diff options
278 files changed, 130 insertions, 74109 deletions
diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..f1b208d --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "mbedtls"] + path = mbedtls + url = https://github.com/Mbed-TLS/mbedtls diff --git a/CMakeLists.txt b/CMakeLists.txt index ffea003..e0fd0a8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,10 @@ cmake_minimum_required(VERSION 3.0) -project(compass CXX) +project(compass LANGUAGES CXX) + +set(ENABLE_PROGRAMS OFF CACHE BOOL "Build mbedtls exemplary programs") +set(ENABLE_TESTING OFF CACHE BOOL "Build mbedtls testing harness") +add_subdirectory(mbedtls) +include_directories(mbedtls/include) add_executable(compass main.cpp @@ -9,142 +14,8 @@ add_executable(compass Keychain.cpp Options.cpp Socket.cpp - cryptopp562/3way.cpp - cryptopp562/adler32.cpp - cryptopp562/algebra.cpp - cryptopp562/algparam.cpp - cryptopp562/arc4.cpp - cryptopp562/asn.cpp - cryptopp562/authenc.cpp - cryptopp562/base32.cpp - cryptopp562/base64.cpp - cryptopp562/basecode.cpp - cryptopp562/bench2.cpp - cryptopp562/bench.cpp - cryptopp562/bfinit.cpp - cryptopp562/blowfish.cpp - cryptopp562/blumshub.cpp - cryptopp562/camellia.cpp - cryptopp562/cast.cpp - cryptopp562/casts.cpp - cryptopp562/cbcmac.cpp - cryptopp562/ccm.cpp - cryptopp562/channels.cpp - cryptopp562/cmac.cpp - cryptopp562/cpu.cpp - cryptopp562/crc.cpp - cryptopp562/cryptlib_bds.cpp - cryptopp562/cryptlib.cpp - cryptopp562/datatest.cpp - cryptopp562/default.cpp - cryptopp562/des.cpp - cryptopp562/dessp.cpp - cryptopp562/dh2.cpp - cryptopp562/dh.cpp - cryptopp562/dll.cpp - cryptopp562/dlltest.cpp - cryptopp562/dsa.cpp - cryptopp562/eax.cpp - cryptopp562/ec2n.cpp - cryptopp562/eccrypto.cpp - cryptopp562/ecp.cpp - cryptopp562/elgamal.cpp - cryptopp562/emsa2.cpp - cryptopp562/eprecomp.cpp - cryptopp562/esign.cpp - cryptopp562/files.cpp - cryptopp562/filters.cpp - cryptopp562/fips140.cpp - cryptopp562/fipsalgt.cpp - cryptopp562/fipstest.cpp - cryptopp562/gcm.cpp - cryptopp562/gf2_32.cpp - cryptopp562/gf256.cpp - cryptopp562/gf2n.cpp - cryptopp562/gfpcrypt.cpp - cryptopp562/gost.cpp - cryptopp562/gzip.cpp - cryptopp562/hex.cpp - cryptopp562/hmac.cpp - cryptopp562/hrtimer.cpp - cryptopp562/ida.cpp - cryptopp562/idea.cpp - cryptopp562/integer.cpp - cryptopp562/iterhash.cpp - cryptopp562/luc.cpp - cryptopp562/mars.cpp - cryptopp562/marss.cpp - cryptopp562/md2.cpp - cryptopp562/md4.cpp - cryptopp562/md5.cpp - cryptopp562/misc.cpp - cryptopp562/modes.cpp - cryptopp562/mqueue.cpp - cryptopp562/mqv.cpp - cryptopp562/nbtheory.cpp - cryptopp562/network.cpp - cryptopp562/oaep.cpp - cryptopp562/osrng.cpp - cryptopp562/panama.cpp - cryptopp562/pch.cpp - cryptopp562/pkcspad.cpp - cryptopp562/polynomi.cpp - cryptopp562/pssr.cpp - cryptopp562/pubkey.cpp - cryptopp562/queue.cpp - cryptopp562/rabin.cpp - cryptopp562/randpool.cpp - cryptopp562/rc2.cpp - cryptopp562/rc5.cpp - cryptopp562/rc6.cpp - cryptopp562/rdtables.cpp - cryptopp562/regtest.cpp - cryptopp562/rijndael.cpp - cryptopp562/ripemd.cpp - cryptopp562/rng.cpp - cryptopp562/rsa.cpp - cryptopp562/rw.cpp - cryptopp562/safer.cpp - cryptopp562/salsa.cpp - cryptopp562/seal.cpp - cryptopp562/seed.cpp - cryptopp562/serpent.cpp - cryptopp562/sha3.cpp - cryptopp562/shacal2.cpp - cryptopp562/sha.cpp - cryptopp562/sharkbox.cpp - cryptopp562/shark.cpp - cryptopp562/simple.cpp - cryptopp562/skipjack.cpp - cryptopp562/socketft.cpp - cryptopp562/sosemanuk.cpp - cryptopp562/square.cpp - cryptopp562/squaretb.cpp - cryptopp562/strciphr.cpp - cryptopp562/tea.cpp - cryptopp562/test.cpp - cryptopp562/tftables.cpp - cryptopp562/tiger.cpp - cryptopp562/tigertab.cpp - cryptopp562/trdlocal.cpp - cryptopp562/ttmac.cpp - cryptopp562/twofish.cpp - cryptopp562/validat1.cpp - cryptopp562/validat2.cpp - cryptopp562/validat3.cpp - cryptopp562/vmac.cpp - cryptopp562/wait.cpp - cryptopp562/wake.cpp - cryptopp562/whrlpool.cpp - cryptopp562/winpipes.cpp - cryptopp562/xtr.cpp - cryptopp562/xtrcrypt.cpp - cryptopp562/zdeflate.cpp - cryptopp562/zinflate.cpp - cryptopp562/zlib.cpp ) -# TODO - Windows needs winsock -find_library(PTHREAD_LIB pthread) -target_link_libraries(compass ${PTHREAD_LIB}) +target_link_libraries(compass mbedtls) + install(TARGETS compass) diff --git a/Compass.cpp b/Compass.cpp index c5d2a3d..9a27d55 100644 --- a/Compass.cpp +++ b/Compass.cpp @@ -112,9 +112,6 @@ void Compass::perform(int argc, char* argv[]) { catch (const int e) {
std::cerr << ERR_GENERIC << std::endl;
}
- catch (const CryptoPP::Exception& e) {
- std::cerr << ERR_GENERIC << std::endl;
- }
catch (const double e) {
std::cerr << ERR_INPUT << std::endl;
}
diff --git a/Cryptor.cpp b/Cryptor.cpp index 57ded9a..9db2bdc 100644 --- a/Cryptor.cpp +++ b/Cryptor.cpp @@ -1,54 +1,98 @@ #include "Cryptor.h"
bool Cryptor::haveKey = false;
-unsigned char Cryptor::key[CryptoPP::AES::DEFAULT_KEYLENGTH];
+unsigned char Cryptor::key[AES_BLOCK_LENGTH];
+
+static void toHex(char *output, const void *input, size_t size) {
+ const unsigned char *_input = (const unsigned char *)input;
+ for (size_t i = 0; i < size; i++) {
+ sprintf(output+(i*2), "%02hhX", _input[i]);
+ }
+}
+
+static void fromHex(void *output, const char *input) {
+ unsigned char *_output = (unsigned char *)output;
+ size_t size = strlen(input);
+ if (size & 1) {
+ throw 1;
+ } else {
+ size /= 2;
+ }
+ for (size_t i = 0; i < size; i++) {
+ if (sscanf(input+(i*2), "%02hhx", &_output[i]) != 1) {
+ throw 1;
+ }
+ }
+}
void Cryptor::encryptAndSave(std::string remoteHost, std::string port, std::string directory, std::string payload) {
// Key
- if (!haveKey)
+ if (!haveKey) {
assembleKey(true);
+ }
// IV
- unsigned char iv[CryptoPP::AES::BLOCKSIZE];
- CryptoPP::AutoSeededRandomPool randl;
- randl.GenerateBlock(iv, sizeof(iv));
+ unsigned char iv[AES_BLOCK_LENGTH];
+ generateRandom(iv, sizeof(iv));
// Encrypt
- std::string cipher;
- CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption enc(key, sizeof(key), iv);
- CryptoPP::StringSource(payload, true, new CryptoPP::StreamTransformationFilter(enc, new CryptoPP::StringSink(cipher)));
+ size_t ciphertextLen = 0;
+ unsigned char *ciphertext = new unsigned char[payload.size() + 64];
+ const mbedtls_cipher_info_t *cipherInfo = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC);
+ mbedtls_cipher_context_t cipher;
+
+ mbedtls_cipher_init(&cipher);
+ mbedtls_cipher_setup(&cipher, cipherInfo);
+ mbedtls_cipher_setkey(&cipher, key, sizeof(key)*8, MBEDTLS_ENCRYPT);
+ mbedtls_cipher_set_padding_mode(&cipher, MBEDTLS_PADDING_PKCS7);
+ mbedtls_cipher_crypt(&cipher, iv, sizeof(iv),
+ (const unsigned char *)payload.c_str(), payload.size(),
+ ciphertext, &ciphertextLen);
+ mbedtls_cipher_free(&cipher);
// Save Data
- std::string encIV, encCipher;
- CryptoPP::StringSource(iv, sizeof(iv), true, new CryptoPP::HexEncoder(new CryptoPP::StringSink(encIV)));
- CryptoPP::StringSource(cipher, true, new CryptoPP::HexEncoder(new CryptoPP::StringSink(encCipher)));
+ char encIV[(AES_BLOCK_LENGTH * 2) + 1];
+ char *encCipher = new char[(ciphertextLen * 2) + 1];
+ toHex(encIV, iv, sizeof(iv));
+ toHex(encCipher, ciphertext, ciphertextLen);
+ std::string _encIV(encIV);
+ std::string _encCipher(encCipher);
+
+ delete[] encCipher;
+ delete[] ciphertext;
+
if (remoteHost == "") {
- if (directory[directory.size() - 1] != '/') directory += "/";
+ if (directory[directory.size() - 1] != '/') {
+ directory += "/";
+ }
directory += KEYCHAIN_FILE;
std::ofstream f(directory.c_str());
- f << encIV << std::endl;
- f << encCipher << std::endl;
+ f << _encIV << std::endl;
+ f << _encCipher << std::endl;
f.close();
- }
- else {
+ } else {
Socket s;
std::string err = "";
s.conn(remoteHost, port);
s.sendline("store");
s.sendline(directory);
- s.sendline(encIV);
- s.sendline(encCipher);
+ s.sendline(_encIV);
+ s.sendline(_encCipher);
err = s.readline();
s.clo();
- if (err != "OK") throw 1;
+ if (err != "OK") {
+ throw 1;
+ }
}
}
std::string Cryptor::loadAndDecrypt(std::string remoteHost, std::string port, std::string directory) {
// Load Data
- std::string encIV, encCipher, ivstr, cipher;
+ std::string encIV, encCipher;
if (remoteHost == "") {
- if (directory[directory.size() - 1] != '/') directory += "/";
+ if (directory[directory.size() - 1] != '/') {
+ directory += "/";
+ }
directory += KEYCHAIN_FILE;
std::ifstream f(directory.c_str());
if (!f.good()) {
@@ -58,8 +102,7 @@ std::string Cryptor::loadAndDecrypt(std::string remoteHost, std::string port, st f >> encIV;
f >> encCipher;
f.close();
- }
- else {
+ } else {
Socket s;
std::string err = "";
s.conn(remoteHost, port);
@@ -74,29 +117,43 @@ std::string Cryptor::loadAndDecrypt(std::string remoteHost, std::string port, st encCipher = s.readline();
s.clo();
}
- CryptoPP::StringSource(encIV, true, new CryptoPP::HexDecoder(new CryptoPP::StringSink(ivstr)));
- CryptoPP::StringSource(encCipher, true, new CryptoPP::HexDecoder(new CryptoPP::StringSink(cipher)));
+
+ // Decode data
+ unsigned char *ciphertext = new unsigned char[encCipher.size() / 2];
+ unsigned char iv[AES_BLOCK_LENGTH];
+ fromHex(ciphertext, encCipher.c_str());
+ fromHex(iv, encIV.c_str());
// Key
- if (!haveKey)
+ if (!haveKey) {
assembleKey();
-
- // IV
- unsigned char iv[CryptoPP::AES::BLOCKSIZE];
- memcpy(iv, ivstr.c_str(), ivstr.size());
+ }
// Decrypt
- std::string payload;
- CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption dec(key, sizeof(key), iv);
- CryptoPP::StringSource(cipher, true, new CryptoPP::StreamTransformationFilter(dec, new CryptoPP::StringSink(payload)));
+ size_t plaintextLen = 0;
+ char *plaintext = new char[(encCipher.size() / 2) + 64];
+ const mbedtls_cipher_info_t *cipherInfo = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC);
+ mbedtls_cipher_context_t cipher;
+
+ mbedtls_cipher_init(&cipher);
+ mbedtls_cipher_setup(&cipher, cipherInfo);
+ mbedtls_cipher_setkey(&cipher, key, sizeof(key)*8, MBEDTLS_DECRYPT);
+ mbedtls_cipher_set_padding_mode(&cipher, MBEDTLS_PADDING_PKCS7);
+ mbedtls_cipher_crypt(&cipher, iv, sizeof(iv),
+ ciphertext, (encCipher.size() / 2),
+ (unsigned char *)plaintext, &plaintextLen);
+ mbedtls_cipher_free(&cipher);
+
+ std::string payload(plaintext, plaintextLen);
+
+ delete[] plaintext;
+ delete[] ciphertext;
return payload;
}
std::string Cryptor::createRandomPassword(PasswordSpec spec) {
- CryptoPP::AutoSeededRandomPool randl;
std::string password;
-
std::vector<char> validChars;
// Always allow lower-case alphabetic characters
@@ -149,14 +206,11 @@ std::string Cryptor::createRandomPassword(PasswordSpec spec) { validChars.push_back('0' + i);
}
-
// Build string
for (int i = 0; i < spec.ml; i++) {
- unsigned char r[1];
- char c;
- randl.GenerateBlock(r, sizeof(r));
- c = validChars[r[0] % validChars.size()];
- password += c;
+ unsigned char c;
+ generateRandom(&c, sizeof(c));
+ password += validChars[c % validChars.size()];
}
return password;
@@ -167,13 +221,24 @@ void Cryptor::rekey() { }
void Cryptor::sha256(std::string str) {
- CryptoPP::SHA256 hash;
- std::string rtr;
- CryptoPP::StringSource(str, true, new CryptoPP::HashFilter(hash, new CryptoPP::StringSink(rtr), false, CryptoPP::AES::DEFAULT_KEYLENGTH));
- memcpy(key, rtr.c_str(), rtr.size());
+ unsigned char hashbuf[32];
+ mbedtls_sha256((const unsigned char *)str.c_str(), str.size(), hashbuf, 0);
+ memcpy(key, hashbuf, sizeof(key));
haveKey = true;
}
+void Cryptor::generateRandom(void *output, size_t size) {
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context random;
+
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&random);
+ mbedtls_ctr_drbg_seed(&random, mbedtls_entropy_func, &entropy, NULL, 0);
+ mbedtls_ctr_drbg_random(&random, (unsigned char *)output, size);
+ mbedtls_ctr_drbg_free(&random);
+ mbedtls_entropy_free(&entropy);
+}
+
std::string Cryptor::readPassword(bool confirm) {
std::string password;
@@ -4,6 +4,7 @@ #include <iostream>
#include <string>
#include <fstream>
+#include <vector>
#ifdef WIN32
#include <windows.h>
@@ -12,17 +13,17 @@ #include <unistd.h>
#endif // WIN32
-#include "cryptopp562/osrng.h"
-#include "cryptopp562/cryptlib.h"
-#include "cryptopp562/hex.h"
-#include "cryptopp562/filters.h"
-#include "cryptopp562/aes.h"
-#include "cryptopp562/ccm.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/sha256.h"
#include "Socket.h"
#define DEF_PASSWD_LENGTH 50
+#define AES_BLOCK_LENGTH 16
+
#define KEYCHAIN_FILE ".compasskeychain"
#define PASSWORD_PROMPT "ComPASS Password: "
#define PASSWORD_CONF "Confirm Password: "
@@ -49,9 +50,10 @@ public: private:
static bool haveKey;
- static unsigned char key[CryptoPP::AES::DEFAULT_KEYLENGTH];
+ static unsigned char key[AES_BLOCK_LENGTH];
static void sha256(std::string str);
+ static void generateRandom(void *output, size_t size);
static std::string readPassword(bool confirm);
static std::string readPassword();
static void assembleKey(bool confirm);
diff --git a/cryptopp562/3way.cpp b/cryptopp562/3way.cpp deleted file mode 100644 index 725b682..0000000 --- a/cryptopp562/3way.cpp +++ /dev/null @@ -1,139 +0,0 @@ -// 3way.cpp - modifed by Wei Dai from Joan Daemen's 3way.c -// The original code and all modifications are in the public domain. - -#include "pch.h" -#include "3way.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void ThreeWay_TestInstantiations() -{ - ThreeWay::Encryption x1; - ThreeWay::Decryption x2; -} - -static const word32 START_E = 0x0b0b; // round constant of first encryption round -static const word32 START_D = 0xb1b1; // round constant of first decryption round -static const word32 RC_MODULUS = 0x11011; - -static inline word32 reverseBits(word32 a) -{ - a = ((a & 0xAAAAAAAA) >> 1) | ((a & 0x55555555) << 1); - a = ((a & 0xCCCCCCCC) >> 2) | ((a & 0x33333333) << 2); - return ((a & 0xF0F0F0F0) >> 4) | ((a & 0x0F0F0F0F) << 4); -} - -#define mu(a0, a1, a2) \ -{ \ - a1 = reverseBits(a1); \ - word32 t = reverseBits(a0); \ - a0 = reverseBits(a2); \ - a2 = t; \ -} - -#define pi_gamma_pi(a0, a1, a2) \ -{ \ - word32 b0, b2; \ - b2 = rotlFixed(a2, 1U); \ - b0 = rotlFixed(a0, 22U); \ - a0 = rotlFixed(b0 ^ (a1|(~b2)), 1U); \ - a2 = rotlFixed(b2 ^ (b0|(~a1)), 22U);\ - a1 ^= (b2|(~b0)); \ -} - -// thanks to Paulo Barreto for this optimized theta() -#define theta(a0, a1, a2) \ -{ \ - word32 b0, b1, c; \ - c = a0 ^ a1 ^ a2; \ - c = rotlFixed(c, 16U) ^ rotlFixed(c, 8U); \ - b0 = (a0 << 24) ^ (a2 >> 8) ^ (a1 << 8) ^ (a0 >> 24); \ - b1 = (a1 << 24) ^ (a0 >> 8) ^ (a2 << 8) ^ (a1 >> 24); \ - a0 ^= c ^ b0; \ - a1 ^= c ^ b1; \ - a2 ^= c ^ (b0 >> 16) ^ (b1 << 16); \ -} - -#define rho(a0, a1, a2) \ -{ \ - theta(a0, a1, a2); \ - pi_gamma_pi(a0, a1, a2); \ -} - -void ThreeWay::Base::UncheckedSetKey(const byte *uk, unsigned int length, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(length); - - m_rounds = GetRoundsAndThrowIfInvalid(params, this); - - for (unsigned int i=0; i<3; i++) - m_k[i] = (word32)uk[4*i+3] | ((word32)uk[4*i+2]<<8) | ((word32)uk[4*i+1]<<16) | ((word32)uk[4*i]<<24); - - if (!IsForwardTransformation()) - { - theta(m_k[0], m_k[1], m_k[2]); - mu(m_k[0], m_k[1], m_k[2]); - m_k[0] = ByteReverse(m_k[0]); - m_k[1] = ByteReverse(m_k[1]); - m_k[2] = ByteReverse(m_k[2]); - } -} - -void ThreeWay::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - typedef BlockGetAndPut<word32, BigEndian> Block; - - word32 a0, a1, a2; - Block::Get(inBlock)(a0)(a1)(a2); - - word32 rc = START_E; - - for(unsigned i=0; i<m_rounds; i++) - { - a0 ^= m_k[0] ^ (rc<<16); - a1 ^= m_k[1]; - a2 ^= m_k[2] ^ rc; - rho(a0, a1, a2); - - rc <<= 1; - if (rc&0x10000) rc ^= 0x11011; - } - a0 ^= m_k[0] ^ (rc<<16); - a1 ^= m_k[1]; - a2 ^= m_k[2] ^ rc; - theta(a0, a1, a2); - - Block::Put(xorBlock, outBlock)(a0)(a1)(a2); -} - -void ThreeWay::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - typedef BlockGetAndPut<word32, LittleEndian> Block; - - word32 a0, a1, a2; - Block::Get(inBlock)(a0)(a1)(a2); - - word32 rc = START_D; - - mu(a0, a1, a2); - for(unsigned i=0; i<m_rounds; i++) - { - a0 ^= m_k[0] ^ (rc<<16); - a1 ^= m_k[1]; - a2 ^= m_k[2] ^ rc; - rho(a0, a1, a2); - - rc <<= 1; - if (rc&0x10000) rc ^= 0x11011; - } - a0 ^= m_k[0] ^ (rc<<16); - a1 ^= m_k[1]; - a2 ^= m_k[2] ^ rc; - theta(a0, a1, a2); - mu(a0, a1, a2); - - Block::Put(xorBlock, outBlock)(a0)(a1)(a2); -} - -NAMESPACE_END diff --git a/cryptopp562/3way.h b/cryptopp562/3way.h deleted file mode 100644 index 33a619e..0000000 --- a/cryptopp562/3way.h +++ /dev/null @@ -1,53 +0,0 @@ -#ifndef CRYPTOPP_THREEWAY_H -#define CRYPTOPP_THREEWAY_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct ThreeWay_Info : public FixedBlockSize<12>, public FixedKeyLength<12>, public VariableRounds<11> -{ - static const char *StaticAlgorithmName() {return "3-Way";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#3-Way">3-Way</a> -class ThreeWay : public ThreeWay_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<ThreeWay_Info> - { - public: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - - protected: - unsigned int m_rounds; - FixedSizeSecBlock<word32, 3> m_k; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef ThreeWay::Encryption ThreeWayEncryption; -typedef ThreeWay::Decryption ThreeWayDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/License.txt b/cryptopp562/License.txt deleted file mode 100644 index c5d3f34..0000000 --- a/cryptopp562/License.txt +++ /dev/null @@ -1,51 +0,0 @@ -Compilation Copyright (c) 1995-2013 by Wei Dai. All rights reserved. -This copyright applies only to this software distribution package -as a compilation, and does not imply a copyright on any particular -file in the package. - -All individual files in this compilation are placed in the public domain by -Wei Dai and other contributors. - -I would like to thank the following authors for placing their works into -the public domain: - -Joan Daemen - 3way.cpp -Leonard Janke - cast.cpp, seal.cpp -Steve Reid - cast.cpp -Phil Karn - des.cpp -Andrew M. Kuchling - md2.cpp, md4.cpp -Colin Plumb - md5.cpp -Seal Woods - rc6.cpp -Chris Morgan - rijndael.cpp -Paulo Baretto - rijndael.cpp, skipjack.cpp, square.cpp -Richard De Moliner - safer.cpp -Matthew Skala - twofish.cpp -Kevin Springle - camellia.cpp, shacal2.cpp, ttmac.cpp, whrlpool.cpp, ripemd.cpp -Ronny Van Keer - sha3.cpp - -The Crypto++ Library (as a compilation) is currently licensed under the Boost -Software License 1.0 (http://www.boost.org/users/license.html). - -Boost Software License - Version 1.0 - August 17th, 2003 - -Permission is hereby granted, free of charge, to any person or organization -obtaining a copy of the software and accompanying documentation covered by -this license (the "Software") to use, reproduce, display, distribute, -execute, and transmit the Software, and to prepare derivative works of the -Software, and to permit third-parties to whom the Software is furnished to -do so, all subject to the following: - -The copyright notices in the Software and this entire statement, including -the above license grant, this restriction and the following disclaimer, -must be included in all copies of the Software, in whole or in part, and -all derivative works of the Software, unless such copies or derivative -works are solely in the form of machine-executable object code generated by -a source language processor. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT -SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE -FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -DEALINGS IN THE SOFTWARE.
\ No newline at end of file diff --git a/cryptopp562/Readme.txt b/cryptopp562/Readme.txt deleted file mode 100644 index 5f3b452..0000000 --- a/cryptopp562/Readme.txt +++ /dev/null @@ -1,452 +0,0 @@ -Crypto++: a C++ Class Library of Cryptographic Schemes -Version 5.6.2 - 2/20/2013 - -Crypto++ Library is a free C++ class library of cryptographic schemes. -Currently the library contains the following algorithms: - - algorithm type name - - authenticated encryption schemes GCM, CCM, EAX - - high speed stream ciphers Panama, Sosemanuk, Salsa20, XSalsa20 - - AES and AES candidates AES (Rijndael), RC6, MARS, Twofish, Serpent, - CAST-256 - - IDEA, Triple-DES (DES-EDE2 and DES-EDE3), - other block ciphers Camellia, SEED, RC5, Blowfish, TEA, XTEA, - Skipjack, SHACAL-2 - - block cipher modes of operation ECB, CBC, CBC ciphertext stealing (CTS), - CFB, OFB, counter mode (CTR) - - message authentication codes VMAC, HMAC, GMAC, CMAC, CBC-MAC, DMAC, - Two-Track-MAC - - SHA-1, SHA-2 (SHA-224, SHA-256, SHA-384, and - hash functions SHA-512), SHA-3, Tiger, WHIRLPOOL, RIPEMD-128, - RIPEMD-256, RIPEMD-160, RIPEMD-320 - - RSA, DSA, ElGamal, Nyberg-Rueppel (NR), - public-key cryptography Rabin-Williams (RW), LUC, LUCELG, - DLIES (variants of DHAES), ESIGN - - padding schemes for public-key PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363 - systems EMSA2 and EMSA5 - - Diffie-Hellman (DH), Unified Diffie-Hellman - key agreement schemes (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, - XTR-DH - - elliptic curve cryptography ECDSA, ECNR, ECIES, ECDH, ECMQV - - insecure or obsolescent MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL -algorithms retained for backwards 3.0, WAKE-OFB, DESX (DES-XEX3), RC2, - compatibility and historical SAFER, 3-WAY, GOST, SHARK, CAST-128, Square - value - -Other features include: - - * pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool - * password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5, - PBKDF from PKCS #12 appendix B - * Shamir's secret sharing scheme and Rabin's information dispersal algorithm - (IDA) - * fast multi-precision integer (bignum) and polynomial operations - * finite field arithmetics, including GF(p) and GF(2^n) - * prime number generation and verification - * useful non-cryptographic algorithms - + DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and - zlib (RFC 1950) format support - + hex, base-32, and base-64 coding/decoding - + 32-bit CRC and Adler32 checksum - * class wrappers for these operating system features (optional): - + high resolution timers on Windows, Unix, and Mac OS - + Berkeley and Windows style sockets - + Windows named pipes - + /dev/random, /dev/urandom, /dev/srandom - + Microsoft's CryptGenRandom on Windows - * A high level interface for most of the above, using a filter/pipeline - metaphor - * benchmarks and validation testing - * x86, x86-64 (x64), MMX, and SSE2 assembly code for the most commonly used - algorithms, with run-time CPU feature detection and code selection - * some versions are available in FIPS 140-2 validated form - -You are welcome to use it for any purpose without paying me, but see -License.txt for the fine print. - -The following compilers are supported for this release. Please visit -http://www.cryptopp.com the most up to date build instructions and porting notes. - - * MSVC 6.0 - 2010 - * GCC 3.3 - 4.5 - * C++Builder 2010 - * Intel C++ Compiler 9 - 11.1 - * Sun Studio 12u1, Express 11/08, Express 06/10 - -*** Important Usage Notes *** - -1. If a constructor for A takes a pointer to an object B (except primitive -types such as int and char), then A owns B and will delete B at A's -destruction. If a constructor for A takes a reference to an object B, -then the caller retains ownership of B and should not destroy it until -A no longer needs it. - -2. Crypto++ is thread safe at the class level. This means you can use -Crypto++ safely in a multithreaded application, but you must provide -synchronization when multiple threads access a common Crypto++ object. - -*** MSVC-Specific Information *** - -On Windows, Crypto++ can be compiled into 3 forms: a static library -including all algorithms, a DLL with only FIPS Approved algorithms, and -a static library with only algorithms not in the DLL. -(FIPS Approved means Approved according to the FIPS 140-2 standard.) -The DLL may be used by itself, or it may be used together with the second -form of the static library. MSVC project files are included to build -all three forms, and sample applications using each of the three forms -are also included. - -To compile Crypto++ with MSVC, open the "cryptest.dsw" (for MSVC 6 and MSVC .NET -2003) or "cryptest.sln" (for MSVC 2005 - 2010) workspace file and build one or -more of the following projects: - -cryptopp - This builds the DLL. Please note that if you wish to use Crypto++ - as a FIPS validated module, you must use a pre-built DLL that has undergone - the FIPS validation process instead of building your own. -dlltest - This builds a sample application that only uses the DLL. -cryptest Non-DLL-Import Configuration - This builds the full static library - along with a full test driver. -cryptest DLL-Import Configuration - This builds a static library containing - only algorithms not in the DLL, along with a full test driver that uses - both the DLL and the static library. - -To use the Crypto++ DLL in your application, #include "dll.h" before including -any other Crypto++ header files, and place the DLL in the same directory as -your .exe file. dll.h includes the line #pragma comment(lib, "cryptopp") -so you don't have to explicitly list the import library in your project -settings. To use a static library form of Crypto++, make the "cryptlib" -project a dependency of your application project, or specify it as -an additional library to link with in your project settings. -In either case you should check the compiler options to -make sure that the library and your application are using the same C++ -run-time libraries and calling conventions. - -*** DLL Memory Management *** - -Because it's possible for the Crypto++ DLL to delete objects allocated -by the calling application, they must use the same C++ memory heap. Three -methods are provided to achieve this. -1. The calling application can tell Crypto++ what heap to use. This method - is required when the calling application uses a non-standard heap. -2. Crypto++ can tell the calling application what heap to use. This method - is required when the calling application uses a statically linked C++ Run - Time Library. (Method 1 does not work in this case because the Crypto++ DLL - is initialized before the calling application's heap is initialized.) -3. Crypto++ can automatically use the heap provided by the calling application's - dynamically linked C++ Run Time Library. The calling application must - make sure that the dynamically linked C++ Run Time Library is initialized - before Crypto++ is loaded. (At this time it is not clear if it is possible - to control the order in which DLLs are initialized on Windows 9x machines, - so it might be best to avoid using this method.) - -When Crypto++ attaches to a new process, it searches all modules loaded -into the process space for exported functions "GetNewAndDeleteForCryptoPP" -and "SetNewAndDeleteFromCryptoPP". If one of these functions is found, -Crypto++ uses methods 1 or 2, respectively, by calling the function. -Otherwise, method 3 is used. - -*** GCC-Specific Information *** - -A makefile is included for you to compile Crypto++ with GCC. Make sure -you are using GNU Make and GNU ld. The make process will produce two files, -libcryptopp.a and cryptest.exe. Run "cryptest.exe v" for the validation -suite. - -*** Documentation and Support *** - -Crypto++ is documented through inline comments in header files, which are -processed through Doxygen to produce an HTML reference manual. You can find -a link to the manual from http://www.cryptopp.com. Also at that site is -the Crypto++ FAQ, which you should browse through before attempting to -use this library, because it will likely answer many of questions that -may come up. - -If you run into any problems, please try the Crypto++ mailing list. -The subscription information and the list archive are available on -http://www.cryptopp.com. You can also email me directly by visiting -http://www.weidai.com, but you will probably get a faster response through -the mailing list. - -*** History *** - -1.0 - First public release. Withdrawn at the request of RSA DSI. - - included Blowfish, BBS, DES, DH, Diamond, DSA, ElGamal, IDEA, - MD5, RC4, RC5, RSA, SHA, WAKE, secret sharing, DEFLATE compression - - had a serious bug in the RSA key generation code. - -1.1 - Removed RSA, RC4, RC5 - - Disabled calls to RSAREF's non-public functions - - Minor bugs fixed - -2.0 - a completely new, faster multiprecision integer class - - added MD5-MAC, HAVAL, 3-WAY, TEA, SAFER, LUC, Rabin, BlumGoldwasser, - elliptic curve algorithms - - added the Lucas strong probable primality test - - ElGamal encryption and signature schemes modified to avoid weaknesses - - Diamond changed to Diamond2 because of key schedule weakness - - fixed bug in WAKE key setup - - SHS class renamed to SHA - - lots of miscellaneous optimizations - -2.1 - added Tiger, HMAC, GOST, RIPE-MD160, LUCELG, LUCDIF, XOR-MAC, - OAEP, PSSR, SHARK - - added precomputation to DH, ElGamal, DSA, and elliptic curve algorithms - - added back RC5 and a new RSA - - optimizations in elliptic curves over GF(p) - - changed Rabin to use OAEP and PSSR - - changed many classes to allow copy constructors to work correctly - - improved exception generation and handling - -2.2 - added SEAL, CAST-128, Square - - fixed bug in HAVAL (padding problem) - - fixed bug in triple-DES (decryption order was reversed) - - fixed bug in RC5 (couldn't handle key length not a multiple of 4) - - changed HMAC to conform to RFC-2104 (which is not compatible - with the original HMAC) - - changed secret sharing and information dispersal to use GF(2^32) - instead of GF(65521) - - removed zero knowledge prover/verifier for graph isomorphism - - removed several utility classes in favor of the C++ standard library - -2.3 - ported to EGCS - - fixed incomplete workaround of min/max conflict in MSVC - -3.0 - placed all names into the "CryptoPP" namespace - - added MD2, RC2, RC6, MARS, RW, DH2, MQV, ECDHC, CBC-CTS - - added abstract base classes PK_SimpleKeyAgreementDomain and - PK_AuthenticatedKeyAgreementDomain - - changed DH and LUCDIF to implement the PK_SimpleKeyAgreementDomain - interface and to perform domain parameter and key validation - - changed interfaces of PK_Signer and PK_Verifier to sign and verify - messages instead of message digests - - changed OAEP to conform to PKCS#1 v2.0 - - changed benchmark code to produce HTML tables as output - - changed PSSR to track IEEE P1363a - - renamed ElGamalSignature to NR and changed it to track IEEE P1363 - - renamed ECKEP to ECMQVC and changed it to track IEEE P1363 - - renamed several other classes for clarity - - removed support for calling RSAREF - - removed option to compile old SHA (SHA-0) - - removed option not to throw exceptions - -3.1 - added ARC4, Rijndael, Twofish, Serpent, CBC-MAC, DMAC - - added interface for querying supported key lengths of symmetric ciphers - and MACs - - added sample code for RSA signature and verification - - changed CBC-CTS to be compatible with RFC 2040 - - updated SEAL to version 3.0 of the cipher specification - - optimized multiprecision squaring and elliptic curves over GF(p) - - fixed bug in MARS key setup - - fixed bug with attaching objects to Deflator - -3.2 - added DES-XEX3, ECDSA, DefaultEncryptorWithMAC - - renamed DES-EDE to DES-EDE2 and TripleDES to DES-EDE3 - - optimized ARC4 - - generalized DSA to allow keys longer than 1024 bits - - fixed bugs in GF2N and ModularArithmetic that can cause calculation errors - - fixed crashing bug in Inflator when given invalid inputs - - fixed endian bug in Serpent - - fixed padding bug in Tiger - -4.0 - added Skipjack, CAST-256, Panama, SHA-2 (SHA-256, SHA-384, and SHA-512), - and XTR-DH - - added a faster variant of Rabin's Information Dispersal Algorithm (IDA) - - added class wrappers for these operating system features: - - high resolution timers on Windows, Unix, and MacOS - - Berkeley and Windows style sockets - - Windows named pipes - - /dev/random and /dev/urandom on Linux and FreeBSD - - Microsoft's CryptGenRandom on Windows - - added support for SEC 1 elliptic curve key format and compressed points - - added support for X.509 public key format (subjectPublicKeyInfo) for - RSA, DSA, and elliptic curve schemes - - added support for DER and OpenPGP signature format for DSA - - added support for ZLIB compressed data format (RFC 1950) - - changed elliptic curve encryption to use ECIES (as defined in SEC 1) - - changed MARS key schedule to reflect the latest specification - - changed BufferedTransformation interface to support multiple channels - and messages - - changed CAST and SHA-1 implementations to use public domain source code - - fixed bug in StringSource - - optmized multi-precision integer code for better performance - -4.1 - added more support for the recommended elliptic curve parameters in SEC 2 - - added Panama MAC, MARC4 - - added IV stealing feature to CTS mode - - added support for PKCS #8 private key format for RSA, DSA, and elliptic - curve schemes - - changed Deflate, MD5, Rijndael, and Twofish to use public domain code - - fixed a bug with flushing compressed streams - - fixed a bug with decompressing stored blocks - - fixed a bug with EC point decompression using non-trinomial basis - - fixed a bug in NetworkSource::GeneralPump() - - fixed a performance issue with EC over GF(p) decryption - - fixed syntax to allow GCC to compile without -fpermissive - - relaxed some restrictions in the license - -4.2 - added support for longer HMAC keys - - added MD4 (which is not secure so use for compatibility purposes only) - - added compatibility fixes/workarounds for STLport 4.5, GCC 3.0.2, - and MSVC 7.0 - - changed MD2 to use public domain code - - fixed a bug with decompressing multiple messages with the same object - - fixed a bug in CBC-MAC with MACing multiple messages with the same object - - fixed a bug in RC5 and RC6 with zero-length keys - - fixed a bug in Adler32 where incorrect checksum may be generated - -5.0 - added ESIGN, DLIES, WAKE-OFB, PBKDF1 and PBKDF2 from PKCS #5 - - added key validation for encryption and signature public/private keys - - renamed StreamCipher interface to SymmetricCipher, which is now implemented - by both stream ciphers and block cipher modes including ECB and CBC - - added keying interfaces to support resetting of keys and IVs without - having to destroy and recreate objects - - changed filter interface to support non-blocking input/output - - changed SocketSource and SocketSink to use overlapped I/O on Microsoft Windows - - grouped related classes inside structs to help templates, for example - AESEncryption and AESDecryption are now AES::Encryption and AES::Decryption - - where possible, typedefs have been added to improve backwards - compatibility when the CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY macro is defined - - changed Serpent, HAVAL and IDEA to use public domain code - - implemented SSE2 optimizations for Integer operations - - fixed a bug in HMAC::TruncatedFinal() - - fixed SKIPJACK byte ordering following NIST clarification dated 5/9/02 - -5.01 - added known answer test for X9.17 RNG in FIPS 140 power-up self test - - submitted to NIST/CSE, but not publicly released - -5.02 - changed EDC test to MAC integrity check using HMAC/SHA1 - - improved performance of integrity check - - added blinding to defend against RSA timing attack - -5.03 - created DLL version of Crypto++ for FIPS 140-2 validation - - fixed vulnerabilities in GetNextIV for CTR and OFB modes - -5.0.4 - Removed DES, SHA-256, SHA-384, SHA-512 from DLL - -5.1 - added PSS padding and changed PSSR to track IEEE P1363a draft standard - - added blinding for RSA and Rabin to defend against timing attacks - on decryption operations - - changed signing and decryption APIs to support the above - - changed WaitObjectContainer to allow waiting for more than 64 - objects at a time on Win32 platforms - - fixed a bug in CBC and ECB modes with processing non-aligned data - - fixed standard conformance bugs in DLIES (DHAES mode) and RW/EMSA2 - signature scheme (these fixes are not backwards compatible) - - fixed a number of compiler warnings, minor bugs, and portability problems - - removed Sapphire - -5.2 - merged in changes for 5.01 - 5.0.4 - - added support for using encoding parameters and key derivation parameters - with public key encryption (implemented by OAEP and DL/ECIES) - - added Camellia, SHACAL-2, Two-Track-MAC, Whirlpool, RIPEMD-320, - RIPEMD-128, RIPEMD-256, Base-32 coding, FIPS variant of CFB mode - - added ThreadUserTimer for timing thread CPU usage - - added option for password-based key derivation functions - to iterate until a mimimum elapsed thread CPU time is reached - - added option (on by default) for DEFLATE compression to detect - uncompressible files and process them more quickly - - improved compatibility and performance on 64-bit platforms, - including Alpha, IA-64, x86-64, PPC64, Sparc64, and MIPS64 - - fixed ONE_AND_ZEROS_PADDING to use 0x80 instead 0x01 as padding. - - fixed encoding/decoding of PKCS #8 privateKeyInfo to properly - handle optional attributes - -5.2.1 - fixed bug in the "dlltest" DLL testing program - - fixed compiling with STLport using VC .NET - - fixed compiling with -fPIC using GCC - - fixed compiling with -msse2 on systems without memalign() - - fixed inability to instantiate PanamaMAC - - fixed problems with inline documentation - -5.2.2 - added SHA-224 - - put SHA-256, SHA-384, SHA-512, RSASSA-PSS into DLL - -5.2.3 - fixed issues with FIPS algorithm test vectors - - put RSASSA-ISO into DLL - -5.3 - ported to MSVC 2005 with support for x86-64 - - added defense against AES timing attacks, and more AES test vectors - - changed StaticAlgorithmName() of Rijndael to "AES", CTR to "CTR" - -5.4 - added Salsa20 - - updated Whirlpool to version 3.0 - - ported to GCC 4.1, Sun C++ 5.8, and Borland C++Builder 2006 - -5.5 - added VMAC and Sosemanuk (with x86-64 and SSE2 assembly) - - improved speed of integer arithmetic, AES, SHA-512, Tiger, Salsa20, - Whirlpool, and PANAMA cipher using assembly (x86-64, MMX, SSE2) - - optimized Camellia and added defense against timing attacks - - updated benchmarks code to show cycles per byte and to time key/IV setup - - started using OpenMP for increased multi-core speed - - enabled GCC optimization flags by default in GNUmakefile - - added blinding and computational error checking for RW signing - - changed RandomPool, X917RNG, GetNextIV, DSA/NR/ECDSA/ECNR to reduce - the risk of reusing random numbers and IVs after virtual machine state - rollback - - changed default FIPS mode RNG from AutoSeededX917RNG<DES_EDE3> to - AutoSeededX917RNG<AES> - - fixed PANAMA cipher interface to accept 256-bit key and 256-bit IV - - moved MD2, MD4, MD5, PanamaHash, ARC4, WAKE_CFB into the namespace "Weak" - - removed HAVAL, MD5-MAC, XMAC - -5.5.1 - fixed VMAC validation failure on 32-bit big-endian machines - -5.5.2 - ported x64 assembly language code for AES, Salsa20, Sosemanuk, and Panama - to MSVC 2005 (using MASM since MSVC doesn't support inline assembly on x64) - - fixed Salsa20 initialization crash on non-SSE2 machines - - fixed Whirlpool crash on Pentium 2 machines - - fixed possible branch prediction analysis (BPA) vulnerability in - MontgomeryReduce(), which may affect security of RSA, RW, LUC - - fixed link error with MSVC 2003 when using "debug DLL" form of runtime library - - fixed crash in SSE2_Add on P4 machines when compiled with - MSVC 6.0 SP5 with Processor Pack - - ported to MSVC 2008, GCC 4.2, Sun CC 5.9, Intel C++ Compiler 10.0, - and Borland C++Builder 2007 - -5.6.0 - added AuthenticatedSymmetricCipher interface class and Filter wrappers - - added CCM, GCM (with SSE2 assembly), EAX, CMAC, XSalsa20, and SEED - - added support for variable length IVs - - added OIDs for Brainpool elliptic curve parameters - - improved AES and SHA-256 speed on x86 and x64 - - changed BlockTransformation interface to no longer assume data alignment - - fixed incorrect VMAC computation on message lengths - that are >64 mod 128 (x86 assembly version is not affected) - - fixed compiler error in vmac.cpp on x86 with GCC -fPIC - - fixed run-time validation error on x86-64 with GCC 4.3.2 -O2 - - fixed HashFilter bug when putMessage=true - - fixed AES-CTR data alignment bug that causes incorrect encryption on ARM - - removed WORD64_AVAILABLE; compiler support for 64-bit int is now required - - ported to GCC 4.3, C++Builder 2009, Sun CC 5.10, Intel C++ Compiler 11 - -5.6.1 - added support for AES-NI and CLMUL instruction sets in AES and GMAC/GCM - - removed WAKE-CFB - - fixed several bugs in the SHA-256 x86/x64 assembly code: - * incorrect hash on non-SSE2 x86 machines on non-aligned input - * incorrect hash on x86 machines when input crosses 0x80000000 - * incorrect hash on x64 when compiled with GCC with optimizations enabled - - fixed bugs in AES x86 and x64 assembly causing crashes in some MSVC build configurations - - switched to a public domain implementation of MARS - - ported to MSVC 2010, GCC 4.5.1, Sun Studio 12u1, C++Builder 2010, Intel C++ Compiler 11.1 - - renamed the MSVC DLL project to "cryptopp" for compatibility with MSVC 2010 - -5.6.2 - changed license to Boost Software License 1.0 - - added SHA-3 (Keccak) - - updated DSA to FIPS 186-3 (see DSA2 class) - - fixed Blowfish minimum keylength to be 4 bytes (32 bits) - - fixed Salsa validation failure when compiling with GCC 4.6 - - fixed infinite recursion when on x64, assembly disabled, and no AESNI - - ported to MSVC 2012, GCC 4.7, Clang 3.2, Solaris Studio 12.3, Intel C++ Compiler 13.0 - -Written by Wei Dai diff --git a/cryptopp562/adler32.cpp b/cryptopp562/adler32.cpp deleted file mode 100644 index 0d52c08..0000000 --- a/cryptopp562/adler32.cpp +++ /dev/null @@ -1,77 +0,0 @@ -// adler32.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "adler32.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Adler32::Update(const byte *input, size_t length) -{ - const unsigned long BASE = 65521; - - unsigned long s1 = m_s1; - unsigned long s2 = m_s2; - - if (length % 8 != 0) - { - do - { - s1 += *input++; - s2 += s1; - length--; - } while (length % 8 != 0); - - if (s1 >= BASE) - s1 -= BASE; - s2 %= BASE; - } - - while (length > 0) - { - s1 += input[0]; s2 += s1; - s1 += input[1]; s2 += s1; - s1 += input[2]; s2 += s1; - s1 += input[3]; s2 += s1; - s1 += input[4]; s2 += s1; - s1 += input[5]; s2 += s1; - s1 += input[6]; s2 += s1; - s1 += input[7]; s2 += s1; - - length -= 8; - input += 8; - - if (s1 >= BASE) - s1 -= BASE; - if (length % 0x8000 == 0) - s2 %= BASE; - } - - assert(s1 < BASE); - assert(s2 < BASE); - - m_s1 = (word16)s1; - m_s2 = (word16)s2; -} - -void Adler32::TruncatedFinal(byte *hash, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - switch (size) - { - default: - hash[3] = byte(m_s1); - case 3: - hash[2] = byte(m_s1 >> 8); - case 2: - hash[1] = byte(m_s2); - case 1: - hash[0] = byte(m_s2 >> 8); - case 0: - ; - } - - Reset(); -} - -NAMESPACE_END diff --git a/cryptopp562/adler32.h b/cryptopp562/adler32.h deleted file mode 100644 index 0ed803d..0000000 --- a/cryptopp562/adler32.h +++ /dev/null @@ -1,28 +0,0 @@ -#ifndef CRYPTOPP_ADLER32_H -#define CRYPTOPP_ADLER32_H - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! ADLER-32 checksum calculations -class Adler32 : public HashTransformation -{ -public: - CRYPTOPP_CONSTANT(DIGESTSIZE = 4) - Adler32() {Reset();} - void Update(const byte *input, size_t length); - void TruncatedFinal(byte *hash, size_t size); - unsigned int DigestSize() const {return DIGESTSIZE;} - static const char * StaticAlgorithmName() {return "Adler32";} - std::string AlgorithmName() const {return StaticAlgorithmName();} - -private: - void Reset() {m_s1 = 1; m_s2 = 0;} - - word16 m_s1, m_s2; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/aes.h b/cryptopp562/aes.h deleted file mode 100644 index 0087542..0000000 --- a/cryptopp562/aes.h +++ /dev/null @@ -1,16 +0,0 @@ -#ifndef CRYPTOPP_AES_H -#define CRYPTOPP_AES_H - -#include "rijndael.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! <a href="http://www.cryptolounge.org/wiki/AES">AES</a> winner, announced on 10/2/2000 -DOCUMENTED_TYPEDEF(Rijndael, AES); - -typedef RijndaelEncryption AESEncryption; -typedef RijndaelDecryption AESDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/algebra.cpp b/cryptopp562/algebra.cpp deleted file mode 100644 index 958e637..0000000 --- a/cryptopp562/algebra.cpp +++ /dev/null @@ -1,340 +0,0 @@ -// algebra.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_ALGEBRA_CPP // SunCC workaround: compiler could cause this file to be included twice -#define CRYPTOPP_ALGEBRA_CPP - -#include "algebra.h" -#include "integer.h" - -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -template <class T> const T& AbstractGroup<T>::Double(const Element &a) const -{ - return this->Add(a, a); -} - -template <class T> const T& AbstractGroup<T>::Subtract(const Element &a, const Element &b) const -{ - // make copy of a in case Inverse() overwrites it - Element a1(a); - return this->Add(a1, Inverse(b)); -} - -template <class T> T& AbstractGroup<T>::Accumulate(Element &a, const Element &b) const -{ - return a = this->Add(a, b); -} - -template <class T> T& AbstractGroup<T>::Reduce(Element &a, const Element &b) const -{ - return a = this->Subtract(a, b); -} - -template <class T> const T& AbstractRing<T>::Square(const Element &a) const -{ - return this->Multiply(a, a); -} - -template <class T> const T& AbstractRing<T>::Divide(const Element &a, const Element &b) const -{ - // make copy of a in case MultiplicativeInverse() overwrites it - Element a1(a); - return this->Multiply(a1, this->MultiplicativeInverse(b)); -} - -template <class T> const T& AbstractEuclideanDomain<T>::Mod(const Element &a, const Element &b) const -{ - Element q; - this->DivisionAlgorithm(result, q, a, b); - return result; -} - -template <class T> const T& AbstractEuclideanDomain<T>::Gcd(const Element &a, const Element &b) const -{ - Element g[3]={b, a}; - unsigned int i0=0, i1=1, i2=2; - - while (!this->Equal(g[i1], this->Identity())) - { - g[i2] = this->Mod(g[i0], g[i1]); - unsigned int t = i0; i0 = i1; i1 = i2; i2 = t; - } - - return result = g[i0]; -} - -template <class T> const typename QuotientRing<T>::Element& QuotientRing<T>::MultiplicativeInverse(const Element &a) const -{ - Element g[3]={m_modulus, a}; - Element v[3]={m_domain.Identity(), m_domain.MultiplicativeIdentity()}; - Element y; - unsigned int i0=0, i1=1, i2=2; - - while (!this->Equal(g[i1], this->Identity())) - { - // y = g[i0] / g[i1]; - // g[i2] = g[i0] % g[i1]; - m_domain.DivisionAlgorithm(g[i2], y, g[i0], g[i1]); - // v[i2] = v[i0] - (v[i1] * y); - v[i2] = m_domain.Subtract(v[i0], m_domain.Multiply(v[i1], y)); - unsigned int t = i0; i0 = i1; i1 = i2; i2 = t; - } - - return m_domain.IsUnit(g[i0]) ? m_domain.Divide(v[i0], g[i0]) : m_domain.Identity(); -} - -template <class T> T AbstractGroup<T>::ScalarMultiply(const Element &base, const Integer &exponent) const -{ - Element result; - this->SimultaneousMultiply(&result, base, &exponent, 1); - return result; -} - -template <class T> T AbstractGroup<T>::CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const -{ - const unsigned expLen = STDMAX(e1.BitCount(), e2.BitCount()); - if (expLen==0) - return this->Identity(); - - const unsigned w = (expLen <= 46 ? 1 : (expLen <= 260 ? 2 : 3)); - const unsigned tableSize = 1<<w; - std::vector<Element> powerTable(tableSize << w); - - powerTable[1] = x; - powerTable[tableSize] = y; - if (w==1) - powerTable[3] = this->Add(x,y); - else - { - powerTable[2] = this->Double(x); - powerTable[2*tableSize] = this->Double(y); - - unsigned i, j; - - for (i=3; i<tableSize; i+=2) - powerTable[i] = Add(powerTable[i-2], powerTable[2]); - for (i=1; i<tableSize; i+=2) - for (j=i+tableSize; j<(tableSize<<w); j+=tableSize) - powerTable[j] = Add(powerTable[j-tableSize], y); - - for (i=3*tableSize; i<(tableSize<<w); i+=2*tableSize) - powerTable[i] = Add(powerTable[i-2*tableSize], powerTable[2*tableSize]); - for (i=tableSize; i<(tableSize<<w); i+=2*tableSize) - for (j=i+2; j<i+tableSize; j+=2) - powerTable[j] = Add(powerTable[j-1], x); - } - - Element result; - unsigned power1 = 0, power2 = 0, prevPosition = expLen-1; - bool firstTime = true; - - for (int i = expLen-1; i>=0; i--) - { - power1 = 2*power1 + e1.GetBit(i); - power2 = 2*power2 + e2.GetBit(i); - - if (i==0 || 2*power1 >= tableSize || 2*power2 >= tableSize) - { - unsigned squaresBefore = prevPosition-i; - unsigned squaresAfter = 0; - prevPosition = i; - while ((power1 || power2) && power1%2 == 0 && power2%2==0) - { - power1 /= 2; - power2 /= 2; - squaresBefore--; - squaresAfter++; - } - if (firstTime) - { - result = powerTable[(power2<<w) + power1]; - firstTime = false; - } - else - { - while (squaresBefore--) - result = this->Double(result); - if (power1 || power2) - Accumulate(result, powerTable[(power2<<w) + power1]); - } - while (squaresAfter--) - result = this->Double(result); - power1 = power2 = 0; - } - } - return result; -} - -template <class Element, class Iterator> Element GeneralCascadeMultiplication(const AbstractGroup<Element> &group, Iterator begin, Iterator end) -{ - if (end-begin == 1) - return group.ScalarMultiply(begin->base, begin->exponent); - else if (end-begin == 2) - return group.CascadeScalarMultiply(begin->base, begin->exponent, (begin+1)->base, (begin+1)->exponent); - else - { - Integer q, t; - Iterator last = end; - --last; - - std::make_heap(begin, end); - std::pop_heap(begin, end); - - while (!!begin->exponent) - { - // last->exponent is largest exponent, begin->exponent is next largest - t = last->exponent; - Integer::Divide(last->exponent, q, t, begin->exponent); - - if (q == Integer::One()) - group.Accumulate(begin->base, last->base); // avoid overhead of ScalarMultiply() - else - group.Accumulate(begin->base, group.ScalarMultiply(last->base, q)); - - std::push_heap(begin, end); - std::pop_heap(begin, end); - } - - return group.ScalarMultiply(last->base, last->exponent); - } -} - -struct WindowSlider -{ - WindowSlider(const Integer &expIn, bool fastNegate, unsigned int windowSizeIn=0) - : exp(expIn), windowModulus(Integer::One()), windowSize(windowSizeIn), windowBegin(0), fastNegate(fastNegate), firstTime(true), finished(false) - { - if (windowSize == 0) - { - unsigned int expLen = exp.BitCount(); - windowSize = expLen <= 17 ? 1 : (expLen <= 24 ? 2 : (expLen <= 70 ? 3 : (expLen <= 197 ? 4 : (expLen <= 539 ? 5 : (expLen <= 1434 ? 6 : 7))))); - } - windowModulus <<= windowSize; - } - - void FindNextWindow() - { - unsigned int expLen = exp.WordCount() * WORD_BITS; - unsigned int skipCount = firstTime ? 0 : windowSize; - firstTime = false; - while (!exp.GetBit(skipCount)) - { - if (skipCount >= expLen) - { - finished = true; - return; - } - skipCount++; - } - - exp >>= skipCount; - windowBegin += skipCount; - expWindow = word32(exp % (word(1) << windowSize)); - - if (fastNegate && exp.GetBit(windowSize)) - { - negateNext = true; - expWindow = (word32(1) << windowSize) - expWindow; - exp += windowModulus; - } - else - negateNext = false; - } - - Integer exp, windowModulus; - unsigned int windowSize, windowBegin; - word32 expWindow; - bool fastNegate, negateNext, firstTime, finished; -}; - -template <class T> -void AbstractGroup<T>::SimultaneousMultiply(T *results, const T &base, const Integer *expBegin, unsigned int expCount) const -{ - std::vector<std::vector<Element> > buckets(expCount); - std::vector<WindowSlider> exponents; - exponents.reserve(expCount); - unsigned int i; - - for (i=0; i<expCount; i++) - { - assert(expBegin->NotNegative()); - exponents.push_back(WindowSlider(*expBegin++, InversionIsFast(), 0)); - exponents[i].FindNextWindow(); - buckets[i].resize(1<<(exponents[i].windowSize-1), Identity()); - } - - unsigned int expBitPosition = 0; - Element g = base; - bool notDone = true; - - while (notDone) - { - notDone = false; - for (i=0; i<expCount; i++) - { - if (!exponents[i].finished && expBitPosition == exponents[i].windowBegin) - { - Element &bucket = buckets[i][exponents[i].expWindow/2]; - if (exponents[i].negateNext) - Accumulate(bucket, Inverse(g)); - else - Accumulate(bucket, g); - exponents[i].FindNextWindow(); - } - notDone = notDone || !exponents[i].finished; - } - - if (notDone) - { - g = Double(g); - expBitPosition++; - } - } - - for (i=0; i<expCount; i++) - { - Element &r = *results++; - r = buckets[i][buckets[i].size()-1]; - if (buckets[i].size() > 1) - { - for (int j = (int)buckets[i].size()-2; j >= 1; j--) - { - Accumulate(buckets[i][j], buckets[i][j+1]); - Accumulate(r, buckets[i][j]); - } - Accumulate(buckets[i][0], buckets[i][1]); - r = Add(Double(r), buckets[i][0]); - } - } -} - -template <class T> T AbstractRing<T>::Exponentiate(const Element &base, const Integer &exponent) const -{ - Element result; - SimultaneousExponentiate(&result, base, &exponent, 1); - return result; -} - -template <class T> T AbstractRing<T>::CascadeExponentiate(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const -{ - return MultiplicativeGroup().AbstractGroup<T>::CascadeScalarMultiply(x, e1, y, e2); -} - -template <class Element, class Iterator> Element GeneralCascadeExponentiation(const AbstractRing<Element> &ring, Iterator begin, Iterator end) -{ - return GeneralCascadeMultiplication<Element>(ring.MultiplicativeGroup(), begin, end); -} - -template <class T> -void AbstractRing<T>::SimultaneousExponentiate(T *results, const T &base, const Integer *exponents, unsigned int expCount) const -{ - MultiplicativeGroup().AbstractGroup<T>::SimultaneousMultiply(results, base, exponents, expCount); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/algebra.h b/cryptopp562/algebra.h deleted file mode 100644 index 13038bd..0000000 --- a/cryptopp562/algebra.h +++ /dev/null @@ -1,285 +0,0 @@ -#ifndef CRYPTOPP_ALGEBRA_H -#define CRYPTOPP_ALGEBRA_H - -#include "config.h" - -NAMESPACE_BEGIN(CryptoPP) - -class Integer; - -// "const Element&" returned by member functions are references -// to internal data members. Since each object may have only -// one such data member for holding results, the following code -// will produce incorrect results: -// abcd = group.Add(group.Add(a,b), group.Add(c,d)); -// But this should be fine: -// abcd = group.Add(a, group.Add(b, group.Add(c,d)); - -//! Abstract Group -template <class T> class CRYPTOPP_NO_VTABLE AbstractGroup -{ -public: - typedef T Element; - - virtual ~AbstractGroup() {} - - virtual bool Equal(const Element &a, const Element &b) const =0; - virtual const Element& Identity() const =0; - virtual const Element& Add(const Element &a, const Element &b) const =0; - virtual const Element& Inverse(const Element &a) const =0; - virtual bool InversionIsFast() const {return false;} - - virtual const Element& Double(const Element &a) const; - virtual const Element& Subtract(const Element &a, const Element &b) const; - virtual Element& Accumulate(Element &a, const Element &b) const; - virtual Element& Reduce(Element &a, const Element &b) const; - - virtual Element ScalarMultiply(const Element &a, const Integer &e) const; - virtual Element CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const; - - virtual void SimultaneousMultiply(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; -}; - -//! Abstract Ring -template <class T> class CRYPTOPP_NO_VTABLE AbstractRing : public AbstractGroup<T> -{ -public: - typedef T Element; - - AbstractRing() {m_mg.m_pRing = this;} - AbstractRing(const AbstractRing &source) {m_mg.m_pRing = this;} - AbstractRing& operator=(const AbstractRing &source) {return *this;} - - virtual bool IsUnit(const Element &a) const =0; - virtual const Element& MultiplicativeIdentity() const =0; - virtual const Element& Multiply(const Element &a, const Element &b) const =0; - virtual const Element& MultiplicativeInverse(const Element &a) const =0; - - virtual const Element& Square(const Element &a) const; - virtual const Element& Divide(const Element &a, const Element &b) const; - - virtual Element Exponentiate(const Element &a, const Integer &e) const; - virtual Element CascadeExponentiate(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const; - - virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; - - virtual const AbstractGroup<T>& MultiplicativeGroup() const - {return m_mg;} - -private: - class MultiplicativeGroupT : public AbstractGroup<T> - { - public: - const AbstractRing<T>& GetRing() const - {return *m_pRing;} - - bool Equal(const Element &a, const Element &b) const - {return GetRing().Equal(a, b);} - - const Element& Identity() const - {return GetRing().MultiplicativeIdentity();} - - const Element& Add(const Element &a, const Element &b) const - {return GetRing().Multiply(a, b);} - - Element& Accumulate(Element &a, const Element &b) const - {return a = GetRing().Multiply(a, b);} - - const Element& Inverse(const Element &a) const - {return GetRing().MultiplicativeInverse(a);} - - const Element& Subtract(const Element &a, const Element &b) const - {return GetRing().Divide(a, b);} - - Element& Reduce(Element &a, const Element &b) const - {return a = GetRing().Divide(a, b);} - - const Element& Double(const Element &a) const - {return GetRing().Square(a);} - - Element ScalarMultiply(const Element &a, const Integer &e) const - {return GetRing().Exponentiate(a, e);} - - Element CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const - {return GetRing().CascadeExponentiate(x, e1, y, e2);} - - void SimultaneousMultiply(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const - {GetRing().SimultaneousExponentiate(results, base, exponents, exponentsCount);} - - const AbstractRing<T> *m_pRing; - }; - - MultiplicativeGroupT m_mg; -}; - -// ******************************************************** - -//! Base and Exponent -template <class T, class E = Integer> -struct BaseAndExponent -{ -public: - BaseAndExponent() {} - BaseAndExponent(const T &base, const E &exponent) : base(base), exponent(exponent) {} - bool operator<(const BaseAndExponent<T, E> &rhs) const {return exponent < rhs.exponent;} - T base; - E exponent; -}; - -// VC60 workaround: incomplete member template support -template <class Element, class Iterator> - Element GeneralCascadeMultiplication(const AbstractGroup<Element> &group, Iterator begin, Iterator end); -template <class Element, class Iterator> - Element GeneralCascadeExponentiation(const AbstractRing<Element> &ring, Iterator begin, Iterator end); - -// ******************************************************** - -//! Abstract Euclidean Domain -template <class T> class CRYPTOPP_NO_VTABLE AbstractEuclideanDomain : public AbstractRing<T> -{ -public: - typedef T Element; - - virtual void DivisionAlgorithm(Element &r, Element &q, const Element &a, const Element &d) const =0; - - virtual const Element& Mod(const Element &a, const Element &b) const =0; - virtual const Element& Gcd(const Element &a, const Element &b) const; - -protected: - mutable Element result; -}; - -// ******************************************************** - -//! EuclideanDomainOf -template <class T> class EuclideanDomainOf : public AbstractEuclideanDomain<T> -{ -public: - typedef T Element; - - EuclideanDomainOf() {} - - bool Equal(const Element &a, const Element &b) const - {return a==b;} - - const Element& Identity() const - {return Element::Zero();} - - const Element& Add(const Element &a, const Element &b) const - {return result = a+b;} - - Element& Accumulate(Element &a, const Element &b) const - {return a+=b;} - - const Element& Inverse(const Element &a) const - {return result = -a;} - - const Element& Subtract(const Element &a, const Element &b) const - {return result = a-b;} - - Element& Reduce(Element &a, const Element &b) const - {return a-=b;} - - const Element& Double(const Element &a) const - {return result = a.Doubled();} - - const Element& MultiplicativeIdentity() const - {return Element::One();} - - const Element& Multiply(const Element &a, const Element &b) const - {return result = a*b;} - - const Element& Square(const Element &a) const - {return result = a.Squared();} - - bool IsUnit(const Element &a) const - {return a.IsUnit();} - - const Element& MultiplicativeInverse(const Element &a) const - {return result = a.MultiplicativeInverse();} - - const Element& Divide(const Element &a, const Element &b) const - {return result = a/b;} - - const Element& Mod(const Element &a, const Element &b) const - {return result = a%b;} - - void DivisionAlgorithm(Element &r, Element &q, const Element &a, const Element &d) const - {Element::Divide(r, q, a, d);} - - bool operator==(const EuclideanDomainOf<T> &rhs) const - {return true;} - -private: - mutable Element result; -}; - -//! Quotient Ring -template <class T> class QuotientRing : public AbstractRing<typename T::Element> -{ -public: - typedef T EuclideanDomain; - typedef typename T::Element Element; - - QuotientRing(const EuclideanDomain &domain, const Element &modulus) - : m_domain(domain), m_modulus(modulus) {} - - const EuclideanDomain & GetDomain() const - {return m_domain;} - - const Element& GetModulus() const - {return m_modulus;} - - bool Equal(const Element &a, const Element &b) const - {return m_domain.Equal(m_domain.Mod(m_domain.Subtract(a, b), m_modulus), m_domain.Identity());} - - const Element& Identity() const - {return m_domain.Identity();} - - const Element& Add(const Element &a, const Element &b) const - {return m_domain.Add(a, b);} - - Element& Accumulate(Element &a, const Element &b) const - {return m_domain.Accumulate(a, b);} - - const Element& Inverse(const Element &a) const - {return m_domain.Inverse(a);} - - const Element& Subtract(const Element &a, const Element &b) const - {return m_domain.Subtract(a, b);} - - Element& Reduce(Element &a, const Element &b) const - {return m_domain.Reduce(a, b);} - - const Element& Double(const Element &a) const - {return m_domain.Double(a);} - - bool IsUnit(const Element &a) const - {return m_domain.IsUnit(m_domain.Gcd(a, m_modulus));} - - const Element& MultiplicativeIdentity() const - {return m_domain.MultiplicativeIdentity();} - - const Element& Multiply(const Element &a, const Element &b) const - {return m_domain.Mod(m_domain.Multiply(a, b), m_modulus);} - - const Element& Square(const Element &a) const - {return m_domain.Mod(m_domain.Square(a), m_modulus);} - - const Element& MultiplicativeInverse(const Element &a) const; - - bool operator==(const QuotientRing<T> &rhs) const - {return m_domain == rhs.m_domain && m_modulus == rhs.m_modulus;} - -protected: - EuclideanDomain m_domain; - Element m_modulus; -}; - -NAMESPACE_END - -#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES -#include "algebra.cpp" -#endif - -#endif diff --git a/cryptopp562/algparam.cpp b/cryptopp562/algparam.cpp deleted file mode 100644 index a70d5dd..0000000 --- a/cryptopp562/algparam.cpp +++ /dev/null @@ -1,75 +0,0 @@ -// algparam.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "algparam.h" - -NAMESPACE_BEGIN(CryptoPP) - -PAssignIntToInteger g_pAssignIntToInteger = NULL; - -bool CombinedNameValuePairs::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - if (strcmp(name, "ValueNames") == 0) - return m_pairs1.GetVoidValue(name, valueType, pValue) && m_pairs2.GetVoidValue(name, valueType, pValue); - else - return m_pairs1.GetVoidValue(name, valueType, pValue) || m_pairs2.GetVoidValue(name, valueType, pValue); -} - -void AlgorithmParametersBase::operator=(const AlgorithmParametersBase& rhs) -{ - assert(false); -} - -bool AlgorithmParametersBase::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - if (strcmp(name, "ValueNames") == 0) - { - NameValuePairs::ThrowIfTypeMismatch(name, typeid(std::string), valueType); - if (m_next.get()) - m_next->GetVoidValue(name, valueType, pValue); - (*reinterpret_cast<std::string *>(pValue) += m_name) += ";"; - return true; - } - else if (strcmp(name, m_name) == 0) - { - AssignValue(name, valueType, pValue); - m_used = true; - return true; - } - else if (m_next.get()) - return m_next->GetVoidValue(name, valueType, pValue); - else - return false; -} - -AlgorithmParameters::AlgorithmParameters() - : m_defaultThrowIfNotUsed(true) -{ -} - -AlgorithmParameters::AlgorithmParameters(const AlgorithmParameters &x) - : m_defaultThrowIfNotUsed(x.m_defaultThrowIfNotUsed) -{ - m_next.reset(const_cast<AlgorithmParameters &>(x).m_next.release()); -} - -AlgorithmParameters & AlgorithmParameters::operator=(const AlgorithmParameters &x) -{ - m_next.reset(const_cast<AlgorithmParameters &>(x).m_next.release()); - return *this; -} - -bool AlgorithmParameters::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - if (m_next.get()) - return m_next->GetVoidValue(name, valueType, pValue); - else - return false; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/algparam.h b/cryptopp562/algparam.h deleted file mode 100644 index ea5129c..0000000 --- a/cryptopp562/algparam.h +++ /dev/null @@ -1,398 +0,0 @@ -#ifndef CRYPTOPP_ALGPARAM_H -#define CRYPTOPP_ALGPARAM_H - -#include "cryptlib.h" -#include "smartptr.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! used to pass byte array input as part of a NameValuePairs object -/*! the deepCopy option is used when the NameValuePairs object can't - keep a copy of the data available */ -class ConstByteArrayParameter -{ -public: - ConstByteArrayParameter(const char *data = NULL, bool deepCopy = false) - { - Assign((const byte *)data, data ? strlen(data) : 0, deepCopy); - } - ConstByteArrayParameter(const byte *data, size_t size, bool deepCopy = false) - { - Assign(data, size, deepCopy); - } - template <class T> ConstByteArrayParameter(const T &string, bool deepCopy = false) - { - CRYPTOPP_COMPILE_ASSERT(sizeof(CPP_TYPENAME T::value_type) == 1); - Assign((const byte *)string.data(), string.size(), deepCopy); - } - - void Assign(const byte *data, size_t size, bool deepCopy) - { - if (deepCopy) - m_block.Assign(data, size); - else - { - m_data = data; - m_size = size; - } - m_deepCopy = deepCopy; - } - - const byte *begin() const {return m_deepCopy ? m_block.begin() : m_data;} - const byte *end() const {return m_deepCopy ? m_block.end() : m_data + m_size;} - size_t size() const {return m_deepCopy ? m_block.size() : m_size;} - -private: - bool m_deepCopy; - const byte *m_data; - size_t m_size; - SecByteBlock m_block; -}; - -class ByteArrayParameter -{ -public: - ByteArrayParameter(byte *data = NULL, unsigned int size = 0) - : m_data(data), m_size(size) {} - ByteArrayParameter(SecByteBlock &block) - : m_data(block.begin()), m_size(block.size()) {} - - byte *begin() const {return m_data;} - byte *end() const {return m_data + m_size;} - size_t size() const {return m_size;} - -private: - byte *m_data; - size_t m_size; -}; - -class CRYPTOPP_DLL CombinedNameValuePairs : public NameValuePairs -{ -public: - CombinedNameValuePairs(const NameValuePairs &pairs1, const NameValuePairs &pairs2) - : m_pairs1(pairs1), m_pairs2(pairs2) {} - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - -private: - const NameValuePairs &m_pairs1, &m_pairs2; -}; - -template <class T, class BASE> -class GetValueHelperClass -{ -public: - GetValueHelperClass(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst) - : m_pObject(pObject), m_name(name), m_valueType(&valueType), m_pValue(pValue), m_found(false), m_getValueNames(false) - { - if (strcmp(m_name, "ValueNames") == 0) - { - m_found = m_getValueNames = true; - NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(std::string), *m_valueType); - if (searchFirst) - searchFirst->GetVoidValue(m_name, valueType, pValue); - if (typeid(T) != typeid(BASE)) - pObject->BASE::GetVoidValue(m_name, valueType, pValue); - ((*reinterpret_cast<std::string *>(m_pValue) += "ThisPointer:") += typeid(T).name()) += ';'; - } - - if (!m_found && strncmp(m_name, "ThisPointer:", 12) == 0 && strcmp(m_name+12, typeid(T).name()) == 0) - { - NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(T *), *m_valueType); - *reinterpret_cast<const T **>(pValue) = pObject; - m_found = true; - return; - } - - if (!m_found && searchFirst) - m_found = searchFirst->GetVoidValue(m_name, valueType, pValue); - - if (!m_found && typeid(T) != typeid(BASE)) - m_found = pObject->BASE::GetVoidValue(m_name, valueType, pValue); - } - - operator bool() const {return m_found;} - - template <class R> - GetValueHelperClass<T,BASE> & operator()(const char *name, const R & (T::*pm)() const) - { - if (m_getValueNames) - (*reinterpret_cast<std::string *>(m_pValue) += name) += ";"; - if (!m_found && strcmp(name, m_name) == 0) - { - NameValuePairs::ThrowIfTypeMismatch(name, typeid(R), *m_valueType); - *reinterpret_cast<R *>(m_pValue) = (m_pObject->*pm)(); - m_found = true; - } - return *this; - } - - GetValueHelperClass<T,BASE> &Assignable() - { -#ifndef __INTEL_COMPILER // ICL 9.1 workaround: Intel compiler copies the vTable pointer for some reason - if (m_getValueNames) - ((*reinterpret_cast<std::string *>(m_pValue) += "ThisObject:") += typeid(T).name()) += ';'; - if (!m_found && strncmp(m_name, "ThisObject:", 11) == 0 && strcmp(m_name+11, typeid(T).name()) == 0) - { - NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(T), *m_valueType); - *reinterpret_cast<T *>(m_pValue) = *m_pObject; - m_found = true; - } -#endif - return *this; - } - -private: - const T *m_pObject; - const char *m_name; - const std::type_info *m_valueType; - void *m_pValue; - bool m_found, m_getValueNames; -}; - -template <class BASE, class T> -GetValueHelperClass<T, BASE> GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst=NULL, BASE *dummy=NULL) -{ - return GetValueHelperClass<T, BASE>(pObject, name, valueType, pValue, searchFirst); -} - -template <class T> -GetValueHelperClass<T, T> GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst=NULL) -{ - return GetValueHelperClass<T, T>(pObject, name, valueType, pValue, searchFirst); -} - -// ******************************************************** - -template <class R> -R Hack_DefaultValueFromConstReferenceType(const R &) -{ - return R(); -} - -template <class R> -bool Hack_GetValueIntoConstReference(const NameValuePairs &source, const char *name, const R &value) -{ - return source.GetValue(name, const_cast<R &>(value)); -} - -template <class T, class BASE> -class AssignFromHelperClass -{ -public: - AssignFromHelperClass(T *pObject, const NameValuePairs &source) - : m_pObject(pObject), m_source(source), m_done(false) - { - if (source.GetThisObject(*pObject)) - m_done = true; - else if (typeid(BASE) != typeid(T)) - pObject->BASE::AssignFrom(source); - } - - template <class R> - AssignFromHelperClass & operator()(const char *name, void (T::*pm)(R)) // VC60 workaround: "const R &" here causes compiler error - { - if (!m_done) - { - R value = Hack_DefaultValueFromConstReferenceType(reinterpret_cast<R>(*(int *)NULL)); - if (!Hack_GetValueIntoConstReference(m_source, name, value)) - throw InvalidArgument(std::string(typeid(T).name()) + ": Missing required parameter '" + name + "'"); - (m_pObject->*pm)(value); - } - return *this; - } - - template <class R, class S> - AssignFromHelperClass & operator()(const char *name1, const char *name2, void (T::*pm)(R, S)) // VC60 workaround: "const R &" here causes compiler error - { - if (!m_done) - { - R value1 = Hack_DefaultValueFromConstReferenceType(reinterpret_cast<R>(*(int *)NULL)); - if (!Hack_GetValueIntoConstReference(m_source, name1, value1)) - throw InvalidArgument(std::string(typeid(T).name()) + ": Missing required parameter '" + name1 + "'"); - S value2 = Hack_DefaultValueFromConstReferenceType(reinterpret_cast<S>(*(int *)NULL)); - if (!Hack_GetValueIntoConstReference(m_source, name2, value2)) - throw InvalidArgument(std::string(typeid(T).name()) + ": Missing required parameter '" + name2 + "'"); - (m_pObject->*pm)(value1, value2); - } - return *this; - } - -private: - T *m_pObject; - const NameValuePairs &m_source; - bool m_done; -}; - -template <class BASE, class T> -AssignFromHelperClass<T, BASE> AssignFromHelper(T *pObject, const NameValuePairs &source, BASE *dummy=NULL) -{ - return AssignFromHelperClass<T, BASE>(pObject, source); -} - -template <class T> -AssignFromHelperClass<T, T> AssignFromHelper(T *pObject, const NameValuePairs &source) -{ - return AssignFromHelperClass<T, T>(pObject, source); -} - -// ******************************************************** - -// to allow the linker to discard Integer code if not needed. -typedef bool (CRYPTOPP_API * PAssignIntToInteger)(const std::type_info &valueType, void *pInteger, const void *pInt); -CRYPTOPP_DLL extern PAssignIntToInteger g_pAssignIntToInteger; - -CRYPTOPP_DLL const std::type_info & CRYPTOPP_API IntegerTypeId(); - -class CRYPTOPP_DLL AlgorithmParametersBase -{ -public: - class ParameterNotUsed : public Exception - { - public: - ParameterNotUsed(const char *name) : Exception(OTHER_ERROR, std::string("AlgorithmParametersBase: parameter \"") + name + "\" not used") {} - }; - - // this is actually a move, not a copy - AlgorithmParametersBase(const AlgorithmParametersBase &x) - : m_name(x.m_name), m_throwIfNotUsed(x.m_throwIfNotUsed), m_used(x.m_used) - { - m_next.reset(const_cast<AlgorithmParametersBase &>(x).m_next.release()); - x.m_used = true; - } - - AlgorithmParametersBase(const char *name, bool throwIfNotUsed) - : m_name(name), m_throwIfNotUsed(throwIfNotUsed), m_used(false) {} - - virtual ~AlgorithmParametersBase() - { -#ifdef CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE - if (!std::uncaught_exception()) -#else - try -#endif - { - if (m_throwIfNotUsed && !m_used) - throw ParameterNotUsed(m_name); - } -#ifndef CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE - catch(...) - { - } -#endif - } - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - -protected: - friend class AlgorithmParameters; - void operator=(const AlgorithmParametersBase& rhs); // assignment not allowed, declare this for VC60 - - virtual void AssignValue(const char *name, const std::type_info &valueType, void *pValue) const =0; - virtual void MoveInto(void *p) const =0; // not really const - - const char *m_name; - bool m_throwIfNotUsed; - mutable bool m_used; - member_ptr<AlgorithmParametersBase> m_next; -}; - -template <class T> -class AlgorithmParametersTemplate : public AlgorithmParametersBase -{ -public: - AlgorithmParametersTemplate(const char *name, const T &value, bool throwIfNotUsed) - : AlgorithmParametersBase(name, throwIfNotUsed), m_value(value) - { - } - - void AssignValue(const char *name, const std::type_info &valueType, void *pValue) const - { - // special case for retrieving an Integer parameter when an int was passed in - if (!(g_pAssignIntToInteger != NULL && typeid(T) == typeid(int) && g_pAssignIntToInteger(valueType, pValue, &m_value))) - { - NameValuePairs::ThrowIfTypeMismatch(name, typeid(T), valueType); - *reinterpret_cast<T *>(pValue) = m_value; - } - } - - void MoveInto(void *buffer) const - { - AlgorithmParametersTemplate<T>* p = new(buffer) AlgorithmParametersTemplate<T>(*this); - } - -protected: - T m_value; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS AlgorithmParametersTemplate<bool>; -CRYPTOPP_DLL_TEMPLATE_CLASS AlgorithmParametersTemplate<int>; -CRYPTOPP_DLL_TEMPLATE_CLASS AlgorithmParametersTemplate<ConstByteArrayParameter>; - -class CRYPTOPP_DLL AlgorithmParameters : public NameValuePairs -{ -public: - AlgorithmParameters(); - -#ifdef __BORLANDC__ - template <class T> - AlgorithmParameters(const char *name, const T &value, bool throwIfNotUsed=true) - : m_next(new AlgorithmParametersTemplate<T>(name, value, throwIfNotUsed)) - , m_defaultThrowIfNotUsed(throwIfNotUsed) - { - } -#endif - - AlgorithmParameters(const AlgorithmParameters &x); - - AlgorithmParameters & operator=(const AlgorithmParameters &x); - - template <class T> - AlgorithmParameters & operator()(const char *name, const T &value, bool throwIfNotUsed) - { - member_ptr<AlgorithmParametersBase> p(new AlgorithmParametersTemplate<T>(name, value, throwIfNotUsed)); - p->m_next.reset(m_next.release()); - m_next.reset(p.release()); - m_defaultThrowIfNotUsed = throwIfNotUsed; - return *this; - } - - template <class T> - AlgorithmParameters & operator()(const char *name, const T &value) - { - return operator()(name, value, m_defaultThrowIfNotUsed); - } - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - -protected: - member_ptr<AlgorithmParametersBase> m_next; - bool m_defaultThrowIfNotUsed; -}; - -//! Create an object that implements NameValuePairs for passing parameters -/*! \param throwIfNotUsed if true, the object will throw an exception if the value is not accessed - \note throwIfNotUsed is ignored if using a compiler that does not support std::uncaught_exception(), - such as MSVC 7.0 and earlier. - \note A NameValuePairs object containing an arbitrary number of name value pairs may be constructed by - repeatedly using operator() on the object returned by MakeParameters, for example: - AlgorithmParameters parameters = MakeParameters(name1, value1)(name2, value2)(name3, value3); -*/ -#ifdef __BORLANDC__ -typedef AlgorithmParameters MakeParameters; -#else -template <class T> -AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed = true) -{ - return AlgorithmParameters()(name, value, throwIfNotUsed); -} -#endif - -#define CRYPTOPP_GET_FUNCTION_ENTRY(name) (Name::name(), &ThisClass::Get##name) -#define CRYPTOPP_SET_FUNCTION_ENTRY(name) (Name::name(), &ThisClass::Set##name) -#define CRYPTOPP_SET_FUNCTION_ENTRY2(name1, name2) (Name::name1(), Name::name2(), &ThisClass::Set##name1##And##name2) - -NAMESPACE_END - -#endif diff --git a/cryptopp562/arc4.cpp b/cryptopp562/arc4.cpp deleted file mode 100644 index b5c2730..0000000 --- a/cryptopp562/arc4.cpp +++ /dev/null @@ -1,120 +0,0 @@ -// arc4.cpp - written and placed in the public domain by Wei Dai - -// The ARC4 algorithm was first revealed in an anonymous email to the -// cypherpunks mailing list. This file originally contained some -// code copied from this email. The code has since been rewritten in order -// to clarify the copyright status of this file. It should now be -// completely in the public domain. - -#include "pch.h" -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "arc4.h" - -NAMESPACE_BEGIN(CryptoPP) -namespace Weak1 { - -void ARC4_TestInstantiations() -{ - ARC4 x; -} - -ARC4_Base::~ARC4_Base() -{ - m_x = m_y = 0; -} - -void ARC4_Base::UncheckedSetKey(const byte *key, unsigned int keyLen, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(keyLen); - - m_x = 1; - m_y = 0; - - unsigned int i; - for (i=0; i<256; i++) - m_state[i] = i; - - unsigned int keyIndex = 0, stateIndex = 0; - for (i=0; i<256; i++) - { - unsigned int a = m_state[i]; - stateIndex += key[keyIndex] + a; - stateIndex &= 0xff; - m_state[i] = m_state[stateIndex]; - m_state[stateIndex] = a; - if (++keyIndex >= keyLen) - keyIndex = 0; - } - - int discardBytes = params.GetIntValueWithDefault("DiscardBytes", GetDefaultDiscardBytes()); - DiscardBytes(discardBytes); -} - -template <class T> -static inline unsigned int MakeByte(T &x, T &y, byte *s) -{ - unsigned int a = s[x]; - y = (y+a) & 0xff; - unsigned int b = s[y]; - s[x] = b; - s[y] = a; - x = (x+1) & 0xff; - return s[(a+b) & 0xff]; -} - -void ARC4_Base::GenerateBlock(byte *output, size_t size) -{ - while (size--) - *output++ = MakeByte(m_x, m_y, m_state); -} - -void ARC4_Base::ProcessData(byte *outString, const byte *inString, size_t length) -{ - if (length == 0) - return; - - byte *const s = m_state; - unsigned int x = m_x; - unsigned int y = m_y; - - if (inString == outString) - { - do - { - *outString++ ^= MakeByte(x, y, s); - } while (--length); - } - else - { - do - { - *outString++ = *inString++ ^ MakeByte(x, y, s); - } - while(--length); - } - - m_x = x; - m_y = y; -} - -void ARC4_Base::DiscardBytes(size_t length) -{ - if (length == 0) - return; - - byte *const s = m_state; - unsigned int x = m_x; - unsigned int y = m_y; - - do - { - MakeByte(x, y, s); - } - while(--length); - - m_x = x; - m_y = y; -} - -} -NAMESPACE_END diff --git a/cryptopp562/arc4.h b/cryptopp562/arc4.h deleted file mode 100644 index 9dcc92e..0000000 --- a/cryptopp562/arc4.h +++ /dev/null @@ -1,71 +0,0 @@ -#ifndef CRYPTOPP_ARC4_H -#define CRYPTOPP_ARC4_H - -#include "strciphr.h" - -NAMESPACE_BEGIN(CryptoPP) - -namespace Weak1 { - -//! _ -class CRYPTOPP_NO_VTABLE ARC4_Base : public VariableKeyLength<16, 1, 256>, public RandomNumberGenerator, public SymmetricCipher, public SymmetricCipherDocumentation -{ -public: - ~ARC4_Base(); - - static const char *StaticAlgorithmName() {return "ARC4";} - - void GenerateBlock(byte *output, size_t size); - void DiscardBytes(size_t n); - - void ProcessData(byte *outString, const byte *inString, size_t length); - - bool IsRandomAccess() const {return false;} - bool IsSelfInverting() const {return true;} - bool IsForwardTransformation() const {return true;} - - typedef SymmetricCipherFinal<ARC4_Base> Encryption; - typedef SymmetricCipherFinal<ARC4_Base> Decryption; - -protected: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - virtual unsigned int GetDefaultDiscardBytes() const {return 0;} - - FixedSizeSecBlock<byte, 256> m_state; - byte m_x, m_y; -}; - -//! <a href="http://www.weidai.com/scan-mirror/cs.html#RC4">Alleged RC4</a> -DOCUMENTED_TYPEDEF(SymmetricCipherFinal<ARC4_Base>, ARC4) - -//! _ -class CRYPTOPP_NO_VTABLE MARC4_Base : public ARC4_Base -{ -public: - static const char *StaticAlgorithmName() {return "MARC4";} - - typedef SymmetricCipherFinal<MARC4_Base> Encryption; - typedef SymmetricCipherFinal<MARC4_Base> Decryption; - -protected: - unsigned int GetDefaultDiscardBytes() const {return 256;} -}; - -//! Modified ARC4: it discards the first 256 bytes of keystream which may be weaker than the rest -DOCUMENTED_TYPEDEF(SymmetricCipherFinal<MARC4_Base>, MARC4) - -} -#if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1 -namespace Weak {using namespace Weak1;} // import Weak1 into CryptoPP::Weak -#else -using namespace Weak1; // import Weak1 into CryptoPP with warning -#ifdef __GNUC__ -#warning "You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning." -#else -#pragma message("You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning.") -#endif -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/argnames.h b/cryptopp562/argnames.h deleted file mode 100644 index e961725..0000000 --- a/cryptopp562/argnames.h +++ /dev/null @@ -1,81 +0,0 @@ -#ifndef CRYPTOPP_ARGNAMES_H -#define CRYPTOPP_ARGNAMES_H - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -DOCUMENTED_NAMESPACE_BEGIN(Name) - -#define CRYPTOPP_DEFINE_NAME_STRING(name) inline const char *name() {return #name;} - -CRYPTOPP_DEFINE_NAME_STRING(ValueNames) //!< string, a list of value names with a semicolon (';') after each name -CRYPTOPP_DEFINE_NAME_STRING(Version) //!< int -CRYPTOPP_DEFINE_NAME_STRING(Seed) //!< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(Key) //!< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(IV) //!< ConstByteArrayParameter, also accepts const byte * for backwards compatibility -CRYPTOPP_DEFINE_NAME_STRING(StolenIV) //!< byte * -CRYPTOPP_DEFINE_NAME_STRING(Rounds) //!< int -CRYPTOPP_DEFINE_NAME_STRING(FeedbackSize) //!< int -CRYPTOPP_DEFINE_NAME_STRING(WordSize) //!< int, in bytes -CRYPTOPP_DEFINE_NAME_STRING(BlockSize) //!< int, in bytes -CRYPTOPP_DEFINE_NAME_STRING(EffectiveKeyLength) //!< int, in bits -CRYPTOPP_DEFINE_NAME_STRING(KeySize) //!< int, in bits -CRYPTOPP_DEFINE_NAME_STRING(ModulusSize) //!< int, in bits -CRYPTOPP_DEFINE_NAME_STRING(SubgroupOrderSize) //!< int, in bits -CRYPTOPP_DEFINE_NAME_STRING(PrivateExponentSize)//!< int, in bits -CRYPTOPP_DEFINE_NAME_STRING(Modulus) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(PublicExponent) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(PrivateExponent) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(PublicElement) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(SubgroupOrder) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(Cofactor) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(SubgroupGenerator) //!< Integer, ECP::Point, or EC2N::Point -CRYPTOPP_DEFINE_NAME_STRING(Curve) //!< ECP or EC2N -CRYPTOPP_DEFINE_NAME_STRING(GroupOID) //!< OID -CRYPTOPP_DEFINE_NAME_STRING(PointerToPrimeSelector) //!< const PrimeSelector * -CRYPTOPP_DEFINE_NAME_STRING(Prime1) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(Prime2) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(ModPrime1PrivateExponent) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(ModPrime2PrivateExponent) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(MultiplicativeInverseOfPrime2ModPrime1) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(QuadraticResidueModPrime1) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(QuadraticResidueModPrime2) //!< Integer -CRYPTOPP_DEFINE_NAME_STRING(PutMessage) //!< bool -CRYPTOPP_DEFINE_NAME_STRING(TruncatedDigestSize) //!< int -CRYPTOPP_DEFINE_NAME_STRING(BlockPaddingScheme) //!< StreamTransformationFilter::BlockPaddingScheme -CRYPTOPP_DEFINE_NAME_STRING(HashVerificationFilterFlags) //!< word32 -CRYPTOPP_DEFINE_NAME_STRING(AuthenticatedDecryptionFilterFlags) //!< word32 -CRYPTOPP_DEFINE_NAME_STRING(SignatureVerificationFilterFlags) //!< word32 -CRYPTOPP_DEFINE_NAME_STRING(InputBuffer) //!< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(OutputBuffer) //!< ByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(InputFileName) //!< const char * -CRYPTOPP_DEFINE_NAME_STRING(InputFileNameWide) //!< const wchar_t * -CRYPTOPP_DEFINE_NAME_STRING(InputStreamPointer) //!< std::istream * -CRYPTOPP_DEFINE_NAME_STRING(InputBinaryMode) //!< bool -CRYPTOPP_DEFINE_NAME_STRING(OutputFileName) //!< const char * -CRYPTOPP_DEFINE_NAME_STRING(OutputFileNameWide) //!< const wchar_t * -CRYPTOPP_DEFINE_NAME_STRING(OutputStreamPointer) //!< std::ostream * -CRYPTOPP_DEFINE_NAME_STRING(OutputBinaryMode) //!< bool -CRYPTOPP_DEFINE_NAME_STRING(EncodingParameters) //!< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(KeyDerivationParameters) //!< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(Separator) //< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(Terminator) //< ConstByteArrayParameter -CRYPTOPP_DEFINE_NAME_STRING(Uppercase) //< bool -CRYPTOPP_DEFINE_NAME_STRING(GroupSize) //< int -CRYPTOPP_DEFINE_NAME_STRING(Pad) //< bool -CRYPTOPP_DEFINE_NAME_STRING(PaddingByte) //< byte -CRYPTOPP_DEFINE_NAME_STRING(Log2Base) //< int -CRYPTOPP_DEFINE_NAME_STRING(EncodingLookupArray) //< const byte * -CRYPTOPP_DEFINE_NAME_STRING(DecodingLookupArray) //< const byte * -CRYPTOPP_DEFINE_NAME_STRING(InsertLineBreaks) //< bool -CRYPTOPP_DEFINE_NAME_STRING(MaxLineLength) //< int -CRYPTOPP_DEFINE_NAME_STRING(DigestSize) //!< int, in bytes -CRYPTOPP_DEFINE_NAME_STRING(L1KeyLength) //!< int, in bytes -CRYPTOPP_DEFINE_NAME_STRING(TableSize) //!< int, in bytes - -DOCUMENTED_NAMESPACE_END - -NAMESPACE_END - -#endif diff --git a/cryptopp562/asn.cpp b/cryptopp562/asn.cpp deleted file mode 100644 index 8ae1ad6..0000000 --- a/cryptopp562/asn.cpp +++ /dev/null @@ -1,597 +0,0 @@ -// asn.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "asn.h" - -#include <iomanip> -#include <time.h> - -NAMESPACE_BEGIN(CryptoPP) -USING_NAMESPACE(std) - -/// DER Length -size_t DERLengthEncode(BufferedTransformation &bt, lword length) -{ - size_t i=0; - if (length <= 0x7f) - { - bt.Put(byte(length)); - i++; - } - else - { - bt.Put(byte(BytePrecision(length) | 0x80)); - i++; - for (int j=BytePrecision(length); j; --j) - { - bt.Put(byte(length >> (j-1)*8)); - i++; - } - } - return i; -} - -bool BERLengthDecode(BufferedTransformation &bt, lword &length, bool &definiteLength) -{ - byte b; - - if (!bt.Get(b)) - return false; - - if (!(b & 0x80)) - { - definiteLength = true; - length = b; - } - else - { - unsigned int lengthBytes = b & 0x7f; - - if (lengthBytes == 0) - { - definiteLength = false; - return true; - } - - definiteLength = true; - length = 0; - while (lengthBytes--) - { - if (length >> (8*(sizeof(length)-1))) - BERDecodeError(); // length about to overflow - - if (!bt.Get(b)) - return false; - - length = (length << 8) | b; - } - } - return true; -} - -bool BERLengthDecode(BufferedTransformation &bt, size_t &length) -{ - lword lw; - bool definiteLength; - if (!BERLengthDecode(bt, lw, definiteLength)) - BERDecodeError(); - if (!SafeConvert(lw, length)) - BERDecodeError(); - return definiteLength; -} - -void DEREncodeNull(BufferedTransformation &out) -{ - out.Put(TAG_NULL); - out.Put(0); -} - -void BERDecodeNull(BufferedTransformation &in) -{ - byte b; - if (!in.Get(b) || b != TAG_NULL) - BERDecodeError(); - size_t length; - if (!BERLengthDecode(in, length) || length != 0) - BERDecodeError(); -} - -/// ASN Strings -size_t DEREncodeOctetString(BufferedTransformation &bt, const byte *str, size_t strLen) -{ - bt.Put(OCTET_STRING); - size_t lengthBytes = DERLengthEncode(bt, strLen); - bt.Put(str, strLen); - return 1+lengthBytes+strLen; -} - -size_t DEREncodeOctetString(BufferedTransformation &bt, const SecByteBlock &str) -{ - return DEREncodeOctetString(bt, str.begin(), str.size()); -} - -size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str) -{ - byte b; - if (!bt.Get(b) || b != OCTET_STRING) - BERDecodeError(); - - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); - - str.resize(bc); - if (bc != bt.Get(str, bc)) - BERDecodeError(); - return bc; -} - -size_t BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation &str) -{ - byte b; - if (!bt.Get(b) || b != OCTET_STRING) - BERDecodeError(); - - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); - - bt.TransferTo(str, bc); - return bc; -} - -size_t DEREncodeTextString(BufferedTransformation &bt, const std::string &str, byte asnTag) -{ - bt.Put(asnTag); - size_t lengthBytes = DERLengthEncode(bt, str.size()); - bt.Put((const byte *)str.data(), str.size()); - return 1+lengthBytes+str.size(); -} - -size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte asnTag) -{ - byte b; - if (!bt.Get(b) || b != asnTag) - BERDecodeError(); - - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); - - SecByteBlock temp(bc); - if (bc != bt.Get(temp, bc)) - BERDecodeError(); - str.assign((char *)temp.begin(), bc); - return bc; -} - -/// ASN BitString -size_t DEREncodeBitString(BufferedTransformation &bt, const byte *str, size_t strLen, unsigned int unusedBits) -{ - bt.Put(BIT_STRING); - size_t lengthBytes = DERLengthEncode(bt, strLen+1); - bt.Put((byte)unusedBits); - bt.Put(str, strLen); - return 2+lengthBytes+strLen; -} - -size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigned int &unusedBits) -{ - byte b; - if (!bt.Get(b) || b != BIT_STRING) - BERDecodeError(); - - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); - - byte unused; - if (!bt.Get(unused)) - BERDecodeError(); - unusedBits = unused; - str.resize(bc-1); - if ((bc-1) != bt.Get(str, bc-1)) - BERDecodeError(); - return bc-1; -} - -void DERReencode(BufferedTransformation &source, BufferedTransformation &dest) -{ - byte tag; - source.Peek(tag); - BERGeneralDecoder decoder(source, tag); - DERGeneralEncoder encoder(dest, tag); - if (decoder.IsDefiniteLength()) - decoder.TransferTo(encoder, decoder.RemainingLength()); - else - { - while (!decoder.EndReached()) - DERReencode(decoder, encoder); - } - decoder.MessageEnd(); - encoder.MessageEnd(); -} - -void OID::EncodeValue(BufferedTransformation &bt, word32 v) -{ - for (unsigned int i=RoundUpToMultipleOf(STDMAX(7U,BitPrecision(v)), 7U)-7; i != 0; i-=7) - bt.Put((byte)(0x80 | ((v >> i) & 0x7f))); - bt.Put((byte)(v & 0x7f)); -} - -size_t OID::DecodeValue(BufferedTransformation &bt, word32 &v) -{ - byte b; - size_t i=0; - v = 0; - while (true) - { - if (!bt.Get(b)) - BERDecodeError(); - i++; - if (v >> (8*sizeof(v)-7)) // v about to overflow - BERDecodeError(); - v <<= 7; - v += b & 0x7f; - if (!(b & 0x80)) - return i; - } -} - -void OID::DEREncode(BufferedTransformation &bt) const -{ - assert(m_values.size() >= 2); - ByteQueue temp; - temp.Put(byte(m_values[0] * 40 + m_values[1])); - for (size_t i=2; i<m_values.size(); i++) - EncodeValue(temp, m_values[i]); - bt.Put(OBJECT_IDENTIFIER); - DERLengthEncode(bt, temp.CurrentSize()); - temp.TransferTo(bt); -} - -void OID::BERDecode(BufferedTransformation &bt) -{ - byte b; - if (!bt.Get(b) || b != OBJECT_IDENTIFIER) - BERDecodeError(); - - size_t length; - if (!BERLengthDecode(bt, length) || length < 1) - BERDecodeError(); - - if (!bt.Get(b)) - BERDecodeError(); - - length--; - m_values.resize(2); - m_values[0] = b / 40; - m_values[1] = b % 40; - - while (length > 0) - { - word32 v; - size_t valueLen = DecodeValue(bt, v); - if (valueLen > length) - BERDecodeError(); - m_values.push_back(v); - length -= valueLen; - } -} - -void OID::BERDecodeAndCheck(BufferedTransformation &bt) const -{ - OID oid(bt); - if (*this != oid) - BERDecodeError(); -} - -inline BufferedTransformation & EncodedObjectFilter::CurrentTarget() -{ - if (m_flags & PUT_OBJECTS) - return *AttachedTransformation(); - else - return TheBitBucket(); -} - -void EncodedObjectFilter::Put(const byte *inString, size_t length) -{ - if (m_nCurrentObject == m_nObjects) - { - AttachedTransformation()->Put(inString, length); - return; - } - - LazyPutter lazyPutter(m_queue, inString, length); - - while (m_queue.AnyRetrievable()) - { - switch (m_state) - { - case IDENTIFIER: - if (!m_queue.Get(m_id)) - return; - m_queue.TransferTo(CurrentTarget(), 1); - m_state = LENGTH; // fall through - case LENGTH: - { - byte b; - if (m_level > 0 && m_id == 0 && m_queue.Peek(b) && b == 0) - { - m_queue.TransferTo(CurrentTarget(), 1); - m_level--; - m_state = IDENTIFIER; - break; - } - ByteQueue::Walker walker(m_queue); - bool definiteLength; - if (!BERLengthDecode(walker, m_lengthRemaining, definiteLength)) - return; - m_queue.TransferTo(CurrentTarget(), walker.GetCurrentPosition()); - if (!((m_id & CONSTRUCTED) || definiteLength)) - BERDecodeError(); - if (!definiteLength) - { - if (!(m_id & CONSTRUCTED)) - BERDecodeError(); - m_level++; - m_state = IDENTIFIER; - break; - } - m_state = BODY; // fall through - } - case BODY: - m_lengthRemaining -= m_queue.TransferTo(CurrentTarget(), m_lengthRemaining); - - if (m_lengthRemaining == 0) - m_state = IDENTIFIER; - } - - if (m_state == IDENTIFIER && m_level == 0) - { - // just finished processing a level 0 object - ++m_nCurrentObject; - - if (m_flags & PUT_MESSANGE_END_AFTER_EACH_OBJECT) - AttachedTransformation()->MessageEnd(); - - if (m_nCurrentObject == m_nObjects) - { - if (m_flags & PUT_MESSANGE_END_AFTER_ALL_OBJECTS) - AttachedTransformation()->MessageEnd(); - - if (m_flags & PUT_MESSANGE_SERIES_END_AFTER_ALL_OBJECTS) - AttachedTransformation()->MessageSeriesEnd(); - - m_queue.TransferAllTo(*AttachedTransformation()); - return; - } - } - } -} - -BERGeneralDecoder::BERGeneralDecoder(BufferedTransformation &inQueue, byte asnTag) - : m_inQueue(inQueue), m_finished(false) -{ - Init(asnTag); -} - -BERGeneralDecoder::BERGeneralDecoder(BERGeneralDecoder &inQueue, byte asnTag) - : m_inQueue(inQueue), m_finished(false) -{ - Init(asnTag); -} - -void BERGeneralDecoder::Init(byte asnTag) -{ - byte b; - if (!m_inQueue.Get(b) || b != asnTag) - BERDecodeError(); - - if (!BERLengthDecode(m_inQueue, m_length, m_definiteLength)) - BERDecodeError(); - - if (!m_definiteLength && !(asnTag & CONSTRUCTED)) - BERDecodeError(); // cannot be primitive and have indefinite length -} - -BERGeneralDecoder::~BERGeneralDecoder() -{ - try // avoid throwing in constructor - { - if (!m_finished) - MessageEnd(); - } - catch (...) - { - } -} - -bool BERGeneralDecoder::EndReached() const -{ - if (m_definiteLength) - return m_length == 0; - else - { // check end-of-content octets - word16 i; - return (m_inQueue.PeekWord16(i)==2 && i==0); - } -} - -byte BERGeneralDecoder::PeekByte() const -{ - byte b; - if (!Peek(b)) - BERDecodeError(); - return b; -} - -void BERGeneralDecoder::CheckByte(byte check) -{ - byte b; - if (!Get(b) || b != check) - BERDecodeError(); -} - -void BERGeneralDecoder::MessageEnd() -{ - m_finished = true; - if (m_definiteLength) - { - if (m_length != 0) - BERDecodeError(); - } - else - { // remove end-of-content octets - word16 i; - if (m_inQueue.GetWord16(i) != 2 || i != 0) - BERDecodeError(); - } -} - -size_t BERGeneralDecoder::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - if (m_definiteLength && transferBytes > m_length) - transferBytes = m_length; - size_t blockedBytes = m_inQueue.TransferTo2(target, transferBytes, channel, blocking); - ReduceLength(transferBytes); - return blockedBytes; -} - -size_t BERGeneralDecoder::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - if (m_definiteLength) - end = STDMIN(m_length, end); - return m_inQueue.CopyRangeTo2(target, begin, end, channel, blocking); -} - -lword BERGeneralDecoder::ReduceLength(lword delta) -{ - if (m_definiteLength) - { - if (m_length < delta) - BERDecodeError(); - m_length -= delta; - } - return delta; -} - -DERGeneralEncoder::DERGeneralEncoder(BufferedTransformation &outQueue, byte asnTag) - : m_outQueue(outQueue), m_finished(false), m_asnTag(asnTag) -{ -} - -DERGeneralEncoder::DERGeneralEncoder(DERGeneralEncoder &outQueue, byte asnTag) - : m_outQueue(outQueue), m_finished(false), m_asnTag(asnTag) -{ -} - -DERGeneralEncoder::~DERGeneralEncoder() -{ - try // avoid throwing in constructor - { - if (!m_finished) - MessageEnd(); - } - catch (...) - { - } -} - -void DERGeneralEncoder::MessageEnd() -{ - m_finished = true; - lword length = CurrentSize(); - m_outQueue.Put(m_asnTag); - DERLengthEncode(m_outQueue, length); - TransferTo(m_outQueue); -} - -// ************************************************************* - -void X509PublicKey::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder subjectPublicKeyInfo(bt); - BERSequenceDecoder algorithm(subjectPublicKeyInfo); - GetAlgorithmID().BERDecodeAndCheck(algorithm); - bool parametersPresent = algorithm.EndReached() ? false : BERDecodeAlgorithmParameters(algorithm); - algorithm.MessageEnd(); - - BERGeneralDecoder subjectPublicKey(subjectPublicKeyInfo, BIT_STRING); - subjectPublicKey.CheckByte(0); // unused bits - BERDecodePublicKey(subjectPublicKey, parametersPresent, (size_t)subjectPublicKey.RemainingLength()); - subjectPublicKey.MessageEnd(); - subjectPublicKeyInfo.MessageEnd(); -} - -void X509PublicKey::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder subjectPublicKeyInfo(bt); - - DERSequenceEncoder algorithm(subjectPublicKeyInfo); - GetAlgorithmID().DEREncode(algorithm); - DEREncodeAlgorithmParameters(algorithm); - algorithm.MessageEnd(); - - DERGeneralEncoder subjectPublicKey(subjectPublicKeyInfo, BIT_STRING); - subjectPublicKey.Put(0); // unused bits - DEREncodePublicKey(subjectPublicKey); - subjectPublicKey.MessageEnd(); - - subjectPublicKeyInfo.MessageEnd(); -} - -void PKCS8PrivateKey::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder privateKeyInfo(bt); - word32 version; - BERDecodeUnsigned<word32>(privateKeyInfo, version, INTEGER, 0, 0); // check version - - BERSequenceDecoder algorithm(privateKeyInfo); - GetAlgorithmID().BERDecodeAndCheck(algorithm); - bool parametersPresent = algorithm.EndReached() ? false : BERDecodeAlgorithmParameters(algorithm); - algorithm.MessageEnd(); - - BERGeneralDecoder octetString(privateKeyInfo, OCTET_STRING); - BERDecodePrivateKey(octetString, parametersPresent, (size_t)privateKeyInfo.RemainingLength()); - octetString.MessageEnd(); - - if (!privateKeyInfo.EndReached()) - BERDecodeOptionalAttributes(privateKeyInfo); - privateKeyInfo.MessageEnd(); -} - -void PKCS8PrivateKey::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder privateKeyInfo(bt); - DEREncodeUnsigned<word32>(privateKeyInfo, 0); // version - - DERSequenceEncoder algorithm(privateKeyInfo); - GetAlgorithmID().DEREncode(algorithm); - DEREncodeAlgorithmParameters(algorithm); - algorithm.MessageEnd(); - - DERGeneralEncoder octetString(privateKeyInfo, OCTET_STRING); - DEREncodePrivateKey(octetString); - octetString.MessageEnd(); - - DEREncodeOptionalAttributes(privateKeyInfo); - privateKeyInfo.MessageEnd(); -} - -void PKCS8PrivateKey::BERDecodeOptionalAttributes(BufferedTransformation &bt) -{ - DERReencode(bt, m_optionalAttributes); -} - -void PKCS8PrivateKey::DEREncodeOptionalAttributes(BufferedTransformation &bt) const -{ - m_optionalAttributes.CopyTo(bt); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/asn.h b/cryptopp562/asn.h deleted file mode 100644 index c35126b..0000000 --- a/cryptopp562/asn.h +++ /dev/null @@ -1,369 +0,0 @@ -#ifndef CRYPTOPP_ASN_H -#define CRYPTOPP_ASN_H - -#include "filters.h" -#include "queue.h" -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -// these tags and flags are not complete -enum ASNTag -{ - BOOLEAN = 0x01, - INTEGER = 0x02, - BIT_STRING = 0x03, - OCTET_STRING = 0x04, - TAG_NULL = 0x05, - OBJECT_IDENTIFIER = 0x06, - OBJECT_DESCRIPTOR = 0x07, - EXTERNAL = 0x08, - REAL = 0x09, - ENUMERATED = 0x0a, - UTF8_STRING = 0x0c, - SEQUENCE = 0x10, - SET = 0x11, - NUMERIC_STRING = 0x12, - PRINTABLE_STRING = 0x13, - T61_STRING = 0x14, - VIDEOTEXT_STRING = 0x15, - IA5_STRING = 0x16, - UTC_TIME = 0x17, - GENERALIZED_TIME = 0x18, - GRAPHIC_STRING = 0x19, - VISIBLE_STRING = 0x1a, - GENERAL_STRING = 0x1b -}; - -enum ASNIdFlag -{ - UNIVERSAL = 0x00, -// DATA = 0x01, -// HEADER = 0x02, - CONSTRUCTED = 0x20, - APPLICATION = 0x40, - CONTEXT_SPECIFIC = 0x80, - PRIVATE = 0xc0 -}; - -inline void BERDecodeError() {throw BERDecodeErr();} - -class CRYPTOPP_DLL UnknownOID : public BERDecodeErr -{ -public: - UnknownOID() : BERDecodeErr("BER decode error: unknown object identifier") {} - UnknownOID(const char *err) : BERDecodeErr(err) {} -}; - -// unsigned int DERLengthEncode(unsigned int length, byte *output=0); -CRYPTOPP_DLL size_t CRYPTOPP_API DERLengthEncode(BufferedTransformation &out, lword length); -// returns false if indefinite length -CRYPTOPP_DLL bool CRYPTOPP_API BERLengthDecode(BufferedTransformation &in, size_t &length); - -CRYPTOPP_DLL void CRYPTOPP_API DEREncodeNull(BufferedTransformation &out); -CRYPTOPP_DLL void CRYPTOPP_API BERDecodeNull(BufferedTransformation &in); - -CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeOctetString(BufferedTransformation &out, const byte *str, size_t strLen); -CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeOctetString(BufferedTransformation &out, const SecByteBlock &str); -CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &in, SecByteBlock &str); -CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &in, BufferedTransformation &str); - -// for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING -CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeTextString(BufferedTransformation &out, const std::string &str, byte asnTag); -CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeTextString(BufferedTransformation &in, std::string &str, byte asnTag); - -CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeBitString(BufferedTransformation &out, const byte *str, size_t strLen, unsigned int unusedBits=0); -CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeBitString(BufferedTransformation &in, SecByteBlock &str, unsigned int &unusedBits); - -// BER decode from source and DER reencode into dest -CRYPTOPP_DLL void CRYPTOPP_API DERReencode(BufferedTransformation &source, BufferedTransformation &dest); - -//! Object Identifier -class CRYPTOPP_DLL OID -{ -public: - OID() {} - OID(word32 v) : m_values(1, v) {} - OID(BufferedTransformation &bt) {BERDecode(bt);} - - inline OID & operator+=(word32 rhs) {m_values.push_back(rhs); return *this;} - - void DEREncode(BufferedTransformation &bt) const; - void BERDecode(BufferedTransformation &bt); - - // throw BERDecodeErr() if decoded value doesn't equal this OID - void BERDecodeAndCheck(BufferedTransformation &bt) const; - - std::vector<word32> m_values; - -private: - static void EncodeValue(BufferedTransformation &bt, word32 v); - static size_t DecodeValue(BufferedTransformation &bt, word32 &v); -}; - -class EncodedObjectFilter : public Filter -{ -public: - enum Flag {PUT_OBJECTS=1, PUT_MESSANGE_END_AFTER_EACH_OBJECT=2, PUT_MESSANGE_END_AFTER_ALL_OBJECTS=4, PUT_MESSANGE_SERIES_END_AFTER_ALL_OBJECTS=8}; - EncodedObjectFilter(BufferedTransformation *attachment = NULL, unsigned int nObjects = 1, word32 flags = 0); - - void Put(const byte *inString, size_t length); - - unsigned int GetNumberOfCompletedObjects() const {return m_nCurrentObject;} - unsigned long GetPositionOfObject(unsigned int i) const {return m_positions[i];} - -private: - BufferedTransformation & CurrentTarget(); - - word32 m_flags; - unsigned int m_nObjects, m_nCurrentObject, m_level; - std::vector<unsigned int> m_positions; - ByteQueue m_queue; - enum State {IDENTIFIER, LENGTH, BODY, TAIL, ALL_DONE} m_state; - byte m_id; - lword m_lengthRemaining; -}; - -//! BER General Decoder -class CRYPTOPP_DLL BERGeneralDecoder : public Store -{ -public: - explicit BERGeneralDecoder(BufferedTransformation &inQueue, byte asnTag); - explicit BERGeneralDecoder(BERGeneralDecoder &inQueue, byte asnTag); - ~BERGeneralDecoder(); - - bool IsDefiniteLength() const {return m_definiteLength;} - lword RemainingLength() const {assert(m_definiteLength); return m_length;} - bool EndReached() const; - byte PeekByte() const; - void CheckByte(byte b); - - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - - // call this to denote end of sequence - void MessageEnd(); - -protected: - BufferedTransformation &m_inQueue; - bool m_finished, m_definiteLength; - lword m_length; - -private: - void Init(byte asnTag); - void StoreInitialize(const NameValuePairs ¶meters) {assert(false);} - lword ReduceLength(lword delta); -}; - -//! DER General Encoder -class CRYPTOPP_DLL DERGeneralEncoder : public ByteQueue -{ -public: - explicit DERGeneralEncoder(BufferedTransformation &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED); - explicit DERGeneralEncoder(DERGeneralEncoder &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED); - ~DERGeneralEncoder(); - - // call this to denote end of sequence - void MessageEnd(); - -private: - BufferedTransformation &m_outQueue; - bool m_finished; - - byte m_asnTag; -}; - -//! BER Sequence Decoder -class CRYPTOPP_DLL BERSequenceDecoder : public BERGeneralDecoder -{ -public: - explicit BERSequenceDecoder(BufferedTransformation &inQueue, byte asnTag = SEQUENCE | CONSTRUCTED) - : BERGeneralDecoder(inQueue, asnTag) {} - explicit BERSequenceDecoder(BERSequenceDecoder &inQueue, byte asnTag = SEQUENCE | CONSTRUCTED) - : BERGeneralDecoder(inQueue, asnTag) {} -}; - -//! DER Sequence Encoder -class CRYPTOPP_DLL DERSequenceEncoder : public DERGeneralEncoder -{ -public: - explicit DERSequenceEncoder(BufferedTransformation &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED) - : DERGeneralEncoder(outQueue, asnTag) {} - explicit DERSequenceEncoder(DERSequenceEncoder &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED) - : DERGeneralEncoder(outQueue, asnTag) {} -}; - -//! BER Set Decoder -class CRYPTOPP_DLL BERSetDecoder : public BERGeneralDecoder -{ -public: - explicit BERSetDecoder(BufferedTransformation &inQueue, byte asnTag = SET | CONSTRUCTED) - : BERGeneralDecoder(inQueue, asnTag) {} - explicit BERSetDecoder(BERSetDecoder &inQueue, byte asnTag = SET | CONSTRUCTED) - : BERGeneralDecoder(inQueue, asnTag) {} -}; - -//! DER Set Encoder -class CRYPTOPP_DLL DERSetEncoder : public DERGeneralEncoder -{ -public: - explicit DERSetEncoder(BufferedTransformation &outQueue, byte asnTag = SET | CONSTRUCTED) - : DERGeneralEncoder(outQueue, asnTag) {} - explicit DERSetEncoder(DERSetEncoder &outQueue, byte asnTag = SET | CONSTRUCTED) - : DERGeneralEncoder(outQueue, asnTag) {} -}; - -template <class T> -class ASNOptional : public member_ptr<T> -{ -public: - void BERDecode(BERSequenceDecoder &seqDecoder, byte tag, byte mask = ~CONSTRUCTED) - { - byte b; - if (seqDecoder.Peek(b) && (b & mask) == tag) - reset(new T(seqDecoder)); - } - void DEREncode(BufferedTransformation &out) - { - if (this->get() != NULL) - this->get()->DEREncode(out); - } -}; - -//! _ -template <class BASE> -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ASN1CryptoMaterial : public ASN1Object, public BASE -{ -public: - void Save(BufferedTransformation &bt) const - {BEREncode(bt);} - void Load(BufferedTransformation &bt) - {BERDecode(bt);} -}; - -//! encodes/decodes subjectPublicKeyInfo -class CRYPTOPP_DLL X509PublicKey : public ASN1CryptoMaterial<PublicKey> -{ -public: - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - virtual OID GetAlgorithmID() const =0; - virtual bool BERDecodeAlgorithmParameters(BufferedTransformation &bt) - {BERDecodeNull(bt); return false;} - virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const - {DEREncodeNull(bt); return false;} // see RFC 2459, section 7.3.1 - - //! decode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header - virtual void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size) =0; - //! encode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header - virtual void DEREncodePublicKey(BufferedTransformation &bt) const =0; -}; - -//! encodes/decodes privateKeyInfo -class CRYPTOPP_DLL PKCS8PrivateKey : public ASN1CryptoMaterial<PrivateKey> -{ -public: - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - virtual OID GetAlgorithmID() const =0; - virtual bool BERDecodeAlgorithmParameters(BufferedTransformation &bt) - {BERDecodeNull(bt); return false;} - virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const - {DEREncodeNull(bt); return false;} // see RFC 2459, section 7.3.1 - - //! decode privateKey part of privateKeyInfo, without the OCTET STRING header - virtual void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size) =0; - //! encode privateKey part of privateKeyInfo, without the OCTET STRING header - virtual void DEREncodePrivateKey(BufferedTransformation &bt) const =0; - - //! decode optional attributes including context-specific tag - /*! /note default implementation stores attributes to be output in DEREncodeOptionalAttributes */ - virtual void BERDecodeOptionalAttributes(BufferedTransformation &bt); - //! encode optional attributes including context-specific tag - virtual void DEREncodeOptionalAttributes(BufferedTransformation &bt) const; - -protected: - ByteQueue m_optionalAttributes; -}; - -// ******************************************************** - -//! DER Encode Unsigned -/*! for INTEGER, BOOLEAN, and ENUM */ -template <class T> -size_t DEREncodeUnsigned(BufferedTransformation &out, T w, byte asnTag = INTEGER) -{ - byte buf[sizeof(w)+1]; - unsigned int bc; - if (asnTag == BOOLEAN) - { - buf[sizeof(w)] = w ? 0xff : 0; - bc = 1; - } - else - { - buf[0] = 0; - for (unsigned int i=0; i<sizeof(w); i++) - buf[i+1] = byte(w >> (sizeof(w)-1-i)*8); - bc = sizeof(w); - while (bc > 1 && buf[sizeof(w)+1-bc] == 0) - --bc; - if (buf[sizeof(w)+1-bc] & 0x80) - ++bc; - } - out.Put(asnTag); - size_t lengthBytes = DERLengthEncode(out, bc); - out.Put(buf+sizeof(w)+1-bc, bc); - return 1+lengthBytes+bc; -} - -//! BER Decode Unsigned -// VC60 workaround: std::numeric_limits<T>::max conflicts with MFC max macro -// CW41 workaround: std::numeric_limits<T>::max causes a template error -template <class T> -void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER, - T minValue = 0, T maxValue = 0xffffffff) -{ - byte b; - if (!in.Get(b) || b != asnTag) - BERDecodeError(); - - size_t bc; - BERLengthDecode(in, bc); - - SecByteBlock buf(bc); - - if (bc != in.Get(buf, bc)) - BERDecodeError(); - - const byte *ptr = buf; - while (bc > sizeof(w) && *ptr == 0) - { - bc--; - ptr++; - } - if (bc > sizeof(w)) - BERDecodeError(); - - w = 0; - for (unsigned int i=0; i<bc; i++) - w = (w << 8) | ptr[i]; - - if (w < minValue || w > maxValue) - BERDecodeError(); -} - -inline bool operator==(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs) - {return lhs.m_values == rhs.m_values;} -inline bool operator!=(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs) - {return lhs.m_values != rhs.m_values;} -inline bool operator<(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs) - {return std::lexicographical_compare(lhs.m_values.begin(), lhs.m_values.end(), rhs.m_values.begin(), rhs.m_values.end());} -inline ::CryptoPP::OID operator+(const ::CryptoPP::OID &lhs, unsigned long rhs) - {return ::CryptoPP::OID(lhs)+=rhs;} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/authenc.cpp b/cryptopp562/authenc.cpp deleted file mode 100644 index 0ca5da6..0000000 --- a/cryptopp562/authenc.cpp +++ /dev/null @@ -1,180 +0,0 @@ -// authenc.cpp - written and placed in the public domain by Wei Dai
-
-#include "pch.h"
-
-#ifndef CRYPTOPP_IMPORTS
-
-#include "authenc.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-void AuthenticatedSymmetricCipherBase::AuthenticateData(const byte *input, size_t len)
-{
- unsigned int blockSize = AuthenticationBlockSize();
- unsigned int &num = m_bufferedDataLength;
- byte* data = m_buffer.begin();
-
- if (num != 0) // process left over data
- {
- if (num+len >= blockSize)
- {
- memcpy(data+num, input, blockSize-num);
- AuthenticateBlocks(data, blockSize);
- input += (blockSize-num);
- len -= (blockSize-num);
- num = 0;
- // drop through and do the rest
- }
- else
- {
- memcpy(data+num, input, len);
- num += (unsigned int)len;
- return;
- }
- }
-
- // now process the input data in blocks of blockSize bytes and save the leftovers to m_data
- if (len >= blockSize)
- {
- size_t leftOver = AuthenticateBlocks(input, len);
- input += (len - leftOver);
- len = leftOver;
- }
-
- memcpy(data, input, len);
- num = (unsigned int)len;
-}
-
-void AuthenticatedSymmetricCipherBase::SetKey(const byte *userKey, size_t keylength, const NameValuePairs ¶ms)
-{
- m_bufferedDataLength = 0;
- m_state = State_Start;
-
- SetKeyWithoutResync(userKey, keylength, params);
- m_state = State_KeySet;
-
- size_t length;
- const byte *iv = GetIVAndThrowIfInvalid(params, length);
- if (iv)
- Resynchronize(iv, (int)length);
-}
-
-void AuthenticatedSymmetricCipherBase::Resynchronize(const byte *iv, int length)
-{
- if (m_state < State_KeySet)
- throw BadState(AlgorithmName(), "Resynchronize", "key is set");
-
- m_bufferedDataLength = 0;
- m_totalHeaderLength = m_totalMessageLength = m_totalFooterLength = 0;
- m_state = State_KeySet;
-
- Resync(iv, this->ThrowIfInvalidIVLength(length));
- m_state = State_IVSet;
-}
-
-void AuthenticatedSymmetricCipherBase::Update(const byte *input, size_t length)
-{
- if (length == 0)
- return;
-
- switch (m_state)
- {
- case State_Start:
- case State_KeySet:
- throw BadState(AlgorithmName(), "Update", "setting key and IV");
- case State_IVSet:
- AuthenticateData(input, length);
- m_totalHeaderLength += length;
- break;
- case State_AuthUntransformed:
- case State_AuthTransformed:
- AuthenticateLastConfidentialBlock();
- m_bufferedDataLength = 0;
- m_state = State_AuthFooter;
- // fall through
- case State_AuthFooter:
- AuthenticateData(input, length);
- m_totalFooterLength += length;
- break;
- default:
- assert(false);
- }
-}
-
-void AuthenticatedSymmetricCipherBase::ProcessData(byte *outString, const byte *inString, size_t length)
-{
- m_totalMessageLength += length;
- if (m_state >= State_IVSet && m_totalMessageLength > MaxMessageLength())
- throw InvalidArgument(AlgorithmName() + ": message length exceeds maximum");
-
-reswitch:
- switch (m_state)
- {
- case State_Start:
- case State_KeySet:
- throw BadState(AlgorithmName(), "ProcessData", "setting key and IV");
- case State_AuthFooter:
- throw BadState(AlgorithmName(), "ProcessData was called after footer input has started");
- case State_IVSet:
- AuthenticateLastHeaderBlock();
- m_bufferedDataLength = 0;
- m_state = AuthenticationIsOnPlaintext()==IsForwardTransformation() ? State_AuthUntransformed : State_AuthTransformed;
- goto reswitch;
- case State_AuthUntransformed:
- AuthenticateData(inString, length);
- AccessSymmetricCipher().ProcessData(outString, inString, length);
- break;
- case State_AuthTransformed:
- AccessSymmetricCipher().ProcessData(outString, inString, length);
- AuthenticateData(outString, length);
- break;
- default:
- assert(false);
- }
-}
-
-void AuthenticatedSymmetricCipherBase::TruncatedFinal(byte *mac, size_t macSize)
-{
- if (m_totalHeaderLength > MaxHeaderLength())
- throw InvalidArgument(AlgorithmName() + ": header length of " + IntToString(m_totalHeaderLength) + " exceeds the maximum of " + IntToString(MaxHeaderLength()));
-
- if (m_totalFooterLength > MaxFooterLength())
- {
- if (MaxFooterLength() == 0)
- throw InvalidArgument(AlgorithmName() + ": additional authenticated data (AAD) cannot be input after data to be encrypted or decrypted");
- else
- throw InvalidArgument(AlgorithmName() + ": footer length of " + IntToString(m_totalFooterLength) + " exceeds the maximum of " + IntToString(MaxFooterLength()));
- }
-
- switch (m_state)
- {
- case State_Start:
- case State_KeySet:
- throw BadState(AlgorithmName(), "TruncatedFinal", "setting key and IV");
-
- case State_IVSet:
- AuthenticateLastHeaderBlock();
- m_bufferedDataLength = 0;
- // fall through
-
- case State_AuthUntransformed:
- case State_AuthTransformed:
- AuthenticateLastConfidentialBlock();
- m_bufferedDataLength = 0;
- // fall through
-
- case State_AuthFooter:
- AuthenticateLastFooterBlock(mac, macSize);
- m_bufferedDataLength = 0;
- break;
-
- default:
- assert(false);
- }
-
- m_state = State_KeySet;
-}
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/authenc.h b/cryptopp562/authenc.h deleted file mode 100644 index f726716..0000000 --- a/cryptopp562/authenc.h +++ /dev/null @@ -1,49 +0,0 @@ -#ifndef CRYPTOPP_AUTHENC_H
-#define CRYPTOPP_AUTHENC_H
-
-#include "cryptlib.h"
-#include "secblock.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-//! .
