralPublicKey() */ - virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const; - - //! derive agreed value from your private keys and couterparty's public keys, return false in case of failure - /*! \note The ephemeral public key will always be validated. - If you have previously validated the static public key, use validateStaticOtherPublicKey=false to save time. - \pre size of agreedValue == AgreedValueLength() - \pre length of staticPrivateKey == StaticPrivateKeyLength() - \pre length of ephemeralPrivateKey == EphemeralPrivateKeyLength() - \pre length of staticOtherPublicKey == StaticPublicKeyLength() - \pre length of ephemeralOtherPublicKey == EphemeralPublicKeyLength() - */ - virtual bool Agree(byte *agreedValue, - const byte *staticPrivateKey, const byte *ephemeralPrivateKey, - const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, - bool validateStaticOtherPublicKey=true) const =0; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - bool ValidateDomainParameters(RandomNumberGenerator &rng) const - {return GetCryptoParameters().Validate(rng, 2);} -#endif -}; - -// interface for password authenticated key agreement protocols, not implemented yet -#if 0 -//! interface for protocol sessions -/*! The methods should be called in the following order: - - InitializeSession(rng, parameters); // or call initialize method in derived class - while (true) - { - if (OutgoingMessageAvailable()) - { - length = GetOutgoingMessageLength(); - GetOutgoingMessage(message); - ; // send outgoing message - } - - if (LastMessageProcessed()) - break; - - ; // receive incoming message - ProcessIncomingMessage(message); - } - ; // call methods in derived class to obtain result of protocol session -*/ -class ProtocolSession -{ -public: - //! exception thrown when an invalid protocol message is processed - class ProtocolError : public Exception - { - public: - ProtocolError(ErrorType errorType, const std::string &s) : Exception(errorType, s) {} - }; - - //! exception thrown when a function is called unexpectedly - /*! for example calling ProcessIncomingMessage() when ProcessedLastMessage() == true */ - class UnexpectedMethodCall : public Exception - { - public: - UnexpectedMethodCall(const std::string &s) : Exception(OTHER_ERROR, s) {} - }; - - ProtocolSession() : m_rng(NULL), m_throwOnProtocolError(true), m_validState(false) {} - virtual ~ProtocolSession() {} - - virtual void InitializeSession(RandomNumberGenerator &rng, const NameValuePairs ¶meters) =0; - - bool GetThrowOnProtocolError() const {return m_throwOnProtocolError;} - void SetThrowOnProtocolError(bool throwOnProtocolError) {m_throwOnProtocolError = throwOnProtocolError;} - - bool HasValidState() const {return m_validState;} - - virtual bool OutgoingMessageAvailable() const =0; - virtual unsigned int GetOutgoingMessageLength() const =0; - virtual void GetOutgoingMessage(byte *message) =0; - - virtual bool LastMessageProcessed() const =0; - virtual void ProcessIncomingMessage(const byte *message, unsigned int messageLength) =0; - -protected: - void HandleProtocolError(Exception::ErrorType errorType, const std::string &s) const; - void CheckAndHandleInvalidState() const; - void SetValidState(bool valid) {m_validState = valid;} - - RandomNumberGenerator *m_rng; - -private: - bool m_throwOnProtocolError, m_validState; -}; - -class KeyAgreementSession : public ProtocolSession -{ -public: - virtual unsigned int GetAgreedValueLength() const =0; - virtual void GetAgreedValue(byte *agreedValue) const =0; -}; - -class PasswordAuthenticatedKeyAgreementSession : public KeyAgreementSession -{ -public: - void InitializePasswordAuthenticatedKeyAgreementSession(RandomNumberGenerator &rng, - const byte *myId, unsigned int myIdLength, - const byte *counterPartyId, unsigned int counterPartyIdLength, - const byte *passwordOrVerifier, unsigned int passwordOrVerifierLength); -}; - -class PasswordAuthenticatedKeyAgreementDomain : public KeyAgreementAlgorithm -{ -public: - //! return whether the domain parameters stored in this object are valid - virtual bool ValidateDomainParameters(RandomNumberGenerator &rng) const - {return GetCryptoParameters().Validate(rng, 2);} - - virtual unsigned int GetPasswordVerifierLength(const byte *password, unsigned int passwordLength) const =0; - virtual void GeneratePasswordVerifier(RandomNumberGenerator &rng, const byte *userId, unsigned int userIdLength, const byte *password, unsigned int passwordLength, byte *verifier) const =0; - - enum RoleFlags {CLIENT=1, SERVER=2, INITIATOR=4, RESPONDER=8}; - - virtual bool IsValidRole(unsigned int role) =0; - virtual PasswordAuthenticatedKeyAgreementSession * CreateProtocolSession(unsigned int role) const =0; -}; -#endif - -//! BER Decode Exception Class, may be thrown during an ASN1 BER decode operation -class CRYPTOPP_DLL BERDecodeErr : public InvalidArgument -{ -public: - BERDecodeErr() : InvalidArgument("BER decode error") {} - BERDecodeErr(const std::string &s) : InvalidArgument(s) {} -}; - -//! interface for encoding and decoding ASN1 objects -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ASN1Object -{ -public: - virtual ~ASN1Object() {} - //! decode this object from a BufferedTransformation, using BER (Basic Encoding Rules) - virtual void BERDecode(BufferedTransformation &bt) =0; - //! encode this object into a BufferedTransformation, using DER (Distinguished Encoding Rules) - virtual void DEREncode(BufferedTransformation &bt) const =0; - //! encode this object into a BufferedTransformation, using BER - /*! this may be useful if DEREncode() would be too inefficient */ - virtual void BEREncode(BufferedTransformation &bt) const {DEREncode(bt);} -}; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY -typedef PK_SignatureScheme PK_SignatureSystem; -typedef SimpleKeyAgreementDomain PK_SimpleKeyAgreementDomain; -typedef AuthenticatedKeyAgreementDomain PK_AuthenticatedKeyAgreementDomain; -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cryptlib_bds.cpp b/cryptopp562/cryptlib_bds.cpp deleted file mode 100644 index 7724a9f..0000000 --- a/cryptopp562/cryptlib_bds.cpp +++ /dev/null @@ -1,10 +0,0 @@ -//--------------------------------------------------------------------------- - -/* -#include <vcl.h> -#pragma hdrstop -*/ -#define Library - -// To add a file to the library use the Project menu 'Add to Project'. - diff --git a/cryptopp562/datatest.cpp b/cryptopp562/datatest.cpp deleted file mode 100644 index 7a1a9cf..0000000 --- a/cryptopp562/datatest.cpp +++ /dev/null @@ -1,757 +0,0 @@ -#include "factory.h" -#include "integer.h" -#include "filters.h" -#include "hex.h" -#include "randpool.h" -#include "files.h" -#include "trunhash.h" -#include "queue.h" -#include "validate.h" -#include <iostream> -#include <memory> - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -typedef std::map<std::string, std::string> TestData; -static bool s_thorough; - -class TestFailure : public Exception -{ -public: - TestFailure() : Exception(OTHER_ERROR, "Validation test failed") {} -}; - -static const TestData *s_currentTestData = NULL; - -static void OutputTestData(const TestData &v) -{ - for (TestData::const_iterator i = v.begin(); i != v.end(); ++i) - { - cerr << i->first << ": " << i->second << endl; - } -} - -static void SignalTestFailure() -{ - OutputTestData(*s_currentTestData); - throw TestFailure(); -} - -static void SignalTestError() -{ - OutputTestData(*s_currentTestData); - throw Exception(Exception::OTHER_ERROR, "Unexpected error during validation test"); -} - -bool DataExists(const TestData &data, const char *name) -{ - TestData::const_iterator i = data.find(name); - return (i != data.end()); -} - -const std::string & GetRequiredDatum(const TestData &data, const char *name) -{ - TestData::const_iterator i = data.find(name); - if (i == data.end()) - SignalTestError(); - return i->second; -} - -void RandomizedTransfer(BufferedTransformation &source, BufferedTransformation &target, bool finish, const std::string &channel=DEFAULT_CHANNEL) -{ - while (source.MaxRetrievable() > (finish ? 0 : 4096)) - { - byte buf[4096+64]; - size_t start = GlobalRNG().GenerateWord32(0, 63); - size_t len = GlobalRNG().GenerateWord32(1, UnsignedMin(4096U, 3*source.MaxRetrievable()/2)); - len = source.Get(buf+start, len); - target.ChannelPut(channel, buf+start, len); - } -} - -void PutDecodedDatumInto(const TestData &data, const char *name, BufferedTransformation &target) -{ - std::string s1 = GetRequiredDatum(data, name), s2; - ByteQueue q; - - while (!s1.empty()) - { - while (s1[0] == ' ') - { - s1 = s1.substr(1); - if (s1.empty()) - goto end; // avoid invalid read if s1 is empty - } - - int repeat = 1; - if (s1[0] == 'r') - { - repeat = atoi(s1.c_str()+1); - s1 = s1.substr(s1.find(' ')+1); - } - - s2 = ""; // MSVC 6 doesn't have clear(); - - if (s1[0] == '\"') - { - s2 = s1.substr(1, s1.find('\"', 1)-1); - s1 = s1.substr(s2.length() + 2); - } - else if (s1.substr(0, 2) == "0x") - { - StringSource(s1.substr(2, s1.find(' ')), true, new HexDecoder(new StringSink(s2))); - s1 = s1.substr(STDMIN(s1.find(' '), s1.length())); - } - else - { - StringSource(s1.substr(0, s1.find(' ')), true, new HexDecoder(new StringSink(s2))); - s1 = s1.substr(STDMIN(s1.find(' '), s1.length())); - } - - while (repeat--) - { - q.Put((const byte *)s2.data(), s2.size()); - RandomizedTransfer(q, target, false); - } - } - -end: - RandomizedTransfer(q, target, true); -} - -std::string GetDecodedDatum(const TestData &data, const char *name) -{ - std::string s; - PutDecodedDatumInto(data, name, StringSink(s).Ref()); - return s; -} - -std::string GetOptionalDecodedDatum(const TestData &data, const char *name) -{ - std::string s; - if (DataExists(data, name)) - PutDecodedDatumInto(data, name, StringSink(s).Ref()); - return s; -} - -class TestDataNameValuePairs : public NameValuePairs -{ -public: - TestDataNameValuePairs(const TestData &data) : m_data(data) {} - - virtual bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - TestData::const_iterator i = m_data.find(name); - if (i == m_data.end()) - { - if (std::string(name) == Name::DigestSize() && valueType == typeid(int)) - { - i = m_data.find("MAC"); - if (i == m_data.end()) - i = m_data.find("Digest"); - if (i == m_data.end()) - return false; - - m_temp.resize(0); - PutDecodedDatumInto(m_data, i->first.c_str(), StringSink(m_temp).Ref()); - *reinterpret_cast<int *>(pValue) = (int)m_temp.size(); - return true; - } - else - return false; - } - - const std::string &value = i->second; - - if (valueType == typeid(int)) - *reinterpret_cast<int *>(pValue) = atoi(value.c_str()); - else if (valueType == typeid(Integer)) - *reinterpret_cast<Integer *>(pValue) = Integer((std::string(value) + "h").c_str()); - else if (valueType == typeid(ConstByteArrayParameter)) - { - m_temp.resize(0); - PutDecodedDatumInto(m_data, name, StringSink(m_temp).Ref()); - reinterpret_cast<ConstByteArrayParameter *>(pValue)->Assign((const byte *)m_temp.data(), m_temp.size(), false); - } - else - throw ValueTypeMismatch(name, typeid(std::string), valueType); - - return true; - } - -private: - const TestData &m_data; - mutable std::string m_temp; -}; - -void TestKeyPairValidAndConsistent(CryptoMaterial &pub, const CryptoMaterial &priv) -{ - if (!pub.Validate(GlobalRNG(), 2+s_thorough)) - SignalTestFailure(); - if (!priv.Validate(GlobalRNG(), 2+s_thorough)) - SignalTestFailure(); - - ByteQueue bq1, bq2; - pub.Save(bq1); - pub.AssignFrom(priv); - pub.Save(bq2); - if (bq1 != bq2) - SignalTestFailure(); -} - -void TestSignatureScheme(TestData &v) -{ - std::string name = GetRequiredDatum(v, "Name"); - std::string test = GetRequiredDatum(v, "Test"); - - std::auto_ptr<PK_Signer> signer(ObjectFactoryRegistry<PK_Signer>::Registry().CreateObject(name.c_str())); - std::auto_ptr<PK_Verifier> verifier(ObjectFactoryRegistry<PK_Verifier>::Registry().CreateObject(name.c_str())); - - TestDataNameValuePairs pairs(v); - - if (test == "GenerateKey") - { - signer->AccessPrivateKey().GenerateRandom(GlobalRNG(), pairs); - verifier->AccessPublicKey().AssignFrom(signer->AccessPrivateKey()); - } - else - { - std::string keyFormat = GetRequiredDatum(v, "KeyFormat"); - - if (keyFormat == "DER") - verifier->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PublicKey")).Ref()); - else if (keyFormat == "Component") - verifier->AccessMaterial().AssignFrom(pairs); - - if (test == "Verify" || test == "NotVerify") - { - VerifierFilter verifierFilter(*verifier, NULL, VerifierFilter::SIGNATURE_AT_BEGIN); - PutDecodedDatumInto(v, "Signature", verifierFilter); - PutDecodedDatumInto(v, "Message", verifierFilter); - verifierFilter.MessageEnd(); - if (verifierFilter.GetLastResult() == (test == "NotVerify")) - SignalTestFailure(); - return; - } - else if (test == "PublicKeyValid") - { - if (!verifier->GetMaterial().Validate(GlobalRNG(), 3)) - SignalTestFailure(); - return; - } - - if (keyFormat == "DER") - signer->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PrivateKey")).Ref()); - else if (keyFormat == "Component") - signer->AccessMaterial().AssignFrom(pairs); - } - - if (test == "GenerateKey" || test == "KeyPairValidAndConsistent") - { - TestKeyPairValidAndConsistent(verifier->AccessMaterial(), signer->GetMaterial()); - VerifierFilter verifierFilter(*verifier, NULL, VerifierFilter::THROW_EXCEPTION); - verifierFilter.Put((const byte *)"abc", 3); - StringSource ss("abc", true, new SignerFilter(GlobalRNG(), *signer, new Redirector(verifierFilter))); - } - else if (test == "Sign") - { - SignerFilter f(GlobalRNG(), *signer, new HexEncoder(new FileSink(cout))); - StringSource ss(GetDecodedDatum(v, "Message"), true, new Redirector(f)); - SignalTestFailure(); - } - else if (test == "DeterministicSign") - { - SignalTestError(); - assert(false); // TODO: implement - } - else if (test == "RandomSign") - { - SignalTestError(); - assert(false); // TODO: implement - } - else - { - SignalTestError(); - assert(false); - } -} - -void TestAsymmetricCipher(TestData &v) -{ - std::string name = GetRequiredDatum(v, "Name"); - std::string test = GetRequiredDatum(v, "Test"); - - std::auto_ptr<PK_Encryptor> encryptor(ObjectFactoryRegistry<PK_Encryptor>::Registry().CreateObject(name.c_str())); - std::auto_ptr<PK_Decryptor> decryptor(ObjectFactoryRegistry<PK_Decryptor>::Registry().CreateObject(name.c_str())); - - std::string keyFormat = GetRequiredDatum(v, "KeyFormat"); - - if (keyFormat == "DER") - { - decryptor->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PrivateKey")).Ref()); - encryptor->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PublicKey")).Ref()); - } - else if (keyFormat == "Component") - { - TestDataNameValuePairs pairs(v); - decryptor->AccessMaterial().AssignFrom(pairs); - encryptor->AccessMaterial().AssignFrom(pairs); - } - - if (test == "DecryptMatch") - { - std::string decrypted, expected = GetDecodedDatum(v, "Plaintext"); - StringSource ss(GetDecodedDatum(v, "Ciphertext"), true, new PK_DecryptorFilter(GlobalRNG(), *decryptor, new StringSink(decrypted))); - if (decrypted != expected) - SignalTestFailure(); - } - else if (test == "KeyPairValidAndConsistent") - { - TestKeyPairValidAndConsistent(encryptor->AccessMaterial(), decryptor->GetMaterial()); - } - else - { - SignalTestError(); - assert(false); - } -} - -void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters) -{ - std::string name = GetRequiredDatum(v, "Name"); - std::string test = GetRequiredDatum(v, "Test"); - - std::string key = GetDecodedDatum(v, "Key"); - std::string plaintext = GetDecodedDatum(v, "Plaintext"); - - TestDataNameValuePairs testDataPairs(v); - CombinedNameValuePairs pairs(overrideParameters, testDataPairs); - - if (test == "Encrypt" || test == "EncryptXorDigest" || test == "Resync" || test == "EncryptionMCT" || test == "DecryptionMCT") - { - static member_ptr<SymmetricCipher> encryptor, decryptor; - static std::string lastName; - - if (name != lastName) - { - encryptor.reset(ObjectFactoryRegistry<SymmetricCipher, ENCRYPTION>::Registry().CreateObject(name.c_str())); - decryptor.reset(ObjectFactoryRegistry<SymmetricCipher, DECRYPTION>::Registry().CreateObject(name.c_str())); - lastName = name; - } - - ConstByteArrayParameter iv; - if (pairs.GetValue(Name::IV(), iv) && iv.size() != encryptor->IVSize()) - SignalTestFailure(); - - if (test == "Resync") - { - encryptor->Resynchronize(iv.begin(), (int)iv.size()); - decryptor->Resynchronize(iv.begin(), (int)iv.size()); - } - else - { - encryptor->SetKey((const byte *)key.data(), key.size(), pairs); - decryptor->SetKey((const byte *)key.data(), key.size(), pairs); - } - - int seek = pairs.GetIntValueWithDefault("Seek", 0); - if (seek) - { - encryptor->Seek(seek); - decryptor->Seek(seek); - } - - std::string encrypted, xorDigest, ciphertext, ciphertextXorDigest; - if (test == "EncryptionMCT" || test == "DecryptionMCT") - { - SymmetricCipher *cipher = encryptor.get(); - SecByteBlock buf((byte *)plaintext.data(), plaintext.size()), keybuf((byte *)key.data(), key.size()); - - if (test == "DecryptionMCT") - { - cipher = decryptor.get(); - ciphertext = GetDecodedDatum(v, "Ciphertext"); - buf.Assign((byte *)ciphertext.data(), ciphertext.size()); - } - - for (int i=0; i<400; i++) - { - encrypted.reserve(10000 * plaintext.size()); - for (int j=0; j<10000; j++) - { - cipher->ProcessString(buf.begin(), buf.size()); - encrypted.append((char *)buf.begin(), buf.size()); - } - - encrypted.erase(0, encrypted.size() - keybuf.size()); - xorbuf(keybuf.begin(), (const byte *)encrypted.data(), keybuf.size()); - cipher->SetKey(keybuf, keybuf.size()); - } - encrypted.assign((char *)buf.begin(), buf.size()); - ciphertext = GetDecodedDatum(v, test == "EncryptionMCT" ? "Ciphertext" : "Plaintext"); - if (encrypted != ciphertext) - { - std::cout << "incorrectly encrypted: "; - StringSource xx(encrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(256); xx.Flush(false); - std::cout << "\n"; - SignalTestFailure(); - } - return; - } - - StreamTransformationFilter encFilter(*encryptor, new StringSink(encrypted), StreamTransformationFilter::NO_PADDING); - RandomizedTransfer(StringStore(plaintext).Ref(), encFilter, true); - encFilter.MessageEnd(); - /*{ - std::string z; - encryptor->Seek(seek); - StringSource ss(plaintext, false, new StreamTransformationFilter(*encryptor, new StringSink(z), StreamTransformationFilter::NO_PADDING)); - while (ss.Pump(64)) {} - ss.PumpAll(); - for (int i=0; i<z.length(); i++) - assert(encrypted[i] == z[i]); - }*/ - if (test != "EncryptXorDigest") - ciphertext = GetDecodedDatum(v, "Ciphertext"); - else - { - ciphertextXorDigest = GetDecodedDatum(v, "CiphertextXorDigest"); - xorDigest.append(encrypted, 0, 64); - for (size_t i=64; i<encrypted.size(); i++) - xorDigest[i%64] ^= encrypted[i]; - } - if (test != "EncryptXorDigest" ? encrypted != ciphertext : xorDigest != ciphertextXorDigest) - { - std::cout << "incorrectly encrypted: "; - StringSource xx(encrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(2048); xx.Flush(false); - std::cout << "\n"; - SignalTestFailure(); - } - std::string decrypted; - StreamTransformationFilter decFilter(*decryptor, new StringSink(decrypted), StreamTransformationFilter::NO_PADDING); - RandomizedTransfer(StringStore(encrypted).Ref(), decFilter, true); - decFilter.MessageEnd(); - if (decrypted != plaintext) - { - std::cout << "incorrectly decrypted: "; - StringSource xx(decrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(256); xx.Flush(false); - std::cout << "\n"; - SignalTestFailure(); - } - } - else - { - std::cout << "unexpected test name\n"; - SignalTestError(); - } -} - -void TestAuthenticatedSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters) -{ - std::string type = GetRequiredDatum(v, "AlgorithmType"); - std::string name = GetRequiredDatum(v, "Name"); - std::string test = GetRequiredDatum(v, "Test"); - std::string key = GetDecodedDatum(v, "Key"); - - std::string plaintext = GetOptionalDecodedDatum(v, "Plaintext"); - std::string ciphertext = GetOptionalDecodedDatum(v, "Ciphertext"); - std::string header = GetOptionalDecodedDatum(v, "Header"); - std::string footer = GetOptionalDecodedDatum(v, "Footer"); - std::string mac = GetOptionalDecodedDatum(v, "MAC"); - - TestDataNameValuePairs testDataPairs(v); - CombinedNameValuePairs pairs(overrideParameters, testDataPairs); - - if (test == "Encrypt" || test == "EncryptXorDigest" || test == "NotVerify") - { - member_ptr<AuthenticatedSymmetricCipher> asc1, asc2; - asc1.reset(ObjectFactoryRegistry<AuthenticatedSymmetricCipher, ENCRYPTION>::Registry().CreateObject(name.c_str())); - asc2.reset(ObjectFactoryRegistry<AuthenticatedSymmetricCipher, DECRYPTION>::Registry().CreateObject(name.c_str())); - asc1->SetKey((const byte *)key.data(), key.size(), pairs); - asc2->SetKey((const byte *)key.data(), key.size(), pairs); - - std::string encrypted, decrypted; - AuthenticatedEncryptionFilter ef(*asc1, new StringSink(encrypted)); - bool macAtBegin = !mac.empty() && !GlobalRNG().GenerateBit(); // test both ways randomly - AuthenticatedDecryptionFilter df(*asc2, new StringSink(decrypted), macAtBegin ? AuthenticatedDecryptionFilter::MAC_AT_BEGIN : 0); - - if (asc1->NeedsPrespecifiedDataLengths()) - { - asc1->SpecifyDataLengths(header.size(), plaintext.size(), footer.size()); - asc2->SpecifyDataLengths(header.size(), plaintext.size(), footer.size()); - } - - StringStore sh(header), sp(plaintext), sc(ciphertext), sf(footer), sm(mac); - - if (macAtBegin) - RandomizedTransfer(sm, df, true); - sh.CopyTo(df, LWORD_MAX, AAD_CHANNEL); - RandomizedTransfer(sc, df, true); - sf.CopyTo(df, LWORD_MAX, AAD_CHANNEL); - if (!macAtBegin) - RandomizedTransfer(sm, df, true); - df.MessageEnd(); - - RandomizedTransfer(sh, ef, true, AAD_CHANNEL); - RandomizedTransfer(sp, ef, true); - RandomizedTransfer(sf, ef, true, AAD_CHANNEL); - ef.MessageEnd(); - - if (test == "Encrypt" && encrypted != ciphertext+mac) - { - std::cout << "incorrectly encrypted: "; - StringSource xx(encrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(2048); xx.Flush(false); - std::cout << "\n"; - SignalTestFailure(); - } - if (test == "Encrypt" && decrypted != plaintext) - { - std::cout << "incorrectly decrypted: "; - StringSource xx(decrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(256); xx.Flush(false); - std::cout << "\n"; - SignalTestFailure(); - } - - if (ciphertext.size()+mac.size()-plaintext.size() != asc1->DigestSize()) - { - std::cout << "bad MAC size\n"; - SignalTestFailure(); - } - if (df.GetLastResult() != (test == "Encrypt")) - { - std::cout << "MAC incorrectly verified\n"; - SignalTestFailure(); - } - } - else - { - std::cout << "unexpected test name\n"; - SignalTestError(); - } -} - -void TestDigestOrMAC(TestData &v, bool testDigest) -{ - std::string name = GetRequiredDatum(v, "Name"); - std::string test = GetRequiredDatum(v, "Test"); - const char *digestName = testDigest ? "Digest" : "MAC"; - - member_ptr<MessageAuthenticationCode> mac; - member_ptr<HashTransformation> hash; - HashTransformation *pHash = NULL; - - TestDataNameValuePairs pairs(v); - - if (testDigest) - { - hash.reset(ObjectFactoryRegistry<HashTransformation>::Registry().CreateObject(name.c_str())); - pHash = hash.get(); - } - else - { - mac.reset(ObjectFactoryRegistry<MessageAuthenticationCode>::Registry().CreateObject(name.c_str())); - pHash = mac.get(); - std::string key = GetDecodedDatum(v, "Key"); - mac->SetKey((const byte *)key.c_str(), key.size(), pairs); - } - - if (test == "Verify" || test == "VerifyTruncated" || test == "NotVerify") - { - int digestSize = -1; - if (test == "VerifyTruncated") - pairs.GetIntValue(Name::DigestSize(), digestSize); - HashVerificationFilter verifierFilter(*pHash, NULL, HashVerificationFilter::HASH_AT_BEGIN, digestSize); - PutDecodedDatumInto(v, digestName, verifierFilter); - PutDecodedDatumInto(v, "Message", verifierFilter); - verifierFilter.MessageEnd(); - if (verifierFilter.GetLastResult() == (test == "NotVerify")) - SignalTestFailure(); - } - else - { - SignalTestError(); - assert(false); - } -} - -bool GetField(std::istream &is, std::string &name, std::string &value) -{ - name.resize(0); // GCC workaround: 2.95.3 doesn't have clear() - is >> name; - if (name.empty()) - return false; - - if (name[name.size()-1] != ':') - { - char c; - is >> skipws >> c; - if (c != ':') - SignalTestError(); - } - else - name.erase(name.size()-1); - - while (is.peek() == ' ') - is.ignore(1); - - // VC60 workaround: getline bug - char buffer[128]; - value.resize(0); // GCC workaround: 2.95.3 doesn't have clear() - bool continueLine; - - do - { - do - { - is.get(buffer, sizeof(buffer)); - value += buffer; - } - while (buffer[0] != 0); - is.clear(); - is.ignore(); - - if (!value.empty() && value[value.size()-1] == '\r') - value.resize(value.size()-1); - - if (!value.empty() && value[value.size()-1] == '\\') - { - value.resize(value.size()-1); - continueLine = true; - } - else - continueLine = false; - - std::string::size_type i = value.find('#'); - if (i != std::string::npos) - value.erase(i); - } - while (continueLine); - - return true; -} - -void OutputPair(const NameValuePairs &v, const char *name) -{ - Integer x; - bool b = v.GetValue(name, x); - assert(b); - cout << name << ": \\\n "; - x.Encode(HexEncoder(new FileSink(cout), false, 64, "\\\n ").Ref(), x.MinEncodedSize()); - cout << endl; -} - -void OutputNameValuePairs(const NameValuePairs &v) -{ - std::string names = v.GetValueNames(); - string::size_type i = 0; - while (i < names.size()) - { - string::size_type j = names.find_first_of (';', i); - - if (j == string::npos) - return; - else - { - std::string name = names.substr(i, j-i); - if (name.find(':') == string::npos) - OutputPair(v, name.c_str()); - } - - i = j + 1; - } -} - -void TestDataFile(const std::string &filename, const NameValuePairs &overrideParameters, unsigned int &totalTests, unsigned int &failedTests) -{ - std::ifstream file(filename.c_str()); - if (!file.good()) - throw Exception(Exception::OTHER_ERROR, "Can not open file " + filename + " for reading"); - TestData v; - s_currentTestData = &v; - std::string name, value, lastAlgName; - - while (file) - { - while (file.peek() == '#') - file.ignore(INT_MAX, '\n'); - - if (file.peek() == '\n' || file.peek() == '\r') - v.clear(); - - if (!GetField(file, name, value)) - break; - v[name] = value; - - if (name == "Test" && (s_thorough || v["SlowTest"] != "1")) - { - bool failed = true; - std::string algType = GetRequiredDatum(v, "AlgorithmType"); - - if (lastAlgName != GetRequiredDatum(v, "Name")) - { - lastAlgName = GetRequiredDatum(v, "Name"); - cout << "\nTesting " << algType.c_str() << " algorithm " << lastAlgName.c_str() << ".\n"; - } - - try - { - if (algType == "Signature") - TestSignatureScheme(v); - else if (algType == "SymmetricCipher") - TestSymmetricCipher(v, overrideParameters); - else if (algType == "AuthenticatedSymmetricCipher") - TestAuthenticatedSymmetricCipher(v, overrideParameters); - else if (algType == "AsymmetricCipher") - TestAsymmetricCipher(v); - else if (algType == "MessageDigest") - TestDigestOrMAC(v, true); - else if (algType == "MAC") - TestDigestOrMAC(v, false); - else if (algType == "FileList") - TestDataFile(GetRequiredDatum(v, "Test"), g_nullNameValuePairs, totalTests, failedTests); - else - SignalTestError(); - failed = false; - } - catch (TestFailure &) - { - cout << "\nTest failed.\n"; - } - catch (CryptoPP::Exception &e) - { - cout << "\nCryptoPP::Exception caught: " << e.what() << endl; - } - catch (std::exception &e) - { - cout << "\nstd::exception caught: " << e.what() << endl; - } - - if (failed) - { - cout << "Skipping to next test.\n"; - failedTests++; - } - else - cout << "." << flush; - - totalTests++; - } - } -} - -bool RunTestDataFile(const char *filename, const NameValuePairs &overrideParameters, bool thorough) -{ - s_thorough = thorough; - unsigned int totalTests = 0, failedTests = 0; - TestDataFile(filename, overrideParameters, totalTests, failedTests); - cout << dec << "\nTests complete. Total tests = " << totalTests << ". Failed tests = " << failedTests << ".\n"; - if (failedTests != 0) - cout << "SOME TESTS FAILED!\n"; - return failedTests == 0; -} diff --git a/cryptopp562/default.cpp b/cryptopp562/default.cpp deleted file mode 100644 index 7294078..0000000 --- a/cryptopp562/default.cpp +++ /dev/null @@ -1,258 +0,0 @@ -// default.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "default.h" -#include "queue.h" -#include <time.h> -#include <memory> - -NAMESPACE_BEGIN(CryptoPP) - -static const unsigned int MASH_ITERATIONS = 200; -static const unsigned int SALTLENGTH = 8; -static const unsigned int BLOCKSIZE = Default_BlockCipher::Encryption::BLOCKSIZE; -static const unsigned int KEYLENGTH = Default_BlockCipher::Encryption::DEFAULT_KEYLENGTH; - -// The purpose of this function Mash() is to take an arbitrary length input -// string and *deterministicly* produce an arbitrary length output string such -// that (1) it looks random, (2) no information about the input is -// deducible from it, and (3) it contains as much entropy as it can hold, or -// the amount of entropy in the input string, whichever is smaller. - -static void Mash(const byte *in, size_t inLen, byte *out, size_t outLen, int iterations) -{ - if (BytePrecision(outLen) > 2) - throw InvalidArgument("Mash: output legnth too large"); - - size_t bufSize = RoundUpToMultipleOf(outLen, (size_t)DefaultHashModule::DIGESTSIZE); - byte b[2]; - SecByteBlock buf(bufSize); - SecByteBlock outBuf(bufSize); - DefaultHashModule hash; - - unsigned int i; - for(i=0; i<outLen; i+=DefaultHashModule::DIGESTSIZE) - { - b[0] = (byte) (i >> 8); - b[1] = (byte) i; - hash.Update(b, 2); - hash.Update(in, inLen); - hash.Final(outBuf+i); - } - - while (iterations-- > 1) - { - memcpy(buf, outBuf, bufSize); - for (i=0; i<bufSize; i+=DefaultHashModule::DIGESTSIZE) - { - b[0] = (byte) (i >> 8); - b[1] = (byte) i; - hash.Update(b, 2); - hash.Update(buf, bufSize); - hash.Final(outBuf+i); - } - } - - memcpy(out, outBuf, outLen); -} - -static void GenerateKeyIV(const byte *passphrase, size_t passphraseLength, const byte *salt, size_t saltLength, byte *key, byte *IV) -{ - SecByteBlock temp(passphraseLength+saltLength); - memcpy(temp, passphrase, passphraseLength); - memcpy(temp+passphraseLength, salt, saltLength); - SecByteBlock keyIV(KEYLENGTH+BLOCKSIZE); - Mash(temp, passphraseLength + saltLength, keyIV, KEYLENGTH+BLOCKSIZE, MASH_ITERATIONS); - memcpy(key, keyIV, KEYLENGTH); - memcpy(IV, keyIV+KEYLENGTH, BLOCKSIZE); -} - -// ******************************************************** - -DefaultEncryptor::DefaultEncryptor(const char *passphrase, BufferedTransformation *attachment) - : ProxyFilter(NULL, 0, 0, attachment), m_passphrase((const byte *)passphrase, strlen(passphrase)) -{ -} - -DefaultEncryptor::DefaultEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment) - : ProxyFilter(NULL, 0, 0, attachment), m_passphrase(passphrase, passphraseLength) -{ -} - - -void DefaultEncryptor::FirstPut(const byte *) -{ - // VC60 workaround: __LINE__ expansion bug - CRYPTOPP_COMPILE_ASSERT_INSTANCE(SALTLENGTH <= DefaultHashModule::DIGESTSIZE, 1); - CRYPTOPP_COMPILE_ASSERT_INSTANCE(BLOCKSIZE <= DefaultHashModule::DIGESTSIZE, 2); - - SecByteBlock salt(DefaultHashModule::DIGESTSIZE), keyCheck(DefaultHashModule::DIGESTSIZE); - DefaultHashModule hash; - - // use hash(passphrase | time | clock) as salt - hash.Update(m_passphrase, m_passphrase.size()); - time_t t=time(0); - hash.Update((byte *)&t, sizeof(t)); - clock_t c=clock(); - hash.Update((byte *)&c, sizeof(c)); - hash.Final(salt); - - // use hash(passphrase | salt) as key check - hash.Update(m_passphrase, m_passphrase.size()); - hash.Update(salt, SALTLENGTH); - hash.Final(keyCheck); - - AttachedTransformation()->Put(salt, SALTLENGTH); - - // mash passphrase and salt together into key and IV - SecByteBlock key(KEYLENGTH); - SecByteBlock IV(BLOCKSIZE); - GenerateKeyIV(m_passphrase, m_passphrase.size(), salt, SALTLENGTH, key, IV); - - m_cipher.SetKeyWithIV(key, key.size(), IV); - SetFilter(new StreamTransformationFilter(m_cipher)); - - m_filter->Put(keyCheck, BLOCKSIZE); -} - -void DefaultEncryptor::LastPut(const byte *inString, size_t length) -{ - m_filter->MessageEnd(); -} - -// ******************************************************** - -DefaultDecryptor::DefaultDecryptor(const char *p, BufferedTransformation *attachment, bool throwException) - : ProxyFilter(NULL, SALTLENGTH+BLOCKSIZE, 0, attachment) - , m_state(WAITING_FOR_KEYCHECK) - , m_passphrase((const byte *)p, strlen(p)) - , m_throwException(throwException) -{ -} - -DefaultDecryptor::DefaultDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment, bool throwException) - : ProxyFilter(NULL, SALTLENGTH+BLOCKSIZE, 0, attachment) - , m_state(WAITING_FOR_KEYCHECK) - , m_passphrase(passphrase, passphraseLength) - , m_throwException(throwException) -{ -} - -void DefaultDecryptor::FirstPut(const byte *inString) -{ - CheckKey(inString, inString+SALTLENGTH); -} - -void DefaultDecryptor::LastPut(const byte *inString, size_t length) -{ - if (m_filter.get() == NULL) - { - m_state = KEY_BAD; - if (m_throwException) - throw KeyBadErr(); - } - else - { - m_filter->MessageEnd(); - m_state = WAITING_FOR_KEYCHECK; - } -} - -void DefaultDecryptor::CheckKey(const byte *salt, const byte *keyCheck) -{ - SecByteBlock check(STDMAX((unsigned int)2*BLOCKSIZE, (unsigned int)DefaultHashModule::DIGESTSIZE)); - - DefaultHashModule hash; - hash.Update(m_passphrase, m_passphrase.size()); - hash.Update(salt, SALTLENGTH); - hash.Final(check); - - SecByteBlock key(KEYLENGTH); - SecByteBlock IV(BLOCKSIZE); - GenerateKeyIV(m_passphrase, m_passphrase.size(), salt, SALTLENGTH, key, IV); - - m_cipher.SetKeyWithIV(key, key.size(), IV); - std::auto_ptr<StreamTransformationFilter> decryptor(new StreamTransformationFilter(m_cipher)); - - decryptor->Put(keyCheck, BLOCKSIZE); - decryptor->ForceNextPut(); - decryptor->Get(check+BLOCKSIZE, BLOCKSIZE); - - SetFilter(decryptor.release()); - - if (!VerifyBufsEqual(check, check+BLOCKSIZE, BLOCKSIZE)) - { - m_state = KEY_BAD; - if (m_throwException) - throw KeyBadErr(); - } - else - m_state = KEY_GOOD; -} - -// ******************************************************** - -static DefaultMAC * NewDefaultEncryptorMAC(const byte *passphrase, size_t passphraseLength) -{ - size_t macKeyLength = DefaultMAC::StaticGetValidKeyLength(16); - SecByteBlock macKey(macKeyLength); - // since the MAC is encrypted there is no reason to mash the passphrase for many iterations - Mash(passphrase, passphraseLength, macKey, macKeyLength, 1); - return new DefaultMAC(macKey, macKeyLength); -} - -DefaultEncryptorWithMAC::DefaultEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment) - : ProxyFilter(NULL, 0, 0, attachment) - , m_mac(NewDefaultEncryptorMAC((const byte *)passphrase, strlen(passphrase))) -{ - SetFilter(new HashFilter(*m_mac, new DefaultEncryptor(passphrase), true)); -} - -DefaultEncryptorWithMAC::DefaultEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment) - : ProxyFilter(NULL, 0, 0, attachment) - , m_mac(NewDefaultEncryptorMAC(passphrase, passphraseLength)) -{ - SetFilter(new HashFilter(*m_mac, new DefaultEncryptor(passphrase, passphraseLength), true)); -} - -void DefaultEncryptorWithMAC::LastPut(const byte *inString, size_t length) -{ - m_filter->MessageEnd(); -} - -// ******************************************************** - -DefaultDecryptorWithMAC::DefaultDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment, bool throwException) - : ProxyFilter(NULL, 0, 0, attachment) - , m_mac(NewDefaultEncryptorMAC((const byte *)passphrase, strlen(passphrase))) - , m_throwException(throwException) -{ - SetFilter(new DefaultDecryptor(passphrase, m_hashVerifier=new HashVerifier(*m_mac, NULL, HashVerifier::PUT_MESSAGE), throwException)); -} - -DefaultDecryptorWithMAC::DefaultDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment, bool throwException) - : ProxyFilter(NULL, 0, 0, attachment) - , m_mac(NewDefaultEncryptorMAC(passphrase, passphraseLength)) - , m_throwException(throwException) -{ - SetFilter(new DefaultDecryptor(passphrase, passphraseLength, m_hashVerifier=new HashVerifier(*m_mac, NULL, HashVerifier::PUT_MESSAGE), throwException)); -} - -DefaultDecryptor::State DefaultDecryptorWithMAC::CurrentState() const -{ - return static_cast<const DefaultDecryptor *>(m_filter.get())->CurrentState(); -} - -bool DefaultDecryptorWithMAC::CheckLastMAC() const -{ - return m_hashVerifier->GetLastResult(); -} - -void DefaultDecryptorWithMAC::LastPut(const byte *inString, size_t length) -{ - m_filter->MessageEnd(); - if (m_throwException && !CheckLastMAC()) - throw MACBadErr(); -} - -NAMESPACE_END diff --git a/cryptopp562/default.h b/cryptopp562/default.h deleted file mode 100644 index fb53641..0000000 --- a/cryptopp562/default.h +++ /dev/null @@ -1,104 +0,0 @@ -#ifndef CRYPTOPP_DEFAULT_H -#define CRYPTOPP_DEFAULT_H - -#include "sha.h" -#include "hmac.h" -#include "des.h" -#include "filters.h" -#include "modes.h" - -NAMESPACE_BEGIN(CryptoPP) - -typedef DES_EDE2 Default_BlockCipher; -typedef SHA DefaultHashModule; -typedef HMAC<DefaultHashModule> DefaultMAC; - -//! Password-Based Encryptor using DES-EDE2 -class DefaultEncryptor : public ProxyFilter -{ -public: - DefaultEncryptor(const char *passphrase, BufferedTransformation *attachment = NULL); - DefaultEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL); - -protected: - void FirstPut(const byte *); - void LastPut(const byte *inString, size_t length); - -private: - SecByteBlock m_passphrase; - CBC_Mode<Default_BlockCipher>::Encryption m_cipher; -}; - -//! Password-Based Decryptor using DES-EDE2 -class DefaultDecryptor : public ProxyFilter -{ -public: - DefaultDecryptor(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true); - DefaultDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true); - - class Err : public Exception - { - public: - Err(const std::string &s) - : Exception(DATA_INTEGRITY_CHECK_FAILED, s) {} - }; - class KeyBadErr : public Err {public: KeyBadErr() : Err("DefaultDecryptor: cannot decrypt message with this passphrase") {}}; - - enum State {WAITING_FOR_KEYCHECK, KEY_GOOD, KEY_BAD}; - State CurrentState() const {return m_state;} - -protected: - void FirstPut(const byte *inString); - void LastPut(const byte *inString, size_t length); - - State m_state; - -private: - void CheckKey(const byte *salt, const byte *keyCheck); - - SecByteBlock m_passphrase; - CBC_Mode<Default_BlockCipher>::Decryption m_cipher; - member_ptr<FilterWithBufferedInput> m_decryptor; - bool m_throwException; -}; - -//! Password-Based Encryptor using DES-EDE2 and HMAC/SHA-1 -class DefaultEncryptorWithMAC : public ProxyFilter -{ -public: - DefaultEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL); - DefaultEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL); - -protected: - void FirstPut(const byte *inString) {} - void LastPut(const byte *inString, size_t length); - -private: - member_ptr<DefaultMAC> m_mac; -}; - -//! Password-Based Decryptor using DES-EDE2 and HMAC/SHA-1 -class DefaultDecryptorWithMAC : public ProxyFilter -{ -public: - class MACBadErr : public DefaultDecryptor::Err {public: MACBadErr() : DefaultDecryptor::Err("DefaultDecryptorWithMAC: MAC check failed") {}}; - - DefaultDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true); - DefaultDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true); - - DefaultDecryptor::State CurrentState() const; - bool CheckLastMAC() const; - -protected: - void FirstPut(const byte *inString) {} - void LastPut(const byte *inString, size_t length); - -private: - member_ptr<DefaultMAC> m_mac; - HashVerifier *m_hashVerifier; - bool m_throwException; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/des.cpp b/cryptopp562/des.cpp deleted file mode 100644 index a6e0c51..0000000 --- a/cryptopp562/des.cpp +++ /dev/null @@ -1,449 +0,0 @@ -// des.cpp - modified by Wei Dai from Phil Karn's des.c -// The original code and all modifications are in the public domain. - -/* - * This is a major rewrite of my old public domain DES code written - * circa 1987, which in turn borrowed heavily from Jim Gillogly's 1977 - * public domain code. I pretty much kept my key scheduling code, but - * the actual encrypt/decrypt routines are taken from from Richard - * Outerbridge's DES code as printed in Schneier's "Applied Cryptography." - * - * This code is in the public domain. I would appreciate bug reports and - * enhancements. - * - * Phil Karn KA9Q, karn@unix.ka9q.ampr.org, August 1994. - */ - -#include "pch.h" -#include "misc.h" -#include "des.h" - -NAMESPACE_BEGIN(CryptoPP) - -typedef BlockGetAndPut<word32, BigEndian> Block; - -// Richard Outerbridge's initial permutation algorithm -/* -inline void IPERM(word32 &left, word32 &right) -{ - word32 work; - - work = ((left >> 4) ^ right) & 0x0f0f0f0f; - right ^= work; - left ^= work << 4; - work = ((left >> 16) ^ right) & 0xffff; - right ^= work; - left ^= work << 16; - work = ((right >> 2) ^ left) & 0x33333333; - left ^= work; - right ^= (work << 2); - work = ((right >> 8) ^ left) & 0xff00ff; - left ^= work; - right ^= (work << 8); - right = rotl(right, 1); - work = (left ^ right) & 0xaaaaaaaa; - left ^= work; - right ^= work; - left = rotl(left, 1); -} -inline void FPERM(word32 &left, word32 &right) -{ - word32 work; - - right = rotr(right, 1); - work = (left ^ right) & 0xaaaaaaaa; - left ^= work; - right ^= work; - left = rotr(left, 1); - work = ((left >> 8) ^ right) & 0xff00ff; - right ^= work; - left ^= work << 8; - work = ((left >> 2) ^ right) & 0x33333333; - right ^= work; - left ^= work << 2; - work = ((right >> 16) ^ left) & 0xffff; - left ^= work; - right ^= work << 16; - work = ((right >> 4) ^ left) & 0x0f0f0f0f; - left ^= work; - right ^= work << 4; -} -*/ - -// Wei Dai's modification to Richard Outerbridge's initial permutation -// algorithm, this one is faster if you have access to rotate instructions -// (like in MSVC) -static inline void IPERM(word32 &left, word32 &right) -{ - word32 work; - - right = rotlFixed(right, 4U); - work = (left ^ right) & 0xf0f0f0f0; - left ^= work; - right = rotrFixed(right^work, 20U); - work = (left ^ right) & 0xffff0000; - left ^= work; - right = rotrFixed(right^work, 18U); - work = (left ^ right) & 0x33333333; - left ^= work; - right = rotrFixed(right^work, 6U); - work = (left ^ right) & 0x00ff00ff; - left ^= work; - right = rotlFixed(right^work, 9U); - work = (left ^ right) & 0xaaaaaaaa; - left = rotlFixed(left^work, 1U); - right ^= work; -} - -static inline void FPERM(word32 &left, word32 &right) -{ - word32 work; - - right = rotrFixed(right, 1U); - work = (left ^ right) & 0xaaaaaaaa; - right ^= work; - left = rotrFixed(left^work, 9U); - work = (left ^ right) & 0x00ff00ff; - right ^= work; - left = rotlFixed(left^work, 6U); - work = (left ^ right) & 0x33333333; - right ^= work; - left = rotlFixed(left^work, 18U); - work = (left ^ right) & 0xffff0000; - right ^= work; - left = rotlFixed(left^work, 20U); - work = (left ^ right) & 0xf0f0f0f0; - right ^= work; - left = rotrFixed(left^work, 4U); -} - -void DES::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - RawSetKey(GetCipherDirection(), userKey); -} - -#ifndef CRYPTOPP_IMPORTS - -/* Tables defined in the Data Encryption Standard documents - * Three of these tables, the initial permutation, the final - * permutation and the expansion operator, are regular enough that - * for speed, we hard-code them. They're here for reference only. - * Also, the S and P boxes are used by a separate program, gensp.c, - * to build the combined SP box, Spbox[]. They're also here just - * for reference. - */ -#ifdef notdef -/* initial permutation IP */ -static byte ip[] = { - 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 -}; - -/* final permutation IP^-1 */ -static byte fp[] = { - 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 -}; -/* expansion operation matrix */ -static byte ei[] = { - 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 -}; -/* The (in)famous S-boxes */ -static byte sbox[8][64] = { - /* S1 */ - 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, - 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, - 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, - 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13, - - /* S2 */ - 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, - 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, - 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, - 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9, - - /* S3 */ - 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, - 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, - 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, - 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12, - - /* S4 */ - 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, - 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, - 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, - 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14, - - /* S5 */ - 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, - 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, - 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, - 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3, - - /* S6 */ - 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, - 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, - 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, - 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13, - - /* S7 */ - 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, - 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, - 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, - 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12, - - /* S8 */ - 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, - 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, - 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, - 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 -}; - -/* 32-bit permutation function P used on the output of the S-boxes */ -static byte p32i[] = { - 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 -}; -#endif - -/* permuted choice table (key) */ -static const byte pc1[] = { - 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 -}; - -/* number left rotations of pc1 */ -static const byte totrot[] = { - 1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 -}; - -/* permuted choice key (table) */ -static const byte pc2[] = { - 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 -}; - -/* End of DES-defined tables */ - -/* bit 0 is left-most in byte */ -static const int bytebit[] = { - 0200,0100,040,020,010,04,02,01 -}; - -/* Set key (initialize key schedule array) */ -void RawDES::RawSetKey(CipherDir dir, const byte *key) -{ - SecByteBlock buffer(56+56+8); - byte *const pc1m=buffer; /* place to modify pc1 into */ - byte *const pcr=pc1m+56; /* place to rotate pc1 into */ - byte *const ks=pcr+56; - register int i,j,l; - int m; - - for (j=0; j<56; j++) { /* convert pc1 to bits of key */ - l=pc1[j]-1; /* integer bit location */ - m = l & 07; /* find bit */ - pc1m[j]=(key[l>>3] & /* find which key byte l is in */ - bytebit[m]) /* and which bit of that byte */ - ? 1 : 0; /* and store 1-bit result */ - } - for (i=0; i<16; i++) { /* key chunk for each iteration */ - memset(ks,0,8); /* Clear key schedule */ - for (j=0; j<56; j++) /* rotate pc1 the right amount */ - pcr[j] = pc1m[(l=j+totrot[i])<(j<28? 28 : 56) ? l: l-28]; - /* rotate left and right halves independently */ - for (j=0; j<48; j++){ /* select bits individually */ - /* check bit that goes to ks[j] */ - if (pcr[pc2[j]-1]){ - /* mask it in if it's there */ - l= j % 6; - ks[j/6] |= bytebit[l] >> 2; - } - } - /* Now convert to odd/even interleaved form for use in F */ - k[2*i] = ((word32)ks[0] << 24) - | ((word32)ks[2] << 16) - | ((word32)ks[4] << 8) - | ((word32)ks[6]); - k[2*i+1] = ((word32)ks[1] << 24) - | ((word32)ks[3] << 16) - | ((word32)ks[5] << 8) - | ((word32)ks[7]); - } - - if (dir==DECRYPTION) // reverse key schedule order - for (i=0; i<16; i+=2) - { - std::swap(k[i], k[32-2-i]); - std::swap(k[i+1], k[32-1-i]); - } -} - -void RawDES::RawProcessBlock(word32 &l_, word32 &r_) const -{ - word32 l = l_, r = r_; - const word32 *kptr=k; - - for (unsigned i=0; i<8; i++) - { - word32 work = rotrFixed(r, 4U) ^ kptr[4*i+0]; - l ^= Spbox[6][(work) & 0x3f] - ^ Spbox[4][(work >> 8) & 0x3f] - ^ Spbox[2][(work >> 16) & 0x3f] - ^ Spbox[0][(work >> 24) & 0x3f]; - work = r ^ kptr[4*i+1]; - l ^= Spbox[7][(work) & 0x3f] - ^ Spbox[5][(work >> 8) & 0x3f] - ^ Spbox[3][(work >> 16) & 0x3f] - ^ Spbox[1][(work >> 24) & 0x3f]; - - work = rotrFixed(l, 4U) ^ kptr[4*i+2]; - r ^= Spbox[6][(work) & 0x3f] - ^ Spbox[4][(work >> 8) & 0x3f] - ^ Spbox[2][(work >> 16) & 0x3f] - ^ Spbox[0][(work >> 24) & 0x3f]; - work = l ^ kptr[4*i+3]; - r ^= Spbox[7][(work) & 0x3f] - ^ Spbox[5][(work >> 8) & 0x3f] - ^ Spbox[3][(work >> 16) & 0x3f] - ^ Spbox[1][(work >> 24) & 0x3f]; - } - - l_ = l; r_ = r; -} - -void DES_EDE2::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - m_des1.RawSetKey(GetCipherDirection(), userKey); - m_des2.RawSetKey(ReverseCipherDir(GetCipherDirection()), userKey+8); -} - -void DES_EDE2::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 l,r; - Block::Get(inBlock)(l)(r); - IPERM(l,r); - m_des1.RawProcessBlock(l, r); - m_des2.RawProcessBlock(r, l); - m_des1.RawProcessBlock(l, r); - FPERM(l,r); - Block::Put(xorBlock, outBlock)(r)(l); -} - -void DES_EDE3::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - m_des1.RawSetKey(GetCipherDirection(), userKey + (IsForwardTransformation() ? 0 : 16)); - m_des2.RawSetKey(ReverseCipherDir(GetCipherDirection()), userKey + 8); - m_des3.RawSetKey(GetCipherDirection(), userKey + (IsForwardTransformation() ? 16 : 0)); -} - -void DES_EDE3::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 l,r; - Block::Get(inBlock)(l)(r); - IPERM(l,r); - m_des1.RawProcessBlock(l, r); - m_des2.RawProcessBlock(r, l); - m_des3.RawProcessBlock(l, r); - FPERM(l,r); - Block::Put(xorBlock, outBlock)(r)(l); -} - -#endif // #ifndef CRYPTOPP_IMPORTS - -static inline bool CheckParity(byte b) -{ - unsigned int a = b ^ (b >> 4); - return ((a ^ (a>>1) ^ (a>>2) ^ (a>>3)) & 1) == 1; -} - -bool DES::CheckKeyParityBits(const byte *key) -{ - for (unsigned int i=0; i<8; i++) - if (!CheckParity(key[i])) - return false; - return true; -} - -void DES::CorrectKeyParityBits(byte *key) -{ - for (unsigned int i=0; i<8; i++) - if (!CheckParity(key[i])) - key[i] ^= 1; -} - -// Encrypt or decrypt a block of data in ECB mode -void DES::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 l,r; - Block::Get(inBlock)(l)(r); - IPERM(l,r); - RawProcessBlock(l, r); - FPERM(l,r); - Block::Put(xorBlock, outBlock)(r)(l); -} - -void DES_XEX3::Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - if (!m_des.get()) - m_des.reset(new DES::Encryption); - - memcpy(m_x1, key + (IsForwardTransformation() ? 0 : 16), BLOCKSIZE); - m_des->RawSetKey(GetCipherDirection(), key + 8); - memcpy(m_x3, key + (IsForwardTransformation() ? 16 : 0), BLOCKSIZE); -} - -void DES_XEX3::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - xorbuf(outBlock, inBlock, m_x1, BLOCKSIZE); - m_des->ProcessAndXorBlock(outBlock, xorBlock, outBlock); - xorbuf(outBlock, m_x3, BLOCKSIZE); -} - -NAMESPACE_END diff --git a/cryptopp562/des.h b/cryptopp562/des.h deleted file mode 100644 index 62f6288..0000000 --- a/cryptopp562/des.h +++ /dev/null @@ -1,144 +0,0 @@ -#ifndef CRYPTOPP_DES_H -#define CRYPTOPP_DES_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -class CRYPTOPP_DLL RawDES -{ -public: - void RawSetKey(CipherDir direction, const byte *userKey); - void RawProcessBlock(word32 &l, word32 &r) const; - -protected: - static const word32 Spbox[8][64]; - - FixedSizeSecBlock<word32, 32> k; -}; - -//! _ -struct DES_Info : public FixedBlockSize<8>, public FixedKeyLength<8> -{ - // disable DES in DLL version by not exporting this function - static const char * StaticAlgorithmName() {return "DES";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#DES">DES</a> -/*! The DES implementation in Crypto++ ignores the parity bits - (the least significant bits of each byte) in the key. However - you can use CheckKeyParityBits() and CorrectKeyParityBits() to - check or correct the parity bits if you wish. */ -class DES : public DES_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<DES_Info>, public RawDES - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - //! check DES key parity bits - static bool CheckKeyParityBits(const byte *key); - //! correct DES key parity bits - static void CorrectKeyParityBits(byte *key); - - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -//! _ -struct DES_EDE2_Info : public FixedBlockSize<8>, public FixedKeyLength<16> -{ - CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return "DES-EDE2";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#DESede">DES-EDE2</a> -class DES_EDE2 : public DES_EDE2_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<DES_EDE2_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - protected: - RawDES m_des1, m_des2; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -//! _ -struct DES_EDE3_Info : public FixedBlockSize<8>, public FixedKeyLength<24> -{ - CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return "DES-EDE3";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#DESede">DES-EDE3</a> -class DES_EDE3 : public DES_EDE3_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<DES_EDE3_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - protected: - RawDES m_des1, m_des2, m_des3; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -//! _ -struct DES_XEX3_Info : public FixedBlockSize<8>, public FixedKeyLength<24> -{ - static const char *StaticAlgorithmName() {return "DES-XEX3";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#DESX">DES-XEX3</a>, AKA DESX -class DES_XEX3 : public DES_XEX3_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<DES_XEX3_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - protected: - FixedSizeSecBlock<byte, BLOCKSIZE> m_x1, m_x3; - // VS2005 workaround: calling modules compiled with /clr gets unresolved external symbol DES::Base::ProcessAndXorBlock - // if we use DES::Encryption here directly without value_ptr. - value_ptr<DES::Encryption> m_des; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -typedef DES::Encryption DESEncryption; -typedef DES::Decryption DESDecryption; - -typedef DES_EDE2::Encryption DES_EDE2_Encryption; -typedef DES_EDE2::Decryption DES_EDE2_Decryption; - -typedef DES_EDE3::Encryption DES_EDE3_Encryption; -typedef DES_EDE3::Decryption DES_EDE3_Decryption; - -typedef DES_XEX3::Encryption DES_XEX3_Encryption; -typedef DES_XEX3::Decryption DES_XEX3_Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dessp.cpp b/cryptopp562/dessp.cpp deleted file mode 100644 index 49ed1d2..0000000 --- a/cryptopp562/dessp.cpp +++ /dev/null @@ -1,95 +0,0 @@ -// This file is mostly generated by Phil Karn's gensp.c - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "des.h" - -NAMESPACE_BEGIN(CryptoPP) - -// VC60 workaround: gives a C4786 warning without this function -// when runtime lib is set to multithread debug DLL -// even though warning 4786 is disabled! -void DES_VC60Workaround() -{ -} - -const word32 RawDES::Spbox[8][64] = { -{ -0x01010400,0x00000000,0x00010000,0x01010404, 0x01010004,0x00010404,0x00000004,0x00010000, -0x00000400,0x01010400,0x01010404,0x00000400, 0x01000404,0x01010004,0x01000000,0x00000004, -0x00000404,0x01000400,0x01000400,0x00010400, 0x00010400,0x01010000,0x01010000,0x01000404, -0x00010004,0x01000004,0x01000004,0x00010004, 0x00000000,0x00000404,0x00010404,0x01000000, -0x00010000,0x01010404,0x00000004,0x01010000, 0x01010400,0x01000000,0x01000000,0x00000400, -0x01010004,0x00010000,0x00010400,0x01000004, 0x00000400,0x00000004,0x01000404,0x00010404, -0x01010404,0x00010004,0x01010000,0x01000404, 0x01000004,0x00000404,0x00010404,0x01010400, -0x00000404,0x01000400,0x01000400,0x00000000, 0x00010004,0x00010400,0x00000000,0x01010004}, -{ -0x80108020,0x80008000,0x00008000,0x00108020, 0x00100000,0x00000020,0x80100020,0x80008020, -0x80000020,0x80108020,0x80108000,0x80000000, 0x80008000,0x00100000,0x00000020,0x80100020, -0x00108000,0x00100020,0x80008020,0x00000000, 0x80000000,0x00008000,0x00108020,0x80100000, -0x00100020,0x80000020,0x00000000,0x00108000, 0x00008020,0x80108000,0x80100000,0x00008020, -0x00000000,0x00108020,0x80100020,0x00100000, 0x80008020,0x80100000,0x80108000,0x00008000, -0x80100000,0x80008000,0x00000020,0x80108020, 0x00108020,0x00000020,0x00008000,0x80000000, -0x00008020,0x80108000,0x00100000,0x80000020, 0x00100020,0x80008020,0x80000020,0x00100020, -0x00108000,0x00000000,0x80008000,0x00008020, 0x80000000,0x80100020,0x80108020,0x00108000}, -{ -0x00000208,0x08020200,0x00000000,0x08020008, 0x08000200,0x00000000,0x00020208,0x08000200, -0x00020008,0x08000008,0x08000008,0x00020000, 0x08020208,0x00020008,0x08020000,0x00000208, -0x08000000,0x00000008,0x08020200,0x00000200, 0x00020200,0x08020000,0x08020008,0x00020208, -0x08000208,0x00020200,0x00020000,0x08000208, 0x00000008,0x08020208,0x00000200,0x08000000, -0x08020200,0x08000000,0x00020008,0x00000208, 0x00020000,0x08020200,0x08000200,0x00000000, -0x00000200,0x00020008,0x08020208,0x08000200, 0x08000008,0x00000200,0x00000000,0x08020008, -0x08000208,0x00020000,0x08000000,0x08020208, 0x00000008,0x00020208,0x00020200,0x08000008, -0x08020000,0x08000208,0x00000208,0x08020000, 0x00020208,0x00000008,0x08020008,0x00020200}, -{ -0x00802001,0x00002081,0x00002081,0x00000080, 0x00802080,0x00800081,0x00800001,0x00002001, -0x00000000,0x00802000,0x00802000,0x00802081, 0x00000081,0x00000000,0x00800080,0x00800001, -0x00000001,0x00002000,0x00800000,0x00802001, 0x00000080,0x00800000,0x00002001,0x00002080, -0x00800081,0x00000001,0x00002080,0x00800080, 0x00002000,0x00802080,0x00802081,0x00000081, -0x00800080,0x00800001,0x00802000,0x00802081, 0x00000081,0x00000000,0x00000000,0x00802000, -0x00002080,0x00800080,0x00800081,0x00000001, 0x00802001,0x00002081,0x00002081,0x00000080, -0x00802081,0x00000081,0x00000001,0x00002000, 0x00800001,0x00002001,0x00802080,0x00800081, -0x00002001,0x00002080,0x00800000,0x00802001, 0x00000080,0x00800000,0x00002000,0x00802080}, -{ -0x00000100,0x02080100,0x02080000,0x42000100, 0x00080000,0x00000100,0x40000000,0x02080000, -0x40080100,0x00080000,0x02000100,0x40080100, 0x42000100,0x42080000,0x00080100,0x40000000, -0x02000000,0x40080000,0x40080000,0x00000000, 0x40000100,0x42080100,0x42080100,0x02000100, -0x42080000,0x40000100,0x00000000,0x42000000, 0x02080100,0x02000000,0x42000000,0x00080100, -0x00080000,0x42000100,0x00000100,0x02000000, 0x40000000,0x02080000,0x42000100,0x40080100, -0x02000100,0x40000000,0x42080000,0x02080100, 0x40080100,0x00000100,0x02000000,0x42080000, -0x42080100,0x00080100,0x42000000,0x42080100, 0x02080000,0x00000000,0x40080000,0x42000000, -0x00080100,0x02000100,0x40000100,0x00080000, 0x00000000,0x40080000,0x02080100,0x40000100}, -{ -0x20000010,0x20400000,0x00004000,0x20404010, 0x20400000,0x00000010,0x20404010,0x00400000, -0x20004000,0x00404010,0x00400000,0x20000010, 0x00400010,0x20004000,0x20000000,0x00004010, -0x00000000,0x00400010,0x20004010,0x00004000, 0x00404000,0x20004010,0x00000010,0x20400010, -0x20400010,0x00000000,0x00404010,0x20404000, 0x00004010,0x00404000,0x20404000,0x20000000, -0x20004000,0x00000010,0x20400010,0x00404000, 0x20404010,0x00400000,0x00004010,0x20000010, -0x00400000,0x20004000,0x20000000,0x00004010, 0x20000010,0x20404010,0x00404000,0x20400000, -0x00404010,0x20404000,0x00000000,0x20400010, 0x00000010,0x00004000,0x20400000,0x00404010, -0x00004000,0x00400010,0x20004010,0x00000000, 0x20404000,0x20000000,0x00400010,0x20004010}, -{ -0x00200000,0x04200002,0x04000802,0x00000000, 0x00000800,0x04000802,0x00200802,0x04200800, -0x04200802,0x00200000,0x00000000,0x04000002, 0x00000002,0x04000000,0x04200002,0x00000802, -0x04000800,0x00200802,0x00200002,0x04000800, 0x04000002,0x04200000,0x04200800,0x00200002, -0x04200000,0x00000800,0x00000802,0x04200802, 0x00200800,0x00000002,0x04000000,0x00200800, -0x04000000,0x00200800,0x00200000,0x04000802, 0x04000802,0x04200002,0x04200002,0x00000002, -0x00200002,0x04000000,0x04000800,0x00200000, 0x04200800,0x00000802,0x00200802,0x04200800, -0x00000802,0x04000002,0x04200802,0x04200000, 0x00200800,0x00000000,0x00000002,0x04200802, -0x00000000,0x00200802,0x04200000,0x00000800, 0x04000002,0x04000800,0x00000800,0x00200002}, -{ -0x10001040,0x00001000,0x00040000,0x10041040, 0x10000000,0x10001040,0x00000040,0x10000000, -0x00040040,0x10040000,0x10041040,0x00041000, 0x10041000,0x00041040,0x00001000,0x00000040, -0x10040000,0x10000040,0x10001000,0x00001040, 0x00041000,0x00040040,0x10040040,0x10041000, -0x00001040,0x00000000,0x00000000,0x10040040, 0x10000040,0x10001000,0x00041040,0x00040000, -0x00041040,0x00040000,0x10041000,0x00001000, 0x00000040,0x10040040,0x00001000,0x00041040, -0x10001000,0x00000040,0x10000040,0x10040000, 0x10040040,0x10000000,0x00040000,0x10001040, -0x00000000,0x10041040,0x00040040,0x10000040, 0x10040000,0x10001000,0x10001040,0x00000000, -0x10041040,0x00041000,0x00041000,0x00001040, 0x00001040,0x00040040,0x10000000,0x10041000} -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dh.cpp b/cryptopp562/dh.cpp deleted file mode 100644 index 22097a0..0000000 --- a/cryptopp562/dh.cpp +++ /dev/null @@ -1,19 +0,0 @@ -// dh.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "dh.h" - -NAMESPACE_BEGIN(CryptoPP) - -void DH_TestInstantiations() -{ - DH dh1; - DH dh2(NullRNG(), 10); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dh.h b/cryptopp562/dh.h deleted file mode 100644 index 10e8d14..0000000 --- a/cryptopp562/dh.h +++ /dev/null @@ -1,99 +0,0 @@ -#ifndef CRYPTOPP_DH_H -#define CRYPTOPP_DH_H - -/** \file -*/ - -#include "gfpcrypt.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! , -template <class GROUP_PARAMETERS, class COFACTOR_OPTION = CPP_TYPENAME GROUP_PARAMETERS::DefaultCofactorOption> -class DH_Domain : public DL_SimpleKeyAgreementDomainBase<typename GROUP_PARAMETERS::Element> -{ - typedef DL_SimpleKeyAgreementDomainBase<typename GROUP_PARAMETERS::Element> Base; - -public: - typedef GROUP_PARAMETERS GroupParameters; - typedef typename GroupParameters::Element Element; - typedef DL_KeyAgreementAlgorithm_DH<Element, COFACTOR_OPTION> DH_Algorithm; - typedef DH_Domain<GROUP_PARAMETERS, COFACTOR_OPTION> Domain; - - DH_Domain() {} - - DH_Domain(const GroupParameters ¶ms) - : m_groupParameters(params) {} - - DH_Domain(BufferedTransformation &bt) - {m_groupParameters.BERDecode(bt);} - - template <class T2> - DH_Domain(RandomNumberGenerator &v1, const T2 &v2) - {m_groupParameters.Initialize(v1, v2);} - - template <class T2, class T3> - DH_Domain(RandomNumberGenerator &v1, const T2 &v2, const T3 &v3) - {m_groupParameters.Initialize(v1, v2, v3);} - - template <class T2, class T3, class T4> - DH_Domain(RandomNumberGenerator &v1, const T2 &v2, const T3 &v3, const T4 &v4) - {m_groupParameters.Initialize(v1, v2, v3, v4);} - - template <class T1, class T2> - DH_Domain(const T1 &v1, const T2 &v2) - {m_groupParameters.Initialize(v1, v2);} - - template <class T1, class T2, class T3> - DH_Domain(const T1 &v1, const T2 &v2, const T3 &v3) - {m_groupParameters.Initialize(v1, v2, v3);} - - template <class T1, class T2, class T3, class T4> - DH_Domain(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4) - {m_groupParameters.Initialize(v1, v2, v3, v4);} - - const GroupParameters & GetGroupParameters() const {return m_groupParameters;} - GroupParameters & AccessGroupParameters() {return m_groupParameters;} - - void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const - { - Base::GeneratePublicKey(rng, privateKey, publicKey); - - if (FIPS_140_2_ComplianceEnabled()) - { - SecByteBlock privateKey2(this->PrivateKeyLength()); - this->GeneratePrivateKey(rng, privateKey2); - - SecByteBlock publicKey2(this->PublicKeyLength()); - Base::GeneratePublicKey(rng, privateKey2, publicKey2); - - SecByteBlock agreedValue(this->AgreedValueLength()), agreedValue2(this->AgreedValueLength()); - bool agreed1 = this->Agree(agreedValue, privateKey, publicKey2); - bool agreed2 = this->Agree(agreedValue2, privateKey2, publicKey); - - if (!agreed1 || !agreed2 || agreedValue != agreedValue2) - throw SelfTestFailure(this->AlgorithmName() + ": pairwise consistency test failed"); - } - } - - static std::string CRYPTOPP_API StaticAlgorithmName() - {return GroupParameters::StaticAlgorithmNamePrefix() + DH_Algorithm::StaticAlgorithmName();} - std::string AlgorithmName() const {return StaticAlgorithmName();} - -private: - const DL_KeyAgreementAlgorithm<Element> & GetKeyAgreementAlgorithm() const - {return Singleton<DH_Algorithm>().Ref();} - DL_GroupParameters<Element> & AccessAbstractGroupParameters() - {return m_groupParameters;} - - GroupParameters m_groupParameters; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS DH_Domain<DL_GroupParameters_GFP_DefaultSafePrime>; - -//! <a href="http://www.weidai.com/scan-mirror/ka.html#DH">Diffie-Hellman</a> in GF(p) with key validation -typedef DH_Domain<DL_GroupParameters_GFP_DefaultSafePrime> DH; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dh2.cpp b/cryptopp562/dh2.cpp deleted file mode 100644 index 98175ee..0000000 --- a/cryptopp562/dh2.cpp +++ /dev/null @@ -1,22 +0,0 @@ -// dh2.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "dh2.h" - -NAMESPACE_BEGIN(CryptoPP) - -void DH2_TestInstantiations() -{ - DH2 dh(*(SimpleKeyAgreementDomain*)NULL); -} - -bool DH2::Agree(byte *agreedValue, - const byte *staticSecretKey, const byte *ephemeralSecretKey, - const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, - bool validateStaticOtherPublicKey) const -{ - return d1.Agree(agreedValue, staticSecretKey, staticOtherPublicKey, validateStaticOtherPublicKey) - && d2.Agree(agreedValue+d1.AgreedValueLength(), ephemeralSecretKey, ephemeralOtherPublicKey, true); -} - -NAMESPACE_END diff --git a/cryptopp562/dh2.h b/cryptopp562/dh2.h deleted file mode 100644 index af9d342..0000000 --- a/cryptopp562/dh2.h +++ /dev/null @@ -1,58 +0,0 @@ -#ifndef CRYPTOPP_DH2_H -#define CRYPTOPP_DH2_H - -/** \file -*/ - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// <a href="http://www.weidai.com/scan-mirror/ka.html#DH2">Unified Diffie-Hellman</a> -class DH2 : public AuthenticatedKeyAgreementDomain -{ -public: - DH2(SimpleKeyAgreementDomain &domain) - : d1(domain), d2(domain) {} - DH2(SimpleKeyAgreementDomain &staticDomain, SimpleKeyAgreementDomain &ephemeralDomain) - : d1(staticDomain), d2(ephemeralDomain) {} - - CryptoParameters & AccessCryptoParameters() {return d1.AccessCryptoParameters();} - - unsigned int AgreedValueLength() const - {return d1.AgreedValueLength() + d2.AgreedValueLength();} - - unsigned int StaticPrivateKeyLength() const - {return d1.PrivateKeyLength();} - unsigned int StaticPublicKeyLength() const - {return d1.PublicKeyLength();} - void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const - {d1.GeneratePrivateKey(rng, privateKey);} - void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const - {d1.GeneratePublicKey(rng, privateKey, publicKey);} - void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const - {d1.GenerateKeyPair(rng, privateKey, publicKey);} - - unsigned int EphemeralPrivateKeyLength() const - {return d2.PrivateKeyLength();} - unsigned int EphemeralPublicKeyLength() const - {return d2.PublicKeyLength();} - void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const - {d2.GeneratePrivateKey(rng, privateKey);} - void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const - {d2.GeneratePublicKey(rng, privateKey, publicKey);} - void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const - {d2.GenerateKeyPair(rng, privateKey, publicKey);} - - bool Agree(byte *agreedValue, - const byte *staticPrivateKey, const byte *ephemeralPrivateKey, - const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, - bool validateStaticOtherPublicKey=true) const; - -protected: - SimpleKeyAgreementDomain &d1, &d2; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dll.cpp b/cryptopp562/dll.cpp deleted file mode 100644 index 2b4ef7a..0000000 --- a/cryptopp562/dll.cpp +++ /dev/null @@ -1,146 +0,0 @@ -// dll.cpp - written and placed in the public domain by Wei Dai - -#define CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES -#define CRYPTOPP_DEFAULT_NO_DLL - -#include "dll.h" -#pragma warning(default: 4660) - -#if defined(CRYPTOPP_EXPORTS) && defined(CRYPTOPP_WIN32_AVAILABLE) -#include <windows.h> -#endif - -#ifndef CRYPTOPP_IMPORTS - -NAMESPACE_BEGIN(CryptoPP) - -template<> const byte PKCS_DigestDecoration<SHA1>::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,0x05,0x00,0x04,0x14}; -template<> const unsigned int PKCS_DigestDecoration<SHA1>::length = sizeof(PKCS_DigestDecoration<SHA1>::decoration); - -template<> const byte PKCS_DigestDecoration<SHA224>::decoration[] = {0x30,0x2d,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,0x05,0x00,0x04,0x1c}; -template<> const unsigned int PKCS_DigestDecoration<SHA224>::length = sizeof(PKCS_DigestDecoration<SHA224>::decoration); - -template<> const byte PKCS_DigestDecoration<SHA256>::decoration[] = {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20}; -template<> const unsigned int PKCS_DigestDecoration<SHA256>::length = sizeof(PKCS_DigestDecoration<SHA256>::decoration); - -template<> const byte PKCS_DigestDecoration<SHA384>::decoration[] = {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30}; -template<> const unsigned int PKCS_DigestDecoration<SHA384>::length = sizeof(PKCS_DigestDecoration<SHA384>::decoration); - -template<> const byte PKCS_DigestDecoration<SHA512>::decoration[] = {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40}; -template<> const unsigned int PKCS_DigestDecoration<SHA512>::length = sizeof(PKCS_DigestDecoration<SHA512>::decoration); - -template<> const byte EMSA2HashId<SHA>::id = 0x33; -template<> const byte EMSA2HashId<SHA224>::id = 0x38; -template<> const byte EMSA2HashId<SHA256>::id = 0x34; -template<> const byte EMSA2HashId<SHA384>::id = 0x36; -template<> const byte EMSA2HashId<SHA512>::id = 0x35; - -NAMESPACE_END - -#endif - -#ifdef CRYPTOPP_EXPORTS - -USING_NAMESPACE(CryptoPP) - -#if !(defined(_MSC_VER) && (_MSC_VER < 1300)) -using std::set_new_handler; -#endif - -static PNew s_pNew = NULL; -static PDelete s_pDelete = NULL; - -static void * New (size_t size) -{ - void *p; - while (!(p = malloc(size))) - CallNewHandler(); - - return p; -} - -static void SetNewAndDeleteFunctionPointers() -{ - void *p = NULL; - HMODULE hModule = NULL; - MEMORY_BASIC_INFORMATION mbi; - - while (true) - { - VirtualQuery(p, &mbi, sizeof(mbi)); - - if (p >= (char *)mbi.BaseAddress + mbi.RegionSize) - break; - - p = (char *)mbi.BaseAddress + mbi.RegionSize; - - if (!mbi.AllocationBase || mbi.AllocationBase == hModule) - continue; - - hModule = HMODULE(mbi.AllocationBase); - - PGetNewAndDelete pGetNewAndDelete = (PGetNewAndDelete)GetProcAddress(hModule, "GetNewAndDeleteForCryptoPP"); - if (pGetNewAndDelete) - { - pGetNewAndDelete(s_pNew, s_pDelete); - return; - } - - PSetNewAndDelete pSetNewAndDelete = (PSetNewAndDelete)GetProcAddress(hModule, "SetNewAndDeleteFromCryptoPP"); - if (pSetNewAndDelete) - { - s_pNew = &New; - s_pDelete = &free; - pSetNewAndDelete(s_pNew, s_pDelete, &set_new_handler); - return; - } - } - - // try getting these directly using mangled names of new and delete operators - - hModule = GetModuleHandle("msvcrtd"); - if (!hModule) - hModule = GetModuleHandle("msvcrt"); - if (hModule) - { - // 32-bit versions - s_pNew = (PNew)GetProcAddress(hModule, "??2@YAPAXI@Z"); - s_pDelete = (PDelete)GetProcAddress(hModule, "??3@YAXPAX@Z"); - if (s_pNew && s_pDelete) - return; - - // 64-bit versions - s_pNew = (PNew)GetProcAddress(hModule, "??2@YAPEAX_K@Z"); - s_pDelete = (PDelete)GetProcAddress(hModule, "??3@YAXPEAX@Z"); - if (s_pNew && s_pDelete) - return; - } - - OutputDebugString("Crypto++ was not able to obtain new and delete function pointers.\n"); - throw 0; -} - -void * operator new (size_t size) -{ - if (!s_pNew) - SetNewAndDeleteFunctionPointers(); - - return s_pNew(size); -} - -void operator delete (void * p) -{ - s_pDelete(p); -} - -void * operator new [] (size_t size) -{ - return operator new (size); -} - -void operator delete [] (void * p) -{ - operator delete (p); -} - -#endif // #ifdef CRYPTOPP_EXPORTS diff --git a/cryptopp562/dll.h b/cryptopp562/dll.h deleted file mode 100644 index 5e42d46..0000000 --- a/cryptopp562/dll.h +++ /dev/null @@ -1,71 +0,0 @@ -#ifndef CRYPTOPP_DLL_H -#define CRYPTOPP_DLL_H - -#if !defined(CRYPTOPP_IMPORTS) && !defined(CRYPTOPP_EXPORTS) && !defined(CRYPTOPP_DEFAULT_NO_DLL) -#ifdef CRYPTOPP_CONFIG_H -#error To use the DLL version of Crypto++, this file must be included before any other Crypto++ header files. -#endif -#define CRYPTOPP_IMPORTS -#endif - -#include "aes.h" -#include "cbcmac.h" -#include "ccm.h" -#include "cmac.h" -#include "channels.h" -#include "des.h" -#include "dh.h" -#include "dsa.h" -#include "ec2n.h" -#include "eccrypto.h" -#include "ecp.h" -#include "files.h" -#include "fips140.h" -#include "gcm.h" -#include "hex.h" -#include "hmac.h" -#include "modes.h" -#include "mqueue.h" -#include "nbtheory.h" -#include "osrng.h" -#include "pkcspad.h" -#include "pssr.h" -#include "randpool.h" -#include "rsa.h" -#include "rw.h" -#include "sha.h" -#include "skipjack.h" -#include "trdlocal.h" - -#ifdef CRYPTOPP_IMPORTS - -#ifdef _DLL -// cause CRT DLL to be initialized before Crypto++ so that we can use malloc and free during DllMain() -#ifdef NDEBUG -#pragma comment(lib, "msvcrt") -#else -#pragma comment(lib, "msvcrtd") -#endif -#endif - -#pragma comment(lib, "cryptopp") - -#endif // #ifdef CRYPTOPP_IMPORTS - -#include <new> // for new_handler - -NAMESPACE_BEGIN(CryptoPP) - -#if !(defined(_MSC_VER) && (_MSC_VER < 1300)) -using std::new_handler; -#endif - -typedef void * (CRYPTOPP_API * PNew)(size_t); -typedef void (CRYPTOPP_API * PDelete)(void *); -typedef void (CRYPTOPP_API * PGetNewAndDelete)(PNew &, PDelete &); -typedef new_handler (CRYPTOPP_API * PSetNewHandler)(new_handler); -typedef void (CRYPTOPP_API * PSetNewAndDelete)(PNew, PDelete, PSetNewHandler); - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dlltest.cpp b/cryptopp562/dlltest.cpp deleted file mode 100644 index 4afd305..0000000 --- a/cryptopp562/dlltest.cpp +++ /dev/null @@ -1,205 +0,0 @@ -#ifndef CRYPTOPP_DLL_ONLY -#define CRYPTOPP_DEFAULT_NO_DLL -#endif - -#include "dll.h" - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -void FIPS140_SampleApplication() -{ - if (!FIPS_140_2_ComplianceEnabled()) - { - cerr << "FIPS 140-2 compliance was turned off at compile time.\n"; - abort(); - } - - // check self test status - if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED) - { - cerr << "Automatic power-up self test failed.\n"; - abort(); - } - cout << "0. Automatic power-up self test passed.\n"; - - // simulate a power-up self test error - SimulatePowerUpSelfTestFailure(); - try - { - // trying to use a crypto algorithm after power-up self test error will result in an exception - AES::Encryption aes; - - // should not be here - cerr << "Use of AES failed to cause an exception after power-up self test error.\n"; - abort(); - } - catch (SelfTestFailure &e) - { - cout << "1. Caught expected exception when simulating self test failure. Exception message follows: "; - cout << e.what() << endl; - } - - // clear the self test error state and redo power-up self test - DoDllPowerUpSelfTest(); - if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED) - { - cerr << "Re-do power-up self test failed.\n"; - abort(); - } - cout << "2. Re-do power-up self test passed.\n"; - - // encrypt and decrypt - const byte key[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; - const byte iv[] = {0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; - const byte plaintext[] = { // "Now is the time for all " without tailing 0 - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20}; - byte ciphertext[24]; - byte decrypted[24]; - - CFB_FIPS_Mode<DES_EDE3>::Encryption encryption_DES_EDE3_CFB; - encryption_DES_EDE3_CFB.SetKeyWithIV(key, sizeof(key), iv); - encryption_DES_EDE3_CFB.ProcessString(ciphertext, plaintext, 24); - - CFB_FIPS_Mode<DES_EDE3>::Decryption decryption_DES_EDE3_CFB; - decryption_DES_EDE3_CFB.SetKeyWithIV(key, sizeof(key), iv); - decryption_DES_EDE3_CFB.ProcessString(decrypted, ciphertext, 24); - - if (memcmp(plaintext, decrypted, 24) != 0) - { - cerr << "DES-EDE3-CFB Encryption/decryption failed.\n"; - abort(); - } - cout << "3. DES-EDE3-CFB Encryption/decryption succeeded.\n"; - - // hash - const byte message[] = {'a', 'b', 'c'}; - const byte expectedDigest[] = {0xA9,0x99,0x3E,0x36,0x47,0x06,0x81,0x6A,0xBA,0x3E,0x25,0x71,0x78,0x50,0xC2,0x6C,0x9C,0xD0,0xD8,0x9D}; - byte digest[20]; - - SHA1 sha; - sha.Update(message, 3); - sha.Final(digest); - - if (memcmp(digest, expectedDigest, 20) != 0) - { - cerr << "SHA-1 hash failed.\n"; - abort(); - } - cout << "4. SHA-1 hash succeeded.\n"; - - // create auto-seeded X9.17 RNG object, if available -#ifdef OS_RNG_AVAILABLE - AutoSeededX917RNG<AES> rng; -#else - // this is used to allow this function to compile on platforms that don't have auto-seeded RNGs - RandomNumberGenerator &rng(NullRNG()); -#endif - - // generate DSA key - DSA::PrivateKey dsaPrivateKey; - dsaPrivateKey.GenerateRandomWithKeySize(rng, 1024); - DSA::PublicKey dsaPublicKey; - dsaPublicKey.AssignFrom(dsaPrivateKey); - if (!dsaPrivateKey.Validate(rng, 3) || !dsaPublicKey.Validate(rng, 3)) - { - cerr << "DSA key generation failed.\n"; - abort(); - } - cout << "5. DSA key generation succeeded.\n"; - - // encode DSA key - std::string encodedDsaPublicKey, encodedDsaPrivateKey; - dsaPublicKey.DEREncode(StringSink(encodedDsaPublicKey).Ref()); - dsaPrivateKey.DEREncode(StringSink(encodedDsaPrivateKey).Ref()); - - // decode DSA key - DSA::PrivateKey decodedDsaPrivateKey; - decodedDsaPrivateKey.BERDecode(StringStore(encodedDsaPrivateKey).Ref()); - DSA::PublicKey decodedDsaPublicKey; - decodedDsaPublicKey.BERDecode(StringStore(encodedDsaPublicKey).Ref()); - - if (!decodedDsaPrivateKey.Validate(rng, 3) || !decodedDsaPublicKey.Validate(rng, 3)) - { - cerr << "DSA key encode/decode failed.\n"; - abort(); - } - cout << "6. DSA key encode/decode succeeded.\n"; - - // sign and verify - byte signature[40]; - DSA::Signer signer(dsaPrivateKey); - assert(signer.SignatureLength() == 40); - signer.SignMessage(rng, message, 3, signature); - - DSA::Verifier verifier(dsaPublicKey); - if (!verifier.VerifyMessage(message, 3, signature, sizeof(signature))) - { - cerr << "DSA signature and verification failed.\n"; - abort(); - } - cout << "7. DSA signature and verification succeeded.\n"; - - - // try to verify an invalid signature - signature[0] ^= 1; - if (verifier.VerifyMessage(message, 3, signature, sizeof(signature))) - { - cerr << "DSA signature verification failed to detect bad signature.\n"; - abort(); - } - cout << "8. DSA signature verification successfully detected bad signature.\n"; - - // try to use an invalid key length - try - { - ECB_Mode<DES_EDE3>::Encryption encryption_DES_EDE3_ECB; - encryption_DES_EDE3_ECB.SetKey(key, 5); - - // should not be here - cerr << "DES-EDE3 implementation did not detect use of invalid key length.\n"; - abort(); - } - catch (InvalidArgument &e) - { - cout << "9. Caught expected exception when using invalid key length. Exception message follows: "; - cout << e.what() << endl; - } - - cout << "\nFIPS 140-2 Sample Application completed normally.\n"; -} - -#ifdef CRYPTOPP_IMPORTS - -static PNew s_pNew = NULL; -static PDelete s_pDelete = NULL; - -extern "C" __declspec(dllexport) void __cdecl SetNewAndDeleteFromCryptoPP(PNew pNew, PDelete pDelete, PSetNewHandler pSetNewHandler) -{ - s_pNew = pNew; - s_pDelete = pDelete; -} - -void * __cdecl operator new (size_t size) -{ - return s_pNew(size); -} - -void __cdecl operator delete (void * p) -{ - s_pDelete(p); -} - -#endif - -#ifdef CRYPTOPP_DLL_ONLY - -int __cdecl main() -{ - FIPS140_SampleApplication(); - return 0; -} - -#endif diff --git a/cryptopp562/dmac.h b/cryptopp562/dmac.h deleted file mode 100644 index 80b54ac..0000000 --- a/cryptopp562/dmac.h +++ /dev/null @@ -1,93 +0,0 @@ -#ifndef CRYPTOPP_DMAC_H -#define CRYPTOPP_DMAC_H - -#include "cbcmac.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DMAC_Base : public SameKeyLengthAs<T>, public MessageAuthenticationCode -{ -public: - static std::string StaticAlgorithmName() {return std::string("DMAC(") + T::StaticAlgorithmName() + ")";} - - CRYPTOPP_CONSTANT(DIGESTSIZE=T::BLOCKSIZE) - - DMAC_Base() {} - - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - void Update(const byte *input, size_t length); - void TruncatedFinal(byte *mac, size_t size); - unsigned int DigestSize() const {return DIGESTSIZE;} - -private: - byte *GenerateSubKeys(const byte *key, size_t keylength); - - size_t m_subkeylength; - SecByteBlock m_subkeys; - CBC_MAC<T> m_mac1; - typename T::Encryption m_f2; - unsigned int m_counter; -}; - -//! DMAC -/*! Based on "CBC MAC for Real-Time Data Sources" by Erez Petrank - and Charles Rackoff. T should be a class derived from BlockCipherDocumentation. -*/ -template <class T> -class DMAC : public MessageAuthenticationCodeFinal<DMAC_Base<T> > -{ -public: - DMAC() {} - DMAC(const byte *key, size_t length=DMAC_Base<T>::DEFAULT_KEYLENGTH) - {this->SetKey(key, length);} -}; - -template <class T> -void DMAC_Base<T>::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) -{ - m_subkeylength = T::StaticGetValidKeyLength(T::BLOCKSIZE); - m_subkeys.resize(2*UnsignedMin((unsigned int)T::BLOCKSIZE, m_subkeylength)); - m_mac1.SetKey(GenerateSubKeys(key, length), m_subkeylength, params); - m_f2.SetKey(m_subkeys+m_subkeys.size()/2, m_subkeylength, params); - m_counter = 0; - m_subkeys.resize(0); -} - -template <class T> -void DMAC_Base<T>::Update(const byte *input, size_t length) -{ - m_mac1.Update(input, length); - m_counter = (unsigned int)((m_counter + length) % T::BLOCKSIZE); -} - -template <class T> -void DMAC_Base<T>::TruncatedFinal(byte *mac, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - byte pad[T::BLOCKSIZE]; - byte padByte = byte(T::BLOCKSIZE-m_counter); - memset(pad, padByte, padByte); - m_mac1.Update(pad, padByte); - m_mac1.TruncatedFinal(mac, size); - m_f2.ProcessBlock(mac); - - m_counter = 0; // reset for next message -} - -template <class T> -byte *DMAC_Base<T>::GenerateSubKeys(const byte *key, size_t keylength) -{ - typename T::Encryption cipher(key, keylength); - memset(m_subkeys, 0, m_subkeys.size()); - cipher.ProcessBlock(m_subkeys); - m_subkeys[m_subkeys.size()/2 + T::BLOCKSIZE - 1] = 1; - cipher.ProcessBlock(m_subkeys+m_subkeys.size()/2); - return m_subkeys; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dsa.cpp b/cryptopp562/dsa.cpp deleted file mode 100644 index 5aace48..0000000 --- a/cryptopp562/dsa.cpp +++ /dev/null @@ -1,63 +0,0 @@ -// dsa.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "dsa.h" -#include "nbtheory.h" - -NAMESPACE_BEGIN(CryptoPP) - -size_t DSAConvertSignatureFormat(byte *buffer, size_t bufferSize, DSASignatureFormat toFormat, const byte *signature, size_t signatureLen, DSASignatureFormat fromFormat) -{ - Integer r, s; - StringStore store(signature, signatureLen); - ArraySink sink(buffer, bufferSize); - - switch (fromFormat) - { - case DSA_P1363: - r.Decode(store, signatureLen/2); - s.Decode(store, signatureLen/2); - break; - case DSA_DER: - { - BERSequenceDecoder seq(store); - r.BERDecode(seq); - s.BERDecode(seq); - seq.MessageEnd(); - break; - } - case DSA_OPENPGP: - r.OpenPGPDecode(store); - s.OpenPGPDecode(store); - break; - } - - switch (toFormat) - { - case DSA_P1363: - r.Encode(sink, bufferSize/2); - s.Encode(sink, bufferSize/2); - break; - case DSA_DER: - { - DERSequenceEncoder seq(sink); - r.DEREncode(seq); - s.DEREncode(seq); - seq.MessageEnd(); - break; - } - case DSA_OPENPGP: - r.OpenPGPEncode(sink); - s.OpenPGPEncode(sink); - break; - } - - return (size_t)sink.TotalPutLength(); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dsa.h b/cryptopp562/dsa.h deleted file mode 100644 index 6ae0387..0000000 --- a/cryptopp562/dsa.h +++ /dev/null @@ -1,35 +0,0 @@ -#ifndef CRYPTOPP_DSA_H -#define CRYPTOPP_DSA_H - -/** \file -*/ - -#include "gfpcrypt.h" - -NAMESPACE_BEGIN(CryptoPP) - -/*! The DSA signature format used by Crypto++ is as defined by IEEE P1363. - Java uses the DER format, and OpenPGP uses the OpenPGP format. */ -enum DSASignatureFormat {DSA_P1363, DSA_DER, DSA_OPENPGP}; -/** This function converts between these formats, and returns length of signature in the target format. - If toFormat == DSA_P1363, bufferSize must equal publicKey.SignatureLength() */ -size_t DSAConvertSignatureFormat(byte *buffer, size_t bufferSize, DSASignatureFormat toFormat, - const byte *signature, size_t signatureLen, DSASignatureFormat fromFormat); - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - -typedef DSA::Signer DSAPrivateKey; -typedef DSA::Verifier DSAPublicKey; - -const int MIN_DSA_PRIME_LENGTH = DSA::MIN_PRIME_LENGTH; -const int MAX_DSA_PRIME_LENGTH = DSA::MAX_PRIME_LENGTH; -const int DSA_PRIME_LENGTH_MULTIPLE = DSA::PRIME_LENGTH_MULTIPLE; - -inline bool GenerateDSAPrimes(const byte *seed, size_t seedLength, int &counter, Integer &p, unsigned int primeLength, Integer &q) - {return DSA::GeneratePrimes(seed, seedLength, counter, p, primeLength, q);} - -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/eax.cpp b/cryptopp562/eax.cpp deleted file mode 100644 index cf83663..0000000 --- a/cryptopp562/eax.cpp +++ /dev/null @@ -1,59 +0,0 @@ -// eax.cpp - written and placed in the public domain by Wei Dai
-
-#include "pch.h"
-#include "eax.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-void EAX_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms)
-{
- AccessMAC().SetKey(userKey, keylength, params);
- m_buffer.New(2*AccessMAC().TagSize());
-}
-
-void EAX_Base::Resync(const byte *iv, size_t len)
-{
- MessageAuthenticationCode &mac = AccessMAC();
- unsigned int blockSize = mac.TagSize();
-
- memset(m_buffer, 0, blockSize);
- mac.Update(m_buffer, blockSize);
- mac.CalculateDigest(m_buffer+blockSize, iv, len);
-
- m_buffer[blockSize-1] = 1;
- mac.Update(m_buffer, blockSize);
-
- m_ctr.SetCipherWithIV(AccessMAC().AccessCipher(), m_buffer+blockSize, blockSize);
-}
-
-size_t EAX_Base::AuthenticateBlocks(const byte *data, size_t len)
-{
- AccessMAC().Update(data, len);
- return 0;
-}
-
-void EAX_Base::AuthenticateLastHeaderBlock()
-{
- assert(m_bufferedDataLength == 0);
- MessageAuthenticationCode &mac = AccessMAC();
- unsigned int blockSize = mac.TagSize();
-
- mac.Final(m_buffer);
- xorbuf(m_buffer+blockSize, m_buffer, blockSize);
-
- memset(m_buffer, 0, blockSize);
- m_buffer[blockSize-1] = 2;
- mac.Update(m_buffer, blockSize);
-}
-
-void EAX_Base::AuthenticateLastFooterBlock(byte *tag, size_t macSize)
-{
- assert(m_bufferedDataLength == 0);
- MessageAuthenticationCode &mac = AccessMAC();
- unsigned int blockSize = mac.TagSize();
-
- mac.TruncatedFinal(m_buffer, macSize);
- xorbuf(tag, m_buffer, m_buffer+blockSize, macSize);
-}
-
-NAMESPACE_END
diff --git a/cryptopp562/eax.h b/cryptopp562/eax.h deleted file mode 100644 index e48ee92..0000000 --- a/cryptopp562/eax.h +++ /dev/null @@ -1,91 +0,0 @@ -#ifndef CRYPTOPP_EAX_H -#define CRYPTOPP_EAX_H - -#include "authenc.h" -#include "modes.h" -#include "cmac.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! . -class CRYPTOPP_NO_VTABLE EAX_Base : public AuthenticatedSymmetricCipherBase -{ -public: - // AuthenticatedSymmetricCipher - std::string AlgorithmName() const - {return GetMAC().GetCipher().AlgorithmName() + std::string("/EAX");} - size_t MinKeyLength() const - {return GetMAC().MinKeyLength();} - size_t MaxKeyLength() const - {return GetMAC().MaxKeyLength();} - size_t DefaultKeyLength() const - {return GetMAC().DefaultKeyLength();} - size_t GetValidKeyLength(size_t n) const - {return GetMAC().GetValidKeyLength(n);} - bool IsValidKeyLength(size_t n) const - {return GetMAC().IsValidKeyLength(n);} - unsigned int OptimalDataAlignment() const - {return GetMAC().OptimalDataAlignment();} - IV_Requirement IVRequirement() const - {return UNIQUE_IV;} - unsigned int IVSize() const - {return GetMAC().TagSize();} - unsigned int MinIVLength() const - {return 0;} - unsigned int MaxIVLength() const - {return UINT_MAX;} - unsigned int DigestSize() const - {return GetMAC().TagSize();} - lword MaxHeaderLength() const - {return LWORD_MAX;} - lword MaxMessageLength() const - {return LWORD_MAX;} - -protected: - // AuthenticatedSymmetricCipherBase - bool AuthenticationIsOnPlaintext() const - {return false;} - unsigned int AuthenticationBlockSize() const - {return 1;} - void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms); - void Resync(const byte *iv, size_t len); - size_t AuthenticateBlocks(const byte *data, size_t len); - void AuthenticateLastHeaderBlock(); - void AuthenticateLastFooterBlock(byte *mac, size_t macSize); - SymmetricCipher & AccessSymmetricCipher() {return m_ctr;} - const CMAC_Base & GetMAC() const {return const_cast<EAX_Base *>(this)->AccessMAC();} - virtual CMAC_Base & AccessMAC() =0; - - CTR_Mode_ExternalCipher::Encryption m_ctr; -}; - -//! . -template <class T_BlockCipher, bool T_IsEncryption> -class EAX_Final : public EAX_Base -{ -public: - static std::string StaticAlgorithmName() - {return T_BlockCipher::StaticAlgorithmName() + std::string("/EAX");} - bool IsForwardTransformation() const - {return T_IsEncryption;} - -private: - CMAC_Base & AccessMAC() {return m_cmac;} - CMAC<T_BlockCipher> m_cmac; -}; - -#ifdef EAX // EAX is defined to 11 on GCC 3.4.3, OpenSolaris 8.11 -#undef EAX -#endif - -/// <a href="http://www.cryptolounge.org/wiki/EAX">EAX</a> -template <class T_BlockCipher> -struct EAX : public AuthenticatedSymmetricCipherDocumentation -{ - typedef EAX_Final<T_BlockCipher, true> Encryption; - typedef EAX_Final<T_BlockCipher, false> Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ec2n.cpp b/cryptopp562/ec2n.cpp deleted file mode 100644 index b513b2c..0000000 --- a/cryptopp562/ec2n.cpp +++ /dev/null @@ -1,292 +0,0 @@ -// ec2n.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "ec2n.h" -#include "asn.h" - -#include "algebra.cpp" -#include "eprecomp.cpp" - -NAMESPACE_BEGIN(CryptoPP) - -EC2N::EC2N(BufferedTransformation &bt) - : m_field(BERDecodeGF2NP(bt)) -{ - BERSequenceDecoder seq(bt); - m_field->BERDecodeElement(seq, m_a); - m_field->BERDecodeElement(seq, m_b); - // skip optional seed - if (!seq.EndReached()) - { - SecByteBlock seed; - unsigned int unused; - BERDecodeBitString(seq, seed, unused); - } - seq.MessageEnd(); -} - -void EC2N::DEREncode(BufferedTransformation &bt) const -{ - m_field->DEREncode(bt); - DERSequenceEncoder seq(bt); - m_field->DEREncodeElement(seq, m_a); - m_field->DEREncodeElement(seq, m_b); - seq.MessageEnd(); -} - -bool EC2N::DecodePoint(EC2N::Point &P, const byte *encodedPoint, size_t encodedPointLen) const -{ - StringStore store(encodedPoint, encodedPointLen); - return DecodePoint(P, store, encodedPointLen); -} - -bool EC2N::DecodePoint(EC2N::Point &P, BufferedTransformation &bt, size_t encodedPointLen) const -{ - byte type; - if (encodedPointLen < 1 || !bt.Get(type)) - return false; - - switch (type) - { - case 0: - P.identity = true; - return true; - case 2: - case 3: - { - if (encodedPointLen != EncodedPointSize(true)) - return false; - - P.identity = false; - P.x.Decode(bt, m_field->MaxElementByteLength()); - - if (P.x.IsZero()) - { - P.y = m_field->SquareRoot(m_b); - return true; - } - - FieldElement z = m_field->Square(P.x); - assert(P.x == m_field->SquareRoot(z)); - P.y = m_field->Divide(m_field->Add(m_field->Multiply(z, m_field->Add(P.x, m_a)), m_b), z); - assert(P.x == m_field->Subtract(m_field->Divide(m_field->Subtract(m_field->Multiply(P.y, z), m_b), z), m_a)); - z = m_field->SolveQuadraticEquation(P.y); - assert(m_field->Add(m_field->Square(z), z) == P.y); - z.SetCoefficient(0, type & 1); - - P.y = m_field->Multiply(z, P.x); - return true; - } - case 4: - { - if (encodedPointLen != EncodedPointSize(false)) - return false; - - unsigned int len = m_field->MaxElementByteLength(); - P.identity = false; - P.x.Decode(bt, len); - P.y.Decode(bt, len); - return true; - } - default: - return false; - } -} - -void EC2N::EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const -{ - if (P.identity) - NullStore().TransferTo(bt, EncodedPointSize(compressed)); - else if (compressed) - { - bt.Put(2 + (!P.x ? 0 : m_field->Divide(P.y, P.x).GetBit(0))); - P.x.Encode(bt, m_field->MaxElementByteLength()); - } - else - { - unsigned int len = m_field->MaxElementByteLength(); - bt.Put(4); // uncompressed - P.x.Encode(bt, len); - P.y.Encode(bt, len); - } -} - -void EC2N::EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const -{ - ArraySink sink(encodedPoint, EncodedPointSize(compressed)); - EncodePoint(sink, P, compressed); - assert(sink.TotalPutLength() == EncodedPointSize(compressed)); -} - -EC2N::Point EC2N::BERDecodePoint(BufferedTransformation &bt) const -{ - SecByteBlock str; - BERDecodeOctetString(bt, str); - Point P; - if (!DecodePoint(P, str, str.size())) - BERDecodeError(); - return P; -} - -void EC2N::DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const -{ - SecByteBlock str(EncodedPointSize(compressed)); - EncodePoint(str, P, compressed); - DEREncodeOctetString(bt, str); -} - -bool EC2N::ValidateParameters(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = !!m_b; - pass = pass && m_a.CoefficientCount() <= m_field->MaxElementBitLength(); - pass = pass && m_b.CoefficientCount() <= m_field->MaxElementBitLength(); - - if (level >= 1) - pass = pass && m_field->GetModulus().IsIrreducible(); - - return pass; -} - -bool EC2N::VerifyPoint(const Point &P) const -{ - const FieldElement &x = P.x, &y = P.y; - return P.identity || - (x.CoefficientCount() <= m_field->MaxElementBitLength() - && y.CoefficientCount() <= m_field->MaxElementBitLength() - && !(((x+m_a)*x*x+m_b-(x+y)*y)%m_field->GetModulus())); -} - -bool EC2N::Equal(const Point &P, const Point &Q) const -{ - if (P.identity && Q.identity) - return true; - - if (P.identity && !Q.identity) - return false; - - if (!P.identity && Q.identity) - return false; - - return (m_field->Equal(P.x,Q.x) && m_field->Equal(P.y,Q.y)); -} - -const EC2N::Point& EC2N::Identity() const -{ - return Singleton<Point>().Ref(); -} - -const EC2N::Point& EC2N::Inverse(const Point &P) const -{ - if (P.identity) - return P; - else - { - m_R.identity = false; - m_R.y = m_field->Add(P.x, P.y); - m_R.x = P.x; - return m_R; - } -} - -const EC2N::Point& EC2N::Add(const Point &P, const Point &Q) const -{ - if (P.identity) return Q; - if (Q.identity) return P; - if (Equal(P, Q)) return Double(P); - if (m_field->Equal(P.x, Q.x) && m_field->Equal(P.y, m_field->Add(Q.x, Q.y))) return Identity(); - - FieldElement t = m_field->Add(P.y, Q.y); - t = m_field->Divide(t, m_field->Add(P.x, Q.x)); - FieldElement x = m_field->Square(t); - m_field->Accumulate(x, t); - m_field->Accumulate(x, Q.x); - m_field->Accumulate(x, m_a); - m_R.y = m_field->Add(P.y, m_field->Multiply(t, x)); - m_field->Accumulate(x, P.x); - m_field->Accumulate(m_R.y, x); - - m_R.x.swap(x); - m_R.identity = false; - return m_R; -} - -const EC2N::Point& EC2N::Double(const Point &P) const -{ - if (P.identity) return P; - if (!m_field->IsUnit(P.x)) return Identity(); - - FieldElement t = m_field->Divide(P.y, P.x); - m_field->Accumulate(t, P.x); - m_R.y = m_field->Square(P.x); - m_R.x = m_field->Square(t); - m_field->Accumulate(m_R.x, t); - m_field->Accumulate(m_R.x, m_a); - m_field->Accumulate(m_R.y, m_field->Multiply(t, m_R.x)); - m_field->Accumulate(m_R.y, m_R.x); - - m_R.identity = false; - return m_R; -} - -// ******************************************************** - -/* -EcPrecomputation<EC2N>& EcPrecomputation<EC2N>::operator=(const EcPrecomputation<EC2N> &rhs) -{ - m_ec = rhs.m_ec; - m_ep = rhs.m_ep; - m_ep.m_group = m_ec.get(); - return *this; -} - -void EcPrecomputation<EC2N>::SetCurveAndBase(const EC2N &ec, const EC2N::Point &base) -{ - m_ec.reset(new EC2N(ec)); - m_ep.SetGroupAndBase(*m_ec, base); -} - -void EcPrecomputation<EC2N>::Precompute(unsigned int maxExpBits, unsigned int storage) -{ - m_ep.Precompute(maxExpBits, storage); -} - -void EcPrecomputation<EC2N>::Load(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - word32 version; - BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1); - m_ep.m_exponentBase.BERDecode(seq); - m_ep.m_windowSize = m_ep.m_exponentBase.BitCount() - 1; - m_ep.m_bases.clear(); - while (!seq.EndReached()) - m_ep.m_bases.push_back(m_ec->BERDecodePoint(seq)); - seq.MessageEnd(); -} - -void EcPrecomputation<EC2N>::Save(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - DEREncodeUnsigned<word32>(seq, 1); // version - m_ep.m_exponentBase.DEREncode(seq); - for (unsigned i=0; i<m_ep.m_bases.size(); i++) - m_ec->DEREncodePoint(seq, m_ep.m_bases[i]); - seq.MessageEnd(); -} - -EC2N::Point EcPrecomputation<EC2N>::Exponentiate(const Integer &exponent) const -{ - return m_ep.Exponentiate(exponent); -} - -EC2N::Point EcPrecomputation<EC2N>::CascadeExponentiate(const Integer &exponent, const DL_FixedBasePrecomputation<Element> &pc2, const Integer &exponent2) const -{ - return m_ep.CascadeExponentiate(exponent, static_cast<const EcPrecomputation<EC2N> &>(pc2).m_ep, exponent2); -} -*/ - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ec2n.h b/cryptopp562/ec2n.h deleted file mode 100644 index ae4007c..0000000 --- a/cryptopp562/ec2n.h +++ /dev/null @@ -1,113 +0,0 @@ -#ifndef CRYPTOPP_EC2N_H -#define CRYPTOPP_EC2N_H - -#include "gf2n.h" -#include "eprecomp.h" -#include "smartptr.h" -#include "pubkey.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Elliptic Curve Point -struct CRYPTOPP_DLL EC2NPoint -{ - EC2NPoint() : identity(true) {} - EC2NPoint(const PolynomialMod2 &x, const PolynomialMod2 &y) - : identity(false), x(x), y(y) {} - - bool operator==(const EC2NPoint &t) const - {return (identity && t.identity) || (!identity && !t.identity && x==t.x && y==t.y);} - bool operator< (const EC2NPoint &t) const - {return identity ? !t.identity : (!t.identity && (x<t.x || (x==t.x && y<t.y)));} - - bool identity; - PolynomialMod2 x, y; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<EC2NPoint>; - -//! Elliptic Curve over GF(2^n) -class CRYPTOPP_DLL EC2N : public AbstractGroup<EC2NPoint> -{ -public: - typedef GF2NP Field; - typedef Field::Element FieldElement; - typedef EC2NPoint Point; - - EC2N() {} - EC2N(const Field &field, const Field::Element &a, const Field::Element &b) - : m_field(field), m_a(a), m_b(b) {} - // construct from BER encoded parameters - // this constructor will decode and extract the the fields fieldID and curve of the sequence ECParameters - EC2N(BufferedTransformation &bt); - - // encode the fields fieldID and curve of the sequence ECParameters - void DEREncode(BufferedTransformation &bt) const; - - bool Equal(const Point &P, const Point &Q) const; - const Point& Identity() const; - const Point& Inverse(const Point &P) const; - bool InversionIsFast() const {return true;} - const Point& Add(const Point &P, const Point &Q) const; - const Point& Double(const Point &P) const; - - Point Multiply(const Integer &k, const Point &P) const - {return ScalarMultiply(P, k);} - Point CascadeMultiply(const Integer &k1, const Point &P, const Integer &k2, const Point &Q) const - {return CascadeScalarMultiply(P, k1, Q, k2);} - - bool ValidateParameters(RandomNumberGenerator &rng, unsigned int level=3) const; - bool VerifyPoint(const Point &P) const; - - unsigned int EncodedPointSize(bool compressed = false) const - {return 1 + (compressed?1:2)*m_field->MaxElementByteLength();} - // returns false if point is compressed and not valid (doesn't check if uncompressed) - bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const; - bool DecodePoint(Point &P, const byte *encodedPoint, size_t len) const; - void EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const; - void EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const; - - Point BERDecodePoint(BufferedTransformation &bt) const; - void DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const; - - Integer FieldSize() const {return Integer::Power2(m_field->MaxElementBitLength());} - const Field & GetField() const {return *m_field;} - const FieldElement & GetA() const {return m_a;} - const FieldElement & GetB() const {return m_b;} - - bool operator==(const EC2N &rhs) const - {return GetField() == rhs.GetField() && m_a == rhs.m_a && m_b == rhs.m_b;} - -private: - clonable_ptr<Field> m_field; - FieldElement m_a, m_b; - mutable Point m_R; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_FixedBasePrecomputationImpl<EC2N::Point>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupPrecomputation<EC2N::Point>; - -template <class T> class EcPrecomputation; - -//! EC2N precomputation -template<> class EcPrecomputation<EC2N> : public DL_GroupPrecomputation<EC2N::Point> -{ -public: - typedef EC2N EllipticCurve; - - // DL_GroupPrecomputation - const AbstractGroup<Element> & GetGroup() const {return m_ec;} - Element BERDecodeElement(BufferedTransformation &bt) const {return m_ec.BERDecodePoint(bt);} - void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {m_ec.DEREncodePoint(bt, v, false);} - - // non-inherited - void SetCurve(const EC2N &ec) {m_ec = ec;} - const EC2N & GetCurve() const {return m_ec;} - -private: - EC2N m_ec; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/eccrypto.cpp b/cryptopp562/eccrypto.cpp deleted file mode 100644 index 922104c..0000000 --- a/cryptopp562/eccrypto.cpp +++ /dev/null @@ -1,694 +0,0 @@ -// eccrypto.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "eccrypto.h" -#include "nbtheory.h" -#include "oids.h" -#include "hex.h" -#include "argnames.h" -#include "ec2n.h" - -NAMESPACE_BEGIN(CryptoPP) - -#if 0 -static void ECDSA_TestInstantiations() -{ - ECDSA<EC2N>::Signer t1; - ECDSA<EC2N>::Verifier t2(t1); - ECNR<ECP>::Signer t3; - ECNR<ECP>::Verifier t4(t3); - ECIES<ECP>::Encryptor t5; - ECIES<EC2N>::Decryptor t6; - ECDH<ECP>::Domain t7; - ECMQV<ECP>::Domain t8; -} -#endif - -// VC60 workaround: complains when these functions are put into an anonymous namespace -static Integer ConvertToInteger(const PolynomialMod2 &x) -{ - unsigned int l = x.ByteCount(); - SecByteBlock temp(l); - x.Encode(temp, l); - return Integer(temp, l); -} - -static inline Integer ConvertToInteger(const Integer &x) -{ - return x; -} - -static bool CheckMOVCondition(const Integer &q, const Integer &r) -{ - // see "Updated standards for validating elliptic curves", http://eprint.iacr.org/2007/343 - Integer t = 1; - unsigned int n = q.IsEven() ? 1 : q.BitCount(), m = r.BitCount(); - - for (unsigned int i=n; DiscreteLogWorkFactor(i)<m/2; i+=n) - { - if (q.IsEven()) - t = (t+t)%r; - else - t = (t*q)%r; - if (t == 1) - return false; - } - return true; -} - -// ****************************************************************** - -template <class T> struct EcRecommendedParameters; - -template<> struct EcRecommendedParameters<EC2N> -{ - EcRecommendedParameters(const OID &oid, unsigned int t2, unsigned int t3, unsigned int t4, const char *a, const char *b, const char *g, const char *n, unsigned int h) - : oid(oid), t0(0), t1(0), t2(t2), t3(t3), t4(t4), a(a), b(b), g(g), n(n), h(h) {} - EcRecommendedParameters(const OID &oid, unsigned int t0, unsigned int t1, unsigned int t2, unsigned int t3, unsigned int t4, const char *a, const char *b, const char *g, const char *n, unsigned int h) - : oid(oid), t0(t0), t1(t1), t2(t2), t3(t3), t4(t4), a(a), b(b), g(g), n(n), h(h) {} - EC2N *NewEC() const - { - StringSource ssA(a, true, new HexDecoder); - StringSource ssB(b, true, new HexDecoder); - if (t0 == 0) - return new EC2N(GF2NT(t2, t3, t4), EC2N::FieldElement(ssA, (size_t)ssA.MaxRetrievable()), EC2N::FieldElement(ssB, (size_t)ssB.MaxRetrievable())); - else - return new EC2N(GF2NPP(t0, t1, t2, t3, t4), EC2N::FieldElement(ssA, (size_t)ssA.MaxRetrievable()), EC2N::FieldElement(ssB, (size_t)ssB.MaxRetrievable())); - }; - - OID oid; - unsigned int t0, t1, t2, t3, t4; - const char *a, *b, *g, *n; - unsigned int h; -}; - -template<> struct EcRecommendedParameters<ECP> -{ - EcRecommendedParameters(const OID &oid, const char *p, const char *a, const char *b, const char *g, const char *n, unsigned int h) - : oid(oid), p(p), a(a), b(b), g(g), n(n), h(h) {} - ECP *NewEC() const - { - StringSource ssP(p, true, new HexDecoder); - StringSource ssA(a, true, new HexDecoder); - StringSource ssB(b, true, new HexDecoder); - return new ECP(Integer(ssP, (size_t)ssP.MaxRetrievable()), ECP::FieldElement(ssA, (size_t)ssA.MaxRetrievable()), ECP::FieldElement(ssB, (size_t)ssB.MaxRetrievable())); - }; - - OID oid; - const char *p; - const char *a, *b, *g, *n; - unsigned int h; -}; - -struct OIDLessThan -{ - template <typename T> - inline bool operator()(const EcRecommendedParameters<T>& a, const OID& b) {return a.oid < b;} - template <typename T> - inline bool operator()(const OID& a, const EcRecommendedParameters<T>& b) {return a < b.oid;} - template <typename T> - inline bool operator()(const EcRecommendedParameters<T>& a, const EcRecommendedParameters<T>& b) {return a.oid < b.oid;} -}; - -static void GetRecommendedParameters(const EcRecommendedParameters<EC2N> *&begin, const EcRecommendedParameters<EC2N> *&end) -{ - // this array must be sorted by OID - static const EcRecommendedParameters<EC2N> rec[] = { - EcRecommendedParameters<EC2N>(ASN1::sect163k1(), - 163, 7, 6, 3, 0, - "000000000000000000000000000000000000000001", - "000000000000000000000000000000000000000001", - "0402FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE80289070FB05D38FF58321F2E800536D538CCDAA3D9", - "04000000000000000000020108A2E0CC0D99F8A5EF", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect163r1(), - 163, 7, 6, 3, 0, - "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", - "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", - "040369979697AB43897789566789567F787A7876A65400435EDB42EFAFB2989D51FEFCE3C80988F41FF883", - "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect239k1(), - 239, 158, 0, - "000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000001", - "0429A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", - "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", - 4), - EcRecommendedParameters<EC2N>(ASN1::sect113r1(), - 113, 9, 0, - "003088250CA6E7C7FE649CE85820F7", - "00E8BEE4D3E2260744188BE0E9C723", - "04009D73616F35F4AB1407D73562C10F00A52830277958EE84D1315ED31886", - "0100000000000000D9CCEC8A39E56F", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect113r2(), - 113, 9, 0, - "00689918DBEC7E5A0DD6DFC0AA55C7", - "0095E9A9EC9B297BD4BF36E059184F", - "0401A57A6A7B26CA5EF52FCDB816479700B3ADC94ED1FE674C06E695BABA1D", - "010000000000000108789B2496AF93", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect163r2(), - 163, 7, 6, 3, 0, - "000000000000000000000000000000000000000001", - "020A601907B8C953CA1481EB10512F78744A3205FD", - "0403F0EBA16286A2D57EA0991168D4994637E8343E3600D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", - "040000000000000000000292FE77E70C12A4234C33", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect283k1(), - 283, 12, 7, 5, 0, - "000000000000000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000000000000000001", - "040503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC245849283601CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", - 4), - EcRecommendedParameters<EC2N>(ASN1::sect283r1(), - 283, 12, 7, 5, 0, - "000000000000000000000000000000000000000000000000000000000000000000000001", - "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", - "0405F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B1205303676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect131r1(), - 131, 8, 3, 2, 0, - "07A11B09A76B562144418FF3FF8C2570B8", - "0217C05610884B63B9C6C7291678F9D341", - "040081BAF91FDF9833C40F9C181343638399078C6E7EA38C001F73C8134B1B4EF9E150", - "0400000000000000023123953A9464B54D", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect131r2(), - 131, 8, 3, 2, 0, - "03E5A88919D7CAFCBF415F07C2176573B2", - "04B8266A46C55657AC734CE38F018F2192", - "040356DCD8F2F95031AD652D23951BB366A80648F06D867940A5366D9E265DE9EB240F", - "0400000000000000016954A233049BA98F", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect193r1(), - 193, 15, 0, - "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", - "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", - "0401F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E10025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", - "01000000000000000000000000C7F34A778F443ACC920EBA49", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect193r2(), - 193, 15, 0, - "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", - "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", - "0400D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", - "010000000000000000000000015AAB561B005413CCD4EE99D5", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect233k1(), - 233, 74, 0, - "000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000001", - "04017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD612601DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", - "8000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", - 4), - EcRecommendedParameters<EC2N>(ASN1::sect233r1(), - 233, 74, 0, - "000000000000000000000000000000000000000000000000000000000001", - "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", - "0400FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", - "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect409k1(), - 409, 87, 0, - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "040060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE902374601E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", - "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", - 4), - EcRecommendedParameters<EC2N>(ASN1::sect409r1(), - 409, 87, 0, - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", - "04015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A70061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", - "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect571k1(), - 571, 10, 5, 2, 0, - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "04026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C89720349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", - "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", - 4), - EcRecommendedParameters<EC2N>(ASN1::sect571r1(), - 571, 10, 5, 2, 0, - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", - "040303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", - 2), - }; - begin = rec; - end = rec + sizeof(rec)/sizeof(rec[0]); -} - -static void GetRecommendedParameters(const EcRecommendedParameters<ECP> *&begin, const EcRecommendedParameters<ECP> *&end) -{ - // this array must be sorted by OID - static const EcRecommendedParameters<ECP> rec[] = { - EcRecommendedParameters<ECP>(ASN1::secp192r1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", - "04188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF101207192B95FFC8DA78631011ED6B24CDD573F977A11E794811", - "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", - 1), - EcRecommendedParameters<ECP>(ASN1::secp256r1(), - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", - "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", - "046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", - "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP160r1(), - "E95E4A5F737059DC60DFC7AD95B3D8139515620F", - "340E7BE2A280EB74E2BE61BADA745D97E8F7C300", - "1E589A8595423412134FAA2DBDEC95C8D8675E58", - "04BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC31667CB477A1A8EC338F94741669C976316DA6321", - "E95E4A5F737059DC60DF5991D45029409E60FC09", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP192r1(), - "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", - "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", - "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", - "04C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD614B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F", - "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP224r1(), - "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", - "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", - "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", - "040D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD", - "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP256r1(), - "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", - "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", - "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", - "048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", - "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP320r1(), - "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", - "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", - "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", - "0443BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E2061114FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1", - "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP384r1(), - "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", - "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", - "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", - "041D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", - "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP512r1(), - "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", - "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", - "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", - "0481AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F8227DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", - "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", - 1), - EcRecommendedParameters<ECP>(ASN1::secp112r1(), - "DB7C2ABF62E35E668076BEAD208B", - "DB7C2ABF62E35E668076BEAD2088", - "659EF8BA043916EEDE8911702B22", - "0409487239995A5EE76B55F9C2F098A89CE5AF8724C0A23E0E0FF77500", - "DB7C2ABF62E35E7628DFAC6561C5", - 1), - EcRecommendedParameters<ECP>(ASN1::secp112r2(), - "DB7C2ABF62E35E668076BEAD208B", - "6127C24C05F38A0AAAF65C0EF02C", - "51DEF1815DB5ED74FCC34C85D709", - "044BA30AB5E892B4E1649DD0928643ADCD46F5882E3747DEF36E956E97", - "36DF0AAFD8B8D7597CA10520D04B", - 4), - EcRecommendedParameters<ECP>(ASN1::secp160r1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", - "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", - "044A96B5688EF573284664698968C38BB913CBFC8223A628553168947D59DCC912042351377AC5FB32", - "0100000000000000000001F4C8F927AED3CA752257", - 1), - EcRecommendedParameters<ECP>(ASN1::secp160k1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "0000000000000000000000000000000000000000", - "0000000000000000000000000000000000000007", - "043B4C382CE37AA192A4019E763036F4F5DD4D7EBB938CF935318FDCED6BC28286531733C3F03C4FEE", - "0100000000000000000001B8FA16DFAB9ACA16B6B3", - 1), - EcRecommendedParameters<ECP>(ASN1::secp256k1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", - "0000000000000000000000000000000000000000000000000000000000000000", - "0000000000000000000000000000000000000000000000000000000000000007", - "0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", - 1), - EcRecommendedParameters<ECP>(ASN1::secp128r1(), - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", - "E87579C11079F43DD824993C2CEE5ED3", - "04161FF7528B899B2D0C28607CA52C5B86CF5AC8395BAFEB13C02DA292DDED7A83", - "FFFFFFFE0000000075A30D1B9038A115", - 1), - EcRecommendedParameters<ECP>(ASN1::secp128r2(), - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "D6031998D1B3BBFEBF59CC9BBFF9AEE1", - "5EEEFCA380D02919DC2C6558BB6D8A5D", - "047B6AA5D85E572983E6FB32A7CDEBC14027B6916A894D3AEE7106FE805FC34B44", - "3FFFFFFF7FFFFFFFBE0024720613B5A3", - 4), - EcRecommendedParameters<ECP>(ASN1::secp160r2(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", - "B4E134D3FB59EB8BAB57274904664D5AF50388BA", - "0452DCB034293A117E1F4FF11B30F7199D3144CE6DFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", - "0100000000000000000000351EE786A818F3A1A16B", - 1), - EcRecommendedParameters<ECP>(ASN1::secp192k1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", - "000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000003", - "04DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", - "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", - 1), - EcRecommendedParameters<ECP>(ASN1::secp224k1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", - "00000000000000000000000000000000000000000000000000000000", - "00000000000000000000000000000000000000000000000000000005", - "04A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", - "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", - 1), - EcRecommendedParameters<ECP>(ASN1::secp224r1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - "04B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", - 1), - EcRecommendedParameters<ECP>(ASN1::secp384r1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", - "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", - "04AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB73617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", - 1), - EcRecommendedParameters<ECP>(ASN1::secp521r1(), - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", - "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", - "0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", - 1), - }; - begin = rec; - end = rec + sizeof(rec)/sizeof(rec[0]); -} - -template <class EC> OID DL_GroupParameters_EC<EC>::GetNextRecommendedParametersOID(const OID &oid) -{ - const EcRecommendedParameters<EllipticCurve> *begin, *end; - GetRecommendedParameters(begin, end); - const EcRecommendedParameters<EllipticCurve> *it = std::upper_bound(begin, end, oid, OIDLessThan()); - return (it == end ? OID() : it->oid); -} - -template <class EC> void DL_GroupParameters_EC<EC>::Initialize(const OID &oid) -{ - const EcRecommendedParameters<EllipticCurve> *begin, *end; - GetRecommendedParameters(begin, end); - const EcRecommendedParameters<EllipticCurve> *it = std::lower_bound(begin, end, oid, OIDLessThan()); - if (it == end || it->oid != oid) - throw UnknownOID(); - - const EcRecommendedParameters<EllipticCurve> ¶m = *it; - m_oid = oid; - std::auto_ptr<EllipticCurve> ec(param.NewEC()); - this->m_groupPrecomputation.SetCurve(*ec); - - StringSource ssG(param.g, true, new HexDecoder); - Element G; - bool result = GetCurve().DecodePoint(G, ssG, (size_t)ssG.MaxRetrievable()); - this->SetSubgroupGenerator(G); - assert(result); - - StringSource ssN(param.n, true, new HexDecoder); - m_n.Decode(ssN, (size_t)ssN.MaxRetrievable()); - m_k = param.h; -} - -template <class EC> -bool DL_GroupParameters_EC<EC>::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - if (strcmp(name, Name::GroupOID()) == 0) - { - if (m_oid.m_values.empty()) - return false; - - this->ThrowIfTypeMismatch(name, typeid(OID), valueType); - *reinterpret_cast<OID *>(pValue) = m_oid; - return true; - } - else - return GetValueHelper<DL_GroupParameters<Element> >(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Curve); -} - -template <class EC> -void DL_GroupParameters_EC<EC>::AssignFrom(const NameValuePairs &source) -{ - OID oid; - if (source.GetValue(Name::GroupOID(), oid)) - Initialize(oid); - else - { - EllipticCurve ec; - Point G; - Integer n; - - source.GetRequiredParameter("DL_GroupParameters_EC<EC>", Name::Curve(), ec); - source.GetRequiredParameter("DL_GroupParameters_EC<EC>", Name::SubgroupGenerator(), G); - source.GetRequiredParameter("DL_GroupParameters_EC<EC>", Name::SubgroupOrder(), n); - Integer k = source.GetValueWithDefault(Name::Cofactor(), Integer::Zero()); - - Initialize(ec, G, n, k); - } -} - -template <class EC> -void DL_GroupParameters_EC<EC>::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - try - { - AssignFrom(alg); - } - catch (InvalidArgument &) - { - throw NotImplemented("DL_GroupParameters_EC<EC>: curve generation is not implemented yet"); - } -} - -template <class EC> -void DL_GroupParameters_EC<EC>::BERDecode(BufferedTransformation &bt) -{ - byte b; - if (!bt.Peek(b)) - BERDecodeError(); - if (b == OBJECT_IDENTIFIER) - Initialize(OID(bt)); - else - { - BERSequenceDecoder seq(bt); - word32 version; - BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1); // check version - EllipticCurve ec(seq); - Point G = ec.BERDecodePoint(seq); - Integer n(seq); - Integer k; - bool cofactorPresent = !seq.EndReached(); - if (cofactorPresent) - k.BERDecode(seq); - else - k = Integer::Zero(); - seq.MessageEnd(); - - Initialize(ec, G, n, k); - } -} - -template <class EC> -void DL_GroupParameters_EC<EC>::DEREncode(BufferedTransformation &bt) const -{ - if (m_encodeAsOID && !m_oid.m_values.empty()) - m_oid.DEREncode(bt); - else - { - DERSequenceEncoder seq(bt); - DEREncodeUnsigned<word32>(seq, 1); // version - GetCurve().DEREncode(seq); - GetCurve().DEREncodePoint(seq, this->GetSubgroupGenerator(), m_compress); - m_n.DEREncode(seq); - if (m_k.NotZero()) - m_k.DEREncode(seq); - seq.MessageEnd(); - } -} - -template <class EC> -Integer DL_GroupParameters_EC<EC>::GetCofactor() const -{ - if (!m_k) - { - Integer q = GetCurve().FieldSize(); - Integer qSqrt = q.SquareRoot(); - m_k = (q+2*qSqrt+1)/m_n; - } - - return m_k; -} - -template <class EC> -Integer DL_GroupParameters_EC<EC>::ConvertElementToInteger(const Element &element) const -{ - return ConvertToInteger(element.x); -}; - -template <class EC> -bool DL_GroupParameters_EC<EC>::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = GetCurve().ValidateParameters(rng, level); - - Integer q = GetCurve().FieldSize(); - pass = pass && m_n!=q; - - if (level >= 2) - { - Integer qSqrt = q.SquareRoot(); - pass = pass && m_n>4*qSqrt; - pass = pass && VerifyPrime(rng, m_n, level-2); - pass = pass && (m_k.IsZero() || m_k == (q+2*qSqrt+1)/m_n); - pass = pass && CheckMOVCondition(q, m_n); - } - - return pass; -} - -template <class EC> -bool DL_GroupParameters_EC<EC>::ValidateElement(unsigned int level, const Element &g, const DL_FixedBasePrecomputation<Element> *gpc) const -{ - bool pass = !IsIdentity(g) && GetCurve().VerifyPoint(g); - if (level >= 1) - { - if (gpc) - pass = pass && gpc->Exponentiate(this->GetGroupPrecomputation(), Integer::One()) == g; - } - if (level >= 2 && pass) - { - const Integer &q = GetSubgroupOrder(); - Element gq = gpc ? gpc->Exponentiate(this->GetGroupPrecomputation(), q) : this->ExponentiateElement(g, q); - pass = pass && IsIdentity(gq); - } - return pass; -} - -template <class EC> -void DL_GroupParameters_EC<EC>::SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const -{ - GetCurve().SimultaneousMultiply(results, base, exponents, exponentsCount); -} - -template <class EC> -CPP_TYPENAME DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::MultiplyElements(const Element &a, const Element &b) const -{ - return GetCurve().Add(a, b); -} - -template <class EC> -CPP_TYPENAME DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const -{ - return GetCurve().CascadeMultiply(exponent1, element1, exponent2, element2); -} - -template <class EC> -OID DL_GroupParameters_EC<EC>::GetAlgorithmID() const -{ - return ASN1::id_ecPublicKey(); -} - -// ****************************************************************** - -template <class EC> -void DL_PublicKey_EC<EC>::BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size) -{ - typename EC::Point P; - if (!this->GetGroupParameters().GetCurve().DecodePoint(P, bt, size)) - BERDecodeError(); - this->SetPublicElement(P); -} - -template <class EC> -void DL_PublicKey_EC<EC>::DEREncodePublicKey(BufferedTransformation &bt) const -{ - this->GetGroupParameters().GetCurve().EncodePoint(bt, this->GetPublicElement(), this->GetGroupParameters().GetPointCompression()); -} - -// ****************************************************************** - -template <class EC> -void DL_PrivateKey_EC<EC>::BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size) -{ - BERSequenceDecoder seq(bt); - word32 version; - BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1); // check version - - BERGeneralDecoder dec(seq, OCTET_STRING); - if (!dec.IsDefiniteLength()) - BERDecodeError(); - Integer x; - x.Decode(dec, (size_t)dec.RemainingLength()); - dec.MessageEnd(); - if (!parametersPresent && seq.PeekByte() != (CONTEXT_SPECIFIC | CONSTRUCTED | 0)) - BERDecodeError(); - if (!seq.EndReached() && seq.PeekByte() == (CONTEXT_SPECIFIC | CONSTRUCTED | 0)) - { - BERGeneralDecoder parameters(seq, CONTEXT_SPECIFIC | CONSTRUCTED | 0); - this->AccessGroupParameters().BERDecode(parameters); - parameters.MessageEnd(); - } - if (!seq.EndReached()) - { - // skip over the public element - SecByteBlock subjectPublicKey; - unsigned int unusedBits; - BERGeneralDecoder publicKey(seq, CONTEXT_SPECIFIC | CONSTRUCTED | 1); - BERDecodeBitString(publicKey, subjectPublicKey, unusedBits); - publicKey.MessageEnd(); - Element Q; - if (!(unusedBits == 0 && this->GetGroupParameters().GetCurve().DecodePoint(Q, subjectPublicKey, subjectPublicKey.size()))) - BERDecodeError(); - } - seq.MessageEnd(); - - this->SetPrivateExponent(x); -} - -template <class EC> -void DL_PrivateKey_EC<EC>::DEREncodePrivateKey(BufferedTransformation &bt) const -{ - DERSequenceEncoder privateKey(bt); - DEREncodeUnsigned<word32>(privateKey, 1); // version - // SEC 1 ver 1.0 says privateKey (m_d) has the same length as order of the curve - // this will be changed to order of base point in a future version - this->GetPrivateExponent().DEREncodeAsOctetString(privateKey, this->GetGroupParameters().GetSubgroupOrder().ByteCount()); - privateKey.MessageEnd(); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/eccrypto.h b/cryptopp562/eccrypto.h deleted file mode 100644 index 3530455..0000000 --- a/cryptopp562/eccrypto.h +++ /dev/null @@ -1,280 +0,0 @@ -#ifndef CRYPTOPP_ECCRYPTO_H -#define CRYPTOPP_ECCRYPTO_H - -/*! \file -*/ - -#include "pubkey.h" -#include "integer.h" -#include "asn.h" -#include "hmac.h" -#include "sha.h" -#include "gfpcrypt.h" -#include "dh.h" -#include "mqv.h" -#include "ecp.h" -#include "ec2n.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Elliptic Curve Parameters -/*! This class corresponds to the ASN.1 sequence of the same name - in ANSI X9.62 (also SEC 1). -*/ -template <class EC> -class DL_GroupParameters_EC : public DL_GroupParametersImpl<EcPrecomputation<EC> > -{ - typedef DL_GroupParameters_EC<EC> ThisClass; - -public: - typedef EC EllipticCurve; - typedef typename EllipticCurve::Point Point; - typedef Point Element; - typedef IncompatibleCofactorMultiplication DefaultCofactorOption; - - DL_GroupParameters_EC() : m_compress(false), m_encodeAsOID(false) {} - DL_GroupParameters_EC(const OID &oid) - : m_compress(false), m_encodeAsOID(false) {Initialize(oid);} - DL_GroupParameters_EC(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero()) - : m_compress(false), m_encodeAsOID(false) {Initialize(ec, G, n, k);} - DL_GroupParameters_EC(BufferedTransformation &bt) - : m_compress(false), m_encodeAsOID(false) {BERDecode(bt);} - - void Initialize(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero()) - { - this->m_groupPrecomputation.SetCurve(ec); - this->SetSubgroupGenerator(G); - m_n = n; - m_k = k; - } - void Initialize(const OID &oid); - - // NameValuePairs - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - // GeneratibleCryptoMaterial interface - //! this implementation doesn't actually generate a curve, it just initializes the parameters with existing values - /*! parameters: (Curve, SubgroupGenerator, SubgroupOrder, Cofactor (optional)), or (GroupOID) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - - // DL_GroupParameters - const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return this->m_gpc;} - DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return this->m_gpc;} - const Integer & GetSubgroupOrder() const {return m_n;} - Integer GetCofactor() const; - bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const; - bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation<Element> *precomp) const; - bool FastSubgroupCheckAvailable() const {return false;} - void EncodeElement(bool reversible, const Element &element, byte *encoded) const - { - if (reversible) - GetCurve().EncodePoint(encoded, element, m_compress); - else - element.x.Encode(encoded, GetEncodedElementSize(false)); - } - unsigned int GetEncodedElementSize(bool reversible) const - { - if (reversible) - return GetCurve().EncodedPointSize(m_compress); - else - return GetCurve().GetField().MaxElementByteLength(); - } - Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const - { - Point result; - if (!GetCurve().DecodePoint(result, encoded, GetEncodedElementSize(true))) - throw DL_BadElement(); - if (checkForGroupMembership && !ValidateElement(1, result, NULL)) - throw DL_BadElement(); - return result; - } - Integer ConvertElementToInteger(const Element &element) const; - Integer GetMaxExponent() const {return GetSubgroupOrder()-1;} - bool IsIdentity(const Element &element) const {return element.identity;} - void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; - static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "EC";} - - // ASN1Key - OID GetAlgorithmID() const; - - // used by MQV - Element MultiplyElements(const Element &a, const Element &b) const; - Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const; - - // non-inherited - - // enumerate OIDs for recommended parameters, use OID() to get first one - static OID CRYPTOPP_API GetNextRecommendedParametersOID(const OID &oid); - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - void SetPointCompression(bool compress) {m_compress = compress;} - bool GetPointCompression() const {return m_compress;} - - void SetEncodeAsOID(bool encodeAsOID) {m_encodeAsOID = encodeAsOID;} - bool GetEncodeAsOID() const {return m_encodeAsOID;} - - const EllipticCurve& GetCurve() const {return this->m_groupPrecomputation.GetCurve();} - - bool operator==(const ThisClass &rhs) const - {return this->m_groupPrecomputation.GetCurve() == rhs.m_groupPrecomputation.GetCurve() && this->m_gpc.GetBase(this->m_groupPrecomputation) == rhs.m_gpc.GetBase(rhs.m_groupPrecomputation);} - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - const Point& GetBasePoint() const {return GetSubgroupGenerator();} - const Integer& GetBasePointOrder() const {return GetSubgroupOrder();} - void LoadRecommendedParameters(const OID &oid) {Initialize(oid);} -#endif - -protected: - unsigned int FieldElementLength() const {return GetCurve().GetField().MaxElementByteLength();} - unsigned int ExponentLength() const {return m_n.ByteCount();} - - OID m_oid; // set if parameters loaded from a recommended curve - Integer m_n; // order of base point - bool m_compress, m_encodeAsOID; - mutable Integer m_k; // cofactor -}; - -//! EC public key -template <class EC> -class DL_PublicKey_EC : public DL_PublicKeyImpl<DL_GroupParameters_EC<EC> > -{ -public: - typedef typename EC::Point Element; - - void Initialize(const DL_GroupParameters_EC<EC> ¶ms, const Element &Q) - {this->AccessGroupParameters() = params; this->SetPublicElement(Q);} - void Initialize(const EC &ec, const Element &G, const Integer &n, const Element &Q) - {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPublicElement(Q);} - - // X509PublicKey - void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size); - void DEREncodePublicKey(BufferedTransformation &bt) const; -}; - -//! EC private key -template <class EC> -class DL_PrivateKey_EC : public DL_PrivateKeyImpl<DL_GroupParameters_EC<EC> > -{ -public: - typedef typename EC::Point Element; - - void Initialize(const DL_GroupParameters_EC<EC> ¶ms, const Integer &x) - {this->AccessGroupParameters() = params; this->SetPrivateExponent(x);} - void Initialize(const EC &ec, const Element &G, const Integer &n, const Integer &x) - {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPrivateExponent(x);} - void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC<EC> ¶ms) - {this->GenerateRandom(rng, params);} - void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n) - {this->GenerateRandom(rng, DL_GroupParameters_EC<EC>(ec, G, n));} - - // PKCS8PrivateKey - void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size); - void DEREncodePrivateKey(BufferedTransformation &bt) const; -}; - -//! Elliptic Curve Diffie-Hellman, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECDH">ECDH</a> -template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption> -struct ECDH -{ - typedef DH_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain; -}; - -/// Elliptic Curve Menezes-Qu-Vanstone, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECMQV">ECMQV</a> -template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption> -struct ECMQV -{ - typedef MQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain; -}; - -//! EC keys -template <class EC> -struct DL_Keys_EC -{ - typedef DL_PublicKey_EC<EC> PublicKey; - typedef DL_PrivateKey_EC<EC> PrivateKey; -}; - -template <class EC, class H> -struct ECDSA; - -//! ECDSA keys -template <class EC> -struct DL_Keys_ECDSA -{ - typedef DL_PublicKey_EC<EC> PublicKey; - typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC>, ECDSA<EC, SHA256> > PrivateKey; -}; - -//! ECDSA algorithm -template <class EC> -class DL_Algorithm_ECDSA : public DL_Algorithm_GDSA<typename EC::Point> -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECDSA";} -}; - -//! ECNR algorithm -template <class EC> -class DL_Algorithm_ECNR : public DL_Algorithm_NR<typename EC::Point> -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECNR";} -}; - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#ECDSA">ECDSA</a> -template <class EC, class H> -struct ECDSA : public DL_SS<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, DL_SignatureMessageEncodingMethod_DSA, H> -{ -}; - -//! ECNR -template <class EC, class H = SHA> -struct ECNR : public DL_SS<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, DL_SignatureMessageEncodingMethod_NR, H> -{ -}; - -//! Elliptic Curve Integrated Encryption Scheme, AKA <a href="http://www.weidai.com/scan-mirror/ca.html#ECIES">ECIES</a> -/*! Default to (NoCofactorMultiplication and DHAES_MODE = false) for compatibilty with SEC1 and Crypto++ 4.2. - The combination of (IncompatibleCofactorMultiplication and DHAES_MODE = true) is recommended for best - efficiency and security. */ -template <class EC, class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = false> -struct ECIES - : public DL_ES< - DL_Keys_EC<EC>, - DL_KeyAgreementAlgorithm_DH<typename EC::Point, COFACTOR_OPTION>, - DL_KeyDerivationAlgorithm_P1363<typename EC::Point, DHAES_MODE, P1363_KDF2<SHA1> >, - DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>, - ECIES<EC> > -{ - static std::string CRYPTOPP_API StaticAlgorithmName() {return "ECIES";} // TODO: fix this after name is standardized -}; - -NAMESPACE_END - -#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES -#include "eccrypto.cpp" -#endif - -NAMESPACE_BEGIN(CryptoPP) - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC<ECP>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC<EC2N>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl<DL_GroupParameters_EC<ECP> >; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl<DL_GroupParameters_EC<EC2N> >; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC<ECP>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC<EC2N>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl<DL_GroupParameters_EC<ECP> >; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl<DL_GroupParameters_EC<EC2N> >; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC<ECP>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC<EC2N>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<ECP::Point>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<EC2N::Point>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<ECP>, ECDSA<ECP, SHA256> >; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC2N>, ECDSA<EC2N, SHA256> >; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ecp.cpp b/cryptopp562/ecp.cpp deleted file mode 100644 index 55a7cc1..0000000 --- a/cryptopp562/ecp.cpp +++ /dev/null @@ -1,473 +0,0 @@ -// ecp.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "ecp.h" -#include "asn.h" -#include "nbtheory.h" - -#include "algebra.cpp" - -NAMESPACE_BEGIN(CryptoPP) - -ANONYMOUS_NAMESPACE_BEGIN -static inline ECP::Point ToMontgomery(const ModularArithmetic &mr, const ECP::Point &P) -{ - return P.identity ? P : ECP::Point(mr.ConvertIn(P.x), mr.ConvertIn(P.y)); -} - -static inline ECP::Point FromMontgomery(const ModularArithmetic &mr, const ECP::Point &P) -{ - return P.identity ? P : ECP::Point(mr.ConvertOut(P.x), mr.ConvertOut(P.y)); -} -NAMESPACE_END - -ECP::ECP(const ECP &ecp, bool convertToMontgomeryRepresentation) -{ - if (convertToMontgomeryRepresentation && !ecp.GetField().IsMontgomeryRepresentation()) - { - m_fieldPtr.reset(new MontgomeryRepresentation(ecp.GetField().GetModulus())); - m_a = GetField().ConvertIn(ecp.m_a); - m_b = GetField().ConvertIn(ecp.m_b); - } - else - operator=(ecp); -} - -ECP::ECP(BufferedTransformation &bt) - : m_fieldPtr(new Field(bt)) -{ - BERSequenceDecoder seq(bt); - GetField().BERDecodeElement(seq, m_a); - GetField().BERDecodeElement(seq, m_b); - // skip optional seed - if (!seq.EndReached()) - { - SecByteBlock seed; - unsigned int unused; - BERDecodeBitString(seq, seed, unused); - } - seq.MessageEnd(); -} - -void ECP::DEREncode(BufferedTransformation &bt) const -{ - GetField().DEREncode(bt); - DERSequenceEncoder seq(bt); - GetField().DEREncodeElement(seq, m_a); - GetField().DEREncodeElement(seq, m_b); - seq.MessageEnd(); -} - -bool ECP::DecodePoint(ECP::Point &P, const byte *encodedPoint, size_t encodedPointLen) const -{ - StringStore store(encodedPoint, encodedPointLen); - return DecodePoint(P, store, encodedPointLen); -} - -bool ECP::DecodePoint(ECP::Point &P, BufferedTransformation &bt, size_t encodedPointLen) const -{ - byte type; - if (encodedPointLen < 1 || !bt.Get(type)) - return false; - - switch (type) - { - case 0: - P.identity = true; - return true; - case 2: - case 3: - { - if (encodedPointLen != EncodedPointSize(true)) - return false; - - Integer p = FieldSize(); - - P.identity = false; - P.x.Decode(bt, GetField().MaxElementByteLength()); - P.y = ((P.x*P.x+m_a)*P.x+m_b) % p; - - if (Jacobi(P.y, p) !=1) - return false; - - P.y = ModularSquareRoot(P.y, p); - - if ((type & 1) != P.y.GetBit(0)) - P.y = p-P.y; - - return true; - } - case 4: - { - if (encodedPointLen != EncodedPointSize(false)) - return false; - - unsigned int len = GetField().MaxElementByteLength(); - P.identity = false; - P.x.Decode(bt, len); - P.y.Decode(bt, len); - return true; - } - default: - return false; - } -} - -void ECP::EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const -{ - if (P.identity) - NullStore().TransferTo(bt, EncodedPointSize(compressed)); - else if (compressed) - { - bt.Put(2 + P.y.GetBit(0)); - P.x.Encode(bt, GetField().MaxElementByteLength()); - } - else - { - unsigned int len = GetField().MaxElementByteLength(); - bt.Put(4); // uncompressed - P.x.Encode(bt, len); - P.y.Encode(bt, len); - } -} - -void ECP::EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const -{ - ArraySink sink(encodedPoint, EncodedPointSize(compressed)); - EncodePoint(sink, P, compressed); - assert(sink.TotalPutLength() == EncodedPointSize(compressed)); -} - -ECP::Point ECP::BERDecodePoint(BufferedTransformation &bt) const -{ - SecByteBlock str; - BERDecodeOctetString(bt, str); - Point P; - if (!DecodePoint(P, str, str.size())) - BERDecodeError(); - return P; -} - -void ECP::DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const -{ - SecByteBlock str(EncodedPointSize(compressed)); - EncodePoint(str, P, compressed); - DEREncodeOctetString(bt, str); -} - -bool ECP::ValidateParameters(RandomNumberGenerator &rng, unsigned int level) const -{ - Integer p = FieldSize(); - - bool pass = p.IsOdd(); - pass = pass && !m_a.IsNegative() && m_a<p && !m_b.IsNegative() && m_b<p; - - if (level >= 1) - pass = pass && ((4*m_a*m_a*m_a+27*m_b*m_b)%p).IsPositive(); - - if (level >= 2) - pass = pass && VerifyPrime(rng, p); - - return pass; -} - -bool ECP::VerifyPoint(const Point &P) const -{ - const FieldElement &x = P.x, &y = P.y; - Integer p = FieldSize(); - return P.identity || - (!x.IsNegative() && x<p && !y.IsNegative() && y<p - && !(((x*x+m_a)*x+m_b-y*y)%p)); -} - -bool ECP::Equal(const Point &P, const Point &Q) const -{ - if (P.identity && Q.identity) - return true; - - if (P.identity && !Q.identity) - return false; - - if (!P.identity && Q.identity) - return false; - - return (GetField().Equal(P.x,Q.x) && GetField().Equal(P.y,Q.y)); -} - -const ECP::Point& ECP::Identity() const -{ - return Singleton<Point>().Ref(); -} - -const ECP::Point& ECP::Inverse(const Point &P) const -{ - if (P.identity) - return P; - else - { - m_R.identity = false; - m_R.x = P.x; - m_R.y = GetField().Inverse(P.y); - return m_R; - } -} - -const ECP::Point& ECP::Add(const Point &P, const Point &Q) const -{ - if (P.identity) return Q; - if (Q.identity) return P; - if (GetField().Equal(P.x, Q.x)) - return GetField().Equal(P.y, Q.y) ? Double(P) : Identity(); - - FieldElement t = GetField().Subtract(Q.y, P.y); - t = GetField().Divide(t, GetField().Subtract(Q.x, P.x)); - FieldElement x = GetField().Subtract(GetField().Subtract(GetField().Square(t), P.x), Q.x); - m_R.y = GetField().Subtract(GetField().Multiply(t, GetField().Subtract(P.x, x)), P.y); - - m_R.x.swap(x); - m_R.identity = false; - return m_R; -} - -const ECP::Point& ECP::Double(const Point &P) const -{ - if (P.identity || P.y==GetField().Identity()) return Identity(); - - FieldElement t = GetField().Square(P.x); - t = GetField().Add(GetField().Add(GetField().Double(t), t), m_a); - t = GetField().Divide(t, GetField().Double(P.y)); - FieldElement x = GetField().Subtract(GetField().Subtract(GetField().Square(t), P.x), P.x); - m_R.y = GetField().Subtract(GetField().Multiply(t, GetField().Subtract(P.x, x)), P.y); - - m_R.x.swap(x); - m_R.identity = false; - return m_R; -} - -template <class T, class Iterator> void ParallelInvert(const AbstractRing<T> &ring, Iterator begin, Iterator end) -{ - size_t n = end-begin; - if (n == 1) - *begin = ring.MultiplicativeInverse(*begin); - else if (n > 1) - { - std::vector<T> vec((n+1)/2); - unsigned int i; - Iterator it; - - for (i=0, it=begin; i<n/2; i++, it+=2) - vec[i] = ring.Multiply(*it, *(it+1)); - if (n%2 == 1) - vec[n/2] = *it; - - ParallelInvert(ring, vec.begin(), vec.end()); - - for (i=0, it=begin; i<n/2; i++, it+=2) - { - if (!vec[i]) - { - *it = ring.MultiplicativeInverse(*it); - *(it+1) = ring.MultiplicativeInverse(*(it+1)); - } - else - { - std::swap(*it, *(it+1)); - *it = ring.Multiply(*it, vec[i]); - *(it+1) = ring.Multiply(*(it+1), vec[i]); - } - } - if (n%2 == 1) - *it = vec[n/2]; - } -} - -struct ProjectivePoint -{ - ProjectivePoint() {} - ProjectivePoint(const Integer &x, const Integer &y, const Integer &z) - : x(x), y(y), z(z) {} - - Integer x,y,z; -}; - -class ProjectiveDoubling -{ -public: - ProjectiveDoubling(const ModularArithmetic &mr, const Integer &m_a, const Integer &m_b, const ECPPoint &Q) - : mr(mr), firstDoubling(true), negated(false) - { - if (Q.identity) - { - sixteenY4 = P.x = P.y = mr.MultiplicativeIdentity(); - aZ4 = P.z = mr.Identity(); - } - else - { - P.x = Q.x; - P.y = Q.y; - sixteenY4 = P.z = mr.MultiplicativeIdentity(); - aZ4 = m_a; - } - } - - void Double() - { - twoY = mr.Double(P.y); - P.z = mr.Multiply(P.z, twoY); - fourY2 = mr.Square(twoY); - S = mr.Multiply(fourY2, P.x); - aZ4 = mr.Multiply(aZ4, sixteenY4); - M = mr.Square(P.x); - M = mr.Add(mr.Add(mr.Double(M), M), aZ4); - P.x = mr.Square(M); - mr.Reduce(P.x, S); - mr.Reduce(P.x, S); - mr.Reduce(S, P.x); - P.y = mr.Multiply(M, S); - sixteenY4 = mr.Square(fourY2); - mr.Reduce(P.y, mr.Half(sixteenY4)); - } - - const ModularArithmetic &mr; - ProjectivePoint P; - bool firstDoubling, negated; - Integer sixteenY4, aZ4, twoY, fourY2, S, M; -}; - -struct ZIterator -{ - ZIterator() {} - ZIterator(std::vector<ProjectivePoint>::iterator it) : it(it) {} - Integer& operator*() {return it->z;} - int operator-(ZIterator it2) {return int(it-it2.it);} - ZIterator operator+(int i) {return ZIterator(it+i);} - ZIterator& operator+=(int i) {it+=i; return *this;} - std::vector<ProjectivePoint>::iterator it; -}; - -ECP::Point ECP::ScalarMultiply(const Point &P, const Integer &k) const -{ - Element result; - if (k.BitCount() <= 5) - AbstractGroup<ECPPoint>::SimultaneousMultiply(&result, P, &k, 1); - else - ECP::SimultaneousMultiply(&result, P, &k, 1); - return result; -} - -void ECP::SimultaneousMultiply(ECP::Point *results, const ECP::Point &P, const Integer *expBegin, unsigned int expCount) const -{ - if (!GetField().IsMontgomeryRepresentation()) - { - ECP ecpmr(*this, true); - const ModularArithmetic &mr = ecpmr.GetField(); - ecpmr.SimultaneousMultiply(results, ToMontgomery(mr, P), expBegin, expCount); - for (unsigned int i=0; i<expCount; i++) - results[i] = FromMontgomery(mr, results[i]); - return; - } - - ProjectiveDoubling rd(GetField(), m_a, m_b, P); - std::vector<ProjectivePoint> bases; - std::vector<WindowSlider> exponents; - exponents.reserve(expCount); - std::vector<std::vector<word32> > baseIndices(expCount); - std::vector<std::vector<bool> > negateBase(expCount); - std::vector<std::vector<word32> > exponentWindows(expCount); - unsigned int i; - - for (i=0; i<expCount; i++) - { - assert(expBegin->NotNegative()); - exponents.push_back(WindowSlider(*expBegin++, InversionIsFast(), 5)); - exponents[i].FindNextWindow(); - } - - unsigned int expBitPosition = 0; - bool notDone = true; - - while (notDone) - { - notDone = false; - bool baseAdded = false; - for (i=0; i<expCount; i++) - { - if (!exponents[i].finished && expBitPosition == exponents[i].windowBegin) - { - if (!baseAdded) - { - bases.push_back(rd.P); - baseAdded =true; - } - - exponentWindows[i].push_back(exponents[i].expWindow); - baseIndices[i].push_back((word32)bases.size()-1); - negateBase[i].push_back(exponents[i].negateNext); - - exponents[i].FindNextWindow(); - } - notDone = notDone || !exponents[i].finished; - } - - if (notDone) - { - rd.Double(); - expBitPosition++; - } - } - - // convert from projective to affine coordinates - ParallelInvert(GetField(), ZIterator(bases.begin()), ZIterator(bases.end())); - for (i=0; i<bases.size(); i++) - { - if (bases[i].z.NotZero()) - { - bases[i].y = GetField().Multiply(bases[i].y, bases[i].z); - bases[i].z = GetField().Square(bases[i].z); - bases[i].x = GetField().Multiply(bases[i].x, bases[i].z); - bases[i].y = GetField().Multiply(bases[i].y, bases[i].z); - } - } - - std::vector<BaseAndExponent<Point, Integer> > finalCascade; - for (i=0; i<expCount; i++) - { - finalCascade.resize(baseIndices[i].size()); - for (unsigned int j=0; j<baseIndices[i].size(); j++) - { - ProjectivePoint &base = bases[baseIndices[i][j]]; - if (base.z.IsZero()) - finalCascade[j].base.identity = true; - else - { - finalCascade[j].base.identity = false; - finalCascade[j].base.x = base.x; - if (negateBase[i][j]) - finalCascade[j].base.y = GetField().Inverse(base.y); - else - finalCascade[j].base.y = base.y; - } - finalCascade[j].exponent = Integer(Integer::POSITIVE, 0, exponentWindows[i][j]); - } - results[i] = GeneralCascadeMultiplication(*this, finalCascade.begin(), finalCascade.end()); - } -} - -ECP::Point ECP::CascadeScalarMultiply(const Point &P, const Integer &k1, const Point &Q, const Integer &k2) const -{ - if (!GetField().IsMontgomeryRepresentation()) - { - ECP ecpmr(*this, true); - const ModularArithmetic &mr = ecpmr.GetField(); - return FromMontgomery(mr, ecpmr.CascadeScalarMultiply(ToMontgomery(mr, P), k1, ToMontgomery(mr, Q), k2)); - } - else - return AbstractGroup<Point>::CascadeScalarMultiply(P, k1, Q, k2); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ecp.h b/cryptopp562/ecp.h deleted file mode 100644 index d946be6..0000000 --- a/cryptopp562/ecp.h +++ /dev/null @@ -1,126 +0,0 @@ -#ifndef CRYPTOPP_ECP_H -#define CRYPTOPP_ECP_H - -#include "modarith.h" -#include "eprecomp.h" -#include "smartptr.h" -#include "pubkey.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Elliptical Curve Point -struct CRYPTOPP_DLL ECPPoint -{ - ECPPoint() : identity(true) {} - ECPPoint(const Integer &x, const Integer &y) - : identity(false), x(x), y(y) {} - - bool operator==(const ECPPoint &t) const - {return (identity && t.identity) || (!identity && !t.identity && x==t.x && y==t.y);} - bool operator< (const ECPPoint &t) const - {return identity ? !t.identity : (!t.identity && (x<t.x || (x==t.x && y<t.y)));} - - bool identity; - Integer x, y; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<ECPPoint>; - -//! Elliptic Curve over GF(p), where p is prime -class CRYPTOPP_DLL ECP : public AbstractGroup<ECPPoint> -{ -public: - typedef ModularArithmetic Field; - typedef Integer FieldElement; - typedef ECPPoint Point; - - ECP() {} - ECP(const ECP &ecp, bool convertToMontgomeryRepresentation = false); - ECP(const Integer &modulus, const FieldElement &a, const FieldElement &b) - : m_fieldPtr(new Field(modulus)), m_a(a.IsNegative() ? modulus+a : a), m_b(b) {} - // construct from BER encoded parameters - // this constructor will decode and extract the the fields fieldID and curve of the sequence ECParameters - ECP(BufferedTransformation &bt); - - // encode the fields fieldID and curve of the sequence ECParameters - void DEREncode(BufferedTransformation &bt) const; - - bool Equal(const Point &P, const Point &Q) const; - const Point& Identity() const; - const Point& Inverse(const Point &P) const; - bool InversionIsFast() const {return true;} - const Point& Add(const Point &P, const Point &Q) const; - const Point& Double(const Point &P) const; - Point ScalarMultiply(const Point &P, const Integer &k) const; - Point CascadeScalarMultiply(const Point &P, const Integer &k1, const Point &Q, const Integer &k2) const; - void SimultaneousMultiply(Point *results, const Point &base, const Integer *exponents, unsigned int exponentsCount) const; - - Point Multiply(const Integer &k, const Point &P) const - {return ScalarMultiply(P, k);} - Point CascadeMultiply(const Integer &k1, const Point &P, const Integer &k2, const Point &Q) const - {return CascadeScalarMultiply(P, k1, Q, k2);} - - bool ValidateParameters(RandomNumberGenerator &rng, unsigned int level=3) const; - bool VerifyPoint(const Point &P) const; - - unsigned int EncodedPointSize(bool compressed = false) const - {return 1 + (compressed?1:2)*GetField().MaxElementByteLength();} - // returns false if point is compressed and not valid (doesn't check if uncompressed) - bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const; - bool DecodePoint(Point &P, const byte *encodedPoint, size_t len) const; - void EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const; - void EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const; - - Point BERDecodePoint(BufferedTransformation &bt) const; - void DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const; - - Integer FieldSize() const {return GetField().GetModulus();} - const Field & GetField() const {return *m_fieldPtr;} - const FieldElement & GetA() const {return m_a;} - const FieldElement & GetB() const {return m_b;} - - bool operator==(const ECP &rhs) const - {return GetField() == rhs.GetField() && m_a == rhs.m_a && m_b == rhs.m_b;} - -private: - clonable_ptr<Field> m_fieldPtr; - FieldElement m_a, m_b; - mutable Point m_R; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_FixedBasePrecomputationImpl<ECP::Point>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupPrecomputation<ECP::Point>; - -template <class T> class EcPrecomputation; - -//! ECP precomputation -template<> class EcPrecomputation<ECP> : public DL_GroupPrecomputation<ECP::Point> -{ -public: - typedef ECP EllipticCurve; - - // DL_GroupPrecomputation - bool NeedConversions() const {return true;} - Element ConvertIn(const Element &P) const - {return P.identity ? P : ECP::Point(m_ec->GetField().ConvertIn(P.x), m_ec->GetField().ConvertIn(P.y));}; - Element ConvertOut(const Element &P) const - {return P.identity ? P : ECP::Point(m_ec->GetField().ConvertOut(P.x), m_ec->GetField().ConvertOut(P.y));} - const AbstractGroup<Element> & GetGroup() const {return *m_ec;} - Element BERDecodeElement(BufferedTransformation &bt) const {return m_ec->BERDecodePoint(bt);} - void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {m_ec->DEREncodePoint(bt, v, false);} - - // non-inherited - void SetCurve(const ECP &ec) - { - m_ec.reset(new ECP(ec, true)); - m_ecOriginal = ec; - } - const ECP & GetCurve() const {return *m_ecOriginal;} - -private: - value_ptr<ECP> m_ec, m_ecOriginal; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/elgamal.cpp b/cryptopp562/elgamal.cpp deleted file mode 100644 index b58fe7c..0000000 --- a/cryptopp562/elgamal.cpp +++ /dev/null @@ -1,17 +0,0 @@ -// elgamal.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "elgamal.h" -#include "asn.h" -#include "nbtheory.h" - -NAMESPACE_BEGIN(CryptoPP) - -void ElGamal_TestInstantiations() -{ - ElGamalEncryptor test1(1, 1, 1); - ElGamalDecryptor test2(NullRNG(), 123); - ElGamalEncryptor test3(test2); -} - -NAMESPACE_END diff --git a/cryptopp562/elgamal.h b/cryptopp562/elgamal.h deleted file mode 100644 index 9afc30e..0000000 --- a/cryptopp562/elgamal.h +++ /dev/null @@ -1,121 +0,0 @@ -#ifndef CRYPTOPP_ELGAMAL_H -#define CRYPTOPP_ELGAMAL_H - -#include "modexppc.h" -#include "dsa.h" - -NAMESPACE_BEGIN(CryptoPP) - -class CRYPTOPP_NO_VTABLE ElGamalBase : public DL_KeyAgreementAlgorithm_DH<Integer, NoCofactorMultiplication>, - public DL_KeyDerivationAlgorithm<Integer>, - public DL_SymmetricEncryptionAlgorithm -{ -public: - void Derive(const DL_GroupParameters<Integer> &groupParams, byte *derivedKey, size_t derivedLength, const Integer &agreedElement, const Integer &ephemeralPublicKey, const NameValuePairs &derivationParams) const - { - agreedElement.Encode(derivedKey, derivedLength); - } - - size_t GetSymmetricKeyLength(size_t plainTextLength) const - { - return GetGroupParameters().GetModulus().ByteCount(); - } - - size_t GetSymmetricCiphertextLength(size_t plainTextLength) const - { - unsigned int len = GetGroupParameters().GetModulus().ByteCount(); - if (plainTextLength <= GetMaxSymmetricPlaintextLength(len)) - return len; - else - return 0; - } - - size_t GetMaxSymmetricPlaintextLength(size_t cipherTextLength) const - { - unsigned int len = GetGroupParameters().GetModulus().ByteCount(); - if (cipherTextLength == len) - return STDMIN(255U, len-3); - else - return 0; - } - - void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plainText, size_t plainTextLength, byte *cipherText, const NameValuePairs ¶meters) const - { - const Integer &p = GetGroupParameters().GetModulus(); - unsigned int modulusLen = p.ByteCount(); - - SecByteBlock block(modulusLen-1); - rng.GenerateBlock(block, modulusLen-2-plainTextLength); - memcpy(block+modulusLen-2-plainTextLength, plainText, plainTextLength); - block[modulusLen-2] = (byte)plainTextLength; - - a_times_b_mod_c(Integer(key, modulusLen), Integer(block, modulusLen-1), p).Encode(cipherText, modulusLen); - } - - DecodingResult SymmetricDecrypt(const byte *key, const byte *cipherText, size_t cipherTextLength, byte *plainText, const NameValuePairs ¶meters) const - { - const Integer &p = GetGroupParameters().GetModulus(); - unsigned int modulusLen = p.ByteCount(); - - if (cipherTextLength != modulusLen) - return DecodingResult(); - - Integer m = a_times_b_mod_c(Integer(cipherText, modulusLen), Integer(key, modulusLen).InverseMod(p), p); - - m.Encode(plainText, 1); - unsigned int plainTextLength = plainText[0]; - if (plainTextLength > GetMaxSymmetricPlaintextLength(modulusLen)) - return DecodingResult(); - m >>= 8; - m.Encode(plainText, plainTextLength); - return DecodingResult(plainTextLength); - } - - virtual const DL_GroupParameters_GFP & GetGroupParameters() const =0; -}; - -template <class BASE, class SCHEME_OPTIONS, class KEY> -class ElGamalObjectImpl : public DL_ObjectImplBase<BASE, SCHEME_OPTIONS, KEY>, public ElGamalBase -{ -public: - size_t FixedMaxPlaintextLength() const {return this->MaxPlaintextLength(FixedCiphertextLength());} - size_t FixedCiphertextLength() const {return this->CiphertextLength(0);} - - const DL_GroupParameters_GFP & GetGroupParameters() const {return this->GetKey().GetGroupParameters();} - - DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const - {return Decrypt(rng, cipherText, FixedCiphertextLength(), plainText);} - -protected: - const DL_KeyAgreementAlgorithm<Integer> & GetKeyAgreementAlgorithm() const {return *this;} - const DL_KeyDerivationAlgorithm<Integer> & GetKeyDerivationAlgorithm() const {return *this;} - const DL_SymmetricEncryptionAlgorithm & GetSymmetricEncryptionAlgorithm() const {return *this;} -}; - -struct ElGamalKeys -{ - typedef DL_CryptoKeys_GFP::GroupParameters GroupParameters; - typedef DL_PrivateKey_GFP_OldFormat<DL_CryptoKeys_GFP::PrivateKey> PrivateKey; - typedef DL_PublicKey_GFP_OldFormat<DL_CryptoKeys_GFP::PublicKey> PublicKey; -}; - -//! ElGamal encryption scheme with non-standard padding -struct ElGamal -{ - typedef DL_CryptoSchemeOptions<ElGamal, ElGamalKeys, int, int, int> SchemeOptions; - - static const char * StaticAlgorithmName() {return "ElgamalEnc/Crypto++Padding";} - - typedef SchemeOptions::GroupParameters GroupParameters; - //! implements PK_Encryptor interface - typedef PK_FinalTemplate<ElGamalObjectImpl<DL_EncryptorBase<Integer>, SchemeOptions, SchemeOptions::PublicKey> > Encryptor; - //! implements PK_Decryptor interface - typedef PK_FinalTemplate<ElGamalObjectImpl<DL_DecryptorBase<Integer>, SchemeOptions, SchemeOptions::PrivateKey> > Decryptor; -}; - -typedef ElGamal::Encryptor ElGamalEncryptor; -typedef ElGamal::Decryptor ElGamalDecryptor; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/emsa2.cpp b/cryptopp562/emsa2.cpp deleted file mode 100644 index 3dbb7e8..0000000 --- a/cryptopp562/emsa2.cpp +++ /dev/null @@ -1,34 +0,0 @@ -// emsa2.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "emsa2.h" - -#ifndef CRYPTOPP_IMPORTS - -NAMESPACE_BEGIN(CryptoPP) - -void EMSA2Pad::ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize())); - - if (representativeBitLength % 8 != 7) - throw PK_SignatureScheme::InvalidKeyLength("EMSA2: EMSA2 requires a key length that is a multiple of 8"); - - size_t digestSize = hash.DigestSize(); - size_t representativeByteLength = BitsToBytes(representativeBitLength); - - representative[0] = messageEmpty ? 0x4b : 0x6b; - memset(representative+1, 0xbb, representativeByteLength-digestSize-4); // pad with 0xbb - byte *afterP2 = representative+representativeByteLength-digestSize-3; - afterP2[0] = 0xba; - hash.Final(afterP2+1); - representative[representativeByteLength-2] = *hashIdentifier.first; - representative[representativeByteLength-1] = 0xcc; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/emsa2.h b/cryptopp562/emsa2.h deleted file mode 100644 index 49109e6..0000000 --- a/cryptopp562/emsa2.h +++ /dev/null @@ -1,86 +0,0 @@ -#ifndef CRYPTOPP_EMSA2_H -#define CRYPTOPP_EMSA2_H - -/** \file - This file contains various padding schemes for public key algorithms. -*/ - -#include "cryptlib.h" -#include "pubkey.h" - -#ifdef CRYPTOPP_IS_DLL -#include "sha.h" -#endif - -NAMESPACE_BEGIN(CryptoPP) - -template <class H> class EMSA2HashId -{ -public: - static const byte id; -}; - -template <class BASE> -class EMSA2HashIdLookup : public BASE -{ -public: - struct HashIdentifierLookup - { - template <class H> struct HashIdentifierLookup2 - { - static HashIdentifier Lookup() - { - return HashIdentifier(&EMSA2HashId<H>::id, 1); - } - }; - }; -}; - -// EMSA2HashId can be instantiated with the following classes. -class SHA1; -class RIPEMD160; -class RIPEMD128; -class SHA256; -class SHA384; -class SHA512; -class Whirlpool; -class SHA224; -// end of list - -#ifdef CRYPTOPP_IS_DLL -CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId<SHA1>; -CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId<SHA224>; -CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId<SHA256>; -CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId<SHA384>; -CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId<SHA512>; -#endif - -//! _ -class CRYPTOPP_DLL EMSA2Pad : public EMSA2HashIdLookup<PK_DeterministicSignatureMessageEncodingMethod> -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "EMSA2";} - - size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const - {return 8*digestLength + 31;} - - void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; -}; - -//! EMSA2, for use with RWSS and RSA_ISO -/*! Only the following hash functions are supported by this signature standard: - \dontinclude emsa2.h - \skip EMSA2HashId can be instantiated - \until end of list -*/ -struct P1363_EMSA2 : public SignatureStandard -{ - typedef EMSA2Pad SignatureMessageEncodingMethod; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/eprecomp.cpp b/cryptopp562/eprecomp.cpp deleted file mode 100644 index a061cf6..0000000 --- a/cryptopp562/eprecomp.cpp +++ /dev/null @@ -1,112 +0,0 @@ -// eprecomp.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "eprecomp.h" -#include "asn.h" - -NAMESPACE_BEGIN(CryptoPP) - -template <class T> void DL_FixedBasePrecomputationImpl<T>::SetBase(const DL_GroupPrecomputation<Element> &group, const Element &i_base) -{ - m_base = group.NeedConversions() ? group.ConvertIn(i_base) : i_base; - - if (m_bases.empty() || !(m_base == m_bases[0])) - { - m_bases.resize(1); - m_bases[0] = m_base; - } - - if (group.NeedConversions()) - m_base = i_base; -} - -template <class T> void DL_FixedBasePrecomputationImpl<T>::Precompute(const DL_GroupPrecomputation<Element> &group, unsigned int maxExpBits, unsigned int storage) -{ - assert(m_bases.size() > 0); - assert(storage <= maxExpBits); - - if (storage > 1) - { - m_windowSize = (maxExpBits+storage-1)/storage; - m_exponentBase = Integer::Power2(m_windowSize); - } - - m_bases.resize(storage); - for (unsigned i=1; i<storage; i++) - m_bases[i] = group.GetGroup().ScalarMultiply(m_bases[i-1], m_exponentBase); -} - -template <class T> void DL_FixedBasePrecomputationImpl<T>::Load(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - word32 version; - BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1); - m_exponentBase.BERDecode(seq); - m_windowSize = m_exponentBase.BitCount() - 1; - m_bases.clear(); - while (!seq.EndReached()) - m_bases.push_back(group.BERDecodeElement(seq)); - if (!m_bases.empty() && group.NeedConversions()) - m_base = group.ConvertOut(m_bases[0]); - seq.MessageEnd(); -} - -template <class T> void DL_FixedBasePrecomputationImpl<T>::Save(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - DEREncodeUnsigned<word32>(seq, 1); // version - m_exponentBase.DEREncode(seq); - for (unsigned i=0; i<m_bases.size(); i++) - group.DEREncodeElement(seq, m_bases[i]); - seq.MessageEnd(); -} - -template <class T> void DL_FixedBasePrecomputationImpl<T>::PrepareCascade(const DL_GroupPrecomputation<Element> &i_group, std::vector<BaseAndExponent<Element> > &eb, const Integer &exponent) const -{ - const AbstractGroup<T> &group = i_group.GetGroup(); - - Integer r, q, e = exponent; - bool fastNegate = group.InversionIsFast() && m_windowSize > 1; - unsigned int i; - - for (i=0; i+1<m_bases.size(); i++) - { - Integer::DivideByPowerOf2(r, q, e, m_windowSize); - std::swap(q, e); - if (fastNegate && r.GetBit(m_windowSize-1)) - { - ++e; - eb.push_back(BaseAndExponent<Element>(group.Inverse(m_bases[i]), m_exponentBase - r)); - } - else - eb.push_back(BaseAndExponent<Element>(m_bases[i], r)); - } - eb.push_back(BaseAndExponent<Element>(m_bases[i], e)); -} - -template <class T> T DL_FixedBasePrecomputationImpl<T>::Exponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent) const -{ - std::vector<BaseAndExponent<Element> > eb; // array of segments of the exponent and precalculated bases - eb.reserve(m_bases.size()); - PrepareCascade(group, eb, exponent); - return group.ConvertOut(GeneralCascadeMultiplication<Element>(group.GetGroup(), eb.begin(), eb.end())); -} - -template <class T> T - DL_FixedBasePrecomputationImpl<T>::CascadeExponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent, - const DL_FixedBasePrecomputation<T> &i_pc2, const Integer &exponent2) const -{ - std::vector<BaseAndExponent<Element> > eb; // array of segments of the exponent and precalculated bases - const DL_FixedBasePrecomputationImpl<T> &pc2 = static_cast<const DL_FixedBasePrecomputationImpl<T> &>(i_pc2); - eb.reserve(m_bases.size() + pc2.m_bases.size()); - PrepareCascade(group, eb, exponent); - pc2.PrepareCascade(group, eb, exponent2); - return group.ConvertOut(GeneralCascadeMultiplication<Element>(group.GetGroup(), eb.begin(), eb.end())); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/eprecomp.h b/cryptopp562/eprecomp.h deleted file mode 100644 index 1f32567..0000000 --- a/cryptopp562/eprecomp.h +++ /dev/null @@ -1,75 +0,0 @@ -#ifndef CRYPTOPP_EPRECOMP_H -#define CRYPTOPP_EPRECOMP_H - -#include "integer.h" -#include "algebra.h" -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -template <class T> -class DL_GroupPrecomputation -{ -public: - typedef T Element; - - virtual bool NeedConversions() const {return false;} - virtual Element ConvertIn(const Element &v) const {return v;} - virtual Element ConvertOut(const Element &v) const {return v;} - virtual const AbstractGroup<Element> & GetGroup() const =0; - virtual Element BERDecodeElement(BufferedTransformation &bt) const =0; - virtual void DEREncodeElement(BufferedTransformation &bt, const Element &P) const =0; -}; - -template <class T> -class DL_FixedBasePrecomputation -{ -public: - typedef T Element; - - virtual bool IsInitialized() const =0; - virtual void SetBase(const DL_GroupPrecomputation<Element> &group, const Element &base) =0; - virtual const Element & GetBase(const DL_GroupPrecomputation<Element> &group) const =0; - virtual void Precompute(const DL_GroupPrecomputation<Element> &group, unsigned int maxExpBits, unsigned int storage) =0; - virtual void Load(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) =0; - virtual void Save(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) const =0; - virtual Element Exponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent) const =0; - virtual Element CascadeExponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent, const DL_FixedBasePrecomputation<Element> &pc2, const Integer &exponent2) const =0; -}; - -template <class T> -class DL_FixedBasePrecomputationImpl : public DL_FixedBasePrecomputation<T> -{ -public: - typedef T Element; - - DL_FixedBasePrecomputationImpl() : m_windowSize(0) {} - - // DL_FixedBasePrecomputation - bool IsInitialized() const - {return !m_bases.empty();} - void SetBase(const DL_GroupPrecomputation<Element> &group, const Element &base); - const Element & GetBase(const DL_GroupPrecomputation<Element> &group) const - {return group.NeedConversions() ? m_base : m_bases[0];} - void Precompute(const DL_GroupPrecomputation<Element> &group, unsigned int maxExpBits, unsigned int storage); - void Load(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation); - void Save(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) const; - Element Exponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent) const; - Element CascadeExponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent, const DL_FixedBasePrecomputation<Element> &pc2, const Integer &exponent2) const; - -private: - void PrepareCascade(const DL_GroupPrecomputation<Element> &group, std::vector<BaseAndExponent<Element> > &eb, const Integer &exponent) const; - - Element m_base; - unsigned int m_windowSize; - Integer m_exponentBase; // what base to represent the exponent in - std::vector<Element> m_bases; // precalculated bases -}; - -NAMESPACE_END - -#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES -#include "eprecomp.cpp" -#endif - -#endif diff --git a/cryptopp562/esign.cpp b/cryptopp562/esign.cpp deleted file mode 100644 index 8b42c1f..0000000 --- a/cryptopp562/esign.cpp +++ /dev/null @@ -1,210 +0,0 @@ -// esign.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "esign.h" -#include "asn.h" -#include "modarith.h" -#include "nbtheory.h" -#include "sha.h" -#include "algparam.h" - -NAMESPACE_BEGIN(CryptoPP) - -void ESIGN_TestInstantiations() -{ - ESIGN<SHA>::Verifier x1(1, 1); - ESIGN<SHA>::Signer x2(NullRNG(), 1); - ESIGN<SHA>::Verifier x3(x2); - ESIGN<SHA>::Verifier x4(x2.GetKey()); - ESIGN<SHA>::Verifier x5(x3); - ESIGN<SHA>::Signer x6 = x2; - - x6 = x2; - x3 = ESIGN<SHA>::Verifier(x2); - x4 = x2.GetKey(); -} - -void ESIGNFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - m_e.BERDecode(seq); - seq.MessageEnd(); -} - -void ESIGNFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - m_e.DEREncode(seq); - seq.MessageEnd(); -} - -Integer ESIGNFunction::ApplyFunction(const Integer &x) const -{ - DoQuickSanityCheck(); - return STDMIN(a_exp_b_mod_c(x, m_e, m_n) >> (2*GetK()+2), MaxImage()); -} - -bool ESIGNFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_n > Integer::One() && m_n.IsOdd(); - pass = pass && m_e >= 8 && m_e < m_n; - return pass; -} - -bool ESIGNFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent) - ; -} - -void ESIGNFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent) - ; -} - -// ***************************************************************************** - -void InvertibleESIGNFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶m) -{ - int modulusSize = 1023*2; - param.GetIntValue("ModulusSize", modulusSize) || param.GetIntValue("KeySize", modulusSize); - - if (modulusSize < 24) - throw InvalidArgument("InvertibleESIGNFunction: specified modulus size is too small"); - - if (modulusSize % 3 != 0) - throw InvalidArgument("InvertibleESIGNFunction: modulus size must be divisible by 3"); - - m_e = param.GetValueWithDefault("PublicExponent", Integer(32)); - - if (m_e < 8) - throw InvalidArgument("InvertibleESIGNFunction: public exponents less than 8 may not be secure"); - - // VC70 workaround: putting these after primeParam causes overlapped stack allocation - ConstByteArrayParameter seedParam; - SecByteBlock seed; - - const Integer minP = Integer(204) << (modulusSize/3-8); - const Integer maxP = Integer::Power2(modulusSize/3)-1; - AlgorithmParameters primeParam = MakeParameters("Min", minP)("Max", maxP)("RandomNumberType", Integer::PRIME); - - if (param.GetValue("Seed", seedParam)) - { - seed.resize(seedParam.size() + 4); - memcpy(seed + 4, seedParam.begin(), seedParam.size()); - - PutWord(false, BIG_ENDIAN_ORDER, seed, (word32)0); - m_p.GenerateRandom(rng, CombinedNameValuePairs(primeParam, MakeParameters("Seed", ConstByteArrayParameter(seed)))); - PutWord(false, BIG_ENDIAN_ORDER, seed, (word32)1); - m_q.GenerateRandom(rng, CombinedNameValuePairs(primeParam, MakeParameters("Seed", ConstByteArrayParameter(seed)))); - } - else - { - m_p.GenerateRandom(rng, primeParam); - m_q.GenerateRandom(rng, primeParam); - } - - m_n = m_p * m_p * m_q; - - assert(m_n.BitCount() == modulusSize); -} - -void InvertibleESIGNFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder privateKey(bt); - m_n.BERDecode(privateKey); - m_e.BERDecode(privateKey); - m_p.BERDecode(privateKey); - m_q.BERDecode(privateKey); - privateKey.MessageEnd(); -} - -void InvertibleESIGNFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder privateKey(bt); - m_n.DEREncode(privateKey); - m_e.DEREncode(privateKey); - m_p.DEREncode(privateKey); - m_q.DEREncode(privateKey); - privateKey.MessageEnd(); -} - -Integer InvertibleESIGNFunction::CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const -{ - DoQuickSanityCheck(); - - Integer pq = m_p * m_q; - Integer p2 = m_p * m_p; - Integer r, z, re, a, w0, w1; - - do - { - r.Randomize(rng, Integer::Zero(), pq); - z = x << (2*GetK()+2); - re = a_exp_b_mod_c(r, m_e, m_n); - a = (z - re) % m_n; - Integer::Divide(w1, w0, a, pq); - if (w1.NotZero()) - { - ++w0; - w1 = pq - w1; - } - } - while ((w1 >> 2*GetK()+1).IsPositive()); - - ModularArithmetic modp(m_p); - Integer t = modp.Divide(w0 * r % m_p, m_e * re % m_p); - Integer s = r + t*pq; - assert(s < m_n); -/* - using namespace std; - cout << "f = " << x << endl; - cout << "r = " << r << endl; - cout << "z = " << z << endl; - cout << "a = " << a << endl; - cout << "w0 = " << w0 << endl; - cout << "w1 = " << w1 << endl; - cout << "t = " << t << endl; - cout << "s = " << s << endl; -*/ - return s; -} - -bool InvertibleESIGNFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = ESIGNFunction::Validate(rng, level); - pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n; - pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n; - pass = pass && m_p.BitCount() == m_q.BitCount(); - if (level >= 1) - pass = pass && m_p * m_p * m_q == m_n; - if (level >= 2) - pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); - return pass; -} - -bool InvertibleESIGNFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper<ESIGNFunction>(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_GET_FUNCTION_ENTRY(Prime2) - ; -} - -void InvertibleESIGNFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper<ESIGNFunction>(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime2) - ; -} - -NAMESPACE_END diff --git a/cryptopp562/esign.h b/cryptopp562/esign.h deleted file mode 100644 index 8eecbc5..0000000 --- a/cryptopp562/esign.h +++ /dev/null @@ -1,128 +0,0 @@ -#ifndef CRYPTOPP_ESIGN_H -#define CRYPTOPP_ESIGN_H - -/** \file - This file contains classes that implement the - ESIGN signature schemes as defined in IEEE P1363a. -*/ - -#include "pubkey.h" -#include "integer.h" -#include "asn.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class ESIGNFunction : public TrapdoorFunction, public ASN1CryptoMaterial<PublicKey> -{ - typedef ESIGNFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &e) - {m_n = n; m_e = e;} - - // PublicKey - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - // CryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - // TrapdoorFunction - Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return m_n;} - Integer ImageBound() const {return Integer::Power2(GetK());} - - // non-derived - const Integer & GetModulus() const {return m_n;} - const Integer & GetPublicExponent() const {return m_e;} - - void SetModulus(const Integer &n) {m_n = n;} - void SetPublicExponent(const Integer &e) {m_e = e;} - -protected: - unsigned int GetK() const {return m_n.BitCount()/3-1;} - - Integer m_n, m_e; -}; - -//! _ -class InvertibleESIGNFunction : public ESIGNFunction, public RandomizedTrapdoorFunctionInverse, public PrivateKey -{ - typedef InvertibleESIGNFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &e, const Integer &p, const Integer &q) - {m_n = n; m_e = e; m_p = p; m_q = q;} - // generate a random private key - void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits) - {GenerateRandomWithKeySize(rng, modulusBits);} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const; - - // GeneratibleCryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - /*! parameters: (ModulusSize) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - - const Integer& GetPrime1() const {return m_p;} - const Integer& GetPrime2() const {return m_q;} - - void SetPrime1(const Integer &p) {m_p = p;} - void SetPrime2(const Integer &q) {m_q = q;} - -protected: - Integer m_p, m_q; -}; - -//! _ -template <class T> -class EMSA5Pad : public PK_DeterministicSignatureMessageEncodingMethod -{ -public: - static const char *StaticAlgorithmName() {return "EMSA5";} - - void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const - { - SecByteBlock digest(hash.DigestSize()); - hash.Final(digest); - size_t representativeByteLength = BitsToBytes(representativeBitLength); - T mgf; - mgf.GenerateAndMask(hash, representative, representativeByteLength, digest, digest.size(), false); - if (representativeBitLength % 8 != 0) - representative[0] = (byte)Crop(representative[0], representativeBitLength % 8); - } -}; - -//! EMSA5, for use with ESIGN -struct P1363_EMSA5 : public SignatureStandard -{ - typedef EMSA5Pad<P1363_MGF1> SignatureMessageEncodingMethod; -}; - -struct ESIGN_Keys -{ - static std::string StaticAlgorithmName() {return "ESIGN";} - typedef ESIGNFunction PublicKey; - typedef InvertibleESIGNFunction PrivateKey; -}; - -//! ESIGN, as defined in IEEE P1363a -template <class H, class STANDARD = P1363_EMSA5> -struct ESIGN : public TF_SS<STANDARD, H, ESIGN_Keys> -{ -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/factory.h b/cryptopp562/factory.h deleted file mode 100644 index 5b65db3..0000000 --- a/cryptopp562/factory.h +++ /dev/null @@ -1,136 +0,0 @@ -#ifndef CRYPTOPP_OBJFACT_H -#define CRYPTOPP_OBJFACT_H - -#include "cryptlib.h" -#include <map> -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class AbstractClass> -class ObjectFactory -{ -public: - virtual ~ObjectFactory () {} - virtual AbstractClass * CreateObject() const =0; -}; - -//! _ -template <class AbstractClass, class ConcreteClass> -class DefaultObjectFactory : public ObjectFactory<AbstractClass> -{ -public: - AbstractClass * CreateObject() const - { - return new ConcreteClass; - } - -}; - -//! _ -template <class AbstractClass, int instance=0> -class ObjectFactoryRegistry -{ -public: - class FactoryNotFound : public Exception - { - public: - FactoryNotFound(const char *name) : Exception(OTHER_ERROR, std::string("ObjectFactoryRegistry: could not find factory for algorithm ") + name) {} - }; - - ~ObjectFactoryRegistry() - { - for (CPP_TYPENAME Map::iterator i = m_map.begin(); i != m_map.end(); ++i) - { - delete (ObjectFactory<AbstractClass> *)i->second; - i->second = NULL; - } - } - - void RegisterFactory(const std::string &name, ObjectFactory<AbstractClass> *factory) - { - m_map[name] = factory; - } - - const ObjectFactory<AbstractClass> * GetFactory(const char *name) const - { - CPP_TYPENAME Map::const_iterator i = m_map.find(name); - return i == m_map.end() ? NULL : (ObjectFactory<AbstractClass> *)i->second; - } - - AbstractClass *CreateObject(const char *name) const - { - const ObjectFactory<AbstractClass> *factory = GetFactory(name); - if (!factory) - throw FactoryNotFound(name); - return factory->CreateObject(); - } - - // Return a vector containing the factory names. This is easier than returning an iterator. - // from Andrew Pitonyak - std::vector<std::string> GetFactoryNames() const - { - std::vector<std::string> names; - CPP_TYPENAME Map::const_iterator iter; - for (iter = m_map.begin(); iter != m_map.end(); ++iter) - names.push_back(iter->first); - return names; - } - - CRYPTOPP_NOINLINE static ObjectFactoryRegistry<AbstractClass, instance> & Registry(CRYPTOPP_NOINLINE_DOTDOTDOT); - -private: - // use void * instead of ObjectFactory<AbstractClass> * to save code size - typedef std::map<std::string, void *> Map; - Map m_map; -}; - -template <class AbstractClass, int instance> -ObjectFactoryRegistry<AbstractClass, instance> & ObjectFactoryRegistry<AbstractClass, instance>::Registry(CRYPTOPP_NOINLINE_DOTDOTDOT) -{ - static ObjectFactoryRegistry<AbstractClass, instance> s_registry; - return s_registry; -} - -template <class AbstractClass, class ConcreteClass, int instance = 0> -struct RegisterDefaultFactoryFor { -RegisterDefaultFactoryFor(const char *name=NULL) -{ - // BCB2006 workaround - std::string n = name ? std::string(name) : std::string(ConcreteClass::StaticAlgorithmName()); - ObjectFactoryRegistry<AbstractClass, instance>::Registry(). - RegisterFactory(n, new DefaultObjectFactory<AbstractClass, ConcreteClass>); -}}; - -template <class SchemeClass> -void RegisterAsymmetricCipherDefaultFactories(const char *name=NULL, SchemeClass *dummy=NULL) -{ - RegisterDefaultFactoryFor<PK_Encryptor, CPP_TYPENAME SchemeClass::Encryptor>((const char *)name); - RegisterDefaultFactoryFor<PK_Decryptor, CPP_TYPENAME SchemeClass::Decryptor>((const char *)name); -} - -template <class SchemeClass> -void RegisterSignatureSchemeDefaultFactories(const char *name=NULL, SchemeClass *dummy=NULL) -{ - RegisterDefaultFactoryFor<PK_Signer, CPP_TYPENAME SchemeClass::Signer>((const char *)name); - RegisterDefaultFactoryFor<PK_Verifier, CPP_TYPENAME SchemeClass::Verifier>((const char *)name); -} - -template <class SchemeClass> -void RegisterSymmetricCipherDefaultFactories(const char *name=NULL, SchemeClass *dummy=NULL) -{ - RegisterDefaultFactoryFor<SymmetricCipher, CPP_TYPENAME SchemeClass::Encryption, ENCRYPTION>((const char *)name); - RegisterDefaultFactoryFor<SymmetricCipher, CPP_TYPENAME SchemeClass::Decryption, DECRYPTION>((const char *)name); -} - -template <class SchemeClass> -void RegisterAuthenticatedSymmetricCipherDefaultFactories(const char *name=NULL, SchemeClass *dummy=NULL) -{ - RegisterDefaultFactoryFor<AuthenticatedSymmetricCipher, CPP_TYPENAME SchemeClass::Encryption, ENCRYPTION>((const char *)name); - RegisterDefaultFactoryFor<AuthenticatedSymmetricCipher, CPP_TYPENAME SchemeClass::Decryption, DECRYPTION>((const char *)name); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/files.cpp b/cryptopp562/files.cpp deleted file mode 100644 index 453b562..0000000 --- a/cryptopp562/files.cpp +++ /dev/null @@ -1,259 +0,0 @@ -// files.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "files.h" - -#include <limits> - -NAMESPACE_BEGIN(CryptoPP) - -using namespace std; - -#ifndef NDEBUG -void Files_TestInstantiations() -{ - FileStore f0; - FileSource f1; - FileSink f2; -} -#endif - -void FileStore::StoreInitialize(const NameValuePairs ¶meters) -{ - m_waiting = false; - m_stream = NULL; - m_file.release(); - - const char *fileName = NULL; -#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 - const wchar_t *fileNameWide = NULL; - if (!parameters.GetValue(Name::InputFileNameWide(), fileNameWide)) -#endif - if (!parameters.GetValue(Name::InputFileName(), fileName)) - { - parameters.GetValue(Name::InputStreamPointer(), m_stream); - return; - } - - ios::openmode binary = parameters.GetValueWithDefault(Name::InputBinaryMode(), true) ? ios::binary : ios::openmode(0); - m_file.reset(new std::ifstream); -#ifdef CRYPTOPP_UNIX_AVAILABLE - std::string narrowed; - if (fileNameWide) - fileName = (narrowed = StringNarrow(fileNameWide)).c_str(); -#endif -#if _MSC_VER >= 1400 - if (fileNameWide) - { - m_file->open(fileNameWide, ios::in | binary); - if (!*m_file) - throw OpenErr(StringNarrow(fileNameWide, false)); - } -#endif - if (fileName) - { - m_file->open(fileName, ios::in | binary); - if (!*m_file) - throw OpenErr(fileName); - } - m_stream = m_file.get(); -} - -lword FileStore::MaxRetrievable() const -{ - if (!m_stream) - return 0; - - streampos current = m_stream->tellg(); - streampos end = m_stream->seekg(0, ios::end).tellg(); - m_stream->seekg(current); - return end-current; -} - -size_t FileStore::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - if (!m_stream) - { - transferBytes = 0; - return 0; - } - - lword size=transferBytes; - transferBytes = 0; - - if (m_waiting) - goto output; - - while (size && m_stream->good()) - { - { - size_t spaceSize = 1024; - m_space = HelpCreatePutSpace(target, channel, 1, UnsignedMin(size_t(0)-1, size), spaceSize); - - m_stream->read((char *)m_space, (unsigned int)STDMIN(size, (lword)spaceSize)); - } - m_len = (size_t)m_stream->gcount(); - size_t blockedBytes; -output: - blockedBytes = target.ChannelPutModifiable2(channel, m_space, m_len, 0, blocking); - m_waiting = blockedBytes > 0; - if (m_waiting) - return blockedBytes; - size -= m_len; - transferBytes += m_len; - } - - if (!m_stream->good() && !m_stream->eof()) - throw ReadErr(); - - return 0; -} - -size_t FileStore::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - if (!m_stream) - return 0; - - if (begin == 0 && end == 1) - { - int result = m_stream->peek(); - if (result == char_traits<char>::eof()) - return 0; - else - { - size_t blockedBytes = target.ChannelPut(channel, byte(result), blocking); - begin += 1-blockedBytes; - return blockedBytes; - } - } - - // TODO: figure out what happens on cin - streampos current = m_stream->tellg(); - streampos endPosition = m_stream->seekg(0, ios::end).tellg(); - streampos newPosition = current + (streamoff)begin; - - if (newPosition >= endPosition) - { - m_stream->seekg(current); - return 0; // don't try to seek beyond the end of file - } - m_stream->seekg(newPosition); - try - { - assert(!m_waiting); - lword copyMax = end-begin; - size_t blockedBytes = const_cast<FileStore *>(this)->TransferTo2(target, copyMax, channel, blocking); - begin += copyMax; - if (blockedBytes) - { - const_cast<FileStore *>(this)->m_waiting = false; - return blockedBytes; - } - } - catch(...) - { - m_stream->clear(); - m_stream->seekg(current); - throw; - } - m_stream->clear(); - m_stream->seekg(current); - - return 0; -} - -lword FileStore::Skip(lword skipMax) -{ - if (!m_stream) - return 0; - - lword oldPos = m_stream->tellg(); - std::istream::off_type offset; - if (!SafeConvert(skipMax, offset)) - throw InvalidArgument("FileStore: maximum seek offset exceeded"); - m_stream->seekg(offset, ios::cur); - return (lword)m_stream->tellg() - oldPos; -} - -void FileSink::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_stream = NULL; - m_file.release(); - - const char *fileName = NULL; -#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 - const wchar_t *fileNameWide = NULL; - if (!parameters.GetValue(Name::OutputFileNameWide(), fileNameWide)) -#endif - if (!parameters.GetValue(Name::OutputFileName(), fileName)) - { - parameters.GetValue(Name::OutputStreamPointer(), m_stream); - return; - } - - ios::openmode binary = parameters.GetValueWithDefault(Name::OutputBinaryMode(), true) ? ios::binary : ios::openmode(0); - m_file.reset(new std::ofstream); -#ifdef CRYPTOPP_UNIX_AVAILABLE - std::string narrowed; - if (fileNameWide) - fileName = (narrowed = StringNarrow(fileNameWide)).c_str(); -#endif -#if _MSC_VER >= 1400 - if (fileNameWide) - { - m_file->open(fileNameWide, ios::out | ios::trunc | binary); - if (!*m_file) - throw OpenErr(StringNarrow(fileNameWide, false)); - } -#endif - if (fileName) - { - m_file->open(fileName, ios::out | ios::trunc | binary); - if (!*m_file) - throw OpenErr(fileName); - } - m_stream = m_file.get(); -} - -bool FileSink::IsolatedFlush(bool hardFlush, bool blocking) -{ - if (!m_stream) - throw Err("FileSink: output stream not opened"); - - m_stream->flush(); - if (!m_stream->good()) - throw WriteErr(); - - return false; -} - -size_t FileSink::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - if (!m_stream) - throw Err("FileSink: output stream not opened"); - - while (length > 0) - { - std::streamsize size; - if (!SafeConvert(length, size)) - size = numeric_limits<std::streamsize>::max(); - m_stream->write((const char *)inString, size); - inString += size; - length -= (size_t)size; - } - - if (messageEnd) - m_stream->flush(); - - if (!m_stream->good()) - throw WriteErr(); - - return 0; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/files.h b/cryptopp562/files.h deleted file mode 100644 index a47e856..0000000 --- a/cryptopp562/files.h +++ /dev/null @@ -1,112 +0,0 @@ -#ifndef CRYPTOPP_FILES_H -#define CRYPTOPP_FILES_H - -#include "cryptlib.h" -#include "filters.h" -#include "argnames.h" - -#include <iostream> -#include <fstream> - -NAMESPACE_BEGIN(CryptoPP) - -//! file-based implementation of Store interface -class CRYPTOPP_DLL FileStore : public Store, private FilterPutSpaceHelper, public NotCopyable -{ -public: - class Err : public Exception - { - public: - Err(const std::string &s) : Exception(IO_ERROR, s) {} - }; - class OpenErr : public Err {public: OpenErr(const std::string &filename) : Err("FileStore: error opening file for reading: " + filename) {}}; - class ReadErr : public Err {public: ReadErr() : Err("FileStore: error reading file") {}}; - - FileStore() : m_stream(NULL) {} - FileStore(std::istream &in) - {StoreInitialize(MakeParameters(Name::InputStreamPointer(), &in));} - FileStore(const char *filename) - {StoreInitialize(MakeParameters(Name::InputFileName(), filename));} -#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 - //! specify file with Unicode name. On non-Windows OS, this function assumes that setlocale() has been called. - FileStore(const wchar_t *filename) - {StoreInitialize(MakeParameters(Name::InputFileNameWide(), filename));} -#endif - - std::istream* GetStream() {return m_stream;} - - lword MaxRetrievable() const; - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - lword Skip(lword skipMax=ULONG_MAX); - -private: - void StoreInitialize(const NameValuePairs ¶meters); - - member_ptr<std::ifstream> m_file; - std::istream *m_stream; - byte *m_space; - size_t m_len; - bool m_waiting; -}; - -//! file-based implementation of Source interface -class CRYPTOPP_DLL FileSource : public SourceTemplate<FileStore> -{ -public: - typedef FileStore::Err Err; - typedef FileStore::OpenErr OpenErr; - typedef FileStore::ReadErr ReadErr; - - FileSource(BufferedTransformation *attachment = NULL) - : SourceTemplate<FileStore>(attachment) {} - FileSource(std::istream &in, bool pumpAll, BufferedTransformation *attachment = NULL) - : SourceTemplate<FileStore>(attachment) {SourceInitialize(pumpAll, MakeParameters(Name::InputStreamPointer(), &in));} - FileSource(const char *filename, bool pumpAll, BufferedTransformation *attachment = NULL, bool binary=true) - : SourceTemplate<FileStore>(attachment) {SourceInitialize(pumpAll, MakeParameters(Name::InputFileName(), filename)(Name::InputBinaryMode(), binary));} -#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 - //! specify file with Unicode name. On non-Windows OS, this function assumes that setlocale() has been called. - FileSource(const wchar_t *filename, bool pumpAll, BufferedTransformation *attachment = NULL, bool binary=true) - : SourceTemplate<FileStore>(attachment) {SourceInitialize(pumpAll, MakeParameters(Name::InputFileNameWide(), filename)(Name::InputBinaryMode(), binary));} -#endif - - std::istream* GetStream() {return m_store.GetStream();} -}; - -//! file-based implementation of Sink interface -class CRYPTOPP_DLL FileSink : public Sink, public NotCopyable -{ -public: - class Err : public Exception - { - public: - Err(const std::string &s) : Exception(IO_ERROR, s) {} - }; - class OpenErr : public Err {public: OpenErr(const std::string &filename) : Err("FileSink: error opening file for writing: " + filename) {}}; - class WriteErr : public Err {public: WriteErr() : Err("FileSink: error writing file") {}}; - - FileSink() : m_stream(NULL) {} - FileSink(std::ostream &out) - {IsolatedInitialize(MakeParameters(Name::OutputStreamPointer(), &out));} - FileSink(const char *filename, bool binary=true) - {IsolatedInitialize(MakeParameters(Name::OutputFileName(), filename)(Name::OutputBinaryMode(), binary));} -#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 - //! specify file with Unicode name. On non-Windows OS, this function assumes that setlocale() has been called. - FileSink(const wchar_t *filename, bool binary=true) - {IsolatedInitialize(MakeParameters(Name::OutputFileNameWide(), filename)(Name::OutputBinaryMode(), binary));} -#endif - - std::ostream* GetStream() {return m_stream;} - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - bool IsolatedFlush(bool hardFlush, bool blocking); - -private: - member_ptr<std::ofstream> m_file; - std::ostream *m_stream; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/filters.cpp b/cryptopp562/filters.cpp deleted file mode 100644 index 083dfd3..0000000 --- a/cryptopp562/filters.cpp +++ /dev/null @@ -1,1120 +0,0 @@ -// filters.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "filters.h" -#include "mqueue.h" -#include "fltrimpl.h" -#include "argnames.h" -#include <memory> -#include <functional> - -NAMESPACE_BEGIN(CryptoPP) - -Filter::Filter(BufferedTransformation *attachment) - : m_attachment(attachment), m_continueAt(0) -{ -} - -BufferedTransformation * Filter::NewDefaultAttachment() const -{ - return new MessageQueue; -} - -BufferedTransformation * Filter::AttachedTransformation() -{ - if (m_attachment.get() == NULL) - m_attachment.reset(NewDefaultAttachment()); - return m_attachment.get(); -} - -const BufferedTransformation *Filter::AttachedTransformation() const -{ - if (m_attachment.get() == NULL) - const_cast<Filter *>(this)->m_attachment.reset(NewDefaultAttachment()); - return m_attachment.get(); -} - -void Filter::Detach(BufferedTransformation *newOut) -{ - m_attachment.reset(newOut); -} - -void Filter::Insert(Filter *filter) -{ - filter->m_attachment.reset(m_attachment.release()); - m_attachment.reset(filter); -} - -size_t Filter::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - return AttachedTransformation()->CopyRangeTo2(target, begin, end, channel, blocking); -} - -size_t Filter::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - return AttachedTransformation()->TransferTo2(target, transferBytes, channel, blocking); -} - -void Filter::Initialize(const NameValuePairs ¶meters, int propagation) -{ - m_continueAt = 0; - IsolatedInitialize(parameters); - PropagateInitialize(parameters, propagation); -} - -bool Filter::Flush(bool hardFlush, int propagation, bool blocking) -{ - switch (m_continueAt) - { - case 0: - if (IsolatedFlush(hardFlush, blocking)) - return true; - case 1: - if (OutputFlush(1, hardFlush, propagation, blocking)) - return true; - } - return false; -} - -bool Filter::MessageSeriesEnd(int propagation, bool blocking) -{ - switch (m_continueAt) - { - case 0: - if (IsolatedMessageSeriesEnd(blocking)) - return true; - case 1: - if (ShouldPropagateMessageSeriesEnd() && OutputMessageSeriesEnd(1, propagation, blocking)) - return true; - } - return false; -} - -void Filter::PropagateInitialize(const NameValuePairs ¶meters, int propagation) -{ - if (propagation) - AttachedTransformation()->Initialize(parameters, propagation-1); -} - -size_t Filter::OutputModifiable(int outputSite, byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel) -{ - if (messageEnd) - messageEnd--; - size_t result = AttachedTransformation()->ChannelPutModifiable2(channel, inString, length, messageEnd, blocking); - m_continueAt = result ? outputSite : 0; - return result; -} - -size_t Filter::Output(int outputSite, const byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel) -{ - if (messageEnd) - messageEnd--; - size_t result = AttachedTransformation()->ChannelPut2(channel, inString, length, messageEnd, blocking); - m_continueAt = result ? outputSite : 0; - return result; -} - -bool Filter::OutputFlush(int outputSite, bool hardFlush, int propagation, bool blocking, const std::string &channel) -{ - if (propagation && AttachedTransformation()->ChannelFlush(channel, hardFlush, propagation-1, blocking)) - { - m_continueAt = outputSite; - return true; - } - m_continueAt = 0; - return false; -} - -bool Filter::OutputMessageSeriesEnd(int outputSite, int propagation, bool blocking, const std::string &channel) -{ - if (propagation && AttachedTransformation()->ChannelMessageSeriesEnd(channel, propagation-1, blocking)) - { - m_continueAt = outputSite; - return true; - } - m_continueAt = 0; - return false; -} - -// ************************************************************* - -void MeterFilter::ResetMeter() -{ - m_currentMessageBytes = m_totalBytes = m_currentSeriesMessages = m_totalMessages = m_totalMessageSeries = 0; - m_rangesToSkip.clear(); -} - -void MeterFilter::AddRangeToSkip(unsigned int message, lword position, lword size, bool sortNow) -{ - MessageRange r = {message, position, size}; - m_rangesToSkip.push_back(r); - if (sortNow) - std::sort(m_rangesToSkip.begin(), m_rangesToSkip.end()); -} - -size_t MeterFilter::PutMaybeModifiable(byte *begin, size_t length, int messageEnd, bool blocking, bool modifiable) -{ - if (!m_transparent) - return 0; - - size_t t; - FILTER_BEGIN; - - m_begin = begin; - m_length = length; - - while (m_length > 0 || messageEnd) - { - if (m_length > 0 && !m_rangesToSkip.empty() && m_rangesToSkip.front().message == m_totalMessages && m_currentMessageBytes + m_length > m_rangesToSkip.front().position) - { - FILTER_OUTPUT_MAYBE_MODIFIABLE(1, m_begin, t = (size_t)SaturatingSubtract(m_rangesToSkip.front().position, m_currentMessageBytes), false, modifiable); - - assert(t < m_length); - m_begin += t; - m_length -= t; - m_currentMessageBytes += t; - m_totalBytes += t; - - if (m_currentMessageBytes + m_length < m_rangesToSkip.front().position + m_rangesToSkip.front().size) - t = m_length; - else - { - t = (size_t)SaturatingSubtract(m_rangesToSkip.front().position + m_rangesToSkip.front().size, m_currentMessageBytes); - assert(t <= m_length); - m_rangesToSkip.pop_front(); - } - - m_begin += t; - m_length -= t; - m_currentMessageBytes += t; - m_totalBytes += t; - } - else - { - FILTER_OUTPUT_MAYBE_MODIFIABLE(2, m_begin, m_length, messageEnd, modifiable); - - m_currentMessageBytes += m_length; - m_totalBytes += m_length; - m_length = 0; - - if (messageEnd) - { - m_currentMessageBytes = 0; - m_currentSeriesMessages++; - m_totalMessages++; - messageEnd = false; - } - } - } - - FILTER_END_NO_MESSAGE_END; -} - -size_t MeterFilter::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - return PutMaybeModifiable(const_cast<byte *>(begin), length, messageEnd, blocking, false); -} - -size_t MeterFilter::PutModifiable2(byte *begin, size_t length, int messageEnd, bool blocking) -{ - return PutMaybeModifiable(begin, length, messageEnd, blocking, true); -} - -bool MeterFilter::IsolatedMessageSeriesEnd(bool blocking) -{ - m_currentMessageBytes = 0; - m_currentSeriesMessages = 0; - m_totalMessageSeries++; - return false; -} - -// ************************************************************* - -void FilterWithBufferedInput::BlockQueue::ResetQueue(size_t blockSize, size_t maxBlocks) -{ - m_buffer.New(blockSize * maxBlocks); - m_blockSize = blockSize; - m_maxBlocks = maxBlocks; - m_size = 0; - m_begin = m_buffer; -} - -byte *FilterWithBufferedInput::BlockQueue::GetBlock() -{ - if (m_size >= m_blockSize) - { - byte *ptr = m_begin; - if ((m_begin+=m_blockSize) == m_buffer.end()) - m_begin = m_buffer; - m_size -= m_blockSize; - return ptr; - } - else - return NULL; -} - -byte *FilterWithBufferedInput::BlockQueue::GetContigousBlocks(size_t &numberOfBytes) -{ - numberOfBytes = STDMIN(numberOfBytes, STDMIN(size_t(m_buffer.end()-m_begin), m_size)); - byte *ptr = m_begin; - m_begin += numberOfBytes; - m_size -= numberOfBytes; - if (m_size == 0 || m_begin == m_buffer.end()) - m_begin = m_buffer; - return ptr; -} - -size_t FilterWithBufferedInput::BlockQueue::GetAll(byte *outString) -{ - size_t size = m_size; - size_t numberOfBytes = m_maxBlocks*m_blockSize; - const byte *ptr = GetContigousBlocks(numberOfBytes); - memcpy(outString, ptr, numberOfBytes); - memcpy(outString+numberOfBytes, m_begin, m_size); - m_size = 0; - return size; -} - -void FilterWithBufferedInput::BlockQueue::Put(const byte *inString, size_t length) -{ - assert(m_size + length <= m_buffer.size()); - byte *end = (m_size < size_t(m_buffer.end()-m_begin)) ? m_begin + m_size : m_begin + m_size - m_buffer.size(); - size_t len = STDMIN(length, size_t(m_buffer.end()-end)); - memcpy(end, inString, len); - if (len < length) - memcpy(m_buffer, inString+len, length-len); - m_size += length; -} - -FilterWithBufferedInput::FilterWithBufferedInput(BufferedTransformation *attachment) - : Filter(attachment) -{ -} - -FilterWithBufferedInput::FilterWithBufferedInput(size_t firstSize, size_t blockSize, size_t lastSize, BufferedTransformation *attachment) - : Filter(attachment), m_firstSize(firstSize), m_blockSize(blockSize), m_lastSize(lastSize) - , m_firstInputDone(false) -{ - if (m_firstSize < 0 || m_blockSize < 1 || m_lastSize < 0) - throw InvalidArgument("FilterWithBufferedInput: invalid buffer size"); - - m_queue.ResetQueue(1, m_firstSize); -} - -void FilterWithBufferedInput::IsolatedInitialize(const NameValuePairs ¶meters) -{ - InitializeDerivedAndReturnNewSizes(parameters, m_firstSize, m_blockSize, m_lastSize); - if (m_firstSize < 0 || m_blockSize < 1 || m_lastSize < 0) - throw InvalidArgument("FilterWithBufferedInput: invalid buffer size"); - m_queue.ResetQueue(1, m_firstSize); - m_firstInputDone = false; -} - -bool FilterWithBufferedInput::IsolatedFlush(bool hardFlush, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("FilterWithBufferedInput"); - - if (hardFlush) - ForceNextPut(); - FlushDerived(); - - return false; -} - -size_t FilterWithBufferedInput::PutMaybeModifiable(byte *inString, size_t length, int messageEnd, bool blocking, bool modifiable) -{ - if (!blocking) - throw BlockingInputOnly("FilterWithBufferedInput"); - - if (length != 0) - { - size_t newLength = m_queue.CurrentSize() + length; - - if (!m_firstInputDone && newLength >= m_firstSize) - { - size_t len = m_firstSize - m_queue.CurrentSize(); - m_queue.Put(inString, len); - FirstPut(m_queue.GetContigousBlocks(m_firstSize)); - assert(m_queue.CurrentSize() == 0); - m_queue.ResetQueue(m_blockSize, (2*m_blockSize+m_lastSize-2)/m_blockSize); - - inString += len; - newLength -= m_firstSize; - m_firstInputDone = true; - } - - if (m_firstInputDone) - { - if (m_blockSize == 1) - { - while (newLength > m_lastSize && m_queue.CurrentSize() > 0) - { - size_t len = newLength - m_lastSize; - byte *ptr = m_queue.GetContigousBlocks(len); - NextPutModifiable(ptr, len); - newLength -= len; - } - - if (newLength > m_lastSize) - { - size_t len = newLength - m_lastSize; - NextPutMaybeModifiable(inString, len, modifiable); - inString += len; - newLength -= len; - } - } - else - { - while (newLength >= m_blockSize + m_lastSize && m_queue.CurrentSize() >= m_blockSize) - { - NextPutModifiable(m_queue.GetBlock(), m_blockSize); - newLength -= m_blockSize; - } - - if (newLength >= m_blockSize + m_lastSize && m_queue.CurrentSize() > 0) - { - assert(m_queue.CurrentSize() < m_blockSize); - size_t len = m_blockSize - m_queue.CurrentSize(); - m_queue.Put(inString, len); - inString += len; - NextPutModifiable(m_queue.GetBlock(), m_blockSize); - newLength -= m_blockSize; - } - - if (newLength >= m_blockSize + m_lastSize) - { - size_t len = RoundDownToMultipleOf(newLength - m_lastSize, m_blockSize); - NextPutMaybeModifiable(inString, len, modifiable); - inString += len; - newLength -= len; - } - } - } - - m_queue.Put(inString, newLength - m_queue.CurrentSize()); - } - - if (messageEnd) - { - if (!m_firstInputDone && m_firstSize==0) - FirstPut(NULL); - - SecByteBlock temp(m_queue.CurrentSize()); - m_queue.GetAll(temp); - LastPut(temp, temp.size()); - - m_firstInputDone = false; - m_queue.ResetQueue(1, m_firstSize); - - Output(1, NULL, 0, messageEnd, blocking); - } - return 0; -} - -void FilterWithBufferedInput::ForceNextPut() -{ - if (!m_firstInputDone) - return; - - if (m_blockSize > 1) - { - while (m_queue.CurrentSize() >= m_blockSize) - NextPutModifiable(m_queue.GetBlock(), m_blockSize); - } - else - { - size_t len; - while ((len = m_queue.CurrentSize()) > 0) - NextPutModifiable(m_queue.GetContigousBlocks(len), len); - } -} - -void FilterWithBufferedInput::NextPutMultiple(const byte *inString, size_t length) -{ - assert(m_blockSize > 1); // m_blockSize = 1 should always override this function - while (length > 0) - { - assert(length >= m_blockSize); - NextPutSingle(inString); - inString += m_blockSize; - length -= m_blockSize; - } -} - -// ************************************************************* - -void Redirector::Initialize(const NameValuePairs ¶meters, int propagation) -{ - m_target = parameters.GetValueWithDefault("RedirectionTargetPointer", (BufferedTransformation*)NULL); - m_behavior = parameters.GetIntValueWithDefault("RedirectionBehavior", PASS_EVERYTHING); - - if (m_target && GetPassSignals()) - m_target->Initialize(parameters, propagation); -} - -// ************************************************************* - -ProxyFilter::ProxyFilter(BufferedTransformation *filter, size_t firstSize, size_t lastSize, BufferedTransformation *attachment) - : FilterWithBufferedInput(firstSize, 1, lastSize, attachment), m_filter(filter) -{ - if (m_filter.get()) - m_filter->Attach(new OutputProxy(*this, false)); -} - -bool ProxyFilter::IsolatedFlush(bool hardFlush, bool blocking) -{ - return m_filter.get() ? m_filter->Flush(hardFlush, -1, blocking) : false; -} - -void ProxyFilter::SetFilter(Filter *filter) -{ - m_filter.reset(filter); - if (filter) - { - OutputProxy *proxy; - std::auto_ptr<OutputProxy> temp(proxy = new OutputProxy(*this, false)); - m_filter->TransferAllTo(*proxy); - m_filter->Attach(temp.release()); - } -} - -void ProxyFilter::NextPutMultiple(const byte *s, size_t len) -{ - if (m_filter.get()) - m_filter->Put(s, len); -} - -void ProxyFilter::NextPutModifiable(byte *s, size_t len) -{ - if (m_filter.get()) - m_filter->PutModifiable(s, len); -} - -// ************************************************************* - -void RandomNumberSink::IsolatedInitialize(const NameValuePairs ¶meters) -{ - parameters.GetRequiredParameter("RandomNumberSink", "RandomNumberGeneratorPointer", m_rng); -} - -size_t RandomNumberSink::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - m_rng->IncorporateEntropy(begin, length); - return 0; -} - -size_t ArraySink::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (m_buf+m_total != begin) - memcpy(m_buf+m_total, begin, STDMIN(length, SaturatingSubtract(m_size, m_total))); - m_total += length; - return 0; -} - -byte * ArraySink::CreatePutSpace(size_t &size) -{ - size = SaturatingSubtract(m_size, m_total); - return m_buf + m_total; -} - -void ArraySink::IsolatedInitialize(const NameValuePairs ¶meters) -{ - ByteArrayParameter array; - if (!parameters.GetValue(Name::OutputBuffer(), array)) - throw InvalidArgument("ArraySink: missing OutputBuffer argument"); - m_buf = array.begin(); - m_size = array.size(); - m_total = 0; -} - -size_t ArrayXorSink::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - xorbuf(m_buf+m_total, begin, STDMIN(length, SaturatingSubtract(m_size, m_total))); - m_total += length; - return 0; -} - -// ************************************************************* - -StreamTransformationFilter::StreamTransformationFilter(StreamTransformation &c, BufferedTransformation *attachment, BlockPaddingScheme padding, bool allowAuthenticatedSymmetricCipher) - : FilterWithBufferedInput(attachment) - , m_cipher(c) -{ - assert(c.MinLastBlockSize() == 0 || c.MinLastBlockSize() > c.MandatoryBlockSize()); - - if (!allowAuthenticatedSymmetricCipher && dynamic_cast<AuthenticatedSymmetricCipher *>(&c) != 0) - throw InvalidArgument("StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher"); - - IsolatedInitialize(MakeParameters(Name::BlockPaddingScheme(), padding)); -} - -size_t StreamTransformationFilter::LastBlockSize(StreamTransformation &c, BlockPaddingScheme padding) -{ - if (c.MinLastBlockSize() > 0) - return c.MinLastBlockSize(); - else if (c.MandatoryBlockSize() > 1 && !c.IsForwardTransformation() && padding != NO_PADDING && padding != ZEROS_PADDING) - return c.MandatoryBlockSize(); - else - return 0; -} - -void StreamTransformationFilter::InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize) -{ - BlockPaddingScheme padding = parameters.GetValueWithDefault(Name::BlockPaddingScheme(), DEFAULT_PADDING); - bool isBlockCipher = (m_cipher.MandatoryBlockSize() > 1 && m_cipher.MinLastBlockSize() == 0); - - if (padding == DEFAULT_PADDING) - m_padding = isBlockCipher ? PKCS_PADDING : NO_PADDING; - else - m_padding = padding; - - if (!isBlockCipher && (m_padding == PKCS_PADDING || m_padding == ONE_AND_ZEROS_PADDING)) - throw InvalidArgument("StreamTransformationFilter: PKCS_PADDING and ONE_AND_ZEROS_PADDING cannot be used with " + m_cipher.AlgorithmName()); - - firstSize = 0; - blockSize = m_cipher.MandatoryBlockSize(); - lastSize = LastBlockSize(m_cipher, m_padding); -} - -void StreamTransformationFilter::FirstPut(const byte *inString) -{ - m_optimalBufferSize = m_cipher.OptimalBlockSize(); - m_optimalBufferSize = (unsigned int)STDMAX(m_optimalBufferSize, RoundDownToMultipleOf(4096U, m_optimalBufferSize)); -} - -void StreamTransformationFilter::NextPutMultiple(const byte *inString, size_t length) -{ - if (!length) - return; - - size_t s = m_cipher.MandatoryBlockSize(); - - do - { - size_t len = m_optimalBufferSize; - byte *space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, s, length, len); - if (len < length) - { - if (len == m_optimalBufferSize) - len -= m_cipher.GetOptimalBlockSizeUsed(); - len = RoundDownToMultipleOf(len, s); - } - else - len = length; - m_cipher.ProcessString(space, inString, len); - AttachedTransformation()->PutModifiable(space, len); - inString += len; - length -= len; - } - while (length > 0); -} - -void StreamTransformationFilter::NextPutModifiable(byte *inString, size_t length) -{ - m_cipher.ProcessString(inString, length); - AttachedTransformation()->PutModifiable(inString, length); -} - -void StreamTransformationFilter::LastPut(const byte *inString, size_t length) -{ - byte *space = NULL; - - switch (m_padding) - { - case NO_PADDING: - case ZEROS_PADDING: - if (length > 0) - { - size_t minLastBlockSize = m_cipher.MinLastBlockSize(); - bool isForwardTransformation = m_cipher.IsForwardTransformation(); - - if (isForwardTransformation && m_padding == ZEROS_PADDING && (minLastBlockSize == 0 || length < minLastBlockSize)) - { - // do padding - size_t blockSize = STDMAX(minLastBlockSize, (size_t)m_cipher.MandatoryBlockSize()); - space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, blockSize); - memcpy(space, inString, length); - memset(space + length, 0, blockSize - length); - m_cipher.ProcessLastBlock(space, space, blockSize); - AttachedTransformation()->Put(space, blockSize); - } - else - { - if (minLastBlockSize == 0) - { - if (isForwardTransformation) - throw InvalidDataFormat("StreamTransformationFilter: plaintext length is not a multiple of block size and NO_PADDING is specified"); - else - throw InvalidCiphertext("StreamTransformationFilter: ciphertext length is not a multiple of block size"); - } - - space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, length, m_optimalBufferSize); - m_cipher.ProcessLastBlock(space, inString, length); - AttachedTransformation()->Put(space, length); - } - } - break; - - case PKCS_PADDING: - case ONE_AND_ZEROS_PADDING: - unsigned int s; - s = m_cipher.MandatoryBlockSize(); - assert(s > 1); - space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, s, m_optimalBufferSize); - if (m_cipher.IsForwardTransformation()) - { - assert(length < s); - memcpy(space, inString, length); - if (m_padding == PKCS_PADDING) - { - assert(s < 256); - byte pad = byte(s-length); - memset(space+length, pad, s-length); - } - else - { - space[length] = 0x80; - memset(space+length+1, 0, s-length-1); - } - m_cipher.ProcessData(space, space, s); - AttachedTransformation()->Put(space, s); - } - else - { - if (length != s) - throw InvalidCiphertext("StreamTransformationFilter: ciphertext length is not a multiple of block size"); - m_cipher.ProcessData(space, inString, s); - if (m_padding == PKCS_PADDING) - { - byte pad = space[s-1]; - if (pad < 1 || pad > s || std::find_if(space+s-pad, space+s, std::bind2nd(std::not_equal_to<byte>(), pad)) != space+s) - throw InvalidCiphertext("StreamTransformationFilter: invalid PKCS #7 block padding found"); - length = s-pad; - } - else - { - while (length > 1 && space[length-1] == 0) - --length; - if (space[--length] != 0x80) - throw InvalidCiphertext("StreamTransformationFilter: invalid ones-and-zeros padding found"); - } - AttachedTransformation()->Put(space, length); - } - break; - - default: - assert(false); - } -} - -// ************************************************************* - -HashFilter::HashFilter(HashTransformation &hm, BufferedTransformation *attachment, bool putMessage, int truncatedDigestSize, const std::string &messagePutChannel, const std::string &hashPutChannel) - : m_hashModule(hm), m_putMessage(putMessage), m_messagePutChannel(messagePutChannel), m_hashPutChannel(hashPutChannel) -{ - m_digestSize = truncatedDigestSize < 0 ? m_hashModule.DigestSize() : truncatedDigestSize; - Detach(attachment); -} - -void HashFilter::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_putMessage = parameters.GetValueWithDefault(Name::PutMessage(), false); - int s = parameters.GetIntValueWithDefault(Name::TruncatedDigestSize(), -1); - m_digestSize = s < 0 ? m_hashModule.DigestSize() : s; -} - -size_t HashFilter::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - FILTER_BEGIN; - if (m_putMessage) - FILTER_OUTPUT3(1, 0, inString, length, 0, m_messagePutChannel); - m_hashModule.Update(inString, length); - if (messageEnd) - { - { - size_t size; - m_space = HelpCreatePutSpace(*AttachedTransformation(), m_hashPutChannel, m_digestSize, m_digestSize, size = m_digestSize); - m_hashModule.TruncatedFinal(m_space, m_digestSize); - } - FILTER_OUTPUT3(2, 0, m_space, m_digestSize, messageEnd, m_hashPutChannel); - } - FILTER_END_NO_MESSAGE_END; -} - -// ************************************************************* - -HashVerificationFilter::HashVerificationFilter(HashTransformation &hm, BufferedTransformation *attachment, word32 flags, int truncatedDigestSize) - : FilterWithBufferedInput(attachment) - , m_hashModule(hm) -{ - IsolatedInitialize(MakeParameters(Name::HashVerificationFilterFlags(), flags)(Name::TruncatedDigestSize(), truncatedDigestSize)); -} - -void HashVerificationFilter::InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize) -{ - m_flags = parameters.GetValueWithDefault(Name::HashVerificationFilterFlags(), (word32)DEFAULT_FLAGS); - int s = parameters.GetIntValueWithDefault(Name::TruncatedDigestSize(), -1); - m_digestSize = s < 0 ? m_hashModule.DigestSize() : s; - m_verified = false; - firstSize = m_flags & HASH_AT_BEGIN ? m_digestSize : 0; - blockSize = 1; - lastSize = m_flags & HASH_AT_BEGIN ? 0 : m_digestSize; -} - -void HashVerificationFilter::FirstPut(const byte *inString) -{ - if (m_flags & HASH_AT_BEGIN) - { - m_expectedHash.New(m_digestSize); - memcpy(m_expectedHash, inString, m_expectedHash.size()); - if (m_flags & PUT_HASH) - AttachedTransformation()->Put(inString, m_expectedHash.size()); - } -} - -void HashVerificationFilter::NextPutMultiple(const byte *inString, size_t length) -{ - m_hashModule.Update(inString, length); - if (m_flags & PUT_MESSAGE) - AttachedTransformation()->Put(inString, length); -} - -void HashVerificationFilter::LastPut(const byte *inString, size_t length) -{ - if (m_flags & HASH_AT_BEGIN) - { - assert(length == 0); - m_verified = m_hashModule.TruncatedVerify(m_expectedHash, m_digestSize); - } - else - { - m_verified = (length==m_digestSize && m_hashModule.TruncatedVerify(inString, length)); - if (m_flags & PUT_HASH) - AttachedTransformation()->Put(inString, length); - } - - if (m_flags & PUT_RESULT) - AttachedTransformation()->Put(m_verified); - - if ((m_flags & THROW_EXCEPTION) && !m_verified) - throw HashVerificationFailed(); -} - -// ************************************************************* - -AuthenticatedEncryptionFilter::AuthenticatedEncryptionFilter(AuthenticatedSymmetricCipher &c, BufferedTransformation *attachment, - bool putAAD, int truncatedDigestSize, const std::string &macChannel, BlockPaddingScheme padding) - : StreamTransformationFilter(c, attachment, padding, true) - , m_hf(c, new OutputProxy(*this, false), putAAD, truncatedDigestSize, AAD_CHANNEL, macChannel) -{ - assert(c.IsForwardTransformation()); -} - -void AuthenticatedEncryptionFilter::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_hf.IsolatedInitialize(parameters); - StreamTransformationFilter::IsolatedInitialize(parameters); -} - -byte * AuthenticatedEncryptionFilter::ChannelCreatePutSpace(const std::string &channel, size_t &size) -{ - if (channel.empty()) - return StreamTransformationFilter::CreatePutSpace(size); - - if (channel == AAD_CHANNEL) - return m_hf.CreatePutSpace(size); - - throw InvalidChannelName("AuthenticatedEncryptionFilter", channel); -} - -size_t AuthenticatedEncryptionFilter::ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (channel.empty()) - return StreamTransformationFilter::Put2(begin, length, messageEnd, blocking); - - if (channel == AAD_CHANNEL) - return m_hf.Put2(begin, length, 0, blocking); - - throw InvalidChannelName("AuthenticatedEncryptionFilter", channel); -} - -void AuthenticatedEncryptionFilter::LastPut(const byte *inString, size_t length) -{ - StreamTransformationFilter::LastPut(inString, length); - m_hf.MessageEnd(); -} - -// ************************************************************* - -AuthenticatedDecryptionFilter::AuthenticatedDecryptionFilter(AuthenticatedSymmetricCipher &c, BufferedTransformation *attachment, word32 flags, int truncatedDigestSize, BlockPaddingScheme padding) - : FilterWithBufferedInput(attachment) - , m_hashVerifier(c, new OutputProxy(*this, false)) - , m_streamFilter(c, new OutputProxy(*this, false), padding, true) -{ - assert(!c.IsForwardTransformation() || c.IsSelfInverting()); - IsolatedInitialize(MakeParameters(Name::BlockPaddingScheme(), padding)(Name::AuthenticatedDecryptionFilterFlags(), flags)(Name::TruncatedDigestSize(), truncatedDigestSize)); -} - -void AuthenticatedDecryptionFilter::InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize) -{ - word32 flags = parameters.GetValueWithDefault(Name::AuthenticatedDecryptionFilterFlags(), (word32)DEFAULT_FLAGS); - - m_hashVerifier.Initialize(CombinedNameValuePairs(parameters, MakeParameters(Name::HashVerificationFilterFlags(), flags))); - m_streamFilter.Initialize(parameters); - - firstSize = m_hashVerifier.m_firstSize; - blockSize = 1; - lastSize = m_hashVerifier.m_lastSize; -} - -byte * AuthenticatedDecryptionFilter::ChannelCreatePutSpace(const std::string &channel, size_t &size) -{ - if (channel.empty()) - return m_streamFilter.CreatePutSpace(size); - - if (channel == AAD_CHANNEL) - return m_hashVerifier.CreatePutSpace(size); - - throw InvalidChannelName("AuthenticatedDecryptionFilter", channel); -} - -size_t AuthenticatedDecryptionFilter::ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (channel.empty()) - { - if (m_lastSize > 0) - m_hashVerifier.ForceNextPut(); - return FilterWithBufferedInput::Put2(begin, length, messageEnd, blocking); - } - - if (channel == AAD_CHANNEL) - return m_hashVerifier.Put2(begin, length, 0, blocking); - - throw InvalidChannelName("AuthenticatedDecryptionFilter", channel); -} - -void AuthenticatedDecryptionFilter::FirstPut(const byte *inString) -{ - m_hashVerifier.Put(inString, m_firstSize); -} - -void AuthenticatedDecryptionFilter::NextPutMultiple(const byte *inString, size_t length) -{ - m_streamFilter.Put(inString, length); -} - -void AuthenticatedDecryptionFilter::LastPut(const byte *inString, size_t length) -{ - m_streamFilter.MessageEnd(); - m_hashVerifier.PutMessageEnd(inString, length); -} - -// ************************************************************* - -void SignerFilter::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_putMessage = parameters.GetValueWithDefault(Name::PutMessage(), false); - m_messageAccumulator.reset(m_signer.NewSignatureAccumulator(m_rng)); -} - -size_t SignerFilter::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - FILTER_BEGIN; - m_messageAccumulator->Update(inString, length); - if (m_putMessage) - FILTER_OUTPUT(1, inString, length, 0); - if (messageEnd) - { - m_buf.New(m_signer.SignatureLength()); - m_signer.Sign(m_rng, m_messageAccumulator.release(), m_buf); - FILTER_OUTPUT(2, m_buf, m_buf.size(), messageEnd); - m_messageAccumulator.reset(m_signer.NewSignatureAccumulator(m_rng)); - } - FILTER_END_NO_MESSAGE_END; -} - -SignatureVerificationFilter::SignatureVerificationFilter(const PK_Verifier &verifier, BufferedTransformation *attachment, word32 flags) - : FilterWithBufferedInput(attachment) - , m_verifier(verifier) -{ - IsolatedInitialize(MakeParameters(Name::SignatureVerificationFilterFlags(), flags)); -} - -void SignatureVerificationFilter::InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize) -{ - m_flags = parameters.GetValueWithDefault(Name::SignatureVerificationFilterFlags(), (word32)DEFAULT_FLAGS); - m_messageAccumulator.reset(m_verifier.NewVerificationAccumulator()); - size_t size = m_verifier.SignatureLength(); - assert(size != 0); // TODO: handle recoverable signature scheme - m_verified = false; - firstSize = m_flags & SIGNATURE_AT_BEGIN ? size : 0; - blockSize = 1; - lastSize = m_flags & SIGNATURE_AT_BEGIN ? 0 : size; -} - -void SignatureVerificationFilter::FirstPut(const byte *inString) -{ - if (m_flags & SIGNATURE_AT_BEGIN) - { - if (m_verifier.SignatureUpfront()) - m_verifier.InputSignature(*m_messageAccumulator, inString, m_verifier.SignatureLength()); - else - { - m_signature.New(m_verifier.SignatureLength()); - memcpy(m_signature, inString, m_signature.size()); - } - - if (m_flags & PUT_SIGNATURE) - AttachedTransformation()->Put(inString, m_signature.size()); - } - else - { - assert(!m_verifier.SignatureUpfront()); - } -} - -void SignatureVerificationFilter::NextPutMultiple(const byte *inString, size_t length) -{ - m_messageAccumulator->Update(inString, length); - if (m_flags & PUT_MESSAGE) - AttachedTransformation()->Put(inString, length); -} - -void SignatureVerificationFilter::LastPut(const byte *inString, size_t length) -{ - if (m_flags & SIGNATURE_AT_BEGIN) - { - assert(length == 0); - m_verifier.InputSignature(*m_messageAccumulator, m_signature, m_signature.size()); - m_verified = m_verifier.VerifyAndRestart(*m_messageAccumulator); - } - else - { - m_verifier.InputSignature(*m_messageAccumulator, inString, length); - m_verified = m_verifier.VerifyAndRestart(*m_messageAccumulator); - if (m_flags & PUT_SIGNATURE) - AttachedTransformation()->Put(inString, length); - } - - if (m_flags & PUT_RESULT) - AttachedTransformation()->Put(m_verified); - - if ((m_flags & THROW_EXCEPTION) && !m_verified) - throw SignatureVerificationFailed(); -} - -// ************************************************************* - -size_t Source::PumpAll2(bool blocking) -{ - unsigned int messageCount = UINT_MAX; - do { - RETURN_IF_NONZERO(PumpMessages2(messageCount, blocking)); - } while(messageCount == UINT_MAX); - - return 0; -} - -bool Store::GetNextMessage() -{ - if (!m_messageEnd && !AnyRetrievable()) - { - m_messageEnd=true; - return true; - } - else - return false; -} - -unsigned int Store::CopyMessagesTo(BufferedTransformation &target, unsigned int count, const std::string &channel) const -{ - if (m_messageEnd || count == 0) - return 0; - else - { - CopyTo(target, ULONG_MAX, channel); - if (GetAutoSignalPropagation()) - target.ChannelMessageEnd(channel, GetAutoSignalPropagation()-1); - return 1; - } -} - -void StringStore::StoreInitialize(const NameValuePairs ¶meters) -{ - ConstByteArrayParameter array; - if (!parameters.GetValue(Name::InputBuffer(), array)) - throw InvalidArgument("StringStore: missing InputBuffer argument"); - m_store = array.begin(); - m_length = array.size(); - m_count = 0; -} - -size_t StringStore::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - lword position = 0; - size_t blockedBytes = CopyRangeTo2(target, position, transferBytes, channel, blocking); - m_count += (size_t)position; - transferBytes = position; - return blockedBytes; -} - -size_t StringStore::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - size_t i = UnsignedMin(m_length, m_count+begin); - size_t len = UnsignedMin(m_length-i, end-begin); - size_t blockedBytes = target.ChannelPut2(channel, m_store+i, len, 0, blocking); - if (!blockedBytes) - begin += len; - return blockedBytes; -} - -void RandomNumberStore::StoreInitialize(const NameValuePairs ¶meters) -{ - parameters.GetRequiredParameter("RandomNumberStore", "RandomNumberGeneratorPointer", m_rng); - int length; - parameters.GetRequiredIntParameter("RandomNumberStore", "RandomNumberStoreSize", length); - m_length = length; -} - -size_t RandomNumberStore::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - if (!blocking) - throw NotImplemented("RandomNumberStore: nonblocking transfer is not implemented by this object"); - - transferBytes = UnsignedMin(transferBytes, m_length - m_count); - m_rng->GenerateIntoBufferedTransformation(target, channel, transferBytes); - m_count += transferBytes; - - return 0; -} - -size_t NullStore::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - static const byte nullBytes[128] = {0}; - while (begin < end) - { - size_t len = (size_t)STDMIN(end-begin, lword(128)); - size_t blockedBytes = target.ChannelPut2(channel, nullBytes, len, 0, blocking); - if (blockedBytes) - return blockedBytes; - begin += len; - } - return 0; -} - -size_t NullStore::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - lword begin = 0; - size_t blockedBytes = NullStore::CopyRangeTo2(target, begin, transferBytes, channel, blocking); - transferBytes = begin; - m_size -= begin; - return blockedBytes; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/filters.h b/cryptopp562/filters.h deleted file mode 100644 index c72a4ec..0000000 --- a/cryptopp562/filters.h +++ /dev/null @@ -1,810 +0,0 @@ -#ifndef CRYPTOPP_FILTERS_H -#define CRYPTOPP_FILTERS_H - -//! \file - -#include "simple.h" -#include "secblock.h" -#include "misc.h" -#include "smartptr.h" -#include "queue.h" -#include "algparam.h" -#include <deque> - -NAMESPACE_BEGIN(CryptoPP) - -/// provides an implementation of BufferedTransformation's attachment interface -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Filter : public BufferedTransformation, public NotCopyable -{ -public: - Filter(BufferedTransformation *attachment = NULL); - - bool Attachable() {return true;} - BufferedTransformation *AttachedTransformation(); - const BufferedTransformation *AttachedTransformation() const; - void Detach(BufferedTransformation *newAttachment = NULL); - - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - - void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1); - bool Flush(bool hardFlush, int propagation=-1, bool blocking=true); - bool MessageSeriesEnd(int propagation=-1, bool blocking=true); - -protected: - virtual BufferedTransformation * NewDefaultAttachment() const; - void Insert(Filter *nextFilter); // insert filter after this one - - virtual bool ShouldPropagateMessageEnd() const {return true;} - virtual bool ShouldPropagateMessageSeriesEnd() const {return true;} - - void PropagateInitialize(const NameValuePairs ¶meters, int propagation); - - size_t Output(int outputSite, const byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel=DEFAULT_CHANNEL); - size_t OutputModifiable(int outputSite, byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel=DEFAULT_CHANNEL); - bool OutputMessageEnd(int outputSite, int propagation, bool blocking, const std::string &channel=DEFAULT_CHANNEL); - bool OutputFlush(int outputSite, bool hardFlush, int propagation, bool blocking, const std::string &channel=DEFAULT_CHANNEL); - bool OutputMessageSeriesEnd(int outputSite, int propagation, bool blocking, const std::string &channel=DEFAULT_CHANNEL); - -private: - member_ptr<BufferedTransformation> m_attachment; - -protected: - size_t m_inputPosition; - int m_continueAt; -}; - -struct CRYPTOPP_DLL FilterPutSpaceHelper -{ - // desiredSize is how much to ask target, bufferSize is how much to allocate in m_tempSpace - byte *HelpCreatePutSpace(BufferedTransformation &target, const std::string &channel, size_t minSize, size_t desiredSize, size_t &bufferSize) - { - assert(desiredSize >= minSize && bufferSize >= minSize); - if (m_tempSpace.size() < minSize) - { - byte *result = target.ChannelCreatePutSpace(channel, desiredSize); - if (desiredSize >= minSize) - { - bufferSize = desiredSize; - return result; - } - m_tempSpace.New(bufferSize); - } - - bufferSize = m_tempSpace.size(); - return m_tempSpace.begin(); - } - byte *HelpCreatePutSpace(BufferedTransformation &target, const std::string &channel, size_t minSize) - {return HelpCreatePutSpace(target, channel, minSize, minSize, minSize);} - byte *HelpCreatePutSpace(BufferedTransformation &target, const std::string &channel, size_t minSize, size_t bufferSize) - {return HelpCreatePutSpace(target, channel, minSize, minSize, bufferSize);} - SecByteBlock m_tempSpace; -}; - -//! measure how many byte and messages pass through, also serves as valve -class CRYPTOPP_DLL MeterFilter : public Bufferless<Filter> -{ -public: - MeterFilter(BufferedTransformation *attachment=NULL, bool transparent=true) - : m_transparent(transparent) {Detach(attachment); ResetMeter();} - - void SetTransparent(bool transparent) {m_transparent = transparent;} - void AddRangeToSkip(unsigned int message, lword position, lword size, bool sortNow = true); - void ResetMeter(); - void IsolatedInitialize(const NameValuePairs ¶meters) {ResetMeter();} - - lword GetCurrentMessageBytes() const {return m_currentMessageBytes;} - lword GetTotalBytes() {return m_totalBytes;} - unsigned int GetCurrentSeriesMessages() {return m_currentSeriesMessages;} - unsigned int GetTotalMessages() {return m_totalMessages;} - unsigned int GetTotalMessageSeries() {return m_totalMessageSeries;} - - byte * CreatePutSpace(size_t &size) - {return AttachedTransformation()->CreatePutSpace(size);} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking); - bool IsolatedMessageSeriesEnd(bool blocking); - -private: - size_t PutMaybeModifiable(byte *inString, size_t length, int messageEnd, bool blocking, bool modifiable); - bool ShouldPropagateMessageEnd() const {return m_transparent;} - bool ShouldPropagateMessageSeriesEnd() const {return m_transparent;} - - struct MessageRange - { - inline bool operator<(const MessageRange &b) const // BCB2006 workaround: this has to be a member function - {return message < b.message || (message == b.message && position < b.position);} - unsigned int message; lword position; lword size; - }; - - bool m_transparent; - lword m_currentMessageBytes, m_totalBytes; - unsigned int m_currentSeriesMessages, m_totalMessages, m_totalMessageSeries; - std::deque<MessageRange> m_rangesToSkip; - byte *m_begin; - size_t m_length; -}; - -//! _ -class CRYPTOPP_DLL TransparentFilter : public MeterFilter -{ -public: - TransparentFilter(BufferedTransformation *attachment=NULL) : MeterFilter(attachment, true) {} -}; - -//! _ -class CRYPTOPP_DLL OpaqueFilter : public MeterFilter -{ -public: - OpaqueFilter(BufferedTransformation *attachment=NULL) : MeterFilter(attachment, false) {} -}; - -/*! FilterWithBufferedInput divides up the input stream into - a first block, a number of middle blocks, and a last block. - First and last blocks are optional, and middle blocks may - be a stream instead (i.e. blockSize == 1). -*/ -class CRYPTOPP_DLL FilterWithBufferedInput : public Filter -{ -public: - FilterWithBufferedInput(BufferedTransformation *attachment); - //! firstSize and lastSize may be 0, blockSize must be at least 1 - FilterWithBufferedInput(size_t firstSize, size_t blockSize, size_t lastSize, BufferedTransformation *attachment); - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) - { - return PutMaybeModifiable(const_cast<byte *>(inString), length, messageEnd, blocking, false); - } - size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking) - { - return PutMaybeModifiable(inString, length, messageEnd, blocking, true); - } - /*! calls ForceNextPut() if hardFlush is true */ - bool IsolatedFlush(bool hardFlush, bool blocking); - - /*! The input buffer may contain more than blockSize bytes if lastSize != 0. - ForceNextPut() forces a call to NextPut() if this is the case. - */ - void ForceNextPut(); - -protected: - bool DidFirstPut() {return m_firstInputDone;} - - virtual void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize) - {InitializeDerived(parameters);} - virtual void InitializeDerived(const NameValuePairs ¶meters) {} - // FirstPut() is called if (firstSize != 0 and totalLength >= firstSize) - // or (firstSize == 0 and (totalLength > 0 or a MessageEnd() is received)) - virtual void FirstPut(const byte *inString) =0; - // NextPut() is called if totalLength >= firstSize+blockSize+lastSize - virtual void NextPutSingle(const byte *inString) {assert(false);} - // Same as NextPut() except length can be a multiple of blockSize - // Either NextPut() or NextPutMultiple() must be overriden - virtual void NextPutMultiple(const byte *inString, size_t length); - // Same as NextPutMultiple(), but inString can be modified - virtual void NextPutModifiable(byte *inString, size_t length) - {NextPutMultiple(inString, length);} - // LastPut() is always called - // if totalLength < firstSize then length == totalLength - // else if totalLength <= firstSize+lastSize then length == totalLength-firstSize - // else lastSize <= length < lastSize+blockSize - virtual void LastPut(const byte *inString, size_t length) =0; - virtual void FlushDerived() {} - -protected: - size_t PutMaybeModifiable(byte *begin, size_t length, int messageEnd, bool blocking, bool modifiable); - void NextPutMaybeModifiable(byte *inString, size_t length, bool modifiable) - { - if (modifiable) NextPutModifiable(inString, length); - else NextPutMultiple(inString, length); - } - - // This function should no longer be used, put this here to cause a compiler error - // if someone tries to override NextPut(). - virtual int NextPut(const byte *inString, size_t length) {assert(false); return 0;} - - class BlockQueue - { - public: - void ResetQueue(size_t blockSize, size_t maxBlocks); - byte *GetBlock(); - byte *GetContigousBlocks(size_t &numberOfBytes); - size_t GetAll(byte *outString); - void Put(const byte *inString, size_t length); - size_t CurrentSize() const {return m_size;} - size_t MaxSize() const {return m_buffer.size();} - - private: - SecByteBlock m_buffer; - size_t m_blockSize, m_maxBlocks, m_size; - byte *m_begin; - }; - - size_t m_firstSize, m_blockSize, m_lastSize; - bool m_firstInputDone; - BlockQueue m_queue; -}; - -//! _ -class CRYPTOPP_DLL FilterWithInputQueue : public Filter -{ -public: - FilterWithInputQueue(BufferedTransformation *attachment=NULL) : Filter(attachment) {} - - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) - { - if (!blocking) - throw BlockingInputOnly("FilterWithInputQueue"); - - m_inQueue.Put(inString, length); - if (messageEnd) - { - IsolatedMessageEnd(blocking); - Output(0, NULL, 0, messageEnd, blocking); - } - return 0; - } - -protected: - virtual bool IsolatedMessageEnd(bool blocking) =0; - void IsolatedInitialize(const NameValuePairs ¶meters) {m_inQueue.Clear();} - - ByteQueue m_inQueue; -}; - -struct BlockPaddingSchemeDef -{ - enum BlockPaddingScheme {NO_PADDING, ZEROS_PADDING, PKCS_PADDING, ONE_AND_ZEROS_PADDING, DEFAULT_PADDING}; -}; - -//! Filter Wrapper for StreamTransformation, optionally handling padding/unpadding when needed -class CRYPTOPP_DLL StreamTransformationFilter : public FilterWithBufferedInput, public BlockPaddingSchemeDef, private FilterPutSpaceHelper -{ -public: - /*! DEFAULT_PADDING means PKCS_PADDING if c.MandatoryBlockSize() > 1 && c.MinLastBlockSize() == 0 (e.g. ECB or CBC mode), - otherwise NO_PADDING (OFB, CFB, CTR, CBC-CTS modes). - See http://www.weidai.com/scan-mirror/csp.html for details of the padding schemes. */ - StreamTransformationFilter(StreamTransformation &c, BufferedTransformation *attachment = NULL, BlockPaddingScheme padding = DEFAULT_PADDING, bool allowAuthenticatedSymmetricCipher = false); - - std::string AlgorithmName() const {return m_cipher.AlgorithmName();} - -protected: - void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize); - void FirstPut(const byte *inString); - void NextPutMultiple(const byte *inString, size_t length); - void NextPutModifiable(byte *inString, size_t length); - void LastPut(const byte *inString, size_t length); - - static size_t LastBlockSize(StreamTransformation &c, BlockPaddingScheme padding); - - StreamTransformation &m_cipher; - BlockPaddingScheme m_padding; - unsigned int m_optimalBufferSize; -}; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY -typedef StreamTransformationFilter StreamCipherFilter; -#endif - -//! Filter Wrapper for HashTransformation -class CRYPTOPP_DLL HashFilter : public Bufferless<Filter>, private FilterPutSpaceHelper -{ -public: - HashFilter(HashTransformation &hm, BufferedTransformation *attachment = NULL, bool putMessage=false, int truncatedDigestSize=-1, const std::string &messagePutChannel=DEFAULT_CHANNEL, const std::string &hashPutChannel=DEFAULT_CHANNEL); - - std::string AlgorithmName() const {return m_hashModule.AlgorithmName();} - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - byte * CreatePutSpace(size_t &size) {return m_hashModule.CreateUpdateSpace(size);} - -private: - HashTransformation &m_hashModule; - bool m_putMessage; - unsigned int m_digestSize; - byte *m_space; - std::string m_messagePutChannel, m_hashPutChannel; -}; - -//! Filter Wrapper for HashTransformation -class CRYPTOPP_DLL HashVerificationFilter : public FilterWithBufferedInput -{ -public: - class HashVerificationFailed : public Exception - { - public: - HashVerificationFailed() - : Exception(DATA_INTEGRITY_CHECK_FAILED, "HashVerificationFilter: message hash or MAC not valid") {} - }; - - enum Flags {HASH_AT_END=0, HASH_AT_BEGIN=1, PUT_MESSAGE=2, PUT_HASH=4, PUT_RESULT=8, THROW_EXCEPTION=16, DEFAULT_FLAGS = HASH_AT_BEGIN | PUT_RESULT}; - HashVerificationFilter(HashTransformation &hm, BufferedTransformation *attachment = NULL, word32 flags = DEFAULT_FLAGS, int truncatedDigestSize=-1); - - std::string AlgorithmName() const {return m_hashModule.AlgorithmName();} - bool GetLastResult() const {return m_verified;} - -protected: - void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize); - void FirstPut(const byte *inString); - void NextPutMultiple(const byte *inString, size_t length); - void LastPut(const byte *inString, size_t length); - -private: - friend class AuthenticatedDecryptionFilter; - - HashTransformation &m_hashModule; - word32 m_flags; - unsigned int m_digestSize; - bool m_verified; - SecByteBlock m_expectedHash; -}; - -typedef HashVerificationFilter HashVerifier; // for backwards compatibility - -//! Filter wrapper for encrypting with AuthenticatedSymmetricCipher, optionally handling padding/unpadding when needed -/*! Additional authenticated data should be given in channel "AAD". If putAAD is true, AAD will be Put() to the attached BufferedTransformation in channel "AAD". */ -class CRYPTOPP_DLL AuthenticatedEncryptionFilter : public StreamTransformationFilter -{ -public: - /*! See StreamTransformationFilter for documentation on BlockPaddingScheme */ - AuthenticatedEncryptionFilter(AuthenticatedSymmetricCipher &c, BufferedTransformation *attachment = NULL, bool putAAD=false, int truncatedDigestSize=-1, const std::string &macChannel=DEFAULT_CHANNEL, BlockPaddingScheme padding = DEFAULT_PADDING); - - void IsolatedInitialize(const NameValuePairs ¶meters); - byte * ChannelCreatePutSpace(const std::string &channel, size_t &size); - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); - void LastPut(const byte *inString, size_t length); - -protected: - HashFilter m_hf; -}; - -//! Filter wrapper for decrypting with AuthenticatedSymmetricCipher, optionally handling padding/unpadding when needed -/*! Additional authenticated data should be given in channel "AAD". */ -class CRYPTOPP_DLL AuthenticatedDecryptionFilter : public FilterWithBufferedInput, public BlockPaddingSchemeDef -{ -public: - enum Flags {MAC_AT_END=0, MAC_AT_BEGIN=1, THROW_EXCEPTION=16, DEFAULT_FLAGS = THROW_EXCEPTION}; - - /*! See StreamTransformationFilter for documentation on BlockPaddingScheme */ - AuthenticatedDecryptionFilter(AuthenticatedSymmetricCipher &c, BufferedTransformation *attachment = NULL, word32 flags = DEFAULT_FLAGS, int truncatedDigestSize=-1, BlockPaddingScheme padding = DEFAULT_PADDING); - - std::string AlgorithmName() const {return m_hashVerifier.AlgorithmName();} - byte * ChannelCreatePutSpace(const std::string &channel, size_t &size); - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); - bool GetLastResult() const {return m_hashVerifier.GetLastResult();} - -protected: - void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize); - void FirstPut(const byte *inString); - void NextPutMultiple(const byte *inString, size_t length); - void LastPut(const byte *inString, size_t length); - - HashVerificationFilter m_hashVerifier; - StreamTransformationFilter m_streamFilter; -}; - -//! Filter Wrapper for PK_Signer -class CRYPTOPP_DLL SignerFilter : public Unflushable<Filter> -{ -public: - SignerFilter(RandomNumberGenerator &rng, const PK_Signer &signer, BufferedTransformation *attachment = NULL, bool putMessage=false) - : m_rng(rng), m_signer(signer), m_messageAccumulator(signer.NewSignatureAccumulator(rng)), m_putMessage(putMessage) {Detach(attachment);} - - std::string AlgorithmName() const {return m_signer.AlgorithmName();} - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - -private: - RandomNumberGenerator &m_rng; - const PK_Signer &m_signer; - member_ptr<PK_MessageAccumulator> m_messageAccumulator; - bool m_putMessage; - SecByteBlock m_buf; -}; - -//! Filter Wrapper for PK_Verifier -class CRYPTOPP_DLL SignatureVerificationFilter : public FilterWithBufferedInput -{ -public: - class SignatureVerificationFailed : public Exception - { - public: - SignatureVerificationFailed() - : Exception(DATA_INTEGRITY_CHECK_FAILED, "VerifierFilter: digital signature not valid") {} - }; - - enum Flags {SIGNATURE_AT_END=0, SIGNATURE_AT_BEGIN=1, PUT_MESSAGE=2, PUT_SIGNATURE=4, PUT_RESULT=8, THROW_EXCEPTION=16, DEFAULT_FLAGS = SIGNATURE_AT_BEGIN | PUT_RESULT}; - SignatureVerificationFilter(const PK_Verifier &verifier, BufferedTransformation *attachment = NULL, word32 flags = DEFAULT_FLAGS); - - std::string AlgorithmName() const {return m_verifier.AlgorithmName();} - - bool GetLastResult() const {return m_verified;} - -protected: - void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize); - void FirstPut(const byte *inString); - void NextPutMultiple(const byte *inString, size_t length); - void LastPut(const byte *inString, size_t length); - -private: - const PK_Verifier &m_verifier; - member_ptr<PK_MessageAccumulator> m_messageAccumulator; - word32 m_flags; - SecByteBlock m_signature; - bool m_verified; -}; - -typedef SignatureVerificationFilter VerifierFilter; // for backwards compatibility - -//! Redirect input to another BufferedTransformation without owning it -class CRYPTOPP_DLL Redirector : public CustomSignalPropagation<Sink> -{ -public: - enum Behavior - { - DATA_ONLY = 0x00, - PASS_SIGNALS = 0x01, - PASS_WAIT_OBJECTS = 0x02, - PASS_EVERYTHING = PASS_SIGNALS | PASS_WAIT_OBJECTS - }; - - Redirector() : m_target(NULL), m_behavior(PASS_EVERYTHING) {} - Redirector(BufferedTransformation &target, Behavior behavior=PASS_EVERYTHING) - : m_target(&target), m_behavior(behavior) {} - - void Redirect(BufferedTransformation &target) {m_target = ⌖} - void StopRedirection() {m_target = NULL;} - - Behavior GetBehavior() {return (Behavior) m_behavior;} - void SetBehavior(Behavior behavior) {m_behavior=behavior;} - bool GetPassSignals() const {return (m_behavior & PASS_SIGNALS) != 0;} - void SetPassSignals(bool pass) { if (pass) m_behavior |= PASS_SIGNALS; else m_behavior &= ~(word32) PASS_SIGNALS; } - bool GetPassWaitObjects() const {return (m_behavior & PASS_WAIT_OBJECTS) != 0;} - void SetPassWaitObjects(bool pass) { if (pass) m_behavior |= PASS_WAIT_OBJECTS; else m_behavior &= ~(word32) PASS_WAIT_OBJECTS; } - - bool CanModifyInput() const - {return m_target ? m_target->CanModifyInput() : false;} - - void Initialize(const NameValuePairs ¶meters, int propagation); - byte * CreatePutSpace(size_t &size) - {return m_target ? m_target->CreatePutSpace(size) : (byte *)(size=0, NULL);} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - {return m_target ? m_target->Put2(begin, length, GetPassSignals() ? messageEnd : 0, blocking) : 0;} - bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) - {return m_target && GetPassSignals() ? m_target->Flush(hardFlush, propagation, blocking) : false;} - bool MessageSeriesEnd(int propagation=-1, bool blocking=true) - {return m_target && GetPassSignals() ? m_target->MessageSeriesEnd(propagation, blocking) : false;} - - byte * ChannelCreatePutSpace(const std::string &channel, size_t &size) - {return m_target ? m_target->ChannelCreatePutSpace(channel, size) : (byte *)(size=0, NULL);} - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) - {return m_target ? m_target->ChannelPut2(channel, begin, length, GetPassSignals() ? messageEnd : 0, blocking) : 0;} - size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking) - {return m_target ? m_target->ChannelPutModifiable2(channel, begin, length, GetPassSignals() ? messageEnd : 0, blocking) : 0;} - bool ChannelFlush(const std::string &channel, bool completeFlush, int propagation=-1, bool blocking=true) - {return m_target && GetPassSignals() ? m_target->ChannelFlush(channel, completeFlush, propagation, blocking) : false;} - bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true) - {return m_target && GetPassSignals() ? m_target->ChannelMessageSeriesEnd(channel, propagation, blocking) : false;} - - unsigned int GetMaxWaitObjectCount() const - { return m_target && GetPassWaitObjects() ? m_target->GetMaxWaitObjectCount() : 0; } - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) - { if (m_target && GetPassWaitObjects()) m_target->GetWaitObjects(container, callStack); } - -private: - BufferedTransformation *m_target; - word32 m_behavior; -}; - -// Used By ProxyFilter -class CRYPTOPP_DLL OutputProxy : public CustomSignalPropagation<Sink> -{ -public: - OutputProxy(BufferedTransformation &owner, bool passSignal) : m_owner(owner), m_passSignal(passSignal) {} - - bool GetPassSignal() const {return m_passSignal;} - void SetPassSignal(bool passSignal) {m_passSignal = passSignal;} - - byte * CreatePutSpace(size_t &size) - {return m_owner.AttachedTransformation()->CreatePutSpace(size);} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - {return m_owner.AttachedTransformation()->Put2(begin, length, m_passSignal ? messageEnd : 0, blocking);} - size_t PutModifiable2(byte *begin, size_t length, int messageEnd, bool blocking) - {return m_owner.AttachedTransformation()->PutModifiable2(begin, length, m_passSignal ? messageEnd : 0, blocking);} - void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1) - {if (m_passSignal) m_owner.AttachedTransformation()->Initialize(parameters, propagation);} - bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) - {return m_passSignal ? m_owner.AttachedTransformation()->Flush(hardFlush, propagation, blocking) : false;} - bool MessageSeriesEnd(int propagation=-1, bool blocking=true) - {return m_passSignal ? m_owner.AttachedTransformation()->MessageSeriesEnd(propagation, blocking) : false;} - - byte * ChannelCreatePutSpace(const std::string &channel, size_t &size) - {return m_owner.AttachedTransformation()->ChannelCreatePutSpace(channel, size);} - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) - {return m_owner.AttachedTransformation()->ChannelPut2(channel, begin, length, m_passSignal ? messageEnd : 0, blocking);} - size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking) - {return m_owner.AttachedTransformation()->ChannelPutModifiable2(channel, begin, length, m_passSignal ? messageEnd : 0, blocking);} - bool ChannelFlush(const std::string &channel, bool completeFlush, int propagation=-1, bool blocking=true) - {return m_passSignal ? m_owner.AttachedTransformation()->ChannelFlush(channel, completeFlush, propagation, blocking) : false;} - bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true) - {return m_passSignal ? m_owner.AttachedTransformation()->ChannelMessageSeriesEnd(channel, propagation, blocking) : false;} - -private: - BufferedTransformation &m_owner; - bool m_passSignal; -}; - -//! Base class for Filter classes that are proxies for a chain of other filters. -class CRYPTOPP_DLL ProxyFilter : public FilterWithBufferedInput -{ -public: - ProxyFilter(BufferedTransformation *filter, size_t firstSize, size_t lastSize, BufferedTransformation *attachment); - - bool IsolatedFlush(bool hardFlush, bool blocking); - - void SetFilter(Filter *filter); - void NextPutMultiple(const byte *s, size_t len); - void NextPutModifiable(byte *inString, size_t length); - -protected: - member_ptr<BufferedTransformation> m_filter; -}; - -//! simple proxy filter that doesn't modify the underlying filter's input or output -class CRYPTOPP_DLL SimpleProxyFilter : public ProxyFilter -{ -public: - SimpleProxyFilter(BufferedTransformation *filter, BufferedTransformation *attachment) - : ProxyFilter(filter, 0, 0, attachment) {} - - void FirstPut(const byte *) {} - void LastPut(const byte *, size_t) {m_filter->MessageEnd();} -}; - -//! proxy for the filter created by PK_Encryptor::CreateEncryptionFilter -/*! This class is here just to provide symmetry with VerifierFilter. */ -class CRYPTOPP_DLL PK_EncryptorFilter : public SimpleProxyFilter -{ -public: - PK_EncryptorFilter(RandomNumberGenerator &rng, const PK_Encryptor &encryptor, BufferedTransformation *attachment = NULL) - : SimpleProxyFilter(encryptor.CreateEncryptionFilter(rng), attachment) {} -}; - -//! proxy for the filter created by PK_Decryptor::CreateDecryptionFilter -/*! This class is here just to provide symmetry with SignerFilter. */ -class CRYPTOPP_DLL PK_DecryptorFilter : public SimpleProxyFilter -{ -public: - PK_DecryptorFilter(RandomNumberGenerator &rng, const PK_Decryptor &decryptor, BufferedTransformation *attachment = NULL) - : SimpleProxyFilter(decryptor.CreateDecryptionFilter(rng), attachment) {} -}; - -//! Append input to a string object -template <class T> -class StringSinkTemplate : public Bufferless<Sink> -{ -public: - // VC60 workaround: no T::char_type - typedef typename T::traits_type::char_type char_type; - - StringSinkTemplate(T &output) - : m_output(&output) {assert(sizeof(output[0])==1);} - - void IsolatedInitialize(const NameValuePairs ¶meters) - {if (!parameters.GetValue("OutputStringPointer", m_output)) throw InvalidArgument("StringSink: OutputStringPointer not specified");} - - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - { - if (length > 0) - { - typename T::size_type size = m_output->size(); - if (length < size && size + length > m_output->capacity()) - m_output->reserve(2*size); - m_output->append((const char_type *)begin, (const char_type *)begin+length); - } - return 0; - } - -private: - T *m_output; -}; - -//! Append input to an std::string -CRYPTOPP_DLL_TEMPLATE_CLASS StringSinkTemplate<std::string>; -typedef StringSinkTemplate<std::string> StringSink; - -//! incorporates input into RNG as additional entropy -class RandomNumberSink : public Bufferless<Sink> -{ -public: - RandomNumberSink() - : m_rng(NULL) {} - - RandomNumberSink(RandomNumberGenerator &rng) - : m_rng(&rng) {} - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - -private: - RandomNumberGenerator *m_rng; -}; - -//! Copy input to a memory buffer -class CRYPTOPP_DLL ArraySink : public Bufferless<Sink> -{ -public: - ArraySink(const NameValuePairs ¶meters = g_nullNameValuePairs) {IsolatedInitialize(parameters);} - ArraySink(byte *buf, size_t size) : m_buf(buf), m_size(size), m_total(0) {} - - size_t AvailableSize() {return SaturatingSubtract(m_size, m_total);} - lword TotalPutLength() {return m_total;} - - void IsolatedInitialize(const NameValuePairs ¶meters); - byte * CreatePutSpace(size_t &size); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - -protected: - byte *m_buf; - size_t m_size; - lword m_total; -}; - -//! Xor input to a memory buffer -class CRYPTOPP_DLL ArrayXorSink : public ArraySink -{ -public: - ArrayXorSink(byte *buf, size_t size) - : ArraySink(buf, size) {} - - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - byte * CreatePutSpace(size_t &size) {return BufferedTransformation::CreatePutSpace(size);} -}; - -//! string-based implementation of Store interface -class StringStore : public Store -{ -public: - StringStore(const char *string = NULL) - {StoreInitialize(MakeParameters("InputBuffer", ConstByteArrayParameter(string)));} - StringStore(const byte *string, size_t length) - {StoreInitialize(MakeParameters("InputBuffer", ConstByteArrayParameter(string, length)));} - template <class T> StringStore(const T &string) - {StoreInitialize(MakeParameters("InputBuffer", ConstByteArrayParameter(string)));} - - CRYPTOPP_DLL size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - CRYPTOPP_DLL size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - -private: - CRYPTOPP_DLL void StoreInitialize(const NameValuePairs ¶meters); - - const byte *m_store; - size_t m_length, m_count; -}; - -//! RNG-based implementation of Source interface -class CRYPTOPP_DLL RandomNumberStore : public Store -{ -public: - RandomNumberStore() - : m_rng(NULL), m_length(0), m_count(0) {} - - RandomNumberStore(RandomNumberGenerator &rng, lword length) - : m_rng(&rng), m_length(length), m_count(0) {} - - bool AnyRetrievable() const {return MaxRetrievable() != 0;} - lword MaxRetrievable() const {return m_length-m_count;} - - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const - { - throw NotImplemented("RandomNumberStore: CopyRangeTo2() is not supported by this store"); - } - -private: - void StoreInitialize(const NameValuePairs ¶meters); - - RandomNumberGenerator *m_rng; - lword m_length, m_count; -}; - -//! empty store -class CRYPTOPP_DLL NullStore : public Store -{ -public: - NullStore(lword size = ULONG_MAX) : m_size(size) {} - void StoreInitialize(const NameValuePairs ¶meters) {} - lword MaxRetrievable() const {return m_size;} - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - -private: - lword m_size; -}; - -//! A Filter that pumps data into its attachment as input -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Source : public InputRejecting<Filter> -{ -public: - Source(BufferedTransformation *attachment = NULL) - {Source::Detach(attachment);} - - lword Pump(lword pumpMax=size_t(0)-1) - {Pump2(pumpMax); return pumpMax;} - unsigned int PumpMessages(unsigned int count=UINT_MAX) - {PumpMessages2(count); return count;} - void PumpAll() - {PumpAll2();} - virtual size_t Pump2(lword &byteCount, bool blocking=true) =0; - virtual size_t PumpMessages2(unsigned int &messageCount, bool blocking=true) =0; - virtual size_t PumpAll2(bool blocking=true); - virtual bool SourceExhausted() const =0; - -protected: - void SourceInitialize(bool pumpAll, const NameValuePairs ¶meters) - { - IsolatedInitialize(parameters); - if (pumpAll) - PumpAll(); - } -}; - -//! Turn a Store into a Source -template <class T> -class SourceTemplate : public Source -{ -public: - SourceTemplate<T>(BufferedTransformation *attachment) - : Source(attachment) {} - void IsolatedInitialize(const NameValuePairs ¶meters) - {m_store.IsolatedInitialize(parameters);} - size_t Pump2(lword &byteCount, bool blocking=true) - {return m_store.TransferTo2(*AttachedTransformation(), byteCount, DEFAULT_CHANNEL, blocking);} - size_t PumpMessages2(unsigned int &messageCount, bool blocking=true) - {return m_store.TransferMessagesTo2(*AttachedTransformation(), messageCount, DEFAULT_CHANNEL, blocking);} - size_t PumpAll2(bool blocking=true) - {return m_store.TransferAllTo2(*AttachedTransformation(), DEFAULT_CHANNEL, blocking);} - bool SourceExhausted() const - {return !m_store.AnyRetrievable() && !m_store.AnyMessages();} - void SetAutoSignalPropagation(int propagation) - {m_store.SetAutoSignalPropagation(propagation);} - int GetAutoSignalPropagation() const - {return m_store.GetAutoSignalPropagation();} - -protected: - T m_store; -}; - -//! string-based implementation of Source interface -class CRYPTOPP_DLL StringSource : public SourceTemplate<StringStore> -{ -public: - StringSource(BufferedTransformation *attachment = NULL) - : SourceTemplate<StringStore>(attachment) {} - //! zero terminated string as source - StringSource(const char *string, bool pumpAll, BufferedTransformation *attachment = NULL) - : SourceTemplate<StringStore>(attachment) {SourceInitialize(pumpAll, MakeParameters("InputBuffer", ConstByteArrayParameter(string)));} - //! binary byte array as source - StringSource(const byte *string, size_t length, bool pumpAll, BufferedTransformation *attachment = NULL) - : SourceTemplate<StringStore>(attachment) {SourceInitialize(pumpAll, MakeParameters("InputBuffer", ConstByteArrayParameter(string, length)));} - //! std::string as source - StringSource(const std::string &string, bool pumpAll, BufferedTransformation *attachment = NULL) - : SourceTemplate<StringStore>(attachment) {SourceInitialize(pumpAll, MakeParameters("InputBuffer", ConstByteArrayParameter(string)));} -}; - -//! use the third constructor for an array source -typedef StringSource ArraySource; - -//! RNG-based implementation of Source interface -class CRYPTOPP_DLL RandomNumberSource : public SourceTemplate<RandomNumberStore> -{ -public: - RandomNumberSource(RandomNumberGenerator &rng, int length, bool pumpAll, BufferedTransformation *attachment = NULL) - : SourceTemplate<RandomNumberStore>(attachment) - {SourceInitialize(pumpAll, MakeParameters("RandomNumberGeneratorPointer", &rng)("RandomNumberStoreSize", length));} -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/fips140.cpp b/cryptopp562/fips140.cpp deleted file mode 100644 index 1fcf590..0000000 --- a/cryptopp562/fips140.cpp +++ /dev/null @@ -1,84 +0,0 @@ -// fips140.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "fips140.h" -#include "trdlocal.h" // needs to be included last for cygwin - -NAMESPACE_BEGIN(CryptoPP) - -// Define this to 1 to turn on FIPS 140-2 compliance features, including additional tests during -// startup, random number generation, and key generation. These tests may affect performance. -#ifndef CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 -#define CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 0 -#endif - -#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(THREADS_AVAILABLE)) -#error FIPS 140-2 compliance requires the availability of thread local storage. -#endif - -#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(OS_RNG_AVAILABLE)) -#error FIPS 140-2 compliance requires the availability of OS provided RNG. -#endif - -PowerUpSelfTestStatus g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE; - -bool FIPS_140_2_ComplianceEnabled() -{ - return CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2; -} - -void SimulatePowerUpSelfTestFailure() -{ - g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED; -} - -PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus() -{ - return g_powerUpSelfTestStatus; -} - -#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 -ThreadLocalStorage & AccessPowerUpSelfTestInProgress() -{ - static ThreadLocalStorage selfTestInProgress; - return selfTestInProgress; -} -#endif - -bool PowerUpSelfTestInProgressOnThisThread() -{ -#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 - return AccessPowerUpSelfTestInProgress().GetValue() != NULL; -#else - assert(false); // should not be called - return false; -#endif -} - -void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress) -{ -#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 - AccessPowerUpSelfTestInProgress().SetValue((void *)inProgress); -#endif -} - -void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor) -{ -#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 - EncryptionPairwiseConsistencyTest(encryptor, decryptor); -#endif -} - -void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier) -{ -#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 - SignaturePairwiseConsistencyTest(signer, verifier); -#endif -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/fips140.h b/cryptopp562/fips140.h deleted file mode 100644 index a3e5386..0000000 --- a/cryptopp562/fips140.h +++ /dev/null @@ -1,59 +0,0 @@ -#ifndef CRYPTOPP_FIPS140_H -#define CRYPTOPP_FIPS140_H - -/*! \file - FIPS 140 related functions and classes. -*/ - -#include "cryptlib.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! exception thrown when a crypto algorithm is used after a self test fails -class CRYPTOPP_DLL SelfTestFailure : public Exception -{ -public: - explicit SelfTestFailure(const std::string &s) : Exception(OTHER_ERROR, s) {} -}; - -//! returns whether FIPS 140-2 compliance features were enabled at compile time -CRYPTOPP_DLL bool CRYPTOPP_API FIPS_140_2_ComplianceEnabled(); - -//! enum values representing status of the power-up self test -enum PowerUpSelfTestStatus {POWER_UP_SELF_TEST_NOT_DONE, POWER_UP_SELF_TEST_FAILED, POWER_UP_SELF_TEST_PASSED}; - -//! perform the power-up self test, and set the self test status -CRYPTOPP_DLL void CRYPTOPP_API DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleMac); - -//! perform the power-up self test using the filename of this DLL and the embedded module MAC -CRYPTOPP_DLL void CRYPTOPP_API DoDllPowerUpSelfTest(); - -//! set the power-up self test status to POWER_UP_SELF_TEST_FAILED -CRYPTOPP_DLL void CRYPTOPP_API SimulatePowerUpSelfTestFailure(); - -//! return the current power-up self test status -CRYPTOPP_DLL PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus(); - -typedef PowerUpSelfTestStatus (CRYPTOPP_API * PGetPowerUpSelfTestStatus)(); - -CRYPTOPP_DLL MessageAuthenticationCode * CRYPTOPP_API NewIntegrityCheckingMAC(); - -CRYPTOPP_DLL bool CRYPTOPP_API IntegrityCheckModule(const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac = NULL, unsigned long *pMacFileLocation = NULL); - -// this is used by Algorithm constructor to allow Algorithm objects to be constructed for the self test -bool PowerUpSelfTestInProgressOnThisThread(); - -void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress); - -void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier); -void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor); - -void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier); -void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor); - -#define CRYPTOPP_DUMMY_DLL_MAC "MAC_51f34b8db820ae8" - -NAMESPACE_END - -#endif diff --git a/cryptopp562/fipsalgt.cpp b/cryptopp562/fipsalgt.cpp deleted file mode 100644 index 92c254f..0000000 --- a/cryptopp562/fipsalgt.cpp +++ /dev/null @@ -1,1290 +0,0 @@ -// fipsalgt.cpp - written and placed in the public domain by Wei Dai - -// This file implements the various algorithm tests needed to pass FIPS 140 validation. -// They're preserved here (commented out) in case Crypto++ needs to be revalidated. - -#if 0 -#ifndef CRYPTOPP_IMPORTS -#define CRYPTOPP_DEFAULT_NO_DLL -#endif -#include "dll.h" -#include "oids.h" - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -class LineBreakParser : public AutoSignaling<Bufferless<Filter> > -{ -public: - LineBreakParser(BufferedTransformation *attachment=NULL, byte lineEnd='\n') - : m_lineEnd(lineEnd) {Detach(attachment);} - - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - { - if (!blocking) - throw BlockingInputOnly("LineBreakParser"); - - unsigned int i, last = 0; - for (i=0; i<length; i++) - { - if (begin[i] == m_lineEnd) - { - AttachedTransformation()->Put2(begin+last, i-last, GetAutoSignalPropagation(), blocking); - last = i+1; - } - } - if (last != i) - AttachedTransformation()->Put2(begin+last, i-last, 0, blocking); - - if (messageEnd && GetAutoSignalPropagation()) - { - AttachedTransformation()->MessageEnd(GetAutoSignalPropagation()-1, blocking); - AttachedTransformation()->MessageSeriesEnd(GetAutoSignalPropagation()-1, blocking); - } - - return 0; - } - -private: - byte m_lineEnd; -}; - -class TestDataParser : public Unflushable<FilterWithInputQueue> -{ -public: - enum DataType {OTHER, COUNT, KEY_T, IV, INPUT, OUTPUT}; - - TestDataParser(std::string algorithm, std::string test, std::string mode, unsigned int feedbackSize, bool encrypt, BufferedTransformation *attachment) - : m_algorithm(algorithm), m_test(test), m_mode(mode), m_feedbackSize(feedbackSize) - , m_firstLine(true), m_blankLineTransition(0) - { - Detach(attachment); - - m_typeToName[COUNT] = "COUNT"; - - m_nameToType["COUNT"] = COUNT; - m_nameToType["KEY"] = KEY_T; - m_nameToType["KEYs"] = KEY_T; - m_nameToType["key"] = KEY_T; - m_nameToType["Key"] = KEY_T; - m_nameToType["IV"] = IV; - m_nameToType["IV1"] = IV; - m_nameToType["CV"] = IV; - m_nameToType["CV1"] = IV; - m_nameToType["IB"] = IV; - m_nameToType["TEXT"] = INPUT; - m_nameToType["RESULT"] = OUTPUT; - m_nameToType["Msg"] = INPUT; - m_nameToType["Seed"] = INPUT; - m_nameToType["V"] = INPUT; - m_nameToType["DT"] = IV; - SetEncrypt(encrypt); - - if (m_algorithm == "DSA" || m_algorithm == "ECDSA") - { - if (m_test == "PKV") - m_trigger = "Qy"; - else if (m_test == "KeyPair") - m_trigger = "N"; - else if (m_test == "SigGen") - m_trigger = "Msg"; - else if (m_test == "SigVer") - m_trigger = "S"; - else if (m_test == "PQGGen") - m_trigger = "N"; - else if (m_test == "PQGVer") - m_trigger = "H"; - } - else if (m_algorithm == "HMAC") - m_trigger = "Msg"; - else if (m_algorithm == "SHA") - m_trigger = (m_test == "MONTE") ? "Seed" : "Msg"; - else if (m_algorithm == "RNG") - m_trigger = "V"; - else if (m_algorithm == "RSA") - m_trigger = (m_test == "Ver") ? "S" : "Msg"; - } - - void SetEncrypt(bool encrypt) - { - m_encrypt = encrypt; - if (encrypt) - { - m_nameToType["PLAINTEXT"] = INPUT; - m_nameToType["CIPHERTEXT"] = OUTPUT; - m_nameToType["PT"] = INPUT; - m_nameToType["CT"] = OUTPUT; - } - else - { - m_nameToType["PLAINTEXT"] = OUTPUT; - m_nameToType["CIPHERTEXT"] = INPUT; - m_nameToType["PT"] = OUTPUT; - m_nameToType["CT"] = INPUT; - } - - if (m_algorithm == "AES" || m_algorithm == "TDES") - { - if (encrypt) - { - m_trigger = "PLAINTEXT"; - m_typeToName[OUTPUT] = "CIPHERTEXT"; - } - else - { - m_trigger = "CIPHERTEXT"; - m_typeToName[OUTPUT] = "PLAINTEXT"; - } - m_count = 0; - } - } - -protected: - void OutputData(std::string &output, const std::string &key, const std::string &data) - { - output += key; - output += "= "; - output += data; - output += "\n"; - } - - void OutputData(std::string &output, const std::string &key, int data) - { - OutputData(output, key, IntToString(data)); - } - - void OutputData(std::string &output, const std::string &key, const SecByteBlock &data) - { - output += key; - output += "= "; - HexEncoder(new StringSink(output), false).Put(data, data.size()); - output += "\n"; - } - - void OutputData(std::string &output, const std::string &key, const Integer &data, int size=-1) - { - SecByteBlock s(size < 0 ? data.MinEncodedSize() : size); - data.Encode(s, s.size()); - OutputData(output, key, s); - } - - void OutputData(std::string &output, const std::string &key, const PolynomialMod2 &data, int size=-1) - { - SecByteBlock s(size < 0 ? data.MinEncodedSize() : size); - data.Encode(s, s.size()); - OutputData(output, key, s); - } - - void OutputData(std::string &output, DataType t, const std::string &data) - { - if (m_algorithm == "SKIPJACK") - { - if (m_test == "KAT") - { - if (t == OUTPUT) - output = m_line + data + "\n"; - } - else - { - if (t != COUNT) - { - output += m_typeToName[t]; - output += "="; - } - output += data; - output += t == OUTPUT ? "\n" : " "; - } - } - else if (m_algorithm == "TDES" && t == KEY_T && m_typeToName[KEY_T].empty()) - { - output += "KEY1 = "; - output += data.substr(0, 16); - output += "\nKEY2 = "; - output += data.size() > 16 ? data.substr(16, 16) : data.substr(0, 16); - output += "\nKEY3 = "; - output += data.size() > 32 ? data.substr(32, 16) : data.substr(0, 16); - output += "\n"; - } - else - { - output += m_typeToName[t]; - output += " = "; - output += data; - output += "\n"; - } - } - - void OutputData(std::string &output, DataType t, int i) - { - OutputData(output, t, IntToString(i)); - } - - void OutputData(std::string &output, DataType t, const SecByteBlock &data) - { - std::string hexData; - StringSource(data.begin(), data.size(), true, new HexEncoder(new StringSink(hexData), false)); - OutputData(output, t, hexData); - } - - void OutputGivenData(std::string &output, DataType t, bool optional = false) - { - if (m_data.find(m_typeToName[t]) == m_data.end()) - { - if (optional) - return; - throw Exception(Exception::OTHER_ERROR, "TestDataParser: key not found: " + m_typeToName[t]); - } - - OutputData(output, t, m_data[m_typeToName[t]]); - } - - template <class T> - BlockCipher * NewBT(T *) - { - if (!m_encrypt && (m_mode == "ECB" || m_mode == "CBC")) - return new typename T::Decryption; - else - return new typename T::Encryption; - } - - template <class T> - SymmetricCipher * NewMode(T *, BlockCipher &bt, const byte *iv) - { - if (!m_encrypt) - return new typename T::Decryption(bt, iv, m_feedbackSize/8); - else - return new typename T::Encryption(bt, iv, m_feedbackSize/8); - } - - static inline void Xor(SecByteBlock &z, const SecByteBlock &x, const SecByteBlock &y) - { - assert(x.size() == y.size()); - z.resize(x.size()); - xorbuf(z, x, y, x.size()); - } - - SecByteBlock UpdateKey(SecByteBlock key, const SecByteBlock *text) - { - unsigned int innerCount = (m_algorithm == "AES") ? 1000 : 10000; - int keySize = key.size(), blockSize = text[0].size(); - SecByteBlock x(keySize); - for (int k=0; k<keySize;) - { - int pos = innerCount * blockSize - keySize + k; - memcpy(x + k, text[pos / blockSize] + pos % blockSize, blockSize - pos % blockSize); - k += blockSize - pos % blockSize; - } - - if (m_algorithm == "TDES" || m_algorithm == "DES") - { - for (int i=0; i<keySize; i+=8) - { - xorbuf(key+i, x+keySize-8-i, 8); - DES::CorrectKeyParityBits(key+i); - } - } - else - xorbuf(key, x, keySize); - - return key; - } - - static inline void AssignLeftMostBits(SecByteBlock &z, const SecByteBlock &x, unsigned int K) - { - z.Assign(x, K/8); - } - - template <class EC> - void EC_KeyPair(string &output, int n, const OID &oid) - { - DL_GroupParameters_EC<EC> params(oid); - for (int i=0; i<n; i++) - { - DL_PrivateKey_EC<EC> priv; - DL_PublicKey_EC<EC> pub; - priv.Initialize(m_rng, params); - priv.MakePublicKey(pub); - - OutputData(output, "d ", priv.GetPrivateExponent()); - OutputData(output, "Qx ", pub.GetPublicElement().x, params.GetCurve().GetField().MaxElementByteLength()); - OutputData(output, "Qy ", pub.GetPublicElement().y, params.GetCurve().GetField().MaxElementByteLength()); - } - } - - template <class EC> - void EC_SigGen(string &output, const OID &oid) - { - DL_GroupParameters_EC<EC> params(oid); - typename ECDSA<EC, SHA1>::PrivateKey priv; - typename ECDSA<EC, SHA1>::PublicKey pub; - priv.Initialize(m_rng, params); - priv.MakePublicKey(pub); - - typename ECDSA<EC, SHA1>::Signer signer(priv); - SecByteBlock sig(signer.SignatureLength()); - StringSource(m_data["Msg"], true, new HexDecoder(new SignerFilter(m_rng, signer, new ArraySink(sig, sig.size())))); - SecByteBlock R(sig, sig.size()/2), S(sig+sig.size()/2, sig.size()/2); - - OutputData(output, "Qx ", pub.GetPublicElement().x, params.GetCurve().GetField().MaxElementByteLength()); - OutputData(output, "Qy ", pub.GetPublicElement().y, params.GetCurve().GetField().MaxElementByteLength()); - OutputData(output, "R ", R); - OutputData(output, "S ", S); - } - - template <class EC> - void EC_SigVer(string &output, const OID &oid) - { - SecByteBlock x(DecodeHex(m_data["Qx"])); - SecByteBlock y(DecodeHex(m_data["Qy"])); - Integer r((m_data["R"]+"h").c_str()); - Integer s((m_data["S"]+"h").c_str()); - - typename EC::FieldElement Qx(x, x.size()); - typename EC::FieldElement Qy(y, y.size()); - typename EC::Element Q(Qx, Qy); - - DL_GroupParameters_EC<EC> params(oid); - typename ECDSA<EC, SHA1>::PublicKey pub; - pub.Initialize(params, Q); - typename ECDSA<EC, SHA1>::Verifier verifier(pub); - - SecByteBlock sig(verifier.SignatureLength()); - r.Encode(sig, sig.size()/2); - s.Encode(sig+sig.size()/2, sig.size()/2); - - SignatureVerificationFilter filter(verifier); - filter.Put(sig, sig.size()); - StringSource(m_data["Msg"], true, new HexDecoder(new Redirector(filter, Redirector::DATA_ONLY))); - filter.MessageEnd(); - byte b; - filter.Get(b); - OutputData(output, "Result ", b ? "P" : "F"); - } - - template <class EC> - static bool EC_PKV(RandomNumberGenerator &rng, const SecByteBlock &x, const SecByteBlock &y, const OID &oid) - { - typename EC::FieldElement Qx(x, x.size()); - typename EC::FieldElement Qy(y, y.size()); - typename EC::Element Q(Qx, Qy); - - DL_GroupParameters_EC<EC> params(oid); - typename ECDSA<EC, SHA1>::PublicKey pub; - pub.Initialize(params, Q); - return pub.Validate(rng, 3); - } - - template <class H, class Result> - Result * CreateRSA2(const std::string &standard) - { - if (typeid(Result) == typeid(PK_Verifier)) - { - if (standard == "R") - return (Result *) new typename RSASS_ISO<H>::Verifier; - else if (standard == "P") - return (Result *) new typename RSASS<PSS, H>::Verifier; - else if (standard == "1") - return (Result *) new typename RSASS<PKCS1v15, H>::Verifier; - } - else if (typeid(Result) == typeid(PK_Signer)) - { - if (standard == "R") - return (Result *) new typename RSASS_ISO<H>::Signer; - else if (standard == "P") - return (Result *) new typename RSASS<PSS, H>::Signer; - else if (standard == "1") - return (Result *) new typename RSASS<PKCS1v15, H>::Signer; - } - - return NULL; - } - - template <class Result> - Result * CreateRSA(const std::string &standard, const std::string &hash) - { - if (hash == "1") - return CreateRSA2<SHA1, Result>(standard); - else if (hash == "224") - return CreateRSA2<SHA224, Result>(standard); - else if (hash == "256") - return CreateRSA2<SHA256, Result>(standard); - else if (hash == "384") - return CreateRSA2<SHA384, Result>(standard); - else if (hash == "512") - return CreateRSA2<SHA512, Result>(standard); - else - return NULL; - } - - virtual void DoTest() - { - std::string output; - - if (m_algorithm == "DSA") - { - if (m_test == "KeyPair") - { - DL_GroupParameters_DSA pqg; - int modLen = atol(m_bracketString.substr(6).c_str()); - pqg.GenerateRandomWithKeySize(m_rng, modLen); - - OutputData(output, "P ", pqg.GetModulus()); - OutputData(output, "Q ", pqg.GetSubgroupOrder()); - OutputData(output, "G ", pqg.GetSubgroupGenerator()); - - int n = atol(m_data["N"].c_str()); - for (int i=0; i<n; i++) - { - DSA::Signer priv; - priv.AccessKey().GenerateRandom(m_rng, pqg); - DSA::Verifier pub(priv); - - OutputData(output, "X ", priv.GetKey().GetPrivateExponent()); - OutputData(output, "Y ", pub.GetKey().GetPublicElement()); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - } - else if (m_test == "PQGGen") - { - int n = atol(m_data["N"].c_str()); - for (int i=0; i<n; i++) - { - Integer p, q, h, g; - int counter; - - SecByteBlock seed(SHA::DIGESTSIZE); - do - { - m_rng.GenerateBlock(seed, seed.size()); - } - while (!DSA::GeneratePrimes(seed, seed.size()*8, counter, p, 1024, q)); - h.Randomize(m_rng, 2, p-2); - g = a_exp_b_mod_c(h, (p-1)/q, p); - - OutputData(output, "P ", p); - OutputData(output, "Q ", q); - OutputData(output, "G ", g); - OutputData(output, "Seed ", seed); - OutputData(output, "c ", counter); - OutputData(output, "H ", h, p.ByteCount()); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - } - else if (m_test == "SigGen") - { - std::string &encodedKey = m_data["PrivKey"]; - int modLen = atol(m_bracketString.substr(6).c_str()); - DSA::PrivateKey priv; - - if (!encodedKey.empty()) - { - StringStore s(encodedKey); - priv.BERDecode(s); - if (priv.GetGroupParameters().GetModulus().BitCount() != modLen) - encodedKey.clear(); - } - - if (encodedKey.empty()) - { - priv.Initialize(m_rng, modLen); - StringSink s(encodedKey); - priv.DEREncode(s); - OutputData(output, "P ", priv.GetGroupParameters().GetModulus()); - OutputData(output, "Q ", priv.GetGroupParameters().GetSubgroupOrder()); - OutputData(output, "G ", priv.GetGroupParameters().GetSubgroupGenerator()); - } - - DSA::Signer signer(priv); - DSA::Verifier pub(signer); - OutputData(output, "Msg ", m_data["Msg"]); - OutputData(output, "Y ", pub.GetKey().GetPublicElement()); - - SecByteBlock sig(signer.SignatureLength()); - StringSource(m_data["Msg"], true, new HexDecoder(new SignerFilter(m_rng, signer, new ArraySink(sig, sig.size())))); - SecByteBlock R(sig, sig.size()/2), S(sig+sig.size()/2, sig.size()/2); - OutputData(output, "R ", R); - OutputData(output, "S ", S); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - else if (m_test == "SigVer") - { - Integer p((m_data["P"] + "h").c_str()); - Integer q((m_data["Q"] + "h").c_str()); - Integer g((m_data["G"] + "h").c_str()); - Integer y((m_data["Y"] + "h").c_str()); - DSA::Verifier verifier(p, q, g, y); - - HexDecoder filter(new SignatureVerificationFilter(verifier)); - StringSource(m_data["R"], true, new Redirector(filter, Redirector::DATA_ONLY)); - StringSource(m_data["S"], true, new Redirector(filter, Redirector::DATA_ONLY)); - StringSource(m_data["Msg"], true, new Redirector(filter, Redirector::DATA_ONLY)); - filter.MessageEnd(); - byte b; - filter.Get(b); - OutputData(output, "Result ", b ? "P" : "F"); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - else if (m_test == "PQGVer") - { - Integer p((m_data["P"] + "h").c_str()); - Integer q((m_data["Q"] + "h").c_str()); - Integer g((m_data["G"] + "h").c_str()); - Integer h((m_data["H"] + "h").c_str()); - int c = atol(m_data["c"].c_str()); - SecByteBlock seed(m_data["Seed"].size()/2); - StringSource(m_data["Seed"], true, new HexDecoder(new ArraySink(seed, seed.size()))); - - Integer p1, q1; - bool result = DSA::GeneratePrimes(seed, seed.size()*8, c, p1, 1024, q1, true); - result = result && (p1 == p && q1 == q); - result = result && g == a_exp_b_mod_c(h, (p-1)/q, p); - - OutputData(output, "Result ", result ? "P" : "F"); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - - return; - } - - if (m_algorithm == "ECDSA") - { - std::map<std::string, OID> name2oid; - name2oid["P-192"] = ASN1::secp192r1(); - name2oid["P-224"] = ASN1::secp224r1(); - name2oid["P-256"] = ASN1::secp256r1(); - name2oid["P-384"] = ASN1::secp384r1(); - name2oid["P-521"] = ASN1::secp521r1(); - name2oid["K-163"] = ASN1::sect163k1(); - name2oid["K-233"] = ASN1::sect233k1(); - name2oid["K-283"] = ASN1::sect283k1(); - name2oid["K-409"] = ASN1::sect409k1(); - name2oid["K-571"] = ASN1::sect571k1(); - name2oid["B-163"] = ASN1::sect163r2(); - name2oid["B-233"] = ASN1::sect233r1(); - name2oid["B-283"] = ASN1::sect283r1(); - name2oid["B-409"] = ASN1::sect409r1(); - name2oid["B-571"] = ASN1::sect571r1(); - - if (m_test == "PKV") - { - bool pass; - if (m_bracketString[0] == 'P') - pass = EC_PKV<ECP>(m_rng, DecodeHex(m_data["Qx"]), DecodeHex(m_data["Qy"]), name2oid[m_bracketString]); - else - pass = EC_PKV<EC2N>(m_rng, DecodeHex(m_data["Qx"]), DecodeHex(m_data["Qy"]), name2oid[m_bracketString]); - - OutputData(output, "Result ", pass ? "P" : "F"); - } - else if (m_test == "KeyPair") - { - if (m_bracketString[0] == 'P') - EC_KeyPair<ECP>(output, atol(m_data["N"].c_str()), name2oid[m_bracketString]); - else - EC_KeyPair<EC2N>(output, atol(m_data["N"].c_str()), name2oid[m_bracketString]); - } - else if (m_test == "SigGen") - { - if (m_bracketString[0] == 'P') - EC_SigGen<ECP>(output, name2oid[m_bracketString]); - else - EC_SigGen<EC2N>(output, name2oid[m_bracketString]); - } - else if (m_test == "SigVer") - { - if (m_bracketString[0] == 'P') - EC_SigVer<ECP>(output, name2oid[m_bracketString]); - else - EC_SigVer<EC2N>(output, name2oid[m_bracketString]); - } - - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - return; - } - - if (m_algorithm == "RSA") - { - std::string shaAlg = m_data["SHAAlg"].substr(3); - - if (m_test == "Ver") - { - Integer n((m_data["n"] + "h").c_str()); - Integer e((m_data["e"] + "h").c_str()); - RSA::PublicKey pub; - pub.Initialize(n, e); - - member_ptr<PK_Verifier> pV(CreateRSA<PK_Verifier>(m_mode, shaAlg)); - pV->AccessMaterial().AssignFrom(pub); - - HexDecoder filter(new SignatureVerificationFilter(*pV)); - for (unsigned int i=m_data["S"].size(); i<pV->SignatureLength()*2; i++) - filter.Put('0'); - StringSource(m_data["S"], true, new Redirector(filter, Redirector::DATA_ONLY)); - StringSource(m_data["Msg"], true, new Redirector(filter, Redirector::DATA_ONLY)); - filter.MessageEnd(); - byte b; - filter.Get(b); - OutputData(output, "Result ", b ? "P" : "F"); - } - else - { - assert(m_test == "Gen"); - int modLen = atol(m_bracketString.substr(6).c_str()); - std::string &encodedKey = m_data["PrivKey"]; - RSA::PrivateKey priv; - - if (!encodedKey.empty()) - { - StringStore s(encodedKey); - priv.BERDecode(s); - if (priv.GetModulus().BitCount() != modLen) - encodedKey.clear(); - } - - if (encodedKey.empty()) - { - priv.Initialize(m_rng, modLen); - StringSink s(encodedKey); - priv.DEREncode(s); - OutputData(output, "n ", priv.GetModulus()); - OutputData(output, "e ", priv.GetPublicExponent(), modLen/8); - } - - member_ptr<PK_Signer> pS(CreateRSA<PK_Signer>(m_mode, shaAlg)); - pS->AccessMaterial().AssignFrom(priv); - - SecByteBlock sig(pS->SignatureLength()); - StringSource(m_data["Msg"], true, new HexDecoder(new SignerFilter(m_rng, *pS, new ArraySink(sig, sig.size())))); - OutputData(output, "SHAAlg ", m_data["SHAAlg"]); - OutputData(output, "Msg ", m_data["Msg"]); - OutputData(output, "S ", sig); - } - - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - return; - } - - if (m_algorithm == "SHA") - { - member_ptr<HashFunction> pHF; - - if (m_mode == "1") - pHF.reset(new SHA1); - else if (m_mode == "224") - pHF.reset(new SHA224); - else if (m_mode == "256") - pHF.reset(new SHA256); - else if (m_mode == "384") - pHF.reset(new SHA384); - else if (m_mode == "512") - pHF.reset(new SHA512); - - if (m_test == "MONTE") - { - SecByteBlock seed = m_data2[INPUT]; - SecByteBlock MD[1003]; - int i,j; - - for (j=0; j<100; j++) - { - MD[0] = MD[1] = MD[2] = seed; - for (i=3; i<1003; i++) - { - SecByteBlock Mi = MD[i-3] + MD[i-2] + MD[i-1]; - MD[i].resize(pHF->DigestSize()); - pHF->CalculateDigest(MD[i], Mi, Mi.size()); - } - seed = MD[1002]; - OutputData(output, "COUNT ", j); - OutputData(output, "MD ", seed); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - } - else - { - SecByteBlock tag(pHF->DigestSize()); - SecByteBlock &msg(m_data2[INPUT]); - int len = atol(m_data["Len"].c_str()); - StringSource(msg.begin(), len/8, true, new HashFilter(*pHF, new ArraySink(tag, tag.size()))); - OutputData(output, "MD ", tag); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - return; - } - - SecByteBlock &key = m_data2[KEY_T]; - - if (m_algorithm == "TDES") - { - if (!m_data["KEY1"].empty()) - { - const std::string keys[3] = {m_data["KEY1"], m_data["KEY2"], m_data["KEY3"]}; - key.resize(24); - HexDecoder hexDec(new ArraySink(key, key.size())); - for (int i=0; i<3; i++) - hexDec.Put((byte *)keys[i].data(), keys[i].size()); - - if (keys[0] == keys[2]) - { - if (keys[0] == keys[1]) - key.resize(8); - else - key.resize(16); - } - else - key.resize(24); - } - } - - if (m_algorithm == "RNG") - { - key.resize(24); - StringSource(m_data["Key1"] + m_data["Key2"] + m_data["Key3"], true, new HexDecoder(new ArraySink(key, key.size()))); - - SecByteBlock seed(m_data2[INPUT]), dt(m_data2[IV]), r(8); - X917RNG rng(new DES_EDE3::Encryption(key, key.size()), seed, dt); - - if (m_test == "MCT") - { - for (int i=0; i<10000; i++) - rng.GenerateBlock(r, r.size()); - } - else - { - rng.GenerateBlock(r, r.size()); - } - - OutputData(output, "R ", r); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - return; - } - - if (m_algorithm == "HMAC") - { - member_ptr<MessageAuthenticationCode> pMAC; - - if (m_bracketString == "L=20") - pMAC.reset(new HMAC<SHA1>); - else if (m_bracketString == "L=28") - pMAC.reset(new HMAC<SHA224>); - else if (m_bracketString == "L=32") - pMAC.reset(new HMAC<SHA256>); - else if (m_bracketString == "L=48") - pMAC.reset(new HMAC<SHA384>); - else if (m_bracketString == "L=64") - pMAC.reset(new HMAC<SHA512>); - else - throw Exception(Exception::OTHER_ERROR, "TestDataParser: unexpected HMAC bracket string: " + m_bracketString); - - pMAC->SetKey(key, key.size()); - int Tlen = atol(m_data["Tlen"].c_str()); - SecByteBlock tag(Tlen); - StringSource(m_data["Msg"], true, new HexDecoder(new HashFilter(*pMAC, new ArraySink(tag, Tlen), false, Tlen))); - OutputData(output, "Mac ", tag); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - return; - } - - member_ptr<BlockCipher> pBT; - if (m_algorithm == "DES") - pBT.reset(NewBT((DES*)0)); - else if (m_algorithm == "TDES") - { - if (key.size() == 8) - pBT.reset(NewBT((DES*)0)); - else if (key.size() == 16) - pBT.reset(NewBT((DES_EDE2*)0)); - else - pBT.reset(NewBT((DES_EDE3*)0)); - } - else if (m_algorithm == "SKIPJACK") - pBT.reset(NewBT((SKIPJACK*)0)); - else if (m_algorithm == "AES") - pBT.reset(NewBT((AES*)0)); - else - throw Exception(Exception::OTHER_ERROR, "TestDataParser: unexpected algorithm: " + m_algorithm); - - if (!pBT->IsValidKeyLength(key.size())) - key.CleanNew(pBT->DefaultKeyLength()); // for Scbcvrct - pBT->SetKey(key.data(), key.size()); - - SecByteBlock &iv = m_data2[IV]; - if (iv.empty()) - iv.CleanNew(pBT->BlockSize()); - - member_ptr<SymmetricCipher> pCipher; - unsigned int K = m_feedbackSize; - - if (m_mode == "ECB") - pCipher.reset(NewMode((ECB_Mode_ExternalCipher*)0, *pBT, iv)); - else if (m_mode == "CBC") - pCipher.reset(NewMode((CBC_Mode_ExternalCipher*)0, *pBT, iv)); - else if (m_mode == "CFB") - pCipher.reset(NewMode((CFB_Mode_ExternalCipher*)0, *pBT, iv)); - else if (m_mode == "OFB") - pCipher.reset(NewMode((OFB_Mode_ExternalCipher*)0, *pBT, iv)); - else - throw Exception(Exception::OTHER_ERROR, "TestDataParser: unexpected mode: " + m_mode); - - bool encrypt = m_encrypt; - - if (m_test == "MONTE") - { - SecByteBlock KEY[401]; - KEY[0] = key; - int keySize = key.size(); - int blockSize = pBT->BlockSize(); - - std::vector<SecByteBlock> IB(10001), OB(10001), PT(10001), CT(10001), RESULT(10001), TXT(10001), CV(10001); - PT[0] = GetData("PLAINTEXT"); - CT[0] = GetData("CIPHERTEXT"); - CV[0] = IB[0] = iv; - TXT[0] = GetData("TEXT"); - - int outerCount = (m_algorithm == "AES") ? 100 : 400; - int innerCount = (m_algorithm == "AES") ? 1000 : 10000; - - for (int i=0; i<outerCount; i++) - { - pBT->SetKey(KEY[i], keySize); - - for (int j=0; j<innerCount; j++) - { - if (m_mode == "ECB") - { - if (encrypt) - { - IB[j] = PT[j]; - CT[j].resize(blockSize); - pBT->ProcessBlock(IB[j], CT[j]); - PT[j+1] = CT[j]; - } - else - { - IB[j] = CT[j]; - PT[j].resize(blockSize); - pBT->ProcessBlock(IB[j], PT[j]); - CT[j+1] = PT[j]; - } - } - else if (m_mode == "OFB") - { - OB[j].resize(blockSize); - pBT->ProcessBlock(IB[j], OB[j]); - Xor(RESULT[j], OB[j], TXT[j]); - TXT[j+1] = IB[j]; - IB[j+1] = OB[j]; - } - else if (m_mode == "CBC") - { - if (encrypt) - { - Xor(IB[j], PT[j], CV[j]); - CT[j].resize(blockSize); - pBT->ProcessBlock(IB[j], CT[j]); - PT[j+1] = CV[j]; - CV[j+1] = CT[j]; - } - else - { - IB[j] = CT[j]; - OB[j].resize(blockSize); - pBT->ProcessBlock(IB[j], OB[j]); - Xor(PT[j], OB[j], CV[j]); - CV[j+1] = CT[j]; - CT[j+1] = PT[j]; - } - } - else if (m_mode == "CFB") - { - if (encrypt) - { - OB[j].resize(blockSize); - pBT->ProcessBlock(IB[j], OB[j]); - AssignLeftMostBits(CT[j], OB[j], K); - Xor(CT[j], CT[j], PT[j]); - AssignLeftMostBits(PT[j+1], IB[j], K); - IB[j+1].resize(blockSize); - memcpy(IB[j+1], IB[j]+K/8, blockSize-K/8); - memcpy(IB[j+1]+blockSize-K/8, CT[j], K/8); - } - else - { - OB[j].resize(blockSize); - pBT->ProcessBlock(IB[j], OB[j]); - AssignLeftMostBits(PT[j], OB[j], K); - Xor(PT[j], PT[j], CT[j]); - IB[j+1].resize(blockSize); - memcpy(IB[j+1], IB[j]+K/8, blockSize-K/8); - memcpy(IB[j+1]+blockSize-K/8, CT[j], K/8); - AssignLeftMostBits(CT[j+1], OB[j], K); - } - } - else - throw Exception(Exception::OTHER_ERROR, "TestDataParser: unexpected mode: " + m_mode); - } - - OutputData(output, COUNT, IntToString(i)); - OutputData(output, KEY_T, KEY[i]); - if (m_mode == "CBC") - OutputData(output, IV, CV[0]); - if (m_mode == "OFB" || m_mode == "CFB") - OutputData(output, IV, IB[0]); - if (m_mode == "ECB" || m_mode == "CBC" || m_mode == "CFB") - { - if (encrypt) - { - OutputData(output, INPUT, PT[0]); - OutputData(output, OUTPUT, CT[innerCount-1]); - KEY[i+1] = UpdateKey(KEY[i], &CT[0]); - } - else - { - OutputData(output, INPUT, CT[0]); - OutputData(output, OUTPUT, PT[innerCount-1]); - KEY[i+1] = UpdateKey(KEY[i], &PT[0]); - } - PT[0] = PT[innerCount]; - IB[0] = IB[innerCount]; - CV[0] = CV[innerCount]; - CT[0] = CT[innerCount]; - } - else if (m_mode == "OFB") - { - OutputData(output, INPUT, TXT[0]); - OutputData(output, OUTPUT, RESULT[innerCount-1]); - KEY[i+1] = UpdateKey(KEY[i], &RESULT[0]); - Xor(TXT[0], TXT[0], IB[innerCount-1]); - IB[0] = OB[innerCount-1]; - } - output += "\n"; - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - } - else if (m_test == "MCT") - { - SecByteBlock KEY[101]; - KEY[0] = key; - int keySize = key.size(); - int blockSize = pBT->BlockSize(); - - SecByteBlock ivs[101], inputs[1001], outputs[1001]; - ivs[0] = iv; - inputs[0] = m_data2[INPUT]; - - for (int i=0; i<100; i++) - { - pCipher->SetKey(KEY[i], keySize, MakeParameters(Name::IV(), (const byte *)ivs[i])(Name::FeedbackSize(), (int)K/8, false)); - - for (int j=0; j<1000; j++) - { - outputs[j] = inputs[j]; - pCipher->ProcessString(outputs[j], outputs[j].size()); - if (K==8 && m_mode == "CFB") - { - if (j<16) - inputs[j+1].Assign(ivs[i]+j, 1); - else - inputs[j+1] = outputs[j-16]; - } - else if (m_mode == "ECB") - inputs[j+1] = outputs[j]; - else if (j == 0) - inputs[j+1] = ivs[i]; - else - inputs[j+1] = outputs[j-1]; - } - - if (m_algorithm == "AES") - OutputData(output, COUNT, m_count++); - OutputData(output, KEY_T, KEY[i]); - if (m_mode != "ECB") - OutputData(output, IV, ivs[i]); - OutputData(output, INPUT, inputs[0]); - OutputData(output, OUTPUT, outputs[999]); - output += "\n"; - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - - KEY[i+1] = UpdateKey(KEY[i], outputs); - ivs[i+1].CleanNew(pCipher->IVSize()); - ivs[i+1] = UpdateKey(ivs[i+1], outputs); - if (K==8 && m_mode == "CFB") - inputs[0] = outputs[999-16]; - else if (m_mode == "ECB") - inputs[0] = outputs[999]; - else - inputs[0] = outputs[998]; - } - } - else - { - assert(m_test == "KAT"); - - SecByteBlock &input = m_data2[INPUT]; - SecByteBlock result(input.size()); - member_ptr<Filter> pFilter(new StreamTransformationFilter(*pCipher, new ArraySink(result, result.size()), StreamTransformationFilter::NO_PADDING)); - StringSource(input.data(), input.size(), true, pFilter.release()); - - OutputGivenData(output, COUNT, true); - OutputData(output, KEY_T, key); - OutputGivenData(output, IV, true); - OutputGivenData(output, INPUT); - OutputData(output, OUTPUT, result); - output += "\n"; - AttachedTransformation()->Put((byte *)output.data(), output.size()); - } - } - - std::vector<std::string> Tokenize(const std::string &line) - { - std::vector<std::string> result; - std::string s; - for (unsigned int i=0; i<line.size(); i++) - { - if (isalnum(line[i]) || line[i] == '^') - s += line[i]; - else if (!s.empty()) - { - result.push_back(s); - s = ""; - } - if (line[i] == '=') - result.push_back("="); - } - if (!s.empty()) - result.push_back(s); - return result; - } - - bool IsolatedMessageEnd(bool blocking) - { - if (!blocking) - throw BlockingInputOnly("TestDataParser"); - - m_line.resize(0); - m_inQueue.TransferTo(StringSink(m_line).Ref()); - - if (m_line[0] == '#') - return false; - - bool copyLine = false; - - if (m_line[0] == '[') - { - m_bracketString = m_line.substr(1, m_line.size()-2); - if (m_bracketString == "ENCRYPT") - SetEncrypt(true); - if (m_bracketString == "DECRYPT") - SetEncrypt(false); - copyLine = true; - } - - if (m_line.substr(0, 2) == "H>") - { - assert(m_test == "sha"); - m_bracketString = m_line.substr(2, m_line.size()-4); - m_line = m_line.substr(0, 13) + "Hashes<H"; - copyLine = true; - } - - if (m_line == "D>") - copyLine = true; - - if (m_line == "<D") - { - m_line += "\n"; - copyLine = true; - } - - if (copyLine) - { - m_line += '\n'; - AttachedTransformation()->Put((byte *)m_line.data(), m_line.size(), blocking); - return false; - } - - std::vector<std::string> tokens = Tokenize(m_line); - - if (m_algorithm == "DSA" && m_test == "sha") - { - for (unsigned int i = 0; i < tokens.size(); i++) - { - if (tokens[i] == "^") - DoTest(); - else if (tokens[i] != "") - m_compactString.push_back(atol(tokens[i].c_str())); - } - } - else - { - if (!m_line.empty() && ((m_algorithm == "RSA" && m_test != "Gen") || m_algorithm == "RNG" || m_algorithm == "HMAC" || m_algorithm == "SHA" || (m_algorithm == "ECDSA" && m_test != "KeyPair") || (m_algorithm == "DSA" && (m_test == "PQGVer" || m_test == "SigVer")))) - { - // copy input to output - std::string output = m_line + '\n'; - AttachedTransformation()->Put((byte *)output.data(), output.size()); - } - - for (unsigned int i = 0; i < tokens.size(); i++) - { - if (m_firstLine && m_algorithm != "DSA") - { - if (tokens[i] == "Encrypt" || tokens[i] == "OFB") - SetEncrypt(true); - else if (tokens[i] == "Decrypt") - SetEncrypt(false); - else if (tokens[i] == "Modes") - m_test = "MONTE"; - } - else - { - if (tokens[i] != "=") - continue; - - if (i == 0) - throw Exception(Exception::OTHER_ERROR, "TestDataParser: unexpected data: " + m_line); - - const std::string &key = tokens[i-1]; - std::string &data = m_data[key]; - data = (tokens.size() > i+1) ? tokens[i+1] : ""; - DataType t = m_nameToType[key]; - m_typeToName[t] = key; - m_data2[t] = DecodeHex(data); - - if (key == m_trigger || (t == OUTPUT && !m_data2[INPUT].empty() && !isspace(m_line[0]))) - DoTest(); - } - } - } - - m_firstLine = false; - - return false; - } - - inline const SecByteBlock & GetData(const std::string &key) - { - return m_data2[m_nameToType[key]]; - } - - static SecByteBlock DecodeHex(const std::string &data) - { - SecByteBlock data2(data.size() / 2); - StringSource(data, true, new HexDecoder(new ArraySink(data2, data2.size()))); - return data2; - } - - std::string m_algorithm, m_test, m_mode, m_line, m_bracketString, m_trigger; - unsigned int m_feedbackSize, m_blankLineTransition; - bool m_encrypt, m_firstLine; - - typedef std::map<std::string, DataType> NameToTypeMap; - NameToTypeMap m_nameToType; - typedef std::map<DataType, std::string> TypeToNameMap; - TypeToNameMap m_typeToName; - - typedef std::map<std::string, std::string> Map; - Map m_data; // raw data - typedef std::map<DataType, SecByteBlock> Map2; - Map2 m_data2; - int m_count; - - AutoSeededX917RNG<AES> m_rng; - std::vector<unsigned int> m_compactString; -}; - -int FIPS_140_AlgorithmTest(int argc, char **argv) -{ - argc--; - argv++; - - std::string algorithm = argv[1]; - std::string pathname = argv[2]; - unsigned int i = pathname.find_last_of("\\/"); - std::string filename = pathname.substr(i == std::string::npos ? 0 : i+1); - std::string dirname = pathname.substr(0, i); - - if (algorithm == "auto") - { - string algTable[] = {"AES", "ECDSA", "DSA", "HMAC", "RNG", "RSA", "TDES", "SKIPJACK", "SHA"}; // order is important here - for (i=0; i<sizeof(algTable)/sizeof(algTable[0]); i++) - { - if (dirname.find(algTable[i]) != std::string::npos) - { - algorithm = algTable[i]; - break; - } - } - } - - try - { - std::string mode; - if (algorithm == "SHA") - mode = IntToString(atol(filename.substr(3, 3).c_str())); - else if (algorithm == "RSA") - mode = filename.substr(6, 1); - else if (filename[0] == 'S' || filename[0] == 'T') - mode = filename.substr(1, 3); - else - mode = filename.substr(0, 3); - for (i = 0; i<mode.size(); i++) - mode[i] = toupper(mode[i]); - unsigned int feedbackSize = mode == "CFB" ? atoi(filename.substr(filename.find_first_of("0123456789")).c_str()) : 0; - std::string test; - if (algorithm == "DSA" || algorithm == "ECDSA") - test = filename.substr(0, filename.size() - 4); - else if (algorithm == "RSA") - test = filename.substr(3, 3); - else if (filename.find("Monte") != std::string::npos) - test = "MONTE"; - else if (filename.find("MCT") != std::string::npos) - test = "MCT"; - else - test = "KAT"; - bool encrypt = (filename.find("vrct") == std::string::npos); - - BufferedTransformation *pSink = NULL; - - if (argc > 3) - { - std::string outDir = argv[3]; - - if (outDir == "auto") - { - if (dirname.substr(dirname.size()-3) == "req") - outDir = dirname.substr(0, dirname.size()-3) + "resp"; - } - - if (*outDir.rbegin() != '\\' && *outDir.rbegin() != '/') - outDir += '/'; - std::string outPathname = outDir + filename.substr(0, filename.size() - 3) + "rsp"; - pSink = new FileSink(outPathname.c_str(), false); - } - else - pSink = new FileSink(cout); - - FileSource(pathname.c_str(), true, new LineBreakParser(new TestDataParser(algorithm, test, mode, feedbackSize, encrypt, pSink)), false); - } - catch (...) - { - cout << "file: " << filename << endl; - throw; - } - return 0; -} - -extern int (*AdhocTest)(int argc, char *argv[]); -static int s_i = (AdhocTest = &FIPS_140_AlgorithmTest, 0); -#endif diff --git a/cryptopp562/fipstest.cpp b/cryptopp562/fipstest.cpp deleted file mode 100644 index e882742..0000000 --- a/cryptopp562/fipstest.cpp +++ /dev/null @@ -1,601 +0,0 @@ -// fipstest.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#define CRYPTOPP_DEFAULT_NO_DLL -#include "dll.h" - -#ifdef CRYPTOPP_WIN32_AVAILABLE -#define _WIN32_WINNT 0x0400 -#include <windows.h> - -#if defined(_MSC_VER) && _MSC_VER >= 1400 -#ifdef _M_IX86 -#define _CRT_DEBUGGER_HOOK _crt_debugger_hook -#else -#define _CRT_DEBUGGER_HOOK __crt_debugger_hook -#endif -extern "C" {_CRTIMP void __cdecl _CRT_DEBUGGER_HOOK(int);} -#endif -#endif - -#include <iostream> - -NAMESPACE_BEGIN(CryptoPP) - -extern PowerUpSelfTestStatus g_powerUpSelfTestStatus; -SecByteBlock g_actualMac; -unsigned long g_macFileLocation = 0; - -// use a random dummy string here, to be searched/replaced later with the real MAC -static const byte s_moduleMac[CryptoPP::HMAC<CryptoPP::SHA1>::DIGESTSIZE] = CRYPTOPP_DUMMY_DLL_MAC; -CRYPTOPP_COMPILE_ASSERT(sizeof(s_moduleMac) == CryptoPP::SHA1::DIGESTSIZE); - -#ifdef CRYPTOPP_WIN32_AVAILABLE -static HMODULE s_hModule = NULL; -#endif - -const byte * CRYPTOPP_API GetActualMacAndLocation(unsigned int &macSize, unsigned int &fileLocation) -{ - macSize = (unsigned int)g_actualMac.size(); - fileLocation = g_macFileLocation; - return g_actualMac; -} - -void KnownAnswerTest(RandomNumberGenerator &rng, const char *output) -{ - EqualityComparisonFilter comparison; - - RandomNumberStore(rng, strlen(output)/2).TransferAllTo(comparison, "0"); - StringSource(output, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); - - comparison.ChannelMessageSeriesEnd("0"); - comparison.ChannelMessageSeriesEnd("1"); -} - -template <class CIPHER> -void X917RNG_KnownAnswerTest( - const char *key, - const char *seed, - const char *deterministicTimeVector, - const char *output, - CIPHER *dummy = NULL) -{ -#ifdef OS_RNG_AVAILABLE - std::string decodedKey, decodedSeed, decodedDeterministicTimeVector; - StringSource(key, true, new HexDecoder(new StringSink(decodedKey))); - StringSource(seed, true, new HexDecoder(new StringSink(decodedSeed))); - StringSource(deterministicTimeVector, true, new HexDecoder(new StringSink(decodedDeterministicTimeVector))); - - AutoSeededX917RNG<CIPHER> rng(false, false); - rng.Reseed((const byte *)decodedKey.data(), decodedKey.size(), (const byte *)decodedSeed.data(), (const byte *)decodedDeterministicTimeVector.data()); - KnownAnswerTest(rng, output); -#else - throw 0; -#endif -} - -void KnownAnswerTest(StreamTransformation &encryption, StreamTransformation &decryption, const char *plaintext, const char *ciphertext) -{ - EqualityComparisonFilter comparison; - - StringSource(plaintext, true, new HexDecoder(new StreamTransformationFilter(encryption, new ChannelSwitch(comparison, "0"), StreamTransformationFilter::NO_PADDING))); - StringSource(ciphertext, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); - - StringSource(ciphertext, true, new HexDecoder(new StreamTransformationFilter(decryption, new ChannelSwitch(comparison, "0"), StreamTransformationFilter::NO_PADDING))); - StringSource(plaintext, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); - - comparison.ChannelMessageSeriesEnd("0"); - comparison.ChannelMessageSeriesEnd("1"); -} - -template <class CIPHER> -void SymmetricEncryptionKnownAnswerTest( - const char *key, - const char *hexIV, - const char *plaintext, - const char *ecb, - const char *cbc, - const char *cfb, - const char *ofb, - const char *ctr, - CIPHER *dummy = NULL) -{ - std::string decodedKey; - StringSource(key, true, new HexDecoder(new StringSink(decodedKey))); - - typename CIPHER::Encryption encryption((const byte *)decodedKey.data(), decodedKey.size()); - typename CIPHER::Decryption decryption((const byte *)decodedKey.data(), decodedKey.size()); - - SecByteBlock iv(encryption.BlockSize()); - StringSource(hexIV, true, new HexDecoder(new ArraySink(iv, iv.size()))); - - if (ecb) - KnownAnswerTest(ECB_Mode_ExternalCipher::Encryption(encryption).Ref(), ECB_Mode_ExternalCipher::Decryption(decryption).Ref(), plaintext, ecb); - if (cbc) - KnownAnswerTest(CBC_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), CBC_Mode_ExternalCipher::Decryption(decryption, iv).Ref(), plaintext, cbc); - if (cfb) - KnownAnswerTest(CFB_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), CFB_Mode_ExternalCipher::Decryption(encryption, iv).Ref(), plaintext, cfb); - if (ofb) - KnownAnswerTest(OFB_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), OFB_Mode_ExternalCipher::Decryption(encryption, iv).Ref(), plaintext, ofb); - if (ctr) - KnownAnswerTest(CTR_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), CTR_Mode_ExternalCipher::Decryption(encryption, iv).Ref(), plaintext, ctr); -} - -void KnownAnswerTest(HashTransformation &hash, const char *message, const char *digest) -{ - EqualityComparisonFilter comparison; - StringSource(digest, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); - StringSource(message, true, new HashFilter(hash, new ChannelSwitch(comparison, "0"))); - - comparison.ChannelMessageSeriesEnd("0"); - comparison.ChannelMessageSeriesEnd("1"); -} - -template <class HASH> -void SecureHashKnownAnswerTest(const char *message, const char *digest, HASH *dummy = NULL) -{ - HASH hash; - KnownAnswerTest(hash, message, digest); -} - -template <class MAC> -void MAC_KnownAnswerTest(const char *key, const char *message, const char *digest, MAC *dummy = NULL) -{ - std::string decodedKey; - StringSource(key, true, new HexDecoder(new StringSink(decodedKey))); - - MAC mac((const byte *)decodedKey.data(), decodedKey.size()); - KnownAnswerTest(mac, message, digest); -} - -template <class SCHEME> -void SignatureKnownAnswerTest(const char *key, const char *message, const char *signature, SCHEME *dummy = NULL) -{ - typename SCHEME::Signer signer(StringSource(key, true, new HexDecoder).Ref()); - typename SCHEME::Verifier verifier(signer); - - RandomPool rng; - EqualityComparisonFilter comparison; - - StringSource(message, true, new SignerFilter(rng, signer, new ChannelSwitch(comparison, "0"))); - StringSource(signature, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); - - comparison.ChannelMessageSeriesEnd("0"); - comparison.ChannelMessageSeriesEnd("1"); - - VerifierFilter verifierFilter(verifier, NULL, VerifierFilter::SIGNATURE_AT_BEGIN | VerifierFilter::THROW_EXCEPTION); - StringSource(signature, true, new HexDecoder(new Redirector(verifierFilter, Redirector::DATA_ONLY))); - StringSource(message, true, new Redirector(verifierFilter)); -} - -void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor) -{ - try - { - RandomPool rng; - const char *testMessage ="test message"; - std::string ciphertext, decrypted; - - StringSource( - testMessage, - true, - new PK_EncryptorFilter( - rng, - encryptor, - new StringSink(ciphertext))); - - if (ciphertext == testMessage) - throw 0; - - StringSource( - ciphertext, - true, - new PK_DecryptorFilter( - rng, - decryptor, - new StringSink(decrypted))); - - if (decrypted != testMessage) - throw 0; - } - catch (...) - { - throw SelfTestFailure(encryptor.AlgorithmName() + ": pairwise consistency test failed"); - } -} - -void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier) -{ - try - { - RandomPool rng; - - StringSource( - "test message", - true, - new SignerFilter( - rng, - signer, - new VerifierFilter(verifier, NULL, VerifierFilter::THROW_EXCEPTION), - true)); - } - catch (...) - { - throw SelfTestFailure(signer.AlgorithmName() + ": pairwise consistency test failed"); - } -} - -template <class SCHEME> -void SignaturePairwiseConsistencyTest(const char *key, SCHEME *dummy = NULL) -{ - typename SCHEME::Signer signer(StringSource(key, true, new HexDecoder).Ref()); - typename SCHEME::Verifier verifier(signer); - - SignaturePairwiseConsistencyTest(signer, verifier); -} - -MessageAuthenticationCode * NewIntegrityCheckingMAC() -{ - byte key[] = {0x47, 0x1E, 0x33, 0x96, 0x65, 0xB1, 0x6A, 0xED, 0x0B, 0xF8, 0x6B, 0xFD, 0x01, 0x65, 0x05, 0xCC}; - return new HMAC<SHA1>(key, sizeof(key)); -} - -bool IntegrityCheckModule(const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac, unsigned long *pMacFileLocation) -{ - std::auto_ptr<MessageAuthenticationCode> mac(NewIntegrityCheckingMAC()); - unsigned int macSize = mac->DigestSize(); - - SecByteBlock tempMac; - SecByteBlock &actualMac = pActualMac ? *pActualMac : tempMac; - actualMac.resize(macSize); - - unsigned long tempLocation; - unsigned long &macFileLocation = pMacFileLocation ? *pMacFileLocation : tempLocation; - macFileLocation = 0; - - MeterFilter verifier(new HashFilter(*mac, new ArraySink(actualMac, actualMac.size()))); -// MeterFilter verifier(new FileSink("c:\\dt.tmp")); - std::ifstream moduleStream; - -#ifdef CRYPTOPP_WIN32_AVAILABLE - HMODULE h; - { - char moduleFilenameBuf[MAX_PATH] = ""; - if (moduleFilename == NULL) - { -#if (_MSC_VER >= 1400 && !defined(_STLPORT_VERSION)) // ifstream doesn't support wide filename on other compilers - wchar_t wideModuleFilename[MAX_PATH]; - if (GetModuleFileNameW(s_hModule, wideModuleFilename, MAX_PATH) > 0) - { - moduleStream.open(wideModuleFilename, std::ios::in | std::ios::binary); - h = GetModuleHandleW(wideModuleFilename); - } - else -#endif - { - GetModuleFileNameA(s_hModule, moduleFilenameBuf, MAX_PATH); - moduleFilename = moduleFilenameBuf; - } - } -#endif - if (moduleFilename != NULL) - { - moduleStream.open(moduleFilename, std::ios::in | std::ios::binary); -#ifdef CRYPTOPP_WIN32_AVAILABLE - h = GetModuleHandleA(moduleFilename); - moduleFilename = NULL; - } -#endif - } - - if (!moduleStream) - { -#ifdef CRYPTOPP_WIN32_AVAILABLE - OutputDebugString("Crypto++ DLL integrity check failed. Cannot open file for reading."); -#endif - return false; - } - FileStore file(moduleStream); - -#ifdef CRYPTOPP_WIN32_AVAILABLE - // try to hash from memory first - const byte *memBase = (const byte *)h; - const IMAGE_DOS_HEADER *ph = (IMAGE_DOS_HEADER *)memBase; - const IMAGE_NT_HEADERS *phnt = (IMAGE_NT_HEADERS *)(memBase + ph->e_lfanew); - const IMAGE_SECTION_HEADER *phs = IMAGE_FIRST_SECTION(phnt); - DWORD nSections = phnt->FileHeader.NumberOfSections; - size_t currentFilePos = 0; - - size_t checksumPos = (byte *)&phnt->OptionalHeader.CheckSum - memBase; - size_t checksumSize = sizeof(phnt->OptionalHeader.CheckSum); - size_t certificateTableDirectoryPos = (byte *)&phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY] - memBase; - size_t certificateTableDirectorySize = sizeof(phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]); - size_t certificateTablePos = phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress; - size_t certificateTableSize = phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].Size; - - verifier.AddRangeToSkip(0, checksumPos, checksumSize); - verifier.AddRangeToSkip(0, certificateTableDirectoryPos, certificateTableDirectorySize); - verifier.AddRangeToSkip(0, certificateTablePos, certificateTableSize); - - while (nSections--) - { - switch (phs->Characteristics) - { - default: - break; - case IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_READ: - case IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_MEM_READ: - unsigned int sectionSize = STDMIN(phs->SizeOfRawData, phs->Misc.VirtualSize); - const byte *sectionMemStart = memBase + phs->VirtualAddress; - unsigned int sectionFileStart = phs->PointerToRawData; - size_t subSectionStart = 0, nextSubSectionStart; - - do - { - const byte *subSectionMemStart = sectionMemStart + subSectionStart; - size_t subSectionFileStart = sectionFileStart + subSectionStart; - size_t subSectionSize = sectionSize - subSectionStart; - nextSubSectionStart = 0; - - unsigned int entriesToReadFromDisk[] = {IMAGE_DIRECTORY_ENTRY_IMPORT, IMAGE_DIRECTORY_ENTRY_IAT}; - for (unsigned int i=0; i<sizeof(entriesToReadFromDisk)/sizeof(entriesToReadFromDisk[0]); i++) - { - const IMAGE_DATA_DIRECTORY &entry = phnt->OptionalHeader.DataDirectory[entriesToReadFromDisk[i]]; - const byte *entryMemStart = memBase + entry.VirtualAddress; - if (subSectionMemStart <= entryMemStart && entryMemStart < subSectionMemStart + subSectionSize) - { - subSectionSize = entryMemStart - subSectionMemStart; - nextSubSectionStart = entryMemStart - sectionMemStart + entry.Size; - } - } - -#if defined(_MSC_VER) && _MSC_VER >= 1400 - // first byte of _CRT_DEBUGGER_HOOK gets modified in memory by the debugger invisibly, so read it from file - if (IsDebuggerPresent()) - { - if (subSectionMemStart <= (byte *)&_CRT_DEBUGGER_HOOK && (byte *)&_CRT_DEBUGGER_HOOK < subSectionMemStart + subSectionSize) - { - subSectionSize = (byte *)&_CRT_DEBUGGER_HOOK - subSectionMemStart; - nextSubSectionStart = (byte *)&_CRT_DEBUGGER_HOOK - sectionMemStart + 1; - } - } -#endif - - if (subSectionMemStart <= expectedModuleMac && expectedModuleMac < subSectionMemStart + subSectionSize) - { - // found stored MAC - macFileLocation = (unsigned long)(subSectionFileStart + (expectedModuleMac - subSectionMemStart)); - verifier.AddRangeToSkip(0, macFileLocation, macSize); - } - - file.TransferTo(verifier, subSectionFileStart - currentFilePos); - verifier.Put(subSectionMemStart, subSectionSize); - file.Skip(subSectionSize); - currentFilePos = subSectionFileStart + subSectionSize; - subSectionStart = nextSubSectionStart; - } while (nextSubSectionStart != 0); - } - phs++; - } -#endif - file.TransferAllTo(verifier); - -#ifdef CRYPTOPP_WIN32_AVAILABLE - // if that fails (could be caused by debug breakpoints or DLL base relocation modifying image in memory), - // hash from disk instead - if (!VerifyBufsEqual(expectedModuleMac, actualMac, macSize)) - { - OutputDebugString("In memory integrity check failed. This may be caused by debug breakpoints or DLL relocation.\n"); - moduleStream.clear(); - moduleStream.seekg(0); - verifier.Initialize(MakeParameters(Name::OutputBuffer(), ByteArrayParameter(actualMac, (unsigned int)actualMac.size()))); -// verifier.Initialize(MakeParameters(Name::OutputFileName(), (const char *)"c:\\dt2.tmp")); - verifier.AddRangeToSkip(0, checksumPos, checksumSize); - verifier.AddRangeToSkip(0, certificateTableDirectoryPos, certificateTableDirectorySize); - verifier.AddRangeToSkip(0, certificateTablePos, certificateTableSize); - verifier.AddRangeToSkip(0, macFileLocation, macSize); - FileStore(moduleStream).TransferAllTo(verifier); - } -#endif - - if (VerifyBufsEqual(expectedModuleMac, actualMac, macSize)) - return true; - -#ifdef CRYPTOPP_WIN32_AVAILABLE - std::string hexMac; - HexEncoder(new StringSink(hexMac)).PutMessageEnd(actualMac, actualMac.size()); - OutputDebugString((("Crypto++ DLL integrity check failed. Actual MAC is: " + hexMac) + "\n").c_str()); -#endif - return false; -} - -void DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleMac) -{ - g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE; - SetPowerUpSelfTestInProgressOnThisThread(true); - - try - { - if (FIPS_140_2_ComplianceEnabled() || expectedModuleMac != NULL) - { - if (!IntegrityCheckModule(moduleFilename, expectedModuleMac, &g_actualMac, &g_macFileLocation)) - throw 0; // throw here so we break in the debugger, this will be caught right away - } - - // algorithm tests - - X917RNG_KnownAnswerTest<AES>( - "2b7e151628aed2a6abf7158809cf4f3c", // key - "000102030405060708090a0b0c0d0e0f", // seed - "00000000000000000000000000000001", // time vector - "D176EDD27493B0395F4D10546232B0693DC7061C03C3A554F09CECF6F6B46D945A"); // output - - SymmetricEncryptionKnownAnswerTest<DES_EDE3>( - "385D7189A5C3D485E1370AA5D408082B5CCCCB5E19F2D90E", - "C141B5FCCD28DC8A", - "6E1BD7C6120947A464A6AAB293A0F89A563D8D40D3461B68", - "64EAAD4ACBB9CEAD6C7615E7C7E4792FE587D91F20C7D2F4", - "6235A461AFD312973E3B4F7AA7D23E34E03371F8E8C376C9", - "E26BA806A59B0330DE40CA38E77A3E494BE2B212F6DD624B", - "E26BA806A59B03307DE2BCC25A08BA40A8BA335F5D604C62", - "E26BA806A59B03303C62C2EFF32D3ACDD5D5F35EBCC53371"); - - SymmetricEncryptionKnownAnswerTest<SKIPJACK>( - "1555E5531C3A169B2D65", - "6EC9795701F49864", - "00AFA48E9621E52E8CBDA312660184EDDB1F33D9DACDA8DA", - "DBEC73562EFCAEB56204EB8AE9557EBF77473FBB52D17CD1", - "0C7B0B74E21F99B8F2C8DF37879F6C044967F42A796DCA8B", - "79FDDA9724E36CC2E023E9A5C717A8A8A7FDA465CADCBF63", - "79FDDA9724E36CC26CACBD83C1ABC06EAF5B249BE5B1E040", - "79FDDA9724E36CC211B0AEC607B95A96BCDA318440B82F49"); - - SymmetricEncryptionKnownAnswerTest<AES>( - "2b7e151628aed2a6abf7158809cf4f3c", - "000102030405060708090a0b0c0d0e0f", - "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", // plaintext - "3ad77bb40d7a3660a89ecaf32466ef97f5d3d58503b9699de785895a96fdbaaf43b1cd7f598ece23881b00e3ed0306887b0c785e27e8ad3f8223207104725dd4", // ecb - "7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a7", // cbc - "3b3fd92eb72dad20333449f8e83cfb4ac8a64537a0b3a93fcde3cdad9f1ce58b26751f67a3cbb140b1808cf187a4f4dfc04b05357c5d1c0eeac4c66f9ff7f2e6", // cfb - "3b3fd92eb72dad20333449f8e83cfb4a7789508d16918f03f53c52dac54ed8259740051e9c5fecf64344f7a82260edcc304c6528f659c77866a510d9c1d6ae5e", // ofb - NULL); - - SymmetricEncryptionKnownAnswerTest<AES>( - "2b7e151628aed2a6abf7158809cf4f3c", - "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", - "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", - NULL, - NULL, - NULL, - NULL, - "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee"); // ctr - - - SecureHashKnownAnswerTest<SHA1>( - "abc", - "A9993E364706816ABA3E25717850C26C9CD0D89D"); - - SecureHashKnownAnswerTest<SHA224>( - "abc", - "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7"); - - SecureHashKnownAnswerTest<SHA256>( - "abc", - "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"); - - SecureHashKnownAnswerTest<SHA384>( - "abc", - "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7"); - - SecureHashKnownAnswerTest<SHA512>( - "abc", - "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f"); - - MAC_KnownAnswerTest<HMAC<SHA1> >( - "303132333435363738393a3b3c3d3e3f40414243", - "Sample #2", - "0922d3405faa3d194f82a45830737d5cc6c75d24"); - - const char *keyRSA1 = - "30820150020100300d06092a864886f70d01010105000482013a3082013602010002400a66791dc6988168de7ab77419bb7fb0" - "c001c62710270075142942e19a8d8c51d053b3e3782a1de5dc5af4ebe99468170114a1dfe67cdc9a9af55d655620bbab0203010001" - "02400123c5b61ba36edb1d3679904199a89ea80c09b9122e1400c09adcf7784676d01d23356a7d44d6bd8bd50e94bfc723fa" - "87d8862b75177691c11d757692df8881022033d48445c859e52340de704bcdda065fbb4058d740bd1d67d29e9c146c11cf61" - "0220335e8408866b0fd38dc7002d3f972c67389a65d5d8306566d5c4f2a5aa52628b0220045ec90071525325d3d46db79695e9af" - "acc4523964360e02b119baa366316241022015eb327360c7b60d12e5e2d16bdcd97981d17fba6b70db13b20b436e24eada590220" - "2ca6366d72781dfa24d34a9a24cbc2ae927a9958af426563ff63fb11658a461d"; - - const char *keyRSA2 = - "30820273020100300D06092A864886F70D01010105000482025D3082025902010002818100D40AF9" - "A2B713034249E5780056D70FC7DE75D76E44565AA6A6B8ED9646F3C19F9E254D72D7DE6E49DB2264" - "0C1D05AB9E2A5F901D8F3FE1F7AE02CEE2ECCE54A40ABAE55A004692752E70725AEEE7CDEA67628A" - "82A9239B4AB660C2BC56D9F01E90CBAAB9BF0FC8E17173CEFC5709A29391A7DDF3E0B758691AAF30" - "725B292F4F020111027F18C0BA087D082C45D75D3594E0767E4820818EB35612B80CEAB8C880ACA5" - "44B6876DFFEF85A576C0D45B551AFAA1FD63209CD745DF75C5A0F0B580296EA466CD0338207E4752" - "FF4E7DB724D8AE18CE5CF4153BB94C27869FBB50E64F02546E4B02997A0B8623E64017CC770759C6" - "695DB649EEFD829D688D441BCC4E7348F1024100EF86DD7AF3F32CDE8A9F6564E43A559A0C9F8BAD" - "36CC25330548B347AC158A345631FA90F7B873C36EFFAE2F7823227A3F580B5DD18304D5932751E7" - "43E9234F024100E2A039854B55688740E32A51DF4AF88613D91A371CF8DDD95D780A89D7CF2119A9" - "54F1AC0F3DCDB2F6959926E6D9D37D8BC07A4C634DE6F16315BD5F0DAC340102407ECEEDB9903572" - "1B76909F174BA6698DCA72953D957B22C0A871C8531EDE3A1BB52984A719BC010D1CA57A555DB83F" - "6DE54CBAB932AEC652F38D497A6F3F30CF024100854F30E4FF232E6DADB2CD99926855F484255AB7" - "01FBCDCB27EC426F33A7046972AA700ADBCA008763DF87440F52F4E070531AC385B55AAC1C2AE7DD" - "8F9278F1024100C313F4AF9E4A9DE1253C21080CE524251560C111550772FD08690F13FBE658342E" - "BD2D41C9DCB12374E871B1839E26CAE252E1AE3DAAD5F1EE1F42B4D0EE7581"; - - SignatureKnownAnswerTest<RSASS<PKCS1v15, SHA1> >( - keyRSA1, - "Everyone gets Friday off.", - "0610761F95FFD1B8F29DA34212947EC2AA0E358866A722F03CC3C41487ADC604A48FF54F5C6BEDB9FB7BD59F82D6E55D8F3174BA361B2214B2D74E8825E04E81"); - - SignatureKnownAnswerTest<RSASS_ISO<SHA1> >( - keyRSA2, - "test", - "32F6BA41C8930DE71EE67F2627172CC539EDE04267FDE03AC295E3C50311F26C3B275D3AF513AC96" - "8EE493BAB7DA3A754661D1A7C4A0D1A2B7EE8B313AACD8CB8BFBC5C15EFB0EF15C86A9334A1E87AD" - "291EB961B5CA0E84930429B28780816AA94F96FC2367B71E2D2E4866FA966795B147F00600E5207E" - "2F189C883B37477C"); - - SignaturePairwiseConsistencyTest<DSA>( - "3082014A0201003082012B06072A8648CE3804013082011E02818100F468699A6F6EBCC0120D3B34C8E007F125EC7D81F763B8D0F33869AE3BD6B9F2ECCC7DF34DF84C0307449E9B85D30D57194BCCEB310F48141914DD13A077AAF9B624A6CBE666BBA1D7EBEA95B5BA6F54417FD5D4E4220C601E071D316A24EA814E8B0122DBF47EE8AEEFD319EBB01DD95683F10DBB4FEB023F8262A07EAEB7FD02150082AD4E034DA6EEACDFDAE68C36F2BAD614F9E53B02818071AAF73361A26081529F7D84078ADAFCA48E031DB54AD57FB1A833ADBD8672328AABAA0C756247998D7A5B10DACA359D231332CE8120B483A784FE07D46EEBFF0D7D374A10691F78653E6DC29E27CCB1B174923960DFE5B959B919B2C3816C19251832AFD8E35D810E598F82877ABF7D40A041565168BD7F0E21E3FE2A8D8C1C0416021426EBA66E846E755169F84A1DA981D86502405DDF"); - - SignaturePairwiseConsistencyTest<ECDSA<EC2N, SHA1> >( - "302D020100301006072A8648CE3D020106052B8104000404163014020101040F0070337065E1E196980A9D00E37211"); - - SignaturePairwiseConsistencyTest<ECDSA<ECP, SHA1> >( - "3039020100301306072A8648CE3D020106082A8648CE3D030101041F301D02010104182BB8A13C8B867010BD9471D9E81FDB01ABD0538C64D6249A"); - - SignaturePairwiseConsistencyTest<RSASS<PSS, SHA1> >(keyRSA1); - } - catch (...) - { - g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED; - goto done; - } - - g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_PASSED; - -done: - SetPowerUpSelfTestInProgressOnThisThread(false); - return; -} - -#ifdef CRYPTOPP_WIN32_AVAILABLE - -void DoDllPowerUpSelfTest() -{ - CryptoPP::DoPowerUpSelfTest(NULL, s_moduleMac); -} - -#else - -void DoDllPowerUpSelfTest() -{ - throw NotImplemented("DoDllPowerUpSelfTest() only available on Windows"); -} - -#endif // #ifdef CRYPTOPP_WIN32_AVAILABLE - -NAMESPACE_END - -#ifdef CRYPTOPP_WIN32_AVAILABLE - -// DllMain needs to be in the global namespace -BOOL APIENTRY DllMain(HANDLE hModule, - DWORD ul_reason_for_call, - LPVOID lpReserved) -{ - if (ul_reason_for_call == DLL_PROCESS_ATTACH) - { - CryptoPP::s_hModule = (HMODULE)hModule; - CryptoPP::DoDllPowerUpSelfTest(); - } - return TRUE; -} - -#endif // #ifdef CRYPTOPP_WIN32_AVAILABLE - -#endif // #ifndef CRYPTOPP_IMPORTS diff --git a/cryptopp562/fltrimpl.h b/cryptopp562/fltrimpl.h deleted file mode 100644 index 4087d7d..0000000 --- a/cryptopp562/fltrimpl.h +++ /dev/null @@ -1,67 +0,0 @@ -#ifndef CRYPTOPP_FLTRIMPL_H -#define CRYPTOPP_FLTRIMPL_H - -#define FILTER_BEGIN \ - switch (m_continueAt) \ - { \ - case 0: \ - m_inputPosition = 0; - -#define FILTER_END_NO_MESSAGE_END_NO_RETURN \ - break; \ - default: \ - assert(false); \ - } - -#define FILTER_END_NO_MESSAGE_END \ - FILTER_END_NO_MESSAGE_END_NO_RETURN \ - return 0; - -/* -#define FILTER_END \ - case -1: \ - if (messageEnd && Output(-1, NULL, 0, messageEnd, blocking)) \ - return 1; \ - FILTER_END_NO_MESSAGE_END -*/ - -#define FILTER_OUTPUT3(site, statement, output, length, messageEnd, channel) \ - {\ - case site: \ - statement; \ - if (Output(site, output, length, messageEnd, blocking, channel)) \ - return STDMAX(size_t(1), length-m_inputPosition);\ - } - -#define FILTER_OUTPUT2(site, statement, output, length, messageEnd) \ - FILTER_OUTPUT3(site, statement, output, length, messageEnd, DEFAULT_CHANNEL) - -#define FILTER_OUTPUT(site, output, length, messageEnd) \ - FILTER_OUTPUT2(site, 0, output, length, messageEnd) - -#define FILTER_OUTPUT_BYTE(site, output) \ - FILTER_OUTPUT(site, &(const byte &)(byte)output, 1, 0) - -#define FILTER_OUTPUT2_MODIFIABLE(site, statement, output, length, messageEnd) \ - {\ - case site: \ - statement; \ - if (OutputModifiable(site, output, length, messageEnd, blocking)) \ - return STDMAX(size_t(1), length-m_inputPosition);\ - } - -#define FILTER_OUTPUT_MODIFIABLE(site, output, length, messageEnd) \ - FILTER_OUTPUT2_MODIFIABLE(site, 0, output, length, messageEnd) - -#define FILTER_OUTPUT2_MAYBE_MODIFIABLE(site, statement, output, length, messageEnd, modifiable) \ - {\ - case site: \ - statement; \ - if (modifiable ? OutputModifiable(site, output, length, messageEnd, blocking) : Output(site, output, length, messageEnd, blocking)) \ - return STDMAX(size_t(1), length-m_inputPosition);\ - } - -#define FILTER_OUTPUT_MAYBE_MODIFIABLE(site, output, length, messageEnd, modifiable) \ - FILTER_OUTPUT2_MAYBE_MODIFIABLE(site, 0, output, length, messageEnd, modifiable) - -#endif diff --git a/cryptopp562/gcm.cpp b/cryptopp562/gcm.cpp deleted file mode 100644 index 237325d..0000000 --- a/cryptopp562/gcm.cpp +++ /dev/null @@ -1,828 +0,0 @@ -// gcm.cpp - written and placed in the public domain by Wei Dai
-
-// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM gcm.cpp" to generate MASM code
-
-#include "pch.h"
-
-#ifndef CRYPTOPP_IMPORTS
-#ifndef CRYPTOPP_GENERATE_X64_MASM
-
-#include "gcm.h"
-#include "cpu.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-word16 GCM_Base::s_reductionTable[256];
-volatile bool GCM_Base::s_reductionTableInitialized = false;
-
-void GCM_Base::GCTR::IncrementCounterBy256()
-{
- IncrementCounterByOne(m_counterArray+BlockSize()-4, 3);
-}
-
-#if 0
-// preserved for testing
-void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
-{
- word64 Z0=0, Z1=0, V0, V1;
-
- typedef BlockGetAndPut<word64, BigEndian> Block;
- Block::Get(a)(V0)(V1);
-
- for (int i=0; i<16; i++)
- {
- for (int j=0x80; j!=0; j>>=1)
- {
- int x = b[i] & j;
- Z0 ^= x ? V0 : 0;
- Z1 ^= x ? V1 : 0;
- x = (int)V1 & 1;
- V1 = (V1>>1) | (V0<<63);
- V0 = (V0>>1) ^ (x ? W64LIT(0xe1) << 56 : 0);
- }
- }
- Block::Put(NULL, c)(Z0)(Z1);
-}
-
-__m128i _mm_clmulepi64_si128(const __m128i &a, const __m128i &b, int i)
-{
- word64 A[1] = {ByteReverse(((word64*)&a)[i&1])};
- word64 B[1] = {ByteReverse(((word64*)&b)[i>>4])};
-
- PolynomialMod2 pa((byte *)A, 8);
- PolynomialMod2 pb((byte *)B, 8);
- PolynomialMod2 c = pa*pb;
-
- __m128i output;
- for (int i=0; i<16; i++)
- ((byte *)&output)[i] = c.GetByte(i);
- return output;
-}
-#endif
-
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
-inline static void SSE2_Xor16(byte *a, const byte *b, const byte *c)
-{
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
- *(__m128i *)a = _mm_xor_si128(*(__m128i *)b, *(__m128i *)c);
-#else
- asm ("movdqa %1, %%xmm0; pxor %2, %%xmm0; movdqa %%xmm0, %0;" : "=m" (a[0]) : "m"(b[0]), "m"(c[0]));
-#endif
-}
-#endif
-
-inline static void Xor16(byte *a, const byte *b, const byte *c)
-{
- ((word64 *)a)[0] = ((word64 *)b)[0] ^ ((word64 *)c)[0];
- ((word64 *)a)[1] = ((word64 *)b)[1] ^ ((word64 *)c)[1];
-}
-
-#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
-static CRYPTOPP_ALIGN_DATA(16) const word64 s_clmulConstants64[] = {
- W64LIT(0xe100000000000000), W64LIT(0xc200000000000000),
- W64LIT(0x08090a0b0c0d0e0f), W64LIT(0x0001020304050607),
- W64LIT(0x0001020304050607), W64LIT(0x08090a0b0c0d0e0f)};
-static const __m128i *s_clmulConstants = (const __m128i *)s_clmulConstants64;
-static const unsigned int s_clmulTableSizeInBlocks = 8;
-
-inline __m128i CLMUL_Reduce(__m128i c0, __m128i c1, __m128i c2, const __m128i &r)
-{
- /*
- The polynomial to be reduced is c0 * x^128 + c1 * x^64 + c2. c0t below refers to the most
- significant half of c0 as a polynomial, which, due to GCM's bit reflection, are in the
- rightmost bit positions, and the lowest byte addresses.