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedSymmetricCipherBase : public AuthenticatedSymmetricCipher
-{
-public:
- AuthenticatedSymmetricCipherBase() : m_state(State_Start) {}
-
- bool IsRandomAccess() const {return false;}
- bool IsSelfInverting() const {return true;}
- void UncheckedSetKey(const byte *,unsigned int,const CryptoPP::NameValuePairs &) {assert(false);}
-
- void SetKey(const byte *userKey, size_t keylength, const NameValuePairs ¶ms);
- void Restart() {if (m_state > State_KeySet) m_state = State_KeySet;}
- void Resynchronize(const byte *iv, int length=-1);
- void Update(const byte *input, size_t length);
- void ProcessData(byte *outString, const byte *inString, size_t length);
- void TruncatedFinal(byte *mac, size_t macSize);
-
-protected:
- void AuthenticateData(const byte *data, size_t len);
- const SymmetricCipher & GetSymmetricCipher() const {return const_cast<AuthenticatedSymmetricCipherBase *>(this)->AccessSymmetricCipher();};
-
- virtual SymmetricCipher & AccessSymmetricCipher() =0;
- virtual bool AuthenticationIsOnPlaintext() const =0;
- virtual unsigned int AuthenticationBlockSize() const =0;
- virtual void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms) =0;
- virtual void Resync(const byte *iv, size_t len) =0;
- virtual size_t AuthenticateBlocks(const byte *data, size_t len) =0;
- virtual void AuthenticateLastHeaderBlock() =0;
- virtual void AuthenticateLastConfidentialBlock() {}
- virtual void AuthenticateLastFooterBlock(byte *mac, size_t macSize) =0;
-
- enum State {State_Start, State_KeySet, State_IVSet, State_AuthUntransformed, State_AuthTransformed, State_AuthFooter};
- State m_state;
- unsigned int m_bufferedDataLength;
- lword m_totalHeaderLength, m_totalMessageLength, m_totalFooterLength;
- AlignedSecByteBlock m_buffer;
-};
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/base32.cpp b/cryptopp562/base32.cpp deleted file mode 100644 index 0568f07..0000000 --- a/cryptopp562/base32.cpp +++ /dev/null @@ -1,39 +0,0 @@ -// base32.cpp - written and placed in the public domain by Frank Palazzolo, based on hex.cpp by Wei Dai - -#include "pch.h" -#include "base32.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const byte s_vecUpper[] = "ABCDEFGHIJKMNPQRSTUVWXYZ23456789"; -static const byte s_vecLower[] = "abcdefghijkmnpqrstuvwxyz23456789"; - -void Base32Encoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - bool uppercase = parameters.GetValueWithDefault(Name::Uppercase(), true); - m_filter->Initialize(CombinedNameValuePairs( - parameters, - MakeParameters(Name::EncodingLookupArray(), uppercase ? &s_vecUpper[0] : &s_vecLower[0], false)(Name::Log2Base(), 5, true))); -} - -void Base32Decoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - BaseN_Decoder::Initialize(CombinedNameValuePairs( - parameters, - MakeParameters(Name::DecodingLookupArray(), GetDefaultDecodingLookupArray(), false)(Name::Log2Base(), 5, true))); -} - -const int *Base32Decoder::GetDefaultDecodingLookupArray() -{ - static volatile bool s_initialized = false; - static int s_array[256]; - - if (!s_initialized) - { - InitializeDecodingLookupArray(s_array, s_vecUpper, 32, true); - s_initialized = true; - } - return s_array; -} - -NAMESPACE_END diff --git a/cryptopp562/base32.h b/cryptopp562/base32.h deleted file mode 100644 index cb1e1af..0000000 --- a/cryptopp562/base32.h +++ /dev/null @@ -1,38 +0,0 @@ -#ifndef CRYPTOPP_BASE32_H -#define CRYPTOPP_BASE32_H - -#include "basecode.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Converts given data to base 32, the default code is based on draft-ietf-idn-dude-02.txt -/*! To specify alternative code, call Initialize() with EncodingLookupArray parameter. */ -class Base32Encoder : public SimpleProxyFilter -{ -public: - Base32Encoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int outputGroupSize = 0, const std::string &separator = ":", const std::string &terminator = "") - : SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment) - { - IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), outputGroupSize)(Name::Separator(), ConstByteArrayParameter(separator))); - } - - void IsolatedInitialize(const NameValuePairs ¶meters); -}; - -//! Decode base 32 data back to bytes, the default code is based on draft-ietf-idn-dude-02.txt -/*! To specify alternative code, call Initialize() with DecodingLookupArray parameter. */ -class Base32Decoder : public BaseN_Decoder -{ -public: - Base32Decoder(BufferedTransformation *attachment = NULL) - : BaseN_Decoder(GetDefaultDecodingLookupArray(), 5, attachment) {} - - void IsolatedInitialize(const NameValuePairs ¶meters); - -private: - static const int * CRYPTOPP_API GetDefaultDecodingLookupArray(); -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/base64.cpp b/cryptopp562/base64.cpp deleted file mode 100644 index 7571f2b..0000000 --- a/cryptopp562/base64.cpp +++ /dev/null @@ -1,42 +0,0 @@ -// base64.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "base64.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const byte s_vec[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -static const byte s_padding = '='; - -void Base64Encoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - bool insertLineBreaks = parameters.GetValueWithDefault(Name::InsertLineBreaks(), true); - int maxLineLength = parameters.GetIntValueWithDefault(Name::MaxLineLength(), 72); - - const char *lineBreak = insertLineBreaks ? "\n" : ""; - - m_filter->Initialize(CombinedNameValuePairs( - parameters, - MakeParameters(Name::EncodingLookupArray(), &s_vec[0], false) - (Name::PaddingByte(), s_padding) - (Name::GroupSize(), insertLineBreaks ? maxLineLength : 0) - (Name::Separator(), ConstByteArrayParameter(lineBreak)) - (Name::Terminator(), ConstByteArrayParameter(lineBreak)) - (Name::Log2Base(), 6, true))); -} - -const int *Base64Decoder::GetDecodingLookupArray() -{ - static volatile bool s_initialized = false; - static int s_array[256]; - - if (!s_initialized) - { - InitializeDecodingLookupArray(s_array, s_vec, 64, false); - s_initialized = true; - } - return s_array; -} - -NAMESPACE_END diff --git a/cryptopp562/base64.h b/cryptopp562/base64.h deleted file mode 100644 index 5a9e184..0000000 --- a/cryptopp562/base64.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef CRYPTOPP_BASE64_H -#define CRYPTOPP_BASE64_H - -#include "basecode.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Base64 Encoder Class -class Base64Encoder : public SimpleProxyFilter -{ -public: - Base64Encoder(BufferedTransformation *attachment = NULL, bool insertLineBreaks = true, int maxLineLength = 72) - : SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment) - { - IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), insertLineBreaks)(Name::MaxLineLength(), maxLineLength)); - } - - void IsolatedInitialize(const NameValuePairs ¶meters); -}; - -//! Base64 Decoder Class -class Base64Decoder : public BaseN_Decoder -{ -public: - Base64Decoder(BufferedTransformation *attachment = NULL) - : BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) {} - - void IsolatedInitialize(const NameValuePairs ¶meters) {} - -private: - static const int * CRYPTOPP_API GetDecodingLookupArray(); -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/basecode.cpp b/cryptopp562/basecode.cpp deleted file mode 100644 index 0c98b22..0000000 --- a/cryptopp562/basecode.cpp +++ /dev/null @@ -1,238 +0,0 @@ -// basecode.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "basecode.h" -#include "fltrimpl.h" -#include <ctype.h> - -NAMESPACE_BEGIN(CryptoPP) - -void BaseN_Encoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - parameters.GetRequiredParameter("BaseN_Encoder", Name::EncodingLookupArray(), m_alphabet); - - parameters.GetRequiredIntParameter("BaseN_Encoder", Name::Log2Base(), m_bitsPerChar); - if (m_bitsPerChar <= 0 || m_bitsPerChar >= 8) - throw InvalidArgument("BaseN_Encoder: Log2Base must be between 1 and 7 inclusive"); - - byte padding; - bool pad; - if (parameters.GetValue(Name::PaddingByte(), padding)) - pad = parameters.GetValueWithDefault(Name::Pad(), true); - else - pad = false; - m_padding = pad ? padding : -1; - - m_bytePos = m_bitPos = 0; - - int i = 8; - while (i%m_bitsPerChar != 0) - i += 8; - m_outputBlockSize = i/m_bitsPerChar; - - m_outBuf.New(m_outputBlockSize); -} - -size_t BaseN_Encoder::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - FILTER_BEGIN; - while (m_inputPosition < length) - { - if (m_bytePos == 0) - memset(m_outBuf, 0, m_outputBlockSize); - - { - unsigned int b = begin[m_inputPosition++], bitsLeftInSource = 8; - while (true) - { - assert(m_bitPos < m_bitsPerChar); - unsigned int bitsLeftInTarget = m_bitsPerChar-m_bitPos; - m_outBuf[m_bytePos] |= b >> (8-bitsLeftInTarget); - if (bitsLeftInSource >= bitsLeftInTarget) - { - m_bitPos = 0; - ++m_bytePos; - bitsLeftInSource -= bitsLeftInTarget; - if (bitsLeftInSource == 0) - break; - b <<= bitsLeftInTarget; - b &= 0xff; - } - else - { - m_bitPos += bitsLeftInSource; - break; - } - } - } - - assert(m_bytePos <= m_outputBlockSize); - if (m_bytePos == m_outputBlockSize) - { - int i; - for (i=0; i<m_bytePos; i++) - { - assert(m_outBuf[i] < (1 << m_bitsPerChar)); - m_outBuf[i] = m_alphabet[m_outBuf[i]]; - } - FILTER_OUTPUT(1, m_outBuf, m_outputBlockSize, 0); - - m_bytePos = m_bitPos = 0; - } - } - if (messageEnd) - { - if (m_bitPos > 0) - ++m_bytePos; - - int i; - for (i=0; i<m_bytePos; i++) - m_outBuf[i] = m_alphabet[m_outBuf[i]]; - - if (m_padding != -1 && m_bytePos > 0) - { - memset(m_outBuf+m_bytePos, m_padding, m_outputBlockSize-m_bytePos); - m_bytePos = m_outputBlockSize; - } - FILTER_OUTPUT(2, m_outBuf, m_bytePos, messageEnd); - m_bytePos = m_bitPos = 0; - } - FILTER_END_NO_MESSAGE_END; -} - -void BaseN_Decoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - parameters.GetRequiredParameter("BaseN_Decoder", Name::DecodingLookupArray(), m_lookup); - - parameters.GetRequiredIntParameter("BaseN_Decoder", Name::Log2Base(), m_bitsPerChar); - if (m_bitsPerChar <= 0 || m_bitsPerChar >= 8) - throw InvalidArgument("BaseN_Decoder: Log2Base must be between 1 and 7 inclusive"); - - m_bytePos = m_bitPos = 0; - - int i = m_bitsPerChar; - while (i%8 != 0) - i += m_bitsPerChar; - m_outputBlockSize = i/8; - - m_outBuf.New(m_outputBlockSize); -} - -size_t BaseN_Decoder::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - FILTER_BEGIN; - while (m_inputPosition < length) - { - unsigned int value; - value = m_lookup[begin[m_inputPosition++]]; - if (value >= 256) - continue; - - if (m_bytePos == 0 && m_bitPos == 0) - memset(m_outBuf, 0, m_outputBlockSize); - - { - int newBitPos = m_bitPos + m_bitsPerChar; - if (newBitPos <= 8) - m_outBuf[m_bytePos] |= value << (8-newBitPos); - else - { - m_outBuf[m_bytePos] |= value >> (newBitPos-8); - m_outBuf[m_bytePos+1] |= value << (16-newBitPos); - } - - m_bitPos = newBitPos; - while (m_bitPos >= 8) - { - m_bitPos -= 8; - ++m_bytePos; - } - } - - if (m_bytePos == m_outputBlockSize) - { - FILTER_OUTPUT(1, m_outBuf, m_outputBlockSize, 0); - m_bytePos = m_bitPos = 0; - } - } - if (messageEnd) - { - FILTER_OUTPUT(2, m_outBuf, m_bytePos, messageEnd); - m_bytePos = m_bitPos = 0; - } - FILTER_END_NO_MESSAGE_END; -} - -void BaseN_Decoder::InitializeDecodingLookupArray(int *lookup, const byte *alphabet, unsigned int base, bool caseInsensitive) -{ - std::fill(lookup, lookup+256, -1); - - for (unsigned int i=0; i<base; i++) - { - if (caseInsensitive && isalpha(alphabet[i])) - { - assert(lookup[toupper(alphabet[i])] == -1); - lookup[toupper(alphabet[i])] = i; - assert(lookup[tolower(alphabet[i])] == -1); - lookup[tolower(alphabet[i])] = i; - } - else - { - assert(lookup[alphabet[i]] == -1); - lookup[alphabet[i]] = i; - } - } -} - -void Grouper::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_groupSize = parameters.GetIntValueWithDefault(Name::GroupSize(), 0); - ConstByteArrayParameter separator, terminator; - if (m_groupSize) - parameters.GetRequiredParameter("Grouper", Name::Separator(), separator); - else - parameters.GetValue(Name::Separator(), separator); - parameters.GetValue(Name::Terminator(), terminator); - - m_separator.Assign(separator.begin(), separator.size()); - m_terminator.Assign(terminator.begin(), terminator.size()); - m_counter = 0; -} - -size_t Grouper::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - FILTER_BEGIN; - if (m_groupSize) - { - while (m_inputPosition < length) - { - if (m_counter == m_groupSize) - { - FILTER_OUTPUT(1, m_separator, m_separator.size(), 0); - m_counter = 0; - } - - size_t len; - FILTER_OUTPUT2(2, len = STDMIN(length-m_inputPosition, m_groupSize-m_counter), - begin+m_inputPosition, len, 0); - m_inputPosition += len; - m_counter += len; - } - } - else - FILTER_OUTPUT(3, begin, length, 0); - - if (messageEnd) - { - FILTER_OUTPUT(4, m_terminator, m_terminator.size(), messageEnd); - m_counter = 0; - } - FILTER_END_NO_MESSAGE_END -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/basecode.h b/cryptopp562/basecode.h deleted file mode 100644 index cc44c43..0000000 --- a/cryptopp562/basecode.h +++ /dev/null @@ -1,86 +0,0 @@ -#ifndef CRYPTOPP_BASECODE_H -#define CRYPTOPP_BASECODE_H - -#include "filters.h" -#include "algparam.h" -#include "argnames.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! base n encoder, where n is a power of 2 -class CRYPTOPP_DLL BaseN_Encoder : public Unflushable<Filter> -{ -public: - BaseN_Encoder(BufferedTransformation *attachment=NULL) - {Detach(attachment);} - - BaseN_Encoder(const byte *alphabet, int log2base, BufferedTransformation *attachment=NULL, int padding=-1) - { - Detach(attachment); - IsolatedInitialize(MakeParameters(Name::EncodingLookupArray(), alphabet) - (Name::Log2Base(), log2base) - (Name::Pad(), padding != -1) - (Name::PaddingByte(), byte(padding))); - } - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - -private: - const byte *m_alphabet; - int m_padding, m_bitsPerChar, m_outputBlockSize; - int m_bytePos, m_bitPos; - SecByteBlock m_outBuf; -}; - -//! base n decoder, where n is a power of 2 -class CRYPTOPP_DLL BaseN_Decoder : public Unflushable<Filter> -{ -public: - BaseN_Decoder(BufferedTransformation *attachment=NULL) - {Detach(attachment);} - - BaseN_Decoder(const int *lookup, int log2base, BufferedTransformation *attachment=NULL) - { - Detach(attachment); - IsolatedInitialize(MakeParameters(Name::DecodingLookupArray(), lookup)(Name::Log2Base(), log2base)); - } - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - - static void CRYPTOPP_API InitializeDecodingLookupArray(int *lookup, const byte *alphabet, unsigned int base, bool caseInsensitive); - -private: - const int *m_lookup; - int m_padding, m_bitsPerChar, m_outputBlockSize; - int m_bytePos, m_bitPos; - SecByteBlock m_outBuf; -}; - -//! filter that breaks input stream into groups of fixed size -class CRYPTOPP_DLL Grouper : public Bufferless<Filter> -{ -public: - Grouper(BufferedTransformation *attachment=NULL) - {Detach(attachment);} - - Grouper(int groupSize, const std::string &separator, const std::string &terminator, BufferedTransformation *attachment=NULL) - { - Detach(attachment); - IsolatedInitialize(MakeParameters(Name::GroupSize(), groupSize) - (Name::Separator(), ConstByteArrayParameter(separator)) - (Name::Terminator(), ConstByteArrayParameter(terminator))); - } - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - -private: - SecByteBlock m_separator, m_terminator; - size_t m_groupSize, m_counter; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/bench.cpp b/cryptopp562/bench.cpp deleted file mode 100644 index 34c0d61..0000000 --- a/cryptopp562/bench.cpp +++ /dev/null @@ -1,343 +0,0 @@ -// bench.cpp - written and placed in the public domain by Wei Dai - -#define _CRT_SECURE_NO_DEPRECATE - -#include "bench.h" -#include "validate.h" -#include "aes.h" -#include "blumshub.h" -#include "files.h" -#include "hex.h" -#include "modes.h" -#include "factory.h" -#include "cpu.h" - -#include <time.h> -#include <math.h> -#include <iostream> -#include <iomanip> - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -#ifdef CLOCKS_PER_SEC -const double CLOCK_TICKS_PER_SECOND = (double)CLOCKS_PER_SEC; -#elif defined(CLK_TCK) -const double CLOCK_TICKS_PER_SECOND = (double)CLK_TCK; -#else -const double CLOCK_TICKS_PER_SECOND = 1000000.0; -#endif - -double logtotal = 0, g_allocatedTime, g_hertz; -unsigned int logcount = 0; - -static const byte *const key=(byte *)"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; - -void OutputResultBytes(const char *name, double length, double timeTaken) -{ - double mbs = length / timeTaken / (1024*1024); - cout << "\n<TR><TH>" << name; -// cout << "<TD>" << setprecision(3) << length / (1024*1024); - cout << setiosflags(ios::fixed); -// cout << "<TD>" << setprecision(3) << timeTaken; - cout << "<TD>" << setprecision(0) << setiosflags(ios::fixed) << mbs; - if (g_hertz) - cout << "<TD>" << setprecision(1) << setiosflags(ios::fixed) << timeTaken * g_hertz / length; - cout << resetiosflags(ios::fixed); - logtotal += log(mbs); - logcount++; -} - -void OutputResultKeying(double iterations, double timeTaken) -{ - cout << "<TD>" << setprecision(3) << setiosflags(ios::fixed) << (1000*1000*timeTaken/iterations); - if (g_hertz) - cout << "<TD>" << setprecision(0) << setiosflags(ios::fixed) << timeTaken * g_hertz / iterations; -} - -void OutputResultOperations(const char *name, const char *operation, bool pc, unsigned long iterations, double timeTaken) -{ - cout << "\n<TR><TH>" << name << " " << operation << (pc ? " with precomputation" : ""); -// cout << "<TD>" << iterations; -// cout << setiosflags(ios::fixed); -// cout << "<TD>" << setprecision(3) << timeTaken; - cout << "<TD>" << setprecision(2) << setiosflags(ios::fixed) << (1000*timeTaken/iterations); - if (g_hertz) - cout << "<TD>" << setprecision(2) << setiosflags(ios::fixed) << timeTaken * g_hertz / iterations / 1000000; - cout << resetiosflags(ios::fixed); - - logtotal += log(iterations/timeTaken); - logcount++; -} - -/* -void BenchMark(const char *name, BlockTransformation &cipher, double timeTotal) -{ - const int BUF_SIZE = RoundUpToMultipleOf(2048U, cipher.OptimalNumberOfParallelBlocks() * cipher.BlockSize()); - AlignedSecByteBlock buf(BUF_SIZE); - const int nBlocks = BUF_SIZE / cipher.BlockSize(); - clock_t start = clock(); - - unsigned long i=0, blocks=1; - double timeTaken; - do - { - blocks *= 2; - for (; i<blocks; i++) - cipher.ProcessAndXorMultipleBlocks(buf, NULL, buf, nBlocks); - timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND; - } - while (timeTaken < 2.0/3*timeTotal); - - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); -} -*/ - -void BenchMark(const char *name, StreamTransformation &cipher, double timeTotal) -{ - const int BUF_SIZE=RoundUpToMultipleOf(2048U, cipher.OptimalBlockSize()); - AlignedSecByteBlock buf(BUF_SIZE); - GlobalRNG().GenerateBlock(buf, BUF_SIZE); - clock_t start = clock(); - - unsigned long i=0, blocks=1; - double timeTaken; - do - { - blocks *= 2; - for (; i<blocks; i++) - cipher.ProcessString(buf, BUF_SIZE); - timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND; - } - while (timeTaken < 2.0/3*timeTotal); - - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); -} - -void BenchMark(const char *name, AuthenticatedSymmetricCipher &cipher, double timeTotal) -{ - if (cipher.NeedsPrespecifiedDataLengths()) - cipher.SpecifyDataLengths(0, cipher.MaxMessageLength(), 0); - - BenchMark(name, static_cast<StreamTransformation &>(cipher), timeTotal); -} - -void BenchMark(const char *name, HashTransformation &ht, double timeTotal) -{ - const int BUF_SIZE=2048U; - AlignedSecByteBlock buf(BUF_SIZE); - GlobalRNG().GenerateBlock(buf, BUF_SIZE); - clock_t start = clock(); - - unsigned long i=0, blocks=1; - double timeTaken; - do - { - blocks *= 2; - for (; i<blocks; i++) - ht.Update(buf, BUF_SIZE); - timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND; - } - while (timeTaken < 2.0/3*timeTotal); - - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); -} - -void BenchMark(const char *name, BufferedTransformation &bt, double timeTotal) -{ - const int BUF_SIZE=2048U; - AlignedSecByteBlock buf(BUF_SIZE); - GlobalRNG().GenerateBlock(buf, BUF_SIZE); - clock_t start = clock(); - - unsigned long i=0, blocks=1; - double timeTaken; - do - { - blocks *= 2; - for (; i<blocks; i++) - bt.Put(buf, BUF_SIZE); - timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND; - } - while (timeTaken < 2.0/3*timeTotal); - - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); -} - -void BenchMarkKeying(SimpleKeyingInterface &c, size_t keyLength, const NameValuePairs ¶ms) -{ - unsigned long iterations = 0; - clock_t start = clock(); - double timeTaken; - do - { - for (unsigned int i=0; i<1024; i++) - c.SetKey(key, keyLength, params); - timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND; - iterations += 1024; - } - while (timeTaken < g_allocatedTime); - - OutputResultKeying(iterations, timeTaken); -} - -//VC60 workaround: compiler bug triggered without the extra dummy parameters -// on VC60 also needs to be named differently from BenchMarkByName -template <class T_FactoryOutput, class T_Interface> -void BenchMarkByName2(const char *factoryName, size_t keyLength = 0, const char *displayName=NULL, const NameValuePairs ¶ms = g_nullNameValuePairs, T_FactoryOutput *x=NULL, T_Interface *y=NULL) -{ - std::string name = factoryName; - if (displayName) - name = displayName; - else if (keyLength) - name += " (" + IntToString(keyLength * 8) + "-bit key)"; - - std::auto_ptr<T_FactoryOutput> obj(ObjectFactoryRegistry<T_FactoryOutput>::Registry().CreateObject(factoryName)); - if (!keyLength) - keyLength = obj->DefaultKeyLength(); - obj->SetKey(key, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(key, obj->IVSize()), false))); - BenchMark(name.c_str(), *static_cast<T_Interface *>(obj.get()), g_allocatedTime); - BenchMarkKeying(*obj, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(key, obj->IVSize()), false))); -} - -//VC60 workaround: compiler bug triggered without the extra dummy parameters -template <class T_FactoryOutput> -void BenchMarkByName(const char *factoryName, size_t keyLength = 0, const char *displayName=NULL, const NameValuePairs ¶ms = g_nullNameValuePairs, T_FactoryOutput *x=NULL) -{ - BenchMarkByName2<T_FactoryOutput, T_FactoryOutput>(factoryName, keyLength, displayName, params, x, x); -} - -template <class T> -void BenchMarkByNameKeyLess(const char *factoryName, const char *displayName=NULL, const NameValuePairs ¶ms = g_nullNameValuePairs, T *x=NULL) -{ - std::string name = factoryName; - if (displayName) - name = displayName; - - std::auto_ptr<T> obj(ObjectFactoryRegistry<T>::Registry().CreateObject(factoryName)); - BenchMark(name.c_str(), *obj, g_allocatedTime); -} - -void BenchmarkAll(double t, double hertz) -{ -#if 1 - logtotal = 0; - logcount = 0; - g_allocatedTime = t; - g_hertz = hertz; - - const char *cpb, *cpk; - if (g_hertz) - { - cpb = "<TH>Cycles Per Byte"; - cpk = "<TH>Cycles to<br>Setup Key and IV"; - cout << "CPU frequency of the test platform is " << g_hertz << " Hz.\n"; - } - else - { - cpb = cpk = ""; - cout << "CPU frequency of the test platform was not provided.\n"; - } - - cout << "<TABLE border=1><COLGROUP><COL align=left><COL align=right><COL align=right><COL align=right><COL align=right>" << endl; - cout << "<THEAD><TR><TH>Algorithm<TH>MiB/Second" << cpb << "<TH>Microseconds to<br>Setup Key and IV" << cpk << endl; - - cout << "\n<TBODY style=\"background: yellow\">"; -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - if (HasCLMUL()) - BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM"); - else -#endif - { - BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM (2K tables)", MakeParameters(Name::TableSize(), 2048)); - BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM (64K tables)", MakeParameters(Name::TableSize(), 64*1024)); - } - BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/CCM"); - BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/EAX"); - - cout << "\n<TBODY style=\"background: white\">"; -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - if (HasCLMUL()) - BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES)"); - else -#endif - { - BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES) (2K tables)", MakeParameters(Name::TableSize(), 2048)); - BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES) (64K tables)", MakeParameters(Name::TableSize(), 64*1024)); - } - BenchMarkByName<MessageAuthenticationCode>("VMAC(AES)-64"); - BenchMarkByName<MessageAuthenticationCode>("VMAC(AES)-128"); - BenchMarkByName<MessageAuthenticationCode>("HMAC(SHA-1)"); - BenchMarkByName<MessageAuthenticationCode>("Two-Track-MAC"); - BenchMarkByName<MessageAuthenticationCode>("CMAC(AES)"); - BenchMarkByName<MessageAuthenticationCode>("DMAC(AES)"); - - cout << "\n<TBODY style=\"background: yellow\">"; - BenchMarkByNameKeyLess<HashTransformation>("CRC32"); - BenchMarkByNameKeyLess<HashTransformation>("Adler32"); - BenchMarkByNameKeyLess<HashTransformation>("MD5"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-1"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-256"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-512"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-3-224"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-3-256"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-3-384"); - BenchMarkByNameKeyLess<HashTransformation>("SHA-3-512"); - BenchMarkByNameKeyLess<HashTransformation>("Tiger"); - BenchMarkByNameKeyLess<HashTransformation>("Whirlpool"); - BenchMarkByNameKeyLess<HashTransformation>("RIPEMD-160"); - BenchMarkByNameKeyLess<HashTransformation>("RIPEMD-320"); - BenchMarkByNameKeyLess<HashTransformation>("RIPEMD-128"); - BenchMarkByNameKeyLess<HashTransformation>("RIPEMD-256"); - - cout << "\n<TBODY style=\"background: white\">"; - BenchMarkByName<SymmetricCipher>("Panama-LE"); - BenchMarkByName<SymmetricCipher>("Panama-BE"); - BenchMarkByName<SymmetricCipher>("Salsa20"); - BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20/12", MakeParameters(Name::Rounds(), 12)); - BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20/8", MakeParameters(Name::Rounds(), 8)); - BenchMarkByName<SymmetricCipher>("Sosemanuk"); - BenchMarkByName<SymmetricCipher>("MARC4"); - BenchMarkByName<SymmetricCipher>("SEAL-3.0-LE"); - BenchMarkByName<SymmetricCipher>("WAKE-OFB-LE"); - - cout << "\n<TBODY style=\"background: yellow\">"; - BenchMarkByName<SymmetricCipher>("AES/CTR", 16); - BenchMarkByName<SymmetricCipher>("AES/CTR", 24); - BenchMarkByName<SymmetricCipher>("AES/CTR", 32); - BenchMarkByName<SymmetricCipher>("AES/CBC", 16); - BenchMarkByName<SymmetricCipher>("AES/CBC", 24); - BenchMarkByName<SymmetricCipher>("AES/CBC", 32); - BenchMarkByName<SymmetricCipher>("AES/OFB", 16); - BenchMarkByName<SymmetricCipher>("AES/CFB", 16); - BenchMarkByName<SymmetricCipher>("AES/ECB", 16); - BenchMarkByName<SymmetricCipher>("Camellia/CTR", 16); - BenchMarkByName<SymmetricCipher>("Camellia/CTR", 32); - BenchMarkByName<SymmetricCipher>("Twofish/CTR"); - BenchMarkByName<SymmetricCipher>("Serpent/CTR"); - BenchMarkByName<SymmetricCipher>("CAST-256/CTR"); - BenchMarkByName<SymmetricCipher>("RC6/CTR"); - BenchMarkByName<SymmetricCipher>("MARS/CTR"); - BenchMarkByName<SymmetricCipher>("SHACAL-2/CTR", 16); - BenchMarkByName<SymmetricCipher>("SHACAL-2/CTR", 64); - BenchMarkByName<SymmetricCipher>("DES/CTR"); - BenchMarkByName<SymmetricCipher>("DES-XEX3/CTR"); - BenchMarkByName<SymmetricCipher>("DES-EDE3/CTR"); - BenchMarkByName<SymmetricCipher>("IDEA/CTR"); - BenchMarkByName<SymmetricCipher>("RC5/CTR", 0, "RC5 (r=16)"); - BenchMarkByName<SymmetricCipher>("Blowfish/CTR"); - BenchMarkByName<SymmetricCipher>("TEA/CTR"); - BenchMarkByName<SymmetricCipher>("XTEA/CTR"); - BenchMarkByName<SymmetricCipher>("CAST-128/CTR"); - BenchMarkByName<SymmetricCipher>("SKIPJACK/CTR"); - BenchMarkByName<SymmetricCipher>("SEED/CTR", 0, "SEED/CTR (1/2 K table)"); - cout << "</TABLE>" << endl; - - BenchmarkAll2(t, hertz); - - cout << "Throughput Geometric Average: " << setiosflags(ios::fixed) << exp(logtotal/logcount) << endl; - - time_t endTime = time(NULL); - cout << "\nTest ended at " << asctime(localtime(&endTime)); -#endif -} diff --git a/cryptopp562/bench.h b/cryptopp562/bench.h deleted file mode 100644 index 8bb6ab9..0000000 --- a/cryptopp562/bench.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef CRYPTOPP_BENCH_H -#define CRYPTOPP_BENCH_H - -#include "cryptlib.h" - -extern const double CLOCK_TICKS_PER_SECOND; - -void BenchmarkAll(double t, double hertz); -void BenchmarkAll2(double t, double hertz); - -#endif diff --git a/cryptopp562/bench2.cpp b/cryptopp562/bench2.cpp deleted file mode 100644 index ca08a99..0000000 --- a/cryptopp562/bench2.cpp +++ /dev/null @@ -1,317 +0,0 @@ -// bench2.cpp - written and placed in the public domain by Wei Dai - -#include "bench.h" -#include "validate.h" -#include "files.h" -#include "hex.h" - -#include "rsa.h" -#include "nr.h" -#include "dsa.h" -#include "luc.h" -#include "rw.h" -#include "eccrypto.h" -#include "ecp.h" -#include "ec2n.h" -#include "asn.h" -#include "dh.h" -#include "mqv.h" -#include "xtrcrypt.h" -#include "esign.h" -#include "pssr.h" -#include "oids.h" -#include "randpool.h" - -#include <time.h> -#include <math.h> -#include <iostream> -#include <iomanip> - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -void OutputResultOperations(const char *name, const char *operation, bool pc, unsigned long iterations, double timeTaken); - -void BenchMarkEncryption(const char *name, PK_Encryptor &key, double timeTotal, bool pc=false) -{ - unsigned int len = 16; - SecByteBlock plaintext(len), ciphertext(key.CiphertextLength(len)); - GlobalRNG().GenerateBlock(plaintext, len); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - key.Encrypt(GlobalRNG(), plaintext, len, ciphertext); - - OutputResultOperations(name, "Encryption", pc, i, timeTaken); - - if (!pc && key.GetMaterial().SupportsPrecomputation()) - { - key.AccessMaterial().Precompute(16); - BenchMarkEncryption(name, key, timeTotal, true); - } -} - -void BenchMarkDecryption(const char *name, PK_Decryptor &priv, PK_Encryptor &pub, double timeTotal) -{ - unsigned int len = 16; - SecByteBlock ciphertext(pub.CiphertextLength(len)); - SecByteBlock plaintext(pub.MaxPlaintextLength(ciphertext.size())); - GlobalRNG().GenerateBlock(plaintext, len); - pub.Encrypt(GlobalRNG(), plaintext, len, ciphertext); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - priv.Decrypt(GlobalRNG(), ciphertext, ciphertext.size(), plaintext); - - OutputResultOperations(name, "Decryption", false, i, timeTaken); -} - -void BenchMarkSigning(const char *name, PK_Signer &key, double timeTotal, bool pc=false) -{ - unsigned int len = 16; - AlignedSecByteBlock message(len), signature(key.SignatureLength()); - GlobalRNG().GenerateBlock(message, len); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - key.SignMessage(GlobalRNG(), message, len, signature); - - OutputResultOperations(name, "Signature", pc, i, timeTaken); - - if (!pc && key.GetMaterial().SupportsPrecomputation()) - { - key.AccessMaterial().Precompute(16); - BenchMarkSigning(name, key, timeTotal, true); - } -} - -void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false) -{ - unsigned int len = 16; - AlignedSecByteBlock message(len), signature(pub.SignatureLength()); - GlobalRNG().GenerateBlock(message, len); - priv.SignMessage(GlobalRNG(), message, len, signature); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - pub.VerifyMessage(message, len, signature, signature.size()); - - OutputResultOperations(name, "Verification", pc, i, timeTaken); - - if (!pc && pub.GetMaterial().SupportsPrecomputation()) - { - pub.AccessMaterial().Precompute(16); - BenchMarkVerification(name, priv, pub, timeTotal, true); - } -} - -void BenchMarkKeyGen(const char *name, SimpleKeyAgreementDomain &d, double timeTotal, bool pc=false) -{ - SecByteBlock priv(d.PrivateKeyLength()), pub(d.PublicKeyLength()); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - d.GenerateKeyPair(GlobalRNG(), priv, pub); - - OutputResultOperations(name, "Key-Pair Generation", pc, i, timeTaken); - - if (!pc && d.GetMaterial().SupportsPrecomputation()) - { - d.AccessMaterial().Precompute(16); - BenchMarkKeyGen(name, d, timeTotal, true); - } -} - -void BenchMarkKeyGen(const char *name, AuthenticatedKeyAgreementDomain &d, double timeTotal, bool pc=false) -{ - SecByteBlock priv(d.EphemeralPrivateKeyLength()), pub(d.EphemeralPublicKeyLength()); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - d.GenerateEphemeralKeyPair(GlobalRNG(), priv, pub); - - OutputResultOperations(name, "Key-Pair Generation", pc, i, timeTaken); - - if (!pc && d.GetMaterial().SupportsPrecomputation()) - { - d.AccessMaterial().Precompute(16); - BenchMarkKeyGen(name, d, timeTotal, true); - } -} - -void BenchMarkAgreement(const char *name, SimpleKeyAgreementDomain &d, double timeTotal, bool pc=false) -{ - SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength()); - SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength()); - d.GenerateKeyPair(GlobalRNG(), priv1, pub1); - d.GenerateKeyPair(GlobalRNG(), priv2, pub2); - SecByteBlock val(d.AgreedValueLength()); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i+=2) - { - d.Agree(val, priv1, pub2); - d.Agree(val, priv2, pub1); - } - - OutputResultOperations(name, "Key Agreement", pc, i, timeTaken); -} - -void BenchMarkAgreement(const char *name, AuthenticatedKeyAgreementDomain &d, double timeTotal, bool pc=false) -{ - SecByteBlock spriv1(d.StaticPrivateKeyLength()), spriv2(d.StaticPrivateKeyLength()); - SecByteBlock epriv1(d.EphemeralPrivateKeyLength()), epriv2(d.EphemeralPrivateKeyLength()); - SecByteBlock spub1(d.StaticPublicKeyLength()), spub2(d.StaticPublicKeyLength()); - SecByteBlock epub1(d.EphemeralPublicKeyLength()), epub2(d.EphemeralPublicKeyLength()); - d.GenerateStaticKeyPair(GlobalRNG(), spriv1, spub1); - d.GenerateStaticKeyPair(GlobalRNG(), spriv2, spub2); - d.GenerateEphemeralKeyPair(GlobalRNG(), epriv1, epub1); - d.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2); - SecByteBlock val(d.AgreedValueLength()); - - clock_t start = clock(); - unsigned int i; - double timeTaken; - for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i+=2) - { - d.Agree(val, spriv1, epriv1, spub2, epub2); - d.Agree(val, spriv2, epriv2, spub1, epub1); - } - - OutputResultOperations(name, "Key Agreement", pc, i, timeTaken); -} - -//VC60 workaround: compiler bug triggered without the extra dummy parameters -template <class SCHEME> -void BenchMarkCrypto(const char *filename, const char *name, double timeTotal, SCHEME *x=NULL) -{ - FileSource f(filename, true, new HexDecoder()); - typename SCHEME::Decryptor priv(f); - typename SCHEME::Encryptor pub(priv); - BenchMarkEncryption(name, pub, timeTotal); - BenchMarkDecryption(name, priv, pub, timeTotal); -} - -//VC60 workaround: compiler bug triggered without the extra dummy parameters -template <class SCHEME> -void BenchMarkSignature(const char *filename, const char *name, double timeTotal, SCHEME *x=NULL) -{ - FileSource f(filename, true, new HexDecoder()); - typename SCHEME::Signer priv(f); - typename SCHEME::Verifier pub(priv); - BenchMarkSigning(name, priv, timeTotal); - BenchMarkVerification(name, priv, pub, timeTotal); -} - -//VC60 workaround: compiler bug triggered without the extra dummy parameters -template <class D> -void BenchMarkKeyAgreement(const char *filename, const char *name, double timeTotal, D *x=NULL) -{ - FileSource f(filename, true, new HexDecoder()); - D d(f); - BenchMarkKeyGen(name, d, timeTotal); - BenchMarkAgreement(name, d, timeTotal); -} - -extern double g_hertz; - -void BenchmarkAll2(double t, double hertz) -{ - g_hertz = hertz; - - cout << "<TABLE border=1><COLGROUP><COL align=left><COL align=right><COL align=right>" << endl; - cout << "<THEAD><TR><TH>Operation<TH>Milliseconds/Operation" << (g_hertz ? "<TH>Megacycles/Operation" : "") << endl; - - cout << "\n<TBODY style=\"background: yellow\">"; - BenchMarkCrypto<RSAES<OAEP<SHA> > >("TestData/rsa1024.dat", "RSA 1024", t); - BenchMarkCrypto<LUCES<OAEP<SHA> > >("TestData/luc1024.dat", "LUC 1024", t); - BenchMarkCrypto<DLIES<> >("TestData/dlie1024.dat", "DLIES 1024", t); - BenchMarkCrypto<LUC_IES<> >("TestData/lucc512.dat", "LUCELG 512", t); - - cout << "\n<TBODY style=\"background: white\">"; - BenchMarkCrypto<RSAES<OAEP<SHA> > >("TestData/rsa2048.dat", "RSA 2048", t); - BenchMarkCrypto<LUCES<OAEP<SHA> > >("TestData/luc2048.dat", "LUC 2048", t); - BenchMarkCrypto<DLIES<> >("TestData/dlie2048.dat", "DLIES 2048", t); - BenchMarkCrypto<LUC_IES<> >("TestData/lucc1024.dat", "LUCELG 1024", t); - - cout << "\n<TBODY style=\"background: yellow\">"; - BenchMarkSignature<RSASS<PSSR, SHA> >("TestData/rsa1024.dat", "RSA 1024", t); - BenchMarkSignature<RWSS<PSSR, SHA> >("TestData/rw1024.dat", "RW 1024", t); - BenchMarkSignature<LUCSS<PSSR, SHA> >("TestData/luc1024.dat", "LUC 1024", t); - BenchMarkSignature<NR<SHA> >("TestData/nr1024.dat", "NR 1024", t); - BenchMarkSignature<DSA>("TestData/dsa1024.dat", "DSA 1024", t); - BenchMarkSignature<LUC_HMP<SHA> >("TestData/lucs512.dat", "LUC-HMP 512", t); - BenchMarkSignature<ESIGN<SHA> >("TestData/esig1023.dat", "ESIGN 1023", t); - BenchMarkSignature<ESIGN<SHA> >("TestData/esig1536.dat", "ESIGN 1536", t); - - cout << "\n<TBODY style=\"background: white\">"; - BenchMarkSignature<RSASS<PSSR, SHA> >("TestData/rsa2048.dat", "RSA 2048", t); - BenchMarkSignature<RWSS<PSSR, SHA> >("TestData/rw2048.dat", "RW 2048", t); - BenchMarkSignature<LUCSS<PSSR, SHA> >("TestData/luc2048.dat", "LUC 2048", t); - BenchMarkSignature<NR<SHA> >("TestData/nr2048.dat", "NR 2048", t); - BenchMarkSignature<LUC_HMP<SHA> >("TestData/lucs1024.dat", "LUC-HMP 1024", t); - BenchMarkSignature<ESIGN<SHA> >("TestData/esig2046.dat", "ESIGN 2046", t); - - cout << "\n<TBODY style=\"background: yellow\">"; - BenchMarkKeyAgreement<XTR_DH>("TestData/xtrdh171.dat", "XTR-DH 171", t); - BenchMarkKeyAgreement<XTR_DH>("TestData/xtrdh342.dat", "XTR-DH 342", t); - BenchMarkKeyAgreement<DH>("TestData/dh1024.dat", "DH 1024", t); - BenchMarkKeyAgreement<DH>("TestData/dh2048.dat", "DH 2048", t); - BenchMarkKeyAgreement<LUC_DH>("TestData/lucd512.dat", "LUCDIF 512", t); - BenchMarkKeyAgreement<LUC_DH>("TestData/lucd1024.dat", "LUCDIF 1024", t); - BenchMarkKeyAgreement<MQV>("TestData/mqv1024.dat", "MQV 1024", t); - BenchMarkKeyAgreement<MQV>("TestData/mqv2048.dat", "MQV 2048", t); - - cout << "\n<TBODY style=\"background: white\">"; - { - ECIES<ECP>::Decryptor cpriv(GlobalRNG(), ASN1::secp256k1()); - ECIES<ECP>::Encryptor cpub(cpriv); - ECDSA<ECP, SHA>::Signer spriv(cpriv); - ECDSA<ECP, SHA>::Verifier spub(spriv); - ECDH<ECP>::Domain ecdhc(ASN1::secp256k1()); - ECMQV<ECP>::Domain ecmqvc(ASN1::secp256k1()); - - BenchMarkEncryption("ECIES over GF(p) 256", cpub, t); - BenchMarkDecryption("ECIES over GF(p) 256", cpriv, cpub, t); - BenchMarkSigning("ECDSA over GF(p) 256", spriv, t); - BenchMarkVerification("ECDSA over GF(p) 256", spriv, spub, t); - BenchMarkKeyGen("ECDHC over GF(p) 256", ecdhc, t); - BenchMarkAgreement("ECDHC over GF(p) 256", ecdhc, t); - BenchMarkKeyGen("ECMQVC over GF(p) 256", ecmqvc, t); - BenchMarkAgreement("ECMQVC over GF(p) 256", ecmqvc, t); - } - - cout << "<TBODY style=\"background: yellow\">" << endl; - { - ECIES<EC2N>::Decryptor cpriv(GlobalRNG(), ASN1::sect233r1()); - ECIES<EC2N>::Encryptor cpub(cpriv); - ECDSA<EC2N, SHA>::Signer spriv(cpriv); - ECDSA<EC2N, SHA>::Verifier spub(spriv); - ECDH<EC2N>::Domain ecdhc(ASN1::sect233r1()); - ECMQV<EC2N>::Domain ecmqvc(ASN1::sect233r1()); - - BenchMarkEncryption("ECIES over GF(2^n) 233", cpub, t); - BenchMarkDecryption("ECIES over GF(2^n) 233", cpriv, cpub, t); - BenchMarkSigning("ECDSA over GF(2^n) 233", spriv, t); - BenchMarkVerification("ECDSA over GF(2^n) 233", spriv, spub, t); - BenchMarkKeyGen("ECDHC over GF(2^n) 233", ecdhc, t); - BenchMarkAgreement("ECDHC over GF(2^n) 233", ecdhc, t); - BenchMarkKeyGen("ECMQVC over GF(2^n) 233", ecmqvc, t); - BenchMarkAgreement("ECMQVC over GF(2^n) 233", ecmqvc, t); - } - cout << "</TABLE>" << endl; -} diff --git a/cryptopp562/bfinit.cpp b/cryptopp562/bfinit.cpp deleted file mode 100644 index 714570a..0000000 --- a/cryptopp562/bfinit.cpp +++ /dev/null @@ -1,277 +0,0 @@ -#include "pch.h" -#include "blowfish.h" - -NAMESPACE_BEGIN(CryptoPP) - -const word32 Blowfish::Base::p_init[Blowfish::ROUNDS+2] = -{ - 608135816U, 2242054355U, 320440878U, 57701188U, - 2752067618U, 698298832U, 137296536U, 3964562569U, - 1160258022U, 953160567U, 3193202383U, 887688300U, - 3232508343U, 3380367581U, 1065670069U, 3041331479U, - 2450970073U, 2306472731U -} ; - -const word32 Blowfish::Base::s_init[4*256] = { - 3509652390U, 2564797868U, 805139163U, 3491422135U, - 3101798381U, 1780907670U, 3128725573U, 4046225305U, - 614570311U, 3012652279U, 134345442U, 2240740374U, - 1667834072U, 1901547113U, 2757295779U, 4103290238U, - 227898511U, 1921955416U, 1904987480U, 2182433518U, - 2069144605U, 3260701109U, 2620446009U, 720527379U, - 3318853667U, 677414384U, 3393288472U, 3101374703U, - 2390351024U, 1614419982U, 1822297739U, 2954791486U, - 3608508353U, 3174124327U, 2024746970U, 1432378464U, - 3864339955U, 2857741204U, 1464375394U, 1676153920U, - 1439316330U, 715854006U, 3033291828U, 289532110U, - 2706671279U, 2087905683U, 3018724369U, 1668267050U, - 732546397U, 1947742710U, 3462151702U, 2609353502U, - 2950085171U, 1814351708U, 2050118529U, 680887927U, - 999245976U, 1800124847U, 3300911131U, 1713906067U, - 1641548236U, 4213287313U, 1216130144U, 1575780402U, - 4018429277U, 3917837745U, 3693486850U, 3949271944U, - 596196993U, 3549867205U, 258830323U, 2213823033U, - 772490370U, 2760122372U, 1774776394U, 2652871518U, - 566650946U, 4142492826U, 1728879713U, 2882767088U, - 1783734482U, 3629395816U, 2517608232U, 2874225571U, - 1861159788U, 326777828U, 3124490320U, 2130389656U, - 2716951837U, 967770486U, 1724537150U, 2185432712U, - 2364442137U, 1164943284U, 2105845187U, 998989502U, - 3765401048U, 2244026483U, 1075463327U, 1455516326U, - 1322494562U, 910128902U, 469688178U, 1117454909U, - 936433444U, 3490320968U, 3675253459U, 1240580251U, - 122909385U, 2157517691U, 634681816U, 4142456567U, - 3825094682U, 3061402683U, 2540495037U, 79693498U, - 3249098678U, 1084186820U, 1583128258U, 426386531U, - 1761308591U, 1047286709U, 322548459U, 995290223U, - 1845252383U, 2603652396U, 3431023940U, 2942221577U, - 3202600964U, 3727903485U, 1712269319U, 422464435U, - 3234572375U, 1170764815U, 3523960633U, 3117677531U, - 1434042557U, 442511882U, 3600875718U, 1076654713U, - 1738483198U, 4213154764U, 2393238008U, 3677496056U, - 1014306527U, 4251020053U, 793779912U, 2902807211U, - 842905082U, 4246964064U, 1395751752U, 1040244610U, - 2656851899U, 3396308128U, 445077038U, 3742853595U, - 3577915638U, 679411651U, 2892444358U, 2354009459U, - 1767581616U, 3150600392U, 3791627101U, 3102740896U, - 284835224U, 4246832056U, 1258075500U, 768725851U, - 2589189241U, 3069724005U, 3532540348U, 1274779536U, - 3789419226U, 2764799539U, 1660621633U, 3471099624U, - 4011903706U, 913787905U, 3497959166U, 737222580U, - 2514213453U, 2928710040U, 3937242737U, 1804850592U, - 3499020752U, 2949064160U, 2386320175U, 2390070455U, - 2415321851U, 4061277028U, 2290661394U, 2416832540U, - 1336762016U, 1754252060U, 3520065937U, 3014181293U, - 791618072U, 3188594551U, 3933548030U, 2332172193U, - 3852520463U, 3043980520U, 413987798U, 3465142937U, - 3030929376U, 4245938359U, 2093235073U, 3534596313U, - 375366246U, 2157278981U, 2479649556U, 555357303U, - 3870105701U, 2008414854U, 3344188149U, 4221384143U, - 3956125452U, 2067696032U, 3594591187U, 2921233993U, - 2428461U, 544322398U, 577241275U, 1471733935U, - 610547355U, 4027169054U, 1432588573U, 1507829418U, - 2025931657U, 3646575487U, 545086370U, 48609733U, - 2200306550U, 1653985193U, 298326376U, 1316178497U, - 3007786442U, 2064951626U, 458293330U, 2589141269U, - 3591329599U, 3164325604U, 727753846U, 2179363840U, - 146436021U, 1461446943U, 4069977195U, 705550613U, - 3059967265U, 3887724982U, 4281599278U, 3313849956U, - 1404054877U, 2845806497U, 146425753U, 1854211946U, - - 1266315497U, 3048417604U, 3681880366U, 3289982499U, - 2909710000U, 1235738493U, 2632868024U, 2414719590U, - 3970600049U, 1771706367U, 1449415276U, 3266420449U, - 422970021U, 1963543593U, 2690192192U, 3826793022U, - 1062508698U, 1531092325U, 1804592342U, 2583117782U, - 2714934279U, 4024971509U, 1294809318U, 4028980673U, - 1289560198U, 2221992742U, 1669523910U, 35572830U, - 157838143U, 1052438473U, 1016535060U, 1802137761U, - 1753167236U, 1386275462U, 3080475397U, 2857371447U, - 1040679964U, 2145300060U, 2390574316U, 1461121720U, - 2956646967U, 4031777805U, 4028374788U, 33600511U, - 2920084762U, 1018524850U, 629373528U, 3691585981U, - 3515945977U, 2091462646U, 2486323059U, 586499841U, - 988145025U, 935516892U, 3367335476U, 2599673255U, - 2839830854U, 265290510U, 3972581182U, 2759138881U, - 3795373465U, 1005194799U, 847297441U, 406762289U, - 1314163512U, 1332590856U, 1866599683U, 4127851711U, - 750260880U, 613907577U, 1450815602U, 3165620655U, - 3734664991U, 3650291728U, 3012275730U, 3704569646U, - 1427272223U, 778793252U, 1343938022U, 2676280711U, - 2052605720U, 1946737175U, 3164576444U, 3914038668U, - 3967478842U, 3682934266U, 1661551462U, 3294938066U, - 4011595847U, 840292616U, 3712170807U, 616741398U, - 312560963U, 711312465U, 1351876610U, 322626781U, - 1910503582U, 271666773U, 2175563734U, 1594956187U, - 70604529U, 3617834859U, 1007753275U, 1495573769U, - 4069517037U, 2549218298U, 2663038764U, 504708206U, - 2263041392U, 3941167025U, 2249088522U, 1514023603U, - 1998579484U, 1312622330U, 694541497U, 2582060303U, - 2151582166U, 1382467621U, 776784248U, 2618340202U, - 3323268794U, 2497899128U, 2784771155U, 503983604U, - 4076293799U, 907881277U, 423175695U, 432175456U, - 1378068232U, 4145222326U, 3954048622U, 3938656102U, - 3820766613U, 2793130115U, 2977904593U, 26017576U, - 3274890735U, 3194772133U, 1700274565U, 1756076034U, - 4006520079U, 3677328699U, 720338349U, 1533947780U, - 354530856U, 688349552U, 3973924725U, 1637815568U, - 332179504U, 3949051286U, 53804574U, 2852348879U, - 3044236432U, 1282449977U, 3583942155U, 3416972820U, - 4006381244U, 1617046695U, 2628476075U, 3002303598U, - 1686838959U, 431878346U, 2686675385U, 1700445008U, - 1080580658U, 1009431731U, 832498133U, 3223435511U, - 2605976345U, 2271191193U, 2516031870U, 1648197032U, - 4164389018U, 2548247927U, 300782431U, 375919233U, - 238389289U, 3353747414U, 2531188641U, 2019080857U, - 1475708069U, 455242339U, 2609103871U, 448939670U, - 3451063019U, 1395535956U, 2413381860U, 1841049896U, - 1491858159U, 885456874U, 4264095073U, 4001119347U, - 1565136089U, 3898914787U, 1108368660U, 540939232U, - 1173283510U, 2745871338U, 3681308437U, 4207628240U, - 3343053890U, 4016749493U, 1699691293U, 1103962373U, - 3625875870U, 2256883143U, 3830138730U, 1031889488U, - 3479347698U, 1535977030U, 4236805024U, 3251091107U, - 2132092099U, 1774941330U, 1199868427U, 1452454533U, - 157007616U, 2904115357U, 342012276U, 595725824U, - 1480756522U, 206960106U, 497939518U, 591360097U, - 863170706U, 2375253569U, 3596610801U, 1814182875U, - 2094937945U, 3421402208U, 1082520231U, 3463918190U, - 2785509508U, 435703966U, 3908032597U, 1641649973U, - 2842273706U, 3305899714U, 1510255612U, 2148256476U, - 2655287854U, 3276092548U, 4258621189U, 236887753U, - 3681803219U, 274041037U, 1734335097U, 3815195456U, - 3317970021U, 1899903192U, 1026095262U, 4050517792U, - 356393447U, 2410691914U, 3873677099U, 3682840055U, - - 3913112168U, 2491498743U, 4132185628U, 2489919796U, - 1091903735U, 1979897079U, 3170134830U, 3567386728U, - 3557303409U, 857797738U, 1136121015U, 1342202287U, - 507115054U, 2535736646U, 337727348U, 3213592640U, - 1301675037U, 2528481711U, 1895095763U, 1721773893U, - 3216771564U, 62756741U, 2142006736U, 835421444U, - 2531993523U, 1442658625U, 3659876326U, 2882144922U, - 676362277U, 1392781812U, 170690266U, 3921047035U, - 1759253602U, 3611846912U, 1745797284U, 664899054U, - 1329594018U, 3901205900U, 3045908486U, 2062866102U, - 2865634940U, 3543621612U, 3464012697U, 1080764994U, - 553557557U, 3656615353U, 3996768171U, 991055499U, - 499776247U, 1265440854U, 648242737U, 3940784050U, - 980351604U, 3713745714U, 1749149687U, 3396870395U, - 4211799374U, 3640570775U, 1161844396U, 3125318951U, - 1431517754U, 545492359U, 4268468663U, 3499529547U, - 1437099964U, 2702547544U, 3433638243U, 2581715763U, - 2787789398U, 1060185593U, 1593081372U, 2418618748U, - 4260947970U, 69676912U, 2159744348U, 86519011U, - 2512459080U, 3838209314U, 1220612927U, 3339683548U, - 133810670U, 1090789135U, 1078426020U, 1569222167U, - 845107691U, 3583754449U, 4072456591U, 1091646820U, - 628848692U, 1613405280U, 3757631651U, 526609435U, - 236106946U, 48312990U, 2942717905U, 3402727701U, - 1797494240U, 859738849U, 992217954U, 4005476642U, - 2243076622U, 3870952857U, 3732016268U, 765654824U, - 3490871365U, 2511836413U, 1685915746U, 3888969200U, - 1414112111U, 2273134842U, 3281911079U, 4080962846U, - 172450625U, 2569994100U, 980381355U, 4109958455U, - 2819808352U, 2716589560U, 2568741196U, 3681446669U, - 3329971472U, 1835478071U, 660984891U, 3704678404U, - 4045999559U, 3422617507U, 3040415634U, 1762651403U, - 1719377915U, 3470491036U, 2693910283U, 3642056355U, - 3138596744U, 1364962596U, 2073328063U, 1983633131U, - 926494387U, 3423689081U, 2150032023U, 4096667949U, - 1749200295U, 3328846651U, 309677260U, 2016342300U, - 1779581495U, 3079819751U, 111262694U, 1274766160U, - 443224088U, 298511866U, 1025883608U, 3806446537U, - 1145181785U, 168956806U, 3641502830U, 3584813610U, - 1689216846U, 3666258015U, 3200248200U, 1692713982U, - 2646376535U, 4042768518U, 1618508792U, 1610833997U, - 3523052358U, 4130873264U, 2001055236U, 3610705100U, - 2202168115U, 4028541809U, 2961195399U, 1006657119U, - 2006996926U, 3186142756U, 1430667929U, 3210227297U, - 1314452623U, 4074634658U, 4101304120U, 2273951170U, - 1399257539U, 3367210612U, 3027628629U, 1190975929U, - 2062231137U, 2333990788U, 2221543033U, 2438960610U, - 1181637006U, 548689776U, 2362791313U, 3372408396U, - 3104550113U, 3145860560U, 296247880U, 1970579870U, - 3078560182U, 3769228297U, 1714227617U, 3291629107U, - 3898220290U, 166772364U, 1251581989U, 493813264U, - 448347421U, 195405023U, 2709975567U, 677966185U, - 3703036547U, 1463355134U, 2715995803U, 1338867538U, - 1343315457U, 2802222074U, 2684532164U, 233230375U, - 2599980071U, 2000651841U, 3277868038U, 1638401717U, - 4028070440U, 3237316320U, 6314154U, 819756386U, - 300326615U, 590932579U, 1405279636U, 3267499572U, - 3150704214U, 2428286686U, 3959192993U, 3461946742U, - 1862657033U, 1266418056U, 963775037U, 2089974820U, - 2263052895U, 1917689273U, 448879540U, 3550394620U, - 3981727096U, 150775221U, 3627908307U, 1303187396U, - 508620638U, 2975983352U, 2726630617U, 1817252668U, - 1876281319U, 1457606340U, 908771278U, 3720792119U, - 3617206836U, 2455994898U, 1729034894U, 1080033504U, - - 976866871U, 3556439503U, 2881648439U, 1522871579U, - 1555064734U, 1336096578U, 3548522304U, 2579274686U, - 3574697629U, 3205460757U, 3593280638U, 3338716283U, - 3079412587U, 564236357U, 2993598910U, 1781952180U, - 1464380207U, 3163844217U, 3332601554U, 1699332808U, - 1393555694U, 1183702653U, 3581086237U, 1288719814U, - 691649499U, 2847557200U, 2895455976U, 3193889540U, - 2717570544U, 1781354906U, 1676643554U, 2592534050U, - 3230253752U, 1126444790U, 2770207658U, 2633158820U, - 2210423226U, 2615765581U, 2414155088U, 3127139286U, - 673620729U, 2805611233U, 1269405062U, 4015350505U, - 3341807571U, 4149409754U, 1057255273U, 2012875353U, - 2162469141U, 2276492801U, 2601117357U, 993977747U, - 3918593370U, 2654263191U, 753973209U, 36408145U, - 2530585658U, 25011837U, 3520020182U, 2088578344U, - 530523599U, 2918365339U, 1524020338U, 1518925132U, - 3760827505U, 3759777254U, 1202760957U, 3985898139U, - 3906192525U, 674977740U, 4174734889U, 2031300136U, - 2019492241U, 3983892565U, 4153806404U, 3822280332U, - 352677332U, 2297720250U, 60907813U, 90501309U, - 3286998549U, 1016092578U, 2535922412U, 2839152426U, - 457141659U, 509813237U, 4120667899U, 652014361U, - 1966332200U, 2975202805U, 55981186U, 2327461051U, - 676427537U, 3255491064U, 2882294119U, 3433927263U, - 1307055953U, 942726286U, 933058658U, 2468411793U, - 3933900994U, 4215176142U, 1361170020U, 2001714738U, - 2830558078U, 3274259782U, 1222529897U, 1679025792U, - 2729314320U, 3714953764U, 1770335741U, 151462246U, - 3013232138U, 1682292957U, 1483529935U, 471910574U, - 1539241949U, 458788160U, 3436315007U, 1807016891U, - 3718408830U, 978976581U, 1043663428U, 3165965781U, - 1927990952U, 4200891579U, 2372276910U, 3208408903U, - 3533431907U, 1412390302U, 2931980059U, 4132332400U, - 1947078029U, 3881505623U, 4168226417U, 2941484381U, - 1077988104U, 1320477388U, 886195818U, 18198404U, - 3786409000U, 2509781533U, 112762804U, 3463356488U, - 1866414978U, 891333506U, 18488651U, 661792760U, - 1628790961U, 3885187036U, 3141171499U, 876946877U, - 2693282273U, 1372485963U, 791857591U, 2686433993U, - 3759982718U, 3167212022U, 3472953795U, 2716379847U, - 445679433U, 3561995674U, 3504004811U, 3574258232U, - 54117162U, 3331405415U, 2381918588U, 3769707343U, - 4154350007U, 1140177722U, 4074052095U, 668550556U, - 3214352940U, 367459370U, 261225585U, 2610173221U, - 4209349473U, 3468074219U, 3265815641U, 314222801U, - 3066103646U, 3808782860U, 282218597U, 3406013506U, - 3773591054U, 379116347U, 1285071038U, 846784868U, - 2669647154U, 3771962079U, 3550491691U, 2305946142U, - 453669953U, 1268987020U, 3317592352U, 3279303384U, - 3744833421U, 2610507566U, 3859509063U, 266596637U, - 3847019092U, 517658769U, 3462560207U, 3443424879U, - 370717030U, 4247526661U, 2224018117U, 4143653529U, - 4112773975U, 2788324899U, 2477274417U, 1456262402U, - 2901442914U, 1517677493U, 1846949527U, 2295493580U, - 3734397586U, 2176403920U, 1280348187U, 1908823572U, - 3871786941U, 846861322U, 1172426758U, 3287448474U, - 3383383037U, 1655181056U, 3139813346U, 901632758U, - 1897031941U, 2986607138U, 3066810236U, 3447102507U, - 1393639104U, 373351379U, 950779232U, 625454576U, - 3124240540U, 4148612726U, 2007998917U, 544563296U, - 2244738638U, 2330496472U, 2058025392U, 1291430526U, - 424198748U, 50039436U, 29584100U, 3605783033U, - 2429876329U, 2791104160U, 1057563949U, 3255363231U, - 3075367218U, 3463963227U, 1469046755U, 985887462U -}; - -NAMESPACE_END diff --git a/cryptopp562/blowfish.cpp b/cryptopp562/blowfish.cpp deleted file mode 100644 index aaa637c..0000000 --- a/cryptopp562/blowfish.cpp +++ /dev/null @@ -1,99 +0,0 @@ -// blowfish.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "blowfish.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Blowfish::Base::UncheckedSetKey(const byte *key_string, unsigned int keylength, const NameValuePairs &) -{ - AssertValidKeyLength(keylength); - - unsigned i, j=0, k; - word32 data, dspace[2] = {0, 0}; - - memcpy(pbox, p_init, sizeof(p_init)); - memcpy(sbox, s_init, sizeof(s_init)); - - // Xor key string into encryption key vector - for (i=0 ; i<ROUNDS+2 ; ++i) - { - data = 0 ; - for (k=0 ; k<4 ; ++k ) - data = (data << 8) | key_string[j++ % keylength]; - pbox[i] ^= data; - } - - crypt_block(dspace, pbox); - - for (i=0; i<ROUNDS; i+=2) - crypt_block(pbox+i, pbox+i+2); - - crypt_block(pbox+ROUNDS, sbox); - - for (i=0; i<4*256-2; i+=2) - crypt_block(sbox+i, sbox+i+2); - - if (!IsForwardTransformation()) - for (i=0; i<(ROUNDS+2)/2; i++) - std::swap(pbox[i], pbox[ROUNDS+1-i]); -} - -// this version is only used to make pbox and sbox -void Blowfish::Base::crypt_block(const word32 in[2], word32 out[2]) const -{ - word32 left = in[0]; - word32 right = in[1]; - - const word32 *const s=sbox; - const word32 *p=pbox; - - left ^= p[0]; - - for (unsigned i=0; i<ROUNDS/2; i++) - { - right ^= (((s[GETBYTE(left,3)] + s[256+GETBYTE(left,2)]) - ^ s[2*256+GETBYTE(left,1)]) + s[3*256+GETBYTE(left,0)]) - ^ p[2*i+1]; - - left ^= (((s[GETBYTE(right,3)] + s[256+GETBYTE(right,2)]) - ^ s[2*256+GETBYTE(right,1)]) + s[3*256+GETBYTE(right,0)]) - ^ p[2*i+2]; - } - - right ^= p[ROUNDS+1]; - - out[0] = right; - out[1] = left; -} - -void Blowfish::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - typedef BlockGetAndPut<word32, BigEndian> Block; - - word32 left, right; - Block::Get(inBlock)(left)(right); - - const word32 *const s=sbox; - const word32 *p=pbox; - - left ^= p[0]; - - for (unsigned i=0; i<ROUNDS/2; i++) - { - right ^= (((s[GETBYTE(left,3)] + s[256+GETBYTE(left,2)]) - ^ s[2*256+GETBYTE(left,1)]) + s[3*256+GETBYTE(left,0)]) - ^ p[2*i+1]; - - left ^= (((s[GETBYTE(right,3)] + s[256+GETBYTE(right,2)]) - ^ s[2*256+GETBYTE(right,1)]) + s[3*256+GETBYTE(right,0)]) - ^ p[2*i+2]; - } - - right ^= p[ROUNDS+1]; - - Block::Put(xorBlock, outBlock)(right)(left); -} - -NAMESPACE_END diff --git a/cryptopp562/blowfish.h b/cryptopp562/blowfish.h deleted file mode 100644 index ebc4f94..0000000 --- a/cryptopp562/blowfish.h +++ /dev/null @@ -1,46 +0,0 @@ -#ifndef CRYPTOPP_BLOWFISH_H -#define CRYPTOPP_BLOWFISH_H - -/** \file */ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Blowfish_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 4, 56>, public FixedRounds<16> -{ - static const char *StaticAlgorithmName() {return "Blowfish";} -}; - -//! <a href="http://www.weidai.com/scan-mirror/cs.html#Blowfish">Blowfish</a> -class Blowfish : public Blowfish_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<Blowfish_Info> - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - void UncheckedSetKey(const byte *key_string, unsigned int keylength, const NameValuePairs ¶ms); - - private: - void crypt_block(const word32 in[2], word32 out[2]) const; - - static const word32 p_init[ROUNDS+2]; - static const word32 s_init[4*256]; - - FixedSizeSecBlock<word32, ROUNDS+2> pbox; - FixedSizeSecBlock<word32, 4*256> sbox; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -typedef Blowfish::Encryption BlowfishEncryption; -typedef Blowfish::Decryption BlowfishDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/blumshub.cpp b/cryptopp562/blumshub.cpp deleted file mode 100644 index be9b758..0000000 --- a/cryptopp562/blumshub.cpp +++ /dev/null @@ -1,63 +0,0 @@ -// blumshub.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "blumshub.h" - -NAMESPACE_BEGIN(CryptoPP) - -PublicBlumBlumShub::PublicBlumBlumShub(const Integer &n, const Integer &seed) - : modn(n), - maxBits(BitPrecision(n.BitCount())-1) -{ - current = modn.Square(modn.Square(seed)); - bitsLeft = maxBits; -} - -unsigned int PublicBlumBlumShub::GenerateBit() -{ - if (bitsLeft==0) - { - current = modn.Square(current); - bitsLeft = maxBits; - } - - return current.GetBit(--bitsLeft); -} - -byte PublicBlumBlumShub::GenerateByte() -{ - byte b=0; - for (int i=0; i<8; i++) - b = (b << 1) | PublicBlumBlumShub::GenerateBit(); - return b; -} - -void PublicBlumBlumShub::GenerateBlock(byte *output, size_t size) -{ - while (size--) - *output++ = PublicBlumBlumShub::GenerateByte(); -} - -void PublicBlumBlumShub::ProcessData(byte *outString, const byte *inString, size_t length) -{ - while (length--) - *outString++ = *inString++ ^ PublicBlumBlumShub::GenerateByte(); -} - -BlumBlumShub::BlumBlumShub(const Integer &p, const Integer &q, const Integer &seed) - : PublicBlumBlumShub(p*q, seed), - p(p), q(q), - x0(modn.Square(seed)) -{ -} - -void BlumBlumShub::Seek(lword index) -{ - Integer i(Integer::POSITIVE, index); - i *= 8; - Integer e = a_exp_b_mod_c (2, i / maxBits + 1, (p-1)*(q-1)); - current = modn.Exponentiate(x0, e); - bitsLeft = maxBits - i % maxBits; -} - -NAMESPACE_END diff --git a/cryptopp562/blumshub.h b/cryptopp562/blumshub.h deleted file mode 100644 index 5e50747..0000000 --- a/cryptopp562/blumshub.h +++ /dev/null @@ -1,53 +0,0 @@ -#ifndef CRYPTOPP_BLUMSHUB_H -#define CRYPTOPP_BLUMSHUB_H - -#include "modarith.h" - -NAMESPACE_BEGIN(CryptoPP) - -class BlumGoldwasserPublicKey; -class BlumGoldwasserPrivateKey; - -//! BlumBlumShub without factorization of the modulus -class PublicBlumBlumShub : public RandomNumberGenerator, - public StreamTransformation -{ -public: - PublicBlumBlumShub(const Integer &n, const Integer &seed); - - unsigned int GenerateBit(); - byte GenerateByte(); - void GenerateBlock(byte *output, size_t size); - void ProcessData(byte *outString, const byte *inString, size_t length); - - bool IsSelfInverting() const {return true;} - bool IsForwardTransformation() const {return true;} - -protected: - ModularArithmetic modn; - word maxBits, bitsLeft; - Integer current; - - friend class BlumGoldwasserPublicKey; - friend class BlumGoldwasserPrivateKey; -}; - -//! BlumBlumShub with factorization of the modulus -class BlumBlumShub : public PublicBlumBlumShub -{ -public: - // Make sure p and q are both primes congruent to 3 mod 4 and at least 512 bits long, - // seed is the secret key and should be about as big as p*q - BlumBlumShub(const Integer &p, const Integer &q, const Integer &seed); - - bool IsRandomAccess() const {return true;} - void Seek(lword index); - -protected: - const Integer p, q; - const Integer x0; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/camellia.cpp b/cryptopp562/camellia.cpp deleted file mode 100644 index 80b3e28..0000000 --- a/cryptopp562/camellia.cpp +++ /dev/null @@ -1,524 +0,0 @@ -// camellia.cpp - by Kevin Springle, 2003 -// This code is hereby placed in the public domain. - -/* -Optimisations and defense against timing attacks added in Jan 2007 by Wei Dai. - -The first 2 rounds and the last round seem especially vulnerable to timing -attacks. The protection is similar to what was implemented for Rijndael. -See comments at top of rijndael.cpp for more details. -*/ - -#include "pch.h" - -#include "camellia.h" -#include "misc.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -// round implementation that uses a small table for protection against timing attacks -#define SLOW_ROUND(lh, ll, rh, rl, kh, kl) { \ - word32 zr = ll ^ kl; \ - word32 zl = lh ^ kh; \ - zr= rotlFixed(s1[GETBYTE(zr, 3)], 1) | \ - (rotrFixed(s1[GETBYTE(zr, 2)], 1) << 24) | \ - (s1[rotlFixed(CRYPTOPP_GET_BYTE_AS_BYTE(zr, 1),1)] << 16) | \ - (s1[GETBYTE(zr, 0)] << 8); \ - zl= (s1[GETBYTE(zl, 3)] << 24) | \ - (rotlFixed(s1[GETBYTE(zl, 2)], 1) << 16) | \ - (rotrFixed(s1[GETBYTE(zl, 1)], 1) << 8) | \ - s1[rotlFixed(CRYPTOPP_GET_BYTE_AS_BYTE(zl, 0), 1)]; \ - zl ^= zr; \ - zr = zl ^ rotlFixed(zr, 8); \ - zl = zr ^ rotrFixed(zl, 8); \ - rh ^= rotlFixed(zr, 16); \ - rh ^= zl; \ - rl ^= rotlFixed(zl, 8); \ - } - -// normal round - same output as above but using larger tables for faster speed -#define ROUND(lh, ll, rh, rl, kh, kl) { \ - word32 th = lh ^ kh; \ - word32 tl = ll ^ kl; \ - word32 d = SP[0][GETBYTE(tl,0)] ^ SP[1][GETBYTE(tl,3)] ^ SP[2][GETBYTE(tl,2)] ^ SP[3][GETBYTE(tl,1)]; \ - word32 u = SP[0][GETBYTE(th,3)] ^ SP[1][GETBYTE(th,2)] ^ SP[2][GETBYTE(th,1)] ^ SP[3][GETBYTE(th,0)]; \ - d ^= u; \ - rh ^= d; \ - rl ^= d; \ - rl ^= rotrFixed(u, 8);} - -#define DOUBLE_ROUND(lh, ll, rh, rl, k0, k1, k2, k3) \ - ROUND(lh, ll, rh, rl, k0, k1) \ - ROUND(rh, rl, lh, ll, k2, k3) - -#ifdef IS_LITTLE_ENDIAN -#define EFI(i) (1-(i)) -#else -#define EFI(i) (i) -#endif - -void Camellia::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &) -{ - m_rounds = (keylen >= 24) ? 4 : 3; - unsigned int kslen = (8 * m_rounds + 2); - m_key.New(kslen*2); - word32 *ks32 = m_key.data(); - int m=0, a=0; - if (!IsForwardTransformation()) - m = -1, a = kslen-1; - - word32 kl0, kl1, kl2, kl3; - GetBlock<word32, BigEndian> getBlock(key); - getBlock(kl0)(kl1)(kl2)(kl3); - word32 k0=kl0, k1=kl1, k2=kl2, k3=kl3; - -#define CALC_ADDR2(base, i, j) ((byte *)(base)+8*(i)+4*(j)+((-16*(i))&m)) -#define CALC_ADDR(base, i) CALC_ADDR2(base, i, 0) - -#if 1 - word64 kwl, kwr; - ks32 += 2*a; -#define PREPARE_KS_ROUNDS \ - kwl = (word64(k0) << 32) | k1; \ - kwr = (word64(k2) << 32) | k3 -#define KS_ROUND_0(i) \ - *(word64*)CALC_ADDR(ks32, i+EFI(0)) = kwl; \ - *(word64*)CALC_ADDR(ks32, i+EFI(1)) = kwr -#define KS_ROUND(i, r, which) \ - if (which & (1<<int(r<64))) *(word64*)CALC_ADDR(ks32, i+EFI(r<64)) = (kwr << (r%64)) | (kwl >> (64 - (r%64))); \ - if (which & (1<<int(r>64))) *(word64*)CALC_ADDR(ks32, i+EFI(r>64)) = (kwl << (r%64)) | (kwr >> (64 - (r%64))) -#else - // SSE2 version is 30% faster on Intel Core 2. Doesn't seem worth the hassle of maintenance, but left here - // #if'd out in case someone needs it. - __m128i kw, kw2; - __m128i *ks128 = (__m128i *)ks32+a/2; - ks32 += 2*a; -#define PREPARE_KS_ROUNDS \ - kw = _mm_set_epi32(k0, k1, k2, k3); \ - if (m) kw2 = kw, kw = _mm_shuffle_epi32(kw, _MM_SHUFFLE(1, 0, 3, 2)); \ - else kw2 = _mm_shuffle_epi32(kw, _MM_SHUFFLE(1, 0, 3, 2)) -#define KS_ROUND_0(i) \ - _mm_store_si128((__m128i *)CALC_ADDR(ks128, i), kw) -#define KS_ROUND(i, r, which) { \ - __m128i temp; \ - if (r<64 && (which!=1 || m)) temp = _mm_or_si128(_mm_slli_epi64(kw, r%64), _mm_srli_epi64(kw2, 64-r%64)); \ - else temp = _mm_or_si128(_mm_slli_epi64(kw2, r%64), _mm_srli_epi64(kw, 64-r%64)); \ - if (which & 2) _mm_store_si128((__m128i *)CALC_ADDR(ks128, i), temp); \ - else _mm_storel_epi64((__m128i*)CALC_ADDR(ks32, i+EFI(0)), temp); \ - } -#endif - - if (keylen == 16) - { - // KL - PREPARE_KS_ROUNDS; - KS_ROUND_0(0); - KS_ROUND(4, 15, 3); - KS_ROUND(10, 45, 3); - KS_ROUND(12, 60, 2); - KS_ROUND(16, 77, 3); - KS_ROUND(18, 94, 3); - KS_ROUND(22, 111, 3); - - // KA - k0=kl0, k1=kl1, k2=kl2, k3=kl3; - DOUBLE_ROUND(k0, k1, k2, k3, 0xA09E667Ful, 0x3BCC908Bul, 0xB67AE858ul, 0x4CAA73B2ul); - k0^=kl0, k1^=kl1, k2^=kl2, k3^=kl3; - DOUBLE_ROUND(k0, k1, k2, k3, 0xC6EF372Ful, 0xE94F82BEul, 0x54FF53A5ul, 0xF1D36F1Cul); - - PREPARE_KS_ROUNDS; - KS_ROUND_0(2); - KS_ROUND(6, 15, 3); - KS_ROUND(8, 30, 3); - KS_ROUND(12, 45, 1); - KS_ROUND(14, 60, 3); - KS_ROUND(20, 94, 3); - KS_ROUND(24, 47, 3); - } - else - { - // KL - PREPARE_KS_ROUNDS; - KS_ROUND_0(0); - KS_ROUND(12, 45, 3); - KS_ROUND(16, 60, 3); - KS_ROUND(22, 77, 3); - KS_ROUND(30, 111, 3); - - // KR - word32 kr0, kr1, kr2, kr3; - GetBlock<word32, BigEndian>(key+16)(kr0)(kr1); - if (keylen == 24) - kr2 = ~kr0, kr3 = ~kr1; - else - GetBlock<word32, BigEndian>(key+24)(kr2)(kr3); - k0=kr0, k1=kr1, k2=kr2, k3=kr3; - - PREPARE_KS_ROUNDS; - KS_ROUND(4, 15, 3); - KS_ROUND(8, 30, 3); - KS_ROUND(18, 60, 3); - KS_ROUND(26, 94, 3); - - // KA - k0^=kl0, k1^=kl1, k2^=kl2, k3^=kl3; - DOUBLE_ROUND(k0, k1, k2, k3, 0xA09E667Ful, 0x3BCC908Bul, 0xB67AE858ul, 0x4CAA73B2ul); - k0^=kl0, k1^=kl1, k2^=kl2, k3^=kl3; - DOUBLE_ROUND(k0, k1, k2, k3, 0xC6EF372Ful, 0xE94F82BEul, 0x54FF53A5ul, 0xF1D36F1Cul); - - PREPARE_KS_ROUNDS; - KS_ROUND(6, 15, 3); - KS_ROUND(14, 45, 3); - KS_ROUND(24, 77, 3); - KS_ROUND(28, 94, 3); - - // KB - k0^=kr0, k1^=kr1, k2^=kr2, k3^=kr3; - DOUBLE_ROUND(k0, k1, k2, k3, 0x10E527FAul, 0xDE682D1Dul, 0xB05688C2ul, 0xB3E6C1FDul); - - PREPARE_KS_ROUNDS; - KS_ROUND_0(2); - KS_ROUND(10, 30, 3); - KS_ROUND(20, 60, 3); - KS_ROUND(32, 47, 3); - } -} - -void Camellia::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ -#define KS(i, j) ks[i*4 + EFI(j/2)*2 + EFI(j%2)] - -#define FL(klh, kll, krh, krl) \ - ll ^= rotlFixed(lh & klh, 1); \ - lh ^= (ll | kll); \ - rh ^= (rl | krl); \ - rl ^= rotlFixed(rh & krh, 1); - - word32 lh, ll, rh, rl; - typedef BlockGetAndPut<word32, BigEndian> Block; - Block::Get(inBlock)(lh)(ll)(rh)(rl); - const word32 *ks = m_key.data(); - lh ^= KS(0,0); - ll ^= KS(0,1); - rh ^= KS(0,2); - rl ^= KS(0,3); - - // timing attack countermeasure. see comments at top for more details - const int cacheLineSize = GetCacheLineSize(); - unsigned int i; - word32 u = 0; - for (i=0; i<256; i+=cacheLineSize) - u &= *(const word32 *)(s1+i); - u &= *(const word32 *)(s1+252); - lh |= u; ll |= u; - - SLOW_ROUND(lh, ll, rh, rl, KS(1,0), KS(1,1)) - SLOW_ROUND(rh, rl, lh, ll, KS(1,2), KS(1,3)) - for (i = m_rounds-1; i > 0; --i) - { - DOUBLE_ROUND(lh, ll, rh, rl, KS(2,0), KS(2,1), KS(2,2), KS(2,3)) - DOUBLE_ROUND(lh, ll, rh, rl, KS(3,0), KS(3,1), KS(3,2), KS(3,3)) - FL(KS(4,0), KS(4,1), KS(4,2), KS(4,3)); - DOUBLE_ROUND(lh, ll, rh, rl, KS(5,0), KS(5,1), KS(5,2), KS(5,3)) - ks += 16; - } - DOUBLE_ROUND(lh, ll, rh, rl, KS(2,0), KS(2,1), KS(2,2), KS(2,3)) - ROUND(lh, ll, rh, rl, KS(3,0), KS(3,1)) - SLOW_ROUND(rh, rl, lh, ll, KS(3,2), KS(3,3)) - lh ^= KS(4,0); - ll ^= KS(4,1); - rh ^= KS(4,2); - rl ^= KS(4,3); - Block::Put(xorBlock, outBlock)(rh)(rl)(lh)(ll); -} - -// The Camellia s-boxes - -const byte Camellia::Base::s1[256] = -{ - 112,130,44,236,179,39,192,229,228,133,87,53,234,12,174,65, - 35,239,107,147,69,25,165,33,237,14,79,78,29,101,146,189, - 134,184,175,143,124,235,31,206,62,48,220,95,94,197,11,26, - 166,225,57,202,213,71,93,61,217,1,90,214,81,86,108,77, - 139,13,154,102,251,204,176,45,116,18,43,32,240,177,132,153, - 223,76,203,194,52,126,118,5,109,183,169,49,209,23,4,215, - 20,88,58,97,222,27,17,28,50,15,156,22,83,24,242,34, - 254,68,207,178,195,181,122,145,36,8,232,168,96,252,105,80, - 170,208,160,125,161,137,98,151,84,91,30,149,224,255,100,210, - 16,196,0,72,163,247,117,219,138,3,230,218,9,63,221,148, - 135,92,131,2,205,74,144,51,115,103,246,243,157,127,191,226, - 82,155,216,38,200,55,198,59,129,150,111,75,19,190,99,46, - 233,121,167,140,159,110,188,142,41,245,249,182,47,253,180,89, - 120,152,6,106,231,70,113,186,212,37,171,66,136,162,141,250, - 114,7,185,85,248,238,172,10,54,73,42,104,60,56,241,164, - 64,40,211,123,187,201,67,193,21,227,173,244,119,199,128,158 -}; - -const word32 Camellia::Base::SP[4][256] = { - { - 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, - 0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500, - 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, - 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, - 0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300, - 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, - 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, - 0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00, - 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, - 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, - 0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00, - 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, - 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, - 0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00, - 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, - 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, - 0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600, - 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, - 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, - 0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900, - 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, - 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, - 0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100, - 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, - 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, - 0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00, - 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, - 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, - 0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200, - 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, - 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, - 0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000, - 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, - 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, - 0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500, - 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, - 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, - 0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00, - 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, - 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, - 0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200, - 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, - 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, - 0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200, - 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, - 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, - 0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00, - 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, - 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, - 0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00, - 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, - 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, - 0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00, - 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, - 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, - 0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00, - 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, - 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, - 0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800, - 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, - 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, - 0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100, - 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, - 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00 - }, - { - 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, - 0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb, - 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, - 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, - 0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727, - 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, - 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, - 0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b, - 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, - 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, - 0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe, - 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, - 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, - 0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a, - 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, - 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, - 0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc, - 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, - 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, - 0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333, - 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, - 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, - 0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262, - 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, - 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, - 0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838, - 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, - 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, - 0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565, - 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, - 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, - 0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0, - 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, - 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, - 0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b, - 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, - 0x00202020, 0x00898989, 0x00000000, 0x00909090, - 0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7, - 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, - 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, - 0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404, - 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, - 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, - 0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5, - 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, - 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, - 0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696, - 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, - 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, - 0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d, - 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, - 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, - 0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4, - 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, - 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, - 0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5, - 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, - 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, - 0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0, - 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, - 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, - 0x00777777, 0x00939393, 0x00868686, 0x00838383, - 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, - 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d - }, - { - 0x38003838, 0x41004141, 0x16001616, 0x76007676, - 0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2, - 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, - 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, - 0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9, - 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, - 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, - 0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede, - 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, - 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, - 0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf, - 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, - 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, - 0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e, - 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, - 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, - 0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333, - 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, - 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, - 0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc, - 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, - 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, - 0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898, - 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, - 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, - 0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e, - 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, - 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, - 0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959, - 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, - 0x12001212, 0x04000404, 0x74007474, 0x54005454, - 0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828, - 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, - 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, - 0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca, - 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, - 0x08000808, 0x62006262, 0x00000000, 0x24002424, - 0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded, - 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, - 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, - 0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101, - 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, - 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, - 0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171, - 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, - 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, - 0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5, - 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, - 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, - 0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747, - 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, - 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, - 0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535, - 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, - 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, - 0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d, - 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, - 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, - 0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434, - 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, - 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, - 0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0, - 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, - 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f - }, - { - 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, - 0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae, - 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, - 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, - 0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f, - 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, - 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, - 0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c, - 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, - 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, - 0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076, - 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, - 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, - 0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2, - 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, - 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, - 0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062, - 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, - 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, - 0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd, - 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, - 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, - 0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6, - 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, - 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, - 0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4, - 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, - 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, - 0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac, - 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, - 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, - 0x15150015, 0xadad00ad, 0x77770077, 0x80800080, - 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, - 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, - 0xefef00ef, 0x93930093, 0x19190019, 0x21210021, - 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, - 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, - 0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a, - 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, - 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, - 0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d, - 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, - 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, - 0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7, - 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, - 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, - 0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091, - 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, - 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, - 0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2, - 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, - 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, - 0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033, - 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, - 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, - 0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e, - 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, - 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, - 0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba, - 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, - 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, - 0x49490049, 0x68680068, 0x38380038, 0xa4a400a4, - 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, - 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e - }}; - -NAMESPACE_END diff --git a/cryptopp562/camellia.h b/cryptopp562/camellia.h deleted file mode 100644 index d8700cb..0000000 --- a/cryptopp562/camellia.h +++ /dev/null @@ -1,47 +0,0 @@ -#ifndef CRYPTOPP_CAMELLIA_H -#define CRYPTOPP_CAMELLIA_H - -#include "config.h" - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Camellia_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8> -{ - static const char *StaticAlgorithmName() {return "Camellia";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#Camellia">Camellia</a> -class Camellia : public Camellia_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<Camellia_Info> - { - public: - void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - protected: - static const byte s1[256]; - static const word32 SP[4][256]; - - unsigned int m_rounds; - SecBlock<word32> m_key; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -typedef Camellia::Encryption CamelliaEncryption; -typedef Camellia::Decryption CamelliaDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cast.cpp b/cryptopp562/cast.cpp deleted file mode 100644 index ef0a5ef..0000000 --- a/cryptopp562/cast.cpp +++ /dev/null @@ -1,296 +0,0 @@ -// cast.cpp - written and placed in the public domain by Wei Dai and Leonard Janke -// based on Steve Reid's public domain cast.c - -#include "pch.h" -#include "cast.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -/* Macros to access 8-bit bytes out of a 32-bit word */ -#define U8a(x) GETBYTE(x,3) -#define U8b(x) GETBYTE(x,2) -#define U8c(x) GETBYTE(x,1) -#define U8d(x) GETBYTE(x,0) - -/* CAST uses three different round functions */ -#define f1(l, r, km, kr) \ - t = rotlVariable(km + r, kr); \ - l ^= ((S[0][U8a(t)] ^ S[1][U8b(t)]) - \ - S[2][U8c(t)]) + S[3][U8d(t)]; -#define f2(l, r, km, kr) \ - t = rotlVariable(km ^ r, kr); \ - l ^= ((S[0][U8a(t)] - S[1][U8b(t)]) + \ - S[2][U8c(t)]) ^ S[3][U8d(t)]; -#define f3(l, r, km, kr) \ - t = rotlVariable(km - r, kr); \ - l ^= ((S[0][U8a(t)] + S[1][U8b(t)]) ^ \ - S[2][U8c(t)]) - S[3][U8d(t)]; - -#define F1(l, r, i, j) f1(l, r, K[i], K[i+j]) -#define F2(l, r, i, j) f2(l, r, K[i], K[i+j]) -#define F3(l, r, i, j) f3(l, r, K[i], K[i+j]) - -typedef BlockGetAndPut<word32, BigEndian> Block; - -void CAST128::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 t, l, r; - - /* Get inblock into l,r */ - Block::Get(inBlock)(l)(r); - /* Do the work */ - F1(l, r, 0, 16); - F2(r, l, 1, 16); - F3(l, r, 2, 16); - F1(r, l, 3, 16); - F2(l, r, 4, 16); - F3(r, l, 5, 16); - F1(l, r, 6, 16); - F2(r, l, 7, 16); - F3(l, r, 8, 16); - F1(r, l, 9, 16); - F2(l, r, 10, 16); - F3(r, l, 11, 16); - /* Only do full 16 rounds if key length > 80 bits */ - if (!reduced) { - F1(l, r, 12, 16); - F2(r, l, 13, 16); - F3(l, r, 14, 16); - F1(r, l, 15, 16); - } - /* Put l,r into outblock */ - Block::Put(xorBlock, outBlock)(r)(l); -} - -void CAST128::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 t, l, r; - - /* Get inblock into l,r */ - Block::Get(inBlock)(r)(l); - /* Only do full 16 rounds if key length > 80 bits */ - if (!reduced) { - F1(r, l, 15, 16); - F3(l, r, 14, 16); - F2(r, l, 13, 16); - F1(l, r, 12, 16); - } - F3(r, l, 11, 16); - F2(l, r, 10, 16); - F1(r, l, 9, 16); - F3(l, r, 8, 16); - F2(r, l, 7, 16); - F1(l, r, 6, 16); - F3(r, l, 5, 16); - F2(l, r, 4, 16); - F1(r, l, 3, 16); - F3(l, r, 2, 16); - F2(r, l, 1, 16); - F1(l, r, 0, 16); - /* Put l,r into outblock */ - Block::Put(xorBlock, outBlock)(l)(r); - /* Wipe clean */ - t = l = r = 0; -} - -void CAST128::Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &) -{ - AssertValidKeyLength(keylength); - - reduced = (keylength <= 10); - - word32 X[4], Z[4]; - GetUserKey(BIG_ENDIAN_ORDER, X, 4, userKey, keylength); - -#define x(i) GETBYTE(X[i/4], 3-i%4) -#define z(i) GETBYTE(Z[i/4], 3-i%4) - - unsigned int i; - for (i=0; i<=16; i+=16) - { - // this part is copied directly from RFC 2144 (with some search and replace) by Wei Dai - Z[0] = X[0] ^ S[4][x(0xD)] ^ S[5][x(0xF)] ^ S[6][x(0xC)] ^ S[7][x(0xE)] ^ S[6][x(0x8)]; - Z[1] = X[2] ^ S[4][z(0x0)] ^ S[5][z(0x2)] ^ S[6][z(0x1)] ^ S[7][z(0x3)] ^ S[7][x(0xA)]; - Z[2] = X[3] ^ S[4][z(0x7)] ^ S[5][z(0x6)] ^ S[6][z(0x5)] ^ S[7][z(0x4)] ^ S[4][x(0x9)]; - Z[3] = X[1] ^ S[4][z(0xA)] ^ S[5][z(0x9)] ^ S[6][z(0xB)] ^ S[7][z(0x8)] ^ S[5][x(0xB)]; - K[i+0] = S[4][z(0x8)] ^ S[5][z(0x9)] ^ S[6][z(0x7)] ^ S[7][z(0x6)] ^ S[4][z(0x2)]; - K[i+1] = S[4][z(0xA)] ^ S[5][z(0xB)] ^ S[6][z(0x5)] ^ S[7][z(0x4)] ^ S[5][z(0x6)]; - K[i+2] = S[4][z(0xC)] ^ S[5][z(0xD)] ^ S[6][z(0x3)] ^ S[7][z(0x2)] ^ S[6][z(0x9)]; - K[i+3] = S[4][z(0xE)] ^ S[5][z(0xF)] ^ S[6][z(0x1)] ^ S[7][z(0x0)] ^ S[7][z(0xC)]; - X[0] = Z[2] ^ S[4][z(0x5)] ^ S[5][z(0x7)] ^ S[6][z(0x4)] ^ S[7][z(0x6)] ^ S[6][z(0x0)]; - X[1] = Z[0] ^ S[4][x(0x0)] ^ S[5][x(0x2)] ^ S[6][x(0x1)] ^ S[7][x(0x3)] ^ S[7][z(0x2)]; - X[2] = Z[1] ^ S[4][x(0x7)] ^ S[5][x(0x6)] ^ S[6][x(0x5)] ^ S[7][x(0x4)] ^ S[4][z(0x1)]; - X[3] = Z[3] ^ S[4][x(0xA)] ^ S[5][x(0x9)] ^ S[6][x(0xB)] ^ S[7][x(0x8)] ^ S[5][z(0x3)]; - K[i+4] = S[4][x(0x3)] ^ S[5][x(0x2)] ^ S[6][x(0xC)] ^ S[7][x(0xD)] ^ S[4][x(0x8)]; - K[i+5] = S[4][x(0x1)] ^ S[5][x(0x0)] ^ S[6][x(0xE)] ^ S[7][x(0xF)] ^ S[5][x(0xD)]; - K[i+6] = S[4][x(0x7)] ^ S[5][x(0x6)] ^ S[6][x(0x8)] ^ S[7][x(0x9)] ^ S[6][x(0x3)]; - K[i+7] = S[4][x(0x5)] ^ S[5][x(0x4)] ^ S[6][x(0xA)] ^ S[7][x(0xB)] ^ S[7][x(0x7)]; - Z[0] = X[0] ^ S[4][x(0xD)] ^ S[5][x(0xF)] ^ S[6][x(0xC)] ^ S[7][x(0xE)] ^ S[6][x(0x8)]; - Z[1] = X[2] ^ S[4][z(0x0)] ^ S[5][z(0x2)] ^ S[6][z(0x1)] ^ S[7][z(0x3)] ^ S[7][x(0xA)]; - Z[2] = X[3] ^ S[4][z(0x7)] ^ S[5][z(0x6)] ^ S[6][z(0x5)] ^ S[7][z(0x4)] ^ S[4][x(0x9)]; - Z[3] = X[1] ^ S[4][z(0xA)] ^ S[5][z(0x9)] ^ S[6][z(0xB)] ^ S[7][z(0x8)] ^ S[5][x(0xB)]; - K[i+8] = S[4][z(0x3)] ^ S[5][z(0x2)] ^ S[6][z(0xC)] ^ S[7][z(0xD)] ^ S[4][z(0x9)]; - K[i+9] = S[4][z(0x1)] ^ S[5][z(0x0)] ^ S[6][z(0xE)] ^ S[7][z(0xF)] ^ S[5][z(0xC)]; - K[i+10] = S[4][z(0x7)] ^ S[5][z(0x6)] ^ S[6][z(0x8)] ^ S[7][z(0x9)] ^ S[6][z(0x2)]; - K[i+11] = S[4][z(0x5)] ^ S[5][z(0x4)] ^ S[6][z(0xA)] ^ S[7][z(0xB)] ^ S[7][z(0x6)]; - X[0] = Z[2] ^ S[4][z(0x5)] ^ S[5][z(0x7)] ^ S[6][z(0x4)] ^ S[7][z(0x6)] ^ S[6][z(0x0)]; - X[1] = Z[0] ^ S[4][x(0x0)] ^ S[5][x(0x2)] ^ S[6][x(0x1)] ^ S[7][x(0x3)] ^ S[7][z(0x2)]; - X[2] = Z[1] ^ S[4][x(0x7)] ^ S[5][x(0x6)] ^ S[6][x(0x5)] ^ S[7][x(0x4)] ^ S[4][z(0x1)]; - X[3] = Z[3] ^ S[4][x(0xA)] ^ S[5][x(0x9)] ^ S[6][x(0xB)] ^ S[7][x(0x8)] ^ S[5][z(0x3)]; - K[i+12] = S[4][x(0x8)] ^ S[5][x(0x9)] ^ S[6][x(0x7)] ^ S[7][x(0x6)] ^ S[4][x(0x3)]; - K[i+13] = S[4][x(0xA)] ^ S[5][x(0xB)] ^ S[6][x(0x5)] ^ S[7][x(0x4)] ^ S[5][x(0x7)]; - K[i+14] = S[4][x(0xC)] ^ S[5][x(0xD)] ^ S[6][x(0x3)] ^ S[7][x(0x2)] ^ S[6][x(0x8)]; - K[i+15] = S[4][x(0xE)] ^ S[5][x(0xF)] ^ S[6][x(0x1)] ^ S[7][x(0x0)] ^ S[7][x(0xD)]; - } - - for (i=16; i<32; i++) - K[i] &= 0x1f; -} - -// The following CAST-256 implementation was contributed by Leonard Janke - -const word32 CAST256::Base::t_m[8][24]={ -{ 0x5a827999, 0xd151d6a1, 0x482133a9, 0xbef090b1, 0x35bfedb9, 0xac8f4ac1, - 0x235ea7c9, 0x9a2e04d1, 0x10fd61d9, 0x87ccbee1, 0xfe9c1be9, 0x756b78f1, - 0xec3ad5f9, 0x630a3301, 0xd9d99009, 0x50a8ed11, 0xc7784a19, 0x3e47a721, - 0xb5170429, 0x2be66131, 0xa2b5be39, 0x19851b41, 0x90547849, 0x0723d551}, -{ 0xc95c653a, 0x402bc242, 0xb6fb1f4a, 0x2dca7c52, 0xa499d95a, 0x1b693662, - 0x9238936a, 0x0907f072, 0x7fd74d7a, 0xf6a6aa82, 0x6d76078a, 0xe4456492, - 0x5b14c19a, 0xd1e41ea2, 0x48b37baa, 0xbf82d8b2, 0x365235ba, 0xad2192c2, - 0x23f0efca, 0x9ac04cd2, 0x118fa9da, 0x885f06e2, 0xff2e63ea, 0x75fdc0f2}, -{ 0x383650db, 0xaf05ade3, 0x25d50aeb, 0x9ca467f3, 0x1373c4fb, 0x8a432203, - 0x01127f0b, 0x77e1dc13, 0xeeb1391b, 0x65809623, 0xdc4ff32b, 0x531f5033, - 0xc9eead3b, 0x40be0a43, 0xb78d674b, 0x2e5cc453, 0xa52c215b, 0x1bfb7e63, - 0x92cadb6b, 0x099a3873, 0x8069957b, 0xf738f283, 0x6e084f8b, 0xe4d7ac93}, -{ 0xa7103c7c, 0x1ddf9984, 0x94aef68c, 0x0b7e5394, 0x824db09c, 0xf91d0da4, - 0x6fec6aac, 0xe6bbc7b4, 0x5d8b24bc, 0xd45a81c4, 0x4b29decc, 0xc1f93bd4, - 0x38c898dc, 0xaf97f5e4, 0x266752ec, 0x9d36aff4, 0x14060cfc, 0x8ad56a04, - 0x01a4c70c, 0x78742414, 0xef43811c, 0x6612de24, 0xdce23b2c, 0x53b19834}, -{ 0x15ea281d, 0x8cb98525, 0x0388e22d, 0x7a583f35, 0xf1279c3d, 0x67f6f945, - 0xdec6564d, 0x5595b355, 0xcc65105d, 0x43346d65, 0xba03ca6d, 0x30d32775, - 0xa7a2847d, 0x1e71e185, 0x95413e8d, 0x0c109b95, 0x82dff89d, 0xf9af55a5, - 0x707eb2ad, 0xe74e0fb5, 0x5e1d6cbd, 0xd4ecc9c5, 0x4bbc26cd, 0xc28b83d5}, -{ 0x84c413be, 0xfb9370c6, 0x7262cdce, 0xe9322ad6, 0x600187de, 0xd6d0e4e6, - 0x4da041ee, 0xc46f9ef6, 0x3b3efbfe, 0xb20e5906, 0x28ddb60e, 0x9fad1316, - 0x167c701e, 0x8d4bcd26, 0x041b2a2e, 0x7aea8736, 0xf1b9e43e, 0x68894146, - 0xdf589e4e, 0x5627fb56, 0xccf7585e, 0x43c6b566, 0xba96126e, 0x31656f76}, -{ 0xf39dff5f, 0x6a6d5c67, 0xe13cb96f, 0x580c1677, 0xcedb737f, 0x45aad087, - 0xbc7a2d8f, 0x33498a97, 0xaa18e79f, 0x20e844a7, 0x97b7a1af, 0x0e86feb7, - 0x85565bbf, 0xfc25b8c7, 0x72f515cf, 0xe9c472d7, 0x6093cfdf, 0xd7632ce7, - 0x4e3289ef, 0xc501e6f7, 0x3bd143ff, 0xb2a0a107, 0x296ffe0f, 0xa03f5b17}, -{ 0x6277eb00, 0xd9474808, 0x5016a510, 0xc6e60218, 0x3db55f20, 0xb484bc28, - 0x2b541930, 0xa2237638, 0x18f2d340, 0x8fc23048, 0x06918d50, 0x7d60ea58, - 0xf4304760, 0x6affa468, 0xe1cf0170, 0x589e5e78, 0xcf6dbb80, 0x463d1888, - 0xbd0c7590, 0x33dbd298, 0xaaab2fa0, 0x217a8ca8, 0x9849e9b0, 0x0f1946b8} -}; - -const unsigned int CAST256::Base::t_r[8][24]={ - {19, 27, 3, 11, 19, 27, 3, 11, 19, 27, 3, 11, 19, 27, 3, 11, 19, 27, 3, 11, 19, 27, 3, 11}, - {4, 12, 20, 28, 4, 12, 20, 28, 4, 12, 20, 28, 4, 12, 20, 28, 4, 12, 20, 28, 4, 12, 20, 28}, - {21, 29, 5, 13, 21, 29, 5, 13, 21, 29, 5, 13, 21, 29, 5, 13, 21, 29, 5, 13, 21, 29, 5, 13}, - {6, 14, 22, 30, 6, 14, 22, 30, 6, 14, 22, 30, 6, 14, 22, 30, 6, 14, 22, 30, 6, 14, 22, 30}, - {23, 31, 7, 15, 23, 31, 7, 15, 23, 31, 7, 15, 23, 31, 7, 15, 23, 31, 7, 15, 23, 31, 7, 15}, - {8, 16, 24, 0, 8, 16, 24, 0, 8, 16, 24, 0, 8, 16, 24, 0, 8, 16, 24, 0, 8, 16, 24, 0}, - {25, 1, 9, 17, 25, 1, 9, 17, 25, 1, 9, 17, 25, 1, 9, 17, 25, 1, 9, 17, 25, 1, 9, 17}, - {10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2, 10, 18, 26, 2} -}; - -#define Q(i) \ - F1(block[2],block[3],8*i+4,-4); \ - F2(block[1],block[2],8*i+5,-4); \ - F3(block[0],block[1],8*i+6,-4); \ - F1(block[3],block[0],8*i+7,-4); - -#define QBar(i) \ - F1(block[3],block[0],8*i+7,-4); \ - F3(block[0],block[1],8*i+6,-4); \ - F2(block[1],block[2],8*i+5,-4); \ - F1(block[2],block[3],8*i+4,-4); - -/* CAST256's encrypt/decrypt functions are identical except for the order that -the keys are used */ - -void CAST256::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 t, block[4]; - Block::Get(inBlock)(block[0])(block[1])(block[2])(block[3]); - - // Perform 6 forward quad rounds - Q(0); - Q(1); - Q(2); - Q(3); - Q(4); - Q(5); - - // Perform 6 reverse quad rounds - QBar(6); - QBar(7); - QBar(8); - QBar(9); - QBar(10); - QBar(11); - - Block::Put(xorBlock, outBlock)(block[0])(block[1])(block[2])(block[3]); -} - -/* Set up a CAST-256 key */ - -void CAST256::Base::Omega(int i, word32 kappa[8]) -{ - word32 t; - - f1(kappa[6],kappa[7],t_m[0][i],t_r[0][i]); - f2(kappa[5],kappa[6],t_m[1][i],t_r[1][i]); - f3(kappa[4],kappa[5],t_m[2][i],t_r[2][i]); - f1(kappa[3],kappa[4],t_m[3][i],t_r[3][i]); - f2(kappa[2],kappa[3],t_m[4][i],t_r[4][i]); - f3(kappa[1],kappa[2],t_m[5][i],t_r[5][i]); - f1(kappa[0],kappa[1],t_m[6][i],t_r[6][i]); - f2(kappa[7],kappa[0],t_m[7][i],t_r[7][i]); -} - -void CAST256::Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &) -{ - AssertValidKeyLength(keylength); - - word32 kappa[8]; - GetUserKey(BIG_ENDIAN_ORDER, kappa, 8, userKey, keylength); - - for(int i=0; i<12; ++i) - { - Omega(2*i,kappa); - Omega(2*i+1,kappa); - - K[8*i]=kappa[0] & 31; - K[8*i+1]=kappa[2] & 31; - K[8*i+2]=kappa[4] & 31; - K[8*i+3]=kappa[6] & 31; - K[8*i+4]=kappa[7]; - K[8*i+5]=kappa[5]; - K[8*i+6]=kappa[3]; - K[8*i+7]=kappa[1]; - } - - if (!IsForwardTransformation()) - { - for(int j=0; j<6; ++j) - { - for(int i=0; i<4; ++i) - { - int i1=8*j+i; - int i2=8*(11-j)+i; - - assert(i1<i2); - - std::swap(K[i1],K[i2]); - std::swap(K[i1+4],K[i2+4]); - } - } - } - - memset(kappa, 0, sizeof(kappa)); -} - -NAMESPACE_END diff --git a/cryptopp562/cast.h b/cryptopp562/cast.h deleted file mode 100644 index 98bb5d6..0000000 --- a/cryptopp562/cast.h +++ /dev/null @@ -1,91 +0,0 @@ -#ifndef CRYPTOPP_CAST_H -#define CRYPTOPP_CAST_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -class CAST -{ -protected: - static const word32 S[8][256]; -}; - -//! algorithm info -struct CAST128_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 5, 16> -{ - static const char *StaticAlgorithmName() {return "CAST-128";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#CAST-128">CAST-128</a> -class CAST128 : public CAST128_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public CAST, public BlockCipherImpl<CAST128_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - bool reduced; - FixedSizeSecBlock<word32, 32> K; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -//! algorithm info -struct CAST256_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32> -{ - static const char *StaticAlgorithmName() {return "CAST-256";} -}; - -//! <a href="http://www.weidai.com/scan-mirror/cs.html#CAST-256">CAST-256</a> -class CAST256 : public CAST256_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public CAST, public BlockCipherImpl<CAST256_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - protected: - static const word32 t_m[8][24]; - static const unsigned int t_r[8][24]; - - static void Omega(int i, word32 kappa[8]); - - FixedSizeSecBlock<word32, 8*12> K; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -typedef CAST128::Encryption CAST128Encryption; -typedef CAST128::Decryption CAST128Decryption; - -typedef CAST256::Encryption CAST256Encryption; -typedef CAST256::Decryption CAST256Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/casts.cpp b/cryptopp562/casts.cpp deleted file mode 100644 index 16fa2b1..0000000 --- a/cryptopp562/casts.cpp +++ /dev/null @@ -1,545 +0,0 @@ -#include "pch.h" -#include "cast.h" - -NAMESPACE_BEGIN(CryptoPP) - -// CAST S-boxes - -const word32 CAST::S[8][256] = { -{ - 0x30FB40D4UL, 0x9FA0FF0BUL, 0x6BECCD2FUL, 0x3F258C7AUL, - 0x1E213F2FUL, 0x9C004DD3UL, 0x6003E540UL, 0xCF9FC949UL, - 0xBFD4AF27UL, 0x88BBBDB5UL, 0xE2034090UL, 0x98D09675UL, - 0x6E63A0E0UL, 0x15C361D2UL, 0xC2E7661DUL, 0x22D4FF8EUL, - 0x28683B6FUL, 0xC07FD059UL, 0xFF2379C8UL, 0x775F50E2UL, - 0x43C340D3UL, 0xDF2F8656UL, 0x887CA41AUL, 0xA2D2BD2DUL, - 0xA1C9E0D6UL, 0x346C4819UL, 0x61B76D87UL, 0x22540F2FUL, - 0x2ABE32E1UL, 0xAA54166BUL, 0x22568E3AUL, 0xA2D341D0UL, - 0x66DB40C8UL, 0xA784392FUL, 0x004DFF2FUL, 0x2DB9D2DEUL, - 0x97943FACUL, 0x4A97C1D8UL, 0x527644B7UL, 0xB5F437A7UL, - 0xB82CBAEFUL, 0xD751D159UL, 0x6FF7F0EDUL, 0x5A097A1FUL, - 0x827B68D0UL, 0x90ECF52EUL, 0x22B0C054UL, 0xBC8E5935UL, - 0x4B6D2F7FUL, 0x50BB64A2UL, 0xD2664910UL, 0xBEE5812DUL, - 0xB7332290UL, 0xE93B159FUL, 0xB48EE411UL, 0x4BFF345DUL, - 0xFD45C240UL, 0xAD31973FUL, 0xC4F6D02EUL, 0x55FC8165UL, - 0xD5B1CAADUL, 0xA1AC2DAEUL, 0xA2D4B76DUL, 0xC19B0C50UL, - 0x882240F2UL, 0x0C6E4F38UL, 0xA4E4BFD7UL, 0x4F5BA272UL, - 0x564C1D2FUL, 0xC59C5319UL, 0xB949E354UL, 0xB04669FEUL, - 0xB1B6AB8AUL, 0xC71358DDUL, 0x6385C545UL, 0x110F935DUL, - 0x57538AD5UL, 0x6A390493UL, 0xE63D37E0UL, 0x2A54F6B3UL, - 0x3A787D5FUL, 0x6276A0B5UL, 0x19A6FCDFUL, 0x7A42206AUL, - 0x29F9D4D5UL, 0xF61B1891UL, 0xBB72275EUL, 0xAA508167UL, - 0x38901091UL, 0xC6B505EBUL, 0x84C7CB8CUL, 0x2AD75A0FUL, - 0x874A1427UL, 0xA2D1936BUL, 0x2AD286AFUL, 0xAA56D291UL, - 0xD7894360UL, 0x425C750DUL, 0x93B39E26UL, 0x187184C9UL, - 0x6C00B32DUL, 0x73E2BB14UL, 0xA0BEBC3CUL, 0x54623779UL, - 0x64459EABUL, 0x3F328B82UL, 0x7718CF82UL, 0x59A2CEA6UL, - 0x04EE002EUL, 0x89FE78E6UL, 0x3FAB0950UL, 0x325FF6C2UL, - 0x81383F05UL, 0x6963C5C8UL, 0x76CB5AD6UL, 0xD49974C9UL, - 0xCA180DCFUL, 0x380782D5UL, 0xC7FA5CF6UL, 0x8AC31511UL, - 0x35E79E13UL, 0x47DA91D0UL, 0xF40F9086UL, 0xA7E2419EUL, - 0x31366241UL, 0x051EF495UL, 0xAA573B04UL, 0x4A805D8DUL, - 0x548300D0UL, 0x00322A3CUL, 0xBF64CDDFUL, 0xBA57A68EUL, - 0x75C6372BUL, 0x50AFD341UL, 0xA7C13275UL, 0x915A0BF5UL, - 0x6B54BFABUL, 0x2B0B1426UL, 0xAB4CC9D7UL, 0x449CCD82UL, - 0xF7FBF265UL, 0xAB85C5F3UL, 0x1B55DB94UL, 0xAAD4E324UL, - 0xCFA4BD3FUL, 0x2DEAA3E2UL, 0x9E204D02UL, 0xC8BD25ACUL, - 0xEADF55B3UL, 0xD5BD9E98UL, 0xE31231B2UL, 0x2AD5AD6CUL, - 0x954329DEUL, 0xADBE4528UL, 0xD8710F69UL, 0xAA51C90FUL, - 0xAA786BF6UL, 0x22513F1EUL, 0xAA51A79BUL, 0x2AD344CCUL, - 0x7B5A41F0UL, 0xD37CFBADUL, 0x1B069505UL, 0x41ECE491UL, - 0xB4C332E6UL, 0x032268D4UL, 0xC9600ACCUL, 0xCE387E6DUL, - 0xBF6BB16CUL, 0x6A70FB78UL, 0x0D03D9C9UL, 0xD4DF39DEUL, - 0xE01063DAUL, 0x4736F464UL, 0x5AD328D8UL, 0xB347CC96UL, - 0x75BB0FC3UL, 0x98511BFBUL, 0x4FFBCC35UL, 0xB58BCF6AUL, - 0xE11F0ABCUL, 0xBFC5FE4AUL, 0xA70AEC10UL, 0xAC39570AUL, - 0x3F04442FUL, 0x6188B153UL, 0xE0397A2EUL, 0x5727CB79UL, - 0x9CEB418FUL, 0x1CACD68DUL, 0x2AD37C96UL, 0x0175CB9DUL, - 0xC69DFF09UL, 0xC75B65F0UL, 0xD9DB40D8UL, 0xEC0E7779UL, - 0x4744EAD4UL, 0xB11C3274UL, 0xDD24CB9EUL, 0x7E1C54BDUL, - 0xF01144F9UL, 0xD2240EB1UL, 0x9675B3FDUL, 0xA3AC3755UL, - 0xD47C27AFUL, 0x51C85F4DUL, 0x56907596UL, 0xA5BB15E6UL, - 0x580304F0UL, 0xCA042CF1UL, 0x011A37EAUL, 0x8DBFAADBUL, - 0x35BA3E4AUL, 0x3526FFA0UL, 0xC37B4D09UL, 0xBC306ED9UL, - 0x98A52666UL, 0x5648F725UL, 0xFF5E569DUL, 0x0CED63D0UL, - 0x7C63B2CFUL, 0x700B45E1UL, 0xD5EA50F1UL, 0x85A92872UL, - 0xAF1FBDA7UL, 0xD4234870UL, 0xA7870BF3UL, 0x2D3B4D79UL, - 0x42E04198UL, 0x0CD0EDE7UL, 0x26470DB8UL, 0xF881814CUL, - 0x474D6AD7UL, 0x7C0C5E5CUL, 0xD1231959UL, 0x381B7298UL, - 0xF5D2F4DBUL, 0xAB838653UL, 0x6E2F1E23UL, 0x83719C9EUL, - 0xBD91E046UL, 0x9A56456EUL, 0xDC39200CUL, 0x20C8C571UL, - 0x962BDA1CUL, 0xE1E696FFUL, 0xB141AB08UL, 0x7CCA89B9UL, - 0x1A69E783UL, 0x02CC4843UL, 0xA2F7C579UL, 0x429EF47DUL, - 0x427B169CUL, 0x5AC9F049UL, 0xDD8F0F00UL, 0x5C8165BFUL -}, - -{ - 0x1F201094UL, 0xEF0BA75BUL, 0x69E3CF7EUL, 0x393F4380UL, - 0xFE61CF7AUL, 0xEEC5207AUL, 0x55889C94UL, 0x72FC0651UL, - 0xADA7EF79UL, 0x4E1D7235UL, 0xD55A63CEUL, 0xDE0436BAUL, - 0x99C430EFUL, 0x5F0C0794UL, 0x18DCDB7DUL, 0xA1D6EFF3UL, - 0xA0B52F7BUL, 0x59E83605UL, 0xEE15B094UL, 0xE9FFD909UL, - 0xDC440086UL, 0xEF944459UL, 0xBA83CCB3UL, 0xE0C3CDFBUL, - 0xD1DA4181UL, 0x3B092AB1UL, 0xF997F1C1UL, 0xA5E6CF7BUL, - 0x01420DDBUL, 0xE4E7EF5BUL, 0x25A1FF41UL, 0xE180F806UL, - 0x1FC41080UL, 0x179BEE7AUL, 0xD37AC6A9UL, 0xFE5830A4UL, - 0x98DE8B7FUL, 0x77E83F4EUL, 0x79929269UL, 0x24FA9F7BUL, - 0xE113C85BUL, 0xACC40083UL, 0xD7503525UL, 0xF7EA615FUL, - 0x62143154UL, 0x0D554B63UL, 0x5D681121UL, 0xC866C359UL, - 0x3D63CF73UL, 0xCEE234C0UL, 0xD4D87E87UL, 0x5C672B21UL, - 0x071F6181UL, 0x39F7627FUL, 0x361E3084UL, 0xE4EB573BUL, - 0x602F64A4UL, 0xD63ACD9CUL, 0x1BBC4635UL, 0x9E81032DUL, - 0x2701F50CUL, 0x99847AB4UL, 0xA0E3DF79UL, 0xBA6CF38CUL, - 0x10843094UL, 0x2537A95EUL, 0xF46F6FFEUL, 0xA1FF3B1FUL, - 0x208CFB6AUL, 0x8F458C74UL, 0xD9E0A227UL, 0x4EC73A34UL, - 0xFC884F69UL, 0x3E4DE8DFUL, 0xEF0E0088UL, 0x3559648DUL, - 0x8A45388CUL, 0x1D804366UL, 0x721D9BFDUL, 0xA58684BBUL, - 0xE8256333UL, 0x844E8212UL, 0x128D8098UL, 0xFED33FB4UL, - 0xCE280AE1UL, 0x27E19BA5UL, 0xD5A6C252UL, 0xE49754BDUL, - 0xC5D655DDUL, 0xEB667064UL, 0x77840B4DUL, 0xA1B6A801UL, - 0x84DB26A9UL, 0xE0B56714UL, 0x21F043B7UL, 0xE5D05860UL, - 0x54F03084UL, 0x066FF472UL, 0xA31AA153UL, 0xDADC4755UL, - 0xB5625DBFUL, 0x68561BE6UL, 0x83CA6B94UL, 0x2D6ED23BUL, - 0xECCF01DBUL, 0xA6D3D0BAUL, 0xB6803D5CUL, 0xAF77A709UL, - 0x33B4A34CUL, 0x397BC8D6UL, 0x5EE22B95UL, 0x5F0E5304UL, - 0x81ED6F61UL, 0x20E74364UL, 0xB45E1378UL, 0xDE18639BUL, - 0x881CA122UL, 0xB96726D1UL, 0x8049A7E8UL, 0x22B7DA7BUL, - 0x5E552D25UL, 0x5272D237UL, 0x79D2951CUL, 0xC60D894CUL, - 0x488CB402UL, 0x1BA4FE5BUL, 0xA4B09F6BUL, 0x1CA815CFUL, - 0xA20C3005UL, 0x8871DF63UL, 0xB9DE2FCBUL, 0x0CC6C9E9UL, - 0x0BEEFF53UL, 0xE3214517UL, 0xB4542835UL, 0x9F63293CUL, - 0xEE41E729UL, 0x6E1D2D7CUL, 0x50045286UL, 0x1E6685F3UL, - 0xF33401C6UL, 0x30A22C95UL, 0x31A70850UL, 0x60930F13UL, - 0x73F98417UL, 0xA1269859UL, 0xEC645C44UL, 0x52C877A9UL, - 0xCDFF33A6UL, 0xA02B1741UL, 0x7CBAD9A2UL, 0x2180036FUL, - 0x50D99C08UL, 0xCB3F4861UL, 0xC26BD765UL, 0x64A3F6ABUL, - 0x80342676UL, 0x25A75E7BUL, 0xE4E6D1FCUL, 0x20C710E6UL, - 0xCDF0B680UL, 0x17844D3BUL, 0x31EEF84DUL, 0x7E0824E4UL, - 0x2CCB49EBUL, 0x846A3BAEUL, 0x8FF77888UL, 0xEE5D60F6UL, - 0x7AF75673UL, 0x2FDD5CDBUL, 0xA11631C1UL, 0x30F66F43UL, - 0xB3FAEC54UL, 0x157FD7FAUL, 0xEF8579CCUL, 0xD152DE58UL, - 0xDB2FFD5EUL, 0x8F32CE19UL, 0x306AF97AUL, 0x02F03EF8UL, - 0x99319AD5UL, 0xC242FA0FUL, 0xA7E3EBB0UL, 0xC68E4906UL, - 0xB8DA230CUL, 0x80823028UL, 0xDCDEF3C8UL, 0xD35FB171UL, - 0x088A1BC8UL, 0xBEC0C560UL, 0x61A3C9E8UL, 0xBCA8F54DUL, - 0xC72FEFFAUL, 0x22822E99UL, 0x82C570B4UL, 0xD8D94E89UL, - 0x8B1C34BCUL, 0x301E16E6UL, 0x273BE979UL, 0xB0FFEAA6UL, - 0x61D9B8C6UL, 0x00B24869UL, 0xB7FFCE3FUL, 0x08DC283BUL, - 0x43DAF65AUL, 0xF7E19798UL, 0x7619B72FUL, 0x8F1C9BA4UL, - 0xDC8637A0UL, 0x16A7D3B1UL, 0x9FC393B7UL, 0xA7136EEBUL, - 0xC6BCC63EUL, 0x1A513742UL, 0xEF6828BCUL, 0x520365D6UL, - 0x2D6A77ABUL, 0x3527ED4BUL, 0x821FD216UL, 0x095C6E2EUL, - 0xDB92F2FBUL, 0x5EEA29CBUL, 0x145892F5UL, 0x91584F7FUL, - 0x5483697BUL, 0x2667A8CCUL, 0x85196048UL, 0x8C4BACEAUL, - 0x833860D4UL, 0x0D23E0F9UL, 0x6C387E8AUL, 0x0AE6D249UL, - 0xB284600CUL, 0xD835731DUL, 0xDCB1C647UL, 0xAC4C56EAUL, - 0x3EBD81B3UL, 0x230EABB0UL, 0x6438BC87UL, 0xF0B5B1FAUL, - 0x8F5EA2B3UL, 0xFC184642UL, 0x0A036B7AUL, 0x4FB089BDUL, - 0x649DA589UL, 0xA345415EUL, 0x5C038323UL, 0x3E5D3BB9UL, - 0x43D79572UL, 0x7E6DD07CUL, 0x06DFDF1EUL, 0x6C6CC4EFUL, - 0x7160A539UL, 0x73BFBE70UL, 0x83877605UL, 0x4523ECF1UL -}, - -{ - 0x8DEFC240UL, 0x25FA5D9FUL, 0xEB903DBFUL, 0xE810C907UL, - 0x47607FFFUL, 0x369FE44BUL, 0x8C1FC644UL, 0xAECECA90UL, - 0xBEB1F9BFUL, 0xEEFBCAEAUL, 0xE8CF1950UL, 0x51DF07AEUL, - 0x920E8806UL, 0xF0AD0548UL, 0xE13C8D83UL, 0x927010D5UL, - 0x11107D9FUL, 0x07647DB9UL, 0xB2E3E4D4UL, 0x3D4F285EUL, - 0xB9AFA820UL, 0xFADE82E0UL, 0xA067268BUL, 0x8272792EUL, - 0x553FB2C0UL, 0x489AE22BUL, 0xD4EF9794UL, 0x125E3FBCUL, - 0x21FFFCEEUL, 0x825B1BFDUL, 0x9255C5EDUL, 0x1257A240UL, - 0x4E1A8302UL, 0xBAE07FFFUL, 0x528246E7UL, 0x8E57140EUL, - 0x3373F7BFUL, 0x8C9F8188UL, 0xA6FC4EE8UL, 0xC982B5A5UL, - 0xA8C01DB7UL, 0x579FC264UL, 0x67094F31UL, 0xF2BD3F5FUL, - 0x40FFF7C1UL, 0x1FB78DFCUL, 0x8E6BD2C1UL, 0x437BE59BUL, - 0x99B03DBFUL, 0xB5DBC64BUL, 0x638DC0E6UL, 0x55819D99UL, - 0xA197C81CUL, 0x4A012D6EUL, 0xC5884A28UL, 0xCCC36F71UL, - 0xB843C213UL, 0x6C0743F1UL, 0x8309893CUL, 0x0FEDDD5FUL, - 0x2F7FE850UL, 0xD7C07F7EUL, 0x02507FBFUL, 0x5AFB9A04UL, - 0xA747D2D0UL, 0x1651192EUL, 0xAF70BF3EUL, 0x58C31380UL, - 0x5F98302EUL, 0x727CC3C4UL, 0x0A0FB402UL, 0x0F7FEF82UL, - 0x8C96FDADUL, 0x5D2C2AAEUL, 0x8EE99A49UL, 0x50DA88B8UL, - 0x8427F4A0UL, 0x1EAC5790UL, 0x796FB449UL, 0x8252DC15UL, - 0xEFBD7D9BUL, 0xA672597DUL, 0xADA840D8UL, 0x45F54504UL, - 0xFA5D7403UL, 0xE83EC305UL, 0x4F91751AUL, 0x925669C2UL, - 0x23EFE941UL, 0xA903F12EUL, 0x60270DF2UL, 0x0276E4B6UL, - 0x94FD6574UL, 0x927985B2UL, 0x8276DBCBUL, 0x02778176UL, - 0xF8AF918DUL, 0x4E48F79EUL, 0x8F616DDFUL, 0xE29D840EUL, - 0x842F7D83UL, 0x340CE5C8UL, 0x96BBB682UL, 0x93B4B148UL, - 0xEF303CABUL, 0x984FAF28UL, 0x779FAF9BUL, 0x92DC560DUL, - 0x224D1E20UL, 0x8437AA88UL, 0x7D29DC96UL, 0x2756D3DCUL, - 0x8B907CEEUL, 0xB51FD240UL, 0xE7C07CE3UL, 0xE566B4A1UL, - 0xC3E9615EUL, 0x3CF8209DUL, 0x6094D1E3UL, 0xCD9CA341UL, - 0x5C76460EUL, 0x00EA983BUL, 0xD4D67881UL, 0xFD47572CUL, - 0xF76CEDD9UL, 0xBDA8229CUL, 0x127DADAAUL, 0x438A074EUL, - 0x1F97C090UL, 0x081BDB8AUL, 0x93A07EBEUL, 0xB938CA15UL, - 0x97B03CFFUL, 0x3DC2C0F8UL, 0x8D1AB2ECUL, 0x64380E51UL, - 0x68CC7BFBUL, 0xD90F2788UL, 0x12490181UL, 0x5DE5FFD4UL, - 0xDD7EF86AUL, 0x76A2E214UL, 0xB9A40368UL, 0x925D958FUL, - 0x4B39FFFAUL, 0xBA39AEE9UL, 0xA4FFD30BUL, 0xFAF7933BUL, - 0x6D498623UL, 0x193CBCFAUL, 0x27627545UL, 0x825CF47AUL, - 0x61BD8BA0UL, 0xD11E42D1UL, 0xCEAD04F4UL, 0x127EA392UL, - 0x10428DB7UL, 0x8272A972UL, 0x9270C4A8UL, 0x127DE50BUL, - 0x285BA1C8UL, 0x3C62F44FUL, 0x35C0EAA5UL, 0xE805D231UL, - 0x428929FBUL, 0xB4FCDF82UL, 0x4FB66A53UL, 0x0E7DC15BUL, - 0x1F081FABUL, 0x108618AEUL, 0xFCFD086DUL, 0xF9FF2889UL, - 0x694BCC11UL, 0x236A5CAEUL, 0x12DECA4DUL, 0x2C3F8CC5UL, - 0xD2D02DFEUL, 0xF8EF5896UL, 0xE4CF52DAUL, 0x95155B67UL, - 0x494A488CUL, 0xB9B6A80CUL, 0x5C8F82BCUL, 0x89D36B45UL, - 0x3A609437UL, 0xEC00C9A9UL, 0x44715253UL, 0x0A874B49UL, - 0xD773BC40UL, 0x7C34671CUL, 0x02717EF6UL, 0x4FEB5536UL, - 0xA2D02FFFUL, 0xD2BF60C4UL, 0xD43F03C0UL, 0x50B4EF6DUL, - 0x07478CD1UL, 0x006E1888UL, 0xA2E53F55UL, 0xB9E6D4BCUL, - 0xA2048016UL, 0x97573833UL, 0xD7207D67UL, 0xDE0F8F3DUL, - 0x72F87B33UL, 0xABCC4F33UL, 0x7688C55DUL, 0x7B00A6B0UL, - 0x947B0001UL, 0x570075D2UL, 0xF9BB88F8UL, 0x8942019EUL, - 0x4264A5FFUL, 0x856302E0UL, 0x72DBD92BUL, 0xEE971B69UL, - 0x6EA22FDEUL, 0x5F08AE2BUL, 0xAF7A616DUL, 0xE5C98767UL, - 0xCF1FEBD2UL, 0x61EFC8C2UL, 0xF1AC2571UL, 0xCC8239C2UL, - 0x67214CB8UL, 0xB1E583D1UL, 0xB7DC3E62UL, 0x7F10BDCEUL, - 0xF90A5C38UL, 0x0FF0443DUL, 0x606E6DC6UL, 0x60543A49UL, - 0x5727C148UL, 0x2BE98A1DUL, 0x8AB41738UL, 0x20E1BE24UL, - 0xAF96DA0FUL, 0x68458425UL, 0x99833BE5UL, 0x600D457DUL, - 0x282F9350UL, 0x8334B362UL, 0xD91D1120UL, 0x2B6D8DA0UL, - 0x642B1E31UL, 0x9C305A00UL, 0x52BCE688UL, 0x1B03588AUL, - 0xF7BAEFD5UL, 0x4142ED9CUL, 0xA4315C11UL, 0x83323EC5UL, - 0xDFEF4636UL, 0xA133C501UL, 0xE9D3531CUL, 0xEE353783UL -}, - -{ - 0x9DB30420UL, 0x1FB6E9DEUL, 0xA7BE7BEFUL, 0xD273A298UL, - 0x4A4F7BDBUL, 0x64AD8C57UL, 0x85510443UL, 0xFA020ED1UL, - 0x7E287AFFUL, 0xE60FB663UL, 0x095F35A1UL, 0x79EBF120UL, - 0xFD059D43UL, 0x6497B7B1UL, 0xF3641F63UL, 0x241E4ADFUL, - 0x28147F5FUL, 0x4FA2B8CDUL, 0xC9430040UL, 0x0CC32220UL, - 0xFDD30B30UL, 0xC0A5374FUL, 0x1D2D00D9UL, 0x24147B15UL, - 0xEE4D111AUL, 0x0FCA5167UL, 0x71FF904CUL, 0x2D195FFEUL, - 0x1A05645FUL, 0x0C13FEFEUL, 0x081B08CAUL, 0x05170121UL, - 0x80530100UL, 0xE83E5EFEUL, 0xAC9AF4F8UL, 0x7FE72701UL, - 0xD2B8EE5FUL, 0x06DF4261UL, 0xBB9E9B8AUL, 0x7293EA25UL, - 0xCE84FFDFUL, 0xF5718801UL, 0x3DD64B04UL, 0xA26F263BUL, - 0x7ED48400UL, 0x547EEBE6UL, 0x446D4CA0UL, 0x6CF3D6F5UL, - 0x2649ABDFUL, 0xAEA0C7F5UL, 0x36338CC1UL, 0x503F7E93UL, - 0xD3772061UL, 0x11B638E1UL, 0x72500E03UL, 0xF80EB2BBUL, - 0xABE0502EUL, 0xEC8D77DEUL, 0x57971E81UL, 0xE14F6746UL, - 0xC9335400UL, 0x6920318FUL, 0x081DBB99UL, 0xFFC304A5UL, - 0x4D351805UL, 0x7F3D5CE3UL, 0xA6C866C6UL, 0x5D5BCCA9UL, - 0xDAEC6FEAUL, 0x9F926F91UL, 0x9F46222FUL, 0x3991467DUL, - 0xA5BF6D8EUL, 0x1143C44FUL, 0x43958302UL, 0xD0214EEBUL, - 0x022083B8UL, 0x3FB6180CUL, 0x18F8931EUL, 0x281658E6UL, - 0x26486E3EUL, 0x8BD78A70UL, 0x7477E4C1UL, 0xB506E07CUL, - 0xF32D0A25UL, 0x79098B02UL, 0xE4EABB81UL, 0x28123B23UL, - 0x69DEAD38UL, 0x1574CA16UL, 0xDF871B62UL, 0x211C40B7UL, - 0xA51A9EF9UL, 0x0014377BUL, 0x041E8AC8UL, 0x09114003UL, - 0xBD59E4D2UL, 0xE3D156D5UL, 0x4FE876D5UL, 0x2F91A340UL, - 0x557BE8DEUL, 0x00EAE4A7UL, 0x0CE5C2ECUL, 0x4DB4BBA6UL, - 0xE756BDFFUL, 0xDD3369ACUL, 0xEC17B035UL, 0x06572327UL, - 0x99AFC8B0UL, 0x56C8C391UL, 0x6B65811CUL, 0x5E146119UL, - 0x6E85CB75UL, 0xBE07C002UL, 0xC2325577UL, 0x893FF4ECUL, - 0x5BBFC92DUL, 0xD0EC3B25UL, 0xB7801AB7UL, 0x8D6D3B24UL, - 0x20C763EFUL, 0xC366A5FCUL, 0x9C382880UL, 0x0ACE3205UL, - 0xAAC9548AUL, 0xECA1D7C7UL, 0x041AFA32UL, 0x1D16625AUL, - 0x6701902CUL, 0x9B757A54UL, 0x31D477F7UL, 0x9126B031UL, - 0x36CC6FDBUL, 0xC70B8B46UL, 0xD9E66A48UL, 0x56E55A79UL, - 0x026A4CEBUL, 0x52437EFFUL, 0x2F8F76B4UL, 0x0DF980A5UL, - 0x8674CDE3UL, 0xEDDA04EBUL, 0x17A9BE04UL, 0x2C18F4DFUL, - 0xB7747F9DUL, 0xAB2AF7B4UL, 0xEFC34D20UL, 0x2E096B7CUL, - 0x1741A254UL, 0xE5B6A035UL, 0x213D42F6UL, 0x2C1C7C26UL, - 0x61C2F50FUL, 0x6552DAF9UL, 0xD2C231F8UL, 0x25130F69UL, - 0xD8167FA2UL, 0x0418F2C8UL, 0x001A96A6UL, 0x0D1526ABUL, - 0x63315C21UL, 0x5E0A72ECUL, 0x49BAFEFDUL, 0x187908D9UL, - 0x8D0DBD86UL, 0x311170A7UL, 0x3E9B640CUL, 0xCC3E10D7UL, - 0xD5CAD3B6UL, 0x0CAEC388UL, 0xF73001E1UL, 0x6C728AFFUL, - 0x71EAE2A1UL, 0x1F9AF36EUL, 0xCFCBD12FUL, 0xC1DE8417UL, - 0xAC07BE6BUL, 0xCB44A1D8UL, 0x8B9B0F56UL, 0x013988C3UL, - 0xB1C52FCAUL, 0xB4BE31CDUL, 0xD8782806UL, 0x12A3A4E2UL, - 0x6F7DE532UL, 0x58FD7EB6UL, 0xD01EE900UL, 0x24ADFFC2UL, - 0xF4990FC5UL, 0x9711AAC5UL, 0x001D7B95UL, 0x82E5E7D2UL, - 0x109873F6UL, 0x00613096UL, 0xC32D9521UL, 0xADA121FFUL, - 0x29908415UL, 0x7FBB977FUL, 0xAF9EB3DBUL, 0x29C9ED2AUL, - 0x5CE2A465UL, 0xA730F32CUL, 0xD0AA3FE8UL, 0x8A5CC091UL, - 0xD49E2CE7UL, 0x0CE454A9UL, 0xD60ACD86UL, 0x015F1919UL, - 0x77079103UL, 0xDEA03AF6UL, 0x78A8565EUL, 0xDEE356DFUL, - 0x21F05CBEUL, 0x8B75E387UL, 0xB3C50651UL, 0xB8A5C3EFUL, - 0xD8EEB6D2UL, 0xE523BE77UL, 0xC2154529UL, 0x2F69EFDFUL, - 0xAFE67AFBUL, 0xF470C4B2UL, 0xF3E0EB5BUL, 0xD6CC9876UL, - 0x39E4460CUL, 0x1FDA8538UL, 0x1987832FUL, 0xCA007367UL, - 0xA99144F8UL, 0x296B299EUL, 0x492FC295UL, 0x9266BEABUL, - 0xB5676E69UL, 0x9BD3DDDAUL, 0xDF7E052FUL, 0xDB25701CUL, - 0x1B5E51EEUL, 0xF65324E6UL, 0x6AFCE36CUL, 0x0316CC04UL, - 0x8644213EUL, 0xB7DC59D0UL, 0x7965291FUL, 0xCCD6FD43UL, - 0x41823979UL, 0x932BCDF6UL, 0xB657C34DUL, 0x4EDFD282UL, - 0x7AE5290CUL, 0x3CB9536BUL, 0x851E20FEUL, 0x9833557EUL, - 0x13ECF0B0UL, 0xD3FFB372UL, 0x3F85C5C1UL, 0x0AEF7ED2UL -}, - -{ - 0x7EC90C04UL, 0x2C6E74B9UL, 0x9B0E66DFUL, 0xA6337911UL, - 0xB86A7FFFUL, 0x1DD358F5UL, 0x44DD9D44UL, 0x1731167FUL, - 0x08FBF1FAUL, 0xE7F511CCUL, 0xD2051B00UL, 0x735ABA00UL, - 0x2AB722D8UL, 0x386381CBUL, 0xACF6243AUL, 0x69BEFD7AUL, - 0xE6A2E77FUL, 0xF0C720CDUL, 0xC4494816UL, 0xCCF5C180UL, - 0x38851640UL, 0x15B0A848UL, 0xE68B18CBUL, 0x4CAADEFFUL, - 0x5F480A01UL, 0x0412B2AAUL, 0x259814FCUL, 0x41D0EFE2UL, - 0x4E40B48DUL, 0x248EB6FBUL, 0x8DBA1CFEUL, 0x41A99B02UL, - 0x1A550A04UL, 0xBA8F65CBUL, 0x7251F4E7UL, 0x95A51725UL, - 0xC106ECD7UL, 0x97A5980AUL, 0xC539B9AAUL, 0x4D79FE6AUL, - 0xF2F3F763UL, 0x68AF8040UL, 0xED0C9E56UL, 0x11B4958BUL, - 0xE1EB5A88UL, 0x8709E6B0UL, 0xD7E07156UL, 0x4E29FEA7UL, - 0x6366E52DUL, 0x02D1C000UL, 0xC4AC8E05UL, 0x9377F571UL, - 0x0C05372AUL, 0x578535F2UL, 0x2261BE02UL, 0xD642A0C9UL, - 0xDF13A280UL, 0x74B55BD2UL, 0x682199C0UL, 0xD421E5ECUL, - 0x53FB3CE8UL, 0xC8ADEDB3UL, 0x28A87FC9UL, 0x3D959981UL, - 0x5C1FF900UL, 0xFE38D399UL, 0x0C4EFF0BUL, 0x062407EAUL, - 0xAA2F4FB1UL, 0x4FB96976UL, 0x90C79505UL, 0xB0A8A774UL, - 0xEF55A1FFUL, 0xE59CA2C2UL, 0xA6B62D27UL, 0xE66A4263UL, - 0xDF65001FUL, 0x0EC50966UL, 0xDFDD55BCUL, 0x29DE0655UL, - 0x911E739AUL, 0x17AF8975UL, 0x32C7911CUL, 0x89F89468UL, - 0x0D01E980UL, 0x524755F4UL, 0x03B63CC9UL, 0x0CC844B2UL, - 0xBCF3F0AAUL, 0x87AC36E9UL, 0xE53A7426UL, 0x01B3D82BUL, - 0x1A9E7449UL, 0x64EE2D7EUL, 0xCDDBB1DAUL, 0x01C94910UL, - 0xB868BF80UL, 0x0D26F3FDUL, 0x9342EDE7UL, 0x04A5C284UL, - 0x636737B6UL, 0x50F5B616UL, 0xF24766E3UL, 0x8ECA36C1UL, - 0x136E05DBUL, 0xFEF18391UL, 0xFB887A37UL, 0xD6E7F7D4UL, - 0xC7FB7DC9UL, 0x3063FCDFUL, 0xB6F589DEUL, 0xEC2941DAUL, - 0x26E46695UL, 0xB7566419UL, 0xF654EFC5UL, 0xD08D58B7UL, - 0x48925401UL, 0xC1BACB7FUL, 0xE5FF550FUL, 0xB6083049UL, - 0x5BB5D0E8UL, 0x87D72E5AUL, 0xAB6A6EE1UL, 0x223A66CEUL, - 0xC62BF3CDUL, 0x9E0885F9UL, 0x68CB3E47UL, 0x086C010FUL, - 0xA21DE820UL, 0xD18B69DEUL, 0xF3F65777UL, 0xFA02C3F6UL, - 0x407EDAC3UL, 0xCBB3D550UL, 0x1793084DUL, 0xB0D70EBAUL, - 0x0AB378D5UL, 0xD951FB0CUL, 0xDED7DA56UL, 0x4124BBE4UL, - 0x94CA0B56UL, 0x0F5755D1UL, 0xE0E1E56EUL, 0x6184B5BEUL, - 0x580A249FUL, 0x94F74BC0UL, 0xE327888EUL, 0x9F7B5561UL, - 0xC3DC0280UL, 0x05687715UL, 0x646C6BD7UL, 0x44904DB3UL, - 0x66B4F0A3UL, 0xC0F1648AUL, 0x697ED5AFUL, 0x49E92FF6UL, - 0x309E374FUL, 0x2CB6356AUL, 0x85808573UL, 0x4991F840UL, - 0x76F0AE02UL, 0x083BE84DUL, 0x28421C9AUL, 0x44489406UL, - 0x736E4CB8UL, 0xC1092910UL, 0x8BC95FC6UL, 0x7D869CF4UL, - 0x134F616FUL, 0x2E77118DUL, 0xB31B2BE1UL, 0xAA90B472UL, - 0x3CA5D717UL, 0x7D161BBAUL, 0x9CAD9010UL, 0xAF462BA2UL, - 0x9FE459D2UL, 0x45D34559UL, 0xD9F2DA13UL, 0xDBC65487UL, - 0xF3E4F94EUL, 0x176D486FUL, 0x097C13EAUL, 0x631DA5C7UL, - 0x445F7382UL, 0x175683F4UL, 0xCDC66A97UL, 0x70BE0288UL, - 0xB3CDCF72UL, 0x6E5DD2F3UL, 0x20936079UL, 0x459B80A5UL, - 0xBE60E2DBUL, 0xA9C23101UL, 0xEBA5315CUL, 0x224E42F2UL, - 0x1C5C1572UL, 0xF6721B2CUL, 0x1AD2FFF3UL, 0x8C25404EUL, - 0x324ED72FUL, 0x4067B7FDUL, 0x0523138EUL, 0x5CA3BC78UL, - 0xDC0FD66EUL, 0x75922283UL, 0x784D6B17UL, 0x58EBB16EUL, - 0x44094F85UL, 0x3F481D87UL, 0xFCFEAE7BUL, 0x77B5FF76UL, - 0x8C2302BFUL, 0xAAF47556UL, 0x5F46B02AUL, 0x2B092801UL, - 0x3D38F5F7UL, 0x0CA81F36UL, 0x52AF4A8AUL, 0x66D5E7C0UL, - 0xDF3B0874UL, 0x95055110UL, 0x1B5AD7A8UL, 0xF61ED5ADUL, - 0x6CF6E479UL, 0x20758184UL, 0xD0CEFA65UL, 0x88F7BE58UL, - 0x4A046826UL, 0x0FF6F8F3UL, 0xA09C7F70UL, 0x5346ABA0UL, - 0x5CE96C28UL, 0xE176EDA3UL, 0x6BAC307FUL, 0x376829D2UL, - 0x85360FA9UL, 0x17E3FE2AUL, 0x24B79767UL, 0xF5A96B20UL, - 0xD6CD2595UL, 0x68FF1EBFUL, 0x7555442CUL, 0xF19F06BEUL, - 0xF9E0659AUL, 0xEEB9491DUL, 0x34010718UL, 0xBB30CAB8UL, - 0xE822FE15UL, 0x88570983UL, 0x750E6249UL, 0xDA627E55UL, - 0x5E76FFA8UL, 0xB1534546UL, 0x6D47DE08UL, 0xEFE9E7D4UL -}, - -{ - 0xF6FA8F9DUL, 0x2CAC6CE1UL, 0x4CA34867UL, 0xE2337F7CUL, - 0x95DB08E7UL, 0x016843B4UL, 0xECED5CBCUL, 0x325553ACUL, - 0xBF9F0960UL, 0xDFA1E2EDUL, 0x83F0579DUL, 0x63ED86B9UL, - 0x1AB6A6B8UL, 0xDE5EBE39UL, 0xF38FF732UL, 0x8989B138UL, - 0x33F14961UL, 0xC01937BDUL, 0xF506C6DAUL, 0xE4625E7EUL, - 0xA308EA99UL, 0x4E23E33CUL, 0x79CBD7CCUL, 0x48A14367UL, - 0xA3149619UL, 0xFEC94BD5UL, 0xA114174AUL, 0xEAA01866UL, - 0xA084DB2DUL, 0x09A8486FUL, 0xA888614AUL, 0x2900AF98UL, - 0x01665991UL, 0xE1992863UL, 0xC8F30C60UL, 0x2E78EF3CUL, - 0xD0D51932UL, 0xCF0FEC14UL, 0xF7CA07D2UL, 0xD0A82072UL, - 0xFD41197EUL, 0x9305A6B0UL, 0xE86BE3DAUL, 0x74BED3CDUL, - 0x372DA53CUL, 0x4C7F4448UL, 0xDAB5D440UL, 0x6DBA0EC3UL, - 0x083919A7UL, 0x9FBAEED9UL, 0x49DBCFB0UL, 0x4E670C53UL, - 0x5C3D9C01UL, 0x64BDB941UL, 0x2C0E636AUL, 0xBA7DD9CDUL, - 0xEA6F7388UL, 0xE70BC762UL, 0x35F29ADBUL, 0x5C4CDD8DUL, - 0xF0D48D8CUL, 0xB88153E2UL, 0x08A19866UL, 0x1AE2EAC8UL, - 0x284CAF89UL, 0xAA928223UL, 0x9334BE53UL, 0x3B3A21BFUL, - 0x16434BE3UL, 0x9AEA3906UL, 0xEFE8C36EUL, 0xF890CDD9UL, - 0x80226DAEUL, 0xC340A4A3UL, 0xDF7E9C09UL, 0xA694A807UL, - 0x5B7C5ECCUL, 0x221DB3A6UL, 0x9A69A02FUL, 0x68818A54UL, - 0xCEB2296FUL, 0x53C0843AUL, 0xFE893655UL, 0x25BFE68AUL, - 0xB4628ABCUL, 0xCF222EBFUL, 0x25AC6F48UL, 0xA9A99387UL, - 0x53BDDB65UL, 0xE76FFBE7UL, 0xE967FD78UL, 0x0BA93563UL, - 0x8E342BC1UL, 0xE8A11BE9UL, 0x4980740DUL, 0xC8087DFCUL, - 0x8DE4BF99UL, 0xA11101A0UL, 0x7FD37975UL, 0xDA5A26C0UL, - 0xE81F994FUL, 0x9528CD89UL, 0xFD339FEDUL, 0xB87834BFUL, - 0x5F04456DUL, 0x22258698UL, 0xC9C4C83BUL, 0x2DC156BEUL, - 0x4F628DAAUL, 0x57F55EC5UL, 0xE2220ABEUL, 0xD2916EBFUL, - 0x4EC75B95UL, 0x24F2C3C0UL, 0x42D15D99UL, 0xCD0D7FA0UL, - 0x7B6E27FFUL, 0xA8DC8AF0UL, 0x7345C106UL, 0xF41E232FUL, - 0x35162386UL, 0xE6EA8926UL, 0x3333B094UL, 0x157EC6F2UL, - 0x372B74AFUL, 0x692573E4UL, 0xE9A9D848UL, 0xF3160289UL, - 0x3A62EF1DUL, 0xA787E238UL, 0xF3A5F676UL, 0x74364853UL, - 0x20951063UL, 0x4576698DUL, 0xB6FAD407UL, 0x592AF950UL, - 0x36F73523UL, 0x4CFB6E87UL, 0x7DA4CEC0UL, 0x6C152DAAUL, - 0xCB0396A8UL, 0xC50DFE5DUL, 0xFCD707ABUL, 0x0921C42FUL, - 0x89DFF0BBUL, 0x5FE2BE78UL, 0x448F4F33UL, 0x754613C9UL, - 0x2B05D08DUL, 0x48B9D585UL, 0xDC049441UL, 0xC8098F9BUL, - 0x7DEDE786UL, 0xC39A3373UL, 0x42410005UL, 0x6A091751UL, - 0x0EF3C8A6UL, 0x890072D6UL, 0x28207682UL, 0xA9A9F7BEUL, - 0xBF32679DUL, 0xD45B5B75UL, 0xB353FD00UL, 0xCBB0E358UL, - 0x830F220AUL, 0x1F8FB214UL, 0xD372CF08UL, 0xCC3C4A13UL, - 0x8CF63166UL, 0x061C87BEUL, 0x88C98F88UL, 0x6062E397UL, - 0x47CF8E7AUL, 0xB6C85283UL, 0x3CC2ACFBUL, 0x3FC06976UL, - 0x4E8F0252UL, 0x64D8314DUL, 0xDA3870E3UL, 0x1E665459UL, - 0xC10908F0UL, 0x513021A5UL, 0x6C5B68B7UL, 0x822F8AA0UL, - 0x3007CD3EUL, 0x74719EEFUL, 0xDC872681UL, 0x073340D4UL, - 0x7E432FD9UL, 0x0C5EC241UL, 0x8809286CUL, 0xF592D891UL, - 0x08A930F6UL, 0x957EF305UL, 0xB7FBFFBDUL, 0xC266E96FUL, - 0x6FE4AC98UL, 0xB173ECC0UL, 0xBC60B42AUL, 0x953498DAUL, - 0xFBA1AE12UL, 0x2D4BD736UL, 0x0F25FAABUL, 0xA4F3FCEBUL, - 0xE2969123UL, 0x257F0C3DUL, 0x9348AF49UL, 0x361400BCUL, - 0xE8816F4AUL, 0x3814F200UL, 0xA3F94043UL, 0x9C7A54C2UL, - 0xBC704F57UL, 0xDA41E7F9UL, 0xC25AD33AUL, 0x54F4A084UL, - 0xB17F5505UL, 0x59357CBEUL, 0xEDBD15C8UL, 0x7F97C5ABUL, - 0xBA5AC7B5UL, 0xB6F6DEAFUL, 0x3A479C3AUL, 0x5302DA25UL, - 0x653D7E6AUL, 0x54268D49UL, 0x51A477EAUL, 0x5017D55BUL, - 0xD7D25D88UL, 0x44136C76UL, 0x0404A8C8UL, 0xB8E5A121UL, - 0xB81A928AUL, 0x60ED5869UL, 0x97C55B96UL, 0xEAEC991BUL, - 0x29935913UL, 0x01FDB7F1UL, 0x088E8DFAUL, 0x9AB6F6F5UL, - 0x3B4CBF9FUL, 0x4A5DE3ABUL, 0xE6051D35UL, 0xA0E1D855UL, - 0xD36B4CF1UL, 0xF544EDEBUL, 0xB0E93524UL, 0xBEBB8FBDUL, - 0xA2D762CFUL, 0x49C92F54UL, 0x38B5F331UL, 0x7128A454UL, - 0x48392905UL, 0xA65B1DB8UL, 0x851C97BDUL, 0xD675CF2FUL -}, - -{ - 0x85E04019UL, 0x332BF567UL, 0x662DBFFFUL, 0xCFC65693UL, - 0x2A8D7F6FUL, 0xAB9BC912UL, 0xDE6008A1UL, 0x2028DA1FUL, - 0x0227BCE7UL, 0x4D642916UL, 0x18FAC300UL, 0x50F18B82UL, - 0x2CB2CB11UL, 0xB232E75CUL, 0x4B3695F2UL, 0xB28707DEUL, - 0xA05FBCF6UL, 0xCD4181E9UL, 0xE150210CUL, 0xE24EF1BDUL, - 0xB168C381UL, 0xFDE4E789UL, 0x5C79B0D8UL, 0x1E8BFD43UL, - 0x4D495001UL, 0x38BE4341UL, 0x913CEE1DUL, 0x92A79C3FUL, - 0x089766BEUL, 0xBAEEADF4UL, 0x1286BECFUL, 0xB6EACB19UL, - 0x2660C200UL, 0x7565BDE4UL, 0x64241F7AUL, 0x8248DCA9UL, - 0xC3B3AD66UL, 0x28136086UL, 0x0BD8DFA8UL, 0x356D1CF2UL, - 0x107789BEUL, 0xB3B2E9CEUL, 0x0502AA8FUL, 0x0BC0351EUL, - 0x166BF52AUL, 0xEB12FF82UL, 0xE3486911UL, 0xD34D7516UL, - 0x4E7B3AFFUL, 0x5F43671BUL, 0x9CF6E037UL, 0x4981AC83UL, - 0x334266CEUL, 0x8C9341B7UL, 0xD0D854C0UL, 0xCB3A6C88UL, - 0x47BC2829UL, 0x4725BA37UL, 0xA66AD22BUL, 0x7AD61F1EUL, - 0x0C5CBAFAUL, 0x4437F107UL, 0xB6E79962UL, 0x42D2D816UL, - 0x0A961288UL, 0xE1A5C06EUL, 0x13749E67UL, 0x72FC081AUL, - 0xB1D139F7UL, 0xF9583745UL, 0xCF19DF58UL, 0xBEC3F756UL, - 0xC06EBA30UL, 0x07211B24UL, 0x45C28829UL, 0xC95E317FUL, - 0xBC8EC511UL, 0x38BC46E9UL, 0xC6E6FA14UL, 0xBAE8584AUL, - 0xAD4EBC46UL, 0x468F508BUL, 0x7829435FUL, 0xF124183BUL, - 0x821DBA9FUL, 0xAFF60FF4UL, 0xEA2C4E6DUL, 0x16E39264UL, - 0x92544A8BUL, 0x009B4FC3UL, 0xABA68CEDUL, 0x9AC96F78UL, - 0x06A5B79AUL, 0xB2856E6EUL, 0x1AEC3CA9UL, 0xBE838688UL, - 0x0E0804E9UL, 0x55F1BE56UL, 0xE7E5363BUL, 0xB3A1F25DUL, - 0xF7DEBB85UL, 0x61FE033CUL, 0x16746233UL, 0x3C034C28UL, - 0xDA6D0C74UL, 0x79AAC56CUL, 0x3CE4E1ADUL, 0x51F0C802UL, - 0x98F8F35AUL, 0x1626A49FUL, 0xEED82B29UL, 0x1D382FE3UL, - 0x0C4FB99AUL, 0xBB325778UL, 0x3EC6D97BUL, 0x6E77A6A9UL, - 0xCB658B5CUL, 0xD45230C7UL, 0x2BD1408BUL, 0x60C03EB7UL, - 0xB9068D78UL, 0xA33754F4UL, 0xF430C87DUL, 0xC8A71302UL, - 0xB96D8C32UL, 0xEBD4E7BEUL, 0xBE8B9D2DUL, 0x7979FB06UL, - 0xE7225308UL, 0x8B75CF77UL, 0x11EF8DA4UL, 0xE083C858UL, - 0x8D6B786FUL, 0x5A6317A6UL, 0xFA5CF7A0UL, 0x5DDA0033UL, - 0xF28EBFB0UL, 0xF5B9C310UL, 0xA0EAC280UL, 0x08B9767AUL, - 0xA3D9D2B0UL, 0x79D34217UL, 0x021A718DUL, 0x9AC6336AUL, - 0x2711FD60UL, 0x438050E3UL, 0x069908A8UL, 0x3D7FEDC4UL, - 0x826D2BEFUL, 0x4EEB8476UL, 0x488DCF25UL, 0x36C9D566UL, - 0x28E74E41UL, 0xC2610ACAUL, 0x3D49A9CFUL, 0xBAE3B9DFUL, - 0xB65F8DE6UL, 0x92AEAF64UL, 0x3AC7D5E6UL, 0x9EA80509UL, - 0xF22B017DUL, 0xA4173F70UL, 0xDD1E16C3UL, 0x15E0D7F9UL, - 0x50B1B887UL, 0x2B9F4FD5UL, 0x625ABA82UL, 0x6A017962UL, - 0x2EC01B9CUL, 0x15488AA9UL, 0xD716E740UL, 0x40055A2CUL, - 0x93D29A22UL, 0xE32DBF9AUL, 0x058745B9UL, 0x3453DC1EUL, - 0xD699296EUL, 0x496CFF6FUL, 0x1C9F4986UL, 0xDFE2ED07UL, - 0xB87242D1UL, 0x19DE7EAEUL, 0x053E561AUL, 0x15AD6F8CUL, - 0x66626C1CUL, 0x7154C24CUL, 0xEA082B2AUL, 0x93EB2939UL, - 0x17DCB0F0UL, 0x58D4F2AEUL, 0x9EA294FBUL, 0x52CF564CUL, - 0x9883FE66UL, 0x2EC40581UL, 0x763953C3UL, 0x01D6692EUL, - 0xD3A0C108UL, 0xA1E7160EUL, 0xE4F2DFA6UL, 0x693ED285UL, - 0x74904698UL, 0x4C2B0EDDUL, 0x4F757656UL, 0x5D393378UL, - 0xA132234FUL, 0x3D321C5DUL, 0xC3F5E194UL, 0x4B269301UL, - 0xC79F022FUL, 0x3C997E7EUL, 0x5E4F9504UL, 0x3FFAFBBDUL, - 0x76F7AD0EUL, 0x296693F4UL, 0x3D1FCE6FUL, 0xC61E45BEUL, - 0xD3B5AB34UL, 0xF72BF9B7UL, 0x1B0434C0UL, 0x4E72B567UL, - 0x5592A33DUL, 0xB5229301UL, 0xCFD2A87FUL, 0x60AEB767UL, - 0x1814386BUL, 0x30BCC33DUL, 0x38A0C07DUL, 0xFD1606F2UL, - 0xC363519BUL, 0x589DD390UL, 0x5479F8E6UL, 0x1CB8D647UL, - 0x97FD61A9UL, 0xEA7759F4UL, 0x2D57539DUL, 0x569A58CFUL, - 0xE84E63ADUL, 0x462E1B78UL, 0x6580F87EUL, 0xF3817914UL, - 0x91DA55F4UL, 0x40A230F3UL, 0xD1988F35UL, 0xB6E318D2UL, - 0x3FFA50BCUL, 0x3D40F021UL, 0xC3C0BDAEUL, 0x4958C24CUL, - 0x518F36B2UL, 0x84B1D370UL, 0x0FEDCE83UL, 0x878DDADAUL, - 0xF2A279C7UL, 0x94E01BE8UL, 0x90716F4BUL, 0x954B8AA3UL -}, - -{ - 0xE216300DUL, 0xBBDDFFFCUL, 0xA7EBDABDUL, 0x35648095UL, - 0x7789F8B7UL, 0xE6C1121BUL, 0x0E241600UL, 0x052CE8B5UL, - 0x11A9CFB0UL, 0xE5952F11UL, 0xECE7990AUL, 0x9386D174UL, - 0x2A42931CUL, 0x76E38111UL, 0xB12DEF3AUL, 0x37DDDDFCUL, - 0xDE9ADEB1UL, 0x0A0CC32CUL, 0xBE197029UL, 0x84A00940UL, - 0xBB243A0FUL, 0xB4D137CFUL, 0xB44E79F0UL, 0x049EEDFDUL, - 0x0B15A15DUL, 0x480D3168UL, 0x8BBBDE5AUL, 0x669DED42UL, - 0xC7ECE831UL, 0x3F8F95E7UL, 0x72DF191BUL, 0x7580330DUL, - 0x94074251UL, 0x5C7DCDFAUL, 0xABBE6D63UL, 0xAA402164UL, - 0xB301D40AUL, 0x02E7D1CAUL, 0x53571DAEUL, 0x7A3182A2UL, - 0x12A8DDECUL, 0xFDAA335DUL, 0x176F43E8UL, 0x71FB46D4UL, - 0x38129022UL, 0xCE949AD4UL, 0xB84769ADUL, 0x965BD862UL, - 0x82F3D055UL, 0x66FB9767UL, 0x15B80B4EUL, 0x1D5B47A0UL, - 0x4CFDE06FUL, 0xC28EC4B8UL, 0x57E8726EUL, 0x647A78FCUL, - 0x99865D44UL, 0x608BD593UL, 0x6C200E03UL, 0x39DC5FF6UL, - 0x5D0B00A3UL, 0xAE63AFF2UL, 0x7E8BD632UL, 0x70108C0CUL, - 0xBBD35049UL, 0x2998DF04UL, 0x980CF42AUL, 0x9B6DF491UL, - 0x9E7EDD53UL, 0x06918548UL, 0x58CB7E07UL, 0x3B74EF2EUL, - 0x522FFFB1UL, 0xD24708CCUL, 0x1C7E27CDUL, 0xA4EB215BUL, - 0x3CF1D2E2UL, 0x19B47A38UL, 0x424F7618UL, 0x35856039UL, - 0x9D17DEE7UL, 0x27EB35E6UL, 0xC9AFF67BUL, 0x36BAF5B8UL, - 0x09C467CDUL, 0xC18910B1UL, 0xE11DBF7BUL, 0x06CD1AF8UL, - 0x7170C608UL, 0x2D5E3354UL, 0xD4DE495AUL, 0x64C6D006UL, - 0xBCC0C62CUL, 0x3DD00DB3UL, 0x708F8F34UL, 0x77D51B42UL, - 0x264F620FUL, 0x24B8D2BFUL, 0x15C1B79EUL, 0x46A52564UL, - 0xF8D7E54EUL, 0x3E378160UL, 0x7895CDA5UL, 0x859C15A5UL, - 0xE6459788UL, 0xC37BC75FUL, 0xDB07BA0CUL, 0x0676A3ABUL, - 0x7F229B1EUL, 0x31842E7BUL, 0x24259FD7UL, 0xF8BEF472UL, - 0x835FFCB8UL, 0x6DF4C1F2UL, 0x96F5B195UL, 0xFD0AF0FCUL, - 0xB0FE134CUL, 0xE2506D3DUL, 0x4F9B12EAUL, 0xF215F225UL, - 0xA223736FUL, 0x9FB4C428UL, 0x25D04979UL, 0x34C713F8UL, - 0xC4618187UL, 0xEA7A6E98UL, 0x7CD16EFCUL, 0x1436876CUL, - 0xF1544107UL, 0xBEDEEE14UL, 0x56E9AF27UL, 0xA04AA441UL, - 0x3CF7C899UL, 0x92ECBAE6UL, 0xDD67016DUL, 0x151682EBUL, - 0xA842EEDFUL, 0xFDBA60B4UL, 0xF1907B75UL, 0x20E3030FUL, - 0x24D8C29EUL, 0xE139673BUL, 0xEFA63FB8UL, 0x71873054UL, - 0xB6F2CF3BUL, 0x9F326442UL, 0xCB15A4CCUL, 0xB01A4504UL, - 0xF1E47D8DUL, 0x844A1BE5UL, 0xBAE7DFDCUL, 0x42CBDA70UL, - 0xCD7DAE0AUL, 0x57E85B7AUL, 0xD53F5AF6UL, 0x20CF4D8CUL, - 0xCEA4D428UL, 0x79D130A4UL, 0x3486EBFBUL, 0x33D3CDDCUL, - 0x77853B53UL, 0x37EFFCB5UL, 0xC5068778UL, 0xE580B3E6UL, - 0x4E68B8F4UL, 0xC5C8B37EUL, 0x0D809EA2UL, 0x398FEB7CUL, - 0x132A4F94UL, 0x43B7950EUL, 0x2FEE7D1CUL, 0x223613BDUL, - 0xDD06CAA2UL, 0x37DF932BUL, 0xC4248289UL, 0xACF3EBC3UL, - 0x5715F6B7UL, 0xEF3478DDUL, 0xF267616FUL, 0xC148CBE4UL, - 0x9052815EUL, 0x5E410FABUL, 0xB48A2465UL, 0x2EDA7FA4UL, - 0xE87B40E4UL, 0xE98EA084UL, 0x5889E9E1UL, 0xEFD390FCUL, - 0xDD07D35BUL, 0xDB485694UL, 0x38D7E5B2UL, 0x57720101UL, - 0x730EDEBCUL, 0x5B643113UL, 0x94917E4FUL, 0x503C2FBAUL, - 0x646F1282UL, 0x7523D24AUL, 0xE0779695UL, 0xF9C17A8FUL, - 0x7A5B2121UL, 0xD187B896UL, 0x29263A4DUL, 0xBA510CDFUL, - 0x81F47C9FUL, 0xAD1163EDUL, 0xEA7B5965UL, 0x1A00726EUL, - 0x11403092UL, 0x00DA6D77UL, 0x4A0CDD61UL, 0xAD1F4603UL, - 0x605BDFB0UL, 0x9EEDC364UL, 0x22EBE6A8UL, 0xCEE7D28AUL, - 0xA0E736A0UL, 0x5564A6B9UL, 0x10853209UL, 0xC7EB8F37UL, - 0x2DE705CAUL, 0x8951570FUL, 0xDF09822BUL, 0xBD691A6CUL, - 0xAA12E4F2UL, 0x87451C0FUL, 0xE0F6A27AUL, 0x3ADA4819UL, - 0x4CF1764FUL, 0x0D771C2BUL, 0x67CDB156UL, 0x350D8384UL, - 0x5938FA0FUL, 0x42399EF3UL, 0x36997B07UL, 0x0E84093DUL, - 0x4AA93E61UL, 0x8360D87BUL, 0x1FA98B0CUL, 0x1149382CUL, - 0xE97625A5UL, 0x0614D1B7UL, 0x0E25244BUL, 0x0C768347UL, - 0x589E8D82UL, 0x0D2059D1UL, 0xA466BB1EUL, 0xF8DA0A82UL, - 0x04F19130UL, 0xBA6E4EC0UL, 0x99265164UL, 0x1EE7230DUL, - 0x50B2AD80UL, 0xEAEE6801UL, 0x8DB2A283UL, 0xEA8BF59EUL -}}; - -NAMESPACE_END diff --git a/cryptopp562/cbcmac.cpp b/cryptopp562/cbcmac.cpp deleted file mode 100644 index 6b0e885..0000000 --- a/cryptopp562/cbcmac.cpp +++ /dev/null @@ -1,62 +0,0 @@ -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "cbcmac.h" - -NAMESPACE_BEGIN(CryptoPP) - -void CBC_MAC_Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) -{ - AccessCipher().SetKey(key, length, params); - m_reg.CleanNew(AccessCipher().BlockSize()); - m_counter = 0; -} - -void CBC_MAC_Base::Update(const byte *input, size_t length) -{ - unsigned int blockSize = AccessCipher().BlockSize(); - - while (m_counter && length) - { - m_reg[m_counter++] ^= *input++; - if (m_counter == blockSize) - ProcessBuf(); - length--; - } - - if (length >= blockSize) - { - size_t leftOver = AccessCipher().AdvancedProcessBlocks(m_reg, input, m_reg, length, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput); - input += (length - leftOver); - length = leftOver; - } - - while (length--) - { - m_reg[m_counter++] ^= *input++; - if (m_counter == blockSize) - ProcessBuf(); - } -} - -void CBC_MAC_Base::TruncatedFinal(byte *mac, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - if (m_counter) - ProcessBuf(); - - memcpy(mac, m_reg, size); - memset(m_reg, 0, AccessCipher().BlockSize()); -} - -void CBC_MAC_Base::ProcessBuf() -{ - AccessCipher().ProcessBlock(m_reg); - m_counter = 0; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cbcmac.h b/cryptopp562/cbcmac.h deleted file mode 100644 index 4675dcb..0000000 --- a/cryptopp562/cbcmac.h +++ /dev/null @@ -1,50 +0,0 @@ -#ifndef CRYPTOPP_CBCMAC_H -#define CRYPTOPP_CBCMAC_H - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_MAC_Base : public MessageAuthenticationCode -{ -public: - CBC_MAC_Base() {} - - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - void Update(const byte *input, size_t length); - void TruncatedFinal(byte *mac, size_t size); - unsigned int DigestSize() const {return const_cast<CBC_MAC_Base*>(this)->AccessCipher().BlockSize();} - -protected: - virtual BlockCipher & AccessCipher() =0; - -private: - void ProcessBuf(); - SecByteBlock m_reg; - unsigned int m_counter; -}; - -//! <a href="http://www.weidai.com/scan-mirror/mac.html#CBC-MAC">CBC-MAC</a> -/*! Compatible with FIPS 113. T should be a class derived from BlockCipherDocumentation. - Secure only for fixed length messages. For variable length messages use CMAC or DMAC. -*/ -template <class T> -class CBC_MAC : public MessageAuthenticationCodeImpl<CBC_MAC_Base, CBC_MAC<T> >, public SameKeyLengthAs<T> -{ -public: - CBC_MAC() {} - CBC_MAC(const byte *key, size_t length=SameKeyLengthAs<T>::DEFAULT_KEYLENGTH) - {this->SetKey(key, length);} - - static std::string StaticAlgorithmName() {return std::string("CBC-MAC(") + T::StaticAlgorithmName() + ")";} - -private: - BlockCipher & AccessCipher() {return m_cipher;} - typename T::Encryption m_cipher; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ccm.cpp b/cryptopp562/ccm.cpp deleted file mode 100644 index 0368787..0000000 --- a/cryptopp562/ccm.cpp +++ /dev/null @@ -1,140 +0,0 @@ -// ccm.cpp - written and placed in the public domain by Wei Dai
-
-#include "pch.h"
-
-#ifndef CRYPTOPP_IMPORTS
-
-#include "ccm.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-void CCM_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms)
-{
- BlockCipher &blockCipher = AccessBlockCipher();
-
- blockCipher.SetKey(userKey, keylength, params);
-
- if (blockCipher.BlockSize() != REQUIRED_BLOCKSIZE)
- throw InvalidArgument(AlgorithmName() + ": block size of underlying block cipher is not 16");
-
- m_digestSize = params.GetIntValueWithDefault(Name::DigestSize(), DefaultDigestSize());
- if (m_digestSize % 2 > 0 || m_digestSize < 4 || m_digestSize > 16)
- throw InvalidArgument(AlgorithmName() + ": DigestSize must be 4, 6, 8, 10, 12, 14, or 16");
-
- m_buffer.Grow(2*REQUIRED_BLOCKSIZE);
- m_L = 8;
-}
-
-void CCM_Base::Resync(const byte *iv, size_t len)
-{
- BlockCipher &cipher = AccessBlockCipher();
-
- m_L = REQUIRED_BLOCKSIZE-1-(int)len;
- assert(m_L >= 2);
- if (m_L > 8)
- m_L = 8;
-
- m_buffer[0] = byte(m_L-1); // flag
- memcpy(m_buffer+1, iv, len);
- memset(m_buffer+1+len, 0, REQUIRED_BLOCKSIZE-1-len);
-
- if (m_state >= State_IVSet)
- m_ctr.Resynchronize(m_buffer, REQUIRED_BLOCKSIZE);
- else
- m_ctr.SetCipherWithIV(cipher, m_buffer);
-
- m_ctr.Seek(REQUIRED_BLOCKSIZE);
- m_aadLength = 0;
- m_messageLength = 0;
-}
-
-void CCM_Base::UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength)
-{
- if (m_state != State_IVSet)
- throw BadState(AlgorithmName(), "SpecifyDataLengths", "or after State_IVSet");
-
- m_aadLength = headerLength;
- m_messageLength = messageLength;
-
- byte *cbcBuffer = CBC_Buffer();
- const BlockCipher &cipher = GetBlockCipher();
-
- cbcBuffer[0] = byte(64*(headerLength>0) + 8*((m_digestSize-2)/2) + (m_L-1)); // flag
- PutWord<word64>(true, BIG_ENDIAN_ORDER, cbcBuffer+REQUIRED_BLOCKSIZE-8, m_messageLength);
- memcpy(cbcBuffer+1, m_buffer+1, REQUIRED_BLOCKSIZE-1-m_L);
- cipher.ProcessBlock(cbcBuffer);
-
- if (headerLength>0)
- {
- assert(m_bufferedDataLength == 0);
-
- if (headerLength < ((1<<16) - (1<<8)))
- {
- PutWord<word16>(true, BIG_ENDIAN_ORDER, m_buffer, (word16)headerLength);
- m_bufferedDataLength = 2;
- }
- else if (headerLength < (W64LIT(1)<<32))
- {
- m_buffer[0] = 0xff;
- m_buffer[1] = 0xfe;
- PutWord<word32>(false, BIG_ENDIAN_ORDER, m_buffer+2, (word32)headerLength);
- m_bufferedDataLength = 6;
- }
- else
- {
- m_buffer[0] = 0xff;
- m_buffer[1] = 0xff;
- PutWord<word64>(false, BIG_ENDIAN_ORDER, m_buffer+2, headerLength);
- m_bufferedDataLength = 10;
- }
- }
-}
-
-size_t CCM_Base::AuthenticateBlocks(const byte *data, size_t len)
-{
- byte *cbcBuffer = CBC_Buffer();
- const BlockCipher &cipher = GetBlockCipher();
- return cipher.AdvancedProcessBlocks(cbcBuffer, data, cbcBuffer, len, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
-}
-
-void CCM_Base::AuthenticateLastHeaderBlock()
-{
- byte *cbcBuffer = CBC_Buffer();
- const BlockCipher &cipher = GetBlockCipher();
-
- if (m_aadLength != m_totalHeaderLength)
- throw InvalidArgument(AlgorithmName() + ": header length doesn't match that given in SpecifyDataLengths");
-
- if (m_bufferedDataLength > 0)
- {
- xorbuf(cbcBuffer, m_buffer, m_bufferedDataLength);
- cipher.ProcessBlock(cbcBuffer);
- m_bufferedDataLength = 0;
- }
-}
-
-void CCM_Base::AuthenticateLastConfidentialBlock()
-{
- byte *cbcBuffer = CBC_Buffer();
- const BlockCipher &cipher = GetBlockCipher();
-
- if (m_messageLength != m_totalMessageLength)
- throw InvalidArgument(AlgorithmName() + ": message length doesn't match that given in SpecifyDataLengths");
-
- if (m_bufferedDataLength > 0)
- {
- xorbuf(cbcBuffer, m_buffer, m_bufferedDataLength);
- cipher.ProcessBlock(cbcBuffer);
- m_bufferedDataLength = 0;
- }
-}
-
-void CCM_Base::AuthenticateLastFooterBlock(byte *mac, size_t macSize)
-{
- m_ctr.Seek(0);
- m_ctr.ProcessData(mac, CBC_Buffer(), macSize);
-}
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/ccm.h b/cryptopp562/ccm.h deleted file mode 100644 index 2f3c56b..0000000 --- a/cryptopp562/ccm.h +++ /dev/null @@ -1,101 +0,0 @@ -#ifndef CRYPTOPP_CCM_H
-#define CRYPTOPP_CCM_H
-
-#include "authenc.h"
-#include "modes.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-//! .