-
- c1 ^= c0t * 0xc200000000000000
- c2t ^= c0t
- t = shift (c1t ^ c0b) left 1 bit
- c2 ^= t * 0xe100000000000000
- c2t ^= c1b
- shift c2 left 1 bit and xor in lowest bit of c1t
- */
-#if 0 // MSVC 2010 workaround: see http://connect.microsoft.com/VisualStudio/feedback/details/575301
- c2 = _mm_xor_si128(c2, _mm_move_epi64(c0));
-#else
- c1 = _mm_xor_si128(c1, _mm_slli_si128(c0, 8));
-#endif
- c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(c0, r, 0x10));
- c0 = _mm_srli_si128(c0, 8);
- c0 = _mm_xor_si128(c0, c1);
- c0 = _mm_slli_epi64(c0, 1);
- c0 = _mm_clmulepi64_si128(c0, r, 0);
- c2 = _mm_xor_si128(c2, c0);
- c2 = _mm_xor_si128(c2, _mm_srli_si128(c1, 8));
- c1 = _mm_unpacklo_epi64(c1, c2);
- c1 = _mm_srli_epi64(c1, 63);
- c2 = _mm_slli_epi64(c2, 1);
- return _mm_xor_si128(c2, c1);
-}
-
-inline __m128i CLMUL_GF_Mul(const __m128i &x, const __m128i &h, const __m128i &r)
-{
- __m128i c0 = _mm_clmulepi64_si128(x,h,0);
- __m128i c1 = _mm_xor_si128(_mm_clmulepi64_si128(x,h,1), _mm_clmulepi64_si128(x,h,0x10));
- __m128i c2 = _mm_clmulepi64_si128(x,h,0x11);
-
- return CLMUL_Reduce(c0, c1, c2, r);
-}
-#endif
-
-void GCM_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms)
-{
- BlockCipher &blockCipher = AccessBlockCipher();
- blockCipher.SetKey(userKey, keylength, params);
-
- if (blockCipher.BlockSize() != REQUIRED_BLOCKSIZE)
- throw InvalidArgument(AlgorithmName() + ": block size of underlying block cipher is not 16");
-
- int tableSize, i, j, k;
-
-#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
- if (HasCLMUL())
- {
- params.GetIntValue(Name::TableSize(), tableSize); // avoid "parameter not used" error
- tableSize = s_clmulTableSizeInBlocks * REQUIRED_BLOCKSIZE;
- }
- else
-#endif
- {
- if (params.GetIntValue(Name::TableSize(), tableSize))
- tableSize = (tableSize >= 64*1024) ? 64*1024 : 2*1024;
- else
- tableSize = (GetTablesOption() == GCM_64K_Tables) ? 64*1024 : 2*1024;
-
-#if defined(_MSC_VER) && (_MSC_VER >= 1300 && _MSC_VER < 1400)
- // VC 2003 workaround: compiler generates bad code for 64K tables
- tableSize = 2*1024;
-#endif
- }
-
- m_buffer.resize(3*REQUIRED_BLOCKSIZE + tableSize);
- byte *table = MulTable();
- byte *hashKey = HashKey();
- memset(hashKey, 0, REQUIRED_BLOCKSIZE);
- blockCipher.ProcessBlock(hashKey);
-
-#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
- if (HasCLMUL())
- {
- const __m128i r = s_clmulConstants[0];
- __m128i h0 = _mm_shuffle_epi8(_mm_load_si128((__m128i *)hashKey), s_clmulConstants[1]);
- __m128i h = h0;
-
- for (i=0; i<tableSize; i+=32)
- {
- __m128i h1 = CLMUL_GF_Mul(h, h0, r);
- _mm_storel_epi64((__m128i *)(table+i), h);
- _mm_storeu_si128((__m128i *)(table+i+16), h1);
- _mm_storeu_si128((__m128i *)(table+i+8), h);
- _mm_storel_epi64((__m128i *)(table+i+8), h1);
- h = CLMUL_GF_Mul(h1, h0, r);
- }
-
- return;
- }
-#endif
-
- word64 V0, V1;
- typedef BlockGetAndPut<word64, BigEndian> Block;
- Block::Get(hashKey)(V0)(V1);
-
- if (tableSize == 64*1024)
- {
- for (i=0; i<128; i++)
- {
- k = i%8;
- Block::Put(NULL, table+(i/8)*256*16+(size_t(1)<<(11-k)))(V0)(V1);
-
- int x = (int)V1 & 1;
- V1 = (V1>>1) | (V0<<63);
- V0 = (V0>>1) ^ (x ? W64LIT(0xe1) << 56 : 0);
- }
-
- for (i=0; i<16; i++)
- {
- memset(table+i*256*16, 0, 16);
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
- if (HasSSE2())
- for (j=2; j<=0x80; j*=2)
- for (k=1; k<j; k++)
- SSE2_Xor16(table+i*256*16+(j+k)*16, table+i*256*16+j*16, table+i*256*16+k*16);
- else
-#endif
- for (j=2; j<=0x80; j*=2)
- for (k=1; k<j; k++)
- Xor16(table+i*256*16+(j+k)*16, table+i*256*16+j*16, table+i*256*16+k*16);
- }
- }
- else
- {
- if (!s_reductionTableInitialized)
- {
- s_reductionTable[0] = 0;
- word16 x = 0x01c2;
- s_reductionTable[1] = ByteReverse(x);
- for (int i=2; i<=0x80; i*=2)
- {
- x <<= 1;
- s_reductionTable[i] = ByteReverse(x);
- for (int j=1; j<i; j++)
- s_reductionTable[i+j] = s_reductionTable[i] ^ s_reductionTable[j];
- }
- s_reductionTableInitialized = true;
- }
-
- for (i=0; i<128-24; i++)
- {
- k = i%32;
- if (k < 4)
- Block::Put(NULL, table+1024+(i/32)*256+(size_t(1)<<(7-k)))(V0)(V1);
- else if (k < 8)
- Block::Put(NULL, table+(i/32)*256+(size_t(1)<<(11-k)))(V0)(V1);
-
- int x = (int)V1 & 1;
- V1 = (V1>>1) | (V0<<63);
- V0 = (V0>>1) ^ (x ? W64LIT(0xe1) << 56 : 0);
- }
-
- for (i=0; i<4; i++)
- {
- memset(table+i*256, 0, 16);
- memset(table+1024+i*256, 0, 16);
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
- if (HasSSE2())
- for (j=2; j<=8; j*=2)
- for (k=1; k<j; k++)
- {
- SSE2_Xor16(table+i*256+(j+k)*16, table+i*256+j*16, table+i*256+k*16);
- SSE2_Xor16(table+1024+i*256+(j+k)*16, table+1024+i*256+j*16, table+1024+i*256+k*16);
- }
- else
-#endif
- for (j=2; j<=8; j*=2)
- for (k=1; k<j; k++)
- {
- Xor16(table+i*256+(j+k)*16, table+i*256+j*16, table+i*256+k*16);
- Xor16(table+1024+i*256+(j+k)*16, table+1024+i*256+j*16, table+1024+i*256+k*16);
- }
- }
- }
-}
-
-inline void GCM_Base::ReverseHashBufferIfNeeded()
-{
-#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
- if (HasCLMUL())
- {
- __m128i &x = *(__m128i *)HashBuffer();
- x = _mm_shuffle_epi8(x, s_clmulConstants[1]);
- }
-#endif
-}
-
-void GCM_Base::Resync(const byte *iv, size_t len)
-{
- BlockCipher &cipher = AccessBlockCipher();
- byte *hashBuffer = HashBuffer();
-
- if (len == 12)
- {
- memcpy(hashBuffer, iv, len);
- memset(hashBuffer+len, 0, 3);
- hashBuffer[len+3] = 1;
- }
- else
- {
- size_t origLen = len;
- memset(hashBuffer, 0, HASH_BLOCKSIZE);
-
- if (len >= HASH_BLOCKSIZE)
- {
- len = GCM_Base::AuthenticateBlocks(iv, len);
- iv += (origLen - len);
- }
-
- if (len > 0)
- {
- memcpy(m_buffer, iv, len);
- memset(m_buffer+len, 0, HASH_BLOCKSIZE-len);
- GCM_Base::AuthenticateBlocks(m_buffer, HASH_BLOCKSIZE);
- }
-
- PutBlock<word64, BigEndian, true>(NULL, m_buffer)(0)(origLen*8);
- GCM_Base::AuthenticateBlocks(m_buffer, HASH_BLOCKSIZE);
-
- ReverseHashBufferIfNeeded();
- }
-
- if (m_state >= State_IVSet)
- m_ctr.Resynchronize(hashBuffer, REQUIRED_BLOCKSIZE);
- else
- m_ctr.SetCipherWithIV(cipher, hashBuffer);
-
- m_ctr.Seek(HASH_BLOCKSIZE);
-
- memset(hashBuffer, 0, HASH_BLOCKSIZE);
-}
-
-unsigned int GCM_Base::OptimalDataAlignment() const
-{
- return
-#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)
- HasSSE2() ? 16 :
-#endif
- GetBlockCipher().OptimalDataAlignment();
-}
-
-#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code
-
-#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM
-
-#ifdef CRYPTOPP_X64_MASM_AVAILABLE
-extern "C" {
-void GCM_AuthenticateBlocks_2K(const byte *data, size_t blocks, word64 *hashBuffer, const word16 *reductionTable);
-void GCM_AuthenticateBlocks_64K(const byte *data, size_t blocks, word64 *hashBuffer);
-}
-#endif
-
-#ifndef CRYPTOPP_GENERATE_X64_MASM
-
-size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len)
-{
-#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
- if (HasCLMUL())
- {
- const __m128i *table = (const __m128i *)MulTable();
- __m128i x = _mm_load_si128((__m128i *)HashBuffer());
- const __m128i r = s_clmulConstants[0], bswapMask = s_clmulConstants[1], bswapMask2 = s_clmulConstants[2];
-
- while (len >= 16)
- {
- size_t s = UnsignedMin(len/16, s_clmulTableSizeInBlocks), i=0;
- __m128i d, d2 = _mm_shuffle_epi8(_mm_loadu_si128((const __m128i *)(data+(s-1)*16)), bswapMask2);;
- __m128i c0 = _mm_setzero_si128();
- __m128i c1 = _mm_setzero_si128();
- __m128i c2 = _mm_setzero_si128();
-
- while (true)
- {
- __m128i h0 = _mm_load_si128(table+i);
- __m128i h1 = _mm_load_si128(table+i+1);
- __m128i h01 = _mm_xor_si128(h0, h1);
-
- if (++i == s)
- {
- d = _mm_shuffle_epi8(_mm_loadu_si128((const __m128i *)data), bswapMask);
- d = _mm_xor_si128(d, x);
- c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d, h0, 0));
- c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d, h1, 1));
- d = _mm_xor_si128(d, _mm_shuffle_epi32(d, _MM_SHUFFLE(1, 0, 3, 2)));
- c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d, h01, 0));
- break;
- }
-
- d = _mm_shuffle_epi8(_mm_loadu_si128((const __m128i *)(data+(s-i)*16-8)), bswapMask2);
- c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d2, h0, 1));
- c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d, h1, 1));
- d2 = _mm_xor_si128(d2, d);
- c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d2, h01, 1));
-
- if (++i == s)
- {
- d = _mm_shuffle_epi8(_mm_loadu_si128((const __m128i *)data), bswapMask);
- d = _mm_xor_si128(d, x);
- c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d, h0, 0x10));
- c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d, h1, 0x11));
- d = _mm_xor_si128(d, _mm_shuffle_epi32(d, _MM_SHUFFLE(1, 0, 3, 2)));
- c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d, h01, 0x10));
- break;
- }
-
- d2 = _mm_shuffle_epi8(_mm_loadu_si128((const __m128i *)(data+(s-i)*16-8)), bswapMask);
- c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d, h0, 0x10));
- c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d2, h1, 0x10));
- d = _mm_xor_si128(d, d2);
- c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d, h01, 0x10));
- }
- data += s*16;
- len -= s*16;
-
- c1 = _mm_xor_si128(_mm_xor_si128(c1, c0), c2);
- x = CLMUL_Reduce(c0, c1, c2, r);
- }
-
- _mm_store_si128((__m128i *)HashBuffer(), x);
- return len;
- }
-#endif
-
- typedef BlockGetAndPut<word64, NativeByteOrder> Block;
- word64 *hashBuffer = (word64 *)HashBuffer();
-
- switch (2*(m_buffer.size()>=64*1024)
-#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)
- + HasSSE2()
-#endif
- )
- {
- case 0: // non-SSE2 and 2K tables
- {
- byte *table = MulTable();
- word64 x0 = hashBuffer[0], x1 = hashBuffer[1];
-
- do
- {
- word64 y0, y1, a0, a1, b0, b1, c0, c1, d0, d1;
- Block::Get(data)(y0)(y1);
- x0 ^= y0;
- x1 ^= y1;
-
- data += HASH_BLOCKSIZE;
- len -= HASH_BLOCKSIZE;
-
- #define READ_TABLE_WORD64_COMMON(a, b, c, d) *(word64 *)(table+(a*1024)+(b*256)+c+d*8)
-
- #ifdef IS_LITTLE_ENDIAN
- #if CRYPTOPP_BOOL_SLOW_WORD64
- word32 z0 = (word32)x0;
- word32 z1 = (word32)(x0>>32);
- word32 z2 = (word32)x1;
- word32 z3 = (word32)(x1>>32);
- #define READ_TABLE_WORD64(a, b, c, d, e) READ_TABLE_WORD64_COMMON((d%2), c, (d?(z##c>>((d?d-1:0)*4))&0xf0:(z##c&0xf)<<4), e)
- #else
- #define READ_TABLE_WORD64(a, b, c, d, e) READ_TABLE_WORD64_COMMON((d%2), c, ((d+8*b)?(x##a>>(((d+8*b)?(d+8*b)-1:1)*4))&0xf0:(x##a&0xf)<<4), e)
- #endif
- #define GF_MOST_SIG_8BITS(a) (a##1 >> 7*8)
- #define GF_SHIFT_8(a) a##1 = (a##1 << 8) ^ (a##0 >> 7*8); a##0 <<= 8;
- #else
- #define READ_TABLE_WORD64(a, b, c, d, e) READ_TABLE_WORD64_COMMON((1-d%2), c, ((15-d-8*b)?(x##a>>(((15-d-8*b)?(15-d-8*b)-1:0)*4))&0xf0:(x##a&0xf)<<4), e)
- #define GF_MOST_SIG_8BITS(a) (a##1 & 0xff)
- #define GF_SHIFT_8(a) a##1 = (a##1 >> 8) ^ (a##0 << 7*8); a##0 >>= 8;
- #endif
-
- #define GF_MUL_32BY128(op, a, b, c) \
- a0 op READ_TABLE_WORD64(a, b, c, 0, 0) ^ READ_TABLE_WORD64(a, b, c, 1, 0);\
- a1 op READ_TABLE_WORD64(a, b, c, 0, 1) ^ READ_TABLE_WORD64(a, b, c, 1, 1);\
- b0 op READ_TABLE_WORD64(a, b, c, 2, 0) ^ READ_TABLE_WORD64(a, b, c, 3, 0);\
- b1 op READ_TABLE_WORD64(a, b, c, 2, 1) ^ READ_TABLE_WORD64(a, b, c, 3, 1);\
- c0 op READ_TABLE_WORD64(a, b, c, 4, 0) ^ READ_TABLE_WORD64(a, b, c, 5, 0);\
- c1 op READ_TABLE_WORD64(a, b, c, 4, 1) ^ READ_TABLE_WORD64(a, b, c, 5, 1);\
- d0 op READ_TABLE_WORD64(a, b, c, 6, 0) ^ READ_TABLE_WORD64(a, b, c, 7, 0);\
- d1 op READ_TABLE_WORD64(a, b, c, 6, 1) ^ READ_TABLE_WORD64(a, b, c, 7, 1);\
-
- GF_MUL_32BY128(=, 0, 0, 0)
- GF_MUL_32BY128(^=, 0, 1, 1)
- GF_MUL_32BY128(^=, 1, 0, 2)
- GF_MUL_32BY128(^=, 1, 1, 3)
-
- word32 r = (word32)s_reductionTable[GF_MOST_SIG_8BITS(d)] << 16;
- GF_SHIFT_8(d)
- c0 ^= d0; c1 ^= d1;
- r ^= (word32)s_reductionTable[GF_MOST_SIG_8BITS(c)] << 8;
- GF_SHIFT_8(c)
- b0 ^= c0; b1 ^= c1;
- r ^= s_reductionTable[GF_MOST_SIG_8BITS(b)];
- GF_SHIFT_8(b)
- a0 ^= b0; a1 ^= b1;
- a0 ^= ConditionalByteReverse<word64>(LITTLE_ENDIAN_ORDER, r);
- x0 = a0; x1 = a1;
- }
- while (len >= HASH_BLOCKSIZE);
-
- hashBuffer[0] = x0; hashBuffer[1] = x1;
- return len;
- }
-
- case 2: // non-SSE2 and 64K tables
- {
- byte *table = MulTable();
- word64 x0 = hashBuffer[0], x1 = hashBuffer[1];
-
- do
- {
- word64 y0, y1, a0, a1;
- Block::Get(data)(y0)(y1);
- x0 ^= y0;
- x1 ^= y1;
-
- data += HASH_BLOCKSIZE;
- len -= HASH_BLOCKSIZE;
-
- #undef READ_TABLE_WORD64_COMMON
- #undef READ_TABLE_WORD64
-
- #define READ_TABLE_WORD64_COMMON(a, c, d) *(word64 *)(table+(a)*256*16+(c)+(d)*8)
-
- #ifdef IS_LITTLE_ENDIAN
- #if CRYPTOPP_BOOL_SLOW_WORD64
- word32 z0 = (word32)x0;
- word32 z1 = (word32)(x0>>32);
- word32 z2 = (word32)x1;
- word32 z3 = (word32)(x1>>32);
- #define READ_TABLE_WORD64(b, c, d, e) READ_TABLE_WORD64_COMMON(c*4+d, (d?(z##c>>((d?d:1)*8-4))&0xff0:(z##c&0xff)<<4), e)
- #else
- #define READ_TABLE_WORD64(b, c, d, e) READ_TABLE_WORD64_COMMON(c*4+d, ((d+4*(c%2))?(x##b>>(((d+4*(c%2))?(d+4*(c%2)):1)*8-4))&0xff0:(x##b&0xff)<<4), e)
- #endif
- #else
- #define READ_TABLE_WORD64(b, c, d, e) READ_TABLE_WORD64_COMMON(c*4+d, ((7-d-4*(c%2))?(x##b>>(((7-d-4*(c%2))?(7-d-4*(c%2)):1)*8-4))&0xff0:(x##b&0xff)<<4), e)
- #endif
-
- #define GF_MUL_8BY128(op, b, c, d) \
- a0 op READ_TABLE_WORD64(b, c, d, 0);\
- a1 op READ_TABLE_WORD64(b, c, d, 1);\
-
- GF_MUL_8BY128(=, 0, 0, 0)
- GF_MUL_8BY128(^=, 0, 0, 1)
- GF_MUL_8BY128(^=, 0, 0, 2)
- GF_MUL_8BY128(^=, 0, 0, 3)
- GF_MUL_8BY128(^=, 0, 1, 0)
- GF_MUL_8BY128(^=, 0, 1, 1)
- GF_MUL_8BY128(^=, 0, 1, 2)
- GF_MUL_8BY128(^=, 0, 1, 3)
- GF_MUL_8BY128(^=, 1, 2, 0)
- GF_MUL_8BY128(^=, 1, 2, 1)
- GF_MUL_8BY128(^=, 1, 2, 2)
- GF_MUL_8BY128(^=, 1, 2, 3)
- GF_MUL_8BY128(^=, 1, 3, 0)
- GF_MUL_8BY128(^=, 1, 3, 1)
- GF_MUL_8BY128(^=, 1, 3, 2)
- GF_MUL_8BY128(^=, 1, 3, 3)
-
- x0 = a0; x1 = a1;
- }
- while (len >= HASH_BLOCKSIZE);
-
- hashBuffer[0] = x0; hashBuffer[1] = x1;
- return len;
- }
-#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM
-
-#ifdef CRYPTOPP_X64_MASM_AVAILABLE
- case 1: // SSE2 and 2K tables
- GCM_AuthenticateBlocks_2K(data, len/16, hashBuffer, s_reductionTable);
- return len % 16;
- case 3: // SSE2 and 64K tables
- GCM_AuthenticateBlocks_64K(data, len/16, hashBuffer);
- return len % 16;
-#endif
-
-#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
- case 1: // SSE2 and 2K tables
- {
- #ifdef __GNUC__
- __asm__ __volatile__
- (
- ".intel_syntax noprefix;"
- #elif defined(CRYPTOPP_GENERATE_X64_MASM)
- ALIGN 8
- GCM_AuthenticateBlocks_2K PROC FRAME
- rex_push_reg rsi
- push_reg rdi
- push_reg rbx
- .endprolog
- mov rsi, r8
- mov r11, r9
- #else
- AS2( mov WORD_REG(cx), data )
- AS2( mov WORD_REG(dx), len )
- AS2( mov WORD_REG(si), hashBuffer )
- AS2( shr WORD_REG(dx), 4 )
- #endif
-
- AS_PUSH_IF86( bx)
- AS_PUSH_IF86( bp)
-
- #ifdef __GNUC__
- AS2( mov AS_REG_7, WORD_REG(di))
- #elif CRYPTOPP_BOOL_X86
- AS2( lea AS_REG_7, s_reductionTable)
- #endif
-
- AS2( movdqa xmm0, [WORD_REG(si)] )
-
- #define MUL_TABLE_0 WORD_REG(si) + 32
- #define MUL_TABLE_1 WORD_REG(si) + 32 + 1024
- #define RED_TABLE AS_REG_7
-
- ASL(0)
- AS2( movdqu xmm4, [WORD_REG(cx)] )
- AS2( pxor xmm0, xmm4 )
-
- AS2( movd ebx, xmm0 )
- AS2( mov eax, AS_HEX(f0f0f0f0) )
- AS2( and eax, ebx )
- AS2( shl ebx, 4 )
- AS2( and ebx, AS_HEX(f0f0f0f0) )
- AS2( movzx edi, ah )
- AS2( movdqa xmm5, XMMWORD_PTR [MUL_TABLE_1 + WORD_REG(di)] )
- AS2( movzx edi, al )
- AS2( movdqa xmm4, XMMWORD_PTR [MUL_TABLE_1 + WORD_REG(di)] )
- AS2( shr eax, 16 )
- AS2( movzx edi, ah )
- AS2( movdqa xmm3, XMMWORD_PTR [MUL_TABLE_1 + WORD_REG(di)] )
- AS2( movzx edi, al )
- AS2( movdqa xmm2, XMMWORD_PTR [MUL_TABLE_1 + WORD_REG(di)] )
-
- #define SSE2_MUL_32BITS(i) \
- AS2( psrldq xmm0, 4 )\
- AS2( movd eax, xmm0 )\
- AS2( and eax, AS_HEX(f0f0f0f0) )\
- AS2( movzx edi, bh )\
- AS2( pxor xmm5, XMMWORD_PTR [MUL_TABLE_0 + (i-1)*256 + WORD_REG(di)] )\
- AS2( movzx edi, bl )\
- AS2( pxor xmm4, XMMWORD_PTR [MUL_TABLE_0 + (i-1)*256 + WORD_REG(di)] )\
- AS2( shr ebx, 16 )\
- AS2( movzx edi, bh )\
- AS2( pxor xmm3, XMMWORD_PTR [MUL_TABLE_0 + (i-1)*256 + WORD_REG(di)] )\
- AS2( movzx edi, bl )\
- AS2( pxor xmm2, XMMWORD_PTR [MUL_TABLE_0 + (i-1)*256 + WORD_REG(di)] )\
- AS2( movd ebx, xmm0 )\
- AS2( shl ebx, 4 )\
- AS2( and ebx, AS_HEX(f0f0f0f0) )\
- AS2( movzx edi, ah )\
- AS2( pxor xmm5, XMMWORD_PTR [MUL_TABLE_1 + i*256 + WORD_REG(di)] )\
- AS2( movzx edi, al )\
- AS2( pxor xmm4, XMMWORD_PTR [MUL_TABLE_1 + i*256 + WORD_REG(di)] )\
- AS2( shr eax, 16 )\
- AS2( movzx edi, ah )\
- AS2( pxor xmm3, XMMWORD_PTR [MUL_TABLE_1 + i*256 + WORD_REG(di)] )\
- AS2( movzx edi, al )\
- AS2( pxor xmm2, XMMWORD_PTR [MUL_TABLE_1 + i*256 + WORD_REG(di)] )\
-
- SSE2_MUL_32BITS(1)
- SSE2_MUL_32BITS(2)
- SSE2_MUL_32BITS(3)
-
- AS2( movzx edi, bh )
- AS2( pxor xmm5, XMMWORD_PTR [MUL_TABLE_0 + 3*256 + WORD_REG(di)] )
- AS2( movzx edi, bl )
- AS2( pxor xmm4, XMMWORD_PTR [MUL_TABLE_0 + 3*256 + WORD_REG(di)] )
- AS2( shr ebx, 16 )
- AS2( movzx edi, bh )
- AS2( pxor xmm3, XMMWORD_PTR [MUL_TABLE_0 + 3*256 + WORD_REG(di)] )
- AS2( movzx edi, bl )
- AS2( pxor xmm2, XMMWORD_PTR [MUL_TABLE_0 + 3*256 + WORD_REG(di)] )
-
- AS2( movdqa xmm0, xmm3 )
- AS2( pslldq xmm3, 1 )
- AS2( pxor xmm2, xmm3 )
- AS2( movdqa xmm1, xmm2 )
- AS2( pslldq xmm2, 1 )
- AS2( pxor xmm5, xmm2 )
-
- AS2( psrldq xmm0, 15 )
- AS2( movd WORD_REG(di), xmm0 )
- AS2( movzx eax, WORD PTR [RED_TABLE + WORD_REG(di)*2] )
- AS2( shl eax, 8 )
-
- AS2( movdqa xmm0, xmm5 )
- AS2( pslldq xmm5, 1 )
- AS2( pxor xmm4, xmm5 )
-
- AS2( psrldq xmm1, 15 )
- AS2( movd WORD_REG(di), xmm1 )
- AS2( xor ax, WORD PTR [RED_TABLE + WORD_REG(di)*2] )
- AS2( shl eax, 8 )
-
- AS2( psrldq xmm0, 15 )
- AS2( movd WORD_REG(di), xmm0 )
- AS2( xor ax, WORD PTR [RED_TABLE + WORD_REG(di)*2] )
-
- AS2( movd xmm0, eax )
- AS2( pxor xmm0, xmm4 )
-
- AS2( add WORD_REG(cx), 16 )
- AS2( sub WORD_REG(dx), 1 )
- ASJ( jnz, 0, b )
- AS2( movdqa [WORD_REG(si)], xmm0 )
-
- AS_POP_IF86( bp)
- AS_POP_IF86( bx)
-
- #ifdef __GNUC__
- ".att_syntax prefix;"
- :
- : "c" (data), "d" (len/16), "S" (hashBuffer), "D" (s_reductionTable)
- : "memory", "cc", "%eax"
- #if CRYPTOPP_BOOL_X64
- , "%ebx", "%r11"
- #endif
- );
- #elif defined(CRYPTOPP_GENERATE_X64_MASM)
- pop rbx
- pop rdi
- pop rsi
- ret
- GCM_AuthenticateBlocks_2K ENDP
- #endif
-
- return len%16;
- }
- case 3: // SSE2 and 64K tables
- {
- #ifdef __GNUC__
- __asm__ __volatile__
- (
- ".intel_syntax noprefix;"
- #elif defined(CRYPTOPP_GENERATE_X64_MASM)
- ALIGN 8
- GCM_AuthenticateBlocks_64K PROC FRAME
- rex_push_reg rsi
- push_reg rdi
- .endprolog
- mov rsi, r8
- #else
- AS2( mov WORD_REG(cx), data )
- AS2( mov WORD_REG(dx), len )
- AS2( mov WORD_REG(si), hashBuffer )
- AS2( shr WORD_REG(dx), 4 )
- #endif
-
- AS2( movdqa xmm0, [WORD_REG(si)] )
-
- #undef MUL_TABLE
- #define MUL_TABLE(i,j) WORD_REG(si) + 32 + (i*4+j)*256*16
-
- ASL(1)
- AS2( movdqu xmm1, [WORD_REG(cx)] )
- AS2( pxor xmm1, xmm0 )
- AS2( pxor xmm0, xmm0 )
-
- #undef SSE2_MUL_32BITS
- #define SSE2_MUL_32BITS(i) \
- AS2( movd eax, xmm1 )\
- AS2( psrldq xmm1, 4 )\
- AS2( movzx edi, al )\
- AS2( add WORD_REG(di), WORD_REG(di) )\
- AS2( pxor xmm0, [MUL_TABLE(i,0) + WORD_REG(di)*8] )\
- AS2( movzx edi, ah )\
- AS2( add WORD_REG(di), WORD_REG(di) )\
- AS2( pxor xmm0, [MUL_TABLE(i,1) + WORD_REG(di)*8] )\
- AS2( shr eax, 16 )\
- AS2( movzx edi, al )\
- AS2( add WORD_REG(di), WORD_REG(di) )\
- AS2( pxor xmm0, [MUL_TABLE(i,2) + WORD_REG(di)*8] )\
- AS2( movzx edi, ah )\
- AS2( add WORD_REG(di), WORD_REG(di) )\
- AS2( pxor xmm0, [MUL_TABLE(i,3) + WORD_REG(di)*8] )\
-
- SSE2_MUL_32BITS(0)
- SSE2_MUL_32BITS(1)
- SSE2_MUL_32BITS(2)
- SSE2_MUL_32BITS(3)
-
- AS2( add WORD_REG(cx), 16 )
- AS2( sub WORD_REG(dx), 1 )
- ASJ( jnz, 1, b )
- AS2( movdqa [WORD_REG(si)], xmm0 )
-
- #ifdef __GNUC__
- ".att_syntax prefix;"
- :
- : "c" (data), "d" (len/16), "S" (hashBuffer)
- : "memory", "cc", "%edi", "%eax"
- );
- #elif defined(CRYPTOPP_GENERATE_X64_MASM)
- pop rdi
- pop rsi
- ret
- GCM_AuthenticateBlocks_64K ENDP
- #endif
-
- return len%16;
- }
-#endif
-#ifndef CRYPTOPP_GENERATE_X64_MASM
- }
-
- return len%16;
-}
-
-void GCM_Base::AuthenticateLastHeaderBlock()
-{
- if (m_bufferedDataLength > 0)
- {
- memset(m_buffer+m_bufferedDataLength, 0, HASH_BLOCKSIZE-m_bufferedDataLength);
- m_bufferedDataLength = 0;
- GCM_Base::AuthenticateBlocks(m_buffer, HASH_BLOCKSIZE);
- }
-}
-
-void GCM_Base::AuthenticateLastConfidentialBlock()
-{
- GCM_Base::AuthenticateLastHeaderBlock();
- PutBlock<word64, BigEndian, true>(NULL, m_buffer)(m_totalHeaderLength*8)(m_totalMessageLength*8);
- GCM_Base::AuthenticateBlocks(m_buffer, HASH_BLOCKSIZE);
-}
-
-void GCM_Base::AuthenticateLastFooterBlock(byte *mac, size_t macSize)
-{
- m_ctr.Seek(0);
- ReverseHashBufferIfNeeded();
- m_ctr.ProcessData(mac, HashBuffer(), macSize);
-}
-
-NAMESPACE_END
-
-#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM
-#endif
diff --git a/cryptopp562/gcm.h b/cryptopp562/gcm.h deleted file mode 100644 index 0b32524..0000000 --- a/cryptopp562/gcm.h +++ /dev/null @@ -1,106 +0,0 @@ -#ifndef CRYPTOPP_GCM_H
-#define CRYPTOPP_GCM_H
-
-#include "authenc.h"
-#include "modes.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-//! .
-enum GCM_TablesOption {GCM_2K_Tables, GCM_64K_Tables};
-
-//! .
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GCM_Base : public AuthenticatedSymmetricCipherBase
-{
-public:
- // AuthenticatedSymmetricCipher
- std::string AlgorithmName() const
- {return GetBlockCipher().AlgorithmName() + std::string("/GCM");}
- size_t MinKeyLength() const
- {return GetBlockCipher().MinKeyLength();}
- size_t MaxKeyLength() const
- {return GetBlockCipher().MaxKeyLength();}
- size_t DefaultKeyLength() const
- {return GetBlockCipher().DefaultKeyLength();}
- size_t GetValidKeyLength(size_t n) const
- {return GetBlockCipher().GetValidKeyLength(n);}
- bool IsValidKeyLength(size_t n) const
- {return GetBlockCipher().IsValidKeyLength(n);}
- unsigned int OptimalDataAlignment() const;
- IV_Requirement IVRequirement() const
- {return UNIQUE_IV;}
- unsigned int IVSize() const
- {return 12;}
- unsigned int MinIVLength() const
- {return 1;}
- unsigned int MaxIVLength() const
- {return UINT_MAX;} // (W64LIT(1)<<61)-1 in the standard
- unsigned int DigestSize() const
- {return 16;}
- lword MaxHeaderLength() const
- {return (W64LIT(1)<<61)-1;}
- lword MaxMessageLength() const
- {return ((W64LIT(1)<<39)-256)/8;}
-
-protected:
- // AuthenticatedSymmetricCipherBase
- bool AuthenticationIsOnPlaintext() const
- {return false;}
- unsigned int AuthenticationBlockSize() const
- {return HASH_BLOCKSIZE;}
- void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms);
- void Resync(const byte *iv, size_t len);
- size_t AuthenticateBlocks(const byte *data, size_t len);
- void AuthenticateLastHeaderBlock();
- void AuthenticateLastConfidentialBlock();
- void AuthenticateLastFooterBlock(byte *mac, size_t macSize);
- SymmetricCipher & AccessSymmetricCipher() {return m_ctr;}
-
- virtual BlockCipher & AccessBlockCipher() =0;
- virtual GCM_TablesOption GetTablesOption() const =0;
-
- const BlockCipher & GetBlockCipher() const {return const_cast<GCM_Base *>(this)->AccessBlockCipher();};
- byte *HashBuffer() {return m_buffer+REQUIRED_BLOCKSIZE;}
- byte *HashKey() {return m_buffer+2*REQUIRED_BLOCKSIZE;}
- byte *MulTable() {return m_buffer+3*REQUIRED_BLOCKSIZE;}
- inline void ReverseHashBufferIfNeeded();
-
- class CRYPTOPP_DLL GCTR : public CTR_Mode_ExternalCipher::Encryption
- {
- protected:
- void IncrementCounterBy256();
- };
-
- GCTR m_ctr;
- static word16 s_reductionTable[256];
- static volatile bool s_reductionTableInitialized;
- enum {REQUIRED_BLOCKSIZE = 16, HASH_BLOCKSIZE = 16};
-};
-
-//! .
-template <class T_BlockCipher, GCM_TablesOption T_TablesOption, bool T_IsEncryption>
-class GCM_Final : public GCM_Base
-{
-public:
- static std::string StaticAlgorithmName()
- {return T_BlockCipher::StaticAlgorithmName() + std::string("/GCM");}
- bool IsForwardTransformation() const
- {return T_IsEncryption;}
-
-private:
- GCM_TablesOption GetTablesOption() const {return T_TablesOption;}
- BlockCipher & AccessBlockCipher() {return m_cipher;}
- typename T_BlockCipher::Encryption m_cipher;
-};
-
-//! <a href="http://www.cryptolounge.org/wiki/GCM">GCM</a>
-template <class T_BlockCipher, GCM_TablesOption T_TablesOption=GCM_2K_Tables>
-struct GCM : public AuthenticatedSymmetricCipherDocumentation
-{
- typedef GCM_Final<T_BlockCipher, T_TablesOption, true> Encryption;
- typedef GCM_Final<T_BlockCipher, T_TablesOption, false> Decryption;
-};
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/gf256.cpp b/cryptopp562/gf256.cpp deleted file mode 100644 index 72026d1..0000000 --- a/cryptopp562/gf256.cpp +++ /dev/null @@ -1,34 +0,0 @@ -// gf256.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "gf256.h" - -NAMESPACE_BEGIN(CryptoPP) - -GF256::Element GF256::Multiply(Element a, Element b) const -{ - word result = 0, t = b; - - for (unsigned int i=0; i<8; i++) - { - result <<= 1; - if (result & 0x100) - result ^= m_modulus; - - t <<= 1; - if (t & 0x100) - result ^= a; - } - - return (GF256::Element) result; -} - -GF256::Element GF256::MultiplicativeInverse(Element a) const -{ - Element result = a; - for (int i=1; i<7; i++) - result = Multiply(Square(result), a); - return Square(result); -} - -NAMESPACE_END diff --git a/cryptopp562/gf256.h b/cryptopp562/gf256.h deleted file mode 100644 index e0ea748..0000000 --- a/cryptopp562/gf256.h +++ /dev/null @@ -1,66 +0,0 @@ -#ifndef CRYPTOPP_GF256_H -#define CRYPTOPP_GF256_H - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! GF(256) with polynomial basis -class GF256 -{ -public: - typedef byte Element; - typedef int RandomizationParameter; - - GF256(byte modulus) : m_modulus(modulus) {} - - Element RandomElement(RandomNumberGenerator &rng, int ignored = 0) const - {return rng.GenerateByte();} - - bool Equal(Element a, Element b) const - {return a==b;} - - Element Zero() const - {return 0;} - - Element Add(Element a, Element b) const - {return a^b;} - - Element& Accumulate(Element &a, Element b) const - {return a^=b;} - - Element Inverse(Element a) const - {return a;} - - Element Subtract(Element a, Element b) const - {return a^b;} - - Element& Reduce(Element &a, Element b) const - {return a^=b;} - - Element Double(Element a) const - {return 0;} - - Element One() const - {return 1;} - - Element Multiply(Element a, Element b) const; - - Element Square(Element a) const - {return Multiply(a, a);} - - bool IsUnit(Element a) const - {return a != 0;} - - Element MultiplicativeInverse(Element a) const; - - Element Divide(Element a, Element b) const - {return Multiply(a, MultiplicativeInverse(b));} - -private: - word m_modulus; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/gf2_32.cpp b/cryptopp562/gf2_32.cpp deleted file mode 100644 index ae4874a..0000000 --- a/cryptopp562/gf2_32.cpp +++ /dev/null @@ -1,99 +0,0 @@ -// gf2_32.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "misc.h" -#include "gf2_32.h" - -NAMESPACE_BEGIN(CryptoPP) - -GF2_32::Element GF2_32::Multiply(Element a, Element b) const -{ - word32 table[4]; - table[0] = 0; - table[1] = m_modulus; - if (a & 0x80000000) - { - table[2] = m_modulus ^ (a<<1); - table[3] = a<<1; - } - else - { - table[2] = a<<1; - table[3] = m_modulus ^ (a<<1); - } - -#if CRYPTOPP_FAST_ROTATE(32) - b = rotrFixed(b, 30U); - word32 result = table[b&2]; - - for (int i=29; i>=0; --i) - { - b = rotlFixed(b, 1U); - result = (result<<1) ^ table[(b&2) + (result>>31)]; - } - - return (b&1) ? result ^ a : result; -#else - word32 result = table[(b>>30) & 2]; - - for (int i=29; i>=0; --i) - result = (result<<1) ^ table[((b>>i)&2) + (result>>31)]; - - return (b&1) ? result ^ a : result; -#endif -} - -GF2_32::Element GF2_32::MultiplicativeInverse(Element a) const -{ - if (a <= 1) // 1 is a special case - return a; - - // warning - don't try to adapt this algorithm for another situation - word32 g0=m_modulus, g1=a, g2=a; - word32 v0=0, v1=1, v2=1; - - assert(g1); - - while (!(g2 & 0x80000000)) - { - g2 <<= 1; - v2 <<= 1; - } - - g2 <<= 1; - v2 <<= 1; - - g0 ^= g2; - v0 ^= v2; - - while (g0 != 1) - { - if (g1 < g0 || ((g0^g1) < g0 && (g0^g1) < g1)) - { - assert(BitPrecision(g1) <= BitPrecision(g0)); - g2 = g1; - v2 = v1; - } - else - { - assert(BitPrecision(g1) > BitPrecision(g0)); - g2 = g0; g0 = g1; g1 = g2; - v2 = v0; v0 = v1; v1 = v2; - } - - while ((g0^g2) >= g2) - { - assert(BitPrecision(g0) > BitPrecision(g2)); - g2 <<= 1; - v2 <<= 1; - } - - assert(BitPrecision(g0) == BitPrecision(g2)); - g0 ^= g2; - v0 ^= v2; - } - - return v0; -} - -NAMESPACE_END diff --git a/cryptopp562/gf2_32.h b/cryptopp562/gf2_32.h deleted file mode 100644 index 31713f4..0000000 --- a/cryptopp562/gf2_32.h +++ /dev/null @@ -1,66 +0,0 @@ -#ifndef CRYPTOPP_GF2_32_H -#define CRYPTOPP_GF2_32_H - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! GF(2^32) with polynomial basis -class GF2_32 -{ -public: - typedef word32 Element; - typedef int RandomizationParameter; - - GF2_32(word32 modulus=0x0000008D) : m_modulus(modulus) {} - - Element RandomElement(RandomNumberGenerator &rng, int ignored = 0) const - {return rng.GenerateWord32();} - - bool Equal(Element a, Element b) const - {return a==b;} - - Element Identity() const - {return 0;} - - Element Add(Element a, Element b) const - {return a^b;} - - Element& Accumulate(Element &a, Element b) const - {return a^=b;} - - Element Inverse(Element a) const - {return a;} - - Element Subtract(Element a, Element b) const - {return a^b;} - - Element& Reduce(Element &a, Element b) const - {return a^=b;} - - Element Double(Element a) const - {return 0;} - - Element MultiplicativeIdentity() const - {return 1;} - - Element Multiply(Element a, Element b) const; - - Element Square(Element a) const - {return Multiply(a, a);} - - bool IsUnit(Element a) const - {return a != 0;} - - Element MultiplicativeInverse(Element a) const; - - Element Divide(Element a, Element b) const - {return Multiply(a, MultiplicativeInverse(b));} - -private: - word32 m_modulus; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/gf2n.cpp b/cryptopp562/gf2n.cpp deleted file mode 100644 index bcc5607..0000000 --- a/cryptopp562/gf2n.cpp +++ /dev/null @@ -1,882 +0,0 @@ -// gf2n.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "gf2n.h" -#include "algebra.h" -#include "words.h" -#include "randpool.h" -#include "asn.h" -#include "oids.h" - -#include <iostream> - -NAMESPACE_BEGIN(CryptoPP) - -PolynomialMod2::PolynomialMod2() -{ -} - -PolynomialMod2::PolynomialMod2(word value, size_t bitLength) - : reg(BitsToWords(bitLength)) -{ - assert(value==0 || reg.size()>0); - - if (reg.size() > 0) - { - reg[0] = value; - SetWords(reg+1, 0, reg.size()-1); - } -} - -PolynomialMod2::PolynomialMod2(const PolynomialMod2& t) - : reg(t.reg.size()) -{ - CopyWords(reg, t.reg, reg.size()); -} - -void PolynomialMod2::Randomize(RandomNumberGenerator &rng, size_t nbits) -{ - const size_t nbytes = nbits/8 + 1; - SecByteBlock buf(nbytes); - rng.GenerateBlock(buf, nbytes); - buf[0] = (byte)Crop(buf[0], nbits % 8); - Decode(buf, nbytes); -} - -PolynomialMod2 PolynomialMod2::AllOnes(size_t bitLength) -{ - PolynomialMod2 result((word)0, bitLength); - SetWords(result.reg, ~(word)0, result.reg.size()); - if (bitLength%WORD_BITS) - result.reg[result.reg.size()-1] = (word)Crop(result.reg[result.reg.size()-1], bitLength%WORD_BITS); - return result; -} - -void PolynomialMod2::SetBit(size_t n, int value) -{ - if (value) - { - reg.CleanGrow(n/WORD_BITS + 1); - reg[n/WORD_BITS] |= (word(1) << (n%WORD_BITS)); - } - else - { - if (n/WORD_BITS < reg.size()) - reg[n/WORD_BITS] &= ~(word(1) << (n%WORD_BITS)); - } -} - -byte PolynomialMod2::GetByte(size_t n) const -{ - if (n/WORD_SIZE >= reg.size()) - return 0; - else - return byte(reg[n/WORD_SIZE] >> ((n%WORD_SIZE)*8)); -} - -void PolynomialMod2::SetByte(size_t n, byte value) -{ - reg.CleanGrow(BytesToWords(n+1)); - reg[n/WORD_SIZE] &= ~(word(0xff) << 8*(n%WORD_SIZE)); - reg[n/WORD_SIZE] |= (word(value) << 8*(n%WORD_SIZE)); -} - -PolynomialMod2 PolynomialMod2::Monomial(size_t i) -{ - PolynomialMod2 r((word)0, i+1); - r.SetBit(i); - return r; -} - -PolynomialMod2 PolynomialMod2::Trinomial(size_t t0, size_t t1, size_t t2) -{ - PolynomialMod2 r((word)0, t0+1); - r.SetBit(t0); - r.SetBit(t1); - r.SetBit(t2); - return r; -} - -PolynomialMod2 PolynomialMod2::Pentanomial(size_t t0, size_t t1, size_t t2, size_t t3, size_t t4) -{ - PolynomialMod2 r((word)0, t0+1); - r.SetBit(t0); - r.SetBit(t1); - r.SetBit(t2); - r.SetBit(t3); - r.SetBit(t4); - return r; -} - -template <word i> -struct NewPolynomialMod2 -{ - PolynomialMod2 * operator()() const - { - return new PolynomialMod2(i); - } -}; - -const PolynomialMod2 &PolynomialMod2::Zero() -{ - return Singleton<PolynomialMod2>().Ref(); -} - -const PolynomialMod2 &PolynomialMod2::One() -{ - return Singleton<PolynomialMod2, NewPolynomialMod2<1> >().Ref(); -} - -void PolynomialMod2::Decode(const byte *input, size_t inputLen) -{ - StringStore store(input, inputLen); - Decode(store, inputLen); -} - -void PolynomialMod2::Encode(byte *output, size_t outputLen) const -{ - ArraySink sink(output, outputLen); - Encode(sink, outputLen); -} - -void PolynomialMod2::Decode(BufferedTransformation &bt, size_t inputLen) -{ - reg.CleanNew(BytesToWords(inputLen)); - - for (size_t i=inputLen; i > 0; i--) - { - byte b; - bt.Get(b); - reg[(i-1)/WORD_SIZE] |= word(b) << ((i-1)%WORD_SIZE)*8; - } -} - -void PolynomialMod2::Encode(BufferedTransformation &bt, size_t outputLen) const -{ - for (size_t i=outputLen; i > 0; i--) - bt.Put(GetByte(i-1)); -} - -void PolynomialMod2::DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const -{ - DERGeneralEncoder enc(bt, OCTET_STRING); - Encode(enc, length); - enc.MessageEnd(); -} - -void PolynomialMod2::BERDecodeAsOctetString(BufferedTransformation &bt, size_t length) -{ - BERGeneralDecoder dec(bt, OCTET_STRING); - if (!dec.IsDefiniteLength() || dec.RemainingLength() != length) - BERDecodeError(); - Decode(dec, length); - dec.MessageEnd(); -} - -unsigned int PolynomialMod2::WordCount() const -{ - return (unsigned int)CountWords(reg, reg.size()); -} - -unsigned int PolynomialMod2::ByteCount() const -{ - unsigned wordCount = WordCount(); - if (wordCount) - return (wordCount-1)*WORD_SIZE + BytePrecision(reg[wordCount-1]); - else - return 0; -} - -unsigned int PolynomialMod2::BitCount() const -{ - unsigned wordCount = WordCount(); - if (wordCount) - return (wordCount-1)*WORD_BITS + BitPrecision(reg[wordCount-1]); - else - return 0; -} - -unsigned int PolynomialMod2::Parity() const -{ - unsigned i; - word temp=0; - for (i=0; i<reg.size(); i++) - temp ^= reg[i]; - return CryptoPP::Parity(temp); -} - -PolynomialMod2& PolynomialMod2::operator=(const PolynomialMod2& t) -{ - reg.Assign(t.reg); - return *this; -} - -PolynomialMod2& PolynomialMod2::operator^=(const PolynomialMod2& t) -{ - reg.CleanGrow(t.reg.size()); - XorWords(reg, t.reg, t.reg.size()); - return *this; -} - -PolynomialMod2 PolynomialMod2::Xor(const PolynomialMod2 &b) const -{ - if (b.reg.size() >= reg.size()) - { - PolynomialMod2 result((word)0, b.reg.size()*WORD_BITS); - XorWords(result.reg, reg, b.reg, reg.size()); - CopyWords(result.reg+reg.size(), b.reg+reg.size(), b.reg.size()-reg.size()); - return result; - } - else - { - PolynomialMod2 result((word)0, reg.size()*WORD_BITS); - XorWords(result.reg, reg, b.reg, b.reg.size()); - CopyWords(result.reg+b.reg.size(), reg+b.reg.size(), reg.size()-b.reg.size()); - return result; - } -} - -PolynomialMod2 PolynomialMod2::And(const PolynomialMod2 &b) const -{ - PolynomialMod2 result((word)0, WORD_BITS*STDMIN(reg.size(), b.reg.size())); - AndWords(result.reg, reg, b.reg, result.reg.size()); - return result; -} - -PolynomialMod2 PolynomialMod2::Times(const PolynomialMod2 &b) const -{ - PolynomialMod2 result((word)0, BitCount() + b.BitCount()); - - for (int i=b.Degree(); i>=0; i--) - { - result <<= 1; - if (b[i]) - XorWords(result.reg, reg, reg.size()); - } - return result; -} - -PolynomialMod2 PolynomialMod2::Squared() const -{ - static const word map[16] = {0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85}; - - PolynomialMod2 result((word)0, 2*reg.size()*WORD_BITS); - - for (unsigned i=0; i<reg.size(); i++) - { - unsigned j; - - for (j=0; j<WORD_BITS; j+=8) - result.reg[2*i] |= map[(reg[i] >> (j/2)) % 16] << j; - - for (j=0; j<WORD_BITS; j+=8) - result.reg[2*i+1] |= map[(reg[i] >> (j/2 + WORD_BITS/2)) % 16] << j; - } - - return result; -} - -void PolynomialMod2::Divide(PolynomialMod2 &remainder, PolynomialMod2 "ient, - const PolynomialMod2 ÷nd, const PolynomialMod2 &divisor) -{ - if (!divisor) - throw PolynomialMod2::DivideByZero(); - - int degree = divisor.Degree(); - remainder.reg.CleanNew(BitsToWords(degree+1)); - if (dividend.BitCount() >= divisor.BitCount()) - quotient.reg.CleanNew(BitsToWords(dividend.BitCount() - divisor.BitCount() + 1)); - else - quotient.reg.CleanNew(0); - - for (int i=dividend.Degree(); i>=0; i--) - { - remainder <<= 1; - remainder.reg[0] |= dividend[i]; - if (remainder[degree]) - { - remainder -= divisor; - quotient.SetBit(i); - } - } -} - -PolynomialMod2 PolynomialMod2::DividedBy(const PolynomialMod2 &b) const -{ - PolynomialMod2 remainder, quotient; - PolynomialMod2::Divide(remainder, quotient, *this, b); - return quotient; -} - -PolynomialMod2 PolynomialMod2::Modulo(const PolynomialMod2 &b) const -{ - PolynomialMod2 remainder, quotient; - PolynomialMod2::Divide(remainder, quotient, *this, b); - return remainder; -} - -PolynomialMod2& PolynomialMod2::operator<<=(unsigned int n) -{ - if (!reg.size()) - return *this; - - int i; - word u; - word carry=0; - word *r=reg; - - if (n==1) // special case code for most frequent case - { - i = (int)reg.size(); - while (i--) - { - u = *r; - *r = (u << 1) | carry; - carry = u >> (WORD_BITS-1); - r++; - } - - if (carry) - { - reg.Grow(reg.size()+1); - reg[reg.size()-1] = carry; - } - - return *this; - } - - int shiftWords = n / WORD_BITS; - int shiftBits = n % WORD_BITS; - - if (shiftBits) - { - i = (int)reg.size(); - while (i--) - { - u = *r; - *r = (u << shiftBits) | carry; - carry = u >> (WORD_BITS-shiftBits); - r++; - } - } - - if (carry) - { - reg.Grow(reg.size()+shiftWords+1); - reg[reg.size()-1] = carry; - } - else - reg.Grow(reg.size()+shiftWords); - - if (shiftWords) - { - for (i = (int)reg.size()-1; i>=shiftWords; i--) - reg[i] = reg[i-shiftWords]; - for (; i>=0; i--) - reg[i] = 0; - } - - return *this; -} - -PolynomialMod2& PolynomialMod2::operator>>=(unsigned int n) -{ - if (!reg.size()) - return *this; - - int shiftWords = n / WORD_BITS; - int shiftBits = n % WORD_BITS; - - size_t i; - word u; - word carry=0; - word *r=reg+reg.size()-1; - - if (shiftBits) - { - i = reg.size(); - while (i--) - { - u = *r; - *r = (u >> shiftBits) | carry; - carry = u << (WORD_BITS-shiftBits); - r--; - } - } - - if (shiftWords) - { - for (i=0; i<reg.size()-shiftWords; i++) - reg[i] = reg[i+shiftWords]; - for (; i<reg.size(); i++) - reg[i] = 0; - } - - return *this; -} - -PolynomialMod2 PolynomialMod2::operator<<(unsigned int n) const -{ - PolynomialMod2 result(*this); - return result<<=n; -} - -PolynomialMod2 PolynomialMod2::operator>>(unsigned int n) const -{ - PolynomialMod2 result(*this); - return result>>=n; -} - -bool PolynomialMod2::operator!() const -{ - for (unsigned i=0; i<reg.size(); i++) - if (reg[i]) return false; - return true; -} - -bool PolynomialMod2::Equals(const PolynomialMod2 &rhs) const -{ - size_t i, smallerSize = STDMIN(reg.size(), rhs.reg.size()); - - for (i=0; i<smallerSize; i++) - if (reg[i] != rhs.reg[i]) return false; - - for (i=smallerSize; i<reg.size(); i++) - if (reg[i] != 0) return false; - - for (i=smallerSize; i<rhs.reg.size(); i++) - if (rhs.reg[i] != 0) return false; - - return true; -} - -std::ostream& operator<<(std::ostream& out, const PolynomialMod2 &a) -{ - // Get relevant conversion specifications from ostream. - long f = out.flags() & std::ios::basefield; // Get base digits. - int bits, block; - char suffix; - switch(f) - { - case std::ios::oct : - bits = 3; - block = 4; - suffix = 'o'; - break; - case std::ios::hex : - bits = 4; - block = 2; - suffix = 'h'; - break; - default : - bits = 1; - block = 8; - suffix = 'b'; - } - - if (!a) - return out << '0' << suffix; - - SecBlock<char> s(a.BitCount()/bits+1); - unsigned i; - - static const char upper[]="0123456789ABCDEF"; - static const char lower[]="0123456789abcdef"; - const char* vec = (out.flags() & std::ios::uppercase) ? upper : lower; - - for (i=0; i*bits < a.BitCount(); i++) - { - int digit=0; - for (int j=0; j<bits; j++) - digit |= a[i*bits+j] << j; - s[i]=vec[digit]; - } - - while (i--) - { - out << s[i]; - if (i && (i%block)==0) - out << ','; - } - - return out << suffix; -} - -PolynomialMod2 PolynomialMod2::Gcd(const PolynomialMod2 &a, const PolynomialMod2 &b) -{ - return EuclideanDomainOf<PolynomialMod2>().Gcd(a, b); -} - -PolynomialMod2 PolynomialMod2::InverseMod(const PolynomialMod2 &modulus) const -{ - typedef EuclideanDomainOf<PolynomialMod2> Domain; - return QuotientRing<Domain>(Domain(), modulus).MultiplicativeInverse(*this); -} - -bool PolynomialMod2::IsIrreducible() const -{ - signed int d = Degree(); - if (d <= 0) - return false; - - PolynomialMod2 t(2), u(t); - for (int i=1; i<=d/2; i++) - { - u = u.Squared()%(*this); - if (!Gcd(u+t, *this).IsUnit()) - return false; - } - return true; -} - -// ******************************************************** - -GF2NP::GF2NP(const PolynomialMod2 &modulus) - : QuotientRing<EuclideanDomainOf<PolynomialMod2> >(EuclideanDomainOf<PolynomialMod2>(), modulus), m(modulus.Degree()) -{ -} - -GF2NP::Element GF2NP::SquareRoot(const Element &a) const -{ - Element r = a; - for (unsigned int i=1; i<m; i++) - r = Square(r); - return r; -} - -GF2NP::Element GF2NP::HalfTrace(const Element &a) const -{ - assert(m%2 == 1); - Element h = a; - for (unsigned int i=1; i<=(m-1)/2; i++) - h = Add(Square(Square(h)), a); - return h; -} - -GF2NP::Element GF2NP::SolveQuadraticEquation(const Element &a) const -{ - if (m%2 == 0) - { - Element z, w; - RandomPool rng; - do - { - Element p((RandomNumberGenerator &)rng, m); - z = PolynomialMod2::Zero(); - w = p; - for (unsigned int i=1; i<=m-1; i++) - { - w = Square(w); - z = Square(z); - Accumulate(z, Multiply(w, a)); - Accumulate(w, p); - } - } while (w.IsZero()); - return z; - } - else - return HalfTrace(a); -} - -// ******************************************************** - -GF2NT::GF2NT(unsigned int t0, unsigned int t1, unsigned int t2) - : GF2NP(PolynomialMod2::Trinomial(t0, t1, t2)) - , t0(t0), t1(t1) - , result((word)0, m) -{ - assert(t0 > t1 && t1 > t2 && t2==0); -} - -const GF2NT::Element& GF2NT::MultiplicativeInverse(const Element &a) const -{ - if (t0-t1 < WORD_BITS) - return GF2NP::MultiplicativeInverse(a); - - SecWordBlock T(m_modulus.reg.size() * 4); - word *b = T; - word *c = T+m_modulus.reg.size(); - word *f = T+2*m_modulus.reg.size(); - word *g = T+3*m_modulus.reg.size(); - size_t bcLen=1, fgLen=m_modulus.reg.size(); - unsigned int k=0; - - SetWords(T, 0, 3*m_modulus.reg.size()); - b[0]=1; - assert(a.reg.size() <= m_modulus.reg.size()); - CopyWords(f, a.reg, a.reg.size()); - CopyWords(g, m_modulus.reg, m_modulus.reg.size()); - - while (1) - { - word t=f[0]; - while (!t) - { - ShiftWordsRightByWords(f, fgLen, 1); - if (c[bcLen-1]) - bcLen++; - assert(bcLen <= m_modulus.reg.size()); - ShiftWordsLeftByWords(c, bcLen, 1); - k+=WORD_BITS; - t=f[0]; - } - - unsigned int i=0; - while (t%2 == 0) - { - t>>=1; - i++; - } - k+=i; - - if (t==1 && CountWords(f, fgLen)==1) - break; - - if (i==1) - { - ShiftWordsRightByBits(f, fgLen, 1); - t=ShiftWordsLeftByBits(c, bcLen, 1); - } - else - { - ShiftWordsRightByBits(f, fgLen, i); - t=ShiftWordsLeftByBits(c, bcLen, i); - } - if (t) - { - c[bcLen] = t; - bcLen++; - assert(bcLen <= m_modulus.reg.size()); - } - - if (f[fgLen-1]==0 && g[fgLen-1]==0) - fgLen--; - - if (f[fgLen-1] < g[fgLen-1]) - { - std::swap(f, g); - std::swap(b, c); - } - - XorWords(f, g, fgLen); - XorWords(b, c, bcLen); - } - - while (k >= WORD_BITS) - { - word temp = b[0]; - // right shift b - for (unsigned i=0; i+1<BitsToWords(m); i++) - b[i] = b[i+1]; - b[BitsToWords(m)-1] = 0; - - if (t1 < WORD_BITS) - for (unsigned int j=0; j<WORD_BITS-t1; j++) - temp ^= ((temp >> j) & 1) << (t1 + j); - else - b[t1/WORD_BITS-1] ^= temp << t1%WORD_BITS; - - if (t1 % WORD_BITS) - b[t1/WORD_BITS] ^= temp >> (WORD_BITS - t1%WORD_BITS); - - if (t0%WORD_BITS) - { - b[t0/WORD_BITS-1] ^= temp << t0%WORD_BITS; - b[t0/WORD_BITS] ^= temp >> (WORD_BITS - t0%WORD_BITS); - } - else - b[t0/WORD_BITS-1] ^= temp; - - k -= WORD_BITS; - } - - if (k) - { - word temp = b[0] << (WORD_BITS - k); - ShiftWordsRightByBits(b, BitsToWords(m), k); - - if (t1 < WORD_BITS) - for (unsigned int j=0; j<WORD_BITS-t1; j++) - temp ^= ((temp >> j) & 1) << (t1 + j); - else - b[t1/WORD_BITS-1] ^= temp << t1%WORD_BITS; - - if (t1 % WORD_BITS) - b[t1/WORD_BITS] ^= temp >> (WORD_BITS - t1%WORD_BITS); - - if (t0%WORD_BITS) - { - b[t0/WORD_BITS-1] ^= temp << t0%WORD_BITS; - b[t0/WORD_BITS] ^= temp >> (WORD_BITS - t0%WORD_BITS); - } - else - b[t0/WORD_BITS-1] ^= temp; - } - - CopyWords(result.reg.begin(), b, result.reg.size()); - return result; -} - -const GF2NT::Element& GF2NT::Multiply(const Element &a, const Element &b) const -{ - size_t aSize = STDMIN(a.reg.size(), result.reg.size()); - Element r((word)0, m); - - for (int i=m-1; i>=0; i--) - { - if (r[m-1]) - { - ShiftWordsLeftByBits(r.reg.begin(), r.reg.size(), 1); - XorWords(r.reg.begin(), m_modulus.reg, r.reg.size()); - } - else - ShiftWordsLeftByBits(r.reg.begin(), r.reg.size(), 1); - - if (b[i]) - XorWords(r.reg.begin(), a.reg, aSize); - } - - if (m%WORD_BITS) - r.reg.begin()[r.reg.size()-1] = (word)Crop(r.reg[r.reg.size()-1], m%WORD_BITS); - - CopyWords(result.reg.begin(), r.reg.begin(), result.reg.size()); - return result; -} - -const GF2NT::Element& GF2NT::Reduced(const Element &a) const -{ - if (t0-t1 < WORD_BITS) - return m_domain.Mod(a, m_modulus); - - SecWordBlock b(a.reg); - - size_t i; - for (i=b.size()-1; i>=BitsToWords(t0); i--) - { - word temp = b[i]; - - if (t0%WORD_BITS) - { - b[i-t0/WORD_BITS] ^= temp >> t0%WORD_BITS; - b[i-t0/WORD_BITS-1] ^= temp << (WORD_BITS - t0%WORD_BITS); - } - else - b[i-t0/WORD_BITS] ^= temp; - - if ((t0-t1)%WORD_BITS) - { - b[i-(t0-t1)/WORD_BITS] ^= temp >> (t0-t1)%WORD_BITS; - b[i-(t0-t1)/WORD_BITS-1] ^= temp << (WORD_BITS - (t0-t1)%WORD_BITS); - } - else - b[i-(t0-t1)/WORD_BITS] ^= temp; - } - - if (i==BitsToWords(t0)-1 && t0%WORD_BITS) - { - word mask = ((word)1<<(t0%WORD_BITS))-1; - word temp = b[i] & ~mask; - b[i] &= mask; - - b[i-t0/WORD_BITS] ^= temp >> t0%WORD_BITS; - - if ((t0-t1)%WORD_BITS) - { - b[i-(t0-t1)/WORD_BITS] ^= temp >> (t0-t1)%WORD_BITS; - if ((t0-t1)%WORD_BITS > t0%WORD_BITS) - b[i-(t0-t1)/WORD_BITS-1] ^= temp << (WORD_BITS - (t0-t1)%WORD_BITS); - else - assert(temp << (WORD_BITS - (t0-t1)%WORD_BITS) == 0); - } - else - b[i-(t0-t1)/WORD_BITS] ^= temp; - } - - SetWords(result.reg.begin(), 0, result.reg.size()); - CopyWords(result.reg.begin(), b, STDMIN(b.size(), result.reg.size())); - return result; -} - -void GF2NP::DEREncodeElement(BufferedTransformation &out, const Element &a) const -{ - a.DEREncodeAsOctetString(out, MaxElementByteLength()); -} - -void GF2NP::BERDecodeElement(BufferedTransformation &in, Element &a) const -{ - a.BERDecodeAsOctetString(in, MaxElementByteLength()); -} - -void GF2NT::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - ASN1::characteristic_two_field().DEREncode(seq); - DERSequenceEncoder parameters(seq); - DEREncodeUnsigned(parameters, m); - ASN1::tpBasis().DEREncode(parameters); - DEREncodeUnsigned(parameters, t1); - parameters.MessageEnd(); - seq.MessageEnd(); -} - -void GF2NPP::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - ASN1::characteristic_two_field().DEREncode(seq); - DERSequenceEncoder parameters(seq); - DEREncodeUnsigned(parameters, m); - ASN1::ppBasis().DEREncode(parameters); - DERSequenceEncoder pentanomial(parameters); - DEREncodeUnsigned(pentanomial, t3); - DEREncodeUnsigned(pentanomial, t2); - DEREncodeUnsigned(pentanomial, t1); - pentanomial.MessageEnd(); - parameters.MessageEnd(); - seq.MessageEnd(); -} - -GF2NP * BERDecodeGF2NP(BufferedTransformation &bt) -{ - // VC60 workaround: auto_ptr lacks reset() - member_ptr<GF2NP> result; - - BERSequenceDecoder seq(bt); - if (OID(seq) != ASN1::characteristic_two_field()) - BERDecodeError(); - BERSequenceDecoder parameters(seq); - unsigned int m; - BERDecodeUnsigned(parameters, m); - OID oid(parameters); - if (oid == ASN1::tpBasis()) - { - unsigned int t1; - BERDecodeUnsigned(parameters, t1); - result.reset(new GF2NT(m, t1, 0)); - } - else if (oid == ASN1::ppBasis()) - { - unsigned int t1, t2, t3; - BERSequenceDecoder pentanomial(parameters); - BERDecodeUnsigned(pentanomial, t3); - BERDecodeUnsigned(pentanomial, t2); - BERDecodeUnsigned(pentanomial, t1); - pentanomial.MessageEnd(); - result.reset(new GF2NPP(m, t3, t2, t1, 0)); - } - else - { - BERDecodeError(); - return NULL; - } - parameters.MessageEnd(); - seq.MessageEnd(); - - return result.release(); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/gf2n.h b/cryptopp562/gf2n.h deleted file mode 100644 index 67ade64..0000000 --- a/cryptopp562/gf2n.h +++ /dev/null @@ -1,369 +0,0 @@ -#ifndef CRYPTOPP_GF2N_H -#define CRYPTOPP_GF2N_H - -/*! \file */ - -#include "cryptlib.h" -#include "secblock.h" -#include "misc.h" -#include "algebra.h" - -#include <iosfwd> - -NAMESPACE_BEGIN(CryptoPP) - -//! Polynomial with Coefficients in GF(2) -/*! \nosubgrouping */ -class CRYPTOPP_DLL PolynomialMod2 -{ -public: - //! \name ENUMS, EXCEPTIONS, and TYPEDEFS - //@{ - //! divide by zero exception - class DivideByZero : public Exception - { - public: - DivideByZero() : Exception(OTHER_ERROR, "PolynomialMod2: division by zero") {} - }; - - typedef unsigned int RandomizationParameter; - //@} - - //! \name CREATORS - //@{ - //! creates the zero polynomial - PolynomialMod2(); - //! copy constructor - PolynomialMod2(const PolynomialMod2& t); - - //! convert from word - /*! value should be encoded with the least significant bit as coefficient to x^0 - and most significant bit as coefficient to x^(WORD_BITS-1) - bitLength denotes how much memory to allocate initially - */ - PolynomialMod2(word value, size_t bitLength=WORD_BITS); - - //! convert from big-endian byte array - PolynomialMod2(const byte *encodedPoly, size_t byteCount) - {Decode(encodedPoly, byteCount);} - - //! convert from big-endian form stored in a BufferedTransformation - PolynomialMod2(BufferedTransformation &encodedPoly, size_t byteCount) - {Decode(encodedPoly, byteCount);} - - //! create a random polynomial uniformly distributed over all polynomials with degree less than bitcount - PolynomialMod2(RandomNumberGenerator &rng, size_t bitcount) - {Randomize(rng, bitcount);} - - //! return x^i - static PolynomialMod2 CRYPTOPP_API Monomial(size_t i); - //! return x^t0 + x^t1 + x^t2 - static PolynomialMod2 CRYPTOPP_API Trinomial(size_t t0, size_t t1, size_t t2); - //! return x^t0 + x^t1 + x^t2 + x^t3 + x^t4 - static PolynomialMod2 CRYPTOPP_API Pentanomial(size_t t0, size_t t1, size_t t2, size_t t3, size_t t4); - //! return x^(n-1) + ... + x + 1 - static PolynomialMod2 CRYPTOPP_API AllOnes(size_t n); - - //! - static const PolynomialMod2 & CRYPTOPP_API Zero(); - //! - static const PolynomialMod2 & CRYPTOPP_API One(); - //@} - - //! \name ENCODE/DECODE - //@{ - //! minimum number of bytes to encode this polynomial - /*! MinEncodedSize of 0 is 1 */ - unsigned int MinEncodedSize() const {return STDMAX(1U, ByteCount());} - - //! encode in big-endian format - /*! if outputLen < MinEncodedSize, the most significant bytes will be dropped - if outputLen > MinEncodedSize, the most significant bytes will be padded - */ - void Encode(byte *output, size_t outputLen) const; - //! - void Encode(BufferedTransformation &bt, size_t outputLen) const; - - //! - void Decode(const byte *input, size_t inputLen); - //! - //* Precondition: bt.MaxRetrievable() >= inputLen - void Decode(BufferedTransformation &bt, size_t inputLen); - - //! encode value as big-endian octet string - void DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const; - //! decode value as big-endian octet string - void BERDecodeAsOctetString(BufferedTransformation &bt, size_t length); - //@} - - //! \name ACCESSORS - //@{ - //! number of significant bits = Degree() + 1 - unsigned int BitCount() const; - //! number of significant bytes = ceiling(BitCount()/8) - unsigned int ByteCount() const; - //! number of significant words = ceiling(ByteCount()/sizeof(word)) - unsigned int WordCount() const; - - //! return the n-th bit, n=0 being the least significant bit - bool GetBit(size_t n) const {return GetCoefficient(n)!=0;} - //! return the n-th byte - byte GetByte(size_t n) const; - - //! the zero polynomial will return a degree of -1 - signed int Degree() const {return BitCount()-1;} - //! degree + 1 - unsigned int CoefficientCount() const {return BitCount();} - //! return coefficient for x^i - int GetCoefficient(size_t i) const - {return (i/WORD_BITS < reg.size()) ? int(reg[i/WORD_BITS] >> (i % WORD_BITS)) & 1 : 0;} - //! return coefficient for x^i - int operator[](unsigned int i) const {return GetCoefficient(i);} - - //! - bool IsZero() const {return !*this;} - //! - bool Equals(const PolynomialMod2 &rhs) const; - //@} - - //! \name MANIPULATORS - //@{ - //! - PolynomialMod2& operator=(const PolynomialMod2& t); - //! - PolynomialMod2& operator&=(const PolynomialMod2& t); - //! - PolynomialMod2& operator^=(const PolynomialMod2& t); - //! - PolynomialMod2& operator+=(const PolynomialMod2& t) {return *this ^= t;} - //! - PolynomialMod2& operator-=(const PolynomialMod2& t) {return *this ^= t;} - //! - PolynomialMod2& operator*=(const PolynomialMod2& t); - //! - PolynomialMod2& operator/=(const PolynomialMod2& t); - //! - PolynomialMod2& operator%=(const PolynomialMod2& t); - //! - PolynomialMod2& operator<<=(unsigned int); - //! - PolynomialMod2& operator>>=(unsigned int); - - //! - void Randomize(RandomNumberGenerator &rng, size_t bitcount); - - //! - void SetBit(size_t i, int value = 1); - //! set the n-th byte to value - void SetByte(size_t n, byte value); - - //! - void SetCoefficient(size_t i, int value) {SetBit(i, value);} - - //! - void swap(PolynomialMod2 &a) {reg.swap(a.reg);} - //@} - - //! \name UNARY OPERATORS - //@{ - //! - bool operator!() const; - //! - PolynomialMod2 operator+() const {return *this;} - //! - PolynomialMod2 operator-() const {return *this;} - //@} - - //! \name BINARY OPERATORS - //@{ - //! - PolynomialMod2 And(const PolynomialMod2 &b) const; - //! - PolynomialMod2 Xor(const PolynomialMod2 &b) const; - //! - PolynomialMod2 Plus(const PolynomialMod2 &b) const {return Xor(b);} - //! - PolynomialMod2 Minus(const PolynomialMod2 &b) const {return Xor(b);} - //! - PolynomialMod2 Times(const PolynomialMod2 &b) const; - //! - PolynomialMod2 DividedBy(const PolynomialMod2 &b) const; - //! - PolynomialMod2 Modulo(const PolynomialMod2 &b) const; - - //! - PolynomialMod2 operator>>(unsigned int n) const; - //! - PolynomialMod2 operator<<(unsigned int n) const; - //@} - - //! \name OTHER ARITHMETIC FUNCTIONS - //@{ - //! sum modulo 2 of all coefficients - unsigned int Parity() const; - - //! check for irreducibility - bool IsIrreducible() const; - - //! is always zero since we're working modulo 2 - PolynomialMod2 Doubled() const {return Zero();} - //! - PolynomialMod2 Squared() const; - - //! only 1 is a unit - bool IsUnit() const {return Equals(One());} - //! return inverse if *this is a unit, otherwise return 0 - PolynomialMod2 MultiplicativeInverse() const {return IsUnit() ? One() : Zero();} - - //! greatest common divisor - static PolynomialMod2 CRYPTOPP_API Gcd(const PolynomialMod2 &a, const PolynomialMod2 &n); - //! calculate multiplicative inverse of *this mod n - PolynomialMod2 InverseMod(const PolynomialMod2 &) const; - - //! calculate r and q such that (a == d*q + r) && (deg(r) < deg(d)) - static void CRYPTOPP_API Divide(PolynomialMod2 &r, PolynomialMod2 &q, const PolynomialMod2 &a, const PolynomialMod2 &d); - //@} - - //! \name INPUT/OUTPUT - //@{ - //! - friend std::ostream& operator<<(std::ostream& out, const PolynomialMod2 &a); - //@} - -private: - friend class GF2NT; - - SecWordBlock reg; -}; - -//! -inline bool operator==(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) -{return a.Equals(b);} -//! -inline bool operator!=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) -{return !(a==b);} -//! compares degree -inline bool operator> (const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) -{return a.Degree() > b.Degree();} -//! compares degree -inline bool operator>=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) -{return a.Degree() >= b.Degree();} -//! compares degree -inline bool operator< (const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) -{return a.Degree() < b.Degree();} -//! compares degree -inline bool operator<=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) -{return a.Degree() <= b.Degree();} -//! -inline CryptoPP::PolynomialMod2 operator&(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.And(b);} -//! -inline CryptoPP::PolynomialMod2 operator^(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Xor(b);} -//! -inline CryptoPP::PolynomialMod2 operator+(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Plus(b);} -//! -inline CryptoPP::PolynomialMod2 operator-(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Minus(b);} -//! -inline CryptoPP::PolynomialMod2 operator*(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Times(b);} -//! -inline CryptoPP::PolynomialMod2 operator/(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.DividedBy(b);} -//! -inline CryptoPP::PolynomialMod2 operator%(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Modulo(b);} - -// CodeWarrior 8 workaround: put these template instantiations after overloaded operator declarations, -// but before the use of QuotientRing<EuclideanDomainOf<PolynomialMod2> > for VC .NET 2003 -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<PolynomialMod2>; -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractRing<PolynomialMod2>; -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractEuclideanDomain<PolynomialMod2>; -CRYPTOPP_DLL_TEMPLATE_CLASS EuclideanDomainOf<PolynomialMod2>; -CRYPTOPP_DLL_TEMPLATE_CLASS QuotientRing<EuclideanDomainOf<PolynomialMod2> >; - -//! GF(2^n) with Polynomial Basis -class CRYPTOPP_DLL GF2NP : public QuotientRing<EuclideanDomainOf<PolynomialMod2> > -{ -public: - GF2NP(const PolynomialMod2 &modulus); - - virtual GF2NP * Clone() const {return new GF2NP(*this);} - virtual void DEREncode(BufferedTransformation &bt) const - {assert(false);} // no ASN.1 syntax yet for general polynomial basis - - void DEREncodeElement(BufferedTransformation &out, const Element &a) const; - void BERDecodeElement(BufferedTransformation &in, Element &a) const; - - bool Equal(const Element &a, const Element &b) const - {assert(a.Degree() < m_modulus.Degree() && b.Degree() < m_modulus.Degree()); return a.Equals(b);} - - bool IsUnit(const Element &a) const - {assert(a.Degree() < m_modulus.Degree()); return !!a;} - - unsigned int MaxElementBitLength() const - {return m;} - - unsigned int MaxElementByteLength() const - {return (unsigned int)BitsToBytes(MaxElementBitLength());} - - Element SquareRoot(const Element &a) const; - - Element HalfTrace(const Element &a) const; - - // returns z such that z^2 + z == a - Element SolveQuadraticEquation(const Element &a) const; - -protected: - unsigned int m; -}; - -//! GF(2^n) with Trinomial Basis -class CRYPTOPP_DLL GF2NT : public GF2NP -{ -public: - // polynomial modulus = x^t0 + x^t1 + x^t2, t0 > t1 > t2 - GF2NT(unsigned int t0, unsigned int t1, unsigned int t2); - - GF2NP * Clone() const {return new GF2NT(*this);} - void DEREncode(BufferedTransformation &bt) const; - - const Element& Multiply(const Element &a, const Element &b) const; - - const Element& Square(const Element &a) const - {return Reduced(a.Squared());} - - const Element& MultiplicativeInverse(const Element &a) const; - -private: - const Element& Reduced(const Element &a) const; - - unsigned int t0, t1; - mutable PolynomialMod2 result; -}; - -//! GF(2^n) with Pentanomial Basis -class CRYPTOPP_DLL GF2NPP : public GF2NP -{ -public: - // polynomial modulus = x^t0 + x^t1 + x^t2 + x^t3 + x^t4, t0 > t1 > t2 > t3 > t4 - GF2NPP(unsigned int t0, unsigned int t1, unsigned int t2, unsigned int t3, unsigned int t4) - : GF2NP(PolynomialMod2::Pentanomial(t0, t1, t2, t3, t4)), t0(t0), t1(t1), t2(t2), t3(t3) {} - - GF2NP * Clone() const {return new GF2NPP(*this);} - void DEREncode(BufferedTransformation &bt) const; - -private: - unsigned int t0, t1, t2, t3; -}; - -// construct new GF2NP from the ASN.1 sequence Characteristic-two -CRYPTOPP_DLL GF2NP * CRYPTOPP_API BERDecodeGF2NP(BufferedTransformation &bt); - -NAMESPACE_END - -#ifndef __BORLANDC__ -NAMESPACE_BEGIN(std) -template<> inline void swap(CryptoPP::PolynomialMod2 &a, CryptoPP::PolynomialMod2 &b) -{ - a.swap(b); -} -NAMESPACE_END -#endif - -#endif diff --git a/cryptopp562/gfpcrypt.cpp b/cryptopp562/gfpcrypt.cpp deleted file mode 100644 index e293fc5..0000000 --- a/cryptopp562/gfpcrypt.cpp +++ /dev/null @@ -1,273 +0,0 @@ -// dsa.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "gfpcrypt.h" -#include "asn.h" -#include "oids.h" -#include "nbtheory.h" - -NAMESPACE_BEGIN(CryptoPP) - -void TestInstantiations_gfpcrypt() -{ - GDSA<SHA>::Signer test; - GDSA<SHA>::Verifier test1; - DSA::Signer test5(NullRNG(), 100); - DSA::Signer test2(test5); - NR<SHA>::Signer test3; - NR<SHA>::Verifier test4; - DLIES<>::Encryptor test6; - DLIES<>::Decryptor test7; -} - -void DL_GroupParameters_DSA::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - Integer p, q, g; - - if (alg.GetValue("Modulus", p) && alg.GetValue("SubgroupGenerator", g)) - { - q = alg.GetValueWithDefault("SubgroupOrder", ComputeGroupOrder(p)/2); - Initialize(p, q, g); - } - else - { - int modulusSize = 1024, defaultSubgroupOrderSize; - alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize); - - switch (modulusSize) - { - case 1024: - defaultSubgroupOrderSize = 160; - break; - case 2048: - defaultSubgroupOrderSize = 224; - break; - case 3072: - defaultSubgroupOrderSize = 256; - break; - default: - throw InvalidArgument("DSA: not a valid prime length"); - } - - DL_GroupParameters_GFP::GenerateRandom(rng, CombinedNameValuePairs(alg, MakeParameters(Name::SubgroupOrderSize(), defaultSubgroupOrderSize, false))); - } -} - -bool DL_GroupParameters_DSA::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = DL_GroupParameters_GFP::ValidateGroup(rng, level); - int pSize = GetModulus().BitCount(), qSize = GetSubgroupOrder().BitCount(); - pass = pass && ((pSize==1024 && qSize==160) || (pSize==2048 && qSize==224) || (pSize==2048 && qSize==256) || (pSize==3072 && qSize==256)); - return pass; -} - -void DL_SignatureMessageEncodingMethod_DSA::ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - assert(recoverableMessageLength == 0); - assert(hashIdentifier.second == 0); - const size_t representativeByteLength = BitsToBytes(representativeBitLength); - const size_t digestSize = hash.DigestSize(); - const size_t paddingLength = SaturatingSubtract(representativeByteLength, digestSize); - - memset(representative, 0, paddingLength); - hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize)); - - if (digestSize*8 > representativeBitLength) - { - Integer h(representative, representativeByteLength); - h >>= representativeByteLength*8 - representativeBitLength; - h.Encode(representative, representativeByteLength); - } -} - -void DL_SignatureMessageEncodingMethod_NR::ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - assert(recoverableMessageLength == 0); - assert(hashIdentifier.second == 0); - const size_t representativeByteLength = BitsToBytes(representativeBitLength); - const size_t digestSize = hash.DigestSize(); - const size_t paddingLength = SaturatingSubtract(representativeByteLength, digestSize); - - memset(representative, 0, paddingLength); - hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize)); - - if (digestSize*8 >= representativeBitLength) - { - Integer h(representative, representativeByteLength); - h >>= representativeByteLength*8 - representativeBitLength + 1; - h.Encode(representative, representativeByteLength); - } -} - -bool DL_GroupParameters_IntegerBased::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const -{ - const Integer &p = GetModulus(), &q = GetSubgroupOrder(); - - bool pass = true; - pass = pass && p > Integer::One() && p.IsOdd(); - pass = pass && q > Integer::One() && q.IsOdd(); - - if (level >= 1) - pass = pass && GetCofactor() > Integer::One() && GetGroupOrder() % q == Integer::Zero(); - if (level >= 2) - pass = pass && VerifyPrime(rng, q, level-2) && VerifyPrime(rng, p, level-2); - - return pass; -} - -bool DL_GroupParameters_IntegerBased::ValidateElement(unsigned int level, const Integer &g, const DL_FixedBasePrecomputation<Integer> *gpc) const -{ - const Integer &p = GetModulus(), &q = GetSubgroupOrder(); - - bool pass = true; - pass = pass && GetFieldType() == 1 ? g.IsPositive() : g.NotNegative(); - pass = pass && g < p && !IsIdentity(g); - - if (level >= 1) - { - if (gpc) - pass = pass && gpc->Exponentiate(GetGroupPrecomputation(), Integer::One()) == g; - } - if (level >= 2) - { - if (GetFieldType() == 2) - pass = pass && Jacobi(g*g-4, p)==-1; - - // verifying that Lucas((p+1)/2, w, p)==2 is omitted because it's too costly - // and at most 1 bit is leaked if it's false - bool fullValidate = (GetFieldType() == 2 && level >= 3) || !FastSubgroupCheckAvailable(); - - if (fullValidate && pass) - { - Integer gp = gpc ? gpc->Exponentiate(GetGroupPrecomputation(), q) : ExponentiateElement(g, q); - pass = pass && IsIdentity(gp); - } - else if (GetFieldType() == 1) - pass = pass && Jacobi(g, p) == 1; - } - - return pass; -} - -void DL_GroupParameters_IntegerBased::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - Integer p, q, g; - - if (alg.GetValue("Modulus", p) && alg.GetValue("SubgroupGenerator", g)) - { - q = alg.GetValueWithDefault("SubgroupOrder", ComputeGroupOrder(p)/2); - } - else - { - int modulusSize, subgroupOrderSize; - - if (!alg.GetIntValue("ModulusSize", modulusSize)) - modulusSize = alg.GetIntValueWithDefault("KeySize", 2048); - - if (!alg.GetIntValue("SubgroupOrderSize", subgroupOrderSize)) - subgroupOrderSize = GetDefaultSubgroupOrderSize(modulusSize); - - PrimeAndGenerator pg; - pg.Generate(GetFieldType() == 1 ? 1 : -1, rng, modulusSize, subgroupOrderSize); - p = pg.Prime(); - q = pg.SubPrime(); - g = pg.Generator(); - } - - Initialize(p, q, g); -} - -Integer DL_GroupParameters_IntegerBased::DecodeElement(const byte *encoded, bool checkForGroupMembership) const -{ - Integer g(encoded, GetModulus().ByteCount()); - if (!ValidateElement(1, g, NULL)) - throw DL_BadElement(); - return g; -} - -void DL_GroupParameters_IntegerBased::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder parameters(bt); - Integer p(parameters); - Integer q(parameters); - Integer g; - if (parameters.EndReached()) - { - g = q; - q = ComputeGroupOrder(p) / 2; - } - else - g.BERDecode(parameters); - parameters.MessageEnd(); - - SetModulusAndSubgroupGenerator(p, g); - SetSubgroupOrder(q); -} - -void DL_GroupParameters_IntegerBased::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder parameters(bt); - GetModulus().DEREncode(parameters); - m_q.DEREncode(parameters); - GetSubgroupGenerator().DEREncode(parameters); - parameters.MessageEnd(); -} - -bool DL_GroupParameters_IntegerBased::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper<DL_GroupParameters<Element> >(this, name, valueType, pValue) - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus); -} - -void DL_GroupParameters_IntegerBased::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY2(Modulus, SubgroupGenerator) - CRYPTOPP_SET_FUNCTION_ENTRY(SubgroupOrder) - ; -} - -OID DL_GroupParameters_IntegerBased::GetAlgorithmID() const -{ - return ASN1::id_dsa(); -} - -void DL_GroupParameters_GFP::SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const -{ - ModularArithmetic ma(GetModulus()); - ma.SimultaneousExponentiate(results, base, exponents, exponentsCount); -} - -DL_GroupParameters_GFP::Element DL_GroupParameters_GFP::MultiplyElements(const Element &a, const Element &b) const -{ - return a_times_b_mod_c(a, b, GetModulus()); -} - -DL_GroupParameters_GFP::Element DL_GroupParameters_GFP::CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const -{ - ModularArithmetic ma(GetModulus()); - return ma.CascadeExponentiate(element1, exponent1, element2, exponent2); -} - -Integer DL_GroupParameters_IntegerBased::GetMaxExponent() const -{ - return STDMIN(GetSubgroupOrder()-1, Integer::Power2(2*DiscreteLogWorkFactor(GetFieldType()*GetModulus().BitCount()))); -} - -unsigned int DL_GroupParameters_IntegerBased::GetDefaultSubgroupOrderSize(unsigned int modulusSize) const -{ - return 2*DiscreteLogWorkFactor(GetFieldType()*modulusSize); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/gfpcrypt.h b/cryptopp562/gfpcrypt.h deleted file mode 100644 index 7af993f..0000000 --- a/cryptopp562/gfpcrypt.h +++ /dev/null @@ -1,528 +0,0 @@ -#ifndef CRYPTOPP_GFPCRYPT_H -#define CRYPTOPP_GFPCRYPT_H - -/** \file - Implementation of schemes based on DL over GF(p) -*/ - -#include "pubkey.h" -#include "modexppc.h" -#include "sha.h" -#include "algparam.h" -#include "asn.h" -#include "smartptr.h" -#include "hmac.h" - -#include <limits.h> - -NAMESPACE_BEGIN(CryptoPP) - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters<Integer>; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBased : public ASN1CryptoMaterial<DL_GroupParameters<Integer> > -{ - typedef DL_GroupParameters_IntegerBased ThisClass; - -public: - void Initialize(const DL_GroupParameters_IntegerBased ¶ms) - {Initialize(params.GetModulus(), params.GetSubgroupOrder(), params.GetSubgroupGenerator());} - void Initialize(RandomNumberGenerator &rng, unsigned int pbits) - {GenerateRandom(rng, MakeParameters("ModulusSize", (int)pbits));} - void Initialize(const Integer &p, const Integer &g) - {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);} - void Initialize(const Integer &p, const Integer &q, const Integer &g) - {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);} - - // ASN1Object interface - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - // GeneratibleCryptoMaterial interface - /*! parameters: (ModulusSize, SubgroupOrderSize (optional)) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - // DL_GroupParameters - const Integer & GetSubgroupOrder() const {return m_q;} - Integer GetGroupOrder() const {return GetFieldType() == 1 ? GetModulus()-Integer::One() : GetModulus()+Integer::One();} - bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const; - bool ValidateElement(unsigned int level, const Integer &element, const DL_FixedBasePrecomputation<Integer> *precomp) const; - bool FastSubgroupCheckAvailable() const {return GetCofactor() == 2;} - void EncodeElement(bool reversible, const Element &element, byte *encoded) const - {element.Encode(encoded, GetModulus().ByteCount());} - unsigned int GetEncodedElementSize(bool reversible) const {return GetModulus().ByteCount();} - Integer DecodeElement(const byte *encoded, bool checkForGroupMembership) const; - Integer ConvertElementToInteger(const Element &element) const - {return element;} - Integer GetMaxExponent() const; - static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "";} - - OID GetAlgorithmID() const; - - virtual const Integer & GetModulus() const =0; - virtual void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) =0; - - void SetSubgroupOrder(const Integer &q) - {m_q = q; ParametersChanged();} - -protected: - Integer ComputeGroupOrder(const Integer &modulus) const - {return modulus-(GetFieldType() == 1 ? 1 : -1);} - - // GF(p) = 1, GF(p^2) = 2 - virtual int GetFieldType() const =0; - virtual unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const; - -private: - Integer m_q; -}; - -//! _ -template <class GROUP_PRECOMP, class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element> > -class CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBasedImpl : public DL_GroupParametersImpl<GROUP_PRECOMP, BASE_PRECOMP, DL_GroupParameters_IntegerBased> -{ - typedef DL_GroupParameters_IntegerBasedImpl<GROUP_PRECOMP, BASE_PRECOMP> ThisClass; - -public: - typedef typename GROUP_PRECOMP::Element Element; - - // GeneratibleCryptoMaterial interface - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - {return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable();} - - void AssignFrom(const NameValuePairs &source) - {AssignFromHelper<DL_GroupParameters_IntegerBased>(this, source);} - - // DL_GroupParameters - const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return this->m_gpc;} - DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return this->m_gpc;} - - // IntegerGroupParameters - const Integer & GetModulus() const {return this->m_groupPrecomputation.GetModulus();} - const Integer & GetGenerator() const {return this->m_gpc.GetBase(this->GetGroupPrecomputation());} - - void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) // these have to be set together - {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->GetGroupPrecomputation(), g); this->ParametersChanged();} - - // non-inherited - bool operator==(const DL_GroupParameters_IntegerBasedImpl<GROUP_PRECOMP, BASE_PRECOMP> &rhs) const - {return GetModulus() == rhs.GetModulus() && GetGenerator() == rhs.GetGenerator() && this->GetSubgroupOrder() == rhs.GetSubgroupOrder();} - bool operator!=(const DL_GroupParameters_IntegerBasedImpl<GROUP_PRECOMP, BASE_PRECOMP> &rhs) const - {return !operator==(rhs);} -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_IntegerBasedImpl<ModExpPrecomputation>; - -//! GF(p) group parameters -class CRYPTOPP_DLL DL_GroupParameters_GFP : public DL_GroupParameters_IntegerBasedImpl<ModExpPrecomputation> -{ -public: - // DL_GroupParameters - bool IsIdentity(const Integer &element) const {return element == Integer::One();} - void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; - - // NameValuePairs interface - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable(); - } - - // used by MQV - Element MultiplyElements(const Element &a, const Element &b) const; - Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const; - -protected: - int GetFieldType() const {return 1;} -}; - -//! GF(p) group parameters that default to same primes -class CRYPTOPP_DLL DL_GroupParameters_GFP_DefaultSafePrime : public DL_GroupParameters_GFP -{ -public: - typedef NoCofactorMultiplication DefaultCofactorOption; - -protected: - unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;} -}; - -//! GDSA algorithm -template <class T> -class DL_Algorithm_GDSA : public DL_ElgamalLikeSignatureAlgorithm<T> -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "DSA-1363";} - - void Sign(const DL_GroupParameters<T> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const - { - const Integer &q = params.GetSubgroupOrder(); - r %= q; - Integer kInv = k.InverseMod(q); - s = (kInv * (x*r + e)) % q; - assert(!!r && !!s); - } - - bool Verify(const DL_GroupParameters<T> ¶ms, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const - { - const Integer &q = params.GetSubgroupOrder(); - if (r>=q || r<1 || s>=q || s<1) - return false; - - Integer w = s.InverseMod(q); - Integer u1 = (e * w) % q; - Integer u2 = (r * w) % q; - // verify r == (g^u1 * y^u2 mod p) mod q - return r == params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(u1, u2)) % q; - } -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<Integer>; - -//! NR algorithm -template <class T> -class DL_Algorithm_NR : public DL_ElgamalLikeSignatureAlgorithm<T> -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "NR";} - - void Sign(const DL_GroupParameters<T> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const - { - const Integer &q = params.GetSubgroupOrder(); - r = (r + e) % q; - s = (k - x*r) % q; - assert(!!r); - } - - bool Verify(const DL_GroupParameters<T> ¶ms, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const - { - const Integer &q = params.GetSubgroupOrder(); - if (r>=q || r<1 || s>=q) - return false; - - // check r == (m_g^s * m_y^r + m) mod m_q - return r == (params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(s, r)) + e) % q; - } -}; - -/*! DSA public key format is defined in 7.3.3 of RFC 2459. The - private key format is defined in 12.9 of PKCS #11 v2.10. */ -template <class GP> -class DL_PublicKey_GFP : public DL_PublicKeyImpl<GP> -{ -public: - void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &y) - {this->AccessGroupParameters().Initialize(params); this->SetPublicElement(y);} - void Initialize(const Integer &p, const Integer &g, const Integer &y) - {this->AccessGroupParameters().Initialize(p, g); this->SetPublicElement(y);} - void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y) - {this->AccessGroupParameters().Initialize(p, q, g); this->SetPublicElement(y);} - - // X509PublicKey - void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t) - {this->SetPublicElement(Integer(bt));} - void DEREncodePublicKey(BufferedTransformation &bt) const - {this->GetPublicElement().DEREncode(bt);} -}; - -//! DL private key (in GF(p) groups) -template <class GP> -class DL_PrivateKey_GFP : public DL_PrivateKeyImpl<GP> -{ -public: - void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits) - {this->GenerateRandomWithKeySize(rng, modulusBits);} - void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g) - {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupGenerator", g));} - void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g) - {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupOrder", q)("SubgroupGenerator", g));} - void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &x) - {this->AccessGroupParameters().Initialize(params); this->SetPrivateExponent(x);} - void Initialize(const Integer &p, const Integer &g, const Integer &x) - {this->AccessGroupParameters().Initialize(p, g); this->SetPrivateExponent(x);} - void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x) - {this->AccessGroupParameters().Initialize(p, q, g); this->SetPrivateExponent(x);} -}; - -//! DL signing/verification keys (in GF(p) groups) -struct DL_SignatureKeys_GFP -{ - typedef DL_GroupParameters_GFP GroupParameters; - typedef DL_PublicKey_GFP<GroupParameters> PublicKey; - typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey; -}; - -//! DL encryption/decryption keys (in GF(p) groups) -struct DL_CryptoKeys_GFP -{ - typedef DL_GroupParameters_GFP_DefaultSafePrime GroupParameters; - typedef DL_PublicKey_GFP<GroupParameters> PublicKey; - typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey; -}; - -//! provided for backwards compatibility, this class uses the old non-standard Crypto++ key format -template <class BASE> -class DL_PublicKey_GFP_OldFormat : public BASE -{ -public: - void BERDecode(BufferedTransformation &bt) - { - BERSequenceDecoder seq(bt); - Integer v1(seq); - Integer v2(seq); - Integer v3(seq); - - if (seq.EndReached()) - { - this->AccessGroupParameters().Initialize(v1, v1/2, v2); - this->SetPublicElement(v3); - } - else - { - Integer v4(seq); - this->AccessGroupParameters().Initialize(v1, v2, v3); - this->SetPublicElement(v4); - } - - seq.MessageEnd(); - } - - void DEREncode(BufferedTransformation &bt) const - { - DERSequenceEncoder seq(bt); - this->GetGroupParameters().GetModulus().DEREncode(seq); - if (this->GetGroupParameters().GetCofactor() != 2) - this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq); - this->GetGroupParameters().GetGenerator().DEREncode(seq); - this->GetPublicElement().DEREncode(seq); - seq.MessageEnd(); - } -}; - -//! provided for backwards compatibility, this class uses the old non-standard Crypto++ key format -template <class BASE> -class DL_PrivateKey_GFP_OldFormat : public BASE -{ -public: - void BERDecode(BufferedTransformation &bt) - { - BERSequenceDecoder seq(bt); - Integer v1(seq); - Integer v2(seq); - Integer v3(seq); - Integer v4(seq); - - if (seq.EndReached()) - { - this->AccessGroupParameters().Initialize(v1, v1/2, v2); - this->SetPrivateExponent(v4 % (v1/2)); // some old keys may have x >= q - } - else - { - Integer v5(seq); - this->AccessGroupParameters().Initialize(v1, v2, v3); - this->SetPrivateExponent(v5); - } - - seq.MessageEnd(); - } - - void DEREncode(BufferedTransformation &bt) const - { - DERSequenceEncoder seq(bt); - this->GetGroupParameters().GetModulus().DEREncode(seq); - if (this->GetGroupParameters().GetCofactor() != 2) - this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq); - this->GetGroupParameters().GetGenerator().DEREncode(seq); - this->GetGroupParameters().ExponentiateBase(this->GetPrivateExponent()).DEREncode(seq); - this->GetPrivateExponent().DEREncode(seq); - seq.MessageEnd(); - } -}; - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#DSA-1363">DSA-1363</a> -template <class H> -struct GDSA : public DL_SS< - DL_SignatureKeys_GFP, - DL_Algorithm_GDSA<Integer>, - DL_SignatureMessageEncodingMethod_DSA, - H> -{ -}; - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#NR">NR</a> -template <class H> -struct NR : public DL_SS< - DL_SignatureKeys_GFP, - DL_Algorithm_NR<Integer>, - DL_SignatureMessageEncodingMethod_NR, - H> -{ -}; - -//! DSA group parameters, these are GF(p) group parameters that are allowed by the DSA standard -class CRYPTOPP_DLL DL_GroupParameters_DSA : public DL_GroupParameters_GFP -{ -public: - /*! also checks that the lengths of p and q are allowed by the DSA standard */ - bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const; - /*! parameters: (ModulusSize), or (Modulus, SubgroupOrder, SubgroupGenerator) */ - /*! ModulusSize must be between DSA::MIN_PRIME_LENGTH and DSA::MAX_PRIME_LENGTH, and divisible by DSA::PRIME_LENGTH_MULTIPLE */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - - static bool CRYPTOPP_API IsValidPrimeLength(unsigned int pbits) - {return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;} - - enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024}; -}; - -template <class H> -class DSA2; - -//! DSA keys -struct DL_Keys_DSA -{ - typedef DL_PublicKey_GFP<DL_GroupParameters_DSA> PublicKey; - typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, DSA2<SHA> > PrivateKey; -}; - -//! <a href="http://en.wikipedia.org/wiki/Digital_Signature_Algorithm">DSA</a>, as specified in FIPS 186-3 -// class named DSA2 instead of DSA for backwards compatibility (DSA was a non-template class) -template <class H> -class DSA2 : public DL_SS< - DL_Keys_DSA, - DL_Algorithm_GDSA<Integer>, - DL_SignatureMessageEncodingMethod_DSA, - H, - DSA2<H> > -{ -public: - static std::string CRYPTOPP_API StaticAlgorithmName() {return "DSA/" + (std::string)H::StaticAlgorithmName();} -}; - -//! DSA with SHA-1, typedef'd for backwards compatibility -typedef DSA2<SHA> DSA; - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_GFP<DL_GroupParameters_DSA>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_GFP<DL_GroupParameters_DSA>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, DSA2<SHA> >; - -//! the XOR encryption method, for use with DL-based cryptosystems -template <class MAC, bool DHAES_MODE> -class DL_EncryptionAlgorithm_Xor : public DL_SymmetricEncryptionAlgorithm -{ -public: - bool ParameterSupported(const char *name) const {return strcmp(name, Name::EncodingParameters()) == 0;} - size_t GetSymmetricKeyLength(size_t plaintextLength) const - {return plaintextLength + MAC::DEFAULT_KEYLENGTH;} - size_t GetSymmetricCiphertextLength(size_t plaintextLength) const - {return plaintextLength + MAC::DIGESTSIZE;} - size_t GetMaxSymmetricPlaintextLength(size_t ciphertextLength) const - {return (unsigned int)SaturatingSubtract(ciphertextLength, (unsigned int)MAC::DIGESTSIZE);} - void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters) const - { - const byte *cipherKey, *macKey; - if (DHAES_MODE) - { - macKey = key; - cipherKey = key + MAC::DEFAULT_KEYLENGTH; - } - else - { - cipherKey = key; - macKey = key + plaintextLength; - } - - ConstByteArrayParameter encodingParameters; - parameters.GetValue(Name::EncodingParameters(), encodingParameters); - - xorbuf(ciphertext, plaintext, cipherKey, plaintextLength); - MAC mac(macKey); - mac.Update(ciphertext, plaintextLength); - mac.Update(encodingParameters.begin(), encodingParameters.size()); - if (DHAES_MODE) - { - byte L[8] = {0,0,0,0}; - PutWord(false, BIG_ENDIAN_ORDER, L+4, word32(encodingParameters.size())); - mac.Update(L, 8); - } - mac.Final(ciphertext + plaintextLength); - } - DecodingResult SymmetricDecrypt(const byte *key, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const - { - size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength); - const byte *cipherKey, *macKey; - if (DHAES_MODE) - { - macKey = key; - cipherKey = key + MAC::DEFAULT_KEYLENGTH; - } - else - { - cipherKey = key; - macKey = key + plaintextLength; - } - - ConstByteArrayParameter encodingParameters; - parameters.GetValue(Name::EncodingParameters(), encodingParameters); - - MAC mac(macKey); - mac.Update(ciphertext, plaintextLength); - mac.Update(encodingParameters.begin(), encodingParameters.size()); - if (DHAES_MODE) - { - byte L[8] = {0,0,0,0}; - PutWord(false, BIG_ENDIAN_ORDER, L+4, word32(encodingParameters.size())); - mac.Update(L, 8); - } - if (!mac.Verify(ciphertext + plaintextLength)) - return DecodingResult(); - - xorbuf(plaintext, ciphertext, cipherKey, plaintextLength); - return DecodingResult(plaintextLength); - } -}; - -//! _ -template <class T, bool DHAES_MODE, class KDF> -class DL_KeyDerivationAlgorithm_P1363 : public DL_KeyDerivationAlgorithm<T> -{ -public: - bool ParameterSupported(const char *name) const {return strcmp(name, Name::KeyDerivationParameters()) == 0;} - void Derive(const DL_GroupParameters<T> ¶ms, byte *derivedKey, size_t derivedLength, const T &agreedElement, const T &ephemeralPublicKey, const NameValuePairs ¶meters) const - { - SecByteBlock agreedSecret; - if (DHAES_MODE) - { - agreedSecret.New(params.GetEncodedElementSize(true) + params.GetEncodedElementSize(false)); - params.EncodeElement(true, ephemeralPublicKey, agreedSecret); - params.EncodeElement(false, agreedElement, agreedSecret + params.GetEncodedElementSize(true)); - } - else - { - agreedSecret.New(params.GetEncodedElementSize(false)); - params.EncodeElement(false, agreedElement, agreedSecret); - } - - ConstByteArrayParameter derivationParameters; - parameters.GetValue(Name::KeyDerivationParameters(), derivationParameters); - KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.size(), derivationParameters.begin(), derivationParameters.size()); - } -}; - -//! Discrete Log Integrated Encryption Scheme, AKA <a href="http://www.weidai.com/scan-mirror/ca.html#DLIES">DLIES</a> -template <class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true> -struct DLIES - : public DL_ES< - DL_CryptoKeys_GFP, - DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>, - DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<SHA1> >, - DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>, - DLIES<> > -{ - static std::string CRYPTOPP_API StaticAlgorithmName() {return "DLIES";} // TODO: fix this after name is standardized -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/gost.cpp b/cryptopp562/gost.cpp deleted file mode 100644 index bbd8297..0000000 --- a/cryptopp562/gost.cpp +++ /dev/null @@ -1,123 +0,0 @@ -#include "pch.h" -#include "gost.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -// these are the S-boxes given in Applied Cryptography 2nd Ed., p. 333 -const byte GOST::Base::sBox[8][16]={ - {4, 10, 9, 2, 13, 8, 0, 14, 6, 11, 1, 12, 7, 15, 5, 3}, - {14, 11, 4, 12, 6, 13, 15, 10, 2, 3, 8, 1, 0, 7, 5, 9}, - {5, 8, 1, 13, 10, 3, 4, 2, 14, 15, 12, 7, 6, 0, 9, 11}, - {7, 13, 10, 1, 0, 8, 9, 15, 14, 4, 6, 12, 11, 2, 5, 3}, - {6, 12, 7, 1, 5, 15, 13, 8, 4, 10, 9, 14, 0, 3, 11, 2}, - {4, 11, 10, 0, 7, 2, 1, 13, 3, 6, 8, 5, 9, 12, 15, 14}, - {13, 11, 4, 1, 3, 15, 5, 9, 0, 10, 14, 7, 6, 8, 2, 12}, - {1, 15, 13, 0, 5, 7, 10, 4, 9, 2, 3, 14, 6, 11, 8, 12}}; - -/* // these are the S-boxes given in the GOST source code listing in Applied - // Cryptography 2nd Ed., p. 644. they appear to be from the DES S-boxes - {13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 }, - { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 }, - {12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 }, - { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 }, - { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 }, - {10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 }, - {15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 }, - {14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 }}; -*/ - -volatile bool GOST::Base::sTableCalculated = false; -word32 GOST::Base::sTable[4][256]; - -void GOST::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - PrecalculateSTable(); - - GetUserKey(LITTLE_ENDIAN_ORDER, key.begin(), 8, userKey, KEYLENGTH); -} - -void GOST::Base::PrecalculateSTable() -{ - if (!sTableCalculated) - { - for (unsigned i = 0; i < 4; i++) - for (unsigned j = 0; j < 256; j++) - { - word32 temp = sBox[2*i][j%16] | (sBox[2*i+1][j/16] << 4); - sTable[i][j] = rotlMod(temp, 11+8*i); - } - - sTableCalculated=true; - } -} - -#define f(x) ( t=x, \ - sTable[3][GETBYTE(t, 3)] ^ sTable[2][GETBYTE(t, 2)] \ - ^ sTable[1][GETBYTE(t, 1)] ^ sTable[0][GETBYTE(t, 0)] ) - -typedef BlockGetAndPut<word32, LittleEndian> Block; - -void GOST::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 n1, n2, t; - - Block::Get(inBlock)(n1)(n2); - - for (unsigned int i=0; i<3; i++) - { - n2 ^= f(n1+key[0]); - n1 ^= f(n2+key[1]); - n2 ^= f(n1+key[2]); - n1 ^= f(n2+key[3]); - n2 ^= f(n1+key[4]); - n1 ^= f(n2+key[5]); - n2 ^= f(n1+key[6]); - n1 ^= f(n2+key[7]); - } - - n2 ^= f(n1+key[7]); - n1 ^= f(n2+key[6]); - n2 ^= f(n1+key[5]); - n1 ^= f(n2+key[4]); - n2 ^= f(n1+key[3]); - n1 ^= f(n2+key[2]); - n2 ^= f(n1+key[1]); - n1 ^= f(n2+key[0]); - - Block::Put(xorBlock, outBlock)(n2)(n1); -} - -void GOST::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 n1, n2, t; - - Block::Get(inBlock)(n1)(n2); - - n2 ^= f(n1+key[0]); - n1 ^= f(n2+key[1]); - n2 ^= f(n1+key[2]); - n1 ^= f(n2+key[3]); - n2 ^= f(n1+key[4]); - n1 ^= f(n2+key[5]); - n2 ^= f(n1+key[6]); - n1 ^= f(n2+key[7]); - - for (unsigned int i=0; i<3; i++) - { - n2 ^= f(n1+key[7]); - n1 ^= f(n2+key[6]); - n2 ^= f(n1+key[5]); - n1 ^= f(n2+key[4]); - n2 ^= f(n1+key[3]); - n1 ^= f(n2+key[2]); - n2 ^= f(n1+key[1]); - n1 ^= f(n2+key[0]); - } - - Block::Put(xorBlock, outBlock)(n2)(n1); -} - -NAMESPACE_END diff --git a/cryptopp562/gost.h b/cryptopp562/gost.h deleted file mode 100644 index e6fe469..0000000 --- a/cryptopp562/gost.h +++ /dev/null @@ -1,58 +0,0 @@ -#ifndef CRYPTOPP_GOST_H -#define CRYPTOPP_GOST_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct GOST_Info : public FixedBlockSize<8>, public FixedKeyLength<32> -{ - static const char *StaticAlgorithmName() {return "GOST";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#GOST">GOST</a> -class GOST : public GOST_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<GOST_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - static void PrecalculateSTable(); - - static const byte sBox[8][16]; - static volatile bool sTableCalculated; - static word32 sTable[4][256]; - - FixedSizeSecBlock<word32, 8> key; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef GOST::Encryption GOSTEncryption; -typedef GOST::Decryption GOSTDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/gzip.cpp b/cryptopp562/gzip.cpp deleted file mode 100644 index 09e420a..0000000 --- a/cryptopp562/gzip.cpp +++ /dev/null @@ -1,99 +0,0 @@ -// gzip.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "gzip.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Gzip::WritePrestreamHeader() -{ - m_totalLen = 0; - m_crc.Restart(); - - AttachedTransformation()->Put(MAGIC1); - AttachedTransformation()->Put(MAGIC2); - AttachedTransformation()->Put(DEFLATED); - AttachedTransformation()->Put(0); // general flag - AttachedTransformation()->PutWord32(0); // time stamp - byte extra = (GetDeflateLevel() == 1) ? FAST : ((GetDeflateLevel() == 9) ? SLOW : 0); - AttachedTransformation()->Put(extra); - AttachedTransformation()->Put(GZIP_OS_CODE); -} - -void Gzip::ProcessUncompressedData(const byte *inString, size_t length) -{ - m_crc.Update(inString, length); - m_totalLen += (word32)length; -} - -void Gzip::WritePoststreamTail() -{ - SecByteBlock crc(4); - m_crc.Final(crc); - AttachedTransformation()->Put(crc, 4); - AttachedTransformation()->PutWord32(m_totalLen, LITTLE_ENDIAN_ORDER); -} - -// ************************************************************* - -Gunzip::Gunzip(BufferedTransformation *attachment, bool repeat, int propagation) - : Inflator(attachment, repeat, propagation) -{ -} - -void Gunzip::ProcessPrestreamHeader() -{ - m_length = 0; - m_crc.Restart(); - - byte buf[6]; - byte b, flags; - - if (m_inQueue.Get(buf, 2)!=2) throw HeaderErr(); - if (buf[0] != MAGIC1 || buf[1] != MAGIC2) throw HeaderErr(); - if (!m_inQueue.Skip(1)) throw HeaderErr(); // skip extra flags - if (!m_inQueue.Get(flags)) throw HeaderErr(); - if (flags & (ENCRYPTED | CONTINUED)) throw HeaderErr(); - if (m_inQueue.Skip(6)!=6) throw HeaderErr(); // Skip file time, extra flags and OS type - - if (flags & EXTRA_FIELDS) // skip extra fields - { - word16 length; - if (m_inQueue.GetWord16(length, LITTLE_ENDIAN_ORDER) != 2) throw HeaderErr(); - if (m_inQueue.Skip(length)!=length) throw HeaderErr(); - } - - if (flags & FILENAME) // skip filename - do - if(!m_inQueue.Get(b)) throw HeaderErr(); - while (b); - - if (flags & COMMENTS) // skip comments - do - if(!m_inQueue.Get(b)) throw HeaderErr(); - while (b); -} - -void Gunzip::ProcessDecompressedData(const byte *inString, size_t length) -{ - AttachedTransformation()->Put(inString, length); - m_crc.Update(inString, length); - m_length += (word32)length; -} - -void Gunzip::ProcessPoststreamTail() -{ - SecByteBlock crc(4); - if (m_inQueue.Get(crc, 4) != 4) - throw TailErr(); - if (!m_crc.Verify(crc)) - throw CrcErr(); - - word32 lengthCheck; - if (m_inQueue.GetWord32(lengthCheck, LITTLE_ENDIAN_ORDER) != 4) - throw TailErr(); - if (lengthCheck != m_length) - throw LengthErr(); -} - -NAMESPACE_END diff --git a/cryptopp562/gzip.h b/cryptopp562/gzip.h deleted file mode 100644 index f3148ad..0000000 --- a/cryptopp562/gzip.h +++ /dev/null @@ -1,65 +0,0 @@ -#ifndef CRYPTOPP_GZIP_H -#define CRYPTOPP_GZIP_H - -#include "zdeflate.h" -#include "zinflate.h" -#include "crc.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// GZIP Compression (RFC 1952) -class Gzip : public Deflator -{ -public: - Gzip(BufferedTransformation *attachment=NULL, unsigned int deflateLevel=DEFAULT_DEFLATE_LEVEL, unsigned int log2WindowSize=DEFAULT_LOG2_WINDOW_SIZE, bool detectUncompressible=true) - : Deflator(attachment, deflateLevel, log2WindowSize, detectUncompressible) {} - Gzip(const NameValuePairs ¶meters, BufferedTransformation *attachment=NULL) - : Deflator(parameters, attachment) {} - -protected: - enum {MAGIC1=0x1f, MAGIC2=0x8b, // flags for the header - DEFLATED=8, FAST=4, SLOW=2}; - - void WritePrestreamHeader(); - void ProcessUncompressedData(const byte *string, size_t length); - void WritePoststreamTail(); - - word32 m_totalLen; - CRC32 m_crc; -}; - -/// GZIP Decompression (RFC 1952) -class Gunzip : public Inflator -{ -public: - typedef Inflator::Err Err; - class HeaderErr : public Err {public: HeaderErr() : Err(INVALID_DATA_FORMAT, "Gunzip: header decoding error") {}}; - class TailErr : public Err {public: TailErr() : Err(INVALID_DATA_FORMAT, "Gunzip: tail too short") {}}; - class CrcErr : public Err {public: CrcErr() : Err(DATA_INTEGRITY_CHECK_FAILED, "Gunzip: CRC check error") {}}; - class LengthErr : public Err {public: LengthErr() : Err(DATA_INTEGRITY_CHECK_FAILED, "Gunzip: length check error") {}}; - - /*! \param repeat decompress multiple compressed streams in series - \param autoSignalPropagation 0 to turn off MessageEnd signal - */ - Gunzip(BufferedTransformation *attachment = NULL, bool repeat = false, int autoSignalPropagation = -1); - -protected: - enum {MAGIC1=0x1f, MAGIC2=0x8b, // flags for the header - DEFLATED=8}; - - enum FLAG_MASKS { - CONTINUED=2, EXTRA_FIELDS=4, FILENAME=8, COMMENTS=16, ENCRYPTED=32}; - - unsigned int MaxPrestreamHeaderSize() const {return 1024;} - void ProcessPrestreamHeader(); - void ProcessDecompressedData(const byte *string, size_t length); - unsigned int MaxPoststreamTailSize() const {return 8;} - void ProcessPoststreamTail(); - - word32 m_length; - CRC32 m_crc; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/hex.cpp b/cryptopp562/hex.cpp deleted file mode 100644 index 5731df5..0000000 --- a/cryptopp562/hex.cpp +++ /dev/null @@ -1,44 +0,0 @@ -// hex.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "hex.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const byte s_vecUpper[] = "0123456789ABCDEF"; -static const byte s_vecLower[] = "0123456789abcdef"; - -void HexEncoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - bool uppercase = parameters.GetValueWithDefault(Name::Uppercase(), true); - m_filter->Initialize(CombinedNameValuePairs( - parameters, - MakeParameters(Name::EncodingLookupArray(), uppercase ? &s_vecUpper[0] : &s_vecLower[0], false)(Name::Log2Base(), 4, true))); -} - -void HexDecoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - BaseN_Decoder::IsolatedInitialize(CombinedNameValuePairs( - parameters, - MakeParameters(Name::DecodingLookupArray(), GetDefaultDecodingLookupArray(), false)(Name::Log2Base(), 4, true))); -} - -const int *HexDecoder::GetDefaultDecodingLookupArray() -{ - static volatile bool s_initialized = false; - static int s_array[256]; - - if (!s_initialized) - { - InitializeDecodingLookupArray(s_array, s_vecUpper, 16, true); - s_initialized = true; - } - return s_array; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/hex.h b/cryptopp562/hex.h deleted file mode 100644 index 006914c..0000000 --- a/cryptopp562/hex.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef CRYPTOPP_HEX_H -#define CRYPTOPP_HEX_H - -#include "basecode.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Converts given data to base 16 -class CRYPTOPP_DLL HexEncoder : public SimpleProxyFilter -{ -public: - HexEncoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int outputGroupSize = 0, const std::string &separator = ":", const std::string &terminator = "") - : SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment) - { - IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), outputGroupSize)(Name::Separator(), ConstByteArrayParameter(separator))(Name::Terminator(), ConstByteArrayParameter(terminator))); - } - - void IsolatedInitialize(const NameValuePairs ¶meters); -}; - -//! Decode base 16 data back to bytes -class CRYPTOPP_DLL HexDecoder : public BaseN_Decoder -{ -public: - HexDecoder(BufferedTransformation *attachment = NULL) - : BaseN_Decoder(GetDefaultDecodingLookupArray(), 4, attachment) {} - - void IsolatedInitialize(const NameValuePairs ¶meters); - -private: - static const int * CRYPTOPP_API GetDefaultDecodingLookupArray(); -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/hmac.cpp b/cryptopp562/hmac.cpp deleted file mode 100644 index d4a649c..0000000 --- a/cryptopp562/hmac.cpp +++ /dev/null @@ -1,86 +0,0 @@ -// hmac.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "hmac.h" - -NAMESPACE_BEGIN(CryptoPP) - -void HMAC_Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &) -{ - AssertValidKeyLength(keylength); - - Restart(); - - HashTransformation &hash = AccessHash(); - unsigned int blockSize = hash.BlockSize(); - - if (!blockSize) - throw InvalidArgument("HMAC: can only be used with a block-based hash function"); - - m_buf.resize(2*AccessHash().BlockSize() + AccessHash().DigestSize()); - - if (keylength <= blockSize) - memcpy(AccessIpad(), userKey, keylength); - else - { - AccessHash().CalculateDigest(AccessIpad(), userKey, keylength); - keylength = hash.DigestSize(); - } - - assert(keylength <= blockSize); - memset(AccessIpad()+keylength, 0, blockSize-keylength); - - for (unsigned int i=0; i<blockSize; i++) - { - AccessOpad()[i] = AccessIpad()[i] ^ 0x5c; - AccessIpad()[i] ^= 0x36; - } -} - -void HMAC_Base::KeyInnerHash() -{ - assert(!m_innerHashKeyed); - HashTransformation &hash = AccessHash(); - hash.Update(AccessIpad(), hash.BlockSize()); - m_innerHashKeyed = true; -} - -void HMAC_Base::Restart() -{ - if (m_innerHashKeyed) - { - AccessHash().Restart(); - m_innerHashKeyed = false; - } -} - -void HMAC_Base::Update(const byte *input, size_t length) -{ - if (!m_innerHashKeyed) - KeyInnerHash(); - AccessHash().Update(input, length); -} - -void HMAC_Base::TruncatedFinal(byte *mac, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - HashTransformation &hash = AccessHash(); - - if (!m_innerHashKeyed) - KeyInnerHash(); - hash.Final(AccessInnerHash()); - - hash.Update(AccessOpad(), hash.BlockSize()); - hash.Update(AccessInnerHash(), hash.DigestSize()); - hash.TruncatedFinal(mac, size); - - m_innerHashKeyed = false; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/hmac.h b/cryptopp562/hmac.h deleted file mode 100644 index 62db5ef..0000000 --- a/cryptopp562/hmac.h +++ /dev/null @@ -1,61 +0,0 @@ -// hmac.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_HMAC_H -#define CRYPTOPP_HMAC_H - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE HMAC_Base : public VariableKeyLength<16, 0, INT_MAX>, public MessageAuthenticationCode -{ -public: - HMAC_Base() : m_innerHashKeyed(false) {} - void UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms); - - void Restart(); - void Update(const byte *input, size_t length); - void TruncatedFinal(byte *mac, size_t size); - unsigned int OptimalBlockSize() const {return const_cast<HMAC_Base*>(this)->AccessHash().OptimalBlockSize();} - unsigned int DigestSize() const {return const_cast<HMAC_Base*>(this)->AccessHash().DigestSize();} - -protected: - virtual HashTransformation & AccessHash() =0; - byte * AccessIpad() {return m_buf;} - byte * AccessOpad() {return m_buf + AccessHash().BlockSize();} - byte * AccessInnerHash() {return m_buf + 2*AccessHash().BlockSize();} - -private: - void KeyInnerHash(); - - SecByteBlock m_buf; - bool m_innerHashKeyed; -}; - -//! <a href="http://www.weidai.com/scan-mirror/mac.html#HMAC">HMAC</a> -/*! HMAC(K, text) = H(K XOR opad, H(K XOR ipad, text)) */ -template <class T> -class HMAC : public MessageAuthenticationCodeImpl<HMAC_Base, HMAC<T> > -{ -public: - CRYPTOPP_CONSTANT(DIGESTSIZE=T::DIGESTSIZE) - CRYPTOPP_CONSTANT(BLOCKSIZE=T::BLOCKSIZE) - - HMAC() {} - HMAC(const byte *key, size_t length=HMAC_Base::DEFAULT_KEYLENGTH) - {this->SetKey(key, length);} - - static std::string StaticAlgorithmName() {return std::string("HMAC(") + T::StaticAlgorithmName() + ")";} - std::string AlgorithmName() const {return std::string("HMAC(") + m_hash.AlgorithmName() + ")";} - -private: - HashTransformation & AccessHash() {return m_hash;} - - T m_hash; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/hrtimer.cpp b/cryptopp562/hrtimer.cpp deleted file mode 100644 index 906ec4a..0000000 --- a/cryptopp562/hrtimer.cpp +++ /dev/null @@ -1,139 +0,0 @@ -// hrtimer.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "hrtimer.h" -#include "misc.h" -#include <stddef.h> // for NULL -#include <time.h> - -#if defined(CRYPTOPP_WIN32_AVAILABLE) -#include <windows.h> -#elif defined(CRYPTOPP_UNIX_AVAILABLE) -#include <sys/time.h> -#include <sys/times.h> -#include <unistd.h> -#endif - -#include <assert.h> - -NAMESPACE_BEGIN(CryptoPP) - -#ifndef CRYPTOPP_IMPORTS - -double TimerBase::ConvertTo(TimerWord t, Unit unit) -{ - static unsigned long unitsPerSecondTable[] = {1, 1000, 1000*1000, 1000*1000*1000}; - - assert(unit < sizeof(unitsPerSecondTable) / sizeof(unitsPerSecondTable[0])); - return (double)CRYPTOPP_VC6_INT64 t * unitsPerSecondTable[unit] / CRYPTOPP_VC6_INT64 TicksPerSecond(); -} - -void TimerBase::StartTimer() -{ - m_last = m_start = GetCurrentTimerValue(); - m_started = true; -} - -double TimerBase::ElapsedTimeAsDouble() -{ - if (m_stuckAtZero) - return 0; - - if (m_started) - { - TimerWord now = GetCurrentTimerValue(); - if (m_last < now) // protect against OS bugs where time goes backwards - m_last = now; - return ConvertTo(m_last - m_start, m_timerUnit); - } - - StartTimer(); - return 0; -} - -unsigned long TimerBase::ElapsedTime() -{ - double elapsed = ElapsedTimeAsDouble(); - assert(elapsed <= ULONG_MAX); - return (unsigned long)elapsed; -} - -TimerWord Timer::GetCurrentTimerValue() -{ -#if defined(CRYPTOPP_WIN32_AVAILABLE) - LARGE_INTEGER now; - if (!QueryPerformanceCounter(&now)) - throw Exception(Exception::OTHER_ERROR, "Timer: QueryPerformanceCounter failed with error " + IntToString(GetLastError())); - return now.QuadPart; -#elif defined(CRYPTOPP_UNIX_AVAILABLE) - timeval now; - gettimeofday(&now, NULL); - return (TimerWord)now.tv_sec * 1000000 + now.tv_usec; -#else - clock_t now; - return clock(); -#endif -} - -TimerWord Timer::TicksPerSecond() -{ -#if defined(CRYPTOPP_WIN32_AVAILABLE) - static LARGE_INTEGER freq = {0}; - if (freq.QuadPart == 0) - { - if (!QueryPerformanceFrequency(&freq)) - throw Exception(Exception::OTHER_ERROR, "Timer: QueryPerformanceFrequency failed with error " + IntToString(GetLastError())); - } - return freq.QuadPart; -#elif defined(CRYPTOPP_UNIX_AVAILABLE) - return 1000000; -#else - return CLOCKS_PER_SEC; -#endif -} - -#endif // #ifndef CRYPTOPP_IMPORTS - -TimerWord ThreadUserTimer::GetCurrentTimerValue() -{ -#if defined(CRYPTOPP_WIN32_AVAILABLE) - static bool getCurrentThreadImplemented = true; - if (getCurrentThreadImplemented) - { - FILETIME now, ignored; - if (!GetThreadTimes(GetCurrentThread(), &ignored, &ignored, &ignored, &now)) - { - DWORD lastError = GetLastError(); - if (lastError == ERROR_CALL_NOT_IMPLEMENTED) - { - getCurrentThreadImplemented = false; - goto GetCurrentThreadNotImplemented; - } - throw Exception(Exception::OTHER_ERROR, "ThreadUserTimer: GetThreadTimes failed with error " + IntToString(lastError)); - } - return now.dwLowDateTime + ((TimerWord)now.dwHighDateTime << 32); - } -GetCurrentThreadNotImplemented: - return (TimerWord)clock() * (10*1000*1000 / CLOCKS_PER_SEC); -#elif defined(CRYPTOPP_UNIX_AVAILABLE) - tms now; - times(&now); - return now.tms_utime; -#else - return clock(); -#endif -} - -TimerWord ThreadUserTimer::TicksPerSecond() -{ -#if defined(CRYPTOPP_WIN32_AVAILABLE) - return 10*1000*1000; -#elif defined(CRYPTOPP_UNIX_AVAILABLE) - static const long ticksPerSecond = sysconf(_SC_CLK_TCK); - return ticksPerSecond; -#else - return CLOCKS_PER_SEC; -#endif -} - -NAMESPACE_END diff --git a/cryptopp562/hrtimer.h b/cryptopp562/hrtimer.h deleted file mode 100644 index 858dbd2..0000000 --- a/cryptopp562/hrtimer.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifndef CRYPTOPP_HRTIMER_H -#define CRYPTOPP_HRTIMER_H - -#include "config.h" -#ifndef HIGHRES_TIMER_AVAILABLE -#include <time.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef HIGHRES_TIMER_AVAILABLE - typedef word64 TimerWord; -#else - typedef clock_t TimerWord; -#endif - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TimerBase -{ -public: - enum Unit {SECONDS = 0, MILLISECONDS, MICROSECONDS, NANOSECONDS}; - TimerBase(Unit unit, bool stuckAtZero) : m_timerUnit(unit), m_stuckAtZero(stuckAtZero), m_started(false) {} - - virtual TimerWord GetCurrentTimerValue() =0; // GetCurrentTime is a macro in MSVC 6.0 - virtual TimerWord TicksPerSecond() =0; // this is not the resolution, just a conversion factor into seconds - - void StartTimer(); - double ElapsedTimeAsDouble(); - unsigned long ElapsedTime(); - -private: - double ConvertTo(TimerWord t, Unit unit); - - Unit m_timerUnit; // HPUX workaround: m_unit is a system macro on HPUX - bool m_stuckAtZero, m_started; - TimerWord m_start, m_last; -}; - -//! measure CPU time spent executing instructions of this thread (if supported by OS) -/*! /note This only works correctly on Windows NT or later. On Unix it reports process time, and others wall clock time. -*/ -class ThreadUserTimer : public TimerBase -{ -public: - ThreadUserTimer(Unit unit = TimerBase::SECONDS, bool stuckAtZero = false) : TimerBase(unit, stuckAtZero) {} - TimerWord GetCurrentTimerValue(); - TimerWord TicksPerSecond(); -}; - -//! high resolution timer -class CRYPTOPP_DLL Timer : public TimerBase -{ -public: - Timer(Unit unit = TimerBase::SECONDS, bool stuckAtZero = false) : TimerBase(unit, stuckAtZero) {} - TimerWord GetCurrentTimerValue(); - TimerWord TicksPerSecond(); -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ida.cpp b/cryptopp562/ida.cpp deleted file mode 100644 index 5cb43b2..0000000 --- a/cryptopp562/ida.cpp +++ /dev/null @@ -1,421 +0,0 @@ -// ida.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "ida.h" - -#include "algebra.h" -#include "gf2_32.h" -#include "polynomi.h" -#include <functional> - -#include "polynomi.cpp" - -ANONYMOUS_NAMESPACE_BEGIN -static const CryptoPP::GF2_32 field; -NAMESPACE_END - -using namespace std; - -NAMESPACE_BEGIN(CryptoPP) - -void RawIDA::IsolatedInitialize(const NameValuePairs ¶meters) -{ - if (!parameters.GetIntValue("RecoveryThreshold", m_threshold)) - throw InvalidArgument("RawIDA: missing RecoveryThreshold argument"); - - if (m_threshold <= 0) - throw InvalidArgument("RawIDA: RecoveryThreshold must be greater than 0"); - - m_lastMapPosition = m_inputChannelMap.end(); - m_channelsReady = 0; - m_channelsFinished = 0; - m_w.New(m_threshold); - m_y.New(m_threshold); - m_inputQueues.reserve(m_threshold); - - m_outputChannelIds.clear(); - m_outputChannelIdStrings.clear(); - m_outputQueues.clear(); - - word32 outputChannelID; - if (parameters.GetValue("OutputChannelID", outputChannelID)) - AddOutputChannel(outputChannelID); - else - { - int nShares = parameters.GetIntValueWithDefault("NumberOfShares", m_threshold); - for (int i=0; i<nShares; i++) - AddOutputChannel(i); - } -} - -unsigned int RawIDA::InsertInputChannel(word32 channelId) -{ - if (m_lastMapPosition != m_inputChannelMap.end()) - { - if (m_lastMapPosition->first == channelId) - goto skipFind; - ++m_lastMapPosition; - if (m_lastMapPosition != m_inputChannelMap.end() && m_lastMapPosition->first == channelId) - goto skipFind; - } - m_lastMapPosition = m_inputChannelMap.find(channelId); - -skipFind: - if (m_lastMapPosition == m_inputChannelMap.end()) - { - if (m_inputChannelIds.size() == m_threshold) - return m_threshold; - - m_lastMapPosition = m_inputChannelMap.insert(InputChannelMap::value_type(channelId, (unsigned int)m_inputChannelIds.size())).first; - m_inputQueues.push_back(MessageQueue()); - m_inputChannelIds.push_back(channelId); - - if (m_inputChannelIds.size() == m_threshold) - PrepareInterpolation(); - } - return m_lastMapPosition->second; -} - -unsigned int RawIDA::LookupInputChannel(word32 channelId) const -{ - map<word32, unsigned int>::const_iterator it = m_inputChannelMap.find(channelId); - if (it == m_inputChannelMap.end()) - return m_threshold; - else - return it->second; -} - -void RawIDA::ChannelData(word32 channelId, const byte *inString, size_t length, bool messageEnd) -{ - int i = InsertInputChannel(channelId); - if (i < m_threshold) - { - lword size = m_inputQueues[i].MaxRetrievable(); - m_inputQueues[i].Put(inString, length); - if (size < 4 && size + length >= 4) - { - m_channelsReady++; - if (m_channelsReady == m_threshold) - ProcessInputQueues(); - } - - if (messageEnd) - { - m_inputQueues[i].MessageEnd(); - if (m_inputQueues[i].NumberOfMessages() == 1) - { - m_channelsFinished++; - if (m_channelsFinished == m_threshold) - { - m_channelsReady = 0; - for (i=0; i<m_threshold; i++) - m_channelsReady += m_inputQueues[i].AnyRetrievable(); - ProcessInputQueues(); - } - } - } - } -} - -lword RawIDA::InputBuffered(word32 channelId) const -{ - int i = LookupInputChannel(channelId); - return i < m_threshold ? m_inputQueues[i].MaxRetrievable() : 0; -} - -void RawIDA::ComputeV(unsigned int i) -{ - if (i >= m_v.size()) - { - m_v.resize(i+1); - m_outputToInput.resize(i+1); - } - - m_outputToInput[i] = LookupInputChannel(m_outputChannelIds[i]); - if (m_outputToInput[i] == m_threshold && i * m_threshold <= 1000*1000) - { - m_v[i].resize(m_threshold); - PrepareBulkPolynomialInterpolationAt(field, m_v[i].begin(), m_outputChannelIds[i], &(m_inputChannelIds[0]), m_w.begin(), m_threshold); - } -} - -void RawIDA::AddOutputChannel(word32 channelId) -{ - m_outputChannelIds.push_back(channelId); - m_outputChannelIdStrings.push_back(WordToString(channelId)); - m_outputQueues.push_back(ByteQueue()); - if (m_inputChannelIds.size() == m_threshold) - ComputeV((unsigned int)m_outputChannelIds.size() - 1); -} - -void RawIDA::PrepareInterpolation() -{ - assert(m_inputChannelIds.size() == m_threshold); - PrepareBulkPolynomialInterpolation(field, m_w.begin(), &(m_inputChannelIds[0]), m_threshold); - for (unsigned int i=0; i<m_outputChannelIds.size(); i++) - ComputeV(i); -} - -void RawIDA::ProcessInputQueues() -{ - bool finished = (m_channelsFinished == m_threshold); - int i; - - while (finished ? m_channelsReady > 0 : m_channelsReady == m_threshold) - { - m_channelsReady = 0; - for (i=0; i<m_threshold; i++) - { - MessageQueue &queue = m_inputQueues[i]; - queue.GetWord32(m_y[i]); - - if (finished) - m_channelsReady += queue.AnyRetrievable(); - else - m_channelsReady += queue.NumberOfMessages() > 0 || queue.MaxRetrievable() >= 4; - } - - for (i=0; (unsigned int)i<m_outputChannelIds.size(); i++) - { - if (m_outputToInput[i] != m_threshold) - m_outputQueues[i].PutWord32(m_y[m_outputToInput[i]]); - else if (m_v[i].size() == m_threshold) - m_outputQueues[i].PutWord32(BulkPolynomialInterpolateAt(field, m_y.begin(), m_v[i].begin(), m_threshold)); - else - { - m_u.resize(m_threshold); - PrepareBulkPolynomialInterpolationAt(field, m_u.begin(), m_outputChannelIds[i], &(m_inputChannelIds[0]), m_w.begin(), m_threshold); - m_outputQueues[i].PutWord32(BulkPolynomialInterpolateAt(field, m_y.begin(), m_u.begin(), m_threshold)); - } - } - } - - if (m_outputChannelIds.size() > 0 && m_outputQueues[0].AnyRetrievable()) - FlushOutputQueues(); - - if (finished) - { - OutputMessageEnds(); - - m_channelsReady = 0; - m_channelsFinished = 0; - m_v.clear(); - - vector<MessageQueue> inputQueues; - vector<word32> inputChannelIds; - - inputQueues.swap(m_inputQueues); - inputChannelIds.swap(m_inputChannelIds); - m_inputChannelMap.clear(); - m_lastMapPosition = m_inputChannelMap.end(); - - for (i=0; i<m_threshold; i++) - { - inputQueues[i].GetNextMessage(); - inputQueues[i].TransferAllTo(*AttachedTransformation(), WordToString(inputChannelIds[i])); - } - } -} - -void RawIDA::FlushOutputQueues() -{ - for (unsigned int i=0; i<m_outputChannelIds.size(); i++) - m_outputQueues[i].TransferAllTo(*AttachedTransformation(), m_outputChannelIdStrings[i]); -} - -void RawIDA::OutputMessageEnds() -{ - if (GetAutoSignalPropagation() != 0) - { - for (unsigned int i=0; i<m_outputChannelIds.size(); i++) - AttachedTransformation()->ChannelMessageEnd(m_outputChannelIdStrings[i], GetAutoSignalPropagation()-1); - } -} - -// **************************************************************** - -void SecretSharing::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_pad = parameters.GetValueWithDefault("AddPadding", true); - m_ida.IsolatedInitialize(parameters); -} - -size_t SecretSharing::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("SecretSharing"); - - SecByteBlock buf(UnsignedMin(256, length)); - unsigned int threshold = m_ida.GetThreshold(); - while (length > 0) - { - size_t len = STDMIN(length, buf.size()); - m_ida.ChannelData(0xffffffff, begin, len, false); - for (unsigned int i=0; i<threshold-1; i++) - { - m_rng.GenerateBlock(buf, len); - m_ida.ChannelData(i, buf, len, false); - } - length -= len; - begin += len; - } - - if (messageEnd) - { - m_ida.SetAutoSignalPropagation(messageEnd-1); - if (m_pad) - { - SecretSharing::Put(1); - while (m_ida.InputBuffered(0xffffffff) > 0) - SecretSharing::Put(0); - } - m_ida.ChannelData(0xffffffff, NULL, 0, true); - for (unsigned int i=0; i<m_ida.GetThreshold()-1; i++) - m_ida.ChannelData(i, NULL, 0, true); - } - - return 0; -} - -void SecretRecovery::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_pad = parameters.GetValueWithDefault("RemovePadding", true); - RawIDA::IsolatedInitialize(CombinedNameValuePairs(parameters, MakeParameters("OutputChannelID", (word32)0xffffffff))); -} - -void SecretRecovery::FlushOutputQueues() -{ - if (m_pad) - m_outputQueues[0].TransferTo(*AttachedTransformation(), m_outputQueues[0].MaxRetrievable()-4); - else - m_outputQueues[0].TransferTo(*AttachedTransformation()); -} - -void SecretRecovery::OutputMessageEnds() -{ - if (m_pad) - { - PaddingRemover paddingRemover(new Redirector(*AttachedTransformation())); - m_outputQueues[0].TransferAllTo(paddingRemover); - } - - if (GetAutoSignalPropagation() != 0) - AttachedTransformation()->MessageEnd(GetAutoSignalPropagation()-1); -} - -// **************************************************************** - -void InformationDispersal::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_nextChannel = 0; - m_pad = parameters.GetValueWithDefault("AddPadding", true); - m_ida.IsolatedInitialize(parameters); -} - -size_t InformationDispersal::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("InformationDispersal"); - - while (length--) - { - m_ida.ChannelData(m_nextChannel, begin, 1, false); - begin++; - m_nextChannel++; - if (m_nextChannel == m_ida.GetThreshold()) - m_nextChannel = 0; - } - - if (messageEnd) - { - m_ida.SetAutoSignalPropagation(messageEnd-1); - if (m_pad) - InformationDispersal::Put(1); - for (word32 i=0; i<m_ida.GetThreshold(); i++) - m_ida.ChannelData(i, NULL, 0, true); - } - - return 0; -} - -void InformationRecovery::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_pad = parameters.GetValueWithDefault("RemovePadding", true); - RawIDA::IsolatedInitialize(parameters); -} - -void InformationRecovery::FlushOutputQueues() -{ - while (m_outputQueues[0].AnyRetrievable()) - { - for (unsigned int i=0; i<m_outputChannelIds.size(); i++) - m_outputQueues[i].TransferTo(m_queue, 1); - } - - if (m_pad) - m_queue.TransferTo(*AttachedTransformation(), m_queue.MaxRetrievable()-4*m_threshold); - else - m_queue.TransferTo(*AttachedTransformation()); -} - -void InformationRecovery::OutputMessageEnds() -{ - if (m_pad) - { - PaddingRemover paddingRemover(new Redirector(*AttachedTransformation())); - m_queue.TransferAllTo(paddingRemover); - } - - if (GetAutoSignalPropagation() != 0) - AttachedTransformation()->MessageEnd(GetAutoSignalPropagation()-1); -} - -size_t PaddingRemover::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("PaddingRemover"); - - const byte *const end = begin + length; - - if (m_possiblePadding) - { - size_t len = find_if(begin, end, bind2nd(not_equal_to<byte>(), 0)) - begin; - m_zeroCount += len; - begin += len; - if (begin == end) - return 0; - - AttachedTransformation()->Put(1); - while (m_zeroCount--) - AttachedTransformation()->Put(0); - AttachedTransformation()->Put(*begin++); - m_possiblePadding = false; - } - -#if defined(_MSC_VER) && !defined(__MWERKS__) && (_MSC_VER <= 1300) - // VC60 and VC7 workaround: built-in reverse_iterator has two template parameters, Dinkumware only has one - typedef reverse_bidirectional_iterator<const byte *, const byte> RevIt; -#elif defined(_RWSTD_NO_CLASS_PARTIAL_SPEC) - typedef reverse_iterator<const byte *, random_access_iterator_tag, const byte> RevIt; -#else - typedef reverse_iterator<const byte *> RevIt; -#endif - const byte *x = find_if(RevIt(end), RevIt(begin), bind2nd(not_equal_to<byte>(), 0)).base(); - if (x != begin && *(x-1) == 1) - { - AttachedTransformation()->Put(begin, x-begin-1); - m_possiblePadding = true; - m_zeroCount = end - x; - } - else - AttachedTransformation()->Put(begin, end-begin); - - if (messageEnd) - { - m_possiblePadding = false; - Output(0, begin, length, messageEnd, blocking); - } - return 0; -} - -NAMESPACE_END diff --git a/cryptopp562/ida.h b/cryptopp562/ida.h deleted file mode 100644 index 8ebb4ec..0000000 --- a/cryptopp562/ida.h +++ /dev/null @@ -1,152 +0,0 @@ -#ifndef CRYPTOPP_IDA_H -#define CRYPTOPP_IDA_H - -#include "mqueue.h" -#include "filters.h" -#include "channels.h" -#include <map> -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -/// base class for secret sharing and information dispersal -class RawIDA : public AutoSignaling<Unflushable<Multichannel<Filter> > > -{ -public: - RawIDA(BufferedTransformation *attachment=NULL) - {Detach(attachment);} - - unsigned int GetThreshold() const {return m_threshold;} - void AddOutputChannel(word32 channelId); - void ChannelData(word32 channelId, const byte *inString, size_t length, bool messageEnd); - lword InputBuffered(word32 channelId) const; - - void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) - { - if (!blocking) - throw BlockingInputOnly("RawIDA"); - ChannelData(StringToWord<word32>(channel), begin, length, messageEnd != 0); - return 0; - } - -protected: - virtual void FlushOutputQueues(); - virtual void OutputMessageEnds(); - - unsigned int InsertInputChannel(word32 channelId); - unsigned int LookupInputChannel(word32 channelId) const; - void ComputeV(unsigned int); - void PrepareInterpolation(); - void ProcessInputQueues(); - - typedef std::map<word32, unsigned int> InputChannelMap; - InputChannelMap m_inputChannelMap; - InputChannelMap::iterator m_lastMapPosition; - std::vector<MessageQueue> m_inputQueues; - std::vector<word32> m_inputChannelIds, m_outputChannelIds, m_outputToInput; - std::vector<std::string> m_outputChannelIdStrings; - std::vector<ByteQueue> m_outputQueues; - int m_threshold; - unsigned int m_channelsReady, m_channelsFinished; - std::vector<SecBlock<word32> > m_v; - SecBlock<word32> m_u, m_w, m_y; -}; - -/// a variant of Shamir's Secret Sharing Algorithm -class SecretSharing : public CustomFlushPropagation<Filter> -{ -public: - SecretSharing(RandomNumberGenerator &rng, int threshold, int nShares, BufferedTransformation *attachment=NULL, bool addPadding=true) - : m_rng(rng), m_ida(new OutputProxy(*this, true)) - { - Detach(attachment); - IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("NumberOfShares", nShares)("AddPadding", addPadding)); - } - - void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) {return m_ida.Flush(hardFlush, propagation, blocking);} - -protected: - RandomNumberGenerator &m_rng; - RawIDA m_ida; - bool m_pad; -}; - -/// a variant of Shamir's Secret Sharing Algorithm -class SecretRecovery : public RawIDA -{ -public: - SecretRecovery(int threshold, BufferedTransformation *attachment=NULL, bool removePadding=true) - : RawIDA(attachment) - {IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("RemovePadding", removePadding));} - - void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); - -protected: - void FlushOutputQueues(); - void OutputMessageEnds(); - - bool m_pad; -}; - -/// a variant of Rabin's Information Dispersal Algorithm -class InformationDispersal : public CustomFlushPropagation<Filter> -{ -public: - InformationDispersal(int threshold, int nShares, BufferedTransformation *attachment=NULL, bool addPadding=true) - : m_ida(new OutputProxy(*this, true)) - { - Detach(attachment); - IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("NumberOfShares", nShares)("AddPadding", addPadding)); - } - - void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) {return m_ida.Flush(hardFlush, propagation, blocking);} - -protected: - RawIDA m_ida; - bool m_pad; - unsigned int m_nextChannel; -}; - -/// a variant of Rabin's Information Dispersal Algorithm -class InformationRecovery : public RawIDA -{ -public: - InformationRecovery(int threshold, BufferedTransformation *attachment=NULL, bool removePadding=true) - : RawIDA(attachment) - {IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("RemovePadding", removePadding));} - - void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); - -protected: - void FlushOutputQueues(); - void OutputMessageEnds(); - - bool m_pad; - ByteQueue m_queue; -}; - -class PaddingRemover : public Unflushable<Filter> -{ -public: - PaddingRemover(BufferedTransformation *attachment=NULL) - : m_possiblePadding(false) {Detach(attachment);} - - void IsolatedInitialize(const NameValuePairs ¶meters) {m_possiblePadding = false;} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - - // GetPossiblePadding() == false at the end of a message indicates incorrect padding - bool GetPossiblePadding() const {return m_possiblePadding;} - -private: - bool m_possiblePadding; - lword m_zeroCount; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/idea.cpp b/cryptopp562/idea.cpp deleted file mode 100644 index 793f912..0000000 --- a/cryptopp562/idea.cpp +++ /dev/null @@ -1,192 +0,0 @@ -// idea.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "idea.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const int IDEA_KEYLEN=(6*IDEA::ROUNDS+4); // key schedule length in # of word16s - -#define low16(x) ((x)&0xffff) // compiler should be able to optimize this away if word is 16 bits -#define high16(x) ((x)>>16) - -CRYPTOPP_COMPILE_ASSERT(sizeof(IDEA::Word) >= 2); - -// should use an inline function but macros are still faster in MSVC 4.0 -#define DirectMUL(a,b) \ -{ \ - assert(b <= 0xffff); \ - \ - word32 p=(word32)low16(a)*b; \ - \ - if (p) \ - { \ - p = low16(p) - high16(p); \ - a = (IDEA::Word)p - (IDEA::Word)high16(p); \ - } \ - else \ - a = 1-a-b; \ -} - -#ifdef IDEA_LARGECACHE -volatile bool IDEA::Base::tablesBuilt = false; -word16 IDEA::Base::log[0x10000]; -word16 IDEA::Base::antilog[0x10000]; - -void IDEA::Base::BuildLogTables() -{ - if (tablesBuilt) - return; - else - { - tablesBuilt = true; - - IDEA::Word x=1; - word32 i; - - for (i=0; i<0x10000; i++) - { - antilog[i] = (word16)x; - DirectMUL(x, 3); - } - - for (i=0; i<0x10000; i++) - log[antilog[i]] = (word16)i; - } -} - -void IDEA::Base::LookupKeyLogs() -{ - IDEA::Word* Z=key; - int r=ROUNDS; - do - { - Z[0] = log[Z[0]]; - Z[3] = log[Z[3]]; - Z[4] = log[Z[4]]; - Z[5] = log[Z[5]]; - Z+=6; - } while (--r); - Z[0] = log[Z[0]]; - Z[3] = log[Z[3]]; -} - -inline void IDEA::Base::LookupMUL(IDEA::Word &a, IDEA::Word b) -{ - a = antilog[low16(log[low16(a)]+b)]; -} -#endif // IDEA_LARGECACHE - -void IDEA::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - -#ifdef IDEA_LARGECACHE - BuildLogTables(); -#endif - - EnKey(userKey); - - if (!IsForwardTransformation()) - DeKey(); - -#ifdef IDEA_LARGECACHE - LookupKeyLogs(); -#endif -} - -void IDEA::Base::EnKey (const byte *userKey) -{ - unsigned int i; - - for (i=0; i<8; i++) - m_key[i] = ((IDEA::Word)userKey[2*i]<<8) | userKey[2*i+1]; - - for (; i<IDEA_KEYLEN; i++) - { - unsigned int j = RoundDownToMultipleOf(i,8U)-8; - m_key[i] = low16((m_key[j+(i+1)%8] << 9) | (m_key[j+(i+2)%8] >> 7)); - } -} - -static IDEA::Word MulInv(IDEA::Word x) -{ - IDEA::Word y=x; - for (unsigned i=0; i<15; i++) - { - DirectMUL(y,low16(y)); - DirectMUL(y,x); - } - return low16(y); -} - -static inline IDEA::Word AddInv(IDEA::Word x) -{ - return low16(0-x); -} - -void IDEA::Base::DeKey() -{ - FixedSizeSecBlock<IDEA::Word, 6*ROUNDS+4> tempkey; - size_t i; - - for (i=0; i<ROUNDS; i++) - { - tempkey[i*6+0] = MulInv(m_key[(ROUNDS-i)*6+0]); - tempkey[i*6+1] = AddInv(m_key[(ROUNDS-i)*6+1+(i>0)]); - tempkey[i*6+2] = AddInv(m_key[(ROUNDS-i)*6+2-(i>0)]); - tempkey[i*6+3] = MulInv(m_key[(ROUNDS-i)*6+3]); - tempkey[i*6+4] = m_key[(ROUNDS-1-i)*6+4]; - tempkey[i*6+5] = m_key[(ROUNDS-1-i)*6+5]; - } - - tempkey[i*6+0] = MulInv(m_key[(ROUNDS-i)*6+0]); - tempkey[i*6+1] = AddInv(m_key[(ROUNDS-i)*6+1]); - tempkey[i*6+2] = AddInv(m_key[(ROUNDS-i)*6+2]); - tempkey[i*6+3] = MulInv(m_key[(ROUNDS-i)*6+3]); - - m_key = tempkey; -} - -#ifdef IDEA_LARGECACHE -#define MUL(a,b) LookupMUL(a,b) -#else -#define MUL(a,b) DirectMUL(a,b) -#endif - -void IDEA::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - typedef BlockGetAndPut<word16, BigEndian> Block; - - const IDEA::Word *key = m_key; - IDEA::Word x0,x1,x2,x3,t0,t1; - Block::Get(inBlock)(x0)(x1)(x2)(x3); - - for (unsigned int i=0; i<ROUNDS; i++) - { - MUL(x0, key[i*6+0]); - x1 += key[i*6+1]; - x2 += key[i*6+2]; - MUL(x3, key[i*6+3]); - t0 = x0^x2; - MUL(t0, key[i*6+4]); - t1 = t0 + (x1^x3); - MUL(t1, key[i*6+5]); - t0 += t1; - x0 ^= t1; - x3 ^= t0; - t0 ^= x1; - x1 = x2^t1; - x2 = t0; - } - - MUL(x0, key[ROUNDS*6+0]); - x2 += key[ROUNDS*6+1]; - x1 += key[ROUNDS*6+2]; - MUL(x3, key[ROUNDS*6+3]); - - Block::Put(xorBlock, outBlock)(x0)(x2)(x1)(x3); -} - -NAMESPACE_END diff --git a/cryptopp562/idea.h b/cryptopp562/idea.h deleted file mode 100644 index 2ab5713..0000000 --- a/cryptopp562/idea.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifndef CRYPTOPP_IDEA_H -#define CRYPTOPP_IDEA_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct IDEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public FixedRounds<8> -{ - static const char *StaticAlgorithmName() {return "IDEA";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#IDEA">IDEA</a> -class IDEA : public IDEA_Info, public BlockCipherDocumentation -{ -public: // made public for internal purposes -#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - typedef word Word; -#else - typedef hword Word; -#endif - -private: - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<IDEA_Info> - { - public: - unsigned int OptimalDataAlignment() const {return 2;} - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - private: - void EnKey(const byte *); - void DeKey(); - FixedSizeSecBlock<Word, 6*ROUNDS+4> m_key; - - #ifdef IDEA_LARGECACHE - static inline void LookupMUL(word &a, word b); - void LookupKeyLogs(); - static void BuildLogTables(); - static volatile bool tablesBuilt; - static word16 log[0x10000], antilog[0x10000]; - #endif - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -typedef IDEA::Encryption IDEAEncryption; -typedef IDEA::Decryption IDEADecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/integer.cpp b/cryptopp562/integer.cpp deleted file mode 100644 index f07cce8..0000000 --- a/cryptopp562/integer.cpp +++ /dev/null @@ -1,4235 +0,0 @@ -// integer.cpp - written and placed in the public domain by Wei Dai -// contains public domain code contributed by Alister Lee and Leonard Janke - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "integer.h" -#include "modarith.h" -#include "nbtheory.h" -#include "asn.h" -#include "oids.h" -#include "words.h" -#include "algparam.h" -#include "pubkey.h" // for P1363_KDF2 -#include "sha.h" -#include "cpu.h" - -#include <iostream> - -#if _MSC_VER >= 1400 - #include <intrin.h> -#endif - -#ifdef __DECCXX - #include <c_asm.h> -#endif - -#ifdef CRYPTOPP_MSVC6_NO_PP - #pragma message("You do not seem to have the Visual C++ Processor Pack installed, so use of SSE2 instructions will be disabled.") -#endif - -#define CRYPTOPP_INTEGER_SSE2 (CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86) - -NAMESPACE_BEGIN(CryptoPP) - -bool AssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt) -{ - if (valueType != typeid(Integer)) - return false; - *reinterpret_cast<Integer *>(pInteger) = *reinterpret_cast<const int *>(pInt); - return true; -} - -inline static int Compare(const word *A, const word *B, size_t N) -{ - while (N--) - if (A[N] > B[N]) - return 1; - else if (A[N] < B[N]) - return -1; - - return 0; -} - -inline static int Increment(word *A, size_t N, word B=1) -{ - assert(N); - word t = A[0]; - A[0] = t+B; - if (A[0] >= t) - return 0; - for (unsigned i=1; i<N; i++) - if (++A[i]) - return 0; - return 1; -} - -inline static int Decrement(word *A, size_t N, word B=1) -{ - assert(N); - word t = A[0]; - A[0] = t-B; - if (A[0] <= t) - return 0; - for (unsigned i=1; i<N; i++) - if (A[i]--) - return 0; - return 1; -} - -static void TwosComplement(word *A, size_t N) -{ - Decrement(A, N); - for (unsigned i=0; i<N; i++) - A[i] = ~A[i]; -} - -static word AtomicInverseModPower2(word A) -{ - assert(A%2==1); - - word R=A%8; - - for (unsigned i=3; i<WORD_BITS; i*=2) - R = R*(2-R*A); - - assert(R*A==1); - return R; -} - -// ******************************************************** - -#if !defined(CRYPTOPP_NATIVE_DWORD_AVAILABLE) || (defined(__x86_64__) && defined(CRYPTOPP_WORD128_AVAILABLE)) - #define Declare2Words(x) word x##0, x##1; - #define AssignWord(a, b) a##0 = b; a##1 = 0; - #define Add2WordsBy1(a, b, c) a##0 = b##0 + c; a##1 = b##1 + (a##0 < c); - #define LowWord(a) a##0 - #define HighWord(a) a##1 - #ifdef _MSC_VER - #define MultiplyWordsLoHi(p0, p1, a, b) p0 = _umul128(a, b, &p1); - #ifndef __INTEL_COMPILER - #define Double3Words(c, d) d##1 = __shiftleft128(d##0, d##1, 1); d##0 = __shiftleft128(c, d##0, 1); c *= 2; - #endif - #elif defined(__DECCXX) - #define MultiplyWordsLoHi(p0, p1, a, b) p0 = a*b; p1 = asm("umulh %a0, %a1, %v0", a, b); - #elif defined(__x86_64__) - #if defined(__SUNPRO_CC) && __SUNPRO_CC < 0x5100 - // Sun Studio's gcc-style inline assembly is heavily bugged as of version 5.9 Patch 124864-09 2008/12/16, but this one works - #define MultiplyWordsLoHi(p0, p1, a, b) asm ("mulq %3" : "=a"(p0), "=d"(p1) : "a"(a), "r"(b) : "cc"); - #else - #define MultiplyWordsLoHi(p0, p1, a, b) asm ("mulq %3" : "=a"(p0), "=d"(p1) : "a"(a), "g"(b) : "cc"); - #define MulAcc(c, d, a, b) asm ("mulq %6; addq %3, %0; adcq %4, %1; adcq $0, %2;" : "+r"(c), "+r"(d##0), "+r"(d##1), "=a"(p0), "=d"(p1) : "a"(a), "g"(b) : "cc"); - #define Double3Words(c, d) asm ("addq %0, %0; adcq %1, %1; adcq %2, %2;" : "+r"(c), "+r"(d##0), "+r"(d##1) : : "cc"); - #define Acc2WordsBy1(a, b) asm ("addq %2, %0; adcq $0, %1;" : "+r"(a##0), "+r"(a##1) : "r"(b) : "cc"); - #define Acc2WordsBy2(a, b) asm ("addq %2, %0; adcq %3, %1;" : "+r"(a##0), "+r"(a##1) : "r"(b##0), "r"(b##1) : "cc"); - #define Acc3WordsBy2(c, d, e) asm ("addq %5, %0; adcq %6, %1; adcq $0, %2;" : "+r"(c), "=r"(e##0), "=r"(e##1) : "1"(d##0), "2"(d##1), "r"(e##0), "r"(e##1) : "cc"); - #endif - #endif - #define MultiplyWords(p, a, b) MultiplyWordsLoHi(p##0, p##1, a, b) - #ifndef Double3Words - #define Double3Words(c, d) d##1 = 2*d##1 + (d##0>>(WORD_BITS-1)); d##0 = 2*d##0 + (c>>(WORD_BITS-1)); c *= 2; - #endif - #ifndef Acc2WordsBy2 - #define Acc2WordsBy2(a, b) a##0 += b##0; a##1 += a##0 < b##0; a##1 += b##1; - #endif - #define AddWithCarry(u, a, b) {word t = a+b; u##0 = t + u##1; u##1 = (t<a) + (u##0<t);} - #define SubtractWithBorrow(u, a, b) {word t = a-b; u##0 = t - u##1; u##1 = (t>a) + (u##0>t);} - #define GetCarry(u) u##1 - #define GetBorrow(u) u##1 -#else - #define Declare2Words(x) dword x; - #if _MSC_VER >= 1400 && !defined(__INTEL_COMPILER) - #define MultiplyWords(p, a, b) p = __emulu(a, b); - #else - #define MultiplyWords(p, a, b) p = (dword)a*b; - #endif - #define AssignWord(a, b) a = b; - #define Add2WordsBy1(a, b, c) a = b + c; - #define Acc2WordsBy2(a, b) a += b; - #define LowWord(a) word(a) - #define HighWord(a) word(a>>WORD_BITS) - #define Double3Words(c, d) d = 2*d + (c>>(WORD_BITS-1)); c *= 2; - #define AddWithCarry(u, a, b) u = dword(a) + b + GetCarry(u); - #define SubtractWithBorrow(u, a, b) u = dword(a) - b - GetBorrow(u); - #define GetCarry(u) HighWord(u) - #define GetBorrow(u) word(u>>(WORD_BITS*2-1)) -#endif -#ifndef MulAcc - #define MulAcc(c, d, a, b) MultiplyWords(p, a, b); Acc2WordsBy1(p, c); c = LowWord(p); Acc2WordsBy1(d, HighWord(p)); -#endif -#ifndef Acc2WordsBy1 - #define Acc2WordsBy1(a, b) Add2WordsBy1(a, a, b) -#endif -#ifndef Acc3WordsBy2 - #define Acc3WordsBy2(c, d, e) Acc2WordsBy1(e, c); c = LowWord(e); Add2WordsBy1(e, d, HighWord(e)); -#endif - -class DWord -{ -public: - DWord() {} - -#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - explicit DWord(word low) - { - m_whole = low; - } -#else - explicit DWord(word low) - { - m_halfs.low = low; - m_halfs.high = 0; - } -#endif - - DWord(word low, word high) - { - m_halfs.low = low; - m_halfs.high = high; - } - - static DWord Multiply(word a, word b) - { - DWord r; - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - r.m_whole = (dword)a * b; - #elif defined(MultiplyWordsLoHi) - MultiplyWordsLoHi(r.m_halfs.low, r.m_halfs.high, a, b); - #endif - return r; - } - - static DWord MultiplyAndAdd(word a, word b, word c) - { - DWord r = Multiply(a, b); - return r += c; - } - - DWord & operator+=(word a) - { - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - m_whole = m_whole + a; - #else - m_halfs.low += a; - m_halfs.high += (m_halfs.low < a); - #endif - return *this; - } - - DWord operator+(word a) - { - DWord r; - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - r.m_whole = m_whole + a; - #else - r.m_halfs.low = m_halfs.low + a; - r.m_halfs.high = m_halfs.high + (r.m_halfs.low < a); - #endif - return r; - } - - DWord operator-(DWord a) - { - DWord r; - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - r.m_whole = m_whole - a.m_whole; - #else - r.m_halfs.low = m_halfs.low - a.m_halfs.low; - r.m_halfs.high = m_halfs.high - a.m_halfs.high - (r.m_halfs.low > m_halfs.low); - #endif - return r; - } - - DWord operator-(word a) - { - DWord r; - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - r.m_whole = m_whole - a; - #else - r.m_halfs.low = m_halfs.low - a; - r.m_halfs.high = m_halfs.high - (r.m_halfs.low > m_halfs.low); - #endif - return r; - } - - // returns quotient, which must fit in a word - word operator/(word divisor); - - word operator%(word a); - - bool operator!() const - { - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - return !m_whole; - #else - return !m_halfs.high && !m_halfs.low; - #endif - } - - word GetLowHalf() const {return m_halfs.low;} - word GetHighHalf() const {return m_halfs.high;} - word GetHighHalfAsBorrow() const {return 0-m_halfs.high;} - -private: - union - { - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - dword m_whole; - #endif - struct - { - #ifdef IS_LITTLE_ENDIAN - word low; - word high; - #else - word high; - word low; - #endif - } m_halfs; - }; -}; - -class Word -{ -public: - Word() {} - - Word(word value) - { - m_whole = value; - } - - Word(hword low, hword high) - { - m_whole = low | (word(high) << (WORD_BITS/2)); - } - - static Word Multiply(hword a, hword b) - { - Word r; - r.m_whole = (word)a * b; - return r; - } - - Word operator-(Word a) - { - Word r; - r.m_whole = m_whole - a.m_whole; - return r; - } - - Word operator-(hword a) - { - Word r; - r.m_whole = m_whole - a; - return r; - } - - // returns quotient, which must fit in a word - hword operator/(hword divisor) - { - return hword(m_whole / divisor); - } - - bool operator!() const - { - return !m_whole; - } - - word GetWhole() const {return m_whole;} - hword GetLowHalf() const {return hword(m_whole);} - hword GetHighHalf() const {return hword(m_whole>>(WORD_BITS/2));} - hword GetHighHalfAsBorrow() const {return 0-hword(m_whole>>(WORD_BITS/2));} - -private: - word m_whole; -}; - -// do a 3 word by 2 word divide, returns quotient and leaves remainder in A -template <class S, class D> -S DivideThreeWordsByTwo(S *A, S B0, S B1, D *dummy=NULL) -{ - // assert {A[2],A[1]} < {B1,B0}, so quotient can fit in a S - assert(A[2] < B1 || (A[2]==B1 && A[1] < B0)); - - // estimate the quotient: do a 2 S by 1 S divide - S Q; - if (S(B1+1) == 0) - Q = A[2]; - else if (B1 > 0) - Q = D(A[1], A[2]) / S(B1+1); - else - Q = D(A[0], A[1]) / B0; - - // now subtract Q*B from A - D p = D::Multiply(B0, Q); - D u = (D) A[0] - p.GetLowHalf(); - A[0] = u.GetLowHalf(); - u = (D) A[1] - p.GetHighHalf() - u.GetHighHalfAsBorrow() - D::Multiply(B1, Q); - A[1] = u.GetLowHalf(); - A[2] += u.GetHighHalf(); - - // Q <= actual quotient, so fix it - while (A[2] || A[1] > B1 || (A[1]==B1 && A[0]>=B0)) - { - u = (D) A[0] - B0; - A[0] = u.GetLowHalf(); - u = (D) A[1] - B1 - u.GetHighHalfAsBorrow(); - A[1] = u.GetLowHalf(); - A[2] += u.GetHighHalf(); - Q++; - assert(Q); // shouldn't overflow - } - - return Q; -} - -// do a 4 word by 2 word divide, returns 2 word quotient in Q0 and Q1 -template <class S, class D> -inline D DivideFourWordsByTwo(S *T, const D &Al, const D &Ah, const D &B) -{ - if (!B) // if divisor is 0, we assume divisor==2**(2*WORD_BITS) - return D(Ah.GetLowHalf(), Ah.GetHighHalf()); - else - { - S Q[2]; - T[0] = Al.GetLowHalf(); - T[1] = Al.GetHighHalf(); - T[2] = Ah.GetLowHalf(); - T[3] = Ah.GetHighHalf(); - Q[1] = DivideThreeWordsByTwo<S, D>(T+1, B.GetLowHalf(), B.GetHighHalf()); - Q[0] = DivideThreeWordsByTwo<S, D>(T, B.GetLowHalf(), B.GetHighHalf()); - return D(Q[0], Q[1]); - } -} - -// returns quotient, which must fit in a word -inline word DWord::operator/(word a) -{ - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - return word(m_whole / a); - #else - hword r[4]; - return DivideFourWordsByTwo<hword, Word>(r, m_halfs.low, m_halfs.high, a).GetWhole(); - #endif -} - -inline word DWord::operator%(word a) -{ - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - return word(m_whole % a); - #else - if (a < (word(1) << (WORD_BITS/2))) - { - hword h = hword(a); - word r = m_halfs.high % h; - r = ((m_halfs.low >> (WORD_BITS/2)) + (r << (WORD_BITS/2))) % h; - return hword((hword(m_halfs.low) + (r << (WORD_BITS/2))) % h); - } - else - { - hword r[4]; - DivideFourWordsByTwo<hword, Word>(r, m_halfs.low, m_halfs.high, a); - return Word(r[0], r[1]).GetWhole(); - } - #endif -} - -// ******************************************************** - -// use some tricks to share assembly code between MSVC and GCC -#if defined(__GNUC__) - #define AddPrologue \ - int result; \ - __asm__ __volatile__ \ - ( \ - ".intel_syntax noprefix;" - #define AddEpilogue \ - ".att_syntax prefix;" \ - : "=a" (result)\ - : "d" (C), "a" (A), "D" (B), "c" (N) \ - : "%esi", "memory", "cc" \ - );\ - return result; - #define MulPrologue \ - __asm__ __volatile__ \ - ( \ - ".intel_syntax noprefix;" \ - AS1( push ebx) \ - AS2( mov ebx, edx) - #define MulEpilogue \ - AS1( pop ebx) \ - ".att_syntax prefix;" \ - : \ - : "d" (s_maskLow16), "c" (C), "a" (A), "D" (B) \ - : "%esi", "memory", "cc" \ - ); - #define SquPrologue MulPrologue - #define SquEpilogue \ - AS1( pop ebx) \ - ".att_syntax prefix;" \ - : \ - : "d" (s_maskLow16), "c" (C), "a" (A) \ - : "%esi", "%edi", "memory", "cc" \ - ); - #define TopPrologue MulPrologue - #define TopEpilogue \ - AS1( pop ebx) \ - ".att_syntax prefix;" \ - : \ - : "d" (s_maskLow16), "c" (C), "a" (A), "D" (B), "S" (L) \ - : "memory", "cc" \ - ); -#else - #define AddPrologue \ - __asm push edi \ - __asm push esi \ - __asm mov eax, [esp+12] \ - __asm mov edi, [esp+16] - #define AddEpilogue \ - __asm pop esi \ - __asm pop edi \ - __asm ret 8 -#if _MSC_VER < 1300 - #define SaveEBX __asm push ebx - #define RestoreEBX __asm pop ebx -#else - #define SaveEBX - #define RestoreEBX -#endif - #define SquPrologue \ - AS2( mov eax, A) \ - AS2( mov ecx, C) \ - SaveEBX \ - AS2( lea ebx, s_maskLow16) - #define MulPrologue \ - AS2( mov eax, A) \ - AS2( mov edi, B) \ - AS2( mov ecx, C) \ - SaveEBX \ - AS2( lea ebx, s_maskLow16) - #define TopPrologue \ - AS2( mov eax, A) \ - AS2( mov edi, B) \ - AS2( mov ecx, C) \ - AS2( mov esi, L) \ - SaveEBX \ - AS2( lea ebx, s_maskLow16) - #define SquEpilogue RestoreEBX - #define MulEpilogue RestoreEBX - #define TopEpilogue RestoreEBX -#endif - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE -extern "C" { -int Baseline_Add(size_t N, word *C, const word *A, const word *B); -int Baseline_Sub(size_t N, word *C, const word *A, const word *B); -} -#elif defined(CRYPTOPP_X64_ASM_AVAILABLE) && defined(__GNUC__) && defined(CRYPTOPP_WORD128_AVAILABLE) -int Baseline_Add(size_t N, word *C, const word *A, const word *B) -{ - word result; - __asm__ __volatile__ - ( - ".intel_syntax;" - AS1( neg %1) - ASJ( jz, 1, f) - AS2( mov %0,[%3+8*%1]) - AS2( add %0,[%4+8*%1]) - AS2( mov [%2+8*%1],%0) - ASL(0) - AS2( mov %0,[%3+8*%1+8]) - AS2( adc %0,[%4+8*%1+8]) - AS2( mov [%2+8*%1+8],%0) - AS2( lea %1,[%1+2]) - ASJ( jrcxz, 1, f) - AS2( mov %0,[%3+8*%1]) - AS2( adc %0,[%4+8*%1]) - AS2( mov [%2+8*%1],%0) - ASJ( jmp, 0, b) - ASL(1) - AS2( mov %0, 0) - AS2( adc %0, %0) - ".att_syntax;" - : "=&r" (result), "+c" (N) - : "r" (C+N), "r" (A+N), "r" (B+N) - : "memory", "cc" - ); - return (int)result; -} - -int Baseline_Sub(size_t N, word *C, const word *A, const word *B) -{ - word result; - __asm__ __volatile__ - ( - ".intel_syntax;" - AS1( neg %1) - ASJ( jz, 1, f) - AS2( mov %0,[%3+8*%1]) - AS2( sub %0,[%4+8*%1]) - AS2( mov [%2+8*%1],%0) - ASL(0) - AS2( mov %0,[%3+8*%1+8]) - AS2( sbb %0,[%4+8*%1+8]) - AS2( mov [%2+8*%1+8],%0) - AS2( lea %1,[%1+2]) - ASJ( jrcxz, 1, f) - AS2( mov %0,[%3+8*%1]) - AS2( sbb %0,[%4+8*%1]) - AS2( mov [%2+8*%1],%0) - ASJ( jmp, 0, b) - ASL(1) - AS2( mov %0, 0) - AS2( adc %0, %0) - ".att_syntax;" - : "=&r" (result), "+c" (N) - : "r" (C+N), "r" (A+N), "r" (B+N) - : "memory", "cc" - ); - return (int)result; -} -#elif defined(CRYPTOPP_X86_ASM_AVAILABLE) && CRYPTOPP_BOOL_X86 -CRYPTOPP_NAKED int CRYPTOPP_FASTCALL Baseline_Add(size_t N, word *C, const word *A, const word *B) -{ - AddPrologue - - // now: eax = A, edi = B, edx = C, ecx = N - AS2( lea eax, [eax+4*ecx]) - AS2( lea edi, [edi+4*ecx]) - AS2( lea edx, [edx+4*ecx]) - - AS1( neg ecx) // ecx is negative index - AS2( test ecx, 2) // this clears carry flag - ASJ( jz, 0, f) - AS2( sub ecx, 2) - ASJ( jmp, 1, f) - - ASL(0) - ASJ( jecxz, 2, f) // loop until ecx overflows and becomes zero - AS2( mov esi,[eax+4*ecx]) - AS2( adc esi,[edi+4*ecx]) - AS2( mov [edx+4*ecx],esi) - AS2( mov esi,[eax+4*ecx+4]) - AS2( adc esi,[edi+4*ecx+4]) - AS2( mov [edx+4*ecx+4],esi) - ASL(1) - AS2( mov esi,[eax+4*ecx+8]) - AS2( adc esi,[edi+4*ecx+8]) - AS2( mov [edx+4*ecx+8],esi) - AS2( mov esi,[eax+4*ecx+12]) - AS2( adc esi,[edi+4*ecx+12]) - AS2( mov [edx+4*ecx+12],esi) - - AS2( lea ecx,[ecx+4]) // advance index, avoid inc which causes slowdown on Intel Core 2 - ASJ( jmp, 0, b) - - ASL(2) - AS2( mov eax, 0) - AS1( setc al) // store carry into eax (return result register) - - AddEpilogue -} - -CRYPTOPP_NAKED int CRYPTOPP_FASTCALL Baseline_Sub(size_t N, word *C, const word *A, const word *B) -{ - AddPrologue - - // now: eax = A, edi = B, edx = C, ecx = N - AS2( lea eax, [eax+4*ecx]) - AS2( lea edi, [edi+4*ecx]) - AS2( lea edx, [edx+4*ecx]) - - AS1( neg ecx) // ecx is negative index - AS2( test ecx, 2) // this clears carry flag - ASJ( jz, 0, f) - AS2( sub ecx, 2) - ASJ( jmp, 1, f) - - ASL(0) - ASJ( jecxz, 2, f) // loop until ecx overflows and becomes zero - AS2( mov esi,[eax+4*ecx]) - AS2( sbb esi,[edi+4*ecx]) - AS2( mov [edx+4*ecx],esi) - AS2( mov esi,[eax+4*ecx+4]) - AS2( sbb esi,[edi+4*ecx+4]) - AS2( mov [edx+4*ecx+4],esi) - ASL(1) - AS2( mov esi,[eax+4*ecx+8]) - AS2( sbb esi,[edi+4*ecx+8]) - AS2( mov [edx+4*ecx+8],esi) - AS2( mov esi,[eax+4*ecx+12]) - AS2( sbb esi,[edi+4*ecx+12]) - AS2( mov [edx+4*ecx+12],esi) - - AS2( lea ecx,[ecx+4]) // advance index, avoid inc which causes slowdown on Intel Core 2 - ASJ( jmp, 0, b) - - ASL(2) - AS2( mov eax, 0) - AS1( setc al) // store carry into eax (return result register) - - AddEpilogue -} - -#if CRYPTOPP_INTEGER_SSE2 -CRYPTOPP_NAKED int CRYPTOPP_FASTCALL SSE2_Add(size_t N, word *C, const word *A, const word *B) -{ - AddPrologue - - // now: eax = A, edi = B, edx = C, ecx = N - AS2( lea eax, [eax+4*ecx]) - AS2( lea edi, [edi+4*ecx]) - AS2( lea edx, [edx+4*ecx]) - - AS1( neg ecx) // ecx is negative index - AS2( pxor mm2, mm2) - ASJ( jz, 2, f) - AS2( test ecx, 2) // this clears carry flag - ASJ( jz, 0, f) - AS2( sub ecx, 2) - ASJ( jmp, 1, f) - - ASL(0) - AS2( movd mm0, DWORD PTR [eax+4*ecx]) - AS2( movd mm1, DWORD PTR [edi+4*ecx]) - AS2( paddq mm0, mm1) - AS2( paddq mm2, mm0) - AS2( movd DWORD PTR [edx+4*ecx], mm2) - AS2( psrlq mm2, 32) - - AS2( movd mm0, DWORD PTR [eax+4*ecx+4]) - AS2( movd mm1, DWORD PTR [edi+4*ecx+4]) - AS2( paddq mm0, mm1) - AS2( paddq mm2, mm0) - AS2( movd DWORD PTR [edx+4*ecx+4], mm2) - AS2( psrlq mm2, 32) - - ASL(1) - AS2( movd mm0, DWORD PTR [eax+4*ecx+8]) - AS2( movd mm1, DWORD PTR [edi+4*ecx+8]) - AS2( paddq mm0, mm1) - AS2( paddq mm2, mm0) - AS2( movd DWORD PTR [edx+4*ecx+8], mm2) - AS2( psrlq mm2, 32) - - AS2( movd mm0, DWORD PTR [eax+4*ecx+12]) - AS2( movd mm1, DWORD PTR [edi+4*ecx+12]) - AS2( paddq mm0, mm1) - AS2( paddq mm2, mm0) - AS2( movd DWORD PTR [edx+4*ecx+12], mm2) - AS2( psrlq mm2, 32) - - AS2( add ecx, 4) - ASJ( jnz, 0, b) - - ASL(2) - AS2( movd eax, mm2) - AS1( emms) - - AddEpilogue -} -CRYPTOPP_NAKED int CRYPTOPP_FASTCALL SSE2_Sub(size_t N, word *C, const word *A, const word *B) -{ - AddPrologue - - // now: eax = A, edi = B, edx = C, ecx = N - AS2( lea eax, [eax+4*ecx]) - AS2( lea edi, [edi+4*ecx]) - AS2( lea edx, [edx+4*ecx]) - - AS1( neg ecx) // ecx is negative index - AS2( pxor mm2, mm2) - ASJ( jz, 2, f) - AS2( test ecx, 2) // this clears carry flag - ASJ( jz, 0, f) - AS2( sub ecx, 2) - ASJ( jmp, 1, f) - - ASL(0) - AS2( movd mm0, DWORD PTR [eax+4*ecx]) - AS2( movd mm1, DWORD PTR [edi+4*ecx]) - AS2( psubq mm0, mm1) - AS2( psubq mm0, mm2) - AS2( movd DWORD PTR [edx+4*ecx], mm0) - AS2( psrlq mm0, 63) - - AS2( movd mm2, DWORD PTR [eax+4*ecx+4]) - AS2( movd mm1, DWORD PTR [edi+4*ecx+4]) - AS2( psubq mm2, mm1) - AS2( psubq mm2, mm0) - AS2( movd DWORD PTR [edx+4*ecx+4], mm2) - AS2( psrlq mm2, 63) - - ASL(1) - AS2( movd mm0, DWORD PTR [eax+4*ecx+8]) - AS2( movd mm1, DWORD PTR [edi+4*ecx+8]) - AS2( psubq mm0, mm1) - AS2( psubq mm0, mm2) - AS2( movd DWORD PTR [edx+4*ecx+8], mm0) - AS2( psrlq mm0, 63) - - AS2( movd mm2, DWORD PTR [eax+4*ecx+12]) - AS2( movd mm1, DWORD PTR [edi+4*ecx+12]) - AS2( psubq mm2, mm1) - AS2( psubq mm2, mm0) - AS2( movd DWORD PTR [edx+4*ecx+12], mm2) - AS2( psrlq mm2, 63) - - AS2( add ecx, 4) - ASJ( jnz, 0, b) - - ASL(2) - AS2( movd eax, mm2) - AS1( emms) - - AddEpilogue -} -#endif // #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#else -int CRYPTOPP_FASTCALL Baseline_Add(size_t N, word *C, const word *A, const word *B) -{ - assert (N%2 == 0); - - Declare2Words(u); - AssignWord(u, 0); - for (size_t i=0; i<N; i+=2) - { - AddWithCarry(u, A[i], B[i]); - C[i] = LowWord(u); - AddWithCarry(u, A[i+1], B[i+1]); - C[i+1] = LowWord(u); - } - return int(GetCarry(u)); -} - -int CRYPTOPP_FASTCALL Baseline_Sub(size_t N, word *C, const word *A, const word *B) -{ - assert (N%2 == 0); - - Declare2Words(u); - AssignWord(u, 0); - for (size_t i=0; i<N; i+=2) - { - SubtractWithBorrow(u, A[i], B[i]); - C[i] = LowWord(u); - SubtractWithBorrow(u, A[i+1], B[i+1]); - C[i+1] = LowWord(u); - } - return int(GetBorrow(u)); -} -#endif - -static word LinearMultiply(word *C, const word *A, word B, size_t N) -{ - word carry=0; - for(unsigned i=0; i<N; i++) - { - Declare2Words(p); - MultiplyWords(p, A[i], B); - Acc2WordsBy1(p, carry); - C[i] = LowWord(p); - carry = HighWord(p); - } - return carry; -} - -#ifndef CRYPTOPP_DOXYGEN_PROCESSING - -#define Mul_2 \ - Mul_Begin(2) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_End(1, 1) - -#define Mul_4 \ - Mul_Begin(4) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_SaveAcc(1, 0, 2) Mul_Acc(1, 1) Mul_Acc(2, 0) \ - Mul_SaveAcc(2, 0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0) \ - Mul_SaveAcc(3, 1, 3) Mul_Acc(2, 2) Mul_Acc(3, 1) \ - Mul_SaveAcc(4, 2, 3) Mul_Acc(3, 2) \ - Mul_End(5, 3) - -#define Mul_8 \ - Mul_Begin(8) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_SaveAcc(1, 0, 2) Mul_Acc(1, 1) Mul_Acc(2, 0) \ - Mul_SaveAcc(2, 0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0) \ - Mul_SaveAcc(3, 0, 4) Mul_Acc(1, 3) Mul_Acc(2, 2) Mul_Acc(3, 1) Mul_Acc(4, 0) \ - Mul_SaveAcc(4, 0, 5) Mul_Acc(1, 4) Mul_Acc(2, 3) Mul_Acc(3, 2) Mul_Acc(4, 1) Mul_Acc(5, 0) \ - Mul_SaveAcc(5, 0, 6) Mul_Acc(1, 5) Mul_Acc(2, 4) Mul_Acc(3, 3) Mul_Acc(4, 2) Mul_Acc(5, 1) Mul_Acc(6, 0) \ - Mul_SaveAcc(6, 0, 7) Mul_Acc(1, 6) Mul_Acc(2, 5) Mul_Acc(3, 4) Mul_Acc(4, 3) Mul_Acc(5, 2) Mul_Acc(6, 1) Mul_Acc(7, 0) \ - Mul_SaveAcc(7, 1, 7) Mul_Acc(2, 6) Mul_Acc(3, 5) Mul_Acc(4, 4) Mul_Acc(5, 3) Mul_Acc(6, 2) Mul_Acc(7, 1) \ - Mul_SaveAcc(8, 2, 7) Mul_Acc(3, 6) Mul_Acc(4, 5) Mul_Acc(5, 4) Mul_Acc(6, 3) Mul_Acc(7, 2) \ - Mul_SaveAcc(9, 3, 7) Mul_Acc(4, 6) Mul_Acc(5, 5) Mul_Acc(6, 4) Mul_Acc(7, 3) \ - Mul_SaveAcc(10, 4, 7) Mul_Acc(5, 6) Mul_Acc(6, 5) Mul_Acc(7, 4) \ - Mul_SaveAcc(11, 5, 7) Mul_Acc(6, 6) Mul_Acc(7, 5) \ - Mul_SaveAcc(12, 6, 7) Mul_Acc(7, 6) \ - Mul_End(13, 7) - -#define Mul_16 \ - Mul_Begin(16) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_SaveAcc(1, 0, 2) Mul_Acc(1, 1) Mul_Acc(2, 0) \ - Mul_SaveAcc(2, 0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0) \ - Mul_SaveAcc(3, 0, 4) Mul_Acc(1, 3) Mul_Acc(2, 2) Mul_Acc(3, 1) Mul_Acc(4, 0) \ - Mul_SaveAcc(4, 0, 5) Mul_Acc(1, 4) Mul_Acc(2, 3) Mul_Acc(3, 2) Mul_Acc(4, 1) Mul_Acc(5, 0) \ - Mul_SaveAcc(5, 0, 6) Mul_Acc(1, 5) Mul_Acc(2, 4) Mul_Acc(3, 3) Mul_Acc(4, 2) Mul_Acc(5, 1) Mul_Acc(6, 0) \ - Mul_SaveAcc(6, 0, 7) Mul_Acc(1, 6) Mul_Acc(2, 5) Mul_Acc(3, 4) Mul_Acc(4, 3) Mul_Acc(5, 2) Mul_Acc(6, 1) Mul_Acc(7, 0) \ - Mul_SaveAcc(7, 0, 8) Mul_Acc(1, 7) Mul_Acc(2, 6) Mul_Acc(3, 5) Mul_Acc(4, 4) Mul_Acc(5, 3) Mul_Acc(6, 2) Mul_Acc(7, 1) Mul_Acc(8, 0) \ - Mul_SaveAcc(8, 0, 9) Mul_Acc(1, 8) Mul_Acc(2, 7) Mul_Acc(3, 6) Mul_Acc(4, 5) Mul_Acc(5, 4) Mul_Acc(6, 3) Mul_Acc(7, 2) Mul_Acc(8, 1) Mul_Acc(9, 0) \ - Mul_SaveAcc(9, 0, 10) Mul_Acc(1, 9) Mul_Acc(2, 8) Mul_Acc(3, 7) Mul_Acc(4, 6) Mul_Acc(5, 5) Mul_Acc(6, 4) Mul_Acc(7, 3) Mul_Acc(8, 2) Mul_Acc(9, 1) Mul_Acc(10, 0) \ - Mul_SaveAcc(10, 0, 11) Mul_Acc(1, 10) Mul_Acc(2, 9) Mul_Acc(3, 8) Mul_Acc(4, 7) Mul_Acc(5, 6) Mul_Acc(6, 5) Mul_Acc(7, 4) Mul_Acc(8, 3) Mul_Acc(9, 2) Mul_Acc(10, 1) Mul_Acc(11, 0) \ - Mul_SaveAcc(11, 0, 12) Mul_Acc(1, 11) Mul_Acc(2, 10) Mul_Acc(3, 9) Mul_Acc(4, 8) Mul_Acc(5, 7) Mul_Acc(6, 6) Mul_Acc(7, 5) Mul_Acc(8, 4) Mul_Acc(9, 3) Mul_Acc(10, 2) Mul_Acc(11, 1) Mul_Acc(12, 0) \ - Mul_SaveAcc(12, 0, 13) Mul_Acc(1, 12) Mul_Acc(2, 11) Mul_Acc(3, 10) Mul_Acc(4, 9) Mul_Acc(5, 8) Mul_Acc(6, 7) Mul_Acc(7, 6) Mul_Acc(8, 5) Mul_Acc(9, 4) Mul_Acc(10, 3) Mul_Acc(11, 2) Mul_Acc(12, 1) Mul_Acc(13, 0) \ - Mul_SaveAcc(13, 0, 14) Mul_Acc(1, 13) Mul_Acc(2, 12) Mul_Acc(3, 11) Mul_Acc(4, 10) Mul_Acc(5, 9) Mul_Acc(6, 8) Mul_Acc(7, 7) Mul_Acc(8, 6) Mul_Acc(9, 5) Mul_Acc(10, 4) Mul_Acc(11, 3) Mul_Acc(12, 2) Mul_Acc(13, 1) Mul_Acc(14, 0) \ - Mul_SaveAcc(14, 0, 15) Mul_Acc(1, 14) Mul_Acc(2, 13) Mul_Acc(3, 12) Mul_Acc(4, 11) Mul_Acc(5, 10) Mul_Acc(6, 9) Mul_Acc(7, 8) Mul_Acc(8, 7) Mul_Acc(9, 6) Mul_Acc(10, 5) Mul_Acc(11, 4) Mul_Acc(12, 3) Mul_Acc(13, 2) Mul_Acc(14, 1) Mul_Acc(15, 0) \ - Mul_SaveAcc(15, 1, 15) Mul_Acc(2, 14) Mul_Acc(3, 13) Mul_Acc(4, 12) Mul_Acc(5, 11) Mul_Acc(6, 10) Mul_Acc(7, 9) Mul_Acc(8, 8) Mul_Acc(9, 7) Mul_Acc(10, 6) Mul_Acc(11, 5) Mul_Acc(12, 4) Mul_Acc(13, 3) Mul_Acc(14, 2) Mul_Acc(15, 1) \ - Mul_SaveAcc(16, 2, 15) Mul_Acc(3, 14) Mul_Acc(4, 13) Mul_Acc(5, 12) Mul_Acc(6, 11) Mul_Acc(7, 10) Mul_Acc(8, 9) Mul_Acc(9, 8) Mul_Acc(10, 7) Mul_Acc(11, 6) Mul_Acc(12, 5) Mul_Acc(13, 4) Mul_Acc(14, 3) Mul_Acc(15, 2) \ - Mul_SaveAcc(17, 3, 15) Mul_Acc(4, 14) Mul_Acc(5, 13) Mul_Acc(6, 12) Mul_Acc(7, 11) Mul_Acc(8, 10) Mul_Acc(9, 9) Mul_Acc(10, 8) Mul_Acc(11, 7) Mul_Acc(12, 6) Mul_Acc(13, 5) Mul_Acc(14, 4) Mul_Acc(15, 3) \ - Mul_SaveAcc(18, 4, 15) Mul_Acc(5, 14) Mul_Acc(6, 13) Mul_Acc(7, 12) Mul_Acc(8, 11) Mul_Acc(9, 10) Mul_Acc(10, 9) Mul_Acc(11, 8) Mul_Acc(12, 7) Mul_Acc(13, 6) Mul_Acc(14, 5) Mul_Acc(15, 4) \ - Mul_SaveAcc(19, 5, 15) Mul_Acc(6, 14) Mul_Acc(7, 13) Mul_Acc(8, 12) Mul_Acc(9, 11) Mul_Acc(10, 10) Mul_Acc(11, 9) Mul_Acc(12, 8) Mul_Acc(13, 7) Mul_Acc(14, 6) Mul_Acc(15, 5) \ - Mul_SaveAcc(20, 6, 15) Mul_Acc(7, 14) Mul_Acc(8, 13) Mul_Acc(9, 12) Mul_Acc(10, 11) Mul_Acc(11, 10) Mul_Acc(12, 9) Mul_Acc(13, 8) Mul_Acc(14, 7) Mul_Acc(15, 6) \ - Mul_SaveAcc(21, 7, 15) Mul_Acc(8, 14) Mul_Acc(9, 13) Mul_Acc(10, 12) Mul_Acc(11, 11) Mul_Acc(12, 10) Mul_Acc(13, 9) Mul_Acc(14, 8) Mul_Acc(15, 7) \ - Mul_SaveAcc(22, 8, 15) Mul_Acc(9, 14) Mul_Acc(10, 13) Mul_Acc(11, 12) Mul_Acc(12, 11) Mul_Acc(13, 10) Mul_Acc(14, 9) Mul_Acc(15, 8) \ - Mul_SaveAcc(23, 9, 15) Mul_Acc(10, 14) Mul_Acc(11, 13) Mul_Acc(12, 12) Mul_Acc(13, 11) Mul_Acc(14, 10) Mul_Acc(15, 9) \ - Mul_SaveAcc(24, 10, 15) Mul_Acc(11, 14) Mul_Acc(12, 13) Mul_Acc(13, 12) Mul_Acc(14, 11) Mul_Acc(15, 10) \ - Mul_SaveAcc(25, 11, 15) Mul_Acc(12, 14) Mul_Acc(13, 13) Mul_Acc(14, 12) Mul_Acc(15, 11) \ - Mul_SaveAcc(26, 12, 15) Mul_Acc(13, 14) Mul_Acc(14, 13) Mul_Acc(15, 12) \ - Mul_SaveAcc(27, 13, 15) Mul_Acc(14, 14) Mul_Acc(15, 13) \ - Mul_SaveAcc(28, 14, 15) Mul_Acc(15, 14) \ - Mul_End(29, 15) - -#define Squ_2 \ - Squ_Begin(2) \ - Squ_End(2) - -#define Squ_4 \ - Squ_Begin(4) \ - Squ_SaveAcc(1, 0, 2) Squ_Diag(1) \ - Squ_SaveAcc(2, 0, 3) Squ_Acc(1, 2) Squ_NonDiag \ - Squ_SaveAcc(3, 1, 3) Squ_Diag(2) \ - Squ_SaveAcc(4, 2, 3) Squ_NonDiag \ - Squ_End(4) - -#define Squ_8 \ - Squ_Begin(8) \ - Squ_SaveAcc(1, 0, 2) Squ_Diag(1) \ - Squ_SaveAcc(2, 0, 3) Squ_Acc(1, 2) Squ_NonDiag \ - Squ_SaveAcc(3, 0, 4) Squ_Acc(1, 3) Squ_Diag(2) \ - Squ_SaveAcc(4, 0, 5) Squ_Acc(1, 4) Squ_Acc(2, 3) Squ_NonDiag \ - Squ_SaveAcc(5, 0, 6) Squ_Acc(1, 5) Squ_Acc(2, 4) Squ_Diag(3) \ - Squ_SaveAcc(6, 0, 7) Squ_Acc(1, 6) Squ_Acc(2, 5) Squ_Acc(3, 4) Squ_NonDiag \ - Squ_SaveAcc(7, 1, 7) Squ_Acc(2, 6) Squ_Acc(3, 5) Squ_Diag(4) \ - Squ_SaveAcc(8, 2, 7) Squ_Acc(3, 6) Squ_Acc(4, 5) Squ_NonDiag \ - Squ_SaveAcc(9, 3, 7) Squ_Acc(4, 6) Squ_Diag(5) \ - Squ_SaveAcc(10, 4, 7) Squ_Acc(5, 6) Squ_NonDiag \ - Squ_SaveAcc(11, 5, 7) Squ_Diag(6) \ - Squ_SaveAcc(12, 6, 7) Squ_NonDiag \ - Squ_End(8) - -#define Squ_16 \ - Squ_Begin(16) \ - Squ_SaveAcc(1, 0, 2) Squ_Diag(1) \ - Squ_SaveAcc(2, 0, 3) Squ_Acc(1, 2) Squ_NonDiag \ - Squ_SaveAcc(3, 0, 4) Squ_Acc(1, 3) Squ_Diag(2) \ - Squ_SaveAcc(4, 0, 5) Squ_Acc(1, 4) Squ_Acc(2, 3) Squ_NonDiag \ - Squ_SaveAcc(5, 0, 6) Squ_Acc(1, 5) Squ_Acc(2, 4) Squ_Diag(3) \ - Squ_SaveAcc(6, 0, 7) Squ_Acc(1, 6) Squ_Acc(2, 5) Squ_Acc(3, 4) Squ_NonDiag \ - Squ_SaveAcc(7, 0, 8) Squ_Acc(1, 7) Squ_Acc(2, 6) Squ_Acc(3, 5) Squ_Diag(4) \ - Squ_SaveAcc(8, 0, 9) Squ_Acc(1, 8) Squ_Acc(2, 7) Squ_Acc(3, 6) Squ_Acc(4, 5) Squ_NonDiag \ - Squ_SaveAcc(9, 0, 10) Squ_Acc(1, 9) Squ_Acc(2, 8) Squ_Acc(3, 7) Squ_Acc(4, 6) Squ_Diag(5) \ - Squ_SaveAcc(10, 0, 11) Squ_Acc(1, 10) Squ_Acc(2, 9) Squ_Acc(3, 8) Squ_Acc(4, 7) Squ_Acc(5, 6) Squ_NonDiag \ - Squ_SaveAcc(11, 0, 12) Squ_Acc(1, 11) Squ_Acc(2, 10) Squ_Acc(3, 9) Squ_Acc(4, 8) Squ_Acc(5, 7) Squ_Diag(6) \ - Squ_SaveAcc(12, 0, 13) Squ_Acc(1, 12) Squ_Acc(2, 11) Squ_Acc(3, 10) Squ_Acc(4, 9) Squ_Acc(5, 8) Squ_Acc(6, 7) Squ_NonDiag \ - Squ_SaveAcc(13, 0, 14) Squ_Acc(1, 13) Squ_Acc(2, 12) Squ_Acc(3, 11) Squ_Acc(4, 10) Squ_Acc(5, 9) Squ_Acc(6, 8) Squ_Diag(7) \ - Squ_SaveAcc(14, 0, 15) Squ_Acc(1, 14) Squ_Acc(2, 13) Squ_Acc(3, 12) Squ_Acc(4, 11) Squ_Acc(5, 10) Squ_Acc(6, 9) Squ_Acc(7, 8) Squ_NonDiag \ - Squ_SaveAcc(15, 1, 15) Squ_Acc(2, 14) Squ_Acc(3, 13) Squ_Acc(4, 12) Squ_Acc(5, 11) Squ_Acc(6, 10) Squ_Acc(7, 9) Squ_Diag(8) \ - Squ_SaveAcc(16, 2, 15) Squ_Acc(3, 14) Squ_Acc(4, 13) Squ_Acc(5, 12) Squ_Acc(6, 11) Squ_Acc(7, 10) Squ_Acc(8, 9) Squ_NonDiag \ - Squ_SaveAcc(17, 3, 15) Squ_Acc(4, 14) Squ_Acc(5, 13) Squ_Acc(6, 12) Squ_Acc(7, 11) Squ_Acc(8, 10) Squ_Diag(9) \ - Squ_SaveAcc(18, 4, 15) Squ_Acc(5, 14) Squ_Acc(6, 13) Squ_Acc(7, 12) Squ_Acc(8, 11) Squ_Acc(9, 10) Squ_NonDiag \ - Squ_SaveAcc(19, 5, 15) Squ_Acc(6, 14) Squ_Acc(7, 13) Squ_Acc(8, 12) Squ_Acc(9, 11) Squ_Diag(10) \ - Squ_SaveAcc(20, 6, 15) Squ_Acc(7, 14) Squ_Acc(8, 13) Squ_Acc(9, 12) Squ_Acc(10, 11) Squ_NonDiag \ - Squ_SaveAcc(21, 7, 15) Squ_Acc(8, 14) Squ_Acc(9, 13) Squ_Acc(10, 12) Squ_Diag(11) \ - Squ_SaveAcc(22, 8, 15) Squ_Acc(9, 14) Squ_Acc(10, 13) Squ_Acc(11, 12) Squ_NonDiag \ - Squ_SaveAcc(23, 9, 15) Squ_Acc(10, 14) Squ_Acc(11, 13) Squ_Diag(12) \ - Squ_SaveAcc(24, 10, 15) Squ_Acc(11, 14) Squ_Acc(12, 13) Squ_NonDiag \ - Squ_SaveAcc(25, 11, 15) Squ_Acc(12, 14) Squ_Diag(13) \ - Squ_SaveAcc(26, 12, 15) Squ_Acc(13, 14) Squ_NonDiag \ - Squ_SaveAcc(27, 13, 15) Squ_Diag(14) \ - Squ_SaveAcc(28, 14, 15) Squ_NonDiag \ - Squ_End(16) - -#define Bot_2 \ - Mul_Begin(2) \ - Bot_SaveAcc(0, 0, 1) Bot_Acc(1, 0) \ - Bot_End(2) - -#define Bot_4 \ - Mul_Begin(4) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_SaveAcc(1, 2, 0) Mul_Acc(1, 1) Mul_Acc(0, 2) \ - Bot_SaveAcc(2, 0, 3) Bot_Acc(1, 2) Bot_Acc(2, 1) Bot_Acc(3, 0) \ - Bot_End(4) - -#define Bot_8 \ - Mul_Begin(8) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_SaveAcc(1, 0, 2) Mul_Acc(1, 1) Mul_Acc(2, 0) \ - Mul_SaveAcc(2, 0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0) \ - Mul_SaveAcc(3, 0, 4) Mul_Acc(1, 3) Mul_Acc(2, 2) Mul_Acc(3, 1) Mul_Acc(4, 0) \ - Mul_SaveAcc(4, 0, 5) Mul_Acc(1, 4) Mul_Acc(2, 3) Mul_Acc(3, 2) Mul_Acc(4, 1) Mul_Acc(5, 0) \ - Mul_SaveAcc(5, 0, 6) Mul_Acc(1, 5) Mul_Acc(2, 4) Mul_Acc(3, 3) Mul_Acc(4, 2) Mul_Acc(5, 1) Mul_Acc(6, 0) \ - Bot_SaveAcc(6, 0, 7) Bot_Acc(1, 6) Bot_Acc(2, 5) Bot_Acc(3, 4) Bot_Acc(4, 3) Bot_Acc(5, 2) Bot_Acc(6, 1) Bot_Acc(7, 0) \ - Bot_End(8) - -#define Bot_16 \ - Mul_Begin(16) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_SaveAcc(1, 0, 2) Mul_Acc(1, 1) Mul_Acc(2, 0) \ - Mul_SaveAcc(2, 0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0) \ - Mul_SaveAcc(3, 0, 4) Mul_Acc(1, 3) Mul_Acc(2, 2) Mul_Acc(3, 1) Mul_Acc(4, 0) \ - Mul_SaveAcc(4, 0, 5) Mul_Acc(1, 4) Mul_Acc(2, 3) Mul_Acc(3, 2) Mul_Acc(4, 1) Mul_Acc(5, 0) \ - Mul_SaveAcc(5, 0, 6) Mul_Acc(1, 5) Mul_Acc(2, 4) Mul_Acc(3, 3) Mul_Acc(4, 2) Mul_Acc(5, 1) Mul_Acc(6, 0) \ - Mul_SaveAcc(6, 0, 7) Mul_Acc(1, 6) Mul_Acc(2, 5) Mul_Acc(3, 4) Mul_Acc(4, 3) Mul_Acc(5, 2) Mul_Acc(6, 1) Mul_Acc(7, 0) \ - Mul_SaveAcc(7, 0, 8) Mul_Acc(1, 7) Mul_Acc(2, 6) Mul_Acc(3, 5) Mul_Acc(4, 4) Mul_Acc(5, 3) Mul_Acc(6, 2) Mul_Acc(7, 1) Mul_Acc(8, 0) \ - Mul_SaveAcc(8, 0, 9) Mul_Acc(1, 8) Mul_Acc(2, 7) Mul_Acc(3, 6) Mul_Acc(4, 5) Mul_Acc(5, 4) Mul_Acc(6, 3) Mul_Acc(7, 2) Mul_Acc(8, 1) Mul_Acc(9, 0) \ - Mul_SaveAcc(9, 0, 10) Mul_Acc(1, 9) Mul_Acc(2, 8) Mul_Acc(3, 7) Mul_Acc(4, 6) Mul_Acc(5, 5) Mul_Acc(6, 4) Mul_Acc(7, 3) Mul_Acc(8, 2) Mul_Acc(9, 1) Mul_Acc(10, 0) \ - Mul_SaveAcc(10, 0, 11) Mul_Acc(1, 10) Mul_Acc(2, 9) Mul_Acc(3, 8) Mul_Acc(4, 7) Mul_Acc(5, 6) Mul_Acc(6, 5) Mul_Acc(7, 4) Mul_Acc(8, 3) Mul_Acc(9, 2) Mul_Acc(10, 1) Mul_Acc(11, 0) \ - Mul_SaveAcc(11, 0, 12) Mul_Acc(1, 11) Mul_Acc(2, 10) Mul_Acc(3, 9) Mul_Acc(4, 8) Mul_Acc(5, 7) Mul_Acc(6, 6) Mul_Acc(7, 5) Mul_Acc(8, 4) Mul_Acc(9, 3) Mul_Acc(10, 2) Mul_Acc(11, 1) Mul_Acc(12, 0) \ - Mul_SaveAcc(12, 0, 13) Mul_Acc(1, 12) Mul_Acc(2, 11) Mul_Acc(3, 10) Mul_Acc(4, 9) Mul_Acc(5, 8) Mul_Acc(6, 7) Mul_Acc(7, 6) Mul_Acc(8, 5) Mul_Acc(9, 4) Mul_Acc(10, 3) Mul_Acc(11, 2) Mul_Acc(12, 1) Mul_Acc(13, 0) \ - Mul_SaveAcc(13, 0, 14) Mul_Acc(1, 13) Mul_Acc(2, 12) Mul_Acc(3, 11) Mul_Acc(4, 10) Mul_Acc(5, 9) Mul_Acc(6, 8) Mul_Acc(7, 7) Mul_Acc(8, 6) Mul_Acc(9, 5) Mul_Acc(10, 4) Mul_Acc(11, 3) Mul_Acc(12, 2) Mul_Acc(13, 1) Mul_Acc(14, 0) \ - Bot_SaveAcc(14, 0, 15) Bot_Acc(1, 14) Bot_Acc(2, 13) Bot_Acc(3, 12) Bot_Acc(4, 11) Bot_Acc(5, 10) Bot_Acc(6, 9) Bot_Acc(7, 8) Bot_Acc(8, 7) Bot_Acc(9, 6) Bot_Acc(10, 5) Bot_Acc(11, 4) Bot_Acc(12, 3) Bot_Acc(13, 2) Bot_Acc(14, 1) Bot_Acc(15, 0) \ - Bot_End(16) - -#endif - -#if 0 -#define Mul_Begin(n) \ - Declare2Words(p) \ - Declare2Words(c) \ - Declare2Words(d) \ - MultiplyWords(p, A[0], B[0]) \ - AssignWord(c, LowWord(p)) \ - AssignWord(d, HighWord(p)) - -#define Mul_Acc(i, j) \ - MultiplyWords(p, A[i], B[j]) \ - Acc2WordsBy1(c, LowWord(p)) \ - Acc2WordsBy1(d, HighWord(p)) - -#define Mul_SaveAcc(k, i, j) \ - R[k] = LowWord(c); \ - Add2WordsBy1(c, d, HighWord(c)) \ - MultiplyWords(p, A[i], B[j]) \ - AssignWord(d, HighWord(p)) \ - Acc2WordsBy1(c, LowWord(p)) - -#define Mul_End(n) \ - R[2*n-3] = LowWord(c); \ - Acc2WordsBy1(d, HighWord(c)) \ - MultiplyWords(p, A[n-1], B[n-1])\ - Acc2WordsBy2(d, p) \ - R[2*n-2] = LowWord(d); \ - R[2*n-1] = HighWord(d); - -#define Bot_SaveAcc(k, i, j) \ - R[k] = LowWord(c); \ - word e = LowWord(d) + HighWord(c); \ - e += A[i] * B[j]; - -#define Bot_Acc(i, j) \ - e += A[i] * B[j]; - -#define Bot_End(n) \ - R[n-1] = e; -#else -#define Mul_Begin(n) \ - Declare2Words(p) \ - word c; \ - Declare2Words(d) \ - MultiplyWords(p, A[0], B[0]) \ - c = LowWord(p); \ - AssignWord(d, HighWord(p)) - -#define Mul_Acc(i, j) \ - MulAcc(c, d, A[i], B[j]) - -#define Mul_SaveAcc(k, i, j) \ - R[k] = c; \ - c = LowWord(d); \ - AssignWord(d, HighWord(d)) \ - MulAcc(c, d, A[i], B[j]) - -#define Mul_End(k, i) \ - R[k] = c; \ - MultiplyWords(p, A[i], B[i]) \ - Acc2WordsBy2(p, d) \ - R[k+1] = LowWord(p); \ - R[k+2] = HighWord(p); - -#define Bot_SaveAcc(k, i, j) \ - R[k] = c; \ - c = LowWord(d); \ - c += A[i] * B[j]; - -#define Bot_Acc(i, j) \ - c += A[i] * B[j]; - -#define Bot_End(n) \ - R[n-1] = c; -#endif - -#define Squ_Begin(n) \ - Declare2Words(p) \ - word c; \ - Declare2Words(d) \ - Declare2Words(e) \ - MultiplyWords(p, A[0], A[0]) \ - R[0] = LowWord(p); \ - AssignWord(e, HighWord(p)) \ - MultiplyWords(p, A[0], A[1]) \ - c = LowWord(p); \ - AssignWord(d, HighWord(p)) \ - Squ_NonDiag \ - -#define Squ_NonDiag \ - Double3Words(c, d) - -#define Squ_SaveAcc(k, i, j) \ - Acc3WordsBy2(c, d, e) \ - R[k] = c; \ - MultiplyWords(p, A[i], A[j]) \ - c = LowWord(p); \ - AssignWord(d, HighWord(p)) \ - -#define Squ_Acc(i, j) \ - MulAcc(c, d, A[i], A[j]) - -#define Squ_Diag(i) \ - Squ_NonDiag \ - MulAcc(c, d, A[i], A[i]) - -#define Squ_End(n) \ - Acc3WordsBy2(c, d, e) \ - R[2*n-3] = c; \ - MultiplyWords(p, A[n-1], A[n-1])\ - Acc2WordsBy2(p, e) \ - R[2*n-2] = LowWord(p); \ - R[2*n-1] = HighWord(p); - -void Baseline_Multiply2(word *R, const word *A, const word *B) -{ - Mul_2 -} - -void Baseline_Multiply4(word *R, const word *A, const word *B) -{ - Mul_4 -} - -void Baseline_Multiply8(word *R, const word *A, const word *B) -{ - Mul_8 -} - -void Baseline_Square2(word *R, const word *A) -{ - Squ_2 -} - -void Baseline_Square4(word *R, const word *A) -{ - Squ_4 -} - -void Baseline_Square8(word *R, const word *A) -{ - Squ_8 -} - -void Baseline_MultiplyBottom2(word *R, const word *A, const word *B) -{ - Bot_2 -} - -void Baseline_MultiplyBottom4(word *R, const word *A, const word *B) -{ - Bot_4 -} - -void Baseline_MultiplyBottom8(word *R, const word *A, const word *B) -{ - Bot_8 -} - -#define Top_Begin(n) \ - Declare2Words(p) \ - word c; \ - Declare2Words(d) \ - MultiplyWords(p, A[0], B[n-2]);\ - AssignWord(d, HighWord(p)); - -#define Top_Acc(i, j) \ - MultiplyWords(p, A[i], B[j]);\ - Acc2WordsBy1(d, HighWord(p)); - -#define Top_SaveAcc0(i, j) \ - c = LowWord(d); \ - AssignWord(d, HighWord(d)) \ - MulAcc(c, d, A[i], B[j]) - -#define Top_SaveAcc1(i, j) \ - c = L<c; \ - Acc2WordsBy1(d, c); \ - c = LowWord(d); \ - AssignWord(d, HighWord(d)) \ - MulAcc(c, d, A[i], B[j]) - -void Baseline_MultiplyTop2(word *R, const word *A, const word *B, word L) -{ - word T[4]; - Baseline_Multiply2(T, A, B); - R[0] = T[2]; - R[1] = T[3]; -} - -void Baseline_MultiplyTop4(word *R, const word *A, const word *B, word L) -{ - Top_Begin(4) - Top_Acc(1, 1) Top_Acc(2, 0) \ - Top_SaveAcc0(0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0) \ - Top_SaveAcc1(1, 3) Mul_Acc(2, 2) Mul_Acc(3, 1) \ - Mul_SaveAcc(0, 2, 3) Mul_Acc(3, 2) \ - Mul_End(1, 3) -} - -void Baseline_MultiplyTop8(word *R, const word *A, const word *B, word L) -{ - Top_Begin(8) - Top_Acc(1, 5) Top_Acc(2, 4) Top_Acc(3, 3) Top_Acc(4, 2) Top_Acc(5, 1) Top_Acc(6, 0) \ - Top_SaveAcc0(0, 7) Mul_Acc(1, 6) Mul_Acc(2, 5) Mul_Acc(3, 4) Mul_Acc(4, 3) Mul_Acc(5, 2) Mul_Acc(6, 1) Mul_Acc(7, 0) \ - Top_SaveAcc1(1, 7) Mul_Acc(2, 6) Mul_Acc(3, 5) Mul_Acc(4, 4) Mul_Acc(5, 3) Mul_Acc(6, 2) Mul_Acc(7, 1) \ - Mul_SaveAcc(0, 2, 7) Mul_Acc(3, 6) Mul_Acc(4, 5) Mul_Acc(5, 4) Mul_Acc(6, 3) Mul_Acc(7, 2) \ - Mul_SaveAcc(1, 3, 7) Mul_Acc(4, 6) Mul_Acc(5, 5) Mul_Acc(6, 4) Mul_Acc(7, 3) \ - Mul_SaveAcc(2, 4, 7) Mul_Acc(5, 6) Mul_Acc(6, 5) Mul_Acc(7, 4) \ - Mul_SaveAcc(3, 5, 7) Mul_Acc(6, 6) Mul_Acc(7, 5) \ - Mul_SaveAcc(4, 6, 7) Mul_Acc(7, 6) \ - Mul_End(5, 7) -} - -#if !CRYPTOPP_INTEGER_SSE2 // save memory by not compiling these functions when SSE2 is available -void Baseline_Multiply16(word *R, const word *A, const word *B) -{ - Mul_16 -} - -void Baseline_Square16(word *R, const word *A) -{ - Squ_16 -} - -void Baseline_MultiplyBottom16(word *R, const word *A, const word *B) -{ - Bot_16 -} - -void Baseline_MultiplyTop16(word *R, const word *A, const word *B, word L) -{ - Top_Begin(16) - Top_Acc(1, 13) Top_Acc(2, 12) Top_Acc(3, 11) Top_Acc(4, 10) Top_Acc(5, 9) Top_Acc(6, 8) Top_Acc(7, 7) Top_Acc(8, 6) Top_Acc(9, 5) Top_Acc(10, 4) Top_Acc(11, 3) Top_Acc(12, 2) Top_Acc(13, 1) Top_Acc(14, 0) \ - Top_SaveAcc0(0, 15) Mul_Acc(1, 14) Mul_Acc(2, 13) Mul_Acc(3, 12) Mul_Acc(4, 11) Mul_Acc(5, 10) Mul_Acc(6, 9) Mul_Acc(7, 8) Mul_Acc(8, 7) Mul_Acc(9, 6) Mul_Acc(10, 5) Mul_Acc(11, 4) Mul_Acc(12, 3) Mul_Acc(13, 2) Mul_Acc(14, 1) Mul_Acc(15, 0) \ - Top_SaveAcc1(1, 15) Mul_Acc(2, 14) Mul_Acc(3, 13) Mul_Acc(4, 12) Mul_Acc(5, 11) Mul_Acc(6, 10) Mul_Acc(7, 9) Mul_Acc(8, 8) Mul_Acc(9, 7) Mul_Acc(10, 6) Mul_Acc(11, 5) Mul_Acc(12, 4) Mul_Acc(13, 3) Mul_Acc(14, 2) Mul_Acc(15, 1) \ - Mul_SaveAcc(0, 2, 15) Mul_Acc(3, 14) Mul_Acc(4, 13) Mul_Acc(5, 12) Mul_Acc(6, 11) Mul_Acc(7, 10) Mul_Acc(8, 9) Mul_Acc(9, 8) Mul_Acc(10, 7) Mul_Acc(11, 6) Mul_Acc(12, 5) Mul_Acc(13, 4) Mul_Acc(14, 3) Mul_Acc(15, 2) \ - Mul_SaveAcc(1, 3, 15) Mul_Acc(4, 14) Mul_Acc(5, 13) Mul_Acc(6, 12) Mul_Acc(7, 11) Mul_Acc(8, 10) Mul_Acc(9, 9) Mul_Acc(10, 8) Mul_Acc(11, 7) Mul_Acc(12, 6) Mul_Acc(13, 5) Mul_Acc(14, 4) Mul_Acc(15, 3) \ - Mul_SaveAcc(2, 4, 15) Mul_Acc(5, 14) Mul_Acc(6, 13) Mul_Acc(7, 12) Mul_Acc(8, 11) Mul_Acc(9, 10) Mul_Acc(10, 9) Mul_Acc(11, 8) Mul_Acc(12, 7) Mul_Acc(13, 6) Mul_Acc(14, 5) Mul_Acc(15, 4) \ - Mul_SaveAcc(3, 5, 15) Mul_Acc(6, 14) Mul_Acc(7, 13) Mul_Acc(8, 12) Mul_Acc(9, 11) Mul_Acc(10, 10) Mul_Acc(11, 9) Mul_Acc(12, 8) Mul_Acc(13, 7) Mul_Acc(14, 6) Mul_Acc(15, 5) \ - Mul_SaveAcc(4, 6, 15) Mul_Acc(7, 14) Mul_Acc(8, 13) Mul_Acc(9, 12) Mul_Acc(10, 11) Mul_Acc(11, 10) Mul_Acc(12, 9) Mul_Acc(13, 8) Mul_Acc(14, 7) Mul_Acc(15, 6) \ - Mul_SaveAcc(5, 7, 15) Mul_Acc(8, 14) Mul_Acc(9, 13) Mul_Acc(10, 12) Mul_Acc(11, 11) Mul_Acc(12, 10) Mul_Acc(13, 9) Mul_Acc(14, 8) Mul_Acc(15, 7) \ - Mul_SaveAcc(6, 8, 15) Mul_Acc(9, 14) Mul_Acc(10, 13) Mul_Acc(11, 12) Mul_Acc(12, 11) Mul_Acc(13, 10) Mul_Acc(14, 9) Mul_Acc(15, 8) \ - Mul_SaveAcc(7, 9, 15) Mul_Acc(10, 14) Mul_Acc(11, 13) Mul_Acc(12, 12) Mul_Acc(13, 11) Mul_Acc(14, 10) Mul_Acc(15, 9) \ - Mul_SaveAcc(8, 10, 15) Mul_Acc(11, 14) Mul_Acc(12, 13) Mul_Acc(13, 12) Mul_Acc(14, 11) Mul_Acc(15, 10) \ - Mul_SaveAcc(9, 11, 15) Mul_Acc(12, 14) Mul_Acc(13, 13) Mul_Acc(14, 12) Mul_Acc(15, 11) \ - Mul_SaveAcc(10, 12, 15) Mul_Acc(13, 14) Mul_Acc(14, 13) Mul_Acc(15, 12) \ - Mul_SaveAcc(11, 13, 15) Mul_Acc(14, 14) Mul_Acc(15, 13) \ - Mul_SaveAcc(12, 14, 15) Mul_Acc(15, 14) \ - Mul_End(13, 15) -} -#endif - -// ******************************************************** - -#if CRYPTOPP_INTEGER_SSE2 - -CRYPTOPP_ALIGN_DATA(16) static const word32 s_maskLow16[4] CRYPTOPP_SECTION_ALIGN16 = {0xffff,0xffff,0xffff,0xffff}; - -#undef Mul_Begin -#undef Mul_Acc -#undef Top_Begin -#undef Top_Acc -#undef Squ_Acc -#undef Squ_NonDiag -#undef Squ_Diag -#undef Squ_SaveAcc -#undef Squ_Begin -#undef Mul_SaveAcc -#undef Bot_Acc -#undef Bot_SaveAcc -#undef Bot_End -#undef Squ_End -#undef Mul_End - -#define SSE2_FinalSave(k) \ - AS2( psllq xmm5, 16) \ - AS2( paddq xmm4, xmm5) \ - AS2( movq QWORD PTR [ecx+8*(k)], xmm4) - -#define SSE2_SaveShift(k) \ - AS2( movq xmm0, xmm6) \ - AS2( punpckhqdq xmm6, xmm0) \ - AS2( movq xmm1, xmm7) \ - AS2( punpckhqdq xmm7, xmm1) \ - AS2( paddd xmm6, xmm0) \ - AS2( pslldq xmm6, 4) \ - AS2( paddd xmm7, xmm1) \ - AS2( paddd xmm4, xmm6) \ - AS2( pslldq xmm7, 4) \ - AS2( movq xmm6, xmm4) \ - AS2( paddd xmm5, xmm7) \ - AS2( movq xmm7, xmm5) \ - AS2( movd DWORD PTR [ecx+8*(k)], xmm4) \ - AS2( psrlq xmm6, 16) \ - AS2( paddq xmm6, xmm7) \ - AS2( punpckhqdq xmm4, xmm0) \ - AS2( punpckhqdq xmm5, xmm0) \ - AS2( movq QWORD PTR [ecx+8*(k)+2], xmm6) \ - AS2( psrlq xmm6, 3*16) \ - AS2( paddd xmm4, xmm6) \ - -#define Squ_SSE2_SaveShift(k) \ - AS2( movq xmm0, xmm6) \ - AS2( punpckhqdq xmm6, xmm0) \ - AS2( movq xmm1, xmm7) \ - AS2( punpckhqdq xmm7, xmm1) \ - AS2( paddd xmm6, xmm0) \ - AS2( pslldq xmm6, 4) \ - AS2( paddd xmm7, xmm1) \ - AS2( paddd xmm4, xmm6) \ - AS2( pslldq xmm7, 4) \ - AS2( movhlps xmm6, xmm4) \ - AS2( movd DWORD PTR [ecx+8*(k)], xmm4) \ - AS2( paddd xmm5, xmm7) \ - AS2( movhps QWORD PTR [esp+12], xmm5)\ - AS2( psrlq xmm4, 16) \ - AS2( paddq xmm4, xmm5) \ - AS2( movq QWORD PTR [ecx+8*(k)+2], xmm4) \ - AS2( psrlq xmm4, 3*16) \ - AS2( paddd xmm4, xmm6) \ - AS2( movq QWORD PTR [esp+4], xmm4)\ - -#define SSE2_FirstMultiply(i) \ - AS2( movdqa xmm7, [esi+(i)*16])\ - AS2( movdqa xmm5, [edi-(i)*16])\ - AS2( pmuludq xmm5, xmm7) \ - AS2( movdqa xmm4, [ebx])\ - AS2( movdqa xmm6, xmm4) \ - AS2( pand xmm4, xmm5) \ - AS2( psrld xmm5, 16) \ - AS2( pmuludq xmm7, [edx-(i)*16])\ - AS2( pand xmm6, xmm7) \ - AS2( psrld xmm7, 16) - -#define Squ_Begin(n) \ - SquPrologue \ - AS2( mov esi, esp)\ - AS2( and esp, 0xfffffff0)\ - AS2( lea edi, [esp-32*n])\ - AS2( sub esp, 32*n+16)\ - AS1( push esi)\ - AS2( mov esi, edi) \ - AS2( xor edx, edx) \ - ASL(1) \ - ASS( pshufd xmm0, [eax+edx], 3,1,2,0) \ - ASS( pshufd xmm1, [eax+edx], 2,0,3,1) \ - AS2( movdqa [edi+2*edx], xmm0) \ - AS2( psrlq xmm0, 32) \ - AS2( movdqa [edi+2*edx+16], xmm0) \ - AS2( movdqa [edi+16*n+2*edx], xmm1) \ - AS2( psrlq xmm1, 32) \ - AS2( movdqa [edi+16*n+2*edx+16], xmm1) \ - AS2( add edx, 16) \ - AS2( cmp edx, 8*(n)) \ - ASJ( jne, 1, b) \ - AS2( lea edx, [edi+16*n])\ - SSE2_FirstMultiply(0) \ - -#define Squ_Acc(i) \ - ASL(LSqu##i) \ - AS2( movdqa xmm1, [esi+(i)*16]) \ - AS2( movdqa xmm0, [edi-(i)*16]) \ - AS2( movdqa xmm2, [ebx]) \ - AS2( pmuludq xmm0, xmm1) \ - AS2( pmuludq xmm1, [edx-(i)*16]) \ - AS2( movdqa xmm3, xmm2) \ - AS2( pand xmm2, xmm0) \ - AS2( psrld xmm0, 16) \ - AS2( paddd xmm4, xmm2) \ - AS2( paddd xmm5, xmm0) \ - AS2( pand xmm3, xmm1) \ - AS2( psrld xmm1, 16) \ - AS2( paddd xmm6, xmm3) \ - AS2( paddd xmm7, xmm1) \ - -#define Squ_Acc1(i) -#define Squ_Acc2(i) ASC(call, LSqu##i) -#define Squ_Acc3(i) Squ_Acc2(i) -#define Squ_Acc4(i) Squ_Acc2(i) -#define Squ_Acc5(i) Squ_Acc2(i) -#define Squ_Acc6(i) Squ_Acc2(i) -#define Squ_Acc7(i) Squ_Acc2(i) -#define Squ_Acc8(i) Squ_Acc2(i) - -#define SSE2_End(E, n) \ - SSE2_SaveShift(2*(n)-3) \ - AS2( movdqa xmm7, [esi+16]) \ - AS2( movdqa xmm0, [edi]) \ - AS2( pmuludq xmm0, xmm7) \ - AS2( movdqa xmm2, [ebx]) \ - AS2( pmuludq xmm7, [edx]) \ - AS2( movdqa xmm6, xmm2) \ - AS2( pand xmm2, xmm0) \ - AS2( psrld xmm0, 16) \ - AS2( paddd xmm4, xmm2) \ - AS2( paddd xmm5, xmm0) \ - AS2( pand xmm6, xmm7) \ - AS2( psrld xmm7, 16) \ - SSE2_SaveShift(2*(n)-2) \ - SSE2_FinalSave(2*(n)-1) \ - AS1( pop esp)\ - E - -#define Squ_End(n) SSE2_End(SquEpilogue, n) -#define Mul_End(n) SSE2_End(MulEpilogue, n) -#define Top_End(n) SSE2_End(TopEpilogue, n) - -#define Squ_Column1(k, i) \ - Squ_SSE2_SaveShift(k) \ - AS2( add esi, 16) \ - SSE2_FirstMultiply(1)\ - Squ_Acc##i(i) \ - AS2( paddd xmm4, xmm4) \ - AS2( paddd xmm5, xmm5) \ - AS2( movdqa xmm3, [esi]) \ - AS2( movq xmm1, QWORD PTR [esi+8]) \ - AS2( pmuludq xmm1, xmm3) \ - AS2( pmuludq xmm3, xmm3) \ - AS2( movdqa xmm0, [ebx])\ - AS2( movdqa xmm2, xmm0) \ - AS2( pand xmm0, xmm1) \ - AS2( psrld xmm1, 16) \ - AS2( paddd xmm6, xmm0) \ - AS2( paddd xmm7, xmm1) \ - AS2( pand xmm2, xmm3) \ - AS2( psrld xmm3, 16) \ - AS2( paddd xmm6, xmm6) \ - AS2( paddd xmm7, xmm7) \ - AS2( paddd xmm4, xmm2) \ - AS2( paddd xmm5, xmm3) \ - AS2( movq xmm0, QWORD PTR [esp+4])\ - AS2( movq xmm1, QWORD PTR [esp+12])\ - AS2( paddd xmm4, xmm0)\ - AS2( paddd xmm5, xmm1)\ - -#define Squ_Column0(k, i) \ - Squ_SSE2_SaveShift(k) \ - AS2( add edi, 16) \ - AS2( add edx, 16) \ - SSE2_FirstMultiply(1)\ - Squ_Acc##i(i) \ - AS2( paddd xmm6, xmm6) \ - AS2( paddd xmm7, xmm7) \ - AS2( paddd xmm4, xmm4) \ - AS2( paddd xmm5, xmm5) \ - AS2( movq xmm0, QWORD PTR [esp+4])\ - AS2( movq xmm1, QWORD PTR [esp+12])\ - AS2( paddd xmm4, xmm0)\ - AS2( paddd xmm5, xmm1)\ - -#define SSE2_MulAdd45 \ - AS2( movdqa xmm7, [esi]) \ - AS2( movdqa xmm0, [edi]) \ - AS2( pmuludq xmm0, xmm7) \ - AS2( movdqa xmm2, [ebx]) \ - AS2( pmuludq xmm7, [edx]) \ - AS2( movdqa xmm6, xmm2) \ - AS2( pand xmm2, xmm0) \ - AS2( psrld xmm0, 16) \ - AS2( paddd xmm4, xmm2) \ - AS2( paddd xmm5, xmm0) \ - AS2( pand xmm6, xmm7) \ - AS2( psrld xmm7, 16) - -#define Mul_Begin(n) \ - MulPrologue \ - AS2( mov esi, esp)\ - AS2( and esp, 0xfffffff0)\ - AS2( sub esp, 48*n+16)\ - AS1( push esi)\ - AS2( xor edx, edx) \ - ASL(1) \ - ASS( pshufd xmm0, [eax+edx], 3,1,2,0) \ - ASS( pshufd xmm1, [eax+edx], 2,0,3,1) \ - ASS( pshufd xmm2, [edi+edx], 3,1,2,0) \ - AS2( movdqa [esp+20+2*edx], xmm0) \ - AS2( psrlq xmm0, 32) \ - AS2( movdqa [esp+20+2*edx+16], xmm0) \ - AS2( movdqa [esp+20+16*n+2*edx], xmm1) \ - AS2( psrlq xmm1, 32) \ - AS2( movdqa [esp+20+16*n+2*edx+16], xmm1) \ - AS2( movdqa [esp+20+32*n+2*edx], xmm2) \ - AS2( psrlq xmm2, 32) \ - AS2( movdqa [esp+20+32*n+2*edx+16], xmm2) \ - AS2( add edx, 16) \ - AS2( cmp edx, 8*(n)) \ - ASJ( jne, 1, b) \ - AS2( lea edi, [esp+20])\ - AS2( lea edx, [esp+20+16*n])\ - AS2( lea esi, [esp+20+32*n])\ - SSE2_FirstMultiply(0) \ - -#define Mul_Acc(i) \ - ASL(LMul##i) \ - AS2( movdqa xmm1, [esi+i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( movdqa xmm0, [edi-i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( movdqa xmm2, [ebx]) \ - AS2( pmuludq xmm0, xmm1) \ - AS2( pmuludq xmm1, [edx-i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( movdqa xmm3, xmm2) \ - AS2( pand xmm2, xmm0) \ - AS2( psrld xmm0, 16) \ - AS2( paddd xmm4, xmm2) \ - AS2( paddd xmm5, xmm0) \ - AS2( pand xmm3, xmm1) \ - AS2( psrld xmm1, 16) \ - AS2( paddd xmm6, xmm3) \ - AS2( paddd xmm7, xmm1) \ - -#define Mul_Acc1(i) -#define Mul_Acc2(i) ASC(call, LMul##i) -#define Mul_Acc3(i) Mul_Acc2(i) -#define Mul_Acc4(i) Mul_Acc2(i) -#define Mul_Acc5(i) Mul_Acc2(i) -#define Mul_Acc6(i) Mul_Acc2(i) -#define Mul_Acc7(i) Mul_Acc2(i) -#define Mul_Acc8(i) Mul_Acc2(i) -#define Mul_Acc9(i) Mul_Acc2(i) -#define Mul_Acc10(i) Mul_Acc2(i) -#define Mul_Acc11(i) Mul_Acc2(i) -#define Mul_Acc12(i) Mul_Acc2(i) -#define Mul_Acc13(i) Mul_Acc2(i) -#define Mul_Acc14(i) Mul_Acc2(i) -#define Mul_Acc15(i) Mul_Acc2(i) -#define Mul_Acc16(i) Mul_Acc2(i) - -#define Mul_Column1(k, i) \ - SSE2_SaveShift(k) \ - AS2( add esi, 16) \ - SSE2_MulAdd45\ - Mul_Acc##i(i) \ - -#define Mul_Column0(k, i) \ - SSE2_SaveShift(k) \ - AS2( add edi, 16) \ - AS2( add edx, 16) \ - SSE2_MulAdd45\ - Mul_Acc##i(i) \ - -#define Bot_Acc(i) \ - AS2( movdqa xmm1, [esi+i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( movdqa xmm0, [edi-i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( pmuludq xmm0, xmm1) \ - AS2( pmuludq xmm1, [edx-i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( paddq xmm4, xmm0) \ - AS2( paddd xmm6, xmm1) - -#define Bot_SaveAcc(k) \ - SSE2_SaveShift(k) \ - AS2( add edi, 16) \ - AS2( add edx, 16) \ - AS2( movdqa xmm6, [esi]) \ - AS2( movdqa xmm0, [edi]) \ - AS2( pmuludq xmm0, xmm6) \ - AS2( paddq xmm4, xmm0) \ - AS2( psllq xmm5, 16) \ - AS2( paddq xmm4, xmm5) \ - AS2( pmuludq xmm6, [edx]) - -#define Bot_End(n) \ - AS2( movhlps xmm7, xmm6) \ - AS2( paddd xmm6, xmm7) \ - AS2( psllq xmm6, 32) \ - AS2( paddd xmm4, xmm6) \ - AS2( movq QWORD PTR [ecx+8*((n)-1)], xmm4) \ - AS1( pop esp)\ - MulEpilogue - -#define Top_Begin(n) \ - TopPrologue \ - AS2( mov edx, esp)\ - AS2( and esp, 0xfffffff0)\ - AS2( sub esp, 48*n+16)\ - AS1( push edx)\ - AS2( xor edx, edx) \ - ASL(1) \ - ASS( pshufd xmm0, [eax+edx], 3,1,2,0) \ - ASS( pshufd xmm1, [eax+edx], 2,0,3,1) \ - ASS( pshufd xmm2, [edi+edx], 3,1,2,0) \ - AS2( movdqa [esp+20+2*edx], xmm0) \ - AS2( psrlq xmm0, 32) \ - AS2( movdqa [esp+20+2*edx+16], xmm0) \ - AS2( movdqa [esp+20+16*n+2*edx], xmm1) \ - AS2( psrlq xmm1, 32) \ - AS2( movdqa [esp+20+16*n+2*edx+16], xmm1) \ - AS2( movdqa [esp+20+32*n+2*edx], xmm2) \ - AS2( psrlq xmm2, 32) \ - AS2( movdqa [esp+20+32*n+2*edx+16], xmm2) \ - AS2( add edx, 16) \ - AS2( cmp edx, 8*(n)) \ - ASJ( jne, 1, b) \ - AS2( mov eax, esi) \ - AS2( lea edi, [esp+20+00*n+16*(n/2-1)])\ - AS2( lea edx, [esp+20+16*n+16*(n/2-1)])\ - AS2( lea esi, [esp+20+32*n+16*(n/2-1)])\ - AS2( pxor xmm4, xmm4)\ - AS2( pxor xmm5, xmm5) - -#define Top_Acc(i) \ - AS2( movq xmm0, QWORD PTR [esi+i/2*(1-(i-2*(i/2))*2)*16+8]) \ - AS2( pmuludq xmm0, [edx-i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( psrlq xmm0, 48) \ - AS2( paddd xmm5, xmm0)\ - -#define Top_Column0(i) \ - AS2( psllq xmm5, 32) \ - AS2( add edi, 16) \ - AS2( add edx, 16) \ - SSE2_MulAdd45\ - Mul_Acc##i(i) \ - -#define Top_Column1(i) \ - SSE2_SaveShift(0) \ - AS2( add esi, 16) \ - SSE2_MulAdd45\ - Mul_Acc##i(i) \ - AS2( shr eax, 16) \ - AS2( movd xmm0, eax)\ - AS2( movd xmm1, [ecx+4])\ - AS2( psrld xmm1, 16)\ - AS2( pcmpgtd xmm1, xmm0)\ - AS2( psrld xmm1, 31)\ - AS2( paddd xmm4, xmm1)\ - -void SSE2_Square4(word *C, const word *A) -{ - Squ_Begin(2) - Squ_Column0(0, 1) - Squ_End(2) -} - -void SSE2_Square8(word *C, const word *A) -{ - Squ_Begin(4) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Squ_Acc(2) - AS1( ret) ASL(0) -#endif - Squ_Column0(0, 1) - Squ_Column1(1, 1) - Squ_Column0(2, 2) - Squ_Column1(3, 1) - Squ_Column0(4, 1) - Squ_End(4) -} - -void SSE2_Square16(word *C, const word *A) -{ - Squ_Begin(8) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Squ_Acc(4) Squ_Acc(3) Squ_Acc(2) - AS1( ret) ASL(0) -#endif - Squ_Column0(0, 1) - Squ_Column1(1, 1) - Squ_Column0(2, 2) - Squ_Column1(3, 2) - Squ_Column0(4, 3) - Squ_Column1(5, 3) - Squ_Column0(6, 4) - Squ_Column1(7, 3) - Squ_Column0(8, 3) - Squ_Column1(9, 2) - Squ_Column0(10, 2) - Squ_Column1(11, 1) - Squ_Column0(12, 1) - Squ_End(8) -} - -void SSE2_Square32(word *C, const word *A) -{ - Squ_Begin(16) - ASJ( jmp, 0, f) - Squ_Acc(8) Squ_Acc(7) Squ_Acc(6) Squ_Acc(5) Squ_Acc(4) Squ_Acc(3) Squ_Acc(2) - AS1( ret) ASL(0) - Squ_Column0(0, 1) - Squ_Column1(1, 1) - Squ_Column0(2, 2) - Squ_Column1(3, 2) - Squ_Column0(4, 3) - Squ_Column1(5, 3) - Squ_Column0(6, 4) - Squ_Column1(7, 4) - Squ_Column0(8, 5) - Squ_Column1(9, 5) - Squ_Column0(10, 6) - Squ_Column1(11, 6) - Squ_Column0(12, 7) - Squ_Column1(13, 7) - Squ_Column0(14, 8) - Squ_Column1(15, 7) - Squ_Column0(16, 7) - Squ_Column1(17, 6) - Squ_Column0(18, 6) - Squ_Column1(19, 5) - Squ_Column0(20, 5) - Squ_Column1(21, 4) - Squ_Column0(22, 4) - Squ_Column1(23, 3) - Squ_Column0(24, 3) - Squ_Column1(25, 2) - Squ_Column0(26, 2) - Squ_Column1(27, 1) - Squ_Column0(28, 1) - Squ_End(16) -} - -void SSE2_Multiply4(word *C, const word *A, const word *B) -{ - Mul_Begin(2) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Mul_Column0(0, 2) - Mul_End(2) -} - -void SSE2_Multiply8(word *C, const word *A, const word *B) -{ - Mul_Begin(4) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Mul_Column0(0, 2) - Mul_Column1(1, 3) - Mul_Column0(2, 4) - Mul_Column1(3, 3) - Mul_Column0(4, 2) - Mul_End(4) -} - -void SSE2_Multiply16(word *C, const word *A, const word *B) -{ - Mul_Begin(8) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(8) Mul_Acc(7) Mul_Acc(6) Mul_Acc(5) Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Mul_Column0(0, 2) - Mul_Column1(1, 3) - Mul_Column0(2, 4) - Mul_Column1(3, 5) - Mul_Column0(4, 6) - Mul_Column1(5, 7) - Mul_Column0(6, 8) - Mul_Column1(7, 7) - Mul_Column0(8, 6) - Mul_Column1(9, 5) - Mul_Column0(10, 4) - Mul_Column1(11, 3) - Mul_Column0(12, 2) - Mul_End(8) -} - -void SSE2_Multiply32(word *C, const word *A, const word *B) -{ - Mul_Begin(16) - ASJ( jmp, 0, f) - Mul_Acc(16) Mul_Acc(15) Mul_Acc(14) Mul_Acc(13) Mul_Acc(12) Mul_Acc(11) Mul_Acc(10) Mul_Acc(9) Mul_Acc(8) Mul_Acc(7) Mul_Acc(6) Mul_Acc(5) Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) - Mul_Column0(0, 2) - Mul_Column1(1, 3) - Mul_Column0(2, 4) - Mul_Column1(3, 5) - Mul_Column0(4, 6) - Mul_Column1(5, 7) - Mul_Column0(6, 8) - Mul_Column1(7, 9) - Mul_Column0(8, 10) - Mul_Column1(9, 11) - Mul_Column0(10, 12) - Mul_Column1(11, 13) - Mul_Column0(12, 14) - Mul_Column1(13, 15) - Mul_Column0(14, 16) - Mul_Column1(15, 15) - Mul_Column0(16, 14) - Mul_Column1(17, 13) - Mul_Column0(18, 12) - Mul_Column1(19, 11) - Mul_Column0(20, 10) - Mul_Column1(21, 9) - Mul_Column0(22, 8) - Mul_Column1(23, 7) - Mul_Column0(24, 6) - Mul_Column1(25, 5) - Mul_Column0(26, 4) - Mul_Column1(27, 3) - Mul_Column0(28, 2) - Mul_End(16) -} - -void SSE2_MultiplyBottom4(word *C, const word *A, const word *B) -{ - Mul_Begin(2) - Bot_SaveAcc(0) Bot_Acc(2) - Bot_End(2) -} - -void SSE2_MultiplyBottom8(word *C, const word *A, const word *B) -{ - Mul_Begin(4) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Mul_Column0(0, 2) - Mul_Column1(1, 3) - Bot_SaveAcc(2) Bot_Acc(4) Bot_Acc(3) Bot_Acc(2) - Bot_End(4) -} - -void SSE2_MultiplyBottom16(word *C, const word *A, const word *B) -{ - Mul_Begin(8) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(7) Mul_Acc(6) Mul_Acc(5) Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Mul_Column0(0, 2) - Mul_Column1(1, 3) - Mul_Column0(2, 4) - Mul_Column1(3, 5) - Mul_Column0(4, 6) - Mul_Column1(5, 7) - Bot_SaveAcc(6) Bot_Acc(8) Bot_Acc(7) Bot_Acc(6) Bot_Acc(5) Bot_Acc(4) Bot_Acc(3) Bot_Acc(2) - Bot_End(8) -} - -void SSE2_MultiplyBottom32(word *C, const word *A, const word *B) -{ - Mul_Begin(16) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(15) Mul_Acc(14) Mul_Acc(13) Mul_Acc(12) Mul_Acc(11) Mul_Acc(10) Mul_Acc(9) Mul_Acc(8) Mul_Acc(7) Mul_Acc(6) Mul_Acc(5) Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Mul_Column0(0, 2) - Mul_Column1(1, 3) - Mul_Column0(2, 4) - Mul_Column1(3, 5) - Mul_Column0(4, 6) - Mul_Column1(5, 7) - Mul_Column0(6, 8) - Mul_Column1(7, 9) - Mul_Column0(8, 10) - Mul_Column1(9, 11) - Mul_Column0(10, 12) - Mul_Column1(11, 13) - Mul_Column0(12, 14) - Mul_Column1(13, 15) - Bot_SaveAcc(14) Bot_Acc(16) Bot_Acc(15) Bot_Acc(14) Bot_Acc(13) Bot_Acc(12) Bot_Acc(11) Bot_Acc(10) Bot_Acc(9) Bot_Acc(8) Bot_Acc(7) Bot_Acc(6) Bot_Acc(5) Bot_Acc(4) Bot_Acc(3) Bot_Acc(2) - Bot_End(16) -} - -void SSE2_MultiplyTop8(word *C, const word *A, const word *B, word L) -{ - Top_Begin(4) - Top_Acc(3) Top_Acc(2) Top_Acc(1) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Top_Column0(4) - Top_Column1(3) - Mul_Column0(0, 2) - Top_End(2) -} - -void SSE2_MultiplyTop16(word *C, const word *A, const word *B, word L) -{ - Top_Begin(8) - Top_Acc(7) Top_Acc(6) Top_Acc(5) Top_Acc(4) Top_Acc(3) Top_Acc(2) Top_Acc(1) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(8) Mul_Acc(7) Mul_Acc(6) Mul_Acc(5) Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Top_Column0(8) - Top_Column1(7) - Mul_Column0(0, 6) - Mul_Column1(1, 5) - Mul_Column0(2, 4) - Mul_Column1(3, 3) - Mul_Column0(4, 2) - Top_End(4) -} - -void SSE2_MultiplyTop32(word *C, const word *A, const word *B, word L) -{ - Top_Begin(16) - Top_Acc(15) Top_Acc(14) Top_Acc(13) Top_Acc(12) Top_Acc(11) Top_Acc(10) Top_Acc(9) Top_Acc(8) Top_Acc(7) Top_Acc(6) Top_Acc(5) Top_Acc(4) Top_Acc(3) Top_Acc(2) Top_Acc(1) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(16) Mul_Acc(15) Mul_Acc(14) Mul_Acc(13) Mul_Acc(12) Mul_Acc(11) Mul_Acc(10) Mul_Acc(9) Mul_Acc(8) Mul_Acc(7) Mul_Acc(6) Mul_Acc(5) Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Top_Column0(16) - Top_Column1(15) - Mul_Column0(0, 14) - Mul_Column1(1, 13) - Mul_Column0(2, 12) - Mul_Column1(3, 11) - Mul_Column0(4, 10) - Mul_Column1(5, 9) - Mul_Column0(6, 8) - Mul_Column1(7, 7) - Mul_Column0(8, 6) - Mul_Column1(9, 5) - Mul_Column0(10, 4) - Mul_Column1(11, 3) - Mul_Column0(12, 2) - Top_End(8) -} - -#endif // #if CRYPTOPP_INTEGER_SSE2 - -// ******************************************************** - -typedef int (CRYPTOPP_FASTCALL * PAdd)(size_t N, word *C, const word *A, const word *B); -typedef void (* PMul)(word *C, const word *A, const word *B); -typedef void (* PSqu)(word *C, const word *A); -typedef void (* PMulTop)(word *C, const word *A, const word *B, word L); - -#if CRYPTOPP_INTEGER_SSE2 -static PAdd s_pAdd = &Baseline_Add, s_pSub = &Baseline_Sub; -static size_t s_recursionLimit = 8; -#else -static const size_t s_recursionLimit = 16; -#endif - -static PMul s_pMul[9], s_pBot[9]; -static PSqu s_pSqu[9]; -static PMulTop s_pTop[9]; - -static void SetFunctionPointers() -{ - s_pMul[0] = &Baseline_Multiply2; - s_pBot[0] = &Baseline_MultiplyBottom2; - s_pSqu[0] = &Baseline_Square2; - s_pTop[0] = &Baseline_MultiplyTop2; - s_pTop[1] = &Baseline_MultiplyTop4; - -#if CRYPTOPP_INTEGER_SSE2 - if (HasSSE2()) - { -#if _MSC_VER != 1200 || defined(NDEBUG) - if (IsP4()) - { - s_pAdd = &SSE2_Add; - s_pSub = &SSE2_Sub; - } -#endif - - s_recursionLimit = 32; - - s_pMul[1] = &SSE2_Multiply4; - s_pMul[2] = &SSE2_Multiply8; - s_pMul[4] = &SSE2_Multiply16; - s_pMul[8] = &SSE2_Multiply32; - - s_pBot[1] = &SSE2_MultiplyBottom4; - s_pBot[2] = &SSE2_MultiplyBottom8; - s_pBot[4] = &SSE2_MultiplyBottom16; - s_pBot[8] = &SSE2_MultiplyBottom32; - - s_pSqu[1] = &SSE2_Square4; - s_pSqu[2] = &SSE2_Square8; - s_pSqu[4] = &SSE2_Square16; - s_pSqu[8] = &SSE2_Square32; - - s_pTop[2] = &SSE2_MultiplyTop8; - s_pTop[4] = &SSE2_MultiplyTop16; - s_pTop[8] = &SSE2_MultiplyTop32; - } - else -#endif - { - s_pMul[1] = &Baseline_Multiply4; - s_pMul[2] = &Baseline_Multiply8; - - s_pBot[1] = &Baseline_MultiplyBottom4; - s_pBot[2] = &Baseline_MultiplyBottom8; - - s_pSqu[1] = &Baseline_Square4; - s_pSqu[2] = &Baseline_Square8; - - s_pTop[2] = &Baseline_MultiplyTop8; - -#if !CRYPTOPP_INTEGER_SSE2 - s_pMul[4] = &Baseline_Multiply16; - s_pBot[4] = &Baseline_MultiplyBottom16; - s_pSqu[4] = &Baseline_Square16; - s_pTop[4] = &Baseline_MultiplyTop16; -#endif - } -} - -inline int Add(word *C, const word *A, const word *B, size_t N) -{ -#if CRYPTOPP_INTEGER_SSE2 - return s_pAdd(N, C, A, B); -#else - return Baseline_Add(N, C, A, B); -#endif -} - -inline int Subtract(word *C, const word *A, const word *B, size_t N) -{ -#if CRYPTOPP_INTEGER_SSE2 - return s_pSub(N, C, A, B); -#else - return Baseline_Sub(N, C, A, B); -#endif -} - -// ******************************************************** - - -#define A0 A -#define A1 (A+N2) -#define B0 B -#define B1 (B+N2) - -#define T0 T -#define T1 (T+N2) -#define T2 (T+N) -#define T3 (T+N+N2) - -#define R0 R -#define R1 (R+N2) -#define R2 (R+N) -#define R3 (R+N+N2) - -// R[2*N] - result = A*B -// T[2*N] - temporary work space -// A[N] --- multiplier -// B[N] --- multiplicant - -void RecursiveMultiply(word *R, word *T, const word *A, const word *B, size_t N) -{ - assert(N>=2 && N%2==0); - - if (N <= s_recursionLimit) - s_pMul[N/4](R, A, B); - else - { - const size_t N2 = N/2; - - size_t AN2 = Compare(A0, A1, N2) > 0 ? 0 : N2; - Subtract(R0, A + AN2, A + (N2 ^ AN2), N2); - - size_t BN2 = Compare(B0, B1, N2) > 0 ? 0 : N2; - Subtract(R1, B + BN2, B + (N2 ^ BN2), N2); - - RecursiveMultiply(R2, T2, A1, B1, N2); - RecursiveMultiply(T0, T2, R0, R1, N2); - RecursiveMultiply(R0, T2, A0, B0, N2); - - // now T[01] holds (A1-A0)*(B0-B1), R[01] holds A0*B0, R[23] holds A1*B1 - - int c2 = Add(R2, R2, R1, N2); - int c3 = c2; - c2 += Add(R1, R2, R0, N2); - c3 += Add(R2, R2, R3, N2); - - if (AN2 == BN2) - c3 -= Subtract(R1, R1, T0, N); - else - c3 += Add(R1, R1, T0, N); - - c3 += Increment(R2, N2, c2); - assert (c3 >= 0 && c3 <= 2); - Increment(R3, N2, c3); - } -} - -// R[2*N] - result = A*A -// T[2*N] - temporary work space -// A[N] --- number to be squared - -void RecursiveSquare(word *R, word *T, const word *A, size_t N) -{ - assert(N && N%2==0); - - if (N <= s_recursionLimit) - s_pSqu[N/4](R, A); - else - { - const size_t N2 = N/2; - - RecursiveSquare(R0, T2, A0, N2); - RecursiveSquare(R2, T2, A1, N2); - RecursiveMultiply(T0, T2, A0, A1, N2); - - int carry = Add(R1, R1, T0, N); - carry += Add(R1, R1, T0, N); - Increment(R3, N2, carry); - } -} - -// R[N] - bottom half of A*B -// T[3*N/2] - temporary work space -// A[N] - multiplier -// B[N] - multiplicant - -void RecursiveMultiplyBottom(word *R, word *T, const word *A, const word *B, size_t N) -{ - assert(N>=2 && N%2==0); - - if (N <= s_recursionLimit) - s_pBot[N/4](R, A, B); - else - { - const size_t N2 = N/2; - - RecursiveMultiply(R, T, A0, B0, N2); - RecursiveMultiplyBottom(T0, T1, A1, B0, N2); - Add(R1, R1, T0, N2); - RecursiveMultiplyBottom(T0, T1, A0, B1, N2); - Add(R1, R1, T0, N2); - } -} - -// R[N] --- upper half of A*B -// T[2*N] - temporary work space -// L[N] --- lower half of A*B -// A[N] --- multiplier -// B[N] --- multiplicant - -void MultiplyTop(word *R, word *T, const word *L, const word *A, const word *B, size_t N) -{ - assert(N>=2 && N%2==0); - - if (N <= s_recursionLimit) - s_pTop[N/4](R, A, B, L[N-1]); - else - { - const size_t N2 = N/2; - - size_t AN2 = Compare(A0, A1, N2) > 0 ? 0 : N2; - Subtract(R0, A + AN2, A + (N2 ^ AN2), N2); - - size_t BN2 = Compare(B0, B1, N2) > 0 ? 0 : N2; - Subtract(R1, B + BN2, B + (N2 ^ BN2), N2); - - RecursiveMultiply(T0, T2, R0, R1, N2); - RecursiveMultiply(R0, T2, A1, B1, N2); - - // now T[01] holds (A1-A0)*(B0-B1) = A1*B0+A0*B1-A1*B1-A0*B0, R[01] holds A1*B1 - - int t, c3; - int c2 = Subtract(T2, L+N2, L, N2); - - if (AN2 == BN2) - { - c2 -= Add(T2, T2, T0, N2); - t = (Compare(T2, R0, N2) == -1); - c3 = t - Subtract(T2, T2, T1, N2); - } - else - { - c2 += Subtract(T2, T2, T0, N2); - t = (Compare(T2, R0, N2) == -1); - c3 = t + Add(T2, T2, T1, N2); - } - - c2 += t; - if (c2 >= 0) - c3 += Increment(T2, N2, c2); - else - c3 -= Decrement(T2, N2, -c2); - c3 += Add(R0, T2, R1, N2); - - assert (c3 >= 0 && c3 <= 2); - Increment(R1, N2, c3); - } -} - -inline void Multiply(word *R, word *T, const word *A, const word *B, size_t N) -{ - RecursiveMultiply(R, T, A, B, N); -} - -inline void Square(word *R, word *T, const word *A, size_t N) -{ - RecursiveSquare(R, T, A, N); -} - -inline void MultiplyBottom(word *R, word *T, const word *A, const word *B, size_t N) -{ - RecursiveMultiplyBottom(R, T, A, B, N); -} - -// R[NA+NB] - result = A*B -// T[NA+NB] - temporary work space -// A[NA] ---- multiplier -// B[NB] ---- multiplicant - -void AsymmetricMultiply(word *R, word *T, const word *A, size_t NA, const word *B, size_t NB) -{ - if (NA == NB) - { - if (A == B) - Square(R, T, A, NA); - else - Multiply(R, T, A, B, NA); - - return; - } - - if (NA > NB) - { - std::swap(A, B); - std::swap(NA, NB); - } - - assert(NB % NA == 0); - - if (NA==2 && !A[1]) - { - switch (A[0]) - { - case 0: - SetWords(R, 0, NB+2); - return; - case 1: - CopyWords(R, B, NB); - R[NB] = R[NB+1] = 0; - return; - default: - R[NB] = LinearMultiply(R, B, A[0], NB); - R[NB+1] = 0; - return; - } - } - - size_t i; - if ((NB/NA)%2 == 0) - { - Multiply(R, T, A, B, NA); - CopyWords(T+2*NA, R+NA, NA); - - for (i=2*NA; i<NB; i+=2*NA) - Multiply(T+NA+i, T, A, B+i, NA); - for (i=NA; i<NB; i+=2*NA) - Multiply(R+i, T, A, B+i, NA); - } - else - { - for (i=0; i<NB; i+=2*NA) - Multiply(R+i, T, A, B+i, NA); - for (i=NA; i<NB; i+=2*NA) - Multiply(T+NA+i, T, A, B+i, NA); - } - - if (Add(R+NA, R+NA, T+2*NA, NB-NA)) - Increment(R+NB, NA); -} - -// R[N] ----- result = A inverse mod 2**(WORD_BITS*N) -// T[3*N/2] - temporary work space -// A[N] ----- an odd number as input - -void RecursiveInverseModPower2(word *R, word *T, const word *A, size_t N) -{ - if (N==2) - { - T[0] = AtomicInverseModPower2(A[0]); - T[1] = 0; - s_pBot[0](T+2, T, A); - TwosComplement(T+2, 2); - Increment(T+2, 2, 2); - s_pBot[0](R, T, T+2); - } - else - { - const size_t N2 = N/2; - RecursiveInverseModPower2(R0, T0, A0, N2); - T0[0] = 1; - SetWords(T0+1, 0, N2-1); - MultiplyTop(R1, T1, T0, R0, A0, N2); - MultiplyBottom(T0, T1, R0, A1, N2); - Add(T0, R1, T0, N2); - TwosComplement(T0, N2); - MultiplyBottom(R1, T1, R0, T0, N2); - } -} - -// R[N] --- result = X/(2**(WORD_BITS*N)) mod M -// T[3*N] - temporary work space -// X[2*N] - number to be reduced -// M[N] --- modulus -// U[N] --- multiplicative inverse of M mod 2**(WORD_BITS*N) - -void MontgomeryReduce(word *R, word *T, word *X, const word *M, const word *U, size_t N) -{ -#if 1 - MultiplyBottom(R, T, X, U, N); - MultiplyTop(T, T+N, X, R, M, N); - word borrow = Subtract(T, X+N, T, N); - // defend against timing attack by doing this Add even when not needed - word carry = Add(T+N, T, M, N); - assert(carry | !borrow); - CopyWords(R, T + ((0-borrow) & N), N); -#elif 0 - const word u = 0-U[0]; - Declare2Words(p) - for (size_t i=0; i<N; i++) - { - const word t = u * X[i]; - word c = 0; - for (size_t j=0; j<N; j+=2) - { - MultiplyWords(p, t, M[j]); - Acc2WordsBy1(p, X[i+j]); - Acc2WordsBy1(p, c); - X[i+j] = LowWord(p); - c = HighWord(p); - MultiplyWords(p, t, M[j+1]); - Acc2WordsBy1(p, X[i+j+1]); - Acc2WordsBy1(p, c); - X[i+j+1] = LowWord(p); - c = HighWord(p); - } - - if (Increment(X+N+i, N-i, c)) - while (!Subtract(X+N, X+N, M, N)) {} - } - - memcpy(R, X+N, N*WORD_SIZE); -#else - __m64 u = _mm_cvtsi32_si64(0-U[0]), p; - for (size_t i=0; i<N; i++) - { - __m64 t = _mm_cvtsi32_si64(X[i]); - t = _mm_mul_su32(t, u); - __m64 c = _mm_setzero_si64(); - for (size_t j=0; j<N; j+=2) - { - p = _mm_mul_su32(t, _mm_cvtsi32_si64(M[j])); - p = _mm_add_si64(p, _mm_cvtsi32_si64(X[i+j])); - c = _mm_add_si64(c, p); - X[i+j] = _mm_cvtsi64_si32(c); - c = _mm_srli_si64(c, 32); - p = _mm_mul_su32(t, _mm_cvtsi32_si64(M[j+1])); - p = _mm_add_si64(p, _mm_cvtsi32_si64(X[i+j+1])); - c = _mm_add_si64(c, p); - X[i+j+1] = _mm_cvtsi64_si32(c); - c = _mm_srli_si64(c, 32); - } - - if (Increment(X+N+i, N-i, _mm_cvtsi64_si32(c))) - while (!Subtract(X+N, X+N, M, N)) {} - } - - memcpy(R, X+N, N*WORD_SIZE); - _mm_empty(); -#endif -} - -// R[N] --- result = X/(2**(WORD_BITS*N/2)) mod M -// T[2*N] - temporary work space -// X[2*N] - number to be reduced -// M[N] --- modulus -// U[N/2] - multiplicative inverse of M mod 2**(WORD_BITS*N/2) -// V[N] --- 2**(WORD_BITS*3*N/2) mod M - -void HalfMontgomeryReduce(word *R, word *T, const word *X, const word *M, const word *U, const word *V, size_t N) -{ - assert(N%2==0 && N>=4); - -#define M0 M -#define M1 (M+N2) -#define V0 V -#define V1 (V+N2) - -#define X0 X -#define X1 (X+N2) -#define X2 (X+N) -#define X3 (X+N+N2) - - const size_t N2 = N/2; - Multiply(T0, T2, V0, X3, N2); - int c2 = Add(T0, T0, X0, N); - MultiplyBottom(T3, T2, T0, U, N2); - MultiplyTop(T2, R, T0, T3, M0, N2); - c2 -= Subtract(T2, T1, T2, N2); - Multiply(T0, R, T3, M1, N2); - c2 -= Subtract(T0, T2, T0, N2); - int c3 = -(int)Subtract(T1, X2, T1, N2); - Multiply(R0, T2, V1, X3, N2); - c3 += Add(R, R, T, N); - - if (c2>0) - c3 += Increment(R1, N2); - else if (c2<0) - c3 -= Decrement(R1, N2, -c2); - - assert(c3>=-1 && c3<=1); - if (c3>0) - Subtract(R, R, M, N); - else if (c3<0) - Add(R, R, M, N); - -#undef M0 -#undef M1 -#undef V0 -#undef V1 - -#undef X0 -#undef X1 -#undef X2 -#undef X3 -} - -#undef A0 -#undef A1 -#undef B0 -#undef B1 - -#undef T0 -#undef T1 -#undef T2 -#undef T3 - -#undef R0 -#undef R1 -#undef R2 -#undef R3 - -/* -// do a 3 word by 2 word divide, returns quotient and leaves remainder in A -static word SubatomicDivide(word *A, word B0, word B1) -{ - // assert {A[2],A[1]} < {B1,B0}, so quotient can fit in a word - assert(A[2] < B1 || (A[2]==B1 && A[1] < B0)); - - // estimate the quotient: do a 2 word by 1 word divide - word Q; - if (B1+1 == 0) - Q = A[2]; - else - Q = DWord(A[1], A[2]).DividedBy(B1+1); - - // now subtract Q*B from A - DWord p = DWord::Multiply(B0, Q); - DWord u = (DWord) A[0] - p.GetLowHalf(); - A[0] = u.GetLowHalf(); - u = (DWord) A[1] - p.GetHighHalf() - u.GetHighHalfAsBorrow() - DWord::Multiply(B1, Q); - A[1] = u.GetLowHalf(); - A[2] += u.GetHighHalf(); - - // Q <= actual quotient, so fix it - while (A[2] || A[1] > B1 || (A[1]==B1 && A[0]>=B0)) - { - u = (DWord) A[0] - B0; - A[0] = u.GetLowHalf(); - u = (DWord) A[1] - B1 - u.GetHighHalfAsBorrow(); - A[1] = u.GetLowHalf(); - A[2] += u.GetHighHalf(); - Q++; - assert(Q); // shouldn't overflow - } - - return Q; -} - -// do a 4 word by 2 word divide, returns 2 word quotient in Q0 and Q1 -static inline void AtomicDivide(word *Q, const word *A, const word *B) -{ - if (!B[0] && !B[1]) // if divisor is 0, we assume divisor==2**(2*WORD_BITS) - { - Q[0] = A[2]; - Q[1] = A[3]; - } - else - { - word T[4]; - T[0] = A[0]; T[1] = A[1]; T[2] = A[2]; T[3] = A[3]; - Q[1] = SubatomicDivide(T+1, B[0], B[1]); - Q[0] = SubatomicDivide(T, B[0], B[1]); - -#ifndef NDEBUG - // multiply quotient and divisor and add remainder, make sure it equals dividend - assert(!T[2] && !T[3] && (T[1] < B[1] || (T[1]==B[1] && T[0]<B[0]))); - word P[4]; - LowLevel::Multiply2(P, Q, B); - Add(P, P, T, 4); - assert(memcmp(P, A, 4*WORD_SIZE)==0); -#endif - } -} -*/ - -static inline void AtomicDivide(word *Q, const word *A, const word *B) -{ - word T[4]; - DWord q = DivideFourWordsByTwo<word, DWord>(T, DWord(A[0], A[1]), DWord(A[2], A[3]), DWord(B[0], B[1])); - Q[0] = q.GetLowHalf(); - Q[1] = q.GetHighHalf(); - -#ifndef NDEBUG - if (B[0] || B[1]) - { - // multiply quotient and divisor and add remainder, make sure it equals dividend - assert(!T[2] && !T[3] && (T[1] < B[1] || (T[1]==B[1] && T[0]<B[0]))); - word P[4]; - s_pMul[0](P, Q, B); - Add(P, P, T, 4); - assert(memcmp(P, A, 4*WORD_SIZE)==0); - } -#endif -} - -// for use by Divide(), corrects the underestimated quotient {Q1,Q0} -static void CorrectQuotientEstimate(word *R, word *T, word *Q, const word *B, size_t N) -{ - assert(N && N%2==0); - - AsymmetricMultiply(T, T+N+2, Q, 2, B, N); - - word borrow = Subtract(R, R, T, N+2); - assert(!borrow && !R[N+1]); - - while (R[N] || Compare(R, B, N) >= 0) - { - R[N] -= Subtract(R, R, B, N); - Q[1] += (++Q[0]==0); - assert(Q[0] || Q[1]); // no overflow - } -} - -// R[NB] -------- remainder = A%B -// Q[NA-NB+2] --- quotient = A/B -// T[NA+3*(NB+2)] - temp work space -// A[NA] -------- dividend -// B[NB] -------- divisor - -void Divide(word *R, word *Q, word *T, const word *A, size_t NA, const word *B, size_t NB) -{ - assert(NA && NB && NA%2==0 && NB%2==0); - assert(B[NB-1] || B[NB-2]); - assert(NB <= NA); - - // set up temporary work space - word *const TA=T; - word *const TB=T+NA+2; - word *const TP=T+NA+2+NB; - - // copy B into TB and normalize it so that TB has highest bit set to 1 - unsigned shiftWords = (B[NB-1]==0); - TB[0] = TB[NB-1] = 0; - CopyWords(TB+shiftWords, B, NB-shiftWords); - unsigned shiftBits = WORD_BITS - BitPrecision(TB[NB-1]); - assert(shiftBits < WORD_BITS); - ShiftWordsLeftByBits(TB, NB, shiftBits); - - // copy A into TA and normalize it - TA[0] = TA[NA] = TA[NA+1] = 0; - CopyWords(TA+shiftWords, A, NA); - ShiftWordsLeftByBits(TA, NA+2, shiftBits); - - if (TA[NA+1]==0 && TA[NA] <= 1) - { - Q[NA-NB+1] = Q[NA-NB] = 0; - while (TA[NA] || Compare(TA+NA-NB, TB, NB) >= 0) - { - TA[NA] -= Subtract(TA+NA-NB, TA+NA-NB, TB, NB); - ++Q[NA-NB]; - } - } - else - { - NA+=2; - assert(Compare(TA+NA-NB, TB, NB) < 0); - } - - word BT[2]; - BT[0] = TB[NB-2] + 1; - BT[1] = TB[NB-1] + (BT[0]==0); - - // start reducing TA mod TB, 2 words at a time - for (size_t i=NA-2; i>=NB; i-=2) - { - AtomicDivide(Q+i-NB, TA+i-2, BT); - CorrectQuotientEstimate(TA+i-NB, TP, Q+i-NB, TB, NB); - } - - // copy TA into R, and denormalize it - CopyWords(R, TA+shiftWords, NB); - ShiftWordsRightByBits(R, NB, shiftBits); -} - -static inline size_t EvenWordCount(const word *X, size_t N) -{ - while (N && X[N-2]==0 && X[N-1]==0) - N-=2; - return N; -} - -// return k -// R[N] --- result = A^(-1) * 2^k mod M -// T[4*N] - temporary work space -// A[NA] -- number to take inverse of -// M[N] --- modulus - -unsigned int AlmostInverse(word *R, word *T, const word *A, size_t NA, const word *M, size_t N) -{ - assert(NA<=N && N && N%2==0); - - word *b = T; - word *c = T+N; - word *f = T+2*N; - word *g = T+3*N; - size_t bcLen=2, fgLen=EvenWordCount(M, N); - unsigned int k=0; - bool s=false; - - SetWords(T, 0, 3*N); - b[0]=1; - CopyWords(f, A, NA); - CopyWords(g, M, N); - - while (1) - { - word t=f[0]; - while (!t) - { - if (EvenWordCount(f, fgLen)==0) - { - SetWords(R, 0, N); - return 0; - } - - ShiftWordsRightByWords(f, fgLen, 1); - bcLen += 2 * (c[bcLen-1] != 0); - assert(bcLen <= N); - ShiftWordsLeftByWords(c, bcLen, 1); - k+=WORD_BITS; - t=f[0]; - } - - unsigned int i = TrailingZeros(t); - t >>= i; - k += i; - - if (t==1 && f[1]==0 && EvenWordCount(f+2, fgLen-2)==0) - { - if (s) - Subtract(R, M, b, N); - else - CopyWords(R, b, N); - return k; - } - - ShiftWordsRightByBits(f, fgLen, i); - t = ShiftWordsLeftByBits(c, bcLen, i); - c[bcLen] += t; - bcLen += 2 * (t!=0); - assert(bcLen <= N); - - bool swap = Compare(f, g, fgLen)==-1; - ConditionalSwapPointers(swap, f, g); - ConditionalSwapPointers(swap, b, c); - s ^= swap; - - fgLen -= 2 * !(f[fgLen-2] | f[fgLen-1]); - - Subtract(f, f, g, fgLen); - t = Add(b, b, c, bcLen); - b[bcLen] += t; - bcLen += 2*t; - assert(bcLen <= N); - } -} - -// R[N] - result = A/(2^k) mod M -// A[N] - input -// M[N] - modulus - -void DivideByPower2Mod(word *R, const word *A, size_t k, const word *M, size_t N) -{ - CopyWords(R, A, N); - - while (k--) - { - if (R[0]%2==0) - ShiftWordsRightByBits(R, N, 1); - else - { - word carry = Add(R, R, M, N); - ShiftWordsRightByBits(R, N, 1); - R[N-1] += carry<<(WORD_BITS-1); - } - } -} - -// R[N] - result = A*(2^k) mod M -// A[N] - input -// M[N] - modulus - -void MultiplyByPower2Mod(word *R, const word *A, size_t k, const word *M, size_t N) -{ - CopyWords(R, A, N); - - while (k--) - if (ShiftWordsLeftByBits(R, N, 1) || Compare(R, M, N)>=0) - Subtract(R, R, M, N); -} - -// ****************************************************************** - -InitializeInteger::InitializeInteger() -{ - if (!g_pAssignIntToInteger) - { - SetFunctionPointers(); - g_pAssignIntToInteger = AssignIntToInteger; - } -} - -static const unsigned int RoundupSizeTable[] = {2, 2, 2, 4, 4, 8, 8, 8, 8}; - -static inline size_t RoundupSize(size_t n) -{ - if (n<=8) - return RoundupSizeTable[n]; - else if (n<=16) - return 16; - else if (n<=32) - return 32; - else if (n<=64) - return 64; - else return size_t(1) << BitPrecision(n-1); -} - -Integer::Integer() - : reg(2), sign(POSITIVE) -{ - reg[0] = reg[1] = 0; -} - -Integer::Integer(const Integer& t) - : reg(RoundupSize(t.WordCount())), sign(t.sign) -{ - CopyWords(reg, t.reg, reg.size()); -} - -Integer::Integer(Sign s, lword value) - : reg(2), sign(s) -{ - reg[0] = word(value); - reg[1] = word(SafeRightShift<WORD_BITS>(value)); -} - -Integer::Integer(signed long value) - : reg(2) -{ - if (value >= 0) - sign = POSITIVE; - else - { - sign = NEGATIVE; - value = -value; - } - reg[0] = word(value); - reg[1] = word(SafeRightShift<WORD_BITS>((unsigned long)value)); -} - -Integer::Integer(Sign s, word high, word low) - : reg(2), sign(s) -{ - reg[0] = low; - reg[1] = high; -} - -bool Integer::IsConvertableToLong() const -{ - if (ByteCount() > sizeof(long)) - return false; - - unsigned long value = (unsigned long)reg[0]; - value += SafeLeftShift<WORD_BITS, unsigned long>((unsigned long)reg[1]); - - if (sign==POSITIVE) - return (signed long)value >= 0; - else - return -(signed long)value < 0; -} - -signed long Integer::ConvertToLong() const -{ - assert(IsConvertableToLong()); - - unsigned long value = (unsigned long)reg[0]; - value += SafeLeftShift<WORD_BITS, unsigned long>((unsigned long)reg[1]); - return sign==POSITIVE ? value : -(signed long)value; -} - -Integer::Integer(BufferedTransformation &encodedInteger, size_t byteCount, Signedness s) -{ - Decode(encodedInteger, byteCount, s); -} - -Integer::Integer(const byte *encodedInteger, size_t byteCount, Signedness s) -{ - Decode(encodedInteger, byteCount, s); -} - -Integer::Integer(BufferedTransformation &bt) -{ - BERDecode(bt); -} - -Integer::Integer(RandomNumberGenerator &rng, size_t bitcount) -{ - Randomize(rng, bitcount); -} - -Integer::Integer(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType, const Integer &equiv, const Integer &mod) -{ - if (!Randomize(rng, min, max, rnType, equiv, mod)) - throw Integer::RandomNumberNotFound(); -} - -Integer Integer::Power2(size_t e) -{ - Integer r((word)0, BitsToWords(e+1)); - r.SetBit(e); - return r; -} - -template <long i> -struct NewInteger -{ - Integer * operator()() const - { - return new Integer(i); - } -}; - -const Integer &Integer::Zero() -{ - return Singleton<Integer>().Ref(); -} - -const Integer &Integer::One() -{ - return Singleton<Integer, NewInteger<1> >().Ref(); -} - -const Integer &Integer::Two() -{ - return Singleton<Integer, NewInteger<2> >().Ref(); -} - -bool Integer::operator!() const -{ - return IsNegative() ? false : (reg[0]==0 && WordCount()==0); -} - -Integer& Integer::operator=(const Integer& t) -{ - if (this != &t) - { - if (reg.size() != t.reg.size() || t.reg[t.reg.size()/2] == 0) - reg.New(RoundupSize(t.WordCount())); - CopyWords(reg, t.reg, reg.size()); - sign = t.sign; - } - return *this; -} - -bool Integer::GetBit(size_t n) const -{ - if (n/WORD_BITS >= reg.size()) - return 0; - else - return bool((reg[n/WORD_BITS] >> (n % WORD_BITS)) & 1); -} - -void Integer::SetBit(size_t n, bool value) -{ - if (value) - { - reg.CleanGrow(RoundupSize(BitsToWords(n+1))); - reg[n/WORD_BITS] |= (word(1) << (n%WORD_BITS)); - } - else - { - if (n/WORD_BITS < reg.size()) - reg[n/WORD_BITS] &= ~(word(1) << (n%WORD_BITS)); - } -} - -byte Integer::GetByte(size_t n) const -{ - if (n/WORD_SIZE >= reg.size()) - return 0; - else - return byte(reg[n/WORD_SIZE] >> ((n%WORD_SIZE)*8)); -} - -void Integer::SetByte(size_t n, byte value) -{ - reg.CleanGrow(RoundupSize(BytesToWords(n+1))); - reg[n/WORD_SIZE] &= ~(word(0xff) << 8*(n%WORD_SIZE)); - reg[n/WORD_SIZE] |= (word(value) << 8*(n%WORD_SIZE)); -} - -lword Integer::GetBits(size_t i, size_t n) const -{ - lword v = 0; - assert(n <= sizeof(v)*8); - for (unsigned int j=0; j<n; j++) - v |= lword(GetBit(i+j)) << j; - return v; -} - -Integer Integer::operator-() const -{ - Integer result(*this); - result.Negate(); - return result; -} - -Integer Integer::AbsoluteValue() const -{ - Integer result(*this); - result.sign = POSITIVE; - return result; -} - -void Integer::swap(Integer &a) -{ - reg.swap(a.reg); - std::swap(sign, a.sign); -} - -Integer::Integer(word value, size_t length) - : reg(RoundupSize(length)), sign(POSITIVE) -{ - reg[0] = value; - SetWords(reg+1, 0, reg.size()-1); -} - -template <class T> -static Integer StringToInteger(const T *str) -{ - int radix; - // GCC workaround - // std::char_traits<wchar_t>::length() not defined in GCC 3.2 and STLport 4.5.3 - unsigned int length; - for (length = 0; str[length] != 0; length++) {} - - Integer v; - - if (length == 0) - return v; - - switch (str[length-1]) - { - case 'h': - case 'H': - radix=16; - break; - case 'o': - case 'O': - radix=8; - break; - case 'b': - case 'B': - radix=2; - break; - default: - radix=10; - } - - if (length > 2 && str[0] == '0' && str[1] == 'x') - radix = 16; - - for (unsigned i=0; i<length; i++) - { - int digit; - - if (str[i] >= '0' && str[i] <= '9') - digit = str[i] - '0'; - else if (str[i] >= 'A' && str[i] <= 'F') - digit = str[i] - 'A' + 10; - else if (str[i] >= 'a' && str[i] <= 'f') - digit = str[i] - 'a' + 10; - else - digit = radix; - - if (digit < radix) - { - v *= radix; - v += digit; - } - } - - if (str[0] == '-') - v.Negate(); - - return v; -} - -Integer::Integer(const char *str) - : reg(2), sign(POSITIVE) -{ - *this = StringToInteger(str); -} - -Integer::Integer(const wchar_t *str) - : reg(2), sign(POSITIVE) -{ - *this = StringToInteger(str); -} - -unsigned int Integer::WordCount() const -{ - return (unsigned int)CountWords(reg, reg.size()); -} - -unsigned int Integer::ByteCount() const -{ - unsigned wordCount = WordCount(); - if (wordCount) - return (wordCount-1)*WORD_SIZE + BytePrecision(reg[wordCount-1]); - else - return 0; -} - -unsigned int Integer::BitCount() const -{ - unsigned wordCount = WordCount(); - if (wordCount) - return (wordCount-1)*WORD_BITS + BitPrecision(reg[wordCount-1]); - else - return 0; -} - -void Integer::Decode(const byte *input, size_t inputLen, Signedness s) -{ - StringStore store(input, inputLen); - Decode(store, inputLen, s); -} - -void Integer::Decode(BufferedTransformation &bt, size_t inputLen, Signedness s) -{ - assert(bt.MaxRetrievable() >= inputLen); - - byte b; - bt.Peek(b); - sign = ((s==SIGNED) && (b & 0x80)) ? NEGATIVE : POSITIVE; - - while (inputLen>0 && (sign==POSITIVE ? b==0 : b==0xff)) - { - bt.Skip(1); - inputLen--; - bt.Peek(b); - } - - reg.CleanNew(RoundupSize(BytesToWords(inputLen))); - - for (size_t i=inputLen; i > 0; i--) - { - bt.Get(b); - reg[(i-1)/WORD_SIZE] |= word(b) << ((i-1)%WORD_SIZE)*8; - } - - if (sign == NEGATIVE) - { - for (size_t i=inputLen; i<reg.size()*WORD_SIZE; i++) - reg[i/WORD_SIZE] |= word(0xff) << (i%WORD_SIZE)*8; - TwosComplement(reg, reg.size()); - } -} - -size_t Integer::MinEncodedSize(Signedness signedness) const -{ - unsigned int outputLen = STDMAX(1U, ByteCount()); - if (signedness == UNSIGNED) - return outputLen; - if (NotNegative() && (GetByte(outputLen-1) & 0x80)) - outputLen++; - if (IsNegative() && *this < -Power2(outputLen*8-1)) - outputLen++; - return outputLen; -} - -void Integer::Encode(byte *output, size_t outputLen, Signedness signedness) const -{ - ArraySink sink(output, outputLen); - Encode(sink, outputLen, signedness); -} - -void Integer::Encode(BufferedTransformation &bt, size_t outputLen, Signedness signedness) const -{ - if (signedness == UNSIGNED || NotNegative()) - { - for (size_t i=outputLen; i > 0; i--) - bt.Put(GetByte(i-1)); - } - else - { - // take two's complement of *this - Integer temp = Integer::Power2(8*STDMAX((size_t)ByteCount(), outputLen)) + *this; - temp.Encode(bt, outputLen, UNSIGNED); - } -} - -void Integer::DEREncode(BufferedTransformation &bt) const -{ - DERGeneralEncoder enc(bt, INTEGER); - Encode(enc, MinEncodedSize(SIGNED), SIGNED); - enc.MessageEnd(); -} - -void Integer::BERDecode(const byte *input, size_t len) -{ - StringStore store(input, len); - BERDecode(store); -} - -void Integer::BERDecode(BufferedTransformation &bt) -{ - BERGeneralDecoder dec(bt, INTEGER); - if (!dec.IsDefiniteLength() || dec.MaxRetrievable() < dec.RemainingLength()) - BERDecodeError(); - Decode(dec, (size_t)dec.RemainingLength(), SIGNED); - dec.MessageEnd(); -} - -void Integer::DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const -{ - DERGeneralEncoder enc(bt, OCTET_STRING); - Encode(enc, length); - enc.MessageEnd(); -} - -void Integer::BERDecodeAsOctetString(BufferedTransformation &bt, size_t length) -{ - BERGeneralDecoder dec(bt, OCTET_STRING); - if (!dec.IsDefiniteLength() || dec.RemainingLength() != length) - BERDecodeError(); - Decode(dec, length); - dec.MessageEnd(); -} - -size_t Integer::OpenPGPEncode(byte *output, size_t len) const -{ - ArraySink sink(output, len); - return OpenPGPEncode(sink); -} - -size_t Integer::OpenPGPEncode(BufferedTransformation &bt) const -{ - word16 bitCount = BitCount(); - bt.PutWord16(bitCount); - size_t byteCount = BitsToBytes(bitCount); - Encode(bt, byteCount); - return 2 + byteCount; -} - -void Integer::OpenPGPDecode(const byte *input, size_t len) -{ - StringStore store(input, len); - OpenPGPDecode(store); -} - -void Integer::OpenPGPDecode(BufferedTransformation &bt) -{ - word16 bitCount; - if (bt.GetWord16(bitCount) != 2 || bt.MaxRetrievable() < BitsToBytes(bitCount)) - throw OpenPGPDecodeErr(); - Decode(bt, BitsToBytes(bitCount)); -} - -void Integer::Randomize(RandomNumberGenerator &rng, size_t nbits) -{ - const size_t nbytes = nbits/8 + 1; - SecByteBlock buf(nbytes); - rng.GenerateBlock(buf, nbytes); - if (nbytes) - buf[0] = (byte)Crop(buf[0], nbits % 8); - Decode(buf, nbytes, UNSIGNED); -} - -void Integer::Randomize(RandomNumberGenerator &rng, const Integer &min, const Integer &max) -{ - if (min > max) - throw InvalidArgument("Integer: Min must be no greater than Max"); - - Integer range = max - min; - const unsigned int nbits = range.BitCount(); - - do - { - Randomize(rng, nbits); - } - while (*this > range); - - *this += min; -} - -bool Integer::Randomize(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType, const Integer &equiv, const Integer &mod) -{ - return GenerateRandomNoThrow(rng, MakeParameters("Min", min)("Max", max)("RandomNumberType", rnType)("EquivalentTo", equiv)("Mod", mod)); -} - -class KDF2_RNG : public RandomNumberGenerator -{ -public: - KDF2_RNG(const byte *seed, size_t seedSize) - : m_counter(0), m_counterAndSeed(seedSize + 4) - { - memcpy(m_counterAndSeed + 4, seed, seedSize); - } - - void GenerateBlock(byte *output, size_t size) - { - PutWord(false, BIG_ENDIAN_ORDER, m_counterAndSeed, m_counter); - ++m_counter; - P1363_KDF2<SHA1>::DeriveKey(output, size, m_counterAndSeed, m_counterAndSeed.size(), NULL, 0); - } - -private: - word32 m_counter; - SecByteBlock m_counterAndSeed; -}; - -bool Integer::GenerateRandomNoThrow(RandomNumberGenerator &i_rng, const NameValuePairs ¶ms) -{ - Integer min = params.GetValueWithDefault("Min", Integer::Zero()); - Integer max; - if (!params.GetValue("Max", max)) - { - int bitLength; - if (params.GetIntValue("BitLength", bitLength)) - max = Integer::Power2(bitLength); - else - throw InvalidArgument("Integer: missing Max argument"); - } - if (min > max) - throw InvalidArgument("Integer: Min must be no greater than Max"); - - Integer equiv = params.GetValueWithDefault("EquivalentTo", Integer::Zero()); - Integer mod = params.GetValueWithDefault("Mod", Integer::One()); - - if (equiv.IsNegative() || equiv >= mod) - throw InvalidArgument("Integer: invalid EquivalentTo and/or Mod argument"); - - Integer::RandomNumberType rnType = params.GetValueWithDefault("RandomNumberType", Integer::ANY); - - member_ptr<KDF2_RNG> kdf2Rng; - ConstByteArrayParameter seed; - if (params.GetValue(Name::Seed(), seed)) - { - ByteQueue bq; - DERSequenceEncoder seq(bq); - min.DEREncode(seq); - max.DEREncode(seq); - equiv.DEREncode(seq); - mod.DEREncode(seq); - DEREncodeUnsigned(seq, rnType); - DEREncodeOctetString(seq, seed.begin(), seed.size()); - seq.MessageEnd(); - - SecByteBlock finalSeed((size_t)bq.MaxRetrievable()); - bq.Get(finalSeed, finalSeed.size()); - kdf2Rng.reset(new KDF2_RNG(finalSeed.begin(), finalSeed.size())); - } - RandomNumberGenerator &rng = kdf2Rng.get() ? (RandomNumberGenerator &)*kdf2Rng : i_rng; - - switch (rnType) - { - case ANY: - if (mod == One()) - Randomize(rng, min, max); - else - { - Integer min1 = min + (equiv-min)%mod; - if (max < min1) - return false; - Randomize(rng, Zero(), (max - min1) / mod); - *this *= mod; - *this += min1; - } - return true; - - case PRIME: - { - const PrimeSelector *pSelector = params.GetValueWithDefault(Name::PointerToPrimeSelector(), (const PrimeSelector *)NULL); - - int i; - i = 0; - while (1) - { - if (++i==16) - { - // check if there are any suitable primes in [min, max] - Integer first = min; - if (FirstPrime(first, max, equiv, mod, pSelector)) - { - // if there is only one suitable prime, we're done - *this = first; - if (!FirstPrime(first, max, equiv, mod, pSelector)) - return true; - } - else - return false; - } - - Randomize(rng, min, max); - if (FirstPrime(*this, STDMIN(*this+mod*PrimeSearchInterval(max), max), equiv, mod, pSelector)) - return true; - } - } - - default: - throw InvalidArgument("Integer: invalid RandomNumberType argument"); - } -} - -std::istream& operator>>(std::istream& in, Integer &a) -{ - char c; - unsigned int length = 0; - SecBlock<char> str(length + 16); - - std::ws(in); - - do - { - in.read(&c, 1); - str[length++] = c; - if (length >= str.size()) - str.Grow(length + 16); - } - while (in && (c=='-' || c=='x' || (c>='0' && c<='9') || (c>='a' && c<='f') || (c>='A' && c<='F') || c=='h' || c=='H' || c=='o' || c=='O' || c==',' || c=='.')); - - if (in.gcount()) - in.putback(c); - str[length-1] = '\0'; - a = Integer(str); - - return in; -} - -std::ostream& operator<<(std::ostream& out, const Integer &a) -{ - // Get relevant conversion specifications from ostream. - long f = out.flags() & std::ios::basefield; // Get base digits. - int base, block; - char suffix; - switch(f) - { - case std::ios::oct : - base = 8; - block = 8; - suffix = 'o'; - break; - case std::ios::hex : - base = 16; - block = 4; - suffix = 'h'; - break; - default : - base = 10; - block = 3; - suffix = '.'; - } - - Integer temp1=a, temp2; - - if (a.IsNegative()) - { - out << '-'; - temp1.Negate(); - } - - if (!a) - out << '0'; - - static const char upper[]="0123456789ABCDEF"; - static const char lower[]="0123456789abcdef"; - - const char* vec = (out.flags() & std::ios::uppercase) ? upper : lower; - unsigned i=0; - SecBlock<char> s(a.BitCount() / (BitPrecision(base)-1) + 1); - - while (!!temp1) - { - word digit; - Integer::Divide(digit, temp2, temp1, base); - s[i++]=vec[digit]; - temp1.swap(temp2); - } - - while (i--) - { - out << s[i]; -// if (i && !