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CCM_Base : public AuthenticatedSymmetricCipherBase
-{
-public:
- CCM_Base()
- : m_digestSize(0), m_L(0) {}
-
- // AuthenticatedSymmetricCipher
- std::string AlgorithmName() const
- {return GetBlockCipher().AlgorithmName() + std::string("/CCM");}
- size_t MinKeyLength() const
- {return GetBlockCipher().MinKeyLength();}
- size_t MaxKeyLength() const
- {return GetBlockCipher().MaxKeyLength();}
- size_t DefaultKeyLength() const
- {return GetBlockCipher().DefaultKeyLength();}
- size_t GetValidKeyLength(size_t n) const
- {return GetBlockCipher().GetValidKeyLength(n);}
- bool IsValidKeyLength(size_t n) const
- {return GetBlockCipher().IsValidKeyLength(n);}
- unsigned int OptimalDataAlignment() const
- {return GetBlockCipher().OptimalDataAlignment();}
- IV_Requirement IVRequirement() const
- {return UNIQUE_IV;}
- unsigned int IVSize() const
- {return 8;}
- unsigned int MinIVLength() const
- {return 7;}
- unsigned int MaxIVLength() const
- {return 13;}
- unsigned int DigestSize() const
- {return m_digestSize;}
- lword MaxHeaderLength() const
- {return W64LIT(0)-1;}
- lword MaxMessageLength() const
- {return m_L<8 ? (W64LIT(1)<<(8*m_L))-1 : W64LIT(0)-1;}
- bool NeedsPrespecifiedDataLengths() const
- {return true;}
- void UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength);
-
-protected:
- // AuthenticatedSymmetricCipherBase
- bool AuthenticationIsOnPlaintext() const
- {return true;}
- unsigned int AuthenticationBlockSize() const
- {return GetBlockCipher().BlockSize();}
- void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms);
- void Resync(const byte *iv, size_t len);
- size_t AuthenticateBlocks(const byte *data, size_t len);
- void AuthenticateLastHeaderBlock();
- void AuthenticateLastConfidentialBlock();
- void AuthenticateLastFooterBlock(byte *mac, size_t macSize);
- SymmetricCipher & AccessSymmetricCipher() {return m_ctr;}
-
- virtual BlockCipher & AccessBlockCipher() =0;
- virtual int DefaultDigestSize() const =0;
-
- const BlockCipher & GetBlockCipher() const {return const_cast<CCM_Base *>(this)->AccessBlockCipher();};
- byte *CBC_Buffer() {return m_buffer+REQUIRED_BLOCKSIZE;}
-
- enum {REQUIRED_BLOCKSIZE = 16};
- int m_digestSize, m_L;
- word64 m_messageLength, m_aadLength;
- CTR_Mode_ExternalCipher::Encryption m_ctr;
-};
-
-//! .
-template <class T_BlockCipher, int T_DefaultDigestSize, bool T_IsEncryption>
-class CCM_Final : public CCM_Base
-{
-public:
- static std::string StaticAlgorithmName()
- {return T_BlockCipher::StaticAlgorithmName() + std::string("/CCM");}
- bool IsForwardTransformation() const
- {return T_IsEncryption;}
-
-private:
- BlockCipher & AccessBlockCipher() {return m_cipher;}
- int DefaultDigestSize() const {return T_DefaultDigestSize;}
- typename T_BlockCipher::Encryption m_cipher;
-};
-
-/// <a href="http://www.cryptolounge.org/wiki/CCM">CCM</a>
-template <class T_BlockCipher, int T_DefaultDigestSize = 16>
-struct CCM : public AuthenticatedSymmetricCipherDocumentation
-{
- typedef CCM_Final<T_BlockCipher, T_DefaultDigestSize, true> Encryption;
- typedef CCM_Final<T_BlockCipher, T_DefaultDigestSize, false> Decryption;
-};
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/channels.cpp b/cryptopp562/channels.cpp deleted file mode 100644 index 7359f54..0000000 --- a/cryptopp562/channels.cpp +++ /dev/null @@ -1,309 +0,0 @@ -// channels.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "channels.h" - -NAMESPACE_BEGIN(CryptoPP) -USING_NAMESPACE(std) - -#if 0 -void MessageSwitch::AddDefaultRoute(BufferedTransformation &destination, const std::string &channel) -{ - m_defaultRoutes.push_back(Route(&destination, channel)); -} - -void MessageSwitch::AddRoute(unsigned int begin, unsigned int end, BufferedTransformation &destination, const std::string &channel) -{ - RangeRoute route(begin, end, Route(&destination, channel)); - RouteList::iterator it = upper_bound(m_routes.begin(), m_routes.end(), route); - m_routes.insert(it, route); -} - -/* -class MessageRouteIterator -{ -public: - typedef MessageSwitch::RouteList::const_iterator RouteIterator; - typedef MessageSwitch::DefaultRouteList::const_iterator DefaultIterator; - - bool m_useDefault; - RouteIterator m_itRouteCurrent, m_itRouteEnd; - DefaultIterator m_itDefaultCurrent, m_itDefaultEnd; - - MessageRouteIterator(MessageSwitch &ms, const std::string &channel) - : m_channel(channel) - { - pair<MapIterator, MapIterator> range = cs.m_routeMap.equal_range(channel); - if (range.first == range.second) - { - m_useDefault = true; - m_itListCurrent = cs.m_defaultRoutes.begin(); - m_itListEnd = cs.m_defaultRoutes.end(); - } - else - { - m_useDefault = false; - m_itMapCurrent = range.first; - m_itMapEnd = range.second; - } - } - - bool End() const - { - return m_useDefault ? m_itListCurrent == m_itListEnd : m_itMapCurrent == m_itMapEnd; - } - - void Next() - { - if (m_useDefault) - ++m_itListCurrent; - else - ++m_itMapCurrent; - } - - BufferedTransformation & Destination() - { - return m_useDefault ? *m_itListCurrent->first : *m_itMapCurrent->second.first; - } - - const std::string & Message() - { - if (m_useDefault) - return m_itListCurrent->second.get() ? *m_itListCurrent->second.get() : m_channel; - else - return m_itMapCurrent->second.second; - } -}; - -void MessageSwitch::Put(byte inByte); -void MessageSwitch::Put(const byte *inString, unsigned int length); - -void MessageSwitch::Flush(bool completeFlush, int propagation=-1); -void MessageSwitch::MessageEnd(int propagation=-1); -void MessageSwitch::PutMessageEnd(const byte *inString, unsigned int length, int propagation=-1); -void MessageSwitch::MessageSeriesEnd(int propagation=-1); -*/ -#endif - - -// -// ChannelRouteIterator -////////////////////////// - -void ChannelRouteIterator::Reset(const std::string &channel) -{ - m_channel = channel; - pair<MapIterator, MapIterator> range = m_cs.m_routeMap.equal_range(channel); - if (range.first == range.second) - { - m_useDefault = true; - m_itListCurrent = m_cs.m_defaultRoutes.begin(); - m_itListEnd = m_cs.m_defaultRoutes.end(); - } - else - { - m_useDefault = false; - m_itMapCurrent = range.first; - m_itMapEnd = range.second; - } -} - -bool ChannelRouteIterator::End() const -{ - return m_useDefault ? m_itListCurrent == m_itListEnd : m_itMapCurrent == m_itMapEnd; -} - -void ChannelRouteIterator::Next() -{ - if (m_useDefault) - ++m_itListCurrent; - else - ++m_itMapCurrent; -} - -BufferedTransformation & ChannelRouteIterator::Destination() -{ - return m_useDefault ? *m_itListCurrent->first : *m_itMapCurrent->second.first; -} - -const std::string & ChannelRouteIterator::Channel() -{ - if (m_useDefault) - return m_itListCurrent->second.get() ? *m_itListCurrent->second.get() : m_channel; - else - return m_itMapCurrent->second.second; -} - - -// -// ChannelSwitch -/////////////////// - -size_t ChannelSwitch::ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (m_blocked) - { - m_blocked = false; - goto WasBlocked; - } - - m_it.Reset(channel); - - while (!m_it.End()) - { -WasBlocked: - if (m_it.Destination().ChannelPut2(m_it.Channel(), begin, length, messageEnd, blocking)) - { - m_blocked = true; - return 1; - } - - m_it.Next(); - } - - return 0; -} - -void ChannelSwitch::IsolatedInitialize(const NameValuePairs ¶meters/* =g_nullNameValuePairs */) -{ - m_routeMap.clear(); - m_defaultRoutes.clear(); - m_blocked = false; -} - -bool ChannelSwitch::ChannelFlush(const std::string &channel, bool completeFlush, int propagation, bool blocking) -{ - if (m_blocked) - { - m_blocked = false; - goto WasBlocked; - } - - m_it.Reset(channel); - - while (!m_it.End()) - { - WasBlocked: - if (m_it.Destination().ChannelFlush(m_it.Channel(), completeFlush, propagation, blocking)) - { - m_blocked = true; - return true; - } - - m_it.Next(); - } - - return false; -} - -bool ChannelSwitch::ChannelMessageSeriesEnd(const std::string &channel, int propagation, bool blocking) -{ - if (m_blocked) - { - m_blocked = false; - goto WasBlocked; - } - - m_it.Reset(channel); - - while (!m_it.End()) - { - WasBlocked: - if (m_it.Destination().ChannelMessageSeriesEnd(m_it.Channel(), propagation)) - { - m_blocked = true; - return true; - } - - m_it.Next(); - } - - return false; -} - -byte * ChannelSwitch::ChannelCreatePutSpace(const std::string &channel, size_t &size) -{ - m_it.Reset(channel); - if (!m_it.End()) - { - BufferedTransformation &target = m_it.Destination(); - const std::string &channel = m_it.Channel(); - m_it.Next(); - if (m_it.End()) // there is only one target channel - return target.ChannelCreatePutSpace(channel, size); - } - size = 0; - return NULL; -} - -size_t ChannelSwitch::ChannelPutModifiable2(const std::string &channel, byte *inString, size_t length, int messageEnd, bool blocking) -{ - ChannelRouteIterator it(*this); - it.Reset(channel); - - if (!it.End()) - { - BufferedTransformation &target = it.Destination(); - const std::string &targetChannel = it.Channel(); - it.Next(); - if (it.End()) // there is only one target channel - return target.ChannelPutModifiable2(targetChannel, inString, length, messageEnd, blocking); - } - - return ChannelPut2(channel, inString, length, messageEnd, blocking); -} - -void ChannelSwitch::AddDefaultRoute(BufferedTransformation &destination) -{ - m_defaultRoutes.push_back(DefaultRoute(&destination, value_ptr<std::string>(NULL))); -} - -void ChannelSwitch::RemoveDefaultRoute(BufferedTransformation &destination) -{ - for (DefaultRouteList::iterator it = m_defaultRoutes.begin(); it != m_defaultRoutes.end(); ++it) - if (it->first == &destination && !it->second.get()) - { - m_defaultRoutes.erase(it); - break; - } -} - -void ChannelSwitch::AddDefaultRoute(BufferedTransformation &destination, const std::string &outChannel) -{ - m_defaultRoutes.push_back(DefaultRoute(&destination, outChannel)); -} - -void ChannelSwitch::RemoveDefaultRoute(BufferedTransformation &destination, const std::string &outChannel) -{ - for (DefaultRouteList::iterator it = m_defaultRoutes.begin(); it != m_defaultRoutes.end(); ++it) - if (it->first == &destination && (it->second.get() && *it->second == outChannel)) - { - m_defaultRoutes.erase(it); - break; - } -} - -void ChannelSwitch::AddRoute(const std::string &inChannel, BufferedTransformation &destination, const std::string &outChannel) -{ - m_routeMap.insert(RouteMap::value_type(inChannel, Route(&destination, outChannel))); -} - -void ChannelSwitch::RemoveRoute(const std::string &inChannel, BufferedTransformation &destination, const std::string &outChannel) -{ - typedef ChannelSwitch::RouteMap::iterator MapIterator; - pair<MapIterator, MapIterator> range = m_routeMap.equal_range(inChannel); - - for (MapIterator it = range.first; it != range.second; ++it) - if (it->second.first == &destination && it->second.second == outChannel) - { - m_routeMap.erase(it); - break; - } -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/channels.h b/cryptopp562/channels.h deleted file mode 100644 index 8374156..0000000 --- a/cryptopp562/channels.h +++ /dev/null @@ -1,123 +0,0 @@ -#ifndef CRYPTOPP_CHANNELS_H -#define CRYPTOPP_CHANNELS_H - -#include "simple.h" -#include "smartptr.h" -#include <map> -#include <list> - -NAMESPACE_BEGIN(CryptoPP) - -#if 0 -//! Route input on default channel to different and/or multiple channels based on message sequence number -class MessageSwitch : public Sink -{ -public: - void AddDefaultRoute(BufferedTransformation &destination, const std::string &channel); - void AddRoute(unsigned int begin, unsigned int end, BufferedTransformation &destination, const std::string &channel); - - void Put(byte inByte); - void Put(const byte *inString, unsigned int length); - - void Flush(bool completeFlush, int propagation=-1); - void MessageEnd(int propagation=-1); - void PutMessageEnd(const byte *inString, unsigned int length, int propagation=-1); - void MessageSeriesEnd(int propagation=-1); - -private: - typedef std::pair<BufferedTransformation *, std::string> Route; - struct RangeRoute - { - RangeRoute(unsigned int begin, unsigned int end, const Route &route) - : begin(begin), end(end), route(route) {} - bool operator<(const RangeRoute &rhs) const {return begin < rhs.begin;} - unsigned int begin, end; - Route route; - }; - - typedef std::list<RangeRoute> RouteList; - typedef std::list<Route> DefaultRouteList; - - RouteList m_routes; - DefaultRouteList m_defaultRoutes; - unsigned int m_nCurrentMessage; -}; -#endif - -class ChannelSwitchTypedefs -{ -public: - typedef std::pair<BufferedTransformation *, std::string> Route; - typedef std::multimap<std::string, Route> RouteMap; - - typedef std::pair<BufferedTransformation *, value_ptr<std::string> > DefaultRoute; - typedef std::list<DefaultRoute> DefaultRouteList; - - // SunCC workaround: can't use const_iterator here - typedef RouteMap::iterator MapIterator; - typedef DefaultRouteList::iterator ListIterator; -}; - -class ChannelSwitch; - -class ChannelRouteIterator : public ChannelSwitchTypedefs -{ -public: - ChannelSwitch& m_cs; - std::string m_channel; - bool m_useDefault; - MapIterator m_itMapCurrent, m_itMapEnd; - ListIterator m_itListCurrent, m_itListEnd; - - ChannelRouteIterator(ChannelSwitch &cs) : m_cs(cs) {} - void Reset(const std::string &channel); - bool End() const; - void Next(); - BufferedTransformation & Destination(); - const std::string & Channel(); -}; - -//! Route input to different and/or multiple channels based on channel ID -class CRYPTOPP_DLL ChannelSwitch : public Multichannel<Sink>, public ChannelSwitchTypedefs -{ -public: - ChannelSwitch() : m_it(*this), m_blocked(false) {} - ChannelSwitch(BufferedTransformation &destination) : m_it(*this), m_blocked(false) - { - AddDefaultRoute(destination); - } - ChannelSwitch(BufferedTransformation &destination, const std::string &outChannel) : m_it(*this), m_blocked(false) - { - AddDefaultRoute(destination, outChannel); - } - - void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); - - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); - size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking); - - bool ChannelFlush(const std::string &channel, bool completeFlush, int propagation=-1, bool blocking=true); - bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true); - - byte * ChannelCreatePutSpace(const std::string &channel, size_t &size); - - void AddDefaultRoute(BufferedTransformation &destination); - void RemoveDefaultRoute(BufferedTransformation &destination); - void AddDefaultRoute(BufferedTransformation &destination, const std::string &outChannel); - void RemoveDefaultRoute(BufferedTransformation &destination, const std::string &outChannel); - void AddRoute(const std::string &inChannel, BufferedTransformation &destination, const std::string &outChannel); - void RemoveRoute(const std::string &inChannel, BufferedTransformation &destination, const std::string &outChannel); - -private: - RouteMap m_routeMap; - DefaultRouteList m_defaultRoutes; - - ChannelRouteIterator m_it; - bool m_blocked; - - friend class ChannelRouteIterator; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cmac.cpp b/cryptopp562/cmac.cpp deleted file mode 100644 index e8fa6fe..0000000 --- a/cryptopp562/cmac.cpp +++ /dev/null @@ -1,122 +0,0 @@ -// cmac.cpp - written and placed in the public domain by Wei Dai
-
-#include "pch.h"
-
-#ifndef CRYPTOPP_IMPORTS
-
-#include "cmac.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-static void MulU(byte *k, unsigned int length)
-{
- byte carry = 0;
-
- for (int i=length-1; i>=1; i-=2)
- {
- byte carry2 = k[i] >> 7;
- k[i] += k[i] + carry;
- carry = k[i-1] >> 7;
- k[i-1] += k[i-1] + carry2;
- }
-
- if (carry)
- {
- switch (length)
- {
- case 8:
- k[7] ^= 0x1b;
- break;
- case 16:
- k[15] ^= 0x87;
- break;
- case 32:
- k[30] ^= 4;
- k[31] ^= 0x23;
- break;
- default:
- throw InvalidArgument("CMAC: " + IntToString(length) + " is not a supported cipher block size");
- }
- }
-}
-
-void CMAC_Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms)
-{
- BlockCipher &cipher = AccessCipher();
- unsigned int blockSize = cipher.BlockSize();
-
- cipher.SetKey(key, length, params);
- m_reg.CleanNew(3*blockSize);
- m_counter = 0;
-
- cipher.ProcessBlock(m_reg, m_reg+blockSize);
- MulU(m_reg+blockSize, blockSize);
- memcpy(m_reg+2*blockSize, m_reg+blockSize, blockSize);
- MulU(m_reg+2*blockSize, blockSize);
-}
-
-void CMAC_Base::Update(const byte *input, size_t length)
-{
- if (!length)
- return;
-
- BlockCipher &cipher = AccessCipher();
- unsigned int blockSize = cipher.BlockSize();
-
- if (m_counter > 0)
- {
- unsigned int len = UnsignedMin(blockSize - m_counter, length);
- xorbuf(m_reg+m_counter, input, len);
- length -= len;
- input += len;
- m_counter += len;
-
- if (m_counter == blockSize && length > 0)
- {
- cipher.ProcessBlock(m_reg);
- m_counter = 0;
- }
- }
-
- if (length > blockSize)
- {
- assert(m_counter == 0);
- size_t leftOver = 1 + cipher.AdvancedProcessBlocks(m_reg, input, m_reg, length-1, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
- input += (length - leftOver);
- length = leftOver;
- }
-
- if (length > 0)
- {
- assert(m_counter + length <= blockSize);
- xorbuf(m_reg+m_counter, input, length);
- m_counter += (unsigned int)length;
- }
-
- assert(m_counter > 0);
-}
-
-void CMAC_Base::TruncatedFinal(byte *mac, size_t size)
-{
- ThrowIfInvalidTruncatedSize(size);
-
- BlockCipher &cipher = AccessCipher();
- unsigned int blockSize = cipher.BlockSize();
-
- if (m_counter < blockSize)
- {
- m_reg[m_counter] ^= 0x80;
- cipher.AdvancedProcessBlocks(m_reg, m_reg+2*blockSize, m_reg, blockSize, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
- }
- else
- cipher.AdvancedProcessBlocks(m_reg, m_reg+blockSize, m_reg, blockSize, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
-
- memcpy(mac, m_reg, size);
-
- m_counter = 0;
- memset(m_reg, 0, blockSize);
-}
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/cmac.h b/cryptopp562/cmac.h deleted file mode 100644 index ab3ecf8..0000000 --- a/cryptopp562/cmac.h +++ /dev/null @@ -1,52 +0,0 @@ -#ifndef CRYPTOPP_CMAC_H
-#define CRYPTOPP_CMAC_H
-
-#include "seckey.h"
-#include "secblock.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-//! _
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CMAC_Base : public MessageAuthenticationCode
-{
-public:
- CMAC_Base() {}
-
- void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms);
- void Update(const byte *input, size_t length);
- void TruncatedFinal(byte *mac, size_t size);
- unsigned int DigestSize() const {return GetCipher().BlockSize();}
- unsigned int OptimalBlockSize() const {return GetCipher().BlockSize();}
- unsigned int OptimalDataAlignment() const {return GetCipher().OptimalDataAlignment();}
-
-protected:
- friend class EAX_Base;
-
- const BlockCipher & GetCipher() const {return const_cast<CMAC_Base*>(this)->AccessCipher();}
- virtual BlockCipher & AccessCipher() =0;
-
- void ProcessBuf();
- SecByteBlock m_reg;
- unsigned int m_counter;
-};
-
-/// <a href="http://www.cryptolounge.org/wiki/CMAC">CMAC</a>
-/*! Template parameter T should be a class derived from BlockCipherDocumentation, for example AES, with a block size of 8, 16, or 32 */
-template <class T>
-class CMAC : public MessageAuthenticationCodeImpl<CMAC_Base, CMAC<T> >, public SameKeyLengthAs<T>
-{
-public:
- CMAC() {}
- CMAC(const byte *key, size_t length=SameKeyLengthAs<T>::DEFAULT_KEYLENGTH)
- {this->SetKey(key, length);}
-
- static std::string StaticAlgorithmName() {return std::string("CMAC(") + T::StaticAlgorithmName() + ")";}
-
-private:
- BlockCipher & AccessCipher() {return m_cipher;}
- typename T::Encryption m_cipher;
-};
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/config.h b/cryptopp562/config.h deleted file mode 100644 index 4554a1c..0000000 --- a/cryptopp562/config.h +++ /dev/null @@ -1,457 +0,0 @@ -#ifndef CRYPTOPP_CONFIG_H -#define CRYPTOPP_CONFIG_H - -// ***************** Important Settings ******************** - -// define this if running on a big-endian CPU -#if !defined(IS_LITTLE_ENDIAN) && (defined(__BIG_ENDIAN__) || defined(__sparc) || defined(__sparc__) || defined(__hppa__) || defined(__MIPSEB__) || defined(__ARMEB__) || (defined(__MWERKS__) && !defined(__INTEL__))) -# define IS_BIG_ENDIAN -#endif - -// define this if running on a little-endian CPU -// big endian will be assumed if IS_LITTLE_ENDIAN is not defined -#ifndef IS_BIG_ENDIAN -# define IS_LITTLE_ENDIAN -#endif - -// define this if you want to disable all OS-dependent features, -// such as sockets and OS-provided random number generators -// #define NO_OS_DEPENDENCE - -// Define this to use features provided by Microsoft's CryptoAPI. -// Currently the only feature used is random number generation. -// This macro will be ignored if NO_OS_DEPENDENCE is defined. -#define USE_MS_CRYPTOAPI - -// ***************** Less Important Settings *************** - -// define this to retain (as much as possible) old deprecated function and class names -// #define CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - -#define GZIP_OS_CODE 0 - -// Try this if your CPU has 256K internal cache or a slow multiply instruction -// and you want a (possibly) faster IDEA implementation using log tables -// #define IDEA_LARGECACHE - -// Define this if, for the linear congruential RNG, you want to use -// the original constants as specified in S.K. Park and K.W. Miller's -// CACM paper. -// #define LCRNG_ORIGINAL_NUMBERS - -// choose which style of sockets to wrap (mostly useful for cygwin which has both) -#define PREFER_BERKELEY_STYLE_SOCKETS -// #define PREFER_WINDOWS_STYLE_SOCKETS - -// set the name of Rijndael cipher, was "Rijndael" before version 5.3 -#define CRYPTOPP_RIJNDAEL_NAME "AES" - -// ***************** Important Settings Again ******************** -// But the defaults should be ok. - -// namespace support is now required -#ifdef NO_NAMESPACE -# error namespace support is now required -#endif - -// Define this to workaround a Microsoft CryptoAPI bug where -// each call to CryptAcquireContext causes a 100 KB memory leak. -// Defining this will cause Crypto++ to make only one call to CryptAcquireContext. -#define WORKAROUND_MS_BUG_Q258000 - -#ifdef CRYPTOPP_DOXYGEN_PROCESSING -// Avoid putting "CryptoPP::" in front of everything in Doxygen output -# define CryptoPP -# define NAMESPACE_BEGIN(x) -# define NAMESPACE_END -// Get Doxygen to generate better documentation for these typedefs -# define DOCUMENTED_TYPEDEF(x, y) class y : public x {}; -#else -# define NAMESPACE_BEGIN(x) namespace x { -# define NAMESPACE_END } -# define DOCUMENTED_TYPEDEF(x, y) typedef x y; -#endif -#define ANONYMOUS_NAMESPACE_BEGIN namespace { -#define USING_NAMESPACE(x) using namespace x; -#define DOCUMENTED_NAMESPACE_BEGIN(x) namespace x { -#define DOCUMENTED_NAMESPACE_END } - -// What is the type of the third parameter to bind? -// For Unix, the new standard is ::socklen_t (typically unsigned int), and the old standard is int. -// Unfortunately there is no way to tell whether or not socklen_t is defined. -// To work around this, TYPE_OF_SOCKLEN_T is a macro so that you can change it from the makefile. -#ifndef TYPE_OF_SOCKLEN_T -# if defined(_WIN32) || defined(__CYGWIN__) -# define TYPE_OF_SOCKLEN_T int -# else -# define TYPE_OF_SOCKLEN_T ::socklen_t -# endif -#endif - -#if defined(__CYGWIN__) && defined(PREFER_WINDOWS_STYLE_SOCKETS) -# define __USE_W32_SOCKETS -#endif - -typedef unsigned char byte; // put in global namespace to avoid ambiguity with other byte typedefs - -NAMESPACE_BEGIN(CryptoPP) - -typedef unsigned short word16; -typedef unsigned int word32; - -#if defined(_MSC_VER) || defined(__BORLANDC__) - typedef unsigned __int64 word64; - #define W64LIT(x) x##ui64 -#else - typedef unsigned long long word64; - #define W64LIT(x) x##ULL -#endif - -// define large word type, used for file offsets and such -typedef word64 lword; -const lword LWORD_MAX = W64LIT(0xffffffffffffffff); - -#ifdef __GNUC__ - #define CRYPTOPP_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) -#endif - -// define hword, word, and dword. these are used for multiprecision integer arithmetic -// Intel compiler won't have _umul128 until version 10.0. See http://softwarecommunity.intel.com/isn/Community/en-US/forums/thread/30231625.aspx -#if (defined(_MSC_VER) && (!defined(__INTEL_COMPILER) || __INTEL_COMPILER >= 1000) && (defined(_M_X64) || defined(_M_IA64))) || (defined(__DECCXX) && defined(__alpha__)) || (defined(__INTEL_COMPILER) && defined(__x86_64__)) || (defined(__SUNPRO_CC) && defined(__x86_64__)) - typedef word32 hword; - typedef word64 word; -#else - #define CRYPTOPP_NATIVE_DWORD_AVAILABLE - #if defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || defined(__x86_64__) || defined(__mips64) || defined(__sparc64__) - #if defined(__GNUC__) && !defined(__INTEL_COMPILER) && !(CRYPTOPP_GCC_VERSION == 40001 && defined(__APPLE__)) && CRYPTOPP_GCC_VERSION >= 30400 - // GCC 4.0.1 on MacOS X is missing __umodti3 and __udivti3 - // mode(TI) division broken on amd64 with GCC earlier than GCC 3.4 - typedef word32 hword; - typedef word64 word; - typedef __uint128_t dword; - typedef __uint128_t word128; - #define CRYPTOPP_WORD128_AVAILABLE - #else - // if we're here, it means we're on a 64-bit CPU but we don't have a way to obtain 128-bit multiplication results - typedef word16 hword; - typedef word32 word; - typedef word64 dword; - #endif - #else - // being here means the native register size is probably 32 bits or less - #define CRYPTOPP_BOOL_SLOW_WORD64 1 - typedef word16 hword; - typedef word32 word; - typedef word64 dword; - #endif -#endif -#ifndef CRYPTOPP_BOOL_SLOW_WORD64 - #define CRYPTOPP_BOOL_SLOW_WORD64 0 -#endif - -const unsigned int WORD_SIZE = sizeof(word); -const unsigned int WORD_BITS = WORD_SIZE * 8; - -NAMESPACE_END - -#ifndef CRYPTOPP_L1_CACHE_LINE_SIZE - // This should be a lower bound on the L1 cache line size. It's used for defense against timing attacks. - #if defined(_M_X64) || defined(__x86_64__) - #define CRYPTOPP_L1_CACHE_LINE_SIZE 64 - #else - // L1 cache line size is 32 on Pentium III and earlier - #define CRYPTOPP_L1_CACHE_LINE_SIZE 32 - #endif -#endif - -#if defined(_MSC_VER) - #if _MSC_VER == 1200 - #include <malloc.h> - #endif - #if _MSC_VER > 1200 || defined(_mm_free) - #define CRYPTOPP_MSVC6PP_OR_LATER // VC 6 processor pack or later - #else - #define CRYPTOPP_MSVC6_NO_PP // VC 6 without processor pack - #endif -#endif - -#ifndef CRYPTOPP_ALIGN_DATA - #if defined(CRYPTOPP_MSVC6PP_OR_LATER) - #define CRYPTOPP_ALIGN_DATA(x) __declspec(align(x)) - #elif defined(__GNUC__) - #define CRYPTOPP_ALIGN_DATA(x) __attribute__((aligned(x))) - #else - #define CRYPTOPP_ALIGN_DATA(x) - #endif -#endif - -#ifndef CRYPTOPP_SECTION_ALIGN16 - #if defined(__GNUC__) && !defined(__APPLE__) - // the alignment attribute doesn't seem to work without this section attribute when -fdata-sections is turned on - #define CRYPTOPP_SECTION_ALIGN16 __attribute__((section ("CryptoPP_Align16"))) - #else - #define CRYPTOPP_SECTION_ALIGN16 - #endif -#endif - -#if defined(_MSC_VER) || defined(__fastcall) - #define CRYPTOPP_FASTCALL __fastcall -#else - #define CRYPTOPP_FASTCALL -#endif - -// VC60 workaround: it doesn't allow typename in some places -#if defined(_MSC_VER) && (_MSC_VER < 1300) -#define CPP_TYPENAME -#else -#define CPP_TYPENAME typename -#endif - -// VC60 workaround: can't cast unsigned __int64 to float or double -#if defined(_MSC_VER) && !defined(CRYPTOPP_MSVC6PP_OR_LATER) -#define CRYPTOPP_VC6_INT64 (__int64) -#else -#define CRYPTOPP_VC6_INT64 -#endif - -#ifdef _MSC_VER -#define CRYPTOPP_NO_VTABLE __declspec(novtable) -#else -#define CRYPTOPP_NO_VTABLE -#endif - -#ifdef _MSC_VER - // 4231: nonstandard extension used : 'extern' before template explicit instantiation - // 4250: dominance - // 4251: member needs to have dll-interface - // 4275: base needs to have dll-interface - // 4660: explicitly instantiating a class that's already implicitly instantiated - // 4661: no suitable definition provided for explicit template instantiation request - // 4786: identifer was truncated in debug information - // 4355: 'this' : used in base member initializer list - // 4910: '__declspec(dllexport)' and 'extern' are incompatible on an explicit instantiation -# pragma warning(disable: 4231 4250 4251 4275 4660 4661 4786 4355 4910) -#endif - -#ifdef __BORLANDC__ -// 8037: non-const function called for const object. needed to work around BCB2006 bug -# pragma warn -8037 -#endif - -#if (defined(_MSC_VER) && _MSC_VER <= 1300) || defined(__MWERKS__) || defined(_STLPORT_VERSION) -#define CRYPTOPP_DISABLE_UNCAUGHT_EXCEPTION -#endif - -#ifndef CRYPTOPP_DISABLE_UNCAUGHT_EXCEPTION -#define CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE -#endif - -#ifdef CRYPTOPP_DISABLE_X86ASM // for backwards compatibility: this macro had both meanings -#define CRYPTOPP_DISABLE_ASM -#define CRYPTOPP_DISABLE_SSE2 -#endif - -#if !defined(CRYPTOPP_DISABLE_ASM) && ((defined(_MSC_VER) && defined(_M_IX86)) || (defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)))) - // C++Builder 2010 does not allow "call label" where label is defined within inline assembly - #define CRYPTOPP_X86_ASM_AVAILABLE - - #if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || CRYPTOPP_GCC_VERSION >= 30300) - #define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 1 - #else - #define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 0 - #endif - - // SSSE3 was actually introduced in GNU as 2.17, which was released 6/23/2006, but we can't tell what version of binutils is installed. - // GCC 4.1.2 was released on 2/13/2007, so we'll use that as a proxy for the binutils version. - #if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1400 || CRYPTOPP_GCC_VERSION >= 40102) - #define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 1 - #else - #define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 0 - #endif -#endif - -#if !defined(CRYPTOPP_DISABLE_ASM) && defined(_MSC_VER) && defined(_M_X64) - #define CRYPTOPP_X64_MASM_AVAILABLE -#endif - -#if !defined(CRYPTOPP_DISABLE_ASM) && defined(__GNUC__) && defined(__x86_64__) - #define CRYPTOPP_X64_ASM_AVAILABLE -#endif - -#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__)) - #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 1 -#else - #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 0 -#endif - -#if !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(CRYPTOPP_DISABLE_AESNI) && CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && (CRYPTOPP_GCC_VERSION >= 40400 || _MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110) - #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1 -#else - #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 0 -#endif - -#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - #define CRYPTOPP_BOOL_ALIGN16_ENABLED 1 -#else - #define CRYPTOPP_BOOL_ALIGN16_ENABLED 0 -#endif - -// how to allocate 16-byte aligned memory (for SSE2) -#if defined(CRYPTOPP_MSVC6PP_OR_LATER) - #define CRYPTOPP_MM_MALLOC_AVAILABLE -#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) - #define CRYPTOPP_MALLOC_ALIGNMENT_IS_16 -#elif defined(__linux__) || defined(__sun__) || defined(__CYGWIN__) - #define CRYPTOPP_MEMALIGN_AVAILABLE -#else - #define CRYPTOPP_NO_ALIGNED_ALLOC -#endif - -// how to disable inlining -#if defined(_MSC_VER) && _MSC_VER >= 1300 -# define CRYPTOPP_NOINLINE_DOTDOTDOT -# define CRYPTOPP_NOINLINE __declspec(noinline) -#elif defined(__GNUC__) -# define CRYPTOPP_NOINLINE_DOTDOTDOT -# define CRYPTOPP_NOINLINE __attribute__((noinline)) -#else -# define CRYPTOPP_NOINLINE_DOTDOTDOT ... -# define CRYPTOPP_NOINLINE -#endif - -// how to declare class constants -#if (defined(_MSC_VER) && _MSC_VER <= 1300) || defined(__INTEL_COMPILER) -# define CRYPTOPP_CONSTANT(x) enum {x}; -#else -# define CRYPTOPP_CONSTANT(x) static const int x; -#endif - -#if defined(_M_X64) || defined(__x86_64__) - #define CRYPTOPP_BOOL_X64 1 -#else - #define CRYPTOPP_BOOL_X64 0 -#endif - -// see http://predef.sourceforge.net/prearch.html -#if defined(_M_IX86) || defined(__i386__) || defined(__i386) || defined(_X86_) || defined(__I86__) || defined(__INTEL__) - #define CRYPTOPP_BOOL_X86 1 -#else - #define CRYPTOPP_BOOL_X86 0 -#endif - -#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || defined(__powerpc__) - #define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS -#endif - -#define CRYPTOPP_VERSION 562 - -// ***************** determine availability of OS features ******************** - -#ifndef NO_OS_DEPENDENCE - -#if defined(_WIN32) || defined(__CYGWIN__) -#define CRYPTOPP_WIN32_AVAILABLE -#endif - -#if defined(__unix__) || defined(__MACH__) || defined(__NetBSD__) || defined(__sun) -#define CRYPTOPP_UNIX_AVAILABLE -#endif - -#if defined(CRYPTOPP_WIN32_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE) -# define HIGHRES_TIMER_AVAILABLE -#endif - -#ifdef CRYPTOPP_UNIX_AVAILABLE -# define HAS_BERKELEY_STYLE_SOCKETS -#endif - -#ifdef CRYPTOPP_WIN32_AVAILABLE -# define HAS_WINDOWS_STYLE_SOCKETS -#endif - -#if defined(HIGHRES_TIMER_AVAILABLE) && (defined(HAS_BERKELEY_STYLE_SOCKETS) || defined(HAS_WINDOWS_STYLE_SOCKETS)) -# define SOCKETS_AVAILABLE -#endif - -#if defined(HAS_WINDOWS_STYLE_SOCKETS) && (!defined(HAS_BERKELEY_STYLE_SOCKETS) || defined(PREFER_WINDOWS_STYLE_SOCKETS)) -# define USE_WINDOWS_STYLE_SOCKETS -#else -# define USE_BERKELEY_STYLE_SOCKETS -#endif - -#if defined(HIGHRES_TIMER_AVAILABLE) && defined(CRYPTOPP_WIN32_AVAILABLE) && !defined(USE_BERKELEY_STYLE_SOCKETS) -# define WINDOWS_PIPES_AVAILABLE -#endif - -#if defined(CRYPTOPP_WIN32_AVAILABLE) && defined(USE_MS_CRYPTOAPI) -# define NONBLOCKING_RNG_AVAILABLE -# define OS_RNG_AVAILABLE -#endif - -#if defined(CRYPTOPP_UNIX_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) -# define NONBLOCKING_RNG_AVAILABLE -# define BLOCKING_RNG_AVAILABLE -# define OS_RNG_AVAILABLE -# define HAS_PTHREADS -# define THREADS_AVAILABLE -#endif - -#ifdef CRYPTOPP_WIN32_AVAILABLE -# define HAS_WINTHREADS -# define THREADS_AVAILABLE -#endif - -#endif // NO_OS_DEPENDENCE - -// ***************** DLL related ******************** - -#if defined(CRYPTOPP_WIN32_AVAILABLE) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) - -#ifdef CRYPTOPP_EXPORTS -#define CRYPTOPP_IS_DLL -#define CRYPTOPP_DLL __declspec(dllexport) -#elif defined(CRYPTOPP_IMPORTS) -#define CRYPTOPP_IS_DLL -#define CRYPTOPP_DLL __declspec(dllimport) -#else -#define CRYPTOPP_DLL -#endif - -#define CRYPTOPP_API __cdecl - -#else // CRYPTOPP_WIN32_AVAILABLE - -#define CRYPTOPP_DLL -#define CRYPTOPP_API - -#endif // CRYPTOPP_WIN32_AVAILABLE - -#if defined(__MWERKS__) -#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS extern class CRYPTOPP_DLL -#elif defined(__BORLANDC__) || defined(__SUNPRO_CC) -#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS template class CRYPTOPP_DLL -#else -#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS extern template class CRYPTOPP_DLL -#endif - -#if defined(CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES) && !defined(CRYPTOPP_IMPORTS) -#define CRYPTOPP_DLL_TEMPLATE_CLASS template class CRYPTOPP_DLL -#else -#define CRYPTOPP_DLL_TEMPLATE_CLASS CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS -#endif - -#if defined(__MWERKS__) -#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS extern class -#elif defined(__BORLANDC__) || defined(__SUNPRO_CC) -#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS template class -#else -#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS extern template class -#endif - -#if defined(CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES) && !defined(CRYPTOPP_EXPORTS) -#define CRYPTOPP_STATIC_TEMPLATE_CLASS template class -#else -#define CRYPTOPP_STATIC_TEMPLATE_CLASS CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS -#endif - -#endif diff --git a/cryptopp562/cpu.cpp b/cryptopp562/cpu.cpp deleted file mode 100644 index 3610a7c..0000000 --- a/cryptopp562/cpu.cpp +++ /dev/null @@ -1,199 +0,0 @@ -// cpu.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "cpu.h" -#include "misc.h" -#include <algorithm> - -#ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY -#include <signal.h> -#include <setjmp.h> -#endif - -#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE -#include <emmintrin.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef CRYPTOPP_CPUID_AVAILABLE - -#if _MSC_VER >= 1400 && CRYPTOPP_BOOL_X64 - -bool CpuId(word32 input, word32 *output) -{ - __cpuid((int *)output, input); - return true; -} - -#else - -#ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY -extern "C" { -typedef void (*SigHandler)(int); - -static jmp_buf s_jmpNoCPUID; -static void SigIllHandlerCPUID(int) -{ - longjmp(s_jmpNoCPUID, 1); -} - -static jmp_buf s_jmpNoSSE2; -static void SigIllHandlerSSE2(int) -{ - longjmp(s_jmpNoSSE2, 1); -} -} -#endif - -bool CpuId(word32 input, word32 *output) -{ -#ifdef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY - __try - { - __asm - { - mov eax, input - cpuid - mov edi, output - mov [edi], eax - mov [edi+4], ebx - mov [edi+8], ecx - mov [edi+12], edx - } - } - __except (1) - { - return false; - } - return true; -#else - SigHandler oldHandler = signal(SIGILL, SigIllHandlerCPUID); - if (oldHandler == SIG_ERR) - return false; - - bool result = true; - if (setjmp(s_jmpNoCPUID)) - result = false; - else - { - asm - ( - // save ebx in case -fPIC is being used -#if CRYPTOPP_BOOL_X86 - "push %%ebx; cpuid; mov %%ebx, %%edi; pop %%ebx" -#else - "pushq %%rbx; cpuid; mov %%ebx, %%edi; popq %%rbx" -#endif - : "=a" (output[0]), "=D" (output[1]), "=c" (output[2]), "=d" (output[3]) - : "a" (input) - ); - } - - signal(SIGILL, oldHandler); - return result; -#endif -} - -#endif - -static bool TrySSE2() -{ -#if CRYPTOPP_BOOL_X64 - return true; -#elif defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY) - __try - { -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - AS2(por xmm0, xmm0) // executing SSE2 instruction -#elif CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE - __m128i x = _mm_setzero_si128(); - return _mm_cvtsi128_si32(x) == 0; -#endif - } - __except (1) - { - return false; - } - return true; -#else - SigHandler oldHandler = signal(SIGILL, SigIllHandlerSSE2); - if (oldHandler == SIG_ERR) - return false; - - bool result = true; - if (setjmp(s_jmpNoSSE2)) - result = false; - else - { -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - __asm __volatile ("por %xmm0, %xmm0"); -#elif CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE - __m128i x = _mm_setzero_si128(); - result = _mm_cvtsi128_si32(x) == 0; -#endif - } - - signal(SIGILL, oldHandler); - return result; -#endif -} - -bool g_x86DetectionDone = false; -bool g_hasISSE = false, g_hasSSE2 = false, g_hasSSSE3 = false, g_hasMMX = false, g_hasAESNI = false, g_hasCLMUL = false, g_isP4 = false; -word32 g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE; - -void DetectX86Features() -{ - word32 cpuid[4], cpuid1[4]; - if (!CpuId(0, cpuid)) - return; - if (!CpuId(1, cpuid1)) - return; - - g_hasMMX = (cpuid1[3] & (1 << 23)) != 0; - if ((cpuid1[3] & (1 << 26)) != 0) - g_hasSSE2 = TrySSE2(); - g_hasSSSE3 = g_hasSSE2 && (cpuid1[2] & (1<<9)); - g_hasAESNI = g_hasSSE2 && (cpuid1[2] & (1<<25)); - g_hasCLMUL = g_hasSSE2 && (cpuid1[2] & (1<<1)); - - if ((cpuid1[3] & (1 << 25)) != 0) - g_hasISSE = true; - else - { - word32 cpuid2[4]; - CpuId(0x080000000, cpuid2); - if (cpuid2[0] >= 0x080000001) - { - CpuId(0x080000001, cpuid2); - g_hasISSE = (cpuid2[3] & (1 << 22)) != 0; - } - } - - std::swap(cpuid[2], cpuid[3]); - if (memcmp(cpuid+1, "GenuineIntel", 12) == 0) - { - g_isP4 = ((cpuid1[0] >> 8) & 0xf) == 0xf; - g_cacheLineSize = 8 * GETBYTE(cpuid1[1], 1); - } - else if (memcmp(cpuid+1, "AuthenticAMD", 12) == 0) - { - CpuId(0x80000005, cpuid); - g_cacheLineSize = GETBYTE(cpuid[2], 0); - } - - if (!g_cacheLineSize) - g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE; - - g_x86DetectionDone = true; -} - -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cpu.h b/cryptopp562/cpu.h deleted file mode 100644 index 65029d3..0000000 --- a/cryptopp562/cpu.h +++ /dev/null @@ -1,345 +0,0 @@ -#ifndef CRYPTOPP_CPU_H -#define CRYPTOPP_CPU_H - -#ifdef CRYPTOPP_GENERATE_X64_MASM - -#define CRYPTOPP_X86_ASM_AVAILABLE -#define CRYPTOPP_BOOL_X64 1 -#define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 1 -#define NAMESPACE_END - -#else - -#include "config.h" - -#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE -#include <emmintrin.h> -#endif - -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE -#if !defined(__GNUC__) || defined(__SSSE3__) || defined(__INTEL_COMPILER) -#include <tmmintrin.h> -#else -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_shuffle_epi8 (__m128i a, __m128i b) -{ - asm ("pshufb %1, %0" : "+x"(a) : "xm"(b)); - return a; -} -#endif -#if !defined(__GNUC__) || defined(__SSE4_1__) || defined(__INTEL_COMPILER) -#include <smmintrin.h> -#else -__inline int __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_extract_epi32 (__m128i a, const int i) -{ - int r; - asm ("pextrd %2, %1, %0" : "=rm"(r) : "x"(a), "i"(i)); - return r; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_insert_epi32 (__m128i a, int b, const int i) -{ - asm ("pinsrd %2, %1, %0" : "+x"(a) : "rm"(b), "i"(i)); - return a; -} -#endif -#if !defined(__GNUC__) || (defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER) -#include <wmmintrin.h> -#else -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_clmulepi64_si128 (__m128i a, __m128i b, const int i) -{ - asm ("pclmulqdq %2, %1, %0" : "+x"(a) : "xm"(b), "i"(i)); - return a; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_aeskeygenassist_si128 (__m128i a, const int i) -{ - __m128i r; - asm ("aeskeygenassist %2, %1, %0" : "=x"(r) : "xm"(a), "i"(i)); - return r; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_aesimc_si128 (__m128i a) -{ - __m128i r; - asm ("aesimc %1, %0" : "=x"(r) : "xm"(a)); - return r; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_aesenc_si128 (__m128i a, __m128i b) -{ - asm ("aesenc %1, %0" : "+x"(a) : "xm"(b)); - return a; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_aesenclast_si128 (__m128i a, __m128i b) -{ - asm ("aesenclast %1, %0" : "+x"(a) : "xm"(b)); - return a; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_aesdec_si128 (__m128i a, __m128i b) -{ - asm ("aesdec %1, %0" : "+x"(a) : "xm"(b)); - return a; -} -__inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__)) -_mm_aesdeclast_si128 (__m128i a, __m128i b) -{ - asm ("aesdeclast %1, %0" : "+x"(a) : "xm"(b)); - return a; -} -#endif -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 - -#define CRYPTOPP_CPUID_AVAILABLE - -// these should not be used directly -extern CRYPTOPP_DLL bool g_x86DetectionDone; -extern CRYPTOPP_DLL bool g_hasSSSE3; -extern CRYPTOPP_DLL bool g_hasAESNI; -extern CRYPTOPP_DLL bool g_hasCLMUL; -extern CRYPTOPP_DLL bool g_isP4; -extern CRYPTOPP_DLL word32 g_cacheLineSize; -CRYPTOPP_DLL void CRYPTOPP_API DetectX86Features(); -CRYPTOPP_DLL bool CRYPTOPP_API CpuId(word32 input, word32 *output); - -#if CRYPTOPP_BOOL_X64 -inline bool HasSSE2() {return true;} -inline bool HasISSE() {return true;} -inline bool HasMMX() {return true;} -#else - -extern CRYPTOPP_DLL bool g_hasSSE2; -extern CRYPTOPP_DLL bool g_hasISSE; -extern CRYPTOPP_DLL bool g_hasMMX; - -inline bool HasSSE2() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_hasSSE2; -} - -inline bool HasISSE() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_hasISSE; -} - -inline bool HasMMX() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_hasMMX; -} - -#endif - -inline bool HasSSSE3() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_hasSSSE3; -} - -inline bool HasAESNI() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_hasAESNI; -} - -inline bool HasCLMUL() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_hasCLMUL; -} - -inline bool IsP4() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_isP4; -} - -inline int GetCacheLineSize() -{ - if (!g_x86DetectionDone) - DetectX86Features(); - return g_cacheLineSize; -} - -#else - -inline int GetCacheLineSize() -{ - return CRYPTOPP_L1_CACHE_LINE_SIZE; -} - -#endif - -#endif - -#ifdef CRYPTOPP_GENERATE_X64_MASM - #define AS1(x) x*newline* - #define AS2(x, y) x, y*newline* - #define AS3(x, y, z) x, y, z*newline* - #define ASS(x, y, a, b, c, d) x, y, a*64+b*16+c*4+d*newline* - #define ASL(x) label##x:*newline* - #define ASJ(x, y, z) x label##y*newline* - #define ASC(x, y) x label##y*newline* - #define AS_HEX(y) 0##y##h -#elif defined(_MSC_VER) || defined(__BORLANDC__) - #define CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY - #define AS1(x) __asm {x} - #define AS2(x, y) __asm {x, y} - #define AS3(x, y, z) __asm {x, y, z} - #define ASS(x, y, a, b, c, d) __asm {x, y, (a)*64+(b)*16+(c)*4+(d)} - #define ASL(x) __asm {label##x:} - #define ASJ(x, y, z) __asm {x label##y} - #define ASC(x, y) __asm {x label##y} - #define CRYPTOPP_NAKED __declspec(naked) - #define AS_HEX(y) 0x##y -#else - #define CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY - // define these in two steps to allow arguments to be expanded - #define GNU_AS1(x) #x ";" - #define GNU_AS2(x, y) #x ", " #y ";" - #define GNU_AS3(x, y, z) #x ", " #y ", " #z ";" - #define GNU_ASL(x) "\n" #x ":" - #define GNU_ASJ(x, y, z) #x " " #y #z ";" - #define AS1(x) GNU_AS1(x) - #define AS2(x, y) GNU_AS2(x, y) - #define AS3(x, y, z) GNU_AS3(x, y, z) - #define ASS(x, y, a, b, c, d) #x ", " #y ", " #a "*64+" #b "*16+" #c "*4+" #d ";" - #define ASL(x) GNU_ASL(x) - #define ASJ(x, y, z) GNU_ASJ(x, y, z) - #define ASC(x, y) #x " " #y ";" - #define CRYPTOPP_NAKED - #define AS_HEX(y) 0x##y -#endif - -#define IF0(y) -#define IF1(y) y - -#ifdef CRYPTOPP_GENERATE_X64_MASM -#define ASM_MOD(x, y) ((x) MOD (y)) -#define XMMWORD_PTR XMMWORD PTR -#else -// GNU assembler doesn't seem to have mod operator -#define ASM_MOD(x, y) ((x)-((x)/(y))*(y)) -// GAS 2.15 doesn't support XMMWORD PTR. it seems necessary only for MASM -#define XMMWORD_PTR -#endif - -#if CRYPTOPP_BOOL_X86 - #define AS_REG_1 ecx - #define AS_REG_2 edx - #define AS_REG_3 esi - #define AS_REG_4 edi - #define AS_REG_5 eax - #define AS_REG_6 ebx - #define AS_REG_7 ebp - #define AS_REG_1d ecx - #define AS_REG_2d edx - #define AS_REG_3d esi - #define AS_REG_4d edi - #define AS_REG_5d eax - #define AS_REG_6d ebx - #define AS_REG_7d ebp - #define WORD_SZ 4 - #define WORD_REG(x) e##x - #define WORD_PTR DWORD PTR - #define AS_PUSH_IF86(x) AS1(push e##x) - #define AS_POP_IF86(x) AS1(pop e##x) - #define AS_JCXZ jecxz -#elif CRYPTOPP_BOOL_X64 - #ifdef CRYPTOPP_GENERATE_X64_MASM - #define AS_REG_1 rcx - #define AS_REG_2 rdx - #define AS_REG_3 r8 - #define AS_REG_4 r9 - #define AS_REG_5 rax - #define AS_REG_6 r10 - #define AS_REG_7 r11 - #define AS_REG_1d ecx - #define AS_REG_2d edx - #define AS_REG_3d r8d - #define AS_REG_4d r9d - #define AS_REG_5d eax - #define AS_REG_6d r10d - #define AS_REG_7d r11d - #else - #define AS_REG_1 rdi - #define AS_REG_2 rsi - #define AS_REG_3 rdx - #define AS_REG_4 rcx - #define AS_REG_5 r8 - #define AS_REG_6 r9 - #define AS_REG_7 r10 - #define AS_REG_1d edi - #define AS_REG_2d esi - #define AS_REG_3d edx - #define AS_REG_4d ecx - #define AS_REG_5d r8d - #define AS_REG_6d r9d - #define AS_REG_7d r10d - #endif - #define WORD_SZ 8 - #define WORD_REG(x) r##x - #define WORD_PTR QWORD PTR - #define AS_PUSH_IF86(x) - #define AS_POP_IF86(x) - #define AS_JCXZ jrcxz -#endif - -// helper macro for stream cipher output -#define AS_XMM_OUTPUT4(labelPrefix, inputPtr, outputPtr, x0, x1, x2, x3, t, p0, p1, p2, p3, increment)\ - AS2( test inputPtr, inputPtr)\ - ASC( jz, labelPrefix##3)\ - AS2( test inputPtr, 15)\ - ASC( jnz, labelPrefix##7)\ - AS2( pxor xmm##x0, [inputPtr+p0*16])\ - AS2( pxor xmm##x1, [inputPtr+p1*16])\ - AS2( pxor xmm##x2, [inputPtr+p2*16])\ - AS2( pxor xmm##x3, [inputPtr+p3*16])\ - AS2( add inputPtr, increment*16)\ - ASC( jmp, labelPrefix##3)\ - ASL(labelPrefix##7)\ - AS2( movdqu xmm##t, [inputPtr+p0*16])\ - AS2( pxor xmm##x0, xmm##t)\ - AS2( movdqu xmm##t, [inputPtr+p1*16])\ - AS2( pxor xmm##x1, xmm##t)\ - AS2( movdqu xmm##t, [inputPtr+p2*16])\ - AS2( pxor xmm##x2, xmm##t)\ - AS2( movdqu xmm##t, [inputPtr+p3*16])\ - AS2( pxor xmm##x3, xmm##t)\ - AS2( add inputPtr, increment*16)\ - ASL(labelPrefix##3)\ - AS2( test outputPtr, 15)\ - ASC( jnz, labelPrefix##8)\ - AS2( movdqa [outputPtr+p0*16], xmm##x0)\ - AS2( movdqa [outputPtr+p1*16], xmm##x1)\ - AS2( movdqa [outputPtr+p2*16], xmm##x2)\ - AS2( movdqa [outputPtr+p3*16], xmm##x3)\ - ASC( jmp, labelPrefix##9)\ - ASL(labelPrefix##8)\ - AS2( movdqu [outputPtr+p0*16], xmm##x0)\ - AS2( movdqu [outputPtr+p1*16], xmm##x1)\ - AS2( movdqu [outputPtr+p2*16], xmm##x2)\ - AS2( movdqu [outputPtr+p3*16], xmm##x3)\ - ASL(labelPrefix##9)\ - AS2( add outputPtr, increment*16) - -NAMESPACE_END - -#endif diff --git a/cryptopp562/crc.cpp b/cryptopp562/crc.cpp deleted file mode 100644 index 10c25c2..0000000 --- a/cryptopp562/crc.cpp +++ /dev/null @@ -1,160 +0,0 @@ -// crc.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "crc.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -/* Table of CRC-32's of all single byte values (made by makecrc.c) */ -const word32 CRC32::m_tab[] = { -#ifdef IS_LITTLE_ENDIAN - 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, - 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, - 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, - 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, - 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L, - 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L, - 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, - 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, - 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L, - 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL, - 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, - 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, - 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L, - 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL, - 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, - 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, - 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL, - 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L, - 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, - 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, - 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL, - 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L, - 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L, - 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, - 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L, - 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L, - 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L, - 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, - 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L, - 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL, - 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, - 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, - 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L, - 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL, - 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, - 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, - 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL, - 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L, - 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, - 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, - 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL, - 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L, - 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, - 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, - 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L, - 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L, - 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, - 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, - 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L, - 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L, - 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, - 0x2d02ef8dL -#else - 0x00000000L, 0x96300777L, 0x2c610eeeL, 0xba510999L, 0x19c46d07L, - 0x8ff46a70L, 0x35a563e9L, 0xa395649eL, 0x3288db0eL, 0xa4b8dc79L, - 0x1ee9d5e0L, 0x88d9d297L, 0x2b4cb609L, 0xbd7cb17eL, 0x072db8e7L, - 0x911dbf90L, 0x6410b71dL, 0xf220b06aL, 0x4871b9f3L, 0xde41be84L, - 0x7dd4da1aL, 0xebe4dd6dL, 0x51b5d4f4L, 0xc785d383L, 0x56986c13L, - 0xc0a86b64L, 0x7af962fdL, 0xecc9658aL, 0x4f5c0114L, 0xd96c0663L, - 0x633d0ffaL, 0xf50d088dL, 0xc8206e3bL, 0x5e10694cL, 0xe44160d5L, - 0x727167a2L, 0xd1e4033cL, 0x47d4044bL, 0xfd850dd2L, 0x6bb50aa5L, - 0xfaa8b535L, 0x6c98b242L, 0xd6c9bbdbL, 0x40f9bcacL, 0xe36cd832L, - 0x755cdf45L, 0xcf0dd6dcL, 0x593dd1abL, 0xac30d926L, 0x3a00de51L, - 0x8051d7c8L, 0x1661d0bfL, 0xb5f4b421L, 0x23c4b356L, 0x9995bacfL, - 0x0fa5bdb8L, 0x9eb80228L, 0x0888055fL, 0xb2d90cc6L, 0x24e90bb1L, - 0x877c6f2fL, 0x114c6858L, 0xab1d61c1L, 0x3d2d66b6L, 0x9041dc76L, - 0x0671db01L, 0xbc20d298L, 0x2a10d5efL, 0x8985b171L, 0x1fb5b606L, - 0xa5e4bf9fL, 0x33d4b8e8L, 0xa2c90778L, 0x34f9000fL, 0x8ea80996L, - 0x18980ee1L, 0xbb0d6a7fL, 0x2d3d6d08L, 0x976c6491L, 0x015c63e6L, - 0xf4516b6bL, 0x62616c1cL, 0xd8306585L, 0x4e0062f2L, 0xed95066cL, - 0x7ba5011bL, 0xc1f40882L, 0x57c40ff5L, 0xc6d9b065L, 0x50e9b712L, - 0xeab8be8bL, 0x7c88b9fcL, 0xdf1ddd62L, 0x492dda15L, 0xf37cd38cL, - 0x654cd4fbL, 0x5861b24dL, 0xce51b53aL, 0x7400bca3L, 0xe230bbd4L, - 0x41a5df4aL, 0xd795d83dL, 0x6dc4d1a4L, 0xfbf4d6d3L, 0x6ae96943L, - 0xfcd96e34L, 0x468867adL, 0xd0b860daL, 0x732d0444L, 0xe51d0333L, - 0x5f4c0aaaL, 0xc97c0dddL, 0x3c710550L, 0xaa410227L, 0x10100bbeL, - 0x86200cc9L, 0x25b56857L, 0xb3856f20L, 0x09d466b9L, 0x9fe461ceL, - 0x0ef9de5eL, 0x98c9d929L, 0x2298d0b0L, 0xb4a8d7c7L, 0x173db359L, - 0x810db42eL, 0x3b5cbdb7L, 0xad6cbac0L, 0x2083b8edL, 0xb6b3bf9aL, - 0x0ce2b603L, 0x9ad2b174L, 0x3947d5eaL, 0xaf77d29dL, 0x1526db04L, - 0x8316dc73L, 0x120b63e3L, 0x843b6494L, 0x3e6a6d0dL, 0xa85a6a7aL, - 0x0bcf0ee4L, 0x9dff0993L, 0x27ae000aL, 0xb19e077dL, 0x44930ff0L, - 0xd2a30887L, 0x68f2011eL, 0xfec20669L, 0x5d5762f7L, 0xcb676580L, - 0x71366c19L, 0xe7066b6eL, 0x761bd4feL, 0xe02bd389L, 0x5a7ada10L, - 0xcc4add67L, 0x6fdfb9f9L, 0xf9efbe8eL, 0x43beb717L, 0xd58eb060L, - 0xe8a3d6d6L, 0x7e93d1a1L, 0xc4c2d838L, 0x52f2df4fL, 0xf167bbd1L, - 0x6757bca6L, 0xdd06b53fL, 0x4b36b248L, 0xda2b0dd8L, 0x4c1b0aafL, - 0xf64a0336L, 0x607a0441L, 0xc3ef60dfL, 0x55df67a8L, 0xef8e6e31L, - 0x79be6946L, 0x8cb361cbL, 0x1a8366bcL, 0xa0d26f25L, 0x36e26852L, - 0x95770cccL, 0x03470bbbL, 0xb9160222L, 0x2f260555L, 0xbe3bbac5L, - 0x280bbdb2L, 0x925ab42bL, 0x046ab35cL, 0xa7ffd7c2L, 0x31cfd0b5L, - 0x8b9ed92cL, 0x1daede5bL, 0xb0c2649bL, 0x26f263ecL, 0x9ca36a75L, - 0x0a936d02L, 0xa906099cL, 0x3f360eebL, 0x85670772L, 0x13570005L, - 0x824abf95L, 0x147ab8e2L, 0xae2bb17bL, 0x381bb60cL, 0x9b8ed292L, - 0x0dbed5e5L, 0xb7efdc7cL, 0x21dfdb0bL, 0xd4d2d386L, 0x42e2d4f1L, - 0xf8b3dd68L, 0x6e83da1fL, 0xcd16be81L, 0x5b26b9f6L, 0xe177b06fL, - 0x7747b718L, 0xe65a0888L, 0x706a0fffL, 0xca3b0666L, 0x5c0b0111L, - 0xff9e658fL, 0x69ae62f8L, 0xd3ff6b61L, 0x45cf6c16L, 0x78e20aa0L, - 0xeed20dd7L, 0x5483044eL, 0xc2b30339L, 0x612667a7L, 0xf71660d0L, - 0x4d476949L, 0xdb776e3eL, 0x4a6ad1aeL, 0xdc5ad6d9L, 0x660bdf40L, - 0xf03bd837L, 0x53aebca9L, 0xc59ebbdeL, 0x7fcfb247L, 0xe9ffb530L, - 0x1cf2bdbdL, 0x8ac2bacaL, 0x3093b353L, 0xa6a3b424L, 0x0536d0baL, - 0x9306d7cdL, 0x2957de54L, 0xbf67d923L, 0x2e7a66b3L, 0xb84a61c4L, - 0x021b685dL, 0x942b6f2aL, 0x37be0bb4L, 0xa18e0cc3L, 0x1bdf055aL, - 0x8def022dL -#endif -}; - -CRC32::CRC32() -{ - Reset(); -} - -void CRC32::Update(const byte *s, size_t n) -{ - word32 crc = m_crc; - - for(; !IsAligned<word32>(s) && n > 0; n--) - crc = m_tab[CRC32_INDEX(crc) ^ *s++] ^ CRC32_SHIFTED(crc); - - while (n >= 4) - { - crc ^= *(const word32 *)s; - crc = m_tab[CRC32_INDEX(crc)] ^ CRC32_SHIFTED(crc); - crc = m_tab[CRC32_INDEX(crc)] ^ CRC32_SHIFTED(crc); - crc = m_tab[CRC32_INDEX(crc)] ^ CRC32_SHIFTED(crc); - crc = m_tab[CRC32_INDEX(crc)] ^ CRC32_SHIFTED(crc); - n -= 4; - s += 4; - } - - while (n--) - crc = m_tab[CRC32_INDEX(crc) ^ *s++] ^ CRC32_SHIFTED(crc); - - m_crc = crc; -} - -void CRC32::TruncatedFinal(byte *hash, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - m_crc ^= CRC32_NEGL; - for (size_t i=0; i<size; i++) - hash[i] = GetCrcByte(i); - - Reset(); -} - -NAMESPACE_END diff --git a/cryptopp562/crc.h b/cryptopp562/crc.h deleted file mode 100644 index f75ea38..0000000 --- a/cryptopp562/crc.h +++ /dev/null @@ -1,42 +0,0 @@ -#ifndef CRYPTOPP_CRC32_H -#define CRYPTOPP_CRC32_H - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -const word32 CRC32_NEGL = 0xffffffffL; - -#ifdef IS_LITTLE_ENDIAN -#define CRC32_INDEX(c) (c & 0xff) -#define CRC32_SHIFTED(c) (c >> 8) -#else -#define CRC32_INDEX(c) (c >> 24) -#define CRC32_SHIFTED(c) (c << 8) -#endif - -//! CRC Checksum Calculation -class CRC32 : public HashTransformation -{ -public: - CRYPTOPP_CONSTANT(DIGESTSIZE = 4) - CRC32(); - void Update(const byte *input, size_t length); - void TruncatedFinal(byte *hash, size_t size); - unsigned int DigestSize() const {return DIGESTSIZE;} - static const char * StaticAlgorithmName() {return "CRC32";} - std::string AlgorithmName() const {return StaticAlgorithmName();} - - void UpdateByte(byte b) {m_crc = m_tab[CRC32_INDEX(m_crc) ^ b] ^ CRC32_SHIFTED(m_crc);} - byte GetCrcByte(size_t i) const {return ((byte *)&(m_crc))[i];} - -private: - void Reset() {m_crc = CRC32_NEGL;} - - static const word32 m_tab[256]; - word32 m_crc; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cryptlib.cpp b/cryptopp562/cryptlib.cpp deleted file mode 100644 index df138dd..0000000 --- a/cryptopp562/cryptlib.cpp +++ /dev/null @@ -1,828 +0,0 @@ -// cryptlib.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "cryptlib.h" -#include "misc.h" -#include "filters.h" -#include "algparam.h" -#include "fips140.h" -#include "argnames.h" -#include "fltrimpl.h" -#include "trdlocal.h" -#include "osrng.h" - -#include <memory> - -NAMESPACE_BEGIN(CryptoPP) - -CRYPTOPP_COMPILE_ASSERT(sizeof(byte) == 1); -CRYPTOPP_COMPILE_ASSERT(sizeof(word16) == 2); -CRYPTOPP_COMPILE_ASSERT(sizeof(word32) == 4); -CRYPTOPP_COMPILE_ASSERT(sizeof(word64) == 8); -#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE -CRYPTOPP_COMPILE_ASSERT(sizeof(dword) == 2*sizeof(word)); -#endif - -const std::string DEFAULT_CHANNEL; -const std::string AAD_CHANNEL = "AAD"; -const std::string &BufferedTransformation::NULL_CHANNEL = DEFAULT_CHANNEL; - -class NullNameValuePairs : public NameValuePairs -{ -public: - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const {return false;} -}; - -simple_ptr<NullNameValuePairs> s_pNullNameValuePairs(new NullNameValuePairs); -const NameValuePairs &g_nullNameValuePairs = *s_pNullNameValuePairs.m_p; - -BufferedTransformation & TheBitBucket() -{ - static BitBucket bitBucket; - return bitBucket; -} - -Algorithm::Algorithm(bool checkSelfTestStatus) -{ - if (checkSelfTestStatus && FIPS_140_2_ComplianceEnabled()) - { - if (GetPowerUpSelfTestStatus() == POWER_UP_SELF_TEST_NOT_DONE && !PowerUpSelfTestInProgressOnThisThread()) - throw SelfTestFailure("Cryptographic algorithms are disabled before the power-up self tests are performed."); - - if (GetPowerUpSelfTestStatus() == POWER_UP_SELF_TEST_FAILED) - throw SelfTestFailure("Cryptographic algorithms are disabled after a power-up self test failed."); - } -} - -void SimpleKeyingInterface::SetKey(const byte *key, size_t length, const NameValuePairs ¶ms) -{ - this->ThrowIfInvalidKeyLength(length); - this->UncheckedSetKey(key, (unsigned int)length, params); -} - -void SimpleKeyingInterface::SetKeyWithRounds(const byte *key, size_t length, int rounds) -{ - SetKey(key, length, MakeParameters(Name::Rounds(), rounds)); -} - -void SimpleKeyingInterface::SetKeyWithIV(const byte *key, size_t length, const byte *iv, size_t ivLength) -{ - SetKey(key, length, MakeParameters(Name::IV(), ConstByteArrayParameter(iv, ivLength))); -} - -void SimpleKeyingInterface::ThrowIfInvalidKeyLength(size_t length) -{ - if (!IsValidKeyLength(length)) - throw InvalidKeyLength(GetAlgorithm().AlgorithmName(), length); -} - -void SimpleKeyingInterface::ThrowIfResynchronizable() -{ - if (IsResynchronizable()) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": this object requires an IV"); -} - -void SimpleKeyingInterface::ThrowIfInvalidIV(const byte *iv) -{ - if (!iv && IVRequirement() == UNPREDICTABLE_RANDOM_IV) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": this object cannot use a null IV"); -} - -size_t SimpleKeyingInterface::ThrowIfInvalidIVLength(int size) -{ - if (size < 0) - return IVSize(); - else if ((size_t)size < MinIVLength()) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": IV length " + IntToString(size) + " is less than the minimum of " + IntToString(MinIVLength())); - else if ((size_t)size > MaxIVLength()) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": IV length " + IntToString(size) + " exceeds the maximum of " + IntToString(MaxIVLength())); - else - return size; -} - -const byte * SimpleKeyingInterface::GetIVAndThrowIfInvalid(const NameValuePairs ¶ms, size_t &size) -{ - ConstByteArrayParameter ivWithLength; - const byte *iv; - bool found = false; - - try {found = params.GetValue(Name::IV(), ivWithLength);} - catch (const NameValuePairs::ValueTypeMismatch &) {} - - if (found) - { - iv = ivWithLength.begin(); - ThrowIfInvalidIV(iv); - size = ThrowIfInvalidIVLength((int)ivWithLength.size()); - return iv; - } - else if (params.GetValue(Name::IV(), iv)) - { - ThrowIfInvalidIV(iv); - size = IVSize(); - return iv; - } - else - { - ThrowIfResynchronizable(); - size = 0; - return NULL; - } -} - -void SimpleKeyingInterface::GetNextIV(RandomNumberGenerator &rng, byte *IV) -{ - rng.GenerateBlock(IV, IVSize()); -} - -size_t BlockTransformation::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const -{ - size_t blockSize = BlockSize(); - size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; - size_t xorIncrement = xorBlocks ? blockSize : 0; - size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; - - if (flags & BT_ReverseDirection) - { - assert(length % blockSize == 0); - inBlocks += length - blockSize; - xorBlocks += length - blockSize; - outBlocks += length - blockSize; - inIncrement = 0-inIncrement; - xorIncrement = 0-xorIncrement; - outIncrement = 0-outIncrement; - } - - while (length >= blockSize) - { - if (flags & BT_XorInput) - { - xorbuf(outBlocks, xorBlocks, inBlocks, blockSize); - ProcessBlock(outBlocks); - } - else - ProcessAndXorBlock(inBlocks, xorBlocks, outBlocks); - if (flags & BT_InBlockIsCounter) - const_cast<byte *>(inBlocks)[blockSize-1]++; - inBlocks += inIncrement; - outBlocks += outIncrement; - xorBlocks += xorIncrement; - length -= blockSize; - } - - return length; -} - -unsigned int BlockTransformation::OptimalDataAlignment() const -{ - return GetAlignmentOf<word32>(); -} - -unsigned int StreamTransformation::OptimalDataAlignment() const -{ - return GetAlignmentOf<word32>(); -} - -unsigned int HashTransformation::OptimalDataAlignment() const -{ - return GetAlignmentOf<word32>(); -} - -void StreamTransformation::ProcessLastBlock(byte *outString, const byte *inString, size_t length) -{ - assert(MinLastBlockSize() == 0); // this function should be overriden otherwise - - if (length == MandatoryBlockSize()) - ProcessData(outString, inString, length); - else if (length != 0) - throw NotImplemented(AlgorithmName() + ": this object does't support a special last block"); -} - -void AuthenticatedSymmetricCipher::SpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength) -{ - if (headerLength > MaxHeaderLength()) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": header length " + IntToString(headerLength) + " exceeds the maximum of " + IntToString(MaxHeaderLength())); - - if (messageLength > MaxMessageLength()) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": message length " + IntToString(messageLength) + " exceeds the maximum of " + IntToString(MaxMessageLength())); - - if (footerLength > MaxFooterLength()) - throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": footer length " + IntToString(footerLength) + " exceeds the maximum of " + IntToString(MaxFooterLength())); - - UncheckedSpecifyDataLengths(headerLength, messageLength, footerLength); -} - -void AuthenticatedSymmetricCipher::EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength) -{ - Resynchronize(iv, ivLength); - SpecifyDataLengths(headerLength, messageLength); - Update(header, headerLength); - ProcessString(ciphertext, message, messageLength); - TruncatedFinal(mac, macSize); -} - -bool AuthenticatedSymmetricCipher::DecryptAndVerify(byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength) -{ - Resynchronize(iv, ivLength); - SpecifyDataLengths(headerLength, ciphertextLength); - Update(header, headerLength); - ProcessString(message, ciphertext, ciphertextLength); - return TruncatedVerify(mac, macLength); -} - -unsigned int RandomNumberGenerator::GenerateBit() -{ - return GenerateByte() & 1; -} - -byte RandomNumberGenerator::GenerateByte() -{ - byte b; - GenerateBlock(&b, 1); - return b; -} - -word32 RandomNumberGenerator::GenerateWord32(word32 min, word32 max) -{ - word32 range = max-min; - const int maxBits = BitPrecision(range); - - word32 value; - - do - { - GenerateBlock((byte *)&value, sizeof(value)); - value = Crop(value, maxBits); - } while (value > range); - - return value+min; -} - -void RandomNumberGenerator::GenerateBlock(byte *output, size_t size) -{ - ArraySink s(output, size); - GenerateIntoBufferedTransformation(s, DEFAULT_CHANNEL, size); -} - -void RandomNumberGenerator::DiscardBytes(size_t n) -{ - GenerateIntoBufferedTransformation(TheBitBucket(), DEFAULT_CHANNEL, n); -} - -void RandomNumberGenerator::GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length) -{ - FixedSizeSecBlock<byte, 256> buffer; - while (length) - { - size_t len = UnsignedMin(buffer.size(), length); - GenerateBlock(buffer, len); - target.ChannelPut(channel, buffer, len); - length -= len; - } -} - -//! see NullRNG() -class ClassNullRNG : public RandomNumberGenerator -{ -public: - std::string AlgorithmName() const {return "NullRNG";} - void GenerateBlock(byte *output, size_t size) {throw NotImplemented("NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes");} -}; - -RandomNumberGenerator & NullRNG() -{ - static ClassNullRNG s_nullRNG; - return s_nullRNG; -} - -bool HashTransformation::TruncatedVerify(const byte *digestIn, size_t digestLength) -{ - ThrowIfInvalidTruncatedSize(digestLength); - SecByteBlock digest(digestLength); - TruncatedFinal(digest, digestLength); - return VerifyBufsEqual(digest, digestIn, digestLength); -} - -void HashTransformation::ThrowIfInvalidTruncatedSize(size_t size) const -{ - if (size > DigestSize()) - throw InvalidArgument("HashTransformation: can't truncate a " + IntToString(DigestSize()) + " byte digest to " + IntToString(size) + " bytes"); -} - -unsigned int BufferedTransformation::GetMaxWaitObjectCount() const -{ - const BufferedTransformation *t = AttachedTransformation(); - return t ? t->GetMaxWaitObjectCount() : 0; -} - -void BufferedTransformation::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - BufferedTransformation *t = AttachedTransformation(); - if (t) - t->GetWaitObjects(container, callStack); // reduce clutter by not adding to stack here -} - -void BufferedTransformation::Initialize(const NameValuePairs ¶meters, int propagation) -{ - assert(!AttachedTransformation()); - IsolatedInitialize(parameters); -} - -bool BufferedTransformation::Flush(bool hardFlush, int propagation, bool blocking) -{ - assert(!AttachedTransformation()); - return IsolatedFlush(hardFlush, blocking); -} - -bool BufferedTransformation::MessageSeriesEnd(int propagation, bool blocking) -{ - assert(!AttachedTransformation()); - return IsolatedMessageSeriesEnd(blocking); -} - -byte * BufferedTransformation::ChannelCreatePutSpace(const std::string &channel, size_t &size) -{ - if (channel.empty()) - return CreatePutSpace(size); - else - throw NoChannelSupport(AlgorithmName()); -} - -size_t BufferedTransformation::ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (channel.empty()) - return Put2(begin, length, messageEnd, blocking); - else - throw NoChannelSupport(AlgorithmName()); -} - -size_t BufferedTransformation::ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (channel.empty()) - return PutModifiable2(begin, length, messageEnd, blocking); - else - return ChannelPut2(channel, begin, length, messageEnd, blocking); -} - -bool BufferedTransformation::ChannelFlush(const std::string &channel, bool completeFlush, int propagation, bool blocking) -{ - if (channel.empty()) - return Flush(completeFlush, propagation, blocking); - else - throw NoChannelSupport(AlgorithmName()); -} - -bool BufferedTransformation::ChannelMessageSeriesEnd(const std::string &channel, int propagation, bool blocking) -{ - if (channel.empty()) - return MessageSeriesEnd(propagation, blocking); - else - throw NoChannelSupport(AlgorithmName()); -} - -lword BufferedTransformation::MaxRetrievable() const -{ - if (AttachedTransformation()) - return AttachedTransformation()->MaxRetrievable(); - else - return CopyTo(TheBitBucket()); -} - -bool BufferedTransformation::AnyRetrievable() const -{ - if (AttachedTransformation()) - return AttachedTransformation()->AnyRetrievable(); - else - { - byte b; - return Peek(b) != 0; - } -} - -size_t BufferedTransformation::Get(byte &outByte) -{ - if (AttachedTransformation()) - return AttachedTransformation()->Get(outByte); - else - return Get(&outByte, 1); -} - -size_t BufferedTransformation::Get(byte *outString, size_t getMax) -{ - if (AttachedTransformation()) - return AttachedTransformation()->Get(outString, getMax); - else - { - ArraySink arraySink(outString, getMax); - return (size_t)TransferTo(arraySink, getMax); - } -} - -size_t BufferedTransformation::Peek(byte &outByte) const -{ - if (AttachedTransformation()) - return AttachedTransformation()->Peek(outByte); - else - return Peek(&outByte, 1); -} - -size_t BufferedTransformation::Peek(byte *outString, size_t peekMax) const -{ - if (AttachedTransformation()) - return AttachedTransformation()->Peek(outString, peekMax); - else - { - ArraySink arraySink(outString, peekMax); - return (size_t)CopyTo(arraySink, peekMax); - } -} - -lword BufferedTransformation::Skip(lword skipMax) -{ - if (AttachedTransformation()) - return AttachedTransformation()->Skip(skipMax); - else - return TransferTo(TheBitBucket(), skipMax); -} - -lword BufferedTransformation::TotalBytesRetrievable() const -{ - if (AttachedTransformation()) - return AttachedTransformation()->TotalBytesRetrievable(); - else - return MaxRetrievable(); -} - -unsigned int BufferedTransformation::NumberOfMessages() const -{ - if (AttachedTransformation()) - return AttachedTransformation()->NumberOfMessages(); - else - return CopyMessagesTo(TheBitBucket()); -} - -bool BufferedTransformation::AnyMessages() const -{ - if (AttachedTransformation()) - return AttachedTransformation()->AnyMessages(); - else - return NumberOfMessages() != 0; -} - -bool BufferedTransformation::GetNextMessage() -{ - if (AttachedTransformation()) - return AttachedTransformation()->GetNextMessage(); - else - { - assert(!AnyMessages()); - return false; - } -} - -unsigned int BufferedTransformation::SkipMessages(unsigned int count) -{ - if (AttachedTransformation()) - return AttachedTransformation()->SkipMessages(count); - else - return TransferMessagesTo(TheBitBucket(), count); -} - -size_t BufferedTransformation::TransferMessagesTo2(BufferedTransformation &target, unsigned int &messageCount, const std::string &channel, bool blocking) -{ - if (AttachedTransformation()) - return AttachedTransformation()->TransferMessagesTo2(target, messageCount, channel, blocking); - else - { - unsigned int maxMessages = messageCount; - for (messageCount=0; messageCount < maxMessages && AnyMessages(); messageCount++) - { - size_t blockedBytes; - lword transferredBytes; - - while (AnyRetrievable()) - { - transferredBytes = LWORD_MAX; - blockedBytes = TransferTo2(target, transferredBytes, channel, blocking); - if (blockedBytes > 0) - return blockedBytes; - } - - if (target.ChannelMessageEnd(channel, GetAutoSignalPropagation(), blocking)) - return 1; - - bool result = GetNextMessage(); - assert(result); - } - return 0; - } -} - -unsigned int BufferedTransformation::CopyMessagesTo(BufferedTransformation &target, unsigned int count, const std::string &channel) const -{ - if (AttachedTransformation()) - return AttachedTransformation()->CopyMessagesTo(target, count, channel); - else - return 0; -} - -void BufferedTransformation::SkipAll() -{ - if (AttachedTransformation()) - AttachedTransformation()->SkipAll(); - else - { - while (SkipMessages()) {} - while (Skip()) {} - } -} - -size_t BufferedTransformation::TransferAllTo2(BufferedTransformation &target, const std::string &channel, bool blocking) -{ - if (AttachedTransformation()) - return AttachedTransformation()->TransferAllTo2(target, channel, blocking); - else - { - assert(!NumberOfMessageSeries()); - - unsigned int messageCount; - do - { - messageCount = UINT_MAX; - size_t blockedBytes = TransferMessagesTo2(target, messageCount, channel, blocking); - if (blockedBytes) - return blockedBytes; - } - while (messageCount != 0); - - lword byteCount; - do - { - byteCount = ULONG_MAX; - size_t blockedBytes = TransferTo2(target, byteCount, channel, blocking); - if (blockedBytes) - return blockedBytes; - } - while (byteCount != 0); - - return 0; - } -} - -void BufferedTransformation::CopyAllTo(BufferedTransformation &target, const std::string &channel) const -{ - if (AttachedTransformation()) - AttachedTransformation()->CopyAllTo(target, channel); - else - { - assert(!NumberOfMessageSeries()); - while (CopyMessagesTo(target, UINT_MAX, channel)) {} - } -} - -void BufferedTransformation::SetRetrievalChannel(const std::string &channel) -{ - if (AttachedTransformation()) - AttachedTransformation()->SetRetrievalChannel(channel); -} - -size_t BufferedTransformation::ChannelPutWord16(const std::string &channel, word16 value, ByteOrder order, bool blocking) -{ - PutWord(false, order, m_buf, value); - return ChannelPut(channel, m_buf, 2, blocking); -} - -size_t BufferedTransformation::ChannelPutWord32(const std::string &channel, word32 value, ByteOrder order, bool blocking) -{ - PutWord(false, order, m_buf, value); - return ChannelPut(channel, m_buf, 4, blocking); -} - -size_t BufferedTransformation::PutWord16(word16 value, ByteOrder order, bool blocking) -{ - return ChannelPutWord16(DEFAULT_CHANNEL, value, order, blocking); -} - -size_t BufferedTransformation::PutWord32(word32 value, ByteOrder order, bool blocking) -{ - return ChannelPutWord32(DEFAULT_CHANNEL, value, order, blocking); -} - -size_t BufferedTransformation::PeekWord16(word16 &value, ByteOrder order) const -{ - byte buf[2] = {0, 0}; - size_t len = Peek(buf, 2); - - if (order) - value = (buf[0] << 8) | buf[1]; - else - value = (buf[1] << 8) | buf[0]; - - return len; -} - -size_t BufferedTransformation::PeekWord32(word32 &value, ByteOrder order) const -{ - byte buf[4] = {0, 0, 0, 0}; - size_t len = Peek(buf, 4); - - if (order) - value = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf [3]; - else - value = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf [0]; - - return len; -} - -size_t BufferedTransformation::GetWord16(word16 &value, ByteOrder order) -{ - return (size_t)Skip(PeekWord16(value, order)); -} - -size_t BufferedTransformation::GetWord32(word32 &value, ByteOrder order) -{ - return (size_t)Skip(PeekWord32(value, order)); -} - -void BufferedTransformation::Attach(BufferedTransformation *newOut) -{ - if (AttachedTransformation() && AttachedTransformation()->Attachable()) - AttachedTransformation()->Attach(newOut); - else - Detach(newOut); -} - -void GeneratableCryptoMaterial::GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize) -{ - GenerateRandom(rng, MakeParameters("KeySize", (int)keySize)); -} - -class PK_DefaultEncryptionFilter : public Unflushable<Filter> -{ -public: - PK_DefaultEncryptionFilter(RandomNumberGenerator &rng, const PK_Encryptor &encryptor, BufferedTransformation *attachment, const NameValuePairs ¶meters) - : m_rng(rng), m_encryptor(encryptor), m_parameters(parameters) - { - Detach(attachment); - } - - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) - { - FILTER_BEGIN; - m_plaintextQueue.Put(inString, length); - - if (messageEnd) - { - { - size_t plaintextLength; - if (!SafeConvert(m_plaintextQueue.CurrentSize(), plaintextLength)) - throw InvalidArgument("PK_DefaultEncryptionFilter: plaintext too long"); - size_t ciphertextLength = m_encryptor.CiphertextLength(plaintextLength); - - SecByteBlock plaintext(plaintextLength); - m_plaintextQueue.Get(plaintext, plaintextLength); - m_ciphertext.resize(ciphertextLength); - m_encryptor.Encrypt(m_rng, plaintext, plaintextLength, m_ciphertext, m_parameters); - } - - FILTER_OUTPUT(1, m_ciphertext, m_ciphertext.size(), messageEnd); - } - FILTER_END_NO_MESSAGE_END; - } - - RandomNumberGenerator &m_rng; - const PK_Encryptor &m_encryptor; - const NameValuePairs &m_parameters; - ByteQueue m_plaintextQueue; - SecByteBlock m_ciphertext; -}; - -BufferedTransformation * PK_Encryptor::CreateEncryptionFilter(RandomNumberGenerator &rng, BufferedTransformation *attachment, const NameValuePairs ¶meters) const -{ - return new PK_DefaultEncryptionFilter(rng, *this, attachment, parameters); -} - -class PK_DefaultDecryptionFilter : public Unflushable<Filter> -{ -public: - PK_DefaultDecryptionFilter(RandomNumberGenerator &rng, const PK_Decryptor &decryptor, BufferedTransformation *attachment, const NameValuePairs ¶meters) - : m_rng(rng), m_decryptor(decryptor), m_parameters(parameters) - { - Detach(attachment); - } - - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) - { - FILTER_BEGIN; - m_ciphertextQueue.Put(inString, length); - - if (messageEnd) - { - { - size_t ciphertextLength; - if (!SafeConvert(m_ciphertextQueue.CurrentSize(), ciphertextLength)) - throw InvalidArgument("PK_DefaultDecryptionFilter: ciphertext too long"); - size_t maxPlaintextLength = m_decryptor.MaxPlaintextLength(ciphertextLength); - - SecByteBlock ciphertext(ciphertextLength); - m_ciphertextQueue.Get(ciphertext, ciphertextLength); - m_plaintext.resize(maxPlaintextLength); - m_result = m_decryptor.Decrypt(m_rng, ciphertext, ciphertextLength, m_plaintext, m_parameters); - if (!m_result.isValidCoding) - throw InvalidCiphertext(m_decryptor.AlgorithmName() + ": invalid ciphertext"); - } - - FILTER_OUTPUT(1, m_plaintext, m_result.messageLength, messageEnd); - } - FILTER_END_NO_MESSAGE_END; - } - - RandomNumberGenerator &m_rng; - const PK_Decryptor &m_decryptor; - const NameValuePairs &m_parameters; - ByteQueue m_ciphertextQueue; - SecByteBlock m_plaintext; - DecodingResult m_result; -}; - -BufferedTransformation * PK_Decryptor::CreateDecryptionFilter(RandomNumberGenerator &rng, BufferedTransformation *attachment, const NameValuePairs ¶meters) const -{ - return new PK_DefaultDecryptionFilter(rng, *this, attachment, parameters); -} - -size_t PK_Signer::Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const -{ - std::auto_ptr<PK_MessageAccumulator> m(messageAccumulator); - return SignAndRestart(rng, *m, signature, false); -} - -size_t PK_Signer::SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const -{ - std::auto_ptr<PK_MessageAccumulator> m(NewSignatureAccumulator(rng)); - m->Update(message, messageLen); - return SignAndRestart(rng, *m, signature, false); -} - -size_t PK_Signer::SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, - const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const -{ - std::auto_ptr<PK_MessageAccumulator> m(NewSignatureAccumulator(rng)); - InputRecoverableMessage(*m, recoverableMessage, recoverableMessageLength); - m->Update(nonrecoverableMessage, nonrecoverableMessageLength); - return SignAndRestart(rng, *m, signature, false); -} - -bool PK_Verifier::Verify(PK_MessageAccumulator *messageAccumulator) const -{ - std::auto_ptr<PK_MessageAccumulator> m(messageAccumulator); - return VerifyAndRestart(*m); -} - -bool PK_Verifier::VerifyMessage(const byte *message, size_t messageLen, const byte *signature, size_t signatureLength) const -{ - std::auto_ptr<PK_MessageAccumulator> m(NewVerificationAccumulator()); - InputSignature(*m, signature, signatureLength); - m->Update(message, messageLen); - return VerifyAndRestart(*m); -} - -DecodingResult PK_Verifier::Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const -{ - std::auto_ptr<PK_MessageAccumulator> m(messageAccumulator); - return RecoverAndRestart(recoveredMessage, *m); -} - -DecodingResult PK_Verifier::RecoverMessage(byte *recoveredMessage, - const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, - const byte *signature, size_t signatureLength) const -{ - std::auto_ptr<PK_MessageAccumulator> m(NewVerificationAccumulator()); - InputSignature(*m, signature, signatureLength); - m->Update(nonrecoverableMessage, nonrecoverableMessageLength); - return RecoverAndRestart(recoveredMessage, *m); -} - -void SimpleKeyAgreementDomain::GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const -{ - GeneratePrivateKey(rng, privateKey); - GeneratePublicKey(rng, privateKey, publicKey); -} - -void AuthenticatedKeyAgreementDomain::GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const -{ - GenerateStaticPrivateKey(rng, privateKey); - GenerateStaticPublicKey(rng, privateKey, publicKey); -} - -void AuthenticatedKeyAgreementDomain::GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const -{ - GenerateEphemeralPrivateKey(rng, privateKey); - GenerateEphemeralPublicKey(rng, privateKey, publicKey); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cryptlib.h b/cryptopp562/cryptlib.h deleted file mode 100644 index 4068722..0000000 --- a/cryptopp562/cryptlib.h +++ /dev/null @@ -1,1655 +0,0 @@ -// cryptlib.h - written and placed in the public domain by Wei Dai -/*! \file - This file contains the declarations for the abstract base - classes that provide a uniform interface to this library. -*/ - -/*! \mainpage Crypto++ Library 5.6.2 API Reference -<dl> -<dt>Abstract Base Classes<dd> - cryptlib.h -<dt>Authenticated Encryption<dd> - AuthenticatedSymmetricCipherDocumentation -<dt>Symmetric Ciphers<dd> - SymmetricCipherDocumentation -<dt>Hash Functions<dd> - SHA1, SHA224, SHA256, SHA384, SHA512, Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak1::MD2, Weak1::MD4, Weak1::MD5 -<dt>Non-Cryptographic Checksums<dd> - CRC32, Adler32 -<dt>Message Authentication Codes<dd> - VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, GCM (GMAC) -<dt>Random Number Generators<dd> - NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG, #DefaultAutoSeededRNG -<dt>Password-based Cryptography<dd> - PasswordBasedKeyDerivationFunction -<dt>Public Key Cryptosystems<dd> - DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES -<dt>Public Key Signature Schemes<dd> - DSA2, GDSA, ECDSA, NR, ECNR, LUCSS, RSASS, RSASS_ISO, RabinSS, RWSS, ESIGN -<dt>Key Agreement<dd> - #DH, DH2, #MQV, ECDH, ECMQV, XTR_DH -<dt>Algebraic Structures<dd> - Integer, PolynomialMod2, PolynomialOver, RingOfPolynomialsOver, - ModularArithmetic, MontgomeryRepresentation, GFP2_ONB, - GF2NP, GF256, GF2_32, EC2N, ECP -<dt>Secret Sharing and Information Dispersal<dd> - SecretSharing, SecretRecovery, InformationDispersal, InformationRecovery -<dt>Compression<dd> - Deflator, Inflator, Gzip, Gunzip, ZlibCompressor, ZlibDecompressor -<dt>Input Source Classes<dd> - StringSource, #ArraySource, FileSource, SocketSource, WindowsPipeSource, RandomNumberSource -<dt>Output Sink Classes<dd> - StringSinkTemplate, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink -<dt>Filter Wrappers<dd> - StreamTransformationFilter, HashFilter, HashVerificationFilter, SignerFilter, SignatureVerificationFilter -<dt>Binary to Text Encoders and Decoders<dd> - HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base32Encoder, Base32Decoder -<dt>Wrappers for OS features<dd> - Timer, Socket, WindowsHandle, ThreadLocalStorage, ThreadUserTimer -<dt>FIPS 140 related<dd> - fips140.h -</dl> - -In the DLL version of Crypto++, only the following implementation class are available. -<dl> -<dt>Block Ciphers<dd> - AES, DES_EDE2, DES_EDE3, SKIPJACK -<dt>Cipher Modes (replace template parameter BC with one of the block ciphers above)<dd> - ECB_Mode\<BC\>, CTR_Mode\<BC\>, CBC_Mode\<BC\>, CFB_FIPS_Mode\<BC\>, OFB_Mode\<BC\>, GCM\<AES\> -<dt>Hash Functions<dd> - SHA1, SHA224, SHA256, SHA384, SHA512 -<dt>Public Key Signature Schemes (replace template parameter H with one of the hash functions above)<dd> - RSASS\<PKCS1v15, H\>, RSASS\<PSS, H\>, RSASS_ISO\<H\>, RWSS\<P1363_EMSA2, H\>, DSA, ECDSA\<ECP, H\>, ECDSA\<EC2N, H\> -<dt>Message Authentication Codes (replace template parameter H with one of the hash functions above)<dd> - HMAC\<H\>, CBC_MAC\<DES_EDE2\>, CBC_MAC\<DES_EDE3\>, GCM\<AES\> -<dt>Random Number Generators<dd> - #DefaultAutoSeededRNG (AutoSeededX917RNG\<AES\>) -<dt>Key Agreement<dd> - #DH -<dt>Public Key Cryptosystems<dd> - RSAES\<OAEP\<SHA1\> \> -</dl> - -<p>This reference manual is a work in progress. Some classes are still lacking detailed descriptions. -<p>Click <a href="CryptoPPRef.zip">here</a> to download a zip archive containing this manual. -<p>Thanks to Ryan Phillips for providing the Doxygen configuration file -and getting me started with this manual. -*/ - -#ifndef CRYPTOPP_CRYPTLIB_H -#define CRYPTOPP_CRYPTLIB_H - -#include "config.h" -#include "stdcpp.h" - -NAMESPACE_BEGIN(CryptoPP) - -// forward declarations -class Integer; -class RandomNumberGenerator; -class BufferedTransformation; - -//! used to specify a direction for a cipher to operate in (encrypt or decrypt) -enum CipherDir {ENCRYPTION, DECRYPTION}; - -//! used to represent infinite time -const unsigned long INFINITE_TIME = ULONG_MAX; - -// VC60 workaround: using enums as template parameters causes problems -template <typename ENUM_TYPE, int VALUE> -struct EnumToType -{ - static ENUM_TYPE ToEnum() {return (ENUM_TYPE)VALUE;} -}; - -enum ByteOrder {LITTLE_ENDIAN_ORDER = 0, BIG_ENDIAN_ORDER = 1}; -typedef EnumToType<ByteOrder, LITTLE_ENDIAN_ORDER> LittleEndian; -typedef EnumToType<ByteOrder, BIG_ENDIAN_ORDER> BigEndian; - -//! base class for all exceptions thrown by Crypto++ -class CRYPTOPP_DLL Exception : public std::exception -{ -public: - //! error types - enum ErrorType { - //! a method is not implemented - NOT_IMPLEMENTED, - //! invalid function argument - INVALID_ARGUMENT, - //! BufferedTransformation received a Flush(true) signal but can't flush buffers - CANNOT_FLUSH, - //! data integerity check (such as CRC or MAC) failed - DATA_INTEGRITY_CHECK_FAILED, - //! received input data that doesn't conform to expected format - INVALID_DATA_FORMAT, - //! error reading from input device or writing to output device - IO_ERROR, - //! some error not belong to any of the above categories - OTHER_ERROR - }; - - explicit Exception(ErrorType errorType, const std::string &s) : m_errorType(errorType), m_what(s) {} - virtual ~Exception() throw() {} - const char *what() const throw() {return (m_what.c_str());} - const std::string &GetWhat() const {return m_what;} - void SetWhat(const std::string &s) {m_what = s;} - ErrorType GetErrorType() const {return m_errorType;} - void SetErrorType(ErrorType errorType) {m_errorType = errorType;} - -private: - ErrorType m_errorType; - std::string m_what; -}; - -//! exception thrown when an invalid argument is detected -class CRYPTOPP_DLL InvalidArgument : public Exception -{ -public: - explicit InvalidArgument(const std::string &s) : Exception(INVALID_ARGUMENT, s) {} -}; - -//! exception thrown when input data is received that doesn't conform to expected format -class CRYPTOPP_DLL InvalidDataFormat : public Exception -{ -public: - explicit InvalidDataFormat(const std::string &s) : Exception(INVALID_DATA_FORMAT, s) {} -}; - -//! exception thrown by decryption filters when trying to decrypt an invalid ciphertext -class CRYPTOPP_DLL InvalidCiphertext : public InvalidDataFormat -{ -public: - explicit InvalidCiphertext(const std::string &s) : InvalidDataFormat(s) {} -}; - -//! exception thrown by a class if a non-implemented method is called -class CRYPTOPP_DLL NotImplemented : public Exception -{ -public: - explicit NotImplemented(const std::string &s) : Exception(NOT_IMPLEMENTED, s) {} -}; - -//! exception thrown by a class when Flush(true) is called but it can't completely flush its buffers -class CRYPTOPP_DLL CannotFlush : public Exception -{ -public: - explicit CannotFlush(const std::string &s) : Exception(CANNOT_FLUSH, s) {} -}; - -//! error reported by the operating system -class CRYPTOPP_DLL OS_Error : public Exception -{ -public: - OS_Error(ErrorType errorType, const std::string &s, const std::string& operation, int errorCode) - : Exception(errorType, s), m_operation(operation), m_errorCode(errorCode) {} - ~OS_Error() throw() {} - - // the operating system API that reported the error - const std::string & GetOperation() const {return m_operation;} - // the error code return by the operating system - int GetErrorCode() const {return m_errorCode;} - -protected: - std::string m_operation; - int m_errorCode; -}; - -//! used to return decoding results -struct CRYPTOPP_DLL DecodingResult -{ - explicit DecodingResult() : isValidCoding(false), messageLength(0) {} - explicit DecodingResult(size_t len) : isValidCoding(true), messageLength(len) {} - - bool operator==(const DecodingResult &rhs) const {return isValidCoding == rhs.isValidCoding && messageLength == rhs.messageLength;} - bool operator!=(const DecodingResult &rhs) const {return !operator==(rhs);} - - bool isValidCoding; - size_t messageLength; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - operator size_t() const {return isValidCoding ? messageLength : 0;} -#endif -}; - -//! interface for retrieving values given their names -/*! \note This class is used to safely pass a variable number of arbitrarily typed arguments to functions - and to read values from keys and crypto parameters. - \note To obtain an object that implements NameValuePairs for the purpose of parameter - passing, use the MakeParameters() function. - \note To get a value from NameValuePairs, you need to know the name and the type of the value. - Call GetValueNames() on a NameValuePairs object to obtain a list of value names that it supports. - Then look at the Name namespace documentation to see what the type of each value is, or - alternatively, call GetIntValue() with the value name, and if the type is not int, a - ValueTypeMismatch exception will be thrown and you can get the actual type from the exception object. -*/ -class CRYPTOPP_NO_VTABLE NameValuePairs -{ -public: - virtual ~NameValuePairs() {} - - //! exception thrown when trying to retrieve a value using a different type than expected - class CRYPTOPP_DLL ValueTypeMismatch : public InvalidArgument - { - public: - ValueTypeMismatch(const std::string &name, const std::type_info &stored, const std::type_info &retrieving) - : InvalidArgument("NameValuePairs: type mismatch for '" + name + "', stored '" + stored.name() + "', trying to retrieve '" + retrieving.name() + "'") - , m_stored(stored), m_retrieving(retrieving) {} - - const std::type_info & GetStoredTypeInfo() const {return m_stored;} - const std::type_info & GetRetrievingTypeInfo() const {return m_retrieving;} - - private: - const std::type_info &m_stored; - const std::type_info &m_retrieving; - }; - - //! get a copy of this object or a subobject of it - template <class T> - bool GetThisObject(T &object) const - { - return GetValue((std::string("ThisObject:")+typeid(T).name()).c_str(), object); - } - - //! get a pointer to this object, as a pointer to T - template <class T> - bool GetThisPointer(T *&p) const - { - return GetValue((std::string("ThisPointer:")+typeid(T).name()).c_str(), p); - } - - //! get a named value, returns true if the name exists - template <class T> - bool GetValue(const char *name, T &value) const - { - return GetVoidValue(name, typeid(T), &value); - } - - //! get a named value, returns the default if the name doesn't exist - template <class T> - T GetValueWithDefault(const char *name, T defaultValue) const - { - GetValue(name, defaultValue); - return defaultValue; - } - - //! get a list of value names that can be retrieved - CRYPTOPP_DLL std::string GetValueNames() const - {std::string result; GetValue("ValueNames", result); return result;} - - //! get a named value with type int - /*! used to ensure we don't accidentally try to get an unsigned int - or some other type when we mean int (which is the most common case) */ - CRYPTOPP_DLL bool GetIntValue(const char *name, int &value) const - {return GetValue(name, value);} - - //! get a named value with type int, with default - CRYPTOPP_DLL int GetIntValueWithDefault(const char *name, int defaultValue) const - {return GetValueWithDefault(name, defaultValue);} - - //! used by derived classes to check for type mismatch - CRYPTOPP_DLL static void CRYPTOPP_API ThrowIfTypeMismatch(const char *name, const std::type_info &stored, const std::type_info &retrieving) - {if (stored != retrieving) throw ValueTypeMismatch(name, stored, retrieving);} - - template <class T> - void GetRequiredParameter(const char *className, const char *name, T &value) const - { - if (!GetValue(name, value)) - throw InvalidArgument(std::string(className) + ": missing required parameter '" + name + "'"); - } - - CRYPTOPP_DLL void GetRequiredIntParameter(const char *className, const char *name, int &value) const - { - if (!GetIntValue(name, value)) - throw InvalidArgument(std::string(className) + ": missing required parameter '" + name + "'"); - } - - //! to be implemented by derived classes, users should use one of the above functions instead - CRYPTOPP_DLL virtual bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const =0; -}; - -//! namespace containing value name definitions -/*! value names, types and semantics: - - ThisObject:ClassName (ClassName, copy of this object or a subobject) - ThisPointer:ClassName (const ClassName *, pointer to this object or a subobject) -*/ -DOCUMENTED_NAMESPACE_BEGIN(Name) -// more names defined in argnames.h -DOCUMENTED_NAMESPACE_END - -//! empty set of name-value pairs -extern CRYPTOPP_DLL const NameValuePairs &g_nullNameValuePairs; - -// ******************************************************** - -//! interface for cloning objects, this is not implemented by most classes yet -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Clonable -{ -public: - virtual ~Clonable() {} - //! this is not implemented by most classes yet - virtual Clonable* Clone() const {throw NotImplemented("Clone() is not implemented yet.");} // TODO: make this =0 -}; - -//! interface for all crypto algorithms - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Algorithm : public Clonable -{ -public: - /*! When FIPS 140-2 compliance is enabled and checkSelfTestStatus == true, - this constructor throws SelfTestFailure if the self test hasn't been run or fails. */ - Algorithm(bool checkSelfTestStatus = true); - //! returns name of this algorithm, not universally implemented yet - virtual std::string AlgorithmName() const {return "unknown";} -}; - -//! keying interface for crypto algorithms that take byte strings as keys -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyingInterface -{ -public: - virtual ~SimpleKeyingInterface() {} - - //! returns smallest valid key length in bytes */ - virtual size_t MinKeyLength() const =0; - //! returns largest valid key length in bytes */ - virtual size_t MaxKeyLength() const =0; - //! returns default (recommended) key length in bytes */ - virtual size_t DefaultKeyLength() const =0; - - //! returns the smallest valid key length in bytes that is >= min(n, GetMaxKeyLength()) - virtual size_t GetValidKeyLength(size_t n) const =0; - - //! returns whether n is a valid key length - virtual bool IsValidKeyLength(size_t n) const - {return n == GetValidKeyLength(n);} - - //! set or reset the key of this object - /*! \param params is used to specify Rounds, BlockSize, etc. */ - virtual void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms = g_nullNameValuePairs); - - //! calls SetKey() with an NameValuePairs object that just specifies "Rounds" - void SetKeyWithRounds(const byte *key, size_t length, int rounds); - - //! calls SetKey() with an NameValuePairs object that just specifies "IV" - void SetKeyWithIV(const byte *key, size_t length, const byte *iv, size_t ivLength); - - //! calls SetKey() with an NameValuePairs object that just specifies "IV" - void SetKeyWithIV(const byte *key, size_t length, const byte *iv) - {SetKeyWithIV(key, length, iv, IVSize());} - - enum IV_Requirement {UNIQUE_IV = 0, RANDOM_IV, UNPREDICTABLE_RANDOM_IV, INTERNALLY_GENERATED_IV, NOT_RESYNCHRONIZABLE}; - //! returns the minimal requirement for secure IVs - virtual IV_Requirement IVRequirement() const =0; - - //! returns whether this object can be resynchronized (i.e. supports initialization vectors) - /*! If this function returns true, and no IV is passed to SetKey() and CanUseStructuredIVs()==true, an IV of all 0's will be assumed. */ - bool IsResynchronizable() const {return IVRequirement() < NOT_RESYNCHRONIZABLE;} - //! returns whether this object can use random IVs (in addition to ones returned by GetNextIV) - bool CanUseRandomIVs() const {return IVRequirement() <= UNPREDICTABLE_RANDOM_IV;} - //! returns whether this object can use random but possibly predictable IVs (in addition to ones returned by GetNextIV) - bool CanUsePredictableIVs() const {return IVRequirement() <= RANDOM_IV;} - //! returns whether this object can use structured IVs, for example a counter (in addition to ones returned by GetNextIV) - bool CanUseStructuredIVs() const {return IVRequirement() <= UNIQUE_IV;} - - virtual unsigned int IVSize() const {throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");} - //! returns default length of IVs accepted by this object - unsigned int DefaultIVLength() const {return IVSize();} - //! returns minimal length of IVs accepted by this object - virtual unsigned int MinIVLength() const {return IVSize();} - //! returns maximal length of IVs accepted by this object - virtual unsigned int MaxIVLength() const {return IVSize();} - //! resynchronize with an IV. ivLength=-1 means use IVSize() - virtual void Resynchronize(const byte *iv, int ivLength=-1) {throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");} - //! get a secure IV for the next message - /*! This method should be called after you finish encrypting one message and are ready to start the next one. - After calling it, you must call SetKey() or Resynchronize() before using this object again. - This method is not implemented on decryption objects. */ - virtual void GetNextIV(RandomNumberGenerator &rng, byte *IV); - -protected: - virtual const Algorithm & GetAlgorithm() const =0; - virtual void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) =0; - - void ThrowIfInvalidKeyLength(size_t length); - void ThrowIfResynchronizable(); // to be called when no IV is passed - void ThrowIfInvalidIV(const byte *iv); // check for NULL IV if it can't be used - size_t ThrowIfInvalidIVLength(int size); - const byte * GetIVAndThrowIfInvalid(const NameValuePairs ¶ms, size_t &size); - inline void AssertValidKeyLength(size_t length) const - {assert(IsValidKeyLength(length));} -}; - -//! interface for the data processing part of block ciphers - -/*! Classes derived from BlockTransformation are block ciphers - in ECB mode (for example the DES::Encryption class), which are stateless. - These classes should not be used directly, but only in combination with - a mode class (see CipherModeDocumentation in modes.h). -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockTransformation : public Algorithm -{ -public: - //! encrypt or decrypt inBlock, xor with xorBlock, and write to outBlock - virtual void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const =0; - - //! encrypt or decrypt one block - /*! \pre size of inBlock and outBlock == BlockSize() */ - void ProcessBlock(const byte *inBlock, byte *outBlock) const - {ProcessAndXorBlock(inBlock, NULL, outBlock);} - - //! encrypt or decrypt one block in place - void ProcessBlock(byte *inoutBlock) const - {ProcessAndXorBlock(inoutBlock, NULL, inoutBlock);} - - //! block size of the cipher in bytes - virtual unsigned int BlockSize() const =0; - - //! returns how inputs and outputs should be aligned for optimal performance - virtual unsigned int OptimalDataAlignment() const; - - //! returns true if this is a permutation (i.e. there is an inverse transformation) - virtual bool IsPermutation() const {return true;} - - //! returns true if this is an encryption object - virtual bool IsForwardTransformation() const =0; - - //! return number of blocks that can be processed in parallel, for bit-slicing implementations - virtual unsigned int OptimalNumberOfParallelBlocks() const {return 1;} - - enum {BT_InBlockIsCounter=1, BT_DontIncrementInOutPointers=2, BT_XorInput=4, BT_ReverseDirection=8, BT_AllowParallel=16} FlagsForAdvancedProcessBlocks; - - //! encrypt and xor blocks according to flags (see FlagsForAdvancedProcessBlocks) - /*! /note If BT_InBlockIsCounter is set, last byte of inBlocks may be modified. */ - virtual size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; - - inline CipherDir GetCipherDirection() const {return IsForwardTransformation() ? ENCRYPTION : DECRYPTION;} -}; - -//! interface for the data processing part of stream ciphers - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE StreamTransformation : public Algorithm -{ -public: - //! return a reference to this object, useful for passing a temporary object to a function that takes a non-const reference - StreamTransformation& Ref() {return *this;} - - //! returns block size, if input must be processed in blocks, otherwise 1 - virtual unsigned int MandatoryBlockSize() const {return 1;} - - //! returns the input block size that is most efficient for this cipher - /*! \note optimal input length is n * OptimalBlockSize() - GetOptimalBlockSizeUsed() for any n > 0 */ - virtual unsigned int OptimalBlockSize() const {return MandatoryBlockSize();} - //! returns how much of the current block is used up - virtual unsigned int GetOptimalBlockSizeUsed() const {return 0;} - - //! returns how input should be aligned for optimal performance - virtual unsigned int OptimalDataAlignment() const; - - //! encrypt or decrypt an array of bytes of specified length - /*! \note either inString == outString, or they don't overlap */ - virtual void ProcessData(byte *outString, const byte *inString, size_t length) =0; - - //! for ciphers where the last block of data is special, encrypt or decrypt the last block of data - /*! For now the only use of this function is for CBC-CTS mode. */ - virtual void ProcessLastBlock(byte *outString, const byte *inString, size_t length); - //! returns the minimum size of the last block, 0 indicating the last block is not special - virtual unsigned int MinLastBlockSize() const {return 0;} - - //! same as ProcessData(inoutString, inoutString, length) - inline void ProcessString(byte *inoutString, size_t length) - {ProcessData(inoutString, inoutString, length);} - //! same as ProcessData(outString, inString, length) - inline void ProcessString(byte *outString, const byte *inString, size_t length) - {ProcessData(outString, inString, length);} - //! implemented as {ProcessData(&input, &input, 1); return input;} - inline byte ProcessByte(byte input) - {ProcessData(&input, &input, 1); return input;} - - //! returns whether this cipher supports random access - virtual bool IsRandomAccess() const =0; - //! for random access ciphers, seek to an absolute position - virtual void Seek(lword n) - { - assert(!IsRandomAccess()); - throw NotImplemented("StreamTransformation: this object doesn't support random access"); - } - - //! returns whether this transformation is self-inverting (e.g. xor with a keystream) - virtual bool IsSelfInverting() const =0; - //! returns whether this is an encryption object - virtual bool IsForwardTransformation() const =0; -}; - -//! interface for hash functions and data processing part of MACs - -/*! HashTransformation objects are stateful. They are created in an initial state, - change state as Update() is called, and return to the initial - state when Final() is called. This interface allows a large message to - be hashed in pieces by calling Update() on each piece followed by - calling Final(). -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE HashTransformation : public Algorithm -{ -public: - //! return a reference to this object, useful for passing a temporary object to a function that takes a non-const reference - HashTransformation& Ref() {return *this;} - - //! process more input - virtual void Update(const byte *input, size_t length) =0; - - //! request space to write input into - virtual byte * CreateUpdateSpace(size_t &size) {size=0; return NULL;} - - //! compute hash for current message, then restart for a new message - /*! \pre size of digest == DigestSize(). */ - virtual void Final(byte *digest) - {TruncatedFinal(digest, DigestSize());} - - //! discard the current state, and restart with a new message - virtual void Restart() - {TruncatedFinal(NULL, 0);} - - //! size of the hash/digest/MAC returned by Final() - virtual unsigned int DigestSize() const =0; - - //! same as DigestSize() - unsigned int TagSize() const {return DigestSize();} - - - //! block size of underlying compression function, or 0 if not block based - virtual unsigned int BlockSize() const {return 0;} - - //! input to Update() should have length a multiple of this for optimal speed - virtual unsigned int OptimalBlockSize() const {return 1;} - - //! returns how input should be aligned for optimal performance - virtual unsigned int OptimalDataAlignment() const; - - //! use this if your input is in one piece and you don't want to call Update() and Final() separately - virtual void CalculateDigest(byte *digest, const byte *input, size_t length) - {Update(input, length); Final(digest);} - - //! verify that digest is a valid digest for the current message, then reinitialize the object - /*! Default implementation is to call Final() and do a bitwise comparison - between its output and digest. */ - virtual bool Verify(const byte *digest) - {return TruncatedVerify(digest, DigestSize());} - - //! use this if your input is in one piece and you don't want to call Update() and Verify() separately - virtual bool VerifyDigest(const byte *digest, const byte *input, size_t length) - {Update(input, length); return Verify(digest);} - - //! truncated version of Final() - virtual void TruncatedFinal(byte *digest, size_t digestSize) =0; - - //! truncated version of CalculateDigest() - virtual void CalculateTruncatedDigest(byte *digest, size_t digestSize, const byte *input, size_t length) - {Update(input, length); TruncatedFinal(digest, digestSize);} - - //! truncated version of Verify() - virtual bool TruncatedVerify(const byte *digest, size_t digestLength); - - //! truncated version of VerifyDigest() - virtual bool VerifyTruncatedDigest(const byte *digest, size_t digestLength, const byte *input, size_t length) - {Update(input, length); return TruncatedVerify(digest, digestLength);} - -protected: - void ThrowIfInvalidTruncatedSize(size_t size) const; -}; - -typedef HashTransformation HashFunction; - -//! interface for one direction (encryption or decryption) of a block cipher -/*! \note These objects usually should not be used directly. See BlockTransformation for more details. */ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockCipher : public SimpleKeyingInterface, public BlockTransformation -{ -protected: - const Algorithm & GetAlgorithm() const {return *this;} -}; - -//! interface for one direction (encryption or decryption) of a stream cipher or cipher mode -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SymmetricCipher : public SimpleKeyingInterface, public StreamTransformation -{ -protected: - const Algorithm & GetAlgorithm() const {return *this;} -}; - -//! interface for message authentication codes -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE MessageAuthenticationCode : public SimpleKeyingInterface, public HashTransformation -{ -protected: - const Algorithm & GetAlgorithm() const {return *this;} -}; - -//! interface for for one direction (encryption or decryption) of a stream cipher or block cipher mode with authentication -/*! The StreamTransformation part of this interface is used to encrypt/decrypt the data, and the MessageAuthenticationCode part of this - interface is used to input additional authenticated data (AAD, which is MAC'ed but not encrypted), and to generate/verify the MAC. */ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedSymmetricCipher : public MessageAuthenticationCode, public StreamTransformation -{ -public: - //! this indicates that a member function was called in the wrong state, for example trying to encrypt a message before having set the key or IV - class BadState : public Exception - { - public: - explicit BadState(const std::string &name, const char *message) : Exception(OTHER_ERROR, name + ": " + message) {} - explicit BadState(const std::string &name, const char *function, const char *state) : Exception(OTHER_ERROR, name + ": " + function + " was called before " + state) {} - }; - - //! the maximum length of AAD that can be input before the encrypted data - virtual lword MaxHeaderLength() const =0; - //! the maximum length of encrypted data - virtual lword MaxMessageLength() const =0; - //! the maximum length of AAD that can be input after the encrypted data - virtual lword MaxFooterLength() const {return 0;} - //! if this function returns true, SpecifyDataLengths() must be called before attempting to input data - /*! This is the case for some schemes, such as CCM. */ - virtual bool NeedsPrespecifiedDataLengths() const {return false;} - //! this function only needs to be called if NeedsPrespecifiedDataLengths() returns true - void SpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength=0); - //! encrypt and generate MAC in one call. will truncate MAC if macSize < TagSize() - virtual void EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength); - //! decrypt and verify MAC in one call, returning true iff MAC is valid. will assume MAC is truncated if macLength < TagSize() - virtual bool DecryptAndVerify(byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength); - - // redeclare this to avoid compiler ambiguity errors - virtual std::string AlgorithmName() const =0; - -protected: - const Algorithm & GetAlgorithm() const {return *static_cast<const MessageAuthenticationCode *>(this);} - virtual void UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength) {} -}; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY -typedef SymmetricCipher StreamCipher; -#endif - -//! interface for random number generators -/*! All return values are uniformly distributed over the range specified. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomNumberGenerator : public Algorithm -{ -public: - //! update RNG state with additional unpredictable values - virtual void IncorporateEntropy(const byte *input, size_t length) {throw NotImplemented("RandomNumberGenerator: IncorporateEntropy not implemented");} - - //! returns true if IncorporateEntropy is implemented - virtual bool CanIncorporateEntropy() const {return false;} - - //! generate new random byte and return it - virtual byte GenerateByte(); - - //! generate new random bit and return it - /*! Default implementation is to call GenerateByte() and return its lowest bit. */ - virtual unsigned int GenerateBit(); - - //! generate a random 32 bit word in the range min to max, inclusive - virtual word32 GenerateWord32(word32 a=0, word32 b=0xffffffffL); - - //! generate random array of bytes - virtual void GenerateBlock(byte *output, size_t size); - - //! generate and discard n bytes - virtual void DiscardBytes(size_t n); - - //! generate random bytes as input to a BufferedTransformation - virtual void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length); - - //! randomly shuffle the specified array, resulting permutation is uniformly distributed - template <class IT> void Shuffle(IT begin, IT end) - { - for (; begin != end; ++begin) - std::iter_swap(begin, begin + GenerateWord32(0, end-begin-1)); - } - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - byte GetByte() {return GenerateByte();} - unsigned int GetBit() {return GenerateBit();} - word32 GetLong(word32 a=0, word32 b=0xffffffffL) {return GenerateWord32(a, b);} - word16 GetShort(word16 a=0, word16 b=0xffff) {return (word16)GenerateWord32(a, b);} - void GetBlock(byte *output, size_t size) {GenerateBlock(output, size);} -#endif -}; - -//! returns a reference that can be passed to functions that ask for a RNG but doesn't actually use it -CRYPTOPP_DLL RandomNumberGenerator & CRYPTOPP_API NullRNG(); - -class WaitObjectContainer; -class CallStack; - -//! interface for objects that you can wait for - -class CRYPTOPP_NO_VTABLE Waitable -{ -public: - virtual ~Waitable() {} - - //! maximum number of wait objects that this object can return - virtual unsigned int GetMaxWaitObjectCount() const =0; - //! put wait objects into container - /*! \param callStack is used for tracing no wait loops, example: - something.GetWaitObjects(c, CallStack("my func after X", 0)); - - or in an outer GetWaitObjects() method that itself takes a callStack parameter: - innerThing.GetWaitObjects(c, CallStack("MyClass::GetWaitObjects at X", &callStack)); */ - virtual void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) =0; - //! wait on this object - /*! same as creating an empty container, calling GetWaitObjects(), and calling Wait() on the container */ - bool Wait(unsigned long milliseconds, CallStack const& callStack); -}; - -//! the default channel for BufferedTransformation, equal to the empty string -extern CRYPTOPP_DLL const std::string DEFAULT_CHANNEL; - -//! channel for additional authenticated data, equal to "AAD" -extern CRYPTOPP_DLL const std::string AAD_CHANNEL; - -//! interface for buffered transformations - -/*! BufferedTransformation is a generalization of BlockTransformation, - StreamTransformation, and HashTransformation. - - A buffered transformation is an object that takes a stream of bytes - as input (this may be done in stages), does some computation on them, and - then places the result into an internal buffer for later retrieval. Any - partial result already in the output buffer is not modified by further - input. - - If a method takes a "blocking" parameter, and you - pass "false" for it, the method will return before all input has been processed if - the input cannot be processed without waiting (for network buffers to become available, for example). - In this case the method will return true - or a non-zero integer value. When this happens you must continue to call the method with the same - parameters until it returns false or zero, before calling any other method on it or - attached BufferedTransformation. The integer return value in this case is approximately - the number of bytes left to be processed, and can be used to implement a progress bar. - - For functions that take a "propagation" parameter, propagation != 0 means pass on the signal to attached - BufferedTransformation objects, with propagation decremented at each step until it reaches 0. - -1 means unlimited propagation. - - \nosubgrouping -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BufferedTransformation : public Algorithm, public Waitable -{ -public: - // placed up here for CW8 - static const std::string &NULL_CHANNEL; // same as DEFAULT_CHANNEL, for backwards compatibility - - BufferedTransformation() : Algorithm(false) {} - - //! return a reference to this object, useful for passing a temporary object to a function that takes a non-const reference - BufferedTransformation& Ref() {return *this;} - - //! \name INPUT - //@{ - //! input a byte for processing - size_t Put(byte inByte, bool blocking=true) - {return Put(&inByte, 1, blocking);} - //! input multiple bytes - size_t Put(const byte *inString, size_t length, bool blocking=true) - {return Put2(inString, length, 0, blocking);} - - //! input a 16-bit word - size_t PutWord16(word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); - //! input a 32-bit word - size_t PutWord32(word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); - - //! request space which can be written into by the caller, and then used as input to Put() - /*! \param size is requested size (as a hint) for input, and size of the returned space for output */ - /*! \note The purpose of this method is to help avoid doing extra memory allocations. */ - virtual byte * CreatePutSpace(size_t &size) {size=0; return NULL;} - - virtual bool CanModifyInput() const {return false;} - - //! input multiple bytes that may be modified by callee - size_t PutModifiable(byte *inString, size_t length, bool blocking=true) - {return PutModifiable2(inString, length, 0, blocking);} - - bool MessageEnd(int propagation=-1, bool blocking=true) - {return !!Put2(NULL, 0, propagation < 0 ? -1 : propagation+1, blocking);} - size_t PutMessageEnd(const byte *inString, size_t length, int propagation=-1, bool blocking=true) - {return Put2(inString, length, propagation < 0 ? -1 : propagation+1, blocking);} - - //! input multiple bytes for blocking or non-blocking processing - /*! \param messageEnd means how many filters to signal MessageEnd to, including this one */ - virtual size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) =0; - //! input multiple bytes that may be modified by callee for blocking or non-blocking processing - /*! \param messageEnd means how many filters to signal MessageEnd to, including this one */ - virtual size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking) - {return Put2(inString, length, messageEnd, blocking);} - - //! thrown by objects that have not implemented nonblocking input processing - struct BlockingInputOnly : public NotImplemented - {BlockingInputOnly(const std::string &s) : NotImplemented(s + ": Nonblocking input is not implemented by this object.") {}}; - //@} - - //! \name WAITING - //@{ - unsigned int GetMaxWaitObjectCount() const; - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - //@} - - //! \name SIGNALS - //@{ - virtual void IsolatedInitialize(const NameValuePairs ¶meters) {throw NotImplemented("BufferedTransformation: this object can't be reinitialized");} - virtual bool IsolatedFlush(bool hardFlush, bool blocking) =0; - virtual bool IsolatedMessageSeriesEnd(bool blocking) {return false;} - - //! initialize or reinitialize this object - virtual void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1); - //! flush buffered input and/or output - /*! \param hardFlush is used to indicate whether all data should be flushed - \note Hard flushes must be used with care. It means try to process and output everything, even if - there may not be enough data to complete the action. For example, hard flushing a HexDecoder would - cause an error if you do it after inputing an odd number of hex encoded characters. - For some types of filters, for example ZlibDecompressor, hard flushes can only - be done at "synchronization points". These synchronization points are positions in the data - stream that are created by hard flushes on the corresponding reverse filters, in this - example ZlibCompressor. This is useful when zlib compressed data is moved across a - network in packets and compression state is preserved across packets, as in the ssh2 protocol. - */ - virtual bool Flush(bool hardFlush, int propagation=-1, bool blocking=true); - //! mark end of a series of messages - /*! There should be a MessageEnd immediately before MessageSeriesEnd. */ - virtual bool MessageSeriesEnd(int propagation=-1, bool blocking=true); - - //! set propagation of automatically generated and transferred signals - /*! propagation == 0 means do not automaticly generate signals */ - virtual void SetAutoSignalPropagation(int propagation) {} - - //! - virtual int GetAutoSignalPropagation() const {return 0;} -public: - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - void Close() {MessageEnd();} -#endif - //@} - - //! \name RETRIEVAL OF ONE MESSAGE - //@{ - //! returns number of bytes that is currently ready for retrieval - /*! All retrieval functions return the actual number of bytes - retrieved, which is the lesser of the request number and - MaxRetrievable(). */ - virtual lword MaxRetrievable() const; - - //! returns whether any bytes are currently ready for retrieval - virtual bool AnyRetrievable() const; - - //! try to retrieve a single byte - virtual size_t Get(byte &outByte); - //! try to retrieve multiple bytes - virtual size_t Get(byte *outString, size_t getMax); - - //! peek at the next byte without removing it from the output buffer - virtual size_t Peek(byte &outByte) const; - //! peek at multiple bytes without removing them from the output buffer - virtual size_t Peek(byte *outString, size_t peekMax) const; - - //! try to retrieve a 16-bit word - size_t GetWord16(word16 &value, ByteOrder order=BIG_ENDIAN_ORDER); - //! try to retrieve a 32-bit word - size_t GetWord32(word32 &value, ByteOrder order=BIG_ENDIAN_ORDER); - - //! try to peek at a 16-bit word - size_t PeekWord16(word16 &value, ByteOrder order=BIG_ENDIAN_ORDER) const; - //! try to peek at a 32-bit word - size_t PeekWord32(word32 &value, ByteOrder order=BIG_ENDIAN_ORDER) const; - - //! move transferMax bytes of the buffered output to target as input - lword TransferTo(BufferedTransformation &target, lword transferMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) - {TransferTo2(target, transferMax, channel); return transferMax;} - - //! discard skipMax bytes from the output buffer - virtual lword Skip(lword skipMax=LWORD_MAX); - - //! copy copyMax bytes of the buffered output to target as input - lword CopyTo(BufferedTransformation &target, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const - {return CopyRangeTo(target, 0, copyMax, channel);} - - //! copy copyMax bytes of the buffered output, starting at position (relative to current position), to target as input - lword CopyRangeTo(BufferedTransformation &target, lword position, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const - {lword i = position; CopyRangeTo2(target, i, i+copyMax, channel); return i-position;} - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - unsigned long MaxRetrieveable() const {return MaxRetrievable();} -#endif - //@} - - //! \name RETRIEVAL OF MULTIPLE MESSAGES - //@{ - //! - virtual lword TotalBytesRetrievable() const; - //! number of times MessageEnd() has been received minus messages retrieved or skipped - virtual unsigned int NumberOfMessages() const; - //! returns true if NumberOfMessages() > 0 - virtual bool AnyMessages() const; - //! start retrieving the next message - /*! - Returns false if no more messages exist or this message - is not completely retrieved. - */ - virtual bool GetNextMessage(); - //! skip count number of messages - virtual unsigned int SkipMessages(unsigned int count=UINT_MAX); - //! - unsigned int TransferMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) - {TransferMessagesTo2(target, count, channel); return count;} - //! - unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const; - - //! - virtual void SkipAll(); - //! - void TransferAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) - {TransferAllTo2(target, channel);} - //! - void CopyAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) const; - - virtual bool GetNextMessageSeries() {return false;} - virtual unsigned int NumberOfMessagesInThisSeries() const {return NumberOfMessages();} - virtual unsigned int NumberOfMessageSeries() const {return 0;} - //@} - - //! \name NON-BLOCKING TRANSFER OF OUTPUT - //@{ - //! upon return, byteCount contains number of bytes that have finished being transfered, and returns the number of bytes left in the current transfer block - virtual size_t TransferTo2(BufferedTransformation &target, lword &byteCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) =0; - //! upon return, begin contains the start position of data yet to be finished copying, and returns the number of bytes left in the current transfer block - virtual size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const =0; - //! upon return, messageCount contains number of messages that have finished being transfered, and returns the number of bytes left in the current transfer block - size_t TransferMessagesTo2(BufferedTransformation &target, unsigned int &messageCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - //! returns the number of bytes left in the current transfer block - size_t TransferAllTo2(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - //@} - - //! \name CHANNELS - //@{ - struct NoChannelSupport : public NotImplemented - {NoChannelSupport(const std::string &name) : NotImplemented(name + ": this object doesn't support multiple channels") {}}; - struct InvalidChannelName : public InvalidArgument - {InvalidChannelName(const std::string &name, const std::string &channel) : InvalidArgument(name + ": unexpected channel name \"" + channel + "\"") {}}; - - size_t ChannelPut(const std::string &channel, byte inByte, bool blocking=true) - {return ChannelPut(channel, &inByte, 1, blocking);} - size_t ChannelPut(const std::string &channel, const byte *inString, size_t length, bool blocking=true) - {return ChannelPut2(channel, inString, length, 0, blocking);} - - size_t ChannelPutModifiable(const std::string &channel, byte *inString, size_t length, bool blocking=true) - {return ChannelPutModifiable2(channel, inString, length, 0, blocking);} - - size_t ChannelPutWord16(const std::string &channel, word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); - size_t ChannelPutWord32(const std::string &channel, word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); - - bool ChannelMessageEnd(const std::string &channel, int propagation=-1, bool blocking=true) - {return !!ChannelPut2(channel, NULL, 0, propagation < 0 ? -1 : propagation+1, blocking);} - size_t ChannelPutMessageEnd(const std::string &channel, const byte *inString, size_t length, int propagation=-1, bool blocking=true) - {return ChannelPut2(channel, inString, length, propagation < 0 ? -1 : propagation+1, blocking);} - - virtual byte * ChannelCreatePutSpace(const std::string &channel, size_t &size); - - virtual size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); - virtual size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking); - - virtual bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true); - virtual bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true); - - virtual void SetRetrievalChannel(const std::string &channel); - //@} - - //! \name ATTACHMENT - /*! Some BufferedTransformation objects (e.g. Filter objects) - allow other BufferedTransformation objects to be attached. When - this is done, the first object instead of buffering its output, - sents that output to the attached object as input. The entire - attachment chain is deleted when the anchor object is destructed. - */ - //@{ - //! returns whether this object allows attachment - virtual bool Attachable() {return false;} - //! returns the object immediately attached to this object or NULL for no attachment - virtual BufferedTransformation *AttachedTransformation() {assert(!Attachable()); return 0;} - //! - virtual const BufferedTransformation *AttachedTransformation() const - {return const_cast<BufferedTransformation *>(this)->AttachedTransformation();} - //! delete the current attachment chain and replace it with newAttachment - virtual void Detach(BufferedTransformation *newAttachment = 0) - {assert(!Attachable()); throw NotImplemented("BufferedTransformation: this object is not attachable");} - //! add newAttachment to the end of attachment chain - virtual void Attach(BufferedTransformation *newAttachment); - //@} - -protected: - static int DecrementPropagation(int propagation) - {return propagation != 0 ? propagation - 1 : 0;} - -private: - byte m_buf[4]; // for ChannelPutWord16 and ChannelPutWord32, to ensure buffer isn't deallocated before non-blocking operation completes -}; - -//! returns a reference to a BufferedTransformation object that discards all input -BufferedTransformation & TheBitBucket(); - -//! interface for crypto material, such as public and private keys, and crypto parameters - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoMaterial : public NameValuePairs -{ -public: - //! exception thrown when invalid crypto material is detected - class CRYPTOPP_DLL InvalidMaterial : public InvalidDataFormat - { - public: - explicit InvalidMaterial(const std::string &s) : InvalidDataFormat(s) {} - }; - - //! assign values from source to this object - /*! \note This function can be used to create a public key from a private key. */ - virtual void AssignFrom(const NameValuePairs &source) =0; - - //! check this object for errors - /*! \param level denotes the level of thoroughness: - 0 - using this object won't cause a crash or exception (rng is ignored) - 1 - this object will probably function (encrypt, sign, etc.) correctly (but may not check for weak keys and such) - 2 - make sure this object will function correctly, and do reasonable security checks - 3 - do checks that may take a long time - \return true if the tests pass */ - virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0; - - //! throws InvalidMaterial if this object fails Validate() test - virtual void ThrowIfInvalid(RandomNumberGenerator &rng, unsigned int level) const - {if (!Validate(rng, level)) throw InvalidMaterial("CryptoMaterial: this object contains invalid values");} - -// virtual std::vector<std::string> GetSupportedFormats(bool includeSaveOnly=false, bool includeLoadOnly=false); - - //! save key into a BufferedTransformation - virtual void Save(BufferedTransformation &bt) const - {throw NotImplemented("CryptoMaterial: this object does not support saving");} - - //! load key from a BufferedTransformation - /*! \throws KeyingErr if decode fails - \note Generally does not check that the key is valid. - Call ValidateKey() or ThrowIfInvalidKey() to check that. */ - virtual void Load(BufferedTransformation &bt) - {throw NotImplemented("CryptoMaterial: this object does not support loading");} - - //! \return whether this object supports precomputation - virtual bool SupportsPrecomputation() const {return false;} - //! do precomputation - /*! The exact semantics of Precompute() is varies, but - typically it means calculate a table of n objects - that can be used later to speed up computation. */ - virtual void Precompute(unsigned int n) - {assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");} - //! retrieve previously saved precomputation - virtual void LoadPrecomputation(BufferedTransformation &storedPrecomputation) - {assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");} - //! save precomputation for later use - virtual void SavePrecomputation(BufferedTransformation &storedPrecomputation) const - {assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");} - - // for internal library use - void DoQuickSanityCheck() const {ThrowIfInvalid(NullRNG(), 0);} - -#if (defined(__SUNPRO_CC) && __SUNPRO_CC < 0x590) - // Sun Studio 11/CC 5.8 workaround: it generates incorrect code when casting to an empty virtual base class - char m_sunCCworkaround; -#endif -}; - -//! interface for generatable crypto material, such as private keys and crypto parameters - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GeneratableCryptoMaterial : virtual public CryptoMaterial -{ -public: - //! generate a random key or crypto parameters - /*! \throws KeyingErr if algorithm parameters are invalid, or if a key can't be generated - (e.g., if this is a public key object) */ - virtual void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs) - {throw NotImplemented("GeneratableCryptoMaterial: this object does not support key/parameter generation");} - - //! calls the above function with a NameValuePairs object that just specifies "KeySize" - void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize); -}; - -//! interface for public keys - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKey : virtual public CryptoMaterial -{ -}; - -//! interface for private keys - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKey : public GeneratableCryptoMaterial -{ -}; - -//! interface for crypto prameters - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoParameters : public GeneratableCryptoMaterial -{ -}; - -//! interface for asymmetric algorithms - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AsymmetricAlgorithm : public Algorithm -{ -public: - //! returns a reference to the crypto material used by this object - virtual CryptoMaterial & AccessMaterial() =0; - //! returns a const reference to the crypto material used by this object - virtual const CryptoMaterial & GetMaterial() const =0; - - //! for backwards compatibility, calls AccessMaterial().Load(bt) - void BERDecode(BufferedTransformation &bt) - {AccessMaterial().Load(bt);} - //! for backwards compatibility, calls GetMaterial().Save(bt) - void DEREncode(BufferedTransformation &bt) const - {GetMaterial().Save(bt);} -}; - -//! interface for asymmetric algorithms using public keys - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKeyAlgorithm : public AsymmetricAlgorithm -{ -public: - // VC60 workaround: no co-variant return type - CryptoMaterial & AccessMaterial() {return AccessPublicKey();} - const CryptoMaterial & GetMaterial() const {return GetPublicKey();} - - virtual PublicKey & AccessPublicKey() =0; - virtual const PublicKey & GetPublicKey() const {return const_cast<PublicKeyAlgorithm *>(this)->AccessPublicKey();} -}; - -//! interface for asymmetric algorithms using private keys - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKeyAlgorithm : public AsymmetricAlgorithm -{ -public: - CryptoMaterial & AccessMaterial() {return AccessPrivateKey();} - const CryptoMaterial & GetMaterial() const {return GetPrivateKey();} - - virtual PrivateKey & AccessPrivateKey() =0; - virtual const PrivateKey & GetPrivateKey() const {return const_cast<PrivateKeyAlgorithm *>(this)->AccessPrivateKey();} -}; - -//! interface for key agreement algorithms - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE KeyAgreementAlgorithm : public AsymmetricAlgorithm -{ -public: - CryptoMaterial & AccessMaterial() {return AccessCryptoParameters();} - const CryptoMaterial & GetMaterial() const {return GetCryptoParameters();} - - virtual CryptoParameters & AccessCryptoParameters() =0; - virtual const CryptoParameters & GetCryptoParameters() const {return const_cast<KeyAgreementAlgorithm *>(this)->AccessCryptoParameters();} -}; - -//! interface for public-key encryptors and decryptors - -/*! This class provides an interface common to encryptors and decryptors - for querying their plaintext and ciphertext lengths. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_CryptoSystem -{ -public: - virtual ~PK_CryptoSystem() {} - - //! maximum length of plaintext for a given ciphertext length - /*! \note This function returns 0 if ciphertextLength is not valid (too long or too short). */ - virtual size_t MaxPlaintextLength(size_t ciphertextLength) const =0; - - //! calculate length of ciphertext given length of plaintext - /*! \note This function returns 0 if plaintextLength is not valid (too long). */ - virtual size_t CiphertextLength(size_t plaintextLength) const =0; - - //! this object supports the use of the parameter with the given name - /*! some possible parameter names: EncodingParameters, KeyDerivationParameters */ - virtual bool ParameterSupported(const char *name) const =0; - - //! return fixed ciphertext length, if one exists, otherwise return 0 - /*! \note "Fixed" here means length of ciphertext does not depend on length of plaintext. - It usually does depend on the key length. */ - virtual size_t FixedCiphertextLength() const {return 0;} - - //! return maximum plaintext length given the fixed ciphertext length, if one exists, otherwise return 0 - virtual size_t FixedMaxPlaintextLength() const {return 0;} - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - size_t MaxPlainTextLength(size_t cipherTextLength) const {return MaxPlaintextLength(cipherTextLength);} - size_t CipherTextLength(size_t plainTextLength) const {return CiphertextLength(plainTextLength);} -#endif -}; - -//! interface for public-key encryptors -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Encryptor : public PK_CryptoSystem, public PublicKeyAlgorithm -{ -public: - //! exception thrown when trying to encrypt plaintext of invalid length - class CRYPTOPP_DLL InvalidPlaintextLength : public Exception - { - public: - InvalidPlaintextLength() : Exception(OTHER_ERROR, "PK_Encryptor: invalid plaintext length") {} - }; - - //! encrypt a byte string - /*! \pre CiphertextLength(plaintextLength) != 0 (i.e., plaintext isn't too long) - \pre size of ciphertext == CiphertextLength(plaintextLength) - */ - virtual void Encrypt(RandomNumberGenerator &rng, - const byte *plaintext, size_t plaintextLength, - byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0; - - //! create a new encryption filter - /*! \note The caller is responsible for deleting the returned pointer. - \note Encoding parameters should be passed in the "EP" channel. - */ - virtual BufferedTransformation * CreateEncryptionFilter(RandomNumberGenerator &rng, - BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const; -}; - -//! interface for public-key decryptors - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Decryptor : public PK_CryptoSystem, public PrivateKeyAlgorithm -{ -public: - //! decrypt a byte string, and return the length of plaintext - /*! \pre size of plaintext == MaxPlaintextLength(ciphertextLength) bytes. - \return the actual length of the plaintext, indication that decryption failed. - */ - virtual DecodingResult Decrypt(RandomNumberGenerator &rng, - const byte *ciphertext, size_t ciphertextLength, - byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0; - - //! create a new decryption filter - /*! \note caller is responsible for deleting the returned pointer - */ - virtual BufferedTransformation * CreateDecryptionFilter(RandomNumberGenerator &rng, - BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const; - - //! decrypt a fixed size ciphertext - DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *ciphertext, byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const - {return Decrypt(rng, ciphertext, FixedCiphertextLength(), plaintext, parameters);} -}; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY -typedef PK_CryptoSystem PK_FixedLengthCryptoSystem; -typedef PK_Encryptor PK_FixedLengthEncryptor; -typedef PK_Decryptor PK_FixedLengthDecryptor; -#endif - -//! interface for public-key signers and verifiers - -/*! This class provides an interface common to signers and verifiers - for querying scheme properties. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_SignatureScheme -{ -public: - //! invalid key exception, may be thrown by any function in this class if the private or public key has a length that can't be used - class CRYPTOPP_DLL InvalidKeyLength : public Exception - { - public: - InvalidKeyLength(const std::string &message) : Exception(OTHER_ERROR, message) {} - }; - - //! key too short exception, may be thrown by any function in this class if the private or public key is too short to sign or verify anything - class CRYPTOPP_DLL KeyTooShort : public InvalidKeyLength - { - public: - KeyTooShort() : InvalidKeyLength("PK_Signer: key too short for this signature scheme") {} - }; - - virtual ~PK_SignatureScheme() {} - - //! signature length if it only depends on the key, otherwise 0 - virtual size_t SignatureLength() const =0; - - //! maximum signature length produced for a given length of recoverable message part - virtual size_t MaxSignatureLength(size_t recoverablePartLength = 0) const {return SignatureLength();} - - //! length of longest message that can be recovered, or 0 if this signature scheme does not support message recovery - virtual size_t MaxRecoverableLength() const =0; - - //! length of longest message that can be recovered from a signature of given length, or 0 if this signature scheme does not support message recovery - virtual size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const =0; - - //! requires a random number generator to sign - /*! if this returns false, NullRNG() can be passed to functions that take RandomNumberGenerator & */ - virtual bool IsProbabilistic() const =0; - - //! whether or not a non-recoverable message part can be signed - virtual bool AllowNonrecoverablePart() const =0; - - //! if this function returns true, during verification you must input the signature before the message, otherwise you can input it at anytime */ - virtual bool SignatureUpfront() const {return false;} - - //! whether you must input the recoverable part before the non-recoverable part during signing - virtual bool RecoverablePartFirst() const =0; -}; - -//! interface for accumulating messages to be signed or verified -/*! Only Update() should be called - on this class. No other functions inherited from HashTransformation should be called. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_MessageAccumulator : public HashTransformation -{ -public: - //! should not be called on PK_MessageAccumulator - unsigned int DigestSize() const - {throw NotImplemented("PK_MessageAccumulator: DigestSize() should not be called");} - //! should not be called on PK_MessageAccumulator - void TruncatedFinal(byte *digest, size_t digestSize) - {throw NotImplemented("PK_MessageAccumulator: TruncatedFinal() should not be called");} -}; - -//! interface for public-key signers - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Signer : public PK_SignatureScheme, public PrivateKeyAlgorithm -{ -public: - //! create a new HashTransformation to accumulate the message to be signed - virtual PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const =0; - - virtual void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const =0; - - //! sign and delete messageAccumulator (even in case of exception thrown) - /*! \pre size of signature == MaxSignatureLength() - \return actual signature length - */ - virtual size_t Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const; - - //! sign and restart messageAccumulator - /*! \pre size of signature == MaxSignatureLength() - \return actual signature length - */ - virtual size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const =0; - - //! sign a message - /*! \pre size of signature == MaxSignatureLength() - \return actual signature length - */ - virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const; - - //! sign a recoverable message - /*! \pre size of signature == MaxSignatureLength(recoverableMessageLength) - \return actual signature length - */ - virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, - const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const; -}; - -//! interface for public-key signature verifiers -/*! The Recover* functions throw NotImplemented if the signature scheme does not support - message recovery. - The Verify* functions throw InvalidDataFormat if the scheme does support message - recovery and the signature contains a non-empty recoverable message part. The - Recovery* functions should be used in that case. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Verifier : public PK_SignatureScheme, public PublicKeyAlgorithm -{ -public: - //! create a new HashTransformation to accumulate the message to be verified - virtual PK_MessageAccumulator * NewVerificationAccumulator() const =0; - - //! input signature into a message accumulator - virtual void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const =0; - - //! check whether messageAccumulator contains a valid signature and message, and delete messageAccumulator (even in case of exception thrown) - virtual bool Verify(PK_MessageAccumulator *messageAccumulator) const; - - //! check whether messageAccumulator contains a valid signature and message, and restart messageAccumulator - virtual bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const =0; - - //! check whether input signature is a valid signature for input message - virtual bool VerifyMessage(const byte *message, size_t messageLen, - const byte *signature, size_t signatureLength) const; - - //! recover a message from its signature - /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength) - */ - virtual DecodingResult Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const; - - //! recover a message from its signature - /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength) - */ - virtual DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const =0; - - //! recover a message from its signature - /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength) - */ - virtual DecodingResult RecoverMessage(byte *recoveredMessage, - const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, - const byte *signature, size_t signatureLength) const; -}; - -//! interface for domains of simple key agreement protocols - -/*! A key agreement domain is a set of parameters that must be shared - by two parties in a key agreement protocol, along with the algorithms - for generating key pairs and deriving agreed values. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyAgreementDomain : public KeyAgreementAlgorithm -{ -public: - //! return length of agreed value produced - virtual unsigned int AgreedValueLength() const =0; - //! return length of private keys in this domain - virtual unsigned int PrivateKeyLength() const =0; - //! return length of public keys in this domain - virtual unsigned int PublicKeyLength() const =0; - //! generate private key - /*! \pre size of privateKey == PrivateKeyLength() */ - virtual void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0; - //! generate public key - /*! \pre size of publicKey == PublicKeyLength() */ - virtual void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0; - //! generate private/public key pair - /*! \note equivalent to calling GeneratePrivateKey() and then GeneratePublicKey() */ - virtual void GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const; - //! derive agreed value from your private key and couterparty's public key, return false in case of failure - /*! \note If you have previously validated the public key, use validateOtherPublicKey=false to save time. - \pre size of agreedValue == AgreedValueLength() - \pre length of privateKey == PrivateKeyLength() - \pre length of otherPublicKey == PublicKeyLength() - */ - virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - bool ValidateDomainParameters(RandomNumberGenerator &rng) const - {return GetCryptoParameters().Validate(rng, 2);} -#endif -}; - -//! interface for domains of authenticated key agreement protocols - -/*! In an authenticated key agreement protocol, each party has two - key pairs. The long-lived key pair is called the static key pair, - and the short-lived key pair is called the ephemeral key pair. -*/ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedKeyAgreementDomain : public KeyAgreementAlgorithm -{ -public: - //! return length of agreed value produced - virtual unsigned int AgreedValueLength() const =0; - - //! return length of static private keys in this domain - virtual unsigned int StaticPrivateKeyLength() const =0; - //! return length of static public keys in this domain - virtual unsigned int StaticPublicKeyLength() const =0; - //! generate static private key - /*! \pre size of privateKey == PrivateStaticKeyLength() */ - virtual void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0; - //! generate static public key - /*! \pre size of publicKey == PublicStaticKeyLength() */ - virtual void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0; - //! generate private/public key pair - /*! \note equivalent to calling GenerateStaticPrivateKey() and then GenerateStaticPublicKey() */ - virtual void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const; - - //! return length of ephemeral private keys in this domain - virtual unsigned int EphemeralPrivateKeyLength() const =0; - //! return length of ephemeral public keys in this domain - virtual unsigned int EphemeralPublicKeyLength() const =0; - //! generate ephemeral private key - /*! \pre size of privateKey == PrivateEphemeralKeyLength() */ - virtual void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0; - //! generate ephemeral public key - /*! \pre size of publicKey == PublicEphemeralKeyLength() */ - virtual void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0; - //! generate private/public key pair - /*! \note equivalent to calling GenerateEphemeralPrivateKey() and then GenerateEphemeralPublicKey() */ - virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const; - - //! derive agreed value from your private keys and couterparty's public keys, return false in case of failure - /*! \note The ephemeral public key will always be validated. - If you have previously validated the static public key, use validateStaticOtherPublicKey=false to save time. - \pre size of agreedValue == AgreedValueLength() - \pre length of staticPrivateKey == StaticPrivateKeyLength() - \pre length of ephemeralPrivateKey == EphemeralPrivateKeyLength() - \pre length of staticOtherPublicKey == StaticPublicKeyLength() - \pre length of ephemeralOtherPublicKey == EphemeralPublicKeyLength() - */ - virtual bool Agree(byte *agreedValue, - const byte *staticPrivateKey, const byte *ephemeralPrivateKey, - const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, - bool validateStaticOtherPublicKey=true) const =0; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - bool ValidateDomainParameters(RandomNumberGenerator &rng) const - {return GetCryptoParameters().Validate(rng, 2);} -#endif -}; - -// interface for password authenticated key agreement protocols, not implemented yet -#if 0 -//! interface for protocol sessions -/*! The methods should be called in the following order: - - InitializeSession(rng, parameters); // or call initialize method in derived class - while (true) - { - if (OutgoingMessageAvailable()) - { - length = GetOutgoingMessageLength(); - GetOutgoingMessage(message); - ; // send outgoing message - } - - if (LastMessageProcessed()) - break; - - ; // receive incoming message - ProcessIncomingMessage(message); - } - ; // call methods in derived class to obtain result of protocol session -*/ -class ProtocolSession -{ -public: - //! exception thrown when an invalid protocol message is processed - class ProtocolError : public Exception - { - public: - ProtocolError(ErrorType errorType, const std::string &s) : Exception(errorType, s) {} - }; - - //! exception thrown when a function is called unexpectedly - /*! for example calling ProcessIncomingMessage() when ProcessedLastMessage() == true */ - class UnexpectedMethodCall : public Exception - { - public: - UnexpectedMethodCall(const std::string &s) : Exception(OTHER_ERROR, s) {} - }; - - ProtocolSession() : m_rng(NULL), m_throwOnProtocolError(true), m_validState(false) {} - virtual ~ProtocolSession() {} - - virtual void InitializeSession(RandomNumberGenerator &rng, const NameValuePairs ¶meters) =0; - - bool GetThrowOnProtocolError() const {return m_throwOnProtocolError;} - void SetThrowOnProtocolError(bool throwOnProtocolError) {m_throwOnProtocolError = throwOnProtocolError;} - - bool HasValidState() const {return m_validState;} - - virtual bool OutgoingMessageAvailable() const =0; - virtual unsigned int GetOutgoingMessageLength() const =0; - virtual void GetOutgoingMessage(byte *message) =0; - - virtual bool LastMessageProcessed() const =0; - virtual void ProcessIncomingMessage(const byte *message, unsigned int messageLength) =0; - -protected: - void HandleProtocolError(Exception::ErrorType errorType, const std::string &s) const; - void CheckAndHandleInvalidState() const; - void SetValidState(bool valid) {m_validState = valid;} - - RandomNumberGenerator *m_rng; - -private: - bool m_throwOnProtocolError, m_validState; -}; - -class KeyAgreementSession : public ProtocolSession -{ -public: - virtual unsigned int GetAgreedValueLength() const =0; - virtual void GetAgreedValue(byte *agreedValue) const =0; -}; - -class PasswordAuthenticatedKeyAgreementSession : public KeyAgreementSession -{ -public: - void InitializePasswordAuthenticatedKeyAgreementSession(RandomNumberGenerator &rng, - const byte *myId, unsigned int myIdLength, - const byte *counterPartyId, unsigned int counterPartyIdLength, - const byte *passwordOrVerifier, unsigned int passwordOrVerifierLength); -}; - -class PasswordAuthenticatedKeyAgreementDomain : public KeyAgreementAlgorithm -{ -public: - //! return whether the domain parameters stored in this object are valid - virtual bool ValidateDomainParameters(RandomNumberGenerator &rng) const - {return GetCryptoParameters().Validate(rng, 2);} - - virtual unsigned int GetPasswordVerifierLength(const byte *password, unsigned int passwordLength) const =0; - virtual void GeneratePasswordVerifier(RandomNumberGenerator &rng, const byte *userId, unsigned int userIdLength, const byte *password, unsigned int passwordLength, byte *verifier) const =0; - - enum RoleFlags {CLIENT=1, SERVER=2, INITIATOR=4, RESPONDER=8}; - - virtual bool IsValidRole(unsigned int role) =0; - virtual PasswordAuthenticatedKeyAgreementSession * CreateProtocolSession(unsigned int role) const =0; -}; -#endif - -//! BER Decode Exception Class, may be thrown during an ASN1 BER decode operation -class CRYPTOPP_DLL BERDecodeErr : public InvalidArgument -{ -public: - BERDecodeErr() : InvalidArgument("BER decode error") {} - BERDecodeErr(const std::string &s) : InvalidArgument(s) {} -}; - -//! interface for encoding and decoding ASN1 objects -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ASN1Object -{ -public: - virtual ~ASN1Object() {} - //! decode this object from a BufferedTransformation, using BER (Basic Encoding Rules) - virtual void BERDecode(BufferedTransformation &bt) =0; - //! encode this object into a BufferedTransformation, using DER (Distinguished Encoding Rules) - virtual void DEREncode(BufferedTransformation &bt) const =0; - //! encode this object into a BufferedTransformation, using BER - /*! this may be useful if DEREncode() would be too inefficient */ - virtual void BEREncode(BufferedTransformation &bt) const {DEREncode(bt);} -}; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY -typedef PK_SignatureScheme PK_SignatureSystem; -typedef SimpleKeyAgreementDomain PK_SimpleKeyAgreementDomain; -typedef AuthenticatedKeyAgreementDomain PK_AuthenticatedKeyAgreementDomain; -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/cryptlib_bds.cpp b/cryptopp562/cryptlib_bds.cpp deleted file mode 100644 index 7724a9f..0000000 --- a/cryptopp562/cryptlib_bds.cpp +++ /dev/null @@ -1,10 +0,0 @@ -//--------------------------------------------------------------------------- - -/* -#include <vcl.h> -#pragma hdrstop -*/ -#define Library - -// To add a file to the library use the Project menu 'Add to Project'. - diff --git a/cryptopp562/datatest.cpp b/cryptopp562/datatest.cpp deleted file mode 100644 index 7a1a9cf..0000000 --- a/cryptopp562/datatest.cpp +++ /dev/null @@ -1,757 +0,0 @@ -#include "factory.h" -#include "integer.h" -#include "filters.h" -#include "hex.h" -#include "randpool.h" -#include "files.h" -#include "trunhash.h" -#include "queue.h" -#include "validate.h" -#include <iostream> -#include <memory> - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -typedef std::map<std::string, std::string> TestData; -static bool s_thorough; - -class TestFailure : public Exception -{ -public: - TestFailure() : Exception(OTHER_ERROR, "Validation test failed") {} -}; - -static const TestData *s_currentTestData = NULL; - -static void OutputTestData(const TestData &v) -{ - for (TestData::const_iterator i = v.begin(); i != v.end(); ++i) - { - cerr << i->first << ": " << i->second << endl; - } -} - -static void SignalTestFailure() -{ - OutputTestData(*s_currentTestData); - throw TestFailure(); -} - -static void SignalTestError() -{ - OutputTestData(*s_currentTestData); - throw Exception(Exception::OTHER_ERROR, "Unexpected error during validation test"); -} - -bool DataExists(const TestData &data, const char *name) -{ - TestData::const_iterator i = data.find(name); - return (i != data.end()); -} - -const std::string & GetRequiredDatum(const TestData &data, const char *name) -{ - TestData::const_iterator i = data.find(name); - if (i == data.end()) - SignalTestError(); - return i->second; -} - -void RandomizedTransfer(BufferedTransformation &source, BufferedTransformation &target, bool finish, const std::string &channel=DEFAULT_CHANNEL) -{ - while (source.MaxRetrievable() > (finish ? 0 : 4096)) - { - byte buf[4096+64]; - size_t start = GlobalRNG().GenerateWord32(0, 63); - size_t len = GlobalRNG().GenerateWord32(1, UnsignedMin(4096U, 3*source.MaxRetrievable()/2)); - len = source.Get(buf+start, len); - target.ChannelPut(channel, buf+start, len); - } -} - -void PutDecodedDatumInto(const TestData &data, const char *name, BufferedTransformation &target) -{ - std::string s1 = GetRequiredDatum(data, name), s2; - ByteQueue q; - - while (!s1.empty()) - { - while (s1[0] == ' ') - { - s1 = s1.substr(1); - if (s1.empty()) - goto end; // avoid invalid read if s1 is empty - } - - int repeat = 1; - if (s1[0] == 'r') - { - repeat = atoi(s1.c_str()+1); - s1 = s1.substr(s1.find(' ')+1); - } - - s2 = ""; // MSVC 6 doesn't have clear(); - - if (s1[0] == '\"') - { - s2 = s1.substr(1, s1.find('\"', 1)-1); - s1 = s1.substr(s2.length() + 2); - } - else if (s1.substr(0, 2) == "0x") - { - StringSource(s1.substr(2, s1.find(' ')), true, new HexDecoder(new StringSink(s2))); - s1 = s1.substr(STDMIN(s1.find(' '), s1.length())); - } - else - { - StringSource(s1.substr(0, s1.find(' ')), true, new HexDecoder(new StringSink(s2))); - s1 = s1.substr(STDMIN(s1.find(' '), s1.length())); - } - - while (repeat--) - { - q.Put((const byte *)s2.data(), s2.size()); - RandomizedTransfer(q, target, false); - } - } - -end: - RandomizedTransfer(q, target, true); -} - -std::string GetDecodedDatum(const TestData &data, const char *name) -{ - std::string s; - PutDecodedDatumInto(data, name, StringSink(s).Ref()); - return s; -} - -std::string GetOptionalDecodedDatum(const TestData &data, const char *name) -{ - std::string s; - if (DataExists(data, name)) - PutDecodedDatumInto(data, name, StringSink(s).Ref()); - return s; -} - -class TestDataNameValuePairs : public NameValuePairs -{ -public: - TestDataNameValuePairs(const TestData &data) : m_data(data) {} - - virtual bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - TestData::const_iterator i = m_data.find(name); - if (i == m_data.end()) - { - if (std::string(name) == Name::DigestSize() && valueType == typeid(int)) - { - i = m_data.find("MAC"); - if (i == m_data.end()) - i = m_data.find("Digest"); - if (i == m_data.end()) - return false; - - m_temp.resize(0); - PutDecodedDatumInto(m_data, i->first.c_str(), StringSink(m_temp).Ref()); - *reinterpret_cast<int *>(pValue) = (int)m_temp.size(); - return true; - } - else - return false; - } - - const std::string &value = i->second; - - if (valueType == typeid(int)) - *reinterpret_cast<int *>(pValue) = atoi(value.c_str()); - else if (valueType == typeid(Integer)) - *reinterpret_cast<Integer *>(pValue) = Integer((std::string(value) + "h").c_str()); - else if (valueType == typeid(ConstByteArrayParameter)) - { - m_temp.resize(0); - PutDecodedDatumInto(m_data, name, StringSink(m_temp).Ref()); - reinterpret_cast<ConstByteArrayParameter *>(pValue)->Assign((const byte *)m_temp.data(), m_temp.size(), false); - } - else - throw ValueTypeMismatch(name, typeid(std::string), valueType); - - return true; - } - -private: - const TestData &m_data; - mutable std::string m_temp; -}; - -void TestKeyPairValidAndConsistent(CryptoMaterial &pub, const CryptoMaterial &priv) -{ - if (!pub.Validate(GlobalRNG(), 2+s_thorough)) - SignalTestFailure(); - if (!priv.Validate(GlobalRNG(), 2+s_thorough)) - SignalTestFailure(); - - ByteQueue bq1, bq2; - pub.Save(bq1); - pub.AssignFrom(priv); - pub.Save(bq2); - if (bq1 != bq2) - SignalTestFailure(); -} - -void TestSignatureScheme(TestData &v) -{ - std::string name = GetRequiredDatum(v, "Name"); - std::string test = GetRequiredDatum(v, "Test"); - - std::auto_ptr<PK_Signer> signer(ObjectFactoryRegistry<PK_Signer>::Registry().CreateObject(name.c_str())); - std::auto_ptr<PK_Verifier> verifier(ObjectFactoryRegistry<PK_Verifier>::Registry().CreateObject(name.c_str())); - - TestDataNameValuePairs pairs(v); - - if (test == "GenerateKey") - { - signer->AccessPrivateKey().GenerateRandom(GlobalRNG(), pairs); - verifier->AccessPublicKey().AssignFrom(signer->AccessPrivateKey()); - } - else - { - std::string keyFormat = GetRequiredDatum(v, "KeyFormat"); - - if (keyFormat == "DER") - verifier->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PublicKey")).Ref()); - else if (keyFormat == "Component") - verifier->AccessMaterial().AssignFrom(pairs); - - if (test == "Verify" || test == "NotVerify") - { - VerifierFilter verifierFilter(*verifier, NULL, VerifierFilter::SIGNATURE_AT_BEGIN); - PutDecodedDatumInto(v, "Signature", verifierFilter); - PutDecodedDatumInto(v, "Message", verifierFilter); - verifierFilter.MessageEnd(); - if (verifierFilter.GetLastResult() == (test == "NotVerify")) - SignalTestFailure(); - return; - } - else if (test == "PublicKeyValid") - { - if (!verifier->GetMaterial().Validate(GlobalRNG(), 3)) - SignalTestFailure(); - return; - } - - if (keyFormat == "DER") - signer->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PrivateKey")).Ref()); - else if (keyFormat == "Component") - signer->AccessMaterial().AssignFrom(pairs); - } - - if (test == "GenerateKey" || test == "KeyPairValidAndConsistent") - { - TestKeyPairValidAndConsistent(verifier->AccessMaterial(), signer->GetMaterial()); - VerifierFilter verifierFilter(*verifier, NULL, VerifierFilter::THROW_EXCEPTION); - verifierFilter.Put((const byte *)"abc", 3); - StringSource ss("abc", true, new SignerFilter(GlobalRNG(), *signer, new Redirector(verifierFilter))); - } - else if (test == "Sign") - { - SignerFilter f(GlobalRNG(), *signer, new HexEncoder(new FileSink(cout))); - StringSource ss(GetDecodedDatum(v, "Message"), true, new Redirector(f)); - SignalTestFailure(); - } - else if (test == "DeterministicSign") - { - SignalTestError(); - assert(false); // TODO: implement - } - else if (test == "RandomSign") - { - SignalTestError(); - assert(false); // TODO: implement - } - else - { - SignalTestError(); - assert(false); - } -} - -void TestAsymmetricCipher(TestData &v) -{ - std::string name = GetRequiredDatum(v, "Name"); - std::string test = GetRequiredDatum(v, "Test"); - - std::auto_ptr<PK_Encryptor> encryptor(ObjectFactoryRegistry<PK_Encryptor>::Registry().CreateObject(name.c_str())); - std::auto_ptr<PK_Decryptor> decryptor(ObjectFactoryRegistry<PK_Decryptor>::Registry().CreateObject(name.c_str())); - - std::string keyFormat = GetRequiredDatum(v, "KeyFormat"); - - if (keyFormat == "DER") - { - decryptor->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PrivateKey")).Ref()); - encryptor->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PublicKey")).Ref()); - } - else if (keyFormat == "Component") - { - TestDataNameValuePairs pairs(v); - decryptor->AccessMaterial().AssignFrom(pairs); - encryptor->AccessMaterial().AssignFrom(pairs); - } - - if (test == "DecryptMatch") - { - std::string decrypted, expected = GetDecodedDatum(v, "Plaintext"); - StringSource ss(GetDecodedDatum(v, "Ciphertext"), true, new PK_DecryptorFilter(GlobalRNG(), *decryptor, new StringSink(decrypted))); - if (decrypted != expected) - SignalTestFailure(); - } - else if (test == "KeyPairValidAndConsistent") - { - TestKeyPairValidAndConsistent(encryptor->AccessMaterial(), decryptor->GetMaterial()); - } - else - { - SignalTestError(); - assert(false); - } -} - -void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters) -{ - std::string name = GetRequiredDatum(v, "Name"); - std::string test = GetRequiredDatum(v, "Test"); - - std::string key = GetDecodedDatum(v, "Key"); - std::string plaintext = GetDecodedDatum(v, "Plaintext"); - - TestDataNameValuePairs testDataPairs(v); - CombinedNameValuePairs pairs(overrideParameters, testDataPairs); - - if (test == "Encrypt" || test == "EncryptXorDigest" || test == "Resync" || test == "EncryptionMCT" || test == "DecryptionMCT") - { - static member_ptr<SymmetricCipher> encryptor, decryptor; - static std::string lastName; - - if (name != lastName) - { - encryptor.reset(ObjectFactoryRegistry<SymmetricCipher, ENCRYPTION>::Registry().CreateObject(name.c_str())); - decryptor.reset(ObjectFactoryRegistry<SymmetricCipher, DECRYPTION>::Registry().CreateObject(name.c_str())); - lastName = name; - } - - ConstByteArrayParameter iv; - if (pairs.GetValue(Name::IV(), iv) && iv.size() != encryptor->IVSize()) - SignalTestFailure(); - - if (test == "Resync") - { - encryptor->Resynchronize(iv.begin(), (int)iv.size()); - decryptor->Resynchronize(iv.begin(), (int)iv.size()); - } - else - { - encryptor->SetKey((const byte *)key.data(), key.size(), pairs); - decryptor->SetKey((const byte *)key.data(), key.size(), pairs); - } - - int seek = pairs.GetIntValueWithDefault("Seek", 0); - if (seek) - { - encryptor->Seek(seek); - decryptor->Seek(seek); - } - - std::string encrypted, xorDigest, ciphertext, ciphertextXorDigest; - if (test == "EncryptionMCT" || test == "DecryptionMCT") - { - SymmetricCipher *cipher = encryptor.get(); - SecByteBlock buf((byte *)plaintext.data(), plaintext.size()), keybuf((byte *)key.data(), key.size()); - - if (test == "DecryptionMCT") - { - cipher = decryptor.get(); - ciphertext = GetDecodedDatum(v, "Ciphertext"); - buf.Assign((byte *)ciphertext.data(), ciphertext.size()); - } - - for (int i=0; i<400; i++) - { - encrypted.reserve(10000 * plaintext.size()); - for (int j=0; j<10000; j++) - { - cipher->ProcessString(buf.begin(), buf.size()); - encrypted.append((char *)buf.begin(), buf.size()); - } - - encrypted.erase(0, encrypted.size() - keybuf.size()); - xorbuf(keybuf.begin(), (const byte *)encrypted.data(), keybuf.size()); - cipher->SetKey(keybuf, keybuf.size()); - } - encrypted.assign((char *)buf.begin(), buf.size()); - ciphertext = GetDecodedDatum(v, test == "EncryptionMCT" ? "Ciphertext" : "Plaintext"); - if (encrypted != ciphertext) - { - std::cout << "incorrectly encrypted: "; - StringSource xx(encrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(256); xx.Flush(false); - std::cout << "\n"; - SignalTestFailure(); - } - return; - } - - StreamTransformationFilter encFilter(*encryptor, new StringSink(encrypted), StreamTransformationFilter::NO_PADDING); - RandomizedTransfer(StringStore(plaintext).Ref(), encFilter, true); - encFilter.MessageEnd(); - /*{ - std::string z; - encryptor->Seek(seek); - StringSource ss(plaintext, false, new StreamTransformationFilter(*encryptor, new StringSink(z), StreamTransformationFilter::NO_PADDING)); - while (ss.Pump(64)) {} - ss.PumpAll(); - for (int i=0; i<z.length(); i++) - assert(encrypted[i] == z[i]); - }*/ - if (test != "EncryptXorDigest") - ciphertext = GetDecodedDatum(v, "Ciphertext"); - else - { - ciphertextXorDigest = GetDecodedDatum(v, "CiphertextXorDigest"); - xorDigest.append(encrypted, 0, 64); - for (size_t i=64; i<encrypted.size(); i++) - xorDigest[i%64] ^= encrypted[i]; - } - if (test != "EncryptXorDigest" ? encrypted != ciphertext : xorDigest != ciphertextXorDigest) - { - std::cout << "incorrectly encrypted: "; - StringSource xx(encrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(2048); xx.Flush(false); - std::cout << "\n"; - SignalTestFailure(); - } - std::string decrypted; - StreamTransformationFilter decFilter(*decryptor, new StringSink(decrypted), StreamTransformationFilter::NO_PADDING); - RandomizedTransfer(StringStore(encrypted).Ref(), decFilter, true); - decFilter.MessageEnd(); - if (decrypted != plaintext) - { - std::cout << "incorrectly decrypted: "; - StringSource xx(decrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(256); xx.Flush(false); - std::cout << "\n"; - SignalTestFailure(); - } - } - else - { - std::cout << "unexpected test name\n"; - SignalTestError(); - } -} - -void TestAuthenticatedSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters) -{ - std::string type = GetRequiredDatum(v, "AlgorithmType"); - std::string name = GetRequiredDatum(v, "Name"); - std::string test = GetRequiredDatum(v, "Test"); - std::string key = GetDecodedDatum(v, "Key"); - - std::string plaintext = GetOptionalDecodedDatum(v, "Plaintext"); - std::string ciphertext = GetOptionalDecodedDatum(v, "Ciphertext"); - std::string header = GetOptionalDecodedDatum(v, "Header"); - std::string footer = GetOptionalDecodedDatum(v, "Footer"); - std::string mac = GetOptionalDecodedDatum(v, "MAC"); - - TestDataNameValuePairs testDataPairs(v); - CombinedNameValuePairs pairs(overrideParameters, testDataPairs); - - if (test == "Encrypt" || test == "EncryptXorDigest" || test == "NotVerify") - { - member_ptr<AuthenticatedSymmetricCipher> asc1, asc2; - asc1.reset(ObjectFactoryRegistry<AuthenticatedSymmetricCipher, ENCRYPTION>::Registry().CreateObject(name.c_str())); - asc2.reset(ObjectFactoryRegistry<AuthenticatedSymmetricCipher, DECRYPTION>::Registry().CreateObject(name.c_str())); - asc1->SetKey((const byte *)key.data(), key.size(), pairs); - asc2->SetKey((const byte *)key.data(), key.size(), pairs); - - std::string encrypted, decrypted; - AuthenticatedEncryptionFilter ef(*asc1, new StringSink(encrypted)); - bool macAtBegin = !mac.empty() && !GlobalRNG().GenerateBit(); // test both ways randomly - AuthenticatedDecryptionFilter df(*asc2, new StringSink(decrypted), macAtBegin ? AuthenticatedDecryptionFilter::MAC_AT_BEGIN : 0); - - if (asc1->NeedsPrespecifiedDataLengths()) - { - asc1->SpecifyDataLengths(header.size(), plaintext.size(), footer.size()); - asc2->SpecifyDataLengths(header.size(), plaintext.size(), footer.size()); - } - - StringStore sh(header), sp(plaintext), sc(ciphertext), sf(footer), sm(mac); - - if (macAtBegin) - RandomizedTransfer(sm, df, true); - sh.CopyTo(df, LWORD_MAX, AAD_CHANNEL); - RandomizedTransfer(sc, df, true); - sf.CopyTo(df, LWORD_MAX, AAD_CHANNEL); - if (!macAtBegin) - RandomizedTransfer(sm, df, true); - df.MessageEnd(); - - RandomizedTransfer(sh, ef, true, AAD_CHANNEL); - RandomizedTransfer(sp, ef, true); - RandomizedTransfer(sf, ef, true, AAD_CHANNEL); - ef.MessageEnd(); - - if (test == "Encrypt" && encrypted != ciphertext+mac) - { - std::cout << "incorrectly encrypted: "; - StringSource xx(encrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(2048); xx.Flush(false); - std::cout << "\n"; - SignalTestFailure(); - } - if (test == "Encrypt" && decrypted != plaintext) - { - std::cout << "incorrectly decrypted: "; - StringSource xx(decrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(256); xx.Flush(false); - std::cout << "\n"; - SignalTestFailure(); - } - - if (ciphertext.size()+mac.size()-plaintext.size() != asc1->DigestSize()) - { - std::cout << "bad MAC size\n"; - SignalTestFailure(); - } - if (df.GetLastResult() != (test == "Encrypt")) - { - std::cout << "MAC incorrectly verified\n"; - SignalTestFailure(); - } - } - else - { - std::cout << "unexpected test name\n"; - SignalTestError(); - } -} - -void TestDigestOrMAC(TestData &v, bool testDigest) -{ - std::string name = GetRequiredDatum(v, "Name"); - std::string test = GetRequiredDatum(v, "Test"); - const char *digestName = testDigest ? "Digest" : "MAC"; - - member_ptr<MessageAuthenticationCode> mac; - member_ptr<HashTransformation> hash; - HashTransformation *pHash = NULL; - - TestDataNameValuePairs pairs(v); - - if (testDigest) - { - hash.reset(ObjectFactoryRegistry<HashTransformation>::Registry().CreateObject(name.c_str())); - pHash = hash.get(); - } - else - { - mac.reset(ObjectFactoryRegistry<MessageAuthenticationCode>::Registry().CreateObject(name.c_str())); - pHash = mac.get(); - std::string key = GetDecodedDatum(v, "Key"); - mac->SetKey((const byte *)key.c_str(), key.size(), pairs); - } - - if (test == "Verify" || test == "VerifyTruncated" || test == "NotVerify") - { - int digestSize = -1; - if (test == "VerifyTruncated") - pairs.GetIntValue(Name::DigestSize(), digestSize); - HashVerificationFilter verifierFilter(*pHash, NULL, HashVerificationFilter::HASH_AT_BEGIN, digestSize); - PutDecodedDatumInto(v, digestName, verifierFilter); - PutDecodedDatumInto(v, "Message", verifierFilter); - verifierFilter.MessageEnd(); - if (verifierFilter.GetLastResult() == (test == "NotVerify")) - SignalTestFailure(); - } - else - { - SignalTestError(); - assert(false); - } -} - -bool GetField(std::istream &is, std::string &name, std::string &value) -{ - name.resize(0); // GCC workaround: 2.95.3 doesn't have clear() - is >> name; - if (name.empty()) - return false; - - if (name[name.size()-1] != ':') - { - char c; - is >> skipws >> c; - if (c != ':') - SignalTestError(); - } - else - name.erase(name.size()-1); - - while (is.peek() == ' ') - is.ignore(1); - - // VC60 workaround: getline bug - char buffer[128]; - value.resize(0); // GCC workaround: 2.95.3 doesn't have clear() - bool continueLine; - - do - { - do - { - is.get(buffer, sizeof(buffer)); - value += buffer; - } - while (buffer[0] != 0); - is.clear(); - is.ignore(); - - if (!value.empty() && value[value.size()-1] == '\r') - value.resize(value.size()-1); - - if (!value.empty() && value[value.size()-1] == '\\') - { - value.resize(value.size()-1); - continueLine = true; - } - else - continueLine = false; - - std::string::size_type i = value.find('#'); - if (i != std::string::npos) - value.erase(i); - } - while (continueLine); - - return true; -} - -void OutputPair(const NameValuePairs &v, const char *name) -{ - Integer x; - bool b = v.GetValue(name, x); - assert(b); - cout << name << ": \\\n "; - x.Encode(HexEncoder(new FileSink(cout), false, 64, "\\\n ").Ref(), x.MinEncodedSize()); - cout << endl; -} - -void OutputNameValuePairs(const NameValuePairs &v) -{ - std::string names = v.GetValueNames(); - string::size_type i = 0; - while (i < names.size()) - { - string::size_type j = names.find_first_of (';', i); - - if (j == string::npos) - return; - else - { - std::string name = names.substr(i, j-i); - if (name.find(':') == string::npos) - OutputPair(v, name.c_str()); - } - - i = j + 1; - } -} - -void TestDataFile(const std::string &filename, const NameValuePairs &overrideParameters, unsigned int &totalTests, unsigned int &failedTests) -{ - std::ifstream file(filename.c_str()); - if (!file.good()) - throw Exception(Exception::OTHER_ERROR, "Can not open file " + filename + " for reading"); - TestData v; - s_currentTestData = &v; - std::string name, value, lastAlgName; - - while (file) - { - while (file.peek() == '#') - file.ignore(INT_MAX, '\n'); - - if (file.peek() == '\n' || file.peek() == '\r') - v.clear(); - - if (!GetField(file, name, value)) - break; - v[name] = value; - - if (name == "Test" && (s_thorough || v["SlowTest"] != "1")) - { - bool failed = true; - std::string algType = GetRequiredDatum(v, "AlgorithmType"); - - if (lastAlgName != GetRequiredDatum(v, "Name")) - { - lastAlgName = GetRequiredDatum(v, "Name"); - cout << "\nTesting " << algType.c_str() << " algorithm " << lastAlgName.c_str() << ".\n"; - } - - try - { - if (algType == "Signature") - TestSignatureScheme(v); - else if (algType == "SymmetricCipher") - TestSymmetricCipher(v, overrideParameters); - else if (algType == "AuthenticatedSymmetricCipher") - TestAuthenticatedSymmetricCipher(v, overrideParameters); - else if (algType == "AsymmetricCipher") - TestAsymmetricCipher(v); - else if (algType == "MessageDigest") - TestDigestOrMAC(v, true); - else if (algType == "MAC") - TestDigestOrMAC(v, false); - else if (algType == "FileList") - TestDataFile(GetRequiredDatum(v, "Test"), g_nullNameValuePairs, totalTests, failedTests); - else - SignalTestError(); - failed = false; - } - catch (TestFailure &) - { - cout << "\nTest failed.\n"; - } - catch (CryptoPP::Exception &e) - { - cout << "\nCryptoPP::Exception caught: " << e.what() << endl; - } - catch (std::exception &e) - { - cout << "\nstd::exception caught: " << e.what() << endl; - } - - if (failed) - { - cout << "Skipping to next test.\n"; - failedTests++; - } - else - cout << "." << flush; - - totalTests++; - } - } -} - -bool RunTestDataFile(const char *filename, const NameValuePairs &overrideParameters, bool thorough) -{ - s_thorough = thorough; - unsigned int totalTests = 0, failedTests = 0; - TestDataFile(filename, overrideParameters, totalTests, failedTests); - cout << dec << "\nTests complete. Total tests = " << totalTests << ". Failed tests = " << failedTests << ".\n"; - if (failedTests != 0) - cout << "SOME TESTS FAILED!\n"; - return failedTests == 0; -} diff --git a/cryptopp562/default.cpp b/cryptopp562/default.cpp deleted file mode 100644 index 7294078..0000000 --- a/cryptopp562/default.cpp +++ /dev/null @@ -1,258 +0,0 @@ -// default.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "default.h" -#include "queue.h" -#include <time.h> -#include <memory> - -NAMESPACE_BEGIN(CryptoPP) - -static const unsigned int MASH_ITERATIONS = 200; -static const unsigned int SALTLENGTH = 8; -static const unsigned int BLOCKSIZE = Default_BlockCipher::Encryption::BLOCKSIZE; -static const unsigned int KEYLENGTH = Default_BlockCipher::Encryption::DEFAULT_KEYLENGTH; - -// The purpose of this function Mash() is to take an arbitrary length input -// string and *deterministicly* produce an arbitrary length output string such -// that (1) it looks random, (2) no information about the input is -// deducible from it, and (3) it contains as much entropy as it can hold, or -// the amount of entropy in the input string, whichever is smaller. - -static void Mash(const byte *in, size_t inLen, byte *out, size_t outLen, int iterations) -{ - if (BytePrecision(outLen) > 2) - throw InvalidArgument("Mash: output legnth too large"); - - size_t bufSize = RoundUpToMultipleOf(outLen, (size_t)DefaultHashModule::DIGESTSIZE); - byte b[2]; - SecByteBlock buf(bufSize); - SecByteBlock outBuf(bufSize); - DefaultHashModule hash; - - unsigned int i; - for(i=0; i<outLen; i+=DefaultHashModule::DIGESTSIZE) - { - b[0] = (byte) (i >> 8); - b[1] = (byte) i; - hash.Update(b, 2); - hash.Update(in, inLen); - hash.Final(outBuf+i); - } - - while (iterations-- > 1) - { - memcpy(buf, outBuf, bufSize); - for (i=0; i<bufSize; i+=DefaultHashModule::DIGESTSIZE) - { - b[0] = (byte) (i >> 8); - b[1] = (byte) i; - hash.Update(b, 2); - hash.Update(buf, bufSize); - hash.Final(outBuf+i); - } - } - - memcpy(out, outBuf, outLen); -} - -static void GenerateKeyIV(const byte *passphrase, size_t passphraseLength, const byte *salt, size_t saltLength, byte *key, byte *IV) -{ - SecByteBlock temp(passphraseLength+saltLength); - memcpy(temp, passphrase, passphraseLength); - memcpy(temp+passphraseLength, salt, saltLength); - SecByteBlock keyIV(KEYLENGTH+BLOCKSIZE); - Mash(temp, passphraseLength + saltLength, keyIV, KEYLENGTH+BLOCKSIZE, MASH_ITERATIONS); - memcpy(key, keyIV, KEYLENGTH); - memcpy(IV, keyIV+KEYLENGTH, BLOCKSIZE); -} - -// ******************************************************** - -DefaultEncryptor::DefaultEncryptor(const char *passphrase, BufferedTransformation *attachment) - : ProxyFilter(NULL, 0, 0, attachment), m_passphrase((const byte *)passphrase, strlen(passphrase)) -{ -} - -DefaultEncryptor::DefaultEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment) - : ProxyFilter(NULL, 0, 0, attachment), m_passphrase(passphrase, passphraseLength) -{ -} - - -void DefaultEncryptor::FirstPut(const byte *) -{ - // VC60 workaround: __LINE__ expansion bug - CRYPTOPP_COMPILE_ASSERT_INSTANCE(SALTLENGTH <= DefaultHashModule::DIGESTSIZE, 1); - CRYPTOPP_COMPILE_ASSERT_INSTANCE(BLOCKSIZE <= DefaultHashModule::DIGESTSIZE, 2); - - SecByteBlock salt(DefaultHashModule::DIGESTSIZE), keyCheck(DefaultHashModule::DIGESTSIZE); - DefaultHashModule hash; - - // use hash(passphrase | time | clock) as salt - hash.Update(m_passphrase, m_passphrase.size()); - time_t t=time(0); - hash.Update((byte *)&t, sizeof(t)); - clock_t c=clock(); - hash.Update((byte *)&c, sizeof(c)); - hash.Final(salt); - - // use hash(passphrase | salt) as key check - hash.Update(m_passphrase, m_passphrase.size()); - hash.Update(salt, SALTLENGTH); - hash.Final(keyCheck); - - AttachedTransformation()->Put(salt, SALTLENGTH); - - // mash passphrase and salt together into key and IV - SecByteBlock key(KEYLENGTH); - SecByteBlock IV(BLOCKSIZE); - GenerateKeyIV(m_passphrase, m_passphrase.size(), salt, SALTLENGTH, key, IV); - - m_cipher.SetKeyWithIV(key, key.size(), IV); - SetFilter(new StreamTransformationFilter(m_cipher)); - - m_filter->Put(keyCheck, BLOCKSIZE); -} - -void DefaultEncryptor::LastPut(const byte *inString, size_t length) -{ - m_filter->MessageEnd(); -} - -// ******************************************************** - -DefaultDecryptor::DefaultDecryptor(const char *p, BufferedTransformation *attachment, bool throwException) - : ProxyFilter(NULL, SALTLENGTH+BLOCKSIZE, 0, attachment) - , m_state(WAITING_FOR_KEYCHECK) - , m_passphrase((const byte *)p, strlen(p)) - , m_throwException(throwException) -{ -} - -DefaultDecryptor::DefaultDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment, bool throwException) - : ProxyFilter(NULL, SALTLENGTH+BLOCKSIZE, 0, attachment) - , m_state(WAITING_FOR_KEYCHECK) - , m_passphrase(passphrase, passphraseLength) - , m_throwException(throwException) -{ -} - -void DefaultDecryptor::FirstPut(const byte *inString) -{ - CheckKey(inString, inString+SALTLENGTH); -} - -void DefaultDecryptor::LastPut(const byte *inString, size_t length) -{ - if (m_filter.get() == NULL) - { - m_state = KEY_BAD; - if (m_throwException) - throw KeyBadErr(); - } - else - { - m_filter->MessageEnd(); - m_state = WAITING_FOR_KEYCHECK; - } -} - -void DefaultDecryptor::CheckKey(const byte *salt, const byte *keyCheck) -{ - SecByteBlock check(STDMAX((unsigned int)2*BLOCKSIZE, (unsigned int)DefaultHashModule::DIGESTSIZE)); - - DefaultHashModule hash; - hash.Update(m_passphrase, m_passphrase.size()); - hash.Update(salt, SALTLENGTH); - hash.Final(check); - - SecByteBlock key(KEYLENGTH); - SecByteBlock IV(BLOCKSIZE); - GenerateKeyIV(m_passphrase, m_passphrase.size(), salt, SALTLENGTH, key, IV); - - m_cipher.SetKeyWithIV(key, key.size(), IV); - std::auto_ptr<StreamTransformationFilter> decryptor(new StreamTransformationFilter(m_cipher)); - - decryptor->Put(keyCheck, BLOCKSIZE); - decryptor->ForceNextPut(); - decryptor->Get(check+BLOCKSIZE, BLOCKSIZE); - - SetFilter(decryptor.release()); - - if (!VerifyBufsEqual(check, check+BLOCKSIZE, BLOCKSIZE)) - { - m_state = KEY_BAD; - if (m_throwException) - throw KeyBadErr(); - } - else - m_state = KEY_GOOD; -} - -// ******************************************************** - -static DefaultMAC * NewDefaultEncryptorMAC(const byte *passphrase, size_t passphraseLength) -{ - size_t macKeyLength = DefaultMAC::StaticGetValidKeyLength(16); - SecByteBlock macKey(macKeyLength); - // since the MAC is encrypted there is no reason to mash the passphrase for many iterations - Mash(passphrase, passphraseLength, macKey, macKeyLength, 1); - return new DefaultMAC(macKey, macKeyLength); -} - -DefaultEncryptorWithMAC::DefaultEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment) - : ProxyFilter(NULL, 0, 0, attachment) - , m_mac(NewDefaultEncryptorMAC((const byte *)passphrase, strlen(passphrase))) -{ - SetFilter(new HashFilter(*m_mac, new DefaultEncryptor(passphrase), true)); -} - -DefaultEncryptorWithMAC::DefaultEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment) - : ProxyFilter(NULL, 0, 0, attachment) - , m_mac(NewDefaultEncryptorMAC(passphrase, passphraseLength)) -{ - SetFilter(new HashFilter(*m_mac, new DefaultEncryptor(passphrase, passphraseLength), true)); -} - -void DefaultEncryptorWithMAC::LastPut(const byte *inString, size_t length) -{ - m_filter->MessageEnd(); -} - -// ******************************************************** - -DefaultDecryptorWithMAC::DefaultDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment, bool throwException) - : ProxyFilter(NULL, 0, 0, attachment) - , m_mac(NewDefaultEncryptorMAC((const byte *)passphrase, strlen(passphrase))) - , m_throwException(throwException) -{ - SetFilter(new DefaultDecryptor(passphrase, m_hashVerifier=new HashVerifier(*m_mac, NULL, HashVerifier::PUT_MESSAGE), throwException)); -} - -DefaultDecryptorWithMAC::DefaultDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment, bool throwException) - : ProxyFilter(NULL, 0, 0, attachment) - , m_mac(NewDefaultEncryptorMAC(passphrase, passphraseLength)) - , m_throwException(throwException) -{ - SetFilter(new DefaultDecryptor(passphrase, passphraseLength, m_hashVerifier=new HashVerifier(*m_mac, NULL, HashVerifier::PUT_MESSAGE), throwException)); -} - -DefaultDecryptor::State DefaultDecryptorWithMAC::CurrentState() const -{ - return static_cast<const DefaultDecryptor *>(m_filter.get())->CurrentState(); -} - -bool DefaultDecryptorWithMAC::CheckLastMAC() const -{ - return m_hashVerifier->GetLastResult(); -} - -void DefaultDecryptorWithMAC::LastPut(const byte *inString, size_t length) -{ - m_filter->MessageEnd(); - if (m_throwException && !CheckLastMAC()) - throw MACBadErr(); -} - -NAMESPACE_END diff --git a/cryptopp562/default.h b/cryptopp562/default.h deleted file mode 100644 index fb53641..0000000 --- a/cryptopp562/default.h +++ /dev/null @@ -1,104 +0,0 @@ -#ifndef CRYPTOPP_DEFAULT_H -#define CRYPTOPP_DEFAULT_H - -#include "sha.h" -#include "hmac.h" -#include "des.h" -#include "filters.h" -#include "modes.h" - -NAMESPACE_BEGIN(CryptoPP) - -typedef DES_EDE2 Default_BlockCipher; -typedef SHA DefaultHashModule; -typedef HMAC<DefaultHashModule> DefaultMAC; - -//! Password-Based Encryptor using DES-EDE2 -class DefaultEncryptor : public ProxyFilter -{ -public: - DefaultEncryptor(const char *passphrase, BufferedTransformation *attachment = NULL); - DefaultEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL); - -protected: - void FirstPut(const byte *); - void LastPut(const byte *inString, size_t length); - -private: - SecByteBlock m_passphrase; - CBC_Mode<Default_BlockCipher>::Encryption m_cipher; -}; - -//! Password-Based Decryptor using DES-EDE2 -class DefaultDecryptor : public ProxyFilter -{ -public: - DefaultDecryptor(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true); - DefaultDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true); - - class Err : public Exception - { - public: - Err(const std::string &s) - : Exception(DATA_INTEGRITY_CHECK_FAILED, s) {} - }; - class KeyBadErr : public Err {public: KeyBadErr() : Err("DefaultDecryptor: cannot decrypt message with this passphrase") {}}; - - enum State {WAITING_FOR_KEYCHECK, KEY_GOOD, KEY_BAD}; - State CurrentState() const {return m_state;} - -protected: - void FirstPut(const byte *inString); - void LastPut(const byte *inString, size_t length); - - State m_state; - -private: - void CheckKey(const byte *salt, const byte *keyCheck); - - SecByteBlock m_passphrase; - CBC_Mode<Default_BlockCipher>::Decryption m_cipher; - member_ptr<FilterWithBufferedInput> m_decryptor; - bool m_throwException; -}; - -//! Password-Based Encryptor using DES-EDE2 and HMAC/SHA-1 -class DefaultEncryptorWithMAC : public ProxyFilter -{ -public: - DefaultEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL); - DefaultEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL); - -protected: - void FirstPut(const byte *inString) {} - void LastPut(const byte *inString, size_t length); - -private: - member_ptr<DefaultMAC> m_mac; -}; - -//! Password-Based Decryptor using DES-EDE2 and HMAC/SHA-1 -class DefaultDecryptorWithMAC : public ProxyFilter -{ -public: - class MACBadErr : public DefaultDecryptor::Err {public: MACBadErr() : DefaultDecryptor::Err("DefaultDecryptorWithMAC: MAC check failed") {}}; - - DefaultDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true); - DefaultDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true); - - DefaultDecryptor::State CurrentState() const; - bool CheckLastMAC() const; - -protected: - void FirstPut(const byte *inString) {} - void LastPut(const byte *inString, size_t length); - -private: - member_ptr<DefaultMAC> m_mac; - HashVerifier *m_hashVerifier; - bool m_throwException; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/des.cpp b/cryptopp562/des.cpp deleted file mode 100644 index a6e0c51..0000000 --- a/cryptopp562/des.cpp +++ /dev/null @@ -1,449 +0,0 @@ -// des.cpp - modified by Wei Dai from Phil Karn's des.c -// The original code and all modifications are in the public domain. - -/* - * This is a major rewrite of my old public domain DES code written - * circa 1987, which in turn borrowed heavily from Jim Gillogly's 1977 - * public domain code. I pretty much kept my key scheduling code, but - * the actual encrypt/decrypt routines are taken from from Richard - * Outerbridge's DES code as printed in Schneier's "Applied Cryptography." - * - * This code is in the public domain. I would appreciate bug reports and - * enhancements. - * - * Phil Karn KA9Q, karn@unix.ka9q.ampr.org, August 1994. - */ - -#include "pch.h" -#include "misc.h" -#include "des.h" - -NAMESPACE_BEGIN(CryptoPP) - -typedef BlockGetAndPut<word32, BigEndian> Block; - -// Richard Outerbridge's initial permutation algorithm -/* -inline void IPERM(word32 &left, word32 &right) -{ - word32 work; - - work = ((left >> 4) ^ right) & 0x0f0f0f0f; - right ^= work; - left ^= work << 4; - work = ((left >> 16) ^ right) & 0xffff; - right ^= work; - left ^= work << 16; - work = ((right >> 2) ^ left) & 0x33333333; - left ^= work; - right ^= (work << 2); - work = ((right >> 8) ^ left) & 0xff00ff; - left ^= work; - right ^= (work << 8); - right = rotl(right, 1); - work = (left ^ right) & 0xaaaaaaaa; - left ^= work; - right ^= work; - left = rotl(left, 1); -} -inline void FPERM(word32 &left, word32 &right) -{ - word32 work; - - right = rotr(right, 1); - work = (left ^ right) & 0xaaaaaaaa; - left ^= work; - right ^= work; - left = rotr(left, 1); - work = ((left >> 8) ^ right) & 0xff00ff; - right ^= work; - left ^= work << 8; - work = ((left >> 2) ^ right) & 0x33333333; - right ^= work; - left ^= work << 2; - work = ((right >> 16) ^ left) & 0xffff; - left ^= work; - right ^= work << 16; - work = ((right >> 4) ^ left) & 0x0f0f0f0f; - left ^= work; - right ^= work << 4; -} -*/ - -// Wei Dai's modification to Richard Outerbridge's initial permutation -// algorithm, this one is faster if you have access to rotate instructions -// (like in MSVC) -static inline void IPERM(word32 &left, word32 &right) -{ - word32 work; - - right = rotlFixed(right, 4U); - work = (left ^ right) & 0xf0f0f0f0; - left ^= work; - right = rotrFixed(right^work, 20U); - work = (left ^ right) & 0xffff0000; - left ^= work; - right = rotrFixed(right^work, 18U); - work = (left ^ right) & 0x33333333; - left ^= work; - right = rotrFixed(right^work, 6U); - work = (left ^ right) & 0x00ff00ff; - left ^= work; - right = rotlFixed(right^work, 9U); - work = (left ^ right) & 0xaaaaaaaa; - left = rotlFixed(left^work, 1U); - right ^= work; -} - -static inline void FPERM(word32 &left, word32 &right) -{ - word32 work; - - right = rotrFixed(right, 1U); - work = (left ^ right) & 0xaaaaaaaa; - right ^= work; - left = rotrFixed(left^work, 9U); - work = (left ^ right) & 0x00ff00ff; - right ^= work; - left = rotlFixed(left^work, 6U); - work = (left ^ right) & 0x33333333; - right ^= work; - left = rotlFixed(left^work, 18U); - work = (left ^ right) & 0xffff0000; - right ^= work; - left = rotlFixed(left^work, 20U); - work = (left ^ right) & 0xf0f0f0f0; - right ^= work; - left = rotrFixed(left^work, 4U); -} - -void DES::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - RawSetKey(GetCipherDirection(), userKey); -} - -#ifndef CRYPTOPP_IMPORTS - -/* Tables defined in the Data Encryption Standard documents - * Three of these tables, the initial permutation, the final - * permutation and the expansion operator, are regular enough that - * for speed, we hard-code them. They're here for reference only. - * Also, the S and P boxes are used by a separate program, gensp.c, - * to build the combined SP box, Spbox[]. They're also here just - * for reference. - */ -#ifdef notdef -/* initial permutation IP */ -static byte ip[] = { - 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 -}; - -/* final permutation IP^-1 */ -static byte fp[] = { - 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 -}; -/* expansion operation matrix */ -static byte ei[] = { - 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 -}; -/* The (in)famous S-boxes */ -static byte sbox[8][64] = { - /* S1 */ - 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, - 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, - 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, - 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13, - - /* S2 */ - 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, - 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, - 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, - 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9, - - /* S3 */ - 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, - 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, - 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, - 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12, - - /* S4 */ - 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, - 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, - 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, - 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14, - - /* S5 */ - 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, - 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, - 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, - 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3, - - /* S6 */ - 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, - 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, - 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, - 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13, - - /* S7 */ - 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, - 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, - 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, - 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12, - - /* S8 */ - 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, - 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, - 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, - 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 -}; - -/* 32-bit permutation function P used on the output of the S-boxes */ -static byte p32i[] = { - 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 -}; -#endif - -/* permuted choice table (key) */ -static const byte pc1[] = { - 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 -}; - -/* number left rotations of pc1 */ -static const byte totrot[] = { - 1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 -}; - -/* permuted choice key (table) */ -static const byte pc2[] = { - 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 -}; - -/* End of DES-defined tables */ - -/* bit 0 is left-most in byte */ -static const int bytebit[] = { - 0200,0100,040,020,010,04,02,01 -}; - -/* Set key (initialize key schedule array) */ -void RawDES::RawSetKey(CipherDir dir, const byte *key) -{ - SecByteBlock buffer(56+56+8); - byte *const pc1m=buffer; /* place to modify pc1 into */ - byte *const pcr=pc1m+56; /* place to rotate pc1 into */ - byte *const ks=pcr+56; - register int i,j,l; - int m; - - for (j=0; j<56; j++) { /* convert pc1 to bits of key */ - l=pc1[j]-1; /* integer bit location */ - m = l & 07; /* find bit */ - pc1m[j]=(key[l>>3] & /* find which key byte l is in */ - bytebit[m]) /* and which bit of that byte */ - ? 1 : 0; /* and store 1-bit result */ - } - for (i=0; i<16; i++) { /* key chunk for each iteration */ - memset(ks,0,8); /* Clear key schedule */ - for (j=0; j<56; j++) /* rotate pc1 the right amount */ - pcr[j] = pc1m[(l=j+totrot[i])<(j<28? 28 : 56) ? l: l-28]; - /* rotate left and right halves independently */ - for (j=0; j<48; j++){ /* select bits individually */ - /* check bit that goes to ks[j] */ - if (pcr[pc2[j]-1]){ - /* mask it in if it's there */ - l= j % 6; - ks[j/6] |= bytebit[l] >> 2; - } - } - /* Now convert to odd/even interleaved form for use in F */ - k[2*i] = ((word32)ks[0] << 24) - | ((word32)ks[2] << 16) - | ((word32)ks[4] << 8) - | ((word32)ks[6]); - k[2*i+1] = ((word32)ks[1] << 24) - | ((word32)ks[3] << 16) - | ((word32)ks[5] << 8) - | ((word32)ks[7]); - } - - if (dir==DECRYPTION) // reverse key schedule order - for (i=0; i<16; i+=2) - { - std::swap(k[i], k[32-2-i]); - std::swap(k[i+1], k[32-1-i]); - } -} - -void RawDES::RawProcessBlock(word32 &l_, word32 &r_) const -{ - word32 l = l_, r = r_; - const word32 *kptr=k; - - for (unsigned i=0; i<8; i++) - { - word32 work = rotrFixed(r, 4U) ^ kptr[4*i+0]; - l ^= Spbox[6][(work) & 0x3f] - ^ Spbox[4][(work >> 8) & 0x3f] - ^ Spbox[2][(work >> 16) & 0x3f] - ^ Spbox[0][(work >> 24) & 0x3f]; - work = r ^ kptr[4*i+1]; - l ^= Spbox[7][(work) & 0x3f] - ^ Spbox[5][(work >> 8) & 0x3f] - ^ Spbox[3][(work >> 16) & 0x3f] - ^ Spbox[1][(work >> 24) & 0x3f]; - - work = rotrFixed(l, 4U) ^ kptr[4*i+2]; - r ^= Spbox[6][(work) & 0x3f] - ^ Spbox[4][(work >> 8) & 0x3f] - ^ Spbox[2][(work >> 16) & 0x3f] - ^ Spbox[0][(work >> 24) & 0x3f]; - work = l ^ kptr[4*i+3]; - r ^= Spbox[7][(work) & 0x3f] - ^ Spbox[5][(work >> 8) & 0x3f] - ^ Spbox[3][(work >> 16) & 0x3f] - ^ Spbox[1][(work >> 24) & 0x3f]; - } - - l_ = l; r_ = r; -} - -void DES_EDE2::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - m_des1.RawSetKey(GetCipherDirection(), userKey); - m_des2.RawSetKey(ReverseCipherDir(GetCipherDirection()), userKey+8); -} - -void DES_EDE2::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 l,r; - Block::Get(inBlock)(l)(r); - IPERM(l,r); - m_des1.RawProcessBlock(l, r); - m_des2.RawProcessBlock(r, l); - m_des1.RawProcessBlock(l, r); - FPERM(l,r); - Block::Put(xorBlock, outBlock)(r)(l); -} - -void DES_EDE3::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - m_des1.RawSetKey(GetCipherDirection(), userKey + (IsForwardTransformation() ? 0 : 16)); - m_des2.RawSetKey(ReverseCipherDir(GetCipherDirection()), userKey + 8); - m_des3.RawSetKey(GetCipherDirection(), userKey + (IsForwardTransformation() ? 16 : 0)); -} - -void DES_EDE3::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 l,r; - Block::Get(inBlock)(l)(r); - IPERM(l,r); - m_des1.RawProcessBlock(l, r); - m_des2.RawProcessBlock(r, l); - m_des3.RawProcessBlock(l, r); - FPERM(l,r); - Block::Put(xorBlock, outBlock)(r)(l); -} - -#endif // #ifndef CRYPTOPP_IMPORTS - -static inline bool CheckParity(byte b) -{ - unsigned int a = b ^ (b >> 4); - return ((a ^ (a>>1) ^ (a>>2) ^ (a>>3)) & 1) == 1; -} - -bool DES::CheckKeyParityBits(const byte *key) -{ - for (unsigned int i=0; i<8; i++) - if (!CheckParity(key[i])) - return false; - return true; -} - -void DES::CorrectKeyParityBits(byte *key) -{ - for (unsigned int i=0; i<8; i++) - if (!CheckParity(key[i])) - key[i] ^= 1; -} - -// Encrypt or decrypt a block of data in ECB mode -void DES::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 l,r; - Block::Get(inBlock)(l)(r); - IPERM(l,r); - RawProcessBlock(l, r); - FPERM(l,r); - Block::Put(xorBlock, outBlock)(r)(l); -} - -void DES_XEX3::Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - if (!m_des.get()) - m_des.reset(new DES::Encryption); - - memcpy(m_x1, key + (IsForwardTransformation() ? 0 : 16), BLOCKSIZE); - m_des->RawSetKey(GetCipherDirection(), key + 8); - memcpy(m_x3, key + (IsForwardTransformation() ? 16 : 0), BLOCKSIZE); -} - -void DES_XEX3::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - xorbuf(outBlock, inBlock, m_x1, BLOCKSIZE); - m_des->ProcessAndXorBlock(outBlock, xorBlock, outBlock); - xorbuf(outBlock, m_x3, BLOCKSIZE); -} - -NAMESPACE_END diff --git a/cryptopp562/des.h b/cryptopp562/des.h deleted file mode 100644 index 62f6288..0000000 --- a/cryptopp562/des.h +++ /dev/null @@ -1,144 +0,0 @@ -#ifndef CRYPTOPP_DES_H -#define CRYPTOPP_DES_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -class CRYPTOPP_DLL RawDES -{ -public: - void RawSetKey(CipherDir direction, const byte *userKey); - void RawProcessBlock(word32 &l, word32 &r) const; - -protected: - static const word32 Spbox[8][64]; - - FixedSizeSecBlock<word32, 32> k; -}; - -//! _ -struct DES_Info : public FixedBlockSize<8>, public FixedKeyLength<8> -{ - // disable DES in DLL version by not exporting this function - static const char * StaticAlgorithmName() {return "DES";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#DES">DES</a> -/*! The DES implementation in Crypto++ ignores the parity bits - (the least significant bits of each byte) in the key. However - you can use CheckKeyParityBits() and CorrectKeyParityBits() to - check or correct the parity bits if you wish. */ -class DES : public DES_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<DES_Info>, public RawDES - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - //! check DES key parity bits - static bool CheckKeyParityBits(const byte *key); - //! correct DES key parity bits - static void CorrectKeyParityBits(byte *key); - - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -//! _ -struct DES_EDE2_Info : public FixedBlockSize<8>, public FixedKeyLength<16> -{ - CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return "DES-EDE2";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#DESede">DES-EDE2</a> -class DES_EDE2 : public DES_EDE2_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<DES_EDE2_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - protected: - RawDES m_des1, m_des2; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -//! _ -struct DES_EDE3_Info : public FixedBlockSize<8>, public FixedKeyLength<24> -{ - CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return "DES-EDE3";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#DESede">DES-EDE3</a> -class DES_EDE3 : public DES_EDE3_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<DES_EDE3_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - protected: - RawDES m_des1, m_des2, m_des3; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -//! _ -struct DES_XEX3_Info : public FixedBlockSize<8>, public FixedKeyLength<24> -{ - static const char *StaticAlgorithmName() {return "DES-XEX3";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#DESX">DES-XEX3</a>, AKA DESX -class DES_XEX3 : public DES_XEX3_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<DES_XEX3_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - protected: - FixedSizeSecBlock<byte, BLOCKSIZE> m_x1, m_x3; - // VS2005 workaround: calling modules compiled with /clr gets unresolved external symbol DES::Base::ProcessAndXorBlock - // if we use DES::Encryption here directly without value_ptr. - value_ptr<DES::Encryption> m_des; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -typedef DES::Encryption DESEncryption; -typedef DES::Decryption DESDecryption; - -typedef DES_EDE2::Encryption DES_EDE2_Encryption; -typedef DES_EDE2::Decryption DES_EDE2_Decryption; - -typedef DES_EDE3::Encryption DES_EDE3_Encryption; -typedef DES_EDE3::Decryption DES_EDE3_Decryption; - -typedef DES_XEX3::Encryption DES_XEX3_Encryption; -typedef DES_XEX3::Decryption DES_XEX3_Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dessp.cpp b/cryptopp562/dessp.cpp deleted file mode 100644 index 49ed1d2..0000000 --- a/cryptopp562/dessp.cpp +++ /dev/null @@ -1,95 +0,0 @@ -// This file is mostly generated by Phil Karn's gensp.c - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "des.h" - -NAMESPACE_BEGIN(CryptoPP) - -// VC60 workaround: gives a C4786 warning without this function -// when runtime lib is set to multithread debug DLL -// even though warning 4786 is disabled! -void DES_VC60Workaround() -{ -} - -const word32 RawDES::Spbox[8][64] = { -{ -0x01010400,0x00000000,0x00010000,0x01010404, 0x01010004,0x00010404,0x00000004,0x00010000, -0x00000400,0x01010400,0x01010404,0x00000400, 0x01000404,0x01010004,0x01000000,0x00000004, -0x00000404,0x01000400,0x01000400,0x00010400, 0x00010400,0x01010000,0x01010000,0x01000404, -0x00010004,0x01000004,0x01000004,0x00010004, 0x00000000,0x00000404,0x00010404,0x01000000, -0x00010000,0x01010404,0x00000004,0x01010000, 0x01010400,0x01000000,0x01000000,0x00000400, -0x01010004,0x00010000,0x00010400,0x01000004, 0x00000400,0x00000004,0x01000404,0x00010404, -0x01010404,0x00010004,0x01010000,0x01000404, 0x01000004,0x00000404,0x00010404,0x01010400, -0x00000404,0x01000400,0x01000400,0x00000000, 0x00010004,0x00010400,0x00000000,0x01010004}, -{ -0x80108020,0x80008000,0x00008000,0x00108020, 0x00100000,0x00000020,0x80100020,0x80008020, -0x80000020,0x80108020,0x80108000,0x80000000, 0x80008000,0x00100000,0x00000020,0x80100020, -0x00108000,0x00100020,0x80008020,0x00000000, 0x80000000,0x00008000,0x00108020,0x80100000, -0x00100020,0x80000020,0x00000000,0x00108000, 0x00008020,0x80108000,0x80100000,0x00008020, -0x00000000,0x00108020,0x80100020,0x00100000, 0x80008020,0x80100000,0x80108000,0x00008000, -0x80100000,0x80008000,0x00000020,0x80108020, 0x00108020,0x00000020,0x00008000,0x80000000, -0x00008020,0x80108000,0x00100000,0x80000020, 0x00100020,0x80008020,0x80000020,0x00100020, -0x00108000,0x00000000,0x80008000,0x00008020, 0x80000000,0x80100020,0x80108020,0x00108000}, -{ -0x00000208,0x08020200,0x00000000,0x08020008, 0x08000200,0x00000000,0x00020208,0x08000200, -0x00020008,0x08000008,0x08000008,0x00020000, 0x08020208,0x00020008,0x08020000,0x00000208, -0x08000000,0x00000008,0x08020200,0x00000200, 0x00020200,0x08020000,0x08020008,0x00020208, -0x08000208,0x00020200,0x00020000,0x08000208, 0x00000008,0x08020208,0x00000200,0x08000000, -0x08020200,0x08000000,0x00020008,0x00000208, 0x00020000,0x08020200,0x08000200,0x00000000, -0x00000200,0x00020008,0x08020208,0x08000200, 0x08000008,0x00000200,0x00000000,0x08020008, -0x08000208,0x00020000,0x08000000,0x08020208, 0x00000008,0x00020208,0x00020200,0x08000008, -0x08020000,0x08000208,0x00000208,0x08020000, 0x00020208,0x00000008,0x08020008,0x00020200}, -{ -0x00802001,0x00002081,0x00002081,0x00000080, 0x00802080,0x00800081,0x00800001,0x00002001, -0x00000000,0x00802000,0x00802000,0x00802081, 0x00000081,0x00000000,0x00800080,0x00800001, -0x00000001,0x00002000,0x00800000,0x00802001, 0x00000080,0x00800000,0x00002001,0x00002080, -0x00800081,0x00000001,0x00002080,0x00800080, 0x00002000,0x00802080,0x00802081,0x00000081, -0x00800080,0x00800001,0x00802000,0x00802081, 0x00000081,0x00000000,0x00000000,0x00802000, -0x00002080,0x00800080,0x00800081,0x00000001, 0x00802001,0x00002081,0x00002081,0x00000080, -0x00802081,0x00000081,0x00000001,0x00002000, 0x00800001,0x00002001,0x00802080,0x00800081, -0x00002001,0x00002080,0x00800000,0x00802001, 0x00000080,0x00800000,0x00002000,0x00802080}, -{ -0x00000100,0x02080100,0x02080000,0x42000100, 0x00080000,0x00000100,0x40000000,0x02080000, -0x40080100,0x00080000,0x02000100,0x40080100, 0x42000100,0x42080000,0x00080100,0x40000000, -0x02000000,0x40080000,0x40080000,0x00000000, 0x40000100,0x42080100,0x42080100,0x02000100, -0x42080000,0x40000100,0x00000000,0x42000000, 0x02080100,0x02000000,0x42000000,0x00080100, -0x00080000,0x42000100,0x00000100,0x02000000, 0x40000000,0x02080000,0x42000100,0x40080100, -0x02000100,0x40000000,0x42080000,0x02080100, 0x40080100,0x00000100,0x02000000,0x42080000, -0x42080100,0x00080100,0x42000000,0x42080100, 0x02080000,0x00000000,0x40080000,0x42000000, -0x00080100,0x02000100,0x40000100,0x00080000, 0x00000000,0x40080000,0x02080100,0x40000100}, -{ -0x20000010,0x20400000,0x00004000,0x20404010, 0x20400000,0x00000010,0x20404010,0x00400000, -0x20004000,0x00404010,0x00400000,0x20000010, 0x00400010,0x20004000,0x20000000,0x00004010, -0x00000000,0x00400010,0x20004010,0x00004000, 0x00404000,0x20004010,0x00000010,0x20400010, -0x20400010,0x00000000,0x00404010,0x20404000, 0x00004010,0x00404000,0x20404000,0x20000000, -0x20004000,0x00000010,0x20400010,0x00404000, 0x20404010,0x00400000,0x00004010,0x20000010, -0x00400000,0x20004000,0x20000000,0x00004010, 0x20000010,0x20404010,0x00404000,0x20400000, -0x00404010,0x20404000,0x00000000,0x20400010, 0x00000010,0x00004000,0x20400000,0x00404010, -0x00004000,0x00400010,0x20004010,0x00000000, 0x20404000,0x20000000,0x00400010,0x20004010}, -{ -0x00200000,0x04200002,0x04000802,0x00000000, 0x00000800,0x04000802,0x00200802,0x04200800, -0x04200802,0x00200000,0x00000000,0x04000002, 0x00000002,0x04000000,0x04200002,0x00000802, -0x04000800,0x00200802,0x00200002,0x04000800, 0x04000002,0x04200000,0x04200800,0x00200002, -0x04200000,0x00000800,0x00000802,0x04200802, 0x00200800,0x00000002,0x04000000,0x00200800, -0x04000000,0x00200800,0x00200000,0x04000802, 0x04000802,0x04200002,0x04200002,0x00000002, -0x00200002,0x04000000,0x04000800,0x00200000, 0x04200800,0x00000802,0x00200802,0x04200800, -0x00000802,0x04000002,0x04200802,0x04200000, 0x00200800,0x00000000,0x00000002,0x04200802, -0x00000000,0x00200802,0x04200000,0x00000800, 0x04000002,0x04000800,0x00000800,0x00200002}, -{ -0x10001040,0x00001000,0x00040000,0x10041040, 0x10000000,0x10001040,0x00000040,0x10000000, -0x00040040,0x10040000,0x10041040,0x00041000, 0x10041000,0x00041040,0x00001000,0x00000040, -0x10040000,0x10000040,0x10001000,0x00001040, 0x00041000,0x00040040,0x10040040,0x10041000, -0x00001040,0x00000000,0x00000000,0x10040040, 0x10000040,0x10001000,0x00041040,0x00040000, -0x00041040,0x00040000,0x10041000,0x00001000, 0x00000040,0x10040040,0x00001000,0x00041040, -0x10001000,0x00000040,0x10000040,0x10040000, 0x10040040,0x10000000,0x00040000,0x10001040, -0x00000000,0x10041040,0x00040040,0x10000040, 0x10040000,0x10001000,0x10001040,0x00000000, -0x10041040,0x00041000,0x00041000,0x00001040, 0x00001040,0x00040040,0x10000000,0x10041000} -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dh.cpp b/cryptopp562/dh.cpp deleted file mode 100644 index 22097a0..0000000 --- a/cryptopp562/dh.cpp +++ /dev/null @@ -1,19 +0,0 @@ -// dh.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "dh.h" - -NAMESPACE_BEGIN(CryptoPP) - -void DH_TestInstantiations() -{ - DH dh1; - DH dh2(NullRNG(), 10); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dh.h b/cryptopp562/dh.h deleted file mode 100644 index 10e8d14..0000000 --- a/cryptopp562/dh.h +++ /dev/null @@ -1,99 +0,0 @@ -#ifndef CRYPTOPP_DH_H -#define CRYPTOPP_DH_H - -/** \file -*/ - -#include "gfpcrypt.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! , -template <class GROUP_PARAMETERS, class COFACTOR_OPTION = CPP_TYPENAME GROUP_PARAMETERS::DefaultCofactorOption> -class DH_Domain : public DL_SimpleKeyAgreementDomainBase<typename GROUP_PARAMETERS::Element> -{ - typedef DL_SimpleKeyAgreementDomainBase<typename GROUP_PARAMETERS::Element> Base; - -public: - typedef GROUP_PARAMETERS GroupParameters; - typedef typename GroupParameters::Element Element; - typedef DL_KeyAgreementAlgorithm_DH<Element, COFACTOR_OPTION> DH_Algorithm; - typedef DH_Domain<GROUP_PARAMETERS, COFACTOR_OPTION> Domain; - - DH_Domain() {} - - DH_Domain(const GroupParameters ¶ms) - : m_groupParameters(params) {} - - DH_Domain(BufferedTransformation &bt) - {m_groupParameters.BERDecode(bt);} - - template <class T2> - DH_Domain(RandomNumberGenerator &v1, const T2 &v2) - {m_groupParameters.Initialize(v1, v2);} - - template <class T2, class T3> - DH_Domain(RandomNumberGenerator &v1, const T2 &v2, const T3 &v3) - {m_groupParameters.Initialize(v1, v2, v3);} - - template <class T2, class T3, class T4> - DH_Domain(RandomNumberGenerator &v1, const T2 &v2, const T3 &v3, const T4 &v4) - {m_groupParameters.Initialize(v1, v2, v3, v4);} - - template <class T1, class T2> - DH_Domain(const T1 &v1, const T2 &v2) - {m_groupParameters.Initialize(v1, v2);} - - template <class T1, class T2, class T3> - DH_Domain(const T1 &v1, const T2 &v2, const T3 &v3) - {m_groupParameters.Initialize(v1, v2, v3);} - - template <class T1, class T2, class T3, class T4> - DH_Domain(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4) - {m_groupParameters.Initialize(v1, v2, v3, v4);} - - const GroupParameters & GetGroupParameters() const {return m_groupParameters;} - GroupParameters & AccessGroupParameters() {return m_groupParameters;} - - void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const - { - Base::GeneratePublicKey(rng, privateKey, publicKey); - - if (FIPS_140_2_ComplianceEnabled()) - { - SecByteBlock privateKey2(this->PrivateKeyLength()); - this->GeneratePrivateKey(rng, privateKey2); - - SecByteBlock publicKey2(this->PublicKeyLength()); - Base::GeneratePublicKey(rng, privateKey2, publicKey2); - - SecByteBlock agreedValue(this->AgreedValueLength()), agreedValue2(this->AgreedValueLength()); - bool agreed1 = this->Agree(agreedValue, privateKey, publicKey2); - bool agreed2 = this->Agree(agreedValue2, privateKey2, publicKey); - - if (!agreed1 || !agreed2 || agreedValue != agreedValue2) - throw SelfTestFailure(this->AlgorithmName() + ": pairwise consistency test failed"); - } - } - - static std::string CRYPTOPP_API StaticAlgorithmName() - {return GroupParameters::StaticAlgorithmNamePrefix() + DH_Algorithm::StaticAlgorithmName();} - std::string AlgorithmName() const {return StaticAlgorithmName();} - -private: - const DL_KeyAgreementAlgorithm<Element> & GetKeyAgreementAlgorithm() const - {return Singleton<DH_Algorithm>().Ref();} - DL_GroupParameters<Element> & AccessAbstractGroupParameters() - {return m_groupParameters;} - - GroupParameters m_groupParameters; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS DH_Domain<DL_GroupParameters_GFP_DefaultSafePrime>; - -//! <a href="http://www.weidai.com/scan-mirror/ka.html#DH">Diffie-Hellman</a> in GF(p) with key validation -typedef DH_Domain<DL_GroupParameters_GFP_DefaultSafePrime> DH; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dh2.cpp b/cryptopp562/dh2.cpp deleted file mode 100644 index 98175ee..0000000 --- a/cryptopp562/dh2.cpp +++ /dev/null @@ -1,22 +0,0 @@ -// dh2.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "dh2.h" - -NAMESPACE_BEGIN(CryptoPP) - -void DH2_TestInstantiations() -{ - DH2 dh(*(SimpleKeyAgreementDomain*)NULL); -} - -bool DH2::Agree(byte *agreedValue, - const byte *staticSecretKey, const byte *ephemeralSecretKey, - const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, - bool validateStaticOtherPublicKey) const -{ - return d1.Agree(agreedValue, staticSecretKey, staticOtherPublicKey, validateStaticOtherPublicKey) - && d2.Agree(agreedValue+d1.AgreedValueLength(), ephemeralSecretKey, ephemeralOtherPublicKey, true); -} - -NAMESPACE_END diff --git a/cryptopp562/dh2.h b/cryptopp562/dh2.h deleted file mode 100644 index af9d342..0000000 --- a/cryptopp562/dh2.h +++ /dev/null @@ -1,58 +0,0 @@ -#ifndef CRYPTOPP_DH2_H -#define CRYPTOPP_DH2_H - -/** \file -*/ - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// <a href="http://www.weidai.com/scan-mirror/ka.html#DH2">Unified Diffie-Hellman</a> -class DH2 : public AuthenticatedKeyAgreementDomain -{ -public: - DH2(SimpleKeyAgreementDomain &domain) - : d1(domain), d2(domain) {} - DH2(SimpleKeyAgreementDomain &staticDomain, SimpleKeyAgreementDomain &ephemeralDomain) - : d1(staticDomain), d2(ephemeralDomain) {} - - CryptoParameters & AccessCryptoParameters() {return d1.AccessCryptoParameters();} - - unsigned int AgreedValueLength() const - {return d1.AgreedValueLength() + d2.AgreedValueLength();} - - unsigned int StaticPrivateKeyLength() const - {return d1.PrivateKeyLength();} - unsigned int StaticPublicKeyLength() const - {return d1.PublicKeyLength();} - void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const - {d1.GeneratePrivateKey(rng, privateKey);} - void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const - {d1.GeneratePublicKey(rng, privateKey, publicKey);} - void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const - {d1.GenerateKeyPair(rng, privateKey, publicKey);} - - unsigned int EphemeralPrivateKeyLength() const - {return d2.PrivateKeyLength();} - unsigned int EphemeralPublicKeyLength() const - {return d2.PublicKeyLength();} - void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const - {d2.GeneratePrivateKey(rng, privateKey);} - void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const - {d2.GeneratePublicKey(rng, privateKey, publicKey);} - void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const - {d2.GenerateKeyPair(rng, privateKey, publicKey);} - - bool Agree(byte *agreedValue, - const byte *staticPrivateKey, const byte *ephemeralPrivateKey, - const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, - bool validateStaticOtherPublicKey=true) const; - -protected: - SimpleKeyAgreementDomain &d1, &d2; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dll.cpp b/cryptopp562/dll.cpp deleted file mode 100644 index 2b4ef7a..0000000 --- a/cryptopp562/dll.cpp +++ /dev/null @@ -1,146 +0,0 @@ -// dll.cpp - written and placed in the public domain by Wei Dai - -#define CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES -#define CRYPTOPP_DEFAULT_NO_DLL - -#include "dll.h" -#pragma warning(default: 4660) - -#if defined(CRYPTOPP_EXPORTS) && defined(CRYPTOPP_WIN32_AVAILABLE) -#include <windows.h> -#endif - -#ifndef CRYPTOPP_IMPORTS - -NAMESPACE_BEGIN(CryptoPP) - -template<> const byte PKCS_DigestDecoration<SHA1>::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,0x05,0x00,0x04,0x14}; -template<> const unsigned int PKCS_DigestDecoration<SHA1>::length = sizeof(PKCS_DigestDecoration<SHA1>::decoration); - -template<> const byte PKCS_DigestDecoration<SHA224>::decoration[] = {0x30,0x2d,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,0x05,0x00,0x04,0x1c}; -template<> const unsigned int PKCS_DigestDecoration<SHA224>::length = sizeof(PKCS_DigestDecoration<SHA224>::decoration); - -template<> const byte PKCS_DigestDecoration<SHA256>::decoration[] = {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20}; -template<> const unsigned int PKCS_DigestDecoration<SHA256>::length = sizeof(PKCS_DigestDecoration<SHA256>::decoration); - -template<> const byte PKCS_DigestDecoration<SHA384>::decoration[] = {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30}; -template<> const unsigned int PKCS_DigestDecoration<SHA384>::length = sizeof(PKCS_DigestDecoration<SHA384>::decoration); - -template<> const byte PKCS_DigestDecoration<SHA512>::decoration[] = {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40}; -template<> const unsigned int PKCS_DigestDecoration<SHA512>::length = sizeof(PKCS_DigestDecoration<SHA512>::decoration); - -template<> const byte EMSA2HashId<SHA>::id = 0x33; -template<> const byte EMSA2HashId<SHA224>::id = 0x38; -template<> const byte EMSA2HashId<SHA256>::id = 0x34; -template<> const byte EMSA2HashId<SHA384>::id = 0x36; -template<> const byte EMSA2HashId<SHA512>::id = 0x35; - -NAMESPACE_END - -#endif - -#ifdef CRYPTOPP_EXPORTS - -USING_NAMESPACE(CryptoPP) - -#if !(defined(_MSC_VER) && (_MSC_VER < 1300)) -using std::set_new_handler; -#endif - -static PNew s_pNew = NULL; -static PDelete s_pDelete = NULL; - -static void * New (size_t size) -{ - void *p; - while (!(p = malloc(size))) - CallNewHandler(); - - return p; -} - -static void SetNewAndDeleteFunctionPointers() -{ - void *p = NULL; - HMODULE hModule = NULL; - MEMORY_BASIC_INFORMATION mbi; - - while (true) - { - VirtualQuery(p, &mbi, sizeof(mbi)); - - if (p >= (char *)mbi.BaseAddress + mbi.RegionSize) - break; - - p = (char *)mbi.BaseAddress + mbi.RegionSize; - - if (!mbi.AllocationBase || mbi.AllocationBase == hModule) - continue; - - hModule = HMODULE(mbi.AllocationBase); - - PGetNewAndDelete pGetNewAndDelete = (PGetNewAndDelete)GetProcAddress(hModule, "GetNewAndDeleteForCryptoPP"); - if (pGetNewAndDelete) - { - pGetNewAndDelete(s_pNew, s_pDelete); - return; - } - - PSetNewAndDelete pSetNewAndDelete = (PSetNewAndDelete)GetProcAddress(hModule, "SetNewAndDeleteFromCryptoPP"); - if (pSetNewAndDelete) - { - s_pNew = &New; - s_pDelete = &free; - pSetNewAndDelete(s_pNew, s_pDelete, &set_new_handler); - return; - } - } - - // try getting these directly using mangled names of new and delete operators - - hModule = GetModuleHandle("msvcrtd"); - if (!hModule) - hModule = GetModuleHandle("msvcrt"); - if (hModule) - { - // 32-bit versions - s_pNew = (PNew)GetProcAddress(hModule, "??2@YAPAXI@Z"); - s_pDelete = (PDelete)GetProcAddress(hModule, "??3@YAXPAX@Z"); - if (s_pNew && s_pDelete) - return; - - // 64-bit versions - s_pNew = (PNew)GetProcAddress(hModule, "??2@YAPEAX_K@Z"); - s_pDelete = (PDelete)GetProcAddress(hModule, "??3@YAXPEAX@Z"); - if (s_pNew && s_pDelete) - return; - } - - OutputDebugString("Crypto++ was not able to obtain new and delete function pointers.\n"); - throw 0; -} - -void * operator new (size_t size) -{ - if (!s_pNew) - SetNewAndDeleteFunctionPointers(); - - return s_pNew(size); -} - -void operator delete (void * p) -{ - s_pDelete(p); -} - -void * operator new [] (size_t size) -{ - return operator new (size); -} - -void operator delete [] (void * p) -{ - operator delete (p); -} - -#endif // #ifdef CRYPTOPP_EXPORTS diff --git a/cryptopp562/dll.h b/cryptopp562/dll.h deleted file mode 100644 index 5e42d46..0000000 --- a/cryptopp562/dll.h +++ /dev/null @@ -1,71 +0,0 @@ -#ifndef CRYPTOPP_DLL_H -#define CRYPTOPP_DLL_H - -#if !defined(CRYPTOPP_IMPORTS) && !defined(CRYPTOPP_EXPORTS) && !defined(CRYPTOPP_DEFAULT_NO_DLL) -#ifdef CRYPTOPP_CONFIG_H -#error To use the DLL version of Crypto++, this file must be included before any other Crypto++ header files. -#endif -#define CRYPTOPP_IMPORTS -#endif - -#include "aes.h" -#include "cbcmac.h" -#include "ccm.h" -#include "cmac.h" -#include "channels.h" -#include "des.h" -#include "dh.h" -#include "dsa.h" -#include "ec2n.h" -#include "eccrypto.h" -#include "ecp.h" -#include "files.h" -#include "fips140.h" -#include "gcm.h" -#include "hex.h" -#include "hmac.h" -#include "modes.h" -#include "mqueue.h" -#include "nbtheory.h" -#include "osrng.h" -#include "pkcspad.h" -#include "pssr.h" -#include "randpool.h" -#include "rsa.h" -#include "rw.h" -#include "sha.h" -#include "skipjack.h" -#include "trdlocal.h" - -#ifdef CRYPTOPP_IMPORTS - -#ifdef _DLL -// cause CRT DLL to be initialized before Crypto++ so that we can use malloc and free during DllMain() -#ifdef NDEBUG -#pragma comment(lib, "msvcrt") -#else -#pragma comment(lib, "msvcrtd") -#endif -#endif - -#pragma comment(lib, "cryptopp") - -#endif // #ifdef CRYPTOPP_IMPORTS - -#include <new> // for new_handler - -NAMESPACE_BEGIN(CryptoPP) - -#if !(defined(_MSC_VER) && (_MSC_VER < 1300)) -using std::new_handler; -#endif - -typedef void * (CRYPTOPP_API * PNew)(size_t); -typedef void (CRYPTOPP_API * PDelete)(void *); -typedef void (CRYPTOPP_API * PGetNewAndDelete)(PNew &, PDelete &); -typedef new_handler (CRYPTOPP_API * PSetNewHandler)(new_handler); -typedef void (CRYPTOPP_API * PSetNewAndDelete)(PNew, PDelete, PSetNewHandler); - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dlltest.cpp b/cryptopp562/dlltest.cpp deleted file mode 100644 index 4afd305..0000000 --- a/cryptopp562/dlltest.cpp +++ /dev/null @@ -1,205 +0,0 @@ -#ifndef CRYPTOPP_DLL_ONLY -#define CRYPTOPP_DEFAULT_NO_DLL -#endif - -#include "dll.h" - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -void FIPS140_SampleApplication() -{ - if (!FIPS_140_2_ComplianceEnabled()) - { - cerr << "FIPS 140-2 compliance was turned off at compile time.\n"; - abort(); - } - - // check self test status - if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED) - { - cerr << "Automatic power-up self test failed.\n"; - abort(); - } - cout << "0. Automatic power-up self test passed.\n"; - - // simulate a power-up self test error - SimulatePowerUpSelfTestFailure(); - try - { - // trying to use a crypto algorithm after power-up self test error will result in an exception - AES::Encryption aes; - - // should not be here - cerr << "Use of AES failed to cause an exception after power-up self test error.\n"; - abort(); - } - catch (SelfTestFailure &e) - { - cout << "1. Caught expected exception when simulating self test failure. Exception message follows: "; - cout << e.what() << endl; - } - - // clear the self test error state and redo power-up self test - DoDllPowerUpSelfTest(); - if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED) - { - cerr << "Re-do power-up self test failed.\n"; - abort(); - } - cout << "2. Re-do power-up self test passed.\n"; - - // encrypt and decrypt - const byte key[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; - const byte iv[] = {0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; - const byte plaintext[] = { // "Now is the time for all " without tailing 0 - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20}; - byte ciphertext[24]; - byte decrypted[24]; - - CFB_FIPS_Mode<DES_EDE3>::Encryption encryption_DES_EDE3_CFB; - encryption_DES_EDE3_CFB.SetKeyWithIV(key, sizeof(key), iv); - encryption_DES_EDE3_CFB.ProcessString(ciphertext, plaintext, 24); - - CFB_FIPS_Mode<DES_EDE3>::Decryption decryption_DES_EDE3_CFB; - decryption_DES_EDE3_CFB.SetKeyWithIV(key, sizeof(key), iv); - decryption_DES_EDE3_CFB.ProcessString(decrypted, ciphertext, 24); - - if (memcmp(plaintext, decrypted, 24) != 0) - { - cerr << "DES-EDE3-CFB Encryption/decryption failed.\n"; - abort(); - } - cout << "3. DES-EDE3-CFB Encryption/decryption succeeded.\n"; - - // hash - const byte message[] = {'a', 'b', 'c'}; - const byte expectedDigest[] = {0xA9,0x99,0x3E,0x36,0x47,0x06,0x81,0x6A,0xBA,0x3E,0x25,0x71,0x78,0x50,0xC2,0x6C,0x9C,0xD0,0xD8,0x9D}; - byte digest[20]; - - SHA1 sha; - sha.Update(message, 3); - sha.Final(digest); - - if (memcmp(digest, expectedDigest, 20) != 0) - { - cerr << "SHA-1 hash failed.\n"; - abort(); - } - cout << "4. SHA-1 hash succeeded.\n"; - - // create auto-seeded X9.17 RNG object, if available -#ifdef OS_RNG_AVAILABLE - AutoSeededX917RNG<AES> rng; -#else - // this is used to allow this function to compile on platforms that don't have auto-seeded RNGs - RandomNumberGenerator &rng(NullRNG()); -#endif - - // generate DSA key - DSA::PrivateKey dsaPrivateKey; - dsaPrivateKey.GenerateRandomWithKeySize(rng, 1024); - DSA::PublicKey dsaPublicKey; - dsaPublicKey.AssignFrom(dsaPrivateKey); - if (!dsaPrivateKey.Validate(rng, 3) || !dsaPublicKey.Validate(rng, 3)) - { - cerr << "DSA key generation failed.\n"; - abort(); - } - cout << "5. DSA key generation succeeded.\n"; - - // encode DSA key - std::string encodedDsaPublicKey, encodedDsaPrivateKey; - dsaPublicKey.DEREncode(StringSink(encodedDsaPublicKey).Ref()); - dsaPrivateKey.DEREncode(StringSink(encodedDsaPrivateKey).Ref()); - - // decode DSA key - DSA::PrivateKey decodedDsaPrivateKey; - decodedDsaPrivateKey.BERDecode(StringStore(encodedDsaPrivateKey).Ref()); - DSA::PublicKey decodedDsaPublicKey; - decodedDsaPublicKey.BERDecode(StringStore(encodedDsaPublicKey).Ref()); - - if (!decodedDsaPrivateKey.Validate(rng, 3) || !decodedDsaPublicKey.Validate(rng, 3)) - { - cerr << "DSA key encode/decode failed.\n"; - abort(); - } - cout << "6. DSA key encode/decode succeeded.\n"; - - // sign and verify - byte signature[40]; - DSA::Signer signer(dsaPrivateKey); - assert(signer.SignatureLength() == 40); - signer.SignMessage(rng, message, 3, signature); - - DSA::Verifier verifier(dsaPublicKey); - if (!verifier.VerifyMessage(message, 3, signature, sizeof(signature))) - { - cerr << "DSA signature and verification failed.\n"; - abort(); - } - cout << "7. DSA signature and verification succeeded.\n"; - - - // try to verify an invalid signature - signature[0] ^= 1; - if (verifier.VerifyMessage(message, 3, signature, sizeof(signature))) - { - cerr << "DSA signature verification failed to detect bad signature.\n"; - abort(); - } - cout << "8. DSA signature verification successfully detected bad signature.\n"; - - // try to use an invalid key length - try - { - ECB_Mode<DES_EDE3>::Encryption encryption_DES_EDE3_ECB; - encryption_DES_EDE3_ECB.SetKey(key, 5); - - // should not be here - cerr << "DES-EDE3 implementation did not detect use of invalid key length.\n"; - abort(); - } - catch (InvalidArgument &e) - { - cout << "9. Caught expected exception when using invalid key length. Exception message follows: "; - cout << e.what() << endl; - } - - cout << "\nFIPS 140-2 Sample Application completed normally.\n"; -} - -#ifdef CRYPTOPP_IMPORTS - -static PNew s_pNew = NULL; -static PDelete s_pDelete = NULL; - -extern "C" __declspec(dllexport) void __cdecl SetNewAndDeleteFromCryptoPP(PNew pNew, PDelete pDelete, PSetNewHandler pSetNewHandler) -{ - s_pNew = pNew; - s_pDelete = pDelete; -} - -void * __cdecl operator new (size_t size) -{ - return s_pNew(size); -} - -void __cdecl operator delete (void * p) -{ - s_pDelete(p); -} - -#endif - -#ifdef CRYPTOPP_DLL_ONLY - -int __cdecl main() -{ - FIPS140_SampleApplication(); - return 0; -} - -#endif diff --git a/cryptopp562/dmac.h b/cryptopp562/dmac.h deleted file mode 100644 index 80b54ac..0000000 --- a/cryptopp562/dmac.h +++ /dev/null @@ -1,93 +0,0 @@ -#ifndef CRYPTOPP_DMAC_H -#define CRYPTOPP_DMAC_H - -#include "cbcmac.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DMAC_Base : public SameKeyLengthAs<T>, public MessageAuthenticationCode -{ -public: - static std::string StaticAlgorithmName() {return std::string("DMAC(") + T::StaticAlgorithmName() + ")";} - - CRYPTOPP_CONSTANT(DIGESTSIZE=T::BLOCKSIZE) - - DMAC_Base() {} - - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - void Update(const byte *input, size_t length); - void TruncatedFinal(byte *mac, size_t size); - unsigned int DigestSize() const {return DIGESTSIZE;} - -private: - byte *GenerateSubKeys(const byte *key, size_t keylength); - - size_t m_subkeylength; - SecByteBlock m_subkeys; - CBC_MAC<T> m_mac1; - typename T::Encryption m_f2; - unsigned int m_counter; -}; - -//! DMAC -/*! Based on "CBC MAC for Real-Time Data Sources" by Erez Petrank - and Charles Rackoff. T should be a class derived from BlockCipherDocumentation. -*/ -template <class T> -class DMAC : public MessageAuthenticationCodeFinal<DMAC_Base<T> > -{ -public: - DMAC() {} - DMAC(const byte *key, size_t length=DMAC_Base<T>::DEFAULT_KEYLENGTH) - {this->SetKey(key, length);} -}; - -template <class T> -void DMAC_Base<T>::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) -{ - m_subkeylength = T::StaticGetValidKeyLength(T::BLOCKSIZE); - m_subkeys.resize(2*UnsignedMin((unsigned int)T::BLOCKSIZE, m_subkeylength)); - m_mac1.SetKey(GenerateSubKeys(key, length), m_subkeylength, params); - m_f2.SetKey(m_subkeys+m_subkeys.size()/2, m_subkeylength, params); - m_counter = 0; - m_subkeys.resize(0); -} - -template <class T> -void DMAC_Base<T>::Update(const byte *input, size_t length) -{ - m_mac1.Update(input, length); - m_counter = (unsigned int)((m_counter + length) % T::BLOCKSIZE); -} - -template <class T> -void DMAC_Base<T>::TruncatedFinal(byte *mac, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - byte pad[T::BLOCKSIZE]; - byte padByte = byte(T::BLOCKSIZE-m_counter); - memset(pad, padByte, padByte); - m_mac1.Update(pad, padByte); - m_mac1.TruncatedFinal(mac, size); - m_f2.ProcessBlock(mac); - - m_counter = 0; // reset for next message -} - -template <class T> -byte *DMAC_Base<T>::GenerateSubKeys(const byte *key, size_t keylength) -{ - typename T::Encryption cipher(key, keylength); - memset(m_subkeys, 0, m_subkeys.size()); - cipher.ProcessBlock(m_subkeys); - m_subkeys[m_subkeys.size()/2 + T::BLOCKSIZE - 1] = 1; - cipher.ProcessBlock(m_subkeys+m_subkeys.size()/2); - return m_subkeys; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dsa.cpp b/cryptopp562/dsa.cpp deleted file mode 100644 index 5aace48..0000000 --- a/cryptopp562/dsa.cpp +++ /dev/null @@ -1,63 +0,0 @@ -// dsa.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "dsa.h" -#include "nbtheory.h" - -NAMESPACE_BEGIN(CryptoPP) - -size_t DSAConvertSignatureFormat(byte *buffer, size_t bufferSize, DSASignatureFormat toFormat, const byte *signature, size_t signatureLen, DSASignatureFormat fromFormat) -{ - Integer r, s; - StringStore store(signature, signatureLen); - ArraySink sink(buffer, bufferSize); - - switch (fromFormat) - { - case DSA_P1363: - r.Decode(store, signatureLen/2); - s.Decode(store, signatureLen/2); - break; - case DSA_DER: - { - BERSequenceDecoder seq(store); - r.BERDecode(seq); - s.BERDecode(seq); - seq.MessageEnd(); - break; - } - case DSA_OPENPGP: - r.OpenPGPDecode(store); - s.OpenPGPDecode(store); - break; - } - - switch (toFormat) - { - case DSA_P1363: - r.Encode(sink, bufferSize/2); - s.Encode(sink, bufferSize/2); - break; - case DSA_DER: - { - DERSequenceEncoder seq(sink); - r.DEREncode(seq); - s.DEREncode(seq); - seq.MessageEnd(); - break; - } - case DSA_OPENPGP: - r.OpenPGPEncode(sink); - s.OpenPGPEncode(sink); - break; - } - - return (size_t)sink.TotalPutLength(); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/dsa.h b/cryptopp562/dsa.h deleted file mode 100644 index 6ae0387..0000000 --- a/cryptopp562/dsa.h +++ /dev/null @@ -1,35 +0,0 @@ -#ifndef CRYPTOPP_DSA_H -#define CRYPTOPP_DSA_H - -/** \file -*/ - -#include "gfpcrypt.h" - -NAMESPACE_BEGIN(CryptoPP) - -/*! The DSA signature format used by Crypto++ is as defined by IEEE P1363. - Java uses the DER format, and OpenPGP uses the OpenPGP format. */ -enum DSASignatureFormat {DSA_P1363, DSA_DER, DSA_OPENPGP}; -/** This function converts between these formats, and returns length of signature in the target format. - If toFormat == DSA_P1363, bufferSize must equal publicKey.SignatureLength() */ -size_t DSAConvertSignatureFormat(byte *buffer, size_t bufferSize, DSASignatureFormat toFormat, - const byte *signature, size_t signatureLen, DSASignatureFormat fromFormat); - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - -typedef DSA::Signer DSAPrivateKey; -typedef DSA::Verifier DSAPublicKey; - -const int MIN_DSA_PRIME_LENGTH = DSA::MIN_PRIME_LENGTH; -const int MAX_DSA_PRIME_LENGTH = DSA::MAX_PRIME_LENGTH; -const int DSA_PRIME_LENGTH_MULTIPLE = DSA::PRIME_LENGTH_MULTIPLE; - -inline bool GenerateDSAPrimes(const byte *seed, size_t seedLength, int &counter, Integer &p, unsigned int primeLength, Integer &q) - {return DSA::GeneratePrimes(seed, seedLength, counter, p, primeLength, q);} - -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/eax.cpp b/cryptopp562/eax.cpp deleted file mode 100644 index cf83663..0000000 --- a/cryptopp562/eax.cpp +++ /dev/null @@ -1,59 +0,0 @@ -// eax.cpp - written and placed in the public domain by Wei Dai
-
-#include "pch.h"
-#include "eax.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-void EAX_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms)
-{
- AccessMAC().SetKey(userKey, keylength, params);
- m_buffer.New(2*AccessMAC().TagSize());
-}
-
-void EAX_Base::Resync(const byte *iv, size_t len)
-{
- MessageAuthenticationCode &mac = AccessMAC();
- unsigned int blockSize = mac.TagSize();
-
- memset(m_buffer, 0, blockSize);
- mac.Update(m_buffer, blockSize);
- mac.CalculateDigest(m_buffer+blockSize, iv, len);
-
- m_buffer[blockSize-1] = 1;
- mac.Update(m_buffer, blockSize);
-
- m_ctr.SetCipherWithIV(AccessMAC().AccessCipher(), m_buffer+blockSize, blockSize);
-}
-
-size_t EAX_Base::AuthenticateBlocks(const byte *data, size_t len)
-{
- AccessMAC().Update(data, len);
- return 0;
-}
-
-void EAX_Base::AuthenticateLastHeaderBlock()
-{
- assert(m_bufferedDataLength == 0);
- MessageAuthenticationCode &mac = AccessMAC();
- unsigned int blockSize = mac.TagSize();
-
- mac.Final(m_buffer);
- xorbuf(m_buffer+blockSize, m_buffer, blockSize);
-
- memset(m_buffer, 0, blockSize);
- m_buffer[blockSize-1] = 2;
- mac.Update(m_buffer, blockSize);
-}
-
-void EAX_Base::AuthenticateLastFooterBlock(byte *tag, size_t macSize)
-{
- assert(m_bufferedDataLength == 0);
- MessageAuthenticationCode &mac = AccessMAC();
- unsigned int blockSize = mac.TagSize();
-
- mac.TruncatedFinal(m_buffer, macSize);
- xorbuf(tag, m_buffer, m_buffer+blockSize, macSize);
-}
-
-NAMESPACE_END