(i%block)) -// out << ","; - } - return out << suffix; -} - -Integer& Integer::operator++() -{ - if (NotNegative()) - { - if (Increment(reg, reg.size())) - { - reg.CleanGrow(2*reg.size()); - reg[reg.size()/2]=1; - } - } - else - { - word borrow = Decrement(reg, reg.size()); - assert(!borrow); - if (WordCount()==0) - *this = Zero(); - } - return *this; -} - -Integer& Integer::operator--() -{ - if (IsNegative()) - { - if (Increment(reg, reg.size())) - { - reg.CleanGrow(2*reg.size()); - reg[reg.size()/2]=1; - } - } - else - { - if (Decrement(reg, reg.size())) - *this = -One(); - } - return *this; -} - -void PositiveAdd(Integer &sum, const Integer &a, const Integer& b) -{ - int carry; - if (a.reg.size() == b.reg.size()) - carry = Add(sum.reg, a.reg, b.reg, a.reg.size()); - else if (a.reg.size() > b.reg.size()) - { - carry = Add(sum.reg, a.reg, b.reg, b.reg.size()); - CopyWords(sum.reg+b.reg.size(), a.reg+b.reg.size(), a.reg.size()-b.reg.size()); - carry = Increment(sum.reg+b.reg.size(), a.reg.size()-b.reg.size(), carry); - } - else - { - carry = Add(sum.reg, a.reg, b.reg, a.reg.size()); - CopyWords(sum.reg+a.reg.size(), b.reg+a.reg.size(), b.reg.size()-a.reg.size()); - carry = Increment(sum.reg+a.reg.size(), b.reg.size()-a.reg.size(), carry); - } - - if (carry) - { - sum.reg.CleanGrow(2*sum.reg.size()); - sum.reg[sum.reg.size()/2] = 1; - } - sum.sign = Integer::POSITIVE; -} - -void PositiveSubtract(Integer &diff, const Integer &a, const Integer& b) -{ - unsigned aSize = a.WordCount(); - aSize += aSize%2; - unsigned bSize = b.WordCount(); - bSize += bSize%2; - - if (aSize == bSize) - { - if (Compare(a.reg, b.reg, aSize) >= 0) - { - Subtract(diff.reg, a.reg, b.reg, aSize); - diff.sign = Integer::POSITIVE; - } - else - { - Subtract(diff.reg, b.reg, a.reg, aSize); - diff.sign = Integer::NEGATIVE; - } - } - else if (aSize > bSize) - { - word borrow = Subtract(diff.reg, a.reg, b.reg, bSize); - CopyWords(diff.reg+bSize, a.reg+bSize, aSize-bSize); - borrow = Decrement(diff.reg+bSize, aSize-bSize, borrow); - assert(!borrow); - diff.sign = Integer::POSITIVE; - } - else - { - word borrow = Subtract(diff.reg, b.reg, a.reg, aSize); - CopyWords(diff.reg+aSize, b.reg+aSize, bSize-aSize); - borrow = Decrement(diff.reg+aSize, bSize-aSize, borrow); - assert(!borrow); - diff.sign = Integer::NEGATIVE; - } -} - -// MSVC .NET 2003 workaround -template <class T> inline const T& STDMAX2(const T& a, const T& b) -{ - return a < b ? b : a; -} - -Integer Integer::Plus(const Integer& b) const -{ - Integer sum((word)0, STDMAX2(reg.size(), b.reg.size())); - if (NotNegative()) - { - if (b.NotNegative()) - PositiveAdd(sum, *this, b); - else - PositiveSubtract(sum, *this, b); - } - else - { - if (b.NotNegative()) - PositiveSubtract(sum, b, *this); - else - { - PositiveAdd(sum, *this, b); - sum.sign = Integer::NEGATIVE; - } - } - return sum; -} - -Integer& Integer::operator+=(const Integer& t) -{ - reg.CleanGrow(t.reg.size()); - if (NotNegative()) - { - if (t.NotNegative()) - PositiveAdd(*this, *this, t); - else - PositiveSubtract(*this, *this, t); - } - else - { - if (t.NotNegative()) - PositiveSubtract(*this, t, *this); - else - { - PositiveAdd(*this, *this, t); - sign = Integer::NEGATIVE; - } - } - return *this; -} - -Integer Integer::Minus(const Integer& b) const -{ - Integer diff((word)0, STDMAX2(reg.size(), b.reg.size())); - if (NotNegative()) - { - if (b.NotNegative()) - PositiveSubtract(diff, *this, b); - else - PositiveAdd(diff, *this, b); - } - else - { - if (b.NotNegative()) - { - PositiveAdd(diff, *this, b); - diff.sign = Integer::NEGATIVE; - } - else - PositiveSubtract(diff, b, *this); - } - return diff; -} - -Integer& Integer::operator-=(const Integer& t) -{ - reg.CleanGrow(t.reg.size()); - if (NotNegative()) - { - if (t.NotNegative()) - PositiveSubtract(*this, *this, t); - else - PositiveAdd(*this, *this, t); - } - else - { - if (t.NotNegative()) - { - PositiveAdd(*this, *this, t); - sign = Integer::NEGATIVE; - } - else - PositiveSubtract(*this, t, *this); - } - return *this; -} - -Integer& Integer::operator<<=(size_t n) -{ - const size_t wordCount = WordCount(); - const size_t shiftWords = n / WORD_BITS; - const unsigned int shiftBits = (unsigned int)(n % WORD_BITS); - - reg.CleanGrow(RoundupSize(wordCount+BitsToWords(n))); - ShiftWordsLeftByWords(reg, wordCount + shiftWords, shiftWords); - ShiftWordsLeftByBits(reg+shiftWords, wordCount+BitsToWords(shiftBits), shiftBits); - return *this; -} - -Integer& Integer::operator>>=(size_t n) -{ - const size_t wordCount = WordCount(); - const size_t shiftWords = n / WORD_BITS; - const unsigned int shiftBits = (unsigned int)(n % WORD_BITS); - - ShiftWordsRightByWords(reg, wordCount, shiftWords); - if (wordCount > shiftWords) - ShiftWordsRightByBits(reg, wordCount-shiftWords, shiftBits); - if (IsNegative() && WordCount()==0) // avoid -0 - *this = Zero(); - return *this; -} - -void PositiveMultiply(Integer &product, const Integer &a, const Integer &b) -{ - size_t aSize = RoundupSize(a.WordCount()); - size_t bSize = RoundupSize(b.WordCount()); - - product.reg.CleanNew(RoundupSize(aSize+bSize)); - product.sign = Integer::POSITIVE; - - IntegerSecBlock workspace(aSize + bSize); - AsymmetricMultiply(product.reg, workspace, a.reg, aSize, b.reg, bSize); -} - -void Multiply(Integer &product, const Integer &a, const Integer &b) -{ - PositiveMultiply(product, a, b); - - if (a.NotNegative() != b.NotNegative()) - product.Negate(); -} - -Integer Integer::Times(const Integer &b) const -{ - Integer product; - Multiply(product, *this, b); - return product; -} - -/* -void PositiveDivide(Integer &remainder, Integer "ient, - const Integer ÷nd, const Integer &divisor) -{ - remainder.reg.CleanNew(divisor.reg.size()); - remainder.sign = Integer::POSITIVE; - quotient.reg.New(0); - quotient.sign = Integer::POSITIVE; - unsigned i=dividend.BitCount(); - while (i--) - { - word overflow = ShiftWordsLeftByBits(remainder.reg, remainder.reg.size(), 1); - remainder.reg[0] |= dividend[i]; - if (overflow || remainder >= divisor) - { - Subtract(remainder.reg, remainder.reg, divisor.reg, remainder.reg.size()); - quotient.SetBit(i); - } - } -} -*/ - -void PositiveDivide(Integer &remainder, Integer "ient, - const Integer &a, const Integer &b) -{ - unsigned aSize = a.WordCount(); - unsigned bSize = b.WordCount(); - - if (!bSize) - throw Integer::DivideByZero(); - - if (aSize < bSize) - { - remainder = a; - remainder.sign = Integer::POSITIVE; - quotient = Integer::Zero(); - return; - } - - aSize += aSize%2; // round up to next even number - bSize += bSize%2; - - remainder.reg.CleanNew(RoundupSize(bSize)); - remainder.sign = Integer::POSITIVE; - quotient.reg.CleanNew(RoundupSize(aSize-bSize+2)); - quotient.sign = Integer::POSITIVE; - - IntegerSecBlock T(aSize+3*(bSize+2)); - Divide(remainder.reg, quotient.reg, T, a.reg, aSize, b.reg, bSize); -} - -void Integer::Divide(Integer &remainder, Integer "ient, const Integer ÷nd, const Integer &divisor) -{ - PositiveDivide(remainder, quotient, dividend, divisor); - - if (dividend.IsNegative()) - { - quotient.Negate(); - if (remainder.NotZero()) - { - --quotient; - remainder = divisor.AbsoluteValue() - remainder; - } - } - - if (divisor.IsNegative()) - quotient.Negate(); -} - -void Integer::DivideByPowerOf2(Integer &r, Integer &q, const Integer &a, unsigned int n) -{ - q = a; - q >>= n; - - const size_t wordCount = BitsToWords(n); - if (wordCount <= a.WordCount()) - { - r.reg.resize(RoundupSize(wordCount)); - CopyWords(r.reg, a.reg, wordCount); - SetWords(r.reg+wordCount, 0, r.reg.size()-wordCount); - if (n % WORD_BITS != 0) - r.reg[wordCount-1] %= (word(1) << (n % WORD_BITS)); - } - else - { - r.reg.resize(RoundupSize(a.WordCount())); - CopyWords(r.reg, a.reg, r.reg.size()); - } - r.sign = POSITIVE; - - if (a.IsNegative() && r.NotZero()) - { - --q; - r = Power2(n) - r; - } -} - -Integer Integer::DividedBy(const Integer &b) const -{ - Integer remainder, quotient; - Integer::Divide(remainder, quotient, *this, b); - return quotient; -} - -Integer Integer::Modulo(const Integer &b) const -{ - Integer remainder, quotient; - Integer::Divide(remainder, quotient, *this, b); - return remainder; -} - -void Integer::Divide(word &remainder, Integer "ient, const Integer ÷nd, word divisor) -{ - if (!divisor) - throw Integer::DivideByZero(); - - assert(divisor); - - if ((divisor & (divisor-1)) == 0) // divisor is a power of 2 - { - quotient = dividend >> (BitPrecision(divisor)-1); - remainder = dividend.reg[0] & (divisor-1); - return; - } - - unsigned int i = dividend.WordCount(); - quotient.reg.CleanNew(RoundupSize(i)); - remainder = 0; - while (i--) - { - quotient.reg[i] = DWord(dividend.reg[i], remainder) / divisor; - remainder = DWord(dividend.reg[i], remainder) % divisor; - } - - if (dividend.NotNegative()) - quotient.sign = POSITIVE; - else - { - quotient.sign = NEGATIVE; - if (remainder) - { - --quotient; - remainder = divisor - remainder; - } - } -} - -Integer Integer::DividedBy(word b) const -{ - word remainder; - Integer quotient; - Integer::Divide(remainder, quotient, *this, b); - return quotient; -} - -word Integer::Modulo(word divisor) const -{ - if (!divisor) - throw Integer::DivideByZero(); - - assert(divisor); - - word remainder; - - if ((divisor & (divisor-1)) == 0) // divisor is a power of 2 - remainder = reg[0] & (divisor-1); - else - { - unsigned int i = WordCount(); - - if (divisor <= 5) - { - DWord sum(0, 0); - while (i--) - sum += reg[i]; - remainder = sum % divisor; - } - else - { - remainder = 0; - while (i--) - remainder = DWord(reg[i], remainder) % divisor; - } - } - - if (IsNegative() && remainder) - remainder = divisor - remainder; - - return remainder; -} - -void Integer::Negate() -{ - if (!!(*this)) // don't flip sign if *this==0 - sign = Sign(1-sign); -} - -int Integer::PositiveCompare(const Integer& t) const -{ - unsigned size = WordCount(), tSize = t.WordCount(); - - if (size == tSize) - return CryptoPP::Compare(reg, t.reg, size); - else - return size > tSize ? 1 : -1; -} - -int Integer::Compare(const Integer& t) const -{ - if (NotNegative()) - { - if (t.NotNegative()) - return PositiveCompare(t); - else - return 1; - } - else - { - if (t.NotNegative()) - return -1; - else - return -PositiveCompare(t); - } -} - -Integer Integer::SquareRoot() const -{ - if (!IsPositive()) - return Zero(); - - // overestimate square root - Integer x, y = Power2((BitCount()+1)/2); - assert(y*y >= *this); - - do - { - x = y; - y = (x + *this/x) >> 1; - } while (y<x); - - return x; -} - -bool Integer::IsSquare() const -{ - Integer r = SquareRoot(); - return *this == r.Squared(); -} - -bool Integer::IsUnit() const -{ - return (WordCount() == 1) && (reg[0] == 1); -} - -Integer Integer::MultiplicativeInverse() const -{ - return IsUnit() ? *this : Zero(); -} - -Integer a_times_b_mod_c(const Integer &x, const Integer& y, const Integer& m) -{ - return x*y%m; -} - -Integer a_exp_b_mod_c(const Integer &x, const Integer& e, const Integer& m) -{ - ModularArithmetic mr(m); - return mr.Exponentiate(x, e); -} - -Integer Integer::Gcd(const Integer &a, const Integer &b) -{ - return EuclideanDomainOf<Integer>().Gcd(a, b); -} - -Integer Integer::InverseMod(const Integer &m) const -{ - assert(m.NotNegative()); - - if (IsNegative()) - return Modulo(m).InverseMod(m); - - if (m.IsEven()) - { - if (!m || IsEven()) - return Zero(); // no inverse - if (*this == One()) - return One(); - - Integer u = m.Modulo(*this).InverseMod(*this); - return !u ? Zero() : (m*(*this-u)+1)/(*this); - } - - SecBlock<word> T(m.reg.size() * 4); - Integer r((word)0, m.reg.size()); - unsigned k = AlmostInverse(r.reg, T, reg, reg.size(), m.reg, m.reg.size()); - DivideByPower2Mod(r.reg, r.reg, k, m.reg, m.reg.size()); - return r; -} - -word Integer::InverseMod(word mod) const -{ - word g0 = mod, g1 = *this % mod; - word v0 = 0, v1 = 1; - word y; - - while (g1) - { - if (g1 == 1) - return v1; - y = g0 / g1; - g0 = g0 % g1; - v0 += y * v1; - - if (!g0) - break; - if (g0 == 1) - return mod-v0; - y = g1 / g0; - g1 = g1 % g0; - v1 += y * v0; - } - return 0; -} - -// ******************************************************** - -ModularArithmetic::ModularArithmetic(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - OID oid(seq); - if (oid != ASN1::prime_field()) - BERDecodeError(); - m_modulus.BERDecode(seq); - seq.MessageEnd(); - m_result.reg.resize(m_modulus.reg.size()); -} - -void ModularArithmetic::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - ASN1::prime_field().DEREncode(seq); - m_modulus.DEREncode(seq); - seq.MessageEnd(); -} - -void ModularArithmetic::DEREncodeElement(BufferedTransformation &out, const Element &a) const -{ - a.DEREncodeAsOctetString(out, MaxElementByteLength()); -} - -void ModularArithmetic::BERDecodeElement(BufferedTransformation &in, Element &a) const -{ - a.BERDecodeAsOctetString(in, MaxElementByteLength()); -} - -const Integer& ModularArithmetic::Half(const Integer &a) const -{ - if (a.reg.size()==m_modulus.reg.size()) - { - CryptoPP::DivideByPower2Mod(m_result.reg.begin(), a.reg, 1, m_modulus.reg, a.reg.size()); - return m_result; - } - else - return m_result1 = (a.IsEven() ? (a >> 1) : ((a+m_modulus) >> 1)); -} - -const Integer& ModularArithmetic::Add(const Integer &a, const Integer &b) const -{ - if (a.reg.size()==m_modulus.reg.size() && b.reg.size()==m_modulus.reg.size()) - { - if (CryptoPP::Add(m_result.reg.begin(), a.reg, b.reg, a.reg.size()) - || Compare(m_result.reg, m_modulus.reg, a.reg.size()) >= 0) - { - CryptoPP::Subtract(m_result.reg.begin(), m_result.reg, m_modulus.reg, a.reg.size()); - } - return m_result; - } - else - { - m_result1 = a+b; - if (m_result1 >= m_modulus) - m_result1 -= m_modulus; - return m_result1; - } -} - -Integer& ModularArithmetic::Accumulate(Integer &a, const Integer &b) const -{ - if (a.reg.size()==m_modulus.reg.size() && b.reg.size()==m_modulus.reg.size()) - { - if (CryptoPP::Add(a.reg, a.reg, b.reg, a.reg.size()) - || Compare(a.reg, m_modulus.reg, a.reg.size()) >= 0) - { - CryptoPP::Subtract(a.reg, a.reg, m_modulus.reg, a.reg.size()); - } - } - else - { - a+=b; - if (a>=m_modulus) - a-=m_modulus; - } - - return a; -} - -const Integer& ModularArithmetic::Subtract(const Integer &a, const Integer &b) const -{ - if (a.reg.size()==m_modulus.reg.size() && b.reg.size()==m_modulus.reg.size()) - { - if (CryptoPP::Subtract(m_result.reg.begin(), a.reg, b.reg, a.reg.size())) - CryptoPP::Add(m_result.reg.begin(), m_result.reg, m_modulus.reg, a.reg.size()); - return m_result; - } - else - { - m_result1 = a-b; - if (m_result1.IsNegative()) - m_result1 += m_modulus; - return m_result1; - } -} - -Integer& ModularArithmetic::Reduce(Integer &a, const Integer &b) const -{ - if (a.reg.size()==m_modulus.reg.size() && b.reg.size()==m_modulus.reg.size()) - { - if (CryptoPP::Subtract(a.reg, a.reg, b.reg, a.reg.size())) - CryptoPP::Add(a.reg, a.reg, m_modulus.reg, a.reg.size()); - } - else - { - a-=b; - if (a.IsNegative()) - a+=m_modulus; - } - - return a; -} - -const Integer& ModularArithmetic::Inverse(const Integer &a) const -{ - if (!a) - return a; - - CopyWords(m_result.reg.begin(), m_modulus.reg, m_modulus.reg.size()); - if (CryptoPP::Subtract(m_result.reg.begin(), m_result.reg, a.reg, a.reg.size())) - Decrement(m_result.reg.begin()+a.reg.size(), m_modulus.reg.size()-a.reg.size()); - - return m_result; -} - -Integer ModularArithmetic::CascadeExponentiate(const Integer &x, const Integer &e1, const Integer &y, const Integer &e2) const -{ - if (m_modulus.IsOdd()) - { - MontgomeryRepresentation dr(m_modulus); - return dr.ConvertOut(dr.CascadeExponentiate(dr.ConvertIn(x), e1, dr.ConvertIn(y), e2)); - } - else - return AbstractRing<Integer>::CascadeExponentiate(x, e1, y, e2); -} - -void ModularArithmetic::SimultaneousExponentiate(Integer *results, const Integer &base, const Integer *exponents, unsigned int exponentsCount) const -{ - if (m_modulus.IsOdd()) - { - MontgomeryRepresentation dr(m_modulus); - dr.SimultaneousExponentiate(results, dr.ConvertIn(base), exponents, exponentsCount); - for (unsigned int i=0; i<exponentsCount; i++) - results[i] = dr.ConvertOut(results[i]); - } - else - AbstractRing<Integer>::SimultaneousExponentiate(results, base, exponents, exponentsCount); -} - -MontgomeryRepresentation::MontgomeryRepresentation(const Integer &m) // modulus must be odd - : ModularArithmetic(m), - m_u((word)0, m_modulus.reg.size()), - m_workspace(5*m_modulus.reg.size()) -{ - if (!m_modulus.IsOdd()) - throw InvalidArgument("MontgomeryRepresentation: Montgomery representation requires an odd modulus"); - - RecursiveInverseModPower2(m_u.reg, m_workspace, m_modulus.reg, m_modulus.reg.size()); -} - -const Integer& MontgomeryRepresentation::Multiply(const Integer &a, const Integer &b) const -{ - word *const T = m_workspace.begin(); - word *const R = m_result.reg.begin(); - const size_t N = m_modulus.reg.size(); - assert(a.reg.size()<=N && b.reg.size()<=N); - - AsymmetricMultiply(T, T+2*N, a.reg, a.reg.size(), b.reg, b.reg.size()); - SetWords(T+a.reg.size()+b.reg.size(), 0, 2*N-a.reg.size()-b.reg.size()); - MontgomeryReduce(R, T+2*N, T, m_modulus.reg, m_u.reg, N); - return m_result; -} - -const Integer& MontgomeryRepresentation::Square(const Integer &a) const -{ - word *const T = m_workspace.begin(); - word *const R = m_result.reg.begin(); - const size_t N = m_modulus.reg.size(); - assert(a.reg.size()<=N); - - CryptoPP::Square(T, T+2*N, a.reg, a.reg.size()); - SetWords(T+2*a.reg.size(), 0, 2*N-2*a.reg.size()); - MontgomeryReduce(R, T+2*N, T, m_modulus.reg, m_u.reg, N); - return m_result; -} - -Integer MontgomeryRepresentation::ConvertOut(const Integer &a) const -{ - word *const T = m_workspace.begin(); - word *const R = m_result.reg.begin(); - const size_t N = m_modulus.reg.size(); - assert(a.reg.size()<=N); - - CopyWords(T, a.reg, a.reg.size()); - SetWords(T+a.reg.size(), 0, 2*N-a.reg.size()); - MontgomeryReduce(R, T+2*N, T, m_modulus.reg, m_u.reg, N); - return m_result; -} - -const Integer& MontgomeryRepresentation::MultiplicativeInverse(const Integer &a) const -{ -// return (EuclideanMultiplicativeInverse(a, modulus)<<(2*WORD_BITS*modulus.reg.size()))%modulus; - word *const T = m_workspace.begin(); - word *const R = m_result.reg.begin(); - const size_t N = m_modulus.reg.size(); - assert(a.reg.size()<=N); - - CopyWords(T, a.reg, a.reg.size()); - SetWords(T+a.reg.size(), 0, 2*N-a.reg.size()); - MontgomeryReduce(R, T+2*N, T, m_modulus.reg, m_u.reg, N); - unsigned k = AlmostInverse(R, T, R, N, m_modulus.reg, N); - -// cout << "k=" << k << " N*32=" << 32*N << endl; - - if (k>N*WORD_BITS) - DivideByPower2Mod(R, R, k-N*WORD_BITS, m_modulus.reg, N); - else - MultiplyByPower2Mod(R, R, N*WORD_BITS-k, m_modulus.reg, N); - - return m_result; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/integer.h b/cryptopp562/integer.h deleted file mode 100644 index 6d844fa..0000000 --- a/cryptopp562/integer.h +++ /dev/null @@ -1,420 +0,0 @@ -#ifndef CRYPTOPP_INTEGER_H -#define CRYPTOPP_INTEGER_H - -/** \file */ - -#include "cryptlib.h" -#include "secblock.h" - -#include <iosfwd> -#include <algorithm> - -NAMESPACE_BEGIN(CryptoPP) - -struct InitializeInteger // used to initialize static variables -{ - InitializeInteger(); -}; - -typedef SecBlock<word, AllocatorWithCleanup<word, CRYPTOPP_BOOL_X86> > IntegerSecBlock; - -//! multiple precision integer and basic arithmetics -/*! This class can represent positive and negative integers - with absolute value less than (256**sizeof(word)) ** (256**sizeof(int)). - \nosubgrouping -*/ -class CRYPTOPP_DLL Integer : private InitializeInteger, public ASN1Object -{ -public: - //! \name ENUMS, EXCEPTIONS, and TYPEDEFS - //@{ - //! division by zero exception - class DivideByZero : public Exception - { - public: - DivideByZero() : Exception(OTHER_ERROR, "Integer: division by zero") {} - }; - - //! - class RandomNumberNotFound : public Exception - { - public: - RandomNumberNotFound() : Exception(OTHER_ERROR, "Integer: no integer satisfies the given parameters") {} - }; - - //! - enum Sign {POSITIVE=0, NEGATIVE=1}; - - //! - enum Signedness { - //! - UNSIGNED, - //! - SIGNED}; - - //! - enum RandomNumberType { - //! - ANY, - //! - PRIME}; - //@} - - //! \name CREATORS - //@{ - //! creates the zero integer - Integer(); - - //! copy constructor - Integer(const Integer& t); - - //! convert from signed long - Integer(signed long value); - - //! convert from lword - Integer(Sign s, lword value); - - //! convert from two words - Integer(Sign s, word highWord, word lowWord); - - //! convert from string - /*! str can be in base 2, 8, 10, or 16. Base is determined by a - case insensitive suffix of 'h', 'o', or 'b'. No suffix means base 10. - */ - explicit Integer(const char *str); - explicit Integer(const wchar_t *str); - - //! convert from big-endian byte array - Integer(const byte *encodedInteger, size_t byteCount, Signedness s=UNSIGNED); - - //! convert from big-endian form stored in a BufferedTransformation - Integer(BufferedTransformation &bt, size_t byteCount, Signedness s=UNSIGNED); - - //! convert from BER encoded byte array stored in a BufferedTransformation object - explicit Integer(BufferedTransformation &bt); - - //! create a random integer - /*! The random integer created is uniformly distributed over [0, 2**bitcount). */ - Integer(RandomNumberGenerator &rng, size_t bitcount); - - //! avoid calling constructors for these frequently used integers - static const Integer & CRYPTOPP_API Zero(); - //! avoid calling constructors for these frequently used integers - static const Integer & CRYPTOPP_API One(); - //! avoid calling constructors for these frequently used integers - static const Integer & CRYPTOPP_API Two(); - - //! create a random integer of special type - /*! Ideally, the random integer created should be uniformly distributed - over {x | min <= x <= max and x is of rnType and x % mod == equiv}. - However the actual distribution may not be uniform because sequential - search is used to find an appropriate number from a random starting - point. - May return (with very small probability) a pseudoprime when a prime - is requested and max > lastSmallPrime*lastSmallPrime (lastSmallPrime - is declared in nbtheory.h). - \throw RandomNumberNotFound if the set is empty. - */ - Integer(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType=ANY, const Integer &equiv=Zero(), const Integer &mod=One()); - - //! return the integer 2**e - static Integer CRYPTOPP_API Power2(size_t e); - //@} - - //! \name ENCODE/DECODE - //@{ - //! minimum number of bytes to encode this integer - /*! MinEncodedSize of 0 is 1 */ - size_t MinEncodedSize(Signedness=UNSIGNED) const; - //! encode in big-endian format - /*! unsigned means encode absolute value, signed means encode two's complement if negative. - if outputLen < MinEncodedSize, the most significant bytes will be dropped - if outputLen > MinEncodedSize, the most significant bytes will be padded - */ - void Encode(byte *output, size_t outputLen, Signedness=UNSIGNED) const; - //! - void Encode(BufferedTransformation &bt, size_t outputLen, Signedness=UNSIGNED) const; - - //! encode using Distinguished Encoding Rules, put result into a BufferedTransformation object - void DEREncode(BufferedTransformation &bt) const; - - //! encode absolute value as big-endian octet string - void DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const; - - //! encode absolute value in OpenPGP format, return length of output - size_t OpenPGPEncode(byte *output, size_t bufferSize) const; - //! encode absolute value in OpenPGP format, put result into a BufferedTransformation object - size_t OpenPGPEncode(BufferedTransformation &bt) const; - - //! - void Decode(const byte *input, size_t inputLen, Signedness=UNSIGNED); - //! - //* Precondition: bt.MaxRetrievable() >= inputLen - void Decode(BufferedTransformation &bt, size_t inputLen, Signedness=UNSIGNED); - - //! - void BERDecode(const byte *input, size_t inputLen); - //! - void BERDecode(BufferedTransformation &bt); - - //! decode nonnegative value as big-endian octet string - void BERDecodeAsOctetString(BufferedTransformation &bt, size_t length); - - class OpenPGPDecodeErr : public Exception - { - public: - OpenPGPDecodeErr() : Exception(INVALID_DATA_FORMAT, "OpenPGP decode error") {} - }; - - //! - void OpenPGPDecode(const byte *input, size_t inputLen); - //! - void OpenPGPDecode(BufferedTransformation &bt); - //@} - - //! \name ACCESSORS - //@{ - //! return true if *this can be represented as a signed long - bool IsConvertableToLong() const; - //! return equivalent signed long if possible, otherwise undefined - signed long ConvertToLong() const; - - //! number of significant bits = floor(log2(abs(*this))) + 1 - unsigned int BitCount() const; - //! number of significant bytes = ceiling(BitCount()/8) - unsigned int ByteCount() const; - //! number of significant words = ceiling(ByteCount()/sizeof(word)) - unsigned int WordCount() const; - - //! return the i-th bit, i=0 being the least significant bit - bool GetBit(size_t i) const; - //! return the i-th byte - byte GetByte(size_t i) const; - //! return n lowest bits of *this >> i - lword GetBits(size_t i, size_t n) const; - - //! - bool IsZero() const {return !*this;} - //! - bool NotZero() const {return !IsZero();} - //! - bool IsNegative() const {return sign == NEGATIVE;} - //! - bool NotNegative() const {return !IsNegative();} - //! - bool IsPositive() const {return NotNegative() && NotZero();} - //! - bool NotPositive() const {return !IsPositive();} - //! - bool IsEven() const {return GetBit(0) == 0;} - //! - bool IsOdd() const {return GetBit(0) == 1;} - //@} - - //! \name MANIPULATORS - //@{ - //! - Integer& operator=(const Integer& t); - - //! - Integer& operator+=(const Integer& t); - //! - Integer& operator-=(const Integer& t); - //! - Integer& operator*=(const Integer& t) {return *this = Times(t);} - //! - Integer& operator/=(const Integer& t) {return *this = DividedBy(t);} - //! - Integer& operator%=(const Integer& t) {return *this = Modulo(t);} - //! - Integer& operator/=(word t) {return *this = DividedBy(t);} - //! - Integer& operator%=(word t) {return *this = Integer(POSITIVE, 0, Modulo(t));} - - //! - Integer& operator<<=(size_t); - //! - Integer& operator>>=(size_t); - - //! - void Randomize(RandomNumberGenerator &rng, size_t bitcount); - //! - void Randomize(RandomNumberGenerator &rng, const Integer &min, const Integer &max); - //! set this Integer to a random element of {x | min <= x <= max and x is of rnType and x % mod == equiv} - /*! returns false if the set is empty */ - bool Randomize(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType, const Integer &equiv=Zero(), const Integer &mod=One()); - - bool GenerateRandomNoThrow(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs); - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs) - { - if (!GenerateRandomNoThrow(rng, params)) - throw RandomNumberNotFound(); - } - - //! set the n-th bit to value - void SetBit(size_t n, bool value=1); - //! set the n-th byte to value - void SetByte(size_t n, byte value); - - //! - void Negate(); - //! - void SetPositive() {sign = POSITIVE;} - //! - void SetNegative() {if (!!(*this)) sign = NEGATIVE;} - - //! - void swap(Integer &a); - //@} - - //! \name UNARY OPERATORS - //@{ - //! - bool operator!() const; - //! - Integer operator+() const {return *this;} - //! - Integer operator-() const; - //! - Integer& operator++(); - //! - Integer& operator--(); - //! - Integer operator++(int) {Integer temp = *this; ++*this; return temp;} - //! - Integer operator--(int) {Integer temp = *this; --*this; return temp;} - //@} - - //! \name BINARY OPERATORS - //@{ - //! signed comparison - /*! \retval -1 if *this < a - \retval 0 if *this = a - \retval 1 if *this > a - */ - int Compare(const Integer& a) const; - - //! - Integer Plus(const Integer &b) const; - //! - Integer Minus(const Integer &b) const; - //! - Integer Times(const Integer &b) const; - //! - Integer DividedBy(const Integer &b) const; - //! - Integer Modulo(const Integer &b) const; - //! - Integer DividedBy(word b) const; - //! - word Modulo(word b) const; - - //! - Integer operator>>(size_t n) const {return Integer(*this)>>=n;} - //! - Integer operator<<(size_t n) const {return Integer(*this)<<=n;} - //@} - - //! \name OTHER ARITHMETIC FUNCTIONS - //@{ - //! - Integer AbsoluteValue() const; - //! - Integer Doubled() const {return Plus(*this);} - //! - Integer Squared() const {return Times(*this);} - //! extract square root, if negative return 0, else return floor of square root - Integer SquareRoot() const; - //! return whether this integer is a perfect square - bool IsSquare() const; - - //! is 1 or -1 - bool IsUnit() const; - //! return inverse if 1 or -1, otherwise return 0 - Integer MultiplicativeInverse() const; - - //! modular multiplication - CRYPTOPP_DLL friend Integer CRYPTOPP_API a_times_b_mod_c(const Integer &x, const Integer& y, const Integer& m); - //! modular exponentiation - CRYPTOPP_DLL friend Integer CRYPTOPP_API a_exp_b_mod_c(const Integer &x, const Integer& e, const Integer& m); - - //! calculate r and q such that (a == d*q + r) && (0 <= r < abs(d)) - static void CRYPTOPP_API Divide(Integer &r, Integer &q, const Integer &a, const Integer &d); - //! use a faster division algorithm when divisor is short - static void CRYPTOPP_API Divide(word &r, Integer &q, const Integer &a, word d); - - //! returns same result as Divide(r, q, a, Power2(n)), but faster - static void CRYPTOPP_API DivideByPowerOf2(Integer &r, Integer &q, const Integer &a, unsigned int n); - - //! greatest common divisor - static Integer CRYPTOPP_API Gcd(const Integer &a, const Integer &n); - //! calculate multiplicative inverse of *this mod n - Integer InverseMod(const Integer &n) const; - //! - word InverseMod(word n) const; - //@} - - //! \name INPUT/OUTPUT - //@{ - //! - friend CRYPTOPP_DLL std::istream& CRYPTOPP_API operator>>(std::istream& in, Integer &a); - //! - friend CRYPTOPP_DLL std::ostream& CRYPTOPP_API operator<<(std::ostream& out, const Integer &a); - //@} - -private: - friend class ModularArithmetic; - friend class MontgomeryRepresentation; - friend class HalfMontgomeryRepresentation; - - Integer(word value, size_t length); - - int PositiveCompare(const Integer &t) const; - friend void PositiveAdd(Integer &sum, const Integer &a, const Integer &b); - friend void PositiveSubtract(Integer &diff, const Integer &a, const Integer &b); - friend void PositiveMultiply(Integer &product, const Integer &a, const Integer &b); - friend void PositiveDivide(Integer &remainder, Integer "ient, const Integer ÷nd, const Integer &divisor); - - IntegerSecBlock reg; - Sign sign; -}; - -//! -inline bool operator==(const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)==0;} -//! -inline bool operator!=(const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)!=0;} -//! -inline bool operator> (const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)> 0;} -//! -inline bool operator>=(const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)>=0;} -//! -inline bool operator< (const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)< 0;} -//! -inline bool operator<=(const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)<=0;} -//! -inline CryptoPP::Integer operator+(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Plus(b);} -//! -inline CryptoPP::Integer operator-(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Minus(b);} -//! -inline CryptoPP::Integer operator*(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Times(b);} -//! -inline CryptoPP::Integer operator/(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.DividedBy(b);} -//! -inline CryptoPP::Integer operator%(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Modulo(b);} -//! -inline CryptoPP::Integer operator/(const CryptoPP::Integer &a, CryptoPP::word b) {return a.DividedBy(b);} -//! -inline CryptoPP::word operator%(const CryptoPP::Integer &a, CryptoPP::word b) {return a.Modulo(b);} - -NAMESPACE_END - -#ifndef __BORLANDC__ -NAMESPACE_BEGIN(std) -inline void swap(CryptoPP::Integer &a, CryptoPP::Integer &b) -{ - a.swap(b); -} -NAMESPACE_END -#endif - -#endif diff --git a/cryptopp562/iterhash.cpp b/cryptopp562/iterhash.cpp deleted file mode 100644 index 1e31e9f..0000000 --- a/cryptopp562/iterhash.cpp +++ /dev/null @@ -1,160 +0,0 @@ -// iterhash.cpp - written and placed in the public domain by Wei Dai - -#ifndef __GNUC__ -#define CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES -#endif - -#include "iterhash.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -template <class T, class BASE> void IteratedHashBase<T, BASE>::Update(const byte *input, size_t len) -{ - HashWordType oldCountLo = m_countLo, oldCountHi = m_countHi; - if ((m_countLo = oldCountLo + HashWordType(len)) < oldCountLo) - m_countHi++; // carry from low to high - m_countHi += (HashWordType)SafeRightShift<8*sizeof(HashWordType)>(len); - if (m_countHi < oldCountHi || SafeRightShift<2*8*sizeof(HashWordType)>(len) != 0) - throw HashInputTooLong(this->AlgorithmName()); - - unsigned int blockSize = this->BlockSize(); - unsigned int num = ModPowerOf2(oldCountLo, blockSize); - T* dataBuf = this->DataBuf(); - byte* data = (byte *)dataBuf; - - if (num != 0) // process left over data - { - if (num+len >= blockSize) - { - memcpy(data+num, input, blockSize-num); - HashBlock(dataBuf); - input += (blockSize-num); - len -= (blockSize-num); - num = 0; - // drop through and do the rest - } - else - { - memcpy(data+num, input, len); - return; - } - } - - // now process the input data in blocks of blockSize bytes and save the leftovers to m_data - if (len >= blockSize) - { - if (input == data) - { - assert(len == blockSize); - HashBlock(dataBuf); - return; - } - else if (IsAligned<T>(input)) - { - size_t leftOver = HashMultipleBlocks((T *)input, len); - input += (len - leftOver); - len = leftOver; - } - else - do - { // copy input first if it's not aligned correctly - memcpy(data, input, blockSize); - HashBlock(dataBuf); - input+=blockSize; - len-=blockSize; - } while (len >= blockSize); - } - - if (len && data != input) - memcpy(data, input, len); -} - -template <class T, class BASE> byte * IteratedHashBase<T, BASE>::CreateUpdateSpace(size_t &size) -{ - unsigned int blockSize = this->BlockSize(); - unsigned int num = ModPowerOf2(m_countLo, blockSize); - size = blockSize - num; - return (byte *)DataBuf() + num; -} - -template <class T, class BASE> size_t IteratedHashBase<T, BASE>::HashMultipleBlocks(const T *input, size_t length) -{ - unsigned int blockSize = this->BlockSize(); - bool noReverse = NativeByteOrderIs(this->GetByteOrder()); - T* dataBuf = this->DataBuf(); - do - { - if (noReverse) - this->HashEndianCorrectedBlock(input); - else - { - ByteReverse(dataBuf, input, this->BlockSize()); - this->HashEndianCorrectedBlock(dataBuf); - } - - input += blockSize/sizeof(T); - length -= blockSize; - } - while (length >= blockSize); - return length; -} - -template <class T, class BASE> void IteratedHashBase<T, BASE>::PadLastBlock(unsigned int lastBlockSize, byte padFirst) -{ - unsigned int blockSize = this->BlockSize(); - unsigned int num = ModPowerOf2(m_countLo, blockSize); - T* dataBuf = this->DataBuf(); - byte* data = (byte *)dataBuf; - data[num++] = padFirst; - if (num <= lastBlockSize) - memset(data+num, 0, lastBlockSize-num); - else - { - memset(data+num, 0, blockSize-num); - HashBlock(dataBuf); - memset(data, 0, lastBlockSize); - } -} - -template <class T, class BASE> void IteratedHashBase<T, BASE>::Restart() -{ - m_countLo = m_countHi = 0; - Init(); -} - -template <class T, class BASE> void IteratedHashBase<T, BASE>::TruncatedFinal(byte *digest, size_t size) -{ - this->ThrowIfInvalidTruncatedSize(size); - - T* dataBuf = this->DataBuf(); - T* stateBuf = this->StateBuf(); - unsigned int blockSize = this->BlockSize(); - ByteOrder order = this->GetByteOrder(); - - PadLastBlock(blockSize - 2*sizeof(HashWordType)); - dataBuf[blockSize/sizeof(T)-2+order] = ConditionalByteReverse(order, this->GetBitCountLo()); - dataBuf[blockSize/sizeof(T)-1-order] = ConditionalByteReverse(order, this->GetBitCountHi()); - - HashBlock(dataBuf); - - if (IsAligned<HashWordType>(digest) && size%sizeof(HashWordType)==0) - ConditionalByteReverse<HashWordType>(order, (HashWordType *)digest, stateBuf, size); - else - { - ConditionalByteReverse<HashWordType>(order, stateBuf, stateBuf, this->DigestSize()); - memcpy(digest, stateBuf, size); - } - - this->Restart(); // reinit for next use -} - -#ifdef __GNUC__ - template class IteratedHashBase<word64, HashTransformation>; - template class IteratedHashBase<word64, MessageAuthenticationCode>; - - template class IteratedHashBase<word32, HashTransformation>; - template class IteratedHashBase<word32, MessageAuthenticationCode>; -#endif - -NAMESPACE_END diff --git a/cryptopp562/iterhash.h b/cryptopp562/iterhash.h deleted file mode 100644 index cce9e82..0000000 --- a/cryptopp562/iterhash.h +++ /dev/null @@ -1,106 +0,0 @@ -#ifndef CRYPTOPP_ITERHASH_H -#define CRYPTOPP_ITERHASH_H - -#include "cryptlib.h" -#include "secblock.h" -#include "misc.h" -#include "simple.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! exception thrown when trying to hash more data than is allowed by a hash function -class CRYPTOPP_DLL HashInputTooLong : public InvalidDataFormat -{ -public: - explicit HashInputTooLong(const std::string &alg) - : InvalidDataFormat("IteratedHashBase: input data exceeds maximum allowed by hash function " + alg) {} -}; - -//! _ -template <class T, class BASE> -class CRYPTOPP_NO_VTABLE IteratedHashBase : public BASE -{ -public: - typedef T HashWordType; - - IteratedHashBase() : m_countLo(0), m_countHi(0) {} - unsigned int OptimalBlockSize() const {return this->BlockSize();} - unsigned int OptimalDataAlignment() const {return GetAlignmentOf<T>();} - void Update(const byte *input, size_t length); - byte * CreateUpdateSpace(size_t &size); - void Restart(); - void TruncatedFinal(byte *digest, size_t size); - -protected: - inline T GetBitCountHi() const {return (m_countLo >> (8*sizeof(T)-3)) + (m_countHi << 3);} - inline T GetBitCountLo() const {return m_countLo << 3;} - - void PadLastBlock(unsigned int lastBlockSize, byte padFirst=0x80); - virtual void Init() =0; - - virtual ByteOrder GetByteOrder() const =0; - virtual void HashEndianCorrectedBlock(const HashWordType *data) =0; - virtual size_t HashMultipleBlocks(const T *input, size_t length); - void HashBlock(const HashWordType *input) {HashMultipleBlocks(input, this->BlockSize());} - - virtual T* DataBuf() =0; - virtual T* StateBuf() =0; - -private: - T m_countLo, m_countHi; -}; - -//! _ -template <class T_HashWordType, class T_Endianness, unsigned int T_BlockSize, class T_Base = HashTransformation> -class CRYPTOPP_NO_VTABLE IteratedHash : public IteratedHashBase<T_HashWordType, T_Base> -{ -public: - typedef T_Endianness ByteOrderClass; - typedef T_HashWordType HashWordType; - - CRYPTOPP_CONSTANT(BLOCKSIZE = T_BlockSize) - // BCB2006 workaround: can't use BLOCKSIZE here - CRYPTOPP_COMPILE_ASSERT((T_BlockSize & (T_BlockSize - 1)) == 0); // blockSize is a power of 2 - unsigned int BlockSize() const {return T_BlockSize;} - - ByteOrder GetByteOrder() const {return T_Endianness::ToEnum();} - - inline static void CorrectEndianess(HashWordType *out, const HashWordType *in, size_t byteCount) - { - ConditionalByteReverse(T_Endianness::ToEnum(), out, in, byteCount); - } - -protected: - T_HashWordType* DataBuf() {return this->m_data;} - FixedSizeSecBlock<T_HashWordType, T_BlockSize/sizeof(T_HashWordType)> m_data; -}; - -//! _ -template <class T_HashWordType, class T_Endianness, unsigned int T_BlockSize, unsigned int T_StateSize, class T_Transform, unsigned int T_DigestSize = 0, bool T_StateAligned = false> -class CRYPTOPP_NO_VTABLE IteratedHashWithStaticTransform - : public ClonableImpl<T_Transform, AlgorithmImpl<IteratedHash<T_HashWordType, T_Endianness, T_BlockSize>, T_Transform> > -{ -public: - CRYPTOPP_CONSTANT(DIGESTSIZE = T_DigestSize ? T_DigestSize : T_StateSize) - unsigned int DigestSize() const {return DIGESTSIZE;}; - -protected: - IteratedHashWithStaticTransform() {this->Init();} - void HashEndianCorrectedBlock(const T_HashWordType *data) {T_Transform::Transform(this->m_state, data);} - void Init() {T_Transform::InitState(this->m_state);} - - T_HashWordType* StateBuf() {return this->m_state;} - FixedSizeAlignedSecBlock<T_HashWordType, T_BlockSize/sizeof(T_HashWordType), T_StateAligned> m_state; -}; - -#ifndef __GNUC__ - CRYPTOPP_DLL_TEMPLATE_CLASS IteratedHashBase<word64, HashTransformation>; - CRYPTOPP_STATIC_TEMPLATE_CLASS IteratedHashBase<word64, MessageAuthenticationCode>; - - CRYPTOPP_DLL_TEMPLATE_CLASS IteratedHashBase<word32, HashTransformation>; - CRYPTOPP_STATIC_TEMPLATE_CLASS IteratedHashBase<word32, MessageAuthenticationCode>; -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/lubyrack.h b/cryptopp562/lubyrack.h deleted file mode 100644 index e8fd2f7..0000000 --- a/cryptopp562/lubyrack.h +++ /dev/null @@ -1,141 +0,0 @@ -// lubyrack.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_LUBYRACK_H -#define CRYPTOPP_LUBYRACK_H - -/** \file */ - -#include "simple.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -template <class T> struct DigestSizeDoubleWorkaround // VC60 workaround -{ - CRYPTOPP_CONSTANT(RESULT = 2*T::DIGESTSIZE) -}; - -//! algorithm info -template <class T> -struct LR_Info : public VariableKeyLength<16, 0, 2*(INT_MAX/2), 2>, public FixedBlockSize<DigestSizeDoubleWorkaround<T>::RESULT> -{ - static std::string StaticAlgorithmName() {return std::string("LR/")+T::StaticAlgorithmName();} -}; - -//! Luby-Rackoff -template <class T> -class LR : public LR_Info<T>, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<LR_Info<T> > - { - public: - // VC60 workaround: have to define these functions within class definition - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms) - { - this->AssertValidKeyLength(length); - - L = length/2; - buffer.New(2*S); - digest.New(S); - key.Assign(userKey, 2*L); - } - - protected: - CRYPTOPP_CONSTANT(S=T::DIGESTSIZE) - unsigned int L; // key length / 2 - SecByteBlock key; - - mutable T hm; - mutable SecByteBlock buffer, digest; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - -#define KL this->key -#define KR this->key+this->L -#define BL this->buffer -#define BR this->buffer+this->S -#define IL inBlock -#define IR inBlock+this->S -#define OL outBlock -#define OR outBlock+this->S - - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const - { - this->hm.Update(KL, this->L); - this->hm.Update(IL, this->S); - this->hm.Final(BR); - xorbuf(BR, IR, this->S); - - this->hm.Update(KR, this->L); - this->hm.Update(BR, this->S); - this->hm.Final(BL); - xorbuf(BL, IL, this->S); - - this->hm.Update(KL, this->L); - this->hm.Update(BL, this->S); - this->hm.Final(this->digest); - xorbuf(BR, this->digest, this->S); - - this->hm.Update(KR, this->L); - this->hm.Update(OR, this->S); - this->hm.Final(this->digest); - xorbuf(BL, this->digest, this->S); - - if (xorBlock) - xorbuf(outBlock, xorBlock, this->buffer, 2*this->S); - else - memcpy_s(outBlock, 2*this->S, this->buffer, 2*this->S); - } - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const - { - this->hm.Update(KR, this->L); - this->hm.Update(IR, this->S); - this->hm.Final(BL); - xorbuf(BL, IL, this->S); - - this->hm.Update(KL, this->L); - this->hm.Update(BL, this->S); - this->hm.Final(BR); - xorbuf(BR, IR, this->S); - - this->hm.Update(KR, this->L); - this->hm.Update(BR, this->S); - this->hm.Final(this->digest); - xorbuf(BL, this->digest, this->S); - - this->hm.Update(KL, this->L); - this->hm.Update(OL, this->S); - this->hm.Final(this->digest); - xorbuf(BR, this->digest, this->S); - - if (xorBlock) - xorbuf(outBlock, xorBlock, this->buffer, 2*this->S); - else - memcpy(outBlock, this->buffer, 2*this->S); - } -#undef KL -#undef KR -#undef BL -#undef BR -#undef IL -#undef IR -#undef OL -#undef OR - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/luc.cpp b/cryptopp562/luc.cpp deleted file mode 100644 index 43cd2ed..0000000 --- a/cryptopp562/luc.cpp +++ /dev/null @@ -1,210 +0,0 @@ -// luc.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "luc.h" -#include "asn.h" -#include "nbtheory.h" -#include "sha.h" -#include "algparam.h" - -NAMESPACE_BEGIN(CryptoPP) - -void LUC_TestInstantiations() -{ - LUC_HMP<SHA>::Signer t1; - LUCFunction t2; - InvertibleLUCFunction t3; -} - -void DL_Algorithm_LUC_HMP::Sign(const DL_GroupParameters<Integer> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const -{ - const Integer &q = params.GetSubgroupOrder(); - r = params.ExponentiateBase(k); - s = (k + x*(r+e)) % q; -} - -bool DL_Algorithm_LUC_HMP::Verify(const DL_GroupParameters<Integer> ¶ms, const DL_PublicKey<Integer> &publicKey, const Integer &e, const Integer &r, const Integer &s) const -{ - Integer p = params.GetGroupOrder()-1; - const Integer &q = params.GetSubgroupOrder(); - - Integer Vsg = params.ExponentiateBase(s); - Integer Vry = publicKey.ExponentiatePublicElement((r+e)%q); - return (Vsg*Vsg + Vry*Vry + r*r) % p == (Vsg * Vry * r + 4) % p; -} - -Integer DL_BasePrecomputation_LUC::Exponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent) const -{ - return Lucas(exponent, m_g, static_cast<const DL_GroupPrecomputation_LUC &>(group).GetModulus()); -} - -void DL_GroupParameters_LUC::SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const -{ - for (unsigned int i=0; i<exponentsCount; i++) - results[i] = Lucas(exponents[i], base, GetModulus()); -} - -void LUCFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - m_e.BERDecode(seq); - seq.MessageEnd(); -} - -void LUCFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - m_e.DEREncode(seq); - seq.MessageEnd(); -} - -Integer LUCFunction::ApplyFunction(const Integer &x) const -{ - DoQuickSanityCheck(); - return Lucas(m_e, x, m_n); -} - -bool LUCFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_n > Integer::One() && m_n.IsOdd(); - pass = pass && m_e > Integer::One() && m_e.IsOdd() && m_e < m_n; - return pass; -} - -bool LUCFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent) - ; -} - -void LUCFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent) - ; -} - -// ***************************************************************************** -// private key operations: - -class LUCPrimeSelector : public PrimeSelector -{ -public: - LUCPrimeSelector(const Integer &e) : m_e(e) {} - bool IsAcceptable(const Integer &candidate) const - { - return RelativelyPrime(m_e, candidate+1) && RelativelyPrime(m_e, candidate-1); - } - Integer m_e; -}; - -void InvertibleLUCFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - int modulusSize = 2048; - alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize); - - if (modulusSize < 16) - throw InvalidArgument("InvertibleLUCFunction: specified modulus size is too small"); - - m_e = alg.GetValueWithDefault("PublicExponent", Integer(17)); - - if (m_e < 5 || m_e.IsEven()) - throw InvalidArgument("InvertibleLUCFunction: invalid public exponent"); - - LUCPrimeSelector selector(m_e); - AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize) - ("PointerToPrimeSelector", selector.GetSelectorPointer()); - m_p.GenerateRandom(rng, primeParam); - m_q.GenerateRandom(rng, primeParam); - - m_n = m_p * m_q; - m_u = m_q.InverseMod(m_p); -} - -void InvertibleLUCFunction::Initialize(RandomNumberGenerator &rng, unsigned int keybits, const Integer &e) -{ - GenerateRandom(rng, MakeParameters("ModulusSize", (int)keybits)("PublicExponent", e)); -} - -void InvertibleLUCFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - - Integer version(seq); - if (!!version) // make sure version is 0 - BERDecodeError(); - - m_n.BERDecode(seq); - m_e.BERDecode(seq); - m_p.BERDecode(seq); - m_q.BERDecode(seq); - m_u.BERDecode(seq); - seq.MessageEnd(); -} - -void InvertibleLUCFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - - const byte version[] = {INTEGER, 1, 0}; - seq.Put(version, sizeof(version)); - m_n.DEREncode(seq); - m_e.DEREncode(seq); - m_p.DEREncode(seq); - m_q.DEREncode(seq); - m_u.DEREncode(seq); - seq.MessageEnd(); -} - -Integer InvertibleLUCFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const -{ - // not clear how to do blinding with LUC - DoQuickSanityCheck(); - return InverseLucas(m_e, x, m_q, m_p, m_u); -} - -bool InvertibleLUCFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = LUCFunction::Validate(rng, level); - pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n; - pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n; - pass = pass && m_u.IsPositive() && m_u < m_p; - if (level >= 1) - { - pass = pass && m_p * m_q == m_n; - pass = pass && RelativelyPrime(m_e, m_p+1); - pass = pass && RelativelyPrime(m_e, m_p-1); - pass = pass && RelativelyPrime(m_e, m_q+1); - pass = pass && RelativelyPrime(m_e, m_q-1); - pass = pass && m_u * m_q % m_p == 1; - } - if (level >= 2) - pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); - return pass; -} - -bool InvertibleLUCFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper<LUCFunction>(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_GET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -void InvertibleLUCFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper<LUCFunction>(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -NAMESPACE_END diff --git a/cryptopp562/luc.h b/cryptopp562/luc.h deleted file mode 100644 index 730776d..0000000 --- a/cryptopp562/luc.h +++ /dev/null @@ -1,236 +0,0 @@ -#ifndef CRYPTOPP_LUC_H -#define CRYPTOPP_LUC_H - -/** \file -*/ - -#include "pkcspad.h" -#include "oaep.h" -#include "integer.h" -#include "dh.h" - -#include <limits.h> - -NAMESPACE_BEGIN(CryptoPP) - -//! The LUC function. -/*! This class is here for historical and pedagogical interest. It has no - practical advantages over other trapdoor functions and probably shouldn't - be used in production software. The discrete log based LUC schemes - defined later in this .h file may be of more practical interest. -*/ -class LUCFunction : public TrapdoorFunction, public PublicKey -{ - typedef LUCFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &e) - {m_n = n; m_e = e;} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return m_n;} - Integer ImageBound() const {return m_n;} - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - // non-derived interface - const Integer & GetModulus() const {return m_n;} - const Integer & GetPublicExponent() const {return m_e;} - - void SetModulus(const Integer &n) {m_n = n;} - void SetPublicExponent(const Integer &e) {m_e = e;} - -protected: - Integer m_n, m_e; -}; - -//! _ -class InvertibleLUCFunction : public LUCFunction, public TrapdoorFunctionInverse, public PrivateKey -{ - typedef InvertibleLUCFunction ThisClass; - -public: - void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits, const Integer &eStart=17); - void Initialize(const Integer &n, const Integer &e, const Integer &p, const Integer &q, const Integer &u) - {m_n = n; m_e = e; m_p = p; m_q = q; m_u = u;} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - /*! parameters: (ModulusSize, PublicExponent (default 17)) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - - // non-derived interface - const Integer& GetPrime1() const {return m_p;} - const Integer& GetPrime2() const {return m_q;} - const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} - - void SetPrime1(const Integer &p) {m_p = p;} - void SetPrime2(const Integer &q) {m_q = q;} - void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} - -protected: - Integer m_p, m_q, m_u; -}; - -struct LUC -{ - static std::string StaticAlgorithmName() {return "LUC";} - typedef LUCFunction PublicKey; - typedef InvertibleLUCFunction PrivateKey; -}; - -//! LUC cryptosystem -template <class STANDARD> -struct LUCES : public TF_ES<STANDARD, LUC> -{ -}; - -//! LUC signature scheme with appendix -template <class STANDARD, class H> -struct LUCSS : public TF_SS<STANDARD, H, LUC> -{ -}; - -// analagous to the RSA schemes defined in PKCS #1 v2.0 -typedef LUCES<OAEP<SHA> >::Decryptor LUCES_OAEP_SHA_Decryptor; -typedef LUCES<OAEP<SHA> >::Encryptor LUCES_OAEP_SHA_Encryptor; - -typedef LUCSS<PKCS1v15, SHA>::Signer LUCSSA_PKCS1v15_SHA_Signer; -typedef LUCSS<PKCS1v15, SHA>::Verifier LUCSSA_PKCS1v15_SHA_Verifier; - -// ******************************************************** - -// no actual precomputation -class DL_GroupPrecomputation_LUC : public DL_GroupPrecomputation<Integer> -{ -public: - const AbstractGroup<Element> & GetGroup() const {assert(false); throw 0;} - Element BERDecodeElement(BufferedTransformation &bt) const {return Integer(bt);} - void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {v.DEREncode(bt);} - - // non-inherited - void SetModulus(const Integer &v) {m_p = v;} - const Integer & GetModulus() const {return m_p;} - -private: - Integer m_p; -}; - -//! _ -class DL_BasePrecomputation_LUC : public DL_FixedBasePrecomputation<Integer> -{ -public: - // DL_FixedBasePrecomputation - bool IsInitialized() const {return m_g.NotZero();} - void SetBase(const DL_GroupPrecomputation<Element> &group, const Integer &base) {m_g = base;} - const Integer & GetBase(const DL_GroupPrecomputation<Element> &group) const {return m_g;} - void Precompute(const DL_GroupPrecomputation<Element> &group, unsigned int maxExpBits, unsigned int storage) {} - void Load(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) {} - void Save(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) const {} - Integer Exponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent) const; - Integer CascadeExponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent, const DL_FixedBasePrecomputation<Integer> &pc2, const Integer &exponent2) const - {throw NotImplemented("DL_BasePrecomputation_LUC: CascadeExponentiate not implemented");} // shouldn't be called - -private: - Integer m_g; -}; - -//! _ -class DL_GroupParameters_LUC : public DL_GroupParameters_IntegerBasedImpl<DL_GroupPrecomputation_LUC, DL_BasePrecomputation_LUC> -{ -public: - // DL_GroupParameters - bool IsIdentity(const Integer &element) const {return element == Integer::Two();} - void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; - Element MultiplyElements(const Element &a, const Element &b) const - {throw NotImplemented("LUC_GroupParameters: MultiplyElements can not be implemented");} - Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const - {throw NotImplemented("LUC_GroupParameters: MultiplyElements can not be implemented");} - - // NameValuePairs interface - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable(); - } - -private: - int GetFieldType() const {return 2;} -}; - -//! _ -class DL_GroupParameters_LUC_DefaultSafePrime : public DL_GroupParameters_LUC -{ -public: - typedef NoCofactorMultiplication DefaultCofactorOption; - -protected: - unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;} -}; - -//! _ -class DL_Algorithm_LUC_HMP : public DL_ElgamalLikeSignatureAlgorithm<Integer> -{ -public: - static const char * StaticAlgorithmName() {return "LUC-HMP";} - - void Sign(const DL_GroupParameters<Integer> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const; - bool Verify(const DL_GroupParameters<Integer> ¶ms, const DL_PublicKey<Integer> &publicKey, const Integer &e, const Integer &r, const Integer &s) const; - - size_t RLen(const DL_GroupParameters<Integer> ¶ms) const - {return params.GetGroupOrder().ByteCount();} -}; - -//! _ -struct DL_SignatureKeys_LUC -{ - typedef DL_GroupParameters_LUC GroupParameters; - typedef DL_PublicKey_GFP<GroupParameters> PublicKey; - typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey; -}; - -//! LUC-HMP, based on "Digital signature schemes based on Lucas functions" by Patrick Horster, Markus Michels, Holger Petersen -template <class H> -struct LUC_HMP : public DL_SS<DL_SignatureKeys_LUC, DL_Algorithm_LUC_HMP, DL_SignatureMessageEncodingMethod_DSA, H> -{ -}; - -//! _ -struct DL_CryptoKeys_LUC -{ - typedef DL_GroupParameters_LUC_DefaultSafePrime GroupParameters; - typedef DL_PublicKey_GFP<GroupParameters> PublicKey; - typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey; -}; - -//! LUC-IES -template <class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true> -struct LUC_IES - : public DL_ES< - DL_CryptoKeys_LUC, - DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>, - DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<SHA1> >, - DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>, - LUC_IES<> > -{ - static std::string StaticAlgorithmName() {return "LUC-IES";} // non-standard name -}; - -// ******************************************************** - -//! LUC-DH -typedef DH_Domain<DL_GroupParameters_LUC_DefaultSafePrime> LUC_DH; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/mars.cpp b/cryptopp562/mars.cpp deleted file mode 100644 index fe9b118..0000000 --- a/cryptopp562/mars.cpp +++ /dev/null @@ -1,154 +0,0 @@ -// mars.cpp - written and placed in the public domain by Wei Dai - -// includes IBM's key setup "tweak" proposed in August 1999 (http://www.research.ibm.com/security/key-setup.txt) - -#include "pch.h" -#include "mars.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void MARS::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - // Initialize T[] with the key data - FixedSizeSecBlock<word32, 15> T; - GetUserKey(LITTLE_ENDIAN_ORDER, T.begin(), 15, userKey, length); - T[length/4] = length/4; - - for (unsigned int j=0; j<4; j++) // compute 10 words of K[] in each iteration - { - unsigned int i; - // Do linear transformation - for (i=0; i<15; i++) - T[i] = T[i] ^ rotlFixed(T[(i+8)%15] ^ T[(i+13)%15], 3) ^ (4*i+j); - - // Do four rounds of stirring - for (unsigned int k=0; k<4; k++) - for (i=0; i<15; i++) - T[i] = rotlFixed(T[i] + Sbox[T[(i+14)%15]%512], 9); - - // Store next 10 key words into K[] - for (i=0; i<10; i++) - m_k[10*j+i] = T[4*i%15]; - } - - // Modify multiplication key-words - for(unsigned int i = 5; i < 37; i += 2) - { - word32 m, w = m_k[i] | 3; - m = (~w ^ (w<<1)) & (~w ^ (w>>1)) & 0x7ffffffe; - m &= m>>1; m &= m>>2; m &= m>>4; - m |= m<<1; m |= m<<2; m |= m<<4; - m &= 0x7ffffffc; - w ^= rotlMod(Sbox[265 + (m_k[i] & 3)], m_k[i-1]) & m; - m_k[i] = w; - } -} - -#define S(a) Sbox[(a)&0x1ff] -#define S0(a) Sbox[(a)&0xff] -#define S1(a) Sbox[((a)&0xff) + 256] - -typedef BlockGetAndPut<word32, LittleEndian> Block; - -void MARS::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - unsigned int i; - word32 a, b, c, d, l, m, r, t; - const word32 *k = m_k; - - Block::Get(inBlock)(a)(b)(c)(d); - - a += k[0]; b += k[1]; c += k[2]; d += k[3]; - - for (i=0; i<8; i++) - { - b = (b ^ S0(a)) + S1(a>>8); - c += S0(a>>16); - a = rotrFixed(a, 24); - d ^= S1(a); - a += (i%4==0) ? d : 0; - a += (i%4==1) ? b : 0; - t = a; a = b; b = c; c = d; d = t; - } - - for (i=0; i<16; i++) - { - t = rotlFixed(a, 13); - r = rotlFixed(t * k[2*i+5], 10); - m = a + k[2*i+4]; - l = rotlMod((S(m) ^ rotrFixed(r, 5) ^ r), r); - c += rotlMod(m, rotrFixed(r, 5)); - (i<8 ? b : d) += l; - (i<8 ? d : b) ^= r; - a = b; b = c; c = d; d = t; - } - - for (i=0; i<8; i++) - { - a -= (i%4==2) ? d : 0; - a -= (i%4==3) ? b : 0; - b ^= S1(a); - c -= S0(a>>24); - t = rotlFixed(a, 24); - d = (d - S1(a>>16)) ^ S0(t); - a = b; b = c; c = d; d = t; - } - - a -= k[36]; b -= k[37]; c -= k[38]; d -= k[39]; - - Block::Put(xorBlock, outBlock)(a)(b)(c)(d); -} - -void MARS::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - unsigned int i; - word32 a, b, c, d, l, m, r, t; - const word32 *k = m_k; - - Block::Get(inBlock)(d)(c)(b)(a); - - d += k[36]; c += k[37]; b += k[38]; a += k[39]; - - for (i=0; i<8; i++) - { - b = (b ^ S0(a)) + S1(a>>8); - c += S0(a>>16); - a = rotrFixed(a, 24); - d ^= S1(a); - a += (i%4==0) ? d : 0; - a += (i%4==1) ? b : 0; - t = a; a = b; b = c; c = d; d = t; - } - - for (i=0; i<16; i++) - { - t = rotrFixed(a, 13); - r = rotlFixed(a * k[35-2*i], 10); - m = t + k[34-2*i]; - l = rotlMod((S(m) ^ rotrFixed(r, 5) ^ r), r); - c -= rotlMod(m, rotrFixed(r, 5)); - (i<8 ? b : d) -= l; - (i<8 ? d : b) ^= r; - a = b; b = c; c = d; d = t; - } - - for (i=0; i<8; i++) - { - a -= (i%4==2) ? d : 0; - a -= (i%4==3) ? b : 0; - b ^= S1(a); - c -= S0(a>>24); - t = rotlFixed(a, 24); - d = (d - S1(a>>16)) ^ S0(t); - a = b; b = c; c = d; d = t; - } - - d -= k[0]; c -= k[1]; b -= k[2]; a -= k[3]; - - Block::Put(xorBlock, outBlock)(d)(c)(b)(a); -} - -NAMESPACE_END diff --git a/cryptopp562/mars.h b/cryptopp562/mars.h deleted file mode 100644 index 414adf4..0000000 --- a/cryptopp562/mars.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef CRYPTOPP_MARS_H -#define CRYPTOPP_MARS_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct MARS_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 56, 4> -{ - static const char *StaticAlgorithmName() {return "MARS";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#MARS">MARS</a> -class MARS : public MARS_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<MARS_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - static const word32 Sbox[512]; - - FixedSizeSecBlock<word32, 40> m_k; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef MARS::Encryption MARSEncryption; -typedef MARS::Decryption MARSDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/marss.cpp b/cryptopp562/marss.cpp deleted file mode 100644 index 7c38f14..0000000 --- a/cryptopp562/marss.cpp +++ /dev/null @@ -1,139 +0,0 @@ -// MARS S-Box - -#include "pch.h" -#include "mars.h" - -NAMESPACE_BEGIN(CryptoPP) - -const word32 MARS::Base::Sbox[512] = { - 0x09d0c479, 0x28c8ffe0, 0x84aa6c39, 0x9dad7287, - 0x7dff9be3, 0xd4268361, 0xc96da1d4, 0x7974cc93, - 0x85d0582e, 0x2a4b5705, 0x1ca16a62, 0xc3bd279d, - 0x0f1f25e5, 0x5160372f, 0xc695c1fb, 0x4d7ff1e4, - 0xae5f6bf4, 0x0d72ee46, 0xff23de8a, 0xb1cf8e83, - 0xf14902e2, 0x3e981e42, 0x8bf53eb6, 0x7f4bf8ac, - 0x83631f83, 0x25970205, 0x76afe784, 0x3a7931d4, - 0x4f846450, 0x5c64c3f6, 0x210a5f18, 0xc6986a26, - 0x28f4e826, 0x3a60a81c, 0xd340a664, 0x7ea820c4, - 0x526687c5, 0x7eddd12b, 0x32a11d1d, 0x9c9ef086, - 0x80f6e831, 0xab6f04ad, 0x56fb9b53, 0x8b2e095c, - 0xb68556ae, 0xd2250b0d, 0x294a7721, 0xe21fb253, - 0xae136749, 0xe82aae86, 0x93365104, 0x99404a66, - 0x78a784dc, 0xb69ba84b, 0x04046793, 0x23db5c1e, - 0x46cae1d6, 0x2fe28134, 0x5a223942, 0x1863cd5b, - 0xc190c6e3, 0x07dfb846, 0x6eb88816, 0x2d0dcc4a, - 0xa4ccae59, 0x3798670d, 0xcbfa9493, 0x4f481d45, - 0xeafc8ca8, 0xdb1129d6, 0xb0449e20, 0x0f5407fb, - 0x6167d9a8, 0xd1f45763, 0x4daa96c3, 0x3bec5958, - 0xababa014, 0xb6ccd201, 0x38d6279f, 0x02682215, - 0x8f376cd5, 0x092c237e, 0xbfc56593, 0x32889d2c, - 0x854b3e95, 0x05bb9b43, 0x7dcd5dcd, 0xa02e926c, - 0xfae527e5, 0x36a1c330, 0x3412e1ae, 0xf257f462, - 0x3c4f1d71, 0x30a2e809, 0x68e5f551, 0x9c61ba44, - 0x5ded0ab8, 0x75ce09c8, 0x9654f93e, 0x698c0cca, - 0x243cb3e4, 0x2b062b97, 0x0f3b8d9e, 0x00e050df, - 0xfc5d6166, 0xe35f9288, 0xc079550d, 0x0591aee8, - 0x8e531e74, 0x75fe3578, 0x2f6d829a, 0xf60b21ae, - 0x95e8eb8d, 0x6699486b, 0x901d7d9b, 0xfd6d6e31, - 0x1090acef, 0xe0670dd8, 0xdab2e692, 0xcd6d4365, - 0xe5393514, 0x3af345f0, 0x6241fc4d, 0x460da3a3, - 0x7bcf3729, 0x8bf1d1e0, 0x14aac070, 0x1587ed55, - 0x3afd7d3e, 0xd2f29e01, 0x29a9d1f6, 0xefb10c53, - 0xcf3b870f, 0xb414935c, 0x664465ed, 0x024acac7, - 0x59a744c1, 0x1d2936a7, 0xdc580aa6, 0xcf574ca8, - 0x040a7a10, 0x6cd81807, 0x8a98be4c, 0xaccea063, - 0xc33e92b5, 0xd1e0e03d, 0xb322517e, 0x2092bd13, - 0x386b2c4a, 0x52e8dd58, 0x58656dfb, 0x50820371, - 0x41811896, 0xe337ef7e, 0xd39fb119, 0xc97f0df6, - 0x68fea01b, 0xa150a6e5, 0x55258962, 0xeb6ff41b, - 0xd7c9cd7a, 0xa619cd9e, 0xbcf09576, 0x2672c073, - 0xf003fb3c, 0x4ab7a50b, 0x1484126a, 0x487ba9b1, - 0xa64fc9c6, 0xf6957d49, 0x38b06a75, 0xdd805fcd, - 0x63d094cf, 0xf51c999e, 0x1aa4d343, 0xb8495294, - 0xce9f8e99, 0xbffcd770, 0xc7c275cc, 0x378453a7, - 0x7b21be33, 0x397f41bd, 0x4e94d131, 0x92cc1f98, - 0x5915ea51, 0x99f861b7, 0xc9980a88, 0x1d74fd5f, - 0xb0a495f8, 0x614deed0, 0xb5778eea, 0x5941792d, - 0xfa90c1f8, 0x33f824b4, 0xc4965372, 0x3ff6d550, - 0x4ca5fec0, 0x8630e964, 0x5b3fbbd6, 0x7da26a48, - 0xb203231a, 0x04297514, 0x2d639306, 0x2eb13149, - 0x16a45272, 0x532459a0, 0x8e5f4872, 0xf966c7d9, - 0x07128dc0, 0x0d44db62, 0xafc8d52d, 0x06316131, - 0xd838e7ce, 0x1bc41d00, 0x3a2e8c0f, 0xea83837e, - 0xb984737d, 0x13ba4891, 0xc4f8b949, 0xa6d6acb3, - 0xa215cdce, 0x8359838b, 0x6bd1aa31, 0xf579dd52, - 0x21b93f93, 0xf5176781, 0x187dfdde, 0xe94aeb76, - 0x2b38fd54, 0x431de1da, 0xab394825, 0x9ad3048f, - 0xdfea32aa, 0x659473e3, 0x623f7863, 0xf3346c59, - 0xab3ab685, 0x3346a90b, 0x6b56443e, 0xc6de01f8, - 0x8d421fc0, 0x9b0ed10c, 0x88f1a1e9, 0x54c1f029, - 0x7dead57b, 0x8d7ba426, 0x4cf5178a, 0x551a7cca, - 0x1a9a5f08, 0xfcd651b9, 0x25605182, 0xe11fc6c3, - 0xb6fd9676, 0x337b3027, 0xb7c8eb14, 0x9e5fd030, - 0x6b57e354, 0xad913cf7, 0x7e16688d, 0x58872a69, - 0x2c2fc7df, 0xe389ccc6, 0x30738df1, 0x0824a734, - 0xe1797a8b, 0xa4a8d57b, 0x5b5d193b, 0xc8a8309b, - 0x73f9a978, 0x73398d32, 0x0f59573e, 0xe9df2b03, - 0xe8a5b6c8, 0x848d0704, 0x98df93c2, 0x720a1dc3, - 0x684f259a, 0x943ba848, 0xa6370152, 0x863b5ea3, - 0xd17b978b, 0x6d9b58ef, 0x0a700dd4, 0xa73d36bf, - 0x8e6a0829, 0x8695bc14, 0xe35b3447, 0x933ac568, - 0x8894b022, 0x2f511c27, 0xddfbcc3c, 0x006662b6, - 0x117c83fe, 0x4e12b414, 0xc2bca766, 0x3a2fec10, - 0xf4562420, 0x55792e2a, 0x46f5d857, 0xceda25ce, - 0xc3601d3b, 0x6c00ab46, 0xefac9c28, 0xb3c35047, - 0x611dfee3, 0x257c3207, 0xfdd58482, 0x3b14d84f, - 0x23becb64, 0xa075f3a3, 0x088f8ead, 0x07adf158, - 0x7796943c, 0xfacabf3d, 0xc09730cd, 0xf7679969, - 0xda44e9ed, 0x2c854c12, 0x35935fa3, 0x2f057d9f, - 0x690624f8, 0x1cb0bafd, 0x7b0dbdc6, 0x810f23bb, - 0xfa929a1a, 0x6d969a17, 0x6742979b, 0x74ac7d05, - 0x010e65c4, 0x86a3d963, 0xf907b5a0, 0xd0042bd3, - 0x158d7d03, 0x287a8255, 0xbba8366f, 0x096edc33, - 0x21916a7b, 0x77b56b86, 0x951622f9, 0xa6c5e650, - 0x8cea17d1, 0xcd8c62bc, 0xa3d63433, 0x358a68fd, - 0x0f9b9d3c, 0xd6aa295b, 0xfe33384a, 0xc000738e, - 0xcd67eb2f, 0xe2eb6dc2, 0x97338b02, 0x06c9f246, - 0x419cf1ad, 0x2b83c045, 0x3723f18a, 0xcb5b3089, - 0x160bead7, 0x5d494656, 0x35f8a74b, 0x1e4e6c9e, - 0x000399bd, 0x67466880, 0xb4174831, 0xacf423b2, - 0xca815ab3, 0x5a6395e7, 0x302a67c5, 0x8bdb446b, - 0x108f8fa4, 0x10223eda, 0x92b8b48b, 0x7f38d0ee, - 0xab2701d4, 0x0262d415, 0xaf224a30, 0xb3d88aba, - 0xf8b2c3af, 0xdaf7ef70, 0xcc97d3b7, 0xe9614b6c, - 0x2baebff4, 0x70f687cf, 0x386c9156, 0xce092ee5, - 0x01e87da6, 0x6ce91e6a, 0xbb7bcc84, 0xc7922c20, - 0x9d3b71fd, 0x060e41c6, 0xd7590f15, 0x4e03bb47, - 0x183c198e, 0x63eeb240, 0x2ddbf49a, 0x6d5cba54, - 0x923750af, 0xf9e14236, 0x7838162b, 0x59726c72, - 0x81b66760, 0xbb2926c1, 0x48a0ce0d, 0xa6c0496d, - 0xad43507b, 0x718d496a, 0x9df057af, 0x44b1bde6, - 0x054356dc, 0xde7ced35, 0xd51a138b, 0x62088cc9, - 0x35830311, 0xc96efca2, 0x686f86ec, 0x8e77cb68, - 0x63e1d6b8, 0xc80f9778, 0x79c491fd, 0x1b4c67f2, - 0x72698d7d, 0x5e368c31, 0xf7d95e2e, 0xa1d3493f, - 0xdcd9433e, 0x896f1552, 0x4bc4ca7a, 0xa6d1baf4, - 0xa5a96dcc, 0x0bef8b46, 0xa169fda7, 0x74df40b7, - 0x4e208804, 0x9a756607, 0x038e87c8, 0x20211e44, - 0x8b7ad4bf, 0xc6403f35, 0x1848e36d, 0x80bdb038, - 0x1e62891c, 0x643d2107, 0xbf04d6f8, 0x21092c8c, - 0xf644f389, 0x0778404e, 0x7b78adb8, 0xa2c52d53, - 0x42157abe, 0xa2253e2e, 0x7bf3f4ae, 0x80f594f9, - 0x953194e7, 0x77eb92ed, 0xb3816930, 0xda8d9336, - 0xbf447469, 0xf26d9483, 0xee6faed5, 0x71371235, - 0xde425f73, 0xb4e59f43, 0x7dbe2d4e, 0x2d37b185, - 0x49dc9a63, 0x98c39d98, 0x1301c9a2, 0x389b1bbf, - 0x0c18588d, 0xa421c1ba, 0x7aa3865c, 0x71e08558, - 0x3c5cfcaa, 0x7d239ca4, 0x0297d9dd, 0xd7dc2830, - 0x4b37802b, 0x7428ab54, 0xaeee0347, 0x4b3fbb85, - 0x692f2f08, 0x134e578e, 0x36d9e0bf, 0xae8b5fcf, - 0xedb93ecf, 0x2b27248e, 0x170eb1ef, 0x7dc57fd6, - 0x1e760f16, 0xb1136601, 0x864e1b9b, 0xd7ea7319, - 0x3ab871bd, 0xcfa4d76f, 0xe31bd782, 0x0dbeb469, - 0xabb96061, 0x5370f85d, 0xffb07e37, 0xda30d0fb, - 0xebc977b6, 0x0b98b40f, 0x3a4d0fe6, 0xdf4fc26b, - 0x159cf22a, 0xc298d6e2, 0x2b78ef6a, 0x61a94ac0, - 0xab561187, 0x14eea0f0, 0xdf0d4164, 0x19af70ee -}; - -NAMESPACE_END diff --git a/cryptopp562/md2.cpp b/cryptopp562/md2.cpp deleted file mode 100644 index 41f714b..0000000 --- a/cryptopp562/md2.cpp +++ /dev/null @@ -1,120 +0,0 @@ -// md2.cpp - modified by Wei Dai from Andrew M. Kuchling's md2.c -// The original code and all modifications are in the public domain. - -// This is the original introductory comment: - -/* - * md2.c : MD2 hash algorithm. - * - * Part of the Python Cryptography Toolkit, version 1.1 - * - * Distribute and use freely; there are no restrictions on further - * dissemination and usage except those imposed by the laws of your - * country of residence. - * - */ - -#include "pch.h" -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "md2.h" - -NAMESPACE_BEGIN(CryptoPP) -namespace Weak1 { - -MD2::MD2() - : m_X(48), m_C(16), m_buf(16) -{ - Init(); -} - -void MD2::Init() -{ - memset(m_X, 0, 48); - memset(m_C, 0, 16); - memset(m_buf, 0, 16); - m_count = 0; -} - -void MD2::Update(const byte *buf, size_t len) -{ - static const byte S[256] = { - 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, - 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, - 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, - 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, - 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, - 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, - 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, - 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, - 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, - 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, - 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, - 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, - 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, - 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, - 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, - 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, - 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, - 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 - }; - - while (len) - { - unsigned int L = UnsignedMin(16U-m_count, len); - memcpy(m_buf+m_count, buf, L); - m_count+=L; - buf+=L; - len-=L; - if (m_count==16) - { - byte t; - int i,j; - - m_count=0; - memcpy(m_X+16, m_buf, 16); - t=m_C[15]; - for(i=0; i<16; i++) - { - m_X[32+i]=m_X[16+i]^m_X[i]; - t=m_C[i]^=S[m_buf[i]^t]; - } - - t=0; - for(i=0; i<18; i++) - { - for(j=0; j<48; j+=8) - { - t=m_X[j+0]^=S[t]; - t=m_X[j+1]^=S[t]; - t=m_X[j+2]^=S[t]; - t=m_X[j+3]^=S[t]; - t=m_X[j+4]^=S[t]; - t=m_X[j+5]^=S[t]; - t=m_X[j+6]^=S[t]; - t=m_X[j+7]^=S[t]; - } - t=(t+i) & 0xFF; - } - } - } -} - -void MD2::TruncatedFinal(byte *hash, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - byte padding[16]; - word32 padlen; - unsigned int i; - - padlen= 16-m_count; - for(i=0; i<padlen; i++) padding[i]=(byte)padlen; - Update(padding, padlen); - Update(m_C, 16); - memcpy(hash, m_X, size); - - Init(); -} - -} -NAMESPACE_END diff --git a/cryptopp562/md2.h b/cryptopp562/md2.h deleted file mode 100644 index b0837c8..0000000 --- a/cryptopp562/md2.h +++ /dev/null @@ -1,46 +0,0 @@ -#ifndef CRYPTOPP_MD2_H -#define CRYPTOPP_MD2_H - -#include "cryptlib.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -namespace Weak1 { - -/// <a href="http://www.cryptolounge.org/wiki/MD2">MD2</a> -class MD2 : public HashTransformation -{ -public: - MD2(); - void Update(const byte *input, size_t length); - void TruncatedFinal(byte *hash, size_t size); - unsigned int DigestSize() const {return DIGESTSIZE;} - unsigned int BlockSize() const {return BLOCKSIZE;} - static const char * StaticAlgorithmName() {return "MD2";} - - CRYPTOPP_CONSTANT(DIGESTSIZE = 16) - CRYPTOPP_CONSTANT(BLOCKSIZE = 16) - -private: - void Transform(); - void Init(); - SecByteBlock m_X, m_C, m_buf; - unsigned int m_count; -}; - -} -#if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1 -namespace Weak {using namespace Weak1;} // import Weak1 into CryptoPP::Weak -#else -using namespace Weak1; // import Weak1 into CryptoPP with warning -#ifdef __GNUC__ -#warning "You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning." -#else -#pragma message("You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning.") -#endif -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/md4.cpp b/cryptopp562/md4.cpp deleted file mode 100644 index 9ed639c..0000000 --- a/cryptopp562/md4.cpp +++ /dev/null @@ -1,110 +0,0 @@ -// md4.cpp - modified by Wei Dai from Andrew M. Kuchling's md4.c -// The original code and all modifications are in the public domain. - -// This is the original introductory comment: - -/* - * md4.c : MD4 hash algorithm. - * - * Part of the Python Cryptography Toolkit, version 1.1 - * - * Distribute and use freely; there are no restrictions on further - * dissemination and usage except those imposed by the laws of your - * country of residence. - * - */ - -#include "pch.h" -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "md4.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) -namespace Weak1 { - -void MD4::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xefcdab89L; - state[2] = 0x98badcfeL; - state[3] = 0x10325476L; -} - -void MD4::Transform (word32 *digest, const word32 *in) -{ -// #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) -#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) - - word32 A, B, C, D; - - A=digest[0]; - B=digest[1]; - C=digest[2]; - D=digest[3]; - -#define function(a,b,c,d,k,s) a=rotlFixed(a+F(b,c,d)+in[k],s); - function(A,B,C,D, 0, 3); - function(D,A,B,C, 1, 7); - function(C,D,A,B, 2,11); - function(B,C,D,A, 3,19); - function(A,B,C,D, 4, 3); - function(D,A,B,C, 5, 7); - function(C,D,A,B, 6,11); - function(B,C,D,A, 7,19); - function(A,B,C,D, 8, 3); - function(D,A,B,C, 9, 7); - function(C,D,A,B,10,11); - function(B,C,D,A,11,19); - function(A,B,C,D,12, 3); - function(D,A,B,C,13, 7); - function(C,D,A,B,14,11); - function(B,C,D,A,15,19); - -#undef function -#define function(a,b,c,d,k,s) a=rotlFixed(a+G(b,c,d)+in[k]+0x5a827999,s); - function(A,B,C,D, 0, 3); - function(D,A,B,C, 4, 5); - function(C,D,A,B, 8, 9); - function(B,C,D,A,12,13); - function(A,B,C,D, 1, 3); - function(D,A,B,C, 5, 5); - function(C,D,A,B, 9, 9); - function(B,C,D,A,13,13); - function(A,B,C,D, 2, 3); - function(D,A,B,C, 6, 5); - function(C,D,A,B,10, 9); - function(B,C,D,A,14,13); - function(A,B,C,D, 3, 3); - function(D,A,B,C, 7, 5); - function(C,D,A,B,11, 9); - function(B,C,D,A,15,13); - -#undef function -#define function(a,b,c,d,k,s) a=rotlFixed(a+H(b,c,d)+in[k]+0x6ed9eba1,s); - function(A,B,C,D, 0, 3); - function(D,A,B,C, 8, 9); - function(C,D,A,B, 4,11); - function(B,C,D,A,12,15); - function(A,B,C,D, 2, 3); - function(D,A,B,C,10, 9); - function(C,D,A,B, 6,11); - function(B,C,D,A,14,15); - function(A,B,C,D, 1, 3); - function(D,A,B,C, 9, 9); - function(C,D,A,B, 5,11); - function(B,C,D,A,13,15); - function(A,B,C,D, 3, 3); - function(D,A,B,C,11, 9); - function(C,D,A,B, 7,11); - function(B,C,D,A,15,15); - - digest[0]+=A; - digest[1]+=B; - digest[2]+=C; - digest[3]+=D; -} - -} -NAMESPACE_END diff --git a/cryptopp562/md4.h b/cryptopp562/md4.h deleted file mode 100644 index 5338700..0000000 --- a/cryptopp562/md4.h +++ /dev/null @@ -1,35 +0,0 @@ -#ifndef CRYPTOPP_MD4_H -#define CRYPTOPP_MD4_H - -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -namespace Weak1 { - -//! <a href="http://www.weidai.com/scan-mirror/md.html#MD4">MD4</a> -/*! \warning MD4 is considered insecure, and should not be used - unless you absolutely need it for compatibility. */ -class MD4 : public IteratedHashWithStaticTransform<word32, LittleEndian, 64, 16, MD4> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word32 *digest, const word32 *data); - static const char *StaticAlgorithmName() {return "MD4";} -}; - -} -#if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1 -namespace Weak {using namespace Weak1;} // import Weak1 into CryptoPP::Weak -#else -using namespace Weak1; // import Weak1 into CryptoPP with warning -#ifdef __GNUC__ -#warning "You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning." -#else -#pragma message("You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning.") -#endif -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/md5.cpp b/cryptopp562/md5.cpp deleted file mode 100644 index a522978..0000000 --- a/cryptopp562/md5.cpp +++ /dev/null @@ -1,118 +0,0 @@ -// md5.cpp - modified by Wei Dai from Colin Plumb's public domain md5.c -// any modifications are placed in the public domain - -#include "pch.h" -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "md5.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) -namespace Weak1 { - -void MD5_TestInstantiations() -{ - MD5 x; -} - -void MD5::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xefcdab89L; - state[2] = 0x98badcfeL; - state[3] = 0x10325476L; -} - -void MD5::Transform (word32 *digest, const word32 *in) -{ -// #define F1(x, y, z) (x & y | ~x & z) -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) - -#define MD5STEP(f, w, x, y, z, data, s) \ - w = rotlFixed(w + f(x, y, z) + data, s) + x - - word32 a, b, c, d; - - a=digest[0]; - b=digest[1]; - c=digest[2]; - d=digest[3]; - - MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); - - MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); - - digest[0]+=a; - digest[1]+=b; - digest[2]+=c; - digest[3]+=d; -} - -} -NAMESPACE_END diff --git a/cryptopp562/md5.h b/cryptopp562/md5.h deleted file mode 100644 index 73ec532..0000000 --- a/cryptopp562/md5.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef CRYPTOPP_MD5_H -#define CRYPTOPP_MD5_H - -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -namespace Weak1 { - -//! <a href="http://www.cryptolounge.org/wiki/MD5">MD5</a> -class MD5 : public IteratedHashWithStaticTransform<word32, LittleEndian, 64, 16, MD5> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word32 *digest, const word32 *data); - static const char * StaticAlgorithmName() {return "MD5";} -}; - -} -#if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1 -namespace Weak {using namespace Weak1;} // import Weak1 into CryptoPP::Weak -#else -using namespace Weak1; // import Weak1 into CryptoPP with warning -#ifdef __GNUC__ -#warning "You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning." -#else -#pragma message("You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning.") -#endif -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/mdc.h b/cryptopp562/mdc.h deleted file mode 100644 index cc90cdc..0000000 --- a/cryptopp562/mdc.h +++ /dev/null @@ -1,72 +0,0 @@ - // mdc.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_MDC_H -#define CRYPTOPP_MDC_H - -/** \file -*/ - -#include "seckey.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class T> -struct MDC_Info : public FixedBlockSize<T::DIGESTSIZE>, public FixedKeyLength<T::BLOCKSIZE> -{ - static std::string StaticAlgorithmName() {return std::string("MDC/")+T::StaticAlgorithmName();} -}; - -//! <a href="http://www.weidai.com/scan-mirror/cs.html#MDC">MDC</a> -/*! a construction by Peter Gutmann to turn an iterated hash function into a PRF */ -template <class T> -class MDC : public MDC_Info<T> -{ - class CRYPTOPP_NO_VTABLE Enc : public BlockCipherImpl<MDC_Info<T> > - { - typedef typename T::HashWordType HashWordType; - - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms) - { - this->AssertValidKeyLength(length); - memcpy_s(m_key, m_key.size(), userKey, this->KEYLENGTH); - T::CorrectEndianess(Key(), Key(), this->KEYLENGTH); - } - - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const - { - T::CorrectEndianess(Buffer(), (HashWordType *)inBlock, this->BLOCKSIZE); - T::Transform(Buffer(), Key()); - if (xorBlock) - { - T::CorrectEndianess(Buffer(), Buffer(), this->BLOCKSIZE); - xorbuf(outBlock, xorBlock, m_buffer, this->BLOCKSIZE); - } - else - T::CorrectEndianess((HashWordType *)outBlock, Buffer(), this->BLOCKSIZE); - } - - bool IsPermutation() const {return false;} - - unsigned int OptimalDataAlignment() const {return sizeof(HashWordType);} - - private: - HashWordType *Key() {return (HashWordType *)m_key.data();} - const HashWordType *Key() const {return (const HashWordType *)m_key.data();} - HashWordType *Buffer() const {return (HashWordType *)m_buffer.data();} - - // VC60 workaround: bug triggered if using FixedSizeAllocatorWithCleanup - FixedSizeSecBlock<byte, MDC_Info<T>::KEYLENGTH, AllocatorWithCleanup<byte> > m_key; - mutable FixedSizeSecBlock<byte, MDC_Info<T>::BLOCKSIZE, AllocatorWithCleanup<byte> > m_buffer; - }; - -public: - //! use BlockCipher interface - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/misc.cpp b/cryptopp562/misc.cpp deleted file mode 100644 index 3c2c2a5..0000000 --- a/cryptopp562/misc.cpp +++ /dev/null @@ -1,187 +0,0 @@ -// misc.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "misc.h" -#include "words.h" -#include <new> - -#if defined(CRYPTOPP_MEMALIGN_AVAILABLE) || defined(CRYPTOPP_MM_MALLOC_AVAILABLE) || defined(QNX) -#include <malloc.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -void xorbuf(byte *buf, const byte *mask, size_t count) -{ - size_t i; - - if (IsAligned<word32>(buf) && IsAligned<word32>(mask)) - { - if (!CRYPTOPP_BOOL_SLOW_WORD64 && IsAligned<word64>(buf) && IsAligned<word64>(mask)) - { - for (i=0; i<count/8; i++) - ((word64*)buf)[i] ^= ((word64*)mask)[i]; - count -= 8*i; - if (!count) - return; - buf += 8*i; - mask += 8*i; - } - - for (i=0; i<count/4; i++) - ((word32*)buf)[i] ^= ((word32*)mask)[i]; - count -= 4*i; - if (!count) - return; - buf += 4*i; - mask += 4*i; - } - - for (i=0; i<count; i++) - buf[i] ^= mask[i]; -} - -void xorbuf(byte *output, const byte *input, const byte *mask, size_t count) -{ - size_t i; - - if (IsAligned<word32>(output) && IsAligned<word32>(input) && IsAligned<word32>(mask)) - { - if (!CRYPTOPP_BOOL_SLOW_WORD64 && IsAligned<word64>(output) && IsAligned<word64>(input) && IsAligned<word64>(mask)) - { - for (i=0; i<count/8; i++) - ((word64*)output)[i] = ((word64*)input)[i] ^ ((word64*)mask)[i]; - count -= 8*i; - if (!count) - return; - output += 8*i; - input += 8*i; - mask += 8*i; - } - - for (i=0; i<count/4; i++) - ((word32*)output)[i] = ((word32*)input)[i] ^ ((word32*)mask)[i]; - count -= 4*i; - if (!count) - return; - output += 4*i; - input += 4*i; - mask += 4*i; - } - - for (i=0; i<count; i++) - output[i] = input[i] ^ mask[i]; -} - -bool VerifyBufsEqual(const byte *buf, const byte *mask, size_t count) -{ - size_t i; - byte acc8 = 0; - - if (IsAligned<word32>(buf) && IsAligned<word32>(mask)) - { - word32 acc32 = 0; - if (!CRYPTOPP_BOOL_SLOW_WORD64 && IsAligned<word64>(buf) && IsAligned<word64>(mask)) - { - word64 acc64 = 0; - for (i=0; i<count/8; i++) - acc64 |= ((word64*)buf)[i] ^ ((word64*)mask)[i]; - count -= 8*i; - if (!count) - return acc64 == 0; - buf += 8*i; - mask += 8*i; - acc32 = word32(acc64) | word32(acc64>>32); - } - - for (i=0; i<count/4; i++) - acc32 |= ((word32*)buf)[i] ^ ((word32*)mask)[i]; - count -= 4*i; - if (!count) - return acc32 == 0; - buf += 4*i; - mask += 4*i; - acc8 = byte(acc32) | byte(acc32>>8) | byte(acc32>>16) | byte(acc32>>24); - } - - for (i=0; i<count; i++) - acc8 |= buf[i] ^ mask[i]; - return acc8 == 0; -} - -#if !(defined(_MSC_VER) && (_MSC_VER < 1300)) -using std::new_handler; -using std::set_new_handler; -#endif - -void CallNewHandler() -{ - new_handler newHandler = set_new_handler(NULL); - if (newHandler) - set_new_handler(newHandler); - - if (newHandler) - newHandler(); - else - throw std::bad_alloc(); -} - -#if CRYPTOPP_BOOL_ALIGN16_ENABLED - -void * AlignedAllocate(size_t size) -{ - byte *p; -#ifdef CRYPTOPP_MM_MALLOC_AVAILABLE - while (!(p = (byte *)_mm_malloc(size, 16))) -#elif defined(CRYPTOPP_MEMALIGN_AVAILABLE) - while (!(p = (byte *)memalign(16, size))) -#elif defined(CRYPTOPP_MALLOC_ALIGNMENT_IS_16) - while (!(p = (byte *)malloc(size))) -#else - while (!(p = (byte *)malloc(size + 16))) -#endif - CallNewHandler(); - -#ifdef CRYPTOPP_NO_ALIGNED_ALLOC - size_t adjustment = 16-((size_t)p%16); - p += adjustment; - p[-1] = (byte)adjustment; -#endif - - assert(IsAlignedOn(p, 16)); - return p; -} - -void AlignedDeallocate(void *p) -{ -#ifdef CRYPTOPP_MM_MALLOC_AVAILABLE - _mm_free(p); -#elif defined(CRYPTOPP_NO_ALIGNED_ALLOC) - p = (byte *)p - ((byte *)p)[-1]; - free(p); -#else - free(p); -#endif -} - -#endif - -void * UnalignedAllocate(size_t size) -{ - void *p; - while (!(p = malloc(size))) - CallNewHandler(); - return p; -} - -void UnalignedDeallocate(void *p) -{ - free(p); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/misc.h b/cryptopp562/misc.h deleted file mode 100644 index 2b326dd..0000000 --- a/cryptopp562/misc.h +++ /dev/null @@ -1,1282 +0,0 @@ -#ifndef CRYPTOPP_MISC_H -#define CRYPTOPP_MISC_H - -#include "cryptlib.h" -#include "smartptr.h" -#include <string.h> // for memcpy and memmove - -#ifdef _MSC_VER - #if _MSC_VER >= 1400 - // VC2005 workaround: disable declarations that conflict with winnt.h - #define _interlockedbittestandset CRYPTOPP_DISABLED_INTRINSIC_1 - #define _interlockedbittestandreset CRYPTOPP_DISABLED_INTRINSIC_2 - #define _interlockedbittestandset64 CRYPTOPP_DISABLED_INTRINSIC_3 - #define _interlockedbittestandreset64 CRYPTOPP_DISABLED_INTRINSIC_4 - #include <intrin.h> - #undef _interlockedbittestandset - #undef _interlockedbittestandreset - #undef _interlockedbittestandset64 - #undef _interlockedbittestandreset64 - #define CRYPTOPP_FAST_ROTATE(x) 1 - #elif _MSC_VER >= 1300 - #define CRYPTOPP_FAST_ROTATE(x) ((x) == 32 | (x) == 64) - #else - #define CRYPTOPP_FAST_ROTATE(x) ((x) == 32) - #endif -#elif (defined(__MWERKS__) && TARGET_CPU_PPC) || \ - (defined(__GNUC__) && (defined(_ARCH_PWR2) || defined(_ARCH_PWR) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || defined(_ARCH_COM))) - #define CRYPTOPP_FAST_ROTATE(x) ((x) == 32) -#elif defined(__GNUC__) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86) // depend on GCC's peephole optimization to generate rotate instructions - #define CRYPTOPP_FAST_ROTATE(x) 1 -#else - #define CRYPTOPP_FAST_ROTATE(x) 0 -#endif - -#ifdef __BORLANDC__ -#include <mem.h> -#endif - -#if defined(__GNUC__) && defined(__linux__) -#define CRYPTOPP_BYTESWAP_AVAILABLE -#include <byteswap.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -// ************** compile-time assertion *************** - -template <bool b> -struct CompileAssert -{ - static char dummy[2*b-1]; -}; - -#define CRYPTOPP_COMPILE_ASSERT(assertion) CRYPTOPP_COMPILE_ASSERT_INSTANCE(assertion, __LINE__) -#if defined(CRYPTOPP_EXPORTS) || defined(CRYPTOPP_IMPORTS) -#define CRYPTOPP_COMPILE_ASSERT_INSTANCE(assertion, instance) -#else -#define CRYPTOPP_COMPILE_ASSERT_INSTANCE(assertion, instance) static CompileAssert<(assertion)> CRYPTOPP_ASSERT_JOIN(cryptopp_assert_, instance) -#endif -#define CRYPTOPP_ASSERT_JOIN(X, Y) CRYPTOPP_DO_ASSERT_JOIN(X, Y) -#define CRYPTOPP_DO_ASSERT_JOIN(X, Y) X##Y - -// ************** misc classes *************** - -class CRYPTOPP_DLL Empty -{ -}; - -//! _ -template <class BASE1, class BASE2> -class CRYPTOPP_NO_VTABLE TwoBases : public BASE1, public BASE2 -{ -}; - -//! _ -template <class BASE1, class BASE2, class BASE3> -class CRYPTOPP_NO_VTABLE ThreeBases : public BASE1, public BASE2, public BASE3 -{ -}; - -template <class T> -class ObjectHolder -{ -protected: - T m_object; -}; - -class NotCopyable -{ -public: - NotCopyable() {} -private: - NotCopyable(const NotCopyable &); - void operator=(const NotCopyable &); -}; - -template <class T> -struct NewObject -{ - T* operator()() const {return new T;} -}; - -/*! This function safely initializes a static object in a multithreaded environment without using locks (for portability). - Note that if two threads call Ref() at the same time, they may get back different references, and one object - may end up being memory leaked. This is by design. -*/ -template <class T, class F = NewObject<T>, int instance=0> -class Singleton -{ -public: - Singleton(F objectFactory = F()) : m_objectFactory(objectFactory) {} - - // prevent this function from being inlined - CRYPTOPP_NOINLINE const T & Ref(CRYPTOPP_NOINLINE_DOTDOTDOT) const; - -private: - F m_objectFactory; -}; - -template <class T, class F, int instance> -const T & Singleton<T, F, instance>::Ref(CRYPTOPP_NOINLINE_DOTDOTDOT) const -{ - static volatile simple_ptr<T> s_pObject; - T *p = s_pObject.m_p; - - if (p) - return *p; - - T *newObject = m_objectFactory(); - p = s_pObject.m_p; - - if (p) - { - delete newObject; - return *p; - } - - s_pObject.m_p = newObject; - return *newObject; -} - -// ************** misc functions *************** - -#if (!__STDC_WANT_SECURE_LIB__ && !defined(_MEMORY_S_DEFINED)) -inline void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count) -{ - if (count > sizeInBytes) - throw InvalidArgument("memcpy_s: buffer overflow"); - memcpy(dest, src, count); -} - -inline void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t count) -{ - if (count > sizeInBytes) - throw InvalidArgument("memmove_s: buffer overflow"); - memmove(dest, src, count); -} - -#if __BORLANDC__ >= 0x620 -// C++Builder 2010 workaround: can't use std::memcpy_s because it doesn't allow 0 lengths -#define memcpy_s CryptoPP::memcpy_s -#define memmove_s CryptoPP::memmove_s -#endif -#endif - -inline void * memset_z(void *ptr, int value, size_t num) -{ -// avoid extranous warning on GCC 4.3.2 Ubuntu 8.10 -#if CRYPTOPP_GCC_VERSION >= 30001 - if (__builtin_constant_p(num) && num==0) - return ptr; -#endif - return memset(ptr, value, num); -} - -// can't use std::min or std::max in MSVC60 or Cygwin 1.1.0 -template <class T> inline const T& STDMIN(const T& a, const T& b) -{ - return b < a ? b : a; -} - -template <class T1, class T2> inline const T1 UnsignedMin(const T1& a, const T2& b) -{ - CRYPTOPP_COMPILE_ASSERT((sizeof(T1)<=sizeof(T2) && T2(-1)>0) || (sizeof(T1)>sizeof(T2) && T1(-1)>0)); - assert(a==0 || a>0); // GCC workaround: get rid of the warning "comparison is always true due to limited range of data type" - assert(b>=0); - - if (sizeof(T1)<=sizeof(T2)) - return b < (T2)a ? (T1)b : a; - else - return (T1)b < a ? (T1)b : a; -} - -template <class T> inline const T& STDMAX(const T& a, const T& b) -{ - return a < b ? b : a; -} - -#define RETURN_IF_NONZERO(x) size_t returnedValue = x; if (returnedValue) return returnedValue - -// this version of the macro is fastest on Pentium 3 and Pentium 4 with MSVC 6 SP5 w/ Processor Pack -#define GETBYTE(x, y) (unsigned int)byte((x)>>(8*(y))) -// these may be faster on other CPUs/compilers -// #define GETBYTE(x, y) (unsigned int)(((x)>>(8*(y)))&255) -// #define GETBYTE(x, y) (((byte *)&(x))[y]) - -#define CRYPTOPP_GET_BYTE_AS_BYTE(x, y) byte((x)>>(8*(y))) - -template <class T> -unsigned int Parity(T value) -{ - for (unsigned int i=8*sizeof(value)/2; i>0; i/=2) - value ^= value >> i; - return (unsigned int)value&1; -} - -template <class T> -unsigned int BytePrecision(const T &value) -{ - if (!value) - return 0; - - unsigned int l=0, h=8*sizeof(value); - - while (h-l > 8) - { - unsigned int t = (l+h)/2; - if (value >> t) - l = t; - else - h = t; - } - - return h/8; -} - -template <class T> -unsigned int BitPrecision(const T &value) -{ - if (!value) - return 0; - - unsigned int l=0, h=8*sizeof(value); - - while (h-l > 1) - { - unsigned int t = (l+h)/2; - if (value >> t) - l = t; - else - h = t; - } - - return h; -} - -inline unsigned int TrailingZeros(word32 v) -{ -#if defined(__GNUC__) && CRYPTOPP_GCC_VERSION >= 30400 - return __builtin_ctz(v); -#elif defined(_MSC_VER) && _MSC_VER >= 1400 - unsigned long result; - _BitScanForward(&result, v); - return result; -#else - // from http://graphics.stanford.edu/~seander/bithacks.html#ZerosOnRightMultLookup - static const int MultiplyDeBruijnBitPosition[32] = - { - 0, 1, 28, 2, 29, 14, 24, 3, 30, 22, 20, 15, 25, 17, 4, 8, - 31, 27, 13, 23, 21, 19, 16, 7, 26, 12, 18, 6, 11, 5, 10, 9 - }; - return MultiplyDeBruijnBitPosition[((word32)((v & -v) * 0x077CB531U)) >> 27]; -#endif -} - -inline unsigned int TrailingZeros(word64 v) -{ -#if defined(__GNUC__) && CRYPTOPP_GCC_VERSION >= 30400 - return __builtin_ctzll(v); -#elif defined(_MSC_VER) && _MSC_VER >= 1400 && (defined(_M_X64) || defined(_M_IA64)) - unsigned long result; - _BitScanForward64(&result, v); - return result; -#else - return word32(v) ? TrailingZeros(word32(v)) : 32 + TrailingZeros(word32(v>>32)); -#endif -} - -template <class T> -inline T Crop(T value, size_t size) -{ - if (size < 8*sizeof(value)) - return T(value & ((T(1) << size) - 1)); - else - return value; -} - -template <class T1, class T2> -inline bool SafeConvert(T1 from, T2 &to) -{ - to = (T2)from; - if (from != to || (from > 0) != (to > 0)) - return false; - return true; -} - -inline size_t BitsToBytes(size_t bitCount) -{ - return ((bitCount+7)/(8)); -} - -inline size_t BytesToWords(size_t byteCount) -{ - return ((byteCount+WORD_SIZE-1)/WORD_SIZE); -} - -inline size_t BitsToWords(size_t bitCount) -{ - return ((bitCount+WORD_BITS-1)/(WORD_BITS)); -} - -inline size_t BitsToDwords(size_t bitCount) -{ - return ((bitCount+2*WORD_BITS-1)/(2*WORD_BITS)); -} - -CRYPTOPP_DLL void CRYPTOPP_API xorbuf(byte *buf, const byte *mask, size_t count); -CRYPTOPP_DLL void CRYPTOPP_API xorbuf(byte *output, const byte *input, const byte *mask, size_t count); - -CRYPTOPP_DLL bool CRYPTOPP_API VerifyBufsEqual(const byte *buf1, const byte *buf2, size_t count); - -template <class T> -inline bool IsPowerOf2(const T &n) -{ - return n > 0 && (n & (n-1)) == 0; -} - -template <class T1, class T2> -inline T2 ModPowerOf2(const T1 &a, const T2 &b) -{ - assert(IsPowerOf2(b)); - return T2(a) & (b-1); -} - -template <class T1, class T2> -inline T1 RoundDownToMultipleOf(const T1 &n, const T2 &m) -{ - if (IsPowerOf2(m)) - return n - ModPowerOf2(n, m); - else - return n - n%m; -} - -template <class T1, class T2> -inline T1 RoundUpToMultipleOf(const T1 &n, const T2 &m) -{ - if (n+m-1 < n) - throw InvalidArgument("RoundUpToMultipleOf: integer overflow"); - return RoundDownToMultipleOf(n+m-1, m); -} - -template <class T> -inline unsigned int GetAlignmentOf(T *dummy=NULL) // VC60 workaround -{ -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - if (sizeof(T) < 16) - return 1; -#endif - -#if (_MSC_VER >= 1300) - return __alignof(T); -#elif defined(__GNUC__) - return __alignof__(T); -#elif CRYPTOPP_BOOL_SLOW_WORD64 - return UnsignedMin(4U, sizeof(T)); -#else - return sizeof(T); -#endif -} - -inline bool IsAlignedOn(const void *p, unsigned int alignment) -{ - return alignment==1 || (IsPowerOf2(alignment) ? ModPowerOf2((size_t)p, alignment) == 0 : (size_t)p % alignment == 0); -} - -template <class T> -inline bool IsAligned(const void *p, T *dummy=NULL) // VC60 workaround -{ - return IsAlignedOn(p, GetAlignmentOf<T>()); -} - -#ifdef IS_LITTLE_ENDIAN - typedef LittleEndian NativeByteOrder; -#else - typedef BigEndian NativeByteOrder; -#endif - -inline ByteOrder GetNativeByteOrder() -{ - return NativeByteOrder::ToEnum(); -} - -inline bool NativeByteOrderIs(ByteOrder order) -{ - return order == GetNativeByteOrder(); -} - -template <class T> -std::string IntToString(T a, unsigned int base = 10) -{ - if (a == 0) - return "0"; - bool negate = false; - if (a < 0) - { - negate = true; - a = 0-a; // VC .NET does not like -a - } - std::string result; - while (a > 0) - { - T digit = a % base; - result = char((digit < 10 ? '0' : ('a' - 10)) + digit) + result; - a /= base; - } - if (negate) - result = "-" + result; - return result; -} - -template <class T1, class T2> -inline T1 SaturatingSubtract(const T1 &a, const T2 &b) -{ - return T1((a > b) ? (a - b) : 0); -} - -template <class T> -inline CipherDir GetCipherDir(const T &obj) -{ - return obj.IsForwardTransformation() ? ENCRYPTION : DECRYPTION; -} - -CRYPTOPP_DLL void CRYPTOPP_API CallNewHandler(); - -inline void IncrementCounterByOne(byte *inout, unsigned int s) -{ - for (int i=s-1, carry=1; i>=0 && carry; i--) - carry = !++inout[i]; -} - -inline void IncrementCounterByOne(byte *output, const byte *input, unsigned int s) -{ - int i, carry; - for (i=s-1, carry=1; i>=0 && carry; i--) - carry = ((output[i] = input[i]+1) == 0); - memcpy_s(output, s, input, i+1); -} - -template <class T> -inline void ConditionalSwap(bool c, T &a, T &b) -{ - T t = c * (a ^ b); - a ^= t; - b ^= t; -} - -template <class T> -inline void ConditionalSwapPointers(bool c, T &a, T &b) -{ - ptrdiff_t t = c * (a - b); - a -= t; - b += t; -} - -// see http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/protect-secrets.html -// and https://www.securecoding.cert.org/confluence/display/cplusplus/MSC06-CPP.+Be+aware+of+compiler+optimization+when+dealing+with+sensitive+data -template <class T> -void SecureWipeBuffer(T *buf, size_t n) -{ - // GCC 4.3.2 on Cygwin optimizes away the first store if this loop is done in the forward direction - volatile T *p = buf+n; - while (n--) - *(--p) = 0; -} - -#if (_MSC_VER >= 1400 || defined(__GNUC__)) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86) - -template<> inline void SecureWipeBuffer(byte *buf, size_t n) -{ - volatile byte *p = buf; -#ifdef __GNUC__ - asm volatile("rep stosb" : "+c"(n), "+D"(p) : "a"(0) : "memory"); -#else - __stosb((byte *)(size_t)p, 0, n); -#endif -} - -template<> inline void SecureWipeBuffer(word16 *buf, size_t n) -{ - volatile word16 *p = buf; -#ifdef __GNUC__ - asm volatile("rep stosw" : "+c"(n), "+D"(p) : "a"(0) : "memory"); -#else - __stosw((word16 *)(size_t)p, 0, n); -#endif -} - -template<> inline void SecureWipeBuffer(word32 *buf, size_t n) -{ - volatile word32 *p = buf; -#ifdef __GNUC__ - asm volatile("rep stosl" : "+c"(n), "+D"(p) : "a"(0) : "memory"); -#else - __stosd((unsigned long *)(size_t)p, 0, n); -#endif -} - -template<> inline void SecureWipeBuffer(word64 *buf, size_t n) -{ -#if CRYPTOPP_BOOL_X64 - volatile word64 *p = buf; -#ifdef __GNUC__ - asm volatile("rep stosq" : "+c"(n), "+D"(p) : "a"(0) : "memory"); -#else - __stosq((word64 *)(size_t)p, 0, n); -#endif -#else - SecureWipeBuffer((word32 *)buf, 2*n); -#endif -} - -#endif // #if (_MSC_VER >= 1400 || defined(__GNUC__)) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86) - -template <class T> -inline void SecureWipeArray(T *buf, size_t n) -{ - if (sizeof(T) % 8 == 0 && GetAlignmentOf<T>() % GetAlignmentOf<word64>() == 0) - SecureWipeBuffer((word64 *)buf, n * (sizeof(T)/8)); - else if (sizeof(T) % 4 == 0 && GetAlignmentOf<T>() % GetAlignmentOf<word32>() == 0) - SecureWipeBuffer((word32 *)buf, n * (sizeof(T)/4)); - else if (sizeof(T) % 2 == 0 && GetAlignmentOf<T>() % GetAlignmentOf<word16>() == 0) - SecureWipeBuffer((word16 *)buf, n * (sizeof(T)/2)); - else - SecureWipeBuffer((byte *)buf, n * sizeof(T)); -} - -// this function uses wcstombs(), which assumes that setlocale() has been called -static std::string StringNarrow(const wchar_t *str, bool throwOnError = true) -{ -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning(disable: 4996) // 'wcstombs': This function or variable may be unsafe. -#endif - size_t size = wcstombs(NULL, str, 0); - if (size == size_t(0)-1) - { - if (throwOnError) - throw InvalidArgument("StringNarrow: wcstombs() call failed"); - else - return std::string(); - } - std::string result(size, 0); - wcstombs(&result[0], str, size); - return result; -#ifdef _MSC_VER -#pragma warning(pop) -#endif -} - -#if CRYPTOPP_BOOL_ALIGN16_ENABLED -CRYPTOPP_DLL void * CRYPTOPP_API AlignedAllocate(size_t size); -CRYPTOPP_DLL void CRYPTOPP_API AlignedDeallocate(void *p); -#endif - -CRYPTOPP_DLL void * CRYPTOPP_API UnalignedAllocate(size_t size); -CRYPTOPP_DLL void CRYPTOPP_API UnalignedDeallocate(void *p); - -// ************** rotate functions *************** - -template <class T> inline T rotlFixed(T x, unsigned int y) -{ - assert(y < sizeof(T)*8); - return y ? T((x<<y) | (x>>(sizeof(T)*8-y))) : x; -} - -template <class T> inline T rotrFixed(T x, unsigned int y) -{ - assert(y < sizeof(T)*8); - return y ? T((x>>y) | (x<<(sizeof(T)*8-y))) : x; -} - -template <class T> inline T rotlVariable(T x, unsigned int y) -{ - assert(y < sizeof(T)*8); - return T((x<<y) | (x>>(sizeof(T)*8-y))); -} - -template <class T> inline T rotrVariable(T x, unsigned int y) -{ - assert(y < sizeof(T)*8); - return T((x>>y) | (x<<(sizeof(T)*8-y))); -} - -template <class T> inline T rotlMod(T x, unsigned int y) -{ - y %= sizeof(T)*8; - return T((x<<y) | (x>>(sizeof(T)*8-y))); -} - -template <class T> inline T rotrMod(T x, unsigned int y) -{ - y %= sizeof(T)*8; - return T((x>>y) | (x<<(sizeof(T)*8-y))); -} - -#ifdef _MSC_VER - -template<> inline word32 rotlFixed<word32>(word32 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _lrotl(x, y) : x; -} - -template<> inline word32 rotrFixed<word32>(word32 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _lrotr(x, y) : x; -} - -template<> inline word32 rotlVariable<word32>(word32 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _lrotl(x, y); -} - -template<> inline word32 rotrVariable<word32>(word32 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _lrotr(x, y); -} - -template<> inline word32 rotlMod<word32>(word32 x, unsigned int y) -{ - return _lrotl(x, y); -} - -template<> inline word32 rotrMod<word32>(word32 x, unsigned int y) -{ - return _lrotr(x, y); -} - -#endif // #ifdef _MSC_VER - -#if _MSC_VER >= 1300 && !defined(__INTEL_COMPILER) -// Intel C++ Compiler 10.0 calls a function instead of using the rotate instruction when using these instructions - -template<> inline word64 rotlFixed<word64>(word64 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _rotl64(x, y) : x; -} - -template<> inline word64 rotrFixed<word64>(word64 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _rotr64(x, y) : x; -} - -template<> inline word64 rotlVariable<word64>(word64 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _rotl64(x, y); -} - -template<> inline word64 rotrVariable<word64>(word64 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _rotr64(x, y); -} - -template<> inline word64 rotlMod<word64>(word64 x, unsigned int y) -{ - return _rotl64(x, y); -} - -template<> inline word64 rotrMod<word64>(word64 x, unsigned int y) -{ - return _rotr64(x, y); -} - -#endif // #if _MSC_VER >= 1310 - -#if _MSC_VER >= 1400 && !defined(__INTEL_COMPILER) -// Intel C++ Compiler 10.0 gives undefined externals with these - -template<> inline word16 rotlFixed<word16>(word16 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _rotl16(x, y) : x; -} - -template<> inline word16 rotrFixed<word16>(word16 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _rotr16(x, y) : x; -} - -template<> inline word16 rotlVariable<word16>(word16 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _rotl16(x, y); -} - -template<> inline word16 rotrVariable<word16>(word16 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _rotr16(x, y); -} - -template<> inline word16 rotlMod<word16>(word16 x, unsigned int y) -{ - return _rotl16(x, y); -} - -template<> inline word16 rotrMod<word16>(word16 x, unsigned int y) -{ - return _rotr16(x, y); -} - -template<> inline byte rotlFixed<byte>(byte x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _rotl8(x, y) : x; -} - -template<> inline byte rotrFixed<byte>(byte x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _rotr8(x, y) : x; -} - -template<> inline byte rotlVariable<byte>(byte x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _rotl8(x, y); -} - -template<> inline byte rotrVariable<byte>(byte x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _rotr8(x, y); -} - -template<> inline byte rotlMod<byte>(byte x, unsigned int y) -{ - return _rotl8(x, y); -} - -template<> inline byte rotrMod<byte>(byte x, unsigned int y) -{ - return _rotr8(x, y); -} - -#endif // #if _MSC_VER >= 1400 - -#if (defined(__MWERKS__) && TARGET_CPU_PPC) - -template<> inline word32 rotlFixed<word32>(word32 x, unsigned int y) -{ - assert(y < 32); - return y ? __rlwinm(x,y,0,31) : x; -} - -template<> inline word32 rotrFixed<word32>(word32 x, unsigned int y) -{ - assert(y < 32); - return y ? __rlwinm(x,32-y,0,31) : x; -} - -template<> inline word32 rotlVariable<word32>(word32 x, unsigned int y) -{ - assert(y < 32); - return (__rlwnm(x,y,0,31)); -} - -template<> inline word32 rotrVariable<word32>(word32 x, unsigned int y) -{ - assert(y < 32); - return (__rlwnm(x,32-y,0,31)); -} - -template<> inline word32 rotlMod<word32>(word32 x, unsigned int y) -{ - return (__rlwnm(x,y,0,31)); -} - -template<> inline word32 rotrMod<word32>(word32 x, unsigned int y) -{ - return (__rlwnm(x,32-y,0,31)); -} - -#endif // #if (defined(__MWERKS__) && TARGET_CPU_PPC) - -// ************** endian reversal *************** - -template <class T> -inline unsigned int GetByte(ByteOrder order, T value, unsigned int index) -{ - if (order == LITTLE_ENDIAN_ORDER) - return GETBYTE(value, index); - else - return GETBYTE(value, sizeof(T)-index-1); -} - -inline byte ByteReverse(byte value) -{ - return value; -} - -inline word16 ByteReverse(word16 value) -{ -#ifdef CRYPTOPP_BYTESWAP_AVAILABLE - return bswap_16(value); -#elif defined(_MSC_VER) && _MSC_VER >= 1300 - return _byteswap_ushort(value); -#else - return rotlFixed(value, 8U); -#endif -} - -inline word32 ByteReverse(word32 value) -{ -#if defined(__GNUC__) && defined(CRYPTOPP_X86_ASM_AVAILABLE) - __asm__ ("bswap %0" : "=r" (value) : "0" (value)); - return value; -#elif defined(CRYPTOPP_BYTESWAP_AVAILABLE) - return bswap_32(value); -#elif defined(__MWERKS__) && TARGET_CPU_PPC - return (word32)__lwbrx(&value,0); -#elif _MSC_VER >= 1400 || (_MSC_VER >= 1300 && !defined(_DLL)) - return _byteswap_ulong(value); -#elif CRYPTOPP_FAST_ROTATE(32) - // 5 instructions with rotate instruction, 9 without - return (rotrFixed(value, 8U) & 0xff00ff00) | (rotlFixed(value, 8U) & 0x00ff00ff); -#else - // 6 instructions with rotate instruction, 8 without - value = ((value & 0xFF00FF00) >> 8) | ((value & 0x00FF00FF) << 8); - return rotlFixed(value, 16U); -#endif -} - -inline word64 ByteReverse(word64 value) -{ -#if defined(__GNUC__) && defined(CRYPTOPP_X86_ASM_AVAILABLE) && defined(__x86_64__) - __asm__ ("bswap %0" : "=r" (value) : "0" (value)); - return value; -#elif defined(CRYPTOPP_BYTESWAP_AVAILABLE) - return bswap_64(value); -#elif defined(_MSC_VER) && _MSC_VER >= 1300 - return _byteswap_uint64(value); -#elif CRYPTOPP_BOOL_SLOW_WORD64 - return (word64(ByteReverse(word32(value))) << 32) | ByteReverse(word32(value>>32)); -#else - value = ((value & W64LIT(0xFF00FF00FF00FF00)) >> 8) | ((value & W64LIT(0x00FF00FF00FF00FF)) << 8); - value = ((value & W64LIT(0xFFFF0000FFFF0000)) >> 16) | ((value & W64LIT(0x0000FFFF0000FFFF)) << 16); - return rotlFixed(value, 32U); -#endif -} - -inline byte BitReverse(byte value) -{ - value = ((value & 0xAA) >> 1) | ((value & 0x55) << 1); - value = ((value & 0xCC) >> 2) | ((value & 0x33) << 2); - return rotlFixed(value, 4U); -} - -inline word16 BitReverse(word16 value) -{ - value = ((value & 0xAAAA) >> 1) | ((value & 0x5555) << 1); - value = ((value & 0xCCCC) >> 2) | ((value & 0x3333) << 2); - value = ((value & 0xF0F0) >> 4) | ((value & 0x0F0F) << 4); - return ByteReverse(value); -} - -inline word32 BitReverse(word32 value) -{ - value = ((value & 0xAAAAAAAA) >> 1) | ((value & 0x55555555) << 1); - value = ((value & 0xCCCCCCCC) >> 2) | ((value & 0x33333333) << 2); - value = ((value & 0xF0F0F0F0) >> 4) | ((value & 0x0F0F0F0F) << 4); - return ByteReverse(value); -} - -inline word64 BitReverse(word64 value) -{ -#if CRYPTOPP_BOOL_SLOW_WORD64 - return (word64(BitReverse(word32(value))) << 32) | BitReverse(word32(value>>32)); -#else - value = ((value & W64LIT(0xAAAAAAAAAAAAAAAA)) >> 1) | ((value & W64LIT(0x5555555555555555)) << 1); - value = ((value & W64LIT(0xCCCCCCCCCCCCCCCC)) >> 2) | ((value & W64LIT(0x3333333333333333)) << 2); - value = ((value & W64LIT(0xF0F0F0F0F0F0F0F0)) >> 4) | ((value & W64LIT(0x0F0F0F0F0F0F0F0F)) << 4); - return ByteReverse(value); -#endif -} - -template <class T> -inline T BitReverse(T value) -{ - if (sizeof(T) == 1) - return (T)BitReverse((byte)value); - else if (sizeof(T) == 2) - return (T)BitReverse((word16)value); - else if (sizeof(T) == 4) - return (T)BitReverse((word32)value); - else - { - assert(sizeof(T) == 8); - return (T)BitReverse((word64)value); - } -} - -template <class T> -inline T ConditionalByteReverse(ByteOrder order, T value) -{ - return NativeByteOrderIs(order) ? value : ByteReverse(value); -} - -template <class T> -void ByteReverse(T *out, const T *in, size_t byteCount) -{ - assert(byteCount % sizeof(T) == 0); - size_t count = byteCount/sizeof(T); - for (size_t i=0; i<count; i++) - out[i] = ByteReverse(in[i]); -} - -template <class T> -inline void ConditionalByteReverse(ByteOrder order, T *out, const T *in, size_t byteCount) -{ - if (!NativeByteOrderIs(order)) - ByteReverse(out, in, byteCount); - else if (in != out) - memcpy_s(out, byteCount, in, byteCount); -} - -template <class T> -inline void GetUserKey(ByteOrder order, T *out, size_t outlen, const byte *in, size_t inlen) -{ - const size_t U = sizeof(T); - assert(inlen <= outlen*U); - memcpy_s(out, outlen*U, in, inlen); - memset_z((byte *)out+inlen, 0, outlen*U-inlen); - ConditionalByteReverse(order, out, out, RoundUpToMultipleOf(inlen, U)); -} - -#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS -inline byte UnalignedGetWordNonTemplate(ByteOrder order, const byte *block, const byte *) -{ - return block[0]; -} - -inline word16 UnalignedGetWordNonTemplate(ByteOrder order, const byte *block, const word16 *) -{ - return (order == BIG_ENDIAN_ORDER) - ? block[1] | (block[0] << 8) - : block[0] | (block[1] << 8); -} - -inline word32 UnalignedGetWordNonTemplate(ByteOrder order, const byte *block, const word32 *) -{ - return (order == BIG_ENDIAN_ORDER) - ? word32(block[3]) | (word32(block[2]) << 8) | (word32(block[1]) << 16) | (word32(block[0]) << 24) - : word32(block[0]) | (word32(block[1]) << 8) | (word32(block[2]) << 16) | (word32(block[3]) << 24); -} - -inline word64 UnalignedGetWordNonTemplate(ByteOrder order, const byte *block, const word64 *) -{ - return (order == BIG_ENDIAN_ORDER) - ? - (word64(block[7]) | - (word64(block[6]) << 8) | - (word64(block[5]) << 16) | - (word64(block[4]) << 24) | - (word64(block[3]) << 32) | - (word64(block[2]) << 40) | - (word64(block[1]) << 48) | - (word64(block[0]) << 56)) - : - (word64(block[0]) | - (word64(block[1]) << 8) | - (word64(block[2]) << 16) | - (word64(block[3]) << 24) | - (word64(block[4]) << 32) | - (word64(block[5]) << 40) | - (word64(block[6]) << 48) | - (word64(block[7]) << 56)); -} - -inline void UnalignedPutWordNonTemplate(ByteOrder order, byte *block, byte value, const byte *xorBlock) -{ - block[0] = xorBlock ? (value ^ xorBlock[0]) : value; -} - -inline void UnalignedPutWordNonTemplate(ByteOrder order, byte *block, word16 value, const byte *xorBlock) -{ - if (order == BIG_ENDIAN_ORDER) - { - if (xorBlock) - { - block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - } - else - { - block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - } - } - else - { - if (xorBlock) - { - block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - } - else - { - block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - } - } -} - -inline void UnalignedPutWordNonTemplate(ByteOrder order, byte *block, word32 value, const byte *xorBlock) -{ - if (order == BIG_ENDIAN_ORDER) - { - if (xorBlock) - { - block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[2] = xorBlock[2] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[3] = xorBlock[3] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - } - else - { - block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[2] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[3] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - } - } - else - { - if (xorBlock) - { - block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[2] = xorBlock[2] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[3] = xorBlock[3] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - } - else - { - block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[2] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[3] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - } - } -} - -inline void UnalignedPutWordNonTemplate(ByteOrder order, byte *block, word64 value, const byte *xorBlock) -{ - if (order == BIG_ENDIAN_ORDER) - { - if (xorBlock) - { - block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 7); - block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 6); - block[2] = xorBlock[2] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 5); - block[3] = xorBlock[3] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 4); - block[4] = xorBlock[4] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - block[5] = xorBlock[5] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[6] = xorBlock[6] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[7] = xorBlock[7] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - } - else - { - block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 7); - block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 6); - block[2] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 5); - block[3] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 4); - block[4] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - block[5] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[6] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[7] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - } - } - else - { - if (xorBlock) - { - block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[2] = xorBlock[2] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[3] = xorBlock[3] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - block[4] = xorBlock[4] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 4); - block[5] = xorBlock[5] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 5); - block[6] = xorBlock[6] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 6); - block[7] = xorBlock[7] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 7); - } - else - { - block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[2] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[3] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - block[4] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 4); - block[5] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 5); - block[6] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 6); - block[7] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 7); - } - } -} -#endif // #ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - -template <class T> -inline T GetWord(bool assumeAligned, ByteOrder order, const byte *block) -{ -#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - if (!assumeAligned) - return UnalignedGetWordNonTemplate(order, block, (T*)NULL); - assert(IsAligned<T>(block)); -#endif - return ConditionalByteReverse(order, *reinterpret_cast<const T *>(block)); -} - -template <class T> -inline void GetWord(bool assumeAligned, ByteOrder order, T &result, const byte *block) -{ - result = GetWord<T>(assumeAligned, order, block); -} - -template <class T> -inline void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock = NULL) -{ -#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - if (!assumeAligned) - return UnalignedPutWordNonTemplate(order, block, value, xorBlock); - assert(IsAligned<T>(block)); - assert(IsAligned<T>(xorBlock)); -#endif - *reinterpret_cast<T *>(block) = ConditionalByteReverse(order, value) ^ (xorBlock ? *reinterpret_cast<const T *>(xorBlock) : 0); -} - -template <class T, class B, bool A=false> -class GetBlock -{ -public: - GetBlock(const void *block) - : m_block((const byte *)block) {} - - template <class U> - inline GetBlock<T, B, A> & operator()(U &x) - { - CRYPTOPP_COMPILE_ASSERT(sizeof(U) >= sizeof(T)); - x = GetWord<T>(A, B::ToEnum(), m_block); - m_block += sizeof(T); - return *this; - } - -private: - const byte *m_block; -}; - -template <class T, class B, bool A=false> -class PutBlock -{ -public: - PutBlock(const void *xorBlock, void *block) - : m_xorBlock((const byte *)xorBlock), m_block((byte *)block) {} - - template <class U> - inline PutBlock<T, B, A> & operator()(U x) - { - PutWord(A, B::ToEnum(), m_block, (T)x, m_xorBlock); - m_block += sizeof(T); - if (m_xorBlock) - m_xorBlock += sizeof(T); - return *this; - } - -private: - const byte *m_xorBlock; - byte *m_block; -}; - -template <class T, class B, bool GA=false, bool PA=false> -struct BlockGetAndPut -{ - // function needed because of C++ grammatical ambiguity between expression-statements and declarations - static inline GetBlock<T, B, GA> Get(const void *block) {return GetBlock<T, B, GA>(block);} - typedef PutBlock<T, B, PA> Put; -}; - -template <class T> -std::string WordToString(T value, ByteOrder order = BIG_ENDIAN_ORDER) -{ - if (!NativeByteOrderIs(order)) - value = ByteReverse(value); - - return std::string((char *)&value, sizeof(value)); -} - -template <class T> -T StringToWord(const std::string &str, ByteOrder order = BIG_ENDIAN_ORDER) -{ - T value = 0; - memcpy_s(&value, sizeof(value), str.data(), UnsignedMin(str.size(), sizeof(value))); - return NativeByteOrderIs(order) ? value : ByteReverse(value); -} - -// ************** help remove warning on g++ *************** - -template <bool overflow> struct SafeShifter; - -template<> struct SafeShifter<true> -{ - template <class T> - static inline T RightShift(T value, unsigned int bits) - { - return 0; - } - - template <class T> - static inline T LeftShift(T value, unsigned int bits) - { - return 0; - } -}; - -template<> struct SafeShifter<false> -{ - template <class T> - static inline T RightShift(T value, unsigned int bits) - { - return value >> bits; - } - - template <class T> - static inline T LeftShift(T value, unsigned int bits) - { - return value << bits; - } -}; - -template <unsigned int bits, class T> -inline T SafeRightShift(T value) -{ - return SafeShifter<(bits>=(8*sizeof(T)))>::RightShift(value, bits); -} - -template <unsigned int bits, class T> -inline T SafeLeftShift(T value) -{ - return SafeShifter<(bits>=(8*sizeof(T)))>::LeftShift(value, bits); -} - -// ************** use one buffer for multiple data members *************** - -#define CRYPTOPP_BLOCK_1(n, t, s) t* m_##n() {return (t *)(m_aggregate+0);} size_t SS1() {return sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_2(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS1());} size_t SS2() {return SS1()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_3(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS2());} size_t SS3() {return SS2()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_4(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS3());} size_t SS4() {return SS3()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_5(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS4());} size_t SS5() {return SS4()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_6(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS5());} size_t SS6() {return SS5()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_7(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS6());} size_t SS7() {return SS6()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_8(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS7());} size_t SS8() {return SS7()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCKS_END(i) size_t SST() {return SS##i();} void AllocateBlocks() {m_aggregate.New(SST());} AlignedSecByteBlock m_aggregate; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/modarith.h b/cryptopp562/modarith.h deleted file mode 100644 index c0368e3..0000000 --- a/cryptopp562/modarith.h +++ /dev/null @@ -1,158 +0,0 @@ -#ifndef CRYPTOPP_MODARITH_H -#define CRYPTOPP_MODARITH_H - -// implementations are in integer.cpp - -#include "cryptlib.h" -#include "misc.h" -#include "integer.h" -#include "algebra.h" - -NAMESPACE_BEGIN(CryptoPP) - -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<Integer>; -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractRing<Integer>; -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractEuclideanDomain<Integer>; - -//! ring of congruence classes modulo n -/*! \note this implementation represents each congruence class as the smallest non-negative integer in that class */ -class CRYPTOPP_DLL ModularArithmetic : public AbstractRing<Integer> -{ -public: - - typedef int RandomizationParameter; - typedef Integer Element; - - ModularArithmetic(const Integer &modulus = Integer::One()) - : m_modulus(modulus), m_result((word)0, modulus.reg.size()) {} - - ModularArithmetic(const ModularArithmetic &ma) - : m_modulus(ma.m_modulus), m_result((word)0, m_modulus.reg.size()) {} - - ModularArithmetic(BufferedTransformation &bt); // construct from BER encoded parameters - - virtual ModularArithmetic * Clone() const {return new ModularArithmetic(*this);} - - void DEREncode(BufferedTransformation &bt) const; - - void DEREncodeElement(BufferedTransformation &out, const Element &a) const; - void BERDecodeElement(BufferedTransformation &in, Element &a) const; - - const Integer& GetModulus() const {return m_modulus;} - void SetModulus(const Integer &newModulus) {m_modulus = newModulus; m_result.reg.resize(m_modulus.reg.size());} - - virtual bool IsMontgomeryRepresentation() const {return false;} - - virtual Integer ConvertIn(const Integer &a) const - {return a%m_modulus;} - - virtual Integer ConvertOut(const Integer &a) const - {return a;} - - const Integer& Half(const Integer &a) const; - - bool Equal(const Integer &a, const Integer &b) const - {return a==b;} - - const Integer& Identity() const - {return Integer::Zero();} - - const Integer& Add(const Integer &a, const Integer &b) const; - - Integer& Accumulate(Integer &a, const Integer &b) const; - - const Integer& Inverse(const Integer &a) const; - - const Integer& Subtract(const Integer &a, const Integer &b) const; - - Integer& Reduce(Integer &a, const Integer &b) const; - - const Integer& Double(const Integer &a) const - {return Add(a, a);} - - const Integer& MultiplicativeIdentity() const - {return Integer::One();} - - const Integer& Multiply(const Integer &a, const Integer &b) const - {return m_result1 = a*b%m_modulus;} - - const Integer& Square(const Integer &a) const - {return m_result1 = a.Squared()%m_modulus;} - - bool IsUnit(const Integer &a) const - {return Integer::Gcd(a, m_modulus).IsUnit();} - - const Integer& MultiplicativeInverse(const Integer &a) const - {return m_result1 = a.InverseMod(m_modulus);} - - const Integer& Divide(const Integer &a, const Integer &b) const - {return Multiply(a, MultiplicativeInverse(b));} - - Integer CascadeExponentiate(const Integer &x, const Integer &e1, const Integer &y, const Integer &e2) const; - - void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; - - unsigned int MaxElementBitLength() const - {return (m_modulus-1).BitCount();} - - unsigned int MaxElementByteLength() const - {return (m_modulus-1).ByteCount();} - - Element RandomElement( RandomNumberGenerator &rng , const RandomizationParameter &ignore_for_now = 0 ) const - // left RandomizationParameter arg as ref in case RandomizationParameter becomes a more complicated struct - { - return Element( rng , Integer( (long) 0) , m_modulus - Integer( (long) 1 ) ) ; - } - - bool operator==(const ModularArithmetic &rhs) const - {return m_modulus == rhs.m_modulus;} - - static const RandomizationParameter DefaultRandomizationParameter ; - -protected: - Integer m_modulus; - mutable Integer m_result, m_result1; - -}; - -// const ModularArithmetic::RandomizationParameter ModularArithmetic::DefaultRandomizationParameter = 0 ; - -//! do modular arithmetics in Montgomery representation for increased speed -/*! \note the Montgomery representation represents each congruence class [a] as a*r%n, where r is a convenient power of 2 */ -class CRYPTOPP_DLL MontgomeryRepresentation : public ModularArithmetic -{ -public: - MontgomeryRepresentation(const Integer &modulus); // modulus must be odd - - virtual ModularArithmetic * Clone() const {return new MontgomeryRepresentation(*this);} - - bool IsMontgomeryRepresentation() const {return true;} - - Integer ConvertIn(const Integer &a) const - {return (a<<(WORD_BITS*m_modulus.reg.size()))%m_modulus;} - - Integer ConvertOut(const Integer &a) const; - - const Integer& MultiplicativeIdentity() const - {return m_result1 = Integer::Power2(WORD_BITS*m_modulus.reg.size())%m_modulus;} - - const Integer& Multiply(const Integer &a, const Integer &b) const; - - const Integer& Square(const Integer &a) const; - - const Integer& MultiplicativeInverse(const Integer &a) const; - - Integer CascadeExponentiate(const Integer &x, const Integer &e1, const Integer &y, const Integer &e2) const - {return AbstractRing<Integer>::CascadeExponentiate(x, e1, y, e2);} - - void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const - {AbstractRing<Integer>::SimultaneousExponentiate(results, base, exponents, exponentsCount);} - -private: - Integer m_u; - mutable IntegerSecBlock m_workspace; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/modes.cpp b/cryptopp562/modes.cpp deleted file mode 100644 index 4633228..0000000 --- a/cryptopp562/modes.cpp +++ /dev/null @@ -1,245 +0,0 @@ -// modes.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "modes.h" - -#ifndef NDEBUG -#include "des.h" -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifndef NDEBUG -void Modes_TestInstantiations() -{ - CFB_Mode<DES>::Encryption m0; - CFB_Mode<DES>::Decryption m1; - OFB_Mode<DES>::Encryption m2; - CTR_Mode<DES>::Encryption m3; - ECB_Mode<DES>::Encryption m4; - CBC_Mode<DES>::Encryption m5; -} -#endif - -void CFB_ModePolicy::Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount) -{ - assert(m_cipher->IsForwardTransformation()); // CFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt - assert(m_feedbackSize == BlockSize()); - - unsigned int s = BlockSize(); - if (dir == ENCRYPTION) - { - m_cipher->ProcessAndXorBlock(m_register, input, output); - m_cipher->AdvancedProcessBlocks(output, input+s, output+s, (iterationCount-1)*s, 0); - memcpy(m_register, output+(iterationCount-1)*s, s); - } - else - { - memcpy(m_temp, input+(iterationCount-1)*s, s); // make copy first in case of in-place decryption - m_cipher->AdvancedProcessBlocks(input, input+s, output+s, (iterationCount-1)*s, BlockTransformation::BT_ReverseDirection); - m_cipher->ProcessAndXorBlock(m_register, input, output); - memcpy(m_register, m_temp, s); - } -} - -void CFB_ModePolicy::TransformRegister() -{ - assert(m_cipher->IsForwardTransformation()); // CFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt - m_cipher->ProcessBlock(m_register, m_temp); - unsigned int updateSize = BlockSize()-m_feedbackSize; - memmove_s(m_register, m_register.size(), m_register+m_feedbackSize, updateSize); - memcpy_s(m_register+updateSize, m_register.size()-updateSize, m_temp, m_feedbackSize); -} - -void CFB_ModePolicy::CipherResynchronize(const byte *iv, size_t length) -{ - assert(length == BlockSize()); - CopyOrZero(m_register, iv, length); - TransformRegister(); -} - -void CFB_ModePolicy::SetFeedbackSize(unsigned int feedbackSize) -{ - if (feedbackSize > BlockSize()) - throw InvalidArgument("CFB_Mode: invalid feedback size"); - m_feedbackSize = feedbackSize ? feedbackSize : BlockSize(); -} - -void CFB_ModePolicy::ResizeBuffers() -{ - CipherModeBase::ResizeBuffers(); - m_temp.New(BlockSize()); -} - -void OFB_ModePolicy::WriteKeystream(byte *keystreamBuffer, size_t iterationCount) -{ - assert(m_cipher->IsForwardTransformation()); // OFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt - unsigned int s = BlockSize(); - m_cipher->ProcessBlock(m_register, keystreamBuffer); - if (iterationCount > 1) - m_cipher->AdvancedProcessBlocks(keystreamBuffer, NULL, keystreamBuffer+s, s*(iterationCount-1), 0); - memcpy(m_register, keystreamBuffer+s*(iterationCount-1), s); -} - -void OFB_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) -{ - assert(length == BlockSize()); - CopyOrZero(m_register, iv, length); -} - -void CTR_ModePolicy::SeekToIteration(lword iterationCount) -{ - int carry=0; - for (int i=BlockSize()-1; i>=0; i--) - { - unsigned int sum = m_register[i] + byte(iterationCount) + carry; - m_counterArray[i] = (byte) sum; - carry = sum >> 8; - iterationCount >>= 8; - } -} - -void CTR_ModePolicy::IncrementCounterBy256() -{ - IncrementCounterByOne(m_counterArray, BlockSize()-1); -} - -void CTR_ModePolicy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) -{ - assert(m_cipher->IsForwardTransformation()); // CTR mode needs the "encrypt" direction of the underlying block cipher, even to decrypt - unsigned int s = BlockSize(); - unsigned int inputIncrement = input ? s : 0; - - while (iterationCount) - { - byte lsb = m_counterArray[s-1]; - size_t blocks = UnsignedMin(iterationCount, 256U-lsb); - m_cipher->AdvancedProcessBlocks(m_counterArray, input, output, blocks*s, BlockTransformation::BT_InBlockIsCounter|BlockTransformation::BT_AllowParallel); - if ((m_counterArray[s-1] = lsb + (byte)blocks) == 0) - IncrementCounterBy256(); - - output += blocks*s; - input += blocks*inputIncrement; - iterationCount -= blocks; - } -} - -void CTR_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) -{ - assert(length == BlockSize()); - CopyOrZero(m_register, iv, length); - m_counterArray = m_register; -} - -void BlockOrientedCipherModeBase::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) -{ - m_cipher->SetKey(key, length, params); - ResizeBuffers(); - if (IsResynchronizable()) - { - size_t ivLength; - const byte *iv = GetIVAndThrowIfInvalid(params, ivLength); - Resynchronize(iv, (int)ivLength); - } -} - -void ECB_OneWay::ProcessData(byte *outString, const byte *inString, size_t length) -{ - assert(length%BlockSize()==0); - m_cipher->AdvancedProcessBlocks(inString, NULL, outString, length, BlockTransformation::BT_AllowParallel); -} - -void CBC_Encryption::ProcessData(byte *outString, const byte *inString, size_t length) -{ - if (!length) - return; - assert(length%BlockSize()==0); - - unsigned int blockSize = BlockSize(); - m_cipher->AdvancedProcessBlocks(inString, m_register, outString, blockSize, BlockTransformation::BT_XorInput); - if (length > blockSize) - m_cipher->AdvancedProcessBlocks(inString+blockSize, outString, outString+blockSize, length-blockSize, BlockTransformation::BT_XorInput); - memcpy(m_register, outString + length - blockSize, blockSize); -} - -void CBC_CTS_Encryption::ProcessLastBlock(byte *outString, const byte *inString, size_t length) -{ - if (length <= BlockSize()) - { - if (!m_stolenIV) - throw InvalidArgument("CBC_Encryption: message is too short for ciphertext stealing"); - - // steal from IV - memcpy(outString, m_register, length); - outString = m_stolenIV; - } - else - { - // steal from next to last block - xorbuf(m_register, inString, BlockSize()); - m_cipher->ProcessBlock(m_register); - inString += BlockSize(); - length -= BlockSize(); - memcpy(outString+BlockSize(), m_register, length); - } - - // output last full ciphertext block - xorbuf(m_register, inString, length); - m_cipher->ProcessBlock(m_register); - memcpy(outString, m_register, BlockSize()); -} - -void CBC_Decryption::ProcessData(byte *outString, const byte *inString, size_t length) -{ - if (!length) - return; - assert(length%BlockSize()==0); - - unsigned int blockSize = BlockSize(); - memcpy(m_temp, inString+length-blockSize, blockSize); // save copy now in case of in-place decryption - if (length > blockSize) - m_cipher->AdvancedProcessBlocks(inString+blockSize, inString, outString+blockSize, length-blockSize, BlockTransformation::BT_ReverseDirection|BlockTransformation::BT_AllowParallel); - m_cipher->ProcessAndXorBlock(inString, m_register, outString); - m_register.swap(m_temp); -} - -void CBC_CTS_Decryption::ProcessLastBlock(byte *outString, const byte *inString, size_t length) -{ - const byte *pn, *pn1; - bool stealIV = length <= BlockSize(); - - if (stealIV) - { - pn = inString; - pn1 = m_register; - } - else - { - pn = inString + BlockSize(); - pn1 = inString; - length -= BlockSize(); - } - - // decrypt last partial plaintext block - memcpy(m_temp, pn1, BlockSize()); - m_cipher->ProcessBlock(m_temp); - xorbuf(m_temp, pn, length); - - if (stealIV) - memcpy(outString, m_temp, length); - else - { - memcpy(outString+BlockSize(), m_temp, length); - // decrypt next to last plaintext block - memcpy(m_temp, pn, length); - m_cipher->ProcessBlock(m_temp); - xorbuf(outString, m_temp, m_register, BlockSize()); - } -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/modes.h b/cryptopp562/modes.h deleted file mode 100644 index c0c30c4..0000000 --- a/cryptopp562/modes.h +++ /dev/null @@ -1,422 +0,0 @@ -#ifndef CRYPTOPP_MODES_H -#define CRYPTOPP_MODES_H - -/*! \file -*/ - -#include "cryptlib.h" -#include "secblock.h" -#include "misc.h" -#include "strciphr.h" -#include "argnames.h" -#include "algparam.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Cipher modes documentation. See NIST SP 800-38A for definitions of these modes. See AuthenticatedSymmetricCipherDocumentation for authenticated encryption modes. - -/*! Each class derived from this one defines two types, Encryption and Decryption, - both of which implement the SymmetricCipher interface. - For each mode there are two classes, one of which is a template class, - and the other one has a name that ends in "_ExternalCipher". - The "external cipher" mode objects hold a reference to the underlying block cipher, - instead of holding an instance of it. The reference must be passed in to the constructor. - For the "cipher holder" classes, the CIPHER template parameter should be a class - derived from BlockCipherDocumentation, for example DES or AES. -*/ -struct CipherModeDocumentation : public SymmetricCipherDocumentation -{ -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CipherModeBase : public SymmetricCipher -{ -public: - size_t MinKeyLength() const {return m_cipher->MinKeyLength();} - size_t MaxKeyLength() const {return m_cipher->MaxKeyLength();} - size_t DefaultKeyLength() const {return m_cipher->DefaultKeyLength();} - size_t GetValidKeyLength(size_t n) const {return m_cipher->GetValidKeyLength(n);} - bool IsValidKeyLength(size_t n) const {return m_cipher->IsValidKeyLength(n);} - - unsigned int OptimalDataAlignment() const {return m_cipher->OptimalDataAlignment();} - - unsigned int IVSize() const {return BlockSize();} - virtual IV_Requirement IVRequirement() const =0; - - void SetCipher(BlockCipher &cipher) - { - this->ThrowIfResynchronizable(); - this->m_cipher = &cipher; - this->ResizeBuffers(); - } - - void SetCipherWithIV(BlockCipher &cipher, const byte *iv, int feedbackSize = 0) - { - this->ThrowIfInvalidIV(iv); - this->m_cipher = &cipher; - this->ResizeBuffers(); - this->SetFeedbackSize(feedbackSize); - if (this->IsResynchronizable()) - this->Resynchronize(iv); - } - -protected: - CipherModeBase() : m_cipher(NULL) {} - inline unsigned int BlockSize() const {assert(m_register.size() > 0); return (unsigned int)m_register.size();} - virtual void SetFeedbackSize(unsigned int feedbackSize) - { - if (!(feedbackSize == 0 || feedbackSize == BlockSize())) - throw InvalidArgument("CipherModeBase: feedback size cannot be specified for this cipher mode"); - } - virtual void ResizeBuffers() - { - m_register.New(m_cipher->BlockSize()); - } - - BlockCipher *m_cipher; - AlignedSecByteBlock m_register; -}; - -template <class POLICY_INTERFACE> -class CRYPTOPP_NO_VTABLE ModePolicyCommonTemplate : public CipherModeBase, public POLICY_INTERFACE -{ - unsigned int GetAlignment() const {return m_cipher->OptimalDataAlignment();} - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); -}; - -template <class POLICY_INTERFACE> -void ModePolicyCommonTemplate<POLICY_INTERFACE>::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) -{ - m_cipher->SetKey(key, length, params); - ResizeBuffers(); - int feedbackSize = params.GetIntValueWithDefault(Name::FeedbackSize(), 0); - SetFeedbackSize(feedbackSize); -} - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CFB_ModePolicy : public ModePolicyCommonTemplate<CFB_CipherAbstractPolicy> -{ -public: - IV_Requirement IVRequirement() const {return RANDOM_IV;} - static const char * CRYPTOPP_API StaticAlgorithmName() {return "CFB";} - -protected: - unsigned int GetBytesPerIteration() const {return m_feedbackSize;} - byte * GetRegisterBegin() {return m_register + BlockSize() - m_feedbackSize;} - bool CanIterate() const {return m_feedbackSize == BlockSize();} - void Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount); - void TransformRegister(); - void CipherResynchronize(const byte *iv, size_t length); - void SetFeedbackSize(unsigned int feedbackSize); - void ResizeBuffers(); - - SecByteBlock m_temp; - unsigned int m_feedbackSize; -}; - -inline void CopyOrZero(void *dest, const void *src, size_t s) -{ - if (src) - memcpy_s(dest, s, src, s); - else - memset(dest, 0, s); -} - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE OFB_ModePolicy : public ModePolicyCommonTemplate<AdditiveCipherAbstractPolicy> -{ -public: - bool CipherIsRandomAccess() const {return false;} - IV_Requirement IVRequirement() const {return UNIQUE_IV;} - static const char * CRYPTOPP_API StaticAlgorithmName() {return "OFB";} - -private: - unsigned int GetBytesPerIteration() const {return BlockSize();} - unsigned int GetIterationsToBuffer() const {return m_cipher->OptimalNumberOfParallelBlocks();} - void WriteKeystream(byte *keystreamBuffer, size_t iterationCount); - void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CTR_ModePolicy : public ModePolicyCommonTemplate<AdditiveCipherAbstractPolicy> -{ -public: - bool CipherIsRandomAccess() const {return true;} - IV_Requirement IVRequirement() const {return RANDOM_IV;} - static const char * CRYPTOPP_API StaticAlgorithmName() {return "CTR";} - -protected: - virtual void IncrementCounterBy256(); - - unsigned int GetAlignment() const {return m_cipher->OptimalDataAlignment();} - unsigned int GetBytesPerIteration() const {return BlockSize();} - unsigned int GetIterationsToBuffer() const {return m_cipher->OptimalNumberOfParallelBlocks();} - void WriteKeystream(byte *buffer, size_t iterationCount) - {OperateKeystream(WRITE_KEYSTREAM, buffer, NULL, iterationCount);} - bool CanOperateKeystream() const {return true;} - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); - void SeekToIteration(lword iterationCount); - - AlignedSecByteBlock m_counterArray; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockOrientedCipherModeBase : public CipherModeBase -{ -public: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - unsigned int MandatoryBlockSize() const {return BlockSize();} - bool IsRandomAccess() const {return false;} - bool IsSelfInverting() const {return false;} - bool IsForwardTransformation() const {return m_cipher->IsForwardTransformation();} - void Resynchronize(const byte *iv, int length=-1) {memcpy_s(m_register, m_register.size(), iv, ThrowIfInvalidIVLength(length));} - -protected: - bool RequireAlignedInput() const {return true;} - void ResizeBuffers() - { - CipherModeBase::ResizeBuffers(); - m_buffer.New(BlockSize()); - } - - SecByteBlock m_buffer; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ECB_OneWay : public BlockOrientedCipherModeBase -{ -public: - void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms = g_nullNameValuePairs) - {m_cipher->SetKey(key, length, params); BlockOrientedCipherModeBase::ResizeBuffers();} - IV_Requirement IVRequirement() const {return NOT_RESYNCHRONIZABLE;} - unsigned int OptimalBlockSize() const {return BlockSize() * m_cipher->OptimalNumberOfParallelBlocks();} - void ProcessData(byte *outString, const byte *inString, size_t length); - static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECB";} -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_ModeBase : public BlockOrientedCipherModeBase -{ -public: - IV_Requirement IVRequirement() const {return UNPREDICTABLE_RANDOM_IV;} - bool RequireAlignedInput() const {return false;} - unsigned int MinLastBlockSize() const {return 0;} - static const char * CRYPTOPP_API StaticAlgorithmName() {return "CBC";} -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_Encryption : public CBC_ModeBase -{ -public: - void ProcessData(byte *outString, const byte *inString, size_t length); -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_CTS_Encryption : public CBC_Encryption -{ -public: - void SetStolenIV(byte *iv) {m_stolenIV = iv;} - unsigned int MinLastBlockSize() const {return BlockSize()+1;} - void ProcessLastBlock(byte *outString, const byte *inString, size_t length); - static const char * CRYPTOPP_API StaticAlgorithmName() {return "CBC/CTS";} - -protected: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) - { - CBC_Encryption::UncheckedSetKey(key, length, params); - m_stolenIV = params.GetValueWithDefault(Name::StolenIV(), (byte *)NULL); - } - - byte *m_stolenIV; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_Decryption : public CBC_ModeBase -{ -public: - void ProcessData(byte *outString, const byte *inString, size_t length); - -protected: - void ResizeBuffers() - { - BlockOrientedCipherModeBase::ResizeBuffers(); - m_temp.New(BlockSize()); - } - AlignedSecByteBlock m_temp; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_CTS_Decryption : public CBC_Decryption -{ -public: - unsigned int MinLastBlockSize() const {return BlockSize()+1;} - void ProcessLastBlock(byte *outString, const byte *inString, size_t length); -}; - -//! _ -template <class CIPHER, class BASE> -class CipherModeFinalTemplate_CipherHolder : protected ObjectHolder<CIPHER>, public AlgorithmImpl<BASE, CipherModeFinalTemplate_CipherHolder<CIPHER, BASE> > -{ -public: - CipherModeFinalTemplate_CipherHolder() - { - this->m_cipher = &this->m_object; - this->ResizeBuffers(); - } - CipherModeFinalTemplate_CipherHolder(const byte *key, size_t length) - { - this->m_cipher = &this->m_object; - this->SetKey(key, length); - } - CipherModeFinalTemplate_CipherHolder(const byte *key, size_t length, const byte *iv) - { - this->m_cipher = &this->m_object; - this->SetKey(key, length, MakeParameters(Name::IV(), ConstByteArrayParameter(iv, this->m_cipher->BlockSize()))); - } - CipherModeFinalTemplate_CipherHolder(const byte *key, size_t length, const byte *iv, int feedbackSize) - { - this->m_cipher = &this->m_object; - this->SetKey(key, length, MakeParameters(Name::IV(), ConstByteArrayParameter(iv, this->m_cipher->BlockSize()))(Name::FeedbackSize(), feedbackSize)); - } - - static std::string CRYPTOPP_API StaticAlgorithmName() - {return CIPHER::StaticAlgorithmName() + "/" + BASE::StaticAlgorithmName();} -}; - -//! _ -template <class BASE> -class CipherModeFinalTemplate_ExternalCipher : public BASE -{ -public: - CipherModeFinalTemplate_ExternalCipher() {} - CipherModeFinalTemplate_ExternalCipher(BlockCipher &cipher) - {this->SetCipher(cipher);} - CipherModeFinalTemplate_ExternalCipher(BlockCipher &cipher, const byte *iv, int feedbackSize = 0) - {this->SetCipherWithIV(cipher, iv, feedbackSize);} - - std::string AlgorithmName() const - {return (this->m_cipher ? this->m_cipher->AlgorithmName() + "/" : std::string("")) + BASE::StaticAlgorithmName();} -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS CFB_CipherTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> >; -CRYPTOPP_DLL_TEMPLATE_CLASS CFB_EncryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> >; -CRYPTOPP_DLL_TEMPLATE_CLASS CFB_DecryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> >; - -//! CFB mode -template <class CIPHER> -struct CFB_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ConcretePolicyHolder<Empty, CFB_EncryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > Encryption; - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ConcretePolicyHolder<Empty, CFB_DecryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > Decryption; -}; - -//! CFB mode, external cipher -struct CFB_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, CFB_EncryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > Encryption; - typedef CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, CFB_DecryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > Decryption; -}; - -//! CFB mode FIPS variant, requiring full block plaintext according to FIPS 800-38A -template <class CIPHER> -struct CFB_FIPS_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ConcretePolicyHolder<Empty, CFB_RequireFullDataBlocks<CFB_EncryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > > Encryption; - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ConcretePolicyHolder<Empty, CFB_RequireFullDataBlocks<CFB_DecryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > > Decryption; -}; - -//! CFB mode FIPS variant, requiring full block plaintext according to FIPS 800-38A, external cipher -struct CFB_FIPS_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, CFB_RequireFullDataBlocks<CFB_EncryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > > Encryption; - typedef CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, CFB_RequireFullDataBlocks<CFB_DecryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > > Decryption; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, OFB_ModePolicy> >; - -//! OFB mode -template <class CIPHER> -struct OFB_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ConcretePolicyHolder<Empty, AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, OFB_ModePolicy> > > > Encryption; - typedef Encryption Decryption; -}; - -//! OFB mode, external cipher -struct OFB_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, OFB_ModePolicy> > > > Encryption; - typedef Encryption Decryption; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, CTR_ModePolicy> >; -CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, CTR_ModePolicy> > > >; - -//! CTR mode -template <class CIPHER> -struct CTR_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ConcretePolicyHolder<Empty, AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, CTR_ModePolicy> > > > Encryption; - typedef Encryption Decryption; -}; - -//! CTR mode, external cipher -struct CTR_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, CTR_ModePolicy> > > > Encryption; - typedef Encryption Decryption; -}; - -//! ECB mode -template <class CIPHER> -struct ECB_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ECB_OneWay> Encryption; - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Decryption, ECB_OneWay> Decryption; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher<ECB_OneWay>; - -//! ECB mode, external cipher -struct ECB_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<ECB_OneWay> Encryption; - typedef Encryption Decryption; -}; - -//! CBC mode -template <class CIPHER> -struct CBC_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, CBC_Encryption> Encryption; - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Decryption, CBC_Decryption> Decryption; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher<CBC_Encryption>; -CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher<CBC_Decryption>; - -//! CBC mode, external cipher -struct CBC_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<CBC_Encryption> Encryption; - typedef CipherModeFinalTemplate_ExternalCipher<CBC_Decryption> Decryption; -}; - -//! CBC mode with ciphertext stealing -template <class CIPHER> -struct CBC_CTS_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, CBC_CTS_Encryption> Encryption; - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Decryption, CBC_CTS_Decryption> Decryption; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher<CBC_CTS_Encryption>; -CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher<CBC_CTS_Decryption>; - -//! CBC mode with ciphertext stealing, external cipher -struct CBC_CTS_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<CBC_CTS_Encryption> Encryption; - typedef CipherModeFinalTemplate_ExternalCipher<CBC_CTS_Decryption> Decryption; -}; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY -typedef CFB_Mode_ExternalCipher::Encryption CFBEncryption; -typedef CFB_Mode_ExternalCipher::Decryption CFBDecryption; -typedef OFB_Mode_ExternalCipher::Encryption OFB; -typedef CTR_Mode_ExternalCipher::Encryption CounterMode; -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/modexppc.h b/cryptopp562/modexppc.h deleted file mode 100644 index fbe7012..0000000 --- a/cryptopp562/modexppc.h +++ /dev/null @@ -1,34 +0,0 @@ -#ifndef CRYPTOPP_MODEXPPC_H -#define CRYPTOPP_MODEXPPC_H - -#include "modarith.h" -#include "eprecomp.h" -#include "smartptr.h" -#include "pubkey.h" - -NAMESPACE_BEGIN(CryptoPP) - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_FixedBasePrecomputationImpl<Integer>; - -class ModExpPrecomputation : public DL_GroupPrecomputation<Integer> -{ -public: - // DL_GroupPrecomputation - bool NeedConversions() const {return true;} - Element ConvertIn(const Element &v) const {return m_mr->ConvertIn(v);} - virtual Element ConvertOut(const Element &v) const {return m_mr->ConvertOut(v);} - const AbstractGroup<Element> & GetGroup() const {return m_mr->MultiplicativeGroup();} - Element BERDecodeElement(BufferedTransformation &bt) const {return Integer(bt);} - void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {v.DEREncode(bt);} - - // non-inherited - void SetModulus(const Integer &v) {m_mr.reset(new MontgomeryRepresentation(v));} - const Integer & GetModulus() const {return m_mr->GetModulus();} - -private: - value_ptr<MontgomeryRepresentation> m_mr; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/mqueue.cpp b/cryptopp562/mqueue.cpp deleted file mode 100644 index 1d645d8..0000000 --- a/cryptopp562/mqueue.cpp +++ /dev/null @@ -1,174 +0,0 @@ -// mqueue.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "mqueue.h" - -NAMESPACE_BEGIN(CryptoPP) - -MessageQueue::MessageQueue(unsigned int nodeSize) - : m_queue(nodeSize), m_lengths(1, 0U), m_messageCounts(1, 0U) -{ -} - -size_t MessageQueue::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - if (begin >= MaxRetrievable()) - return 0; - - return m_queue.CopyRangeTo2(target, begin, STDMIN(MaxRetrievable(), end), channel, blocking); -} - -size_t MessageQueue::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - transferBytes = STDMIN(MaxRetrievable(), transferBytes); - size_t blockedBytes = m_queue.TransferTo2(target, transferBytes, channel, blocking); - m_lengths.front() -= transferBytes; - return blockedBytes; -} - -bool MessageQueue::GetNextMessage() -{ - if (NumberOfMessages() > 0 && !AnyRetrievable()) - { - m_lengths.pop_front(); - if (m_messageCounts[0] == 0 && m_messageCounts.size() > 1) - m_messageCounts.pop_front(); - return true; - } - else - return false; -} - -unsigned int MessageQueue::CopyMessagesTo(BufferedTransformation &target, unsigned int count, const std::string &channel) const -{ - ByteQueue::Walker walker(m_queue); - std::deque<lword>::const_iterator it = m_lengths.begin(); - unsigned int i; - for (i=0; i<count && it != --m_lengths.end(); ++i, ++it) - { - walker.TransferTo(target, *it, channel); - if (GetAutoSignalPropagation()) - target.ChannelMessageEnd(channel, GetAutoSignalPropagation()-1); - } - return i; -} - -void MessageQueue::swap(MessageQueue &rhs) -{ - m_queue.swap(rhs.m_queue); - m_lengths.swap(rhs.m_lengths); -} - -const byte * MessageQueue::Spy(size_t &contiguousSize) const -{ - const byte *result = m_queue.Spy(contiguousSize); - contiguousSize = UnsignedMin(contiguousSize, MaxRetrievable()); - return result; -} - -// ************************************************************* - -unsigned int EqualityComparisonFilter::MapChannel(const std::string &channel) const -{ - if (channel == m_firstChannel) - return 0; - else if (channel == m_secondChannel) - return 1; - else - return 2; -} - -size_t EqualityComparisonFilter::ChannelPut2(const std::string &channel, const byte *inString, size_t length, int messageEnd, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("EqualityComparisonFilter"); - - unsigned int i = MapChannel(channel); - - if (i == 2) - return Output(3, inString, length, messageEnd, blocking, channel); - else if (m_mismatchDetected) - return 0; - else - { - MessageQueue &q1 = m_q[i], &q2 = m_q[1-i]; - - if (q2.AnyMessages() && q2.MaxRetrievable() < length) - goto mismatch; - - while (length > 0 && q2.AnyRetrievable()) - { - size_t len = length; - const byte *data = q2.Spy(len); - len = STDMIN(len, length); - if (memcmp(inString, data, len) != 0) - goto mismatch; - inString += len; - length -= len; - q2.Skip(len); - } - - q1.Put(inString, length); - - if (messageEnd) - { - if (q2.AnyRetrievable()) - goto mismatch; - else if (q2.AnyMessages()) - q2.GetNextMessage(); - else if (q2.NumberOfMessageSeries() > 0) - goto mismatch; - else - q1.MessageEnd(); - } - - return 0; - -mismatch: - return HandleMismatchDetected(blocking); - } -} - -bool EqualityComparisonFilter::ChannelMessageSeriesEnd(const std::string &channel, int propagation, bool blocking) -{ - unsigned int i = MapChannel(channel); - - if (i == 2) - { - OutputMessageSeriesEnd(4, propagation, blocking, channel); - return false; - } - else if (m_mismatchDetected) - return false; - else - { - MessageQueue &q1 = m_q[i], &q2 = m_q[1-i]; - - if (q2.AnyRetrievable() || q2.AnyMessages()) - goto mismatch; - else if (q2.NumberOfMessageSeries() > 0) - return Output(2, (const byte *)"\1", 1, 0, blocking) != 0; - else - q1.MessageSeriesEnd(); - - return false; - -mismatch: - return HandleMismatchDetected(blocking); - } -} - -bool EqualityComparisonFilter::HandleMismatchDetected(bool blocking) -{ - m_mismatchDetected = true; - if (m_throwIfNotEqual) - throw MismatchDetected(); - return Output(1, (const byte *)"\0", 1, 0, blocking) != 0; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/mqueue.h b/cryptopp562/mqueue.h deleted file mode 100644 index efa57a7..0000000 --- a/cryptopp562/mqueue.h +++ /dev/null @@ -1,100 +0,0 @@ -#ifndef CRYPTOPP_MQUEUE_H -#define CRYPTOPP_MQUEUE_H - -#include "queue.h" -#include "filters.h" -#include <deque> - -NAMESPACE_BEGIN(CryptoPP) - -//! Message Queue -class CRYPTOPP_DLL MessageQueue : public AutoSignaling<BufferedTransformation> -{ -public: - MessageQueue(unsigned int nodeSize=256); - - void IsolatedInitialize(const NameValuePairs ¶meters) - {m_queue.IsolatedInitialize(parameters); m_lengths.assign(1, 0U); m_messageCounts.assign(1, 0U);} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - { - m_queue.Put(begin, length); - m_lengths.back() += length; - if (messageEnd) - { - m_lengths.push_back(0); - m_messageCounts.back()++; - } - return 0; - } - bool IsolatedFlush(bool hardFlush, bool blocking) {return false;} - bool IsolatedMessageSeriesEnd(bool blocking) - {m_messageCounts.push_back(0); return false;} - - lword MaxRetrievable() const - {return m_lengths.front();} - bool AnyRetrievable() const - {return m_lengths.front() > 0;} - - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - - lword TotalBytesRetrievable() const - {return m_queue.MaxRetrievable();} - unsigned int NumberOfMessages() const - {return (unsigned int)m_lengths.size()-1;} - bool GetNextMessage(); - - unsigned int NumberOfMessagesInThisSeries() const - {return m_messageCounts[0];} - unsigned int NumberOfMessageSeries() const - {return (unsigned int)m_messageCounts.size()-1;} - - unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const; - - const byte * Spy(size_t &contiguousSize) const; - - void swap(MessageQueue &rhs); - -private: - ByteQueue m_queue; - std::deque<lword> m_lengths; - std::deque<unsigned int> m_messageCounts; -}; - - -//! A filter that checks messages on two channels for equality -class CRYPTOPP_DLL EqualityComparisonFilter : public Unflushable<Multichannel<Filter> > -{ -public: - struct MismatchDetected : public Exception {MismatchDetected() : Exception(DATA_INTEGRITY_CHECK_FAILED, "EqualityComparisonFilter: did not receive the same data on two channels") {}}; - - /*! if throwIfNotEqual is false, this filter will output a '\\0' byte when it detects a mismatch, '\\1' otherwise */ - EqualityComparisonFilter(BufferedTransformation *attachment=NULL, bool throwIfNotEqual=true, const std::string &firstChannel="0", const std::string &secondChannel="1") - : m_throwIfNotEqual(throwIfNotEqual), m_mismatchDetected(false) - , m_firstChannel(firstChannel), m_secondChannel(secondChannel) - {Detach(attachment);} - - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); - bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true); - -private: - unsigned int MapChannel(const std::string &channel) const; - bool HandleMismatchDetected(bool blocking); - - bool m_throwIfNotEqual, m_mismatchDetected; - std::string m_firstChannel, m_secondChannel; - MessageQueue m_q[2]; -}; - -NAMESPACE_END - -#ifndef __BORLANDC__ -NAMESPACE_BEGIN(std) -template<> inline void swap(CryptoPP::MessageQueue &a, CryptoPP::MessageQueue &b) -{ - a.swap(b); -} -NAMESPACE_END -#endif - -#endif diff --git a/cryptopp562/mqv.cpp b/cryptopp562/mqv.cpp deleted file mode 100644 index c427561..0000000 --- a/cryptopp562/mqv.cpp +++ /dev/null @@ -1,13 +0,0 @@ -// mqv.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "mqv.h" - -NAMESPACE_BEGIN(CryptoPP) - -void TestInstantiations_MQV() -{ - MQV mqv; -} - -NAMESPACE_END diff --git a/cryptopp562/mqv.h b/cryptopp562/mqv.h deleted file mode 100644 index 2683817..0000000 --- a/cryptopp562/mqv.h +++ /dev/null @@ -1,141 +0,0 @@ -#ifndef CRYPTOPP_MQV_H -#define CRYPTOPP_MQV_H - -/** \file -*/ - -#include "gfpcrypt.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class GROUP_PARAMETERS, class COFACTOR_OPTION = CPP_TYPENAME GROUP_PARAMETERS::DefaultCofactorOption> -class MQV_Domain : public AuthenticatedKeyAgreementDomain -{ -public: - typedef GROUP_PARAMETERS GroupParameters; - typedef typename GroupParameters::Element Element; - typedef MQV_Domain<GROUP_PARAMETERS, COFACTOR_OPTION> Domain; - - MQV_Domain() {} - - MQV_Domain(const GroupParameters ¶ms) - : m_groupParameters(params) {} - - MQV_Domain(BufferedTransformation &bt) - {m_groupParameters.BERDecode(bt);} - - template <class T1, class T2> - MQV_Domain(T1 v1, T2 v2) - {m_groupParameters.Initialize(v1, v2);} - - template <class T1, class T2, class T3> - MQV_Domain(T1 v1, T2 v2, T3 v3) - {m_groupParameters.Initialize(v1, v2, v3);} - - template <class T1, class T2, class T3, class T4> - MQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4) - {m_groupParameters.Initialize(v1, v2, v3, v4);} - - const GroupParameters & GetGroupParameters() const {return m_groupParameters;} - GroupParameters & AccessGroupParameters() {return m_groupParameters;} - - CryptoParameters & AccessCryptoParameters() {return AccessAbstractGroupParameters();} - - unsigned int AgreedValueLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(false);} - unsigned int StaticPrivateKeyLength() const {return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();} - unsigned int StaticPublicKeyLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(true);} - - void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const - { - Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent()); - x.Encode(privateKey, StaticPrivateKeyLength()); - } - - void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const - { - const DL_GroupParameters<Element> ¶ms = GetAbstractGroupParameters(); - Integer x(privateKey, StaticPrivateKeyLength()); - Element y = params.ExponentiateBase(x); - params.EncodeElement(true, y, publicKey); - } - - unsigned int EphemeralPrivateKeyLength() const {return StaticPrivateKeyLength() + StaticPublicKeyLength();} - unsigned int EphemeralPublicKeyLength() const {return StaticPublicKeyLength();} - - void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const - { - const DL_GroupParameters<Element> ¶ms = GetAbstractGroupParameters(); - Integer x(rng, Integer::One(), params.GetMaxExponent()); - x.Encode(privateKey, StaticPrivateKeyLength()); - Element y = params.ExponentiateBase(x); - params.EncodeElement(true, y, privateKey+StaticPrivateKeyLength()); - } - - void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const - { - memcpy(publicKey, privateKey+StaticPrivateKeyLength(), EphemeralPublicKeyLength()); - } - - bool Agree(byte *agreedValue, - const byte *staticPrivateKey, const byte *ephemeralPrivateKey, - const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, - bool validateStaticOtherPublicKey=true) const - { - try - { - const DL_GroupParameters<Element> ¶ms = GetAbstractGroupParameters(); - Element WW = params.DecodeElement(staticOtherPublicKey, validateStaticOtherPublicKey); - Element VV = params.DecodeElement(ephemeralOtherPublicKey, true); - - Integer s(staticPrivateKey, StaticPrivateKeyLength()); - Integer u(ephemeralPrivateKey, StaticPrivateKeyLength()); - Element V = params.DecodeElement(ephemeralPrivateKey+StaticPrivateKeyLength(), false); - - const Integer &r = params.GetSubgroupOrder(); - Integer h2 = Integer::Power2((r.BitCount()+1)/2); - Integer e = ((h2+params.ConvertElementToInteger(V)%h2)*s+u) % r; - Integer tt = h2 + params.ConvertElementToInteger(VV) % h2; - - if (COFACTOR_OPTION::ToEnum() == NO_COFACTOR_MULTIPLICTION) - { - Element P = params.ExponentiateElement(WW, tt); - P = m_groupParameters.MultiplyElements(P, VV); - Element R[2]; - const Integer e2[2] = {r, e}; - params.SimultaneousExponentiate(R, P, e2, 2); - if (!params.IsIdentity(R[0]) || params.IsIdentity(R[1])) - return false; - params.EncodeElement(false, R[1], agreedValue); - } - else - { - const Integer &k = params.GetCofactor(); - if (COFACTOR_OPTION::ToEnum() == COMPATIBLE_COFACTOR_MULTIPLICTION) - e = ModularArithmetic(r).Divide(e, k); - Element P = m_groupParameters.CascadeExponentiate(VV, k*e, WW, k*(e*tt%r)); - if (params.IsIdentity(P)) - return false; - params.EncodeElement(false, P, agreedValue); - } - } - catch (DL_BadElement &) - { - return false; - } - return true; - } - -private: - DL_GroupParameters<Element> & AccessAbstractGroupParameters() {return m_groupParameters;} - const DL_GroupParameters<Element> & GetAbstractGroupParameters() const {return m_groupParameters;} - - GroupParameters m_groupParameters; -}; - -//! Menezes-Qu-Vanstone in GF(p) with key validation, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#MQV">MQV</a> -typedef MQV_Domain<DL_GroupParameters_GFP_DefaultSafePrime> MQV; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/nbtheory.cpp b/cryptopp562/nbtheory.cpp deleted file mode 100644 index 3fdea4e..0000000 --- a/cryptopp562/nbtheory.cpp +++ /dev/null @@ -1,1123 +0,0 @@ -// nbtheory.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "nbtheory.h" -#include "modarith.h" -#include "algparam.h" - -#include <math.h> -#include <vector> - -#ifdef _OPENMP -// needed in MSVC 2005 to generate correct manifest -#include <omp.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -const word s_lastSmallPrime = 32719; - -struct NewPrimeTable -{ - std::vector<word16> * operator()() const - { - const unsigned int maxPrimeTableSize = 3511; - - std::auto_ptr<std::vector<word16> > pPrimeTable(new std::vector<word16>); - std::vector<word16> &primeTable = *pPrimeTable; - primeTable.reserve(maxPrimeTableSize); - - primeTable.push_back(2); - unsigned int testEntriesEnd = 1; - - for (unsigned int p=3; p<=s_lastSmallPrime; p+=2) - { - unsigned int j; - for (j=1; j<testEntriesEnd; j++) - if (p%primeTable[j] == 0) - break; - if (j == testEntriesEnd) - { - primeTable.push_back(p); - testEntriesEnd = UnsignedMin(54U, primeTable.size()); - } - } - - return pPrimeTable.release(); - } -}; - -const word16 * GetPrimeTable(unsigned int &size) -{ - const std::vector<word16> &primeTable = Singleton<std::vector<word16>, NewPrimeTable>().Ref(); - size = (unsigned int)primeTable.size(); - return &primeTable[0]; -} - -bool IsSmallPrime(const Integer &p) -{ - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - - if (p.IsPositive() && p <= primeTable[primeTableSize-1]) - return std::binary_search(primeTable, primeTable+primeTableSize, (word16)p.ConvertToLong()); - else - return false; -} - -bool TrialDivision(const Integer &p, unsigned bound) -{ - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - - assert(primeTable[primeTableSize-1] >= bound); - - unsigned int i; - for (i = 0; primeTable[i]<bound; i++) - if ((p % primeTable[i]) == 0) - return true; - - if (bound == primeTable[i]) - return (p % bound == 0); - else - return false; -} - -bool SmallDivisorsTest(const Integer &p) -{ - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - return !TrialDivision(p, primeTable[primeTableSize-1]); -} - -bool IsFermatProbablePrime(const Integer &n, const Integer &b) -{ - if (n <= 3) - return n==2 || n==3; - - assert(n>3 && b>1 && b<n-1); - return a_exp_b_mod_c(b, n-1, n)==1; -} - -bool IsStrongProbablePrime(const Integer &n, const Integer &b) -{ - if (n <= 3) - return n==2 || n==3; - - assert(n>3 && b>1 && b<n-1); - - if ((n.IsEven() && n!=2) || GCD(b, n) != 1) - return false; - - Integer nminus1 = (n-1); - unsigned int a; - - // calculate a = largest power of 2 that divides (n-1) - for (a=0; ; a++) - if (nminus1.GetBit(a)) - break; - Integer m = nminus1>>a; - - Integer z = a_exp_b_mod_c(b, m, n); - if (z==1 || z==nminus1) - return true; - for (unsigned j=1; j<a; j++) - { - z = z.Squared()%n; - if (z==nminus1) - return true; - if (z==1) - return false; - } - return false; -} - -bool RabinMillerTest(RandomNumberGenerator &rng, const Integer &n, unsigned int rounds) -{ - if (n <= 3) - return n==2 || n==3; - - assert(n>3); - - Integer b; - for (unsigned int i=0; i<rounds; i++) - { - b.Randomize(rng, 2, n-2); - if (!IsStrongProbablePrime(n, b)) - return false; - } - return true; -} - -bool IsLucasProbablePrime(const Integer &n) -{ - if (n <= 1) - return false; - - if (n.IsEven()) - return n==2; - - assert(n>2); - - Integer b=3; - unsigned int i=0; - int j; - - while ((j=Jacobi(b.Squared()-4, n)) == 1) - { - if (++i==64 && n.IsSquare()) // avoid infinite loop if n is a square - return false; - ++b; ++b; - } - - if (j==0) - return false; - else - return Lucas(n+1, b, n)==2; -} - -bool IsStrongLucasProbablePrime(const Integer &n) -{ - if (n <= 1) - return false; - - if (n.IsEven()) - return n==2; - - assert(n>2); - - Integer b=3; - unsigned int i=0; - int j; - - while ((j=Jacobi(b.Squared()-4, n)) == 1) - { - if (++i==64 && n.IsSquare()) // avoid infinite loop if n is a square - return false; - ++b; ++b; - } - - if (j==0) - return false; - - Integer n1 = n+1; - unsigned int a; - - // calculate a = largest power of 2 that divides n1 - for (a=0; ; a++) - if (n1.GetBit(a)) - break; - Integer m = n1>>a; - - Integer z = Lucas(m, b, n); - if (z==2 || z==n-2) - return true; - for (i=1; i<a; i++) - { - z = (z.Squared()-2)%n; - if (z==n-2) - return true; - if (z==2) - return false; - } - return false; -} - -struct NewLastSmallPrimeSquared -{ - Integer * operator()() const - { - return new Integer(Integer(s_lastSmallPrime).Squared()); - } -}; - -bool IsPrime(const Integer &p) -{ - if (p <= s_lastSmallPrime) - return IsSmallPrime(p); - else if (p <= Singleton<Integer, NewLastSmallPrimeSquared>().Ref()) - return SmallDivisorsTest(p); - else - return SmallDivisorsTest(p) && IsStrongProbablePrime(p, 3) && IsStrongLucasProbablePrime(p); -} - -bool VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level) -{ - bool pass = IsPrime(p) && RabinMillerTest(rng, p, 1); - if (level >= 1) - pass = pass && RabinMillerTest(rng, p, 10); - return pass; -} - -unsigned int PrimeSearchInterval(const Integer &max) -{ - return max.BitCount(); -} - -static inline bool FastProbablePrimeTest(const Integer &n) -{ - return IsStrongProbablePrime(n,2); -} - -AlgorithmParameters MakeParametersForTwoPrimesOfEqualSize(unsigned int productBitLength) -{ - if (productBitLength < 16) - throw InvalidArgument("invalid bit length"); - - Integer minP, maxP; - - if (productBitLength%2==0) - { - minP = Integer(182) << (productBitLength/2-8); - maxP = Integer::Power2(productBitLength/2)-1; - } - else - { - minP = Integer::Power2((productBitLength-1)/2); - maxP = Integer(181) << ((productBitLength+1)/2-8); - } - - return MakeParameters("RandomNumberType", Integer::PRIME)("Min", minP)("Max", maxP); -} - -class PrimeSieve -{ -public: - // delta == 1 or -1 means double sieve with p = 2*q + delta - PrimeSieve(const Integer &first, const Integer &last, const Integer &step, signed int delta=0); - bool NextCandidate(Integer &c); - - void DoSieve(); - static void SieveSingle(std::vector<bool> &sieve, word16 p, const Integer &first, const Integer &step, word16 stepInv); - - Integer m_first, m_last, m_step; - signed int m_delta; - word m_next; - std::vector<bool> m_sieve; -}; - -PrimeSieve::PrimeSieve(const Integer &first, const Integer &last, const Integer &step, signed int delta) - : m_first(first), m_last(last), m_step(step), m_delta(delta), m_next(0) -{ - DoSieve(); -} - -bool PrimeSieve::NextCandidate(Integer &c) -{ - bool safe = SafeConvert(std::find(m_sieve.begin()+m_next, m_sieve.end(), false) - m_sieve.begin(), m_next); - assert(safe); - if (m_next == m_sieve.size()) - { - m_first += long(m_sieve.size())*m_step; - if (m_first > m_last) - return false; - else - { - m_next = 0; - DoSieve(); - return NextCandidate(c); - } - } - else - { - c = m_first + long(m_next)*m_step; - ++m_next; - return true; - } -} - -void PrimeSieve::SieveSingle(std::vector<bool> &sieve, word16 p, const Integer &first, const Integer &step, word16 stepInv) -{ - if (stepInv) - { - size_t sieveSize = sieve.size(); - size_t j = (word32(p-(first%p))*stepInv) % p; - // if the first multiple of p is p, skip it - if (first.WordCount() <= 1 && first + step*long(j) == p) - j += p; - for (; j < sieveSize; j += p) - sieve[j] = true; - } -} - -void PrimeSieve::DoSieve() -{ - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - - const unsigned int maxSieveSize = 32768; - unsigned int sieveSize = STDMIN(Integer(maxSieveSize), (m_last-m_first)/m_step+1).ConvertToLong(); - - m_sieve.clear(); - m_sieve.resize(sieveSize, false); - - if (m_delta == 0) - { - for (unsigned int i = 0; i < primeTableSize; ++i) - SieveSingle(m_sieve, primeTable[i], m_first, m_step, (word16)m_step.InverseMod(primeTable[i])); - } - else - { - assert(m_step%2==0); - Integer qFirst = (m_first-m_delta) >> 1; - Integer halfStep = m_step >> 1; - for (unsigned int i = 0; i < primeTableSize; ++i) - { - word16 p = primeTable[i]; - word16 stepInv = (word16)m_step.InverseMod(p); - SieveSingle(m_sieve, p, m_first, m_step, stepInv); - - word16 halfStepInv = 2*stepInv < p ? 2*stepInv : 2*stepInv-p; - SieveSingle(m_sieve, p, qFirst, halfStep, halfStepInv); - } - } -} - -bool FirstPrime(Integer &p, const Integer &max, const Integer &equiv, const Integer &mod, const PrimeSelector *pSelector) -{ - assert(!equiv.IsNegative() && equiv < mod); - - Integer gcd = GCD(equiv, mod); - if (gcd != Integer::One()) - { - // the only possible prime p such that p%mod==equiv where GCD(mod,equiv)!=1 is GCD(mod,equiv) - if (p <= gcd && gcd <= max && IsPrime(gcd) && (!pSelector || pSelector->IsAcceptable(gcd))) - { - p = gcd; - return true; - } - else - return false; - } - - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - - if (p <= primeTable[primeTableSize-1]) - { - const word16 *pItr; - - --p; - if (p.IsPositive()) - pItr = std::upper_bound(primeTable, primeTable+primeTableSize, (word)p.ConvertToLong()); - else - pItr = primeTable; - - while (pItr < primeTable+primeTableSize && !(*pItr%mod == equiv && (!pSelector || pSelector->IsAcceptable(*pItr)))) - ++pItr; - - if (pItr < primeTable+primeTableSize) - { - p = *pItr; - return p <= max; - } - - p = primeTable[primeTableSize-1]+1; - } - - assert(p > primeTable[primeTableSize-1]); - - if (mod.IsOdd()) - return FirstPrime(p, max, CRT(equiv, mod, 1, 2, 1), mod<<1, pSelector); - - p += (equiv-p)%mod; - - if (p>max) - return false; - - PrimeSieve sieve(p, max, mod); - - while (sieve.NextCandidate(p)) - { - if ((!pSelector || pSelector->IsAcceptable(p)) && FastProbablePrimeTest(p) && IsPrime(p)) - return true; - } - - return false; -} - -// the following two functions are based on code and comments provided by Preda Mihailescu -static bool ProvePrime(const Integer &p, const Integer &q) -{ - assert(p < q*q*q); - assert(p % q == 1); - -// this is the Quisquater test. Numbers p having passed the Lucas - Lehmer test -// for q and verifying p < q^3 can only be built up of two factors, both = 1 mod q, -// or be prime. The next two lines build the discriminant of a quadratic equation -// which holds iff p is built up of two factors (excercise ... ) - - Integer r = (p-1)/q; - if (((r%q).Squared()-4*(r/q)).IsSquare()) - return false; - - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - - assert(primeTableSize >= 50); - for (int i=0; i<50; i++) - { - Integer b = a_exp_b_mod_c(primeTable[i], r, p); - if (b != 1) - return a_exp_b_mod_c(b, q, p) == 1; - } - return false; -} - -Integer MihailescuProvablePrime(RandomNumberGenerator &rng, unsigned int pbits) -{ - Integer p; - Integer minP = Integer::Power2(pbits-1); - Integer maxP = Integer::Power2(pbits) - 1; - - if (maxP <= Integer(s_lastSmallPrime).Squared()) - { - // Randomize() will generate a prime provable by trial division - p.Randomize(rng, minP, maxP, Integer::PRIME); - return p; - } - - unsigned int qbits = (pbits+2)/3 + 1 + rng.GenerateWord32(0, pbits/36); - Integer q = MihailescuProvablePrime(rng, qbits); - Integer q2 = q<<1; - - while (true) - { - // this initializes the sieve to search in the arithmetic - // progression p = p_0 + \lambda * q2 = p_0 + 2 * \lambda * q, - // with q the recursively generated prime above. We will be able - // to use Lucas tets for proving primality. A trick of Quisquater - // allows taking q > cubic_root(p) rather then square_root: this - // decreases the recursion. - - p.Randomize(rng, minP, maxP, Integer::ANY, 1, q2); - PrimeSieve sieve(p, STDMIN(p+PrimeSearchInterval(maxP)*q2, maxP), q2); - - while (sieve.NextCandidate(p)) - { - if (FastProbablePrimeTest(p) && ProvePrime(p, q)) - return p; - } - } - - // not reached - return p; -} - -Integer MaurerProvablePrime(RandomNumberGenerator &rng, unsigned int bits) -{ - const unsigned smallPrimeBound = 29, c_opt=10; - Integer p; - - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - - if (bits < smallPrimeBound) - { - do - p.Randomize(rng, Integer::Power2(bits-1), Integer::Power2(bits)-1, Integer::ANY, 1, 2); - while (TrialDivision(p, 1 << ((bits+1)/2))); - } - else - { - const unsigned margin = bits > 50 ? 20 : (bits-10)/2; - double relativeSize; - do - relativeSize = pow(2.0, double(rng.GenerateWord32())/0xffffffff - 1); - while (bits * relativeSize >= bits - margin); - - Integer a,b; - Integer q = MaurerProvablePrime(rng, unsigned(bits*relativeSize)); - Integer I = Integer::Power2(bits-2)/q; - Integer I2 = I << 1; - unsigned int trialDivisorBound = (unsigned int)STDMIN((unsigned long)primeTable[primeTableSize-1], (unsigned long)bits*bits/c_opt); - bool success = false; - while (!success) - { - p.Randomize(rng, I, I2, Integer::ANY); - p *= q; p <<= 1; ++p; - if (!TrialDivision(p, trialDivisorBound)) - { - a.Randomize(rng, 2, p-1, Integer::ANY); - b = a_exp_b_mod_c(a, (p-1)/q, p); - success = (GCD(b-1, p) == 1) && (a_exp_b_mod_c(b, q, p) == 1); - } - } - } - return p; -} - -Integer CRT(const Integer &xp, const Integer &p, const Integer &xq, const Integer &q, const Integer &u) -{ - // isn't operator overloading great? - return p * (u * (xq-xp) % q) + xp; -/* - Integer t1 = xq-xp; - cout << hex << t1 << endl; - Integer t2 = u * t1; - cout << hex << t2 << endl; - Integer t3 = t2 % q; - cout << hex << t3 << endl; - Integer t4 = p * t3; - cout << hex << t4 << endl; - Integer t5 = t4 + xp; - cout << hex << t5 << endl; - return t5; -*/ -} - -Integer ModularSquareRoot(const Integer &a, const Integer &p) -{ - if (p%4 == 3) - return a_exp_b_mod_c(a, (p+1)/4, p); - - Integer q=p-1; - unsigned int r=0; - while (q.IsEven()) - { - r++; - q >>= 1; - } - - Integer n=2; - while (Jacobi(n, p) != -1) - ++n; - - Integer y = a_exp_b_mod_c(n, q, p); - Integer x = a_exp_b_mod_c(a, (q-1)/2, p); - Integer b = (x.Squared()%p)*a%p; - x = a*x%p; - Integer tempb, t; - - while (b != 1) - { - unsigned m=0; - tempb = b; - do - { - m++; - b = b.Squared()%p; - if (m==r) - return Integer::Zero(); - } - while (b != 1); - - t = y; - for (unsigned i=0; i<r-m-1; i++) - t = t.Squared()%p; - y = t.Squared()%p; - r = m; - x = x*t%p; - b = tempb*y%p; - } - - assert(x.Squared()%p == a); - return x; -} - -bool SolveModularQuadraticEquation(Integer &r1, Integer &r2, const Integer &a, const Integer &b, const Integer &c, const Integer &p) -{ - Integer D = (b.Squared() - 4*a*c) % p; - switch (Jacobi(D, p)) - { - default: - assert(false); // not reached - return false; - case -1: - return false; - case 0: - r1 = r2 = (-b*(a+a).InverseMod(p)) % p; - assert(((r1.Squared()*a + r1*b + c) % p).IsZero()); - return true; - case 1: - Integer s = ModularSquareRoot(D, p); - Integer t = (a+a).InverseMod(p); - r1 = (s-b)*t % p; - r2 = (-s-b)*t % p; - assert(((r1.Squared()*a + r1*b + c) % p).IsZero()); - assert(((r2.Squared()*a + r2*b + c) % p).IsZero()); - return true; - } -} - -Integer ModularRoot(const Integer &a, const Integer &dp, const Integer &dq, - const Integer &p, const Integer &q, const Integer &u) -{ - Integer p2, q2; - #pragma omp parallel - #pragma omp sections - { - #pragma omp section - p2 = ModularExponentiation((a % p), dp, p); - #pragma omp section - q2 = ModularExponentiation((a % q), dq, q); - } - return CRT(p2, p, q2, q, u); -} - -Integer ModularRoot(const Integer &a, const Integer &e, - const Integer &p, const Integer &q) -{ - Integer dp = EuclideanMultiplicativeInverse(e, p-1); - Integer dq = EuclideanMultiplicativeInverse(e, q-1); - Integer u = EuclideanMultiplicativeInverse(p, q); - assert(!!dp && !!dq && !!u); - return ModularRoot(a, dp, dq, p, q, u); -} - -/* -Integer GCDI(const Integer &x, const Integer &y) -{ - Integer a=x, b=y; - unsigned k=0; - - assert(!!a && !!b); - - while (a[0]==0 && b[0]==0) - { - a >>= 1; - b >>= 1; - k++; - } - - while (a[0]==0) - a >>= 1; - - while (b[0]==0) - b >>= 1; - - while (1) - { - switch (a.Compare(b)) - { - case -1: - b -= a; - while (b[0]==0) - b >>= 1; - break; - - case 0: - return (a <<= k); - - case 1: - a -= b; - while (a[0]==0) - a >>= 1; - break; - - default: - assert(false); - } - } -} - -Integer EuclideanMultiplicativeInverse(const Integer &a, const Integer &b) -{ - assert(b.Positive()); - - if (a.Negative()) - return EuclideanMultiplicativeInverse(a%b, b); - - if (b[0]==0) - { - if (!b || a[0]==0) - return Integer::Zero(); // no inverse - if (a==1) - return 1; - Integer u = EuclideanMultiplicativeInverse(b, a); - if (!u) - return Integer::Zero(); // no inverse - else - return (b*(a-u)+1)/a; - } - - Integer u=1, d=a, v1=b, v3=b, t1, t3, b2=(b+1)>>1; - - if (a[0]) - { - t1 = Integer::Zero(); - t3 = -b; - } - else - { - t1 = b2; - t3 = a>>1; - } - - while (!!t3) - { - while (t3[0]==0) - { - t3 >>= 1; - if (t1[0]==0) - t1 >>= 1; - else - { - t1 >>= 1; - t1 += b2; - } - } - if (t3.Positive()) - { - u = t1; - d = t3; - } - else - { - v1 = b-t1; - v3 = -t3; - } - t1 = u-v1; - t3 = d-v3; - if (t1.Negative()) - t1 += b; - } - if (d==1) - return u; - else - return Integer::Zero(); // no inverse -} -*/ - -int Jacobi(const Integer &aIn, const Integer &bIn) -{ - assert(bIn.IsOdd()); - - Integer b = bIn, a = aIn%bIn; - int result = 1; - - while (!!a) - { - unsigned i=0; - while (a.GetBit(i)==0) - i++; - a>>=i; - - if (i%2==1 && (b%8==3 || b%8==5)) - result = -result; - - if (a%4==3 && b%4==3) - result = -result; - - std::swap(a, b); - a %= b; - } - - return (b==1) ? result : 0; -} - -Integer Lucas(const Integer &e, const Integer &pIn, const Integer &n) -{ - unsigned i = e.BitCount(); - if (i==0) - return Integer::Two(); - - MontgomeryRepresentation m(n); - Integer p=m.ConvertIn(pIn%n), two=m.ConvertIn(Integer::Two()); - Integer v=p, v1=m.Subtract(m.Square(p), two); - - i--; - while (i--) - { - if (e.GetBit(i)) - { - // v = (v*v1 - p) % m; - v = m.Subtract(m.Multiply(v,v1), p); - // v1 = (v1*v1 - 2) % m; - v1 = m.Subtract(m.Square(v1), two); - } - else - { - // v1 = (v*v1 - p) % m; - v1 = m.Subtract(m.Multiply(v,v1), p); - // v = (v*v - 2) % m; - v = m.Subtract(m.Square(v), two); - } - } - return m.ConvertOut(v); -} - -// This is Peter Montgomery's unpublished Lucas sequence evalutation algorithm. -// The total number of multiplies and squares used is less than the binary -// algorithm (see above). Unfortunately I can't get it to run as fast as -// the binary algorithm because of the extra overhead. -/* -Integer Lucas(const Integer &n, const Integer &P, const Integer &modulus) -{ - if (!n) - return 2; - -#define f(A, B, C) m.Subtract(m.Multiply(A, B), C) -#define X2(A) m.Subtract(m.Square(A), two) -#define X3(A) m.Multiply(A, m.Subtract(m.Square(A), three)) - - MontgomeryRepresentation m(modulus); - Integer two=m.ConvertIn(2), three=m.ConvertIn(3); - Integer A=m.ConvertIn(P), B, C, p, d=n, e, r, t, T, U; - - while (d!=1) - { - p = d; - unsigned int b = WORD_BITS * p.WordCount(); - Integer alpha = (Integer(5)<<(2*b-2)).SquareRoot() - Integer::Power2(b-1); - r = (p*alpha)>>b; - e = d-r; - B = A; - C = two; - d = r; - - while (d!=e) - { - if (d<e) - { - swap(d, e); - swap(A, B); - } - - unsigned int dm2 = d[0], em2 = e[0]; - unsigned int dm3 = d%3, em3 = e%3; - -// if ((dm6+em6)%3 == 0 && d <= e + (e>>2)) - if ((dm3+em3==0 || dm3+em3==3) && (t = e, t >>= 2, t += e, d <= t)) - { - // #1 -// t = (d+d-e)/3; -// t = d; t += d; t -= e; t /= 3; -// e = (e+e-d)/3; -// e += e; e -= d; e /= 3; -// d = t; - -// t = (d+e)/3 - t = d; t += e; t /= 3; - e -= t; - d -= t; - - T = f(A, B, C); - U = f(T, A, B); - B = f(T, B, A); - A = U; - continue; - } - -// if (dm6 == em6 && d <= e + (e>>2)) - if (dm3 == em3 && dm2 == em2 && (t = e, t >>= 2, t += e, d <= t)) - { - // #2 -// d = (d-e)>>1; - d -= e; d >>= 1; - B = f(A, B, C); - A = X2(A); - continue; - } - -// if (d <= (e<<2)) - if (d <= (t = e, t <<= 2)) - { - // #3 - d -= e; - C = f(A, B, C); - swap(B, C); - continue; - } - - if (dm2 == em2) - { - // #4 -// d = (d-e)>>1; - d -= e; d >>= 1; - B = f(A, B, C); - A = X2(A); - continue; - } - - if (dm2 == 0) - { - // #5 - d >>= 1; - C = f(A, C, B); - A = X2(A); - continue; - } - - if (dm3 == 0) - { - // #6 -// d = d/3 - e; - d /= 3; d -= e; - T = X2(A); - C = f(T, f(A, B, C), C); - swap(B, C); - A = f(T, A, A); - continue; - } - - if (dm3+em3==0 || dm3+em3==3) - { - // #7 -// d = (d-e-e)/3; - d -= e; d -= e; d /= 3; - T = f(A, B, C); - B = f(T, A, B); - A = X3(A); - continue; - } - - if (dm3 == em3) - { - // #8 -// d = (d-e)/3; - d -= e; d /= 3; - T = f(A, B, C); - C = f(A, C, B); - B = T; - A = X3(A); - continue; - } - - assert(em2 == 0); - // #9 - e >>= 1; - C = f(C, B, A); - B = X2(B); - } - - A = f(A, B, C); - } - -#undef f -#undef X2 -#undef X3 - - return m.ConvertOut(A); -} -*/ - -Integer InverseLucas(const Integer &e, const Integer &m, const Integer &p, const Integer &q, const Integer &u) -{ - Integer d = (m*m-4); - Integer p2, q2; - #pragma omp parallel - #pragma omp sections - { - #pragma omp section - { - p2 = p-Jacobi(d,p); - p2 = Lucas(EuclideanMultiplicativeInverse(e,p2), m, p); - } - #pragma omp section - { - q2 = q-Jacobi(d,q); - q2 = Lucas(EuclideanMultiplicativeInverse(e,q2), m, q); - } - } - return CRT(p2, p, q2, q, u); -} - -unsigned int FactoringWorkFactor(unsigned int n) -{ - // extrapolated from the table in Odlyzko's "The Future of Integer Factorization" - // updated to reflect the factoring of RSA-130 - if (n<5) return 0; - else return (unsigned int)(2.4 * pow((double)n, 1.0/3.0) * pow(log(double(n)), 2.0/3.0) - 5); -} - -unsigned int DiscreteLogWorkFactor(unsigned int n) -{ - // assuming discrete log takes about the same time as factoring - if (n<5) return 0; - else return (unsigned int)(2.4 * pow((double)n, 1.0/3.0) * pow(log(double(n)), 2.0/3.0) - 5); -} - -// ******************************************************** - -void PrimeAndGenerator::Generate(signed int delta, RandomNumberGenerator &rng, unsigned int pbits, unsigned int qbits) -{ - // no prime exists for delta = -1, qbits = 4, and pbits = 5 - assert(qbits > 4); - assert(pbits > qbits); - - if (qbits+1 == pbits) - { - Integer minP = Integer::Power2(pbits-1); - Integer maxP = Integer::Power2(pbits) - 1; - bool success = false; - - while (!success) - { - p.Randomize(rng, minP, maxP, Integer::ANY, 6+5*delta, 12); - PrimeSieve sieve(p, STDMIN(p+PrimeSearchInterval(maxP)*12, maxP), 12, delta); - - while (sieve.NextCandidate(p)) - { - assert(IsSmallPrime(p) || SmallDivisorsTest(p)); - q = (p-delta) >> 1; - assert(IsSmallPrime(q) || SmallDivisorsTest(q)); - if (FastProbablePrimeTest(q) && FastProbablePrimeTest(p) && IsPrime(q) && IsPrime(p)) - { - success = true; - break; - } - } - } - - if (delta == 1) - { - // find g such that g is a quadratic residue mod p, then g has order q - // g=4 always works, but this way we get the smallest quadratic residue (other than 1) - for (g=2; Jacobi(g, p) != 1; ++g) {} - // contributed by Walt Tuvell: g should be the following according to the Law of Quadratic Reciprocity - assert((p%8==1 || p%8==7) ? g==2 : (p%12==1 || p%12==11) ? g==3 : g==4); - } - else - { - assert(delta == -1); - // find g such that g*g-4 is a quadratic non-residue, - // and such that g has order q - for (g=3; ; ++g) - if (Jacobi(g*g-4, p)==-1 && Lucas(q, g, p)==2) - break; - } - } - else - { - Integer minQ = Integer::Power2(qbits-1); - Integer maxQ = Integer::Power2(qbits) - 1; - Integer minP = Integer::Power2(pbits-1); - Integer maxP = Integer::Power2(pbits) - 1; - - do - { - q.Randomize(rng, minQ, maxQ, Integer::PRIME); - } while (!p.Randomize(rng, minP, maxP, Integer::PRIME, delta%q, q)); - - // find a random g of order q - if (delta==1) - { - do - { - Integer h(rng, 2, p-2, Integer::ANY); - g = a_exp_b_mod_c(h, (p-1)/q, p); - } while (g <= 1); - assert(a_exp_b_mod_c(g, q, p)==1); - } - else - { - assert(delta==-1); - do - { - Integer h(rng, 3, p-1, Integer::ANY); - if (Jacobi(h*h-4, p)==1) - continue; - g = Lucas((p+1)/q, h, p); - } while (g <= 2); - assert(Lucas(q, g, p) == 2); - } - } -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/nbtheory.h b/cryptopp562/nbtheory.h deleted file mode 100644 index 6364792..0000000 --- a/cryptopp562/nbtheory.h +++ /dev/null @@ -1,131 +0,0 @@ -// nbtheory.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_NBTHEORY_H -#define CRYPTOPP_NBTHEORY_H - -#include "integer.h" -#include "algparam.h" - -NAMESPACE_BEGIN(CryptoPP) - -// obtain pointer to small prime table and get its size -CRYPTOPP_DLL const word16 * CRYPTOPP_API GetPrimeTable(unsigned int &size); - -// ************ primality testing **************** - -// generate a provable prime -CRYPTOPP_DLL Integer CRYPTOPP_API MaurerProvablePrime(RandomNumberGenerator &rng, unsigned int bits); -CRYPTOPP_DLL Integer CRYPTOPP_API MihailescuProvablePrime(RandomNumberGenerator &rng, unsigned int bits); - -CRYPTOPP_DLL bool CRYPTOPP_API IsSmallPrime(const Integer &p); - -// returns true if p is divisible by some prime less than bound -// bound not be greater than the largest entry in the prime table -CRYPTOPP_DLL bool CRYPTOPP_API TrialDivision(const Integer &p, unsigned bound); - -// returns true if p is NOT divisible by small primes -CRYPTOPP_DLL bool CRYPTOPP_API SmallDivisorsTest(const Integer &p); - -// These is no reason to use these two, use the ones below instead -CRYPTOPP_DLL bool CRYPTOPP_API IsFermatProbablePrime(const Integer &n, const Integer &b); -CRYPTOPP_DLL bool CRYPTOPP_API IsLucasProbablePrime(const Integer &n); - -CRYPTOPP_DLL bool CRYPTOPP_API IsStrongProbablePrime(const Integer &n, const Integer &b); -CRYPTOPP_DLL bool CRYPTOPP_API IsStrongLucasProbablePrime(const Integer &n); - -// Rabin-Miller primality test, i.e. repeating the strong probable prime test -// for several rounds with random bases -CRYPTOPP_DLL bool CRYPTOPP_API RabinMillerTest(RandomNumberGenerator &rng, const Integer &w, unsigned int rounds); - -// primality test, used to generate primes -CRYPTOPP_DLL bool CRYPTOPP_API IsPrime(const Integer &p); - -// more reliable than IsPrime(), used to verify primes generated by others -CRYPTOPP_DLL bool CRYPTOPP_API VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level = 1); - -class CRYPTOPP_DLL PrimeSelector -{ -public: - const PrimeSelector *GetSelectorPointer() const {return this;} - virtual bool IsAcceptable(const Integer &candidate) const =0; -}; - -// use a fast sieve to find the first probable prime in {x | p<=x<=max and x%mod==equiv} -// returns true iff successful, value of p is undefined if no such prime exists -CRYPTOPP_DLL bool CRYPTOPP_API FirstPrime(Integer &p, const Integer &max, const Integer &equiv, const Integer &mod, const PrimeSelector *pSelector); - -CRYPTOPP_DLL unsigned int CRYPTOPP_API PrimeSearchInterval(const Integer &max); - -CRYPTOPP_DLL AlgorithmParameters CRYPTOPP_API MakeParametersForTwoPrimesOfEqualSize(unsigned int productBitLength); - -// ********** other number theoretic functions ************ - -inline Integer GCD(const Integer &a, const Integer &b) - {return Integer::Gcd(a,b);} -inline bool RelativelyPrime(const Integer &a, const Integer &b) - {return Integer::Gcd(a,b) == Integer::One();} -inline Integer LCM(const Integer &a, const Integer &b) - {return a/Integer::Gcd(a,b)*b;} -inline Integer EuclideanMultiplicativeInverse(const Integer &a, const Integer &b) - {return a.InverseMod(b);} - -// use Chinese Remainder Theorem to calculate x given x mod p and x mod q, and u = inverse of p mod q -CRYPTOPP_DLL Integer CRYPTOPP_API CRT(const Integer &xp, const Integer &p, const Integer &xq, const Integer &q, const Integer &u); - -// if b is prime, then Jacobi(a, b) returns 0 if a%b==0, 1 if a is quadratic residue mod b, -1 otherwise -// check a number theory book for what Jacobi symbol means when b is not prime -CRYPTOPP_DLL int CRYPTOPP_API Jacobi(const Integer &a, const Integer &b); - -// calculates the Lucas function V_e(p, 1) mod n -CRYPTOPP_DLL Integer CRYPTOPP_API Lucas(const Integer &e, const Integer &p, const Integer &n); -// calculates x such that m==Lucas(e, x, p*q), p q primes, u=inverse of p mod q -CRYPTOPP_DLL Integer CRYPTOPP_API InverseLucas(const Integer &e, const Integer &m, const Integer &p, const Integer &q, const Integer &u); - -inline Integer ModularExponentiation(const Integer &a, const Integer &e, const Integer &m) - {return a_exp_b_mod_c(a, e, m);} -// returns x such that x*x%p == a, p prime -CRYPTOPP_DLL Integer CRYPTOPP_API ModularSquareRoot(const Integer &a, const Integer &p); -// returns x such that a==ModularExponentiation(x, e, p*q), p q primes, -// and e relatively prime to (p-1)*(q-1) -// dp=d%(p-1), dq=d%(q-1), (d is inverse of e mod (p-1)*(q-1)) -// and u=inverse of p mod q -CRYPTOPP_DLL Integer CRYPTOPP_API ModularRoot(const Integer &a, const Integer &dp, const Integer &dq, const Integer &p, const Integer &q, const Integer &u); - -// find r1 and r2 such that ax^2 + bx + c == 0 (mod p) for x in {r1, r2}, p prime -// returns true if solutions exist -CRYPTOPP_DLL bool CRYPTOPP_API SolveModularQuadraticEquation(Integer &r1, Integer &r2, const Integer &a, const Integer &b, const Integer &c, const Integer &p); - -// returns log base 2 of estimated number of operations to calculate discrete log or factor a number -CRYPTOPP_DLL unsigned int CRYPTOPP_API DiscreteLogWorkFactor(unsigned int bitlength); -CRYPTOPP_DLL unsigned int CRYPTOPP_API FactoringWorkFactor(unsigned int bitlength); - -// ******************************************************** - -//! generator of prime numbers of special forms -class CRYPTOPP_DLL PrimeAndGenerator -{ -public: - PrimeAndGenerator() {} - // generate a random prime p of the form 2*q+delta, where delta is 1 or -1 and q is also prime - // Precondition: pbits > 5 - // warning: this is slow, because primes of this form are harder to find - PrimeAndGenerator(signed int delta, RandomNumberGenerator &rng, unsigned int pbits) - {Generate(delta, rng, pbits, pbits-1);} - // generate a random prime p of the form 2*r*q+delta, where q is also prime - // Precondition: qbits > 4 && pbits > qbits - PrimeAndGenerator(signed int delta, RandomNumberGenerator &rng, unsigned int pbits, unsigned qbits) - {Generate(delta, rng, pbits, qbits);} - - void Generate(signed int delta, RandomNumberGenerator &rng, unsigned int pbits, unsigned qbits); - - const Integer& Prime() const {return p;} - const Integer& SubPrime() const {return q;} - const Integer& Generator() const {return g;} - -private: - Integer p, q, g; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/network.cpp b/cryptopp562/network.cpp deleted file mode 100644 index 9b7198d..0000000 --- a/cryptopp562/network.cpp +++ /dev/null @@ -1,550 +0,0 @@ -// network.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "network.h" -#include "wait.h" - -#define CRYPTOPP_TRACE_NETWORK 0 - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef HIGHRES_TIMER_AVAILABLE - -lword LimitedBandwidth::ComputeCurrentTransceiveLimit() -{ - if (!m_maxBytesPerSecond) - return ULONG_MAX; - - double curTime = GetCurTimeAndCleanUp(); - lword total = 0; - for (OpQueue::size_type i=0; i!=m_ops.size(); ++i) - total += m_ops[i].second; - return SaturatingSubtract(m_maxBytesPerSecond, total); -} - -double LimitedBandwidth::TimeToNextTransceive() -{ - if (!m_maxBytesPerSecond) - return 0; - - if (!m_nextTransceiveTime) - ComputeNextTransceiveTime(); - - return SaturatingSubtract(m_nextTransceiveTime, m_timer.ElapsedTimeAsDouble()); -} - -void LimitedBandwidth::NoteTransceive(lword size) -{ - if (m_maxBytesPerSecond) - { - double curTime = GetCurTimeAndCleanUp(); - m_ops.push_back(std::make_pair(curTime, size)); - m_nextTransceiveTime = 0; - } -} - -void LimitedBandwidth::ComputeNextTransceiveTime() -{ - double curTime = GetCurTimeAndCleanUp(); - lword total = 0; - for (unsigned int i=0; i!=m_ops.size(); ++i) - total += m_ops[i].second; - m_nextTransceiveTime = - (total < m_maxBytesPerSecond) ? curTime : m_ops.front().first + 1000; -} - -double LimitedBandwidth::GetCurTimeAndCleanUp() -{ - if (!m_maxBytesPerSecond) - return 0; - - double curTime = m_timer.ElapsedTimeAsDouble(); - while (m_ops.size() && (m_ops.front().first + 1000 < curTime)) - m_ops.pop_front(); - return curTime; -} - -void LimitedBandwidth::GetWaitObjects(WaitObjectContainer &container, const CallStack &callStack) -{ - double nextTransceiveTime = TimeToNextTransceive(); - if (nextTransceiveTime) - container.ScheduleEvent(nextTransceiveTime, CallStack("LimitedBandwidth::GetWaitObjects()", &callStack)); -} - -// ************************************************************* - -size_t NonblockingSource::GeneralPump2( - lword& byteCount, bool blockingOutput, - unsigned long maxTime, bool checkDelimiter, byte delimiter) -{ - m_blockedBySpeedLimit = false; - - if (!GetMaxBytesPerSecond()) - { - size_t ret = DoPump(byteCount, blockingOutput, maxTime, checkDelimiter, delimiter); - m_doPumpBlocked = (ret != 0); - return ret; - } - - bool forever = (maxTime == INFINITE_TIME); - unsigned long timeToGo = maxTime; - Timer timer(Timer::MILLISECONDS, forever); - lword maxSize = byteCount; - byteCount = 0; - - timer.StartTimer(); - - while (true) - { - lword curMaxSize = UnsignedMin(ComputeCurrentTransceiveLimit(), maxSize - byteCount); - - if (curMaxSize || m_doPumpBlocked) - { - if (!forever) timeToGo = SaturatingSubtract(maxTime, timer.ElapsedTime()); - size_t ret = DoPump(curMaxSize, blockingOutput, timeToGo, checkDelimiter, delimiter); - m_doPumpBlocked = (ret != 0); - if (curMaxSize) - { - NoteTransceive(curMaxSize); - byteCount += curMaxSize; - } - if (ret) - return ret; - } - - if (maxSize != ULONG_MAX && byteCount >= maxSize) - break; - - if (!forever) - { - timeToGo = SaturatingSubtract(maxTime, timer.ElapsedTime()); - if (!timeToGo) - break; - } - - double waitTime = TimeToNextTransceive(); - if (!forever && waitTime > timeToGo) - { - m_blockedBySpeedLimit = true; - break; - } - - WaitObjectContainer container; - LimitedBandwidth::GetWaitObjects(container, CallStack("NonblockingSource::GeneralPump2() - speed limit", 0)); - container.Wait((unsigned long)waitTime); - } - - return 0; -} - -size_t NonblockingSource::PumpMessages2(unsigned int &messageCount, bool blocking) -{ - if (messageCount == 0) - return 0; - - messageCount = 0; - - lword byteCount; - do { - byteCount = LWORD_MAX; - RETURN_IF_NONZERO(Pump2(byteCount, blocking)); - } while(byteCount == LWORD_MAX); - - if (!m_messageEndSent && SourceExhausted()) - { - RETURN_IF_NONZERO(AttachedTransformation()->Put2(NULL, 0, GetAutoSignalPropagation(), true)); - m_messageEndSent = true; - messageCount = 1; - } - return 0; -} - -lword NonblockingSink::TimedFlush(unsigned long maxTime, size_t targetSize) -{ - m_blockedBySpeedLimit = false; - - size_t curBufSize = GetCurrentBufferSize(); - if (curBufSize <= targetSize && (targetSize || !EofPending())) - return 0; - - if (!GetMaxBytesPerSecond()) - return DoFlush(maxTime, targetSize); - - bool forever = (maxTime == INFINITE_TIME); - unsigned long timeToGo = maxTime; - Timer timer(Timer::MILLISECONDS, forever); - lword totalFlushed = 0; - - timer.StartTimer(); - - while (true) - { - size_t flushSize = UnsignedMin(curBufSize - targetSize, ComputeCurrentTransceiveLimit()); - if (flushSize || EofPending()) - { - if (!forever) timeToGo = SaturatingSubtract(maxTime, timer.ElapsedTime()); - size_t ret = (size_t)DoFlush(timeToGo, curBufSize - flushSize); - if (ret) - { - NoteTransceive(ret); - curBufSize -= ret; - totalFlushed += ret; - } - } - - if (curBufSize <= targetSize && (targetSize || !EofPending())) - break; - - if (!forever) - { - timeToGo = SaturatingSubtract(maxTime, timer.ElapsedTime()); - if (!timeToGo) - break; - } - - double waitTime = TimeToNextTransceive(); - if (!forever && waitTime > timeToGo) - { - m_blockedBySpeedLimit = true; - break; - } - - WaitObjectContainer container; - LimitedBandwidth::GetWaitObjects(container, CallStack("NonblockingSink::TimedFlush() - speed limit", 0)); - container.Wait((unsigned long)waitTime); - } - - return totalFlushed; -} - -bool NonblockingSink::IsolatedFlush(bool hardFlush, bool blocking) -{ - TimedFlush(blocking ? INFINITE_TIME : 0); - return hardFlush && (!!GetCurrentBufferSize() || EofPending()); -} - -// ************************************************************* - -NetworkSource::NetworkSource(BufferedTransformation *attachment) - : NonblockingSource(attachment), m_buf(1024*16) - , m_waitingForResult(false), m_outputBlocked(false) - , m_dataBegin(0), m_dataEnd(0) -{ -} - -unsigned int NetworkSource::GetMaxWaitObjectCount() const -{ - return LimitedBandwidth::GetMaxWaitObjectCount() - + GetReceiver().GetMaxWaitObjectCount() - + AttachedTransformation()->GetMaxWaitObjectCount(); -} - -void NetworkSource::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (BlockedBySpeedLimit()) - LimitedBandwidth::GetWaitObjects(container, CallStack("NetworkSource::GetWaitObjects() - speed limit", &callStack)); - else if (!m_outputBlocked) - { - if (m_dataBegin == m_dataEnd) - AccessReceiver().GetWaitObjects(container, CallStack("NetworkSource::GetWaitObjects() - no data", &callStack)); - else - container.SetNoWait(CallStack("NetworkSource::GetWaitObjects() - have data", &callStack)); - } - - AttachedTransformation()->GetWaitObjects(container, CallStack("NetworkSource::GetWaitObjects() - attachment", &callStack)); -} - -size_t NetworkSource::DoPump(lword &byteCount, bool blockingOutput, unsigned long maxTime, bool checkDelimiter, byte delimiter) -{ - NetworkReceiver &receiver = AccessReceiver(); - - lword maxSize = byteCount; - byteCount = 0; - bool forever = maxTime == INFINITE_TIME; - Timer timer(Timer::MILLISECONDS, forever); - BufferedTransformation *t = AttachedTransformation(); - - if (m_outputBlocked) - goto DoOutput; - - while (true) - { - if (m_dataBegin == m_dataEnd) - { - if (receiver.EofReceived()) - break; - - if (m_waitingForResult) - { - if (receiver.MustWaitForResult() && - !receiver.Wait(SaturatingSubtract(maxTime, timer.ElapsedTime()), - CallStack("NetworkSource::DoPump() - wait receive result", 0))) - break; - - unsigned int recvResult = receiver.GetReceiveResult(); -#if CRYPTOPP_TRACE_NETWORK - OutputDebugString((IntToString((unsigned int)this) + ": Received " + IntToString(recvResult) + " bytes\n").c_str()); -#endif - m_dataEnd += recvResult; - m_waitingForResult = false; - - if (!receiver.MustWaitToReceive() && !receiver.EofReceived() && m_dataEnd != m_buf.size()) - goto ReceiveNoWait; - } - else - { - m_dataEnd = m_dataBegin = 0; - - if (receiver.MustWaitToReceive()) - { - if (!receiver.Wait(SaturatingSubtract(maxTime, timer.ElapsedTime()), - CallStack("NetworkSource::DoPump() - wait receive", 0))) - break; - - receiver.Receive(m_buf+m_dataEnd, m_buf.size()-m_dataEnd); - m_waitingForResult = true; - } - else - { -ReceiveNoWait: - m_waitingForResult = true; - // call Receive repeatedly as long as data is immediately available, - // because some receivers tend to return data in small pieces -#if CRYPTOPP_TRACE_NETWORK - OutputDebugString((IntToString((unsigned int)this) + ": Receiving " + IntToString(m_buf.size()-m_dataEnd) + " bytes\n").c_str()); -#endif - while (receiver.Receive(m_buf+m_dataEnd, m_buf.size()-m_dataEnd)) - { - unsigned int recvResult = receiver.GetReceiveResult(); -#if CRYPTOPP_TRACE_NETWORK - OutputDebugString((IntToString((unsigned int)this) + ": Received " + IntToString(recvResult) + " bytes\n").c_str()); -#endif - m_dataEnd += recvResult; - if (receiver.EofReceived() || m_dataEnd > m_buf.size() /2) - { - m_waitingForResult = false; - break; - } - } - } - } - } - else - { - m_putSize = UnsignedMin(m_dataEnd - m_dataBegin, maxSize - byteCount); - - if (checkDelimiter) - m_putSize = std::find(m_buf+m_dataBegin, m_buf+m_dataBegin+m_putSize, delimiter) - (m_buf+m_dataBegin); - -DoOutput: - size_t result = t->PutModifiable2(m_buf+m_dataBegin, m_putSize, 0, forever || blockingOutput); - if (result) - { - if (t->Wait(SaturatingSubtract(maxTime, timer.ElapsedTime()), - CallStack("NetworkSource::DoPump() - wait attachment", 0))) - goto DoOutput; - else - { - m_outputBlocked = true; - return result; - } - } - m_outputBlocked = false; - - byteCount += m_putSize; - m_dataBegin += m_putSize; - if (checkDelimiter && m_dataBegin < m_dataEnd && m_buf[m_dataBegin] == delimiter) - break; - if (maxSize != ULONG_MAX && byteCount == maxSize) - break; - // once time limit is reached, return even if there is more data waiting - // but make 0 a special case so caller can request a large amount of data to be - // pumped as long as it is immediately available - if (maxTime > 0 && timer.ElapsedTime() > maxTime) - break; - } - } - - return 0; -} - -// ************************************************************* - -NetworkSink::NetworkSink(unsigned int maxBufferSize, unsigned int autoFlushBound) - : m_maxBufferSize(maxBufferSize), m_autoFlushBound(autoFlushBound) - , m_needSendResult(false), m_wasBlocked(false), m_eofState(EOF_NONE) - , m_buffer(STDMIN(16U*1024U+256, maxBufferSize)), m_skipBytes(0) - , m_speedTimer(Timer::MILLISECONDS), m_byteCountSinceLastTimerReset(0) - , m_currentSpeed(0), m_maxObservedSpeed(0) -{ -} - -float NetworkSink::ComputeCurrentSpeed() -{ - if (m_speedTimer.ElapsedTime() > 1000) - { - m_currentSpeed = m_byteCountSinceLastTimerReset * 1000 / m_speedTimer.ElapsedTime(); - m_maxObservedSpeed = STDMAX(m_currentSpeed, m_maxObservedSpeed * 0.98f); - m_byteCountSinceLastTimerReset = 0; - m_speedTimer.StartTimer(); -// OutputDebugString(("max speed: " + IntToString((int)m_maxObservedSpeed) + " current speed: " + IntToString((int)m_currentSpeed) + "\n").c_str()); - } - return m_currentSpeed; -} - -float NetworkSink::GetMaxObservedSpeed() const -{ - lword m = GetMaxBytesPerSecond(); - return m ? STDMIN(m_maxObservedSpeed, float(CRYPTOPP_VC6_INT64 m)) : m_maxObservedSpeed; -} - -unsigned int NetworkSink::GetMaxWaitObjectCount() const -{ - return LimitedBandwidth::GetMaxWaitObjectCount() + GetSender().GetMaxWaitObjectCount(); -} - -void NetworkSink::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (BlockedBySpeedLimit()) - LimitedBandwidth::GetWaitObjects(container, CallStack("NetworkSink::GetWaitObjects() - speed limit", &callStack)); - else if (m_wasBlocked) - AccessSender().GetWaitObjects(container, CallStack("NetworkSink::GetWaitObjects() - was blocked", &callStack)); - else if (!m_buffer.IsEmpty()) - AccessSender().GetWaitObjects(container, CallStack("NetworkSink::GetWaitObjects() - buffer not empty", &callStack)); - else if (EofPending()) - AccessSender().GetWaitObjects(container, CallStack("NetworkSink::GetWaitObjects() - EOF pending", &callStack)); -} - -size_t NetworkSink::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - if (m_eofState == EOF_DONE) - { - if (length || messageEnd) - throw Exception(Exception::OTHER_ERROR, "NetworkSink::Put2() being called after EOF had been sent"); - - return 0; - } - - if (m_eofState > EOF_NONE) - goto EofSite; - - { - if (m_skipBytes) - { - assert(length >= m_skipBytes); - inString += m_skipBytes; - length -= m_skipBytes; - } - - m_buffer.Put(inString, length); - - if (!blocking || m_buffer.CurrentSize() > m_autoFlushBound) - TimedFlush(0, 0); - - size_t targetSize = messageEnd ? 0 : m_maxBufferSize; - if (blocking) - TimedFlush(INFINITE_TIME, targetSize); - - if (m_buffer.CurrentSize() > targetSize) - { - assert(!blocking); - m_wasBlocked = true; - m_skipBytes += length; - size_t blockedBytes = UnsignedMin(length, m_buffer.CurrentSize() - targetSize); - return STDMAX<size_t>(blockedBytes, 1); - } - - m_wasBlocked = false; - m_skipBytes = 0; - } - - if (messageEnd) - { - m_eofState = EOF_PENDING_SEND; - - EofSite: - TimedFlush(blocking ? INFINITE_TIME : 0, 0); - if (m_eofState != EOF_DONE) - return 1; - } - - return 0; -} - -lword NetworkSink::DoFlush(unsigned long maxTime, size_t targetSize) -{ - NetworkSender &sender = AccessSender(); - - bool forever = maxTime == INFINITE_TIME; - Timer timer(Timer::MILLISECONDS, forever); - unsigned int totalFlushSize = 0; - - while (true) - { - if (m_buffer.CurrentSize() <= targetSize) - break; - - if (m_needSendResult) - { - if (sender.MustWaitForResult() && - !sender.Wait(SaturatingSubtract(maxTime, timer.ElapsedTime()), - CallStack("NetworkSink::DoFlush() - wait send result", 0))) - break; - - unsigned int sendResult = sender.GetSendResult(); -#if CRYPTOPP_TRACE_NETWORK - OutputDebugString((IntToString((unsigned int)this) + ": Sent " + IntToString(sendResult) + " bytes\n").c_str()); -#endif - m_buffer.Skip(sendResult); - totalFlushSize += sendResult; - m_needSendResult = false; - - if (!m_buffer.AnyRetrievable()) - break; - } - - unsigned long timeOut = maxTime ? SaturatingSubtract(maxTime, timer.ElapsedTime()) : 0; - if (sender.MustWaitToSend() && !sender.Wait(timeOut, CallStack("NetworkSink::DoFlush() - wait send", 0))) - break; - - size_t contiguousSize = 0; - const byte *block = m_buffer.Spy(contiguousSize); - -#if CRYPTOPP_TRACE_NETWORK - OutputDebugString((IntToString((unsigned int)this) + ": Sending " + IntToString(contiguousSize) + " bytes\n").c_str()); -#endif - sender.Send(block, contiguousSize); - m_needSendResult = true; - - if (maxTime > 0 && timeOut == 0) - break; // once time limit is reached, return even if there is more data waiting - } - - m_byteCountSinceLastTimerReset += totalFlushSize; - ComputeCurrentSpeed(); - - if (m_buffer.IsEmpty() && !m_needSendResult) - { - if (m_eofState == EOF_PENDING_SEND) - { - sender.SendEof(); - m_eofState = sender.MustWaitForEof() ? EOF_PENDING_DELIVERY : EOF_DONE; - } - - while (m_eofState == EOF_PENDING_DELIVERY) - { - unsigned long timeOut = maxTime ? SaturatingSubtract(maxTime, timer.ElapsedTime()) : 0; - if (!sender.Wait(timeOut, CallStack("NetworkSink::DoFlush() - wait EOF", 0))) - break; - - if (sender.EofSent()) - m_eofState = EOF_DONE; - } - } - - return totalFlushSize; -} - -#endif // #ifdef HIGHRES_TIMER_AVAILABLE - -NAMESPACE_END diff --git a/cryptopp562/network.h b/cryptopp562/network.h deleted file mode 100644 index 96cd456..0000000 --- a/cryptopp562/network.h +++ /dev/null @@ -1,235 +0,0 @@ -#ifndef CRYPTOPP_NETWORK_H -#define CRYPTOPP_NETWORK_H - -#include "config.h" - -#ifdef HIGHRES_TIMER_AVAILABLE - -#include "filters.h" -#include "hrtimer.h" - -#include <deque> - -NAMESPACE_BEGIN(CryptoPP) - -class LimitedBandwidth -{ -public: - LimitedBandwidth(lword maxBytesPerSecond = 0) - : m_maxBytesPerSecond(maxBytesPerSecond), m_timer(Timer::MILLISECONDS) - , m_nextTransceiveTime(0) - { m_timer.StartTimer(); } - - lword GetMaxBytesPerSecond() const - { return m_maxBytesPerSecond; } - - void SetMaxBytesPerSecond(lword v) - { m_maxBytesPerSecond = v; } - - lword ComputeCurrentTransceiveLimit(); - - double TimeToNextTransceive(); - - void NoteTransceive(lword size); - -public: - /*! GetWaitObjects() must be called despite the 0 return from GetMaxWaitObjectCount(); - the 0 is because the ScheduleEvent() method is used instead of adding a wait object */ - unsigned int GetMaxWaitObjectCount() const { return 0; } - void GetWaitObjects(WaitObjectContainer &container, const CallStack &callStack); - -private: - lword m_maxBytesPerSecond; - - typedef std::deque<std::pair<double, lword> > OpQueue; - OpQueue m_ops; - - Timer m_timer; - double m_nextTransceiveTime; - - void ComputeNextTransceiveTime(); - double GetCurTimeAndCleanUp(); -}; - -//! a Source class that can pump from a device for a specified amount of time. -class CRYPTOPP_NO_VTABLE NonblockingSource : public AutoSignaling<Source>, public LimitedBandwidth -{ -public: - NonblockingSource(BufferedTransformation *attachment) - : m_messageEndSent(false) , m_doPumpBlocked(false), m_blockedBySpeedLimit(false) {Detach(attachment);} - - //! \name NONBLOCKING SOURCE - //@{ - - //! pump up to maxSize bytes using at most maxTime milliseconds - /*! If checkDelimiter is true, pump up to delimiter, which itself is not extracted or pumped. */ - size_t GeneralPump2(lword &byteCount, bool blockingOutput=true, unsigned long maxTime=INFINITE_TIME, bool checkDelimiter=false, byte delimiter='\n'); - - lword GeneralPump(lword maxSize=LWORD_MAX, unsigned long maxTime=INFINITE_TIME, bool checkDelimiter=false, byte delimiter='\n') - { - GeneralPump2(maxSize, true, maxTime, checkDelimiter, delimiter); - return maxSize; - } - lword TimedPump(unsigned long maxTime) - {return GeneralPump(LWORD_MAX, maxTime);} - lword PumpLine(byte delimiter='\n', lword maxSize=1024) - {return GeneralPump(maxSize, INFINITE_TIME, true, delimiter);} - - size_t Pump2(lword &byteCount, bool blocking=true) - {return GeneralPump2(byteCount, blocking, blocking ? INFINITE_TIME : 0);} - size_t PumpMessages2(unsigned int &messageCount, bool blocking=true); - //@} - -protected: - virtual size_t DoPump(lword &byteCount, bool blockingOutput, - unsigned long maxTime, bool checkDelimiter, byte delimiter) =0; - - bool BlockedBySpeedLimit() const { return m_blockedBySpeedLimit; } - -private: - bool m_messageEndSent, m_doPumpBlocked, m_blockedBySpeedLimit; -}; - -//! Network Receiver -class CRYPTOPP_NO_VTABLE NetworkReceiver : public Waitable -{ -public: - virtual bool MustWaitToReceive() {return false;} - virtual bool MustWaitForResult() {return false;} - //! receive data from network source, returns whether result is immediately available - virtual bool Receive(byte* buf, size_t bufLen) =0; - virtual unsigned int GetReceiveResult() =0; - virtual bool EofReceived() const =0; -}; - -class CRYPTOPP_NO_VTABLE NonblockingSinkInfo -{ -public: - virtual ~NonblockingSinkInfo() {} - virtual size_t GetMaxBufferSize() const =0; - virtual size_t GetCurrentBufferSize() const =0; - virtual bool EofPending() const =0; - //! compute the current speed of this sink in bytes per second - virtual float ComputeCurrentSpeed() =0; - //! get the maximum observed speed of this sink in bytes per second - virtual float GetMaxObservedSpeed() const =0; -}; - -//! a Sink class that queues input and can flush to a device for a specified amount of time. -class CRYPTOPP_NO_VTABLE NonblockingSink : public Sink, public NonblockingSinkInfo, public LimitedBandwidth -{ -public: - NonblockingSink() : m_blockedBySpeedLimit(false) {} - - bool IsolatedFlush(bool hardFlush, bool blocking); - - //! flush to device for no more than maxTime milliseconds - /*! This function will repeatedly attempt to flush data to some device, until - the queue is empty, or a total of maxTime milliseconds have elapsed. - If maxTime == 0, at least one attempt will be made to flush some data, but - it is likely that not all queued data will be flushed, even if the device - is ready to receive more data without waiting. If you want to flush as much data - as possible without waiting for the device, call this function in a loop. - For example: while (sink.TimedFlush(0) > 0) {} - \return number of bytes flushed - */ - lword TimedFlush(unsigned long maxTime, size_t targetSize = 0); - - virtual void SetMaxBufferSize(size_t maxBufferSize) =0; - //! set a bound which will cause sink to flush if exceeded by GetCurrentBufferSize() - virtual void SetAutoFlushBound(size_t bound) =0; - -protected: - virtual lword DoFlush(unsigned long maxTime, size_t targetSize) = 0; - - bool BlockedBySpeedLimit() const { return m_blockedBySpeedLimit; } - -private: - bool m_blockedBySpeedLimit; -}; - -//! Network Sender -class CRYPTOPP_NO_VTABLE NetworkSender : public Waitable -{ -public: - virtual bool MustWaitToSend() {return false;} - virtual bool MustWaitForResult() {return false;} - virtual void Send(const byte* buf, size_t bufLen) =0; - virtual unsigned int GetSendResult() =0; - virtual bool MustWaitForEof() {return false;} - virtual void SendEof() =0; - virtual bool EofSent() {return false;} // implement if MustWaitForEof() == true -}; - -//! Network Source -class CRYPTOPP_NO_VTABLE NetworkSource : public NonblockingSource -{ -public: - NetworkSource(BufferedTransformation *attachment); - - unsigned int GetMaxWaitObjectCount() const; - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - - bool SourceExhausted() const {return m_dataBegin == m_dataEnd && GetReceiver().EofReceived();} - -protected: - size_t DoPump(lword &byteCount, bool blockingOutput, unsigned long maxTime, bool checkDelimiter, byte delimiter); - - virtual NetworkReceiver & AccessReceiver() =0; - const NetworkReceiver & GetReceiver() const {return const_cast<NetworkSource *>(this)->AccessReceiver();} - -private: - SecByteBlock m_buf; - size_t m_putSize, m_dataBegin, m_dataEnd; - bool m_waitingForResult, m_outputBlocked; -}; - -//! Network Sink -class CRYPTOPP_NO_VTABLE NetworkSink : public NonblockingSink -{ -public: - NetworkSink(unsigned int maxBufferSize, unsigned int autoFlushBound); - - unsigned int GetMaxWaitObjectCount() const; - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - - void SetMaxBufferSize(size_t maxBufferSize) {m_maxBufferSize = maxBufferSize; m_buffer.SetNodeSize(UnsignedMin(maxBufferSize, 16U*1024U+256U));} - void SetAutoFlushBound(size_t bound) {m_autoFlushBound = bound;} - - size_t GetMaxBufferSize() const {return m_maxBufferSize;} - size_t GetCurrentBufferSize() const {return (size_t)m_buffer.CurrentSize();} - - void ClearBuffer() { m_buffer.Clear(); } - - bool EofPending() const { return m_eofState > EOF_NONE && m_eofState < EOF_DONE; } - - //! compute the current speed of this sink in bytes per second - float ComputeCurrentSpeed(); - //! get the maximum observed speed of this sink in bytes per second - float GetMaxObservedSpeed() const; - -protected: - lword DoFlush(unsigned long maxTime, size_t targetSize); - - virtual NetworkSender & AccessSender() =0; - const NetworkSender & GetSender() const {return const_cast<NetworkSink *>(this)->AccessSender();} - -private: - enum EofState { EOF_NONE, EOF_PENDING_SEND, EOF_PENDING_DELIVERY, EOF_DONE }; - - size_t m_maxBufferSize, m_autoFlushBound; - bool m_needSendResult, m_wasBlocked; - EofState m_eofState; - ByteQueue m_buffer; - size_t m_skipBytes; - Timer m_speedTimer; - float m_byteCountSinceLastTimerReset, m_currentSpeed, m_maxObservedSpeed; -}; - -NAMESPACE_END - -#endif // #ifdef HIGHRES_TIMER_AVAILABLE - -#endif diff --git a/cryptopp562/nr.h b/cryptopp562/nr.h deleted file mode 100644 index c398e35..0000000 --- a/cryptopp562/nr.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifndef CRYPTOPP_NR_H -#define CRYPTOPP_NR_H - -#include "gfpcrypt.h" - -#endif diff --git a/cryptopp562/oaep.cpp b/cryptopp562/oaep.cpp deleted file mode 100644 index 1d474be..0000000 --- a/cryptopp562/oaep.cpp +++ /dev/null @@ -1,97 +0,0 @@ -// oaep.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "oaep.h" -#include <functional> - -NAMESPACE_BEGIN(CryptoPP) - -// ******************************************************** - -size_t OAEP_Base::MaxUnpaddedLength(size_t paddedLength) const -{ - return SaturatingSubtract(paddedLength/8, 1+2*DigestSize()); -} - -void OAEP_Base::Pad(RandomNumberGenerator &rng, const byte *input, size_t inputLength, byte *oaepBlock, size_t oaepBlockLen, const NameValuePairs ¶meters) const -{ - assert (inputLength <= MaxUnpaddedLength(oaepBlockLen)); - - // convert from bit length to byte length - if (oaepBlockLen % 8 != 0) - { - oaepBlock[0] = 0; - oaepBlock++; - } - oaepBlockLen /= 8; - - std::auto_ptr<HashTransformation> pHash(NewHash()); - const size_t hLen = pHash->DigestSize(); - const size_t seedLen = hLen, dbLen = oaepBlockLen-seedLen; - byte *const maskedSeed = oaepBlock; - byte *const maskedDB = oaepBlock+seedLen; - - ConstByteArrayParameter encodingParameters; - parameters.GetValue(Name::EncodingParameters(), encodingParameters); - - // DB = pHash || 00 ... || 01 || M - pHash->CalculateDigest(maskedDB, encodingParameters.begin(), encodingParameters.size()); - memset(maskedDB+hLen, 0, dbLen-hLen-inputLength-1); - maskedDB[dbLen-inputLength-1] = 0x01; - memcpy(maskedDB+dbLen-inputLength, input, inputLength); - - rng.GenerateBlock(maskedSeed, seedLen); - std::auto_ptr<MaskGeneratingFunction> pMGF(NewMGF()); - pMGF->GenerateAndMask(*pHash, maskedDB, dbLen, maskedSeed, seedLen); - pMGF->GenerateAndMask(*pHash, maskedSeed, seedLen, maskedDB, dbLen); -} - -DecodingResult OAEP_Base::Unpad(const byte *oaepBlock, size_t oaepBlockLen, byte *output, const NameValuePairs ¶meters) const -{ - bool invalid = false; - - // convert from bit length to byte length - if (oaepBlockLen % 8 != 0) - { - invalid = (oaepBlock[0] != 0) || invalid; - oaepBlock++; - } - oaepBlockLen /= 8; - - std::auto_ptr<HashTransformation> pHash(NewHash()); - const size_t hLen = pHash->DigestSize(); - const size_t seedLen = hLen, dbLen = oaepBlockLen-seedLen; - - invalid = (oaepBlockLen < 2*hLen+1) || invalid; - - SecByteBlock t(oaepBlock, oaepBlockLen); - byte *const maskedSeed = t; - byte *const maskedDB = t+seedLen; - - std::auto_ptr<MaskGeneratingFunction> pMGF(NewMGF()); - pMGF->GenerateAndMask(*pHash, maskedSeed, seedLen, maskedDB, dbLen); - pMGF->GenerateAndMask(*pHash, maskedDB, dbLen, maskedSeed, seedLen); - - ConstByteArrayParameter encodingParameters; - parameters.GetValue(Name::EncodingParameters(), encodingParameters); - - // DB = pHash' || 00 ... || 01 || M - byte *M = std::find(maskedDB+hLen, maskedDB+dbLen, 0x01); - invalid = (M == maskedDB+dbLen) || invalid; - invalid = (std::find_if(maskedDB+hLen, M, std::bind2nd(std::not_equal_to<byte>(), 0)) != M) || invalid; - invalid = !pHash->VerifyDigest(maskedDB, encodingParameters.begin(), encodingParameters.size()) || invalid; - - if (invalid) - return DecodingResult(); - - M++; - memcpy(output, M, maskedDB+dbLen-M); - return DecodingResult(maskedDB+dbLen-M); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/oaep.h b/cryptopp562/oaep.h deleted file mode 100644 index 4bf6b0d..0000000 --- a/cryptopp562/oaep.h +++ /dev/null @@ -1,42 +0,0 @@ -#ifndef CRYPTOPP_OAEP_H -#define CRYPTOPP_OAEP_H - -#include "pubkey.h" -#include "sha.