diff --git a/cryptopp562/eax.h b/cryptopp562/eax.h deleted file mode 100644 index e48ee92..0000000 --- a/cryptopp562/eax.h +++ /dev/null @@ -1,91 +0,0 @@ -#ifndef CRYPTOPP_EAX_H -#define CRYPTOPP_EAX_H - -#include "authenc.h" -#include "modes.h" -#include "cmac.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! . -class CRYPTOPP_NO_VTABLE EAX_Base : public AuthenticatedSymmetricCipherBase -{ -public: - // AuthenticatedSymmetricCipher - std::string AlgorithmName() const - {return GetMAC().GetCipher().AlgorithmName() + std::string("/EAX");} - size_t MinKeyLength() const - {return GetMAC().MinKeyLength();} - size_t MaxKeyLength() const - {return GetMAC().MaxKeyLength();} - size_t DefaultKeyLength() const - {return GetMAC().DefaultKeyLength();} - size_t GetValidKeyLength(size_t n) const - {return GetMAC().GetValidKeyLength(n);} - bool IsValidKeyLength(size_t n) const - {return GetMAC().IsValidKeyLength(n);} - unsigned int OptimalDataAlignment() const - {return GetMAC().OptimalDataAlignment();} - IV_Requirement IVRequirement() const - {return UNIQUE_IV;} - unsigned int IVSize() const - {return GetMAC().TagSize();} - unsigned int MinIVLength() const - {return 0;} - unsigned int MaxIVLength() const - {return UINT_MAX;} - unsigned int DigestSize() const - {return GetMAC().TagSize();} - lword MaxHeaderLength() const - {return LWORD_MAX;} - lword MaxMessageLength() const - {return LWORD_MAX;} - -protected: - // AuthenticatedSymmetricCipherBase - bool AuthenticationIsOnPlaintext() const - {return false;} - unsigned int AuthenticationBlockSize() const - {return 1;} - void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms); - void Resync(const byte *iv, size_t len); - size_t AuthenticateBlocks(const byte *data, size_t len); - void AuthenticateLastHeaderBlock(); - void AuthenticateLastFooterBlock(byte *mac, size_t macSize); - SymmetricCipher & AccessSymmetricCipher() {return m_ctr;} - const CMAC_Base & GetMAC() const {return const_cast<EAX_Base *>(this)->AccessMAC();} - virtual CMAC_Base & AccessMAC() =0; - - CTR_Mode_ExternalCipher::Encryption m_ctr; -}; - -//! . -template <class T_BlockCipher, bool T_IsEncryption> -class EAX_Final : public EAX_Base -{ -public: - static std::string StaticAlgorithmName() - {return T_BlockCipher::StaticAlgorithmName() + std::string("/EAX");} - bool IsForwardTransformation() const - {return T_IsEncryption;} - -private: - CMAC_Base & AccessMAC() {return m_cmac;} - CMAC<T_BlockCipher> m_cmac; -}; - -#ifdef EAX // EAX is defined to 11 on GCC 3.4.3, OpenSolaris 8.11 -#undef EAX -#endif - -/// <a href="http://www.cryptolounge.org/wiki/EAX">EAX</a> -template <class T_BlockCipher> -struct EAX : public AuthenticatedSymmetricCipherDocumentation -{ - typedef EAX_Final<T_BlockCipher, true> Encryption; - typedef EAX_Final<T_BlockCipher, false> Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ec2n.cpp b/cryptopp562/ec2n.cpp deleted file mode 100644 index b513b2c..0000000 --- a/cryptopp562/ec2n.cpp +++ /dev/null @@ -1,292 +0,0 @@ -// ec2n.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "ec2n.h" -#include "asn.h" - -#include "algebra.cpp" -#include "eprecomp.cpp" - -NAMESPACE_BEGIN(CryptoPP) - -EC2N::EC2N(BufferedTransformation &bt) - : m_field(BERDecodeGF2NP(bt)) -{ - BERSequenceDecoder seq(bt); - m_field->BERDecodeElement(seq, m_a); - m_field->BERDecodeElement(seq, m_b); - // skip optional seed - if (!seq.EndReached()) - { - SecByteBlock seed; - unsigned int unused; - BERDecodeBitString(seq, seed, unused); - } - seq.MessageEnd(); -} - -void EC2N::DEREncode(BufferedTransformation &bt) const -{ - m_field->DEREncode(bt); - DERSequenceEncoder seq(bt); - m_field->DEREncodeElement(seq, m_a); - m_field->DEREncodeElement(seq, m_b); - seq.MessageEnd(); -} - -bool EC2N::DecodePoint(EC2N::Point &P, const byte *encodedPoint, size_t encodedPointLen) const -{ - StringStore store(encodedPoint, encodedPointLen); - return DecodePoint(P, store, encodedPointLen); -} - -bool EC2N::DecodePoint(EC2N::Point &P, BufferedTransformation &bt, size_t encodedPointLen) const -{ - byte type; - if (encodedPointLen < 1 || !bt.Get(type)) - return false; - - switch (type) - { - case 0: - P.identity = true; - return true; - case 2: - case 3: - { - if (encodedPointLen != EncodedPointSize(true)) - return false; - - P.identity = false; - P.x.Decode(bt, m_field->MaxElementByteLength()); - - if (P.x.IsZero()) - { - P.y = m_field->SquareRoot(m_b); - return true; - } - - FieldElement z = m_field->Square(P.x); - assert(P.x == m_field->SquareRoot(z)); - P.y = m_field->Divide(m_field->Add(m_field->Multiply(z, m_field->Add(P.x, m_a)), m_b), z); - assert(P.x == m_field->Subtract(m_field->Divide(m_field->Subtract(m_field->Multiply(P.y, z), m_b), z), m_a)); - z = m_field->SolveQuadraticEquation(P.y); - assert(m_field->Add(m_field->Square(z), z) == P.y); - z.SetCoefficient(0, type & 1); - - P.y = m_field->Multiply(z, P.x); - return true; - } - case 4: - { - if (encodedPointLen != EncodedPointSize(false)) - return false; - - unsigned int len = m_field->MaxElementByteLength(); - P.identity = false; - P.x.Decode(bt, len); - P.y.Decode(bt, len); - return true; - } - default: - return false; - } -} - -void EC2N::EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const -{ - if (P.identity) - NullStore().TransferTo(bt, EncodedPointSize(compressed)); - else if (compressed) - { - bt.Put(2 + (!P.x ? 0 : m_field->Divide(P.y, P.x).GetBit(0))); - P.x.Encode(bt, m_field->MaxElementByteLength()); - } - else - { - unsigned int len = m_field->MaxElementByteLength(); - bt.Put(4); // uncompressed - P.x.Encode(bt, len); - P.y.Encode(bt, len); - } -} - -void EC2N::EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const -{ - ArraySink sink(encodedPoint, EncodedPointSize(compressed)); - EncodePoint(sink, P, compressed); - assert(sink.TotalPutLength() == EncodedPointSize(compressed)); -} - -EC2N::Point EC2N::BERDecodePoint(BufferedTransformation &bt) const -{ - SecByteBlock str; - BERDecodeOctetString(bt, str); - Point P; - if (!DecodePoint(P, str, str.size())) - BERDecodeError(); - return P; -} - -void EC2N::DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const -{ - SecByteBlock str(EncodedPointSize(compressed)); - EncodePoint(str, P, compressed); - DEREncodeOctetString(bt, str); -} - -bool EC2N::ValidateParameters(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = !!m_b; - pass = pass && m_a.CoefficientCount() <= m_field->MaxElementBitLength(); - pass = pass && m_b.CoefficientCount() <= m_field->MaxElementBitLength(); - - if (level >= 1) - pass = pass && m_field->GetModulus().IsIrreducible(); - - return pass; -} - -bool EC2N::VerifyPoint(const Point &P) const -{ - const FieldElement &x = P.x, &y = P.y; - return P.identity || - (x.CoefficientCount() <= m_field->MaxElementBitLength() - && y.CoefficientCount() <= m_field->MaxElementBitLength() - && !(((x+m_a)*x*x+m_b-(x+y)*y)%m_field->GetModulus())); -} - -bool EC2N::Equal(const Point &P, const Point &Q) const -{ - if (P.identity && Q.identity) - return true; - - if (P.identity && !Q.identity) - return false; - - if (!P.identity && Q.identity) - return false; - - return (m_field->Equal(P.x,Q.x) && m_field->Equal(P.y,Q.y)); -} - -const EC2N::Point& EC2N::Identity() const -{ - return Singleton<Point>().Ref(); -} - -const EC2N::Point& EC2N::Inverse(const Point &P) const -{ - if (P.identity) - return P; - else - { - m_R.identity = false; - m_R.y = m_field->Add(P.x, P.y); - m_R.x = P.x; - return m_R; - } -} - -const EC2N::Point& EC2N::Add(const Point &P, const Point &Q) const -{ - if (P.identity) return Q; - if (Q.identity) return P; - if (Equal(P, Q)) return Double(P); - if (m_field->Equal(P.x, Q.x) && m_field->Equal(P.y, m_field->Add(Q.x, Q.y))) return Identity(); - - FieldElement t = m_field->Add(P.y, Q.y); - t = m_field->Divide(t, m_field->Add(P.x, Q.x)); - FieldElement x = m_field->Square(t); - m_field->Accumulate(x, t); - m_field->Accumulate(x, Q.x); - m_field->Accumulate(x, m_a); - m_R.y = m_field->Add(P.y, m_field->Multiply(t, x)); - m_field->Accumulate(x, P.x); - m_field->Accumulate(m_R.y, x); - - m_R.x.swap(x); - m_R.identity = false; - return m_R; -} - -const EC2N::Point& EC2N::Double(const Point &P) const -{ - if (P.identity) return P; - if (!m_field->IsUnit(P.x)) return Identity(); - - FieldElement t = m_field->Divide(P.y, P.x); - m_field->Accumulate(t, P.x); - m_R.y = m_field->Square(P.x); - m_R.x = m_field->Square(t); - m_field->Accumulate(m_R.x, t); - m_field->Accumulate(m_R.x, m_a); - m_field->Accumulate(m_R.y, m_field->Multiply(t, m_R.x)); - m_field->Accumulate(m_R.y, m_R.x); - - m_R.identity = false; - return m_R; -} - -// ******************************************************** - -/* -EcPrecomputation<EC2N>& EcPrecomputation<EC2N>::operator=(const EcPrecomputation<EC2N> &rhs) -{ - m_ec = rhs.m_ec; - m_ep = rhs.m_ep; - m_ep.m_group = m_ec.get(); - return *this; -} - -void EcPrecomputation<EC2N>::SetCurveAndBase(const EC2N &ec, const EC2N::Point &base) -{ - m_ec.reset(new EC2N(ec)); - m_ep.SetGroupAndBase(*m_ec, base); -} - -void EcPrecomputation<EC2N>::Precompute(unsigned int maxExpBits, unsigned int storage) -{ - m_ep.Precompute(maxExpBits, storage); -} - -void EcPrecomputation<EC2N>::Load(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - word32 version; - BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1); - m_ep.m_exponentBase.BERDecode(seq); - m_ep.m_windowSize = m_ep.m_exponentBase.BitCount() - 1; - m_ep.m_bases.clear(); - while (!seq.EndReached()) - m_ep.m_bases.push_back(m_ec->BERDecodePoint(seq)); - seq.MessageEnd(); -} - -void EcPrecomputation<EC2N>::Save(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - DEREncodeUnsigned<word32>(seq, 1); // version - m_ep.m_exponentBase.DEREncode(seq); - for (unsigned i=0; i<m_ep.m_bases.size(); i++) - m_ec->DEREncodePoint(seq, m_ep.m_bases[i]); - seq.MessageEnd(); -} - -EC2N::Point EcPrecomputation<EC2N>::Exponentiate(const Integer &exponent) const -{ - return m_ep.Exponentiate(exponent); -} - -EC2N::Point EcPrecomputation<EC2N>::CascadeExponentiate(const Integer &exponent, const DL_FixedBasePrecomputation<Element> &pc2, const Integer &exponent2) const -{ - return m_ep.CascadeExponentiate(exponent, static_cast<const EcPrecomputation<EC2N> &>(pc2).m_ep, exponent2); -} -*/ - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ec2n.h b/cryptopp562/ec2n.h deleted file mode 100644 index ae4007c..0000000 --- a/cryptopp562/ec2n.h +++ /dev/null @@ -1,113 +0,0 @@ -#ifndef CRYPTOPP_EC2N_H -#define CRYPTOPP_EC2N_H - -#include "gf2n.h" -#include "eprecomp.h" -#include "smartptr.h" -#include "pubkey.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Elliptic Curve Point -struct CRYPTOPP_DLL EC2NPoint -{ - EC2NPoint() : identity(true) {} - EC2NPoint(const PolynomialMod2 &x, const PolynomialMod2 &y) - : identity(false), x(x), y(y) {} - - bool operator==(const EC2NPoint &t) const - {return (identity && t.identity) || (!identity && !t.identity && x==t.x && y==t.y);} - bool operator< (const EC2NPoint &t) const - {return identity ? !t.identity : (!t.identity && (x<t.x || (x==t.x && y<t.y)));} - - bool identity; - PolynomialMod2 x, y; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<EC2NPoint>; - -//! Elliptic Curve over GF(2^n) -class CRYPTOPP_DLL EC2N : public AbstractGroup<EC2NPoint> -{ -public: - typedef GF2NP Field; - typedef Field::Element FieldElement; - typedef EC2NPoint Point; - - EC2N() {} - EC2N(const Field &field, const Field::Element &a, const Field::Element &b) - : m_field(field), m_a(a), m_b(b) {} - // construct from BER encoded parameters - // this constructor will decode and extract the the fields fieldID and curve of the sequence ECParameters - EC2N(BufferedTransformation &bt); - - // encode the fields fieldID and curve of the sequence ECParameters - void DEREncode(BufferedTransformation &bt) const; - - bool Equal(const Point &P, const Point &Q) const; - const Point& Identity() const; - const Point& Inverse(const Point &P) const; - bool InversionIsFast() const {return true;} - const Point& Add(const Point &P, const Point &Q) const; - const Point& Double(const Point &P) const; - - Point Multiply(const Integer &k, const Point &P) const - {return ScalarMultiply(P, k);} - Point CascadeMultiply(const Integer &k1, const Point &P, const Integer &k2, const Point &Q) const - {return CascadeScalarMultiply(P, k1, Q, k2);} - - bool ValidateParameters(RandomNumberGenerator &rng, unsigned int level=3) const; - bool VerifyPoint(const Point &P) const; - - unsigned int EncodedPointSize(bool compressed = false) const - {return 1 + (compressed?1:2)*m_field->MaxElementByteLength();} - // returns false if point is compressed and not valid (doesn't check if uncompressed) - bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const; - bool DecodePoint(Point &P, const byte *encodedPoint, size_t len) const; - void EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const; - void EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const; - - Point BERDecodePoint(BufferedTransformation &bt) const; - void DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const; - - Integer FieldSize() const {return Integer::Power2(m_field->MaxElementBitLength());} - const Field & GetField() const {return *m_field;} - const FieldElement & GetA() const {return m_a;} - const FieldElement & GetB() const {return m_b;} - - bool operator==(const EC2N &rhs) const - {return GetField() == rhs.GetField() && m_a == rhs.m_a && m_b == rhs.m_b;} - -private: - clonable_ptr<Field> m_field; - FieldElement m_a, m_b; - mutable Point m_R; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_FixedBasePrecomputationImpl<EC2N::Point>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupPrecomputation<EC2N::Point>; - -template <class T> class EcPrecomputation; - -//! EC2N precomputation -template<> class EcPrecomputation<EC2N> : public DL_GroupPrecomputation<EC2N::Point> -{ -public: - typedef EC2N EllipticCurve; - - // DL_GroupPrecomputation - const AbstractGroup<Element> & GetGroup() const {return m_ec;} - Element BERDecodeElement(BufferedTransformation &bt) const {return m_ec.BERDecodePoint(bt);} - void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {m_ec.DEREncodePoint(bt, v, false);} - - // non-inherited - void SetCurve(const EC2N &ec) {m_ec = ec;} - const EC2N & GetCurve() const {return m_ec;} - -private: - EC2N m_ec; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/eccrypto.cpp b/cryptopp562/eccrypto.cpp deleted file mode 100644 index 922104c..0000000 --- a/cryptopp562/eccrypto.cpp +++ /dev/null @@ -1,694 +0,0 @@ -// eccrypto.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "eccrypto.h" -#include "nbtheory.h" -#include "oids.h" -#include "hex.h" -#include "argnames.h" -#include "ec2n.h" - -NAMESPACE_BEGIN(CryptoPP) - -#if 0 -static void ECDSA_TestInstantiations() -{ - ECDSA<EC2N>::Signer t1; - ECDSA<EC2N>::Verifier t2(t1); - ECNR<ECP>::Signer t3; - ECNR<ECP>::Verifier t4(t3); - ECIES<ECP>::Encryptor t5; - ECIES<EC2N>::Decryptor t6; - ECDH<ECP>::Domain t7; - ECMQV<ECP>::Domain t8; -} -#endif - -// VC60 workaround: complains when these functions are put into an anonymous namespace -static Integer ConvertToInteger(const PolynomialMod2 &x) -{ - unsigned int l = x.ByteCount(); - SecByteBlock temp(l); - x.Encode(temp, l); - return Integer(temp, l); -} - -static inline Integer ConvertToInteger(const Integer &x) -{ - return x; -} - -static bool CheckMOVCondition(const Integer &q, const Integer &r) -{ - // see "Updated standards for validating elliptic curves", http://eprint.iacr.org/2007/343 - Integer t = 1; - unsigned int n = q.IsEven() ? 1 : q.BitCount(), m = r.BitCount(); - - for (unsigned int i=n; DiscreteLogWorkFactor(i)<m/2; i+=n) - { - if (q.IsEven()) - t = (t+t)%r; - else - t = (t*q)%r; - if (t == 1) - return false; - } - return true; -} - -// ****************************************************************** - -template <class T> struct EcRecommendedParameters; - -template<> struct EcRecommendedParameters<EC2N> -{ - EcRecommendedParameters(const OID &oid, unsigned int t2, unsigned int t3, unsigned int t4, const char *a, const char *b, const char *g, const char *n, unsigned int h) - : oid(oid), t0(0), t1(0), t2(t2), t3(t3), t4(t4), a(a), b(b), g(g), n(n), h(h) {} - EcRecommendedParameters(const OID &oid, unsigned int t0, unsigned int t1, unsigned int t2, unsigned int t3, unsigned int t4, const char *a, const char *b, const char *g, const char *n, unsigned int h) - : oid(oid), t0(t0), t1(t1), t2(t2), t3(t3), t4(t4), a(a), b(b), g(g), n(n), h(h) {} - EC2N *NewEC() const - { - StringSource ssA(a, true, new HexDecoder); - StringSource ssB(b, true, new HexDecoder); - if (t0 == 0) - return new EC2N(GF2NT(t2, t3, t4), EC2N::FieldElement(ssA, (size_t)ssA.MaxRetrievable()), EC2N::FieldElement(ssB, (size_t)ssB.MaxRetrievable())); - else - return new EC2N(GF2NPP(t0, t1, t2, t3, t4), EC2N::FieldElement(ssA, (size_t)ssA.MaxRetrievable()), EC2N::FieldElement(ssB, (size_t)ssB.MaxRetrievable())); - }; - - OID oid; - unsigned int t0, t1, t2, t3, t4; - const char *a, *b, *g, *n; - unsigned int h; -}; - -template<> struct EcRecommendedParameters<ECP> -{ - EcRecommendedParameters(const OID &oid, const char *p, const char *a, const char *b, const char *g, const char *n, unsigned int h) - : oid(oid), p(p), a(a), b(b), g(g), n(n), h(h) {} - ECP *NewEC() const - { - StringSource ssP(p, true, new HexDecoder); - StringSource ssA(a, true, new HexDecoder); - StringSource ssB(b, true, new HexDecoder); - return new ECP(Integer(ssP, (size_t)ssP.MaxRetrievable()), ECP::FieldElement(ssA, (size_t)ssA.MaxRetrievable()), ECP::FieldElement(ssB, (size_t)ssB.MaxRetrievable())); - }; - - OID oid; - const char *p; - const char *a, *b, *g, *n; - unsigned int h; -}; - -struct OIDLessThan -{ - template <typename T> - inline bool operator()(const EcRecommendedParameters<T>& a, const OID& b) {return a.oid < b;} - template <typename T> - inline bool operator()(const OID& a, const EcRecommendedParameters<T>& b) {return a < b.oid;} - template <typename T> - inline bool operator()(const EcRecommendedParameters<T>& a, const EcRecommendedParameters<T>& b) {return a.oid < b.oid;} -}; - -static void GetRecommendedParameters(const EcRecommendedParameters<EC2N> *&begin, const EcRecommendedParameters<EC2N> *&end) -{ - // this array must be sorted by OID - static const EcRecommendedParameters<EC2N> rec[] = { - EcRecommendedParameters<EC2N>(ASN1::sect163k1(), - 163, 7, 6, 3, 0, - "000000000000000000000000000000000000000001", - "000000000000000000000000000000000000000001", - "0402FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE80289070FB05D38FF58321F2E800536D538CCDAA3D9", - "04000000000000000000020108A2E0CC0D99F8A5EF", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect163r1(), - 163, 7, 6, 3, 0, - "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", - "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", - "040369979697AB43897789566789567F787A7876A65400435EDB42EFAFB2989D51FEFCE3C80988F41FF883", - "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect239k1(), - 239, 158, 0, - "000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000001", - "0429A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", - "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", - 4), - EcRecommendedParameters<EC2N>(ASN1::sect113r1(), - 113, 9, 0, - "003088250CA6E7C7FE649CE85820F7", - "00E8BEE4D3E2260744188BE0E9C723", - "04009D73616F35F4AB1407D73562C10F00A52830277958EE84D1315ED31886", - "0100000000000000D9CCEC8A39E56F", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect113r2(), - 113, 9, 0, - "00689918DBEC7E5A0DD6DFC0AA55C7", - "0095E9A9EC9B297BD4BF36E059184F", - "0401A57A6A7B26CA5EF52FCDB816479700B3ADC94ED1FE674C06E695BABA1D", - "010000000000000108789B2496AF93", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect163r2(), - 163, 7, 6, 3, 0, - "000000000000000000000000000000000000000001", - "020A601907B8C953CA1481EB10512F78744A3205FD", - "0403F0EBA16286A2D57EA0991168D4994637E8343E3600D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", - "040000000000000000000292FE77E70C12A4234C33", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect283k1(), - 283, 12, 7, 5, 0, - "000000000000000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000000000000000001", - "040503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC245849283601CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", - 4), - EcRecommendedParameters<EC2N>(ASN1::sect283r1(), - 283, 12, 7, 5, 0, - "000000000000000000000000000000000000000000000000000000000000000000000001", - "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", - "0405F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B1205303676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect131r1(), - 131, 8, 3, 2, 0, - "07A11B09A76B562144418FF3FF8C2570B8", - "0217C05610884B63B9C6C7291678F9D341", - "040081BAF91FDF9833C40F9C181343638399078C6E7EA38C001F73C8134B1B4EF9E150", - "0400000000000000023123953A9464B54D", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect131r2(), - 131, 8, 3, 2, 0, - "03E5A88919D7CAFCBF415F07C2176573B2", - "04B8266A46C55657AC734CE38F018F2192", - "040356DCD8F2F95031AD652D23951BB366A80648F06D867940A5366D9E265DE9EB240F", - "0400000000000000016954A233049BA98F", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect193r1(), - 193, 15, 0, - "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", - "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", - "0401F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E10025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", - "01000000000000000000000000C7F34A778F443ACC920EBA49", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect193r2(), - 193, 15, 0, - "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", - "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", - "0400D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", - "010000000000000000000000015AAB561B005413CCD4EE99D5", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect233k1(), - 233, 74, 0, - "000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000001", - "04017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD612601DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", - "8000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", - 4), - EcRecommendedParameters<EC2N>(ASN1::sect233r1(), - 233, 74, 0, - "000000000000000000000000000000000000000000000000000000000001", - "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", - "0400FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", - "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect409k1(), - 409, 87, 0, - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "040060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE902374601E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", - "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", - 4), - EcRecommendedParameters<EC2N>(ASN1::sect409r1(), - 409, 87, 0, - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", - "04015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A70061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", - "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", - 2), - EcRecommendedParameters<EC2N>(ASN1::sect571k1(), - 571, 10, 5, 2, 0, - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "04026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C89720349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", - "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", - 4), - EcRecommendedParameters<EC2N>(ASN1::sect571r1(), - 571, 10, 5, 2, 0, - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", - "040303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", - 2), - }; - begin = rec; - end = rec + sizeof(rec)/sizeof(rec[0]); -} - -static void GetRecommendedParameters(const EcRecommendedParameters<ECP> *&begin, const EcRecommendedParameters<ECP> *&end) -{ - // this array must be sorted by OID - static const EcRecommendedParameters<ECP> rec[] = { - EcRecommendedParameters<ECP>(ASN1::secp192r1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", - "04188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF101207192B95FFC8DA78631011ED6B24CDD573F977A11E794811", - "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", - 1), - EcRecommendedParameters<ECP>(ASN1::secp256r1(), - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", - "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", - "046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", - "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP160r1(), - "E95E4A5F737059DC60DFC7AD95B3D8139515620F", - "340E7BE2A280EB74E2BE61BADA745D97E8F7C300", - "1E589A8595423412134FAA2DBDEC95C8D8675E58", - "04BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC31667CB477A1A8EC338F94741669C976316DA6321", - "E95E4A5F737059DC60DF5991D45029409E60FC09", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP192r1(), - "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", - "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", - "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", - "04C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD614B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F", - "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP224r1(), - "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", - "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", - "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", - "040D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD", - "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP256r1(), - "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", - "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", - "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", - "048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", - "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP320r1(), - "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", - "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", - "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", - "0443BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E2061114FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1", - "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP384r1(), - "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", - "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", - "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", - "041D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", - "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", - 1), - EcRecommendedParameters<ECP>(ASN1::brainpoolP512r1(), - "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", - "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", - "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", - "0481AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F8227DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", - "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", - 1), - EcRecommendedParameters<ECP>(ASN1::secp112r1(), - "DB7C2ABF62E35E668076BEAD208B", - "DB7C2ABF62E35E668076BEAD2088", - "659EF8BA043916EEDE8911702B22", - "0409487239995A5EE76B55F9C2F098A89CE5AF8724C0A23E0E0FF77500", - "DB7C2ABF62E35E7628DFAC6561C5", - 1), - EcRecommendedParameters<ECP>(ASN1::secp112r2(), - "DB7C2ABF62E35E668076BEAD208B", - "6127C24C05F38A0AAAF65C0EF02C", - "51DEF1815DB5ED74FCC34C85D709", - "044BA30AB5E892B4E1649DD0928643ADCD46F5882E3747DEF36E956E97", - "36DF0AAFD8B8D7597CA10520D04B", - 4), - EcRecommendedParameters<ECP>(ASN1::secp160r1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", - "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", - "044A96B5688EF573284664698968C38BB913CBFC8223A628553168947D59DCC912042351377AC5FB32", - "0100000000000000000001F4C8F927AED3CA752257", - 1), - EcRecommendedParameters<ECP>(ASN1::secp160k1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "0000000000000000000000000000000000000000", - "0000000000000000000000000000000000000007", - "043B4C382CE37AA192A4019E763036F4F5DD4D7EBB938CF935318FDCED6BC28286531733C3F03C4FEE", - "0100000000000000000001B8FA16DFAB9ACA16B6B3", - 1), - EcRecommendedParameters<ECP>(ASN1::secp256k1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", - "0000000000000000000000000000000000000000000000000000000000000000", - "0000000000000000000000000000000000000000000000000000000000000007", - "0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", - 1), - EcRecommendedParameters<ECP>(ASN1::secp128r1(), - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", - "E87579C11079F43DD824993C2CEE5ED3", - "04161FF7528B899B2D0C28607CA52C5B86CF5AC8395BAFEB13C02DA292DDED7A83", - "FFFFFFFE0000000075A30D1B9038A115", - 1), - EcRecommendedParameters<ECP>(ASN1::secp128r2(), - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "D6031998D1B3BBFEBF59CC9BBFF9AEE1", - "5EEEFCA380D02919DC2C6558BB6D8A5D", - "047B6AA5D85E572983E6FB32A7CDEBC14027B6916A894D3AEE7106FE805FC34B44", - "3FFFFFFF7FFFFFFFBE0024720613B5A3", - 4), - EcRecommendedParameters<ECP>(ASN1::secp160r2(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", - "B4E134D3FB59EB8BAB57274904664D5AF50388BA", - "0452DCB034293A117E1F4FF11B30F7199D3144CE6DFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", - "0100000000000000000000351EE786A818F3A1A16B", - 1), - EcRecommendedParameters<ECP>(ASN1::secp192k1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", - "000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000003", - "04DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", - "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", - 1), - EcRecommendedParameters<ECP>(ASN1::secp224k1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", - "00000000000000000000000000000000000000000000000000000000", - "00000000000000000000000000000000000000000000000000000005", - "04A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", - "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", - 1), - EcRecommendedParameters<ECP>(ASN1::secp224r1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - "04B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", - 1), - EcRecommendedParameters<ECP>(ASN1::secp384r1(), - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", - "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", - "04AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB73617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", - 1), - EcRecommendedParameters<ECP>(ASN1::secp521r1(), - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", - "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", - "0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", - 1), - }; - begin = rec; - end = rec + sizeof(rec)/sizeof(rec[0]); -} - -template <class EC> OID DL_GroupParameters_EC<EC>::GetNextRecommendedParametersOID(const OID &oid) -{ - const EcRecommendedParameters<EllipticCurve> *begin, *end; - GetRecommendedParameters(begin, end); - const EcRecommendedParameters<EllipticCurve> *it = std::upper_bound(begin, end, oid, OIDLessThan()); - return (it == end ? OID() : it->oid); -} - -template <class EC> void DL_GroupParameters_EC<EC>::Initialize(const OID &oid) -{ - const EcRecommendedParameters<EllipticCurve> *begin, *end; - GetRecommendedParameters(begin, end); - const EcRecommendedParameters<EllipticCurve> *it = std::lower_bound(begin, end, oid, OIDLessThan()); - if (it == end || it->oid != oid) - throw UnknownOID(); - - const EcRecommendedParameters<EllipticCurve> ¶m = *it; - m_oid = oid; - std::auto_ptr<EllipticCurve> ec(param.NewEC()); - this->m_groupPrecomputation.SetCurve(*ec); - - StringSource ssG(param.g, true, new HexDecoder); - Element G; - bool result = GetCurve().DecodePoint(G, ssG, (size_t)ssG.MaxRetrievable()); - this->SetSubgroupGenerator(G); - assert(result); - - StringSource ssN(param.n, true, new HexDecoder); - m_n.Decode(ssN, (size_t)ssN.MaxRetrievable()); - m_k = param.h; -} - -template <class EC> -bool DL_GroupParameters_EC<EC>::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - if (strcmp(name, Name::GroupOID()) == 0) - { - if (m_oid.m_values.empty()) - return false; - - this->ThrowIfTypeMismatch(name, typeid(OID), valueType); - *reinterpret_cast<OID *>(pValue) = m_oid; - return true; - } - else - return GetValueHelper<DL_GroupParameters<Element> >(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Curve); -} - -template <class EC> -void DL_GroupParameters_EC<EC>::AssignFrom(const NameValuePairs &source) -{ - OID oid; - if (source.GetValue(Name::GroupOID(), oid)) - Initialize(oid); - else - { - EllipticCurve ec; - Point G; - Integer n; - - source.GetRequiredParameter("DL_GroupParameters_EC<EC>", Name::Curve(), ec); - source.GetRequiredParameter("DL_GroupParameters_EC<EC>", Name::SubgroupGenerator(), G); - source.GetRequiredParameter("DL_GroupParameters_EC<EC>", Name::SubgroupOrder(), n); - Integer k = source.GetValueWithDefault(Name::Cofactor(), Integer::Zero()); - - Initialize(ec, G, n, k); - } -} - -template <class EC> -void DL_GroupParameters_EC<EC>::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - try - { - AssignFrom(alg); - } - catch (InvalidArgument &) - { - throw NotImplemented("DL_GroupParameters_EC<EC>: curve generation is not implemented yet"); - } -} - -template <class EC> -void DL_GroupParameters_EC<EC>::BERDecode(BufferedTransformation &bt) -{ - byte b; - if (!bt.Peek(b)) - BERDecodeError(); - if (b == OBJECT_IDENTIFIER) - Initialize(OID(bt)); - else - { - BERSequenceDecoder seq(bt); - word32 version; - BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1); // check version - EllipticCurve ec(seq); - Point G = ec.BERDecodePoint(seq); - Integer n(seq); - Integer k; - bool cofactorPresent = !seq.EndReached(); - if (cofactorPresent) - k.BERDecode(seq); - else - k = Integer::Zero(); - seq.MessageEnd(); - - Initialize(ec, G, n, k); - } -} - -template <class EC> -void DL_GroupParameters_EC<EC>::DEREncode(BufferedTransformation &bt) const -{ - if (m_encodeAsOID && !m_oid.m_values.empty()) - m_oid.DEREncode(bt); - else - { - DERSequenceEncoder seq(bt); - DEREncodeUnsigned<word32>(seq, 1); // version - GetCurve().DEREncode(seq); - GetCurve().DEREncodePoint(seq, this->GetSubgroupGenerator(), m_compress); - m_n.DEREncode(seq); - if (m_k.NotZero()) - m_k.DEREncode(seq); - seq.MessageEnd(); - } -} - -template <class EC> -Integer DL_GroupParameters_EC<EC>::GetCofactor() const -{ - if (!m_k) - { - Integer q = GetCurve().FieldSize(); - Integer qSqrt = q.SquareRoot(); - m_k = (q+2*qSqrt+1)/m_n; - } - - return m_k; -} - -template <class EC> -Integer DL_GroupParameters_EC<EC>::ConvertElementToInteger(const Element &element) const -{ - return ConvertToInteger(element.x); -}; - -template <class EC> -bool DL_GroupParameters_EC<EC>::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = GetCurve().ValidateParameters(rng, level); - - Integer q = GetCurve().FieldSize(); - pass = pass && m_n!=q; - - if (level >= 2) - { - Integer qSqrt = q.SquareRoot(); - pass = pass && m_n>4*qSqrt; - pass = pass && VerifyPrime(rng, m_n, level-2); - pass = pass && (m_k.IsZero() || m_k == (q+2*qSqrt+1)/m_n); - pass = pass && CheckMOVCondition(q, m_n); - } - - return pass; -} - -template <class EC> -bool DL_GroupParameters_EC<EC>::ValidateElement(unsigned int level, const Element &g, const DL_FixedBasePrecomputation<Element> *gpc) const -{ - bool pass = !IsIdentity(g) && GetCurve().VerifyPoint(g); - if (level >= 1) - { - if (gpc) - pass = pass && gpc->Exponentiate(this->GetGroupPrecomputation(), Integer::One()) == g; - } - if (level >= 2 && pass) - { - const Integer &q = GetSubgroupOrder(); - Element gq = gpc ? gpc->Exponentiate(this->GetGroupPrecomputation(), q) : this->ExponentiateElement(g, q); - pass = pass && IsIdentity(gq); - } - return pass; -} - -template <class EC> -void DL_GroupParameters_EC<EC>::SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const -{ - GetCurve().SimultaneousMultiply(results, base, exponents, exponentsCount); -} - -template <class EC> -CPP_TYPENAME DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::MultiplyElements(const Element &a, const Element &b) const -{ - return GetCurve().Add(a, b); -} - -template <class EC> -CPP_TYPENAME DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const -{ - return GetCurve().CascadeMultiply(exponent1, element1, exponent2, element2); -} - -template <class EC> -OID DL_GroupParameters_EC<EC>::GetAlgorithmID() const -{ - return ASN1::id_ecPublicKey(); -} - -// ****************************************************************** - -template <class EC> -void DL_PublicKey_EC<EC>::BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size) -{ - typename EC::Point P; - if (!this->GetGroupParameters().GetCurve().DecodePoint(P, bt, size)) - BERDecodeError(); - this->SetPublicElement(P); -} - -template <class EC> -void DL_PublicKey_EC<EC>::DEREncodePublicKey(BufferedTransformation &bt) const -{ - this->GetGroupParameters().GetCurve().EncodePoint(bt, this->GetPublicElement(), this->GetGroupParameters().GetPointCompression()); -} - -// ****************************************************************** - -template <class EC> -void DL_PrivateKey_EC<EC>::BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size) -{ - BERSequenceDecoder seq(bt); - word32 version; - BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1); // check version - - BERGeneralDecoder dec(seq, OCTET_STRING); - if (!dec.IsDefiniteLength()) - BERDecodeError(); - Integer x; - x.Decode(dec, (size_t)dec.RemainingLength()); - dec.MessageEnd(); - if (!parametersPresent && seq.PeekByte() != (CONTEXT_SPECIFIC | CONSTRUCTED | 0)) - BERDecodeError(); - if (!seq.EndReached() && seq.PeekByte() == (CONTEXT_SPECIFIC | CONSTRUCTED | 0)) - { - BERGeneralDecoder parameters(seq, CONTEXT_SPECIFIC | CONSTRUCTED | 0); - this->AccessGroupParameters().BERDecode(parameters); - parameters.MessageEnd(); - } - if (!seq.EndReached()) - { - // skip over the public element - SecByteBlock subjectPublicKey; - unsigned int unusedBits; - BERGeneralDecoder publicKey(seq, CONTEXT_SPECIFIC | CONSTRUCTED | 1); - BERDecodeBitString(publicKey, subjectPublicKey, unusedBits); - publicKey.MessageEnd(); - Element Q; - if (!(unusedBits == 0 && this->GetGroupParameters().GetCurve().DecodePoint(Q, subjectPublicKey, subjectPublicKey.size()))) - BERDecodeError(); - } - seq.MessageEnd(); - - this->SetPrivateExponent(x); -} - -template <class EC> -void DL_PrivateKey_EC<EC>::DEREncodePrivateKey(BufferedTransformation &bt) const -{ - DERSequenceEncoder privateKey(bt); - DEREncodeUnsigned<word32>(privateKey, 1); // version - // SEC 1 ver 1.0 says privateKey (m_d) has the same length as order of the curve - // this will be changed to order of base point in a future version - this->GetPrivateExponent().DEREncodeAsOctetString(privateKey, this->GetGroupParameters().GetSubgroupOrder().ByteCount()); - privateKey.MessageEnd(); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/eccrypto.h b/cryptopp562/eccrypto.h deleted file mode 100644 index 3530455..0000000 --- a/cryptopp562/eccrypto.h +++ /dev/null @@ -1,280 +0,0 @@ -#ifndef CRYPTOPP_ECCRYPTO_H -#define CRYPTOPP_ECCRYPTO_H - -/*! \file -*/ - -#include "pubkey.h" -#include "integer.h" -#include "asn.h" -#include "hmac.h" -#include "sha.h" -#include "gfpcrypt.h" -#include "dh.h" -#include "mqv.h" -#include "ecp.h" -#include "ec2n.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Elliptic Curve Parameters -/*! This class corresponds to the ASN.1 sequence of the same name - in ANSI X9.62 (also SEC 1). -*/ -template <class EC> -class DL_GroupParameters_EC : public DL_GroupParametersImpl<EcPrecomputation<EC> > -{ - typedef DL_GroupParameters_EC<EC> ThisClass; - -public: - typedef EC EllipticCurve; - typedef typename EllipticCurve::Point Point; - typedef Point Element; - typedef IncompatibleCofactorMultiplication DefaultCofactorOption; - - DL_GroupParameters_EC() : m_compress(false), m_encodeAsOID(false) {} - DL_GroupParameters_EC(const OID &oid) - : m_compress(false), m_encodeAsOID(false) {Initialize(oid);} - DL_GroupParameters_EC(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero()) - : m_compress(false), m_encodeAsOID(false) {Initialize(ec, G, n, k);} - DL_GroupParameters_EC(BufferedTransformation &bt) - : m_compress(false), m_encodeAsOID(false) {BERDecode(bt);} - - void Initialize(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero()) - { - this->m_groupPrecomputation.SetCurve(ec); - this->SetSubgroupGenerator(G); - m_n = n; - m_k = k; - } - void Initialize(const OID &oid); - - // NameValuePairs - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - // GeneratibleCryptoMaterial interface - //! this implementation doesn't actually generate a curve, it just initializes the parameters with existing values - /*! parameters: (Curve, SubgroupGenerator, SubgroupOrder, Cofactor (optional)), or (GroupOID) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - - // DL_GroupParameters - const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return this->m_gpc;} - DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return this->m_gpc;} - const Integer & GetSubgroupOrder() const {return m_n;} - Integer GetCofactor() const; - bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const; - bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation<Element> *precomp) const; - bool FastSubgroupCheckAvailable() const {return false;} - void EncodeElement(bool reversible, const Element &element, byte *encoded) const - { - if (reversible) - GetCurve().EncodePoint(encoded, element, m_compress); - else - element.x.Encode(encoded, GetEncodedElementSize(false)); - } - unsigned int GetEncodedElementSize(bool reversible) const - { - if (reversible) - return GetCurve().EncodedPointSize(m_compress); - else - return GetCurve().GetField().MaxElementByteLength(); - } - Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const - { - Point result; - if (!GetCurve().DecodePoint(result, encoded, GetEncodedElementSize(true))) - throw DL_BadElement(); - if (checkForGroupMembership && !ValidateElement(1, result, NULL)) - throw DL_BadElement(); - return result; - } - Integer ConvertElementToInteger(const Element &element) const; - Integer GetMaxExponent() const {return GetSubgroupOrder()-1;} - bool IsIdentity(const Element &element) const {return element.identity;} - void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; - static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "EC";} - - // ASN1Key - OID GetAlgorithmID() const; - - // used by MQV - Element MultiplyElements(const Element &a, const Element &b) const; - Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const; - - // non-inherited - - // enumerate OIDs for recommended parameters, use OID() to get first one - static OID CRYPTOPP_API GetNextRecommendedParametersOID(const OID &oid); - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - void SetPointCompression(bool compress) {m_compress = compress;} - bool GetPointCompression() const {return m_compress;} - - void SetEncodeAsOID(bool encodeAsOID) {m_encodeAsOID = encodeAsOID;} - bool GetEncodeAsOID() const {return m_encodeAsOID;} - - const EllipticCurve& GetCurve() const {return this->m_groupPrecomputation.GetCurve();} - - bool operator==(const ThisClass &rhs) const - {return this->m_groupPrecomputation.GetCurve() == rhs.m_groupPrecomputation.GetCurve() && this->m_gpc.GetBase(this->m_groupPrecomputation) == rhs.m_gpc.GetBase(rhs.m_groupPrecomputation);} - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - const Point& GetBasePoint() const {return GetSubgroupGenerator();} - const Integer& GetBasePointOrder() const {return GetSubgroupOrder();} - void LoadRecommendedParameters(const OID &oid) {Initialize(oid);} -#endif - -protected: - unsigned int FieldElementLength() const {return GetCurve().GetField().MaxElementByteLength();} - unsigned int ExponentLength() const {return m_n.ByteCount();} - - OID m_oid; // set if parameters loaded from a recommended curve - Integer m_n; // order of base point - bool m_compress, m_encodeAsOID; - mutable Integer m_k; // cofactor -}; - -//! EC public key -template <class EC> -class DL_PublicKey_EC : public DL_PublicKeyImpl<DL_GroupParameters_EC<EC> > -{ -public: - typedef typename EC::Point Element; - - void Initialize(const DL_GroupParameters_EC<EC> ¶ms, const Element &Q) - {this->AccessGroupParameters() = params; this->SetPublicElement(Q);} - void Initialize(const EC &ec, const Element &G, const Integer &n, const Element &Q) - {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPublicElement(Q);} - - // X509PublicKey - void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size); - void DEREncodePublicKey(BufferedTransformation &bt) const; -}; - -//! EC private key -template <class EC> -class DL_PrivateKey_EC : public DL_PrivateKeyImpl<DL_GroupParameters_EC<EC> > -{ -public: - typedef typename EC::Point Element; - - void Initialize(const DL_GroupParameters_EC<EC> ¶ms, const Integer &x) - {this->AccessGroupParameters() = params; this->SetPrivateExponent(x);} - void Initialize(const EC &ec, const Element &G, const Integer &n, const Integer &x) - {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPrivateExponent(x);} - void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC<EC> ¶ms) - {this->GenerateRandom(rng, params);} - void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n) - {this->GenerateRandom(rng, DL_GroupParameters_EC<EC>(ec, G, n));} - - // PKCS8PrivateKey - void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size); - void DEREncodePrivateKey(BufferedTransformation &bt) const; -}; - -//! Elliptic Curve Diffie-Hellman, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECDH">ECDH</a> -template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption> -struct ECDH -{ - typedef DH_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain; -}; - -/// Elliptic Curve Menezes-Qu-Vanstone, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECMQV">ECMQV</a> -template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption> -struct ECMQV -{ - typedef MQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain; -}; - -//! EC keys -template <class EC> -struct DL_Keys_EC -{ - typedef DL_PublicKey_EC<EC> PublicKey; - typedef DL_PrivateKey_EC<EC> PrivateKey; -}; - -template <class EC, class H> -struct ECDSA; - -//! ECDSA keys -template <class EC> -struct DL_Keys_ECDSA -{ - typedef DL_PublicKey_EC<EC> PublicKey; - typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC>, ECDSA<EC, SHA256> > PrivateKey; -}; - -//! ECDSA algorithm -template <class EC> -class DL_Algorithm_ECDSA : public DL_Algorithm_GDSA<typename EC::Point> -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECDSA";} -}; - -//! ECNR algorithm -template <class EC> -class DL_Algorithm_ECNR : public DL_Algorithm_NR<typename EC::Point> -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECNR";} -}; - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#ECDSA">ECDSA</a> -template <class EC, class H> -struct ECDSA : public DL_SS<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, DL_SignatureMessageEncodingMethod_DSA, H> -{ -}; - -//! ECNR -template <class EC, class H = SHA> -struct ECNR : public DL_SS<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, DL_SignatureMessageEncodingMethod_NR, H> -{ -}; - -//! Elliptic Curve Integrated Encryption Scheme, AKA <a href="http://www.weidai.com/scan-mirror/ca.html#ECIES">ECIES</a> -/*! Default to (NoCofactorMultiplication and DHAES_MODE = false) for compatibilty with SEC1 and Crypto++ 4.2. - The combination of (IncompatibleCofactorMultiplication and DHAES_MODE = true) is recommended for best - efficiency and security. */ -template <class EC, class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = false> -struct ECIES - : public DL_ES< - DL_Keys_EC<EC>, - DL_KeyAgreementAlgorithm_DH<typename EC::Point, COFACTOR_OPTION>, - DL_KeyDerivationAlgorithm_P1363<typename EC::Point, DHAES_MODE, P1363_KDF2<SHA1> >, - DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>, - ECIES<EC> > -{ - static std::string CRYPTOPP_API StaticAlgorithmName() {return "ECIES";} // TODO: fix this after name is standardized -}; - -NAMESPACE_END - -#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES -#include "eccrypto.cpp" -#endif - -NAMESPACE_BEGIN(CryptoPP) - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC<ECP>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC<EC2N>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl<DL_GroupParameters_EC<ECP> >; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl<DL_GroupParameters_EC<EC2N> >; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC<ECP>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC<EC2N>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl<DL_GroupParameters_EC<ECP> >; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl<DL_GroupParameters_EC<EC2N> >; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC<ECP>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC<EC2N>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<ECP::Point>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<EC2N::Point>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<ECP>, ECDSA<ECP, SHA256> >; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC2N>, ECDSA<EC2N, SHA256> >; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ecp.cpp b/cryptopp562/ecp.cpp deleted file mode 100644 index 55a7cc1..0000000 --- a/cryptopp562/ecp.cpp +++ /dev/null @@ -1,473 +0,0 @@ -// ecp.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "ecp.h" -#include "asn.h" -#include "nbtheory.h" - -#include "algebra.cpp" - -NAMESPACE_BEGIN(CryptoPP) - -ANONYMOUS_NAMESPACE_BEGIN -static inline ECP::Point ToMontgomery(const ModularArithmetic &mr, const ECP::Point &P) -{ - return P.identity ? P : ECP::Point(mr.ConvertIn(P.x), mr.ConvertIn(P.y)); -} - -static inline ECP::Point FromMontgomery(const ModularArithmetic &mr, const ECP::Point &P) -{ - return P.identity ? P : ECP::Point(mr.ConvertOut(P.x), mr.ConvertOut(P.y)); -} -NAMESPACE_END - -ECP::ECP(const ECP &ecp, bool convertToMontgomeryRepresentation) -{ - if (convertToMontgomeryRepresentation && !ecp.GetField().IsMontgomeryRepresentation()) - { - m_fieldPtr.reset(new MontgomeryRepresentation(ecp.GetField().GetModulus())); - m_a = GetField().ConvertIn(ecp.m_a); - m_b = GetField().ConvertIn(ecp.m_b); - } - else - operator=(ecp); -} - -ECP::ECP(BufferedTransformation &bt) - : m_fieldPtr(new Field(bt)) -{ - BERSequenceDecoder seq(bt); - GetField().BERDecodeElement(seq, m_a); - GetField().BERDecodeElement(seq, m_b); - // skip optional seed - if (!seq.EndReached()) - { - SecByteBlock seed; - unsigned int unused; - BERDecodeBitString(seq, seed, unused); - } - seq.MessageEnd(); -} - -void ECP::DEREncode(BufferedTransformation &bt) const -{ - GetField().DEREncode(bt); - DERSequenceEncoder seq(bt); - GetField().DEREncodeElement(seq, m_a); - GetField().DEREncodeElement(seq, m_b); - seq.MessageEnd(); -} - -bool ECP::DecodePoint(ECP::Point &P, const byte *encodedPoint, size_t encodedPointLen) const -{ - StringStore store(encodedPoint, encodedPointLen); - return DecodePoint(P, store, encodedPointLen); -} - -bool ECP::DecodePoint(ECP::Point &P, BufferedTransformation &bt, size_t encodedPointLen) const -{ - byte type; - if (encodedPointLen < 1 || !bt.Get(type)) - return false; - - switch (type) - { - case 0: - P.identity = true; - return true; - case 2: - case 3: - { - if (encodedPointLen != EncodedPointSize(true)) - return false; - - Integer p = FieldSize(); - - P.identity = false; - P.x.Decode(bt, GetField().MaxElementByteLength()); - P.y = ((P.x*P.x+m_a)*P.x+m_b) % p; - - if (Jacobi(P.y, p) !=1) - return false; - - P.y = ModularSquareRoot(P.y, p); - - if ((type & 1) != P.y.GetBit(0)) - P.y = p-P.y; - - return true; - } - case 4: - { - if (encodedPointLen != EncodedPointSize(false)) - return false; - - unsigned int len = GetField().MaxElementByteLength(); - P.identity = false; - P.x.Decode(bt, len); - P.y.Decode(bt, len); - return true; - } - default: - return false; - } -} - -void ECP::EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const -{ - if (P.identity) - NullStore().TransferTo(bt, EncodedPointSize(compressed)); - else if (compressed) - { - bt.Put(2 + P.y.GetBit(0)); - P.x.Encode(bt, GetField().MaxElementByteLength()); - } - else - { - unsigned int len = GetField().MaxElementByteLength(); - bt.Put(4); // uncompressed - P.x.Encode(bt, len); - P.y.Encode(bt, len); - } -} - -void ECP::EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const -{ - ArraySink sink(encodedPoint, EncodedPointSize(compressed)); - EncodePoint(sink, P, compressed); - assert(sink.TotalPutLength() == EncodedPointSize(compressed)); -} - -ECP::Point ECP::BERDecodePoint(BufferedTransformation &bt) const -{ - SecByteBlock str; - BERDecodeOctetString(bt, str); - Point P; - if (!DecodePoint(P, str, str.size())) - BERDecodeError(); - return P; -} - -void ECP::DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const -{ - SecByteBlock str(EncodedPointSize(compressed)); - EncodePoint(str, P, compressed); - DEREncodeOctetString(bt, str); -} - -bool ECP::ValidateParameters(RandomNumberGenerator &rng, unsigned int level) const -{ - Integer p = FieldSize(); - - bool pass = p.IsOdd(); - pass = pass && !m_a.IsNegative() && m_a<p && !m_b.IsNegative() && m_b<p; - - if (level >= 1) - pass = pass && ((4*m_a*m_a*m_a+27*m_b*m_b)%p).IsPositive(); - - if (level >= 2) - pass = pass && VerifyPrime(rng, p); - - return pass; -} - -bool ECP::VerifyPoint(const Point &P) const -{ - const FieldElement &x = P.x, &y = P.y; - Integer p = FieldSize(); - return P.identity || - (!x.IsNegative() && x<p && !y.IsNegative() && y<p - && !(((x*x+m_a)*x+m_b-y*y)%p)); -} - -bool ECP::Equal(const Point &P, const Point &Q) const -{ - if (P.identity && Q.identity) - return true; - - if (P.identity && !Q.identity) - return false; - - if (!P.identity && Q.identity) - return false; - - return (GetField().Equal(P.x,Q.x) && GetField().Equal(P.y,Q.y)); -} - -const ECP::Point& ECP::Identity() const -{ - return Singleton<Point>().Ref(); -} - -const ECP::Point& ECP::Inverse(const Point &P) const -{ - if (P.identity) - return P; - else - { - m_R.identity = false; - m_R.x = P.x; - m_R.y = GetField().Inverse(P.y); - return m_R; - } -} - -const ECP::Point& ECP::Add(const Point &P, const Point &Q) const -{ - if (P.identity) return Q; - if (Q.identity) return P; - if (GetField().Equal(P.x, Q.x)) - return GetField().Equal(P.y, Q.y) ? Double(P) : Identity(); - - FieldElement t = GetField().Subtract(Q.y, P.y); - t = GetField().Divide(t, GetField().Subtract(Q.x, P.x)); - FieldElement x = GetField().Subtract(GetField().Subtract(GetField().Square(t), P.x), Q.x); - m_R.y = GetField().Subtract(GetField().Multiply(t, GetField().Subtract(P.x, x)), P.y); - - m_R.x.swap(x); - m_R.identity = false; - return m_R; -} - -const ECP::Point& ECP::Double(const Point &P) const -{ - if (P.identity || P.y==GetField().Identity()) return Identity(); - - FieldElement t = GetField().Square(P.x); - t = GetField().Add(GetField().Add(GetField().Double(t), t), m_a); - t = GetField().Divide(t, GetField().Double(P.y)); - FieldElement x = GetField().Subtract(GetField().Subtract(GetField().Square(t), P.x), P.x); - m_R.y = GetField().Subtract(GetField().Multiply(t, GetField().Subtract(P.x, x)), P.y); - - m_R.x.swap(x); - m_R.identity = false; - return m_R; -} - -template <class T, class Iterator> void ParallelInvert(const AbstractRing<T> &ring, Iterator begin, Iterator end) -{ - size_t n = end-begin; - if (n == 1) - *begin = ring.MultiplicativeInverse(*begin); - else if (n > 1) - { - std::vector<T> vec((n+1)/2); - unsigned int i; - Iterator it; - - for (i=0, it=begin; i<n/2; i++, it+=2) - vec[i] = ring.Multiply(*it, *(it+1)); - if (n%2 == 1) - vec[n/2] = *it; - - ParallelInvert(ring, vec.begin(), vec.end()); - - for (i=0, it=begin; i<n/2; i++, it+=2) - { - if (!vec[i]) - { - *it = ring.MultiplicativeInverse(*it); - *(it+1) = ring.MultiplicativeInverse(*(it+1)); - } - else - { - std::swap(*it, *(it+1)); - *it = ring.Multiply(*it, vec[i]); - *(it+1) = ring.Multiply(*(it+1), vec[i]); - } - } - if (n%2 == 1) - *it = vec[n/2]; - } -} - -struct ProjectivePoint -{ - ProjectivePoint() {} - ProjectivePoint(const Integer &x, const Integer &y, const Integer &z) - : x(x), y(y), z(z) {} - - Integer x,y,z; -}; - -class ProjectiveDoubling -{ -public: - ProjectiveDoubling(const ModularArithmetic &mr, const Integer &m_a, const Integer &m_b, const ECPPoint &Q) - : mr(mr), firstDoubling(true), negated(false) - { - if (Q.identity) - { - sixteenY4 = P.x = P.y = mr.MultiplicativeIdentity(); - aZ4 = P.z = mr.Identity(); - } - else - { - P.x = Q.x; - P.y = Q.y; - sixteenY4 = P.z = mr.MultiplicativeIdentity(); - aZ4 = m_a; - } - } - - void Double() - { - twoY = mr.Double(P.y); - P.z = mr.Multiply(P.z, twoY); - fourY2 = mr.Square(twoY); - S = mr.Multiply(fourY2, P.x); - aZ4 = mr.Multiply(aZ4, sixteenY4); - M = mr.Square(P.x); - M = mr.Add(mr.Add(mr.Double(M), M), aZ4); - P.x = mr.Square(M); - mr.Reduce(P.x, S); - mr.Reduce(P.x, S); - mr.Reduce(S, P.x); - P.y = mr.Multiply(M, S); - sixteenY4 = mr.Square(fourY2); - mr.Reduce(P.y, mr.Half(sixteenY4)); - } - - const ModularArithmetic &mr; - ProjectivePoint P; - bool firstDoubling, negated; - Integer sixteenY4, aZ4, twoY, fourY2, S, M; -}; - -struct ZIterator -{ - ZIterator() {} - ZIterator(std::vector<ProjectivePoint>::iterator it) : it(it) {} - Integer& operator*() {return it->z;} - int operator-(ZIterator it2) {return int(it-it2.it);} - ZIterator operator+(int i) {return ZIterator(it+i);} - ZIterator& operator+=(int i) {it+=i; return *this;} - std::vector<ProjectivePoint>::iterator it; -}; - -ECP::Point ECP::ScalarMultiply(const Point &P, const Integer &k) const -{ - Element result; - if (k.BitCount() <= 5) - AbstractGroup<ECPPoint>::SimultaneousMultiply(&result, P, &k, 1); - else - ECP::SimultaneousMultiply(&result, P, &k, 1); - return result; -} - -void ECP::SimultaneousMultiply(ECP::Point *results, const ECP::Point &P, const Integer *expBegin, unsigned int expCount) const -{ - if (!GetField().IsMontgomeryRepresentation()) - { - ECP ecpmr(*this, true); - const ModularArithmetic &mr = ecpmr.GetField(); - ecpmr.SimultaneousMultiply(results, ToMontgomery(mr, P), expBegin, expCount); - for (unsigned int i=0; i<expCount; i++) - results[i] = FromMontgomery(mr, results[i]); - return; - } - - ProjectiveDoubling rd(GetField(), m_a, m_b, P); - std::vector<ProjectivePoint> bases; - std::vector<WindowSlider> exponents; - exponents.reserve(expCount); - std::vector<std::vector<word32> > baseIndices(expCount); - std::vector<std::vector<bool> > negateBase(expCount); - std::vector<std::vector<word32> > exponentWindows(expCount); - unsigned int i; - - for (i=0; i<expCount; i++) - { - assert(expBegin->NotNegative()); - exponents.push_back(WindowSlider(*expBegin++, InversionIsFast(), 5)); - exponents[i].FindNextWindow(); - } - - unsigned int expBitPosition = 0; - bool notDone = true; - - while (notDone) - { - notDone = false; - bool baseAdded = false; - for (i=0; i<expCount; i++) - { - if (!exponents[i].finished && expBitPosition == exponents[i].windowBegin) - { - if (!baseAdded) - { - bases.push_back(rd.P); - baseAdded =true; - } - - exponentWindows[i].push_back(exponents[i].expWindow); - baseIndices[i].push_back((word32)bases.size()-1); - negateBase[i].push_back(exponents[i].negateNext); - - exponents[i].FindNextWindow(); - } - notDone = notDone || !exponents[i].finished; - } - - if (notDone) - { - rd.Double(); - expBitPosition++; - } - } - - // convert from projective to affine coordinates - ParallelInvert(GetField(), ZIterator(bases.begin()), ZIterator(bases.end())); - for (i=0; i<bases.size(); i++) - { - if (bases[i].z.NotZero()) - { - bases[i].y = GetField().Multiply(bases[i].y, bases[i].z); - bases[i].z = GetField().Square(bases[i].z); - bases[i].x = GetField().Multiply(bases[i].x, bases[i].z); - bases[i].y = GetField().Multiply(bases[i].y, bases[i].z); - } - } - - std::vector<BaseAndExponent<Point, Integer> > finalCascade; - for (i=0; i<expCount; i++) - { - finalCascade.resize(baseIndices[i].size()); - for (unsigned int j=0; j<baseIndices[i].size(); j++) - { - ProjectivePoint &base = bases[baseIndices[i][j]]; - if (base.z.IsZero()) - finalCascade[j].base.identity = true; - else - { - finalCascade[j].base.identity = false; - finalCascade[j].base.x = base.x; - if (negateBase[i][j]) - finalCascade[j].base.y = GetField().Inverse(base.y); - else - finalCascade[j].base.y = base.y; - } - finalCascade[j].exponent = Integer(Integer::POSITIVE, 0, exponentWindows[i][j]); - } - results[i] = GeneralCascadeMultiplication(*this, finalCascade.begin(), finalCascade.end()); - } -} - -ECP::Point ECP::CascadeScalarMultiply(const Point &P, const Integer &k1, const Point &Q, const Integer &k2) const -{ - if (!GetField().IsMontgomeryRepresentation()) - { - ECP ecpmr(*this, true); - const ModularArithmetic &mr = ecpmr.GetField(); - return FromMontgomery(mr, ecpmr.CascadeScalarMultiply(ToMontgomery(mr, P), k1, ToMontgomery(mr, Q), k2)); - } - else - return AbstractGroup<Point>::CascadeScalarMultiply(P, k1, Q, k2); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ecp.h b/cryptopp562/ecp.h deleted file mode 100644 index d946be6..0000000 --- a/cryptopp562/ecp.h +++ /dev/null @@ -1,126 +0,0 @@ -#ifndef CRYPTOPP_ECP_H -#define CRYPTOPP_ECP_H - -#include "modarith.h" -#include "eprecomp.h" -#include "smartptr.h" -#include "pubkey.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Elliptical Curve Point -struct CRYPTOPP_DLL ECPPoint -{ - ECPPoint() : identity(true) {} - ECPPoint(const Integer &x, const Integer &y) - : identity(false), x(x), y(y) {} - - bool operator==(const ECPPoint &t) const - {return (identity && t.identity) || (!identity && !t.identity && x==t.x && y==t.y);} - bool operator< (const ECPPoint &t) const - {return identity ? !t.identity : (!t.identity && (x<t.x || (x==t.x && y<t.y)));} - - bool identity; - Integer x, y; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<ECPPoint>; - -//! Elliptic Curve over GF(p), where p is prime -class CRYPTOPP_DLL ECP : public AbstractGroup<ECPPoint> -{ -public: - typedef ModularArithmetic Field; - typedef Integer FieldElement; - typedef ECPPoint Point; - - ECP() {} - ECP(const ECP &ecp, bool convertToMontgomeryRepresentation = false); - ECP(const Integer &modulus, const FieldElement &a, const FieldElement &b) - : m_fieldPtr(new Field(modulus)), m_a(a.IsNegative() ? modulus+a : a), m_b(b) {} - // construct from BER encoded parameters - // this constructor will decode and extract the the fields fieldID and curve of the sequence ECParameters - ECP(BufferedTransformation &bt); - - // encode the fields fieldID and curve of the sequence ECParameters - void DEREncode(BufferedTransformation &bt) const; - - bool Equal(const Point &P, const Point &Q) const; - const Point& Identity() const; - const Point& Inverse(const Point &P) const; - bool InversionIsFast() const {return true;} - const Point& Add(const Point &P, const Point &Q) const; - const Point& Double(const Point &P) const; - Point ScalarMultiply(const Point &P, const Integer &k) const; - Point CascadeScalarMultiply(const Point &P, const Integer &k1, const Point &Q, const Integer &k2) const; - void SimultaneousMultiply(Point *results, const Point &base, const Integer *exponents, unsigned int exponentsCount) const; - - Point Multiply(const Integer &k, const Point &P) const - {return ScalarMultiply(P, k);} - Point CascadeMultiply(const Integer &k1, const Point &P, const Integer &k2, const Point &Q) const - {return CascadeScalarMultiply(P, k1, Q, k2);} - - bool ValidateParameters(RandomNumberGenerator &rng, unsigned int level=3) const; - bool VerifyPoint(const Point &P) const; - - unsigned int EncodedPointSize(bool compressed = false) const - {return 1 + (compressed?1:2)*GetField().MaxElementByteLength();} - // returns false if point is compressed and not valid (doesn't check if uncompressed) - bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const; - bool DecodePoint(Point &P, const byte *encodedPoint, size_t len) const; - void EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const; - void EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const; - - Point BERDecodePoint(BufferedTransformation &bt) const; - void DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const; - - Integer FieldSize() const {return GetField().GetModulus();} - const Field & GetField() const {return *m_fieldPtr;} - const FieldElement & GetA() const {return m_a;} - const FieldElement & GetB() const {return m_b;} - - bool operator==(const ECP &rhs) const - {return GetField() == rhs.GetField() && m_a == rhs.m_a && m_b == rhs.m_b;} - -private: - clonable_ptr<Field> m_fieldPtr; - FieldElement m_a, m_b; - mutable Point m_R; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_FixedBasePrecomputationImpl<ECP::Point>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupPrecomputation<ECP::Point>; - -template <class T> class EcPrecomputation; - -//! ECP precomputation -template<> class EcPrecomputation<ECP> : public DL_GroupPrecomputation<ECP::Point> -{ -public: - typedef ECP EllipticCurve; - - // DL_GroupPrecomputation - bool NeedConversions() const {return true;} - Element ConvertIn(const Element &P) const - {return P.identity ? P : ECP::Point(m_ec->GetField().ConvertIn(P.x), m_ec->GetField().ConvertIn(P.y));}; - Element ConvertOut(const Element &P) const - {return P.identity ? P : ECP::Point(m_ec->GetField().ConvertOut(P.x), m_ec->GetField().ConvertOut(P.y));} - const AbstractGroup<Element> & GetGroup() const {return *m_ec;} - Element BERDecodeElement(BufferedTransformation &bt) const {return m_ec->BERDecodePoint(bt);} - void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {m_ec->DEREncodePoint(bt, v, false);} - - // non-inherited - void SetCurve(const ECP &ec) - { - m_ec.reset(new ECP(ec, true)); - m_ecOriginal = ec; - } - const ECP & GetCurve() const {return *m_ecOriginal;} - -private: - value_ptr<ECP> m_ec, m_ecOriginal; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/elgamal.cpp b/cryptopp562/elgamal.cpp deleted file mode 100644 index b58fe7c..0000000 --- a/cryptopp562/elgamal.cpp +++ /dev/null @@ -1,17 +0,0 @@ -// elgamal.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "elgamal.h" -#include "asn.h" -#include "nbtheory.h" - -NAMESPACE_BEGIN(CryptoPP) - -void ElGamal_TestInstantiations() -{ - ElGamalEncryptor test1(1, 1, 1); - ElGamalDecryptor test2(NullRNG(), 123); - ElGamalEncryptor test3(test2); -} - -NAMESPACE_END diff --git a/cryptopp562/elgamal.h b/cryptopp562/elgamal.h deleted file mode 100644 index 9afc30e..0000000 --- a/cryptopp562/elgamal.h +++ /dev/null @@ -1,121 +0,0 @@ -#ifndef CRYPTOPP_ELGAMAL_H -#define CRYPTOPP_ELGAMAL_H - -#include "modexppc.h" -#include "dsa.h" - -NAMESPACE_BEGIN(CryptoPP) - -class CRYPTOPP_NO_VTABLE ElGamalBase : public DL_KeyAgreementAlgorithm_DH<Integer, NoCofactorMultiplication>, - public DL_KeyDerivationAlgorithm<Integer>, - public DL_SymmetricEncryptionAlgorithm -{ -public: - void Derive(const DL_GroupParameters<Integer> &groupParams, byte *derivedKey, size_t derivedLength, const Integer &agreedElement, const Integer &ephemeralPublicKey, const NameValuePairs &derivationParams) const - { - agreedElement.Encode(derivedKey, derivedLength); - } - - size_t GetSymmetricKeyLength(size_t plainTextLength) const - { - return GetGroupParameters().GetModulus().ByteCount(); - } - - size_t GetSymmetricCiphertextLength(size_t plainTextLength) const - { - unsigned int len = GetGroupParameters().GetModulus().ByteCount(); - if (plainTextLength <= GetMaxSymmetricPlaintextLength(len)) - return len; - else - return 0; - } - - size_t GetMaxSymmetricPlaintextLength(size_t cipherTextLength) const - { - unsigned int len = GetGroupParameters().GetModulus().ByteCount(); - if (cipherTextLength == len) - return STDMIN(255U, len-3); - else - return 0; - } - - void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plainText, size_t plainTextLength, byte *cipherText, const NameValuePairs ¶meters) const - { - const Integer &p = GetGroupParameters().GetModulus(); - unsigned int modulusLen = p.ByteCount(); - - SecByteBlock block(modulusLen-1); - rng.GenerateBlock(block, modulusLen-2-plainTextLength); - memcpy(block+modulusLen-2-plainTextLength, plainText, plainTextLength); - block[modulusLen-2] = (byte)plainTextLength; - - a_times_b_mod_c(Integer(key, modulusLen), Integer(block, modulusLen-1), p).Encode(cipherText, modulusLen); - } - - DecodingResult SymmetricDecrypt(const byte *key, const byte *cipherText, size_t cipherTextLength, byte *plainText, const NameValuePairs ¶meters) const - { - const Integer &p = GetGroupParameters().GetModulus(); - unsigned int modulusLen = p.ByteCount(); - - if (cipherTextLength != modulusLen) - return DecodingResult(); - - Integer m = a_times_b_mod_c(Integer(cipherText, modulusLen), Integer(key, modulusLen).InverseMod(p), p); - - m.Encode(plainText, 1); - unsigned int plainTextLength = plainText[0]; - if (plainTextLength > GetMaxSymmetricPlaintextLength(modulusLen)) - return DecodingResult(); - m >>= 8; - m.Encode(plainText, plainTextLength); - return DecodingResult(plainTextLength); - } - - virtual const DL_GroupParameters_GFP & GetGroupParameters() const =0; -}; - -template <class BASE, class SCHEME_OPTIONS, class KEY> -class ElGamalObjectImpl : public DL_ObjectImplBase<BASE, SCHEME_OPTIONS, KEY>, public ElGamalBase -{ -public: - size_t FixedMaxPlaintextLength() const {return this->MaxPlaintextLength(FixedCiphertextLength());} - size_t FixedCiphertextLength() const {return this->CiphertextLength(0);} - - const DL_GroupParameters_GFP & GetGroupParameters() const {return this->GetKey().GetGroupParameters();} - - DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const - {return Decrypt(rng, cipherText, FixedCiphertextLength(), plainText);} - -protected: - const DL_KeyAgreementAlgorithm<Integer> & GetKeyAgreementAlgorithm() const {return *this;} - const DL_KeyDerivationAlgorithm<Integer> & GetKeyDerivationAlgorithm() const {return *this;} - const DL_SymmetricEncryptionAlgorithm & GetSymmetricEncryptionAlgorithm() const {return *this;} -}; - -struct ElGamalKeys -{ - typedef DL_CryptoKeys_GFP::GroupParameters GroupParameters; - typedef DL_PrivateKey_GFP_OldFormat<DL_CryptoKeys_GFP::PrivateKey> PrivateKey; - typedef DL_PublicKey_GFP_OldFormat<DL_CryptoKeys_GFP::PublicKey> PublicKey; -}; - -//! ElGamal encryption scheme with non-standard padding -struct ElGamal -{ - typedef DL_CryptoSchemeOptions<ElGamal, ElGamalKeys, int, int, int> SchemeOptions; - - static const char * StaticAlgorithmName() {return "ElgamalEnc/Crypto++Padding";} - - typedef SchemeOptions::GroupParameters GroupParameters; - //! implements PK_Encryptor interface - typedef PK_FinalTemplate<ElGamalObjectImpl<DL_EncryptorBase<Integer>, SchemeOptions, SchemeOptions::PublicKey> > Encryptor; - //! implements PK_Decryptor interface - typedef PK_FinalTemplate<ElGamalObjectImpl<DL_DecryptorBase<Integer>, SchemeOptions, SchemeOptions::PrivateKey> > Decryptor; -}; - -typedef ElGamal::Encryptor ElGamalEncryptor; -typedef ElGamal::Decryptor ElGamalDecryptor; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/emsa2.cpp b/cryptopp562/emsa2.cpp deleted file mode 100644 index 3dbb7e8..0000000 --- a/cryptopp562/emsa2.cpp +++ /dev/null @@ -1,34 +0,0 @@ -// emsa2.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "emsa2.h" - -#ifndef CRYPTOPP_IMPORTS - -NAMESPACE_BEGIN(CryptoPP) - -void EMSA2Pad::ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize())); - - if (representativeBitLength % 8 != 7) - throw PK_SignatureScheme::InvalidKeyLength("EMSA2: EMSA2 requires a key length that is a multiple of 8"); - - size_t digestSize = hash.DigestSize(); - size_t representativeByteLength = BitsToBytes(representativeBitLength); - - representative[0] = messageEmpty ? 0x4b : 0x6b; - memset(representative+1, 0xbb, representativeByteLength-digestSize-4); // pad with 0xbb - byte *afterP2 = representative+representativeByteLength-digestSize-3; - afterP2[0] = 0xba; - hash.Final(afterP2+1); - representative[representativeByteLength-2] = *hashIdentifier.first; - representative[representativeByteLength-1] = 0xcc; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/emsa2.h b/cryptopp562/emsa2.h deleted file mode 100644 index 49109e6..0000000 --- a/cryptopp562/emsa2.h +++ /dev/null @@ -1,86 +0,0 @@ -#ifndef CRYPTOPP_EMSA2_H -#define CRYPTOPP_EMSA2_H - -/** \file - This file contains various padding schemes for public key algorithms. -*/ - -#include "cryptlib.h" -#include "pubkey.h" - -#ifdef CRYPTOPP_IS_DLL -#include "sha.h" -#endif - -NAMESPACE_BEGIN(CryptoPP) - -template <class H> class EMSA2HashId -{ -public: - static const byte id; -}; - -template <class BASE> -class EMSA2HashIdLookup : public BASE -{ -public: - struct HashIdentifierLookup - { - template <class H> struct HashIdentifierLookup2 - { - static HashIdentifier Lookup() - { - return HashIdentifier(&EMSA2HashId<H>::id, 1); - } - }; - }; -}; - -// EMSA2HashId can be instantiated with the following classes. -class SHA1; -class RIPEMD160; -class RIPEMD128; -class SHA256; -class SHA384; -class SHA512; -class Whirlpool; -class SHA224; -// end of list - -#ifdef CRYPTOPP_IS_DLL -CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId<SHA1>; -CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId<SHA224>; -CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId<SHA256>; -CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId<SHA384>; -CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId<SHA512>; -#endif - -//! _ -class CRYPTOPP_DLL EMSA2Pad : public EMSA2HashIdLookup<PK_DeterministicSignatureMessageEncodingMethod> -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "EMSA2";} - - size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const - {return 8*digestLength + 31;} - - void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; -}; - -//! EMSA2, for use with RWSS and RSA_ISO -/*! Only the following hash functions are supported by this signature standard: - \dontinclude emsa2.h - \skip EMSA2HashId can be instantiated - \until end of list -*/ -struct P1363_EMSA2 : public SignatureStandard -{ - typedef EMSA2Pad SignatureMessageEncodingMethod; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/eprecomp.cpp b/cryptopp562/eprecomp.cpp deleted file mode 100644 index a061cf6..0000000 --- a/cryptopp562/eprecomp.cpp +++ /dev/null @@ -1,112 +0,0 @@ -// eprecomp.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "eprecomp.h" -#include "asn.h" - -NAMESPACE_BEGIN(CryptoPP) - -template <class T> void DL_FixedBasePrecomputationImpl<T>::SetBase(const DL_GroupPrecomputation<Element> &group, const Element &i_base) -{ - m_base = group.NeedConversions() ? group.ConvertIn(i_base) : i_base; - - if (m_bases.empty() || !(m_base == m_bases[0])) - { - m_bases.resize(1); - m_bases[0] = m_base; - } - - if (group.NeedConversions()) - m_base = i_base; -} - -template <class T> void DL_FixedBasePrecomputationImpl<T>::Precompute(const DL_GroupPrecomputation<Element> &group, unsigned int maxExpBits, unsigned int storage) -{ - assert(m_bases.size() > 0); - assert(storage <= maxExpBits); - - if (storage > 1) - { - m_windowSize = (maxExpBits+storage-1)/storage; - m_exponentBase = Integer::Power2(m_windowSize); - } - - m_bases.resize(storage); - for (unsigned i=1; i<storage; i++) - m_bases[i] = group.GetGroup().ScalarMultiply(m_bases[i-1], m_exponentBase); -} - -template <class T> void DL_FixedBasePrecomputationImpl<T>::Load(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - word32 version; - BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1); - m_exponentBase.BERDecode(seq); - m_windowSize = m_exponentBase.BitCount() - 1; - m_bases.clear(); - while (!seq.EndReached()) - m_bases.push_back(group.BERDecodeElement(seq)); - if (!m_bases.empty() && group.NeedConversions()) - m_base = group.ConvertOut(m_bases[0]); - seq.MessageEnd(); -} - -template <class T> void DL_FixedBasePrecomputationImpl<T>::Save(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - DEREncodeUnsigned<word32>(seq, 1); // version - m_exponentBase.DEREncode(seq); - for (unsigned i=0; i<m_bases.size(); i++) - group.DEREncodeElement(seq, m_bases[i]); - seq.MessageEnd(); -} - -template <class T> void DL_FixedBasePrecomputationImpl<T>::PrepareCascade(const DL_GroupPrecomputation<Element> &i_group, std::vector<BaseAndExponent<Element> > &eb, const Integer &exponent) const -{ - const AbstractGroup<T> &group = i_group.GetGroup(); - - Integer r, q, e = exponent; - bool fastNegate = group.InversionIsFast() && m_windowSize > 1; - unsigned int i; - - for (i=0; i+1<m_bases.size(); i++) - { - Integer::DivideByPowerOf2(r, q, e, m_windowSize); - std::swap(q, e); - if (fastNegate && r.GetBit(m_windowSize-1)) - { - ++e; - eb.push_back(BaseAndExponent<Element>(group.Inverse(m_bases[i]), m_exponentBase - r)); - } - else - eb.push_back(BaseAndExponent<Element>(m_bases[i], r)); - } - eb.push_back(BaseAndExponent<Element>(m_bases[i], e)); -} - -template <class T> T DL_FixedBasePrecomputationImpl<T>::Exponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent) const -{ - std::vector<BaseAndExponent<Element> > eb; // array of segments of the exponent and precalculated bases - eb.reserve(m_bases.size()); - PrepareCascade(group, eb, exponent); - return group.ConvertOut(GeneralCascadeMultiplication<Element>(group.GetGroup(), eb.begin(), eb.end())); -} - -template <class T> T - DL_FixedBasePrecomputationImpl<T>::CascadeExponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent, - const DL_FixedBasePrecomputation<T> &i_pc2, const Integer &exponent2) const -{ - std::vector<BaseAndExponent<Element> > eb; // array of segments of the exponent and precalculated bases - const DL_FixedBasePrecomputationImpl<T> &pc2 = static_cast<const DL_FixedBasePrecomputationImpl<T> &>(i_pc2); - eb.reserve(m_bases.size() + pc2.m_bases.size()); - PrepareCascade(group, eb, exponent); - pc2.PrepareCascade(group, eb, exponent2); - return group.ConvertOut(GeneralCascadeMultiplication<Element>(group.GetGroup(), eb.begin(), eb.end())); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/eprecomp.h b/cryptopp562/eprecomp.h deleted file mode 100644 index 1f32567..0000000 --- a/cryptopp562/eprecomp.h +++ /dev/null @@ -1,75 +0,0 @@ -#ifndef CRYPTOPP_EPRECOMP_H -#define CRYPTOPP_EPRECOMP_H - -#include "integer.h" -#include "algebra.h" -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -template <class T> -class DL_GroupPrecomputation -{ -public: - typedef T Element; - - virtual bool NeedConversions() const {return false;} - virtual Element ConvertIn(const Element &v) const {return v;} - virtual Element ConvertOut(const Element &v) const {return v;} - virtual const AbstractGroup<Element> & GetGroup() const =0; - virtual Element BERDecodeElement(BufferedTransformation &bt) const =0; - virtual void DEREncodeElement(BufferedTransformation &bt, const Element &P) const =0; -}; - -template <class T> -class DL_FixedBasePrecomputation -{ -public: - typedef T Element; - - virtual bool IsInitialized() const =0; - virtual void SetBase(const DL_GroupPrecomputation<Element> &group, const Element &base) =0; - virtual const Element & GetBase(const DL_GroupPrecomputation<Element> &group) const =0; - virtual void Precompute(const DL_GroupPrecomputation<Element> &group, unsigned int maxExpBits, unsigned int storage) =0; - virtual void Load(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) =0; - virtual void Save(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) const =0; - virtual Element Exponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent) const =0; - virtual Element CascadeExponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent, const DL_FixedBasePrecomputation<Element> &pc2, const Integer &exponent2) const =0; -}; - -template <class T> -class DL_FixedBasePrecomputationImpl : public DL_FixedBasePrecomputation<T> -{ -public: - typedef T Element; - - DL_FixedBasePrecomputationImpl() : m_windowSize(0) {} - - // DL_FixedBasePrecomputation - bool IsInitialized() const - {return !m_bases.empty();} - void SetBase(const DL_GroupPrecomputation<Element> &group, const Element &base); - const Element & GetBase(const DL_GroupPrecomputation<Element> &group) const - {return group.NeedConversions() ? m_base : m_bases[0];} - void Precompute(const DL_GroupPrecomputation<Element> &group, unsigned int maxExpBits, unsigned int storage); - void Load(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation); - void Save(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) const; - Element Exponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent) const; - Element CascadeExponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent, const DL_FixedBasePrecomputation<Element> &pc2, const Integer &exponent2) const; - -private: - void PrepareCascade(const DL_GroupPrecomputation<Element> &group, std::vector<BaseAndExponent<Element> > &eb, const Integer &exponent) const; - - Element m_base; - unsigned int m_windowSize; - Integer m_exponentBase; // what base to represent the exponent in - std::vector<Element> m_bases; // precalculated bases -}; - -NAMESPACE_END - -#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES -#include "eprecomp.cpp" -#endif - -#endif diff --git a/cryptopp562/esign.cpp b/cryptopp562/esign.cpp deleted file mode 100644 index 8b42c1f..0000000 --- a/cryptopp562/esign.cpp +++ /dev/null @@ -1,210 +0,0 @@ -// esign.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "esign.h" -#include "asn.h" -#include "modarith.h" -#include "nbtheory.h" -#include "sha.h" -#include "algparam.h" - -NAMESPACE_BEGIN(CryptoPP) - -void ESIGN_TestInstantiations() -{ - ESIGN<SHA>::Verifier x1(1, 1); - ESIGN<SHA>::Signer x2(NullRNG(), 1); - ESIGN<SHA>::Verifier x3(x2); - ESIGN<SHA>::Verifier x4(x2.GetKey()); - ESIGN<SHA>::Verifier x5(x3); - ESIGN<SHA>::Signer x6 = x2; - - x6 = x2; - x3 = ESIGN<SHA>::Verifier(x2); - x4 = x2.GetKey(); -} - -void ESIGNFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - m_e.BERDecode(seq); - seq.MessageEnd(); -} - -void ESIGNFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - m_e.DEREncode(seq); - seq.MessageEnd(); -} - -Integer ESIGNFunction::ApplyFunction(const Integer &x) const -{ - DoQuickSanityCheck(); - return STDMIN(a_exp_b_mod_c(x, m_e, m_n) >> (2*GetK()+2), MaxImage()); -} - -bool ESIGNFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_n > Integer::One() && m_n.IsOdd(); - pass = pass && m_e >= 8 && m_e < m_n; - return pass; -} - -bool ESIGNFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent) - ; -} - -void ESIGNFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent) - ; -} - -// ***************************************************************************** - -void InvertibleESIGNFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶m) -{ - int modulusSize = 1023*2; - param.GetIntValue("ModulusSize", modulusSize) || param.GetIntValue("KeySize", modulusSize); - - if (modulusSize < 24) - throw InvalidArgument("InvertibleESIGNFunction: specified modulus size is too small"); - - if (modulusSize % 3 != 0) - throw InvalidArgument("InvertibleESIGNFunction: modulus size must be divisible by 3"); - - m_e = param.GetValueWithDefault("PublicExponent", Integer(32)); - - if (m_e < 8) - throw InvalidArgument("InvertibleESIGNFunction: public exponents less than 8 may not be secure"); - - // VC70 workaround: putting these after primeParam causes overlapped stack allocation - ConstByteArrayParameter seedParam; - SecByteBlock seed; - - const Integer minP = Integer(204) << (modulusSize/3-8); - const Integer maxP = Integer::Power2(modulusSize/3)-1; - AlgorithmParameters primeParam = MakeParameters("Min", minP)("Max", maxP)("RandomNumberType", Integer::PRIME); - - if (param.GetValue("Seed", seedParam)) - { - seed.resize(seedParam.size() + 4); - memcpy(seed + 4, seedParam.begin(), seedParam.size()); - - PutWord(false, BIG_ENDIAN_ORDER, seed, (word32)0); - m_p.GenerateRandom(rng, CombinedNameValuePairs(primeParam, MakeParameters("Seed", ConstByteArrayParameter(seed)))); - PutWord(false, BIG_ENDIAN_ORDER, seed, (word32)1); - m_q.GenerateRandom(rng, CombinedNameValuePairs(primeParam, MakeParameters("Seed", ConstByteArrayParameter(seed)))); - } - else - { - m_p.GenerateRandom(rng, primeParam); - m_q.GenerateRandom(rng, primeParam); - } - - m_n = m_p * m_p * m_q; - - assert(m_n.BitCount() == modulusSize); -} - -void InvertibleESIGNFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder privateKey(bt); - m_n.BERDecode(privateKey); - m_e.BERDecode(privateKey); - m_p.BERDecode(privateKey); - m_q.BERDecode(privateKey); - privateKey.MessageEnd(); -} - -void InvertibleESIGNFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder privateKey(bt); - m_n.DEREncode(privateKey); - m_e.DEREncode(privateKey); - m_p.DEREncode(privateKey); - m_q.DEREncode(privateKey); - privateKey.MessageEnd(); -} - -Integer InvertibleESIGNFunction::CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const -{ - DoQuickSanityCheck(); - - Integer pq = m_p * m_q; - Integer p2 = m_p * m_p; - Integer r, z, re, a, w0, w1; - - do - { - r.Randomize(rng, Integer::Zero(), pq); - z = x << (2*GetK()+2); - re = a_exp_b_mod_c(r, m_e, m_n); - a = (z - re) % m_n; - Integer::Divide(w1, w0, a, pq); - if (w1.NotZero()) - { - ++w0; - w1 = pq - w1; - } - } - while ((w1 >> 2*GetK()+1).IsPositive()); - - ModularArithmetic modp(m_p); - Integer t = modp.Divide(w0 * r % m_p, m_e * re % m_p); - Integer s = r + t*pq; - assert(s < m_n); -/* - using namespace std; - cout << "f = " << x << endl; - cout << "r = " << r << endl; - cout << "z = " << z << endl; - cout << "a = " << a << endl; - cout << "w0 = " << w0 << endl; - cout << "w1 = " << w1 << endl; - cout << "t = " << t << endl; - cout << "s = " << s << endl; -*/ - return s; -} - -bool InvertibleESIGNFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = ESIGNFunction::Validate(rng, level); - pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n; - pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n; - pass = pass && m_p.BitCount() == m_q.BitCount(); - if (level >= 1) - pass = pass && m_p * m_p * m_q == m_n; - if (level >= 2) - pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); - return pass; -} - -bool InvertibleESIGNFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper<ESIGNFunction>(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_GET_FUNCTION_ENTRY(Prime2) - ; -} - -void InvertibleESIGNFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper<ESIGNFunction>(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime2) - ; -} - -NAMESPACE_END diff --git a/cryptopp562/esign.h b/cryptopp562/esign.h deleted file mode 100644 index 8eecbc5..0000000 --- a/cryptopp562/esign.h +++ /dev/null @@ -1,128 +0,0 @@ -#ifndef CRYPTOPP_ESIGN_H -#define CRYPTOPP_ESIGN_H - -/** \file - This file contains classes that implement the - ESIGN signature schemes as defined in IEEE P1363a. -*/ - -#include "pubkey.h" -#include "integer.h" -#include "asn.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class ESIGNFunction : public TrapdoorFunction, public ASN1CryptoMaterial<PublicKey> -{ - typedef ESIGNFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &e) - {m_n = n; m_e = e;} - - // PublicKey - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - // CryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - // TrapdoorFunction - Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return m_n;} - Integer ImageBound() const {return Integer::Power2(GetK());} - - // non-derived - const Integer & GetModulus() const {return m_n;} - const Integer & GetPublicExponent() const {return m_e;} - - void SetModulus(const Integer &n) {m_n = n;} - void SetPublicExponent(const Integer &e) {m_e = e;} - -protected: - unsigned int GetK() const {return m_n.BitCount()/3-1;} - - Integer m_n, m_e; -}; - -//! _ -class InvertibleESIGNFunction : public ESIGNFunction, public RandomizedTrapdoorFunctionInverse, public PrivateKey -{ - typedef InvertibleESIGNFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &e, const Integer &p, const Integer &q) - {m_n = n; m_e = e; m_p = p; m_q = q;} - // generate a random private key - void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits) - {GenerateRandomWithKeySize(rng, modulusBits);} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const; - - // GeneratibleCryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - /*! parameters: (ModulusSize) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - - const Integer& GetPrime1() const {return m_p;} - const Integer& GetPrime2() const {return m_q;} - - void SetPrime1(const Integer &p) {m_p = p;} - void SetPrime2(const Integer &q) {m_q = q;} - -protected: - Integer m_p, m_q; -}; - -//! _ -template <class T> -class EMSA5Pad : public PK_DeterministicSignatureMessageEncodingMethod -{ -public: - static const char *StaticAlgorithmName() {return "EMSA5";} - - void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const - { - SecByteBlock digest(hash.DigestSize()); - hash.Final(digest); - size_t representativeByteLength = BitsToBytes(representativeBitLength); - T mgf; - mgf.GenerateAndMask(hash, representative, representativeByteLength, digest, digest.size(), false); - if (representativeBitLength % 8 != 0) - representative[0] = (byte)Crop(representative[0], representativeBitLength % 8); - } -}; - -//! EMSA5, for use with ESIGN -struct P1363_EMSA5 : public SignatureStandard -{ - typedef EMSA5Pad<P1363_MGF1> SignatureMessageEncodingMethod; -}; - -struct ESIGN_Keys -{ - static std::string StaticAlgorithmName() {return "ESIGN";} - typedef ESIGNFunction PublicKey; - typedef InvertibleESIGNFunction PrivateKey; -}; - -//! ESIGN, as defined in IEEE P1363a -template <class H, class STANDARD = P1363_EMSA5> -struct ESIGN : public TF_SS<STANDARD, H, ESIGN_Keys> -{ -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/factory.h b/cryptopp562/factory.h deleted file mode 100644 index 5b65db3..0000000 --- a/cryptopp562/factory.h +++ /dev/null @@ -1,136 +0,0 @@ -#ifndef CRYPTOPP_OBJFACT_H -#define CRYPTOPP_OBJFACT_H - -#include "cryptlib.h" -#include <map> -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class AbstractClass> -class ObjectFactory -{ -public: - virtual ~ObjectFactory () {} - virtual AbstractClass * CreateObject() const =0; -}; - -//! _ -template <class AbstractClass, class ConcreteClass> -class DefaultObjectFactory : public ObjectFactory<AbstractClass> -{ -public: - AbstractClass * CreateObject() const - { - return new ConcreteClass; - } - -}; - -//! _ -template <class AbstractClass, int instance=0> -class ObjectFactoryRegistry -{ -public: - class FactoryNotFound : public Exception - { - public: - FactoryNotFound(const char *name) : Exception(OTHER_ERROR, std::string("ObjectFactoryRegistry: could not find factory for algorithm ") + name) {} - }; - - ~ObjectFactoryRegistry() - { - for (CPP_TYPENAME Map::iterator i = m_map.begin(); i != m_map.end(); ++i) - { - delete (ObjectFactory<AbstractClass> *)i->second; - i->second = NULL; - } - } - - void RegisterFactory(const std::string &name, ObjectFactory<AbstractClass> *factory) - { - m_map[name] = factory; - } - - const ObjectFactory<AbstractClass> * GetFactory(const char *name) const - { - CPP_TYPENAME Map::const_iterator i = m_map.find(name); - return i == m_map.end() ? NULL : (ObjectFactory<AbstractClass> *)i->second; - } - - AbstractClass *CreateObject(const char *name) const - { - const ObjectFactory<AbstractClass> *factory = GetFactory(name); - if (!factory) - throw FactoryNotFound(name); - return factory->CreateObject(); - } - - // Return a vector containing the factory names. This is easier than returning an iterator. - // from Andrew Pitonyak - std::vector<std::string> GetFactoryNames() const - { - std::vector<std::string> names; - CPP_TYPENAME Map::const_iterator iter; - for (iter = m_map.begin(); iter != m_map.end(); ++iter) - names.push_back(iter->first); - return names; - } - - CRYPTOPP_NOINLINE static ObjectFactoryRegistry<AbstractClass, instance> & Registry(CRYPTOPP_NOINLINE_DOTDOTDOT); - -private: - // use void * instead of ObjectFactory<AbstractClass> * to save code size - typedef std::map<std::string, void *> Map; - Map m_map; -}; - -template <class AbstractClass, int instance> -ObjectFactoryRegistry<AbstractClass, instance> & ObjectFactoryRegistry<AbstractClass, instance>::Registry(CRYPTOPP_NOINLINE_DOTDOTDOT) -{ - static ObjectFactoryRegistry<AbstractClass, instance> s_registry; - return s_registry; -} - -template <class AbstractClass, class ConcreteClass, int instance = 0> -struct RegisterDefaultFactoryFor { -RegisterDefaultFactoryFor(const char *name=NULL) -{ - // BCB2006 workaround - std::string n = name ? std::string(name) : std::string(ConcreteClass::StaticAlgorithmName()); - ObjectFactoryRegistry<AbstractClass, instance>::Registry(). - RegisterFactory(n, new DefaultObjectFactory<AbstractClass, ConcreteClass>); -}}; - -template <class SchemeClass> -void RegisterAsymmetricCipherDefaultFactories(const char *name=NULL, SchemeClass *dummy=NULL) -{ - RegisterDefaultFactoryFor<PK_Encryptor, CPP_TYPENAME SchemeClass::Encryptor>((const char *)name); - RegisterDefaultFactoryFor<PK_Decryptor, CPP_TYPENAME SchemeClass::Decryptor>((const char *)name); -} - -template <class SchemeClass> -void RegisterSignatureSchemeDefaultFactories(const char *name=NULL, SchemeClass *dummy=NULL) -{ - RegisterDefaultFactoryFor<PK_Signer, CPP_TYPENAME SchemeClass::Signer>((const char *)name); - RegisterDefaultFactoryFor<PK_Verifier, CPP_TYPENAME SchemeClass::Verifier>((const char *)name); -} - -template <class SchemeClass> -void RegisterSymmetricCipherDefaultFactories(const char *name=NULL, SchemeClass *dummy=NULL) -{ - RegisterDefaultFactoryFor<SymmetricCipher, CPP_TYPENAME SchemeClass::Encryption, ENCRYPTION>((const char *)name); - RegisterDefaultFactoryFor<SymmetricCipher, CPP_TYPENAME SchemeClass::Decryption, DECRYPTION>((const char *)name); -} - -template <class SchemeClass> -void RegisterAuthenticatedSymmetricCipherDefaultFactories(const char *name=NULL, SchemeClass *dummy=NULL) -{ - RegisterDefaultFactoryFor<AuthenticatedSymmetricCipher, CPP_TYPENAME SchemeClass::Encryption, ENCRYPTION>((const char *)name); - RegisterDefaultFactoryFor<AuthenticatedSymmetricCipher, CPP_TYPENAME SchemeClass::Decryption, DECRYPTION>((const char *)name); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/files.cpp b/cryptopp562/files.cpp deleted file mode 100644 index 453b562..0000000 --- a/cryptopp562/files.cpp +++ /dev/null @@ -1,259 +0,0 @@ -// files.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "files.h" - -#include <limits> - -NAMESPACE_BEGIN(CryptoPP) - -using namespace std; - -#ifndef NDEBUG -void Files_TestInstantiations() -{ - FileStore f0; - FileSource f1; - FileSink f2; -} -#endif - -void FileStore::StoreInitialize(const NameValuePairs ¶meters) -{ - m_waiting = false; - m_stream = NULL; - m_file.release(); - - const char *fileName = NULL; -#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 - const wchar_t *fileNameWide = NULL; - if (!parameters.GetValue(Name::InputFileNameWide(), fileNameWide)) -#endif - if (!parameters.GetValue(Name::InputFileName(), fileName)) - { - parameters.GetValue(Name::InputStreamPointer(), m_stream); - return; - } - - ios::openmode binary = parameters.GetValueWithDefault(Name::InputBinaryMode(), true) ? ios::binary : ios::openmode(0); - m_file.reset(new std::ifstream); -#ifdef CRYPTOPP_UNIX_AVAILABLE - std::string narrowed; - if (fileNameWide) - fileName = (narrowed = StringNarrow(fileNameWide)).c_str(); -#endif -#if _MSC_VER >= 1400 - if (fileNameWide) - { - m_file->open(fileNameWide, ios::in | binary); - if (!*m_file) - throw OpenErr(StringNarrow(fileNameWide, false)); - } -#endif - if (fileName) - { - m_file->open(fileName, ios::in | binary); - if (!*m_file) - throw OpenErr(fileName); - } - m_stream = m_file.get(); -} - -lword FileStore::MaxRetrievable() const -{ - if (!m_stream) - return 0; - - streampos current = m_stream->tellg(); - streampos end = m_stream->seekg(0, ios::end).tellg(); - m_stream->seekg(current); - return end-current; -} - -size_t FileStore::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - if (!m_stream) - { - transferBytes = 0; - return 0; - } - - lword size=transferBytes; - transferBytes = 0; - - if (m_waiting) - goto output; - - while (size && m_stream->good()) - { - { - size_t spaceSize = 1024; - m_space = HelpCreatePutSpace(target, channel, 1, UnsignedMin(size_t(0)-1, size), spaceSize); - - m_stream->read((char *)m_space, (unsigned int)STDMIN(size, (lword)spaceSize)); - } - m_len = (size_t)m_stream->gcount(); - size_t blockedBytes; -output: - blockedBytes = target.ChannelPutModifiable2(channel, m_space, m_len, 0, blocking); - m_waiting = blockedBytes > 0; - if (m_waiting) - return blockedBytes; - size -= m_len; - transferBytes += m_len; - } - - if (!m_stream->good() && !m_stream->eof()) - throw ReadErr(); - - return 0; -} - -size_t FileStore::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - if (!m_stream) - return 0; - - if (begin == 0 && end == 1) - { - int result = m_stream->peek(); - if (result == char_traits<char>::eof()) - return 0; - else - { - size_t blockedBytes = target.ChannelPut(channel, byte(result), blocking); - begin += 1-blockedBytes; - return blockedBytes; - } - } - - // TODO: figure out what happens on cin - streampos current = m_stream->tellg(); - streampos endPosition = m_stream->seekg(0, ios::end).tellg(); - streampos newPosition = current + (streamoff)begin; - - if (newPosition >= endPosition) - { - m_stream->seekg(current); - return 0; // don't try to seek beyond the end of file - } - m_stream->seekg(newPosition); - try - { - assert(!m_waiting); - lword copyMax = end-begin; - size_t blockedBytes = const_cast<FileStore *>(this)->TransferTo2(target, copyMax, channel, blocking); - begin += copyMax; - if (blockedBytes) - { - const_cast<FileStore *>(this)->m_waiting = false; - return blockedBytes; - } - } - catch(...) - { - m_stream->clear(); - m_stream->seekg(current); - throw; - } - m_stream->clear(); - m_stream->seekg(current); - - return 0; -} - -lword FileStore::Skip(lword skipMax) -{ - if (!m_stream) - return 0; - - lword oldPos = m_stream->tellg(); - std::istream::off_type offset; - if (!SafeConvert(skipMax, offset)) - throw InvalidArgument("FileStore: maximum seek offset exceeded"); - m_stream->seekg(offset, ios::cur); - return (lword)m_stream->tellg() - oldPos; -} - -void FileSink::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_stream = NULL; - m_file.release(); - - const char *fileName = NULL; -#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 - const wchar_t *fileNameWide = NULL; - if (!parameters.GetValue(Name::OutputFileNameWide(), fileNameWide)) -#endif - if (!parameters.GetValue(Name::OutputFileName(), fileName)) - { - parameters.GetValue(Name::OutputStreamPointer(), m_stream); - return; - } - - ios::openmode binary = parameters.GetValueWithDefault(Name::OutputBinaryMode(), true) ? ios::binary : ios::openmode(0); - m_file.reset(new std::ofstream); -#ifdef CRYPTOPP_UNIX_AVAILABLE - std::string narrowed; - if (fileNameWide) - fileName = (narrowed = StringNarrow(fileNameWide)).c_str(); -#endif -#if _MSC_VER >= 1400 - if (fileNameWide) - { - m_file->open(fileNameWide, ios::out | ios::trunc | binary); - if (!*m_file) - throw OpenErr(StringNarrow(fileNameWide, false)); - } -#endif - if (fileName) - { - m_file->open(fileName, ios::out | ios::trunc | binary); - if (!*m_file) - throw OpenErr(fileName); - } - m_stream = m_file.get(); -} - -bool FileSink::IsolatedFlush(bool hardFlush, bool blocking) -{ - if (!m_stream) - throw Err("FileSink: output stream not opened"); - - m_stream->flush(); - if (!m_stream->good()) - throw WriteErr(); - - return false; -} - -size_t FileSink::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - if (!m_stream) - throw Err("FileSink: output stream not opened"); - - while (length > 0) - { - std::streamsize size; - if (!SafeConvert(length, size)) - size = numeric_limits<std::streamsize>::max(); - m_stream->write((const char *)inString, size); - inString += size; - length -= (size_t)size; - } - - if (messageEnd) - m_stream->flush(); - - if (!m_stream->good()) - throw WriteErr(); - - return 0; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/files.h b/cryptopp562/files.h deleted file mode 100644 index a47e856..0000000 --- a/cryptopp562/files.h +++ /dev/null @@ -1,112 +0,0 @@ -#ifndef CRYPTOPP_FILES_H -#define CRYPTOPP_FILES_H - -#include "cryptlib.h" -#include "filters.h" -#include "argnames.h" - -#include <iostream> -#include <fstream> - -NAMESPACE_BEGIN(CryptoPP) - -//! file-based implementation of Store interface -class CRYPTOPP_DLL FileStore : public Store, private FilterPutSpaceHelper, public NotCopyable -{ -public: - class Err : public Exception - { - public: - Err(const std::string &s) : Exception(IO_ERROR, s) {} - }; - class OpenErr : public Err {public: OpenErr(const std::string &filename) : Err("FileStore: error opening file for reading: " + filename) {}}; - class ReadErr : public Err {public: ReadErr() : Err("FileStore: error reading file") {}}; - - FileStore() : m_stream(NULL) {} - FileStore(std::istream &in) - {StoreInitialize(MakeParameters(Name::InputStreamPointer(), &in));} - FileStore(const char *filename) - {StoreInitialize(MakeParameters(Name::InputFileName(), filename));} -#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 - //! specify file with Unicode name. On non-Windows OS, this function assumes that setlocale() has been called. - FileStore(const wchar_t *filename) - {StoreInitialize(MakeParameters(Name::InputFileNameWide(), filename));} -#endif - - std::istream* GetStream() {return m_stream;} - - lword MaxRetrievable() const; - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - lword Skip(lword skipMax=ULONG_MAX); - -private: - void StoreInitialize(const NameValuePairs ¶meters); - - member_ptr<std::ifstream> m_file; - std::istream *m_stream; - byte *m_space; - size_t m_len; - bool m_waiting; -}; - -//! file-based implementation of Source interface -class CRYPTOPP_DLL FileSource : public SourceTemplate<FileStore> -{ -public: - typedef FileStore::Err Err; - typedef FileStore::OpenErr OpenErr; - typedef FileStore::ReadErr ReadErr; - - FileSource(BufferedTransformation *attachment = NULL) - : SourceTemplate<FileStore>(attachment) {} - FileSource(std::istream &in, bool pumpAll, BufferedTransformation *attachment = NULL) - : SourceTemplate<FileStore>(attachment) {SourceInitialize(pumpAll, MakeParameters(Name::InputStreamPointer(), &in));} - FileSource(const char *filename, bool pumpAll, BufferedTransformation *attachment = NULL, bool binary=true) - : SourceTemplate<FileStore>(attachment) {SourceInitialize(pumpAll, MakeParameters(Name::InputFileName(), filename)(Name::InputBinaryMode(), binary));} -#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 - //! specify file with Unicode name. On non-Windows OS, this function assumes that setlocale() has been called. - FileSource(const wchar_t *filename, bool pumpAll, BufferedTransformation *attachment = NULL, bool binary=true) - : SourceTemplate<FileStore>(attachment) {SourceInitialize(pumpAll, MakeParameters(Name::InputFileNameWide(), filename)(Name::InputBinaryMode(), binary));} -#endif - - std::istream* GetStream() {return m_store.GetStream();} -}; - -//! file-based implementation of Sink interface -class CRYPTOPP_DLL FileSink : public Sink, public NotCopyable -{ -public: - class Err : public Exception - { - public: - Err(const std::string &s) : Exception(IO_ERROR, s) {} - }; - class OpenErr : public Err {public: OpenErr(const std::string &filename) : Err("FileSink: error opening file for writing: " + filename) {}}; - class WriteErr : public Err {public: WriteErr() : Err("FileSink: error writing file") {}}; - - FileSink() : m_stream(NULL) {} - FileSink(std::ostream &out) - {IsolatedInitialize(MakeParameters(Name::OutputStreamPointer(), &out));} - FileSink(const char *filename, bool binary=true) - {IsolatedInitialize(MakeParameters(Name::OutputFileName(), filename)(Name::OutputBinaryMode(), binary));} -#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 - //! specify file with Unicode name. On non-Windows OS, this function assumes that setlocale() has been called. - FileSink(const wchar_t *filename, bool binary=true) - {IsolatedInitialize(MakeParameters(Name::OutputFileNameWide(), filename)(Name::OutputBinaryMode(), binary));} -#endif - - std::ostream* GetStream() {return m_stream;} - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - bool IsolatedFlush(bool hardFlush, bool blocking); - -private: - member_ptr<std::ofstream> m_file; - std::ostream *m_stream; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/filters.cpp b/cryptopp562/filters.cpp deleted file mode 100644 index 083dfd3..0000000 --- a/cryptopp562/filters.cpp +++ /dev/null @@ -1,1120 +0,0 @@ -// filters.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "filters.h" -#include "mqueue.h" -#include "fltrimpl.h" -#include "argnames.h" -#include <memory> -#include <functional> - -NAMESPACE_BEGIN(CryptoPP) - -Filter::Filter(BufferedTransformation *attachment) - : m_attachment(attachment), m_continueAt(0) -{ -} - -BufferedTransformation * Filter::NewDefaultAttachment() const -{ - return new MessageQueue; -} - -BufferedTransformation * Filter::AttachedTransformation() -{ - if (m_attachment.get() == NULL) - m_attachment.reset(NewDefaultAttachment()); - return m_attachment.get(); -} - -const BufferedTransformation *Filter::AttachedTransformation() const -{ - if (m_attachment.get() == NULL) - const_cast<Filter *>(this)->m_attachment.reset(NewDefaultAttachment()); - return m_attachment.get(); -} - -void Filter::Detach(BufferedTransformation *newOut) -{ - m_attachment.reset(newOut); -} - -void Filter::Insert(Filter *filter) -{ - filter->m_attachment.reset(m_attachment.release()); - m_attachment.reset(filter); -} - -size_t Filter::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - return AttachedTransformation()->CopyRangeTo2(target, begin, end, channel, blocking); -} - -size_t Filter::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - return AttachedTransformation()->TransferTo2(target, transferBytes, channel, blocking); -} - -void Filter::Initialize(const NameValuePairs ¶meters, int propagation) -{ - m_continueAt = 0; - IsolatedInitialize(parameters); - PropagateInitialize(parameters, propagation); -} - -bool Filter::Flush(bool hardFlush, int propagation, bool blocking) -{ - switch (m_continueAt) - { - case 0: - if (IsolatedFlush(hardFlush, blocking)) - return true; - case 1: - if (OutputFlush(1, hardFlush, propagation, blocking)) - return true; - } - return false; -} - -bool Filter::MessageSeriesEnd(int propagation, bool blocking) -{ - switch (m_continueAt) - { - case 0: - if (IsolatedMessageSeriesEnd(blocking)) - return true; - case 1: - if (ShouldPropagateMessageSeriesEnd() && OutputMessageSeriesEnd(1, propagation, blocking)) - return true; - } - return false; -} - -void Filter::PropagateInitialize(const NameValuePairs ¶meters, int propagation) -{ - if (propagation) - AttachedTransformation()->Initialize(parameters, propagation-1); -} - -size_t Filter::OutputModifiable(int outputSite, byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel) -{ - if (messageEnd) - messageEnd--; - size_t result = AttachedTransformation()->ChannelPutModifiable2(channel, inString, length, messageEnd, blocking); - m_continueAt = result ? outputSite : 0; - return result; -} - -size_t Filter::Output(int outputSite, const byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel) -{ - if (messageEnd) - messageEnd--; - size_t result = AttachedTransformation()->ChannelPut2(channel, inString, length, messageEnd, blocking); - m_continueAt = result ? outputSite : 0; - return result; -} - -bool Filter::OutputFlush(int outputSite, bool hardFlush, int propagation, bool blocking, const std::string &channel) -{ - if (propagation && AttachedTransformation()->ChannelFlush(channel, hardFlush, propagation-1, blocking)) - { - m_continueAt = outputSite; - return true; - } - m_continueAt = 0; - return false; -} - -bool Filter::OutputMessageSeriesEnd(int outputSite, int propagation, bool blocking, const std::string &channel) -{ - if (propagation && AttachedTransformation()->ChannelMessageSeriesEnd(channel, propagation-1, blocking)) - { - m_continueAt = outputSite; - return true; - } - m_continueAt = 0; - return false; -} - -// ************************************************************* - -void MeterFilter::ResetMeter() -{ - m_currentMessageBytes = m_totalBytes = m_currentSeriesMessages = m_totalMessages = m_totalMessageSeries = 0; - m_rangesToSkip.clear(); -} - -void MeterFilter::AddRangeToSkip(unsigned int message, lword position, lword size, bool sortNow) -{ - MessageRange r = {message, position, size}; - m_rangesToSkip.push_back(r); - if (sortNow) - std::sort(m_rangesToSkip.begin(), m_rangesToSkip.end()); -} - -size_t MeterFilter::PutMaybeModifiable(byte *begin, size_t length, int messageEnd, bool blocking, bool modifiable) -{ - if (!m_transparent) - return 0; - - size_t t; - FILTER_BEGIN; - - m_begin = begin; - m_length = length; - - while (m_length > 0 || messageEnd) - { - if (m_length > 0 && !m_rangesToSkip.empty() && m_rangesToSkip.front().message == m_totalMessages && m_currentMessageBytes + m_length > m_rangesToSkip.front().position) - { - FILTER_OUTPUT_MAYBE_MODIFIABLE(1, m_begin, t = (size_t)SaturatingSubtract(m_rangesToSkip.front().position, m_currentMessageBytes), false, modifiable); - - assert(t < m_length); - m_begin += t; - m_length -= t; - m_currentMessageBytes += t; - m_totalBytes += t; - - if (m_currentMessageBytes + m_length < m_rangesToSkip.front().position + m_rangesToSkip.front().size) - t = m_length; - else - { - t = (size_t)SaturatingSubtract(m_rangesToSkip.front().position + m_rangesToSkip.front().size, m_currentMessageBytes); - assert(t <= m_length); - m_rangesToSkip.pop_front(); - } - - m_begin += t; - m_length -= t; - m_currentMessageBytes += t; - m_totalBytes += t; - } - else - { - FILTER_OUTPUT_MAYBE_MODIFIABLE(2, m_begin, m_length, messageEnd, modifiable); - - m_currentMessageBytes += m_length; - m_totalBytes += m_length; - m_length = 0; - - if (messageEnd) - { - m_currentMessageBytes = 0; - m_currentSeriesMessages++; - m_totalMessages++; - messageEnd = false; - } - } - } - - FILTER_END_NO_MESSAGE_END; -} - -size_t MeterFilter::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - return PutMaybeModifiable(const_cast<byte *>(begin), length, messageEnd, blocking, false); -} - -size_t MeterFilter::PutModifiable2(byte *begin, size_t length, int messageEnd, bool blocking) -{ - return PutMaybeModifiable(begin, length, messageEnd, blocking, true); -} - -bool MeterFilter::IsolatedMessageSeriesEnd(bool blocking) -{ - m_currentMessageBytes = 0; - m_currentSeriesMessages = 0; - m_totalMessageSeries++; - return false; -} - -// ************************************************************* - -void FilterWithBufferedInput::BlockQueue::ResetQueue(size_t blockSize, size_t maxBlocks) -{ - m_buffer.New(blockSize * maxBlocks); - m_blockSize = blockSize; - m_maxBlocks = maxBlocks; - m_size = 0; - m_begin = m_buffer; -} - -byte *FilterWithBufferedInput::BlockQueue::GetBlock() -{ - if (m_size >= m_blockSize) - { - byte *ptr = m_begin; - if ((m_begin+=m_blockSize) == m_buffer.end()) - m_begin = m_buffer; - m_size -= m_blockSize; - return ptr; - } - else - return NULL; -} - -byte *FilterWithBufferedInput::BlockQueue::GetContigousBlocks(size_t &numberOfBytes) -{ - numberOfBytes = STDMIN(numberOfBytes, STDMIN(size_t(m_buffer.end()-m_begin), m_size)); - byte *ptr = m_begin; - m_begin += numberOfBytes; - m_size -= numberOfBytes; - if (m_size == 0 || m_begin == m_buffer.end()) - m_begin = m_buffer; - return ptr; -} - -size_t FilterWithBufferedInput::BlockQueue::GetAll(byte *outString) -{ - size_t size = m_size; - size_t numberOfBytes = m_maxBlocks*m_blockSize; - const byte *ptr = GetContigousBlocks(numberOfBytes); - memcpy(outString, ptr, numberOfBytes); - memcpy(outString+numberOfBytes, m_begin, m_size); - m_size = 0; - return size; -} - -void FilterWithBufferedInput::BlockQueue::Put(const byte *inString, size_t length) -{ - assert(m_size + length <= m_buffer.size()); - byte *end = (m_size < size_t(m_buffer.end()-m_begin)) ? m_begin + m_size : m_begin + m_size - m_buffer.size(); - size_t len = STDMIN(length, size_t(m_buffer.end()-end)); - memcpy(end, inString, len); - if (len < length) - memcpy(m_buffer, inString+len, length-len); - m_size += length; -} - -FilterWithBufferedInput::FilterWithBufferedInput(BufferedTransformation *attachment) - : Filter(attachment) -{ -} - -FilterWithBufferedInput::FilterWithBufferedInput(size_t firstSize, size_t blockSize, size_t lastSize, BufferedTransformation *attachment) - : Filter(attachment), m_firstSize(firstSize), m_blockSize(blockSize), m_lastSize(lastSize) - , m_firstInputDone(false) -{ - if (m_firstSize < 0 || m_blockSize < 1 || m_lastSize < 0) - throw InvalidArgument("FilterWithBufferedInput: invalid buffer size"); - - m_queue.ResetQueue(1, m_firstSize); -} - -void FilterWithBufferedInput::IsolatedInitialize(const NameValuePairs ¶meters) -{ - InitializeDerivedAndReturnNewSizes(parameters, m_firstSize, m_blockSize, m_lastSize); - if (m_firstSize < 0 || m_blockSize < 1 || m_lastSize < 0) - throw InvalidArgument("FilterWithBufferedInput: invalid buffer size"); - m_queue.ResetQueue(1, m_firstSize); - m_firstInputDone = false; -} - -bool FilterWithBufferedInput::IsolatedFlush(bool hardFlush, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("FilterWithBufferedInput"); - - if (hardFlush) - ForceNextPut(); - FlushDerived(); - - return false; -} - -size_t FilterWithBufferedInput::PutMaybeModifiable(byte *inString, size_t length, int messageEnd, bool blocking, bool modifiable) -{ - if (!blocking) - throw BlockingInputOnly("FilterWithBufferedInput"); - - if (length != 0) - { - size_t newLength = m_queue.CurrentSize() + length; - - if (!m_firstInputDone && newLength >= m_firstSize) - { - size_t len = m_firstSize - m_queue.CurrentSize(); - m_queue.Put(inString, len); - FirstPut(m_queue.GetContigousBlocks(m_firstSize)); - assert(m_queue.CurrentSize() == 0); - m_queue.ResetQueue(m_blockSize, (2*m_blockSize+m_lastSize-2)/m_blockSize); - - inString += len; - newLength -= m_firstSize; - m_firstInputDone = true; - } - - if (m_firstInputDone) - { - if (m_blockSize == 1) - { - while (newLength > m_lastSize && m_queue.CurrentSize() > 0) - { - size_t len = newLength - m_lastSize; - byte *ptr = m_queue.GetContigousBlocks(len); - NextPutModifiable(ptr, len); - newLength -= len; - } - - if (newLength > m_lastSize) - { - size_t len = newLength - m_lastSize; - NextPutMaybeModifiable(inString, len, modifiable); - inString += len; - newLength -= len; - } - } - else - { - while (newLength >= m_blockSize + m_lastSize && m_queue.CurrentSize() >= m_blockSize) - { - NextPutModifiable(m_queue.GetBlock(), m_blockSize); - newLength -= m_blockSize; - } - - if (newLength >= m_blockSize + m_lastSize && m_queue.CurrentSize() > 0) - { - assert(m_queue.CurrentSize() < m_blockSize); - size_t len = m_blockSize - m_queue.CurrentSize(); - m_queue.Put(inString, len); - inString += len; - NextPutModifiable(m_queue.GetBlock(), m_blockSize); - newLength -= m_blockSize; - } - - if (newLength >= m_blockSize + m_lastSize) - { - size_t len = RoundDownToMultipleOf(newLength - m_lastSize, m_blockSize); - NextPutMaybeModifiable(inString, len, modifiable); - inString += len; - newLength -= len; - } - } - } - - m_queue.Put(inString, newLength - m_queue.CurrentSize()); - } - - if (messageEnd) - { - if (!m_firstInputDone && m_firstSize==0) - FirstPut(NULL); - - SecByteBlock temp(m_queue.CurrentSize()); - m_queue.GetAll(temp); - LastPut(temp, temp.size()); - - m_firstInputDone = false; - m_queue.ResetQueue(1, m_firstSize); - - Output(1, NULL, 0, messageEnd, blocking); - } - return 0; -} - -void FilterWithBufferedInput::ForceNextPut() -{ - if (!m_firstInputDone) - return; - - if (m_blockSize > 1) - { - while (m_queue.CurrentSize() >= m_blockSize) - NextPutModifiable(m_queue.GetBlock(), m_blockSize); - } - else - { - size_t len; - while ((len = m_queue.CurrentSize()) > 0) - NextPutModifiable(m_queue.GetContigousBlocks(len), len); - } -} - -void FilterWithBufferedInput::NextPutMultiple(const byte *inString, size_t length) -{ - assert(m_blockSize > 1); // m_blockSize = 1 should always override this function - while (length > 0) - { - assert(length >= m_blockSize); - NextPutSingle(inString); - inString += m_blockSize; - length -= m_blockSize; - } -} - -// ************************************************************* - -void Redirector::Initialize(const NameValuePairs ¶meters, int propagation) -{ - m_target = parameters.GetValueWithDefault("RedirectionTargetPointer", (BufferedTransformation*)NULL); - m_behavior = parameters.GetIntValueWithDefault("RedirectionBehavior", PASS_EVERYTHING); - - if (m_target && GetPassSignals()) - m_target->Initialize(parameters, propagation); -} - -// ************************************************************* - -ProxyFilter::ProxyFilter(BufferedTransformation *filter, size_t firstSize, size_t lastSize, BufferedTransformation *attachment) - : FilterWithBufferedInput(firstSize, 1, lastSize, attachment), m_filter(filter) -{ - if (m_filter.get()) - m_filter->Attach(new OutputProxy(*this, false)); -} - -bool ProxyFilter::IsolatedFlush(bool hardFlush, bool blocking) -{ - return m_filter.get() ? m_filter->Flush(hardFlush, -1, blocking) : false; -} - -void ProxyFilter::SetFilter(Filter *filter) -{ - m_filter.reset(filter); - if (filter) - { - OutputProxy *proxy; - std::auto_ptr<OutputProxy> temp(proxy = new OutputProxy(*this, false)); - m_filter->TransferAllTo(*proxy); - m_filter->Attach(temp.release()); - } -} - -void ProxyFilter::NextPutMultiple(const byte *s, size_t len) -{ - if (m_filter.get()) - m_filter->Put(s, len); -} - -void ProxyFilter::NextPutModifiable(byte *s, size_t len) -{ - if (m_filter.get()) - m_filter->PutModifiable(s, len); -} - -// ************************************************************* - -void RandomNumberSink::IsolatedInitialize(const NameValuePairs ¶meters) -{ - parameters.GetRequiredParameter("RandomNumberSink", "RandomNumberGeneratorPointer", m_rng); -} - -size_t RandomNumberSink::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - m_rng->IncorporateEntropy(begin, length); - return 0; -} - -size_t ArraySink::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (m_buf+m_total != begin) - memcpy(m_buf+m_total, begin, STDMIN(length, SaturatingSubtract(m_size, m_total))); - m_total += length; - return 0; -} - -byte * ArraySink::CreatePutSpace(size_t &size) -{ - size = SaturatingSubtract(m_size, m_total); - return m_buf + m_total; -} - -void ArraySink::IsolatedInitialize(const NameValuePairs ¶meters) -{ - ByteArrayParameter array; - if (!parameters.GetValue(Name::OutputBuffer(), array)) - throw InvalidArgument("ArraySink: missing OutputBuffer argument"); - m_buf = array.begin(); - m_size = array.size(); - m_total = 0; -} - -size_t ArrayXorSink::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - xorbuf(m_buf+m_total, begin, STDMIN(length, SaturatingSubtract(m_size, m_total))); - m_total += length; - return 0; -} - -// ************************************************************* - -StreamTransformationFilter::StreamTransformationFilter(StreamTransformation &c, BufferedTransformation *attachment, BlockPaddingScheme padding, bool allowAuthenticatedSymmetricCipher) - : FilterWithBufferedInput(attachment) - , m_cipher(c) -{ - assert(c.MinLastBlockSize() == 0 || c.MinLastBlockSize() > c.MandatoryBlockSize()); - - if (!allowAuthenticatedSymmetricCipher && dynamic_cast<AuthenticatedSymmetricCipher *>(&c) != 0) - throw InvalidArgument("StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher"); - - IsolatedInitialize(MakeParameters(Name::BlockPaddingScheme(), padding)); -} - -size_t StreamTransformationFilter::LastBlockSize(StreamTransformation &c, BlockPaddingScheme padding) -{ - if (c.MinLastBlockSize() > 0) - return c.MinLastBlockSize(); - else if (c.MandatoryBlockSize() > 1 && !c.IsForwardTransformation() && padding != NO_PADDING && padding != ZEROS_PADDING) - return c.MandatoryBlockSize(); - else - return 0; -} - -void StreamTransformationFilter::InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize) -{ - BlockPaddingScheme padding = parameters.GetValueWithDefault(Name::BlockPaddingScheme(), DEFAULT_PADDING); - bool isBlockCipher = (m_cipher.MandatoryBlockSize() > 1 && m_cipher.MinLastBlockSize() == 0); - - if (padding == DEFAULT_PADDING) - m_padding = isBlockCipher ? PKCS_PADDING : NO_PADDING; - else - m_padding = padding; - - if (!isBlockCipher && (m_padding == PKCS_PADDING || m_padding == ONE_AND_ZEROS_PADDING)) - throw InvalidArgument("StreamTransformationFilter: PKCS_PADDING and ONE_AND_ZEROS_PADDING cannot be used with " + m_cipher.AlgorithmName()); - - firstSize = 0; - blockSize = m_cipher.MandatoryBlockSize(); - lastSize = LastBlockSize(m_cipher, m_padding); -} - -void StreamTransformationFilter::FirstPut(const byte *inString) -{ - m_optimalBufferSize = m_cipher.OptimalBlockSize(); - m_optimalBufferSize = (unsigned int)STDMAX(m_optimalBufferSize, RoundDownToMultipleOf(4096U, m_optimalBufferSize)); -} - -void StreamTransformationFilter::NextPutMultiple(const byte *inString, size_t length) -{ - if (!length) - return; - - size_t s = m_cipher.MandatoryBlockSize(); - - do - { - size_t len = m_optimalBufferSize; - byte *space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, s, length, len); - if (len < length) - { - if (len == m_optimalBufferSize) - len -= m_cipher.GetOptimalBlockSizeUsed(); - len = RoundDownToMultipleOf(len, s); - } - else - len = length; - m_cipher.ProcessString(space, inString, len); - AttachedTransformation()->PutModifiable(space, len); - inString += len; - length -= len; - } - while (length > 0); -} - -void StreamTransformationFilter::NextPutModifiable(byte *inString, size_t length) -{ - m_cipher.ProcessString(inString, length); - AttachedTransformation()->PutModifiable(inString, length); -} - -void StreamTransformationFilter::LastPut(const byte *inString, size_t length) -{ - byte *space = NULL; - - switch (m_padding) - { - case NO_PADDING: - case ZEROS_PADDING: - if (length > 0) - { - size_t minLastBlockSize = m_cipher.MinLastBlockSize(); - bool isForwardTransformation = m_cipher.IsForwardTransformation(); - - if (isForwardTransformation && m_padding == ZEROS_PADDING && (minLastBlockSize == 0 || length < minLastBlockSize)) - { - // do padding - size_t blockSize = STDMAX(minLastBlockSize, (size_t)m_cipher.MandatoryBlockSize()); - space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, blockSize); - memcpy(space, inString, length); - memset(space + length, 0, blockSize - length); - m_cipher.ProcessLastBlock(space, space, blockSize); - AttachedTransformation()->Put(space, blockSize); - } - else - { - if (minLastBlockSize == 0) - { - if (isForwardTransformation) - throw InvalidDataFormat("StreamTransformationFilter: plaintext length is not a multiple of block size and NO_PADDING is specified"); - else - throw InvalidCiphertext("StreamTransformationFilter: ciphertext length is not a multiple of block size"); - } - - space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, length, m_optimalBufferSize); - m_cipher.ProcessLastBlock(space, inString, length); - AttachedTransformation()->Put(space, length); - } - } - break; - - case PKCS_PADDING: - case ONE_AND_ZEROS_PADDING: - unsigned int s; - s = m_cipher.MandatoryBlockSize(); - assert(s > 1); - space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, s, m_optimalBufferSize); - if (m_cipher.IsForwardTransformation()) - { - assert(length < s); - memcpy(space, inString, length); - if (m_padding == PKCS_PADDING) - { - assert(s < 256); - byte pad = byte(s-length); - memset(space+length, pad, s-length); - } - else - { - space[length] = 0x80; - memset(space+length+1, 0, s-length-1); - } - m_cipher.ProcessData(space, space, s); - AttachedTransformation()->Put(space, s); - } - else - { - if (length != s) - throw InvalidCiphertext("StreamTransformationFilter: ciphertext length is not a multiple of block size"); - m_cipher.ProcessData(space, inString, s); - if (m_padding == PKCS_PADDING) - { - byte pad = space[s-1]; - if (pad < 1 || pad > s || std::find_if(space+s-pad, space+s, std::bind2nd(std::not_equal_to<byte>(), pad)) != space+s) - throw InvalidCiphertext("StreamTransformationFilter: invalid PKCS #7 block padding found"); - length = s-pad; - } - else - { - while (length > 1 && space[length-1] == 0) - --length; - if (space[--length] != 0x80) - throw InvalidCiphertext("StreamTransformationFilter: invalid ones-and-zeros padding found"); - } - AttachedTransformation()->Put(space, length); - } - break; - - default: - assert(false); - } -} - -// ************************************************************* - -HashFilter::HashFilter(HashTransformation &hm, BufferedTransformation *attachment, bool putMessage, int truncatedDigestSize, const std::string &messagePutChannel, const std::string &hashPutChannel) - : m_hashModule(hm), m_putMessage(putMessage), m_messagePutChannel(messagePutChannel), m_hashPutChannel(hashPutChannel) -{ - m_digestSize = truncatedDigestSize < 0 ? m_hashModule.DigestSize() : truncatedDigestSize; - Detach(attachment); -} - -void HashFilter::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_putMessage = parameters.GetValueWithDefault(Name::PutMessage(), false); - int s = parameters.GetIntValueWithDefault(Name::TruncatedDigestSize(), -1); - m_digestSize = s < 0 ? m_hashModule.DigestSize() : s; -} - -size_t HashFilter::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - FILTER_BEGIN; - if (m_putMessage) - FILTER_OUTPUT3(1, 0, inString, length, 0, m_messagePutChannel); - m_hashModule.Update(inString, length); - if (messageEnd) - { - { - size_t size; - m_space = HelpCreatePutSpace(*AttachedTransformation(), m_hashPutChannel, m_digestSize, m_digestSize, size = m_digestSize); - m_hashModule.TruncatedFinal(m_space, m_digestSize); - } - FILTER_OUTPUT3(2, 0, m_space, m_digestSize, messageEnd, m_hashPutChannel); - } - FILTER_END_NO_MESSAGE_END; -} - -// ************************************************************* - -HashVerificationFilter::HashVerificationFilter(HashTransformation &hm, BufferedTransformation *attachment, word32 flags, int truncatedDigestSize) - : FilterWithBufferedInput(attachment) - , m_hashModule(hm) -{ - IsolatedInitialize(MakeParameters(Name::HashVerificationFilterFlags(), flags)(Name::TruncatedDigestSize(), truncatedDigestSize)); -} - -void HashVerificationFilter::InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize) -{ - m_flags = parameters.GetValueWithDefault(Name::HashVerificationFilterFlags(), (word32)DEFAULT_FLAGS); - int s = parameters.GetIntValueWithDefault(Name::TruncatedDigestSize(), -1); - m_digestSize = s < 0 ? m_hashModule.DigestSize() : s; - m_verified = false; - firstSize = m_flags & HASH_AT_BEGIN ? m_digestSize : 0; - blockSize = 1; - lastSize = m_flags & HASH_AT_BEGIN ? 0 : m_digestSize; -} - -void HashVerificationFilter::FirstPut(const byte *inString) -{ - if (m_flags & HASH_AT_BEGIN) - { - m_expectedHash.New(m_digestSize); - memcpy(m_expectedHash, inString, m_expectedHash.size()); - if (m_flags & PUT_HASH) - AttachedTransformation()->Put(inString, m_expectedHash.size()); - } -} - -void HashVerificationFilter::NextPutMultiple(const byte *inString, size_t length) -{ - m_hashModule.Update(inString, length); - if (m_flags & PUT_MESSAGE) - AttachedTransformation()->Put(inString, length); -} - -void HashVerificationFilter::LastPut(const byte *inString, size_t length) -{ - if (m_flags & HASH_AT_BEGIN) - { - assert(length == 0); - m_verified = m_hashModule.TruncatedVerify(m_expectedHash, m_digestSize); - } - else - { - m_verified = (length==m_digestSize && m_hashModule.TruncatedVerify(inString, length)); - if (m_flags & PUT_HASH) - AttachedTransformation()->Put(inString, length); - } - - if (m_flags & PUT_RESULT) - AttachedTransformation()->Put(m_verified); - - if ((m_flags & THROW_EXCEPTION) && !m_verified) - throw HashVerificationFailed(); -} - -// ************************************************************* - -AuthenticatedEncryptionFilter::AuthenticatedEncryptionFilter(AuthenticatedSymmetricCipher &c, BufferedTransformation *attachment, - bool putAAD, int truncatedDigestSize, const std::string &macChannel, BlockPaddingScheme padding) - : StreamTransformationFilter(c, attachment, padding, true) - , m_hf(c, new OutputProxy(*this, false), putAAD, truncatedDigestSize, AAD_CHANNEL, macChannel) -{ - assert(c.IsForwardTransformation()); -} - -void AuthenticatedEncryptionFilter::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_hf.IsolatedInitialize(parameters); - StreamTransformationFilter::IsolatedInitialize(parameters); -} - -byte * AuthenticatedEncryptionFilter::ChannelCreatePutSpace(const std::string &channel, size_t &size) -{ - if (channel.empty()) - return StreamTransformationFilter::CreatePutSpace(size); - - if (channel == AAD_CHANNEL) - return m_hf.CreatePutSpace(size); - - throw InvalidChannelName("AuthenticatedEncryptionFilter", channel); -} - -size_t AuthenticatedEncryptionFilter::ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (channel.empty()) - return StreamTransformationFilter::Put2(begin, length, messageEnd, blocking); - - if (channel == AAD_CHANNEL) - return m_hf.Put2(begin, length, 0, blocking); - - throw InvalidChannelName("AuthenticatedEncryptionFilter", channel); -} - -void AuthenticatedEncryptionFilter::LastPut(const byte *inString, size_t length) -{ - StreamTransformationFilter::LastPut(inString, length); - m_hf.MessageEnd(); -} - -// ************************************************************* - -AuthenticatedDecryptionFilter::AuthenticatedDecryptionFilter(AuthenticatedSymmetricCipher &c, BufferedTransformation *attachment, word32 flags, int truncatedDigestSize, BlockPaddingScheme padding) - : FilterWithBufferedInput(attachment) - , m_hashVerifier(c, new OutputProxy(*this, false)) - , m_streamFilter(c, new OutputProxy(*this, false), padding, true) -{ - assert(!c.IsForwardTransformation() || c.IsSelfInverting()); - IsolatedInitialize(MakeParameters(Name::BlockPaddingScheme(), padding)(Name::AuthenticatedDecryptionFilterFlags(), flags)(Name::TruncatedDigestSize(), truncatedDigestSize)); -} - -void AuthenticatedDecryptionFilter::InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize) -{ - word32 flags = parameters.GetValueWithDefault(Name::AuthenticatedDecryptionFilterFlags(), (word32)DEFAULT_FLAGS); - - m_hashVerifier.Initialize(CombinedNameValuePairs(parameters, MakeParameters(Name::HashVerificationFilterFlags(), flags))); - m_streamFilter.Initialize(parameters); - - firstSize = m_hashVerifier.m_firstSize; - blockSize = 1; - lastSize = m_hashVerifier.m_lastSize; -} - -byte * AuthenticatedDecryptionFilter::ChannelCreatePutSpace(const std::string &channel, size_t &size) -{ - if (channel.empty()) - return m_streamFilter.CreatePutSpace(size); - - if (channel == AAD_CHANNEL) - return m_hashVerifier.CreatePutSpace(size); - - throw InvalidChannelName("AuthenticatedDecryptionFilter", channel); -} - -size_t AuthenticatedDecryptionFilter::ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (channel.empty()) - { - if (m_lastSize > 0) - m_hashVerifier.ForceNextPut(); - return FilterWithBufferedInput::Put2(begin, length, messageEnd, blocking); - } - - if (channel == AAD_CHANNEL) - return m_hashVerifier.Put2(begin, length, 0, blocking); - - throw InvalidChannelName("AuthenticatedDecryptionFilter", channel); -} - -void AuthenticatedDecryptionFilter::FirstPut(const byte *inString) -{ - m_hashVerifier.Put(inString, m_firstSize); -} - -void AuthenticatedDecryptionFilter::NextPutMultiple(const byte *inString, size_t length) -{ - m_streamFilter.Put(inString, length); -} - -void AuthenticatedDecryptionFilter::LastPut(const byte *inString, size_t length) -{ - m_streamFilter.MessageEnd(); - m_hashVerifier.PutMessageEnd(inString, length); -} - -// ************************************************************* - -void SignerFilter::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_putMessage = parameters.GetValueWithDefault(Name::PutMessage(), false); - m_messageAccumulator.reset(m_signer.NewSignatureAccumulator(m_rng)); -} - -size_t SignerFilter::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - FILTER_BEGIN; - m_messageAccumulator->Update(inString, length); - if (m_putMessage) - FILTER_OUTPUT(1, inString, length, 0); - if (messageEnd) - { - m_buf.New(m_signer.SignatureLength()); - m_signer.Sign(m_rng, m_messageAccumulator.release(), m_buf); - FILTER_OUTPUT(2, m_buf, m_buf.size(), messageEnd); - m_messageAccumulator.reset(m_signer.NewSignatureAccumulator(m_rng)); - } - FILTER_END_NO_MESSAGE_END; -} - -SignatureVerificationFilter::SignatureVerificationFilter(const PK_Verifier &verifier, BufferedTransformation *attachment, word32 flags) - : FilterWithBufferedInput(attachment) - , m_verifier(verifier) -{ - IsolatedInitialize(MakeParameters(Name::SignatureVerificationFilterFlags(), flags)); -} - -void SignatureVerificationFilter::InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize) -{ - m_flags = parameters.GetValueWithDefault(Name::SignatureVerificationFilterFlags(), (word32)DEFAULT_FLAGS); - m_messageAccumulator.reset(m_verifier.NewVerificationAccumulator()); - size_t size = m_verifier.SignatureLength(); - assert(size != 0); // TODO: handle recoverable signature scheme - m_verified = false; - firstSize = m_flags & SIGNATURE_AT_BEGIN ? size : 0; - blockSize = 1; - lastSize = m_flags & SIGNATURE_AT_BEGIN ? 