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_DLL OAEP_Base : public PK_EncryptionMessageEncodingMethod -{ -public: - bool ParameterSupported(const char *name) const {return strcmp(name, Name::EncodingParameters()) == 0;} - size_t MaxUnpaddedLength(size_t paddedLength) const; - void Pad(RandomNumberGenerator &rng, const byte *raw, size_t inputLength, byte *padded, size_t paddedLength, const NameValuePairs ¶meters) const; - DecodingResult Unpad(const byte *padded, size_t paddedLength, byte *raw, const NameValuePairs ¶meters) const; - -protected: - virtual unsigned int DigestSize() const =0; - virtual HashTransformation * NewHash() const =0; - virtual MaskGeneratingFunction * NewMGF() const =0; -}; - -//! <a href="http://www.weidai.com/scan-mirror/ca.html#cem_OAEP-MGF1">EME-OAEP</a>, for use with classes derived from TF_ES -template <class H, class MGF=P1363_MGF1> -class OAEP : public OAEP_Base, public EncryptionStandard -{ -public: - static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string("OAEP-") + MGF::StaticAlgorithmName() + "(" + H::StaticAlgorithmName() + ")";} - typedef OAEP<H, MGF> EncryptionMessageEncodingMethod; - -protected: - unsigned int DigestSize() const {return H::DIGESTSIZE;} - HashTransformation * NewHash() const {return new H;} - MaskGeneratingFunction * NewMGF() const {return new MGF;} -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS OAEP<SHA>; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/oids.h b/cryptopp562/oids.h deleted file mode 100644 index 8b10301..0000000 --- a/cryptopp562/oids.h +++ /dev/null @@ -1,123 +0,0 @@ -#ifndef CRYPTOPP_OIDS_H -#define CRYPTOPP_OIDS_H - -// crypto-related ASN.1 object identifiers - -#include "asn.h" - -NAMESPACE_BEGIN(CryptoPP) - -NAMESPACE_BEGIN(ASN1) - -#define DEFINE_OID(value, name) inline OID name() {return value;} - -DEFINE_OID(1, iso) - DEFINE_OID(iso()+2, member_body) - DEFINE_OID(member_body()+840, iso_us) - DEFINE_OID(iso_us()+10040, ansi_x9_57) - DEFINE_OID(ansi_x9_57()+4+1, id_dsa) - DEFINE_OID(iso_us()+10045, ansi_x9_62) - DEFINE_OID(ansi_x9_62()+1, id_fieldType) - DEFINE_OID(id_fieldType()+1, prime_field) - DEFINE_OID(id_fieldType()+2, characteristic_two_field) - DEFINE_OID(characteristic_two_field()+3, id_characteristic_two_basis) - DEFINE_OID(id_characteristic_two_basis()+1, gnBasis) - DEFINE_OID(id_characteristic_two_basis()+2, tpBasis) - DEFINE_OID(id_characteristic_two_basis()+3, ppBasis) - DEFINE_OID(ansi_x9_62()+2, id_publicKeyType) - DEFINE_OID(id_publicKeyType()+1, id_ecPublicKey) - DEFINE_OID(ansi_x9_62()+3, ansi_x9_62_curves) - DEFINE_OID(ansi_x9_62_curves()+1, ansi_x9_62_curves_prime) - DEFINE_OID(ansi_x9_62_curves_prime()+1, secp192r1) - DEFINE_OID(ansi_x9_62_curves_prime()+7, secp256r1) - DEFINE_OID(iso_us()+113549, rsadsi) - DEFINE_OID(rsadsi()+1, pkcs) - DEFINE_OID(pkcs()+1, pkcs_1) - DEFINE_OID(pkcs_1()+1, rsaEncryption); - DEFINE_OID(rsadsi()+2, rsadsi_digestAlgorithm) - DEFINE_OID(rsadsi_digestAlgorithm()+2, id_md2) - DEFINE_OID(rsadsi_digestAlgorithm()+5, id_md5) - DEFINE_OID(iso()+3, identified_organization); - DEFINE_OID(identified_organization()+14, oiw); - DEFINE_OID(oiw()+3, oiw_secsig); - DEFINE_OID(oiw_secsig()+2, oiw_secsig_algorithms); - DEFINE_OID(oiw_secsig_algorithms()+26, id_sha1); - - DEFINE_OID(identified_organization()+36, teletrust); - DEFINE_OID(teletrust()+3, teletrust_algorithm) - DEFINE_OID(teletrust_algorithm()+2+1, id_ripemd160) - DEFINE_OID(teletrust_algorithm()+3+2+8+1, teletrust_ellipticCurve) - DEFINE_OID(teletrust_ellipticCurve()+1+1, brainpoolP160r1) - DEFINE_OID(teletrust_ellipticCurve()+1+3, brainpoolP192r1) - DEFINE_OID(teletrust_ellipticCurve()+1+5, brainpoolP224r1) - DEFINE_OID(teletrust_ellipticCurve()+1+7, brainpoolP256r1) - DEFINE_OID(teletrust_ellipticCurve()+1+9, brainpoolP320r1) - DEFINE_OID(teletrust_ellipticCurve()+1+11, brainpoolP384r1) - DEFINE_OID(teletrust_ellipticCurve()+1+13, brainpoolP512r1) - - DEFINE_OID(identified_organization()+132, certicom); - DEFINE_OID(certicom()+0, certicom_ellipticCurve); - // these are sorted by curve type and then by OID - // first curves based on GF(p) - DEFINE_OID(certicom_ellipticCurve()+6, secp112r1); - DEFINE_OID(certicom_ellipticCurve()+7, secp112r2); - DEFINE_OID(certicom_ellipticCurve()+8, secp160r1); - DEFINE_OID(certicom_ellipticCurve()+9, secp160k1); - DEFINE_OID(certicom_ellipticCurve()+10, secp256k1); - DEFINE_OID(certicom_ellipticCurve()+28, secp128r1); - DEFINE_OID(certicom_ellipticCurve()+29, secp128r2); - DEFINE_OID(certicom_ellipticCurve()+30, secp160r2); - DEFINE_OID(certicom_ellipticCurve()+31, secp192k1); - DEFINE_OID(certicom_ellipticCurve()+32, secp224k1); - DEFINE_OID(certicom_ellipticCurve()+33, secp224r1); - DEFINE_OID(certicom_ellipticCurve()+34, secp384r1); - DEFINE_OID(certicom_ellipticCurve()+35, secp521r1); - // then curves based on GF(2^n) - DEFINE_OID(certicom_ellipticCurve()+1, sect163k1); - DEFINE_OID(certicom_ellipticCurve()+2, sect163r1); - DEFINE_OID(certicom_ellipticCurve()+3, sect239k1); - DEFINE_OID(certicom_ellipticCurve()+4, sect113r1); - DEFINE_OID(certicom_ellipticCurve()+5, sect113r2); - DEFINE_OID(certicom_ellipticCurve()+15, sect163r2); - DEFINE_OID(certicom_ellipticCurve()+16, sect283k1); - DEFINE_OID(certicom_ellipticCurve()+17, sect283r1); - DEFINE_OID(certicom_ellipticCurve()+22, sect131r1); - DEFINE_OID(certicom_ellipticCurve()+23, sect131r2); - DEFINE_OID(certicom_ellipticCurve()+24, sect193r1); - DEFINE_OID(certicom_ellipticCurve()+25, sect193r2); - DEFINE_OID(certicom_ellipticCurve()+26, sect233k1); - DEFINE_OID(certicom_ellipticCurve()+27, sect233r1); - DEFINE_OID(certicom_ellipticCurve()+36, sect409k1); - DEFINE_OID(certicom_ellipticCurve()+37, sect409r1); - DEFINE_OID(certicom_ellipticCurve()+38, sect571k1); - DEFINE_OID(certicom_ellipticCurve()+39, sect571r1); -DEFINE_OID(2, joint_iso_ccitt) - DEFINE_OID(joint_iso_ccitt()+16, country) - DEFINE_OID(country()+840, joint_iso_ccitt_us) - DEFINE_OID(joint_iso_ccitt_us()+1, us_organization) - DEFINE_OID(us_organization()+101, us_gov) - DEFINE_OID(us_gov()+3, csor) - DEFINE_OID(csor()+4, nistalgorithms) - DEFINE_OID(nistalgorithms()+1, aes) - DEFINE_OID(aes()+1, id_aes128_ECB) - DEFINE_OID(aes()+2, id_aes128_cbc) - DEFINE_OID(aes()+3, id_aes128_ofb) - DEFINE_OID(aes()+4, id_aes128_cfb) - DEFINE_OID(aes()+21, id_aes192_ECB) - DEFINE_OID(aes()+22, id_aes192_cbc) - DEFINE_OID(aes()+23, id_aes192_ofb) - DEFINE_OID(aes()+24, id_aes192_cfb) - DEFINE_OID(aes()+41, id_aes256_ECB) - DEFINE_OID(aes()+42, id_aes256_cbc) - DEFINE_OID(aes()+43, id_aes256_ofb) - DEFINE_OID(aes()+44, id_aes256_cfb) - DEFINE_OID(nistalgorithms()+2, nist_hashalgs) - DEFINE_OID(nist_hashalgs()+1, id_sha256) - DEFINE_OID(nist_hashalgs()+2, id_sha384) - DEFINE_OID(nist_hashalgs()+3, id_sha512) - -NAMESPACE_END - -NAMESPACE_END - -#endif diff --git a/cryptopp562/osrng.cpp b/cryptopp562/osrng.cpp deleted file mode 100644 index 76e486b..0000000 --- a/cryptopp562/osrng.cpp +++ /dev/null @@ -1,192 +0,0 @@ -// osrng.cpp - written and placed in the public domain by Wei Dai - -// Thanks to Leonard Janke for the suggestion for AutoSeededRandomPool. - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "osrng.h" - -#ifdef OS_RNG_AVAILABLE - -#include "rng.h" - -#ifdef CRYPTOPP_WIN32_AVAILABLE -#ifndef _WIN32_WINNT -#define _WIN32_WINNT 0x0400 -#endif -#include <windows.h> -#include <wincrypt.h> -#endif - -#ifdef CRYPTOPP_UNIX_AVAILABLE -#include <errno.h> -#include <fcntl.h> -#include <unistd.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#if defined(NONBLOCKING_RNG_AVAILABLE) || defined(BLOCKING_RNG_AVAILABLE) -OS_RNG_Err::OS_RNG_Err(const std::string &operation) - : Exception(OTHER_ERROR, "OS_Rng: " + operation + " operation failed with error " + -#ifdef CRYPTOPP_WIN32_AVAILABLE - "0x" + IntToString(GetLastError(), 16) -#else - IntToString(errno) -#endif - ) -{ -} -#endif - -#ifdef NONBLOCKING_RNG_AVAILABLE - -#ifdef CRYPTOPP_WIN32_AVAILABLE - -MicrosoftCryptoProvider::MicrosoftCryptoProvider() -{ - if(!CryptAcquireContext(&m_hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) - throw OS_RNG_Err("CryptAcquireContext"); -} - -MicrosoftCryptoProvider::~MicrosoftCryptoProvider() -{ - CryptReleaseContext(m_hProvider, 0); -} - -#endif - -NonblockingRng::NonblockingRng() -{ -#ifndef CRYPTOPP_WIN32_AVAILABLE - m_fd = open("/dev/urandom",O_RDONLY); - if (m_fd == -1) - throw OS_RNG_Err("open /dev/urandom"); -#endif -} - -NonblockingRng::~NonblockingRng() -{ -#ifndef CRYPTOPP_WIN32_AVAILABLE - close(m_fd); -#endif -} - -void NonblockingRng::GenerateBlock(byte *output, size_t size) -{ -#ifdef CRYPTOPP_WIN32_AVAILABLE -# ifdef WORKAROUND_MS_BUG_Q258000 - const MicrosoftCryptoProvider &m_Provider = Singleton<MicrosoftCryptoProvider>().Ref(); -# endif - if (!CryptGenRandom(m_Provider.GetProviderHandle(), (DWORD)size, output)) - throw OS_RNG_Err("CryptGenRandom"); -#else - while (size) - { - ssize_t len = read(m_fd, output, size); - - if (len < 0) - { - // /dev/urandom reads CAN give EAGAIN errors! (maybe EINTR as well) - if (errno != EINTR && errno != EAGAIN) - throw OS_RNG_Err("read /dev/urandom"); - - continue; - } - - output += len; - size -= len; - } -#endif -} - -#endif - -// ************************************************************* - -#ifdef BLOCKING_RNG_AVAILABLE - -#ifndef CRYPTOPP_BLOCKING_RNG_FILENAME -#ifdef __OpenBSD__ -#define CRYPTOPP_BLOCKING_RNG_FILENAME "/dev/srandom" -#else -#define CRYPTOPP_BLOCKING_RNG_FILENAME "/dev/random" -#endif -#endif - -BlockingRng::BlockingRng() -{ - m_fd = open(CRYPTOPP_BLOCKING_RNG_FILENAME,O_RDONLY); - if (m_fd == -1) - throw OS_RNG_Err("open " CRYPTOPP_BLOCKING_RNG_FILENAME); -} - -BlockingRng::~BlockingRng() -{ - close(m_fd); -} - -void BlockingRng::GenerateBlock(byte *output, size_t size) -{ - while (size) - { - // on some systems /dev/random will block until all bytes - // are available, on others it returns immediately - ssize_t len = read(m_fd, output, size); - if (len < 0) - { - // /dev/random reads CAN give EAGAIN errors! (maybe EINTR as well) - if (errno != EINTR && errno != EAGAIN) - throw OS_RNG_Err("read " CRYPTOPP_BLOCKING_RNG_FILENAME); - - continue; - } - - size -= len; - output += len; - if (size) - sleep(1); - } -} - -#endif - -// ************************************************************* - -void OS_GenerateRandomBlock(bool blocking, byte *output, size_t size) -{ -#ifdef NONBLOCKING_RNG_AVAILABLE - if (blocking) -#endif - { -#ifdef BLOCKING_RNG_AVAILABLE - BlockingRng rng; - rng.GenerateBlock(output, size); -#endif - } - -#ifdef BLOCKING_RNG_AVAILABLE - if (!blocking) -#endif - { -#ifdef NONBLOCKING_RNG_AVAILABLE - NonblockingRng rng; - rng.GenerateBlock(output, size); -#endif - } -} - -void AutoSeededRandomPool::Reseed(bool blocking, unsigned int seedSize) -{ - SecByteBlock seed(seedSize); - OS_GenerateRandomBlock(blocking, seed, seedSize); - IncorporateEntropy(seed, seedSize); -} - -NAMESPACE_END - -#endif - -#endif diff --git a/cryptopp562/osrng.h b/cryptopp562/osrng.h deleted file mode 100644 index ae07d05..0000000 --- a/cryptopp562/osrng.h +++ /dev/null @@ -1,156 +0,0 @@ -#ifndef CRYPTOPP_OSRNG_H -#define CRYPTOPP_OSRNG_H - -//! \file - -#include "config.h" - -#ifdef OS_RNG_AVAILABLE - -#include "randpool.h" -#include "rng.h" -#include "aes.h" -#include "sha.h" -#include "fips140.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Exception class for Operating-System Random Number Generator. -class CRYPTOPP_DLL OS_RNG_Err : public Exception -{ -public: - OS_RNG_Err(const std::string &operation); -}; - -#ifdef NONBLOCKING_RNG_AVAILABLE - -#ifdef CRYPTOPP_WIN32_AVAILABLE -class CRYPTOPP_DLL MicrosoftCryptoProvider -{ -public: - MicrosoftCryptoProvider(); - ~MicrosoftCryptoProvider(); -#if defined(_WIN64) - typedef unsigned __int64 ProviderHandle; // type HCRYPTPROV, avoid #include <windows.h> -#else - typedef unsigned long ProviderHandle; -#endif - ProviderHandle GetProviderHandle() const {return m_hProvider;} -private: - ProviderHandle m_hProvider; -}; - -#pragma comment(lib, "advapi32.lib") -#endif - -//! encapsulate CryptoAPI's CryptGenRandom or /dev/urandom -class CRYPTOPP_DLL NonblockingRng : public RandomNumberGenerator -{ -public: - NonblockingRng(); - ~NonblockingRng(); - void GenerateBlock(byte *output, size_t size); - -protected: -#ifdef CRYPTOPP_WIN32_AVAILABLE -# ifndef WORKAROUND_MS_BUG_Q258000 - MicrosoftCryptoProvider m_Provider; -# endif -#else - int m_fd; -#endif -}; - -#endif - -#ifdef BLOCKING_RNG_AVAILABLE - -//! encapsulate /dev/random, or /dev/srandom on OpenBSD -class CRYPTOPP_DLL BlockingRng : public RandomNumberGenerator -{ -public: - BlockingRng(); - ~BlockingRng(); - void GenerateBlock(byte *output, size_t size); - -protected: - int m_fd; -}; - -#endif - -CRYPTOPP_DLL void CRYPTOPP_API OS_GenerateRandomBlock(bool blocking, byte *output, size_t size); - -//! Automaticly Seeded Randomness Pool -/*! This class seeds itself using an operating system provided RNG. */ -class CRYPTOPP_DLL AutoSeededRandomPool : public RandomPool -{ -public: - //! use blocking to choose seeding with BlockingRng or NonblockingRng. the parameter is ignored if only one of these is available - explicit AutoSeededRandomPool(bool blocking = false, unsigned int seedSize = 32) - {Reseed(blocking, seedSize);} - void Reseed(bool blocking = false, unsigned int seedSize = 32); -}; - -//! RNG from ANSI X9.17 Appendix C, seeded using an OS provided RNG -template <class BLOCK_CIPHER> -class AutoSeededX917RNG : public RandomNumberGenerator, public NotCopyable -{ -public: - //! use blocking to choose seeding with BlockingRng or NonblockingRng. the parameter is ignored if only one of these is available - explicit AutoSeededX917RNG(bool blocking = false, bool autoSeed = true) - {if (autoSeed) Reseed(blocking);} - void Reseed(bool blocking = false, const byte *additionalEntropy = NULL, size_t length = 0); - // exposed for testing - void Reseed(const byte *key, size_t keylength, const byte *seed, const byte *timeVector); - - bool CanIncorporateEntropy() const {return true;} - void IncorporateEntropy(const byte *input, size_t length) {Reseed(false, input, length);} - void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length) {m_rng->GenerateIntoBufferedTransformation(target, channel, length);} - -private: - member_ptr<RandomNumberGenerator> m_rng; -}; - -template <class BLOCK_CIPHER> -void AutoSeededX917RNG<BLOCK_CIPHER>::Reseed(const byte *key, size_t keylength, const byte *seed, const byte *timeVector) -{ - m_rng.reset(new X917RNG(new typename BLOCK_CIPHER::Encryption(key, keylength), seed, timeVector)); -} - -template <class BLOCK_CIPHER> -void AutoSeededX917RNG<BLOCK_CIPHER>::Reseed(bool blocking, const byte *input, size_t length) -{ - SecByteBlock seed(BLOCK_CIPHER::BLOCKSIZE + BLOCK_CIPHER::DEFAULT_KEYLENGTH); - const byte *key; - do - { - OS_GenerateRandomBlock(blocking, seed, seed.size()); - if (length > 0) - { - SHA256 hash; - hash.Update(seed, seed.size()); - hash.Update(input, length); - hash.TruncatedFinal(seed, UnsignedMin(hash.DigestSize(), seed.size())); - } - key = seed + BLOCK_CIPHER::BLOCKSIZE; - } // check that seed and key don't have same value - while (memcmp(key, seed, STDMIN((unsigned int)BLOCK_CIPHER::BLOCKSIZE, (unsigned int)BLOCK_CIPHER::DEFAULT_KEYLENGTH)) == 0); - - Reseed(key, BLOCK_CIPHER::DEFAULT_KEYLENGTH, seed, NULL); -} - -CRYPTOPP_DLL_TEMPLATE_CLASS AutoSeededX917RNG<AES>; - -//! this is AutoSeededX917RNG\<AES\> in FIPS mode, otherwise it's AutoSeededRandomPool -#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 -typedef AutoSeededX917RNG<AES> DefaultAutoSeededRNG; -#else -typedef AutoSeededRandomPool DefaultAutoSeededRNG; -#endif - -NAMESPACE_END - -#endif - -#endif diff --git a/cryptopp562/panama.cpp b/cryptopp562/panama.cpp deleted file mode 100644 index 5fc4f94..0000000 --- a/cryptopp562/panama.cpp +++ /dev/null @@ -1,507 +0,0 @@ -// panama.cpp - written and placed in the public domain by Wei Dai - -// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM panama.cpp" to generate MASM code - -#include "pch.h" - -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#include "panama.h" -#include "misc.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -template <class B> -void Panama<B>::Reset() -{ - memset(m_state, 0, m_state.SizeInBytes()); -#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE - m_state[17] = HasSSSE3(); -#endif -} - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE -extern "C" { -void Panama_SSE2_Pull(size_t count, word32 *state, word32 *z, const word32 *y); -} -#elif CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - -#ifdef CRYPTOPP_GENERATE_X64_MASM - Panama_SSE2_Pull PROC FRAME - rex_push_reg rdi - alloc_stack(2*16) - save_xmm128 xmm6, 0h - save_xmm128 xmm7, 10h - .endprolog -#else -#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code -void CRYPTOPP_NOINLINE Panama_SSE2_Pull(size_t count, word32 *state, word32 *z, const word32 *y) -{ -#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY - asm __volatile__ - ( - ".intel_syntax noprefix;" - AS_PUSH_IF86( bx) -#else - AS2( mov AS_REG_1, count) - AS2( mov AS_REG_2, state) - AS2( mov AS_REG_3, z) - AS2( mov AS_REG_4, y) -#endif -#endif // #ifdef CRYPTOPP_GENERATE_X64_MASM - -#if CRYPTOPP_BOOL_X86 - #define REG_loopEnd [esp] -#elif defined(CRYPTOPP_GENERATE_X64_MASM) - #define REG_loopEnd rdi -#else - #define REG_loopEnd r8 -#endif - - AS2( shl AS_REG_1, 5) - ASJ( jz, 5, f) - AS2( mov AS_REG_6d, [AS_REG_2+4*17]) - AS2( add AS_REG_1, AS_REG_6) - - #if CRYPTOPP_BOOL_X64 - AS2( mov REG_loopEnd, AS_REG_1) - #else - AS1( push ebp) - AS1( push AS_REG_1) - #endif - - AS2( movdqa xmm0, XMMWORD_PTR [AS_REG_2+0*16]) - AS2( movdqa xmm1, XMMWORD_PTR [AS_REG_2+1*16]) - AS2( movdqa xmm2, XMMWORD_PTR [AS_REG_2+2*16]) - AS2( movdqa xmm3, XMMWORD_PTR [AS_REG_2+3*16]) - AS2( mov eax, dword ptr [AS_REG_2+4*16]) - - ASL(4) - // gamma and pi -#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE - AS2( test AS_REG_6, 1) - ASJ( jnz, 6, f) -#endif - AS2( movdqa xmm6, xmm2) - AS2( movss xmm6, xmm3) - ASS( pshufd xmm5, xmm6, 0, 3, 2, 1) - AS2( movd xmm6, eax) - AS2( movdqa xmm7, xmm3) - AS2( movss xmm7, xmm6) - ASS( pshufd xmm6, xmm7, 0, 3, 2, 1) -#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE - ASJ( jmp, 7, f) - ASL(6) - AS2( movdqa xmm5, xmm3) - AS3( palignr xmm5, xmm2, 4) - AS2( movd xmm6, eax) - AS3( palignr xmm6, xmm3, 4) - ASL(7) -#endif - - AS2( movd AS_REG_1d, xmm2) - AS1( not AS_REG_1d) - AS2( movd AS_REG_7d, xmm3) - AS2( or AS_REG_1d, AS_REG_7d) - AS2( xor eax, AS_REG_1d) - -#define SSE2_Index(i) ASM_MOD(((i)*13+16), 17) - -#define pi(i) \ - AS2( movd AS_REG_1d, xmm7)\ - AS2( rol AS_REG_1d, ASM_MOD((ASM_MOD(5*i,17)*(ASM_MOD(5*i,17)+1)/2), 32))\ - AS2( mov [AS_REG_2+SSE2_Index(ASM_MOD(5*(i), 17))*4], AS_REG_1d) - -#define pi4(x, y, z, a, b, c, d) \ - AS2( pcmpeqb xmm7, xmm7)\ - AS2( pxor xmm7, x)\ - AS2( por xmm7, y)\ - AS2( pxor xmm7, z)\ - pi(a)\ - ASS( pshuflw xmm7, xmm7, 1, 0, 3, 2)\ - pi(b)\ - AS2( punpckhqdq xmm7, xmm7)\ - pi(c)\ - ASS( pshuflw xmm7, xmm7, 1, 0, 3, 2)\ - pi(d) - - pi4(xmm1, xmm2, xmm3, 1, 5, 9, 13) - pi4(xmm0, xmm1, xmm2, 2, 6, 10, 14) - pi4(xmm6, xmm0, xmm1, 3, 7, 11, 15) - pi4(xmm5, xmm6, xmm0, 4, 8, 12, 16) - - // output keystream and update buffer here to hide partial memory stalls between pi and theta - AS2( movdqa xmm4, xmm3) - AS2( punpcklqdq xmm3, xmm2) // 1 5 2 6 - AS2( punpckhdq xmm4, xmm2) // 9 10 13 14 - AS2( movdqa xmm2, xmm1) - AS2( punpcklqdq xmm1, xmm0) // 3 7 4 8 - AS2( punpckhdq xmm2, xmm0) // 11 12 15 16 - - // keystream - AS2( test AS_REG_3, AS_REG_3) - ASJ( jz, 0, f) - AS2( movdqa xmm6, xmm4) - AS2( punpcklqdq xmm4, xmm2) - AS2( punpckhqdq xmm6, xmm2) - AS2( test AS_REG_4, 15) - ASJ( jnz, 2, f) - AS2( test AS_REG_4, AS_REG_4) - ASJ( jz, 1, f) - AS2( pxor xmm4, [AS_REG_4]) - AS2( pxor xmm6, [AS_REG_4+16]) - AS2( add AS_REG_4, 32) - ASJ( jmp, 1, f) - ASL(2) - AS2( movdqu xmm0, [AS_REG_4]) - AS2( movdqu xmm2, [AS_REG_4+16]) - AS2( pxor xmm4, xmm0) - AS2( pxor xmm6, xmm2) - AS2( add AS_REG_4, 32) - ASL(1) - AS2( test AS_REG_3, 15) - ASJ( jnz, 3, f) - AS2( movdqa XMMWORD_PTR [AS_REG_3], xmm4) - AS2( movdqa XMMWORD_PTR [AS_REG_3+16], xmm6) - AS2( add AS_REG_3, 32) - ASJ( jmp, 0, f) - ASL(3) - AS2( movdqu XMMWORD_PTR [AS_REG_3], xmm4) - AS2( movdqu XMMWORD_PTR [AS_REG_3+16], xmm6) - AS2( add AS_REG_3, 32) - ASL(0) - - // buffer update - AS2( lea AS_REG_1, [AS_REG_6 + 32]) - AS2( and AS_REG_1, 31*32) - AS2( lea AS_REG_7, [AS_REG_6 + (32-24)*32]) - AS2( and AS_REG_7, 31*32) - - AS2( movdqa xmm0, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_1+0*8]) - AS2( pxor xmm3, xmm0) - ASS( pshufd xmm0, xmm0, 2, 3, 0, 1) - AS2( movdqa XMMWORD_PTR [AS_REG_2+20*4+AS_REG_1+0*8], xmm3) - AS2( pxor xmm0, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_7+2*8]) - AS2( movdqa XMMWORD_PTR [AS_REG_2+20*4+AS_REG_7+2*8], xmm0) - - AS2( movdqa xmm4, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_1+2*8]) - AS2( pxor xmm1, xmm4) - AS2( movdqa XMMWORD_PTR [AS_REG_2+20*4+AS_REG_1+2*8], xmm1) - AS2( pxor xmm4, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_7+0*8]) - AS2( movdqa XMMWORD_PTR [AS_REG_2+20*4+AS_REG_7+0*8], xmm4) - - // theta - AS2( movdqa xmm3, XMMWORD_PTR [AS_REG_2+3*16]) - AS2( movdqa xmm2, XMMWORD_PTR [AS_REG_2+2*16]) - AS2( movdqa xmm1, XMMWORD_PTR [AS_REG_2+1*16]) - AS2( movdqa xmm0, XMMWORD_PTR [AS_REG_2+0*16]) - -#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE - AS2( test AS_REG_6, 1) - ASJ( jnz, 8, f) -#endif - AS2( movd xmm6, eax) - AS2( movdqa xmm7, xmm3) - AS2( movss xmm7, xmm6) - AS2( movdqa xmm6, xmm2) - AS2( movss xmm6, xmm3) - AS2( movdqa xmm5, xmm1) - AS2( movss xmm5, xmm2) - AS2( movdqa xmm4, xmm0) - AS2( movss xmm4, xmm1) - ASS( pshufd xmm7, xmm7, 0, 3, 2, 1) - ASS( pshufd xmm6, xmm6, 0, 3, 2, 1) - ASS( pshufd xmm5, xmm5, 0, 3, 2, 1) - ASS( pshufd xmm4, xmm4, 0, 3, 2, 1) -#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE - ASJ( jmp, 9, f) - ASL(8) - AS2( movd xmm7, eax) - AS3( palignr xmm7, xmm3, 4) - AS2( movq xmm6, xmm3) - AS3( palignr xmm6, xmm2, 4) - AS2( movq xmm5, xmm2) - AS3( palignr xmm5, xmm1, 4) - AS2( movq xmm4, xmm1) - AS3( palignr xmm4, xmm0, 4) - ASL(9) -#endif - - AS2( xor eax, 1) - AS2( movd AS_REG_1d, xmm0) - AS2( xor eax, AS_REG_1d) - AS2( movd AS_REG_1d, xmm3) - AS2( xor eax, AS_REG_1d) - - AS2( pxor xmm3, xmm2) - AS2( pxor xmm2, xmm1) - AS2( pxor xmm1, xmm0) - AS2( pxor xmm0, xmm7) - AS2( pxor xmm3, xmm7) - AS2( pxor xmm2, xmm6) - AS2( pxor xmm1, xmm5) - AS2( pxor xmm0, xmm4) - - // sigma - AS2( lea AS_REG_1, [AS_REG_6 + (32-4)*32]) - AS2( and AS_REG_1, 31*32) - AS2( lea AS_REG_7, [AS_REG_6 + 16*32]) - AS2( and AS_REG_7, 31*32) - - AS2( movdqa xmm4, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_1+0*16]) - AS2( movdqa xmm5, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_7+0*16]) - AS2( movdqa xmm6, xmm4) - AS2( punpcklqdq xmm4, xmm5) - AS2( punpckhqdq xmm6, xmm5) - AS2( pxor xmm3, xmm4) - AS2( pxor xmm2, xmm6) - - AS2( movdqa xmm4, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_1+1*16]) - AS2( movdqa xmm5, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_7+1*16]) - AS2( movdqa xmm6, xmm4) - AS2( punpcklqdq xmm4, xmm5) - AS2( punpckhqdq xmm6, xmm5) - AS2( pxor xmm1, xmm4) - AS2( pxor xmm0, xmm6) - - // loop - AS2( add AS_REG_6, 32) - AS2( cmp AS_REG_6, REG_loopEnd) - ASJ( jne, 4, b) - - // save state - AS2( mov [AS_REG_2+4*16], eax) - AS2( movdqa XMMWORD_PTR [AS_REG_2+3*16], xmm3) - AS2( movdqa XMMWORD_PTR [AS_REG_2+2*16], xmm2) - AS2( movdqa XMMWORD_PTR [AS_REG_2+1*16], xmm1) - AS2( movdqa XMMWORD_PTR [AS_REG_2+0*16], xmm0) - - #if CRYPTOPP_BOOL_X86 - AS2( add esp, 4) - AS1( pop ebp) - #endif - ASL(5) - -#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY - AS_POP_IF86( bx) - ".att_syntax prefix;" - : - #if CRYPTOPP_BOOL_X64 - : "D" (count), "S" (state), "d" (z), "c" (y) - : "%r8", "%r9", "r10", "%eax", "memory", "cc", "%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7" - #else - : "c" (count), "d" (state), "S" (z), "D" (y) - : "%eax", "memory", "cc" - #endif - ); -#endif -#ifdef CRYPTOPP_GENERATE_X64_MASM - movdqa xmm6, [rsp + 0h] - movdqa xmm7, [rsp + 10h] - add rsp, 2*16 - pop rdi - ret - Panama_SSE2_Pull ENDP -#else -} -#endif -#endif // #ifdef CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - -#ifndef CRYPTOPP_GENERATE_X64_MASM - -template <class B> -void Panama<B>::Iterate(size_t count, const word32 *p, byte *output, const byte *input, KeystreamOperation operation) -{ - word32 bstart = m_state[17]; - word32 *const aPtr = m_state; - word32 cPtr[17]; - -#define bPtr ((byte *)(aPtr+20)) - -// reorder the state for SSE2 -// a and c: 4 8 12 16 | 3 7 11 15 | 2 6 10 14 | 1 5 9 13 | 0 -// xmm0 xmm1 xmm2 xmm3 eax -#define a(i) aPtr[((i)*13+16) % 17] // 13 is inverse of 4 mod 17 -#define c(i) cPtr[((i)*13+16) % 17] -// b: 0 4 | 1 5 | 2 6 | 3 7 -#define b(i, j) b##i[(j)*2%8 + (j)/4] - -// buffer update -#define US(i) {word32 t=b(0,i); b(0,i)=ConditionalByteReverse(B::ToEnum(), p[i])^t; b(25,(i+6)%8)^=t;} -#define UL(i) {word32 t=b(0,i); b(0,i)=a(i+1)^t; b(25,(i+6)%8)^=t;} -// gamma and pi -#define GP(i) c(5*i%17) = rotlFixed(a(i) ^ (a((i+1)%17) | ~a((i+2)%17)), ((5*i%17)*((5*i%17)+1)/2)%32) -// theta and sigma -#define T(i,x) a(i) = c(i) ^ c((i+1)%17) ^ c((i+4)%17) ^ x -#define TS1S(i) T(i+1, ConditionalByteReverse(B::ToEnum(), p[i])) -#define TS1L(i) T(i+1, b(4,i)) -#define TS2(i) T(i+9, b(16,i)) - - while (count--) - { - if (output) - { -#define PANAMA_OUTPUT(x) \ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 0, a(0+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 1, a(1+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 2, a(2+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 3, a(3+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 4, a(4+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 5, a(5+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 6, a(6+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 7, a(7+9)); - - typedef word32 WordType; - CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(PANAMA_OUTPUT, 4*8); - } - - word32 *const b16 = (word32 *)(bPtr+((bstart+16*32) & 31*32)); - word32 *const b4 = (word32 *)(bPtr+((bstart+(32-4)*32) & 31*32)); - bstart += 32; - word32 *const b0 = (word32 *)(bPtr+((bstart) & 31*32)); - word32 *const b25 = (word32 *)(bPtr+((bstart+(32-25)*32) & 31*32)); - - if (p) - { - US(0); US(1); US(2); US(3); US(4); US(5); US(6); US(7); - } - else - { - UL(0); UL(1); UL(2); UL(3); UL(4); UL(5); UL(6); UL(7); - } - - GP(0); - GP(1); - GP(2); - GP(3); - GP(4); - GP(5); - GP(6); - GP(7); - GP(8); - GP(9); - GP(10); - GP(11); - GP(12); - GP(13); - GP(14); - GP(15); - GP(16); - - T(0,1); - - if (p) - { - TS1S(0); TS1S(1); TS1S(2); TS1S(3); TS1S(4); TS1S(5); TS1S(6); TS1S(7); - p += 8; - } - else - { - TS1L(0); TS1L(1); TS1L(2); TS1L(3); TS1L(4); TS1L(5); TS1L(6); TS1L(7); - } - - TS2(0); TS2(1); TS2(2); TS2(3); TS2(4); TS2(5); TS2(6); TS2(7); - } - m_state[17] = bstart; -} - -namespace Weak { -template <class B> -size_t PanamaHash<B>::HashMultipleBlocks(const word32 *input, size_t length) -{ - this->Iterate(length / this->BLOCKSIZE, input); - return length % this->BLOCKSIZE; -} - -template <class B> -void PanamaHash<B>::TruncatedFinal(byte *hash, size_t size) -{ - this->ThrowIfInvalidTruncatedSize(size); - - this->PadLastBlock(this->BLOCKSIZE, 0x01); - - HashEndianCorrectedBlock(this->m_data); - - this->Iterate(32); // pull - - FixedSizeSecBlock<word32, 8> buf; - this->Iterate(1, NULL, buf.BytePtr(), NULL); - - memcpy(hash, buf, size); - - this->Restart(); // reinit for next use -} -} - -template <class B> -void PanamaCipherPolicy<B>::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) -{ - assert(length==32); - memcpy(m_key, key, 32); -} - -template <class B> -void PanamaCipherPolicy<B>::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) -{ - assert(length==32); - this->Reset(); - this->Iterate(1, m_key); - if (iv && IsAligned<word32>(iv)) - this->Iterate(1, (const word32 *)iv); - else - { - FixedSizeSecBlock<word32, 8> buf; - if (iv) - memcpy(buf, iv, 32); - else - memset(buf, 0, 32); - this->Iterate(1, buf); - } - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - if (B::ToEnum() == LITTLE_ENDIAN_ORDER && HasSSE2() && !IsP4()) // SSE2 code is slower on P4 Prescott - Panama_SSE2_Pull(32, this->m_state, NULL, NULL); - else -#endif - this->Iterate(32); -} - -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 -template <class B> -unsigned int PanamaCipherPolicy<B>::GetAlignment() const -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - if (B::ToEnum() == LITTLE_ENDIAN_ORDER && HasSSE2()) - return 16; - else -#endif - return 1; -} -#endif - -template <class B> -void PanamaCipherPolicy<B>::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - if (B::ToEnum() == LITTLE_ENDIAN_ORDER && HasSSE2()) - Panama_SSE2_Pull(iterationCount, this->m_state, (word32 *)output, (const word32 *)input); - else -#endif - this->Iterate(iterationCount, NULL, output, input, operation); -} - -template class Panama<BigEndian>; -template class Panama<LittleEndian>; - -template class Weak::PanamaHash<BigEndian>; -template class Weak::PanamaHash<LittleEndian>; - -template class PanamaCipherPolicy<BigEndian>; -template class PanamaCipherPolicy<LittleEndian>; - -NAMESPACE_END - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM diff --git a/cryptopp562/panama.h b/cryptopp562/panama.h deleted file mode 100644 index 5888f24..0000000 --- a/cryptopp562/panama.h +++ /dev/null @@ -1,144 +0,0 @@ -#ifndef CRYPTOPP_PANAMA_H -#define CRYPTOPP_PANAMA_H - -#include "strciphr.h" -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// base class, do not use directly -template <class B> -class CRYPTOPP_NO_VTABLE Panama -{ -public: - void Reset(); - void Iterate(size_t count, const word32 *p=NULL, byte *output=NULL, const byte *input=NULL, KeystreamOperation operation=WRITE_KEYSTREAM); - -protected: - typedef word32 Stage[8]; - CRYPTOPP_CONSTANT(STAGES = 32) - - FixedSizeAlignedSecBlock<word32, 20 + 8*32> m_state; -}; - -namespace Weak { -/// <a href="http://www.weidai.com/scan-mirror/md.html#Panama">Panama Hash</a> -template <class B = LittleEndian> -class PanamaHash : protected Panama<B>, public AlgorithmImpl<IteratedHash<word32, NativeByteOrder, 32>, PanamaHash<B> > -{ -public: - CRYPTOPP_CONSTANT(DIGESTSIZE = 32) - PanamaHash() {Panama<B>::Reset();} - unsigned int DigestSize() const {return DIGESTSIZE;} - void TruncatedFinal(byte *hash, size_t size); - static const char * StaticAlgorithmName() {return B::ToEnum() == BIG_ENDIAN_ORDER ? "Panama-BE" : "Panama-LE";} - -protected: - void Init() {Panama<B>::Reset();} - void HashEndianCorrectedBlock(const word32 *data) {this->Iterate(1, data);} // push - size_t HashMultipleBlocks(const word32 *input, size_t length); - word32* StateBuf() {return NULL;} -}; -} - -//! MAC construction using a hermetic hash function -template <class T_Hash, class T_Info = T_Hash> -class HermeticHashFunctionMAC : public AlgorithmImpl<SimpleKeyingInterfaceImpl<TwoBases<MessageAuthenticationCode, VariableKeyLength<32, 0, INT_MAX> > >, T_Info> -{ -public: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) - { - m_key.Assign(key, length); - Restart(); - } - - void Restart() - { - m_hash.Restart(); - m_keyed = false; - } - - void Update(const byte *input, size_t length) - { - if (!m_keyed) - KeyHash(); - m_hash.Update(input, length); - } - - void TruncatedFinal(byte *digest, size_t digestSize) - { - if (!m_keyed) - KeyHash(); - m_hash.TruncatedFinal(digest, digestSize); - m_keyed = false; - } - - unsigned int DigestSize() const - {return m_hash.DigestSize();} - unsigned int BlockSize() const - {return m_hash.BlockSize();} - unsigned int OptimalBlockSize() const - {return m_hash.OptimalBlockSize();} - unsigned int OptimalDataAlignment() const - {return m_hash.OptimalDataAlignment();} - -protected: - void KeyHash() - { - m_hash.Update(m_key, m_key.size()); - m_keyed = true; - } - - T_Hash m_hash; - bool m_keyed; - SecByteBlock m_key; -}; - -namespace Weak { -/// Panama MAC -template <class B = LittleEndian> -class PanamaMAC : public HermeticHashFunctionMAC<PanamaHash<B> > -{ -public: - PanamaMAC() {} - PanamaMAC(const byte *key, unsigned int length) - {this->SetKey(key, length);} -}; -} - -//! algorithm info -template <class B> -struct PanamaCipherInfo : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 32> -{ - static const char * StaticAlgorithmName() {return B::ToEnum() == BIG_ENDIAN_ORDER ? "Panama-BE" : "Panama-LE";} -}; - -//! _ -template <class B> -class PanamaCipherPolicy : public AdditiveCipherConcretePolicy<word32, 8>, - public PanamaCipherInfo<B>, - protected Panama<B> -{ -protected: - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - bool CipherIsRandomAccess() const {return false;} - void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 - unsigned int GetAlignment() const; -#endif - - FixedSizeSecBlock<word32, 8> m_key; -}; - -//! <a href="http://www.cryptolounge.org/wiki/PANAMA">Panama Stream Cipher</a> -template <class B = LittleEndian> -struct PanamaCipher : public PanamaCipherInfo<B>, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal<ConcretePolicyHolder<PanamaCipherPolicy<B>, AdditiveCipherTemplate<> >, PanamaCipherInfo<B> > Encryption; - typedef Encryption Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/pch.cpp b/cryptopp562/pch.cpp deleted file mode 100644 index 1d9f38c..0000000 --- a/cryptopp562/pch.cpp +++ /dev/null @@ -1 +0,0 @@ -#include "pch.h" diff --git a/cryptopp562/pch.h b/cryptopp562/pch.h deleted file mode 100644 index 418c390..0000000 --- a/cryptopp562/pch.h +++ /dev/null @@ -1,21 +0,0 @@ -#ifndef CRYPTOPP_PCH_H -#define CRYPTOPP_PCH_H - -#ifdef CRYPTOPP_GENERATE_X64_MASM - - #include "cpu.h" - -#else - - #include "config.h" - - #ifdef USE_PRECOMPILED_HEADERS - #include "simple.h" - #include "secblock.h" - #include "misc.h" - #include "smartptr.h" - #endif - -#endif - -#endif diff --git a/cryptopp562/pkcspad.cpp b/cryptopp562/pkcspad.cpp deleted file mode 100644 index e1f1d1e..0000000 --- a/cryptopp562/pkcspad.cpp +++ /dev/null @@ -1,124 +0,0 @@ -// pkcspad.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_PKCSPAD_CPP // SunCC workaround: compiler could cause this file to be included twice -#define CRYPTOPP_PKCSPAD_CPP - -#include "pkcspad.h" -#include <assert.h> - -NAMESPACE_BEGIN(CryptoPP) - -// more in dll.cpp -template<> const byte PKCS_DigestDecoration<Weak1::MD2>::decoration[] = {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,0x04,0x10}; -template<> const unsigned int PKCS_DigestDecoration<Weak1::MD2>::length = sizeof(PKCS_DigestDecoration<Weak1::MD2>::decoration); - -template<> const byte PKCS_DigestDecoration<Weak1::MD5>::decoration[] = {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x04,0x10}; -template<> const unsigned int PKCS_DigestDecoration<Weak1::MD5>::length = sizeof(PKCS_DigestDecoration<Weak1::MD5>::decoration); - -template<> const byte PKCS_DigestDecoration<RIPEMD160>::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x24,0x03,0x02,0x01,0x05,0x00,0x04,0x14}; -template<> const unsigned int PKCS_DigestDecoration<RIPEMD160>::length = sizeof(PKCS_DigestDecoration<RIPEMD160>::decoration); - -template<> const byte PKCS_DigestDecoration<Tiger>::decoration[] = {0x30,0x29,0x30,0x0D,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0C,0x02,0x05,0x00,0x04,0x18}; -template<> const unsigned int PKCS_DigestDecoration<Tiger>::length = sizeof(PKCS_DigestDecoration<Tiger>::decoration); - -size_t PKCS_EncryptionPaddingScheme::MaxUnpaddedLength(size_t paddedLength) const -{ - return SaturatingSubtract(paddedLength/8, 10U); -} - -void PKCS_EncryptionPaddingScheme::Pad(RandomNumberGenerator &rng, const byte *input, size_t inputLen, byte *pkcsBlock, size_t pkcsBlockLen, const NameValuePairs ¶meters) const -{ - assert (inputLen <= MaxUnpaddedLength(pkcsBlockLen)); // this should be checked by caller - - // convert from bit length to byte length - if (pkcsBlockLen % 8 != 0) - { - pkcsBlock[0] = 0; - pkcsBlock++; - } - pkcsBlockLen /= 8; - - pkcsBlock[0] = 2; // block type 2 - - // pad with non-zero random bytes - for (unsigned i = 1; i < pkcsBlockLen-inputLen-1; i++) - pkcsBlock[i] = (byte)rng.GenerateWord32(1, 0xff); - - pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator - memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); -} - -DecodingResult PKCS_EncryptionPaddingScheme::Unpad(const byte *pkcsBlock, size_t pkcsBlockLen, byte *output, const NameValuePairs ¶meters) const -{ - bool invalid = false; - size_t maxOutputLen = MaxUnpaddedLength(pkcsBlockLen); - - // convert from bit length to byte length - if (pkcsBlockLen % 8 != 0) - { - invalid = (pkcsBlock[0] != 0) || invalid; - pkcsBlock++; - } - pkcsBlockLen /= 8; - - // Require block type 2. - invalid = (pkcsBlock[0] != 2) || invalid; - - // skip past the padding until we find the separator - size_t i=1; - while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body - } - assert(i==pkcsBlockLen || pkcsBlock[i-1]==0); - - size_t outputLen = pkcsBlockLen - i; - invalid = (outputLen > maxOutputLen) || invalid; - - if (invalid) - return DecodingResult(); - - memcpy (output, pkcsBlock+i, outputLen); - return DecodingResult(outputLen); -} - -// ******************************************************** - -#ifndef CRYPTOPP_IMPORTS - -void PKCS1v15_SignatureMessageEncodingMethod::ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize())); - - size_t pkcsBlockLen = representativeBitLength; - // convert from bit length to byte length - if (pkcsBlockLen % 8 != 0) - { - representative[0] = 0; - representative++; - } - pkcsBlockLen /= 8; - - representative[0] = 1; // block type 1 - - unsigned int digestSize = hash.DigestSize(); - byte *pPadding = representative + 1; - byte *pDigest = representative + pkcsBlockLen - digestSize; - byte *pHashId = pDigest - hashIdentifier.second; - byte *pSeparator = pHashId - 1; - - // pad with 0xff - memset(pPadding, 0xff, pSeparator-pPadding); - *pSeparator = 0; - memcpy(pHashId, hashIdentifier.first, hashIdentifier.second); - hash.Final(pDigest); -} - -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/pkcspad.h b/cryptopp562/pkcspad.h deleted file mode 100644 index 6371c76..0000000 --- a/cryptopp562/pkcspad.h +++ /dev/null @@ -1,94 +0,0 @@ -#ifndef CRYPTOPP_PKCSPAD_H -#define CRYPTOPP_PKCSPAD_H - -#include "cryptlib.h" -#include "pubkey.h" - -#ifdef CRYPTOPP_IS_DLL -#include "sha.h" -#endif - -NAMESPACE_BEGIN(CryptoPP) - -//! <a href="http://www.weidai.com/scan-mirror/ca.html#cem_PKCS1-1.5">EME-PKCS1-v1_5</a> -class PKCS_EncryptionPaddingScheme : public PK_EncryptionMessageEncodingMethod -{ -public: - static const char * StaticAlgorithmName() {return "EME-PKCS1-v1_5";} - - size_t MaxUnpaddedLength(size_t paddedLength) const; - void Pad(RandomNumberGenerator &rng, const byte *raw, size_t inputLength, byte *padded, size_t paddedLength, const NameValuePairs ¶meters) const; - DecodingResult Unpad(const byte *padded, size_t paddedLength, byte *raw, const NameValuePairs ¶meters) const; -}; - -template <class H> class PKCS_DigestDecoration -{ -public: - static const byte decoration[]; - static const unsigned int length; -}; - -// PKCS_DigestDecoration can be instantiated with the following -// classes as specified in PKCS#1 v2.0 and P1363a -class SHA1; -class RIPEMD160; -class Tiger; -class SHA224; -class SHA256; -class SHA384; -class SHA512; -namespace Weak1 { -class MD2; -class MD5; -} -// end of list - -#ifdef CRYPTOPP_IS_DLL -CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration<SHA1>; -CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration<SHA224>; -CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration<SHA256>; -CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration<SHA384>; -CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration<SHA512>; -#endif - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PKCS1-1.5">EMSA-PKCS1-v1_5</a> -class CRYPTOPP_DLL PKCS1v15_SignatureMessageEncodingMethod : public PK_DeterministicSignatureMessageEncodingMethod -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "EMSA-PKCS1-v1_5";} - - size_t MinRepresentativeBitLength(size_t hashIdentifierSize, size_t digestSize) const - {return 8 * (digestSize + hashIdentifierSize + 10);} - - void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; - - struct HashIdentifierLookup - { - template <class H> struct HashIdentifierLookup2 - { - static HashIdentifier Lookup() - { - return HashIdentifier(PKCS_DigestDecoration<H>::decoration, PKCS_DigestDecoration<H>::length); - } - }; - }; -}; - -//! PKCS #1 version 1.5, for use with RSAES and RSASS -/*! Only the following hash functions are supported by this signature standard: - \dontinclude pkcspad.h - \skip can be instantiated - \until end of list -*/ -struct PKCS1v15 : public SignatureStandard, public EncryptionStandard -{ - typedef PKCS_EncryptionPaddingScheme EncryptionMessageEncodingMethod; - typedef PKCS1v15_SignatureMessageEncodingMethod SignatureMessageEncodingMethod; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/polynomi.cpp b/cryptopp562/polynomi.cpp deleted file mode 100644 index 734cae9..0000000 --- a/cryptopp562/polynomi.cpp +++ /dev/null @@ -1,577 +0,0 @@ -// polynomi.cpp - written and placed in the public domain by Wei Dai - -// Part of the code for polynomial evaluation and interpolation -// originally came from Hal Finney's public domain secsplit.c. - -#include "pch.h" -#include "polynomi.h" -#include "secblock.h" - -#include <sstream> -#include <iostream> - -NAMESPACE_BEGIN(CryptoPP) - -template <class T> -void PolynomialOver<T>::Randomize(RandomNumberGenerator &rng, const RandomizationParameter ¶meter, const Ring &ring) -{ - m_coefficients.resize(parameter.m_coefficientCount); - for (unsigned int i=0; i<m_coefficients.size(); ++i) - m_coefficients[i] = ring.RandomElement(rng, parameter.m_coefficientParameter); -} - -template <class T> -void PolynomialOver<T>::FromStr(const char *str, const Ring &ring) -{ - std::istringstream in((char *)str); - bool positive = true; - CoefficientType coef; - unsigned int power; - - while (in) - { - std::ws(in); - if (in.peek() == 'x') - coef = ring.MultiplicativeIdentity(); - else - in >> coef; - - std::ws(in); - if (in.peek() == 'x') - { - in.get(); - std::ws(in); - if (in.peek() == '^') - { - in.get(); - in >> power; - } - else - power = 1; - } - else - power = 0; - - if (!positive) - coef = ring.Inverse(coef); - - SetCoefficient(power, coef, ring); - - std::ws(in); - switch (in.get()) - { - case '+': - positive = true; - break; - case '-': - positive = false; - break; - default: - return; // something's wrong with the input string - } - } -} - -template <class T> -unsigned int PolynomialOver<T>::CoefficientCount(const Ring &ring) const -{ - unsigned count = m_coefficients.size(); - while (count && ring.Equal(m_coefficients[count-1], ring.Identity())) - count--; - const_cast<std::vector<CoefficientType> &>(m_coefficients).resize(count); - return count; -} - -template <class T> -typename PolynomialOver<T>::CoefficientType PolynomialOver<T>::GetCoefficient(unsigned int i, const Ring &ring) const -{ - return (i < m_coefficients.size()) ? m_coefficients[i] : ring.Identity(); -} - -template <class T> -PolynomialOver<T>& PolynomialOver<T>::operator=(const PolynomialOver<T>& t) -{ - if (this != &t) - { - m_coefficients.resize(t.m_coefficients.size()); - for (unsigned int i=0; i<m_coefficients.size(); i++) - m_coefficients[i] = t.m_coefficients[i]; - } - return *this; -} - -template <class T> -PolynomialOver<T>& PolynomialOver<T>::Accumulate(const PolynomialOver<T>& t, const Ring &ring) -{ - unsigned int count = t.CoefficientCount(ring); - - if (count > CoefficientCount(ring)) - m_coefficients.resize(count, ring.Identity()); - - for (unsigned int i=0; i<count; i++) - ring.Accumulate(m_coefficients[i], t.GetCoefficient(i, ring)); - - return *this; -} - -template <class T> -PolynomialOver<T>& PolynomialOver<T>::Reduce(const PolynomialOver<T>& t, const Ring &ring) -{ - unsigned int count = t.CoefficientCount(ring); - - if (count > CoefficientCount(ring)) - m_coefficients.resize(count, ring.Identity()); - - for (unsigned int i=0; i<count; i++) - ring.Reduce(m_coefficients[i], t.GetCoefficient(i, ring)); - - return *this; -} - -template <class T> -typename PolynomialOver<T>::CoefficientType PolynomialOver<T>::EvaluateAt(const CoefficientType &x, const Ring &ring) const -{ - int degree = Degree(ring); - - if (degree < 0) - return ring.Identity(); - - CoefficientType result = m_coefficients[degree]; - for (int j=degree-1; j>=0; j--) - { - result = ring.Multiply(result, x); - ring.Accumulate(result, m_coefficients[j]); - } - return result; -} - -template <class T> -PolynomialOver<T>& PolynomialOver<T>::ShiftLeft(unsigned int n, const Ring &ring) -{ - unsigned int i = CoefficientCount(ring) + n; - m_coefficients.resize(i, ring.Identity()); - while (i > n) - { - i--; - m_coefficients[i] = m_coefficients[i-n]; - } - while (i) - { - i--; - m_coefficients[i] = ring.Identity(); - } - return *this; -} - -template <class T> -PolynomialOver<T>& PolynomialOver<T>::ShiftRight(unsigned int n, const Ring &ring) -{ - unsigned int count = CoefficientCount(ring); - if (count > n) - { - for (unsigned int i=0; i<count-n; i++) - m_coefficients[i] = m_coefficients[i+n]; - m_coefficients.resize(count-n, ring.Identity()); - } - else - m_coefficients.resize(0, ring.Identity()); - return *this; -} - -template <class T> -void PolynomialOver<T>::SetCoefficient(unsigned int i, const CoefficientType &value, const Ring &ring) -{ - if (i >= m_coefficients.size()) - m_coefficients.resize(i+1, ring.Identity()); - m_coefficients[i] = value; -} - -template <class T> -void PolynomialOver<T>::Negate(const Ring &ring) -{ - unsigned int count = CoefficientCount(ring); - for (unsigned int i=0; i<count; i++) - m_coefficients[i] = ring.Inverse(m_coefficients[i]); -} - -template <class T> -void PolynomialOver<T>::swap(PolynomialOver<T> &t) -{ - m_coefficients.swap(t.m_coefficients); -} - -template <class T> -bool PolynomialOver<T>::Equals(const PolynomialOver<T>& t, const Ring &ring) const -{ - unsigned int count = CoefficientCount(ring); - - if (count != t.CoefficientCount(ring)) - return false; - - for (unsigned int i=0; i<count; i++) - if (!ring.Equal(m_coefficients[i], t.m_coefficients[i])) - return false; - - return true; -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::Plus(const PolynomialOver<T>& t, const Ring &ring) const -{ - unsigned int i; - unsigned int count = CoefficientCount(ring); - unsigned int tCount = t.CoefficientCount(ring); - - if (count > tCount) - { - PolynomialOver<T> result(ring, count); - - for (i=0; i<tCount; i++) - result.m_coefficients[i] = ring.Add(m_coefficients[i], t.m_coefficients[i]); - for (; i<count; i++) - result.m_coefficients[i] = m_coefficients[i]; - - return result; - } - else - { - PolynomialOver<T> result(ring, tCount); - - for (i=0; i<count; i++) - result.m_coefficients[i] = ring.Add(m_coefficients[i], t.m_coefficients[i]); - for (; i<tCount; i++) - result.m_coefficients[i] = t.m_coefficients[i]; - - return result; - } -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::Minus(const PolynomialOver<T>& t, const Ring &ring) const -{ - unsigned int i; - unsigned int count = CoefficientCount(ring); - unsigned int tCount = t.CoefficientCount(ring); - - if (count > tCount) - { - PolynomialOver<T> result(ring, count); - - for (i=0; i<tCount; i++) - result.m_coefficients[i] = ring.Subtract(m_coefficients[i], t.m_coefficients[i]); - for (; i<count; i++) - result.m_coefficients[i] = m_coefficients[i]; - - return result; - } - else - { - PolynomialOver<T> result(ring, tCount); - - for (i=0; i<count; i++) - result.m_coefficients[i] = ring.Subtract(m_coefficients[i], t.m_coefficients[i]); - for (; i<tCount; i++) - result.m_coefficients[i] = ring.Inverse(t.m_coefficients[i]); - - return result; - } -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::Inverse(const Ring &ring) const -{ - unsigned int count = CoefficientCount(ring); - PolynomialOver<T> result(ring, count); - - for (unsigned int i=0; i<count; i++) - result.m_coefficients[i] = ring.Inverse(m_coefficients[i]); - - return result; -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::Times(const PolynomialOver<T>& t, const Ring &ring) const -{ - if (IsZero(ring) || t.IsZero(ring)) - return PolynomialOver<T>(); - - unsigned int count1 = CoefficientCount(ring), count2 = t.CoefficientCount(ring); - PolynomialOver<T> result(ring, count1 + count2 - 1); - - for (unsigned int i=0; i<count1; i++) - for (unsigned int j=0; j<count2; j++) - ring.Accumulate(result.m_coefficients[i+j], ring.Multiply(m_coefficients[i], t.m_coefficients[j])); - - return result; -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::DividedBy(const PolynomialOver<T>& t, const Ring &ring) const -{ - PolynomialOver<T> remainder, quotient; - Divide(remainder, quotient, *this, t, ring); - return quotient; -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::Modulo(const PolynomialOver<T>& t, const Ring &ring) const -{ - PolynomialOver<T> remainder, quotient; - Divide(remainder, quotient, *this, t, ring); - return remainder; -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::MultiplicativeInverse(const Ring &ring) const -{ - return Degree(ring)==0 ? ring.MultiplicativeInverse(m_coefficients[0]) : ring.Identity(); -} - -template <class T> -bool PolynomialOver<T>::IsUnit(const Ring &ring) const -{ - return Degree(ring)==0 && ring.IsUnit(m_coefficients[0]); -} - -template <class T> -std::istream& PolynomialOver<T>::Input(std::istream &in, const Ring &ring) -{ - char c; - unsigned int length = 0; - SecBlock<char> str(length + 16); - bool paren = false; - - std::ws(in); - - if (in.peek() == '(') - { - paren = true; - in.get(); - } - - do - { - in.read(&c, 1); - str[length++] = c; - if (length >= str.size()) - str.Grow(length + 16); - } - // if we started with a left paren, then read until we find a right paren, - // otherwise read until the end of the line - while (in && ((paren && c != ')') || (!paren && c != '\n'))); - - str[length-1] = '\0'; - *this = PolynomialOver<T>(str, ring); - - return in; -} - -template <class T> -std::ostream& PolynomialOver<T>::Output(std::ostream &out, const Ring &ring) const -{ - unsigned int i = CoefficientCount(ring); - if (i) - { - bool firstTerm = true; - - while (i--) - { - if (m_coefficients[i] != ring.Identity()) - { - if (firstTerm) - { - firstTerm = false; - if (!i || !ring.Equal(m_coefficients[i], ring.MultiplicativeIdentity())) - out << m_coefficients[i]; - } - else - { - CoefficientType inverse = ring.Inverse(m_coefficients[i]); - std::ostringstream pstr, nstr; - - pstr << m_coefficients[i]; - nstr << inverse; - - if (pstr.str().size() <= nstr.str().size()) - { - out << " + "; - if (!i || !ring.Equal(m_coefficients[i], ring.MultiplicativeIdentity())) - out << m_coefficients[i]; - } - else - { - out << " - "; - if (!i || !ring.Equal(inverse, ring.MultiplicativeIdentity())) - out << inverse; - } - } - - switch (i) - { - case 0: - break; - case 1: - out << "x"; - break; - default: - out << "x^" << i; - } - } - } - } - else - { - out << ring.Identity(); - } - return out; -} - -template <class T> -void PolynomialOver<T>::Divide(PolynomialOver<T> &r, PolynomialOver<T> &q, const PolynomialOver<T> &a, const PolynomialOver<T> &d, const Ring &ring) -{ - unsigned int i = a.CoefficientCount(ring); - const int dDegree = d.Degree(ring); - - if (dDegree < 0) - throw DivideByZero(); - - r = a; - q.m_coefficients.resize(STDMAX(0, int(i - dDegree))); - - while (i > (unsigned int)dDegree) - { - --i; - q.m_coefficients[i-dDegree] = ring.Divide(r.m_coefficients[i], d.m_coefficients[dDegree]); - for (int j=0; j<=dDegree; j++) - ring.Reduce(r.m_coefficients[i-dDegree+j], ring.Multiply(q.m_coefficients[i-dDegree], d.m_coefficients[j])); - } - - r.CoefficientCount(ring); // resize r.m_coefficients -} - -// ******************************************************** - -// helper function for Interpolate() and InterpolateAt() -template <class T> -void RingOfPolynomialsOver<T>::CalculateAlpha(std::vector<CoefficientType> &alpha, const CoefficientType x[], const CoefficientType y[], unsigned int n) const -{ - for (unsigned int j=0; j<n; ++j) - alpha[j] = y[j]; - - for (unsigned int k=1; k<n; ++k) - { - for (unsigned int j=n-1; j>=k; --j) - { - m_ring.Reduce(alpha[j], alpha[j-1]); - - CoefficientType d = m_ring.Subtract(x[j], x[j-k]); - if (!m_ring.IsUnit(d)) - throw InterpolationFailed(); - alpha[j] = m_ring.Divide(alpha[j], d); - } - } -} - -template <class T> -typename RingOfPolynomialsOver<T>::Element RingOfPolynomialsOver<T>::Interpolate(const CoefficientType x[], const CoefficientType y[], unsigned int n) const -{ - assert(n > 0); - - std::vector<CoefficientType> alpha(n); - CalculateAlpha(alpha, x, y, n); - - std::vector<CoefficientType> coefficients((size_t)n, m_ring.Identity()); - coefficients[0] = alpha[n-1]; - - for (int j=n-2; j>=0; --j) - { - for (unsigned int i=n-j-1; i>0; i--) - coefficients[i] = m_ring.Subtract(coefficients[i-1], m_ring.Multiply(coefficients[i], x[j])); - - coefficients[0] = m_ring.Subtract(alpha[j], m_ring.Multiply(coefficients[0], x[j])); - } - - return PolynomialOver<T>(coefficients.begin(), coefficients.end()); -} - -template <class T> -typename RingOfPolynomialsOver<T>::CoefficientType RingOfPolynomialsOver<T>::InterpolateAt(const CoefficientType &position, const CoefficientType x[], const CoefficientType y[], unsigned int n) const -{ - assert(n > 0); - - std::vector<CoefficientType> alpha(n); - CalculateAlpha(alpha, x, y, n); - - CoefficientType result = alpha[n-1]; - for (int j=n-2; j>=0; --j) - { - result = m_ring.Multiply(result, m_ring.Subtract(position, x[j])); - m_ring.Accumulate(result, alpha[j]); - } - return result; -} - -template <class Ring, class Element> -void PrepareBulkPolynomialInterpolation(const Ring &ring, Element *w, const Element x[], unsigned int n) -{ - for (unsigned int i=0; i<n; i++) - { - Element t = ring.MultiplicativeIdentity(); - for (unsigned int j=0; j<n; j++) - if (i != j) - t = ring.Multiply(t, ring.Subtract(x[i], x[j])); - w[i] = ring.MultiplicativeInverse(t); - } -} - -template <class Ring, class Element> -void PrepareBulkPolynomialInterpolationAt(const Ring &ring, Element *v, const Element &position, const Element x[], const Element w[], unsigned int n) -{ - assert(n > 0); - - std::vector<Element> a(2*n-1); - unsigned int i; - - for (i=0; i<n; i++) - a[n-1+i] = ring.Subtract(position, x[i]); - - for (i=n-1; i>1; i--) - a[i-1] = ring.Multiply(a[2*i], a[2*i-1]); - - a[0] = ring.MultiplicativeIdentity(); - - for (i=0; i<n-1; i++) - { - std::swap(a[2*i+1], a[2*i+2]); - a[2*i+1] = ring.Multiply(a[i], a[2*i+1]); - a[2*i+2] = ring.Multiply(a[i], a[2*i+2]); - } - - for (i=0; i<n; i++) - v[i] = ring.Multiply(a[n-1+i], w[i]); -} - -template <class Ring, class Element> -Element BulkPolynomialInterpolateAt(const Ring &ring, const Element y[], const Element v[], unsigned int n) -{ - Element result = ring.Identity(); - for (unsigned int i=0; i<n; i++) - ring.Accumulate(result, ring.Multiply(y[i], v[i])); - return result; -} - -// ******************************************************** - -template <class T, int instance> -const PolynomialOverFixedRing<T, instance> &PolynomialOverFixedRing<T, instance>::Zero() -{ - return Singleton<ThisType>().Ref(); -} - -template <class T, int instance> -const PolynomialOverFixedRing<T, instance> &PolynomialOverFixedRing<T, instance>::One() -{ - return Singleton<ThisType, NewOnePolynomial>().Ref(); -} - -NAMESPACE_END diff --git a/cryptopp562/polynomi.h b/cryptopp562/polynomi.h deleted file mode 100644 index cddadae..0000000 --- a/cryptopp562/polynomi.h +++ /dev/null @@ -1,459 +0,0 @@ -#ifndef CRYPTOPP_POLYNOMI_H -#define CRYPTOPP_POLYNOMI_H - -/*! \file */ - -#include "cryptlib.h" -#include "misc.h" -#include "algebra.h" - -#include <iosfwd> -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -//! represents single-variable polynomials over arbitrary rings -/*! \nosubgrouping */ -template <class T> class PolynomialOver -{ -public: - //! \name ENUMS, EXCEPTIONS, and TYPEDEFS - //@{ - //! division by zero exception - class DivideByZero : public Exception - { - public: - DivideByZero() : Exception(OTHER_ERROR, "PolynomialOver<T>: division by zero") {} - }; - - //! specify the distribution for randomization functions - class RandomizationParameter - { - public: - RandomizationParameter(unsigned int coefficientCount, const typename T::RandomizationParameter &coefficientParameter ) - : m_coefficientCount(coefficientCount), m_coefficientParameter(coefficientParameter) {} - - private: - unsigned int m_coefficientCount; - typename T::RandomizationParameter m_coefficientParameter; - friend class PolynomialOver<T>; - }; - - typedef T Ring; - typedef typename T::Element CoefficientType; - //@} - - //! \name CREATORS - //@{ - //! creates the zero polynomial - PolynomialOver() {} - - //! - PolynomialOver(const Ring &ring, unsigned int count) - : m_coefficients((size_t)count, ring.Identity()) {} - - //! copy constructor - PolynomialOver(const PolynomialOver<Ring> &t) - : m_coefficients(t.m_coefficients.size()) {*this = t;} - - //! construct constant polynomial - PolynomialOver(const CoefficientType &element) - : m_coefficients(1, element) {} - - //! construct polynomial with specified coefficients, starting from coefficient of x^0 - template <typename Iterator> PolynomialOver(Iterator begin, Iterator end) - : m_coefficients(begin, end) {} - - //! convert from string - PolynomialOver(const char *str, const Ring &ring) {FromStr(str, ring);} - - //! convert from big-endian byte array - PolynomialOver(const byte *encodedPolynomialOver, unsigned int byteCount); - - //! convert from Basic Encoding Rules encoded byte array - explicit PolynomialOver(const byte *BEREncodedPolynomialOver); - - //! convert from BER encoded byte array stored in a BufferedTransformation object - explicit PolynomialOver(BufferedTransformation &bt); - - //! create a random PolynomialOver<T> - PolynomialOver(RandomNumberGenerator &rng, const RandomizationParameter ¶meter, const Ring &ring) - {Randomize(rng, parameter, ring);} - //@} - - //! \name ACCESSORS - //@{ - //! the zero polynomial will return a degree of -1 - int Degree(const Ring &ring) const {return int(CoefficientCount(ring))-1;} - //! - unsigned int CoefficientCount(const Ring &ring) const; - //! return coefficient for x^i - CoefficientType GetCoefficient(unsigned int i, const Ring &ring) const; - //@} - - //! \name MANIPULATORS - //@{ - //! - PolynomialOver<Ring>& operator=(const PolynomialOver<Ring>& t); - - //! - void Randomize(RandomNumberGenerator &rng, const RandomizationParameter ¶meter, const Ring &ring); - - //! set the coefficient for x^i to value - void SetCoefficient(unsigned int i, const CoefficientType &value, const Ring &ring); - - //! - void Negate(const Ring &ring); - - //! - void swap(PolynomialOver<Ring> &t); - //@} - - - //! \name BASIC ARITHMETIC ON POLYNOMIALS - //@{ - bool Equals(const PolynomialOver<Ring> &t, const Ring &ring) const; - bool IsZero(const Ring &ring) const {return CoefficientCount(ring)==0;} - - PolynomialOver<Ring> Plus(const PolynomialOver<Ring>& t, const Ring &ring) const; - PolynomialOver<Ring> Minus(const PolynomialOver<Ring>& t, const Ring &ring) const; - PolynomialOver<Ring> Inverse(const Ring &ring) const; - - PolynomialOver<Ring> Times(const PolynomialOver<Ring>& t, const Ring &ring) const; - PolynomialOver<Ring> DividedBy(const PolynomialOver<Ring>& t, const Ring &ring) const; - PolynomialOver<Ring> Modulo(const PolynomialOver<Ring>& t, const Ring &ring) const; - PolynomialOver<Ring> MultiplicativeInverse(const Ring &ring) const; - bool IsUnit(const Ring &ring) const; - - PolynomialOver<Ring>& Accumulate(const PolynomialOver<Ring>& t, const Ring &ring); - PolynomialOver<Ring>& Reduce(const PolynomialOver<Ring>& t, const Ring &ring); - - //! - PolynomialOver<Ring> Doubled(const Ring &ring) const {return Plus(*this, ring);} - //! - PolynomialOver<Ring> Squared(const Ring &ring) const {return Times(*this, ring);} - - CoefficientType EvaluateAt(const CoefficientType &x, const Ring &ring) const; - - PolynomialOver<Ring>& ShiftLeft(unsigned int n, const Ring &ring); - PolynomialOver<Ring>& ShiftRight(unsigned int n, const Ring &ring); - - //! calculate r and q such that (a == d*q + r) && (0 <= degree of r < degree of d) - static void Divide(PolynomialOver<Ring> &r, PolynomialOver<Ring> &q, const PolynomialOver<Ring> &a, const PolynomialOver<Ring> &d, const Ring &ring); - //@} - - //! \name INPUT/OUTPUT - //@{ - std::istream& Input(std::istream &in, const Ring &ring); - std::ostream& Output(std::ostream &out, const Ring &ring) const; - //@} - -private: - void FromStr(const char *str, const Ring &ring); - - std::vector<CoefficientType> m_coefficients; -}; - -//! Polynomials over a fixed ring -/*! Having a fixed ring allows overloaded operators */ -template <class T, int instance> class PolynomialOverFixedRing : private PolynomialOver<T> -{ - typedef PolynomialOver<T> B; - typedef PolynomialOverFixedRing<T, instance> ThisType; - -public: - typedef T Ring; - typedef typename T::Element CoefficientType; - typedef typename B::DivideByZero DivideByZero; - typedef typename B::RandomizationParameter RandomizationParameter; - - //! \name CREATORS - //@{ - //! creates the zero polynomial - PolynomialOverFixedRing(unsigned int count = 0) : B(ms_fixedRing, count) {} - - //! copy constructor - PolynomialOverFixedRing(const ThisType &t) : B(t) {} - - explicit PolynomialOverFixedRing(const B &t) : B(t) {} - - //! construct constant polynomial - PolynomialOverFixedRing(const CoefficientType &element) : B(element) {} - - //! construct polynomial with specified coefficients, starting from coefficient of x^0 - template <typename Iterator> PolynomialOverFixedRing(Iterator first, Iterator last) - : B(first, last) {} - - //! convert from string - explicit PolynomialOverFixedRing(const char *str) : B(str, ms_fixedRing) {} - - //! convert from big-endian byte array - PolynomialOverFixedRing(const byte *encodedPoly, unsigned int byteCount) : B(encodedPoly, byteCount) {} - - //! convert from Basic Encoding Rules encoded byte array - explicit PolynomialOverFixedRing(const byte *BEREncodedPoly) : B(BEREncodedPoly) {} - - //! convert from BER encoded byte array stored in a BufferedTransformation object - explicit PolynomialOverFixedRing(BufferedTransformation &bt) : B(bt) {} - - //! create a random PolynomialOverFixedRing - PolynomialOverFixedRing(RandomNumberGenerator &rng, const RandomizationParameter ¶meter) : B(rng, parameter, ms_fixedRing) {} - - static const ThisType &Zero(); - static const ThisType &One(); - //@} - - //! \name ACCESSORS - //@{ - //! the zero polynomial will return a degree of -1 - int Degree() const {return B::Degree(ms_fixedRing);} - //! degree + 1 - unsigned int CoefficientCount() const {return B::CoefficientCount(ms_fixedRing);} - //! return coefficient for x^i - CoefficientType GetCoefficient(unsigned int i) const {return B::GetCoefficient(i, ms_fixedRing);} - //! return coefficient for x^i - CoefficientType operator[](unsigned int i) const {return B::GetCoefficient(i, ms_fixedRing);} - //@} - - //! \name MANIPULATORS - //@{ - //! - ThisType& operator=(const ThisType& t) {B::operator=(t); return *this;} - //! - ThisType& operator+=(const ThisType& t) {Accumulate(t, ms_fixedRing); return *this;} - //! - ThisType& operator-=(const ThisType& t) {Reduce(t, ms_fixedRing); return *this;} - //! - ThisType& operator*=(const ThisType& t) {return *this = *this*t;} - //! - ThisType& operator/=(const ThisType& t) {return *this = *this/t;} - //! - ThisType& operator%=(const ThisType& t) {return *this = *this%t;} - - //! - ThisType& operator<<=(unsigned int n) {ShiftLeft(n, ms_fixedRing); return *this;} - //! - ThisType& operator>>=(unsigned int n) {ShiftRight(n, ms_fixedRing); return *this;} - - //! set the coefficient for x^i to value - void SetCoefficient(unsigned int i, const CoefficientType &value) {B::SetCoefficient(i, value, ms_fixedRing);} - - //! - void Randomize(RandomNumberGenerator &rng, const RandomizationParameter ¶meter) {B::Randomize(rng, parameter, ms_fixedRing);} - - //! - void Negate() {B::Negate(ms_fixedRing);} - - void swap(ThisType &t) {B::swap(t);} - //@} - - //! \name UNARY OPERATORS - //@{ - //! - bool operator!() const {return CoefficientCount()==0;} - //! - ThisType operator+() const {return *this;} - //! - ThisType operator-() const {return ThisType(Inverse(ms_fixedRing));} - //@} - - //! \name BINARY OPERATORS - //@{ - //! - friend ThisType operator>>(ThisType a, unsigned int n) {return ThisType(a>>=n);} - //! - friend ThisType operator<<(ThisType a, unsigned int n) {return ThisType(a<<=n);} - //@} - - //! \name OTHER ARITHMETIC FUNCTIONS - //@{ - //! - ThisType MultiplicativeInverse() const {return ThisType(B::MultiplicativeInverse(ms_fixedRing));} - //! - bool IsUnit() const {return B::IsUnit(ms_fixedRing);} - - //! - ThisType Doubled() const {return ThisType(B::Doubled(ms_fixedRing));} - //! - ThisType Squared() const {return ThisType(B::Squared(ms_fixedRing));} - - CoefficientType EvaluateAt(const CoefficientType &x) const {return B::EvaluateAt(x, ms_fixedRing);} - - //! calculate r and q such that (a == d*q + r) && (0 <= r < abs(d)) - static void Divide(ThisType &r, ThisType &q, const ThisType &a, const ThisType &d) - {B::Divide(r, q, a, d, ms_fixedRing);} - //@} - - //! \name INPUT/OUTPUT - //@{ - //! - friend std::istream& operator>>(std::istream& in, ThisType &a) - {return a.Input(in, ms_fixedRing);} - //! - friend std::ostream& operator<<(std::ostream& out, const ThisType &a) - {return a.Output(out, ms_fixedRing);} - //@} - -private: - struct NewOnePolynomial - { - ThisType * operator()() const - { - return new ThisType(ms_fixedRing.MultiplicativeIdentity()); - } - }; - - static const Ring ms_fixedRing; -}; - -//! Ring of polynomials over another ring -template <class T> class RingOfPolynomialsOver : public AbstractEuclideanDomain<PolynomialOver<T> > -{ -public: - typedef T CoefficientRing; - typedef PolynomialOver<T> Element; - typedef typename Element::CoefficientType CoefficientType; - typedef typename Element::RandomizationParameter RandomizationParameter; - - RingOfPolynomialsOver(const CoefficientRing &ring) : m_ring(ring) {} - - Element RandomElement(RandomNumberGenerator &rng, const RandomizationParameter ¶meter) - {return Element(rng, parameter, m_ring);} - - bool Equal(const Element &a, const Element &b) const - {return a.Equals(b, m_ring);} - - const Element& Identity() const - {return this->result = m_ring.Identity();} - - const Element& Add(const Element &a, const Element &b) const - {return this->result = a.Plus(b, m_ring);} - - Element& Accumulate(Element &a, const Element &b) const - {a.Accumulate(b, m_ring); return a;} - - const Element& Inverse(const Element &a) const - {return this->result = a.Inverse(m_ring);} - - const Element& Subtract(const Element &a, const Element &b) const - {return this->result = a.Minus(b, m_ring);} - - Element& Reduce(Element &a, const Element &b) const - {return a.Reduce(b, m_ring);} - - const Element& Double(const Element &a) const - {return this->result = a.Doubled(m_ring);} - - const Element& MultiplicativeIdentity() const - {return this->result = m_ring.MultiplicativeIdentity();} - - const Element& Multiply(const Element &a, const Element &b) const - {return this->result = a.Times(b, m_ring);} - - const Element& Square(const Element &a) const - {return this->result = a.Squared(m_ring);} - - bool IsUnit(const Element &a) const - {return a.IsUnit(m_ring);} - - const Element& MultiplicativeInverse(const Element &a) const - {return this->result = a.MultiplicativeInverse(m_ring);} - - const Element& Divide(const Element &a, const Element &b) const - {return this->result = a.DividedBy(b, m_ring);} - - const Element& Mod(const Element &a, const Element &b) const - {return this->result = a.Modulo(b, m_ring);} - - void DivisionAlgorithm(Element &r, Element &q, const Element &a, const Element &d) const - {Element::Divide(r, q, a, d, m_ring);} - - class InterpolationFailed : public Exception - { - public: - InterpolationFailed() : Exception(OTHER_ERROR, "RingOfPolynomialsOver<T>: interpolation failed") {} - }; - - Element Interpolate(const CoefficientType x[], const CoefficientType y[], unsigned int n) const; - - // a faster version of Interpolate(x, y, n).EvaluateAt(position) - CoefficientType InterpolateAt(const CoefficientType &position, const CoefficientType x[], const CoefficientType y[], unsigned int n) const; -/* - void PrepareBulkInterpolation(CoefficientType *w, const CoefficientType x[], unsigned int n) const; - void PrepareBulkInterpolationAt(CoefficientType *v, const CoefficientType &position, const CoefficientType x[], const CoefficientType w[], unsigned int n) const; - CoefficientType BulkInterpolateAt(const CoefficientType y[], const CoefficientType v[], unsigned int n) const; -*/ -protected: - void CalculateAlpha(std::vector<CoefficientType> &alpha, const CoefficientType x[], const CoefficientType y[], unsigned int n) const; - - CoefficientRing m_ring; -}; - -template <class Ring, class Element> -void PrepareBulkPolynomialInterpolation(const Ring &ring, Element *w, const Element x[], unsigned int n); -template <class Ring, class Element> -void PrepareBulkPolynomialInterpolationAt(const Ring &ring, Element *v, const Element &position, const Element x[], const Element w[], unsigned int n); -template <class Ring, class Element> -Element BulkPolynomialInterpolateAt(const Ring &ring, const Element y[], const Element v[], unsigned int n); - -//! -template <class T, int instance> -inline bool operator==(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return a.Equals(b, a.ms_fixedRing);} -//! -template <class T, int instance> -inline bool operator!=(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return !(a==b);} - -//! -template <class T, int instance> -inline bool operator> (const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return a.Degree() > b.Degree();} -//! -template <class T, int instance> -inline bool operator>=(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return a.Degree() >= b.Degree();} -//! -template <class T, int instance> -inline bool operator< (const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return a.Degree() < b.Degree();} -//! -template <class T, int instance> -inline bool operator<=(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return a.Degree() <= b.Degree();} - -//! -template <class T, int instance> -inline CryptoPP::PolynomialOverFixedRing<T, instance> operator+(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return CryptoPP::PolynomialOverFixedRing<T, instance>(a.Plus(b, a.ms_fixedRing));} -//! -template <class T, int instance> -inline CryptoPP::PolynomialOverFixedRing<T, instance> operator-(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return CryptoPP::PolynomialOverFixedRing<T, instance>(a.Minus(b, a.ms_fixedRing));} -//! -template <class T, int instance> -inline CryptoPP::PolynomialOverFixedRing<T, instance> operator*(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return CryptoPP::PolynomialOverFixedRing<T, instance>(a.Times(b, a.ms_fixedRing));} -//! -template <class T, int instance> -inline CryptoPP::PolynomialOverFixedRing<T, instance> operator/(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return CryptoPP::PolynomialOverFixedRing<T, instance>(a.DividedBy(b, a.ms_fixedRing));} -//! -template <class T, int instance> -inline CryptoPP::PolynomialOverFixedRing<T, instance> operator%(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return CryptoPP::PolynomialOverFixedRing<T, instance>(a.Modulo(b, a.ms_fixedRing));} - -NAMESPACE_END - -NAMESPACE_BEGIN(std) -template<class T> inline void swap(CryptoPP::PolynomialOver<T> &a, CryptoPP::PolynomialOver<T> &b) -{ - a.swap(b); -} -template<class T, int i> inline void swap(CryptoPP::PolynomialOverFixedRing<T,i> &a, CryptoPP::PolynomialOverFixedRing<T,i> &b) -{ - a.swap(b); -} -NAMESPACE_END - -#endif diff --git a/cryptopp562/pssr.cpp b/cryptopp562/pssr.cpp deleted file mode 100644 index ccbe4ee..0000000 --- a/cryptopp562/pssr.cpp +++ /dev/null @@ -1,145 +0,0 @@ -// pssr.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "pssr.h" -#include <functional> - -NAMESPACE_BEGIN(CryptoPP) - -// more in dll.cpp -template<> const byte EMSA2HashId<RIPEMD160>::id = 0x31; -template<> const byte EMSA2HashId<RIPEMD128>::id = 0x32; -template<> const byte EMSA2HashId<Whirlpool>::id = 0x37; - -#ifndef CRYPTOPP_IMPORTS - -size_t PSSR_MEM_Base::MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const -{ - size_t saltLen = SaltLen(digestLength); - size_t minPadLen = MinPadLen(digestLength); - return 9 + 8*(minPadLen + saltLen + digestLength + hashIdentifierLength); -} - -size_t PSSR_MEM_Base::MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const -{ - if (AllowRecovery()) - return SaturatingSubtract(representativeBitLength, MinRepresentativeBitLength(hashIdentifierLength, digestLength)) / 8; - return 0; -} - -bool PSSR_MEM_Base::IsProbabilistic() const -{ - return SaltLen(1) > 0; -} - -bool PSSR_MEM_Base::AllowNonrecoverablePart() const -{ - return true; -} - -bool PSSR_MEM_Base::RecoverablePartFirst() const -{ - return false; -} - -void PSSR_MEM_Base::ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize())); - - const size_t u = hashIdentifier.second + 1; - const size_t representativeByteLength = BitsToBytes(representativeBitLength); - const size_t digestSize = hash.DigestSize(); - const size_t saltSize = SaltLen(digestSize); - byte *const h = representative + representativeByteLength - u - digestSize; - - SecByteBlock digest(digestSize), salt(saltSize); - hash.Final(digest); - rng.GenerateBlock(salt, saltSize); - - // compute H = hash of M' - byte c[8]; - PutWord(false, BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength)); - PutWord(false, BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3)); - hash.Update(c, 8); - hash.Update(recoverableMessage, recoverableMessageLength); - hash.Update(digest, digestSize); - hash.Update(salt, saltSize); - hash.Final(h); - - // compute representative - GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize, false); - byte *xorStart = representative + representativeByteLength - u - digestSize - salt.size() - recoverableMessageLength - 1; - xorStart[0] ^= 1; - xorbuf(xorStart + 1, recoverableMessage, recoverableMessageLength); - xorbuf(xorStart + 1 + recoverableMessageLength, salt, salt.size()); - memcpy(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second); - representative[representativeByteLength - 1] = hashIdentifier.second ? 0xcc : 0xbc; - if (representativeBitLength % 8 != 0) - representative[0] = (byte)Crop(representative[0], representativeBitLength % 8); -} - -DecodingResult PSSR_MEM_Base::RecoverMessageFromRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength, - byte *recoverableMessage) const -{ - assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize())); - - const size_t u = hashIdentifier.second + 1; - const size_t representativeByteLength = BitsToBytes(representativeBitLength); - const size_t digestSize = hash.DigestSize(); - const size_t saltSize = SaltLen(digestSize); - const byte *const h = representative + representativeByteLength - u - digestSize; - - SecByteBlock digest(digestSize); - hash.Final(digest); - - DecodingResult result(0); - bool &valid = result.isValidCoding; - size_t &recoverableMessageLength = result.messageLength; - - valid = (representative[representativeByteLength - 1] == (hashIdentifier.second ? 0xcc : 0xbc)) && valid; - valid = VerifyBufsEqual(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second) && valid; - - GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize); - if (representativeBitLength % 8 != 0) - representative[0] = (byte)Crop(representative[0], representativeBitLength % 8); - - // extract salt and recoverableMessage from DB = 00 ... || 01 || M || salt - byte *salt = representative + representativeByteLength - u - digestSize - saltSize; - byte *M = std::find_if(representative, salt-1, std::bind2nd(std::not_equal_to<byte>(), 0)); - recoverableMessageLength = salt-M-1; - if (*M == 0x01 - && (size_t)(M - representative - (representativeBitLength % 8 != 0)) >= MinPadLen(digestSize) - && recoverableMessageLength <= MaxRecoverableLength(representativeBitLength, hashIdentifier.second, digestSize)) - { - memcpy(recoverableMessage, M+1, recoverableMessageLength); - } - else - { - recoverableMessageLength = 0; - valid = false; - } - - // verify H = hash of M' - byte c[8]; - PutWord(false, BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength)); - PutWord(false, BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3)); - hash.Update(c, 8); - hash.Update(recoverableMessage, recoverableMessageLength); - hash.Update(digest, digestSize); - hash.Update(salt, saltSize); - valid = hash.Verify(h) && valid; - - if (!AllowRecovery() && valid && recoverableMessageLength != 0) - {throw NotImplemented("PSSR_MEM: message recovery disabled");} - - return result; -} - -#endif - -NAMESPACE_END diff --git a/cryptopp562/pssr.h b/cryptopp562/pssr.h deleted file mode 100644 index 6ec6936..0000000 --- a/cryptopp562/pssr.h +++ /dev/null @@ -1,66 +0,0 @@ -#ifndef CRYPTOPP_PSSR_H -#define CRYPTOPP_PSSR_H - -#include "pubkey.h" -#include "emsa2.h" - -#ifdef CRYPTOPP_IS_DLL -#include "sha.h" -#endif - -NAMESPACE_BEGIN(CryptoPP) - -class CRYPTOPP_DLL PSSR_MEM_Base : public PK_RecoverableSignatureMessageEncodingMethod -{ - virtual bool AllowRecovery() const =0; - virtual size_t SaltLen(size_t hashLen) const =0; - virtual size_t MinPadLen(size_t hashLen) const =0; - virtual const MaskGeneratingFunction & GetMGF() const =0; - -public: - size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const; - size_t MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const; - bool IsProbabilistic() const; - bool AllowNonrecoverablePart() const; - bool RecoverablePartFirst() const; - void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; - DecodingResult RecoverMessageFromRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength, - byte *recoverableMessage) const; -}; - -template <bool USE_HASH_ID> class PSSR_MEM_BaseWithHashId; -template<> class PSSR_MEM_BaseWithHashId<true> : public EMSA2HashIdLookup<PSSR_MEM_Base> {}; -template<> class PSSR_MEM_BaseWithHashId<false> : public PSSR_MEM_Base {}; - -template <bool ALLOW_RECOVERY, class MGF=P1363_MGF1, int SALT_LEN=-1, int MIN_PAD_LEN=0, bool USE_HASH_ID=false> -class PSSR_MEM : public PSSR_MEM_BaseWithHashId<USE_HASH_ID> -{ - virtual bool AllowRecovery() const {return ALLOW_RECOVERY;} - virtual size_t SaltLen(size_t hashLen) const {return SALT_LEN < 0 ? hashLen : SALT_LEN;} - virtual size_t MinPadLen(size_t hashLen) const {return MIN_PAD_LEN < 0 ? hashLen : MIN_PAD_LEN;} - virtual const MaskGeneratingFunction & GetMGF() const {static MGF mgf; return mgf;} - -public: - static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(ALLOW_RECOVERY ? "PSSR-" : "PSS-") + MGF::StaticAlgorithmName();} -}; - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSSR-MGF1">PSSR-MGF1</a> -struct PSSR : public SignatureStandard -{ - typedef PSSR_MEM<true> SignatureMessageEncodingMethod; -}; - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSS-MGF1">PSS-MGF1</a> -struct PSS : public SignatureStandard -{ - typedef PSSR_MEM<false> SignatureMessageEncodingMethod; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/pubkey.cpp b/cryptopp562/pubkey.cpp deleted file mode 100644 index 1159e53..0000000 --- a/cryptopp562/pubkey.cpp +++ /dev/null @@ -1,165 +0,0 @@ -// pubkey.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "pubkey.h" - -NAMESPACE_BEGIN(CryptoPP) - -void P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, const byte *derivationParams, size_t derivationParamsLength, bool mask, unsigned int counterStart) -{ - ArraySink *sink; - HashFilter filter(hash, sink = mask ? new ArrayXorSink(output, outputLength) : new ArraySink(output, outputLength)); - word32 counter = counterStart; - while (sink->AvailableSize() > 0) - { - filter.Put(input, inputLength); - filter.PutWord32(counter++); - filter.Put(derivationParams, derivationParamsLength); - filter.MessageEnd(); - } -} - -bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - SecByteBlock computedRepresentative(BitsToBytes(representativeBitLength)); - ComputeMessageRepresentative(NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength); - return VerifyBufsEqual(representative, computedRepresentative, computedRepresentative.size()); -} - -bool PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - SecByteBlock recoveredMessage(MaxRecoverableLength(representativeBitLength, hashIdentifier.second, hash.DigestSize())); - DecodingResult result = RecoverMessageFromRepresentative( - hash, hashIdentifier, messageEmpty, representative, representativeBitLength, recoveredMessage); - return result.isValidCoding && result.messageLength == 0; -} - -void TF_SignerBase::InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const -{ - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - HashIdentifier id = GetHashIdentifier(); - const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); - - if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) - throw PK_SignatureScheme::KeyTooShort(); - - size_t maxRecoverableLength = encoding.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().DigestSize()); - - if (maxRecoverableLength == 0) - {throw NotImplemented("TF_SignerBase: this algorithm does not support messsage recovery or the key is too short");} - if (recoverableMessageLength > maxRecoverableLength) - throw InvalidArgument("TF_SignerBase: the recoverable message part is too long for the given key and algorithm"); - - ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength); - encoding.ProcessRecoverableMessage( - ma.AccessHash(), - recoverableMessage, recoverableMessageLength, - NULL, 0, ma.m_semisignature); -} - -size_t TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const -{ - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - HashIdentifier id = GetHashIdentifier(); - const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); - - if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) - throw PK_SignatureScheme::KeyTooShort(); - - SecByteBlock representative(MessageRepresentativeLength()); - encoding.ComputeMessageRepresentative(rng, - ma.m_recoverableMessage, ma.m_recoverableMessage.size(), - ma.AccessHash(), id, ma.m_empty, - representative, MessageRepresentativeBitLength()); - ma.m_empty = true; - - Integer r(representative, representative.size()); - size_t signatureLength = SignatureLength(); - GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength); - return signatureLength; -} - -void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const -{ - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - HashIdentifier id = GetHashIdentifier(); - const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); - - if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) - throw PK_SignatureScheme::KeyTooShort(); - - ma.m_representative.New(MessageRepresentativeLength()); - Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength)); - if (x.BitCount() > MessageRepresentativeBitLength()) - x = Integer::Zero(); // don't return false here to prevent timing attack - x.Encode(ma.m_representative, ma.m_representative.size()); -} - -bool TF_VerifierBase::VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const -{ - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - HashIdentifier id = GetHashIdentifier(); - const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); - - if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) - throw PK_SignatureScheme::KeyTooShort(); - - bool result = encoding.VerifyMessageRepresentative( - ma.AccessHash(), id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength()); - ma.m_empty = true; - return result; -} - -DecodingResult TF_VerifierBase::RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const -{ - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - HashIdentifier id = GetHashIdentifier(); - const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); - - if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) - throw PK_SignatureScheme::KeyTooShort(); - - DecodingResult result = encoding.RecoverMessageFromRepresentative( - ma.AccessHash(), id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage); - ma.m_empty = true; - return result; -} - -DecodingResult TF_DecryptorBase::Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const -{ - if (ciphertextLength != FixedCiphertextLength()) - throw InvalidArgument(AlgorithmName() + ": ciphertext length of " + IntToString(ciphertextLength) + " doesn't match the required length of " + IntToString(FixedCiphertextLength()) + " for this key"); - - SecByteBlock paddedBlock(PaddedBlockByteLength()); - Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(ciphertext, ciphertextLength)); - if (x.ByteCount() > paddedBlock.size()) - x = Integer::Zero(); // don't return false here to prevent timing attack - x.Encode(paddedBlock, paddedBlock.size()); - return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters); -} - -void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters) const -{ - if (plaintextLength > FixedMaxPlaintextLength()) - { - if (FixedMaxPlaintextLength() < 1) - throw InvalidArgument(AlgorithmName() + ": this key is too short to encrypt any messages"); - else - throw InvalidArgument(AlgorithmName() + ": message length of " + IntToString(plaintextLength) + " exceeds the maximum of " + IntToString(FixedMaxPlaintextLength()) + " for this public key"); - } - - SecByteBlock paddedBlock(PaddedBlockByteLength()); - GetMessageEncodingInterface().Pad(rng, plaintext, plaintextLength, paddedBlock, PaddedBlockBitLength(), parameters); - GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, Integer(paddedBlock, paddedBlock.size())).Encode(ciphertext, FixedCiphertextLength()); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/pubkey.h b/cryptopp562/pubkey.h deleted file mode 100644 index 3a3f3bc..0000000 --- a/cryptopp562/pubkey.h +++ /dev/null @@ -1,1678 +0,0 @@ -// pubkey.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_PUBKEY_H -#define CRYPTOPP_PUBKEY_H - -/** \file - - This file contains helper classes/functions for implementing public key algorithms. - - The class hierachies in this .h file tend to look like this: -<pre> - x1 - / \ - y1 z1 - | | - x2<y1> x2<z1> - | | - y2 z2 - | | - x3<y2> x3<z2> - | | - y3 z3 -</pre> - - x1, y1, z1 are abstract interface classes defined in cryptlib.h - - x2, y2, z2 are implementations of the interfaces using "abstract policies", which - are pure virtual functions that should return interfaces to interchangeable algorithms. - These classes have "Base" suffixes. - - x3, y3, z3 hold actual algorithms and implement those virtual functions. - These classes have "Impl" suffixes. - - The "TF_" prefix means an implementation using trapdoor functions on integers. - The "DL_" prefix means an implementation using group operations (in groups where discrete log is hard). -*/ - -#include "modarith.h" -#include "filters.h" -#include "eprecomp.h" -#include "fips140.h" -#include "argnames.h" -#include <memory> - -// VC60 workaround: this macro is defined in shlobj.h and conflicts with a template parameter used in this file -#undef INTERFACE - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TrapdoorFunctionBounds -{ -public: - virtual ~TrapdoorFunctionBounds() {} - - virtual Integer PreimageBound() const =0; - virtual Integer ImageBound() const =0; - virtual Integer MaxPreimage() const {return --PreimageBound();} - virtual Integer MaxImage() const {return --ImageBound();} -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomizedTrapdoorFunction : public TrapdoorFunctionBounds -{ -public: - virtual Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const =0; - virtual bool IsRandomized() const {return true;} -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TrapdoorFunction : public RandomizedTrapdoorFunction -{ -public: - Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const - {return ApplyFunction(x);} - bool IsRandomized() const {return false;} - - virtual Integer ApplyFunction(const Integer &x) const =0; -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomizedTrapdoorFunctionInverse -{ -public: - virtual ~RandomizedTrapdoorFunctionInverse() {} - - virtual Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const =0; - virtual bool IsRandomized() const {return true;} -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TrapdoorFunctionInverse : public RandomizedTrapdoorFunctionInverse -{ -public: - virtual ~TrapdoorFunctionInverse() {} - - Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const - {return CalculateInverse(rng, x);} - bool IsRandomized() const {return false;} - - virtual Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const =0; -}; - -// ******************************************************** - -//! message encoding method for public key encryption -class CRYPTOPP_NO_VTABLE PK_EncryptionMessageEncodingMethod -{ -public: - virtual ~PK_EncryptionMessageEncodingMethod() {} - - virtual bool ParameterSupported(const char *name) const {return false;} - - //! max size of unpadded message in bytes, given max size of padded message in bits (1 less than size of modulus) - virtual size_t MaxUnpaddedLength(size_t paddedLength) const =0; - - virtual void Pad(RandomNumberGenerator &rng, const byte *raw, size_t inputLength, byte *padded, size_t paddedBitLength, const NameValuePairs ¶meters) const =0; - - virtual DecodingResult Unpad(const byte *padded, size_t paddedBitLength, byte *raw, const NameValuePairs ¶meters) const =0; -}; - -// ******************************************************** - -//! _ -template <class TFI, class MEI> -class CRYPTOPP_NO_VTABLE TF_Base -{ -protected: - virtual const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const =0; - - typedef TFI TrapdoorFunctionInterface; - virtual const TrapdoorFunctionInterface & GetTrapdoorFunctionInterface() const =0; - - typedef MEI MessageEncodingInterface; - virtual const MessageEncodingInterface & GetMessageEncodingInterface() const =0; -}; - -// ******************************************************** - -//! _ -template <class BASE> -class CRYPTOPP_NO_VTABLE PK_FixedLengthCryptoSystemImpl : public BASE -{ -public: - size_t MaxPlaintextLength(size_t ciphertextLength) const - {return ciphertextLength == FixedCiphertextLength() ? FixedMaxPlaintextLength() : 0;} - size_t CiphertextLength(size_t plaintextLength) const - {return plaintextLength <= FixedMaxPlaintextLength() ? FixedCiphertextLength() : 0;} - - virtual size_t FixedMaxPlaintextLength() const =0; - virtual size_t FixedCiphertextLength() const =0; -}; - -//! _ -template <class INTERFACE, class BASE> -class CRYPTOPP_NO_VTABLE TF_CryptoSystemBase : public PK_FixedLengthCryptoSystemImpl<INTERFACE>, protected BASE -{ -public: - bool ParameterSupported(const char *name) const {return this->GetMessageEncodingInterface().ParameterSupported(name);} - size_t FixedMaxPlaintextLength() const {return this->GetMessageEncodingInterface().MaxUnpaddedLength(PaddedBlockBitLength());} - size_t FixedCiphertextLength() const {return this->GetTrapdoorFunctionBounds().MaxImage().ByteCount();} - -protected: - size_t PaddedBlockByteLength() const {return BitsToBytes(PaddedBlockBitLength());} - size_t PaddedBlockBitLength() const {return this->GetTrapdoorFunctionBounds().PreimageBound().BitCount()-1;} -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TF_DecryptorBase : public TF_CryptoSystemBase<PK_Decryptor, TF_Base<TrapdoorFunctionInverse, PK_EncryptionMessageEncodingMethod> > -{ -public: - DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const; -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TF_EncryptorBase : public TF_CryptoSystemBase<PK_Encryptor, TF_Base<RandomizedTrapdoorFunction, PK_EncryptionMessageEncodingMethod> > -{ -public: - void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const; -}; - -// ******************************************************** - -typedef std::pair<const byte *, size_t> HashIdentifier; - -//! interface for message encoding method for public key signature schemes -class CRYPTOPP_NO_VTABLE PK_SignatureMessageEncodingMethod -{ -public: - virtual ~PK_SignatureMessageEncodingMethod() {} - - virtual size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const - {return 0;} - virtual size_t MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const - {return 0;} - - bool IsProbabilistic() const - {return true;} - bool AllowNonrecoverablePart() const - {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} - virtual bool RecoverablePartFirst() const - {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} - - // for verification, DL - virtual void ProcessSemisignature(HashTransformation &hash, const byte *semisignature, size_t semisignatureLength) const {} - - // for signature - virtual void ProcessRecoverableMessage(HashTransformation &hash, - const byte *recoverableMessage, size_t recoverableMessageLength, - const byte *presignature, size_t presignatureLength, - SecByteBlock &semisignature) const - { - if (RecoverablePartFirst()) - assert(!"ProcessRecoverableMessage() not implemented"); - } - - virtual void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const =0; - - virtual bool VerifyMessageRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const =0; - - virtual DecodingResult RecoverMessageFromRepresentative( // for TF - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength, - byte *recoveredMessage) const - {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} - - virtual DecodingResult RecoverMessageFromSemisignature( // for DL - HashTransformation &hash, HashIdentifier hashIdentifier, - const byte *presignature, size_t presignatureLength, - const byte *semisignature, size_t semisignatureLength, - byte *recoveredMessage) const - {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} - - // VC60 workaround - struct HashIdentifierLookup - { - template <class H> struct HashIdentifierLookup2 - { - static HashIdentifier CRYPTOPP_API Lookup() - { - return HashIdentifier((const byte *)NULL, 0); - } - }; - }; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_DeterministicSignatureMessageEncodingMethod : public PK_SignatureMessageEncodingMethod -{ -public: - bool VerifyMessageRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_RecoverableSignatureMessageEncodingMethod : public PK_SignatureMessageEncodingMethod -{ -public: - bool VerifyMessageRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; -}; - -class CRYPTOPP_DLL DL_SignatureMessageEncodingMethod_DSA : public PK_DeterministicSignatureMessageEncodingMethod -{ -public: - void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; -}; - -class CRYPTOPP_DLL DL_SignatureMessageEncodingMethod_NR : public PK_DeterministicSignatureMessageEncodingMethod -{ -public: - void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_MessageAccumulatorBase : public PK_MessageAccumulator -{ -public: - PK_MessageAccumulatorBase() : m_empty(true) {} - - virtual HashTransformation & AccessHash() =0; - - void Update(const byte *input, size_t length) - { - AccessHash().Update(input, length); - m_empty = m_empty && length == 0; - } - - SecByteBlock m_recoverableMessage, m_representative, m_presignature, m_semisignature; - Integer m_k, m_s; - bool m_empty; -}; - -template <class HASH_ALGORITHM> -class PK_MessageAccumulatorImpl : public PK_MessageAccumulatorBase, protected ObjectHolder<HASH_ALGORITHM> -{ -public: - HashTransformation & AccessHash() {return this->m_object;} -}; - -//! _ -template <class INTERFACE, class BASE> -class CRYPTOPP_NO_VTABLE TF_SignatureSchemeBase : public INTERFACE, protected BASE -{ -public: - size_t SignatureLength() const - {return this->GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();} - size_t MaxRecoverableLength() const - {return this->GetMessageEncodingInterface().MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, GetDigestSize());} - size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const - {return this->MaxRecoverableLength();} - - bool IsProbabilistic() const - {return this->GetTrapdoorFunctionInterface().IsRandomized() || this->GetMessageEncodingInterface().IsProbabilistic();} - bool AllowNonrecoverablePart() const - {return this->GetMessageEncodingInterface().AllowNonrecoverablePart();} - bool RecoverablePartFirst() const - {return this->GetMessageEncodingInterface().RecoverablePartFirst();} - -protected: - size_t MessageRepresentativeLength() const {return BitsToBytes(MessageRepresentativeBitLength());} - size_t MessageRepresentativeBitLength() const {return this->GetTrapdoorFunctionBounds().ImageBound().BitCount()-1;} - virtual HashIdentifier GetHashIdentifier() const =0; - virtual size_t GetDigestSize() const =0; -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TF_SignerBase : public TF_SignatureSchemeBase<PK_Signer, TF_Base<RandomizedTrapdoorFunctionInverse, PK_SignatureMessageEncodingMethod> > -{ -public: - void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const; - size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const; -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TF_VerifierBase : public TF_SignatureSchemeBase<PK_Verifier, TF_Base<TrapdoorFunction, PK_SignatureMessageEncodingMethod> > -{ -public: - void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const; - bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const; - DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &recoveryAccumulator) const; -}; - -// ******************************************************** - -//! _ -template <class T1, class T2, class T3> -struct TF_CryptoSchemeOptions -{ - typedef T1 AlgorithmInfo; - typedef T2 Keys; - typedef typename Keys::PrivateKey PrivateKey; - typedef typename Keys::PublicKey PublicKey; - typedef T3 MessageEncodingMethod; -}; - -//! _ -template <class T1, class T2, class T3, class T4> -struct TF_SignatureSchemeOptions : public TF_CryptoSchemeOptions<T1, T2, T3> -{ - typedef T4 HashFunction; -}; - -//! _ -template <class BASE, class SCHEME_OPTIONS, class KEY_CLASS> -class CRYPTOPP_NO_VTABLE TF_ObjectImplBase : public AlgorithmImpl<BASE, typename SCHEME_OPTIONS::AlgorithmInfo> -{ -public: - typedef SCHEME_OPTIONS SchemeOptions; - typedef KEY_CLASS KeyClass; - - PublicKey & AccessPublicKey() {return AccessKey();} - const PublicKey & GetPublicKey() const {return GetKey();} - - PrivateKey & AccessPrivateKey() {return AccessKey();} - const PrivateKey & GetPrivateKey() const {return GetKey();} - - virtual const KeyClass & GetKey() const =0; - virtual KeyClass & AccessKey() =0; - - const KeyClass & GetTrapdoorFunction() const {return GetKey();} - - PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const - { - return new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>; - } - PK_MessageAccumulator * NewVerificationAccumulator() const - { - return new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>; - } - -protected: - const typename BASE::MessageEncodingInterface & GetMessageEncodingInterface() const - {return Singleton<CPP_TYPENAME SCHEME_OPTIONS::MessageEncodingMethod>().Ref();} - const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const - {return GetKey();} - const typename BASE::TrapdoorFunctionInterface & GetTrapdoorFunctionInterface() const - {return GetKey();} - - // for signature scheme - HashIdentifier GetHashIdentifier() const - { - typedef CPP_TYPENAME SchemeOptions::MessageEncodingMethod::HashIdentifierLookup::template HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction> L; - return L::Lookup(); - } - size_t GetDigestSize() const - { - typedef CPP_TYPENAME SchemeOptions::HashFunction H; - return H::DIGESTSIZE; - } -}; - -//! _ -template <class BASE, class SCHEME_OPTIONS, class KEY> -class TF_ObjectImplExtRef : public TF_ObjectImplBase<BASE, SCHEME_OPTIONS, KEY> -{ -public: - TF_ObjectImplExtRef(const KEY *pKey = NULL) : m_pKey(pKey) {} - void SetKeyPtr(const KEY *pKey) {m_pKey = pKey;} - - const KEY & GetKey() const {return *m_pKey;} - KEY & AccessKey() {throw NotImplemented("TF_ObjectImplExtRef: cannot modify refererenced key");} - -private: - const KEY * m_pKey; -}; - -//! _ -template <class BASE, class SCHEME_OPTIONS, class KEY_CLASS> -class CRYPTOPP_NO_VTABLE TF_ObjectImpl : public TF_ObjectImplBase<BASE, SCHEME_OPTIONS, KEY_CLASS> -{ -public: - typedef KEY_CLASS KeyClass; - - const KeyClass & GetKey() const {return m_trapdoorFunction;} - KeyClass & AccessKey() {return m_trapdoorFunction;} - -private: - KeyClass m_trapdoorFunction; -}; - -//! _ -template <class SCHEME_OPTIONS> -class TF_DecryptorImpl : public TF_ObjectImpl<TF_DecryptorBase, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PrivateKey> -{ -}; - -//! _ -template <class SCHEME_OPTIONS> -class TF_EncryptorImpl : public TF_ObjectImpl<TF_EncryptorBase, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PublicKey> -{ -}; - -//! _ -template <class SCHEME_OPTIONS> -class TF_SignerImpl : public TF_ObjectImpl<TF_SignerBase, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PrivateKey> -{ -}; - -//! _ -template <class SCHEME_OPTIONS> -class TF_VerifierImpl : public TF_ObjectImpl<TF_VerifierBase, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PublicKey> -{ -}; - -// ******************************************************** - -//! _ -class CRYPTOPP_NO_VTABLE MaskGeneratingFunction -{ -public: - virtual ~MaskGeneratingFunction() {} - virtual void GenerateAndMask(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, bool mask = true) const =0; -}; - -CRYPTOPP_DLL void CRYPTOPP_API P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, const byte *derivationParams, size_t derivationParamsLength, bool mask, unsigned int counterStart); - -//! _ -class P1363_MGF1 : public MaskGeneratingFunction -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "MGF1";} - void GenerateAndMask(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, bool mask = true) const - { - P1363_MGF1KDF2_Common(hash, output, outputLength, input, inputLength, NULL, 0, mask, 0); - } -}; - -// ******************************************************** - -//! _ -template <class H> -class P1363_KDF2 -{ -public: - static void CRYPTOPP_API DeriveKey(byte *output, size_t outputLength, const byte *input, size_t inputLength, const byte *derivationParams, size_t derivationParamsLength) - { - H h; - P1363_MGF1KDF2_Common(h, output, outputLength, input, inputLength, derivationParams, derivationParamsLength, false, 1); - } -}; - -// ******************************************************** - -//! to be thrown by DecodeElement and AgreeWithStaticPrivateKey -class DL_BadElement : public InvalidDataFormat -{ -public: - DL_BadElement() : InvalidDataFormat("CryptoPP: invalid group element") {} -}; - -//! interface for DL group parameters -template <class T> -class CRYPTOPP_NO_VTABLE DL_GroupParameters : public CryptoParameters -{ - typedef DL_GroupParameters<T> ThisClass; - -public: - typedef T Element; - - DL_GroupParameters() : m_validationLevel(0) {} - - // CryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const - { - if (!GetBasePrecomputation().IsInitialized()) - return false; - - if (m_validationLevel > level) - return true; - - bool pass = ValidateGroup(rng, level); - pass = pass && ValidateElement(level, GetSubgroupGenerator(), &GetBasePrecomputation()); - - m_validationLevel = pass ? level+1 : 0; - - return pass; - } - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper(this, name, valueType, pValue) - CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupOrder) - CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupGenerator) - ; - } - - bool SupportsPrecomputation() const {return true;} - - void Precompute(unsigned int precomputationStorage=16) - { - AccessBasePrecomputation().Precompute(GetGroupPrecomputation(), GetSubgroupOrder().BitCount(), precomputationStorage); - } - - void LoadPrecomputation(BufferedTransformation &storedPrecomputation) - { - AccessBasePrecomputation().Load(GetGroupPrecomputation(), storedPrecomputation); - m_validationLevel = 0; - } - - void SavePrecomputation(BufferedTransformation &storedPrecomputation) const - { - GetBasePrecomputation().Save(GetGroupPrecomputation(), storedPrecomputation); - } - - // non-inherited - virtual const Element & GetSubgroupGenerator() const {return GetBasePrecomputation().GetBase(GetGroupPrecomputation());} - virtual void SetSubgroupGenerator(const Element &base) {AccessBasePrecomputation().SetBase(GetGroupPrecomputation(), base);} - virtual Element ExponentiateBase(const Integer &exponent) const - { - return GetBasePrecomputation().Exponentiate(GetGroupPrecomputation(), exponent); - } - virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const - { - Element result; - SimultaneousExponentiate(&result, base, &exponent, 1); - return result; - } - - virtual const DL_GroupPrecomputation<Element> & GetGroupPrecomputation() const =0; - virtual const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const =0; - virtual DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() =0; - virtual const Integer & GetSubgroupOrder() const =0; // order of subgroup generated by base element - virtual Integer GetMaxExponent() const =0; - virtual Integer GetGroupOrder() const {return GetSubgroupOrder()*GetCofactor();} // one of these two needs to be overriden - virtual Integer GetCofactor() const {return GetGroupOrder()/GetSubgroupOrder();} - virtual unsigned int GetEncodedElementSize(bool reversible) const =0; - virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0; - virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0; - virtual Integer ConvertElementToInteger(const Element &element) const =0; - virtual bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const =0; - virtual bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation<Element> *precomp) const =0; - virtual bool FastSubgroupCheckAvailable() const =0; - virtual bool IsIdentity(const Element &element) const =0; - virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const =0; - -protected: - void ParametersChanged() {m_validationLevel = 0;} - -private: - mutable unsigned int m_validationLevel; -}; - -//! _ -template <class GROUP_PRECOMP, class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element>, class BASE = DL_GroupParameters<CPP_TYPENAME GROUP_PRECOMP::Element> > -class DL_GroupParametersImpl : public BASE -{ -public: - typedef GROUP_PRECOMP GroupPrecomputation; - typedef typename GROUP_PRECOMP::Element Element; - typedef BASE_PRECOMP BasePrecomputation; - - const DL_GroupPrecomputation<Element> & GetGroupPrecomputation() const {return m_groupPrecomputation;} - const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return m_gpc;} - DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return m_gpc;} - -protected: - GROUP_PRECOMP m_groupPrecomputation; - BASE_PRECOMP m_gpc; -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DL_Key -{ -public: - virtual const DL_GroupParameters<T> & GetAbstractGroupParameters() const =0; - virtual DL_GroupParameters<T> & AccessAbstractGroupParameters() =0; -}; - -//! interface for DL public keys -template <class T> -class CRYPTOPP_NO_VTABLE DL_PublicKey : public DL_Key<T> -{ - typedef DL_PublicKey<T> ThisClass; - -public: - typedef T Element; - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper(this, name, valueType, pValue, &this->GetAbstractGroupParameters()) - CRYPTOPP_GET_FUNCTION_ENTRY(PublicElement); - } - - void AssignFrom(const NameValuePairs &source); - - // non-inherited - virtual const Element & GetPublicElement() const {return GetPublicPrecomputation().GetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation());} - virtual void SetPublicElement(const Element &y) {AccessPublicPrecomputation().SetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation(), y);} - virtual Element ExponentiatePublicElement(const Integer &exponent) const - { - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - return GetPublicPrecomputation().Exponentiate(params.GetGroupPrecomputation(), exponent); - } - virtual Element CascadeExponentiateBaseAndPublicElement(const Integer &baseExp, const Integer &publicExp) const - { - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - return params.GetBasePrecomputation().CascadeExponentiate(params.GetGroupPrecomputation(), baseExp, GetPublicPrecomputation(), publicExp); - } - - virtual const DL_FixedBasePrecomputation<T> & GetPublicPrecomputation() const =0; - virtual DL_FixedBasePrecomputation<T> & AccessPublicPrecomputation() =0; -}; - -//! interface for DL private keys -template <class T> -class CRYPTOPP_NO_VTABLE DL_PrivateKey : public DL_Key<T> -{ - typedef DL_PrivateKey<T> ThisClass; - -public: - typedef T Element; - - void MakePublicKey(DL_PublicKey<T> &pub) const - { - pub.AccessAbstractGroupParameters().AssignFrom(this->GetAbstractGroupParameters()); - pub.SetPublicElement(this->GetAbstractGroupParameters().ExponentiateBase(GetPrivateExponent())); - } - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper(this, name, valueType, pValue, &this->GetAbstractGroupParameters()) - CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent); - } - - void AssignFrom(const NameValuePairs &source) - { - this->AccessAbstractGroupParameters().AssignFrom(source); - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent); - } - - virtual const Integer & GetPrivateExponent() const =0; - virtual void SetPrivateExponent(const Integer &x) =0; -}; - -template <class T> -void DL_PublicKey<T>::AssignFrom(const NameValuePairs &source) -{ - DL_PrivateKey<T> *pPrivateKey = NULL; - if (source.GetThisPointer(pPrivateKey)) - pPrivateKey->MakePublicKey(*this); - else - { - this->AccessAbstractGroupParameters().AssignFrom(source); - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(PublicElement); - } -} - -class OID; - -//! _ -template <class PK, class GP, class O = OID> -class DL_KeyImpl : public PK -{ -public: - typedef GP GroupParameters; - - O GetAlgorithmID() const {return GetGroupParameters().GetAlgorithmID();} -// void BERDecode(BufferedTransformation &bt) -// {PK::BERDecode(bt);} -// void DEREncode(BufferedTransformation &bt) const -// {PK::DEREncode(bt);} - bool BERDecodeAlgorithmParameters(BufferedTransformation &bt) - {AccessGroupParameters().BERDecode(bt); return true;} - bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const - {GetGroupParameters().DEREncode(bt); return true;} - - const GP & GetGroupParameters() const {return m_groupParameters;} - GP & AccessGroupParameters() {return m_groupParameters;} - -private: - GP m_groupParameters; -}; - -class X509PublicKey; -class PKCS8PrivateKey; - -//! _ -template <class GP> -class DL_PrivateKeyImpl : public DL_PrivateKey<CPP_TYPENAME GP::Element>, public DL_KeyImpl<PKCS8PrivateKey, GP> -{ -public: - typedef typename GP::Element Element; - - // GeneratableCryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const - { - bool pass = GetAbstractGroupParameters().Validate(rng, level); - - const Integer &q = GetAbstractGroupParameters().GetSubgroupOrder(); - const Integer &x = GetPrivateExponent(); - - pass = pass && x.IsPositive() && x < q; - if (level >= 1) - pass = pass && Integer::Gcd(x, q) == Integer::One(); - return pass; - } - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper<DL_PrivateKey<Element> >(this, name, valueType, pValue).Assignable(); - } - - void AssignFrom(const NameValuePairs &source) - { - AssignFromHelper<DL_PrivateKey<Element> >(this, source); - } - - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms) - { - if (!params.GetThisObject(this->AccessGroupParameters())) - this->AccessGroupParameters().GenerateRandom(rng, params); -// std::pair<const byte *, int> seed; - Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent()); -// Integer::ANY, Integer::Zero(), Integer::One(), -// params.GetValue("DeterministicKeyGenerationSeed", seed) ? &seed : NULL); - SetPrivateExponent(x); - } - - bool SupportsPrecomputation() const {return true;} - - void Precompute(unsigned int precomputationStorage=16) - {AccessAbstractGroupParameters().Precompute(precomputationStorage);} - - void LoadPrecomputation(BufferedTransformation &storedPrecomputation) - {AccessAbstractGroupParameters().LoadPrecomputation(storedPrecomputation);} - - void SavePrecomputation(BufferedTransformation &storedPrecomputation) const - {GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);} - - // DL_Key - const DL_GroupParameters<Element> & GetAbstractGroupParameters() const {return this->GetGroupParameters();} - DL_GroupParameters<Element> & AccessAbstractGroupParameters() {return this->AccessGroupParameters();} - - // DL_PrivateKey - const Integer & GetPrivateExponent() const {return m_x;} - void SetPrivateExponent(const Integer &x) {m_x = x;} - - // PKCS8PrivateKey - void BERDecodePrivateKey(BufferedTransformation &bt, bool, size_t) - {m_x.BERDecode(bt);} - void DEREncodePrivateKey(BufferedTransformation &bt) const - {m_x.DEREncode(bt);} - -private: - Integer m_x; -}; - -//! _ -template <class BASE, class SIGNATURE_SCHEME> -class DL_PrivateKey_WithSignaturePairwiseConsistencyTest : public BASE -{ -public: - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms) - { - BASE::GenerateRandom(rng, params); - - if (FIPS_140_2_ComplianceEnabled()) - { - typename SIGNATURE_SCHEME::Signer signer(*this); - typename SIGNATURE_SCHEME::Verifier verifier(signer); - SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier); - } - } -}; - -//! _ -template <class GP> -class DL_PublicKeyImpl : public DL_PublicKey<typename GP::Element>, public DL_KeyImpl<X509PublicKey, GP> -{ -public: - typedef typename GP::Element Element; - - // CryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const - { - bool pass = GetAbstractGroupParameters().Validate(rng, level); - pass = pass && GetAbstractGroupParameters().ValidateElement(level, this->GetPublicElement(), &GetPublicPrecomputation()); - return pass; - } - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper<DL_PublicKey<Element> >(this, name, valueType, pValue).Assignable(); - } - - void AssignFrom(const NameValuePairs &source) - { - AssignFromHelper<DL_PublicKey<Element> >(this, source); - } - - bool SupportsPrecomputation() const {return true;} - - void Precompute(unsigned int precomputationStorage=16) - { - AccessAbstractGroupParameters().Precompute(precomputationStorage); - AccessPublicPrecomputation().Precompute(GetAbstractGroupParameters().GetGroupPrecomputation(), GetAbstractGroupParameters().GetSubgroupOrder().BitCount(), precomputationStorage); - } - - void LoadPrecomputation(BufferedTransformation &storedPrecomputation) - { - AccessAbstractGroupParameters().LoadPrecomputation(storedPrecomputation); - AccessPublicPrecomputation().Load(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation); - } - - void SavePrecomputation(BufferedTransformation &storedPrecomputation) const - { - GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation); - GetPublicPrecomputation().Save(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation); - } - - // DL_Key - const DL_GroupParameters<Element> & GetAbstractGroupParameters() const {return this->GetGroupParameters();} - DL_GroupParameters<Element> & AccessAbstractGroupParameters() {return this->AccessGroupParameters();} - - // DL_PublicKey - const DL_FixedBasePrecomputation<Element> & GetPublicPrecomputation() const {return m_ypc;} - DL_FixedBasePrecomputation<Element> & AccessPublicPrecomputation() {return m_ypc;} - - // non-inherited - bool operator==(const DL_PublicKeyImpl<GP> &rhs) const - {return this->GetGroupParameters() == rhs.GetGroupParameters() && this->GetPublicElement() == rhs.GetPublicElement();} - -private: - typename GP::BasePrecomputation m_ypc; -}; - -//! interface for Elgamal-like signature algorithms -template <class T> -class CRYPTOPP_NO_VTABLE DL_ElgamalLikeSignatureAlgorithm -{ -public: - virtual void Sign(const DL_GroupParameters<T> ¶ms, const Integer &privateKey, const Integer &k, const Integer &e, Integer &r, Integer &s) const =0; - virtual bool Verify(const DL_GroupParameters<T> ¶ms, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const =0; - virtual Integer RecoverPresignature(const DL_GroupParameters<T> ¶ms, const DL_PublicKey<T> &publicKey, const Integer &r, const Integer &s) const - {throw NotImplemented("DL_ElgamalLikeSignatureAlgorithm: this signature scheme does not support message recovery");} - virtual size_t RLen(const DL_GroupParameters<T> ¶ms) const - {return params.GetSubgroupOrder().ByteCount();} - virtual size_t SLen(const DL_GroupParameters<T> ¶ms) const - {return params.GetSubgroupOrder().ByteCount();} -}; - -//! interface for DL key agreement algorithms -template <class T> -class CRYPTOPP_NO_VTABLE DL_KeyAgreementAlgorithm -{ -public: - typedef T Element; - - virtual Element AgreeWithEphemeralPrivateKey(const DL_GroupParameters<Element> ¶ms, const DL_FixedBasePrecomputation<Element> &publicPrecomputation, const Integer &privateExponent) const =0; - virtual Element AgreeWithStaticPrivateKey(const DL_GroupParameters<Element> ¶ms, const Element &publicElement, bool validateOtherPublicKey, const Integer &privateExponent) const =0; -}; - -//! interface for key derivation algorithms used in DL cryptosystems -template <class T> -class CRYPTOPP_NO_VTABLE DL_KeyDerivationAlgorithm -{ -public: - virtual bool ParameterSupported(const char *name) const {return false;} - virtual void Derive(const DL_GroupParameters<T> &groupParams, byte *derivedKey, size_t derivedLength, const T &agreedElement, const T &ephemeralPublicKey, const NameValuePairs &derivationParams) const =0; -}; - -//! interface for symmetric encryption algorithms used in DL cryptosystems -class CRYPTOPP_NO_VTABLE DL_SymmetricEncryptionAlgorithm -{ -public: - virtual bool ParameterSupported(const char *name) const {return false;} - virtual size_t GetSymmetricKeyLength(size_t plaintextLength) const =0; - virtual size_t GetSymmetricCiphertextLength(size_t plaintextLength) const =0; - virtual size_t GetMaxSymmetricPlaintextLength(size_t ciphertextLength) const =0; - virtual void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters) const =0; - virtual DecodingResult SymmetricDecrypt(const byte *key, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const =0; -}; - -//! _ -template <class KI> -class CRYPTOPP_NO_VTABLE DL_Base -{ -protected: - typedef KI KeyInterface; - typedef typename KI::Element Element; - - const DL_GroupParameters<Element> & GetAbstractGroupParameters() const {return GetKeyInterface().GetAbstractGroupParameters();} - DL_GroupParameters<Element> & AccessAbstractGroupParameters() {return AccessKeyInterface().AccessAbstractGroupParameters();} - - virtual KeyInterface & AccessKeyInterface() =0; - virtual const KeyInterface & GetKeyInterface() const =0; -}; - -//! _ -template <class INTERFACE, class KEY_INTERFACE> -class CRYPTOPP_NO_VTABLE DL_SignatureSchemeBase : public INTERFACE, public DL_Base<KEY_INTERFACE> -{ -public: - size_t SignatureLength() const - { - return GetSignatureAlgorithm().RLen(this->GetAbstractGroupParameters()) - + GetSignatureAlgorithm().SLen(this->GetAbstractGroupParameters()); - } - size_t MaxRecoverableLength() const - {return GetMessageEncodingInterface().MaxRecoverableLength(0, GetHashIdentifier().second, GetDigestSize());} - size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const - {assert(false); return 0;} // TODO - - bool IsProbabilistic() const - {return true;} - bool AllowNonrecoverablePart() const - {return GetMessageEncodingInterface().AllowNonrecoverablePart();} - bool RecoverablePartFirst() const - {return GetMessageEncodingInterface().RecoverablePartFirst();} - -protected: - size_t MessageRepresentativeLength() const {return BitsToBytes(MessageRepresentativeBitLength());} - size_t MessageRepresentativeBitLength() const {return this->GetAbstractGroupParameters().GetSubgroupOrder().BitCount();} - - virtual const DL_ElgamalLikeSignatureAlgorithm<CPP_TYPENAME KEY_INTERFACE::Element> & GetSignatureAlgorithm() const =0; - virtual const PK_SignatureMessageEncodingMethod & GetMessageEncodingInterface() const =0; - virtual HashIdentifier GetHashIdentifier() const =0; - virtual size_t GetDigestSize() const =0; -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DL_SignerBase : public DL_SignatureSchemeBase<PK_Signer, DL_PrivateKey<T> > -{ -public: - // for validation testing - void RawSign(const Integer &k, const Integer &e, Integer &r, Integer &s) const - { - const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - const DL_PrivateKey<T> &key = this->GetKeyInterface(); - - r = params.ConvertElementToInteger(params.ExponentiateBase(k)); - alg.Sign(params, key.GetPrivateExponent(), k, e, r, s); - } - - void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const - { - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength); - this->GetMessageEncodingInterface().ProcessRecoverableMessage(ma.AccessHash(), - recoverableMessage, recoverableMessageLength, - ma.m_presignature, ma.m_presignature.size(), - ma.m_semisignature); - } - - size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const - { - this->GetMaterial().DoQuickSanityCheck(); - - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - const DL_PrivateKey<T> &key = this->GetKeyInterface(); - - SecByteBlock representative(this->MessageRepresentativeLength()); - this->GetMessageEncodingInterface().ComputeMessageRepresentative( - rng, - ma.m_recoverableMessage, ma.m_recoverableMessage.size(), - ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty, - representative, this->MessageRepresentativeBitLength()); - ma.m_empty = true; - Integer e(representative, representative.size()); - - // hash message digest into random number k to prevent reusing the same k on a different messages - // after virtual machine rollback - if (rng.CanIncorporateEntropy()) - rng.IncorporateEntropy(representative, representative.size()); - Integer k(rng, 1, params.GetSubgroupOrder()-1); - Integer r, s; - r = params.ConvertElementToInteger(params.ExponentiateBase(k)); - alg.Sign(params, key.GetPrivateExponent(), k, e, r, s); - - /* - Integer r, s; - if (this->MaxRecoverableLength() > 0) - r.Decode(ma.m_semisignature, ma.m_semisignature.size()); - else - r.Decode(ma.m_presignature, ma.m_presignature.size()); - alg.Sign(params, key.GetPrivateExponent(), ma.m_k, e, r, s); - */ - - size_t rLen = alg.RLen(params); - r.Encode(signature, rLen); - s.Encode(signature+rLen, alg.SLen(params)); - - if (restart) - RestartMessageAccumulator(rng, ma); - - return this->SignatureLength(); - } - -protected: - void RestartMessageAccumulator(RandomNumberGenerator &rng, PK_MessageAccumulatorBase &ma) const - { - // k needs to be generated before hashing for signature schemes with recovery - // but to defend against VM rollbacks we need to generate k after hashing. - // so this code is commented out, since no DL-based signature scheme with recovery - // has been implemented in Crypto++ anyway - /* - const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - ma.m_k.Randomize(rng, 1, params.GetSubgroupOrder()-1); - ma.m_presignature.New(params.GetEncodedElementSize(false)); - params.ConvertElementToInteger(params.ExponentiateBase(ma.m_k)).Encode(ma.m_presignature, ma.m_presignature.size()); - */ - } -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DL_VerifierBase : public DL_SignatureSchemeBase<PK_Verifier, DL_PublicKey<T> > -{ -public: - void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const - { - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - - size_t rLen = alg.RLen(params); - ma.m_semisignature.Assign(signature, rLen); - ma.m_s.Decode(signature+rLen, alg.SLen(params)); - - this->GetMessageEncodingInterface().ProcessSemisignature(ma.AccessHash(), ma.m_semisignature, ma.m_semisignature.size()); - } - - bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const - { - this->GetMaterial().DoQuickSanityCheck(); - - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - const DL_PublicKey<T> &key = this->GetKeyInterface(); - - SecByteBlock representative(this->MessageRepresentativeLength()); - this->GetMessageEncodingInterface().ComputeMessageRepresentative(NullRNG(), ma.m_recoverableMessage, ma.m_recoverableMessage.size(), - ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty, - representative, this->MessageRepresentativeBitLength()); - ma.m_empty = true; - Integer e(representative, representative.size()); - - Integer r(ma.m_semisignature, ma.m_semisignature.size()); - return alg.Verify(params, key, e, r, ma.m_s); - } - - DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const - { - this->GetMaterial().DoQuickSanityCheck(); - - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - const DL_PublicKey<T> &key = this->GetKeyInterface(); - - SecByteBlock representative(this->MessageRepresentativeLength()); - this->GetMessageEncodingInterface().ComputeMessageRepresentative( - NullRNG(), - ma.m_recoverableMessage, ma.m_recoverableMessage.size(), - ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty, - representative, this->MessageRepresentativeBitLength()); - ma.m_empty = true; - Integer e(representative, representative.size()); - - ma.m_presignature.New(params.GetEncodedElementSize(false)); - Integer r(ma.m_semisignature, ma.m_semisignature.size()); - alg.RecoverPresignature(params, key, r, ma.m_s).Encode(ma.m_presignature, ma.m_presignature.size()); - - return this->GetMessageEncodingInterface().RecoverMessageFromSemisignature( - ma.AccessHash(), this->GetHashIdentifier(), - ma.m_presignature, ma.m_presignature.size(), - ma.m_semisignature, ma.m_semisignature.size(), - recoveredMessage); - } -}; - -//! _ -template <class PK, class KI> -class CRYPTOPP_NO_VTABLE DL_CryptoSystemBase : public PK, public DL_Base<KI> -{ -public: - typedef typename DL_Base<KI>::Element Element; - - size_t MaxPlaintextLength(size_t ciphertextLength) const - { - unsigned int minLen = this->GetAbstractGroupParameters().GetEncodedElementSize(true); - return ciphertextLength < minLen ? 0 : GetSymmetricEncryptionAlgorithm().GetMaxSymmetricPlaintextLength(ciphertextLength - minLen); - } - - size_t CiphertextLength(size_t plaintextLength) const - { - size_t len = GetSymmetricEncryptionAlgorithm().GetSymmetricCiphertextLength(plaintextLength); - return len == 0 ? 0 : this->GetAbstractGroupParameters().GetEncodedElementSize(true) + len; - } - - bool ParameterSupported(const char *name) const - {return GetKeyDerivationAlgorithm().ParameterSupported(name) || GetSymmetricEncryptionAlgorithm().ParameterSupported(name);} - -protected: - virtual const DL_KeyAgreementAlgorithm<Element> & GetKeyAgreementAlgorithm() const =0; - virtual const DL_KeyDerivationAlgorithm<Element> & GetKeyDerivationAlgorithm() const =0; - virtual const DL_SymmetricEncryptionAlgorithm & GetSymmetricEncryptionAlgorithm() const =0; -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DL_DecryptorBase : public DL_CryptoSystemBase<PK_Decryptor, DL_PrivateKey<T> > -{ -public: - typedef T Element; - - DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const - { - try - { - const DL_KeyAgreementAlgorithm<T> &agreeAlg = this->GetKeyAgreementAlgorithm(); - const DL_KeyDerivationAlgorithm<T> &derivAlg = this->GetKeyDerivationAlgorithm(); - const DL_SymmetricEncryptionAlgorithm &encAlg = this->GetSymmetricEncryptionAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - const DL_PrivateKey<T> &key = this->GetKeyInterface(); - - Element q = params.DecodeElement(ciphertext, true); - size_t elementSize = params.GetEncodedElementSize(true); - ciphertext += elementSize; - ciphertextLength -= elementSize; - - Element z = agreeAlg.AgreeWithStaticPrivateKey(params, q, true, key.GetPrivateExponent()); - - SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(encAlg.GetMaxSymmetricPlaintextLength(ciphertextLength))); - derivAlg.Derive(params, derivedKey, derivedKey.size(), z, q, parameters); - - return encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters); - } - catch (DL_BadElement &) - { - return DecodingResult(); - } - } -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DL_EncryptorBase : public DL_CryptoSystemBase<PK_Encryptor, DL_PublicKey<T> > -{ -public: - typedef T Element; - - void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const - { - const DL_KeyAgreementAlgorithm<T> &agreeAlg = this->GetKeyAgreementAlgorithm(); - const DL_KeyDerivationAlgorithm<T> &derivAlg = this->GetKeyDerivationAlgorithm(); - const DL_SymmetricEncryptionAlgorithm &encAlg = this->GetSymmetricEncryptionAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - const DL_PublicKey<T> &key = this->GetKeyInterface(); - - Integer x(rng, Integer::One(), params.GetMaxExponent()); - Element q = params.ExponentiateBase(x); - params.EncodeElement(true, q, ciphertext); - unsigned int elementSize = params.GetEncodedElementSize(true); - ciphertext += elementSize; - - Element z = agreeAlg.AgreeWithEphemeralPrivateKey(params, key.GetPublicPrecomputation(), x); - - SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(plaintextLength)); - derivAlg.Derive(params, derivedKey, derivedKey.size(), z, q, parameters); - - encAlg.SymmetricEncrypt(rng, derivedKey, plaintext, plaintextLength, ciphertext, parameters); - } -}; - -//! _ -template <class T1, class T2> -struct DL_SchemeOptionsBase -{ - typedef T1 AlgorithmInfo; - typedef T2 GroupParameters; - typedef typename GroupParameters::Element Element; -}; - -//! _ -template <class T1, class T2> -struct DL_KeyedSchemeOptions : public DL_SchemeOptionsBase<T1, typename T2::PublicKey::GroupParameters> -{ - typedef T2 Keys; - typedef typename Keys::PrivateKey PrivateKey; - typedef typename Keys::PublicKey PublicKey; -}; - -//! _ -template <class T1, class T2, class T3, class T4, class T5> -struct DL_SignatureSchemeOptions : public DL_KeyedSchemeOptions<T1, T2> -{ - typedef T3 SignatureAlgorithm; - typedef T4 MessageEncodingMethod; - typedef T5 HashFunction; -}; - -//! _ -template <class T1, class T2, class T3, class T4, class T5> -struct DL_CryptoSchemeOptions : public DL_KeyedSchemeOptions<T1, T2> -{ - typedef T3 KeyAgreementAlgorithm; - typedef T4 KeyDerivationAlgorithm; - typedef T5 SymmetricEncryptionAlgorithm; -}; - -//! _ -template <class BASE, class SCHEME_OPTIONS, class KEY> -class CRYPTOPP_NO_VTABLE DL_ObjectImplBase : public AlgorithmImpl<BASE, typename SCHEME_OPTIONS::AlgorithmInfo> -{ -public: - typedef SCHEME_OPTIONS SchemeOptions; - typedef typename KEY::Element Element; - - PrivateKey & AccessPrivateKey() {return m_key;} - PublicKey & AccessPublicKey() {return m_key;} - - // KeyAccessor - const KEY & GetKey() const {return m_key;} - KEY & AccessKey() {return m_key;} - -protected: - typename BASE::KeyInterface & AccessKeyInterface() {return m_key;} - const typename BASE::KeyInterface & GetKeyInterface() const {return m_key;} - - // for signature scheme - HashIdentifier GetHashIdentifier() const - { - typedef typename SchemeOptions::MessageEncodingMethod::HashIdentifierLookup HashLookup; - return HashLookup::template HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction>::Lookup(); - } - size_t GetDigestSize() const - { - typedef CPP_TYPENAME SchemeOptions::HashFunction H; - return H::DIGESTSIZE; - } - -private: - KEY m_key; -}; - -//! _ -template <class BASE, class SCHEME_OPTIONS, class KEY> -class CRYPTOPP_NO_VTABLE DL_ObjectImpl : public DL_ObjectImplBase<BASE, SCHEME_OPTIONS, KEY> -{ -public: - typedef typename KEY::Element Element; - -protected: - const DL_ElgamalLikeSignatureAlgorithm<Element> & GetSignatureAlgorithm() const - {return Singleton<CPP_TYPENAME SCHEME_OPTIONS::SignatureAlgorithm>().Ref();} - const DL_KeyAgreementAlgorithm<Element> & GetKeyAgreementAlgorithm() const - {return Singleton<CPP_TYPENAME SCHEME_OPTIONS::KeyAgreementAlgorithm>().Ref();} - const DL_KeyDerivationAlgorithm<Element> & GetKeyDerivationAlgorithm() const - {return Singleton<CPP_TYPENAME SCHEME_OPTIONS::KeyDerivationAlgorithm>().Ref();} - const DL_SymmetricEncryptionAlgorithm & GetSymmetricEncryptionAlgorithm() const - {return Singleton<CPP_TYPENAME SCHEME_OPTIONS::SymmetricEncryptionAlgorithm>().Ref();} - HashIdentifier GetHashIdentifier() const - {return HashIdentifier();} - const PK_SignatureMessageEncodingMethod & GetMessageEncodingInterface() const - {return Singleton<CPP_TYPENAME SCHEME_OPTIONS::MessageEncodingMethod>().Ref();} -}; - -//! _ -template <class SCHEME_OPTIONS> -class DL_SignerImpl : public DL_ObjectImpl<DL_SignerBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PrivateKey> -{ -public: - PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const - { - std::auto_ptr<PK_MessageAccumulatorBase> p(new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>); - this->RestartMessageAccumulator(rng, *p); - return p.release(); - } -}; - -//! _ -template <class SCHEME_OPTIONS> -class DL_VerifierImpl : public DL_ObjectImpl<DL_VerifierBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PublicKey> -{ -public: - PK_MessageAccumulator * NewVerificationAccumulator() const - { - return new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>; - } -}; - -//! _ -template <class SCHEME_OPTIONS> -class DL_EncryptorImpl : public DL_ObjectImpl<DL_EncryptorBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PublicKey> -{ -}; - -//! _ -template <class SCHEME_OPTIONS> -class DL_DecryptorImpl : public DL_ObjectImpl<DL_DecryptorBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PrivateKey> -{ -}; - -// ******************************************************** - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DL_SimpleKeyAgreementDomainBase : public SimpleKeyAgreementDomain -{ -public: - typedef T Element; - - CryptoParameters & AccessCryptoParameters() {return AccessAbstractGroupParameters();} - unsigned int AgreedValueLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(false);} - unsigned int PrivateKeyLength() const {return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();} - unsigned int PublicKeyLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(true);} - - void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const - { - Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent()); - x.Encode(privateKey, PrivateKeyLength()); - } - - void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const - { - const DL_GroupParameters<T> ¶ms = GetAbstractGroupParameters(); - Integer x(privateKey, PrivateKeyLength()); - Element y = params.ExponentiateBase(x); - params.EncodeElement(true, y, publicKey); - } - - bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const - { - try - { - const DL_GroupParameters<T> ¶ms = GetAbstractGroupParameters(); - Integer x(privateKey, PrivateKeyLength()); - Element w = params.DecodeElement(otherPublicKey, validateOtherPublicKey); - - Element z = GetKeyAgreementAlgorithm().AgreeWithStaticPrivateKey( - GetAbstractGroupParameters(), w, validateOtherPublicKey, x); - params.EncodeElement(false, z, agreedValue); - } - catch (DL_BadElement &) - { - return false; - } - return true; - } - - const Element &GetGenerator() const {return GetAbstractGroupParameters().GetSubgroupGenerator();} - -protected: - virtual const DL_KeyAgreementAlgorithm<Element> & GetKeyAgreementAlgorithm() const =0; - virtual DL_GroupParameters<Element> & AccessAbstractGroupParameters() =0; - const DL_GroupParameters<Element> & GetAbstractGroupParameters() const {return const_cast<DL_SimpleKeyAgreementDomainBase<Element> *>(this)->AccessAbstractGroupParameters();} -}; - -enum CofactorMultiplicationOption {NO_COFACTOR_MULTIPLICTION, COMPATIBLE_COFACTOR_MULTIPLICTION, INCOMPATIBLE_COFACTOR_MULTIPLICTION}; -typedef EnumToType<CofactorMultiplicationOption, NO_COFACTOR_MULTIPLICTION> NoCofactorMultiplication; -typedef EnumToType<CofactorMultiplicationOption, COMPATIBLE_COFACTOR_MULTIPLICTION> CompatibleCofactorMultiplication; -typedef EnumToType<CofactorMultiplicationOption, INCOMPATIBLE_COFACTOR_MULTIPLICTION> IncompatibleCofactorMultiplication; - -//! DH key agreement algorithm -template <class ELEMENT, class COFACTOR_OPTION> -class DL_KeyAgreementAlgorithm_DH : public DL_KeyAgreementAlgorithm<ELEMENT> -{ -public: - typedef ELEMENT Element; - - static const char * CRYPTOPP_API StaticAlgorithmName() - {return COFACTOR_OPTION::ToEnum() == INCOMPATIBLE_COFACTOR_MULTIPLICTION ? "DHC" : "DH";} - - Element AgreeWithEphemeralPrivateKey(const DL_GroupParameters<Element> ¶ms, const DL_FixedBasePrecomputation<Element> &publicPrecomputation, const Integer &privateExponent) const - { - return publicPrecomputation.Exponentiate(params.GetGroupPrecomputation(), - COFACTOR_OPTION::ToEnum() == INCOMPATIBLE_COFACTOR_MULTIPLICTION ? privateExponent*params.GetCofactor() : privateExponent); - } - - Element AgreeWithStaticPrivateKey(const DL_GroupParameters<Element> ¶ms, const Element &publicElement, bool validateOtherPublicKey, const Integer &privateExponent) const - { - if (COFACTOR_OPTION::ToEnum() == COMPATIBLE_COFACTOR_MULTIPLICTION) - { - const Integer &k = params.GetCofactor(); - return params.ExponentiateElement(publicElement, - ModularArithmetic(params.GetSubgroupOrder()).Divide(privateExponent, k)*k); - } - else if (COFACTOR_OPTION::ToEnum() == INCOMPATIBLE_COFACTOR_MULTIPLICTION) - return params.ExponentiateElement(publicElement, privateExponent*params.GetCofactor()); - else - { - assert(COFACTOR_OPTION::ToEnum() == NO_COFACTOR_MULTIPLICTION); - - if (!validateOtherPublicKey) - return params.ExponentiateElement(publicElement, privateExponent); - - if (params.FastSubgroupCheckAvailable()) - { - if (!params.ValidateElement(2, publicElement, NULL)) - throw DL_BadElement(); - return params.ExponentiateElement(publicElement, privateExponent); - } - else - { - const Integer e[2] = {params.GetSubgroupOrder(), privateExponent}; - Element r[2]; - params.SimultaneousExponentiate(r, publicElement, e, 2); - if (!params.IsIdentity(r[0])) - throw DL_BadElement(); - return r[1]; - } - } - } -}; - -// ******************************************************** - -//! A template implementing constructors for public key algorithm classes -template <class BASE> -class CRYPTOPP_NO_VTABLE PK_FinalTemplate : public BASE -{ -public: - PK_FinalTemplate() {} - - PK_FinalTemplate(const CryptoMaterial &key) - {this->AccessKey().AssignFrom(key);} - - PK_FinalTemplate(BufferedTransformation &bt) - {this->AccessKey().BERDecode(bt);} - - PK_FinalTemplate(const AsymmetricAlgorithm &algorithm) - {this->AccessKey().AssignFrom(algorithm.GetMaterial());} - - PK_FinalTemplate(const Integer &v1) - {this->AccessKey().Initialize(v1);} - -#if (defined(_MSC_VER) && _MSC_VER < 1300) - - template <class T1, class T2> - PK_FinalTemplate(T1 &v1, T2 &v2) - {this->AccessKey().Initialize(v1, v2);} - - template <class T1, class T2, class T3> - PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3) - {this->AccessKey().Initialize(v1, v2, v3);} - - template <class T1, class T2, class T3, class T4> - PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4) - {this->AccessKey().Initialize(v1, v2, v3, v4);} - - template <class T1, class T2, class T3, class T4, class T5> - PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5);} - - template <class T1, class T2, class T3, class T4, class T5, class T6> - PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);} - - template <class T1, class T2, class T3, class T4, class T5, class T6, class T7> - PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6, T7 &v7) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);} - - template <class T1, class T2, class T3, class T4, class T5, class T6, class T7, class T8> - PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6, T7 &v7, T8 &v8) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);} - -#else - - template <class T1, class T2> - PK_FinalTemplate(const T1 &v1, const T2 &v2) - {this->AccessKey().Initialize(v1, v2);} - - template <class T1, class T2, class T3> - PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3) - {this->AccessKey().Initialize(v1, v2, v3);} - - template <class T1, class T2, class T3, class T4> - PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4) - {this->AccessKey().Initialize(v1, v2, v3, v4);} - - template <class T1, class T2, class T3, class T4, class T5> - PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5);} - - template <class T1, class T2, class T3, class T4, class T5, class T6> - PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);} - - template <class T1, class T2, class T3, class T4, class T5, class T6, class T7> - PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6, const T7 &v7) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);} - - template <class T1, class T2, class T3, class T4, class T5, class T6, class T7, class T8> - PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6, const T7 &v7, const T8 &v8) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);} - - template <class T1, class T2> - PK_FinalTemplate(T1 &v1, const T2 &v2) - {this->AccessKey().Initialize(v1, v2);} - - template <class T1, class T2, class T3> - PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3) - {this->AccessKey().Initialize(v1, v2, v3);} - - template <class T1, class T2, class T3, class T4> - PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4) - {this->AccessKey().Initialize(v1, v2, v3, v4);} - - template <class T1, class T2, class T3, class T4, class T5> - PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5);} - - template <class T1, class T2, class T3, class T4, class T5, class T6> - PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);} - - template <class T1, class T2, class T3, class T4, class T5, class T6, class T7> - PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6, const T7 &v7) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);} - - template <class T1, class T2, class T3, class T4, class T5, class T6, class T7, class T8> - PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6, const T7 &v7, const T8 &v8) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);} - -#endif -}; - -//! Base class for public key encryption standard classes. These classes are used to select from variants of algorithms. Note that not all standards apply to all algorithms. -struct EncryptionStandard {}; - -//! Base class for public key signature standard classes. These classes are used to select from variants of algorithms. Note that not all standards apply to all algorithms. -struct SignatureStandard {}; - -template <class STANDARD, class KEYS, class ALG_INFO> -class TF_ES; - -//! Trapdoor Function Based Encryption Scheme -template <class STANDARD, class KEYS, class ALG_INFO = TF_ES<STANDARD, KEYS, int> > -class TF_ES : public KEYS -{ - typedef typename STANDARD::EncryptionMessageEncodingMethod MessageEncodingMethod; - -public: - //! see EncryptionStandard for a list of standards - typedef STANDARD Standard; - typedef TF_CryptoSchemeOptions<ALG_INFO, KEYS, MessageEncodingMethod> SchemeOptions; - - static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(KEYS::StaticAlgorithmName()) + "/" + MessageEncodingMethod::StaticAlgorithmName();} - - //! implements PK_Decryptor interface - typedef PK_FinalTemplate<TF_DecryptorImpl<SchemeOptions> > Decryptor; - //! implements PK_Encryptor interface - typedef PK_FinalTemplate<TF_EncryptorImpl<SchemeOptions> > Encryptor; -}; - -template <class STANDARD, class H, class KEYS, class ALG_INFO> // VC60 workaround: doesn't work if KEYS is first parameter -class TF_SS; - -//! Trapdoor Function Based Signature Scheme -template <class STANDARD, class H, class KEYS, class ALG_INFO = TF_SS<STANDARD, H, KEYS, int> > // VC60 workaround: doesn't work if KEYS is first parameter -class TF_SS : public KEYS -{ -public: - //! see SignatureStandard for a list of standards - typedef STANDARD Standard; - typedef typename Standard::SignatureMessageEncodingMethod MessageEncodingMethod; - typedef TF_SignatureSchemeOptions<ALG_INFO, KEYS, MessageEncodingMethod, H> SchemeOptions; - - static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(KEYS::StaticAlgorithmName()) + "/" + MessageEncodingMethod::StaticAlgorithmName() + "(" + H::StaticAlgorithmName() + ")";} - - //! implements PK_Signer interface - typedef PK_FinalTemplate<TF_SignerImpl<SchemeOptions> > Signer; - //! implements PK_Verifier interface - typedef PK_FinalTemplate<TF_VerifierImpl<SchemeOptions> > Verifier; -}; - -template <class KEYS, class SA, class MEM, class H, class ALG_INFO> -class DL_SS; - -//! Discrete Log Based Signature Scheme -template <class KEYS, class SA, class MEM, class H, class ALG_INFO = DL_SS<KEYS, SA, MEM, H, int> > -class DL_SS : public KEYS -{ - typedef DL_SignatureSchemeOptions<ALG_INFO, KEYS, SA, MEM, H> SchemeOptions; - -public: - static std::string StaticAlgorithmName() {return SA::StaticAlgorithmName() + std::string("/EMSA1(") + H::StaticAlgorithmName() + ")";} - - //! implements PK_Signer interface - typedef PK_FinalTemplate<DL_SignerImpl<SchemeOptions> > Signer; - //! implements PK_Verifier interface - typedef PK_FinalTemplate<DL_VerifierImpl<SchemeOptions> > Verifier; -}; - -//! Discrete Log Based Encryption Scheme -template <class KEYS, class AA, class DA, class EA, class ALG_INFO> -class DL_ES : public KEYS -{ - typedef DL_CryptoSchemeOptions<ALG_INFO, KEYS, AA, DA, EA> SchemeOptions; - -public: - //! implements PK_Decryptor interface - typedef PK_FinalTemplate<DL_DecryptorImpl<SchemeOptions> > Decryptor; - //! implements PK_Encryptor interface - typedef PK_FinalTemplate<DL_EncryptorImpl<SchemeOptions> > Encryptor; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/pwdbased.h b/cryptopp562/pwdbased.h deleted file mode 100644 index f755724..0000000 --- a/cryptopp562/pwdbased.h +++ /dev/null @@ -1,214 +0,0 @@ -// pwdbased.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_PWDBASED_H -#define CRYPTOPP_PWDBASED_H - -#include "cryptlib.h" -#include "hmac.h" -#include "hrtimer.h" -#include "integer.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! abstract base class for password based key derivation function -class PasswordBasedKeyDerivationFunction -{ -public: - virtual size_t MaxDerivedKeyLength() const =0; - virtual bool UsesPurposeByte() const =0; - //! derive key from password - /*! If timeInSeconds != 0, will iterate until time elapsed, as measured by ThreadUserTimer - Returns actual iteration count, which is equal to iterations if timeInSeconds == 0, and not less than iterations otherwise. */ - virtual unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const =0; -}; - -//! PBKDF1 from PKCS #5, T should be a HashTransformation class -template <class T> -class PKCS5_PBKDF1 : public PasswordBasedKeyDerivationFunction -{ -public: - size_t MaxDerivedKeyLength() const {return T::DIGESTSIZE;} - bool UsesPurposeByte() const {return false;} - // PKCS #5 says PBKDF1 should only take 8-byte salts. This implementation allows salts of any length. - unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const; -}; - -//! PBKDF2 from PKCS #5, T should be a HashTransformation class -template <class T> -class PKCS5_PBKDF2_HMAC : public PasswordBasedKeyDerivationFunction -{ -public: - size_t MaxDerivedKeyLength() const {return 0xffffffffU;} // should multiply by T::DIGESTSIZE, but gets overflow that way - bool UsesPurposeByte() const {return false;} - unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const; -}; - -/* -class PBKDF2Params -{ -public: - SecByteBlock m_salt; - unsigned int m_interationCount; - ASNOptional<ASNUnsignedWrapper<word32> > m_keyLength; -}; -*/ - -template <class T> -unsigned int PKCS5_PBKDF1<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const -{ - assert(derivedLen <= MaxDerivedKeyLength()); - assert(iterations > 0 || timeInSeconds > 0); - - if (!iterations) - iterations = 1; - - T hash; - hash.Update(password, passwordLen); - hash.Update(salt, saltLen); - - SecByteBlock buffer(hash.DigestSize()); - hash.Final(buffer); - - unsigned int i; - ThreadUserTimer timer; - - if (timeInSeconds) - timer.StartTimer(); - - for (i=1; i<iterations || (timeInSeconds && (i%128!=0 || timer.ElapsedTimeAsDouble() < timeInSeconds)); i++) - hash.CalculateDigest(buffer, buffer, buffer.size()); - - memcpy(derived, buffer, derivedLen); - return i; -} - -template <class T> -unsigned int PKCS5_PBKDF2_HMAC<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const -{ - assert(derivedLen <= MaxDerivedKeyLength()); - assert(iterations > 0 || timeInSeconds > 0); - - if (!iterations) - iterations = 1; - - HMAC<T> hmac(password, passwordLen); - SecByteBlock buffer(hmac.DigestSize()); - ThreadUserTimer timer; - - unsigned int i=1; - while (derivedLen > 0) - { - hmac.Update(salt, saltLen); - unsigned int j; - for (j=0; j<4; j++) - { - byte b = byte(i >> ((3-j)*8)); - hmac.Update(&b, 1); - } - hmac.Final(buffer); - - size_t segmentLen = STDMIN(derivedLen, buffer.size()); - memcpy(derived, buffer, segmentLen); - - if (timeInSeconds) - { - timeInSeconds = timeInSeconds / ((derivedLen + buffer.size() - 1) / buffer.size()); - timer.StartTimer(); - } - - for (j=1; j<iterations || (timeInSeconds && (j%128!=0 || timer.ElapsedTimeAsDouble() < timeInSeconds)); j++) - { - hmac.CalculateDigest(buffer, buffer, buffer.size()); - xorbuf(derived, buffer, segmentLen); - } - - if (timeInSeconds) - { - iterations = j; - timeInSeconds = 0; - } - - derived += segmentLen; - derivedLen -= segmentLen; - i++; - } - - return iterations; -} - -//! PBKDF from PKCS #12, appendix B, T should be a HashTransformation class -template <class T> -class PKCS12_PBKDF : public PasswordBasedKeyDerivationFunction -{ -public: - size_t MaxDerivedKeyLength() const {return size_t(0)-1;} - bool UsesPurposeByte() const {return true;} - unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const; -}; - -template <class T> -unsigned int PKCS12_PBKDF<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const -{ - assert(derivedLen <= MaxDerivedKeyLength()); - assert(iterations > 0 || timeInSeconds > 0); - - if (!iterations) - iterations = 1; - - const size_t v = T::BLOCKSIZE; // v is in bytes rather than bits as in PKCS #12 - const size_t DLen = v, SLen = RoundUpToMultipleOf(saltLen, v); - const size_t PLen = RoundUpToMultipleOf(passwordLen, v), ILen = SLen + PLen; - SecByteBlock buffer(DLen + SLen + PLen); - byte *D = buffer, *S = buffer+DLen, *P = buffer+DLen+SLen, *I = S; - - memset(D, purpose, DLen); - size_t i; - for (i=0; i<SLen; i++) - S[i] = salt[i % saltLen]; - for (i=0; i<PLen; i++) - P[i] = password[i % passwordLen]; - - - T hash; - SecByteBlock Ai(T::DIGESTSIZE), B(v); - ThreadUserTimer timer; - - while (derivedLen > 0) - { - hash.CalculateDigest(Ai, buffer, buffer.size()); - - if (timeInSeconds) - { - timeInSeconds = timeInSeconds / ((derivedLen + Ai.size() - 1) / Ai.size()); - timer.StartTimer(); - } - - for (i=1; i<iterations || (timeInSeconds && (i%128!=0 || timer.ElapsedTimeAsDouble() < timeInSeconds)); i++) - hash.CalculateDigest(Ai, Ai, Ai.size()); - - if (timeInSeconds) - { - iterations = (unsigned int)i; - timeInSeconds = 0; - } - - for (i=0; i<B.size(); i++) - B[i] = Ai[i % Ai.size()]; - - Integer B1(B, B.size()); - ++B1; - for (i=0; i<ILen; i+=v) - (Integer(I+i, v) + B1).Encode(I+i, v); - - size_t segmentLen = STDMIN(derivedLen, Ai.size()); - memcpy(derived, Ai, segmentLen); - derived += segmentLen; - derivedLen -= segmentLen; - } - - return iterations; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/queue.cpp b/cryptopp562/queue.cpp deleted file mode 100644 index ff2f0d3..0000000 --- a/cryptopp562/queue.cpp +++ /dev/null @@ -1,565 +0,0 @@ -// queue.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "queue.h" -#include "filters.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const unsigned int s_maxAutoNodeSize = 16*1024; - -// this class for use by ByteQueue only -class ByteQueueNode -{ -public: - ByteQueueNode(size_t maxSize) - : buf(maxSize) - { - m_head = m_tail = 0; - next = 0; - } - - inline size_t MaxSize() const {return buf.size();} - - inline size_t CurrentSize() const - { - return m_tail-m_head; - } - - inline bool UsedUp() const - { - return (m_head==MaxSize()); - } - - inline void Clear() - { - m_head = m_tail = 0; - } - - inline size_t Put(const byte *begin, size_t length) - { - size_t l = STDMIN(length, MaxSize()-m_tail); - if (buf+m_tail != begin) - memcpy(buf+m_tail, begin, l); - m_tail += l; - return l; - } - - inline size_t Peek(byte &outByte) const - { - if (m_tail==m_head) - return 0; - - outByte=buf[m_head]; - return 1; - } - - inline size_t Peek(byte *target, size_t copyMax) const - { - size_t len = STDMIN(copyMax, m_tail-m_head); - memcpy(target, buf+m_head, len); - return len; - } - - inline size_t CopyTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) const - { - size_t len = m_tail-m_head; - target.ChannelPut(channel, buf+m_head, len); - return len; - } - - inline size_t CopyTo(BufferedTransformation &target, size_t copyMax, const std::string &channel=DEFAULT_CHANNEL) const - { - size_t len = STDMIN(copyMax, m_tail-m_head); - target.ChannelPut(channel, buf+m_head, len); - return len; - } - - inline size_t Get(byte &outByte) - { - size_t len = Peek(outByte); - m_head += len; - return len; - } - - inline size_t Get(byte *outString, size_t getMax) - { - size_t len = Peek(outString, getMax); - m_head += len; - return len; - } - - inline size_t TransferTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) - { - size_t len = m_tail-m_head; - target.ChannelPutModifiable(channel, buf+m_head, len); - m_head = m_tail; - return len; - } - - inline size_t TransferTo(BufferedTransformation &target, lword transferMax, const std::string &channel=DEFAULT_CHANNEL) - { - size_t len = UnsignedMin(m_tail-m_head, transferMax); - target.ChannelPutModifiable(channel, buf+m_head, len); - m_head += len; - return len; - } - - inline size_t Skip(size_t skipMax) - { - size_t len = STDMIN(skipMax, m_tail-m_head); - m_head += len; - return len; - } - - inline byte operator[](size_t i) const - { - return buf[m_head+i]; - } - - ByteQueueNode *next; - - SecByteBlock buf; - size_t m_head, m_tail; -}; - -// ******************************************************** - -ByteQueue::ByteQueue(size_t nodeSize) - : m_lazyString(NULL), m_lazyLength(0) -{ - SetNodeSize(nodeSize); - m_head = m_tail = new ByteQueueNode(m_nodeSize); -} - -void ByteQueue::SetNodeSize(size_t nodeSize) -{ - m_autoNodeSize = !nodeSize; - m_nodeSize = m_autoNodeSize ? 256 : nodeSize; -} - -ByteQueue::ByteQueue(const ByteQueue ©) - : m_lazyString(NULL) -{ - CopyFrom(copy); -} - -void ByteQueue::CopyFrom(const ByteQueue ©) -{ - m_lazyLength = 0; - m_autoNodeSize = copy.m_autoNodeSize; - m_nodeSize = copy.m_nodeSize; - m_head = m_tail = new ByteQueueNode(*copy.m_head); - - for (ByteQueueNode *current=copy.m_head->next; current; current=current->next) - { - m_tail->next = new ByteQueueNode(*current); - m_tail = m_tail->next; - } - - m_tail->next = NULL; - - Put(copy.m_lazyString, copy.m_lazyLength); -} - -ByteQueue::~ByteQueue() -{ - Destroy(); -} - -void ByteQueue::Destroy() -{ - for (ByteQueueNode *next, *current=m_head; current; current=next) - { - next=current->next; - delete current; - } -} - -void ByteQueue::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_nodeSize = parameters.GetIntValueWithDefault("NodeSize", 256); - Clear(); -} - -lword ByteQueue::CurrentSize() const -{ - lword size=0; - - for (ByteQueueNode *current=m_head; current; current=current->next) - size += current->CurrentSize(); - - return size + m_lazyLength; -} - -bool ByteQueue::IsEmpty() const -{ - return m_head==m_tail && m_head->CurrentSize()==0 && m_lazyLength==0; -} - -void ByteQueue::Clear() -{ - for (ByteQueueNode *next, *current=m_head->next; current; current=next) - { - next=current->next; - delete current; - } - - m_tail = m_head; - m_head->Clear(); - m_head->next = NULL; - m_lazyLength = 0; -} - -size_t ByteQueue::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - if (m_lazyLength > 0) - FinalizeLazyPut(); - - size_t len; - while ((len=m_tail->Put(inString, length)) < length) - { - inString += len; - length -= len; - if (m_autoNodeSize && m_nodeSize < s_maxAutoNodeSize) - do - { - m_nodeSize *= 2; - } - while (m_nodeSize < length && m_nodeSize < s_maxAutoNodeSize); - m_tail->next = new ByteQueueNode(STDMAX(m_nodeSize, length)); - m_tail = m_tail->next; - } - - return 0; -} - -void ByteQueue::CleanupUsedNodes() -{ - while (m_head != m_tail && m_head->UsedUp()) - { - ByteQueueNode *temp=m_head; - m_head=m_head->next; - delete temp; - } - - if (m_head->CurrentSize() == 0) - m_head->Clear(); -} - -void ByteQueue::LazyPut(const byte *inString, size_t size) -{ - if (m_lazyLength > 0) - FinalizeLazyPut(); - - if (inString == m_tail->buf+m_tail->m_tail) - Put(inString, size); - else - { - m_lazyString = const_cast<byte *>(inString); - m_lazyLength = size; - m_lazyStringModifiable = false; - } -} - -void ByteQueue::LazyPutModifiable(byte *inString, size_t size) -{ - if (m_lazyLength > 0) - FinalizeLazyPut(); - m_lazyString = inString; - m_lazyLength = size; - m_lazyStringModifiable = true; -} - -void ByteQueue::UndoLazyPut(size_t size) -{ - if (m_lazyLength < size) - throw InvalidArgument("ByteQueue: size specified for UndoLazyPut is too large"); - - m_lazyLength -= size; -} - -void ByteQueue::FinalizeLazyPut() -{ - size_t len = m_lazyLength; - m_lazyLength = 0; - if (len) - Put(m_lazyString, len); -} - -size_t ByteQueue::Get(byte &outByte) -{ - if (m_head->Get(outByte)) - { - if (m_head->UsedUp()) - CleanupUsedNodes(); - return 1; - } - else if (m_lazyLength > 0) - { - outByte = *m_lazyString++; - m_lazyLength--; - return 1; - } - else - return 0; -} - -size_t ByteQueue::Get(byte *outString, size_t getMax) -{ - ArraySink sink(outString, getMax); - return (size_t)TransferTo(sink, getMax); -} - -size_t ByteQueue::Peek(byte &outByte) const -{ - if (m_head->Peek(outByte)) - return 1; - else if (m_lazyLength > 0) - { - outByte = *m_lazyString; - return 1; - } - else - return 0; -} - -size_t ByteQueue::Peek(byte *outString, size_t peekMax) const -{ - ArraySink sink(outString, peekMax); - return (size_t)CopyTo(sink, peekMax); -} - -size_t ByteQueue::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - if (blocking) - { - lword bytesLeft = transferBytes; - for (ByteQueueNode *current=m_head; bytesLeft && current; current=current->next) - bytesLeft -= current->TransferTo(target, bytesLeft, channel); - CleanupUsedNodes(); - - size_t len = (size_t)STDMIN(bytesLeft, (lword)m_lazyLength); - if (len) - { - if (m_lazyStringModifiable) - target.ChannelPutModifiable(channel, m_lazyString, len); - else - target.ChannelPut(channel, m_lazyString, len); - m_lazyString += len; - m_lazyLength -= len; - bytesLeft -= len; - } - transferBytes -= bytesLeft; - return 0; - } - else - { - Walker walker(*this); - size_t blockedBytes = walker.TransferTo2(target, transferBytes, channel, blocking); - Skip(transferBytes); - return blockedBytes; - } -} - -size_t ByteQueue::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - Walker walker(*this); - walker.Skip(begin); - lword transferBytes = end-begin; - size_t blockedBytes = walker.TransferTo2(target, transferBytes, channel, blocking); - begin += transferBytes; - return blockedBytes; -} - -void ByteQueue::Unget(byte inByte) -{ - Unget(&inByte, 1); -} - -void ByteQueue::Unget(const byte *inString, size_t length) -{ - size_t len = STDMIN(length, m_head->m_head); - length -= len; - m_head->m_head -= len; - memcpy(m_head->buf + m_head->m_head, inString + length, len); - - if (length > 0) - { - ByteQueueNode *newHead = new ByteQueueNode(length); - newHead->next = m_head; - m_head = newHead; - m_head->Put(inString, length); - } -} - -const byte * ByteQueue::Spy(size_t &contiguousSize) const -{ - contiguousSize = m_head->m_tail - m_head->m_head; - if (contiguousSize == 0 && m_lazyLength > 0) - { - contiguousSize = m_lazyLength; - return m_lazyString; - } - else - return m_head->buf + m_head->m_head; -} - -byte * ByteQueue::CreatePutSpace(size_t &size) -{ - if (m_lazyLength > 0) - FinalizeLazyPut(); - - if (m_tail->m_tail == m_tail->MaxSize()) - { - m_tail->next = new ByteQueueNode(STDMAX(m_nodeSize, size)); - m_tail = m_tail->next; - } - - size = m_tail->MaxSize() - m_tail->m_tail; - return m_tail->buf + m_tail->m_tail; -} - -ByteQueue & ByteQueue::operator=(const ByteQueue &rhs) -{ - Destroy(); - CopyFrom(rhs); - return *this; -} - -bool ByteQueue::operator==(const ByteQueue &rhs) const -{ - const lword currentSize = CurrentSize(); - - if (currentSize != rhs.CurrentSize()) - return false; - - Walker walker1(*this), walker2(rhs); - byte b1, b2; - - while (walker1.Get(b1) && walker2.Get(b2)) - if (b1 != b2) - return false; - - return true; -} - -byte ByteQueue::operator[](lword i) const -{ - for (ByteQueueNode *current=m_head; current; current=current->next) - { - if (i < current->CurrentSize()) - return (*current)[(size_t)i]; - - i -= current->CurrentSize(); - } - - assert(i < m_lazyLength); - return m_lazyString[i]; -} - -void ByteQueue::swap(ByteQueue &rhs) -{ - std::swap(m_autoNodeSize, rhs.m_autoNodeSize); - std::swap(m_nodeSize, rhs.m_nodeSize); - std::swap(m_head, rhs.m_head); - std::swap(m_tail, rhs.m_tail); - std::swap(m_lazyString, rhs.m_lazyString); - std::swap(m_lazyLength, rhs.m_lazyLength); - std::swap(m_lazyStringModifiable, rhs.m_lazyStringModifiable); -} - -// ******************************************************** - -void ByteQueue::Walker::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_node = m_queue.m_head; - m_position = 0; - m_offset = 0; - m_lazyString = m_queue.m_lazyString; - m_lazyLength = m_queue.m_lazyLength; -} - -size_t ByteQueue::Walker::Get(byte &outByte) -{ - ArraySink sink(&outByte, 1); - return (size_t)TransferTo(sink, 1); -} - -size_t ByteQueue::Walker::Get(byte *outString, size_t getMax) -{ - ArraySink sink(outString, getMax); - return (size_t)TransferTo(sink, getMax); -} - -size_t ByteQueue::Walker::Peek(byte &outByte) const -{ - ArraySink sink(&outByte, 1); - return (size_t)CopyTo(sink, 1); -} - -size_t ByteQueue::Walker::Peek(byte *outString, size_t peekMax) const -{ - ArraySink sink(outString, peekMax); - return (size_t)CopyTo(sink, peekMax); -} - -size_t ByteQueue::Walker::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - lword bytesLeft = transferBytes; - size_t blockedBytes = 0; - - while (m_node) - { - size_t len = (size_t)STDMIN(bytesLeft, (lword)m_node->CurrentSize()-m_offset); - blockedBytes = target.ChannelPut2(channel, m_node->buf+m_node->m_head+m_offset, len, 0, blocking); - - if (blockedBytes) - goto done; - - m_position += len; - bytesLeft -= len; - - if (!bytesLeft) - { - m_offset += len; - goto done; - } - - m_node = m_node->next; - m_offset = 0; - } - - if (bytesLeft && m_lazyLength) - { - size_t len = (size_t)STDMIN(bytesLeft, (lword)m_lazyLength); - blockedBytes = target.ChannelPut2(channel, m_lazyString, len, 0, blocking); - if (blockedBytes) - goto done; - - m_lazyString += len; - m_lazyLength -= len; - bytesLeft -= len; - } - -done: - transferBytes -= bytesLeft; - return blockedBytes; -} - -size_t ByteQueue::Walker::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - Walker walker(*this); - walker.Skip(begin); - lword transferBytes = end-begin; - size_t blockedBytes = walker.TransferTo2(target, transferBytes, channel, blocking); - begin += transferBytes; - return blockedBytes; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/queue.h b/cryptopp562/queue.h deleted file mode 100644 index ab89dbd..0000000 --- a/cryptopp562/queue.h +++ /dev/null @@ -1,144 +0,0 @@ -// specification file for an unlimited queue for storing bytes - -#ifndef CRYPTOPP_QUEUE_H -#define CRYPTOPP_QUEUE_H - -#include "simple.h" -//#include <algorithm> - -NAMESPACE_BEGIN(CryptoPP) - -/** The queue is implemented as a linked list of byte arrays, but you don't need to - know about that. So just ignore this next line. :) */ -class ByteQueueNode; - -//! Byte Queue -class CRYPTOPP_DLL ByteQueue : public Bufferless<BufferedTransformation> -{ -public: - ByteQueue(size_t nodeSize=0); - ByteQueue(const ByteQueue ©); - ~ByteQueue(); - - lword MaxRetrievable() const - {return CurrentSize();} - bool AnyRetrievable() const - {return !IsEmpty();} - - void IsolatedInitialize(const NameValuePairs ¶meters); - byte * CreatePutSpace(size_t &size); - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - - size_t Get(byte &outByte); - size_t Get(byte *outString, size_t getMax); - - size_t Peek(byte &outByte) const; - size_t Peek(byte *outString, size_t peekMax) const; - - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - - // these member functions are not inherited - void SetNodeSize(size_t nodeSize); - - lword CurrentSize() const; - bool IsEmpty() const; - - void Clear(); - - void Unget(byte inByte); - void Unget(const byte *inString, size_t length); - - const byte * Spy(size_t &contiguousSize) const; - - void LazyPut(const byte *inString, size_t size); - void LazyPutModifiable(byte *inString, size_t size); - void UndoLazyPut(size_t size); - void FinalizeLazyPut(); - - ByteQueue & operator=(const ByteQueue &rhs); - bool operator==(const ByteQueue &rhs) const; - bool operator!=(const ByteQueue &rhs) const {return !operator==(rhs);} - byte operator[](lword i) const; - void swap(ByteQueue &rhs); - - class Walker : public InputRejecting<BufferedTransformation> - { - public: - Walker(const ByteQueue &queue) - : m_queue(queue) {Initialize();} - - lword GetCurrentPosition() {return m_position;} - - lword MaxRetrievable() const - {return m_queue.CurrentSize() - m_position;} - - void IsolatedInitialize(const NameValuePairs ¶meters); - - size_t Get(byte &outByte); - size_t Get(byte *outString, size_t getMax); - - size_t Peek(byte &outByte) const; - size_t Peek(byte *outString, size_t peekMax) const; - - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - - private: - const ByteQueue &m_queue; - const ByteQueueNode *m_node; - lword m_position; - size_t m_offset; - const byte *m_lazyString; - size_t m_lazyLength; - }; - - friend class Walker; - -private: - void CleanupUsedNodes(); - void CopyFrom(const ByteQueue ©); - void Destroy(); - - bool m_autoNodeSize; - size_t m_nodeSize; - ByteQueueNode *m_head, *m_tail; - byte *m_lazyString; - size_t m_lazyLength; - bool m_lazyStringModifiable; -}; - -//! use this to make sure LazyPut is finalized in event of exception -class CRYPTOPP_DLL LazyPutter -{ -public: - LazyPutter(ByteQueue &bq, const byte *inString, size_t size) - : m_bq(bq) {bq.LazyPut(inString, size);} - ~LazyPutter() - {try {m_bq.FinalizeLazyPut();} catch(...) {}} -protected: - LazyPutter(ByteQueue &bq) : m_bq(bq) {} -private: - ByteQueue &m_bq; -}; - -//! like LazyPutter, but does a LazyPutModifiable instead -class LazyPutterModifiable : public LazyPutter -{ -public: - LazyPutterModifiable(ByteQueue &bq, byte *inString, size_t size) - : LazyPutter(bq) {bq.LazyPutModifiable(inString, size);} -}; - -NAMESPACE_END - -#ifndef __BORLANDC__ -NAMESPACE_BEGIN(std) -template<> inline void swap(CryptoPP::ByteQueue &a, CryptoPP::ByteQueue &b) -{ - a.swap(b); -} -NAMESPACE_END -#endif - -#endif diff --git a/cryptopp562/rabin.cpp b/cryptopp562/rabin.cpp deleted file mode 100644 index d496333..0000000 --- a/cryptopp562/rabin.cpp +++ /dev/null @@ -1,221 +0,0 @@ -// rabin.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "rabin.h" -#include "nbtheory.h" -#include "asn.h" -#include "sha.h" -#include "modarith.h" - -NAMESPACE_BEGIN(CryptoPP) - -void RabinFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - m_r.BERDecode(seq); - m_s.BERDecode(seq); - seq.MessageEnd(); -} - -void RabinFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - m_r.DEREncode(seq); - m_s.DEREncode(seq); - seq.MessageEnd(); -} - -Integer RabinFunction::ApplyFunction(const Integer &in) const -{ - DoQuickSanityCheck(); - - Integer out = in.Squared()%m_n; - if (in.IsOdd()) - out = out*m_r%m_n; - if (Jacobi(in, m_n)==-1) - out = out*m_s%m_n; - return out; -} - -bool RabinFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_n > Integer::One() && m_n%4 == 1; - pass = pass && m_r > Integer::One() && m_r < m_n; - pass = pass && m_s > Integer::One() && m_s < m_n; - if (level >= 1) - pass = pass && Jacobi(m_r, m_n) == -1 && Jacobi(m_s, m_n) == -1; - return pass; -} - -bool RabinFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_GET_FUNCTION_ENTRY(QuadraticResidueModPrime1) - CRYPTOPP_GET_FUNCTION_ENTRY(QuadraticResidueModPrime2) - ; -} - -void RabinFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_SET_FUNCTION_ENTRY(QuadraticResidueModPrime1) - CRYPTOPP_SET_FUNCTION_ENTRY(QuadraticResidueModPrime2) - ; -} - -// ***************************************************************************** -// private key operations: - -// generate a random private key -void InvertibleRabinFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - int modulusSize = 2048; - alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize); - - if (modulusSize < 16) - throw InvalidArgument("InvertibleRabinFunction: specified modulus size is too small"); - - // VC70 workaround: putting these after primeParam causes overlapped stack allocation - bool rFound=false, sFound=false; - Integer t=2; - - AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize) - ("EquivalentTo", 3)("Mod", 4); - m_p.GenerateRandom(rng, primeParam); - m_q.GenerateRandom(rng, primeParam); - - while (!(rFound && sFound)) - { - int jp = Jacobi(t, m_p); - int jq = Jacobi(t, m_q); - - if (!rFound && jp==1 && jq==-1) - { - m_r = t; - rFound = true; - } - - if (!sFound && jp==-1 && jq==1) - { - m_s = t; - sFound = true; - } - - ++t; - } - - m_n = m_p * m_q; - m_u = m_q.InverseMod(m_p); -} - -void InvertibleRabinFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - m_r.BERDecode(seq); - m_s.BERDecode(seq); - m_p.BERDecode(seq); - m_q.BERDecode(seq); - m_u.BERDecode(seq); - seq.MessageEnd(); -} - -void InvertibleRabinFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - m_r.DEREncode(seq); - m_s.DEREncode(seq); - m_p.DEREncode(seq); - m_q.DEREncode(seq); - m_u.DEREncode(seq); - seq.MessageEnd(); -} - -Integer InvertibleRabinFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &in) const -{ - DoQuickSanityCheck(); - - ModularArithmetic modn(m_n); - Integer r(rng, Integer::One(), m_n - Integer::One()); - r = modn.Square(r); - Integer r2 = modn.Square(r); - Integer c = modn.Multiply(in, r2); // blind - - Integer cp=c%m_p, cq=c%m_q; - - int jp = Jacobi(cp, m_p); - int jq = Jacobi(cq, m_q); - - if (jq==-1) - { - cp = cp*EuclideanMultiplicativeInverse(m_r, m_p)%m_p; - cq = cq*EuclideanMultiplicativeInverse(m_r, m_q)%m_q; - } - - if (jp==-1) - { - cp = cp*EuclideanMultiplicativeInverse(m_s, m_p)%m_p; - cq = cq*EuclideanMultiplicativeInverse(m_s, m_q)%m_q; - } - - cp = ModularSquareRoot(cp, m_p); - cq = ModularSquareRoot(cq, m_q); - - if (jp==-1) - cp = m_p-cp; - - Integer out = CRT(cq, m_q, cp, m_p, m_u); - - out = modn.Divide(out, r); // unblind - - if ((jq==-1 && out.IsEven()) || (jq==1 && out.IsOdd())) - out = m_n-out; - - return out; -} - -bool InvertibleRabinFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = RabinFunction::Validate(rng, level); - pass = pass && m_p > Integer::One() && m_p%4 == 3 && m_p < m_n; - pass = pass && m_q > Integer::One() && m_q%4 == 3 && m_q < m_n; - pass = pass && m_u.IsPositive() && m_u < m_p; - if (level >= 1) - { - pass = pass && m_p * m_q == m_n; - pass = pass && m_u * m_q % m_p == 1; - pass = pass && Jacobi(m_r, m_p) == 1; - pass = pass && Jacobi(m_r, m_q) == -1; - pass = pass && Jacobi(m_s, m_p) == -1; - pass = pass && Jacobi(m_s, m_q) == 1; - } - if (level >= 2) - pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); - return pass; -} - -bool InvertibleRabinFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper<RabinFunction>(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_GET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -void InvertibleRabinFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper<RabinFunction>(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -NAMESPACE_END diff --git a/cryptopp562/rabin.h b/cryptopp562/rabin.h deleted file mode 100644 index 1c9bcbb..0000000 --- a/cryptopp562/rabin.h +++ /dev/null @@ -1,107 +0,0 @@ -#ifndef CRYPTOPP_RABIN_H -#define CRYPTOPP_RABIN_H - -/** \file -*/ - -#include "oaep.h" -#include "pssr.h" -#include "integer.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class RabinFunction : public TrapdoorFunction, public PublicKey -{ - typedef RabinFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &r, const Integer &s) - {m_n = n; m_r = r; m_s = s;} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return m_n;} - Integer ImageBound() const {return m_n;} - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - const Integer& GetModulus() const {return m_n;} - const Integer& GetQuadraticResidueModPrime1() const {return m_r;} - const Integer& GetQuadraticResidueModPrime2() const {return m_s;} - - void SetModulus(const Integer &n) {m_n = n;} - void SetQuadraticResidueModPrime1(const Integer &r) {m_r = r;} - void SetQuadraticResidueModPrime2(const Integer &s) {m_s = s;} - -protected: - Integer m_n, m_r, m_s; -}; - -//! _ -class InvertibleRabinFunction : public RabinFunction, public TrapdoorFunctionInverse, public PrivateKey -{ - typedef InvertibleRabinFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &r, const Integer &s, - const Integer &p, const Integer &q, const Integer &u) - {m_n = n; m_r = r; m_s = s; m_p = p; m_q = q; m_u = u;} - void Initialize(RandomNumberGenerator &rng, unsigned int keybits) - {GenerateRandomWithKeySize(rng, keybits);} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - /*! parameters: (ModulusSize) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - - const Integer& GetPrime1() const {return m_p;} - const Integer& GetPrime2() const {return m_q;} - const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} - - void SetPrime1(const Integer &p) {m_p = p;} - void SetPrime2(const Integer &q) {m_q = q;} - void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} - -protected: - Integer m_p, m_q, m_u; -}; - -//! Rabin -struct Rabin -{ - static std::string StaticAlgorithmName() {return "Rabin-Crypto++Variant";} - typedef RabinFunction PublicKey; - typedef InvertibleRabinFunction PrivateKey; -}; - -//! Rabin encryption -template <class STANDARD> -struct RabinES : public TF_ES<STANDARD, Rabin> -{ -}; - -//! Rabin signature -template <class STANDARD, class H> -struct RabinSS : public TF_SS<STANDARD, H, Rabin> -{ -}; - -// More typedefs for backwards compatibility -class SHA1; -typedef RabinES<OAEP<SHA1> >::Decryptor RabinDecryptor; -typedef RabinES<OAEP<SHA1> >::Encryptor RabinEncryptor; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/randpool.cpp b/cryptopp562/randpool.cpp deleted file mode 100644 index a063c89..0000000 --- a/cryptopp562/randpool.cpp +++ /dev/null @@ -1,63 +0,0 @@ -// randpool.cpp - written and placed in the public domain by Wei Dai -// RandomPool used to follow the design of randpool in PGP 2.6.x, -// but as of version 5.5 it has been redesigned to reduce the risk -// of reusing random numbers after state rollback (which may occur -// when running in a virtual machine like VMware). - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "randpool.h" -#include "aes.h" -#include "sha.h" -#include "hrtimer.h" -#include <time.h> - -NAMESPACE_BEGIN(CryptoPP) - -RandomPool::RandomPool() - : m_pCipher(new AES::Encryption), m_keySet(false) -{ - memset(m_key, 0, m_key.SizeInBytes()); - memset(m_seed, 0, m_seed.SizeInBytes()); -} - -void RandomPool::IncorporateEntropy(const byte *input, size_t length) -{ - SHA256 hash; - hash.Update(m_key, 32); - hash.Update(input, length); - hash.Final(m_key); - m_keySet = false; -} - -void RandomPool::GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size) -{ - if (size > 0) - { - if (!m_keySet) - m_pCipher->SetKey(m_key, 32); - - Timer timer; - TimerWord tw = timer.GetCurrentTimerValue(); - CRYPTOPP_COMPILE_ASSERT(sizeof(tw) <= 16); - *(TimerWord *)m_seed.data() += tw; - - time_t t = time(NULL); - CRYPTOPP_COMPILE_ASSERT(sizeof(t) <= 8); - *(time_t *)(m_seed.data()+8) += t; - - do - { - m_pCipher->ProcessBlock(m_seed); - size_t len = UnsignedMin(16, size); - target.ChannelPut(channel, m_seed, len); - size -= len; - } while (size > 0); - } -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/randpool.h b/cryptopp562/randpool.h deleted file mode 100644 index c25bc9b..0000000 --- a/cryptopp562/randpool.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef CRYPTOPP_RANDPOOL_H -#define CRYPTOPP_RANDPOOL_H - -#include "cryptlib.h" -#include "filters.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Randomness Pool -/*! This class can be used to generate cryptographic quality - pseudorandom bytes after seeding the pool with IncorporateEntropy() */ -class CRYPTOPP_DLL RandomPool : public RandomNumberGenerator, public NotCopyable -{ -public: - RandomPool(); - - bool CanIncorporateEntropy() const {return true;} - void IncorporateEntropy(const byte *input, size_t length); - void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size); - - // for backwards compatibility. use RandomNumberSource, RandomNumberStore, and RandomNumberSink for other BufferTransformation functionality - void Put(const byte *input, size_t length) {IncorporateEntropy(input, length);} - -private: - FixedSizeSecBlock<byte, 32> m_key; - FixedSizeSecBlock<byte, 16> m_seed; - member_ptr<BlockCipher> m_pCipher; - bool m_keySet; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rc2.cpp b/cryptopp562/rc2.cpp deleted file mode 100644 index 48df2ef..0000000 --- a/cryptopp562/rc2.cpp +++ /dev/null @@ -1,118 +0,0 @@ -// rc2.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "rc2.h" -#include "misc.h" -#include "argnames.h" - -NAMESPACE_BEGIN(CryptoPP) - -void RC2::Base::UncheckedSetKey(const byte *key, unsigned int keyLen, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(keyLen); - - int effectiveLen = params.GetIntValueWithDefault(Name::EffectiveKeyLength(), DEFAULT_EFFECTIVE_KEYLENGTH); - if (effectiveLen > MAX_EFFECTIVE_KEYLENGTH) - throw InvalidArgument("RC2: effective key length parameter exceeds maximum"); - - static const unsigned char PITABLE[256] = { - 217,120,249,196, 25,221,181,237, 40,233,253,121, 74,160,216,157, - 198,126, 55,131, 43,118, 83,142, 98, 76,100,136, 68,139,251,162, - 23,154, 89,245,135,179, 79, 19, 97, 69,109,141, 9,129,125, 50, - 189,143, 64,235,134,183,123, 11,240,149, 33, 34, 92,107, 78,130, - 84,214,101,147,206, 96,178, 28,115, 86,192, 20,167,140,241,220, - 18,117,202, 31, 59,190,228,209, 66, 61,212, 48,163, 60,182, 38, - 111,191, 14,218, 70,105, 7, 87, 39,242, 29,155,188,148, 67, 3, - 248, 17,199,246,144,239, 62,231, 6,195,213, 47,200,102, 30,215, - 8,232,234,222,128, 82,238,247,132,170,114,172, 53, 77,106, 42, - 150, 26,210,113, 90, 21, 73,116, 75,159,208, 94, 4, 24,164,236, - 194,224, 65,110, 15, 81,203,204, 36,145,175, 80,161,244,112, 57, - 153,124, 58,133, 35,184,180,122,252, 2, 54, 91, 37, 85,151, 49, - 45, 93,250,152,227,138,146,174, 5,223, 41, 16,103,108,186,201, - 211, 0,230,207,225,158,168, 44, 99, 22, 1, 63, 88,226,137,169, - 13, 56, 52, 27,171, 51,255,176,187, 72, 12, 95,185,177,205, 46, - 197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173}; - - SecByteBlock L(128); - memcpy(L, key, keyLen); - - int i; - for (i=keyLen; i<128; i++) - L[i] = PITABLE[(L[i-1] + L[i-keyLen]) & 255]; - - unsigned int T8 = (effectiveLen+7) / 8; - byte TM = 255 >> ((8-(effectiveLen%8))%8); - L[128-T8] = PITABLE[L[128-T8] & TM]; - - for (i=127-T8; i>=0; i--) - L[i] = PITABLE[L[i+1] ^ L[i+T8]]; - - for (i=0; i<64; i++) - K[i] = L[2*i] + (L[2*i+1] << 8); -} - -typedef BlockGetAndPut<word16, LittleEndian> Block; - -void RC2::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word16 R0, R1, R2, R3; - Block::Get(inBlock)(R0)(R1)(R2)(R3); - - for (int i = 0; i < 16; i++) - { - R0 += (R1 & ~R3) + (R2 & R3) + K[4*i+0]; - R0 = rotlFixed(R0, 1); - - R1 += (R2 & ~R0) + (R3 & R0) + K[4*i+1]; - R1 = rotlFixed(R1, 2); - - R2 += (R3 & ~R1) + (R0 & R1) + K[4*i+2]; - R2 = rotlFixed(R2, 3); - - R3 += (R0 & ~R2) + (R1 & R2) + K[4*i+3]; - R3 = rotlFixed(R3, 5); - - if (i == 4 || i == 10) - { - R0 += K[R3 & 63]; - R1 += K[R0 & 63]; - R2 += K[R1 & 63]; - R3 += K[R2 & 63]; - } - } - - Block::Put(xorBlock, outBlock)(R0)(R1)(R2)(R3); -} - -void RC2::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word16 R0, R1, R2, R3; - Block::Get(inBlock)(R0)(R1)(R2)(R3); - - for (int i = 15; i >= 0; i--) - { - if (i == 4 || i == 10) - { - R3 -= K[R2 & 63]; - R2 -= K[R1 & 63]; - R1 -= K[R0 & 63]; - R0 -= K[R3 & 63]; - } - - R3 = rotrFixed(R3, 5); - R3 -= (R0 & ~R2) + (R1 & R2) + K[4*i+3]; - - R2 = rotrFixed(R2, 3); - R2 -= (R3 & ~R1) + (R0 & R1) + K[4*i+2]; - - R1 = rotrFixed(R1, 2); - R1 -= (R2 & ~R0) + (R3 & R0) + K[4*i+1]; - - R0 = rotrFixed(R0, 1); - R0 -= (R1 & ~R3) + (R2 & R3) + K[4*i+0]; - } - - Block::Put(xorBlock, outBlock)(R0)(R1)(R2)(R3); -} - -NAMESPACE_END diff --git a/cryptopp562/rc2.h b/cryptopp562/rc2.h deleted file mode 100644 index ebff798..0000000 --- a/cryptopp562/rc2.h +++ /dev/null @@ -1,73 +0,0 @@ -#ifndef CRYPTOPP_RC2_H -#define CRYPTOPP_RC2_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" -#include "algparam.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct RC2_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 1, 128> -{ - CRYPTOPP_CONSTANT(DEFAULT_EFFECTIVE_KEYLENGTH = 1024) - CRYPTOPP_CONSTANT(MAX_EFFECTIVE_KEYLENGTH = 1024) - static const char *StaticAlgorithmName() {return "RC2";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#RC2">RC2</a> -class RC2 : public RC2_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<RC2_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - unsigned int OptimalDataAlignment() const {return GetAlignmentOf<word16>();} - - protected: - FixedSizeSecBlock<word16, 64> K; // expanded key table - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - class Encryption : public BlockCipherFinal<ENCRYPTION, Enc> - { - public: - Encryption() {} - Encryption(const byte *key, size_t keyLen=DEFAULT_KEYLENGTH) - {SetKey(key, keyLen);} - Encryption(const byte *key, size_t keyLen, int effectiveKeyLen) - {SetKey(key, keyLen, MakeParameters("EffectiveKeyLength", effectiveKeyLen));} - }; - - class Decryption : public BlockCipherFinal<DECRYPTION, Dec> - { - public: - Decryption() {} - Decryption(const byte *key, size_t keyLen=DEFAULT_KEYLENGTH) - {SetKey(key, keyLen);} - Decryption(const byte *key, size_t keyLen, int effectiveKeyLen) - {SetKey(key, keyLen, MakeParameters("EffectiveKeyLength", effectiveKeyLen));} - }; -}; - -typedef RC2::Encryption RC2Encryption; -typedef RC2::Decryption RC2Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rc5.cpp b/cryptopp562/rc5.cpp deleted file mode 100644 index 2b730de..0000000 --- a/cryptopp562/rc5.cpp +++ /dev/null @@ -1,79 +0,0 @@ -// rc5.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "rc5.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void RC5::Base::UncheckedSetKey(const byte *k, unsigned int keylen, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(keylen); - - r = GetRoundsAndThrowIfInvalid(params, this); - sTable.New(2*(r+1)); - - static const RC5_WORD MAGIC_P = 0xb7e15163L; // magic constant P for wordsize - static const RC5_WORD MAGIC_Q = 0x9e3779b9L; // magic constant Q for wordsize - static const int U=sizeof(RC5_WORD); - - const unsigned int c = STDMAX((keylen+U-1)/U, 1U); // RC6 paper says c=1 if keylen==0 - SecBlock<RC5_WORD> l(c); - - GetUserKey(LITTLE_ENDIAN_ORDER, l.begin(), c, k, keylen); - - sTable[0] = MAGIC_P; - for (unsigned j=1; j<sTable.size();j++) - sTable[j] = sTable[j-1] + MAGIC_Q; - - RC5_WORD a=0, b=0; - const unsigned n = 3*STDMAX((unsigned int)sTable.size(), c); - - for (unsigned h=0; h < n; h++) - { - a = sTable[h % sTable.size()] = rotlFixed((sTable[h % sTable.size()] + a + b), 3); - b = l[h % c] = rotlMod((l[h % c] + a + b), (a+b)); - } -} - -typedef BlockGetAndPut<RC5::RC5_WORD, LittleEndian> Block; - -void RC5::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - const RC5_WORD *sptr = sTable; - RC5_WORD a, b; - - Block::Get(inBlock)(a)(b); - a += sptr[0]; - b += sptr[1]; - sptr += 2; - - for(unsigned i=0; i<r; i++) - { - a = rotlMod(a^b,b) + sptr[2*i+0]; - b = rotlMod(a^b,a) + sptr[2*i+1]; - } - - Block::Put(xorBlock, outBlock)(a)(b); -} - -void RC5::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - const RC5_WORD *sptr = sTable.end(); - RC5_WORD a, b; - - Block::Get(inBlock)(a)(b); - - for (unsigned i=0; i<r; i++) - { - sptr-=2; - b = rotrMod(b-sptr[1], a) ^ a; - a = rotrMod(a-sptr[0], b) ^ b; - } - b -= sTable[1]; - a -= sTable[0]; - - Block::Put(xorBlock, outBlock)(a)(b); -} - -NAMESPACE_END diff --git a/cryptopp562/rc5.h b/cryptopp562/rc5.h deleted file mode 100644 index f842a9b..0000000 --- a/cryptopp562/rc5.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef CRYPTOPP_RC5_H -#define CRYPTOPP_RC5_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct RC5_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 0, 255>, public VariableRounds<16> -{ - static const char *StaticAlgorithmName() {return "RC5";} - typedef word32 RC5_WORD; -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#RC5">RC5</a> -class RC5 : public RC5_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<RC5_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - unsigned int r; // number of rounds - SecBlock<RC5_WORD> sTable; // expanded key table - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef RC5::Encryption RC5Encryption; -typedef RC5::Decryption RC5Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rc6.cpp b/cryptopp562/rc6.cpp deleted file mode 100644 index e58cb6a..0000000 --- a/cryptopp562/rc6.cpp +++ /dev/null @@ -1,96 +0,0 @@ -// rc6.cpp - written and placed in the public domain by Sean Woods -// based on Wei Dai's RC5 code. - -#include "pch.h" -#include "rc6.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void RC6::Base::UncheckedSetKey(const byte *k, unsigned int keylen, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(keylen); - - r = GetRoundsAndThrowIfInvalid(params, this); - sTable.New(2*(r+2)); - - static const RC6_WORD MAGIC_P = 0xb7e15163L; // magic constant P for wordsize - static const RC6_WORD MAGIC_Q = 0x9e3779b9L; // magic constant Q for wordsize - static const int U=sizeof(RC6_WORD); - - const unsigned int c = STDMAX((keylen+U-1)/U, 1U); // RC6 paper says c=1 if keylen==0 - SecBlock<RC6_WORD> l(c); - - GetUserKey(LITTLE_ENDIAN_ORDER, l.begin(), c, k, keylen); - - sTable[0] = MAGIC_P; - for (unsigned j=1; j<sTable.size();j++) - sTable[j] = sTable[j-1] + MAGIC_Q; - - RC6_WORD a=0, b=0; - const unsigned n = 3*STDMAX((unsigned int)sTable.size(), c); - - for (unsigned h=0; h < n; h++) - { - a = sTable[h % sTable.size()] = rotlFixed((sTable[h % sTable.size()] + a + b), 3); - b = l[h % c] = rotlMod((l[h % c] + a + b), (a+b)); - } -} - -typedef BlockGetAndPut<RC6::RC6_WORD, LittleEndian> Block; - -void RC6::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - const RC6_WORD *sptr = sTable; - RC6_WORD a, b, c, d, t, u; - - Block::Get(inBlock)(a)(b)(c)(d); - b += sptr[0]; - d += sptr[1]; - sptr += 2; - - for(unsigned i=0; i<r; i++) - { - t = rotlFixed(b*(2*b+1), 5); - u = rotlFixed(d*(2*d+1), 5); - a = rotlMod(a^t,u) + sptr[0]; - c = rotlMod(c^u,t) + sptr[1]; - t = a; a = b; b = c; c = d; d = t; - sptr += 2; - } - - a += sptr[0]; - c += sptr[1]; - - Block::Put(xorBlock, outBlock)(a)(b)(c)(d); -} - -void RC6::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - const RC6_WORD *sptr = sTable.end(); - RC6_WORD a, b, c, d, t, u; - - Block::Get(inBlock)(a)(b)(c)(d); - - sptr -= 2; - c -= sptr[1]; - a -= sptr[0]; - - for (unsigned i=0; i < r; i++) - { - sptr -= 2; - t = a; a = d; d = c; c = b; b = t; - u = rotlFixed(d*(2*d+1), 5); - t = rotlFixed(b*(2*b+1), 5); - c = rotrMod(c-sptr[1], t) ^ u; - a = rotrMod(a-sptr[0], u) ^ t; - } - - sptr -= 2; - d -= sTable[1]; - b -= sTable[0]; - - Block::Put(xorBlock, outBlock)(a)(b)(c)(d); -} - -NAMESPACE_END diff --git a/cryptopp562/rc6.h b/cryptopp562/rc6.h deleted file mode 100644 index df3d1ee..0000000 --- a/cryptopp562/rc6.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef CRYPTOPP_RC6_H -#define CRYPTOPP_RC6_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct RC6_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 0, 255>, public VariableRounds<20> -{ - static const char *StaticAlgorithmName() {return "RC6";} - typedef word32 RC6_WORD; -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#RC6">RC6</a> -class RC6 : public RC6_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<RC6_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - unsigned int r; // number of rounds - SecBlock<RC6_WORD> sTable; // expanded key table - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef RC6::Encryption RC6Encryption; -typedef RC6::Decryption RC6Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rdtables.cpp b/cryptopp562/rdtables.cpp deleted file mode 100644 index 4937932..0000000 --- a/cryptopp562/rdtables.cpp +++ /dev/null @@ -1,172 +0,0 @@ -// Rijndael tables - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "rijndael.h" - -// VC60 workaround: gives a C4786 warning without this function -// when runtime lib is set to multithread debug DLL -// even though warning 4786 is disabled! -void Rijndael_VC60Workaround() -{ -} - -NAMESPACE_BEGIN(CryptoPP) - -/* -Te0[x] = S [x].[02, 01, 01, 03]; -Te1[x] = S [x].[03, 02, 01, 01]; -Te2[x] = S [x].[01, 03, 02, 01]; -Te3[x] = S [x].[01, 01, 03, 02]; - -Td0[x] = Si[x].[0e, 09, 0d, 0b]; -Td1[x] = Si[x].[0b, 0e, 09, 0d]; -Td2[x] = Si[x].[0d, 0b, 0e, 09]; -Td3[x] = Si[x].[09, 0d, 0b, 0e]; -*/ - -const byte Rijndael::Base::Se[256] = { - 0x63, 0x7c, 0x77, 0x7b, - 0xf2, 0x6b, 0x6f, 0xc5, - 0x30, 0x01, 0x67, 0x2b, - 0xfe, 0xd7, 0xab, 0x76, - 0xca, 0x82, 0xc9, 0x7d, - 0xfa, 0x59, 0x47, 0xf0, - 0xad, 0xd4, 0xa2, 0xaf, - 0x9c, 0xa4, 0x72, 0xc0, - 0xb7, 0xfd, 0x93, 0x26, - 0x36, 0x3f, 0xf7, 0xcc, - 0x34, 0xa5, 0xe5, 0xf1, - 0x71, 0xd8, 0x31, 0x15, - 0x04, 0xc7, 0x23, 0xc3, - 0x18, 0x96, 0x05, 0x9a, - 0x07, 0x12, 0x80, 0xe2, - 0xeb, 0x27, 0xb2, 0x75, - 0x09, 0x83, 0x2c, 0x1a, - 0x1b, 0x6e, 0x5a, 0xa0, - 0x52, 0x3b, 0xd6, 0xb3, - 0x29, 0xe3, 0x2f, 0x84, - 0x53, 0xd1, 0x00, 0xed, - 0x20, 0xfc, 0xb1, 0x5b, - 0x6a, 0xcb, 0xbe, 0x39, - 0x4a, 0x4c, 0x58, 0xcf, - 0xd0, 0xef, 0xaa, 0xfb, - 0x43, 0x4d, 0x33, 0x85, - 0x45, 0xf9, 0x02, 0x7f, - 0x50, 0x3c, 0x9f, 0xa8, - 0x51, 0xa3, 0x40, 0x8f, - 0x92, 0x9d, 0x38, 0xf5, - 0xbc, 0xb6, 0xda, 0x21, - 0x10, 0xff, 0xf3, 0xd2, - 0xcd, 0x0c, 0x13, 0xec, - 0x5f, 0x97, 0x44, 0x17, - 0xc4, 0xa7, 0x7e, 0x3d, - 0x64, 0x5d, 0x19, 0x73, - 0x60, 0x81, 0x4f, 0xdc, - 0x22, 0x2a, 0x90, 0x88, - 0x46, 0xee, 0xb8, 0x14, - 0xde, 0x5e, 0x0b, 0xdb, - 0xe0, 0x32, 0x3a, 0x0a, - 0x49, 0x06, 0x24, 0x5c, - 0xc2, 0xd3, 0xac, 0x62, - 0x91, 0x95, 0xe4, 0x79, - 0xe7, 0xc8, 0x37, 0x6d, - 0x8d, 0xd5, 0x4e, 0xa9, - 0x6c, 0x56, 0xf4, 0xea, - 0x65, 0x7a, 0xae, 0x08, - 0xba, 0x78, 0x25, 0x2e, - 0x1c, 0xa6, 0xb4, 0xc6, - 0xe8, 0xdd, 0x74, 0x1f, - 0x4b, 0xbd, 0x8b, 0x8a, - 0x70, 0x3e, 0xb5, 0x66, - 0x48, 0x03, 0xf6, 0x0e, - 0x61, 0x35, 0x57, 0xb9, - 0x86, 0xc1, 0x1d, 0x9e, - 0xe1, 0xf8, 0x98, 0x11, - 0x69, 0xd9, 0x8e, 0x94, - 0x9b, 0x1e, 0x87, 0xe9, - 0xce, 0x55, 0x28, 0xdf, - 0x8c, 0xa1, 0x89, 0x0d, - 0xbf, 0xe6, 0x42, 0x68, - 0x41, 0x99, 0x2d, 0x0f, - 0xb0, 0x54, 0xbb, 0x16, -}; - -const byte Rijndael::Base::Sd[256] = { - 0x52, 0x09, 0x6a, 0xd5, - 0x30, 0x36, 0xa5, 0x38, - 0xbf, 0x40, 0xa3, 0x9e, - 0x81, 0xf3, 0xd7, 0xfb, - 0x7c, 0xe3, 0x39, 0x82, - 0x9b, 0x2f, 0xff, 0x87, - 0x34, 0x8e, 0x43, 0x44, - 0xc4, 0xde, 0xe9, 0xcb, - 0x54, 0x7b, 0x94, 0x32, - 0xa6, 0xc2, 0x23, 0x3d, - 0xee, 0x4c, 0x95, 0x0b, - 0x42, 0xfa, 0xc3, 0x4e, - 0x08, 0x2e, 0xa1, 0x66, - 0x28, 0xd9, 0x24, 0xb2, - 0x76, 0x5b, 0xa2, 0x49, - 0x6d, 0x8b, 0xd1, 0x25, - 0x72, 0xf8, 0xf6, 0x64, - 0x86, 0x68, 0x98, 0x16, - 0xd4, 0xa4, 0x5c, 0xcc, - 0x5d, 0x65, 0xb6, 0x92, - 0x6c, 0x70, 0x48, 0x50, - 0xfd, 0xed, 0xb9, 0xda, - 0x5e, 0x15, 0x46, 0x57, - 0xa7, 0x8d, 0x9d, 0x84, - 0x90, 0xd8, 0xab, 0x00, - 0x8c, 0xbc, 0xd3, 0x0a, - 0xf7, 0xe4, 0x58, 0x05, - 0xb8, 0xb3, 0x45, 0x06, - 0xd0, 0x2c, 0x1e, 0x8f, - 0xca, 0x3f, 0x0f, 0x02, - 0xc1, 0xaf, 0xbd, 0x03, - 0x01, 0x13, 0x8a, 0x6b, - 0x3a, 0x91, 0x11, 0x41, - 0x4f, 0x67, 0xdc, 0xea, - 0x97, 0xf2, 0xcf, 0xce, - 0xf0, 0xb4, 0xe6, 0x73, - 0x96, 0xac, 0x74, 0x22, - 0xe7, 0xad, 0x35, 0x85, - 0xe2, 0xf9, 0x37, 0xe8, - 0x1c, 0x75, 0xdf, 0x6e, - 0x47, 0xf1, 0x1a, 0x71, - 0x1d, 0x29, 0xc5, 0x89, - 0x6f, 0xb7, 0x62, 0x0e, - 0xaa, 0x18, 0xbe, 0x1b, - 0xfc, 0x56, 0x3e, 0x4b, - 0xc6, 0xd2, 0x79, 0x20, - 0x9a, 0xdb, 0xc0, 0xfe, - 0x78, 0xcd, 0x5a, 0xf4, - 0x1f, 0xdd, 0xa8, 0x33, - 0x88, 0x07, 0xc7, 0x31, - 0xb1, 0x12, 0x10, 0x59, - 0x27, 0x80, 0xec, 0x5f, - 0x60, 0x51, 0x7f, 0xa9, - 0x19, 0xb5, 0x4a, 0x0d, - 0x2d, 0xe5, 0x7a, 0x9f, - 0x93, 0xc9, 0x9c, 0xef, - 0xa0, 0xe0, 0x3b, 0x4d, - 0xae, 0x2a, 0xf5, 0xb0, - 0xc8, 0xeb, 0xbb, 0x3c, - 0x83, 0x53, 0x99, 0x61, - 0x17, 0x2b, 0x04, 0x7e, - 0xba, 0x77, 0xd6, 0x26, - 0xe1, 0x69, 0x14, 0x63, - 0x55, 0x21, 0x0c, 0x7d, -}; - -const word32 Rijndael::Base::rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/regtest.cpp b/cryptopp562/regtest.cpp deleted file mode 100644 index 49a67c4..0000000 --- a/cryptopp562/regtest.cpp +++ /dev/null @@ -1,153 +0,0 @@ -#include "factory.h" - -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "modes.h" -#include "dh.h" -#include "esign.h" -#include "md2.h" -#include "rw.h" -#include "md5.h" -#include "rsa.h" -#include "ripemd.h" -#include "dsa.h" -#include "seal.h" -#include "whrlpool.h" -#include "ttmac.h" -#include "camellia.h" -#include "shacal2.h" -#include "tea.h" -#include "panama.h" -#include "pssr.h" -#include "aes.h" -#include "salsa.h" -#include "vmac.h" -#include "tiger.h" -#include "md5.h" -#include "sosemanuk.h" -#include "arc4.h" -#include "ccm.h" -#include "gcm.h" -#include "eax.h" -#include "twofish.h" -#include "serpent.h" -#include "cast.h" -#include "rc6.h" -#include "mars.h" -#include "des.h" -#include "idea.h" -#include "rc5.h" -#include "tea.h" -#include "skipjack.h" -#include "cmac.h" -#include "dmac.h" -#include "blowfish.h" -#include "seed.h" -#include "wake.h" -#include "seal.h" -#include "crc.h" -#include "adler32.h" -#include "sha3.h" - -USING_NAMESPACE(CryptoPP) - -void RegisterFactories() -{ - static bool s_registered = false; - if (s_registered) - return; - - RegisterDefaultFactoryFor<SimpleKeyAgreementDomain, DH>(); - RegisterDefaultFactoryFor<HashTransformation, CRC32>(); - RegisterDefaultFactoryFor<HashTransformation, Adler32>(); - RegisterDefaultFactoryFor<HashTransformation, Weak::MD5>(); - RegisterDefaultFactoryFor<HashTransformation, SHA1>(); - RegisterDefaultFactoryFor<HashTransformation, SHA224>(); - RegisterDefaultFactoryFor<HashTransformation, SHA256>(); - RegisterDefaultFactoryFor<HashTransformation, SHA384>(); - RegisterDefaultFactoryFor<HashTransformation, SHA512>(); - RegisterDefaultFactoryFor<HashTransformation, Whirlpool>(); - RegisterDefaultFactoryFor<HashTransformation, Tiger>(); - RegisterDefaultFactoryFor<HashTransformation, RIPEMD160>(); - RegisterDefaultFactoryFor<HashTransformation, RIPEMD320>(); - RegisterDefaultFactoryFor<HashTransformation, RIPEMD128>(); - RegisterDefaultFactoryFor<HashTransformation, RIPEMD256>(); - RegisterDefaultFactoryFor<HashTransformation, Weak::PanamaHash<LittleEndian> >(); - RegisterDefaultFactoryFor<HashTransformation, Weak::PanamaHash<BigEndian> >(); - RegisterDefaultFactoryFor<HashTransformation, SHA3_224>(); - RegisterDefaultFactoryFor<HashTransformation, SHA3_256>(); - RegisterDefaultFactoryFor<HashTransformation, SHA3_384>(); - RegisterDefaultFactoryFor<HashTransformation, SHA3_512>(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<Weak::MD5> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA1> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<RIPEMD160> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA224> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA256> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA384> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA512> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, TTMAC>(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, VMAC<AES> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, VMAC<AES, 64> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, Weak::PanamaMAC<LittleEndian> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, Weak::PanamaMAC<BigEndian> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, CMAC<AES> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, DMAC<AES> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, CMAC<DES_EDE3> >(); - RegisterAsymmetricCipherDefaultFactories<RSAES<OAEP<SHA1> > >("RSA/OAEP-MGF1(SHA-1)"); - RegisterAsymmetricCipherDefaultFactories<DLIES<> >("DLIES(NoCofactorMultiplication, KDF2(SHA-1), XOR, HMAC(SHA-1), DHAES)"); - RegisterSignatureSchemeDefaultFactories<DSA>(); - RegisterSignatureSchemeDefaultFactories<DSA2<SHA224> >(); - RegisterSignatureSchemeDefaultFactories<DSA2<SHA256> >(); - RegisterSignatureSchemeDefaultFactories<DSA2<SHA384> >(); - RegisterSignatureSchemeDefaultFactories<DSA2<SHA512> >(); - RegisterSignatureSchemeDefaultFactories<NR<SHA1> >("NR(1363)/EMSA1(SHA-1)"); - RegisterSignatureSchemeDefaultFactories<GDSA<SHA1> >("DSA-1363/EMSA1(SHA-1)"); - RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, Weak::MD2> >("RSA/PKCS1-1.5(MD2)"); - RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, SHA1> >("RSA/PKCS1-1.5(SHA-1)"); - RegisterSignatureSchemeDefaultFactories<ESIGN<SHA1> >("ESIGN/EMSA5-MGF1(SHA-1)"); - RegisterSignatureSchemeDefaultFactories<RWSS<P1363_EMSA2, SHA1> >("RW/EMSA2(SHA-1)"); - RegisterSignatureSchemeDefaultFactories<RSASS<PSS, SHA1> >("RSA/PSS-MGF1(SHA-1)"); - RegisterSymmetricCipherDefaultFactories<SEAL<> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<SHACAL2> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<Camellia> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<TEA> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<XTEA> >(); - RegisterSymmetricCipherDefaultFactories<PanamaCipher<LittleEndian> >(); - RegisterSymmetricCipherDefaultFactories<PanamaCipher<BigEndian> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<AES> >(); - RegisterSymmetricCipherDefaultFactories<CBC_Mode<AES> >(); - RegisterSymmetricCipherDefaultFactories<CFB_Mode<AES> >(); - RegisterSymmetricCipherDefaultFactories<OFB_Mode<AES> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<AES> >(); - RegisterSymmetricCipherDefaultFactories<Salsa20>(); - RegisterSymmetricCipherDefaultFactories<XSalsa20>(); - RegisterSymmetricCipherDefaultFactories<Sosemanuk>(); - RegisterSymmetricCipherDefaultFactories<Weak::MARC4>(); - RegisterSymmetricCipherDefaultFactories<WAKE_OFB<LittleEndian> >(); - RegisterSymmetricCipherDefaultFactories<WAKE_OFB<BigEndian> >(); - RegisterSymmetricCipherDefaultFactories<SEAL<LittleEndian> >(); - RegisterAuthenticatedSymmetricCipherDefaultFactories<CCM<AES> >(); - RegisterAuthenticatedSymmetricCipherDefaultFactories<GCM<AES> >(); - RegisterAuthenticatedSymmetricCipherDefaultFactories<EAX<AES> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<Camellia> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<Twofish> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<Serpent> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<CAST256> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<RC6> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<MARS> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<MARS> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<SHACAL2> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<DES> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<DES_XEX3> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<DES_EDE3> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<IDEA> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<RC5> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<TEA> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<XTEA> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<CAST128> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<SKIPJACK> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<Blowfish> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<SEED> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<SEED> >(); - - s_registered = true; -} diff --git a/cryptopp562/resource.h b/cryptopp562/resource.h deleted file mode 100644 index 861e22b..0000000 --- a/cryptopp562/resource.h +++ /dev/null @@ -1,15 +0,0 @@ -//{{NO_DEPENDENCIES}} -// Microsoft Developer Studio generated include file. -// Used by cryptopp.rc -// - -// Next default values for new objects -// -#ifdef APSTUDIO_INVOKED -#ifndef APSTUDIO_READONLY_SYMBOLS -#define _APS_NEXT_RESOURCE_VALUE 101 -#define _APS_NEXT_COMMAND_VALUE 40001 -#define _APS_NEXT_CONTROL_VALUE 1000 -#define _APS_NEXT_SYMED_VALUE 101 -#endif -#endif diff --git a/cryptopp562/rijndael.cpp b/cryptopp562/rijndael.cpp deleted file mode 100644 index c185032..0000000 --- a/cryptopp562/rijndael.cpp +++ /dev/null @@ -1,1261 +0,0 @@ -// rijndael.cpp - modified by Chris Morgan <cmorgan@wpi.edu> -// and Wei Dai from Paulo Baretto's Rijndael implementation -// The original code and all modifications are in the public domain. - -// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM rijndael.cpp" to generate MASM code - -/* -July 2010: Added support for AES-NI instructions via compiler intrinsics. -*/ - -/* -Feb 2009: The x86/x64 assembly code was rewritten in by Wei Dai to do counter mode -caching, which was invented by Hongjun Wu and popularized by Daniel J. Bernstein -and Peter Schwabe in their paper "New AES software speed records". The round -function was also modified to include a trick similar to one in Brian Gladman's -x86 assembly code, doing an 8-bit register move to minimize the number of -register spills. Also switched to compressed tables and copying round keys to -the stack. - -The C++ implementation now uses compressed tables if -CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined. -*/ - -/* -July 2006: Defense against timing attacks was added in by Wei Dai. - -The code now uses smaller tables in the first and last rounds, -and preloads them into L1 cache before usage (by loading at least -one element in each cache line). - -We try to delay subsequent accesses to each table (used in the first -and last rounds) until all of the table has been preloaded. Hopefully -the compiler isn't smart enough to optimize that code away. - -After preloading the table, we also try not to access any memory location -other than the table and the stack, in order to prevent table entries from -being unloaded from L1 cache, until that round is finished. -(Some popular CPUs have 2-way associative caches.) -*/ - -// This is the original introductory comment: - -/** - * version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> - * author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> - * author Paulo Barreto <paulo.barreto@terra.com.br> - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#include "rijndael.h" -#include "misc.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) -namespace rdtable {CRYPTOPP_ALIGN_DATA(16) word64 Te[256+2];} -using namespace rdtable; -#else -static word64 Te[256]; -#endif -static word64 Td[256]; -#else -static word32 Te[256*4], Td[256*4]; -#endif -static volatile bool s_TeFilled = false, s_TdFilled = false; - -// ************************* Portable Code ************************************ - -#define QUARTER_ROUND(L, T, t, a, b, c, d) \ - a ^= L(T, 3, byte(t)); t >>= 8;\ - b ^= L(T, 2, byte(t)); t >>= 8;\ - c ^= L(T, 1, byte(t)); t >>= 8;\ - d ^= L(T, 0, t); - -#define QUARTER_ROUND_LE(t, a, b, c, d) \ - tempBlock[a] = ((byte *)(Te+byte(t)))[1]; t >>= 8;\ - tempBlock[b] = ((byte *)(Te+byte(t)))[1]; t >>= 8;\ - tempBlock[c] = ((byte *)(Te+byte(t)))[1]; t >>= 8;\ - tempBlock[d] = ((byte *)(Te+t))[1]; - -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - #define QUARTER_ROUND_LD(t, a, b, c, d) \ - tempBlock[a] = ((byte *)(Td+byte(t)))[GetNativeByteOrder()*7]; t >>= 8;\ - tempBlock[b] = ((byte *)(Td+byte(t)))[GetNativeByteOrder()*7]; t >>= 8;\ - tempBlock[c] = ((byte *)(Td+byte(t)))[GetNativeByteOrder()*7]; t >>= 8;\ - tempBlock[d] = ((byte *)(Td+t))[GetNativeByteOrder()*7]; -#else - #define QUARTER_ROUND_LD(t, a, b, c, d) \ - tempBlock[a] = Sd[byte(t)]; t >>= 8;\ - tempBlock[b] = Sd[byte(t)]; t >>= 8;\ - tempBlock[c] = Sd[byte(t)]; t >>= 8;\ - tempBlock[d] = Sd[t]; -#endif - -#define QUARTER_ROUND_E(t, a, b, c, d) QUARTER_ROUND(TL_M, Te, t, a, b, c, d) -#define QUARTER_ROUND_D(t, a, b, c, d) QUARTER_ROUND(TL_M, Td, t, a, b, c, d) - -#ifdef IS_LITTLE_ENDIAN - #define QUARTER_ROUND_FE(t, a, b, c, d) QUARTER_ROUND(TL_F, Te, t, d, c, b, a) - #define QUARTER_ROUND_FD(t, a, b, c, d) QUARTER_ROUND(TL_F, Td, t, d, c, b, a) - #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - #define TL_F(T, i, x) (*(word32 *)((byte *)T + x*8 + (6-i)%4+1)) - #define TL_M(T, i, x) (*(word32 *)((byte *)T + x*8 + (i+3)%4+1)) - #else - #define TL_F(T, i, x) rotrFixed(T[x], (3-i)*8) - #define TL_M(T, i, x) T[i*256 + x] - #endif -#else - #define QUARTER_ROUND_FE(t, a, b, c, d) QUARTER_ROUND(TL_F, Te, t, a, b, c, d) - #define QUARTER_ROUND_FD(t, a, b, c, d) QUARTER_ROUND(TL_F, Td, t, a, b, c, d) - #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - #define TL_F(T, i, x) (*(word32 *)((byte *)T + x*8 + (4-i)%4)) - #define TL_M TL_F - #else - #define TL_F(T, i, x) rotrFixed(T[x], i*8) - #define TL_M(T, i, x) T[i*256 + x] - #endif -#endif - - -#define f2(x) ((x<<1)^(((x>>7)&1)*0x11b)) -#define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b)) -#define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b)) - -#define f3(x) (f2(x) ^ x) -#define f9(x) (f8(x) ^ x) -#define fb(x) (f8(x) ^ f2(x) ^ x) -#define fd(x) (f8(x) ^ f4(x) ^ x) -#define fe(x) (f8(x) ^ f4(x) ^ f2(x)) - -void Rijndael::Base::FillEncTable() -{ - for (int i=0; i<256; i++) - { - byte x = Se[i]; -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - word32 y = word32(x)<<8 | word32(x)<<16 | word32(f2(x))<<24; - Te[i] = word64(y | f3(x))<<32 | y; -#else - word32 y = f3(x) | word32(x)<<8 | word32(x)<<16 | word32(f2(x))<<24; - for (int j=0; j<4; j++) - { - Te[i+j*256] = y; - y = rotrFixed(y, 8); - } -#endif - } -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - Te[256] = Te[257] = 0; -#endif - s_TeFilled = true; -} - -void Rijndael::Base::FillDecTable() -{ - for (int i=0; i<256; i++) - { - byte x = Sd[i]; -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - word32 y = word32(fd(x))<<8 | word32(f9(x))<<16 | word32(fe(x))<<24; - Td[i] = word64(y | fb(x))<<32 | y | x; -#else - word32 y = fb(x) | word32(fd(x))<<8 | word32(f9(x))<<16 | word32(fe(x))<<24;; - for (int j=0; j<4; j++) - { - Td[i+j*256] = y; - y = rotrFixed(y, 8); - } -#endif - } - s_TdFilled = true; -} - -void Rijndael::Base::UncheckedSetKey(const byte *userKey, unsigned int keylen, const NameValuePairs &) -{ - AssertValidKeyLength(keylen); - - m_rounds = keylen/4 + 6; - m_key.New(4*(m_rounds+1)); - - word32 *rk = m_key; - -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE && (!defined(_MSC_VER) || _MSC_VER >= 1600 || CRYPTOPP_BOOL_X86) - // MSVC 2008 SP1 generates bad code for _mm_extract_epi32() when compiling for X64 - if (HasAESNI()) - { - static const word32 rcLE[] = { - 0x01, 0x02, 0x04, 0x08, - 0x10, 0x20, 0x40, 0x80, - 0x1B, 0x36, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ - }; - const word32 *rc = rcLE; - - __m128i temp = _mm_loadu_si128((__m128i *)(userKey+keylen-16)); - memcpy(rk, userKey, keylen); - - while (true) - { - rk[keylen/4] = rk[0] ^ _mm_extract_epi32(_mm_aeskeygenassist_si128(temp, 0), 3) ^ *(rc++); - rk[keylen/4+1] = rk[1] ^ rk[keylen/4]; - rk[keylen/4+2] = rk[2] ^ rk[keylen/4+1]; - rk[keylen/4+3] = rk[3] ^ rk[keylen/4+2]; - - if (rk + keylen/4 + 4 == m_key.end()) - break; - - if (keylen == 24) - { - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - temp = _mm_insert_epi32(temp, rk[11], 3); - } - else if (keylen == 32) - { - temp = _mm_insert_epi32(temp, rk[11], 3); - rk[12] = rk[ 4] ^ _mm_extract_epi32(_mm_aeskeygenassist_si128(temp, 0), 2); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - temp = _mm_insert_epi32(temp, rk[15], 3); - } - else - temp = _mm_insert_epi32(temp, rk[7], 3); - - rk += keylen/4; - } - - if (!IsForwardTransformation()) - { - rk = m_key; - unsigned int i, j; - - std::swap(*(__m128i *)(rk), *(__m128i *)(rk+4*m_rounds)); - - for (i = 4, j = 4*m_rounds-4; i < j; i += 4, j -= 4) - { - temp = _mm_aesimc_si128(*(__m128i *)(rk+i)); - *(__m128i *)(rk+i) = _mm_aesimc_si128(*(__m128i *)(rk+j)); - *(__m128i *)(rk+j) = temp; - } - - *(__m128i *)(rk+i) = _mm_aesimc_si128(*(__m128i *)(rk+i)); - } - - return; - } -#endif - - GetUserKey(BIG_ENDIAN_ORDER, rk, keylen/4, userKey, keylen); - const word32 *rc = rcon; - word32 temp; - - while (true) - { - temp = rk[keylen/4-1]; - word32 x = (word32(Se[GETBYTE(temp, 2)]) << 24) ^ (word32(Se[GETBYTE(temp, 1)]) << 16) ^ (word32(Se[GETBYTE(temp, 0)]) << 8) ^ Se[GETBYTE(temp, 3)]; - rk[keylen/4] = rk[0] ^ x ^ *(rc++); - rk[keylen/4+1] = rk[1] ^ rk[keylen/4]; - rk[keylen/4+2] = rk[2] ^ rk[keylen/4+1]; - rk[keylen/4+3] = rk[3] ^ rk[keylen/4+2]; - - if (rk + keylen/4 + 4 == m_key.end()) - break; - - if (keylen == 24) - { - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - } - else if (keylen == 32) - { - temp = rk[11]; - rk[12] = rk[ 4] ^ (word32(Se[GETBYTE(temp, 3)]) << 24) ^ (word32(Se[GETBYTE(temp, 2)]) << 16) ^ (word32(Se[GETBYTE(temp, 1)]) << 8) ^ Se[GETBYTE(temp, 0)]; - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - } - rk += keylen/4; - } - - rk = m_key; - - if (IsForwardTransformation()) - { - if (!s_TeFilled) - FillEncTable(); - - ConditionalByteReverse(BIG_ENDIAN_ORDER, rk, rk, 16); - ConditionalByteReverse(BIG_ENDIAN_ORDER, rk + m_rounds*4, rk + m_rounds*4, 16); - } - else - { - if (!s_TdFilled) - FillDecTable(); - - unsigned int i, j; - -#define InverseMixColumn(x) TL_M(Td, 0, Se[GETBYTE(x, 3)]) ^ TL_M(Td, 1, Se[GETBYTE(x, 2)]) ^ TL_M(Td, 2, Se[GETBYTE(x, 1)]) ^ TL_M(Td, 3, Se[GETBYTE(x, 0)]) - - for (i = 4, j = 4*m_rounds-4; i < j; i += 4, j -= 4) - { - temp = InverseMixColumn(rk[i ]); rk[i ] = InverseMixColumn(rk[j ]); rk[j ] = temp; - temp = InverseMixColumn(rk[i + 1]); rk[i + 1] = InverseMixColumn(rk[j + 1]); rk[j + 1] = temp; - temp = InverseMixColumn(rk[i + 2]); rk[i + 2] = InverseMixColumn(rk[j + 2]); rk[j + 2] = temp; - temp = InverseMixColumn(rk[i + 3]); rk[i + 3] = InverseMixColumn(rk[j + 3]); rk[j + 3] = temp; - } - - rk[i+0] = InverseMixColumn(rk[i+0]); - rk[i+1] = InverseMixColumn(rk[i+1]); - rk[i+2] = InverseMixColumn(rk[i+2]); - rk[i+3] = InverseMixColumn(rk[i+3]); - - temp = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[0]); rk[0] = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[4*m_rounds+0]); rk[4*m_rounds+0] = temp; - temp = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[1]); rk[1] = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[4*m_rounds+1]); rk[4*m_rounds+1] = temp; - temp = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[2]); rk[2] = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[4*m_rounds+2]); rk[4*m_rounds+2] = temp; - temp = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[3]); rk[3] = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[4*m_rounds+3]); rk[4*m_rounds+3] = temp; - } - -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - if (HasAESNI()) - ConditionalByteReverse(BIG_ENDIAN_ORDER, rk+4, rk+4, (m_rounds-1)*16); -#endif -} - -void Rijndael::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) || CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - if (HasSSE2()) -#else - if (HasAESNI()) -#endif - { - Rijndael::Enc::AdvancedProcessBlocks(inBlock, xorBlock, outBlock, 16, 0); - return; - } -#endif - - typedef BlockGetAndPut<word32, NativeByteOrder> Block; - - word32 s0, s1, s2, s3, t0, t1, t2, t3; - Block::Get(inBlock)(s0)(s1)(s2)(s3); - - const word32 *rk = m_key; - s0 ^= rk[0]; - s1 ^= rk[1]; - s2 ^= rk[2]; - s3 ^= rk[3]; - t0 = rk[4]; - t1 = rk[5]; - t2 = rk[6]; - t3 = rk[7]; - rk += 8; - - // timing attack countermeasure. see comments at top for more details - const int cacheLineSize = GetCacheLineSize(); - unsigned int i; - word32 u = 0; -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - for (i=0; i<2048; i+=cacheLineSize) -#else - for (i=0; i<1024; i+=cacheLineSize) -#endif - u &= *(const word32 *)(((const byte *)Te)+i); - u &= Te[255]; - s0 |= u; s1 |= u; s2 |= u; s3 |= u; - - QUARTER_ROUND_FE(s3, t0, t1, t2, t3) - QUARTER_ROUND_FE(s2, t3, t0, t1, t2) - QUARTER_ROUND_FE(s1, t2, t3, t0, t1) - QUARTER_ROUND_FE(s0, t1, t2, t3, t0) - - // Nr - 2 full rounds: - unsigned int r = m_rounds/2 - 1; - do - { - s0 = rk[0]; s1 = rk[1]; s2 = rk[2]; s3 = rk[3]; - - QUARTER_ROUND_E(t3, s0, s1, s2, s3) - QUARTER_ROUND_E(t2, s3, s0, s1, s2) - QUARTER_ROUND_E(t1, s2, s3, s0, s1) - QUARTER_ROUND_E(t0, s1, s2, s3, s0) - - t0 = rk[4]; t1 = rk[5]; t2 = rk[6]; t3 = rk[7]; - - QUARTER_ROUND_E(s3, t0, t1, t2, t3) - QUARTER_ROUND_E(s2, t3, t0, t1, t2) - QUARTER_ROUND_E(s1, t2, t3, t0, t1) - QUARTER_ROUND_E(s0, t1, t2, t3, t0) - - rk += 8; - } while (--r); - - word32 tbw[4]; - byte *const tempBlock = (byte *)tbw; - - QUARTER_ROUND_LE(t2, 15, 2, 5, 8) - QUARTER_ROUND_LE(t1, 11, 14, 1, 4) - QUARTER_ROUND_LE(t0, 7, 10, 13, 0) - QUARTER_ROUND_LE(t3, 3, 6, 9, 12) - - Block::Put(xorBlock, outBlock)(tbw[0]^rk[0])(tbw[1]^rk[1])(tbw[2]^rk[2])(tbw[3]^rk[3]); -} - -void Rijndael::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - if (HasAESNI()) - { - Rijndael::Dec::AdvancedProcessBlocks(inBlock, xorBlock, outBlock, 16, 0); - return; - } -#endif - - typedef BlockGetAndPut<word32, NativeByteOrder> Block; - - word32 s0, s1, s2, s3, t0, t1, t2, t3; - Block::Get(inBlock)(s0)(s1)(s2)(s3); - - const word32 *rk = m_key; - s0 ^= rk[0]; - s1 ^= rk[1]; - s2 ^= rk[2]; - s3 ^= rk[3]; - t0 = rk[4]; - t1 = rk[5]; - t2 = rk[6]; - t3 = rk[7]; - rk += 8; - - // timing attack countermeasure. see comments at top for more details - const int cacheLineSize = GetCacheLineSize(); - unsigned int i; - word32 u = 0; -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - for (i=0; i<2048; i+=cacheLineSize) -#else - for (i=0; i<1024; i+=cacheLineSize) -#endif - u &= *(const word32 *)(((const byte *)Td)+i); - u &= Td[255]; - s0 |= u; s1 |= u; s2 |= u; s3 |= u; - - QUARTER_ROUND_FD(s3, t2, t1, t0, t3) - QUARTER_ROUND_FD(s2, t1, t0, t3, t2) - QUARTER_ROUND_FD(s1, t0, t3, t2, t1) - QUARTER_ROUND_FD(s0, t3, t2, t1, t0) - - // Nr - 2 full rounds: - unsigned int r = m_rounds/2 - 1; - do - { - s0 = rk[0]; s1 = rk[1]; s2 = rk[2]; s3 = rk[3]; - - QUARTER_ROUND_D(t3, s2, s1, s0, s3) - QUARTER_ROUND_D(t2, s1, s0, s3, s2) - QUARTER_ROUND_D(t1, s0, s3, s2, s1) - QUARTER_ROUND_D(t0, s3, s2, s1, s0) - - t0 = rk[4]; t1 = rk[5]; t2 = rk[6]; t3 = rk[7]; - - QUARTER_ROUND_D(s3, t2, t1, t0, t3) - QUARTER_ROUND_D(s2, t1, t0, t3, t2) - QUARTER_ROUND_D(s1, t0, t3, t2, t1) - QUARTER_ROUND_D(s0, t3, t2, t1, t0) - - rk += 8; - } while (--r); - -#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - // timing attack countermeasure. see comments at top for more details - // If CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined, - // QUARTER_ROUND_LD will use Td, which is already preloaded. - u = 0; - for (i=0; i<256; i+=cacheLineSize) - u &= *(const word32 *)(Sd+i); - u &= *(const word32 *)(Sd+252); - t0 |= u; t1 |= u; t2 |= u; t3 |= u; -#endif - - word32 tbw[4]; - byte *const tempBlock = (byte *)tbw; - - QUARTER_ROUND_LD(t2, 7, 2, 13, 8) - QUARTER_ROUND_LD(t1, 3, 14, 9, 4) - QUARTER_ROUND_LD(t0, 15, 10, 5, 0) - QUARTER_ROUND_LD(t3, 11, 6, 1, 12) - - Block::Put(xorBlock, outBlock)(tbw[0]^rk[0])(tbw[1]^rk[1])(tbw[2]^rk[2])(tbw[3]^rk[3]); -} - -// ************************* Assembly Code ************************************ - -#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - -CRYPTOPP_NAKED void CRYPTOPP_FASTCALL Rijndael_Enc_AdvancedProcessBlocks(void *locals, const word32 *k) -{ -#if CRYPTOPP_BOOL_X86 - -#define L_REG esp -#define L_INDEX(i) (L_REG+768+i) -#define L_INXORBLOCKS L_INBLOCKS+4 -#define L_OUTXORBLOCKS L_INBLOCKS+8 -#define L_OUTBLOCKS L_INBLOCKS+12 -#define L_INCREMENTS L_INDEX(16*15) -#define L_SP L_INDEX(16*16) -#define L_LENGTH L_INDEX(16*16+4) -#define L_KEYS_BEGIN L_INDEX(16*16+8) - -#define MOVD movd -#define MM(i) mm##i - -#define MXOR(a,b,c) \ - AS2( movzx esi, b)\ - AS2( movd mm7, DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ - AS2( pxor MM(a), mm7)\ - -#define MMOV(a,b,c) \ - AS2( movzx esi, b)\ - AS2( movd MM(a), DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ - -#else - -#define L_REG r8 -#define L_INDEX(i) (L_REG+i) -#define L_INXORBLOCKS L_INBLOCKS+8 -#define L_OUTXORBLOCKS L_INBLOCKS+16 -#define L_OUTBLOCKS L_INBLOCKS+24 -#define L_INCREMENTS L_INDEX(16*16) -#define L_LENGTH L_INDEX(16*18+8) -#define L_KEYS_BEGIN L_INDEX(16*19) - -#define MOVD mov -#define MM_0 r9d -#define MM_1 r12d -#ifdef __GNUC__ -#define MM_2 r11d -#else -#define MM_2 r10d -#endif -#define MM(i) MM_##i - -#define MXOR(a,b,c) \ - AS2( movzx esi, b)\ - AS2( xor MM(a), DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ - -#define MMOV(a,b,c) \ - AS2( movzx esi, b)\ - AS2( mov MM(a), DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ - -#endif - -#define L_SUBKEYS L_INDEX(0) -#define L_SAVED_X L_SUBKEYS -#define L_KEY12 L_INDEX(16*12) -#define L_LASTROUND L_INDEX(16*13) -#define L_INBLOCKS L_INDEX(16*14) -#define MAP0TO4(i) (ASM_MOD(i+3,4)+1) - -#define XOR(a,b,c) \ - AS2( movzx esi, b)\ - AS2( xor a, DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ - -#define MOV(a,b,c) \ - AS2( movzx esi, b)\ - AS2( mov a, DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ - -#ifdef CRYPTOPP_GENERATE_X64_MASM - ALIGN 8 - Rijndael_Enc_AdvancedProcessBlocks PROC FRAME - rex_push_reg rsi - push_reg rdi - push_reg rbx - push_reg r12 - .endprolog - mov L_REG, rcx - mov AS_REG_7, ?Te@rdtable@CryptoPP@@3PA_KA - mov edi, DWORD PTR [?g_cacheLineSize@CryptoPP@@3IA] -#elif defined(__GNUC__) - __asm__ __volatile__ - ( - ".intel_syntax noprefix;" - #if CRYPTOPP_BOOL_X64 - AS2( mov L_REG, rcx) - #endif - AS_PUSH_IF86(bx) - AS_PUSH_IF86(bp) - AS2( mov AS_REG_7, WORD_REG(si)) -#else - AS_PUSH_IF86(si) - AS_PUSH_IF86(di) - AS_PUSH_IF86(bx) - AS_PUSH_IF86(bp) - AS2( lea AS_REG_7, [Te]) - AS2( mov edi, [g_cacheLineSize]) -#endif - -#if CRYPTOPP_BOOL_X86 - AS2( mov [ecx+16*12+16*4], esp) // save esp to L_SP - AS2( lea esp, [ecx-768]) -#endif - - // copy subkeys to stack - AS2( mov WORD_REG(si), [L_KEYS_BEGIN]) - AS2( mov WORD_REG(ax), 16) - AS2( and WORD_REG(ax), WORD_REG(si)) - AS2( movdqa xmm3, XMMWORD_PTR [WORD_REG(dx)+16+WORD_REG(ax)]) // subkey 1 (non-counter) or 2 (counter) - AS2( movdqa [L_KEY12], xmm3) - AS2( lea WORD_REG(ax), [WORD_REG(dx)+WORD_REG(ax)+2*16]) - AS2( sub WORD_REG(ax), WORD_REG(si)) - ASL(0) - AS2( movdqa xmm0, [WORD_REG(ax)+WORD_REG(si)]) - AS2( movdqa XMMWORD_PTR [L_SUBKEYS+WORD_REG(si)], xmm0) - AS2( add WORD_REG(si), 16) - AS2( cmp WORD_REG(si), 16*12) - ASJ( jl, 0, b) - - // read subkeys 0, 1 and last - AS2( movdqa xmm4, [WORD_REG(ax)+WORD_REG(si)]) // last subkey - AS2( movdqa xmm1, [WORD_REG(dx)]) // subkey 0 - AS2( MOVD MM(1), [WORD_REG(dx)+4*4]) // 0,1,2,3 - AS2( mov ebx, [WORD_REG(dx)+5*4]) // 4,5,6,7 - AS2( mov ecx, [WORD_REG(dx)+6*4]) // 8,9,10,11 - AS2( mov edx, [WORD_REG(dx)+7*4]) // 12,13,14,15 - - // load table into cache - AS2( xor WORD_REG(ax), WORD_REG(ax)) - ASL(9) - AS2( mov esi, [AS_REG_7+WORD_REG(ax)]) - AS2( add WORD_REG(ax), WORD_REG(di)) - AS2( mov esi, [AS_REG_7+WORD_REG(ax)]) - AS2( add WORD_REG(ax), WORD_REG(di)) - AS2( mov esi, [AS_REG_7+WORD_REG(ax)]) - AS2( add WORD_REG(ax), WORD_REG(di)) - AS2( mov esi, [AS_REG_7+WORD_REG(ax)]) - AS2( add WORD_REG(ax), WORD_REG(di)) - AS2( cmp WORD_REG(ax), 2048) - ASJ( jl, 9, b) - AS1( lfence) - - AS2( test DWORD PTR [L_LENGTH], 1) - ASJ( jz, 8, f) - - // counter mode one-time setup - AS2( mov WORD_REG(si), [L_INBLOCKS]) - AS2( movdqu xmm2, [WORD_REG(si)]) // counter - AS2( pxor xmm2, xmm1) - AS2( psrldq xmm1, 14) - AS2( movd eax, xmm1) - AS2( mov al, BYTE PTR [WORD_REG(si)+15]) - AS2( MOVD MM(2), eax) -#if CRYPTOPP_BOOL_X86 - AS2( mov eax, 1) - AS2( movd mm3, eax) -#endif - - // partial first round, in: xmm2(15,14,13,12;11,10,9,8;7,6,5,4;3,2,1,0), out: mm1, ebx, ecx, edx - AS2( movd eax, xmm2) - AS2( psrldq xmm2, 4) - AS2( movd edi, xmm2) - AS2( psrldq xmm2, 4) - MXOR( 1, al, 0) // 0 - XOR( edx, ah, 1) // 1 - AS2( shr eax, 16) - XOR( ecx, al, 2) // 2 - XOR( ebx, ah, 3) // 3 - AS2( mov eax, edi) - AS2( movd edi, xmm2) - AS2( psrldq xmm2, 4) - XOR( ebx, al, 0) // 4 - MXOR( 1, ah, 1) // 5 - AS2( shr eax, 16) - XOR( edx, al, 2) // 6 - XOR( ecx, ah, 3) // 7 - AS2( mov eax, edi) - AS2( movd edi, xmm2) - XOR( ecx, al, 0) // 8 - XOR( ebx, ah, 1) // 9 - AS2( shr eax, 16) - MXOR( 1, al, 2) // 10 - XOR( edx, ah, 3) // 11 - AS2( mov eax, edi) - XOR( edx, al, 0) // 12 - XOR( ecx, ah, 1) // 13 - AS2( shr eax, 16) - XOR( ebx, al, 2) // 14 - AS2( psrldq xmm2, 3) - - // partial second round, in: ebx(4,5,6,7), ecx(8,9,10,11), edx(12,13,14,15), out: eax, ebx, edi, mm0 - AS2( mov eax, [L_KEY12+0*4]) - AS2( mov edi, [L_KEY12+2*4]) - AS2( MOVD MM(0), [L_KEY12+3*4]) - MXOR( 0, cl, 3) /* 11 */ - XOR( edi, bl, 3) /* 7 */ - MXOR( 0, bh, 2) /* 6 */ - AS2( shr ebx, 16) /* 4,5 */ - XOR( eax, bl, 1) /* 5 */ - MOV( ebx, bh, 0) /* 4 */ - AS2( xor ebx, [L_KEY12+1*4]) - XOR( eax, ch, 2) /* 10 */ - AS2( shr ecx, 16) /* 8,9 */ - XOR( eax, dl, 3) /* 15 */ - XOR( ebx, dh, 2) /* 14 */ - AS2( shr edx, 16) /* 12,13 */ - XOR( edi, ch, 0) /* 8 */ - XOR( ebx, cl, 1) /* 9 */ - XOR( edi, dl, 1) /* 13 */ - MXOR( 0, dh, 0) /* 12 */ - - AS2( movd ecx, xmm2) - AS2( MOVD edx, MM(1)) - AS2( MOVD [L_SAVED_X+3*4], MM(0)) - AS2( mov [L_SAVED_X+0*4], eax) - AS2( mov [L_SAVED_X+1*4], ebx) - AS2( mov [L_SAVED_X+2*4], edi) - ASJ( jmp, 5, f) - - ASL(3) - // non-counter mode per-block setup - AS2( MOVD MM(1), [L_KEY12+0*4]) // 0,1,2,3 - AS2( mov ebx, [L_KEY12+1*4]) // 4,5,6,7 - AS2( mov ecx, [L_KEY12+2*4]) // 8,9,10,11 - AS2( mov edx, [L_KEY12+3*4]) // 12,13,14,15 - ASL(8) - AS2( mov WORD_REG(ax), [L_INBLOCKS]) - AS2( movdqu xmm2, [WORD_REG(ax)]) - AS2( mov WORD_REG(si), [L_INXORBLOCKS]) - AS2( movdqu xmm5, [WORD_REG(si)]) - AS2( pxor xmm2, xmm1) - AS2( pxor xmm2, xmm5) - - // first round, in: xmm2(15,14,13,12;11,10,9,8;7,6,5,4;3,2,1,0), out: eax, ebx, ecx, edx - AS2( movd eax, xmm2) - AS2( psrldq xmm2, 4) - AS2( movd edi, xmm2) - AS2( psrldq xmm2, 4) - MXOR( 1, al, 0) // 0 - XOR( edx, ah, 1) // 1 - AS2( shr eax, 16) - XOR( ecx, al, 2) // 2 - XOR( ebx, ah, 3) // 3 - AS2( mov eax, edi) - AS2( movd edi, xmm2) - AS2( psrldq xmm2, 4) - XOR( ebx, al, 0) // 4 - MXOR( 1, ah, 1) // 5 - AS2( shr eax, 16) - XOR( edx, al, 2) // 6 - XOR( ecx, ah, 3) // 7 - AS2( mov eax, edi) - AS2( movd edi, xmm2) - XOR( ecx, al, 0) // 8 - XOR( ebx, ah, 1) // 9 - AS2( shr eax, 16) - MXOR( 1, al, 2) // 10 - XOR( edx, ah, 3) // 11 - AS2( mov eax, edi) - XOR( edx, al, 0) // 12 - XOR( ecx, ah, 1) // 13 - AS2( shr eax, 16) - XOR( ebx, al, 2) // 14 - MXOR( 1, ah, 3) // 15 - AS2( MOVD eax, MM(1)) - - AS2( add L_REG, [L_KEYS_BEGIN]) - AS2( add L_REG, 4*16) - ASJ( jmp, 2, f) - - ASL(1) - // counter-mode per-block setup - AS2( MOVD ecx, MM(2)) - AS2( MOVD edx, MM(1)) - AS2( mov eax, [L_SAVED_X+0*4]) - AS2( mov ebx, [L_SAVED_X+1*4]) - AS2( xor cl, ch) - AS2( and WORD_REG(cx), 255) - ASL(5) -#if CRYPTOPP_BOOL_X86 - AS2( paddb MM(2), mm3) -#else - AS2( add MM(2), 1) -#endif - // remaining part of second round, in: edx(previous round),esi(keyed counter byte) eax,ebx,[L_SAVED_X+2*4],[L_SAVED_X+3*4], out: eax,ebx,ecx,edx - AS2( xor edx, DWORD PTR [AS_REG_7+WORD_REG(cx)*8+3]) - XOR( ebx, dl, 3) - MOV( ecx, dh, 2) - AS2( shr edx, 16) - AS2( xor ecx, [L_SAVED_X+2*4]) - XOR( eax, dh, 0) - MOV( edx, dl, 1) - AS2( xor edx, [L_SAVED_X+3*4]) - - AS2( add L_REG, [L_KEYS_BEGIN]) - AS2( add L_REG, 3*16) - ASJ( jmp, 4, f) - -// in: eax(0,1,2,3), ebx(4,5,6,7), ecx(8,9,10,11), edx(12,13,14,15) -// out: eax, ebx, edi, mm0 -#define ROUND() \ - MXOR( 0, cl, 3) /* 11 */\ - AS2( mov cl, al) /* 8,9,10,3 */\ - XOR( edi, ah, 2) /* 2 */\ - AS2( shr eax, 16) /* 0,1 */\ - XOR( edi, bl, 3) /* 7 */\ - MXOR( 0, bh, 2) /* 6 */\ - AS2( shr ebx, 16) /* 4,5 */\ - MXOR( 0, al, 1) /* 1 */\ - MOV( eax, ah, 0) /* 0 */\ - XOR( eax, bl, 1) /* 5 */\ - MOV( ebx, bh, 0) /* 4 */\ - XOR( eax, ch, 2) /* 10 */\ - XOR( ebx, cl, 3) /* 3 */\ - AS2( shr ecx, 16) /* 8,9 */\ - XOR( eax, dl, 3) /* 15 */\ - XOR( ebx, dh, 2) /* 14 */\ - AS2( shr edx, 16) /* 12,13 */\ - XOR( edi, ch, 0) /* 8 */\ - XOR( ebx, cl, 1) /* 9 */\ - XOR( edi, dl, 1) /* 13 */\ - MXOR( 0, dh, 0) /* 12 */\ - - ASL(2) // 2-round loop - AS2( MOVD MM(0), [L_SUBKEYS-4*16+3*4]) - AS2( mov edi, [L_SUBKEYS-4*16+2*4]) - ROUND() - AS2( mov ecx, edi) - AS2( xor eax, [L_SUBKEYS-4*16+0*4]) - AS2( xor ebx, [L_SUBKEYS-4*16+1*4]) - AS2( MOVD edx, MM(0)) - - ASL(4) - AS2( MOVD MM(0), [L_SUBKEYS-4*16+7*4]) - AS2( mov edi, [L_SUBKEYS-4*16+6*4]) - ROUND() - AS2( mov ecx, edi) - AS2( xor eax, [L_SUBKEYS-4*16+4*4]) - AS2( xor ebx, [L_SUBKEYS-4*16+5*4]) - AS2( MOVD edx, MM(0)) - - AS2( add L_REG, 32) - AS2( test L_REG, 255) - ASJ( jnz, 2, b) - AS2( sub L_REG, 16*16) - -#define LAST(a, b, c) \ - AS2( movzx esi, a )\ - AS2( movzx edi, BYTE PTR [AS_REG_7+WORD_REG(si)*8+1] )\ - AS2( movzx esi, b )\ - AS2( xor edi, DWORD PTR [AS_REG_7+WORD_REG(si)*8+0] )\ - AS2( mov WORD PTR [L_LASTROUND+c], di )\ - - // last round - LAST(ch, dl, 2) - LAST(dh, al, 6) - AS2( shr edx, 16) - LAST(ah, bl, 10) - AS2( shr eax, 16) - LAST(bh, cl, 14) - AS2( shr ebx, 16) - LAST(dh, al, 12) - AS2( shr ecx, 16) - LAST(ah, bl, 0) - LAST(bh, cl, 4) - LAST(ch, dl, 8) - - AS2( mov WORD_REG(ax), [L_OUTXORBLOCKS]) - AS2( mov WORD_REG(bx), [L_OUTBLOCKS]) - - AS2( mov WORD_REG(cx), [L_LENGTH]) - AS2( sub WORD_REG(cx), 16) - - AS2( movdqu xmm2, [WORD_REG(ax)]) - AS2( pxor xmm2, xmm4) - -#if CRYPTOPP_BOOL_X86 - AS2( movdqa xmm0, [L_INCREMENTS]) - AS2( paddd xmm0, [L_INBLOCKS]) - AS2( movdqa [L_INBLOCKS], xmm0) -#else - AS2( movdqa xmm0, [L_INCREMENTS+16]) - AS2( paddq xmm0, [L_INBLOCKS+16]) - AS2( movdqa [L_INBLOCKS+16], xmm0) -#endif - - AS2( pxor xmm2, [L_LASTROUND]) - AS2( movdqu [WORD_REG(bx)], xmm2) - - ASJ( jle, 7, f) - AS2( mov [L_LENGTH], WORD_REG(cx)) - AS2( test WORD_REG(cx), 1) - ASJ( jnz, 1, b) -#if CRYPTOPP_BOOL_X64 - AS2( movdqa xmm0, [L_INCREMENTS]) - AS2( paddq xmm0, [L_INBLOCKS]) - AS2( movdqa [L_INBLOCKS], xmm0) -#endif - ASJ( jmp, 3, b) - - ASL(7) - // erase keys on stack - AS2( xorps xmm0, xmm0) - AS2( lea WORD_REG(ax), [L_SUBKEYS+7*16]) - AS2( movaps [WORD_REG(ax)-7*16], xmm0) - AS2( movaps [WORD_REG(ax)-6*16], xmm0) - AS2( movaps [WORD_REG(ax)-5*16], xmm0) - AS2( movaps [WORD_REG(ax)-4*16], xmm0) - AS2( movaps [WORD_REG(ax)-3*16], xmm0) - AS2( movaps [WORD_REG(ax)-2*16], xmm0) - AS2( movaps [WORD_REG(ax)-1*16], xmm0) - AS2( movaps [WORD_REG(ax)+0*16], xmm0) - AS2( movaps [WORD_REG(ax)+1*16], xmm0) - AS2( movaps [WORD_REG(ax)+2*16], xmm0) - AS2( movaps [WORD_REG(ax)+3*16], xmm0) - AS2( movaps [WORD_REG(ax)+4*16], xmm0) - AS2( movaps [WORD_REG(ax)+5*16], xmm0) - AS2( movaps [WORD_REG(ax)+6*16], xmm0) -#if CRYPTOPP_BOOL_X86 - AS2( mov esp, [L_SP]) - AS1( emms) -#endif - AS_POP_IF86(bp) - AS_POP_IF86(bx) -#if defined(_MSC_VER) && CRYPTOPP_BOOL_X86 - AS_POP_IF86(di) - AS_POP_IF86(si) - AS1(ret) -#endif -#ifdef CRYPTOPP_GENERATE_X64_MASM - pop r12 - pop rbx - pop rdi - pop rsi - ret - Rijndael_Enc_AdvancedProcessBlocks ENDP -#endif -#ifdef __GNUC__ - ".att_syntax prefix;" - : - : "c" (locals), "d" (k), "S" (Te), "D" (g_cacheLineSize) - : "memory", "cc", "%eax" - #if CRYPTOPP_BOOL_X64 - , "%rbx", "%r8", "%r9", "%r10", "%r11", "%r12" - #endif - ); -#endif -} - -#endif - -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE -extern "C" { -void Rijndael_Enc_AdvancedProcessBlocks(void *locals, const word32 *k); -} -#endif - -#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 - -static inline bool AliasedWithTable(const byte *begin, const byte *end) -{ - size_t s0 = size_t(begin)%4096, s1 = size_t(end)%4096; - size_t t0 = size_t(Te)%4096, t1 = (size_t(Te)+sizeof(Te))%4096; - if (t1 > t0) - return (s0 >= t0 && s0 < t1) || (s1 > t0 && s1 <= t1); - else - return (s0 < t1 || s1 <= t1) || (s0 >= t0 || s1 > t0); -} - -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - -inline void AESNI_Enc_Block(__m128i &block, const __m128i *subkeys, unsigned int rounds) -{ - block = _mm_xor_si128(block, subkeys[0]); - for (unsigned int i=1; i<rounds-1; i+=2) - { - block = _mm_aesenc_si128(block, subkeys[i]); - block = _mm_aesenc_si128(block, subkeys[i+1]); - } - block = _mm_aesenc_si128(block, subkeys[rounds-1]); - block = _mm_aesenclast_si128(block, subkeys[rounds]); -} - -inline void AESNI_Enc_4_Blocks(__m128i &block0, __m128i &block1, __m128i &block2, __m128i &block3, const __m128i *subkeys, unsigned int rounds) -{ - __m128i rk = subkeys[0]; - block0 = _mm_xor_si128(block0, rk); - block1 = _mm_xor_si128(block1, rk); - block2 = _mm_xor_si128(block2, rk); - block3 = _mm_xor_si128(block3, rk); - for (unsigned int i=1; i<rounds; i++) - { - rk = subkeys[i]; - block0 = _mm_aesenc_si128(block0, rk); - block1 = _mm_aesenc_si128(block1, rk); - block2 = _mm_aesenc_si128(block2, rk); - block3 = _mm_aesenc_si128(block3, rk); - } - rk = subkeys[rounds]; - block0 = _mm_aesenclast_si128(block0, rk); - block1 = _mm_aesenclast_si128(block1, rk); - block2 = _mm_aesenclast_si128(block2, rk); - block3 = _mm_aesenclast_si128(block3, rk); -} - -inline void AESNI_Dec_Block(__m128i &block, const __m128i *subkeys, unsigned int rounds) -{ - block = _mm_xor_si128(block, subkeys[0]); - for (unsigned int i=1; i<rounds-1; i+=2) - { - block = _mm_aesdec_si128(block, subkeys[i]); - block = _mm_aesdec_si128(block, subkeys[i+1]); - } - block = _mm_aesdec_si128(block, subkeys[rounds-1]); - block = _mm_aesdeclast_si128(block, subkeys[rounds]); -} - -inline void AESNI_Dec_4_Blocks(__m128i &block0, __m128i &block1, __m128i &block2, __m128i &block3, const __m128i *subkeys, unsigned int rounds) -{ - __m128i rk = subkeys[0]; - block0 = _mm_xor_si128(block0, rk); - block1 = _mm_xor_si128(block1, rk); - block2 = _mm_xor_si128(block2, rk); - block3 = _mm_xor_si128(block3, rk); - for (unsigned int i=1; i<rounds; i++) - { - rk = subkeys[i]; - block0 = _mm_aesdec_si128(block0, rk); - block1 = _mm_aesdec_si128(block1, rk); - block2 = _mm_aesdec_si128(block2, rk); - block3 = _mm_aesdec_si128(block3, rk); - } - rk = subkeys[rounds]; - block0 = _mm_aesdeclast_si128(block0, rk); - block1 = _mm_aesdeclast_si128(block1, rk); - block2 = _mm_aesdeclast_si128(block2, rk); - block3 = _mm_aesdeclast_si128(block3, rk); -} - -static CRYPTOPP_ALIGN_DATA(16) const word32 s_one[] = {0, 0, 0, 1<<24}; - -template <typename F1, typename F4> -inline size_t AESNI_AdvancedProcessBlocks(F1 func1, F4 func4, const __m128i *subkeys, unsigned int rounds, const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - size_t blockSize = 16; - size_t inIncrement = (flags & (BlockTransformation::BT_InBlockIsCounter|BlockTransformation::BT_DontIncrementInOutPointers)) ? 0 : blockSize; - size_t xorIncrement = xorBlocks ? blockSize : 0; - size_t outIncrement = (flags & BlockTransformation::BT_DontIncrementInOutPointers) ? 0 : blockSize; - - if (flags & BlockTransformation::BT_ReverseDirection) - { - assert(length % blockSize == 0); - inBlocks += length - blockSize; - xorBlocks += length - blockSize; - outBlocks += length - blockSize; - inIncrement = 0-inIncrement; - xorIncrement = 0-xorIncrement; - outIncrement = 0-outIncrement; - } - - if (flags & BlockTransformation::BT_AllowParallel) - { - while (length >= 4*blockSize) - { - __m128i block0 = _mm_loadu_si128((const __m128i *)inBlocks), block1, block2, block3; - if (flags & BlockTransformation::BT_InBlockIsCounter) - { - const __m128i be1 = *(const __m128i *)s_one; - block1 = _mm_add_epi32(block0, be1); - block2 = _mm_add_epi32(block1, be1); - block3 = _mm_add_epi32(block2, be1); - _mm_storeu_si128((__m128i *)inBlocks, _mm_add_epi32(block3, be1)); - } - else - { - inBlocks += inIncrement; - block1 = _mm_loadu_si128((const __m128i *)inBlocks); - inBlocks += inIncrement; - block2 = _mm_loadu_si128((const __m128i *)inBlocks); - inBlocks += inIncrement; - block3 = _mm_loadu_si128((const __m128i *)inBlocks); - inBlocks += inIncrement; - } - - if (flags & BlockTransformation::BT_XorInput) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - block2 = _mm_xor_si128(block2, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - block3 = _mm_xor_si128(block3, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - } - - func4(block0, block1, block2, block3, subkeys, rounds); - - if (xorBlocks && !(flags & BlockTransformation::BT_XorInput)) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - block2 = _mm_xor_si128(block2, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - block3 = _mm_xor_si128(block3, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - } - - _mm_storeu_si128((__m128i *)outBlocks, block0); - outBlocks += outIncrement; - _mm_storeu_si128((__m128i *)outBlocks, block1); - outBlocks += outIncrement; - _mm_storeu_si128((__m128i *)outBlocks, block2); - outBlocks += outIncrement; - _mm_storeu_si128((__m128i *)outBlocks, block3); - outBlocks += outIncrement; - - length -= 4*blockSize; - } - } - - while (length >= blockSize) - { - __m128i block = _mm_loadu_si128((const __m128i *)inBlocks); - - if (flags & BlockTransformation::BT_XorInput) - block = _mm_xor_si128(block, _mm_loadu_si128((const __m128i *)xorBlocks)); - - if (flags & BlockTransformation::BT_InBlockIsCounter) - const_cast<byte *>(inBlocks)[15]++; - - func1(block, subkeys, rounds); - - if (xorBlocks && !(flags & BlockTransformation::BT_XorInput)) - block = _mm_xor_si128(block, _mm_loadu_si128((const __m128i *)xorBlocks)); - - _mm_storeu_si128((__m128i *)outBlocks, block); - - inBlocks += inIncrement; - outBlocks += outIncrement; - xorBlocks += xorIncrement; - length -= blockSize; - } - - return length; -} -#endif - -size_t Rijndael::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const -{ -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - if (HasAESNI()) - return AESNI_AdvancedProcessBlocks(AESNI_Enc_Block, AESNI_Enc_4_Blocks, (const __m128i *)m_key.begin(), m_rounds, inBlocks, xorBlocks, outBlocks, length, flags); -#endif - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - if (HasSSE2()) - { - if (length < BLOCKSIZE) - return length; - - struct Locals - { - word32 subkeys[4*12], workspace[8]; - const byte *inBlocks, *inXorBlocks, *outXorBlocks; - byte *outBlocks; - size_t inIncrement, inXorIncrement, outXorIncrement, outIncrement; - size_t regSpill, lengthAndCounterFlag, keysBegin; - }; - - size_t increment = BLOCKSIZE; - const byte* zeros = (byte *)(Te+256); - byte *space; - - do { - space = (byte *)alloca(255+sizeof(Locals)); - space += (256-(size_t)space%256)%256; - } - while (AliasedWithTable(space, space+sizeof(Locals))); - - if (flags & BT_ReverseDirection) - { - assert(length % BLOCKSIZE == 0); - inBlocks += length - BLOCKSIZE; - xorBlocks += length - BLOCKSIZE; - outBlocks += length - BLOCKSIZE; - increment = 0-increment; - } - - Locals &locals = *(Locals *)space; - - locals.inBlocks = inBlocks; - locals.inXorBlocks = (flags & BT_XorInput) && xorBlocks ? xorBlocks : zeros; - locals.outXorBlocks = (flags & BT_XorInput) || !xorBlocks ? zeros : xorBlocks; - locals.outBlocks = outBlocks; - - locals.inIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : increment; - locals.inXorIncrement = (flags & BT_XorInput) && xorBlocks ? increment : 0; - locals.outXorIncrement = (flags & BT_XorInput) || !xorBlocks ? 0 : increment; - locals.outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : increment; - - locals.lengthAndCounterFlag = length - (length%16) - bool(flags & BT_InBlockIsCounter); - int keysToCopy = m_rounds - (flags & BT_InBlockIsCounter ? 3 : 2); - locals.keysBegin = (12-keysToCopy)*16; - - Rijndael_Enc_AdvancedProcessBlocks(&locals, m_key); - return length % BLOCKSIZE; - } -#endif - - return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); -} - -#endif - -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - -size_t Rijndael::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const -{ - if (HasAESNI()) - return AESNI_AdvancedProcessBlocks(AESNI_Dec_Block, AESNI_Dec_4_Blocks, (const __m128i *)m_key.begin(), m_rounds, inBlocks, xorBlocks, outBlocks, length, flags); - - return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); -} - -#endif // #if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - -NAMESPACE_END - -#endif -#endif diff --git a/cryptopp562/rijndael.h b/cryptopp562/rijndael.h deleted file mode 100644 index 64c784b..0000000 --- a/cryptopp562/rijndael.h +++ /dev/null @@ -1,68 +0,0 @@ -#ifndef CRYPTOPP_RIJNDAEL_H -#define CRYPTOPP_RIJNDAEL_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Rijndael_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8> -{ - CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return CRYPTOPP_RIJNDAEL_NAME;} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#Rijndael">Rijndael</a> -class CRYPTOPP_DLL Rijndael : public Rijndael_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<Rijndael_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - static void FillEncTable(); - static void FillDecTable(); - - // VS2005 workaround: have to put these on seperate lines, or error C2487 is triggered in DLL build - static const byte Se[256]; - static const byte Sd[256]; - - static const word32 rcon[]; - - unsigned int m_rounds; - FixedSizeAlignedSecBlock<word32, 4*15> m_key; - }; - - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; -#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 - size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; -#endif - }; - - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; -#endif - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef Rijndael::Encryption RijndaelEncryption; -typedef Rijndael::Decryption RijndaelDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ripemd.cpp b/cryptopp562/ripemd.cpp deleted file mode 100644 index 3476aa8..0000000 --- a/cryptopp562/ripemd.cpp +++ /dev/null @@ -1,803 +0,0 @@ -// ripemd.cpp -// RIPEMD-160 written and placed in the public domain by Wei Dai -// RIPEMD-320, RIPEMD-128, RIPEMD-256 written by Kevin Springle -// and also placed in the public domain - -#include "pch.h" -#include "ripemd.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -#define F(x, y, z) (x ^ y ^ z) -#define G(x, y, z) (z ^ (x & (y^z))) -#define H(x, y, z) (z ^ (x | ~y)) -#define I(x, y, z) (y ^ (z & (x^y))) -#define J(x, y, z) (x ^ (y | ~z)) - -#define k0 0 -#define k1 0x5a827999UL -#define k2 0x6ed9eba1UL -#define k3 0x8f1bbcdcUL -#define k4 0xa953fd4eUL -#define k5 0x50a28be6UL -#define k6 0x5c4dd124UL -#define k7 0x6d703ef3UL -#define k8 0x7a6d76e9UL -#define k9 0 - -// ************************************************************* - -// for 160 and 320 -#define Subround(f, a, b, c, d, e, x, s, k) \ - a += f(b, c, d) + x + k;\ - a = rotlFixed((word32)a, s) + e;\ - c = rotlFixed((word32)c, 10U) - -void RIPEMD160::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xefcdab89L; - state[2] = 0x98badcfeL; - state[3] = 0x10325476L; - state[4] = 0xc3d2e1f0L; -} - -void RIPEMD160::Transform (word32 *digest, const word32 *X) -{ - unsigned long a1, b1, c1, d1, e1, a2, b2, c2, d2, e2; - a1 = a2 = digest[0]; - b1 = b2 = digest[1]; - c1 = c2 = digest[2]; - d1 = d2 = digest[3]; - e1 = e2 = digest[4]; - - Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0); - Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0); - Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0); - Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0); - Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0); - Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0); - Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0); - Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0); - - Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1); - Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1); - Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1); - Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1); - Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1); - Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1); - Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1); - - Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2); - Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2); - Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2); - Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2); - Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2); - Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2); - Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2); - - Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3); - Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3); - Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3); - Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3); - Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3); - Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3); - Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3); - Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3); - - Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4); - Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4); - Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4); - Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4); - Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4); - Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4); - Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4); - Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4); - Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4); - - Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5); - Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5); - Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5); - Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5); - Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5); - Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5); - Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5); - Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5); - - Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6); - Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6); - Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6); - Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6); - Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6); - Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6); - Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6); - - Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7); - Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7); - Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7); - Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7); - Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7); - Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7); - - Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8); - Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8); - Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8); - Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8); - Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8); - Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8); - Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8); - Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8); - Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8); - Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8); - - Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9); - Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9); - Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9); - Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9); - Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9); - Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9); - Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9); - - c1 = digest[1] + c1 + d2; - digest[1] = digest[2] + d1 + e2; - digest[2] = digest[3] + e1 + a2; - digest[3] = digest[4] + a1 + b2; - digest[4] = digest[0] + b1 + c2; - digest[0] = c1; -} - -// ************************************************************* - -void RIPEMD320::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xefcdab89L; - state[2] = 0x98badcfeL; - state[3] = 0x10325476L; - state[4] = 0xc3d2e1f0L; - state[5] = 0x76543210L; - state[6] = 0xfedcba98L; - state[7] = 0x89abcdefL; - state[8] = 0x01234567L; - state[9] = 0x3c2d1e0fL; -} - -void RIPEMD320::Transform (word32 *digest, const word32 *X) -{ - unsigned long a1, b1, c1, d1, e1, a2, b2, c2, d2, e2, t; - a1 = digest[0]; - b1 = digest[1]; - c1 = digest[2]; - d1 = digest[3]; - e1 = digest[4]; - a2 = digest[5]; - b2 = digest[6]; - c2 = digest[7]; - d2 = digest[8]; - e2 = digest[9]; - - Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0); - Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0); - Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0); - Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0); - Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0); - Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0); - Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0); - Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0); - - Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5); - Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5); - Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5); - Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5); - Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5); - Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5); - Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5); - Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5); - - t = a1; a1 = a2; a2 = t; - - Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1); - Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1); - Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1); - Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1); - Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1); - Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1); - Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1); - - Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6); - Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6); - Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6); - Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6); - Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6); - Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6); - Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6); - - t = b1; b1 = b2; b2 = t; - - Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2); - Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2); - Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2); - Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2); - Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2); - Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2); - Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2); - - Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7); - Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7); - Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7); - Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7); - Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7); - Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7); - - t = c1; c1 = c2; c2 = t; - - Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3); - Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3); - Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3); - Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3); - Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3); - Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3); - Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3); - Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3); - - Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8); - Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8); - Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8); - Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8); - Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8); - Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8); - Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8); - Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8); - Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8); - Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8); - - t = d1; d1 = d2; d2 = t; - - Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4); - Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4); - Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4); - Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4); - Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4); - Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4); - Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4); - Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4); - Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4); - - Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9); - Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9); - Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9); - Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9); - Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9); - Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9); - Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9); - - t = e1; e1 = e2; e2 = t; - - digest[0] += a1; - digest[1] += b1; - digest[2] += c1; - digest[3] += d1; - digest[4] += e1; - digest[5] += a2; - digest[6] += b2; - digest[7] += c2; - digest[8] += d2; - digest[9] += e2; -} - -#undef Subround - -// ************************************************************* - -// for 128 and 256 -#define Subround(f, a, b, c, d, x, s, k) \ - a += f(b, c, d) + x + k;\ - a = rotlFixed((word32)a, s); - -void RIPEMD128::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xefcdab89L; - state[2] = 0x98badcfeL; - state[3] = 0x10325476L; -} - -void RIPEMD128::Transform (word32 *digest, const word32 *X) -{ - unsigned long a1, b1, c1, d1, a2, b2, c2, d2; - a1 = a2 = digest[0]; - b1 = b2 = digest[1]; - c1 = c2 = digest[2]; - d1 = d2 = digest[3]; - - Subround(F, a1, b1, c1, d1, X[ 0], 11, k0); - Subround(F, d1, a1, b1, c1, X[ 1], 14, k0); - Subround(F, c1, d1, a1, b1, X[ 2], 15, k0); - Subround(F, b1, c1, d1, a1, X[ 3], 12, k0); - Subround(F, a1, b1, c1, d1, X[ 4], 5, k0); - Subround(F, d1, a1, b1, c1, X[ 5], 8, k0); - Subround(F, c1, d1, a1, b1, X[ 6], 7, k0); - Subround(F, b1, c1, d1, a1, X[ 7], 9, k0); - Subround(F, a1, b1, c1, d1, X[ 8], 11, k0); - Subround(F, d1, a1, b1, c1, X[ 9], 13, k0); - Subround(F, c1, d1, a1, b1, X[10], 14, k0); - Subround(F, b1, c1, d1, a1, X[11], 15, k0); - Subround(F, a1, b1, c1, d1, X[12], 6, k0); - Subround(F, d1, a1, b1, c1, X[13], 7, k0); - Subround(F, c1, d1, a1, b1, X[14], 9, k0); - Subround(F, b1, c1, d1, a1, X[15], 8, k0); - - Subround(G, a1, b1, c1, d1, X[ 7], 7, k1); - Subround(G, d1, a1, b1, c1, X[ 4], 6, k1); - Subround(G, c1, d1, a1, b1, X[13], 8, k1); - Subround(G, b1, c1, d1, a1, X[ 1], 13, k1); - Subround(G, a1, b1, c1, d1, X[10], 11, k1); - Subround(G, d1, a1, b1, c1, X[ 6], 9, k1); - Subround(G, c1, d1, a1, b1, X[15], 7, k1); - Subround(G, b1, c1, d1, a1, X[ 3], 15, k1); - Subround(G, a1, b1, c1, d1, X[12], 7, k1); - Subround(G, d1, a1, b1, c1, X[ 0], 12, k1); - Subround(G, c1, d1, a1, b1, X[ 9], 15, k1); - Subround(G, b1, c1, d1, a1, X[ 5], 9, k1); - Subround(G, a1, b1, c1, d1, X[ 2], 11, k1); - Subround(G, d1, a1, b1, c1, X[14], 7, k1); - Subround(G, c1, d1, a1, b1, X[11], 13, k1); - Subround(G, b1, c1, d1, a1, X[ 8], 12, k1); - - Subround(H, a1, b1, c1, d1, X[ 3], 11, k2); - Subround(H, d1, a1, b1, c1, X[10], 13, k2); - Subround(H, c1, d1, a1, b1, X[14], 6, k2); - Subround(H, b1, c1, d1, a1, X[ 4], 7, k2); - Subround(H, a1, b1, c1, d1, X[ 9], 14, k2); - Subround(H, d1, a1, b1, c1, X[15], 9, k2); - Subround(H, c1, d1, a1, b1, X[ 8], 13, k2); - Subround(H, b1, c1, d1, a1, X[ 1], 15, k2); - Subround(H, a1, b1, c1, d1, X[ 2], 14, k2); - Subround(H, d1, a1, b1, c1, X[ 7], 8, k2); - Subround(H, c1, d1, a1, b1, X[ 0], 13, k2); - Subround(H, b1, c1, d1, a1, X[ 6], 6, k2); - Subround(H, a1, b1, c1, d1, X[13], 5, k2); - Subround(H, d1, a1, b1, c1, X[11], 12, k2); - Subround(H, c1, d1, a1, b1, X[ 5], 7, k2); - Subround(H, b1, c1, d1, a1, X[12], 5, k2); - - Subround(I, a1, b1, c1, d1, X[ 1], 11, k3); - Subround(I, d1, a1, b1, c1, X[ 9], 12, k3); - Subround(I, c1, d1, a1, b1, X[11], 14, k3); - Subround(I, b1, c1, d1, a1, X[10], 15, k3); - Subround(I, a1, b1, c1, d1, X[ 0], 14, k3); - Subround(I, d1, a1, b1, c1, X[ 8], 15, k3); - Subround(I, c1, d1, a1, b1, X[12], 9, k3); - Subround(I, b1, c1, d1, a1, X[ 4], 8, k3); - Subround(I, a1, b1, c1, d1, X[13], 9, k3); - Subround(I, d1, a1, b1, c1, X[ 3], 14, k3); - Subround(I, c1, d1, a1, b1, X[ 7], 5, k3); - Subround(I, b1, c1, d1, a1, X[15], 6, k3); - Subround(I, a1, b1, c1, d1, X[14], 8, k3); - Subround(I, d1, a1, b1, c1, X[ 5], 6, k3); - Subround(I, c1, d1, a1, b1, X[ 6], 5, k3); - Subround(I, b1, c1, d1, a1, X[ 2], 12, k3); - - Subround(I, a2, b2, c2, d2, X[ 5], 8, k5); - Subround(I, d2, a2, b2, c2, X[14], 9, k5); - Subround(I, c2, d2, a2, b2, X[ 7], 9, k5); - Subround(I, b2, c2, d2, a2, X[ 0], 11, k5); - Subround(I, a2, b2, c2, d2, X[ 9], 13, k5); - Subround(I, d2, a2, b2, c2, X[ 2], 15, k5); - Subround(I, c2, d2, a2, b2, X[11], 15, k5); - Subround(I, b2, c2, d2, a2, X[ 4], 5, k5); - Subround(I, a2, b2, c2, d2, X[13], 7, k5); - Subround(I, d2, a2, b2, c2, X[ 6], 7, k5); - Subround(I, c2, d2, a2, b2, X[15], 8, k5); - Subround(I, b2, c2, d2, a2, X[ 8], 11, k5); - Subround(I, a2, b2, c2, d2, X[ 1], 14, k5); - Subround(I, d2, a2, b2, c2, X[10], 14, k5); - Subround(I, c2, d2, a2, b2, X[ 3], 12, k5); - Subround(I, b2, c2, d2, a2, X[12], 6, k5); - - Subround(H, a2, b2, c2, d2, X[ 6], 9, k6); - Subround(H, d2, a2, b2, c2, X[11], 13, k6); - Subround(H, c2, d2, a2, b2, X[ 3], 15, k6); - Subround(H, b2, c2, d2, a2, X[ 7], 7, k6); - Subround(H, a2, b2, c2, d2, X[ 0], 12, k6); - Subround(H, d2, a2, b2, c2, X[13], 8, k6); - Subround(H, c2, d2, a2, b2, X[ 5], 9, k6); - Subround(H, b2, c2, d2, a2, X[10], 11, k6); - Subround(H, a2, b2, c2, d2, X[14], 7, k6); - Subround(H, d2, a2, b2, c2, X[15], 7, k6); - Subround(H, c2, d2, a2, b2, X[ 8], 12, k6); - Subround(H, b2, c2, d2, a2, X[12], 7, k6); - Subround(H, a2, b2, c2, d2, X[ 4], 6, k6); - Subround(H, d2, a2, b2, c2, X[ 9], 15, k6); - Subround(H, c2, d2, a2, b2, X[ 1], 13, k6); - Subround(H, b2, c2, d2, a2, X[ 2], 11, k6); - - Subround(G, a2, b2, c2, d2, X[15], 9, k7); - Subround(G, d2, a2, b2, c2, X[ 5], 7, k7); - Subround(G, c2, d2, a2, b2, X[ 1], 15, k7); - Subround(G, b2, c2, d2, a2, X[ 3], 11, k7); - Subround(G, a2, b2, c2, d2, X[ 7], 8, k7); - Subround(G, d2, a2, b2, c2, X[14], 6, k7); - Subround(G, c2, d2, a2, b2, X[ 6], 6, k7); - Subround(G, b2, c2, d2, a2, X[ 9], 14, k7); - Subround(G, a2, b2, c2, d2, X[11], 12, k7); - Subround(G, d2, a2, b2, c2, X[ 8], 13, k7); - Subround(G, c2, d2, a2, b2, X[12], 5, k7); - Subround(G, b2, c2, d2, a2, X[ 2], 14, k7); - Subround(G, a2, b2, c2, d2, X[10], 13, k7); - Subround(G, d2, a2, b2, c2, X[ 0], 13, k7); - Subround(G, c2, d2, a2, b2, X[ 4], 7, k7); - Subround(G, b2, c2, d2, a2, X[13], 5, k7); - - Subround(F, a2, b2, c2, d2, X[ 8], 15, k9); - Subround(F, d2, a2, b2, c2, X[ 6], 5, k9); - Subround(F, c2, d2, a2, b2, X[ 4], 8, k9); - Subround(F, b2, c2, d2, a2, X[ 1], 11, k9); - Subround(F, a2, b2, c2, d2, X[ 3], 14, k9); - Subround(F, d2, a2, b2, c2, X[11], 14, k9); - Subround(F, c2, d2, a2, b2, X[15], 6, k9); - Subround(F, b2, c2, d2, a2, X[ 0], 14, k9); - Subround(F, a2, b2, c2, d2, X[ 5], 6, k9); - Subround(F, d2, a2, b2, c2, X[12], 9, k9); - Subround(F, c2, d2, a2, b2, X[ 2], 12, k9); - Subround(F, b2, c2, d2, a2, X[13], 9, k9); - Subround(F, a2, b2, c2, d2, X[ 9], 12, k9); - Subround(F, d2, a2, b2, c2, X[ 7], 5, k9); - Subround(F, c2, d2, a2, b2, X[10], 15, k9); - Subround(F, b2, c2, d2, a2, X[14], 8, k9); - - c1 = digest[1] + c1 + d2; - digest[1] = digest[2] + d1 + a2; - digest[2] = digest[3] + a1 + b2; - digest[3] = digest[0] + b1 + c2; - digest[0] = c1; -} - -// ************************************************************* - -void RIPEMD256::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xefcdab89L; - state[2] = 0x98badcfeL; - state[3] = 0x10325476L; - state[4] = 0x76543210L; - state[5] = 0xfedcba98L; - state[6] = 0x89abcdefL; - state[7] = 0x01234567L; -} - -void RIPEMD256::Transform (word32 *digest, const word32 *X) -{ - unsigned long a1, b1, c1, d1, a2, b2, c2, d2, t; - a1 = digest[0]; - b1 = digest[1]; - c1 = digest[2]; - d1 = digest[3]; - a2 = digest[4]; - b2 = digest[5]; - c2 = digest[6]; - d2 = digest[7]; - - Subround(F, a1, b1, c1, d1, X[ 0], 11, k0); - Subround(F, d1, a1, b1, c1, X[ 1], 14, k0); - Subround(F, c1, d1, a1, b1, X[ 2], 15, k0); - Subround(F, b1, c1, d1, a1, X[ 3], 12, k0); - Subround(F, a1, b1, c1, d1, X[ 4], 5, k0); - Subround(F, d1, a1, b1, c1, X[ 5], 8, k0); - Subround(F, c1, d1, a1, b1, X[ 6], 7, k0); - Subround(F, b1, c1, d1, a1, X[ 7], 9, k0); - Subround(F, a1, b1, c1, d1, X[ 8], 11, k0); - Subround(F, d1, a1, b1, c1, X[ 9], 13, k0); - Subround(F, c1, d1, a1, b1, X[10], 14, k0); - Subround(F, b1, c1, d1, a1, X[11], 15, k0); - Subround(F, a1, b1, c1, d1, X[12], 6, k0); - Subround(F, d1, a1, b1, c1, X[13], 7, k0); - Subround(F, c1, d1, a1, b1, X[14], 9, k0); - Subround(F, b1, c1, d1, a1, X[15], 8, k0); - - Subround(I, a2, b2, c2, d2, X[ 5], 8, k5); - Subround(I, d2, a2, b2, c2, X[14], 9, k5); - Subround(I, c2, d2, a2, b2, X[ 7], 9, k5); - Subround(I, b2, c2, d2, a2, X[ 0], 11, k5); - Subround(I, a2, b2, c2, d2, X[ 9], 13, k5); - Subround(I, d2, a2, b2, c2, X[ 2], 15, k5); - Subround(I, c2, d2, a2, b2, X[11], 15, k5); - Subround(I, b2, c2, d2, a2, X[ 4], 5, k5); - Subround(I, a2, b2, c2, d2, X[13], 7, k5); - Subround(I, d2, a2, b2, c2, X[ 6], 7, k5); - Subround(I, c2, d2, a2, b2, X[15], 8, k5); - Subround(I, b2, c2, d2, a2, X[ 8], 11, k5); - Subround(I, a2, b2, c2, d2, X[ 1], 14, k5); - Subround(I, d2, a2, b2, c2, X[10], 14, k5); - Subround(I, c2, d2, a2, b2, X[ 3], 12, k5); - Subround(I, b2, c2, d2, a2, X[12], 6, k5); - - t = a1; a1 = a2; a2 = t; - - Subround(G, a1, b1, c1, d1, X[ 7], 7, k1); - Subround(G, d1, a1, b1, c1, X[ 4], 6, k1); - Subround(G, c1, d1, a1, b1, X[13], 8, k1); - Subround(G, b1, c1, d1, a1, X[ 1], 13, k1); - Subround(G, a1, b1, c1, d1, X[10], 11, k1); - Subround(G, d1, a1, b1, c1, X[ 6], 9, k1); - Subround(G, c1, d1, a1, b1, X[15], 7, k1); - Subround(G, b1, c1, d1, a1, X[ 3], 15, k1); - Subround(G, a1, b1, c1, d1, X[12], 7, k1); - Subround(G, d1, a1, b1, c1, X[ 0], 12, k1); - Subround(G, c1, d1, a1, b1, X[ 9], 15, k1); - Subround(G, b1, c1, d1, a1, X[ 5], 9, k1); - Subround(G, a1, b1, c1, d1, X[ 2], 11, k1); - Subround(G, d1, a1, b1, c1, X[14], 7, k1); - Subround(G, c1, d1, a1, b1, X[11], 13, k1); - Subround(G, b1, c1, d1, a1, X[ 8], 12, k1); - - Subround(H, a2, b2, c2, d2, X[ 6], 9, k6); - Subround(H, d2, a2, b2, c2, X[11], 13, k6); - Subround(H, c2, d2, a2, b2, X[ 3], 15, k6); - Subround(H, b2, c2, d2, a2, X[ 7], 7, k6); - Subround(H, a2, b2, c2, d2, X[ 0], 12, k6); - Subround(H, d2, a2, b2, c2, X[13], 8, k6); - Subround(H, c2, d2, a2, b2, X[ 5], 9, k6); - Subround(H, b2, c2, d2, a2, X[10], 11, k6); - Subround(H, a2, b2, c2, d2, X[14], 7, k6); - Subround(H, d2, a2, b2, c2, X[15], 7, k6); - Subround(H, c2, d2, a2, b2, X[ 8], 12, k6); - Subround(H, b2, c2, d2, a2, X[12], 7, k6); - Subround(H, a2, b2, c2, d2, X[ 4], 6, k6); - Subround(H, d2, a2, b2, c2, X[ 9], 15, k6); - Subround(H, c2, d2, a2, b2, X[ 1], 13, k6); - Subround(H, b2, c2, d2, a2, X[ 2], 11, k6); - - t = b1; b1 = b2; b2 = t; - - Subround(H, a1, b1, c1, d1, X[ 3], 11, k2); - Subround(H, d1, a1, b1, c1, X[10], 13, k2); - Subround(H, c1, d1, a1, b1, X[14], 6, k2); - Subround(H, b1, c1, d1, a1, X[ 4], 7, k2); - Subround(H, a1, b1, c1, d1, X[ 9], 14, k2); - Subround(H, d1, a1, b1, c1, X[15], 9, k2); - Subround(H, c1, d1, a1, b1, X[ 8], 13, k2); - Subround(H, b1, c1, d1, a1, X[ 1], 15, k2); - Subround(H, a1, b1, c1, d1, X[ 2], 14, k2); - Subround(H, d1, a1, b1, c1, X[ 7], 8, k2); - Subround(H, c1, d1, a1, b1, X[ 0], 13, k2); - Subround(H, b1, c1, d1, a1, X[ 6], 6, k2); - Subround(H, a1, b1, c1, d1, X[13], 5, k2); - Subround(H, d1, a1, b1, c1, X[11], 12, k2); - Subround(H, c1, d1, a1, b1, X[ 5], 7, k2); - Subround(H, b1, c1, d1, a1, X[12], 5, k2); - - Subround(G, a2, b2, c2, d2, X[15], 9, k7); - Subround(G, d2, a2, b2, c2, X[ 5], 7, k7); - Subround(G, c2, d2, a2, b2, X[ 1], 15, k7); - Subround(G, b2, c2, d2, a2, X[ 3], 11, k7); - Subround(G, a2, b2, c2, d2, X[ 7], 8, k7); - Subround(G, d2, a2, b2, c2, X[14], 6, k7); - Subround(G, c2, d2, a2, b2, X[ 6], 6, k7); - Subround(G, b2, c2, d2, a2, X[ 9], 14, k7); - Subround(G, a2, b2, c2, d2, X[11], 12, k7); - Subround(G, d2, a2, b2, c2, X[ 8], 13, k7); - Subround(G, c2, d2, a2, b2, X[12], 5, k7); - Subround(G, b2, c2, d2, a2, X[ 2], 14, k7); - Subround(G, a2, b2, c2, d2, X[10], 13, k7); - Subround(G, d2, a2, b2, c2, X[ 0], 13, k7); - Subround(G, c2, d2, a2, b2, X[ 4], 7, k7); - Subround(G, b2, c2, d2, a2, X[13], 5, k7); - - t = c1; c1 = c2; c2 = t; - - Subround(I, a1, b1, c1, d1, X[ 1], 11, k3); - Subround(I, d1, a1, b1, c1, X[ 9], 12, k3); - Subround(I, c1, d1, a1, b1, X[11], 14, k3); - Subround(I, b1, c1, d1, a1, X[10], 15, k3); - Subround(I, a1, b1, c1, d1, X[ 0], 14, k3); - Subround(I, d1, a1, b1, c1, X[ 8], 15, k3); - Subround(I, c1, d1, a1, b1, X[12], 9, k3); - Subround(I, b1, c1, d1, a1, X[ 4], 8, k3); - Subround(I, a1, b1, c1, d1, X[13], 9, k3); - Subround(I, d1, a1, b1, c1, X[ 3], 14, k3); - Subround(I, c1, d1, a1, b1, X[ 7], 5, k3); - Subround(I, b1, c1, d1, a1, X[15], 6, k3); - Subround(I, a1, b1, c1, d1, X[14], 8, k3); - Subround(I, d1, a1, b1, c1, X[ 5], 6, k3); - Subround(I, c1, d1, a1, b1, X[ 6], 5, k3); - Subround(I, b1, c1, d1, a1, X[ 2], 12, k3); - - Subround(F, a2, b2, c2, d2, X[ 8], 15, k9); - Subround(F, d2, a2, b2, c2, X[ 6], 5, k9); - Subround(F, c2, d2, a2, b2, X[ 4], 8, k9); - Subround(F, b2, c2, d2, a2, X[ 1], 11, k9); - Subround(F, a2, b2, c2, d2, X[ 3], 14, k9); - Subround(F, d2, a2, b2, c2, X[11], 14, k9); - Subround(F, c2, d2, a2, b2, X[15], 6, k9); - Subround(F, b2, c2, d2, a2, X[ 0], 14, k9); - Subround(F, a2, b2, c2, d2, X[ 5], 6, k9); - Subround(F, d2, a2, b2, c2, X[12], 9, k9); - Subround(F, c2, d2, a2, b2, X[ 2], 12, k9); - Subround(F, b2, c2, d2, a2, X[13], 9, k9); - Subround(F, a2, b2, c2, d2, X[ 9], 12, k9); - Subround(F, d2, a2, b2, c2, X[ 7], 5, k9); - Subround(F, c2, d2, a2, b2, X[10], 15, k9); - Subround(F, b2, c2, d2, a2, X[14], 8, k9); - - t = d1; d1 = d2; d2 = t; - - digest[0] += a1; - digest[1] += b1; - digest[2] += c1; - digest[3] += d1; - digest[4] += a2; - digest[5] += b2; - digest[6] += c2; - digest[7] += d2; -} - -NAMESPACE_END diff --git a/cryptopp562/ripemd.h b/cryptopp562/ripemd.h deleted file mode 100644 index 56871a9..0000000 --- a/cryptopp562/ripemd.h +++ /dev/null @@ -1,49 +0,0 @@ -#ifndef CRYPTOPP_RIPEMD_H -#define CRYPTOPP_RIPEMD_H - -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! <a href="http://www.weidai.com/scan-mirror/md.html#RIPEMD-160">RIPEMD-160</a> -/*! Digest Length = 160 bits */ -class RIPEMD160 : public IteratedHashWithStaticTransform<word32, LittleEndian, 64, 20, RIPEMD160> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word32 *digest, const word32 *data); - static const char * StaticAlgorithmName() {return "RIPEMD-160";} -}; - -/*! Digest Length = 320 bits, Security is similar to RIPEMD-160 */ -class RIPEMD320 : public IteratedHashWithStaticTransform<word32, LittleEndian, 64, 40, RIPEMD320> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word32 *digest, const word32 *data); - static const char * StaticAlgorithmName() {return "RIPEMD-320";} -}; - -/*! \warning RIPEMD-128 is considered insecure, and should not be used - unless you absolutely need it for compatibility. */ -class RIPEMD128 : public IteratedHashWithStaticTransform<word32, LittleEndian, 64, 16, RIPEMD128> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word32 *digest, const word32 *data); - static const char * StaticAlgorithmName() {return "RIPEMD-128";} -}; - -/*! \warning RIPEMD-256 is considered insecure, and should not be used - unless you absolutely need it for compatibility. */ -class RIPEMD256 : public IteratedHashWithStaticTransform<word32, LittleEndian, 64, 32, RIPEMD256> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word32 *digest, const word32 *data); - static const char * StaticAlgorithmName() {return "RIPEMD-256";} -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rng.cpp b/cryptopp562/rng.cpp deleted file mode 100644 index 9866cd8..0000000 --- a/cryptopp562/rng.cpp +++ /dev/null @@ -1,155 +0,0 @@ -// rng.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#include "rng.h" -#include "fips140.h" - -#include <time.h> -#include <math.h> - -NAMESPACE_BEGIN(CryptoPP) - -// linear congruential generator -// originally by William S. England - -// do not use for cryptographic purposes - -/* -** Original_numbers are the original published m and q in the -** ACM article above. John Burton has furnished numbers for -** a reportedly better generator. The new numbers are now -** used in this program by default. -*/ - -#ifndef LCRNG_ORIGINAL_NUMBERS -const word32 LC_RNG::m=2147483647L; -const word32 LC_RNG::q=44488L; - -const word16 LC_RNG::a=(unsigned int)48271L; -const word16 LC_RNG::r=3399; -#else -const word32 LC_RNG::m=2147483647L; -const word32 LC_RNG::q=127773L; - -const word16 LC_RNG::a=16807; -const word16 LC_RNG::r=2836; -#endif - -void LC_RNG::GenerateBlock(byte *output, size_t size) -{ - while (size--) - { - word32 hi = seed/q; - word32 lo = seed%q; - - long test = a*lo - r*hi; - - if (test > 0) - seed = test; - else - seed = test+ m; - - *output++ = (GETBYTE(seed, 0) ^ GETBYTE(seed, 1) ^ GETBYTE(seed, 2) ^ GETBYTE(seed, 3)); - } -} - -// ******************************************************** - -#ifndef CRYPTOPP_IMPORTS - -X917RNG::X917RNG(BlockTransformation *c, const byte *seed, const byte *deterministicTimeVector) - : cipher(c), - S(cipher->BlockSize()), - dtbuf(S), - randseed(seed, S), - m_lastBlock(S), - m_deterministicTimeVector(deterministicTimeVector, deterministicTimeVector ? S : 0) -{ - if (!deterministicTimeVector) - { - time_t tstamp1 = time(0); - xorbuf(dtbuf, (byte *)&tstamp1, UnsignedMin(sizeof(tstamp1), S)); - cipher->ProcessBlock(dtbuf); - clock_t tstamp2 = clock(); - xorbuf(dtbuf, (byte *)&tstamp2, UnsignedMin(sizeof(tstamp2), S)); - cipher->ProcessBlock(dtbuf); - } - - // for FIPS 140-2 - GenerateBlock(m_lastBlock, S); -} - -void X917RNG::GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size) -{ - while (size > 0) - { - // calculate new enciphered timestamp - if (m_deterministicTimeVector.size()) - { - cipher->ProcessBlock(m_deterministicTimeVector, dtbuf); - IncrementCounterByOne(m_deterministicTimeVector, S); - } - else - { - clock_t c = clock(); - xorbuf(dtbuf, (byte *)&c, UnsignedMin(sizeof(c), S)); - time_t t = time(NULL); - xorbuf(dtbuf+S-UnsignedMin(sizeof(t), S), (byte *)&t, UnsignedMin(sizeof(t), S)); - cipher->ProcessBlock(dtbuf); - } - - // combine enciphered timestamp with seed - xorbuf(randseed, dtbuf, S); - - // generate a new block of random bytes - cipher->ProcessBlock(randseed); - if (memcmp(m_lastBlock, randseed, S) == 0) - throw SelfTestFailure("X917RNG: Continuous random number generator test failed."); - - // output random bytes - size_t len = UnsignedMin(S, size); - target.ChannelPut(channel, randseed, len); - size -= len; - - // compute new seed vector - memcpy(m_lastBlock, randseed, S); - xorbuf(randseed, dtbuf, S); - cipher->ProcessBlock(randseed); - } -} - -#endif - -MaurerRandomnessTest::MaurerRandomnessTest() - : sum(0.0), n(0) -{ - for (unsigned i=0; i<V; i++) - tab[i] = 0; -} - -size_t MaurerRandomnessTest::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - while (length--) - { - byte inByte = *inString++; - if (n >= Q) - sum += log(double(n - tab[inByte])); - tab[inByte] = n; - n++; - } - return 0; -} - -double MaurerRandomnessTest::GetTestValue() const -{ - if (BytesNeeded() > 0) - throw Exception(Exception::OTHER_ERROR, "MaurerRandomnessTest: " + IntToString(BytesNeeded()) + " more bytes of input needed"); - - double fTu = (sum/(n-Q))/log(2.0); // this is the test value defined by Maurer - - double value = fTu * 0.1392; // arbitrarily normalize it to - return value > 1.0 ? 1.0 : value; // a number between 0 and 1 -} - -NAMESPACE_END diff --git a/cryptopp562/rng.h b/cryptopp562/rng.h deleted file mode 100644 index 2439dee..0000000 --- a/cryptopp562/rng.h +++ /dev/null @@ -1,77 +0,0 @@ -// rng.h - misc RNG related classes, see also osrng.h, randpool.h - -#ifndef CRYPTOPP_RNG_H -#define CRYPTOPP_RNG_H - -#include "cryptlib.h" -#include "filters.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! linear congruential generator -/*! originally by William S. England, do not use for cryptographic purposes */ -class LC_RNG : public RandomNumberGenerator -{ -public: - LC_RNG(word32 init_seed) - : seed(init_seed) {} - - void GenerateBlock(byte *output, size_t size); - - word32 GetSeed() {return seed;} - -private: - word32 seed; - - static const word32 m; - static const word32 q; - static const word16 a; - static const word16 r; -}; - -//! RNG derived from ANSI X9.17 Appendix C - -class CRYPTOPP_DLL X917RNG : public RandomNumberGenerator, public NotCopyable -{ -public: - // cipher will be deleted by destructor, deterministicTimeVector = 0 means obtain time vector from system - X917RNG(BlockTransformation *cipher, const byte *seed, const byte *deterministicTimeVector = 0); - - void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size); - -private: - member_ptr<BlockTransformation> cipher; - unsigned int S; // blocksize of cipher - SecByteBlock dtbuf; // buffer for enciphered timestamp - SecByteBlock randseed, m_lastBlock, m_deterministicTimeVector; -}; - -/** This class implements Maurer's Universal Statistical Test for Random Bit Generators - it is intended for measuring the randomness of *PHYSICAL* RNGs. - For more details see his paper in Journal of Cryptology, 1992. */ - -class MaurerRandomnessTest : public Bufferless<Sink> -{ -public: - MaurerRandomnessTest(); - - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - - // BytesNeeded() returns how many more bytes of input is needed by the test - // GetTestValue() should not be called before BytesNeeded()==0 - unsigned int BytesNeeded() const {return n >= (Q+K) ? 0 : Q+K-n;} - - // returns a number between 0.0 and 1.0, describing the quality of the - // random numbers entered - double GetTestValue() const; - -private: - enum {L=8, V=256, Q=2000, K=2000}; - double sum; - unsigned int n; - unsigned int tab[V]; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rsa.cpp b/cryptopp562/rsa.cpp deleted file mode 100644 index 59449c4..0000000 --- a/cryptopp562/rsa.cpp +++ /dev/null @@ -1,304 +0,0 @@ -// rsa.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "rsa.h" -#include "asn.h" -#include "oids.h" -#include "modarith.h" -#include "nbtheory.h" -#include "sha.h" -#include "algparam.h" -#include "fips140.h" - -#if !defined(NDEBUG) && !defined(CRYPTOPP_IS_DLL) -#include "pssr.h" -NAMESPACE_BEGIN(CryptoPP) -void RSA_TestInstantiations() -{ - RSASS<PKCS1v15, SHA>::Verifier x1(1, 1); - RSASS<PKCS1v15, SHA>::Signer x2(NullRNG(), 1); - RSASS<PKCS1v15, SHA>::Verifier x3(x2); - RSASS<PKCS1v15, SHA>::Verifier x4(x2.GetKey()); - RSASS<PSS, SHA>::Verifier x5(x3); -#ifndef __MWERKS__ - RSASS<PSSR, SHA>::Signer x6 = x2; - x3 = x2; - x6 = x2; -#endif - RSAES<PKCS1v15>::Encryptor x7(x2); -#ifndef __GNUC__ - RSAES<PKCS1v15>::Encryptor x8(x3); -#endif - RSAES<OAEP<SHA> >::Encryptor x9(x2); - - x4 = x2.GetKey(); -} -NAMESPACE_END -#endif - -#ifndef CRYPTOPP_IMPORTS - -NAMESPACE_BEGIN(CryptoPP) - -OID RSAFunction::GetAlgorithmID() const -{ - return ASN1::rsaEncryption(); -} - -void RSAFunction::BERDecodePublicKey(BufferedTransformation &bt, bool, size_t) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - m_e.BERDecode(seq); - seq.MessageEnd(); -} - -void RSAFunction::DEREncodePublicKey(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - m_e.DEREncode(seq); - seq.MessageEnd(); -} - -Integer RSAFunction::ApplyFunction(const Integer &x) const -{ - DoQuickSanityCheck(); - return a_exp_b_mod_c(x, m_e, m_n); -} - -bool RSAFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_n > Integer::One() && m_n.IsOdd(); - pass = pass && m_e > Integer::One() && m_e.IsOdd() && m_e < m_n; - return pass; -} - -bool RSAFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent) - ; -} - -void RSAFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent) - ; -} - -// ***************************************************************************** - -class RSAPrimeSelector : public PrimeSelector -{ -public: - RSAPrimeSelector(const Integer &e) : m_e(e) {} - bool IsAcceptable(const Integer &candidate) const {return RelativelyPrime(m_e, candidate-Integer::One());} - Integer m_e; -}; - -void InvertibleRSAFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - int modulusSize = 2048; - alg.GetIntValue(Name::ModulusSize(), modulusSize) || alg.GetIntValue(Name::KeySize(), modulusSize); - - if (modulusSize < 16) - throw InvalidArgument("InvertibleRSAFunction: specified modulus size is too small"); - - m_e = alg.GetValueWithDefault(Name::PublicExponent(), Integer(17)); - - if (m_e < 3 || m_e.IsEven()) - throw InvalidArgument("InvertibleRSAFunction: invalid public exponent"); - - RSAPrimeSelector selector(m_e); - AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize) - (Name::PointerToPrimeSelector(), selector.GetSelectorPointer()); - m_p.GenerateRandom(rng, primeParam); - m_q.GenerateRandom(rng, primeParam); - - m_d = m_e.InverseMod(LCM(m_p-1, m_q-1)); - assert(m_d.IsPositive()); - - m_dp = m_d % (m_p-1); - m_dq = m_d % (m_q-1); - m_n = m_p * m_q; - m_u = m_q.InverseMod(m_p); - - if (FIPS_140_2_ComplianceEnabled()) - { - RSASS<PKCS1v15, SHA>::Signer signer(*this); - RSASS<PKCS1v15, SHA>::Verifier verifier(signer); - SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier); - - RSAES<OAEP<SHA> >::Decryptor decryptor(*this); - RSAES<OAEP<SHA> >::Encryptor encryptor(decryptor); - EncryptionPairwiseConsistencyTest_FIPS_140_Only(encryptor, decryptor); - } -} - -void InvertibleRSAFunction::Initialize(RandomNumberGenerator &rng, unsigned int keybits, const Integer &e) -{ - GenerateRandom(rng, MakeParameters(Name::ModulusSize(), (int)keybits)(Name::PublicExponent(), e+e.IsEven())); -} - -void InvertibleRSAFunction::Initialize(const Integer &n, const Integer &e, const Integer &d) -{ - if (n.IsEven() || e.IsEven() | d.IsEven()) - throw InvalidArgument("InvertibleRSAFunction: input is not a valid RSA private key"); - - m_n = n; - m_e = e; - m_d = d; - - Integer r = --(d*e); - unsigned int s = 0; - while (r.IsEven()) - { - r >>= 1; - s++; - } - - ModularArithmetic modn(n); - for (Integer i = 2; ; ++i) - { - Integer a = modn.Exponentiate(i, r); - if (a == 1) - continue; - Integer b; - unsigned int j = 0; - while (a != n-1) - { - b = modn.Square(a); - if (b == 1) - { - m_p = GCD(a-1, n); - m_q = n/m_p; - m_dp = m_d % (m_p-1); - m_dq = m_d % (m_q-1); - m_u = m_q.InverseMod(m_p); - return; - } - if (++j == s) - throw InvalidArgument("InvertibleRSAFunction: input is not a valid RSA private key"); - a = b; - } - } -} - -void InvertibleRSAFunction::BERDecodePrivateKey(BufferedTransformation &bt, bool, size_t) -{ - BERSequenceDecoder privateKey(bt); - word32 version; - BERDecodeUnsigned<word32>(privateKey, version, INTEGER, 0, 0); // check version - m_n.BERDecode(privateKey); - m_e.BERDecode(privateKey); - m_d.BERDecode(privateKey); - m_p.BERDecode(privateKey); - m_q.BERDecode(privateKey); - m_dp.BERDecode(privateKey); - m_dq.BERDecode(privateKey); - m_u.BERDecode(privateKey); - privateKey.MessageEnd(); -} - -void InvertibleRSAFunction::DEREncodePrivateKey(BufferedTransformation &bt) const -{ - DERSequenceEncoder privateKey(bt); - DEREncodeUnsigned<word32>(privateKey, 0); // version - m_n.DEREncode(privateKey); - m_e.DEREncode(privateKey); - m_d.DEREncode(privateKey); - m_p.DEREncode(privateKey); - m_q.DEREncode(privateKey); - m_dp.DEREncode(privateKey); - m_dq.DEREncode(privateKey); - m_u.DEREncode(privateKey); - privateKey.MessageEnd(); -} - -Integer InvertibleRSAFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const -{ - DoQuickSanityCheck(); - ModularArithmetic modn(m_n); - Integer r, rInv; - do { // do this in a loop for people using small numbers for testing - r.Randomize(rng, Integer::One(), m_n - Integer::One()); - rInv = modn.MultiplicativeInverse(r); - } while (rInv.IsZero()); - Integer re = modn.Exponentiate(r, m_e); - re = modn.Multiply(re, x); // blind - // here we follow the notation of PKCS #1 and let u=q inverse mod p - // but in ModRoot, u=p inverse mod q, so we reverse the order of p and q - Integer y = ModularRoot(re, m_dq, m_dp, m_q, m_p, m_u); - y = modn.Multiply(y, rInv); // unblind - if (modn.Exponentiate(y, m_e) != x) // check - throw Exception(Exception::OTHER_ERROR, "InvertibleRSAFunction: computational error during private key operation"); - return y; -} - -bool InvertibleRSAFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = RSAFunction::Validate(rng, level); - pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n; - pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n; - pass = pass && m_d > Integer::One() && m_d.IsOdd() && m_d < m_n; - pass = pass && m_dp > Integer::One() && m_dp.IsOdd() && m_dp < m_p; - pass = pass && m_dq > Integer::One() && m_dq.IsOdd() && m_dq < m_q; - pass = pass && m_u.IsPositive() && m_u < m_p; - if (level >= 1) - { - pass = pass && m_p * m_q == m_n; - pass = pass && m_e*m_d % LCM(m_p-1, m_q-1) == 1; - pass = pass && m_dp == m_d%(m_p-1) && m_dq == m_d%(m_q-1); - pass = pass && m_u * m_q % m_p == 1; - } - if (level >= 2) - pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); - return pass; -} - -bool InvertibleRSAFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper<RSAFunction>(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_GET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent) - CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime1PrivateExponent) - CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime2PrivateExponent) - CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -void InvertibleRSAFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper<RSAFunction>(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent) - CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime1PrivateExponent) - CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime2PrivateExponent) - CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -// ***************************************************************************** - -Integer RSAFunction_ISO::ApplyFunction(const Integer &x) const -{ - Integer t = RSAFunction::ApplyFunction(x); - return t % 16 == 12 ? t : m_n - t; -} - -Integer InvertibleRSAFunction_ISO::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const -{ - Integer t = InvertibleRSAFunction::CalculateInverse(rng, x); - return STDMIN(t, m_n-t); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rsa.h b/cryptopp562/rsa.h deleted file mode 100644 index 6a8b185..0000000 --- a/cryptopp562/rsa.h +++ /dev/null @@ -1,174 +0,0 @@ -#ifndef CRYPTOPP_RSA_H -#define CRYPTOPP_RSA_H - -/** \file - This file contains classes that implement the RSA - ciphers and signature schemes as defined in PKCS #1 v2.0. -*/ - -#include "pubkey.h" -#include "asn.h" -#include "pkcspad.h" -#include "oaep.h" -#include "emsa2.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_DLL RSAFunction : public TrapdoorFunction, public X509PublicKey -{ - typedef RSAFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &e) - {m_n = n; m_e = e;} - - // X509PublicKey - OID GetAlgorithmID() const; - void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size); - void DEREncodePublicKey(BufferedTransformation &bt) const; - - // CryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - // TrapdoorFunction - Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return m_n;} - Integer ImageBound() const {return m_n;} - - // non-derived - const Integer & GetModulus() const {return m_n;} - const Integer & GetPublicExponent() const {return m_e;} - - void SetModulus(const Integer &n) {m_n = n;} - void SetPublicExponent(const Integer &e) {m_e = e;} - -protected: - Integer m_n, m_e; -}; - -//! _ -class CRYPTOPP_DLL InvertibleRSAFunction : public RSAFunction, public TrapdoorFunctionInverse, public PKCS8PrivateKey -{ - typedef InvertibleRSAFunction ThisClass; - -public: - void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits, const Integer &e = 17); - void Initialize(const Integer &n, const Integer &e, const Integer &d, const Integer &p, const Integer &q, const Integer &dp, const Integer &dq, const Integer &u) - {m_n = n; m_e = e; m_d = d; m_p = p; m_q = q; m_dp = dp; m_dq = dq; m_u = u;} - //! factor n given private exponent - void Initialize(const Integer &n, const Integer &e, const Integer &d); - - // PKCS8PrivateKey - void BERDecode(BufferedTransformation &bt) - {PKCS8PrivateKey::BERDecode(bt);} - void DEREncode(BufferedTransformation &bt) const - {PKCS8PrivateKey::DEREncode(bt);} - void Load(BufferedTransformation &bt) - {PKCS8PrivateKey::BERDecode(bt);} - void Save(BufferedTransformation &bt) const - {PKCS8PrivateKey::DEREncode(bt);} - OID GetAlgorithmID() const {return RSAFunction::GetAlgorithmID();} - void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size); - void DEREncodePrivateKey(BufferedTransformation &bt) const; - - // TrapdoorFunctionInverse - Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; - - // GeneratableCryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - /*! parameters: (ModulusSize, PublicExponent (default 17)) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - // non-derived interface - const Integer& GetPrime1() const {return m_p;} - const Integer& GetPrime2() const {return m_q;} - const Integer& GetPrivateExponent() const {return m_d;} - const Integer& GetModPrime1PrivateExponent() const {return m_dp;} - const Integer& GetModPrime2PrivateExponent() const {return m_dq;} - const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} - - void SetPrime1(const Integer &p) {m_p = p;} - void SetPrime2(const Integer &q) {m_q = q;} - void SetPrivateExponent(const Integer &d) {m_d = d;} - void SetModPrime1PrivateExponent(const Integer &dp) {m_dp = dp;} - void SetModPrime2PrivateExponent(const Integer &dq) {m_dq = dq;} - void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} - -protected: - Integer m_d, m_p, m_q, m_dp, m_dq, m_u; -}; - -class CRYPTOPP_DLL RSAFunction_ISO : public RSAFunction -{ -public: - Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return ++(m_n>>1);} -}; - -class CRYPTOPP_DLL InvertibleRSAFunction_ISO : public InvertibleRSAFunction -{ -public: - Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; - Integer PreimageBound() const {return ++(m_n>>1);} -}; - -//! RSA -struct CRYPTOPP_DLL RSA -{ - static const char * CRYPTOPP_API StaticAlgorithmName() {return "RSA";} - typedef RSAFunction PublicKey; - typedef InvertibleRSAFunction PrivateKey; -}; - -//! <a href="http://www.weidai.com/scan-mirror/ca.html#RSA">RSA cryptosystem</a> -template <class STANDARD> -struct RSAES : public TF_ES<STANDARD, RSA> -{ -}; - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#RSA">RSA signature scheme with appendix</a> -/*! See documentation of PKCS1v15 for a list of hash functions that can be used with it. */ -template <class STANDARD, class H> -struct RSASS : public TF_SS<STANDARD, H, RSA> -{ -}; - -struct CRYPTOPP_DLL RSA_ISO -{ - static const char * CRYPTOPP_API StaticAlgorithmName() {return "RSA-ISO";} - typedef RSAFunction_ISO PublicKey; - typedef InvertibleRSAFunction_ISO PrivateKey; -}; - -template <class H> -struct RSASS_ISO : public TF_SS<P1363_EMSA2, H, RSA_ISO> -{ -}; - -// The two RSA encryption schemes defined in PKCS #1 v2.0 -typedef RSAES<PKCS1v15>::Decryptor RSAES_PKCS1v15_Decryptor; -typedef RSAES<PKCS1v15>::Encryptor RSAES_PKCS1v15_Encryptor; - -typedef RSAES<OAEP<SHA> >::Decryptor RSAES_OAEP_SHA_Decryptor; -typedef RSAES<OAEP<SHA> >::Encryptor RSAES_OAEP_SHA_Encryptor; - -// The three RSA signature schemes defined in PKCS #1 v2.0 -typedef RSASS<PKCS1v15, SHA>::Signer RSASSA_PKCS1v15_SHA_Signer; -typedef RSASS<PKCS1v15, SHA>::Verifier RSASSA_PKCS1v15_SHA_Verifier; - -namespace Weak { -typedef RSASS<PKCS1v15, Weak1::MD2>::Signer RSASSA_PKCS1v15_MD2_Signer; -typedef RSASS<PKCS1v15, Weak1::MD2>::Verifier RSASSA_PKCS1v15_MD2_Verifier; - -typedef RSASS<PKCS1v15, Weak1::MD5>::Signer RSASSA_PKCS1v15_MD5_Signer; -typedef RSASS<PKCS1v15, Weak1::MD5>::Verifier RSASSA_PKCS1v15_MD5_Verifier; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rw.cpp b/cryptopp562/rw.cpp deleted file mode 100644 index cdd9f2d..0000000 --- a/cryptopp562/rw.cpp +++ /dev/null @@ -1,196 +0,0 @@ -// rw.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "rw.h" -#include "nbtheory.h" -#include "asn.h" - -#ifndef CRYPTOPP_IMPORTS - -NAMESPACE_BEGIN(CryptoPP) - -void RWFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - seq.MessageEnd(); -} - -void RWFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - seq.MessageEnd(); -} - -Integer RWFunction::ApplyFunction(const Integer &in) const -{ - DoQuickSanityCheck(); - - Integer out = in.Squared()%m_n; - const word r = 12; - // this code was written to handle both r = 6 and r = 12, - // but now only r = 12 is used in P1363 - const word r2 = r/2; - const word r3a = (16 + 5 - r) % 16; // n%16 could be 5 or 13 - const word r3b = (16 + 13 - r) % 16; - const word r4 = (8 + 5 - r/2) % 8; // n%8 == 5 - switch (out % 16) - { - case r: - break; - case r2: - case r2+8: - out <<= 1; - break; - case r3a: - case r3b: - out.Negate(); - out += m_n; - break; - case r4: - case r4+8: - out.Negate(); - out += m_n; - out <<= 1; - break; - default: - out = Integer::Zero(); - } - return out; -} - -bool RWFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_n > Integer::One() && m_n%8 == 5; - return pass; -} - -bool RWFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) - ; -} - -void RWFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) - ; -} - -// ***************************************************************************** -// private key operations: - -// generate a random private key -void InvertibleRWFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - int modulusSize = 2048; - alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize); - - if (modulusSize < 16) - throw InvalidArgument("InvertibleRWFunction: specified modulus length is too small"); - - AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize); - m_p.GenerateRandom(rng, CombinedNameValuePairs(primeParam, MakeParameters("EquivalentTo", 3)("Mod", 8))); - m_q.GenerateRandom(rng, CombinedNameValuePairs(primeParam, MakeParameters("EquivalentTo", 7)("Mod", 8))); - - m_n = m_p * m_q; - m_u = m_q.InverseMod(m_p); -} - -void InvertibleRWFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - m_p.BERDecode(seq); - m_q.BERDecode(seq); - m_u.BERDecode(seq); - seq.MessageEnd(); -} - -void InvertibleRWFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - m_p.DEREncode(seq); - m_q.DEREncode(seq); - m_u.DEREncode(seq); - seq.MessageEnd(); -} - -Integer InvertibleRWFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const -{ - DoQuickSanityCheck(); - ModularArithmetic modn(m_n); - Integer r, rInv; - do { // do this in a loop for people using small numbers for testing - r.Randomize(rng, Integer::One(), m_n - Integer::One()); - rInv = modn.MultiplicativeInverse(r); - } while (rInv.IsZero()); - Integer re = modn.Square(r); - re = modn.Multiply(re, x); // blind - - Integer cp=re%m_p, cq=re%m_q; - if (Jacobi(cp, m_p) * Jacobi(cq, m_q) != 1) - { - cp = cp.IsOdd() ? (cp+m_p) >> 1 : cp >> 1; - cq = cq.IsOdd() ? (cq+m_q) >> 1 : cq >> 1; - } - - #pragma omp parallel - #pragma omp sections - { - #pragma omp section - cp = ModularSquareRoot(cp, m_p); - #pragma omp section - cq = ModularSquareRoot(cq, m_q); - } - - Integer y = CRT(cq, m_q, cp, m_p, m_u); - y = modn.Multiply(y, rInv); // unblind - y = STDMIN(y, m_n-y); - if (ApplyFunction(y) != x) // check - throw Exception(Exception::OTHER_ERROR, "InvertibleRWFunction: computational error during private key operation"); - return y; -} - -bool InvertibleRWFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = RWFunction::Validate(rng, level); - pass = pass && m_p > Integer::One() && m_p%8 == 3 && m_p < m_n; - pass = pass && m_q > Integer::One() && m_q%8 == 7 && m_q < m_n; - pass = pass && m_u.IsPositive() && m_u < m_p; - if (level >= 1) - { - pass = pass && m_p * m_q == m_n; - pass = pass && m_u * m_q % m_p == 1; - } - if (level >= 2) - pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); - return pass; -} - -bool InvertibleRWFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper<RWFunction>(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_GET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -void InvertibleRWFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper<RWFunction>(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rw.h b/cryptopp562/rw.h deleted file mode 100644 index 6820251..0000000 --- a/cryptopp562/rw.h +++ /dev/null @@ -1,102 +0,0 @@ -#ifndef CRYPTOPP_RW_H -#define CRYPTOPP_RW_H - -/** \file - This file contains classes that implement the - Rabin-Williams signature schemes as defined in IEEE P1363. -*/ - -#include "pubkey.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_DLL RWFunction : public TrapdoorFunction, public PublicKey -{ - typedef RWFunction ThisClass; - -public: - void Initialize(const Integer &n) - {m_n = n;} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - void Save(BufferedTransformation &bt) const - {DEREncode(bt);} - void Load(BufferedTransformation &bt) - {BERDecode(bt);} - - Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return ++(m_n>>1);} - Integer ImageBound() const {return m_n;} - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - const Integer& GetModulus() const {return m_n;} - void SetModulus(const Integer &n) {m_n = n;} - -protected: - Integer m_n; -}; - -//! _ -class CRYPTOPP_DLL InvertibleRWFunction : public RWFunction, public TrapdoorFunctionInverse, public PrivateKey -{ - typedef InvertibleRWFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &p, const Integer &q, const Integer &u) - {m_n = n; m_p = p; m_q = q; m_u = u;} - // generate a random private key - void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits) - {GenerateRandomWithKeySize(rng, modulusBits);} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - void Save(BufferedTransformation &bt) const - {DEREncode(bt);} - void Load(BufferedTransformation &bt) - {BERDecode(bt);} - - Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; - - // GeneratibleCryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - /*! parameters: (ModulusSize) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - - const Integer& GetPrime1() const {return m_p;} - const Integer& GetPrime2() const {return m_q;} - const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} - - void SetPrime1(const Integer &p) {m_p = p;} - void SetPrime2(const Integer &q) {m_q = q;} - void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} - -protected: - Integer m_p, m_q, m_u; -}; - -//! RW -struct RW -{ - static std::string StaticAlgorithmName() {return "RW";} - typedef RWFunction PublicKey; - typedef InvertibleRWFunction PrivateKey; -}; - -//! RWSS -template <class STANDARD, class H> -struct RWSS : public TF_SS<STANDARD, H, RW> -{ -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/safer.cpp b/cryptopp562/safer.cpp deleted file mode 100644 index d46ca64..0000000 --- a/cryptopp562/safer.cpp +++ /dev/null @@ -1,153 +0,0 @@ -// safer.cpp - modified by by Wei Dai from Richard De Moliner's safer.c - -#include "pch.h" -#include "safer.h" -#include "misc.h" -#include "argnames.h" - -NAMESPACE_BEGIN(CryptoPP) - -const byte SAFER::Base::exp_tab[256] = - {1, 45, 226, 147, 190, 69, 21, 174, 120, 3, 135, 164, 184, 56, 207, 63, - 8, 103, 9, 148, 235, 38, 168, 107, 189, 24, 52, 27, 187, 191, 114, 247, - 64, 53, 72, 156, 81, 47, 59, 85, 227, 192, 159, 216, 211, 243, 141, 177, - 255, 167, 62, 220, 134, 119, 215, 166, 17, 251, 244, 186, 146, 145, 100, 131, - 241, 51, 239, 218, 44, 181, 178, 43, 136, 209, 153, 203, 140, 132, 29, 20, - 129, 151, 113, 202, 95, 163, 139, 87, 60, 130, 196, 82, 92, 28, 232, 160, - 4, 180, 133, 74, 246, 19, 84, 182, 223, 12, 26, 142, 222, 224, 57, 252, - 32, 155, 36, 78, 169, 152, 158, 171, 242, 96, 208, 108, 234, 250, 199, 217, - 0, 212, 31, 110, 67, 188, 236, 83, 137, 254, 122, 93, 73, 201, 50, 194, - 249, 154, 248, 109, 22, 219, 89, 150, 68, 233, 205, 230, 70, 66, 143, 10, - 193, 204, 185, 101, 176, 210, 198, 172, 30, 65, 98, 41, 46, 14, 116, 80, - 2, 90, 195, 37, 123, 138, 42, 91, 240, 6, 13, 71, 111, 112, 157, 126, - 16, 206, 18, 39, 213, 76, 79, 214, 121, 48, 104, 54, 117, 125, 228, 237, - 128, 106, 144, 55, 162, 94, 118, 170, 197, 127, 61, 175, 165, 229, 25, 97, - 253, 77, 124, 183, 11, 238, 173, 75, 34, 245, 231, 115, 35, 33, 200, 5, - 225, 102, 221, 179, 88, 105, 99, 86, 15, 161, 49, 149, 23, 7, 58, 40}; - -const byte SAFER::Base::log_tab[256] = - {128, 0, 176, 9, 96, 239, 185, 253, 16, 18, 159, 228, 105, 186, 173, 248, - 192, 56, 194, 101, 79, 6, 148, 252, 25, 222, 106, 27, 93, 78, 168, 130, - 112, 237, 232, 236, 114, 179, 21, 195, 255, 171, 182, 71, 68, 1, 172, 37, - 201, 250, 142, 65, 26, 33, 203, 211, 13, 110, 254, 38, 88, 218, 50, 15, - 32, 169, 157, 132, 152, 5, 156, 187, 34, 140, 99, 231, 197, 225, 115, 198, - 175, 36, 91, 135, 102, 39, 247, 87, 244, 150, 177, 183, 92, 139, 213, 84, - 121, 223, 170, 246, 62, 163, 241, 17, 202, 245, 209, 23, 123, 147, 131, 188, - 189, 82, 30, 235, 174, 204, 214, 53, 8, 200, 138, 180, 226, 205, 191, 217, - 208, 80, 89, 63, 77, 98, 52, 10, 72, 136, 181, 86, 76, 46, 107, 158, - 210, 61, 60, 3, 19, 251, 151, 81, 117, 74, 145, 113, 35, 190, 118, 42, - 95, 249, 212, 85, 11, 220, 55, 49, 22, 116, 215, 119, 167, 230, 7, 219, - 164, 47, 70, 243, 97, 69, 103, 227, 12, 162, 59, 28, 133, 24, 4, 29, - 41, 160, 143, 178, 90, 216, 166, 126, 238, 141, 83, 75, 161, 154, 193, 14, - 122, 73, 165, 44, 129, 196, 199, 54, 43, 127, 67, 149, 51, 242, 108, 104, - 109, 240, 2, 40, 206, 221, 155, 234, 94, 153, 124, 20, 134, 207, 229, 66, - 184, 64, 120, 45, 58, 233, 100, 31, 146, 144, 125, 57, 111, 224, 137, 48}; - -#define EXP(x) exp_tab[(x)] -#define LOG(x) log_tab[(x)] -#define PHT(x, y) { y += x; x += y; } -#define IPHT(x, y) { x -= y; y -= x; } - -static const unsigned int BLOCKSIZE = 8; -static const unsigned int MAX_ROUNDS = 13; - -void SAFER::Base::UncheckedSetKey(const byte *userkey_1, unsigned int length, const NameValuePairs ¶ms) -{ - bool strengthened = Strengthened(); - unsigned int nof_rounds = params.GetIntValueWithDefault(Name::Rounds(), length == 8 ? (strengthened ? 8 : 6) : 10); - - const byte *userkey_2 = length == 8 ? userkey_1 : userkey_1 + 8; - keySchedule.New(1 + BLOCKSIZE * (1 + 2 * nof_rounds)); - - unsigned int i, j; - byte *key = keySchedule; - SecByteBlock ka(BLOCKSIZE + 1), kb(BLOCKSIZE + 1); - - if (MAX_ROUNDS < nof_rounds) - nof_rounds = MAX_ROUNDS; - *key++ = (unsigned char)nof_rounds; - ka[BLOCKSIZE] = 0; - kb[BLOCKSIZE] = 0; - for (j = 0; j < BLOCKSIZE; j++) - { - ka[BLOCKSIZE] ^= ka[j] = rotlFixed(userkey_1[j], 5U); - kb[BLOCKSIZE] ^= kb[j] = *key++ = userkey_2[j]; - } - - for (i = 1; i <= nof_rounds; i++) - { - for (j = 0; j < BLOCKSIZE + 1; j++) - { - ka[j] = rotlFixed(ka[j], 6U); - kb[j] = rotlFixed(kb[j], 6U); - } - for (j = 0; j < BLOCKSIZE; j++) - if (strengthened) - *key++ = (ka[(j + 2 * i - 1) % (BLOCKSIZE + 1)] - + exp_tab[exp_tab[18 * i + j + 1]]) & 0xFF; - else - *key++ = (ka[j] + exp_tab[exp_tab[18 * i + j + 1]]) & 0xFF; - for (j = 0; j < BLOCKSIZE; j++) - if (strengthened) - *key++ = (kb[(j + 2 * i) % (BLOCKSIZE + 1)] - + exp_tab[exp_tab[18 * i + j + 10]]) & 0xFF; - else - *key++ = (kb[j] + exp_tab[exp_tab[18 * i + j + 10]]) & 0xFF; - } -} - -typedef BlockGetAndPut<byte, BigEndian> Block; - -void SAFER::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - byte a, b, c, d, e, f, g, h, t; - const byte *key = keySchedule+1; - unsigned int round = keySchedule[0]; - - Block::Get(inBlock)(a)(b)(c)(d)(e)(f)(g)(h); - while(round--) - { - a ^= key[0]; b += key[1]; c += key[2]; d ^= key[3]; - e ^= key[4]; f += key[5]; g += key[6]; h ^= key[7]; - a = EXP(a) + key[ 8]; b = LOG(b) ^ key[ 9]; - c = LOG(c) ^ key[10]; d = EXP(d) + key[11]; - e = EXP(e) + key[12]; f = LOG(f) ^ key[13]; - g = LOG(g) ^ key[14]; h = EXP(h) + key[15]; - key += 16; - PHT(a, b); PHT(c, d); PHT(e, f); PHT(g, h); - PHT(a, c); PHT(e, g); PHT(b, d); PHT(f, h); - PHT(a, e); PHT(b, f); PHT(c, g); PHT(d, h); - t = b; b = e; e = c; c = t; t = d; d = f; f = g; g = t; - } - a ^= key[0]; b += key[1]; c += key[2]; d ^= key[3]; - e ^= key[4]; f += key[5]; g += key[6]; h ^= key[7]; - Block::Put(xorBlock, outBlock)(a)(b)(c)(d)(e)(f)(g)(h); -} - -void SAFER::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - byte a, b, c, d, e, f, g, h, t; - unsigned int round = keySchedule[0]; - const byte *key = keySchedule + BLOCKSIZE * (1 + 2 * round) - 7; - - Block::Get(inBlock)(a)(b)(c)(d)(e)(f)(g)(h); - h ^= key[7]; g -= key[6]; f -= key[5]; e ^= key[4]; - d ^= key[3]; c -= key[2]; b -= key[1]; a ^= key[0]; - while (round--) - { - key -= 16; - t = e; e = b; b = c; c = t; t = f; f = d; d = g; g = t; - IPHT(a, e); IPHT(b, f); IPHT(c, g); IPHT(d, h); - IPHT(a, c); IPHT(e, g); IPHT(b, d); IPHT(f, h); - IPHT(a, b); IPHT(c, d); IPHT(e, f); IPHT(g, h); - h -= key[15]; g ^= key[14]; f ^= key[13]; e -= key[12]; - d -= key[11]; c ^= key[10]; b ^= key[9]; a -= key[8]; - h = LOG(h) ^ key[7]; g = EXP(g) - key[6]; - f = EXP(f) - key[5]; e = LOG(e) ^ key[4]; - d = LOG(d) ^ key[3]; c = EXP(c) - key[2]; - b = EXP(b) - key[1]; a = LOG(a) ^ key[0]; - } - Block::Put(xorBlock, outBlock)(a)(b)(c)(d)(e)(f)(g)(h); -} - -NAMESPACE_END diff --git a/cryptopp562/safer.h b/cryptopp562/safer.h deleted file mode 100644 index f9a3c9e..0000000 --- a/cryptopp562/safer.h +++ /dev/null @@ -1,86 +0,0 @@ -#ifndef CRYPTOPP_SAFER_H -#define CRYPTOPP_SAFER_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// base class, do not use directly -class SAFER -{ -public: - class CRYPTOPP_NO_VTABLE Base : public BlockCipher - { - public: - unsigned int OptimalDataAlignment() const {return 1;} - void UncheckedSetKey(const byte *userkey, unsigned int length, const NameValuePairs ¶ms); - - protected: - virtual bool Strengthened() const =0; - - SecByteBlock keySchedule; - static const byte exp_tab[256]; - static const byte log_tab[256]; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; -}; - -template <class BASE, class INFO, bool STR> -class CRYPTOPP_NO_VTABLE SAFER_Impl : public BlockCipherImpl<INFO, BASE> -{ -protected: - bool Strengthened() const {return STR;} -}; - -//! _ -struct SAFER_K_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 8, 16, 8>, public VariableRounds<10, 1, 13> -{ - static const char *StaticAlgorithmName() {return "SAFER-K";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#SAFER-K">SAFER-K</a> -class SAFER_K : public SAFER_K_Info, public SAFER, public BlockCipherDocumentation -{ -public: - typedef BlockCipherFinal<ENCRYPTION, SAFER_Impl<Enc, SAFER_K_Info, false> > Encryption; - typedef BlockCipherFinal<DECRYPTION, SAFER_Impl<Dec, SAFER_K_Info, false> > Decryption; -}; - -//! _ -struct SAFER_SK_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 8, 16, 8>, public VariableRounds<10, 1, 13> -{ - static const char *StaticAlgorithmName() {return "SAFER-SK";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#SAFER-SK">SAFER-SK</a> -class SAFER_SK : public SAFER_SK_Info, public SAFER, public BlockCipherDocumentation -{ -public: - typedef BlockCipherFinal<ENCRYPTION, SAFER_Impl<Enc, SAFER_SK_Info, true> > Encryption; - typedef BlockCipherFinal<DECRYPTION, SAFER_Impl<Dec, SAFER_SK_Info, true> > Decryption; -}; - -typedef SAFER_K::Encryption SAFER_K_Encryption; -typedef SAFER_K::Decryption SAFER_K_Decryption; - -typedef SAFER_SK::Encryption SAFER_SK_Encryption; -typedef SAFER_SK::Decryption SAFER_SK_Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/salsa.cpp b/cryptopp562/salsa.cpp deleted file mode 100644 index bdc5d75..0000000 --- a/cryptopp562/salsa.cpp +++ /dev/null @@ -1,599 +0,0 @@ -// salsa.cpp - written and placed in the public domain by Wei Dai - -// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM salsa.cpp" to generate MASM code - -#include "pch.h" - -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#include "salsa.h" -#include "misc.h" -#include "argnames.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Salsa20_TestInstantiations() -{ - Salsa20::Encryption x; -} - -void Salsa20_Policy::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) -{ - m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20); - - if (!(m_rounds == 8 || m_rounds == 12 || m_rounds == 20)) - throw InvalidRounds(Salsa20::StaticAlgorithmName(), m_rounds); - - // m_state is reordered for SSE2 - GetBlock<word32, LittleEndian> get1(key); - get1(m_state[13])(m_state[10])(m_state[7])(m_state[4]); - GetBlock<word32, LittleEndian> get2(key + length - 16); - get2(m_state[15])(m_state[12])(m_state[9])(m_state[6]); - - // "expand 16-byte k" or "expand 32-byte k" - m_state[0] = 0x61707865; - m_state[1] = (length == 16) ? 0x3120646e : 0x3320646e; - m_state[2] = (length == 16) ? 0x79622d36 : 0x79622d32; - m_state[3] = 0x6b206574; -} - -void Salsa20_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length) -{ - assert(length==8); - GetBlock<word32, LittleEndian> get(IV); - get(m_state[14])(m_state[11]); - m_state[8] = m_state[5] = 0; -} - -void Salsa20_Policy::SeekToIteration(lword iterationCount) -{ - m_state[8] = (word32)iterationCount; - m_state[5] = (word32)SafeRightShift<32>(iterationCount); -} - -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 -unsigned int Salsa20_Policy::GetAlignment() const -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - if (HasSSE2()) - return 16; - else -#endif - return GetAlignmentOf<word32>(); -} - -unsigned int Salsa20_Policy::GetOptimalBlockSize() const -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - if (HasSSE2()) - return 4*BYTES_PER_ITERATION; - else -#endif - return BYTES_PER_ITERATION; -} -#endif - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE -extern "C" { -void Salsa20_OperateKeystream(byte *output, const byte *input, size_t iterationCount, int rounds, void *state); -} -#endif - -#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code - -void Salsa20_Policy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) -{ -#endif // #ifdef CRYPTOPP_GENERATE_X64_MASM - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE - Salsa20_OperateKeystream(output, input, iterationCount, m_rounds, m_state.data()); - return; -#endif - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#ifdef CRYPTOPP_GENERATE_X64_MASM - ALIGN 8 - Salsa20_OperateKeystream PROC FRAME - mov r10, [rsp + 5*8] ; state - alloc_stack(10*16 + 32*16 + 8) - save_xmm128 xmm6, 0200h - save_xmm128 xmm7, 0210h - save_xmm128 xmm8, 0220h - save_xmm128 xmm9, 0230h - save_xmm128 xmm10, 0240h - save_xmm128 xmm11, 0250h - save_xmm128 xmm12, 0260h - save_xmm128 xmm13, 0270h - save_xmm128 xmm14, 0280h - save_xmm128 xmm15, 0290h - .endprolog - - #define REG_output rcx - #define REG_input rdx - #define REG_iterationCount r8 - #define REG_state r10 - #define REG_rounds e9d - #define REG_roundsLeft eax - #define REG_temp32 r11d - #define REG_temp r11 - #define SSE2_WORKSPACE rsp -#else - if (HasSSE2()) - { - #if CRYPTOPP_BOOL_X64 - #define REG_output %1 - #define REG_input %0 - #define REG_iterationCount %2 - #define REG_state %4 /* constant */ - #define REG_rounds %3 /* constant */ - #define REG_roundsLeft eax - #define REG_temp32 edx - #define REG_temp rdx - #define SSE2_WORKSPACE %5 /* constant */ - - CRYPTOPP_ALIGN_DATA(16) byte workspace[16*32]; - #else - #define REG_output edi - #define REG_input eax - #define REG_iterationCount ecx - #define REG_state esi - #define REG_rounds edx - #define REG_roundsLeft ebx - #define REG_temp32 ebp - #define REG_temp ebp - #define SSE2_WORKSPACE esp + WORD_SZ - #endif - - #ifdef __GNUC__ - __asm__ __volatile__ - ( - ".intel_syntax noprefix;" - AS_PUSH_IF86( bx) - #else - void *s = m_state.data(); - word32 r = m_rounds; - - AS2( mov REG_iterationCount, iterationCount) - AS2( mov REG_input, input) - AS2( mov REG_output, output) - AS2( mov REG_state, s) - AS2( mov REG_rounds, r) - #endif -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM - - AS_PUSH_IF86( bp) - AS2( cmp REG_iterationCount, 4) - ASJ( jl, 5, f) - -#if CRYPTOPP_BOOL_X86 - AS2( mov ebx, esp) - AS2( and esp, -16) - AS2( sub esp, 32*16) - AS1( push ebx) -#endif - -#define SSE2_EXPAND_S(i, j) \ - ASS( pshufd xmm4, xmm##i, j, j, j, j) \ - AS2( movdqa [SSE2_WORKSPACE + (i*4+j)*16 + 256], xmm4) - - AS2( movdqa xmm0, [REG_state + 0*16]) - AS2( movdqa xmm1, [REG_state + 1*16]) - AS2( movdqa xmm2, [REG_state + 2*16]) - AS2( movdqa xmm3, [REG_state + 3*16]) - SSE2_EXPAND_S(0, 0) - SSE2_EXPAND_S(0, 1) - SSE2_EXPAND_S(0, 2) - SSE2_EXPAND_S(0, 3) - SSE2_EXPAND_S(1, 0) - SSE2_EXPAND_S(1, 2) - SSE2_EXPAND_S(1, 3) - SSE2_EXPAND_S(2, 1) - SSE2_EXPAND_S(2, 2) - SSE2_EXPAND_S(2, 3) - SSE2_EXPAND_S(3, 0) - SSE2_EXPAND_S(3, 1) - SSE2_EXPAND_S(3, 2) - SSE2_EXPAND_S(3, 3) - -#define SSE2_EXPAND_S85(i) \ - AS2( mov dword ptr [SSE2_WORKSPACE + 8*16 + i*4 + 256], REG_roundsLeft) \ - AS2( mov dword ptr [SSE2_WORKSPACE + 5*16 + i*4 + 256], REG_temp32) \ - AS2( add REG_roundsLeft, 1) \ - AS2( adc REG_temp32, 0) - - ASL(1) - AS2( mov REG_roundsLeft, dword ptr [REG_state + 8*4]) - AS2( mov REG_temp32, dword ptr [REG_state + 5*4]) - SSE2_EXPAND_S85(0) - SSE2_EXPAND_S85(1) - SSE2_EXPAND_S85(2) - SSE2_EXPAND_S85(3) - AS2( mov dword ptr [REG_state + 8*4], REG_roundsLeft) - AS2( mov dword ptr [REG_state + 5*4], REG_temp32) - -#define SSE2_QUARTER_ROUND(a, b, d, i) \ - AS2( movdqa xmm4, xmm##d) \ - AS2( paddd xmm4, xmm##a) \ - AS2( movdqa xmm5, xmm4) \ - AS2( pslld xmm4, i) \ - AS2( psrld xmm5, 32-i) \ - AS2( pxor xmm##b, xmm4) \ - AS2( pxor xmm##b, xmm5) - -#define L01(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##A, [SSE2_WORKSPACE + d*16 + i*256]) /* y3 */ -#define L02(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##C, [SSE2_WORKSPACE + a*16 + i*256]) /* y0 */ -#define L03(A,B,C,D,a,b,c,d,i) AS2( paddd xmm##A, xmm##C) /* y0+y3 */ -#define L04(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##B, xmm##A) -#define L05(A,B,C,D,a,b,c,d,i) AS2( pslld xmm##A, 7) -#define L06(A,B,C,D,a,b,c,d,i) AS2( psrld xmm##B, 32-7) -#define L07(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, [SSE2_WORKSPACE + b*16 + i*256]) -#define L08(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, xmm##B) /* z1 */ -#define L09(A,B,C,D,a,b,c,d,i) AS2( movdqa [SSE2_WORKSPACE + b*16], xmm##A) -#define L10(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##B, xmm##A) -#define L11(A,B,C,D,a,b,c,d,i) AS2( paddd xmm##A, xmm##C) /* z1+y0 */ -#define L12(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##D, xmm##A) -#define L13(A,B,C,D,a,b,c,d,i) AS2( pslld xmm##A, 9) -#define L14(A,B,C,D,a,b,c,d,i) AS2( psrld xmm##D, 32-9) -#define L15(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, [SSE2_WORKSPACE + c*16 + i*256]) -#define L16(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, xmm##D) /* z2 */ -#define L17(A,B,C,D,a,b,c,d,i) AS2( movdqa [SSE2_WORKSPACE + c*16], xmm##A) -#define L18(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##D, xmm##A) -#define L19(A,B,C,D,a,b,c,d,i) AS2( paddd xmm##A, xmm##B) /* z2+z1 */ -#define L20(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##B, xmm##A) -#define L21(A,B,C,D,a,b,c,d,i) AS2( pslld xmm##A, 13) -#define L22(A,B,C,D,a,b,c,d,i) AS2( psrld xmm##B, 32-13) -#define L23(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, [SSE2_WORKSPACE + d*16 + i*256]) -#define L24(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, xmm##B) /* z3 */ -#define L25(A,B,C,D,a,b,c,d,i) AS2( movdqa [SSE2_WORKSPACE + d*16], xmm##A) -#define L26(A,B,C,D,a,b,c,d,i) AS2( paddd xmm##A, xmm##D) /* z3+z2 */ -#define L27(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##D, xmm##A) -#define L28(A,B,C,D,a,b,c,d,i) AS2( pslld xmm##A, 18) -#define L29(A,B,C,D,a,b,c,d,i) AS2( psrld xmm##D, 32-18) -#define L30(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, xmm##C) /* xor y0 */ -#define L31(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, xmm##D) /* z0 */ -#define L32(A,B,C,D,a,b,c,d,i) AS2( movdqa [SSE2_WORKSPACE + a*16], xmm##A) - -#define SSE2_QUARTER_ROUND_X8(i, a, b, c, d, e, f, g, h) \ - L01(0,1,2,3, a,b,c,d, i) L01(4,5,6,7, e,f,g,h, i) \ - L02(0,1,2,3, a,b,c,d, i) L02(4,5,6,7, e,f,g,h, i) \ - L03(0,1,2,3, a,b,c,d, i) L03(4,5,6,7, e,f,g,h, i) \ - L04(0,1,2,3, a,b,c,d, i) L04(4,5,6,7, e,f,g,h, i) \ - L05(0,1,2,3, a,b,c,d, i) L05(4,5,6,7, e,f,g,h, i) \ - L06(0,1,2,3, a,b,c,d, i) L06(4,5,6,7, e,f,g,h, i) \ - L07(0,1,2,3, a,b,c,d, i) L07(4,5,6,7, e,f,g,h, i) \ - L08(0,1,2,3, a,b,c,d, i) L08(4,5,6,7, e,f,g,h, i) \ - L09(0,1,2,3, a,b,c,d, i) L09(4,5,6,7, e,f,g,h, i) \ - L10(0,1,2,3, a,b,c,d, i) L10(4,5,6,7, e,f,g,h, i) \ - L11(0,1,2,3, a,b,c,d, i) L11(4,5,6,7, e,f,g,h, i) \ - L12(0,1,2,3, a,b,c,d, i) L12(4,5,6,7, e,f,g,h, i) \ - L13(0,1,2,3, a,b,c,d, i) L13(4,5,6,7, e,f,g,h, i) \ - L14(0,1,2,3, a,b,c,d, i) L14(4,5,6,7, e,f,g,h, i) \ - L15(0,1,2,3, a,b,c,d, i) L15(4,5,6,7, e,f,g,h, i) \ - L16(0,1,2,3, a,b,c,d, i) L16(4,5,6,7, e,f,g,h, i) \ - L17(0,1,2,3, a,b,c,d, i) L17(4,5,6,7, e,f,g,h, i) \ - L18(0,1,2,3, a,b,c,d, i) L18(4,5,6,7, e,f,g,h, i) \ - L19(0,1,2,3, a,b,c,d, i) L19(4,5,6,7, e,f,g,h, i) \ - L20(0,1,2,3, a,b,c,d, i) L20(4,5,6,7, e,f,g,h, i) \ - L21(0,1,2,3, a,b,c,d, i) L21(4,5,6,7, e,f,g,h, i) \ - L22(0,1,2,3, a,b,c,d, i) L22(4,5,6,7, e,f,g,h, i) \ - L23(0,1,2,3, a,b,c,d, i) L23(4,5,6,7, e,f,g,h, i) \ - L24(0,1,2,3, a,b,c,d, i) L24(4,5,6,7, e,f,g,h, i) \ - L25(0,1,2,3, a,b,c,d, i) L25(4,5,6,7, e,f,g,h, i) \ - L26(0,1,2,3, a,b,c,d, i) L26(4,5,6,7, e,f,g,h, i) \ - L27(0,1,2,3, a,b,c,d, i) L27(4,5,6,7, e,f,g,h, i) \ - L28(0,1,2,3, a,b,c,d, i) L28(4,5,6,7, e,f,g,h, i) \ - L29(0,1,2,3, a,b,c,d, i) L29(4,5,6,7, e,f,g,h, i) \ - L30(0,1,2,3, a,b,c,d, i) L30(4,5,6,7, e,f,g,h, i) \ - L31(0,1,2,3, a,b,c,d, i) L31(4,5,6,7, e,f,g,h, i) \ - L32(0,1,2,3, a,b,c,d, i) L32(4,5,6,7, e,f,g,h, i) - -#define SSE2_QUARTER_ROUND_X16(i, a, b, c, d, e, f, g, h, A, B, C, D, E, F, G, H) \ - L01(0,1,2,3, a,b,c,d, i) L01(4,5,6,7, e,f,g,h, i) L01(8,9,10,11, A,B,C,D, i) L01(12,13,14,15, E,F,G,H, i) \ - L02(0,1,2,3, a,b,c,d, i) L02(4,5,6,7, e,f,g,h, i) L02(8,9,10,11, A,B,C,D, i) L02(12,13,14,15, E,F,G,H, i) \ - L03(0,1,2,3, a,b,c,d, i) L03(4,5,6,7, e,f,g,h, i) L03(8,9,10,11, A,B,C,D, i) L03(12,13,14,15, E,F,G,H, i) \ - L04(0,1,2,3, a,b,c,d, i) L04(4,5,6,7, e,f,g,h, i) L04(8,9,10,11, A,B,C,D, i) L04(12,13,14,15, E,F,G,H, i) \ - L05(0,1,2,3, a,b,c,d, i) L05(4,5,6,7, e,f,g,h, i) L05(8,9,10,11, A,B,C,D, i) L05(12,13,14,15, E,F,G,H, i) \ - L06(0,1,2,3, a,b,c,d, i) L06(4,5,6,7, e,f,g,h, i) L06(8,9,10,11, A,B,C,D, i) L06(12,13,14,15, E,F,G,H, i) \ - L07(0,1,2,3, a,b,c,d, i) L07(4,5,6,7, e,f,g,h, i) L07(8,9,10,11, A,B,C,D, i) L07(12,13,14,15, E,F,G,H, i) \ - L08(0,1,2,3, a,b,c,d, i) L08(4,5,6,7, e,f,g,h, i) L08(8,9,10,11, A,B,C,D, i) L08(12,13,14,15, E,F,G,H, i) \ - L09(0,1,2,3, a,b,c,d, i) L09(4,5,6,7, e,f,g,h, i) L09(8,9,10,11, A,B,C,D, i) L09(12,13,14,15, E,F,G,H, i) \ - L10(0,1,2,3, a,b,c,d, i) L10(4,5,6,7, e,f,g,h, i) L10(8,9,10,11, A,B,C,D, i) L10(12,13,14,15, E,F,G,H, i) \ - L11(0,1,2,3, a,b,c,d, i) L11(4,5,6,7, e,f,g,h, i) L11(8,9,10,11, A,B,C,D, i) L11(12,13,14,15, E,F,G,H, i) \ - L12(0,1,2,3, a,b,c,d, i) L12(4,5,6,7, e,f,g,h, i) L12(8,9,10,11, A,B,C,D, i) L12(12,13,14,15, E,F,G,H, i) \ - L13(0,1,2,3, a,b,c,d, i) L13(4,5,6,7, e,f,g,h, i) L13(8,9,10,11, A,B,C,D, i) L13(12,13,14,15, E,F,G,H, i) \ - L14(0,1,2,3, a,b,c,d, i) L14(4,5,6,7, e,f,g,h, i) L14(8,9,10,11, A,B,C,D, i) L14(12,13,14,15, E,F,G,H, i) \ - L15(0,1,2,3, a,b,c,d, i) L15(4,5,6,7, e,f,g,h, i) L15(8,9,10,11, A,B,C,D, i) L15(12,13,14,15, E,F,G,H, i) \ - L16(0,1,2,3, a,b,c,d, i) L16(4,5,6,7, e,f,g,h, i) L16(8,9,10,11, A,B,C,D, i) L16(12,13,14,15, E,F,G,H, i) \ - L17(0,1,2,3, a,b,c,d, i) L17(4,5,6,7, e,f,g,h, i) L17(8,9,10,11, A,B,C,D, i) L17(12,13,14,15, E,F,G,H, i) \ - L18(0,1,2,3, a,b,c,d, i) L18(4,5,6,7, e,f,g,h, i) L18(8,9,10,11, A,B,C,D, i) L18(12,13,14,15, E,F,G,H, i) \ - L19(0,1,2,3, a,b,c,d, i) L19(4,5,6,7, e,f,g,h, i) L19(8,9,10,11, A,B,C,D, i) L19(12,13,14,15, E,F,G,H, i) \ - L20(0,1,2,3, a,b,c,d, i) L20(4,5,6,7, e,f,g,h, i) L20(8,9,10,11, A,B,C,D, i) L20(12,13,14,15, E,F,G,H, i) \ - L21(0,1,2,3, a,b,c,d, i) L21(4,5,6,7, e,f,g,h, i) L21(8,9,10,11, A,B,C,D, i) L21(12,13,14,15, E,F,G,H, i) \ - L22(0,1,2,3, a,b,c,d, i) L22(4,5,6,7, e,f,g,h, i) L22(8,9,10,11, A,B,C,D, i) L22(12,13,14,15, E,F,G,H, i) \ - L23(0,1,2,3, a,b,c,d, i) L23(4,5,6,7, e,f,g,h, i) L23(8,9,10,11, A,B,C,D, i) L23(12,13,14,15, E,F,G,H, i) \ - L24(0,1,2,3, a,b,c,d, i) L24(4,5,6,7, e,f,g,h, i) L24(8,9,10,11, A,B,C,D, i) L24(12,13,14,15, E,F,G,H, i) \ - L25(0,1,2,3, a,b,c,d, i) L25(4,5,6,7, e,f,g,h, i) L25(8,9,10,11, A,B,C,D, i) L25(12,13,14,15, E,F,G,H, i) \ - L26(0,1,2,3, a,b,c,d, i) L26(4,5,6,7, e,f,g,h, i) L26(8,9,10,11, A,B,C,D, i) L26(12,13,14,15, E,F,G,H, i) \ - L27(0,1,2,3, a,b,c,d, i) L27(4,5,6,7, e,f,g,h, i) L27(8,9,10,11, A,B,C,D, i) L27(12,13,14,15, E,F,G,H, i) \ - L28(0,1,2,3, a,b,c,d, i) L28(4,5,6,7, e,f,g,h, i) L28(8,9,10,11, A,B,C,D, i) L28(12,13,14,15, E,F,G,H, i) \ - L29(0,1,2,3, a,b,c,d, i) L29(4,5,6,7, e,f,g,h, i) L29(8,9,10,11, A,B,C,D, i) L29(12,13,14,15, E,F,G,H, i) \ - L30(0,1,2,3, a,b,c,d, i) L30(4,5,6,7, e,f,g,h, i) L30(8,9,10,11, A,B,C,D, i) L30(12,13,14,15, E,F,G,H, i) \ - L31(0,1,2,3, a,b,c,d, i) L31(4,5,6,7, e,f,g,h, i) L31(8,9,10,11, A,B,C,D, i) L31(12,13,14,15, E,F,G,H, i) \ - L32(0,1,2,3, a,b,c,d, i) L32(4,5,6,7, e,f,g,h, i) L32(8,9,10,11, A,B,C,D, i) L32(12,13,14,15, E,F,G,H, i) - -#if CRYPTOPP_BOOL_X64 - SSE2_QUARTER_ROUND_X16(1, 0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15) -#else - SSE2_QUARTER_ROUND_X8(1, 2, 6, 10, 14, 3, 7, 11, 15) - SSE2_QUARTER_ROUND_X8(1, 0, 4, 8, 12, 1, 5, 9, 13) -#endif - AS2( mov REG_roundsLeft, REG_rounds) - ASJ( jmp, 2, f) - - ASL(SSE2_Salsa_Output) - AS2( movdqa xmm0, xmm4) - AS2( punpckldq xmm4, xmm5) - AS2( movdqa xmm1, xmm6) - AS2( punpckldq xmm6, xmm7) - AS2( movdqa xmm2, xmm4) - AS2( punpcklqdq xmm4, xmm6) // e - AS2( punpckhqdq xmm2, xmm6) // f - AS2( punpckhdq xmm0, xmm5) - AS2( punpckhdq xmm1, xmm7) - AS2( movdqa xmm6, xmm0) - AS2( punpcklqdq xmm0, xmm1) // g - AS2( punpckhqdq xmm6, xmm1) // h - AS_XMM_OUTPUT4(SSE2_Salsa_Output_A, REG_input, REG_output, 4, 2, 0, 6, 1, 0, 4, 8, 12, 1) - AS1( ret) - - ASL(6) -#if CRYPTOPP_BOOL_X64 - SSE2_QUARTER_ROUND_X16(0, 0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15) - ASL(2) - SSE2_QUARTER_ROUND_X16(0, 0, 13, 10, 7, 1, 14, 11, 4, 2, 15, 8, 5, 3, 12, 9, 6) -#else - SSE2_QUARTER_ROUND_X8(0, 2, 6, 10, 14, 3, 7, 11, 15) - SSE2_QUARTER_ROUND_X8(0, 0, 4, 8, 12, 1, 5, 9, 13) - ASL(2) - SSE2_QUARTER_ROUND_X8(0, 2, 15, 8, 5, 3, 12, 9, 6) - SSE2_QUARTER_ROUND_X8(0, 0, 13, 10, 7, 1, 14, 11, 4) -#endif - AS2( sub REG_roundsLeft, 2) - ASJ( jnz, 6, b) - -#define SSE2_OUTPUT_4(a, b, c, d) \ - AS2( movdqa xmm4, [SSE2_WORKSPACE + a*16 + 256])\ - AS2( paddd xmm4, [SSE2_WORKSPACE + a*16])\ - AS2( movdqa xmm5, [SSE2_WORKSPACE + b*16 + 256])\ - AS2( paddd xmm5, [SSE2_WORKSPACE + b*16])\ - AS2( movdqa xmm6, [SSE2_WORKSPACE + c*16 + 256])\ - AS2( paddd xmm6, [SSE2_WORKSPACE + c*16])\ - AS2( movdqa xmm7, [SSE2_WORKSPACE + d*16 + 256])\ - AS2( paddd xmm7, [SSE2_WORKSPACE + d*16])\ - ASC( call, SSE2_Salsa_Output) - - SSE2_OUTPUT_4(0, 13, 10, 7) - SSE2_OUTPUT_4(4, 1, 14, 11) - SSE2_OUTPUT_4(8, 5, 2, 15) - SSE2_OUTPUT_4(12, 9, 6, 3) - AS2( test REG_input, REG_input) - ASJ( jz, 9, f) - AS2( add REG_input, 12*16) - ASL(9) - AS2( add REG_output, 12*16) - AS2( sub REG_iterationCount, 4) - AS2( cmp REG_iterationCount, 4) - ASJ( jge, 1, b) - AS_POP_IF86( sp) - - ASL(5) - AS2( sub REG_iterationCount, 1) - ASJ( jl, 4, f) - AS2( movdqa xmm0, [REG_state + 0*16]) - AS2( movdqa xmm1, [REG_state + 1*16]) - AS2( movdqa xmm2, [REG_state + 2*16]) - AS2( movdqa xmm3, [REG_state + 3*16]) - AS2( mov REG_roundsLeft, REG_rounds) - - ASL(0) - SSE2_QUARTER_ROUND(0, 1, 3, 7) - SSE2_QUARTER_ROUND(1, 2, 0, 9) - SSE2_QUARTER_ROUND(2, 3, 1, 13) - SSE2_QUARTER_ROUND(3, 0, 2, 18) - ASS( pshufd xmm1, xmm1, 2, 1, 0, 3) - ASS( pshufd xmm2, xmm2, 1, 0, 3, 2) - ASS( pshufd xmm3, xmm3, 0, 3, 2, 1) - SSE2_QUARTER_ROUND(0, 3, 1, 7) - SSE2_QUARTER_ROUND(3, 2, 0, 9) - SSE2_QUARTER_ROUND(2, 1, 3, 13) - SSE2_QUARTER_ROUND(1, 0, 2, 18) - ASS( pshufd xmm1, xmm1, 0, 3, 2, 1) - ASS( pshufd xmm2, xmm2, 1, 0, 3, 2) - ASS( pshufd xmm3, xmm3, 2, 1, 0, 3) - AS2( sub REG_roundsLeft, 2) - ASJ( jnz, 0, b) - - AS2( paddd xmm0, [REG_state + 0*16]) - AS2( paddd xmm1, [REG_state + 1*16]) - AS2( paddd xmm2, [REG_state + 2*16]) - AS2( paddd xmm3, [REG_state + 3*16]) - - AS2( add dword ptr [REG_state + 8*4], 1) - AS2( adc dword ptr [REG_state + 5*4], 0) - - AS2( pcmpeqb xmm6, xmm6) // all ones - AS2( psrlq xmm6, 32) // lo32 mask - ASS( pshufd xmm7, xmm6, 0, 1, 2, 3) // hi32 mask - AS2( movdqa xmm4, xmm0) - AS2( movdqa xmm5, xmm3) - AS2( pand xmm0, xmm7) - AS2( pand xmm4, xmm6) - AS2( pand xmm3, xmm6) - AS2( pand xmm5, xmm7) - AS2( por xmm4, xmm5) // 0,13,2,15 - AS2( movdqa xmm5, xmm1) - AS2( pand xmm1, xmm7) - AS2( pand xmm5, xmm6) - AS2( por xmm0, xmm5) // 4,1,6,3 - AS2( pand xmm6, xmm2) - AS2( pand xmm2, xmm7) - AS2( por xmm1, xmm6) // 8,5,10,7 - AS2( por xmm2, xmm3) // 12,9,14,11 - - AS2( movdqa xmm5, xmm4) - AS2( movdqa xmm6, xmm0) - AS3( shufpd xmm4, xmm1, 2) // 0,13,10,7 - AS3( shufpd xmm0, xmm2, 2) // 4,1,14,11 - AS3( shufpd xmm1, xmm5, 2) // 8,5,2,15 - AS3( shufpd xmm2, xmm6, 2) // 12,9,6,3 - - // output keystream - AS_XMM_OUTPUT4(SSE2_Salsa_Output_B, REG_input, REG_output, 4, 0, 1, 2, 3, 0, 1, 2, 3, 4) - ASJ( jmp, 5, b) - ASL(4) - - AS_POP_IF86( bp) -#ifdef __GNUC__ - AS_POP_IF86( bx) - ".att_syntax prefix;" - #if CRYPTOPP_BOOL_X64 - : "+r" (input), "+r" (output), "+r" (iterationCount) - : "r" (m_rounds), "r" (m_state.m_ptr), "r" (workspace) - : "%eax", "%rdx", "memory", "cc", "%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7", "%xmm8", "%xmm9", "%xmm10", "%xmm11", "%xmm12", "%xmm13", "%xmm14", "%xmm15" - #else - : "+a" (input), "+D" (output), "+c" (iterationCount) - : "d" (m_rounds), "S" (m_state.m_ptr) - : "memory", "cc" - #endif - ); -#endif -#ifdef CRYPTOPP_GENERATE_X64_MASM - movdqa xmm6, [rsp + 0200h] - movdqa xmm7, [rsp + 0210h] - movdqa xmm8, [rsp + 0220h] - movdqa xmm9, [rsp + 0230h] - movdqa xmm10, [rsp + 0240h] - movdqa xmm11, [rsp + 0250h] - movdqa xmm12, [rsp + 0260h] - movdqa xmm13, [rsp + 0270h] - movdqa xmm14, [rsp + 0280h] - movdqa xmm15, [rsp + 0290h] - add rsp, 10*16 + 32*16 + 8 - ret -Salsa20_OperateKeystream ENDP -#else - } - else -#endif -#endif -#ifndef CRYPTOPP_GENERATE_X64_MASM - { - word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; - - while (iterationCount--) - { - x0 = m_state[0]; x1 = m_state[1]; x2 = m_state[2]; x3 = m_state[3]; - x4 = m_state[4]; x5 = m_state[5]; x6 = m_state[6]; x7 = m_state[7]; - x8 = m_state[8]; x9 = m_state[9]; x10 = m_state[10]; x11 = m_state[11]; - x12 = m_state[12]; x13 = m_state[13]; x14 = m_state[14]; x15 = m_state[15]; - - for (int i=m_rounds; i>0; i-=2) - { - #define QUARTER_ROUND(a, b, c, d) \ - b = b ^ rotlFixed(a + d, 7); \ - c = c ^ rotlFixed(b + a, 9); \ - d = d ^ rotlFixed(c + b, 13); \ - a = a ^ rotlFixed(d + c, 18); - - QUARTER_ROUND(x0, x4, x8, x12) - QUARTER_ROUND(x1, x5, x9, x13) - QUARTER_ROUND(x2, x6, x10, x14) - QUARTER_ROUND(x3, x7, x11, x15) - - QUARTER_ROUND(x0, x13, x10, x7) - QUARTER_ROUND(x1, x14, x11, x4) - QUARTER_ROUND(x2, x15, x8, x5) - QUARTER_ROUND(x3, x12, x9, x6) - } - - #define SALSA_OUTPUT(x) {\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 0, x0 + m_state[0]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 1, x13 + m_state[13]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 2, x10 + m_state[10]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 3, x7 + m_state[7]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 4, x4 + m_state[4]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 5, x1 + m_state[1]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 6, x14 + m_state[14]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 7, x11 + m_state[11]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 8, x8 + m_state[8]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 9, x5 + m_state[5]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 10, x2 + m_state[2]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 11, x15 + m_state[15]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 12, x12 + m_state[12]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 13, x9 + m_state[9]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 14, x6 + m_state[6]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 15, x3 + m_state[3]);} - -#ifndef CRYPTOPP_DOXYGEN_PROCESSING - CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(SALSA_OUTPUT, BYTES_PER_ITERATION); -#endif - - if (++m_state[8] == 0) - ++m_state[5]; - } - } -} // see comment above if an internal compiler error occurs here - -void XSalsa20_Policy::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) -{ - m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20); - - if (!(m_rounds == 8 || m_rounds == 12 || m_rounds == 20)) - throw InvalidRounds(XSalsa20::StaticAlgorithmName(), m_rounds); - - GetUserKey(LITTLE_ENDIAN_ORDER, m_key.begin(), m_key.size(), key, length); - if (length == 16) - memcpy(m_key.begin()+4, m_key.begin(), 16); - - // "expand 32-byte k" - m_state[0] = 0x61707865; - m_state[1] = 0x3320646e; - m_state[2] = 0x79622d32; - m_state[3] = 0x6b206574; -} - -void XSalsa20_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length) -{ - assert(length==24); - - word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; - - GetBlock<word32, LittleEndian> get(IV); - get(x14)(x11)(x8)(x5)(m_state[14])(m_state[11]); - - x13 = m_key[0]; x10 = m_key[1]; x7 = m_key[2]; x4 = m_key[3]; - x15 = m_key[4]; x12 = m_key[5]; x9 = m_key[6]; x6 = m_key[7]; - x0 = m_state[0]; x1 = m_state[1]; x2 = m_state[2]; x3 = m_state[3]; - - for (int i=m_rounds; i>0; i-=2) - { - QUARTER_ROUND(x0, x4, x8, x12) - QUARTER_ROUND(x1, x5, x9, x13) - QUARTER_ROUND(x2, x6, x10, x14) - QUARTER_ROUND(x3, x7, x11, x15) - - QUARTER_ROUND(x0, x13, x10, x7) - QUARTER_ROUND(x1, x14, x11, x4) - QUARTER_ROUND(x2, x15, x8, x5) - QUARTER_ROUND(x3, x12, x9, x6) - } - - m_state[13] = x0; m_state[10] = x1; m_state[7] = x2; m_state[4] = x3; - m_state[15] = x14; m_state[12] = x11; m_state[9] = x8; m_state[6] = x5; - m_state[8] = m_state[5] = 0; -} - -NAMESPACE_END - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM diff --git a/cryptopp562/salsa.h b/cryptopp562/salsa.h deleted file mode 100644 index 49af885..0000000 --- a/cryptopp562/salsa.h +++ /dev/null @@ -1,65 +0,0 @@ -// salsa.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_SALSA_H -#define CRYPTOPP_SALSA_H - -#include "strciphr.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Salsa20_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8> -{ - static const char *StaticAlgorithmName() {return "Salsa20";} -}; - -class CRYPTOPP_NO_VTABLE Salsa20_Policy : public AdditiveCipherConcretePolicy<word32, 16> -{ -protected: - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); - bool CipherIsRandomAccess() const {return true;} - void SeekToIteration(lword iterationCount); -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 - unsigned int GetAlignment() const; - unsigned int GetOptimalBlockSize() const; -#endif - - FixedSizeAlignedSecBlock<word32, 16> m_state; - int m_rounds; -}; - -/// <a href="http://www.cryptolounge.org/wiki/Salsa20">Salsa20</a>, variable rounds: 8, 12 or 20 (default 20) -struct Salsa20 : public Salsa20_Info, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal<ConcretePolicyHolder<Salsa20_Policy, AdditiveCipherTemplate<> >, Salsa20_Info> Encryption; - typedef Encryption Decryption; -}; - -//! _ -struct XSalsa20_Info : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 24> -{ - static const char *StaticAlgorithmName() {return "XSalsa20";} -}; - -class CRYPTOPP_NO_VTABLE XSalsa20_Policy : public Salsa20_Policy -{ -public: - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); - -protected: - FixedSizeSecBlock<word32, 8> m_key; -}; - -/// <a href="http://www.cryptolounge.org/wiki/XSalsa20">XSalsa20</a>, variable rounds: 8, 12 or 20 (default 20) -struct XSalsa20 : public XSalsa20_Info, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal<ConcretePolicyHolder<XSalsa20_Policy, AdditiveCipherTemplate<> >, XSalsa20_Info> Encryption; - typedef Encryption Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/seal.cpp b/cryptopp562/seal.cpp deleted file mode 100644 index f49b522..0000000 --- a/cryptopp562/seal.cpp +++ /dev/null @@ -1,213 +0,0 @@ -// seal.cpp - written and placed in the public domain by Wei Dai -// updated to SEAL 3.0 by Leonard Janke - -#include "pch.h" - -#include "seal.h" -#include "sha.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void SEAL_TestInstantiations() -{ - SEAL<>::Encryption x; -} - -struct SEAL_Gamma -{ - SEAL_Gamma(const byte *key) - : H(5), Z(5), D(16), lastIndex(0xffffffff) - { - GetUserKey(BIG_ENDIAN_ORDER, H.begin(), 5, key, 20); - memset(D, 0, 64); - } - - word32 Apply(word32 i); - - SecBlock<word32> H, Z, D; - word32 lastIndex; -}; - -word32 SEAL_Gamma::Apply(word32 i) -{ - word32 shaIndex = i/5; - if (shaIndex != lastIndex) - { - memcpy(Z, H, 20); - D[0] = shaIndex; - SHA::Transform(Z, D); - lastIndex = shaIndex; - } - return Z[i%5]; -} - -template <class B> -void SEAL_Policy<B>::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) -{ - m_insideCounter = m_outsideCounter = m_startCount = 0; - - unsigned int L = params.GetIntValueWithDefault("NumberOfOutputBitsPerPositionIndex", 32*1024); - m_iterationsPerCount = L / 8192; - - SEAL_Gamma gamma(key); - unsigned int i; - - for (i=0; i<512; i++) - m_T[i] = gamma.Apply(i); - - for (i=0; i<256; i++) - m_S[i] = gamma.Apply(0x1000+i); - - m_R.New(4*(L/8192)); - - for (i=0; i<m_R.size(); i++) - m_R[i] = gamma.Apply(0x2000+i); -} - -template <class B> -void SEAL_Policy<B>::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length) -{ - assert(length==4); - m_outsideCounter = IV ? GetWord<word32>(false, BIG_ENDIAN_ORDER, IV) : 0; - m_startCount = m_outsideCounter; - m_insideCounter = 0; -} - -template <class B> -void SEAL_Policy<B>::SeekToIteration(lword iterationCount) -{ - m_outsideCounter = m_startCount + (unsigned int)(iterationCount / m_iterationsPerCount); - m_insideCounter = (unsigned int)(iterationCount % m_iterationsPerCount); -} - -template <class B> -void SEAL_Policy<B>::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) -{ - word32 a, b, c, d, n1, n2, n3, n4; - unsigned int p, q; - - for (size_t iteration = 0; iteration < iterationCount; ++iteration) - { -#define Ttab(x) *(word32 *)((byte *)m_T.begin()+x) - - a = m_outsideCounter ^ m_R[4*m_insideCounter]; - b = rotrFixed(m_outsideCounter, 8U) ^ m_R[4*m_insideCounter+1]; - c = rotrFixed(m_outsideCounter, 16U) ^ m_R[4*m_insideCounter+2]; - d = rotrFixed(m_outsideCounter, 24U) ^ m_R[4*m_insideCounter+3]; - - for (unsigned int j=0; j<2; j++) - { - p = a & 0x7fc; - b += Ttab(p); - a = rotrFixed(a, 9U); - - p = b & 0x7fc; - c += Ttab(p); - b = rotrFixed(b, 9U); - - p = c & 0x7fc; - d += Ttab(p); - c = rotrFixed(c, 9U); - - p = d & 0x7fc; - a += Ttab(p); - d = rotrFixed(d, 9U); - } - - n1 = d, n2 = b, n3 = a, n4 = c; - - p = a & 0x7fc; - b += Ttab(p); - a = rotrFixed(a, 9U); - - p = b & 0x7fc; - c += Ttab(p); - b = rotrFixed(b, 9U); - - p = c & 0x7fc; - d += Ttab(p); - c = rotrFixed(c, 9U); - - p = d & 0x7fc; - a += Ttab(p); - d = rotrFixed(d, 9U); - - // generate 8192 bits - for (unsigned int i=0; i<64; i++) - { - p = a & 0x7fc; - a = rotrFixed(a, 9U); - b += Ttab(p); - b ^= a; - - q = b & 0x7fc; - b = rotrFixed(b, 9U); - c ^= Ttab(q); - c += b; - - p = (p+c) & 0x7fc; - c = rotrFixed(c, 9U); - d += Ttab(p); - d ^= c; - - q = (q+d) & 0x7fc; - d = rotrFixed(d, 9U); - a ^= Ttab(q); - a += d; - - p = (p+a) & 0x7fc; - b ^= Ttab(p); - a = rotrFixed(a, 9U); - - q = (q+b) & 0x7fc; - c += Ttab(q); - b = rotrFixed(b, 9U); - - p = (p+c) & 0x7fc; - d ^= Ttab(p); - c = rotrFixed(c, 9U); - - q = (q+d) & 0x7fc; - d = rotrFixed(d, 9U); - a += Ttab(q); - -#define SEAL_OUTPUT(x) \ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 0, b + m_S[4*i+0]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 1, c ^ m_S[4*i+1]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 2, d + m_S[4*i+2]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 3, a ^ m_S[4*i+3]); - - CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(SEAL_OUTPUT, 4*4); - - if (i & 1) - { - a += n3; - b += n4; - c ^= n3; - d ^= n4; - } - else - { - a += n1; - b += n2; - c ^= n1; - d ^= n2; - } - } - - if (++m_insideCounter == m_iterationsPerCount) - { - ++m_outsideCounter; - m_insideCounter = 0; - } - } - - a = b = c = d = n1 = n2 = n3 = n4 = 0; - p = q = 0; -} - -template class SEAL_Policy<BigEndian>; -template class SEAL_Policy<LittleEndian>; - -NAMESPACE_END diff --git a/cryptopp562/seal.h b/cryptopp562/seal.h deleted file mode 100644 index e14ae1c..0000000 --- a/cryptopp562/seal.h +++ /dev/null @@ -1,44 +0,0 @@ -#ifndef CRYPTOPP_SEAL_H -#define CRYPTOPP_SEAL_H - -#include "strciphr.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class B = BigEndian> -struct SEAL_Info : public FixedKeyLength<20, SimpleKeyingInterface::INTERNALLY_GENERATED_IV, 4> -{ - static const char *StaticAlgorithmName() {return B::ToEnum() == LITTLE_ENDIAN_ORDER ? "SEAL-3.0-LE" : "SEAL-3.0-BE";} -}; - -template <class B = BigEndian> -class CRYPTOPP_NO_VTABLE SEAL_Policy : public AdditiveCipherConcretePolicy<word32, 256>, public SEAL_Info<B> -{ -protected: - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); - bool CipherIsRandomAccess() const {return true;} - void SeekToIteration(lword iterationCount); - -private: - FixedSizeSecBlock<word32, 512> m_T; - FixedSizeSecBlock<word32, 256> m_S; - SecBlock<word32> m_R; - - word32 m_startCount, m_iterationsPerCount; - word32 m_outsideCounter, m_insideCounter; -}; - -//! <a href="http://www.weidai.com/scan-mirror/cs.html#SEAL-3.0-BE">SEAL</a> -template <class B = BigEndian> -struct SEAL : public SEAL_Info<B>, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal<ConcretePolicyHolder<SEAL_Policy<B>, AdditiveCipherTemplate<> >, SEAL_Info<B> > Encryption; - typedef Encryption Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/secblock.h b/cryptopp562/secblock.h deleted file mode 100644 index 40cce33..0000000 --- a/cryptopp562/secblock.h +++ /dev/null @@ -1,467 +0,0 @@ -// secblock.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_SECBLOCK_H -#define CRYPTOPP_SECBLOCK_H - -#include "config.h" -#include "misc.h" -#include <assert.h> - -NAMESPACE_BEGIN(CryptoPP) - -// ************** secure memory allocation *************** - -template<class T> -class AllocatorBase -{ -public: - typedef T value_type; - typedef size_t size_type; -#ifdef CRYPTOPP_MSVCRT6 - typedef ptrdiff_t difference_type; -#else - typedef std::ptrdiff_t difference_type; -#endif - typedef T * pointer; - typedef const T * const_pointer; - typedef T & reference; - typedef const T & const_reference; - - pointer address(reference r) const {return (&r);} - const_pointer address(const_reference r) const {return (&r); } - void construct(pointer p, const T& val) {new (p) T(val);} - void destroy(pointer p) {p->~T();} - size_type max_size() const {return ~size_type(0)/sizeof(T);} // switch to std::numeric_limits<T>::max later - -protected: - static void CheckSize(size_t n) - { - if (n > ~size_t(0) / sizeof(T)) - throw InvalidArgument("AllocatorBase: requested size would cause integer overflow"); - } -}; - -#define CRYPTOPP_INHERIT_ALLOCATOR_TYPES \ -typedef typename AllocatorBase<T>::value_type value_type;\ -typedef typename AllocatorBase<T>::size_type size_type;\ -typedef typename AllocatorBase<T>::difference_type difference_type;\ -typedef typename AllocatorBase<T>::pointer pointer;\ -typedef typename AllocatorBase<T>::const_pointer const_pointer;\ -typedef typename AllocatorBase<T>::reference reference;\ -typedef typename AllocatorBase<T>::const_reference const_reference; - -#if defined(_MSC_VER) && (_MSC_VER < 1300) -// this pragma causes an internal compiler error if placed immediately before std::swap(a, b) -#pragma warning(push) -#pragma warning(disable: 4700) // VC60 workaround: don't know how to get rid of this warning -#endif - -template <class T, class A> -typename A::pointer StandardReallocate(A& a, T *p, typename A::size_type oldSize, typename A::size_type newSize, bool preserve) -{ - if (oldSize == newSize) - return p; - - if (preserve) - { - typename A::pointer newPointer = a.allocate(newSize, NULL); - memcpy_s(newPointer, sizeof(T)*newSize, p, sizeof(T)*STDMIN(oldSize, newSize)); - a.deallocate(p, oldSize); - return newPointer; - } - else - { - a.deallocate(p, oldSize); - return a.allocate(newSize, NULL); - } -} - -#if defined(_MSC_VER) && (_MSC_VER < 1300) -#pragma warning(pop) -#endif - -template <class T, bool T_Align16 = false> -class AllocatorWithCleanup : public AllocatorBase<T> -{ -public: - CRYPTOPP_INHERIT_ALLOCATOR_TYPES - - pointer allocate(size_type n, const void * = NULL) - { - this->CheckSize(n); - if (n == 0) - return NULL; - -#if CRYPTOPP_BOOL_ALIGN16_ENABLED - if (T_Align16 && n*sizeof(T) >= 16) - return (pointer)AlignedAllocate(n*sizeof(T)); -#endif - - return (pointer)UnalignedAllocate(n*sizeof(T)); - } - - void deallocate(void *p, size_type n) - { - SecureWipeArray((pointer)p, n); - -#if CRYPTOPP_BOOL_ALIGN16_ENABLED - if (T_Align16 && n*sizeof(T) >= 16) - return AlignedDeallocate(p); -#endif - - UnalignedDeallocate(p); - } - - pointer reallocate(T *p, size_type oldSize, size_type newSize, bool preserve) - { - return StandardReallocate(*this, p, oldSize, newSize, preserve); - } - - // VS.NET STL enforces the policy of "All STL-compliant allocators have to provide a - // template class member called rebind". - template <class U> struct rebind { typedef AllocatorWithCleanup<U, T_Align16> other; }; -#if _MSC_VER >= 1500 - AllocatorWithCleanup() {} - template <class U, bool A> AllocatorWithCleanup(const AllocatorWithCleanup<U, A> &) {} -#endif -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup<byte>; -CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup<word16>; -CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup<word32>; -CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup<word64>; -#if CRYPTOPP_BOOL_X86 -CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup<word, true>; // for Integer -#endif - -template <class T> -class NullAllocator : public AllocatorBase<T> -{ -public: - CRYPTOPP_INHERIT_ALLOCATOR_TYPES - - pointer allocate(size_type n, const void * = NULL) - { - assert(false); - return NULL; - } - - void deallocate(void *p, size_type n) - { - assert(false); - } - - size_type max_size() const {return 0;} -}; - -// This allocator can't be used with standard collections because -// they require that all objects of the same allocator type are equivalent. -// So this is for use with SecBlock only. -template <class T, size_t S, class A = NullAllocator<T>, bool T_Align16 = false> -class FixedSizeAllocatorWithCleanup : public AllocatorBase<T> -{ -public: - CRYPTOPP_INHERIT_ALLOCATOR_TYPES - - FixedSizeAllocatorWithCleanup() : m_allocated(false) {} - - pointer allocate(size_type n) - { - assert(IsAlignedOn(m_array, 8)); - - if (n <= S && !m_allocated) - { - m_allocated = true; - return GetAlignedArray(); - } - else - return m_fallbackAllocator.allocate(n); - } - - pointer allocate(size_type n, const void *hint) - { - if (n <= S && !m_allocated) - { - m_allocated = true; - return GetAlignedArray(); - } - else - return m_fallbackAllocator.allocate(n, hint); - } - - void deallocate(void *p, size_type n) - { - if (p == GetAlignedArray()) - { - assert(n <= S); - assert(m_allocated); - m_allocated = false; - SecureWipeArray((pointer)p, n); - } - else - m_fallbackAllocator.deallocate(p, n); - } - - pointer reallocate(pointer p, size_type oldSize, size_type newSize, bool preserve) - { - if (p == GetAlignedArray() && newSize <= S) - { - assert(oldSize <= S); - if (oldSize > newSize) - SecureWipeArray(p+newSize, oldSize-newSize); - return p; - } - - pointer newPointer = allocate(newSize, NULL); - if (preserve) - memcpy(newPointer, p, sizeof(T)*STDMIN(oldSize, newSize)); - deallocate(p, oldSize); - return newPointer; - } - - size_type max_size() const {return STDMAX(m_fallbackAllocator.max_size(), S);} - -private: -#ifdef __BORLANDC__ - T* GetAlignedArray() {return m_array;} - T m_array[S]; -#else - T* GetAlignedArray() {return (CRYPTOPP_BOOL_ALIGN16_ENABLED && T_Align16) ? (T*)(((byte *)m_array) + (0-(size_t)m_array)%16) : m_array;} - CRYPTOPP_ALIGN_DATA(8) T m_array[(CRYPTOPP_BOOL_ALIGN16_ENABLED && T_Align16) ? S+8/sizeof(T) : S]; -#endif - A m_fallbackAllocator; - bool m_allocated; -}; - -//! a block of memory allocated using A -template <class T, class A = AllocatorWithCleanup<T> > -class SecBlock -{ -public: - typedef typename A::value_type value_type; - typedef typename A::pointer iterator; - typedef typename A::const_pointer const_iterator; - typedef typename A::size_type size_type; - - explicit SecBlock(size_type size=0) - : m_size(size) {m_ptr = m_alloc.allocate(size, NULL);} - SecBlock(const SecBlock<T, A> &t) - : m_size(t.m_size) {m_ptr = m_alloc.allocate(m_size, NULL); memcpy_s(m_ptr, m_size*sizeof(T), t.m_ptr, m_size*sizeof(T));} - SecBlock(const T *t, size_type len) - : m_size(len) - { - m_ptr = m_alloc.allocate(len, NULL); - if (t == NULL) - memset_z(m_ptr, 0, len*sizeof(T)); - else - memcpy(m_ptr, t, len*sizeof(T)); - } - - ~SecBlock() - {m_alloc.deallocate(m_ptr, m_size);} - -#ifdef __BORLANDC__ - operator T *() const - {return (T*)m_ptr;} -#else - operator const void *() const - {return m_ptr;} - operator void *() - {return m_ptr;} - - operator const T *() const - {return m_ptr;} - operator T *() - {return m_ptr;} -#endif - -// T *operator +(size_type offset) -// {return m_ptr+offset;} - -// const T *operator +(size_type offset) const -// {return m_ptr+offset;} - -// T& operator[](size_type index) -// {assert(index >= 0 && index < m_size); return m_ptr[index];} - -// const T& operator[](size_type index) const -// {assert(index >= 0 && index < m_size); return m_ptr[index];} - - iterator begin() - {return m_ptr;} - const_iterator begin() const - {return m_ptr;} - iterator end() - {return m_ptr+m_size;} - const_iterator end() const - {return m_ptr+m_size;} - - typename A::pointer data() {return m_ptr;} - typename A::const_pointer data() const {return m_ptr;} - - size_type size() const {return m_size;} - bool empty() const {return m_size == 0;} - - byte * BytePtr() {return (byte *)m_ptr;} - const byte * BytePtr() const {return (const byte *)m_ptr;} - size_type SizeInBytes() const {return m_size*sizeof(T);} - - //! set contents and size - void Assign(const T *t, size_type len) - { - New(len); - memcpy_s(m_ptr, m_size*sizeof(T), t, len*sizeof(T)); - } - - //! copy contents and size from another SecBlock - void Assign(const SecBlock<T, A> &t) - { - if (this != &t) - { - New(t.m_size); - memcpy_s(m_ptr, m_size*sizeof(T), t.m_ptr, m_size*sizeof(T)); - } - } - - SecBlock<T, A>& operator=(const SecBlock<T, A> &t) - { - Assign(t); - return *this; - } - - // append to this object - SecBlock<T, A>& operator+=(const SecBlock<T, A> &t) - { - size_type oldSize = m_size; - Grow(m_size+t.m_size); - memcpy_s(m_ptr+oldSize, m_size*sizeof(T), t.m_ptr, t.m_size*sizeof(T)); - return *this; - } - - // append operator - SecBlock<T, A> operator+(const SecBlock<T, A> &t) - { - SecBlock<T, A> result(m_size+t.m_size); - memcpy_s(result.m_ptr, result.m_size*sizeof(T), m_ptr, m_size*sizeof(T)); - memcpy_s(result.m_ptr+m_size, t.m_size*sizeof(T), t.m_ptr, t.m_size*sizeof(T)); - return result; - } - - bool operator==(const SecBlock<T, A> &t) const - { - return m_size == t.m_size && VerifyBufsEqual(m_ptr, t.m_ptr, m_size*sizeof(T)); - } - - bool operator!=(const SecBlock<T, A> &t) const - { - return !operator==(t); - } - - //! change size, without preserving contents - void New(size_type newSize) - { - m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, false); - m_size = newSize; - } - - //! change size and set contents to 0 - void CleanNew(size_type newSize) - { - New(newSize); - memset_z(m_ptr, 0, m_size*sizeof(T)); - } - - //! change size only if newSize > current size. contents are preserved - void Grow(size_type newSize) - { - if (newSize > m_size) - { - m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true); - m_size = newSize; - } - } - - //! change size only if newSize > current size. contents are preserved and additional area is set to 0 - void CleanGrow(size_type newSize) - { - if (newSize > m_size) - { - m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true); - memset(m_ptr+m_size, 0, (newSize-m_size)*sizeof(T)); - m_size = newSize; - } - } - - //! change size and preserve contents - void resize(size_type newSize) - { - m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true); - m_size = newSize; - } - - //! swap contents and size with another SecBlock - void swap(SecBlock<T, A> &b) - { - std::swap(m_alloc, b.m_alloc); - std::swap(m_size, b.m_size); - std::swap(m_ptr, b.m_ptr); - } - -//private: - A m_alloc; - size_type m_size; - T *m_ptr; -}; - -typedef SecBlock<byte> SecByteBlock; -typedef SecBlock<byte, AllocatorWithCleanup<byte, true> > AlignedSecByteBlock; -typedef SecBlock<word> SecWordBlock; - -//! a SecBlock with fixed size, allocated statically -template <class T, unsigned int S, class A = FixedSizeAllocatorWithCleanup<T, S> > -class FixedSizeSecBlock : public SecBlock<T, A> -{ -public: - explicit FixedSizeSecBlock() : SecBlock<T, A>(S) {} -}; - -template <class T, unsigned int S, bool T_Align16 = true> -class FixedSizeAlignedSecBlock : public FixedSizeSecBlock<T, S, FixedSizeAllocatorWithCleanup<T, S, NullAllocator<T>, T_Align16> > -{ -}; - -//! a SecBlock that preallocates size S statically, and uses the heap when this size is exceeded -template <class T, unsigned int S, class A = FixedSizeAllocatorWithCleanup<T, S, AllocatorWithCleanup<T> > > -class SecBlockWithHint : public SecBlock<T, A> -{ -public: - explicit SecBlockWithHint(size_t size) : SecBlock<T, A>(size) {} -}; - -template<class T, bool A, class U, bool B> -inline bool operator==(const CryptoPP::AllocatorWithCleanup<T, A>&, const CryptoPP::AllocatorWithCleanup<U, B>&) {return (true);} -template<class T, bool A, class U, bool B> -inline bool operator!=(const CryptoPP::AllocatorWithCleanup<T, A>&, const CryptoPP::AllocatorWithCleanup<U, B>&) {return (false);} - -NAMESPACE_END - -NAMESPACE_BEGIN(std) -template <class T, class A> -inline void swap(CryptoPP::SecBlock<T, A> &a, CryptoPP::SecBlock<T, A> &b) -{ - a.swap(b); -} - -#if defined(_STLP_DONT_SUPPORT_REBIND_MEMBER_TEMPLATE) || (defined(_STLPORT_VERSION) && !defined(_STLP_MEMBER_TEMPLATE_CLASSES)) -// working for STLport 5.1.3 and MSVC 6 SP5 -template <class _Tp1, class _Tp2> -inline CryptoPP::AllocatorWithCleanup<_Tp2>& -__stl_alloc_rebind(CryptoPP::AllocatorWithCleanup<_Tp1>& __a, const _Tp2*) -{ - return (CryptoPP::AllocatorWithCleanup<_Tp2>&)(__a); -} -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/seckey.h b/cryptopp562/seckey.h deleted file mode 100644 index 35046a6..0000000 --- a/cryptopp562/seckey.h +++ /dev/null @@ -1,221 +0,0 @@ -// seckey.h - written and placed in the public domain by Wei Dai - -// This file contains helper classes/functions for implementing secret key algorithms. - -#ifndef CRYPTOPP_SECKEY_H -#define CRYPTOPP_SECKEY_H - -#include "cryptlib.h" -#include "misc.h" -#include "simple.h" - -NAMESPACE_BEGIN(CryptoPP) - -inline CipherDir ReverseCipherDir(CipherDir dir) -{ - return (dir == ENCRYPTION) ? DECRYPTION : ENCRYPTION; -} - -//! to be inherited by block ciphers with fixed block size -template <unsigned int N> -class FixedBlockSize -{ -public: - CRYPTOPP_CONSTANT(BLOCKSIZE = N) -}; - -// ************** rounds *************** - -//! to be inherited by ciphers with fixed number of rounds -template <unsigned int R> -class FixedRounds -{ -public: - CRYPTOPP_CONSTANT(ROUNDS = R) -}; - -//! to be inherited by ciphers with variable number of rounds -template <unsigned int D, unsigned int N=1, unsigned int M=INT_MAX> // use INT_MAX here because enums are treated as signed ints -class VariableRounds -{ -public: - CRYPTOPP_CONSTANT(DEFAULT_ROUNDS = D) - CRYPTOPP_CONSTANT(MIN_ROUNDS = N) - CRYPTOPP_CONSTANT(MAX_ROUNDS = M) - static unsigned int StaticGetDefaultRounds(size_t keylength) {return DEFAULT_ROUNDS;} - -protected: - inline void ThrowIfInvalidRounds(int rounds, const Algorithm *alg) - { - if (rounds < MIN_ROUNDS || rounds > MAX_ROUNDS) - throw InvalidRounds(alg->AlgorithmName(), rounds); - } - - inline unsigned int GetRoundsAndThrowIfInvalid(const NameValuePairs ¶m, const Algorithm *alg) - { - int rounds = param.GetIntValueWithDefault("Rounds", DEFAULT_ROUNDS); - ThrowIfInvalidRounds(rounds, alg); - return (unsigned int)rounds; - } -}; - -// ************** key length *************** - -//! to be inherited by keyed algorithms with fixed key length -template <unsigned int N, unsigned int IV_REQ = SimpleKeyingInterface::NOT_RESYNCHRONIZABLE, unsigned int IV_L = 0> -class FixedKeyLength -{ -public: - CRYPTOPP_CONSTANT(KEYLENGTH=N) - CRYPTOPP_CONSTANT(MIN_KEYLENGTH=N) - CRYPTOPP_CONSTANT(MAX_KEYLENGTH=N) - CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=N) - CRYPTOPP_CONSTANT(IV_REQUIREMENT = IV_REQ) - CRYPTOPP_CONSTANT(IV_LENGTH = IV_L) - static size_t CRYPTOPP_API StaticGetValidKeyLength(size_t) {return KEYLENGTH;} -}; - -/// support query of variable key length, template parameters are default, min, max, multiple (default multiple 1) -template <unsigned int D, unsigned int N, unsigned int M, unsigned int Q = 1, unsigned int IV_REQ = SimpleKeyingInterface::NOT_RESYNCHRONIZABLE, unsigned int IV_L = 0> -class VariableKeyLength -{ - // make these private to avoid Doxygen documenting them in all derived classes - CRYPTOPP_COMPILE_ASSERT(Q > 0); - CRYPTOPP_COMPILE_ASSERT(N % Q == 0); - CRYPTOPP_COMPILE_ASSERT(M % Q == 0); - CRYPTOPP_COMPILE_ASSERT(N < M); - CRYPTOPP_COMPILE_ASSERT(D >= N); - CRYPTOPP_COMPILE_ASSERT(M >= D); - -public: - CRYPTOPP_CONSTANT(MIN_KEYLENGTH=N) - CRYPTOPP_CONSTANT(MAX_KEYLENGTH=M) - CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=D) - CRYPTOPP_CONSTANT(KEYLENGTH_MULTIPLE=Q) - CRYPTOPP_CONSTANT(IV_REQUIREMENT=IV_REQ) - CRYPTOPP_CONSTANT(IV_LENGTH=IV_L) - - static size_t CRYPTOPP_API StaticGetValidKeyLength(size_t n) - { - if (n < (size_t)MIN_KEYLENGTH) - return MIN_KEYLENGTH; - else if (n > (size_t)MAX_KEYLENGTH) - return (size_t)MAX_KEYLENGTH; - else - { - n += KEYLENGTH_MULTIPLE-1; - return n - n%KEYLENGTH_MULTIPLE; - } - } -}; - -/// support query of key length that's the same as another class -template <class T, unsigned int IV_REQ = SimpleKeyingInterface::NOT_RESYNCHRONIZABLE, unsigned int IV_L = 0> -class SameKeyLengthAs -{ -public: - CRYPTOPP_CONSTANT(MIN_KEYLENGTH=T::MIN_KEYLENGTH) - CRYPTOPP_CONSTANT(MAX_KEYLENGTH=T::MAX_KEYLENGTH) - CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=T::DEFAULT_KEYLENGTH) - CRYPTOPP_CONSTANT(IV_REQUIREMENT=IV_REQ) - CRYPTOPP_CONSTANT(IV_LENGTH=IV_L) - - static size_t CRYPTOPP_API StaticGetValidKeyLength(size_t keylength) - {return T::StaticGetValidKeyLength(keylength);} -}; - -// ************** implementation helper for SimpleKeyed *************** - -//! _ -template <class BASE, class INFO = BASE> -class CRYPTOPP_NO_VTABLE SimpleKeyingInterfaceImpl : public BASE -{ -public: - size_t MinKeyLength() const {return INFO::MIN_KEYLENGTH;} - size_t MaxKeyLength() const {return (size_t)INFO::MAX_KEYLENGTH;} - size_t DefaultKeyLength() const {return INFO::DEFAULT_KEYLENGTH;} - size_t GetValidKeyLength(size_t n) const {return INFO::StaticGetValidKeyLength(n);} - SimpleKeyingInterface::IV_Requirement IVRequirement() const {return (SimpleKeyingInterface::IV_Requirement)INFO::IV_REQUIREMENT;} - unsigned int IVSize() const {return INFO::IV_LENGTH;} -}; - -template <class INFO, class BASE = BlockCipher> -class CRYPTOPP_NO_VTABLE BlockCipherImpl : public AlgorithmImpl<SimpleKeyingInterfaceImpl<TwoBases<BASE, INFO> > > -{ -public: - unsigned int BlockSize() const {return this->BLOCKSIZE;} -}; - -//! _ -template <CipherDir DIR, class BASE> -class BlockCipherFinal : public ClonableImpl<BlockCipherFinal<DIR, BASE>, BASE> -{ -public: - BlockCipherFinal() {} - BlockCipherFinal(const byte *key) - {this->SetKey(key, this->DEFAULT_KEYLENGTH);} - BlockCipherFinal(const byte *key, size_t length) - {this->SetKey(key, length);} - BlockCipherFinal(const byte *key, size_t length, unsigned int rounds) - {this->SetKeyWithRounds(key, length, rounds);} - - bool IsForwardTransformation() const {return DIR == ENCRYPTION;} -}; - -//! _ -template <class BASE, class INFO = BASE> -class MessageAuthenticationCodeImpl : public AlgorithmImpl<SimpleKeyingInterfaceImpl<BASE, INFO>, INFO> -{ -}; - -//! _ -template <class BASE> -class MessageAuthenticationCodeFinal : public ClonableImpl<MessageAuthenticationCodeFinal<BASE>, MessageAuthenticationCodeImpl<BASE> > -{ -public: - MessageAuthenticationCodeFinal() {} - MessageAuthenticationCodeFinal(const byte *key) - {this->SetKey(key, this->DEFAULT_KEYLENGTH);} - MessageAuthenticationCodeFinal(const byte *key, size_t length) - {this->SetKey(key, length);} -}; - -// ************** documentation *************** - -//! These objects usually should not be used directly. See CipherModeDocumentation instead. -/*! Each class derived from this one defines two types, Encryption and Decryption, - both of which implement the BlockCipher interface. */ -struct BlockCipherDocumentation -{ - //! implements the BlockCipher interface - typedef BlockCipher Encryption; - //! implements the BlockCipher interface - typedef BlockCipher Decryption; -}; - -/*! \brief Each class derived from this one defines two types, Encryption and Decryption, - both of which implement the SymmetricCipher interface. Two types of classes derive - from this class: stream ciphers and block cipher modes. Stream ciphers can be used - alone, cipher mode classes need to be used with a block cipher. See CipherModeDocumentation - for more for information about using cipher modes and block ciphers. */ -struct SymmetricCipherDocumentation -{ - //! implements the SymmetricCipher interface - typedef SymmetricCipher Encryption; - //! implements the SymmetricCipher interface - typedef SymmetricCipher Decryption; -}; - -/*! \brief Each class derived from this one defines two types, Encryption and Decryption, - both of which implement the AuthenticatedSymmetricCipher interface. */ -struct AuthenticatedSymmetricCipherDocumentation -{ - //! implements the AuthenticatedSymmetricCipher interface - typedef AuthenticatedSymmetricCipher Encryption; - //! implements the AuthenticatedSymmetricCipher interface - typedef AuthenticatedSymmetricCipher Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/seed.cpp b/cryptopp562/seed.cpp deleted file mode 100644 index 6c739b4..0000000 --- a/cryptopp562/seed.cpp +++ /dev/null @@ -1,104 +0,0 @@ -// seed.cpp - written and placed in the public domain by Wei Dai
-
-#include "pch.h"
-#include "seed.h"
-#include "misc.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-static const word32 s_kc[16] = {
- 0x9e3779b9, 0x3c6ef373, 0x78dde6e6, 0xf1bbcdcc, 0xe3779b99, 0xc6ef3733, 0x8dde6e67, 0x1bbcdccf,
- 0x3779b99e, 0x6ef3733c, 0xdde6e678, 0xbbcdccf1, 0x779b99e3, 0xef3733c6, 0xde6e678d, 0xbcdccf1b};
-
-static const byte s_s0[256] = {
- 0xA9, 0x85, 0xD6, 0xD3, 0x54, 0x1D, 0xAC, 0x25, 0x5D, 0x43, 0x18, 0x1E, 0x51, 0xFC, 0xCA, 0x63, 0x28,
- 0x44, 0x20, 0x9D, 0xE0, 0xE2, 0xC8, 0x17, 0xA5, 0x8F, 0x03, 0x7B, 0xBB, 0x13, 0xD2, 0xEE, 0x70, 0x8C,
- 0x3F, 0xA8, 0x32, 0xDD, 0xF6, 0x74, 0xEC, 0x95, 0x0B, 0x57, 0x5C, 0x5B, 0xBD, 0x01, 0x24, 0x1C, 0x73,
- 0x98, 0x10, 0xCC, 0xF2, 0xD9, 0x2C, 0xE7, 0x72, 0x83, 0x9B, 0xD1, 0x86, 0xC9, 0x60, 0x50, 0xA3, 0xEB,
- 0x0D, 0xB6, 0x9E, 0x4F, 0xB7, 0x5A, 0xC6, 0x78, 0xA6, 0x12, 0xAF, 0xD5, 0x61, 0xC3, 0xB4, 0x41, 0x52,
- 0x7D, 0x8D, 0x08, 0x1F, 0x99, 0x00, 0x19, 0x04, 0x53, 0xF7, 0xE1, 0xFD, 0x76, 0x2F, 0x27, 0xB0, 0x8B,
- 0x0E, 0xAB, 0xA2, 0x6E, 0x93, 0x4D, 0x69, 0x7C, 0x09, 0x0A, 0xBF, 0xEF, 0xF3, 0xC5, 0x87, 0x14, 0xFE,
- 0x64, 0xDE, 0x2E, 0x4B, 0x1A, 0x06, 0x21, 0x6B, 0x66, 0x02, 0xF5, 0x92, 0x8A, 0x0C, 0xB3, 0x7E, 0xD0,
- 0x7A, 0x47, 0x96, 0xE5, 0x26, 0x80, 0xAD, 0xDF, 0xA1, 0x30, 0x37, 0xAE, 0x36, 0x15, 0x22, 0x38, 0xF4,
- 0xA7, 0x45, 0x4C, 0x81, 0xE9, 0x84, 0x97, 0x35, 0xCB, 0xCE, 0x3C, 0x71, 0x11, 0xC7, 0x89, 0x75, 0xFB,
- 0xDA, 0xF8, 0x94, 0x59, 0x82, 0xC4, 0xFF, 0x49, 0x39, 0x67, 0xC0, 0xCF, 0xD7, 0xB8, 0x0F, 0x8E, 0x42,
- 0x23, 0x91, 0x6C, 0xDB, 0xA4, 0x34, 0xF1, 0x48, 0xC2, 0x6F, 0x3D, 0x2D, 0x40, 0xBE, 0x3E, 0xBC, 0xC1,
- 0xAA, 0xBA, 0x4E, 0x55, 0x3B, 0xDC, 0x68, 0x7F, 0x9C, 0xD8, 0x4A, 0x56, 0x77, 0xA0, 0xED, 0x46, 0xB5,
- 0x2B, 0x65, 0xFA, 0xE3, 0xB9, 0xB1, 0x9F, 0x5E, 0xF9, 0xE6, 0xB2, 0x31, 0xEA, 0x6D, 0x5F, 0xE4, 0xF0,
- 0xCD, 0x88, 0x16, 0x3A, 0x58, 0xD4, 0x62, 0x29, 0x07, 0x33, 0xE8, 0x1B, 0x05, 0x79, 0x90, 0x6A, 0x2A,
- 0x9A};
-
-static const byte s_s1[256] = {
- 0x38, 0xE8, 0x2D, 0xA6, 0xCF, 0xDE, 0xB3, 0xB8, 0xAF, 0x60, 0x55, 0xC7, 0x44, 0x6F, 0x6B, 0x5B, 0xC3,
- 0x62, 0x33, 0xB5, 0x29, 0xA0, 0xE2, 0xA7, 0xD3, 0x91, 0x11, 0x06, 0x1C, 0xBC, 0x36, 0x4B, 0xEF, 0x88,
- 0x6C, 0xA8, 0x17, 0xC4, 0x16, 0xF4, 0xC2, 0x45, 0xE1, 0xD6, 0x3F, 0x3D, 0x8E, 0x98, 0x28, 0x4E, 0xF6,
- 0x3E, 0xA5, 0xF9, 0x0D, 0xDF, 0xD8, 0x2B, 0x66, 0x7A, 0x27, 0x2F, 0xF1, 0x72, 0x42, 0xD4, 0x41, 0xC0,
- 0x73, 0x67, 0xAC, 0x8B, 0xF7, 0xAD, 0x80, 0x1F, 0xCA, 0x2C, 0xAA, 0x34, 0xD2, 0x0B, 0xEE, 0xE9, 0x5D,
- 0x94, 0x18, 0xF8, 0x57, 0xAE, 0x08, 0xC5, 0x13, 0xCD, 0x86, 0xB9, 0xFF, 0x7D, 0xC1, 0x31, 0xF5, 0x8A,
- 0x6A, 0xB1, 0xD1, 0x20, 0xD7, 0x02, 0x22, 0x04, 0x68, 0x71, 0x07, 0xDB, 0x9D, 0x99, 0x61, 0xBE, 0xE6,
- 0x59, 0xDD, 0x51, 0x90, 0xDC, 0x9A, 0xA3, 0xAB, 0xD0, 0x81, 0x0F, 0x47, 0x1A, 0xE3, 0xEC, 0x8D, 0xBF,
- 0x96, 0x7B, 0x5C, 0xA2, 0xA1, 0x63, 0x23, 0x4D, 0xC8, 0x9E, 0x9C, 0x3A, 0x0C, 0x2E, 0xBA, 0x6E, 0x9F,
- 0x5A, 0xF2, 0x92, 0xF3, 0x49, 0x78, 0xCC, 0x15, 0xFB, 0x70, 0x75, 0x7F, 0x35, 0x10, 0x03, 0x64, 0x6D,
- 0xC6, 0x74, 0xD5, 0xB4, 0xEA, 0x09, 0x76, 0x19, 0xFE, 0x40, 0x12, 0xE0, 0xBD, 0x05, 0xFA, 0x01, 0xF0,
- 0x2A, 0x5E, 0xA9, 0x56, 0x43, 0x85, 0x14, 0x89, 0x9B, 0xB0, 0xE5, 0x48, 0x79, 0x97, 0xFC, 0x1E, 0x82,
- 0x21, 0x8C, 0x1B, 0x5F, 0x77, 0x54, 0xB2, 0x1D, 0x25, 0x4F, 0x00, 0x46, 0xED, 0x58, 0x52, 0xEB, 0x7E,
- 0xDA, 0xC9, 0xFD, 0x30, 0x95, 0x65, 0x3C, 0xB6, 0xE4, 0xBB, 0x7C, 0x0E, 0x50, 0x39, 0x26, 0x32, 0x84,
- 0x69, 0x93, 0x37, 0xE7, 0x24, 0xA4, 0xCB, 0x53, 0x0A, 0x87, 0xD9, 0x4C, 0x83, 0x8F, 0xCE, 0x3B, 0x4A,
- 0xB7};
-
-#define SS0(x) ((s_s0[x]*0x01010101UL) & 0x3FCFF3FC)
-#define SS1(x) ((s_s1[x]*0x01010101UL) & 0xFC3FCFF3)
-#define SS2(x) ((s_s0[x]*0x01010101UL) & 0xF3FC3FCF)
-#define SS3(x) ((s_s1[x]*0x01010101UL) & 0xCFF3FC3F)
-#define G(x) (SS0(GETBYTE(x, 0)) ^ SS1(GETBYTE(x, 1)) ^ SS2(GETBYTE(x, 2)) ^ SS3(GETBYTE(x, 3)))
-
-void SEED::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms)
-{
- AssertValidKeyLength(length);
-
- word64 key01, key23;
- GetBlock<word64, BigEndian> get(userKey);
- get(key01)(key23);
- word32 *k = m_k;
- size_t kInc = 2;
- if (!IsForwardTransformation())
- {
- k = k+30;
- kInc = 0-kInc;
- }
-
- for (int i=0; i<ROUNDS; i++)
- {
- word32 t0 = word32(key01>>32) + word32(key23>>32) - s_kc[i];
- word32 t1 = word32(key01) - word32(key23) + s_kc[i];
- k[0] = G(t0);
- k[1] = G(t1);
- k+=kInc;
- if (i&1)
- key23 = rotlFixed<word64>(key23, 8);
- else
- key01 = rotrFixed<word64>(key01, 8);
- }
-}
-
-void SEED::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
-{
- typedef BlockGetAndPut<word32, BigEndian> Block;
- word32 a0, a1, b0, b1, t0, t1;
- Block::Get(inBlock)(a0)(a1)(b0)(b1);
-
- for (int i=0; i<ROUNDS; i+=2)
- {
- t0 = b0 ^ m_k[2*i+0]; t1 = b1 ^ m_k[2*i+1] ^ t0;
- t1 = G(t1); t0 += t1; t0 = G(t0); t1 += t0; t1 = G(t1);
- a0 ^= t0 + t1; a1 ^= t1;
-
- t0 = a0 ^ m_k[2*i+2]; t1 = a1 ^ m_k[2*i+3] ^ t0;
- t1 = G(t1); t0 += t1; t0 = G(t0); t1 += t0; t1 = G(t1);
- b0 ^= t0 + t1; b1 ^= t1;
- }
-
- Block::Put(xorBlock, outBlock)(b0)(b1)(a0)(a1);
-}
-
-NAMESPACE_END
diff --git a/cryptopp562/seed.h b/cryptopp562/seed.h deleted file mode 100644 index 871284d..0000000 --- a/cryptopp562/seed.h +++ /dev/null @@ -1,38 +0,0 @@ -#ifndef CRYPTOPP_SEED_H -#define CRYPTOPP_SEED_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct SEED_Info : public FixedBlockSize<16>, public FixedKeyLength<16>, public FixedRounds<16> -{ - static const char *StaticAlgorithmName() {return "SEED";} -}; - -/// <a href="http://www.cryptolounge.org/wiki/SEED">SEED</a> -class SEED : public SEED_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<SEED_Info> - { - public: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - protected: - FixedSizeSecBlock<word32, 32> m_k; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/serpent.cpp b/cryptopp562/serpent.cpp deleted file mode 100644 index 40fab23..0000000 --- a/cryptopp562/serpent.cpp +++ /dev/null @@ -1,123 +0,0 @@ -// serpent.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "serpent.h" -#include "misc.h" - -#include "serpentp.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Serpent_KeySchedule(word32 *k, unsigned int rounds, const byte *userKey, size_t keylen) -{ - FixedSizeSecBlock<word32, 8> k0; - GetUserKey(LITTLE_ENDIAN_ORDER, k0.begin(), 8, userKey, keylen); - if (keylen < 32) - k0[keylen/4] |= word32(1) << ((keylen%4)*8); - - word32 t = k0[7]; - unsigned int i; - for (i = 0; i < 8; ++i) - k[i] = k0[i] = t = rotlFixed(k0[i] ^ k0[(i+3)%8] ^ k0[(i+5)%8] ^ t ^ 0x9e3779b9 ^ i, 11); - for (i = 8; i < 4*(rounds+1); ++i) - k[i] = t = rotlFixed(k[i-8] ^ k[i-5] ^ k[i-3] ^ t ^ 0x9e3779b9 ^ i, 11); - k -= 20; - - word32 a,b,c,d,e; - for (i=0; i<rounds/8; i++) - { - afterS2(LK); afterS2(S3); afterS3(SK); - afterS1(LK); afterS1(S2); afterS2(SK); - afterS0(LK); afterS0(S1); afterS1(SK); - beforeS0(LK); beforeS0(S0); afterS0(SK); - k += 8*4; - afterS6(LK); afterS6(S7); afterS7(SK); - afterS5(LK); afterS5(S6); afterS6(SK); - afterS4(LK); afterS4(S5); afterS5(SK); - afterS3(LK); afterS3(S4); afterS4(SK); - } - afterS2(LK); afterS2(S3); afterS3(SK); -} - -void Serpent::Base::UncheckedSetKey(const byte *userKey, unsigned int keylen, const NameValuePairs &) -{ - AssertValidKeyLength(keylen); - Serpent_KeySchedule(m_key, 32, userKey, keylen); -} - -typedef BlockGetAndPut<word32, LittleEndian> Block; - -void Serpent::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 a, b, c, d, e; - - Block::Get(inBlock)(a)(b)(c)(d); - - const word32 *k = m_key; - unsigned int i=1; - - do - { - beforeS0(KX); beforeS0(S0); afterS0(LT); - afterS0(KX); afterS0(S1); afterS1(LT); - afterS1(KX); afterS1(S2); afterS2(LT); - afterS2(KX); afterS2(S3); afterS3(LT); - afterS3(KX); afterS3(S4); afterS4(LT); - afterS4(KX); afterS4(S5); afterS5(LT); - afterS5(KX); afterS5(S6); afterS6(LT); - afterS6(KX); afterS6(S7); - - if (i == 4) - break; - - ++i; - c = b; - b = e; - e = d; - d = a; - a = e; - k += 32; - beforeS0(LT); - } - while (true); - - afterS7(KX); - - Block::Put(xorBlock, outBlock)(d)(e)(b)(a); -} - -void Serpent::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 a, b, c, d, e; - - Block::Get(inBlock)(a)(b)(c)(d); - - const word32 *k = m_key + 96; - unsigned int i=4; - - beforeI7(KX); - goto start; - - do - { - c = b; - b = d; - d = e; - k -= 32; - beforeI7(ILT); -start: - beforeI7(I7); afterI7(KX); - afterI7(ILT); afterI7(I6); afterI6(KX); - afterI6(ILT); afterI6(I5); afterI5(KX); - afterI5(ILT); afterI5(I4); afterI4(KX); - afterI4(ILT); afterI4(I3); afterI3(KX); - afterI3(ILT); afterI3(I2); afterI2(KX); - afterI2(ILT); afterI2(I1); afterI1(KX); - afterI1(ILT); afterI1(I0); afterI0(KX); - } - while (--i != 0); - - Block::Put(xorBlock, outBlock)(a)(d)(b)(e); -} - -NAMESPACE_END diff --git a/cryptopp562/serpent.h b/cryptopp562/serpent.h deleted file mode 100644 index f7ee8d6..0000000 --- a/cryptopp562/serpent.h +++ /dev/null @@ -1,52 +0,0 @@ -#ifndef CRYPTOPP_SERPENT_H -#define CRYPTOPP_SERPENT_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Serpent_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 0, 32>, public FixedRounds<32> -{ - static const char *StaticAlgorithmName() {return "Serpent";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#Serpent">Serpent</a> -class Serpent : public Serpent_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<Serpent_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - FixedSizeSecBlock<word32, 33*4> m_key; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef Serpent::Encryption SerpentEncryption; -typedef Serpent::Decryption SerpentDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/serpentp.h b/cryptopp562/serpentp.h deleted file mode 100644 index 7869a3f..0000000 --- a/cryptopp562/serpentp.h +++ /dev/null @@ -1,434 +0,0 @@ -// private header for Serpent and Sosemanuk - -NAMESPACE_BEGIN(CryptoPP) - -// linear transformation -#define LT(i,a,b,c,d,e) {\ - a = rotlFixed(a, 13); \ - c = rotlFixed(c, 3); \ - d = rotlFixed(d ^ c ^ (a << 3), 7); \ - b = rotlFixed(b ^ a ^ c, 1); \ - a = rotlFixed(a ^ b ^ d, 5); \ - c = rotlFixed(c ^ d ^ (b << 7), 22);} - -// inverse linear transformation -#define ILT(i,a,b,c,d,e) {\ - c = rotrFixed(c, 22); \ - a = rotrFixed(a, 5); \ - c ^= d ^ (b << 7); \ - a ^= b ^ d; \ - b = rotrFixed(b, 1); \ - d = rotrFixed(d, 7) ^ c ^ (a << 3); \ - b ^= a ^ c; \ - c = rotrFixed(c, 3); \ - a = rotrFixed(a, 13);} - -// order of output from S-box functions -#define beforeS0(f) f(0,a,b,c,d,e) -#define afterS0(f) f(1,b,e,c,a,d) -#define afterS1(f) f(2,c,b,a,e,d) -#define afterS2(f) f(3,a,e,b,d,c) -#define afterS3(f) f(4,e,b,d,c,a) -#define afterS4(f) f(5,b,a,e,c,d) -#define afterS5(f) f(6,a,c,b,e,d) -#define afterS6(f) f(7,a,c,d,b,e) -#define afterS7(f) f(8,d,e,b,a,c) - -// order of output from inverse S-box functions -#define beforeI7(f) f(8,a,b,c,d,e) -#define afterI7(f) f(7,d,a,b,e,c) -#define afterI6(f) f(6,a,b,c,e,d) -#define afterI5(f) f(5,b,d,e,c,a) -#define afterI4(f) f(4,b,c,e,a,d) -#define afterI3(f) f(3,a,b,e,c,d) -#define afterI2(f) f(2,b,d,e,c,a) -#define afterI1(f) f(1,a,b,c,e,d) -#define afterI0(f) f(0,a,d,b,e,c) - -// The instruction sequences for the S-box functions -// come from Dag Arne Osvik's paper "Speeding up Serpent". - -#define S0(i, r0, r1, r2, r3, r4) \ - { \ - r3 ^= r0; \ - r4 = r1; \ - r1 &= r3; \ - r4 ^= r2; \ - r1 ^= r0; \ - r0 |= r3; \ - r0 ^= r4; \ - r4 ^= r3; \ - r3 ^= r2; \ - r2 |= r1; \ - r2 ^= r4; \ - r4 = ~r4; \ - r4 |= r1; \ - r1 ^= r3; \ - r1 ^= r4; \ - r3 |= r0; \ - r1 ^= r3; \ - r4 ^= r3; \ - } - -#define I0(i, r0, r1, r2, r3, r4) \ - { \ - r2 = ~r2; \ - r4 = r1; \ - r1 |= r0; \ - r4 = ~r4; \ - r1 ^= r2; \ - r2 |= r4; \ - r1 ^= r3; \ - r0 ^= r4; \ - r2 ^= r0; \ - r0 &= r3; \ - r4 ^= r0; \ - r0 |= r1; \ - r0 ^= r2; \ - r3 ^= r4; \ - r2 ^= r1; \ - r3 ^= r0; \ - r3 ^= r1; \ - r2 &= r3; \ - r4 ^= r2; \ - } - -#define S1(i, r0, r1, r2, r3, r4) \ - { \ - r0 = ~r0; \ - r2 = ~r2; \ - r4 = r0; \ - r0 &= r1; \ - r2 ^= r0; \ - r0 |= r3; \ - r3 ^= r2; \ - r1 ^= r0; \ - r0 ^= r4; \ - r4 |= r1; \ - r1 ^= r3; \ - r2 |= r0; \ - r2 &= r4; \ - r0 ^= r1; \ - r1 &= r2; \ - r1 ^= r0; \ - r0 &= r2; \ - r0 ^= r4; \ - } - -#define I1(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r1; \ - r1 ^= r3; \ - r3 &= r1; \ - r4 ^= r2; \ - r3 ^= r0; \ - r0 |= r1; \ - r2 ^= r3; \ - r0 ^= r4; \ - r0 |= r2; \ - r1 ^= r3; \ - r0 ^= r1; \ - r1 |= r3; \ - r1 ^= r0; \ - r4 = ~r4; \ - r4 ^= r1; \ - r1 |= r0; \ - r1 ^= r0; \ - r1 |= r4; \ - r3 ^= r1; \ - } - -#define S2(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r0; \ - r0 &= r2; \ - r0 ^= r3; \ - r2 ^= r1; \ - r2 ^= r0; \ - r3 |= r4; \ - r3 ^= r1; \ - r4 ^= r2; \ - r1 = r3; \ - r3 |= r4; \ - r3 ^= r0; \ - r0 &= r1; \ - r4 ^= r0; \ - r1 ^= r3; \ - r1 ^= r4; \ - r4 = ~r4; \ - } - -#define I2(i, r0, r1, r2, r3, r4) \ - { \ - r2 ^= r3; \ - r3 ^= r0; \ - r4 = r3; \ - r3 &= r2; \ - r3 ^= r1; \ - r1 |= r2; \ - r1 ^= r4; \ - r4 &= r3; \ - r2 ^= r3; \ - r4 &= r0; \ - r4 ^= r2; \ - r2 &= r1; \ - r2 |= r0; \ - r3 = ~r3; \ - r2 ^= r3; \ - r0 ^= r3; \ - r0 &= r1; \ - r3 ^= r4; \ - r3 ^= r0; \ - } - -#define S3(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r0; \ - r0 |= r3; \ - r3 ^= r1; \ - r1 &= r4; \ - r4 ^= r2; \ - r2 ^= r3; \ - r3 &= r0; \ - r4 |= r1; \ - r3 ^= r4; \ - r0 ^= r1; \ - r4 &= r0; \ - r1 ^= r3; \ - r4 ^= r2; \ - r1 |= r0; \ - r1 ^= r2; \ - r0 ^= r3; \ - r2 = r1; \ - r1 |= r3; \ - r1 ^= r0; \ - } - -#define I3(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r2; \ - r2 ^= r1; \ - r1 &= r2; \ - r1 ^= r0; \ - r0 &= r4; \ - r4 ^= r3; \ - r3 |= r1; \ - r3 ^= r2; \ - r0 ^= r4; \ - r2 ^= r0; \ - r0 |= r3; \ - r0 ^= r1; \ - r4 ^= r2; \ - r2 &= r3; \ - r1 |= r3; \ - r1 ^= r2; \ - r4 ^= r0; \ - r2 ^= r4; \ - } - -#define S4(i, r0, r1, r2, r3, r4) \ - { \ - r1 ^= r3; \ - r3 = ~r3; \ - r2 ^= r3; \ - r3 ^= r0; \ - r4 = r1; \ - r1 &= r3; \ - r1 ^= r2; \ - r4 ^= r3; \ - r0 ^= r4; \ - r2 &= r4; \ - r2 ^= r0; \ - r0 &= r1; \ - r3 ^= r0; \ - r4 |= r1; \ - r4 ^= r0; \ - r0 |= r3; \ - r0 ^= r2; \ - r2 &= r3; \ - r0 = ~r0; \ - r4 ^= r2; \ - } - -#define I4(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r2; \ - r2 &= r3; \ - r2 ^= r1; \ - r1 |= r3; \ - r1 &= r0; \ - r4 ^= r2; \ - r4 ^= r1; \ - r1 &= r2; \ - r0 = ~r0; \ - r3 ^= r4; \ - r1 ^= r3; \ - r3 &= r0; \ - r3 ^= r2; \ - r0 ^= r1; \ - r2 &= r0; \ - r3 ^= r0; \ - r2 ^= r4; \ - r2 |= r3; \ - r3 ^= r0; \ - r2 ^= r1; \ - } - -#define S5(i, r0, r1, r2, r3, r4) \ - { \ - r0 ^= r1; \ - r1 ^= r3; \ - r3 = ~r3; \ - r4 = r1; \ - r1 &= r0; \ - r2 ^= r3; \ - r1 ^= r2; \ - r2 |= r4; \ - r4 ^= r3; \ - r3 &= r1; \ - r3 ^= r0; \ - r4 ^= r1; \ - r4 ^= r2; \ - r2 ^= r0; \ - r0 &= r3; \ - r2 = ~r2; \ - r0 ^= r4; \ - r4 |= r3; \ - r2 ^= r4; \ - } - -#define I5(i, r0, r1, r2, r3, r4) \ - { \ - r1 = ~r1; \ - r4 = r3; \ - r2 ^= r1; \ - r3 |= r0; \ - r3 ^= r2; \ - r2 |= r1; \ - r2 &= r0; \ - r4 ^= r3; \ - r2 ^= r4; \ - r4 |= r0; \ - r4 ^= r1; \ - r1 &= r2; \ - r1 ^= r3; \ - r4 ^= r2; \ - r3 &= r4; \ - r4 ^= r1; \ - r3 ^= r0; \ - r3 ^= r4; \ - r4 = ~r4; \ - } - -#define S6(i, r0, r1, r2, r3, r4) \ - { \ - r2 = ~r2; \ - r4 = r3; \ - r3 &= r0; \ - r0 ^= r4; \ - r3 ^= r2; \ - r2 |= r4; \ - r1 ^= r3; \ - r2 ^= r0; \ - r0 |= r1; \ - r2 ^= r1; \ - r4 ^= r0; \ - r0 |= r3; \ - r0 ^= r2; \ - r4 ^= r3; \ - r4 ^= r0; \ - r3 = ~r3; \ - r2 &= r4; \ - r2 ^= r3; \ - } - -#define I6(i, r0, r1, r2, r3, r4) \ - { \ - r0 ^= r2; \ - r4 = r2; \ - r2 &= r0; \ - r4 ^= r3; \ - r2 = ~r2; \ - r3 ^= r1; \ - r2 ^= r3; \ - r4 |= r0; \ - r0 ^= r2; \ - r3 ^= r4; \ - r4 ^= r1; \ - r1 &= r3; \ - r1 ^= r0; \ - r0 ^= r3; \ - r0 |= r2; \ - r3 ^= r1; \ - r4 ^= r0; \ - } - -#define S7(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r2; \ - r2 &= r1; \ - r2 ^= r3; \ - r3 &= r1; \ - r4 ^= r2; \ - r2 ^= r1; \ - r1 ^= r0; \ - r0 |= r4; \ - r0 ^= r2; \ - r3 ^= r1; \ - r2 ^= r3; \ - r3 &= r0; \ - r3 ^= r4; \ - r4 ^= r2; \ - r2 &= r0; \ - r4 = ~r4; \ - r2 ^= r4; \ - r4 &= r0; \ - r1 ^= r3; \ - r4 ^= r1; \ - } - -#define I7(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r2; \ - r2 ^= r0; \ - r0 &= r3; \ - r2 = ~r2; \ - r4 |= r3; \ - r3 ^= r1; \ - r1 |= r0; \ - r0 ^= r2; \ - r2 &= r4; \ - r1 ^= r2; \ - r2 ^= r0; \ - r0 |= r2; \ - r3 &= r4; \ - r0 ^= r3; \ - r4 ^= r1; \ - r3 ^= r4; \ - r4 |= r0; \ - r3 ^= r2; \ - r4 ^= r2; \ - } - -// key xor -#define KX(r, a, b, c, d, e) {\ - a ^= k[4 * r + 0]; \ - b ^= k[4 * r + 1]; \ - c ^= k[4 * r + 2]; \ - d ^= k[4 * r + 3];} - -#define LK(r, a, b, c, d, e) {\ - a = k[(8-r)*4 + 0]; \ - b = k[(8-r)*4 + 1]; \ - c = k[(8-r)*4 + 2]; \ - d = k[(8-r)*4 + 3];} - -#define SK(r, a, b, c, d, e) {\ - k[(8-r)*4 + 4] = a; \ - k[(8-r)*4 + 5] = b; \ - k[(8-r)*4 + 6] = c; \ - k[(8-r)*4 + 7] = d;} - -void Serpent_KeySchedule(word32 *k, unsigned int rounds, const byte *userKey, size_t keylen); - -NAMESPACE_END diff --git a/cryptopp562/sha.cpp b/cryptopp562/sha.cpp deleted file mode 100644 index df947ad..0000000 --- a/cryptopp562/sha.cpp +++ /dev/null @@ -1,900 +0,0 @@ -// sha.cpp - modified by Wei Dai from Steve Reid's public domain sha1.c - -// Steve Reid implemented SHA-1. Wei Dai implemented SHA-2. -// Both are in the public domain. - -// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM sha.cpp" to generate MASM code - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#include "sha.h" -#include "misc.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -// start of Steve Reid's code - -#define blk0(i) (W[i] = data[i]) -#define blk1(i) (W[i&15] = rotlFixed(W[(i+13)&15]^W[(i+8)&15]^W[(i+2)&15]^W[i&15],1)) - -void SHA1::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xEFCDAB89L; - state[2] = 0x98BADCFEL; - state[3] = 0x10325476L; - state[4] = 0xC3D2E1F0L; -} - -#define f1(x,y,z) (z^(x&(y^z))) -#define f2(x,y,z) (x^y^z) -#define f3(x,y,z) ((x&y)|(z&(x|y))) -#define f4(x,y,z) (x^y^z) - -/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ -#define R0(v,w,x,y,z,i) z+=f1(w,x,y)+blk0(i)+0x5A827999+rotlFixed(v,5);w=rotlFixed(w,30); -#define R1(v,w,x,y,z,i) z+=f1(w,x,y)+blk1(i)+0x5A827999+rotlFixed(v,5);w=rotlFixed(w,30); -#define R2(v,w,x,y,z,i) z+=f2(w,x,y)+blk1(i)+0x6ED9EBA1+rotlFixed(v,5);w=rotlFixed(w,30); -#define R3(v,w,x,y,z,i) z+=f3(w,x,y)+blk1(i)+0x8F1BBCDC+rotlFixed(v,5);w=rotlFixed(w,30); -#define R4(v,w,x,y,z,i) z+=f4(w,x,y)+blk1(i)+0xCA62C1D6+rotlFixed(v,5);w=rotlFixed(w,30); - -void SHA1::Transform(word32 *state, const word32 *data) -{ - word32 W[16]; - /* Copy context->state[] to working vars */ - word32 a = state[0]; - word32 b = state[1]; - word32 c = state[2]; - word32 d = state[3]; - word32 e = state[4]; - /* 4 rounds of 20 operations each. Loop unrolled. */ - R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); - R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); - R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); - R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); - R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); - R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); - R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); - R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); - R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); - R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); - R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); - R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); - R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); - R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); - R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); - R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); - /* Add the working vars back into context.state[] */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; -} - -// end of Steve Reid's code - -// ************************************************************* - -void SHA224::InitState(HashWordType *state) -{ - static const word32 s[8] = {0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4}; - memcpy(state, s, sizeof(s)); -} - -void SHA256::InitState(HashWordType *state) -{ - static const word32 s[8] = {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; - memcpy(state, s, sizeof(s)); -} - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -CRYPTOPP_ALIGN_DATA(16) extern const word32 SHA256_K[64] CRYPTOPP_SECTION_ALIGN16 = { -#else -extern const word32 SHA256_K[64] = { -#endif - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -}; - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM - -#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_GENERATE_X64_MASM) - -#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code - -static void CRYPTOPP_FASTCALL X86_SHA256_HashBlocks(word32 *state, const word32 *data, size_t len -#if defined(_MSC_VER) && (_MSC_VER == 1200) - , ... // VC60 workaround: prevent VC 6 from inlining this function -#endif - ) -{ -#if defined(_MSC_VER) && (_MSC_VER == 1200) - AS2(mov ecx, [state]) - AS2(mov edx, [data]) -#endif - - #define LOCALS_SIZE 8*4 + 16*4 + 4*WORD_SZ - #define H(i) [BASE+ASM_MOD(1024+7-(i),8)*4] - #define G(i) H(i+1) - #define F(i) H(i+2) - #define E(i) H(i+3) - #define D(i) H(i+4) - #define C(i) H(i+5) - #define B(i) H(i+6) - #define A(i) H(i+7) - #define Wt(i) BASE+8*4+ASM_MOD(1024+15-(i),16)*4 - #define Wt_2(i) Wt((i)-2) - #define Wt_15(i) Wt((i)-15) - #define Wt_7(i) Wt((i)-7) - #define K_END [BASE+8*4+16*4+0*WORD_SZ] - #define STATE_SAVE [BASE+8*4+16*4+1*WORD_SZ] - #define DATA_SAVE [BASE+8*4+16*4+2*WORD_SZ] - #define DATA_END [BASE+8*4+16*4+3*WORD_SZ] - #define Kt(i) WORD_REG(si)+(i)*4 -#if CRYPTOPP_BOOL_X86 - #define BASE esp+4 -#elif defined(__GNUC__) - #define BASE r8 -#else - #define BASE rsp -#endif - -#define RA0(i, edx, edi) \ - AS2( add edx, [Kt(i)] )\ - AS2( add edx, [Wt(i)] )\ - AS2( add edx, H(i) )\ - -#define RA1(i, edx, edi) - -#define RB0(i, edx, edi) - -#define RB1(i, edx, edi) \ - AS2( mov AS_REG_7d, [Wt_2(i)] )\ - AS2( mov edi, [Wt_15(i)])\ - AS2( mov ebx, AS_REG_7d )\ - AS2( shr AS_REG_7d, 10 )\ - AS2( ror ebx, 17 )\ - AS2( xor AS_REG_7d, ebx )\ - AS2( ror ebx, 2 )\ - AS2( xor ebx, AS_REG_7d )/* s1(W_t-2) */\ - AS2( add ebx, [Wt_7(i)])\ - AS2( mov AS_REG_7d, edi )\ - AS2( shr AS_REG_7d, 3 )\ - AS2( ror edi, 7 )\ - AS2( add ebx, [Wt(i)])/* s1(W_t-2) + W_t-7 + W_t-16 */\ - AS2( xor AS_REG_7d, edi )\ - AS2( add edx, [Kt(i)])\ - AS2( ror edi, 11 )\ - AS2( add edx, H(i) )\ - AS2( xor AS_REG_7d, edi )/* s0(W_t-15) */\ - AS2( add AS_REG_7d, ebx )/* W_t = s1(W_t-2) + W_t-7 + s0(W_t-15) W_t-16*/\ - AS2( mov [Wt(i)], AS_REG_7d)\ - AS2( add edx, AS_REG_7d )\ - -#define ROUND(i, r, eax, ecx, edi, edx)\ - /* in: edi = E */\ - /* unused: eax, ecx, temp: ebx, AS_REG_7d, out: edx = T1 */\ - AS2( mov edx, F(i) )\ - AS2( xor edx, G(i) )\ - AS2( and edx, edi )\ - AS2( xor edx, G(i) )/* Ch(E,F,G) = (G^(E&(F^G))) */\ - AS2( mov AS_REG_7d, edi )\ - AS2( ror edi, 6 )\ - AS2( ror AS_REG_7d, 25 )\ - RA##r(i, edx, edi )/* H + Wt + Kt + Ch(E,F,G) */\ - AS2( xor AS_REG_7d, edi )\ - AS2( ror edi, 5 )\ - AS2( xor AS_REG_7d, edi )/* S1(E) */\ - AS2( add edx, AS_REG_7d )/* T1 = S1(E) + Ch(E,F,G) + H + Wt + Kt */\ - RB##r(i, edx, edi )/* H + Wt + Kt + Ch(E,F,G) */\ - /* in: ecx = A, eax = B^C, edx = T1 */\ - /* unused: edx, temp: ebx, AS_REG_7d, out: eax = A, ecx = B^C, edx = E */\ - AS2( mov ebx, ecx )\ - AS2( xor ecx, B(i) )/* A^B */\ - AS2( and eax, ecx )\ - AS2( xor eax, B(i) )/* Maj(A,B,C) = B^((A^B)&(B^C) */\ - AS2( mov AS_REG_7d, ebx )\ - AS2( ror ebx, 2 )\ - AS2( add eax, edx )/* T1 + Maj(A,B,C) */\ - AS2( add edx, D(i) )\ - AS2( mov D(i), edx )\ - AS2( ror AS_REG_7d, 22 )\ - AS2( xor AS_REG_7d, ebx )\ - AS2( ror ebx, 11 )\ - AS2( xor AS_REG_7d, ebx )\ - AS2( add eax, AS_REG_7d )/* T1 + S0(A) + Maj(A,B,C) */\ - AS2( mov H(i), eax )\ - -#define SWAP_COPY(i) \ - AS2( mov WORD_REG(bx), [WORD_REG(dx)+i*WORD_SZ])\ - AS1( bswap WORD_REG(bx))\ - AS2( mov [Wt(i*(1+CRYPTOPP_BOOL_X64)+CRYPTOPP_BOOL_X64)], WORD_REG(bx)) - -#if defined(__GNUC__) - #if CRYPTOPP_BOOL_X64 - FixedSizeAlignedSecBlock<byte, LOCALS_SIZE> workspace; - #endif - __asm__ __volatile__ - ( - #if CRYPTOPP_BOOL_X64 - "lea %4, %%r8;" - #endif - ".intel_syntax noprefix;" -#elif defined(CRYPTOPP_GENERATE_X64_MASM) - ALIGN 8 - X86_SHA256_HashBlocks PROC FRAME - rex_push_reg rsi - push_reg rdi - push_reg rbx - push_reg rbp - alloc_stack(LOCALS_SIZE+8) - .endprolog - mov rdi, r8 - lea rsi, [?SHA256_K@CryptoPP@@3QBIB + 48*4] -#endif - -#if CRYPTOPP_BOOL_X86 - #ifndef __GNUC__ - AS2( mov edi, [len]) - AS2( lea WORD_REG(si), [SHA256_K+48*4]) - #endif - #if !defined(_MSC_VER) || (_MSC_VER < 1400) - AS_PUSH_IF86(bx) - #endif - - AS_PUSH_IF86(bp) - AS2( mov ebx, esp) - AS2( and esp, -16) - AS2( sub WORD_REG(sp), LOCALS_SIZE) - AS_PUSH_IF86(bx) -#endif - AS2( mov STATE_SAVE, WORD_REG(cx)) - AS2( mov DATA_SAVE, WORD_REG(dx)) - AS2( lea WORD_REG(ax), [WORD_REG(di) + WORD_REG(dx)]) - AS2( mov DATA_END, WORD_REG(ax)) - AS2( mov K_END, WORD_REG(si)) - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#if CRYPTOPP_BOOL_X86 - AS2( test edi, 1) - ASJ( jnz, 2, f) - AS1( dec DWORD PTR K_END) -#endif - AS2( movdqa xmm0, XMMWORD_PTR [WORD_REG(cx)+0*16]) - AS2( movdqa xmm1, XMMWORD_PTR [WORD_REG(cx)+1*16]) -#endif - -#if CRYPTOPP_BOOL_X86 -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - ASJ( jmp, 0, f) -#endif - ASL(2) // non-SSE2 - AS2( mov esi, ecx) - AS2( lea edi, A(0)) - AS2( mov ecx, 8) - AS1( rep movsd) - AS2( mov esi, K_END) - ASJ( jmp, 3, f) -#endif - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - ASL(0) - AS2( movdqa E(0), xmm1) - AS2( movdqa A(0), xmm0) -#endif -#if CRYPTOPP_BOOL_X86 - ASL(3) -#endif - AS2( sub WORD_REG(si), 48*4) - SWAP_COPY(0) SWAP_COPY(1) SWAP_COPY(2) SWAP_COPY(3) - SWAP_COPY(4) SWAP_COPY(5) SWAP_COPY(6) SWAP_COPY(7) -#if CRYPTOPP_BOOL_X86 - SWAP_COPY(8) SWAP_COPY(9) SWAP_COPY(10) SWAP_COPY(11) - SWAP_COPY(12) SWAP_COPY(13) SWAP_COPY(14) SWAP_COPY(15) -#endif - AS2( mov edi, E(0)) // E - AS2( mov eax, B(0)) // B - AS2( xor eax, C(0)) // B^C - AS2( mov ecx, A(0)) // A - - ROUND(0, 0, eax, ecx, edi, edx) - ROUND(1, 0, ecx, eax, edx, edi) - ROUND(2, 0, eax, ecx, edi, edx) - ROUND(3, 0, ecx, eax, edx, edi) - ROUND(4, 0, eax, ecx, edi, edx) - ROUND(5, 0, ecx, eax, edx, edi) - ROUND(6, 0, eax, ecx, edi, edx) - ROUND(7, 0, ecx, eax, edx, edi) - ROUND(8, 0, eax, ecx, edi, edx) - ROUND(9, 0, ecx, eax, edx, edi) - ROUND(10, 0, eax, ecx, edi, edx) - ROUND(11, 0, ecx, eax, edx, edi) - ROUND(12, 0, eax, ecx, edi, edx) - ROUND(13, 0, ecx, eax, edx, edi) - ROUND(14, 0, eax, ecx, edi, edx) - ROUND(15, 0, ecx, eax, edx, edi) - - ASL(1) - AS2(add WORD_REG(si), 4*16) - ROUND(0, 1, eax, ecx, edi, edx) - ROUND(1, 1, ecx, eax, edx, edi) - ROUND(2, 1, eax, ecx, edi, edx) - ROUND(3, 1, ecx, eax, edx, edi) - ROUND(4, 1, eax, ecx, edi, edx) - ROUND(5, 1, ecx, eax, edx, edi) - ROUND(6, 1, eax, ecx, edi, edx) - ROUND(7, 1, ecx, eax, edx, edi) - ROUND(8, 1, eax, ecx, edi, edx) - ROUND(9, 1, ecx, eax, edx, edi) - ROUND(10, 1, eax, ecx, edi, edx) - ROUND(11, 1, ecx, eax, edx, edi) - ROUND(12, 1, eax, ecx, edi, edx) - ROUND(13, 1, ecx, eax, edx, edi) - ROUND(14, 1, eax, ecx, edi, edx) - ROUND(15, 1, ecx, eax, edx, edi) - AS2( cmp WORD_REG(si), K_END) - ASJ( jb, 1, b) - - AS2( mov WORD_REG(dx), DATA_SAVE) - AS2( add WORD_REG(dx), 64) - AS2( mov AS_REG_7, STATE_SAVE) - AS2( mov DATA_SAVE, WORD_REG(dx)) - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#if CRYPTOPP_BOOL_X86 - AS2( test DWORD PTR K_END, 1) - ASJ( jz, 4, f) -#endif - AS2( movdqa xmm1, XMMWORD_PTR [AS_REG_7+1*16]) - AS2( movdqa xmm0, XMMWORD_PTR [AS_REG_7+0*16]) - AS2( paddd xmm1, E(0)) - AS2( paddd xmm0, A(0)) - AS2( movdqa [AS_REG_7+1*16], xmm1) - AS2( movdqa [AS_REG_7+0*16], xmm0) - AS2( cmp WORD_REG(dx), DATA_END) - ASJ( jb, 0, b) -#endif - -#if CRYPTOPP_BOOL_X86 -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - ASJ( jmp, 5, f) - ASL(4) // non-SSE2 -#endif - AS2( add [AS_REG_7+0*4], ecx) // A - AS2( add [AS_REG_7+4*4], edi) // E - AS2( mov eax, B(0)) - AS2( mov ebx, C(0)) - AS2( mov ecx, D(0)) - AS2( add [AS_REG_7+1*4], eax) - AS2( add [AS_REG_7+2*4], ebx) - AS2( add [AS_REG_7+3*4], ecx) - AS2( mov eax, F(0)) - AS2( mov ebx, G(0)) - AS2( mov ecx, H(0)) - AS2( add [AS_REG_7+5*4], eax) - AS2( add [AS_REG_7+6*4], ebx) - AS2( add [AS_REG_7+7*4], ecx) - AS2( mov ecx, AS_REG_7d) - AS2( cmp WORD_REG(dx), DATA_END) - ASJ( jb, 2, b) -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - ASL(5) -#endif -#endif - - AS_POP_IF86(sp) - AS_POP_IF86(bp) - #if !defined(_MSC_VER) || (_MSC_VER < 1400) - AS_POP_IF86(bx) - #endif - -#ifdef CRYPTOPP_GENERATE_X64_MASM - add rsp, LOCALS_SIZE+8 - pop rbp - pop rbx - pop rdi - pop rsi - ret - X86_SHA256_HashBlocks ENDP -#endif - -#ifdef __GNUC__ - ".att_syntax prefix;" - : - : "c" (state), "d" (data), "S" (SHA256_K+48), "D" (len) - #if CRYPTOPP_BOOL_X64 - , "m" (workspace[0]) - #endif - : "memory", "cc", "%eax" - #if CRYPTOPP_BOOL_X64 - , "%rbx", "%r8", "%r10" - #endif - ); -#endif -} - -#endif // #if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_GENERATE_X64_MASM) - -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE -extern "C" { -void CRYPTOPP_FASTCALL X86_SHA256_HashBlocks(word32 *state, const word32 *data, size_t len); -} -#endif - -#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE) - -size_t SHA256::HashMultipleBlocks(const word32 *input, size_t length) -{ - X86_SHA256_HashBlocks(m_state, input, (length&(size_t(0)-BLOCKSIZE)) - !HasSSE2()); - return length % BLOCKSIZE; -} - -size_t SHA224::HashMultipleBlocks(const word32 *input, size_t length) -{ - X86_SHA256_HashBlocks(m_state, input, (length&(size_t(0)-BLOCKSIZE)) - !HasSSE2()); - return length % BLOCKSIZE; -} - -#endif - -#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15])) - -#define Ch(x,y,z) (z^(x&(y^z))) -#define Maj(x,y,z) (y^((x^y)&(y^z))) - -#define a(i) T[(0-i)&7] -#define b(i) T[(1-i)&7] -#define c(i) T[(2-i)&7] -#define d(i) T[(3-i)&7] -#define e(i) T[(4-i)&7] -#define f(i) T[(5-i)&7] -#define g(i) T[(6-i)&7] -#define h(i) T[(7-i)&7] - -#define R(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i));\ - d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)) - -// for SHA256 -#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22)) -#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25)) -#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3)) -#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10)) - -void SHA256::Transform(word32 *state, const word32 *data) -{ - word32 W[16]; -#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE) - // this byte reverse is a waste of time, but this function is only called by MDC - ByteReverse(W, data, BLOCKSIZE); - X86_SHA256_HashBlocks(state, W, BLOCKSIZE - !HasSSE2()); -#else - word32 T[8]; - /* Copy context->state[] to working vars */ - memcpy(T, state, sizeof(T)); - /* 64 operations, partially loop unrolled */ - for (unsigned int j=0; j<64; j+=16) - { - R( 0); R( 1); R( 2); R( 3); - R( 4); R( 5); R( 6); R( 7); - R( 8); R( 9); R(10); R(11); - R(12); R(13); R(14); R(15); - } - /* Add the working vars back into context.state[] */ - state[0] += a(0); - state[1] += b(0); - state[2] += c(0); - state[3] += d(0); - state[4] += e(0); - state[5] += f(0); - state[6] += g(0); - state[7] += h(0); -#endif -} - -/* -// smaller but slower -void SHA256::Transform(word32 *state, const word32 *data) -{ - word32 T[20]; - word32 W[32]; - unsigned int i = 0, j = 0; - word32 *t = T+8; - - memcpy(t, state, 8*4); - word32 e = t[4], a = t[0]; - - do - { - word32 w = data[j]; - W[j] = w; - w += SHA256_K[j]; - w += t[7]; - w += S1(e); - w += Ch(e, t[5], t[6]); - e = t[3] + w; - t[3] = t[3+8] = e; - w += S0(t[0]); - a = w + Maj(a, t[1], t[2]); - t[-1] = t[7] = a; - --t; - ++j; - if (j%8 == 0) - t += 8; - } while (j<16); - - do - { - i = j&0xf; - word32 w = s1(W[i+16-2]) + s0(W[i+16-15]) + W[i] + W[i+16-7]; - W[i+16] = W[i] = w; - w += SHA256_K[j]; - w += t[7]; - w += S1(e); - w += Ch(e, t[5], t[6]); - e = t[3] + w; - t[3] = t[3+8] = e; - w += S0(t[0]); - a = w + Maj(a, t[1], t[2]); - t[-1] = t[7] = a; - - w = s1(W[(i+1)+16-2]) + s0(W[(i+1)+16-15]) + W[(i+1)] + W[(i+1)+16-7]; - W[(i+1)+16] = W[(i+1)] = w; - w += SHA256_K[j+1]; - w += (t-1)[7]; - w += S1(e); - w += Ch(e, (t-1)[5], (t-1)[6]); - e = (t-1)[3] + w; - (t-1)[3] = (t-1)[3+8] = e; - w += S0((t-1)[0]); - a = w + Maj(a, (t-1)[1], (t-1)[2]); - (t-1)[-1] = (t-1)[7] = a; - - t-=2; - j+=2; - if (j%8 == 0) - t += 8; - } while (j<64); - - state[0] += a; - state[1] += t[1]; - state[2] += t[2]; - state[3] += t[3]; - state[4] += e; - state[5] += t[5]; - state[6] += t[6]; - state[7] += t[7]; -} -*/ - -#undef S0 -#undef S1 -#undef s0 -#undef s1 -#undef R - -// ************************************************************* - -void SHA384::InitState(HashWordType *state) -{ - static const word64 s[8] = { - W64LIT(0xcbbb9d5dc1059ed8), W64LIT(0x629a292a367cd507), - W64LIT(0x9159015a3070dd17), W64LIT(0x152fecd8f70e5939), - W64LIT(0x67332667ffc00b31), W64LIT(0x8eb44a8768581511), - W64LIT(0xdb0c2e0d64f98fa7), W64LIT(0x47b5481dbefa4fa4)}; - memcpy(state, s, sizeof(s)); -} - -void SHA512::InitState(HashWordType *state) -{ - static const word64 s[8] = { - W64LIT(0x6a09e667f3bcc908), W64LIT(0xbb67ae8584caa73b), - W64LIT(0x3c6ef372fe94f82b), W64LIT(0xa54ff53a5f1d36f1), - W64LIT(0x510e527fade682d1), W64LIT(0x9b05688c2b3e6c1f), - W64LIT(0x1f83d9abfb41bd6b), W64LIT(0x5be0cd19137e2179)}; - memcpy(state, s, sizeof(s)); -} - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 -CRYPTOPP_ALIGN_DATA(16) static const word64 SHA512_K[80] CRYPTOPP_SECTION_ALIGN16 = { -#else -static const word64 SHA512_K[80] = { -#endif - W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd), - W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc), - W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019), - W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118), - W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe), - W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2), - W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1), - W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694), - W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3), - W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65), - W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483), - W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5), - W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210), - W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4), - W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725), - W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70), - W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926), - W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df), - W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8), - W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b), - W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001), - W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30), - W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910), - W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8), - W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53), - W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8), - W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb), - W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3), - W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60), - W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec), - W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9), - W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b), - W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207), - W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178), - W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6), - W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b), - W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493), - W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c), - W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a), - W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817) -}; - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 -// put assembly version in separate function, otherwise MSVC 2005 SP1 doesn't generate correct code for the non-assembly version -CRYPTOPP_NAKED static void CRYPTOPP_FASTCALL SHA512_SSE2_Transform(word64 *state, const word64 *data) -{ -#ifdef __GNUC__ - __asm__ __volatile__ - ( - ".intel_syntax noprefix;" - AS1( push ebx) - AS2( mov ebx, eax) -#else - AS1( push ebx) - AS1( push esi) - AS1( push edi) - AS2( lea ebx, SHA512_K) -#endif - - AS2( mov eax, esp) - AS2( and esp, 0xfffffff0) - AS2( sub esp, 27*16) // 17*16 for expanded data, 20*8 for state - AS1( push eax) - AS2( xor eax, eax) - AS2( lea edi, [esp+4+8*8]) // start at middle of state buffer. will decrement pointer each round to avoid copying - AS2( lea esi, [esp+4+20*8+8]) // 16-byte alignment, then add 8 - - AS2( movdqa xmm0, [ecx+0*16]) - AS2( movdq2q mm4, xmm0) - AS2( movdqa [edi+0*16], xmm0) - AS2( movdqa xmm0, [ecx+1*16]) - AS2( movdqa [edi+1*16], xmm0) - AS2( movdqa xmm0, [ecx+2*16]) - AS2( movdq2q mm5, xmm0) - AS2( movdqa [edi+2*16], xmm0) - AS2( movdqa xmm0, [ecx+3*16]) - AS2( movdqa [edi+3*16], xmm0) - ASJ( jmp, 0, f) - -#define SSE2_S0_S1(r, a, b, c) \ - AS2( movq mm6, r)\ - AS2( psrlq r, a)\ - AS2( movq mm7, r)\ - AS2( psllq mm6, 64-c)\ - AS2( pxor mm7, mm6)\ - AS2( psrlq r, b-a)\ - AS2( pxor mm7, r)\ - AS2( psllq mm6, c-b)\ - AS2( pxor mm7, mm6)\ - AS2( psrlq r, c-b)\ - AS2( pxor r, mm7)\ - AS2( psllq mm6, b-a)\ - AS2( pxor r, mm6) - -#define SSE2_s0(r, a, b, c) \ - AS2( movdqa xmm6, r)\ - AS2( psrlq r, a)\ - AS2( movdqa xmm7, r)\ - AS2( psllq xmm6, 64-c)\ - AS2( pxor xmm7, xmm6)\ - AS2( psrlq r, b-a)\ - AS2( pxor xmm7, r)\ - AS2( psrlq r, c-b)\ - AS2( pxor r, xmm7)\ - AS2( psllq xmm6, c-a)\ - AS2( pxor r, xmm6) - -#define SSE2_s1(r, a, b, c) \ - AS2( movdqa xmm6, r)\ - AS2( psrlq r, a)\ - AS2( movdqa xmm7, r)\ - AS2( psllq xmm6, 64-c)\ - AS2( pxor xmm7, xmm6)\ - AS2( psrlq r, b-a)\ - AS2( pxor xmm7, r)\ - AS2( psllq xmm6, c-b)\ - AS2( pxor xmm7, xmm6)\ - AS2( psrlq r, c-b)\ - AS2( pxor r, xmm7) - - ASL(SHA512_Round) - // k + w is in mm0, a is in mm4, e is in mm5 - AS2( paddq mm0, [edi+7*8]) // h - AS2( movq mm2, [edi+5*8]) // f - AS2( movq mm3, [edi+6*8]) // g - AS2( pxor mm2, mm3) - AS2( pand mm2, mm5) - SSE2_S0_S1(mm5,14,18,41) - AS2( pxor mm2, mm3) - AS2( paddq mm0, mm2) // h += Ch(e,f,g) - AS2( paddq mm5, mm0) // h += S1(e) - AS2( movq mm2, [edi+1*8]) // b - AS2( movq mm1, mm2) - AS2( por mm2, mm4) - AS2( pand mm2, [edi+2*8]) // c - AS2( pand mm1, mm4) - AS2( por mm1, mm2) - AS2( paddq mm1, mm5) // temp = h + Maj(a,b,c) - AS2( paddq mm5, [edi+3*8]) // e = d + h - AS2( movq [edi+3*8], mm5) - AS2( movq [edi+11*8], mm5) - SSE2_S0_S1(mm4,28,34,39) // S0(a) - AS2( paddq mm4, mm1) // a = temp + S0(a) - AS2( movq [edi-8], mm4) - AS2( movq [edi+7*8], mm4) - AS1( ret) - - // first 16 rounds - ASL(0) - AS2( movq mm0, [edx+eax*8]) - AS2( movq [esi+eax*8], mm0) - AS2( movq [esi+eax*8+16*8], mm0) - AS2( paddq mm0, [ebx+eax*8]) - ASC( call, SHA512_Round) - AS1( inc eax) - AS2( sub edi, 8) - AS2( test eax, 7) - ASJ( jnz, 0, b) - AS2( add edi, 8*8) - AS2( cmp eax, 16) - ASJ( jne, 0, b) - - // rest of the rounds - AS2( movdqu xmm0, [esi+(16-2)*8]) - ASL(1) - // data expansion, W[i-2] already in xmm0 - AS2( movdqu xmm3, [esi]) - AS2( paddq xmm3, [esi+(16-7)*8]) - AS2( movdqa xmm2, [esi+(16-15)*8]) - SSE2_s1(xmm0, 6, 19, 61) - AS2( paddq xmm0, xmm3) - SSE2_s0(xmm2, 1, 7, 8) - AS2( paddq xmm0, xmm2) - AS2( movdq2q mm0, xmm0) - AS2( movhlps xmm1, xmm0) - AS2( paddq mm0, [ebx+eax*8]) - AS2( movlps [esi], xmm0) - AS2( movlps [esi+8], xmm1) - AS2( movlps [esi+8*16], xmm0) - AS2( movlps [esi+8*17], xmm1) - // 2 rounds - ASC( call, SHA512_Round) - AS2( sub edi, 8) - AS2( movdq2q mm0, xmm1) - AS2( paddq mm0, [ebx+eax*8+8]) - ASC( call, SHA512_Round) - // update indices and loop - AS2( add esi, 16) - AS2( add eax, 2) - AS2( sub edi, 8) - AS2( test eax, 7) - ASJ( jnz, 1, b) - // do housekeeping every 8 rounds - AS2( mov esi, 0xf) - AS2( and esi, eax) - AS2( lea esi, [esp+4+20*8+8+esi*8]) - AS2( add edi, 8*8) - AS2( cmp eax, 80) - ASJ( jne, 1, b) - -#define SSE2_CombineState(i) \ - AS2( movdqa xmm0, [edi+i*16])\ - AS2( paddq xmm0, [ecx+i*16])\ - AS2( movdqa [ecx+i*16], xmm0) - - SSE2_CombineState(0) - SSE2_CombineState(1) - SSE2_CombineState(2) - SSE2_CombineState(3) - - AS1( pop esp) - AS1( emms) - -#if defined(__GNUC__) - AS1( pop ebx) - ".att_syntax prefix;" - : - : "a" (SHA512_K), "c" (state), "d" (data) - : "%esi", "%edi", "memory", "cc" - ); -#else - AS1( pop edi) - AS1( pop esi) - AS1( pop ebx) - AS1( ret) -#endif -} -#endif // #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - -void SHA512::Transform(word64 *state, const word64 *data) -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 - if (HasSSE2()) - { - SHA512_SSE2_Transform(state, data); - return; - } -#endif - -#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39)) -#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41)) -#define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7)) -#define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6)) - -#define R(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i));\ - d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)) - - word64 W[16]; - word64 T[8]; - /* Copy context->state[] to working vars */ - memcpy(T, state, sizeof(T)); - /* 80 operations, partially loop unrolled */ - for (unsigned int j=0; j<80; j+=16) - { - R( 0); R( 1); R( 2); R( 3); - R( 4); R( 5); R( 6); R( 7); - R( 8); R( 9); R(10); R(11); - R(12); R(13); R(14); R(15); - } - /* Add the working vars back into context.state[] */ - state[0] += a(0); - state[1] += b(0); - state[2] += c(0); - state[3] += d(0); - state[4] += e(0); - state[5] += f(0); - state[6] += g(0); - state[7] += h(0); -} - -NAMESPACE_END - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM -#endif // #ifndef CRYPTOPP_IMPORTS diff --git a/cryptopp562/sha.h b/cryptopp562/sha.h deleted file mode 100644 index 679081e..0000000 --- a/cryptopp562/sha.h +++ /dev/null @@ -1,63 +0,0 @@ -#ifndef CRYPTOPP_SHA_H -#define CRYPTOPP_SHA_H - -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// <a href="http://www.weidai.com/scan-mirror/md.html#SHA-1">SHA-1</a> -class CRYPTOPP_DLL SHA1 : public IteratedHashWithStaticTransform<word32, BigEndian, 64, 20, SHA1> -{ -public: - static void CRYPTOPP_API InitState(HashWordType *state); - static void CRYPTOPP_API Transform(word32 *digest, const word32 *data); - static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-1";} -}; - -typedef SHA1 SHA; // for backwards compatibility - -//! implements the SHA-256 standard -class CRYPTOPP_DLL SHA256 : public IteratedHashWithStaticTransform<word32, BigEndian, 64, 32, SHA256, 32, true> -{ -public: -#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE) - size_t HashMultipleBlocks(const word32 *input, size_t length); -#endif - static void CRYPTOPP_API InitState(HashWordType *state); - static void CRYPTOPP_API Transform(word32 *digest, const word32 *data); - static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-256";} -}; - -//! implements the SHA-224 standard -class CRYPTOPP_DLL SHA224 : public IteratedHashWithStaticTransform<word32, BigEndian, 64, 32, SHA224, 28, true> -{ -public: -#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE) - size_t HashMultipleBlocks(const word32 *input, size_t length); -#endif - static void CRYPTOPP_API InitState(HashWordType *state); - static void CRYPTOPP_API Transform(word32 *digest, const word32 *data) {SHA256::Transform(digest, data);} - static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-224";} -}; - -//! implements the SHA-512 standard -class CRYPTOPP_DLL SHA512 : public IteratedHashWithStaticTransform<word64, BigEndian, 128, 64, SHA512, 64, CRYPTOPP_BOOL_X86> -{ -public: - static void CRYPTOPP_API InitState(HashWordType *state); - static void CRYPTOPP_API Transform(word64 *digest, const word64 *data); - static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-512";} -}; - -//! implements the SHA-384 standard -class CRYPTOPP_DLL SHA384 : public IteratedHashWithStaticTransform<word64, BigEndian, 128, 64, SHA384, 48, CRYPTOPP_BOOL_X86> -{ -public: - static void CRYPTOPP_API InitState(HashWordType *state); - static void CRYPTOPP_API Transform(word64 *digest, const word64 *data) {SHA512::Transform(digest, data);} - static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-384";} -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/sha3.cpp b/cryptopp562/sha3.cpp deleted file mode 100644 index 7db82c1..0000000 --- a/cryptopp562/sha3.cpp +++ /dev/null @@ -1,284 +0,0 @@ -// sha3.cpp - modified by Wei Dai from Ronny Van Keer's public domain Keccak-simple.c
-// all modifications here are placed in the public domain by Wei Dai
-
-/*
-The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
-Michael Peeters and Gilles Van Assche. For more information, feedback or
-questions, please refer to our website: http://keccak.noekeon.org/
-
-Implementation by Ronny Van Keer,
-hereby denoted as "the implementer".
-
-To the extent possible under law, the implementer has waived all copyright
-and related or neighboring rights to the source code in this file.
-http://creativecommons.org/publicdomain/zero/1.0/
-*/
-
-#include "pch.h"
-#include "sha3.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-static const word64 KeccakF_RoundConstants[24] =
-{
- W64LIT(0x0000000000000001), W64LIT(0x0000000000008082), W64LIT(0x800000000000808a),
- W64LIT(0x8000000080008000), W64LIT(0x000000000000808b), W64LIT(0x0000000080000001),
- W64LIT(0x8000000080008081), W64LIT(0x8000000000008009), W64LIT(0x000000000000008a),
- W64LIT(0x0000000000000088), W64LIT(0x0000000080008009), W64LIT(0x000000008000000a),
- W64LIT(0x000000008000808b), W64LIT(0x800000000000008b), W64LIT(0x8000000000008089),
- W64LIT(0x8000000000008003), W64LIT(0x8000000000008002), W64LIT(0x8000000000000080),
- W64LIT(0x000000000000800a), W64LIT(0x800000008000000a), W64LIT(0x8000000080008081),
- W64LIT(0x8000000000008080), W64LIT(0x0000000080000001), W64LIT(0x8000000080008008)
-};
-
-static void KeccakF1600(word64 *state)
-{
- {
- word64 Aba, Abe, Abi, Abo, Abu;
- word64 Aga, Age, Agi, Ago, Agu;
- word64 Aka, Ake, Aki, Ako, Aku;
- word64 Ama, Ame, Ami, Amo, Amu;
- word64 Asa, Ase, Asi, Aso, Asu;
- word64 BCa, BCe, BCi, BCo, BCu;
- word64 Da, De, Di, Do, Du;
- word64 Eba, Ebe, Ebi, Ebo, Ebu;
- word64 Ega, Ege, Egi, Ego, Egu;
- word64 Eka, Eke, Eki, Eko, Eku;
- word64 Ema, Eme, Emi, Emo, Emu;
- word64 Esa, Ese, Esi, Eso, Esu;
-
- //copyFromState(A, state)
- typedef BlockGetAndPut<word64, LittleEndian, true, true> Block;
- Block::Get(state)(Aba)(Abe)(Abi)(Abo)(Abu)(Aga)(Age)(Agi)(Ago)(Agu)(Aka)(Ake)(Aki)(Ako)(Aku)(Ama)(Ame)(Ami)(Amo)(Amu)(Asa)(Ase)(Asi)(Aso)(Asu);
-
- for( unsigned int round = 0; round < 24; round += 2 )
- {
- // prepareTheta
- BCa = Aba^Aga^Aka^Ama^Asa;
- BCe = Abe^Age^Ake^Ame^Ase;
- BCi = Abi^Agi^Aki^Ami^Asi;
- BCo = Abo^Ago^Ako^Amo^Aso;
- BCu = Abu^Agu^Aku^Amu^Asu;
-
- //thetaRhoPiChiIotaPrepareTheta(round , A, E)
- Da = BCu^rotlFixed(BCe, 1);
- De = BCa^rotlFixed(BCi, 1);
- Di = BCe^rotlFixed(BCo, 1);
- Do = BCi^rotlFixed(BCu, 1);
- Du = BCo^rotlFixed(BCa, 1);
-
- Aba ^= Da;
- BCa = Aba;
- Age ^= De;
- BCe = rotlFixed(Age, 44);
- Aki ^= Di;
- BCi = rotlFixed(Aki, 43);
- Amo ^= Do;
- BCo = rotlFixed(Amo, 21);
- Asu ^= Du;
- BCu = rotlFixed(Asu, 14);
- Eba = BCa ^((~BCe)& BCi );
- Eba ^= (word64)KeccakF_RoundConstants[round];
- Ebe = BCe ^((~BCi)& BCo );
- Ebi = BCi ^((~BCo)& BCu );
- Ebo = BCo ^((~BCu)& BCa );
- Ebu = BCu ^((~BCa)& BCe );
-
- Abo ^= Do;
- BCa = rotlFixed(Abo, 28);
- Agu ^= Du;
- BCe = rotlFixed(Agu, 20);
- Aka ^= Da;
- BCi = rotlFixed(Aka, 3);
- Ame ^= De;
- BCo = rotlFixed(Ame, 45);
- Asi ^= Di;
- BCu = rotlFixed(Asi, 61);
- Ega = BCa ^((~BCe)& BCi );
- Ege = BCe ^((~BCi)& BCo );
- Egi = BCi ^((~BCo)& BCu );
- Ego = BCo ^((~BCu)& BCa );
- Egu = BCu ^((~BCa)& BCe );
-
- Abe ^= De;
- BCa = rotlFixed(Abe, 1);
- Agi ^= Di;
- BCe = rotlFixed(Agi, 6);
- Ako ^= Do;
- BCi = rotlFixed(Ako, 25);
- Amu ^= Du;
- BCo = rotlFixed(Amu, 8);
- Asa ^= Da;
- BCu = rotlFixed(Asa, 18);
- Eka = BCa ^((~BCe)& BCi );
- Eke = BCe ^((~BCi)& BCo );
- Eki = BCi ^((~BCo)& BCu );
- Eko = BCo ^((~BCu)& BCa );
- Eku = BCu ^((~BCa)& BCe );
-
- Abu ^= Du;
- BCa = rotlFixed(Abu, 27);
- Aga ^= Da;
- BCe = rotlFixed(Aga, 36);
- Ake ^= De;
- BCi = rotlFixed(Ake, 10);
- Ami ^= Di;
- BCo = rotlFixed(Ami, 15);
- Aso ^= Do;
- BCu = rotlFixed(Aso, 56);
- Ema = BCa ^((~BCe)& BCi );
- Eme = BCe ^((~BCi)& BCo );
- Emi = BCi ^((~BCo)& BCu );
- Emo = BCo ^((~BCu)& BCa );
- Emu = BCu ^((~BCa)& BCe );
-
- Abi ^= Di;
- BCa = rotlFixed(Abi, 62);
- Ago ^= Do;
- BCe = rotlFixed(Ago, 55);
- Aku ^= Du;
- BCi = rotlFixed(Aku, 39);
- Ama ^= Da;
- BCo = rotlFixed(Ama, 41);
- Ase ^= De;
- BCu = rotlFixed(Ase, 2);
- Esa = BCa ^((~BCe)& BCi );
- Ese = BCe ^((~BCi)& BCo );
- Esi = BCi ^((~BCo)& BCu );
- Eso = BCo ^((~BCu)& BCa );
- Esu = BCu ^((~BCa)& BCe );
-
- // prepareTheta
- BCa = Eba^Ega^Eka^Ema^Esa;
- BCe = Ebe^Ege^Eke^Eme^Ese;
- BCi = Ebi^Egi^Eki^Emi^Esi;
- BCo = Ebo^Ego^Eko^Emo^Eso;
- BCu = Ebu^Egu^Eku^Emu^Esu;
-
- //thetaRhoPiChiIotaPrepareTheta(round+1, E, A)
- Da = BCu^rotlFixed(BCe, 1);
- De = BCa^rotlFixed(BCi, 1);
- Di = BCe^rotlFixed(BCo, 1);
- Do = BCi^rotlFixed(BCu, 1);
- Du = BCo^rotlFixed(BCa, 1);
-
- Eba ^= Da;
- BCa = Eba;
- Ege ^= De;
- BCe = rotlFixed(Ege, 44);
- Eki ^= Di;
- BCi = rotlFixed(Eki, 43);
- Emo ^= Do;
- BCo = rotlFixed(Emo, 21);
- Esu ^= Du;
- BCu = rotlFixed(Esu, 14);
- Aba = BCa ^((~BCe)& BCi );
- Aba ^= (word64)KeccakF_RoundConstants[round+1];
- Abe = BCe ^((~BCi)& BCo );
- Abi = BCi ^((~BCo)& BCu );
- Abo = BCo ^((~BCu)& BCa );
- Abu = BCu ^((~BCa)& BCe );
-
- Ebo ^= Do;
- BCa = rotlFixed(Ebo, 28);
- Egu ^= Du;
- BCe = rotlFixed(Egu, 20);
- Eka ^= Da;
- BCi = rotlFixed(Eka, 3);
- Eme ^= De;
- BCo = rotlFixed(Eme, 45);
- Esi ^= Di;
- BCu = rotlFixed(Esi, 61);
- Aga = BCa ^((~BCe)& BCi );
- Age = BCe ^((~BCi)& BCo );
- Agi = BCi ^((~BCo)& BCu );
- Ago = BCo ^((~BCu)& BCa );
- Agu = BCu ^((~BCa)& BCe );
-
- Ebe ^= De;
- BCa = rotlFixed(Ebe, 1);
- Egi ^= Di;
- BCe = rotlFixed(Egi, 6);
- Eko ^= Do;
- BCi = rotlFixed(Eko, 25);
- Emu ^= Du;
- BCo = rotlFixed(Emu, 8);
- Esa ^= Da;
- BCu = rotlFixed(Esa, 18);
- Aka = BCa ^((~BCe)& BCi );
- Ake = BCe ^((~BCi)& BCo );
- Aki = BCi ^((~BCo)& BCu );
- Ako = BCo ^((~BCu)& BCa );
- Aku = BCu ^((~BCa)& BCe );
-
- Ebu ^= Du;
- BCa = rotlFixed(Ebu, 27);
- Ega ^= Da;
- BCe = rotlFixed(Ega, 36);
- Eke ^= De;
- BCi = rotlFixed(Eke, 10);
- Emi ^= Di;
- BCo = rotlFixed(Emi, 15);
- Eso ^= Do;
- BCu = rotlFixed(Eso, 56);
- Ama = BCa ^((~BCe)& BCi );
- Ame = BCe ^((~BCi)& BCo );
- Ami = BCi ^((~BCo)& BCu );
- Amo = BCo ^((~BCu)& BCa );
- Amu = BCu ^((~BCa)& BCe );
-
- Ebi ^= Di;
- BCa = rotlFixed(Ebi, 62);
- Ego ^= Do;
- BCe = rotlFixed(Ego, 55);
- Eku ^= Du;
- BCi = rotlFixed(Eku, 39);
- Ema ^= Da;
- BCo = rotlFixed(Ema, 41);
- Ese ^= De;
- BCu = rotlFixed(Ese, 2);
- Asa = BCa ^((~BCe)& BCi );
- Ase = BCe ^((~BCi)& BCo );
- Asi = BCi ^((~BCo)& BCu );
- Aso = BCo ^((~BCu)& BCa );
- Asu = BCu ^((~BCa)& BCe );
- }
-
- //copyToState(state, A)
- Block::Put(NULL, state)(Aba)(Abe)(Abi)(Abo)(Abu)(Aga)(Age)(Agi)(Ago)(Agu)(Aka)(Ake)(Aki)(Ako)(Aku)(Ama)(Ame)(Ami)(Amo)(Amu)(Asa)(Ase)(Asi)(Aso)(Asu);
- }
-}
-
-void SHA3::Update(const byte *input, size_t length)
-{
- size_t spaceLeft;
- while (length >= (spaceLeft = r() - m_counter))
- {
- xorbuf(m_state.BytePtr() + m_counter, input, spaceLeft);
- KeccakF1600(m_state);
- input += spaceLeft;
- length -= spaceLeft;
- m_counter = 0;
- }
-
- xorbuf(m_state.BytePtr() + m_counter, input, length);
- m_counter += (unsigned int)length;
-}
-
-void SHA3::Restart()
-{
- memset(m_state, 0, m_state.SizeInBytes());
- m_counter = 0;
-}
-
-void SHA3::TruncatedFinal(byte *hash, size_t size)
-{
- ThrowIfInvalidTruncatedSize(size);
- m_state.BytePtr()[m_counter] ^= 1;
- m_state.BytePtr()[r()-1] ^= 0x80;
- KeccakF1600(m_state);
- memcpy(hash, m_state, size);
- Restart();
-}
-
-NAMESPACE_END
diff --git a/cryptopp562/sha3.h b/cryptopp562/sha3.h deleted file mode 100644 index 232bae5..0000000 --- a/cryptopp562/sha3.h +++ /dev/null @@ -1,65 +0,0 @@ -// sha3.h - written and placed in the public domain by Wei Dai
-
-#ifndef CRYPTOPP_SHA3_H
-#define CRYPTOPP_SHA3_H
-
-#include "cryptlib.h"
-#include "secblock.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-/// <a href="http://en.wikipedia.org/wiki/SHA-3">SHA-3</a>
-class SHA3 : public HashTransformation
-{
-public:
- SHA3(unsigned int digestSize) : m_digestSize(digestSize) {Restart();}
- unsigned int DigestSize() const {return m_digestSize;}
- std::string AlgorithmName() const {return "SHA-3-" + IntToString(m_digestSize*8);}
- unsigned int OptimalDataAlignment() const {return GetAlignmentOf<word64>();}
-
- void Update(const byte *input, size_t length);
- void Restart();
- void TruncatedFinal(byte *hash, size_t size);
-
-protected:
- inline unsigned int r() const {return 200 - 2 * m_digestSize;}
-
- FixedSizeSecBlock<word64, 25> m_state;
- unsigned int m_digestSize, m_counter;
-};
-
-class SHA3_224 : public SHA3
-{
-public:
- CRYPTOPP_CONSTANT(DIGESTSIZE = 28)
- SHA3_224() : SHA3(DIGESTSIZE) {}
- static const char * StaticAlgorithmName() {return "SHA-3-224";}
-};
-
-class SHA3_256 : public SHA3
-{
-public:
- CRYPTOPP_CONSTANT(DIGESTSIZE = 32)
- SHA3_256() : SHA3(DIGESTSIZE) {}
- static const char * StaticAlgorithmName() {return "SHA-3-256";}
-};
-
-class SHA3_384 : public SHA3
-{
-public:
- CRYPTOPP_CONSTANT(DIGESTSIZE = 48)
- SHA3_384() : SHA3(DIGESTSIZE) {}
- static const char * StaticAlgorithmName() {return "SHA-3-384";}
-};
-
-class SHA3_512 : public SHA3
-{
-public:
- CRYPTOPP_CONSTANT(DIGESTSIZE = 64)
- SHA3_512() : SHA3(DIGESTSIZE) {}
- static const char * StaticAlgorithmName() {return "SHA-3-512";}
-};
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/shacal2.cpp b/cryptopp562/shacal2.cpp deleted file mode 100644 index b0360e4..0000000 --- a/cryptopp562/shacal2.cpp +++ /dev/null @@ -1,140 +0,0 @@ -// shacal2.cpp - by Kevin Springle, 2003 -// -// Portions of this code were derived from -// Wei Dai's implementation of SHA-2 -// -// The original code and all modifications are in the public domain. - -#include "pch.h" -#include "shacal2.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -// SHACAL-2 function and round definitions - -#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22)) -#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25)) -#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3)) -#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10)) - -#define Ch(x,y,z) (z^(x&(y^z))) -#define Maj(x,y,z) ((x&y)|(z&(x|y))) - -/* R is the SHA-256 round function. */ -/* This macro increments the k argument as a side effect. */ -#define R(a,b,c,d,e,f,g,h,k) \ - h+=S1(e)+Ch(e,f,g)+*k++;d+=h;h+=S0(a)+Maj(a,b,c); - -/* P is the inverse of the SHA-256 round function. */ -/* This macro decrements the k argument as a side effect. */ -#define P(a,b,c,d,e,f,g,h,k) \ - h-=S0(a)+Maj(a,b,c);d-=h;h-=S1(e)+Ch(e,f,g)+*--k; - -void SHACAL2::Base::UncheckedSetKey(const byte *userKey, unsigned int keylen, const NameValuePairs &) -{ - AssertValidKeyLength(keylen); - - word32 *rk = m_key; - unsigned int i; - - GetUserKey(BIG_ENDIAN_ORDER, rk, m_key.size(), userKey, keylen); - for (i = 0; i < 48; i++, rk++) - { - rk[16] = rk[0] + s0(rk[1]) + rk[9] + s1(rk[14]); - rk[0] += K[i]; - } - for (i = 48; i < 64; i++, rk++) - { - rk[0] += K[i]; - } -} - -typedef BlockGetAndPut<word32, BigEndian> Block; - -void SHACAL2::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 a, b, c, d, e, f, g, h; - const word32 *rk = m_key; - - /* - * map byte array block to cipher state: - */ - Block::Get(inBlock)(a)(b)(c)(d)(e)(f)(g)(h); - - // Perform SHA-256 transformation. - - /* 64 operations, partially loop unrolled */ - for (unsigned int j=0; j<64; j+=8) - { - R(a,b,c,d,e,f,g,h,rk); - R(h,a,b,c,d,e,f,g,rk); - R(g,h,a,b,c,d,e,f,rk); - R(f,g,h,a,b,c,d,e,rk); - R(e,f,g,h,a,b,c,d,rk); - R(d,e,f,g,h,a,b,c,rk); - R(c,d,e,f,g,h,a,b,rk); - R(b,c,d,e,f,g,h,a,rk); - } - - /* - * map cipher state to byte array block: - */ - - Block::Put(xorBlock, outBlock)(a)(b)(c)(d)(e)(f)(g)(h); -} - -void SHACAL2::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 a, b, c, d, e, f, g, h; - const word32 *rk = m_key + 64; - - /* - * map byte array block to cipher state: - */ - Block::Get(inBlock)(a)(b)(c)(d)(e)(f)(g)(h); - - // Perform inverse SHA-256 transformation. - - /* 64 operations, partially loop unrolled */ - for (unsigned int j=0; j<64; j+=8) - { - P(b,c,d,e,f,g,h,a,rk); - P(c,d,e,f,g,h,a,b,rk); - P(d,e,f,g,h,a,b,c,rk); - P(e,f,g,h,a,b,c,d,rk); - P(f,g,h,a,b,c,d,e,rk); - P(g,h,a,b,c,d,e,f,rk); - P(h,a,b,c,d,e,f,g,rk); - P(a,b,c,d,e,f,g,h,rk); - } - - /* - * map cipher state to byte array block: - */ - - Block::Put(xorBlock, outBlock)(a)(b)(c)(d)(e)(f)(g)(h); -} - -// The SHACAL-2 round constants are identical to the SHA-256 round constants. -const word32 SHACAL2::Base::K[64] = -{ - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -}; - -NAMESPACE_END diff --git a/cryptopp562/shacal2.h b/cryptopp562/shacal2.h deleted file mode 100644 index 66c987f..0000000 --- a/cryptopp562/shacal2.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef CRYPTOPP_SHACAL2_H -#define CRYPTOPP_SHACAL2_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct SHACAL2_Info : public FixedBlockSize<32>, public VariableKeyLength<16, 16, 64> -{ - static const char *StaticAlgorithmName() {return "SHACAL-2";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#SHACAL-2">SHACAL-2</a> -class SHACAL2 : public SHACAL2_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<SHACAL2_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - FixedSizeSecBlock<word32, 64> m_key; - - static const word32 K[64]; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef SHACAL2::Encryption SHACAL2Encryption; -typedef SHACAL2::Decryption SHACAL2Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/shark.cpp b/cryptopp562/shark.cpp deleted file mode 100644 index 361147e..0000000 --- a/cryptopp562/shark.cpp +++ /dev/null @@ -1,136 +0,0 @@ -// shark.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "shark.h" -#include "misc.h" -#include "modes.h" -#include "gf256.h" - -NAMESPACE_BEGIN(CryptoPP) - -static word64 SHARKTransform(word64 a) -{ - static const byte iG[8][8] = { - 0xe7, 0x30, 0x90, 0x85, 0xd0, 0x4b, 0x91, 0x41, - 0x53, 0x95, 0x9b, 0xa5, 0x96, 0xbc, 0xa1, 0x68, - 0x02, 0x45, 0xf7, 0x65, 0x5c, 0x1f, 0xb6, 0x52, - 0xa2, 0xca, 0x22, 0x94, 0x44, 0x63, 0x2a, 0xa2, - 0xfc, 0x67, 0x8e, 0x10, 0x29, 0x75, 0x85, 0x71, - 0x24, 0x45, 0xa2, 0xcf, 0x2f, 0x22, 0xc1, 0x0e, - 0xa1, 0xf1, 0x71, 0x40, 0x91, 0x27, 0x18, 0xa5, - 0x56, 0xf4, 0xaf, 0x32, 0xd2, 0xa4, 0xdc, 0x71, - }; - - word64 result=0; - GF256 gf256(0xf5); - for (unsigned int i=0; i<8; i++) - for(unsigned int j=0; j<8; j++) - result ^= word64(gf256.Multiply(iG[i][j], GF256::Element(a>>(56-8*j)))) << (56-8*i); - return result; -} - -void SHARK::Base::UncheckedSetKey(const byte *key, unsigned int keyLen, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(keyLen); - - m_rounds = GetRoundsAndThrowIfInvalid(params, this); - m_roundKeys.New(m_rounds+1); - - // concatenate key enought times to fill a - for (unsigned int i=0; i<(m_rounds+1)*8; i++) - ((byte *)m_roundKeys.begin())[i] = key[i%keyLen]; - - SHARK::Encryption e; - e.InitForKeySetup(); - byte IV[8] = {0,0,0,0,0,0,0,0}; - CFB_Mode_ExternalCipher::Encryption cfb(e, IV); - - cfb.ProcessString((byte *)m_roundKeys.begin(), (m_rounds+1)*8); - - ConditionalByteReverse(BIG_ENDIAN_ORDER, m_roundKeys.begin(), m_roundKeys.begin(), (m_rounds+1)*8); - - m_roundKeys[m_rounds] = SHARKTransform(m_roundKeys[m_rounds]); - - if (!IsForwardTransformation()) - { - unsigned int i; - - // transform encryption round keys into decryption round keys - for (i=0; i<m_rounds/2; i++) - std::swap(m_roundKeys[i], m_roundKeys[m_rounds-i]); - - for (i=1; i<m_rounds; i++) - m_roundKeys[i] = SHARKTransform(m_roundKeys[i]); - } - -#ifdef IS_LITTLE_ENDIAN - m_roundKeys[0] = ByteReverse(m_roundKeys[0]); - m_roundKeys[m_rounds] = ByteReverse(m_roundKeys[m_rounds]); -#endif -} - -// construct an SHARK_Enc object with fixed round keys, to be used to initialize actual round keys -void SHARK::Enc::InitForKeySetup() -{ - m_rounds = DEFAULT_ROUNDS; - m_roundKeys.New(DEFAULT_ROUNDS+1); - - for (unsigned int i=0; i<DEFAULT_ROUNDS; i++) - m_roundKeys[i] = cbox[0][i]; - - m_roundKeys[DEFAULT_ROUNDS] = SHARKTransform(cbox[0][DEFAULT_ROUNDS]); - -#ifdef IS_LITTLE_ENDIAN - m_roundKeys[0] = ByteReverse(m_roundKeys[0]); - m_roundKeys[m_rounds] = ByteReverse(m_roundKeys[m_rounds]); -#endif -} - -typedef word64 ArrayOf256Word64s[256]; - -template <const byte *sbox, const ArrayOf256Word64s *cbox> -struct SharkProcessAndXorBlock{ // VC60 workaround: problem with template functions -inline SharkProcessAndXorBlock(const word64 *roundKeys, unsigned int rounds, const byte *inBlock, const byte *xorBlock, byte *outBlock) -{ - word64 tmp = *(word64 *)inBlock ^ roundKeys[0]; - - ByteOrder order = GetNativeByteOrder(); - tmp = cbox[0][GetByte(order, tmp, 0)] ^ cbox[1][GetByte(order, tmp, 1)] - ^ cbox[2][GetByte(order, tmp, 2)] ^ cbox[3][GetByte(order, tmp, 3)] - ^ cbox[4][GetByte(order, tmp, 4)] ^ cbox[5][GetByte(order, tmp, 5)] - ^ cbox[6][GetByte(order, tmp, 6)] ^ cbox[7][GetByte(order, tmp, 7)] - ^ roundKeys[1]; - - for(unsigned int i=2; i<rounds; i++) - { - tmp = cbox[0][GETBYTE(tmp, 7)] ^ cbox[1][GETBYTE(tmp, 6)] - ^ cbox[2][GETBYTE(tmp, 5)] ^ cbox[3][GETBYTE(tmp, 4)] - ^ cbox[4][GETBYTE(tmp, 3)] ^ cbox[5][GETBYTE(tmp, 2)] - ^ cbox[6][GETBYTE(tmp, 1)] ^ cbox[7][GETBYTE(tmp, 0)] - ^ roundKeys[i]; - } - - PutBlock<byte, BigEndian>(xorBlock, outBlock) - (sbox[GETBYTE(tmp, 7)]) - (sbox[GETBYTE(tmp, 6)]) - (sbox[GETBYTE(tmp, 5)]) - (sbox[GETBYTE(tmp, 4)]) - (sbox[GETBYTE(tmp, 3)]) - (sbox[GETBYTE(tmp, 2)]) - (sbox[GETBYTE(tmp, 1)]) - (sbox[GETBYTE(tmp, 0)]); - - *(word64 *)outBlock ^= roundKeys[rounds]; -}}; - -void SHARK::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - SharkProcessAndXorBlock<sbox, cbox>(m_roundKeys, m_rounds, inBlock, xorBlock, outBlock); -} - -void SHARK::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - SharkProcessAndXorBlock<sbox, cbox>(m_roundKeys, m_rounds, inBlock, xorBlock, outBlock); -} - -NAMESPACE_END diff --git a/cryptopp562/shark.h b/cryptopp562/shark.h deleted file mode 100644 index 8d5ce9b..0000000 --- a/cryptopp562/shark.h +++ /dev/null @@ -1,65 +0,0 @@ -#ifndef CRYPTOPP_SHARK_H -#define CRYPTOPP_SHARK_H - -/** \file -*/ - -#include "config.h" -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct SHARK_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 1, 16>, public VariableRounds<6, 2> -{ - static const char *StaticAlgorithmName() {return "SHARK-E";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#SHARK-E">SHARK-E</a> -class SHARK : public SHARK_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<SHARK_Info> - { - public: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶m); - - protected: - unsigned int m_rounds; - SecBlock<word64> m_roundKeys; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - // used by Base to do key setup - void InitForKeySetup(); - - private: - static const byte sbox[256]; - static const word64 cbox[8][256]; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - private: - static const byte sbox[256]; - static const word64 cbox[8][256]; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef SHARK::Encryption SHARKEncryption; -typedef SHARK::Decryption SHARKDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/sharkbox.cpp b/cryptopp562/sharkbox.cpp deleted file mode 100644 index a0ff31f..0000000 --- a/cryptopp562/sharkbox.cpp +++ /dev/null @@ -1,4162 +0,0 @@ -#include "pch.h" -#include "shark.h" - -NAMESPACE_BEGIN(CryptoPP) - -const byte SHARK::Enc::sbox[256] = { -177, 206, 195, 149, 90, 173, 231, 2, 77, 68, 251, 145, 12, 135, 161, 80, -203, 103, 84, 221, 70, 143, 225, 78, 240, 253, 252, 235, 249, 196, 26, 110, - 94, 245, 204, 141, 28, 86, 67, 254, 7, 97, 248, 117, 89, 255, 3, 34, -138, 209, 19, 238, 136, 0, 14, 52, 21, 128, 148, 227, 237, 181, 83, 35, - 75, 71, 23, 167, 144, 53, 171, 216, 184, 223, 79, 87, 154, 146, 219, 27, - 60, 200, 153, 4, 142, 224, 215, 125, 133, 187, 64, 44, 58, 69, 241, 66, -101, 32, 65, 24, 114, 37, 147, 112, 54, 5, 242, 11, 163, 121, 236, 8, - 39, 49, 50, 182, 124, 176, 10, 115, 91, 123, 183, 129, 210, 13, 106, 38, -158, 88, 156, 131, 116, 179, 172, 48, 122, 105, 119, 15, 174, 33, 222, 208, - 46, 151, 16, 164, 152, 168, 212, 104, 45, 98, 41, 109, 22, 73, 118, 199, -232, 193, 150, 55, 229, 202, 244, 233, 99, 18, 194, 166, 20, 188, 211, 40, -175, 47, 230, 36, 82, 198, 160, 9, 189, 140, 207, 93, 17, 95, 1, 197, -159, 61, 162, 155, 201, 59, 190, 81, 25, 31, 63, 92, 178, 239, 74, 205, -191, 186, 111, 100, 217, 243, 62, 180, 170, 220, 213, 6, 192, 126, 246, 102, -108, 132, 113, 56, 185, 29, 127, 157, 72, 139, 42, 218, 165, 51, 130, 57, -214, 120, 134, 250, 228, 43, 169, 30, 137, 96, 107, 234, 85, 76, 247, 226, -}; - -const byte SHARK::Dec::sbox[256] = { - 53, 190, 7, 46, 83, 105, 219, 40, 111, 183, 118, 107, 12, 125, 54, 139, -146, 188, 169, 50, 172, 56, 156, 66, 99, 200, 30, 79, 36, 229, 247, 201, - 97, 141, 47, 63, 179, 101, 127, 112, 175, 154, 234, 245, 91, 152, 144, 177, -135, 113, 114, 237, 55, 69, 104, 163, 227, 239, 92, 197, 80, 193, 214, 202, - 90, 98, 95, 38, 9, 93, 20, 65, 232, 157, 206, 64, 253, 8, 23, 74, - 15, 199, 180, 62, 18, 252, 37, 75, 129, 44, 4, 120, 203, 187, 32, 189, -249, 41, 153, 168, 211, 96, 223, 17, 151, 137, 126, 250, 224, 155, 31, 210, -103, 226, 100, 119, 132, 43, 158, 138, 241, 109, 136, 121, 116, 87, 221, 230, - 57, 123, 238, 131, 225, 88, 242, 13, 52, 248, 48, 233, 185, 35, 84, 21, - 68, 11, 77, 102, 58, 3, 162, 145, 148, 82, 76, 195, 130, 231, 128, 192, -182, 14, 194, 108, 147, 236, 171, 67, 149, 246, 216, 70, 134, 5, 140, 176, -117, 0, 204, 133, 215, 61, 115, 122, 72, 228, 209, 89, 173, 184, 198, 208, -220, 161, 170, 2, 29, 191, 181, 159, 81, 196, 165, 16, 34, 207, 1, 186, -143, 49, 124, 174, 150, 218, 240, 86, 71, 212, 235, 78, 217, 19, 142, 73, - 85, 22, 255, 59, 244, 164, 178, 6, 160, 167, 251, 27, 110, 60, 51, 205, - 24, 94, 106, 213, 166, 33, 222, 254, 42, 28, 243, 10, 26, 25, 39, 45, -}; - -const word64 SHARK::Enc::cbox[8][256] = { -/* box 0 */ -W64LIT(0x060d838f16f3a365), -W64LIT(0xa68857ee5cae56f6), -W64LIT(0xebf516353c2c4d89), -W64LIT(0x652174be88e85bdc), -W64LIT(0x0d4e9a8086c17921), -W64LIT(0x27ba7d33cffa58a1), -W64LIT(0x88d9e104a237b530), -W64LIT(0x693b8755a4fbe816), -W64LIT(0xdac9591826b254a0), -W64LIT(0x45c2e369fb336af3), -W64LIT(0xa96e1fb87b3e4ef4), -W64LIT(0xb7578f1435eb7ef0), -W64LIT(0x839af80b32056f74), -W64LIT(0xae37f55cc71f277a), -W64LIT(0xa4208538fdff37d5), -W64LIT(0x35991e74ad3cdb6f), -W64LIT(0xba191594b32a07d1), -W64LIT(0x5344d1772e572b7b), -W64LIT(0xe7efe5de103ffe43), -W64LIT(0xa3796fdc41de5e5b), -W64LIT(0x2cf9643c5fc882e5), -W64LIT(0xffdbf6fd48196d22), -W64LIT(0x33949dfbbbcf780a), -W64LIT(0x7d15679dd0cec8bd), -W64LIT(0x5f5e229c024498b1), -W64LIT(0x1223634762c683ce), -W64LIT(0xdcc4da973041f7c5), -W64LIT(0x0b43190f9032da44), -W64LIT(0xc05598eddfc5a6e2), -W64LIT(0x9e5fd31a7753f4b8), -W64LIT(0x9afa8243c0f136fe), -W64LIT(0xcc4f6b06f3d61528), -W64LIT(0xdf38612a3bc25c0d), -W64LIT(0x43cf60e6edc0c996), -W64LIT(0xcfb3d0bbf855bee0), -W64LIT(0x96e071a8ece28534), -W64LIT(0x21b7febcd909fbc4), -W64LIT(0x8ed4628bb4c41655), -W64LIT(0x30682646b04cd3c2), -W64LIT(0xb5ff5dc294ba1fd3), -W64LIT(0x75aac52f4b7fb931), -W64LIT(0xe809ad8837afe641), -W64LIT(0x0eb2213d8d42d2e9), -W64LIT(0x9852509561a057dd), -W64LIT(0xaa92a40570bde53c), -W64LIT(0x7b18e412c63d6bd8), -W64LIT(0xa7dc3e85f67c9c1d), -W64LIT(0xd8618bce87e33583), -W64LIT(0xe34ab487a79d3c05), -W64LIT(0x20e397d773db312f), -W64LIT(0x05f138321d7008ad), -W64LIT(0x17d25b757fb68b63), -W64LIT(0x8a7133d20366d413), -W64LIT(0x0000000000000000), -W64LIT(0xeaa17f5e96fe8762), -W64LIT(0xc101f18675176c09), -W64LIT(0xbebc44cd0488c597), -W64LIT(0xdb9d30738c609e4b), -W64LIT(0xabc6cd6eda6f2fd7), -W64LIT(0x5aaf1aae1f34901c), -W64LIT(0xb00e65f089ca177e), -W64LIT(0xd47b7825abf08649), -W64LIT(0x924520f15b404772), -W64LIT(0x1686321ed5644188), -W64LIT(0x618425e73f4a999a), -W64LIT(0xe21eddec0d4ff6ee), -W64LIT(0xd787c398a0732d81), -W64LIT(0x1f6df9c7e407faef), -W64LIT(0x79b036c4676c0afb), -W64LIT(0x0fe6485627901802), -W64LIT(0x9cf701ccd602959b), -W64LIT(0xbfe82da6ae5a0f7c), -W64LIT(0x990639fecb729d36), -W64LIT(0xca42e889e525b64d), -W64LIT(0xb3f2de4d8249bcb6), -W64LIT(0x4033db5be643625e), -W64LIT(0x4167b2304c91a8b5), -W64LIT(0x108bb191c397e2ed), -W64LIT(0x1834132358269361), -W64LIT(0x541d3b93927642f5), -W64LIT(0x90edf227fa112651), -W64LIT(0x1dc52b1145569bcc), -W64LIT(0xe6bb8cb5baed34a8), -W64LIT(0xd276fbaabd03252c), -W64LIT(0x313c4f2d1a9e1929), -W64LIT(0xfd73242be9480c01), -W64LIT(0x9baeeb286a23fc15), -W64LIT(0xc9be5334eea61d85), -W64LIT(0xc70c720963e4cf6c), -W64LIT(0x3eda077b3d0e012b), -W64LIT(0x97b418c346304fdf), -W64LIT(0x32c0f490111db2e1), -W64LIT(0x2ba08ed8e3e9eb6b), -W64LIT(0x8b255ab9a9b41ef8), -W64LIT(0x91b99b4c50c3ecba), -W64LIT(0xfe8f9f96e2cba7c9), -W64LIT(0x3a7f56228aacc36d), -W64LIT(0xb15a0c9b2318dd95), -W64LIT(0x5953a11314b73bd4), -W64LIT(0xf3c10516640adee8), -W64LIT(0xedf895ba2adfeeec), -W64LIT(0xadcb4ee1cc9c8cb2), -W64LIT(0xde6c0841911096e6), -W64LIT(0x84c312ef8e2406fa), -W64LIT(0xa83a76d3d1ec841f), -W64LIT(0x1c91427aef845127), -W64LIT(0x3665a5c9a6bf70a7), -W64LIT(0xf6303d24797ad645), -W64LIT(0xcd1b026d5904dfc3), -W64LIT(0x1bc8a89e53a538a9), -W64LIT(0x7ee9dc20db4d6375), -W64LIT(0x51ec03a18f064a58), -W64LIT(0xc4f0c9b4686764a4), -W64LIT(0xdd90b3fc9a933d2e), -W64LIT(0x7a4c8d796cefa133), -W64LIT(0x73a746a05d8c1a54), -W64LIT(0x0759eae4bc21698e), -W64LIT(0xc8ea3a5f4474d76e), -W64LIT(0x38d784f42bfda24e), -W64LIT(0x231f2c6a78589ae7), -W64LIT(0xc3a92350d4460d2a), -W64LIT(0x72f32fcbf75ed0bf), -W64LIT(0xbd40ff700f0b6e5f), -W64LIT(0x157a89a3dee7ea40), -W64LIT(0x873fa95285a7ad32), -W64LIT(0x4d7d41db60821b7f), -W64LIT(0x1e3990ac4ed53004), -W64LIT(0x0a1770643ae010af), -W64LIT(0x9311499af1928d99), -W64LIT(0x64751dd5223a9137), -W64LIT(0xfa2acecf5569658f), -W64LIT(0x7c410ef67a1c0256), -W64LIT(0x56b5e945332723d6), -W64LIT(0x6f3604dab2084b73), -W64LIT(0xe95dc4e39d7d2caa), -W64LIT(0x13770a2cc8144925), -W64LIT(0xbc14961ba5d9a4b4), -W64LIT(0xb9e5ae29b8a9ac19), -W64LIT(0xf169d7c0c55bbfcb), -W64LIT(0x2446c68ec479f369), -W64LIT(0x806643b63986c4bc), -W64LIT(0x7fbdb54b719fa99e), -W64LIT(0x04a55159b7a2c246), -W64LIT(0xee042e07215c4524), -W64LIT(0x5bfb73c5b5e65af7), -W64LIT(0x0c1af3eb2c13b3ca), -W64LIT(0xa22d06b7eb0c94b0), -W64LIT(0xb8b1c742127b66f2), -W64LIT(0x285c3565e86a40a3), -W64LIT(0x3b2b3f49207e0986), -W64LIT(0x3c72d5ad9c5f6008), -W64LIT(0x770217f9ea2ed812), -W64LIT(0xfc274d40439ac6ea), -W64LIT(0x4fd5930dc1d37a5c), -W64LIT(0x2e51b6eafe99e3c6), -W64LIT(0x6b93558305aa8935), -W64LIT(0x19607a48f2f4598a), -W64LIT(0x08bfa2b29bb1718c), -W64LIT(0x3f8e6e1097dccbc0), -W64LIT(0x3983ed9f812f68a5), -W64LIT(0xac9f278a664e4659), -W64LIT(0x82ce916098d7a59f), -W64LIT(0xc2fd4a3b7e94c7c1), -W64LIT(0x66ddcf03836bf014), -W64LIT(0xe1e2665106cc5d26), -W64LIT(0x74feac44e1ad73da), -W64LIT(0x8d28d936bf47bd9d), -W64LIT(0x62789e5a34c93252), -W64LIT(0x81322add93540e57), -W64LIT(0xcb1681e24ff77ca6), -W64LIT(0x2512afe56eab3982), -W64LIT(0xd18a4017b6808ee4), -W64LIT(0x705bfd1d560fb19c), -W64LIT(0x4b70c2547671b81a), -W64LIT(0x49d81082d720d939), -W64LIT(0xe0b60f3aac1e97cd), -W64LIT(0x4e81fa666b01b0b7), -W64LIT(0x951cca15e7612efc), -W64LIT(0x463e58d4f0b0c13b), -W64LIT(0x632cf7319e1bf8b9), -W64LIT(0x5ca2992109c73379), -W64LIT(0xf764544fd3a81cae), -W64LIT(0x6ac73ce8af7843de), -W64LIT(0x9f0bba71dd813e53), -W64LIT(0x85977b8424f6cc11), -W64LIT(0x5807c878be65f13f), -W64LIT(0x686fee3e0e2922fd), -W64LIT(0x78e45fafcdbec010), -W64LIT(0x6ccabf67b98be0bb), -W64LIT(0x11dfd8fa69452806), -W64LIT(0xcee7b9d05287740b), -W64LIT(0x50b86aca25d480b3), -W64LIT(0x5df6f04aa315f992), -W64LIT(0x5e0a4bf7a896525a), -W64LIT(0x03fcbbbd0b83abc8), -W64LIT(0x8f800be01e16dcbe), -W64LIT(0xd32292c117d1efc7), -W64LIT(0xe5473708b16e9f60), -W64LIT(0x224b4501d28a500c), -W64LIT(0xfb7ea7a4ffbbaf64), -W64LIT(0x3d26bcc6368daae3), -W64LIT(0x866bc0392f7567d9), -W64LIT(0x3731cca20c6dba4c), -W64LIT(0xb603e67f9f39b41b), -W64LIT(0xa1d1bd0ae08f3f78), -W64LIT(0xd935e2a52d31ff68), -W64LIT(0xaf639c376dcded91), -W64LIT(0x0154696baad2caeb), -W64LIT(0xecacfcd1800d2407), -W64LIT(0xf03dbeab6f897520), -W64LIT(0x02a8d2d6a1516123), -W64LIT(0xf498eff2d82bb766), -W64LIT(0x710f9476fcdd7b77), -W64LIT(0xf8821c19f43804ac), -W64LIT(0xf9d675725eeace47), -W64LIT(0x1a9cc1f5f977f242), -W64LIT(0x5210b81c8485e190), -W64LIT(0x6d9ed60c13592a50), -W64LIT(0xf2956c7dced81403), -W64LIT(0xbb4d7cff19f8cd3a), -W64LIT(0x4c2928b0ca50d194), -W64LIT(0x6e626db118da8198), -W64LIT(0xe4135e631bbc558b), -W64LIT(0x9da368a77cd05f70), -W64LIT(0xa574ec53572dfd3e), -W64LIT(0x09ebcbd93163bb67), -W64LIT(0x4a24ab3fdca372f1), -W64LIT(0x429b098d4712037d), -W64LIT(0x57e1802e99f5e93d), -W64LIT(0xef50476c8b8e8fcf), -W64LIT(0xa085d4614a5df593), -W64LIT(0x34cd771f07ee1184), -W64LIT(0xc6581b62c9360587), -W64LIT(0x2dad0d57f51a480e), -W64LIT(0x898d886f08e57fdb), -W64LIT(0xd6d3aaf30aa1e76a), -W64LIT(0x76567e9240fc12f9), -W64LIT(0xb4ab34a93e68d538), -W64LIT(0xb2a6b726289b765d), -W64LIT(0x8c7cb05d15957776), -W64LIT(0x554952f838a4881e), -W64LIT(0xd52f114e01224ca2), -W64LIT(0x60d04c8c95985371), -W64LIT(0x6789a66829b93aff), -W64LIT(0x2f05df81544b292d), -W64LIT(0x476a31bf5a620bd0), -W64LIT(0xf5cc869972f97d8d), -W64LIT(0x488c79e97df213d2), -W64LIT(0x44968a0251e1a018), -W64LIT(0x26ee14586528924a), -W64LIT(0xd0de297c1c52440f), -W64LIT(0xc5a4a0dfc2b5ae4f), -W64LIT(0x29085c0e42b88a48), -W64LIT(0x142ee0c8743520ab), -W64LIT(0x2af4e7b3493b2180), -W64LIT(0x9448a37e4db3e417), -/* box 1 */ -W64LIT(0xe2795ba105ba30ce), -W64LIT(0x65b5d634f5e0fbdd), -W64LIT(0x2d7d7f1464dd8c55), -W64LIT(0xeefbf778add1c20b), -W64LIT(0x1eb0fbd1f11968e7), -W64LIT(0xe6073f45ce30cd8d), -W64LIT(0x21ffd3cdccb67e90), -W64LIT(0xdf0941cfa750a262), -W64LIT(0xc61df5b1b75ef18a), -W64LIT(0xc5c7defa9dc337c6), -W64LIT(0x2581b729073c83d3), -W64LIT(0xa5e97513167173cf), -W64LIT(0xdd3673bd381526b9), -W64LIT(0xe8baa1eef91ebb93), -W64LIT(0x3b314cf8f625eb34), -W64LIT(0x579d4bc8d5fc5df8), -W64LIT(0xbb598ec2e7681b28), -W64LIT(0xc8a06b1a80708794), -W64LIT(0x1c8fc9a36e5cec3c), -W64LIT(0xf60a5a3f0807d374), -W64LIT(0x1ace9f353a9395a4), -W64LIT(0x7e9e50387aab2cee), -W64LIT(0xb5e41069d0466d36), -W64LIT(0x8cea6ee3b92602d9), -W64LIT(0xf952ddad8af1e7fd), -W64LIT(0xb19a748d1bcc9075), -W64LIT(0x2464ae10b2e4c144), -W64LIT(0xfcc9a070f4a35829), -W64LIT(0xfa88f6e6a06c21b1), -W64LIT(0x2c98662dd105cec2), -W64LIT(0x9065a740d77aeee5), -W64LIT(0xcb7a4051aaed41d8), -W64LIT(0x55a279ba4ab9d923), -W64LIT(0x27be855b98790708), -W64LIT(0xbabc97fb52b059bf), -W64LIT(0xa19711f7ddfb8e8c), -W64LIT(0x047e64e4cb8afd43), -W64LIT(0xc386886cc90c4e5e), -W64LIT(0xc422c7c3281b7551), -W64LIT(0xfb6defdf15b46326), -W64LIT(0x01e51939b5d84297), -W64LIT(0x5cbba8be9c809432), -W64LIT(0x6f762c7b09447080), -W64LIT(0xcee13d8cd4bffe0c), -W64LIT(0x54476083ff619bb4), -W64LIT(0x6e933542bc9c3217), -W64LIT(0x4af79b520e78f353), -W64LIT(0x98996f7db49be163), -W64LIT(0xa07208ce6823cc1b), -W64LIT(0x2b3c29823012f5cd), -W64LIT(0x93bf8c0bfde728a9), -W64LIT(0x2225f886e62bb8dc), -W64LIT(0x7f7b4901cf736e79), -W64LIT(0x0000000000000000), -W64LIT(0x023f32729f4584db), -W64LIT(0xd5cabb805bf4293f), -W64LIT(0x07a44fafe1173b0f), -W64LIT(0xe95fb8d74cc6f904), -W64LIT(0x7b052de504f9933a), -W64LIT(0x6aed51a67716cf54), -W64LIT(0x68d263d4e8534b8f), -W64LIT(0xa96bd9cabe1a810a), -W64LIT(0x1d6ad09adb84aeab), -W64LIT(0x0d67b5e01db3b052), -W64LIT(0x52063615abaee22c), -W64LIT(0x8f3045a893bbc495), -W64LIT(0xd8ad0e604647996d), -W64LIT(0xaf2a8f5cead5f892), -W64LIT(0x3017af8ebf5922fe), -W64LIT(0x4034611df2dc780e), -W64LIT(0x721cfce1d2c0de2b), -W64LIT(0x28e602c91a8f3381), -W64LIT(0xe1a370ea2f27f682), -W64LIT(0x29031bf0af577116), -W64LIT(0x1914b47e100e53e8), -W64LIT(0x567852f160241f6f), -W64LIT(0x793a1f979bbc17e1), -W64LIT(0xef1eee411809809c), -W64LIT(0x6211999b14f7c0d2), -W64LIT(0x059b7ddd7e52bfd4), -W64LIT(0x43ee4a56d841be42), -W64LIT(0xf1ae1590e910e87b), -W64LIT(0x33cd84c595c4e4b2), -W64LIT(0x4b12826bbba0b1c4), -W64LIT(0xeb608aa5d3837ddf), -W64LIT(0x201acaf4796e3c07), -W64LIT(0xbf27ea262ce2e66b), -W64LIT(0x58c5cc5a570a6971), -W64LIT(0x37b3e0215e4e19f1), -W64LIT(0xab54ebb8215f05d1), -W64LIT(0x8ed55c9126638602), -W64LIT(0x9aa65d0f2bde65b8), -W64LIT(0xd7f589f2c4b1ade4), -W64LIT(0x5039046734eb66f7), -W64LIT(0x6cac073023d9b6cc), -W64LIT(0x51dc1d5e81332460), -W64LIT(0x17a92ad5272025f6), -W64LIT(0x47902eb213cb4301), -W64LIT(0x1b2b860c8f4bd733), -W64LIT(0x4f6ce68f702a4c87), -W64LIT(0xcf0424b56167bc9b), -W64LIT(0x997c76440143a3f4), -W64LIT(0x7ae034dcb121d1ad), -W64LIT(0x100d657ac6371ef9), -W64LIT(0x0ac3fa4ffca48b5d), -W64LIT(0xdeec58f61288e0f5), -W64LIT(0x265b9c622da1459f), -W64LIT(0xdcd36a848dcd642e), -W64LIT(0xe4380d3751754956), -W64LIT(0x13d74e31ecaad8b5), -W64LIT(0xfd2cb949417b1abe), -W64LIT(0x9624f1d683b5977d), -W64LIT(0x4675378ba6130196), -W64LIT(0x0b26e376497cc9ca), -W64LIT(0x41d1782447043a99), -W64LIT(0xe39c4298b0627259), -W64LIT(0xcd3b16c7fe223840), -W64LIT(0x7787813cac9261ff), -W64LIT(0x492db01924e5351f), -W64LIT(0x5afafe28c84fedaa), -W64LIT(0x8b4e214c583139d6), -W64LIT(0xccde0ffe4bfa7ad7), -W64LIT(0x76629805194a2368), -W64LIT(0x7ca1624ae5eea835), -W64LIT(0x61cbb2d03e6a069e), -W64LIT(0x48c8a920913d7788), -W64LIT(0x8068c23a114df01c), -W64LIT(0xd38bed160f3b50a7), -W64LIT(0x32289dfc201ca625), -W64LIT(0xc1b9ba1e5649ca85), -W64LIT(0xed21dc33874c0447), -W64LIT(0xa3a8238542be0a57), -W64LIT(0x5b1fe7117d97af3d), -W64LIT(0x3d701a6ea2ea92ac), -W64LIT(0x73f9e5d867189cbc), -W64LIT(0x9ed839ebe05498fb), -W64LIT(0x5920d563e2d22be6), -W64LIT(0xca9f59681f35034f), -W64LIT(0x11e87c4373ef5c6e), -W64LIT(0x97c1e8ef366dd5ea), -W64LIT(0xacf0a417c0483ede), -W64LIT(0xd26ef42fbae31230), -W64LIT(0xbcfdc16d067f2027), -W64LIT(0xbec2f31f993aa4fc), -W64LIT(0x45af1cc08c8ec7da), -W64LIT(0x31f2b6b70a816069), -W64LIT(0xd9481759f39fdbfa), -W64LIT(0xe5dd140ee4ad0bc1), -W64LIT(0xa6335e583cecb583), -W64LIT(0x38eb67b3dcb82d78), -W64LIT(0xf5d07174229a1538), -W64LIT(0x5f6183f5b61d527e), -W64LIT(0x0f58879282f63489), -W64LIT(0x164c33ec92f86761), -W64LIT(0x444a05f93956854d), -W64LIT(0x818ddb03a495b28b), -W64LIT(0x4d53d4fdef6fc85c), -W64LIT(0x8d0f77da0cfe404e), -W64LIT(0x8416a6dedac70d5f), -W64LIT(0x666ffd7fdf7d3d91), -W64LIT(0xb63e3b22fadbab7a), -W64LIT(0xf2743edbc38d2e37), -W64LIT(0xa40c6c2aa3a93158), -W64LIT(0x9f3d20d2558cda6c), -W64LIT(0xfef692026be6dcf2), -W64LIT(0x2ea7545f4e404a19), -W64LIT(0xb2405fc631515639), -W64LIT(0x23c0e1bf53f3fa4b), -W64LIT(0x83b2e9713bd03650), -W64LIT(0x0641569654cf7998), -W64LIT(0xb883a589cdf5dd64), -W64LIT(0x3ad455c143fda9a3), -W64LIT(0x925a9532483f6a3e), -W64LIT(0xaab1f28194874746), -W64LIT(0xf435684d974257af), -W64LIT(0xd1b4df64907ed47c), -W64LIT(0x390e7e8a69606fef), -W64LIT(0xd051c65d25a696eb), -W64LIT(0xb4010950659e2fa1), -W64LIT(0x0c82acd9a86bf2c5), -W64LIT(0x88940a0772acff9a), -W64LIT(0xf39127e276556ca0), -W64LIT(0xaecf96655f0dba05), -W64LIT(0x03da2b4b2a9dc64c), -W64LIT(0x3f4f281c3daf1677), -W64LIT(0x3469cb6a74d3dfbd), -W64LIT(0xf04b0ca95cc8aaec), -W64LIT(0x1f55e2e844c12a70), -W64LIT(0x4cb6cdc45ab78acb), -W64LIT(0xc05ca327e3918812), -W64LIT(0x95feda9da9285131), -W64LIT(0xb966bcb0782d9ff3), -W64LIT(0xa7d647618934f714), -W64LIT(0xd61090cb7169ef73), -W64LIT(0x71c6d7aaf85d1867), -W64LIT(0xecc4c50a329446d0), -W64LIT(0x6450cf0d4038b94a), -W64LIT(0x420b536f6d99fcd5), -W64LIT(0x75b8b34e33d7e524), -W64LIT(0xc26391557cd40cc9), -W64LIT(0xda923c12d9021db6), -W64LIT(0x4e89ffb6c5f20e10), -W64LIT(0x0919d104d6394d11), -W64LIT(0x8aab3875ede97b41), -W64LIT(0xa88ec0f30bc2c39d), -W64LIT(0xb7db221b4f03e9ed), -W64LIT(0xc7f8ec880286b31d), -W64LIT(0x2f424d66fb98088e), -W64LIT(0xe04669d39affb415), -W64LIT(0x3eaa3125887754e0), -W64LIT(0x5e849acc03c510e9), -W64LIT(0x8257f0488e0874c7), -W64LIT(0xbd18d854b3a762b0), -W64LIT(0xb3a546ff848914ae), -W64LIT(0x9ce70b997f111c20), -W64LIT(0x3c9503571732d03b), -W64LIT(0xe7e2267c7be88f1a), -W64LIT(0x63f480a2a12f8245), -W64LIT(0x602eabe98bb24409), -W64LIT(0x941bc3a41cf013a6), -W64LIT(0x678ae4466aa57f06), -W64LIT(0x1232570859729a22), -W64LIT(0x6d491e099601f45b), -W64LIT(0x5d5eb1872958d6a5), -W64LIT(0x1473019e0dbde3ba), -W64LIT(0xa24d3abcf76648c0), -W64LIT(0x85f3bfe76f1f4fc8), -W64LIT(0x08fcc83d63e10f86), -W64LIT(0x745daa77860fa7b3), -W64LIT(0x9180be7962a2ac72), -W64LIT(0x87cc8d95f05acb13), -W64LIT(0x78df06ae2e645576), -W64LIT(0x18f1ad47a5d6117f), -W64LIT(0x358cd253c10b9d2a), -W64LIT(0x0ebd9eab372e761e), -W64LIT(0xf7ef4306bddf91e3), -W64LIT(0x7023ce934d855af0), -W64LIT(0xd42fa2b9ee2c6ba8), -W64LIT(0x3656f918eb965b66), -W64LIT(0x9d0212a0cac95eb7), -W64LIT(0x2ad930bb85cab75a), -W64LIT(0x862994ac45828984), -W64LIT(0x7d447b735036eaa2), -W64LIT(0xb07f6db4ae14d2e2), -W64LIT(0x6b08489fc2ce8dc3), -W64LIT(0x9b4344369e06272f), -W64LIT(0xad15bd2e75907c49), -W64LIT(0xdb77252b6cda5f21), -W64LIT(0xea85939c665b3f48), -W64LIT(0xc945722335a8c503), -W64LIT(0x159618a7b865a12d), -W64LIT(0x69377aed5d8b0918), -W64LIT(0x8971133ec774bd0d), -W64LIT(0x53e32f2c1e76a0bb), -W64LIT(0xf8b7c4943f29a56a), -W64LIT(0xff138b3bde3e9e65), -/* box 2 */ -W64LIT(0x7c6a2eb5fdabecc6), -W64LIT(0x401cda0a752bbea0), -W64LIT(0x1925217156dc57c4), -W64LIT(0x56dec6d301d70787), -W64LIT(0x41c751ff73c6ac58), -W64LIT(0xc9067697a92cb5f9), -W64LIT(0x3391c917aaa0bc85), -W64LIT(0xae0a9a4c0e742afe), -W64LIT(0xaa8ca972162a62f4), -W64LIT(0x5aa193912935df99), -W64LIT(0x86fd9135fe27e5ba), -W64LIT(0xffca074b1d3f538e), -W64LIT(0x0e3cb65d24cdfc1b), -W64LIT(0x4384b2e07fe9885d), -W64LIT(0xc73ac0ca8de149e2), -W64LIT(0x48e5bc7645972eb4), -W64LIT(0xbe0d56b46ef9ffd6), -W64LIT(0x200e6d05c0ef5f50), -W64LIT(0xe1f17dee597f7abd), -W64LIT(0x0243e31f0c2f2405), -W64LIT(0xf4ab09dd2741f567), -W64LIT(0xe4acc52547cc204f), -W64LIT(0x348f92c3b83cc272), -W64LIT(0x53837e181f645d75), -W64LIT(0xd8da319acf4c7229), -W64LIT(0x81e3cae1ecbb9b4d), -W64LIT(0xd6e687c7eb818e32), -W64LIT(0x3dad7f4a8e6d409e), -W64LIT(0x28f70b79f053cf44), -W64LIT(0x493e3783437a3c4c), -W64LIT(0xb27203f6461b27c8), -W64LIT(0xd02357e6fff0e23d), -W64LIT(0xe8d390676f2ef851), -W64LIT(0x26cbbd24d49e335f), -W64LIT(0xee1640467b5f945e), -W64LIT(0x4aa65f6949b80ab1), -W64LIT(0xb56c58225487593f), -W64LIT(0x4ffbe7a2570b5043), -W64LIT(0x0aba85633c93b411), -W64LIT(0x78ec1d8be5f5a4cc), -W64LIT(0x501b16f215a66b88), -W64LIT(0x271036d1d27321a7), -W64LIT(0x7ff2465ff769da3b), -W64LIT(0x35541936bed1d08a), -W64LIT(0xb8c886957a8893d9), -W64LIT(0x2fe950ade2cfb1b3), -W64LIT(0xf90fd76a094e3f81), -W64LIT(0x2daab3b2eee095b6), -W64LIT(0x1abd499b5c1e6139), -W64LIT(0x0c7f554228e2d81e), -W64LIT(0x425f391579049aa5), -W64LIT(0xc3bcf3f495bf01e8), -W64LIT(0xb4b7d3d7526a4bc7), -W64LIT(0x0000000000000000), -W64LIT(0xa0362c112ab9d6e5), -W64LIT(0x91e406198c364e65), -W64LIT(0x454162c16b98e452), -W64LIT(0x139fa4126a4fe3d5), -W64LIT(0x01db8bf506ed12f8), -W64LIT(0x9a85088fb648e88c), -W64LIT(0x3ab3249e9cf13e69), -W64LIT(0xd57eef2de143b8cf), -W64LIT(0xb1ea6b1c4cd91135), -W64LIT(0x7aaffe94e9da80c9), -W64LIT(0xad92f2a604b61c03), -W64LIT(0xa3ae44fb207be018), -W64LIT(0xeb4bf88d65ecceac), -W64LIT(0xc0249b1e9f7d3715), -W64LIT(0xa8cf4a6d1a0546f1), -W64LIT(0xc6e14b3f8b0c5b1a), -W64LIT(0xce182d43bbb0cb0e), -W64LIT(0xfc526fa117fd6573), -W64LIT(0x8c471456c2b451ab), -W64LIT(0xac497953025b0efb), -W64LIT(0x0486333e185e480a), -W64LIT(0x18feaa845031453c), -W64LIT(0xa1eda7e42c54c41d), -W64LIT(0x06c5d02114716c0f), -W64LIT(0x055db8cb1eb35af2), -W64LIT(0xe5774ed0412132b7), -W64LIT(0x36cc71dcb413e677), -W64LIT(0x470281de67b7c057), -W64LIT(0x58e2708e251afb9c), -W64LIT(0xa914c1981ce85409), -W64LIT(0xb3a9880340f63530), -W64LIT(0x638adfe5bf06d70d), -W64LIT(0x0b610e963a7ea6e9), -W64LIT(0x927c6ef386f47898), -W64LIT(0xed8e28ac719da2a3), -W64LIT(0x7548c33ccbfa6e2a), -W64LIT(0xf3b5520935dd8b90), -W64LIT(0x8d9c9fa3c4594353), -W64LIT(0x31d22a08a68f9880), -W64LIT(0x0da4deb72e0fcae6), -W64LIT(0x8fdf7cbcc8766756), -W64LIT(0x5dbfc8453ba9a16e), -W64LIT(0x8e04f749ce9b75ae), -W64LIT(0x83a029fee094bf48), -W64LIT(0xa4b01f2f32e79eef), -W64LIT(0x1c7899ba486f0d36), -W64LIT(0x654f0fc4ab77bb02), -W64LIT(0x7db1a540fb46fe3e), -W64LIT(0x51c09d07134b7970), -W64LIT(0xcb459588a50391fc), -W64LIT(0x3fee9c558242649b), -W64LIT(0xfe118cbe1bd24176), -W64LIT(0x76d0abd6c13858d7), -W64LIT(0x5e27a0af316b9793), -W64LIT(0x69305a868395631c), -W64LIT(0x3b68af6b9a1c2c91), -W64LIT(0x6db669b89bcb2b16), -W64LIT(0xa72877c53825a812), -W64LIT(0xd3bb3f0cf532d4c0), -W64LIT(0x6ff58aa797e40f13), -W64LIT(0x96fa5dcd9eaa3092), -W64LIT(0x2c713847e80d874e), -W64LIT(0xc57923d581ce6de7), -W64LIT(0x2b6f6393fa91f9b9), -W64LIT(0x0922ed89365182ec), -W64LIT(0x324a42e2ac4dae7d), -W64LIT(0x16c21cd974fcb927), -W64LIT(0x956235279468066f), -W64LIT(0x7b747561ef379231), -W64LIT(0x449ae9346d75f6aa), -W64LIT(0xf570822821ace79f), -W64LIT(0x5939fb7b23f7e964), -W64LIT(0x7937967ee318b634), -W64LIT(0x84be722af208c1bf), -W64LIT(0x08f9667c30bc9014), -W64LIT(0xefcdcbb37db286a6), -W64LIT(0xa6f3fc303ec8baea), -W64LIT(0xea9073786301dc54), -W64LIT(0x62515410b9ebc5f5), -W64LIT(0xd260b4f9f3dfc638), -W64LIT(0x9e033bb1ae16a086), -W64LIT(0x38f0c78190de1a6c), -W64LIT(0xc267780193521310), -W64LIT(0x80384114ea5689b5), -W64LIT(0x9b5e837ab0a5fa74), -W64LIT(0xf73361372d83c39a), -W64LIT(0x3009a1fda0628a78), -W64LIT(0xd4a564d8e7aeaa37), -W64LIT(0xfb4c347505611b84), -W64LIT(0x5b7a18642fd8cd61), -W64LIT(0x239605efca2d69ad), -W64LIT(0xf8d45c9f0fa32d79), -W64LIT(0xbb50ee7f704aa524), -W64LIT(0x392b4c7496330894), -W64LIT(0x0fe73da82220eee3), -W64LIT(0x3717fa29b2fef48f), -W64LIT(0xf26ed9fc33309968), -W64LIT(0xd73d0c32ed6c9cca), -W64LIT(0xda99d285c363562c), -W64LIT(0xde1fe1bbdb3d1e26), -W64LIT(0x738d131ddf8b0225), -W64LIT(0x292c808cf6beddbc), -W64LIT(0xbc4eb5ab62d6dbd3), -W64LIT(0x039868ea0ac236fd), -W64LIT(0xcc5bce5cb79fef0b), -W64LIT(0xb031e0e94a3403cd), -W64LIT(0xc4a2a82087237f1f), -W64LIT(0xb72fbb3d58a87d3a), -W64LIT(0xafd111b908993806), -W64LIT(0x68ebd173857871e4), -W64LIT(0x9d9b535ba4d4967b), -W64LIT(0xe9081b9269c3eaa9), -W64LIT(0x71cef002d3a42620), -W64LIT(0x93a7e50680196a60), -W64LIT(0x891aac9ddc070b59), -W64LIT(0x155a74337e3e8fda), -W64LIT(0x4e206c5751e642bb), -W64LIT(0x9721d6389847226a), -W64LIT(0x12442fe76ca2f12d), -W64LIT(0x2553d5cede5c05a2), -W64LIT(0xa275cf0e2696f2e0), -W64LIT(0x24885e3bd8b1175a), -W64LIT(0x670cecdba7589f07), -W64LIT(0x749348c9cd177cd2), -W64LIT(0x64948431ad9aa9fa), -W64LIT(0x2ab4e866fc7ceb41), -W64LIT(0xe6ef263a4be3044a), -W64LIT(0xe734adcf4d0e16b2), -W64LIT(0x903f8dec8adb5c9d), -W64LIT(0xf02d3ae33f1fbd6d), -W64LIT(0x725698e8d96610dd), -W64LIT(0x1da3124f4e821fce), -W64LIT(0x1719972c7211abdf), -W64LIT(0x11dc470d6660c7d0), -W64LIT(0xec55a3597770b05b), -W64LIT(0xbfd6dd416814ed2e), -W64LIT(0x57054d26073a157f), -W64LIT(0x1e3b7aa544402933), -W64LIT(0x5ffc2b5a3786856b), -W64LIT(0x61c93cfab329f308), -W64LIT(0x3e3517a084af7663), -W64LIT(0xf6e8eac22b6ed162), -W64LIT(0x1007ccf8608dd528), -W64LIT(0x66d7672ea1b58dff), -W64LIT(0x8b594f82d0282f5c), -W64LIT(0x1fe0f15042ad3bcb), -W64LIT(0x4b7dd49c4f551849), -W64LIT(0x4c638f485dc966be), -W64LIT(0xcfc3a6b6bd5dd9f6), -W64LIT(0x46d90a2b615ad2af), -W64LIT(0x8565f9dff4e5d347), -W64LIT(0x94b9bed292851497), -W64LIT(0xfa97bf80038c097c), -W64LIT(0xb9130d607c658121), -W64LIT(0xdc5c02a4d7123a23), -W64LIT(0x224d8e1accc07b55), -W64LIT(0x87261ac0f8caf742), -W64LIT(0xd901ba6fc9a160d1), -W64LIT(0xab57228710c7700c), -W64LIT(0x21d5e6f0c6024da8), -W64LIT(0x98c6eb90ba67cc89), -W64LIT(0x827ba20be679adb0), -W64LIT(0x991d6065bc8ade71), -W64LIT(0x5546ae390b15317a), -W64LIT(0xa56b94da340a8c17), -W64LIT(0x071e5bd4129c7ef7), -W64LIT(0xe02af61b5f926845), -W64LIT(0x6b73b9998fba4719), -W64LIT(0xdfc46a4eddd00cde), -W64LIT(0x770b2023c7d54a2f), -W64LIT(0x7e29cdaaf184c8c3), -W64LIT(0xba8b658a76a7b7dc), -W64LIT(0x9c40d8aea2398483), -W64LIT(0x9fd8b044a8fbb27e), -W64LIT(0xdb425970c58e44d4), -W64LIT(0xe269150453bd4c40), -W64LIT(0x3c76f4bf88805266), -W64LIT(0xf1f6b11639f2af95), -W64LIT(0x549d25cc0df82382), -W64LIT(0x4db804bd5b247446), -W64LIT(0x8a82c477d6c53da4), -W64LIT(0x5258f5ed19894f8d), -W64LIT(0x6e2e015291091deb), -W64LIT(0xc1ff10eb999025ed), -W64LIT(0xbd953e5e643bc92b), -W64LIT(0xc8ddfd62afc1a701), -W64LIT(0x5c6443b03d44b396), -W64LIT(0x6c6de24d9d2639ee), -W64LIT(0x1481ffc678d39d22), -W64LIT(0xd1f8dc13f91df0c5), -W64LIT(0xca9e1e7da3ee8304), -W64LIT(0xdd878951d1ff28db), -W64LIT(0x6012b70fb5c4e1f0), -W64LIT(0x1b66c26e5af373c1), -W64LIT(0xe3b29ef155505eb8), -W64LIT(0x70157bf7d54934d8), -W64LIT(0x2e32db58e422a34b), -W64LIT(0x6aa8326c895755e1), -W64LIT(0xb6f430c85e456fc2), -W64LIT(0xfd89e4541110778b), -W64LIT(0x88c12768daea19a1), -W64LIT(0xcd8045a9b172fdf3), -/* box 3 */ -W64LIT(0x99183e616655b742), -W64LIT(0xb2872032a50d6860), -W64LIT(0x0946f63b060528ef), -W64LIT(0x36612b9a141ef07d), -W64LIT(0x0634da84dd49579b), -W64LIT(0xfc9c9e9b486c8a57), -W64LIT(0xa63fe3c0744e6fd0), -W64LIT(0xf1515758d8b46bf9), -W64LIT(0x3e82559fcd5197ff), -W64LIT(0x92e12d262bc40177), -W64LIT(0xc3bb433a5a7752c5), -W64LIT(0x21c3852a5183267a), -W64LIT(0x39130725cf528f09), -W64LIT(0x9ba7db1d2dc12998), -W64LIT(0xc58f99be873e055e), -W64LIT(0xd9d424498f32656c), -W64LIT(0x27f75fae8cca71e1), -W64LIT(0x59b91019a8fc3430), -W64LIT(0xce768af9caafb36b), -W64LIT(0x9d930199f0887e03), -W64LIT(0x63b07a7ef3706a8e), -W64LIT(0xb5167288a70e7096), -W64LIT(0x40cc1a28e967d22e), -W64LIT(0x4d01d3eb79bf3380), -W64LIT(0x9e896cdb6456afb4), -W64LIT(0x2548bad2c75eef3b), -W64LIT(0xa79a6bfeab0420bd), -W64LIT(0x9f2ce4e5bb1ce0d9), -W64LIT(0x32ea146282c3393c), -W64LIT(0x6d67defff7765a97), -W64LIT(0x83775912b31080eb), -W64LIT(0xf5da68a04e69a2b8), -W64LIT(0x1196743498d4819c), -W64LIT(0x0bf913474d91b635), -W64LIT(0x43d6776a7db90399), -W64LIT(0x444725d07fba1b6f), -W64LIT(0x6584a0fa2e393d15), -W64LIT(0x3f27dda1121bd892), -W64LIT(0xf6c005e2dab7730f), -W64LIT(0x56cb3ca673b04b44), -W64LIT(0x642128c4f1737278), -W64LIT(0xbf4ae9f135d589ce), -W64LIT(0xb038c54eee99f6ba), -W64LIT(0xf47fe09e9123edd5), -W64LIT(0x75b75cf069a7f3e4), -W64LIT(0xd419ed8a1fea84c2), -W64LIT(0x73838674b4eea47f), -W64LIT(0x498aec13ef62fac1), -W64LIT(0x20660d148ec96917), -W64LIT(0xa48006bc3fdaf10a), -W64LIT(0x2f1421ab55851663), -W64LIT(0x0a5c9b7992dbf958), -W64LIT(0xd1375a4c567d02ee), -W64LIT(0x0000000000000000), -W64LIT(0xc842507d17e6e4f0), -W64LIT(0xf3eeb2249320f523), -W64LIT(0xc9e7d843c8acab9d), -W64LIT(0xff86f3d9dcb25be0), -W64LIT(0xb4b3fab678443ffb), -W64LIT(0xb19d4d7031d3b9d7), -W64LIT(0x79df1d0d26355d27), -W64LIT(0x8eba90d123c86145), -W64LIT(0xaa57a23d3bdcc113), -W64LIT(0xcb583d3f83383547), -W64LIT(0xd871ac7750782a01), -W64LIT(0xe162ab529f2aa508), -W64LIT(0x38b68f1b1018c064), -W64LIT(0x237c60561a17b8a0), -W64LIT(0xa31154063dd9e9fc), -W64LIT(0x713c6308ff7a3aa5), -W64LIT(0x1a6f6773d54537a9), -W64LIT(0x08e37e05d94f6782), -W64LIT(0x357b46d880c021ca), -W64LIT(0x6cc256c1283c15fa), -W64LIT(0xcfd302c715e5fc06), -W64LIT(0xbdf50c8d7e411714), -W64LIT(0x7cf1aacb6fa2db0b), -W64LIT(0x5240035ee56d8205), -W64LIT(0x7b60f8716da1c3fd), -W64LIT(0x01a5883edf4a4f6d), -W64LIT(0xdd5f1bb119efac2d), -W64LIT(0x5474d9da3824d59e), -W64LIT(0x0f722cbfdb4c7f74), -W64LIT(0x17a2aeb0459dd607), -W64LIT(0x37c4a3a4cb54bf10), -W64LIT(0xc21ecb04853d1da8), -W64LIT(0x4273ff54a2f34cf4), -W64LIT(0xdace490b1becb4db), -W64LIT(0x6af68c45f5754261), -W64LIT(0x46f8c0ac342e85b5), -W64LIT(0x854383966e59d770), -W64LIT(0x81c8bc6ef8841e31), -W64LIT(0x3bace25984c611d3), -W64LIT(0x1033fc0a479ecef1), -W64LIT(0x1c5bbdf7080c6032), -W64LIT(0x7412d4ceb6edbc89), -W64LIT(0xa8e8474170485fc9), -W64LIT(0xb8dbbb4b37d69138), -W64LIT(0x079152ba020318f6), -W64LIT(0x72260e4a6ba4eb12), -W64LIT(0x905ec85a60509fad), -W64LIT(0x2dabc4d71e1188b9), -W64LIT(0xd092d27289374d83), -W64LIT(0x610f9f02b8e4f454), -W64LIT(0x02bfe57c4b949eda), -W64LIT(0x95707f9c29c71981), -W64LIT(0x6fd83b83bce2c44d), -W64LIT(0x5d322fe13e21fd71), -W64LIT(0x34decee65f8a6ea7), -W64LIT(0xcd6ce7bb5e7162dc), -W64LIT(0xfb0dcc214a6f92a1), -W64LIT(0x2eb1a9958acf590e), -W64LIT(0xdcfa938fc6a5e340), -W64LIT(0x669ecdb8bae7eca2), -W64LIT(0x151d4bcc0e0948dd), -W64LIT(0xfd3916a59726c53a), -W64LIT(0x581c982777b67b5d), -W64LIT(0x1bcaef4d0a0f78c4), -W64LIT(0xdfe0fecd527b32f7), -W64LIT(0x128c19760c0a502b), -W64LIT(0x84e60ba8b113981d), -W64LIT(0x3c3db0e386c50925), -W64LIT(0x7febc789fb7c0abc), -W64LIT(0x7d5422f5b0e89466), -W64LIT(0xd70380c88b345575), -W64LIT(0xbbc1d609a308408f), -W64LIT(0xe278c6100bf474bf), -W64LIT(0x5e2842a3aaff2cc6), -W64LIT(0x6b53047b2a3f0d0c), -W64LIT(0xf7658ddc05fd3c62), -W64LIT(0x9a025323f28b66f5), -W64LIT(0x8c0575ad685cff9f), -W64LIT(0x76ad31b2fd792253), -W64LIT(0x68496939bee1dcbb), -W64LIT(0x7e4e4fb7243645d1), -W64LIT(0xe44c1c94d6bd2324), -W64LIT(0xbeef61cfea9fc6a3), -W64LIT(0x91fb4064bf1ad0c0), -W64LIT(0x052eb7c64997862c), -W64LIT(0x4a9081517bbc2b76), -W64LIT(0x8f1f18effc822e28), -W64LIT(0x3a096a675b8c5ebe), -W64LIT(0xee1087ed4466da7c), -W64LIT(0x2652d79053803e8c), -W64LIT(0x7099eb36203075c8), -W64LIT(0xc7307cc2ccaa9b84), -W64LIT(0x5c97a7dfe16bb21c), -W64LIT(0x50ffe622aef91cdf), -W64LIT(0x8da0fd93b716b0f2), -W64LIT(0x69ece10761ab93d6), -W64LIT(0x31f07920161de88b), -W64LIT(0x13299148d3401f46), -W64LIT(0x031a6d4294ded1b7), -W64LIT(0xccc96f85813b2db1), -W64LIT(0x14b8c3f2d14307b0), -W64LIT(0x8659eed4fa8706c7), -W64LIT(0xba645e377c420fe2), -W64LIT(0x2920fb2f88cc41f8), -W64LIT(0x87fc66ea25cd49aa), -W64LIT(0x1ee4588b4398fee8), -W64LIT(0xecaf62910ff244a6), -W64LIT(0xf817a163deb14316), -W64LIT(0x45e2adeea0f05402), -W64LIT(0x806d345027ce515c), -W64LIT(0x576eb498acfa0429), -W64LIT(0xa5258e82e090be67), -W64LIT(0x892bc26b21cb79b3), -W64LIT(0x6e7db3bd63a88b20), -W64LIT(0x4e1bbea9ed61e237), -W64LIT(0xadc6f08739dfd9e5), -W64LIT(0x8b9427176a5fe769), -W64LIT(0xa1aeb17a764d7726), -W64LIT(0x4b35096fa4f6641b), -W64LIT(0x22d9e868c55df7cd), -W64LIT(0x55d151e4e76e9af3), -W64LIT(0x966a12debd19c836), -W64LIT(0x0dcdc9c390d8e1ae), -W64LIT(0xf24b3a1a4c6aba4e), -W64LIT(0x24ed32ec1814a056), -W64LIT(0xaf7915fb724b473f), -W64LIT(0x2885731157860e95), -W64LIT(0x9c3689a72fc2316e), -W64LIT(0x475d4892eb64cad8), -W64LIT(0xac6378b9e6959688), -W64LIT(0xa00b3944a907384b), -W64LIT(0xc695f4fc13e0d4e9), -W64LIT(0x3055f11ec957a7e6), -W64LIT(0x6215f2402c3a25e3), -W64LIT(0xde4576f38d317d9a), -W64LIT(0x9344a518f48e4e1a), -W64LIT(0x82d2d12c6c5acf86), -W64LIT(0xefb50fd39b2c9511), -W64LIT(0xe981d5574665c28a), -W64LIT(0x5f8dca9d75b563ab), -W64LIT(0xb60c1fca33d0a121), -W64LIT(0xfe237be703f8148d), -W64LIT(0xd6a608f6547e1a18), -W64LIT(0xb97e3375e89cde55), -W64LIT(0xd388bf301de99c34), -W64LIT(0x5b06f565e368aaea), -W64LIT(0xf0f4df6607fe2494), -W64LIT(0x1607268e9ad7996a), -W64LIT(0xaedc9dc5ad010852), -W64LIT(0xe0c7236c4060ea65), -W64LIT(0xea9bb815d2bb133d), -W64LIT(0x888e4a55fe8136de), -W64LIT(0x5aa37d5b3c22e587), -W64LIT(0xc104a64611e3cc1f), -W64LIT(0x515a6e1c71b353b2), -W64LIT(0xc42a118058744a33), -W64LIT(0x7708b98c22336d3e), -W64LIT(0x2a3a966d1c12904f), -W64LIT(0x8a31af29b515a804), -W64LIT(0xed0aeaafd0b80bcb), -W64LIT(0x2c0e4ce9c15bc7d4), -W64LIT(0x0c6841fd4f92aec3), -W64LIT(0x98bdb65fb91ff82f), -W64LIT(0x1f41d0b59cd2b185), -W64LIT(0xb322a80c7a47270d), -W64LIT(0xe6f3f9e89d29bdfe), -W64LIT(0x7ac5704fb2eb8c90), -W64LIT(0xa94dcf7faf0210a4), -W64LIT(0x787a9533f97f124a), -W64LIT(0xdb6bc135c4a6fbb6), -W64LIT(0x048b3ff896ddc941), -W64LIT(0xe8245d69992f8de7), -W64LIT(0xe3dd4e2ed4be3bd2), -W64LIT(0xcafdb5015c727a2a), -W64LIT(0xb7a997f4ec9aee4c), -W64LIT(0xe75671d64263f293), -W64LIT(0x2b9f1e53c358df22), -W64LIT(0x18d0820f9ed1a973), -W64LIT(0xabf22a03e4968e7e), -W64LIT(0xa2b4dc38e293a691), -W64LIT(0x673b458665ada3cf), -W64LIT(0xf9b2295d01fb0c7b), -W64LIT(0xd22d370ec2a3d359), -W64LIT(0x97cf9ae06253875b), -W64LIT(0x0ed7a48104063019), -W64LIT(0x482f642d3028b5ac), -W64LIT(0xc0a12e78cea98372), -W64LIT(0x4fbe3697322bad5a), -W64LIT(0x19750a31419be61e), -W64LIT(0x41699216362d9d43), -W64LIT(0xd5bc65b4c0a0cbaf), -W64LIT(0xe5e994aa09f76c49), -W64LIT(0xeb3e302b0df15c50), -W64LIT(0x94d5f7a2f68d56ec), -W64LIT(0x53e58b603a27cd68), -W64LIT(0x3d9838dd598f4648), -W64LIT(0x60aa173c67aebb39), -W64LIT(0x1dfe35c9d7462f5f), -W64LIT(0x4ca45bd5a6f57ced), -W64LIT(0xbc5084b3a10b5879), -W64LIT(0xfaa8441f9525ddcc), -W64LIT(0x334f9c5c5d897651), -/* box 