0 : size; -} - -void SignatureVerificationFilter::FirstPut(const byte *inString) -{ - if (m_flags & SIGNATURE_AT_BEGIN) - { - if (m_verifier.SignatureUpfront()) - m_verifier.InputSignature(*m_messageAccumulator, inString, m_verifier.SignatureLength()); - else - { - m_signature.New(m_verifier.SignatureLength()); - memcpy(m_signature, inString, m_signature.size()); - } - - if (m_flags & PUT_SIGNATURE) - AttachedTransformation()->Put(inString, m_signature.size()); - } - else - { - assert(!m_verifier.SignatureUpfront()); - } -} - -void SignatureVerificationFilter::NextPutMultiple(const byte *inString, size_t length) -{ - m_messageAccumulator->Update(inString, length); - if (m_flags & PUT_MESSAGE) - AttachedTransformation()->Put(inString, length); -} - -void SignatureVerificationFilter::LastPut(const byte *inString, size_t length) -{ - if (m_flags & SIGNATURE_AT_BEGIN) - { - assert(length == 0); - m_verifier.InputSignature(*m_messageAccumulator, m_signature, m_signature.size()); - m_verified = m_verifier.VerifyAndRestart(*m_messageAccumulator); - } - else - { - m_verifier.InputSignature(*m_messageAccumulator, inString, length); - m_verified = m_verifier.VerifyAndRestart(*m_messageAccumulator); - if (m_flags & PUT_SIGNATURE) - AttachedTransformation()->Put(inString, length); - } - - if (m_flags & PUT_RESULT) - AttachedTransformation()->Put(m_verified); - - if ((m_flags & THROW_EXCEPTION) && !m_verified) - throw SignatureVerificationFailed(); -} - -// ************************************************************* - -size_t Source::PumpAll2(bool blocking) -{ - unsigned int messageCount = UINT_MAX; - do { - RETURN_IF_NONZERO(PumpMessages2(messageCount, blocking)); - } while(messageCount == UINT_MAX); - - return 0; -} - -bool Store::GetNextMessage() -{ - if (!m_messageEnd && !AnyRetrievable()) - { - m_messageEnd=true; - return true; - } - else - return false; -} - -unsigned int Store::CopyMessagesTo(BufferedTransformation &target, unsigned int count, const std::string &channel) const -{ - if (m_messageEnd || count == 0) - return 0; - else - { - CopyTo(target, ULONG_MAX, channel); - if (GetAutoSignalPropagation()) - target.ChannelMessageEnd(channel, GetAutoSignalPropagation()-1); - return 1; - } -} - -void StringStore::StoreInitialize(const NameValuePairs ¶meters) -{ - ConstByteArrayParameter array; - if (!parameters.GetValue(Name::InputBuffer(), array)) - throw InvalidArgument("StringStore: missing InputBuffer argument"); - m_store = array.begin(); - m_length = array.size(); - m_count = 0; -} - -size_t StringStore::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - lword position = 0; - size_t blockedBytes = CopyRangeTo2(target, position, transferBytes, channel, blocking); - m_count += (size_t)position; - transferBytes = position; - return blockedBytes; -} - -size_t StringStore::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - size_t i = UnsignedMin(m_length, m_count+begin); - size_t len = UnsignedMin(m_length-i, end-begin); - size_t blockedBytes = target.ChannelPut2(channel, m_store+i, len, 0, blocking); - if (!blockedBytes) - begin += len; - return blockedBytes; -} - -void RandomNumberStore::StoreInitialize(const NameValuePairs ¶meters) -{ - parameters.GetRequiredParameter("RandomNumberStore", "RandomNumberGeneratorPointer", m_rng); - int length; - parameters.GetRequiredIntParameter("RandomNumberStore", "RandomNumberStoreSize", length); - m_length = length; -} - -size_t RandomNumberStore::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - if (!blocking) - throw NotImplemented("RandomNumberStore: nonblocking transfer is not implemented by this object"); - - transferBytes = UnsignedMin(transferBytes, m_length - m_count); - m_rng->GenerateIntoBufferedTransformation(target, channel, transferBytes); - m_count += transferBytes; - - return 0; -} - -size_t NullStore::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - static const byte nullBytes[128] = {0}; - while (begin < end) - { - size_t len = (size_t)STDMIN(end-begin, lword(128)); - size_t blockedBytes = target.ChannelPut2(channel, nullBytes, len, 0, blocking); - if (blockedBytes) - return blockedBytes; - begin += len; - } - return 0; -} - -size_t NullStore::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - lword begin = 0; - size_t blockedBytes = NullStore::CopyRangeTo2(target, begin, transferBytes, channel, blocking); - transferBytes = begin; - m_size -= begin; - return blockedBytes; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/filters.h b/cryptopp562/filters.h deleted file mode 100644 index c72a4ec..0000000 --- a/cryptopp562/filters.h +++ /dev/null @@ -1,810 +0,0 @@ -#ifndef CRYPTOPP_FILTERS_H -#define CRYPTOPP_FILTERS_H - -//! \file - -#include "simple.h" -#include "secblock.h" -#include "misc.h" -#include "smartptr.h" -#include "queue.h" -#include "algparam.h" -#include <deque> - -NAMESPACE_BEGIN(CryptoPP) - -/// provides an implementation of BufferedTransformation's attachment interface -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Filter : public BufferedTransformation, public NotCopyable -{ -public: - Filter(BufferedTransformation *attachment = NULL); - - bool Attachable() {return true;} - BufferedTransformation *AttachedTransformation(); - const BufferedTransformation *AttachedTransformation() const; - void Detach(BufferedTransformation *newAttachment = NULL); - - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - - void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1); - bool Flush(bool hardFlush, int propagation=-1, bool blocking=true); - bool MessageSeriesEnd(int propagation=-1, bool blocking=true); - -protected: - virtual BufferedTransformation * NewDefaultAttachment() const; - void Insert(Filter *nextFilter); // insert filter after this one - - virtual bool ShouldPropagateMessageEnd() const {return true;} - virtual bool ShouldPropagateMessageSeriesEnd() const {return true;} - - void PropagateInitialize(const NameValuePairs ¶meters, int propagation); - - size_t Output(int outputSite, const byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel=DEFAULT_CHANNEL); - size_t OutputModifiable(int outputSite, byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel=DEFAULT_CHANNEL); - bool OutputMessageEnd(int outputSite, int propagation, bool blocking, const std::string &channel=DEFAULT_CHANNEL); - bool OutputFlush(int outputSite, bool hardFlush, int propagation, bool blocking, const std::string &channel=DEFAULT_CHANNEL); - bool OutputMessageSeriesEnd(int outputSite, int propagation, bool blocking, const std::string &channel=DEFAULT_CHANNEL); - -private: - member_ptr<BufferedTransformation> m_attachment; - -protected: - size_t m_inputPosition; - int m_continueAt; -}; - -struct CRYPTOPP_DLL FilterPutSpaceHelper -{ - // desiredSize is how much to ask target, bufferSize is how much to allocate in m_tempSpace - byte *HelpCreatePutSpace(BufferedTransformation &target, const std::string &channel, size_t minSize, size_t desiredSize, size_t &bufferSize) - { - assert(desiredSize >= minSize && bufferSize >= minSize); - if (m_tempSpace.size() < minSize) - { - byte *result = target.ChannelCreatePutSpace(channel, desiredSize); - if (desiredSize >= minSize) - { - bufferSize = desiredSize; - return result; - } - m_tempSpace.New(bufferSize); - } - - bufferSize = m_tempSpace.size(); - return m_tempSpace.begin(); - } - byte *HelpCreatePutSpace(BufferedTransformation &target, const std::string &channel, size_t minSize) - {return HelpCreatePutSpace(target, channel, minSize, minSize, minSize);} - byte *HelpCreatePutSpace(BufferedTransformation &target, const std::string &channel, size_t minSize, size_t bufferSize) - {return HelpCreatePutSpace(target, channel, minSize, minSize, bufferSize);} - SecByteBlock m_tempSpace; -}; - -//! measure how many byte and messages pass through, also serves as valve -class CRYPTOPP_DLL MeterFilter : public Bufferless<Filter> -{ -public: - MeterFilter(BufferedTransformation *attachment=NULL, bool transparent=true) - : m_transparent(transparent) {Detach(attachment); ResetMeter();} - - void SetTransparent(bool transparent) {m_transparent = transparent;} - void AddRangeToSkip(unsigned int message, lword position, lword size, bool sortNow = true); - void ResetMeter(); - void IsolatedInitialize(const NameValuePairs ¶meters) {ResetMeter();} - - lword GetCurrentMessageBytes() const {return m_currentMessageBytes;} - lword GetTotalBytes() {return m_totalBytes;} - unsigned int GetCurrentSeriesMessages() {return m_currentSeriesMessages;} - unsigned int GetTotalMessages() {return m_totalMessages;} - unsigned int GetTotalMessageSeries() {return m_totalMessageSeries;} - - byte * CreatePutSpace(size_t &size) - {return AttachedTransformation()->CreatePutSpace(size);} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking); - bool IsolatedMessageSeriesEnd(bool blocking); - -private: - size_t PutMaybeModifiable(byte *inString, size_t length, int messageEnd, bool blocking, bool modifiable); - bool ShouldPropagateMessageEnd() const {return m_transparent;} - bool ShouldPropagateMessageSeriesEnd() const {return m_transparent;} - - struct MessageRange - { - inline bool operator<(const MessageRange &b) const // BCB2006 workaround: this has to be a member function - {return message < b.message || (message == b.message && position < b.position);} - unsigned int message; lword position; lword size; - }; - - bool m_transparent; - lword m_currentMessageBytes, m_totalBytes; - unsigned int m_currentSeriesMessages, m_totalMessages, m_totalMessageSeries; - std::deque<MessageRange> m_rangesToSkip; - byte *m_begin; - size_t m_length; -}; - -//! _ -class CRYPTOPP_DLL TransparentFilter : public MeterFilter -{ -public: - TransparentFilter(BufferedTransformation *attachment=NULL) : MeterFilter(attachment, true) {} -}; - -//! _ -class CRYPTOPP_DLL OpaqueFilter : public MeterFilter -{ -public: - OpaqueFilter(BufferedTransformation *attachment=NULL) : MeterFilter(attachment, false) {} -}; - -/*! FilterWithBufferedInput divides up the input stream into - a first block, a number of middle blocks, and a last block. - First and last blocks are optional, and middle blocks may - be a stream instead (i.e. blockSize == 1). -*/ -class CRYPTOPP_DLL FilterWithBufferedInput : public Filter -{ -public: - FilterWithBufferedInput(BufferedTransformation *attachment); - //! firstSize and lastSize may be 0, blockSize must be at least 1 - FilterWithBufferedInput(size_t firstSize, size_t blockSize, size_t lastSize, BufferedTransformation *attachment); - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) - { - return PutMaybeModifiable(const_cast<byte *>(inString), length, messageEnd, blocking, false); - } - size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking) - { - return PutMaybeModifiable(inString, length, messageEnd, blocking, true); - } - /*! calls ForceNextPut() if hardFlush is true */ - bool IsolatedFlush(bool hardFlush, bool blocking); - - /*! The input buffer may contain more than blockSize bytes if lastSize != 0. - ForceNextPut() forces a call to NextPut() if this is the case. - */ - void ForceNextPut(); - -protected: - bool DidFirstPut() {return m_firstInputDone;} - - virtual void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize) - {InitializeDerived(parameters);} - virtual void InitializeDerived(const NameValuePairs ¶meters) {} - // FirstPut() is called if (firstSize != 0 and totalLength >= firstSize) - // or (firstSize == 0 and (totalLength > 0 or a MessageEnd() is received)) - virtual void FirstPut(const byte *inString) =0; - // NextPut() is called if totalLength >= firstSize+blockSize+lastSize - virtual void NextPutSingle(const byte *inString) {assert(false);} - // Same as NextPut() except length can be a multiple of blockSize - // Either NextPut() or NextPutMultiple() must be overriden - virtual void NextPutMultiple(const byte *inString, size_t length); - // Same as NextPutMultiple(), but inString can be modified - virtual void NextPutModifiable(byte *inString, size_t length) - {NextPutMultiple(inString, length);} - // LastPut() is always called - // if totalLength < firstSize then length == totalLength - // else if totalLength <= firstSize+lastSize then length == totalLength-firstSize - // else lastSize <= length < lastSize+blockSize - virtual void LastPut(const byte *inString, size_t length) =0; - virtual void FlushDerived() {} - -protected: - size_t PutMaybeModifiable(byte *begin, size_t length, int messageEnd, bool blocking, bool modifiable); - void NextPutMaybeModifiable(byte *inString, size_t length, bool modifiable) - { - if (modifiable) NextPutModifiable(inString, length); - else NextPutMultiple(inString, length); - } - - // This function should no longer be used, put this here to cause a compiler error - // if someone tries to override NextPut(). - virtual int NextPut(const byte *inString, size_t length) {assert(false); return 0;} - - class BlockQueue - { - public: - void ResetQueue(size_t blockSize, size_t maxBlocks); - byte *GetBlock(); - byte *GetContigousBlocks(size_t &numberOfBytes); - size_t GetAll(byte *outString); - void Put(const byte *inString, size_t length); - size_t CurrentSize() const {return m_size;} - size_t MaxSize() const {return m_buffer.size();} - - private: - SecByteBlock m_buffer; - size_t m_blockSize, m_maxBlocks, m_size; - byte *m_begin; - }; - - size_t m_firstSize, m_blockSize, m_lastSize; - bool m_firstInputDone; - BlockQueue m_queue; -}; - -//! _ -class CRYPTOPP_DLL FilterWithInputQueue : public Filter -{ -public: - FilterWithInputQueue(BufferedTransformation *attachment=NULL) : Filter(attachment) {} - - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) - { - if (!blocking) - throw BlockingInputOnly("FilterWithInputQueue"); - - m_inQueue.Put(inString, length); - if (messageEnd) - { - IsolatedMessageEnd(blocking); - Output(0, NULL, 0, messageEnd, blocking); - } - return 0; - } - -protected: - virtual bool IsolatedMessageEnd(bool blocking) =0; - void IsolatedInitialize(const NameValuePairs ¶meters) {m_inQueue.Clear();} - - ByteQueue m_inQueue; -}; - -struct BlockPaddingSchemeDef -{ - enum BlockPaddingScheme {NO_PADDING, ZEROS_PADDING, PKCS_PADDING, ONE_AND_ZEROS_PADDING, DEFAULT_PADDING}; -}; - -//! Filter Wrapper for StreamTransformation, optionally handling padding/unpadding when needed -class CRYPTOPP_DLL StreamTransformationFilter : public FilterWithBufferedInput, public BlockPaddingSchemeDef, private FilterPutSpaceHelper -{ -public: - /*! DEFAULT_PADDING means PKCS_PADDING if c.MandatoryBlockSize() > 1 && c.MinLastBlockSize() == 0 (e.g. ECB or CBC mode), - otherwise NO_PADDING (OFB, CFB, CTR, CBC-CTS modes). - See http://www.weidai.com/scan-mirror/csp.html for details of the padding schemes. */ - StreamTransformationFilter(StreamTransformation &c, BufferedTransformation *attachment = NULL, BlockPaddingScheme padding = DEFAULT_PADDING, bool allowAuthenticatedSymmetricCipher = false); - - std::string AlgorithmName() const {return m_cipher.AlgorithmName();} - -protected: - void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize); - void FirstPut(const byte *inString); - void NextPutMultiple(const byte *inString, size_t length); - void NextPutModifiable(byte *inString, size_t length); - void LastPut(const byte *inString, size_t length); - - static size_t LastBlockSize(StreamTransformation &c, BlockPaddingScheme padding); - - StreamTransformation &m_cipher; - BlockPaddingScheme m_padding; - unsigned int m_optimalBufferSize; -}; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY -typedef StreamTransformationFilter StreamCipherFilter; -#endif - -//! Filter Wrapper for HashTransformation -class CRYPTOPP_DLL HashFilter : public Bufferless<Filter>, private FilterPutSpaceHelper -{ -public: - HashFilter(HashTransformation &hm, BufferedTransformation *attachment = NULL, bool putMessage=false, int truncatedDigestSize=-1, const std::string &messagePutChannel=DEFAULT_CHANNEL, const std::string &hashPutChannel=DEFAULT_CHANNEL); - - std::string AlgorithmName() const {return m_hashModule.AlgorithmName();} - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - byte * CreatePutSpace(size_t &size) {return m_hashModule.CreateUpdateSpace(size);} - -private: - HashTransformation &m_hashModule; - bool m_putMessage; - unsigned int m_digestSize; - byte *m_space; - std::string m_messagePutChannel, m_hashPutChannel; -}; - -//! Filter Wrapper for HashTransformation -class CRYPTOPP_DLL HashVerificationFilter : public FilterWithBufferedInput -{ -public: - class HashVerificationFailed : public Exception - { - public: - HashVerificationFailed() - : Exception(DATA_INTEGRITY_CHECK_FAILED, "HashVerificationFilter: message hash or MAC not valid") {} - }; - - enum Flags {HASH_AT_END=0, HASH_AT_BEGIN=1, PUT_MESSAGE=2, PUT_HASH=4, PUT_RESULT=8, THROW_EXCEPTION=16, DEFAULT_FLAGS = HASH_AT_BEGIN | PUT_RESULT}; - HashVerificationFilter(HashTransformation &hm, BufferedTransformation *attachment = NULL, word32 flags = DEFAULT_FLAGS, int truncatedDigestSize=-1); - - std::string AlgorithmName() const {return m_hashModule.AlgorithmName();} - bool GetLastResult() const {return m_verified;} - -protected: - void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize); - void FirstPut(const byte *inString); - void NextPutMultiple(const byte *inString, size_t length); - void LastPut(const byte *inString, size_t length); - -private: - friend class AuthenticatedDecryptionFilter; - - HashTransformation &m_hashModule; - word32 m_flags; - unsigned int m_digestSize; - bool m_verified; - SecByteBlock m_expectedHash; -}; - -typedef HashVerificationFilter HashVerifier; // for backwards compatibility - -//! Filter wrapper for encrypting with AuthenticatedSymmetricCipher, optionally handling padding/unpadding when needed -/*! Additional authenticated data should be given in channel "AAD". If putAAD is true, AAD will be Put() to the attached BufferedTransformation in channel "AAD". */ -class CRYPTOPP_DLL AuthenticatedEncryptionFilter : public StreamTransformationFilter -{ -public: - /*! See StreamTransformationFilter for documentation on BlockPaddingScheme */ - AuthenticatedEncryptionFilter(AuthenticatedSymmetricCipher &c, BufferedTransformation *attachment = NULL, bool putAAD=false, int truncatedDigestSize=-1, const std::string &macChannel=DEFAULT_CHANNEL, BlockPaddingScheme padding = DEFAULT_PADDING); - - void IsolatedInitialize(const NameValuePairs ¶meters); - byte * ChannelCreatePutSpace(const std::string &channel, size_t &size); - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); - void LastPut(const byte *inString, size_t length); - -protected: - HashFilter m_hf; -}; - -//! Filter wrapper for decrypting with AuthenticatedSymmetricCipher, optionally handling padding/unpadding when needed -/*! Additional authenticated data should be given in channel "AAD". */ -class CRYPTOPP_DLL AuthenticatedDecryptionFilter : public FilterWithBufferedInput, public BlockPaddingSchemeDef -{ -public: - enum Flags {MAC_AT_END=0, MAC_AT_BEGIN=1, THROW_EXCEPTION=16, DEFAULT_FLAGS = THROW_EXCEPTION}; - - /*! See StreamTransformationFilter for documentation on BlockPaddingScheme */ - AuthenticatedDecryptionFilter(AuthenticatedSymmetricCipher &c, BufferedTransformation *attachment = NULL, word32 flags = DEFAULT_FLAGS, int truncatedDigestSize=-1, BlockPaddingScheme padding = DEFAULT_PADDING); - - std::string AlgorithmName() const {return m_hashVerifier.AlgorithmName();} - byte * ChannelCreatePutSpace(const std::string &channel, size_t &size); - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); - bool GetLastResult() const {return m_hashVerifier.GetLastResult();} - -protected: - void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize); - void FirstPut(const byte *inString); - void NextPutMultiple(const byte *inString, size_t length); - void LastPut(const byte *inString, size_t length); - - HashVerificationFilter m_hashVerifier; - StreamTransformationFilter m_streamFilter; -}; - -//! Filter Wrapper for PK_Signer -class CRYPTOPP_DLL SignerFilter : public Unflushable<Filter> -{ -public: - SignerFilter(RandomNumberGenerator &rng, const PK_Signer &signer, BufferedTransformation *attachment = NULL, bool putMessage=false) - : m_rng(rng), m_signer(signer), m_messageAccumulator(signer.NewSignatureAccumulator(rng)), m_putMessage(putMessage) {Detach(attachment);} - - std::string AlgorithmName() const {return m_signer.AlgorithmName();} - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - -private: - RandomNumberGenerator &m_rng; - const PK_Signer &m_signer; - member_ptr<PK_MessageAccumulator> m_messageAccumulator; - bool m_putMessage; - SecByteBlock m_buf; -}; - -//! Filter Wrapper for PK_Verifier -class CRYPTOPP_DLL SignatureVerificationFilter : public FilterWithBufferedInput -{ -public: - class SignatureVerificationFailed : public Exception - { - public: - SignatureVerificationFailed() - : Exception(DATA_INTEGRITY_CHECK_FAILED, "VerifierFilter: digital signature not valid") {} - }; - - enum Flags {SIGNATURE_AT_END=0, SIGNATURE_AT_BEGIN=1, PUT_MESSAGE=2, PUT_SIGNATURE=4, PUT_RESULT=8, THROW_EXCEPTION=16, DEFAULT_FLAGS = SIGNATURE_AT_BEGIN | PUT_RESULT}; - SignatureVerificationFilter(const PK_Verifier &verifier, BufferedTransformation *attachment = NULL, word32 flags = DEFAULT_FLAGS); - - std::string AlgorithmName() const {return m_verifier.AlgorithmName();} - - bool GetLastResult() const {return m_verified;} - -protected: - void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize); - void FirstPut(const byte *inString); - void NextPutMultiple(const byte *inString, size_t length); - void LastPut(const byte *inString, size_t length); - -private: - const PK_Verifier &m_verifier; - member_ptr<PK_MessageAccumulator> m_messageAccumulator; - word32 m_flags; - SecByteBlock m_signature; - bool m_verified; -}; - -typedef SignatureVerificationFilter VerifierFilter; // for backwards compatibility - -//! Redirect input to another BufferedTransformation without owning it -class CRYPTOPP_DLL Redirector : public CustomSignalPropagation<Sink> -{ -public: - enum Behavior - { - DATA_ONLY = 0x00, - PASS_SIGNALS = 0x01, - PASS_WAIT_OBJECTS = 0x02, - PASS_EVERYTHING = PASS_SIGNALS | PASS_WAIT_OBJECTS - }; - - Redirector() : m_target(NULL), m_behavior(PASS_EVERYTHING) {} - Redirector(BufferedTransformation &target, Behavior behavior=PASS_EVERYTHING) - : m_target(&target), m_behavior(behavior) {} - - void Redirect(BufferedTransformation &target) {m_target = ⌖} - void StopRedirection() {m_target = NULL;} - - Behavior GetBehavior() {return (Behavior) m_behavior;} - void SetBehavior(Behavior behavior) {m_behavior=behavior;} - bool GetPassSignals() const {return (m_behavior & PASS_SIGNALS) != 0;} - void SetPassSignals(bool pass) { if (pass) m_behavior |= PASS_SIGNALS; else m_behavior &= ~(word32) PASS_SIGNALS; } - bool GetPassWaitObjects() const {return (m_behavior & PASS_WAIT_OBJECTS) != 0;} - void SetPassWaitObjects(bool pass) { if (pass) m_behavior |= PASS_WAIT_OBJECTS; else m_behavior &= ~(word32) PASS_WAIT_OBJECTS; } - - bool CanModifyInput() const - {return m_target ? m_target->CanModifyInput() : false;} - - void Initialize(const NameValuePairs ¶meters, int propagation); - byte * CreatePutSpace(size_t &size) - {return m_target ? m_target->CreatePutSpace(size) : (byte *)(size=0, NULL);} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - {return m_target ? m_target->Put2(begin, length, GetPassSignals() ? messageEnd : 0, blocking) : 0;} - bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) - {return m_target && GetPassSignals() ? m_target->Flush(hardFlush, propagation, blocking) : false;} - bool MessageSeriesEnd(int propagation=-1, bool blocking=true) - {return m_target && GetPassSignals() ? m_target->MessageSeriesEnd(propagation, blocking) : false;} - - byte * ChannelCreatePutSpace(const std::string &channel, size_t &size) - {return m_target ? m_target->ChannelCreatePutSpace(channel, size) : (byte *)(size=0, NULL);} - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) - {return m_target ? m_target->ChannelPut2(channel, begin, length, GetPassSignals() ? messageEnd : 0, blocking) : 0;} - size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking) - {return m_target ? m_target->ChannelPutModifiable2(channel, begin, length, GetPassSignals() ? messageEnd : 0, blocking) : 0;} - bool ChannelFlush(const std::string &channel, bool completeFlush, int propagation=-1, bool blocking=true) - {return m_target && GetPassSignals() ? m_target->ChannelFlush(channel, completeFlush, propagation, blocking) : false;} - bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true) - {return m_target && GetPassSignals() ? m_target->ChannelMessageSeriesEnd(channel, propagation, blocking) : false;} - - unsigned int GetMaxWaitObjectCount() const - { return m_target && GetPassWaitObjects() ? m_target->GetMaxWaitObjectCount() : 0; } - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) - { if (m_target && GetPassWaitObjects()) m_target->GetWaitObjects(container, callStack); } - -private: - BufferedTransformation *m_target; - word32 m_behavior; -}; - -// Used By ProxyFilter -class CRYPTOPP_DLL OutputProxy : public CustomSignalPropagation<Sink> -{ -public: - OutputProxy(BufferedTransformation &owner, bool passSignal) : m_owner(owner), m_passSignal(passSignal) {} - - bool GetPassSignal() const {return m_passSignal;} - void SetPassSignal(bool passSignal) {m_passSignal = passSignal;} - - byte * CreatePutSpace(size_t &size) - {return m_owner.AttachedTransformation()->CreatePutSpace(size);} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - {return m_owner.AttachedTransformation()->Put2(begin, length, m_passSignal ? messageEnd : 0, blocking);} - size_t PutModifiable2(byte *begin, size_t length, int messageEnd, bool blocking) - {return m_owner.AttachedTransformation()->PutModifiable2(begin, length, m_passSignal ? messageEnd : 0, blocking);} - void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1) - {if (m_passSignal) m_owner.AttachedTransformation()->Initialize(parameters, propagation);} - bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) - {return m_passSignal ? m_owner.AttachedTransformation()->Flush(hardFlush, propagation, blocking) : false;} - bool MessageSeriesEnd(int propagation=-1, bool blocking=true) - {return m_passSignal ? m_owner.AttachedTransformation()->MessageSeriesEnd(propagation, blocking) : false;} - - byte * ChannelCreatePutSpace(const std::string &channel, size_t &size) - {return m_owner.AttachedTransformation()->ChannelCreatePutSpace(channel, size);} - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) - {return m_owner.AttachedTransformation()->ChannelPut2(channel, begin, length, m_passSignal ? messageEnd : 0, blocking);} - size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking) - {return m_owner.AttachedTransformation()->ChannelPutModifiable2(channel, begin, length, m_passSignal ? messageEnd : 0, blocking);} - bool ChannelFlush(const std::string &channel, bool completeFlush, int propagation=-1, bool blocking=true) - {return m_passSignal ? m_owner.AttachedTransformation()->ChannelFlush(channel, completeFlush, propagation, blocking) : false;} - bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true) - {return m_passSignal ? m_owner.AttachedTransformation()->ChannelMessageSeriesEnd(channel, propagation, blocking) : false;} - -private: - BufferedTransformation &m_owner; - bool m_passSignal; -}; - -//! Base class for Filter classes that are proxies for a chain of other filters. -class CRYPTOPP_DLL ProxyFilter : public FilterWithBufferedInput -{ -public: - ProxyFilter(BufferedTransformation *filter, size_t firstSize, size_t lastSize, BufferedTransformation *attachment); - - bool IsolatedFlush(bool hardFlush, bool blocking); - - void SetFilter(Filter *filter); - void NextPutMultiple(const byte *s, size_t len); - void NextPutModifiable(byte *inString, size_t length); - -protected: - member_ptr<BufferedTransformation> m_filter; -}; - -//! simple proxy filter that doesn't modify the underlying filter's input or output -class CRYPTOPP_DLL SimpleProxyFilter : public ProxyFilter -{ -public: - SimpleProxyFilter(BufferedTransformation *filter, BufferedTransformation *attachment) - : ProxyFilter(filter, 0, 0, attachment) {} - - void FirstPut(const byte *) {} - void LastPut(const byte *, size_t) {m_filter->MessageEnd();} -}; - -//! proxy for the filter created by PK_Encryptor::CreateEncryptionFilter -/*! This class is here just to provide symmetry with VerifierFilter. */ -class CRYPTOPP_DLL PK_EncryptorFilter : public SimpleProxyFilter -{ -public: - PK_EncryptorFilter(RandomNumberGenerator &rng, const PK_Encryptor &encryptor, BufferedTransformation *attachment = NULL) - : SimpleProxyFilter(encryptor.CreateEncryptionFilter(rng), attachment) {} -}; - -//! proxy for the filter created by PK_Decryptor::CreateDecryptionFilter -/*! This class is here just to provide symmetry with SignerFilter. */ -class CRYPTOPP_DLL PK_DecryptorFilter : public SimpleProxyFilter -{ -public: - PK_DecryptorFilter(RandomNumberGenerator &rng, const PK_Decryptor &decryptor, BufferedTransformation *attachment = NULL) - : SimpleProxyFilter(decryptor.CreateDecryptionFilter(rng), attachment) {} -}; - -//! Append input to a string object -template <class T> -class StringSinkTemplate : public Bufferless<Sink> -{ -public: - // VC60 workaround: no T::char_type - typedef typename T::traits_type::char_type char_type; - - StringSinkTemplate(T &output) - : m_output(&output) {assert(sizeof(output[0])==1);} - - void IsolatedInitialize(const NameValuePairs ¶meters) - {if (!parameters.GetValue("OutputStringPointer", m_output)) throw InvalidArgument("StringSink: OutputStringPointer not specified");} - - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - { - if (length > 0) - { - typename T::size_type size = m_output->size(); - if (length < size && size + length > m_output->capacity()) - m_output->reserve(2*size); - m_output->append((const char_type *)begin, (const char_type *)begin+length); - } - return 0; - } - -private: - T *m_output; -}; - -//! Append input to an std::string -CRYPTOPP_DLL_TEMPLATE_CLASS StringSinkTemplate<std::string>; -typedef StringSinkTemplate<std::string> StringSink; - -//! incorporates input into RNG as additional entropy -class RandomNumberSink : public Bufferless<Sink> -{ -public: - RandomNumberSink() - : m_rng(NULL) {} - - RandomNumberSink(RandomNumberGenerator &rng) - : m_rng(&rng) {} - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - -private: - RandomNumberGenerator *m_rng; -}; - -//! Copy input to a memory buffer -class CRYPTOPP_DLL ArraySink : public Bufferless<Sink> -{ -public: - ArraySink(const NameValuePairs ¶meters = g_nullNameValuePairs) {IsolatedInitialize(parameters);} - ArraySink(byte *buf, size_t size) : m_buf(buf), m_size(size), m_total(0) {} - - size_t AvailableSize() {return SaturatingSubtract(m_size, m_total);} - lword TotalPutLength() {return m_total;} - - void IsolatedInitialize(const NameValuePairs ¶meters); - byte * CreatePutSpace(size_t &size); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - -protected: - byte *m_buf; - size_t m_size; - lword m_total; -}; - -//! Xor input to a memory buffer -class CRYPTOPP_DLL ArrayXorSink : public ArraySink -{ -public: - ArrayXorSink(byte *buf, size_t size) - : ArraySink(buf, size) {} - - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - byte * CreatePutSpace(size_t &size) {return BufferedTransformation::CreatePutSpace(size);} -}; - -//! string-based implementation of Store interface -class StringStore : public Store -{ -public: - StringStore(const char *string = NULL) - {StoreInitialize(MakeParameters("InputBuffer", ConstByteArrayParameter(string)));} - StringStore(const byte *string, size_t length) - {StoreInitialize(MakeParameters("InputBuffer", ConstByteArrayParameter(string, length)));} - template <class T> StringStore(const T &string) - {StoreInitialize(MakeParameters("InputBuffer", ConstByteArrayParameter(string)));} - - CRYPTOPP_DLL size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - CRYPTOPP_DLL size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - -private: - CRYPTOPP_DLL void StoreInitialize(const NameValuePairs ¶meters); - - const byte *m_store; - size_t m_length, m_count; -}; - -//! RNG-based implementation of Source interface -class CRYPTOPP_DLL RandomNumberStore : public Store -{ -public: - RandomNumberStore() - : m_rng(NULL), m_length(0), m_count(0) {} - - RandomNumberStore(RandomNumberGenerator &rng, lword length) - : m_rng(&rng), m_length(length), m_count(0) {} - - bool AnyRetrievable() const {return MaxRetrievable() != 0;} - lword MaxRetrievable() const {return m_length-m_count;} - - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const - { - throw NotImplemented("RandomNumberStore: CopyRangeTo2() is not supported by this store"); - } - -private: - void StoreInitialize(const NameValuePairs ¶meters); - - RandomNumberGenerator *m_rng; - lword m_length, m_count; -}; - -//! empty store -class CRYPTOPP_DLL NullStore : public Store -{ -public: - NullStore(lword size = ULONG_MAX) : m_size(size) {} - void StoreInitialize(const NameValuePairs ¶meters) {} - lword MaxRetrievable() const {return m_size;} - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - -private: - lword m_size; -}; - -//! A Filter that pumps data into its attachment as input -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Source : public InputRejecting<Filter> -{ -public: - Source(BufferedTransformation *attachment = NULL) - {Source::Detach(attachment);} - - lword Pump(lword pumpMax=size_t(0)-1) - {Pump2(pumpMax); return pumpMax;} - unsigned int PumpMessages(unsigned int count=UINT_MAX) - {PumpMessages2(count); return count;} - void PumpAll() - {PumpAll2();} - virtual size_t Pump2(lword &byteCount, bool blocking=true) =0; - virtual size_t PumpMessages2(unsigned int &messageCount, bool blocking=true) =0; - virtual size_t PumpAll2(bool blocking=true); - virtual bool SourceExhausted() const =0; - -protected: - void SourceInitialize(bool pumpAll, const NameValuePairs ¶meters) - { - IsolatedInitialize(parameters); - if (pumpAll) - PumpAll(); - } -}; - -//! Turn a Store into a Source -template <class T> -class SourceTemplate : public Source -{ -public: - SourceTemplate<T>(BufferedTransformation *attachment) - : Source(attachment) {} - void IsolatedInitialize(const NameValuePairs ¶meters) - {m_store.IsolatedInitialize(parameters);} - size_t Pump2(lword &byteCount, bool blocking=true) - {return m_store.TransferTo2(*AttachedTransformation(), byteCount, DEFAULT_CHANNEL, blocking);} - size_t PumpMessages2(unsigned int &messageCount, bool blocking=true) - {return m_store.TransferMessagesTo2(*AttachedTransformation(), messageCount, DEFAULT_CHANNEL, blocking);} - size_t PumpAll2(bool blocking=true) - {return m_store.TransferAllTo2(*AttachedTransformation(), DEFAULT_CHANNEL, blocking);} - bool SourceExhausted() const - {return !m_store.AnyRetrievable() && !m_store.AnyMessages();} - void SetAutoSignalPropagation(int propagation) - {m_store.SetAutoSignalPropagation(propagation);} - int GetAutoSignalPropagation() const - {return m_store.GetAutoSignalPropagation();} - -protected: - T m_store; -}; - -//! string-based implementation of Source interface -class CRYPTOPP_DLL StringSource : public SourceTemplate<StringStore> -{ -public: - StringSource(BufferedTransformation *attachment = NULL) - : SourceTemplate<StringStore>(attachment) {} - //! zero terminated string as source - StringSource(const char *string, bool pumpAll, BufferedTransformation *attachment = NULL) - : SourceTemplate<StringStore>(attachment) {SourceInitialize(pumpAll, MakeParameters("InputBuffer", ConstByteArrayParameter(string)));} - //! binary byte array as source - StringSource(const byte *string, size_t length, bool pumpAll, BufferedTransformation *attachment = NULL) - : SourceTemplate<StringStore>(attachment) {SourceInitialize(pumpAll, MakeParameters("InputBuffer", ConstByteArrayParameter(string, length)));} - //! std::string as source - StringSource(const std::string &string, bool pumpAll, BufferedTransformation *attachment = NULL) - : SourceTemplate<StringStore>(attachment) {SourceInitialize(pumpAll, MakeParameters("InputBuffer", ConstByteArrayParameter(string)));} -}; - -//! use the third constructor for an array source -typedef StringSource ArraySource; - -//! RNG-based implementation of Source interface -class CRYPTOPP_DLL RandomNumberSource : public SourceTemplate<RandomNumberStore> -{ -public: - RandomNumberSource(RandomNumberGenerator &rng, int length, bool pumpAll, BufferedTransformation *attachment = NULL) - : SourceTemplate<RandomNumberStore>(attachment) - {SourceInitialize(pumpAll, MakeParameters("RandomNumberGeneratorPointer", &rng)("RandomNumberStoreSize", length));} -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/fips140.cpp b/cryptopp562/fips140.cpp deleted file mode 100644 index 1fcf590..0000000 --- a/cryptopp562/fips140.cpp +++ /dev/null @@ -1,84 +0,0 @@ -// fips140.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "fips140.h" -#include "trdlocal.h" // needs to be included last for cygwin - -NAMESPACE_BEGIN(CryptoPP) - -// Define this to 1 to turn on FIPS 140-2 compliance features, including additional tests during -// startup, random number generation, and key generation. These tests may affect performance. -#ifndef CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 -#define CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 0 -#endif - -#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(THREADS_AVAILABLE)) -#error FIPS 140-2 compliance requires the availability of thread local storage. -#endif - -#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(OS_RNG_AVAILABLE)) -#error FIPS 140-2 compliance requires the availability of OS provided RNG. -#endif - -PowerUpSelfTestStatus g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE; - -bool FIPS_140_2_ComplianceEnabled() -{ - return CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2; -} - -void SimulatePowerUpSelfTestFailure() -{ - g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED; -} - -PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus() -{ - return g_powerUpSelfTestStatus; -} - -#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 -ThreadLocalStorage & AccessPowerUpSelfTestInProgress() -{ - static ThreadLocalStorage selfTestInProgress; - return selfTestInProgress; -} -#endif - -bool PowerUpSelfTestInProgressOnThisThread() -{ -#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 - return AccessPowerUpSelfTestInProgress().GetValue() != NULL; -#else - assert(false); // should not be called - return false; -#endif -} - -void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress) -{ -#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 - AccessPowerUpSelfTestInProgress().SetValue((void *)inProgress); -#endif -} - -void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor) -{ -#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 - EncryptionPairwiseConsistencyTest(encryptor, decryptor); -#endif -} - -void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier) -{ -#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 - SignaturePairwiseConsistencyTest(signer, verifier); -#endif -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/fips140.h b/cryptopp562/fips140.h deleted file mode 100644 index a3e5386..0000000 --- a/cryptopp562/fips140.h +++ /dev/null @@ -1,59 +0,0 @@ -#ifndef CRYPTOPP_FIPS140_H -#define CRYPTOPP_FIPS140_H - -/*! \file - FIPS 140 related functions and classes. -*/ - -#include "cryptlib.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! exception thrown when a crypto algorithm is used after a self test fails -class CRYPTOPP_DLL SelfTestFailure : public Exception -{ -public: - explicit SelfTestFailure(const std::string &s) : Exception(OTHER_ERROR, s) {} -}; - -//! returns whether FIPS 140-2 compliance features were enabled at compile time -CRYPTOPP_DLL bool CRYPTOPP_API FIPS_140_2_ComplianceEnabled(); - -//! enum values representing status of the power-up self test -enum PowerUpSelfTestStatus {POWER_UP_SELF_TEST_NOT_DONE, POWER_UP_SELF_TEST_FAILED, POWER_UP_SELF_TEST_PASSED}; - -//! perform the power-up self test, and set the self test status -CRYPTOPP_DLL void CRYPTOPP_API DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleMac); - -//! perform the power-up self test using the filename of this DLL and the embedded module MAC -CRYPTOPP_DLL void CRYPTOPP_API DoDllPowerUpSelfTest(); - -//! set the power-up self test status to POWER_UP_SELF_TEST_FAILED -CRYPTOPP_DLL void CRYPTOPP_API SimulatePowerUpSelfTestFailure(); - -//! return the current power-up self test status -CRYPTOPP_DLL PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus(); - -typedef PowerUpSelfTestStatus (CRYPTOPP_API * PGetPowerUpSelfTestStatus)(); - -CRYPTOPP_DLL MessageAuthenticationCode * CRYPTOPP_API NewIntegrityCheckingMAC(); - -CRYPTOPP_DLL bool CRYPTOPP_API IntegrityCheckModule(const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac = NULL, unsigned long *pMacFileLocation = NULL); - -// this is used by Algorithm constructor to allow Algorithm objects to be constructed for the self test -bool PowerUpSelfTestInProgressOnThisThread(); - -void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress); - -void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier); -void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor); - -void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier); -void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor); - -#define CRYPTOPP_DUMMY_DLL_MAC "MAC_51f34b8db820ae8" - -NAMESPACE_END - -#endif diff --git a/cryptopp562/fipsalgt.cpp b/cryptopp562/fipsalgt.cpp deleted file mode 100644 index 92c254f..0000000 --- a/cryptopp562/fipsalgt.cpp +++ /dev/null @@ -1,1290 +0,0 @@ -// fipsalgt.cpp - written and placed in the public domain by Wei Dai - -// This file implements the various algorithm tests needed to pass FIPS 140 validation. -// They're preserved here (commented out) in case Crypto++ needs to be revalidated. - -#if 0 -#ifndef CRYPTOPP_IMPORTS -#define CRYPTOPP_DEFAULT_NO_DLL -#endif -#include "dll.h" -#include "oids.h" - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -class LineBreakParser : public AutoSignaling<Bufferless<Filter> > -{ -public: - LineBreakParser(BufferedTransformation *attachment=NULL, byte lineEnd='\n') - : m_lineEnd(lineEnd) {Detach(attachment);} - - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - { - if (!blocking) - throw BlockingInputOnly("LineBreakParser"); - - unsigned int i, last = 0; - for (i=0; i<length; i++) - { - if (begin[i] == m_lineEnd) - { - AttachedTransformation()->Put2(begin+last, i-last, GetAutoSignalPropagation(), blocking); - last = i+1; - } - } - if (last != i) - AttachedTransformation()->Put2(begin+last, i-last, 0, blocking); - - if (messageEnd && GetAutoSignalPropagation()) - { - AttachedTransformation()->MessageEnd(GetAutoSignalPropagation()-1, blocking); - AttachedTransformation()->MessageSeriesEnd(GetAutoSignalPropagation()-1, blocking); - } - - return 0; - } - -private: - byte m_lineEnd; -}; - -class TestDataParser : public Unflushable<FilterWithInputQueue> -{ -public: - enum DataType {OTHER, COUNT, KEY_T, IV, INPUT, OUTPUT}; - - TestDataParser(std::string algorithm, std::string test, std::string mode, unsigned int feedbackSize, bool encrypt, BufferedTransformation *attachment) - : m_algorithm(algorithm), m_test(test), m_mode(mode), m_feedbackSize(feedbackSize) - , m_firstLine(true), m_blankLineTransition(0) - { - Detach(attachment); - - m_typeToName[COUNT] = "COUNT"; - - m_nameToType["COUNT"] = COUNT; - m_nameToType["KEY"] = KEY_T; - m_nameToType["KEYs"] = KEY_T; - m_nameToType["key"] = KEY_T; - m_nameToType["Key"] = KEY_T; - m_nameToType["IV"] = IV; - m_nameToType["IV1"] = IV; - m_nameToType["CV"] = IV; - m_nameToType["CV1"] = IV; - m_nameToType["IB"] = IV; - m_nameToType["TEXT"] = INPUT; - m_nameToType["RESULT"] = OUTPUT; - m_nameToType["Msg"] = INPUT; - m_nameToType["Seed"] = INPUT; - m_nameToType["V"] = INPUT; - m_nameToType["DT"] = IV; - SetEncrypt(encrypt); - - if (m_algorithm == "DSA" || m_algorithm == "ECDSA") - { - if (m_test == "PKV") - m_trigger = "Qy"; - else if (m_test == "KeyPair") - m_trigger = "N"; - else if (m_test == "SigGen") - m_trigger = "Msg"; - else if (m_test == "SigVer") - m_trigger = "S"; - else if (m_test == "PQGGen") - m_trigger = "N"; - else if (m_test == "PQGVer") - m_trigger = "H"; - } - else if (m_algorithm == "HMAC") - m_trigger = "Msg"; - else if (m_algorithm == "SHA") - m_trigger = (m_test == "MONTE") ? "Seed" : "Msg"; - else if (m_algorithm == "RNG") - m_trigger = "V"; - else if (m_algorithm == "RSA") - m_trigger = (m_test == "Ver") ? "S" : "Msg"; - } - - void SetEncrypt(bool encrypt) - { - m_encrypt = encrypt; - if (encrypt) - { - m_nameToType["PLAINTEXT"] = INPUT; - m_nameToType["CIPHERTEXT"] = OUTPUT; - m_nameToType["PT"] = INPUT; - m_nameToType["CT"] = OUTPUT; - } - else - { - m_nameToType["PLAINTEXT"] = OUTPUT; - m_nameToType["CIPHERTEXT"] = INPUT; - m_nameToType["PT"] = OUTPUT; - m_nameToType["CT"] = INPUT; - } - - if (m_algorithm == "AES" || m_algorithm == "TDES") - { - if (encrypt) - { - m_trigger = "PLAINTEXT"; - m_typeToName[OUTPUT] = "CIPHERTEXT"; - } - else - { - m_trigger = "CIPHERTEXT"; - m_typeToName[OUTPUT] = "PLAINTEXT"; - } - m_count = 0; - } - } - -protected: - void OutputData(std::string &output, const std::string &key, const std::string &data) - { - output += key; - output += "= "; - output += data; - output += "\n"; - } - - void OutputData(std::string &output, const std::string &key, int data) - { - OutputData(output, key, IntToString(data)); - } - - void OutputData(std::string &output, const std::string &key, const SecByteBlock &data) - { - output += key; - output += "= "; - HexEncoder(new StringSink(output), false).Put(data, data.size()); - output += "\n"; - } - - void OutputData(std::string &output, const std::string &key, const Integer &data, int size=-1) - { - SecByteBlock s(size < 0 ? data.MinEncodedSize() : size); - data.Encode(s, s.size()); - OutputData(output, key, s); - } - - void OutputData(std::string &output, const std::string &key, const PolynomialMod2 &data, int size=-1) - { - SecByteBlock s(size < 0 ? data.MinEncodedSize() : size); - data.Encode(s, s.size()); - OutputData(output, key, s); - } - - void OutputData(std::string &output, DataType t, const std::string &data) - { - if (m_algorithm == "SKIPJACK") - { - if (m_test == "KAT") - { - if (t == OUTPUT) - output = m_line + data + "\n"; - } - else - { - if (t != COUNT) - { - output += m_typeToName[t]; - output += "="; - } - output += data; - output += t == OUTPUT ? "\n" : " "; - } - } - else if (m_algorithm == "TDES" && t == KEY_T && m_typeToName[KEY_T].empty()) - { - output += "KEY1 = "; - output += data.substr(0, 16); - output += "\nKEY2 = "; - output += data.size() > 16 ? data.substr(16, 16) : data.substr(0, 16); - output += "\nKEY3 = "; - output += data.size() > 32 ? data.substr(32, 16) : data.substr(0, 16); - output += "\n"; - } - else - { - output += m_typeToName[t]; - output += " = "; - output += data; - output += "\n"; - } - } - - void OutputData(std::string &output, DataType t, int i) - { - OutputData(output, t, IntToString(i)); - } - - void OutputData(std::string &output, DataType t, const SecByteBlock &data) - { - std::string hexData; - StringSource(data.begin(), data.size(), true, new HexEncoder(new StringSink(hexData), false)); - OutputData(output, t, hexData); - } - - void OutputGivenData(std::string &output, DataType t, bool optional = false) - { - if (m_data.find(m_typeToName[t]) == m_data.end()) - { - if (optional) - return; - throw Exception(Exception::OTHER_ERROR, "TestDataParser: key not found: " + m_typeToName[t]); - } - - OutputData(output, t, m_data[m_typeToName[t]]); - } - - template <class T> - BlockCipher * NewBT(T *) - { - if (!m_encrypt && (m_mode == "ECB" || m_mode == "CBC")) - return new typename T::Decryption; - else - return new typename T::Encryption; - } - - template <class T> - SymmetricCipher * NewMode(T *, BlockCipher &bt, const byte *iv) - { - if (!m_encrypt) - return new typename T::Decryption(bt, iv, m_feedbackSize/8); - else - return new typename T::Encryption(bt, iv, m_feedbackSize/8); - } - - static inline void Xor(SecByteBlock &z, const SecByteBlock &x, const SecByteBlock &y) - { - assert(x.size() == y.size()); - z.resize(x.size()); - xorbuf(z, x, y, x.size()); - } - - SecByteBlock UpdateKey(SecByteBlock key, const SecByteBlock *text) - { - unsigned int innerCount = (m_algorithm == "AES") ? 1000 : 10000; - int keySize = key.size(), blockSize = text[0].size(); - SecByteBlock x(keySize); - for (int k=0; k<keySize;) - { - int pos = innerCount * blockSize - keySize + k; - memcpy(x + k, text[pos / blockSize] + pos % blockSize, blockSize - pos % blockSize); - k += blockSize - pos % blockSize; - } - - if (m_algorithm == "TDES" || m_algorithm == "DES") - { - for (int i=0; i<keySize; i+=8) - { - xorbuf(key+i, x+keySize-8-i, 8); - DES::CorrectKeyParityBits(key+i); - } - } - else - xorbuf(key, x, keySize); - - return key; - } - - static inline void AssignLeftMostBits(SecByteBlock &z, const SecByteBlock &x, unsigned int K) - { - z.Assign(x, K/8); - } - - template <class EC> - void EC_KeyPair(string &output, int n, const OID &oid) - { - DL_GroupParameters_EC<EC> params(oid); - for (int i=0; i<n; i++) - { - DL_PrivateKey_EC<EC> priv; - DL_PublicKey_EC<EC> pub; - priv.Initialize(m_rng, params); - priv.MakePublicKey(pub); - - OutputData(output, "d ", priv.GetPrivateExponent()); - OutputData(output, "Qx ", pub.GetPublicElement().x, params.GetCurve().GetField().MaxElementByteLength()); - OutputData(output, "Qy ", pub.GetPublicElement().y, params.GetCurve().GetField().MaxElementByteLength()); - } - } - - template <class EC> - void EC_SigGen(string &output, const OID &oid) - { - DL_GroupParameters_EC<EC> params(oid); - typename ECDSA<EC, SHA1>::PrivateKey priv; - typename ECDSA<EC, SHA1>::PublicKey pub; - priv.Initialize(m_rng, params); - priv.MakePublicKey(pub); - - typename ECDSA<EC, SHA1>::Signer signer(priv); - SecByteBlock sig(signer.SignatureLength()); - StringSource(m_data["Msg"], true, new HexDecoder(new SignerFilter(m_rng, signer, new ArraySink(sig, sig.size())))); - SecByteBlock R(sig, sig.size()/2), S(sig+sig.size()/2, sig.size()/2); - - OutputData(output, "Qx ", pub.GetPublicElement().x, params.GetCurve().GetField().MaxElementByteLength()); - OutputData(output, "Qy ", pub.GetPublicElement().y, params.GetCurve().GetField().MaxElementByteLength()); - OutputData(output, "R ", R); - OutputData(output, "S ", S); - } - - template <class EC> - void EC_SigVer(string &output, const OID &oid) - { - SecByteBlock x(DecodeHex(m_data["Qx"])); - SecByteBlock y(DecodeHex(m_data["Qy"])); - Integer r((m_data["R"]+"h").c_str()); - Integer s((m_data["S"]+"h").c_str()); - - typename EC::FieldElement Qx(x, x.size()); - typename EC::FieldElement Qy(y, y.size()); - typename EC::Element Q(Qx, Qy); - - DL_GroupParameters_EC<EC> params(oid); - typename ECDSA<EC, SHA1>::PublicKey pub; - pub.Initialize(params, Q); - typename ECDSA<EC, SHA1>::Verifier verifier(pub); - - SecByteBlock sig(verifier.SignatureLength()); - r.Encode(sig, sig.size()/2); - s.Encode(sig+sig.size()/2, sig.size()/2); - - SignatureVerificationFilter filter(verifier); - filter.Put(sig, sig.size()); - StringSource(m_data["Msg"], true, new HexDecoder(new Redirector(filter, Redirector::DATA_ONLY))); - filter.MessageEnd(); - byte b; - filter.Get(b); - OutputData(output, "Result ", b ? "P" : "F"); - } - - template <class EC> - static bool EC_PKV(RandomNumberGenerator &rng, const SecByteBlock &x, const SecByteBlock &y, const OID &oid) - { - typename EC::FieldElement Qx(x, x.size()); - typename EC::FieldElement Qy(y, y.size()); - typename EC::Element Q(Qx, Qy); - - DL_GroupParameters_EC<EC> params(oid); - typename ECDSA<EC, SHA1>::PublicKey pub; - pub.Initialize(params, Q); - return pub.Validate(rng, 3); - } - - template <class H, class Result> - Result * CreateRSA2(const std::string &standard) - { - if (typeid(Result) == typeid(PK_Verifier)) - { - if (standard == "R") - return (Result *) new typename RSASS_ISO<H>::Verifier; - else if (standard == "P") - return (Result *) new typename RSASS<PSS, H>::Verifier; - else if (standard == "1") - return (Result *) new typename RSASS<PKCS1v15, H>::Verifier; - } - else if (typeid(Result) == typeid(PK_Signer)) - { - if (standard == "R") - return (Result *) new typename RSASS_ISO<H>::Signer; - else if (standard == "P") - return (Result *) new typename RSASS<PSS, H>::Signer; - else if (standard == "1") - return (Result *) new typename RSASS<PKCS1v15, H>::Signer; - } - - return NULL; - } - - template <class Result> - Result * CreateRSA(const std::string &standard, const std::string &hash) - { - if (hash == "1") - return CreateRSA2<SHA1, Result>(standard); - else if (hash == "224") - return CreateRSA2<SHA224, Result>(standard); - else if (hash == "256") - return CreateRSA2<SHA256, Result>(standard); - else if (hash == "384") - return CreateRSA2<SHA384, Result>(standard); - else if (hash == "512") - return CreateRSA2<SHA512, Result>(standard); - else - return NULL; - } - - virtual void DoTest() - { - std::string output; - - if (m_algorithm == "DSA") - { - if (m_test == "KeyPair") - { - DL_GroupParameters_DSA pqg; - int modLen = atol(m_bracketString.substr(6).c_str()); - pqg.GenerateRandomWithKeySize(m_rng, modLen); - - OutputData(output, "P ", pqg.GetModulus()); - OutputData(output, "Q ", pqg.GetSubgroupOrder()); - OutputData(output, "G ", pqg.GetSubgroupGenerator()); - - int n = atol(m_data["N"].c_str()); - for (int i=0; i<n; i++) - { - DSA::Signer priv; - priv.AccessKey().GenerateRandom(m_rng, pqg); - DSA::Verifier pub(priv); - - OutputData(output, "X ", priv.GetKey().GetPrivateExponent()); - OutputData(output, "Y ", pub.GetKey().GetPublicElement()); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - } - else if (m_test == "PQGGen") - { - int n = atol(m_data["N"].c_str()); - for (int i=0; i<n; i++) - { - Integer p, q, h, g; - int counter; - - SecByteBlock seed(SHA::DIGESTSIZE); - do - { - m_rng.GenerateBlock(seed, seed.size()); - } - while (!DSA::GeneratePrimes(seed, seed.size()*8, counter, p, 1024, q)); - h.Randomize(m_rng, 2, p-2); - g = a_exp_b_mod_c(h, (p-1)/q, p); - - OutputData(output, "P ", p); - OutputData(output, "Q ", q); - OutputData(output, "G ", g); - OutputData(output, "Seed ", seed); - OutputData(output, "c ", counter); - OutputData(output, "H ", h, p.ByteCount()); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - } - else if (m_test == "SigGen") - { - std::string &encodedKey = m_data["PrivKey"]; - int modLen = atol(m_bracketString.substr(6).c_str()); - DSA::PrivateKey priv; - - if (!encodedKey.empty()) - { - StringStore s(encodedKey); - priv.BERDecode(s); - if (priv.GetGroupParameters().GetModulus().BitCount() != modLen) - encodedKey.clear(); - } - - if (encodedKey.empty()) - { - priv.Initialize(m_rng, modLen); - StringSink s(encodedKey); - priv.DEREncode(s); - OutputData(output, "P ", priv.GetGroupParameters().GetModulus()); - OutputData(output, "Q ", priv.GetGroupParameters().GetSubgroupOrder()); - OutputData(output, "G ", priv.GetGroupParameters().GetSubgroupGenerator()); - } - - DSA::Signer signer(priv); - DSA::Verifier pub(signer); - OutputData(output, "Msg ", m_data["Msg"]); - OutputData(output, "Y ", pub.GetKey().GetPublicElement()); - - SecByteBlock sig(signer.SignatureLength()); - StringSource(m_data["Msg"], true, new HexDecoder(new SignerFilter(m_rng, signer, new ArraySink(sig, sig.size())))); - SecByteBlock R(sig, sig.size()/2), S(sig+sig.size()/2, sig.size()/2); - OutputData(output, "R ", R); - OutputData(output, "S ", S); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - else if (m_test == "SigVer") - { - Integer p((m_data["P"] + "h").c_str()); - Integer q((m_data["Q"] + "h").c_str()); - Integer g((m_data["G"] + "h").c_str()); - Integer y((m_data["Y"] + "h").c_str()); - DSA::Verifier verifier(p, q, g, y); - - HexDecoder filter(new SignatureVerificationFilter(verifier)); - StringSource(m_data["R"], true, new Redirector(filter, Redirector::DATA_ONLY)); - StringSource(m_data["S"], true, new Redirector(filter, Redirector::DATA_ONLY)); - StringSource(m_data["Msg"], true, new Redirector(filter, Redirector::DATA_ONLY)); - filter.MessageEnd(); - byte b; - filter.Get(b); - OutputData(output, "Result ", b ? "P" : "F"); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - else if (m_test == "PQGVer") - { - Integer p((m_data["P"] + "h").c_str()); - Integer q((m_data["Q"] + "h").c_str()); - Integer g((m_data["G"] + "h").c_str()); - Integer h((m_data["H"] + "h").c_str()); - int c = atol(m_data["c"].c_str()); - SecByteBlock seed(m_data["Seed"].size()/2); - StringSource(m_data["Seed"], true, new HexDecoder(new ArraySink(seed, seed.size()))); - - Integer p1, q1; - bool result = DSA::GeneratePrimes(seed, seed.size()*8, c, p1, 1024, q1, true); - result = result && (p1 == p && q1 == q); - result = result && g == a_exp_b_mod_c(h, (p-1)/q, p); - - OutputData(output, "Result ", result ? "P" : "F"); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - - return; - } - - if (m_algorithm == "ECDSA") - { - std::map<std::string, OID> name2oid; - name2oid["P-192"] = ASN1::secp192r1(); - name2oid["P-224"] = ASN1::secp224r1(); - name2oid["P-256"] = ASN1::secp256r1(); - name2oid["P-384"] = ASN1::secp384r1(); - name2oid["P-521"] = ASN1::secp521r1(); - name2oid["K-163"] = ASN1::sect163k1(); - name2oid["K-233"] = ASN1::sect233k1(); - name2oid["K-283"] = ASN1::sect283k1(); - name2oid["K-409"] = ASN1::sect409k1(); - name2oid["K-571"] = ASN1::sect571k1(); - name2oid["B-163"] = ASN1::sect163r2(); - name2oid["B-233"] = ASN1::sect233r1(); - name2oid["B-283"] = ASN1::sect283r1(); - name2oid["B-409"] = ASN1::sect409r1(); - name2oid["B-571"] = ASN1::sect571r1(); - - if (m_test == "PKV") - { - bool pass; - if (m_bracketString[0] == 'P') - pass = EC_PKV<ECP>(m_rng, DecodeHex(m_data["Qx"]), DecodeHex(m_data["Qy"]), name2oid[m_bracketString]); - else - pass = EC_PKV<EC2N>(m_rng, DecodeHex(m_data["Qx"]), DecodeHex(m_data["Qy"]), name2oid[m_bracketString]); - - OutputData(output, "Result ", pass ? "P" : "F"); - } - else if (m_test == "KeyPair") - { - if (m_bracketString[0] == 'P') - EC_KeyPair<ECP>(output, atol(m_data["N"].c_str()), name2oid[m_bracketString]); - else - EC_KeyPair<EC2N>(output, atol(m_data["N"].c_str()), name2oid[m_bracketString]); - } - else if (m_test == "SigGen") - { - if (m_bracketString[0] == 'P') - EC_SigGen<ECP>(output, name2oid[m_bracketString]); - else - EC_SigGen<EC2N>(output, name2oid[m_bracketString]); - } - else if (m_test == "SigVer") - { - if (m_bracketString[0] == 'P') - EC_SigVer<ECP>(output, name2oid[m_bracketString]); - else - EC_SigVer<EC2N>(output, name2oid[m_bracketString]); - } - - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - return; - } - - if (m_algorithm == "RSA") - { - std::string shaAlg = m_data["SHAAlg"].substr(3); - - if (m_test == "Ver") - { - Integer n((m_data["n"] + "h").c_str()); - Integer e((m_data["e"] + "h").c_str()); - RSA::PublicKey pub; - pub.Initialize(n, e); - - member_ptr<PK_Verifier> pV(CreateRSA<PK_Verifier>(m_mode, shaAlg)); - pV->AccessMaterial().AssignFrom(pub); - - HexDecoder filter(new SignatureVerificationFilter(*pV)); - for (unsigned int i=m_data["S"].size(); i<pV->SignatureLength()*2; i++) - filter.Put('0'); - StringSource(m_data["S"], true, new Redirector(filter, Redirector::DATA_ONLY)); - StringSource(m_data["Msg"], true, new Redirector(filter, Redirector::DATA_ONLY)); - filter.MessageEnd(); - byte b; - filter.Get(b); - OutputData(output, "Result ", b ? "P" : "F"); - } - else - { - assert(m_test == "Gen"); - int modLen = atol(m_bracketString.substr(6).c_str()); - std::string &encodedKey = m_data["PrivKey"]; - RSA::PrivateKey priv; - - if (!encodedKey.empty()) - { - StringStore s(encodedKey); - priv.BERDecode(s); - if (priv.GetModulus().BitCount() != modLen) - encodedKey.clear(); - } - - if (encodedKey.empty()) - { - priv.Initialize(m_rng, modLen); - StringSink s(encodedKey); - priv.DEREncode(s); - OutputData(output, "n ", priv.GetModulus()); - OutputData(output, "e ", priv.GetPublicExponent(), modLen/8); - } - - member_ptr<PK_Signer> pS(CreateRSA<PK_Signer>(m_mode, shaAlg)); - pS->AccessMaterial().AssignFrom(priv); - - SecByteBlock sig(pS->SignatureLength()); - StringSource(m_data["Msg"], true, new HexDecoder(new SignerFilter(m_rng, *pS, new ArraySink(sig, sig.size())))); - OutputData(output, "SHAAlg ", m_data["SHAAlg"]); - OutputData(output, "Msg ", m_data["Msg"]); - OutputData(output, "S ", sig); - } - - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - return; - } - - if (m_algorithm == "SHA") - { - member_ptr<HashFunction> pHF; - - if (m_mode == "1") - pHF.reset(new SHA1); - else if (m_mode == "224") - pHF.reset(new SHA224); - else if (m_mode == "256") - pHF.reset(new SHA256); - else if (m_mode == "384") - pHF.reset(new SHA384); - else if (m_mode == "512") - pHF.reset(new SHA512); - - if (m_test == "MONTE") - { - SecByteBlock seed = m_data2[INPUT]; - SecByteBlock MD[1003]; - int i,j; - - for (j=0; j<100; j++) - { - MD[0] = MD[1] = MD[2] = seed; - for (i=3; i<1003; i++) - { - SecByteBlock Mi = MD[i-3] + MD[i-2] + MD[i-1]; - MD[i].resize(pHF->DigestSize()); - pHF->CalculateDigest(MD[i], Mi, Mi.size()); - } - seed = MD[1002]; - OutputData(output, "COUNT ", j); - OutputData(output, "MD ", seed); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - } - else - { - SecByteBlock tag(pHF->DigestSize()); - SecByteBlock &msg(m_data2[INPUT]); - int len = atol(m_data["Len"].c_str()); - StringSource(msg.begin(), len/8, true, new HashFilter(*pHF, new ArraySink(tag, tag.size()))); - OutputData(output, "MD ", tag); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - return; - } - - SecByteBlock &key = m_data2[KEY_T]; - - if (m_algorithm == "TDES") - { - if (!m_data["KEY1"].empty()) - { - const std::string keys[3] = {m_data["KEY1"], m_data["KEY2"], m_data["KEY3"]}; - key.resize(24); - HexDecoder hexDec(new ArraySink(key, key.size())); - for (int i=0; i<3; i++) - hexDec.Put((byte *)keys[i].data(), keys[i].size()); - - if (keys[0] == keys[2]) - { - if (keys[0] == keys[1]) - key.resize(8); - else - key.resize(16); - } - else - key.resize(24); - } - } - - if (m_algorithm == "RNG") - { - key.resize(24); - StringSource(m_data["Key1"] + m_data["Key2"] + m_data["Key3"], true, new HexDecoder(new ArraySink(key, key.size()))); - - SecByteBlock seed(m_data2[INPUT]), dt(m_data2[IV]), r(8); - X917RNG rng(new DES_EDE3::Encryption(key, key.size()), seed, dt); - - if (m_test == "MCT") - { - for (int i=0; i<10000; i++) - rng.GenerateBlock(r, r.size()); - } - else - { - rng.GenerateBlock(r, r.size()); - } - - OutputData(output, "R ", r); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - return; - } - - if (m_algorithm == "HMAC") - { - member_ptr<MessageAuthenticationCode> pMAC; - - if (m_bracketString == "L=20") - pMAC.reset(new HMAC<SHA1>); - else if (m_bracketString == "L=28") - pMAC.reset(new HMAC<SHA224>); - else if (m_bracketString == "L=32") - pMAC.reset(new HMAC<SHA256>); - else if (m_bracketString == "L=48") - pMAC.reset(new HMAC<SHA384>); - else if (m_bracketString == "L=64") - pMAC.reset(new HMAC<SHA512>); - else - throw Exception(Exception::OTHER_ERROR, "TestDataParser: unexpected HMAC bracket string: " + m_bracketString); - - pMAC->SetKey(key, key.size()); - int Tlen = atol(m_data["Tlen"].c_str()); - SecByteBlock tag(Tlen); - StringSource(m_data["Msg"], true, new HexDecoder(new HashFilter(*pMAC, new ArraySink(tag, Tlen), false, Tlen))); - OutputData(output, "Mac ", tag); - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - return; - } - - member_ptr<BlockCipher> pBT; - if (m_algorithm == "DES") - pBT.reset(NewBT((DES*)0)); - else if (m_algorithm == "TDES") - { - if (key.size() == 8) - pBT.reset(NewBT((DES*)0)); - else if (key.size() == 16) - pBT.reset(NewBT((DES_EDE2*)0)); - else - pBT.reset(NewBT((DES_EDE3*)0)); - } - else if (m_algorithm == "SKIPJACK") - pBT.reset(NewBT((SKIPJACK*)0)); - else if (m_algorithm == "AES") - pBT.reset(NewBT((AES*)0)); - else - throw Exception(Exception::OTHER_ERROR, "TestDataParser: unexpected algorithm: " + m_algorithm); - - if (!pBT->IsValidKeyLength(key.size())) - key.CleanNew(pBT->DefaultKeyLength()); // for Scbcvrct - pBT->SetKey(key.data(), key.size()); - - SecByteBlock &iv = m_data2[IV]; - if (iv.empty()) - iv.CleanNew(pBT->BlockSize()); - - member_ptr<SymmetricCipher> pCipher; - unsigned int K = m_feedbackSize; - - if (m_mode == "ECB") - pCipher.reset(NewMode((ECB_Mode_ExternalCipher*)0, *pBT, iv)); - else if (m_mode == "CBC") - pCipher.reset(NewMode((CBC_Mode_ExternalCipher*)0, *pBT, iv)); - else if (m_mode == "CFB") - pCipher.reset(NewMode((CFB_Mode_ExternalCipher*)0, *pBT, iv)); - else if (m_mode == "OFB") - pCipher.reset(NewMode((OFB_Mode_ExternalCipher*)0, *pBT, iv)); - else - throw Exception(Exception::OTHER_ERROR, "TestDataParser: unexpected mode: " + m_mode); - - bool encrypt = m_encrypt; - - if (m_test == "MONTE") - { - SecByteBlock KEY[401]; - KEY[0] = key; - int keySize = key.size(); - int blockSize = pBT->BlockSize(); - - std::vector<SecByteBlock> IB(10001), OB(10001), PT(10001), CT(10001), RESULT(10001), TXT(10001), CV(10001); - PT[0] = GetData("PLAINTEXT"); - CT[0] = GetData("CIPHERTEXT"); - CV[0] = IB[0] = iv; - TXT[0] = GetData("TEXT"); - - int outerCount = (m_algorithm == "AES") ? 100 : 400; - int innerCount = (m_algorithm == "AES") ? 1000 : 10000; - - for (int i=0; i<outerCount; i++) - { - pBT->SetKey(KEY[i], keySize); - - for (int j=0; j<innerCount; j++) - { - if (m_mode == "ECB") - { - if (encrypt) - { - IB[j] = PT[j]; - CT[j].resize(blockSize); - pBT->ProcessBlock(IB[j], CT[j]); - PT[j+1] = CT[j]; - } - else - { - IB[j] = CT[j]; - PT[j].resize(blockSize); - pBT->ProcessBlock(IB[j], PT[j]); - CT[j+1] = PT[j]; - } - } - else if (m_mode == "OFB") - { - OB[j].resize(blockSize); - pBT->ProcessBlock(IB[j], OB[j]); - Xor(RESULT[j], OB[j], TXT[j]); - TXT[j+1] = IB[j]; - IB[j+1] = OB[j]; - } - else if (m_mode == "CBC") - { - if (encrypt) - { - Xor(IB[j], PT[j], CV[j]); - CT[j].resize(blockSize); - pBT->ProcessBlock(IB[j], CT[j]); - PT[j+1] = CV[j]; - CV[j+1] = CT[j]; - } - else - { - IB[j] = CT[j]; - OB[j].resize(blockSize); - pBT->ProcessBlock(IB[j], OB[j]); - Xor(PT[j], OB[j], CV[j]); - CV[j+1] = CT[j]; - CT[j+1] = PT[j]; - } - } - else if (m_mode == "CFB") - { - if (encrypt) - { - OB[j].resize(blockSize); - pBT->ProcessBlock(IB[j], OB[j]); - AssignLeftMostBits(CT[j], OB[j], K); - Xor(CT[j], CT[j], PT[j]); - AssignLeftMostBits(PT[j+1], IB[j], K); - IB[j+1].resize(blockSize); - memcpy(IB[j+1], IB[j]+K/8, blockSize-K/8); - memcpy(IB[j+1]+blockSize-K/8, CT[j], K/8); - } - else - { - OB[j].resize(blockSize); - pBT->ProcessBlock(IB[j], OB[j]); - AssignLeftMostBits(PT[j], OB[j], K); - Xor(PT[j], PT[j], CT[j]); - IB[j+1].resize(blockSize); - memcpy(IB[j+1], IB[j]+K/8, blockSize-K/8); - memcpy(IB[j+1]+blockSize-K/8, CT[j], K/8); - AssignLeftMostBits(CT[j+1], OB[j], K); - } - } - else - throw Exception(Exception::OTHER_ERROR, "TestDataParser: unexpected mode: " + m_mode); - } - - OutputData(output, COUNT, IntToString(i)); - OutputData(output, KEY_T, KEY[i]); - if (m_mode == "CBC") - OutputData(output, IV, CV[0]); - if (m_mode == "OFB" || m_mode == "CFB") - OutputData(output, IV, IB[0]); - if (m_mode == "ECB" || m_mode == "CBC" || m_mode == "CFB") - { - if (encrypt) - { - OutputData(output, INPUT, PT[0]); - OutputData(output, OUTPUT, CT[innerCount-1]); - KEY[i+1] = UpdateKey(KEY[i], &CT[0]); - } - else - { - OutputData(output, INPUT, CT[0]); - OutputData(output, OUTPUT, PT[innerCount-1]); - KEY[i+1] = UpdateKey(KEY[i], &PT[0]); - } - PT[0] = PT[innerCount]; - IB[0] = IB[innerCount]; - CV[0] = CV[innerCount]; - CT[0] = CT[innerCount]; - } - else if (m_mode == "OFB") - { - OutputData(output, INPUT, TXT[0]); - OutputData(output, OUTPUT, RESULT[innerCount-1]); - KEY[i+1] = UpdateKey(KEY[i], &RESULT[0]); - Xor(TXT[0], TXT[0], IB[innerCount-1]); - IB[0] = OB[innerCount-1]; - } - output += "\n"; - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - } - } - else if (m_test == "MCT") - { - SecByteBlock KEY[101]; - KEY[0] = key; - int keySize = key.size(); - int blockSize = pBT->BlockSize(); - - SecByteBlock ivs[101], inputs[1001], outputs[1001]; - ivs[0] = iv; - inputs[0] = m_data2[INPUT]; - - for (int i=0; i<100; i++) - { - pCipher->SetKey(KEY[i], keySize, MakeParameters(Name::IV(), (const byte *)ivs[i])(Name::FeedbackSize(), (int)K/8, false)); - - for (int j=0; j<1000; j++) - { - outputs[j] = inputs[j]; - pCipher->ProcessString(outputs[j], outputs[j].size()); - if (K==8 && m_mode == "CFB") - { - if (j<16) - inputs[j+1].Assign(ivs[i]+j, 1); - else - inputs[j+1] = outputs[j-16]; - } - else if (m_mode == "ECB") - inputs[j+1] = outputs[j]; - else if (j == 0) - inputs[j+1] = ivs[i]; - else - inputs[j+1] = outputs[j-1]; - } - - if (m_algorithm == "AES") - OutputData(output, COUNT, m_count++); - OutputData(output, KEY_T, KEY[i]); - if (m_mode != "ECB") - OutputData(output, IV, ivs[i]); - OutputData(output, INPUT, inputs[0]); - OutputData(output, OUTPUT, outputs[999]); - output += "\n"; - AttachedTransformation()->Put((byte *)output.data(), output.size()); - output.resize(0); - - KEY[i+1] = UpdateKey(KEY[i], outputs); - ivs[i+1].CleanNew(pCipher->IVSize()); - ivs[i+1] = UpdateKey(ivs[i+1], outputs); - if (K==8 && m_mode == "CFB") - inputs[0] = outputs[999-16]; - else if (m_mode == "ECB") - inputs[0] = outputs[999]; - else - inputs[0] = outputs[998]; - } - } - else - { - assert(m_test == "KAT"); - - SecByteBlock &input = m_data2[INPUT]; - SecByteBlock result(input.size()); - member_ptr<Filter> pFilter(new StreamTransformationFilter(*pCipher, new ArraySink(result, result.size()), StreamTransformationFilter::NO_PADDING)); - StringSource(input.data(), input.size(), true, pFilter.release()); - - OutputGivenData(output, COUNT, true); - OutputData(output, KEY_T, key); - OutputGivenData(output, IV, true); - OutputGivenData(output, INPUT); - OutputData(output, OUTPUT, result); - output += "\n"; - AttachedTransformation()->Put((byte *)output.data(), output.size()); - } - } - - std::vector<std::string> Tokenize(const std::string &line) - { - std::vector<std::string> result; - std::string s; - for (unsigned int i=0; i<line.size(); i++) - { - if (isalnum(line[i]) || line[i] == '^') - s += line[i]; - else if (!s.empty()) - { - result.push_back(s); - s = ""; - } - if (line[i] == '=') - result.push_back("="); - } - if (!s.empty()) - result.push_back(s); - return result; - } - - bool IsolatedMessageEnd(bool blocking) - { - if (!blocking) - throw BlockingInputOnly("TestDataParser"); - - m_line.resize(0); - m_inQueue.TransferTo(StringSink(m_line).Ref()); - - if (m_line[0] == '#') - return false; - - bool copyLine = false; - - if (m_line[0] == '[') - { - m_bracketString = m_line.substr(1, m_line.size()-2); - if (m_bracketString == "ENCRYPT") - SetEncrypt(true); - if (m_bracketString == "DECRYPT") - SetEncrypt(false); - copyLine = true; - } - - if (m_line.substr(0, 2) == "H>") - { - assert(m_test == "sha"); - m_bracketString = m_line.substr(2, m_line.size()-4); - m_line = m_line.substr(0, 13) + "Hashes<H"; - copyLine = true; - } - - if (m_line == "D>") - copyLine = true; - - if (m_line == "<D") - { - m_line += "\n"; - copyLine = true; - } - - if (copyLine) - { - m_line += '\n'; - AttachedTransformation()->Put((byte *)m_line.data(), m_line.size(), blocking); - return false; - } - - std::vector<std::string> tokens = Tokenize(m_line); - - if (m_algorithm == "DSA" && m_test == "sha") - { - for (unsigned int i = 0; i < tokens.size(); i++) - { - if (tokens[i] == "^") - DoTest(); - else if (tokens[i] != "") - m_compactString.push_back(atol(tokens[i].c_str())); - } - } - else - { - if (!m_line.empty() && ((m_algorithm == "RSA" && m_test != "Gen") || m_algorithm == "RNG" || m_algorithm == "HMAC" || m_algorithm == "SHA" || (m_algorithm == "ECDSA" && m_test != "KeyPair") || (m_algorithm == "DSA" && (m_test == "PQGVer" || m_test == "SigVer")))) - { - // copy input to output - std::string output = m_line + '\n'; - AttachedTransformation()->Put((byte *)output.data(), output.size()); - } - - for (unsigned int i = 0; i < tokens.size(); i++) - { - if (m_firstLine && m_algorithm != "DSA") - { - if (tokens[i] == "Encrypt" || tokens[i] == "OFB") - SetEncrypt(true); - else if (tokens[i] == "Decrypt") - SetEncrypt(false); - else if (tokens[i] == "Modes") - m_test = "MONTE"; - } - else - { - if (tokens[i] != "=") - continue; - - if (i == 0) - throw Exception(Exception::OTHER_ERROR, "TestDataParser: unexpected data: " + m_line); - - const std::string &key = tokens[i-1]; - std::string &data = m_data[key]; - data = (tokens.size() > i+1) ? tokens[i+1] : ""; - DataType t = m_nameToType[key]; - m_typeToName[t] = key; - m_data2[t] = DecodeHex(data); - - if (key == m_trigger || (t == OUTPUT && !m_data2[INPUT].empty() && !isspace(m_line[0]))) - DoTest(); - } - } - } - - m_firstLine = false; - - return false; - } - - inline const SecByteBlock & GetData(const std::string &key) - { - return m_data2[m_nameToType[key]]; - } - - static SecByteBlock DecodeHex(const std::string &data) - { - SecByteBlock data2(data.size() / 2); - StringSource(data, true, new HexDecoder(new ArraySink(data2, data2.size()))); - return data2; - } - - std::string m_algorithm, m_test, m_mode, m_line, m_bracketString, m_trigger; - unsigned int m_feedbackSize, m_blankLineTransition; - bool m_encrypt, m_firstLine; - - typedef std::map<std::string, DataType> NameToTypeMap; - NameToTypeMap m_nameToType; - typedef std::map<DataType, std::string> TypeToNameMap; - TypeToNameMap m_typeToName; - - typedef std::map<std::string, std::string> Map; - Map m_data; // raw data - typedef std::map<DataType, SecByteBlock> Map2; - Map2 m_data2; - int m_count; - - AutoSeededX917RNG<AES> m_rng; - std::vector<unsigned int> m_compactString; -}; - -int FIPS_140_AlgorithmTest(int argc, char **argv) -{ - argc--; - argv++; - - std::string algorithm = argv[1]; - std::string pathname = argv[2]; - unsigned int i = pathname.find_last_of("\\/"); - std::string filename = pathname.substr(i == std::string::npos ? 0 : i+1); - std::string dirname = pathname.substr(0, i); - - if (algorithm == "auto") - { - string algTable[] = {"AES", "ECDSA", "DSA", "HMAC", "RNG", "RSA", "TDES", "SKIPJACK", "SHA"}; // order is important here - for (i=0; i<sizeof(algTable)/sizeof(algTable[0]); i++) - { - if (dirname.find(algTable[i]) != std::string::npos) - { - algorithm = algTable[i]; - break; - } - } - } - - try - { - std::string mode; - if (algorithm == "SHA") - mode = IntToString(atol(filename.substr(3, 3).c_str())); - else if (algorithm == "RSA") - mode = filename.substr(6, 1); - else if (filename[0] == 'S' || filename[0] == 'T') - mode = filename.substr(1, 3); - else - mode = filename.substr(0, 3); - for (i = 0; i<mode.size(); i++) - mode[i] = toupper(mode[i]); - unsigned int feedbackSize = mode == "CFB" ? atoi(filename.substr(filename.find_first_of("0123456789")).c_str()) : 0; - std::string test; - if (algorithm == "DSA" || algorithm == "ECDSA") - test = filename.substr(0, filename.size() - 4); - else if (algorithm == "RSA") - test = filename.substr(3, 3); - else if (filename.find("Monte") != std::string::npos) - test = "MONTE"; - else if (filename.find("MCT") != std::string::npos) - test = "MCT"; - else - test = "KAT"; - bool encrypt = (filename.find("vrct") == std::string::npos); - - BufferedTransformation *pSink = NULL; - - if (argc > 3) - { - std::string outDir = argv[3]; - - if (outDir == "auto") - { - if (dirname.substr(dirname.size()-3) == "req") - outDir = dirname.substr(0, dirname.size()-3) + "resp"; - } - - if (*outDir.rbegin() != '\\' && *outDir.rbegin() != '/') - outDir += '/'; - std::string outPathname = outDir + filename.substr(0, filename.size() - 3) + "rsp"; - pSink = new FileSink(outPathname.c_str(), false); - } - else - pSink = new FileSink(cout); - - FileSource(pathname.c_str(), true, new LineBreakParser(new TestDataParser(algorithm, test, mode, feedbackSize, encrypt, pSink)), false); - } - catch (...) - { - cout << "file: " << filename << endl; - throw; - } - return 0; -} - -extern int (*AdhocTest)(int argc, char *argv[]); -static int s_i = (AdhocTest = &FIPS_140_AlgorithmTest, 0); -#endif diff --git a/cryptopp562/fipstest.cpp b/cryptopp562/fipstest.cpp deleted file mode 100644 index e882742..0000000 --- a/cryptopp562/fipstest.cpp +++ /dev/null @@ -1,601 +0,0 @@ -// fipstest.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#define CRYPTOPP_DEFAULT_NO_DLL -#include "dll.h" - -#ifdef CRYPTOPP_WIN32_AVAILABLE -#define _WIN32_WINNT 0x0400 -#include <windows.h> - -#if defined(_MSC_VER) && _MSC_VER >= 1400 -#ifdef _M_IX86 -#define _CRT_DEBUGGER_HOOK _crt_debugger_hook -#else -#define _CRT_DEBUGGER_HOOK __crt_debugger_hook -#endif -extern "C" {_CRTIMP void __cdecl _CRT_DEBUGGER_HOOK(int);} -#endif -#endif - -#include <iostream> - -NAMESPACE_BEGIN(CryptoPP) - -extern PowerUpSelfTestStatus g_powerUpSelfTestStatus; -SecByteBlock g_actualMac; -unsigned long g_macFileLocation = 0; - -// use a random dummy string here, to be searched/replaced later with the real MAC -static const byte s_moduleMac[CryptoPP::HMAC<CryptoPP::SHA1>::DIGESTSIZE] = CRYPTOPP_DUMMY_DLL_MAC; -CRYPTOPP_COMPILE_ASSERT(sizeof(s_moduleMac) == CryptoPP::SHA1::DIGESTSIZE); - -#ifdef CRYPTOPP_WIN32_AVAILABLE -static HMODULE s_hModule = NULL; -#endif - -const byte * CRYPTOPP_API GetActualMacAndLocation(unsigned int &macSize, unsigned int &fileLocation) -{ - macSize = (unsigned int)g_actualMac.size(); - fileLocation = g_macFileLocation; - return g_actualMac; -} - -void KnownAnswerTest(RandomNumberGenerator &rng, const char *output) -{ - EqualityComparisonFilter comparison; - - RandomNumberStore(rng, strlen(output)/2).TransferAllTo(comparison, "0"); - StringSource(output, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); - - comparison.ChannelMessageSeriesEnd("0"); - comparison.ChannelMessageSeriesEnd("1"); -} - -template <class CIPHER> -void X917RNG_KnownAnswerTest( - const char *key, - const char *seed, - const char *deterministicTimeVector, - const char *output, - CIPHER *dummy = NULL) -{ -#ifdef OS_RNG_AVAILABLE - std::string decodedKey, decodedSeed, decodedDeterministicTimeVector; - StringSource(key, true, new HexDecoder(new StringSink(decodedKey))); - StringSource(seed, true, new HexDecoder(new StringSink(decodedSeed))); - StringSource(deterministicTimeVector, true, new HexDecoder(new StringSink(decodedDeterministicTimeVector))); - - AutoSeededX917RNG<CIPHER> rng(false, false); - rng.Reseed((const byte *)decodedKey.data(), decodedKey.size(), (const byte *)decodedSeed.data(), (const byte *)decodedDeterministicTimeVector.data()); - KnownAnswerTest(rng, output); -#else - throw 0; -#endif -} - -void KnownAnswerTest(StreamTransformation &encryption, StreamTransformation &decryption, const char *plaintext, const char *ciphertext) -{ - EqualityComparisonFilter comparison; - - StringSource(plaintext, true, new HexDecoder(new StreamTransformationFilter(encryption, new ChannelSwitch(comparison, "0"), StreamTransformationFilter::NO_PADDING))); - StringSource(ciphertext, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); - - StringSource(ciphertext, true, new HexDecoder(new StreamTransformationFilter(decryption, new ChannelSwitch(comparison, "0"), StreamTransformationFilter::NO_PADDING))); - StringSource(plaintext, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); - - comparison.ChannelMessageSeriesEnd("0"); - comparison.ChannelMessageSeriesEnd("1"); -} - -template <class CIPHER> -void SymmetricEncryptionKnownAnswerTest( - const char *key, - const char *hexIV, - const char *plaintext, - const char *ecb, - const char *cbc, - const char *cfb, - const char *ofb, - const char *ctr, - CIPHER *dummy = NULL) -{ - std::string decodedKey; - StringSource(key, true, new HexDecoder(new StringSink(decodedKey))); - - typename CIPHER::Encryption encryption((const byte *)decodedKey.data(), decodedKey.size()); - typename CIPHER::Decryption decryption((const byte *)decodedKey.data(), decodedKey.size()); - - SecByteBlock iv(encryption.BlockSize()); - StringSource(hexIV, true, new HexDecoder(new ArraySink(iv, iv.size()))); - - if (ecb) - KnownAnswerTest(ECB_Mode_ExternalCipher::Encryption(encryption).Ref(), ECB_Mode_ExternalCipher::Decryption(decryption).Ref(), plaintext, ecb); - if (cbc) - KnownAnswerTest(CBC_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), CBC_Mode_ExternalCipher::Decryption(decryption, iv).Ref(), plaintext, cbc); - if (cfb) - KnownAnswerTest(CFB_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), CFB_Mode_ExternalCipher::Decryption(encryption, iv).Ref(), plaintext, cfb); - if (ofb) - KnownAnswerTest(OFB_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), OFB_Mode_ExternalCipher::Decryption(encryption, iv).Ref(), plaintext, ofb); - if (ctr) - KnownAnswerTest(CTR_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), CTR_Mode_ExternalCipher::Decryption(encryption, iv).Ref(), plaintext, ctr); -} - -void KnownAnswerTest(HashTransformation &hash, const char *message, const char *digest) -{ - EqualityComparisonFilter comparison; - StringSource(digest, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); - StringSource(message, true, new HashFilter(hash, new ChannelSwitch(comparison, "0"))); - - comparison.ChannelMessageSeriesEnd("0"); - comparison.ChannelMessageSeriesEnd("1"); -} - -template <class HASH> -void SecureHashKnownAnswerTest(const char *message, const char *digest, HASH *dummy = NULL) -{ - HASH hash; - KnownAnswerTest(hash, message, digest); -} - -template <class MAC> -void MAC_KnownAnswerTest(const char *key, const char *message, const char *digest, MAC *dummy = NULL) -{ - std::string decodedKey; - StringSource(key, true, new HexDecoder(new StringSink(decodedKey))); - - MAC mac((const byte *)decodedKey.data(), decodedKey.size()); - KnownAnswerTest(mac, message, digest); -} - -template <class SCHEME> -void SignatureKnownAnswerTest(const char *key, const char *message, const char *signature, SCHEME *dummy = NULL) -{ - typename SCHEME::Signer signer(StringSource(key, true, new HexDecoder).Ref()); - typename SCHEME::Verifier verifier(signer); - - RandomPool rng; - EqualityComparisonFilter comparison; - - StringSource(message, true, new SignerFilter(rng, signer, new ChannelSwitch(comparison, "0"))); - StringSource(signature, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); - - comparison.ChannelMessageSeriesEnd("0"); - comparison.ChannelMessageSeriesEnd("1"); - - VerifierFilter verifierFilter(verifier, NULL, VerifierFilter::SIGNATURE_AT_BEGIN | VerifierFilter::THROW_EXCEPTION); - StringSource(signature, true, new HexDecoder(new Redirector(verifierFilter, Redirector::DATA_ONLY))); - StringSource(message, true, new Redirector(verifierFilter)); -} - -void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor) -{ - try - { - RandomPool rng; - const char *testMessage ="test message"; - std::string ciphertext, decrypted; - - StringSource( - testMessage, - true, - new PK_EncryptorFilter( - rng, - encryptor, - new StringSink(ciphertext))); - - if (ciphertext == testMessage) - throw 0; - - StringSource( - ciphertext, - true, - new PK_DecryptorFilter( - rng, - decryptor, - new StringSink(decrypted))); - - if (decrypted != testMessage) - throw 0; - } - catch (...) - { - throw SelfTestFailure(encryptor.AlgorithmName() + ": pairwise consistency test failed"); - } -} - -void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier) -{ - try - { - RandomPool rng; - - StringSource( - "test message", - true, - new SignerFilter( - rng, - signer, - new VerifierFilter(verifier, NULL, VerifierFilter::THROW_EXCEPTION), - true)); - } - catch (...) - { - throw SelfTestFailure(signer.AlgorithmName() + ": pairwise consistency test failed"); - } -} - -template <class SCHEME> -void SignaturePairwiseConsistencyTest(const char *key, SCHEME *dummy = NULL) -{ - typename SCHEME::Signer signer(StringSource(key, true, new HexDecoder).Ref()); - typename SCHEME::Verifier verifier(signer); - - SignaturePairwiseConsistencyTest(signer, verifier); -} - -MessageAuthenticationCode * NewIntegrityCheckingMAC() -{ - byte key[] = {0x47, 0x1E, 0x33, 0x96, 0x65, 0xB1, 0x6A, 0xED, 0x0B, 0xF8, 0x6B, 0xFD, 0x01, 0x65, 0x05, 0xCC}; - return new HMAC<SHA1>(key, sizeof(key)); -} - -bool IntegrityCheckModule(const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac, unsigned long *pMacFileLocation) -{ - std::auto_ptr<MessageAuthenticationCode> mac(NewIntegrityCheckingMAC()); - unsigned int macSize = mac->DigestSize(); - - SecByteBlock tempMac; - SecByteBlock &actualMac = pActualMac ? *pActualMac : tempMac; - actualMac.resize(macSize); - - unsigned long tempLocation; - unsigned long &macFileLocation = pMacFileLocation ? *pMacFileLocation : tempLocation; - macFileLocation = 0; - - MeterFilter verifier(new HashFilter(*mac, new ArraySink(actualMac, actualMac.size()))); -// MeterFilter verifier(new FileSink("c:\\dt.tmp")); - std::ifstream moduleStream; - -#ifdef CRYPTOPP_WIN32_AVAILABLE - HMODULE h; - { - char moduleFilenameBuf[MAX_PATH] = ""; - if (moduleFilename == NULL) - { -#if (_MSC_VER >= 1400 && !defined(_STLPORT_VERSION)) // ifstream doesn't support wide filename on other compilers - wchar_t wideModuleFilename[MAX_PATH]; - if (GetModuleFileNameW(s_hModule, wideModuleFilename, MAX_PATH) > 0) - { - moduleStream.open(wideModuleFilename, std::ios::in | std::ios::binary); - h = GetModuleHandleW(wideModuleFilename); - } - else -#endif - { - GetModuleFileNameA(s_hModule, moduleFilenameBuf, MAX_PATH); - moduleFilename = moduleFilenameBuf; - } - } -#endif - if (moduleFilename != NULL) - { - moduleStream.open(moduleFilename, std::ios::in | std::ios::binary); -#ifdef CRYPTOPP_WIN32_AVAILABLE - h = GetModuleHandleA(moduleFilename); - moduleFilename = NULL; - } -#endif - } - - if (!moduleStream) - { -#ifdef CRYPTOPP_WIN32_AVAILABLE - OutputDebugString("Crypto++ DLL integrity check failed. Cannot open file for reading."); -#endif - return false; - } - FileStore file(moduleStream); - -#ifdef CRYPTOPP_WIN32_AVAILABLE - // try to hash from memory first - const byte *memBase = (const byte *)h; - const IMAGE_DOS_HEADER *ph = (IMAGE_DOS_HEADER *)memBase; - const IMAGE_NT_HEADERS *phnt = (IMAGE_NT_HEADERS *)(memBase + ph->e_lfanew); - const IMAGE_SECTION_HEADER *phs = IMAGE_FIRST_SECTION(phnt); - DWORD nSections = phnt->FileHeader.NumberOfSections; - size_t currentFilePos = 0; - - size_t checksumPos = (byte *)&phnt->OptionalHeader.CheckSum - memBase; - size_t checksumSize = sizeof(phnt->OptionalHeader.CheckSum); - size_t certificateTableDirectoryPos = (byte *)&phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY] - memBase; - size_t certificateTableDirectorySize = sizeof(phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]); - size_t certificateTablePos = phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress; - size_t certificateTableSize = phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].Size; - - verifier.AddRangeToSkip(0, checksumPos, checksumSize); - verifier.AddRangeToSkip(0, certificateTableDirectoryPos, certificateTableDirectorySize); - verifier.AddRangeToSkip(0, certificateTablePos, certificateTableSize); - - while (nSections--) - { - switch (phs->Characteristics) - { - default: - break; - case IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_READ: - case IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_MEM_READ: - unsigned int sectionSize = STDMIN(phs->SizeOfRawData, phs->Misc.VirtualSize); - const byte *sectionMemStart = memBase + phs->VirtualAddress; - unsigned int sectionFileStart = phs->PointerToRawData; - size_t subSectionStart = 0, nextSubSectionStart; - - do - { - const byte *subSectionMemStart = sectionMemStart + subSectionStart; - size_t subSectionFileStart = sectionFileStart + subSectionStart; - size_t subSectionSize = sectionSize - subSectionStart; - nextSubSectionStart = 0; - - unsigned int entriesToReadFromDisk[] = {IMAGE_DIRECTORY_ENTRY_IMPORT, IMAGE_DIRECTORY_ENTRY_IAT}; - for (unsigned int i=0; i<sizeof(entriesToReadFromDisk)/sizeof(entriesToReadFromDisk[0]); i++) - { - const IMAGE_DATA_DIRECTORY &entry = phnt->OptionalHeader.DataDirectory[entriesToReadFromDisk[i]]; - const byte *entryMemStart = memBase + entry.VirtualAddress; - if (subSectionMemStart <= entryMemStart && entryMemStart < subSectionMemStart + subSectionSize) - { - subSectionSize = entryMemStart - subSectionMemStart; - nextSubSectionStart = entryMemStart - sectionMemStart + entry.Size; - } - } - -#if defined(_MSC_VER) && _MSC_VER >= 1400 - // first byte of _CRT_DEBUGGER_HOOK gets modified in memory by the debugger invisibly, so read it from file - if (IsDebuggerPresent()) - { - if (subSectionMemStart <= (byte *)&_CRT_DEBUGGER_HOOK && (byte *)&_CRT_DEBUGGER_HOOK < subSectionMemStart + subSectionSize) - { - subSectionSize = (byte *)&_CRT_DEBUGGER_HOOK - subSectionMemStart; - nextSubSectionStart = (byte *)&_CRT_DEBUGGER_HOOK - sectionMemStart + 1; - } - } -#endif - - if (subSectionMemStart <= expectedModuleMac && expectedModuleMac < subSectionMemStart + subSectionSize) - { - // found stored MAC - macFileLocation = (unsigned long)(subSectionFileStart + (expectedModuleMac - subSectionMemStart)); - verifier.AddRangeToSkip(0, macFileLocation, macSize); - } - - file.TransferTo(verifier, subSectionFileStart - currentFilePos); - verifier.Put(subSectionMemStart, subSectionSize); - file.Skip(subSectionSize); - currentFilePos = subSectionFileStart + subSectionSize; - subSectionStart = nextSubSectionStart; - } while (nextSubSectionStart != 0); - } - phs++; - } -#endif - file.TransferAllTo(verifier); - -#ifdef CRYPTOPP_WIN32_AVAILABLE - // if that fails (could be caused by debug breakpoints or DLL base relocation modifying image in memory), - // hash from disk instead - if (!VerifyBufsEqual(expectedModuleMac, actualMac, macSize)) - { - OutputDebugString("In memory integrity check failed. This may be caused by debug breakpoints or DLL relocation.\n"); - moduleStream.clear(); - moduleStream.seekg(0); - verifier.Initialize(MakeParameters(Name::OutputBuffer(), ByteArrayParameter(actualMac, (unsigned int)actualMac.size()))); -// verifier.Initialize(MakeParameters(Name::OutputFileName(), (const char *)"c:\\dt2.tmp")); - verifier.AddRangeToSkip(0, checksumPos, checksumSize); - verifier.AddRangeToSkip(0, certificateTableDirectoryPos, certificateTableDirectorySize); - verifier.AddRangeToSkip(0, certificateTablePos, certificateTableSize); - verifier.AddRangeToSkip(0, macFileLocation, macSize); - FileStore(moduleStream).TransferAllTo(verifier); - } -#endif - - if (VerifyBufsEqual(expectedModuleMac, actualMac, macSize)) - return true; - -#ifdef CRYPTOPP_WIN32_AVAILABLE - std::string hexMac; - HexEncoder(new StringSink(hexMac)).PutMessageEnd(actualMac, actualMac.size()); - OutputDebugString((("Crypto++ DLL integrity check failed. Actual MAC is: " + hexMac) + "\n").c_str()); -#endif - return false; -} - -void DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleMac) -{ - g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE; - SetPowerUpSelfTestInProgressOnThisThread(true); - - try - { - if (FIPS_140_2_ComplianceEnabled() || expectedModuleMac != NULL) - { - if (!IntegrityCheckModule(moduleFilename, expectedModuleMac, &g_actualMac, &g_macFileLocation)) - throw 0; // throw here so we break in the debugger, this will be caught right away - } - - // algorithm tests - - X917RNG_KnownAnswerTest<AES>( - "2b7e151628aed2a6abf7158809cf4f3c", // key - "000102030405060708090a0b0c0d0e0f", // seed - "00000000000000000000000000000001", // time vector - "D176EDD27493B0395F4D10546232B0693DC7061C03C3A554F09CECF6F6B46D945A"); // output - - SymmetricEncryptionKnownAnswerTest<DES_EDE3>( - "385D7189A5C3D485E1370AA5D408082B5CCCCB5E19F2D90E", - "C141B5FCCD28DC8A", - "6E1BD7C6120947A464A6AAB293A0F89A563D8D40D3461B68", - "64EAAD4ACBB9CEAD6C7615E7C7E4792FE587D91F20C7D2F4", - "6235A461AFD312973E3B4F7AA7D23E34E03371F8E8C376C9", - "E26BA806A59B0330DE40CA38E77A3E494BE2B212F6DD624B", - "E26BA806A59B03307DE2BCC25A08BA40A8BA335F5D604C62", - "E26BA806A59B03303C62C2EFF32D3ACDD5D5F35EBCC53371"); - - SymmetricEncryptionKnownAnswerTest<SKIPJACK>( - "1555E5531C3A169B2D65", - "6EC9795701F49864", - "00AFA48E9621E52E8CBDA312660184EDDB1F33D9DACDA8DA", - "DBEC73562EFCAEB56204EB8AE9557EBF77473FBB52D17CD1", - "0C7B0B74E21F99B8F2C8DF37879F6C044967F42A796DCA8B", - "79FDDA9724E36CC2E023E9A5C717A8A8A7FDA465CADCBF63", - "79FDDA9724E36CC26CACBD83C1ABC06EAF5B249BE5B1E040", - "79FDDA9724E36CC211B0AEC607B95A96BCDA318440B82F49"); - - SymmetricEncryptionKnownAnswerTest<AES>( - "2b7e151628aed2a6abf7158809cf4f3c", - "000102030405060708090a0b0c0d0e0f", - "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", // plaintext - "3ad77bb40d7a3660a89ecaf32466ef97f5d3d58503b9699de785895a96fdbaaf43b1cd7f598ece23881b00e3ed0306887b0c785e27e8ad3f8223207104725dd4", // ecb - "7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a7", // cbc - "3b3fd92eb72dad20333449f8e83cfb4ac8a64537a0b3a93fcde3cdad9f1ce58b26751f67a3cbb140b1808cf187a4f4dfc04b05357c5d1c0eeac4c66f9ff7f2e6", // cfb - "3b3fd92eb72dad20333449f8e83cfb4a7789508d16918f03f53c52dac54ed8259740051e9c5fecf64344f7a82260edcc304c6528f659c77866a510d9c1d6ae5e", // ofb - NULL); - - SymmetricEncryptionKnownAnswerTest<AES>( - "2b7e151628aed2a6abf7158809cf4f3c", - "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", - "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", - NULL, - NULL, - NULL, - NULL, - "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee"); // ctr - - - SecureHashKnownAnswerTest<SHA1>( - "abc", - "A9993E364706816ABA3E25717850C26C9CD0D89D"); - - SecureHashKnownAnswerTest<SHA224>( - "abc", - "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7"); - - SecureHashKnownAnswerTest<SHA256>( - "abc", - "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"); - - SecureHashKnownAnswerTest<SHA384>( - "abc", - "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7"); - - SecureHashKnownAnswerTest<SHA512>( - "abc", - "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f"); - - MAC_KnownAnswerTest<HMAC<SHA1> >( - "303132333435363738393a3b3c3d3e3f40414243", - "Sample #2", - "0922d3405faa3d194f82a45830737d5cc6c75d24"); - - const char *keyRSA1 = - "30820150020100300d06092a864886f70d01010105000482013a3082013602010002400a66791dc6988168de7ab77419bb7fb0" - "c001c62710270075142942e19a8d8c51d053b3e3782a1de5dc5af4ebe99468170114a1dfe67cdc9a9af55d655620bbab0203010001" - "02400123c5b61ba36edb1d3679904199a89ea80c09b9122e1400c09adcf7784676d01d23356a7d44d6bd8bd50e94bfc723fa" - "87d8862b75177691c11d757692df8881022033d48445c859e52340de704bcdda065fbb4058d740bd1d67d29e9c146c11cf61" - "0220335e8408866b0fd38dc7002d3f972c67389a65d5d8306566d5c4f2a5aa52628b0220045ec90071525325d3d46db79695e9af" - "acc4523964360e02b119baa366316241022015eb327360c7b60d12e5e2d16bdcd97981d17fba6b70db13b20b436e24eada590220" - "2ca6366d72781dfa24d34a9a24cbc2ae927a9958af426563ff63fb11658a461d"; - - const char *keyRSA2 = - "30820273020100300D06092A864886F70D01010105000482025D3082025902010002818100D40AF9" - "A2B713034249E5780056D70FC7DE75D76E44565AA6A6B8ED9646F3C19F9E254D72D7DE6E49DB2264" - "0C1D05AB9E2A5F901D8F3FE1F7AE02CEE2ECCE54A40ABAE55A004692752E70725AEEE7CDEA67628A" - "82A9239B4AB660C2BC56D9F01E90CBAAB9BF0FC8E17173CEFC5709A29391A7DDF3E0B758691AAF30" - "725B292F4F020111027F18C0BA087D082C45D75D3594E0767E4820818EB35612B80CEAB8C880ACA5" - "44B6876DFFEF85A576C0D45B551AFAA1FD63209CD745DF75C5A0F0B580296EA466CD0338207E4752" - "FF4E7DB724D8AE18CE5CF4153BB94C27869FBB50E64F02546E4B02997A0B8623E64017CC770759C6" - "695DB649EEFD829D688D441BCC4E7348F1024100EF86DD7AF3F32CDE8A9F6564E43A559A0C9F8BAD" - "36CC25330548B347AC158A345631FA90F7B873C36EFFAE2F7823227A3F580B5DD18304D5932751E7" - "43E9234F024100E2A039854B55688740E32A51DF4AF88613D91A371CF8DDD95D780A89D7CF2119A9" - "54F1AC0F3DCDB2F6959926E6D9D37D8BC07A4C634DE6F16315BD5F0DAC340102407ECEEDB9903572" - "1B76909F174BA6698DCA72953D957B22C0A871C8531EDE3A1BB52984A719BC010D1CA57A555DB83F" - "6DE54CBAB932AEC652F38D497A6F3F30CF024100854F30E4FF232E6DADB2CD99926855F484255AB7" - "01FBCDCB27EC426F33A7046972AA700ADBCA008763DF87440F52F4E070531AC385B55AAC1C2AE7DD" - "8F9278F1024100C313F4AF9E4A9DE1253C21080CE524251560C111550772FD08690F13FBE658342E" - "BD2D41C9DCB12374E871B1839E26CAE252E1AE3DAAD5F1EE1F42B4D0EE7581"; - - SignatureKnownAnswerTest<RSASS<PKCS1v15, SHA1> >( - keyRSA1, - "Everyone gets Friday off.", - "0610761F95FFD1B8F29DA34212947EC2AA0E358866A722F03CC3C41487ADC604A48FF54F5C6BEDB9FB7BD59F82D6E55D8F3174BA361B2214B2D74E8825E04E81"); - - SignatureKnownAnswerTest<RSASS_ISO<SHA1> >( - keyRSA2, - "test", - "32F6BA41C8930DE71EE67F2627172CC539EDE04267FDE03AC295E3C50311F26C3B275D3AF513AC96" - "8EE493BAB7DA3A754661D1A7C4A0D1A2B7EE8B313AACD8CB8BFBC5C15EFB0EF15C86A9334A1E87AD" - "291EB961B5CA0E84930429B28780816AA94F96FC2367B71E2D2E4866FA966795B147F00600E5207E" - "2F189C883B37477C"); - - SignaturePairwiseConsistencyTest<DSA>( - "3082014A0201003082012B06072A8648CE3804013082011E02818100F468699A6F6EBCC0120D3B34C8E007F125EC7D81F763B8D0F33869AE3BD6B9F2ECCC7DF34DF84C0307449E9B85D30D57194BCCEB310F48141914DD13A077AAF9B624A6CBE666BBA1D7EBEA95B5BA6F54417FD5D4E4220C601E071D316A24EA814E8B0122DBF47EE8AEEFD319EBB01DD95683F10DBB4FEB023F8262A07EAEB7FD02150082AD4E034DA6EEACDFDAE68C36F2BAD614F9E53B02818071AAF73361A26081529F7D84078ADAFCA48E031DB54AD57FB1A833ADBD8672328AABAA0C756247998D7A5B10DACA359D231332CE8120B483A784FE07D46EEBFF0D7D374A10691F78653E6DC29E27CCB1B174923960DFE5B959B919B2C3816C19251832AFD8E35D810E598F82877ABF7D40A041565168BD7F0E21E3FE2A8D8C1C0416021426EBA66E846E755169F84A1DA981D86502405DDF"); - - SignaturePairwiseConsistencyTest<ECDSA<EC2N, SHA1> >( - "302D020100301006072A8648CE3D020106052B8104000404163014020101040F0070337065E1E196980A9D00E37211"); - - SignaturePairwiseConsistencyTest<ECDSA<ECP, SHA1> >( - "3039020100301306072A8648CE3D020106082A8648CE3D030101041F301D02010104182BB8A13C8B867010BD9471D9E81FDB01ABD0538C64D6249A"); - - SignaturePairwiseConsistencyTest<RSASS<PSS, SHA1> >(keyRSA1); - } - catch (...) - { - g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED; - goto done; - } - - g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_PASSED; - -done: - SetPowerUpSelfTestInProgressOnThisThread(false); - return; -} - -#ifdef CRYPTOPP_WIN32_AVAILABLE - -void DoDllPowerUpSelfTest() -{ - CryptoPP::DoPowerUpSelfTest(NULL, s_moduleMac); -} - -#else - -void DoDllPowerUpSelfTest() -{ - throw NotImplemented("DoDllPowerUpSelfTest() only available on Windows"); -} - -#endif // #ifdef CRYPTOPP_WIN32_AVAILABLE - -NAMESPACE_END - -#ifdef CRYPTOPP_WIN32_AVAILABLE - -// DllMain needs to be in the global namespace -BOOL APIENTRY DllMain(HANDLE hModule, - DWORD ul_reason_for_call, - LPVOID lpReserved) -{ - if (ul_reason_for_call == DLL_PROCESS_ATTACH) - { - CryptoPP::s_hModule = (HMODULE)hModule; - CryptoPP::DoDllPowerUpSelfTest(); - } - return TRUE; -} - -#endif // #ifdef CRYPTOPP_WIN32_AVAILABLE - -#endif // #ifndef CRYPTOPP_IMPORTS diff --git a/cryptopp562/fltrimpl.h b/cryptopp562/fltrimpl.h deleted file mode 100644 index 4087d7d..0000000 --- a/cryptopp562/fltrimpl.h +++ /dev/null @@ -1,67 +0,0 @@ -#ifndef CRYPTOPP_FLTRIMPL_H -#define CRYPTOPP_FLTRIMPL_H - -#define FILTER_BEGIN \ - switch (m_continueAt) \ - { \ - case 0: \ - m_inputPosition = 0; - -#define FILTER_END_NO_MESSAGE_END_NO_RETURN \ - break; \ - default: \ - assert(false); \ - } - -#define FILTER_END_NO_MESSAGE_END \ - FILTER_END_NO_MESSAGE_END_NO_RETURN \ - return 0; - -/* -#define FILTER_END \ - case -1: \ - if (messageEnd && Output(-1, NULL, 0, messageEnd, blocking)) \ - return 1; \ - FILTER_END_NO_MESSAGE_END -*/ - -#define FILTER_OUTPUT3(site, statement, output, length, messageEnd, channel) \ - {\ - case site: \ - statement; \ - if (Output(site, output, length, messageEnd, blocking, channel)) \ - return STDMAX(size_t(1), length-m_inputPosition);\ - } - -#define FILTER_OUTPUT2(site, statement, output, length, messageEnd) \ - FILTER_OUTPUT3(site, statement, output, length, messageEnd, DEFAULT_CHANNEL) - -#define FILTER_OUTPUT(site, output, length, messageEnd) \ - FILTER_OUTPUT2(site, 0, output, length, messageEnd) - -#define FILTER_OUTPUT_BYTE(site, output) \ - FILTER_OUTPUT(site, &(const byte &)(byte)output, 1, 0) - -#define FILTER_OUTPUT2_MODIFIABLE(site, statement, output, length, messageEnd) \ - {\ - case site: \ - statement; \ - if (OutputModifiable(site, output, length, messageEnd, blocking)) \ - return STDMAX(size_t(1), length-m_inputPosition);\ - } - -#define FILTER_OUTPUT_MODIFIABLE(site, output, length, messageEnd) \ - FILTER_OUTPUT2_MODIFIABLE(site, 0, output, length, messageEnd) - -#define FILTER_OUTPUT2_MAYBE_MODIFIABLE(site, statement, output, length, messageEnd, modifiable) \ - {\ - case site: \ - statement; \ - if (modifiable ? OutputModifiable(site, output, length, messageEnd, blocking) : Output(site, output, length, messageEnd, blocking)) \ - return STDMAX(size_t(1), length-m_inputPosition);\ - } - -#define FILTER_OUTPUT_MAYBE_MODIFIABLE(site, output, length, messageEnd, modifiable) \ - FILTER_OUTPUT2_MAYBE_MODIFIABLE(site, 0, output, length, messageEnd, modifiable) - -#endif diff --git a/cryptopp562/gcm.cpp b/cryptopp562/gcm.cpp deleted file mode 100644 index 237325d..0000000 --- a/cryptopp562/gcm.cpp +++ /dev/null @@ -1,828 +0,0 @@ -// gcm.cpp - written and placed in the public domain by Wei Dai
-
-// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM gcm.cpp" to generate MASM code
-
-#include "pch.h"
-
-#ifndef CRYPTOPP_IMPORTS
-#ifndef CRYPTOPP_GENERATE_X64_MASM
-
-#include "gcm.h"
-#include "cpu.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-word16 GCM_Base::s_reductionTable[256];
-volatile bool GCM_Base::s_reductionTableInitialized = false;
-
-void GCM_Base::GCTR::IncrementCounterBy256()
-{
- IncrementCounterByOne(m_counterArray+BlockSize()-4, 3);
-}
-
-#if 0
-// preserved for testing
-void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
-{
- word64 Z0=0, Z1=0, V0, V1;
-
- typedef BlockGetAndPut<word64, BigEndian> Block;
- Block::Get(a)(V0)(V1);
-
- for (int i=0; i<16; i++)
- {
- for (int j=0x80; j!=0; j>>=1)
- {
- int x = b[i] & j;
- Z0 ^= x ? V0 : 0;
- Z1 ^= x ? V1 : 0;
- x = (int)V1 & 1;
- V1 = (V1>>1) | (V0<<63);
- V0 = (V0>>1) ^ (x ? W64LIT(0xe1) << 56 : 0);
- }
- }
- Block::Put(NULL, c)(Z0)(Z1);
-}
-
-__m128i _mm_clmulepi64_si128(const __m128i &a, const __m128i &b, int i)
-{
- word64 A[1] = {ByteReverse(((word64*)&a)[i&1])};
- word64 B[1] = {ByteReverse(((word64*)&b)[i>>4])};
-
- PolynomialMod2 pa((byte *)A, 8);
- PolynomialMod2 pb((byte *)B, 8);
- PolynomialMod2 c = pa*pb;
-
- __m128i output;
- for (int i=0; i<16; i++)
- ((byte *)&output)[i] = c.GetByte(i);
- return output;
-}
-#endif
-
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
-inline static void SSE2_Xor16(byte *a, const byte *b, const byte *c)
-{
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
- *(__m128i *)a = _mm_xor_si128(*(__m128i *)b, *(__m128i *)c);
-#else
- asm ("movdqa %1, %%xmm0; pxor %2, %%xmm0; movdqa %%xmm0, %0;" : "=m" (a[0]) : "m"(b[0]), "m"(c[0]));
-#endif
-}
-#endif
-
-inline static void Xor16(byte *a, const byte *b, const byte *c)
-{
- ((word64 *)a)[0] = ((word64 *)b)[0] ^ ((word64 *)c)[0];
- ((word64 *)a)[1] = ((word64 *)b)[1] ^ ((word64 *)c)[1];
-}
-
-#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
-static CRYPTOPP_ALIGN_DATA(16) const word64 s_clmulConstants64[] = {
- W64LIT(0xe100000000000000), W64LIT(0xc200000000000000),
- W64LIT(0x08090a0b0c0d0e0f), W64LIT(0x0001020304050607),
- W64LIT(0x0001020304050607), W64LIT(0x08090a0b0c0d0e0f)};
-static const __m128i *s_clmulConstants = (const __m128i *)s_clmulConstants64;
-static const unsigned int s_clmulTableSizeInBlocks = 8;
-
-inline __m128i CLMUL_Reduce(__m128i c0, __m128i c1, __m128i c2, const __m128i &r)
-{
- /*
- The polynomial to be reduced is c0 * x^128 + c1 * x^64 + c2. c0t below refers to the most
- significant half of c0 as a polynomial, which, due to GCM's bit reflection, are in the
- rightmost bit positions, and the lowest byte addresses.
-
- c1 ^= c0t * 0xc200000000000000
- c2t ^= c0t
- t = shift (c1t ^ c0b) left 1 bit
- c2 ^= t * 0xe100000000000000
- c2t ^= c1b
- shift c2 left 1 bit and xor in lowest bit of c1t
- */
-#if 0 // MSVC 2010 workaround: see http://connect.microsoft.com/VisualStudio/feedback/details/575301
- c2 = _mm_xor_si128(c2, _mm_move_epi64(c0));
-#else
- c1 = _mm_xor_si128(c1, _mm_slli_si128(c0, 8));
-#endif
- c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(c0, r, 0x10));
- c0 = _mm_srli_si128(c0, 8);
- c0 = _mm_xor_si128(c0, c1);
- c0 = _mm_slli_epi64(c0, 1);
- c0 = _mm_clmulepi64_si128(c0, r, 0);
- c2 = _mm_xor_si128(c2, c0);
- c2 = _mm_xor_si128(c2, _mm_srli_si128(c1, 8));
- c1 = _mm_unpacklo_epi64(c1, c2);
- c1 = _mm_srli_epi64(c1, 63);
- c2 = _mm_slli_epi64(c2, 1);
- return _mm_xor_si128(c2, c1);
-}
-
-inline __m128i CLMUL_GF_Mul(const __m128i &x, const __m128i &h, const __m128i &r)
-{
- __m128i c0 = _mm_clmulepi64_si128(x,h,0);
- __m128i c1 = _mm_xor_si128(_mm_clmulepi64_si128(x,h,1), _mm_clmulepi64_si128(x,h,0x10));
- __m128i c2 = _mm_clmulepi64_si128(x,h,0x11);
-
- return CLMUL_Reduce(c0, c1, c2, r);
-}
-#endif
-
-void GCM_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms)
-{
- BlockCipher &blockCipher = AccessBlockCipher();
- blockCipher.SetKey(userKey, keylength, params);
-
- if (blockCipher.BlockSize() != REQUIRED_BLOCKSIZE)
- throw InvalidArgument(AlgorithmName() + ": block size of underlying block cipher is not 16");
-
- int tableSize, i, j, k;
-
-#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
- if (HasCLMUL())
- {
- params.GetIntValue(Name::TableSize(), tableSize); // avoid "parameter not used" error
- tableSize = s_clmulTableSizeInBlocks * REQUIRED_BLOCKSIZE;
- }
- else
-#endif
- {
- if (params.GetIntValue(Name::TableSize(), tableSize))
- tableSize = (tableSize >= 64*1024) ? 64*1024 : 2*1024;
- else
- tableSize = (GetTablesOption() == GCM_64K_Tables) ? 64*1024 : 2*1024;
-
-#if defined(_MSC_VER) && (_MSC_VER >= 1300 && _MSC_VER < 1400)
- // VC 2003 workaround: compiler generates bad code for 64K tables
- tableSize = 2*1024;
-#endif
- }
-
- m_buffer.resize(3*REQUIRED_BLOCKSIZE + tableSize);
- byte *table = MulTable();
- byte *hashKey = HashKey();
- memset(hashKey, 0, REQUIRED_BLOCKSIZE);
- blockCipher.ProcessBlock(hashKey);
-
-#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
- if (HasCLMUL())
- {
- const __m128i r = s_clmulConstants[0];
- __m128i h0 = _mm_shuffle_epi8(_mm_load_si128((__m128i *)hashKey), s_clmulConstants[1]);
- __m128i h = h0;
-
- for (i=0; i<tableSize; i+=32)
- {
- __m128i h1 = CLMUL_GF_Mul(h, h0, r);
- _mm_storel_epi64((__m128i *)(table+i), h);
- _mm_storeu_si128((__m128i *)(table+i+16), h1);
- _mm_storeu_si128((__m128i *)(table+i+8), h);
- _mm_storel_epi64((__m128i *)(table+i+8), h1);
- h = CLMUL_GF_Mul(h1, h0, r);
- }
-
- return;
- }
-#endif
-
- word64 V0, V1;
- typedef BlockGetAndPut<word64, BigEndian> Block;
- Block::Get(hashKey)(V0)(V1);
-
- if (tableSize == 64*1024)
- {
- for (i=0; i<128; i++)
- {
- k = i%8;
- Block::Put(NULL, table+(i/8)*256*16+(size_t(1)<<(11-k)))(V0)(V1);
-
- int x = (int)V1 & 1;
- V1 = (V1>>1) | (V0<<63);
- V0 = (V0>>1) ^ (x ? W64LIT(0xe1) << 56 : 0);
- }
-
- for (i=0; i<16; i++)
- {
- memset(table+i*256*16, 0, 16);
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
- if (HasSSE2())
- for (j=2; j<=0x80; j*=2)
- for (k=1; k<j; k++)
- SSE2_Xor16(table+i*256*16+(j+k)*16, table+i*256*16+j*16, table+i*256*16+k*16);
- else
-#endif
- for (j=2; j<=0x80; j*=2)
- for (k=1; k<j; k++)
- Xor16(table+i*256*16+(j+k)*16, table+i*256*16+j*16, table+i*256*16+k*16);
- }
- }
- else
- {
- if (!s_reductionTableInitialized)
- {
- s_reductionTable[0] = 0;
- word16 x = 0x01c2;
- s_reductionTable[1] = ByteReverse(x);
- for (int i=2; i<=0x80; i*=2)
- {
- x <<= 1;
- s_reductionTable[i] = ByteReverse(x);
- for (int j=1; j<i; j++)
- s_reductionTable[i+j] = s_reductionTable[i] ^ s_reductionTable[j];
- }
- s_reductionTableInitialized = true;
- }
-
- for (i=0; i<128-24; i++)
- {
- k = i%32;
- if (k < 4)
- Block::Put(NULL, table+1024+(i/32)*256+(size_t(1)<<(7-k)))(V0)(V1);
- else if (k < 8)
- Block::Put(NULL, table+(i/32)*256+(size_t(1)<<(11-k)))(V0)(V1);
-
- int x = (int)V1 & 1;
- V1 = (V1>>1) | (V0<<63);
- V0 = (V0>>1) ^ (x ? W64LIT(0xe1) << 56 : 0);
- }
-
- for (i=0; i<4; i++)
- {
- memset(table+i*256, 0, 16);
- memset(table+1024+i*256, 0, 16);
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
- if (HasSSE2())
- for (j=2; j<=8; j*=2)
- for (k=1; k<j; k++)
- {
- SSE2_Xor16(table+i*256+(j+k)*16, table+i*256+j*16, table+i*256+k*16);
- SSE2_Xor16(table+1024+i*256+(j+k)*16, table+1024+i*256+j*16, table+1024+i*256+k*16);
- }
- else
-#endif
- for (j=2; j<=8; j*=2)
- for (k=1; k<j; k++)
- {
- Xor16(table+i*256+(j+k)*16, table+i*256+j*16, table+i*256+k*16);
- Xor16(table+1024+i*256+(j+k)*16, table+1024+i*256+j*16, table+1024+i*256+k*16);
- }
- }
- }
-}
-
-inline void GCM_Base::ReverseHashBufferIfNeeded()
-{
-#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
- if (HasCLMUL())
- {
- __m128i &x = *(__m128i *)HashBuffer();
- x = _mm_shuffle_epi8(x, s_clmulConstants[1]);
- }
-#endif
-}
-
-void GCM_Base::Resync(const byte *iv, size_t len)
-{
- BlockCipher &cipher = AccessBlockCipher();
- byte *hashBuffer = HashBuffer();
-
- if (len == 12)
- {
- memcpy(hashBuffer, iv, len);
- memset(hashBuffer+len, 0, 3);
- hashBuffer[len+3] = 1;
- }
- else
- {
- size_t origLen = len;
- memset(hashBuffer, 0, HASH_BLOCKSIZE);
-
- if (len >= HASH_BLOCKSIZE)
- {
- len = GCM_Base::AuthenticateBlocks(iv, len);
- iv += (origLen - len);
- }
-
- if (len > 0)
- {
- memcpy(m_buffer, iv, len);
- memset(m_buffer+len, 0, HASH_BLOCKSIZE-len);
- GCM_Base::AuthenticateBlocks(m_buffer, HASH_BLOCKSIZE);
- }
-
- PutBlock<word64, BigEndian, true>(NULL, m_buffer)(0)(origLen*8);
- GCM_Base::AuthenticateBlocks(m_buffer, HASH_BLOCKSIZE);
-
- ReverseHashBufferIfNeeded();
- }
-
- if (m_state >= State_IVSet)
- m_ctr.Resynchronize(hashBuffer, REQUIRED_BLOCKSIZE);
- else
- m_ctr.SetCipherWithIV(cipher, hashBuffer);
-
- m_ctr.Seek(HASH_BLOCKSIZE);
-
- memset(hashBuffer, 0, HASH_BLOCKSIZE);
-}
-
-unsigned int GCM_Base::OptimalDataAlignment() const
-{
- return
-#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)
- HasSSE2() ? 16 :
-#endif
- GetBlockCipher().OptimalDataAlignment();
-}
-
-#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code
-
-#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM
-
-#ifdef CRYPTOPP_X64_MASM_AVAILABLE
-extern "C" {
-void GCM_AuthenticateBlocks_2K(const byte *data, size_t blocks, word64 *hashBuffer, const word16 *reductionTable);
-void GCM_AuthenticateBlocks_64K(const byte *data, size_t blocks, word64 *hashBuffer);
-}
-#endif
-
-#ifndef CRYPTOPP_GENERATE_X64_MASM
-
-size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len)
-{
-#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
- if (HasCLMUL())
- {
- const __m128i *table = (const __m128i *)MulTable();
- __m128i x = _mm_load_si128((__m128i *)HashBuffer());
- const __m128i r = s_clmulConstants[0], bswapMask = s_clmulConstants[1], bswapMask2 = s_clmulConstants[2];
-
- while (len >= 16)
- {
- size_t s = UnsignedMin(len/16, s_clmulTableSizeInBlocks), i=0;
- __m128i d, d2 = _mm_shuffle_epi8(_mm_loadu_si128((const __m128i *)(data+(s-1)*16)), bswapMask2);;
- __m128i c0 = _mm_setzero_si128();
- __m128i c1 = _mm_setzero_si128();
- __m128i c2 = _mm_setzero_si128();
-
- while (true)
- {
- __m128i h0 = _mm_load_si128(table+i);
- __m128i h1 = _mm_load_si128(table+i+1);
- __m128i h01 = _mm_xor_si128(h0, h1);
-
- if (++i == s)
- {
- d = _mm_shuffle_epi8(_mm_loadu_si128((const __m128i *)data), bswapMask);
- d = _mm_xor_si128(d, x);
- c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d, h0, 0));
- c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d, h1, 1));
- d = _mm_xor_si128(d, _mm_shuffle_epi32(d, _MM_SHUFFLE(1, 0, 3, 2)));
- c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d, h01, 0));
- break;
- }
-
- d = _mm_shuffle_epi8(_mm_loadu_si128((const __m128i *)(data+(s-i)*16-8)), bswapMask2);
- c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d2, h0, 1));
- c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d, h1, 1));
- d2 = _mm_xor_si128(d2, d);
- c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d2, h01, 1));
-
- if (++i == s)
- {
- d = _mm_shuffle_epi8(_mm_loadu_si128((const __m128i *)data), bswapMask);
- d = _mm_xor_si128(d, x);
- c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d, h0, 0x10));
- c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d, h1, 0x11));
- d = _mm_xor_si128(d, _mm_shuffle_epi32(d, _MM_SHUFFLE(1, 0, 3, 2)));
- c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d, h01, 0x10));
- break;
- }
-
- d2 = _mm_shuffle_epi8(_mm_loadu_si128((const __m128i *)(data+(s-i)*16-8)), bswapMask);
- c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d, h0, 0x10));
- c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d2, h1, 0x10));
- d = _mm_xor_si128(d, d2);
- c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d, h01, 0x10));
- }
- data += s*16;
- len -= s*16;
-
- c1 = _mm_xor_si128(_mm_xor_si128(c1, c0), c2);
- x = CLMUL_Reduce(c0, c1, c2, r);
- }
-
- _mm_store_si128((__m128i *)HashBuffer(), x);
- return len;
- }
-#endif
-
- typedef BlockGetAndPut<word64, NativeByteOrder> Block;
- word64 *hashBuffer = (word64 *)HashBuffer();
-
- switch (2*(m_buffer.size()>=64*1024)
-#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)
- + HasSSE2()
-#endif
- )
- {
- case 0: // non-SSE2 and 2K tables
- {
- byte *table = MulTable();
- word64 x0 = hashBuffer[0], x1 = hashBuffer[1];
-
- do
- {
- word64 y0, y1, a0, a1, b0, b1, c0, c1, d0, d1;
- Block::Get(data)(y0)(y1);
- x0 ^= y0;
- x1 ^= y1;
-
- data += HASH_BLOCKSIZE;
- len -= HASH_BLOCKSIZE;
-
- #define READ_TABLE_WORD64_COMMON(a, b, c, d) *(word64 *)(table+(a*1024)+(b*256)+c+d*8)
-
- #ifdef IS_LITTLE_ENDIAN
- #if CRYPTOPP_BOOL_SLOW_WORD64
- word32 z0 = (word32)x0;
- word32 z1 = (word32)(x0>>32);
- word32 z2 = (word32)x1;
- word32 z3 = (word32)(x1>>32);
- #define READ_TABLE_WORD64(a, b, c, d, e) READ_TABLE_WORD64_COMMON((d%2), c, (d?(z##c>>((d?d-1:0)*4))&0xf0:(z##c&0xf)<<4), e)
- #else
- #define READ_TABLE_WORD64(a, b, c, d, e) READ_TABLE_WORD64_COMMON((d%2), c, ((d+8*b)?(x##a>>(((d+8*b)?(d+8*b)-1:1)*4))&0xf0:(x##a&0xf)<<4), e)
- #endif
- #define GF_MOST_SIG_8BITS(a) (a##1 >> 7*8)
- #define GF_SHIFT_8(a) a##1 = (a##1 << 8) ^ (a##0 >> 7*8); a##0 <<= 8;
- #else
- #define READ_TABLE_WORD64(a, b, c, d, e) READ_TABLE_WORD64_COMMON((1-d%2), c, ((15-d-8*b)?(x##a>>(((15-d-8*b)?(15-d-8*b)-1:0)*4))&0xf0:(x##a&0xf)<<4), e)
- #define GF_MOST_SIG_8BITS(a) (a##1 & 0xff)
- #define GF_SHIFT_8(a) a##1 = (a##1 >> 8) ^ (a##0 << 7*8); a##0 >>= 8;
- #endif
-
- #define GF_MUL_32BY128(op, a, b, c) \
- a0 op READ_TABLE_WORD64(a, b, c, 0, 0) ^ READ_TABLE_WORD64(a, b, c, 1, 0);\
- a1 op READ_TABLE_WORD64(a, b, c, 0, 1) ^ READ_TABLE_WORD64(a, b, c, 1, 1);\
- b0 op READ_TABLE_WORD64(a, b, c, 2, 0) ^ READ_TABLE_WORD64(a, b, c, 3, 0);\
- b1 op READ_TABLE_WORD64(a, b, c, 2, 1) ^ READ_TABLE_WORD64(a, b, c, 3, 1);\
- c0 op READ_TABLE_WORD64(a, b, c, 4, 0) ^ READ_TABLE_WORD64(a, b, c, 5, 0);\
- c1 op READ_TABLE_WORD64(a, b, c, 4, 1) ^ READ_TABLE_WORD64(a, b, c, 5, 1);\
- d0 op READ_TABLE_WORD64(a, b, c, 6, 0) ^ READ_TABLE_WORD64(a, b, c, 7, 0);\
- d1 op READ_TABLE_WORD64(a, b, c, 6, 1) ^ READ_TABLE_WORD64(a, b, c, 7, 1);\
-
- GF_MUL_32BY128(=, 0, 0, 0)
- GF_MUL_32BY128(^=, 0, 1, 1)
- GF_MUL_32BY128(^=, 1, 0, 2)
- GF_MUL_32BY128(^=, 1, 1, 3)
-
- word32 r = (word32)s_reductionTable[GF_MOST_SIG_8BITS(d)] << 16;
- GF_SHIFT_8(d)
- c0 ^= d0; c1 ^= d1;
- r ^= (word32)s_reductionTable[GF_MOST_SIG_8BITS(c)] << 8;
- GF_SHIFT_8(c)
- b0 ^= c0; b1 ^= c1;
- r ^= s_reductionTable[GF_MOST_SIG_8BITS(b)];
- GF_SHIFT_8(b)
- a0 ^= b0; a1 ^= b1;
- a0 ^= ConditionalByteReverse<word64>(LITTLE_ENDIAN_ORDER, r);
- x0 = a0; x1 = a1;
- }
- while (len >= HASH_BLOCKSIZE);
-
- hashBuffer[0] = x0; hashBuffer[1] = x1;
- return len;
- }
-
- case 2: // non-SSE2 and 64K tables
- {
- byte *table = MulTable();
- word64 x0 = hashBuffer[0], x1 = hashBuffer[1];
-
- do
- {
- word64 y0, y1, a0, a1;
- Block::Get(data)(y0)(y1);
- x0 ^= y0;
- x1 ^= y1;
-
- data += HASH_BLOCKSIZE;
- len -= HASH_BLOCKSIZE;
-
- #undef READ_TABLE_WORD64_COMMON
- #undef READ_TABLE_WORD64
-
- #define READ_TABLE_WORD64_COMMON(a, c, d) *(word64 *)(table+(a)*256*16+(c)+(d)*8)
-
- #ifdef IS_LITTLE_ENDIAN
- #if CRYPTOPP_BOOL_SLOW_WORD64
- word32 z0 = (word32)x0;
- word32 z1 = (word32)(x0>>32);
- word32 z2 = (word32)x1;
- word32 z3 = (word32)(x1>>32);
- #define READ_TABLE_WORD64(b, c, d, e) READ_TABLE_WORD64_COMMON(c*4+d, (d?(z##c>>((d?d:1)*8-4))&0xff0:(z##c&0xff)<<4), e)
- #else
- #define READ_TABLE_WORD64(b, c, d, e) READ_TABLE_WORD64_COMMON(c*4+d, ((d+4*(c%2))?(x##b>>(((d+4*(c%2))?(d+4*(c%2)):1)*8-4))&0xff0:(x##b&0xff)<<4), e)
- #endif
- #else
- #define READ_TABLE_WORD64(b, c, d, e) READ_TABLE_WORD64_COMMON(c*4+d, ((7-d-4*(c%2))?(x##b>>(((7-d-4*(c%2))?(7-d-4*(c%2)):1)*8-4))&0xff0:(x##b&0xff)<<4), e)
- #endif
-
- #define GF_MUL_8BY128(op, b, c, d) \
- a0 op READ_TABLE_WORD64(b, c, d, 0);\
- a1 op READ_TABLE_WORD64(b, c, d, 1);\
-
- GF_MUL_8BY128(=, 0, 0, 0)
- GF_MUL_8BY128(^=, 0, 0, 1)
- GF_MUL_8BY128(^=, 0, 0, 2)
- GF_MUL_8BY128(^=, 0, 0, 3)
- GF_MUL_8BY128(^=, 0, 1, 0)
- GF_MUL_8BY128(^=, 0, 1, 1)
- GF_MUL_8BY128(^=, 0, 1, 2)
- GF_MUL_8BY128(^=, 0, 1, 3)
- GF_MUL_8BY128(^=, 1, 2, 0)
- GF_MUL_8BY128(^=, 1, 2, 1)
- GF_MUL_8BY128(^=, 1, 2, 2)
- GF_MUL_8BY128(^=, 1, 2, 3)
- GF_MUL_8BY128(^=, 1, 3, 0)
- GF_MUL_8BY128(^=, 1, 3, 1)
- GF_MUL_8BY128(^=, 1, 3, 2)
- GF_MUL_8BY128(^=, 1, 3, 3)
-
- x0 = a0; x1 = a1;
- }
- while (len >= HASH_BLOCKSIZE);
-
- hashBuffer[0] = x0; hashBuffer[1] = x1;
- return len;
- }
-#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM
-
-#ifdef CRYPTOPP_X64_MASM_AVAILABLE
- case 1: // SSE2 and 2K tables
- GCM_AuthenticateBlocks_2K(data, len/16, hashBuffer, s_reductionTable);
- return len % 16;
- case 3: // SSE2 and 64K tables
- GCM_AuthenticateBlocks_64K(data, len/16, hashBuffer);
- return len % 16;
-#endif
-
-#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
- case 1: // SSE2 and 2K tables
- {
- #ifdef __GNUC__
- __asm__ __volatile__
- (
- ".intel_syntax noprefix;"
- #elif defined(CRYPTOPP_GENERATE_X64_MASM)
- ALIGN 8
- GCM_AuthenticateBlocks_2K PROC FRAME
- rex_push_reg rsi
- push_reg rdi
- push_reg rbx
- .endprolog
- mov rsi, r8
- mov r11, r9
- #else
- AS2( mov WORD_REG(cx), data )
- AS2( mov WORD_REG(dx), len )
- AS2( mov WORD_REG(si), hashBuffer )
- AS2( shr WORD_REG(dx), 4 )
- #endif
-
- AS_PUSH_IF86( bx)
- AS_PUSH_IF86( bp)
-
- #ifdef __GNUC__
- AS2( mov AS_REG_7, WORD_REG(di))
- #elif CRYPTOPP_BOOL_X86
- AS2( lea AS_REG_7, s_reductionTable)
- #endif
-
- AS2( movdqa xmm0, [WORD_REG(si)] )
-
- #define MUL_TABLE_0 WORD_REG(si) + 32
- #define MUL_TABLE_1 WORD_REG(si) + 32 + 1024
- #define RED_TABLE AS_REG_7
-
- ASL(0)
- AS2( movdqu xmm4, [WORD_REG(cx)] )
- AS2( pxor xmm0, xmm4 )
-
- AS2( movd ebx, xmm0 )
- AS2( mov eax, AS_HEX(f0f0f0f0) )
- AS2( and eax, ebx )
- AS2( shl ebx, 4 )
- AS2( and ebx, AS_HEX(f0f0f0f0) )
- AS2( movzx edi, ah )
- AS2( movdqa xmm5, XMMWORD_PTR [MUL_TABLE_1 + WORD_REG(di)] )
- AS2( movzx edi, al )
- AS2( movdqa xmm4, XMMWORD_PTR [MUL_TABLE_1 + WORD_REG(di)] )
- AS2( shr eax, 16 )
- AS2( movzx edi, ah )
- AS2( movdqa xmm3, XMMWORD_PTR [MUL_TABLE_1 + WORD_REG(di)] )
- AS2( movzx edi, al )
- AS2( movdqa xmm2, XMMWORD_PTR [MUL_TABLE_1 + WORD_REG(di)] )
-
- #define SSE2_MUL_32BITS(i) \
- AS2( psrldq xmm0, 4 )\
- AS2( movd eax, xmm0 )\
- AS2( and eax, AS_HEX(f0f0f0f0) )\
- AS2( movzx edi, bh )\
- AS2( pxor xmm5, XMMWORD_PTR [MUL_TABLE_0 + (i-1)*256 + WORD_REG(di)] )\
- AS2( movzx edi, bl )\
- AS2( pxor xmm4, XMMWORD_PTR [MUL_TABLE_0 + (i-1)*256 + WORD_REG(di)] )\
- AS2( shr ebx, 16 )\
- AS2( movzx edi, bh )\
- AS2( pxor xmm3, XMMWORD_PTR [MUL_TABLE_0 + (i-1)*256 + WORD_REG(di)] )\
- AS2( movzx edi, bl )\
- AS2( pxor xmm2, XMMWORD_PTR [MUL_TABLE_0 + (i-1)*256 + WORD_REG(di)] )\
- AS2( movd ebx, xmm0 )\
- AS2( shl ebx, 4 )\
- AS2( and ebx, AS_HEX(f0f0f0f0) )\
- AS2( movzx edi, ah )\
- AS2( pxor xmm5, XMMWORD_PTR [MUL_TABLE_1 + i*256 + WORD_REG(di)] )\
- AS2( movzx edi, al )\
- AS2( pxor xmm4, XMMWORD_PTR [MUL_TABLE_1 + i*256 + WORD_REG(di)] )\
- AS2( shr eax, 16 )\
- AS2( movzx edi, ah )\
- AS2( pxor xmm3, XMMWORD_PTR [MUL_TABLE_1 + i*256 + WORD_REG(di)] )\
- AS2( movzx edi, al )\
- AS2( pxor xmm2, XMMWORD_PTR [MUL_TABLE_1 + i*256 + WORD_REG(di)] )\
-
- SSE2_MUL_32BITS(1)
- SSE2_MUL_32BITS(2)
- SSE2_MUL_32BITS(3)
-
- AS2( movzx edi, bh )
- AS2( pxor xmm5, XMMWORD_PTR [MUL_TABLE_0 + 3*256 + WORD_REG(di)] )
- AS2( movzx edi, bl )
- AS2( pxor xmm4, XMMWORD_PTR [MUL_TABLE_0 + 3*256 + WORD_REG(di)] )
- AS2( shr ebx, 16 )
- AS2( movzx edi, bh )
- AS2( pxor xmm3, XMMWORD_PTR [MUL_TABLE_0 + 3*256 + WORD_REG(di)] )
- AS2( movzx edi, bl )
- AS2( pxor xmm2, XMMWORD_PTR [MUL_TABLE_0 + 3*256 + WORD_REG(di)] )
-
- AS2( movdqa xmm0, xmm3 )
- AS2( pslldq xmm3, 1 )
- AS2( pxor xmm2, xmm3 )
- AS2( movdqa xmm1, xmm2 )
- AS2( pslldq xmm2, 1 )
- AS2( pxor xmm5, xmm2 )
-
- AS2( psrldq xmm0, 15 )
- AS2( movd WORD_REG(di), xmm0 )
- AS2( movzx eax, WORD PTR [RED_TABLE + WORD_REG(di)*2] )
- AS2( shl eax, 8 )
-
- AS2( movdqa xmm0, xmm5 )
- AS2( pslldq xmm5, 1 )
- AS2( pxor xmm4, xmm5 )
-
- AS2( psrldq xmm1, 15 )
- AS2( movd WORD_REG(di), xmm1 )
- AS2( xor ax, WORD PTR [RED_TABLE + WORD_REG(di)*2] )
- AS2( shl eax, 8 )
-
- AS2( psrldq xmm0, 15 )
- AS2( movd WORD_REG(di), xmm0 )
- AS2( xor ax, WORD PTR [RED_TABLE + WORD_REG(di)*2] )
-
- AS2( movd xmm0, eax )
- AS2( pxor xmm0, xmm4 )
-
- AS2( add WORD_REG(cx), 16 )
- AS2( sub WORD_REG(dx), 1 )
- ASJ( jnz, 0, b )
- AS2( movdqa [WORD_REG(si)], xmm0 )
-
- AS_POP_IF86( bp)
- AS_POP_IF86( bx)
-
- #ifdef __GNUC__
- ".att_syntax prefix;"
- :
- : "c" (data), "d" (len/16), "S" (hashBuffer), "D" (s_reductionTable)
- : "memory", "cc", "%eax"
- #if CRYPTOPP_BOOL_X64
- , "%ebx", "%r11"
- #endif
- );
- #elif defined(CRYPTOPP_GENERATE_X64_MASM)
- pop rbx
- pop rdi
- pop rsi
- ret
- GCM_AuthenticateBlocks_2K ENDP
- #endif
-
- return len%16;
- }
- case 3: // SSE2 and 64K tables
- {
- #ifdef __GNUC__
- __asm__ __volatile__
- (
- ".intel_syntax noprefix;"
- #elif defined(CRYPTOPP_GENERATE_X64_MASM)
- ALIGN 8
- GCM_AuthenticateBlocks_64K PROC FRAME
- rex_push_reg rsi
- push_reg rdi
- .endprolog
- mov rsi, r8
- #else
- AS2( mov WORD_REG(cx), data )
- AS2( mov WORD_REG(dx), len )
- AS2( mov WORD_REG(si), hashBuffer )
- AS2( shr WORD_REG(dx), 4 )
- #endif
-
- AS2( movdqa xmm0, [WORD_REG(si)] )
-
- #undef MUL_TABLE
- #define MUL_TABLE(i,j) WORD_REG(si) + 32 + (i*4+j)*256*16
-
- ASL(1)
- AS2( movdqu xmm1, [WORD_REG(cx)] )
- AS2( pxor xmm1, xmm0 )
- AS2( pxor xmm0, xmm0 )
-
- #undef SSE2_MUL_32BITS
- #define SSE2_MUL_32BITS(i) \
- AS2( movd eax, xmm1 )\
- AS2( psrldq xmm1, 4 )\
- AS2( movzx edi, al )\
- AS2( add WORD_REG(di), WORD_REG(di) )\
- AS2( pxor xmm0, [MUL_TABLE(i,0) + WORD_REG(di)*8] )\
- AS2( movzx edi, ah )\
- AS2( add WORD_REG(di), WORD_REG(di) )\
- AS2( pxor xmm0, [MUL_TABLE(i,1) + WORD_REG(di)*8] )\
- AS2( shr eax, 16 )\
- AS2( movzx edi, al )\
- AS2( add WORD_REG(di), WORD_REG(di) )\
- AS2( pxor xmm0, [MUL_TABLE(i,2) + WORD_REG(di)*8] )\
- AS2( movzx edi, ah )\
- AS2( add WORD_REG(di), WORD_REG(di) )\
- AS2( pxor xmm0, [MUL_TABLE(i,3) + WORD_REG(di)*8] )\
-
- SSE2_MUL_32BITS(0)
- SSE2_MUL_32BITS(1)
- SSE2_MUL_32BITS(2)
- SSE2_MUL_32BITS(3)
-
- AS2( add WORD_REG(cx), 16 )
- AS2( sub WORD_REG(dx), 1 )
- ASJ( jnz, 1, b )
- AS2( movdqa [WORD_REG(si)], xmm0 )
-
- #ifdef __GNUC__
- ".att_syntax prefix;"
- :
- : "c" (data), "d" (len/16), "S" (hashBuffer)
- : "memory", "cc", "%edi", "%eax"
- );
- #elif defined(CRYPTOPP_GENERATE_X64_MASM)
- pop rdi
- pop rsi
- ret
- GCM_AuthenticateBlocks_64K ENDP
- #endif
-
- return len%16;
- }
-#endif
-#ifndef CRYPTOPP_GENERATE_X64_MASM
- }
-
- return len%16;
-}
-
-void GCM_Base::AuthenticateLastHeaderBlock()
-{
- if (m_bufferedDataLength > 0)
- {
- memset(m_buffer+m_bufferedDataLength, 0, HASH_BLOCKSIZE-m_bufferedDataLength);
- m_bufferedDataLength = 0;
- GCM_Base::AuthenticateBlocks(m_buffer, HASH_BLOCKSIZE);
- }
-}
-
-void GCM_Base::AuthenticateLastConfidentialBlock()
-{
- GCM_Base::AuthenticateLastHeaderBlock();
- PutBlock<word64, BigEndian, true>(NULL, m_buffer)(m_totalHeaderLength*8)(m_totalMessageLength*8);
- GCM_Base::AuthenticateBlocks(m_buffer, HASH_BLOCKSIZE);
-}
-
-void GCM_Base::AuthenticateLastFooterBlock(byte *mac, size_t macSize)
-{
- m_ctr.Seek(0);
- ReverseHashBufferIfNeeded();
- m_ctr.ProcessData(mac, HashBuffer(), macSize);
-}
-
-NAMESPACE_END
-
-#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM
-#endif
diff --git a/cryptopp562/gcm.h b/cryptopp562/gcm.h deleted file mode 100644 index 0b32524..0000000 --- a/cryptopp562/gcm.h +++ /dev/null @@ -1,106 +0,0 @@ -#ifndef CRYPTOPP_GCM_H
-#define CRYPTOPP_GCM_H
-
-#include "authenc.h"
-#include "modes.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-//! .
-enum GCM_TablesOption {GCM_2K_Tables, GCM_64K_Tables};
-
-//! .
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GCM_Base : public AuthenticatedSymmetricCipherBase
-{
-public:
- // AuthenticatedSymmetricCipher
- std::string AlgorithmName() const
- {return GetBlockCipher().AlgorithmName() + std::string("/GCM");}
- size_t MinKeyLength() const
- {return GetBlockCipher().MinKeyLength();}
- size_t MaxKeyLength() const
- {return GetBlockCipher().MaxKeyLength();}
- size_t DefaultKeyLength() const
- {return GetBlockCipher().DefaultKeyLength();}
- size_t GetValidKeyLength(size_t n) const
- {return GetBlockCipher().GetValidKeyLength(n);}
- bool IsValidKeyLength(size_t n) const
- {return GetBlockCipher().IsValidKeyLength(n);}
- unsigned int OptimalDataAlignment() const;
- IV_Requirement IVRequirement() const
- {return UNIQUE_IV;}
- unsigned int IVSize() const
- {return 12;}
- unsigned int MinIVLength() const
- {return 1;}
- unsigned int MaxIVLength() const
- {return UINT_MAX;} // (W64LIT(1)<<61)-1 in the standard
- unsigned int DigestSize() const
- {return 16;}
- lword MaxHeaderLength() const
- {return (W64LIT(1)<<61)-1;}
- lword MaxMessageLength() const
- {return ((W64LIT(1)<<39)-256)/8;}
-
-protected:
- // AuthenticatedSymmetricCipherBase
- bool AuthenticationIsOnPlaintext() const
- {return false;}
- unsigned int AuthenticationBlockSize() const
- {return HASH_BLOCKSIZE;}
- void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms);
- void Resync(const byte *iv, size_t len);
- size_t AuthenticateBlocks(const byte *data, size_t len);
- void AuthenticateLastHeaderBlock();
- void AuthenticateLastConfidentialBlock();
- void AuthenticateLastFooterBlock(byte *mac, size_t macSize);
- SymmetricCipher & AccessSymmetricCipher() {return m_ctr;}
-
- virtual BlockCipher & AccessBlockCipher() =0;
- virtual GCM_TablesOption GetTablesOption() const =0;
-
- const BlockCipher & GetBlockCipher() const {return const_cast<GCM_Base *>(this)->AccessBlockCipher();};
- byte *HashBuffer() {return m_buffer+REQUIRED_BLOCKSIZE;}
- byte *HashKey() {return m_buffer+2*REQUIRED_BLOCKSIZE;}
- byte *MulTable() {return m_buffer+3*REQUIRED_BLOCKSIZE;}
- inline void ReverseHashBufferIfNeeded();
-
- class CRYPTOPP_DLL GCTR : public CTR_Mode_ExternalCipher::Encryption
- {
- protected:
- void IncrementCounterBy256();
- };
-
- GCTR m_ctr;
- static word16 s_reductionTable[256];
- static volatile bool s_reductionTableInitialized;
- enum {REQUIRED_BLOCKSIZE = 16, HASH_BLOCKSIZE = 16};
-};
-
-//! .
-template <class T_BlockCipher, GCM_TablesOption T_TablesOption, bool T_IsEncryption>
-class GCM_Final : public GCM_Base
-{
-public:
- static std::string StaticAlgorithmName()
- {return T_BlockCipher::StaticAlgorithmName() + std::string("/GCM");}
- bool IsForwardTransformation() const
- {return T_IsEncryption;}
-
-private:
- GCM_TablesOption GetTablesOption() const {return T_TablesOption;}
- BlockCipher & AccessBlockCipher() {return m_cipher;}
- typename T_BlockCipher::Encryption m_cipher;
-};
-
-//! <a href="http://www.cryptolounge.org/wiki/GCM">GCM</a>
-template <class T_BlockCipher, GCM_TablesOption T_TablesOption=GCM_2K_Tables>
-struct GCM : public AuthenticatedSymmetricCipherDocumentation
-{
- typedef GCM_Final<T_BlockCipher, T_TablesOption, true> Encryption;
- typedef GCM_Final<T_BlockCipher, T_TablesOption, false> Decryption;
-};
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/gf256.cpp b/cryptopp562/gf256.cpp deleted file mode 100644 index 72026d1..0000000 --- a/cryptopp562/gf256.cpp +++ /dev/null @@ -1,34 +0,0 @@ -// gf256.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "gf256.h" - -NAMESPACE_BEGIN(CryptoPP) - -GF256::Element GF256::Multiply(Element a, Element b) const -{ - word result = 0, t = b; - - for (unsigned int i=0; i<8; i++) - { - result <<= 1; - if (result & 0x100) - result ^= m_modulus; - - t <<= 1; - if (t & 0x100) - result ^= a; - } - - return (GF256::Element) result; -} - -GF256::Element GF256::MultiplicativeInverse(Element a) const -{ - Element result = a; - for (int i=1; i<7; i++) - result = Multiply(Square(result), a); - return Square(result); -} - -NAMESPACE_END diff --git a/cryptopp562/gf256.h b/cryptopp562/gf256.h deleted file mode 100644 index e0ea748..0000000 --- a/cryptopp562/gf256.h +++ /dev/null @@ -1,66 +0,0 @@ -#ifndef CRYPTOPP_GF256_H -#define CRYPTOPP_GF256_H - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! GF(256) with polynomial basis -class GF256 -{ -public: - typedef byte Element; - typedef int RandomizationParameter; - - GF256(byte modulus) : m_modulus(modulus) {} - - Element RandomElement(RandomNumberGenerator &rng, int ignored = 0) const - {return rng.GenerateByte();} - - bool Equal(Element a, Element b) const - {return a==b;} - - Element Zero() const - {return 0;} - - Element Add(Element a, Element b) const - {return a^b;} - - Element& Accumulate(Element &a, Element b) const - {return a^=b;} - - Element Inverse(Element a) const - {return a;} - - Element Subtract(Element a, Element b) const - {return a^b;} - - Element& Reduce(Element &a, Element b) const - {return a^=b;} - - Element Double(Element a) const - {return 0;} - - Element One() const - {return 1;} - - Element Multiply(Element a, Element b) const; - - Element Square(Element a) const - {return Multiply(a, a);} - - bool IsUnit(Element a) const - {return a != 0;} - - Element MultiplicativeInverse(Element a) const; - - Element Divide(Element a, Element b) const - {return Multiply(a, MultiplicativeInverse(b));} - -private: - word m_modulus; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/gf2_32.cpp b/cryptopp562/gf2_32.cpp deleted file mode 100644 index ae4874a..0000000 --- a/cryptopp562/gf2_32.cpp +++ /dev/null @@ -1,99 +0,0 @@ -// gf2_32.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "misc.h" -#include "gf2_32.h" - -NAMESPACE_BEGIN(CryptoPP) - -GF2_32::Element GF2_32::Multiply(Element a, Element b) const -{ - word32 table[4]; - table[0] = 0; - table[1] = m_modulus; - if (a & 0x80000000) - { - table[2] = m_modulus ^ (a<<1); - table[3] = a<<1; - } - else - { - table[2] = a<<1; - table[3] = m_modulus ^ (a<<1); - } - -#if CRYPTOPP_FAST_ROTATE(32) - b = rotrFixed(b, 30U); - word32 result = table[b&2]; - - for (int i=29; i>=0; --i) - { - b = rotlFixed(b, 1U); - result = (result<<1) ^ table[(b&2) + (result>>31)]; - } - - return (b&1) ? result ^ a : result; -#else - word32 result = table[(b>>30) & 2]; - - for (int i=29; i>=0; --i) - result = (result<<1) ^ table[((b>>i)&2) + (result>>31)]; - - return (b&1) ? result ^ a : result; -#endif -} - -GF2_32::Element GF2_32::MultiplicativeInverse(Element a) const -{ - if (a <= 1) // 1 is a special case - return a; - - // warning - don't try to adapt this algorithm for another situation - word32 g0=m_modulus, g1=a, g2=a; - word32 v0=0, v1=1, v2=1; - - assert(g1); - - while (!(g2 & 0x80000000)) - { - g2 <<= 1; - v2 <<= 1; - } - - g2 <<= 1; - v2 <<= 1; - - g0 ^= g2; - v0 ^= v2; - - while (g0 != 1) - { - if (g1 < g0 || ((g0^g1) < g0 && (g0^g1) < g1)) - { - assert(BitPrecision(g1) <= BitPrecision(g0)); - g2 = g1; - v2 = v1; - } - else - { - assert(BitPrecision(g1) > BitPrecision(g0)); - g2 = g0; g0 = g1; g1 = g2; - v2 = v0; v0 = v1; v1 = v2; - } - - while ((g0^g2) >= g2) - { - assert(BitPrecision(g0) > BitPrecision(g2)); - g2 <<= 1; - v2 <<= 1; - } - - assert(BitPrecision(g0) == BitPrecision(g2)); - g0 ^= g2; - v0 ^= v2; - } - - return v0; -} - -NAMESPACE_END diff --git a/cryptopp562/gf2_32.h b/cryptopp562/gf2_32.h deleted file mode 100644 index 31713f4..0000000 --- a/cryptopp562/gf2_32.h +++ /dev/null @@ -1,66 +0,0 @@ -#ifndef CRYPTOPP_GF2_32_H -#define CRYPTOPP_GF2_32_H - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! GF(2^32) with polynomial basis -class GF2_32 -{ -public: - typedef word32 Element; - typedef int RandomizationParameter; - - GF2_32(word32 modulus=0x0000008D) : m_modulus(modulus) {} - - Element RandomElement(RandomNumberGenerator &rng, int ignored = 0) const - {return rng.GenerateWord32();} - - bool Equal(Element a, Element b) const - {return a==b;} - - Element Identity() const - {return 0;} - - Element Add(Element a, Element b) const - {return a^b;} - - Element& Accumulate(Element &a, Element b) const - {return a^=b;} - - Element Inverse(Element a) const - {return a;} - - Element Subtract(Element a, Element b) const - {return a^b;} - - Element& Reduce(Element &a, Element b) const - {return a^=b;} - - Element Double(Element a) const - {return 0;} - - Element MultiplicativeIdentity() const - {return 1;} - - Element Multiply(Element a, Element b) const; - - Element Square(Element a) const - {return Multiply(a, a);} - - bool IsUnit(Element a) const - {return a != 0;} - - Element MultiplicativeInverse(Element a) const; - - Element Divide(Element a, Element b) const - {return Multiply(a, MultiplicativeInverse(b));} - -private: - word32 m_modulus; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/gf2n.cpp b/cryptopp562/gf2n.cpp deleted file mode 100644 index bcc5607..0000000 --- a/cryptopp562/gf2n.cpp +++ /dev/null @@ -1,882 +0,0 @@ -// gf2n.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "gf2n.h" -#include "algebra.h" -#include "words.h" -#include "randpool.h" -#include "asn.h" -#include "oids.h" - -#include <iostream> - -NAMESPACE_BEGIN(CryptoPP) - -PolynomialMod2::PolynomialMod2() -{ -} - -PolynomialMod2::PolynomialMod2(word value, size_t bitLength) - : reg(BitsToWords(bitLength)) -{ - assert(value==0 || reg.size()>0); - - if (reg.size() > 0) - { - reg[0] = value; - SetWords(reg+1, 0, reg.size()-1); - } -} - -PolynomialMod2::PolynomialMod2(const PolynomialMod2& t) - : reg(t.reg.size()) -{ - CopyWords(reg, t.reg, reg.size()); -} - -void PolynomialMod2::Randomize(RandomNumberGenerator &rng, size_t nbits) -{ - const size_t nbytes = nbits/8 + 1; - SecByteBlock buf(nbytes); - rng.GenerateBlock(buf, nbytes); - buf[0] = (byte)Crop(buf[0], nbits % 8); - Decode(buf, nbytes); -} - -PolynomialMod2 PolynomialMod2::AllOnes(size_t bitLength) -{ - PolynomialMod2 result((word)0, bitLength); - SetWords(result.reg, ~(word)0, result.reg.size()); - if (bitLength%WORD_BITS) - result.reg[result.reg.size()-1] = (word)Crop(result.reg[result.reg.size()-1], bitLength%WORD_BITS); - return result; -} - -void PolynomialMod2::SetBit(size_t n, int value) -{ - if (value) - { - reg.CleanGrow(n/WORD_BITS + 1); - reg[n/WORD_BITS] |= (word(1) << (n%WORD_BITS)); - } - else - { - if (n/WORD_BITS < reg.size()) - reg[n/WORD_BITS] &= ~(word(1) << (n%WORD_BITS)); - } -} - -byte PolynomialMod2::GetByte(size_t n) const -{ - if (n/WORD_SIZE >= reg.size()) - return 0; - else - return byte(reg[n/WORD_SIZE] >> ((n%WORD_SIZE)*8)); -} - -void PolynomialMod2::SetByte(size_t n, byte value) -{ - reg.CleanGrow(BytesToWords(n+1)); - reg[n/WORD_SIZE] &= ~(word(0xff) << 8*(n%WORD_SIZE)); - reg[n/WORD_SIZE] |= (word(value) << 8*(n%WORD_SIZE)); -} - -PolynomialMod2 PolynomialMod2::Monomial(size_t i) -{ - PolynomialMod2 r((word)0, i+1); - r.SetBit(i); - return r; -} - -PolynomialMod2 PolynomialMod2::Trinomial(size_t t0, size_t t1, size_t t2) -{ - PolynomialMod2 r((word)0, t0+1); - r.SetBit(t0); - r.SetBit(t1); - r.SetBit(t2); - return r; -} - -PolynomialMod2 PolynomialMod2::Pentanomial(size_t t0, size_t t1, size_t t2, size_t t3, size_t t4) -{ - PolynomialMod2 r((word)0, t0+1); - r.SetBit(t0); - r.SetBit(t1); - r.SetBit(t2); - r.SetBit(t3); - r.SetBit(t4); - return r; -} - -template <word i> -struct NewPolynomialMod2 -{ - PolynomialMod2 * operator()() const - { - return new PolynomialMod2(i); - } -}; - -const PolynomialMod2 &PolynomialMod2::Zero() -{ - return Singleton<PolynomialMod2>().Ref(); -} - -const PolynomialMod2 &PolynomialMod2::One() -{ - return Singleton<PolynomialMod2, NewPolynomialMod2<1> >().Ref(); -} - -void PolynomialMod2::Decode(const byte *input, size_t inputLen) -{ - StringStore store(input, inputLen); - Decode(store, inputLen); -} - -void PolynomialMod2::Encode(byte *output, size_t outputLen) const -{ - ArraySink sink(output, outputLen); - Encode(sink, outputLen); -} - -void PolynomialMod2::Decode(BufferedTransformation &bt, size_t inputLen) -{ - reg.CleanNew(BytesToWords(inputLen)); - - for (size_t i=inputLen; i > 0; i--) - { - byte b; - bt.Get(b); - reg[(i-1)/WORD_SIZE] |= word(b) << ((i-1)%WORD_SIZE)*8; - } -} - -void PolynomialMod2::Encode(BufferedTransformation &bt, size_t outputLen) const -{ - for (size_t i=outputLen; i > 0; i--) - bt.Put(GetByte(i-1)); -} - -void PolynomialMod2::DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const -{ - DERGeneralEncoder enc(bt, OCTET_STRING); - Encode(enc, length); - enc.MessageEnd(); -} - -void PolynomialMod2::BERDecodeAsOctetString(BufferedTransformation &bt, size_t length) -{ - BERGeneralDecoder dec(bt, OCTET_STRING); - if (!dec.IsDefiniteLength() || dec.RemainingLength() != length) - BERDecodeError(); - Decode(dec, length); - dec.MessageEnd(); -} - -unsigned int PolynomialMod2::WordCount() const -{ - return (unsigned int)CountWords(reg, reg.size()); -} - -unsigned int PolynomialMod2::ByteCount() const -{ - unsigned wordCount = WordCount(); - if (wordCount) - return (wordCount-1)*WORD_SIZE + BytePrecision(reg[wordCount-1]); - else - return 0; -} - -unsigned int PolynomialMod2::BitCount() const -{ - unsigned wordCount = WordCount(); - if (wordCount) - return (wordCount-1)*WORD_BITS + BitPrecision(reg[wordCount-1]); - else - return 0; -} - -unsigned int PolynomialMod2::Parity() const -{ - unsigned i; - word temp=0; - for (i=0; i<reg.size(); i++) - temp ^= reg[i]; - return CryptoPP::Parity(temp); -} - -PolynomialMod2& PolynomialMod2::operator=(const PolynomialMod2& t) -{ - reg.Assign(t.reg); - return *this; -} - -PolynomialMod2& PolynomialMod2::operator^=(const PolynomialMod2& t) -{ - reg.CleanGrow(t.reg.size()); - XorWords(reg, t.reg, t.reg.size()); - return *this; -} - -PolynomialMod2 PolynomialMod2::Xor(const PolynomialMod2 &b) const -{ - if (b.reg.size() >= reg.size()) - { - PolynomialMod2 result((word)0, b.reg.size()*WORD_BITS); - XorWords(result.reg, reg, b.reg, reg.size()); - CopyWords(result.reg+reg.size(), b.reg+reg.size(), b.reg.size()-reg.size()); - return result; - } - else - { - PolynomialMod2 result((word)0, reg.size()*WORD_BITS); - XorWords(result.reg, reg, b.reg, b.reg.size()); - CopyWords(result.reg+b.reg.size(), reg+b.reg.size(), reg.size()-b.reg.size()); - return result; - } -} - -PolynomialMod2 PolynomialMod2::And(const PolynomialMod2 &b) const -{ - PolynomialMod2 result((word)0, WORD_BITS*STDMIN(reg.size(), b.reg.size())); - AndWords(result.reg, reg, b.reg, result.reg.size()); - return result; -} - -PolynomialMod2 PolynomialMod2::Times(const PolynomialMod2 &b) const -{ - PolynomialMod2 result((word)0, BitCount() + b.BitCount()); - - for (int i=b.Degree(); i>=0; i--) - { - result <<= 1; - if (b[i]) - XorWords(result.reg, reg, reg.size()); - } - return result; -} - -PolynomialMod2 PolynomialMod2::Squared() const -{ - static const word map[16] = {0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85}; - - PolynomialMod2 result((word)0, 2*reg.size()*WORD_BITS); - - for (unsigned i=0; i<reg.size(); i++) - { - unsigned j; - - for (j=0; j<WORD_BITS; j+=8) - result.reg[2*i] |= map[(reg[i] >> (j/2)) % 16] << j; - - for (j=0; j<WORD_BITS; j+=8) - result.reg[2*i+1] |= map[(reg[i] >> (j/2 + WORD_BITS/2)) % 16] << j; - } - - return result; -} - -void PolynomialMod2::Divide(PolynomialMod2 &remainder, PolynomialMod2 "ient, - const PolynomialMod2 ÷nd, const PolynomialMod2 &divisor) -{ - if (!divisor) - throw PolynomialMod2::DivideByZero(); - - int degree = divisor.Degree(); - remainder.reg.CleanNew(BitsToWords(degree+1)); - if (dividend.BitCount() >= divisor.BitCount()) - quotient.reg.CleanNew(BitsToWords(dividend.BitCount() - divisor.BitCount() + 1)); - else - quotient.reg.CleanNew(0); - - for (int i=dividend.Degree(); i>=0; i--) - { - remainder <<= 1; - remainder.reg[0] |= dividend[i]; - if (remainder[degree]) - { - remainder -= divisor; - quotient.SetBit(i); - } - } -} - -PolynomialMod2 PolynomialMod2::DividedBy(const PolynomialMod2 &b) const -{ - PolynomialMod2 remainder, quotient; - PolynomialMod2::Divide(remainder, quotient, *this, b); - return quotient; -} - -PolynomialMod2 PolynomialMod2::Modulo(const PolynomialMod2 &b) const -{ - PolynomialMod2 remainder, quotient; - PolynomialMod2::Divide(remainder, quotient, *this, b); - return remainder; -} - -PolynomialMod2& PolynomialMod2::operator<<=(unsigned int n) -{ - if (!reg.size()) - return *this; - - int i; - word u; - word carry=0; - word *r=reg; - - if (n==1) // special case code for most frequent case - { - i = (int)reg.size(); - while (i--) - { - u = *r; - *r = (u << 1) | carry; - carry = u >> (WORD_BITS-1); - r++; - } - - if (carry) - { - reg.Grow(reg.size()+1); - reg[reg.size()-1] = carry; - } - - return *this; - } - - int shiftWords = n / WORD_BITS; - int shiftBits = n % WORD_BITS; - - if (shiftBits) - { - i = (int)reg.size(); - while (i--) - { - u = *r; - *r = (u << shiftBits) | carry; - carry = u >> (WORD_BITS-shiftBits); - r++; - } - } - - if (carry) - { - reg.Grow(reg.size()+shiftWords+1); - reg[reg.size()-1] = carry; - } - else - reg.Grow(reg.size()+shiftWords); - - if (shiftWords) - { - for (i = (int)reg.size()-1; i>=shiftWords; i--) - reg[i] = reg[i-shiftWords]; - for (; i>=0; i--) - reg[i] = 0; - } - - return *this; -} - -PolynomialMod2& PolynomialMod2::operator>>=(unsigned int n) -{ - if (!reg.size()) - return *this; - - int shiftWords = n / WORD_BITS; - int shiftBits = n % WORD_BITS; - - size_t i; - word u; - word carry=0; - word *r=reg+reg.size()-1; - - if (shiftBits) - { - i = reg.size(); - while (i--) - { - u = *r; - *r = (u >> shiftBits) | carry; - carry = u << (WORD_BITS-shiftBits); - r--; - } - } - - if (shiftWords) - { - for (i=0; i<reg.size()-shiftWords; i++) - reg[i] = reg[i+shiftWords]; - for (; i<reg.size(); i++) - reg[i] = 0; - } - - return *this; -} - -PolynomialMod2 PolynomialMod2::operator<<(unsigned int n) const -{ - PolynomialMod2 result(*this); - return result<<=n; -} - -PolynomialMod2 PolynomialMod2::operator>>(unsigned int n) const -{ - PolynomialMod2 result(*this); - return result>>=n; -} - -bool PolynomialMod2::operator!() const -{ - for (unsigned i=0; i<reg.size(); i++) - if (reg[i]) return false; - return true; -} - -bool PolynomialMod2::Equals(const PolynomialMod2 &rhs) const -{ - size_t i, smallerSize = STDMIN(reg.size(), rhs.reg.size()); - - for (i=0; i<smallerSize; i++) - if (reg[i] != rhs.reg[i]) return false; - - for (i=smallerSize; i<reg.size(); i++) - if (reg[i] != 0) return false; - - for (i=smallerSize; i<rhs.reg.size(); i++) - if (rhs.reg[i] != 0) return false; - - return true; -} - -std::ostream& operator<<(std::ostream& out, const PolynomialMod2 &a) -{ - // Get relevant conversion specifications from ostream. - long f = out.flags() & std::ios::basefield; // Get base digits. - int bits, block; - char suffix; - switch(f) - { - case std::ios::oct : - bits = 3; - block = 4; - suffix = 'o'; - break; - case std::ios::hex : - bits = 4; - block = 2; - suffix = 'h'; - break; - default : - bits = 1; - block = 8; - suffix = 'b'; - } - - if (!a) - return out << '0' << suffix; - - SecBlock<char> s(a.BitCount()/bits+1); - unsigned i; - - static const char upper[]="0123456789ABCDEF"; - static const char lower[]="0123456789abcdef"; - const char* vec = (out.flags() & std::ios::uppercase) ? upper : lower; - - for (i=0; i*bits < a.BitCount(); i++) - { - int digit=0; - for (int j=0; j<bits; j++) - digit |= a[i*bits+j] << j; - s[i]=vec[digit]; - } - - while (i--) - { - out << s[i]; - if (i && (i%block)==0) - out << ','; - } - - return out << suffix; -} - -PolynomialMod2 PolynomialMod2::Gcd(const PolynomialMod2 &a, const PolynomialMod2 &b) -{ - return EuclideanDomainOf<PolynomialMod2>().Gcd(a, b); -} - -PolynomialMod2 PolynomialMod2::InverseMod(const PolynomialMod2 &modulus) const -{ - typedef EuclideanDomainOf<PolynomialMod2> Domain; - return QuotientRing<Domain>(Domain(), modulus).MultiplicativeInverse(*this); -} - -bool PolynomialMod2::IsIrreducible() const -{ - signed int d = Degree(); - if (d <= 0) - return false; - - PolynomialMod2 t(2), u(t); - for (int i=1; i<=d/2; i++) - { - u = u.Squared()%(*this); - if (!Gcd(u+t, *this).IsUnit()) - return false; - } - return true; -} - -// ******************************************************** - -GF2NP::GF2NP(const PolynomialMod2 &modulus) - : QuotientRing<EuclideanDomainOf<PolynomialMod2> >(EuclideanDomainOf<PolynomialMod2>(), modulus), m(modulus.Degree()) -{ -} - -GF2NP::Element GF2NP::SquareRoot(const Element &a) const -{ - Element r = a; - for (unsigned int i=1; i<m; i++) - r = Square(r); - return r; -} - -GF2NP::Element GF2NP::HalfTrace(const Element &a) const -{ - assert(m%2 == 1); - Element h = a; - for (unsigned int i=1; i<=(m-1)/2; i++) - h = Add(Square(Square(h)), a); - return h; -} - -GF2NP::Element GF2NP::SolveQuadraticEquation(const Element &a) const -{ - if (m%2 == 0) - { - Element z, w; - RandomPool rng; - do - { - Element p((RandomNumberGenerator &)rng, m); - z = PolynomialMod2::Zero(); - w = p; - for (unsigned int i=1; i<=m-1; i++) - { - w = Square(w); - z = Square(z); - Accumulate(z, Multiply(w, a)); - Accumulate(w, p); - } - } while (w.IsZero()); - return z; - } - else - return HalfTrace(a); -} - -// ******************************************************** - -GF2NT::GF2NT(unsigned int t0, unsigned int t1, unsigned int t2) - : GF2NP(PolynomialMod2::Trinomial(t0, t1, t2)) - , t0(t0), t1(t1) - , result((word)0, m) -{ - assert(t0 > t1 && t1 > t2 && t2==0); -} - -const GF2NT::Element& GF2NT::MultiplicativeInverse(const Element &a) const -{ - if (t0-t1 < WORD_BITS) - return GF2NP::MultiplicativeInverse(a); - - SecWordBlock T(m_modulus.reg.size() * 4); - word *b = T; - word *c = T+m_modulus.reg.size(); - word *f = T+2*m_modulus.reg.size(); - word *g = T+3*m_modulus.reg.size(); - size_t bcLen=1, fgLen=m_modulus.reg.size(); - unsigned int k=0; - - SetWords(T, 0, 3*m_modulus.reg.size()); - b[0]=1; - assert(a.reg.size() <= m_modulus.reg.size()); - CopyWords(f, a.reg, a.reg.size()); - CopyWords(g, m_modulus.reg, m_modulus.reg.size()); - - while (1) - { - word t=f[0]; - while (!t) - { - ShiftWordsRightByWords(f, fgLen, 1); - if (c[bcLen-1]) - bcLen++; - assert(bcLen <= m_modulus.reg.size()); - ShiftWordsLeftByWords(c, bcLen, 1); - k+=WORD_BITS; - t=f[0]; - } - - unsigned int i=0; - while (t%2 == 0) - { - t>>=1; - i++; - } - k+=i; - - if (t==1 && CountWords(f, fgLen)==1) - break; - - if (i==1) - { - ShiftWordsRightByBits(f, fgLen, 1); - t=ShiftWordsLeftByBits(c, bcLen, 1); - } - else - { - ShiftWordsRightByBits(f, fgLen, i); - t=ShiftWordsLeftByBits(c, bcLen, i); - } - if (t) - { - c[bcLen] = t; - bcLen++; - assert(bcLen <= m_modulus.reg.size()); - } - - if (f[fgLen-1]==0 && g[fgLen-1]==0) - fgLen--; - - if (f[fgLen-1] < g[fgLen-1]) - { - std::swap(f, g); - std::swap(b, c); - } - - XorWords(f, g, fgLen); - XorWords(b, c, bcLen); - } - - while (k >= WORD_BITS) - { - word temp = b[0]; - // right shift b - for (unsigned i=0; i+1<BitsToWords(m); i++) - b[i] = b[i+1]; - b[BitsToWords(m)-1] = 0; - - if (t1 < WORD_BITS) - for (unsigned int j=0; j<WORD_BITS-t1; j++) - temp ^= ((temp >> j) & 1) << (t1 + j); - else - b[t1/WORD_BITS-1] ^= temp << t1%WORD_BITS; - - if (t1 % WORD_BITS) - b[t1/WORD_BITS] ^= temp >> (WORD_BITS - t1%WORD_BITS); - - if (t0%WORD_BITS) - { - b[t0/WORD_BITS-1] ^= temp << t0%WORD_BITS; - b[t0/WORD_BITS] ^= temp >> (WORD_BITS - t0%WORD_BITS); - } - else - b[t0/WORD_BITS-1] ^= temp; - - k -= WORD_BITS; - } - - if (k) - { - word temp = b[0] << (WORD_BITS - k); - ShiftWordsRightByBits(b, BitsToWords(m), k); - - if (t1 < WORD_BITS) - for (unsigned int j=0; j<WORD_BITS-t1; j++) - temp ^= ((temp >> j) & 1) << (t1 + j); - else - b[t1/WORD_BITS-1] ^= temp << t1%WORD_BITS; - - if (t1 % WORD_BITS) - b[t1/WORD_BITS] ^= temp >> (WORD_BITS - t1%WORD_BITS); - - if (t0%WORD_BITS) - { - b[t0/WORD_BITS-1] ^= temp << t0%WORD_BITS; - b[t0/WORD_BITS] ^= temp >> (WORD_BITS - t0%WORD_BITS); - } - else - b[t0/WORD_BITS-1] ^= temp; - } - - CopyWords(result.reg.begin(), b, result.reg.size()); - return result; -} - -const GF2NT::Element& GF2NT::Multiply(const Element &a, const Element &b) const -{ - size_t aSize = STDMIN(a.reg.size(), result.reg.size()); - Element r((word)0, m); - - for (int i=m-1; i>=0; i--) - { - if (r[m-1]) - { - ShiftWordsLeftByBits(r.reg.begin(), r.reg.size(), 1); - XorWords(r.reg.begin(), m_modulus.reg, r.reg.size()); - } - else - ShiftWordsLeftByBits(r.reg.begin(), r.reg.size(), 1); - - if (b[i]) - XorWords(r.reg.begin(), a.reg, aSize); - } - - if (m%WORD_BITS) - r.reg.begin()[r.reg.size()-1] = (word)Crop(r.reg[r.reg.size()-1], m%WORD_BITS); - - CopyWords(result.reg.begin(), r.reg.begin(), result.reg.size()); - return result; -} - -const GF2NT::Element& GF2NT::Reduced(const Element &a) const -{ - if (t0-t1 < WORD_BITS) - return m_domain.Mod(a, m_modulus); - - SecWordBlock b(a.reg); - - size_t i; - for (i=b.size()-1; i>=BitsToWords(t0); i--) - { - word temp = b[i]; - - if (t0%WORD_BITS) - { - b[i-t0/WORD_BITS] ^= temp >> t0%WORD_BITS; - b[i-t0/WORD_BITS-1] ^= temp << (WORD_BITS - t0%WORD_BITS); - } - else - b[i-t0/WORD_BITS] ^= temp; - - if ((t0-t1)%WORD_BITS) - { - b[i-(t0-t1)/WORD_BITS] ^= temp >> (t0-t1)%WORD_BITS; - b[i-(t0-t1)/WORD_BITS-1] ^= temp << (WORD_BITS - (t0-t1)%WORD_BITS); - } - else - b[i-(t0-t1)/WORD_BITS] ^= temp; - } - - if (i==BitsToWords(t0)-1 && t0%WORD_BITS) - { - word mask = ((word)1<<(t0%WORD_BITS))-1; - word temp = b[i] & ~mask; - b[i] &= mask; - - b[i-t0/WORD_BITS] ^= temp >> t0%WORD_BITS; - - if ((t0-t1)%WORD_BITS) - { - b[i-(t0-t1)/WORD_BITS] ^= temp >> (t0-t1)%WORD_BITS; - if ((t0-t1)%WORD_BITS > t0%WORD_BITS) - b[i-(t0-t1)/WORD_BITS-1] ^= temp << (WORD_BITS - (t0-t1)%WORD_BITS); - else - assert(temp << (WORD_BITS - (t0-t1)%WORD_BITS) == 0); - } - else - b[i-(t0-t1)/WORD_BITS] ^= temp; - } - - SetWords(result.reg.begin(), 0, result.reg.size()); - CopyWords(result.reg.begin(), b, STDMIN(b.size(), result.reg.size())); - return result; -} - -void GF2NP::DEREncodeElement(BufferedTransformation &out, const Element &a) const -{ - a.DEREncodeAsOctetString(out, MaxElementByteLength()); -} - -void GF2NP::BERDecodeElement(BufferedTransformation &in, Element &a) const -{ - a.BERDecodeAsOctetString(in, MaxElementByteLength()); -} - -void GF2NT::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - ASN1::characteristic_two_field().DEREncode(seq); - DERSequenceEncoder parameters(seq); - DEREncodeUnsigned(parameters, m); - ASN1::tpBasis().DEREncode(parameters); - DEREncodeUnsigned(parameters, t1); - parameters.MessageEnd(); - seq.MessageEnd(); -} - -void GF2NPP::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - ASN1::characteristic_two_field().DEREncode(seq); - DERSequenceEncoder parameters(seq); - DEREncodeUnsigned(parameters, m); - ASN1::ppBasis().DEREncode(parameters); - DERSequenceEncoder pentanomial(parameters); - DEREncodeUnsigned(pentanomial, t3); - DEREncodeUnsigned(pentanomial, t2); - DEREncodeUnsigned(pentanomial, t1); - pentanomial.MessageEnd(); - parameters.MessageEnd(); - seq.MessageEnd(); -} - -GF2NP * BERDecodeGF2NP(BufferedTransformation &bt) -{ - // VC60 workaround: auto_ptr lacks reset() - member_ptr<GF2NP> result; - - BERSequenceDecoder seq(bt); - if (OID(seq) != ASN1::characteristic_two_field()) - BERDecodeError(); - BERSequenceDecoder parameters(seq); - unsigned int m; - BERDecodeUnsigned(parameters, m); - OID oid(parameters); - if (oid == ASN1::tpBasis()) - { - unsigned int t1; - BERDecodeUnsigned(parameters, t1); - result.reset(new GF2NT(m, t1, 0)); - } - else if (oid == ASN1::ppBasis()) - { - unsigned int t1, t2, t3; - BERSequenceDecoder pentanomial(parameters); - BERDecodeUnsigned(pentanomial, t3); - BERDecodeUnsigned(pentanomial, t2); - BERDecodeUnsigned(pentanomial, t1); - pentanomial.MessageEnd(); - result.reset(new GF2NPP(m, t3, t2, t1, 0)); - } - else - { - BERDecodeError(); - return NULL; - } - parameters.MessageEnd(); - seq.MessageEnd(); - - return result.release(); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/gf2n.h b/cryptopp562/gf2n.h deleted file mode 100644 index 67ade64..0000000 --- a/cryptopp562/gf2n.h +++ /dev/null @@ -1,369 +0,0 @@ -#ifndef CRYPTOPP_GF2N_H -#define CRYPTOPP_GF2N_H - -/*! \file */ - -#include "cryptlib.h" -#include "secblock.h" -#include "misc.h" -#include "algebra.h" - -#include <iosfwd> - -NAMESPACE_BEGIN(CryptoPP) - -//! Polynomial with Coefficients in GF(2) -/*! \nosubgrouping */ -class CRYPTOPP_DLL PolynomialMod2 -{ -public: - //! \name ENUMS, EXCEPTIONS, and TYPEDEFS - //@{ - //! divide by zero exception - class DivideByZero : public Exception - { - public: - DivideByZero() : Exception(OTHER_ERROR, "PolynomialMod2: division by zero") {} - }; - - typedef unsigned int RandomizationParameter; - //@} - - //! \name CREATORS - //@{ - //! creates the zero polynomial - PolynomialMod2(); - //! copy constructor - PolynomialMod2(const PolynomialMod2& t); - - //! convert from word - /*! value should be encoded with the least significant bit as coefficient to x^0 - and most significant bit as coefficient to x^(WORD_BITS-1) - bitLength denotes how much memory to allocate initially - */ - PolynomialMod2(word value, size_t bitLength=WORD_BITS); - - //! convert from big-endian byte array - PolynomialMod2(const byte *encodedPoly, size_t byteCount) - {Decode(encodedPoly, byteCount);} - - //! convert from big-endian form stored in a BufferedTransformation - PolynomialMod2(BufferedTransformation &encodedPoly, size_t byteCount) - {Decode(encodedPoly, byteCount);} - - //! create a random polynomial uniformly distributed over all polynomials with degree less than bitcount - PolynomialMod2(RandomNumberGenerator &rng, size_t bitcount) - {Randomize(rng, bitcount);} - - //! return x^i - static PolynomialMod2 CRYPTOPP_API Monomial(size_t i); - //! return x^t0 + x^t1 + x^t2 - static PolynomialMod2 CRYPTOPP_API Trinomial(size_t t0, size_t t1, size_t t2); - //! return x^t0 + x^t1 + x^t2 + x^t3 + x^t4 - static PolynomialMod2 CRYPTOPP_API Pentanomial(size_t t0, size_t t1, size_t t2, size_t t3, size_t t4); - //! return x^(n-1) + ... + x + 1 - static PolynomialMod2 CRYPTOPP_API AllOnes(size_t n); - - //! - static const PolynomialMod2 & CRYPTOPP_API Zero(); - //! - static const PolynomialMod2 & CRYPTOPP_API One(); - //@} - - //! \name ENCODE/DECODE - //@{ - //! minimum number of bytes to encode this polynomial - /*! MinEncodedSize of 0 is 1 */ - unsigned int MinEncodedSize() const {return STDMAX(1U, ByteCount());} - - //! encode in big-endian format - /*! if outputLen < MinEncodedSize, the most significant bytes will be dropped - if outputLen > MinEncodedSize, the most significant bytes will be padded - */ - void Encode(byte *output, size_t outputLen) const; - //! - void Encode(BufferedTransformation &bt, size_t outputLen) const; - - //! - void Decode(const byte *input, size_t inputLen); - //! - //* Precondition: bt.MaxRetrievable() >= inputLen - void Decode(BufferedTransformation &bt, size_t inputLen); - - //! encode value as big-endian octet string - void DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const; - //! decode value as big-endian octet string - void BERDecodeAsOctetString(BufferedTransformation &bt, size_t length); - //@} - - //! \name ACCESSORS - //@{ - //! number of significant bits = Degree() + 1 - unsigned int BitCount() const; - //! number of significant bytes = ceiling(BitCount()/8) - unsigned int ByteCount() const; - //! number of significant words = ceiling(ByteCount()/sizeof(word)) - unsigned int WordCount() const; - - //! return the n-th bit, n=0 being the least significant bit - bool GetBit(size_t n) const {return GetCoefficient(n)!=0;} - //! return the n-th byte - byte GetByte(size_t n) const; - - //! the zero polynomial will return a degree of -1 - signed int Degree() const {return BitCount()-1;} - //! degree + 1 - unsigned int CoefficientCount() const {return BitCount();} - //! return coefficient for x^i - int GetCoefficient(size_t i) const - {return (i/WORD_BITS < reg.size()) ? int(reg[i/WORD_BITS] >> (i % WORD_BITS)) & 1 : 0;} - //! return coefficient for x^i - int operator[](unsigned int i) const {return GetCoefficient(i);} - - //! - bool IsZero() const {return !*this;} - //! - bool Equals(const PolynomialMod2 &rhs) const; - //@} - - //! \name MANIPULATORS - //@{ - //! - PolynomialMod2& operator=(const PolynomialMod2& t); - //! - PolynomialMod2& operator&=(const PolynomialMod2& t); - //! - PolynomialMod2& operator^=(const PolynomialMod2& t); - //! - PolynomialMod2& operator+=(const PolynomialMod2& t) {return *this ^= t;} - //! - PolynomialMod2& operator-=(const PolynomialMod2& t) {return *this ^= t;} - //! - PolynomialMod2& operator*=(const PolynomialMod2& t); - //! - PolynomialMod2& operator/=(const PolynomialMod2& t); - //! - PolynomialMod2& operator%=(const PolynomialMod2& t); - //! - PolynomialMod2& operator<<=(unsigned int); - //! - PolynomialMod2& operator>>=(unsigned int); - - //! - void Randomize(RandomNumberGenerator &rng, size_t bitcount); - - //! - void SetBit(size_t i, int value = 1); - //! set the n-th byte to value - void SetByte(size_t n, byte value); - - //! - void SetCoefficient(size_t i, int value) {SetBit(i, value);} - - //! - void swap(PolynomialMod2 &a) {reg.swap(a.reg);} - //@} - - //! \name UNARY OPERATORS - //@{ - //! - bool operator!() const; - //! - PolynomialMod2 operator+() const {return *this;} - //! - PolynomialMod2 operator-() const {return *this;} - //@} - - //! \name BINARY OPERATORS - //@{ - //! - PolynomialMod2 And(const PolynomialMod2 &b) const; - //! - PolynomialMod2 Xor(const PolynomialMod2 &b) const; - //! - PolynomialMod2 Plus(const PolynomialMod2 &b) const {return Xor(b);} - //! - PolynomialMod2 Minus(const PolynomialMod2 &b) const {return Xor(b);} - //! - PolynomialMod2 Times(const PolynomialMod2 &b) const; - //! - PolynomialMod2 DividedBy(const PolynomialMod2 &b) const; - //! - PolynomialMod2 Modulo(const PolynomialMod2 &b) const; - - //! - PolynomialMod2 operator>>(unsigned int n) const; - //! - PolynomialMod2 operator<<(unsigned int n) const; - //@} - - //! \name OTHER ARITHMETIC FUNCTIONS - //@{ - //! sum modulo 2 of all coefficients - unsigned int Parity() const; - - //! check for irreducibility - bool IsIrreducible() const; - - //! is always zero since we're working modulo 2 - PolynomialMod2 Doubled() const {return Zero();} - //! - PolynomialMod2 Squared() const; - - //! only 1 is a unit - bool IsUnit() const {return Equals(One());} - //! return inverse if *this is a unit, otherwise return 0 - PolynomialMod2 MultiplicativeInverse() const {return IsUnit() ? One() : Zero();} - - //! greatest common divisor - static PolynomialMod2 CRYPTOPP_API Gcd(const PolynomialMod2 &a, const PolynomialMod2 &n); - //! calculate multiplicative inverse of *this mod n - PolynomialMod2 InverseMod(const PolynomialMod2 &) const; - - //! calculate r and q such that (a == d*q + r) && (deg(r) < deg(d)) - static void CRYPTOPP_API Divide(PolynomialMod2 &r, PolynomialMod2 &q, const PolynomialMod2 &a, const PolynomialMod2 &d); - //@} - - //! \name INPUT/OUTPUT - //@{ - //! - friend std::ostream& operator<<(std::ostream& out, const PolynomialMod2 &a); - //@} - -private: - friend class GF2NT; - - SecWordBlock reg; -}; - -//! -inline bool operator==(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) -{return a.Equals(b);} -//! -inline bool operator!=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) -{return !(a==b);} -//! compares degree -inline bool operator> (const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) -{return a.Degree() > b.Degree();} -//! compares degree -inline bool operator>=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) -{return a.Degree() >= b.Degree();} -//! compares degree -inline bool operator< (const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) -{return a.Degree() < b.Degree();} -//! compares degree -inline bool operator<=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) -{return a.Degree() <= b.Degree();} -//! -inline CryptoPP::PolynomialMod2 operator&(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.And(b);} -//! -inline CryptoPP::PolynomialMod2 operator^(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Xor(b);} -//! -inline CryptoPP::PolynomialMod2 operator+(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Plus(b);} -//! -inline CryptoPP::PolynomialMod2 operator-(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Minus(b);} -//! -inline CryptoPP::PolynomialMod2 operator*(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Times(b);} -//! -inline CryptoPP::PolynomialMod2 operator/(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.DividedBy(b);} -//! -inline CryptoPP::PolynomialMod2 operator%(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Modulo(b);} - -// CodeWarrior 8 workaround: put these template instantiations after overloaded operator declarations, -// but before the use of QuotientRing<EuclideanDomainOf<PolynomialMod2> > for VC .NET 2003 -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<PolynomialMod2>; -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractRing<PolynomialMod2>; -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractEuclideanDomain<PolynomialMod2>; -CRYPTOPP_DLL_TEMPLATE_CLASS EuclideanDomainOf<PolynomialMod2>; -CRYPTOPP_DLL_TEMPLATE_CLASS QuotientRing<EuclideanDomainOf<PolynomialMod2> >; - -//! GF(2^n) with Polynomial Basis -class CRYPTOPP_DLL GF2NP : public QuotientRing<EuclideanDomainOf<PolynomialMod2> > -{ -public: - GF2NP(const PolynomialMod2 &modulus); - - virtual GF2NP * Clone() const {return new GF2NP(*this);} - virtual void DEREncode(BufferedTransformation &bt) const - {assert(false);} // no ASN.1 syntax yet for general polynomial basis - - void DEREncodeElement(BufferedTransformation &out, const Element &a) const; - void BERDecodeElement(BufferedTransformation &in, Element &a) const; - - bool Equal(const Element &a, const Element &b) const - {assert(a.Degree() < m_modulus.Degree() && b.Degree() < m_modulus.Degree()); return a.Equals(b);} - - bool IsUnit(const Element &a) const - {assert(a.Degree() < m_modulus.Degree()); return !!a;} - - unsigned int MaxElementBitLength() const - {return m;} - - unsigned int MaxElementByteLength() const - {return (unsigned int)BitsToBytes(MaxElementBitLength());} - - Element SquareRoot(const Element &a) const; - - Element HalfTrace(const Element &a) const; - - // returns z such that z^2 + z == a - Element SolveQuadraticEquation(const Element &a) const; - -protected: - unsigned int m; -}; - -//! GF(2^n) with Trinomial Basis -class CRYPTOPP_DLL GF2NT : public GF2NP -{ -public: - // polynomial modulus = x^t0 + x^t1 + x^t2, t0 > t1 > t2 - GF2NT(unsigned int t0, unsigned int t1, unsigned int t2); - - GF2NP * Clone() const {return new GF2NT(*this);} - void DEREncode(BufferedTransformation &bt) const; - - const Element& Multiply(const Element &a, const Element &b) const; - - const Element& Square(const Element &a) const - {return Reduced(a.Squared());} - - const Element& MultiplicativeInverse(const Element &a) const; - -private: - const Element& Reduced(const Element &a) const; - - unsigned int t0, t1; - mutable PolynomialMod2 result; -}; - -//! GF(2^n) with Pentanomial Basis -class CRYPTOPP_DLL GF2NPP : public GF2NP -{ -public: - // polynomial modulus = x^t0 + x^t1 + x^t2 + x^t3 + x^t4, t0 > t1 > t2 > t3 > t4 - GF2NPP(unsigned int t0, unsigned int t1, unsigned int t2, unsigned int t3, unsigned int t4) - : GF2NP(PolynomialMod2::Pentanomial(t0, t1, t2, t3, t4)), t0(t0), t1(t1), t2(t2), t3(t3) {} - - GF2NP * Clone() const {return new GF2NPP(*this);} - void DEREncode(BufferedTransformation &bt) const; - -private: - unsigned int t0, t1, t2, t3; -}; - -// construct new GF2NP from the ASN.1 sequence Characteristic-two -CRYPTOPP_DLL GF2NP * CRYPTOPP_API BERDecodeGF2NP(BufferedTransformation &bt); - -NAMESPACE_END - -#ifndef __BORLANDC__ -NAMESPACE_BEGIN(std) -template<> inline void swap(CryptoPP::PolynomialMod2 &a, CryptoPP::PolynomialMod2 &b) -{ - a.swap(b); -} -NAMESPACE_END -#endif - -#endif diff --git a/cryptopp562/gfpcrypt.cpp b/cryptopp562/gfpcrypt.cpp deleted file mode 100644 index e293fc5..0000000 --- a/cryptopp562/gfpcrypt.cpp +++ /dev/null @@ -1,273 +0,0 @@ -// dsa.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "gfpcrypt.h" -#include "asn.h" -#include "oids.h" -#include "nbtheory.h" - -NAMESPACE_BEGIN(CryptoPP) - -void TestInstantiations_gfpcrypt() -{ - GDSA<SHA>::Signer test; - GDSA<SHA>::Verifier test1; - DSA::Signer test5(NullRNG(), 100); - DSA::Signer test2(test5); - NR<SHA>::Signer test3; - NR<SHA>::Verifier test4; - DLIES<>::Encryptor test6; - DLIES<>::Decryptor test7; -} - -void DL_GroupParameters_DSA::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - Integer p, q, g; - - if (alg.GetValue("Modulus", p) && alg.GetValue("SubgroupGenerator", g)) - { - q = alg.GetValueWithDefault("SubgroupOrder", ComputeGroupOrder(p)/2); - Initialize(p, q, g); - } - else - { - int modulusSize = 1024, defaultSubgroupOrderSize; - alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize); - - switch (modulusSize) - { - case 1024: - defaultSubgroupOrderSize = 160; - break; - case 2048: - defaultSubgroupOrderSize = 224; - break; - case 3072: - defaultSubgroupOrderSize = 256; - break; - default: - throw InvalidArgument("DSA: not a valid prime length"); - } - - DL_GroupParameters_GFP::GenerateRandom(rng, CombinedNameValuePairs(alg, MakeParameters(Name::SubgroupOrderSize(), defaultSubgroupOrderSize, false))); - } -} - -bool DL_GroupParameters_DSA::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = DL_GroupParameters_GFP::ValidateGroup(rng, level); - int pSize = GetModulus().BitCount(), qSize = GetSubgroupOrder().BitCount(); - pass = pass && ((pSize==1024 && qSize==160) || (pSize==2048 && qSize==224) || (pSize==2048 && qSize==256) || (pSize==3072 && qSize==256)); - return pass; -} - -void DL_SignatureMessageEncodingMethod_DSA::ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - assert(recoverableMessageLength == 0); - assert(hashIdentifier.second == 0); - const size_t representativeByteLength = BitsToBytes(representativeBitLength); - const size_t digestSize = hash.DigestSize(); - const size_t paddingLength = SaturatingSubtract(representativeByteLength, digestSize); - - memset(representative, 0, paddingLength); - hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize)); - - if (digestSize*8 > representativeBitLength) - { - Integer h(representative, representativeByteLength); - h >>= representativeByteLength*8 - representativeBitLength; - h.Encode(representative, representativeByteLength); - } -} - -void DL_SignatureMessageEncodingMethod_NR::ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - assert(recoverableMessageLength == 0); - assert(hashIdentifier.second == 0); - const size_t representativeByteLength = BitsToBytes(representativeBitLength); - const size_t digestSize = hash.DigestSize(); - const size_t paddingLength = SaturatingSubtract(representativeByteLength, digestSize); - - memset(representative, 0, paddingLength); - hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize)); - - if (digestSize*8 >= representativeBitLength) - { - Integer h(representative, representativeByteLength); - h >>= representativeByteLength*8 - representativeBitLength + 1; - h.Encode(representative, representativeByteLength); - } -} - -bool DL_GroupParameters_IntegerBased::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const -{ - const Integer &p = GetModulus(), &q = GetSubgroupOrder(); - - bool pass = true; - pass = pass && p > Integer::One() && p.IsOdd(); - pass = pass && q > Integer::One() && q.IsOdd(); - - if (level >= 1) - pass = pass && GetCofactor() > Integer::One() && GetGroupOrder() % q == Integer::Zero(); - if (level >= 2) - pass = pass && VerifyPrime(rng, q, level-2) && VerifyPrime(rng, p, level-2); - - return pass; -} - -bool DL_GroupParameters_IntegerBased::ValidateElement(unsigned int level, const Integer &g, const DL_FixedBasePrecomputation<Integer> *gpc) const -{ - const Integer &p = GetModulus(), &q = GetSubgroupOrder(); - - bool pass = true; - pass = pass && GetFieldType() == 1 ? g.IsPositive() : g.NotNegative(); - pass = pass && g < p && !IsIdentity(g); - - if (level >= 1) - { - if (gpc) - pass = pass && gpc->Exponentiate(GetGroupPrecomputation(), Integer::One()) == g; - } - if (level >= 2) - { - if (GetFieldType() == 2) - pass = pass && Jacobi(g*g-4, p)==-1; - - // verifying that Lucas((p+1)/2, w, p)==2 is omitted because it's too costly - // and at most 1 bit is leaked if it's false - bool fullValidate = (GetFieldType() == 2 && level >= 3) || !FastSubgroupCheckAvailable(); - - if (fullValidate && pass) - { - Integer gp = gpc ? gpc->Exponentiate(GetGroupPrecomputation(), q) : ExponentiateElement(g, q); - pass = pass && IsIdentity(gp); - } - else if (GetFieldType() == 1) - pass = pass && Jacobi(g, p) == 1; - } - - return pass; -} - -void DL_GroupParameters_IntegerBased::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - Integer p, q, g; - - if (alg.GetValue("Modulus", p) && alg.GetValue("SubgroupGenerator", g)) - { - q = alg.GetValueWithDefault("SubgroupOrder", ComputeGroupOrder(p)/2); - } - else - { - int modulusSize, subgroupOrderSize; - - if (!alg.GetIntValue("ModulusSize", modulusSize)) - modulusSize = alg.GetIntValueWithDefault("KeySize", 2048); - - if (!alg.GetIntValue("SubgroupOrderSize", subgroupOrderSize)) - subgroupOrderSize = GetDefaultSubgroupOrderSize(modulusSize); - - PrimeAndGenerator pg; - pg.Generate(GetFieldType() == 1 ? 1 : -1, rng, modulusSize, subgroupOrderSize); - p = pg.Prime(); - q = pg.SubPrime(); - g = pg.Generator(); - } - - Initialize(p, q, g); -} - -Integer DL_GroupParameters_IntegerBased::DecodeElement(const byte *encoded, bool checkForGroupMembership) const -{ - Integer g(encoded, GetModulus().ByteCount()); - if (!ValidateElement(1, g, NULL)) - throw DL_BadElement(); - return g; -} - -void DL_GroupParameters_IntegerBased::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder parameters(bt); - Integer p(parameters); - Integer q(parameters); - Integer g; - if (parameters.EndReached()) - { - g = q; - q = ComputeGroupOrder(p) / 2; - } - else - g.BERDecode(parameters); - parameters.MessageEnd(); - - SetModulusAndSubgroupGenerator(p, g); - SetSubgroupOrder(q); -} - -void DL_GroupParameters_IntegerBased::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder parameters(bt); - GetModulus().DEREncode(parameters); - m_q.DEREncode(parameters); - GetSubgroupGenerator().DEREncode(parameters); - parameters.MessageEnd(); -} - -bool DL_GroupParameters_IntegerBased::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper<DL_GroupParameters<Element> >(this, name, valueType, pValue) - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus); -} - -void DL_GroupParameters_IntegerBased::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY2(Modulus, SubgroupGenerator) - CRYPTOPP_SET_FUNCTION_ENTRY(SubgroupOrder) - ; -} - -OID DL_GroupParameters_IntegerBased::GetAlgorithmID() const -{ - return ASN1::id_dsa(); -} - -void DL_GroupParameters_GFP::SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const -{ - ModularArithmetic ma(GetModulus()); - ma.SimultaneousExponentiate(results, base, exponents, exponentsCount); -} - -DL_GroupParameters_GFP::Element DL_GroupParameters_GFP::MultiplyElements(const Element &a, const Element &b) const -{ - return a_times_b_mod_c(a, b, GetModulus()); -} - -DL_GroupParameters_GFP::Element DL_GroupParameters_GFP::CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const -{ - ModularArithmetic ma(GetModulus()); - return ma.CascadeExponentiate(element1, exponent1, element2, exponent2); -} - -Integer DL_GroupParameters_IntegerBased::GetMaxExponent() const -{ - return STDMIN(GetSubgroupOrder()-1, Integer::Power2(2*DiscreteLogWorkFactor(GetFieldType()*GetModulus().BitCount()))); -} - -unsigned int DL_GroupParameters_IntegerBased::GetDefaultSubgroupOrderSize(unsigned int modulusSize) const -{ - return 2*DiscreteLogWorkFactor(GetFieldType()*modulusSize); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/gfpcrypt.h b/cryptopp562/gfpcrypt.h deleted file mode 100644 index 7af993f..0000000 --- a/cryptopp562/gfpcrypt.h +++ /dev/null @@ -1,528 +0,0 @@ -#ifndef CRYPTOPP_GFPCRYPT_H -#define CRYPTOPP_GFPCRYPT_H - -/** \file - Implementation of schemes based on DL over GF(p) -*/ - -#include "pubkey.h" -#include "modexppc.h" -#include "sha.h" -#include "algparam.h" -#include "asn.h" -#include "smartptr.h" -#include "hmac.h" - -#include <limits.h> - -NAMESPACE_BEGIN(CryptoPP) - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters<Integer>; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBased : public ASN1CryptoMaterial<DL_GroupParameters<Integer> > -{ - typedef DL_GroupParameters_IntegerBased ThisClass; - -public: - void Initialize(const DL_GroupParameters_IntegerBased ¶ms) - {Initialize(params.GetModulus(), params.GetSubgroupOrder(), params.GetSubgroupGenerator());} - void Initialize(RandomNumberGenerator &rng, unsigned int pbits) - {GenerateRandom(rng, MakeParameters("ModulusSize", (int)pbits));} - void Initialize(const Integer &p, const Integer &g) - {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);} - void Initialize(const Integer &p, const Integer &q, const Integer &g) - {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);} - - // ASN1Object interface - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - // GeneratibleCryptoMaterial interface - /*! parameters: (ModulusSize, SubgroupOrderSize (optional)) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - // DL_GroupParameters - const Integer & GetSubgroupOrder() const {return m_q;} - Integer GetGroupOrder() const {return GetFieldType() == 1 ? GetModulus()-Integer::One() : GetModulus()+Integer::One();} - bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const; - bool ValidateElement(unsigned int level, const Integer &element, const DL_FixedBasePrecomputation<Integer> *precomp) const; - bool FastSubgroupCheckAvailable() const {return GetCofactor() == 2;} - void EncodeElement(bool reversible, const Element &element, byte *encoded) const - {element.Encode(encoded, GetModulus().ByteCount());} - unsigned int GetEncodedElementSize(bool reversible) const {return GetModulus().ByteCount();} - Integer DecodeElement(const byte *encoded, bool checkForGroupMembership) const; - Integer ConvertElementToInteger(const Element &element) const - {return element;} - Integer GetMaxExponent() const; - static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "";} - - OID GetAlgorithmID() const; - - virtual const Integer & GetModulus() const =0; - virtual void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) =0; - - void SetSubgroupOrder(const Integer &q) - {m_q = q; ParametersChanged();} - -protected: - Integer ComputeGroupOrder(const Integer &modulus) const - {return modulus-(GetFieldType() == 1 ? 1 : -1);} - - // GF(p) = 1, GF(p^2) = 2 - virtual int GetFieldType() const =0; - virtual unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const; - -private: - Integer m_q; -}; - -//! _ -template <class GROUP_PRECOMP, class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element> > -class CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBasedImpl : public DL_GroupParametersImpl<GROUP_PRECOMP, BASE_PRECOMP, DL_GroupParameters_IntegerBased> -{ - typedef DL_GroupParameters_IntegerBasedImpl<GROUP_PRECOMP, BASE_PRECOMP> ThisClass; - -public: - typedef typename GROUP_PRECOMP::Element Element; - - // GeneratibleCryptoMaterial interface - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - {return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable();} - - void AssignFrom(const NameValuePairs &source) - {AssignFromHelper<DL_GroupParameters_IntegerBased>(this, source);} - - // DL_GroupParameters - const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return this->m_gpc;} - DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return this->m_gpc;} - - // IntegerGroupParameters - const Integer & GetModulus() const {return this->m_groupPrecomputation.GetModulus();} - const Integer & GetGenerator() const {return this->m_gpc.GetBase(this->GetGroupPrecomputation());} - - void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) // these have to be set together - {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->GetGroupPrecomputation(), g); this->ParametersChanged();} - - // non-inherited - bool operator==(const DL_GroupParameters_IntegerBasedImpl<GROUP_PRECOMP, BASE_PRECOMP> &rhs) const - {return GetModulus() == rhs.GetModulus() && GetGenerator() == rhs.GetGenerator() && this->GetSubgroupOrder() == rhs.GetSubgroupOrder();} - bool operator!=(const DL_GroupParameters_IntegerBasedImpl<GROUP_PRECOMP, BASE_PRECOMP> &rhs) const - {return !operator==(rhs);} -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_IntegerBasedImpl<ModExpPrecomputation>; - -//! GF(p) group parameters -class CRYPTOPP_DLL DL_GroupParameters_GFP : public DL_GroupParameters_IntegerBasedImpl<ModExpPrecomputation> -{ -public: - // DL_GroupParameters - bool IsIdentity(const Integer &element) const {return element == Integer::One();} - void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; - - // NameValuePairs interface - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable(); - } - - // used by MQV - Element MultiplyElements(const Element &a, const Element &b) const; - Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const; - -protected: - int GetFieldType() const {return 1;} -}; - -//! GF(p) group parameters that default to same primes -class CRYPTOPP_DLL DL_GroupParameters_GFP_DefaultSafePrime : public DL_GroupParameters_GFP -{ -public: - typedef NoCofactorMultiplication DefaultCofactorOption; - -protected: - unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;} -}; - -//! GDSA algorithm -template <class T> -class DL_Algorithm_GDSA : public DL_ElgamalLikeSignatureAlgorithm<T> -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "DSA-1363";} - - void Sign(const DL_GroupParameters<T> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const - { - const Integer &q = params.GetSubgroupOrder(); - r %= q; - Integer kInv = k.InverseMod(q); - s = (kInv * (x*r + e)) % q; - assert(!!r && !!s); - } - - bool Verify(const DL_GroupParameters<T> ¶ms, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const - { - const Integer &q = params.GetSubgroupOrder(); - if (r>=q || r<1 || s>=q || s<1) - return false; - - Integer w = s.InverseMod(q); - Integer u1 = (e * w) % q; - Integer u2 = (r * w) % q; - // verify r == (g^u1 * y^u2 mod p) mod q - return r == params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(u1, u2)) % q; - } -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<Integer>; - -//! NR algorithm -template <class T> -class DL_Algorithm_NR : public DL_ElgamalLikeSignatureAlgorithm<T> -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "NR";} - - void Sign(const DL_GroupParameters<T> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const - { - const Integer &q = params.GetSubgroupOrder(); - r = (r + e) % q; - s = (k - x*r) % q; - assert(!!r); - } - - bool Verify(const DL_GroupParameters<T> ¶ms, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const - { - const Integer &q = params.GetSubgroupOrder(); - if (r>=q || r<1 || s>=q) - return false; - - // check r == (m_g^s * m_y^r + m) mod m_q - return r == (params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(s, r)) + e) % q; - } -}; - -/*! DSA public key format is defined in 7.3.3 of RFC 2459. The - private key format is defined in 12.9 of PKCS #11 v2.10. */ -template <class GP> -class DL_PublicKey_GFP : public DL_PublicKeyImpl<GP> -{ -public: - void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &y) - {this->AccessGroupParameters().Initialize(params); this->SetPublicElement(y);} - void Initialize(const Integer &p, const Integer &g, const Integer &y) - {this->AccessGroupParameters().Initialize(p, g); this->SetPublicElement(y);} - void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y) - {this->AccessGroupParameters().Initialize(p, q, g); this->SetPublicElement(y);} - - // X509PublicKey - void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t) - {this->SetPublicElement(Integer(bt));} - void DEREncodePublicKey(BufferedTransformation &bt) const - {this->GetPublicElement().DEREncode(bt);} -}; - -//! DL private key (in GF(p) groups) -template <class GP> -class DL_PrivateKey_GFP : public DL_PrivateKeyImpl<GP> -{ -public: - void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits) - {this->GenerateRandomWithKeySize(rng, modulusBits);} - void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g) - {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupGenerator", g));} - void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g) - {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupOrder", q)("SubgroupGenerator", g));} - void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &x) - {this->AccessGroupParameters().Initialize(params); this->SetPrivateExponent(x);} - void Initialize(const Integer &p, const Integer &g, const Integer &x) - {this->AccessGroupParameters().Initialize(p, g); this->SetPrivateExponent(x);} - void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x) - {this->AccessGroupParameters().Initialize(p, q, g); this->SetPrivateExponent(x);} -}; - -//! DL signing/verification keys (in GF(p) groups) -struct DL_SignatureKeys_GFP -{ - typedef DL_GroupParameters_GFP GroupParameters; - typedef DL_PublicKey_GFP<GroupParameters> PublicKey; - typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey; -}; - -//! DL encryption/decryption keys (in GF(p) groups) -struct DL_CryptoKeys_GFP -{ - typedef DL_GroupParameters_GFP_DefaultSafePrime GroupParameters; - typedef DL_PublicKey_GFP<GroupParameters> PublicKey; - typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey; -}; - -//! provided for backwards compatibility, this class uses the old non-standard Crypto++ key format -template <class BASE> -class DL_PublicKey_GFP_OldFormat : public BASE -{ -public: - void BERDecode(BufferedTransformation &bt) - { - BERSequenceDecoder seq(bt); - Integer v1(seq); - Integer v2(seq); - Integer v3(seq); - - if (seq.EndReached()) - { - this->AccessGroupParameters().Initialize(v1, v1/2, v2); - this->SetPublicElement(v3); - } - else - { - Integer v4(seq); - this->AccessGroupParameters().Initialize(v1, v2, v3); - this->SetPublicElement(v4); - } - - seq.MessageEnd(); - } - - void DEREncode(BufferedTransformation &bt) const - { - DERSequenceEncoder seq(bt); - this->GetGroupParameters().GetModulus().DEREncode(seq); - if (this->GetGroupParameters().GetCofactor() != 2) - this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq); - this->GetGroupParameters().GetGenerator().DEREncode(seq); - this->GetPublicElement().DEREncode(seq); - seq.MessageEnd(); - } -}; - -//! provided for backwards compatibility, this class uses the old non-standard Crypto++ key format -template <class BASE> -class DL_PrivateKey_GFP_OldFormat : public BASE -{ -public: - void BERDecode(BufferedTransformation &bt) - { - BERSequenceDecoder seq(bt); - Integer v1(seq); - Integer v2(seq); - Integer v3(seq); - Integer v4(seq); - - if (seq.EndReached()) - { - this->AccessGroupParameters().Initialize(v1, v1/2, v2); - this->SetPrivateExponent(v4 % (v1/2)); // some old keys may have x >= q - } - else - { - Integer v5(seq); - this->AccessGroupParameters().Initialize(v1, v2, v3); - this->SetPrivateExponent(v5); - } - - seq.MessageEnd(); - } - - void DEREncode(BufferedTransformation &bt) const - { - DERSequenceEncoder seq(bt); - this->GetGroupParameters().GetModulus().DEREncode(seq); - if (this->GetGroupParameters().GetCofactor() != 2) - this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq); - this->GetGroupParameters().GetGenerator().DEREncode(seq); - this->GetGroupParameters().ExponentiateBase(this->GetPrivateExponent()).DEREncode(seq); - this->GetPrivateExponent().DEREncode(seq); - seq.MessageEnd(); - } -}; - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#DSA-1363">DSA-1363</a> -template <class H> -struct GDSA : public DL_SS< - DL_SignatureKeys_GFP, - DL_Algorithm_GDSA<Integer>, - DL_SignatureMessageEncodingMethod_DSA, - H> -{ -}; - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#NR">NR</a> -template <class H> -struct NR : public DL_SS< - DL_SignatureKeys_GFP, - DL_Algorithm_NR<Integer>, - DL_SignatureMessageEncodingMethod_NR, - H> -{ -}; - -//! DSA group parameters, these are GF(p) group parameters that are allowed by the DSA standard -class CRYPTOPP_DLL DL_GroupParameters_DSA : public DL_GroupParameters_GFP -{ -public: - /*! also checks that the lengths of p and q are allowed by the DSA standard */ - bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const; - /*! parameters: (ModulusSize), or (Modulus, SubgroupOrder, SubgroupGenerator) */ - /*! ModulusSize must be between DSA::MIN_PRIME_LENGTH and DSA::MAX_PRIME_LENGTH, and divisible by DSA::PRIME_LENGTH_MULTIPLE */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - - static bool CRYPTOPP_API IsValidPrimeLength(unsigned int pbits) - {return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;} - - enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024}; -}; - -template <class H> -class DSA2; - -//! DSA keys -struct DL_Keys_DSA -{ - typedef DL_PublicKey_GFP<DL_GroupParameters_DSA> PublicKey; - typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, DSA2<SHA> > PrivateKey; -}; - -//! <a href="http://en.wikipedia.org/wiki/Digital_Signature_Algorithm">DSA</a>, as specified in FIPS 186-3 -// class named DSA2 instead of DSA for backwards compatibility (DSA was a non-template class) -template <class H> -class DSA2 : public DL_SS< - DL_Keys_DSA, - DL_Algorithm_GDSA<Integer>, - DL_SignatureMessageEncodingMethod_DSA, - H, - DSA2<H> > -{ -public: - static std::string CRYPTOPP_API StaticAlgorithmName() {return "DSA/" + (std::string)H::StaticAlgorithmName();} -}; - -//! DSA with SHA-1, typedef'd for backwards compatibility -typedef DSA2<SHA> DSA; - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_GFP<DL_GroupParameters_DSA>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_GFP<DL_GroupParameters_DSA>; -CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, DSA2<SHA> >; - -//! the XOR encryption method, for use with DL-based cryptosystems -template <class MAC, bool DHAES_MODE> -class DL_EncryptionAlgorithm_Xor : public DL_SymmetricEncryptionAlgorithm -{ -public: - bool ParameterSupported(const char *name) const {return strcmp(name, Name::EncodingParameters()) == 0;} - size_t GetSymmetricKeyLength(size_t plaintextLength) const - {return plaintextLength + MAC::DEFAULT_KEYLENGTH;} - size_t GetSymmetricCiphertextLength(size_t plaintextLength) const - {return plaintextLength + MAC::DIGESTSIZE;} - size_t GetMaxSymmetricPlaintextLength(size_t ciphertextLength) const - {return (unsigned int)SaturatingSubtract(ciphertextLength, (unsigned int)MAC::DIGESTSIZE);} - void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters) const - { - const byte *cipherKey, *macKey; - if (DHAES_MODE) - { - macKey = key; - cipherKey = key + MAC::DEFAULT_KEYLENGTH; - } - else - { - cipherKey = key; - macKey = key + plaintextLength; - } - - ConstByteArrayParameter encodingParameters; - parameters.GetValue(Name::EncodingParameters(), encodingParameters); - - xorbuf(ciphertext, plaintext, cipherKey, plaintextLength); - MAC mac(macKey); - mac.Update(ciphertext, plaintextLength); - mac.Update(encodingParameters.begin(), encodingParameters.size()); - if (DHAES_MODE) - { - byte L[8] = {0,0,0,0}; - PutWord(false, BIG_ENDIAN_ORDER, L+4, word32(encodingParameters.size())); - mac.Update(L, 8); - } - mac.Final(ciphertext + plaintextLength); - } - DecodingResult SymmetricDecrypt(const byte *key, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const - { - size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength); - const byte *cipherKey, *macKey; - if (DHAES_MODE) - { - macKey = key; - cipherKey = key + MAC::DEFAULT_KEYLENGTH; - } - else - { - cipherKey = key; - macKey = key + plaintextLength; - } - - ConstByteArrayParameter encodingParameters; - parameters.GetValue(Name::EncodingParameters(), encodingParameters); - - MAC mac(macKey); - mac.Update(ciphertext, plaintextLength); - mac.Update(encodingParameters.begin(), encodingParameters.size()); - if (DHAES_MODE) - { - byte L[8] = {0,0,0,0}; - PutWord(false, BIG_ENDIAN_ORDER, L+4, word32(encodingParameters.size())); - mac.Update(L, 8); - } - if (!mac.Verify(ciphertext + plaintextLength)) - return DecodingResult(); - - xorbuf(plaintext, ciphertext, cipherKey, plaintextLength); - return DecodingResult(plaintextLength); - } -}; - -//! _ -template <class T, bool DHAES_MODE, class KDF> -class DL_KeyDerivationAlgorithm_P1363 : public DL_KeyDerivationAlgorithm<T> -{ -public: - bool ParameterSupported(const char *name) const {return strcmp(name, Name::KeyDerivationParameters()) == 0;} - void Derive(const DL_GroupParameters<T> ¶ms, byte *derivedKey, size_t derivedLength, const T &agreedElement, const T &ephemeralPublicKey, const NameValuePairs ¶meters) const - { - SecByteBlock agreedSecret; - if (DHAES_MODE) - { - agreedSecret.New(params.GetEncodedElementSize(true) + params.GetEncodedElementSize(false)); - params.EncodeElement(true, ephemeralPublicKey, agreedSecret); - params.EncodeElement(false, agreedElement, agreedSecret + params.GetEncodedElementSize(true)); - } - else - { - agreedSecret.New(params.GetEncodedElementSize(false)); - params.EncodeElement(false, agreedElement, agreedSecret); - } - - ConstByteArrayParameter derivationParameters; - parameters.GetValue(Name::KeyDerivationParameters(), derivationParameters); - KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.size(), derivationParameters.begin(), derivationParameters.size()); - } -}; - -//! Discrete Log Integrated Encryption Scheme, AKA <a href="http://www.weidai.com/scan-mirror/ca.html#DLIES">DLIES</a> -template <class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true> -struct DLIES - : public DL_ES< - DL_CryptoKeys_GFP, - DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>, - DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<SHA1> >, - DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>, - DLIES<> > -{ - static std::string CRYPTOPP_API StaticAlgorithmName() {return "DLIES";} // TODO: fix this after name is standardized -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/gost.cpp b/cryptopp562/gost.cpp deleted file mode 100644 index bbd8297..0000000 --- a/cryptopp562/gost.cpp +++ /dev/null @@ -1,123 +0,0 @@ -#include "pch.h" -#include "gost.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -// these are the S-boxes given in Applied Cryptography 2nd Ed., p. 333 -const byte GOST::Base::sBox[8][16]={ - {4, 10, 9, 2, 13, 8, 0, 14, 6, 11, 1, 12, 7, 15, 5, 3}, - {14, 11, 4, 12, 6, 13, 15, 10, 2, 3, 8, 1, 0, 7, 5, 9}, - {5, 8, 1, 13, 10, 3, 4, 2, 14, 15, 12, 7, 6, 0, 9, 11}, - {7, 13, 10, 1, 0, 8, 9, 15, 14, 4, 6, 12, 11, 2, 5, 3}, - {6, 12, 7, 1, 5, 15, 13, 8, 4, 10, 9, 14, 0, 3, 11, 2}, - {4, 11, 10, 0, 7, 2, 1, 13, 3, 6, 8, 5, 9, 12, 15, 14}, - {13, 11, 4, 1, 3, 15, 5, 9, 0, 10, 14, 7, 6, 8, 2, 12}, - {1, 15, 13, 0, 5, 7, 10, 4, 9, 2, 3, 14, 6, 11, 8, 12}}; - -/* // these are the S-boxes given in the GOST source code listing in Applied - // Cryptography 2nd Ed., p. 644. they appear to be from the DES S-boxes - {13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 }, - { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 }, - {12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 }, - { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 }, - { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 }, - {10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 }, - {15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 }, - {14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 }}; -*/ - -volatile bool GOST::Base::sTableCalculated = false; -word32 GOST::Base::sTable[4][256]; - -void GOST::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - PrecalculateSTable(); - - GetUserKey(LITTLE_ENDIAN_ORDER, key.begin(), 8, userKey, KEYLENGTH); -} - -void GOST::Base::PrecalculateSTable() -{ - if (!sTableCalculated) - { - for (unsigned i = 0; i < 4; i++) - for (unsigned j = 0; j < 256; j++) - { - word32 temp = sBox[2*i][j%16] | (sBox[2*i+1][j/16] << 4); - sTable[i][j] = rotlMod(temp, 11+8*i); - } - - sTableCalculated=true; - } -} - -#define f(x) ( t=x, \ - sTable[3][GETBYTE(t, 3)] ^ sTable[2][GETBYTE(t, 2)] \ - ^ sTable[1][GETBYTE(t, 1)] ^ sTable[0][GETBYTE(t, 0)] ) - -typedef BlockGetAndPut<word32, LittleEndian> Block; - -void GOST::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 n1, n2, t; - - Block::Get(inBlock)(n1)(n2); - - for (unsigned int i=0; i<3; i++) - { - n2 ^= f(n1+key[0]); - n1 ^= f(n2+key[1]); - n2 ^= f(n1+key[2]); - n1 ^= f(n2+key[3]); - n2 ^= f(n1+key[4]); - n1 ^= f(n2+key[5]); - n2 ^= f(n1+key[6]); - n1 ^= f(n2+key[7]); - } - - n2 ^= f(n1+key[7]); - n1 ^= f(n2+key[6]); - n2 ^= f(n1+key[5]); - n1 ^= f(n2+key[4]); - n2 ^= f(n1+key[3]); - n1 ^= f(n2+key[2]); - n2 ^= f(n1+key[1]); - n1 ^= f(n2+key[0]); - - Block::Put(xorBlock, outBlock)(n2)(n1); -} - -void GOST::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 n1, n2, t; - - Block::Get(inBlock)(n1)(n2); - - n2 ^= f(n1+key[0]); - n1 ^= f(n2+key[1]); - n2 ^= f(n1+key[2]); - n1 ^= f(n2+key[3]); - n2 ^= f(n1+key[4]); - n1 ^= f(n2+key[5]); - n2 ^= f(n1+key[6]); - n1 ^= f(n2+key[7]); - - for (unsigned int i=0; i<3; i++) - { - n2 ^= f(n1+key[7]); - n1 ^= f(n2+key[6]); - n2 ^= f(n1+key[5]); - n1 ^= f(n2+key[4]); - n2 ^= f(n1+key[3]); - n1 ^= f(n2+key[2]); - n2 ^= f(n1+key[1]); - n1 ^= f(n2+key[0]); - } - - Block::Put(xorBlock, outBlock)(n2)(n1); -} - -NAMESPACE_END diff --git a/cryptopp562/gost.h b/cryptopp562/gost.h deleted file mode 100644 index e6fe469..0000000 --- a/cryptopp562/gost.h +++ /dev/null @@ -1,58 +0,0 @@ -#ifndef CRYPTOPP_GOST_H -#define CRYPTOPP_GOST_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct GOST_Info : public FixedBlockSize<8>, public FixedKeyLength<32> -{ - static const char *StaticAlgorithmName() {return "GOST";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#GOST">GOST</a> -class GOST : public GOST_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<GOST_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - static void PrecalculateSTable(); - - static const byte sBox[8][16]; - static volatile bool sTableCalculated; - static word32 sTable[4][256]; - - FixedSizeSecBlock<word32, 8> key; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef GOST::Encryption GOSTEncryption; -typedef GOST::Decryption GOSTDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/gzip.cpp b/cryptopp562/gzip.cpp deleted file mode 100644 index 09e420a..0000000 --- a/cryptopp562/gzip.cpp +++ /dev/null @@ -1,99 +0,0 @@ -// gzip.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "gzip.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Gzip::WritePrestreamHeader() -{ - m_totalLen = 0; - m_crc.Restart(); - - AttachedTransformation()->Put(MAGIC1); - AttachedTransformation()->Put(MAGIC2); - AttachedTransformation()->Put(DEFLATED); - AttachedTransformation()->Put(0); // general flag - AttachedTransformation()->PutWord32(0); // time stamp - byte extra = (GetDeflateLevel() == 1) ? FAST : ((GetDeflateLevel() == 9) ? SLOW : 0); - AttachedTransformation()->Put(extra); - AttachedTransformation()->Put(GZIP_OS_CODE); -} - -void Gzip::ProcessUncompressedData(const byte *inString, size_t length) -{ - m_crc.Update(inString, length); - m_totalLen += (word32)length; -} - -void Gzip::WritePoststreamTail() -{ - SecByteBlock crc(4); - m_crc.Final(crc); - AttachedTransformation()->Put(crc, 4); - AttachedTransformation()->PutWord32(m_totalLen, LITTLE_ENDIAN_ORDER); -} - -// ************************************************************* - -Gunzip::Gunzip(BufferedTransformation *attachment, bool repeat, int propagation) - : Inflator(attachment, repeat, propagation) -{ -} - -void Gunzip::ProcessPrestreamHeader() -{ - m_length = 0; - m_crc.Restart(); - - byte buf[6]; - byte b, flags; - - if (m_inQueue.Get(buf, 2)!=2) throw HeaderErr(); - if (buf[0] != MAGIC1 || buf[1] != MAGIC2) throw HeaderErr(); - if (!m_inQueue.Skip(1)) throw HeaderErr(); // skip extra flags - if (!m_inQueue.Get(flags)) throw HeaderErr(); - if (flags & (ENCRYPTED | CONTINUED)) throw HeaderErr(); - if (m_inQueue.Skip(6)!=6) throw HeaderErr(); // Skip file time, extra flags and OS type - - if (flags & EXTRA_FIELDS) // skip extra fields - { - word16 length; - if (m_inQueue.GetWord16(length, LITTLE_ENDIAN_ORDER) != 2) throw HeaderErr(); - if (m_inQueue.Skip(length)!=length) throw HeaderErr(); - } - - if (flags & FILENAME) // skip filename - do - if(!m_inQueue.Get(b)) throw HeaderErr(); - while (b); - - if (flags & COMMENTS) // skip comments - do - if(!m_inQueue.Get(b)) throw HeaderErr(); - while (b); -} - -void Gunzip::ProcessDecompressedData(const byte *inString, size_t length) -{ - AttachedTransformation()->Put(inString, length); - m_crc.Update(inString, length); - m_length += (word32)length; -} - -void Gunzip::ProcessPoststreamTail() -{ - SecByteBlock crc(4); - if (m_inQueue.Get(crc, 4) != 4) - throw TailErr(); - if (!m_crc.Verify(crc)) - throw CrcErr(); - - word32 lengthCheck; - if (m_inQueue.GetWord32(lengthCheck, LITTLE_ENDIAN_ORDER) != 4) - throw TailErr(); - if (lengthCheck != m_length) - throw LengthErr(); -} - -NAMESPACE_END diff --git a/cryptopp562/gzip.h b/cryptopp562/gzip.h deleted file mode 100644 index f3148ad..0000000 --- a/cryptopp562/gzip.h +++ /dev/null @@ -1,65 +0,0 @@ -#ifndef CRYPTOPP_GZIP_H -#define CRYPTOPP_GZIP_H - -#include "zdeflate.h" -#include "zinflate.h" -#include "crc.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// GZIP Compression (RFC 1952) -class Gzip : public Deflator -{ -public: - Gzip(BufferedTransformation *attachment=NULL, unsigned int deflateLevel=DEFAULT_DEFLATE_LEVEL, unsigned int log2WindowSize=DEFAULT_LOG2_WINDOW_SIZE, bool detectUncompressible=true) - : Deflator(attachment, deflateLevel, log2WindowSize, detectUncompressible) {} - Gzip(const NameValuePairs ¶meters, BufferedTransformation *attachment=NULL) - : Deflator(parameters, attachment) {} - -protected: - enum {MAGIC1=0x1f, MAGIC2=0x8b, // flags for the header - DEFLATED=8, FAST=4, SLOW=2}; - - void WritePrestreamHeader(); - void ProcessUncompressedData(const byte *string, size_t length); - void WritePoststreamTail(); - - word32 m_totalLen; - CRC32 m_crc; -}; - -/// GZIP Decompression (RFC 1952) -class Gunzip : public Inflator -{ -public: - typedef Inflator::Err Err; - class HeaderErr : public Err {public: HeaderErr() : Err(INVALID_DATA_FORMAT, "Gunzip: header decoding error") {}}; - class TailErr : public Err {public: TailErr() : Err(INVALID_DATA_FORMAT, "Gunzip: tail too short") {}}; - class CrcErr : public Err {public: CrcErr() : Err(DATA_INTEGRITY_CHECK_FAILED, "Gunzip: CRC check error") {}}; - class LengthErr : public Err {public: LengthErr() : Err(DATA_INTEGRITY_CHECK_FAILED, "Gunzip: length check error") {}}; - - /*! \param repeat decompress multiple compressed streams in series - \param autoSignalPropagation 0 to turn off MessageEnd signal - */ - Gunzip(BufferedTransformation *attachment = NULL, bool repeat = false, int autoSignalPropagation = -1); - -protected: - enum {MAGIC1=0x1f, MAGIC2=0x8b, // flags for the header - DEFLATED=8}; - - enum FLAG_MASKS { - CONTINUED=2, EXTRA_FIELDS=4, FILENAME=8, COMMENTS=16, ENCRYPTED=32}; - - unsigned int MaxPrestreamHeaderSize() const {return 1024;} - void ProcessPrestreamHeader(); - void ProcessDecompressedData(const byte *string, size_t length); - unsigned int MaxPoststreamTailSize() const {return 8;} - void ProcessPoststreamTail(); - - word32 m_length; - CRC32 m_crc; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/hex.cpp b/cryptopp562/hex.cpp deleted file mode 100644 index 5731df5..0000000 --- a/cryptopp562/hex.cpp +++ /dev/null @@ -1,44 +0,0 @@ -// hex.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "hex.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const byte s_vecUpper[] = "0123456789ABCDEF"; -static const byte s_vecLower[] = "0123456789abcdef"; - -void HexEncoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - bool uppercase = parameters.GetValueWithDefault(Name::Uppercase(), true); - m_filter->Initialize(CombinedNameValuePairs( - parameters, - MakeParameters(Name::EncodingLookupArray(), uppercase ? &s_vecUpper[0] : &s_vecLower[0], false)(Name::Log2Base(), 4, true))); -} - -void HexDecoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - BaseN_Decoder::IsolatedInitialize(CombinedNameValuePairs( - parameters, - MakeParameters(Name::DecodingLookupArray(), GetDefaultDecodingLookupArray(), false)(Name::Log2Base(), 4, true))); -} - -const int *HexDecoder::GetDefaultDecodingLookupArray() -{ - static volatile bool s_initialized = false; - static int s_array[256]; - - if (!s_initialized) - { - InitializeDecodingLookupArray(s_array, s_vecUpper, 16, true); - s_initialized = true; - } - return s_array; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/hex.h b/cryptopp562/hex.h deleted file mode 100644 index 006914c..0000000 --- a/cryptopp562/hex.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef CRYPTOPP_HEX_H -#define CRYPTOPP_HEX_H - -#include "basecode.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Converts given data to base 16 -class CRYPTOPP_DLL HexEncoder : public SimpleProxyFilter -{ -public: - HexEncoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int outputGroupSize = 0, const std::string &separator = ":", const std::string &terminator = "") - : SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment) - { - IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), outputGroupSize)(Name::Separator(), ConstByteArrayParameter(separator))(Name::Terminator(), ConstByteArrayParameter(terminator))); - } - - void IsolatedInitialize(const NameValuePairs ¶meters); -}; - -//! Decode base 16 data back to bytes -class CRYPTOPP_DLL HexDecoder : public BaseN_Decoder -{ -public: - HexDecoder(BufferedTransformation *attachment = NULL) - : BaseN_Decoder(GetDefaultDecodingLookupArray(), 4, attachment) {} - - void IsolatedInitialize(const NameValuePairs ¶meters); - -private: - static const int * CRYPTOPP_API GetDefaultDecodingLookupArray(); -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/hmac.cpp b/cryptopp562/hmac.cpp deleted file mode 100644 index d4a649c..0000000 --- a/cryptopp562/hmac.cpp +++ /dev/null @@ -1,86 +0,0 @@ -// hmac.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "hmac.h" - -NAMESPACE_BEGIN(CryptoPP) - -void HMAC_Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &) -{ - AssertValidKeyLength(keylength); - - Restart(); - - HashTransformation &hash = AccessHash(); - unsigned int blockSize = hash.BlockSize(); - - if (!blockSize) - throw InvalidArgument("HMAC: can only be used with a block-based hash function"); - - m_buf.resize(2*AccessHash().BlockSize() + AccessHash().DigestSize()); - - if (keylength <= blockSize) - memcpy(AccessIpad(), userKey, keylength); - else - { - AccessHash().CalculateDigest(AccessIpad(), userKey, keylength); - keylength = hash.DigestSize(); - } - - assert(keylength <= blockSize); - memset(AccessIpad()+keylength, 0, blockSize-keylength); - - for (unsigned int i=0; i<blockSize; i++) - { - AccessOpad()[i] = AccessIpad()[i] ^ 0x5c; - AccessIpad()[i] ^= 0x36; - } -} - -void HMAC_Base::KeyInnerHash() -{ - assert(!m_innerHashKeyed); - HashTransformation &hash = AccessHash(); - hash.Update(AccessIpad(), hash.BlockSize()); - m_innerHashKeyed = true; -} - -void HMAC_Base::Restart() -{ - if (m_innerHashKeyed) - { - AccessHash().Restart(); - m_innerHashKeyed = false; - } -} - -void HMAC_Base::Update(const byte *input, size_t length) -{ - if (!m_innerHashKeyed) - KeyInnerHash(); - AccessHash().Update(input, length); -} - -void HMAC_Base::TruncatedFinal(byte *mac, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - HashTransformation &hash = AccessHash(); - - if (!m_innerHashKeyed) - KeyInnerHash(); - hash.Final(AccessInnerHash()); - - hash.Update(AccessOpad(), hash.BlockSize()); - hash.Update(AccessInnerHash(), hash.DigestSize()); - hash.TruncatedFinal(mac, size); - - m_innerHashKeyed = false; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/hmac.h b/cryptopp562/hmac.h deleted file mode 100644 index 62db5ef..0000000 --- a/cryptopp562/hmac.h +++ /dev/null @@ -1,61 +0,0 @@ -// hmac.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_HMAC_H -#define CRYPTOPP_HMAC_H - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE HMAC_Base : public VariableKeyLength<16, 0, INT_MAX>, public MessageAuthenticationCode -{ -public: - HMAC_Base() : m_innerHashKeyed(false) {} - void UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms); - - void Restart(); - void Update(const byte *input, size_t length); - void TruncatedFinal(byte *mac, size_t size); - unsigned int OptimalBlockSize() const {return const_cast<HMAC_Base*>(this)->AccessHash().OptimalBlockSize();} - unsigned int DigestSize() const {return const_cast<HMAC_Base*>(this)->AccessHash().DigestSize();} - -protected: - virtual HashTransformation & AccessHash() =0; - byte * AccessIpad() {return m_buf;} - byte * AccessOpad() {return m_buf + AccessHash().BlockSize();} - byte * AccessInnerHash() {return m_buf + 2*AccessHash().BlockSize();} - -private: - void KeyInnerHash(); - - SecByteBlock m_buf; - bool m_innerHashKeyed; -}; - -//! <a href="http://www.weidai.com/scan-mirror/mac.html#HMAC">HMAC</a> -/*! HMAC(K, text) = H(K XOR opad, H(K XOR ipad, text)) */ -template <class T> -class HMAC : public MessageAuthenticationCodeImpl<HMAC_Base, HMAC<T> > -{ -public: - CRYPTOPP_CONSTANT(DIGESTSIZE=T::DIGESTSIZE) - CRYPTOPP_CONSTANT(BLOCKSIZE=T::BLOCKSIZE) - - HMAC() {} - HMAC(const byte *key, size_t length=HMAC_Base::DEFAULT_KEYLENGTH) - {this->SetKey(key, length);} - - static std::string StaticAlgorithmName() {return std::string("HMAC(") + T::StaticAlgorithmName() + ")";} - std::string AlgorithmName() const {return std::string("HMAC(") + m_hash.AlgorithmName() + ")";} - -private: - HashTransformation & AccessHash() {return m_hash;} - - T m_hash; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/hrtimer.cpp b/cryptopp562/hrtimer.cpp deleted file mode 100644 index 906ec4a..0000000 --- a/cryptopp562/hrtimer.cpp +++ /dev/null @@ -1,139 +0,0 @@ -// hrtimer.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "hrtimer.h" -#include "misc.h" -#include <stddef.h> // for NULL -#include <time.h> - -#if defined(CRYPTOPP_WIN32_AVAILABLE) -#include <windows.h> -#elif defined(CRYPTOPP_UNIX_AVAILABLE) -#include <sys/time.h> -#include <sys/times.h> -#include <unistd.h> -#endif - -#include <assert.h> - -NAMESPACE_BEGIN(CryptoPP) - -#ifndef CRYPTOPP_IMPORTS - -double TimerBase::ConvertTo(TimerWord t, Unit unit) -{ - static unsigned long unitsPerSecondTable[] = {1, 1000, 1000*1000, 1000*1000*1000}; - - assert(unit < sizeof(unitsPerSecondTable) / sizeof(unitsPerSecondTable[0])); - return (double)CRYPTOPP_VC6_INT64 t * unitsPerSecondTable[unit] / CRYPTOPP_VC6_INT64 TicksPerSecond(); -} - -void TimerBase::StartTimer() -{ - m_last = m_start = GetCurrentTimerValue(); - m_started = true; -} - -double TimerBase::ElapsedTimeAsDouble() -{ - if (m_stuckAtZero) - return 0; - - if (m_started) - { - TimerWord now = GetCurrentTimerValue(); - if (m_last < now) // protect against OS bugs where time goes backwards - m_last = now; - return ConvertTo(m_last - m_start, m_timerUnit); - } - - StartTimer(); - return 0; -} - -unsigned long TimerBase::ElapsedTime() -{ - double elapsed = ElapsedTimeAsDouble(); - assert(elapsed <= ULONG_MAX); - return (unsigned long)elapsed; -} - -TimerWord Timer::GetCurrentTimerValue() -{ -#if defined(CRYPTOPP_WIN32_AVAILABLE) - LARGE_INTEGER now; - if (!QueryPerformanceCounter(&now)) - throw Exception(Exception::OTHER_ERROR, "Timer: QueryPerformanceCounter failed with error " + IntToString(GetLastError())); - return now.QuadPart; -#elif defined(CRYPTOPP_UNIX_AVAILABLE) - timeval now; - gettimeofday(&now, NULL); - return (TimerWord)now.tv_sec * 1000000 + now.tv_usec; -#else - clock_t now; - return clock(); -#endif -} - -TimerWord Timer::TicksPerSecond() -{ -#if defined(CRYPTOPP_WIN32_AVAILABLE) - static LARGE_INTEGER freq = {0}; - if (freq.QuadPart == 0) - { - if (!QueryPerformanceFrequency(&freq)) - throw Exception(Exception::OTHER_ERROR, "Timer: QueryPerformanceFrequency failed with error " + IntToString(GetLastError())); - } - return freq.QuadPart; -#elif defined(CRYPTOPP_UNIX_AVAILABLE) - return 1000000; -#else - return CLOCKS_PER_SEC; -#endif -} - -#endif // #ifndef CRYPTOPP_IMPORTS - -TimerWord ThreadUserTimer::GetCurrentTimerValue() -{ -#if defined(CRYPTOPP_WIN32_AVAILABLE) - static bool getCurrentThreadImplemented = true; - if (getCurrentThreadImplemented) - { - FILETIME now, ignored; - if (!GetThreadTimes(GetCurrentThread(), &ignored, &ignored, &ignored, &now)) - { - DWORD lastError = GetLastError(); - if (lastError == ERROR_CALL_NOT_IMPLEMENTED) - { - getCurrentThreadImplemented = false; - goto GetCurrentThreadNotImplemented; - } - throw Exception(Exception::OTHER_ERROR, "ThreadUserTimer: GetThreadTimes failed with error " + IntToString(lastError)); - } - return now.dwLowDateTime + ((TimerWord)now.dwHighDateTime << 32); - } -GetCurrentThreadNotImplemented: - return (TimerWord)clock() * (10*1000*1000 / CLOCKS_PER_SEC); -#elif defined(CRYPTOPP_UNIX_AVAILABLE) - tms now; - times(&now); - return now.tms_utime; -#else - return clock(); -#endif -} - -TimerWord ThreadUserTimer::TicksPerSecond() -{ -#if defined(CRYPTOPP_WIN32_AVAILABLE) - return 10*1000*1000; -#elif defined(CRYPTOPP_UNIX_AVAILABLE) - static const long ticksPerSecond = sysconf(_SC_CLK_TCK); - return ticksPerSecond; -#else - return CLOCKS_PER_SEC; -#endif -} - -NAMESPACE_END diff --git a/cryptopp562/hrtimer.h b/cryptopp562/hrtimer.h deleted file mode 100644 index 858dbd2..0000000 --- a/cryptopp562/hrtimer.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifndef CRYPTOPP_HRTIMER_H -#define CRYPTOPP_HRTIMER_H - -#include "config.h" -#ifndef HIGHRES_TIMER_AVAILABLE -#include <time.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef HIGHRES_TIMER_AVAILABLE - typedef word64 TimerWord; -#else - typedef clock_t TimerWord; -#endif - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TimerBase -{ -public: - enum Unit {SECONDS = 0, MILLISECONDS, MICROSECONDS, NANOSECONDS}; - TimerBase(Unit unit, bool stuckAtZero) : m_timerUnit(unit), m_stuckAtZero(stuckAtZero), m_started(false) {} - - virtual TimerWord GetCurrentTimerValue() =0; // GetCurrentTime is a macro in MSVC 6.0 - virtual TimerWord TicksPerSecond() =0; // this is not the resolution, just a conversion factor into seconds - - void StartTimer(); - double ElapsedTimeAsDouble(); - unsigned long ElapsedTime(); - -private: - double ConvertTo(TimerWord t, Unit unit); - - Unit m_timerUnit; // HPUX workaround: m_unit is a system macro on HPUX - bool m_stuckAtZero, m_started; - TimerWord m_start, m_last; -}; - -//! measure CPU time spent executing instructions of this thread (if supported by OS) -/*! /note This only works correctly on Windows NT or later. On Unix it reports process time, and others wall clock time. -*/ -class ThreadUserTimer : public TimerBase -{ -public: - ThreadUserTimer(Unit unit = TimerBase::SECONDS, bool stuckAtZero = false) : TimerBase(unit, stuckAtZero) {} - TimerWord GetCurrentTimerValue(); - TimerWord TicksPerSecond(); -}; - -//! high resolution timer -class CRYPTOPP_DLL Timer : public TimerBase -{ -public: - Timer(Unit unit = TimerBase::SECONDS, bool stuckAtZero = false) : TimerBase(unit, stuckAtZero) {} - TimerWord GetCurrentTimerValue(); - TimerWord TicksPerSecond(); -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ida.cpp b/cryptopp562/ida.cpp deleted file mode 100644 index 5cb43b2..0000000 --- a/cryptopp562/ida.cpp +++ /dev/null @@ -1,421 +0,0 @@ -// ida.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "ida.h" - -#include "algebra.h" -#include "gf2_32.h" -#include "polynomi.h" -#include <functional> - -#include "polynomi.cpp" - -ANONYMOUS_NAMESPACE_BEGIN -static const CryptoPP::GF2_32 field; -NAMESPACE_END - -using namespace std; - -NAMESPACE_BEGIN(CryptoPP) - -void RawIDA::IsolatedInitialize(const NameValuePairs ¶meters) -{ - if (!parameters.GetIntValue("RecoveryThreshold", m_threshold)) - throw InvalidArgument("RawIDA: missing RecoveryThreshold argument"); - - if (m_threshold <= 0) - throw InvalidArgument("RawIDA: RecoveryThreshold must be greater than 0"); - - m_lastMapPosition = m_inputChannelMap.end(); - m_channelsReady = 0; - m_channelsFinished = 0; - m_w.New(m_threshold); - m_y.New(m_threshold); - m_inputQueues.reserve(m_threshold); - - m_outputChannelIds.clear(); - m_outputChannelIdStrings.clear(); - m_outputQueues.clear(); - - word32 outputChannelID; - if (parameters.GetValue("OutputChannelID", outputChannelID)) - AddOutputChannel(outputChannelID); - else - { - int nShares = parameters.GetIntValueWithDefault("NumberOfShares", m_threshold); - for (int i=0; i<nShares; i++) - AddOutputChannel(i); - } -} - -unsigned int RawIDA::InsertInputChannel(word32 channelId) -{ - if (m_lastMapPosition != m_inputChannelMap.end()) - { - if (m_lastMapPosition->first == channelId) - goto skipFind; - ++m_lastMapPosition; - if (m_lastMapPosition != m_inputChannelMap.end() && m_lastMapPosition->first == channelId) - goto skipFind; - } - m_lastMapPosition = m_inputChannelMap.find(channelId); - -skipFind: - if (m_lastMapPosition == m_inputChannelMap.end()) - { - if (m_inputChannelIds.size() == m_threshold) - return m_threshold; - - m_lastMapPosition = m_inputChannelMap.insert(InputChannelMap::value_type(channelId, (unsigned int)m_inputChannelIds.size())).first; - m_inputQueues.push_back(MessageQueue()); - m_inputChannelIds.push_back(channelId); - - if (m_inputChannelIds.size() == m_threshold) - PrepareInterpolation(); - } - return m_lastMapPosition->second; -} - -unsigned int RawIDA::LookupInputChannel(word32 channelId) const -{ - map<word32, unsigned int>::const_iterator it = m_inputChannelMap.find(channelId); - if (it == m_inputChannelMap.end()) - return m_threshold; - else - return it->second; -} - -void RawIDA::ChannelData(word32 channelId, const byte *inString, size_t length, bool messageEnd) -{ - int i = InsertInputChannel(channelId); - if (i < m_threshold) - { - lword size = m_inputQueues[i].MaxRetrievable(); - m_inputQueues[i].Put(inString, length); - if (size < 4 && size + length >= 4) - { - m_channelsReady++; - if (m_channelsReady == m_threshold) - ProcessInputQueues(); - } - - if (messageEnd) - { - m_inputQueues[i].MessageEnd(); - if (m_inputQueues[i].NumberOfMessages() == 1) - { - m_channelsFinished++; - if (m_channelsFinished == m_threshold) - { - m_channelsReady = 0; - for (i=0; i<m_threshold; i++) - m_channelsReady += m_inputQueues[i].AnyRetrievable(); - ProcessInputQueues(); - } - } - } - } -} - -lword RawIDA::InputBuffered(word32 channelId) const -{ - int i = LookupInputChannel(channelId); - return i < m_threshold ? m_inputQueues[i].MaxRetrievable() : 0; -} - -void RawIDA::ComputeV(unsigned int i) -{ - if (i >= m_v.size()) - { - m_v.resize(i+1); - m_outputToInput.resize(i+1); - } - - m_outputToInput[i] = LookupInputChannel(m_outputChannelIds[i]); - if (m_outputToInput[i] == m_threshold && i * m_threshold <= 1000*1000) - { - m_v[i].resize(m_threshold); - PrepareBulkPolynomialInterpolationAt(field, m_v[i].begin(), m_outputChannelIds[i], &(m_inputChannelIds[0]), m_w.begin(), m_threshold); - } -} - -void RawIDA::AddOutputChannel(word32 channelId) -{ - m_outputChannelIds.push_back(channelId); - m_outputChannelIdStrings.push_back(WordToString(channelId)); - m_outputQueues.push_back(ByteQueue()); - if (m_inputChannelIds.size() == m_threshold) - ComputeV((unsigned int)m_outputChannelIds.size() - 1); -} - -void RawIDA::PrepareInterpolation() -{ - assert(m_inputChannelIds.size() == m_threshold); - PrepareBulkPolynomialInterpolation(field, m_w.begin(), &(m_inputChannelIds[0]), m_threshold); - for (unsigned int i=0; i<m_outputChannelIds.size(); i++) - ComputeV(i); -} - -void RawIDA::ProcessInputQueues() -{ - bool finished = (m_channelsFinished == m_threshold); - int i; - - while (finished ? m_channelsReady > 0 : m_channelsReady == m_threshold) - { - m_channelsReady = 0; - for (i=0; i<m_threshold; i++) - { - MessageQueue &queue = m_inputQueues[i]; - queue.GetWord32(m_y[i]); - - if (finished) - m_channelsReady += queue.AnyRetrievable(); - else - m_channelsReady += queue.NumberOfMessages() > 0 || queue.MaxRetrievable() >= 4; - } - - for (i=0; (unsigned int)i<m_outputChannelIds.size(); i++) - { - if (m_outputToInput[i] != m_threshold) - m_outputQueues[i].PutWord32(m_y[m_outputToInput[i]]); - else if (m_v[i].size() == m_threshold) - m_outputQueues[i].PutWord32(BulkPolynomialInterpolateAt(field, m_y.begin(), m_v[i].begin(), m_threshold)); - else - { - m_u.resize(m_threshold); - PrepareBulkPolynomialInterpolationAt(field, m_u.begin(), m_outputChannelIds[i], &(m_inputChannelIds[0]), m_w.begin(), m_threshold); - m_outputQueues[i].PutWord32(BulkPolynomialInterpolateAt(field, m_y.begin(), m_u.begin(), m_threshold)); - } - } - } - - if (m_outputChannelIds.size() > 0 && m_outputQueues[0].AnyRetrievable()) - FlushOutputQueues(); - - if (finished) - { - OutputMessageEnds(); - - m_channelsReady = 0; - m_channelsFinished = 0; - m_v.clear(); - - vector<MessageQueue> inputQueues; - vector<word32> inputChannelIds; - - inputQueues.swap(m_inputQueues); - inputChannelIds.swap(m_inputChannelIds); - m_inputChannelMap.clear(); - m_lastMapPosition = m_inputChannelMap.end(); - - for (i=0; i<m_threshold; i++) - { - inputQueues[i].GetNextMessage(); - inputQueues[i].TransferAllTo(*AttachedTransformation(), WordToString(inputChannelIds[i])); - } - } -} - -void RawIDA::FlushOutputQueues() -{ - for (unsigned int i=0; i<m_outputChannelIds.size(); i++) - m_outputQueues[i].TransferAllTo(*AttachedTransformation(), m_outputChannelIdStrings[i]); -} - -void RawIDA::OutputMessageEnds() -{ - if (GetAutoSignalPropagation() != 0) - { - for (unsigned int i=0; i<m_outputChannelIds.size(); i++) - AttachedTransformation()->ChannelMessageEnd(m_outputChannelIdStrings[i], GetAutoSignalPropagation()-1); - } -} - -// **************************************************************** - -void SecretSharing::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_pad = parameters.GetValueWithDefault("AddPadding", true); - m_ida.IsolatedInitialize(parameters); -} - -size_t SecretSharing::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("SecretSharing"); - - SecByteBlock buf(UnsignedMin(256, length)); - unsigned int threshold = m_ida.GetThreshold(); - while (length > 0) - { - size_t len = STDMIN(length, buf.size()); - m_ida.ChannelData(0xffffffff, begin, len, false); - for (unsigned int i=0; i<threshold-1; i++) - { - m_rng.GenerateBlock(buf, len); - m_ida.ChannelData(i, buf, len, false); - } - length -= len; - begin += len; - } - - if (messageEnd) - { - m_ida.SetAutoSignalPropagation(messageEnd-1); - if (m_pad) - { - SecretSharing::Put(1); - while (m_ida.InputBuffered(0xffffffff) > 0) - SecretSharing::Put(0); - } - m_ida.ChannelData(0xffffffff, NULL, 0, true); - for (unsigned int i=0; i<m_ida.GetThreshold()-1; i++) - m_ida.ChannelData(i, NULL, 0, true); - } - - return 0; -} - -void SecretRecovery::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_pad = parameters.GetValueWithDefault("RemovePadding", true); - RawIDA::IsolatedInitialize(CombinedNameValuePairs(parameters, MakeParameters("OutputChannelID", (word32)0xffffffff))); -} - -void SecretRecovery::FlushOutputQueues() -{ - if (m_pad) - m_outputQueues[0].TransferTo(*AttachedTransformation(), m_outputQueues[0].MaxRetrievable()-4); - else - m_outputQueues[0].TransferTo(*AttachedTransformation()); -} - -void SecretRecovery::OutputMessageEnds() -{ - if (m_pad) - { - PaddingRemover paddingRemover(new Redirector(*AttachedTransformation())); - m_outputQueues[0].TransferAllTo(paddingRemover); - } - - if (GetAutoSignalPropagation() != 0) - AttachedTransformation()->MessageEnd(GetAutoSignalPropagation()-1); -} - -// **************************************************************** - -void InformationDispersal::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_nextChannel = 0; - m_pad = parameters.GetValueWithDefault("AddPadding", true); - m_ida.IsolatedInitialize(parameters); -} - -size_t InformationDispersal::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("InformationDispersal"); - - while (length--) - { - m_ida.ChannelData(m_nextChannel, begin, 1, false); - begin++; - m_nextChannel++; - if (m_nextChannel == m_ida.GetThreshold()) - m_nextChannel = 0; - } - - if (messageEnd) - { - m_ida.SetAutoSignalPropagation(messageEnd-1); - if (m_pad) - InformationDispersal::Put(1); - for (word32 i=0; i<m_ida.GetThreshold(); i++) - m_ida.ChannelData(i, NULL, 0, true); - } - - return 0; -} - -void InformationRecovery::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_pad = parameters.GetValueWithDefault("RemovePadding", true); - RawIDA::IsolatedInitialize(parameters); -} - -void InformationRecovery::FlushOutputQueues() -{ - while (m_outputQueues[0].AnyRetrievable()) - { - for (unsigned int i=0; i<m_outputChannelIds.size(); i++) - m_outputQueues[i].TransferTo(m_queue, 1); - } - - if (m_pad) - m_queue.TransferTo(*AttachedTransformation(), m_queue.MaxRetrievable()-4*m_threshold); - else - m_queue.TransferTo(*AttachedTransformation()); -} - -void InformationRecovery::OutputMessageEnds() -{ - if (m_pad) - { - PaddingRemover paddingRemover(new Redirector(*AttachedTransformation())); - m_queue.TransferAllTo(paddingRemover); - } - - if (GetAutoSignalPropagation() != 0) - AttachedTransformation()->MessageEnd(GetAutoSignalPropagation()-1); -} - -size_t PaddingRemover::Put2(const byte *begin, size_t length, int messageEnd, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("PaddingRemover"); - - const byte *const end = begin + length; - - if (m_possiblePadding) - { - size_t len = find_if(begin, end, bind2nd(not_equal_to<byte>(), 0)) - begin; - m_zeroCount += len; - begin += len; - if (begin == end) - return 0; - - AttachedTransformation()->Put(1); - while (m_zeroCount--) - AttachedTransformation()->Put(0); - AttachedTransformation()->Put(*begin++); - m_possiblePadding = false; - } - -#if defined(_MSC_VER) && !defined(__MWERKS__) && (_MSC_VER <= 1300) - // VC60 and VC7 workaround: built-in reverse_iterator has two template parameters, Dinkumware only has one - typedef reverse_bidirectional_iterator<const byte *, const byte> RevIt; -#elif defined(_RWSTD_NO_CLASS_PARTIAL_SPEC) - typedef reverse_iterator<const byte *, random_access_iterator_tag, const byte> RevIt; -#else - typedef reverse_iterator<const byte *> RevIt; -#endif - const byte *x = find_if(RevIt(end), RevIt(begin), bind2nd(not_equal_to<byte>(), 0)).base(); - if (x != begin && *(x-1) == 1) - { - AttachedTransformation()->Put(begin, x-begin-1); - m_possiblePadding = true; - m_zeroCount = end - x; - } - else - AttachedTransformation()->Put(begin, end-begin); - - if (messageEnd) - { - m_possiblePadding = false; - Output(0, begin, length, messageEnd, blocking); - } - return 0; -} - -NAMESPACE_END diff --git a/cryptopp562/ida.h b/cryptopp562/ida.h deleted file mode 100644 index 8ebb4ec..0000000 --- a/cryptopp562/ida.h +++ /dev/null @@ -1,152 +0,0 @@ -#ifndef CRYPTOPP_IDA_H -#define CRYPTOPP_IDA_H - -#include "mqueue.h" -#include "filters.h" -#include "channels.h" -#include <map> -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -/// base class for secret sharing and information dispersal -class RawIDA : public AutoSignaling<Unflushable<Multichannel<Filter> > > -{ -public: - RawIDA(BufferedTransformation *attachment=NULL) - {Detach(attachment);} - - unsigned int GetThreshold() const {return m_threshold;} - void AddOutputChannel(word32 channelId); - void ChannelData(word32 channelId, const byte *inString, size_t length, bool messageEnd); - lword InputBuffered(word32 channelId) const; - - void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) - { - if (!blocking) - throw BlockingInputOnly("RawIDA"); - ChannelData(StringToWord<word32>(channel), begin, length, messageEnd != 0); - return 0; - } - -protected: - virtual void FlushOutputQueues(); - virtual void OutputMessageEnds(); - - unsigned int InsertInputChannel(word32 channelId); - unsigned int LookupInputChannel(word32 channelId) const; - void ComputeV(unsigned int); - void PrepareInterpolation(); - void ProcessInputQueues(); - - typedef std::map<word32, unsigned int> InputChannelMap; - InputChannelMap m_inputChannelMap; - InputChannelMap::iterator m_lastMapPosition; - std::vector<MessageQueue> m_inputQueues; - std::vector<word32> m_inputChannelIds, m_outputChannelIds, m_outputToInput; - std::vector<std::string> m_outputChannelIdStrings; - std::vector<ByteQueue> m_outputQueues; - int m_threshold; - unsigned int m_channelsReady, m_channelsFinished; - std::vector<SecBlock<word32> > m_v; - SecBlock<word32> m_u, m_w, m_y; -}; - -/// a variant of Shamir's Secret Sharing Algorithm -class SecretSharing : public CustomFlushPropagation<Filter> -{ -public: - SecretSharing(RandomNumberGenerator &rng, int threshold, int nShares, BufferedTransformation *attachment=NULL, bool addPadding=true) - : m_rng(rng), m_ida(new OutputProxy(*this, true)) - { - Detach(attachment); - IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("NumberOfShares", nShares)("AddPadding", addPadding)); - } - - void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) {return m_ida.Flush(hardFlush, propagation, blocking);} - -protected: - RandomNumberGenerator &m_rng; - RawIDA m_ida; - bool m_pad; -}; - -/// a variant of Shamir's Secret Sharing Algorithm -class SecretRecovery : public RawIDA -{ -public: - SecretRecovery(int threshold, BufferedTransformation *attachment=NULL, bool removePadding=true) - : RawIDA(attachment) - {IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("RemovePadding", removePadding));} - - void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); - -protected: - void FlushOutputQueues(); - void OutputMessageEnds(); - - bool m_pad; -}; - -/// a variant of Rabin's Information Dispersal Algorithm -class InformationDispersal : public CustomFlushPropagation<Filter> -{ -public: - InformationDispersal(int threshold, int nShares, BufferedTransformation *attachment=NULL, bool addPadding=true) - : m_ida(new OutputProxy(*this, true)) - { - Detach(attachment); - IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("NumberOfShares", nShares)("AddPadding", addPadding)); - } - - void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) {return m_ida.Flush(hardFlush, propagation, blocking);} - -protected: - RawIDA m_ida; - bool m_pad; - unsigned int m_nextChannel; -}; - -/// a variant of Rabin's Information Dispersal Algorithm -class InformationRecovery : public RawIDA -{ -public: - InformationRecovery(int threshold, BufferedTransformation *attachment=NULL, bool removePadding=true) - : RawIDA(attachment) - {IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("RemovePadding", removePadding));} - - void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); - -protected: - void FlushOutputQueues(); - void OutputMessageEnds(); - - bool m_pad; - ByteQueue m_queue; -}; - -class PaddingRemover : public Unflushable<Filter> -{ -public: - PaddingRemover(BufferedTransformation *attachment=NULL) - : m_possiblePadding(false) {Detach(attachment);} - - void IsolatedInitialize(const NameValuePairs ¶meters) {m_possiblePadding = false;} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); - - // GetPossiblePadding() == false at the end of a message indicates incorrect padding - bool GetPossiblePadding() const {return m_possiblePadding;} - -private: - bool m_possiblePadding; - lword m_zeroCount; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/idea.cpp b/cryptopp562/idea.cpp deleted file mode 100644 index 793f912..0000000 --- a/cryptopp562/idea.cpp +++ /dev/null @@ -1,192 +0,0 @@ -// idea.