4 */ -W64LIT(0xda1687a883adf27e), -W64LIT(0xe35c9378578d9f22), -W64LIT(0x303ca4531637fa40), -W64LIT(0xa088321f74b20375), -W64LIT(0xc9863f3a9acb95e9), -W64LIT(0x5fcf47c57d0b0ed4), -W64LIT(0x4aa211e4e1280b4b), -W64LIT(0xe1a4c9ba871d1289), -W64LIT(0x4926664759f03a4f), -W64LIT(0xadfb36ede3707bca), -W64LIT(0xcf7bd1891f8ef7e1), -W64LIT(0x9735559e8f882792), -W64LIT(0x5932a976f84e6cdc), -W64LIT(0x9dc792bef547818a), -W64LIT(0x06fdeeb385456208), -W64LIT(0x46ad38771ea2cf5b), -W64LIT(0x5eb36aa41543b27b), -W64LIT(0x8b2eb33cd1bcb511), -W64LIT(0x71105ff6e598ebbc), -W64LIT(0x5441ad846f8c1463), -W64LIT(0x4c5fff57646d6943), -W64LIT(0xf3485c49f633c9b1), -W64LIT(0x9cbbbfdf9d0f3d25), -W64LIT(0x22d031a067192178), -W64LIT(0xca0248992213a4ed), -W64LIT(0x19627fb263a9c18f), -W64LIT(0x9330e1efda5dc831), -W64LIT(0x1390b89219666797), -W64LIT(0x2edf18339893e568), -W64LIT(0x6c779435d3e4c590), -W64LIT(0x53c06e568281cac4), -W64LIT(0x6ff3e3966b3cf494), -W64LIT(0xfe3b58bb61f1b10e), -W64LIT(0x77edb14560dd89b4), -W64LIT(0x02f85ac2d0908dab), -W64LIT(0x12ec95f3712edb38), -W64LIT(0x85d9c06dfea6fcaa), -W64LIT(0x90b4964c6285f935), -W64LIT(0xf1b0068b26a3441a), -W64LIT(0x729428555d40dab8), -W64LIT(0x5c4b3066c5d33fd0), -W64LIT(0x5d371d07ad9b837f), -W64LIT(0xa48d866e2167ecd6), -W64LIT(0xb661139d504937ee), -W64LIT(0xa27068dda4228ede), -W64LIT(0xf8c6b608e4b4d306), -W64LIT(0x6bf657e73ee91b37), -W64LIT(0xac871b8c8b38c765), -W64LIT(0x4ea7a595b4fde4e8), -W64LIT(0x0d7304f297c278bf), -W64LIT(0xb71d3efc38018b41), -W64LIT(0xae7f414e5ba84ace), -W64LIT(0xaf036c2f33e0f661), -W64LIT(0x0000000000000000), -W64LIT(0xb89660cc7f537e55), -W64LIT(0xa675dcacf1f7617d), -W64LIT(0x610490c74426bd2f), -W64LIT(0xc18ca2d83094be5a), -W64LIT(0x2adaac42cd460acb), -W64LIT(0x7d1f76651a122fac), -W64LIT(0xc58916a9654151f9), -W64LIT(0xedabe0297897d699), -W64LIT(0x2d5b6f90204bd46c), -W64LIT(0x26d585d132cccedb), -W64LIT(0x9f3fc87c25d70c21), -W64LIT(0xc60d610add9960fd), -W64LIT(0x80a0597dc33bafa6), -W64LIT(0xd0e44088f9625466), -W64LIT(0x1d67cbc3367c2e2c), -W64LIT(0x2c2742f1480368c3), -W64LIT(0x89d6e9fe012c38ba), -W64LIT(0xe9ae54582d42393a), -W64LIT(0x3ecbd702392db3fb), -W64LIT(0xb5e5643ee89106ea), -W64LIT(0xa882affddeed28c6), -W64LIT(0x1ae60811db71f08b), -W64LIT(0x924ccc8eb215749e), -W64LIT(0xfcc30279b1613ca5), -W64LIT(0x825803bf13ab220d), -W64LIT(0xd992f00b3b75c37a), -W64LIT(0xc8fa125bf2832946), -W64LIT(0x35453d432baaa94c), -W64LIT(0xf9ba9b698cfc6fa9), -W64LIT(0x37bd6781fb3a24e7), -W64LIT(0x791ac2144fc7c00f), -W64LIT(0x16e9218224fb349b), -W64LIT(0xdb6aaac9ebe54ed1), -W64LIT(0xd8eedd6a533d7fd5), -W64LIT(0x7c635b04725a9303), -W64LIT(0x553d80e507c4a8cc), -W64LIT(0x9a46516c184a5f2d), -W64LIT(0x14117b40f46bb930), -W64LIT(0x1ee3bc608ea41f28), -W64LIT(0x27a9a8b05a847274), -W64LIT(0x4050d6c49be7ad53), -W64LIT(0x7be298d69f574da4), -W64LIT(0x6a8a7a8656a1a798), -W64LIT(0x4d23d2360c25d5ec), -W64LIT(0x1014cf31a1be5693), -W64LIT(0xb264a7ec059cd84d), -W64LIT(0xea2a23fb959a083e), -W64LIT(0xf0cc2bea4eebf8b5), -W64LIT(0x76919c240895351b), -W64LIT(0x0b8eea4112871ab7), -W64LIT(0x47d1151676ea73f4), -W64LIT(0xbdeff9dc42ce2d59), -W64LIT(0x2ba68123a50eb664), -W64LIT(0x057999103d9d530c), -W64LIT(0xe759270902587081), -W64LIT(0xef53baeba8075b32), -W64LIT(0x4fdb88f4dcb55847), -W64LIT(0x6e8fcef70374483b), -W64LIT(0x1168e250c9f6ea3c), -W64LIT(0x1b9a2570b3394c24), -W64LIT(0x706c72978dd05713), -W64LIT(0x865db7ce467ecdae), -W64LIT(0x52bc4337eac9766b), -W64LIT(0x504419f53a59fbc0), -W64LIT(0x8f2b074d84695ab2), -W64LIT(0x6078bda62c6e0180), -W64LIT(0x43d4a167233f9c57), -W64LIT(0x0ef773512f1a49bb), -W64LIT(0x0c0f2993ff8ac410), -W64LIT(0x4bde3c858960b7e4), -W64LIT(0x66855315a92b6388), -W64LIT(0xd360372b41ba6562), -W64LIT(0x584e84179006d073), -W64LIT(0x9b3a7c0d7002e382), -W64LIT(0xa5f1ab0f492f5079), -W64LIT(0x2822f6801dd68760), -W64LIT(0x445562b5ce3242f0), -W64LIT(0xaa7af53f0e7da56d), -W64LIT(0x3c338dc0e9bd3e50), -W64LIT(0x3bb24e1204b0e0f7), -W64LIT(0xd59dd998c4ff076a), -W64LIT(0x91c8bb2d0acd459a), -W64LIT(0x84a5ed0c96ee4005), -W64LIT(0x33b8d3f0aeefcb44), -W64LIT(0x57c5da27d7542567), -W64LIT(0x32c4fe91c6a777eb), -W64LIT(0x3439102243e215e3), -W64LIT(0xc7714c6bb5d1dc52), -W64LIT(0x3fb7fa6351650f54), -W64LIT(0x87219aaf2e367101), -W64LIT(0xf5b5b2fa7376abb9), -W64LIT(0x412cfba5f3af11fc), -W64LIT(0xdceb691b06e89076), -W64LIT(0xbb12176fc78b4f51), -W64LIT(0x73e8053435086617), -W64LIT(0xe220be193fc5238d), -W64LIT(0xb09cfd2ed50c55e6), -W64LIT(0xb9ea4dad171bc2fa), -W64LIT(0x9e43e51d4d9fb08e), -W64LIT(0x36c14ae093729848), -W64LIT(0xa9fe829cb6a59469), -W64LIT(0x0405b47155d5efa3), -W64LIT(0x0af2c7207acfa618), -W64LIT(0x7e9b01c6a2ca1ea8), -W64LIT(0xdd97447a6ea02cd9), -W64LIT(0x0781c3d2ed0ddea7), -W64LIT(0x7866ef75278f7ca0), -W64LIT(0xd1986de9912ae8c9), -W64LIT(0xcb7e65f84a5b1842), -W64LIT(0xcd838b4bcf1e7a4a), -W64LIT(0xab06d85e663519c2), -W64LIT(0xd4e1f4f9acb7bbc5), -W64LIT(0xfdbf2f18d929800a), -W64LIT(0xf23471289e7b751e), -W64LIT(0xbc93d4bd2a8691f6), -W64LIT(0x3d4fa0a181f582ff), -W64LIT(0xba6e3a0eafc3f3fe), -W64LIT(0x5ab6ded540965dd8), -W64LIT(0xeb560e9afdd2b491), -W64LIT(0x0976b083c217971c), -W64LIT(0xecd7cd4810df6a36), -W64LIT(0x23ac1cc10f519dd7), -W64LIT(0xbe6b8e7ffa161c5d), -W64LIT(0x7fe72ca7ca82a207), -W64LIT(0xc0f08fb958dc02f5), -W64LIT(0x7a9eb5b7f71ff10b), -W64LIT(0xa709f1cd99bfddd2), -W64LIT(0x8dd35d8f54f9d719), -W64LIT(0x8caf70ee3cb16bb6), -W64LIT(0xe4dd50aaba804185), -W64LIT(0x83242ede7be39ea2), -W64LIT(0x98be0baec8dad286), -W64LIT(0x690e0d25ee79969c), -W64LIT(0x95cd0f5c5f18aa39), -W64LIT(0x56b9f746bf1c99c8), -W64LIT(0x7469c6e6d805b8b0), -W64LIT(0x8a529e5db9f409be), -W64LIT(0xe6250a686a10cc2e), -W64LIT(0x2fa33552f0db59c7), -W64LIT(0x42a88c064b7720f8), -W64LIT(0x6d0bb954bbac793f), -W64LIT(0x181e52d30be17d20), -W64LIT(0xbf17a31e925ea0f2), -W64LIT(0x94b1223d37501696), -W64LIT(0xe8d27939450a8595), -W64LIT(0xccffa62aa756c6e5), -W64LIT(0x383639b1bc68d1f3), -W64LIT(0xee2f978ac04fe79d), -W64LIT(0xa30c45bccc6a3271), -W64LIT(0x1f9f9101e6eca387), -W64LIT(0xb1e0d04fbd44e949), -W64LIT(0x242ddf13e25c4370), -W64LIT(0x156d56219c23059f), -W64LIT(0x88aac49f69648415), -W64LIT(0x6280e764fcfe8c2b), -W64LIT(0xdf6f1eb8be30a172), -W64LIT(0xe5a17dcbd2c8fd2a), -W64LIT(0xe0d8e4dbef55ae26), -W64LIT(0x63fcca0594b63084), -W64LIT(0xa1f41f7e1cfabfda), -W64LIT(0x295edbe1759e3bcf), -W64LIT(0x67f97e74c163df27), -W64LIT(0x038477a3b8d83104), -W64LIT(0xde1333d9d6781ddd), -W64LIT(0x3ace63736cf85c58), -W64LIT(0xd619ae3b7c27366e), -W64LIT(0x5bcaf3b428dee177), -W64LIT(0xb3188a8d6dd464e2), -W64LIT(0x1c1be6a25e349283), -W64LIT(0x017c2d616848bcaf), -W64LIT(0x8e572a2cec21e61d), -W64LIT(0xf631c559cbae9abd), -W64LIT(0x81dc741cab731309), -W64LIT(0xff4775da09b90da1), -W64LIT(0xb499495f80d9ba45), -W64LIT(0x0f8b5e304752f514), -W64LIT(0x394a14d0d4206d5c), -W64LIT(0xce07fce877c64b4e), -W64LIT(0xf4c99f9b1b3e1716), -W64LIT(0xc4f53bc80d09ed56), -W64LIT(0xc208d57b884c8f5e), -W64LIT(0x080a9de2aa5f2bb3), -W64LIT(0x314089327e7f46ef), -W64LIT(0xfa3eecca34245ead), -W64LIT(0x20286b62b789acd3), -W64LIT(0x7515eb87b04d041f), -W64LIT(0x513834945211476f), -W64LIT(0x650124b611f3528c), -W64LIT(0x17950ce34cb38834), -W64LIT(0x45294fd4a67afe5f), -W64LIT(0x21544603dfc1107c), -W64LIT(0x485a4b2631b886e0), -W64LIT(0x6872204486312a33), -W64LIT(0x647d09d779bbee23), -W64LIT(0x2551f2728a14ffdf), -W64LIT(0xd765835a146f8ac1), -W64LIT(0xd21c1a4a29f2d9cd), -W64LIT(0x99c226cfa0926e29), -W64LIT(0xfb42c1ab5c6ce202), -W64LIT(0xc374f81ae00433f1), -W64LIT(0x964978ffe7c09b3d), -W64LIT(0xf74de838a3e62612), -/* box 5 */ -W64LIT(0x74b87b36b0592c6a), -W64LIT(0x3d82d75dffb4b81c), -W64LIT(0x8884246715267825), -W64LIT(0xdaf2d8a77ed4e5de), -W64LIT(0xfeb118650e53f9c7), -W64LIT(0xbd2d1aea59226b06), -W64LIT(0x26ce87f6dbabb191), -W64LIT(0x32772ecbeb66bd0a), -W64LIT(0xd4bbf82bc5104c8c), -W64LIT(0x055357720c4e03a1), -W64LIT(0xef5be62a32d0f6fd), -W64LIT(0xbe1c84c45d186aca), -W64LIT(0xacc7e4a565a1643c), -W64LIT(0x8dd7731519687b84), -W64LIT(0x11eafe4f3c830f3a), -W64LIT(0x04ef8e68a358afe5), -W64LIT(0x40ad9ca1534b930d), -W64LIT(0xe44191d4855a5c0e), -W64LIT(0x6001d20b809420f1), -W64LIT(0x73666b70173b8243), -W64LIT(0x372479b9e728beab), -W64LIT(0x45fecbd35f0590ac), -W64LIT(0x7057f55e1301838f), -W64LIT(0xff0dc17fa1455583), -W64LIT(0x0cc467b810e804da), -W64LIT(0xb9c29482fa7ac4e3), -W64LIT(0xa003831d754960e6), -W64LIT(0x8a096353be0ad5ad), -W64LIT(0xdd2cc8e1d9b64bf7), -W64LIT(0xc7dc415052bfee3e), -W64LIT(0x9f0c137421d17572), -W64LIT(0x35a93e8d4c041323), -W64LIT(0x9a5f44062d9f76d3), -W64LIT(0x71eb2c44bc172fcb), -W64LIT(0x0ff5f99614d20516), -W64LIT(0x7789e518b4632da6), -W64LIT(0xc99561dce97b476c), -W64LIT(0x5276fcc06bf29dfb), -W64LIT(0x4a0b32454bd795ba), -W64LIT(0x9274add69e2fddec), -W64LIT(0x4f5865374799961b), -W64LIT(0xb2d8e37c4df06e10), -W64LIT(0xc4eddf7e5685eff2), -W64LIT(0xb3643a66e2e6c254), -W64LIT(0xd50721316a06e0c8), -W64LIT(0x8bb5ba49111c79e9), -W64LIT(0x2bb639546455190f), -W64LIT(0xf8d3d1390627fbaa), -W64LIT(0x38d1802ff3fabbbd), -W64LIT(0xdfa18fd5729ae67f), -W64LIT(0x4ee4bc2de88f3a5f), -W64LIT(0xf72628af12f5febc), -W64LIT(0x0aa6aee4189c06b7), -W64LIT(0x0000000000000000), -W64LIT(0x9eb0ca6e8ec7d936), -W64LIT(0xcb1826e84257eae4), -W64LIT(0x187dce8520250841), -W64LIT(0xc28f16225ef1ed9f), -W64LIT(0xc333cf38f1e741db), -W64LIT(0x4220db95f8673e85), -W64LIT(0xdc9011fb76a0e7b3), -W64LIT(0x105627559395a37e), -W64LIT(0x2f59b73cc70db6ea), -W64LIT(0xe112c6a689145faf), -W64LIT(0x82228a830dba7e92), -W64LIT(0x2ee56e26681b1aae), -W64LIT(0x2a0ae04ecb43b54b), -W64LIT(0x47738ce7f4293d24), -W64LIT(0xa7dd935bd22bcecf), -W64LIT(0xd2d93177cd644ee1), -W64LIT(0xebb4684291885918), -W64LIT(0x0e49208cbbc4a952), -W64LIT(0xa550d46f79076347), -W64LIT(0x411145bbfc5d3f49), -W64LIT(0xe6ccd6e02e76f186), -W64LIT(0x4bb7eb5fe4c139fe), -W64LIT(0x5d8305567f2098ed), -W64LIT(0x95aabd90394d73c5), -W64LIT(0x25ff19d8df91b05d), -W64LIT(0x86cd04ebaee2d177), -W64LIT(0x03319e2e043a01cc), -W64LIT(0x6b1ba5f5371e8a02), -W64LIT(0x76353c021b7581e2), -W64LIT(0x64ee5c6323cc8f14), -W64LIT(0x5c3fdc4cd03634a9), -W64LIT(0x6996e2c19c32278a), -W64LIT(0x8938fd7dba30d461), -W64LIT(0x7b4d82a0a48b297c), -W64LIT(0xbfa05ddef20ec68e), -W64LIT(0x8ee6ed3b1d527a48), -W64LIT(0x61bd0b112f828cb5), -W64LIT(0x66631b5788e0229c), -W64LIT(0x55a8ec86cc9033d2), -W64LIT(0x1c9240ed837da7a4), -W64LIT(0x150570279fdba0df), -W64LIT(0x53ca25dac4e431bf), -W64LIT(0xd636bf1f6e3ce104), -W64LIT(0xcaa4fff2ed4146a0), -W64LIT(0x787c1c8ea0b128b0), -W64LIT(0xad7b3dbfcab7c878), -W64LIT(0xfc3c5f51a57f544f), -W64LIT(0xb78bb40e41be6db1), -W64LIT(0x8c6baa0fb67ed7c0), -W64LIT(0xce4b719a4e19e945), -W64LIT(0xf96f0823a93157ee), -W64LIT(0x7d2f4bfcacff2b11), -W64LIT(0x3eb34973fb8eb9d0), -W64LIT(0xe39f81922238f227), -W64LIT(0x239dd084d7e5b230), -W64LIT(0x1fa3dec38747a668), -W64LIT(0xc5510664f99343b6), -W64LIT(0xc829b8c6466deb28), -W64LIT(0x85fc9ac5aad8d0bb), -W64LIT(0xb6376d14eea8c1f5), -W64LIT(0x9d8154408afdd8fa), -W64LIT(0x3be01e01f7c0ba71), -W64LIT(0x628c953f2bb88d79), -W64LIT(0x6d796ca93f6a886f), -W64LIT(0xfa5e960dad0b5622), -W64LIT(0xe5fd48ce2a4cf04a), -W64LIT(0xe7700ffa81605dc2), -W64LIT(0x2dd4f0086c211b62), -W64LIT(0x2221099e78f31e74), -W64LIT(0xdb4e01bdd1c2499a), -W64LIT(0xf417b68116cfff70), -W64LIT(0xb506f33aea92c039), -W64LIT(0x514762ee6fc89c37), -W64LIT(0x9c3d8d5a25eb74be), -W64LIT(0x396d59355cec17f9), -W64LIT(0xccc636aee53544cd), -W64LIT(0x0b1a77feb78aaaf3), -W64LIT(0xe9392f763aa4f490), -W64LIT(0xaaa52df96dd56651), -W64LIT(0x46cf55fd5b3f9160), -W64LIT(0xa4ec0d75d611cf03), -W64LIT(0xaff67a8b619b65f0), -W64LIT(0x3415e797e312bf67), -W64LIT(0x7af15bba0b9d8538), -W64LIT(0x811314ad09807f5e), -W64LIT(0x8771ddf101f47d33), -W64LIT(0x969b23be3d777209), -W64LIT(0xd365e86d6272e2a5), -W64LIT(0x58d05224736e9b4c), -W64LIT(0xc660984afda9427a), -W64LIT(0x5414359c63869f96), -W64LIT(0xe885f66c95b258d4), -W64LIT(0x655285798cda2350), -W64LIT(0x6cc5b5b3907c242b), -W64LIT(0x6ff42b9d944625e7), -W64LIT(0xc0025116f5dd4017), -W64LIT(0xa28ec429de65cd6e), -W64LIT(0x63304c2584ae213d), -W64LIT(0x7fa20cc807d38699), -W64LIT(0x996eda2829a5771f), -W64LIT(0x1b4c50ab241f098d), -W64LIT(0x1e1f07d928510a2c), -W64LIT(0x33cbf7d14470114e), -W64LIT(0xb055a448e6dcc398), -W64LIT(0x98d2033286b3db5b), -W64LIT(0xec6a780436eaf731), -W64LIT(0xa1bf5a07da5fcca2), -W64LIT(0xbaf30aacfe40c52f), -W64LIT(0xf144e1f31a81fcd1), -W64LIT(0xe0ae1fbc2602f3eb), -W64LIT(0x14b9a93d30cd0c9b), -W64LIT(0x596c8b3edc783708), -W64LIT(0x682a3bdb33248bce), -W64LIT(0xb87e4d98556c68a7), -W64LIT(0x80afcdb7a696d31a), -W64LIT(0x5725abb267bc9e5a), -W64LIT(0x914533f89a15dc20), -W64LIT(0x5eb29b787b1a9921), -W64LIT(0x01bcd91aaf16ac44), -W64LIT(0xc1be880c5acbec53), -W64LIT(0xedd6a11e99fc5b75), -W64LIT(0x028d4734ab2cad88), -W64LIT(0x8f5a3421b244d60c), -W64LIT(0x4dd52203ecb53b93), -W64LIT(0x3f0f906954981594), -W64LIT(0xae4aa391ce8dc9b4), -W64LIT(0x3698a0a3483e12ef), -W64LIT(0xf5ab6f9bb9d95334), -W64LIT(0x082be9d0b3b0ab3f), -W64LIT(0xd1e8af59c95e4f2d), -W64LIT(0xd87f9f93d5f84856), -W64LIT(0x6e48f2873b5089a3), -W64LIT(0x2443c0c270871c19), -W64LIT(0xb1e97d5249ca6fdc), -W64LIT(0x7c9392e603e98755), -W64LIT(0x839e5399a2acd2d6), -W64LIT(0x19c1179f8f33a405), -W64LIT(0xde1d56cfdd8c4a3b), -W64LIT(0x20ac4eaad3dfb3fc), -W64LIT(0x1af089b18b09a5c9), -W64LIT(0x3a5cc71b58d61635), -W64LIT(0x444212c9f0133ce8), -W64LIT(0x72dab26ab82d2e07), -W64LIT(0x4c69fb1943a397d7), -W64LIT(0xf3c9a6c7b1ad5159), -W64LIT(0x1d2e99f72c6b0be0), -W64LIT(0xb4ba2a2045846c7d), -W64LIT(0xe22358888d2e5e63), -W64LIT(0x2887a77a606f18c3), -W64LIT(0xa8286acdc6f9cbd9), -W64LIT(0x5f0e4262d40c3565), -W64LIT(0xeee73f309dc65ab9), -W64LIT(0x9be39d1c8289da97), -W64LIT(0x1634ee099be1a113), -W64LIT(0xea08b1583e9ef55c), -W64LIT(0x9727faa49261de4d), -W64LIT(0x2c682912c337b726), -W64LIT(0xcff7a880e10f4501), -W64LIT(0x1788371334f70d57), -W64LIT(0x27725eec74bd1dd5), -W64LIT(0x3146b0e5ef5cbcc6), -W64LIT(0x099730ca1ca6077b), -W64LIT(0xf2757fdd1ebbfd1d), -W64LIT(0x6aa77cef98082646), -W64LIT(0xbb4fd3b65156696b), -W64LIT(0x569972a8c8aa321e), -W64LIT(0xa3321d337173612a), -W64LIT(0x50fbbbf4c0de3073), -W64LIT(0x5a5d1510d84236c4), -W64LIT(0xfd80864b0a69f80b), -W64LIT(0x07de1046a762ae29), -W64LIT(0xa6614a417d3d628b), -W64LIT(0xd78a6605c12a4d40), -W64LIT(0x67dfc24d27f68ed8), -W64LIT(0xbc91c3f0f634c742), -W64LIT(0xd05476436648e369), -W64LIT(0x493aac6b4fed9476), -W64LIT(0x12db606138b90ef6), -W64LIT(0xa994b3d769ef679d), -W64LIT(0x211097b07cc91fb8), -W64LIT(0x30fa69ff404a1082), -W64LIT(0x3c3e0e4750a21458), -W64LIT(0x7504a22c1f4f802e), -W64LIT(0x844043df05ce7cff), -W64LIT(0xf0f838e9b5975095), -W64LIT(0x7e1ed5d2a8c52add), -W64LIT(0x90f9eae235037064), -W64LIT(0x0662c95c0874026d), -W64LIT(0x9416648a965bdf81), -W64LIT(0xf69af1b5bde352f8), -W64LIT(0x0d78bea2bffea89e), -W64LIT(0x293b7e60cf79b487), -W64LIT(0xd9c346897aeee412), -W64LIT(0xfbe24f17021dfa66), -W64LIT(0x1367b97b97afa2b2), -W64LIT(0xab19f4e3c2c3ca15), -W64LIT(0x48867571e0fb3832), -W64LIT(0x93c874cc313971a8), -W64LIT(0x79c0c5940fa784f4), -W64LIT(0xcd7aefb44a23e889), -W64LIT(0x439c028f577192c1), -W64LIT(0x5be1cc0a77549a80), -/* box 6 */ -W64LIT(0x714d28d778656928), -W64LIT(0xc88a7c6b84f64f7c), -W64LIT(0xec43cac5ab89aaca), -W64LIT(0x777fa38110dc16a3), -W64LIT(0x0f7d5c87e4213b5c), -W64LIT(0x73f051e5f3a1ef51), -W64LIT(0xea714193c330d541), -W64LIT(0x95e5f3dae016c4f3), -W64LIT(0x63d3738095a0e173), -W64LIT(0x9825d66f8ff379d6), -W64LIT(0xe8cc38a148f45338), -W64LIT(0xa840b0c025f06bb0), -W64LIT(0x944135c35f748735), -W64LIT(0x74661caa247ad31c), -W64LIT(0xe7b16426acd56864), -W64LIT(0xd1e689df6e6f0589), -W64LIT(0xa73dec47c1d150ec), -W64LIT(0x64453ecf427bdd3e), -W64LIT(0x0ed99a9e5b43789a), -W64LIT(0x7b1b402dc05be840), -W64LIT(0x0dc025b56fe5bd25), -W64LIT(0x3f183a284e22293a), -W64LIT(0xa0aba108160a6ca1), -W64LIT(0x46be033705bd4703), -W64LIT(0x86df6e94b2b10f6e), -W64LIT(0xa216d83a9dceead8), -W64LIT(0x129e5b57edc5885b), -W64LIT(0x7e3074509c445274), -W64LIT(0x7d29cb7ba8e297cb), -W64LIT(0x1611a9330eb871a9), -W64LIT(0x486799a95efe3f99), -W64LIT(0x9fb39b205828459b), -W64LIT(0xd0424fc6d10d464f), -W64LIT(0xe968feb8f79610fe), -W64LIT(0x5d6f8fb164e08b8f), -W64LIT(0xaafdc9f2ae34edc9), -W64LIT(0x02bd79328bc48679), -W64LIT(0x9b3c6944bb55bc69), -W64LIT(0x6277b5992ac2a2b5), -W64LIT(0x877ba88d0dd34ca8), -W64LIT(0xfa5263f6a531db63), -W64LIT(0x2e9fde54974164de), -W64LIT(0xcda14816d8e9f548), -W64LIT(0x675c81e476dd1881), -W64LIT(0x2a102c30743c9d2c), -W64LIT(0x37f32be07dd82e2b), -W64LIT(0x256d70b7901da670), -W64LIT(0x4ce86bcdbd83c66b), -W64LIT(0x50afaa040b0536aa), -W64LIT(0xef5a75ee9f2f6f75), -W64LIT(0xb3913c4644ada73c), -W64LIT(0x1187e47cd9634de4), -W64LIT(0xc54a59deeb13f259), -W64LIT(0x0000000000000000), -W64LIT(0x01a4c619bf6243c6), -W64LIT(0x90cec7a7bc097ec7), -W64LIT(0xf94bdcdd91971edc), -W64LIT(0x8e347f5c814b087f), -W64LIT(0xc7f720ec60d77420), -W64LIT(0x354e52d2f61ca852), -W64LIT(0x34ea94cb497eeb94), -W64LIT(0xae723b964d49143b), -W64LIT(0xf48bf968fe72a3f9), -W64LIT(0xfc60e8a0cd88a4e8), -W64LIT(0x2909931b409a5893), -W64LIT(0xbd48a6d81feedfa6), -W64LIT(0x6cae2f077181da2f), -W64LIT(0xad6b84bd79efd184), -W64LIT(0x18c833ad55fb0933), -W64LIT(0x204644cacc021c44), -W64LIT(0x392ab17e269b56b1), -W64LIT(0x14acd001857cf7d0), -W64LIT(0x8abb8d386236f18d), -W64LIT(0xeefeb3f7204d2cb3), -W64LIT(0xf636805a75b62580), -W64LIT(0x2bb4ea29cb5edeea), -W64LIT(0xc653e6f5dfb537e6), -W64LIT(0x8d2dc077b5edcdc0), -W64LIT(0x31c1a0b6156151a0), -W64LIT(0xf8ef1ac42ef55d1a), -W64LIT(0xdbb0e125d65184e1), -W64LIT(0x82509cf051ccf69c), -W64LIT(0xe33e96424fa89196), -W64LIT(0xdf3f1341352c7d13), -W64LIT(0x8f90b9453e294bb9), -W64LIT(0x1023226566010e22), -W64LIT(0xa58095754a15d695), -W64LIT(0x2c22a7661c85e2a7), -W64LIT(0xe183ef70c46c17ef), -W64LIT(0xafd6fd8ff22b57fd), -W64LIT(0x471ac52ebadf04c5), -W64LIT(0x4d4cadd402e185ad), -W64LIT(0x916a01be036b3d01), -W64LIT(0x28ad5502fff81b55), -W64LIT(0x3657edf9c2ba6ded), -W64LIT(0xd2ff36f45ac9c036), -W64LIT(0xf1a0cd15a26d19cd), -W64LIT(0xd90d98175d950298), -W64LIT(0xf7924643cad46646), -W64LIT(0xdd826a73bee8fb6a), -W64LIT(0x9d0ee212d3ecc3e2), -W64LIT(0xb6ba083b18b21d08), -W64LIT(0x3da5431ac5e6af43), -W64LIT(0x08eb11c833fa0711), -W64LIT(0x052b347d5c1fba34), -W64LIT(0x6fb7902c45271f90), -W64LIT(0x133a9d4e52a7cb9d), -W64LIT(0x6e135635fa455c56), -W64LIT(0x725497fc4cc3ac97), -W64LIT(0xf31db42729a99fb4), -W64LIT(0x846217a639758917), -W64LIT(0x4b7e26826a58fa26), -W64LIT(0x235ffbe1f8a4d9fb), -W64LIT(0xff79578bf92e6157), -W64LIT(0xda14273c6933c727), -W64LIT(0x8b1f4b21dd54b24b), -W64LIT(0x9caa240b6c8e8024), -W64LIT(0xc1c5abba086e0bab), -W64LIT(0xde9bd5588a4e3ed5), -W64LIT(0x2d86617fa3e7a161), -W64LIT(0xbff5dfea942a59df), -W64LIT(0x66f847fdc9bf5b47), -W64LIT(0x3b97c84cad5fd0c8), -W64LIT(0x3ebcfc31f1406afc), -W64LIT(0xca3705590f32c905), -W64LIT(0x24c9b6ae2f7fe5b6), -W64LIT(0x408c88616d043888), -W64LIT(0x93d7788c88afbb78), -W64LIT(0x196cf5b4ea994af5), -W64LIT(0x9a98af5d0437ffaf), -W64LIT(0x8c89066e0a8f8e06), -W64LIT(0xab590feb1156ae0f), -W64LIT(0xd7d4028906d67a02), -W64LIT(0xe4a8db0d9873addb), -W64LIT(0xc378d28883aa8dd2), -W64LIT(0x4ff1d4e6892503d4), -W64LIT(0xd670c490b9b439c4), -W64LIT(0x65e1f8d6fd199ef8), -W64LIT(0xf2b9723e96cbdc72), -W64LIT(0xb12c4574cf692145), -W64LIT(0x569d215263bc4921), -W64LIT(0x69851b7a2d9e601b), -W64LIT(0x5e76309a50464e30), -W64LIT(0x5fd2f683ef240df6), -W64LIT(0xd8a95e0ee2f7415e), -W64LIT(0xe29a505bf0cad250), -W64LIT(0x96fc4cf1d4b0014c), -W64LIT(0x8806f40ae9f277f4), -W64LIT(0x53b6152f3fa3f315), -W64LIT(0x1c47c1c9b686f0c1), -W64LIT(0x80ede5c2da0870e5), -W64LIT(0xd5697bbb8d12fc7b), -W64LIT(0xfdc42eb972eae72e), -W64LIT(0x0bf2aee3075cc2ae), -W64LIT(0x22fb3df847c69a3d), -W64LIT(0xbadeeb97c835e3eb), -W64LIT(0xdc26ac6a018ab8ac), -W64LIT(0xbcec60c1a08c9c60), -W64LIT(0x4231f153e6c0bef1), -W64LIT(0x337cd9849ea5d7d9), -W64LIT(0x5b5d04e70c59f404), -W64LIT(0x79a6391f4b9f6e39), -W64LIT(0x5212d33680c1b0d3), -W64LIT(0xb5a3b7102c14d8b7), -W64LIT(0x7f94b249232611b2), -W64LIT(0x17b56f2ab1da326f), -W64LIT(0x59e07dd5879d727d), -W64LIT(0xebd5878a7c529687), -W64LIT(0xbb7a2d8e7757a02d), -W64LIT(0x0319bf2b34a6c5bf), -W64LIT(0x5ccb49a8db82c849), -W64LIT(0x1de307d009e4b307), -W64LIT(0x49c35fb0e19c7c5f), -W64LIT(0x55849e79571a8c9e), -W64LIT(0x7abf86347f39ab86), -W64LIT(0x9273be9537cdf8be), -W64LIT(0xe615a23f13b72ba2), -W64LIT(0x6821dd6392fc23dd), -W64LIT(0x5af9c2feb33bb7c2), -W64LIT(0x06328b5668b97f8b), -W64LIT(0x44037a058e79c17a), -W64LIT(0x83f45ae9eeaeb55a), -W64LIT(0x5739e74bdcde0ae7), -W64LIT(0xfbf6a5ef1a5398a5), -W64LIT(0xe50c1d142711ee1d), -W64LIT(0x1a754a9fde3f8f4a), -W64LIT(0x7802ff06f4fd2dff), -W64LIT(0xf52f3f714110e03f), -W64LIT(0x2674cf9ca4bb63cf), -W64LIT(0x60caccaba10624cc), -W64LIT(0xb088836d700b6283), -W64LIT(0xa6992a5e7eb3132a), -W64LIT(0xa9e476d99a922876), -W64LIT(0x6b386248a65ae662), -W64LIT(0xc2dc14913cc8ce14), -W64LIT(0x76db6598afbe5565), -W64LIT(0x32d81f9d21c7941f), -W64LIT(0x21e282d373605f82), -W64LIT(0xc0616da3b70c486d), -W64LIT(0x616e0ab21e64670a), -W64LIT(0x6d0ae91ecee399e9), -W64LIT(0x27d009851bd92009), -W64LIT(0xfedd9192464c2291), -W64LIT(0x45a7bc1c311b82bc), -W64LIT(0x54205860e878cf58), -W64LIT(0xa10f6711a9682f67), -W64LIT(0x9981107630913a10), -W64LIT(0xede70cdc14ebe90c), -W64LIT(0x70e9eecec7072aee), -W64LIT(0x1f5e7ee28220357e), -W64LIT(0x2f3b184d28232718), -W64LIT(0x41284e78d2667b4e), -W64LIT(0xa424536cf5779553), -W64LIT(0xa3b21e2322aca91e), -W64LIT(0x4e5512ff36474012), -W64LIT(0x1efab8fb3d4276b8), -W64LIT(0x89a2321356903432), -W64LIT(0xcb93c340b0508ac3), -W64LIT(0x306566afaa031266), -W64LIT(0x4adae09bd53ab9e0), -W64LIT(0xc92eba723b940cba), -W64LIT(0x094fd7d18c9844d7), -W64LIT(0xcc058e0f678bb68e), -W64LIT(0xd4cdbda23270bfbd), -W64LIT(0x0a5668fab83e8168), -W64LIT(0x510b6c1db467756c), -W64LIT(0xb86392a543f16592), -W64LIT(0x048ff264e37df9f2), -W64LIT(0x3a330e55123d930e), -W64LIT(0xb235fa5ffbcfe4fa), -W64LIT(0xb9c754bcfc932654), -W64LIT(0x3c0185037a84ec85), -W64LIT(0x0c64e3acd087fee3), -W64LIT(0xe02729697b0e5429), -W64LIT(0x07964d4fd7db3c4d), -W64LIT(0x814923db656a3323), -W64LIT(0x388e776799f91577), -W64LIT(0x6a9ca4511938a5a4), -W64LIT(0x1bd18c86615dcc8c), -W64LIT(0xb407710993769b71), -W64LIT(0x150816183a1eb416), -W64LIT(0x4395374a59a2fd37), -W64LIT(0xc4ee9fc75471b19f), -W64LIT(0x5844bbcc38ff31bb), -W64LIT(0xcf1c3124532d7331), -W64LIT(0xb71ece22a7d05ece), -W64LIT(0xaccf42a4c68d9242), -W64LIT(0x97588ae86bd2428a), -W64LIT(0x75c2dab39b1890da), -W64LIT(0x9e175d39e74a065d), -W64LIT(0xf0040b0c1d0f5a0b), -W64LIT(0xceb8f73dec4f30f7), -W64LIT(0xbe5119f32b481a19), -W64LIT(0xd35bf0ede5ab83f0), -W64LIT(0x7c8d0d621780d40d), -W64LIT(0x85c6d1bf8617cad1), -/* box 7 */ -W64LIT(0xb1c742127b66f2a4), -W64LIT(0xce916098d7a59fc1), -W64LIT(0xc312ef8e2406fa70), -W64LIT(0x956c7dced81403d5), -W64LIT(0x5a0c9b2318dd9520), -W64LIT(0xad0d57f51a480e8b), -W64LIT(0xe7b9d05287740b01), -W64LIT(0x0217f9ea2ed81268), -W64LIT(0x4d7cff19f8cd3a06), -W64LIT(0x44d1772e572b7b67), -W64LIT(0xfb73c5b5e65af72e), -W64LIT(0x91427aef84512705), -W64LIT(0x0c720963e4cf6c85), -W64LIT(0x87c398a0732d8117), -W64LIT(0xa17f5e96fe87620e), -W64LIT(0x50476c8b8e8fcf1d), -W64LIT(0xcb4ee1cc9c8cb225), -W64LIT(0x67b2304c91a8b59a), -W64LIT(0x54696baad2caebcd), -W64LIT(0xddcf03836bf01437), -W64LIT(0x46c68ec479f3690f), -W64LIT(0x8f9f96e2cba7c942), -W64LIT(0xe1802e99f5e93db9), -W64LIT(0x4e9a8086c179215a), -W64LIT(0xf0c9b4686764a427), -W64LIT(0xfd4a3b7e94c7c196), -W64LIT(0xfcbbbd0b83abc8a2), -W64LIT(0xebcbd93163bb6784), -W64LIT(0xf9643c5fc882e546), -W64LIT(0xc4da973041f7c5fc), -W64LIT(0x1af3eb2c13b3ca97), -W64LIT(0x6e1fb87b3e4ef4fb), -W64LIT(0x5e229c024498b1f0), -W64LIT(0xf516353c2c4d89c3), -W64LIT(0xcc869972f97d8da9), -W64LIT(0x8d886f08e57fdb2a), -W64LIT(0x1cca15e7612efc2f), -W64LIT(0x567e9240fc12f9a5), -W64LIT(0x43190f9032da44eb), -W64LIT(0xfeac44e1ad73daca), -W64LIT(0x07c878be65f13f8c), -W64LIT(0x618bce87e3358322), -W64LIT(0xf895ba2adfeeec72), -W64LIT(0x751dd5223a913758), -W64LIT(0x59eae4bc21698e7c), -W64LIT(0xff5dc294ba1fd3fe), -W64LIT(0x03e67f9f39b41b5c), -W64LIT(0x2292c117d1efc7c9), -W64LIT(0x8a4017b6808ee4a6), -W64LIT(0xd1bd0ae08f3f78b2), -W64LIT(0x135e631bbc558bf6), -W64LIT(0xee14586528924a60), -W64LIT(0x8857ee5cae56f6ce), -W64LIT(0x0000000000000000), -W64LIT(0x0e65f089ca177eed), -W64LIT(0x34132358269361db), -W64LIT(0x15679dd0cec8bd4e), -W64LIT(0x800be01e16dcbe9b), -W64LIT(0x949dfbbbcf780ae1), -W64LIT(0xe397d773db312fd1), -W64LIT(0xedf227fa1126513c), -W64LIT(0xb5e945332723d674), -W64LIT(0x53a11314b73bd441), -W64LIT(0x23634762c683cefd), -W64LIT(0x4b4501d28a500cbe), -W64LIT(0x473708b16e9f603b), -W64LIT(0x1770643ae010af26), -W64LIT(0xa746a05d8c1a54b6), -W64LIT(0x90b3fc9a933d2e31), -W64LIT(0x35e2a52d31ff68ef), -W64LIT(0xab34a93e68d53833), -W64LIT(0xd81082d720d939d3), -W64LIT(0xb86aca25d480b3c5), -W64LIT(0xdfd8fa694528065f), -W64LIT(0x4f6b06f3d615286e), -W64LIT(0x578f1435eb7ef091), -W64LIT(0x9af80b32056f740c), -W64LIT(0x92a40570bde53c59), -W64LIT(0xdbf6fd48196d228f), -W64LIT(0x1b026d5904dfc3a3), -W64LIT(0x3c4f2d1a9e19298e), -W64LIT(0xc8a89e53a538a979), -W64LIT(0x991e74ad3cdb6f50), -W64LIT(0x042e07215c4524d0), -W64LIT(0x8e6e1097dccbc076), -W64LIT(0xe071a8ece285348d), -W64LIT(0xd784f42bfda24e0a), -W64LIT(0x7d41db60821b7f0d), -W64LIT(0x85d4614a5df5937f), -W64LIT(0xbb8cb5baed34a899), -W64LIT(0x40ff700f0b6e5fb7), -W64LIT(0x2cf7319e1bf8b924), -W64LIT(0x3a76d3d1ec841f36), -W64LIT(0x4520f15b40477253), -W64LIT(0xf138321d7008ad13), -W64LIT(0x42e889e525b64ddf), -W64LIT(0x65a5c9a6bf70a7f2), -W64LIT(0x208538fdff37d5a1), -W64LIT(0x410ef67a1c025683), -W64LIT(0x18e412c63d6bd8ff), -W64LIT(0x72d5ad9c5f6008d4), -W64LIT(0x255ab9a9b41ef845), -W64LIT(0x93558305aa89356d), -W64LIT(0x70c2547671b81abc), -W64LIT(0x3604dab2084b73b3), -W64LIT(0x05df81544b292de4), -W64LIT(0xf2de4d8249bcb64f), -W64LIT(0x0bba71dd813e5309), -W64LIT(0xa368a77cd05f7066), -W64LIT(0x796fdc41de5e5bdd), -W64LIT(0xec03a18f064a5808), -W64LIT(0x085c0e42b88a4855), -W64LIT(0x274d40439ac6ea2d), -W64LIT(0x31cca20c6dba4c3f), -W64LIT(0x322add93540e5763), -W64LIT(0xb60f3aac1e97cd28), -W64LIT(0x7cb05d1595777639), -W64LIT(0xb036c4676c0afb90), -W64LIT(0x0a4bf7a896525a3d), -W64LIT(0x73242be9480c01e0), -W64LIT(0x5bfd1d560fb19c14), -W64LIT(0x7b7825abf08649b5), -W64LIT(0xb7febcd909fbc41c), -W64LIT(0x81fa666b01b0b7af), -W64LIT(0xd25b757fb68b63ee), -W64LIT(0x0d838f16f3a365b1), -W64LIT(0x6a31bf5a620bd02b), -W64LIT(0x26bcc6368daae319), -W64LIT(0x9ed60c13592a50dc), -W64LIT(0x581b62c936058748), -W64LIT(0x9cc1f5f977f242b4), -W64LIT(0x83ed9f812f68a5c7), -W64LIT(0x74ec53572dfd3e6c), -W64LIT(0xb3d0bbf855bee0cc), -W64LIT(0xacfcd1800d2407bf), -W64LIT(0x303d24797ad6450b), -W64LIT(0x7a89a3dee7ea4081), -W64LIT(0x69d7c0c55bbfcb77), -W64LIT(0x770a2cc814492530), -W64LIT(0x0f9476fcdd7b77d9), -W64LIT(0xaeeb286a23fc15d7), -W64LIT(0x2174be88e85bdc95), -W64LIT(0xde297c1c52440f6b), -W64LIT(0xd04c8c9598537186), -W64LIT(0x2ee0c8743520ab4c), -W64LIT(0x977b8424f6cc11bd), -W64LIT(0x10b81c8485e190aa), -W64LIT(0xa4a0dfc2b5ae4fea), -W64LIT(0x98eff2d82bb76664), -W64LIT(0xa8d2d6a15161236f), -W64LIT(0xd4628bb4c4165556), -W64LIT(0x682646b04cd3c243), -W64LIT(0x2d06b7eb0c94b010), -W64LIT(0x626db118da81987e), -W64LIT(0x2928b0ca50d194c0), -W64LIT(0x6df9c7e407faefa7), -W64LIT(0x1681e24ff77ca612), -W64LIT(0x4952f838a4881ed6), -W64LIT(0x76fbaabd03252c04), -W64LIT(0xc73ce8af7843dea0), -W64LIT(0xe82da6ae5a0f7cd8), -W64LIT(0xc10516640adee818), -W64LIT(0x968a0251e1a01889), -W64LIT(0x37f55cc71f277a87), -W64LIT(0xe5ae29b8a9ac1969), -W64LIT(0xcabf67b98be0bb11), -W64LIT(0xf4e7b3493b2180f7), -W64LIT(0xe9dc20db4d6375ec), -W64LIT(0x639c376dcded914a), -W64LIT(0x12afe56eab3982c2), -W64LIT(0xc2e369fb336af344), -W64LIT(0xa6b726289b765d82), -W64LIT(0x14961ba5d9a4b47a), -W64LIT(0xbc44cd0488c59715), -W64LIT(0xd3aaf30aa1e76ada), -W64LIT(0x28d936bf47bd9df4), -W64LIT(0xaf1aae1f34901ce3), -W64LIT(0x2f114e01224ca278), -W64LIT(0xe648562790180235), -W64LIT(0x24ab3fdca372f171), -W64LIT(0x52509561a057dd75), -W64LIT(0xc6cd6eda6f2fd794), -W64LIT(0xa08ed8e3e9eb6b3a), -W64LIT(0x09ad8837afe64161), -W64LIT(0xbdb54b719fa99e21), -W64LIT(0x8c79e97df213d21e), -W64LIT(0xcf60e6edc0c996f5), -W64LIT(0x5dc4e39d7d2caaac), -W64LIT(0x11499af1928d999e), -W64LIT(0x5fd31a7753f4b8c4), -W64LIT(0x01f18675176c0934), -W64LIT(0xc52b1145569bccc8), -W64LIT(0x9f278a664e4659e8), -W64LIT(0x3dbeab6f897520ba), -W64LIT(0xa2992109c7337952), -W64LIT(0x9b098d4712037d38), -W64LIT(0xc9591826b254a04d), -W64LIT(0x3b8755a4fbe81602), -W64LIT(0xbe5334eea61d857d), -W64LIT(0x51b6eafe99e3c629), -W64LIT(0x191594b32a07d1cb), -W64LIT(0x1f2c6a78589ae773), -W64LIT(0x3fa95285a7ad32d2), -W64LIT(0x5c3565e86a40a398), -W64LIT(0xb2213d8d42d2e9f8), -W64LIT(0xefe5de103ffe4354), -W64LIT(0x4ab487a79d3c058a), -W64LIT(0xcd771f07ee11849d), -W64LIT(0xbfa2b29bb1718c49), -W64LIT(0xba7d33cffa58a1ad), -W64LIT(0x6fee3e0e2922fdcf), -W64LIT(0x64544fd3a81caec6), -W64LIT(0xd9e104a237b530e7), -W64LIT(0xf32fcbf75ed0bf7b), -W64LIT(0x3e58d4f0b0c13be6), -W64LIT(0xb418c346304fdf40), -W64LIT(0xaac52f4b7fb93107), -W64LIT(0xdc3e85f67c9c1d03), -W64LIT(0xd5930dc1d37a5c62), -W64LIT(0x0639fecb729d36b8), -W64LIT(0xc0f490111db2e12c), -W64LIT(0x7ea7a4ffbbaf6451), -W64LIT(0xf6f04aa315f9929f), -W64LIT(0x6643b63986c4bcae), -W64LIT(0x6c0841911096e693), -W64LIT(0x8425e73f4a999a4b), -W64LIT(0x7133d20366d41388), -W64LIT(0x38612a3bc25c0d5e), -W64LIT(0xb99b4c50c3ecbaf1), -W64LIT(0x1d3b93927642f51b), -W64LIT(0x7f56228aacc36d65), -W64LIT(0x9d30738c609e4b80), -W64LIT(0x48a37e4db3e417e2), -W64LIT(0x8bb191c397e2ed92), -W64LIT(0x2acecf5569658f9c), -W64LIT(0xda077b3d0e012bbb), -W64LIT(0xa55159b7a2c246de), -W64LIT(0x33db5be643625e57), -W64LIT(0x821c19f43804acf3), -W64LIT(0x3990ac4ed530046a), -W64LIT(0xd675725eeace473e), -W64LIT(0x789e5a34c93252e9), -W64LIT(0x86321ed564418823), -W64LIT(0xfa8243c0f136fe1a), -W64LIT(0xe45fafcdbec0105d), -W64LIT(0x2b3f49207e0986a8), -W64LIT(0xa92350d4460d2a5b), -W64LIT(0x1eddec0d4ff6ee47), -W64LIT(0x89a66829b93afffa), -W64LIT(0x607a48f2f4598a16), -W64LIT(0x6bc0392f7567d91f), -W64LIT(0xea3a5f4474d76eb0), -W64LIT(0x5598eddfc5a6e2f9), -W64LIT(0x4c8d796cefa13332), -W64LIT(0xf701ccd602959bab), -W64LIT(0xe2665106cc5d26e5), -}; - -const word64 SHARK::Dec::cbox[8][256] = { -/* box 0 */ -W64LIT(0xe6126af05e55aff3), -W64LIT(0x4b6c893f310b0835), -W64LIT(0xaa4c0e84ebfc8d57), -W64LIT(0xfb9b5c7bf3b3090d), -W64LIT(0x4508a6a9ccba5ce2), -W64LIT(0xe5d1d2064dc6bde9), -W64LIT(0x348343755288edde), -W64LIT(0xb684505de46b250c), -W64LIT(0xa8cede205a1e91e8), -W64LIT(0x40b89b46f9fa6acc), -W64LIT(0x8ee1ec1afab080ba), -W64LIT(0xde77d6b7408e0a45), -W64LIT(0x9a3e184c2e455802), -W64LIT(0xbe93fad23f0955ef), -W64LIT(0x3ae76ce3af39b909), -W64LIT(0xad7ee3cf6f5ea7c6), -W64LIT(0x8b51d1f5cff0b694), -W64LIT(0x70ca8d8e3c43bf99), -W64LIT(0xccdba7f8b2a8f6c9), -W64LIT(0x4c5e6474b5a922a4), -W64LIT(0x5d31adcd541ccc32), -W64LIT(0x9b7f701e8c3456a7), -W64LIT(0x2ac9cd08ecfd593a), -W64LIT(0x8fa0844858c18e1f), -W64LIT(0x32f0c66c745bc9ea), -W64LIT(0xc58d6525cbbb888f), -W64LIT(0x8c633cbe4b529c05), -W64LIT(0xf2cd9ea68aa0774b), -W64LIT(0x2cba4811ca2e7d0e), -W64LIT(0xe2e33f4dc9649778), -W64LIT(0xf4be1bbfac73537f), -W64LIT(0x22de6787379f29d9), -W64LIT(0x0956c2dd79137e46), -W64LIT(0xe061efe978868bc7), -W64LIT(0x1cc85ed90f97a85b), -W64LIT(0x31337e9a67c8dbf0), -W64LIT(0x360193d1e36af161), -W64LIT(0x7fefca4a6383e5eb), -W64LIT(0x8535fe633241e243), -W64LIT(0xc3fee03ced68acbb), -W64LIT(0x81c4abdea570dac8), -W64LIT(0x67d6c12efb25753b), -W64LIT(0xa4282112164dd980), -W64LIT(0xcf181f0ea13be4d3), -W64LIT(0xa98fb672f86f9f4d), -W64LIT(0x5c70c59ff66dc297), -W64LIT(0xb0f7d544c2b80138), -W64LIT(0x0da79760ee2246cd), -W64LIT(0x3740fb83411bffc4), -W64LIT(0x24ade29e114c0ded), -W64LIT(0xf858e48de0201b17), -W64LIT(0x0e642f96fdb154d7), -W64LIT(0xddb46e41531d185f), -W64LIT(0x25ec8accb33d0348), -W64LIT(0x0282d0a4b1e21cbf), -W64LIT(0x1bfab3928b3582ca), -W64LIT(0xaffc336bdebcbb79), -W64LIT(0x35c22b27f0f9e37b), -W64LIT(0x03c3b8f61393121a), -W64LIT(0xb8e07fcb19da71db), -W64LIT(0x99fda0ba3dd64a18), -W64LIT(0xce59775c034aea76), -W64LIT(0x49ee599b80e9148a), -W64LIT(0xfe2b6194c6f33f23), -W64LIT(0x4edcb4d0044b3e1b), -W64LIT(0xd5a3c4ce887f68bc), -W64LIT(0xdf36bee5e2ff04e0), -W64LIT(0x171c4ca0c766caa2), -W64LIT(0x0bd41279c8f162f9), -W64LIT(0xe490ba54efb7b34c), -W64LIT(0x5b4228d472cfe806), -W64LIT(0x5355825ba9ad98e5), -W64LIT(0x9f8e25a31b056e2c), -W64LIT(0xcd9acfaa10d9f86c), -W64LIT(0x88926903dc63a48e), -W64LIT(0xb40680f9558939b3), -W64LIT(0x239f0fd595ee277c), -W64LIT(0xec8710db34d5c3af), -W64LIT(0x87b72ec783a3fefc), -W64LIT(0x632794936c144db0), -W64LIT(0x46cb1e5fdf294ef8), -W64LIT(0x83467b7a1492c677), -W64LIT(0x9c4d9d5508967c36), -W64LIT(0xd6607c389bec7aa6), -W64LIT(0x165d24f26517c407), -W64LIT(0xc4cc0d7769ca862a), -W64LIT(0xcbe94ab3360adc58), -W64LIT(0x847496319030ece6), -W64LIT(0x7a5ff7a556c3d3c5), -W64LIT(0xc03d58cafefbbea1), -W64LIT(0x76b908971a909bad), -W64LIT(0x2f79f0e7d9bd6f14), -W64LIT(0x197863363ad79e75), -W64LIT(0xda86830ad7bf32ce), -W64LIT(0x5a034086d0bee6a3), -W64LIT(0x97998f2cc0671ecf), -W64LIT(0x552607428f7ebcd1), -W64LIT(0x51d752ff184f845a), -W64LIT(0xbb23c73d0a4963c1), -W64LIT(0x2b88a55a4e8c579f), -W64LIT(0xd80453ae665d2e71), -W64LIT(0xee05c07f8537df10), -W64LIT(0x423a4be248187673), -W64LIT(0xcaa822e1947bd2fd), -W64LIT(0x1abbdbc029448c6f), -W64LIT(0x96d8e77e6216106a), -W64LIT(0x6266fcc1ce654315), -W64LIT(0x89d301517e12aa2b), -W64LIT(0x730935782fd0ad83), -W64LIT(0x8085c38c0701d46d), -W64LIT(0x6b303e1cb7763d53), -W64LIT(0x3f57510c9a798f27), -W64LIT(0x4449cefb6ecb5247), -W64LIT(0x48af31c922981a2f), -W64LIT(0x98bcc8e89fa744bd), -W64LIT(0x69b2eeb8069421ec), -W64LIT(0xebb5fd90b077e93e), -W64LIT(0x6a71564e150733f6), -W64LIT(0x116fc9b9e1b5ee96), -W64LIT(0x4a2de16d937a0690), -W64LIT(0xb9a11799bbab7f7e), -W64LIT(0x9368da9157562644), -W64LIT(0x718be5dc9e32b13c), -W64LIT(0xc82af2452599ce42), -W64LIT(0xb547e8abf7f83716), -W64LIT(0x33b1ae3ed62ac74f), -W64LIT(0x799c4f534550c1df), -W64LIT(0x3e16395e38088182), -W64LIT(0x7c2c72bc7010f7f1), -W64LIT(0xf38cf6f428d179ee), -W64LIT(0xd29129850cdd422d), -W64LIT(0x41f9f3145b8b6469), -W64LIT(0x945a37dad3f40cd5), -W64LIT(0x757ab061090389b7), -W64LIT(0x6554118a4ac76984), -W64LIT(0x7d6d1aeed261f954), -W64LIT(0x01416852a2710ea5), -W64LIT(0xb27505e0735a1d87), -W64LIT(0x77f860c5b8e19508), -W64LIT(0x78dd2701e721cf7a), -W64LIT(0xe12087bbdaf78562), -W64LIT(0x86f6469521d2f059), -W64LIT(0xef44a82d2746d1b5), -W64LIT(0xbc112a768eeb4950), -W64LIT(0xc2bf886e4f19a21e), -W64LIT(0x307216c8c5b9d555), -W64LIT(0xc96b9a1787e8c0e7), -W64LIT(0xa31acc5992eff311), -W64LIT(0xa0d974af817ce10b), -W64LIT(0xdcf50613f16c16fa), -W64LIT(0xfca9b1307711239c), -W64LIT(0x57a4d7e63e9ca06e), -W64LIT(0xc64eddd3d8289a95), -W64LIT(0xa25ba40b309efdb4), -W64LIT(0x2e3898b57bcc61b1), -W64LIT(0xf5ff73ed0e025dda), -W64LIT(0xa6aaf1b6a7afc53f), -W64LIT(0xd9453bfcc42c20d4), -W64LIT(0x9d0cf507aae77293), -W64LIT(0x290a75feff6e4b20), -W64LIT(0xa7eb99e405decb9a), -W64LIT(0xa1981cfd230defae), -W64LIT(0x12ac714ff226fc8c), -W64LIT(0x743bd833ab728712), -W64LIT(0x6c02d35733d417c2), -W64LIT(0xe9372d340195f581), -W64LIT(0xf77da349bfe04165), -W64LIT(0x68f386eaa4e52f49), -W64LIT(0x211ddf71240c3bc3), -W64LIT(0x13ed191d5057f229), -W64LIT(0xe8764566a3e4fb24), -W64LIT(0xf9198cdf425115b2), -W64LIT(0xd013f921bd3f5e92), -W64LIT(0x91ea0a35e6b43afb), -W64LIT(0x0732ed4b84a22a91), -W64LIT(0xeaf495c21206e79b), -W64LIT(0x5214ea090bdc9640), -W64LIT(0x0000000000000000), -W64LIT(0xb3346db2d12b1322), -W64LIT(0x0ce6ff324c534868), -W64LIT(0xaebd5b397ccdb5dc), -W64LIT(0x0a957a2b6a806c5c), -W64LIT(0x1f0be62f1c04ba41), -W64LIT(0x14dff456d4f5d8b8), -W64LIT(0x58819022615cfa1c), -W64LIT(0x05b03def3540362e), -W64LIT(0xe3a2571f6b1599dd), -W64LIT(0x9229b2c3f52728e1), -W64LIT(0xba62af6fa8386d64), -W64LIT(0x0673851926d32434), -W64LIT(0x641579d8e8b66721), -W64LIT(0x04f155bd9731388b), -W64LIT(0x9ecf4df1b9746089), -W64LIT(0x205cb723867d3566), -W64LIT(0x102ea1eb43c4e033), -W64LIT(0x3ba604b10d48b7ac), -W64LIT(0x50963aadba3e8aff), -W64LIT(0xac3f8b9dcd2fa963), -W64LIT(0x7b1e9ff7f4b2dd60), -W64LIT(0xf63ccb1b1d914fc0), -W64LIT(0x7eaea218c1f2eb4e), -W64LIT(0x5fb37d69e5fed08d), -W64LIT(0x56e5bfb49cedaecb), -W64LIT(0x2dfb2043685f73ab), -W64LIT(0x61a54437ddf6510f), -W64LIT(0x6fc16ba1204705d8), -W64LIT(0xe75302a2fc24a156), -W64LIT(0x3dd581a82b9b9398), -W64LIT(0xdbc7eb5875ce3c6b), -W64LIT(0x90ab626744c5345e), -W64LIT(0x59c0f870c32df4b9), -W64LIT(0x6697a97c59547b9e), -W64LIT(0xfde8d962d5602d39), -W64LIT(0xd3d041d7aeac4c88), -W64LIT(0x5ef2153b478fde28), -W64LIT(0xd4e2ac9c2a0e6619), -W64LIT(0x1e4a8e7dbe75b4e4), -W64LIT(0x72485d2a8da1a326), -W64LIT(0x437b23b0ea6978d6), -W64LIT(0x159e9c047684d61d), -W64LIT(0x0f2547c45fc05a72), -W64LIT(0xf10e265099336551), -W64LIT(0x3c94e9fa89ea9d3d), -W64LIT(0xbfd292809d785b4a), -W64LIT(0x0817aa8fdb6270e3), -W64LIT(0x60e42c657f875faa), -W64LIT(0x18390b6498a690d0), -W64LIT(0x478a760d7d58405d), -W64LIT(0x284b1dac5d1f4585), -W64LIT(0xb1b6bd1660c90f9d), -W64LIT(0xd15291731f4e5037), -W64LIT(0x4d1f0c2617d82c01), -W64LIT(0xc70fb5817a599430), -W64LIT(0x6d43bb0591a51967), -W64LIT(0x6e8003f382360b7d), -W64LIT(0x1d89368bade6a6fe), -W64LIT(0x4f9ddc82a63a30be), -W64LIT(0xedc6788996a4cd0a), -W64LIT(0xab0d66d6498d83f2), -W64LIT(0x54676f102d0fb274), -W64LIT(0xc17c30985c8ab004), -W64LIT(0x3865bc471edba5b6), -W64LIT(0x3924d415bcaaab13), -W64LIT(0x951b5f8871850270), -W64LIT(0x8a10b9a76d81b831), -W64LIT(0xbd5042242c9a47f5), -W64LIT(0xa5694940b43cd725), -W64LIT(0xff6a09c664823186), -W64LIT(0x8d2254ece92392a0), -W64LIT(0xb7c5380f461a2ba9), -W64LIT(0x82071328b6e3c8d2), -W64LIT(0xd721146a399d7403), -W64LIT(0xfada342951c207a8), -W64LIT(0x262f323aa0ae1152), -W64LIT(0xf04f4e023b426bf4), -W64LIT(0x276e5a6802df1ff7), -/* box 1 */ -W64LIT(0x3b4016dbfd16e203), -W64LIT(0x9a7574c51174530a), -W64LIT(0x90012e69c02ec8d3), -W64LIT(0xf44580e3d780e076), -W64LIT(0xf81dec2b49eca14b), -W64LIT(0x26cae3e8a6e3d7ef), -W64LIT(0x0962419e0c41f6ab), -W64LIT(0x54d1eb4070ebd951), -W64LIT(0x865e884b0188eec8), -W64LIT(0xdf76067ea406fe8a), -W64LIT(0x29849412e594fba0), -W64LIT(0x461569896869c0f2), -W64LIT(0xb5ddd6b3bbd6724e), -W64LIT(0x0c586cc89e6c413d), -W64LIT(0x6b0ad97054d904ea), -W64LIT(0xa135621eec62b109), -W64LIT(0x0eef7e47087ea461), -W64LIT(0xfaaafea4dffe4417), -W64LIT(0xe0ad344e80342331), -W64LIT(0xab4138b23d382ad0), -W64LIT(0x107390468e90fcff), -W64LIT(0xbe0885a2218561b9), -W64LIT(0xdbed22957d22c132), -W64LIT(0x2251c7037fc7e857), -W64LIT(0x33835ef8ba5e9c86), -W64LIT(0xb3f1e0d7f4e0a8aa), -W64LIT(0x3fdb32302432ddbb), -W64LIT(0xa719547aa3546bed), -W64LIT(0xe10c3df3cb3dab1f), -W64LIT(0x17feaf9f8aafae35), -W64LIT(0x9df84b1c154b01c0), -W64LIT(0x8364a51d93a5595e), -W64LIT(0x535cd49974d48b9b), -W64LIT(0x01a109bd4b09882e), -W64LIT(0xc4d0c529b0c51182), -W64LIT(0x2e09abcbe1aba96a), -W64LIT(0x1f3de7bccde7d0b0), -W64LIT(0x9317355b1d35a5a1), -W64LIT(0x6c87e6a950e65620), -W64LIT(0x8910ffb142ffc287), -W64LIT(0x40395fed275f1a16), -W64LIT(0x7b794936da49f815), -W64LIT(0xf269b68798b63a92), -W64LIT(0xfd27c17ddbc116dd), -W64LIT(0x8d8bdb5a9bdbfd3f), -W64LIT(0x1ba6c35714c3ef08), -W64LIT(0x6e30f426c6f4b37c), -W64LIT(0x7fe26ddd036dc7ad), -W64LIT(0x14e8b4ad57b4c347), -W64LIT(0xb985ba7b25ba3373), -W64LIT(0xe9cf75d08c75d59a), -W64LIT(0x626898ee5898f241), -W64LIT(0x5b9f9cba339cf51e), -W64LIT(0xb250e96abfe92084), -W64LIT(0x165fa622c1a6261b), -W64LIT(0xf5e4895e9c896858), -W64LIT(0xb76ac43c2dc49712), -W64LIT(0x02b7128f9612e55c), -W64LIT(0x1d8af5335bf535ec), -W64LIT(0x36b973ae28732b10), -W64LIT(0xa8572380e02347a2), -W64LIT(0xf6f2926c4192052a), -W64LIT(0x8c2ad2e7d0d27511), -W64LIT(0xd32e6ab63a6abfb7), -W64LIT(0xbd1e9e90fc9e0ccb), -W64LIT(0x03161b32dd1b6d72), -W64LIT(0x4dc03a98f23ad305), -W64LIT(0x81d3b79205b7bc02), -W64LIT(0x450372bbb572ad80), -W64LIT(0x2d1fb0f93cb0c418), -W64LIT(0x2a928f20388f96d2), -W64LIT(0x721b08a8d6080ebe), -W64LIT(0x92b63ce6563c2d8f), -W64LIT(0xeb78675f1a6730c6), -W64LIT(0x13658b74538b918d), -W64LIT(0x428e4d62b14dff4a), -W64LIT(0x88b1f60c09f64aa9), -W64LIT(0x75963771d2375c74), -W64LIT(0x7ad8408b9140703b), -W64LIT(0x57c7f072adf0b423), -W64LIT(0xe5971918121994a7), -W64LIT(0x5666f9cfe6f93c0d), -W64LIT(0x8f3cc9d50dc91863), -W64LIT(0x1e9cee0186ee589e), -W64LIT(0x8a06e4839fe4aff5), -W64LIT(0xb824b3c66eb3bb5d), -W64LIT(0xd1997839ac785aeb), -W64LIT(0x6752b5b8cab545d7), -W64LIT(0xb47cdf0ef0dffa60), -W64LIT(0x949a0a82190af76b), -W64LIT(0xc04be1c269e12e3a), -W64LIT(0xfc86c8c090c89ef3), -W64LIT(0xe3bb2f7c5d2f4e43), -W64LIT(0x6aabd0cd1fd08cc4), -W64LIT(0x2147dc31a2dc8525), -W64LIT(0xca3fbb6eb8bbb5e3), -W64LIT(0x48fa17ce60176493), -W64LIT(0x6444ae8a17ae28a5), -W64LIT(0x2b33869d73861efc), -W64LIT(0xd0387184e771d2c5), -W64LIT(0x7cf476efde76aadf), -W64LIT(0x63c9915313917a6f), -W64LIT(0xc929a05c65a0d891), -W64LIT(0xda4c2b28362b491c), -W64LIT(0xfe31da4f06da7baf), -W64LIT(0xc1eae87f22e8a614), -W64LIT(0x5c12a36337a3a7d4), -W64LIT(0x18b0d865c9d8827a), -W64LIT(0xe7200b97840b71fb), -W64LIT(0x4bec0cfcbd0c09e1), -W64LIT(0x0f4e77fa43772c4f), -W64LIT(0x4c613325b9335b2b), -W64LIT(0xf3c8bf3ad3bfb2bc), -W64LIT(0x87ff81f64a8166e6), -W64LIT(0xa38270917a705455), -W64LIT(0x1911d1d882d10a54), -W64LIT(0x44a27b06fe7b25ae), -W64LIT(0x049b24ebd9243fb8), -W64LIT(0xbb32a8f4b3a8d62f), -W64LIT(0x91a027d48b2740fd), -W64LIT(0x3d6c20bfb22038e7), -W64LIT(0xe681022acf02f9d5), -W64LIT(0xf17fadb545ad57e0), -W64LIT(0xcc138d0af78d6f07), -W64LIT(0x495b1e732b1eecbd), -W64LIT(0x38560de9200d8f71), -W64LIT(0xa9f62a3dab2acf8c), -W64LIT(0x47b46034236048dc), -W64LIT(0x8e9dc06846c0904d), -W64LIT(0xaccc076b3907781a), -W64LIT(0x32225745f15714a8), -W64LIT(0xd4a3556f3e55ed7d), -W64LIT(0xd7b54e5de34e800f), -W64LIT(0xddc114f132141bd6), -W64LIT(0x6d26ef141befde0e), -W64LIT(0x85489379dc9383ba), -W64LIT(0x0bd553119a5313f7), -W64LIT(0x786f520407529567), -W64LIT(0xcb9eb2d3f3b23dcd), -W64LIT(0xa223792c3179dc7b), -W64LIT(0x0a745aacd15a9bd9), -W64LIT(0x710d139a0b1363cc), -W64LIT(0x681cc24289c26998), -W64LIT(0x1a07caea5fca6726), -W64LIT(0x82c5aca0d8acd170), -W64LIT(0x25dcf8da7bf8ba9d), -W64LIT(0xc7c6de1b6dde7cf0), -W64LIT(0xc35dfaf0b4fa4348), -W64LIT(0xded70fc3ef0f76a4), -W64LIT(0x504acfaba9cfe6e9), -W64LIT(0xc571cc94fbcc99ac), -W64LIT(0x5ea5b1eca1b14288), -W64LIT(0xae7b15e4af159d46), -W64LIT(0xc888a9e12ea950bf), -W64LIT(0xf7539bd10a9b8d04), -W64LIT(0x962d180d8f181237), -W64LIT(0xe43610a559101c89), -W64LIT(0x772125fe4425b928), -W64LIT(0x84e99ac4979a0b94), -W64LIT(0xc667d7a626d7f4de), -W64LIT(0xefe343b4c3430f7e), -W64LIT(0xd5025cd2755c6553), -W64LIT(0xa6b85dc7e85de3c3), -W64LIT(0xd61447e0a8470821), -W64LIT(0x3e7a3b8d6f3b5595), -W64LIT(0x52fddd243fdd03b5), -W64LIT(0x8072be2f4ebe342c), -W64LIT(0x12c482c9188219a3), -W64LIT(0x9eee502ec8506cb2), -W64LIT(0xad6d0ed6720ef034), -W64LIT(0x59288e35a58e1042), -W64LIT(0xe21a26c11626c66d), -W64LIT(0x247df16730f132b3), -W64LIT(0xf0dea4080ea4dfce), -W64LIT(0x31344c772c4c79da), -W64LIT(0x4f77281764283659), -W64LIT(0x79ce5bb94c5b1d49), -W64LIT(0x0000000000000000), -W64LIT(0x73ba01159d018690), -W64LIT(0x74373ecc993ed45a), -W64LIT(0xbcbf972db79784e5), -W64LIT(0x4ed621aa2f21be77), -W64LIT(0xd95a301aeb30246e), -W64LIT(0x9c5942a15e4289ee), -W64LIT(0x37187a13637aa33e), -W64LIT(0x276bea55edea5fc1), -W64LIT(0x1c2bfc8e10fcbdc2), -W64LIT(0xed54513b5551ea22), -W64LIT(0x20e6d58ce9d50d0b), -W64LIT(0x3ae11f66b61f6a2d), -W64LIT(0x66f3bc0581bccdf9), -W64LIT(0x2cbeb94477b94c36), -W64LIT(0x99636ff7cc6f3e78), -W64LIT(0x953b033f52037f45), -W64LIT(0xb0e7fbe529fbc5d8), -W64LIT(0x60df8a61ce8a171d), -W64LIT(0x6f91fd9b8dfd3b52), -W64LIT(0xaae0310f7631a2fe), -W64LIT(0xbfa98c1f6a8ce997), -W64LIT(0x8ba7ed3ed4ed27db), -W64LIT(0x98c2664a8766b656), -W64LIT(0x062c36644f36dae4), -W64LIT(0x5570e2fd3be2517f), -W64LIT(0xead96ee2516eb8e8), -W64LIT(0x419856506c569238), -W64LIT(0x23f0cebe34ce6079), -W64LIT(0x309545ca6745f1f4), -W64LIT(0x5a3e950778957d30), -W64LIT(0x617e83dc85839f33), -W64LIT(0xfb0bf71994f7cc39), -W64LIT(0x3ccd2902f929b0c9), -W64LIT(0x70ac1a27401aebe2), -W64LIT(0xcea49f85619f8a5b), -W64LIT(0x39f704546b04075f), -W64LIT(0x0df96575d565c913), -W64LIT(0x08c3482347487e85), -W64LIT(0xd28f630b71633799), -W64LIT(0xecf558861e58620c), -W64LIT(0xc2fcf34dfff3cb66), -W64LIT(0x978c11b0c4119a19), -W64LIT(0x69bdcbffc2cbe1b6), -W64LIT(0xba93a149f8a15e01), -W64LIT(0x51ebc616e2c66ec7), -W64LIT(0x078d3fd9043f52ca), -W64LIT(0x58898788ee87986c), -W64LIT(0x4a4d0541f60581cf), -W64LIT(0xe86e7c6dc77c5db4), -W64LIT(0xee424a09884a8750), -W64LIT(0xcdb284b7bc84e729), -W64LIT(0x65e5a7375ca7a08b), -W64LIT(0x2fa8a276aaa22144), -W64LIT(0xa0946ba3a76b3927), -W64LIT(0xa5ae46f535468eb1), -W64LIT(0x35af689cf5684662), -W64LIT(0x28259dafae9d738e), -W64LIT(0xcf0596382a960275), -W64LIT(0xb6cbcd8166cd1f3c), -W64LIT(0x7e43646048644f83), -W64LIT(0x9bd47d785a7ddb24), -W64LIT(0x432f44dffa447764), -W64LIT(0x9f4f59938359e49c), -W64LIT(0x7d557f52957f22f1), -W64LIT(0x76802c430f2c3106), -W64LIT(0xdc601d4c791d93f8), -W64LIT(0x053a2d56922db796), -W64LIT(0x11d299fbc59974d1), -W64LIT(0xf9bce59602e52965), -W64LIT(0xd8fb39a7a039ac40), -W64LIT(0x340e6121be61ce4c), -W64LIT(0x5f04b851eab8caa6), -W64LIT(0x5db3aade7caa2ffa), -W64LIT(0x1549bd101cbd4b69), -W64LIT(0xff90d3f24dd3f381), -W64LIT(0xafda1c59e41c1568), -W64LIT(0xb146f25862f24df6), -W64LIT(0xa40f4f487e4f069f), -/* box 2 */ -W64LIT(0xa1a35cebf8f0f94c), -W64LIT(0x2c203d650f3f095d), -W64LIT(0x1a2bdaee4084a2a7), -W64LIT(0xd32404574d7bcc68), -W64LIT(0xf785bea594a9adc4), -W64LIT(0xf2eb54456206949c), -W64LIT(0x3f5e334d0475ced1), -W64LIT(0x5994299b835d1f60), -W64LIT(0x785b7989ac204794), -W64LIT(0x025da6a2cf461a41), -W64LIT(0xdf1f3a71f01a901b), -W64LIT(0x27284f018bb77637), -W64LIT(0xe1955a6d694c5310), -W64LIT(0x24a1baf2d9d261ac), -W64LIT(0xe4fbb08d9fe36a48), -W64LIT(0x8d83618ef7cff011), -W64LIT(0x2ac72276abf5279e), -W64LIT(0xf9e32621e68eebf6), -W64LIT(0xbf323fb4d3f86f69), -W64LIT(0xbb888605b8745beb), -W64LIT(0x70dafe1e7acd2f65), -W64LIT(0xd0adf1a41f1edbf3), -W64LIT(0x1e91635f2b089625), -W64LIT(0xee2791b8864818f8), -W64LIT(0x99ce23e4c56c1484), -W64LIT(0xf33f0714ff259946), -W64LIT(0xbd6f99161cbe7528), -W64LIT(0x9f293cf761a63a47), -W64LIT(0xb80173f6ea114c70), -W64LIT(0x6543ef25d54dc62a), -W64LIT(0x39b92c5ea0bfe012), -W64LIT(0x63a4f0367187e8e9), -W64LIT(0x4c0d38a02cddf62f), -W64LIT(0x07334c4239e92319), -W64LIT(0x43bff375c3d9bdc7), -W64LIT(0xca862b4a5f9a7954), -W64LIT(0x5d2e902ae8d12be2), -W64LIT(0x137e0e280b4ac78c), -W64LIT(0xf162a1b630638307), -W64LIT(0x55af17bd3e3c4313), -W64LIT(0x358212781ddebc61), -W64LIT(0x94214e93e52e452d), -W64LIT(0xc18e592edb12063e), -W64LIT(0xec7a371a490e02b9), -W64LIT(0x4963d240da72cf77), -W64LIT(0x41e255d70c9fa786), -W64LIT(0xff0439324244c535), -W64LIT(0x88ed8b6e0160c949), -W64LIT(0x6c163be39e83a301), -W64LIT(0xc534e09fb09e32bc), -W64LIT(0x806c0cf9d78da1b8), -W64LIT(0xdba583c09b96a499), -W64LIT(0x746047af11411be7), -W64LIT(0xf40c4b56c6ccba5f), -W64LIT(0x6270a367eca4e533), -W64LIT(0xd41748157492ef71), -W64LIT(0xeff3c2e91b6b1522), -W64LIT(0x0e66988472274632), -W64LIT(0x534808ae9af66dd0), -W64LIT(0x8231aa5b18cbbbf9), -W64LIT(0xb2dd52c3f3ba3ec0), -W64LIT(0xdd429cd33f5c8a5a), -W64LIT(0x4e509e02e39bec6e), -W64LIT(0x26fc1c5016947bed), -W64LIT(0xd9f8256254d0bed8), -W64LIT(0x0955d4c64bce652b), -W64LIT(0x1610e4c8fde5fed4), -W64LIT(0x6dc268b203a0aedb), -W64LIT(0x2e7d9bc7c079131c), -W64LIT(0xc3d3ff8c14541c7f), -W64LIT(0xd64aeeb7bbd4f530), -W64LIT(0xab7f7ddee15b8bfc), -W64LIT(0x144d426a32a3e495), -W64LIT(0x8e0a947da5aae78a), -W64LIT(0x798f2ad831034a4e), -W64LIT(0x3be48afc6ff9fa53), -W64LIT(0x529c5bff07d5600a), -W64LIT(0xbee66ce54edb62b3), -W64LIT(0x931202d1dcc76634), -W64LIT(0x50c1fd5dc8937a4b), -W64LIT(0xa4cdb60b0e5fc014), -W64LIT(0x57f2b11ff17a5952), -W64LIT(0x47054ac4a8558945), -W64LIT(0x5a1ddc68d13808fb), -W64LIT(0x5cfac37b75f22638), -W64LIT(0xc207acdd897711a5), -W64LIT(0x289a84d464b33ddf), -W64LIT(0xc05a0a7f46310be4), -W64LIT(0xe6a6162f50a57009), -W64LIT(0x06e71f13a4ca2ec3), -W64LIT(0x5f733688279731a3), -W64LIT(0xeb497b5870e721a0), -W64LIT(0xb667eb7298360a42), -W64LIT(0xe3c8fccfa60a4951), -W64LIT(0xe772457ecd867dd3), -W64LIT(0x6978d103682c9a59), -W64LIT(0x0def6d77204251a9), -W64LIT(0xc90fdeb90dff6ecf), -W64LIT(0xd179a2f5823dd629), -W64LIT(0x2fa9c8965d5a1ec6), -W64LIT(0x81b85fa84aaeac62), -W64LIT(0xdc96cf82a27f8780), -W64LIT(0x602d05c523e2ff72), -W64LIT(0x19a22f1d12e1b53c), -W64LIT(0xe52fe3dc02c06792), -W64LIT(0x58407aca1e7e12ba), -W64LIT(0x61f95694bec1f2a8), -W64LIT(0x48b781114751c2ad), -W64LIT(0xaaab2e8f7c788626), -W64LIT(0x04bab9b16b8c3482), -W64LIT(0x2df46e34921c0487), -W64LIT(0x1123a88ac40cddcd), -W64LIT(0xc6bd156ce2fb2527), -W64LIT(0x7f6835cb95c9648d), -W64LIT(0x83e5f90a85e8b623), -W64LIT(0x4f84cd537eb8e1b4), -W64LIT(0x294ed785f9903005), -W64LIT(0x1cccc5fde44e8c64), -W64LIT(0xcb52781bc2b9748e), -W64LIT(0x1d1896ac796d81be), -W64LIT(0xb30901926e99331a), -W64LIT(0xad9862cd4591a53f), -W64LIT(0xc8db8de890dc6315), -W64LIT(0x7bd28c7afe45500f), -W64LIT(0x0adc213519ab72b0), -W64LIT(0xa8f6882db33e9c67), -W64LIT(0xb5ee1e81ca531dd9), -W64LIT(0x201b0343b25e552e), -W64LIT(0x4036068691bcaa5c), -W64LIT(0xae11973e17f4b2a4), -W64LIT(0x9efd6fa6fc85379d), -W64LIT(0x33650d6bb91492a2), -W64LIT(0x3a30d9adf2daf789), -W64LIT(0x0c3b3e26bd615c73), -W64LIT(0xf651edf4098aa01e), -W64LIT(0x710ead4fe7ee22bf), -W64LIT(0x3138abc9765288e3), -W64LIT(0x9d749a55aee02006), -W64LIT(0x6e4b9d4151c5b940), -W64LIT(0x84d6b548bc01953a), -W64LIT(0x360be78b4fbbabfa), -W64LIT(0xa22aa918aa95eed7), -W64LIT(0xedae644bd42d0f63), -W64LIT(0x46d119953576849f), -W64LIT(0x6497bc74486ecbf0), -W64LIT(0xfbbe808329c8f1b7), -W64LIT(0x4aea27b38817d8ec), -W64LIT(0x5626e24e6c595488), -W64LIT(0x056eeae0f6af3958), -W64LIT(0x4558ec6667139304), -W64LIT(0x448cbf37fa309ede), -W64LIT(0x6f9fce10cce6b49a), -W64LIT(0xa0770fba65d3f496), -W64LIT(0x671e49871a0bdc6b), -W64LIT(0xda71d09106b5a943), -W64LIT(0x08818797d6ed68f1), -W64LIT(0xa3fefa4937b6e30d), -W64LIT(0xb080f4613cfc2481), -W64LIT(0x763de10dde0701a6), -W64LIT(0x4dd96bf1b1fefbf5), -W64LIT(0x92c6518041e46bee), -W64LIT(0x3456412980fdb1bb), -W64LIT(0x981a70b5584f195e), -W64LIT(0x3d0395efcb33d490), -W64LIT(0xba5cd55425575631), -W64LIT(0x4b3e74e21534d536), -W64LIT(0x6af124f03a498dc2), -W64LIT(0x7ebc669a08ea6957), -W64LIT(0x30ecf898eb718539), -W64LIT(0xa922db7c2e1d91bd), -W64LIT(0x7a06df2b63665dd5), -W64LIT(0xb154a730a1df295b), -W64LIT(0xfc8dccc11021d2ae), -W64LIT(0xcfe8c1aaa935400c), -W64LIT(0x97a8bb60b74b52b6), -W64LIT(0x18767c4c8fc2b8e6), -W64LIT(0x9a47d6179709031f), -W64LIT(0x0000000000000000), -W64LIT(0xac4c319cd8b2a8e5), -W64LIT(0xb9d520a7773241aa), -W64LIT(0xdecb69206d399dc1), -W64LIT(0x1f45300eb62b9bff), -W64LIT(0x10f7fbdb592fd017), -W64LIT(0x3e8a601c9956c30b), -W64LIT(0x8502e619212298e0), -W64LIT(0xf5d818075befb785), -W64LIT(0x547b44eca31f4ec9), -W64LIT(0x9ca0c90433c32ddc), -W64LIT(0xe041093cf46f5eca), -W64LIT(0xa69010a9c119da55), -W64LIT(0xc769463d7fd828fd), -W64LIT(0xc4e0b3ce2dbd3f66), -W64LIT(0x2575e9a344f16c76), -W64LIT(0x01d453519d230dda), -W64LIT(0xfa6ad3d2b4ebfc6d), -W64LIT(0xd5c31b44e9b1e2ab), -W64LIT(0xf83775707bade62c), -W64LIT(0xbcbbca47819d78f2), -W64LIT(0xd79ebde626f7f8ea), -W64LIT(0x5bc98f394c1b0521), -W64LIT(0x2246a5e17d184f6f), -W64LIT(0x12aa5d799669ca56), -W64LIT(0x5ea765d9bab43c79), -W64LIT(0x8939d83f9c43c493), -W64LIT(0x32b15e3a24379f78), -W64LIT(0xe914ddfabfa13be1), -W64LIT(0x909bf7228ea271af), -W64LIT(0x73530bed28a838fe), -W64LIT(0xd2f05706d058c1b2), -W64LIT(0xfed06a63df67c8ef), -W64LIT(0xb43a4dd057701003), -W64LIT(0xa519e55a937ccdce), -W64LIT(0x75b414fe8c62163d), -W64LIT(0xafc5c46f8ad7bf7e), -W64LIT(0x2392f6b0e03b42b5), -W64LIT(0x386d7f0f3d9cedc8), -W64LIT(0x21cf50122f7d58f4), -W64LIT(0x9b9385460a2a0ec5), -W64LIT(0x5115ae0c55b07791), -W64LIT(0x0fb2cbd5ef044be8), -W64LIT(0xea9d2809edc42c7a), -W64LIT(0xcc613459fb505797), -W64LIT(0x426ba0245efab01d), -W64LIT(0x1599113baf80e94f), -W64LIT(0x7d3593695a8f7ecc), -W64LIT(0x0389f5f35265179b), -W64LIT(0x875f40bbee6482a1), -W64LIT(0x95f51dc2780d48f7), -W64LIT(0x7ce1c038c7ac7316), -W64LIT(0xce3c92fb34164dd6), -W64LIT(0xcdb5670866735a4d), -W64LIT(0x8ab02dccce26d308), -W64LIT(0x914fa47313817c75), -W64LIT(0x8b647e9d5305ded2), -W64LIT(0xd82c7633c9f3b302), -W64LIT(0x728758bcb58b3524), -W64LIT(0xe8c08eab2282363b), -W64LIT(0x8fdec72c3889ea50), -W64LIT(0x2b13712736d62a44), -W64LIT(0x3cd7c6be5610d94a), -W64LIT(0x37dfb4dad298a620), -W64LIT(0x868b13ea73478f7b), -W64LIT(0xb7b3b82305150798), -W64LIT(0x0b08726484887f6a), -W64LIT(0x1bff89bfdda7af7d), -W64LIT(0x77e9b25c43240c7c), -W64LIT(0xf0b6f2e7ad408edd), -W64LIT(0x17c4b79960c6f30e), -W64LIT(0x8c5732df6aecfdcb), -W64LIT(0x68ac8252f50f9783), -W64LIT(0x66ca1ad68728d1b1), -W64LIT(0x6b2577a1a76a8018), -W64LIT(0xe21caf9e3b29448b), -W64LIT(0xa74443f85c3ad78f), -W64LIT(0xfd599f908d02df74), -W64LIT(0x967ce8312a685f6c), -/* box 3 */ -W64LIT(0xfa7b9775ba3af751), -W64LIT(0x03ef98cb769c2d13), -W64LIT(0x7191ce067072359e), -W64LIT(0xbab18b6bff7516a8), -W64LIT(0xe6e5ef4efbc1065e), -W64LIT(0x7bec74a3b1d0dbf4), -W64LIT(0x656b4fb907c31c4a), -W64LIT(0x4e8520f99fc86304), -W64LIT(0x8fd8df31d16dae58), -W64LIT(0x90a93fc1e60a7244), -W64LIT(0x30ad09f2b449cfc5), -W64LIT(0x8453be7e91bb5b90), -W64LIT(0x1d68a3d1c08feaad), -W64LIT(0x5c54642504b410f6), -W64LIT(0x8061383c8a9e3707), -W64LIT(0xf9940fbecca6da42), -W64LIT(0x46e1d97da982bbdf), -W64LIT(0xfc50521656f7ad77), -W64LIT(0x5e4d2704f35c2647), -W64LIT(0x8bea5973ca48c2cf), -W64LIT(0xd06323dfa34593bd), -W64LIT(0x62b651306a7a5dce), -W64LIT(0xa436b0714966d116), -W64LIT(0x4f73fb131ebc78a6), -W64LIT(0x92b07ce011e244f5), -W64LIT(0x33429139c2d5e2d6), -W64LIT(0xcee418c515565403), -W64LIT(0xd7be3d56cefcd239), -W64LIT(0x53ed83285f4789a9), -W64LIT(0xf3e9b51b0d043428), -W64LIT(0x20650e0fd8dd8a86), -W64LIT(0xb6e7f4add21aa2e4), -W64LIT(0x6d0fb63d3189c491), -W64LIT(0x0da0a42cac1bafee), -W64LIT(0x3f14eeffefba569a), -W64LIT(0x13279f361a086850), -W64LIT(0x9b225e8ea6dc878c), -W64LIT(0x6684d772715f3159), -W64LIT(0xa3ebaef824df9092), -W64LIT(0xc499a260d4f4ba69), -W64LIT(0xaa798c9693e153eb), -W64LIT(0x50021be329dba4ba), -W64LIT(0x949bb983fd2f1ed3), -W64LIT(0xdfdac4d2f8b60ae2), -W64LIT(0xf0062dd07b98193b), -W64LIT(0xafbdd13e09b024de), -W64LIT(0xb95e13a089e93bbb), -W64LIT(0x649d945386b707e8), -W64LIT(0xe4fcac6f0c2930ef), -W64LIT(0x413cc7f4c43bfa5b), -W64LIT(0x3b2668bdf49f3a0d), -W64LIT(0xe50a77858d5d2b4d), -W64LIT(0x05c45da89a517735), -W64LIT(0x3ee235156ece4d38), -W64LIT(0xfe491137a11f9bc6), -W64LIT(0xb7112f47536eb946), -W64LIT(0x07dd1e896db94184), -W64LIT(0x1ab5bd58ad36ab29), -W64LIT(0x8197e3d60bea2ca5), -W64LIT(0xab8f577c12954849), -W64LIT(0x9cff4007cb65c608), -W64LIT(0xa00436335243bd81), -W64LIT(0xfda689fcd783b6d5), -W64LIT(0xccfd5be4e2be62b2), -W64LIT(0x75a348446b575909), -W64LIT(0x17151974012d04c7), -W64LIT(0xfb8d4c9f3b4eecf3), -W64LIT(0xac5249f57f2c09cd), -W64LIT(0x9346a70a90965f57), -W64LIT(0x043286421b256c97), -W64LIT(0x27b81086b564cb02), -W64LIT(0x3569545a2e18b8f0), -W64LIT(0x6b24735edd449eb7), -W64LIT(0x2193d5e559a99124), -W64LIT(0xc7763aaba268977a), -W64LIT(0xb0cc31ce3ed7f8c2), -W64LIT(0xc939064c78ef1587), -W64LIT(0x16e3c29e80591f65), -W64LIT(0x5da2bfcf85c00b54), -W64LIT(0x5990398d9ee567c3), -W64LIT(0x67720c98f02b2afb), -W64LIT(0x54309da132fec82d), -W64LIT(0xeab39088d6aeb212), -W64LIT(0x9682faa20ac72862), -W64LIT(0xd38cbb14d5d9beae), -W64LIT(0x4c9c63d8682055b5), -W64LIT(0xd648e6bc4f88c99b), -W64LIT(0xdc355c198e2a27f1), -W64LIT(0x10c807fd6c944543), -W64LIT(0x450e41b6df1e96cc), -W64LIT(0x0b8b614f40d6f5c8), -W64LIT(0xd27a60fe54ada50c), -W64LIT(0x49583e70f2712280), -W64LIT(0x8dc19c10268598e9), -W64LIT(0x5866e2671f917c61), -W64LIT(0x79f537824638ed45), -W64LIT(0xc2b267033839e04f), -W64LIT(0xcb20456d8f072336), -W64LIT(0x2a18b4aa197f64ec), -W64LIT(0xdbe84290e3936675), -W64LIT(0x73888d27879a032f), -W64LIT(0xe8aad3a9214684a3), -W64LIT(0x6ee02ef64715e982), -W64LIT(0xa996145de57d7ef8), -W64LIT(0xc8cfdda6f99b0e25), -W64LIT(0x062bc563eccd5a26), -W64LIT(0x264ecb6c3410d0a0), -W64LIT(0xb8a8c84a089d2019), -W64LIT(0x7dc7b1c05d1d81d2), -W64LIT(0xd5a77e773914e488), -W64LIT(0x4b417d5105991431), -W64LIT(0xf62de8b39755431d), -W64LIT(0x993b1daf5134b13d), -W64LIT(0x82787b1d7d7601b6), -W64LIT(0xe321b2e66190716b), -W64LIT(0xb5086c66a4868ff7), -W64LIT(0x9ee603263c8df0b9), -W64LIT(0x349f8fb0af6ca352), -W64LIT(0x5b897aac690d5172), -W64LIT(0x7c316a2adc699a70), -W64LIT(0xd451a59db860ff2a), -W64LIT(0x706715ecf1062e3c), -W64LIT(0x838ea0f7fc021a14), -W64LIT(0x57df056a4462e53e), -W64LIT(0xcf12c32f94224fa1), -W64LIT(0xed6e8e01bb17f396), -W64LIT(0x915fe42b677e69e6), -W64LIT(0x89f31a523da0f47e), -W64LIT(0xe71334a47ab51dfc), -W64LIT(0xa860cfb76409655a), -W64LIT(0x9f10d8ccbdf9eb1b), -W64LIT(0xef77cd204cffc527), -W64LIT(0xf862d4544dd2c1e0), -W64LIT(0x8a1c82994b3cd96d), -W64LIT(0xae4b0ad488c43f7c), -W64LIT(0x98cdc645d040aa9f), -W64LIT(0x7fdef2e1aaf5b763), -W64LIT(0x4717029728f6a07d), -W64LIT(0x745593aeea2342ab), -W64LIT(0xee8116cacd8bde85), -W64LIT(0x727e56cd06ee188d), -W64LIT(0x227c4d2e2f35bc37), -W64LIT(0x977421488bb333c0), -W64LIT(0xa21d7512a5ab8b30), -W64LIT(0xbb4750817e010d0a), -W64LIT(0x6cf96dd7b0fddf33), -W64LIT(0x2801f78bee97525d), -W64LIT(0x1c9e783b41fbf10f), -W64LIT(0x9d099bed4a11ddaa), -W64LIT(0x7a1aaf4930a4c056), -W64LIT(0x32b44ad343a1f974), -W64LIT(0x3cfb763499267b89), -W64LIT(0xb2d572efc93fce73), -W64LIT(0x63408adaeb0e466c), -W64LIT(0xada4921ffe58126f), -W64LIT(0x5fbbfcee72283de5), -W64LIT(0x6ad2a8b45c308515), -W64LIT(0x0c567fc62d6fb44c), -W64LIT(0x956d62697c5b0571), -W64LIT(0x25a153a7428cfdb3), -W64LIT(0x150c5a55f6c53276), -W64LIT(0xe2d7690ce0e46ac9), -W64LIT(0xda1e997a62e77dd7), -W64LIT(0xf5c27078e1c96e0e), -W64LIT(0xc344bce9b94dfbed), -W64LIT(0x60af12119d926b7f), -W64LIT(0xa1f2edd9d337a623), -W64LIT(0xcad69e870e733894), -W64LIT(0x3770177bd9f08e41), -W64LIT(0xa5c06b9bc812cab4), -W64LIT(0x1f71e0f03767dc1c), -W64LIT(0x44f89a5c5e6a8d6e), -W64LIT(0x6159c9fb1ce670dd), -W64LIT(0x8e2e04db5019b5fa), -W64LIT(0x8805c1b8bcd4efdc), -W64LIT(0xe138f1c7967847da), -W64LIT(0x4ab7a6bb84ed0f93), -W64LIT(0x0000000000000000), -W64LIT(0x38c9f0768203171e), -W64LIT(0x1b4366b22c42b08b), -W64LIT(0x7803ec68c74cf6e7), -W64LIT(0xec9855eb3a63e834), -W64LIT(0xbe830d29e4507a3f), -W64LIT(0x2dc5aa2374c62568), -W64LIT(0xa62ff350be8ee7a7), -W64LIT(0x764cd08f1dcb741a), -W64LIT(0x8c3747faa7f1834b), -W64LIT(0x0fb9e70d5bf3995f), -W64LIT(0x55c6464bb38ad38f), -W64LIT(0xf7db3359162158bf), -W64LIT(0xd195f8352231881f), -W64LIT(0x0992226eb73ec379), -W64LIT(0x14fa81bf77b129d4), -W64LIT(0x48aee59a73053922), -W64LIT(0x2457884dc3f8e611), -W64LIT(0xffbfcadd206b8064), -W64LIT(0xb4feb78c25f29455), -W64LIT(0x864afd5f66536d21), -W64LIT(0x6f16f51cc661f220), -W64LIT(0xde2c1f3879c21140), -W64LIT(0x195a2593dbaa863a), -W64LIT(0x2e2a32e8025a087b), -W64LIT(0x432584d533d3ccea), -W64LIT(0x2c3371c9f5b23eca), -W64LIT(0xa7d928ba3ffafc05), -W64LIT(0x42d35f3fb2a7d748), -W64LIT(0x85a5659410cf4032), -W64LIT(0x0864f984364ad8db), -W64LIT(0xf21f6ef18c702f8a), -W64LIT(0xf1f0f63afaec0299), -W64LIT(0xd9f101b1147b50c4), -W64LIT(0x2fdce902832e13d9), -W64LIT(0x4d6ab832e9544e17), -W64LIT(0xe0ce2a2d170c5c78), -W64LIT(0x51f4c009a8afbf18), -W64LIT(0x68cbeb95abd8b3a4), -W64LIT(0xc15dffc84ea5cd5c), -W64LIT(0x02194321f7e836b1), -W64LIT(0x113edc17ede05ee1), -W64LIT(0x521b58c2de33920b), -W64LIT(0x9ad4856427a89c2e), -W64LIT(0x5629de80c516fe9c), -W64LIT(0x77ba0b659cbf6fb8), -W64LIT(0x238a96c4ae41a795), -W64LIT(0x12d144dc9b7c73f2), -W64LIT(0xd807da5b950f4b66), -W64LIT(0x3686cc91588495e3), -W64LIT(0x18acfe795ade9d98), -W64LIT(0x5a7fa146e8794ad0), -W64LIT(0xc680e141231c8cd8), -W64LIT(0x1e873b1ab613c7be), -W64LIT(0xf434ab9260bd75ac), -W64LIT(0xcd0b800e63ca7910), -W64LIT(0xbc9a4e0813b84c8e), -W64LIT(0x3d0dadde1852602b), -W64LIT(0x40ca1c1e454fe1f9), -W64LIT(0x0a7dbaa5c1a2ee6a), -W64LIT(0x693d307f2aaca806), -W64LIT(0x0e4f3ce7da8782fd), -W64LIT(0xbd6c95e292cc572c), -W64LIT(0x3ad0b35775eb21af), -W64LIT(0x7e28290b2b81acc1), -W64LIT(0x01f6dbea81741ba2), -W64LIT(0x87bc26b5e7277683), -W64LIT(0x393f2b9c03770cbc), -W64LIT(0xddc387f30f5e3c53), -W64LIT(0xeb454b6257daa9b0), -W64LIT(0xb323a905484bd5d1), -W64LIT(0xb13aea24bfa3e360), -W64LIT(0x315bd218353dd467), -W64LIT(0x2bee6f40980b7f4e), -W64LIT(0xe95c0843a0329f01), -W64LIT(0xc56f798a5580a1cb), -W64LIT(0xbf75d6c36524619d), -W64LIT(0x29f72c616fe349ff), -W64LIT(0xc0ab2422cfd1d6fe), -/* box 4 */ -W64LIT(0x561fc423e957943c), -W64LIT(0x014287ca69079288), -W64LIT(0x2f086129dfcd1d21), -W64LIT(0xc537d4aea044fd99), -W64LIT(0xf1e8c3bfd7c8a457), -W64LIT(0x2971998a5cdf9bfb), -W64LIT(0x23fa649a2ce9e460), -W64LIT(0x3aa9e9c356a6716a), -W64LIT(0xd6efa4e7aa3d1708), -W64LIT(0x705a24b1fda5b5eb), -W64LIT(0x101e0ce2b170a9fc), -W64LIT(0x7ca821020e814caa), -W64LIT(0x0bc97ada1931ed13), -W64LIT(0x34df1711778c59ce), -W64LIT(0xd35020ef9226d2bf), -W64LIT(0x575d43e9805006b4), -W64LIT(0x91acebec9b1db840), -W64LIT(0x549b3f423b5945d9), -W64LIT(0x99a3ed9d3925163e), -W64LIT(0x7917a50a369a891d), -W64LIT(0xe372343cb4b6dc4e), -W64LIT(0x8d40e2bdd949e8fd), -W64LIT(0xcfbc29bed0728202), -W64LIT(0x969794857108ac12), -W64LIT(0xdd26de3db30cfa1b), -W64LIT(0x115c8b28d8773b74), -W64LIT(0xe9f9c92cc480a3d5), -W64LIT(0x4dc8b21b4116d0d3), -W64LIT(0x316093194f979c79), -W64LIT(0x5124bb4a0342806e), -W64LIT(0xb31408bcdef3cea8), -W64LIT(0xc1cad76cf158aaa6), -W64LIT(0x88ff66b5e1522d4a), -W64LIT(0xa8c37e8476b28a47), -W64LIT(0x15a188ea896b6c4b), -W64LIT(0xa24883940684f5dc), -W64LIT(0xda1da1545919ee49), -W64LIT(0x22b8e35045ee76e8), -W64LIT(0x6106af9925d28e9f), -W64LIT(0xef80318f4792250f), -W64LIT(0x663dd0f0cfc79acd), -W64LIT(0x302214d326900ef1), -W64LIT(0xdfa2255c61022bfe), -W64LIT(0xe6cdb0348cad19f9), -W64LIT(0x50663c806a4512e6), -W64LIT(0x65fbac5b74ced9a0), -W64LIT(0xc4755364c9436f11), -W64LIT(0x8fc419dc0b473918), -W64LIT(0x5c9439339961eba7), -W64LIT(0x3f166dcb6ebdb4dd), -W64LIT(0xba59890715ccf25e), -W64LIT(0xf0aa4475becf36df), -W64LIT(0x03c67cabbb09436d), -W64LIT(0xb99ff5acaec5b133), -W64LIT(0xf9e7c5ce75f00a29), -W64LIT(0x6df4aa2ad6f677de), -W64LIT(0xaeba8627f5a00c9d), -W64LIT(0xa573fcfdec91e18e), -W64LIT(0x7f6e5da9b5880fc7), -W64LIT(0xca03adb6e86947b5), -W64LIT(0x74a72773acb9e2d4), -W64LIT(0x604428534cd51c17), -W64LIT(0xf8a542041cf798a1), -W64LIT(0x448533a08a29ec25), -W64LIT(0x80f060c4436a8334), -W64LIT(0x0db082799a236bc9), -W64LIT(0xfa21b965cef94944), -W64LIT(0x64b92b911dc94b28), -W64LIT(0x7118a37b94a22763), -W64LIT(0xaff801ed9ca79e15), -W64LIT(0x1dae8e9b2b53c235), -W64LIT(0x13d870490a79ea91), -W64LIT(0x8a7b9dd4335cfcaf), -W64LIT(0x1f2a75faf95d13d0), -W64LIT(0xeec2b6452e95b787), -W64LIT(0xc34e2c0d23567b43), -W64LIT(0x47434f0b3120af48), -W64LIT(0xa18eff3fbd8db6b1), -W64LIT(0x98e16a57502284b6), -W64LIT(0x37196bbacc851aa3), -W64LIT(0x8e869e166240ab90), -W64LIT(0x9fda153eba3790e4), -W64LIT(0xf515c07d86d4f368), -W64LIT(0x72dedfd02fab640e), -W64LIT(0xe230b3f6ddb14ec6), -W64LIT(0x97d5134f180f3e9a), -W64LIT(0xe1f6cf5d66b80dab), -W64LIT(0xe78f37fee5aa8b71), -W64LIT(0xa30a045e6f836754), -W64LIT(0x90ee6c26f21a2ac8), -W64LIT(0xaa4785e5a4bc5ba2), -W64LIT(0x4e0eceb0fa1f93be), -W64LIT(0x94136fe4a3067df7), -W64LIT(0x7b935e6be49458f8), -W64LIT(0x9b2716fceb2bc7db), -W64LIT(0x840d63061276d40b), -W64LIT(0xed04caee959cf4ea), -W64LIT(0xea3fb5877f89e0b8), -W64LIT(0xb56df01f5de14872), -W64LIT(0x4935b1d9100a87ec), -W64LIT(0x82749ba5916452d1), -W64LIT(0x58693af1c87dbc98), -W64LIT(0x89bde17f8855bfc2), -W64LIT(0x677f573aa6c00845), -W64LIT(0xeb7d324d168e7230), -W64LIT(0x0284fb61d20ed1e5), -W64LIT(0xb190f3dd0cfd1f4d), -W64LIT(0x684b2e22eeedb269), -W64LIT(0x2bf562eb8ed14a1e), -W64LIT(0xe0b448970fbf9f23), -W64LIT(0x396f9568edaf3207), -W64LIT(0x52e2c7e1b84bc303), -W64LIT(0x77615bd817b0a1b9), -W64LIT(0x7e2cda63dc8f9d4f), -W64LIT(0xf22ebf146cc1e73a), -W64LIT(0xc08850a6985f382e), -W64LIT(0xd9dbddffe210ad24), -W64LIT(0xbfe60d0f2dd737e9), -W64LIT(0x9a659136822c5553), -W64LIT(0x87cb1fada97f9766), -W64LIT(0x4c8a35d12811425b), -W64LIT(0x83361c6ff863c059), -W64LIT(0xd212a725fb214037), -W64LIT(0x9e9892f4d330026c), -W64LIT(0x45c7b46ae32e7ead), -W64LIT(0x5baf465a7374fff5), -W64LIT(0xdc6459f7da0b6893), -W64LIT(0xd46b5f867833c6ed), -W64LIT(0x5dd6bef9f066792f), -W64LIT(0xcb412a7c816ed53d), -W64LIT(0x75e5a0b9c5be705c), -W64LIT(0xf6d3bcd63dddb005), -W64LIT(0xfb633eafa7fedbcc), -W64LIT(0xd529d84c11345465), -W64LIT(0xc9c5d11d536004d8), -W64LIT(0xdb5f269e301e7cc1), -W64LIT(0x86899867c07805ee), -W64LIT(0x3d9296aabcb36538), -W64LIT(0x2cce1d8264c45e4c), -W64LIT(0x5aedc1901a736d7d), -W64LIT(0x2e4ae6e3b6ca8fa9), -W64LIT(0x1e68f230905a8158), -W64LIT(0xdee0a2960805b976), -W64LIT(0xcd38d2df027c53e7), -W64LIT(0x6909a9e887ea20e1), -W64LIT(0x24c11bf3c6fcf032), -W64LIT(0x18110a9313480782), -W64LIT(0xa7f7079c3e9f306b), -W64LIT(0xd8995a358b173fac), -W64LIT(0x854fe4cc7b714683), -W64LIT(0xbd62f66effd9e60c), -W64LIT(0x14e30f20e06cfec3), -W64LIT(0x6e32d6816dff34b3), -W64LIT(0x217e9ffbfee73585), -W64LIT(0xc88756d73a679650), -W64LIT(0x359d90db1e8bcb46), -W64LIT(0x2645e09214f221d7), -W64LIT(0x04fd03c2511c573f), -W64LIT(0x739c581a46acf686), -W64LIT(0xb0d2741765fa8dc5), -W64LIT(0xa0cc78f5d48a2439), -W64LIT(0x5e10c2524b6f3a42), -W64LIT(0xe50bcc9f37a45a94), -W64LIT(0x53a0402bd14c518b), -W64LIT(0x413ab7a8b2322992), -W64LIT(0x203c183197e0a70d), -W64LIT(0xcc7a55156b7bc16f), -W64LIT(0x4601c8c158273dc0), -W64LIT(0xbea48ac544d0a561), -W64LIT(0x638254f8f7dc5f7a), -W64LIT(0xa6b580565798a2e3), -W64LIT(0x3cd01160d5b4f7b0), -W64LIT(0x8c026577b04e7a75), -W64LIT(0x7ad1d9a18d93ca70), -W64LIT(0x785522c05f9d1b95), -W64LIT(0x5f5245982268a8ca), -W64LIT(0x9551e82eca01ef7f), -W64LIT(0x0000000000000000), -W64LIT(0xbb1b0ecd7ccb60d6), -W64LIT(0x094d81bbcb3f3cf6), -W64LIT(0x28331e4035d80973), -W64LIT(0xf7913b1c54da228d), -W64LIT(0x6acfd5433ce3638c), -W64LIT(0x1bd77638a84144ef), -W64LIT(0x62c0d3329edbcdf2), -W64LIT(0x81b2e70e2a6d11bc), -W64LIT(0xd7ad232dc33a8580), -W64LIT(0x05bf8408381bc5b7), -W64LIT(0x33e468789d994d9c), -W64LIT(0xfedcbaa79fe51e7b), -W64LIT(0x4f4c497a93180136), -W64LIT(0x073b7f69ea151452), -W64LIT(0x0cf205b3f324f941), -W64LIT(0x382d12a284a8a08f), -W64LIT(0x1cec0951425450bd), -W64LIT(0x55d9b888525ed751), -W64LIT(0x6cb62de0bff1e556), -W64LIT(0xd1d4db8e4028035a), -W64LIT(0x25839c39affb62ba), -W64LIT(0x4af3cd72ab03c481), -W64LIT(0xa4317b3785967306), -W64LIT(0x1a95f1f2c146d667), -W64LIT(0x926a97472014fb2d), -W64LIT(0xb7e90b7e8fef9997), -W64LIT(0xcefeae74b975108a), -W64LIT(0x3e54ea0107ba2655), -W64LIT(0xd0965c44292f91d2), -W64LIT(0xab05022fcdbbc92a), -W64LIT(0xfd1ac60c24ec5d16), -W64LIT(0xfc5841c64debcf9e), -W64LIT(0xe4494b555ea3c81c), -W64LIT(0xb6ab8cb4e6e80b1f), -W64LIT(0x3beb6e093fa1e3e2), -W64LIT(0xf36c38de05c675b2), -W64LIT(0x9c1c6995013ed389), -W64LIT(0x8b391a1e5a5b6e27), -W64LIT(0xec464d24fc9b6662), -W64LIT(0xad7cfa8c4ea94ff0), -W64LIT(0x0f347918482dba2c), -W64LIT(0x9d5eee5f68394101), -W64LIT(0x7623dc127eb73331), -W64LIT(0x32a6efb2f49edf14), -W64LIT(0x2d8c9a480dc3ccc4), -W64LIT(0xb2568f76b7f45c20), -W64LIT(0x0e76fed2212a28a4), -W64LIT(0x48773613790d1564), -W64LIT(0x129af783637e7819), -W64LIT(0x080f0671a238ae7e), -W64LIT(0x365bec70a582882b), -W64LIT(0x42fccb03093b6aff), -W64LIT(0x0a8bfd1070367f9b), -W64LIT(0xff9e3d6df6e28cf3), -W64LIT(0xe8bb4ee6ad87315d), -W64LIT(0xc7b32fcf724a2c7c), -W64LIT(0xb8dd7266c7c223bb), -W64LIT(0x9328108d491369a5), -W64LIT(0x0679f8a3831286da), -W64LIT(0x270767587df5b35f), -W64LIT(0xa981f94e1fb518cf), -W64LIT(0x6b8d528955e4f104), -W64LIT(0x1667f44132622f26), -W64LIT(0x2ab7e521e7d6d896), -W64LIT(0xac3e7d4627aedd78), -W64LIT(0x7deaa6c86786de22), -W64LIT(0x1725738b5b65bdae), -W64LIT(0x4bb14ab8c2045609), -W64LIT(0x592bbd3ba17a2e10), -W64LIT(0xc20cabc74a51e9cb), -W64LIT(0x6f70514b04f8a63b), -W64LIT(0xbc2071a496de7484), -W64LIT(0x19538d597a4f950a), -W64LIT(0xf45747b7efd361e0), -W64LIT(0x43be4cc9603cf877), -W64LIT(0xc6f1a8051b4dbef4), -W64LIT(0xb42f77d534e6dafa), -W64LIT(0x40783062db35bb1a), -/* box 5 */ -W64LIT(0xf5a96c292deb0a4e), -W64LIT(0x211c9df6ee653c51), -W64LIT(0x04de5ddcbeeef596), -W64LIT(0xe1e5b06f7457c19f), -W64LIT(0x74ca30f014a54fb6), -W64LIT(0xc296f9f7c5457d85), -W64LIT(0x7d4ee08a484d10b0), -W64LIT(0xae87f2d0bf9b13ad), -W64LIT(0x8df4bb480e89afb7), -W64LIT(0x2d8b7a67d9a2d61e), -W64LIT(0x0f3559c8bd712adb), -W64LIT(0x541bc7312f013338), -W64LIT(0x9ec4848b636d5164), -W64LIT(0x952f809f60f28e29), -W64LIT(0x28984d8cb28d6357), -W64LIT(0xd4b5f1dfc38e361f), -W64LIT(0x5674135f7076b373), -W64LIT(0xb791a330042172ec), -W64LIT(0xab94c53bd4b4a6e4), -W64LIT(0xf17731f59305ffd8), -W64LIT(0x39c7a621801e1dcf), -W64LIT(0x20d1f7c13ba47c8e), -W64LIT(0x5e3da912f95facaa), -W64LIT(0xb1202a82e5b80731), -W64LIT(0x13303fc36de4fed3), -W64LIT(0x2e29c43e5314168a), -W64LIT(0x861fbf5c0d1670fa), -W64LIT(0x6458b16af3f771f1), -W64LIT(0x3043765bdcf642c9), -W64LIT(0x12fd55f4b825be0c), -W64LIT(0x0a266e23d65e9f92), -W64LIT(0x6595db5d2636312e), -W64LIT(0x85bd010587a0b06e), -W64LIT(0x9bd7b3600842e42d), -W64LIT(0xaa59af0c0175e63b), -W64LIT(0x240faa1d854a8918), -W64LIT(0xf464061ef82a4a91), -W64LIT(0x5c527d7ca6282ce1), -W64LIT(0x03a2be598ab6c094), -W64LIT(0x40571b7776bdf8e9), -W64LIT(0xe4f687841f7874d6), -W64LIT(0x115febad32937e98), -W64LIT(0x5108f0da442e8671), -W64LIT(0x9cab50e53c1ad12f), -W64LIT(0x33e1c8025640825d), -W64LIT(0x87d2d56bd8d73025), -W64LIT(0xc0f92d999a32fdce), -W64LIT(0x62e938d8126e042c), -W64LIT(0x4a717554a0e3677b), -W64LIT(0x0beb0414039fdf4d), -W64LIT(0xd6da25b19cf9b654), -W64LIT(0x55d6ad06fac073e7), -W64LIT(0x632452efc7af44f3), -W64LIT(0xb5fe775e5b56f2a7), -W64LIT(0x892ae694b0675a21), -W64LIT(0x7a32030f7c1525b2), -W64LIT(0x5d9f174b73e96c3e), -W64LIT(0xc35b93c010843d5a), -W64LIT(0x373f95dee8ae77cb), -W64LIT(0xfb515fd6455b604a), -W64LIT(0xa9fb11558bc326af), -W64LIT(0x22be23af64d3fcc5), -W64LIT(0xa8367b625e026670), -W64LIT(0xb8a4faf8b9505837), -W64LIT(0x785dd7612362a5f9), -W64LIT(0x588c20a018c6d977), -W64LIT(0xea0eb47b77c81ed2), -W64LIT(0xa6ce489d36b20c74), -W64LIT(0x0c97e79137c7ea4f), -W64LIT(0x7c838abd9d8c506f), -W64LIT(0x57b97968a5b7f3ac), -W64LIT(0x6c110b277ade6e28), -W64LIT(0xc785ce1cae6ac8cc), -W64LIT(0x1581b6718c7d8b0e), -W64LIT(0x614b868198d8c4b8), -W64LIT(0x27ad14440ffc498c), -W64LIT(0xdb80a8177eff1cc4), -W64LIT(0x472bf8f242e5cdeb), -W64LIT(0x8a8858cd3ad19ab5), -W64LIT(0xf60bd270a75dcada), -W64LIT(0x43f5a52efc0b387d), -W64LIT(0x6ddc6110af1f2ef7), -W64LIT(0xf0ba5bc246c4bf07), -W64LIT(0x6fb3b57ef068aebc), -W64LIT(0x18db3bd76e7b219e), -W64LIT(0x903cb7740bdd3b60), -W64LIT(0x7bff6938a9d4656d), -W64LIT(0xbdb7cd13d27fed7e), -W64LIT(0x051337eb6b2fb549), -W64LIT(0x77688ea99e138f22), -W64LIT(0xd9ef7c7921889c8f), -W64LIT(0x077ce38534583502), -W64LIT(0xf318e59bcc727f93), -W64LIT(0xb34ffeecbacf877a), -W64LIT(0xe9ac0a22fd7ede46), -W64LIT(0xfc2dbc5371035548), -W64LIT(0x026fd46e5f77804b), -W64LIT(0xe53bedb3cab93409), -W64LIT(0xcc6eca08adf51781), -W64LIT(0xe028da58a1968140), -W64LIT(0x3a6518780aa8dd5b), -W64LIT(0xce011e66f28297ca), -W64LIT(0xa4a19cf369c58c3f), -W64LIT(0xc5ea1a72f11d4887), -W64LIT(0xc427704524dc0858), -W64LIT(0x4238cf1929ca78a2), -W64LIT(0x481ea13aff94e730), -W64LIT(0xdf5ef5cbc011e952), -W64LIT(0x80ae36eeec8f0527), -W64LIT(0x5ae3f4ce47b1593c), -W64LIT(0xcda3a03f7834575e), -W64LIT(0x71d9071b7f8afaff), -W64LIT(0xcadf43ba4c6c625c), -W64LIT(0x1623082806cb4b9a), -W64LIT(0x17ee621fd30a0b45), -W64LIT(0x448946abc8530d7f), -W64LIT(0x974054f13f850e62), -W64LIT(0x73b6d37520fd7ab4), -W64LIT(0xc8b097d4131be217), -W64LIT(0x9f09eebcb6ac11bb), -W64LIT(0x45442c9c1d924da0), -W64LIT(0x1b79858ee4cde10a), -W64LIT(0x0984d07a5ce85f06), -W64LIT(0x4cc0fce6417a12a6), -W64LIT(0x99b8670e57356466), -W64LIT(0xad254c89352dd339), -W64LIT(0x322ca2358381c282), -W64LIT(0xcfcc74512743d715), -W64LIT(0x6b6de8a24e865b2a), -W64LIT(0xda4dc220ab3e5c1b), -W64LIT(0x88e78ca365a61afe), -W64LIT(0x939e092d816bfbf4), -W64LIT(0xcb12298d99ad2283), -W64LIT(0xeed0e9a7c926eb44), -W64LIT(0x98750d3982f424b9), -W64LIT(0xd5789be8164f76c0), -W64LIT(0xbe15734a58c92dea), -W64LIT(0x49d3cb0d2a55a7ef), -W64LIT(0x67fa0f337941b165), -W64LIT(0x8c39d17fdb48ef68), -W64LIT(0x25c2c02a508bc9c7), -W64LIT(0x349d2b876218b75f), -W64LIT(0x70146d2caa4bba20), -W64LIT(0x1c05660bd095d408), -W64LIT(0xfe42683d2e74d503), -W64LIT(0x9a1ad957dd83a4f2), -W64LIT(0xf2d58fac19b33f4c), -W64LIT(0x81635cd9394e45f8), -W64LIT(0xb65cc907d1e03233), -W64LIT(0xdd3121a59f666919), -W64LIT(0x318e1c6c09370216), -W64LIT(0x8b4532faef10da6a), -W64LIT(0x191651e0bbba6141), -W64LIT(0x3f762f9361876812), -W64LIT(0xb96990cf6c9118e8), -W64LIT(0xb4331d698e97b278), -W64LIT(0xd822164ef449dc50), -W64LIT(0x84706b325261f0b1), -W64LIT(0x4eaf28881e0d92ed), -W64LIT(0x69023ccc11f1db61), -W64LIT(0x66376504ac80f1ba), -W64LIT(0x0849ba4d89291fd9), -W64LIT(0xff8f020afbb595dc), -W64LIT(0x50c59aed91efc6ae), -W64LIT(0x1dc80c3c055494d7), -W64LIT(0x1e6ab2658fe25443), -W64LIT(0x3d19fbfd3ef0e859), -W64LIT(0xfa9c35e1909a2095), -W64LIT(0x52aa4e83ce9846e5), -W64LIT(0x419a7140a37cb836), -W64LIT(0xa07fc12fd72b79a9), -W64LIT(0x68cf56fbc4309bbe), -W64LIT(0x01cd6a37d5c140df), -W64LIT(0x9253631a54aabb2b), -W64LIT(0xd06bac037d60c389), -W64LIT(0x295527bb674c2388), -W64LIT(0xd204786d221743c2), -W64LIT(0x0000000000000000), -W64LIT(0xf7c6b847729c8a05), -W64LIT(0xdcfc4b924aa729c6), -W64LIT(0xe38a64012b2041d4), -W64LIT(0xb28294db6f0ec7a5), -W64LIT(0x9d663ad2e9db91f0), -W64LIT(0x91f1dd43de1c7bbf), -W64LIT(0x6086ecb64d198467), -W64LIT(0x59414a97cd0799a8), -W64LIT(0xace826bee0ec93e6), -W64LIT(0xa56cf6c4bc04cce0), -W64LIT(0x727bb942f53c3a6b), -W64LIT(0x6e7edf4925a9ee63), -W64LIT(0x26607e73da3d0953), -W64LIT(0xe75439dd95ceb442), -W64LIT(0x7990bd56f6a3e526), -W64LIT(0xecbf3dc996516b0f), -W64LIT(0x76a5e49e4bd2cffd), -W64LIT(0x968d3ec6ea444ebd), -W64LIT(0x5b2e9ef9927019e3), -W64LIT(0x6aa082959b471bf5), -W64LIT(0xbb0644a133e698a3), -W64LIT(0x830c88b76639c5b3), -W64LIT(0xe2470e36fee1010b), -W64LIT(0xb0ed40b5307947ee), -W64LIT(0x355041b0b7d9f780), -W64LIT(0x8e560511843f6f23), -W64LIT(0x7f2134e4173a90fb), -W64LIT(0x2af799e2edfae31c), -W64LIT(0x4bbc1f63752227a4), -W64LIT(0xf8f3e18fcfeda0de), -W64LIT(0x0d5a8da6e206aa90), -W64LIT(0x2c4610500c6396c1), -W64LIT(0xde939ffc15d0a98d), -W64LIT(0xaf4a98e76a5a5372), -W64LIT(0x8f9b6f2651fe2ffc), -W64LIT(0x36f2ffe93d6f3714), -W64LIT(0x0ef833ff68b06a04), -W64LIT(0xe69953ea400ff49d), -W64LIT(0x23734998b112bc1a), -W64LIT(0x3ebb45a4b44628cd), -W64LIT(0x1ab4efb9310ca1d5), -W64LIT(0x2fe4ae0986d55655), -W64LIT(0xebc3de4ca2095e0d), -W64LIT(0x536724b41b59063a), -W64LIT(0x46e692c597248d34), -W64LIT(0x2b3af3d5383ba3c3), -W64LIT(0x3ba8724fdf699d84), -W64LIT(0xc13447ae4ff3bd11), -W64LIT(0x4d0d96d194bb5279), -W64LIT(0xfde0d664a4c21597), -W64LIT(0xd7174f864938f68b), -W64LIT(0x7eec5ed3c2fbd024), -W64LIT(0xbfd8197d8d086d35), -W64LIT(0x4f6242bfcbccd232), -W64LIT(0xa70322aae3734cab), -W64LIT(0xa3dd7f765d9db93d), -W64LIT(0x94e2eaa8b533cef6), -W64LIT(0x144cdc4659bccbd1), -W64LIT(0xc648a42b7bab8813), -W64LIT(0xf93e8bb81a2ce001), -W64LIT(0xbacb2e96e627d87c), -W64LIT(0xbc7aa72407beada1), -W64LIT(0xc97dfde3c6daa2c8), -W64LIT(0xa1b2ab1802ea3976), -W64LIT(0x1fa7d8525a23149c), -W64LIT(0x75075ac7c1640f69), -W64LIT(0xe861601528bf9e99), -W64LIT(0xa2101541885cf9e2), -W64LIT(0xef1d83901ce7ab9b), -W64LIT(0x06b189b2e19975dd), -W64LIT(0x380acc1655df5d10), -W64LIT(0x1092819ae7523e47), -W64LIT(0xd3c9125af7d6031d), -W64LIT(0xd1a6c634a8a18356), -W64LIT(0x5ff0c3252c9eec75), -W64LIT(0x82c1e280b3f8856c), -W64LIT(0xed7257fe43902bd0), -W64LIT(0x3cd491caeb31a886), -/* box 6 */ -W64LIT(0x94af9eb6fad9e7df), -W64LIT(0x9208ae5e03c94ddd), -W64LIT(0x1d8de8d67158480b), -W64LIT(0xfd093cd2ba147af8), -W64LIT(0xa45ceb22e6597ccf), -W64LIT(0x9bbde6e77bf113da), -W64LIT(0xe4edf4b465fffe5c), -W64LIT(0x7125622e4e8d2a2f), -W64LIT(0x1791b81b8f68430d), -W64LIT(0xb56a63d1902195c0), -W64LIT(0xa980832b30d2ee67), -W64LIT(0x4c0a7fb384862397), -W64LIT(0xed58bc0d1dc7a05b), -W64LIT(0x5955d7f05c4d0637), -W64LIT(0xd2b9b1c8806fcf4e), -W64LIT(0x06a730e8f910aa02), -W64LIT(0xb8b60bd846aa0768), -W64LIT(0x45bf370afcbe7d90), -W64LIT(0x16f6b0375ec370a1), -W64LIT(0x892276608b81afd4), -W64LIT(0xdcccc1b5d0ec08e7), -W64LIT(0xe856949162df5f58), -W64LIT(0x82592e81a41a977e), -W64LIT(0xac8eabb74fca1164), -W64LIT(0xfac9041692afe356), -W64LIT(0x3b882d75331ba3ba), -W64LIT(0xa39cd3e6cee2e561), -W64LIT(0xd077a190d7cca9e3), -W64LIT(0x9c7dde23534a8a74), -W64LIT(0x80973ed9f3b9f1d3), -W64LIT(0xce535132209cb4e9), -W64LIT(0xaa299b5fb6dabb66), -W64LIT(0x2d7e9d426dd8d31b), -W64LIT(0x8a8b6e140d89fad5), -W64LIT(0x6ca88af83fd56224), -W64LIT(0xf5db7c4713871753), -W64LIT(0xeef1a4799bcff55a), -W64LIT(0x76e55aea6636b381), -W64LIT(0x8ee24ea4a33a367a), -W64LIT(0x25acddd7c44bbeb0), -W64LIT(0x9adaeecbaa5a2076), -W64LIT(0x0e75707d5083c7a9), -W64LIT(0x2bd9adaa94c87919), -W64LIT(0x19e4c866dfeb84a4), -W64LIT(0x129f9087f070bc0e), -W64LIT(0xd9c2e929aff4f7e4), -W64LIT(0x6f01928cb9dd3725), -W64LIT(0x39463d2d64b8c517), -W64LIT(0xebff8ce5e4d70a59), -W64LIT(0xb40d6bfd418aa66c), -W64LIT(0xf21b44833b3c8efd), -W64LIT(0x3654457ce5903112), -W64LIT(0x431807e205aed792), -W64LIT(0xb10343613e92596f), -W64LIT(0x0a1c50cdfe300b06), -W64LIT(0x778252c6b79d802d), -W64LIT(0x0cbb60250720a104), -W64LIT(0xe1e3dc281ae7015f), -W64LIT(0x0f1278518128f405), -W64LIT(0x47712752ab1d1b3d), -W64LIT(0xe24ac45c9cef545e), -W64LIT(0x1ceae0faa0f37ba7), -W64LIT(0x9814fe93fdf946db), -W64LIT(0xec3fb421cc6c93f7), -W64LIT(0x833e26ad75b1a4d2), -W64LIT(0x6b68b23c176efb8a), -W64LIT(0x4904572ffb9edc94), -W64LIT(0x4bca4777ac3dba39), -W64LIT(0x2762cd8f93e8d81d), -W64LIT(0x9eb3ce7b04e9ecd9), -W64LIT(0xc2e8311727bc15ed), -W64LIT(0xea9884c9357c39f5), -W64LIT(0xfc6e34fe6bbf4954), -W64LIT(0x13f898ab21db8fa2), -W64LIT(0xb7a47389c782f36d), -W64LIT(0x7b3932e3b0bd2129), -W64LIT(0xaf27b3c3c9c24465), -W64LIT(0xb6c37ba51629c0c1), -W64LIT(0x84fe1e695d0a3d7c), -W64LIT(0x1a4dd01259e3d1a5), -W64LIT(0xab4e9373677188ca), -W64LIT(0x90c6be06546a2b70), -W64LIT(0xf37c4cafea97bd51), -W64LIT(0x647aca6d96460f8f), -W64LIT(0x4ec46febd325453a), -W64LIT(0x3e8605e94c035cb9), -W64LIT(0x0ddc6809d68b92a8), -W64LIT(0x8bec6638dc22c979), -W64LIT(0x67d3d219104e5a8e), -W64LIT(0x2abea58645634ab5), -W64LIT(0x5b9bc7a80bee609a), -W64LIT(0x936fa672d2627e71), -W64LIT(0x7d9e020b49ad8b2b), -W64LIT(0x5832dfdc8de6359b), -W64LIT(0xc7e6198b58a4eaee), -W64LIT(0xd41e8120797f654c), -W64LIT(0xf4bc746bc22c24ff), -W64LIT(0xe084d404cb4c32f3), -W64LIT(0x48635f032a35ef38), -W64LIT(0x8757061ddb02687d), -W64LIT(0x522e8f1173d63e9d), -W64LIT(0xbcdf2b68e819cbc7), -W64LIT(0xbf76331c6e119ec6), -W64LIT(0x08d24095a9936dab), -W64LIT(0x728c7a5ac8857f2e), -W64LIT(0xd110a9bc06679a4f), -W64LIT(0x1f43f88e26fb2ea6), -W64LIT(0xb2aa5b15b89a0c6e), -W64LIT(0x4aad4f5b7d968995), -W64LIT(0x9fd4c657d542df75), -W64LIT(0x323d65cc4b23fdbd), -W64LIT(0xc38f393bf6172641), -W64LIT(0xa152c3be994183cc), -W64LIT(0x9d1ad60f82e1b9d8), -W64LIT(0xe744ecc0e3f7ab5d), -W64LIT(0x38213501b513f6bb), -W64LIT(0xade9a39b9e6122c8), -W64LIT(0x37334d50343b02be), -W64LIT(0x55eeb7d55b6da733), -W64LIT(0x970686c27cd1b2de), -W64LIT(0x427f0fced405e43e), -W64LIT(0xc026214f701f7340), -W64LIT(0x40b11f9683a68293), -W64LIT(0x02ce105857a366ad), -W64LIT(0x7e371a7fcfa5de2a), -W64LIT(0xffc72c8aedb71c55), -W64LIT(0x68c1aa489166ae8b), -W64LIT(0xc68111a7890fd942), -W64LIT(0x79f722bbe71e4784), -W64LIT(0xd579890ca8d456e0), -W64LIT(0x70426a029f261983), -W64LIT(0xb0644b4def396ac3), -W64LIT(0xdb0cf971f8579149), -W64LIT(0x5489bff98ac6949f), -W64LIT(0x046920b0aeb3ccaf), -W64LIT(0x7cf90a279806b887), -W64LIT(0x050e289c7f18ff03), -W64LIT(0x651dc24147ed3c23), -W64LIT(0x5e95ef3474f69f99), -W64LIT(0x6dcf82d4ee7e5188), -W64LIT(0x8f854688729105d6), -W64LIT(0x81f036f52212c27f), -W64LIT(0xb9d103f4970134c4), -W64LIT(0x5349873da27d0d31), -W64LIT(0x20a2f54bbb5341b3), -W64LIT(0xf0d554db6c9fe850), -W64LIT(0x07c038c428bb99ae), -W64LIT(0x30f375941c809b10), -W64LIT(0x3fe10dc59da86f15), -W64LIT(0x46162f7e7ab62891), -W64LIT(0xe623e4ec325c98f1), -W64LIT(0xfea024a63c1c2ff9), -W64LIT(0x349a5524b23357bf), -W64LIT(0x35fd5d0863986413), -W64LIT(0x96618eeead7a8172), -W64LIT(0xcb5d79ae5f844bea), -W64LIT(0x21c5fd676af8721f), -W64LIT(0x5720a78d0ccec19e), -W64LIT(0xf6726433958f4252), -W64LIT(0x8d4b56d02532637b), -W64LIT(0x24cbd5fb15e08d1c), -W64LIT(0x3aef2559e2b09016), -W64LIT(0x5afccf84da455336), -W64LIT(0x51879765f5de6b9c), -W64LIT(0x2917bdf2c36b1fb4), -W64LIT(0xa7f5f356605129ce), -W64LIT(0xc1412963a1b440ec), -W64LIT(0x3d2f1d9dca0b09b8), -W64LIT(0xa53be30e37f24f63), -W64LIT(0x5ff2e718a55dac35), -W64LIT(0xa2fbdbca1f49d6cd), -W64LIT(0xf7156c1f442471fe), -W64LIT(0x7a5e3acf61161285), -W64LIT(0xca3a71828e2f7846), -W64LIT(0x1b2ad83e8848e209), -W64LIT(0xa8e78b07e179ddcb), -W64LIT(0xef96ac554a64c6f6), -W64LIT(0x0000000000000000), -W64LIT(0x6013eadd38f5c320), -W64LIT(0x3c4815b11ba03a14), -W64LIT(0x09b548b978385e07), -W64LIT(0x226ce513ecf0271e), -W64LIT(0x63baf2a9befd9621), -W64LIT(0x44d83f262d154e3c), -W64LIT(0xcdfa4946a694e1e8), -W64LIT(0x113688f37678e90f), -W64LIT(0x859916458ca10ed0), -W64LIT(0xc52809d30f078c43), -W64LIT(0x4d6d779f552d103b), -W64LIT(0x1e24f0a2f7501d0a), -W64LIT(0x0167082cd1ab33ac), -W64LIT(0x1438a06f0960160c), -W64LIT(0xf9601c6214a7b657), -W64LIT(0xa035cb9248eab060), -W64LIT(0x50e09f4924755830), -W64LIT(0xd7b79954ff77304d), -W64LIT(0xe58afc98b454cdf0), -W64LIT(0x03a9187486085501), -W64LIT(0x62ddfa856f56a58d), -W64LIT(0xc44f01ffdeacbfef), -W64LIT(0x73eb7276192e4c82), -W64LIT(0xd6d091782edc03e1), -W64LIT(0xfbae0c3a4304d0fa), -W64LIT(0x9973f6bf2c527577), -W64LIT(0x105180dfa7d3daa3), -W64LIT(0x2605c5a34243ebb1), -W64LIT(0x91a1b62a85c118dc), -W64LIT(0xc99369f608272d47), -W64LIT(0x5d3cf740f2feca98), -W64LIT(0xcf34591ef1378745), -W64LIT(0xc8f461dad98c1eeb), -W64LIT(0x0b7b58e12f9b38aa), -W64LIT(0xe32dcc704d4467f2), -W64LIT(0x754c429ee03ee680), -W64LIT(0xd3deb9e451c4fce2), -W64LIT(0x6e669aa068760489), -W64LIT(0x66b4da35c1e56922), -W64LIT(0x4fa367c7028e7696), -W64LIT(0xba781b80110961c5), -W64LIT(0x41d617ba520db13f), -W64LIT(0x335a6de09a88ce11), -W64LIT(0xdf65d9c156e45de6), -W64LIT(0xcc9d416a773fd244), -W64LIT(0x5c5bff6c2355f934), -W64LIT(0x2870b5de12c02c18), -W64LIT(0x155fa843d8cb25a0), -W64LIT(0x78902a9736b57428), -W64LIT(0xae40bbef186977c9), -W64LIT(0x88457e4c5a2a9c78), -W64LIT(0x6a0fba10c6c5c826), -W64LIT(0x7f5012531e0eed86), -W64LIT(0x8c2c5efcf49950d7), -W64LIT(0x31947db8cd2ba8bc), -W64LIT(0x2c19956ebc73e0b7), -W64LIT(0x230bed3f3d5b14b2), -W64LIT(0x69a6a26440cd9d27), -W64LIT(0x86300e310aa95bd1), -W64LIT(0xb3cd533969313fc2), -W64LIT(0x1883c04a0e40b708), -W64LIT(0xf1b25cf7bd34dbfc), -W64LIT(0x2fb08d1a3a7bb5b6), -W64LIT(0xd8a5e1057e5fc448), -W64LIT(0xddabc99901473b4b), -W64LIT(0xde02d1ed874f6e4a), -W64LIT(0xbdb8234439b2f86b), -W64LIT(0x5647afa1dd65f232), -W64LIT(0x2ed78536ebd0861a), -W64LIT(0xe9319cbdb3746cf4), -W64LIT(0xa692fb7ab1fa1a62), -W64LIT(0x742b4ab23195d52c), -W64LIT(0x95c8969a2b72d473), -W64LIT(0x6174e2f1e95ef08c), -W64LIT(0xf807144ec50c85fb), -W64LIT(0xbe113b30bfbaad6a), -W64LIT(0xda6bf15d29fca2e5), -W64LIT(0xbb1f13acc0a25269), -/* box 7 */ -W64LIT(0xc22b27f0f9e37bf9), -W64LIT(0x93fad23f0955ef09), -W64LIT(0x32ed4b84a22a91a2), -W64LIT(0x3898b57bcc61b1cc), -W64LIT(0x55825ba9ad98e5ad), -W64LIT(0xb2eeb8069421ec94), -W64LIT(0xc7eb5875ce3c6bce), -W64LIT(0x4b1dac5d1f45851f), -W64LIT(0xc16ba1204705d847), -W64LIT(0xc5380f461a2ba91a), -W64LIT(0xb908971a909bad90), -W64LIT(0x303e1cb7763d5376), -W64LIT(0xe6ff324c53486853), -W64LIT(0x6d1aeed261f95461), -W64LIT(0x0193d1e36af1616a), -W64LIT(0x51d1f5cff0b694f0), -W64LIT(0x29b2c3f52728e127), -W64LIT(0x112a768eeb4950eb), -W64LIT(0x8fb672f86f9f4d6f), -W64LIT(0xf0c66c745bc9ea5b), -W64LIT(0x3f8b9dcd2fa9632f), -W64LIT(0x65bc471edba5b6db), -W64LIT(0x4d9d5508967c3696), -W64LIT(0x3a4be24818767318), -W64LIT(0x2794936c144db014), -W64LIT(0x2af2452599ce4299), -W64LIT(0x4a8e7dbe75b4e475), -W64LIT(0x9ddc82a63a30be3a), -W64LIT(0xade29e114c0ded4c), -W64LIT(0xd1d2064dc6bde9c6), -W64LIT(0x7da349bfe04165e0), -W64LIT(0x6b9a1787e8c0e7e8), -W64LIT(0xa54437ddf6510ff6), -W64LIT(0x2254ece92392a023), -W64LIT(0x79f0e7d9bd6f14bd), -W64LIT(0x57510c9a798f2779), -W64LIT(0x346db2d12b13222b), -W64LIT(0x54118a4ac76984c7), -W64LIT(0xefca4a6383e5eb83), -W64LIT(0xca8d8e3c43bf9943), -W64LIT(0xfc336bdebcbb79bc), -W64LIT(0x3e184c2e45580245), -W64LIT(0xf495c21206e79b06), -W64LIT(0xff73ed0e025dda02), -W64LIT(0x4228d472cfe806cf), -W64LIT(0xbcc8e89fa744bda7), -W64LIT(0xab626744c5345ec5), -W64LIT(0xb6bd1660c90f9dc9), -W64LIT(0xb72ec783a3fefca3), -W64LIT(0x8be5dc9e32b13c32), -W64LIT(0x485d2a8da1a326a1), -W64LIT(0xc6788996a4cd0aa4), -W64LIT(0x40fb83411bffc41b), -W64LIT(0x08a6a9ccba5ce2ba), -W64LIT(0xf386eaa4e52f49e5), -W64LIT(0x1acc5992eff311ef), -W64LIT(0xa2571f6b1599dd15), -W64LIT(0x44a82d2746d1b546), -W64LIT(0x70c59ff66dc2976d), -W64LIT(0x8d6525cbbb888fbb), -W64LIT(0x963aadba3e8aff3e), -W64LIT(0x7c30985c8ab0048a), -W64LIT(0x607c389bec7aa6ec), -W64LIT(0xa822e1947bd2fd7b), -W64LIT(0x034086d0bee6a3be), -W64LIT(0x66fcc1ce65431565), -W64LIT(0xb37d69e5fed08dfe), -W64LIT(0x2f323aa0ae1152ae), -W64LIT(0x56c2dd79137e4613), -W64LIT(0x31adcd541ccc321c), -W64LIT(0xdff456d4f5d8b8f5), -W64LIT(0xf9f3145b8b64698b), -W64LIT(0x764566a3e4fb24e4), -W64LIT(0x0cf507aae77293e7), -W64LIT(0x59775c034aea764a), -W64LIT(0xb89b46f9fa6accfa), -W64LIT(0xe8d962d5602d3960), -W64LIT(0x17aa8fdb6270e362), -W64LIT(0x1c4ca0c766caa266), -W64LIT(0x2de16d937a06907a), -W64LIT(0x2547c45fc05a72c0), -W64LIT(0x0fb5817a59943059), -W64LIT(0x0680f9558939b389), -W64LIT(0x16395e3808818208), -W64LIT(0xac714ff226fc8c26), -W64LIT(0xa9b1307711239c11), -W64LIT(0xec8accb33d03483d), -W64LIT(0x6c893f310b08350b), -W64LIT(0xc4abdea570dac870), -W64LIT(0xba4811ca2e7d0e2e), -W64LIT(0xf155bd9731388b31), -W64LIT(0xdd2701e721cf7a21), -W64LIT(0xe94ab3360adc580a), -W64LIT(0x23c73d0a4963c149), -W64LIT(0x5cb723867d35667d), -W64LIT(0x5042242c9a47f59a), -W64LIT(0x198cdf425115b251), -W64LIT(0x0a75feff6e4b206e), -W64LIT(0xfda0ba3dd64a18d6), -W64LIT(0xcede205a1e91e81e), -W64LIT(0xd041d7aeac4c88ac), -W64LIT(0xe42c657f875faa87), -W64LIT(0x36bee5e2ff04e0ff), -W64LIT(0x6fc9b9e1b5ee96b5), -W64LIT(0x998f2cc0671ecf67), -W64LIT(0xd301517e12aa2b12), -W64LIT(0xaea218c1f2eb4ef2), -W64LIT(0xda342951c207a8c2), -W64LIT(0x61efe978868bc786), -W64LIT(0x7f701e8c3456a734), -W64LIT(0x0be62f1c04ba4104), -W64LIT(0x9129850cdd422ddd), -W64LIT(0xd6c12efb25753b25), -W64LIT(0xe33f4dc964977864), -W64LIT(0x1579d8e8b66721b6), -W64LIT(0xf860c5b8e19508e1), -W64LIT(0x7496319030ece630), -W64LIT(0x88a55a4e8c579f8c), -W64LIT(0xcf4df1b974608974), -W64LIT(0x10b9a76d81b83181), -W64LIT(0x0e26509933655133), -W64LIT(0x43bb0591a51967a5), -W64LIT(0x926903dc63a48e63), -W64LIT(0x9c4f534550c1df50), -W64LIT(0x3bd833ab72871272), -W64LIT(0xa4d7e63e9ca06e9c), -W64LIT(0xb46e41531d185f1d), -W64LIT(0x126af05e55aff355), -W64LIT(0x24d415bcaaab13aa), -W64LIT(0x1e9ff7f4b2dd60b2), -W64LIT(0x05c07f8537df1037), -W64LIT(0x467b7a1492c67792), -W64LIT(0x2087bbdaf78562f7), -W64LIT(0x819022615cfa1c5c), -W64LIT(0xcd9ea68aa0774ba0), -W64LIT(0xa79760ee2246cd22), -W64LIT(0x8343755288edde88), -W64LIT(0x58e48de0201b1720), -W64LIT(0x7216c8c5b9d555b9), -W64LIT(0x372d340195f58195), -W64LIT(0xa11799bbab7f7eab), -W64LIT(0x9f0fd595ee277cee), -W64LIT(0x676f102d0fb2740f), -W64LIT(0x9e9c047684d61d84), -W64LIT(0x49cefb6ecb5247cb), -W64LIT(0xd41279c8f162f9f1), -W64LIT(0x1f0c2617d82c01d8), -W64LIT(0x97a97c59547b9e54), -W64LIT(0xe76ce3af39b90939), -W64LIT(0xc3b8f61393121a93), -W64LIT(0x5ba40b309efdb49e), -W64LIT(0xea0a35e6b43afbb4), -W64LIT(0x5a37dad3f40cd5f4), -W64LIT(0x14ea090bdc9640dc), -W64LIT(0x5e6474b5a922a4a9), -W64LIT(0xfee03ced68acbb68), -W64LIT(0x071328b6e3c8d2e3), -W64LIT(0x5302a2fc24a15624), -W64LIT(0x85c38c0701d46d01), -W64LIT(0x3d58cafefbbea1fb), -W64LIT(0x84505de46b250c6b), -W64LIT(0x642f96fdb154d7b1), -W64LIT(0xbf886e4f19a21e19), -W64LIT(0x02d35733d417c2d4), -W64LIT(0x68da915756264456), -W64LIT(0x8710db34d5c3afd5), -W64LIT(0x0d66d6498d83f28d), -W64LIT(0x7b23b0ea6978d669), -W64LIT(0x1b5f887185027085), -W64LIT(0x3ccb1b1d914fc091), -W64LIT(0x0453ae665d2e715d), -W64LIT(0xcb1e5fdf294ef829), -W64LIT(0xf6469521d2f059d2), -W64LIT(0xb03def3540362e40), -W64LIT(0x633cbe4b529c0552), -W64LIT(0xf7d544c2b80138b8), -W64LIT(0x7ab061090389b703), -W64LIT(0x0000000000000000), -W64LIT(0xdba7f8b2a8f6c9a8), -W64LIT(0x35fe633241e24341), -W64LIT(0x21146a399d74039d), -W64LIT(0xd581a82b9b93989b), -W64LIT(0x0935782fd0ad83d0), -W64LIT(0x5ff7a556c3d3c5c3), -W64LIT(0xaf31c922981a2f98), -W64LIT(0x90ba54efb7b34cb7), -W64LIT(0x5291731f4e50374e), -W64LIT(0xc0f870c32df4b92d), -W64LIT(0x7ee3cf6f5ea7c65e), -W64LIT(0xe07fcb19da71dbda), -W64LIT(0x4eddd3d8289a9528), -W64LIT(0x13f921bd3f5e923f), -W64LIT(0xf50613f16c16fa6c), -W64LIT(0x981cfd230defae0d), -W64LIT(0x4c0e84ebfc8d57fc), -W64LIT(0x82d0a4b1e21cbfe2), -W64LIT(0x89368bade6a6fee6), -W64LIT(0xd292809d785b4a78), -W64LIT(0x47e8abf7f83716f8), -W64LIT(0x8e25a31b056e2c05), -W64LIT(0xd752ff184f845a4f), -W64LIT(0xcc0d7769ca862aca), -W64LIT(0x694940b43cd7253c), -W64LIT(0x2ea1eb43c4e033c4), -W64LIT(0xde6787379f29d99f), -W64LIT(0x181f0ea13be4d33b), -W64LIT(0x416852a2710ea571), -W64LIT(0x62af6fa8386d6438), -W64LIT(0xa0844858c18e1fc1), -W64LIT(0x337e9a67c8dbf0c8), -W64LIT(0x2c72bc7010f7f110), -W64LIT(0xbd5b397ccdb5dccd), -W64LIT(0xd8e77e6216106a16), -W64LIT(0x86830ad7bf32cebf), -W64LIT(0x4f4e023b426bf442), -W64LIT(0xe5bfb49cedaecbed), -W64LIT(0x8a760d7d58405d58), -W64LIT(0xe2ac9c2a0e66190e), -W64LIT(0xb5fd90b077e93e77), -W64LIT(0xdcb4d0044b3e1b4b), -W64LIT(0x453bfcc42c20d42c), -W64LIT(0xed191d5057f22957), -W64LIT(0xe1ec1afab080bab0), -W64LIT(0xee599b80e9148ae9), -W64LIT(0x2607428f7ebcd17e), -W64LIT(0x5d24f26517c40717), -W64LIT(0x6a09c66482318682), -W64LIT(0xa604b10d48b7ac48), -W64LIT(0xbe1bbfac73537f73), -W64LIT(0x282112164dd9804d), -W64LIT(0x7505e0735a1d875a), -W64LIT(0x73851926d32434d3), -W64LIT(0xd974af817ce10b7c), -W64LIT(0xeb99e405decb9ade), -W64LIT(0x9b5c7bf3b3090db3), -W64LIT(0xfab3928b3582ca35), -W64LIT(0x8003f382360b7d36), -W64LIT(0x94e9fa89ea9d3dea), -W64LIT(0xb1ae3ed62ac74f2a), -W64LIT(0x9acfaa10d9f86cd9), -W64LIT(0x390b6498a690d0a6), -W64LIT(0xf2153b478fde288f), -W64LIT(0x71564e150733f607), -W64LIT(0xa3c4ce887f68bc7f), -W64LIT(0xaaf1b6a7afc53faf), -W64LIT(0x1ddf71240c3bc30c), -W64LIT(0x77d6b7408e0a458e), -W64LIT(0x2b6194c6f33f23f3), -W64LIT(0xc9cd08ecfd593afd), -W64LIT(0xc85ed90f97a85b97), -W64LIT(0x8cf6f428d179eed1), -W64LIT(0x957a2b6a806c5c80), -W64LIT(0xbbdbc029448c6f44), -W64LIT(0x7863363ad79e75d7), -W64LIT(0x6e5a6802df1ff7df), -W64LIT(0xfb2043685f73ab5f), -}; - -NAMESPACE_END diff --git a/cryptopp562/simple.cpp b/cryptopp562/simple.cpp deleted file mode 100644 index 96f256b..0000000 --- a/cryptopp562/simple.cpp +++ /dev/null @@ -1,14 +0,0 @@ -// simple.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "simple.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -NAMESPACE_END - -#endif diff --git a/cryptopp562/simple.h b/cryptopp562/simple.h deleted file mode 100644 index 35fd65a..0000000 --- a/cryptopp562/simple.h +++ /dev/null @@ -1,209 +0,0 @@ -// simple.h - written and placed in the public domain by Wei Dai -/*! \file - Simple non-interface classes derived from classes in cryptlib.h. -*/ - -#ifndef CRYPTOPP_SIMPLE_H -#define CRYPTOPP_SIMPLE_H - -#include "cryptlib.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class DERIVED, class BASE> -class CRYPTOPP_NO_VTABLE ClonableImpl : public BASE -{ -public: - Clonable * Clone() const {return new DERIVED(*static_cast<const DERIVED *>(this));} -}; - -//! _ -template <class BASE, class ALGORITHM_INFO=BASE> -class CRYPTOPP_NO_VTABLE AlgorithmImpl : public BASE -{ -public: - static std::string CRYPTOPP_API StaticAlgorithmName() {return ALGORITHM_INFO::StaticAlgorithmName();} - std::string AlgorithmName() const {return ALGORITHM_INFO::StaticAlgorithmName();} -}; - -//! _ -class CRYPTOPP_DLL InvalidKeyLength : public InvalidArgument -{ -public: - explicit InvalidKeyLength(const std::string &algorithm, size_t length) : InvalidArgument(algorithm + ": " + IntToString(length) + " is not a valid key length") {} -}; - -//! _ -class CRYPTOPP_DLL InvalidRounds : public InvalidArgument -{ -public: - explicit InvalidRounds(const std::string &algorithm, unsigned int rounds) : InvalidArgument(algorithm + ": " + IntToString(rounds) + " is not a valid number of rounds") {} -}; - -// ***************************** - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE Bufferless : public T -{ -public: - bool IsolatedFlush(bool hardFlush, bool blocking) {return false;} -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE Unflushable : public T -{ -public: - bool Flush(bool completeFlush, int propagation=-1, bool blocking=true) - {return ChannelFlush(DEFAULT_CHANNEL, completeFlush, propagation, blocking);} - bool IsolatedFlush(bool hardFlush, bool blocking) - {assert(false); return false;} - bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true) - { - if (hardFlush && !InputBufferIsEmpty()) - throw CannotFlush("Unflushable<T>: this object has buffered input that cannot be flushed"); - else - { - BufferedTransformation *attached = this->AttachedTransformation(); - return attached && propagation ? attached->ChannelFlush(channel, hardFlush, propagation-1, blocking) : false; - } - } - -protected: - virtual bool InputBufferIsEmpty() const {return false;} -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE InputRejecting : public T -{ -public: - struct InputRejected : public NotImplemented - {InputRejected() : NotImplemented("BufferedTransformation: this object doesn't allow input") {}}; - - // shouldn't be calling these functions on this class - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - {throw InputRejected();} - bool IsolatedFlush(bool, bool) {return false;} - bool IsolatedMessageSeriesEnd(bool) {throw InputRejected();} - - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) - {throw InputRejected();} - bool ChannelMessageSeriesEnd(const std::string &, int, bool) {throw InputRejected();} -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE CustomFlushPropagation : public T -{ -public: - virtual bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) =0; - -private: - bool IsolatedFlush(bool hardFlush, bool blocking) {assert(false); return false;} -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE CustomSignalPropagation : public CustomFlushPropagation<T> -{ -public: - virtual void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1) =0; - -private: - void IsolatedInitialize(const NameValuePairs ¶meters) {assert(false);} -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE Multichannel : public CustomFlushPropagation<T> -{ -public: - bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) - {return this->ChannelFlush(DEFAULT_CHANNEL, hardFlush, propagation, blocking);} - bool MessageSeriesEnd(int propagation=-1, bool blocking=true) - {return this->ChannelMessageSeriesEnd(DEFAULT_CHANNEL, propagation, blocking);} - byte * CreatePutSpace(size_t &size) - {return this->ChannelCreatePutSpace(DEFAULT_CHANNEL, size);} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - {return this->ChannelPut2(DEFAULT_CHANNEL, begin, length, messageEnd, blocking);} - size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking) - {return this->ChannelPutModifiable2(DEFAULT_CHANNEL, inString, length, messageEnd, blocking);} - -// void ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1) -// {PropagateMessageSeriesEnd(propagation, channel);} - byte * ChannelCreatePutSpace(const std::string &channel, size_t &size) - {size = 0; return NULL;} - bool ChannelPutModifiable(const std::string &channel, byte *inString, size_t length) - {this->ChannelPut(channel, inString, length); return false;} - - virtual size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) =0; - size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking) - {return ChannelPut2(channel, begin, length, messageEnd, blocking);} - - virtual bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true) =0; -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE AutoSignaling : public T -{ -public: - AutoSignaling(int propagation=-1) : m_autoSignalPropagation(propagation) {} - - void SetAutoSignalPropagation(int propagation) - {m_autoSignalPropagation = propagation;} - int GetAutoSignalPropagation() const - {return m_autoSignalPropagation;} - -private: - int m_autoSignalPropagation; -}; - -//! A BufferedTransformation that only contains pre-existing data as "output" -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Store : public AutoSignaling<InputRejecting<BufferedTransformation> > -{ -public: - Store() : m_messageEnd(false) {} - - void IsolatedInitialize(const NameValuePairs ¶meters) - { - m_messageEnd = false; - StoreInitialize(parameters); - } - - unsigned int NumberOfMessages() const {return m_messageEnd ? 0 : 1;} - bool GetNextMessage(); - unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const; - -protected: - virtual void StoreInitialize(const NameValuePairs ¶meters) =0; - - bool m_messageEnd; -}; - -//! A BufferedTransformation that doesn't produce any retrievable output -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Sink : public BufferedTransformation -{ -public: - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) - {transferBytes = 0; return 0;} - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const - {return 0;} -}; - -class CRYPTOPP_DLL BitBucket : public Bufferless<Sink> -{ -public: - std::string AlgorithmName() const {return "BitBucket";} - void IsolatedInitialize(const NameValuePairs ¶meters) {} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - {return 0;} -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/skipjack.cpp b/cryptopp562/skipjack.cpp deleted file mode 100644 index dad14bd..0000000 --- a/cryptopp562/skipjack.cpp +++ /dev/null @@ -1,202 +0,0 @@ -// skipjack.cpp - modified by Wei Dai from Paulo Barreto's skipjack32.c, -// which is public domain according to his web site. - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "skipjack.h" - -/* - * Optimized implementation of SKIPJACK algorithm - * - * originally written by Panu Rissanen <bande@lut.fi> 1998.06.24 - * optimized by Mark Tillotson <markt@chaos.org.uk> 1998.06.25 - * optimized by Paulo Barreto <pbarreto@nw.com.br> 1998.06.30 - */ - -NAMESPACE_BEGIN(CryptoPP) - -/** - * The F-table byte permutation (see description of the G-box permutation) - */ -const byte SKIPJACK::Base::fTable[256] = { - 0xa3,0xd7,0x09,0x83,0xf8,0x48,0xf6,0xf4,0xb3,0x21,0x15,0x78,0x99,0xb1,0xaf,0xf9, - 0xe7,0x2d,0x4d,0x8a,0xce,0x4c,0xca,0x2e,0x52,0x95,0xd9,0x1e,0x4e,0x38,0x44,0x28, - 0x0a,0xdf,0x02,0xa0,0x17,0xf1,0x60,0x68,0x12,0xb7,0x7a,0xc3,0xe9,0xfa,0x3d,0x53, - 0x96,0x84,0x6b,0xba,0xf2,0x63,0x9a,0x19,0x7c,0xae,0xe5,0xf5,0xf7,0x16,0x6a,0xa2, - 0x39,0xb6,0x7b,0x0f,0xc1,0x93,0x81,0x1b,0xee,0xb4,0x1a,0xea,0xd0,0x91,0x2f,0xb8, - 0x55,0xb9,0xda,0x85,0x3f,0x41,0xbf,0xe0,0x5a,0x58,0x80,0x5f,0x66,0x0b,0xd8,0x90, - 0x35,0xd5,0xc0,0xa7,0x33,0x06,0x65,0x69,0x45,0x00,0x94,0x56,0x6d,0x98,0x9b,0x76, - 0x97,0xfc,0xb2,0xc2,0xb0,0xfe,0xdb,0x20,0xe1,0xeb,0xd6,0xe4,0xdd,0x47,0x4a,0x1d, - 0x42,0xed,0x9e,0x6e,0x49,0x3c,0xcd,0x43,0x27,0xd2,0x07,0xd4,0xde,0xc7,0x67,0x18, - 0x89,0xcb,0x30,0x1f,0x8d,0xc6,0x8f,0xaa,0xc8,0x74,0xdc,0xc9,0x5d,0x5c,0x31,0xa4, - 0x70,0x88,0x61,0x2c,0x9f,0x0d,0x2b,0x87,0x50,0x82,0x54,0x64,0x26,0x7d,0x03,0x40, - 0x34,0x4b,0x1c,0x73,0xd1,0xc4,0xfd,0x3b,0xcc,0xfb,0x7f,0xab,0xe6,0x3e,0x5b,0xa5, - 0xad,0x04,0x23,0x9c,0x14,0x51,0x22,0xf0,0x29,0x79,0x71,0x7e,0xff,0x8c,0x0e,0xe2, - 0x0c,0xef,0xbc,0x72,0x75,0x6f,0x37,0xa1,0xec,0xd3,0x8e,0x62,0x8b,0x86,0x10,0xe8, - 0x08,0x77,0x11,0xbe,0x92,0x4f,0x24,0xc5,0x32,0x36,0x9d,0xcf,0xf3,0xa6,0xbb,0xac, - 0x5e,0x6c,0xa9,0x13,0x57,0x25,0xb5,0xe3,0xbd,0xa8,0x3a,0x01,0x05,0x59,0x2a,0x46 -}; - -/** - * The key-dependent permutation G on V^16 is a four-round Feistel network. - * The round function is a fixed byte-substitution table (permutation on V^8), - * the F-table. Each round of G incorporates a single byte from the key. - */ -#define g(tab, w, i, j, k, l) \ -{ \ - w ^= (word)tab[i*256 + (w & 0xff)] << 8; \ - w ^= (word)tab[j*256 + (w >> 8)]; \ - w ^= (word)tab[k*256 + (w & 0xff)] << 8; \ - w ^= (word)tab[l*256 + (w >> 8)]; \ -} - -#define g0(tab, w) g(tab, w, 0, 1, 2, 3) -#define g1(tab, w) g(tab, w, 4, 5, 6, 7) -#define g2(tab, w) g(tab, w, 8, 9, 0, 1) -#define g3(tab, w) g(tab, w, 2, 3, 4, 5) -#define g4(tab, w) g(tab, w, 6, 7, 8, 9) - -/** - * The inverse of the G permutation. - */ -#define h(tab, w, i, j, k, l) \ -{ \ - w ^= (word)tab[l*256 + (w >> 8)]; \ - w ^= (word)tab[k*256 + (w & 0xff)] << 8; \ - w ^= (word)tab[j*256 + (w >> 8)]; \ - w ^= (word)tab[i*256 + (w & 0xff)] << 8; \ -} - -#define h0(tab, w) h(tab, w, 0, 1, 2, 3) -#define h1(tab, w) h(tab, w, 4, 5, 6, 7) -#define h2(tab, w) h(tab, w, 8, 9, 0, 1) -#define h3(tab, w) h(tab, w, 2, 3, 4, 5) -#define h4(tab, w) h(tab, w, 6, 7, 8, 9) - -/** - * Preprocess a user key into a table to save an XOR at each F-table access. - */ -void SKIPJACK::Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - /* tab[i][c] = fTable[c ^ key[i]] */ - int i; - for (i = 0; i < 10; i++) { - byte *t = tab+i*256, k = key[9-i]; - int c; - for (c = 0; c < 256; c++) { - t[c] = fTable[c ^ k]; - } - } -} - -typedef BlockGetAndPut<word16, LittleEndian> Block; - -/** - * Encrypt a single block of data. - */ -void SKIPJACK::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word16 w1, w2, w3, w4; - Block::Get(inBlock)(w4)(w3)(w2)(w1); - - /* stepping rule A: */ - g0(tab, w1); w4 ^= w1 ^ 1; - g1(tab, w4); w3 ^= w4 ^ 2; - g2(tab, w3); w2 ^= w3 ^ 3; - g3(tab, w2); w1 ^= w2 ^ 4; - g4(tab, w1); w4 ^= w1 ^ 5; - g0(tab, w4); w3 ^= w4 ^ 6; - g1(tab, w3); w2 ^= w3 ^ 7; - g2(tab, w2); w1 ^= w2 ^ 8; - - /* stepping rule B: */ - w2 ^= w1 ^ 9; g3(tab, w1); - w1 ^= w4 ^ 10; g4(tab, w4); - w4 ^= w3 ^ 11; g0(tab, w3); - w3 ^= w2 ^ 12; g1(tab, w2); - w2 ^= w1 ^ 13; g2(tab, w1); - w1 ^= w4 ^ 14; g3(tab, w4); - w4 ^= w3 ^ 15; g4(tab, w3); - w3 ^= w2 ^ 16; g0(tab, w2); - - /* stepping rule A: */ - g1(tab, w1); w4 ^= w1 ^ 17; - g2(tab, w4); w3 ^= w4 ^ 18; - g3(tab, w3); w2 ^= w3 ^ 19; - g4(tab, w2); w1 ^= w2 ^ 20; - g0(tab, w1); w4 ^= w1 ^ 21; - g1(tab, w4); w3 ^= w4 ^ 22; - g2(tab, w3); w2 ^= w3 ^ 23; - g3(tab, w2); w1 ^= w2 ^ 24; - - /* stepping rule B: */ - w2 ^= w1 ^ 25; g4(tab, w1); - w1 ^= w4 ^ 26; g0(tab, w4); - w4 ^= w3 ^ 27; g1(tab, w3); - w3 ^= w2 ^ 28; g2(tab, w2); - w2 ^= w1 ^ 29; g3(tab, w1); - w1 ^= w4 ^ 30; g4(tab, w4); - w4 ^= w3 ^ 31; g0(tab, w3); - w3 ^= w2 ^ 32; g1(tab, w2); - - Block::Put(xorBlock, outBlock)(w4)(w3)(w2)(w1); -} - -/** - * Decrypt a single block of data. - */ -void SKIPJACK::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word16 w1, w2, w3, w4; - Block::Get(inBlock)(w4)(w3)(w2)(w1); - - /* stepping rule A: */ - h1(tab, w2); w3 ^= w2 ^ 32; - h0(tab, w3); w4 ^= w3 ^ 31; - h4(tab, w4); w1 ^= w4 ^ 30; - h3(tab, w1); w2 ^= w1 ^ 29; - h2(tab, w2); w3 ^= w2 ^ 28; - h1(tab, w3); w4 ^= w3 ^ 27; - h0(tab, w4); w1 ^= w4 ^ 26; - h4(tab, w1); w2 ^= w1 ^ 25; - - /* stepping rule B: */ - w1 ^= w2 ^ 24; h3(tab, w2); - w2 ^= w3 ^ 23; h2(tab, w3); - w3 ^= w4 ^ 22; h1(tab, w4); - w4 ^= w1 ^ 21; h0(tab, w1); - w1 ^= w2 ^ 20; h4(tab, w2); - w2 ^= w3 ^ 19; h3(tab, w3); - w3 ^= w4 ^ 18; h2(tab, w4); - w4 ^= w1 ^ 17; h1(tab, w1); - - /* stepping rule A: */ - h0(tab, w2); w3 ^= w2 ^ 16; - h4(tab, w3); w4 ^= w3 ^ 15; - h3(tab, w4); w1 ^= w4 ^ 14; - h2(tab, w1); w2 ^= w1 ^ 13; - h1(tab, w2); w3 ^= w2 ^ 12; - h0(tab, w3); w4 ^= w3 ^ 11; - h4(tab, w4); w1 ^= w4 ^ 10; - h3(tab, w1); w2 ^= w1 ^ 9; - - /* stepping rule B: */ - w1 ^= w2 ^ 8; h2(tab, w2); - w2 ^= w3 ^ 7; h1(tab, w3); - w3 ^= w4 ^ 6; h0(tab, w4); - w4 ^= w1 ^ 5; h4(tab, w1); - w1 ^= w2 ^ 4; h3(tab, w2); - w2 ^= w3 ^ 3; h2(tab, w3); - w3 ^= w4 ^ 2; h1(tab, w4); - w4 ^= w1 ^ 1; h0(tab, w1); - - Block::Put(xorBlock, outBlock)(w4)(w3)(w2)(w1); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/skipjack.h b/cryptopp562/skipjack.h deleted file mode 100644 index 6b12647..0000000 --- a/cryptopp562/skipjack.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifndef CRYPTOPP_SKIPJACK_H -#define CRYPTOPP_SKIPJACK_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct SKIPJACK_Info : public FixedBlockSize<8>, public FixedKeyLength<10> -{ - CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return "SKIPJACK";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#SKIPJACK">SKIPJACK</a> -class SKIPJACK : public SKIPJACK_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<SKIPJACK_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - unsigned int OptimalDataAlignment() const {return GetAlignmentOf<word16>();} - - protected: - static const byte fTable[256]; - - FixedSizeSecBlock<byte, 10*256> tab; - }; - - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - private: - static const byte Se[256]; - static const word32 Te[4][256]; - }; - - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - private: - static const byte Sd[256]; - static const word32 Td[4][256]; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef SKIPJACK::Encryption SKIPJACKEncryption; -typedef SKIPJACK::Decryption SKIPJACKDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/smartptr.h b/cryptopp562/smartptr.h deleted file mode 100644 index a0a727e..0000000 --- a/cryptopp562/smartptr.h +++ /dev/null @@ -1,223 +0,0 @@ -#ifndef CRYPTOPP_SMARTPTR_H -#define CRYPTOPP_SMARTPTR_H - -#include "config.h" -#include <algorithm> - -NAMESPACE_BEGIN(CryptoPP) - -template <class T> class simple_ptr -{ -public: - simple_ptr(T *p = NULL) : m_p(p) {} - ~simple_ptr() {delete m_p; m_p = NULL;} // set m_p to NULL so double destruction (which might occur in Singleton) will be harmless - T *m_p; -}; - -template <class T> class member_ptr -{ -public: - explicit member_ptr(T *p = NULL) : m_p(p) {} - - ~member_ptr(); - - const T& operator*() const { return *m_p; } - T& operator*() { return *m_p; } - - const T* operator->() const { return m_p; } - T* operator->() { return m_p; } - - const T* get() const { return m_p; } - T* get() { return m_p; } - - T* release() - { - T *old_p = m_p; - m_p = 0; - return old_p; - } - - void reset(T *p = 0); - -protected: - member_ptr(const member_ptr<T>& rhs); // copy not allowed - void operator=(const member_ptr<T>& rhs); // assignment not allowed - - T *m_p; -}; - -template <class T> member_ptr<T>::~member_ptr() {delete m_p;} -template <class T> void member_ptr<T>::reset(T *p) {delete m_p; m_p = p;} - -// ******************************************************** - -template<class T> class value_ptr : public member_ptr<T> -{ -public: - value_ptr(const T &obj) : member_ptr<T>(new T(obj)) {} - value_ptr(T *p = NULL) : member_ptr<T>(p) {} - value_ptr(const value_ptr<T>& rhs) - : member_ptr<T>(rhs.m_p ? new T(*rhs.m_p) : NULL) {} - - value_ptr<T>& operator=(const value_ptr<T>& rhs); - bool operator==(const value_ptr<T>& rhs) - { - return (!this->m_p && !rhs.m_p) || (this->m_p && rhs.m_p && *this->m_p == *rhs.m_p); - } -}; - -template <class T> value_ptr<T>& value_ptr<T>::operator=(const value_ptr<T>& rhs) -{ - T *old_p = this->m_p; - this->m_p = rhs.m_p ? new T(*rhs.m_p) : NULL; - delete old_p; - return *this; -} - -// ******************************************************** - -template<class T> class clonable_ptr : public member_ptr<T> -{ -public: - clonable_ptr(const T &obj) : member_ptr<T>(obj.Clone()) {} - clonable_ptr(T *p = NULL) : member_ptr<T>(p) {} - clonable_ptr(const clonable_ptr<T>& rhs) - : member_ptr<T>(rhs.m_p ? rhs.m_p->Clone() : NULL) {} - - clonable_ptr<T>& operator=(const clonable_ptr<T>& rhs); -}; - -template <class T> clonable_ptr<T>& clonable_ptr<T>::operator=(const clonable_ptr<T>& rhs) -{ - T *old_p = this->m_p; - this->m_p = rhs.m_p ? rhs.m_p->Clone() : NULL; - delete old_p; - return *this; -} - -// ******************************************************** - -template<class T> class counted_ptr -{ -public: - explicit counted_ptr(T *p = 0); - counted_ptr(const T &r) : m_p(0) {attach(r);} - counted_ptr(const counted_ptr<T>& rhs); - - ~counted_ptr(); - - const T& operator*() const { return *m_p; } - T& operator*() { return *m_p; } - - const T* operator->() const { return m_p; } - T* operator->() { return get(); } - - const T* get() const { return m_p; } - T* get(); - - void attach(const T &p); - - counted_ptr<T> & operator=(const counted_ptr<T>& rhs); - -private: - T *m_p; -}; - -template <class T> counted_ptr<T>::counted_ptr(T *p) - : m_p(p) -{ - if (m_p) - m_p->m_referenceCount = 1; -} - -template <class T> counted_ptr<T>::counted_ptr(const counted_ptr<T>& rhs) - : m_p(rhs.m_p) -{ - if (m_p) - m_p->m_referenceCount++; -} - -template <class T> counted_ptr<T>::~counted_ptr() -{ - if (m_p && --m_p->m_referenceCount == 0) - delete m_p; -} - -template <class T> void counted_ptr<T>::attach(const T &r) -{ - if (m_p && --m_p->m_referenceCount == 0) - delete m_p; - if (r.m_referenceCount == 0) - { - m_p = r.clone(); - m_p->m_referenceCount = 1; - } - else - { - m_p = const_cast<T *>(&r); - m_p->m_referenceCount++; - } -} - -template <class T> T* counted_ptr<T>::get() -{ - if (m_p && m_p->m_referenceCount > 1) - { - T *temp = m_p->clone(); - m_p->m_referenceCount--; - m_p = temp; - m_p->m_referenceCount = 1; - } - return m_p; -} - -template <class T> counted_ptr<T> & counted_ptr<T>::operator=(const counted_ptr<T>& rhs) -{ - if (m_p != rhs.m_p) - { - if (m_p && --m_p->m_referenceCount == 0) - delete m_p; - m_p = rhs.m_p; - if (m_p) - m_p->m_referenceCount++; - } - return *this; -} - -// ******************************************************** - -template <class T> class vector_member_ptrs -{ -public: - vector_member_ptrs(size_t size=0) - : m_size(size), m_ptr(new member_ptr<T>[size]) {} - ~vector_member_ptrs() - {delete [] this->m_ptr;} - - member_ptr<T>& operator[](size_t index) - {assert(index<this->m_size); return this->m_ptr[index];} - const member_ptr<T>& operator[](size_t index) const - {assert(index<this->m_size); return this->m_ptr[index];} - - size_t size() const {return this->m_size;} - void resize(size_t newSize) - { - member_ptr<T> *newPtr = new member_ptr<T>[newSize]; - for (size_t i=0; i<this->m_size && i<newSize; i++) - newPtr[i].reset(this->m_ptr[i].release()); - delete [] this->m_ptr; - this->m_size = newSize; - this->m_ptr = newPtr; - } - -private: - vector_member_ptrs(const vector_member_ptrs<T> &c); // copy not allowed - void operator=(const vector_member_ptrs<T> &x); // assignment not allowed - - size_t m_size; - member_ptr<T> *m_ptr; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/socketft.cpp b/cryptopp562/socketft.cpp deleted file mode 100644 index 6c5a8ff..0000000 --- a/cryptopp562/socketft.cpp +++ /dev/null @@ -1,531 +0,0 @@ -// socketft.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "socketft.h" - -#ifdef SOCKETS_AVAILABLE - -#include "wait.h" - -#ifdef USE_BERKELEY_STYLE_SOCKETS -#include <errno.h> -#include <netdb.h> -#include <unistd.h> -#include <arpa/inet.h> -#include <netinet/in.h> -#include <sys/ioctl.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef USE_WINDOWS_STYLE_SOCKETS -const int SOCKET_EINVAL = WSAEINVAL; -const int SOCKET_EWOULDBLOCK = WSAEWOULDBLOCK; -typedef int socklen_t; -#else -const int SOCKET_EINVAL = EINVAL; -const int SOCKET_EWOULDBLOCK = EWOULDBLOCK; -#endif - -Socket::Err::Err(socket_t s, const std::string& operation, int error) - : OS_Error(IO_ERROR, "Socket: " + operation + " operation failed with error " + IntToString(error), operation, error) - , m_s(s) -{ -} - -Socket::~Socket() -{ - if (m_own) - { - try - { - CloseSocket(); - } - catch (...) - { - } - } -} - -void Socket::AttachSocket(socket_t s, bool own) -{ - if (m_own) - CloseSocket(); - - m_s = s; - m_own = own; - SocketChanged(); -} - -socket_t Socket::DetachSocket() -{ - socket_t s = m_s; - m_s = INVALID_SOCKET; - SocketChanged(); - return s; -} - -void Socket::Create(int nType) -{ - assert(m_s == INVALID_SOCKET); - m_s = socket(AF_INET, nType, 0); - CheckAndHandleError("socket", m_s); - m_own = true; - SocketChanged(); -} - -void Socket::CloseSocket() -{ - if (m_s != INVALID_SOCKET) - { -#ifdef USE_WINDOWS_STYLE_SOCKETS - CancelIo((HANDLE) m_s); - CheckAndHandleError_int("closesocket", closesocket(m_s)); -#else - CheckAndHandleError_int("close", close(m_s)); -#endif - m_s = INVALID_SOCKET; - SocketChanged(); - } -} - -void Socket::Bind(unsigned int port, const char *addr) -{ - sockaddr_in sa; - memset(&sa, 0, sizeof(sa)); - sa.sin_family = AF_INET; - - if (addr == NULL) - sa.sin_addr.s_addr = htonl(INADDR_ANY); - else - { - unsigned long result = inet_addr(addr); - if (result == -1) // Solaris doesn't have INADDR_NONE - { - SetLastError(SOCKET_EINVAL); - CheckAndHandleError_int("inet_addr", SOCKET_ERROR); - } - sa.sin_addr.s_addr = result; - } - - sa.sin_port = htons((u_short)port); - - Bind((sockaddr *)&sa, sizeof(sa)); -} - -void Socket::Bind(const sockaddr *psa, socklen_t saLen) -{ - assert(m_s != INVALID_SOCKET); - // cygwin workaround: needs const_cast - CheckAndHandleError_int("bind", bind(m_s, const_cast<sockaddr *>(psa), saLen)); -} - -void Socket::Listen(int backlog) -{ - assert(m_s != INVALID_SOCKET); - CheckAndHandleError_int("listen", listen(m_s, backlog)); -} - -bool Socket::Connect(const char *addr, unsigned int port) -{ - assert(addr != NULL); - - sockaddr_in sa; - memset(&sa, 0, sizeof(sa)); - sa.sin_family = AF_INET; - sa.sin_addr.s_addr = inet_addr(addr); - - if (sa.sin_addr.s_addr == -1) // Solaris doesn't have INADDR_NONE - { - hostent *lphost = gethostbyname(addr); - if (lphost == NULL) - { - SetLastError(SOCKET_EINVAL); - CheckAndHandleError_int("gethostbyname", SOCKET_ERROR); - } - - sa.sin_addr.s_addr = ((in_addr *)lphost->h_addr)->s_addr; - } - - sa.sin_port = htons((u_short)port); - - return Connect((const sockaddr *)&sa, sizeof(sa)); -} - -bool Socket::Connect(const sockaddr* psa, socklen_t saLen) -{ - assert(m_s != INVALID_SOCKET); - int result = connect(m_s, const_cast<sockaddr*>(psa), saLen); - if (result == SOCKET_ERROR && GetLastError() == SOCKET_EWOULDBLOCK) - return false; - CheckAndHandleError_int("connect", result); - return true; -} - -bool Socket::Accept(Socket& target, sockaddr *psa, socklen_t *psaLen) -{ - assert(m_s != INVALID_SOCKET); - socket_t s = accept(m_s, psa, psaLen); - if (s == INVALID_SOCKET && GetLastError() == SOCKET_EWOULDBLOCK) - return false; - CheckAndHandleError("accept", s); - target.AttachSocket(s, true); - return true; -} - -void Socket::GetSockName(sockaddr *psa, socklen_t *psaLen) -{ - assert(m_s != INVALID_SOCKET); - CheckAndHandleError_int("getsockname", getsockname(m_s, psa, psaLen)); -} - -void Socket::GetPeerName(sockaddr *psa, socklen_t *psaLen) -{ - assert(m_s != INVALID_SOCKET); - CheckAndHandleError_int("getpeername", getpeername(m_s, psa, psaLen)); -} - -unsigned int Socket::Send(const byte* buf, size_t bufLen, int flags) -{ - assert(m_s != INVALID_SOCKET); - int result = send(m_s, (const char *)buf, UnsignedMin(INT_MAX, bufLen), flags); - CheckAndHandleError_int("send", result); - return result; -} - -unsigned int Socket::Receive(byte* buf, size_t bufLen, int flags) -{ - assert(m_s != INVALID_SOCKET); - int result = recv(m_s, (char *)buf, UnsignedMin(INT_MAX, bufLen), flags); - CheckAndHandleError_int("recv", result); - return result; -} - -void Socket::ShutDown(int how) -{ - assert(m_s != INVALID_SOCKET); - int result = shutdown(m_s, how); - CheckAndHandleError_int("shutdown", result); -} - -void Socket::IOCtl(long cmd, unsigned long *argp) -{ - assert(m_s != INVALID_SOCKET); -#ifdef USE_WINDOWS_STYLE_SOCKETS - CheckAndHandleError_int("ioctlsocket", ioctlsocket(m_s, cmd, argp)); -#else - CheckAndHandleError_int("ioctl", ioctl(m_s, cmd, argp)); -#endif -} - -bool Socket::SendReady(const timeval *timeout) -{ - fd_set fds; - FD_ZERO(&fds); - FD_SET(m_s, &fds); - int ready; - if (timeout == NULL) - ready = select((int)m_s+1, NULL, &fds, NULL, NULL); - else - { - timeval timeoutCopy = *timeout; // select() modified timeout on Linux - ready = select((int)m_s+1, NULL, &fds, NULL, &timeoutCopy); - } - CheckAndHandleError_int("select", ready); - return ready > 0; -} - -bool Socket::ReceiveReady(const timeval *timeout) -{ - fd_set fds; - FD_ZERO(&fds); - FD_SET(m_s, &fds); - int ready; - if (timeout == NULL) - ready = select((int)m_s+1, &fds, NULL, NULL, NULL); - else - { - timeval timeoutCopy = *timeout; // select() modified timeout on Linux - ready = select((int)m_s+1, &fds, NULL, NULL, &timeoutCopy); - } - CheckAndHandleError_int("select", ready); - return ready > 0; -} - -unsigned int Socket::PortNameToNumber(const char *name, const char *protocol) -{ - int port = atoi(name); - if (IntToString(port) == name) - return port; - - servent *se = getservbyname(name, protocol); - if (!se) - throw Err(INVALID_SOCKET, "getservbyname", SOCKET_EINVAL); - return ntohs(se->s_port); -} - -void Socket::StartSockets() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - WSADATA wsd; - int result = WSAStartup(0x0202, &wsd); - if (result != 0) - throw Err(INVALID_SOCKET, "WSAStartup", result); -#endif -} - -void Socket::ShutdownSockets() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - int result = WSACleanup(); - if (result != 0) - throw Err(INVALID_SOCKET, "WSACleanup", result); -#endif -} - -int Socket::GetLastError() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - return WSAGetLastError(); -#else - return errno; -#endif -} - -void Socket::SetLastError(int errorCode) -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - WSASetLastError(errorCode); -#else - errno = errorCode; -#endif -} - -void Socket::HandleError(const char *operation) const -{ - int err = GetLastError(); - throw Err(m_s, operation, err); -} - -#ifdef USE_WINDOWS_STYLE_SOCKETS - -SocketReceiver::SocketReceiver(Socket &s) - : m_s(s), m_resultPending(false), m_eofReceived(false) -{ - m_event.AttachHandle(CreateEvent(NULL, true, false, NULL), true); - m_s.CheckAndHandleError("CreateEvent", m_event.HandleValid()); - memset(&m_overlapped, 0, sizeof(m_overlapped)); - m_overlapped.hEvent = m_event; -} - -SocketReceiver::~SocketReceiver() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - CancelIo((HANDLE) m_s.GetSocket()); -#endif -} - -bool SocketReceiver::Receive(byte* buf, size_t bufLen) -{ - assert(!m_resultPending && !m_eofReceived); - - DWORD flags = 0; - // don't queue too much at once, or we might use up non-paged memory - WSABUF wsabuf = {UnsignedMin((u_long)128*1024, bufLen), (char *)buf}; - if (WSARecv(m_s, &wsabuf, 1, &m_lastResult, &flags, &m_overlapped, NULL) == 0) - { - if (m_lastResult == 0) - m_eofReceived = true; - } - else - { - switch (WSAGetLastError()) - { - default: - m_s.CheckAndHandleError_int("WSARecv", SOCKET_ERROR); - case WSAEDISCON: - m_lastResult = 0; - m_eofReceived = true; - break; - case WSA_IO_PENDING: - m_resultPending = true; - } - } - return !m_resultPending; -} - -void SocketReceiver::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (m_resultPending) - container.AddHandle(m_event, CallStack("SocketReceiver::GetWaitObjects() - result pending", &callStack)); - else if (!m_eofReceived) - container.SetNoWait(CallStack("SocketReceiver::GetWaitObjects() - result ready", &callStack)); -} - -unsigned int SocketReceiver::GetReceiveResult() -{ - if (m_resultPending) - { - DWORD flags = 0; - if (WSAGetOverlappedResult(m_s, &m_overlapped, &m_lastResult, false, &flags)) - { - if (m_lastResult == 0) - m_eofReceived = true; - } - else - { - switch (WSAGetLastError()) - { - default: - m_s.CheckAndHandleError("WSAGetOverlappedResult", FALSE); - case WSAEDISCON: - m_lastResult = 0; - m_eofReceived = true; - } - } - m_resultPending = false; - } - return m_lastResult; -} - -// ************************************************************* - -SocketSender::SocketSender(Socket &s) - : m_s(s), m_resultPending(false), m_lastResult(0) -{ - m_event.AttachHandle(CreateEvent(NULL, true, false, NULL), true); - m_s.CheckAndHandleError("CreateEvent", m_event.HandleValid()); - memset(&m_overlapped, 0, sizeof(m_overlapped)); - m_overlapped.hEvent = m_event; -} - - -SocketSender::~SocketSender() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - CancelIo((HANDLE) m_s.GetSocket()); -#endif -} - -void SocketSender::Send(const byte* buf, size_t bufLen) -{ - assert(!m_resultPending); - DWORD written = 0; - // don't queue too much at once, or we might use up non-paged memory - WSABUF wsabuf = {UnsignedMin((u_long)128*1024, bufLen), (char *)buf}; - if (WSASend(m_s, &wsabuf, 1, &written, 0, &m_overlapped, NULL) == 0) - { - m_resultPending = false; - m_lastResult = written; - } - else - { - if (WSAGetLastError() != WSA_IO_PENDING) - m_s.CheckAndHandleError_int("WSASend", SOCKET_ERROR); - - m_resultPending = true; - } -} - -void SocketSender::SendEof() -{ - assert(!m_resultPending); - m_s.ShutDown(SD_SEND); - m_s.CheckAndHandleError("ResetEvent", ResetEvent(m_event)); - m_s.CheckAndHandleError_int("WSAEventSelect", WSAEventSelect(m_s, m_event, FD_CLOSE)); - m_resultPending = true; -} - -bool SocketSender::EofSent() -{ - if (m_resultPending) - { - WSANETWORKEVENTS events; - m_s.CheckAndHandleError_int("WSAEnumNetworkEvents", WSAEnumNetworkEvents(m_s, m_event, &events)); - if ((events.lNetworkEvents & FD_CLOSE) != FD_CLOSE) - throw Socket::Err(m_s, "WSAEnumNetworkEvents (FD_CLOSE not present)", E_FAIL); - if (events.iErrorCode[FD_CLOSE_BIT] != 0) - throw Socket::Err(m_s, "FD_CLOSE (via WSAEnumNetworkEvents)", events.iErrorCode[FD_CLOSE_BIT]); - m_resultPending = false; - } - return m_lastResult != 0; -} - -void SocketSender::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (m_resultPending) - container.AddHandle(m_event, CallStack("SocketSender::GetWaitObjects() - result pending", &callStack)); - else - container.SetNoWait(CallStack("SocketSender::GetWaitObjects() - result ready", &callStack)); -} - -unsigned int SocketSender::GetSendResult() -{ - if (m_resultPending) - { - DWORD flags = 0; - BOOL result = WSAGetOverlappedResult(m_s, &m_overlapped, &m_lastResult, false, &flags); - m_s.CheckAndHandleError("WSAGetOverlappedResult", result); - m_resultPending = false; - } - return m_lastResult; -} - -#endif - -#ifdef USE_BERKELEY_STYLE_SOCKETS - -SocketReceiver::SocketReceiver(Socket &s) - : m_s(s), m_lastResult(0), m_eofReceived(false) -{ -} - -void SocketReceiver::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (!m_eofReceived) - container.AddReadFd(m_s, CallStack("SocketReceiver::GetWaitObjects()", &callStack)); -} - -bool SocketReceiver::Receive(byte* buf, size_t bufLen) -{ - m_lastResult = m_s.Receive(buf, bufLen); - if (bufLen > 0 && m_lastResult == 0) - m_eofReceived = true; - return true; -} - -unsigned int SocketReceiver::GetReceiveResult() -{ - return m_lastResult; -} - -SocketSender::SocketSender(Socket &s) - : m_s(s), m_lastResult(0) -{ -} - -void SocketSender::Send(const byte* buf, size_t bufLen) -{ - m_lastResult = m_s.Send(buf, bufLen); -} - -void SocketSender::SendEof() -{ - m_s.ShutDown(SD_SEND); -} - -unsigned int SocketSender::GetSendResult() -{ - return m_lastResult; -} - -void SocketSender::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - container.AddWriteFd(m_s, CallStack("SocketSender::GetWaitObjects()", &callStack)); -} - -#endif - -NAMESPACE_END - -#endif // #ifdef SOCKETS_AVAILABLE diff --git a/cryptopp562/socketft.h b/cryptopp562/socketft.h deleted file mode 100644 index e414aa6..0000000 --- a/cryptopp562/socketft.h +++ /dev/null @@ -1,224 +0,0 @@ -#ifndef CRYPTOPP_SOCKETFT_H -#define CRYPTOPP_SOCKETFT_H - -#include "config.h" - -#ifdef SOCKETS_AVAILABLE - -#include "network.h" -#include "queue.h" - -#ifdef USE_WINDOWS_STYLE_SOCKETS -# if defined(_WINSOCKAPI_) && !defined(_WINSOCK2API_) -# error Winsock 1 is not supported by this library. Please include this file or winsock2.h before windows.h. -# endif -#include <winsock2.h> -#include "winpipes.h" -#else -#include <sys/time.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <unistd.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef USE_WINDOWS_STYLE_SOCKETS -typedef ::SOCKET socket_t; -#else -typedef int socket_t; -const socket_t INVALID_SOCKET = -1; -// cygwin 1.1.4 doesn't have SHUT_RD -const int SD_RECEIVE = 0; -const int SD_SEND = 1; -const int SD_BOTH = 2; -const int SOCKET_ERROR = -1; -#endif - -#ifndef socklen_t -typedef TYPE_OF_SOCKLEN_T socklen_t; // see config.h -#endif - -//! wrapper for Windows or Berkeley Sockets -class Socket -{ -public: - //! exception thrown by Socket class - class Err : public OS_Error - { - public: - Err(socket_t s, const std::string& operation, int error); - socket_t GetSocket() const {return m_s;} - - private: - socket_t m_s; - }; - - Socket(socket_t s = INVALID_SOCKET, bool own=false) : m_s(s), m_own(own) {} - Socket(const Socket &s) : m_s(s.m_s), m_own(false) {} - virtual ~Socket(); - - bool GetOwnership() const {return m_own;} - void SetOwnership(bool own) {m_own = own;} - - operator socket_t() {return m_s;} - socket_t GetSocket() const {return m_s;} - void AttachSocket(socket_t s, bool own=false); - socket_t DetachSocket(); - void CloseSocket(); - - void Create(int nType = SOCK_STREAM); - void Bind(unsigned int port, const char *addr=NULL); - void Bind(const sockaddr* psa, socklen_t saLen); - void Listen(int backlog=5); - // the next three functions return false if the socket is in nonblocking mode - // and the operation cannot be completed immediately - bool Connect(const char *addr, unsigned int port); - bool Connect(const sockaddr* psa, socklen_t saLen); - bool Accept(Socket& s, sockaddr *psa=NULL, socklen_t *psaLen=NULL); - void GetSockName(sockaddr *psa, socklen_t *psaLen); - void GetPeerName(sockaddr *psa, socklen_t *psaLen); - unsigned int Send(const byte* buf, size_t bufLen, int flags=0); - unsigned int Receive(byte* buf, size_t bufLen, int flags=0); - void ShutDown(int how = SD_SEND); - - void IOCtl(long cmd, unsigned long *argp); - bool SendReady(const timeval *timeout); - bool ReceiveReady(const timeval *timeout); - - virtual void HandleError(const char *operation) const; - void CheckAndHandleError_int(const char *operation, int result) const - {if (result == SOCKET_ERROR) HandleError(operation);} - void CheckAndHandleError(const char *operation, socket_t result) const - {if (result == SOCKET_ERROR) HandleError(operation);} -#ifdef USE_WINDOWS_STYLE_SOCKETS - void CheckAndHandleError(const char *operation, BOOL result) const - {assert(result==TRUE || result==FALSE); if (!result) HandleError(operation);} - void CheckAndHandleError(const char *operation, bool result) const - {if (!result) HandleError(operation);} -#endif - - //! look up the port number given its name, returns 0 if not found - static unsigned int PortNameToNumber(const char *name, const char *protocol="tcp"); - //! start Windows Sockets 2 - static void StartSockets(); - //! calls WSACleanup for Windows Sockets - static void ShutdownSockets(); - //! returns errno or WSAGetLastError - static int GetLastError(); - //! sets errno or calls WSASetLastError - static void SetLastError(int errorCode); - -protected: - virtual void SocketChanged() {} - - socket_t m_s; - bool m_own; -}; - -class SocketsInitializer -{ -public: - SocketsInitializer() {Socket::StartSockets();} - ~SocketsInitializer() {try {Socket::ShutdownSockets();} catch (...) {}} -}; - -class SocketReceiver : public NetworkReceiver -{ -public: - SocketReceiver(Socket &s); - -#ifdef USE_BERKELEY_STYLE_SOCKETS - bool MustWaitToReceive() {return true;} -#else - ~SocketReceiver(); - bool MustWaitForResult() {return true;} -#endif - bool Receive(byte* buf, size_t bufLen); - unsigned int GetReceiveResult(); - bool EofReceived() const {return m_eofReceived;} - - unsigned int GetMaxWaitObjectCount() const {return 1;} - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - -private: - Socket &m_s; - bool m_eofReceived; - -#ifdef USE_WINDOWS_STYLE_SOCKETS - WindowsHandle m_event; - OVERLAPPED m_overlapped; - bool m_resultPending; - DWORD m_lastResult; -#else - unsigned int m_lastResult; -#endif -}; - -class SocketSender : public NetworkSender -{ -public: - SocketSender(Socket &s); - -#ifdef USE_BERKELEY_STYLE_SOCKETS - bool MustWaitToSend() {return true;} -#else - ~SocketSender(); - bool MustWaitForResult() {return true;} - bool MustWaitForEof() { return true; } - bool EofSent(); -#endif - void Send(const byte* buf, size_t bufLen); - unsigned int GetSendResult(); - void SendEof(); - - unsigned int GetMaxWaitObjectCount() const {return 1;} - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - -private: - Socket &m_s; -#ifdef USE_WINDOWS_STYLE_SOCKETS - WindowsHandle m_event; - OVERLAPPED m_overlapped; - bool m_resultPending; - DWORD m_lastResult; -#else - unsigned int m_lastResult; -#endif -}; - -//! socket-based implementation of NetworkSource -class SocketSource : public NetworkSource, public Socket -{ -public: - SocketSource(socket_t s = INVALID_SOCKET, bool pumpAll = false, BufferedTransformation *attachment = NULL) - : NetworkSource(attachment), Socket(s), m_receiver(*this) - { - if (pumpAll) - PumpAll(); - } - -private: - NetworkReceiver & AccessReceiver() {return m_receiver;} - SocketReceiver m_receiver; -}; - -//! socket-based implementation of NetworkSink -class SocketSink : public NetworkSink, public Socket -{ -public: - SocketSink(socket_t s=INVALID_SOCKET, unsigned int maxBufferSize=0, unsigned int autoFlushBound=16*1024) - : NetworkSink(maxBufferSize, autoFlushBound), Socket(s), m_sender(*this) {} - - void SendEof() {ShutDown(SD_SEND);} - -private: - NetworkSender & AccessSender() {return m_sender;} - SocketSender m_sender; -}; - -NAMESPACE_END - -#endif // #ifdef SOCKETS_AVAILABLE - -#endif diff --git a/cryptopp562/sosemanuk.cpp b/cryptopp562/sosemanuk.cpp deleted file mode 100644 index 0863675..0000000 --- a/cryptopp562/sosemanuk.cpp +++ /dev/null @@ -1,711 +0,0 @@ -// sosemanuk.cpp - written and placed in the public domain by Wei Dai - -// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM sosemanuk.cpp" to generate MASM code - -#include "pch.h" - -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#include "sosemanuk.h" -#include "misc.h" -#include "cpu.h" - -#include "serpentp.h" - -NAMESPACE_BEGIN(CryptoPP) - -void SosemanukPolicy::CipherSetKey(const NameValuePairs ¶ms, const byte *userKey, size_t keylen) -{ - Serpent_KeySchedule(m_key, 24, userKey, keylen); -} - -void SosemanukPolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) -{ - assert(length==16); - - word32 a, b, c, d, e; - - typedef BlockGetAndPut<word32, LittleEndian> Block; - Block::Get(iv)(a)(b)(c)(d); - - const word32 *k = m_key; - unsigned int i=1; - - do - { - beforeS0(KX); beforeS0(S0); afterS0(LT); - afterS0(KX); afterS0(S1); afterS1(LT); - if (i == 3) // after 18th round - { - m_state[4] = b; - m_state[5] = e; - m_state[10] = c; - m_state[11] = a; - } - afterS1(KX); afterS1(S2); afterS2(LT); - afterS2(KX); afterS2(S3); afterS3(LT); - if (i == 2) // after 12th round - { - m_state[6] = c; - m_state[7] = d; - m_state[8] = b; - m_state[9] = e; - } - afterS3(KX); afterS3(S4); afterS4(LT); - afterS4(KX); afterS4(S5); afterS5(LT); - afterS5(KX); afterS5(S6); afterS6(LT); - afterS6(KX); afterS6(S7); afterS7(LT); - - if (i == 3) - break; - - ++i; - c = b; - b = e; - e = d; - d = a; - a = e; - k += 32; - } - while (true); - - afterS7(KX); - - m_state[0] = a; - m_state[1] = b; - m_state[2] = e; - m_state[3] = d; - -#define XMUX(c, x, y) (x ^ (y & (0 - (c & 1)))) - m_state[11] += XMUX(m_state[10], m_state[1], m_state[8]); - m_state[10] = rotlFixed(m_state[10] * 0x54655307, 7); -} - -extern "C" { -word32 s_sosemanukMulTables[512] = { -#if CRYPTOPP_BOOL_X86 | CRYPTOPP_BOOL_X64 - 0x00000000, 0xE19FCF12, 0x6B973724, 0x8A08F836, - 0xD6876E48, 0x3718A15A, 0xBD10596C, 0x5C8F967E, - 0x05A7DC90, 0xE4381382, 0x6E30EBB4, 0x8FAF24A6, - 0xD320B2D8, 0x32BF7DCA, 0xB8B785FC, 0x59284AEE, - 0x0AE71189, 0xEB78DE9B, 0x617026AD, 0x80EFE9BF, - 0xDC607FC1, 0x3DFFB0D3, 0xB7F748E5, 0x566887F7, - 0x0F40CD19, 0xEEDF020B, 0x64D7FA3D, 0x8548352F, - 0xD9C7A351, 0x38586C43, 0xB2509475, 0x53CF5B67, - 0x146722BB, 0xF5F8EDA9, 0x7FF0159F, 0x9E6FDA8D, - 0xC2E04CF3, 0x237F83E1, 0xA9777BD7, 0x48E8B4C5, - 0x11C0FE2B, 0xF05F3139, 0x7A57C90F, 0x9BC8061D, - 0xC7479063, 0x26D85F71, 0xACD0A747, 0x4D4F6855, - 0x1E803332, 0xFF1FFC20, 0x75170416, 0x9488CB04, - 0xC8075D7A, 0x29989268, 0xA3906A5E, 0x420FA54C, - 0x1B27EFA2, 0xFAB820B0, 0x70B0D886, 0x912F1794, - 0xCDA081EA, 0x2C3F4EF8, 0xA637B6CE, 0x47A879DC, - 0x28CE44DF, 0xC9518BCD, 0x435973FB, 0xA2C6BCE9, - 0xFE492A97, 0x1FD6E585, 0x95DE1DB3, 0x7441D2A1, - 0x2D69984F, 0xCCF6575D, 0x46FEAF6B, 0xA7616079, - 0xFBEEF607, 0x1A713915, 0x9079C123, 0x71E60E31, - 0x22295556, 0xC3B69A44, 0x49BE6272, 0xA821AD60, - 0xF4AE3B1E, 0x1531F40C, 0x9F390C3A, 0x7EA6C328, - 0x278E89C6, 0xC61146D4, 0x4C19BEE2, 0xAD8671F0, - 0xF109E78E, 0x1096289C, 0x9A9ED0AA, 0x7B011FB8, - 0x3CA96664, 0xDD36A976, 0x573E5140, 0xB6A19E52, - 0xEA2E082C, 0x0BB1C73E, 0x81B93F08, 0x6026F01A, - 0x390EBAF4, 0xD89175E6, 0x52998DD0, 0xB30642C2, - 0xEF89D4BC, 0x0E161BAE, 0x841EE398, 0x65812C8A, - 0x364E77ED, 0xD7D1B8FF, 0x5DD940C9, 0xBC468FDB, - 0xE0C919A5, 0x0156D6B7, 0x8B5E2E81, 0x6AC1E193, - 0x33E9AB7D, 0xD276646F, 0x587E9C59, 0xB9E1534B, - 0xE56EC535, 0x04F10A27, 0x8EF9F211, 0x6F663D03, - 0x50358817, 0xB1AA4705, 0x3BA2BF33, 0xDA3D7021, - 0x86B2E65F, 0x672D294D, 0xED25D17B, 0x0CBA1E69, - 0x55925487, 0xB40D9B95, 0x3E0563A3, 0xDF9AACB1, - 0x83153ACF, 0x628AF5DD, 0xE8820DEB, 0x091DC2F9, - 0x5AD2999E, 0xBB4D568C, 0x3145AEBA, 0xD0DA61A8, - 0x8C55F7D6, 0x6DCA38C4, 0xE7C2C0F2, 0x065D0FE0, - 0x5F75450E, 0xBEEA8A1C, 0x34E2722A, 0xD57DBD38, - 0x89F22B46, 0x686DE454, 0xE2651C62, 0x03FAD370, - 0x4452AAAC, 0xA5CD65BE, 0x2FC59D88, 0xCE5A529A, - 0x92D5C4E4, 0x734A0BF6, 0xF942F3C0, 0x18DD3CD2, - 0x41F5763C, 0xA06AB92E, 0x2A624118, 0xCBFD8E0A, - 0x97721874, 0x76EDD766, 0xFCE52F50, 0x1D7AE042, - 0x4EB5BB25, 0xAF2A7437, 0x25228C01, 0xC4BD4313, - 0x9832D56D, 0x79AD1A7F, 0xF3A5E249, 0x123A2D5B, - 0x4B1267B5, 0xAA8DA8A7, 0x20855091, 0xC11A9F83, - 0x9D9509FD, 0x7C0AC6EF, 0xF6023ED9, 0x179DF1CB, - 0x78FBCCC8, 0x996403DA, 0x136CFBEC, 0xF2F334FE, - 0xAE7CA280, 0x4FE36D92, 0xC5EB95A4, 0x24745AB6, - 0x7D5C1058, 0x9CC3DF4A, 0x16CB277C, 0xF754E86E, - 0xABDB7E10, 0x4A44B102, 0xC04C4934, 0x21D38626, - 0x721CDD41, 0x93831253, 0x198BEA65, 0xF8142577, - 0xA49BB309, 0x45047C1B, 0xCF0C842D, 0x2E934B3F, - 0x77BB01D1, 0x9624CEC3, 0x1C2C36F5, 0xFDB3F9E7, - 0xA13C6F99, 0x40A3A08B, 0xCAAB58BD, 0x2B3497AF, - 0x6C9CEE73, 0x8D032161, 0x070BD957, 0xE6941645, - 0xBA1B803B, 0x5B844F29, 0xD18CB71F, 0x3013780D, - 0x693B32E3, 0x88A4FDF1, 0x02AC05C7, 0xE333CAD5, - 0xBFBC5CAB, 0x5E2393B9, 0xD42B6B8F, 0x35B4A49D, - 0x667BFFFA, 0x87E430E8, 0x0DECC8DE, 0xEC7307CC, - 0xB0FC91B2, 0x51635EA0, 0xDB6BA696, 0x3AF46984, - 0x63DC236A, 0x8243EC78, 0x084B144E, 0xE9D4DB5C, - 0xB55B4D22, 0x54C48230, 0xDECC7A06, 0x3F53B514, -#else - 0x00000000, 0xE19FCF13, 0x6B973726, 0x8A08F835, - 0xD6876E4C, 0x3718A15F, 0xBD10596A, 0x5C8F9679, - 0x05A7DC98, 0xE438138B, 0x6E30EBBE, 0x8FAF24AD, - 0xD320B2D4, 0x32BF7DC7, 0xB8B785F2, 0x59284AE1, - 0x0AE71199, 0xEB78DE8A, 0x617026BF, 0x80EFE9AC, - 0xDC607FD5, 0x3DFFB0C6, 0xB7F748F3, 0x566887E0, - 0x0F40CD01, 0xEEDF0212, 0x64D7FA27, 0x85483534, - 0xD9C7A34D, 0x38586C5E, 0xB250946B, 0x53CF5B78, - 0x1467229B, 0xF5F8ED88, 0x7FF015BD, 0x9E6FDAAE, - 0xC2E04CD7, 0x237F83C4, 0xA9777BF1, 0x48E8B4E2, - 0x11C0FE03, 0xF05F3110, 0x7A57C925, 0x9BC80636, - 0xC747904F, 0x26D85F5C, 0xACD0A769, 0x4D4F687A, - 0x1E803302, 0xFF1FFC11, 0x75170424, 0x9488CB37, - 0xC8075D4E, 0x2998925D, 0xA3906A68, 0x420FA57B, - 0x1B27EF9A, 0xFAB82089, 0x70B0D8BC, 0x912F17AF, - 0xCDA081D6, 0x2C3F4EC5, 0xA637B6F0, 0x47A879E3, - 0x28CE449F, 0xC9518B8C, 0x435973B9, 0xA2C6BCAA, - 0xFE492AD3, 0x1FD6E5C0, 0x95DE1DF5, 0x7441D2E6, - 0x2D699807, 0xCCF65714, 0x46FEAF21, 0xA7616032, - 0xFBEEF64B, 0x1A713958, 0x9079C16D, 0x71E60E7E, - 0x22295506, 0xC3B69A15, 0x49BE6220, 0xA821AD33, - 0xF4AE3B4A, 0x1531F459, 0x9F390C6C, 0x7EA6C37F, - 0x278E899E, 0xC611468D, 0x4C19BEB8, 0xAD8671AB, - 0xF109E7D2, 0x109628C1, 0x9A9ED0F4, 0x7B011FE7, - 0x3CA96604, 0xDD36A917, 0x573E5122, 0xB6A19E31, - 0xEA2E0848, 0x0BB1C75B, 0x81B93F6E, 0x6026F07D, - 0x390EBA9C, 0xD891758F, 0x52998DBA, 0xB30642A9, - 0xEF89D4D0, 0x0E161BC3, 0x841EE3F6, 0x65812CE5, - 0x364E779D, 0xD7D1B88E, 0x5DD940BB, 0xBC468FA8, - 0xE0C919D1, 0x0156D6C2, 0x8B5E2EF7, 0x6AC1E1E4, - 0x33E9AB05, 0xD2766416, 0x587E9C23, 0xB9E15330, - 0xE56EC549, 0x04F10A5A, 0x8EF9F26F, 0x6F663D7C, - 0x50358897, 0xB1AA4784, 0x3BA2BFB1, 0xDA3D70A2, - 0x86B2E6DB, 0x672D29C8, 0xED25D1FD, 0x0CBA1EEE, - 0x5592540F, 0xB40D9B1C, 0x3E056329, 0xDF9AAC3A, - 0x83153A43, 0x628AF550, 0xE8820D65, 0x091DC276, - 0x5AD2990E, 0xBB4D561D, 0x3145AE28, 0xD0DA613B, - 0x8C55F742, 0x6DCA3851, 0xE7C2C064, 0x065D0F77, - 0x5F754596, 0xBEEA8A85, 0x34E272B0, 0xD57DBDA3, - 0x89F22BDA, 0x686DE4C9, 0xE2651CFC, 0x03FAD3EF, - 0x4452AA0C, 0xA5CD651F, 0x2FC59D2A, 0xCE5A5239, - 0x92D5C440, 0x734A0B53, 0xF942F366, 0x18DD3C75, - 0x41F57694, 0xA06AB987, 0x2A6241B2, 0xCBFD8EA1, - 0x977218D8, 0x76EDD7CB, 0xFCE52FFE, 0x1D7AE0ED, - 0x4EB5BB95, 0xAF2A7486, 0x25228CB3, 0xC4BD43A0, - 0x9832D5D9, 0x79AD1ACA, 0xF3A5E2FF, 0x123A2DEC, - 0x4B12670D, 0xAA8DA81E, 0x2085502B, 0xC11A9F38, - 0x9D950941, 0x7C0AC652, 0xF6023E67, 0x179DF174, - 0x78FBCC08, 0x9964031B, 0x136CFB2E, 0xF2F3343D, - 0xAE7CA244, 0x4FE36D57, 0xC5EB9562, 0x24745A71, - 0x7D5C1090, 0x9CC3DF83, 0x16CB27B6, 0xF754E8A5, - 0xABDB7EDC, 0x4A44B1CF, 0xC04C49FA, 0x21D386E9, - 0x721CDD91, 0x93831282, 0x198BEAB7, 0xF81425A4, - 0xA49BB3DD, 0x45047CCE, 0xCF0C84FB, 0x2E934BE8, - 0x77BB0109, 0x9624CE1A, 0x1C2C362F, 0xFDB3F93C, - 0xA13C6F45, 0x40A3A056, 0xCAAB5863, 0x2B349770, - 0x6C9CEE93, 0x8D032180, 0x070BD9B5, 0xE69416A6, - 0xBA1B80DF, 0x5B844FCC, 0xD18CB7F9, 0x301378EA, - 0x693B320B, 0x88A4FD18, 0x02AC052D, 0xE333CA3E, - 0xBFBC5C47, 0x5E239354, 0xD42B6B61, 0x35B4A472, - 0x667BFF0A, 0x87E43019, 0x0DECC82C, 0xEC73073F, - 0xB0FC9146, 0x51635E55, 0xDB6BA660, 0x3AF46973, - 0x63DC2392, 0x8243EC81, 0x084B14B4, 0xE9D4DBA7, - 0xB55B4DDE, 0x54C482CD, 0xDECC7AF8, 0x3F53B5EB, -#endif - 0x00000000, 0x180F40CD, 0x301E8033, 0x2811C0FE, - 0x603CA966, 0x7833E9AB, 0x50222955, 0x482D6998, - 0xC078FBCC, 0xD877BB01, 0xF0667BFF, 0xE8693B32, - 0xA04452AA, 0xB84B1267, 0x905AD299, 0x88559254, - 0x29F05F31, 0x31FF1FFC, 0x19EEDF02, 0x01E19FCF, - 0x49CCF657, 0x51C3B69A, 0x79D27664, 0x61DD36A9, - 0xE988A4FD, 0xF187E430, 0xD99624CE, 0xC1996403, - 0x89B40D9B, 0x91BB4D56, 0xB9AA8DA8, 0xA1A5CD65, - 0x5249BE62, 0x4A46FEAF, 0x62573E51, 0x7A587E9C, - 0x32751704, 0x2A7A57C9, 0x026B9737, 0x1A64D7FA, - 0x923145AE, 0x8A3E0563, 0xA22FC59D, 0xBA208550, - 0xF20DECC8, 0xEA02AC05, 0xC2136CFB, 0xDA1C2C36, - 0x7BB9E153, 0x63B6A19E, 0x4BA76160, 0x53A821AD, - 0x1B854835, 0x038A08F8, 0x2B9BC806, 0x339488CB, - 0xBBC11A9F, 0xA3CE5A52, 0x8BDF9AAC, 0x93D0DA61, - 0xDBFDB3F9, 0xC3F2F334, 0xEBE333CA, 0xF3EC7307, - 0xA492D5C4, 0xBC9D9509, 0x948C55F7, 0x8C83153A, - 0xC4AE7CA2, 0xDCA13C6F, 0xF4B0FC91, 0xECBFBC5C, - 0x64EA2E08, 0x7CE56EC5, 0x54F4AE3B, 0x4CFBEEF6, - 0x04D6876E, 0x1CD9C7A3, 0x34C8075D, 0x2CC74790, - 0x8D628AF5, 0x956DCA38, 0xBD7C0AC6, 0xA5734A0B, - 0xED5E2393, 0xF551635E, 0xDD40A3A0, 0xC54FE36D, - 0x4D1A7139, 0x551531F4, 0x7D04F10A, 0x650BB1C7, - 0x2D26D85F, 0x35299892, 0x1D38586C, 0x053718A1, - 0xF6DB6BA6, 0xEED42B6B, 0xC6C5EB95, 0xDECAAB58, - 0x96E7C2C0, 0x8EE8820D, 0xA6F942F3, 0xBEF6023E, - 0x36A3906A, 0x2EACD0A7, 0x06BD1059, 0x1EB25094, - 0x569F390C, 0x4E9079C1, 0x6681B93F, 0x7E8EF9F2, - 0xDF2B3497, 0xC724745A, 0xEF35B4A4, 0xF73AF469, - 0xBF179DF1, 0xA718DD3C, 0x8F091DC2, 0x97065D0F, - 0x1F53CF5B, 0x075C8F96, 0x2F4D4F68, 0x37420FA5, - 0x7F6F663D, 0x676026F0, 0x4F71E60E, 0x577EA6C3, - 0xE18D0321, 0xF98243EC, 0xD1938312, 0xC99CC3DF, - 0x81B1AA47, 0x99BEEA8A, 0xB1AF2A74, 0xA9A06AB9, - 0x21F5F8ED, 0x39FAB820, 0x11EB78DE, 0x09E43813, - 0x41C9518B, 0x59C61146, 0x71D7D1B8, 0x69D89175, - 0xC87D5C10, 0xD0721CDD, 0xF863DC23, 0xE06C9CEE, - 0xA841F576, 0xB04EB5BB, 0x985F7545, 0x80503588, - 0x0805A7DC, 0x100AE711, 0x381B27EF, 0x20146722, - 0x68390EBA, 0x70364E77, 0x58278E89, 0x4028CE44, - 0xB3C4BD43, 0xABCBFD8E, 0x83DA3D70, 0x9BD57DBD, - 0xD3F81425, 0xCBF754E8, 0xE3E69416, 0xFBE9D4DB, - 0x73BC468F, 0x6BB30642, 0x43A2C6BC, 0x5BAD8671, - 0x1380EFE9, 0x0B8FAF24, 0x239E6FDA, 0x3B912F17, - 0x9A34E272, 0x823BA2BF, 0xAA2A6241, 0xB225228C, - 0xFA084B14, 0xE2070BD9, 0xCA16CB27, 0xD2198BEA, - 0x5A4C19BE, 0x42435973, 0x6A52998D, 0x725DD940, - 0x3A70B0D8, 0x227FF015, 0x0A6E30EB, 0x12617026, - 0x451FD6E5, 0x5D109628, 0x750156D6, 0x6D0E161B, - 0x25237F83, 0x3D2C3F4E, 0x153DFFB0, 0x0D32BF7D, - 0x85672D29, 0x9D686DE4, 0xB579AD1A, 0xAD76EDD7, - 0xE55B844F, 0xFD54C482, 0xD545047C, 0xCD4A44B1, - 0x6CEF89D4, 0x74E0C919, 0x5CF109E7, 0x44FE492A, - 0x0CD320B2, 0x14DC607F, 0x3CCDA081, 0x24C2E04C, - 0xAC977218, 0xB49832D5, 0x9C89F22B, 0x8486B2E6, - 0xCCABDB7E, 0xD4A49BB3, 0xFCB55B4D, 0xE4BA1B80, - 0x17566887, 0x0F59284A, 0x2748E8B4, 0x3F47A879, - 0x776AC1E1, 0x6F65812C, 0x477441D2, 0x5F7B011F, - 0xD72E934B, 0xCF21D386, 0xE7301378, 0xFF3F53B5, - 0xB7123A2D, 0xAF1D7AE0, 0x870CBA1E, 0x9F03FAD3, - 0x3EA637B6, 0x26A9777B, 0x0EB8B785, 0x16B7F748, - 0x5E9A9ED0, 0x4695DE1D, 0x6E841EE3, 0x768B5E2E, - 0xFEDECC7A, 0xE6D18CB7, 0xCEC04C49, 0xD6CF0C84, - 0x9EE2651C, 0x86ED25D1, 0xAEFCE52F, 0xB6F3A5E2 -}; -} - -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 -unsigned int SosemanukPolicy::GetAlignment() const -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#ifdef __INTEL_COMPILER - if (HasSSE2() && !IsP4()) // Intel compiler produces faster code for this algorithm on the P4 -#else - if (HasSSE2()) -#endif - return 16; - else -#endif - return GetAlignmentOf<word32>(); -} - -unsigned int SosemanukPolicy::GetOptimalBlockSize() const -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#ifdef __INTEL_COMPILER - if (HasSSE2() && !IsP4()) // Intel compiler produces faster code for this algorithm on the P4 -#else - if (HasSSE2()) -#endif - return 4*BYTES_PER_ITERATION; - else -#endif - return BYTES_PER_ITERATION; -} -#endif - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE -extern "C" { -void Sosemanuk_OperateKeystream(size_t iterationCount, const byte *input, byte *output, word32 *state); -} -#endif - -#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code - -void SosemanukPolicy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) -{ -#endif // #ifdef CRYPTOPP_GENERATE_X64_MASM - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE - Sosemanuk_OperateKeystream(iterationCount, input, output, m_state.data()); - return; -#endif - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#ifdef CRYPTOPP_GENERATE_X64_MASM - ALIGN 8 - Sosemanuk_OperateKeystream PROC FRAME - rex_push_reg rsi - push_reg rdi - alloc_stack(80*4*2+12*4+8*WORD_SZ + 2*16+8) - save_xmm128 xmm6, 02f0h - save_xmm128 xmm7, 0300h - .endprolog - mov rdi, r8 - mov rax, r9 -#else -#ifdef __INTEL_COMPILER - if (HasSSE2() && !IsP4()) // Intel compiler produces faster code for this algorithm on the P4 -#else - if (HasSSE2()) -#endif - { -#ifdef __GNUC__ - #if CRYPTOPP_BOOL_X64 - FixedSizeAlignedSecBlock<byte, 80*4*2+12*4+8*WORD_SZ> workspace; - #endif - __asm__ __volatile__ - ( - ".intel_syntax noprefix;" - AS_PUSH_IF86( bx) -#else - word32 *state = m_state; - AS2( mov WORD_REG(ax), state) - AS2( mov WORD_REG(di), output) - AS2( mov WORD_REG(dx), input) - AS2( mov WORD_REG(cx), iterationCount) -#endif -#endif // #ifdef CRYPTOPP_GENERATE_X64_MASM - -#if defined(__GNUC__) && CRYPTOPP_BOOL_X64 - #define SSE2_workspace %5 -#else - #define SSE2_workspace WORD_REG(sp) -#endif - -#define SSE2_output WORD_PTR [SSE2_workspace+1*WORD_SZ] -#define SSE2_input WORD_PTR [SSE2_workspace+2*WORD_SZ] -#define SSE2_wordsLeft WORD_PTR [SSE2_workspace+3*WORD_SZ] -#define SSE2_diEnd WORD_PTR [SSE2_workspace+4*WORD_SZ] -#define SSE2_pMulTables WORD_PTR [SSE2_workspace+5*WORD_SZ] -#define SSE2_state WORD_PTR [SSE2_workspace+6*WORD_SZ] -#define SSE2_wordsLeft2 WORD_PTR [SSE2_workspace+7*WORD_SZ] -#define SSE2_stateCopy SSE2_workspace + 8*WORD_SZ -#define SSE2_uvStart SSE2_stateCopy + 12*4 - -#if CRYPTOPP_BOOL_X86 - AS_PUSH_IF86( bp) - AS2( mov AS_REG_6, esp) - AS2( and esp, -16) - AS2( sub esp, 80*4*2+12*4+8*WORD_SZ) // 80 v's, 80 u's, 12 state, 8 locals - AS2( mov [esp], AS_REG_6) -#endif - AS2( mov SSE2_output, WORD_REG(di)) - AS2( mov SSE2_input, WORD_REG(dx)) - AS2( mov SSE2_state, WORD_REG(ax)) -#ifndef _MSC_VER - AS2( mov SSE2_pMulTables, WORD_REG(si)) -#endif - AS2( lea WORD_REG(cx), [4*WORD_REG(cx)+WORD_REG(cx)]) - AS2( lea WORD_REG(si), [4*WORD_REG(cx)]) - AS2( mov SSE2_wordsLeft, WORD_REG(si)) - AS2( movdqa xmm0, [WORD_REG(ax)+0*16]) // copy state to stack to save a register - AS2( movdqa [SSE2_stateCopy+0*16], xmm0) - AS2( movdqa xmm0, [WORD_REG(ax)+1*16]) - AS2( movdqa [SSE2_stateCopy+1*16], xmm0) - AS2( movq xmm0, QWORD PTR [WORD_REG(ax)+2*16]) - AS2( movq QWORD PTR [SSE2_stateCopy+2*16], xmm0) - AS2( psrlq xmm0, 32) - AS2( movd AS_REG_6d, xmm0) // s(9) - AS2( mov ecx, [WORD_REG(ax)+10*4]) - AS2( mov edx, [WORD_REG(ax)+11*4]) - AS2( pcmpeqb xmm7, xmm7) // all ones - -#define s(i) SSE2_stateCopy + ASM_MOD(i,10)*4 -#define u(j) WORD_REG(di) + (ASM_MOD(j,4)*20 + (j/4)) * 4 -#define v(j) WORD_REG(di) + (ASM_MOD(j,4)*20 + (j/4)) * 4 + 80*4 - -#define R10 ecx -#define R11 edx -#define R20 edx -#define R21 ecx -// workaround bug in GAS 2.15 -#define R20r WORD_REG(dx) -#define R21r WORD_REG(cx) - -#define SSE2_STEP(i, j) \ - AS2( mov eax, [s(i+0)])\ - AS2( mov [v(i)], eax)\ - AS2( rol eax, 8)\ - AS2( lea AS_REG_7, [AS_REG_6 + R2##j##r])\ - AS2( xor AS_REG_7d, R1##j)\ - AS2( mov [u(i)], AS_REG_7d)\ - AS2( mov AS_REG_7d, 1)\ - AS2( and AS_REG_7d, R2##j)\ - AS1( neg AS_REG_7d)\ - AS2( and AS_REG_7d, AS_REG_6d)\ - AS2( xor AS_REG_6d, eax)\ - AS2( movzx eax, al)\ - AS2( xor AS_REG_6d, [WORD_REG(si)+WORD_REG(ax)*4])\ - AS2( mov eax, [s(i+3)])\ - AS2( xor AS_REG_7d, [s(i+2)])\ - AS2( add R1##j, AS_REG_7d)\ - AS2( movzx AS_REG_7d, al)\ - AS2( shr eax, 8)\ - AS2( xor AS_REG_6d, [WORD_REG(si)+1024+AS_REG_7*4])\ - AS2( xor AS_REG_6d, eax)\ - AS2( imul R2##j, AS_HEX(54655307))\ - AS2( rol R2##j, 7)\ - AS2( mov [s(i+0)], AS_REG_6d)\ - - ASL(2) // outer loop, each iteration of this processes 80 words - AS2( lea WORD_REG(di), [SSE2_uvStart]) // start of v and u - AS2( mov WORD_REG(ax), 80) - AS2( cmp WORD_REG(si), 80) - AS2( cmovg WORD_REG(si), WORD_REG(ax)) - AS2( mov SSE2_wordsLeft2, WORD_REG(si)) - AS2( lea WORD_REG(si), [WORD_REG(di)+WORD_REG(si)]) // use to end first inner loop - AS2( mov SSE2_diEnd, WORD_REG(si)) -#ifdef _MSC_VER - AS2( lea WORD_REG(si), s_sosemanukMulTables) -#else - AS2( mov WORD_REG(si), SSE2_pMulTables) -#endif - - ASL(0) // first inner loop, 20 words each, 4 iterations - SSE2_STEP(0, 0) - SSE2_STEP(1, 1) - SSE2_STEP(2, 0) - SSE2_STEP(3, 1) - SSE2_STEP(4, 0) - SSE2_STEP(5, 1) - SSE2_STEP(6, 0) - SSE2_STEP(7, 1) - SSE2_STEP(8, 0) - SSE2_STEP(9, 1) - SSE2_STEP(10, 0) - SSE2_STEP(11, 1) - SSE2_STEP(12, 0) - SSE2_STEP(13, 1) - SSE2_STEP(14, 0) - SSE2_STEP(15, 1) - SSE2_STEP(16, 0) - SSE2_STEP(17, 1) - SSE2_STEP(18, 0) - SSE2_STEP(19, 1) - // loop - AS2( add WORD_REG(di), 5*4) - AS2( cmp WORD_REG(di), SSE2_diEnd) - ASJ( jne, 0, b) - - AS2( mov WORD_REG(ax), SSE2_input) - AS2( mov AS_REG_7, SSE2_output) - AS2( lea WORD_REG(di), [SSE2_uvStart]) // start of v and u - AS2( mov WORD_REG(si), SSE2_wordsLeft2) - - ASL(1) // second inner loop, 16 words each, 5 iterations - AS2( movdqa xmm0, [WORD_REG(di)+0*20*4]) - AS2( movdqa xmm2, [WORD_REG(di)+2*20*4]) - AS2( movdqa xmm3, [WORD_REG(di)+3*20*4]) - AS2( movdqa xmm1, [WORD_REG(di)+1*20*4]) - // S2 - AS2( movdqa xmm4, xmm0) - AS2( pand xmm0, xmm2) - AS2( pxor xmm0, xmm3) - AS2( pxor xmm2, xmm1) - AS2( pxor xmm2, xmm0) - AS2( por xmm3, xmm4) - AS2( pxor xmm3, xmm1) - AS2( pxor xmm4, xmm2) - AS2( movdqa xmm1, xmm3) - AS2( por xmm3, xmm4) - AS2( pxor xmm3, xmm0) - AS2( pand xmm0, xmm1) - AS2( pxor xmm4, xmm0) - AS2( pxor xmm1, xmm3) - AS2( pxor xmm1, xmm4) - AS2( pxor xmm4, xmm7) - // xor with v - AS2( pxor xmm2, [WORD_REG(di)+80*4]) - AS2( pxor xmm3, [WORD_REG(di)+80*5]) - AS2( pxor xmm1, [WORD_REG(di)+80*6]) - AS2( pxor xmm4, [WORD_REG(di)+80*7]) - // exit loop early if less than 16 words left to output - // this is necessary because block size is 20 words, and we output 16 words in each iteration of this loop - AS2( cmp WORD_REG(si), 16) - ASJ( jl, 4, f) - // unpack - AS2( movdqa xmm6, xmm2) - AS2( punpckldq xmm2, xmm3) - AS2( movdqa xmm5, xmm1) - AS2( punpckldq xmm1, xmm4) - AS2( movdqa xmm0, xmm2) - AS2( punpcklqdq xmm2, xmm1) - AS2( punpckhqdq xmm0, xmm1) - AS2( punpckhdq xmm6, xmm3) - AS2( punpckhdq xmm5, xmm4) - AS2( movdqa xmm3, xmm6) - AS2( punpcklqdq xmm6, xmm5) - AS2( punpckhqdq xmm3, xmm5) - // output keystream - AS_XMM_OUTPUT4(SSE2_Sosemanuk_Output, WORD_REG(ax), AS_REG_7, 2,0,6,3, 1, 0,1,2,3, 4) - - // loop - AS2( add WORD_REG(di), 4*4) - AS2( sub WORD_REG(si), 16) - ASJ( jnz, 1, b) - - // outer loop - AS2( mov WORD_REG(si), SSE2_wordsLeft) - AS2( sub WORD_REG(si), 80) - ASJ( jz, 6, f) - AS2( mov SSE2_wordsLeft, WORD_REG(si)) - AS2( mov SSE2_input, WORD_REG(ax)) - AS2( mov SSE2_output, AS_REG_7) - ASJ( jmp, 2, b) - - ASL(4) // final output of less than 16 words - AS2( test WORD_REG(ax), WORD_REG(ax)) - ASJ( jz, 5, f) - AS2( movd xmm0, dword ptr [WORD_REG(ax)+0*4]) - AS2( pxor xmm2, xmm0) - AS2( movd xmm0, dword ptr [WORD_REG(ax)+1*4]) - AS2( pxor xmm3, xmm0) - AS2( movd xmm0, dword ptr [WORD_REG(ax)+2*4]) - AS2( pxor xmm1, xmm0) - AS2( movd xmm0, dword ptr [WORD_REG(ax)+3*4]) - AS2( pxor xmm4, xmm0) - AS2( add WORD_REG(ax), 16) - ASL(5) - AS2( movd dword ptr [AS_REG_7+0*4], xmm2) - AS2( movd dword ptr [AS_REG_7+1*4], xmm3) - AS2( movd dword ptr [AS_REG_7+2*4], xmm1) - AS2( movd dword ptr [AS_REG_7+3*4], xmm4) - AS2( sub WORD_REG(si), 4) - ASJ( jz, 6, f) - AS2( add AS_REG_7, 16) - AS2( psrldq xmm2, 4) - AS2( psrldq xmm3, 4) - AS2( psrldq xmm1, 4) - AS2( psrldq xmm4, 4) - ASJ( jmp, 4, b) - - ASL(6) // save state - AS2( mov AS_REG_6, SSE2_state) - AS2( movdqa xmm0, [SSE2_stateCopy+0*16]) - AS2( movdqa [AS_REG_6+0*16], xmm0) - AS2( movdqa xmm0, [SSE2_stateCopy+1*16]) - AS2( movdqa [AS_REG_6+1*16], xmm0) - AS2( movq xmm0, QWORD PTR [SSE2_stateCopy+2*16]) - AS2( movq QWORD PTR [AS_REG_6+2*16], xmm0) - AS2( mov [AS_REG_6+10*4], ecx) - AS2( mov [AS_REG_6+11*4], edx) - - AS_POP_IF86( sp) - AS_POP_IF86( bp) - -#ifdef __GNUC__ - AS_POP_IF86( bx) - ".att_syntax prefix;" - : - : "a" (m_state.m_ptr), "c" (iterationCount), "S" (s_sosemanukMulTables), "D" (output), "d" (input) - #if CRYPTOPP_BOOL_X64 - , "r" (workspace.m_ptr) - : "memory", "cc", "%r9", "%r10", "%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7" - #else - : "memory", "cc" - #endif - ); -#endif -#ifdef CRYPTOPP_GENERATE_X64_MASM - movdqa xmm6, [rsp + 02f0h] - movdqa xmm7, [rsp + 0300h] - add rsp, 80*4*2+12*4+8*WORD_SZ + 2*16+8 - pop rdi - pop rsi - ret - Sosemanuk_OperateKeystream ENDP -#else - } - else -#endif -#endif -#ifndef CRYPTOPP_GENERATE_X64_MASM - { -#if CRYPTOPP_BOOL_X86 | CRYPTOPP_BOOL_X64 -#define MUL_A(x) (x = rotlFixed(x, 8), x ^ s_sosemanukMulTables[byte(x)]) -#else -#define MUL_A(x) (((x) << 8) ^ s_sosemanukMulTables[(x) >> 24]) -#endif - -#define DIV_A(x) (((x) >> 8) ^ s_sosemanukMulTables[256 + byte(x)]) - -#define r1(i) ((i%2) ? reg2 : reg1) -#define r2(i) ((i%2) ? reg1 : reg2) - -#define STEP(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, v, u) \ - u = (s##x9 + r2(x0)) ^ r1(x0);\ - v = s##x0;\ - s##x0 = MUL_A(s##x0) ^ DIV_A(s##x3) ^ s##x9;\ - r1(x0) += XMUX(r2(x0), s##x2, s##x9);\ - r2(x0) = rotlFixed(r2(x0) * 0x54655307, 7);\ - -#define SOSEMANUK_OUTPUT(x) \ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 0, u2 ^ v0);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 1, u3 ^ v1);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 2, u1 ^ v2);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 3, u4 ^ v3); - -#define OUTPUT4 \ - S2(0, u0, u1, u2, u3, u4);\ - CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(SOSEMANUK_OUTPUT, 4*4); - - word32 s0 = m_state[0]; - word32 s1 = m_state[1]; - word32 s2 = m_state[2]; - word32 s3 = m_state[3]; - word32 s4 = m_state[4]; - word32 s5 = m_state[5]; - word32 s6 = m_state[6]; - word32 s7 = m_state[7]; - word32 s8 = m_state[8]; - word32 s9 = m_state[9]; - word32 reg1 = m_state[10]; - word32 reg2 = m_state[11]; - word32 u0, u1, u2, u3, u4, v0, v1, v2, v3; - - do - { - STEP(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, v0, u0) - STEP(1, 2, 3, 4, 5, 6, 7, 8, 9, 0, v1, u1) - STEP(2, 3, 4, 5, 6, 7, 8, 9, 0, 1, v2, u2) - STEP(3, 4, 5, 6, 7, 8, 9, 0, 1, 2, v3, u3) - OUTPUT4 - STEP(4, 5, 6, 7, 8, 9, 0, 1, 2, 3, v0, u0) - STEP(5, 6, 7, 8, 9, 0, 1, 2, 3, 4, v1, u1) - STEP(6, 7, 8, 9, 0, 1, 2, 3, 4, 5, v2, u2) - STEP(7, 8, 9, 0, 1, 2, 3, 4, 5, 6, v3, u3) - OUTPUT4 - STEP(8, 9, 0, 1, 2, 3, 4, 5, 6, 7, v0, u0) - STEP(9, 0, 1, 2, 3, 4, 5, 6, 7, 8, v1, u1) - STEP(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, v2, u2) - STEP(1, 2, 3, 4, 5, 6, 7, 8, 9, 0, v3, u3) - OUTPUT4 - STEP(2, 3, 4, 5, 6, 7, 8, 9, 0, 1, v0, u0) - STEP(3, 4, 5, 6, 7, 8, 9, 0, 1, 2, v1, u1) - STEP(4, 5, 6, 7, 8, 9, 0, 1, 2, 3, v2, u2) - STEP(5, 6, 7, 8, 9, 0, 1, 2, 3, 4, v3, u3) - OUTPUT4 - STEP(6, 7, 8, 9, 0, 1, 2, 3, 4, 5, v0, u0) - STEP(7, 8, 9, 0, 1, 2, 3, 4, 5, 6, v1, u1) - STEP(8, 9, 0, 1, 2, 3, 4, 5, 6, 7, v2, u2) - STEP(9, 0, 1, 2, 3, 4, 5, 6, 7, 8, v3, u3) - OUTPUT4 - } - while (--iterationCount); - - m_state[0] = s0; - m_state[1] = s1; - m_state[2] = s2; - m_state[3] = s3; - m_state[4] = s4; - m_state[5] = s5; - m_state[6] = s6; - m_state[7] = s7; - m_state[8] = s8; - m_state[9] = s9; - m_state[10] = reg1; - m_state[11] = reg2; - } -} - -NAMESPACE_END - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM diff --git a/cryptopp562/sosemanuk.h b/cryptopp562/sosemanuk.h deleted file mode 100644 index ff1d820..0000000 --- a/cryptopp562/sosemanuk.h +++ /dev/null @@ -1,40 +0,0 @@ -#ifndef CRYPTOPP_SOSEMANUK_H -#define CRYPTOPP_SOSEMANUK_H - -#include "strciphr.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! algorithm info -struct SosemanukInfo : public VariableKeyLength<16, 1, 32, 1, SimpleKeyingInterface::UNIQUE_IV, 16> -{ - static const char * StaticAlgorithmName() {return "Sosemanuk";} -}; - -//! _ -class SosemanukPolicy : public AdditiveCipherConcretePolicy<word32, 20>, public SosemanukInfo -{ -protected: - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); - bool CipherIsRandomAccess() const {return false;} -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 - unsigned int GetAlignment() const; - unsigned int GetOptimalBlockSize() const; -#endif - - FixedSizeSecBlock<word32, 25*4> m_key; - FixedSizeAlignedSecBlock<word32, 12> m_state; -}; - -//! <a href="http://www.cryptolounge.org/wiki/Sosemanuk">Sosemanuk</a> -struct Sosemanuk : public SosemanukInfo, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal<ConcretePolicyHolder<SosemanukPolicy, AdditiveCipherTemplate<> >, SosemanukInfo> Encryption; - typedef Encryption Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/square.cpp b/cryptopp562/square.cpp deleted file mode 100644 index 00e6bdd..0000000 --- a/cryptopp562/square.cpp +++ /dev/null @@ -1,177 +0,0 @@ -// square.cpp - written and placed in the public domain by Wei Dai -// Based on Paulo S.L.M. Barreto's public domain implementation - -#include "pch.h" -#include "square.h" -#include "misc.h" -#include "gf256.h" - -NAMESPACE_BEGIN(CryptoPP) - -// apply theta to a roundkey -static void SquareTransform (word32 in[4], word32 out[4]) -{ - static const byte G[4][4] = - { - 0x02U, 0x01U, 0x01U, 0x03U, - 0x03U, 0x02U, 0x01U, 0x01U, - 0x01U, 0x03U, 0x02U, 0x01U, - 0x01U, 0x01U, 0x03U, 0x02U - }; - - GF256 gf256(0xf5); - - for (int i = 0; i < 4; i++) - { - word32 temp = 0; - for (int j = 0; j < 4; j++) - for (int k = 0; k < 4; k++) - temp ^= (word32)gf256.Multiply(GETBYTE(in[i], 3-k), G[k][j]) << ((3-j)*8); - out[i] = temp; - } -} - -#define roundkeys(i, j) m_roundkeys[(i)*4+(j)] -#define roundkeys4(i) (m_roundkeys+(i)*4) - -void Square::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - static const word32 offset[ROUNDS] = { - 0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL, - 0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL, - }; - - GetUserKey(BIG_ENDIAN_ORDER, m_roundkeys.data(), KEYLENGTH/4, userKey, KEYLENGTH); - - /* apply the key evolution function */ - for (int i = 1; i < ROUNDS+1; i++) - { - roundkeys(i, 0) = roundkeys(i-1, 0) ^ rotlFixed(roundkeys(i-1, 3), 8U) ^ offset[i-1]; - roundkeys(i, 1) = roundkeys(i-1, 1) ^ roundkeys(i, 0); - roundkeys(i, 2) = roundkeys(i-1, 2) ^ roundkeys(i, 1); - roundkeys(i, 3) = roundkeys(i-1, 3) ^ roundkeys(i, 2); - } - - /* produce the round keys */ - if (IsForwardTransformation()) - { - for (int i = 0; i < ROUNDS; i++) - SquareTransform (roundkeys4(i), roundkeys4(i)); - } - else - { - for (int i = 0; i < ROUNDS/2; i++) - for (int j = 0; j < 4; j++) - std::swap(roundkeys(i, j), roundkeys(ROUNDS-i, j)); - SquareTransform (roundkeys4(ROUNDS), roundkeys4(ROUNDS)); - } -} - -#define MSB(x) (((x) >> 24) & 0xffU) /* most significant byte */ -#define SSB(x) (((x) >> 16) & 0xffU) /* second in significance */ -#define TSB(x) (((x) >> 8) & 0xffU) /* third in significance */ -#define LSB(x) (((x) ) & 0xffU) /* least significant byte */ - -#define squareRound(text, temp, T0, T1, T2, T3, roundkey) \ -{ \ - temp[0] = T0[MSB (text[0])] \ - ^ T1[MSB (text[1])] \ - ^ T2[MSB (text[2])] \ - ^ T3[MSB (text[3])] \ - ^ roundkey[0]; \ - temp[1] = T0[SSB (text[0])] \ - ^ T1[SSB (text[1])] \ - ^ T2[SSB (text[2])] \ - ^ T3[SSB (text[3])] \ - ^ roundkey[1]; \ - temp[2] = T0[TSB (text[0])] \ - ^ T1[TSB (text[1])] \ - ^ T2[TSB (text[2])] \ - ^ T3[TSB (text[3])] \ - ^ roundkey[2]; \ - temp[3] = T0[LSB (text[0])] \ - ^ T1[LSB (text[1])] \ - ^ T2[LSB (text[2])] \ - ^ T3[LSB (text[3])] \ - ^ roundkey[3]; \ -} /* squareRound */ - -#define squareFinal(text, temp, S, roundkey) \ -{ \ - text[0] = ((word32) (S[MSB (temp[0])]) << 24) \ - ^ ((word32) (S[MSB (temp[1])]) << 16) \ - ^ ((word32) (S[MSB (temp[2])]) << 8) \ - ^ (word32) (S[MSB (temp[3])]) \ - ^ roundkey[0]; \ - text[1] = ((word32) (S[SSB (temp[0])]) << 24) \ - ^ ((word32) (S[SSB (temp[1])]) << 16) \ - ^ ((word32) (S[SSB (temp[2])]) << 8) \ - ^ (word32) (S[SSB (temp[3])]) \ - ^ roundkey[1]; \ - text[2] = ((word32) (S[TSB (temp[0])]) << 24) \ - ^ ((word32) (S[TSB (temp[1])]) << 16) \ - ^ ((word32) (S[TSB (temp[2])]) << 8) \ - ^ (word32) (S[TSB (temp[3])]) \ - ^ roundkey[2]; \ - text[3] = ((word32) (S[LSB (temp[0])]) << 24) \ - ^ ((word32) (S[LSB (temp[1])]) << 16) \ - ^ ((word32) (S[LSB (temp[2])]) << 8) \ - ^ (word32) (S[LSB (temp[3])]) \ - ^ roundkey[3]; \ -} /* squareFinal */ - -typedef BlockGetAndPut<word32, BigEndian> Block; - -void Square::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 text[4], temp[4]; - Block::Get(inBlock)(text[0])(text[1])(text[2])(text[3]); - - /* initial key addition */ - text[0] ^= roundkeys(0, 0); - text[1] ^= roundkeys(0, 1); - text[2] ^= roundkeys(0, 2); - text[3] ^= roundkeys(0, 3); - - /* ROUNDS - 1 full rounds */ - for (int i=1; i+1<ROUNDS; i+=2) - { - squareRound (text, temp, Te[0], Te[1], Te[2], Te[3], roundkeys4(i)); - squareRound (temp, text, Te[0], Te[1], Te[2], Te[3], roundkeys4(i+1)); - } - squareRound (text, temp, Te[0], Te[1], Te[2], Te[3], roundkeys4(ROUNDS-1)); - - /* last round (diffusion becomes only transposition) */ - squareFinal (text, temp, Se, roundkeys4(ROUNDS)); - - Block::Put(xorBlock, outBlock)(text[0])(text[1])(text[2])(text[3]); -} - -void Square::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 text[4], temp[4]; - Block::Get(inBlock)(text[0])(text[1])(text[2])(text[3]); - - /* initial key addition */ - text[0] ^= roundkeys(0, 0); - text[1] ^= roundkeys(0, 1); - text[2] ^= roundkeys(0, 2); - text[3] ^= roundkeys(0, 3); - - /* ROUNDS - 1 full rounds */ - for (int i=1; i+1<ROUNDS; i+=2) - { - squareRound (text, temp, Td[0], Td[1], Td[2], Td[3], roundkeys4(i)); - squareRound (temp, text, Td[0], Td[1], Td[2], Td[3], roundkeys4(i+1)); - } - squareRound (text, temp, Td[0], Td[1], Td[2], Td[3], roundkeys4(ROUNDS-1)); - - /* last round (diffusion becomes only transposition) */ - squareFinal (text, temp, Sd, roundkeys4(ROUNDS)); - - Block::Put(xorBlock, outBlock)(text[0])(text[1])(text[2])(text[3]); -} - -NAMESPACE_END diff --git a/cryptopp562/square.h b/cryptopp562/square.h deleted file mode 100644 index d7e23c2..0000000 --- a/cryptopp562/square.h +++ /dev/null @@ -1,58 +0,0 @@ -#ifndef CRYPTOPP_SQUARE_H -#define CRYPTOPP_SQUARE_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Square_Info : public FixedBlockSize<16>, public FixedKeyLength<16>, FixedRounds<8> -{ - static const char *StaticAlgorithmName() {return "Square";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#Square">Square</a> -class Square : public Square_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<Square_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - FixedSizeSecBlock<word32, 4*(ROUNDS+1)> m_roundkeys; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - private: - static const byte Se[256]; - static const word32 Te[4][256]; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - private: - static const byte Sd[256]; - static const word32 Td[4][256]; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef Square::Encryption SquareEncryption; -typedef Square::Decryption SquareDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/squaretb.cpp b/cryptopp562/squaretb.cpp deleted file mode 100644 index bc3bee7..0000000 --- a/cryptopp562/squaretb.cpp +++ /dev/null @@ -1,582 +0,0 @@ -#include "pch.h" -#include "square.h" - -NAMESPACE_BEGIN(CryptoPP) - -const byte Square::Enc::Se[256] = { -177, 206, 195, 149, 90, 173, 231, 2, 77, 68, 251, 145, 12, 135, 161, 80, -203, 103, 84, 221, 70, 143, 225, 78, 240, 253, 252, 235, 249, 196, 26, 110, - 94, 245, 204, 141, 28, 86, 67, 254, 7, 97, 248, 117, 89, 255, 3, 34, -138, 209, 19, 238, 136, 0, 14, 52, 21, 128, 148, 227, 237, 181, 83, 35, - 75, 71, 23, 167, 144, 53, 171, 216, 184, 223, 79, 87, 154, 146, 219, 27, - 60, 200, 153, 4, 142, 224, 215, 125, 133, 187, 64, 44, 58, 69, 241, 66, -101, 32, 65, 24, 114, 37, 147, 112, 54, 5, 242, 11, 163, 121, 236, 8, - 39, 49, 50, 182, 124, 176, 10, 115, 91, 123, 183, 129, 210, 13, 106, 38, -158, 88, 156, 131, 116, 179, 172, 48, 122, 105, 119, 15, 174, 33, 222, 208, - 46, 151, 16, 164, 152, 168, 212, 104, 45, 98, 41, 109, 22, 73, 118, 199, -232, 193, 150, 55, 229, 202, 244, 233, 99, 18, 194, 166, 20, 188, 211, 40, -175, 47, 230, 36, 82, 198, 160, 9, 189, 140, 207, 93, 17, 95, 1, 197, -159, 61, 162, 155, 201, 59, 190, 81, 25, 31, 63, 92, 178, 239, 74, 205, -191, 186, 111, 100, 217, 243, 62, 180, 170, 220, 213, 6, 192, 126, 246, 102, -108, 132, 113, 56, 185, 29, 127, 157, 72, 139, 42, 218, 165, 51, 130, 57, -214, 120, 134, 250, 228, 43, 169, 30, 137, 96, 107, 234, 85, 76, 247, 226, -}; - -const byte Square::Dec::Sd[256] = { - 53, 190, 7, 46, 83, 105, 219, 40, 111, 183, 118, 107, 12, 125, 54, 139, -146, 188, 169, 50, 172, 56, 156, 66, 99, 200, 30, 79, 36, 229, 247, 201, - 97, 141, 47, 63, 179, 101, 127, 112, 175, 154, 234, 245, 91, 152, 144, 177, -135, 113, 114, 237, 55, 69, 104, 163, 227, 239, 92, 197, 80, 193, 214, 202, - 90, 98, 95, 38, 9, 93, 20, 65, 232, 157, 206, 64, 253, 8, 23, 74, - 15, 199, 180, 62, 18, 252, 37, 75, 129, 44, 4, 120, 203, 187, 32, 189, -249, 41, 153, 168, 211, 96, 223, 17, 151, 137, 126, 250, 224, 155, 31, 210, -103, 226, 100, 119, 132, 43, 158, 138, 241, 109, 136, 121, 116, 87, 221, 230, - 57, 123, 238, 131, 225, 88, 242, 13, 52, 248, 48, 233, 185, 35, 84, 21, - 68, 11, 77, 102, 58, 3, 162, 145, 148, 82, 76, 195, 130, 231, 128, 192, -182, 14, 194, 108, 147, 236, 171, 67, 149, 246, 216, 70, 134, 5, 140, 176, -117, 0, 204, 133, 215, 61, 115, 122, 72, 228, 209, 89, 173, 184, 198, 208, -220, 161, 170, 2, 29, 191, 181, 159, 81, 196, 165, 16, 34, 207, 1, 186, -143, 49, 124, 174, 150, 218, 240, 86, 71, 212, 235, 78, 217, 19, 142, 73, - 85, 22, 255, 59, 244, 164, 178, 6, 160, 167, 251, 27, 110, 60, 51, 205, - 24, 94, 106, 213, 166, 33, 222, 254, 42, 28, 243, 10, 26, 25, 39, 45, -}; - -const word32 Square::Enc::Te[4][256] = { -{ -0x97b1b126UL, 0x69cecea7UL, 0x73c3c3b0UL, 0xdf95954aUL, -0xb45a5aeeUL, 0xafadad02UL, 0x3be7e7dcUL, 0x04020206UL, -0x9a4d4dd7UL, 0x884444ccUL, 0x03fbfbf8UL, 0xd7919146UL, -0x180c0c14UL, 0xfb87877cUL, 0xb7a1a116UL, 0xa05050f0UL, -0x63cbcba8UL, 0xce6767a9UL, 0xa85454fcUL, 0x4fdddd92UL, -0x8c4646caUL, 0xeb8f8f64UL, 0x37e1e1d6UL, 0x9c4e4ed2UL, -0x15f0f0e5UL, 0x0ffdfdf2UL, 0x0dfcfcf1UL, 0x23ebebc8UL, -0x07f9f9feUL, 0x7dc4c4b9UL, 0x341a1a2eUL, 0xdc6e6eb2UL, -0xbc5e5ee2UL, 0x1ff5f5eaUL, 0x6dcccca1UL, 0xef8d8d62UL, -0x381c1c24UL, 0xac5656faUL, 0x864343c5UL, 0x09fefef7UL, -0x0e070709UL, 0xc26161a3UL, 0x05f8f8fdUL, 0xea75759fUL, -0xb25959ebUL, 0x0bfffff4UL, 0x06030305UL, 0x44222266UL, -0xe18a8a6bUL, 0x57d1d186UL, 0x26131335UL, 0x29eeeec7UL, -0xe588886dUL, 0x00000000UL, 0x1c0e0e12UL, 0x6834345cUL, -0x2a15153fUL, 0xf5808075UL, 0xdd949449UL, 0x33e3e3d0UL, -0x2fededc2UL, 0x9fb5b52aUL, 0xa65353f5UL, 0x46232365UL, -0x964b4bddUL, 0x8e4747c9UL, 0x2e171739UL, 0xbba7a71cUL, -0xd5909045UL, 0x6a35355fUL, 0xa3abab08UL, 0x45d8d89dUL, -0x85b8b83dUL, 0x4bdfdf94UL, 0x9e4f4fd1UL, 0xae5757f9UL, -0xc19a9a5bUL, 0xd1929243UL, 0x43dbdb98UL, 0x361b1b2dUL, -0x783c3c44UL, 0x65c8c8adUL, 0xc799995eUL, 0x0804040cUL, -0xe98e8e67UL, 0x35e0e0d5UL, 0x5bd7d78cUL, 0xfa7d7d87UL, -0xff85857aUL, 0x83bbbb38UL, 0x804040c0UL, 0x582c2c74UL, -0x743a3a4eUL, 0x8a4545cfUL, 0x17f1f1e6UL, 0x844242c6UL, -0xca6565afUL, 0x40202060UL, 0x824141c3UL, 0x30181828UL, -0xe4727296UL, 0x4a25256fUL, 0xd3939340UL, 0xe0707090UL, -0x6c36365aUL, 0x0a05050fUL, 0x11f2f2e3UL, 0x160b0b1dUL, -0xb3a3a310UL, 0xf279798bUL, 0x2dececc1UL, 0x10080818UL, -0x4e272769UL, 0x62313153UL, 0x64323256UL, 0x99b6b62fUL, -0xf87c7c84UL, 0x95b0b025UL, 0x140a0a1eUL, 0xe6737395UL, -0xb65b5bedUL, 0xf67b7b8dUL, 0x9bb7b72cUL, 0xf7818176UL, -0x51d2d283UL, 0x1a0d0d17UL, 0xd46a6abeUL, 0x4c26266aUL, -0xc99e9e57UL, 0xb05858e8UL, 0xcd9c9c51UL, 0xf3838370UL, -0xe874749cUL, 0x93b3b320UL, 0xadacac01UL, 0x60303050UL, -0xf47a7a8eUL, 0xd26969bbUL, 0xee777799UL, 0x1e0f0f11UL, -0xa9aeae07UL, 0x42212163UL, 0x49dede97UL, 0x55d0d085UL, -0x5c2e2e72UL, 0xdb97974cUL, 0x20101030UL, 0xbda4a419UL, -0xc598985dUL, 0xa5a8a80dUL, 0x5dd4d489UL, 0xd06868b8UL, -0x5a2d2d77UL, 0xc46262a6UL, 0x5229297bUL, 0xda6d6db7UL, -0x2c16163aUL, 0x924949dbUL, 0xec76769aUL, 0x7bc7c7bcUL, -0x25e8e8cdUL, 0x77c1c1b6UL, 0xd996964fUL, 0x6e373759UL, -0x3fe5e5daUL, 0x61cacaabUL, 0x1df4f4e9UL, 0x27e9e9ceUL, -0xc66363a5UL, 0x24121236UL, 0x71c2c2b3UL, 0xb9a6a61fUL, -0x2814143cUL, 0x8dbcbc31UL, 0x53d3d380UL, 0x50282878UL, -0xabafaf04UL, 0x5e2f2f71UL, 0x39e6e6dfUL, 0x4824246cUL, -0xa45252f6UL, 0x79c6c6bfUL, 0xb5a0a015UL, 0x1209091bUL, -0x8fbdbd32UL, 0xed8c8c61UL, 0x6bcfcfa4UL, 0xba5d5de7UL, -0x22111133UL, 0xbe5f5fe1UL, 0x02010103UL, 0x7fc5c5baUL, -0xcb9f9f54UL, 0x7a3d3d47UL, 0xb1a2a213UL, 0xc39b9b58UL, -0x67c9c9aeUL, 0x763b3b4dUL, 0x89bebe37UL, 0xa25151f3UL, -0x3219192bUL, 0x3e1f1f21UL, 0x7e3f3f41UL, 0xb85c5ce4UL, -0x91b2b223UL, 0x2befefc4UL, 0x944a4adeUL, 0x6fcdcda2UL, -0x8bbfbf34UL, 0x81baba3bUL, 0xde6f6fb1UL, 0xc86464acUL, -0x47d9d99eUL, 0x13f3f3e0UL, 0x7c3e3e42UL, 0x9db4b429UL, -0xa1aaaa0bUL, 0x4ddcdc91UL, 0x5fd5d58aUL, 0x0c06060aUL, -0x75c0c0b5UL, 0xfc7e7e82UL, 0x19f6f6efUL, 0xcc6666aaUL, -0xd86c6cb4UL, 0xfd848479UL, 0xe2717193UL, 0x70383848UL, -0x87b9b93eUL, 0x3a1d1d27UL, 0xfe7f7f81UL, 0xcf9d9d52UL, -0x904848d8UL, 0xe38b8b68UL, 0x542a2a7eUL, 0x41dada9bUL, -0xbfa5a51aUL, 0x66333355UL, 0xf1828273UL, 0x7239394bUL, -0x59d6d68fUL, 0xf0787888UL, 0xf986867fUL, 0x01fafafbUL, -0x3de4e4d9UL, 0x562b2b7dUL, 0xa7a9a90eUL, 0x3c1e1e22UL, -0xe789896eUL, 0xc06060a0UL, 0xd66b6bbdUL, 0x21eaeacbUL, -0xaa5555ffUL, 0x984c4cd4UL, 0x1bf7f7ecUL, 0x31e2e2d3UL, -}, - -{ -0x2697b1b1UL, 0xa769ceceUL, 0xb073c3c3UL, 0x4adf9595UL, -0xeeb45a5aUL, 0x02afadadUL, 0xdc3be7e7UL, 0x06040202UL, -0xd79a4d4dUL, 0xcc884444UL, 0xf803fbfbUL, 0x46d79191UL, -0x14180c0cUL, 0x7cfb8787UL, 0x16b7a1a1UL, 0xf0a05050UL, -0xa863cbcbUL, 0xa9ce6767UL, 0xfca85454UL, 0x924fddddUL, -0xca8c4646UL, 0x64eb8f8fUL, 0xd637e1e1UL, 0xd29c4e4eUL, -0xe515f0f0UL, 0xf20ffdfdUL, 0xf10dfcfcUL, 0xc823ebebUL, -0xfe07f9f9UL, 0xb97dc4c4UL, 0x2e341a1aUL, 0xb2dc6e6eUL, -0xe2bc5e5eUL, 0xea1ff5f5UL, 0xa16dccccUL, 0x62ef8d8dUL, -0x24381c1cUL, 0xfaac5656UL, 0xc5864343UL, 0xf709fefeUL, -0x090e0707UL, 0xa3c26161UL, 0xfd05f8f8UL, 0x9fea7575UL, -0xebb25959UL, 0xf40bffffUL, 0x05060303UL, 0x66442222UL, -0x6be18a8aUL, 0x8657d1d1UL, 0x35261313UL, 0xc729eeeeUL, -0x6de58888UL, 0x00000000UL, 0x121c0e0eUL, 0x5c683434UL, -0x3f2a1515UL, 0x75f58080UL, 0x49dd9494UL, 0xd033e3e3UL, -0xc22fededUL, 0x2a9fb5b5UL, 0xf5a65353UL, 0x65462323UL, -0xdd964b4bUL, 0xc98e4747UL, 0x392e1717UL, 0x1cbba7a7UL, -0x45d59090UL, 0x5f6a3535UL, 0x08a3ababUL, 0x9d45d8d8UL, -0x3d85b8b8UL, 0x944bdfdfUL, 0xd19e4f4fUL, 0xf9ae5757UL, -0x5bc19a9aUL, 0x43d19292UL, 0x9843dbdbUL, 0x2d361b1bUL, -0x44783c3cUL, 0xad65c8c8UL, 0x5ec79999UL, 0x0c080404UL, -0x67e98e8eUL, 0xd535e0e0UL, 0x8c5bd7d7UL, 0x87fa7d7dUL, -0x7aff8585UL, 0x3883bbbbUL, 0xc0804040UL, 0x74582c2cUL, -0x4e743a3aUL, 0xcf8a4545UL, 0xe617f1f1UL, 0xc6844242UL, -0xafca6565UL, 0x60402020UL, 0xc3824141UL, 0x28301818UL, -0x96e47272UL, 0x6f4a2525UL, 0x40d39393UL, 0x90e07070UL, -0x5a6c3636UL, 0x0f0a0505UL, 0xe311f2f2UL, 0x1d160b0bUL, -0x10b3a3a3UL, 0x8bf27979UL, 0xc12dececUL, 0x18100808UL, -0x694e2727UL, 0x53623131UL, 0x56643232UL, 0x2f99b6b6UL, -0x84f87c7cUL, 0x2595b0b0UL, 0x1e140a0aUL, 0x95e67373UL, -0xedb65b5bUL, 0x8df67b7bUL, 0x2c9bb7b7UL, 0x76f78181UL, -0x8351d2d2UL, 0x171a0d0dUL, 0xbed46a6aUL, 0x6a4c2626UL, -0x57c99e9eUL, 0xe8b05858UL, 0x51cd9c9cUL, 0x70f38383UL, -0x9ce87474UL, 0x2093b3b3UL, 0x01adacacUL, 0x50603030UL, -0x8ef47a7aUL, 0xbbd26969UL, 0x99ee7777UL, 0x111e0f0fUL, -0x07a9aeaeUL, 0x63422121UL, 0x9749dedeUL, 0x8555d0d0UL, -0x725c2e2eUL, 0x4cdb9797UL, 0x30201010UL, 0x19bda4a4UL, -0x5dc59898UL, 0x0da5a8a8UL, 0x895dd4d4UL, 0xb8d06868UL, -0x775a2d2dUL, 0xa6c46262UL, 0x7b522929UL, 0xb7da6d6dUL, -0x3a2c1616UL, 0xdb924949UL, 0x9aec7676UL, 0xbc7bc7c7UL, -0xcd25e8e8UL, 0xb677c1c1UL, 0x4fd99696UL, 0x596e3737UL, -0xda3fe5e5UL, 0xab61cacaUL, 0xe91df4f4UL, 0xce27e9e9UL, -0xa5c66363UL, 0x36241212UL, 0xb371c2c2UL, 0x1fb9a6a6UL, -0x3c281414UL, 0x318dbcbcUL, 0x8053d3d3UL, 0x78502828UL, -0x04abafafUL, 0x715e2f2fUL, 0xdf39e6e6UL, 0x6c482424UL, -0xf6a45252UL, 0xbf79c6c6UL, 0x15b5a0a0UL, 0x1b120909UL, -0x328fbdbdUL, 0x61ed8c8cUL, 0xa46bcfcfUL, 0xe7ba5d5dUL, -0x33221111UL, 0xe1be5f5fUL, 0x03020101UL, 0xba7fc5c5UL, -0x54cb9f9fUL, 0x477a3d3dUL, 0x13b1a2a2UL, 0x58c39b9bUL, -0xae67c9c9UL, 0x4d763b3bUL, 0x3789bebeUL, 0xf3a25151UL, -0x2b321919UL, 0x213e1f1fUL, 0x417e3f3fUL, 0xe4b85c5cUL, -0x2391b2b2UL, 0xc42befefUL, 0xde944a4aUL, 0xa26fcdcdUL, -0x348bbfbfUL, 0x3b81babaUL, 0xb1de6f6fUL, 0xacc86464UL, -0x9e47d9d9UL, 0xe013f3f3UL, 0x427c3e3eUL, 0x299db4b4UL, -0x0ba1aaaaUL, 0x914ddcdcUL, 0x8a5fd5d5UL, 0x0a0c0606UL, -0xb575c0c0UL, 0x82fc7e7eUL, 0xef19f6f6UL, 0xaacc6666UL, -0xb4d86c6cUL, 0x79fd8484UL, 0x93e27171UL, 0x48703838UL, -0x3e87b9b9UL, 0x273a1d1dUL, 0x81fe7f7fUL, 0x52cf9d9dUL, -0xd8904848UL, 0x68e38b8bUL, 0x7e542a2aUL, 0x9b41dadaUL, -0x1abfa5a5UL, 0x55663333UL, 0x73f18282UL, 0x4b723939UL, -0x8f59d6d6UL, 0x88f07878UL, 0x7ff98686UL, 0xfb01fafaUL, -0xd93de4e4UL, 0x7d562b2bUL, 0x0ea7a9a9UL, 0x223c1e1eUL, -0x6ee78989UL, 0xa0c06060UL, 0xbdd66b6bUL, 0xcb21eaeaUL, -0xffaa5555UL, 0xd4984c4cUL, 0xec1bf7f7UL, 0xd331e2e2UL, -}, - -{ -0xb12697b1UL, 0xcea769ceUL, 0xc3b073c3UL, 0x954adf95UL, -0x5aeeb45aUL, 0xad02afadUL, 0xe7dc3be7UL, 0x02060402UL, -0x4dd79a4dUL, 0x44cc8844UL, 0xfbf803fbUL, 0x9146d791UL, -0x0c14180cUL, 0x877cfb87UL, 0xa116b7a1UL, 0x50f0a050UL, -0xcba863cbUL, 0x67a9ce67UL, 0x54fca854UL, 0xdd924fddUL, -0x46ca8c46UL, 0x8f64eb8fUL, 0xe1d637e1UL, 0x4ed29c4eUL, -0xf0e515f0UL, 0xfdf20ffdUL, 0xfcf10dfcUL, 0xebc823ebUL, -0xf9fe07f9UL, 0xc4b97dc4UL, 0x1a2e341aUL, 0x6eb2dc6eUL, -0x5ee2bc5eUL, 0xf5ea1ff5UL, 0xcca16dccUL, 0x8d62ef8dUL, -0x1c24381cUL, 0x56faac56UL, 0x43c58643UL, 0xfef709feUL, -0x07090e07UL, 0x61a3c261UL, 0xf8fd05f8UL, 0x759fea75UL, -0x59ebb259UL, 0xfff40bffUL, 0x03050603UL, 0x22664422UL, -0x8a6be18aUL, 0xd18657d1UL, 0x13352613UL, 0xeec729eeUL, -0x886de588UL, 0x00000000UL, 0x0e121c0eUL, 0x345c6834UL, -0x153f2a15UL, 0x8075f580UL, 0x9449dd94UL, 0xe3d033e3UL, -0xedc22fedUL, 0xb52a9fb5UL, 0x53f5a653UL, 0x23654623UL, -0x4bdd964bUL, 0x47c98e47UL, 0x17392e17UL, 0xa71cbba7UL, -0x9045d590UL, 0x355f6a35UL, 0xab08a3abUL, 0xd89d45d8UL, -0xb83d85b8UL, 0xdf944bdfUL, 0x4fd19e4fUL, 0x57f9ae57UL, -0x9a5bc19aUL, 0x9243d192UL, 0xdb9843dbUL, 0x1b2d361bUL, -0x3c44783cUL, 0xc8ad65c8UL, 0x995ec799UL, 0x040c0804UL, -0x8e67e98eUL, 0xe0d535e0UL, 0xd78c5bd7UL, 0x7d87fa7dUL, -0x857aff85UL, 0xbb3883bbUL, 0x40c08040UL, 0x2c74582cUL, -0x3a4e743aUL, 0x45cf8a45UL, 0xf1e617f1UL, 0x42c68442UL, -0x65afca65UL, 0x20604020UL, 0x41c38241UL, 0x18283018UL, -0x7296e472UL, 0x256f4a25UL, 0x9340d393UL, 0x7090e070UL, -0x365a6c36UL, 0x050f0a05UL, 0xf2e311f2UL, 0x0b1d160bUL, -0xa310b3a3UL, 0x798bf279UL, 0xecc12decUL, 0x08181008UL, -0x27694e27UL, 0x31536231UL, 0x32566432UL, 0xb62f99b6UL, -0x7c84f87cUL, 0xb02595b0UL, 0x0a1e140aUL, 0x7395e673UL, -0x5bedb65bUL, 0x7b8df67bUL, 0xb72c9bb7UL, 0x8176f781UL, -0xd28351d2UL, 0x0d171a0dUL, 0x6abed46aUL, 0x266a4c26UL, -0x9e57c99eUL, 0x58e8b058UL, 0x9c51cd9cUL, 0x8370f383UL, -0x749ce874UL, 0xb32093b3UL, 0xac01adacUL, 0x30506030UL, -0x7a8ef47aUL, 0x69bbd269UL, 0x7799ee77UL, 0x0f111e0fUL, -0xae07a9aeUL, 0x21634221UL, 0xde9749deUL, 0xd08555d0UL, -0x2e725c2eUL, 0x974cdb97UL, 0x10302010UL, 0xa419bda4UL, -0x985dc598UL, 0xa80da5a8UL, 0xd4895dd4UL, 0x68b8d068UL, -0x2d775a2dUL, 0x62a6c462UL, 0x297b5229UL, 0x6db7da6dUL, -0x163a2c16UL, 0x49db9249UL, 0x769aec76UL, 0xc7bc7bc7UL, -0xe8cd25e8UL, 0xc1b677c1UL, 0x964fd996UL, 0x37596e37UL, -0xe5da3fe5UL, 0xcaab61caUL, 0xf4e91df4UL, 0xe9ce27e9UL, -0x63a5c663UL, 0x12362412UL, 0xc2b371c2UL, 0xa61fb9a6UL, -0x143c2814UL, 0xbc318dbcUL, 0xd38053d3UL, 0x28785028UL, -0xaf04abafUL, 0x2f715e2fUL, 0xe6df39e6UL, 0x246c4824UL, -0x52f6a452UL, 0xc6bf79c6UL, 0xa015b5a0UL, 0x091b1209UL, -0xbd328fbdUL, 0x8c61ed8cUL, 0xcfa46bcfUL, 0x5de7ba5dUL, -0x11332211UL, 0x5fe1be5fUL, 0x01030201UL, 0xc5ba7fc5UL, -0x9f54cb9fUL, 0x3d477a3dUL, 0xa213b1a2UL, 0x9b58c39bUL, -0xc9ae67c9UL, 0x3b4d763bUL, 0xbe3789beUL, 0x51f3a251UL, -0x192b3219UL, 0x1f213e1fUL, 0x3f417e3fUL, 0x5ce4b85cUL, -0xb22391b2UL, 0xefc42befUL, 0x4ade944aUL, 0xcda26fcdUL, -0xbf348bbfUL, 0xba3b81baUL, 0x6fb1de6fUL, 0x64acc864UL, -0xd99e47d9UL, 0xf3e013f3UL, 0x3e427c3eUL, 0xb4299db4UL, -0xaa0ba1aaUL, 0xdc914ddcUL, 0xd58a5fd5UL, 0x060a0c06UL, -0xc0b575c0UL, 0x7e82fc7eUL, 0xf6ef19f6UL, 0x66aacc66UL, -0x6cb4d86cUL, 0x8479fd84UL, 0x7193e271UL, 0x38487038UL, -0xb93e87b9UL, 0x1d273a1dUL, 0x7f81fe7fUL, 0x9d52cf9dUL, -0x48d89048UL, 0x8b68e38bUL, 0x2a7e542aUL, 0xda9b41daUL, -0xa51abfa5UL, 0x33556633UL, 0x8273f182UL, 0x394b7239UL, -0xd68f59d6UL, 0x7888f078UL, 0x867ff986UL, 0xfafb01faUL, -0xe4d93de4UL, 0x2b7d562bUL, 0xa90ea7a9UL, 0x1e223c1eUL, -0x896ee789UL, 0x60a0c060UL, 0x6bbdd66bUL, 0xeacb21eaUL, -0x55ffaa55UL, 0x4cd4984cUL, 0xf7ec1bf7UL, 0xe2d331e2UL, -}, - -{ -0xb1b12697UL, 0xcecea769UL, 0xc3c3b073UL, 0x95954adfUL, -0x5a5aeeb4UL, 0xadad02afUL, 0xe7e7dc3bUL, 0x02020604UL, -0x4d4dd79aUL, 0x4444cc88UL, 0xfbfbf803UL, 0x919146d7UL, -0x0c0c1418UL, 0x87877cfbUL, 0xa1a116b7UL, 0x5050f0a0UL, -0xcbcba863UL, 0x6767a9ceUL, 0x5454fca8UL, 0xdddd924fUL, -0x4646ca8cUL, 0x8f8f64ebUL, 0xe1e1d637UL, 0x4e4ed29cUL, -0xf0f0e515UL, 0xfdfdf20fUL, 0xfcfcf10dUL, 0xebebc823UL, -0xf9f9fe07UL, 0xc4c4b97dUL, 0x1a1a2e34UL, 0x6e6eb2dcUL, -0x5e5ee2bcUL, 0xf5f5ea1fUL, 0xcccca16dUL, 0x8d8d62efUL, -0x1c1c2438UL, 0x5656faacUL, 0x4343c586UL, 0xfefef709UL, -0x0707090eUL, 0x6161a3c2UL, 0xf8f8fd05UL, 0x75759feaUL, -0x5959ebb2UL, 0xfffff40bUL, 0x03030506UL, 0x22226644UL, -0x8a8a6be1UL, 0xd1d18657UL, 0x13133526UL, 0xeeeec729UL, -0x88886de5UL, 0x00000000UL, 0x0e0e121cUL, 0x34345c68UL, -0x15153f2aUL, 0x808075f5UL, 0x949449ddUL, 0xe3e3d033UL, -0xededc22fUL, 0xb5b52a9fUL, 0x5353f5a6UL, 0x23236546UL, -0x4b4bdd96UL, 0x4747c98eUL, 0x1717392eUL, 0xa7a71cbbUL, -0x909045d5UL, 0x35355f6aUL, 0xabab08a3UL, 0xd8d89d45UL, -0xb8b83d85UL, 0xdfdf944bUL, 0x4f4fd19eUL, 0x5757f9aeUL, -0x9a9a5bc1UL, 0x929243d1UL, 0xdbdb9843UL, 0x1b1b2d36UL, -0x3c3c4478UL, 0xc8c8ad65UL, 0x99995ec7UL, 0x04040c08UL, -0x8e8e67e9UL, 0xe0e0d535UL, 0xd7d78c5bUL, 0x7d7d87faUL, -0x85857affUL, 0xbbbb3883UL, 0x4040c080UL, 0x2c2c7458UL, -0x3a3a4e74UL, 0x4545cf8aUL, 0xf1f1e617UL, 0x4242c684UL, -0x6565afcaUL, 0x20206040UL, 0x4141c382UL, 0x18182830UL, -0x727296e4UL, 0x25256f4aUL, 0x939340d3UL, 0x707090e0UL, -0x36365a6cUL, 0x05050f0aUL, 0xf2f2e311UL, 0x0b0b1d16UL, -0xa3a310b3UL, 0x79798bf2UL, 0xececc12dUL, 0x08081810UL, -0x2727694eUL, 0x31315362UL, 0x32325664UL, 0xb6b62f99UL, -0x7c7c84f8UL, 0xb0b02595UL, 0x0a0a1e14UL, 0x737395e6UL, -0x5b5bedb6UL, 0x7b7b8df6UL, 0xb7b72c9bUL, 0x818176f7UL, -0xd2d28351UL, 0x0d0d171aUL, 0x6a6abed4UL, 0x26266a4cUL, -0x9e9e57c9UL, 0x5858e8b0UL, 0x9c9c51cdUL, 0x838370f3UL, -0x74749ce8UL, 0xb3b32093UL, 0xacac01adUL, 0x30305060UL, -0x7a7a8ef4UL, 0x6969bbd2UL, 0x777799eeUL, 0x0f0f111eUL, -0xaeae07a9UL, 0x21216342UL, 0xdede9749UL, 0xd0d08555UL, -0x2e2e725cUL, 0x97974cdbUL, 0x10103020UL, 0xa4a419bdUL, -0x98985dc5UL, 0xa8a80da5UL, 0xd4d4895dUL, 0x6868b8d0UL, -0x2d2d775aUL, 0x6262a6c4UL, 0x29297b52UL, 0x6d6db7daUL, -0x16163a2cUL, 0x4949db92UL, 0x76769aecUL, 0xc7c7bc7bUL, -0xe8e8cd25UL, 0xc1c1b677UL, 0x96964fd9UL, 0x3737596eUL, -0xe5e5da3fUL, 0xcacaab61UL, 0xf4f4e91dUL, 0xe9e9ce27UL, -0x6363a5c6UL, 0x12123624UL, 0xc2c2b371UL, 0xa6a61fb9UL, -0x14143c28UL, 0xbcbc318dUL, 0xd3d38053UL, 0x28287850UL, -0xafaf04abUL, 0x2f2f715eUL, 0xe6e6df39UL, 0x24246c48UL, -0x5252f6a4UL, 0xc6c6bf79UL, 0xa0a015b5UL, 0x09091b12UL, -0xbdbd328fUL, 0x8c8c61edUL, 0xcfcfa46bUL, 0x5d5de7baUL, -0x11113322UL, 0x5f5fe1beUL, 0x01010302UL, 0xc5c5ba7fUL, -0x9f9f54cbUL, 0x3d3d477aUL, 0xa2a213b1UL, 0x9b9b58c3UL, -0xc9c9ae67UL, 0x3b3b4d76UL, 0xbebe3789UL, 0x5151f3a2UL, -0x19192b32UL, 0x1f1f213eUL, 0x3f3f417eUL, 0x5c5ce4b8UL, -0xb2b22391UL, 0xefefc42bUL, 0x4a4ade94UL, 0xcdcda26fUL, -0xbfbf348bUL, 0xbaba3b81UL, 0x6f6fb1deUL, 0x6464acc8UL, -0xd9d99e47UL, 0xf3f3e013UL, 0x3e3e427cUL, 0xb4b4299dUL, -0xaaaa0ba1UL, 0xdcdc914dUL, 0xd5d58a5fUL, 0x06060a0cUL, -0xc0c0b575UL, 0x7e7e82fcUL, 0xf6f6ef19UL, 0x6666aaccUL, -0x6c6cb4d8UL, 0x848479fdUL, 0x717193e2UL, 0x38384870UL, -0xb9b93e87UL, 0x1d1d273aUL, 0x7f7f81feUL, 0x9d9d52cfUL, -0x4848d890UL, 0x8b8b68e3UL, 0x2a2a7e54UL, 0xdada9b41UL, -0xa5a51abfUL, 0x33335566UL, 0x828273f1UL, 0x39394b72UL, -0xd6d68f59UL, 0x787888f0UL, 0x86867ff9UL, 0xfafafb01UL, -0xe4e4d93dUL, 0x2b2b7d56UL, 0xa9a90ea7UL, 0x1e1e223cUL, -0x89896ee7UL, 0x6060a0c0UL, 0x6b6bbdd6UL, 0xeaeacb21UL, -0x5555ffaaUL, 0x4c4cd498UL, 0xf7f7ec1bUL, 0xe2e2d331UL, -}}; - -const word32 Square::Dec::Td[4][256] = { -{ -0xe368bc02UL, 0x5585620cUL, 0x2a3f2331UL, 0x61ab13f7UL, -0x98d46d72UL, 0x21cb9a19UL, 0x3c22a461UL, 0x459d3dcdUL, -0x05fdb423UL, 0x2bc4075fUL, 0x9b2c01c0UL, 0x3dd9800fUL, -0x486c5c74UL, 0xf97f7e85UL, 0xf173ab1fUL, 0xb6edde0eUL, -0x283c6bedUL, 0x4997781aUL, 0x9f2a918dUL, 0xc9579f33UL, -0xa907a8aaUL, 0xa50ded7dUL, 0x7c422d8fUL, 0x764db0c9UL, -0x4d91e857UL, 0xcea963ccUL, 0xb4ee96d2UL, 0x3028e1b6UL, -0x0df161b9UL, 0xbd196726UL, 0x419bad80UL, 0xc0a06ec7UL, -0x5183f241UL, 0x92dbf034UL, 0x6fa21efcUL, 0x8f32ce4cUL, -0x13e03373UL, 0x69a7c66dUL, 0xe56d6493UL, 0xbf1a2ffaUL, -0xbb1cbfb7UL, 0x587403b5UL, 0xe76e2c4fUL, 0x5d89b796UL, -0xe89c052aUL, 0x446619a3UL, 0x342e71fbUL, 0x0ff22965UL, -0xfe81827aUL, 0xb11322f1UL, 0xa30835ecUL, 0xcd510f7eUL, -0xff7aa614UL, 0x5c7293f8UL, 0x2fc29712UL, 0xf370e3c3UL, -0x992f491cUL, 0xd1431568UL, 0xc2a3261bUL, 0x88cc32b3UL, -0x8acf7a6fUL, 0xb0e8069fUL, 0x7a47f51eUL, 0xd2bb79daUL, -0xe6950821UL, 0x4398e55cUL, 0xd0b83106UL, 0x11e37bafUL, -0x7e416553UL, 0xccaa2b10UL, 0xd8b4e49cUL, 0x6456a7d4UL, -0xfb7c3659UL, 0x724b2084UL, 0xea9f4df6UL, 0x6a5faadfUL, -0x2dc1dfceUL, 0x70486858UL, 0xcaaff381UL, 0x0605d891UL, -0x5a774b69UL, 0x94de28a5UL, 0x39df1042UL, 0x813bc347UL, -0xfc82caa6UL, 0x23c8d2c5UL, 0x03f86cb2UL, 0x080cd59aUL, -0xdab7ac40UL, 0x7db909e1UL, 0x3824342cUL, 0xcf5247a2UL, -0xdcb274d1UL, 0x63a85b2bUL, 0x35d55595UL, 0x479e7511UL, -0x15e5ebe2UL, 0x4b9430c6UL, 0x4a6f14a8UL, 0x91239c86UL, -0x4c6acc39UL, 0x5f8aff4aUL, 0x0406904dUL, 0xee99ddbbUL, -0x1e1152caUL, 0xaaffc418UL, 0xeb646998UL, 0x07fefcffUL, -0x8b345e01UL, 0x567d0ebeUL, 0xbae79bd9UL, 0x4263c132UL, -0x75b5dc7bUL, 0x97264417UL, 0x67aecb66UL, 0x95250ccbUL, -0xec9a9567UL, 0x57862ad0UL, 0x60503799UL, 0xb8e4d305UL, -0x65ad83baUL, 0x19efae35UL, 0xa4f6c913UL, 0xc15b4aa9UL, -0x873e1bd6UL, 0xa0f0595eUL, 0x18148a5bUL, 0xaf02703bUL, -0xab04e076UL, 0xdd4950bfUL, 0xdf4a1863UL, 0xc6a5b656UL, -0x853d530aUL, 0xfa871237UL, 0x77b694a7UL, 0x4665517fUL, -0xed61b109UL, 0x1bece6e9UL, 0xd5458525UL, 0xf5753b52UL, -0x7fba413dUL, 0x27ce4288UL, 0xb2eb4e43UL, 0xd6bde997UL, -0x527b9ef3UL, 0x62537f45UL, 0x2c3afba0UL, 0x7bbcd170UL, -0xb91ff76bUL, 0x121b171dUL, 0xfd79eec8UL, 0x3a277cf0UL, -0x0c0a45d7UL, 0x96dd6079UL, 0x2233f6abUL, 0xacfa1c89UL, -0xc8acbb5dUL, 0xa10b7d30UL, 0xd4bea14bUL, 0xbee10b94UL, -0x25cd0a54UL, 0x547e4662UL, 0xa2f31182UL, 0x17e6a33eUL, -0x263566e6UL, 0xc3580275UL, 0x83388b9bUL, 0x7844bdc2UL, -0x020348dcUL, 0x4f92a08bUL, 0x2e39b37cUL, 0x4e6984e5UL, -0xf0888f71UL, 0x362d3927UL, 0x9cd2fd3fUL, 0x01fb246eUL, -0x893716ddUL, 0x00000000UL, 0xf68d57e0UL, 0xe293986cUL, -0x744ef815UL, 0x9320d45aUL, 0xad0138e7UL, 0xd3405db4UL, -0x1a17c287UL, 0xb3106a2dUL, 0x5078d62fUL, 0xf48e1f3cUL, -0xa70ea5a1UL, 0x71b34c36UL, 0x9ad725aeUL, 0x5e71db24UL, -0x161d8750UL, 0xef62f9d5UL, 0x8d318690UL, 0x1c121a16UL, -0xa6f581cfUL, 0x5b8c6f07UL, 0x37d61d49UL, 0x6e593a92UL, -0x84c67764UL, 0x86c53fb8UL, 0xd746cdf9UL, 0xe090d0b0UL, -0x29c74f83UL, 0xe49640fdUL, 0x0e090d0bUL, 0x6da15620UL, -0x8ec9ea22UL, 0xdb4c882eUL, 0xf776738eUL, 0xb515b2bcUL, -0x10185fc1UL, 0x322ba96aUL, 0x6ba48eb1UL, 0xaef95455UL, -0x406089eeUL, 0x6655ef08UL, 0xe9672144UL, 0x3e21ecbdUL, -0x2030be77UL, 0xf28bc7adUL, 0x80c0e729UL, 0x141ecf8cUL, -0xbce24348UL, 0xc4a6fe8aUL, 0x31d3c5d8UL, 0xb716fa60UL, -0x5380ba9dUL, 0xd94fc0f2UL, 0x1de93e78UL, 0x24362e3aUL, -0xe16bf4deUL, 0xcb54d7efUL, 0x09f7f1f4UL, 0x82c3aff5UL, -0x0bf4b928UL, 0x9d29d951UL, 0xc75e9238UL, 0xf8845aebUL, -0x90d8b8e8UL, 0xdeb13c0dUL, 0x33d08d04UL, 0x685ce203UL, -0xc55ddae4UL, 0x3bdc589eUL, 0x0a0f9d46UL, 0x3fdac8d3UL, -0x598f27dbUL, 0xa8fc8cc4UL, 0x79bf99acUL, 0x6c5a724eUL, -0x8ccaa2feUL, 0x9ed1b5e3UL, 0x1fea76a4UL, 0x73b004eaUL, -}, - -{ -0x02e368bcUL, 0x0c558562UL, 0x312a3f23UL, 0xf761ab13UL, -0x7298d46dUL, 0x1921cb9aUL, 0x613c22a4UL, 0xcd459d3dUL, -0x2305fdb4UL, 0x5f2bc407UL, 0xc09b2c01UL, 0x0f3dd980UL, -0x74486c5cUL, 0x85f97f7eUL, 0x1ff173abUL, 0x0eb6eddeUL, -0xed283c6bUL, 0x1a499778UL, 0x8d9f2a91UL, 0x33c9579fUL, -0xaaa907a8UL, 0x7da50dedUL, 0x8f7c422dUL, 0xc9764db0UL, -0x574d91e8UL, 0xcccea963UL, 0xd2b4ee96UL, 0xb63028e1UL, -0xb90df161UL, 0x26bd1967UL, 0x80419badUL, 0xc7c0a06eUL, -0x415183f2UL, 0x3492dbf0UL, 0xfc6fa21eUL, 0x4c8f32ceUL, -0x7313e033UL, 0x6d69a7c6UL, 0x93e56d64UL, 0xfabf1a2fUL, -0xb7bb1cbfUL, 0xb5587403UL, 0x4fe76e2cUL, 0x965d89b7UL, -0x2ae89c05UL, 0xa3446619UL, 0xfb342e71UL, 0x650ff229UL, -0x7afe8182UL, 0xf1b11322UL, 0xeca30835UL, 0x7ecd510fUL, -0x14ff7aa6UL, 0xf85c7293UL, 0x122fc297UL, 0xc3f370e3UL, -0x1c992f49UL, 0x68d14315UL, 0x1bc2a326UL, 0xb388cc32UL, -0x6f8acf7aUL, 0x9fb0e806UL, 0x1e7a47f5UL, 0xdad2bb79UL, -0x21e69508UL, 0x5c4398e5UL, 0x06d0b831UL, 0xaf11e37bUL, -0x537e4165UL, 0x10ccaa2bUL, 0x9cd8b4e4UL, 0xd46456a7UL, -0x59fb7c36UL, 0x84724b20UL, 0xf6ea9f4dUL, 0xdf6a5faaUL, -0xce2dc1dfUL, 0x58704868UL, 0x81caaff3UL, 0x910605d8UL, -0x695a774bUL, 0xa594de28UL, 0x4239df10UL, 0x47813bc3UL, -0xa6fc82caUL, 0xc523c8d2UL, 0xb203f86cUL, 0x9a080cd5UL, -0x40dab7acUL, 0xe17db909UL, 0x2c382434UL, 0xa2cf5247UL, -0xd1dcb274UL, 0x2b63a85bUL, 0x9535d555UL, 0x11479e75UL, -0xe215e5ebUL, 0xc64b9430UL, 0xa84a6f14UL, 0x8691239cUL, -0x394c6accUL, 0x4a5f8affUL, 0x4d040690UL, 0xbbee99ddUL, -0xca1e1152UL, 0x18aaffc4UL, 0x98eb6469UL, 0xff07fefcUL, -0x018b345eUL, 0xbe567d0eUL, 0xd9bae79bUL, 0x324263c1UL, -0x7b75b5dcUL, 0x17972644UL, 0x6667aecbUL, 0xcb95250cUL, -0x67ec9a95UL, 0xd057862aUL, 0x99605037UL, 0x05b8e4d3UL, -0xba65ad83UL, 0x3519efaeUL, 0x13a4f6c9UL, 0xa9c15b4aUL, -0xd6873e1bUL, 0x5ea0f059UL, 0x5b18148aUL, 0x3baf0270UL, -0x76ab04e0UL, 0xbfdd4950UL, 0x63df4a18UL, 0x56c6a5b6UL, -0x0a853d53UL, 0x37fa8712UL, 0xa777b694UL, 0x7f466551UL, -0x09ed61b1UL, 0xe91bece6UL, 0x25d54585UL, 0x52f5753bUL, -0x3d7fba41UL, 0x8827ce42UL, 0x43b2eb4eUL, 0x97d6bde9UL, -0xf3527b9eUL, 0x4562537fUL, 0xa02c3afbUL, 0x707bbcd1UL, -0x6bb91ff7UL, 0x1d121b17UL, 0xc8fd79eeUL, 0xf03a277cUL, -0xd70c0a45UL, 0x7996dd60UL, 0xab2233f6UL, 0x89acfa1cUL, -0x5dc8acbbUL, 0x30a10b7dUL, 0x4bd4bea1UL, 0x94bee10bUL, -0x5425cd0aUL, 0x62547e46UL, 0x82a2f311UL, 0x3e17e6a3UL, -0xe6263566UL, 0x75c35802UL, 0x9b83388bUL, 0xc27844bdUL, -0xdc020348UL, 0x8b4f92a0UL, 0x7c2e39b3UL, 0xe54e6984UL, -0x71f0888fUL, 0x27362d39UL, 0x3f9cd2fdUL, 0x6e01fb24UL, -0xdd893716UL, 0x00000000UL, 0xe0f68d57UL, 0x6ce29398UL, -0x15744ef8UL, 0x5a9320d4UL, 0xe7ad0138UL, 0xb4d3405dUL, -0x871a17c2UL, 0x2db3106aUL, 0x2f5078d6UL, 0x3cf48e1fUL, -0xa1a70ea5UL, 0x3671b34cUL, 0xae9ad725UL, 0x245e71dbUL, -0x50161d87UL, 0xd5ef62f9UL, 0x908d3186UL, 0x161c121aUL, -0xcfa6f581UL, 0x075b8c6fUL, 0x4937d61dUL, 0x926e593aUL, -0x6484c677UL, 0xb886c53fUL, 0xf9d746cdUL, 0xb0e090d0UL, -0x8329c74fUL, 0xfde49640UL, 0x0b0e090dUL, 0x206da156UL, -0x228ec9eaUL, 0x2edb4c88UL, 0x8ef77673UL, 0xbcb515b2UL, -0xc110185fUL, 0x6a322ba9UL, 0xb16ba48eUL, 0x55aef954UL, -0xee406089UL, 0x086655efUL, 0x44e96721UL, 0xbd3e21ecUL, -0x772030beUL, 0xadf28bc7UL, 0x2980c0e7UL, 0x8c141ecfUL, -0x48bce243UL, 0x8ac4a6feUL, 0xd831d3c5UL, 0x60b716faUL, -0x9d5380baUL, 0xf2d94fc0UL, 0x781de93eUL, 0x3a24362eUL, -0xdee16bf4UL, 0xefcb54d7UL, 0xf409f7f1UL, 0xf582c3afUL, -0x280bf4b9UL, 0x519d29d9UL, 0x38c75e92UL, 0xebf8845aUL, -0xe890d8b8UL, 0x0ddeb13cUL, 0x0433d08dUL, 0x03685ce2UL, -0xe4c55ddaUL, 0x9e3bdc58UL, 0x460a0f9dUL, 0xd33fdac8UL, -0xdb598f27UL, 0xc4a8fc8cUL, 0xac79bf99UL, 0x4e6c5a72UL, -0xfe8ccaa2UL, 0xe39ed1b5UL, 0xa41fea76UL, 0xea73b004UL, -}, - -{ -0xbc02e368UL, 0x620c5585UL, 0x23312a3fUL, 0x13f761abUL, -0x6d7298d4UL, 0x9a1921cbUL, 0xa4613c22UL, 0x3dcd459dUL, -0xb42305fdUL, 0x075f2bc4UL, 0x01c09b2cUL, 0x800f3dd9UL, -0x5c74486cUL, 0x7e85f97fUL, 0xab1ff173UL, 0xde0eb6edUL, -0x6bed283cUL, 0x781a4997UL, 0x918d9f2aUL, 0x9f33c957UL, -0xa8aaa907UL, 0xed7da50dUL, 0x2d8f7c42UL, 0xb0c9764dUL, -0xe8574d91UL, 0x63cccea9UL, 0x96d2b4eeUL, 0xe1b63028UL, -0x61b90df1UL, 0x6726bd19UL, 0xad80419bUL, 0x6ec7c0a0UL, -0xf2415183UL, 0xf03492dbUL, 0x1efc6fa2UL, 0xce4c8f32UL, -0x337313e0UL, 0xc66d69a7UL, 0x6493e56dUL, 0x2ffabf1aUL, -0xbfb7bb1cUL, 0x03b55874UL, 0x2c4fe76eUL, 0xb7965d89UL, -0x052ae89cUL, 0x19a34466UL, 0x71fb342eUL, 0x29650ff2UL, -0x827afe81UL, 0x22f1b113UL, 0x35eca308UL, 0x0f7ecd51UL, -0xa614ff7aUL, 0x93f85c72UL, 0x97122fc2UL, 0xe3c3f370UL, -0x491c992fUL, 0x1568d143UL, 0x261bc2a3UL, 0x32b388ccUL, -0x7a6f8acfUL, 0x069fb0e8UL, 0xf51e7a47UL, 0x79dad2bbUL, -0x0821e695UL, 0xe55c4398UL, 0x3106d0b8UL, 0x7baf11e3UL, -0x65537e41UL, 0x2b10ccaaUL, 0xe49cd8b4UL, 0xa7d46456UL, -0x3659fb7cUL, 0x2084724bUL, 0x4df6ea9fUL, 0xaadf6a5fUL, -0xdfce2dc1UL, 0x68587048UL, 0xf381caafUL, 0xd8910605UL, -0x4b695a77UL, 0x28a594deUL, 0x104239dfUL, 0xc347813bUL, -0xcaa6fc82UL, 0xd2c523c8UL, 0x6cb203f8UL, 0xd59a080cUL, -0xac40dab7UL, 0x09e17db9UL, 0x342c3824UL, 0x47a2cf52UL, -0x74d1dcb2UL, 0x5b2b63a8UL, 0x559535d5UL, 0x7511479eUL, -0xebe215e5UL, 0x30c64b94UL, 0x14a84a6fUL, 0x9c869123UL, -0xcc394c6aUL, 0xff4a5f8aUL, 0x904d0406UL, 0xddbbee99UL, -0x52ca1e11UL, 0xc418aaffUL, 0x6998eb64UL, 0xfcff07feUL, -0x5e018b34UL, 0x0ebe567dUL, 0x9bd9bae7UL, 0xc1324263UL, -0xdc7b75b5UL, 0x44179726UL, 0xcb6667aeUL, 0x0ccb9525UL, -0x9567ec9aUL, 0x2ad05786UL, 0x37996050UL, 0xd305b8e4UL, -0x83ba65adUL, 0xae3519efUL, 0xc913a4f6UL, 0x4aa9c15bUL, -0x1bd6873eUL, 0x595ea0f0UL, 0x8a5b1814UL, 0x703baf02UL, -0xe076ab04UL, 0x50bfdd49UL, 0x1863df4aUL, 0xb656c6a5UL, -0x530a853dUL, 0x1237fa87UL, 0x94a777b6UL, 0x517f4665UL, -0xb109ed61UL, 0xe6e91becUL, 0x8525d545UL, 0x3b52f575UL, -0x413d7fbaUL, 0x428827ceUL, 0x4e43b2ebUL, 0xe997d6bdUL, -0x9ef3527bUL, 0x7f456253UL, 0xfba02c3aUL, 0xd1707bbcUL, -0xf76bb91fUL, 0x171d121bUL, 0xeec8fd79UL, 0x7cf03a27UL, -0x45d70c0aUL, 0x607996ddUL, 0xf6ab2233UL, 0x1c89acfaUL, -0xbb5dc8acUL, 0x7d30a10bUL, 0xa14bd4beUL, 0x0b94bee1UL, -0x0a5425cdUL, 0x4662547eUL, 0x1182a2f3UL, 0xa33e17e6UL, -0x66e62635UL, 0x0275c358UL, 0x8b9b8338UL, 0xbdc27844UL, -0x48dc0203UL, 0xa08b4f92UL, 0xb37c2e39UL, 0x84e54e69UL, -0x8f71f088UL, 0x3927362dUL, 0xfd3f9cd2UL, 0x246e01fbUL, -0x16dd8937UL, 0x00000000UL, 0x57e0f68dUL, 0x986ce293UL, -0xf815744eUL, 0xd45a9320UL, 0x38e7ad01UL, 0x5db4d340UL, -0xc2871a17UL, 0x6a2db310UL, 0xd62f5078UL, 0x1f3cf48eUL, -0xa5a1a70eUL, 0x4c3671b3UL, 0x25ae9ad7UL, 0xdb245e71UL, -0x8750161dUL, 0xf9d5ef62UL, 0x86908d31UL, 0x1a161c12UL, -0x81cfa6f5UL, 0x6f075b8cUL, 0x1d4937d6UL, 0x3a926e59UL, -0x776484c6UL, 0x3fb886c5UL, 0xcdf9d746UL, 0xd0b0e090UL, -0x4f8329c7UL, 0x40fde496UL, 0x0d0b0e09UL, 0x56206da1UL, -0xea228ec9UL, 0x882edb4cUL, 0x738ef776UL, 0xb2bcb515UL, -0x5fc11018UL, 0xa96a322bUL, 0x8eb16ba4UL, 0x5455aef9UL, -0x89ee4060UL, 0xef086655UL, 0x2144e967UL, 0xecbd3e21UL, -0xbe772030UL, 0xc7adf28bUL, 0xe72980c0UL, 0xcf8c141eUL, -0x4348bce2UL, 0xfe8ac4a6UL, 0xc5d831d3UL, 0xfa60b716UL, -0xba9d5380UL, 0xc0f2d94fUL, 0x3e781de9UL, 0x2e3a2436UL, -0xf4dee16bUL, 0xd7efcb54UL, 0xf1f409f7UL, 0xaff582c3UL, -0xb9280bf4UL, 0xd9519d29UL, 0x9238c75eUL, 0x5aebf884UL, -0xb8e890d8UL, 0x3c0ddeb1UL, 0x8d0433d0UL, 0xe203685cUL, -0xdae4c55dUL, 0x589e3bdcUL, 0x9d460a0fUL, 0xc8d33fdaUL, -0x27db598fUL, 0x8cc4a8fcUL, 0x99ac79bfUL, 0x724e6c5aUL, -0xa2fe8ccaUL, 0xb5e39ed1UL, 0x76a41feaUL, 0x04ea73b0UL, -}, - -{ -0x68bc02e3UL, 0x85620c55UL, 0x3f23312aUL, 0xab13f761UL, -0xd46d7298UL, 0xcb9a1921UL, 0x22a4613cUL, 0x9d3dcd45UL, -0xfdb42305UL, 0xc4075f2bUL, 0x2c01c09bUL, 0xd9800f3dUL, -0x6c5c7448UL, 0x7f7e85f9UL, 0x73ab1ff1UL, 0xedde0eb6UL, -0x3c6bed28UL, 0x97781a49UL, 0x2a918d9fUL, 0x579f33c9UL, -0x07a8aaa9UL, 0x0ded7da5UL, 0x422d8f7cUL, 0x4db0c976UL, -0x91e8574dUL, 0xa963ccceUL, 0xee96d2b4UL, 0x28e1b630UL, -0xf161b90dUL, 0x196726bdUL, 0x9bad8041UL, 0xa06ec7c0UL, -0x83f24151UL, 0xdbf03492UL, 0xa21efc6fUL, 0x32ce4c8fUL, -0xe0337313UL, 0xa7c66d69UL, 0x6d6493e5UL, 0x1a2ffabfUL, -0x1cbfb7bbUL, 0x7403b558UL, 0x6e2c4fe7UL, 0x89b7965dUL, -0x9c052ae8UL, 0x6619a344UL, 0x2e71fb34UL, 0xf229650fUL, -0x81827afeUL, 0x1322f1b1UL, 0x0835eca3UL, 0x510f7ecdUL, -0x7aa614ffUL, 0x7293f85cUL, 0xc297122fUL, 0x70e3c3f3UL, -0x2f491c99UL, 0x431568d1UL, 0xa3261bc2UL, 0xcc32b388UL, -0xcf7a6f8aUL, 0xe8069fb0UL, 0x47f51e7aUL, 0xbb79dad2UL, -0x950821e6UL, 0x98e55c43UL, 0xb83106d0UL, 0xe37baf11UL, -0x4165537eUL, 0xaa2b10ccUL, 0xb4e49cd8UL, 0x56a7d464UL, -0x7c3659fbUL, 0x4b208472UL, 0x9f4df6eaUL, 0x5faadf6aUL, -0xc1dfce2dUL, 0x48685870UL, 0xaff381caUL, 0x05d89106UL, -0x774b695aUL, 0xde28a594UL, 0xdf104239UL, 0x3bc34781UL, -0x82caa6fcUL, 0xc8d2c523UL, 0xf86cb203UL, 0x0cd59a08UL, -0xb7ac40daUL, 0xb909e17dUL, 0x24342c38UL, 0x5247a2cfUL, -0xb274d1dcUL, 0xa85b2b63UL, 0xd5559535UL, 0x9e751147UL, -0xe5ebe215UL, 0x9430c64bUL, 0x6f14a84aUL, 0x239c8691UL, -0x6acc394cUL, 0x8aff4a5fUL, 0x06904d04UL, 0x99ddbbeeUL, -0x1152ca1eUL, 0xffc418aaUL, 0x646998ebUL, 0xfefcff07UL, -0x345e018bUL, 0x7d0ebe56UL, 0xe79bd9baUL, 0x63c13242UL, -0xb5dc7b75UL, 0x26441797UL, 0xaecb6667UL, 0x250ccb95UL, -0x9a9567ecUL, 0x862ad057UL, 0x50379960UL, 0xe4d305b8UL, -0xad83ba65UL, 0xefae3519UL, 0xf6c913a4UL, 0x5b4aa9c1UL, -0x3e1bd687UL, 0xf0595ea0UL, 0x148a5b18UL, 0x02703bafUL, -0x04e076abUL, 0x4950bfddUL, 0x4a1863dfUL, 0xa5b656c6UL, -0x3d530a85UL, 0x871237faUL, 0xb694a777UL, 0x65517f46UL, -0x61b109edUL, 0xece6e91bUL, 0x458525d5UL, 0x753b52f5UL, -0xba413d7fUL, 0xce428827UL, 0xeb4e43b2UL, 0xbde997d6UL, -0x7b9ef352UL, 0x537f4562UL, 0x3afba02cUL, 0xbcd1707bUL, -0x1ff76bb9UL, 0x1b171d12UL, 0x79eec8fdUL, 0x277cf03aUL, -0x0a45d70cUL, 0xdd607996UL, 0x33f6ab22UL, 0xfa1c89acUL, -0xacbb5dc8UL, 0x0b7d30a1UL, 0xbea14bd4UL, 0xe10b94beUL, -0xcd0a5425UL, 0x7e466254UL, 0xf31182a2UL, 0xe6a33e17UL, -0x3566e626UL, 0x580275c3UL, 0x388b9b83UL, 0x44bdc278UL, -0x0348dc02UL, 0x92a08b4fUL, 0x39b37c2eUL, 0x6984e54eUL, -0x888f71f0UL, 0x2d392736UL, 0xd2fd3f9cUL, 0xfb246e01UL, -0x3716dd89UL, 0x00000000UL, 0x8d57e0f6UL, 0x93986ce2UL, -0x4ef81574UL, 0x20d45a93UL, 0x0138e7adUL, 0x405db4d3UL, -0x17c2871aUL, 0x106a2db3UL, 0x78d62f50UL, 0x8e1f3cf4UL, -0x0ea5a1a7UL, 0xb34c3671UL, 0xd725ae9aUL, 0x71db245eUL, -0x1d875016UL, 0x62f9d5efUL, 0x3186908dUL, 0x121a161cUL, -0xf581cfa6UL, 0x8c6f075bUL, 0xd61d4937UL, 0x593a926eUL, -0xc6776484UL, 0xc53fb886UL, 0x46cdf9d7UL, 0x90d0b0e0UL, -0xc74f8329UL, 0x9640fde4UL, 0x090d0b0eUL, 0xa156206dUL, -0xc9ea228eUL, 0x4c882edbUL, 0x76738ef7UL, 0x15b2bcb5UL, -0x185fc110UL, 0x2ba96a32UL, 0xa48eb16bUL, 0xf95455aeUL, -0x6089ee40UL, 0x55ef0866UL, 0x672144e9UL, 0x21ecbd3eUL, -0x30be7720UL, 0x8bc7adf2UL, 0xc0e72980UL, 0x1ecf8c14UL, -0xe24348bcUL, 0xa6fe8ac4UL, 0xd3c5d831UL, 0x16fa60b7UL, -0x80ba9d53UL, 0x4fc0f2d9UL, 0xe93e781dUL, 0x362e3a24UL, -0x6bf4dee1UL, 0x54d7efcbUL, 0xf7f1f409UL, 0xc3aff582UL, -0xf4b9280bUL, 0x29d9519dUL, 0x5e9238c7UL, 0x845aebf8UL, -0xd8b8e890UL, 0xb13c0ddeUL, 0xd08d0433UL, 0x5ce20368UL, -0x5ddae4c5UL, 0xdc589e3bUL, 0x0f9d460aUL, 0xdac8d33fUL, -0x8f27db59UL, 0xfc8cc4a8UL, 0xbf99ac79UL, 0x5a724e6cUL, -0xcaa2fe8cUL, 0xd1b5e39eUL, 0xea76a41fUL, 0xb004ea73UL, -}}; - -NAMESPACE_END diff --git a/cryptopp562/stdcpp.h b/cryptopp562/stdcpp.h deleted file mode 100644 index 6511c4f..0000000 --- a/cryptopp562/stdcpp.h +++ /dev/null @@ -1,41 +0,0 @@ -#ifndef CRYPTOPP_STDCPP_H -#define CRYPTOPP_STDCPP_H - -#if _MSC_VER >= 1500 -#define _DO_NOT_DECLARE_INTERLOCKED_INTRINSICS_IN_MEMORY -#include <intrin.h> -#endif - -#include <stddef.h> -#include <assert.h> -#include <limits.h> -#include <stdlib.h> -#include <string.h> -#include <memory> -#include <string> -#include <exception> -#include <typeinfo> -#include <algorithm> -#include <map> -#include <vector> - -#ifdef CRYPTOPP_INCLUDE_VECTOR_CC -// workaround needed on Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21 -#include <vector.cc> -#endif - -// for alloca -#ifdef __sun -#include <alloca.h> -#elif defined(__MINGW32__) || defined(__BORLANDC__) -#include <malloc.h> -#endif - -#ifdef _MSC_VER -#pragma warning(disable: 4231) // re-disable this -#ifdef _CRTAPI1 -#define CRYPTOPP_MSVCRT6 -#endif -#endif - -#endif diff --git a/cryptopp562/strciphr.cpp b/cryptopp562/strciphr.cpp deleted file mode 100644 index 53e0073..0000000 --- a/cryptopp562/strciphr.cpp +++ /dev/null @@ -1,252 +0,0 @@ -// strciphr.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "strciphr.h" - -NAMESPACE_BEGIN(CryptoPP) - -template <class S> -void AdditiveCipherTemplate<S>::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) -{ - PolicyInterface &policy = this->AccessPolicy(); - policy.CipherSetKey(params, key, length); - m_leftOver = 0; - unsigned int bufferByteSize = policy.CanOperateKeystream() ? GetBufferByteSize(policy) : RoundUpToMultipleOf(1024U, GetBufferByteSize(policy)); - m_buffer.New(bufferByteSize); - - if (this->IsResynchronizable()) - { - size_t ivLength; - const byte *iv = this->GetIVAndThrowIfInvalid(params, ivLength); - policy.CipherResynchronize(m_buffer, iv, ivLength); - } -} - -template <class S> -void AdditiveCipherTemplate<S>::GenerateBlock(byte *outString, size_t length) -{ - if (m_leftOver > 0) - { - size_t len = STDMIN(m_leftOver, length); - memcpy(outString, KeystreamBufferEnd()-m_leftOver, len); - length -= len; - m_leftOver -= len; - outString += len; - - if (!length) - return; - } - assert(m_leftOver == 0); - - PolicyInterface &policy = this->AccessPolicy(); - unsigned int bytesPerIteration = policy.GetBytesPerIteration(); - - if (length >= bytesPerIteration) - { - size_t iterations = length / bytesPerIteration; - policy.WriteKeystream(outString, iterations); - outString += iterations * bytesPerIteration; - length -= iterations * bytesPerIteration; - } - - if (length > 0) - { - size_t bufferByteSize = RoundUpToMultipleOf(length, bytesPerIteration); - size_t bufferIterations = bufferByteSize / bytesPerIteration; - - policy.WriteKeystream(KeystreamBufferEnd()-bufferByteSize, bufferIterations); - memcpy(outString, KeystreamBufferEnd()-bufferByteSize, length); - m_leftOver = bufferByteSize - length; - } -} - -template <class S> -void AdditiveCipherTemplate<S>::ProcessData(byte *outString, const byte *inString, size_t length) -{ - if (m_leftOver > 0) - { - size_t len = STDMIN(m_leftOver, length); - xorbuf(outString, inString, KeystreamBufferEnd()-m_leftOver, len); - length -= len; - m_leftOver -= len; - inString += len; - outString += len; - - if (!length) - return; - } - assert(m_leftOver == 0); - - PolicyInterface &policy = this->AccessPolicy(); - unsigned int bytesPerIteration = policy.GetBytesPerIteration(); - - if (policy.CanOperateKeystream() && length >= bytesPerIteration) - { - size_t iterations = length / bytesPerIteration; - unsigned int alignment = policy.GetAlignment(); - KeystreamOperation operation = KeystreamOperation((IsAlignedOn(inString, alignment) * 2) | (int)IsAlignedOn(outString, alignment)); - - policy.OperateKeystream(operation, outString, inString, iterations); - - inString += iterations * bytesPerIteration; - outString += iterations * bytesPerIteration; - length -= iterations * bytesPerIteration; - - if (!length) - return; - } - - size_t bufferByteSize = m_buffer.size(); - size_t bufferIterations = bufferByteSize / bytesPerIteration; - - while (length >= bufferByteSize) - { - policy.WriteKeystream(m_buffer, bufferIterations); - xorbuf(outString, inString, KeystreamBufferBegin(), bufferByteSize); - length -= bufferByteSize; - inString += bufferByteSize; - outString += bufferByteSize; - } - - if (length > 0) - { - bufferByteSize = RoundUpToMultipleOf(length, bytesPerIteration); - bufferIterations = bufferByteSize / bytesPerIteration; - - policy.WriteKeystream(KeystreamBufferEnd()-bufferByteSize, bufferIterations); - xorbuf(outString, inString, KeystreamBufferEnd()-bufferByteSize, length); - m_leftOver = bufferByteSize - length; - } -} - -template <class S> -void AdditiveCipherTemplate<S>::Resynchronize(const byte *iv, int length) -{ - PolicyInterface &policy = this->AccessPolicy(); - m_leftOver = 0; - m_buffer.New(GetBufferByteSize(policy)); - policy.CipherResynchronize(m_buffer, iv, this->ThrowIfInvalidIVLength(length)); -} - -template <class BASE> -void AdditiveCipherTemplate<BASE>::Seek(lword position) -{ - PolicyInterface &policy = this->AccessPolicy(); - unsigned int bytesPerIteration = policy.GetBytesPerIteration(); - - policy.SeekToIteration(position / bytesPerIteration); - position %= bytesPerIteration; - - if (position > 0) - { - policy.WriteKeystream(KeystreamBufferEnd()-bytesPerIteration, 1); - m_leftOver = bytesPerIteration - (unsigned int)position; - } - else - m_leftOver = 0; -} - -template <class BASE> -void CFB_CipherTemplate<BASE>::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) -{ - PolicyInterface &policy = this->AccessPolicy(); - policy.CipherSetKey(params, key, length); - - if (this->IsResynchronizable()) - { - size_t ivLength; - const byte *iv = this->GetIVAndThrowIfInvalid(params, ivLength); - policy.CipherResynchronize(iv, ivLength); - } - - m_leftOver = policy.GetBytesPerIteration(); -} - -template <class BASE> -void CFB_CipherTemplate<BASE>::Resynchronize(const byte *iv, int length) -{ - PolicyInterface &policy = this->AccessPolicy(); - policy.CipherResynchronize(iv, this->ThrowIfInvalidIVLength(length)); - m_leftOver = policy.GetBytesPerIteration(); -} - -template <class BASE> -void CFB_CipherTemplate<BASE>::ProcessData(byte *outString, const byte *inString, size_t length) -{ - assert(length % this->MandatoryBlockSize() == 0); - - PolicyInterface &policy = this->AccessPolicy(); - unsigned int bytesPerIteration = policy.GetBytesPerIteration(); - unsigned int alignment = policy.GetAlignment(); - byte *reg = policy.GetRegisterBegin(); - - if (m_leftOver) - { - size_t len = STDMIN(m_leftOver, length); - CombineMessageAndShiftRegister(outString, reg + bytesPerIteration - m_leftOver, inString, len); - m_leftOver -= len; - length -= len; - inString += len; - outString += len; - } - - if (!length) - return; - - assert(m_leftOver == 0); - - if (policy.CanIterate() && length >= bytesPerIteration && IsAlignedOn(outString, alignment)) - { - if (IsAlignedOn(inString, alignment)) - policy.Iterate(outString, inString, GetCipherDir(*this), length / bytesPerIteration); - else - { - memcpy(outString, inString, length); - policy.Iterate(outString, outString, GetCipherDir(*this), length / bytesPerIteration); - } - inString += length - length % bytesPerIteration; - outString += length - length % bytesPerIteration; - length %= bytesPerIteration; - } - - while (length >= bytesPerIteration) - { - policy.TransformRegister(); - CombineMessageAndShiftRegister(outString, reg, inString, bytesPerIteration); - length -= bytesPerIteration; - inString += bytesPerIteration; - outString += bytesPerIteration; - } - - if (length > 0) - { - policy.TransformRegister(); - CombineMessageAndShiftRegister(outString, reg, inString, length); - m_leftOver = bytesPerIteration - length; - } -} - -template <class BASE> -void CFB_EncryptionTemplate<BASE>::CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length) -{ - xorbuf(reg, message, length); - memcpy(output, reg, length); -} - -template <class BASE> -void CFB_DecryptionTemplate<BASE>::CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length) -{ - for (unsigned int i=0; i<length; i++) - { - byte b = message[i]; - output[i] = reg[i] ^ b; - reg[i] = b; - } -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/strciphr.h b/cryptopp562/strciphr.h deleted file mode 100644 index d1d11a1..0000000 --- a/cryptopp562/strciphr.h +++ /dev/null @@ -1,306 +0,0 @@ -/*! \file - This file contains helper classes for implementing stream ciphers. - - All this infrastructure may look very complex compared to what's in Crypto++ 4.x, - but stream ciphers implementations now support a lot of new functionality, - including better performance (minimizing copying), resetting of keys and IVs, and methods to - query which features are supported by a cipher. - - Here's an explanation of these classes. The word "policy" is used here to mean a class with a - set of methods that must be implemented by individual stream cipher implementations. - This is usually much simpler than the full stream cipher API, which is implemented by - either AdditiveCipherTemplate or CFB_CipherTemplate using the policy. So for example, an - implementation of SEAL only needs to implement the AdditiveCipherAbstractPolicy interface - (since it's an additive cipher, i.e., it xors a keystream into the plaintext). - See this line in seal.h: - - typedef SymmetricCipherFinal\<ConcretePolicyHolder\<SEAL_Policy\<B\>, AdditiveCipherTemplate\<\> \> \> Encryption; - - AdditiveCipherTemplate and CFB_CipherTemplate are designed so that they don't need - to take a policy class as a template parameter (although this is allowed), so that - their code is not duplicated for each new cipher. Instead they each - get a reference to an abstract policy interface by calling AccessPolicy() on itself, so - AccessPolicy() must be overriden to return the actual policy reference. This is done - by the ConceretePolicyHolder class. Finally, SymmetricCipherFinal implements the constructors and - other functions that must be implemented by the most derived class. -*/ - -#ifndef CRYPTOPP_STRCIPHR_H -#define CRYPTOPP_STRCIPHR_H - -#include "seckey.h" -#include "secblock.h" -#include "argnames.h" - -NAMESPACE_BEGIN(CryptoPP) - -template <class POLICY_INTERFACE, class BASE = Empty> -class CRYPTOPP_NO_VTABLE AbstractPolicyHolder : public BASE -{ -public: - typedef POLICY_INTERFACE PolicyInterface; - virtual ~AbstractPolicyHolder() {} - -protected: - virtual const POLICY_INTERFACE & GetPolicy() const =0; - virtual POLICY_INTERFACE & AccessPolicy() =0; -}; - -template <class POLICY, class BASE, class POLICY_INTERFACE = CPP_TYPENAME BASE::PolicyInterface> -class ConcretePolicyHolder : public BASE, protected POLICY -{ -protected: - const POLICY_INTERFACE & GetPolicy() const {return *this;} - POLICY_INTERFACE & AccessPolicy() {return *this;} -}; - -enum KeystreamOperationFlags {OUTPUT_ALIGNED=1, INPUT_ALIGNED=2, INPUT_NULL = 4}; -enum KeystreamOperation { - WRITE_KEYSTREAM = INPUT_NULL, - WRITE_KEYSTREAM_ALIGNED = INPUT_NULL | OUTPUT_ALIGNED, - XOR_KEYSTREAM = 0, - XOR_KEYSTREAM_INPUT_ALIGNED = INPUT_ALIGNED, - XOR_KEYSTREAM_OUTPUT_ALIGNED= OUTPUT_ALIGNED, - XOR_KEYSTREAM_BOTH_ALIGNED = OUTPUT_ALIGNED | INPUT_ALIGNED}; - -struct CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AdditiveCipherAbstractPolicy -{ - virtual ~AdditiveCipherAbstractPolicy() {} - virtual unsigned int GetAlignment() const {return 1;} - virtual unsigned int GetBytesPerIteration() const =0; - virtual unsigned int GetOptimalBlockSize() const {return GetBytesPerIteration();} - virtual unsigned int GetIterationsToBuffer() const =0; - virtual void WriteKeystream(byte *keystream, size_t iterationCount) - {OperateKeystream(KeystreamOperation(INPUT_NULL | (KeystreamOperationFlags)IsAlignedOn(keystream, GetAlignment())), keystream, NULL, iterationCount);} - virtual bool CanOperateKeystream() const {return false;} - virtual void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) {assert(false);} - virtual void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) =0; - virtual void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) {throw NotImplemented("SimpleKeyingInterface: this object doesn't support resynchronization");} - virtual bool CipherIsRandomAccess() const =0; - virtual void SeekToIteration(lword iterationCount) {assert(!CipherIsRandomAccess()); throw NotImplemented("StreamTransformation: this object doesn't support random access");} -}; - -template <typename WT, unsigned int W, unsigned int X = 1, class BASE = AdditiveCipherAbstractPolicy> -struct CRYPTOPP_NO_VTABLE AdditiveCipherConcretePolicy : public BASE -{ - typedef WT WordType; - CRYPTOPP_CONSTANT(BYTES_PER_ITERATION = sizeof(WordType) * W) - -#if !(CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64) - unsigned int GetAlignment() const {return GetAlignmentOf<WordType>();} -#endif - unsigned int GetBytesPerIteration() const {return BYTES_PER_ITERATION;} - unsigned int GetIterationsToBuffer() const {return X;} - bool CanOperateKeystream() const {return true;} - virtual void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) =0; -}; - -// use these to implement OperateKeystream -#define CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, b, i, a) \ - PutWord(bool(x & OUTPUT_ALIGNED), b, output+i*sizeof(WordType), (x & INPUT_NULL) ? a : a ^ GetWord<WordType>(bool(x & INPUT_ALIGNED), b, input+i*sizeof(WordType))); -#define CRYPTOPP_KEYSTREAM_OUTPUT_XMM(x, i, a) {\ - __m128i t = (x & INPUT_NULL) ? a : _mm_xor_si128(a, (x & INPUT_ALIGNED) ? _mm_load_si128((__m128i *)input+i) : _mm_loadu_si128((__m128i *)input+i));\ - if (x & OUTPUT_ALIGNED) _mm_store_si128((__m128i *)output+i, t);\ - else _mm_storeu_si128((__m128i *)output+i, t);} -#define CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(x, y) \ - switch (operation) \ - { \ - case WRITE_KEYSTREAM: \ - x(WRITE_KEYSTREAM) \ - break; \ - case XOR_KEYSTREAM: \ - x(XOR_KEYSTREAM) \ - input += y; \ - break; \ - case XOR_KEYSTREAM_INPUT_ALIGNED: \ - x(XOR_KEYSTREAM_INPUT_ALIGNED) \ - input += y; \ - break; \ - case XOR_KEYSTREAM_OUTPUT_ALIGNED: \ - x(XOR_KEYSTREAM_OUTPUT_ALIGNED) \ - input += y; \ - break; \ - case WRITE_KEYSTREAM_ALIGNED: \ - x(WRITE_KEYSTREAM_ALIGNED) \ - break; \ - case XOR_KEYSTREAM_BOTH_ALIGNED: \ - x(XOR_KEYSTREAM_BOTH_ALIGNED) \ - input += y; \ - break; \ - } \ - output += y; - -template <class BASE = AbstractPolicyHolder<AdditiveCipherAbstractPolicy, SymmetricCipher> > -class CRYPTOPP_NO_VTABLE AdditiveCipherTemplate : public BASE, public RandomNumberGenerator -{ -public: - void GenerateBlock(byte *output, size_t size); - void ProcessData(byte *outString, const byte *inString, size_t length); - void Resynchronize(const byte *iv, int length=-1); - unsigned int OptimalBlockSize() const {return this->GetPolicy().GetOptimalBlockSize();} - unsigned int GetOptimalNextBlockSize() const {return (unsigned int)this->m_leftOver;} - unsigned int OptimalDataAlignment() const {return this->GetPolicy().GetAlignment();} - bool IsSelfInverting() const {return true;} - bool IsForwardTransformation() const {return true;} - bool IsRandomAccess() const {return this->GetPolicy().CipherIsRandomAccess();} - void Seek(lword position); - - typedef typename BASE::PolicyInterface PolicyInterface; - -protected: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - - unsigned int GetBufferByteSize(const PolicyInterface &policy) const {return policy.GetBytesPerIteration() * policy.GetIterationsToBuffer();} - - inline byte * KeystreamBufferBegin() {return this->m_buffer.data();} - inline byte * KeystreamBufferEnd() {return (this->m_buffer.data() + this->m_buffer.size());} - - SecByteBlock m_buffer; - size_t m_leftOver; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CFB_CipherAbstractPolicy -{ -public: - virtual ~CFB_CipherAbstractPolicy() {} - virtual unsigned int GetAlignment() const =0; - virtual unsigned int GetBytesPerIteration() const =0; - virtual byte * GetRegisterBegin() =0; - virtual void TransformRegister() =0; - virtual bool CanIterate() const {return false;} - virtual void Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount) {assert(false); throw 0;} - virtual void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) =0; - virtual void CipherResynchronize(const byte *iv, size_t length) {throw NotImplemented("SimpleKeyingInterface: this object doesn't support resynchronization");} -}; - -template <typename WT, unsigned int W, class BASE = CFB_CipherAbstractPolicy> -struct CRYPTOPP_NO_VTABLE CFB_CipherConcretePolicy : public BASE -{ - typedef WT WordType; - - unsigned int GetAlignment() const {return sizeof(WordType);} - unsigned int GetBytesPerIteration() const {return sizeof(WordType) * W;} - bool CanIterate() const {return true;} - void TransformRegister() {this->Iterate(NULL, NULL, ENCRYPTION, 1);} - - template <class B> - struct RegisterOutput - { - RegisterOutput(byte *output, const byte *input, CipherDir dir) - : m_output(output), m_input(input), m_dir(dir) {} - - inline RegisterOutput& operator()(WordType ®isterWord) - { - assert(IsAligned<WordType>(m_output)); - assert(IsAligned<WordType>(m_input)); - - if (!NativeByteOrderIs(B::ToEnum())) - registerWord = ByteReverse(registerWord); - - if (m_dir == ENCRYPTION) - { - if (m_input == NULL) - assert(m_output == NULL); - else - { - WordType ct = *(const WordType *)m_input ^ registerWord; - registerWord = ct; - *(WordType*)m_output = ct; - m_input += sizeof(WordType); - m_output += sizeof(WordType); - } - } - else - { - WordType ct = *(const WordType *)m_input; - *(WordType*)m_output = registerWord ^ ct; - registerWord = ct; - m_input += sizeof(WordType); - m_output += sizeof(WordType); - } - - // registerWord is left unreversed so it can be xor-ed with further input - - return *this; - } - - byte *m_output; - const byte *m_input; - CipherDir m_dir; - }; -}; - -template <class BASE> -class CRYPTOPP_NO_VTABLE CFB_CipherTemplate : public BASE -{ -public: - void ProcessData(byte *outString, const byte *inString, size_t length); - void Resynchronize(const byte *iv, int length=-1); - unsigned int OptimalBlockSize() const {return this->GetPolicy().GetBytesPerIteration();} - unsigned int GetOptimalNextBlockSize() const {return (unsigned int)m_leftOver;} - unsigned int OptimalDataAlignment() const {return this->GetPolicy().GetAlignment();} - bool IsRandomAccess() const {return false;} - bool IsSelfInverting() const {return false;} - - typedef typename BASE::PolicyInterface PolicyInterface; - -protected: - virtual void CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length) =0; - - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - - size_t m_leftOver; -}; - -template <class BASE = AbstractPolicyHolder<CFB_CipherAbstractPolicy, SymmetricCipher> > -class CRYPTOPP_NO_VTABLE CFB_EncryptionTemplate : public CFB_CipherTemplate<BASE> -{ - bool IsForwardTransformation() const {return true;} - void CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length); -}; - -template <class BASE = AbstractPolicyHolder<CFB_CipherAbstractPolicy, SymmetricCipher> > -class CRYPTOPP_NO_VTABLE CFB_DecryptionTemplate : public CFB_CipherTemplate<BASE> -{ - bool IsForwardTransformation() const {return false;} - void CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length); -}; - -template <class BASE> -class CFB_RequireFullDataBlocks : public BASE -{ -public: - unsigned int MandatoryBlockSize() const {return this->OptimalBlockSize();} -}; - -//! _ -template <class BASE, class INFO = BASE> -class SymmetricCipherFinal : public AlgorithmImpl<SimpleKeyingInterfaceImpl<BASE, INFO>, INFO> -{ -public: - SymmetricCipherFinal() {} - SymmetricCipherFinal(const byte *key) - {this->SetKey(key, this->DEFAULT_KEYLENGTH);} - SymmetricCipherFinal(const byte *key, size_t length) - {this->SetKey(key, length);} - SymmetricCipherFinal(const byte *key, size_t length, const byte *iv) - {this->SetKeyWithIV(key, length, iv);} - - Clonable * Clone() const {return static_cast<SymmetricCipher *>(new SymmetricCipherFinal<BASE, INFO>(*this));} -}; - -NAMESPACE_END - -#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES -#include "strciphr.cpp" -#endif - -NAMESPACE_BEGIN(CryptoPP) -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractPolicyHolder<AdditiveCipherAbstractPolicy, SymmetricCipher>; -CRYPTOPP_DLL_TEMPLATE_CLASS AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, SymmetricCipher> >; -CRYPTOPP_DLL_TEMPLATE_CLASS CFB_CipherTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, SymmetricCipher> >; -CRYPTOPP_DLL_TEMPLATE_CLASS CFB_EncryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, SymmetricCipher> >; -CRYPTOPP_DLL_TEMPLATE_CLASS CFB_DecryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, SymmetricCipher> >; -NAMESPACE_END - -#endif diff --git a/cryptopp562/tea.cpp b/cryptopp562/tea.cpp deleted file mode 100644 index b1fb6f1..0000000 --- a/cryptopp562/tea.cpp +++ /dev/null @@ -1,159 +0,0 @@ -// tea.cpp - modified by Wei Dai from code in the original paper - -#include "pch.h" -#include "tea.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const word32 DELTA = 0x9e3779b9; -typedef BlockGetAndPut<word32, BigEndian> Block; - -void TEA::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(length); - - GetUserKey(BIG_ENDIAN_ORDER, m_k.begin(), 4, userKey, KEYLENGTH); - m_limit = GetRoundsAndThrowIfInvalid(params, this) * DELTA; -} - -void TEA::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 y, z; - Block::Get(inBlock)(y)(z); - - word32 sum = 0; - while (sum != m_limit) - { - sum += DELTA; - y += (z << 4) + m_k[0] ^ z + sum ^ (z >> 5) + m_k[1]; - z += (y << 4) + m_k[2] ^ y + sum ^ (y >> 5) + m_k[3]; - } - - Block::Put(xorBlock, outBlock)(y)(z); -} - -void TEA::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 y, z; - Block::Get(inBlock)(y)(z); - - word32 sum = m_limit; - while (sum != 0) - { - z -= (y << 4) + m_k[2] ^ y + sum ^ (y >> 5) + m_k[3]; - y -= (z << 4) + m_k[0] ^ z + sum ^ (z >> 5) + m_k[1]; - sum -= DELTA; - } - - Block::Put(xorBlock, outBlock)(y)(z); -} - -void XTEA::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(length); - - GetUserKey(BIG_ENDIAN_ORDER, m_k.begin(), 4, userKey, KEYLENGTH); - m_limit = GetRoundsAndThrowIfInvalid(params, this) * DELTA; -} - -void XTEA::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 y, z; - Block::Get(inBlock)(y)(z); - -#ifdef __SUNPRO_CC - // workaround needed on Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21 - size_t sum = 0; - while ((sum&0xffffffff) != m_limit) -#else - word32 sum = 0; - while (sum != m_limit) -#endif - { - y += (z<<4 ^ z>>5) + z ^ sum + m_k[sum&3]; - sum += DELTA; - z += (y<<4 ^ y>>5) + y ^ sum + m_k[sum>>11 & 3]; - } - - Block::Put(xorBlock, outBlock)(y)(z); -} - -void XTEA::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 y, z; - Block::Get(inBlock)(y)(z); - -#ifdef __SUNPRO_CC - // workaround needed on Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21 - size_t sum = m_limit; - while ((sum&0xffffffff) != 0) -#else - word32 sum = m_limit; - while (sum != 0) -#endif - { - z -= (y<<4 ^ y>>5) + y ^ sum + m_k[sum>>11 & 3]; - sum -= DELTA; - y -= (z<<4 ^ z>>5) + z ^ sum + m_k[sum&3]; - } - - Block::Put(xorBlock, outBlock)(y)(z); -} - -#define MX (z>>5^y<<2)+(y>>3^z<<4)^(sum^y)+(m_k[p&3^e]^z) - -void BTEA::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - unsigned int n = m_blockSize / 4; - word32 *v = (word32*)outBlock; - ConditionalByteReverse(BIG_ENDIAN_ORDER, v, (const word32*)inBlock, m_blockSize); - - word32 y = v[0], z = v[n-1], e; - word32 p, q = 6+52/n; - word32 sum = 0; - - while (q-- > 0) - { - sum += DELTA; - e = sum>>2 & 3; - for (p = 0; p < n-1; p++) - { - y = v[p+1]; - z = v[p] += MX; - } - y = v[0]; - z = v[n-1] += MX; - } - - ConditionalByteReverse(BIG_ENDIAN_ORDER, v, v, m_blockSize); -} - -void BTEA::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - unsigned int n = m_blockSize / 4; - word32 *v = (word32*)outBlock; - ConditionalByteReverse(BIG_ENDIAN_ORDER, v, (const word32*)inBlock, m_blockSize); - - word32 y = v[0], z = v[n-1], e; - word32 p, q = 6+52/n; - word32 sum = q * DELTA; - - while (sum != 0) - { - e = sum>>2 & 3; - for (p = n-1; p > 0; p--) - { - z = v[p-1]; - y = v[p] -= MX; - } - - z = v[n-1]; - y = v[0] -= MX; - sum -= DELTA; - } - - ConditionalByteReverse(BIG_ENDIAN_ORDER, v, v, m_blockSize); -} - -NAMESPACE_END diff --git a/cryptopp562/tea.h b/cryptopp562/tea.h deleted file mode 100644 index d8ddded..0000000 --- a/cryptopp562/tea.h +++ /dev/null @@ -1,132 +0,0 @@ -#ifndef CRYPTOPP_TEA_H -#define CRYPTOPP_TEA_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct TEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public VariableRounds<32> -{ - static const char *StaticAlgorithmName() {return "TEA";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#TEA">TEA</a> -class TEA : public TEA_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<TEA_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - FixedSizeSecBlock<word32, 4> m_k; - word32 m_limit; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef TEA::Encryption TEAEncryption; -typedef TEA::Decryption TEADecryption; - -//! _ -struct XTEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public VariableRounds<32> -{ - static const char *StaticAlgorithmName() {return "XTEA";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#TEA">XTEA</a> -class XTEA : public XTEA_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<XTEA_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - FixedSizeSecBlock<word32, 4> m_k; - word32 m_limit; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -//! _ -struct BTEA_Info : public FixedKeyLength<16> -{ - static const char *StaticAlgorithmName() {return "BTEA";} -}; - -//! <a href="http://www.weidai.com/scan-mirror/cs.html#TEA">corrected Block TEA</a> (as described in "xxtea"). -/*! This class hasn't been tested yet. */ -class BTEA : public BTEA_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public AlgorithmImpl<SimpleKeyingInterfaceImpl<BlockCipher, BTEA_Info>, BTEA_Info>, public BTEA_Info - { - public: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) - { - m_blockSize = params.GetIntValueWithDefault("BlockSize", 60*4); - GetUserKey(BIG_ENDIAN_ORDER, m_k.begin(), 4, key, KEYLENGTH); - } - - unsigned int BlockSize() const {return m_blockSize;} - - protected: - FixedSizeSecBlock<word32, 4> m_k; - unsigned int m_blockSize; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/test.cpp b/cryptopp562/test.cpp deleted file mode 100644 index 5ef7e4a..0000000 --- a/cryptopp562/test.cpp +++ /dev/null @@ -1,852 +0,0 @@ -// test.cpp - written and placed in the public domain by Wei Dai - -#define _CRT_SECURE_NO_DEPRECATE -#define CRYPTOPP_DEFAULT_NO_DLL -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 - -#include "dll.h" -#include "md5.h" -#include "ripemd.h" -#include "rng.h" -#include "gzip.h" -#include "default.h" -#include "randpool.h" -#include "ida.h" -#include "base64.h" -#include "socketft.h" -#include "wait.h" -#include "factory.h" -#include "whrlpool.h" -#include "tiger.h" - -#include "validate.h" -#include "bench.h" - -#include <iostream> -#include <time.h> - -#ifdef CRYPTOPP_WIN32_AVAILABLE -#include <windows.h> -#endif - -#if defined(USE_BERKELEY_STYLE_SOCKETS) && !defined(macintosh) -#include <netinet/in.h> -#include <netinet/tcp.h> -#endif - -#if (_MSC_VER >= 1000) -#include <crtdbg.h> // for the debug heap -#endif - -#if defined(__MWERKS__) && defined(macintosh) -#include <console.h> -#endif - -#ifdef __BORLANDC__ -#pragma comment(lib, "cryptlib_bds.lib") -#pragma comment(lib, "ws2_32.lib") -#endif - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -const int MAX_PHRASE_LENGTH=250; - -void RegisterFactories(); - -void GenerateRSAKey(unsigned int keyLength, const char *privFilename, const char *pubFilename, const char *seed); -string RSAEncryptString(const char *pubFilename, const char *seed, const char *message); -string RSADecryptString(const char *privFilename, const char *ciphertext); -void RSASignFile(const char *privFilename, const char *messageFilename, const char *signatureFilename); -bool RSAVerifyFile(const char *pubFilename, const char *messageFilename, const char *signatureFilename); - -void DigestFile(const char *file); -void HmacFile(const char *hexKey, const char *file); - -void AES_CTR_Encrypt(const char *hexKey, const char *hexIV, const char *infile, const char *outfile); - -string EncryptString(const char *plaintext, const char *passPhrase); -string DecryptString(const char *ciphertext, const char *passPhrase); - -void EncryptFile(const char *in, const char *out, const char *passPhrase); -void DecryptFile(const char *in, const char *out, const char *passPhrase); - -void SecretShareFile(int threshold, int nShares, const char *filename, const char *seed); -void SecretRecoverFile(int threshold, const char *outFilename, char *const *inFilenames); - -void InformationDisperseFile(int threshold, int nShares, const char *filename); -void InformationRecoverFile(int threshold, const char *outFilename, char *const *inFilenames); - -void GzipFile(const char *in, const char *out, int deflate_level); -void GunzipFile(const char *in, const char *out); - -void Base64Encode(const char *infile, const char *outfile); -void Base64Decode(const char *infile, const char *outfile); -void HexEncode(const char *infile, const char *outfile); -void HexDecode(const char *infile, const char *outfile); - -void ForwardTcpPort(const char *sourcePort, const char *destinationHost, const char *destinationPort); - -void FIPS140_SampleApplication(); -void FIPS140_GenerateRandomFiles(); - -bool Validate(int, bool, const char *); - -int (*AdhocTest)(int argc, char *argv[]) = NULL; - -static OFB_Mode<AES>::Encryption s_globalRNG; - -RandomNumberGenerator & GlobalRNG() -{ - return s_globalRNG; -} - -/*int CRYPTOPP_API main(int argc, char *argv[]) -{ -#ifdef _CRTDBG_LEAK_CHECK_DF - // Turn on leak-checking - int tempflag = _CrtSetDbgFlag( _CRTDBG_REPORT_FLAG ); - tempflag |= _CRTDBG_LEAK_CHECK_DF; - _CrtSetDbgFlag( tempflag ); -#endif - -#if defined(__MWERKS__) && defined(macintosh) - argc = ccommand(&argv); -#endif - - try - { - RegisterFactories(); - - std::string seed = IntToString(time(NULL)); - seed.resize(16); - s_globalRNG.SetKeyWithIV((byte *)seed.data(), 16, (byte *)seed.data()); - - std::string command, executableName, macFilename; - - if (argc < 2) - command = 'h'; - else - command = argv[1]; - - if (command == "g") - { - char seed[1024], privFilename[128], pubFilename[128]; - unsigned int keyLength; - - cout << "Key length in bits: "; - cin >> keyLength; - - cout << "\nSave private key to file: "; - cin >> privFilename; - - cout << "\nSave public key to file: "; - cin >> pubFilename; - - cout << "\nRandom Seed: "; - ws(cin); - cin.getline(seed, 1024); - - GenerateRSAKey(keyLength, privFilename, pubFilename, seed); - } - else if (command == "rs") - RSASignFile(argv[2], argv[3], argv[4]); - else if (command == "rv") - { - bool verified = RSAVerifyFile(argv[2], argv[3], argv[4]); - cout << (verified ? "valid signature" : "invalid signature") << endl; - } - else if (command == "r") - { - char privFilename[128], pubFilename[128]; - char seed[1024], message[1024]; - - cout << "Private key file: "; - cin >> privFilename; - - cout << "\nPublic key file: "; - cin >> pubFilename; - - cout << "\nRandom Seed: "; - ws(cin); - cin.getline(seed, 1024); - - cout << "\nMessage: "; - cin.getline(message, 1024); - - string ciphertext = RSAEncryptString(pubFilename, seed, message); - cout << "\nCiphertext: " << ciphertext << endl; - - string decrypted = RSADecryptString(privFilename, ciphertext.c_str()); - cout << "\nDecrypted: " << decrypted << endl; - } - else if (command == "mt") - { - MaurerRandomnessTest mt; - FileStore fs(argv[2]); - fs.TransferAllTo(mt); - cout << "Maurer Test Value: " << mt.GetTestValue() << endl; - } - else if (command == "mac_dll") - { - // sanity check on file size - std::fstream dllFile(argv[2], ios::in | ios::out | ios::binary); - std::ifstream::pos_type fileEnd = dllFile.seekg(0, std::ios_base::end).tellg(); - if (fileEnd > 20*1000*1000) - { - cerr << "Input file too large (more than 20 MB).\n"; - return 1; - } - - // read file into memory - unsigned int fileSize = (unsigned int)fileEnd; - SecByteBlock buf(fileSize); - dllFile.seekg(0, std::ios_base::beg); - dllFile.read((char *)buf.begin(), fileSize); - - // find positions of relevant sections in the file, based on version 8 of documentation from http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx - word32 coffPos = *(word16 *)(buf+0x3c); - word32 optionalHeaderPos = coffPos + 24; - word16 optionalHeaderMagic = *(word16 *)(buf+optionalHeaderPos); - if (optionalHeaderMagic != 0x10b && optionalHeaderMagic != 0x20b) - { - cerr << "Target file is not a PE32 or PE32+ image.\n"; - return 3; - } - word32 checksumPos = optionalHeaderPos + 64; - word32 certificateTableDirectoryPos = optionalHeaderPos + (optionalHeaderMagic == 0x10b ? 128 : 144); - word32 certificateTablePos = *(word32 *)(buf+certificateTableDirectoryPos); - word32 certificateTableSize = *(word32 *)(buf+certificateTableDirectoryPos+4); - if (certificateTableSize != 0) - cerr << "Warning: certificate table (IMAGE_DIRECTORY_ENTRY_SECURITY) of target image is not empty.\n"; - - // find where to place computed MAC - byte mac[] = CRYPTOPP_DUMMY_DLL_MAC; - byte *found = std::search(buf.begin(), buf.end(), mac+0, mac+sizeof(mac)); - if (found == buf.end()) - { - cerr << "MAC placeholder not found. Possibly the actual MAC was already placed.\n"; - return 2; - } - word32 macPos = (unsigned int)(found-buf.begin()); - - // compute MAC - member_ptr<MessageAuthenticationCode> pMac(NewIntegrityCheckingMAC()); - assert(pMac->DigestSize() == sizeof(mac)); - MeterFilter f(new HashFilter(*pMac, new ArraySink(mac, sizeof(mac)))); - f.AddRangeToSkip(0, checksumPos, 4); - f.AddRangeToSkip(0, certificateTableDirectoryPos, 8); - f.AddRangeToSkip(0, macPos, sizeof(mac)); - f.AddRangeToSkip(0, certificateTablePos, certificateTableSize); - f.PutMessageEnd(buf.begin(), buf.size()); - - // place MAC - cout << "Placing MAC in file " << argv[2] << ", location " << macPos << ".\n"; - dllFile.seekg(macPos, std::ios_base::beg); - dllFile.write((char *)mac, sizeof(mac)); - } - else if (command == "m") - DigestFile(argv[2]); - else if (command == "tv") - { - std::string fname = argv[2]; - if (fname.find(".txt") == std::string::npos) - fname = "TestVectors/" + fname + ".txt"; - return !RunTestDataFile(fname.c_str()); - } - else if (command == "t") - { - // VC60 workaround: use char array instead of std::string to workaround MSVC's getline bug - char passPhrase[MAX_PHRASE_LENGTH], plaintext[1024]; - - cout << "Passphrase: "; - cin.getline(passPhrase, MAX_PHRASE_LENGTH); - - cout << "\nPlaintext: "; - cin.getline(plaintext, 1024); - - string ciphertext = EncryptString(plaintext, passPhrase); - cout << "\nCiphertext: " << ciphertext << endl; - - string decrypted = DecryptString(ciphertext.c_str(), passPhrase); - cout << "\nDecrypted: " << decrypted << endl; - - return 0; - } - else if (command == "e64") - Base64Encode(argv[2], argv[3]); - else if (command == "d64") - Base64Decode(argv[2], argv[3]); - else if (command == "e16") - HexEncode(argv[2], argv[3]); - else if (command == "d16") - HexDecode(argv[2], argv[3]); - else if (command == "e" || command == "d") - { - char passPhrase[MAX_PHRASE_LENGTH]; - cout << "Passphrase: "; - cin.getline(passPhrase, MAX_PHRASE_LENGTH); - if (command == "e") - EncryptFile(argv[2], argv[3], passPhrase); - else - DecryptFile(argv[2], argv[3], passPhrase); - } - else if (command == "ss") - { - char seed[1024]; - cout << "\nRandom Seed: "; - ws(cin); - cin.getline(seed, 1024); - SecretShareFile(atoi(argv[2]), atoi(argv[3]), argv[4], seed); - } - else if (command == "sr") - SecretRecoverFile(argc-3, argv[2], argv+3); - else if (command == "id") - InformationDisperseFile(atoi(argv[2]), atoi(argv[3]), argv[4]); - else if (command == "ir") - InformationRecoverFile(argc-3, argv[2], argv+3); - else if (command == "v" || command == "vv") - return !Validate(argc>2 ? atoi(argv[2]) : 0, argv[1][1] == 'v', argc>3 ? argv[3] : NULL); - else if (command == "b") - BenchmarkAll(argc<3 ? 1 : atof(argv[2]), argc<4 ? 0 : atof(argv[3])*1e9); - else if (command == "b2") - BenchmarkAll2(argc<3 ? 1 : atof(argv[2]), argc<4 ? 0 : atof(argv[3])*1e9); - else if (command == "z") - GzipFile(argv[3], argv[4], argv[2][0]-'0'); - else if (command == "u") - GunzipFile(argv[2], argv[3]); - else if (command == "fips") - FIPS140_SampleApplication(); - else if (command == "fips-rand") - FIPS140_GenerateRandomFiles(); - else if (command == "ft") - ForwardTcpPort(argv[2], argv[3], argv[4]); - else if (command == "a") - { - if (AdhocTest) - return (*AdhocTest)(argc, argv); - else - { - cerr << "AdhocTest not defined.\n"; - return 1; - } - } - else if (command == "hmac") - HmacFile(argv[2], argv[3]); - else if (command == "ae") - AES_CTR_Encrypt(argv[2], argv[3], argv[4], argv[5]); - else if (command == "h") - { - FileSource usage("TestData/usage.dat", true, new FileSink(cout)); - return 1; - } - else if (command == "V") - { - cout << CRYPTOPP_VERSION / 100 << '.' << (CRYPTOPP_VERSION % 100) / 10 << '.' << CRYPTOPP_VERSION % 10 << endl; - } - else - { - cerr << "Unrecognized command. Run \"cryptest h\" to obtain usage information.\n"; - return 1; - } - return 0; - } - catch(CryptoPP::Exception &e) - { - cout << "\nCryptoPP::Exception caught: " << e.what() << endl; - return -1; - } - catch(std::exception &e) - { - cout << "\nstd::exception caught: " << e.what() << endl; - return -2; - } -}*/ - -void FIPS140_GenerateRandomFiles() -{ -#ifdef OS_RNG_AVAILABLE - DefaultAutoSeededRNG rng; - RandomNumberStore store(rng, ULONG_MAX); - - for (unsigned int i=0; i<100000; i++) - store.TransferTo(FileSink((IntToString(i) + ".rnd").c_str()).Ref(), 20000); -#else - cout << "OS provided RNG not available.\n"; - exit(-1); -#endif -} - -SecByteBlock HexDecodeString(const char *hex) -{ - StringSource ss(hex, true, new HexDecoder); - SecByteBlock result((size_t)ss.MaxRetrievable()); - ss.Get(result, result.size()); - return result; -} - -void GenerateRSAKey(unsigned int keyLength, const char *privFilename, const char *pubFilename, const char *seed) -{ - RandomPool randPool; - randPool.IncorporateEntropy((byte *)seed, strlen(seed)); - - RSAES_OAEP_SHA_Decryptor priv(randPool, keyLength); - HexEncoder privFile(new FileSink(privFilename)); - priv.DEREncode(privFile); - privFile.MessageEnd(); - - RSAES_OAEP_SHA_Encryptor pub(priv); - HexEncoder pubFile(new FileSink(pubFilename)); - pub.DEREncode(pubFile); - pubFile.MessageEnd(); -} - -string RSAEncryptString(const char *pubFilename, const char *seed, const char *message) -{ - FileSource pubFile(pubFilename, true, new HexDecoder); - RSAES_OAEP_SHA_Encryptor pub(pubFile); - - RandomPool randPool; - randPool.IncorporateEntropy((byte *)seed, strlen(seed)); - - string result; - StringSource(message, true, new PK_EncryptorFilter(randPool, pub, new HexEncoder(new StringSink(result)))); - return result; -} - -string RSADecryptString(const char *privFilename, const char *ciphertext) -{ - FileSource privFile(privFilename, true, new HexDecoder); - RSAES_OAEP_SHA_Decryptor priv(privFile); - - string result; - StringSource(ciphertext, true, new HexDecoder(new PK_DecryptorFilter(GlobalRNG(), priv, new StringSink(result)))); - return result; -} - -void RSASignFile(const char *privFilename, const char *messageFilename, const char *signatureFilename) -{ - FileSource privFile(privFilename, true, new HexDecoder); - RSASS<PKCS1v15, SHA>::Signer priv(privFile); - FileSource f(messageFilename, true, new SignerFilter(GlobalRNG(), priv, new HexEncoder(new FileSink(signatureFilename)))); -} - -bool RSAVerifyFile(const char *pubFilename, const char *messageFilename, const char *signatureFilename) -{ - FileSource pubFile(pubFilename, true, new HexDecoder); - RSASS<PKCS1v15, SHA>::Verifier pub(pubFile); - - FileSource signatureFile(signatureFilename, true, new HexDecoder); - if (signatureFile.MaxRetrievable() != pub.SignatureLength()) - return false; - SecByteBlock signature(pub.SignatureLength()); - signatureFile.Get(signature, signature.size()); - - VerifierFilter *verifierFilter = new VerifierFilter(pub); - verifierFilter->Put(signature, pub.SignatureLength()); - FileSource f(messageFilename, true, verifierFilter); - - return verifierFilter->GetLastResult(); -} - -void DigestFile(const char *filename) -{ - SHA1 sha; - RIPEMD160 ripemd; - SHA256 sha256; - Tiger tiger; - SHA512 sha512; - Whirlpool whirlpool; - vector_member_ptrs<HashFilter> filters(6); - filters[0].reset(new HashFilter(sha)); - filters[1].reset(new HashFilter(ripemd)); - filters[2].reset(new HashFilter(tiger)); - filters[3].reset(new HashFilter(sha256)); - filters[4].reset(new HashFilter(sha512)); - filters[5].reset(new HashFilter(whirlpool)); - - auto_ptr<ChannelSwitch> channelSwitch(new ChannelSwitch); - size_t i; - for (i=0; i<filters.size(); i++) - channelSwitch->AddDefaultRoute(*filters[i]); - FileSource(filename, true, channelSwitch.release()); - - HexEncoder encoder(new FileSink(cout), false); - for (i=0; i<filters.size(); i++) - { - cout << filters[i]->AlgorithmName() << ": "; - filters[i]->TransferTo(encoder); - cout << "\n"; - } -} - -void HmacFile(const char *hexKey, const char *file) -{ - member_ptr<MessageAuthenticationCode> mac; - if (strcmp(hexKey, "selftest") == 0) - { - cerr << "Computing HMAC/SHA1 value for self test.\n"; - mac.reset(NewIntegrityCheckingMAC()); - } - else - { - std::string decodedKey; - StringSource(hexKey, true, new HexDecoder(new StringSink(decodedKey))); - mac.reset(new HMAC<SHA1>((const byte *)decodedKey.data(), decodedKey.size())); - } - FileSource(file, true, new HashFilter(*mac, new HexEncoder(new FileSink(cout)))); -} - -void AES_CTR_Encrypt(const char *hexKey, const char *hexIV, const char *infile, const char *outfile) -{ - SecByteBlock key = HexDecodeString(hexKey); - SecByteBlock iv = HexDecodeString(hexIV); - CTR_Mode<AES>::Encryption aes(key, key.size(), iv); - FileSource(infile, true, new StreamTransformationFilter(aes, new FileSink(outfile))); -} - -string EncryptString(const char *instr, const char *passPhrase) -{ - string outstr; - - DefaultEncryptorWithMAC encryptor(passPhrase, new HexEncoder(new StringSink(outstr))); - encryptor.Put((byte *)instr, strlen(instr)); - encryptor.MessageEnd(); - - return outstr; -} - -string DecryptString(const char *instr, const char *passPhrase) -{ - string outstr; - - HexDecoder decryptor(new DefaultDecryptorWithMAC(passPhrase, new StringSink(outstr))); - decryptor.Put((byte *)instr, strlen(instr)); - decryptor.MessageEnd(); - - return outstr; -} - -void EncryptFile(const char *in, const char *out, const char *passPhrase) -{ - FileSource f(in, true, new DefaultEncryptorWithMAC(passPhrase, new FileSink(out))); -} - -void DecryptFile(const char *in, const char *out, const char *passPhrase) -{ - FileSource f(in, true, new DefaultDecryptorWithMAC(passPhrase, new FileSink(out))); -} - -void SecretShareFile(int threshold, int nShares, const char *filename, const char *seed) -{ - assert(nShares<=1000); - - RandomPool rng; - rng.IncorporateEntropy((byte *)seed, strlen(seed)); - - ChannelSwitch *channelSwitch; - FileSource source(filename, false, new SecretSharing(rng, threshold, nShares, channelSwitch = new ChannelSwitch)); - - vector_member_ptrs<FileSink> fileSinks(nShares); - string channel; - for (int i=0; i<nShares; i++) - { - char extension[5] = ".000"; - extension[1]='0'+byte(i/100); - extension[2]='0'+byte((i/10)%10); - extension[3]='0'+byte(i%10); - fileSinks[i].reset(new FileSink((string(filename)+extension).c_str())); - - channel = WordToString<word32>(i); - fileSinks[i]->Put((byte *)channel.data(), 4); - channelSwitch->AddRoute(channel, *fileSinks[i], DEFAULT_CHANNEL); - } - - source.PumpAll(); -} - -void SecretRecoverFile(int threshold, const char *outFilename, char *const *inFilenames) -{ - assert(threshold<=1000); - - SecretRecovery recovery(threshold, new FileSink(outFilename)); - - vector_member_ptrs<FileSource> fileSources(threshold); - SecByteBlock channel(4); - int i; - for (i=0; i<threshold; i++) - { - fileSources[i].reset(new FileSource(inFilenames[i], false)); - fileSources[i]->Pump(4); - fileSources[i]->Get(channel, 4); - fileSources[i]->Attach(new ChannelSwitch(recovery, string((char *)channel.begin(), 4))); - } - - while (fileSources[0]->Pump(256)) - for (i=1; i<threshold; i++) - fileSources[i]->Pump(256); - - for (i=0; i<threshold; i++) - fileSources[i]->PumpAll(); -} - -void InformationDisperseFile(int threshold, int nShares, const char *filename) -{ - assert(nShares<=1000); - - ChannelSwitch *channelSwitch; - FileSource source(filename, false, new InformationDispersal(threshold, nShares, channelSwitch = new ChannelSwitch)); - - vector_member_ptrs<FileSink> fileSinks(nShares); - string channel; - for (int i=0; i<nShares; i++) - { - char extension[5] = ".000"; - extension[1]='0'+byte(i/100); - extension[2]='0'+byte((i/10)%10); - extension[3]='0'+byte(i%10); - fileSinks[i].reset(new FileSink((string(filename)+extension).c_str())); - - channel = WordToString<word32>(i); - fileSinks[i]->Put((byte *)channel.data(), 4); - channelSwitch->AddRoute(channel, *fileSinks[i], DEFAULT_CHANNEL); - } - - source.PumpAll(); -} - -void InformationRecoverFile(int threshold, const char *outFilename, char *const *inFilenames) -{ - assert(threshold<=1000); - - InformationRecovery recovery(threshold, new FileSink(outFilename)); - - vector_member_ptrs<FileSource> fileSources(threshold); - SecByteBlock channel(4); - int i; - for (i=0; i<threshold; i++) - { - fileSources[i].reset(new FileSource(inFilenames[i], false)); - fileSources[i]->Pump(4); - fileSources[i]->Get(channel, 4); - fileSources[i]->Attach(new ChannelSwitch(recovery, string((char *)channel.begin(), 4))); - } - - while (fileSources[0]->Pump(256)) - for (i=1; i<threshold; i++) - fileSources[i]->Pump(256); - - for (i=0; i<threshold; i++) - fileSources[i]->PumpAll(); -} - -void GzipFile(const char *in, const char *out, int deflate_level) -{ -// FileSource(in, true, new Gzip(new FileSink(out), deflate_level)); - - // use a filter graph to compare decompressed data with original - // - // Source ----> Gzip ------> Sink - // \ | - // \ Gunzip - // \ | - // \ v - // > ComparisonFilter - - EqualityComparisonFilter comparison; - - Gunzip gunzip(new ChannelSwitch(comparison, "0")); - gunzip.SetAutoSignalPropagation(0); - - FileSink sink(out); - - ChannelSwitch *cs; - Gzip gzip(cs = new ChannelSwitch(sink), deflate_level); - cs->AddDefaultRoute(gunzip); - - cs = new ChannelSwitch(gzip); - cs->AddDefaultRoute(comparison, "1"); - FileSource source(in, true, cs); - - comparison.ChannelMessageSeriesEnd("0"); - comparison.ChannelMessageSeriesEnd("1"); -} - -void GunzipFile(const char *in, const char *out) -{ - FileSource(in, true, new Gunzip(new FileSink(out))); -} - -void Base64Encode(const char *in, const char *out) -{ - FileSource(in, true, new Base64Encoder(new FileSink(out))); -} - -void Base64Decode(const char *in, const char *out) -{ - FileSource(in, true, new Base64Decoder(new FileSink(out))); -} - -void HexEncode(const char *in, const char *out) -{ - FileSource(in, true, new HexEncoder(new FileSink(out))); -} - -void HexDecode(const char *in, const char *out) -{ - FileSource(in, true, new HexDecoder(new FileSink(out))); -} - -void ForwardTcpPort(const char *sourcePortName, const char *destinationHost, const char *destinationPortName) -{ -#ifdef SOCKETS_AVAILABLE - SocketsInitializer sockInit; - - Socket sockListen, sockSource, sockDestination; - - int sourcePort = Socket::PortNameToNumber(sourcePortName); - int destinationPort = Socket::PortNameToNumber(destinationPortName); - - sockListen.Create(); - sockListen.Bind(sourcePort); - setsockopt(sockListen, IPPROTO_TCP, TCP_NODELAY, "\x01", 1); - - cout << "Listing on port " << sourcePort << ".\n"; - sockListen.Listen(); - - sockListen.Accept(sockSource); - cout << "Connection accepted on port " << sourcePort << ".\n"; - sockListen.CloseSocket(); - - cout << "Making connection to " << destinationHost << ", port " << destinationPort << ".\n"; - sockDestination.Create(); - sockDestination.Connect(destinationHost, destinationPort); - - cout << "Connection made to " << destinationHost << ", starting to forward.\n"; - - SocketSource out(sockSource, false, new SocketSink(sockDestination)); - SocketSource in(sockDestination, false, new SocketSink(sockSource)); - - WaitObjectContainer waitObjects; - - while (!(in.SourceExhausted() && out.SourceExhausted())) - { - waitObjects.Clear(); - - out.GetWaitObjects(waitObjects, CallStack("ForwardTcpPort - out", NULL)); - in.GetWaitObjects(waitObjects, CallStack("ForwardTcpPort - in", NULL)); - - waitObjects.Wait(INFINITE_TIME); - - if (!out.SourceExhausted()) - { - cout << "o" << flush; - out.PumpAll2(false); - if (out.SourceExhausted()) - cout << "EOF received on source socket.\n"; - } - - if (!in.SourceExhausted()) - { - cout << "i" << flush; - in.PumpAll2(false); - if (in.SourceExhausted()) - cout << "EOF received on destination socket.\n"; - } - } -#else - cout << "Socket support was not enabled at compile time.\n"; - exit(-1); -#endif -} - -bool Validate(int alg, bool thorough, const char *seedInput) -{ - bool result; - - std::string seed = seedInput ? std::string(seedInput) : IntToString(time(NULL)); - seed.resize(16); - - cout << "Using seed: " << seed << endl << endl; - s_globalRNG.SetKeyWithIV((byte *)seed.data(), 16, (byte *)seed.data()); - - switch (alg) - { - case 0: result = ValidateAll(thorough); break; - case 1: result = TestSettings(); break; - case 2: result = TestOS_RNG(); break; - case 3: result = ValidateMD5(); break; - case 4: result = ValidateSHA(); break; - case 5: result = ValidateDES(); break; - case 6: result = ValidateIDEA(); break; - case 7: result = ValidateARC4(); break; - case 8: result = ValidateRC5(); break; - case 9: result = ValidateBlowfish(); break; -// case 10: result = ValidateDiamond2(); break; - case 11: result = ValidateThreeWay(); break; - case 12: result = ValidateBBS(); break; - case 13: result = ValidateDH(); break; - case 14: result = ValidateRSA(); break; - case 15: result = ValidateElGamal(); break; - case 16: result = ValidateDSA(thorough); break; -// case 17: result = ValidateHAVAL(); break; - case 18: result = ValidateSAFER(); break; - case 19: result = ValidateLUC(); break; - case 20: result = ValidateRabin(); break; -// case 21: result = ValidateBlumGoldwasser(); break; - case 22: result = ValidateECP(); break; - case 23: result = ValidateEC2N(); break; -// case 24: result = ValidateMD5MAC(); break; - case 25: result = ValidateGOST(); break; - case 26: result = ValidateTiger(); break; - case 27: result = ValidateRIPEMD(); break; - case 28: result = ValidateHMAC(); break; -// case 29: result = ValidateXMACC(); break; - case 30: result = ValidateSHARK(); break; - case 32: result = ValidateLUC_DH(); break; - case 33: result = ValidateLUC_DL(); break; - case 34: result = ValidateSEAL(); break; - case 35: result = ValidateCAST(); break; - case 36: result = ValidateSquare(); break; - case 37: result = ValidateRC2(); break; - case 38: result = ValidateRC6(); break; - case 39: result = ValidateMARS(); break; - case 40: result = ValidateRW(); break; - case 41: result = ValidateMD2(); break; - case 42: result = ValidateNR(); break; - case 43: result = ValidateMQV(); break; - case 44: result = ValidateRijndael(); break; - case 45: result = ValidateTwofish(); break; - case 46: result = ValidateSerpent(); break; - case 47: result = ValidateCipherModes(); break; - case 48: result = ValidateCRC32(); break; - case 49: result = ValidateECDSA(); break; - case 50: result = ValidateXTR_DH(); break; - case 51: result = ValidateSKIPJACK(); break; - case 52: result = ValidateSHA2(); break; - case 53: result = ValidatePanama(); break; - case 54: result = ValidateAdler32(); break; - case 55: result = ValidateMD4(); break; - case 56: result = ValidatePBKDF(); break; - case 57: result = ValidateESIGN(); break; - case 58: result = ValidateDLIES(); break; - case 59: result = ValidateBaseCode(); break; - case 60: result = ValidateSHACAL2(); break; - case 61: result = ValidateCamellia(); break; - case 62: result = ValidateWhirlpool(); break; - case 63: result = ValidateTTMAC(); break; - case 64: result = ValidateSalsa(); break; - case 65: result = ValidateSosemanuk(); break; - case 66: result = ValidateVMAC(); break; - case 67: result = ValidateCCM(); break; - case 68: result = ValidateGCM(); break; - case 69: result = ValidateCMAC(); break; - default: return false; - } - - time_t endTime = time(NULL); - cout << "\nTest ended at " << asctime(localtime(&endTime)); - cout << "Seed used was: " << seed << endl; - - return result; -} diff --git a/cryptopp562/tftables.cpp b/cryptopp562/tftables.cpp deleted file mode 100644 index dc654cf..0000000 --- a/cryptopp562/tftables.cpp +++ /dev/null @@ -1,317 +0,0 @@ -// Twofish tables - -#include "pch.h" -#include "twofish.h" - -NAMESPACE_BEGIN(CryptoPP) - -const byte Twofish::Base::q[2][256] = { - 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78, - 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, - 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30, - 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, - 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE, - 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, - 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45, - 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, - 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF, - 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, - 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED, - 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, - 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B, - 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, - 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F, - 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, - 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17, - 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, - 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68, - 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, - 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42, - 0x4A, 0x5E, 0xC1, 0xE0, - - 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B, - 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, - 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B, - 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, - 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54, - 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, - 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7, - 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, - 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF, - 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, - 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D, - 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, - 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21, - 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, - 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E, - 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, - 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44, - 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, - 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B, - 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, - 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56, - 0x55, 0x09, 0xBE, 0x91 -}; - -const word32 Twofish::Base::mds[4][256] = { - 0xbcbc3275, 0xecec21f3, 0x202043c6, 0xb3b3c9f4, - 0xdada03db, 0x02028b7b, 0xe2e22bfb, 0x9e9efac8, - 0xc9c9ec4a, 0xd4d409d3, 0x18186be6, 0x1e1e9f6b, - 0x98980e45, 0xb2b2387d, 0xa6a6d2e8, 0x2626b74b, - 0x3c3c57d6, 0x93938a32, 0x8282eed8, 0x525298fd, - 0x7b7bd437, 0xbbbb3771, 0x5b5b97f1, 0x474783e1, - 0x24243c30, 0x5151e20f, 0xbabac6f8, 0x4a4af31b, - 0xbfbf4887, 0x0d0d70fa, 0xb0b0b306, 0x7575de3f, - 0xd2d2fd5e, 0x7d7d20ba, 0x666631ae, 0x3a3aa35b, - 0x59591c8a, 0x00000000, 0xcdcd93bc, 0x1a1ae09d, - 0xaeae2c6d, 0x7f7fabc1, 0x2b2bc7b1, 0xbebeb90e, - 0xe0e0a080, 0x8a8a105d, 0x3b3b52d2, 0x6464bad5, - 0xd8d888a0, 0xe7e7a584, 0x5f5fe807, 0x1b1b1114, - 0x2c2cc2b5, 0xfcfcb490, 0x3131272c, 0x808065a3, - 0x73732ab2, 0x0c0c8173, 0x79795f4c, 0x6b6b4154, - 0x4b4b0292, 0x53536974, 0x94948f36, 0x83831f51, - 0x2a2a3638, 0xc4c49cb0, 0x2222c8bd, 0xd5d5f85a, - 0xbdbdc3fc, 0x48487860, 0xffffce62, 0x4c4c0796, - 0x4141776c, 0xc7c7e642, 0xebeb24f7, 0x1c1c1410, - 0x5d5d637c, 0x36362228, 0x6767c027, 0xe9e9af8c, - 0x4444f913, 0x1414ea95, 0xf5f5bb9c, 0xcfcf18c7, - 0x3f3f2d24, 0xc0c0e346, 0x7272db3b, 0x54546c70, - 0x29294cca, 0xf0f035e3, 0x0808fe85, 0xc6c617cb, - 0xf3f34f11, 0x8c8ce4d0, 0xa4a45993, 0xcaca96b8, - 0x68683ba6, 0xb8b84d83, 0x38382820, 0xe5e52eff, - 0xadad569f, 0x0b0b8477, 0xc8c81dc3, 0x9999ffcc, - 0x5858ed03, 0x19199a6f, 0x0e0e0a08, 0x95957ebf, - 0x70705040, 0xf7f730e7, 0x6e6ecf2b, 0x1f1f6ee2, - 0xb5b53d79, 0x09090f0c, 0x616134aa, 0x57571682, - 0x9f9f0b41, 0x9d9d803a, 0x111164ea, 0x2525cdb9, - 0xafafdde4, 0x4545089a, 0xdfdf8da4, 0xa3a35c97, - 0xeaead57e, 0x353558da, 0xededd07a, 0x4343fc17, - 0xf8f8cb66, 0xfbfbb194, 0x3737d3a1, 0xfafa401d, - 0xc2c2683d, 0xb4b4ccf0, 0x32325dde, 0x9c9c71b3, - 0x5656e70b, 0xe3e3da72, 0x878760a7, 0x15151b1c, - 0xf9f93aef, 0x6363bfd1, 0x3434a953, 0x9a9a853e, - 0xb1b1428f, 0x7c7cd133, 0x88889b26, 0x3d3da65f, - 0xa1a1d7ec, 0xe4e4df76, 0x8181942a, 0x91910149, - 0x0f0ffb81, 0xeeeeaa88, 0x161661ee, 0xd7d77321, - 0x9797f5c4, 0xa5a5a81a, 0xfefe3feb, 0x6d6db5d9, - 0x7878aec5, 0xc5c56d39, 0x1d1de599, 0x7676a4cd, - 0x3e3edcad, 0xcbcb6731, 0xb6b6478b, 0xefef5b01, - 0x12121e18, 0x6060c523, 0x6a6ab0dd, 0x4d4df61f, - 0xcecee94e, 0xdede7c2d, 0x55559df9, 0x7e7e5a48, - 0x2121b24f, 0x03037af2, 0xa0a02665, 0x5e5e198e, - 0x5a5a6678, 0x65654b5c, 0x62624e58, 0xfdfd4519, - 0x0606f48d, 0x404086e5, 0xf2f2be98, 0x3333ac57, - 0x17179067, 0x05058e7f, 0xe8e85e05, 0x4f4f7d64, - 0x89896aaf, 0x10109563, 0x74742fb6, 0x0a0a75fe, - 0x5c5c92f5, 0x9b9b74b7, 0x2d2d333c, 0x3030d6a5, - 0x2e2e49ce, 0x494989e9, 0x46467268, 0x77775544, - 0xa8a8d8e0, 0x9696044d, 0x2828bd43, 0xa9a92969, - 0xd9d97929, 0x8686912e, 0xd1d187ac, 0xf4f44a15, - 0x8d8d1559, 0xd6d682a8, 0xb9b9bc0a, 0x42420d9e, - 0xf6f6c16e, 0x2f2fb847, 0xdddd06df, 0x23233934, - 0xcccc6235, 0xf1f1c46a, 0xc1c112cf, 0x8585ebdc, - 0x8f8f9e22, 0x7171a1c9, 0x9090f0c0, 0xaaaa539b, - 0x0101f189, 0x8b8be1d4, 0x4e4e8ced, 0x8e8e6fab, - 0xababa212, 0x6f6f3ea2, 0xe6e6540d, 0xdbdbf252, - 0x92927bbb, 0xb7b7b602, 0x6969ca2f, 0x3939d9a9, - 0xd3d30cd7, 0xa7a72361, 0xa2a2ad1e, 0xc3c399b4, - 0x6c6c4450, 0x07070504, 0x04047ff6, 0x272746c2, - 0xacaca716, 0xd0d07625, 0x50501386, 0xdcdcf756, - 0x84841a55, 0xe1e15109, 0x7a7a25be, 0x1313ef91, - - 0xa9d93939, 0x67901717, 0xb3719c9c, 0xe8d2a6a6, - 0x04050707, 0xfd985252, 0xa3658080, 0x76dfe4e4, - 0x9a084545, 0x92024b4b, 0x80a0e0e0, 0x78665a5a, - 0xe4ddafaf, 0xddb06a6a, 0xd1bf6363, 0x38362a2a, - 0x0d54e6e6, 0xc6432020, 0x3562cccc, 0x98bef2f2, - 0x181e1212, 0xf724ebeb, 0xecd7a1a1, 0x6c774141, - 0x43bd2828, 0x7532bcbc, 0x37d47b7b, 0x269b8888, - 0xfa700d0d, 0x13f94444, 0x94b1fbfb, 0x485a7e7e, - 0xf27a0303, 0xd0e48c8c, 0x8b47b6b6, 0x303c2424, - 0x84a5e7e7, 0x54416b6b, 0xdf06dddd, 0x23c56060, - 0x1945fdfd, 0x5ba33a3a, 0x3d68c2c2, 0x59158d8d, - 0xf321ecec, 0xae316666, 0xa23e6f6f, 0x82165757, - 0x63951010, 0x015befef, 0x834db8b8, 0x2e918686, - 0xd9b56d6d, 0x511f8383, 0x9b53aaaa, 0x7c635d5d, - 0xa63b6868, 0xeb3ffefe, 0xa5d63030, 0xbe257a7a, - 0x16a7acac, 0x0c0f0909, 0xe335f0f0, 0x6123a7a7, - 0xc0f09090, 0x8cafe9e9, 0x3a809d9d, 0xf5925c5c, - 0x73810c0c, 0x2c273131, 0x2576d0d0, 0x0be75656, - 0xbb7b9292, 0x4ee9cece, 0x89f10101, 0x6b9f1e1e, - 0x53a93434, 0x6ac4f1f1, 0xb499c3c3, 0xf1975b5b, - 0xe1834747, 0xe66b1818, 0xbdc82222, 0x450e9898, - 0xe26e1f1f, 0xf4c9b3b3, 0xb62f7474, 0x66cbf8f8, - 0xccff9999, 0x95ea1414, 0x03ed5858, 0x56f7dcdc, - 0xd4e18b8b, 0x1c1b1515, 0x1eada2a2, 0xd70cd3d3, - 0xfb2be2e2, 0xc31dc8c8, 0x8e195e5e, 0xb5c22c2c, - 0xe9894949, 0xcf12c1c1, 0xbf7e9595, 0xba207d7d, - 0xea641111, 0x77840b0b, 0x396dc5c5, 0xaf6a8989, - 0x33d17c7c, 0xc9a17171, 0x62ceffff, 0x7137bbbb, - 0x81fb0f0f, 0x793db5b5, 0x0951e1e1, 0xaddc3e3e, - 0x242d3f3f, 0xcda47676, 0xf99d5555, 0xd8ee8282, - 0xe5864040, 0xc5ae7878, 0xb9cd2525, 0x4d049696, - 0x44557777, 0x080a0e0e, 0x86135050, 0xe730f7f7, - 0xa1d33737, 0x1d40fafa, 0xaa346161, 0xed8c4e4e, - 0x06b3b0b0, 0x706c5454, 0xb22a7373, 0xd2523b3b, - 0x410b9f9f, 0x7b8b0202, 0xa088d8d8, 0x114ff3f3, - 0x3167cbcb, 0xc2462727, 0x27c06767, 0x90b4fcfc, - 0x20283838, 0xf67f0404, 0x60784848, 0xff2ee5e5, - 0x96074c4c, 0x5c4b6565, 0xb1c72b2b, 0xab6f8e8e, - 0x9e0d4242, 0x9cbbf5f5, 0x52f2dbdb, 0x1bf34a4a, - 0x5fa63d3d, 0x9359a4a4, 0x0abcb9b9, 0xef3af9f9, - 0x91ef1313, 0x85fe0808, 0x49019191, 0xee611616, - 0x2d7cdede, 0x4fb22121, 0x8f42b1b1, 0x3bdb7272, - 0x47b82f2f, 0x8748bfbf, 0x6d2caeae, 0x46e3c0c0, - 0xd6573c3c, 0x3e859a9a, 0x6929a9a9, 0x647d4f4f, - 0x2a948181, 0xce492e2e, 0xcb17c6c6, 0x2fca6969, - 0xfcc3bdbd, 0x975ca3a3, 0x055ee8e8, 0x7ad0eded, - 0xac87d1d1, 0x7f8e0505, 0xd5ba6464, 0x1aa8a5a5, - 0x4bb72626, 0x0eb9bebe, 0xa7608787, 0x5af8d5d5, - 0x28223636, 0x14111b1b, 0x3fde7575, 0x2979d9d9, - 0x88aaeeee, 0x3c332d2d, 0x4c5f7979, 0x02b6b7b7, - 0xb896caca, 0xda583535, 0xb09cc4c4, 0x17fc4343, - 0x551a8484, 0x1ff64d4d, 0x8a1c5959, 0x7d38b2b2, - 0x57ac3333, 0xc718cfcf, 0x8df40606, 0x74695353, - 0xb7749b9b, 0xc4f59797, 0x9f56adad, 0x72dae3e3, - 0x7ed5eaea, 0x154af4f4, 0x229e8f8f, 0x12a2abab, - 0x584e6262, 0x07e85f5f, 0x99e51d1d, 0x34392323, - 0x6ec1f6f6, 0x50446c6c, 0xde5d3232, 0x68724646, - 0x6526a0a0, 0xbc93cdcd, 0xdb03dada, 0xf8c6baba, - 0xc8fa9e9e, 0xa882d6d6, 0x2bcf6e6e, 0x40507070, - 0xdceb8585, 0xfe750a0a, 0x328a9393, 0xa48ddfdf, - 0xca4c2929, 0x10141c1c, 0x2173d7d7, 0xf0ccb4b4, - 0xd309d4d4, 0x5d108a8a, 0x0fe25151, 0x00000000, - 0x6f9a1919, 0x9de01a1a, 0x368f9494, 0x42e6c7c7, - 0x4aecc9c9, 0x5efdd2d2, 0xc1ab7f7f, 0xe0d8a8a8, - - 0xbc75bc32, 0xecf3ec21, 0x20c62043, 0xb3f4b3c9, - 0xdadbda03, 0x027b028b, 0xe2fbe22b, 0x9ec89efa, - 0xc94ac9ec, 0xd4d3d409, 0x18e6186b, 0x1e6b1e9f, - 0x9845980e, 0xb27db238, 0xa6e8a6d2, 0x264b26b7, - 0x3cd63c57, 0x9332938a, 0x82d882ee, 0x52fd5298, - 0x7b377bd4, 0xbb71bb37, 0x5bf15b97, 0x47e14783, - 0x2430243c, 0x510f51e2, 0xbaf8bac6, 0x4a1b4af3, - 0xbf87bf48, 0x0dfa0d70, 0xb006b0b3, 0x753f75de, - 0xd25ed2fd, 0x7dba7d20, 0x66ae6631, 0x3a5b3aa3, - 0x598a591c, 0x00000000, 0xcdbccd93, 0x1a9d1ae0, - 0xae6dae2c, 0x7fc17fab, 0x2bb12bc7, 0xbe0ebeb9, - 0xe080e0a0, 0x8a5d8a10, 0x3bd23b52, 0x64d564ba, - 0xd8a0d888, 0xe784e7a5, 0x5f075fe8, 0x1b141b11, - 0x2cb52cc2, 0xfc90fcb4, 0x312c3127, 0x80a38065, - 0x73b2732a, 0x0c730c81, 0x794c795f, 0x6b546b41, - 0x4b924b02, 0x53745369, 0x9436948f, 0x8351831f, - 0x2a382a36, 0xc4b0c49c, 0x22bd22c8, 0xd55ad5f8, - 0xbdfcbdc3, 0x48604878, 0xff62ffce, 0x4c964c07, - 0x416c4177, 0xc742c7e6, 0xebf7eb24, 0x1c101c14, - 0x5d7c5d63, 0x36283622, 0x672767c0, 0xe98ce9af, - 0x441344f9, 0x149514ea, 0xf59cf5bb, 0xcfc7cf18, - 0x3f243f2d, 0xc046c0e3, 0x723b72db, 0x5470546c, - 0x29ca294c, 0xf0e3f035, 0x088508fe, 0xc6cbc617, - 0xf311f34f, 0x8cd08ce4, 0xa493a459, 0xcab8ca96, - 0x68a6683b, 0xb883b84d, 0x38203828, 0xe5ffe52e, - 0xad9fad56, 0x0b770b84, 0xc8c3c81d, 0x99cc99ff, - 0x580358ed, 0x196f199a, 0x0e080e0a, 0x95bf957e, - 0x70407050, 0xf7e7f730, 0x6e2b6ecf, 0x1fe21f6e, - 0xb579b53d, 0x090c090f, 0x61aa6134, 0x57825716, - 0x9f419f0b, 0x9d3a9d80, 0x11ea1164, 0x25b925cd, - 0xafe4afdd, 0x459a4508, 0xdfa4df8d, 0xa397a35c, - 0xea7eead5, 0x35da3558, 0xed7aedd0, 0x431743fc, - 0xf866f8cb, 0xfb94fbb1, 0x37a137d3, 0xfa1dfa40, - 0xc23dc268, 0xb4f0b4cc, 0x32de325d, 0x9cb39c71, - 0x560b56e7, 0xe372e3da, 0x87a78760, 0x151c151b, - 0xf9eff93a, 0x63d163bf, 0x345334a9, 0x9a3e9a85, - 0xb18fb142, 0x7c337cd1, 0x8826889b, 0x3d5f3da6, - 0xa1eca1d7, 0xe476e4df, 0x812a8194, 0x91499101, - 0x0f810ffb, 0xee88eeaa, 0x16ee1661, 0xd721d773, - 0x97c497f5, 0xa51aa5a8, 0xfeebfe3f, 0x6dd96db5, - 0x78c578ae, 0xc539c56d, 0x1d991de5, 0x76cd76a4, - 0x3ead3edc, 0xcb31cb67, 0xb68bb647, 0xef01ef5b, - 0x1218121e, 0x602360c5, 0x6add6ab0, 0x4d1f4df6, - 0xce4ecee9, 0xde2dde7c, 0x55f9559d, 0x7e487e5a, - 0x214f21b2, 0x03f2037a, 0xa065a026, 0x5e8e5e19, - 0x5a785a66, 0x655c654b, 0x6258624e, 0xfd19fd45, - 0x068d06f4, 0x40e54086, 0xf298f2be, 0x335733ac, - 0x17671790, 0x057f058e, 0xe805e85e, 0x4f644f7d, - 0x89af896a, 0x10631095, 0x74b6742f, 0x0afe0a75, - 0x5cf55c92, 0x9bb79b74, 0x2d3c2d33, 0x30a530d6, - 0x2ece2e49, 0x49e94989, 0x46684672, 0x77447755, - 0xa8e0a8d8, 0x964d9604, 0x284328bd, 0xa969a929, - 0xd929d979, 0x862e8691, 0xd1acd187, 0xf415f44a, - 0x8d598d15, 0xd6a8d682, 0xb90ab9bc, 0x429e420d, - 0xf66ef6c1, 0x2f472fb8, 0xdddfdd06, 0x23342339, - 0xcc35cc62, 0xf16af1c4, 0xc1cfc112, 0x85dc85eb, - 0x8f228f9e, 0x71c971a1, 0x90c090f0, 0xaa9baa53, - 0x018901f1, 0x8bd48be1, 0x4eed4e8c, 0x8eab8e6f, - 0xab12aba2, 0x6fa26f3e, 0xe60de654, 0xdb52dbf2, - 0x92bb927b, 0xb702b7b6, 0x692f69ca, 0x39a939d9, - 0xd3d7d30c, 0xa761a723, 0xa21ea2ad, 0xc3b4c399, - 0x6c506c44, 0x07040705, 0x04f6047f, 0x27c22746, - 0xac16aca7, 0xd025d076, 0x50865013, 0xdc56dcf7, - 0x8455841a, 0xe109e151, 0x7abe7a25, 0x139113ef, - - 0xd939a9d9, 0x90176790, 0x719cb371, 0xd2a6e8d2, - 0x05070405, 0x9852fd98, 0x6580a365, 0xdfe476df, - 0x08459a08, 0x024b9202, 0xa0e080a0, 0x665a7866, - 0xddafe4dd, 0xb06addb0, 0xbf63d1bf, 0x362a3836, - 0x54e60d54, 0x4320c643, 0x62cc3562, 0xbef298be, - 0x1e12181e, 0x24ebf724, 0xd7a1ecd7, 0x77416c77, - 0xbd2843bd, 0x32bc7532, 0xd47b37d4, 0x9b88269b, - 0x700dfa70, 0xf94413f9, 0xb1fb94b1, 0x5a7e485a, - 0x7a03f27a, 0xe48cd0e4, 0x47b68b47, 0x3c24303c, - 0xa5e784a5, 0x416b5441, 0x06dddf06, 0xc56023c5, - 0x45fd1945, 0xa33a5ba3, 0x68c23d68, 0x158d5915, - 0x21ecf321, 0x3166ae31, 0x3e6fa23e, 0x16578216, - 0x95106395, 0x5bef015b, 0x4db8834d, 0x91862e91, - 0xb56dd9b5, 0x1f83511f, 0x53aa9b53, 0x635d7c63, - 0x3b68a63b, 0x3ffeeb3f, 0xd630a5d6, 0x257abe25, - 0xa7ac16a7, 0x0f090c0f, 0x35f0e335, 0x23a76123, - 0xf090c0f0, 0xafe98caf, 0x809d3a80, 0x925cf592, - 0x810c7381, 0x27312c27, 0x76d02576, 0xe7560be7, - 0x7b92bb7b, 0xe9ce4ee9, 0xf10189f1, 0x9f1e6b9f, - 0xa93453a9, 0xc4f16ac4, 0x99c3b499, 0x975bf197, - 0x8347e183, 0x6b18e66b, 0xc822bdc8, 0x0e98450e, - 0x6e1fe26e, 0xc9b3f4c9, 0x2f74b62f, 0xcbf866cb, - 0xff99ccff, 0xea1495ea, 0xed5803ed, 0xf7dc56f7, - 0xe18bd4e1, 0x1b151c1b, 0xada21ead, 0x0cd3d70c, - 0x2be2fb2b, 0x1dc8c31d, 0x195e8e19, 0xc22cb5c2, - 0x8949e989, 0x12c1cf12, 0x7e95bf7e, 0x207dba20, - 0x6411ea64, 0x840b7784, 0x6dc5396d, 0x6a89af6a, - 0xd17c33d1, 0xa171c9a1, 0xceff62ce, 0x37bb7137, - 0xfb0f81fb, 0x3db5793d, 0x51e10951, 0xdc3eaddc, - 0x2d3f242d, 0xa476cda4, 0x9d55f99d, 0xee82d8ee, - 0x8640e586, 0xae78c5ae, 0xcd25b9cd, 0x04964d04, - 0x55774455, 0x0a0e080a, 0x13508613, 0x30f7e730, - 0xd337a1d3, 0x40fa1d40, 0x3461aa34, 0x8c4eed8c, - 0xb3b006b3, 0x6c54706c, 0x2a73b22a, 0x523bd252, - 0x0b9f410b, 0x8b027b8b, 0x88d8a088, 0x4ff3114f, - 0x67cb3167, 0x4627c246, 0xc06727c0, 0xb4fc90b4, - 0x28382028, 0x7f04f67f, 0x78486078, 0x2ee5ff2e, - 0x074c9607, 0x4b655c4b, 0xc72bb1c7, 0x6f8eab6f, - 0x0d429e0d, 0xbbf59cbb, 0xf2db52f2, 0xf34a1bf3, - 0xa63d5fa6, 0x59a49359, 0xbcb90abc, 0x3af9ef3a, - 0xef1391ef, 0xfe0885fe, 0x01914901, 0x6116ee61, - 0x7cde2d7c, 0xb2214fb2, 0x42b18f42, 0xdb723bdb, - 0xb82f47b8, 0x48bf8748, 0x2cae6d2c, 0xe3c046e3, - 0x573cd657, 0x859a3e85, 0x29a96929, 0x7d4f647d, - 0x94812a94, 0x492ece49, 0x17c6cb17, 0xca692fca, - 0xc3bdfcc3, 0x5ca3975c, 0x5ee8055e, 0xd0ed7ad0, - 0x87d1ac87, 0x8e057f8e, 0xba64d5ba, 0xa8a51aa8, - 0xb7264bb7, 0xb9be0eb9, 0x6087a760, 0xf8d55af8, - 0x22362822, 0x111b1411, 0xde753fde, 0x79d92979, - 0xaaee88aa, 0x332d3c33, 0x5f794c5f, 0xb6b702b6, - 0x96cab896, 0x5835da58, 0x9cc4b09c, 0xfc4317fc, - 0x1a84551a, 0xf64d1ff6, 0x1c598a1c, 0x38b27d38, - 0xac3357ac, 0x18cfc718, 0xf4068df4, 0x69537469, - 0x749bb774, 0xf597c4f5, 0x56ad9f56, 0xdae372da, - 0xd5ea7ed5, 0x4af4154a, 0x9e8f229e, 0xa2ab12a2, - 0x4e62584e, 0xe85f07e8, 0xe51d99e5, 0x39233439, - 0xc1f66ec1, 0x446c5044, 0x5d32de5d, 0x72466872, - 0x26a06526, 0x93cdbc93, 0x03dadb03, 0xc6baf8c6, - 0xfa9ec8fa, 0x82d6a882, 0xcf6e2bcf, 0x50704050, - 0xeb85dceb, 0x750afe75, 0x8a93328a, 0x8ddfa48d, - 0x4c29ca4c, 0x141c1014, 0x73d72173, 0xccb4f0cc, - 0x09d4d309, 0x108a5d10, 0xe2510fe2, 0x00000000, - 0x9a196f9a, 0xe01a9de0, 0x8f94368f, 0xe6c742e6, - 0xecc94aec, 0xfdd25efd, 0xab7fc1ab, 0xd8a8e0d8}; - -NAMESPACE_END diff --git a/cryptopp562/tiger.cpp b/cryptopp562/tiger.cpp deleted file mode 100644 index c6c05ca..0000000 --- a/cryptopp562/tiger.cpp +++ /dev/null @@ -1,265 +0,0 @@ -// tiger.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "tiger.h" -#include "misc.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Tiger::InitState(HashWordType *state) -{ - state[0] = W64LIT(0x0123456789ABCDEF); - state[1] = W64LIT(0xFEDCBA9876543210); - state[2] = W64LIT(0xF096A5B4C3B2E187); -} - -void Tiger::TruncatedFinal(byte *hash, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - PadLastBlock(56, 0x01); - CorrectEndianess(m_data, m_data, 56); - - m_data[7] = GetBitCountLo(); - - Transform(m_state, m_data); - CorrectEndianess(m_state, m_state, DigestSize()); - memcpy(hash, m_state, size); - - Restart(); // reinit for next use -} - -void Tiger::Transform (word64 *digest, const word64 *X) -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 - if (HasSSE2()) - { -#ifdef __GNUC__ - __asm__ __volatile__ - ( - ".intel_syntax noprefix;" - AS1( push ebx) -#else - #if _MSC_VER < 1300 - const word64 *t = table; - AS2( mov edx, t) - #else - AS2( lea edx, [table]) - #endif - AS2( mov eax, digest) - AS2( mov esi, X) -#endif - AS2( movq mm0, [eax]) - AS2( movq mm1, [eax+1*8]) - AS2( movq mm5, mm1) - AS2( movq mm2, [eax+2*8]) - AS2( movq mm7, [edx+4*2048+0*8]) - AS2( movq mm6, [edx+4*2048+1*8]) - AS2( mov ecx, esp) - AS2( and esp, 0xfffffff0) - AS2( sub esp, 8*8) - AS1( push ecx) - -#define SSE2_round(a,b,c,x,mul) \ - AS2( pxor c, [x])\ - AS2( movd ecx, c)\ - AS2( movzx edi, cl)\ - AS2( movq mm3, [edx+0*2048+edi*8])\ - AS2( movzx edi, ch)\ - AS2( movq mm4, [edx+3*2048+edi*8])\ - AS2( shr ecx, 16)\ - AS2( movzx edi, cl)\ - AS2( pxor mm3, [edx+1*2048+edi*8])\ - AS2( movzx edi, ch)\ - AS2( pxor mm4, [edx+2*2048+edi*8])\ - AS3( pextrw ecx, c, 2)\ - AS2( movzx edi, cl)\ - AS2( pxor mm3, [edx+2*2048+edi*8])\ - AS2( movzx edi, ch)\ - AS2( pxor mm4, [edx+1*2048+edi*8])\ - AS3( pextrw ecx, c, 3)\ - AS2( movzx edi, cl)\ - AS2( pxor mm3, [edx+3*2048+edi*8])\ - AS2( psubq a, mm3)\ - AS2( movzx edi, ch)\ - AS2( pxor mm4, [edx+0*2048+edi*8])\ - AS2( paddq b, mm4)\ - SSE2_mul_##mul(b) - -#define SSE2_mul_5(b) \ - AS2( movq mm3, b)\ - AS2( psllq b, 2)\ - AS2( paddq b, mm3) - -#define SSE2_mul_7(b) \ - AS2( movq mm3, b)\ - AS2( psllq b, 3)\ - AS2( psubq b, mm3) - -#define SSE2_mul_9(b) \ - AS2( movq mm3, b)\ - AS2( psllq b, 3)\ - AS2( paddq b, mm3) - -#define label2_5 1 -#define label2_7 2 -#define label2_9 3 - -#define SSE2_pass(A,B,C,mul,X) \ - AS2( xor ebx, ebx)\ - ASL(mul)\ - SSE2_round(A,B,C,X+0*8+ebx,mul)\ - SSE2_round(B,C,A,X+1*8+ebx,mul)\ - AS2( cmp ebx, 6*8)\ - ASJ( je, label2_##mul, f)\ - SSE2_round(C,A,B,X+2*8+ebx,mul)\ - AS2( add ebx, 3*8)\ - ASJ( jmp, mul, b)\ - ASL(label2_##mul) - -#define SSE2_key_schedule(Y,X) \ - AS2( movq mm3, [X+7*8])\ - AS2( pxor mm3, mm6)\ - AS2( movq mm4, [X+0*8])\ - AS2( psubq mm4, mm3)\ - AS2( movq [Y+0*8], mm4)\ - AS2( pxor mm4, [X+1*8])\ - AS2( movq mm3, mm4)\ - AS2( movq [Y+1*8], mm4)\ - AS2( paddq mm4, [X+2*8])\ - AS2( pxor mm3, mm7)\ - AS2( psllq mm3, 19)\ - AS2( movq [Y+2*8], mm4)\ - AS2( pxor mm3, mm4)\ - AS2( movq mm4, [X+3*8])\ - AS2( psubq mm4, mm3)\ - AS2( movq [Y+3*8], mm4)\ - AS2( pxor mm4, [X+4*8])\ - AS2( movq mm3, mm4)\ - AS2( movq [Y+4*8], mm4)\ - AS2( paddq mm4, [X+5*8])\ - AS2( pxor mm3, mm7)\ - AS2( psrlq mm3, 23)\ - AS2( movq [Y+5*8], mm4)\ - AS2( pxor mm3, mm4)\ - AS2( movq mm4, [X+6*8])\ - AS2( psubq mm4, mm3)\ - AS2( movq [Y+6*8], mm4)\ - AS2( pxor mm4, [X+7*8])\ - AS2( movq mm3, mm4)\ - AS2( movq [Y+7*8], mm4)\ - AS2( paddq mm4, [Y+0*8])\ - AS2( pxor mm3, mm7)\ - AS2( psllq mm3, 19)\ - AS2( movq [Y+0*8], mm4)\ - AS2( pxor mm3, mm4)\ - AS2( movq mm4, [Y+1*8])\ - AS2( psubq mm4, mm3)\ - AS2( movq [Y+1*8], mm4)\ - AS2( pxor mm4, [Y+2*8])\ - AS2( movq mm3, mm4)\ - AS2( movq [Y+2*8], mm4)\ - AS2( paddq mm4, [Y+3*8])\ - AS2( pxor mm3, mm7)\ - AS2( psrlq mm3, 23)\ - AS2( movq [Y+3*8], mm4)\ - AS2( pxor mm3, mm4)\ - AS2( movq mm4, [Y+4*8])\ - AS2( psubq mm4, mm3)\ - AS2( movq [Y+4*8], mm4)\ - AS2( pxor mm4, [Y+5*8])\ - AS2( movq [Y+5*8], mm4)\ - AS2( paddq mm4, [Y+6*8])\ - AS2( movq [Y+6*8], mm4)\ - AS2( pxor mm4, [edx+4*2048+2*8])\ - AS2( movq mm3, [Y+7*8])\ - AS2( psubq mm3, mm4)\ - AS2( movq [Y+7*8], mm3) - - SSE2_pass(mm0, mm1, mm2, 5, esi) - SSE2_key_schedule(esp+4, esi) - SSE2_pass(mm2, mm0, mm1, 7, esp+4) - SSE2_key_schedule(esp+4, esp+4) - SSE2_pass(mm1, mm2, mm0, 9, esp+4) - - AS2( pxor mm0, [eax+0*8]) - AS2( movq [eax+0*8], mm0) - AS2( psubq mm1, mm5) - AS2( movq [eax+1*8], mm1) - AS2( paddq mm2, [eax+2*8]) - AS2( movq [eax+2*8], mm2) - - AS1( pop esp) - AS1( emms) -#ifdef __GNUC__ - AS1( pop ebx) - ".att_syntax prefix;" - : - : "a" (digest), "S" (X), "d" (table) - : "%ecx", "%edi", "memory", "cc" - ); -#endif - } - else -#endif - { - word64 a = digest[0]; - word64 b = digest[1]; - word64 c = digest[2]; - word64 Y[8]; - -#define t1 (table) -#define t2 (table+256) -#define t3 (table+256*2) -#define t4 (table+256*3) - -#define round(a,b,c,x,mul) \ - c ^= x; \ - a -= t1[GETBYTE(c,0)] ^ t2[GETBYTE(c,2)] ^ t3[GETBYTE(c,4)] ^ t4[GETBYTE(c,6)]; \ - b += t4[GETBYTE(c,1)] ^ t3[GETBYTE(c,3)] ^ t2[GETBYTE(c,5)] ^ t1[GETBYTE(c,7)]; \ - b *= mul - -#define pass(a,b,c,mul,X) {\ - int i=0;\ - while (true)\ - {\ - round(a,b,c,X[i+0],mul); \ - round(b,c,a,X[i+1],mul); \ - if (i==6)\ - break;\ - round(c,a,b,X[i+2],mul); \ - i+=3;\ - }} - -#define key_schedule(Y,X) \ - Y[0] = X[0] - (X[7]^W64LIT(0xA5A5A5A5A5A5A5A5)); \ - Y[1] = X[1] ^ Y[0]; \ - Y[2] = X[2] + Y[1]; \ - Y[3] = X[3] - (Y[2] ^ ((~Y[1])<<19)); \ - Y[4] = X[4] ^ Y[3]; \ - Y[5] = X[5] + Y[4]; \ - Y[6] = X[6] - (Y[5] ^ ((~Y[4])>>23)); \ - Y[7] = X[7] ^ Y[6]; \ - Y[0] += Y[7]; \ - Y[1] -= Y[0] ^ ((~Y[7])<<19); \ - Y[2] ^= Y[1]; \ - Y[3] += Y[2]; \ - Y[4] -= Y[3] ^ ((~Y[2])>>23); \ - Y[5] ^= Y[4]; \ - Y[6] += Y[5]; \ - Y[7] -= Y[6] ^ W64LIT(0x0123456789ABCDEF) - - pass(a,b,c,5,X); - key_schedule(Y,X); - pass(c,a,b,7,Y); - key_schedule(Y,Y); - pass(b,c,a,9,Y); - - digest[0] = a ^ digest[0]; - digest[1] = b - digest[1]; - digest[2] = c + digest[2]; - } -} - -NAMESPACE_END diff --git a/cryptopp562/tiger.h b/cryptopp562/tiger.h deleted file mode 100644 index 5f6e941..0000000 --- a/cryptopp562/tiger.h +++ /dev/null @@ -1,24 +0,0 @@ -#ifndef CRYPTOPP_TIGER_H -#define CRYPTOPP_TIGER_H - -#include "config.h" -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// <a href="http://www.cryptolounge.org/wiki/Tiger">Tiger</a> -class Tiger : public IteratedHashWithStaticTransform<word64, LittleEndian, 64, 24, Tiger> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word64 *digest, const word64 *data); - void TruncatedFinal(byte *hash, size_t size); - static const char * StaticAlgorithmName() {return "Tiger";} - -protected: - static const word64 table[4*256+3]; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/tigertab.cpp b/cryptopp562/tigertab.cpp deleted file mode 100644 index 5c1595b..0000000 --- a/cryptopp562/tigertab.cpp +++ /dev/null @@ -1,525 +0,0 @@ -#include "pch.h" -#include "tiger.h" - -NAMESPACE_BEGIN(CryptoPP) - -const word64 Tiger::table[4*256+3] = -{ - W64LIT(0x02AAB17CF7E90C5E) /* 0 */, W64LIT(0xAC424B03E243A8EC) /* 1 */, - W64LIT(0x72CD5BE30DD5FCD3) /* 2 */, W64LIT(0x6D019B93F6F97F3A) /* 3 */, - W64LIT(0xCD9978FFD21F9193) /* 4 */, W64LIT(0x7573A1C9708029E2) /* 5 */, - W64LIT(0xB164326B922A83C3) /* 6 */, W64LIT(0x46883EEE04915870) /* 7 */, - W64LIT(0xEAACE3057103ECE6) /* 8 */, W64LIT(0xC54169B808A3535C) /* 9 */, - W64LIT(0x4CE754918DDEC47C) /* 10 */, W64LIT(0x0AA2F4DFDC0DF40C) /* 11 */, - W64LIT(0x10B76F18A74DBEFA) /* 12 */, W64LIT(0xC6CCB6235AD1AB6A) /* 13 */, - W64LIT(0x13726121572FE2FF) /* 14 */, W64LIT(0x1A488C6F199D921E) /* 15 */, - W64LIT(0x4BC9F9F4DA0007CA) /* 16 */, W64LIT(0x26F5E6F6E85241C7) /* 17 */, - W64LIT(0x859079DBEA5947B6) /* 18 */, W64LIT(0x4F1885C5C99E8C92) /* 19 */, - W64LIT(0xD78E761EA96F864B) /* 20 */, W64LIT(0x8E36428C52B5C17D) /* 21 */, - W64LIT(0x69CF6827373063C1) /* 22 */, W64LIT(0xB607C93D9BB4C56E) /* 23 */, - W64LIT(0x7D820E760E76B5EA) /* 24 */, W64LIT(0x645C9CC6F07FDC42) /* 25 */, - W64LIT(0xBF38A078243342E0) /* 26 */, W64LIT(0x5F6B343C9D2E7D04) /* 27 */, - W64LIT(0xF2C28AEB600B0EC6) /* 28 */, W64LIT(0x6C0ED85F7254BCAC) /* 29 */, - W64LIT(0x71592281A4DB4FE5) /* 30 */, W64LIT(0x1967FA69CE0FED9F) /* 31 */, - W64LIT(0xFD5293F8B96545DB) /* 32 */, W64LIT(0xC879E9D7F2A7600B) /* 33 */, - W64LIT(0x860248920193194E) /* 34 */, W64LIT(0xA4F9533B2D9CC0B3) /* 35 */, - W64LIT(0x9053836C15957613) /* 36 */, W64LIT(0xDB6DCF8AFC357BF1) /* 37 */, - W64LIT(0x18BEEA7A7A370F57) /* 38 */, W64LIT(0x037117CA50B99066) /* 39 */, - W64LIT(0x6AB30A9774424A35) /* 40 */, W64LIT(0xF4E92F02E325249B) /* 41 */, - W64LIT(0x7739DB07061CCAE1) /* 42 */, W64LIT(0xD8F3B49CECA42A05) /* 43 */, - W64LIT(0xBD56BE3F51382F73) /* 44 */, W64LIT(0x45FAED5843B0BB28) /* 45 */, - W64LIT(0x1C813D5C11BF1F83) /* 46 */, W64LIT(0x8AF0E4B6D75FA169) /* 47 */, - W64LIT(0x33EE18A487AD9999) /* 48 */, W64LIT(0x3C26E8EAB1C94410) /* 49 */, - W64LIT(0xB510102BC0A822F9) /* 50 */, W64LIT(0x141EEF310CE6123B) /* 51 */, - W64LIT(0xFC65B90059DDB154) /* 52 */, W64LIT(0xE0158640C5E0E607) /* 53 */, - W64LIT(0x884E079826C3A3CF) /* 54 */, W64LIT(0x930D0D9523C535FD) /* 55 */, - W64LIT(0x35638D754E9A2B00) /* 56 */, W64LIT(0x4085FCCF40469DD5) /* 57 */, - W64LIT(0xC4B17AD28BE23A4C) /* 58 */, W64LIT(0xCAB2F0FC6A3E6A2E) /* 59 */, - W64LIT(0x2860971A6B943FCD) /* 60 */, W64LIT(0x3DDE6EE212E30446) /* 61 */, - W64LIT(0x6222F32AE01765AE) /* 62 */, W64LIT(0x5D550BB5478308FE) /* 63 */, - W64LIT(0xA9EFA98DA0EDA22A) /* 64 */, W64LIT(0xC351A71686C40DA7) /* 65 */, - W64LIT(0x1105586D9C867C84) /* 66 */, W64LIT(0xDCFFEE85FDA22853) /* 67 */, - W64LIT(0xCCFBD0262C5EEF76) /* 68 */, W64LIT(0xBAF294CB8990D201) /* 69 */, - W64LIT(0xE69464F52AFAD975) /* 70 */, W64LIT(0x94B013AFDF133E14) /* 71 */, - W64LIT(0x06A7D1A32823C958) /* 72 */, W64LIT(0x6F95FE5130F61119) /* 73 */, - W64LIT(0xD92AB34E462C06C0) /* 74 */, W64LIT(0xED7BDE33887C71D2) /* 75 */, - W64LIT(0x79746D6E6518393E) /* 76 */, W64LIT(0x5BA419385D713329) /* 77 */, - W64LIT(0x7C1BA6B948A97564) /* 78 */, W64LIT(0x31987C197BFDAC67) /* 79 */, - W64LIT(0xDE6C23C44B053D02) /* 80 */, W64LIT(0x581C49FED002D64D) /* 81 */, - W64LIT(0xDD474D6338261571) /* 82 */, W64LIT(0xAA4546C3E473D062) /* 83 */, - W64LIT(0x928FCE349455F860) /* 84 */, W64LIT(0x48161BBACAAB94D9) /* 85 */, - W64LIT(0x63912430770E6F68) /* 86 */, W64LIT(0x6EC8A5E602C6641C) /* 87 */, - W64LIT(0x87282515337DDD2B) /* 88 */, W64LIT(0x2CDA6B42034B701B) /* 89 */, - W64LIT(0xB03D37C181CB096D) /* 90 */, W64LIT(0xE108438266C71C6F) /* 91 */, - W64LIT(0x2B3180C7EB51B255) /* 92 */, W64LIT(0xDF92B82F96C08BBC) /* 93 */, - W64LIT(0x5C68C8C0A632F3BA) /* 94 */, W64LIT(0x5504CC861C3D0556) /* 95 */, - W64LIT(0xABBFA4E55FB26B8F) /* 96 */, W64LIT(0x41848B0AB3BACEB4) /* 97 */, - W64LIT(0xB334A273AA445D32) /* 98 */, W64LIT(0xBCA696F0A85AD881) /* 99 */, - W64LIT(0x24F6EC65B528D56C) /* 100 */, W64LIT(0x0CE1512E90F4524A) /* 101 */, - W64LIT(0x4E9DD79D5506D35A) /* 102 */, W64LIT(0x258905FAC6CE9779) /* 103 */, - W64LIT(0x2019295B3E109B33) /* 104 */, W64LIT(0xF8A9478B73A054CC) /* 105 */, - W64LIT(0x2924F2F934417EB0) /* 106 */, W64LIT(0x3993357D536D1BC4) /* 107 */, - W64LIT(0x38A81AC21DB6FF8B) /* 108 */, W64LIT(0x47C4FBF17D6016BF) /* 109 */, - W64LIT(0x1E0FAADD7667E3F5) /* 110 */, W64LIT(0x7ABCFF62938BEB96) /* 111 */, - W64LIT(0xA78DAD948FC179C9) /* 112 */, W64LIT(0x8F1F98B72911E50D) /* 113 */, - W64LIT(0x61E48EAE27121A91) /* 114 */, W64LIT(0x4D62F7AD31859808) /* 115 */, - W64LIT(0xECEBA345EF5CEAEB) /* 116 */, W64LIT(0xF5CEB25EBC9684CE) /* 117 */, - W64LIT(0xF633E20CB7F76221) /* 118 */, W64LIT(0xA32CDF06AB8293E4) /* 119 */, - W64LIT(0x985A202CA5EE2CA4) /* 120 */, W64LIT(0xCF0B8447CC8A8FB1) /* 121 */, - W64LIT(0x9F765244979859A3) /* 122 */, W64LIT(0xA8D516B1A1240017) /* 123 */, - W64LIT(0x0BD7BA3EBB5DC726) /* 124 */, W64LIT(0xE54BCA55B86ADB39) /* 125 */, - W64LIT(0x1D7A3AFD6C478063) /* 126 */, W64LIT(0x519EC608E7669EDD) /* 127 */, - W64LIT(0x0E5715A2D149AA23) /* 128 */, W64LIT(0x177D4571848FF194) /* 129 */, - W64LIT(0xEEB55F3241014C22) /* 130 */, W64LIT(0x0F5E5CA13A6E2EC2) /* 131 */, - W64LIT(0x8029927B75F5C361) /* 132 */, W64LIT(0xAD139FABC3D6E436) /* 133 */, - W64LIT(0x0D5DF1A94CCF402F) /* 134 */, W64LIT(0x3E8BD948BEA5DFC8) /* 135 */, - W64LIT(0xA5A0D357BD3FF77E) /* 136 */, W64LIT(0xA2D12E251F74F645) /* 137 */, - W64LIT(0x66FD9E525E81A082) /* 138 */, W64LIT(0x2E0C90CE7F687A49) /* 139 */, - W64LIT(0xC2E8BCBEBA973BC5) /* 140 */, W64LIT(0x000001BCE509745F) /* 141 */, - W64LIT(0x423777BBE6DAB3D6) /* 142 */, W64LIT(0xD1661C7EAEF06EB5) /* 143 */, - W64LIT(0xA1781F354DAACFD8) /* 144 */, W64LIT(0x2D11284A2B16AFFC) /* 145 */, - W64LIT(0xF1FC4F67FA891D1F) /* 146 */, W64LIT(0x73ECC25DCB920ADA) /* 147 */, - W64LIT(0xAE610C22C2A12651) /* 148 */, W64LIT(0x96E0A810D356B78A) /* 149 */, - W64LIT(0x5A9A381F2FE7870F) /* 150 */, W64LIT(0xD5AD62EDE94E5530) /* 151 */, - W64LIT(0xD225E5E8368D1427) /* 152 */, W64LIT(0x65977B70C7AF4631) /* 153 */, - W64LIT(0x99F889B2DE39D74F) /* 154 */, W64LIT(0x233F30BF54E1D143) /* 155 */, - W64LIT(0x9A9675D3D9A63C97) /* 156 */, W64LIT(0x5470554FF334F9A8) /* 157 */, - W64LIT(0x166ACB744A4F5688) /* 158 */, W64LIT(0x70C74CAAB2E4AEAD) /* 159 */, - W64LIT(0xF0D091646F294D12) /* 160 */, W64LIT(0x57B82A89684031D1) /* 161 */, - W64LIT(0xEFD95A5A61BE0B6B) /* 162 */, W64LIT(0x2FBD12E969F2F29A) /* 163 */, - W64LIT(0x9BD37013FEFF9FE8) /* 164 */, W64LIT(0x3F9B0404D6085A06) /* 165 */, - W64LIT(0x4940C1F3166CFE15) /* 166 */, W64LIT(0x09542C4DCDF3DEFB) /* 167 */, - W64LIT(0xB4C5218385CD5CE3) /* 168 */, W64LIT(0xC935B7DC4462A641) /* 169 */, - W64LIT(0x3417F8A68ED3B63F) /* 170 */, W64LIT(0xB80959295B215B40) /* 171 */, - W64LIT(0xF99CDAEF3B8C8572) /* 172 */, W64LIT(0x018C0614F8FCB95D) /* 173 */, - W64LIT(0x1B14ACCD1A3ACDF3) /* 174 */, W64LIT(0x84D471F200BB732D) /* 175 */, - W64LIT(0xC1A3110E95E8DA16) /* 176 */, W64LIT(0x430A7220BF1A82B8) /* 177 */, - W64LIT(0xB77E090D39DF210E) /* 178 */, W64LIT(0x5EF4BD9F3CD05E9D) /* 179 */, - W64LIT(0x9D4FF6DA7E57A444) /* 180 */, W64LIT(0xDA1D60E183D4A5F8) /* 181 */, - W64LIT(0xB287C38417998E47) /* 182 */, W64LIT(0xFE3EDC121BB31886) /* 183 */, - W64LIT(0xC7FE3CCC980CCBEF) /* 184 */, W64LIT(0xE46FB590189BFD03) /* 185 */, - W64LIT(0x3732FD469A4C57DC) /* 186 */, W64LIT(0x7EF700A07CF1AD65) /* 187 */, - W64LIT(0x59C64468A31D8859) /* 188 */, W64LIT(0x762FB0B4D45B61F6) /* 189 */, - W64LIT(0x155BAED099047718) /* 190 */, W64LIT(0x68755E4C3D50BAA6) /* 191 */, - W64LIT(0xE9214E7F22D8B4DF) /* 192 */, W64LIT(0x2ADDBF532EAC95F4) /* 193 */, - W64LIT(0x32AE3909B4BD0109) /* 194 */, W64LIT(0x834DF537B08E3450) /* 195 */, - W64LIT(0xFA209DA84220728D) /* 196 */, W64LIT(0x9E691D9B9EFE23F7) /* 197 */, - W64LIT(0x0446D288C4AE8D7F) /* 198 */, W64LIT(0x7B4CC524E169785B) /* 199 */, - W64LIT(0x21D87F0135CA1385) /* 200 */, W64LIT(0xCEBB400F137B8AA5) /* 201 */, - W64LIT(0x272E2B66580796BE) /* 202 */, W64LIT(0x3612264125C2B0DE) /* 203 */, - W64LIT(0x057702BDAD1EFBB2) /* 204 */, W64LIT(0xD4BABB8EACF84BE9) /* 205 */, - W64LIT(0x91583139641BC67B) /* 206 */, W64LIT(0x8BDC2DE08036E024) /* 207 */, - W64LIT(0x603C8156F49F68ED) /* 208 */, W64LIT(0xF7D236F7DBEF5111) /* 209 */, - W64LIT(0x9727C4598AD21E80) /* 210 */, W64LIT(0xA08A0896670A5FD7) /* 211 */, - W64LIT(0xCB4A8F4309EBA9CB) /* 212 */, W64LIT(0x81AF564B0F7036A1) /* 213 */, - W64LIT(0xC0B99AA778199ABD) /* 214 */, W64LIT(0x959F1EC83FC8E952) /* 215 */, - W64LIT(0x8C505077794A81B9) /* 216 */, W64LIT(0x3ACAAF8F056338F0) /* 217 */, - W64LIT(0x07B43F50627A6778) /* 218 */, W64LIT(0x4A44AB49F5ECCC77) /* 219 */, - W64LIT(0x3BC3D6E4B679EE98) /* 220 */, W64LIT(0x9CC0D4D1CF14108C) /* 221 */, - W64LIT(0x4406C00B206BC8A0) /* 222 */, W64LIT(0x82A18854C8D72D89) /* 223 */, - W64LIT(0x67E366B35C3C432C) /* 224 */, W64LIT(0xB923DD61102B37F2) /* 225 */, - W64LIT(0x56AB2779D884271D) /* 226 */, W64LIT(0xBE83E1B0FF1525AF) /* 227 */, - W64LIT(0xFB7C65D4217E49A9) /* 228 */, W64LIT(0x6BDBE0E76D48E7D4) /* 229 */, - W64LIT(0x08DF828745D9179E) /* 230 */, W64LIT(0x22EA6A9ADD53BD34) /* 231 */, - W64LIT(0xE36E141C5622200A) /* 232 */, W64LIT(0x7F805D1B8CB750EE) /* 233 */, - W64LIT(0xAFE5C7A59F58E837) /* 234 */, W64LIT(0xE27F996A4FB1C23C) /* 235 */, - W64LIT(0xD3867DFB0775F0D0) /* 236 */, W64LIT(0xD0E673DE6E88891A) /* 237 */, - W64LIT(0x123AEB9EAFB86C25) /* 238 */, W64LIT(0x30F1D5D5C145B895) /* 239 */, - W64LIT(0xBB434A2DEE7269E7) /* 240 */, W64LIT(0x78CB67ECF931FA38) /* 241 */, - W64LIT(0xF33B0372323BBF9C) /* 242 */, W64LIT(0x52D66336FB279C74) /* 243 */, - W64LIT(0x505F33AC0AFB4EAA) /* 244 */, W64LIT(0xE8A5CD99A2CCE187) /* 245 */, - W64LIT(0x534974801E2D30BB) /* 246 */, W64LIT(0x8D2D5711D5876D90) /* 247 */, - W64LIT(0x1F1A412891BC038E) /* 248 */, W64LIT(0xD6E2E71D82E56648) /* 249 */, - W64LIT(0x74036C3A497732B7) /* 250 */, W64LIT(0x89B67ED96361F5AB) /* 251 */, - W64LIT(0xFFED95D8F1EA02A2) /* 252 */, W64LIT(0xE72B3BD61464D43D) /* 253 */, - W64LIT(0xA6300F170BDC4820) /* 254 */, W64LIT(0xEBC18760ED78A77A) /* 255 */, - W64LIT(0xE6A6BE5A05A12138) /* 256 */, W64LIT(0xB5A122A5B4F87C98) /* 257 */, - W64LIT(0x563C6089140B6990) /* 258 */, W64LIT(0x4C46CB2E391F5DD5) /* 259 */, - W64LIT(0xD932ADDBC9B79434) /* 260 */, W64LIT(0x08EA70E42015AFF5) /* 261 */, - W64LIT(0xD765A6673E478CF1) /* 262 */, W64LIT(0xC4FB757EAB278D99) /* 263 */, - W64LIT(0xDF11C6862D6E0692) /* 264 */, W64LIT(0xDDEB84F10D7F3B16) /* 265 */, - W64LIT(0x6F2EF604A665EA04) /* 266 */, W64LIT(0x4A8E0F0FF0E0DFB3) /* 267 */, - W64LIT(0xA5EDEEF83DBCBA51) /* 268 */, W64LIT(0xFC4F0A2A0EA4371E) /* 269 */, - W64LIT(0xE83E1DA85CB38429) /* 270 */, W64LIT(0xDC8FF882BA1B1CE2) /* 271 */, - W64LIT(0xCD45505E8353E80D) /* 272 */, W64LIT(0x18D19A00D4DB0717) /* 273 */, - W64LIT(0x34A0CFEDA5F38101) /* 274 */, W64LIT(0x0BE77E518887CAF2) /* 275 */, - W64LIT(0x1E341438B3C45136) /* 276 */, W64LIT(0xE05797F49089CCF9) /* 277 */, - W64LIT(0xFFD23F9DF2591D14) /* 278 */, W64LIT(0x543DDA228595C5CD) /* 279 */, - W64LIT(0x661F81FD99052A33) /* 280 */, W64LIT(0x8736E641DB0F7B76) /* 281 */, - W64LIT(0x15227725418E5307) /* 282 */, W64LIT(0xE25F7F46162EB2FA) /* 283 */, - W64LIT(0x48A8B2126C13D9FE) /* 284 */, W64LIT(0xAFDC541792E76EEA) /* 285 */, - W64LIT(0x03D912BFC6D1898F) /* 286 */, W64LIT(0x31B1AAFA1B83F51B) /* 287 */, - W64LIT(0xF1AC2796E42AB7D9) /* 288 */, W64LIT(0x40A3A7D7FCD2EBAC) /* 289 */, - W64LIT(0x1056136D0AFBBCC5) /* 290 */, W64LIT(0x7889E1DD9A6D0C85) /* 291 */, - W64LIT(0xD33525782A7974AA) /* 292 */, W64LIT(0xA7E25D09078AC09B) /* 293 */, - W64LIT(0xBD4138B3EAC6EDD0) /* 294 */, W64LIT(0x920ABFBE71EB9E70) /* 295 */, - W64LIT(0xA2A5D0F54FC2625C) /* 296 */, W64LIT(0xC054E36B0B1290A3) /* 297 */, - W64LIT(0xF6DD59FF62FE932B) /* 298 */, W64LIT(0x3537354511A8AC7D) /* 299 */, - W64LIT(0xCA845E9172FADCD4) /* 300 */, W64LIT(0x84F82B60329D20DC) /* 301 */, - W64LIT(0x79C62CE1CD672F18) /* 302 */, W64LIT(0x8B09A2ADD124642C) /* 303 */, - W64LIT(0xD0C1E96A19D9E726) /* 304 */, W64LIT(0x5A786A9B4BA9500C) /* 305 */, - W64LIT(0x0E020336634C43F3) /* 306 */, W64LIT(0xC17B474AEB66D822) /* 307 */, - W64LIT(0x6A731AE3EC9BAAC2) /* 308 */, W64LIT(0x8226667AE0840258) /* 309 */, - W64LIT(0x67D4567691CAECA5) /* 310 */, W64LIT(0x1D94155C4875ADB5) /* 311 */, - W64LIT(0x6D00FD985B813FDF) /* 312 */, W64LIT(0x51286EFCB774CD06) /* 313 */, - W64LIT(0x5E8834471FA744AF) /* 314 */, W64LIT(0xF72CA0AEE761AE2E) /* 315 */, - W64LIT(0xBE40E4CDAEE8E09A) /* 316 */, W64LIT(0xE9970BBB5118F665) /* 317 */, - W64LIT(0x726E4BEB33DF1964) /* 318 */, W64LIT(0x703B000729199762) /* 319 */, - W64LIT(0x4631D816F5EF30A7) /* 320 */, W64LIT(0xB880B5B51504A6BE) /* 321 */, - W64LIT(0x641793C37ED84B6C) /* 322 */, W64LIT(0x7B21ED77F6E97D96) /* 323 */, - W64LIT(0x776306312EF96B73) /* 324 */, W64LIT(0xAE528948E86FF3F4) /* 325 */, - W64LIT(0x53DBD7F286A3F8F8) /* 326 */, W64LIT(0x16CADCE74CFC1063) /* 327 */, - W64LIT(0x005C19BDFA52C6DD) /* 328 */, W64LIT(0x68868F5D64D46AD3) /* 329 */, - W64LIT(0x3A9D512CCF1E186A) /* 330 */, W64LIT(0x367E62C2385660AE) /* 331 */, - W64LIT(0xE359E7EA77DCB1D7) /* 332 */, W64LIT(0x526C0773749ABE6E) /* 333 */, - W64LIT(0x735AE5F9D09F734B) /* 334 */, W64LIT(0x493FC7CC8A558BA8) /* 335 */, - W64LIT(0xB0B9C1533041AB45) /* 336 */, W64LIT(0x321958BA470A59BD) /* 337 */, - W64LIT(0x852DB00B5F46C393) /* 338 */, W64LIT(0x91209B2BD336B0E5) /* 339 */, - W64LIT(0x6E604F7D659EF19F) /* 340 */, W64LIT(0xB99A8AE2782CCB24) /* 341 */, - W64LIT(0xCCF52AB6C814C4C7) /* 342 */, W64LIT(0x4727D9AFBE11727B) /* 343 */, - W64LIT(0x7E950D0C0121B34D) /* 344 */, W64LIT(0x756F435670AD471F) /* 345 */, - W64LIT(0xF5ADD442615A6849) /* 346 */, W64LIT(0x4E87E09980B9957A) /* 347 */, - W64LIT(0x2ACFA1DF50AEE355) /* 348 */, W64LIT(0xD898263AFD2FD556) /* 349 */, - W64LIT(0xC8F4924DD80C8FD6) /* 350 */, W64LIT(0xCF99CA3D754A173A) /* 351 */, - W64LIT(0xFE477BACAF91BF3C) /* 352 */, W64LIT(0xED5371F6D690C12D) /* 353 */, - W64LIT(0x831A5C285E687094) /* 354 */, W64LIT(0xC5D3C90A3708A0A4) /* 355 */, - W64LIT(0x0F7F903717D06580) /* 356 */, W64LIT(0x19F9BB13B8FDF27F) /* 357 */, - W64LIT(0xB1BD6F1B4D502843) /* 358 */, W64LIT(0x1C761BA38FFF4012) /* 359 */, - W64LIT(0x0D1530C4E2E21F3B) /* 360 */, W64LIT(0x8943CE69A7372C8A) /* 361 */, - W64LIT(0xE5184E11FEB5CE66) /* 362 */, W64LIT(0x618BDB80BD736621) /* 363 */, - W64LIT(0x7D29BAD68B574D0B) /* 364 */, W64LIT(0x81BB613E25E6FE5B) /* 365 */, - W64LIT(0x071C9C10BC07913F) /* 366 */, W64LIT(0xC7BEEB7909AC2D97) /* 367 */, - W64LIT(0xC3E58D353BC5D757) /* 368 */, W64LIT(0xEB017892F38F61E8) /* 369 */, - W64LIT(0xD4EFFB9C9B1CC21A) /* 370 */, W64LIT(0x99727D26F494F7AB) /* 371 */, - W64LIT(0xA3E063A2956B3E03) /* 372 */, W64LIT(0x9D4A8B9A4AA09C30) /* 373 */, - W64LIT(0x3F6AB7D500090FB4) /* 374 */, W64LIT(0x9CC0F2A057268AC0) /* 375 */, - W64LIT(0x3DEE9D2DEDBF42D1) /* 376 */, W64LIT(0x330F49C87960A972) /* 377 */, - W64LIT(0xC6B2720287421B41) /* 378 */, W64LIT(0x0AC59EC07C00369C) /* 379 */, - W64LIT(0xEF4EAC49CB353425) /* 380 */, W64LIT(0xF450244EEF0129D8) /* 381 */, - W64LIT(0x8ACC46E5CAF4DEB6) /* 382 */, W64LIT(0x2FFEAB63989263F7) /* 383 */, - W64LIT(0x8F7CB9FE5D7A4578) /* 384 */, W64LIT(0x5BD8F7644E634635) /* 385 */, - W64LIT(0x427A7315BF2DC900) /* 386 */, W64LIT(0x17D0C4AA2125261C) /* 387 */, - W64LIT(0x3992486C93518E50) /* 388 */, W64LIT(0xB4CBFEE0A2D7D4C3) /* 389 */, - W64LIT(0x7C75D6202C5DDD8D) /* 390 */, W64LIT(0xDBC295D8E35B6C61) /* 391 */, - W64LIT(0x60B369D302032B19) /* 392 */, W64LIT(0xCE42685FDCE44132) /* 393 */, - W64LIT(0x06F3DDB9DDF65610) /* 394 */, W64LIT(0x8EA4D21DB5E148F0) /* 395 */, - W64LIT(0x20B0FCE62FCD496F) /* 396 */, W64LIT(0x2C1B912358B0EE31) /* 397 */, - W64LIT(0xB28317B818F5A308) /* 398 */, W64LIT(0xA89C1E189CA6D2CF) /* 399 */, - W64LIT(0x0C6B18576AAADBC8) /* 400 */, W64LIT(0xB65DEAA91299FAE3) /* 401 */, - W64LIT(0xFB2B794B7F1027E7) /* 402 */, W64LIT(0x04E4317F443B5BEB) /* 403 */, - W64LIT(0x4B852D325939D0A6) /* 404 */, W64LIT(0xD5AE6BEEFB207FFC) /* 405 */, - W64LIT(0x309682B281C7D374) /* 406 */, W64LIT(0xBAE309A194C3B475) /* 407 */, - W64LIT(0x8CC3F97B13B49F05) /* 408 */, W64LIT(0x98A9422FF8293967) /* 409 */, - W64LIT(0x244B16B01076FF7C) /* 410 */, W64LIT(0xF8BF571C663D67EE) /* 411 */, - W64LIT(0x1F0D6758EEE30DA1) /* 412 */, W64LIT(0xC9B611D97ADEB9B7) /* 413 */, - W64LIT(0xB7AFD5887B6C57A2) /* 414 */, W64LIT(0x6290AE846B984FE1) /* 415 */, - W64LIT(0x94DF4CDEACC1A5FD) /* 416 */, W64LIT(0x058A5BD1C5483AFF) /* 417 */, - W64LIT(0x63166CC142BA3C37) /* 418 */, W64LIT(0x8DB8526EB2F76F40) /* 419 */, - W64LIT(0xE10880036F0D6D4E) /* 420 */, W64LIT(0x9E0523C9971D311D) /* 421 */, - W64LIT(0x45EC2824CC7CD691) /* 422 */, W64LIT(0x575B8359E62382C9) /* 423 */, - W64LIT(0xFA9E400DC4889995) /* 424 */, W64LIT(0xD1823ECB45721568) /* 425 */, - W64LIT(0xDAFD983B8206082F) /* 426 */, W64LIT(0xAA7D29082386A8CB) /* 427 */, - W64LIT(0x269FCD4403B87588) /* 428 */, W64LIT(0x1B91F5F728BDD1E0) /* 429 */, - W64LIT(0xE4669F39040201F6) /* 430 */, W64LIT(0x7A1D7C218CF04ADE) /* 431 */, - W64LIT(0x65623C29D79CE5CE) /* 432 */, W64LIT(0x2368449096C00BB1) /* 433 */, - W64LIT(0xAB9BF1879DA503BA) /* 434 */, W64LIT(0xBC23ECB1A458058E) /* 435 */, - W64LIT(0x9A58DF01BB401ECC) /* 436 */, W64LIT(0xA070E868A85F143D) /* 437 */, - W64LIT(0x4FF188307DF2239E) /* 438 */, W64LIT(0x14D565B41A641183) /* 439 */, - W64LIT(0xEE13337452701602) /* 440 */, W64LIT(0x950E3DCF3F285E09) /* 441 */, - W64LIT(0x59930254B9C80953) /* 442 */, W64LIT(0x3BF299408930DA6D) /* 443 */, - W64LIT(0xA955943F53691387) /* 444 */, W64LIT(0xA15EDECAA9CB8784) /* 445 */, - W64LIT(0x29142127352BE9A0) /* 446 */, W64LIT(0x76F0371FFF4E7AFB) /* 447 */, - W64LIT(0x0239F450274F2228) /* 448 */, W64LIT(0xBB073AF01D5E868B) /* 449 */, - W64LIT(0xBFC80571C10E96C1) /* 450 */, W64LIT(0xD267088568222E23) /* 451 */, - W64LIT(0x9671A3D48E80B5B0) /* 452 */, W64LIT(0x55B5D38AE193BB81) /* 453 */, - W64LIT(0x693AE2D0A18B04B8) /* 454 */, W64LIT(0x5C48B4ECADD5335F) /* 455 */, - W64LIT(0xFD743B194916A1CA) /* 456 */, W64LIT(0x2577018134BE98C4) /* 457 */, - W64LIT(0xE77987E83C54A4AD) /* 458 */, W64LIT(0x28E11014DA33E1B9) /* 459 */, - W64LIT(0x270CC59E226AA213) /* 460 */, W64LIT(0x71495F756D1A5F60) /* 461 */, - W64LIT(0x9BE853FB60AFEF77) /* 462 */, W64LIT(0xADC786A7F7443DBF) /* 463 */, - W64LIT(0x0904456173B29A82) /* 464 */, W64LIT(0x58BC7A66C232BD5E) /* 465 */, - W64LIT(0xF306558C673AC8B2) /* 466 */, W64LIT(0x41F639C6B6C9772A) /* 467 */, - W64LIT(0x216DEFE99FDA35DA) /* 468 */, W64LIT(0x11640CC71C7BE615) /* 469 */, - W64LIT(0x93C43694565C5527) /* 470 */, W64LIT(0xEA038E6246777839) /* 471 */, - W64LIT(0xF9ABF3CE5A3E2469) /* 472 */, W64LIT(0x741E768D0FD312D2) /* 473 */, - W64LIT(0x0144B883CED652C6) /* 474 */, W64LIT(0xC20B5A5BA33F8552) /* 475 */, - W64LIT(0x1AE69633C3435A9D) /* 476 */, W64LIT(0x97A28CA4088CFDEC) /* 477 */, - W64LIT(0x8824A43C1E96F420) /* 478 */, W64LIT(0x37612FA66EEEA746) /* 479 */, - W64LIT(0x6B4CB165F9CF0E5A) /* 480 */, W64LIT(0x43AA1C06A0ABFB4A) /* 481 */, - W64LIT(0x7F4DC26FF162796B) /* 482 */, W64LIT(0x6CBACC8E54ED9B0F) /* 483 */, - W64LIT(0xA6B7FFEFD2BB253E) /* 484 */, W64LIT(0x2E25BC95B0A29D4F) /* 485 */, - W64LIT(0x86D6A58BDEF1388C) /* 486 */, W64LIT(0xDED74AC576B6F054) /* 487 */, - W64LIT(0x8030BDBC2B45805D) /* 488 */, W64LIT(0x3C81AF70E94D9289) /* 489 */, - W64LIT(0x3EFF6DDA9E3100DB) /* 490 */, W64LIT(0xB38DC39FDFCC8847) /* 491 */, - W64LIT(0x123885528D17B87E) /* 492 */, W64LIT(0xF2DA0ED240B1B642) /* 493 */, - W64LIT(0x44CEFADCD54BF9A9) /* 494 */, W64LIT(0x1312200E433C7EE6) /* 495 */, - W64LIT(0x9FFCC84F3A78C748) /* 496 */, W64LIT(0xF0CD1F72248576BB) /* 497 */, - W64LIT(0xEC6974053638CFE4) /* 498 */, W64LIT(0x2BA7B67C0CEC4E4C) /* 499 */, - W64LIT(0xAC2F4DF3E5CE32ED) /* 500 */, W64LIT(0xCB33D14326EA4C11) /* 501 */, - W64LIT(0xA4E9044CC77E58BC) /* 502 */, W64LIT(0x5F513293D934FCEF) /* 503 */, - W64LIT(0x5DC9645506E55444) /* 504 */, W64LIT(0x50DE418F317DE40A) /* 505 */, - W64LIT(0x388CB31A69DDE259) /* 506 */, W64LIT(0x2DB4A83455820A86) /* 507 */, - W64LIT(0x9010A91E84711AE9) /* 508 */, W64LIT(0x4DF7F0B7B1498371) /* 509 */, - W64LIT(0xD62A2EABC0977179) /* 510 */, W64LIT(0x22FAC097AA8D5C0E) /* 511 */, - W64LIT(0xF49FCC2FF1DAF39B) /* 512 */, W64LIT(0x487FD5C66FF29281) /* 513 */, - W64LIT(0xE8A30667FCDCA83F) /* 514 */, W64LIT(0x2C9B4BE3D2FCCE63) /* 515 */, - W64LIT(0xDA3FF74B93FBBBC2) /* 516 */, W64LIT(0x2FA165D2FE70BA66) /* 517 */, - W64LIT(0xA103E279970E93D4) /* 518 */, W64LIT(0xBECDEC77B0E45E71) /* 519 */, - W64LIT(0xCFB41E723985E497) /* 520 */, W64LIT(0xB70AAA025EF75017) /* 521 */, - W64LIT(0xD42309F03840B8E0) /* 522 */, W64LIT(0x8EFC1AD035898579) /* 523 */, - W64LIT(0x96C6920BE2B2ABC5) /* 524 */, W64LIT(0x66AF4163375A9172) /* 525 */, - W64LIT(0x2174ABDCCA7127FB) /* 526 */, W64LIT(0xB33CCEA64A72FF41) /* 527 */, - W64LIT(0xF04A4933083066A5) /* 528 */, W64LIT(0x8D970ACDD7289AF5) /* 529 */, - W64LIT(0x8F96E8E031C8C25E) /* 530 */, W64LIT(0xF3FEC02276875D47) /* 531 */, - W64LIT(0xEC7BF310056190DD) /* 532 */, W64LIT(0xF5ADB0AEBB0F1491) /* 533 */, - W64LIT(0x9B50F8850FD58892) /* 534 */, W64LIT(0x4975488358B74DE8) /* 535 */, - W64LIT(0xA3354FF691531C61) /* 536 */, W64LIT(0x0702BBE481D2C6EE) /* 537 */, - W64LIT(0x89FB24057DEDED98) /* 538 */, W64LIT(0xAC3075138596E902) /* 539 */, - W64LIT(0x1D2D3580172772ED) /* 540 */, W64LIT(0xEB738FC28E6BC30D) /* 541 */, - W64LIT(0x5854EF8F63044326) /* 542 */, W64LIT(0x9E5C52325ADD3BBE) /* 543 */, - W64LIT(0x90AA53CF325C4623) /* 544 */, W64LIT(0xC1D24D51349DD067) /* 545 */, - W64LIT(0x2051CFEEA69EA624) /* 546 */, W64LIT(0x13220F0A862E7E4F) /* 547 */, - W64LIT(0xCE39399404E04864) /* 548 */, W64LIT(0xD9C42CA47086FCB7) /* 549 */, - W64LIT(0x685AD2238A03E7CC) /* 550 */, W64LIT(0x066484B2AB2FF1DB) /* 551 */, - W64LIT(0xFE9D5D70EFBF79EC) /* 552 */, W64LIT(0x5B13B9DD9C481854) /* 553 */, - W64LIT(0x15F0D475ED1509AD) /* 554 */, W64LIT(0x0BEBCD060EC79851) /* 555 */, - W64LIT(0xD58C6791183AB7F8) /* 556 */, W64LIT(0xD1187C5052F3EEE4) /* 557 */, - W64LIT(0xC95D1192E54E82FF) /* 558 */, W64LIT(0x86EEA14CB9AC6CA2) /* 559 */, - W64LIT(0x3485BEB153677D5D) /* 560 */, W64LIT(0xDD191D781F8C492A) /* 561 */, - W64LIT(0xF60866BAA784EBF9) /* 562 */, W64LIT(0x518F643BA2D08C74) /* 563 */, - W64LIT(0x8852E956E1087C22) /* 564 */, W64LIT(0xA768CB8DC410AE8D) /* 565 */, - W64LIT(0x38047726BFEC8E1A) /* 566 */, W64LIT(0xA67738B4CD3B45AA) /* 567 */, - W64LIT(0xAD16691CEC0DDE19) /* 568 */, W64LIT(0xC6D4319380462E07) /* 569 */, - W64LIT(0xC5A5876D0BA61938) /* 570 */, W64LIT(0x16B9FA1FA58FD840) /* 571 */, - W64LIT(0x188AB1173CA74F18) /* 572 */, W64LIT(0xABDA2F98C99C021F) /* 573 */, - W64LIT(0x3E0580AB134AE816) /* 574 */, W64LIT(0x5F3B05B773645ABB) /* 575 */, - W64LIT(0x2501A2BE5575F2F6) /* 576 */, W64LIT(0x1B2F74004E7E8BA9) /* 577 */, - W64LIT(0x1CD7580371E8D953) /* 578 */, W64LIT(0x7F6ED89562764E30) /* 579 */, - W64LIT(0xB15926FF596F003D) /* 580 */, W64LIT(0x9F65293DA8C5D6B9) /* 581 */, - W64LIT(0x6ECEF04DD690F84C) /* 582 */, W64LIT(0x4782275FFF33AF88) /* 583 */, - W64LIT(0xE41433083F820801) /* 584 */, W64LIT(0xFD0DFE409A1AF9B5) /* 585 */, - W64LIT(0x4325A3342CDB396B) /* 586 */, W64LIT(0x8AE77E62B301B252) /* 587 */, - W64LIT(0xC36F9E9F6655615A) /* 588 */, W64LIT(0x85455A2D92D32C09) /* 589 */, - W64LIT(0xF2C7DEA949477485) /* 590 */, W64LIT(0x63CFB4C133A39EBA) /* 591 */, - W64LIT(0x83B040CC6EBC5462) /* 592 */, W64LIT(0x3B9454C8FDB326B0) /* 593 */, - W64LIT(0x56F56A9E87FFD78C) /* 594 */, W64LIT(0x2DC2940D99F42BC6) /* 595 */, - W64LIT(0x98F7DF096B096E2D) /* 596 */, W64LIT(0x19A6E01E3AD852BF) /* 597 */, - W64LIT(0x42A99CCBDBD4B40B) /* 598 */, W64LIT(0xA59998AF45E9C559) /* 599 */, - W64LIT(0x366295E807D93186) /* 600 */, W64LIT(0x6B48181BFAA1F773) /* 601 */, - W64LIT(0x1FEC57E2157A0A1D) /* 602 */, W64LIT(0x4667446AF6201AD5) /* 603 */, - W64LIT(0xE615EBCACFB0F075) /* 604 */, W64LIT(0xB8F31F4F68290778) /* 605 */, - W64LIT(0x22713ED6CE22D11E) /* 606 */, W64LIT(0x3057C1A72EC3C93B) /* 607 */, - W64LIT(0xCB46ACC37C3F1F2F) /* 608 */, W64LIT(0xDBB893FD02AAF50E) /* 609 */, - W64LIT(0x331FD92E600B9FCF) /* 610 */, W64LIT(0xA498F96148EA3AD6) /* 611 */, - W64LIT(0xA8D8426E8B6A83EA) /* 612 */, W64LIT(0xA089B274B7735CDC) /* 613 */, - W64LIT(0x87F6B3731E524A11) /* 614 */, W64LIT(0x118808E5CBC96749) /* 615 */, - W64LIT(0x9906E4C7B19BD394) /* 616 */, W64LIT(0xAFED7F7E9B24A20C) /* 617 */, - W64LIT(0x6509EADEEB3644A7) /* 618 */, W64LIT(0x6C1EF1D3E8EF0EDE) /* 619 */, - W64LIT(0xB9C97D43E9798FB4) /* 620 */, W64LIT(0xA2F2D784740C28A3) /* 621 */, - W64LIT(0x7B8496476197566F) /* 622 */, W64LIT(0x7A5BE3E6B65F069D) /* 623 */, - W64LIT(0xF96330ED78BE6F10) /* 624 */, W64LIT(0xEEE60DE77A076A15) /* 625 */, - W64LIT(0x2B4BEE4AA08B9BD0) /* 626 */, W64LIT(0x6A56A63EC7B8894E) /* 627 */, - W64LIT(0x02121359BA34FEF4) /* 628 */, W64LIT(0x4CBF99F8283703FC) /* 629 */, - W64LIT(0x398071350CAF30C8) /* 630 */, W64LIT(0xD0A77A89F017687A) /* 631 */, - W64LIT(0xF1C1A9EB9E423569) /* 632 */, W64LIT(0x8C7976282DEE8199) /* 633 */, - W64LIT(0x5D1737A5DD1F7ABD) /* 634 */, W64LIT(0x4F53433C09A9FA80) /* 635 */, - W64LIT(0xFA8B0C53DF7CA1D9) /* 636 */, W64LIT(0x3FD9DCBC886CCB77) /* 637 */, - W64LIT(0xC040917CA91B4720) /* 638 */, W64LIT(0x7DD00142F9D1DCDF) /* 639 */, - W64LIT(0x8476FC1D4F387B58) /* 640 */, W64LIT(0x23F8E7C5F3316503) /* 641 */, - W64LIT(0x032A2244E7E37339) /* 642 */, W64LIT(0x5C87A5D750F5A74B) /* 643 */, - W64LIT(0x082B4CC43698992E) /* 644 */, W64LIT(0xDF917BECB858F63C) /* 645 */, - W64LIT(0x3270B8FC5BF86DDA) /* 646 */, W64LIT(0x10AE72BB29B5DD76) /* 647 */, - W64LIT(0x576AC94E7700362B) /* 648 */, W64LIT(0x1AD112DAC61EFB8F) /* 649 */, - W64LIT(0x691BC30EC5FAA427) /* 650 */, W64LIT(0xFF246311CC327143) /* 651 */, - W64LIT(0x3142368E30E53206) /* 652 */, W64LIT(0x71380E31E02CA396) /* 653 */, - W64LIT(0x958D5C960AAD76F1) /* 654 */, W64LIT(0xF8D6F430C16DA536) /* 655 */, - W64LIT(0xC8FFD13F1BE7E1D2) /* 656 */, W64LIT(0x7578AE66004DDBE1) /* 657 */, - W64LIT(0x05833F01067BE646) /* 658 */, W64LIT(0xBB34B5AD3BFE586D) /* 659 */, - W64LIT(0x095F34C9A12B97F0) /* 660 */, W64LIT(0x247AB64525D60CA8) /* 661 */, - W64LIT(0xDCDBC6F3017477D1) /* 662 */, W64LIT(0x4A2E14D4DECAD24D) /* 663 */, - W64LIT(0xBDB5E6D9BE0A1EEB) /* 664 */, W64LIT(0x2A7E70F7794301AB) /* 665 */, - W64LIT(0xDEF42D8A270540FD) /* 666 */, W64LIT(0x01078EC0A34C22C1) /* 667 */, - W64LIT(0xE5DE511AF4C16387) /* 668 */, W64LIT(0x7EBB3A52BD9A330A) /* 669 */, - W64LIT(0x77697857AA7D6435) /* 670 */, W64LIT(0x004E831603AE4C32) /* 671 */, - W64LIT(0xE7A21020AD78E312) /* 672 */, W64LIT(0x9D41A70C6AB420F2) /* 673 */, - W64LIT(0x28E06C18EA1141E6) /* 674 */, W64LIT(0xD2B28CBD984F6B28) /* 675 */, - W64LIT(0x26B75F6C446E9D83) /* 676 */, W64LIT(0xBA47568C4D418D7F) /* 677 */, - W64LIT(0xD80BADBFE6183D8E) /* 678 */, W64LIT(0x0E206D7F5F166044) /* 679 */, - W64LIT(0xE258A43911CBCA3E) /* 680 */, W64LIT(0x723A1746B21DC0BC) /* 681 */, - W64LIT(0xC7CAA854F5D7CDD3) /* 682 */, W64LIT(0x7CAC32883D261D9C) /* 683 */, - W64LIT(0x7690C26423BA942C) /* 684 */, W64LIT(0x17E55524478042B8) /* 685 */, - W64LIT(0xE0BE477656A2389F) /* 686 */, W64LIT(0x4D289B5E67AB2DA0) /* 687 */, - W64LIT(0x44862B9C8FBBFD31) /* 688 */, W64LIT(0xB47CC8049D141365) /* 689 */, - W64LIT(0x822C1B362B91C793) /* 690 */, W64LIT(0x4EB14655FB13DFD8) /* 691 */, - W64LIT(0x1ECBBA0714E2A97B) /* 692 */, W64LIT(0x6143459D5CDE5F14) /* 693 */, - W64LIT(0x53A8FBF1D5F0AC89) /* 694 */, W64LIT(0x97EA04D81C5E5B00) /* 695 */, - W64LIT(0x622181A8D4FDB3F3) /* 696 */, W64LIT(0xE9BCD341572A1208) /* 697 */, - W64LIT(0x1411258643CCE58A) /* 698 */, W64LIT(0x9144C5FEA4C6E0A4) /* 699 */, - W64LIT(0x0D33D06565CF620F) /* 700 */, W64LIT(0x54A48D489F219CA1) /* 701 */, - W64LIT(0xC43E5EAC6D63C821) /* 702 */, W64LIT(0xA9728B3A72770DAF) /* 703 */, - W64LIT(0xD7934E7B20DF87EF) /* 704 */, W64LIT(0xE35503B61A3E86E5) /* 705 */, - W64LIT(0xCAE321FBC819D504) /* 706 */, W64LIT(0x129A50B3AC60BFA6) /* 707 */, - W64LIT(0xCD5E68EA7E9FB6C3) /* 708 */, W64LIT(0xB01C90199483B1C7) /* 709 */, - W64LIT(0x3DE93CD5C295376C) /* 710 */, W64LIT(0xAED52EDF2AB9AD13) /* 711 */, - W64LIT(0x2E60F512C0A07884) /* 712 */, W64LIT(0xBC3D86A3E36210C9) /* 713 */, - W64LIT(0x35269D9B163951CE) /* 714 */, W64LIT(0x0C7D6E2AD0CDB5FA) /* 715 */, - W64LIT(0x59E86297D87F5733) /* 716 */, W64LIT(0x298EF221898DB0E7) /* 717 */, - W64LIT(0x55000029D1A5AA7E) /* 718 */, W64LIT(0x8BC08AE1B5061B45) /* 719 */, - W64LIT(0xC2C31C2B6C92703A) /* 720 */, W64LIT(0x94CC596BAF25EF42) /* 721 */, - W64LIT(0x0A1D73DB22540456) /* 722 */, W64LIT(0x04B6A0F9D9C4179A) /* 723 */, - W64LIT(0xEFFDAFA2AE3D3C60) /* 724 */, W64LIT(0xF7C8075BB49496C4) /* 725 */, - W64LIT(0x9CC5C7141D1CD4E3) /* 726 */, W64LIT(0x78BD1638218E5534) /* 727 */, - W64LIT(0xB2F11568F850246A) /* 728 */, W64LIT(0xEDFABCFA9502BC29) /* 729 */, - W64LIT(0x796CE5F2DA23051B) /* 730 */, W64LIT(0xAAE128B0DC93537C) /* 731 */, - W64LIT(0x3A493DA0EE4B29AE) /* 732 */, W64LIT(0xB5DF6B2C416895D7) /* 733 */, - W64LIT(0xFCABBD25122D7F37) /* 734 */, W64LIT(0x70810B58105DC4B1) /* 735 */, - W64LIT(0xE10FDD37F7882A90) /* 736 */, W64LIT(0x524DCAB5518A3F5C) /* 737 */, - W64LIT(0x3C9E85878451255B) /* 738 */, W64LIT(0x4029828119BD34E2) /* 739 */, - W64LIT(0x74A05B6F5D3CECCB) /* 740 */, W64LIT(0xB610021542E13ECA) /* 741 */, - W64LIT(0x0FF979D12F59E2AC) /* 742 */, W64LIT(0x6037DA27E4F9CC50) /* 743 */, - W64LIT(0x5E92975A0DF1847D) /* 744 */, W64LIT(0xD66DE190D3E623FE) /* 745 */, - W64LIT(0x5032D6B87B568048) /* 746 */, W64LIT(0x9A36B7CE8235216E) /* 747 */, - W64LIT(0x80272A7A24F64B4A) /* 748 */, W64LIT(0x93EFED8B8C6916F7) /* 749 */, - W64LIT(0x37DDBFF44CCE1555) /* 750 */, W64LIT(0x4B95DB5D4B99BD25) /* 751 */, - W64LIT(0x92D3FDA169812FC0) /* 752 */, W64LIT(0xFB1A4A9A90660BB6) /* 753 */, - W64LIT(0x730C196946A4B9B2) /* 754 */, W64LIT(0x81E289AA7F49DA68) /* 755 */, - W64LIT(0x64669A0F83B1A05F) /* 756 */, W64LIT(0x27B3FF7D9644F48B) /* 757 */, - W64LIT(0xCC6B615C8DB675B3) /* 758 */, W64LIT(0x674F20B9BCEBBE95) /* 759 */, - W64LIT(0x6F31238275655982) /* 760 */, W64LIT(0x5AE488713E45CF05) /* 761 */, - W64LIT(0xBF619F9954C21157) /* 762 */, W64LIT(0xEABAC46040A8EAE9) /* 763 */, - W64LIT(0x454C6FE9F2C0C1CD) /* 764 */, W64LIT(0x419CF6496412691C) /* 765 */, - W64LIT(0xD3DC3BEF265B0F70) /* 766 */, W64LIT(0x6D0E60F5C3578A9E) /* 767 */, - W64LIT(0x5B0E608526323C55) /* 768 */, W64LIT(0x1A46C1A9FA1B59F5) /* 769 */, - W64LIT(0xA9E245A17C4C8FFA) /* 770 */, W64LIT(0x65CA5159DB2955D7) /* 771 */, - W64LIT(0x05DB0A76CE35AFC2) /* 772 */, W64LIT(0x81EAC77EA9113D45) /* 773 */, - W64LIT(0x528EF88AB6AC0A0D) /* 774 */, W64LIT(0xA09EA253597BE3FF) /* 775 */, - W64LIT(0x430DDFB3AC48CD56) /* 776 */, W64LIT(0xC4B3A67AF45CE46F) /* 777 */, - W64LIT(0x4ECECFD8FBE2D05E) /* 778 */, W64LIT(0x3EF56F10B39935F0) /* 779 */, - W64LIT(0x0B22D6829CD619C6) /* 780 */, W64LIT(0x17FD460A74DF2069) /* 781 */, - W64LIT(0x6CF8CC8E8510ED40) /* 782 */, W64LIT(0xD6C824BF3A6ECAA7) /* 783 */, - W64LIT(0x61243D581A817049) /* 784 */, W64LIT(0x048BACB6BBC163A2) /* 785 */, - W64LIT(0xD9A38AC27D44CC32) /* 786 */, W64LIT(0x7FDDFF5BAAF410AB) /* 787 */, - W64LIT(0xAD6D495AA804824B) /* 788 */, W64LIT(0xE1A6A74F2D8C9F94) /* 789 */, - W64LIT(0xD4F7851235DEE8E3) /* 790 */, W64LIT(0xFD4B7F886540D893) /* 791 */, - W64LIT(0x247C20042AA4BFDA) /* 792 */, W64LIT(0x096EA1C517D1327C) /* 793 */, - W64LIT(0xD56966B4361A6685) /* 794 */, W64LIT(0x277DA5C31221057D) /* 795 */, - W64LIT(0x94D59893A43ACFF7) /* 796 */, W64LIT(0x64F0C51CCDC02281) /* 797 */, - W64LIT(0x3D33BCC4FF6189DB) /* 798 */, W64LIT(0xE005CB184CE66AF1) /* 799 */, - W64LIT(0xFF5CCD1D1DB99BEA) /* 800 */, W64LIT(0xB0B854A7FE42980F) /* 801 */, - W64LIT(0x7BD46A6A718D4B9F) /* 802 */, W64LIT(0xD10FA8CC22A5FD8C) /* 803 */, - W64LIT(0xD31484952BE4BD31) /* 804 */, W64LIT(0xC7FA975FCB243847) /* 805 */, - W64LIT(0x4886ED1E5846C407) /* 806 */, W64LIT(0x28CDDB791EB70B04) /* 807 */, - W64LIT(0xC2B00BE2F573417F) /* 808 */, W64LIT(0x5C9590452180F877) /* 809 */, - W64LIT(0x7A6BDDFFF370EB00) /* 810 */, W64LIT(0xCE509E38D6D9D6A4) /* 811 */, - W64LIT(0xEBEB0F00647FA702) /* 812 */, W64LIT(0x1DCC06CF76606F06) /* 813 */, - W64LIT(0xE4D9F28BA286FF0A) /* 814 */, W64LIT(0xD85A305DC918C262) /* 815 */, - W64LIT(0x475B1D8732225F54) /* 816 */, W64LIT(0x2D4FB51668CCB5FE) /* 817 */, - W64LIT(0xA679B9D9D72BBA20) /* 818 */, W64LIT(0x53841C0D912D43A5) /* 819 */, - W64LIT(0x3B7EAA48BF12A4E8) /* 820 */, W64LIT(0x781E0E47F22F1DDF) /* 821 */, - W64LIT(0xEFF20CE60AB50973) /* 822 */, W64LIT(0x20D261D19DFFB742) /* 823 */, - W64LIT(0x16A12B03062A2E39) /* 824 */, W64LIT(0x1960EB2239650495) /* 825 */, - W64LIT(0x251C16FED50EB8B8) /* 826 */, W64LIT(0x9AC0C330F826016E) /* 827 */, - W64LIT(0xED152665953E7671) /* 828 */, W64LIT(0x02D63194A6369570) /* 829 */, - W64LIT(0x5074F08394B1C987) /* 830 */, W64LIT(0x70BA598C90B25CE1) /* 831 */, - W64LIT(0x794A15810B9742F6) /* 832 */, W64LIT(0x0D5925E9FCAF8C6C) /* 833 */, - W64LIT(0x3067716CD868744E) /* 834 */, W64LIT(0x910AB077E8D7731B) /* 835 */, - W64LIT(0x6A61BBDB5AC42F61) /* 836 */, W64LIT(0x93513EFBF0851567) /* 837 */, - W64LIT(0xF494724B9E83E9D5) /* 838 */, W64LIT(0xE887E1985C09648D) /* 839 */, - W64LIT(0x34B1D3C675370CFD) /* 840 */, W64LIT(0xDC35E433BC0D255D) /* 841 */, - W64LIT(0xD0AAB84234131BE0) /* 842 */, W64LIT(0x08042A50B48B7EAF) /* 843 */, - W64LIT(0x9997C4EE44A3AB35) /* 844 */, W64LIT(0x829A7B49201799D0) /* 845 */, - W64LIT(0x263B8307B7C54441) /* 846 */, W64LIT(0x752F95F4FD6A6CA6) /* 847 */, - W64LIT(0x927217402C08C6E5) /* 848 */, W64LIT(0x2A8AB754A795D9EE) /* 849 */, - W64LIT(0xA442F7552F72943D) /* 850 */, W64LIT(0x2C31334E19781208) /* 851 */, - W64LIT(0x4FA98D7CEAEE6291) /* 852 */, W64LIT(0x55C3862F665DB309) /* 853 */, - W64LIT(0xBD0610175D53B1F3) /* 854 */, W64LIT(0x46FE6CB840413F27) /* 855 */, - W64LIT(0x3FE03792DF0CFA59) /* 856 */, W64LIT(0xCFE700372EB85E8F) /* 857 */, - W64LIT(0xA7BE29E7ADBCE118) /* 858 */, W64LIT(0xE544EE5CDE8431DD) /* 859 */, - W64LIT(0x8A781B1B41F1873E) /* 860 */, W64LIT(0xA5C94C78A0D2F0E7) /* 861 */, - W64LIT(0x39412E2877B60728) /* 862 */, W64LIT(0xA1265EF3AFC9A62C) /* 863 */, - W64LIT(0xBCC2770C6A2506C5) /* 864 */, W64LIT(0x3AB66DD5DCE1CE12) /* 865 */, - W64LIT(0xE65499D04A675B37) /* 866 */, W64LIT(0x7D8F523481BFD216) /* 867 */, - W64LIT(0x0F6F64FCEC15F389) /* 868 */, W64LIT(0x74EFBE618B5B13C8) /* 869 */, - W64LIT(0xACDC82B714273E1D) /* 870 */, W64LIT(0xDD40BFE003199D17) /* 871 */, - W64LIT(0x37E99257E7E061F8) /* 872 */, W64LIT(0xFA52626904775AAA) /* 873 */, - W64LIT(0x8BBBF63A463D56F9) /* 874 */, W64LIT(0xF0013F1543A26E64) /* 875 */, - W64LIT(0xA8307E9F879EC898) /* 876 */, W64LIT(0xCC4C27A4150177CC) /* 877 */, - W64LIT(0x1B432F2CCA1D3348) /* 878 */, W64LIT(0xDE1D1F8F9F6FA013) /* 879 */, - W64LIT(0x606602A047A7DDD6) /* 880 */, W64LIT(0xD237AB64CC1CB2C7) /* 881 */, - W64LIT(0x9B938E7225FCD1D3) /* 882 */, W64LIT(0xEC4E03708E0FF476) /* 883 */, - W64LIT(0xFEB2FBDA3D03C12D) /* 884 */, W64LIT(0xAE0BCED2EE43889A) /* 885 */, - W64LIT(0x22CB8923EBFB4F43) /* 886 */, W64LIT(0x69360D013CF7396D) /* 887 */, - W64LIT(0x855E3602D2D4E022) /* 888 */, W64LIT(0x073805BAD01F784C) /* 889 */, - W64LIT(0x33E17A133852F546) /* 890 */, W64LIT(0xDF4874058AC7B638) /* 891 */, - W64LIT(0xBA92B29C678AA14A) /* 892 */, W64LIT(0x0CE89FC76CFAADCD) /* 893 */, - W64LIT(0x5F9D4E0908339E34) /* 894 */, W64LIT(0xF1AFE9291F5923B9) /* 895 */, - W64LIT(0x6E3480F60F4A265F) /* 896 */, W64LIT(0xEEBF3A2AB29B841C) /* 897 */, - W64LIT(0xE21938A88F91B4AD) /* 898 */, W64LIT(0x57DFEFF845C6D3C3) /* 899 */, - W64LIT(0x2F006B0BF62CAAF2) /* 900 */, W64LIT(0x62F479EF6F75EE78) /* 901 */, - W64LIT(0x11A55AD41C8916A9) /* 902 */, W64LIT(0xF229D29084FED453) /* 903 */, - W64LIT(0x42F1C27B16B000E6) /* 904 */, W64LIT(0x2B1F76749823C074) /* 905 */, - W64LIT(0x4B76ECA3C2745360) /* 906 */, W64LIT(0x8C98F463B91691BD) /* 907 */, - W64LIT(0x14BCC93CF1ADE66A) /* 908 */, W64LIT(0x8885213E6D458397) /* 909 */, - W64LIT(0x8E177DF0274D4711) /* 910 */, W64LIT(0xB49B73B5503F2951) /* 911 */, - W64LIT(0x10168168C3F96B6B) /* 912 */, W64LIT(0x0E3D963B63CAB0AE) /* 913 */, - W64LIT(0x8DFC4B5655A1DB14) /* 914 */, W64LIT(0xF789F1356E14DE5C) /* 915 */, - W64LIT(0x683E68AF4E51DAC1) /* 916 */, W64LIT(0xC9A84F9D8D4B0FD9) /* 917 */, - W64LIT(0x3691E03F52A0F9D1) /* 918 */, W64LIT(0x5ED86E46E1878E80) /* 919 */, - W64LIT(0x3C711A0E99D07150) /* 920 */, W64LIT(0x5A0865B20C4E9310) /* 921 */, - W64LIT(0x56FBFC1FE4F0682E) /* 922 */, W64LIT(0xEA8D5DE3105EDF9B) /* 923 */, - W64LIT(0x71ABFDB12379187A) /* 924 */, W64LIT(0x2EB99DE1BEE77B9C) /* 925 */, - W64LIT(0x21ECC0EA33CF4523) /* 926 */, W64LIT(0x59A4D7521805C7A1) /* 927 */, - W64LIT(0x3896F5EB56AE7C72) /* 928 */, W64LIT(0xAA638F3DB18F75DC) /* 929 */, - W64LIT(0x9F39358DABE9808E) /* 930 */, W64LIT(0xB7DEFA91C00B72AC) /* 931 */, - W64LIT(0x6B5541FD62492D92) /* 932 */, W64LIT(0x6DC6DEE8F92E4D5B) /* 933 */, - W64LIT(0x353F57ABC4BEEA7E) /* 934 */, W64LIT(0x735769D6DA5690CE) /* 935 */, - W64LIT(0x0A234AA642391484) /* 936 */, W64LIT(0xF6F9508028F80D9D) /* 937 */, - W64LIT(0xB8E319A27AB3F215) /* 938 */, W64LIT(0x31AD9C1151341A4D) /* 939 */, - W64LIT(0x773C22A57BEF5805) /* 940 */, W64LIT(0x45C7561A07968633) /* 941 */, - W64LIT(0xF913DA9E249DBE36) /* 942 */, W64LIT(0xDA652D9B78A64C68) /* 943 */, - W64LIT(0x4C27A97F3BC334EF) /* 944 */, W64LIT(0x76621220E66B17F4) /* 945 */, - W64LIT(0x967743899ACD7D0B) /* 946 */, W64LIT(0xF3EE5BCAE0ED6782) /* 947 */, - W64LIT(0x409F753600C879FC) /* 948 */, W64LIT(0x06D09A39B5926DB6) /* 949 */, - W64LIT(0x6F83AEB0317AC588) /* 950 */, W64LIT(0x01E6CA4A86381F21) /* 951 */, - W64LIT(0x66FF3462D19F3025) /* 952 */, W64LIT(0x72207C24DDFD3BFB) /* 953 */, - W64LIT(0x4AF6B6D3E2ECE2EB) /* 954 */, W64LIT(0x9C994DBEC7EA08DE) /* 955 */, - W64LIT(0x49ACE597B09A8BC4) /* 956 */, W64LIT(0xB38C4766CF0797BA) /* 957 */, - W64LIT(0x131B9373C57C2A75) /* 958 */, W64LIT(0xB1822CCE61931E58) /* 959 */, - W64LIT(0x9D7555B909BA1C0C) /* 960 */, W64LIT(0x127FAFDD937D11D2) /* 961 */, - W64LIT(0x29DA3BADC66D92E4) /* 962 */, W64LIT(0xA2C1D57154C2ECBC) /* 963 */, - W64LIT(0x58C5134D82F6FE24) /* 964 */, W64LIT(0x1C3AE3515B62274F) /* 965 */, - W64LIT(0xE907C82E01CB8126) /* 966 */, W64LIT(0xF8ED091913E37FCB) /* 967 */, - W64LIT(0x3249D8F9C80046C9) /* 968 */, W64LIT(0x80CF9BEDE388FB63) /* 969 */, - W64LIT(0x1881539A116CF19E) /* 970 */, W64LIT(0x5103F3F76BD52457) /* 971 */, - W64LIT(0x15B7E6F5AE47F7A8) /* 972 */, W64LIT(0xDBD7C6DED47E9CCF) /* 973 */, - W64LIT(0x44E55C410228BB1A) /* 974 */, W64LIT(0xB647D4255EDB4E99) /* 975 */, - W64LIT(0x5D11882BB8AAFC30) /* 976 */, W64LIT(0xF5098BBB29D3212A) /* 977 */, - W64LIT(0x8FB5EA14E90296B3) /* 978 */, W64LIT(0x677B942157DD025A) /* 979 */, - W64LIT(0xFB58E7C0A390ACB5) /* 980 */, W64LIT(0x89D3674C83BD4A01) /* 981 */, - W64LIT(0x9E2DA4DF4BF3B93B) /* 982 */, W64LIT(0xFCC41E328CAB4829) /* 983 */, - W64LIT(0x03F38C96BA582C52) /* 984 */, W64LIT(0xCAD1BDBD7FD85DB2) /* 985 */, - W64LIT(0xBBB442C16082AE83) /* 986 */, W64LIT(0xB95FE86BA5DA9AB0) /* 987 */, - W64LIT(0xB22E04673771A93F) /* 988 */, W64LIT(0x845358C9493152D8) /* 989 */, - W64LIT(0xBE2A488697B4541E) /* 990 */, W64LIT(0x95A2DC2DD38E6966) /* 991 */, - W64LIT(0xC02C11AC923C852B) /* 992 */, W64LIT(0x2388B1990DF2A87B) /* 993 */, - W64LIT(0x7C8008FA1B4F37BE) /* 994 */, W64LIT(0x1F70D0C84D54E503) /* 995 */, - W64LIT(0x5490ADEC7ECE57D4) /* 996 */, W64LIT(0x002B3C27D9063A3A) /* 997 */, - W64LIT(0x7EAEA3848030A2BF) /* 998 */, W64LIT(0xC602326DED2003C0) /* 999 */, - W64LIT(0x83A7287D69A94086) /* 1000 */, W64LIT(0xC57A5FCB30F57A8A) /* 1001 */, - W64LIT(0xB56844E479EBE779) /* 1002 */, W64LIT(0xA373B40F05DCBCE9) /* 1003 */, - W64LIT(0xD71A786E88570EE2) /* 1004 */, W64LIT(0x879CBACDBDE8F6A0) /* 1005 */, - W64LIT(0x976AD1BCC164A32F) /* 1006 */, W64LIT(0xAB21E25E9666D78B) /* 1007 */, - W64LIT(0x901063AAE5E5C33C) /* 1008 */, W64LIT(0x9818B34448698D90) /* 1009 */, - W64LIT(0xE36487AE3E1E8ABB) /* 1010 */, W64LIT(0xAFBDF931893BDCB4) /* 1011 */, - W64LIT(0x6345A0DC5FBBD519) /* 1012 */, W64LIT(0x8628FE269B9465CA) /* 1013 */, - W64LIT(0x1E5D01603F9C51EC) /* 1014 */, W64LIT(0x4DE44006A15049B7) /* 1015 */, - W64LIT(0xBF6C70E5F776CBB1) /* 1016 */, W64LIT(0x411218F2EF552BED) /* 1017 */, - W64LIT(0xCB0C0708705A36A3) /* 1018 */, W64LIT(0xE74D14754F986044) /* 1019 */, - W64LIT(0xCD56D9430EA8280E) /* 1020 */, W64LIT(0xC12591D7535F5065) /* 1021 */, - W64LIT(0xC83223F1720AEF96) /* 1022 */, W64LIT(0xC3A0396F7363A51F) /* 1023 */, - W64LIT(0xffffffffffffffff), - W64LIT(0xA5A5A5A5A5A5A5A5), - W64LIT(0x0123456789ABCDEF), -}; - -NAMESPACE_END diff --git a/cryptopp562/trdlocal.cpp b/cryptopp562/trdlocal.cpp deleted file mode 100644 index 6d6b822..0000000 --- a/cryptopp562/trdlocal.cpp +++ /dev/null @@ -1,73 +0,0 @@ -// trdlocal.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS -#ifdef THREADS_AVAILABLE - -#include "trdlocal.h" - -#ifdef HAS_WINTHREADS -#include <windows.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -ThreadLocalStorage::Err::Err(const std::string& operation, int error) - : OS_Error(OTHER_ERROR, "ThreadLocalStorage: " + operation + " operation failed with error 0x" + IntToString(error, 16), operation, error) -{ -} - -ThreadLocalStorage::ThreadLocalStorage() -{ -#ifdef HAS_WINTHREADS - m_index = TlsAlloc(); - if (m_index == TLS_OUT_OF_INDEXES) - throw Err("TlsAlloc", GetLastError()); -#else - int error = pthread_key_create(&m_index, NULL); - if (error) - throw Err("pthread_key_create", error); -#endif -} - -ThreadLocalStorage::~ThreadLocalStorage() -{ -#ifdef HAS_WINTHREADS - if (!TlsFree(m_index)) - throw Err("TlsFree", GetLastError()); -#else - int error = pthread_key_delete(m_index); - if (error) - throw Err("pthread_key_delete", error); -#endif -} - -void ThreadLocalStorage::SetValue(void *value) -{ -#ifdef HAS_WINTHREADS - if (!TlsSetValue(m_index, value)) - throw Err("TlsSetValue", GetLastError()); -#else - int error = pthread_setspecific(m_index, value); - if (error) - throw Err("pthread_key_getspecific", error); -#endif -} - -void *ThreadLocalStorage::GetValue() const -{ -#ifdef HAS_WINTHREADS - void *result = TlsGetValue(m_index); - if (!result && GetLastError() != NO_ERROR) - throw Err("TlsGetValue", GetLastError()); -#else - void *result = pthread_getspecific(m_index); -#endif - return result; -} - -NAMESPACE_END - -#endif // #ifdef THREADS_AVAILABLE -#endif diff --git a/cryptopp562/trdlocal.h b/cryptopp562/trdlocal.h deleted file mode 100644 index 92d244a..0000000 --- a/cryptopp562/trdlocal.h +++ /dev/null @@ -1,44 +0,0 @@ -#ifndef CRYPTOPP_TRDLOCAL_H -#define CRYPTOPP_TRDLOCAL_H - -#include "config.h" - -#ifdef THREADS_AVAILABLE - -#include "misc.h" - -#ifdef HAS_WINTHREADS -typedef unsigned long ThreadLocalIndexType; -#else -#include <pthread.h> -typedef pthread_key_t ThreadLocalIndexType; -#endif - -NAMESPACE_BEGIN(CryptoPP) - -//! thread local storage -class CRYPTOPP_DLL ThreadLocalStorage : public NotCopyable -{ -public: - //! exception thrown by ThreadLocalStorage class - class Err : public OS_Error - { - public: - Err(const std::string& operation, int error); - }; - - ThreadLocalStorage(); - ~ThreadLocalStorage(); - - void SetValue(void *value); - void *GetValue() const; - -private: - ThreadLocalIndexType m_index; -}; - -NAMESPACE_END - -#endif // #ifdef THREADS_AVAILABLE - -#endif diff --git a/cryptopp562/trunhash.h b/cryptopp562/trunhash.h deleted file mode 100644 index c1c4e9b..0000000 --- a/cryptopp562/trunhash.h +++ /dev/null @@ -1,48 +0,0 @@ -#ifndef CRYPTOPP_TRUNHASH_H -#define CRYPTOPP_TRUNHASH_H - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -class NullHash : public HashTransformation -{ -public: - void Update(const byte *input, size_t length) {} - unsigned int DigestSize() const {return 0;} - void TruncatedFinal(byte *digest, size_t digestSize) {} - bool TruncatedVerify(const byte *digest, size_t digestLength) {return true;} -}; - -//! construct new HashModule with smaller DigestSize() from existing one -template <class T> -class TruncatedHashTemplate : public HashTransformation -{ -public: - TruncatedHashTemplate(T hm, unsigned int digestSize) - : m_hm(hm), m_digestSize(digestSize) {} - TruncatedHashTemplate(const byte *key, size_t keyLength, unsigned int digestSize) - : m_hm(key, keyLength), m_digestSize(digestSize) {} - TruncatedHashTemplate(size_t digestSize) - : m_digestSize(digestSize) {} - - void Restart() - {m_hm.Restart();} - void Update(const byte *input, size_t length) - {m_hm.Update(input, length);} - unsigned int DigestSize() const {return m_digestSize;} - void TruncatedFinal(byte *digest, size_t digestSize) - {m_hm.TruncatedFinal(digest, digestSize);} - bool TruncatedVerify(const byte *digest, size_t digestLength) - {return m_hm.TruncatedVerify(digest, digestLength);} - -private: - T m_hm; - unsigned int m_digestSize; -}; - -typedef TruncatedHashTemplate<HashTransformation &> TruncatedHashModule; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ttmac.cpp b/cryptopp562/ttmac.cpp deleted file mode 100644 index d4ff381..0000000 --- a/cryptopp562/ttmac.cpp +++ /dev/null @@ -1,338 +0,0 @@ -// ttmac.cpp - written and placed in the public domain by Kevin Springle - -#include "pch.h" -#include "ttmac.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void TTMAC_Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &) -{ - AssertValidKeyLength(keylength); - - memcpy(m_key, userKey, KEYLENGTH); - CorrectEndianess(m_key, m_key, KEYLENGTH); - - Init(); -} - -void TTMAC_Base::Init() -{ - m_digest[0] = m_digest[5] = m_key[0]; - m_digest[1] = m_digest[6] = m_key[1]; - m_digest[2] = m_digest[7] = m_key[2]; - m_digest[3] = m_digest[8] = m_key[3]; - m_digest[4] = m_digest[9] = m_key[4]; -} - -void TTMAC_Base::TruncatedFinal(byte *hash, size_t size) -{ - PadLastBlock(BlockSize() - 2*sizeof(HashWordType)); - CorrectEndianess(m_data, m_data, BlockSize() - 2*sizeof(HashWordType)); - - m_data[m_data.size()-2] = GetBitCountLo(); - m_data[m_data.size()-1] = GetBitCountHi(); - - Transform(m_digest, m_data, true); - - word32 t2 = m_digest[2]; - word32 t3 = m_digest[3]; - if (size != DIGESTSIZE) - { - switch (size) - { - case 16: - m_digest[3] += m_digest[1] + m_digest[4]; - - case 12: - m_digest[2] += m_digest[0] + t3; - - case 8: - m_digest[0] += m_digest[1] + t3; - m_digest[1] += m_digest[4] + t2; - break; - - case 4: - m_digest[0] += - m_digest[1] + - m_digest[2] + - m_digest[3] + - m_digest[4]; - break; - - case 0: - // Used by HashTransformation::Restart() - break; - - default: - throw InvalidArgument("TTMAC_Base: can't truncate a Two-Track-MAC 20 byte digest to " + IntToString(size) + " bytes"); - break; - } - } - - CorrectEndianess(m_digest, m_digest, size); - memcpy(hash, m_digest, size); - - Restart(); // reinit for next use -} - -// RIPEMD-160 definitions used by Two-Track-MAC - -#define F(x, y, z) (x ^ y ^ z) -#define G(x, y, z) (z ^ (x & (y^z))) -#define H(x, y, z) (z ^ (x | ~y)) -#define I(x, y, z) (y ^ (z & (x^y))) -#define J(x, y, z) (x ^ (y | ~z)) - -#define k0 0 -#define k1 0x5a827999UL -#define k2 0x6ed9eba1UL -#define k3 0x8f1bbcdcUL -#define k4 0xa953fd4eUL -#define k5 0x50a28be6UL -#define k6 0x5c4dd124UL -#define k7 0x6d703ef3UL -#define k8 0x7a6d76e9UL -#define k9 0 - -void TTMAC_Base::Transform(word32 *digest, const word32 *X, bool last) -{ -#define Subround(f, a, b, c, d, e, x, s, k) \ - a += f(b, c, d) + x + k;\ - a = rotlFixed((word32)a, s) + e;\ - c = rotlFixed((word32)c, 10U) - - word32 a1, b1, c1, d1, e1, a2, b2, c2, d2, e2; - word32 *trackA, *trackB; - - if (!last) - { - trackA = digest; - trackB = digest+5; - } - else - { - trackB = digest; - trackA = digest+5; - } - a1 = trackA[0]; - b1 = trackA[1]; - c1 = trackA[2]; - d1 = trackA[3]; - e1 = trackA[4]; - a2 = trackB[0]; - b2 = trackB[1]; - c2 = trackB[2]; - d2 = trackB[3]; - e2 = trackB[4]; - - Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0); - Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0); - Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0); - Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0); - Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0); - Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0); - Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0); - Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0); - - Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1); - Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1); - Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1); - Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1); - Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1); - Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1); - Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1); - - Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2); - Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2); - Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2); - Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2); - Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2); - Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2); - Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2); - - Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3); - Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3); - Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3); - Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3); - Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3); - Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3); - Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3); - Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3); - - Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4); - Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4); - Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4); - Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4); - Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4); - Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4); - Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4); - Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4); - Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4); - - Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5); - Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5); - Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5); - Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5); - Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5); - Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5); - Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5); - Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5); - - Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6); - Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6); - Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6); - Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6); - Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6); - Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6); - Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6); - - Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7); - Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7); - Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7); - Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7); - Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7); - Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7); - - Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8); - Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8); - Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8); - Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8); - Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8); - Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8); - Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8); - Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8); - Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8); - Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8); - - Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9); - Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9); - Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9); - Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9); - Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9); - Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9); - Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9); - - a1 -= trackA[0]; - b1 -= trackA[1]; - c1 -= trackA[2]; - d1 -= trackA[3]; - e1 -= trackA[4]; - a2 -= trackB[0]; - b2 -= trackB[1]; - c2 -= trackB[2]; - d2 -= trackB[3]; - e2 -= trackB[4]; - - if (!last) - { - trackA[0] = (b1 + e1) - d2; - trackA[1] = c1 - e2; - trackA[2] = d1 - a2; - trackA[3] = e1 - b2; - trackA[4] = a1 - c2; - trackB[0] = d1 - e2; - trackB[1] = (e1 + c1) - a2; - trackB[2] = a1 - b2; - trackB[3] = b1 - c2; - trackB[4] = c1 - d2; - } - else - { - trackB[0] = a2 - a1; - trackB[1] = b2 - b1; - trackB[2] = c2 - c1; - trackB[3] = d2 - d1; - trackB[4] = e2 - e1; - trackA[0] = 0; - trackA[1] = 0; - trackA[2] = 0; - trackA[3] = 0; - trackA[4] = 0; - } -} - -NAMESPACE_END diff --git a/cryptopp562/ttmac.h b/cryptopp562/ttmac.h deleted file mode 100644 index b4bf86e..0000000 --- a/cryptopp562/ttmac.h +++ /dev/null @@ -1,38 +0,0 @@ -// ttmac.h - written and placed in the public domain by Kevin Springle - -#ifndef CRYPTOPP_TTMAC_H -#define CRYPTOPP_TTMAC_H - -#include "seckey.h" -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_NO_VTABLE TTMAC_Base : public FixedKeyLength<20>, public IteratedHash<word32, LittleEndian, 64, MessageAuthenticationCode> -{ -public: - static std::string StaticAlgorithmName() {return std::string("Two-Track-MAC");} - CRYPTOPP_CONSTANT(DIGESTSIZE=20) - - unsigned int DigestSize() const {return DIGESTSIZE;}; - void UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms); - void TruncatedFinal(byte *mac, size_t size); - -protected: - static void Transform (word32 *digest, const word32 *X, bool last); - void HashEndianCorrectedBlock(const word32 *data) {Transform(m_digest, data, false);} - void Init(); - word32* StateBuf() {return m_digest;} - - FixedSizeSecBlock<word32, 10> m_digest; - FixedSizeSecBlock<word32, 5> m_key; -}; - -//! <a href="http://www.weidai.com/scan-mirror/mac.html#TTMAC">Two-Track-MAC</a> -/*! 160 Bit MAC with 160 Bit Key */ -DOCUMENTED_TYPEDEF(MessageAuthenticationCodeFinal<TTMAC_Base>, TTMAC) - -NAMESPACE_END - -#endif diff --git a/cryptopp562/twofish.cpp b/cryptopp562/twofish.cpp deleted file mode 100644 index 064f16c..0000000 --- a/cryptopp562/twofish.cpp +++ /dev/null @@ -1,168 +0,0 @@ -// twofish.cpp - modified by Wei Dai from Matthew Skala's twofish.c -// The original code and all modifications are in the public domain. - -#include "pch.h" -#include "twofish.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -// compute (c * x^4) mod (x^4 + (a + 1/a) * x^3 + a * x^2 + (a + 1/a) * x + 1) -// over GF(256) -static inline unsigned int Mod(unsigned int c) -{ - static const unsigned int modulus = 0x14d; - unsigned int c2 = (c<<1) ^ ((c & 0x80) ? modulus : 0); - unsigned int c1 = c2 ^ (c>>1) ^ ((c & 1) ? (modulus>>1) : 0); - return c | (c1 << 8) | (c2 << 16) | (c1 << 24); -} - -// compute RS(12,8) code with the above polynomial as generator -// this is equivalent to multiplying by the RS matrix -static word32 ReedSolomon(word32 high, word32 low) -{ - for (unsigned int i=0; i<8; i++) - { - high = Mod(high>>24) ^ (high<<8) ^ (low>>24); - low <<= 8; - } - return high; -} - -inline word32 Twofish::Base::h0(word32 x, const word32 *key, unsigned int kLen) -{ - x = x | (x<<8) | (x<<16) | (x<<24); - switch(kLen) - { -#define Q(a, b, c, d, t) q[a][GETBYTE(t,0)] ^ (q[b][GETBYTE(t,1)] << 8) ^ (q[c][GETBYTE(t,2)] << 16) ^ (q[d][GETBYTE(t,3)] << 24) - case 4: x = Q(1, 0, 0, 1, x) ^ key[6]; - case 3: x = Q(1, 1, 0, 0, x) ^ key[4]; - case 2: x = Q(0, 1, 0, 1, x) ^ key[2]; - x = Q(0, 0, 1, 1, x) ^ key[0]; - } - return x; -} - -inline word32 Twofish::Base::h(word32 x, const word32 *key, unsigned int kLen) -{ - x = h0(x, key, kLen); - return mds[0][GETBYTE(x,0)] ^ mds[1][GETBYTE(x,1)] ^ mds[2][GETBYTE(x,2)] ^ mds[3][GETBYTE(x,3)]; -} - -void Twofish::Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &) -{ - AssertValidKeyLength(keylength); - - unsigned int len = (keylength <= 16 ? 2 : (keylength <= 24 ? 3 : 4)); - SecBlock<word32> key(len*2); - GetUserKey(LITTLE_ENDIAN_ORDER, key.begin(), len*2, userKey, keylength); - - unsigned int i; - for (i=0; i<40; i+=2) - { - word32 a = h(i, key, len); - word32 b = rotlFixed(h(i+1, key+1, len), 8); - m_k[i] = a+b; - m_k[i+1] = rotlFixed(a+2*b, 9); - } - - SecBlock<word32> svec(2*len); - for (i=0; i<len; i++) - svec[2*(len-i-1)] = ReedSolomon(key[2*i+1], key[2*i]); - for (i=0; i<256; i++) - { - word32 t = h0(i, svec, len); - m_s[0*256+i] = mds[0][GETBYTE(t, 0)]; - m_s[1*256+i] = mds[1][GETBYTE(t, 1)]; - m_s[2*256+i] = mds[2][GETBYTE(t, 2)]; - m_s[3*256+i] = mds[3][GETBYTE(t, 3)]; - } -} - -#define G1(x) (m_s[0*256+GETBYTE(x,0)] ^ m_s[1*256+GETBYTE(x,1)] ^ m_s[2*256+GETBYTE(x,2)] ^ m_s[3*256+GETBYTE(x,3)]) -#define G2(x) (m_s[0*256+GETBYTE(x,3)] ^ m_s[1*256+GETBYTE(x,0)] ^ m_s[2*256+GETBYTE(x,1)] ^ m_s[3*256+GETBYTE(x,2)]) - -#define ENCROUND(n, a, b, c, d) \ - x = G1 (a); y = G2 (b); \ - x += y; y += x + k[2 * (n) + 1]; \ - (c) ^= x + k[2 * (n)]; \ - (c) = rotrFixed(c, 1); \ - (d) = rotlFixed(d, 1) ^ y - -#define ENCCYCLE(n) \ - ENCROUND (2 * (n), a, b, c, d); \ - ENCROUND (2 * (n) + 1, c, d, a, b) - -#define DECROUND(n, a, b, c, d) \ - x = G1 (a); y = G2 (b); \ - x += y; y += x; \ - (d) ^= y + k[2 * (n) + 1]; \ - (d) = rotrFixed(d, 1); \ - (c) = rotlFixed(c, 1); \ - (c) ^= (x + k[2 * (n)]) - -#define DECCYCLE(n) \ - DECROUND (2 * (n) + 1, c, d, a, b); \ - DECROUND (2 * (n), a, b, c, d) - -typedef BlockGetAndPut<word32, LittleEndian> Block; - -void Twofish::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 x, y, a, b, c, d; - - Block::Get(inBlock)(a)(b)(c)(d); - - a ^= m_k[0]; - b ^= m_k[1]; - c ^= m_k[2]; - d ^= m_k[3]; - - const word32 *k = m_k+8; - ENCCYCLE (0); - ENCCYCLE (1); - ENCCYCLE (2); - ENCCYCLE (3); - ENCCYCLE (4); - ENCCYCLE (5); - ENCCYCLE (6); - ENCCYCLE (7); - - c ^= m_k[4]; - d ^= m_k[5]; - a ^= m_k[6]; - b ^= m_k[7]; - - Block::Put(xorBlock, outBlock)(c)(d)(a)(b); -} - -void Twofish::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 x, y, a, b, c, d; - - Block::Get(inBlock)(c)(d)(a)(b); - - c ^= m_k[4]; - d ^= m_k[5]; - a ^= m_k[6]; - b ^= m_k[7]; - - const word32 *k = m_k+8; - DECCYCLE (7); - DECCYCLE (6); - DECCYCLE (5); - DECCYCLE (4); - DECCYCLE (3); - DECCYCLE (2); - DECCYCLE (1); - DECCYCLE (0); - - a ^= m_k[0]; - b ^= m_k[1]; - c ^= m_k[2]; - d ^= m_k[3]; - - Block::Put(xorBlock, outBlock)(a)(b)(c)(d); -} - -NAMESPACE_END diff --git a/cryptopp562/twofish.h b/cryptopp562/twofish.h deleted file mode 100644 index 9ba2903..0000000 --- a/cryptopp562/twofish.h +++ /dev/null @@ -1,59 +0,0 @@ -#ifndef CRYPTOPP_TWOFISH_H -#define CRYPTOPP_TWOFISH_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Twofish_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 0, 32>, FixedRounds<16> -{ - static const char *StaticAlgorithmName() {return "Twofish";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#Twofish">Twofish</a> -class Twofish : public Twofish_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<Twofish_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - static word32 h0(word32 x, const word32 *key, unsigned int kLen); - static word32 h(word32 x, const word32 *key, unsigned int kLen); - - static const byte q[2][256]; - static const word32 mds[4][256]; - - FixedSizeSecBlock<word32, 40> m_k; - FixedSizeSecBlock<word32, 4*256> m_s; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef Twofish::Encryption TwofishEncryption; -typedef Twofish::Decryption TwofishDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/validat1.cpp b/cryptopp562/validat1.cpp deleted file mode 100644 index a40816b..0000000 --- a/cryptopp562/validat1.cpp +++ /dev/null @@ -1,1409 +0,0 @@ -// validat1.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "files.h" -#include "hex.h" -#include "base32.h" -#include "base64.h" -#include "modes.h" -#include "cbcmac.h" -#include "dmac.h" -#include "idea.h" -#include "des.h" -#include "rc2.h" -#include "arc4.h" -#include "rc5.h" -#include "blowfish.h" -#include "3way.h" -#include "safer.h" -#include "gost.h" -#include "shark.h" -#include "cast.h" -#include "square.h" -#include "seal.h" -#include "rc6.h" -#include "mars.h" -#include "rijndael.h" -#include "twofish.h" -#include "serpent.h" -#include "skipjack.h" -#include "shacal2.h" -#include "camellia.h" -#include "osrng.h" -#include "zdeflate.h" -#include "cpu.h" - -#include <time.h> -#include <memory> -#include <iostream> -#include <iomanip> - -#include "validate.h" - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -bool ValidateAll(bool thorough) -{ - bool pass=TestSettings(); - pass=TestOS_RNG() && pass; - - pass=ValidateCRC32() && pass; - pass=ValidateAdler32() && pass; - pass=ValidateMD2() && pass; - pass=ValidateMD5() && pass; - pass=ValidateSHA() && pass; - pass=RunTestDataFile("TestVectors/sha3.txt") && pass; - pass=ValidateTiger() && pass; - pass=ValidateRIPEMD() && pass; - pass=ValidatePanama() && pass; - pass=ValidateWhirlpool() && pass; - - pass=ValidateHMAC() && pass; - pass=ValidateTTMAC() && pass; - - pass=ValidatePBKDF() && pass; - - pass=ValidateDES() && pass; - pass=ValidateCipherModes() && pass; - pass=ValidateIDEA() && pass; - pass=ValidateSAFER() && pass; - pass=ValidateRC2() && pass; - pass=ValidateARC4() && pass; - pass=ValidateRC5() && pass; - pass=ValidateBlowfish() && pass; - pass=ValidateThreeWay() && pass; - pass=ValidateGOST() && pass; - pass=ValidateSHARK() && pass; - pass=ValidateCAST() && pass; - pass=ValidateSquare() && pass; - pass=ValidateSKIPJACK() && pass; - pass=ValidateSEAL() && pass; - pass=ValidateRC6() && pass; - pass=ValidateMARS() && pass; - pass=ValidateRijndael() && pass; - pass=ValidateTwofish() && pass; - pass=ValidateSerpent() && pass; - pass=ValidateSHACAL2() && pass; - pass=ValidateCamellia() && pass; - pass=ValidateSalsa() && pass; - pass=ValidateSosemanuk() && pass; - pass=ValidateVMAC() && pass; - pass=ValidateCCM() && pass; - pass=ValidateGCM() && pass; - pass=ValidateCMAC() && pass; - pass=RunTestDataFile("TestVectors/eax.txt") && pass; - pass=RunTestDataFile("TestVectors/seed.txt") && pass; - - pass=ValidateBBS() && pass; - pass=ValidateDH() && pass; - pass=ValidateMQV() && pass; - pass=ValidateRSA() && pass; - pass=ValidateElGamal() && pass; - pass=ValidateDLIES() && pass; - pass=ValidateNR() && pass; - pass=ValidateDSA(thorough) && pass; - pass=ValidateLUC() && pass; - pass=ValidateLUC_DH() && pass; - pass=ValidateLUC_DL() && pass; - pass=ValidateXTR_DH() && pass; - pass=ValidateRabin() && pass; - pass=ValidateRW() && pass; -// pass=ValidateBlumGoldwasser() && pass; - pass=ValidateECP() && pass; - pass=ValidateEC2N() && pass; - pass=ValidateECDSA() && pass; - pass=ValidateESIGN() && pass; - - if (pass) - cout << "\nAll tests passed!\n"; - else - cout << "\nOops! Not all tests passed.\n"; - - return pass; -} - -bool TestSettings() -{ - bool pass = true; - - cout << "\nTesting Settings...\n\n"; - - word32 w; - memcpy_s(&w, sizeof(w), "\x01\x02\x03\x04", 4); - - if (w == 0x04030201L) - { -#ifdef IS_LITTLE_ENDIAN - cout << "passed: "; -#else - cout << "FAILED: "; - pass = false; -#endif - cout << "Your machine is little endian.\n"; - } - else if (w == 0x01020304L) - { -#ifndef IS_LITTLE_ENDIAN - cout << "passed: "; -#else - cout << "FAILED: "; - pass = false; -#endif - cout << "Your machine is big endian.\n"; - } - else - { - cout << "FAILED: Your machine is neither big endian nor little endian.\n"; - pass = false; - } - -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - byte testvals[10] = {1,2,2,3,3,3,3,2,2,1}; - if (*(word32 *)(testvals+3) == 0x03030303 && *(word64 *)(testvals+1) == W64LIT(0x0202030303030202)) - cout << "passed: Your machine allows unaligned data access.\n"; - else - { - cout << "FAILED: Unaligned data access gave incorrect results.\n"; - pass = false; - } -#else - cout << "passed: CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is not defined. Will restrict to aligned data access.\n"; -#endif - - if (sizeof(byte) == 1) - cout << "passed: "; - else - { - cout << "FAILED: "; - pass = false; - } - cout << "sizeof(byte) == " << sizeof(byte) << endl; - - if (sizeof(word16) == 2) - cout << "passed: "; - else - { - cout << "FAILED: "; - pass = false; - } - cout << "sizeof(word16) == " << sizeof(word16) << endl; - - if (sizeof(word32) == 4) - cout << "passed: "; - else - { - cout << "FAILED: "; - pass = false; - } - cout << "sizeof(word32) == " << sizeof(word32) << endl; - - if (sizeof(word64) == 8) - cout << "passed: "; - else - { - cout << "FAILED: "; - pass = false; - } - cout << "sizeof(word64) == " << sizeof(word64) << endl; - -#ifdef CRYPTOPP_WORD128_AVAILABLE - if (sizeof(word128) == 16) - cout << "passed: "; - else - { - cout << "FAILED: "; - pass = false; - } - cout << "sizeof(word128) == " << sizeof(word128) << endl; -#endif - - if (sizeof(word) == 2*sizeof(hword) -#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - && sizeof(dword) == 2*sizeof(word) -#endif - ) - cout << "passed: "; - else - { - cout << "FAILED: "; - pass = false; - } - cout << "sizeof(hword) == " << sizeof(hword) << ", sizeof(word) == " << sizeof(word); -#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - cout << ", sizeof(dword) == " << sizeof(dword); -#endif - cout << endl; - -#ifdef CRYPTOPP_CPUID_AVAILABLE - bool hasMMX = HasMMX(); - bool hasISSE = HasISSE(); - bool hasSSE2 = HasSSE2(); - bool hasSSSE3 = HasSSSE3(); - bool isP4 = IsP4(); - int cacheLineSize = GetCacheLineSize(); - - if ((isP4 && (!hasMMX || !hasSSE2)) || (hasSSE2 && !hasMMX) || (cacheLineSize < 16 || cacheLineSize > 256 || !IsPowerOf2(cacheLineSize))) - { - cout << "FAILED: "; - pass = false; - } - else - cout << "passed: "; - - cout << "hasMMX == " << hasMMX << ", hasISSE == " << hasISSE << ", hasSSE2 == " << hasSSE2 << ", hasSSSE3 == " << hasSSSE3 << ", hasAESNI == " << HasAESNI() << ", hasCLMUL == " << HasCLMUL() << ", isP4 == " << isP4 << ", cacheLineSize == " << cacheLineSize; - cout << ", AESNI_INTRINSICS == " << CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE << endl; -#endif - - if (!pass) - { - cout << "Some critical setting in config.h is in error. Please fix it and recompile." << endl; - abort(); - } - return pass; -} - -bool TestOS_RNG() -{ - bool pass = true; - - member_ptr<RandomNumberGenerator> rng; -#ifdef BLOCKING_RNG_AVAILABLE - try {rng.reset(new BlockingRng);} - catch (OS_RNG_Err &) {} -#endif - - if (rng.get()) - { - cout << "\nTesting operating system provided blocking random number generator...\n\n"; - - ArraySink *sink; - RandomNumberSource test(*rng, UINT_MAX, false, new Deflator(sink=new ArraySink(NULL,0))); - unsigned long total=0, length=0; - time_t t = time(NULL), t1 = 0; - - // check that it doesn't take too long to generate a reasonable amount of randomness - while (total < 16 && (t1 < 10 || total*8 > (unsigned long)t1)) - { - test.Pump(1); - total += 1; - t1 = time(NULL) - t; - } - - if (total < 16) - { - cout << "FAILED:"; - pass = false; - } - else - cout << "passed:"; - cout << " it took " << long(t1) << " seconds to generate " << total << " bytes" << endl; - -#if 0 // disable this part. it's causing an unpredictable pause during the validation testing - if (t1 < 2) - { - // that was fast, are we really blocking? - // first exhaust the extropy reserve - t = time(NULL); - while (time(NULL) - t < 2) - { - test.Pump(1); - total += 1; - } - - // if it generates too many bytes in a certain amount of time, - // something's probably wrong - t = time(NULL); - while (time(NULL) - t < 2) - { - test.Pump(1); - total += 1; - length += 1; - } - if (length > 1024) - { - cout << "FAILED:"; - pass = false; - } - else - cout << "passed:"; - cout << " it generated " << length << " bytes in " << long(time(NULL) - t) << " seconds" << endl; - } -#endif - - test.AttachedTransformation()->MessageEnd(); - - if (sink->TotalPutLength() < total) - { - cout << "FAILED:"; - pass = false; - } - else - cout << "passed:"; - cout << " " << total << " generated bytes compressed to " << (size_t)sink->TotalPutLength() << " bytes by DEFLATE" << endl; - } - else - cout << "\nNo operating system provided blocking random number generator, skipping test." << endl; - - rng.reset(NULL); -#ifdef NONBLOCKING_RNG_AVAILABLE - try {rng.reset(new NonblockingRng);} - catch (OS_RNG_Err &) {} -#endif - - if (rng.get()) - { - cout << "\nTesting operating system provided nonblocking random number generator...\n\n"; - - ArraySink *sink; - RandomNumberSource test(*rng, 100000, true, new Deflator(sink=new ArraySink(NULL, 0))); - - if (sink->TotalPutLength() < 100000) - { - cout << "FAILED:"; - pass = false; - } - else - cout << "passed:"; - cout << " 100000 generated bytes compressed to " << (size_t)sink->TotalPutLength() << " bytes by DEFLATE" << endl; - } - else - cout << "\nNo operating system provided nonblocking random number generator, skipping test." << endl; - - return pass; -} - -// VC50 workaround -typedef auto_ptr<BlockTransformation> apbt; - -class CipherFactory -{ -public: - virtual unsigned int BlockSize() const =0; - virtual unsigned int KeyLength() const =0; - - virtual apbt NewEncryption(const byte *key) const =0; - virtual apbt NewDecryption(const byte *key) const =0; -}; - -template <class E, class D> class FixedRoundsCipherFactory : public CipherFactory -{ -public: - FixedRoundsCipherFactory(unsigned int keylen=0) : m_keylen(keylen?keylen:E::DEFAULT_KEYLENGTH) {} - unsigned int BlockSize() const {return E::BLOCKSIZE;} - unsigned int KeyLength() const {return m_keylen;} - - apbt NewEncryption(const byte *key) const - {return apbt(new E(key, m_keylen));} - apbt NewDecryption(const byte *key) const - {return apbt(new D(key, m_keylen));} - - unsigned int m_keylen; -}; - -template <class E, class D> class VariableRoundsCipherFactory : public CipherFactory -{ -public: - VariableRoundsCipherFactory(unsigned int keylen=0, unsigned int rounds=0) - : m_keylen(keylen ? keylen : E::DEFAULT_KEYLENGTH), m_rounds(rounds ? rounds : E::DEFAULT_ROUNDS) {} - unsigned int BlockSize() const {return E::BLOCKSIZE;} - unsigned int KeyLength() const {return m_keylen;} - - apbt NewEncryption(const byte *key) const - {return apbt(new E(key, m_keylen, m_rounds));} - apbt NewDecryption(const byte *key) const - {return apbt(new D(key, m_keylen, m_rounds));} - - unsigned int m_keylen, m_rounds; -}; - -bool BlockTransformationTest(const CipherFactory &cg, BufferedTransformation &valdata, unsigned int tuples = 0xffff) -{ - HexEncoder output(new FileSink(cout)); - SecByteBlock plain(cg.BlockSize()), cipher(cg.BlockSize()), out(cg.BlockSize()), outplain(cg.BlockSize()); - SecByteBlock key(cg.KeyLength()); - bool pass=true, fail; - - while (valdata.MaxRetrievable() && tuples--) - { - valdata.Get(key, cg.KeyLength()); - valdata.Get(plain, cg.BlockSize()); - valdata.Get(cipher, cg.BlockSize()); - - apbt transE = cg.NewEncryption(key); - transE->ProcessBlock(plain, out); - fail = memcmp(out, cipher, cg.BlockSize()) != 0; - - apbt transD = cg.NewDecryption(key); - transD->ProcessBlock(out, outplain); - fail=fail || memcmp(outplain, plain, cg.BlockSize()); - - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - output.Put(key, cg.KeyLength()); - cout << " "; - output.Put(outplain, cg.BlockSize()); - cout << " "; - output.Put(out, cg.BlockSize()); - cout << endl; - } - return pass; -} - -class FilterTester : public Unflushable<Sink> -{ -public: - FilterTester(const byte *validOutput, size_t outputLen) - : validOutput(validOutput), outputLen(outputLen), counter(0), fail(false) {} - void PutByte(byte inByte) - { - if (counter >= outputLen || validOutput[counter] != inByte) - { - std::cerr << "incorrect output " << counter << ", " << (word16)validOutput[counter] << ", " << (word16)inByte << "\n"; - fail = true; - assert(false); - } - counter++; - } - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) - { - while (length--) - FilterTester::PutByte(*inString++); - - if (messageEnd) - if (counter != outputLen) - { - fail = true; - assert(false); - } - - return 0; - } - bool GetResult() - { - return !fail; - } - - const byte *validOutput; - size_t outputLen, counter; - bool fail; -}; - -bool TestFilter(BufferedTransformation &bt, const byte *in, size_t inLen, const byte *out, size_t outLen) -{ - FilterTester *ft; - bt.Attach(ft = new FilterTester(out, outLen)); - - while (inLen) - { - size_t randomLen = GlobalRNG().GenerateWord32(0, (word32)inLen); - bt.Put(in, randomLen); - in += randomLen; - inLen -= randomLen; - } - bt.MessageEnd(); - return ft->GetResult(); -} - -bool ValidateDES() -{ - cout << "\nDES validation suite running...\n\n"; - - FileSource valdata("TestData/descert.dat", true, new HexDecoder); - bool pass = BlockTransformationTest(FixedRoundsCipherFactory<DESEncryption, DESDecryption>(), valdata); - - cout << "\nTesting EDE2, EDE3, and XEX3 variants...\n\n"; - - FileSource valdata1("TestData/3desval.dat", true, new HexDecoder); - pass = BlockTransformationTest(FixedRoundsCipherFactory<DES_EDE2_Encryption, DES_EDE2_Decryption>(), valdata1, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<DES_EDE3_Encryption, DES_EDE3_Decryption>(), valdata1, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<DES_XEX3_Encryption, DES_XEX3_Decryption>(), valdata1, 1) && pass; - - return pass; -} - -bool TestModeIV(SymmetricCipher &e, SymmetricCipher &d) -{ - SecByteBlock lastIV, iv(e.IVSize()); - StreamTransformationFilter filter(e, new StreamTransformationFilter(d)); - byte plaintext[20480]; - - for (unsigned int i=1; i<sizeof(plaintext); i*=2) - { - e.GetNextIV(GlobalRNG(), iv); - if (iv == lastIV) - return false; - else - lastIV = iv; - - e.Resynchronize(iv); - d.Resynchronize(iv); - - unsigned int length = STDMAX(GlobalRNG().GenerateWord32(0, i), (word32)e.MinLastBlockSize()); - GlobalRNG().GenerateBlock(plaintext, length); - - if (!TestFilter(filter, plaintext, length, plaintext, length)) - return false; - } - - return true; -} - -bool ValidateCipherModes() -{ - cout << "\nTesting DES modes...\n\n"; - const byte key[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; - const byte iv[] = {0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; - const byte plain[] = { // "Now is the time for all " without tailing 0 - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20}; - DESEncryption desE(key); - DESDecryption desD(key); - bool pass=true, fail; - - { - // from FIPS 81 - const byte encrypted[] = { - 0x3f, 0xa4, 0x0e, 0x8a, 0x98, 0x4d, 0x48, 0x15, - 0x6a, 0x27, 0x17, 0x87, 0xab, 0x88, 0x83, 0xf9, - 0x89, 0x3d, 0x51, 0xec, 0x4b, 0x56, 0x3b, 0x53}; - - ECB_Mode_ExternalCipher::Encryption modeE(desE); - fail = !TestFilter(StreamTransformationFilter(modeE, NULL, StreamTransformationFilter::NO_PADDING).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "ECB encryption" << endl; - - ECB_Mode_ExternalCipher::Decryption modeD(desD); - fail = !TestFilter(StreamTransformationFilter(modeD, NULL, StreamTransformationFilter::NO_PADDING).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "ECB decryption" << endl; - } - { - // from FIPS 81 - const byte encrypted[] = { - 0xE5, 0xC7, 0xCD, 0xDE, 0x87, 0x2B, 0xF2, 0x7C, - 0x43, 0xE9, 0x34, 0x00, 0x8C, 0x38, 0x9C, 0x0F, - 0x68, 0x37, 0x88, 0x49, 0x9A, 0x7C, 0x05, 0xF6}; - - CBC_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE, NULL, StreamTransformationFilter::NO_PADDING).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC encryption with no padding" << endl; - - CBC_Mode_ExternalCipher::Decryption modeD(desD, iv); - fail = !TestFilter(StreamTransformationFilter(modeD, NULL, StreamTransformationFilter::NO_PADDING).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC decryption with no padding" << endl; - - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC mode IV generation" << endl; - } - { - // generated with Crypto++, matches FIPS 81 - // but has extra 8 bytes as result of padding - const byte encrypted[] = { - 0xE5, 0xC7, 0xCD, 0xDE, 0x87, 0x2B, 0xF2, 0x7C, - 0x43, 0xE9, 0x34, 0x00, 0x8C, 0x38, 0x9C, 0x0F, - 0x68, 0x37, 0x88, 0x49, 0x9A, 0x7C, 0x05, 0xF6, - 0x62, 0xC1, 0x6A, 0x27, 0xE4, 0xFC, 0xF2, 0x77}; - - CBC_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC encryption with PKCS #7 padding" << endl; - - CBC_Mode_ExternalCipher::Decryption modeD(desD, iv); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC decryption with PKCS #7 padding" << endl; - } - { - // generated with Crypto++ 5.2, matches FIPS 81 - // but has extra 8 bytes as result of padding - const byte encrypted[] = { - 0xE5, 0xC7, 0xCD, 0xDE, 0x87, 0x2B, 0xF2, 0x7C, - 0x43, 0xE9, 0x34, 0x00, 0x8C, 0x38, 0x9C, 0x0F, - 0x68, 0x37, 0x88, 0x49, 0x9A, 0x7C, 0x05, 0xF6, - 0xcf, 0xb7, 0xc7, 0x64, 0x0e, 0x7c, 0xd9, 0xa7}; - - CBC_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE, NULL, StreamTransformationFilter::ONE_AND_ZEROS_PADDING).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC encryption with one-and-zeros padding" << endl; - - CBC_Mode_ExternalCipher::Decryption modeD(desD, iv); - fail = !TestFilter(StreamTransformationFilter(modeD, NULL, StreamTransformationFilter::ONE_AND_ZEROS_PADDING).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC decryption with one-and-zeros padding" << endl; - } - { - const byte plain[] = {'a', 0, 0, 0, 0, 0, 0, 0}; - // generated with Crypto++ - const byte encrypted[] = { - 0x9B, 0x47, 0x57, 0x59, 0xD6, 0x9C, 0xF6, 0xD0}; - - CBC_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE, NULL, StreamTransformationFilter::ZEROS_PADDING).Ref(), - plain, 1, encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC encryption with zeros padding" << endl; - - CBC_Mode_ExternalCipher::Decryption modeD(desD, iv); - fail = !TestFilter(StreamTransformationFilter(modeD, NULL, StreamTransformationFilter::ZEROS_PADDING).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC decryption with zeros padding" << endl; - } - { - // generated with Crypto++, matches FIPS 81 - // but with last two blocks swapped as result of CTS - const byte encrypted[] = { - 0xE5, 0xC7, 0xCD, 0xDE, 0x87, 0x2B, 0xF2, 0x7C, - 0x68, 0x37, 0x88, 0x49, 0x9A, 0x7C, 0x05, 0xF6, - 0x43, 0xE9, 0x34, 0x00, 0x8C, 0x38, 0x9C, 0x0F}; - - CBC_CTS_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC encryption with ciphertext stealing (CTS)" << endl; - - CBC_CTS_Mode_ExternalCipher::Decryption modeD(desD, iv); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC decryption with ciphertext stealing (CTS)" << endl; - - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC CTS IV generation" << endl; - } - { - // generated with Crypto++ - const byte decryptionIV[] = {0x4D, 0xD0, 0xAC, 0x8F, 0x47, 0xCF, 0x79, 0xCE}; - const byte encrypted[] = {0x12, 0x34, 0x56}; - - byte stolenIV[8]; - - CBC_CTS_Mode_ExternalCipher::Encryption modeE(desE, iv); - modeE.SetStolenIV(stolenIV); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, 3, encrypted, sizeof(encrypted)); - fail = memcmp(stolenIV, decryptionIV, 8) != 0 || fail; - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC encryption with ciphertext and IV stealing" << endl; - - CBC_CTS_Mode_ExternalCipher::Decryption modeD(desD, stolenIV); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, 3); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC decryption with ciphertext and IV stealing" << endl; - } - { - const byte encrypted[] = { // from FIPS 81 - 0xF3,0x09,0x62,0x49,0xC7,0xF4,0x6E,0x51, - 0xA6,0x9E,0x83,0x9B,0x1A,0x92,0xF7,0x84, - 0x03,0x46,0x71,0x33,0x89,0x8E,0xA6,0x22}; - - CFB_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CFB encryption" << endl; - - CFB_Mode_ExternalCipher::Decryption modeD(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CFB decryption" << endl; - - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CFB mode IV generation" << endl; - } - { - const byte plain[] = { // "Now is the." without tailing 0 - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,0x68,0x65}; - const byte encrypted[] = { // from FIPS 81 - 0xf3,0x1f,0xda,0x07,0x01,0x14,0x62,0xee,0x18,0x7f}; - - CFB_Mode_ExternalCipher::Encryption modeE(desE, iv, 1); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CFB (8-bit feedback) encryption" << endl; - - CFB_Mode_ExternalCipher::Decryption modeD(desE, iv, 1); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CFB (8-bit feedback) decryption" << endl; - - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CFB (8-bit feedback) IV generation" << endl; - } - { - const byte encrypted[] = { // from Eric Young's libdes - 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51, - 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f, - 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3}; - - OFB_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "OFB encryption" << endl; - - OFB_Mode_ExternalCipher::Decryption modeD(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "OFB decryption" << endl; - - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "OFB IV generation" << endl; - } - { - const byte encrypted[] = { // generated with Crypto++ - 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, - 0x16, 0x3A, 0x8C, 0xA0, 0xFF, 0xC9, 0x4C, 0x27, - 0xFA, 0x2F, 0x80, 0xF4, 0x80, 0xB8, 0x6F, 0x75}; - - CTR_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "Counter Mode encryption" << endl; - - CTR_Mode_ExternalCipher::Decryption modeD(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "Counter Mode decryption" << endl; - - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "Counter Mode IV generation" << endl; - } - { - const byte plain[] = { // "7654321 Now is the time for " - 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20, - 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, - 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, - 0x66, 0x6f, 0x72, 0x20}; - const byte mac1[] = { // from FIPS 113 - 0xf1, 0xd3, 0x0f, 0x68, 0x49, 0x31, 0x2c, 0xa4}; - const byte mac2[] = { // generated with Crypto++ - 0x35, 0x80, 0xC5, 0xC4, 0x6B, 0x81, 0x24, 0xE2}; - - CBC_MAC<DES> cbcmac(key); - HashFilter cbcmacFilter(cbcmac); - fail = !TestFilter(cbcmacFilter, plain, sizeof(plain), mac1, sizeof(mac1)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC MAC" << endl; - - DMAC<DES> dmac(key); - HashFilter dmacFilter(dmac); - fail = !TestFilter(dmacFilter, plain, sizeof(plain), mac2, sizeof(mac2)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "DMAC" << endl; - } - { - CTR_Mode<AES>::Encryption modeE(plain, 16, plain); - CTR_Mode<AES>::Decryption modeD(plain, 16, plain); - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "AES CTR Mode" << endl; - } - { - OFB_Mode<AES>::Encryption modeE(plain, 16, plain); - OFB_Mode<AES>::Decryption modeD(plain, 16, plain); - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "AES OFB Mode" << endl; - } - { - CFB_Mode<AES>::Encryption modeE(plain, 16, plain); - CFB_Mode<AES>::Decryption modeD(plain, 16, plain); - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "AES CFB Mode" << endl; - } - { - CBC_Mode<AES>::Encryption modeE(plain, 16, plain); - CBC_Mode<AES>::Decryption modeD(plain, 16, plain); - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "AES CBC Mode" << endl; - } - - return pass; -} - -bool ValidateIDEA() -{ - cout << "\nIDEA validation suite running...\n\n"; - - FileSource valdata("TestData/ideaval.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory<IDEAEncryption, IDEADecryption>(), valdata); -} - -bool ValidateSAFER() -{ - cout << "\nSAFER validation suite running...\n\n"; - - FileSource valdata("TestData/saferval.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(VariableRoundsCipherFactory<SAFER_K_Encryption, SAFER_K_Decryption>(8,6), valdata, 4) && pass; - pass = BlockTransformationTest(VariableRoundsCipherFactory<SAFER_K_Encryption, SAFER_K_Decryption>(16,12), valdata, 4) && pass; - pass = BlockTransformationTest(VariableRoundsCipherFactory<SAFER_SK_Encryption, SAFER_SK_Decryption>(8,6), valdata, 4) && pass; - pass = BlockTransformationTest(VariableRoundsCipherFactory<SAFER_SK_Encryption, SAFER_SK_Decryption>(16,10), valdata, 4) && pass; - return pass; -} - -bool ValidateRC2() -{ - cout << "\nRC2 validation suite running...\n\n"; - - FileSource valdata("TestData/rc2val.dat", true, new HexDecoder); - HexEncoder output(new FileSink(cout)); - SecByteBlock plain(RC2Encryption::BLOCKSIZE), cipher(RC2Encryption::BLOCKSIZE), out(RC2Encryption::BLOCKSIZE), outplain(RC2Encryption::BLOCKSIZE); - SecByteBlock key(128); - bool pass=true, fail; - - while (valdata.MaxRetrievable()) - { - byte keyLen, effectiveLen; - - valdata.Get(keyLen); - valdata.Get(effectiveLen); - valdata.Get(key, keyLen); - valdata.Get(plain, RC2Encryption::BLOCKSIZE); - valdata.Get(cipher, RC2Encryption::BLOCKSIZE); - - apbt transE(new RC2Encryption(key, keyLen, effectiveLen)); - transE->ProcessBlock(plain, out); - fail = memcmp(out, cipher, RC2Encryption::BLOCKSIZE) != 0; - - apbt transD(new RC2Decryption(key, keyLen, effectiveLen)); - transD->ProcessBlock(out, outplain); - fail=fail || memcmp(outplain, plain, RC2Encryption::BLOCKSIZE); - - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - output.Put(key, keyLen); - cout << " "; - output.Put(outplain, RC2Encryption::BLOCKSIZE); - cout << " "; - output.Put(out, RC2Encryption::BLOCKSIZE); - cout << endl; - } - return pass; -} - -bool ValidateARC4() -{ - unsigned char Key0[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef }; - unsigned char Input0[]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; - unsigned char Output0[] = {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96}; - - unsigned char Key1[]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; - unsigned char Input1[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - unsigned char Output1[]={0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79}; - - unsigned char Key2[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - unsigned char Input2[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - unsigned char Output2[]={0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a}; - - unsigned char Key3[]={0xef,0x01,0x23,0x45}; - unsigned char Input3[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - unsigned char Output3[]={0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61}; - - unsigned char Key4[]={ 0x01,0x23,0x45,0x67,0x89,0xab, 0xcd,0xef }; - unsigned char Input4[] = - {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01}; - unsigned char Output4[]= { - 0x75,0x95,0xc3,0xe6,0x11,0x4a,0x09,0x78,0x0c,0x4a,0xd4, - 0x52,0x33,0x8e,0x1f,0xfd,0x9a,0x1b,0xe9,0x49,0x8f, - 0x81,0x3d,0x76,0x53,0x34,0x49,0xb6,0x77,0x8d,0xca, - 0xd8,0xc7,0x8a,0x8d,0x2b,0xa9,0xac,0x66,0x08,0x5d, - 0x0e,0x53,0xd5,0x9c,0x26,0xc2,0xd1,0xc4,0x90,0xc1, - 0xeb,0xbe,0x0c,0xe6,0x6d,0x1b,0x6b,0x1b,0x13,0xb6, - 0xb9,0x19,0xb8,0x47,0xc2,0x5a,0x91,0x44,0x7a,0x95, - 0xe7,0x5e,0x4e,0xf1,0x67,0x79,0xcd,0xe8,0xbf,0x0a, - 0x95,0x85,0x0e,0x32,0xaf,0x96,0x89,0x44,0x4f,0xd3, - 0x77,0x10,0x8f,0x98,0xfd,0xcb,0xd4,0xe7,0x26,0x56, - 0x75,0x00,0x99,0x0b,0xcc,0x7e,0x0c,0xa3,0xc4,0xaa, - 0xa3,0x04,0xa3,0x87,0xd2,0x0f,0x3b,0x8f,0xbb,0xcd, - 0x42,0xa1,0xbd,0x31,0x1d,0x7a,0x43,0x03,0xdd,0xa5, - 0xab,0x07,0x88,0x96,0xae,0x80,0xc1,0x8b,0x0a,0xf6, - 0x6d,0xff,0x31,0x96,0x16,0xeb,0x78,0x4e,0x49,0x5a, - 0xd2,0xce,0x90,0xd7,0xf7,0x72,0xa8,0x17,0x47,0xb6, - 0x5f,0x62,0x09,0x3b,0x1e,0x0d,0xb9,0xe5,0xba,0x53, - 0x2f,0xaf,0xec,0x47,0x50,0x83,0x23,0xe6,0x71,0x32, - 0x7d,0xf9,0x44,0x44,0x32,0xcb,0x73,0x67,0xce,0xc8, - 0x2f,0x5d,0x44,0xc0,0xd0,0x0b,0x67,0xd6,0x50,0xa0, - 0x75,0xcd,0x4b,0x70,0xde,0xdd,0x77,0xeb,0x9b,0x10, - 0x23,0x1b,0x6b,0x5b,0x74,0x13,0x47,0x39,0x6d,0x62, - 0x89,0x74,0x21,0xd4,0x3d,0xf9,0xb4,0x2e,0x44,0x6e, - 0x35,0x8e,0x9c,0x11,0xa9,0xb2,0x18,0x4e,0xcb,0xef, - 0x0c,0xd8,0xe7,0xa8,0x77,0xef,0x96,0x8f,0x13,0x90, - 0xec,0x9b,0x3d,0x35,0xa5,0x58,0x5c,0xb0,0x09,0x29, - 0x0e,0x2f,0xcd,0xe7,0xb5,0xec,0x66,0xd9,0x08,0x4b, - 0xe4,0x40,0x55,0xa6,0x19,0xd9,0xdd,0x7f,0xc3,0x16, - 0x6f,0x94,0x87,0xf7,0xcb,0x27,0x29,0x12,0x42,0x64, - 0x45,0x99,0x85,0x14,0xc1,0x5d,0x53,0xa1,0x8c,0x86, - 0x4c,0xe3,0xa2,0xb7,0x55,0x57,0x93,0x98,0x81,0x26, - 0x52,0x0e,0xac,0xf2,0xe3,0x06,0x6e,0x23,0x0c,0x91, - 0xbe,0xe4,0xdd,0x53,0x04,0xf5,0xfd,0x04,0x05,0xb3, - 0x5b,0xd9,0x9c,0x73,0x13,0x5d,0x3d,0x9b,0xc3,0x35, - 0xee,0x04,0x9e,0xf6,0x9b,0x38,0x67,0xbf,0x2d,0x7b, - 0xd1,0xea,0xa5,0x95,0xd8,0xbf,0xc0,0x06,0x6f,0xf8, - 0xd3,0x15,0x09,0xeb,0x0c,0x6c,0xaa,0x00,0x6c,0x80, - 0x7a,0x62,0x3e,0xf8,0x4c,0x3d,0x33,0xc1,0x95,0xd2, - 0x3e,0xe3,0x20,0xc4,0x0d,0xe0,0x55,0x81,0x57,0xc8, - 0x22,0xd4,0xb8,0xc5,0x69,0xd8,0x49,0xae,0xd5,0x9d, - 0x4e,0x0f,0xd7,0xf3,0x79,0x58,0x6b,0x4b,0x7f,0xf6, - 0x84,0xed,0x6a,0x18,0x9f,0x74,0x86,0xd4,0x9b,0x9c, - 0x4b,0xad,0x9b,0xa2,0x4b,0x96,0xab,0xf9,0x24,0x37, - 0x2c,0x8a,0x8f,0xff,0xb1,0x0d,0x55,0x35,0x49,0x00, - 0xa7,0x7a,0x3d,0xb5,0xf2,0x05,0xe1,0xb9,0x9f,0xcd, - 0x86,0x60,0x86,0x3a,0x15,0x9a,0xd4,0xab,0xe4,0x0f, - 0xa4,0x89,0x34,0x16,0x3d,0xdd,0xe5,0x42,0xa6,0x58, - 0x55,0x40,0xfd,0x68,0x3c,0xbf,0xd8,0xc0,0x0f,0x12, - 0x12,0x9a,0x28,0x4d,0xea,0xcc,0x4c,0xde,0xfe,0x58, - 0xbe,0x71,0x37,0x54,0x1c,0x04,0x71,0x26,0xc8,0xd4, - 0x9e,0x27,0x55,0xab,0x18,0x1a,0xb7,0xe9,0x40,0xb0, - 0xc0}; - - // VC60 workaround: auto_ptr lacks reset() - member_ptr<Weak::ARC4> arc4; - bool pass=true, fail; - int i; - - cout << "\nARC4 validation suite running...\n\n"; - - arc4.reset(new Weak::ARC4(Key0, sizeof(Key0))); - arc4->ProcessString(Input0, sizeof(Input0)); - fail = memcmp(Input0, Output0, sizeof(Input0)) != 0; - cout << (fail ? "FAILED" : "passed") << " Test 0" << endl; - pass = pass && !fail; - - arc4.reset(new Weak::ARC4(Key1, sizeof(Key1))); - arc4->ProcessString(Key1, Input1, sizeof(Key1)); - fail = memcmp(Output1, Key1, sizeof(Key1)) != 0; - cout << (fail ? "FAILED" : "passed") << " Test 1" << endl; - pass = pass && !fail; - - arc4.reset(new Weak::ARC4(Key2, sizeof(Key2))); - for (i=0, fail=false; i<sizeof(Input2); i++) - if (arc4->ProcessByte(Input2[i]) != Output2[i]) - fail = true; - cout << (fail ? "FAILED" : "passed") << " Test 2" << endl; - pass = pass && !fail; - - arc4.reset(new Weak::ARC4(Key3, sizeof(Key3))); - for (i=0, fail=false; i<sizeof(Input3); i++) - if (arc4->ProcessByte(Input3[i]) != Output3[i]) - fail = true; - cout << (fail ? "FAILED" : "passed") << " Test 3" << endl; - pass = pass && !fail; - - arc4.reset(new Weak::ARC4(Key4, sizeof(Key4))); - for (i=0, fail=false; i<sizeof(Input4); i++) - if (arc4->ProcessByte(Input4[i]) != Output4[i]) - fail = true; - cout << (fail ? "FAILED" : "passed") << " Test 4" << endl; - pass = pass && !fail; - - return pass; -} - -bool ValidateRC5() -{ - cout << "\nRC5 validation suite running...\n\n"; - - FileSource valdata("TestData/rc5val.dat", true, new HexDecoder); - return BlockTransformationTest(VariableRoundsCipherFactory<RC5Encryption, RC5Decryption>(16, 12), valdata); -} - -bool ValidateRC6() -{ - cout << "\nRC6 validation suite running...\n\n"; - - FileSource valdata("TestData/rc6val.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(FixedRoundsCipherFactory<RC6Encryption, RC6Decryption>(16), valdata, 2) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<RC6Encryption, RC6Decryption>(24), valdata, 2) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<RC6Encryption, RC6Decryption>(32), valdata, 2) && pass; - return pass; -} - -bool ValidateMARS() -{ - cout << "\nMARS validation suite running...\n\n"; - - FileSource valdata("TestData/marsval.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(FixedRoundsCipherFactory<MARSEncryption, MARSDecryption>(16), valdata, 4) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<MARSEncryption, MARSDecryption>(24), valdata, 3) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<MARSEncryption, MARSDecryption>(32), valdata, 2) && pass; - return pass; -} - -bool ValidateRijndael() -{ - cout << "\nRijndael (AES) validation suite running...\n\n"; - - FileSource valdata("TestData/rijndael.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(FixedRoundsCipherFactory<RijndaelEncryption, RijndaelDecryption>(16), valdata, 4) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<RijndaelEncryption, RijndaelDecryption>(24), valdata, 3) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<RijndaelEncryption, RijndaelDecryption>(32), valdata, 2) && pass; - pass = RunTestDataFile("TestVectors/aes.txt") && pass; - return pass; -} - -bool ValidateTwofish() -{ - cout << "\nTwofish validation suite running...\n\n"; - - FileSource valdata("TestData/twofishv.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(FixedRoundsCipherFactory<TwofishEncryption, TwofishDecryption>(16), valdata, 4) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<TwofishEncryption, TwofishDecryption>(24), valdata, 3) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<TwofishEncryption, TwofishDecryption>(32), valdata, 2) && pass; - return pass; -} - -bool ValidateSerpent() -{ - cout << "\nSerpent validation suite running...\n\n"; - - FileSource valdata("TestData/serpentv.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(FixedRoundsCipherFactory<SerpentEncryption, SerpentDecryption>(16), valdata, 5) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<SerpentEncryption, SerpentDecryption>(24), valdata, 4) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<SerpentEncryption, SerpentDecryption>(32), valdata, 3) && pass; - return pass; -} - -bool ValidateBlowfish() -{ - cout << "\nBlowfish validation suite running...\n\n"; - - HexEncoder output(new FileSink(cout)); - const char *key[]={"abcdefghijklmnopqrstuvwxyz", "Who is John Galt?"}; - byte *plain[]={(byte *)"BLOWFISH", (byte *)"\xfe\xdc\xba\x98\x76\x54\x32\x10"}; - byte *cipher[]={(byte *)"\x32\x4e\xd0\xfe\xf4\x13\xa2\x03", (byte *)"\xcc\x91\x73\x2b\x80\x22\xf6\x84"}; - byte out[8], outplain[8]; - bool pass=true, fail; - - for (int i=0; i<2; i++) - { - ECB_Mode<Blowfish>::Encryption enc((byte *)key[i], strlen(key[i])); - enc.ProcessData(out, plain[i], 8); - fail = memcmp(out, cipher[i], 8) != 0; - - ECB_Mode<Blowfish>::Decryption dec((byte *)key[i], strlen(key[i])); - dec.ProcessData(outplain, cipher[i], 8); - fail = fail || memcmp(outplain, plain[i], 8); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << '\"' << key[i] << '\"'; - for (int j=0; j<(signed int)(30-strlen(key[i])); j++) - cout << ' '; - output.Put(outplain, 8); - cout << " "; - output.Put(out, 8); - cout << endl; - } - return pass; -} - -bool ValidateThreeWay() -{ - cout << "\n3-WAY validation suite running...\n\n"; - - FileSource valdata("TestData/3wayval.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory<ThreeWayEncryption, ThreeWayDecryption>(), valdata); -} - -bool ValidateGOST() -{ - cout << "\nGOST validation suite running...\n\n"; - - FileSource valdata("TestData/gostval.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory<GOSTEncryption, GOSTDecryption>(), valdata); -} - -bool ValidateSHARK() -{ - cout << "\nSHARK validation suite running...\n\n"; - - FileSource valdata("TestData/sharkval.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory<SHARKEncryption, SHARKDecryption>(), valdata); -} - -bool ValidateCAST() -{ - bool pass = true; - - cout << "\nCAST-128 validation suite running...\n\n"; - - FileSource val128("TestData/cast128v.dat", true, new HexDecoder); - pass = BlockTransformationTest(FixedRoundsCipherFactory<CAST128Encryption, CAST128Decryption>(16), val128, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<CAST128Encryption, CAST128Decryption>(10), val128, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<CAST128Encryption, CAST128Decryption>(5), val128, 1) && pass; - - cout << "\nCAST-256 validation suite running...\n\n"; - - FileSource val256("TestData/cast256v.dat", true, new HexDecoder); - pass = BlockTransformationTest(FixedRoundsCipherFactory<CAST256Encryption, CAST256Decryption>(16), val256, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<CAST256Encryption, CAST256Decryption>(24), val256, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<CAST256Encryption, CAST256Decryption>(32), val256, 1) && pass; - - return pass; -} - -bool ValidateSquare() -{ - cout << "\nSquare validation suite running...\n\n"; - - FileSource valdata("TestData/squareva.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory<SquareEncryption, SquareDecryption>(), valdata); -} - -bool ValidateSKIPJACK() -{ - cout << "\nSKIPJACK validation suite running...\n\n"; - - FileSource valdata("TestData/skipjack.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory<SKIPJACKEncryption, SKIPJACKDecryption>(), valdata); -} - -bool ValidateSEAL() -{ - byte input[] = {0x37,0xa0,0x05,0x95,0x9b,0x84,0xc4,0x9c,0xa4,0xbe,0x1e,0x05,0x06,0x73,0x53,0x0f,0x5f,0xb0,0x97,0xfd,0xf6,0xa1,0x3f,0xbd,0x6c,0x2c,0xde,0xcd,0x81,0xfd,0xee,0x7c}; - byte output[32]; - byte key[] = {0x67, 0x45, 0x23, 0x01, 0xef, 0xcd, 0xab, 0x89, 0x98, 0xba, 0xdc, 0xfe, 0x10, 0x32, 0x54, 0x76, 0xc3, 0xd2, 0xe1, 0xf0}; - byte iv[] = {0x01, 0x35, 0x77, 0xaf}; - - cout << "\nSEAL validation suite running...\n\n"; - - SEAL<>::Encryption seal(key, sizeof(key), iv); - unsigned int size = sizeof(input); - bool pass = true; - - memset(output, 1, size); - seal.ProcessString(output, input, size); - for (unsigned int i=0; i<size; i++) - if (output[i] != 0) - pass = false; - - seal.Seek(1); - output[1] = seal.ProcessByte(output[1]); - seal.ProcessString(output+2, size-2); - pass = pass && memcmp(output+1, input+1, size-1) == 0; - - cout << (pass ? "passed" : "FAILED") << endl; - return pass; -} - -bool ValidateBaseCode() -{ - bool pass = true, fail; - byte data[255]; - for (unsigned int i=0; i<255; i++) - data[i] = i; - const char *hexEncoded = -"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627" -"28292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F" -"505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071727374757677" -"78797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9F" -"A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7" -"C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEF" -"F0F1F2F3F4F5F6F7F8F9FAFBFCFDFE"; - const char *base32Encoded = -"AAASEA2EAWDAQCAJBIFS2DIQB6IBCESVCSKTNF22DEPBYHA7D2RUAIJCENUCKJTHFAWUWK3NFWZC8NBT" -"GI3VIPJYG66DUQT5HS8V6R4AIFBEGTCFI3DWSUKKJPGE4VURKBIXEW4WKXMFQYC3MJPX2ZK8M7SGC2VD" -"NTUYN35IPFXGY5DPP3ZZA6MUQP4HK7VZRB6ZW856RX9H9AEBSKB2JBNGS8EIVCWMTUG27D6SUGJJHFEX" -"U4M3TGN4VQQJ5HW9WCS4FI7EWYVKRKFJXKX43MPQX82MDNXVYU45PP72ZG7MZRF7Z496BSQC2RCNMTYH" -"3DE6XU8N3ZHN9WGT4MJ7JXQY49NPVYY55VQ77Z9A6HTQH3HF65V8T4RK7RYQ55ZR8D29F69W8Z5RR8H3" -"9M7939R8"; - const char *base64AndHexEncoded = -"41414543417751464267634943516F4C4441304F4478415245684D554652595847426B6147787764" -"486838674953496A4A43556D4A7967704B6973734C5334764D4445794D7A51310A4E6A63344F546F" -"375044302B50304242516B4E4552555A4853456C4B5330784E546B395155564A5456465657563168" -"5A576C746358563566594746695932526C5A6D646F615770720A6247317562334278636E4E306458" -"5A3365486C3665337839666E2B4167594B44684957476834694A696F754D6A5936506B4A47536B35" -"53566C7065596D5A71626E4A32656E3643680A6F714F6B7061616E714B6D717136797472712B7773" -"624B7A744C573274376935757275387662362F774D484377385446787366497963724C7A4D334F7A" -"39445230745055316462580A324E6E6132397A6433742F6734654C6A354F586D352B6A7036757673" -"3765377638504879382F5431397666342B6672372F50332B0A"; - - cout << "\nBase64, base32 and hex coding validation suite running...\n\n"; - - fail = !TestFilter(HexEncoder().Ref(), data, 255, (const byte *)hexEncoded, strlen(hexEncoded)); - cout << (fail ? "FAILED " : "passed "); - cout << "Hex Encoding\n"; - pass = pass && !fail; - - fail = !TestFilter(HexDecoder().Ref(), (const byte *)hexEncoded, strlen(hexEncoded), data, 255); - cout << (fail ? "FAILED " : "passed "); - cout << "Hex Decoding\n"; - pass = pass && !fail; - - fail = !TestFilter(Base32Encoder().Ref(), data, 255, (const byte *)base32Encoded, strlen(base32Encoded)); - cout << (fail ? "FAILED " : "passed "); - cout << "Base32 Encoding\n"; - pass = pass && !fail; - - fail = !TestFilter(Base32Decoder().Ref(), (const byte *)base32Encoded, strlen(base32Encoded), data, 255); - cout << (fail ? "FAILED " : "passed "); - cout << "Base32 Decoding\n"; - pass = pass && !fail; - - fail = !TestFilter(Base64Encoder(new HexEncoder).Ref(), data, 255, (const byte *)base64AndHexEncoded, strlen(base64AndHexEncoded)); - cout << (fail ? "FAILED " : "passed "); - cout << "Base64 Encoding\n"; - pass = pass && !fail; - - fail = !TestFilter(HexDecoder(new Base64Decoder).Ref(), (const byte *)base64AndHexEncoded, strlen(base64AndHexEncoded), data, 255); - cout << (fail ? "FAILED " : "passed "); - cout << "Base64 Decoding\n"; - pass = pass && !fail; - - return pass; -} - -bool ValidateSHACAL2() -{ - cout << "\nSHACAL-2 validation suite running...\n\n"; - - bool pass = true; - FileSource valdata("TestData/shacal2v.dat", true, new HexDecoder); - pass = BlockTransformationTest(FixedRoundsCipherFactory<SHACAL2Encryption, SHACAL2Decryption>(16), valdata, 4) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<SHACAL2Encryption, SHACAL2Decryption>(64), valdata, 10) && pass; - return pass; -} - -bool ValidateCamellia() -{ - cout << "\nCamellia validation suite running...\n\n"; - - bool pass = true; - FileSource valdata("TestData/camellia.dat", true, new HexDecoder); - pass = BlockTransformationTest(FixedRoundsCipherFactory<CamelliaEncryption, CamelliaDecryption>(16), valdata, 15) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<CamelliaEncryption, CamelliaDecryption>(24), valdata, 15) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<CamelliaEncryption, CamelliaDecryption>(32), valdata, 15) && pass; - return pass; -} - -bool ValidateSalsa() -{ - cout << "\nSalsa validation suite running...\n"; - - return RunTestDataFile("TestVectors/salsa.txt"); -} - -bool ValidateSosemanuk() -{ - cout << "\nSosemanuk validation suite running...\n"; - return RunTestDataFile("TestVectors/sosemanuk.txt"); -} - -bool ValidateVMAC() -{ - cout << "\nVMAC validation suite running...\n"; - return RunTestDataFile("TestVectors/vmac.txt"); -} - -bool ValidateCCM() -{ - cout << "\nAES/CCM validation suite running...\n"; - return RunTestDataFile("TestVectors/ccm.txt"); -} - -bool ValidateGCM() -{ - cout << "\nAES/GCM validation suite running...\n"; - cout << "\n2K tables:"; - bool pass = RunTestDataFile("TestVectors/gcm.txt", MakeParameters(Name::TableSize(), (int)2048)); - cout << "\n64K tables:"; - return RunTestDataFile("TestVectors/gcm.txt", MakeParameters(Name::TableSize(), (int)64*1024)) && pass; -} - -bool ValidateCMAC() -{ - cout << "\nCMAC validation suite running...\n"; - return RunTestDataFile("TestVectors/cmac.txt"); -} diff --git a/cryptopp562/validat2.cpp b/cryptopp562/validat2.cpp deleted file mode 100644 index dd7ccd4..0000000 --- a/cryptopp562/validat2.cpp +++ /dev/null @@ -1,722 +0,0 @@ -// validat2.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "blumshub.h" -#include "rsa.h" -#include "md2.h" -#include "elgamal.h" -#include "nr.h" -#include "dsa.h" -#include "dh.h" -#include "mqv.h" -#include "luc.h" -#include "xtrcrypt.h" -#include "rabin.h" -#include "rw.h" -#include "eccrypto.h" -#include "ecp.h" -#include "ec2n.h" -#include "asn.h" -#include "rng.h" -#include "files.h" -#include "hex.h" -#include "oids.h" -#include "esign.h" -#include "osrng.h" - -#include <iostream> -#include <iomanip> - -#include "validate.h" - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -class FixedRNG : public RandomNumberGenerator -{ -public: - FixedRNG(BufferedTransformation &source) : m_source(source) {} - - void GenerateBlock(byte *output, size_t size) - { - m_source.Get(output, size); - } - -private: - BufferedTransformation &m_source; -}; - -bool ValidateBBS() -{ - cout << "\nBlumBlumShub validation suite running...\n\n"; - - Integer p("212004934506826557583707108431463840565872545889679278744389317666981496005411448865750399674653351"); - Integer q("100677295735404212434355574418077394581488455772477016953458064183204108039226017738610663984508231"); - Integer seed("63239752671357255800299643604761065219897634268887145610573595874544114193025997412441121667211431"); - BlumBlumShub bbs(p, q, seed); - bool pass = true, fail; - int j; - - const byte output1[] = { - 0x49,0xEA,0x2C,0xFD,0xB0,0x10,0x64,0xA0,0xBB,0xB9, - 0x2A,0xF1,0x01,0xDA,0xC1,0x8A,0x94,0xF7,0xB7,0xCE}; - const byte output2[] = { - 0x74,0x45,0x48,0xAE,0xAC,0xB7,0x0E,0xDF,0xAF,0xD7, - 0xD5,0x0E,0x8E,0x29,0x83,0x75,0x6B,0x27,0x46,0xA1}; - - byte buf[20]; - - bbs.GenerateBlock(buf, 20); - fail = memcmp(output1, buf, 20) != 0; - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - for (j=0;j<20;j++) - cout << setw(2) << setfill('0') << hex << (int)buf[j]; - cout << endl; - - bbs.Seek(10); - bbs.GenerateBlock(buf, 10); - fail = memcmp(output1+10, buf, 10) != 0; - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - for (j=0;j<10;j++) - cout << setw(2) << setfill('0') << hex << (int)buf[j]; - cout << endl; - - bbs.Seek(1234567); - bbs.GenerateBlock(buf, 20); - fail = memcmp(output2, buf, 20) != 0; - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - for (j=0;j<20;j++) - cout << setw(2) << setfill('0') << hex << (int)buf[j]; - cout << endl; - - return pass; -} - -bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false) -{ - bool pass = true, fail; - - fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "signature key validation\n"; - - const byte *message = (byte *)"test message"; - const int messageLen = 12; - - SecByteBlock signature(priv.MaxSignatureLength()); - size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature); - fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "signature and verification\n"; - - ++signature[0]; - fail = pub.VerifyMessage(message, messageLen, signature, signatureLength); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "checking invalid signature" << endl; - - if (priv.MaxRecoverableLength() > 0) - { - signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature); - SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength)); - DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength); - fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "signature and verification with recovery" << endl; - - ++signature[0]; - result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength); - fail = result.isValidCoding; - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "recovery with invalid signature" << endl; - } - - return pass; -} - -bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough = false) -{ - bool pass = true, fail; - - fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "cryptosystem key validation\n"; - - const byte *message = (byte *)"test message"; - const int messageLen = 12; - SecByteBlock ciphertext(priv.CiphertextLength(messageLen)); - SecByteBlock plaintext(priv.MaxPlaintextLength(ciphertext.size())); - - pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext); - fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen); - fail = fail || memcmp(message, plaintext, messageLen); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "encryption and decryption\n"; - - return pass; -} - -bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d) -{ - if (d.GetCryptoParameters().Validate(GlobalRNG(), 3)) - cout << "passed simple key agreement domain parameters validation" << endl; - else - { - cout << "FAILED simple key agreement domain parameters invalid" << endl; - return false; - } - - SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength()); - SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength()); - SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength()); - - d.GenerateKeyPair(GlobalRNG(), priv1, pub1); - d.GenerateKeyPair(GlobalRNG(), priv2, pub2); - - memset(val1.begin(), 0x10, val1.size()); - memset(val2.begin(), 0x11, val2.size()); - - if (!(d.Agree(val1, priv1, pub2) && d.Agree(val2, priv2, pub1))) - { - cout << "FAILED simple key agreement failed" << endl; - return false; - } - - if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength())) - { - cout << "FAILED simple agreed values not equal" << endl; - return false; - } - - cout << "passed simple key agreement" << endl; - return true; -} - -bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d) -{ - if (d.GetCryptoParameters().Validate(GlobalRNG(), 3)) - cout << "passed authenticated key agreement domain parameters validation" << endl; - else - { - cout << "FAILED authenticated key agreement domain parameters invalid" << endl; - return false; - } - - SecByteBlock spriv1(d.StaticPrivateKeyLength()), spriv2(d.StaticPrivateKeyLength()); - SecByteBlock epriv1(d.EphemeralPrivateKeyLength()), epriv2(d.EphemeralPrivateKeyLength()); - SecByteBlock spub1(d.StaticPublicKeyLength()), spub2(d.StaticPublicKeyLength()); - SecByteBlock epub1(d.EphemeralPublicKeyLength()), epub2(d.EphemeralPublicKeyLength()); - SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength()); - - d.GenerateStaticKeyPair(GlobalRNG(), spriv1, spub1); - d.GenerateStaticKeyPair(GlobalRNG(), spriv2, spub2); - d.GenerateEphemeralKeyPair(GlobalRNG(), epriv1, epub1); - d.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2); - - memset(val1.begin(), 0x10, val1.size()); - memset(val2.begin(), 0x11, val2.size()); - - if (!(d.Agree(val1, spriv1, epriv1, spub2, epub2) && d.Agree(val2, spriv2, epriv2, spub1, epub1))) - { - cout << "FAILED authenticated key agreement failed" << endl; - return false; - } - - if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength())) - { - cout << "FAILED authenticated agreed values not equal" << endl; - return false; - } - - cout << "passed authenticated key agreement" << endl; - return true; -} - -bool ValidateRSA() -{ - cout << "\nRSA validation suite running...\n\n"; - - byte out[100], outPlain[100]; - bool pass = true, fail; - - { - const char *plain = "Everyone gets Friday off."; - byte *signature = (byte *) - "\x05\xfa\x6a\x81\x2f\xc7\xdf\x8b\xf4\xf2\x54\x25\x09\xe0\x3e\x84" - "\x6e\x11\xb9\xc6\x20\xbe\x20\x09\xef\xb4\x40\xef\xbc\xc6\x69\x21" - "\x69\x94\xac\x04\xf3\x41\xb5\x7d\x05\x20\x2d\x42\x8f\xb2\xa2\x7b" - "\x5c\x77\xdf\xd9\xb1\x5b\xfc\x3d\x55\x93\x53\x50\x34\x10\xc1\xe1"; - - FileSource keys("TestData/rsa512a.dat", true, new HexDecoder); - Weak::RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys); - Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv); - - size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out); - fail = memcmp(signature, out, 64) != 0; - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "signature check against test vector\n"; - - fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "verification check against test vector\n"; - - out[10]++; - fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "invalid signature verification\n"; - } - { - FileSource keys("TestData/rsa1024.dat", true, new HexDecoder); - RSAES_PKCS1v15_Decryptor rsaPriv(keys); - RSAES_PKCS1v15_Encryptor rsaPub(rsaPriv); - - pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass; - } - { - RSAES<OAEP<SHA> >::Decryptor rsaPriv(GlobalRNG(), 512); - RSAES<OAEP<SHA> >::Encryptor rsaPub(rsaPriv); - - pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass; - } - { - byte *plain = (byte *) - "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; - byte *encrypted = (byte *) - "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" - "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" - "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" - "\x62\x51"; - byte *oaepSeed = (byte *) - "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2" - "\xf0\x6c\xb5\x8f"; - ByteQueue bq; - bq.Put(oaepSeed, 20); - FixedRNG rng(bq); - - FileSource privFile("TestData/rsa400pv.dat", true, new HexDecoder); - FileSource pubFile("TestData/rsa400pb.dat", true, new HexDecoder); - RSAES_OAEP_SHA_Decryptor rsaPriv; - rsaPriv.AccessKey().BERDecodePrivateKey(privFile, false, 0); - RSAES_OAEP_SHA_Encryptor rsaPub(pubFile); - - memset(out, 0, 50); - memset(outPlain, 0, 8); - rsaPub.Encrypt(rng, plain, 8, out); - DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain); - fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "PKCS 2.0 encryption and decryption\n"; - } - - return pass; -} - -bool ValidateDH() -{ - cout << "\nDH validation suite running...\n\n"; - - FileSource f("TestData/dh1024.dat", true, new HexDecoder()); - DH dh(f); - return SimpleKeyAgreementValidate(dh); -} - -bool ValidateMQV() -{ - cout << "\nMQV validation suite running...\n\n"; - - FileSource f("TestData/mqv1024.dat", true, new HexDecoder()); - MQV mqv(f); - return AuthenticatedKeyAgreementValidate(mqv); -} - -bool ValidateLUC_DH() -{ - cout << "\nLUC-DH validation suite running...\n\n"; - - FileSource f("TestData/lucd512.dat", true, new HexDecoder()); - LUC_DH dh(f); - return SimpleKeyAgreementValidate(dh); -} - -bool ValidateXTR_DH() -{ - cout << "\nXTR-DH validation suite running...\n\n"; - - FileSource f("TestData/xtrdh171.dat", true, new HexDecoder()); - XTR_DH dh(f); - return SimpleKeyAgreementValidate(dh); -} - -bool ValidateElGamal() -{ - cout << "\nElGamal validation suite running...\n\n"; - bool pass = true; - { - FileSource fc("TestData/elgc1024.dat", true, new HexDecoder); - ElGamalDecryptor privC(fc); - ElGamalEncryptor pubC(privC); - privC.AccessKey().Precompute(); - ByteQueue queue; - privC.AccessKey().SavePrecomputation(queue); - privC.AccessKey().LoadPrecomputation(queue); - - pass = CryptoSystemValidate(privC, pubC) && pass; - } - return pass; -} - -bool ValidateDLIES() -{ - cout << "\nDLIES validation suite running...\n\n"; - bool pass = true; - { - FileSource fc("TestData/dlie1024.dat", true, new HexDecoder); - DLIES<>::Decryptor privC(fc); - DLIES<>::Encryptor pubC(privC); - pass = CryptoSystemValidate(privC, pubC) && pass; - } - { - cout << "Generating new encryption key..." << endl; - DLIES<>::GroupParameters gp; - gp.GenerateRandomWithKeySize(GlobalRNG(), 128); - DLIES<>::Decryptor decryptor; - decryptor.AccessKey().GenerateRandom(GlobalRNG(), gp); - DLIES<>::Encryptor encryptor(decryptor); - - pass = CryptoSystemValidate(decryptor, encryptor) && pass; - } - return pass; -} - -bool ValidateNR() -{ - cout << "\nNR validation suite running...\n\n"; - bool pass = true; - { - FileSource f("TestData/nr2048.dat", true, new HexDecoder); - NR<SHA>::Signer privS(f); - privS.AccessKey().Precompute(); - NR<SHA>::Verifier pubS(privS); - - pass = SignatureValidate(privS, pubS) && pass; - } - { - cout << "Generating new signature key..." << endl; - NR<SHA>::Signer privS(GlobalRNG(), 256); - NR<SHA>::Verifier pubS(privS); - - pass = SignatureValidate(privS, pubS) && pass; - } - return pass; -} - -bool ValidateDSA(bool thorough) -{ - cout << "\nDSA validation suite running...\n\n"; - - bool pass = true; - FileSource fs1("TestData/dsa1024.dat", true, new HexDecoder()); - DSA::Signer priv(fs1); - DSA::Verifier pub(priv); - FileSource fs2("TestData/dsa1024b.dat", true, new HexDecoder()); - DSA::Verifier pub1(fs2); - assert(pub.GetKey() == pub1.GetKey()); - pass = SignatureValidate(priv, pub, thorough) && pass; - pass = RunTestDataFile("TestVectors/dsa.txt", g_nullNameValuePairs, thorough) && pass; - return pass; -} - -bool ValidateLUC() -{ - cout << "\nLUC validation suite running...\n\n"; - bool pass=true; - - { - FileSource f("TestData/luc1024.dat", true, new HexDecoder); - LUCSSA_PKCS1v15_SHA_Signer priv(f); - LUCSSA_PKCS1v15_SHA_Verifier pub(priv); - pass = SignatureValidate(priv, pub) && pass; - } - { - LUCES_OAEP_SHA_Decryptor priv(GlobalRNG(), 512); - LUCES_OAEP_SHA_Encryptor pub(priv); - pass = CryptoSystemValidate(priv, pub) && pass; - } - return pass; -} - -bool ValidateLUC_DL() -{ - cout << "\nLUC-HMP validation suite running...\n\n"; - - FileSource f("TestData/lucs512.dat", true, new HexDecoder); - LUC_HMP<SHA>::Signer privS(f); - LUC_HMP<SHA>::Verifier pubS(privS); - bool pass = SignatureValidate(privS, pubS); - - cout << "\nLUC-IES validation suite running...\n\n"; - - FileSource fc("TestData/lucc512.dat", true, new HexDecoder); - LUC_IES<>::Decryptor privC(fc); - LUC_IES<>::Encryptor pubC(privC); - pass = CryptoSystemValidate(privC, pubC) && pass; - - return pass; -} - -bool ValidateRabin() -{ - cout << "\nRabin validation suite running...\n\n"; - bool pass=true; - - { - FileSource f("TestData/rabi1024.dat", true, new HexDecoder); - RabinSS<PSSR, SHA>::Signer priv(f); - RabinSS<PSSR, SHA>::Verifier pub(priv); - pass = SignatureValidate(priv, pub) && pass; - } - { - RabinES<OAEP<SHA> >::Decryptor priv(GlobalRNG(), 512); - RabinES<OAEP<SHA> >::Encryptor pub(priv); - pass = CryptoSystemValidate(priv, pub) && pass; - } - return pass; -} - -bool ValidateRW() -{ - cout << "\nRW validation suite running...\n\n"; - - FileSource f("TestData/rw1024.dat", true, new HexDecoder); - RWSS<PSSR, SHA>::Signer priv(f); - RWSS<PSSR, SHA>::Verifier pub(priv); - - return SignatureValidate(priv, pub); -} - -/* -bool ValidateBlumGoldwasser() -{ - cout << "\nBlumGoldwasser validation suite running...\n\n"; - - FileSource f("TestData/blum512.dat", true, new HexDecoder); - BlumGoldwasserPrivateKey priv(f); - BlumGoldwasserPublicKey pub(priv); - - return CryptoSystemValidate(priv, pub); -} -*/ - -bool ValidateECP() -{ - cout << "\nECP validation suite running...\n\n"; - - ECIES<ECP>::Decryptor cpriv(GlobalRNG(), ASN1::secp192r1()); - ECIES<ECP>::Encryptor cpub(cpriv); - ByteQueue bq; - cpriv.GetKey().DEREncode(bq); - cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true); - cpub.GetKey().DEREncode(bq); - ECDSA<ECP, SHA>::Signer spriv(bq); - ECDSA<ECP, SHA>::Verifier spub(bq); - ECDH<ECP>::Domain ecdhc(ASN1::secp192r1()); - ECMQV<ECP>::Domain ecmqvc(ASN1::secp192r1()); - - spriv.AccessKey().Precompute(); - ByteQueue queue; - spriv.AccessKey().SavePrecomputation(queue); - spriv.AccessKey().LoadPrecomputation(queue); - - bool pass = SignatureValidate(spriv, spub); - cpub.AccessKey().Precompute(); - cpriv.AccessKey().Precompute(); - pass = CryptoSystemValidate(cpriv, cpub) && pass; - pass = SimpleKeyAgreementValidate(ecdhc) && pass; - pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; - - cout << "Turning on point compression..." << endl; - cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true); - cpub.AccessKey().AccessGroupParameters().SetPointCompression(true); - ecdhc.AccessGroupParameters().SetPointCompression(true); - ecmqvc.AccessGroupParameters().SetPointCompression(true); - pass = CryptoSystemValidate(cpriv, cpub) && pass; - pass = SimpleKeyAgreementValidate(ecdhc) && pass; - pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; - - cout << "Testing SEC 2, NIST, and Brainpool recommended curves..." << endl; - OID oid; - while (!(oid = DL_GroupParameters_EC<ECP>::GetNextRecommendedParametersOID(oid)).m_values.empty()) - { - DL_GroupParameters_EC<ECP> params(oid); - bool fail = !params.Validate(GlobalRNG(), 2); - cout << (fail ? "FAILED" : "passed") << " " << dec << params.GetCurve().GetField().MaxElementBitLength() << " bits" << endl; - pass = pass && !fail; - } - - return pass; -} - -bool ValidateEC2N() -{ - cout << "\nEC2N validation suite running...\n\n"; - - ECIES<EC2N>::Decryptor cpriv(GlobalRNG(), ASN1::sect193r1()); - ECIES<EC2N>::Encryptor cpub(cpriv); - ByteQueue bq; - cpriv.DEREncode(bq); - cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true); - cpub.DEREncode(bq); - ECDSA<EC2N, SHA>::Signer spriv(bq); - ECDSA<EC2N, SHA>::Verifier spub(bq); - ECDH<EC2N>::Domain ecdhc(ASN1::sect193r1()); - ECMQV<EC2N>::Domain ecmqvc(ASN1::sect193r1()); - - spriv.AccessKey().Precompute(); - ByteQueue queue; - spriv.AccessKey().SavePrecomputation(queue); - spriv.AccessKey().LoadPrecomputation(queue); - - bool pass = SignatureValidate(spriv, spub); - pass = CryptoSystemValidate(cpriv, cpub) && pass; - pass = SimpleKeyAgreementValidate(ecdhc) && pass; - pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; - - cout << "Turning on point compression..." << endl; - cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true); - cpub.AccessKey().AccessGroupParameters().SetPointCompression(true); - ecdhc.AccessGroupParameters().SetPointCompression(true); - ecmqvc.AccessGroupParameters().SetPointCompression(true); - pass = CryptoSystemValidate(cpriv, cpub) && pass; - pass = SimpleKeyAgreementValidate(ecdhc) && pass; - pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; - -#if 0 // TODO: turn this back on when I make EC2N faster for pentanomial basis - cout << "Testing SEC 2 recommended curves..." << endl; - OID oid; - while (!(oid = DL_GroupParameters_EC<EC2N>::GetNextRecommendedParametersOID(oid)).m_values.empty()) - { - DL_GroupParameters_EC<EC2N> params(oid); - bool fail = !params.Validate(GlobalRNG(), 2); - cout << (fail ? "FAILED" : "passed") << " " << params.GetCurve().GetField().MaxElementBitLength() << " bits" << endl; - pass = pass && !fail; - } -#endif - - return pass; -} - -bool ValidateECDSA() -{ - cout << "\nECDSA validation suite running...\n\n"; - - // from Sample Test Vectors for P1363 - GF2NT gf2n(191, 9, 0); - byte a[]="\x28\x66\x53\x7B\x67\x67\x52\x63\x6A\x68\xF5\x65\x54\xE1\x26\x40\x27\x6B\x64\x9E\xF7\x52\x62\x67"; - byte b[]="\x2E\x45\xEF\x57\x1F\x00\x78\x6F\x67\xB0\x08\x1B\x94\x95\xA3\xD9\x54\x62\xF5\xDE\x0A\xA1\x85\xEC"; - EC2N ec(gf2n, PolynomialMod2(a,24), PolynomialMod2(b,24)); - - EC2N::Point P; - ec.DecodePoint(P, (byte *)"\x04\x36\xB3\xDA\xF8\xA2\x32\x06\xF9\xC4\xF2\x99\xD7\xB2\x1A\x9C\x36\x91\x37\xF2\xC8\x4A\xE1\xAA\x0D" - "\x76\x5B\xE7\x34\x33\xB3\xF9\x5E\x33\x29\x32\xE7\x0E\xA2\x45\xCA\x24\x18\xEA\x0E\xF9\x80\x18\xFB", ec.EncodedPointSize()); - Integer n("40000000000000000000000004a20e90c39067c893bbb9a5H"); - Integer d("340562e1dda332f9d2aec168249b5696ee39d0ed4d03760fH"); - EC2N::Point Q(ec.Multiply(d, P)); - ECDSA<EC2N, SHA>::Signer priv(ec, P, n, d); - ECDSA<EC2N, SHA>::Verifier pub(priv); - - Integer h("A9993E364706816ABA3E25717850C26C9CD0D89DH"); - Integer k("3eeace72b4919d991738d521879f787cb590aff8189d2b69H"); - byte sig[]="\x03\x8e\x5a\x11\xfb\x55\xe4\xc6\x54\x71\xdc\xd4\x99\x84\x52\xb1\xe0\x2d\x8a\xf7\x09\x9b\xb9\x30" - "\x0c\x9a\x08\xc3\x44\x68\xc2\x44\xb4\xe5\xd6\xb2\x1b\x3c\x68\x36\x28\x07\x41\x60\x20\x32\x8b\x6e"; - Integer r(sig, 24); - Integer s(sig+24, 24); - - Integer rOut, sOut; - bool fail, pass=true; - - priv.RawSign(k, h, rOut, sOut); - fail = (rOut != r) || (sOut != s); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "signature check against test vector\n"; - - fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig)); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "verification check against test vector\n"; - - fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig)); - pass = pass && !fail; - - pass = SignatureValidate(priv, pub) && pass; - - return pass; -} - -bool ValidateESIGN() -{ - cout << "\nESIGN validation suite running...\n\n"; - - bool pass = true, fail; - - const char *plain = "test"; - const byte *signature = (byte *) - "\xA3\xE3\x20\x65\xDE\xDA\xE7\xEC\x05\xC1\xBF\xCD\x25\x79\x7D\x99\xCD\xD5\x73\x9D\x9D\xF3\xA4\xAA\x9A\xA4\x5A\xC8\x23\x3D\x0D\x37\xFE\xBC\x76\x3F\xF1\x84\xF6\x59" - "\x14\x91\x4F\x0C\x34\x1B\xAE\x9A\x5C\x2E\x2E\x38\x08\x78\x77\xCB\xDC\x3C\x7E\xA0\x34\x44\x5B\x0F\x67\xD9\x35\x2A\x79\x47\x1A\x52\x37\x71\xDB\x12\x67\xC1\xB6\xC6" - "\x66\x73\xB3\x40\x2E\xD6\xF2\x1A\x84\x0A\xB6\x7B\x0F\xEB\x8B\x88\xAB\x33\xDD\xE4\x83\x21\x90\x63\x2D\x51\x2A\xB1\x6F\xAB\xA7\x5C\xFD\x77\x99\xF2\xE1\xEF\x67\x1A" - "\x74\x02\x37\x0E\xED\x0A\x06\xAD\xF4\x15\x65\xB8\xE1\xD1\x45\xAE\x39\x19\xB4\xFF\x5D\xF1\x45\x7B\xE0\xFE\x72\xED\x11\x92\x8F\x61\x41\x4F\x02\x00\xF2\x76\x6F\x7C" - "\x79\xA2\xE5\x52\x20\x5D\x97\x5E\xFE\x39\xAE\x21\x10\xFB\x35\xF4\x80\x81\x41\x13\xDD\xE8\x5F\xCA\x1E\x4F\xF8\x9B\xB2\x68\xFB\x28"; - - FileSource keys("TestData/esig1536.dat", true, new HexDecoder); - ESIGN<SHA>::Signer signer(keys); - ESIGN<SHA>::Verifier verifier(signer); - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - - fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength()); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "verification check against test vector\n"; - - cout << "Generating signature key from seed..." << endl; - signer.AccessKey().GenerateRandom(GlobalRNG(), MakeParameters("Seed", ConstByteArrayParameter((const byte *)"test", 4))("KeySize", 3*512)); - verifier = signer; - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - - return pass; -} diff --git a/cryptopp562/validat3.cpp b/cryptopp562/validat3.cpp deleted file mode 100644 index 035b556..0000000 --- a/cryptopp562/validat3.cpp +++ /dev/null @@ -1,591 +0,0 @@ -// validat3.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "validate.h" - -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "smartptr.h" -#include "crc.h" -#include "adler32.h" -#include "md2.h" -#include "md4.h" -#include "md5.h" -#include "sha.h" -#include "tiger.h" -#include "ripemd.h" - -#include "hmac.h" -#include "ttmac.h" - -#include "integer.h" -#include "pwdbased.h" -#include "filters.h" -#include "hex.h" -#include "files.h" - -#include <iostream> -#include <iomanip> - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -struct HashTestTuple -{ - HashTestTuple(const char *input, const char *output, unsigned int repeatTimes=1) - : input((byte *)input), output((byte *)output), inputLen(strlen(input)), repeatTimes(repeatTimes) {} - - HashTestTuple(const char *input, unsigned int inputLen, const char *output, unsigned int repeatTimes) - : input((byte *)input), output((byte *)output), inputLen(inputLen), repeatTimes(repeatTimes) {} - - const byte *input, *output; - size_t inputLen; - unsigned int repeatTimes; -}; - -bool HashModuleTest(HashTransformation &md, const HashTestTuple *testSet, unsigned int testSetSize) -{ - bool pass=true, fail; - SecByteBlock digest(md.DigestSize()); - - for (unsigned int i=0; i<testSetSize; i++) - { - unsigned j; - - for (j=0; j<testSet[i].repeatTimes; j++) - md.Update(testSet[i].input, testSet[i].inputLen); - md.Final(digest); - fail = memcmp(digest, testSet[i].output, md.DigestSize()) != 0; - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - for (j=0; j<md.DigestSize(); j++) - cout << setw(2) << setfill('0') << hex << (int)digest[j]; - cout << " \"" << (char *)testSet[i].input << '\"'; - if (testSet[i].repeatTimes != 1) - cout << " repeated " << dec << testSet[i].repeatTimes << " times"; - cout << endl; - } - - return pass; -} - -bool ValidateCRC32() -{ - HashTestTuple testSet[] = - { - HashTestTuple("", "\x00\x00\x00\x00"), - HashTestTuple("a", "\x43\xbe\xb7\xe8"), - HashTestTuple("abc", "\xc2\x41\x24\x35"), - HashTestTuple("message digest", "\x7f\x9d\x15\x20"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xbd\x50\x27\x4c"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xd2\xe6\xc2\x1f"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\x72\x4a\xa9\x7c"), - HashTestTuple("123456789", "\x26\x39\xf4\xcb") - }; - - CRC32 crc; - - cout << "\nCRC-32 validation suite running...\n\n"; - return HashModuleTest(crc, testSet, sizeof(testSet)/sizeof(testSet[0])); -} - -bool ValidateAdler32() -{ - HashTestTuple testSet[] = - { - HashTestTuple("", "\x00\x00\x00\x01"), - HashTestTuple("a", "\x00\x62\x00\x62"), - HashTestTuple("abc", "\x02\x4d\x01\x27"), - HashTestTuple("message digest", "\x29\x75\x05\x86"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\x90\x86\x0b\x20"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\x8a\xdb\x15\x0c"), - HashTestTuple("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "\x15\xd8\x70\xf9", 15625) - }; - - Adler32 md; - - cout << "\nAdler-32 validation suite running...\n\n"; - return HashModuleTest(md, testSet, sizeof(testSet)/sizeof(testSet[0])); -} - -bool ValidateMD2() -{ - HashTestTuple testSet[] = - { - HashTestTuple("", "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69\x27\x73"), - HashTestTuple("a", "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0\xb5\xd1"), - HashTestTuple("abc", "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde\xd6\xbb"), - HashTestTuple("message digest", "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe\x06\xb0"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47\x94\x0b"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03\x38\xcd"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3\xef\xd8") - }; - - Weak::MD2 md2; - - cout << "\nMD2 validation suite running...\n\n"; - return HashModuleTest(md2, testSet, sizeof(testSet)/sizeof(testSet[0])); -} - -bool ValidateMD4() -{ - HashTestTuple testSet[] = - { - HashTestTuple("", "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89\xc0"), - HashTestTuple("a", "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb\x24"), - HashTestTuple("abc", "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72\x9d"), - HashTestTuple("message digest", "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01\x4b"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d\xa9"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0\xe4"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05\x36") - }; - - Weak::MD4 md4; - - cout << "\nMD4 validation suite running...\n\n"; - return HashModuleTest(md4, testSet, sizeof(testSet)/sizeof(testSet[0])); -} - -bool ValidateMD5() -{ - HashTestTuple testSet[] = - { - HashTestTuple("", "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e"), - HashTestTuple("a", "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8\x31\xc3\x99\xe2\x69\x77\x26\x61"), - HashTestTuple("abc", "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"), - HashTestTuple("message digest", "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1\x3b"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6\x7a") - }; - - Weak::MD5 md5; - - cout << "\nMD5 validation suite running...\n\n"; - return HashModuleTest(md5, testSet, sizeof(testSet)/sizeof(testSet[0])); -} - -bool ValidateSHA() -{ - cout << "\nSHA validation suite running...\n\n"; - return RunTestDataFile("TestVectors/sha.txt"); -} - -bool ValidateSHA2() -{ - cout << "\nSHA validation suite running...\n\n"; - return RunTestDataFile("TestVectors/sha.txt"); -} - -bool ValidateTiger() -{ - cout << "\nTiger validation suite running...\n\n"; - - HashTestTuple testSet[] = - { - HashTestTuple("", "\x32\x93\xac\x63\x0c\x13\xf0\x24\x5f\x92\xbb\xb1\x76\x6e\x16\x16\x7a\x4e\x58\x49\x2d\xde\x73\xf3"), - HashTestTuple("abc", "\x2a\xab\x14\x84\xe8\xc1\x58\xf2\xbf\xb8\xc5\xff\x41\xb5\x7a\x52\x51\x29\x13\x1c\x95\x7b\x5f\x93"), - HashTestTuple("Tiger", "\xdd\x00\x23\x07\x99\xf5\x00\x9f\xec\x6d\xeb\xc8\x38\xbb\x6a\x27\xdf\x2b\x9d\x6f\x11\x0c\x79\x37"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-", "\xf7\x1c\x85\x83\x90\x2a\xfb\x87\x9e\xdf\xe6\x10\xf8\x2c\x0d\x47\x86\xa3\xa5\x34\x50\x44\x86\xb5"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789", "\x48\xce\xeb\x63\x08\xb8\x7d\x46\xe9\x5d\x65\x61\x12\xcd\xf1\x8d\x97\x91\x5f\x97\x65\x65\x89\x57"), - HashTestTuple("Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham", "\x8a\x86\x68\x29\x04\x0a\x41\x0c\x72\x9a\xd2\x3f\x5a\xda\x71\x16\x03\xb3\xcd\xd3\x57\xe4\xc1\x5e"), - HashTestTuple("Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge.", "\xce\x55\xa6\xaf\xd5\x91\xf5\xeb\xac\x54\x7f\xf8\x4f\x89\x22\x7f\x93\x31\xda\xb0\xb6\x11\xc8\x89"), - HashTestTuple("Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge, 1996.", "\x63\x1a\xbd\xd1\x03\xeb\x9a\x3d\x24\x5b\x6d\xfd\x4d\x77\xb2\x57\xfc\x74\x39\x50\x1d\x15\x68\xdd"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-", "\xc5\x40\x34\xe5\xb4\x3e\xb8\x00\x58\x48\xa7\xe0\xae\x6a\xac\x76\xe4\xff\x59\x0a\xe7\x15\xfd\x25") - }; - - Tiger tiger; - - return HashModuleTest(tiger, testSet, sizeof(testSet)/sizeof(testSet[0])); -} - -bool ValidateRIPEMD() -{ - HashTestTuple testSet128[] = - { - HashTestTuple("", "\xcd\xf2\x62\x13\xa1\x50\xdc\x3e\xcb\x61\x0f\x18\xf6\xb3\x8b\x46"), - HashTestTuple("a", "\x86\xbe\x7a\xfa\x33\x9d\x0f\xc7\xcf\xc7\x85\xe7\x2f\x57\x8d\x33"), - HashTestTuple("abc", "\xc1\x4a\x12\x19\x9c\x66\xe4\xba\x84\x63\x6b\x0f\x69\x14\x4c\x77"), - HashTestTuple("message digest", "\x9e\x32\x7b\x3d\x6e\x52\x30\x62\xaf\xc1\x13\x2d\x7d\xf9\xd1\xb8"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xfd\x2a\xa6\x07\xf7\x1d\xc8\xf5\x10\x71\x49\x22\xb3\x71\x83\x4e"), - HashTestTuple("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "\xa1\xaa\x06\x89\xd0\xfa\xfa\x2d\xdc\x22\xe8\x8b\x49\x13\x3a\x06"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xd1\xe9\x59\xeb\x17\x9c\x91\x1f\xae\xa4\x62\x4c\x60\xc5\xc7\x02"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\x3f\x45\xef\x19\x47\x32\xc2\xdb\xb2\xc4\xa2\xc7\x69\x79\x5f\xa3"), - HashTestTuple("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "\x4a\x7f\x57\x23\xf9\x54\xeb\xa1\x21\x6c\x9d\x8f\x63\x20\x43\x1f", 15625) - }; - - HashTestTuple testSet160[] = - { - HashTestTuple("", "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31"), - HashTestTuple("a", "\x0b\xdc\x9d\x2d\x25\x6b\x3e\xe9\xda\xae\x34\x7b\xe6\xf4\xdc\x83\x5a\x46\x7f\xfe"), - HashTestTuple("abc", "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6\xb0\x87\xf1\x5a\x0b\xfc"), - HashTestTuple("message digest", "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8\x5f\xfa\x21\x59\x5f\x36"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xf7\x1c\x27\x10\x9c\x69\x2c\x1b\x56\xbb\xdc\xeb\x5b\x9d\x28\x65\xb3\x70\x8d\xbc"), - HashTestTuple("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc\xf4\x9a\xda\x62\xeb\x2b"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xb0\xe2\x0b\x6e\x31\x16\x64\x02\x86\xed\x3a\x87\xa5\x71\x30\x79\xb2\x1f\x51\x89"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab\x82\xbf\x63\x32\x6b\xfb"), - HashTestTuple("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "\x52\x78\x32\x43\xc1\x69\x7b\xdb\xe1\x6d\x37\xf9\x7f\x68\xf0\x83\x25\xdc\x15\x28", 15625) - }; - - HashTestTuple testSet256[] = - { - HashTestTuple("", "\x02\xba\x4c\x4e\x5f\x8e\xcd\x18\x77\xfc\x52\xd6\x4d\x30\xe3\x7a\x2d\x97\x74\xfb\x1e\x5d\x02\x63\x80\xae\x01\x68\xe3\xc5\x52\x2d"), - HashTestTuple("a", "\xf9\x33\x3e\x45\xd8\x57\xf5\xd9\x0a\x91\xba\xb7\x0a\x1e\xba\x0c\xfb\x1b\xe4\xb0\x78\x3c\x9a\xcf\xcd\x88\x3a\x91\x34\x69\x29\x25"), - HashTestTuple("abc", "\xaf\xbd\x6e\x22\x8b\x9d\x8c\xbb\xce\xf5\xca\x2d\x03\xe6\xdb\xa1\x0a\xc0\xbc\x7d\xcb\xe4\x68\x0e\x1e\x42\xd2\xe9\x75\x45\x9b\x65"), - HashTestTuple("message digest", "\x87\xe9\x71\x75\x9a\x1c\xe4\x7a\x51\x4d\x5c\x91\x4c\x39\x2c\x90\x18\xc7\xc4\x6b\xc1\x44\x65\x55\x4a\xfc\xdf\x54\xa5\x07\x0c\x0e"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\x64\x9d\x30\x34\x75\x1e\xa2\x16\x77\x6b\xf9\xa1\x8a\xcc\x81\xbc\x78\x96\x11\x8a\x51\x97\x96\x87\x82\xdd\x1f\xd9\x7d\x8d\x51\x33"), - HashTestTuple("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "\x38\x43\x04\x55\x83\xaa\xc6\xc8\xc8\xd9\x12\x85\x73\xe7\xa9\x80\x9a\xfb\x2a\x0f\x34\xcc\xc3\x6e\xa9\xe7\x2f\x16\xf6\x36\x8e\x3f"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\x57\x40\xa4\x08\xac\x16\xb7\x20\xb8\x44\x24\xae\x93\x1c\xbb\x1f\xe3\x63\xd1\xd0\xbf\x40\x17\xf1\xa8\x9f\x7e\xa6\xde\x77\xa0\xb8"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\x06\xfd\xcc\x7a\x40\x95\x48\xaa\xf9\x13\x68\xc0\x6a\x62\x75\xb5\x53\xe3\xf0\x99\xbf\x0e\xa4\xed\xfd\x67\x78\xdf\x89\xa8\x90\xdd"), - HashTestTuple("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "\xac\x95\x37\x44\xe1\x0e\x31\x51\x4c\x15\x0d\x4d\x8d\x7b\x67\x73\x42\xe3\x33\x99\x78\x82\x96\xe4\x3a\xe4\x85\x0c\xe4\xf9\x79\x78", 15625) - }; - - HashTestTuple testSet320[] = - { - HashTestTuple("", "\x22\xd6\x5d\x56\x61\x53\x6c\xdc\x75\xc1\xfd\xf5\xc6\xde\x7b\x41\xb9\xf2\x73\x25\xeb\xc6\x1e\x85\x57\x17\x7d\x70\x5a\x0e\xc8\x80\x15\x1c\x3a\x32\xa0\x08\x99\xb8"), - HashTestTuple("a", "\xce\x78\x85\x06\x38\xf9\x26\x58\xa5\xa5\x85\x09\x75\x79\x92\x6d\xda\x66\x7a\x57\x16\x56\x2c\xfc\xf6\xfb\xe7\x7f\x63\x54\x2f\x99\xb0\x47\x05\xd6\x97\x0d\xff\x5d"), - HashTestTuple("abc", "\xde\x4c\x01\xb3\x05\x4f\x89\x30\xa7\x9d\x09\xae\x73\x8e\x92\x30\x1e\x5a\x17\x08\x5b\xef\xfd\xc1\xb8\xd1\x16\x71\x3e\x74\xf8\x2f\xa9\x42\xd6\x4c\xdb\xc4\x68\x2d"), - HashTestTuple("message digest", "\x3a\x8e\x28\x50\x2e\xd4\x5d\x42\x2f\x68\x84\x4f\x9d\xd3\x16\xe7\xb9\x85\x33\xfa\x3f\x2a\x91\xd2\x9f\x84\xd4\x25\xc8\x8d\x6b\x4e\xff\x72\x7d\xf6\x6a\x7c\x01\x97"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xca\xbd\xb1\x81\x0b\x92\x47\x0a\x20\x93\xaa\x6b\xce\x05\x95\x2c\x28\x34\x8c\xf4\x3f\xf6\x08\x41\x97\x51\x66\xbb\x40\xed\x23\x40\x04\xb8\x82\x44\x63\xe6\xb0\x09"), - HashTestTuple("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "\xd0\x34\xa7\x95\x0c\xf7\x22\x02\x1b\xa4\xb8\x4d\xf7\x69\xa5\xde\x20\x60\xe2\x59\xdf\x4c\x9b\xb4\xa4\x26\x8c\x0e\x93\x5b\xbc\x74\x70\xa9\x69\xc9\xd0\x72\xa1\xac"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xed\x54\x49\x40\xc8\x6d\x67\xf2\x50\xd2\x32\xc3\x0b\x7b\x3e\x57\x70\xe0\xc6\x0c\x8c\xb9\xa4\xca\xfe\x3b\x11\x38\x8a\xf9\x92\x0e\x1b\x99\x23\x0b\x84\x3c\x86\xa4"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\x55\x78\x88\xaf\x5f\x6d\x8e\xd6\x2a\xb6\x69\x45\xc6\xd2\xa0\xa4\x7e\xcd\x53\x41\xe9\x15\xeb\x8f\xea\x1d\x05\x24\x95\x5f\x82\x5d\xc7\x17\xe4\xa0\x08\xab\x2d\x42"), - HashTestTuple("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "\xbd\xee\x37\xf4\x37\x1e\x20\x64\x6b\x8b\x0d\x86\x2d\xda\x16\x29\x2a\xe3\x6f\x40\x96\x5e\x8c\x85\x09\xe6\x3d\x1d\xbd\xde\xcc\x50\x3e\x2b\x63\xeb\x92\x45\xbb\x66", 15625) - }; - - bool pass = true; - - cout << "\nRIPEMD-128 validation suite running...\n\n"; - RIPEMD128 md128; - pass = HashModuleTest(md128, testSet128, sizeof(testSet128)/sizeof(testSet128[0])) && pass; - - cout << "\nRIPEMD-160 validation suite running...\n\n"; - RIPEMD160 md160; - pass = HashModuleTest(md160, testSet160, sizeof(testSet160)/sizeof(testSet160[0])) && pass; - - cout << "\nRIPEMD-256 validation suite running...\n\n"; - RIPEMD256 md256; - pass = HashModuleTest(md256, testSet256, sizeof(testSet256)/sizeof(testSet256[0])) && pass; - - cout << "\nRIPEMD-320 validation suite running...\n\n"; - RIPEMD320 md320; - pass = HashModuleTest(md320, testSet320, sizeof(testSet320)/sizeof(testSet320[0])) && pass; - - return pass; -} - -#ifdef CRYPTOPP_REMOVED -bool ValidateHAVAL() -{ - HashTestTuple testSet[] = - { - HashTestTuple("", "\xC6\x8F\x39\x91\x3F\x90\x1F\x3D\xDF\x44\xC7\x07\x35\x7A\x7D\x70"), - HashTestTuple("a", "\x4D\xA0\x8F\x51\x4A\x72\x75\xDB\xC4\xCE\xCE\x4A\x34\x73\x85\x98\x39\x83\xA8\x30"), - HashTestTuple("HAVAL", "\x0C\x13\x96\xD7\x77\x26\x89\xC4\x67\x73\xF3\xDA\xAC\xA4\xEF\xA9\x82\xAD\xBF\xB2\xF1\x46\x7E\xEA"), - HashTestTuple("0123456789", "\xBE\xBD\x78\x16\xF0\x9B\xAE\xEC\xF8\x90\x3B\x1B\x9B\xC6\x72\xD9\xFA\x42\x8E\x46\x2B\xA6\x99\xF8\x14\x84\x15\x29"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xC9\xC7\xD8\xAF\xA1\x59\xFD\x9E\x96\x5C\xB8\x3F\xF5\xEE\x6F\x58\xAE\xDA\x35\x2C\x0E\xFF\x00\x55\x48\x15\x3A\x61\x55\x1C\x38\xEE"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xB4\x5C\xB6\xE6\x2F\x2B\x13\x20\xE4\xF8\xF1\xB0\xB2\x73\xD4\x5A\xDD\x47\xC3\x21\xFD\x23\x99\x9D\xCF\x40\x3A\xC3\x76\x36\xD9\x63") - }; - - bool pass=true; - - cout << "\nHAVAL validation suite running...\n\n"; - { - HAVAL3 md(16); - pass = HashModuleTest(md, testSet+0, 1) && pass; - } - { - HAVAL3 md(20); - pass = HashModuleTest(md, testSet+1, 1) && pass; - } - { - HAVAL4 md(24); - pass = HashModuleTest(md, testSet+2, 1) && pass; - } - { - HAVAL4 md(28); - pass = HashModuleTest(md, testSet+3, 1) && pass; - } - { - HAVAL5 md(32); - pass = HashModuleTest(md, testSet+4, 1) && pass; - } - { - HAVAL5 md(32); - pass = HashModuleTest(md, testSet+5, 1) && pass; - } - - return pass; -} -#endif - -bool ValidatePanama() -{ - return RunTestDataFile("TestVectors/panama.txt"); -} - -bool ValidateWhirlpool() -{ - return RunTestDataFile("TestVectors/whrlpool.txt"); -} - -#ifdef CRYPTOPP_REMOVED -bool ValidateMD5MAC() -{ - const byte keys[2][MD5MAC::KEYLENGTH]={ - {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff}, - {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}}; - - const char *TestVals[7]={ - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; - - const byte output[2][7][MD5MAC::DIGESTSIZE]={ - {{0x1f,0x1e,0xf2,0x37,0x5c,0xc0,0xe0,0x84,0x4f,0x98,0xe7,0xe8,0x11,0xa3,0x4d,0xa8}, - {0x7a,0x76,0xee,0x64,0xca,0x71,0xef,0x23,0x7e,0x26,0x29,0xed,0x94,0x52,0x73,0x65}, - {0xe8,0x01,0x3c,0x11,0xf7,0x20,0x9d,0x13,0x28,0xc0,0xca,0xa0,0x4f,0xd0,0x12,0xa6}, - {0xc8,0x95,0x53,0x4f,0x22,0xa1,0x74,0xbc,0x3e,0x6a,0x25,0xa2,0xb2,0xef,0xd6,0x30}, - {0x91,0x72,0x86,0x7e,0xb6,0x00,0x17,0x88,0x4c,0x6f,0xa8,0xcc,0x88,0xeb,0xe7,0xc9}, - {0x3b,0xd0,0xe1,0x1d,0x5e,0x09,0x4c,0xb7,0x1e,0x35,0x44,0xac,0xa9,0xb8,0xbf,0xa2}, - {0x93,0x37,0x16,0x64,0x44,0xcc,0x95,0x35,0xb7,0xd5,0xb8,0x0f,0x91,0xe5,0x29,0xcb}}, - {{0x2f,0x6e,0x73,0x13,0xbf,0xbb,0xbf,0xcc,0x3a,0x2d,0xde,0x26,0x8b,0x59,0xcc,0x4d}, - {0x69,0xf6,0xca,0xff,0x40,0x25,0x36,0xd1,0x7a,0xe1,0x38,0x03,0x2c,0x0c,0x5f,0xfd}, - {0x56,0xd3,0x2b,0x6c,0x34,0x76,0x65,0xd9,0x74,0xd6,0xf7,0x5c,0x3f,0xc6,0xf0,0x40}, - {0xb8,0x02,0xb2,0x15,0x4e,0x59,0x8b,0x6f,0x87,0x60,0x56,0xc7,0x85,0x46,0x2c,0x0b}, - {0x5a,0xde,0xf4,0xbf,0xf8,0x04,0xbe,0x08,0x58,0x7e,0x94,0x41,0xcf,0x6d,0xbd,0x57}, - {0x18,0xe3,0x49,0xa5,0x24,0x44,0xb3,0x0e,0x5e,0xba,0x5a,0xdd,0xdc,0xd9,0xf1,0x8d}, - {0xf2,0xb9,0x06,0xa5,0xb8,0x4b,0x9b,0x4b,0xbe,0x95,0xed,0x32,0x56,0x4e,0xe7,0xeb}}}; - - byte digest[MD5MAC::DIGESTSIZE]; - bool pass=true, fail; - - cout << "\nMD5MAC validation suite running...\n"; - - for (int k=0; k<2; k++) - { - MD5MAC mac(keys[k]); - cout << "\nKEY: "; - for (int j=0;j<MD5MAC::KEYLENGTH;j++) - cout << setw(2) << setfill('0') << hex << (int)keys[k][j]; - cout << endl << endl; - for (int i=0;i<7;i++) - { - mac.Update((byte *)TestVals[i], strlen(TestVals[i])); - mac.Final(digest); - fail = memcmp(digest, output[k][i], MD5MAC::DIGESTSIZE) - || !mac.VerifyDigest(output[k][i], (byte *)TestVals[i], strlen(TestVals[i])); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed "); - for (int j=0;j<MD5MAC::DIGESTSIZE;j++) - cout << setw(2) << setfill('0') << hex << (int)digest[j]; - cout << " \"" << TestVals[i] << '\"' << endl; - } - } - - return pass; -} -#endif - -bool ValidateHMAC() -{ - return RunTestDataFile("TestVectors/hmac.txt"); -} - -#ifdef CRYPTOPP_REMOVED -bool ValidateXMACC() -{ - typedef XMACC<MD5> XMACC_MD5; - - const byte keys[2][XMACC_MD5::KEYLENGTH]={ - {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb}, - {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98}}; - - const word32 counters[2]={0xccddeeff, 0x76543210}; - - const char *TestVals[7]={ - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; - - const byte output[2][7][XMACC_MD5::DIGESTSIZE]={ - {{0xcc,0xdd,0xef,0x00,0xfa,0x89,0x54,0x92,0x86,0x32,0xda,0x2a,0x3f,0x29,0xc5,0x52,0xa0,0x0d,0x05,0x13}, - {0xcc,0xdd,0xef,0x01,0xae,0xdb,0x8b,0x7b,0x69,0x71,0xc7,0x91,0x71,0x48,0x9d,0x18,0xe7,0xdf,0x9d,0x5a}, - {0xcc,0xdd,0xef,0x02,0x5e,0x01,0x2e,0x2e,0x4b,0xc3,0x83,0x62,0xc2,0xf4,0xe6,0x18,0x1c,0x44,0xaf,0xca}, - {0xcc,0xdd,0xef,0x03,0x3e,0xa9,0xf1,0xe0,0x97,0x91,0xf8,0xe2,0xbe,0xe0,0xdf,0xf3,0x41,0x03,0xb3,0x5a}, - {0xcc,0xdd,0xef,0x04,0x2e,0x6a,0x8d,0xb9,0x72,0xe3,0xce,0x9f,0xf4,0x28,0x45,0xe7,0xbc,0x80,0xa9,0xc7}, - {0xcc,0xdd,0xef,0x05,0x1a,0xd5,0x40,0x78,0xfb,0x16,0x37,0xfc,0x7a,0x1d,0xce,0xb4,0x77,0x10,0xb2,0xa0}, - {0xcc,0xdd,0xef,0x06,0x13,0x2f,0x11,0x47,0xd7,0x1b,0xb5,0x52,0x36,0x51,0x26,0xb0,0x96,0xd7,0x60,0x81}}, - {{0x76,0x54,0x32,0x11,0xe9,0xcb,0x74,0x32,0x07,0x93,0xfe,0x01,0xdd,0x27,0xdb,0xde,0x6b,0x77,0xa4,0x56}, - {0x76,0x54,0x32,0x12,0xcd,0x55,0x87,0x5c,0xc0,0x35,0x85,0x99,0x44,0x02,0xa5,0x0b,0x8c,0xe7,0x2c,0x68}, - {0x76,0x54,0x32,0x13,0xac,0xfd,0x87,0x50,0xc3,0x8f,0xcd,0x58,0xaa,0xa5,0x7e,0x7a,0x25,0x63,0x26,0xd1}, - {0x76,0x54,0x32,0x14,0xe3,0x30,0xf5,0xdd,0x27,0x2b,0x76,0x22,0x7f,0xaa,0x90,0x73,0x6a,0x48,0xdb,0x00}, - {0x76,0x54,0x32,0x15,0xfc,0x57,0x00,0x20,0x7c,0x9d,0xf6,0x30,0x6f,0xbd,0x46,0x3e,0xfb,0x8a,0x2c,0x60}, - {0x76,0x54,0x32,0x16,0xfb,0x0f,0xd3,0xdf,0x4c,0x4b,0xc3,0x05,0x9d,0x63,0x1e,0xba,0x25,0x2b,0xbe,0x35}, - {0x76,0x54,0x32,0x17,0xc6,0xfe,0xe6,0x5f,0xb1,0x35,0x8a,0xf5,0x32,0x7a,0x80,0xbd,0xb8,0x72,0xee,0xae}}}; - - byte digest[XMACC_MD5::DIGESTSIZE]; - bool pass=true, fail; - - cout << "\nXMACC/MD5 validation suite running...\n"; - - for (int k=0; k<2; k++) - { - XMACC_MD5 mac(keys[k], counters[k]); - cout << "\nKEY: "; - for (int j=0;j<XMACC_MD5::KEYLENGTH;j++) - cout << setw(2) << setfill('0') << hex << (int)keys[k][j]; - cout << " COUNTER: 0x" << hex << counters[k] << endl << endl; - for (int i=0;i<7;i++) - { - mac.Update((byte *)TestVals[i], strlen(TestVals[i])); - mac.Final(digest); - fail = memcmp(digest, output[k][i], XMACC_MD5::DIGESTSIZE) - || !mac.VerifyDigest(output[k][i], (byte *)TestVals[i], strlen(TestVals[i])); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed "); - for (int j=0;j<XMACC_MD5::DIGESTSIZE;j++) - cout << setw(2) << setfill('0') << hex << (int)digest[j]; - cout << " \"" << TestVals[i] << '\"' << endl; - } - } - - return pass; -} -#endif - -bool ValidateTTMAC() -{ - const byte key[TTMAC::KEYLENGTH]={ - 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99, - 0xaa,0xbb,0xcc,0xdd,0xee,0xff,0x01,0x23,0x45,0x67}; - - const char *TestVals[8]={ - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; - - const byte output[8][TTMAC::DIGESTSIZE]={ - {0x2d,0xec,0x8e,0xd4,0xa0,0xfd,0x71,0x2e,0xd9,0xfb,0xf2,0xab,0x46,0x6e,0xc2,0xdf,0x21,0x21,0x5e,0x4a}, - {0x58,0x93,0xe3,0xe6,0xe3,0x06,0x70,0x4d,0xd7,0x7a,0xd6,0xe6,0xed,0x43,0x2c,0xde,0x32,0x1a,0x77,0x56}, - {0x70,0xbf,0xd1,0x02,0x97,0x97,0xa5,0xc1,0x6d,0xa5,0xb5,0x57,0xa1,0xf0,0xb2,0x77,0x9b,0x78,0x49,0x7e}, - {0x82,0x89,0xf4,0xf1,0x9f,0xfe,0x4f,0x2a,0xf7,0x37,0xde,0x4b,0xd7,0x1c,0x82,0x9d,0x93,0xa9,0x72,0xfa}, - {0x21,0x86,0xca,0x09,0xc5,0x53,0x31,0x98,0xb7,0x37,0x1f,0x24,0x52,0x73,0x50,0x4c,0xa9,0x2b,0xae,0x60}, - {0x8a,0x7b,0xf7,0x7a,0xef,0x62,0xa2,0x57,0x84,0x97,0xa2,0x7c,0x0d,0x65,0x18,0xa4,0x29,0xe7,0xc1,0x4d}, - {0x54,0xba,0xc3,0x92,0xa8,0x86,0x80,0x6d,0x16,0x95,0x56,0xfc,0xbb,0x67,0x89,0xb5,0x4f,0xb3,0x64,0xfb}, - {0x0c,0xed,0x2c,0x9f,0x8f,0x0d,0x9d,0x03,0x98,0x1a,0xb5,0xc8,0x18,0x4b,0xac,0x43,0xdd,0x54,0xc4,0x84}}; - - byte digest[TTMAC::DIGESTSIZE]; - bool pass=true, fail; - - cout << "\nTwo-Track-MAC validation suite running...\n"; - - TTMAC mac(key, sizeof(key)); - for (int k=0; k<sizeof(TestVals)/sizeof(TestVals[0]); k++) - { - mac.Update((byte *)TestVals[k], strlen(TestVals[k])); - mac.Final(digest); - fail = memcmp(digest, output[k], TTMAC::DIGESTSIZE) - || !mac.VerifyDigest(output[k], (byte *)TestVals[k], strlen(TestVals[k])); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed "); - for (int j=0;j<TTMAC::DIGESTSIZE;j++) - cout << setw(2) << setfill('0') << hex << (int)digest[j]; - cout << " \"" << TestVals[k] << '\"' << endl; - } - - return true; -} - -struct PBKDF_TestTuple -{ - byte purpose; - unsigned int iterations; - const char *hexPassword, *hexSalt, *hexDerivedKey; -}; - -bool TestPBKDF(PasswordBasedKeyDerivationFunction &pbkdf, const PBKDF_TestTuple *testSet, unsigned int testSetSize) -{ - bool pass = true; - - for (unsigned int i=0; i<testSetSize; i++) - { - const PBKDF_TestTuple &tuple = testSet[i]; - - string password, salt, derivedKey; - StringSource(tuple.hexPassword, true, new HexDecoder(new StringSink(password))); - StringSource(tuple.hexSalt, true, new HexDecoder(new StringSink(salt))); - StringSource(tuple.hexDerivedKey, true, new HexDecoder(new StringSink(derivedKey))); - - SecByteBlock derived(derivedKey.size()); - pbkdf.DeriveKey(derived, derived.size(), tuple.purpose, (byte *)password.data(), password.size(), (byte *)salt.data(), salt.size(), tuple.iterations); - bool fail = memcmp(derived, derivedKey.data(), derived.size()) != 0; - pass = pass && !fail; - - HexEncoder enc(new FileSink(cout)); - cout << (fail ? "FAILED " : "passed "); - enc.Put(tuple.purpose); - cout << " " << tuple.iterations; - cout << " " << tuple.hexPassword << " " << tuple.hexSalt << " "; - enc.Put(derived, derived.size()); - cout << endl; - } - - return pass; -} - -bool ValidatePBKDF() -{ - bool pass = true; - - { - // from OpenSSL PKCS#12 Program FAQ v1.77, at http://www.drh-consultancy.demon.co.uk/test.txt - PBKDF_TestTuple testSet[] = - { - {1, 1, "0073006D006500670000", "0A58CF64530D823F", "8AAAE6297B6CB04642AB5B077851284EB7128F1A2A7FBCA3"}, - {2, 1, "0073006D006500670000", "0A58CF64530D823F", "79993DFE048D3B76"}, - {1, 1, "0073006D006500670000", "642B99AB44FB4B1F", "F3A95FEC48D7711E985CFE67908C5AB79FA3D7C5CAA5D966"}, - {2, 1, "0073006D006500670000", "642B99AB44FB4B1F", "C0A38D64A79BEA1D"}, - {3, 1, "0073006D006500670000", "3D83C0E4546AC140", "8D967D88F6CAA9D714800AB3D48051D63F73A312"}, - {1, 1000, "007100750065006500670000", "05DEC959ACFF72F7", "ED2034E36328830FF09DF1E1A07DD357185DAC0D4F9EB3D4"}, - {2, 1000, "007100750065006500670000", "05DEC959ACFF72F7", "11DEDAD7758D4860"}, - {1, 1000, "007100750065006500670000", "1682C0FC5B3F7EC5", "483DD6E919D7DE2E8E648BA8F862F3FBFBDC2BCB2C02957F"}, - {2, 1000, "007100750065006500670000", "1682C0FC5B3F7EC5", "9D461D1B00355C50"}, - {3, 1000, "007100750065006500670000", "263216FCC2FAB31C", "5EC4C7A80DF652294C3925B6489A7AB857C83476"} - }; - - PKCS12_PBKDF<SHA1> pbkdf; - - cout << "\nPKCS #12 PBKDF validation suite running...\n\n"; - pass = TestPBKDF(pbkdf, testSet, sizeof(testSet)/sizeof(testSet[0])) && pass; - } - - { - // from draft-ietf-smime-password-03.txt, at http://www.imc.org/draft-ietf-smime-password - PBKDF_TestTuple testSet[] = - { - {0, 5, "70617373776f7264", "1234567878563412", "D1DAA78615F287E6"}, - {0, 500, "416C6C206E2D656E746974696573206D75737420636F6D6D756E69636174652077697468206F74686572206E2d656E74697469657320766961206E2D3120656E746974656568656568656573", "1234567878563412","6A8970BF68C92CAEA84A8DF28510858607126380CC47AB2D"} - }; - - PKCS5_PBKDF2_HMAC<SHA1> pbkdf; - - cout << "\nPKCS #5 PBKDF2 validation suite running...\n\n"; - pass = TestPBKDF(pbkdf, testSet, sizeof(testSet)/sizeof(testSet[0])) && pass; - } - - return pass; -} diff --git a/cryptopp562/validate.h b/cryptopp562/validate.h deleted file mode 100644 index 0ab23cb..0000000 --- a/cryptopp562/validate.h +++ /dev/null @@ -1,81 +0,0 @@ -#ifndef CRYPTOPP_VALIDATE_H -#define CRYPTOPP_VALIDATE_H - -#include "cryptlib.h" - -bool ValidateAll(bool thorough); -bool TestSettings(); -bool TestOS_RNG(); -bool ValidateBaseCode(); - -bool ValidateCRC32(); -bool ValidateAdler32(); -bool ValidateMD2(); -bool ValidateMD4(); -bool ValidateMD5(); -bool ValidateSHA(); -bool ValidateSHA2(); -bool ValidateTiger(); -bool ValidateRIPEMD(); -bool ValidatePanama(); -bool ValidateWhirlpool(); - -bool ValidateHMAC(); -bool ValidateTTMAC(); - -bool ValidateCipherModes(); -bool ValidatePBKDF(); - -bool ValidateDES(); -bool ValidateIDEA(); -bool ValidateSAFER(); -bool ValidateRC2(); -bool ValidateARC4(); - -bool ValidateRC5(); -bool ValidateBlowfish(); -bool ValidateThreeWay(); -bool ValidateGOST(); -bool ValidateSHARK(); -bool ValidateSEAL(); -bool ValidateCAST(); -bool ValidateSquare(); -bool ValidateSKIPJACK(); -bool ValidateRC6(); -bool ValidateMARS(); -bool ValidateRijndael(); -bool ValidateTwofish(); -bool ValidateSerpent(); -bool ValidateSHACAL2(); -bool ValidateCamellia(); -bool ValidateSalsa(); -bool ValidateSosemanuk(); -bool ValidateVMAC(); -bool ValidateCCM(); -bool ValidateGCM(); -bool ValidateCMAC(); - -bool ValidateBBS(); -bool ValidateDH(); -bool ValidateMQV(); -bool ValidateRSA(); -bool ValidateElGamal(); -bool ValidateDLIES(); -bool ValidateNR(); -bool ValidateDSA(bool thorough); -bool ValidateLUC(); -bool ValidateLUC_DL(); -bool ValidateLUC_DH(); -bool ValidateXTR_DH(); -bool ValidateRabin(); -bool ValidateRW(); -//bool ValidateBlumGoldwasser(); -bool ValidateECP(); -bool ValidateEC2N(); -bool ValidateECDSA(); -bool ValidateESIGN(); - -CryptoPP::RandomNumberGenerator & GlobalRNG(); -bool RunTestDataFile(const char *filename, const CryptoPP::NameValuePairs &overrideParameters=CryptoPP::g_nullNameValuePairs, bool thorough=true); - -#endif diff --git a/cryptopp562/vmac.cpp b/cryptopp562/vmac.cpp deleted file mode 100644 index 6b490f9..0000000 --- a/cryptopp562/vmac.cpp +++ /dev/null @@ -1,832 +0,0 @@ -// vmac.cpp - written and placed in the public domain by Wei Dai -// based on Ted Krovetz's public domain vmac.c and draft-krovetz-vmac-01.txt - -#include "pch.h" -#include "vmac.h" -#include "argnames.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -#if defined(_MSC_VER) && !CRYPTOPP_BOOL_SLOW_WORD64 -#include <intrin.h> -#endif - -#define VMAC_BOOL_WORD128 (defined(CRYPTOPP_WORD128_AVAILABLE) && !defined(CRYPTOPP_X64_ASM_AVAILABLE)) -#ifdef __BORLANDC__ -#define const // Turbo C++ 2006 workaround -#endif -static const word64 p64 = W64LIT(0xfffffffffffffeff); /* 2^64 - 257 prime */ -static const word64 m62 = W64LIT(0x3fffffffffffffff); /* 62-bit mask */ -static const word64 m63 = W64LIT(0x7fffffffffffffff); /* 63-bit mask */ -static const word64 m64 = W64LIT(0xffffffffffffffff); /* 64-bit mask */ -static const word64 mpoly = W64LIT(0x1fffffff1fffffff); /* Poly key mask */ -#ifdef __BORLANDC__ -#undef const -#endif -#if VMAC_BOOL_WORD128 -#ifdef __powerpc__ -// workaround GCC Bug 31690: ICE with const __uint128_t and C++ front-end -#define m126 ((word128(m62)<<64)|m64) -#else -static const word128 m126 = (word128(m62)<<64)|m64; /* 126-bit mask */ -#endif -#endif - -void VMAC_Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms) -{ - int digestLength = params.GetIntValueWithDefault(Name::DigestSize(), DefaultDigestSize()); - if (digestLength != 8 && digestLength != 16) - throw InvalidArgument("VMAC: DigestSize must be 8 or 16"); - m_is128 = digestLength == 16; - - m_L1KeyLength = params.GetIntValueWithDefault(Name::L1KeyLength(), 128); - if (m_L1KeyLength <= 0 || m_L1KeyLength % 128 != 0) - throw InvalidArgument("VMAC: L1KeyLength must be a positive multiple of 128"); - - AllocateBlocks(); - - BlockCipher &cipher = AccessCipher(); - cipher.SetKey(userKey, keylength, params); - unsigned int blockSize = cipher.BlockSize(); - unsigned int blockSizeInWords = blockSize / sizeof(word64); - SecBlock<word64> out(blockSizeInWords); - SecByteBlock in; - in.CleanNew(blockSize); - size_t i; - - /* Fill nh key */ - in[0] = 0x80; - cipher.AdvancedProcessBlocks(in, NULL, (byte *)m_nhKey(), m_nhKeySize()*sizeof(word64), cipher.BT_InBlockIsCounter); - ConditionalByteReverse<word64>(BIG_ENDIAN_ORDER, m_nhKey(), m_nhKey(), m_nhKeySize()*sizeof(word64)); - - /* Fill poly key */ - in[0] = 0xC0; - in[15] = 0; - for (i = 0; i <= (size_t)m_is128; i++) - { - cipher.ProcessBlock(in, out.BytePtr()); - m_polyState()[i*4+2] = GetWord<word64>(true, BIG_ENDIAN_ORDER, out.BytePtr()) & mpoly; - m_polyState()[i*4+3] = GetWord<word64>(true, BIG_ENDIAN_ORDER, out.BytePtr()+8) & mpoly; - in[15]++; - } - - /* Fill ip key */ - in[0] = 0xE0; - in[15] = 0; - word64 *l3Key = m_l3Key(); - for (i = 0; i <= (size_t)m_is128; i++) - do - { - cipher.ProcessBlock(in, out.BytePtr()); - l3Key[i*2+0] = GetWord<word64>(true, BIG_ENDIAN_ORDER, out.BytePtr()); - l3Key[i*2+1] = GetWord<word64>(true, BIG_ENDIAN_ORDER, out.BytePtr()+8); - in[15]++; - } while ((l3Key[i*2+0] >= p64) || (l3Key[i*2+1] >= p64)); - - m_padCached = false; - size_t nonceLength; - const byte *nonce = GetIVAndThrowIfInvalid(params, nonceLength); - Resynchronize(nonce, (int)nonceLength); -} - -void VMAC_Base::GetNextIV(RandomNumberGenerator &rng, byte *IV) -{ - SimpleKeyingInterface::GetNextIV(rng, IV); - IV[0] &= 0x7f; -} - -void VMAC_Base::Resynchronize(const byte *nonce, int len) -{ - size_t length = ThrowIfInvalidIVLength(len); - size_t s = IVSize(); - byte *storedNonce = m_nonce(); - - if (m_is128) - { - memset(storedNonce, 0, s-length); - memcpy(storedNonce+s-length, nonce, length); - AccessCipher().ProcessBlock(storedNonce, m_pad()); - } - else - { - if (m_padCached && (storedNonce[s-1] | 1) == (nonce[length-1] | 1)) - { - m_padCached = VerifyBufsEqual(storedNonce+s-length, nonce, length-1); - for (size_t i=0; m_padCached && i<s-length; i++) - m_padCached = (storedNonce[i] == 0); - } - if (!m_padCached) - { - memset(storedNonce, 0, s-length); - memcpy(storedNonce+s-length, nonce, length-1); - storedNonce[s-1] = nonce[length-1] & 0xfe; - AccessCipher().ProcessBlock(storedNonce, m_pad()); - m_padCached = true; - } - storedNonce[s-1] = nonce[length-1]; - } - m_isFirstBlock = true; - Restart(); -} - -void VMAC_Base::HashEndianCorrectedBlock(const word64 *data) -{ - assert(false); - throw 0; -} - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 -#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code -void -#ifdef __GNUC__ -__attribute__ ((noinline)) // Intel Compiler 9.1 workaround -#endif -VMAC_Base::VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, int tagPart) -{ - const word64 *nhK = m_nhKey(); - word64 *polyS = m_polyState(); - word32 L1KeyLength = m_L1KeyLength; - -#ifdef __GNUC__ - word32 temp; - __asm__ __volatile__ - ( - AS2( mov %%ebx, %0) - AS2( mov %1, %%ebx) - ".intel_syntax noprefix;" -#else - #if _MSC_VER < 1300 || defined(__INTEL_COMPILER) - char isFirstBlock = m_isFirstBlock; - AS2( mov ebx, [L1KeyLength]) - AS2( mov dl, [isFirstBlock]) - #else - AS2( mov ecx, this) - AS2( mov ebx, [ecx+m_L1KeyLength]) - AS2( mov dl, [ecx+m_isFirstBlock]) - #endif - AS2( mov eax, tagPart) - AS2( shl eax, 4) - AS2( mov edi, nhK) - AS2( add edi, eax) - AS2( add eax, eax) - AS2( add eax, polyS) - - AS2( mov esi, data) - AS2( mov ecx, blocksRemainingInWord64) -#endif - - AS2( shr ebx, 3) - AS1( push ebp) - AS2( sub esp, 12) - ASL(4) - AS2( mov ebp, ebx) - AS2( cmp ecx, ebx) - AS2( cmovl ebp, ecx) - AS2( sub ecx, ebp) - AS2( lea ebp, [edi+8*ebp]) // end of nhK - AS2( movq mm6, [esi]) - AS2( paddq mm6, [edi]) - AS2( movq mm5, [esi+8]) - AS2( paddq mm5, [edi+8]) - AS2( add esi, 16) - AS2( add edi, 16) - AS2( movq mm4, mm6) - ASS( pshufw mm2, mm6, 1, 0, 3, 2) - AS2( pmuludq mm6, mm5) - ASS( pshufw mm3, mm5, 1, 0, 3, 2) - AS2( pmuludq mm5, mm2) - AS2( pmuludq mm2, mm3) - AS2( pmuludq mm3, mm4) - AS2( pxor mm7, mm7) - AS2( movd [esp], mm6) - AS2( psrlq mm6, 32) - AS2( movd [esp+4], mm5) - AS2( psrlq mm5, 32) - AS2( cmp edi, ebp) - ASJ( je, 1, f) - ASL(0) - AS2( movq mm0, [esi]) - AS2( paddq mm0, [edi]) - AS2( movq mm1, [esi+8]) - AS2( paddq mm1, [edi+8]) - AS2( add esi, 16) - AS2( add edi, 16) - AS2( movq mm4, mm0) - AS2( paddq mm5, mm2) - ASS( pshufw mm2, mm0, 1, 0, 3, 2) - AS2( pmuludq mm0, mm1) - AS2( movd [esp+8], mm3) - AS2( psrlq mm3, 32) - AS2( paddq mm5, mm3) - ASS( pshufw mm3, mm1, 1, 0, 3, 2) - AS2( pmuludq mm1, mm2) - AS2( pmuludq mm2, mm3) - AS2( pmuludq mm3, mm4) - AS2( movd mm4, [esp]) - AS2( paddq mm7, mm4) - AS2( movd mm4, [esp+4]) - AS2( paddq mm6, mm4) - AS2( movd mm4, [esp+8]) - AS2( paddq mm6, mm4) - AS2( movd [esp], mm0) - AS2( psrlq mm0, 32) - AS2( paddq mm6, mm0) - AS2( movd [esp+4], mm1) - AS2( psrlq mm1, 32) - AS2( paddq mm5, mm1) - AS2( cmp edi, ebp) - ASJ( jne, 0, b) - ASL(1) - AS2( paddq mm5, mm2) - AS2( movd [esp+8], mm3) - AS2( psrlq mm3, 32) - AS2( paddq mm5, mm3) - AS2( movd mm4, [esp]) - AS2( paddq mm7, mm4) - AS2( movd mm4, [esp+4]) - AS2( paddq mm6, mm4) - AS2( movd mm4, [esp+8]) - AS2( paddq mm6, mm4) - AS2( lea ebp, [8*ebx]) - AS2( sub edi, ebp) // reset edi to start of nhK - - AS2( movd [esp], mm7) - AS2( psrlq mm7, 32) - AS2( paddq mm6, mm7) - AS2( movd [esp+4], mm6) - AS2( psrlq mm6, 32) - AS2( paddq mm5, mm6) - AS2( psllq mm5, 2) - AS2( psrlq mm5, 2) - -#define a0 [eax+2*4] -#define a1 [eax+3*4] -#define a2 [eax+0*4] -#define a3 [eax+1*4] -#define k0 [eax+2*8+2*4] -#define k1 [eax+2*8+3*4] -#define k2 [eax+2*8+0*4] -#define k3 [eax+2*8+1*4] - AS2( test dl, dl) - ASJ( jz, 2, f) - AS2( movd mm1, k0) - AS2( movd mm0, [esp]) - AS2( paddq mm0, mm1) - AS2( movd a0, mm0) - AS2( psrlq mm0, 32) - AS2( movd mm1, k1) - AS2( movd mm2, [esp+4]) - AS2( paddq mm1, mm2) - AS2( paddq mm0, mm1) - AS2( movd a1, mm0) - AS2( psrlq mm0, 32) - AS2( paddq mm5, k2) - AS2( paddq mm0, mm5) - AS2( movq a2, mm0) - AS2( xor edx, edx) - ASJ( jmp, 3, f) - ASL(2) - AS2( movd mm0, a3) - AS2( movq mm4, mm0) - AS2( pmuludq mm0, k3) // a3*k3 - AS2( movd mm1, a0) - AS2( pmuludq mm1, k2) // a0*k2 - AS2( movd mm2, a1) - AS2( movd mm6, k1) - AS2( pmuludq mm2, mm6) // a1*k1 - AS2( movd mm3, a2) - AS2( psllq mm0, 1) - AS2( paddq mm0, mm5) - AS2( movq mm5, mm3) - AS2( movd mm7, k0) - AS2( pmuludq mm3, mm7) // a2*k0 - AS2( pmuludq mm4, mm7) // a3*k0 - AS2( pmuludq mm5, mm6) // a2*k1 - AS2( paddq mm0, mm1) - AS2( movd mm1, a1) - AS2( paddq mm4, mm5) - AS2( movq mm5, mm1) - AS2( pmuludq mm1, k2) // a1*k2 - AS2( paddq mm0, mm2) - AS2( movd mm2, a0) - AS2( paddq mm0, mm3) - AS2( movq mm3, mm2) - AS2( pmuludq mm2, k3) // a0*k3 - AS2( pmuludq mm3, mm7) // a0*k0 - AS2( movd [esp+8], mm0) - AS2( psrlq mm0, 32) - AS2( pmuludq mm7, mm5) // a1*k0 - AS2( pmuludq mm5, k3) // a1*k3 - AS2( paddq mm0, mm1) - AS2( movd mm1, a2) - AS2( pmuludq mm1, k2) // a2*k2 - AS2( paddq mm0, mm2) - AS2( paddq mm0, mm4) - AS2( movq mm4, mm0) - AS2( movd mm2, a3) - AS2( pmuludq mm2, mm6) // a3*k1 - AS2( pmuludq mm6, a0) // a0*k1 - AS2( psrlq mm0, 31) - AS2( paddq mm0, mm3) - AS2( movd mm3, [esp]) - AS2( paddq mm0, mm3) - AS2( movd mm3, a2) - AS2( pmuludq mm3, k3) // a2*k3 - AS2( paddq mm5, mm1) - AS2( movd mm1, a3) - AS2( pmuludq mm1, k2) // a3*k2 - AS2( paddq mm5, mm2) - AS2( movd mm2, [esp+4]) - AS2( psllq mm5, 1) - AS2( paddq mm0, mm5) - AS2( psllq mm4, 33) - AS2( movd a0, mm0) - AS2( psrlq mm0, 32) - AS2( paddq mm6, mm7) - AS2( movd mm7, [esp+8]) - AS2( paddq mm0, mm6) - AS2( paddq mm0, mm2) - AS2( paddq mm3, mm1) - AS2( psllq mm3, 1) - AS2( paddq mm0, mm3) - AS2( psrlq mm4, 1) - AS2( movd a1, mm0) - AS2( psrlq mm0, 32) - AS2( por mm4, mm7) - AS2( paddq mm0, mm4) - AS2( movq a2, mm0) -#undef a0 -#undef a1 -#undef a2 -#undef a3 -#undef k0 -#undef k1 -#undef k2 -#undef k3 - - ASL(3) - AS2( test ecx, ecx) - ASJ( jnz, 4, b) - - AS2( add esp, 12) - AS1( pop ebp) - AS1( emms) -#ifdef __GNUC__ - ".att_syntax prefix;" - AS2( mov %0, %%ebx) - : "=m" (temp) - : "m" (L1KeyLength), "c" (blocksRemainingInWord64), "S" (data), "D" (nhK+tagPart*2), "d" (m_isFirstBlock), "a" (polyS+tagPart*4) - : "memory", "cc" - ); -#endif -} -#endif - -#if VMAC_BOOL_WORD128 - #define DeclareNH(a) word128 a=0 - #define MUL64(rh,rl,i1,i2) {word128 p = word128(i1)*(i2); rh = word64(p>>64); rl = word64(p);} - #define AccumulateNH(a, b, c) a += word128(b)*(c) - #define Multiply128(r, i1, i2) r = word128(word64(i1)) * word64(i2) -#else - #if _MSC_VER >= 1400 && !defined(__INTEL_COMPILER) - #define MUL32(a, b) __emulu(word32(a), word32(b)) - #else - #define MUL32(a, b) ((word64)((word32)(a)) * (word32)(b)) - #endif - #if defined(CRYPTOPP_X64_ASM_AVAILABLE) - #define DeclareNH(a) word64 a##0=0, a##1=0 - #define MUL64(rh,rl,i1,i2) asm ("mulq %3" : "=a"(rl), "=d"(rh) : "a"(i1), "g"(i2) : "cc"); - #define AccumulateNH(a, b, c) asm ("mulq %3; addq %%rax, %0; adcq %%rdx, %1" : "+r"(a##0), "+r"(a##1) : "a"(b), "g"(c) : "%rdx", "cc"); - #define ADD128(rh,rl,ih,il) asm ("addq %3, %1; adcq %2, %0" : "+r"(rh),"+r"(rl) : "r"(ih),"r"(il) : "cc"); - #elif defined(_MSC_VER) && !CRYPTOPP_BOOL_SLOW_WORD64 - #define DeclareNH(a) word64 a##0=0, a##1=0 - #define MUL64(rh,rl,i1,i2) (rl) = _umul128(i1,i2,&(rh)); - #define AccumulateNH(a, b, c) {\ - word64 ph, pl;\ - pl = _umul128(b,c,&ph);\ - a##0 += pl;\ - a##1 += ph + (a##0 < pl);} - #else - #define VMAC_BOOL_32BIT 1 - #define DeclareNH(a) word64 a##0=0, a##1=0, a##2=0 - #define MUL64(rh,rl,i1,i2) \ - { word64 _i1 = (i1), _i2 = (i2); \ - word64 m1= MUL32(_i1,_i2>>32); \ - word64 m2= MUL32(_i1>>32,_i2); \ - rh = MUL32(_i1>>32,_i2>>32); \ - rl = MUL32(_i1,_i2); \ - ADD128(rh,rl,(m1 >> 32),(m1 << 32)); \ - ADD128(rh,rl,(m2 >> 32),(m2 << 32)); \ - } - #define AccumulateNH(a, b, c) {\ - word64 p = MUL32(b, c);\ - a##1 += word32((p)>>32);\ - a##0 += word32(p);\ - p = MUL32((b)>>32, c);\ - a##2 += word32((p)>>32);\ - a##1 += word32(p);\ - p = MUL32((b)>>32, (c)>>32);\ - a##2 += p;\ - p = MUL32(b, (c)>>32);\ - a##1 += word32(p);\ - a##2 += word32(p>>32);} - #endif -#endif -#ifndef VMAC_BOOL_32BIT - #define VMAC_BOOL_32BIT 0 -#endif -#ifndef ADD128 - #define ADD128(rh,rl,ih,il) \ - { word64 _il = (il); \ - (rl) += (_il); \ - (rh) += (ih) + ((rl) < (_il)); \ - } -#endif - -#if !(defined(_MSC_VER) && _MSC_VER < 1300) -template <bool T_128BitTag> -#endif -void VMAC_Base::VHASH_Update_Template(const word64 *data, size_t blocksRemainingInWord64) -{ - #define INNER_LOOP_ITERATION(j) {\ - word64 d0 = ConditionalByteReverse(LITTLE_ENDIAN_ORDER, data[i+2*j+0]);\ - word64 d1 = ConditionalByteReverse(LITTLE_ENDIAN_ORDER, data[i+2*j+1]);\ - AccumulateNH(nhA, d0+nhK[i+2*j+0], d1+nhK[i+2*j+1]);\ - if (T_128BitTag)\ - AccumulateNH(nhB, d0+nhK[i+2*j+2], d1+nhK[i+2*j+3]);\ - } - -#if (defined(_MSC_VER) && _MSC_VER < 1300) - bool T_128BitTag = m_is128; -#endif - size_t L1KeyLengthInWord64 = m_L1KeyLength / 8; - size_t innerLoopEnd = L1KeyLengthInWord64; - const word64 *nhK = m_nhKey(); - word64 *polyS = m_polyState(); - bool isFirstBlock = true; - size_t i; - - #if !VMAC_BOOL_32BIT - #if VMAC_BOOL_WORD128 - word128 a1, a2; - #else - word64 ah1, al1, ah2, al2; - #endif - word64 kh1, kl1, kh2, kl2; - kh1=(polyS+0*4+2)[0]; kl1=(polyS+0*4+2)[1]; - if (T_128BitTag) - { - kh2=(polyS+1*4+2)[0]; kl2=(polyS+1*4+2)[1]; - } - #endif - - do - { - DeclareNH(nhA); - DeclareNH(nhB); - - i = 0; - if (blocksRemainingInWord64 < L1KeyLengthInWord64) - { - if (blocksRemainingInWord64 % 8) - { - innerLoopEnd = blocksRemainingInWord64 % 8; - for (; i<innerLoopEnd; i+=2) - INNER_LOOP_ITERATION(0); - } - innerLoopEnd = blocksRemainingInWord64; - } - for (; i<innerLoopEnd; i+=8) - { - INNER_LOOP_ITERATION(0); - INNER_LOOP_ITERATION(1); - INNER_LOOP_ITERATION(2); - INNER_LOOP_ITERATION(3); - } - blocksRemainingInWord64 -= innerLoopEnd; - data += innerLoopEnd; - - #if VMAC_BOOL_32BIT - word32 nh0[2], nh1[2]; - word64 nh2[2]; - - nh0[0] = word32(nhA0); - nhA1 += (nhA0 >> 32); - nh1[0] = word32(nhA1); - nh2[0] = (nhA2 + (nhA1 >> 32)) & m62; - - if (T_128BitTag) - { - nh0[1] = word32(nhB0); - nhB1 += (nhB0 >> 32); - nh1[1] = word32(nhB1); - nh2[1] = (nhB2 + (nhB1 >> 32)) & m62; - } - - #define a0 (((word32 *)(polyS+i*4))[2+NativeByteOrder::ToEnum()]) - #define a1 (*(((word32 *)(polyS+i*4))+3-NativeByteOrder::ToEnum())) // workaround for GCC 3.2 - #define a2 (((word32 *)(polyS+i*4))[0+NativeByteOrder::ToEnum()]) - #define a3 (*(((word32 *)(polyS+i*4))+1-NativeByteOrder::ToEnum())) - #define aHi ((polyS+i*4)[0]) - #define k0 (((word32 *)(polyS+i*4+2))[2+NativeByteOrder::ToEnum()]) - #define k1 (*(((word32 *)(polyS+i*4+2))+3-NativeByteOrder::ToEnum())) - #define k2 (((word32 *)(polyS+i*4+2))[0+NativeByteOrder::ToEnum()]) - #define k3 (*(((word32 *)(polyS+i*4+2))+1-NativeByteOrder::ToEnum())) - #define kHi ((polyS+i*4+2)[0]) - - if (isFirstBlock) - { - isFirstBlock = false; - if (m_isFirstBlock) - { - m_isFirstBlock = false; - for (i=0; i<=(size_t)T_128BitTag; i++) - { - word64 t = (word64)nh0[i] + k0; - a0 = (word32)t; - t = (t >> 32) + nh1[i] + k1; - a1 = (word32)t; - aHi = (t >> 32) + nh2[i] + kHi; - } - continue; - } - } - for (i=0; i<=(size_t)T_128BitTag; i++) - { - word64 p, t; - word32 t2; - - p = MUL32(a3, 2*k3); - p += nh2[i]; - p += MUL32(a0, k2); - p += MUL32(a1, k1); - p += MUL32(a2, k0); - t2 = (word32)p; - p >>= 32; - p += MUL32(a0, k3); - p += MUL32(a1, k2); - p += MUL32(a2, k1); - p += MUL32(a3, k0); - t = (word64(word32(p) & 0x7fffffff) << 32) | t2; - p >>= 31; - p += nh0[i]; - p += MUL32(a0, k0); - p += MUL32(a1, 2*k3); - p += MUL32(a2, 2*k2); - p += MUL32(a3, 2*k1); - t2 = (word32)p; - p >>= 32; - p += nh1[i]; - p += MUL32(a0, k1); - p += MUL32(a1, k0); - p += MUL32(a2, 2*k3); - p += MUL32(a3, 2*k2); - a0 = t2; - a1 = (word32)p; - aHi = (p >> 32) + t; - } - - #undef a0 - #undef a1 - #undef a2 - #undef a3 - #undef aHi - #undef k0 - #undef k1 - #undef k2 - #undef k3 - #undef kHi - #else // #if VMAC_BOOL_32BIT - if (isFirstBlock) - { - isFirstBlock = false; - if (m_isFirstBlock) - { - m_isFirstBlock = false; - #if VMAC_BOOL_WORD128 - #define first_poly_step(a, kh, kl, m) a = (m & m126) + ((word128(kh) << 64) | kl) - - first_poly_step(a1, kh1, kl1, nhA); - if (T_128BitTag) - first_poly_step(a2, kh2, kl2, nhB); - #else - #define first_poly_step(ah, al, kh, kl, mh, ml) {\ - mh &= m62;\ - ADD128(mh, ml, kh, kl); \ - ah = mh; al = ml;} - - first_poly_step(ah1, al1, kh1, kl1, nhA1, nhA0); - if (T_128BitTag) - first_poly_step(ah2, al2, kh2, kl2, nhB1, nhB0); - #endif - continue; - } - else - { - #if VMAC_BOOL_WORD128 - a1 = (word128((polyS+0*4)[0]) << 64) | (polyS+0*4)[1]; - #else - ah1=(polyS+0*4)[0]; al1=(polyS+0*4)[1]; - #endif - if (T_128BitTag) - { - #if VMAC_BOOL_WORD128 - a2 = (word128((polyS+1*4)[0]) << 64) | (polyS+1*4)[1]; - #else - ah2=(polyS+1*4)[0]; al2=(polyS+1*4)[1]; - #endif - } - } - } - - #if VMAC_BOOL_WORD128 - #define poly_step(a, kh, kl, m) \ - { word128 t1, t2, t3, t4;\ - Multiply128(t2, a>>64, kl);\ - Multiply128(t3, a, kh);\ - Multiply128(t1, a, kl);\ - Multiply128(t4, a>>64, 2*kh);\ - t2 += t3;\ - t4 += t1;\ - t2 += t4>>64;\ - a = (word128(word64(t2)&m63) << 64) | word64(t4);\ - t2 *= 2;\ - a += m & m126;\ - a += t2>>64;} - - poly_step(a1, kh1, kl1, nhA); - if (T_128BitTag) - poly_step(a2, kh2, kl2, nhB); - #else - #define poly_step(ah, al, kh, kl, mh, ml) \ - { word64 t1h, t1l, t2h, t2l, t3h, t3l, z=0; \ - /* compute ab*cd, put bd into result registers */ \ - MUL64(t2h,t2l,ah,kl); \ - MUL64(t3h,t3l,al,kh); \ - MUL64(t1h,t1l,ah,2*kh); \ - MUL64(ah,al,al,kl); \ - /* add together ad + bc */ \ - ADD128(t2h,t2l,t3h,t3l); \ - /* add 2 * ac to result */ \ - ADD128(ah,al,t1h,t1l); \ - /* now (ah,al), (t2l,2*t2h) need summing */ \ - /* first add the high registers, carrying into t2h */ \ - ADD128(t2h,ah,z,t2l); \ - /* double t2h and add top bit of ah */ \ - t2h += t2h + (ah >> 63); \ - ah &= m63; \ - /* now add the low registers */ \ - mh &= m62; \ - ADD128(ah,al,mh,ml); \ - ADD128(ah,al,z,t2h); \ - } - - poly_step(ah1, al1, kh1, kl1, nhA1, nhA0); - if (T_128BitTag) - poly_step(ah2, al2, kh2, kl2, nhB1, nhB0); - #endif - #endif // #if VMAC_BOOL_32BIT - } while (blocksRemainingInWord64); - - #if VMAC_BOOL_WORD128 - (polyS+0*4)[0]=word64(a1>>64); (polyS+0*4)[1]=word64(a1); - if (T_128BitTag) - { - (polyS+1*4)[0]=word64(a2>>64); (polyS+1*4)[1]=word64(a2); - } - #elif !VMAC_BOOL_32BIT - (polyS+0*4)[0]=ah1; (polyS+0*4)[1]=al1; - if (T_128BitTag) - { - (polyS+1*4)[0]=ah2; (polyS+1*4)[1]=al2; - } - #endif -} - -inline void VMAC_Base::VHASH_Update(const word64 *data, size_t blocksRemainingInWord64) -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 - if (HasSSE2()) - { - VHASH_Update_SSE2(data, blocksRemainingInWord64, 0); - if (m_is128) - VHASH_Update_SSE2(data, blocksRemainingInWord64, 1); - m_isFirstBlock = false; - } - else -#endif - { -#if defined(_MSC_VER) && _MSC_VER < 1300 - VHASH_Update_Template(data, blocksRemainingInWord64); -#else - if (m_is128) - VHASH_Update_Template<true>(data, blocksRemainingInWord64); - else - VHASH_Update_Template<false>(data, blocksRemainingInWord64); -#endif - } -} - -size_t VMAC_Base::HashMultipleBlocks(const word64 *data, size_t length) -{ - size_t remaining = ModPowerOf2(length, m_L1KeyLength); - VHASH_Update(data, (length-remaining)/8); - return remaining; -} - -static word64 L3Hash(const word64 *input, const word64 *l3Key, size_t len) -{ - word64 rh, rl, t, z=0; - word64 p1 = input[0], p2 = input[1]; - word64 k1 = l3Key[0], k2 = l3Key[1]; - - /* fully reduce (p1,p2)+(len,0) mod p127 */ - t = p1 >> 63; - p1 &= m63; - ADD128(p1, p2, len, t); - /* At this point, (p1,p2) is at most 2^127+(len<<64) */ - t = (p1 > m63) + ((p1 == m63) & (p2 == m64)); - ADD128(p1, p2, z, t); - p1 &= m63; - - /* compute (p1,p2)/(2^64-2^32) and (p1,p2)%(2^64-2^32) */ - t = p1 + (p2 >> 32); - t += (t >> 32); - t += (word32)t > 0xfffffffeU; - p1 += (t >> 32); - p2 += (p1 << 32); - - /* compute (p1+k1)%p64 and (p2+k2)%p64 */ - p1 += k1; - p1 += (0 - (p1 < k1)) & 257; - p2 += k2; - p2 += (0 - (p2 < k2)) & 257; - - /* compute (p1+k1)*(p2+k2)%p64 */ - MUL64(rh, rl, p1, p2); - t = rh >> 56; - ADD128(t, rl, z, rh); - rh <<= 8; - ADD128(t, rl, z, rh); - t += t << 8; - rl += t; - rl += (0 - (rl < t)) & 257; - rl += (0 - (rl > p64-1)) & 257; - return rl; -} - -void VMAC_Base::TruncatedFinal(byte *mac, size_t size) -{ - size_t len = ModPowerOf2(GetBitCountLo()/8, m_L1KeyLength); - - if (len) - { - memset(m_data()+len, 0, (0-len)%16); - VHASH_Update(DataBuf(), ((len+15)/16)*2); - len *= 8; // convert to bits - } - else if (m_isFirstBlock) - { - // special case for empty string - m_polyState()[0] = m_polyState()[2]; - m_polyState()[1] = m_polyState()[3]; - if (m_is128) - { - m_polyState()[4] = m_polyState()[6]; - m_polyState()[5] = m_polyState()[7]; - } - } - - if (m_is128) - { - word64 t[2]; - t[0] = L3Hash(m_polyState(), m_l3Key(), len) + GetWord<word64>(true, BIG_ENDIAN_ORDER, m_pad()); - t[1] = L3Hash(m_polyState()+4, m_l3Key()+2, len) + GetWord<word64>(true, BIG_ENDIAN_ORDER, m_pad()+8); - if (size == 16) - { - PutWord(false, BIG_ENDIAN_ORDER, mac, t[0]); - PutWord(false, BIG_ENDIAN_ORDER, mac+8, t[1]); - } - else - { - t[0] = ConditionalByteReverse(BIG_ENDIAN_ORDER, t[0]); - t[1] = ConditionalByteReverse(BIG_ENDIAN_ORDER, t[1]); - memcpy(mac, t, size); - } - } - else - { - word64 t = L3Hash(m_polyState(), m_l3Key(), len); - t += GetWord<word64>(true, BIG_ENDIAN_ORDER, m_pad() + (m_nonce()[IVSize()-1]&1) * 8); - if (size == 8) - PutWord(false, BIG_ENDIAN_ORDER, mac, t); - else - { - t = ConditionalByteReverse(BIG_ENDIAN_ORDER, t); - memcpy(mac, &t, size); - } - } -} - -NAMESPACE_END diff --git a/cryptopp562/vmac.h b/cryptopp562/vmac.h deleted file mode 100644 index 0724017..0000000 --- a/cryptopp562/vmac.h +++ /dev/null @@ -1,68 +0,0 @@ -#ifndef CRYPTOPP_VMAC_H -#define CRYPTOPP_VMAC_H - -#include "iterhash.h" -#include "seckey.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// . -class VMAC_Base : public IteratedHashBase<word64, MessageAuthenticationCode> -{ -public: - std::string AlgorithmName() const {return std::string("VMAC(") + GetCipher().AlgorithmName() + ")-" + IntToString(DigestSize()*8);} - unsigned int IVSize() const {return GetCipher().BlockSize();} - unsigned int MinIVLength() const {return 1;} - void Resynchronize(const byte *nonce, int length=-1); - void GetNextIV(RandomNumberGenerator &rng, byte *IV); - unsigned int DigestSize() const {return m_is128 ? 16 : 8;}; - void UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms); - void TruncatedFinal(byte *mac, size_t size); - unsigned int BlockSize() const {return m_L1KeyLength;} - ByteOrder GetByteOrder() const {return LITTLE_ENDIAN_ORDER;} - -protected: - virtual BlockCipher & AccessCipher() =0; - virtual int DefaultDigestSize() const =0; - const BlockCipher & GetCipher() const {return const_cast<VMAC_Base *>(this)->AccessCipher();} - void HashEndianCorrectedBlock(const word64 *data); - size_t HashMultipleBlocks(const word64 *input, size_t length); - void Init() {} - word64* StateBuf() {return NULL;} - word64* DataBuf() {return (word64 *)m_data();} - - void VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, int tagPart); -#if !(defined(_MSC_VER) && _MSC_VER < 1300) // can't use function template here with VC6 - template <bool T_128BitTag> -#endif - void VHASH_Update_Template(const word64 *data, size_t blockRemainingInWord128); - void VHASH_Update(const word64 *data, size_t blocksRemainingInWord128); - - CRYPTOPP_BLOCK_1(polyState, word64, 4*(m_is128+1)) - CRYPTOPP_BLOCK_2(nhKey, word64, m_L1KeyLength/sizeof(word64) + 2*m_is128) - CRYPTOPP_BLOCK_3(data, byte, m_L1KeyLength) - CRYPTOPP_BLOCK_4(l3Key, word64, 2*(m_is128+1)) - CRYPTOPP_BLOCK_5(nonce, byte, IVSize()) - CRYPTOPP_BLOCK_6(pad, byte, IVSize()) - CRYPTOPP_BLOCKS_END(6) - - bool m_is128, m_padCached, m_isFirstBlock; - int m_L1KeyLength; -}; - -/// <a href="http://www.cryptolounge.org/wiki/VMAC">VMAC</a> -template <class T_BlockCipher, int T_DigestBitSize = 128> -class VMAC : public SimpleKeyingInterfaceImpl<VMAC_Base, SameKeyLengthAs<T_BlockCipher, SimpleKeyingInterface::UNIQUE_IV, T_BlockCipher::BLOCKSIZE> > -{ -public: - static std::string StaticAlgorithmName() {return std::string("VMAC(") + T_BlockCipher::StaticAlgorithmName() + ")-" + IntToString(T_DigestBitSize);} - -private: - BlockCipher & AccessCipher() {return m_cipher;} - int DefaultDigestSize() const {return T_DigestBitSize/8;} - typename T_BlockCipher::Encryption m_cipher; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/wait.cpp b/cryptopp562/wait.cpp deleted file mode 100644 index 1987858..0000000 --- a/cryptopp562/wait.cpp +++ /dev/null @@ -1,397 +0,0 @@ -// wait.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "wait.h" -#include "misc.h" - -#ifdef SOCKETS_AVAILABLE - -#ifdef USE_BERKELEY_STYLE_SOCKETS -#include <errno.h> -#include <sys/types.h> -#include <sys/time.h> -#include <unistd.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -unsigned int WaitObjectContainer::MaxWaitObjects() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - return MAXIMUM_WAIT_OBJECTS * (MAXIMUM_WAIT_OBJECTS-1); -#else - return FD_SETSIZE; -#endif -} - -WaitObjectContainer::WaitObjectContainer(WaitObjectsTracer* tracer) - : m_tracer(tracer), m_eventTimer(Timer::MILLISECONDS) - , m_sameResultCount(0), m_noWaitTimer(Timer::MILLISECONDS) -{ - Clear(); - m_eventTimer.StartTimer(); -} - -void WaitObjectContainer::Clear() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - m_handles.clear(); -#else - m_maxFd = 0; - FD_ZERO(&m_readfds); - FD_ZERO(&m_writefds); -#endif - m_noWait = false; - m_firstEventTime = 0; -} - -inline void WaitObjectContainer::SetLastResult(LastResultType result) -{ - if (result == m_lastResult) - m_sameResultCount++; - else - { - m_lastResult = result; - m_sameResultCount = 0; - } -} - -void WaitObjectContainer::DetectNoWait(LastResultType result, CallStack const& callStack) -{ - if (result == m_lastResult && m_noWaitTimer.ElapsedTime() > 1000) - { - if (m_sameResultCount > m_noWaitTimer.ElapsedTime()) - { - if (m_tracer) - { - std::string desc = "No wait loop detected - m_lastResult: "; - desc.append(IntToString(m_lastResult)).append(", call stack:"); - for (CallStack const* cs = &callStack; cs; cs = cs->Prev()) - desc.append("\n- ").append(cs->Format()); - m_tracer->TraceNoWaitLoop(desc); - } - try { throw 0; } catch (...) {} // help debugger break - } - - m_noWaitTimer.StartTimer(); - m_sameResultCount = 0; - } -} - -void WaitObjectContainer::SetNoWait(CallStack const& callStack) -{ - DetectNoWait(LASTRESULT_NOWAIT, CallStack("WaitObjectContainer::SetNoWait()", &callStack)); - m_noWait = true; -} - -void WaitObjectContainer::ScheduleEvent(double milliseconds, CallStack const& callStack) -{ - if (milliseconds <= 3) - DetectNoWait(LASTRESULT_SCHEDULED, CallStack("WaitObjectContainer::ScheduleEvent()", &callStack)); - double thisEventTime = m_eventTimer.ElapsedTimeAsDouble() + milliseconds; - if (!m_firstEventTime || thisEventTime < m_firstEventTime) - m_firstEventTime = thisEventTime; -} - -#ifdef USE_WINDOWS_STYLE_SOCKETS - -struct WaitingThreadData -{ - bool waitingToWait, terminate; - HANDLE startWaiting, stopWaiting; - const HANDLE *waitHandles; - unsigned int count; - HANDLE threadHandle; - DWORD threadId; - DWORD* error; -}; - -WaitObjectContainer::~WaitObjectContainer() -{ - try // don't let exceptions escape destructor - { - if (!m_threads.empty()) - { - HANDLE threadHandles[MAXIMUM_WAIT_OBJECTS]; - unsigned int i; - for (i=0; i<m_threads.size(); i++) - { - WaitingThreadData &thread = *m_threads[i]; - while (!thread.waitingToWait) // spin until thread is in the initial "waiting to wait" state - Sleep(0); - thread.terminate = true; - threadHandles[i] = thread.threadHandle; - } - PulseEvent(m_startWaiting); - ::WaitForMultipleObjects((DWORD)m_threads.size(), threadHandles, TRUE, INFINITE); - for (i=0; i<m_threads.size(); i++) - CloseHandle(threadHandles[i]); - CloseHandle(m_startWaiting); - CloseHandle(m_stopWaiting); - } - } - catch (...) - { - } -} - - -void WaitObjectContainer::AddHandle(HANDLE handle, CallStack const& callStack) -{ - DetectNoWait(m_handles.size(), CallStack("WaitObjectContainer::AddHandle()", &callStack)); - m_handles.push_back(handle); -} - -DWORD WINAPI WaitingThread(LPVOID lParam) -{ - std::auto_ptr<WaitingThreadData> pThread((WaitingThreadData *)lParam); - WaitingThreadData &thread = *pThread; - std::vector<HANDLE> handles; - - while (true) - { - thread.waitingToWait = true; - ::WaitForSingleObject(thread.startWaiting, INFINITE); - thread.waitingToWait = false; - - if (thread.terminate) - break; - if (!thread.count) - continue; - - handles.resize(thread.count + 1); - handles[0] = thread.stopWaiting; - std::copy(thread.waitHandles, thread.waitHandles+thread.count, handles.begin()+1); - - DWORD result = ::WaitForMultipleObjects((DWORD)handles.size(), &handles[0], FALSE, INFINITE); - - if (result == WAIT_OBJECT_0) - continue; // another thread finished waiting first, so do nothing - SetEvent(thread.stopWaiting); - if (!(result > WAIT_OBJECT_0 && result < WAIT_OBJECT_0 + handles.size())) - { - assert(!"error in WaitingThread"); // break here so we can see which thread has an error - *thread.error = ::GetLastError(); - } - } - - return S_OK; // return a value here to avoid compiler warning -} - -void WaitObjectContainer::CreateThreads(unsigned int count) -{ - size_t currentCount = m_threads.size(); - if (currentCount == 0) - { - m_startWaiting = ::CreateEvent(NULL, TRUE, FALSE, NULL); - m_stopWaiting = ::CreateEvent(NULL, TRUE, FALSE, NULL); - } - - if (currentCount < count) - { - m_threads.resize(count); - for (size_t i=currentCount; i<count; i++) - { - m_threads[i] = new WaitingThreadData; - WaitingThreadData &thread = *m_threads[i]; - thread.terminate = false; - thread.startWaiting = m_startWaiting; - thread.stopWaiting = m_stopWaiting; - thread.waitingToWait = false; - thread.threadHandle = CreateThread(NULL, 0, &WaitingThread, &thread, 0, &thread.threadId); - } - } -} - -bool WaitObjectContainer::Wait(unsigned long milliseconds) -{ - if (m_noWait || (m_handles.empty() && !m_firstEventTime)) - { - SetLastResult(LASTRESULT_NOWAIT); - return true; - } - - bool timeoutIsScheduledEvent = false; - - if (m_firstEventTime) - { - double timeToFirstEvent = SaturatingSubtract(m_firstEventTime, m_eventTimer.ElapsedTimeAsDouble()); - - if (timeToFirstEvent <= milliseconds) - { - milliseconds = (unsigned long)timeToFirstEvent; - timeoutIsScheduledEvent = true; - } - - if (m_handles.empty() || !milliseconds) - { - if (milliseconds) - Sleep(milliseconds); - SetLastResult(timeoutIsScheduledEvent ? LASTRESULT_SCHEDULED : LASTRESULT_TIMEOUT); - return timeoutIsScheduledEvent; - } - } - - if (m_handles.size() > MAXIMUM_WAIT_OBJECTS) - { - // too many wait objects for a single WaitForMultipleObjects call, so use multiple threads - static const unsigned int WAIT_OBJECTS_PER_THREAD = MAXIMUM_WAIT_OBJECTS-1; - unsigned int nThreads = (unsigned int)((m_handles.size() + WAIT_OBJECTS_PER_THREAD - 1) / WAIT_OBJECTS_PER_THREAD); - if (nThreads > MAXIMUM_WAIT_OBJECTS) // still too many wait objects, maybe implement recursive threading later? - throw Err("WaitObjectContainer: number of wait objects exceeds limit"); - CreateThreads(nThreads); - DWORD error = S_OK; - - for (unsigned int i=0; i<m_threads.size(); i++) - { - WaitingThreadData &thread = *m_threads[i]; - while (!thread.waitingToWait) // spin until thread is in the initial "waiting to wait" state - Sleep(0); - if (i<nThreads) - { - thread.waitHandles = &m_handles[i*WAIT_OBJECTS_PER_THREAD]; - thread.count = UnsignedMin(WAIT_OBJECTS_PER_THREAD, m_handles.size() - i*WAIT_OBJECTS_PER_THREAD); - thread.error = &error; - } - else - thread.count = 0; - } - - ResetEvent(m_stopWaiting); - PulseEvent(m_startWaiting); - - DWORD result = ::WaitForSingleObject(m_stopWaiting, milliseconds); - if (result == WAIT_OBJECT_0) - { - if (error == S_OK) - return true; - else - throw Err("WaitObjectContainer: WaitForMultipleObjects in thread failed with error " + IntToString(error)); - } - SetEvent(m_stopWaiting); - if (result == WAIT_TIMEOUT) - { - SetLastResult(timeoutIsScheduledEvent ? LASTRESULT_SCHEDULED : LASTRESULT_TIMEOUT); - return timeoutIsScheduledEvent; - } - else - throw Err("WaitObjectContainer: WaitForSingleObject failed with error " + IntToString(::GetLastError())); - } - else - { -#if TRACE_WAIT - static Timer t(Timer::MICROSECONDS); - static unsigned long lastTime = 0; - unsigned long timeBeforeWait = t.ElapsedTime(); -#endif - DWORD result = ::WaitForMultipleObjects((DWORD)m_handles.size(), &m_handles[0], FALSE, milliseconds); -#if TRACE_WAIT - if (milliseconds > 0) - { - unsigned long timeAfterWait = t.ElapsedTime(); - OutputDebugString(("Handles " + IntToString(m_handles.size()) + ", Woke up by " + IntToString(result-WAIT_OBJECT_0) + ", Busied for " + IntToString(timeBeforeWait-lastTime) + " us, Waited for " + IntToString(timeAfterWait-timeBeforeWait) + " us, max " + IntToString(milliseconds) + "ms\n").c_str()); - lastTime = timeAfterWait; - } -#endif - if (result >= WAIT_OBJECT_0 && result < WAIT_OBJECT_0 + m_handles.size()) - { - if (result == m_lastResult) - m_sameResultCount++; - else - { - m_lastResult = result; - m_sameResultCount = 0; - } - return true; - } - else if (result == WAIT_TIMEOUT) - { - SetLastResult(timeoutIsScheduledEvent ? LASTRESULT_SCHEDULED : LASTRESULT_TIMEOUT); - return timeoutIsScheduledEvent; - } - else - throw Err("WaitObjectContainer: WaitForMultipleObjects failed with error " + IntToString(::GetLastError())); - } -} - -#else // #ifdef USE_WINDOWS_STYLE_SOCKETS - -void WaitObjectContainer::AddReadFd(int fd, CallStack const& callStack) // TODO: do something with callStack -{ - FD_SET(fd, &m_readfds); - m_maxFd = STDMAX(m_maxFd, fd); -} - -void WaitObjectContainer::AddWriteFd(int fd, CallStack const& callStack) // TODO: do something with callStack -{ - FD_SET(fd, &m_writefds); - m_maxFd = STDMAX(m_maxFd, fd); -} - -bool WaitObjectContainer::Wait(unsigned long milliseconds) -{ - if (m_noWait || (!m_maxFd && !m_firstEventTime)) - return true; - - bool timeoutIsScheduledEvent = false; - - if (m_firstEventTime) - { - double timeToFirstEvent = SaturatingSubtract(m_firstEventTime, m_eventTimer.ElapsedTimeAsDouble()); - if (timeToFirstEvent <= milliseconds) - { - milliseconds = (unsigned long)timeToFirstEvent; - timeoutIsScheduledEvent = true; - } - } - - timeval tv, *timeout; - - if (milliseconds == INFINITE_TIME) - timeout = NULL; - else - { - tv.tv_sec = milliseconds / 1000; - tv.tv_usec = (milliseconds % 1000) * 1000; - timeout = &tv; - } - - int result = select(m_maxFd+1, &m_readfds, &m_writefds, NULL, timeout); - - if (result > 0) - return true; - else if (result == 0) - return timeoutIsScheduledEvent; - else - throw Err("WaitObjectContainer: select failed with error " + errno); -} - -#endif - -// ******************************************************** - -std::string CallStack::Format() const -{ - return m_info; -} - -std::string CallStackWithNr::Format() const -{ - return std::string(m_info) + " / nr: " + IntToString(m_nr); -} - -std::string CallStackWithStr::Format() const -{ - return std::string(m_info) + " / " + std::string(m_z); -} - -bool Waitable::Wait(unsigned long milliseconds, CallStack const& callStack) -{ - WaitObjectContainer container; - GetWaitObjects(container, callStack); // reduce clutter by not adding this func to stack - return container.Wait(milliseconds); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/wait.h b/cryptopp562/wait.h deleted file mode 100644 index 045afbc..0000000 --- a/cryptopp562/wait.h +++ /dev/null @@ -1,208 +0,0 @@ -#ifndef CRYPTOPP_WAIT_H -#define CRYPTOPP_WAIT_H - -#include "config.h" - -#ifdef SOCKETS_AVAILABLE - -#include "misc.h" -#include "cryptlib.h" -#include <vector> - -#ifdef USE_WINDOWS_STYLE_SOCKETS -#include <winsock2.h> -#else -#include <sys/types.h> -#endif - -#include "hrtimer.h" - -NAMESPACE_BEGIN(CryptoPP) - -class Tracer -{ -public: - Tracer(unsigned int level) : m_level(level) {} - virtual ~Tracer() {} - -protected: - //! Override this in your most-derived tracer to do the actual tracing. - virtual void Trace(unsigned int n, std::string const& s) = 0; - - /*! By default, tracers will decide which trace messages to trace according to a trace level - mechanism. If your most-derived tracer uses a different mechanism, override this to - return false. If this method returns false, the default TraceXxxx(void) methods will all - return 0 and must be overridden explicitly by your tracer for trace messages you want. */ - virtual bool UsingDefaults() const { return true; } - -protected: - unsigned int m_level; - - void TraceIf(unsigned int n, std::string const&s) - { if (n) Trace(n, s); } - - /*! Returns nr if, according to the default log settings mechanism (using log levels), - the message should be traced. Returns 0 if the default trace level mechanism is not - in use, or if it is in use but the event should not be traced. Provided as a utility - method for easier and shorter coding of default TraceXxxx(void) implementations. */ - unsigned int Tracing(unsigned int nr, unsigned int minLevel) const - { return (UsingDefaults() && m_level >= minLevel) ? nr : 0; } -}; - -// Your Tracer-derived class should inherit as virtual public from Tracer or another -// Tracer-derived class, and should pass the log level in its constructor. You can use the -// following methods to begin and end your Tracer definition. - -// This constructor macro initializes Tracer directly even if not derived directly from it; -// this is intended, virtual base classes are always initialized by the most derived class. -#define CRYPTOPP_TRACER_CONSTRUCTOR(DERIVED) \ - public: DERIVED(unsigned int level = 0) : Tracer(level) {} - -#define CRYPTOPP_BEGIN_TRACER_CLASS_1(DERIVED, BASE1) \ - class DERIVED : virtual public BASE1 { CRYPTOPP_TRACER_CONSTRUCTOR(DERIVED) - -#define CRYPTOPP_BEGIN_TRACER_CLASS_2(DERIVED, BASE1, BASE2) \ - class DERIVED : virtual public BASE1, virtual public BASE2 { CRYPTOPP_TRACER_CONSTRUCTOR(DERIVED) - -#define CRYPTOPP_END_TRACER_CLASS }; - -// In your Tracer-derived class, you should define a globally unique event number for each -// new event defined. This can be done using the following macros. - -#define CRYPTOPP_BEGIN_TRACER_EVENTS(UNIQUENR) enum { EVENTBASE = UNIQUENR, -#define CRYPTOPP_TRACER_EVENT(EVENTNAME) EventNr_##EVENTNAME, -#define CRYPTOPP_END_TRACER_EVENTS }; - -// In your own Tracer-derived class, you must define two methods per new trace event type: -// - unsigned int TraceXxxx() const -// Your default implementation of this method should return the event number if according -// to the default trace level system the event should be traced, or 0 if it should not. -// - void TraceXxxx(string const& s) -// This method should call TraceIf(TraceXxxx(), s); to do the tracing. -// For your convenience, a macro to define these two types of methods are defined below. -// If you use this macro, you should also use the TRACER_EVENTS macros above to associate -// event names with numbers. - -#define CRYPTOPP_TRACER_EVENT_METHODS(EVENTNAME, LOGLEVEL) \ - virtual unsigned int Trace##EVENTNAME() const { return Tracing(EventNr_##EVENTNAME, LOGLEVEL); } \ - virtual void Trace##EVENTNAME(std::string const& s) { TraceIf(Trace##EVENTNAME(), s); } - - -/*! A simple unidirectional linked list with m_prev == 0 to indicate the final entry. - The aim of this implementation is to provide a very lightweight and practical - tracing mechanism with a low performance impact. Functions and methods supporting - this call-stack mechanism would take a parameter of the form "CallStack const& callStack", - and would pass this parameter to subsequent functions they call using the construct: - - SubFunc(arg1, arg2, CallStack("my func at place such and such", &callStack)); - - The advantage of this approach is that it is easy to use and should be very efficient, - involving no allocation from the heap, just a linked list of stack objects containing - pointers to static ASCIIZ strings (or possibly additional but simple data if derived). */ -class CallStack -{ -public: - CallStack(char const* i, CallStack const* p) : m_info(i), m_prev(p) {} - CallStack const* Prev() const { return m_prev; } - virtual std::string Format() const; - -protected: - char const* m_info; - CallStack const* m_prev; -}; - -/*! An extended CallStack entry type with an additional numeric parameter. */ -class CallStackWithNr : public CallStack -{ -public: - CallStackWithNr(char const* i, word32 n, CallStack const* p) : CallStack(i, p), m_nr(n) {} - std::string Format() const; - -protected: - word32 m_nr; -}; - -/*! An extended CallStack entry type with an additional string parameter. */ -class CallStackWithStr : public CallStack -{ -public: - CallStackWithStr(char const* i, char const* z, CallStack const* p) : CallStack(i, p), m_z(z) {} - std::string Format() const; - -protected: - char const* m_z; -}; - -CRYPTOPP_BEGIN_TRACER_CLASS_1(WaitObjectsTracer, Tracer) - CRYPTOPP_BEGIN_TRACER_EVENTS(0x48752841) - CRYPTOPP_TRACER_EVENT(NoWaitLoop) - CRYPTOPP_END_TRACER_EVENTS - CRYPTOPP_TRACER_EVENT_METHODS(NoWaitLoop, 1) -CRYPTOPP_END_TRACER_CLASS - -struct WaitingThreadData; - -//! container of wait objects -class WaitObjectContainer : public NotCopyable -{ -public: - //! exception thrown by WaitObjectContainer - class Err : public Exception - { - public: - Err(const std::string& s) : Exception(IO_ERROR, s) {} - }; - - static unsigned int MaxWaitObjects(); - - WaitObjectContainer(WaitObjectsTracer* tracer = 0); - - void Clear(); - void SetNoWait(CallStack const& callStack); - void ScheduleEvent(double milliseconds, CallStack const& callStack); - // returns false if timed out - bool Wait(unsigned long milliseconds); - -#ifdef USE_WINDOWS_STYLE_SOCKETS - ~WaitObjectContainer(); - void AddHandle(HANDLE handle, CallStack const& callStack); -#else - void AddReadFd(int fd, CallStack const& callStack); - void AddWriteFd(int fd, CallStack const& callStack); -#endif - -private: - WaitObjectsTracer* m_tracer; - -#ifdef USE_WINDOWS_STYLE_SOCKETS - void CreateThreads(unsigned int count); - std::vector<HANDLE> m_handles; - std::vector<WaitingThreadData *> m_threads; - HANDLE m_startWaiting; - HANDLE m_stopWaiting; -#else - fd_set m_readfds, m_writefds; - int m_maxFd; -#endif - bool m_noWait; - double m_firstEventTime; - Timer m_eventTimer; - -#ifdef USE_WINDOWS_STYLE_SOCKETS - typedef size_t LastResultType; -#else - typedef int LastResultType; -#endif - enum { LASTRESULT_NOWAIT = -1, LASTRESULT_SCHEDULED = -2, LASTRESULT_TIMEOUT = -3 }; - LastResultType m_lastResult; - unsigned int m_sameResultCount; - Timer m_noWaitTimer; - void SetLastResult(LastResultType result); - void DetectNoWait(LastResultType result, CallStack const& callStack); -}; - -NAMESPACE_END - -#endif - -#endif diff --git a/cryptopp562/wake.cpp b/cryptopp562/wake.cpp deleted file mode 100644 index ff40b05..0000000 --- a/cryptopp562/wake.cpp +++ /dev/null @@ -1,109 +0,0 @@ -// wake.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "wake.h" - -NAMESPACE_BEGIN(CryptoPP) - -void WAKE_TestInstantiations() -{ - WAKE_OFB<>::Encryption x2; - WAKE_OFB<>::Decryption x4; -} - -inline word32 WAKE_Base::M(word32 x, word32 y) -{ - word32 w = x+y; - return (w>>8) ^ t[w & 0xff]; -} - -void WAKE_Base::GenKey(word32 k0, word32 k1, word32 k2, word32 k3) -{ - // this code is mostly copied from David Wheeler's paper "A Bulk Data Encryption Algorithm" - signed int x, z, p; - // x and z were declared as "long" in Wheeler's paper, which is a signed type. I don't know if that was intentional, but it's too late to change it now. -- Wei 7/4/2010 - CRYPTOPP_COMPILE_ASSERT(sizeof(x) == 4); - static long long int tt[10]= { - 0x726a8f3b, // table - 0xe69a3b5c, - 0xd3c71fe5, - 0xab3c73d2, - 0x4d3a8eb3, - 0x0396d6e8, - 0x3d4c2f7a, - 0x9ee27cf3, } ; - t[0] = k0; - t[1] = k1; - t[2] = k2; - t[3] = k3; - for (p=4 ; p<256 ; p++) - { - x=t[p-4]+t[p-1] ; // fill t - t[p]= (x>>3) ^ tt[x&7] ; - } - - for (p=0 ; p<23 ; p++) - t[p]+=t[p+89] ; // mix first entries - x=t[33] ; z=t[59] | 0x01000001 ; - z=z&0xff7fffff ; - for (p=0 ; p<256 ; p++) { //change top byte to - x=(x&0xff7fffff)+z ; // a permutation etc - t[p]=(t[p] & 0x00ffffff) ^ x ; } - - t[256]=t[0] ; - byte y=byte(x); - for (p=0 ; p<256 ; p++) { // further change perm. - t[p]=t[y=byte(t[p^y]^y)] ; // and other digits - t[y]=t[p+1] ; } -} - -template <class B> -void WAKE_Policy<B>::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) -{ - word32 k0, k1, k2, k3; - BlockGetAndPut<word32, BigEndian>::Get(key)(r3)(r4)(r5)(r6)(k0)(k1)(k2)(k3); - GenKey(k0, k1, k2, k3); -} - -// OFB -template <class B> -void WAKE_Policy<B>::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) -{ -#define WAKE_OUTPUT(x)\ - while (iterationCount--)\ - {\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 0, r6);\ - r3 = M(r3, r6);\ - r4 = M(r4, r3);\ - r5 = M(r5, r4);\ - r6 = M(r6, r5);\ - output += 4;\ - if (!(x & INPUT_NULL))\ - input += 4;\ - } - - typedef word32 WordType; - CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(WAKE_OUTPUT, 0); -} -/* -template <class B> -void WAKE_ROFB_Policy<B>::Iterate(KeystreamOperation operation, byte *output, const byte *input, unsigned int iterationCount) -{ - KeystreamOutput<B> keystreamOperation(operation, output, input); - - while (iterationCount--) - { - keystreamOperation(r6); - r3 = M(r3, r6); - r4 = M(r4, r3); - r5 = M(r5, r4); - r6 = M(r6, r5); - } -} -*/ -template class WAKE_Policy<BigEndian>; -template class WAKE_Policy<LittleEndian>; -//template class WAKE_ROFB_Policy<BigEndian>; -//template class WAKE_ROFB_Policy<LittleEndian>; - -NAMESPACE_END diff --git a/cryptopp562/wake.h b/cryptopp562/wake.h deleted file mode 100644 index 199957d..0000000 --- a/cryptopp562/wake.h +++ /dev/null @@ -1,63 +0,0 @@ -#ifndef CRYPTOPP_WAKE_H -#define CRYPTOPP_WAKE_H - -#include "seckey.h" -#include "secblock.h" -#include "strciphr.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class B = BigEndian> -struct WAKE_OFB_Info : public FixedKeyLength<32> -{ - static const char *StaticAlgorithmName() {return B::ToEnum() == LITTLE_ENDIAN_ORDER ? "WAKE-OFB-LE" : "WAKE-OFB-BE";} -}; - -class CRYPTOPP_NO_VTABLE WAKE_Base -{ -protected: - word32 M(word32 x, word32 y); - void GenKey(word32 k0, word32 k1, word32 k2, word32 k3); - - word32 t[257]; - word32 r3, r4, r5, r6; -}; - -template <class B = BigEndian> -class CRYPTOPP_NO_VTABLE WAKE_Policy : public AdditiveCipherConcretePolicy<word32, 1, 64>, protected WAKE_Base -{ -protected: - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - // OFB - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - bool CipherIsRandomAccess() const {return false;} -}; - -//! WAKE-OFB -template <class B = BigEndian> -struct WAKE_OFB : public WAKE_OFB_Info<B>, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal<ConcretePolicyHolder<WAKE_Policy<B>, AdditiveCipherTemplate<> >, WAKE_OFB_Info<B> > Encryption; - typedef Encryption Decryption; -}; - -/* -template <class B = BigEndian> -class WAKE_ROFB_Policy : public WAKE_Policy<B> -{ -protected: - void Iterate(KeystreamOperation operation, byte *output, const byte *input, unsigned int iterationCount); -}; - -template <class B = BigEndian> -struct WAKE_ROFB : public WAKE_Info<B> -{ - typedef SymmetricCipherTemplate<ConcretePolicyHolder<AdditiveCipherTemplate<>, WAKE_ROFB_Policy<B> > > Encryption; - typedef Encryption Decryption; -}; -*/ - -NAMESPACE_END - -#endif diff --git a/cryptopp562/whrlpool.cpp b/cryptopp562/whrlpool.cpp deleted file mode 100644 index 9da12e3..0000000 --- a/cryptopp562/whrlpool.cpp +++ /dev/null @@ -1,701 +0,0 @@ -// whrlpool.cpp - originally modified by Kevin Springle from -// Paulo Barreto and Vincent Rijmen's public domain code, whirlpool.c. -// Updated to Whirlpool version 3.0, optimized and SSE version added by Wei Dai -// All modifications are placed in the public domain - -// This is the original introductory comment: - -/** - * The Whirlpool hashing function. - * - * <P> - * <b>References</b> - * - * <P> - * The Whirlpool algorithm was developed by - * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and - * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>. - * - * See - * P.S.L.M. Barreto, V. Rijmen, - * ``The Whirlpool hashing function,'' - * NESSIE submission, 2000 (tweaked version, 2001), - * <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip> - * - * @author Paulo S.L.M. Barreto - * @author Vincent Rijmen. - * - * @version 3.0 (2003.03.12) - * - * ============================================================================= - * - * Differences from version 2.1: - * - * - Suboptimal diffusion matrix replaced by cir(1, 1, 4, 1, 8, 5, 2, 9). - * - * ============================================================================= - * - * Differences from version 2.0: - * - * - Generation of ISO/IEC 10118-3 test vectors. - * - Bug fix: nonzero carry was ignored when tallying the data length - * (this bug apparently only manifested itself when feeding data - * in pieces rather than in a single chunk at once). - * - Support for MS Visual C++ 64-bit integer arithmetic. - * - * Differences from version 1.0: - * - * - Original S-box replaced by the tweaked, hardware-efficient version. - * - * ============================================================================= - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "pch.h" -#include "whrlpool.h" -#include "misc.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Whirlpool_TestInstantiations() -{ - Whirlpool x; -} - -void Whirlpool::InitState(HashWordType *state) -{ - memset(state, 0, 8*sizeof(state[0])); -} - -void Whirlpool::TruncatedFinal(byte *hash, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - PadLastBlock(32); - CorrectEndianess(m_data, m_data, 32); - - m_data[m_data.size()-4] = 0; - m_data[m_data.size()-3] = 0; - m_data[m_data.size()-2] = GetBitCountHi(); - m_data[m_data.size()-1] = GetBitCountLo(); - - Transform(m_state, m_data); - CorrectEndianess(m_state, m_state, DigestSize()); - memcpy(hash, m_state, size); - - Restart(); // reinit for next use -} - -/* - * The number of rounds of the internal dedicated block cipher. - */ -#define R 10 - -/* - * Though Whirlpool is endianness-neutral, the encryption tables are listed - * in BIG-ENDIAN format, which is adopted throughout this implementation - * (but little-endian notation would be equally suitable if consistently - * employed). - */ - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -CRYPTOPP_ALIGN_DATA(16) static const word64 Whirlpool_C[4*256+R] CRYPTOPP_SECTION_ALIGN16 = { -#else -static const word64 Whirlpool_C[4*256+R] = { -#endif - W64LIT(0x18186018c07830d8), W64LIT(0x23238c2305af4626), W64LIT(0xc6c63fc67ef991b8), W64LIT(0xe8e887e8136fcdfb), - W64LIT(0x878726874ca113cb), W64LIT(0xb8b8dab8a9626d11), W64LIT(0x0101040108050209), W64LIT(0x4f4f214f426e9e0d), - W64LIT(0x3636d836adee6c9b), W64LIT(0xa6a6a2a6590451ff), W64LIT(0xd2d26fd2debdb90c), W64LIT(0xf5f5f3f5fb06f70e), - W64LIT(0x7979f979ef80f296), W64LIT(0x6f6fa16f5fcede30), W64LIT(0x91917e91fcef3f6d), W64LIT(0x52525552aa07a4f8), - W64LIT(0x60609d6027fdc047), W64LIT(0xbcbccabc89766535), W64LIT(0x9b9b569baccd2b37), W64LIT(0x8e8e028e048c018a), - W64LIT(0xa3a3b6a371155bd2), W64LIT(0x0c0c300c603c186c), W64LIT(0x7b7bf17bff8af684), W64LIT(0x3535d435b5e16a80), - W64LIT(0x1d1d741de8693af5), W64LIT(0xe0e0a7e05347ddb3), W64LIT(0xd7d77bd7f6acb321), W64LIT(0xc2c22fc25eed999c), - W64LIT(0x2e2eb82e6d965c43), W64LIT(0x4b4b314b627a9629), W64LIT(0xfefedffea321e15d), W64LIT(0x575741578216aed5), - W64LIT(0x15155415a8412abd), W64LIT(0x7777c1779fb6eee8), W64LIT(0x3737dc37a5eb6e92), W64LIT(0xe5e5b3e57b56d79e), - W64LIT(0x9f9f469f8cd92313), W64LIT(0xf0f0e7f0d317fd23), W64LIT(0x4a4a354a6a7f9420), W64LIT(0xdada4fda9e95a944), - W64LIT(0x58587d58fa25b0a2), W64LIT(0xc9c903c906ca8fcf), W64LIT(0x2929a429558d527c), W64LIT(0x0a0a280a5022145a), - W64LIT(0xb1b1feb1e14f7f50), W64LIT(0xa0a0baa0691a5dc9), W64LIT(0x6b6bb16b7fdad614), W64LIT(0x85852e855cab17d9), - W64LIT(0xbdbdcebd8173673c), W64LIT(0x5d5d695dd234ba8f), W64LIT(0x1010401080502090), W64LIT(0xf4f4f7f4f303f507), - W64LIT(0xcbcb0bcb16c08bdd), W64LIT(0x3e3ef83eedc67cd3), W64LIT(0x0505140528110a2d), W64LIT(0x676781671fe6ce78), - W64LIT(0xe4e4b7e47353d597), W64LIT(0x27279c2725bb4e02), W64LIT(0x4141194132588273), W64LIT(0x8b8b168b2c9d0ba7), - W64LIT(0xa7a7a6a7510153f6), W64LIT(0x7d7de97dcf94fab2), W64LIT(0x95956e95dcfb3749), W64LIT(0xd8d847d88e9fad56), - W64LIT(0xfbfbcbfb8b30eb70), W64LIT(0xeeee9fee2371c1cd), W64LIT(0x7c7ced7cc791f8bb), W64LIT(0x6666856617e3cc71), - W64LIT(0xdddd53dda68ea77b), W64LIT(0x17175c17b84b2eaf), W64LIT(0x4747014702468e45), W64LIT(0x9e9e429e84dc211a), - W64LIT(0xcaca0fca1ec589d4), W64LIT(0x2d2db42d75995a58), W64LIT(0xbfbfc6bf9179632e), W64LIT(0x07071c07381b0e3f), - W64LIT(0xadad8ead012347ac), W64LIT(0x5a5a755aea2fb4b0), W64LIT(0x838336836cb51bef), W64LIT(0x3333cc3385ff66b6), - W64LIT(0x636391633ff2c65c), W64LIT(0x02020802100a0412), W64LIT(0xaaaa92aa39384993), W64LIT(0x7171d971afa8e2de), - W64LIT(0xc8c807c80ecf8dc6), W64LIT(0x19196419c87d32d1), W64LIT(0x494939497270923b), W64LIT(0xd9d943d9869aaf5f), - W64LIT(0xf2f2eff2c31df931), W64LIT(0xe3e3abe34b48dba8), W64LIT(0x5b5b715be22ab6b9), W64LIT(0x88881a8834920dbc), - W64LIT(0x9a9a529aa4c8293e), W64LIT(0x262698262dbe4c0b), W64LIT(0x3232c8328dfa64bf), W64LIT(0xb0b0fab0e94a7d59), - W64LIT(0xe9e983e91b6acff2), W64LIT(0x0f0f3c0f78331e77), W64LIT(0xd5d573d5e6a6b733), W64LIT(0x80803a8074ba1df4), - W64LIT(0xbebec2be997c6127), W64LIT(0xcdcd13cd26de87eb), W64LIT(0x3434d034bde46889), W64LIT(0x48483d487a759032), - W64LIT(0xffffdbffab24e354), W64LIT(0x7a7af57af78ff48d), W64LIT(0x90907a90f4ea3d64), W64LIT(0x5f5f615fc23ebe9d), - W64LIT(0x202080201da0403d), W64LIT(0x6868bd6867d5d00f), W64LIT(0x1a1a681ad07234ca), W64LIT(0xaeae82ae192c41b7), - W64LIT(0xb4b4eab4c95e757d), W64LIT(0x54544d549a19a8ce), W64LIT(0x93937693ece53b7f), W64LIT(0x222288220daa442f), - W64LIT(0x64648d6407e9c863), W64LIT(0xf1f1e3f1db12ff2a), W64LIT(0x7373d173bfa2e6cc), W64LIT(0x12124812905a2482), - W64LIT(0x40401d403a5d807a), W64LIT(0x0808200840281048), W64LIT(0xc3c32bc356e89b95), W64LIT(0xecec97ec337bc5df), - W64LIT(0xdbdb4bdb9690ab4d), W64LIT(0xa1a1bea1611f5fc0), W64LIT(0x8d8d0e8d1c830791), W64LIT(0x3d3df43df5c97ac8), - W64LIT(0x97976697ccf1335b), W64LIT(0x0000000000000000), W64LIT(0xcfcf1bcf36d483f9), W64LIT(0x2b2bac2b4587566e), - W64LIT(0x7676c57697b3ece1), W64LIT(0x8282328264b019e6), W64LIT(0xd6d67fd6fea9b128), W64LIT(0x1b1b6c1bd87736c3), - W64LIT(0xb5b5eeb5c15b7774), W64LIT(0xafaf86af112943be), W64LIT(0x6a6ab56a77dfd41d), W64LIT(0x50505d50ba0da0ea), - W64LIT(0x45450945124c8a57), W64LIT(0xf3f3ebf3cb18fb38), W64LIT(0x3030c0309df060ad), W64LIT(0xefef9bef2b74c3c4), - W64LIT(0x3f3ffc3fe5c37eda), W64LIT(0x55554955921caac7), W64LIT(0xa2a2b2a2791059db), W64LIT(0xeaea8fea0365c9e9), - W64LIT(0x656589650fecca6a), W64LIT(0xbabad2bab9686903), W64LIT(0x2f2fbc2f65935e4a), W64LIT(0xc0c027c04ee79d8e), - W64LIT(0xdede5fdebe81a160), W64LIT(0x1c1c701ce06c38fc), W64LIT(0xfdfdd3fdbb2ee746), W64LIT(0x4d4d294d52649a1f), - W64LIT(0x92927292e4e03976), W64LIT(0x7575c9758fbceafa), W64LIT(0x06061806301e0c36), W64LIT(0x8a8a128a249809ae), - W64LIT(0xb2b2f2b2f940794b), W64LIT(0xe6e6bfe66359d185), W64LIT(0x0e0e380e70361c7e), W64LIT(0x1f1f7c1ff8633ee7), - W64LIT(0x6262956237f7c455), W64LIT(0xd4d477d4eea3b53a), W64LIT(0xa8a89aa829324d81), W64LIT(0x96966296c4f43152), - W64LIT(0xf9f9c3f99b3aef62), W64LIT(0xc5c533c566f697a3), W64LIT(0x2525942535b14a10), W64LIT(0x59597959f220b2ab), - W64LIT(0x84842a8454ae15d0), W64LIT(0x7272d572b7a7e4c5), W64LIT(0x3939e439d5dd72ec), W64LIT(0x4c4c2d4c5a619816), - W64LIT(0x5e5e655eca3bbc94), W64LIT(0x7878fd78e785f09f), W64LIT(0x3838e038ddd870e5), W64LIT(0x8c8c0a8c14860598), - W64LIT(0xd1d163d1c6b2bf17), W64LIT(0xa5a5aea5410b57e4), W64LIT(0xe2e2afe2434dd9a1), W64LIT(0x616199612ff8c24e), - W64LIT(0xb3b3f6b3f1457b42), W64LIT(0x2121842115a54234), W64LIT(0x9c9c4a9c94d62508), W64LIT(0x1e1e781ef0663cee), - W64LIT(0x4343114322528661), W64LIT(0xc7c73bc776fc93b1), W64LIT(0xfcfcd7fcb32be54f), W64LIT(0x0404100420140824), - W64LIT(0x51515951b208a2e3), W64LIT(0x99995e99bcc72f25), W64LIT(0x6d6da96d4fc4da22), W64LIT(0x0d0d340d68391a65), - W64LIT(0xfafacffa8335e979), W64LIT(0xdfdf5bdfb684a369), W64LIT(0x7e7ee57ed79bfca9), W64LIT(0x242490243db44819), - W64LIT(0x3b3bec3bc5d776fe), W64LIT(0xabab96ab313d4b9a), W64LIT(0xcece1fce3ed181f0), W64LIT(0x1111441188552299), - W64LIT(0x8f8f068f0c890383), W64LIT(0x4e4e254e4a6b9c04), W64LIT(0xb7b7e6b7d1517366), W64LIT(0xebeb8beb0b60cbe0), - W64LIT(0x3c3cf03cfdcc78c1), W64LIT(0x81813e817cbf1ffd), W64LIT(0x94946a94d4fe3540), W64LIT(0xf7f7fbf7eb0cf31c), - W64LIT(0xb9b9deb9a1676f18), W64LIT(0x13134c13985f268b), W64LIT(0x2c2cb02c7d9c5851), W64LIT(0xd3d36bd3d6b8bb05), - W64LIT(0xe7e7bbe76b5cd38c), W64LIT(0x6e6ea56e57cbdc39), W64LIT(0xc4c437c46ef395aa), W64LIT(0x03030c03180f061b), - W64LIT(0x565645568a13acdc), W64LIT(0x44440d441a49885e), W64LIT(0x7f7fe17fdf9efea0), W64LIT(0xa9a99ea921374f88), - W64LIT(0x2a2aa82a4d825467), W64LIT(0xbbbbd6bbb16d6b0a), W64LIT(0xc1c123c146e29f87), W64LIT(0x53535153a202a6f1), - W64LIT(0xdcdc57dcae8ba572), W64LIT(0x0b0b2c0b58271653), W64LIT(0x9d9d4e9d9cd32701), W64LIT(0x6c6cad6c47c1d82b), - W64LIT(0x3131c43195f562a4), W64LIT(0x7474cd7487b9e8f3), W64LIT(0xf6f6fff6e309f115), W64LIT(0x464605460a438c4c), - W64LIT(0xacac8aac092645a5), W64LIT(0x89891e893c970fb5), W64LIT(0x14145014a04428b4), W64LIT(0xe1e1a3e15b42dfba), - W64LIT(0x16165816b04e2ca6), W64LIT(0x3a3ae83acdd274f7), W64LIT(0x6969b9696fd0d206), W64LIT(0x09092409482d1241), - W64LIT(0x7070dd70a7ade0d7), W64LIT(0xb6b6e2b6d954716f), W64LIT(0xd0d067d0ceb7bd1e), W64LIT(0xeded93ed3b7ec7d6), - W64LIT(0xcccc17cc2edb85e2), W64LIT(0x424215422a578468), W64LIT(0x98985a98b4c22d2c), W64LIT(0xa4a4aaa4490e55ed), - W64LIT(0x2828a0285d885075), W64LIT(0x5c5c6d5cda31b886), W64LIT(0xf8f8c7f8933fed6b), W64LIT(0x8686228644a411c2), - - W64LIT(0xd818186018c07830), W64LIT(0x2623238c2305af46), W64LIT(0xb8c6c63fc67ef991), W64LIT(0xfbe8e887e8136fcd), - W64LIT(0xcb878726874ca113), W64LIT(0x11b8b8dab8a9626d), W64LIT(0x0901010401080502), W64LIT(0x0d4f4f214f426e9e), - W64LIT(0x9b3636d836adee6c), W64LIT(0xffa6a6a2a6590451), W64LIT(0x0cd2d26fd2debdb9), W64LIT(0x0ef5f5f3f5fb06f7), - W64LIT(0x967979f979ef80f2), W64LIT(0x306f6fa16f5fcede), W64LIT(0x6d91917e91fcef3f), W64LIT(0xf852525552aa07a4), - W64LIT(0x4760609d6027fdc0), W64LIT(0x35bcbccabc897665), W64LIT(0x379b9b569baccd2b), W64LIT(0x8a8e8e028e048c01), - W64LIT(0xd2a3a3b6a371155b), W64LIT(0x6c0c0c300c603c18), W64LIT(0x847b7bf17bff8af6), W64LIT(0x803535d435b5e16a), - W64LIT(0xf51d1d741de8693a), W64LIT(0xb3e0e0a7e05347dd), W64LIT(0x21d7d77bd7f6acb3), W64LIT(0x9cc2c22fc25eed99), - W64LIT(0x432e2eb82e6d965c), W64LIT(0x294b4b314b627a96), W64LIT(0x5dfefedffea321e1), W64LIT(0xd5575741578216ae), - W64LIT(0xbd15155415a8412a), W64LIT(0xe87777c1779fb6ee), W64LIT(0x923737dc37a5eb6e), W64LIT(0x9ee5e5b3e57b56d7), - W64LIT(0x139f9f469f8cd923), W64LIT(0x23f0f0e7f0d317fd), W64LIT(0x204a4a354a6a7f94), W64LIT(0x44dada4fda9e95a9), - W64LIT(0xa258587d58fa25b0), W64LIT(0xcfc9c903c906ca8f), W64LIT(0x7c2929a429558d52), W64LIT(0x5a0a0a280a502214), - W64LIT(0x50b1b1feb1e14f7f), W64LIT(0xc9a0a0baa0691a5d), W64LIT(0x146b6bb16b7fdad6), W64LIT(0xd985852e855cab17), - W64LIT(0x3cbdbdcebd817367), W64LIT(0x8f5d5d695dd234ba), W64LIT(0x9010104010805020), W64LIT(0x07f4f4f7f4f303f5), - W64LIT(0xddcbcb0bcb16c08b), W64LIT(0xd33e3ef83eedc67c), W64LIT(0x2d0505140528110a), W64LIT(0x78676781671fe6ce), - W64LIT(0x97e4e4b7e47353d5), W64LIT(0x0227279c2725bb4e), W64LIT(0x7341411941325882), W64LIT(0xa78b8b168b2c9d0b), - W64LIT(0xf6a7a7a6a7510153), W64LIT(0xb27d7de97dcf94fa), W64LIT(0x4995956e95dcfb37), W64LIT(0x56d8d847d88e9fad), - W64LIT(0x70fbfbcbfb8b30eb), W64LIT(0xcdeeee9fee2371c1), W64LIT(0xbb7c7ced7cc791f8), W64LIT(0x716666856617e3cc), - W64LIT(0x7bdddd53dda68ea7), W64LIT(0xaf17175c17b84b2e), W64LIT(0x454747014702468e), W64LIT(0x1a9e9e429e84dc21), - W64LIT(0xd4caca0fca1ec589), W64LIT(0x582d2db42d75995a), W64LIT(0x2ebfbfc6bf917963), W64LIT(0x3f07071c07381b0e), - W64LIT(0xacadad8ead012347), W64LIT(0xb05a5a755aea2fb4), W64LIT(0xef838336836cb51b), W64LIT(0xb63333cc3385ff66), - W64LIT(0x5c636391633ff2c6), W64LIT(0x1202020802100a04), W64LIT(0x93aaaa92aa393849), W64LIT(0xde7171d971afa8e2), - W64LIT(0xc6c8c807c80ecf8d), W64LIT(0xd119196419c87d32), W64LIT(0x3b49493949727092), W64LIT(0x5fd9d943d9869aaf), - W64LIT(0x31f2f2eff2c31df9), W64LIT(0xa8e3e3abe34b48db), W64LIT(0xb95b5b715be22ab6), W64LIT(0xbc88881a8834920d), - W64LIT(0x3e9a9a529aa4c829), W64LIT(0x0b262698262dbe4c), W64LIT(0xbf3232c8328dfa64), W64LIT(0x59b0b0fab0e94a7d), - W64LIT(0xf2e9e983e91b6acf), W64LIT(0x770f0f3c0f78331e), W64LIT(0x33d5d573d5e6a6b7), W64LIT(0xf480803a8074ba1d), - W64LIT(0x27bebec2be997c61), W64LIT(0xebcdcd13cd26de87), W64LIT(0x893434d034bde468), W64LIT(0x3248483d487a7590), - W64LIT(0x54ffffdbffab24e3), W64LIT(0x8d7a7af57af78ff4), W64LIT(0x6490907a90f4ea3d), W64LIT(0x9d5f5f615fc23ebe), - W64LIT(0x3d202080201da040), W64LIT(0x0f6868bd6867d5d0), W64LIT(0xca1a1a681ad07234), W64LIT(0xb7aeae82ae192c41), - W64LIT(0x7db4b4eab4c95e75), W64LIT(0xce54544d549a19a8), W64LIT(0x7f93937693ece53b), W64LIT(0x2f222288220daa44), - W64LIT(0x6364648d6407e9c8), W64LIT(0x2af1f1e3f1db12ff), W64LIT(0xcc7373d173bfa2e6), W64LIT(0x8212124812905a24), - W64LIT(0x7a40401d403a5d80), W64LIT(0x4808082008402810), W64LIT(0x95c3c32bc356e89b), W64LIT(0xdfecec97ec337bc5), - W64LIT(0x4ddbdb4bdb9690ab), W64LIT(0xc0a1a1bea1611f5f), W64LIT(0x918d8d0e8d1c8307), W64LIT(0xc83d3df43df5c97a), - W64LIT(0x5b97976697ccf133), W64LIT(0x0000000000000000), W64LIT(0xf9cfcf1bcf36d483), W64LIT(0x6e2b2bac2b458756), - W64LIT(0xe17676c57697b3ec), W64LIT(0xe68282328264b019), W64LIT(0x28d6d67fd6fea9b1), W64LIT(0xc31b1b6c1bd87736), - W64LIT(0x74b5b5eeb5c15b77), W64LIT(0xbeafaf86af112943), W64LIT(0x1d6a6ab56a77dfd4), W64LIT(0xea50505d50ba0da0), - W64LIT(0x5745450945124c8a), W64LIT(0x38f3f3ebf3cb18fb), W64LIT(0xad3030c0309df060), W64LIT(0xc4efef9bef2b74c3), - W64LIT(0xda3f3ffc3fe5c37e), W64LIT(0xc755554955921caa), W64LIT(0xdba2a2b2a2791059), W64LIT(0xe9eaea8fea0365c9), - W64LIT(0x6a656589650fecca), W64LIT(0x03babad2bab96869), W64LIT(0x4a2f2fbc2f65935e), W64LIT(0x8ec0c027c04ee79d), - W64LIT(0x60dede5fdebe81a1), W64LIT(0xfc1c1c701ce06c38), W64LIT(0x46fdfdd3fdbb2ee7), W64LIT(0x1f4d4d294d52649a), - W64LIT(0x7692927292e4e039), W64LIT(0xfa7575c9758fbcea), W64LIT(0x3606061806301e0c), W64LIT(0xae8a8a128a249809), - W64LIT(0x4bb2b2f2b2f94079), W64LIT(0x85e6e6bfe66359d1), W64LIT(0x7e0e0e380e70361c), W64LIT(0xe71f1f7c1ff8633e), - W64LIT(0x556262956237f7c4), W64LIT(0x3ad4d477d4eea3b5), W64LIT(0x81a8a89aa829324d), W64LIT(0x5296966296c4f431), - W64LIT(0x62f9f9c3f99b3aef), W64LIT(0xa3c5c533c566f697), W64LIT(0x102525942535b14a), W64LIT(0xab59597959f220b2), - W64LIT(0xd084842a8454ae15), W64LIT(0xc57272d572b7a7e4), W64LIT(0xec3939e439d5dd72), W64LIT(0x164c4c2d4c5a6198), - W64LIT(0x945e5e655eca3bbc), W64LIT(0x9f7878fd78e785f0), W64LIT(0xe53838e038ddd870), W64LIT(0x988c8c0a8c148605), - W64LIT(0x17d1d163d1c6b2bf), W64LIT(0xe4a5a5aea5410b57), W64LIT(0xa1e2e2afe2434dd9), W64LIT(0x4e616199612ff8c2), - W64LIT(0x42b3b3f6b3f1457b), W64LIT(0x342121842115a542), W64LIT(0x089c9c4a9c94d625), W64LIT(0xee1e1e781ef0663c), - W64LIT(0x6143431143225286), W64LIT(0xb1c7c73bc776fc93), W64LIT(0x4ffcfcd7fcb32be5), W64LIT(0x2404041004201408), - W64LIT(0xe351515951b208a2), W64LIT(0x2599995e99bcc72f), W64LIT(0x226d6da96d4fc4da), W64LIT(0x650d0d340d68391a), - W64LIT(0x79fafacffa8335e9), W64LIT(0x69dfdf5bdfb684a3), W64LIT(0xa97e7ee57ed79bfc), W64LIT(0x19242490243db448), - W64LIT(0xfe3b3bec3bc5d776), W64LIT(0x9aabab96ab313d4b), W64LIT(0xf0cece1fce3ed181), W64LIT(0x9911114411885522), - W64LIT(0x838f8f068f0c8903), W64LIT(0x044e4e254e4a6b9c), W64LIT(0x66b7b7e6b7d15173), W64LIT(0xe0ebeb8beb0b60cb), - W64LIT(0xc13c3cf03cfdcc78), W64LIT(0xfd81813e817cbf1f), W64LIT(0x4094946a94d4fe35), W64LIT(0x1cf7f7fbf7eb0cf3), - W64LIT(0x18b9b9deb9a1676f), W64LIT(0x8b13134c13985f26), W64LIT(0x512c2cb02c7d9c58), W64LIT(0x05d3d36bd3d6b8bb), - W64LIT(0x8ce7e7bbe76b5cd3), W64LIT(0x396e6ea56e57cbdc), W64LIT(0xaac4c437c46ef395), W64LIT(0x1b03030c03180f06), - W64LIT(0xdc565645568a13ac), W64LIT(0x5e44440d441a4988), W64LIT(0xa07f7fe17fdf9efe), W64LIT(0x88a9a99ea921374f), - W64LIT(0x672a2aa82a4d8254), W64LIT(0x0abbbbd6bbb16d6b), W64LIT(0x87c1c123c146e29f), W64LIT(0xf153535153a202a6), - W64LIT(0x72dcdc57dcae8ba5), W64LIT(0x530b0b2c0b582716), W64LIT(0x019d9d4e9d9cd327), W64LIT(0x2b6c6cad6c47c1d8), - W64LIT(0xa43131c43195f562), W64LIT(0xf37474cd7487b9e8), W64LIT(0x15f6f6fff6e309f1), W64LIT(0x4c464605460a438c), - W64LIT(0xa5acac8aac092645), W64LIT(0xb589891e893c970f), W64LIT(0xb414145014a04428), W64LIT(0xbae1e1a3e15b42df), - W64LIT(0xa616165816b04e2c), W64LIT(0xf73a3ae83acdd274), W64LIT(0x066969b9696fd0d2), W64LIT(0x4109092409482d12), - W64LIT(0xd77070dd70a7ade0), W64LIT(0x6fb6b6e2b6d95471), W64LIT(0x1ed0d067d0ceb7bd), W64LIT(0xd6eded93ed3b7ec7), - W64LIT(0xe2cccc17cc2edb85), W64LIT(0x68424215422a5784), W64LIT(0x2c98985a98b4c22d), W64LIT(0xeda4a4aaa4490e55), - W64LIT(0x752828a0285d8850), W64LIT(0x865c5c6d5cda31b8), W64LIT(0x6bf8f8c7f8933fed), W64LIT(0xc28686228644a411), - - W64LIT(0x30d818186018c078), W64LIT(0x462623238c2305af), W64LIT(0x91b8c6c63fc67ef9), W64LIT(0xcdfbe8e887e8136f), - W64LIT(0x13cb878726874ca1), W64LIT(0x6d11b8b8dab8a962), W64LIT(0x0209010104010805), W64LIT(0x9e0d4f4f214f426e), - W64LIT(0x6c9b3636d836adee), W64LIT(0x51ffa6a6a2a65904), W64LIT(0xb90cd2d26fd2debd), W64LIT(0xf70ef5f5f3f5fb06), - W64LIT(0xf2967979f979ef80), W64LIT(0xde306f6fa16f5fce), W64LIT(0x3f6d91917e91fcef), W64LIT(0xa4f852525552aa07), - W64LIT(0xc04760609d6027fd), W64LIT(0x6535bcbccabc8976), W64LIT(0x2b379b9b569baccd), W64LIT(0x018a8e8e028e048c), - W64LIT(0x5bd2a3a3b6a37115), W64LIT(0x186c0c0c300c603c), W64LIT(0xf6847b7bf17bff8a), W64LIT(0x6a803535d435b5e1), - W64LIT(0x3af51d1d741de869), W64LIT(0xddb3e0e0a7e05347), W64LIT(0xb321d7d77bd7f6ac), W64LIT(0x999cc2c22fc25eed), - W64LIT(0x5c432e2eb82e6d96), W64LIT(0x96294b4b314b627a), W64LIT(0xe15dfefedffea321), W64LIT(0xaed5575741578216), - W64LIT(0x2abd15155415a841), W64LIT(0xeee87777c1779fb6), W64LIT(0x6e923737dc37a5eb), W64LIT(0xd79ee5e5b3e57b56), - W64LIT(0x23139f9f469f8cd9), W64LIT(0xfd23f0f0e7f0d317), W64LIT(0x94204a4a354a6a7f), W64LIT(0xa944dada4fda9e95), - W64LIT(0xb0a258587d58fa25), W64LIT(0x8fcfc9c903c906ca), W64LIT(0x527c2929a429558d), W64LIT(0x145a0a0a280a5022), - W64LIT(0x7f50b1b1feb1e14f), W64LIT(0x5dc9a0a0baa0691a), W64LIT(0xd6146b6bb16b7fda), W64LIT(0x17d985852e855cab), - W64LIT(0x673cbdbdcebd8173), W64LIT(0xba8f5d5d695dd234), W64LIT(0x2090101040108050), W64LIT(0xf507f4f4f7f4f303), - W64LIT(0x8bddcbcb0bcb16c0), W64LIT(0x7cd33e3ef83eedc6), W64LIT(0x0a2d050514052811), W64LIT(0xce78676781671fe6), - W64LIT(0xd597e4e4b7e47353), W64LIT(0x4e0227279c2725bb), W64LIT(0x8273414119413258), W64LIT(0x0ba78b8b168b2c9d), - W64LIT(0x53f6a7a7a6a75101), W64LIT(0xfab27d7de97dcf94), W64LIT(0x374995956e95dcfb), W64LIT(0xad56d8d847d88e9f), - W64LIT(0xeb70fbfbcbfb8b30), W64LIT(0xc1cdeeee9fee2371), W64LIT(0xf8bb7c7ced7cc791), W64LIT(0xcc716666856617e3), - W64LIT(0xa77bdddd53dda68e), W64LIT(0x2eaf17175c17b84b), W64LIT(0x8e45474701470246), W64LIT(0x211a9e9e429e84dc), - W64LIT(0x89d4caca0fca1ec5), W64LIT(0x5a582d2db42d7599), W64LIT(0x632ebfbfc6bf9179), W64LIT(0x0e3f07071c07381b), - W64LIT(0x47acadad8ead0123), W64LIT(0xb4b05a5a755aea2f), W64LIT(0x1bef838336836cb5), W64LIT(0x66b63333cc3385ff), - W64LIT(0xc65c636391633ff2), W64LIT(0x041202020802100a), W64LIT(0x4993aaaa92aa3938), W64LIT(0xe2de7171d971afa8), - W64LIT(0x8dc6c8c807c80ecf), W64LIT(0x32d119196419c87d), W64LIT(0x923b494939497270), W64LIT(0xaf5fd9d943d9869a), - W64LIT(0xf931f2f2eff2c31d), W64LIT(0xdba8e3e3abe34b48), W64LIT(0xb6b95b5b715be22a), W64LIT(0x0dbc88881a883492), - W64LIT(0x293e9a9a529aa4c8), W64LIT(0x4c0b262698262dbe), W64LIT(0x64bf3232c8328dfa), W64LIT(0x7d59b0b0fab0e94a), - W64LIT(0xcff2e9e983e91b6a), W64LIT(0x1e770f0f3c0f7833), W64LIT(0xb733d5d573d5e6a6), W64LIT(0x1df480803a8074ba), - W64LIT(0x6127bebec2be997c), W64LIT(0x87ebcdcd13cd26de), W64LIT(0x68893434d034bde4), W64LIT(0x903248483d487a75), - W64LIT(0xe354ffffdbffab24), W64LIT(0xf48d7a7af57af78f), W64LIT(0x3d6490907a90f4ea), W64LIT(0xbe9d5f5f615fc23e), - W64LIT(0x403d202080201da0), W64LIT(0xd00f6868bd6867d5), W64LIT(0x34ca1a1a681ad072), W64LIT(0x41b7aeae82ae192c), - W64LIT(0x757db4b4eab4c95e), W64LIT(0xa8ce54544d549a19), W64LIT(0x3b7f93937693ece5), W64LIT(0x442f222288220daa), - W64LIT(0xc86364648d6407e9), W64LIT(0xff2af1f1e3f1db12), W64LIT(0xe6cc7373d173bfa2), W64LIT(0x248212124812905a), - W64LIT(0x807a40401d403a5d), W64LIT(0x1048080820084028), W64LIT(0x9b95c3c32bc356e8), W64LIT(0xc5dfecec97ec337b), - W64LIT(0xab4ddbdb4bdb9690), W64LIT(0x5fc0a1a1bea1611f), W64LIT(0x07918d8d0e8d1c83), W64LIT(0x7ac83d3df43df5c9), - W64LIT(0x335b97976697ccf1), W64LIT(0x0000000000000000), W64LIT(0x83f9cfcf1bcf36d4), W64LIT(0x566e2b2bac2b4587), - W64LIT(0xece17676c57697b3), W64LIT(0x19e68282328264b0), W64LIT(0xb128d6d67fd6fea9), W64LIT(0x36c31b1b6c1bd877), - W64LIT(0x7774b5b5eeb5c15b), W64LIT(0x43beafaf86af1129), W64LIT(0xd41d6a6ab56a77df), W64LIT(0xa0ea50505d50ba0d), - W64LIT(0x8a5745450945124c), W64LIT(0xfb38f3f3ebf3cb18), W64LIT(0x60ad3030c0309df0), W64LIT(0xc3c4efef9bef2b74), - W64LIT(0x7eda3f3ffc3fe5c3), W64LIT(0xaac755554955921c), W64LIT(0x59dba2a2b2a27910), W64LIT(0xc9e9eaea8fea0365), - W64LIT(0xca6a656589650fec), W64LIT(0x6903babad2bab968), W64LIT(0x5e4a2f2fbc2f6593), W64LIT(0x9d8ec0c027c04ee7), - W64LIT(0xa160dede5fdebe81), W64LIT(0x38fc1c1c701ce06c), W64LIT(0xe746fdfdd3fdbb2e), W64LIT(0x9a1f4d4d294d5264), - W64LIT(0x397692927292e4e0), W64LIT(0xeafa7575c9758fbc), W64LIT(0x0c3606061806301e), W64LIT(0x09ae8a8a128a2498), - W64LIT(0x794bb2b2f2b2f940), W64LIT(0xd185e6e6bfe66359), W64LIT(0x1c7e0e0e380e7036), W64LIT(0x3ee71f1f7c1ff863), - W64LIT(0xc4556262956237f7), W64LIT(0xb53ad4d477d4eea3), W64LIT(0x4d81a8a89aa82932), W64LIT(0x315296966296c4f4), - W64LIT(0xef62f9f9c3f99b3a), W64LIT(0x97a3c5c533c566f6), W64LIT(0x4a102525942535b1), W64LIT(0xb2ab59597959f220), - W64LIT(0x15d084842a8454ae), W64LIT(0xe4c57272d572b7a7), W64LIT(0x72ec3939e439d5dd), W64LIT(0x98164c4c2d4c5a61), - W64LIT(0xbc945e5e655eca3b), W64LIT(0xf09f7878fd78e785), W64LIT(0x70e53838e038ddd8), W64LIT(0x05988c8c0a8c1486), - W64LIT(0xbf17d1d163d1c6b2), W64LIT(0x57e4a5a5aea5410b), W64LIT(0xd9a1e2e2afe2434d), W64LIT(0xc24e616199612ff8), - W64LIT(0x7b42b3b3f6b3f145), W64LIT(0x42342121842115a5), W64LIT(0x25089c9c4a9c94d6), W64LIT(0x3cee1e1e781ef066), - W64LIT(0x8661434311432252), W64LIT(0x93b1c7c73bc776fc), W64LIT(0xe54ffcfcd7fcb32b), W64LIT(0x0824040410042014), - W64LIT(0xa2e351515951b208), W64LIT(0x2f2599995e99bcc7), W64LIT(0xda226d6da96d4fc4), W64LIT(0x1a650d0d340d6839), - W64LIT(0xe979fafacffa8335), W64LIT(0xa369dfdf5bdfb684), W64LIT(0xfca97e7ee57ed79b), W64LIT(0x4819242490243db4), - W64LIT(0x76fe3b3bec3bc5d7), W64LIT(0x4b9aabab96ab313d), W64LIT(0x81f0cece1fce3ed1), W64LIT(0x2299111144118855), - W64LIT(0x03838f8f068f0c89), W64LIT(0x9c044e4e254e4a6b), W64LIT(0x7366b7b7e6b7d151), W64LIT(0xcbe0ebeb8beb0b60), - W64LIT(0x78c13c3cf03cfdcc), W64LIT(0x1ffd81813e817cbf), W64LIT(0x354094946a94d4fe), W64LIT(0xf31cf7f7fbf7eb0c), - W64LIT(0x6f18b9b9deb9a167), W64LIT(0x268b13134c13985f), W64LIT(0x58512c2cb02c7d9c), W64LIT(0xbb05d3d36bd3d6b8), - W64LIT(0xd38ce7e7bbe76b5c), W64LIT(0xdc396e6ea56e57cb), W64LIT(0x95aac4c437c46ef3), W64LIT(0x061b03030c03180f), - W64LIT(0xacdc565645568a13), W64LIT(0x885e44440d441a49), W64LIT(0xfea07f7fe17fdf9e), W64LIT(0x4f88a9a99ea92137), - W64LIT(0x54672a2aa82a4d82), W64LIT(0x6b0abbbbd6bbb16d), W64LIT(0x9f87c1c123c146e2), W64LIT(0xa6f153535153a202), - W64LIT(0xa572dcdc57dcae8b), W64LIT(0x16530b0b2c0b5827), W64LIT(0x27019d9d4e9d9cd3), W64LIT(0xd82b6c6cad6c47c1), - W64LIT(0x62a43131c43195f5), W64LIT(0xe8f37474cd7487b9), W64LIT(0xf115f6f6fff6e309), W64LIT(0x8c4c464605460a43), - W64LIT(0x45a5acac8aac0926), W64LIT(0x0fb589891e893c97), W64LIT(0x28b414145014a044), W64LIT(0xdfbae1e1a3e15b42), - W64LIT(0x2ca616165816b04e), W64LIT(0x74f73a3ae83acdd2), W64LIT(0xd2066969b9696fd0), W64LIT(0x124109092409482d), - W64LIT(0xe0d77070dd70a7ad), W64LIT(0x716fb6b6e2b6d954), W64LIT(0xbd1ed0d067d0ceb7), W64LIT(0xc7d6eded93ed3b7e), - W64LIT(0x85e2cccc17cc2edb), W64LIT(0x8468424215422a57), W64LIT(0x2d2c98985a98b4c2), W64LIT(0x55eda4a4aaa4490e), - W64LIT(0x50752828a0285d88), W64LIT(0xb8865c5c6d5cda31), W64LIT(0xed6bf8f8c7f8933f), W64LIT(0x11c28686228644a4), - - W64LIT(0x7830d818186018c0), W64LIT(0xaf462623238c2305), W64LIT(0xf991b8c6c63fc67e), W64LIT(0x6fcdfbe8e887e813), - W64LIT(0xa113cb878726874c), W64LIT(0x626d11b8b8dab8a9), W64LIT(0x0502090101040108), W64LIT(0x6e9e0d4f4f214f42), - W64LIT(0xee6c9b3636d836ad), W64LIT(0x0451ffa6a6a2a659), W64LIT(0xbdb90cd2d26fd2de), W64LIT(0x06f70ef5f5f3f5fb), - W64LIT(0x80f2967979f979ef), W64LIT(0xcede306f6fa16f5f), W64LIT(0xef3f6d91917e91fc), W64LIT(0x07a4f852525552aa), - W64LIT(0xfdc04760609d6027), W64LIT(0x766535bcbccabc89), W64LIT(0xcd2b379b9b569bac), W64LIT(0x8c018a8e8e028e04), - W64LIT(0x155bd2a3a3b6a371), W64LIT(0x3c186c0c0c300c60), W64LIT(0x8af6847b7bf17bff), W64LIT(0xe16a803535d435b5), - W64LIT(0x693af51d1d741de8), W64LIT(0x47ddb3e0e0a7e053), W64LIT(0xacb321d7d77bd7f6), W64LIT(0xed999cc2c22fc25e), - W64LIT(0x965c432e2eb82e6d), W64LIT(0x7a96294b4b314b62), W64LIT(0x21e15dfefedffea3), W64LIT(0x16aed55757415782), - W64LIT(0x412abd15155415a8), W64LIT(0xb6eee87777c1779f), W64LIT(0xeb6e923737dc37a5), W64LIT(0x56d79ee5e5b3e57b), - W64LIT(0xd923139f9f469f8c), W64LIT(0x17fd23f0f0e7f0d3), W64LIT(0x7f94204a4a354a6a), W64LIT(0x95a944dada4fda9e), - W64LIT(0x25b0a258587d58fa), W64LIT(0xca8fcfc9c903c906), W64LIT(0x8d527c2929a42955), W64LIT(0x22145a0a0a280a50), - W64LIT(0x4f7f50b1b1feb1e1), W64LIT(0x1a5dc9a0a0baa069), W64LIT(0xdad6146b6bb16b7f), W64LIT(0xab17d985852e855c), - W64LIT(0x73673cbdbdcebd81), W64LIT(0x34ba8f5d5d695dd2), W64LIT(0x5020901010401080), W64LIT(0x03f507f4f4f7f4f3), - W64LIT(0xc08bddcbcb0bcb16), W64LIT(0xc67cd33e3ef83eed), W64LIT(0x110a2d0505140528), W64LIT(0xe6ce78676781671f), - W64LIT(0x53d597e4e4b7e473), W64LIT(0xbb4e0227279c2725), W64LIT(0x5882734141194132), W64LIT(0x9d0ba78b8b168b2c), - W64LIT(0x0153f6a7a7a6a751), W64LIT(0x94fab27d7de97dcf), W64LIT(0xfb374995956e95dc), W64LIT(0x9fad56d8d847d88e), - W64LIT(0x30eb70fbfbcbfb8b), W64LIT(0x71c1cdeeee9fee23), W64LIT(0x91f8bb7c7ced7cc7), W64LIT(0xe3cc716666856617), - W64LIT(0x8ea77bdddd53dda6), W64LIT(0x4b2eaf17175c17b8), W64LIT(0x468e454747014702), W64LIT(0xdc211a9e9e429e84), - W64LIT(0xc589d4caca0fca1e), W64LIT(0x995a582d2db42d75), W64LIT(0x79632ebfbfc6bf91), W64LIT(0x1b0e3f07071c0738), - W64LIT(0x2347acadad8ead01), W64LIT(0x2fb4b05a5a755aea), W64LIT(0xb51bef838336836c), W64LIT(0xff66b63333cc3385), - W64LIT(0xf2c65c636391633f), W64LIT(0x0a04120202080210), W64LIT(0x384993aaaa92aa39), W64LIT(0xa8e2de7171d971af), - W64LIT(0xcf8dc6c8c807c80e), W64LIT(0x7d32d119196419c8), W64LIT(0x70923b4949394972), W64LIT(0x9aaf5fd9d943d986), - W64LIT(0x1df931f2f2eff2c3), W64LIT(0x48dba8e3e3abe34b), W64LIT(0x2ab6b95b5b715be2), W64LIT(0x920dbc88881a8834), - W64LIT(0xc8293e9a9a529aa4), W64LIT(0xbe4c0b262698262d), W64LIT(0xfa64bf3232c8328d), W64LIT(0x4a7d59b0b0fab0e9), - W64LIT(0x6acff2e9e983e91b), W64LIT(0x331e770f0f3c0f78), W64LIT(0xa6b733d5d573d5e6), W64LIT(0xba1df480803a8074), - W64LIT(0x7c6127bebec2be99), W64LIT(0xde87ebcdcd13cd26), W64LIT(0xe468893434d034bd), W64LIT(0x75903248483d487a), - W64LIT(0x24e354ffffdbffab), W64LIT(0x8ff48d7a7af57af7), W64LIT(0xea3d6490907a90f4), W64LIT(0x3ebe9d5f5f615fc2), - W64LIT(0xa0403d202080201d), W64LIT(0xd5d00f6868bd6867), W64LIT(0x7234ca1a1a681ad0), W64LIT(0x2c41b7aeae82ae19), - W64LIT(0x5e757db4b4eab4c9), W64LIT(0x19a8ce54544d549a), W64LIT(0xe53b7f93937693ec), W64LIT(0xaa442f222288220d), - W64LIT(0xe9c86364648d6407), W64LIT(0x12ff2af1f1e3f1db), W64LIT(0xa2e6cc7373d173bf), W64LIT(0x5a24821212481290), - W64LIT(0x5d807a40401d403a), W64LIT(0x2810480808200840), W64LIT(0xe89b95c3c32bc356), W64LIT(0x7bc5dfecec97ec33), - W64LIT(0x90ab4ddbdb4bdb96), W64LIT(0x1f5fc0a1a1bea161), W64LIT(0x8307918d8d0e8d1c), W64LIT(0xc97ac83d3df43df5), - W64LIT(0xf1335b97976697cc), W64LIT(0x0000000000000000), W64LIT(0xd483f9cfcf1bcf36), W64LIT(0x87566e2b2bac2b45), - W64LIT(0xb3ece17676c57697), W64LIT(0xb019e68282328264), W64LIT(0xa9b128d6d67fd6fe), W64LIT(0x7736c31b1b6c1bd8), - W64LIT(0x5b7774b5b5eeb5c1), W64LIT(0x2943beafaf86af11), W64LIT(0xdfd41d6a6ab56a77), W64LIT(0x0da0ea50505d50ba), - W64LIT(0x4c8a574545094512), W64LIT(0x18fb38f3f3ebf3cb), W64LIT(0xf060ad3030c0309d), W64LIT(0x74c3c4efef9bef2b), - W64LIT(0xc37eda3f3ffc3fe5), W64LIT(0x1caac75555495592), W64LIT(0x1059dba2a2b2a279), W64LIT(0x65c9e9eaea8fea03), - W64LIT(0xecca6a656589650f), W64LIT(0x686903babad2bab9), W64LIT(0x935e4a2f2fbc2f65), W64LIT(0xe79d8ec0c027c04e), - W64LIT(0x81a160dede5fdebe), W64LIT(0x6c38fc1c1c701ce0), W64LIT(0x2ee746fdfdd3fdbb), W64LIT(0x649a1f4d4d294d52), - W64LIT(0xe0397692927292e4), W64LIT(0xbceafa7575c9758f), W64LIT(0x1e0c360606180630), W64LIT(0x9809ae8a8a128a24), - W64LIT(0x40794bb2b2f2b2f9), W64LIT(0x59d185e6e6bfe663), W64LIT(0x361c7e0e0e380e70), W64LIT(0x633ee71f1f7c1ff8), - W64LIT(0xf7c4556262956237), W64LIT(0xa3b53ad4d477d4ee), W64LIT(0x324d81a8a89aa829), W64LIT(0xf4315296966296c4), - W64LIT(0x3aef62f9f9c3f99b), W64LIT(0xf697a3c5c533c566), W64LIT(0xb14a102525942535), W64LIT(0x20b2ab59597959f2), - W64LIT(0xae15d084842a8454), W64LIT(0xa7e4c57272d572b7), W64LIT(0xdd72ec3939e439d5), W64LIT(0x6198164c4c2d4c5a), - W64LIT(0x3bbc945e5e655eca), W64LIT(0x85f09f7878fd78e7), W64LIT(0xd870e53838e038dd), W64LIT(0x8605988c8c0a8c14), - W64LIT(0xb2bf17d1d163d1c6), W64LIT(0x0b57e4a5a5aea541), W64LIT(0x4dd9a1e2e2afe243), W64LIT(0xf8c24e616199612f), - W64LIT(0x457b42b3b3f6b3f1), W64LIT(0xa542342121842115), W64LIT(0xd625089c9c4a9c94), W64LIT(0x663cee1e1e781ef0), - W64LIT(0x5286614343114322), W64LIT(0xfc93b1c7c73bc776), W64LIT(0x2be54ffcfcd7fcb3), W64LIT(0x1408240404100420), - W64LIT(0x08a2e351515951b2), W64LIT(0xc72f2599995e99bc), W64LIT(0xc4da226d6da96d4f), W64LIT(0x391a650d0d340d68), - W64LIT(0x35e979fafacffa83), W64LIT(0x84a369dfdf5bdfb6), W64LIT(0x9bfca97e7ee57ed7), W64LIT(0xb44819242490243d), - W64LIT(0xd776fe3b3bec3bc5), W64LIT(0x3d4b9aabab96ab31), W64LIT(0xd181f0cece1fce3e), W64LIT(0x5522991111441188), - W64LIT(0x8903838f8f068f0c), W64LIT(0x6b9c044e4e254e4a), W64LIT(0x517366b7b7e6b7d1), W64LIT(0x60cbe0ebeb8beb0b), - W64LIT(0xcc78c13c3cf03cfd), W64LIT(0xbf1ffd81813e817c), W64LIT(0xfe354094946a94d4), W64LIT(0x0cf31cf7f7fbf7eb), - W64LIT(0x676f18b9b9deb9a1), W64LIT(0x5f268b13134c1398), W64LIT(0x9c58512c2cb02c7d), W64LIT(0xb8bb05d3d36bd3d6), - W64LIT(0x5cd38ce7e7bbe76b), W64LIT(0xcbdc396e6ea56e57), W64LIT(0xf395aac4c437c46e), W64LIT(0x0f061b03030c0318), - W64LIT(0x13acdc565645568a), W64LIT(0x49885e44440d441a), W64LIT(0x9efea07f7fe17fdf), W64LIT(0x374f88a9a99ea921), - W64LIT(0x8254672a2aa82a4d), W64LIT(0x6d6b0abbbbd6bbb1), W64LIT(0xe29f87c1c123c146), W64LIT(0x02a6f153535153a2), - W64LIT(0x8ba572dcdc57dcae), W64LIT(0x2716530b0b2c0b58), W64LIT(0xd327019d9d4e9d9c), W64LIT(0xc1d82b6c6cad6c47), - W64LIT(0xf562a43131c43195), W64LIT(0xb9e8f37474cd7487), W64LIT(0x09f115f6f6fff6e3), W64LIT(0x438c4c464605460a), - W64LIT(0x2645a5acac8aac09), W64LIT(0x970fb589891e893c), W64LIT(0x4428b414145014a0), W64LIT(0x42dfbae1e1a3e15b), - W64LIT(0x4e2ca616165816b0), W64LIT(0xd274f73a3ae83acd), W64LIT(0xd0d2066969b9696f), W64LIT(0x2d12410909240948), - W64LIT(0xade0d77070dd70a7), W64LIT(0x54716fb6b6e2b6d9), W64LIT(0xb7bd1ed0d067d0ce), W64LIT(0x7ec7d6eded93ed3b), - W64LIT(0xdb85e2cccc17cc2e), W64LIT(0x578468424215422a), W64LIT(0xc22d2c98985a98b4), W64LIT(0x0e55eda4a4aaa449), - W64LIT(0x8850752828a0285d), W64LIT(0x31b8865c5c6d5cda), W64LIT(0x3fed6bf8f8c7f893), W64LIT(0xa411c28686228644), - - W64LIT(0x1823c6e887b8014f), - W64LIT(0x36a6d2f5796f9152), - W64LIT(0x60bc9b8ea30c7b35), - W64LIT(0x1de0d7c22e4bfe57), - W64LIT(0x157737e59ff04ada), - W64LIT(0x58c9290ab1a06b85), - W64LIT(0xbd5d10f4cb3e0567), - W64LIT(0xe427418ba77d95d8), - W64LIT(0xfbee7c66dd17479e), - W64LIT(0xca2dbf07ad5a8333) -}; - -// Whirlpool basic transformation. Transforms state based on block. -void Whirlpool::Transform(word64 *digest, const word64 *block) -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - if (HasISSE()) - { - // MMX version has the same structure as C version below -#ifdef __GNUC__ - #if CRYPTOPP_BOOL_X64 - word64 workspace[16]; - #endif - __asm__ __volatile__ - ( - ".intel_syntax noprefix;" - AS_PUSH_IF86( bx) - AS2( mov AS_REG_6, WORD_REG(ax)) -#else - #if _MSC_VER < 1300 - AS_PUSH_IF86( bx) - #endif - AS2( lea AS_REG_6, [Whirlpool_C]) - AS2( mov WORD_REG(cx), digest) - AS2( mov WORD_REG(dx), block) -#endif -#if CRYPTOPP_BOOL_X86 - AS2( mov eax, esp) - AS2( and esp, -16) - AS2( sub esp, 16*8) - AS1( push eax) - #define SSE2_workspace esp+WORD_SZ -#else - #define SSE2_workspace %3 -#endif - AS2( xor esi, esi) - ASL(0) - AS2( movq mm0, [WORD_REG(cx)+8*WORD_REG(si)]) - AS2( movq [SSE2_workspace+8*WORD_REG(si)], mm0) // k - AS2( pxor mm0, [WORD_REG(dx)+8*WORD_REG(si)]) - AS2( movq [SSE2_workspace+64+8*WORD_REG(si)], mm0) // s - AS2( movq [WORD_REG(cx)+8*WORD_REG(si)], mm0) - AS1( inc WORD_REG(si)) - AS2( cmp WORD_REG(si), 8) - ASJ( jne, 0, b) - - AS2( xor esi, esi) - ASL(1) - -#define KSL0(a, b) AS2(movq mm##a, b) -#define KSL1(a, b) AS2(pxor mm##a, b) - -#define KSL(op, i, a, b, c, d) \ - AS2(mov eax, [SSE2_workspace+8*i])\ - AS2(movzx edi, al)\ - KSL##op(a, [AS_REG_6+3*2048+8*WORD_REG(di)])\ - AS2(movzx edi, ah)\ - KSL##op(b, [AS_REG_6+2*2048+8*WORD_REG(di)])\ - AS2(shr eax, 16)\ - AS2(movzx edi, al)\ - AS2(shr eax, 8)\ - KSL##op(c, [AS_REG_6+1*2048+8*WORD_REG(di)])\ - KSL##op(d, [AS_REG_6+0*2048+8*WORD_REG(ax)]) - -#define KSH0(a, b) \ - ASS(pshufw mm##a, mm##a, 1, 0, 3, 2)\ - AS2(pxor mm##a, b) -#define KSH1(a, b) \ - AS2(pxor mm##a, b) -#define KSH2(a, b) \ - AS2(pxor mm##a, b)\ - AS2(movq [SSE2_workspace+8*a], mm##a) - -#define KSH(op, i, a, b, c, d) \ - AS2(mov eax, [SSE2_workspace+8*((i+4)-8*((i+4)/8))+4])\ - AS2(movzx edi, al)\ - KSH##op(a, [AS_REG_6+3*2048+8*WORD_REG(di)])\ - AS2(movzx edi, ah)\ - KSH##op(b, [AS_REG_6+2*2048+8*WORD_REG(di)])\ - AS2(shr eax, 16)\ - AS2(movzx edi, al)\ - AS2(shr eax, 8)\ - KSH##op(c, [AS_REG_6+1*2048+8*WORD_REG(di)])\ - KSH##op(d, [AS_REG_6+0*2048+8*WORD_REG(ax)]) - -#define TSL(op, i, a, b, c, d) \ - AS2(mov eax, [SSE2_workspace+64+8*i])\ - AS2(movzx edi, al)\ - KSL##op(a, [AS_REG_6+3*2048+8*WORD_REG(di)])\ - AS2(movzx edi, ah)\ - KSL##op(b, [AS_REG_6+2*2048+8*WORD_REG(di)])\ - AS2(shr eax, 16)\ - AS2(movzx edi, al)\ - AS2(shr eax, 8)\ - KSL##op(c, [AS_REG_6+1*2048+8*WORD_REG(di)])\ - KSL##op(d, [AS_REG_6+0*2048+8*WORD_REG(ax)]) - -#define TSH0(a, b) \ - ASS(pshufw mm##a, mm##a, 1, 0, 3, 2)\ - AS2(pxor mm##a, [SSE2_workspace+8*a])\ - AS2(pxor mm##a, b) -#define TSH1(a, b) \ - AS2(pxor mm##a, b) -#define TSH2(a, b) \ - AS2(pxor mm##a, b)\ - AS2(movq [SSE2_workspace+64+8*a], mm##a) -#define TSH3(a, b) \ - AS2(pxor mm##a, b)\ - AS2(pxor mm##a, [WORD_REG(cx)+8*a])\ - AS2(movq [WORD_REG(cx)+8*a], mm##a) - -#define TSH(op, i, a, b, c, d) \ - AS2(mov eax, [SSE2_workspace+64+8*((i+4)-8*((i+4)/8))+4])\ - AS2(movzx edi, al)\ - TSH##op(a, [AS_REG_6+3*2048+8*WORD_REG(di)])\ - AS2(movzx edi, ah)\ - TSH##op(b, [AS_REG_6+2*2048+8*WORD_REG(di)])\ - AS2(shr eax, 16)\ - AS2(movzx edi, al)\ - AS2(shr eax, 8)\ - TSH##op(c, [AS_REG_6+1*2048+8*WORD_REG(di)])\ - TSH##op(d, [AS_REG_6+0*2048+8*WORD_REG(ax)]) - - KSL(0, 4, 3, 2, 1, 0) - KSL(0, 0, 7, 6, 5, 4) - KSL(1, 1, 0, 7, 6, 5) - KSL(1, 2, 1, 0, 7, 6) - KSL(1, 3, 2, 1, 0, 7) - KSL(1, 5, 4, 3, 2, 1) - KSL(1, 6, 5, 4, 3, 2) - KSL(1, 7, 6, 5, 4, 3) - KSH(0, 0, 7, 6, 5, 4) - KSH(0, 4, 3, 2, 1, 0) - KSH(1, 1, 0, 7, 6, 5) - KSH(1, 2, 1, 0, 7, 6) - KSH(1, 5, 4, 3, 2, 1) - KSH(1, 6, 5, 4, 3, 2) - KSH(2, 3, 2, 1, 0, 7) - KSH(2, 7, 6, 5, 4, 3) - - AS2( pxor mm0, [AS_REG_6 + 8*1024 + WORD_REG(si)*8]) - AS2( movq [SSE2_workspace], mm0) - - TSL(0, 4, 3, 2, 1, 0) - TSL(0, 0, 7, 6, 5, 4) - TSL(1, 1, 0, 7, 6, 5) - TSL(1, 2, 1, 0, 7, 6) - TSL(1, 3, 2, 1, 0, 7) - TSL(1, 5, 4, 3, 2, 1) - TSL(1, 6, 5, 4, 3, 2) - TSL(1, 7, 6, 5, 4, 3) - TSH(0, 0, 7, 6, 5, 4) - TSH(0, 4, 3, 2, 1, 0) - TSH(1, 1, 0, 7, 6, 5) - TSH(1, 2, 1, 0, 7, 6) - TSH(1, 5, 4, 3, 2, 1) - TSH(1, 6, 5, 4, 3, 2) - - AS1( inc WORD_REG(si)) - AS2( cmp WORD_REG(si), 10) - ASJ( je, 2, f) - - TSH(2, 3, 2, 1, 0, 7) - TSH(2, 7, 6, 5, 4, 3) - - ASJ( jmp, 1, b) - ASL(2) - - TSH(3, 3, 2, 1, 0, 7) - TSH(3, 7, 6, 5, 4, 3) - -#undef KSL -#undef KSH -#undef TSL -#undef TSH - - AS_POP_IF86( sp) - AS1( emms) - -#if defined(__GNUC__) || (defined(_MSC_VER) && _MSC_VER < 1300) - AS_POP_IF86( bx) -#endif -#ifdef __GNUC__ - ".att_syntax prefix;" - : - : "a" (Whirlpool_C), "c" (digest), "d" (block) - #if CRYPTOPP_BOOL_X64 - , "r" (workspace) - #endif - : "%esi", "%edi", "memory", "cc" - #if CRYPTOPP_BOOL_X64 - , "%r9" - #endif - ); -#endif - } - else -#endif // #ifdef CRYPTOPP_X86_ASM_AVAILABLE - { - word64 s[8]; // the cipher state - word64 k[8]; // the round key - - // Compute and apply K^0 to the cipher state - // Also apply part of the Miyaguchi-Preneel compression function - for (int i=0; i<8; i++) - digest[i] = s[i] = block[i] ^ (k[i] = digest[i]); - -#define KSL(op, i, a, b, c, d) \ - t = (word32)k[i];\ - w##a = Whirlpool_C[3*256 + (byte)t] ^ (op ? w##a : 0);\ - t >>= 8;\ - w##b = Whirlpool_C[2*256 + (byte)t] ^ (op ? w##b : 0);\ - t >>= 8;\ - w##c = Whirlpool_C[1*256 + (byte)t] ^ (op ? w##c : 0);\ - t >>= 8;\ - w##d = Whirlpool_C[0*256 + t] ^ (op ? w##d : 0); - -#define KSH(op, i, a, b, c, d) \ - t = (word32)(k[(i+4)%8]>>32);\ - w##a = Whirlpool_C[3*256 + (byte)t] ^ (op ? w##a : rotrFixed(w##a, 32));\ - if (op==2) k[a] = w##a;\ - t >>= 8;\ - w##b = Whirlpool_C[2*256 + (byte)t] ^ (op ? w##b : rotrFixed(w##b, 32));\ - if (op==2) k[b] = w##b;\ - t >>= 8;\ - w##c = Whirlpool_C[1*256 + (byte)t] ^ (op ? w##c : rotrFixed(w##c, 32));\ - if (op==2) k[c] = w##c;\ - t >>= 8;\ - w##d = Whirlpool_C[0*256 + t] ^ (op ? w##d : rotrFixed(w##d, 32));\ - if (op==2) k[d] = w##d;\ - -#define TSL(op, i, a, b, c, d) \ - t = (word32)s[i];\ - w##a = Whirlpool_C[3*256 + (byte)t] ^ (op ? w##a : 0);\ - t >>= 8;\ - w##b = Whirlpool_C[2*256 + (byte)t] ^ (op ? w##b : 0);\ - t >>= 8;\ - w##c = Whirlpool_C[1*256 + (byte)t] ^ (op ? w##c : 0);\ - t >>= 8;\ - w##d = Whirlpool_C[0*256 + t] ^ (op ? w##d : 0); - -#define TSH_OP(op, a, b) \ - w##a = Whirlpool_C[b*256 + (byte)t] ^ (op ? w##a : rotrFixed(w##a, 32) ^ k[a]);\ - if (op==2) s[a] = w##a;\ - if (op==3) digest[a] ^= w##a;\ - -#define TSH(op, i, a, b, c, d) \ - t = (word32)(s[(i+4)%8]>>32);\ - TSH_OP(op, a, 3);\ - t >>= 8;\ - TSH_OP(op, b, 2);\ - t >>= 8;\ - TSH_OP(op, c, 1);\ - t >>= 8;\ - TSH_OP(op, d, 0);\ - - // Iterate over all rounds: - int r=0; - while (true) - { - word64 w0, w1, w2, w3, w4, w5, w6, w7; // temporary storage - word32 t; - - KSL(0, 4, 3, 2, 1, 0) - KSL(0, 0, 7, 6, 5, 4) - KSL(1, 1, 0, 7, 6, 5) - KSL(1, 2, 1, 0, 7, 6) - KSL(1, 3, 2, 1, 0, 7) - KSL(1, 5, 4, 3, 2, 1) - KSL(1, 6, 5, 4, 3, 2) - KSL(1, 7, 6, 5, 4, 3) - KSH(0, 0, 7, 6, 5, 4) - KSH(0, 4, 3, 2, 1, 0) - KSH(1, 1, 0, 7, 6, 5) - KSH(1, 2, 1, 0, 7, 6) - KSH(1, 5, 4, 3, 2, 1) - KSH(1, 6, 5, 4, 3, 2) - KSH(2, 3, 2, 1, 0, 7) - KSH(2, 7, 6, 5, 4, 3) - - k[0] ^= Whirlpool_C[1024+r]; - - TSL(0, 4, 3, 2, 1, 0) - TSL(0, 0, 7, 6, 5, 4) - TSL(1, 1, 0, 7, 6, 5) - TSL(1, 2, 1, 0, 7, 6) - TSL(1, 3, 2, 1, 0, 7) - TSL(1, 5, 4, 3, 2, 1) - TSL(1, 6, 5, 4, 3, 2) - TSL(1, 7, 6, 5, 4, 3) - TSH(0, 0, 7, 6, 5, 4) - TSH(0, 4, 3, 2, 1, 0) - TSH(1, 1, 0, 7, 6, 5) - TSH(1, 2, 1, 0, 7, 6) - TSH(1, 5, 4, 3, 2, 1) - TSH(1, 6, 5, 4, 3, 2) - - if (++r < R) - { - TSH(2, 3, 2, 1, 0, 7) - TSH(2, 7, 6, 5, 4, 3) - } - else - { - TSH(3, 3, 2, 1, 0, 7) - TSH(3, 7, 6, 5, 4, 3) - break; - } - } - } -} - -NAMESPACE_END diff --git a/cryptopp562/whrlpool.h b/cryptopp562/whrlpool.h deleted file mode 100644 index 62c9d8a..0000000 --- a/cryptopp562/whrlpool.h +++ /dev/null @@ -1,21 +0,0 @@ -#ifndef CRYPTOPP_WHIRLPOOL_H -#define CRYPTOPP_WHIRLPOOL_H - -#include "config.h" -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! <a href="http://www.cryptolounge.org/wiki/Whirlpool">Whirlpool</a> -class Whirlpool : public IteratedHashWithStaticTransform<word64, BigEndian, 64, 64, Whirlpool> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word64 *digest, const word64 *data); - void TruncatedFinal(byte *hash, size_t size); - static const char * StaticAlgorithmName() {return "Whirlpool";} -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/winpipes.cpp b/cryptopp562/winpipes.cpp deleted file mode 100644 index 1c2e047..0000000 --- a/cryptopp562/winpipes.cpp +++ /dev/null @@ -1,205 +0,0 @@ -// winpipes.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "winpipes.h" - -#ifdef WINDOWS_PIPES_AVAILABLE - -#include "wait.h" - -NAMESPACE_BEGIN(CryptoPP) - -WindowsHandle::WindowsHandle(HANDLE h, bool own) - : m_h(h), m_own(own) -{ -} - -WindowsHandle::~WindowsHandle() -{ - if (m_own) - { - try - { - CloseHandle(); - } - catch (...) - { - } - } -} - -bool WindowsHandle::HandleValid() const -{ - return m_h && m_h != INVALID_HANDLE_VALUE; -} - -void WindowsHandle::AttachHandle(HANDLE h, bool own) -{ - if (m_own) - CloseHandle(); - - m_h = h; - m_own = own; - HandleChanged(); -} - -HANDLE WindowsHandle::DetachHandle() -{ - HANDLE h = m_h; - m_h = INVALID_HANDLE_VALUE; - HandleChanged(); - return h; -} - -void WindowsHandle::CloseHandle() -{ - if (m_h != INVALID_HANDLE_VALUE) - { - ::CloseHandle(m_h); - m_h = INVALID_HANDLE_VALUE; - HandleChanged(); - } -} - -// ******************************************************** - -void WindowsPipe::HandleError(const char *operation) const -{ - DWORD err = GetLastError(); - throw Err(GetHandle(), operation, err); -} - -WindowsPipe::Err::Err(HANDLE s, const std::string& operation, int error) - : OS_Error(IO_ERROR, "WindowsPipe: " + operation + " operation failed with error 0x" + IntToString(error, 16), operation, error) - , m_h(s) -{ -} - -// ************************************************************* - -WindowsPipeReceiver::WindowsPipeReceiver() - : m_resultPending(false), m_eofReceived(false) -{ - m_event.AttachHandle(CreateEvent(NULL, true, false, NULL), true); - CheckAndHandleError("CreateEvent", m_event.HandleValid()); - memset(&m_overlapped, 0, sizeof(m_overlapped)); - m_overlapped.hEvent = m_event; -} - -bool WindowsPipeReceiver::Receive(byte* buf, size_t bufLen) -{ - assert(!m_resultPending && !m_eofReceived); - - HANDLE h = GetHandle(); - // don't queue too much at once, or we might use up non-paged memory - if (ReadFile(h, buf, UnsignedMin((DWORD)128*1024, bufLen), &m_lastResult, &m_overlapped)) - { - if (m_lastResult == 0) - m_eofReceived = true; - } - else - { - switch (GetLastError()) - { - default: - CheckAndHandleError("ReadFile", false); - case ERROR_BROKEN_PIPE: - case ERROR_HANDLE_EOF: - m_lastResult = 0; - m_eofReceived = true; - break; - case ERROR_IO_PENDING: - m_resultPending = true; - } - } - return !m_resultPending; -} - -void WindowsPipeReceiver::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (m_resultPending) - container.AddHandle(m_event, CallStack("WindowsPipeReceiver::GetWaitObjects() - result pending", &callStack)); - else if (!m_eofReceived) - container.SetNoWait(CallStack("WindowsPipeReceiver::GetWaitObjects() - result ready", &callStack)); -} - -unsigned int WindowsPipeReceiver::GetReceiveResult() -{ - if (m_resultPending) - { - HANDLE h = GetHandle(); - if (GetOverlappedResult(h, &m_overlapped, &m_lastResult, false)) - { - if (m_lastResult == 0) - m_eofReceived = true; - } - else - { - switch (GetLastError()) - { - default: - CheckAndHandleError("GetOverlappedResult", false); - case ERROR_BROKEN_PIPE: - case ERROR_HANDLE_EOF: - m_lastResult = 0; - m_eofReceived = true; - } - } - m_resultPending = false; - } - return m_lastResult; -} - -// ************************************************************* - -WindowsPipeSender::WindowsPipeSender() - : m_resultPending(false), m_lastResult(0) -{ - m_event.AttachHandle(CreateEvent(NULL, true, false, NULL), true); - CheckAndHandleError("CreateEvent", m_event.HandleValid()); - memset(&m_overlapped, 0, sizeof(m_overlapped)); - m_overlapped.hEvent = m_event; -} - -void WindowsPipeSender::Send(const byte* buf, size_t bufLen) -{ - DWORD written = 0; - HANDLE h = GetHandle(); - // don't queue too much at once, or we might use up non-paged memory - if (WriteFile(h, buf, UnsignedMin((DWORD)128*1024, bufLen), &written, &m_overlapped)) - { - m_resultPending = false; - m_lastResult = written; - } - else - { - if (GetLastError() != ERROR_IO_PENDING) - CheckAndHandleError("WriteFile", false); - - m_resultPending = true; - } -} - -void WindowsPipeSender::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (m_resultPending) - container.AddHandle(m_event, CallStack("WindowsPipeSender::GetWaitObjects() - result pending", &callStack)); - else - container.SetNoWait(CallStack("WindowsPipeSender::GetWaitObjects() - result ready", &callStack)); -} - -unsigned int WindowsPipeSender::GetSendResult() -{ - if (m_resultPending) - { - HANDLE h = GetHandle(); - BOOL result = GetOverlappedResult(h, &m_overlapped, &m_lastResult, false); - CheckAndHandleError("GetOverlappedResult", result); - m_resultPending = false; - } - return m_lastResult; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/winpipes.h b/cryptopp562/winpipes.h deleted file mode 100644 index ade93bb..0000000 --- a/cryptopp562/winpipes.h +++ /dev/null @@ -1,142 +0,0 @@ -#ifndef CRYPTOPP_WINPIPES_H -#define CRYPTOPP_WINPIPES_H - -#include "config.h" - -#ifdef WINDOWS_PIPES_AVAILABLE - -#include "network.h" -#include "queue.h" -#include <winsock2.h> - -NAMESPACE_BEGIN(CryptoPP) - -//! Windows Handle -class WindowsHandle -{ -public: - WindowsHandle(HANDLE h = INVALID_HANDLE_VALUE, bool own=false); - WindowsHandle(const WindowsHandle &h) : m_h(h.m_h), m_own(false) {} - virtual ~WindowsHandle(); - - bool GetOwnership() const {return m_own;} - void SetOwnership(bool own) {m_own = own;} - - operator HANDLE() {return m_h;} - HANDLE GetHandle() const {return m_h;} - bool HandleValid() const; - void AttachHandle(HANDLE h, bool own=false); - HANDLE DetachHandle(); - void CloseHandle(); - -protected: - virtual void HandleChanged() {} - - HANDLE m_h; - bool m_own; -}; - -//! Windows Pipe -class WindowsPipe -{ -public: - class Err : public OS_Error - { - public: - Err(HANDLE h, const std::string& operation, int error); - HANDLE GetHandle() const {return m_h;} - - private: - HANDLE m_h; - }; - -protected: - virtual HANDLE GetHandle() const =0; - virtual void HandleError(const char *operation) const; - void CheckAndHandleError(const char *operation, BOOL result) const - {assert(result==TRUE || result==FALSE); if (!result) HandleError(operation);} -}; - -//! pipe-based implementation of NetworkReceiver -class WindowsPipeReceiver : public WindowsPipe, public NetworkReceiver -{ -public: - WindowsPipeReceiver(); - - bool MustWaitForResult() {return true;} - bool Receive(byte* buf, size_t bufLen); - unsigned int GetReceiveResult(); - bool EofReceived() const {return m_eofReceived;} - - unsigned int GetMaxWaitObjectCount() const {return 1;} - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - -private: - WindowsHandle m_event; - OVERLAPPED m_overlapped; - bool m_resultPending; - DWORD m_lastResult; - bool m_eofReceived; -}; - -//! pipe-based implementation of NetworkSender -class WindowsPipeSender : public WindowsPipe, public NetworkSender -{ -public: - WindowsPipeSender(); - - bool MustWaitForResult() {return true;} - void Send(const byte* buf, size_t bufLen); - unsigned int GetSendResult(); - bool MustWaitForEof() { return false; } - void SendEof() {} - - unsigned int GetMaxWaitObjectCount() const {return 1;} - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - -private: - WindowsHandle m_event; - OVERLAPPED m_overlapped; - bool m_resultPending; - DWORD m_lastResult; -}; - -//! Windows Pipe Source -class WindowsPipeSource : public WindowsHandle, public NetworkSource, public WindowsPipeReceiver -{ -public: - WindowsPipeSource(HANDLE h=INVALID_HANDLE_VALUE, bool pumpAll=false, BufferedTransformation *attachment=NULL) - : WindowsHandle(h), NetworkSource(attachment) - { - if (pumpAll) - PumpAll(); - } - - using NetworkSource::GetMaxWaitObjectCount; - using NetworkSource::GetWaitObjects; - -private: - HANDLE GetHandle() const {return WindowsHandle::GetHandle();} - NetworkReceiver & AccessReceiver() {return *this;} -}; - -//! Windows Pipe Sink -class WindowsPipeSink : public WindowsHandle, public NetworkSink, public WindowsPipeSender -{ -public: - WindowsPipeSink(HANDLE h=INVALID_HANDLE_VALUE, unsigned int maxBufferSize=0, unsigned int autoFlushBound=16*1024) - : WindowsHandle(h), NetworkSink(maxBufferSize, autoFlushBound) {} - - using NetworkSink::GetMaxWaitObjectCount; - using NetworkSink::GetWaitObjects; - -private: - HANDLE GetHandle() const {return WindowsHandle::GetHandle();} - NetworkSender & AccessSender() {return *this;} -}; - -NAMESPACE_END - -#endif - -#endif diff --git a/cryptopp562/words.h b/cryptopp562/words.h deleted file mode 100644 index d5fda71..0000000 --- a/cryptopp562/words.h +++ /dev/null @@ -1,103 +0,0 @@ -#ifndef CRYPTOPP_WORDS_H -#define CRYPTOPP_WORDS_H - -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -inline size_t CountWords(const word *X, size_t N) -{ - while (N && X[N-1]==0) - N--; - return N; -} - -inline void SetWords(word *r, word a, size_t n) -{ - for (size_t i=0; i<n; i++) - r[i] = a; -} - -inline void CopyWords(word *r, const word *a, size_t n) -{ - if (r != a) - memcpy(r, a, n*WORD_SIZE); -} - -inline void XorWords(word *r, const word *a, const word *b, size_t n) -{ - for (size_t i=0; i<n; i++) - r[i] = a[i] ^ b[i]; -} - -inline void XorWords(word *r, const word *a, size_t n) -{ - for (size_t i=0; i<n; i++) - r[i] ^= a[i]; -} - -inline void AndWords(word *r, const word *a, const word *b, size_t n) -{ - for (size_t i=0; i<n; i++) - r[i] = a[i] & b[i]; -} - -inline void AndWords(word *r, const word *a, size_t n) -{ - for (size_t i=0; i<n; i++) - r[i] &= a[i]; -} - -inline word ShiftWordsLeftByBits(word *r, size_t n, unsigned int shiftBits) -{ - assert (shiftBits<WORD_BITS); - word u, carry=0; - if (shiftBits) - for (size_t i=0; i<n; i++) - { - u = r[i]; - r[i] = (u << shiftBits) | carry; - carry = u >> (WORD_BITS-shiftBits); - } - return carry; -} - -inline word ShiftWordsRightByBits(word *r, size_t n, unsigned int shiftBits) -{ - assert (shiftBits<WORD_BITS); - word u, carry=0; - if (shiftBits) - for (size_t i=n; i>0; i--) - { - u = r[i-1]; - r[i-1] = (u >> shiftBits) | carry; - carry = u << (WORD_BITS-shiftBits); - } - return carry; -} - -inline void ShiftWordsLeftByWords(word *r, size_t n, size_t shiftWords) -{ - shiftWords = STDMIN(shiftWords, n); - if (shiftWords) - { - for (size_t i=n-1; i>=shiftWords; i--) - r[i] = r[i-shiftWords]; - SetWords(r, 0, shiftWords); - } -} - -inline void ShiftWordsRightByWords(word *r, size_t n, size_t shiftWords) -{ - shiftWords = STDMIN(shiftWords, n); - if (shiftWords) - { - for (size_t i=0; i+shiftWords<n; i++) - r[i] = r[i+shiftWords]; - SetWords(r+n-shiftWords, 0, shiftWords); - } -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/x64dll.asm b/cryptopp562/x64dll.asm deleted file mode 100644 index 0d07f36..0000000 --- a/cryptopp562/x64dll.asm +++ /dev/null @@ -1,1968 +0,0 @@ -include ksamd64.inc -EXTERNDEF ?Te@rdtable@CryptoPP@@3PA_KA:FAR -EXTERNDEF ?g_cacheLineSize@CryptoPP@@3IA:FAR -EXTERNDEF ?SHA256_K@CryptoPP@@3QBIB:FAR -.CODE - - ALIGN 8 -Baseline_Add PROC - lea rdx, [rdx+8*rcx] - lea r8, [r8+8*rcx] - lea r9, [r9+8*rcx] - neg rcx ; rcx is negative index - jz $1@Baseline_Add - mov rax,[r8+8*rcx] - add rax,[r9+8*rcx] - mov [rdx+8*rcx],rax -$0@Baseline_Add: - mov rax,[r8+8*rcx+8] - adc rax,[r9+8*rcx+8] - mov [rdx+8*rcx+8],rax - lea rcx,[rcx+2] ; advance index, avoid inc which causes slowdown on Intel Core 2 - jrcxz $1@Baseline_Add ; loop until rcx overflows and becomes zero - mov rax,[r8+8*rcx] - adc rax,[r9+8*rcx] - mov [rdx+8*rcx],rax - jmp $0@Baseline_Add -$1@Baseline_Add: - mov rax, 0 - adc rax, rax ; store carry into rax (return result register) - ret -Baseline_Add ENDP - - ALIGN 8 -Baseline_Sub PROC - lea rdx, [rdx+8*rcx] - lea r8, [r8+8*rcx] - lea r9, [r9+8*rcx] - neg rcx ; rcx is negative index - jz $1@Baseline_Sub - mov rax,[r8+8*rcx] - sub rax,[r9+8*rcx] - mov [rdx+8*rcx],rax -$0@Baseline_Sub: - mov rax,[r8+8*rcx+8] - sbb rax,[r9+8*rcx+8] - mov [rdx+8*rcx+8],rax - lea rcx,[rcx+2] ; advance index, avoid inc which causes slowdown on Intel Core 2 - jrcxz $1@Baseline_Sub ; loop until rcx overflows and becomes zero - mov rax,[r8+8*rcx] - sbb rax,[r9+8*rcx] - mov [rdx+8*rcx],rax - jmp $0@Baseline_Sub -$1@Baseline_Sub: - mov rax, 0 - adc rax, rax ; store carry into rax (return result register) - - ret -Baseline_Sub ENDP - -ALIGN 8 -Rijndael_Enc_AdvancedProcessBlocks PROC FRAME -rex_push_reg rsi -push_reg rdi -push_reg rbx -push_reg r12 -.endprolog -mov r8, rcx -mov r11, ?Te@rdtable@CryptoPP@@3PA_KA -mov edi, DWORD PTR [?g_cacheLineSize@CryptoPP@@3IA] -mov rsi, [(r8+16*19)] -mov rax, 16 -and rax, rsi -movdqa xmm3, XMMWORD PTR [rdx+16+rax] -movdqa [(r8+16*12)], xmm3 -lea rax, [rdx+rax+2*16] -sub rax, rsi -label0: -movdqa xmm0, [rax+rsi] -movdqa XMMWORD PTR [(r8+0)+rsi], xmm0 -add rsi, 16 -cmp rsi, 16*12 -jl label0 -movdqa xmm4, [rax+rsi] -movdqa xmm1, [rdx] -mov r12d, [rdx+4*4] -mov ebx, [rdx+5*4] -mov ecx, [rdx+6*4] -mov edx, [rdx+7*4] -xor rax, rax -label9: -mov esi, [r11+rax] -add rax, rdi -mov esi, [r11+rax] -add rax, rdi -mov esi, [r11+rax] -add rax, rdi -mov esi, [r11+rax] -add rax, rdi -cmp rax, 2048 -jl label9 -lfence -test DWORD PTR [(r8+16*18+8)], 1 -jz label8 -mov rsi, [(r8+16*14)] -movdqu xmm2, [rsi] -pxor xmm2, xmm1 -psrldq xmm1, 14 -movd eax, xmm1 -mov al, BYTE PTR [rsi+15] -mov r10d, eax -movd eax, xmm2 -psrldq xmm2, 4 -movd edi, xmm2 -psrldq xmm2, 4 -movzx esi, al -xor r12d, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor edx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor ecx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor ebx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, edi -movd edi, xmm2 -psrldq xmm2, 4 -movzx esi, al -xor ebx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor r12d, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor edx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor ecx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, edi -movd edi, xmm2 -movzx esi, al -xor ecx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor ebx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor r12d, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor edx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, edi -movzx esi, al -xor edx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor ecx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor ebx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -psrldq xmm2, 3 -mov eax, [(r8+16*12)+0*4] -mov edi, [(r8+16*12)+2*4] -mov r9d, [(r8+16*12)+3*4] -movzx esi, cl -xor r9d, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, bl -xor edi, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, bh -xor r9d, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr ebx, 16 -movzx esi, bl -xor eax, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, bh -mov ebx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -xor ebx, [(r8+16*12)+1*4] -movzx esi, ch -xor eax, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr ecx, 16 -movzx esi, dl -xor eax, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, dh -xor ebx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr edx, 16 -movzx esi, ch -xor edi, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, cl -xor ebx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, dl -xor edi, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, dh -xor r9d, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movd ecx, xmm2 -mov edx, r12d -mov [(r8+0)+3*4], r9d -mov [(r8+0)+0*4], eax -mov [(r8+0)+1*4], ebx -mov [(r8+0)+2*4], edi -jmp label5 -label3: -mov r12d, [(r8+16*12)+0*4] -mov ebx, [(r8+16*12)+1*4] -mov ecx, [(r8+16*12)+2*4] -mov edx, [(r8+16*12)+3*4] -label8: -mov rax, [(r8+16*14)] -movdqu xmm2, [rax] -mov rsi, [(r8+16*14)+8] -movdqu xmm5, [rsi] -pxor xmm2, xmm1 -pxor xmm2, xmm5 -movd eax, xmm2 -psrldq xmm2, 4 -movd edi, xmm2 -psrldq xmm2, 4 -movzx esi, al -xor r12d, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor edx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor ecx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor ebx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, edi -movd edi, xmm2 -psrldq xmm2, 4 -movzx esi, al -xor ebx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor r12d, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor edx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor ecx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, edi -movd edi, xmm2 -movzx esi, al -xor ecx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor ebx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor r12d, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor edx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, edi -movzx esi, al -xor edx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor ecx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor ebx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor r12d, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, r12d -add r8, [(r8+16*19)] -add r8, 4*16 -jmp label2 -label1: -mov ecx, r10d -mov edx, r12d -mov eax, [(r8+0)+0*4] -mov ebx, [(r8+0)+1*4] -xor cl, ch -and rcx, 255 -label5: -add r10d, 1 -xor edx, DWORD PTR [r11+rcx*8+3] -movzx esi, dl -xor ebx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, dh -mov ecx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr edx, 16 -xor ecx, [(r8+0)+2*4] -movzx esi, dh -xor eax, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, dl -mov edx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -xor edx, [(r8+0)+3*4] -add r8, [(r8+16*19)] -add r8, 3*16 -jmp label4 -label2: -mov r9d, [(r8+0)-4*16+3*4] -mov edi, [(r8+0)-4*16+2*4] -movzx esi, cl -xor r9d, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov cl, al -movzx esi, ah -xor edi, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr eax, 16 -movzx esi, bl -xor edi, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, bh -xor r9d, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr ebx, 16 -movzx esi, al -xor r9d, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, ah -mov eax, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, bl -xor eax, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, bh -mov ebx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ch -xor eax, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, cl -xor ebx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -shr ecx, 16 -movzx esi, dl -xor eax, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, dh -xor ebx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr edx, 16 -movzx esi, ch -xor edi, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, cl -xor ebx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, dl -xor edi, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, dh -xor r9d, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -mov ecx, edi -xor eax, [(r8+0)-4*16+0*4] -xor ebx, [(r8+0)-4*16+1*4] -mov edx, r9d -label4: -mov r9d, [(r8+0)-4*16+7*4] -mov edi, [(r8+0)-4*16+6*4] -movzx esi, cl -xor r9d, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov cl, al -movzx esi, ah -xor edi, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr eax, 16 -movzx esi, bl -xor edi, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, bh -xor r9d, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr ebx, 16 -movzx esi, al -xor r9d, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, ah -mov eax, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, bl -xor eax, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, bh -mov ebx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ch -xor eax, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, cl -xor ebx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -shr ecx, 16 -movzx esi, dl -xor eax, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, dh -xor ebx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr edx, 16 -movzx esi, ch -xor edi, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, cl -xor ebx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, dl -xor edi, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, dh -xor r9d, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -mov ecx, edi -xor eax, [(r8+0)-4*16+4*4] -xor ebx, [(r8+0)-4*16+5*4] -mov edx, r9d -add r8, 32 -test r8, 255 -jnz label2 -sub r8, 16*16 -movzx esi, ch -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, dl -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+2], di -movzx esi, dh -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, al -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+6], di -shr edx, 16 -movzx esi, ah -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, bl -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+10], di -shr eax, 16 -movzx esi, bh -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, cl -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+14], di -shr ebx, 16 -movzx esi, dh -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, al -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+12], di -shr ecx, 16 -movzx esi, ah -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, bl -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+0], di -movzx esi, bh -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, cl -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+4], di -movzx esi, ch -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, dl -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+8], di -mov rax, [(r8+16*14)+16] -mov rbx, [(r8+16*14)+24] -mov rcx, [(r8+16*18+8)] -sub rcx, 16 -movdqu xmm2, [rax] -pxor xmm2, xmm4 -movdqa xmm0, [(r8+16*16)+16] -paddq xmm0, [(r8+16*14)+16] -movdqa [(r8+16*14)+16], xmm0 -pxor xmm2, [(r8+16*13)] -movdqu [rbx], xmm2 -jle label7 -mov [(r8+16*18+8)], rcx -test rcx, 1 -jnz label1 -movdqa xmm0, [(r8+16*16)] -paddq xmm0, [(r8+16*14)] -movdqa [(r8+16*14)], xmm0 -jmp label3 -label7: -xorps xmm0, xmm0 -lea rax, [(r8+0)+7*16] -movaps [rax-7*16], xmm0 -movaps [rax-6*16], xmm0 -movaps [rax-5*16], xmm0 -movaps [rax-4*16], xmm0 -movaps [rax-3*16], xmm0 -movaps [rax-2*16], xmm0 -movaps [rax-1*16], xmm0 -movaps [rax+0*16], xmm0 -movaps [rax+1*16], xmm0 -movaps [rax+2*16], xmm0 -movaps [rax+3*16], xmm0 -movaps [rax+4*16], xmm0 -movaps [rax+5*16], xmm0 -movaps [rax+6*16], xmm0 -pop r12 -pop rbx -pop rdi -pop rsi -ret -Rijndael_Enc_AdvancedProcessBlocks ENDP - -ALIGN 8 -GCM_AuthenticateBlocks_2K PROC FRAME -rex_push_reg rsi -push_reg rdi -push_reg rbx -.endprolog -mov rsi, r8 -mov r11, r9 -movdqa xmm0, [rsi] -label0: -movdqu xmm4, [rcx] -pxor xmm0, xmm4 -movd ebx, xmm0 -mov eax, 0f0f0f0f0h -and eax, ebx -shl ebx, 4 -and ebx, 0f0f0f0f0h -movzx edi, ah -movdqa xmm5, XMMWORD PTR [rsi + 32 + 1024 + rdi] -movzx edi, al -movdqa xmm4, XMMWORD PTR [rsi + 32 + 1024 + rdi] -shr eax, 16 -movzx edi, ah -movdqa xmm3, XMMWORD PTR [rsi + 32 + 1024 + rdi] -movzx edi, al -movdqa xmm2, XMMWORD PTR [rsi + 32 + 1024 + rdi] -psrldq xmm0, 4 -movd eax, xmm0 -and eax, 0f0f0f0f0h -movzx edi, bh -pxor xmm5, XMMWORD PTR [rsi + 32 + (1-1)*256 + rdi] -movzx edi, bl -pxor xmm4, XMMWORD PTR [rsi + 32 + (1-1)*256 + rdi] -shr ebx, 16 -movzx edi, bh -pxor xmm3, XMMWORD PTR [rsi + 32 + (1-1)*256 + rdi] -movzx edi, bl -pxor xmm2, XMMWORD PTR [rsi + 32 + (1-1)*256 + rdi] -movd ebx, xmm0 -shl ebx, 4 -and ebx, 0f0f0f0f0h -movzx edi, ah -pxor xmm5, XMMWORD PTR [rsi + 32 + 1024 + 1*256 + rdi] -movzx edi, al -pxor xmm4, XMMWORD PTR [rsi + 32 + 1024 + 1*256 + rdi] -shr eax, 16 -movzx edi, ah -pxor xmm3, XMMWORD PTR [rsi + 32 + 1024 + 1*256 + rdi] -movzx edi, al -pxor xmm2, XMMWORD PTR [rsi + 32 + 1024 + 1*256 + rdi] -psrldq xmm0, 4 -movd eax, xmm0 -and eax, 0f0f0f0f0h -movzx edi, bh -pxor xmm5, XMMWORD PTR [rsi + 32 + (2-1)*256 + rdi] -movzx edi, bl -pxor xmm4, XMMWORD PTR [rsi + 32 + (2-1)*256 + rdi] -shr ebx, 16 -movzx edi, bh -pxor xmm3, XMMWORD PTR [rsi + 32 + (2-1)*256 + rdi] -movzx edi, bl -pxor xmm2, XMMWORD PTR [rsi + 32 + (2-1)*256 + rdi] -movd ebx, xmm0 -shl ebx, 4 -and ebx, 0f0f0f0f0h -movzx edi, ah -pxor xmm5, XMMWORD PTR [rsi + 32 + 1024 + 2*256 + rdi] -movzx edi, al -pxor xmm4, XMMWORD PTR [rsi + 32 + 1024 + 2*256 + rdi] -shr eax, 16 -movzx edi, ah -pxor xmm3, XMMWORD PTR [rsi + 32 + 1024 + 2*256 + rdi] -movzx edi, al -pxor xmm2, XMMWORD PTR [rsi + 32 + 1024 + 2*256 + rdi] -psrldq xmm0, 4 -movd eax, xmm0 -and eax, 0f0f0f0f0h -movzx edi, bh -pxor xmm5, XMMWORD PTR [rsi + 32 + (3-1)*256 + rdi] -movzx edi, bl -pxor xmm4, XMMWORD PTR [rsi + 32 + (3-1)*256 + rdi] -shr ebx, 16 -movzx edi, bh -pxor xmm3, XMMWORD PTR [rsi + 32 + (3-1)*256 + rdi] -movzx edi, bl -pxor xmm2, XMMWORD PTR [rsi + 32 + (3-1)*256 + rdi] -movd ebx, xmm0 -shl ebx, 4 -and ebx, 0f0f0f0f0h -movzx edi, ah -pxor xmm5, XMMWORD PTR [rsi + 32 + 1024 + 3*256 + rdi] -movzx edi, al -pxor xmm4, XMMWORD PTR [rsi + 32 + 1024 + 3*256 + rdi] -shr eax, 16 -movzx edi, ah -pxor xmm3, XMMWORD PTR [rsi + 32 + 1024 + 3*256 + rdi] -movzx edi, al -pxor xmm2, XMMWORD PTR [rsi + 32 + 1024 + 3*256 + rdi] -movzx edi, bh -pxor xmm5, XMMWORD PTR [rsi + 32 + 3*256 + rdi] -movzx edi, bl -pxor xmm4, XMMWORD PTR [rsi + 32 + 3*256 + rdi] -shr ebx, 16 -movzx edi, bh -pxor xmm3, XMMWORD PTR [rsi + 32 + 3*256 + rdi] -movzx edi, bl -pxor xmm2, XMMWORD PTR [rsi + 32 + 3*256 + rdi] -movdqa xmm0, xmm3 -pslldq xmm3, 1 -pxor xmm2, xmm3 -movdqa xmm1, xmm2 -pslldq xmm2, 1 -pxor xmm5, xmm2 -psrldq xmm0, 15 -movd rdi, xmm0 -movzx eax, WORD PTR [r11 + rdi*2] -shl eax, 8 -movdqa xmm0, xmm5 -pslldq xmm5, 1 -pxor xmm4, xmm5 -psrldq xmm1, 15 -movd rdi, xmm1 -xor ax, WORD PTR [r11 + rdi*2] -shl eax, 8 -psrldq xmm0, 15 -movd rdi, xmm0 -xor ax, WORD PTR [r11 + rdi*2] -movd xmm0, eax -pxor xmm0, xmm4 -add rcx, 16 -sub rdx, 1 -jnz label0 -movdqa [rsi], xmm0 -pop rbx -pop rdi -pop rsi -ret -GCM_AuthenticateBlocks_2K ENDP - -ALIGN 8 -GCM_AuthenticateBlocks_64K PROC FRAME -rex_push_reg rsi -push_reg rdi -.endprolog -mov rsi, r8 -movdqa xmm0, [rsi] -label1: -movdqu xmm1, [rcx] -pxor xmm1, xmm0 -pxor xmm0, xmm0 -movd eax, xmm1 -psrldq xmm1, 4 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (0*4+0)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (0*4+1)*256*16 + rdi*8] -shr eax, 16 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (0*4+2)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (0*4+3)*256*16 + rdi*8] -movd eax, xmm1 -psrldq xmm1, 4 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (1*4+0)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (1*4+1)*256*16 + rdi*8] -shr eax, 16 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (1*4+2)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (1*4+3)*256*16 + rdi*8] -movd eax, xmm1 -psrldq xmm1, 4 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (2*4+0)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (2*4+1)*256*16 + rdi*8] -shr eax, 16 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (2*4+2)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (2*4+3)*256*16 + rdi*8] -movd eax, xmm1 -psrldq xmm1, 4 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (3*4+0)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (3*4+1)*256*16 + rdi*8] -shr eax, 16 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (3*4+2)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (3*4+3)*256*16 + rdi*8] -add rcx, 16 -sub rdx, 1 -jnz label1 -movdqa [rsi], xmm0 -pop rdi -pop rsi -ret -GCM_AuthenticateBlocks_64K ENDP - -ALIGN 8 -X86_SHA256_HashBlocks PROC FRAME -rex_push_reg rsi -push_reg rdi -push_reg rbx -push_reg rbp -alloc_stack(8*4 + 16*4 + 4*8 + 8) -.endprolog -mov rdi, r8 -lea rsi, [?SHA256_K@CryptoPP@@3QBIB + 48*4] -mov [rsp+8*4+16*4+1*8], rcx -mov [rsp+8*4+16*4+2*8], rdx -add rdi, rdx -mov [rsp+8*4+16*4+3*8], rdi -movdqa xmm0, XMMWORD PTR [rcx+0*16] -movdqa xmm1, XMMWORD PTR [rcx+1*16] -mov [rsp+8*4+16*4+0*8], rsi -label0: -sub rsi, 48*4 -movdqa [rsp+((1024+7-(0+3)) MOD (8))*4], xmm1 -movdqa [rsp+((1024+7-(0+7)) MOD (8))*4], xmm0 -mov rbx, [rdx+0*8] -bswap rbx -mov [rsp+8*4+((1024+15-(0*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+1*8] -bswap rbx -mov [rsp+8*4+((1024+15-(1*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+2*8] -bswap rbx -mov [rsp+8*4+((1024+15-(2*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+3*8] -bswap rbx -mov [rsp+8*4+((1024+15-(3*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+4*8] -bswap rbx -mov [rsp+8*4+((1024+15-(4*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+5*8] -bswap rbx -mov [rsp+8*4+((1024+15-(5*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+6*8] -bswap rbx -mov [rsp+8*4+((1024+15-(6*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+7*8] -bswap rbx -mov [rsp+8*4+((1024+15-(7*(1+1)+1)) MOD (16))*4], rbx -mov edi, [rsp+((1024+7-(0+3)) MOD (8))*4] -mov eax, [rsp+((1024+7-(0+6)) MOD (8))*4] -xor eax, [rsp+((1024+7-(0+5)) MOD (8))*4] -mov ecx, [rsp+((1024+7-(0+7)) MOD (8))*4] -mov edx, [rsp+((1024+7-(0+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(0+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(0+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(0)*4] -add edx, [rsp+8*4+((1024+15-(0)) MOD (16))*4] -add edx, [rsp+((1024+7-(0)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(0+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(0+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(0+4)) MOD (8))*4] -mov [rsp+((1024+7-(0+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(0)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(1+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(1+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(1+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(1)*4] -add edi, [rsp+8*4+((1024+15-(1)) MOD (16))*4] -add edi, [rsp+((1024+7-(1)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(1+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(1+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(1+4)) MOD (8))*4] -mov [rsp+((1024+7-(1+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(1)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(2+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(2+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(2+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(2)*4] -add edx, [rsp+8*4+((1024+15-(2)) MOD (16))*4] -add edx, [rsp+((1024+7-(2)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(2+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(2+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(2+4)) MOD (8))*4] -mov [rsp+((1024+7-(2+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(2)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(3+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(3+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(3+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(3)*4] -add edi, [rsp+8*4+((1024+15-(3)) MOD (16))*4] -add edi, [rsp+((1024+7-(3)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(3+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(3+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(3+4)) MOD (8))*4] -mov [rsp+((1024+7-(3+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(3)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(4+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(4+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(4+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(4)*4] -add edx, [rsp+8*4+((1024+15-(4)) MOD (16))*4] -add edx, [rsp+((1024+7-(4)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(4+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(4+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(4+4)) MOD (8))*4] -mov [rsp+((1024+7-(4+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(4)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(5+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(5+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(5+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(5)*4] -add edi, [rsp+8*4+((1024+15-(5)) MOD (16))*4] -add edi, [rsp+((1024+7-(5)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(5+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(5+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(5+4)) MOD (8))*4] -mov [rsp+((1024+7-(5+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(5)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(6+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(6+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(6+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(6)*4] -add edx, [rsp+8*4+((1024+15-(6)) MOD (16))*4] -add edx, [rsp+((1024+7-(6)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(6+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(6+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(6+4)) MOD (8))*4] -mov [rsp+((1024+7-(6+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(6)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(7+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(7+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(7+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(7)*4] -add edi, [rsp+8*4+((1024+15-(7)) MOD (16))*4] -add edi, [rsp+((1024+7-(7)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(7+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(7+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(7+4)) MOD (8))*4] -mov [rsp+((1024+7-(7+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(7)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(8+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(8+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(8+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(8)*4] -add edx, [rsp+8*4+((1024+15-(8)) MOD (16))*4] -add edx, [rsp+((1024+7-(8)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(8+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(8+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(8+4)) MOD (8))*4] -mov [rsp+((1024+7-(8+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(8)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(9+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(9+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(9+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(9)*4] -add edi, [rsp+8*4+((1024+15-(9)) MOD (16))*4] -add edi, [rsp+((1024+7-(9)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(9+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(9+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(9+4)) MOD (8))*4] -mov [rsp+((1024+7-(9+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(9)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(10+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(10+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(10+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(10)*4] -add edx, [rsp+8*4+((1024+15-(10)) MOD (16))*4] -add edx, [rsp+((1024+7-(10)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(10+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(10+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(10+4)) MOD (8))*4] -mov [rsp+((1024+7-(10+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(10)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(11+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(11+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(11+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(11)*4] -add edi, [rsp+8*4+((1024+15-(11)) MOD (16))*4] -add edi, [rsp+((1024+7-(11)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(11+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(11+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(11+4)) MOD (8))*4] -mov [rsp+((1024+7-(11+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(11)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(12+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(12+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(12+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(12)*4] -add edx, [rsp+8*4+((1024+15-(12)) MOD (16))*4] -add edx, [rsp+((1024+7-(12)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(12+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(12+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(12+4)) MOD (8))*4] -mov [rsp+((1024+7-(12+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(12)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(13+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(13+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(13+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(13)*4] -add edi, [rsp+8*4+((1024+15-(13)) MOD (16))*4] -add edi, [rsp+((1024+7-(13)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(13+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(13+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(13+4)) MOD (8))*4] -mov [rsp+((1024+7-(13+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(13)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(14+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(14+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(14+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(14)*4] -add edx, [rsp+8*4+((1024+15-(14)) MOD (16))*4] -add edx, [rsp+((1024+7-(14)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(14+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(14+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(14+4)) MOD (8))*4] -mov [rsp+((1024+7-(14+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(14)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(15+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(15+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(15+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(15)*4] -add edi, [rsp+8*4+((1024+15-(15)) MOD (16))*4] -add edi, [rsp+((1024+7-(15)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(15+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(15+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(15+4)) MOD (8))*4] -mov [rsp+((1024+7-(15+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(15)) MOD (8))*4], ecx -label1: -add rsi, 4*16 -mov edx, [rsp+((1024+7-(0+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(0+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(0+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((0)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((0)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((0)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(0)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(0)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(0)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(0)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(0+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(0+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(0+4)) MOD (8))*4] -mov [rsp+((1024+7-(0+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(0)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(1+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(1+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(1+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((1)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((1)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((1)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(1)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(1)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(1)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(1)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(1+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(1+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(1+4)) MOD (8))*4] -mov [rsp+((1024+7-(1+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(1)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(2+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(2+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(2+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((2)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((2)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((2)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(2)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(2)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(2)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(2)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(2+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(2+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(2+4)) MOD (8))*4] -mov [rsp+((1024+7-(2+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(2)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(3+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(3+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(3+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((3)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((3)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((3)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(3)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(3)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(3)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(3)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(3+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(3+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(3+4)) MOD (8))*4] -mov [rsp+((1024+7-(3+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(3)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(4+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(4+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(4+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((4)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((4)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((4)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(4)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(4)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(4)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(4)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(4+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(4+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(4+4)) MOD (8))*4] -mov [rsp+((1024+7-(4+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(4)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(5+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(5+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(5+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((5)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((5)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((5)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(5)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(5)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(5)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(5)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(5+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(5+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(5+4)) MOD (8))*4] -mov [rsp+((1024+7-(5+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(5)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(6+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(6+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(6+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((6)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((6)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((6)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(6)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(6)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(6)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(6)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(6+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(6+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(6+4)) MOD (8))*4] -mov [rsp+((1024+7-(6+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(6)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(7+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(7+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(7+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((7)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((7)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((7)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(7)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(7)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(7)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(7)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(7+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(7+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(7+4)) MOD (8))*4] -mov [rsp+((1024+7-(7+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(7)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(8+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(8+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(8+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((8)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((8)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((8)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(8)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(8)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(8)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(8)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(8+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(8+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(8+4)) MOD (8))*4] -mov [rsp+((1024+7-(8+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(8)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(9+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(9+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(9+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((9)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((9)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((9)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(9)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(9)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(9)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(9)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(9+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(9+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(9+4)) MOD (8))*4] -mov [rsp+((1024+7-(9+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(9)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(10+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(10+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(10+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((10)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((10)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((10)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(10)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(10)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(10)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(10)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(10+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(10+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(10+4)) MOD (8))*4] -mov [rsp+((1024+7-(10+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(10)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(11+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(11+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(11+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((11)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((11)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((11)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(11)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(11)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(11)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(11)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(11+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(11+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(11+4)) MOD (8))*4] -mov [rsp+((1024+7-(11+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(11)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(12+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(12+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(12+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((12)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((12)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((12)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(12)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(12)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(12)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(12)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(12+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(12+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(12+4)) MOD (8))*4] -mov [rsp+((1024+7-(12+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(12)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(13+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(13+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(13+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((13)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((13)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((13)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(13)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(13)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(13)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(13)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(13+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(13+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(13+4)) MOD (8))*4] -mov [rsp+((1024+7-(13+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(13)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(14+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(14+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(14+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((14)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((14)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((14)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(14)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(14)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(14)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(14)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(14+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(14+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(14+4)) MOD (8))*4] -mov [rsp+((1024+7-(14+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(14)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(15+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(15+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(15+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((15)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((15)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((15)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(15)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(15)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(15)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(15)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(15+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(15+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(15+4)) MOD (8))*4] -mov [rsp+((1024+7-(15+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(15)) MOD (8))*4], ecx -cmp rsi, [rsp+8*4+16*4+0*8] -jne label1 -mov rcx, [rsp+8*4+16*4+1*8] -movdqa xmm1, XMMWORD PTR [rcx+1*16] -movdqa xmm0, XMMWORD PTR [rcx+0*16] -paddd xmm1, [rsp+((1024+7-(0+3)) MOD (8))*4] -paddd xmm0, [rsp+((1024+7-(0+7)) MOD (8))*4] -movdqa [rcx+1*16], xmm1 -movdqa [rcx+0*16], xmm0 -mov rdx, [rsp+8*4+16*4+2*8] -add rdx, 64 -mov [rsp+8*4+16*4+2*8], rdx -cmp rdx, [rsp+8*4+16*4+3*8] -jne label0 -add rsp, 8*4 + 16*4 + 4*8 + 8 -pop rbp -pop rbx -pop rdi -pop rsi -ret -X86_SHA256_HashBlocks ENDP - -_TEXT ENDS -END diff --git a/cryptopp562/x64masm.asm b/cryptopp562/x64masm.asm deleted file mode 100644 index c7ff836..0000000 --- a/cryptopp562/x64masm.asm +++ /dev/null @@ -1,1565 +0,0 @@ -include ksamd64.inc -EXTERNDEF s_sosemanukMulTables:FAR -.CODE - -ALIGN 8 -Salsa20_OperateKeystream PROC FRAME -mov r10, [rsp + 5*8] -alloc_stack(10*16 + 32*16 + 8) -save_xmm128 xmm6, 0200h -save_xmm128 xmm7, 0210h -save_xmm128 xmm8, 0220h -save_xmm128 xmm9, 0230h -save_xmm128 xmm10, 0240h -save_xmm128 xmm11, 0250h -save_xmm128 xmm12, 0260h -save_xmm128 xmm13, 0270h -save_xmm128 xmm14, 0280h -save_xmm128 xmm15, 0290h -.endprolog -cmp r8, 4 -jl label5 -movdqa xmm0, [r10 + 0*16] -movdqa xmm1, [r10 + 1*16] -movdqa xmm2, [r10 + 2*16] -movdqa xmm3, [r10 + 3*16] -pshufd xmm4, xmm0, 0*64+0*16+0*4+0 -movdqa [rsp + (0*4+0)*16 + 256], xmm4 -pshufd xmm4, xmm0, 1*64+1*16+1*4+1 -movdqa [rsp + (0*4+1)*16 + 256], xmm4 -pshufd xmm4, xmm0, 2*64+2*16+2*4+2 -movdqa [rsp + (0*4+2)*16 + 256], xmm4 -pshufd xmm4, xmm0, 3*64+3*16+3*4+3 -movdqa [rsp + (0*4+3)*16 + 256], xmm4 -pshufd xmm4, xmm1, 0*64+0*16+0*4+0 -movdqa [rsp + (1*4+0)*16 + 256], xmm4 -pshufd xmm4, xmm1, 2*64+2*16+2*4+2 -movdqa [rsp + (1*4+2)*16 + 256], xmm4 -pshufd xmm4, xmm1, 3*64+3*16+3*4+3 -movdqa [rsp + (1*4+3)*16 + 256], xmm4 -pshufd xmm4, xmm2, 1*64+1*16+1*4+1 -movdqa [rsp + (2*4+1)*16 + 256], xmm4 -pshufd xmm4, xmm2, 2*64+2*16+2*4+2 -movdqa [rsp + (2*4+2)*16 + 256], xmm4 -pshufd xmm4, xmm2, 3*64+3*16+3*4+3 -movdqa [rsp + (2*4+3)*16 + 256], xmm4 -pshufd xmm4, xmm3, 0*64+0*16+0*4+0 -movdqa [rsp + (3*4+0)*16 + 256], xmm4 -pshufd xmm4, xmm3, 1*64+1*16+1*4+1 -movdqa [rsp + (3*4+1)*16 + 256], xmm4 -pshufd xmm4, xmm3, 2*64+2*16+2*4+2 -movdqa [rsp + (3*4+2)*16 + 256], xmm4 -pshufd xmm4, xmm3, 3*64+3*16+3*4+3 -movdqa [rsp + (3*4+3)*16 + 256], xmm4 -label1: -mov eax, dword ptr [r10 + 8*4] -mov r11d, dword ptr [r10 + 5*4] -mov dword ptr [rsp + 8*16 + 0*4 + 256], eax -mov dword ptr [rsp + 5*16 + 0*4 + 256], r11d -add eax, 1 -adc r11d, 0 -mov dword ptr [rsp + 8*16 + 1*4 + 256], eax -mov dword ptr [rsp + 5*16 + 1*4 + 256], r11d -add eax, 1 -adc r11d, 0 -mov dword ptr [rsp + 8*16 + 2*4 + 256], eax -mov dword ptr [rsp + 5*16 + 2*4 + 256], r11d -add eax, 1 -adc r11d, 0 -mov dword ptr [rsp + 8*16 + 3*4 + 256], eax -mov dword ptr [rsp + 5*16 + 3*4 + 256], r11d -add eax, 1 -adc r11d, 0 -mov dword ptr [r10 + 8*4], eax -mov dword ptr [r10 + 5*4], r11d -movdqa xmm0, [rsp + 12*16 + 1*256] -movdqa xmm4, [rsp + 13*16 + 1*256] -movdqa xmm8, [rsp + 14*16 + 1*256] -movdqa xmm12, [rsp + 15*16 + 1*256] -movdqa xmm2, [rsp + 0*16 + 1*256] -movdqa xmm6, [rsp + 1*16 + 1*256] -movdqa xmm10, [rsp + 2*16 + 1*256] -movdqa xmm14, [rsp + 3*16 + 1*256] -paddd xmm0, xmm2 -paddd xmm4, xmm6 -paddd xmm8, xmm10 -paddd xmm12, xmm14 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -pslld xmm0, 7 -pslld xmm4, 7 -pslld xmm8, 7 -pslld xmm12, 7 -psrld xmm1, 32-7 -psrld xmm5, 32-7 -psrld xmm9, 32-7 -psrld xmm13, 32-7 -pxor xmm0, [rsp + 4*16 + 1*256] -pxor xmm4, [rsp + 5*16 + 1*256] -pxor xmm8, [rsp + 6*16 + 1*256] -pxor xmm12, [rsp + 7*16 + 1*256] -pxor xmm0, xmm1 -pxor xmm4, xmm5 -pxor xmm8, xmm9 -pxor xmm12, xmm13 -movdqa [rsp + 4*16], xmm0 -movdqa [rsp + 5*16], xmm4 -movdqa [rsp + 6*16], xmm8 -movdqa [rsp + 7*16], xmm12 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -paddd xmm0, xmm2 -paddd xmm4, xmm6 -paddd xmm8, xmm10 -paddd xmm12, xmm14 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -pslld xmm0, 9 -pslld xmm4, 9 -pslld xmm8, 9 -pslld xmm12, 9 -psrld xmm3, 32-9 -psrld xmm7, 32-9 -psrld xmm11, 32-9 -psrld xmm15, 32-9 -pxor xmm0, [rsp + 8*16 + 1*256] -pxor xmm4, [rsp + 9*16 + 1*256] -pxor xmm8, [rsp + 10*16 + 1*256] -pxor xmm12, [rsp + 11*16 + 1*256] -pxor xmm0, xmm3 -pxor xmm4, xmm7 -pxor xmm8, xmm11 -pxor xmm12, xmm15 -movdqa [rsp + 8*16], xmm0 -movdqa [rsp + 9*16], xmm4 -movdqa [rsp + 10*16], xmm8 -movdqa [rsp + 11*16], xmm12 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -paddd xmm0, xmm1 -paddd xmm4, xmm5 -paddd xmm8, xmm9 -paddd xmm12, xmm13 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -pslld xmm0, 13 -pslld xmm4, 13 -pslld xmm8, 13 -pslld xmm12, 13 -psrld xmm1, 32-13 -psrld xmm5, 32-13 -psrld xmm9, 32-13 -psrld xmm13, 32-13 -pxor xmm0, [rsp + 12*16 + 1*256] -pxor xmm4, [rsp + 13*16 + 1*256] -pxor xmm8, [rsp + 14*16 + 1*256] -pxor xmm12, [rsp + 15*16 + 1*256] -pxor xmm0, xmm1 -pxor xmm4, xmm5 -pxor xmm8, xmm9 -pxor xmm12, xmm13 -movdqa [rsp + 12*16], xmm0 -movdqa [rsp + 13*16], xmm4 -movdqa [rsp + 14*16], xmm8 -movdqa [rsp + 15*16], xmm12 -paddd xmm0, xmm3 -paddd xmm4, xmm7 -paddd xmm8, xmm11 -paddd xmm12, xmm15 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -pslld xmm0, 18 -pslld xmm4, 18 -pslld xmm8, 18 -pslld xmm12, 18 -psrld xmm3, 32-18 -psrld xmm7, 32-18 -psrld xmm11, 32-18 -psrld xmm15, 32-18 -pxor xmm0, xmm2 -pxor xmm4, xmm6 -pxor xmm8, xmm10 -pxor xmm12, xmm14 -pxor xmm0, xmm3 -pxor xmm4, xmm7 -pxor xmm8, xmm11 -pxor xmm12, xmm15 -movdqa [rsp + 0*16], xmm0 -movdqa [rsp + 1*16], xmm4 -movdqa [rsp + 2*16], xmm8 -movdqa [rsp + 3*16], xmm12 -mov rax, r9 -jmp label2 -labelSSE2_Salsa_Output: -movdqa xmm0, xmm4 -punpckldq xmm4, xmm5 -movdqa xmm1, xmm6 -punpckldq xmm6, xmm7 -movdqa xmm2, xmm4 -punpcklqdq xmm4, xmm6 -punpckhqdq xmm2, xmm6 -punpckhdq xmm0, xmm5 -punpckhdq xmm1, xmm7 -movdqa xmm6, xmm0 -punpcklqdq xmm0, xmm1 -punpckhqdq xmm6, xmm1 -test rdx, rdx -jz labelSSE2_Salsa_Output_A3 -test rdx, 15 -jnz labelSSE2_Salsa_Output_A7 -pxor xmm4, [rdx+0*16] -pxor xmm2, [rdx+4*16] -pxor xmm0, [rdx+8*16] -pxor xmm6, [rdx+12*16] -add rdx, 1*16 -jmp labelSSE2_Salsa_Output_A3 -labelSSE2_Salsa_Output_A7: -movdqu xmm1, [rdx+0*16] -pxor xmm4, xmm1 -movdqu xmm1, [rdx+4*16] -pxor xmm2, xmm1 -movdqu xmm1, [rdx+8*16] -pxor xmm0, xmm1 -movdqu xmm1, [rdx+12*16] -pxor xmm6, xmm1 -add rdx, 1*16 -labelSSE2_Salsa_Output_A3: -test rcx, 15 -jnz labelSSE2_Salsa_Output_A8 -movdqa [rcx+0*16], xmm4 -movdqa [rcx+4*16], xmm2 -movdqa [rcx+8*16], xmm0 -movdqa [rcx+12*16], xmm6 -jmp labelSSE2_Salsa_Output_A9 -labelSSE2_Salsa_Output_A8: -movdqu [rcx+0*16], xmm4 -movdqu [rcx+4*16], xmm2 -movdqu [rcx+8*16], xmm0 -movdqu [rcx+12*16], xmm6 -labelSSE2_Salsa_Output_A9: -add rcx, 1*16 -ret -label6: -movdqa xmm0, [rsp + 12*16 + 0*256] -movdqa xmm4, [rsp + 13*16 + 0*256] -movdqa xmm8, [rsp + 14*16 + 0*256] -movdqa xmm12, [rsp + 15*16 + 0*256] -movdqa xmm2, [rsp + 0*16 + 0*256] -movdqa xmm6, [rsp + 1*16 + 0*256] -movdqa xmm10, [rsp + 2*16 + 0*256] -movdqa xmm14, [rsp + 3*16 + 0*256] -paddd xmm0, xmm2 -paddd xmm4, xmm6 -paddd xmm8, xmm10 -paddd xmm12, xmm14 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -pslld xmm0, 7 -pslld xmm4, 7 -pslld xmm8, 7 -pslld xmm12, 7 -psrld xmm1, 32-7 -psrld xmm5, 32-7 -psrld xmm9, 32-7 -psrld xmm13, 32-7 -pxor xmm0, [rsp + 4*16 + 0*256] -pxor xmm4, [rsp + 5*16 + 0*256] -pxor xmm8, [rsp + 6*16 + 0*256] -pxor xmm12, [rsp + 7*16 + 0*256] -pxor xmm0, xmm1 -pxor xmm4, xmm5 -pxor xmm8, xmm9 -pxor xmm12, xmm13 -movdqa [rsp + 4*16], xmm0 -movdqa [rsp + 5*16], xmm4 -movdqa [rsp + 6*16], xmm8 -movdqa [rsp + 7*16], xmm12 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -paddd xmm0, xmm2 -paddd xmm4, xmm6 -paddd xmm8, xmm10 -paddd xmm12, xmm14 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -pslld xmm0, 9 -pslld xmm4, 9 -pslld xmm8, 9 -pslld xmm12, 9 -psrld xmm3, 32-9 -psrld xmm7, 32-9 -psrld xmm11, 32-9 -psrld xmm15, 32-9 -pxor xmm0, [rsp + 8*16 + 0*256] -pxor xmm4, [rsp + 9*16 + 0*256] -pxor xmm8, [rsp + 10*16 + 0*256] -pxor xmm12, [rsp + 11*16 + 0*256] -pxor xmm0, xmm3 -pxor xmm4, xmm7 -pxor xmm8, xmm11 -pxor xmm12, xmm15 -movdqa [rsp + 8*16], xmm0 -movdqa [rsp + 9*16], xmm4 -movdqa [rsp + 10*16], xmm8 -movdqa [rsp + 11*16], xmm12 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -paddd xmm0, xmm1 -paddd xmm4, xmm5 -paddd xmm8, xmm9 -paddd xmm12, xmm13 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -pslld xmm0, 13 -pslld xmm4, 13 -pslld xmm8, 13 -pslld xmm12, 13 -psrld xmm1, 32-13 -psrld xmm5, 32-13 -psrld xmm9, 32-13 -psrld xmm13, 32-13 -pxor xmm0, [rsp + 12*16 + 0*256] -pxor xmm4, [rsp + 13*16 + 0*256] -pxor xmm8, [rsp + 14*16 + 0*256] -pxor xmm12, [rsp + 15*16 + 0*256] -pxor xmm0, xmm1 -pxor xmm4, xmm5 -pxor xmm8, xmm9 -pxor xmm12, xmm13 -movdqa [rsp + 12*16], xmm0 -movdqa [rsp + 13*16], xmm4 -movdqa [rsp + 14*16], xmm8 -movdqa [rsp + 15*16], xmm12 -paddd xmm0, xmm3 -paddd xmm4, xmm7 -paddd xmm8, xmm11 -paddd xmm12, xmm15 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -pslld xmm0, 18 -pslld xmm4, 18 -pslld xmm8, 18 -pslld xmm12, 18 -psrld xmm3, 32-18 -psrld xmm7, 32-18 -psrld xmm11, 32-18 -psrld xmm15, 32-18 -pxor xmm0, xmm2 -pxor xmm4, xmm6 -pxor xmm8, xmm10 -pxor xmm12, xmm14 -pxor xmm0, xmm3 -pxor xmm4, xmm7 -pxor xmm8, xmm11 -pxor xmm12, xmm15 -movdqa [rsp + 0*16], xmm0 -movdqa [rsp + 1*16], xmm4 -movdqa [rsp + 2*16], xmm8 -movdqa [rsp + 3*16], xmm12 -label2: -movdqa xmm0, [rsp + 7*16 + 0*256] -movdqa xmm4, [rsp + 4*16 + 0*256] -movdqa xmm8, [rsp + 5*16 + 0*256] -movdqa xmm12, [rsp + 6*16 + 0*256] -movdqa xmm2, [rsp + 0*16 + 0*256] -movdqa xmm6, [rsp + 1*16 + 0*256] -movdqa xmm10, [rsp + 2*16 + 0*256] -movdqa xmm14, [rsp + 3*16 + 0*256] -paddd xmm0, xmm2 -paddd xmm4, xmm6 -paddd xmm8, xmm10 -paddd xmm12, xmm14 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -pslld xmm0, 7 -pslld xmm4, 7 -pslld xmm8, 7 -pslld xmm12, 7 -psrld xmm1, 32-7 -psrld xmm5, 32-7 -psrld xmm9, 32-7 -psrld xmm13, 32-7 -pxor xmm0, [rsp + 13*16 + 0*256] -pxor xmm4, [rsp + 14*16 + 0*256] -pxor xmm8, [rsp + 15*16 + 0*256] -pxor xmm12, [rsp + 12*16 + 0*256] -pxor xmm0, xmm1 -pxor xmm4, xmm5 -pxor xmm8, xmm9 -pxor xmm12, xmm13 -movdqa [rsp + 13*16], xmm0 -movdqa [rsp + 14*16], xmm4 -movdqa [rsp + 15*16], xmm8 -movdqa [rsp + 12*16], xmm12 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -paddd xmm0, xmm2 -paddd xmm4, xmm6 -paddd xmm8, xmm10 -paddd xmm12, xmm14 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -pslld xmm0, 9 -pslld xmm4, 9 -pslld xmm8, 9 -pslld xmm12, 9 -psrld xmm3, 32-9 -psrld xmm7, 32-9 -psrld xmm11, 32-9 -psrld xmm15, 32-9 -pxor xmm0, [rsp + 10*16 + 0*256] -pxor xmm4, [rsp + 11*16 + 0*256] -pxor xmm8, [rsp + 8*16 + 0*256] -pxor xmm12, [rsp + 9*16 + 0*256] -pxor xmm0, xmm3 -pxor xmm4, xmm7 -pxor xmm8, xmm11 -pxor xmm12, xmm15 -movdqa [rsp + 10*16], xmm0 -movdqa [rsp + 11*16], xmm4 -movdqa [rsp + 8*16], xmm8 -movdqa [rsp + 9*16], xmm12 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -paddd xmm0, xmm1 -paddd xmm4, xmm5 -paddd xmm8, xmm9 -paddd xmm12, xmm13 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -pslld xmm0, 13 -pslld xmm4, 13 -pslld xmm8, 13 -pslld xmm12, 13 -psrld xmm1, 32-13 -psrld xmm5, 32-13 -psrld xmm9, 32-13 -psrld xmm13, 32-13 -pxor xmm0, [rsp + 7*16 + 0*256] -pxor xmm4, [rsp + 4*16 + 0*256] -pxor xmm8, [rsp + 5*16 + 0*256] -pxor xmm12, [rsp + 6*16 + 0*256] -pxor xmm0, xmm1 -pxor xmm4, xmm5 -pxor xmm8, xmm9 -pxor xmm12, xmm13 -movdqa [rsp + 7*16], xmm0 -movdqa [rsp + 4*16], xmm4 -movdqa [rsp + 5*16], xmm8 -movdqa [rsp + 6*16], xmm12 -paddd xmm0, xmm3 -paddd xmm4, xmm7 -paddd xmm8, xmm11 -paddd xmm12, xmm15 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -pslld xmm0, 18 -pslld xmm4, 18 -pslld xmm8, 18 -pslld xmm12, 18 -psrld xmm3, 32-18 -psrld xmm7, 32-18 -psrld xmm11, 32-18 -psrld xmm15, 32-18 -pxor xmm0, xmm2 -pxor xmm4, xmm6 -pxor xmm8, xmm10 -pxor xmm12, xmm14 -pxor xmm0, xmm3 -pxor xmm4, xmm7 -pxor xmm8, xmm11 -pxor xmm12, xmm15 -movdqa [rsp + 0*16], xmm0 -movdqa [rsp + 1*16], xmm4 -movdqa [rsp + 2*16], xmm8 -movdqa [rsp + 3*16], xmm12 -sub eax, 2 -jnz label6 -movdqa xmm4, [rsp + 0*16 + 256] -paddd xmm4, [rsp + 0*16] -movdqa xmm5, [rsp + 13*16 + 256] -paddd xmm5, [rsp + 13*16] -movdqa xmm6, [rsp + 10*16 + 256] -paddd xmm6, [rsp + 10*16] -movdqa xmm7, [rsp + 7*16 + 256] -paddd xmm7, [rsp + 7*16] -call labelSSE2_Salsa_Output -movdqa xmm4, [rsp + 4*16 + 256] -paddd xmm4, [rsp + 4*16] -movdqa xmm5, [rsp + 1*16 + 256] -paddd xmm5, [rsp + 1*16] -movdqa xmm6, [rsp + 14*16 + 256] -paddd xmm6, [rsp + 14*16] -movdqa xmm7, [rsp + 11*16 + 256] -paddd xmm7, [rsp + 11*16] -call labelSSE2_Salsa_Output -movdqa xmm4, [rsp + 8*16 + 256] -paddd xmm4, [rsp + 8*16] -movdqa xmm5, [rsp + 5*16 + 256] -paddd xmm5, [rsp + 5*16] -movdqa xmm6, [rsp + 2*16 + 256] -paddd xmm6, [rsp + 2*16] -movdqa xmm7, [rsp + 15*16 + 256] -paddd xmm7, [rsp + 15*16] -call labelSSE2_Salsa_Output -movdqa xmm4, [rsp + 12*16 + 256] -paddd xmm4, [rsp + 12*16] -movdqa xmm5, [rsp + 9*16 + 256] -paddd xmm5, [rsp + 9*16] -movdqa xmm6, [rsp + 6*16 + 256] -paddd xmm6, [rsp + 6*16] -movdqa xmm7, [rsp + 3*16 + 256] -paddd xmm7, [rsp + 3*16] -call labelSSE2_Salsa_Output -test rdx, rdx -jz label9 -add rdx, 12*16 -label9: -add rcx, 12*16 -sub r8, 4 -cmp r8, 4 -jge label1 -label5: -sub r8, 1 -jl label4 -movdqa xmm0, [r10 + 0*16] -movdqa xmm1, [r10 + 1*16] -movdqa xmm2, [r10 + 2*16] -movdqa xmm3, [r10 + 3*16] -mov rax, r9 -label0: -movdqa xmm4, xmm3 -paddd xmm4, xmm0 -movdqa xmm5, xmm4 -pslld xmm4, 7 -psrld xmm5, 32-7 -pxor xmm1, xmm4 -pxor xmm1, xmm5 -movdqa xmm4, xmm0 -paddd xmm4, xmm1 -movdqa xmm5, xmm4 -pslld xmm4, 9 -psrld xmm5, 32-9 -pxor xmm2, xmm4 -pxor xmm2, xmm5 -movdqa xmm4, xmm1 -paddd xmm4, xmm2 -movdqa xmm5, xmm4 -pslld xmm4, 13 -psrld xmm5, 32-13 -pxor xmm3, xmm4 -pxor xmm3, xmm5 -movdqa xmm4, xmm2 -paddd xmm4, xmm3 -movdqa xmm5, xmm4 -pslld xmm4, 18 -psrld xmm5, 32-18 -pxor xmm0, xmm4 -pxor xmm0, xmm5 -pshufd xmm1, xmm1, 2*64+1*16+0*4+3 -pshufd xmm2, xmm2, 1*64+0*16+3*4+2 -pshufd xmm3, xmm3, 0*64+3*16+2*4+1 -movdqa xmm4, xmm1 -paddd xmm4, xmm0 -movdqa xmm5, xmm4 -pslld xmm4, 7 -psrld xmm5, 32-7 -pxor xmm3, xmm4 -pxor xmm3, xmm5 -movdqa xmm4, xmm0 -paddd xmm4, xmm3 -movdqa xmm5, xmm4 -pslld xmm4, 9 -psrld xmm5, 32-9 -pxor xmm2, xmm4 -pxor xmm2, xmm5 -movdqa xmm4, xmm3 -paddd xmm4, xmm2 -movdqa xmm5, xmm4 -pslld xmm4, 13 -psrld xmm5, 32-13 -pxor xmm1, xmm4 -pxor xmm1, xmm5 -movdqa xmm4, xmm2 -paddd xmm4, xmm1 -movdqa xmm5, xmm4 -pslld xmm4, 18 -psrld xmm5, 32-18 -pxor xmm0, xmm4 -pxor xmm0, xmm5 -pshufd xmm1, xmm1, 0*64+3*16+2*4+1 -pshufd xmm2, xmm2, 1*64+0*16+3*4+2 -pshufd xmm3, xmm3, 2*64+1*16+0*4+3 -sub eax, 2 -jnz label0 -paddd xmm0, [r10 + 0*16] -paddd xmm1, [r10 + 1*16] -paddd xmm2, [r10 + 2*16] -paddd xmm3, [r10 + 3*16] -add dword ptr [r10 + 8*4], 1 -adc dword ptr [r10 + 5*4], 0 -pcmpeqb xmm6, xmm6 -psrlq xmm6, 32 -pshufd xmm7, xmm6, 0*64+1*16+2*4+3 -movdqa xmm4, xmm0 -movdqa xmm5, xmm3 -pand xmm0, xmm7 -pand xmm4, xmm6 -pand xmm3, xmm6 -pand xmm5, xmm7 -por xmm4, xmm5 -movdqa xmm5, xmm1 -pand xmm1, xmm7 -pand xmm5, xmm6 -por xmm0, xmm5 -pand xmm6, xmm2 -pand xmm2, xmm7 -por xmm1, xmm6 -por xmm2, xmm3 -movdqa xmm5, xmm4 -movdqa xmm6, xmm0 -shufpd xmm4, xmm1, 2 -shufpd xmm0, xmm2, 2 -shufpd xmm1, xmm5, 2 -shufpd xmm2, xmm6, 2 -test rdx, rdx -jz labelSSE2_Salsa_Output_B3 -test rdx, 15 -jnz labelSSE2_Salsa_Output_B7 -pxor xmm4, [rdx+0*16] -pxor xmm0, [rdx+1*16] -pxor xmm1, [rdx+2*16] -pxor xmm2, [rdx+3*16] -add rdx, 4*16 -jmp labelSSE2_Salsa_Output_B3 -labelSSE2_Salsa_Output_B7: -movdqu xmm3, [rdx+0*16] -pxor xmm4, xmm3 -movdqu xmm3, [rdx+1*16] -pxor xmm0, xmm3 -movdqu xmm3, [rdx+2*16] -pxor xmm1, xmm3 -movdqu xmm3, [rdx+3*16] -pxor xmm2, xmm3 -add rdx, 4*16 -labelSSE2_Salsa_Output_B3: -test rcx, 15 -jnz labelSSE2_Salsa_Output_B8 -movdqa [rcx+0*16], xmm4 -movdqa [rcx+1*16], xmm0 -movdqa [rcx+2*16], xmm1 -movdqa [rcx+3*16], xmm2 -jmp labelSSE2_Salsa_Output_B9 -labelSSE2_Salsa_Output_B8: -movdqu [rcx+0*16], xmm4 -movdqu [rcx+1*16], xmm0 -movdqu [rcx+2*16], xmm1 -movdqu [rcx+3*16], xmm2 -labelSSE2_Salsa_Output_B9: -add rcx, 4*16 -jmp label5 -label4: -movdqa xmm6, [rsp + 0200h] -movdqa xmm7, [rsp + 0210h] -movdqa xmm8, [rsp + 0220h] -movdqa xmm9, [rsp + 0230h] -movdqa xmm10, [rsp + 0240h] -movdqa xmm11, [rsp + 0250h] -movdqa xmm12, [rsp + 0260h] -movdqa xmm13, [rsp + 0270h] -movdqa xmm14, [rsp + 0280h] -movdqa xmm15, [rsp + 0290h] -add rsp, 10*16 + 32*16 + 8 -ret -Salsa20_OperateKeystream ENDP - -ALIGN 8 -Sosemanuk_OperateKeystream PROC FRAME -rex_push_reg rsi -push_reg rdi -alloc_stack(80*4*2+12*4+8*8 + 2*16+8) -save_xmm128 xmm6, 02f0h -save_xmm128 xmm7, 0300h -.endprolog -mov rdi, r8 -mov rax, r9 -mov QWORD PTR [rsp+1*8], rdi -mov QWORD PTR [rsp+2*8], rdx -mov QWORD PTR [rsp+6*8], rax -lea rcx, [4*rcx+rcx] -lea rsi, [4*rcx] -mov QWORD PTR [rsp+3*8], rsi -movdqa xmm0, [rax+0*16] -movdqa [rsp + 8*8+0*16], xmm0 -movdqa xmm0, [rax+1*16] -movdqa [rsp + 8*8+1*16], xmm0 -movq xmm0, QWORD PTR [rax+2*16] -movq QWORD PTR [rsp + 8*8+2*16], xmm0 -psrlq xmm0, 32 -movd r10d, xmm0 -mov ecx, [rax+10*4] -mov edx, [rax+11*4] -pcmpeqb xmm7, xmm7 -label2: -lea rdi, [rsp + 8*8 + 12*4] -mov rax, 80 -cmp rsi, 80 -cmovg rsi, rax -mov QWORD PTR [rsp+7*8], rsi -lea rsi, [rdi+rsi] -mov QWORD PTR [rsp+4*8], rsi -lea rsi, s_sosemanukMulTables -label0: -mov eax, [rsp + 8*8 + ((0+0)-((0+0)/(10))*(10))*4] -mov [rdi + (((0)-((0)/(4))*(4))*20 + (0/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((0)-((0)/(4))*(4))*20 + (0/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((0+3)-((0+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((0+2)-((0+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((0+0)-((0+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((1+0)-((1+0)/(10))*(10))*4] -mov [rdi + (((1)-((1)/(4))*(4))*20 + (1/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((1)-((1)/(4))*(4))*20 + (1/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((1+3)-((1+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((1+2)-((1+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((1+0)-((1+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((2+0)-((2+0)/(10))*(10))*4] -mov [rdi + (((2)-((2)/(4))*(4))*20 + (2/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((2)-((2)/(4))*(4))*20 + (2/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((2+3)-((2+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((2+2)-((2+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((2+0)-((2+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((3+0)-((3+0)/(10))*(10))*4] -mov [rdi + (((3)-((3)/(4))*(4))*20 + (3/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((3)-((3)/(4))*(4))*20 + (3/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((3+3)-((3+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((3+2)-((3+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((3+0)-((3+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((4+0)-((4+0)/(10))*(10))*4] -mov [rdi + (((4)-((4)/(4))*(4))*20 + (4/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((4)-((4)/(4))*(4))*20 + (4/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((4+3)-((4+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((4+2)-((4+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((4+0)-((4+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((5+0)-((5+0)/(10))*(10))*4] -mov [rdi + (((5)-((5)/(4))*(4))*20 + (5/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((5)-((5)/(4))*(4))*20 + (5/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((5+3)-((5+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((5+2)-((5+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((5+0)-((5+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((6+0)-((6+0)/(10))*(10))*4] -mov [rdi + (((6)-((6)/(4))*(4))*20 + (6/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((6)-((6)/(4))*(4))*20 + (6/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((6+3)-((6+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((6+2)-((6+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((6+0)-((6+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((7+0)-((7+0)/(10))*(10))*4] -mov [rdi + (((7)-((7)/(4))*(4))*20 + (7/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((7)-((7)/(4))*(4))*20 + (7/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((7+3)-((7+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((7+2)-((7+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((7+0)-((7+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((8+0)-((8+0)/(10))*(10))*4] -mov [rdi + (((8)-((8)/(4))*(4))*20 + (8/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((8)-((8)/(4))*(4))*20 + (8/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((8+3)-((8+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((8+2)-((8+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((8+0)-((8+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((9+0)-((9+0)/(10))*(10))*4] -mov [rdi + (((9)-((9)/(4))*(4))*20 + (9/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((9)-((9)/(4))*(4))*20 + (9/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((9+3)-((9+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((9+2)-((9+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((9+0)-((9+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((10+0)-((10+0)/(10))*(10))*4] -mov [rdi + (((10)-((10)/(4))*(4))*20 + (10/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((10)-((10)/(4))*(4))*20 + (10/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((10+3)-((10+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((10+2)-((10+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((10+0)-((10+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((11+0)-((11+0)/(10))*(10))*4] -mov [rdi + (((11)-((11)/(4))*(4))*20 + (11/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((11)-((11)/(4))*(4))*20 + (11/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((11+3)-((11+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((11+2)-((11+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((11+0)-((11+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((12+0)-((12+0)/(10))*(10))*4] -mov [rdi + (((12)-((12)/(4))*(4))*20 + (12/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((12)-((12)/(4))*(4))*20 + (12/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((12+3)-((12+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((12+2)-((12+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((12+0)-((12+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((13+0)-((13+0)/(10))*(10))*4] -mov [rdi + (((13)-((13)/(4))*(4))*20 + (13/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((13)-((13)/(4))*(4))*20 + (13/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((13+3)-((13+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((13+2)-((13+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((13+0)-((13+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((14+0)-((14+0)/(10))*(10))*4] -mov [rdi + (((14)-((14)/(4))*(4))*20 + (14/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((14)-((14)/(4))*(4))*20 + (14/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((14+3)-((14+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((14+2)-((14+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((14+0)-((14+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((15+0)-((15+0)/(10))*(10))*4] -mov [rdi + (((15)-((15)/(4))*(4))*20 + (15/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((15)-((15)/(4))*(4))*20 + (15/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((15+3)-((15+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((15+2)-((15+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((15+0)-((15+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((16+0)-((16+0)/(10))*(10))*4] -mov [rdi + (((16)-((16)/(4))*(4))*20 + (16/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((16)-((16)/(4))*(4))*20 + (16/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((16+3)-((16+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((16+2)-((16+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((16+0)-((16+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((17+0)-((17+0)/(10))*(10))*4] -mov [rdi + (((17)-((17)/(4))*(4))*20 + (17/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((17)-((17)/(4))*(4))*20 + (17/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((17+3)-((17+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((17+2)-((17+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((17+0)-((17+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((18+0)-((18+0)/(10))*(10))*4] -mov [rdi + (((18)-((18)/(4))*(4))*20 + (18/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((18)-((18)/(4))*(4))*20 + (18/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((18+3)-((18+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((18+2)-((18+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((18+0)-((18+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((19+0)-((19+0)/(10))*(10))*4] -mov [rdi + (((19)-((19)/(4))*(4))*20 + (19/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((19)-((19)/(4))*(4))*20 + (19/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((19+3)-((19+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((19+2)-((19+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((19+0)-((19+0)/(10))*(10))*4], r10d -add rdi, 5*4 -cmp rdi, QWORD PTR [rsp+4*8] -jne label0 -mov rax, QWORD PTR [rsp+2*8] -mov r11, QWORD PTR [rsp+1*8] -lea rdi, [rsp + 8*8 + 12*4] -mov rsi, QWORD PTR [rsp+7*8] -label1: -movdqa xmm0, [rdi+0*20*4] -movdqa xmm2, [rdi+2*20*4] -movdqa xmm3, [rdi+3*20*4] -movdqa xmm1, [rdi+1*20*4] -movdqa xmm4, xmm0 -pand xmm0, xmm2 -pxor xmm0, xmm3 -pxor xmm2, xmm1 -pxor xmm2, xmm0 -por xmm3, xmm4 -pxor xmm3, xmm1 -pxor xmm4, xmm2 -movdqa xmm1, xmm3 -por xmm3, xmm4 -pxor xmm3, xmm0 -pand xmm0, xmm1 -pxor xmm4, xmm0 -pxor xmm1, xmm3 -pxor xmm1, xmm4 -pxor xmm4, xmm7 -pxor xmm2, [rdi+80*4] -pxor xmm3, [rdi+80*5] -pxor xmm1, [rdi+80*6] -pxor xmm4, [rdi+80*7] -cmp rsi, 16 -jl label4 -movdqa xmm6, xmm2 -punpckldq xmm2, xmm3 -movdqa xmm5, xmm1 -punpckldq xmm1, xmm4 -movdqa xmm0, xmm2 -punpcklqdq xmm2, xmm1 -punpckhqdq xmm0, xmm1 -punpckhdq xmm6, xmm3 -punpckhdq xmm5, xmm4 -movdqa xmm3, xmm6 -punpcklqdq xmm6, xmm5 -punpckhqdq xmm3, xmm5 -test rax, rax -jz labelSSE2_Sosemanuk_Output3 -test rax, 15 -jnz labelSSE2_Sosemanuk_Output7 -pxor xmm2, [rax+0*16] -pxor xmm0, [rax+1*16] -pxor xmm6, [rax+2*16] -pxor xmm3, [rax+3*16] -add rax, 4*16 -jmp labelSSE2_Sosemanuk_Output3 -labelSSE2_Sosemanuk_Output7: -movdqu xmm1, [rax+0*16] -pxor xmm2, xmm1 -movdqu xmm1, [rax+1*16] -pxor xmm0, xmm1 -movdqu xmm1, [rax+2*16] -pxor xmm6, xmm1 -movdqu xmm1, [rax+3*16] -pxor xmm3, xmm1 -add rax, 4*16 -labelSSE2_Sosemanuk_Output3: -test r11, 15 -jnz labelSSE2_Sosemanuk_Output8 -movdqa [r11+0*16], xmm2 -movdqa [r11+1*16], xmm0 -movdqa [r11+2*16], xmm6 -movdqa [r11+3*16], xmm3 -jmp labelSSE2_Sosemanuk_Output9 -labelSSE2_Sosemanuk_Output8: -movdqu [r11+0*16], xmm2 -movdqu [r11+1*16], xmm0 -movdqu [r11+2*16], xmm6 -movdqu [r11+3*16], xmm3 -labelSSE2_Sosemanuk_Output9: -add r11, 4*16 -add rdi, 4*4 -sub rsi, 16 -jnz label1 -mov rsi, QWORD PTR [rsp+3*8] -sub rsi, 80 -jz label6 -mov QWORD PTR [rsp+3*8], rsi -mov QWORD PTR [rsp+2*8], rax -mov QWORD PTR [rsp+1*8], r11 -jmp label2 -label4: -test rax, rax -jz label5 -movd xmm0, dword ptr [rax+0*4] -pxor xmm2, xmm0 -movd xmm0, dword ptr [rax+1*4] -pxor xmm3, xmm0 -movd xmm0, dword ptr [rax+2*4] -pxor xmm1, xmm0 -movd xmm0, dword ptr [rax+3*4] -pxor xmm4, xmm0 -add rax, 16 -label5: -movd dword ptr [r11+0*4], xmm2 -movd dword ptr [r11+1*4], xmm3 -movd dword ptr [r11+2*4], xmm1 -movd dword ptr [r11+3*4], xmm4 -sub rsi, 4 -jz label6 -add r11, 16 -psrldq xmm2, 4 -psrldq xmm3, 4 -psrldq xmm1, 4 -psrldq xmm4, 4 -jmp label4 -label6: -mov r10, QWORD PTR [rsp+6*8] -movdqa xmm0, [rsp + 8*8+0*16] -movdqa [r10+0*16], xmm0 -movdqa xmm0, [rsp + 8*8+1*16] -movdqa [r10+1*16], xmm0 -movq xmm0, QWORD PTR [rsp + 8*8+2*16] -movq QWORD PTR [r10+2*16], xmm0 -mov [r10+10*4], ecx -mov [r10+11*4], edx -movdqa xmm6, [rsp + 02f0h] -movdqa xmm7, [rsp + 0300h] -add rsp, 80*4*2+12*4+8*8 + 2*16+8 -pop rdi -pop rsi -ret -Sosemanuk_OperateKeystream ENDP - -Panama_SSE2_Pull PROC FRAME -rex_push_reg rdi -alloc_stack(2*16) -save_xmm128 xmm6, 0h -save_xmm128 xmm7, 10h -.endprolog -shl rcx, 5 -jz label5 -mov r10d, [rdx+4*17] -add rcx, r10 -mov rdi, rcx -movdqa xmm0, xmmword ptr [rdx+0*16] -movdqa xmm1, xmmword ptr [rdx+1*16] -movdqa xmm2, xmmword ptr [rdx+2*16] -movdqa xmm3, xmmword ptr [rdx+3*16] -mov eax, dword ptr [rdx+4*16] -label4: -movdqa xmm6, xmm2 -movss xmm6, xmm3 -pshufd xmm5, xmm6, 0*64+3*16+2*4+1 -movd xmm6, eax -movdqa xmm7, xmm3 -movss xmm7, xmm6 -pshufd xmm6, xmm7, 0*64+3*16+2*4+1 -movd ecx, xmm2 -not ecx -movd r11d, xmm3 -or ecx, r11d -xor eax, ecx -pcmpeqb xmm7, xmm7 -pxor xmm7, xmm1 -por xmm7, xmm2 -pxor xmm7, xmm3 -movd ecx, xmm7 -rol ecx, (((((5*1) MOD (17))*(((5*1) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(1)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*5) MOD (17))*(((5*5) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(5)) MOD (17)))*13+16)) MOD (17))*4], ecx -punpckhqdq xmm7, xmm7 -movd ecx, xmm7 -rol ecx, (((((5*9) MOD (17))*(((5*9) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(9)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*13) MOD (17))*(((5*13) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(13)) MOD (17)))*13+16)) MOD (17))*4], ecx -pcmpeqb xmm7, xmm7 -pxor xmm7, xmm0 -por xmm7, xmm1 -pxor xmm7, xmm2 -movd ecx, xmm7 -rol ecx, (((((5*2) MOD (17))*(((5*2) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(2)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*6) MOD (17))*(((5*6) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(6)) MOD (17)))*13+16)) MOD (17))*4], ecx -punpckhqdq xmm7, xmm7 -movd ecx, xmm7 -rol ecx, (((((5*10) MOD (17))*(((5*10) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(10)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*14) MOD (17))*(((5*14) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(14)) MOD (17)))*13+16)) MOD (17))*4], ecx -pcmpeqb xmm7, xmm7 -pxor xmm7, xmm6 -por xmm7, xmm0 -pxor xmm7, xmm1 -movd ecx, xmm7 -rol ecx, (((((5*3) MOD (17))*(((5*3) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(3)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*7) MOD (17))*(((5*7) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(7)) MOD (17)))*13+16)) MOD (17))*4], ecx -punpckhqdq xmm7, xmm7 -movd ecx, xmm7 -rol ecx, (((((5*11) MOD (17))*(((5*11) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(11)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*15) MOD (17))*(((5*15) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(15)) MOD (17)))*13+16)) MOD (17))*4], ecx -pcmpeqb xmm7, xmm7 -pxor xmm7, xmm5 -por xmm7, xmm6 -pxor xmm7, xmm0 -movd ecx, xmm7 -rol ecx, (((((5*4) MOD (17))*(((5*4) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(4)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*8) MOD (17))*(((5*8) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(8)) MOD (17)))*13+16)) MOD (17))*4], ecx -punpckhqdq xmm7, xmm7 -movd ecx, xmm7 -rol ecx, (((((5*12) MOD (17))*(((5*12) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(12)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*16) MOD (17))*(((5*16) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(16)) MOD (17)))*13+16)) MOD (17))*4], ecx -movdqa xmm4, xmm3 -punpcklqdq xmm3, xmm2 -punpckhdq xmm4, xmm2 -movdqa xmm2, xmm1 -punpcklqdq xmm1, xmm0 -punpckhdq xmm2, xmm0 -test r8, r8 -jz label0 -movdqa xmm6, xmm4 -punpcklqdq xmm4, xmm2 -punpckhqdq xmm6, xmm2 -test r9, 15 -jnz label2 -test r9, r9 -jz label1 -pxor xmm4, [r9] -pxor xmm6, [r9+16] -add r9, 32 -jmp label1 -label2: -movdqu xmm0, [r9] -movdqu xmm2, [r9+16] -pxor xmm4, xmm0 -pxor xmm6, xmm2 -add r9, 32 -label1: -test r8, 15 -jnz label3 -movdqa xmmword ptr [r8], xmm4 -movdqa xmmword ptr [r8+16], xmm6 -add r8, 32 -jmp label0 -label3: -movdqu xmmword ptr [r8], xmm4 -movdqu xmmword ptr [r8+16], xmm6 -add r8, 32 -label0: -lea rcx, [r10 + 32] -and rcx, 31*32 -lea r11, [r10 + (32-24)*32] -and r11, 31*32 -movdqa xmm0, xmmword ptr [rdx+20*4+rcx+0*8] -pxor xmm3, xmm0 -pshufd xmm0, xmm0, 2*64+3*16+0*4+1 -movdqa xmmword ptr [rdx+20*4+rcx+0*8], xmm3 -pxor xmm0, xmmword ptr [rdx+20*4+r11+2*8] -movdqa xmmword ptr [rdx+20*4+r11+2*8], xmm0 -movdqa xmm4, xmmword ptr [rdx+20*4+rcx+2*8] -pxor xmm1, xmm4 -movdqa xmmword ptr [rdx+20*4+rcx+2*8], xmm1 -pxor xmm4, xmmword ptr [rdx+20*4+r11+0*8] -movdqa xmmword ptr [rdx+20*4+r11+0*8], xmm4 -movdqa xmm3, xmmword ptr [rdx+3*16] -movdqa xmm2, xmmword ptr [rdx+2*16] -movdqa xmm1, xmmword ptr [rdx+1*16] -movdqa xmm0, xmmword ptr [rdx+0*16] -movd xmm6, eax -movdqa xmm7, xmm3 -movss xmm7, xmm6 -movdqa xmm6, xmm2 -movss xmm6, xmm3 -movdqa xmm5, xmm1 -movss xmm5, xmm2 -movdqa xmm4, xmm0 -movss xmm4, xmm1 -pshufd xmm7, xmm7, 0*64+3*16+2*4+1 -pshufd xmm6, xmm6, 0*64+3*16+2*4+1 -pshufd xmm5, xmm5, 0*64+3*16+2*4+1 -pshufd xmm4, xmm4, 0*64+3*16+2*4+1 -xor eax, 1 -movd ecx, xmm0 -xor eax, ecx -movd ecx, xmm3 -xor eax, ecx -pxor xmm3, xmm2 -pxor xmm2, xmm1 -pxor xmm1, xmm0 -pxor xmm0, xmm7 -pxor xmm3, xmm7 -pxor xmm2, xmm6 -pxor xmm1, xmm5 -pxor xmm0, xmm4 -lea rcx, [r10 + (32-4)*32] -and rcx, 31*32 -lea r11, [r10 + 16*32] -and r11, 31*32 -movdqa xmm4, xmmword ptr [rdx+20*4+rcx+0*16] -movdqa xmm5, xmmword ptr [rdx+20*4+r11+0*16] -movdqa xmm6, xmm4 -punpcklqdq xmm4, xmm5 -punpckhqdq xmm6, xmm5 -pxor xmm3, xmm4 -pxor xmm2, xmm6 -movdqa xmm4, xmmword ptr [rdx+20*4+rcx+1*16] -movdqa xmm5, xmmword ptr [rdx+20*4+r11+1*16] -movdqa xmm6, xmm4 -punpcklqdq xmm4, xmm5 -punpckhqdq xmm6, xmm5 -pxor xmm1, xmm4 -pxor xmm0, xmm6 -add r10, 32 -cmp r10, rdi -jne label4 -mov [rdx+4*16], eax -movdqa xmmword ptr [rdx+3*16], xmm3 -movdqa xmmword ptr [rdx+2*16], xmm2 -movdqa xmmword ptr [rdx+1*16], xmm1 -movdqa xmmword ptr [rdx+0*16], xmm0 -label5: -movdqa xmm6, [rsp + 0h] -movdqa xmm7, [rsp + 10h] -add rsp, 2*16 -pop rdi -ret -Panama_SSE2_Pull ENDP - -_TEXT ENDS -END diff --git a/cryptopp562/xtr.cpp b/cryptopp562/xtr.cpp deleted file mode 100644 index 6739070..0000000 --- a/cryptopp562/xtr.cpp +++ /dev/null @@ -1,100 +0,0 @@ -// cryptlib.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "xtr.h" -#include "nbtheory.h" - -#include "algebra.cpp" - -NAMESPACE_BEGIN(CryptoPP) - -const GFP2Element & GFP2Element::Zero() -{ - return Singleton<GFP2Element>().Ref(); -} - -void XTR_FindPrimesAndGenerator(RandomNumberGenerator &rng, Integer &p, Integer &q, GFP2Element &g, unsigned int pbits, unsigned int qbits) -{ - assert(qbits > 9); // no primes exist for pbits = 10, qbits = 9 - assert(pbits > qbits); - - const Integer minQ = Integer::Power2(qbits - 1); - const Integer maxQ = Integer::Power2(qbits) - 1; - const Integer minP = Integer::Power2(pbits - 1); - const Integer maxP = Integer::Power2(pbits) - 1; - - Integer r1, r2; - do - { - bool qFound = q.Randomize(rng, minQ, maxQ, Integer::PRIME, 7, 12); - assert(qFound); - bool solutionsExist = SolveModularQuadraticEquation(r1, r2, 1, -1, 1, q); - assert(solutionsExist); - } while (!p.Randomize(rng, minP, maxP, Integer::PRIME, CRT(rng.GenerateBit()?r1:r2, q, 2, 3, EuclideanMultiplicativeInverse(p, 3)), 3*q)); - assert(((p.Squared() - p + 1) % q).IsZero()); - - GFP2_ONB<ModularArithmetic> gfp2(p); - GFP2Element three = gfp2.ConvertIn(3), t; - - while (true) - { - g.c1.Randomize(rng, Integer::Zero(), p-1); - g.c2.Randomize(rng, Integer::Zero(), p-1); - t = XTR_Exponentiate(g, p+1, p); - if (t.c1 == t.c2) - continue; - g = XTR_Exponentiate(g, (p.Squared()-p+1)/q, p); - if (g != three) - break; - } - assert(XTR_Exponentiate(g, q, p) == three); -} - -GFP2Element XTR_Exponentiate(const GFP2Element &b, const Integer &e, const Integer &p) -{ - unsigned int bitCount = e.BitCount(); - if (bitCount == 0) - return GFP2Element(-3, -3); - - // find the lowest bit of e that is 1 - unsigned int lowest1bit; - for (lowest1bit=0; e.GetBit(lowest1bit) == 0; lowest1bit++) {} - - GFP2_ONB<MontgomeryRepresentation> gfp2(p); - GFP2Element c = gfp2.ConvertIn(b); - GFP2Element cp = gfp2.PthPower(c); - GFP2Element S[5] = {gfp2.ConvertIn(3), c, gfp2.SpecialOperation1(c)}; - - // do all exponents bits except the lowest zeros starting from the top - unsigned int i; - for (i = e.BitCount() - 1; i>lowest1bit; i--) - { - if (e.GetBit(i)) - { - gfp2.RaiseToPthPower(S[0]); - gfp2.Accumulate(S[0], gfp2.SpecialOperation2(S[2], c, S[1])); - S[1] = gfp2.SpecialOperation1(S[1]); - S[2] = gfp2.SpecialOperation1(S[2]); - S[0].swap(S[1]); - } - else - { - gfp2.RaiseToPthPower(S[2]); - gfp2.Accumulate(S[2], gfp2.SpecialOperation2(S[0], cp, S[1])); - S[1] = gfp2.SpecialOperation1(S[1]); - S[0] = gfp2.SpecialOperation1(S[0]); - S[2].swap(S[1]); - } - } - - // now do the lowest zeros - while (i--) - S[1] = gfp2.SpecialOperation1(S[1]); - - return gfp2.ConvertOut(S[1]); -} - -template class AbstractRing<GFP2Element>; -template class AbstractGroup<GFP2Element>; - -NAMESPACE_END diff --git a/cryptopp562/xtr.h b/cryptopp562/xtr.h deleted file mode 100644 index 89d39f0..0000000 --- a/cryptopp562/xtr.h +++ /dev/null @@ -1,215 +0,0 @@ -#ifndef CRYPTOPP_XTR_H -#define CRYPTOPP_XTR_H - -/** \file - "The XTR public key system" by Arjen K. Lenstra and Eric R. Verheul -*/ - -#include "modarith.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! an element of GF(p^2) -class GFP2Element -{ -public: - GFP2Element() {} - GFP2Element(const Integer &c1, const Integer &c2) : c1(c1), c2(c2) {} - GFP2Element(const byte *encodedElement, unsigned int size) - : c1(encodedElement, size/2), c2(encodedElement+size/2, size/2) {} - - void Encode(byte *encodedElement, unsigned int size) - { - c1.Encode(encodedElement, size/2); - c2.Encode(encodedElement+size/2, size/2); - } - - bool operator==(const GFP2Element &rhs) const {return c1 == rhs.c1 && c2 == rhs.c2;} - bool operator!=(const GFP2Element &rhs) const {return !operator==(rhs);} - - void swap(GFP2Element &a) - { - c1.swap(a.c1); - c2.swap(a.c2); - } - - static const GFP2Element & Zero(); - - Integer c1, c2; -}; - -//! GF(p^2), optimal normal basis -template <class F> -class GFP2_ONB : public AbstractRing<GFP2Element> -{ -public: - typedef F BaseField; - - GFP2_ONB(const Integer &p) : modp(p) - { - if (p%3 != 2) - throw InvalidArgument("GFP2_ONB: modulus must be equivalent to 2 mod 3"); - } - - const Integer& GetModulus() const {return modp.GetModulus();} - - GFP2Element ConvertIn(const Integer &a) const - { - t = modp.Inverse(modp.ConvertIn(a)); - return GFP2Element(t, t); - } - - GFP2Element ConvertIn(const GFP2Element &a) const - {return GFP2Element(modp.ConvertIn(a.c1), modp.ConvertIn(a.c2));} - - GFP2Element ConvertOut(const GFP2Element &a) const - {return GFP2Element(modp.ConvertOut(a.c1), modp.ConvertOut(a.c2));} - - bool Equal(const GFP2Element &a, const GFP2Element &b) const - { - return modp.Equal(a.c1, b.c1) && modp.Equal(a.c2, b.c2); - } - - const Element& Identity() const - { - return GFP2Element::Zero(); - } - - const Element& Add(const Element &a, const Element &b) const - { - result.c1 = modp.Add(a.c1, b.c1); - result.c2 = modp.Add(a.c2, b.c2); - return result; - } - - const Element& Inverse(const Element &a) const - { - result.c1 = modp.Inverse(a.c1); - result.c2 = modp.Inverse(a.c2); - return result; - } - - const Element& Double(const Element &a) const - { - result.c1 = modp.Double(a.c1); - result.c2 = modp.Double(a.c2); - return result; - } - - const Element& Subtract(const Element &a, const Element &b) const - { - result.c1 = modp.Subtract(a.c1, b.c1); - result.c2 = modp.Subtract(a.c2, b.c2); - return result; - } - - Element& Accumulate(Element &a, const Element &b) const - { - modp.Accumulate(a.c1, b.c1); - modp.Accumulate(a.c2, b.c2); - return a; - } - - Element& Reduce(Element &a, const Element &b) const - { - modp.Reduce(a.c1, b.c1); - modp.Reduce(a.c2, b.c2); - return a; - } - - bool IsUnit(const Element &a) const - { - return a.c1.NotZero() || a.c2.NotZero(); - } - - const Element& MultiplicativeIdentity() const - { - result.c1 = result.c2 = modp.Inverse(modp.MultiplicativeIdentity()); - return result; - } - - const Element& Multiply(const Element &a, const Element &b) const - { - t = modp.Add(a.c1, a.c2); - t = modp.Multiply(t, modp.Add(b.c1, b.c2)); - result.c1 = modp.Multiply(a.c1, b.c1); - result.c2 = modp.Multiply(a.c2, b.c2); - result.c1.swap(result.c2); - modp.Reduce(t, result.c1); - modp.Reduce(t, result.c2); - modp.Reduce(result.c1, t); - modp.Reduce(result.c2, t); - return result; - } - - const Element& MultiplicativeInverse(const Element &a) const - { - return result = Exponentiate(a, modp.GetModulus()-2); - } - - const Element& Square(const Element &a) const - { - const Integer &ac1 = (&a == &result) ? (t = a.c1) : a.c1; - result.c1 = modp.Multiply(modp.Subtract(modp.Subtract(a.c2, a.c1), a.c1), a.c2); - result.c2 = modp.Multiply(modp.Subtract(modp.Subtract(ac1, a.c2), a.c2), ac1); - return result; - } - - Element Exponentiate(const Element &a, const Integer &e) const - { - Integer edivp, emodp; - Integer::Divide(emodp, edivp, e, modp.GetModulus()); - Element b = PthPower(a); - return AbstractRing<GFP2Element>::CascadeExponentiate(a, emodp, b, edivp); - } - - const Element & PthPower(const Element &a) const - { - result = a; - result.c1.swap(result.c2); - return result; - } - - void RaiseToPthPower(Element &a) const - { - a.c1.swap(a.c2); - } - - // a^2 - 2a^p - const Element & SpecialOperation1(const Element &a) const - { - assert(&a != &result); - result = Square(a); - modp.Reduce(result.c1, a.c2); - modp.Reduce(result.c1, a.c2); - modp.Reduce(result.c2, a.c1); - modp.Reduce(result.c2, a.c1); - return result; - } - - // x * z - y * z^p - const Element & SpecialOperation2(const Element &x, const Element &y, const Element &z) const - { - assert(&x != &result && &y != &result && &z != &result); - t = modp.Add(x.c2, y.c2); - result.c1 = modp.Multiply(z.c1, modp.Subtract(y.c1, t)); - modp.Accumulate(result.c1, modp.Multiply(z.c2, modp.Subtract(t, x.c1))); - t = modp.Add(x.c1, y.c1); - result.c2 = modp.Multiply(z.c2, modp.Subtract(y.c2, t)); - modp.Accumulate(result.c2, modp.Multiply(z.c1, modp.Subtract(t, x.c2))); - return result; - } - -protected: - BaseField modp; - mutable GFP2Element result; - mutable Integer t; -}; - -void XTR_FindPrimesAndGenerator(RandomNumberGenerator &rng, Integer &p, Integer &q, GFP2Element &g, unsigned int pbits, unsigned int qbits); - -GFP2Element XTR_Exponentiate(const GFP2Element &b, const Integer &e, const Integer &p); - -NAMESPACE_END - -#endif diff --git a/cryptopp562/xtrcrypt.cpp b/cryptopp562/xtrcrypt.cpp deleted file mode 100644 index 20e78e7..0000000 --- a/cryptopp562/xtrcrypt.cpp +++ /dev/null @@ -1,108 +0,0 @@ -// xtrcrypt.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "xtrcrypt.h" -#include "nbtheory.h" -#include "asn.h" -#include "argnames.h" - -NAMESPACE_BEGIN(CryptoPP) - -XTR_DH::XTR_DH(const Integer &p, const Integer &q, const GFP2Element &g) - : m_p(p), m_q(q), m_g(g) -{ -} - -XTR_DH::XTR_DH(RandomNumberGenerator &rng, unsigned int pbits, unsigned int qbits) -{ - XTR_FindPrimesAndGenerator(rng, m_p, m_q, m_g, pbits, qbits); -} - -XTR_DH::XTR_DH(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_p.BERDecode(seq); - m_q.BERDecode(seq); - m_g.c1.BERDecode(seq); - m_g.c2.BERDecode(seq); - seq.MessageEnd(); -} - -void XTR_DH::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_p.DEREncode(seq); - m_q.DEREncode(seq); - m_g.c1.DEREncode(seq); - m_g.c2.DEREncode(seq); - seq.MessageEnd(); -} - -bool XTR_DH::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_p > Integer::One() && m_p.IsOdd(); - pass = pass && m_q > Integer::One() && m_q.IsOdd(); - GFP2Element three = GFP2_ONB<ModularArithmetic>(m_p).ConvertIn(3); - pass = pass && !(m_g.c1.IsNegative() || m_g.c2.IsNegative() || m_g.c1 >= m_p || m_g.c2 >= m_p || m_g == three); - if (level >= 1) - pass = pass && ((m_p.Squared()-m_p+1)%m_q).IsZero(); - if (level >= 2) - { - pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); - pass = pass && XTR_Exponentiate(m_g, (m_p.Squared()-m_p+1)/m_q, m_p) != three; - pass = pass && XTR_Exponentiate(m_g, m_q, m_p) == three; - } - return pass; -} - -bool XTR_DH::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupOrder) - CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupGenerator) - ; -} - -void XTR_DH::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_SET_FUNCTION_ENTRY(SubgroupOrder) - CRYPTOPP_SET_FUNCTION_ENTRY(SubgroupGenerator) - ; -} - -void XTR_DH::GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const -{ - Integer x(rng, Integer::Zero(), m_q-1); - x.Encode(privateKey, PrivateKeyLength()); -} - -void XTR_DH::GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const -{ - Integer x(privateKey, PrivateKeyLength()); - GFP2Element y = XTR_Exponentiate(m_g, x, m_p); - y.Encode(publicKey, PublicKeyLength()); -} - -bool XTR_DH::Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey) const -{ - GFP2Element w(otherPublicKey, PublicKeyLength()); - if (validateOtherPublicKey) - { - GFP2_ONB<ModularArithmetic> gfp2(m_p); - GFP2Element three = gfp2.ConvertIn(3); - if (w.c1.IsNegative() || w.c2.IsNegative() || w.c1 >= m_p || w.c2 >= m_p || w == three) - return false; - if (XTR_Exponentiate(w, m_q, m_p) != three) - return false; - } - Integer s(privateKey, PrivateKeyLength()); - GFP2Element z = XTR_Exponentiate(w, s, m_p); - z.Encode(agreedValue, AgreedValueLength()); - return true; -} - -NAMESPACE_END diff --git a/cryptopp562/xtrcrypt.h b/cryptopp562/xtrcrypt.h deleted file mode 100644 index 6aee127..0000000 --- a/cryptopp562/xtrcrypt.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef CRYPTOPP_XTRCRYPT_H -#define CRYPTOPP_XTRCRYPT_H - -/** \file - "The XTR public key system" by Arjen K. Lenstra and Eric R. Verheul -*/ - -#include "xtr.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! XTR-DH with key validation - -class XTR_DH : public SimpleKeyAgreementDomain, public CryptoParameters -{ - typedef XTR_DH ThisClass; - -public: - XTR_DH(const Integer &p, const Integer &q, const GFP2Element &g); - XTR_DH(RandomNumberGenerator &rng, unsigned int pbits, unsigned int qbits); - XTR_DH(BufferedTransformation &domainParams); - - void DEREncode(BufferedTransformation &domainParams) const; - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - CryptoParameters & AccessCryptoParameters() {return *this;} - unsigned int AgreedValueLength() const {return 2*m_p.ByteCount();} - unsigned int PrivateKeyLength() const {return m_q.ByteCount();} - unsigned int PublicKeyLength() const {return 2*m_p.ByteCount();} - - void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const; - void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const; - bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const; - - const Integer &GetModulus() const {return m_p;} - const Integer &GetSubgroupOrder() const {return m_q;} - const GFP2Element &GetSubgroupGenerator() const {return m_g;} - - void SetModulus(const Integer &p) {m_p = p;} - void SetSubgroupOrder(const Integer &q) {m_q = q;} - void SetSubgroupGenerator(const GFP2Element &g) {m_g = g;} - -private: - unsigned int ExponentBitLength() const; - - Integer m_p, m_q; - GFP2Element m_g; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/zdeflate.cpp b/cryptopp562/zdeflate.cpp deleted file mode 100644 index bdcd7ba..0000000 --- a/cryptopp562/zdeflate.cpp +++ /dev/null @@ -1,801 +0,0 @@ -// zdeflate.cpp - written and placed in the public domain by Wei Dai - -// Many of the algorithms and tables used here came from the deflate implementation -// by Jean-loup Gailly, which was included in Crypto++ 4.0 and earlier. I completely -// rewrote it in order to fix a bug that I could not figure out. This code -// is less clever, but hopefully more understandable and maintainable. - -#include "pch.h" -#include "zdeflate.h" -#include <functional> - -#if _MSC_VER >= 1600 -// for make_unchecked_array_iterator -#include <iterator> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -using namespace std; - -LowFirstBitWriter::LowFirstBitWriter(BufferedTransformation *attachment) - : Filter(attachment), m_counting(false), m_buffer(0), m_bitsBuffered(0), m_bytesBuffered(0) -{ -} - -void LowFirstBitWriter::StartCounting() -{ - assert(!m_counting); - m_counting = true; - m_bitCount = 0; -} - -unsigned long LowFirstBitWriter::FinishCounting() -{ - assert(m_counting); - m_counting = false; - return m_bitCount; -} - -void LowFirstBitWriter::PutBits(unsigned long value, unsigned int length) -{ - if (m_counting) - m_bitCount += length; - else - { - m_buffer |= value << m_bitsBuffered; - m_bitsBuffered += length; - assert(m_bitsBuffered <= sizeof(unsigned long)*8); - while (m_bitsBuffered >= 8) - { - m_outputBuffer[m_bytesBuffered++] = (byte)m_buffer; - if (m_bytesBuffered == m_outputBuffer.size()) - { - AttachedTransformation()->PutModifiable(m_outputBuffer, m_bytesBuffered); - m_bytesBuffered = 0; - } - m_buffer >>= 8; - m_bitsBuffered -= 8; - } - } -} - -void LowFirstBitWriter::FlushBitBuffer() -{ - if (m_counting) - m_bitCount += 8*(m_bitsBuffered > 0); - else - { - if (m_bytesBuffered > 0) - { - AttachedTransformation()->PutModifiable(m_outputBuffer, m_bytesBuffered); - m_bytesBuffered = 0; - } - if (m_bitsBuffered > 0) - { - AttachedTransformation()->Put((byte)m_buffer); - m_buffer = 0; - m_bitsBuffered = 0; - } - } -} - -void LowFirstBitWriter::ClearBitBuffer() -{ - m_buffer = 0; - m_bytesBuffered = 0; - m_bitsBuffered = 0; -} - -HuffmanEncoder::HuffmanEncoder(const unsigned int *codeBits, unsigned int nCodes) -{ - Initialize(codeBits, nCodes); -} - -struct HuffmanNode -{ - size_t symbol; - union {size_t parent; unsigned depth, freq;}; -}; - -struct FreqLessThan -{ - inline bool operator()(unsigned int lhs, const HuffmanNode &rhs) {return lhs < rhs.freq;} - inline bool operator()(const HuffmanNode &lhs, const HuffmanNode &rhs) const {return lhs.freq < rhs.freq;} - // needed for MSVC .NET 2005 - inline bool operator()(const HuffmanNode &lhs, unsigned int rhs) {return lhs.freq < rhs;} -}; - -void HuffmanEncoder::GenerateCodeLengths(unsigned int *codeBits, unsigned int maxCodeBits, const unsigned int *codeCounts, size_t nCodes) -{ - assert(nCodes > 0); - assert(nCodes <= ((size_t)1 << maxCodeBits)); - - size_t i; - SecBlockWithHint<HuffmanNode, 2*286> tree(nCodes); - for (i=0; i<nCodes; i++) - { - tree[i].symbol = i; - tree[i].freq = codeCounts[i]; - } - sort(tree.begin(), tree.end(), FreqLessThan()); - size_t treeBegin = upper_bound(tree.begin(), tree.end(), 0, FreqLessThan()) - tree.begin(); - if (treeBegin == nCodes) - { // special case for no codes - fill(codeBits, codeBits+nCodes, 0); - return; - } - tree.resize(nCodes + nCodes - treeBegin - 1); - - size_t leastLeaf = treeBegin, leastInterior = nCodes; - for (i=nCodes; i<tree.size(); i++) - { - size_t least; - least = (leastLeaf == nCodes || (leastInterior < i && tree[leastInterior].freq < tree[leastLeaf].freq)) ? leastInterior++ : leastLeaf++; - tree[i].freq = tree[least].freq; - tree[least].parent = i; - least = (leastLeaf == nCodes || (leastInterior < i && tree[leastInterior].freq < tree[leastLeaf].freq)) ? leastInterior++ : leastLeaf++; - tree[i].freq += tree[least].freq; - tree[least].parent = i; - } - - tree[tree.size()-1].depth = 0; - if (tree.size() >= 2) - for (i=tree.size()-2; i>=nCodes; i--) - tree[i].depth = tree[tree[i].parent].depth + 1; - unsigned int sum = 0; - SecBlockWithHint<unsigned int, 15+1> blCount(maxCodeBits+1); - fill(blCount.begin(), blCount.end(), 0); - for (i=treeBegin; i<nCodes; i++) - { - size_t depth = STDMIN(maxCodeBits, tree[tree[i].parent].depth + 1); - blCount[depth]++; - sum += 1 << (maxCodeBits - depth); - } - - unsigned int overflow = sum > (unsigned int)(1 << maxCodeBits) ? sum - (1 << maxCodeBits) : 0; - - while (overflow--) - { - unsigned int bits = maxCodeBits-1; - while (blCount[bits] == 0) - bits--; - blCount[bits]--; - blCount[bits+1] += 2; - assert(blCount[maxCodeBits] > 0); - blCount[maxCodeBits]--; - } - - for (i=0; i<treeBegin; i++) - codeBits[tree[i].symbol] = 0; - unsigned int bits = maxCodeBits; - for (i=treeBegin; i<nCodes; i++) - { - while (blCount[bits] == 0) - bits--; - codeBits[tree[i].symbol] = bits; - blCount[bits]--; - } - assert(blCount[bits] == 0); -} - -void HuffmanEncoder::Initialize(const unsigned int *codeBits, unsigned int nCodes) -{ - assert(nCodes > 0); - unsigned int maxCodeBits = *max_element(codeBits, codeBits+nCodes); - if (maxCodeBits == 0) - return; // assume this object won't be used - - SecBlockWithHint<unsigned int, 15+1> blCount(maxCodeBits+1); - fill(blCount.begin(), blCount.end(), 0); - unsigned int i; - for (i=0; i<nCodes; i++) - blCount[codeBits[i]]++; - - code_t code = 0; - SecBlockWithHint<code_t, 15+1> nextCode(maxCodeBits+1); - nextCode[1] = 0; - for (i=2; i<=maxCodeBits; i++) - { - code = (code + blCount[i-1]) << 1; - nextCode[i] = code; - } - assert(maxCodeBits == 1 || code == (1 << maxCodeBits) - blCount[maxCodeBits]); - - m_valueToCode.resize(nCodes); - for (i=0; i<nCodes; i++) - { - unsigned int len = m_valueToCode[i].len = codeBits[i]; - if (len != 0) - m_valueToCode[i].code = BitReverse(nextCode[len]++) >> (8*sizeof(code_t)-len); - } -} - -inline void HuffmanEncoder::Encode(LowFirstBitWriter &writer, value_t value) const -{ - assert(m_valueToCode[value].len > 0); - writer.PutBits(m_valueToCode[value].code, m_valueToCode[value].len); -} - -Deflator::Deflator(BufferedTransformation *attachment, int deflateLevel, int log2WindowSize, bool detectUncompressible) - : LowFirstBitWriter(attachment) - , m_deflateLevel(-1) -{ - InitializeStaticEncoders(); - IsolatedInitialize(MakeParameters("DeflateLevel", deflateLevel)("Log2WindowSize", log2WindowSize)("DetectUncompressible", detectUncompressible)); -} - -Deflator::Deflator(const NameValuePairs ¶meters, BufferedTransformation *attachment) - : LowFirstBitWriter(attachment) - , m_deflateLevel(-1) -{ - InitializeStaticEncoders(); - IsolatedInitialize(parameters); -} - -void Deflator::InitializeStaticEncoders() -{ - unsigned int codeLengths[288]; - fill(codeLengths + 0, codeLengths + 144, 8); - fill(codeLengths + 144, codeLengths + 256, 9); - fill(codeLengths + 256, codeLengths + 280, 7); - fill(codeLengths + 280, codeLengths + 288, 8); - m_staticLiteralEncoder.Initialize(codeLengths, 288); - fill(codeLengths + 0, codeLengths + 32, 5); - m_staticDistanceEncoder.Initialize(codeLengths, 32); -} - -void Deflator::IsolatedInitialize(const NameValuePairs ¶meters) -{ - int log2WindowSize = parameters.GetIntValueWithDefault("Log2WindowSize", DEFAULT_LOG2_WINDOW_SIZE); - if (!(MIN_LOG2_WINDOW_SIZE <= log2WindowSize && log2WindowSize <= MAX_LOG2_WINDOW_SIZE)) - throw InvalidArgument("Deflator: " + IntToString(log2WindowSize) + " is an invalid window size"); - - m_log2WindowSize = log2WindowSize; - DSIZE = 1 << m_log2WindowSize; - DMASK = DSIZE - 1; - HSIZE = 1 << m_log2WindowSize; - HMASK = HSIZE - 1; - m_byteBuffer.New(2*DSIZE); - m_head.New(HSIZE); - m_prev.New(DSIZE); - m_matchBuffer.New(DSIZE/2); - Reset(true); - - SetDeflateLevel(parameters.GetIntValueWithDefault("DeflateLevel", DEFAULT_DEFLATE_LEVEL)); - bool detectUncompressible = parameters.GetValueWithDefault("DetectUncompressible", true); - m_compressibleDeflateLevel = detectUncompressible ? m_deflateLevel : 0; -} - -void Deflator::Reset(bool forceReset) -{ - if (forceReset) - ClearBitBuffer(); - else - assert(m_bitsBuffered == 0); - - m_headerWritten = false; - m_matchAvailable = false; - m_dictionaryEnd = 0; - m_stringStart = 0; - m_lookahead = 0; - m_minLookahead = MAX_MATCH; - m_matchBufferEnd = 0; - m_blockStart = 0; - m_blockLength = 0; - - m_detectCount = 1; - m_detectSkip = 0; - - // m_prev will be initialized automaticly in InsertString - fill(m_head.begin(), m_head.end(), 0); - - fill(m_literalCounts.begin(), m_literalCounts.end(), 0); - fill(m_distanceCounts.begin(), m_distanceCounts.end(), 0); -} - -void Deflator::SetDeflateLevel(int deflateLevel) -{ - if (!(MIN_DEFLATE_LEVEL <= deflateLevel && deflateLevel <= MAX_DEFLATE_LEVEL)) - throw InvalidArgument("Deflator: " + IntToString(deflateLevel) + " is an invalid deflate level"); - - if (deflateLevel == m_deflateLevel) - return; - - EndBlock(false); - - static const unsigned int configurationTable[10][4] = { - /* good lazy nice chain */ - /* 0 */ {0, 0, 0, 0}, /* store only */ - /* 1 */ {4, 3, 8, 4}, /* maximum speed, no lazy matches */ - /* 2 */ {4, 3, 16, 8}, - /* 3 */ {4, 3, 32, 32}, - /* 4 */ {4, 4, 16, 16}, /* lazy matches */ - /* 5 */ {8, 16, 32, 32}, - /* 6 */ {8, 16, 128, 128}, - /* 7 */ {8, 32, 128, 256}, - /* 8 */ {32, 128, 258, 1024}, - /* 9 */ {32, 258, 258, 4096}}; /* maximum compression */ - - GOOD_MATCH = configurationTable[deflateLevel][0]; - MAX_LAZYLENGTH = configurationTable[deflateLevel][1]; - MAX_CHAIN_LENGTH = configurationTable[deflateLevel][3]; - - m_deflateLevel = deflateLevel; -} - -unsigned int Deflator::FillWindow(const byte *str, size_t length) -{ - unsigned int maxBlockSize = (unsigned int)STDMIN(2UL*DSIZE, 0xffffUL); - - if (m_stringStart >= maxBlockSize - MAX_MATCH) - { - if (m_blockStart < DSIZE) - EndBlock(false); - - memcpy(m_byteBuffer, m_byteBuffer + DSIZE, DSIZE); - - m_dictionaryEnd = m_dictionaryEnd < DSIZE ? 0 : m_dictionaryEnd-DSIZE; - assert(m_stringStart >= DSIZE); - m_stringStart -= DSIZE; - assert(!m_matchAvailable || m_previousMatch >= DSIZE); - m_previousMatch -= DSIZE; - assert(m_blockStart >= DSIZE); - m_blockStart -= DSIZE; - - unsigned int i; - - for (i=0; i<HSIZE; i++) - m_head[i] = SaturatingSubtract(m_head[i], DSIZE); - - for (i=0; i<DSIZE; i++) - m_prev[i] = SaturatingSubtract(m_prev[i], DSIZE); - } - - assert(maxBlockSize > m_stringStart+m_lookahead); - unsigned int accepted = UnsignedMin(maxBlockSize-(m_stringStart+m_lookahead), length); - assert(accepted > 0); - memcpy(m_byteBuffer + m_stringStart + m_lookahead, str, accepted); - m_lookahead += accepted; - return accepted; -} - -inline unsigned int Deflator::ComputeHash(const byte *str) const -{ - assert(str+3 <= m_byteBuffer + m_stringStart + m_lookahead); - return ((str[0] << 10) ^ (str[1] << 5) ^ str[2]) & HMASK; -} - -unsigned int Deflator::LongestMatch(unsigned int &bestMatch) const -{ - assert(m_previousLength < MAX_MATCH); - - bestMatch = 0; - unsigned int bestLength = STDMAX(m_previousLength, (unsigned int)MIN_MATCH-1); - if (m_lookahead <= bestLength) - return 0; - - const byte *scan = m_byteBuffer + m_stringStart, *scanEnd = scan + STDMIN((unsigned int)MAX_MATCH, m_lookahead); - unsigned int limit = m_stringStart > (DSIZE-MAX_MATCH) ? m_stringStart - (DSIZE-MAX_MATCH) : 0; - unsigned int current = m_head[ComputeHash(scan)]; - - unsigned int chainLength = MAX_CHAIN_LENGTH; - if (m_previousLength >= GOOD_MATCH) - chainLength >>= 2; - - while (current > limit && --chainLength > 0) - { - const byte *match = m_byteBuffer + current; - assert(scan + bestLength < m_byteBuffer + m_stringStart + m_lookahead); - if (scan[bestLength-1] == match[bestLength-1] && scan[bestLength] == match[bestLength] && scan[0] == match[0] && scan[1] == match[1]) - { - assert(scan[2] == match[2]); - unsigned int len = (unsigned int)( -#if defined(_STDEXT_BEGIN) && !(defined(_MSC_VER) && (_MSC_VER < 1400 || _MSC_VER >= 1600)) && !defined(_STLPORT_VERSION) - stdext::unchecked_mismatch -#else - std::mismatch -#endif -#if _MSC_VER >= 1600 - (stdext::make_unchecked_array_iterator(scan)+3, stdext::make_unchecked_array_iterator(scanEnd), stdext::make_unchecked_array_iterator(match)+3).first - stdext::make_unchecked_array_iterator(scan)); -#else - (scan+3, scanEnd, match+3).first - scan); -#endif - assert(len != bestLength); - if (len > bestLength) - { - bestLength = len; - bestMatch = current; - if (len == (scanEnd - scan)) - break; - } - } - current = m_prev[current & DMASK]; - } - return (bestMatch > 0) ? bestLength : 0; -} - -inline void Deflator::InsertString(unsigned int start) -{ - unsigned int hash = ComputeHash(m_byteBuffer + start); - m_prev[start & DMASK] = m_head[hash]; - m_head[hash] = start; -} - -void Deflator::ProcessBuffer() -{ - if (!m_headerWritten) - { - WritePrestreamHeader(); - m_headerWritten = true; - } - - if (m_deflateLevel == 0) - { - m_stringStart += m_lookahead; - m_lookahead = 0; - m_blockLength = m_stringStart - m_blockStart; - m_matchAvailable = false; - return; - } - - while (m_lookahead > m_minLookahead) - { - while (m_dictionaryEnd < m_stringStart && m_dictionaryEnd+3 <= m_stringStart+m_lookahead) - InsertString(m_dictionaryEnd++); - - if (m_matchAvailable) - { - unsigned int matchPosition, matchLength; - bool usePreviousMatch; - if (m_previousLength >= MAX_LAZYLENGTH) - usePreviousMatch = true; - else - { - matchLength = LongestMatch(matchPosition); - usePreviousMatch = (matchLength == 0); - } - if (usePreviousMatch) - { - MatchFound(m_stringStart-1-m_previousMatch, m_previousLength); - m_stringStart += m_previousLength-1; - m_lookahead -= m_previousLength-1; - m_matchAvailable = false; - } - else - { - m_previousLength = matchLength; - m_previousMatch = matchPosition; - LiteralByte(m_byteBuffer[m_stringStart-1]); - m_stringStart++; - m_lookahead--; - } - } - else - { - m_previousLength = 0; - m_previousLength = LongestMatch(m_previousMatch); - if (m_previousLength) - m_matchAvailable = true; - else - LiteralByte(m_byteBuffer[m_stringStart]); - m_stringStart++; - m_lookahead--; - } - - assert(m_stringStart - (m_blockStart+m_blockLength) == (unsigned int)m_matchAvailable); - } - - if (m_minLookahead == 0 && m_matchAvailable) - { - LiteralByte(m_byteBuffer[m_stringStart-1]); - m_matchAvailable = false; - } -} - -size_t Deflator::Put2(const byte *str, size_t length, int messageEnd, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("Deflator"); - - size_t accepted = 0; - while (accepted < length) - { - unsigned int newAccepted = FillWindow(str+accepted, length-accepted); - ProcessBuffer(); - // call ProcessUncompressedData() after WritePrestreamHeader() - ProcessUncompressedData(str+accepted, newAccepted); - accepted += newAccepted; - } - assert(accepted == length); - - if (messageEnd) - { - m_minLookahead = 0; - ProcessBuffer(); - EndBlock(true); - FlushBitBuffer(); - WritePoststreamTail(); - Reset(); - } - - Output(0, NULL, 0, messageEnd, blocking); - return 0; -} - -bool Deflator::IsolatedFlush(bool hardFlush, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("Deflator"); - - m_minLookahead = 0; - ProcessBuffer(); - m_minLookahead = MAX_MATCH; - EndBlock(false); - if (hardFlush) - EncodeBlock(false, STORED); - return false; -} - -void Deflator::LiteralByte(byte b) -{ - if (m_matchBufferEnd == m_matchBuffer.size()) - EndBlock(false); - - m_matchBuffer[m_matchBufferEnd++].literalCode = b; - m_literalCounts[b]++; - m_blockLength++; -} - -void Deflator::MatchFound(unsigned int distance, unsigned int length) -{ - if (m_matchBufferEnd == m_matchBuffer.size()) - EndBlock(false); - - static const unsigned int lengthCodes[] = { - 257, 258, 259, 260, 261, 262, 263, 264, 265, 265, 266, 266, 267, 267, 268, 268, - 269, 269, 269, 269, 270, 270, 270, 270, 271, 271, 271, 271, 272, 272, 272, 272, - 273, 273, 273, 273, 273, 273, 273, 273, 274, 274, 274, 274, 274, 274, 274, 274, - 275, 275, 275, 275, 275, 275, 275, 275, 276, 276, 276, 276, 276, 276, 276, 276, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, - 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, - 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, - 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, - 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, - 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, - 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, - 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 285}; - static const unsigned int lengthBases[] = {3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258}; - static const unsigned int distanceBases[30] = - {1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577}; - - EncodedMatch &m = m_matchBuffer[m_matchBufferEnd++]; - assert(length >= 3); - unsigned int lengthCode = lengthCodes[length-3]; - m.literalCode = lengthCode; - m.literalExtra = length - lengthBases[lengthCode-257]; - unsigned int distanceCode = (unsigned int)(upper_bound(distanceBases, distanceBases+30, distance) - distanceBases - 1); - m.distanceCode = distanceCode; - m.distanceExtra = distance - distanceBases[distanceCode]; - - m_literalCounts[lengthCode]++; - m_distanceCounts[distanceCode]++; - m_blockLength += length; -} - -inline unsigned int CodeLengthEncode(const unsigned int *begin, - const unsigned int *end, - const unsigned int *& p, - unsigned int &extraBits, - unsigned int &extraBitsLength) -{ - unsigned int v = *p; - if ((end-p) >= 3) - { - const unsigned int *oldp = p; - if (v==0 && p[1]==0 && p[2]==0) - { - for (p=p+3; p!=end && *p==0 && p!=oldp+138; p++) {} - unsigned int repeat = (unsigned int)(p - oldp); - if (repeat <= 10) - { - extraBits = repeat-3; - extraBitsLength = 3; - return 17; - } - else - { - extraBits = repeat-11; - extraBitsLength = 7; - return 18; - } - } - else if (p!=begin && v==p[-1] && v==p[1] && v==p[2]) - { - for (p=p+3; p!=end && *p==v && p!=oldp+6; p++) {} - unsigned int repeat = (unsigned int)(p - oldp); - extraBits = repeat-3; - extraBitsLength = 2; - return 16; - } - } - p++; - extraBits = 0; - extraBitsLength = 0; - return v; -} - -void Deflator::EncodeBlock(bool eof, unsigned int blockType) -{ - PutBits(eof, 1); - PutBits(blockType, 2); - - if (blockType == STORED) - { - assert(m_blockStart + m_blockLength <= m_byteBuffer.size()); - assert(m_blockLength <= 0xffff); - FlushBitBuffer(); - AttachedTransformation()->PutWord16(m_blockLength, LITTLE_ENDIAN_ORDER); - AttachedTransformation()->PutWord16(~m_blockLength, LITTLE_ENDIAN_ORDER); - AttachedTransformation()->Put(m_byteBuffer + m_blockStart, m_blockLength); - } - else - { - if (blockType == DYNAMIC) - { -#if defined(_MSC_VER) && !defined(__MWERKS__) && (_MSC_VER <= 1300) - // VC60 and VC7 workaround: built-in reverse_iterator has two template parameters, Dinkumware only has one - typedef reverse_bidirectional_iterator<unsigned int *, unsigned int> RevIt; -#elif defined(_RWSTD_NO_CLASS_PARTIAL_SPEC) - typedef reverse_iterator<unsigned int *, random_access_iterator_tag, unsigned int> RevIt; -#else - typedef reverse_iterator<unsigned int *> RevIt; -#endif - - FixedSizeSecBlock<unsigned int, 286> literalCodeLengths; - FixedSizeSecBlock<unsigned int, 30> distanceCodeLengths; - - m_literalCounts[256] = 1; - HuffmanEncoder::GenerateCodeLengths(literalCodeLengths, 15, m_literalCounts, 286); - m_dynamicLiteralEncoder.Initialize(literalCodeLengths, 286); - unsigned int hlit = (unsigned int)(find_if(RevIt(literalCodeLengths.end()), RevIt(literalCodeLengths.begin()+257), bind2nd(not_equal_to<unsigned int>(), 0)).base() - (literalCodeLengths.begin()+257)); - - HuffmanEncoder::GenerateCodeLengths(distanceCodeLengths, 15, m_distanceCounts, 30); - m_dynamicDistanceEncoder.Initialize(distanceCodeLengths, 30); - unsigned int hdist = (unsigned int)(find_if(RevIt(distanceCodeLengths.end()), RevIt(distanceCodeLengths.begin()+1), bind2nd(not_equal_to<unsigned int>(), 0)).base() - (distanceCodeLengths.begin()+1)); - - SecBlockWithHint<unsigned int, 286+30> combinedLengths(hlit+257+hdist+1); - memcpy(combinedLengths, literalCodeLengths, (hlit+257)*sizeof(unsigned int)); - memcpy(combinedLengths+hlit+257, distanceCodeLengths, (hdist+1)*sizeof(unsigned int)); - - FixedSizeSecBlock<unsigned int, 19> codeLengthCodeCounts, codeLengthCodeLengths; - fill(codeLengthCodeCounts.begin(), codeLengthCodeCounts.end(), 0); - const unsigned int *p = combinedLengths.begin(), *begin = combinedLengths.begin(), *end = combinedLengths.end(); - while (p != end) - { - unsigned int code, extraBits, extraBitsLength; - code = CodeLengthEncode(begin, end, p, extraBits, extraBitsLength); - codeLengthCodeCounts[code]++; - } - HuffmanEncoder::GenerateCodeLengths(codeLengthCodeLengths, 7, codeLengthCodeCounts, 19); - HuffmanEncoder codeLengthEncoder(codeLengthCodeLengths, 19); - static const unsigned int border[] = { // Order of the bit length code lengths - 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; - unsigned int hclen = 19; - while (hclen > 4 && codeLengthCodeLengths[border[hclen-1]] == 0) - hclen--; - hclen -= 4; - - PutBits(hlit, 5); - PutBits(hdist, 5); - PutBits(hclen, 4); - - for (unsigned int i=0; i<hclen+4; i++) - PutBits(codeLengthCodeLengths[border[i]], 3); - - p = combinedLengths.begin(); - while (p != end) - { - unsigned int code, extraBits, extraBitsLength; - code = CodeLengthEncode(begin, end, p, extraBits, extraBitsLength); - codeLengthEncoder.Encode(*this, code); - PutBits(extraBits, extraBitsLength); - } - } - - static const unsigned int lengthExtraBits[] = { - 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, - 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; - static const unsigned int distanceExtraBits[] = { - 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, - 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, - 12, 12, 13, 13}; - - const HuffmanEncoder &literalEncoder = (blockType == STATIC) ? m_staticLiteralEncoder : m_dynamicLiteralEncoder; - const HuffmanEncoder &distanceEncoder = (blockType == STATIC) ? m_staticDistanceEncoder : m_dynamicDistanceEncoder; - - for (unsigned int i=0; i<m_matchBufferEnd; i++) - { - unsigned int literalCode = m_matchBuffer[i].literalCode; - literalEncoder.Encode(*this, literalCode); - if (literalCode >= 257) - { - assert(literalCode <= 285); - PutBits(m_matchBuffer[i].literalExtra, lengthExtraBits[literalCode-257]); - unsigned int distanceCode = m_matchBuffer[i].distanceCode; - distanceEncoder.Encode(*this, distanceCode); - PutBits(m_matchBuffer[i].distanceExtra, distanceExtraBits[distanceCode]); - } - } - literalEncoder.Encode(*this, 256); // end of block - } -} - -void Deflator::EndBlock(bool eof) -{ - if (m_blockLength == 0 && !eof) - return; - - if (m_deflateLevel == 0) - { - EncodeBlock(eof, STORED); - - if (m_compressibleDeflateLevel > 0 && ++m_detectCount == m_detectSkip) - { - m_deflateLevel = m_compressibleDeflateLevel; - m_detectCount = 1; - } - } - else - { - unsigned long storedLen = 8*((unsigned long)m_blockLength+4) + RoundUpToMultipleOf(m_bitsBuffered+3, 8U)-m_bitsBuffered; - - StartCounting(); - EncodeBlock(eof, STATIC); - unsigned long staticLen = FinishCounting(); - - unsigned long dynamicLen; - if (m_blockLength < 128 && m_deflateLevel < 8) - dynamicLen = ULONG_MAX; - else - { - StartCounting(); - EncodeBlock(eof, DYNAMIC); - dynamicLen = FinishCounting(); - } - - if (storedLen <= staticLen && storedLen <= dynamicLen) - { - EncodeBlock(eof, STORED); - - if (m_compressibleDeflateLevel > 0) - { - if (m_detectSkip) - m_deflateLevel = 0; - m_detectSkip = m_detectSkip ? STDMIN(2*m_detectSkip, 128U) : 1; - } - } - else - { - if (staticLen <= dynamicLen) - EncodeBlock(eof, STATIC); - else - EncodeBlock(eof, DYNAMIC); - - if (m_compressibleDeflateLevel > 0) - m_detectSkip = 0; - } - } - - m_matchBufferEnd = 0; - m_blockStart += m_blockLength; - m_blockLength = 0; - fill(m_literalCounts.begin(), m_literalCounts.end(), 0); - fill(m_distanceCounts.begin(), m_distanceCounts.end(), 0); -} - -NAMESPACE_END diff --git a/cryptopp562/zdeflate.h b/cryptopp562/zdeflate.h deleted file mode 100644 index 8bbd14e..0000000 --- a/cryptopp562/zdeflate.h +++ /dev/null @@ -1,121 +0,0 @@ -#ifndef CRYPTOPP_ZDEFLATE_H -#define CRYPTOPP_ZDEFLATE_H - -#include "filters.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class LowFirstBitWriter : public Filter -{ -public: - LowFirstBitWriter(BufferedTransformation *attachment); - void PutBits(unsigned long value, unsigned int length); - void FlushBitBuffer(); - void ClearBitBuffer(); - - void StartCounting(); - unsigned long FinishCounting(); - -protected: - bool m_counting; - unsigned long m_bitCount; - unsigned long m_buffer; - unsigned int m_bitsBuffered, m_bytesBuffered; - FixedSizeSecBlock<byte, 256> m_outputBuffer; -}; - -//! Huffman Encoder -class HuffmanEncoder -{ -public: - typedef unsigned int code_t; - typedef unsigned int value_t; - - HuffmanEncoder() {} - HuffmanEncoder(const unsigned int *codeBits, unsigned int nCodes); - void Initialize(const unsigned int *codeBits, unsigned int nCodes); - - static void GenerateCodeLengths(unsigned int *codeBits, unsigned int maxCodeBits, const unsigned int *codeCounts, size_t nCodes); - - void Encode(LowFirstBitWriter &writer, value_t value) const; - - struct Code - { - unsigned int code; - unsigned int len; - }; - - SecBlock<Code> m_valueToCode; -}; - -//! DEFLATE (RFC 1951) compressor - -class Deflator : public LowFirstBitWriter -{ -public: - enum {MIN_DEFLATE_LEVEL = 0, DEFAULT_DEFLATE_LEVEL = 6, MAX_DEFLATE_LEVEL = 9}; - enum {MIN_LOG2_WINDOW_SIZE = 9, DEFAULT_LOG2_WINDOW_SIZE = 15, MAX_LOG2_WINDOW_SIZE = 15}; - /*! \note detectUncompressible makes it faster to process uncompressible files, but - if a file has both compressible and uncompressible parts, it may fail to compress some of the - compressible parts. */ - Deflator(BufferedTransformation *attachment=NULL, int deflateLevel=DEFAULT_DEFLATE_LEVEL, int log2WindowSize=DEFAULT_LOG2_WINDOW_SIZE, bool detectUncompressible=true); - //! possible parameter names: Log2WindowSize, DeflateLevel, DetectUncompressible - Deflator(const NameValuePairs ¶meters, BufferedTransformation *attachment=NULL); - - //! this function can be used to set the deflate level in the middle of compression - void SetDeflateLevel(int deflateLevel); - int GetDeflateLevel() const {return m_deflateLevel;} - int GetLog2WindowSize() const {return m_log2WindowSize;} - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - bool IsolatedFlush(bool hardFlush, bool blocking); - -protected: - virtual void WritePrestreamHeader() {} - virtual void ProcessUncompressedData(const byte *string, size_t length) {} - virtual void WritePoststreamTail() {} - - enum {STORED = 0, STATIC = 1, DYNAMIC = 2}; - enum {MIN_MATCH = 3, MAX_MATCH = 258}; - - void InitializeStaticEncoders(); - void Reset(bool forceReset = false); - unsigned int FillWindow(const byte *str, size_t length); - unsigned int ComputeHash(const byte *str) const; - unsigned int LongestMatch(unsigned int &bestMatch) const; - void InsertString(unsigned int start); - void ProcessBuffer(); - - void LiteralByte(byte b); - void MatchFound(unsigned int distance, unsigned int length); - void EncodeBlock(bool eof, unsigned int blockType); - void EndBlock(bool eof); - - struct EncodedMatch - { - unsigned literalCode : 9; - unsigned literalExtra : 5; - unsigned distanceCode : 5; - unsigned distanceExtra : 13; - }; - - int m_deflateLevel, m_log2WindowSize, m_compressibleDeflateLevel; - unsigned int m_detectSkip, m_detectCount; - unsigned int DSIZE, DMASK, HSIZE, HMASK, GOOD_MATCH, MAX_LAZYLENGTH, MAX_CHAIN_LENGTH; - bool m_headerWritten, m_matchAvailable; - unsigned int m_dictionaryEnd, m_stringStart, m_lookahead, m_minLookahead, m_previousMatch, m_previousLength; - HuffmanEncoder m_staticLiteralEncoder, m_staticDistanceEncoder, m_dynamicLiteralEncoder, m_dynamicDistanceEncoder; - SecByteBlock m_byteBuffer; - SecBlock<word16> m_head, m_prev; - FixedSizeSecBlock<unsigned int, 286> m_literalCounts; - FixedSizeSecBlock<unsigned int, 30> m_distanceCounts; - SecBlock<EncodedMatch> m_matchBuffer; - unsigned int m_matchBufferEnd, m_blockStart, m_blockLength; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/zinflate.cpp b/cryptopp562/zinflate.cpp deleted file mode 100644 index 4018e11..0000000 --- a/cryptopp562/zinflate.cpp +++ /dev/null @@ -1,621 +0,0 @@ -// zinflate.cpp - written and placed in the public domain by Wei Dai - -// This is a complete reimplementation of the DEFLATE decompression algorithm. -// It should not be affected by any security vulnerabilities in the zlib -// compression library. In particular it is not affected by the double free bug -// (http://www.kb.cert.org/vuls/id/368819). - -#include "pch.h" -#include "zinflate.h" - -NAMESPACE_BEGIN(CryptoPP) - -struct CodeLessThan -{ - inline bool operator()(CryptoPP::HuffmanDecoder::code_t lhs, const CryptoPP::HuffmanDecoder::CodeInfo &rhs) - {return lhs < rhs.code;} - // needed for MSVC .NET 2005 - inline bool operator()(const CryptoPP::HuffmanDecoder::CodeInfo &lhs, const CryptoPP::HuffmanDecoder::CodeInfo &rhs) - {return lhs.code < rhs.code;} -}; - -inline bool LowFirstBitReader::FillBuffer(unsigned int length) -{ - while (m_bitsBuffered < length) - { - byte b; - if (!m_store.Get(b)) - return false; - m_buffer |= (unsigned long)b << m_bitsBuffered; - m_bitsBuffered += 8; - } - assert(m_bitsBuffered <= sizeof(unsigned long)*8); - return true; -} - -inline unsigned long LowFirstBitReader::PeekBits(unsigned int length) -{ - bool result = FillBuffer(length); - assert(result); - return m_buffer & (((unsigned long)1 << length) - 1); -} - -inline void LowFirstBitReader::SkipBits(unsigned int length) -{ - assert(m_bitsBuffered >= length); - m_buffer >>= length; - m_bitsBuffered -= length; -} - -inline unsigned long LowFirstBitReader::GetBits(unsigned int length) -{ - unsigned long result = PeekBits(length); - SkipBits(length); - return result; -} - -inline HuffmanDecoder::code_t HuffmanDecoder::NormalizeCode(HuffmanDecoder::code_t code, unsigned int codeBits) -{ - return code << (MAX_CODE_BITS - codeBits); -} - -void HuffmanDecoder::Initialize(const unsigned int *codeBits, unsigned int nCodes) -{ - // the Huffman codes are represented in 3 ways in this code: - // - // 1. most significant code bit (i.e. top of code tree) in the least significant bit position - // 2. most significant code bit (i.e. top of code tree) in the most significant bit position - // 3. most significant code bit (i.e. top of code tree) in n-th least significant bit position, - // where n is the maximum code length for this code tree - // - // (1) is the way the codes come in from the deflate stream - // (2) is used to sort codes so they can be binary searched - // (3) is used in this function to compute codes from code lengths - // - // a code in representation (2) is called "normalized" here - // The BitReverse() function is used to convert between (1) and (2) - // The NormalizeCode() function is used to convert from (3) to (2) - - if (nCodes == 0) - throw Err("null code"); - - m_maxCodeBits = *std::max_element(codeBits, codeBits+nCodes); - - if (m_maxCodeBits > MAX_CODE_BITS) - throw Err("code length exceeds maximum"); - - if (m_maxCodeBits == 0) - throw Err("null code"); - - // count number of codes of each length - SecBlockWithHint<unsigned int, 15+1> blCount(m_maxCodeBits+1); - std::fill(blCount.begin(), blCount.end(), 0); - unsigned int i; - for (i=0; i<nCodes; i++) - blCount[codeBits[i]]++; - - // compute the starting code of each length - code_t code = 0; - SecBlockWithHint<code_t, 15+1> nextCode(m_maxCodeBits+1); - nextCode[1] = 0; - for (i=2; i<=m_maxCodeBits; i++) - { - // compute this while checking for overflow: code = (code + blCount[i-1]) << 1 - if (code > code + blCount[i-1]) - throw Err("codes oversubscribed"); - code += blCount[i-1]; - if (code > (code << 1)) - throw Err("codes oversubscribed"); - code <<= 1; - nextCode[i] = code; - } - - if (code > (1 << m_maxCodeBits) - blCount[m_maxCodeBits]) - throw Err("codes oversubscribed"); - else if (m_maxCodeBits != 1 && code < (1 << m_maxCodeBits) - blCount[m_maxCodeBits]) - throw Err("codes incomplete"); - - // compute a vector of <code, length, value> triples sorted by code - m_codeToValue.resize(nCodes - blCount[0]); - unsigned int j=0; - for (i=0; i<nCodes; i++) - { - unsigned int len = codeBits[i]; - if (len != 0) - { - code = NormalizeCode(nextCode[len]++, len); - m_codeToValue[j].code = code; - m_codeToValue[j].len = len; - m_codeToValue[j].value = i; - j++; - } - } - std::sort(m_codeToValue.begin(), m_codeToValue.end()); - - // initialize the decoding cache - m_cacheBits = STDMIN(9U, m_maxCodeBits); - m_cacheMask = (1 << m_cacheBits) - 1; - m_normalizedCacheMask = NormalizeCode(m_cacheMask, m_cacheBits); - assert(m_normalizedCacheMask == BitReverse(m_cacheMask)); - - if (m_cache.size() != size_t(1) << m_cacheBits) - m_cache.resize(1 << m_cacheBits); - - for (i=0; i<m_cache.size(); i++) - m_cache[i].type = 0; -} - -void HuffmanDecoder::FillCacheEntry(LookupEntry &entry, code_t normalizedCode) const -{ - normalizedCode &= m_normalizedCacheMask; - const CodeInfo &codeInfo = *(std::upper_bound(m_codeToValue.begin(), m_codeToValue.end(), normalizedCode, CodeLessThan())-1); - if (codeInfo.len <= m_cacheBits) - { - entry.type = 1; - entry.value = codeInfo.value; - entry.len = codeInfo.len; - } - else - { - entry.begin = &codeInfo; - const CodeInfo *last = & *(std::upper_bound(m_codeToValue.begin(), m_codeToValue.end(), normalizedCode + ~m_normalizedCacheMask, CodeLessThan())-1); - if (codeInfo.len == last->len) - { - entry.type = 2; - entry.len = codeInfo.len; - } - else - { - entry.type = 3; - entry.end = last+1; - } - } -} - -inline unsigned int HuffmanDecoder::Decode(code_t code, /* out */ value_t &value) const -{ - assert(m_codeToValue.size() > 0); - LookupEntry &entry = m_cache[code & m_cacheMask]; - - code_t normalizedCode; - if (entry.type != 1) - normalizedCode = BitReverse(code); - - if (entry.type == 0) - FillCacheEntry(entry, normalizedCode); - - if (entry.type == 1) - { - value = entry.value; - return entry.len; - } - else - { - const CodeInfo &codeInfo = (entry.type == 2) - ? entry.begin[(normalizedCode << m_cacheBits) >> (MAX_CODE_BITS - (entry.len - m_cacheBits))] - : *(std::upper_bound(entry.begin, entry.end, normalizedCode, CodeLessThan())-1); - value = codeInfo.value; - return codeInfo.len; - } -} - -bool HuffmanDecoder::Decode(LowFirstBitReader &reader, value_t &value) const -{ - reader.FillBuffer(m_maxCodeBits); - unsigned int codeBits = Decode(reader.PeekBuffer(), value); - if (codeBits > reader.BitsBuffered()) - return false; - reader.SkipBits(codeBits); - return true; -} - -// ************************************************************* - -Inflator::Inflator(BufferedTransformation *attachment, bool repeat, int propagation) - : AutoSignaling<Filter>(propagation) - , m_state(PRE_STREAM), m_repeat(repeat), m_reader(m_inQueue) -{ - Detach(attachment); -} - -void Inflator::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_state = PRE_STREAM; - parameters.GetValue("Repeat", m_repeat); - m_inQueue.Clear(); - m_reader.SkipBits(m_reader.BitsBuffered()); -} - -void Inflator::OutputByte(byte b) -{ - m_window[m_current++] = b; - if (m_current == m_window.size()) - { - ProcessDecompressedData(m_window + m_lastFlush, m_window.size() - m_lastFlush); - m_lastFlush = 0; - m_current = 0; - m_wrappedAround = true; - } -} - -void Inflator::OutputString(const byte *string, size_t length) -{ - while (length) - { - size_t len = UnsignedMin(length, m_window.size() - m_current); - memcpy(m_window + m_current, string, len); - m_current += len; - if (m_current == m_window.size()) - { - ProcessDecompressedData(m_window + m_lastFlush, m_window.size() - m_lastFlush); - m_lastFlush = 0; - m_current = 0; - m_wrappedAround = true; - } - string += len; - length -= len; - } -} - -void Inflator::OutputPast(unsigned int length, unsigned int distance) -{ - size_t start; - if (distance <= m_current) - start = m_current - distance; - else if (m_wrappedAround && distance <= m_window.size()) - start = m_current + m_window.size() - distance; - else - throw BadBlockErr(); - - if (start + length > m_window.size()) - { - for (; start < m_window.size(); start++, length--) - OutputByte(m_window[start]); - start = 0; - } - - if (start + length > m_current || m_current + length >= m_window.size()) - { - while (length--) - OutputByte(m_window[start++]); - } - else - { - memcpy(m_window + m_current, m_window + start, length); - m_current += length; - } -} - -size_t Inflator::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("Inflator"); - - LazyPutter lp(m_inQueue, inString, length); - ProcessInput(messageEnd != 0); - - if (messageEnd) - if (!(m_state == PRE_STREAM || m_state == AFTER_END)) - throw UnexpectedEndErr(); - - Output(0, NULL, 0, messageEnd, blocking); - return 0; -} - -bool Inflator::IsolatedFlush(bool hardFlush, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("Inflator"); - - if (hardFlush) - ProcessInput(true); - FlushOutput(); - - return false; -} - -void Inflator::ProcessInput(bool flush) -{ - while (true) - { - switch (m_state) - { - case PRE_STREAM: - if (!flush && m_inQueue.CurrentSize() < MaxPrestreamHeaderSize()) - return; - ProcessPrestreamHeader(); - m_state = WAIT_HEADER; - m_wrappedAround = false; - m_current = 0; - m_lastFlush = 0; - m_window.New(1 << GetLog2WindowSize()); - break; - case WAIT_HEADER: - { - // maximum number of bytes before actual compressed data starts - const size_t MAX_HEADER_SIZE = BitsToBytes(3+5+5+4+19*7+286*15+19*15); - if (m_inQueue.CurrentSize() < (flush ? 1 : MAX_HEADER_SIZE)) - return; - DecodeHeader(); - break; - } - case DECODING_BODY: - if (!DecodeBody()) - return; - break; - case POST_STREAM: - if (!flush && m_inQueue.CurrentSize() < MaxPoststreamTailSize()) - return; - ProcessPoststreamTail(); - m_state = m_repeat ? PRE_STREAM : AFTER_END; - Output(0, NULL, 0, GetAutoSignalPropagation(), true); // TODO: non-blocking - if (m_inQueue.IsEmpty()) - return; - break; - case AFTER_END: - m_inQueue.TransferTo(*AttachedTransformation()); - return; - } - } -} - -void Inflator::DecodeHeader() -{ - if (!m_reader.FillBuffer(3)) - throw UnexpectedEndErr(); - m_eof = m_reader.GetBits(1) != 0; - m_blockType = (byte)m_reader.GetBits(2); - switch (m_blockType) - { - case 0: // stored - { - m_reader.SkipBits(m_reader.BitsBuffered() % 8); - if (!m_reader.FillBuffer(32)) - throw UnexpectedEndErr(); - m_storedLen = (word16)m_reader.GetBits(16); - word16 nlen = (word16)m_reader.GetBits(16); - if (nlen != (word16)~m_storedLen) - throw BadBlockErr(); - break; - } - case 1: // fixed codes - m_nextDecode = LITERAL; - break; - case 2: // dynamic codes - { - if (!m_reader.FillBuffer(5+5+4)) - throw UnexpectedEndErr(); - unsigned int hlit = m_reader.GetBits(5); - unsigned int hdist = m_reader.GetBits(5); - unsigned int hclen = m_reader.GetBits(4); - - FixedSizeSecBlock<unsigned int, 286+32> codeLengths; - unsigned int i; - static const unsigned int border[] = { // Order of the bit length code lengths - 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; - std::fill(codeLengths.begin(), codeLengths+19, 0); - for (i=0; i<hclen+4; i++) - codeLengths[border[i]] = m_reader.GetBits(3); - - try - { - HuffmanDecoder codeLengthDecoder(codeLengths, 19); - for (i = 0; i < hlit+257+hdist+1; ) - { - unsigned int k, count, repeater; - bool result = codeLengthDecoder.Decode(m_reader, k); - if (!result) - throw UnexpectedEndErr(); - if (k <= 15) - { - count = 1; - repeater = k; - } - else switch (k) - { - case 16: - if (!m_reader.FillBuffer(2)) - throw UnexpectedEndErr(); - count = 3 + m_reader.GetBits(2); - if (i == 0) - throw BadBlockErr(); - repeater = codeLengths[i-1]; - break; - case 17: - if (!m_reader.FillBuffer(3)) - throw UnexpectedEndErr(); - count = 3 + m_reader.GetBits(3); - repeater = 0; - break; - case 18: - if (!m_reader.FillBuffer(7)) - throw UnexpectedEndErr(); - count = 11 + m_reader.GetBits(7); - repeater = 0; - break; - } - if (i + count > hlit+257+hdist+1) - throw BadBlockErr(); - std::fill(codeLengths + i, codeLengths + i + count, repeater); - i += count; - } - m_dynamicLiteralDecoder.Initialize(codeLengths, hlit+257); - if (hdist == 0 && codeLengths[hlit+257] == 0) - { - if (hlit != 0) // a single zero distance code length means all literals - throw BadBlockErr(); - } - else - m_dynamicDistanceDecoder.Initialize(codeLengths+hlit+257, hdist+1); - m_nextDecode = LITERAL; - } - catch (HuffmanDecoder::Err &) - { - throw BadBlockErr(); - } - break; - } - default: - throw BadBlockErr(); // reserved block type - } - m_state = DECODING_BODY; -} - -bool Inflator::DecodeBody() -{ - bool blockEnd = false; - switch (m_blockType) - { - case 0: // stored - assert(m_reader.BitsBuffered() == 0); - while (!m_inQueue.IsEmpty() && !blockEnd) - { - size_t size; - const byte *block = m_inQueue.Spy(size); - size = UnsignedMin(m_storedLen, size); - OutputString(block, size); - m_inQueue.Skip(size); - m_storedLen -= (word16)size; - if (m_storedLen == 0) - blockEnd = true; - } - break; - case 1: // fixed codes - case 2: // dynamic codes - static const unsigned int lengthStarts[] = { - 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, - 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258}; - static const unsigned int lengthExtraBits[] = { - 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, - 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; - static const unsigned int distanceStarts[] = { - 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, - 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, - 8193, 12289, 16385, 24577}; - static const unsigned int distanceExtraBits[] = { - 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, - 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, - 12, 12, 13, 13}; - - const HuffmanDecoder& literalDecoder = GetLiteralDecoder(); - const HuffmanDecoder& distanceDecoder = GetDistanceDecoder(); - - switch (m_nextDecode) - { - case LITERAL: - while (true) - { - if (!literalDecoder.Decode(m_reader, m_literal)) - { - m_nextDecode = LITERAL; - break; - } - if (m_literal < 256) - OutputByte((byte)m_literal); - else if (m_literal == 256) // end of block - { - blockEnd = true; - break; - } - else - { - if (m_literal > 285) - throw BadBlockErr(); - unsigned int bits; - case LENGTH_BITS: - bits = lengthExtraBits[m_literal-257]; - if (!m_reader.FillBuffer(bits)) - { - m_nextDecode = LENGTH_BITS; - break; - } - m_literal = m_reader.GetBits(bits) + lengthStarts[m_literal-257]; - case DISTANCE: - if (!distanceDecoder.Decode(m_reader, m_distance)) - { - m_nextDecode = DISTANCE; - break; - } - case DISTANCE_BITS: - bits = distanceExtraBits[m_distance]; - if (!m_reader.FillBuffer(bits)) - { - m_nextDecode = DISTANCE_BITS; - break; - } - m_distance = m_reader.GetBits(bits) + distanceStarts[m_distance]; - OutputPast(m_literal, m_distance); - } - } - } - } - if (blockEnd) - { - if (m_eof) - { - FlushOutput(); - m_reader.SkipBits(m_reader.BitsBuffered()%8); - if (m_reader.BitsBuffered()) - { - // undo too much lookahead - SecBlockWithHint<byte, 4> buffer(m_reader.BitsBuffered() / 8); - for (unsigned int i=0; i<buffer.size(); i++) - buffer[i] = (byte)m_reader.GetBits(8); - m_inQueue.Unget(buffer, buffer.size()); - } - m_state = POST_STREAM; - } - else - m_state = WAIT_HEADER; - } - return blockEnd; -} - -void Inflator::FlushOutput() -{ - if (m_state != PRE_STREAM) - { - assert(m_current >= m_lastFlush); - ProcessDecompressedData(m_window + m_lastFlush, m_current - m_lastFlush); - m_lastFlush = m_current; - } -} - -struct NewFixedLiteralDecoder -{ - HuffmanDecoder * operator()() const - { - unsigned int codeLengths[288]; - std::fill(codeLengths + 0, codeLengths + 144, 8); - std::fill(codeLengths + 144, codeLengths + 256, 9); - std::fill(codeLengths + 256, codeLengths + 280, 7); - std::fill(codeLengths + 280, codeLengths + 288, 8); - std::auto_ptr<HuffmanDecoder> pDecoder(new HuffmanDecoder); - pDecoder->Initialize(codeLengths, 288); - return pDecoder.release(); - } -}; - -struct NewFixedDistanceDecoder -{ - HuffmanDecoder * operator()() const - { - unsigned int codeLengths[32]; - std::fill(codeLengths + 0, codeLengths + 32, 5); - std::auto_ptr<HuffmanDecoder> pDecoder(new HuffmanDecoder); - pDecoder->Initialize(codeLengths, 32); - return pDecoder.release(); - } -}; - -const HuffmanDecoder& Inflator::GetLiteralDecoder() const -{ - return m_blockType == 1 ? Singleton<HuffmanDecoder, NewFixedLiteralDecoder>().Ref() : m_dynamicLiteralDecoder; -} - -const HuffmanDecoder& Inflator::GetDistanceDecoder() const -{ - return m_blockType == 1 ? Singleton<HuffmanDecoder, NewFixedDistanceDecoder>().Ref() : m_dynamicDistanceDecoder; -} - -NAMESPACE_END diff --git a/cryptopp562/zinflate.h b/cryptopp562/zinflate.h deleted file mode 100644 index 7e1225b..0000000 --- a/cryptopp562/zinflate.h +++ /dev/null @@ -1,149 +0,0 @@ -#ifndef CRYPTOPP_ZINFLATE_H -#define CRYPTOPP_ZINFLATE_H - -#include "filters.h" -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class LowFirstBitReader -{ -public: - LowFirstBitReader(BufferedTransformation &store) - : m_store(store), m_buffer(0), m_bitsBuffered(0) {} -// unsigned long BitsLeft() const {return m_store.MaxRetrievable() * 8 + m_bitsBuffered;} - unsigned int BitsBuffered() const {return m_bitsBuffered;} - unsigned long PeekBuffer() const {return m_buffer;} - bool FillBuffer(unsigned int length); - unsigned long PeekBits(unsigned int length); - void SkipBits(unsigned int length); - unsigned long GetBits(unsigned int length); - -private: - BufferedTransformation &m_store; - unsigned long m_buffer; - unsigned int m_bitsBuffered; -}; - -struct CodeLessThan; - -//! Huffman Decoder -class HuffmanDecoder -{ -public: - typedef unsigned int code_t; - typedef unsigned int value_t; - enum {MAX_CODE_BITS = sizeof(code_t)*8}; - - class Err : public Exception {public: Err(const std::string &what) : Exception(INVALID_DATA_FORMAT, "HuffmanDecoder: " + what) {}}; - - HuffmanDecoder() {} - HuffmanDecoder(const unsigned int *codeBitLengths, unsigned int nCodes) {Initialize(codeBitLengths, nCodes);} - - void Initialize(const unsigned int *codeBitLengths, unsigned int nCodes); - unsigned int Decode(code_t code, /* out */ value_t &value) const; - bool Decode(LowFirstBitReader &reader, value_t &value) const; - -private: - friend struct CodeLessThan; - - struct CodeInfo - { - CodeInfo(code_t code=0, unsigned int len=0, value_t value=0) : code(code), len(len), value(value) {} - inline bool operator<(const CodeInfo &rhs) const {return code < rhs.code;} - code_t code; - unsigned int len; - value_t value; - }; - - struct LookupEntry - { - unsigned int type; - union - { - value_t value; - const CodeInfo *begin; - }; - union - { - unsigned int len; - const CodeInfo *end; - }; - }; - - static code_t NormalizeCode(code_t code, unsigned int codeBits); - void FillCacheEntry(LookupEntry &entry, code_t normalizedCode) const; - - unsigned int m_maxCodeBits, m_cacheBits, m_cacheMask, m_normalizedCacheMask; - std::vector<CodeInfo, AllocatorWithCleanup<CodeInfo> > m_codeToValue; - mutable std::vector<LookupEntry, AllocatorWithCleanup<LookupEntry> > m_cache; -}; - -//! DEFLATE (RFC 1951) decompressor - -class Inflator : public AutoSignaling<Filter> -{ -public: - class Err : public Exception - { - public: - Err(ErrorType e, const std::string &s) - : Exception(e, s) {} - }; - class UnexpectedEndErr : public Err {public: UnexpectedEndErr() : Err(INVALID_DATA_FORMAT, "Inflator: unexpected end of compressed block") {}}; - class BadBlockErr : public Err {public: BadBlockErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in compressed block") {}}; - - /*! \param repeat decompress multiple compressed streams in series - \param autoSignalPropagation 0 to turn off MessageEnd signal - */ - Inflator(BufferedTransformation *attachment = NULL, bool repeat = false, int autoSignalPropagation = -1); - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - bool IsolatedFlush(bool hardFlush, bool blocking); - - virtual unsigned int GetLog2WindowSize() const {return 15;} - -protected: - ByteQueue m_inQueue; - -private: - virtual unsigned int MaxPrestreamHeaderSize() const {return 0;} - virtual void ProcessPrestreamHeader() {} - virtual void ProcessDecompressedData(const byte *string, size_t length) - {AttachedTransformation()->Put(string, length);} - virtual unsigned int MaxPoststreamTailSize() const {return 0;} - virtual void ProcessPoststreamTail() {} - - void ProcessInput(bool flush); - void DecodeHeader(); - bool DecodeBody(); - void FlushOutput(); - void OutputByte(byte b); - void OutputString(const byte *string, size_t length); - void OutputPast(unsigned int length, unsigned int distance); - - static const HuffmanDecoder *FixedLiteralDecoder(); - static const HuffmanDecoder *FixedDistanceDecoder(); - - const HuffmanDecoder& GetLiteralDecoder() const; - const HuffmanDecoder& GetDistanceDecoder() const; - - enum State {PRE_STREAM, WAIT_HEADER, DECODING_BODY, POST_STREAM, AFTER_END}; - State m_state; - bool m_repeat, m_eof, m_wrappedAround; - byte m_blockType; - word16 m_storedLen; - enum NextDecode {LITERAL, LENGTH_BITS, DISTANCE, DISTANCE_BITS}; - NextDecode m_nextDecode; - unsigned int m_literal, m_distance; // for LENGTH_BITS or DISTANCE_BITS - HuffmanDecoder m_dynamicLiteralDecoder, m_dynamicDistanceDecoder; - LowFirstBitReader m_reader; - SecByteBlock m_window; - size_t m_current, m_lastFlush; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/zlib.cpp b/cryptopp562/zlib.cpp deleted file mode 100644 index 4abafb0..0000000 --- a/cryptopp562/zlib.cpp +++ /dev/null @@ -1,90 +0,0 @@ -// zlib.cpp - written and placed in the public domain by Wei Dai - -// "zlib" is the name of a well known C language compression library -// (http://www.zlib.org) and also the name of a compression format -// (RFC 1950) that the library implements. This file is part of a -// complete reimplementation of the zlib compression format. - -#include "pch.h" -#include "zlib.h" -#include "zdeflate.h" -#include "zinflate.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const byte DEFLATE_METHOD = 8; -static const byte FDICT_FLAG = 1 << 5; - -// ************************************************************* - -void ZlibCompressor::WritePrestreamHeader() -{ - m_adler32.Restart(); - byte cmf = DEFLATE_METHOD | ((GetLog2WindowSize()-8) << 4); - byte flags = GetCompressionLevel() << 6; - AttachedTransformation()->PutWord16(RoundUpToMultipleOf(cmf*256+flags, 31)); -} - -void ZlibCompressor::ProcessUncompressedData(const byte *inString, size_t length) -{ - m_adler32.Update(inString, length); -} - -void ZlibCompressor::WritePoststreamTail() -{ - FixedSizeSecBlock<byte, 4> adler32; - m_adler32.Final(adler32); - AttachedTransformation()->Put(adler32, 4); -} - -unsigned int ZlibCompressor::GetCompressionLevel() const -{ - static const unsigned int deflateToCompressionLevel[] = {0, 1, 1, 1, 2, 2, 2, 2, 2, 3}; - return deflateToCompressionLevel[GetDeflateLevel()]; -} - -// ************************************************************* - -ZlibDecompressor::ZlibDecompressor(BufferedTransformation *attachment, bool repeat, int propagation) - : Inflator(attachment, repeat, propagation) -{ -} - -void ZlibDecompressor::ProcessPrestreamHeader() -{ - m_adler32.Restart(); - - byte cmf; - byte flags; - - if (!m_inQueue.Get(cmf) || !m_inQueue.Get(flags)) - throw HeaderErr(); - - if ((cmf*256+flags) % 31 != 0) - throw HeaderErr(); // if you hit this exception, you're probably trying to decompress invalid data - - if ((cmf & 0xf) != DEFLATE_METHOD) - throw UnsupportedAlgorithm(); - - if (flags & FDICT_FLAG) - throw UnsupportedPresetDictionary(); - - m_log2WindowSize = 8 + (cmf >> 4); -} - -void ZlibDecompressor::ProcessDecompressedData(const byte *inString, size_t length) -{ - AttachedTransformation()->Put(inString, length); - m_adler32.Update(inString, length); -} - -void ZlibDecompressor::ProcessPoststreamTail() -{ - FixedSizeSecBlock<byte, 4> adler32; - if (m_inQueue.Get(adler32, 4) != 4) - throw Adler32Err(); - if (!m_adler32.Verify(adler32)) - throw Adler32Err(); -} - -NAMESPACE_END diff --git a/cryptopp562/zlib.h b/cryptopp562/zlib.h deleted file mode 100644 index 443b144..0000000 --- a/cryptopp562/zlib.h +++ /dev/null @@ -1,58 +0,0 @@ -#ifndef CRYPTOPP_ZLIB_H -#define CRYPTOPP_ZLIB_H - -#include "adler32.h" -#include "zdeflate.h" -#include "zinflate.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// ZLIB Compressor (RFC 1950) -class ZlibCompressor : public Deflator -{ -public: - ZlibCompressor(BufferedTransformation *attachment=NULL, unsigned int deflateLevel=DEFAULT_DEFLATE_LEVEL, unsigned int log2WindowSize=DEFAULT_LOG2_WINDOW_SIZE, bool detectUncompressible=true) - : Deflator(attachment, deflateLevel, log2WindowSize, detectUncompressible) {} - ZlibCompressor(const NameValuePairs ¶meters, BufferedTransformation *attachment=NULL) - : Deflator(parameters, attachment) {} - - unsigned int GetCompressionLevel() const; - -protected: - void WritePrestreamHeader(); - void ProcessUncompressedData(const byte *string, size_t length); - void WritePoststreamTail(); - - Adler32 m_adler32; -}; - -/// ZLIB Decompressor (RFC 1950) -class ZlibDecompressor : public Inflator -{ -public: - typedef Inflator::Err Err; - class HeaderErr : public Err {public: HeaderErr() : Err(INVALID_DATA_FORMAT, "ZlibDecompressor: header decoding error") {}}; - class Adler32Err : public Err {public: Adler32Err() : Err(DATA_INTEGRITY_CHECK_FAILED, "ZlibDecompressor: ADLER32 check error") {}}; - class UnsupportedAlgorithm : public Err {public: UnsupportedAlgorithm() : Err(INVALID_DATA_FORMAT, "ZlibDecompressor: unsupported algorithm") {}}; - class UnsupportedPresetDictionary : public Err {public: UnsupportedPresetDictionary() : Err(INVALID_DATA_FORMAT, "ZlibDecompressor: unsupported preset dictionary") {}}; - - /*! \param repeat decompress multiple compressed streams in series - \param autoSignalPropagation 0 to turn off MessageEnd signal - */ - ZlibDecompressor(BufferedTransformation *attachment = NULL, bool repeat = false, int autoSignalPropagation = -1); - unsigned int GetLog2WindowSize() const {return m_log2WindowSize;} - -private: - unsigned int MaxPrestreamHeaderSize() const {return 2;} - void ProcessPrestreamHeader(); - void ProcessDecompressedData(const byte *string, size_t length); - unsigned int MaxPoststreamTailSize() const {return 4;} - void ProcessPoststreamTail(); - - unsigned int m_log2WindowSize; - Adler32 m_adler32; -}; - -NAMESPACE_END - -#endif diff --git a/mbedtls b/mbedtls new file mode 160000 +Subproject 2ca6c285a0dd3f33982dd57299012dacab1ff20 |