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "idea.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const int IDEA_KEYLEN=(6*IDEA::ROUNDS+4); // key schedule length in # of word16s - -#define low16(x) ((x)&0xffff) // compiler should be able to optimize this away if word is 16 bits -#define high16(x) ((x)>>16) - -CRYPTOPP_COMPILE_ASSERT(sizeof(IDEA::Word) >= 2); - -// should use an inline function but macros are still faster in MSVC 4.0 -#define DirectMUL(a,b) \ -{ \ - assert(b <= 0xffff); \ - \ - word32 p=(word32)low16(a)*b; \ - \ - if (p) \ - { \ - p = low16(p) - high16(p); \ - a = (IDEA::Word)p - (IDEA::Word)high16(p); \ - } \ - else \ - a = 1-a-b; \ -} - -#ifdef IDEA_LARGECACHE -volatile bool IDEA::Base::tablesBuilt = false; -word16 IDEA::Base::log[0x10000]; -word16 IDEA::Base::antilog[0x10000]; - -void IDEA::Base::BuildLogTables() -{ - if (tablesBuilt) - return; - else - { - tablesBuilt = true; - - IDEA::Word x=1; - word32 i; - - for (i=0; i<0x10000; i++) - { - antilog[i] = (word16)x; - DirectMUL(x, 3); - } - - for (i=0; i<0x10000; i++) - log[antilog[i]] = (word16)i; - } -} - -void IDEA::Base::LookupKeyLogs() -{ - IDEA::Word* Z=key; - int r=ROUNDS; - do - { - Z[0] = log[Z[0]]; - Z[3] = log[Z[3]]; - Z[4] = log[Z[4]]; - Z[5] = log[Z[5]]; - Z+=6; - } while (--r); - Z[0] = log[Z[0]]; - Z[3] = log[Z[3]]; -} - -inline void IDEA::Base::LookupMUL(IDEA::Word &a, IDEA::Word b) -{ - a = antilog[low16(log[low16(a)]+b)]; -} -#endif // IDEA_LARGECACHE - -void IDEA::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - -#ifdef IDEA_LARGECACHE - BuildLogTables(); -#endif - - EnKey(userKey); - - if (!IsForwardTransformation()) - DeKey(); - -#ifdef IDEA_LARGECACHE - LookupKeyLogs(); -#endif -} - -void IDEA::Base::EnKey (const byte *userKey) -{ - unsigned int i; - - for (i=0; i<8; i++) - m_key[i] = ((IDEA::Word)userKey[2*i]<<8) | userKey[2*i+1]; - - for (; i<IDEA_KEYLEN; i++) - { - unsigned int j = RoundDownToMultipleOf(i,8U)-8; - m_key[i] = low16((m_key[j+(i+1)%8] << 9) | (m_key[j+(i+2)%8] >> 7)); - } -} - -static IDEA::Word MulInv(IDEA::Word x) -{ - IDEA::Word y=x; - for (unsigned i=0; i<15; i++) - { - DirectMUL(y,low16(y)); - DirectMUL(y,x); - } - return low16(y); -} - -static inline IDEA::Word AddInv(IDEA::Word x) -{ - return low16(0-x); -} - -void IDEA::Base::DeKey() -{ - FixedSizeSecBlock<IDEA::Word, 6*ROUNDS+4> tempkey; - size_t i; - - for (i=0; i<ROUNDS; i++) - { - tempkey[i*6+0] = MulInv(m_key[(ROUNDS-i)*6+0]); - tempkey[i*6+1] = AddInv(m_key[(ROUNDS-i)*6+1+(i>0)]); - tempkey[i*6+2] = AddInv(m_key[(ROUNDS-i)*6+2-(i>0)]); - tempkey[i*6+3] = MulInv(m_key[(ROUNDS-i)*6+3]); - tempkey[i*6+4] = m_key[(ROUNDS-1-i)*6+4]; - tempkey[i*6+5] = m_key[(ROUNDS-1-i)*6+5]; - } - - tempkey[i*6+0] = MulInv(m_key[(ROUNDS-i)*6+0]); - tempkey[i*6+1] = AddInv(m_key[(ROUNDS-i)*6+1]); - tempkey[i*6+2] = AddInv(m_key[(ROUNDS-i)*6+2]); - tempkey[i*6+3] = MulInv(m_key[(ROUNDS-i)*6+3]); - - m_key = tempkey; -} - -#ifdef IDEA_LARGECACHE -#define MUL(a,b) LookupMUL(a,b) -#else -#define MUL(a,b) DirectMUL(a,b) -#endif - -void IDEA::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - typedef BlockGetAndPut<word16, BigEndian> Block; - - const IDEA::Word *key = m_key; - IDEA::Word x0,x1,x2,x3,t0,t1; - Block::Get(inBlock)(x0)(x1)(x2)(x3); - - for (unsigned int i=0; i<ROUNDS; i++) - { - MUL(x0, key[i*6+0]); - x1 += key[i*6+1]; - x2 += key[i*6+2]; - MUL(x3, key[i*6+3]); - t0 = x0^x2; - MUL(t0, key[i*6+4]); - t1 = t0 + (x1^x3); - MUL(t1, key[i*6+5]); - t0 += t1; - x0 ^= t1; - x3 ^= t0; - t0 ^= x1; - x1 = x2^t1; - x2 = t0; - } - - MUL(x0, key[ROUNDS*6+0]); - x2 += key[ROUNDS*6+1]; - x1 += key[ROUNDS*6+2]; - MUL(x3, key[ROUNDS*6+3]); - - Block::Put(xorBlock, outBlock)(x0)(x2)(x1)(x3); -} - -NAMESPACE_END diff --git a/cryptopp562/idea.h b/cryptopp562/idea.h deleted file mode 100644 index 2ab5713..0000000 --- a/cryptopp562/idea.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifndef CRYPTOPP_IDEA_H -#define CRYPTOPP_IDEA_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct IDEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public FixedRounds<8> -{ - static const char *StaticAlgorithmName() {return "IDEA";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#IDEA">IDEA</a> -class IDEA : public IDEA_Info, public BlockCipherDocumentation -{ -public: // made public for internal purposes -#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - typedef word Word; -#else - typedef hword Word; -#endif - -private: - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<IDEA_Info> - { - public: - unsigned int OptimalDataAlignment() const {return 2;} - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - private: - void EnKey(const byte *); - void DeKey(); - FixedSizeSecBlock<Word, 6*ROUNDS+4> m_key; - - #ifdef IDEA_LARGECACHE - static inline void LookupMUL(word &a, word b); - void LookupKeyLogs(); - static void BuildLogTables(); - static volatile bool tablesBuilt; - static word16 log[0x10000], antilog[0x10000]; - #endif - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -typedef IDEA::Encryption IDEAEncryption; -typedef IDEA::Decryption IDEADecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/integer.cpp b/cryptopp562/integer.cpp deleted file mode 100644 index f07cce8..0000000 --- a/cryptopp562/integer.cpp +++ /dev/null @@ -1,4235 +0,0 @@ -// integer.cpp - written and placed in the public domain by Wei Dai -// contains public domain code contributed by Alister Lee and Leonard Janke - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "integer.h" -#include "modarith.h" -#include "nbtheory.h" -#include "asn.h" -#include "oids.h" -#include "words.h" -#include "algparam.h" -#include "pubkey.h" // for P1363_KDF2 -#include "sha.h" -#include "cpu.h" - -#include <iostream> - -#if _MSC_VER >= 1400 - #include <intrin.h> -#endif - -#ifdef __DECCXX - #include <c_asm.h> -#endif - -#ifdef CRYPTOPP_MSVC6_NO_PP - #pragma message("You do not seem to have the Visual C++ Processor Pack installed, so use of SSE2 instructions will be disabled.") -#endif - -#define CRYPTOPP_INTEGER_SSE2 (CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86) - -NAMESPACE_BEGIN(CryptoPP) - -bool AssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt) -{ - if (valueType != typeid(Integer)) - return false; - *reinterpret_cast<Integer *>(pInteger) = *reinterpret_cast<const int *>(pInt); - return true; -} - -inline static int Compare(const word *A, const word *B, size_t N) -{ - while (N--) - if (A[N] > B[N]) - return 1; - else if (A[N] < B[N]) - return -1; - - return 0; -} - -inline static int Increment(word *A, size_t N, word B=1) -{ - assert(N); - word t = A[0]; - A[0] = t+B; - if (A[0] >= t) - return 0; - for (unsigned i=1; i<N; i++) - if (++A[i]) - return 0; - return 1; -} - -inline static int Decrement(word *A, size_t N, word B=1) -{ - assert(N); - word t = A[0]; - A[0] = t-B; - if (A[0] <= t) - return 0; - for (unsigned i=1; i<N; i++) - if (A[i]--) - return 0; - return 1; -} - -static void TwosComplement(word *A, size_t N) -{ - Decrement(A, N); - for (unsigned i=0; i<N; i++) - A[i] = ~A[i]; -} - -static word AtomicInverseModPower2(word A) -{ - assert(A%2==1); - - word R=A%8; - - for (unsigned i=3; i<WORD_BITS; i*=2) - R = R*(2-R*A); - - assert(R*A==1); - return R; -} - -// ******************************************************** - -#if !defined(CRYPTOPP_NATIVE_DWORD_AVAILABLE) || (defined(__x86_64__) && defined(CRYPTOPP_WORD128_AVAILABLE)) - #define Declare2Words(x) word x##0, x##1; - #define AssignWord(a, b) a##0 = b; a##1 = 0; - #define Add2WordsBy1(a, b, c) a##0 = b##0 + c; a##1 = b##1 + (a##0 < c); - #define LowWord(a) a##0 - #define HighWord(a) a##1 - #ifdef _MSC_VER - #define MultiplyWordsLoHi(p0, p1, a, b) p0 = _umul128(a, b, &p1); - #ifndef __INTEL_COMPILER - #define Double3Words(c, d) d##1 = __shiftleft128(d##0, d##1, 1); d##0 = __shiftleft128(c, d##0, 1); c *= 2; - #endif - #elif defined(__DECCXX) - #define MultiplyWordsLoHi(p0, p1, a, b) p0 = a*b; p1 = asm("umulh %a0, %a1, %v0", a, b); - #elif defined(__x86_64__) - #if defined(__SUNPRO_CC) && __SUNPRO_CC < 0x5100 - // Sun Studio's gcc-style inline assembly is heavily bugged as of version 5.9 Patch 124864-09 2008/12/16, but this one works - #define MultiplyWordsLoHi(p0, p1, a, b) asm ("mulq %3" : "=a"(p0), "=d"(p1) : "a"(a), "r"(b) : "cc"); - #else - #define MultiplyWordsLoHi(p0, p1, a, b) asm ("mulq %3" : "=a"(p0), "=d"(p1) : "a"(a), "g"(b) : "cc"); - #define MulAcc(c, d, a, b) asm ("mulq %6; addq %3, %0; adcq %4, %1; adcq $0, %2;" : "+r"(c), "+r"(d##0), "+r"(d##1), "=a"(p0), "=d"(p1) : "a"(a), "g"(b) : "cc"); - #define Double3Words(c, d) asm ("addq %0, %0; adcq %1, %1; adcq %2, %2;" : "+r"(c), "+r"(d##0), "+r"(d##1) : : "cc"); - #define Acc2WordsBy1(a, b) asm ("addq %2, %0; adcq $0, %1;" : "+r"(a##0), "+r"(a##1) : "r"(b) : "cc"); - #define Acc2WordsBy2(a, b) asm ("addq %2, %0; adcq %3, %1;" : "+r"(a##0), "+r"(a##1) : "r"(b##0), "r"(b##1) : "cc"); - #define Acc3WordsBy2(c, d, e) asm ("addq %5, %0; adcq %6, %1; adcq $0, %2;" : "+r"(c), "=r"(e##0), "=r"(e##1) : "1"(d##0), "2"(d##1), "r"(e##0), "r"(e##1) : "cc"); - #endif - #endif - #define MultiplyWords(p, a, b) MultiplyWordsLoHi(p##0, p##1, a, b) - #ifndef Double3Words - #define Double3Words(c, d) d##1 = 2*d##1 + (d##0>>(WORD_BITS-1)); d##0 = 2*d##0 + (c>>(WORD_BITS-1)); c *= 2; - #endif - #ifndef Acc2WordsBy2 - #define Acc2WordsBy2(a, b) a##0 += b##0; a##1 += a##0 < b##0; a##1 += b##1; - #endif - #define AddWithCarry(u, a, b) {word t = a+b; u##0 = t + u##1; u##1 = (t<a) + (u##0<t);} - #define SubtractWithBorrow(u, a, b) {word t = a-b; u##0 = t - u##1; u##1 = (t>a) + (u##0>t);} - #define GetCarry(u) u##1 - #define GetBorrow(u) u##1 -#else - #define Declare2Words(x) dword x; - #if _MSC_VER >= 1400 && !defined(__INTEL_COMPILER) - #define MultiplyWords(p, a, b) p = __emulu(a, b); - #else - #define MultiplyWords(p, a, b) p = (dword)a*b; - #endif - #define AssignWord(a, b) a = b; - #define Add2WordsBy1(a, b, c) a = b + c; - #define Acc2WordsBy2(a, b) a += b; - #define LowWord(a) word(a) - #define HighWord(a) word(a>>WORD_BITS) - #define Double3Words(c, d) d = 2*d + (c>>(WORD_BITS-1)); c *= 2; - #define AddWithCarry(u, a, b) u = dword(a) + b + GetCarry(u); - #define SubtractWithBorrow(u, a, b) u = dword(a) - b - GetBorrow(u); - #define GetCarry(u) HighWord(u) - #define GetBorrow(u) word(u>>(WORD_BITS*2-1)) -#endif -#ifndef MulAcc - #define MulAcc(c, d, a, b) MultiplyWords(p, a, b); Acc2WordsBy1(p, c); c = LowWord(p); Acc2WordsBy1(d, HighWord(p)); -#endif -#ifndef Acc2WordsBy1 - #define Acc2WordsBy1(a, b) Add2WordsBy1(a, a, b) -#endif -#ifndef Acc3WordsBy2 - #define Acc3WordsBy2(c, d, e) Acc2WordsBy1(e, c); c = LowWord(e); Add2WordsBy1(e, d, HighWord(e)); -#endif - -class DWord -{ -public: - DWord() {} - -#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - explicit DWord(word low) - { - m_whole = low; - } -#else - explicit DWord(word low) - { - m_halfs.low = low; - m_halfs.high = 0; - } -#endif - - DWord(word low, word high) - { - m_halfs.low = low; - m_halfs.high = high; - } - - static DWord Multiply(word a, word b) - { - DWord r; - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - r.m_whole = (dword)a * b; - #elif defined(MultiplyWordsLoHi) - MultiplyWordsLoHi(r.m_halfs.low, r.m_halfs.high, a, b); - #endif - return r; - } - - static DWord MultiplyAndAdd(word a, word b, word c) - { - DWord r = Multiply(a, b); - return r += c; - } - - DWord & operator+=(word a) - { - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - m_whole = m_whole + a; - #else - m_halfs.low += a; - m_halfs.high += (m_halfs.low < a); - #endif - return *this; - } - - DWord operator+(word a) - { - DWord r; - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - r.m_whole = m_whole + a; - #else - r.m_halfs.low = m_halfs.low + a; - r.m_halfs.high = m_halfs.high + (r.m_halfs.low < a); - #endif - return r; - } - - DWord operator-(DWord a) - { - DWord r; - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - r.m_whole = m_whole - a.m_whole; - #else - r.m_halfs.low = m_halfs.low - a.m_halfs.low; - r.m_halfs.high = m_halfs.high - a.m_halfs.high - (r.m_halfs.low > m_halfs.low); - #endif - return r; - } - - DWord operator-(word a) - { - DWord r; - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - r.m_whole = m_whole - a; - #else - r.m_halfs.low = m_halfs.low - a; - r.m_halfs.high = m_halfs.high - (r.m_halfs.low > m_halfs.low); - #endif - return r; - } - - // returns quotient, which must fit in a word - word operator/(word divisor); - - word operator%(word a); - - bool operator!() const - { - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - return !m_whole; - #else - return !m_halfs.high && !m_halfs.low; - #endif - } - - word GetLowHalf() const {return m_halfs.low;} - word GetHighHalf() const {return m_halfs.high;} - word GetHighHalfAsBorrow() const {return 0-m_halfs.high;} - -private: - union - { - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - dword m_whole; - #endif - struct - { - #ifdef IS_LITTLE_ENDIAN - word low; - word high; - #else - word high; - word low; - #endif - } m_halfs; - }; -}; - -class Word -{ -public: - Word() {} - - Word(word value) - { - m_whole = value; - } - - Word(hword low, hword high) - { - m_whole = low | (word(high) << (WORD_BITS/2)); - } - - static Word Multiply(hword a, hword b) - { - Word r; - r.m_whole = (word)a * b; - return r; - } - - Word operator-(Word a) - { - Word r; - r.m_whole = m_whole - a.m_whole; - return r; - } - - Word operator-(hword a) - { - Word r; - r.m_whole = m_whole - a; - return r; - } - - // returns quotient, which must fit in a word - hword operator/(hword divisor) - { - return hword(m_whole / divisor); - } - - bool operator!() const - { - return !m_whole; - } - - word GetWhole() const {return m_whole;} - hword GetLowHalf() const {return hword(m_whole);} - hword GetHighHalf() const {return hword(m_whole>>(WORD_BITS/2));} - hword GetHighHalfAsBorrow() const {return 0-hword(m_whole>>(WORD_BITS/2));} - -private: - word m_whole; -}; - -// do a 3 word by 2 word divide, returns quotient and leaves remainder in A -template <class S, class D> -S DivideThreeWordsByTwo(S *A, S B0, S B1, D *dummy=NULL) -{ - // assert {A[2],A[1]} < {B1,B0}, so quotient can fit in a S - assert(A[2] < B1 || (A[2]==B1 && A[1] < B0)); - - // estimate the quotient: do a 2 S by 1 S divide - S Q; - if (S(B1+1) == 0) - Q = A[2]; - else if (B1 > 0) - Q = D(A[1], A[2]) / S(B1+1); - else - Q = D(A[0], A[1]) / B0; - - // now subtract Q*B from A - D p = D::Multiply(B0, Q); - D u = (D) A[0] - p.GetLowHalf(); - A[0] = u.GetLowHalf(); - u = (D) A[1] - p.GetHighHalf() - u.GetHighHalfAsBorrow() - D::Multiply(B1, Q); - A[1] = u.GetLowHalf(); - A[2] += u.GetHighHalf(); - - // Q <= actual quotient, so fix it - while (A[2] || A[1] > B1 || (A[1]==B1 && A[0]>=B0)) - { - u = (D) A[0] - B0; - A[0] = u.GetLowHalf(); - u = (D) A[1] - B1 - u.GetHighHalfAsBorrow(); - A[1] = u.GetLowHalf(); - A[2] += u.GetHighHalf(); - Q++; - assert(Q); // shouldn't overflow - } - - return Q; -} - -// do a 4 word by 2 word divide, returns 2 word quotient in Q0 and Q1 -template <class S, class D> -inline D DivideFourWordsByTwo(S *T, const D &Al, const D &Ah, const D &B) -{ - if (!B) // if divisor is 0, we assume divisor==2**(2*WORD_BITS) - return D(Ah.GetLowHalf(), Ah.GetHighHalf()); - else - { - S Q[2]; - T[0] = Al.GetLowHalf(); - T[1] = Al.GetHighHalf(); - T[2] = Ah.GetLowHalf(); - T[3] = Ah.GetHighHalf(); - Q[1] = DivideThreeWordsByTwo<S, D>(T+1, B.GetLowHalf(), B.GetHighHalf()); - Q[0] = DivideThreeWordsByTwo<S, D>(T, B.GetLowHalf(), B.GetHighHalf()); - return D(Q[0], Q[1]); - } -} - -// returns quotient, which must fit in a word -inline word DWord::operator/(word a) -{ - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - return word(m_whole / a); - #else - hword r[4]; - return DivideFourWordsByTwo<hword, Word>(r, m_halfs.low, m_halfs.high, a).GetWhole(); - #endif -} - -inline word DWord::operator%(word a) -{ - #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - return word(m_whole % a); - #else - if (a < (word(1) << (WORD_BITS/2))) - { - hword h = hword(a); - word r = m_halfs.high % h; - r = ((m_halfs.low >> (WORD_BITS/2)) + (r << (WORD_BITS/2))) % h; - return hword((hword(m_halfs.low) + (r << (WORD_BITS/2))) % h); - } - else - { - hword r[4]; - DivideFourWordsByTwo<hword, Word>(r, m_halfs.low, m_halfs.high, a); - return Word(r[0], r[1]).GetWhole(); - } - #endif -} - -// ******************************************************** - -// use some tricks to share assembly code between MSVC and GCC -#if defined(__GNUC__) - #define AddPrologue \ - int result; \ - __asm__ __volatile__ \ - ( \ - ".intel_syntax noprefix;" - #define AddEpilogue \ - ".att_syntax prefix;" \ - : "=a" (result)\ - : "d" (C), "a" (A), "D" (B), "c" (N) \ - : "%esi", "memory", "cc" \ - );\ - return result; - #define MulPrologue \ - __asm__ __volatile__ \ - ( \ - ".intel_syntax noprefix;" \ - AS1( push ebx) \ - AS2( mov ebx, edx) - #define MulEpilogue \ - AS1( pop ebx) \ - ".att_syntax prefix;" \ - : \ - : "d" (s_maskLow16), "c" (C), "a" (A), "D" (B) \ - : "%esi", "memory", "cc" \ - ); - #define SquPrologue MulPrologue - #define SquEpilogue \ - AS1( pop ebx) \ - ".att_syntax prefix;" \ - : \ - : "d" (s_maskLow16), "c" (C), "a" (A) \ - : "%esi", "%edi", "memory", "cc" \ - ); - #define TopPrologue MulPrologue - #define TopEpilogue \ - AS1( pop ebx) \ - ".att_syntax prefix;" \ - : \ - : "d" (s_maskLow16), "c" (C), "a" (A), "D" (B), "S" (L) \ - : "memory", "cc" \ - ); -#else - #define AddPrologue \ - __asm push edi \ - __asm push esi \ - __asm mov eax, [esp+12] \ - __asm mov edi, [esp+16] - #define AddEpilogue \ - __asm pop esi \ - __asm pop edi \ - __asm ret 8 -#if _MSC_VER < 1300 - #define SaveEBX __asm push ebx - #define RestoreEBX __asm pop ebx -#else - #define SaveEBX - #define RestoreEBX -#endif - #define SquPrologue \ - AS2( mov eax, A) \ - AS2( mov ecx, C) \ - SaveEBX \ - AS2( lea ebx, s_maskLow16) - #define MulPrologue \ - AS2( mov eax, A) \ - AS2( mov edi, B) \ - AS2( mov ecx, C) \ - SaveEBX \ - AS2( lea ebx, s_maskLow16) - #define TopPrologue \ - AS2( mov eax, A) \ - AS2( mov edi, B) \ - AS2( mov ecx, C) \ - AS2( mov esi, L) \ - SaveEBX \ - AS2( lea ebx, s_maskLow16) - #define SquEpilogue RestoreEBX - #define MulEpilogue RestoreEBX - #define TopEpilogue RestoreEBX -#endif - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE -extern "C" { -int Baseline_Add(size_t N, word *C, const word *A, const word *B); -int Baseline_Sub(size_t N, word *C, const word *A, const word *B); -} -#elif defined(CRYPTOPP_X64_ASM_AVAILABLE) && defined(__GNUC__) && defined(CRYPTOPP_WORD128_AVAILABLE) -int Baseline_Add(size_t N, word *C, const word *A, const word *B) -{ - word result; - __asm__ __volatile__ - ( - ".intel_syntax;" - AS1( neg %1) - ASJ( jz, 1, f) - AS2( mov %0,[%3+8*%1]) - AS2( add %0,[%4+8*%1]) - AS2( mov [%2+8*%1],%0) - ASL(0) - AS2( mov %0,[%3+8*%1+8]) - AS2( adc %0,[%4+8*%1+8]) - AS2( mov [%2+8*%1+8],%0) - AS2( lea %1,[%1+2]) - ASJ( jrcxz, 1, f) - AS2( mov %0,[%3+8*%1]) - AS2( adc %0,[%4+8*%1]) - AS2( mov [%2+8*%1],%0) - ASJ( jmp, 0, b) - ASL(1) - AS2( mov %0, 0) - AS2( adc %0, %0) - ".att_syntax;" - : "=&r" (result), "+c" (N) - : "r" (C+N), "r" (A+N), "r" (B+N) - : "memory", "cc" - ); - return (int)result; -} - -int Baseline_Sub(size_t N, word *C, const word *A, const word *B) -{ - word result; - __asm__ __volatile__ - ( - ".intel_syntax;" - AS1( neg %1) - ASJ( jz, 1, f) - AS2( mov %0,[%3+8*%1]) - AS2( sub %0,[%4+8*%1]) - AS2( mov [%2+8*%1],%0) - ASL(0) - AS2( mov %0,[%3+8*%1+8]) - AS2( sbb %0,[%4+8*%1+8]) - AS2( mov [%2+8*%1+8],%0) - AS2( lea %1,[%1+2]) - ASJ( jrcxz, 1, f) - AS2( mov %0,[%3+8*%1]) - AS2( sbb %0,[%4+8*%1]) - AS2( mov [%2+8*%1],%0) - ASJ( jmp, 0, b) - ASL(1) - AS2( mov %0, 0) - AS2( adc %0, %0) - ".att_syntax;" - : "=&r" (result), "+c" (N) - : "r" (C+N), "r" (A+N), "r" (B+N) - : "memory", "cc" - ); - return (int)result; -} -#elif defined(CRYPTOPP_X86_ASM_AVAILABLE) && CRYPTOPP_BOOL_X86 -CRYPTOPP_NAKED int CRYPTOPP_FASTCALL Baseline_Add(size_t N, word *C, const word *A, const word *B) -{ - AddPrologue - - // now: eax = A, edi = B, edx = C, ecx = N - AS2( lea eax, [eax+4*ecx]) - AS2( lea edi, [edi+4*ecx]) - AS2( lea edx, [edx+4*ecx]) - - AS1( neg ecx) // ecx is negative index - AS2( test ecx, 2) // this clears carry flag - ASJ( jz, 0, f) - AS2( sub ecx, 2) - ASJ( jmp, 1, f) - - ASL(0) - ASJ( jecxz, 2, f) // loop until ecx overflows and becomes zero - AS2( mov esi,[eax+4*ecx]) - AS2( adc esi,[edi+4*ecx]) - AS2( mov [edx+4*ecx],esi) - AS2( mov esi,[eax+4*ecx+4]) - AS2( adc esi,[edi+4*ecx+4]) - AS2( mov [edx+4*ecx+4],esi) - ASL(1) - AS2( mov esi,[eax+4*ecx+8]) - AS2( adc esi,[edi+4*ecx+8]) - AS2( mov [edx+4*ecx+8],esi) - AS2( mov esi,[eax+4*ecx+12]) - AS2( adc esi,[edi+4*ecx+12]) - AS2( mov [edx+4*ecx+12],esi) - - AS2( lea ecx,[ecx+4]) // advance index, avoid inc which causes slowdown on Intel Core 2 - ASJ( jmp, 0, b) - - ASL(2) - AS2( mov eax, 0) - AS1( setc al) // store carry into eax (return result register) - - AddEpilogue -} - -CRYPTOPP_NAKED int CRYPTOPP_FASTCALL Baseline_Sub(size_t N, word *C, const word *A, const word *B) -{ - AddPrologue - - // now: eax = A, edi = B, edx = C, ecx = N - AS2( lea eax, [eax+4*ecx]) - AS2( lea edi, [edi+4*ecx]) - AS2( lea edx, [edx+4*ecx]) - - AS1( neg ecx) // ecx is negative index - AS2( test ecx, 2) // this clears carry flag - ASJ( jz, 0, f) - AS2( sub ecx, 2) - ASJ( jmp, 1, f) - - ASL(0) - ASJ( jecxz, 2, f) // loop until ecx overflows and becomes zero - AS2( mov esi,[eax+4*ecx]) - AS2( sbb esi,[edi+4*ecx]) - AS2( mov [edx+4*ecx],esi) - AS2( mov esi,[eax+4*ecx+4]) - AS2( sbb esi,[edi+4*ecx+4]) - AS2( mov [edx+4*ecx+4],esi) - ASL(1) - AS2( mov esi,[eax+4*ecx+8]) - AS2( sbb esi,[edi+4*ecx+8]) - AS2( mov [edx+4*ecx+8],esi) - AS2( mov esi,[eax+4*ecx+12]) - AS2( sbb esi,[edi+4*ecx+12]) - AS2( mov [edx+4*ecx+12],esi) - - AS2( lea ecx,[ecx+4]) // advance index, avoid inc which causes slowdown on Intel Core 2 - ASJ( jmp, 0, b) - - ASL(2) - AS2( mov eax, 0) - AS1( setc al) // store carry into eax (return result register) - - AddEpilogue -} - -#if CRYPTOPP_INTEGER_SSE2 -CRYPTOPP_NAKED int CRYPTOPP_FASTCALL SSE2_Add(size_t N, word *C, const word *A, const word *B) -{ - AddPrologue - - // now: eax = A, edi = B, edx = C, ecx = N - AS2( lea eax, [eax+4*ecx]) - AS2( lea edi, [edi+4*ecx]) - AS2( lea edx, [edx+4*ecx]) - - AS1( neg ecx) // ecx is negative index - AS2( pxor mm2, mm2) - ASJ( jz, 2, f) - AS2( test ecx, 2) // this clears carry flag - ASJ( jz, 0, f) - AS2( sub ecx, 2) - ASJ( jmp, 1, f) - - ASL(0) - AS2( movd mm0, DWORD PTR [eax+4*ecx]) - AS2( movd mm1, DWORD PTR [edi+4*ecx]) - AS2( paddq mm0, mm1) - AS2( paddq mm2, mm0) - AS2( movd DWORD PTR [edx+4*ecx], mm2) - AS2( psrlq mm2, 32) - - AS2( movd mm0, DWORD PTR [eax+4*ecx+4]) - AS2( movd mm1, DWORD PTR [edi+4*ecx+4]) - AS2( paddq mm0, mm1) - AS2( paddq mm2, mm0) - AS2( movd DWORD PTR [edx+4*ecx+4], mm2) - AS2( psrlq mm2, 32) - - ASL(1) - AS2( movd mm0, DWORD PTR [eax+4*ecx+8]) - AS2( movd mm1, DWORD PTR [edi+4*ecx+8]) - AS2( paddq mm0, mm1) - AS2( paddq mm2, mm0) - AS2( movd DWORD PTR [edx+4*ecx+8], mm2) - AS2( psrlq mm2, 32) - - AS2( movd mm0, DWORD PTR [eax+4*ecx+12]) - AS2( movd mm1, DWORD PTR [edi+4*ecx+12]) - AS2( paddq mm0, mm1) - AS2( paddq mm2, mm0) - AS2( movd DWORD PTR [edx+4*ecx+12], mm2) - AS2( psrlq mm2, 32) - - AS2( add ecx, 4) - ASJ( jnz, 0, b) - - ASL(2) - AS2( movd eax, mm2) - AS1( emms) - - AddEpilogue -} -CRYPTOPP_NAKED int CRYPTOPP_FASTCALL SSE2_Sub(size_t N, word *C, const word *A, const word *B) -{ - AddPrologue - - // now: eax = A, edi = B, edx = C, ecx = N - AS2( lea eax, [eax+4*ecx]) - AS2( lea edi, [edi+4*ecx]) - AS2( lea edx, [edx+4*ecx]) - - AS1( neg ecx) // ecx is negative index - AS2( pxor mm2, mm2) - ASJ( jz, 2, f) - AS2( test ecx, 2) // this clears carry flag - ASJ( jz, 0, f) - AS2( sub ecx, 2) - ASJ( jmp, 1, f) - - ASL(0) - AS2( movd mm0, DWORD PTR [eax+4*ecx]) - AS2( movd mm1, DWORD PTR [edi+4*ecx]) - AS2( psubq mm0, mm1) - AS2( psubq mm0, mm2) - AS2( movd DWORD PTR [edx+4*ecx], mm0) - AS2( psrlq mm0, 63) - - AS2( movd mm2, DWORD PTR [eax+4*ecx+4]) - AS2( movd mm1, DWORD PTR [edi+4*ecx+4]) - AS2( psubq mm2, mm1) - AS2( psubq mm2, mm0) - AS2( movd DWORD PTR [edx+4*ecx+4], mm2) - AS2( psrlq mm2, 63) - - ASL(1) - AS2( movd mm0, DWORD PTR [eax+4*ecx+8]) - AS2( movd mm1, DWORD PTR [edi+4*ecx+8]) - AS2( psubq mm0, mm1) - AS2( psubq mm0, mm2) - AS2( movd DWORD PTR [edx+4*ecx+8], mm0) - AS2( psrlq mm0, 63) - - AS2( movd mm2, DWORD PTR [eax+4*ecx+12]) - AS2( movd mm1, DWORD PTR [edi+4*ecx+12]) - AS2( psubq mm2, mm1) - AS2( psubq mm2, mm0) - AS2( movd DWORD PTR [edx+4*ecx+12], mm2) - AS2( psrlq mm2, 63) - - AS2( add ecx, 4) - ASJ( jnz, 0, b) - - ASL(2) - AS2( movd eax, mm2) - AS1( emms) - - AddEpilogue -} -#endif // #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#else -int CRYPTOPP_FASTCALL Baseline_Add(size_t N, word *C, const word *A, const word *B) -{ - assert (N%2 == 0); - - Declare2Words(u); - AssignWord(u, 0); - for (size_t i=0; i<N; i+=2) - { - AddWithCarry(u, A[i], B[i]); - C[i] = LowWord(u); - AddWithCarry(u, A[i+1], B[i+1]); - C[i+1] = LowWord(u); - } - return int(GetCarry(u)); -} - -int CRYPTOPP_FASTCALL Baseline_Sub(size_t N, word *C, const word *A, const word *B) -{ - assert (N%2 == 0); - - Declare2Words(u); - AssignWord(u, 0); - for (size_t i=0; i<N; i+=2) - { - SubtractWithBorrow(u, A[i], B[i]); - C[i] = LowWord(u); - SubtractWithBorrow(u, A[i+1], B[i+1]); - C[i+1] = LowWord(u); - } - return int(GetBorrow(u)); -} -#endif - -static word LinearMultiply(word *C, const word *A, word B, size_t N) -{ - word carry=0; - for(unsigned i=0; i<N; i++) - { - Declare2Words(p); - MultiplyWords(p, A[i], B); - Acc2WordsBy1(p, carry); - C[i] = LowWord(p); - carry = HighWord(p); - } - return carry; -} - -#ifndef CRYPTOPP_DOXYGEN_PROCESSING - -#define Mul_2 \ - Mul_Begin(2) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_End(1, 1) - -#define Mul_4 \ - Mul_Begin(4) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_SaveAcc(1, 0, 2) Mul_Acc(1, 1) Mul_Acc(2, 0) \ - Mul_SaveAcc(2, 0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0) \ - Mul_SaveAcc(3, 1, 3) Mul_Acc(2, 2) Mul_Acc(3, 1) \ - Mul_SaveAcc(4, 2, 3) Mul_Acc(3, 2) \ - Mul_End(5, 3) - -#define Mul_8 \ - Mul_Begin(8) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_SaveAcc(1, 0, 2) Mul_Acc(1, 1) Mul_Acc(2, 0) \ - Mul_SaveAcc(2, 0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0) \ - Mul_SaveAcc(3, 0, 4) Mul_Acc(1, 3) Mul_Acc(2, 2) Mul_Acc(3, 1) Mul_Acc(4, 0) \ - Mul_SaveAcc(4, 0, 5) Mul_Acc(1, 4) Mul_Acc(2, 3) Mul_Acc(3, 2) Mul_Acc(4, 1) Mul_Acc(5, 0) \ - Mul_SaveAcc(5, 0, 6) Mul_Acc(1, 5) Mul_Acc(2, 4) Mul_Acc(3, 3) Mul_Acc(4, 2) Mul_Acc(5, 1) Mul_Acc(6, 0) \ - Mul_SaveAcc(6, 0, 7) Mul_Acc(1, 6) Mul_Acc(2, 5) Mul_Acc(3, 4) Mul_Acc(4, 3) Mul_Acc(5, 2) Mul_Acc(6, 1) Mul_Acc(7, 0) \ - Mul_SaveAcc(7, 1, 7) Mul_Acc(2, 6) Mul_Acc(3, 5) Mul_Acc(4, 4) Mul_Acc(5, 3) Mul_Acc(6, 2) Mul_Acc(7, 1) \ - Mul_SaveAcc(8, 2, 7) Mul_Acc(3, 6) Mul_Acc(4, 5) Mul_Acc(5, 4) Mul_Acc(6, 3) Mul_Acc(7, 2) \ - Mul_SaveAcc(9, 3, 7) Mul_Acc(4, 6) Mul_Acc(5, 5) Mul_Acc(6, 4) Mul_Acc(7, 3) \ - Mul_SaveAcc(10, 4, 7) Mul_Acc(5, 6) Mul_Acc(6, 5) Mul_Acc(7, 4) \ - Mul_SaveAcc(11, 5, 7) Mul_Acc(6, 6) Mul_Acc(7, 5) \ - Mul_SaveAcc(12, 6, 7) Mul_Acc(7, 6) \ - Mul_End(13, 7) - -#define Mul_16 \ - Mul_Begin(16) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_SaveAcc(1, 0, 2) Mul_Acc(1, 1) Mul_Acc(2, 0) \ - Mul_SaveAcc(2, 0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0) \ - Mul_SaveAcc(3, 0, 4) Mul_Acc(1, 3) Mul_Acc(2, 2) Mul_Acc(3, 1) Mul_Acc(4, 0) \ - Mul_SaveAcc(4, 0, 5) Mul_Acc(1, 4) Mul_Acc(2, 3) Mul_Acc(3, 2) Mul_Acc(4, 1) Mul_Acc(5, 0) \ - Mul_SaveAcc(5, 0, 6) Mul_Acc(1, 5) Mul_Acc(2, 4) Mul_Acc(3, 3) Mul_Acc(4, 2) Mul_Acc(5, 1) Mul_Acc(6, 0) \ - Mul_SaveAcc(6, 0, 7) Mul_Acc(1, 6) Mul_Acc(2, 5) Mul_Acc(3, 4) Mul_Acc(4, 3) Mul_Acc(5, 2) Mul_Acc(6, 1) Mul_Acc(7, 0) \ - Mul_SaveAcc(7, 0, 8) Mul_Acc(1, 7) Mul_Acc(2, 6) Mul_Acc(3, 5) Mul_Acc(4, 4) Mul_Acc(5, 3) Mul_Acc(6, 2) Mul_Acc(7, 1) Mul_Acc(8, 0) \ - Mul_SaveAcc(8, 0, 9) Mul_Acc(1, 8) Mul_Acc(2, 7) Mul_Acc(3, 6) Mul_Acc(4, 5) Mul_Acc(5, 4) Mul_Acc(6, 3) Mul_Acc(7, 2) Mul_Acc(8, 1) Mul_Acc(9, 0) \ - Mul_SaveAcc(9, 0, 10) Mul_Acc(1, 9) Mul_Acc(2, 8) Mul_Acc(3, 7) Mul_Acc(4, 6) Mul_Acc(5, 5) Mul_Acc(6, 4) Mul_Acc(7, 3) Mul_Acc(8, 2) Mul_Acc(9, 1) Mul_Acc(10, 0) \ - Mul_SaveAcc(10, 0, 11) Mul_Acc(1, 10) Mul_Acc(2, 9) Mul_Acc(3, 8) Mul_Acc(4, 7) Mul_Acc(5, 6) Mul_Acc(6, 5) Mul_Acc(7, 4) Mul_Acc(8, 3) Mul_Acc(9, 2) Mul_Acc(10, 1) Mul_Acc(11, 0) \ - Mul_SaveAcc(11, 0, 12) Mul_Acc(1, 11) Mul_Acc(2, 10) Mul_Acc(3, 9) Mul_Acc(4, 8) Mul_Acc(5, 7) Mul_Acc(6, 6) Mul_Acc(7, 5) Mul_Acc(8, 4) Mul_Acc(9, 3) Mul_Acc(10, 2) Mul_Acc(11, 1) Mul_Acc(12, 0) \ - Mul_SaveAcc(12, 0, 13) Mul_Acc(1, 12) Mul_Acc(2, 11) Mul_Acc(3, 10) Mul_Acc(4, 9) Mul_Acc(5, 8) Mul_Acc(6, 7) Mul_Acc(7, 6) Mul_Acc(8, 5) Mul_Acc(9, 4) Mul_Acc(10, 3) Mul_Acc(11, 2) Mul_Acc(12, 1) Mul_Acc(13, 0) \ - Mul_SaveAcc(13, 0, 14) Mul_Acc(1, 13) Mul_Acc(2, 12) Mul_Acc(3, 11) Mul_Acc(4, 10) Mul_Acc(5, 9) Mul_Acc(6, 8) Mul_Acc(7, 7) Mul_Acc(8, 6) Mul_Acc(9, 5) Mul_Acc(10, 4) Mul_Acc(11, 3) Mul_Acc(12, 2) Mul_Acc(13, 1) Mul_Acc(14, 0) \ - Mul_SaveAcc(14, 0, 15) Mul_Acc(1, 14) Mul_Acc(2, 13) Mul_Acc(3, 12) Mul_Acc(4, 11) Mul_Acc(5, 10) Mul_Acc(6, 9) Mul_Acc(7, 8) Mul_Acc(8, 7) Mul_Acc(9, 6) Mul_Acc(10, 5) Mul_Acc(11, 4) Mul_Acc(12, 3) Mul_Acc(13, 2) Mul_Acc(14, 1) Mul_Acc(15, 0) \ - Mul_SaveAcc(15, 1, 15) Mul_Acc(2, 14) Mul_Acc(3, 13) Mul_Acc(4, 12) Mul_Acc(5, 11) Mul_Acc(6, 10) Mul_Acc(7, 9) Mul_Acc(8, 8) Mul_Acc(9, 7) Mul_Acc(10, 6) Mul_Acc(11, 5) Mul_Acc(12, 4) Mul_Acc(13, 3) Mul_Acc(14, 2) Mul_Acc(15, 1) \ - Mul_SaveAcc(16, 2, 15) Mul_Acc(3, 14) Mul_Acc(4, 13) Mul_Acc(5, 12) Mul_Acc(6, 11) Mul_Acc(7, 10) Mul_Acc(8, 9) Mul_Acc(9, 8) Mul_Acc(10, 7) Mul_Acc(11, 6) Mul_Acc(12, 5) Mul_Acc(13, 4) Mul_Acc(14, 3) Mul_Acc(15, 2) \ - Mul_SaveAcc(17, 3, 15) Mul_Acc(4, 14) Mul_Acc(5, 13) Mul_Acc(6, 12) Mul_Acc(7, 11) Mul_Acc(8, 10) Mul_Acc(9, 9) Mul_Acc(10, 8) Mul_Acc(11, 7) Mul_Acc(12, 6) Mul_Acc(13, 5) Mul_Acc(14, 4) Mul_Acc(15, 3) \ - Mul_SaveAcc(18, 4, 15) Mul_Acc(5, 14) Mul_Acc(6, 13) Mul_Acc(7, 12) Mul_Acc(8, 11) Mul_Acc(9, 10) Mul_Acc(10, 9) Mul_Acc(11, 8) Mul_Acc(12, 7) Mul_Acc(13, 6) Mul_Acc(14, 5) Mul_Acc(15, 4) \ - Mul_SaveAcc(19, 5, 15) Mul_Acc(6, 14) Mul_Acc(7, 13) Mul_Acc(8, 12) Mul_Acc(9, 11) Mul_Acc(10, 10) Mul_Acc(11, 9) Mul_Acc(12, 8) Mul_Acc(13, 7) Mul_Acc(14, 6) Mul_Acc(15, 5) \ - Mul_SaveAcc(20, 6, 15) Mul_Acc(7, 14) Mul_Acc(8, 13) Mul_Acc(9, 12) Mul_Acc(10, 11) Mul_Acc(11, 10) Mul_Acc(12, 9) Mul_Acc(13, 8) Mul_Acc(14, 7) Mul_Acc(15, 6) \ - Mul_SaveAcc(21, 7, 15) Mul_Acc(8, 14) Mul_Acc(9, 13) Mul_Acc(10, 12) Mul_Acc(11, 11) Mul_Acc(12, 10) Mul_Acc(13, 9) Mul_Acc(14, 8) Mul_Acc(15, 7) \ - Mul_SaveAcc(22, 8, 15) Mul_Acc(9, 14) Mul_Acc(10, 13) Mul_Acc(11, 12) Mul_Acc(12, 11) Mul_Acc(13, 10) Mul_Acc(14, 9) Mul_Acc(15, 8) \ - Mul_SaveAcc(23, 9, 15) Mul_Acc(10, 14) Mul_Acc(11, 13) Mul_Acc(12, 12) Mul_Acc(13, 11) Mul_Acc(14, 10) Mul_Acc(15, 9) \ - Mul_SaveAcc(24, 10, 15) Mul_Acc(11, 14) Mul_Acc(12, 13) Mul_Acc(13, 12) Mul_Acc(14, 11) Mul_Acc(15, 10) \ - Mul_SaveAcc(25, 11, 15) Mul_Acc(12, 14) Mul_Acc(13, 13) Mul_Acc(14, 12) Mul_Acc(15, 11) \ - Mul_SaveAcc(26, 12, 15) Mul_Acc(13, 14) Mul_Acc(14, 13) Mul_Acc(15, 12) \ - Mul_SaveAcc(27, 13, 15) Mul_Acc(14, 14) Mul_Acc(15, 13) \ - Mul_SaveAcc(28, 14, 15) Mul_Acc(15, 14) \ - Mul_End(29, 15) - -#define Squ_2 \ - Squ_Begin(2) \ - Squ_End(2) - -#define Squ_4 \ - Squ_Begin(4) \ - Squ_SaveAcc(1, 0, 2) Squ_Diag(1) \ - Squ_SaveAcc(2, 0, 3) Squ_Acc(1, 2) Squ_NonDiag \ - Squ_SaveAcc(3, 1, 3) Squ_Diag(2) \ - Squ_SaveAcc(4, 2, 3) Squ_NonDiag \ - Squ_End(4) - -#define Squ_8 \ - Squ_Begin(8) \ - Squ_SaveAcc(1, 0, 2) Squ_Diag(1) \ - Squ_SaveAcc(2, 0, 3) Squ_Acc(1, 2) Squ_NonDiag \ - Squ_SaveAcc(3, 0, 4) Squ_Acc(1, 3) Squ_Diag(2) \ - Squ_SaveAcc(4, 0, 5) Squ_Acc(1, 4) Squ_Acc(2, 3) Squ_NonDiag \ - Squ_SaveAcc(5, 0, 6) Squ_Acc(1, 5) Squ_Acc(2, 4) Squ_Diag(3) \ - Squ_SaveAcc(6, 0, 7) Squ_Acc(1, 6) Squ_Acc(2, 5) Squ_Acc(3, 4) Squ_NonDiag \ - Squ_SaveAcc(7, 1, 7) Squ_Acc(2, 6) Squ_Acc(3, 5) Squ_Diag(4) \ - Squ_SaveAcc(8, 2, 7) Squ_Acc(3, 6) Squ_Acc(4, 5) Squ_NonDiag \ - Squ_SaveAcc(9, 3, 7) Squ_Acc(4, 6) Squ_Diag(5) \ - Squ_SaveAcc(10, 4, 7) Squ_Acc(5, 6) Squ_NonDiag \ - Squ_SaveAcc(11, 5, 7) Squ_Diag(6) \ - Squ_SaveAcc(12, 6, 7) Squ_NonDiag \ - Squ_End(8) - -#define Squ_16 \ - Squ_Begin(16) \ - Squ_SaveAcc(1, 0, 2) Squ_Diag(1) \ - Squ_SaveAcc(2, 0, 3) Squ_Acc(1, 2) Squ_NonDiag \ - Squ_SaveAcc(3, 0, 4) Squ_Acc(1, 3) Squ_Diag(2) \ - Squ_SaveAcc(4, 0, 5) Squ_Acc(1, 4) Squ_Acc(2, 3) Squ_NonDiag \ - Squ_SaveAcc(5, 0, 6) Squ_Acc(1, 5) Squ_Acc(2, 4) Squ_Diag(3) \ - Squ_SaveAcc(6, 0, 7) Squ_Acc(1, 6) Squ_Acc(2, 5) Squ_Acc(3, 4) Squ_NonDiag \ - Squ_SaveAcc(7, 0, 8) Squ_Acc(1, 7) Squ_Acc(2, 6) Squ_Acc(3, 5) Squ_Diag(4) \ - Squ_SaveAcc(8, 0, 9) Squ_Acc(1, 8) Squ_Acc(2, 7) Squ_Acc(3, 6) Squ_Acc(4, 5) Squ_NonDiag \ - Squ_SaveAcc(9, 0, 10) Squ_Acc(1, 9) Squ_Acc(2, 8) Squ_Acc(3, 7) Squ_Acc(4, 6) Squ_Diag(5) \ - Squ_SaveAcc(10, 0, 11) Squ_Acc(1, 10) Squ_Acc(2, 9) Squ_Acc(3, 8) Squ_Acc(4, 7) Squ_Acc(5, 6) Squ_NonDiag \ - Squ_SaveAcc(11, 0, 12) Squ_Acc(1, 11) Squ_Acc(2, 10) Squ_Acc(3, 9) Squ_Acc(4, 8) Squ_Acc(5, 7) Squ_Diag(6) \ - Squ_SaveAcc(12, 0, 13) Squ_Acc(1, 12) Squ_Acc(2, 11) Squ_Acc(3, 10) Squ_Acc(4, 9) Squ_Acc(5, 8) Squ_Acc(6, 7) Squ_NonDiag \ - Squ_SaveAcc(13, 0, 14) Squ_Acc(1, 13) Squ_Acc(2, 12) Squ_Acc(3, 11) Squ_Acc(4, 10) Squ_Acc(5, 9) Squ_Acc(6, 8) Squ_Diag(7) \ - Squ_SaveAcc(14, 0, 15) Squ_Acc(1, 14) Squ_Acc(2, 13) Squ_Acc(3, 12) Squ_Acc(4, 11) Squ_Acc(5, 10) Squ_Acc(6, 9) Squ_Acc(7, 8) Squ_NonDiag \ - Squ_SaveAcc(15, 1, 15) Squ_Acc(2, 14) Squ_Acc(3, 13) Squ_Acc(4, 12) Squ_Acc(5, 11) Squ_Acc(6, 10) Squ_Acc(7, 9) Squ_Diag(8) \ - Squ_SaveAcc(16, 2, 15) Squ_Acc(3, 14) Squ_Acc(4, 13) Squ_Acc(5, 12) Squ_Acc(6, 11) Squ_Acc(7, 10) Squ_Acc(8, 9) Squ_NonDiag \ - Squ_SaveAcc(17, 3, 15) Squ_Acc(4, 14) Squ_Acc(5, 13) Squ_Acc(6, 12) Squ_Acc(7, 11) Squ_Acc(8, 10) Squ_Diag(9) \ - Squ_SaveAcc(18, 4, 15) Squ_Acc(5, 14) Squ_Acc(6, 13) Squ_Acc(7, 12) Squ_Acc(8, 11) Squ_Acc(9, 10) Squ_NonDiag \ - Squ_SaveAcc(19, 5, 15) Squ_Acc(6, 14) Squ_Acc(7, 13) Squ_Acc(8, 12) Squ_Acc(9, 11) Squ_Diag(10) \ - Squ_SaveAcc(20, 6, 15) Squ_Acc(7, 14) Squ_Acc(8, 13) Squ_Acc(9, 12) Squ_Acc(10, 11) Squ_NonDiag \ - Squ_SaveAcc(21, 7, 15) Squ_Acc(8, 14) Squ_Acc(9, 13) Squ_Acc(10, 12) Squ_Diag(11) \ - Squ_SaveAcc(22, 8, 15) Squ_Acc(9, 14) Squ_Acc(10, 13) Squ_Acc(11, 12) Squ_NonDiag \ - Squ_SaveAcc(23, 9, 15) Squ_Acc(10, 14) Squ_Acc(11, 13) Squ_Diag(12) \ - Squ_SaveAcc(24, 10, 15) Squ_Acc(11, 14) Squ_Acc(12, 13) Squ_NonDiag \ - Squ_SaveAcc(25, 11, 15) Squ_Acc(12, 14) Squ_Diag(13) \ - Squ_SaveAcc(26, 12, 15) Squ_Acc(13, 14) Squ_NonDiag \ - Squ_SaveAcc(27, 13, 15) Squ_Diag(14) \ - Squ_SaveAcc(28, 14, 15) Squ_NonDiag \ - Squ_End(16) - -#define Bot_2 \ - Mul_Begin(2) \ - Bot_SaveAcc(0, 0, 1) Bot_Acc(1, 0) \ - Bot_End(2) - -#define Bot_4 \ - Mul_Begin(4) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_SaveAcc(1, 2, 0) Mul_Acc(1, 1) Mul_Acc(0, 2) \ - Bot_SaveAcc(2, 0, 3) Bot_Acc(1, 2) Bot_Acc(2, 1) Bot_Acc(3, 0) \ - Bot_End(4) - -#define Bot_8 \ - Mul_Begin(8) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_SaveAcc(1, 0, 2) Mul_Acc(1, 1) Mul_Acc(2, 0) \ - Mul_SaveAcc(2, 0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0) \ - Mul_SaveAcc(3, 0, 4) Mul_Acc(1, 3) Mul_Acc(2, 2) Mul_Acc(3, 1) Mul_Acc(4, 0) \ - Mul_SaveAcc(4, 0, 5) Mul_Acc(1, 4) Mul_Acc(2, 3) Mul_Acc(3, 2) Mul_Acc(4, 1) Mul_Acc(5, 0) \ - Mul_SaveAcc(5, 0, 6) Mul_Acc(1, 5) Mul_Acc(2, 4) Mul_Acc(3, 3) Mul_Acc(4, 2) Mul_Acc(5, 1) Mul_Acc(6, 0) \ - Bot_SaveAcc(6, 0, 7) Bot_Acc(1, 6) Bot_Acc(2, 5) Bot_Acc(3, 4) Bot_Acc(4, 3) Bot_Acc(5, 2) Bot_Acc(6, 1) Bot_Acc(7, 0) \ - Bot_End(8) - -#define Bot_16 \ - Mul_Begin(16) \ - Mul_SaveAcc(0, 0, 1) Mul_Acc(1, 0) \ - Mul_SaveAcc(1, 0, 2) Mul_Acc(1, 1) Mul_Acc(2, 0) \ - Mul_SaveAcc(2, 0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0) \ - Mul_SaveAcc(3, 0, 4) Mul_Acc(1, 3) Mul_Acc(2, 2) Mul_Acc(3, 1) Mul_Acc(4, 0) \ - Mul_SaveAcc(4, 0, 5) Mul_Acc(1, 4) Mul_Acc(2, 3) Mul_Acc(3, 2) Mul_Acc(4, 1) Mul_Acc(5, 0) \ - Mul_SaveAcc(5, 0, 6) Mul_Acc(1, 5) Mul_Acc(2, 4) Mul_Acc(3, 3) Mul_Acc(4, 2) Mul_Acc(5, 1) Mul_Acc(6, 0) \ - Mul_SaveAcc(6, 0, 7) Mul_Acc(1, 6) Mul_Acc(2, 5) Mul_Acc(3, 4) Mul_Acc(4, 3) Mul_Acc(5, 2) Mul_Acc(6, 1) Mul_Acc(7, 0) \ - Mul_SaveAcc(7, 0, 8) Mul_Acc(1, 7) Mul_Acc(2, 6) Mul_Acc(3, 5) Mul_Acc(4, 4) Mul_Acc(5, 3) Mul_Acc(6, 2) Mul_Acc(7, 1) Mul_Acc(8, 0) \ - Mul_SaveAcc(8, 0, 9) Mul_Acc(1, 8) Mul_Acc(2, 7) Mul_Acc(3, 6) Mul_Acc(4, 5) Mul_Acc(5, 4) Mul_Acc(6, 3) Mul_Acc(7, 2) Mul_Acc(8, 1) Mul_Acc(9, 0) \ - Mul_SaveAcc(9, 0, 10) Mul_Acc(1, 9) Mul_Acc(2, 8) Mul_Acc(3, 7) Mul_Acc(4, 6) Mul_Acc(5, 5) Mul_Acc(6, 4) Mul_Acc(7, 3) Mul_Acc(8, 2) Mul_Acc(9, 1) Mul_Acc(10, 0) \ - Mul_SaveAcc(10, 0, 11) Mul_Acc(1, 10) Mul_Acc(2, 9) Mul_Acc(3, 8) Mul_Acc(4, 7) Mul_Acc(5, 6) Mul_Acc(6, 5) Mul_Acc(7, 4) Mul_Acc(8, 3) Mul_Acc(9, 2) Mul_Acc(10, 1) Mul_Acc(11, 0) \ - Mul_SaveAcc(11, 0, 12) Mul_Acc(1, 11) Mul_Acc(2, 10) Mul_Acc(3, 9) Mul_Acc(4, 8) Mul_Acc(5, 7) Mul_Acc(6, 6) Mul_Acc(7, 5) Mul_Acc(8, 4) Mul_Acc(9, 3) Mul_Acc(10, 2) Mul_Acc(11, 1) Mul_Acc(12, 0) \ - Mul_SaveAcc(12, 0, 13) Mul_Acc(1, 12) Mul_Acc(2, 11) Mul_Acc(3, 10) Mul_Acc(4, 9) Mul_Acc(5, 8) Mul_Acc(6, 7) Mul_Acc(7, 6) Mul_Acc(8, 5) Mul_Acc(9, 4) Mul_Acc(10, 3) Mul_Acc(11, 2) Mul_Acc(12, 1) Mul_Acc(13, 0) \ - Mul_SaveAcc(13, 0, 14) Mul_Acc(1, 13) Mul_Acc(2, 12) Mul_Acc(3, 11) Mul_Acc(4, 10) Mul_Acc(5, 9) Mul_Acc(6, 8) Mul_Acc(7, 7) Mul_Acc(8, 6) Mul_Acc(9, 5) Mul_Acc(10, 4) Mul_Acc(11, 3) Mul_Acc(12, 2) Mul_Acc(13, 1) Mul_Acc(14, 0) \ - Bot_SaveAcc(14, 0, 15) Bot_Acc(1, 14) Bot_Acc(2, 13) Bot_Acc(3, 12) Bot_Acc(4, 11) Bot_Acc(5, 10) Bot_Acc(6, 9) Bot_Acc(7, 8) Bot_Acc(8, 7) Bot_Acc(9, 6) Bot_Acc(10, 5) Bot_Acc(11, 4) Bot_Acc(12, 3) Bot_Acc(13, 2) Bot_Acc(14, 1) Bot_Acc(15, 0) \ - Bot_End(16) - -#endif - -#if 0 -#define Mul_Begin(n) \ - Declare2Words(p) \ - Declare2Words(c) \ - Declare2Words(d) \ - MultiplyWords(p, A[0], B[0]) \ - AssignWord(c, LowWord(p)) \ - AssignWord(d, HighWord(p)) - -#define Mul_Acc(i, j) \ - MultiplyWords(p, A[i], B[j]) \ - Acc2WordsBy1(c, LowWord(p)) \ - Acc2WordsBy1(d, HighWord(p)) - -#define Mul_SaveAcc(k, i, j) \ - R[k] = LowWord(c); \ - Add2WordsBy1(c, d, HighWord(c)) \ - MultiplyWords(p, A[i], B[j]) \ - AssignWord(d, HighWord(p)) \ - Acc2WordsBy1(c, LowWord(p)) - -#define Mul_End(n) \ - R[2*n-3] = LowWord(c); \ - Acc2WordsBy1(d, HighWord(c)) \ - MultiplyWords(p, A[n-1], B[n-1])\ - Acc2WordsBy2(d, p) \ - R[2*n-2] = LowWord(d); \ - R[2*n-1] = HighWord(d); - -#define Bot_SaveAcc(k, i, j) \ - R[k] = LowWord(c); \ - word e = LowWord(d) + HighWord(c); \ - e += A[i] * B[j]; - -#define Bot_Acc(i, j) \ - e += A[i] * B[j]; - -#define Bot_End(n) \ - R[n-1] = e; -#else -#define Mul_Begin(n) \ - Declare2Words(p) \ - word c; \ - Declare2Words(d) \ - MultiplyWords(p, A[0], B[0]) \ - c = LowWord(p); \ - AssignWord(d, HighWord(p)) - -#define Mul_Acc(i, j) \ - MulAcc(c, d, A[i], B[j]) - -#define Mul_SaveAcc(k, i, j) \ - R[k] = c; \ - c = LowWord(d); \ - AssignWord(d, HighWord(d)) \ - MulAcc(c, d, A[i], B[j]) - -#define Mul_End(k, i) \ - R[k] = c; \ - MultiplyWords(p, A[i], B[i]) \ - Acc2WordsBy2(p, d) \ - R[k+1] = LowWord(p); \ - R[k+2] = HighWord(p); - -#define Bot_SaveAcc(k, i, j) \ - R[k] = c; \ - c = LowWord(d); \ - c += A[i] * B[j]; - -#define Bot_Acc(i, j) \ - c += A[i] * B[j]; - -#define Bot_End(n) \ - R[n-1] = c; -#endif - -#define Squ_Begin(n) \ - Declare2Words(p) \ - word c; \ - Declare2Words(d) \ - Declare2Words(e) \ - MultiplyWords(p, A[0], A[0]) \ - R[0] = LowWord(p); \ - AssignWord(e, HighWord(p)) \ - MultiplyWords(p, A[0], A[1]) \ - c = LowWord(p); \ - AssignWord(d, HighWord(p)) \ - Squ_NonDiag \ - -#define Squ_NonDiag \ - Double3Words(c, d) - -#define Squ_SaveAcc(k, i, j) \ - Acc3WordsBy2(c, d, e) \ - R[k] = c; \ - MultiplyWords(p, A[i], A[j]) \ - c = LowWord(p); \ - AssignWord(d, HighWord(p)) \ - -#define Squ_Acc(i, j) \ - MulAcc(c, d, A[i], A[j]) - -#define Squ_Diag(i) \ - Squ_NonDiag \ - MulAcc(c, d, A[i], A[i]) - -#define Squ_End(n) \ - Acc3WordsBy2(c, d, e) \ - R[2*n-3] = c; \ - MultiplyWords(p, A[n-1], A[n-1])\ - Acc2WordsBy2(p, e) \ - R[2*n-2] = LowWord(p); \ - R[2*n-1] = HighWord(p); - -void Baseline_Multiply2(word *R, const word *A, const word *B) -{ - Mul_2 -} - -void Baseline_Multiply4(word *R, const word *A, const word *B) -{ - Mul_4 -} - -void Baseline_Multiply8(word *R, const word *A, const word *B) -{ - Mul_8 -} - -void Baseline_Square2(word *R, const word *A) -{ - Squ_2 -} - -void Baseline_Square4(word *R, const word *A) -{ - Squ_4 -} - -void Baseline_Square8(word *R, const word *A) -{ - Squ_8 -} - -void Baseline_MultiplyBottom2(word *R, const word *A, const word *B) -{ - Bot_2 -} - -void Baseline_MultiplyBottom4(word *R, const word *A, const word *B) -{ - Bot_4 -} - -void Baseline_MultiplyBottom8(word *R, const word *A, const word *B) -{ - Bot_8 -} - -#define Top_Begin(n) \ - Declare2Words(p) \ - word c; \ - Declare2Words(d) \ - MultiplyWords(p, A[0], B[n-2]);\ - AssignWord(d, HighWord(p)); - -#define Top_Acc(i, j) \ - MultiplyWords(p, A[i], B[j]);\ - Acc2WordsBy1(d, HighWord(p)); - -#define Top_SaveAcc0(i, j) \ - c = LowWord(d); \ - AssignWord(d, HighWord(d)) \ - MulAcc(c, d, A[i], B[j]) - -#define Top_SaveAcc1(i, j) \ - c = L<c; \ - Acc2WordsBy1(d, c); \ - c = LowWord(d); \ - AssignWord(d, HighWord(d)) \ - MulAcc(c, d, A[i], B[j]) - -void Baseline_MultiplyTop2(word *R, const word *A, const word *B, word L) -{ - word T[4]; - Baseline_Multiply2(T, A, B); - R[0] = T[2]; - R[1] = T[3]; -} - -void Baseline_MultiplyTop4(word *R, const word *A, const word *B, word L) -{ - Top_Begin(4) - Top_Acc(1, 1) Top_Acc(2, 0) \ - Top_SaveAcc0(0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0) \ - Top_SaveAcc1(1, 3) Mul_Acc(2, 2) Mul_Acc(3, 1) \ - Mul_SaveAcc(0, 2, 3) Mul_Acc(3, 2) \ - Mul_End(1, 3) -} - -void Baseline_MultiplyTop8(word *R, const word *A, const word *B, word L) -{ - Top_Begin(8) - Top_Acc(1, 5) Top_Acc(2, 4) Top_Acc(3, 3) Top_Acc(4, 2) Top_Acc(5, 1) Top_Acc(6, 0) \ - Top_SaveAcc0(0, 7) Mul_Acc(1, 6) Mul_Acc(2, 5) Mul_Acc(3, 4) Mul_Acc(4, 3) Mul_Acc(5, 2) Mul_Acc(6, 1) Mul_Acc(7, 0) \ - Top_SaveAcc1(1, 7) Mul_Acc(2, 6) Mul_Acc(3, 5) Mul_Acc(4, 4) Mul_Acc(5, 3) Mul_Acc(6, 2) Mul_Acc(7, 1) \ - Mul_SaveAcc(0, 2, 7) Mul_Acc(3, 6) Mul_Acc(4, 5) Mul_Acc(5, 4) Mul_Acc(6, 3) Mul_Acc(7, 2) \ - Mul_SaveAcc(1, 3, 7) Mul_Acc(4, 6) Mul_Acc(5, 5) Mul_Acc(6, 4) Mul_Acc(7, 3) \ - Mul_SaveAcc(2, 4, 7) Mul_Acc(5, 6) Mul_Acc(6, 5) Mul_Acc(7, 4) \ - Mul_SaveAcc(3, 5, 7) Mul_Acc(6, 6) Mul_Acc(7, 5) \ - Mul_SaveAcc(4, 6, 7) Mul_Acc(7, 6) \ - Mul_End(5, 7) -} - -#if !CRYPTOPP_INTEGER_SSE2 // save memory by not compiling these functions when SSE2 is available -void Baseline_Multiply16(word *R, const word *A, const word *B) -{ - Mul_16 -} - -void Baseline_Square16(word *R, const word *A) -{ - Squ_16 -} - -void Baseline_MultiplyBottom16(word *R, const word *A, const word *B) -{ - Bot_16 -} - -void Baseline_MultiplyTop16(word *R, const word *A, const word *B, word L) -{ - Top_Begin(16) - Top_Acc(1, 13) Top_Acc(2, 12) Top_Acc(3, 11) Top_Acc(4, 10) Top_Acc(5, 9) Top_Acc(6, 8) Top_Acc(7, 7) Top_Acc(8, 6) Top_Acc(9, 5) Top_Acc(10, 4) Top_Acc(11, 3) Top_Acc(12, 2) Top_Acc(13, 1) Top_Acc(14, 0) \ - Top_SaveAcc0(0, 15) Mul_Acc(1, 14) Mul_Acc(2, 13) Mul_Acc(3, 12) Mul_Acc(4, 11) Mul_Acc(5, 10) Mul_Acc(6, 9) Mul_Acc(7, 8) Mul_Acc(8, 7) Mul_Acc(9, 6) Mul_Acc(10, 5) Mul_Acc(11, 4) Mul_Acc(12, 3) Mul_Acc(13, 2) Mul_Acc(14, 1) Mul_Acc(15, 0) \ - Top_SaveAcc1(1, 15) Mul_Acc(2, 14) Mul_Acc(3, 13) Mul_Acc(4, 12) Mul_Acc(5, 11) Mul_Acc(6, 10) Mul_Acc(7, 9) Mul_Acc(8, 8) Mul_Acc(9, 7) Mul_Acc(10, 6) Mul_Acc(11, 5) Mul_Acc(12, 4) Mul_Acc(13, 3) Mul_Acc(14, 2) Mul_Acc(15, 1) \ - Mul_SaveAcc(0, 2, 15) Mul_Acc(3, 14) Mul_Acc(4, 13) Mul_Acc(5, 12) Mul_Acc(6, 11) Mul_Acc(7, 10) Mul_Acc(8, 9) Mul_Acc(9, 8) Mul_Acc(10, 7) Mul_Acc(11, 6) Mul_Acc(12, 5) Mul_Acc(13, 4) Mul_Acc(14, 3) Mul_Acc(15, 2) \ - Mul_SaveAcc(1, 3, 15) Mul_Acc(4, 14) Mul_Acc(5, 13) Mul_Acc(6, 12) Mul_Acc(7, 11) Mul_Acc(8, 10) Mul_Acc(9, 9) Mul_Acc(10, 8) Mul_Acc(11, 7) Mul_Acc(12, 6) Mul_Acc(13, 5) Mul_Acc(14, 4) Mul_Acc(15, 3) \ - Mul_SaveAcc(2, 4, 15) Mul_Acc(5, 14) Mul_Acc(6, 13) Mul_Acc(7, 12) Mul_Acc(8, 11) Mul_Acc(9, 10) Mul_Acc(10, 9) Mul_Acc(11, 8) Mul_Acc(12, 7) Mul_Acc(13, 6) Mul_Acc(14, 5) Mul_Acc(15, 4) \ - Mul_SaveAcc(3, 5, 15) Mul_Acc(6, 14) Mul_Acc(7, 13) Mul_Acc(8, 12) Mul_Acc(9, 11) Mul_Acc(10, 10) Mul_Acc(11, 9) Mul_Acc(12, 8) Mul_Acc(13, 7) Mul_Acc(14, 6) Mul_Acc(15, 5) \ - Mul_SaveAcc(4, 6, 15) Mul_Acc(7, 14) Mul_Acc(8, 13) Mul_Acc(9, 12) Mul_Acc(10, 11) Mul_Acc(11, 10) Mul_Acc(12, 9) Mul_Acc(13, 8) Mul_Acc(14, 7) Mul_Acc(15, 6) \ - Mul_SaveAcc(5, 7, 15) Mul_Acc(8, 14) Mul_Acc(9, 13) Mul_Acc(10, 12) Mul_Acc(11, 11) Mul_Acc(12, 10) Mul_Acc(13, 9) Mul_Acc(14, 8) Mul_Acc(15, 7) \ - Mul_SaveAcc(6, 8, 15) Mul_Acc(9, 14) Mul_Acc(10, 13) Mul_Acc(11, 12) Mul_Acc(12, 11) Mul_Acc(13, 10) Mul_Acc(14, 9) Mul_Acc(15, 8) \ - Mul_SaveAcc(7, 9, 15) Mul_Acc(10, 14) Mul_Acc(11, 13) Mul_Acc(12, 12) Mul_Acc(13, 11) Mul_Acc(14, 10) Mul_Acc(15, 9) \ - Mul_SaveAcc(8, 10, 15) Mul_Acc(11, 14) Mul_Acc(12, 13) Mul_Acc(13, 12) Mul_Acc(14, 11) Mul_Acc(15, 10) \ - Mul_SaveAcc(9, 11, 15) Mul_Acc(12, 14) Mul_Acc(13, 13) Mul_Acc(14, 12) Mul_Acc(15, 11) \ - Mul_SaveAcc(10, 12, 15) Mul_Acc(13, 14) Mul_Acc(14, 13) Mul_Acc(15, 12) \ - Mul_SaveAcc(11, 13, 15) Mul_Acc(14, 14) Mul_Acc(15, 13) \ - Mul_SaveAcc(12, 14, 15) Mul_Acc(15, 14) \ - Mul_End(13, 15) -} -#endif - -// ******************************************************** - -#if CRYPTOPP_INTEGER_SSE2 - -CRYPTOPP_ALIGN_DATA(16) static const word32 s_maskLow16[4] CRYPTOPP_SECTION_ALIGN16 = {0xffff,0xffff,0xffff,0xffff}; - -#undef Mul_Begin -#undef Mul_Acc -#undef Top_Begin -#undef Top_Acc -#undef Squ_Acc -#undef Squ_NonDiag -#undef Squ_Diag -#undef Squ_SaveAcc -#undef Squ_Begin -#undef Mul_SaveAcc -#undef Bot_Acc -#undef Bot_SaveAcc -#undef Bot_End -#undef Squ_End -#undef Mul_End - -#define SSE2_FinalSave(k) \ - AS2( psllq xmm5, 16) \ - AS2( paddq xmm4, xmm5) \ - AS2( movq QWORD PTR [ecx+8*(k)], xmm4) - -#define SSE2_SaveShift(k) \ - AS2( movq xmm0, xmm6) \ - AS2( punpckhqdq xmm6, xmm0) \ - AS2( movq xmm1, xmm7) \ - AS2( punpckhqdq xmm7, xmm1) \ - AS2( paddd xmm6, xmm0) \ - AS2( pslldq xmm6, 4) \ - AS2( paddd xmm7, xmm1) \ - AS2( paddd xmm4, xmm6) \ - AS2( pslldq xmm7, 4) \ - AS2( movq xmm6, xmm4) \ - AS2( paddd xmm5, xmm7) \ - AS2( movq xmm7, xmm5) \ - AS2( movd DWORD PTR [ecx+8*(k)], xmm4) \ - AS2( psrlq xmm6, 16) \ - AS2( paddq xmm6, xmm7) \ - AS2( punpckhqdq xmm4, xmm0) \ - AS2( punpckhqdq xmm5, xmm0) \ - AS2( movq QWORD PTR [ecx+8*(k)+2], xmm6) \ - AS2( psrlq xmm6, 3*16) \ - AS2( paddd xmm4, xmm6) \ - -#define Squ_SSE2_SaveShift(k) \ - AS2( movq xmm0, xmm6) \ - AS2( punpckhqdq xmm6, xmm0) \ - AS2( movq xmm1, xmm7) \ - AS2( punpckhqdq xmm7, xmm1) \ - AS2( paddd xmm6, xmm0) \ - AS2( pslldq xmm6, 4) \ - AS2( paddd xmm7, xmm1) \ - AS2( paddd xmm4, xmm6) \ - AS2( pslldq xmm7, 4) \ - AS2( movhlps xmm6, xmm4) \ - AS2( movd DWORD PTR [ecx+8*(k)], xmm4) \ - AS2( paddd xmm5, xmm7) \ - AS2( movhps QWORD PTR [esp+12], xmm5)\ - AS2( psrlq xmm4, 16) \ - AS2( paddq xmm4, xmm5) \ - AS2( movq QWORD PTR [ecx+8*(k)+2], xmm4) \ - AS2( psrlq xmm4, 3*16) \ - AS2( paddd xmm4, xmm6) \ - AS2( movq QWORD PTR [esp+4], xmm4)\ - -#define SSE2_FirstMultiply(i) \ - AS2( movdqa xmm7, [esi+(i)*16])\ - AS2( movdqa xmm5, [edi-(i)*16])\ - AS2( pmuludq xmm5, xmm7) \ - AS2( movdqa xmm4, [ebx])\ - AS2( movdqa xmm6, xmm4) \ - AS2( pand xmm4, xmm5) \ - AS2( psrld xmm5, 16) \ - AS2( pmuludq xmm7, [edx-(i)*16])\ - AS2( pand xmm6, xmm7) \ - AS2( psrld xmm7, 16) - -#define Squ_Begin(n) \ - SquPrologue \ - AS2( mov esi, esp)\ - AS2( and esp, 0xfffffff0)\ - AS2( lea edi, [esp-32*n])\ - AS2( sub esp, 32*n+16)\ - AS1( push esi)\ - AS2( mov esi, edi) \ - AS2( xor edx, edx) \ - ASL(1) \ - ASS( pshufd xmm0, [eax+edx], 3,1,2,0) \ - ASS( pshufd xmm1, [eax+edx], 2,0,3,1) \ - AS2( movdqa [edi+2*edx], xmm0) \ - AS2( psrlq xmm0, 32) \ - AS2( movdqa [edi+2*edx+16], xmm0) \ - AS2( movdqa [edi+16*n+2*edx], xmm1) \ - AS2( psrlq xmm1, 32) \ - AS2( movdqa [edi+16*n+2*edx+16], xmm1) \ - AS2( add edx, 16) \ - AS2( cmp edx, 8*(n)) \ - ASJ( jne, 1, b) \ - AS2( lea edx, [edi+16*n])\ - SSE2_FirstMultiply(0) \ - -#define Squ_Acc(i) \ - ASL(LSqu##i) \ - AS2( movdqa xmm1, [esi+(i)*16]) \ - AS2( movdqa xmm0, [edi-(i)*16]) \ - AS2( movdqa xmm2, [ebx]) \ - AS2( pmuludq xmm0, xmm1) \ - AS2( pmuludq xmm1, [edx-(i)*16]) \ - AS2( movdqa xmm3, xmm2) \ - AS2( pand xmm2, xmm0) \ - AS2( psrld xmm0, 16) \ - AS2( paddd xmm4, xmm2) \ - AS2( paddd xmm5, xmm0) \ - AS2( pand xmm3, xmm1) \ - AS2( psrld xmm1, 16) \ - AS2( paddd xmm6, xmm3) \ - AS2( paddd xmm7, xmm1) \ - -#define Squ_Acc1(i) -#define Squ_Acc2(i) ASC(call, LSqu##i) -#define Squ_Acc3(i) Squ_Acc2(i) -#define Squ_Acc4(i) Squ_Acc2(i) -#define Squ_Acc5(i) Squ_Acc2(i) -#define Squ_Acc6(i) Squ_Acc2(i) -#define Squ_Acc7(i) Squ_Acc2(i) -#define Squ_Acc8(i) Squ_Acc2(i) - -#define SSE2_End(E, n) \ - SSE2_SaveShift(2*(n)-3) \ - AS2( movdqa xmm7, [esi+16]) \ - AS2( movdqa xmm0, [edi]) \ - AS2( pmuludq xmm0, xmm7) \ - AS2( movdqa xmm2, [ebx]) \ - AS2( pmuludq xmm7, [edx]) \ - AS2( movdqa xmm6, xmm2) \ - AS2( pand xmm2, xmm0) \ - AS2( psrld xmm0, 16) \ - AS2( paddd xmm4, xmm2) \ - AS2( paddd xmm5, xmm0) \ - AS2( pand xmm6, xmm7) \ - AS2( psrld xmm7, 16) \ - SSE2_SaveShift(2*(n)-2) \ - SSE2_FinalSave(2*(n)-1) \ - AS1( pop esp)\ - E - -#define Squ_End(n) SSE2_End(SquEpilogue, n) -#define Mul_End(n) SSE2_End(MulEpilogue, n) -#define Top_End(n) SSE2_End(TopEpilogue, n) - -#define Squ_Column1(k, i) \ - Squ_SSE2_SaveShift(k) \ - AS2( add esi, 16) \ - SSE2_FirstMultiply(1)\ - Squ_Acc##i(i) \ - AS2( paddd xmm4, xmm4) \ - AS2( paddd xmm5, xmm5) \ - AS2( movdqa xmm3, [esi]) \ - AS2( movq xmm1, QWORD PTR [esi+8]) \ - AS2( pmuludq xmm1, xmm3) \ - AS2( pmuludq xmm3, xmm3) \ - AS2( movdqa xmm0, [ebx])\ - AS2( movdqa xmm2, xmm0) \ - AS2( pand xmm0, xmm1) \ - AS2( psrld xmm1, 16) \ - AS2( paddd xmm6, xmm0) \ - AS2( paddd xmm7, xmm1) \ - AS2( pand xmm2, xmm3) \ - AS2( psrld xmm3, 16) \ - AS2( paddd xmm6, xmm6) \ - AS2( paddd xmm7, xmm7) \ - AS2( paddd xmm4, xmm2) \ - AS2( paddd xmm5, xmm3) \ - AS2( movq xmm0, QWORD PTR [esp+4])\ - AS2( movq xmm1, QWORD PTR [esp+12])\ - AS2( paddd xmm4, xmm0)\ - AS2( paddd xmm5, xmm1)\ - -#define Squ_Column0(k, i) \ - Squ_SSE2_SaveShift(k) \ - AS2( add edi, 16) \ - AS2( add edx, 16) \ - SSE2_FirstMultiply(1)\ - Squ_Acc##i(i) \ - AS2( paddd xmm6, xmm6) \ - AS2( paddd xmm7, xmm7) \ - AS2( paddd xmm4, xmm4) \ - AS2( paddd xmm5, xmm5) \ - AS2( movq xmm0, QWORD PTR [esp+4])\ - AS2( movq xmm1, QWORD PTR [esp+12])\ - AS2( paddd xmm4, xmm0)\ - AS2( paddd xmm5, xmm1)\ - -#define SSE2_MulAdd45 \ - AS2( movdqa xmm7, [esi]) \ - AS2( movdqa xmm0, [edi]) \ - AS2( pmuludq xmm0, xmm7) \ - AS2( movdqa xmm2, [ebx]) \ - AS2( pmuludq xmm7, [edx]) \ - AS2( movdqa xmm6, xmm2) \ - AS2( pand xmm2, xmm0) \ - AS2( psrld xmm0, 16) \ - AS2( paddd xmm4, xmm2) \ - AS2( paddd xmm5, xmm0) \ - AS2( pand xmm6, xmm7) \ - AS2( psrld xmm7, 16) - -#define Mul_Begin(n) \ - MulPrologue \ - AS2( mov esi, esp)\ - AS2( and esp, 0xfffffff0)\ - AS2( sub esp, 48*n+16)\ - AS1( push esi)\ - AS2( xor edx, edx) \ - ASL(1) \ - ASS( pshufd xmm0, [eax+edx], 3,1,2,0) \ - ASS( pshufd xmm1, [eax+edx], 2,0,3,1) \ - ASS( pshufd xmm2, [edi+edx], 3,1,2,0) \ - AS2( movdqa [esp+20+2*edx], xmm0) \ - AS2( psrlq xmm0, 32) \ - AS2( movdqa [esp+20+2*edx+16], xmm0) \ - AS2( movdqa [esp+20+16*n+2*edx], xmm1) \ - AS2( psrlq xmm1, 32) \ - AS2( movdqa [esp+20+16*n+2*edx+16], xmm1) \ - AS2( movdqa [esp+20+32*n+2*edx], xmm2) \ - AS2( psrlq xmm2, 32) \ - AS2( movdqa [esp+20+32*n+2*edx+16], xmm2) \ - AS2( add edx, 16) \ - AS2( cmp edx, 8*(n)) \ - ASJ( jne, 1, b) \ - AS2( lea edi, [esp+20])\ - AS2( lea edx, [esp+20+16*n])\ - AS2( lea esi, [esp+20+32*n])\ - SSE2_FirstMultiply(0) \ - -#define Mul_Acc(i) \ - ASL(LMul##i) \ - AS2( movdqa xmm1, [esi+i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( movdqa xmm0, [edi-i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( movdqa xmm2, [ebx]) \ - AS2( pmuludq xmm0, xmm1) \ - AS2( pmuludq xmm1, [edx-i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( movdqa xmm3, xmm2) \ - AS2( pand xmm2, xmm0) \ - AS2( psrld xmm0, 16) \ - AS2( paddd xmm4, xmm2) \ - AS2( paddd xmm5, xmm0) \ - AS2( pand xmm3, xmm1) \ - AS2( psrld xmm1, 16) \ - AS2( paddd xmm6, xmm3) \ - AS2( paddd xmm7, xmm1) \ - -#define Mul_Acc1(i) -#define Mul_Acc2(i) ASC(call, LMul##i) -#define Mul_Acc3(i) Mul_Acc2(i) -#define Mul_Acc4(i) Mul_Acc2(i) -#define Mul_Acc5(i) Mul_Acc2(i) -#define Mul_Acc6(i) Mul_Acc2(i) -#define Mul_Acc7(i) Mul_Acc2(i) -#define Mul_Acc8(i) Mul_Acc2(i) -#define Mul_Acc9(i) Mul_Acc2(i) -#define Mul_Acc10(i) Mul_Acc2(i) -#define Mul_Acc11(i) Mul_Acc2(i) -#define Mul_Acc12(i) Mul_Acc2(i) -#define Mul_Acc13(i) Mul_Acc2(i) -#define Mul_Acc14(i) Mul_Acc2(i) -#define Mul_Acc15(i) Mul_Acc2(i) -#define Mul_Acc16(i) Mul_Acc2(i) - -#define Mul_Column1(k, i) \ - SSE2_SaveShift(k) \ - AS2( add esi, 16) \ - SSE2_MulAdd45\ - Mul_Acc##i(i) \ - -#define Mul_Column0(k, i) \ - SSE2_SaveShift(k) \ - AS2( add edi, 16) \ - AS2( add edx, 16) \ - SSE2_MulAdd45\ - Mul_Acc##i(i) \ - -#define Bot_Acc(i) \ - AS2( movdqa xmm1, [esi+i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( movdqa xmm0, [edi-i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( pmuludq xmm0, xmm1) \ - AS2( pmuludq xmm1, [edx-i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( paddq xmm4, xmm0) \ - AS2( paddd xmm6, xmm1) - -#define Bot_SaveAcc(k) \ - SSE2_SaveShift(k) \ - AS2( add edi, 16) \ - AS2( add edx, 16) \ - AS2( movdqa xmm6, [esi]) \ - AS2( movdqa xmm0, [edi]) \ - AS2( pmuludq xmm0, xmm6) \ - AS2( paddq xmm4, xmm0) \ - AS2( psllq xmm5, 16) \ - AS2( paddq xmm4, xmm5) \ - AS2( pmuludq xmm6, [edx]) - -#define Bot_End(n) \ - AS2( movhlps xmm7, xmm6) \ - AS2( paddd xmm6, xmm7) \ - AS2( psllq xmm6, 32) \ - AS2( paddd xmm4, xmm6) \ - AS2( movq QWORD PTR [ecx+8*((n)-1)], xmm4) \ - AS1( pop esp)\ - MulEpilogue - -#define Top_Begin(n) \ - TopPrologue \ - AS2( mov edx, esp)\ - AS2( and esp, 0xfffffff0)\ - AS2( sub esp, 48*n+16)\ - AS1( push edx)\ - AS2( xor edx, edx) \ - ASL(1) \ - ASS( pshufd xmm0, [eax+edx], 3,1,2,0) \ - ASS( pshufd xmm1, [eax+edx], 2,0,3,1) \ - ASS( pshufd xmm2, [edi+edx], 3,1,2,0) \ - AS2( movdqa [esp+20+2*edx], xmm0) \ - AS2( psrlq xmm0, 32) \ - AS2( movdqa [esp+20+2*edx+16], xmm0) \ - AS2( movdqa [esp+20+16*n+2*edx], xmm1) \ - AS2( psrlq xmm1, 32) \ - AS2( movdqa [esp+20+16*n+2*edx+16], xmm1) \ - AS2( movdqa [esp+20+32*n+2*edx], xmm2) \ - AS2( psrlq xmm2, 32) \ - AS2( movdqa [esp+20+32*n+2*edx+16], xmm2) \ - AS2( add edx, 16) \ - AS2( cmp edx, 8*(n)) \ - ASJ( jne, 1, b) \ - AS2( mov eax, esi) \ - AS2( lea edi, [esp+20+00*n+16*(n/2-1)])\ - AS2( lea edx, [esp+20+16*n+16*(n/2-1)])\ - AS2( lea esi, [esp+20+32*n+16*(n/2-1)])\ - AS2( pxor xmm4, xmm4)\ - AS2( pxor xmm5, xmm5) - -#define Top_Acc(i) \ - AS2( movq xmm0, QWORD PTR [esi+i/2*(1-(i-2*(i/2))*2)*16+8]) \ - AS2( pmuludq xmm0, [edx-i/2*(1-(i-2*(i/2))*2)*16]) \ - AS2( psrlq xmm0, 48) \ - AS2( paddd xmm5, xmm0)\ - -#define Top_Column0(i) \ - AS2( psllq xmm5, 32) \ - AS2( add edi, 16) \ - AS2( add edx, 16) \ - SSE2_MulAdd45\ - Mul_Acc##i(i) \ - -#define Top_Column1(i) \ - SSE2_SaveShift(0) \ - AS2( add esi, 16) \ - SSE2_MulAdd45\ - Mul_Acc##i(i) \ - AS2( shr eax, 16) \ - AS2( movd xmm0, eax)\ - AS2( movd xmm1, [ecx+4])\ - AS2( psrld xmm1, 16)\ - AS2( pcmpgtd xmm1, xmm0)\ - AS2( psrld xmm1, 31)\ - AS2( paddd xmm4, xmm1)\ - -void SSE2_Square4(word *C, const word *A) -{ - Squ_Begin(2) - Squ_Column0(0, 1) - Squ_End(2) -} - -void SSE2_Square8(word *C, const word *A) -{ - Squ_Begin(4) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Squ_Acc(2) - AS1( ret) ASL(0) -#endif - Squ_Column0(0, 1) - Squ_Column1(1, 1) - Squ_Column0(2, 2) - Squ_Column1(3, 1) - Squ_Column0(4, 1) - Squ_End(4) -} - -void SSE2_Square16(word *C, const word *A) -{ - Squ_Begin(8) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Squ_Acc(4) Squ_Acc(3) Squ_Acc(2) - AS1( ret) ASL(0) -#endif - Squ_Column0(0, 1) - Squ_Column1(1, 1) - Squ_Column0(2, 2) - Squ_Column1(3, 2) - Squ_Column0(4, 3) - Squ_Column1(5, 3) - Squ_Column0(6, 4) - Squ_Column1(7, 3) - Squ_Column0(8, 3) - Squ_Column1(9, 2) - Squ_Column0(10, 2) - Squ_Column1(11, 1) - Squ_Column0(12, 1) - Squ_End(8) -} - -void SSE2_Square32(word *C, const word *A) -{ - Squ_Begin(16) - ASJ( jmp, 0, f) - Squ_Acc(8) Squ_Acc(7) Squ_Acc(6) Squ_Acc(5) Squ_Acc(4) Squ_Acc(3) Squ_Acc(2) - AS1( ret) ASL(0) - Squ_Column0(0, 1) - Squ_Column1(1, 1) - Squ_Column0(2, 2) - Squ_Column1(3, 2) - Squ_Column0(4, 3) - Squ_Column1(5, 3) - Squ_Column0(6, 4) - Squ_Column1(7, 4) - Squ_Column0(8, 5) - Squ_Column1(9, 5) - Squ_Column0(10, 6) - Squ_Column1(11, 6) - Squ_Column0(12, 7) - Squ_Column1(13, 7) - Squ_Column0(14, 8) - Squ_Column1(15, 7) - Squ_Column0(16, 7) - Squ_Column1(17, 6) - Squ_Column0(18, 6) - Squ_Column1(19, 5) - Squ_Column0(20, 5) - Squ_Column1(21, 4) - Squ_Column0(22, 4) - Squ_Column1(23, 3) - Squ_Column0(24, 3) - Squ_Column1(25, 2) - Squ_Column0(26, 2) - Squ_Column1(27, 1) - Squ_Column0(28, 1) - Squ_End(16) -} - -void SSE2_Multiply4(word *C, const word *A, const word *B) -{ - Mul_Begin(2) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Mul_Column0(0, 2) - Mul_End(2) -} - -void SSE2_Multiply8(word *C, const word *A, const word *B) -{ - Mul_Begin(4) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Mul_Column0(0, 2) - Mul_Column1(1, 3) - Mul_Column0(2, 4) - Mul_Column1(3, 3) - Mul_Column0(4, 2) - Mul_End(4) -} - -void SSE2_Multiply16(word *C, const word *A, const word *B) -{ - Mul_Begin(8) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(8) Mul_Acc(7) Mul_Acc(6) Mul_Acc(5) Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Mul_Column0(0, 2) - Mul_Column1(1, 3) - Mul_Column0(2, 4) - Mul_Column1(3, 5) - Mul_Column0(4, 6) - Mul_Column1(5, 7) - Mul_Column0(6, 8) - Mul_Column1(7, 7) - Mul_Column0(8, 6) - Mul_Column1(9, 5) - Mul_Column0(10, 4) - Mul_Column1(11, 3) - Mul_Column0(12, 2) - Mul_End(8) -} - -void SSE2_Multiply32(word *C, const word *A, const word *B) -{ - Mul_Begin(16) - ASJ( jmp, 0, f) - Mul_Acc(16) Mul_Acc(15) Mul_Acc(14) Mul_Acc(13) Mul_Acc(12) Mul_Acc(11) Mul_Acc(10) Mul_Acc(9) Mul_Acc(8) Mul_Acc(7) Mul_Acc(6) Mul_Acc(5) Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) - Mul_Column0(0, 2) - Mul_Column1(1, 3) - Mul_Column0(2, 4) - Mul_Column1(3, 5) - Mul_Column0(4, 6) - Mul_Column1(5, 7) - Mul_Column0(6, 8) - Mul_Column1(7, 9) - Mul_Column0(8, 10) - Mul_Column1(9, 11) - Mul_Column0(10, 12) - Mul_Column1(11, 13) - Mul_Column0(12, 14) - Mul_Column1(13, 15) - Mul_Column0(14, 16) - Mul_Column1(15, 15) - Mul_Column0(16, 14) - Mul_Column1(17, 13) - Mul_Column0(18, 12) - Mul_Column1(19, 11) - Mul_Column0(20, 10) - Mul_Column1(21, 9) - Mul_Column0(22, 8) - Mul_Column1(23, 7) - Mul_Column0(24, 6) - Mul_Column1(25, 5) - Mul_Column0(26, 4) - Mul_Column1(27, 3) - Mul_Column0(28, 2) - Mul_End(16) -} - -void SSE2_MultiplyBottom4(word *C, const word *A, const word *B) -{ - Mul_Begin(2) - Bot_SaveAcc(0) Bot_Acc(2) - Bot_End(2) -} - -void SSE2_MultiplyBottom8(word *C, const word *A, const word *B) -{ - Mul_Begin(4) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Mul_Column0(0, 2) - Mul_Column1(1, 3) - Bot_SaveAcc(2) Bot_Acc(4) Bot_Acc(3) Bot_Acc(2) - Bot_End(4) -} - -void SSE2_MultiplyBottom16(word *C, const word *A, const word *B) -{ - Mul_Begin(8) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(7) Mul_Acc(6) Mul_Acc(5) Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Mul_Column0(0, 2) - Mul_Column1(1, 3) - Mul_Column0(2, 4) - Mul_Column1(3, 5) - Mul_Column0(4, 6) - Mul_Column1(5, 7) - Bot_SaveAcc(6) Bot_Acc(8) Bot_Acc(7) Bot_Acc(6) Bot_Acc(5) Bot_Acc(4) Bot_Acc(3) Bot_Acc(2) - Bot_End(8) -} - -void SSE2_MultiplyBottom32(word *C, const word *A, const word *B) -{ - Mul_Begin(16) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(15) Mul_Acc(14) Mul_Acc(13) Mul_Acc(12) Mul_Acc(11) Mul_Acc(10) Mul_Acc(9) Mul_Acc(8) Mul_Acc(7) Mul_Acc(6) Mul_Acc(5) Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Mul_Column0(0, 2) - Mul_Column1(1, 3) - Mul_Column0(2, 4) - Mul_Column1(3, 5) - Mul_Column0(4, 6) - Mul_Column1(5, 7) - Mul_Column0(6, 8) - Mul_Column1(7, 9) - Mul_Column0(8, 10) - Mul_Column1(9, 11) - Mul_Column0(10, 12) - Mul_Column1(11, 13) - Mul_Column0(12, 14) - Mul_Column1(13, 15) - Bot_SaveAcc(14) Bot_Acc(16) Bot_Acc(15) Bot_Acc(14) Bot_Acc(13) Bot_Acc(12) Bot_Acc(11) Bot_Acc(10) Bot_Acc(9) Bot_Acc(8) Bot_Acc(7) Bot_Acc(6) Bot_Acc(5) Bot_Acc(4) Bot_Acc(3) Bot_Acc(2) - Bot_End(16) -} - -void SSE2_MultiplyTop8(word *C, const word *A, const word *B, word L) -{ - Top_Begin(4) - Top_Acc(3) Top_Acc(2) Top_Acc(1) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Top_Column0(4) - Top_Column1(3) - Mul_Column0(0, 2) - Top_End(2) -} - -void SSE2_MultiplyTop16(word *C, const word *A, const word *B, word L) -{ - Top_Begin(8) - Top_Acc(7) Top_Acc(6) Top_Acc(5) Top_Acc(4) Top_Acc(3) Top_Acc(2) Top_Acc(1) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(8) Mul_Acc(7) Mul_Acc(6) Mul_Acc(5) Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Top_Column0(8) - Top_Column1(7) - Mul_Column0(0, 6) - Mul_Column1(1, 5) - Mul_Column0(2, 4) - Mul_Column1(3, 3) - Mul_Column0(4, 2) - Top_End(4) -} - -void SSE2_MultiplyTop32(word *C, const word *A, const word *B, word L) -{ - Top_Begin(16) - Top_Acc(15) Top_Acc(14) Top_Acc(13) Top_Acc(12) Top_Acc(11) Top_Acc(10) Top_Acc(9) Top_Acc(8) Top_Acc(7) Top_Acc(6) Top_Acc(5) Top_Acc(4) Top_Acc(3) Top_Acc(2) Top_Acc(1) -#ifndef __GNUC__ - ASJ( jmp, 0, f) - Mul_Acc(16) Mul_Acc(15) Mul_Acc(14) Mul_Acc(13) Mul_Acc(12) Mul_Acc(11) Mul_Acc(10) Mul_Acc(9) Mul_Acc(8) Mul_Acc(7) Mul_Acc(6) Mul_Acc(5) Mul_Acc(4) Mul_Acc(3) Mul_Acc(2) - AS1( ret) ASL(0) -#endif - Top_Column0(16) - Top_Column1(15) - Mul_Column0(0, 14) - Mul_Column1(1, 13) - Mul_Column0(2, 12) - Mul_Column1(3, 11) - Mul_Column0(4, 10) - Mul_Column1(5, 9) - Mul_Column0(6, 8) - Mul_Column1(7, 7) - Mul_Column0(8, 6) - Mul_Column1(9, 5) - Mul_Column0(10, 4) - Mul_Column1(11, 3) - Mul_Column0(12, 2) - Top_End(8) -} - -#endif // #if CRYPTOPP_INTEGER_SSE2 - -// ******************************************************** - -typedef int (CRYPTOPP_FASTCALL * PAdd)(size_t N, word *C, const word *A, const word *B); -typedef void (* PMul)(word *C, const word *A, const word *B); -typedef void (* PSqu)(word *C, const word *A); -typedef void (* PMulTop)(word *C, const word *A, const word *B, word L); - -#if CRYPTOPP_INTEGER_SSE2 -static PAdd s_pAdd = &Baseline_Add, s_pSub = &Baseline_Sub; -static size_t s_recursionLimit = 8; -#else -static const size_t s_recursionLimit = 16; -#endif - -static PMul s_pMul[9], s_pBot[9]; -static PSqu s_pSqu[9]; -static PMulTop s_pTop[9]; - -static void SetFunctionPointers() -{ - s_pMul[0] = &Baseline_Multiply2; - s_pBot[0] = &Baseline_MultiplyBottom2; - s_pSqu[0] = &Baseline_Square2; - s_pTop[0] = &Baseline_MultiplyTop2; - s_pTop[1] = &Baseline_MultiplyTop4; - -#if CRYPTOPP_INTEGER_SSE2 - if (HasSSE2()) - { -#if _MSC_VER != 1200 || defined(NDEBUG) - if (IsP4()) - { - s_pAdd = &SSE2_Add; - s_pSub = &SSE2_Sub; - } -#endif - - s_recursionLimit = 32; - - s_pMul[1] = &SSE2_Multiply4; - s_pMul[2] = &SSE2_Multiply8; - s_pMul[4] = &SSE2_Multiply16; - s_pMul[8] = &SSE2_Multiply32; - - s_pBot[1] = &SSE2_MultiplyBottom4; - s_pBot[2] = &SSE2_MultiplyBottom8; - s_pBot[4] = &SSE2_MultiplyBottom16; - s_pBot[8] = &SSE2_MultiplyBottom32; - - s_pSqu[1] = &SSE2_Square4; - s_pSqu[2] = &SSE2_Square8; - s_pSqu[4] = &SSE2_Square16; - s_pSqu[8] = &SSE2_Square32; - - s_pTop[2] = &SSE2_MultiplyTop8; - s_pTop[4] = &SSE2_MultiplyTop16; - s_pTop[8] = &SSE2_MultiplyTop32; - } - else -#endif - { - s_pMul[1] = &Baseline_Multiply4; - s_pMul[2] = &Baseline_Multiply8; - - s_pBot[1] = &Baseline_MultiplyBottom4; - s_pBot[2] = &Baseline_MultiplyBottom8; - - s_pSqu[1] = &Baseline_Square4; - s_pSqu[2] = &Baseline_Square8; - - s_pTop[2] = &Baseline_MultiplyTop8; - -#if !CRYPTOPP_INTEGER_SSE2 - s_pMul[4] = &Baseline_Multiply16; - s_pBot[4] = &Baseline_MultiplyBottom16; - s_pSqu[4] = &Baseline_Square16; - s_pTop[4] = &Baseline_MultiplyTop16; -#endif - } -} - -inline int Add(word *C, const word *A, const word *B, size_t N) -{ -#if CRYPTOPP_INTEGER_SSE2 - return s_pAdd(N, C, A, B); -#else - return Baseline_Add(N, C, A, B); -#endif -} - -inline int Subtract(word *C, const word *A, const word *B, size_t N) -{ -#if CRYPTOPP_INTEGER_SSE2 - return s_pSub(N, C, A, B); -#else - return Baseline_Sub(N, C, A, B); -#endif -} - -// ******************************************************** - - -#define A0 A -#define A1 (A+N2) -#define B0 B -#define B1 (B+N2) - -#define T0 T -#define T1 (T+N2) -#define T2 (T+N) -#define T3 (T+N+N2) - -#define R0 R -#define R1 (R+N2) -#define R2 (R+N) -#define R3 (R+N+N2) - -// R[2*N] - result = A*B -// T[2*N] - temporary work space -// A[N] --- multiplier -// B[N] --- multiplicant - -void RecursiveMultiply(word *R, word *T, const word *A, const word *B, size_t N) -{ - assert(N>=2 && N%2==0); - - if (N <= s_recursionLimit) - s_pMul[N/4](R, A, B); - else - { - const size_t N2 = N/2; - - size_t AN2 = Compare(A0, A1, N2) > 0 ? 0 : N2; - Subtract(R0, A + AN2, A + (N2 ^ AN2), N2); - - size_t BN2 = Compare(B0, B1, N2) > 0 ? 0 : N2; - Subtract(R1, B + BN2, B + (N2 ^ BN2), N2); - - RecursiveMultiply(R2, T2, A1, B1, N2); - RecursiveMultiply(T0, T2, R0, R1, N2); - RecursiveMultiply(R0, T2, A0, B0, N2); - - // now T[01] holds (A1-A0)*(B0-B1), R[01] holds A0*B0, R[23] holds A1*B1 - - int c2 = Add(R2, R2, R1, N2); - int c3 = c2; - c2 += Add(R1, R2, R0, N2); - c3 += Add(R2, R2, R3, N2); - - if (AN2 == BN2) - c3 -= Subtract(R1, R1, T0, N); - else - c3 += Add(R1, R1, T0, N); - - c3 += Increment(R2, N2, c2); - assert (c3 >= 0 && c3 <= 2); - Increment(R3, N2, c3); - } -} - -// R[2*N] - result = A*A -// T[2*N] - temporary work space -// A[N] --- number to be squared - -void RecursiveSquare(word *R, word *T, const word *A, size_t N) -{ - assert(N && N%2==0); - - if (N <= s_recursionLimit) - s_pSqu[N/4](R, A); - else - { - const size_t N2 = N/2; - - RecursiveSquare(R0, T2, A0, N2); - RecursiveSquare(R2, T2, A1, N2); - RecursiveMultiply(T0, T2, A0, A1, N2); - - int carry = Add(R1, R1, T0, N); - carry += Add(R1, R1, T0, N); - Increment(R3, N2, carry); - } -} - -// R[N] - bottom half of A*B -// T[3*N/2] - temporary work space -// A[N] - multiplier -// B[N] - multiplicant - -void RecursiveMultiplyBottom(word *R, word *T, const word *A, const word *B, size_t N) -{ - assert(N>=2 && N%2==0); - - if (N <= s_recursionLimit) - s_pBot[N/4](R, A, B); - else - { - const size_t N2 = N/2; - - RecursiveMultiply(R, T, A0, B0, N2); - RecursiveMultiplyBottom(T0, T1, A1, B0, N2); - Add(R1, R1, T0, N2); - RecursiveMultiplyBottom(T0, T1, A0, B1, N2); - Add(R1, R1, T0, N2); - } -} - -// R[N] --- upper half of A*B -// T[2*N] - temporary work space -// L[N] --- lower half of A*B -// A[N] --- multiplier -// B[N] --- multiplicant - -void MultiplyTop(word *R, word *T, const word *L, const word *A, const word *B, size_t N) -{ - assert(N>=2 && N%2==0); - - if (N <= s_recursionLimit) - s_pTop[N/4](R, A, B, L[N-1]); - else - { - const size_t N2 = N/2; - - size_t AN2 = Compare(A0, A1, N2) > 0 ? 0 : N2; - Subtract(R0, A + AN2, A + (N2 ^ AN2), N2); - - size_t BN2 = Compare(B0, B1, N2) > 0 ? 0 : N2; - Subtract(R1, B + BN2, B + (N2 ^ BN2), N2); - - RecursiveMultiply(T0, T2, R0, R1, N2); - RecursiveMultiply(R0, T2, A1, B1, N2); - - // now T[01] holds (A1-A0)*(B0-B1) = A1*B0+A0*B1-A1*B1-A0*B0, R[01] holds A1*B1 - - int t, c3; - int c2 = Subtract(T2, L+N2, L, N2); - - if (AN2 == BN2) - { - c2 -= Add(T2, T2, T0, N2); - t = (Compare(T2, R0, N2) == -1); - c3 = t - Subtract(T2, T2, T1, N2); - } - else - { - c2 += Subtract(T2, T2, T0, N2); - t = (Compare(T2, R0, N2) == -1); - c3 = t + Add(T2, T2, T1, N2); - } - - c2 += t; - if (c2 >= 0) - c3 += Increment(T2, N2, c2); - else - c3 -= Decrement(T2, N2, -c2); - c3 += Add(R0, T2, R1, N2); - - assert (c3 >= 0 && c3 <= 2); - Increment(R1, N2, c3); - } -} - -inline void Multiply(word *R, word *T, const word *A, const word *B, size_t N) -{ - RecursiveMultiply(R, T, A, B, N); -} - -inline void Square(word *R, word *T, const word *A, size_t N) -{ - RecursiveSquare(R, T, A, N); -} - -inline void MultiplyBottom(word *R, word *T, const word *A, const word *B, size_t N) -{ - RecursiveMultiplyBottom(R, T, A, B, N); -} - -// R[NA+NB] - result = A*B -// T[NA+NB] - temporary work space -// A[NA] ---- multiplier -// B[NB] ---- multiplicant - -void AsymmetricMultiply(word *R, word *T, const word *A, size_t NA, const word *B, size_t NB) -{ - if (NA == NB) - { - if (A == B) - Square(R, T, A, NA); - else - Multiply(R, T, A, B, NA); - - return; - } - - if (NA > NB) - { - std::swap(A, B); - std::swap(NA, NB); - } - - assert(NB % NA == 0); - - if (NA==2 && !A[1]) - { - switch (A[0]) - { - case 0: - SetWords(R, 0, NB+2); - return; - case 1: - CopyWords(R, B, NB); - R[NB] = R[NB+1] = 0; - return; - default: - R[NB] = LinearMultiply(R, B, A[0], NB); - R[NB+1] = 0; - return; - } - } - - size_t i; - if ((NB/NA)%2 == 0) - { - Multiply(R, T, A, B, NA); - CopyWords(T+2*NA, R+NA, NA); - - for (i=2*NA; i<NB; i+=2*NA) - Multiply(T+NA+i, T, A, B+i, NA); - for (i=NA; i<NB; i+=2*NA) - Multiply(R+i, T, A, B+i, NA); - } - else - { - for (i=0; i<NB; i+=2*NA) - Multiply(R+i, T, A, B+i, NA); - for (i=NA; i<NB; i+=2*NA) - Multiply(T+NA+i, T, A, B+i, NA); - } - - if (Add(R+NA, R+NA, T+2*NA, NB-NA)) - Increment(R+NB, NA); -} - -// R[N] ----- result = A inverse mod 2**(WORD_BITS*N) -// T[3*N/2] - temporary work space -// A[N] ----- an odd number as input - -void RecursiveInverseModPower2(word *R, word *T, const word *A, size_t N) -{ - if (N==2) - { - T[0] = AtomicInverseModPower2(A[0]); - T[1] = 0; - s_pBot[0](T+2, T, A); - TwosComplement(T+2, 2); - Increment(T+2, 2, 2); - s_pBot[0](R, T, T+2); - } - else - { - const size_t N2 = N/2; - RecursiveInverseModPower2(R0, T0, A0, N2); - T0[0] = 1; - SetWords(T0+1, 0, N2-1); - MultiplyTop(R1, T1, T0, R0, A0, N2); - MultiplyBottom(T0, T1, R0, A1, N2); - Add(T0, R1, T0, N2); - TwosComplement(T0, N2); - MultiplyBottom(R1, T1, R0, T0, N2); - } -} - -// R[N] --- result = X/(2**(WORD_BITS*N)) mod M -// T[3*N] - temporary work space -// X[2*N] - number to be reduced -// M[N] --- modulus -// U[N] --- multiplicative inverse of M mod 2**(WORD_BITS*N) - -void MontgomeryReduce(word *R, word *T, word *X, const word *M, const word *U, size_t N) -{ -#if 1 - MultiplyBottom(R, T, X, U, N); - MultiplyTop(T, T+N, X, R, M, N); - word borrow = Subtract(T, X+N, T, N); - // defend against timing attack by doing this Add even when not needed - word carry = Add(T+N, T, M, N); - assert(carry | !borrow); - CopyWords(R, T + ((0-borrow) & N), N); -#elif 0 - const word u = 0-U[0]; - Declare2Words(p) - for (size_t i=0; i<N; i++) - { - const word t = u * X[i]; - word c = 0; - for (size_t j=0; j<N; j+=2) - { - MultiplyWords(p, t, M[j]); - Acc2WordsBy1(p, X[i+j]); - Acc2WordsBy1(p, c); - X[i+j] = LowWord(p); - c = HighWord(p); - MultiplyWords(p, t, M[j+1]); - Acc2WordsBy1(p, X[i+j+1]); - Acc2WordsBy1(p, c); - X[i+j+1] = LowWord(p); - c = HighWord(p); - } - - if (Increment(X+N+i, N-i, c)) - while (!Subtract(X+N, X+N, M, N)) {} - } - - memcpy(R, X+N, N*WORD_SIZE); -#else - __m64 u = _mm_cvtsi32_si64(0-U[0]), p; - for (size_t i=0; i<N; i++) - { - __m64 t = _mm_cvtsi32_si64(X[i]); - t = _mm_mul_su32(t, u); - __m64 c = _mm_setzero_si64(); - for (size_t j=0; j<N; j+=2) - { - p = _mm_mul_su32(t, _mm_cvtsi32_si64(M[j])); - p = _mm_add_si64(p, _mm_cvtsi32_si64(X[i+j])); - c = _mm_add_si64(c, p); - X[i+j] = _mm_cvtsi64_si32(c); - c = _mm_srli_si64(c, 32); - p = _mm_mul_su32(t, _mm_cvtsi32_si64(M[j+1])); - p = _mm_add_si64(p, _mm_cvtsi32_si64(X[i+j+1])); - c = _mm_add_si64(c, p); - X[i+j+1] = _mm_cvtsi64_si32(c); - c = _mm_srli_si64(c, 32); - } - - if (Increment(X+N+i, N-i, _mm_cvtsi64_si32(c))) - while (!Subtract(X+N, X+N, M, N)) {} - } - - memcpy(R, X+N, N*WORD_SIZE); - _mm_empty(); -#endif -} - -// R[N] --- result = X/(2**(WORD_BITS*N/2)) mod M -// T[2*N] - temporary work space -// X[2*N] - number to be reduced -// M[N] --- modulus -// U[N/2] - multiplicative inverse of M mod 2**(WORD_BITS*N/2) -// V[N] --- 2**(WORD_BITS*3*N/2) mod M - -void HalfMontgomeryReduce(word *R, word *T, const word *X, const word *M, const word *U, const word *V, size_t N) -{ - assert(N%2==0 && N>=4); - -#define M0 M -#define M1 (M+N2) -#define V0 V -#define V1 (V+N2) - -#define X0 X -#define X1 (X+N2) -#define X2 (X+N) -#define X3 (X+N+N2) - - const size_t N2 = N/2; - Multiply(T0, T2, V0, X3, N2); - int c2 = Add(T0, T0, X0, N); - MultiplyBottom(T3, T2, T0, U, N2); - MultiplyTop(T2, R, T0, T3, M0, N2); - c2 -= Subtract(T2, T1, T2, N2); - Multiply(T0, R, T3, M1, N2); - c2 -= Subtract(T0, T2, T0, N2); - int c3 = -(int)Subtract(T1, X2, T1, N2); - Multiply(R0, T2, V1, X3, N2); - c3 += Add(R, R, T, N); - - if (c2>0) - c3 += Increment(R1, N2); - else if (c2<0) - c3 -= Decrement(R1, N2, -c2); - - assert(c3>=-1 && c3<=1); - if (c3>0) - Subtract(R, R, M, N); - else if (c3<0) - Add(R, R, M, N); - -#undef M0 -#undef M1 -#undef V0 -#undef V1 - -#undef X0 -#undef X1 -#undef X2 -#undef X3 -} - -#undef A0 -#undef A1 -#undef B0 -#undef B1 - -#undef T0 -#undef T1 -#undef T2 -#undef T3 - -#undef R0 -#undef R1 -#undef R2 -#undef R3 - -/* -// do a 3 word by 2 word divide, returns quotient and leaves remainder in A -static word SubatomicDivide(word *A, word B0, word B1) -{ - // assert {A[2],A[1]} < {B1,B0}, so quotient can fit in a word - assert(A[2] < B1 || (A[2]==B1 && A[1] < B0)); - - // estimate the quotient: do a 2 word by 1 word divide - word Q; - if (B1+1 == 0) - Q = A[2]; - else - Q = DWord(A[1], A[2]).DividedBy(B1+1); - - // now subtract Q*B from A - DWord p = DWord::Multiply(B0, Q); - DWord u = (DWord) A[0] - p.GetLowHalf(); - A[0] = u.GetLowHalf(); - u = (DWord) A[1] - p.GetHighHalf() - u.GetHighHalfAsBorrow() - DWord::Multiply(B1, Q); - A[1] = u.GetLowHalf(); - A[2] += u.GetHighHalf(); - - // Q <= actual quotient, so fix it - while (A[2] || A[1] > B1 || (A[1]==B1 && A[0]>=B0)) - { - u = (DWord) A[0] - B0; - A[0] = u.GetLowHalf(); - u = (DWord) A[1] - B1 - u.GetHighHalfAsBorrow(); - A[1] = u.GetLowHalf(); - A[2] += u.GetHighHalf(); - Q++; - assert(Q); // shouldn't overflow - } - - return Q; -} - -// do a 4 word by 2 word divide, returns 2 word quotient in Q0 and Q1 -static inline void AtomicDivide(word *Q, const word *A, const word *B) -{ - if (!B[0] && !B[1]) // if divisor is 0, we assume divisor==2**(2*WORD_BITS) - { - Q[0] = A[2]; - Q[1] = A[3]; - } - else - { - word T[4]; - T[0] = A[0]; T[1] = A[1]; T[2] = A[2]; T[3] = A[3]; - Q[1] = SubatomicDivide(T+1, B[0], B[1]); - Q[0] = SubatomicDivide(T, B[0], B[1]); - -#ifndef NDEBUG - // multiply quotient and divisor and add remainder, make sure it equals dividend - assert(!T[2] && !T[3] && (T[1] < B[1] || (T[1]==B[1] && T[0]<B[0]))); - word P[4]; - LowLevel::Multiply2(P, Q, B); - Add(P, P, T, 4); - assert(memcmp(P, A, 4*WORD_SIZE)==0); -#endif - } -} -*/ - -static inline void AtomicDivide(word *Q, const word *A, const word *B) -{ - word T[4]; - DWord q = DivideFourWordsByTwo<word, DWord>(T, DWord(A[0], A[1]), DWord(A[2], A[3]), DWord(B[0], B[1])); - Q[0] = q.GetLowHalf(); - Q[1] = q.GetHighHalf(); - -#ifndef NDEBUG - if (B[0] || B[1]) - { - // multiply quotient and divisor and add remainder, make sure it equals dividend - assert(!T[2] && !T[3] && (T[1] < B[1] || (T[1]==B[1] && T[0]<B[0]))); - word P[4]; - s_pMul[0](P, Q, B); - Add(P, P, T, 4); - assert(memcmp(P, A, 4*WORD_SIZE)==0); - } -#endif -} - -// for use by Divide(), corrects the underestimated quotient {Q1,Q0} -static void CorrectQuotientEstimate(word *R, word *T, word *Q, const word *B, size_t N) -{ - assert(N && N%2==0); - - AsymmetricMultiply(T, T+N+2, Q, 2, B, N); - - word borrow = Subtract(R, R, T, N+2); - assert(!borrow && !R[N+1]); - - while (R[N] || Compare(R, B, N) >= 0) - { - R[N] -= Subtract(R, R, B, N); - Q[1] += (++Q[0]==0); - assert(Q[0] || Q[1]); // no overflow - } -} - -// R[NB] -------- remainder = A%B -// Q[NA-NB+2] --- quotient = A/B -// T[NA+3*(NB+2)] - temp work space -// A[NA] -------- dividend -// B[NB] -------- divisor - -void Divide(word *R, word *Q, word *T, const word *A, size_t NA, const word *B, size_t NB) -{ - assert(NA && NB && NA%2==0 && NB%2==0); - assert(B[NB-1] || B[NB-2]); - assert(NB <= NA); - - // set up temporary work space - word *const TA=T; - word *const TB=T+NA+2; - word *const TP=T+NA+2+NB; - - // copy B into TB and normalize it so that TB has highest bit set to 1 - unsigned shiftWords = (B[NB-1]==0); - TB[0] = TB[NB-1] = 0; - CopyWords(TB+shiftWords, B, NB-shiftWords); - unsigned shiftBits = WORD_BITS - BitPrecision(TB[NB-1]); - assert(shiftBits < WORD_BITS); - ShiftWordsLeftByBits(TB, NB, shiftBits); - - // copy A into TA and normalize it - TA[0] = TA[NA] = TA[NA+1] = 0; - CopyWords(TA+shiftWords, A, NA); - ShiftWordsLeftByBits(TA, NA+2, shiftBits); - - if (TA[NA+1]==0 && TA[NA] <= 1) - { - Q[NA-NB+1] = Q[NA-NB] = 0; - while (TA[NA] || Compare(TA+NA-NB, TB, NB) >= 0) - { - TA[NA] -= Subtract(TA+NA-NB, TA+NA-NB, TB, NB); - ++Q[NA-NB]; - } - } - else - { - NA+=2; - assert(Compare(TA+NA-NB, TB, NB) < 0); - } - - word BT[2]; - BT[0] = TB[NB-2] + 1; - BT[1] = TB[NB-1] + (BT[0]==0); - - // start reducing TA mod TB, 2 words at a time - for (size_t i=NA-2; i>=NB; i-=2) - { - AtomicDivide(Q+i-NB, TA+i-2, BT); - CorrectQuotientEstimate(TA+i-NB, TP, Q+i-NB, TB, NB); - } - - // copy TA into R, and denormalize it - CopyWords(R, TA+shiftWords, NB); - ShiftWordsRightByBits(R, NB, shiftBits); -} - -static inline size_t EvenWordCount(const word *X, size_t N) -{ - while (N && X[N-2]==0 && X[N-1]==0) - N-=2; - return N; -} - -// return k -// R[N] --- result = A^(-1) * 2^k mod M -// T[4*N] - temporary work space -// A[NA] -- number to take inverse of -// M[N] --- modulus - -unsigned int AlmostInverse(word *R, word *T, const word *A, size_t NA, const word *M, size_t N) -{ - assert(NA<=N && N && N%2==0); - - word *b = T; - word *c = T+N; - word *f = T+2*N; - word *g = T+3*N; - size_t bcLen=2, fgLen=EvenWordCount(M, N); - unsigned int k=0; - bool s=false; - - SetWords(T, 0, 3*N); - b[0]=1; - CopyWords(f, A, NA); - CopyWords(g, M, N); - - while (1) - { - word t=f[0]; - while (!t) - { - if (EvenWordCount(f, fgLen)==0) - { - SetWords(R, 0, N); - return 0; - } - - ShiftWordsRightByWords(f, fgLen, 1); - bcLen += 2 * (c[bcLen-1] != 0); - assert(bcLen <= N); - ShiftWordsLeftByWords(c, bcLen, 1); - k+=WORD_BITS; - t=f[0]; - } - - unsigned int i = TrailingZeros(t); - t >>= i; - k += i; - - if (t==1 && f[1]==0 && EvenWordCount(f+2, fgLen-2)==0) - { - if (s) - Subtract(R, M, b, N); - else - CopyWords(R, b, N); - return k; - } - - ShiftWordsRightByBits(f, fgLen, i); - t = ShiftWordsLeftByBits(c, bcLen, i); - c[bcLen] += t; - bcLen += 2 * (t!=0); - assert(bcLen <= N); - - bool swap = Compare(f, g, fgLen)==-1; - ConditionalSwapPointers(swap, f, g); - ConditionalSwapPointers(swap, b, c); - s ^= swap; - - fgLen -= 2 * !(f[fgLen-2] | f[fgLen-1]); - - Subtract(f, f, g, fgLen); - t = Add(b, b, c, bcLen); - b[bcLen] += t; - bcLen += 2*t; - assert(bcLen <= N); - } -} - -// R[N] - result = A/(2^k) mod M -// A[N] - input -// M[N] - modulus - -void DivideByPower2Mod(word *R, const word *A, size_t k, const word *M, size_t N) -{ - CopyWords(R, A, N); - - while (k--) - { - if (R[0]%2==0) - ShiftWordsRightByBits(R, N, 1); - else - { - word carry = Add(R, R, M, N); - ShiftWordsRightByBits(R, N, 1); - R[N-1] += carry<<(WORD_BITS-1); - } - } -} - -// R[N] - result = A*(2^k) mod M -// A[N] - input -// M[N] - modulus - -void MultiplyByPower2Mod(word *R, const word *A, size_t k, const word *M, size_t N) -{ - CopyWords(R, A, N); - - while (k--) - if (ShiftWordsLeftByBits(R, N, 1) || Compare(R, M, N)>=0) - Subtract(R, R, M, N); -} - -// ****************************************************************** - -InitializeInteger::InitializeInteger() -{ - if (!g_pAssignIntToInteger) - { - SetFunctionPointers(); - g_pAssignIntToInteger = AssignIntToInteger; - } -} - -static const unsigned int RoundupSizeTable[] = {2, 2, 2, 4, 4, 8, 8, 8, 8}; - -static inline size_t RoundupSize(size_t n) -{ - if (n<=8) - return RoundupSizeTable[n]; - else if (n<=16) - return 16; - else if (n<=32) - return 32; - else if (n<=64) - return 64; - else return size_t(1) << BitPrecision(n-1); -} - -Integer::Integer() - : reg(2), sign(POSITIVE) -{ - reg[0] = reg[1] = 0; -} - -Integer::Integer(const Integer& t) - : reg(RoundupSize(t.WordCount())), sign(t.sign) -{ - CopyWords(reg, t.reg, reg.size()); -} - -Integer::Integer(Sign s, lword value) - : reg(2), sign(s) -{ - reg[0] = word(value); - reg[1] = word(SafeRightShift<WORD_BITS>(value)); -} - -Integer::Integer(signed long value) - : reg(2) -{ - if (value >= 0) - sign = POSITIVE; - else - { - sign = NEGATIVE; - value = -value; - } - reg[0] = word(value); - reg[1] = word(SafeRightShift<WORD_BITS>((unsigned long)value)); -} - -Integer::Integer(Sign s, word high, word low) - : reg(2), sign(s) -{ - reg[0] = low; - reg[1] = high; -} - -bool Integer::IsConvertableToLong() const -{ - if (ByteCount() > sizeof(long)) - return false; - - unsigned long value = (unsigned long)reg[0]; - value += SafeLeftShift<WORD_BITS, unsigned long>((unsigned long)reg[1]); - - if (sign==POSITIVE) - return (signed long)value >= 0; - else - return -(signed long)value < 0; -} - -signed long Integer::ConvertToLong() const -{ - assert(IsConvertableToLong()); - - unsigned long value = (unsigned long)reg[0]; - value += SafeLeftShift<WORD_BITS, unsigned long>((unsigned long)reg[1]); - return sign==POSITIVE ? value : -(signed long)value; -} - -Integer::Integer(BufferedTransformation &encodedInteger, size_t byteCount, Signedness s) -{ - Decode(encodedInteger, byteCount, s); -} - -Integer::Integer(const byte *encodedInteger, size_t byteCount, Signedness s) -{ - Decode(encodedInteger, byteCount, s); -} - -Integer::Integer(BufferedTransformation &bt) -{ - BERDecode(bt); -} - -Integer::Integer(RandomNumberGenerator &rng, size_t bitcount) -{ - Randomize(rng, bitcount); -} - -Integer::Integer(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType, const Integer &equiv, const Integer &mod) -{ - if (!Randomize(rng, min, max, rnType, equiv, mod)) - throw Integer::RandomNumberNotFound(); -} - -Integer Integer::Power2(size_t e) -{ - Integer r((word)0, BitsToWords(e+1)); - r.SetBit(e); - return r; -} - -template <long i> -struct NewInteger -{ - Integer * operator()() const - { - return new Integer(i); - } -}; - -const Integer &Integer::Zero() -{ - return Singleton<Integer>().Ref(); -} - -const Integer &Integer::One() -{ - return Singleton<Integer, NewInteger<1> >().Ref(); -} - -const Integer &Integer::Two() -{ - return Singleton<Integer, NewInteger<2> >().Ref(); -} - -bool Integer::operator!() const -{ - return IsNegative() ? false : (reg[0]==0 && WordCount()==0); -} - -Integer& Integer::operator=(const Integer& t) -{ - if (this != &t) - { - if (reg.size() != t.reg.size() || t.reg[t.reg.size()/2] == 0) - reg.New(RoundupSize(t.WordCount())); - CopyWords(reg, t.reg, reg.size()); - sign = t.sign; - } - return *this; -} - -bool Integer::GetBit(size_t n) const -{ - if (n/WORD_BITS >= reg.size()) - return 0; - else - return bool((reg[n/WORD_BITS] >> (n % WORD_BITS)) & 1); -} - -void Integer::SetBit(size_t n, bool value) -{ - if (value) - { - reg.CleanGrow(RoundupSize(BitsToWords(n+1))); - reg[n/WORD_BITS] |= (word(1) << (n%WORD_BITS)); - } - else - { - if (n/WORD_BITS < reg.size()) - reg[n/WORD_BITS] &= ~(word(1) << (n%WORD_BITS)); - } -} - -byte Integer::GetByte(size_t n) const -{ - if (n/WORD_SIZE >= reg.size()) - return 0; - else - return byte(reg[n/WORD_SIZE] >> ((n%WORD_SIZE)*8)); -} - -void Integer::SetByte(size_t n, byte value) -{ - reg.CleanGrow(RoundupSize(BytesToWords(n+1))); - reg[n/WORD_SIZE] &= ~(word(0xff) << 8*(n%WORD_SIZE)); - reg[n/WORD_SIZE] |= (word(value) << 8*(n%WORD_SIZE)); -} - -lword Integer::GetBits(size_t i, size_t n) const -{ - lword v = 0; - assert(n <= sizeof(v)*8); - for (unsigned int j=0; j<n; j++) - v |= lword(GetBit(i+j)) << j; - return v; -} - -Integer Integer::operator-() const -{ - Integer result(*this); - result.Negate(); - return result; -} - -Integer Integer::AbsoluteValue() const -{ - Integer result(*this); - result.sign = POSITIVE; - return result; -} - -void Integer::swap(Integer &a) -{ - reg.swap(a.reg); - std::swap(sign, a.sign); -} - -Integer::Integer(word value, size_t length) - : reg(RoundupSize(length)), sign(POSITIVE) -{ - reg[0] = value; - SetWords(reg+1, 0, reg.size()-1); -} - -template <class T> -static Integer StringToInteger(const T *str) -{ - int radix; - // GCC workaround - // std::char_traits<wchar_t>::length() not defined in GCC 3.2 and STLport 4.5.3 - unsigned int length; - for (length = 0; str[length] != 0; length++) {} - - Integer v; - - if (length == 0) - return v; - - switch (str[length-1]) - { - case 'h': - case 'H': - radix=16; - break; - case 'o': - case 'O': - radix=8; - break; - case 'b': - case 'B': - radix=2; - break; - default: - radix=10; - } - - if (length > 2 && str[0] == '0' && str[1] == 'x') - radix = 16; - - for (unsigned i=0; i<length; i++) - { - int digit; - - if (str[i] >= '0' && str[i] <= '9') - digit = str[i] - '0'; - else if (str[i] >= 'A' && str[i] <= 'F') - digit = str[i] - 'A' + 10; - else if (str[i] >= 'a' && str[i] <= 'f') - digit = str[i] - 'a' + 10; - else - digit = radix; - - if (digit < radix) - { - v *= radix; - v += digit; - } - } - - if (str[0] == '-') - v.Negate(); - - return v; -} - -Integer::Integer(const char *str) - : reg(2), sign(POSITIVE) -{ - *this = StringToInteger(str); -} - -Integer::Integer(const wchar_t *str) - : reg(2), sign(POSITIVE) -{ - *this = StringToInteger(str); -} - -unsigned int Integer::WordCount() const -{ - return (unsigned int)CountWords(reg, reg.size()); -} - -unsigned int Integer::ByteCount() const -{ - unsigned wordCount = WordCount(); - if (wordCount) - return (wordCount-1)*WORD_SIZE + BytePrecision(reg[wordCount-1]); - else - return 0; -} - -unsigned int Integer::BitCount() const -{ - unsigned wordCount = WordCount(); - if (wordCount) - return (wordCount-1)*WORD_BITS + BitPrecision(reg[wordCount-1]); - else - return 0; -} - -void Integer::Decode(const byte *input, size_t inputLen, Signedness s) -{ - StringStore store(input, inputLen); - Decode(store, inputLen, s); -} - -void Integer::Decode(BufferedTransformation &bt, size_t inputLen, Signedness s) -{ - assert(bt.MaxRetrievable() >= inputLen); - - byte b; - bt.Peek(b); - sign = ((s==SIGNED) && (b & 0x80)) ? NEGATIVE : POSITIVE; - - while (inputLen>0 && (sign==POSITIVE ? b==0 : b==0xff)) - { - bt.Skip(1); - inputLen--; - bt.Peek(b); - } - - reg.CleanNew(RoundupSize(BytesToWords(inputLen))); - - for (size_t i=inputLen; i > 0; i--) - { - bt.Get(b); - reg[(i-1)/WORD_SIZE] |= word(b) << ((i-1)%WORD_SIZE)*8; - } - - if (sign == NEGATIVE) - { - for (size_t i=inputLen; i<reg.size()*WORD_SIZE; i++) - reg[i/WORD_SIZE] |= word(0xff) << (i%WORD_SIZE)*8; - TwosComplement(reg, reg.size()); - } -} - -size_t Integer::MinEncodedSize(Signedness signedness) const -{ - unsigned int outputLen = STDMAX(1U, ByteCount()); - if (signedness == UNSIGNED) - return outputLen; - if (NotNegative() && (GetByte(outputLen-1) & 0x80)) - outputLen++; - if (IsNegative() && *this < -Power2(outputLen*8-1)) - outputLen++; - return outputLen; -} - -void Integer::Encode(byte *output, size_t outputLen, Signedness signedness) const -{ - ArraySink sink(output, outputLen); - Encode(sink, outputLen, signedness); -} - -void Integer::Encode(BufferedTransformation &bt, size_t outputLen, Signedness signedness) const -{ - if (signedness == UNSIGNED || NotNegative()) - { - for (size_t i=outputLen; i > 0; i--) - bt.Put(GetByte(i-1)); - } - else - { - // take two's complement of *this - Integer temp = Integer::Power2(8*STDMAX((size_t)ByteCount(), outputLen)) + *this; - temp.Encode(bt, outputLen, UNSIGNED); - } -} - -void Integer::DEREncode(BufferedTransformation &bt) const -{ - DERGeneralEncoder enc(bt, INTEGER); - Encode(enc, MinEncodedSize(SIGNED), SIGNED); - enc.MessageEnd(); -} - -void Integer::BERDecode(const byte *input, size_t len) -{ - StringStore store(input, len); - BERDecode(store); -} - -void Integer::BERDecode(BufferedTransformation &bt) -{ - BERGeneralDecoder dec(bt, INTEGER); - if (!dec.IsDefiniteLength() || dec.MaxRetrievable() < dec.RemainingLength()) - BERDecodeError(); - Decode(dec, (size_t)dec.RemainingLength(), SIGNED); - dec.MessageEnd(); -} - -void Integer::DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const -{ - DERGeneralEncoder enc(bt, OCTET_STRING); - Encode(enc, length); - enc.MessageEnd(); -} - -void Integer::BERDecodeAsOctetString(BufferedTransformation &bt, size_t length) -{ - BERGeneralDecoder dec(bt, OCTET_STRING); - if (!dec.IsDefiniteLength() || dec.RemainingLength() != length) - BERDecodeError(); - Decode(dec, length); - dec.MessageEnd(); -} - -size_t Integer::OpenPGPEncode(byte *output, size_t len) const -{ - ArraySink sink(output, len); - return OpenPGPEncode(sink); -} - -size_t Integer::OpenPGPEncode(BufferedTransformation &bt) const -{ - word16 bitCount = BitCount(); - bt.PutWord16(bitCount); - size_t byteCount = BitsToBytes(bitCount); - Encode(bt, byteCount); - return 2 + byteCount; -} - -void Integer::OpenPGPDecode(const byte *input, size_t len) -{ - StringStore store(input, len); - OpenPGPDecode(store); -} - -void Integer::OpenPGPDecode(BufferedTransformation &bt) -{ - word16 bitCount; - if (bt.GetWord16(bitCount) != 2 || bt.MaxRetrievable() < BitsToBytes(bitCount)) - throw OpenPGPDecodeErr(); - Decode(bt, BitsToBytes(bitCount)); -} - -void Integer::Randomize(RandomNumberGenerator &rng, size_t nbits) -{ - const size_t nbytes = nbits/8 + 1; - SecByteBlock buf(nbytes); - rng.GenerateBlock(buf, nbytes); - if (nbytes) - buf[0] = (byte)Crop(buf[0], nbits % 8); - Decode(buf, nbytes, UNSIGNED); -} - -void Integer::Randomize(RandomNumberGenerator &rng, const Integer &min, const Integer &max) -{ - if (min > max) - throw InvalidArgument("Integer: Min must be no greater than Max"); - - Integer range = max - min; - const unsigned int nbits = range.BitCount(); - - do - { - Randomize(rng, nbits); - } - while (*this > range); - - *this += min; -} - -bool Integer::Randomize(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType, const Integer &equiv, const Integer &mod) -{ - return GenerateRandomNoThrow(rng, MakeParameters("Min", min)("Max", max)("RandomNumberType", rnType)("EquivalentTo", equiv)("Mod", mod)); -} - -class KDF2_RNG : public RandomNumberGenerator -{ -public: - KDF2_RNG(const byte *seed, size_t seedSize) - : m_counter(0), m_counterAndSeed(seedSize + 4) - { - memcpy(m_counterAndSeed + 4, seed, seedSize); - } - - void GenerateBlock(byte *output, size_t size) - { - PutWord(false, BIG_ENDIAN_ORDER, m_counterAndSeed, m_counter); - ++m_counter; - P1363_KDF2<SHA1>::DeriveKey(output, size, m_counterAndSeed, m_counterAndSeed.size(), NULL, 0); - } - -private: - word32 m_counter; - SecByteBlock m_counterAndSeed; -}; - -bool Integer::GenerateRandomNoThrow(RandomNumberGenerator &i_rng, const NameValuePairs ¶ms) -{ - Integer min = params.GetValueWithDefault("Min", Integer::Zero()); - Integer max; - if (!params.GetValue("Max", max)) - { - int bitLength; - if (params.GetIntValue("BitLength", bitLength)) - max = Integer::Power2(bitLength); - else - throw InvalidArgument("Integer: missing Max argument"); - } - if (min > max) - throw InvalidArgument("Integer: Min must be no greater than Max"); - - Integer equiv = params.GetValueWithDefault("EquivalentTo", Integer::Zero()); - Integer mod = params.GetValueWithDefault("Mod", Integer::One()); - - if (equiv.IsNegative() || equiv >= mod) - throw InvalidArgument("Integer: invalid EquivalentTo and/or Mod argument"); - - Integer::RandomNumberType rnType = params.GetValueWithDefault("RandomNumberType", Integer::ANY); - - member_ptr<KDF2_RNG> kdf2Rng; - ConstByteArrayParameter seed; - if (params.GetValue(Name::Seed(), seed)) - { - ByteQueue bq; - DERSequenceEncoder seq(bq); - min.DEREncode(seq); - max.DEREncode(seq); - equiv.DEREncode(seq); - mod.DEREncode(seq); - DEREncodeUnsigned(seq, rnType); - DEREncodeOctetString(seq, seed.begin(), seed.size()); - seq.MessageEnd(); - - SecByteBlock finalSeed((size_t)bq.MaxRetrievable()); - bq.Get(finalSeed, finalSeed.size()); - kdf2Rng.reset(new KDF2_RNG(finalSeed.begin(), finalSeed.size())); - } - RandomNumberGenerator &rng = kdf2Rng.get() ? (RandomNumberGenerator &)*kdf2Rng : i_rng; - - switch (rnType) - { - case ANY: - if (mod == One()) - Randomize(rng, min, max); - else - { - Integer min1 = min + (equiv-min)%mod; - if (max < min1) - return false; - Randomize(rng, Zero(), (max - min1) / mod); - *this *= mod; - *this += min1; - } - return true; - - case PRIME: - { - const PrimeSelector *pSelector = params.GetValueWithDefault(Name::PointerToPrimeSelector(), (const PrimeSelector *)NULL); - - int i; - i = 0; - while (1) - { - if (++i==16) - { - // check if there are any suitable primes in [min, max] - Integer first = min; - if (FirstPrime(first, max, equiv, mod, pSelector)) - { - // if there is only one suitable prime, we're done - *this = first; - if (!FirstPrime(first, max, equiv, mod, pSelector)) - return true; - } - else - return false; - } - - Randomize(rng, min, max); - if (FirstPrime(*this, STDMIN(*this+mod*PrimeSearchInterval(max), max), equiv, mod, pSelector)) - return true; - } - } - - default: - throw InvalidArgument("Integer: invalid RandomNumberType argument"); - } -} - -std::istream& operator>>(std::istream& in, Integer &a) -{ - char c; - unsigned int length = 0; - SecBlock<char> str(length + 16); - - std::ws(in); - - do - { - in.read(&c, 1); - str[length++] = c; - if (length >= str.size()) - str.Grow(length + 16); - } - while (in && (c=='-' || c=='x' || (c>='0' && c<='9') || (c>='a' && c<='f') || (c>='A' && c<='F') || c=='h' || c=='H' || c=='o' || c=='O' || c==',' || c=='.')); - - if (in.gcount()) - in.putback(c); - str[length-1] = '\0'; - a = Integer(str); - - return in; -} - -std::ostream& operator<<(std::ostream& out, const Integer &a) -{ - // Get relevant conversion specifications from ostream. - long f = out.flags() & std::ios::basefield; // Get base digits. - int base, block; - char suffix; - switch(f) - { - case std::ios::oct : - base = 8; - block = 8; - suffix = 'o'; - break; - case std::ios::hex : - base = 16; - block = 4; - suffix = 'h'; - break; - default : - base = 10; - block = 3; - suffix = '.'; - } - - Integer temp1=a, temp2; - - if (a.IsNegative()) - { - out << '-'; - temp1.Negate(); - } - - if (!a) - out << '0'; - - static const char upper[]="0123456789ABCDEF"; - static const char lower[]="0123456789abcdef"; - - const char* vec = (out.flags() & std::ios::uppercase) ? upper : lower; - unsigned i=0; - SecBlock<char> s(a.BitCount() / (BitPrecision(base)-1) + 1); - - while (!!temp1) - { - word digit; - Integer::Divide(digit, temp2, temp1, base); - s[i++]=vec[digit]; - temp1.swap(temp2); - } - - while (i--) - { - out << s[i]; -// if (i && !(i%block)) -// out << ","; - } - return out << suffix; -} - -Integer& Integer::operator++() -{ - if (NotNegative()) - { - if (Increment(reg, reg.size())) - { - reg.CleanGrow(2*reg.size()); - reg[reg.size()/2]=1; - } - } - else - { - word borrow = Decrement(reg, reg.size()); - assert(!borrow); - if (WordCount()==0) - *this = Zero(); - } - return *this; -} - -Integer& Integer::operator--() -{ - if (IsNegative()) - { - if (Increment(reg, reg.size())) - { - reg.CleanGrow(2*reg.size()); - reg[reg.size()/2]=1; - } - } - else - { - if (Decrement(reg, reg.size())) - *this = -One(); - } - return *this; -} - -void PositiveAdd(Integer &sum, const Integer &a, const Integer& b) -{ - int carry; - if (a.reg.size() == b.reg.size()) - carry = Add(sum.reg, a.reg, b.reg, a.reg.size()); - else if (a.reg.size() > b.reg.size()) - { - carry = Add(sum.reg, a.reg, b.reg, b.reg.size()); - CopyWords(sum.reg+b.reg.size(), a.reg+b.reg.size(), a.reg.size()-b.reg.size()); - carry = Increment(sum.reg+b.reg.size(), a.reg.size()-b.reg.size(), carry); - } - else - { - carry = Add(sum.reg, a.reg, b.reg, a.reg.size()); - CopyWords(sum.reg+a.reg.size(), b.reg+a.reg.size(), b.reg.size()-a.reg.size()); - carry = Increment(sum.reg+a.reg.size(), b.reg.size()-a.reg.size(), carry); - } - - if (carry) - { - sum.reg.CleanGrow(2*sum.reg.size()); - sum.reg[sum.reg.size()/2] = 1; - } - sum.sign = Integer::POSITIVE; -} - -void PositiveSubtract(Integer &diff, const Integer &a, const Integer& b) -{ - unsigned aSize = a.WordCount(); - aSize += aSize%2; - unsigned bSize = b.WordCount(); - bSize += bSize%2; - - if (aSize == bSize) - { - if (Compare(a.reg, b.reg, aSize) >= 0) - { - Subtract(diff.reg, a.reg, b.reg, aSize); - diff.sign = Integer::POSITIVE; - } - else - { - Subtract(diff.reg, b.reg, a.reg, aSize); - diff.sign = Integer::NEGATIVE; - } - } - else if (aSize > bSize) - { - word borrow = Subtract(diff.reg, a.reg, b.reg, bSize); - CopyWords(diff.reg+bSize, a.reg+bSize, aSize-bSize); - borrow = Decrement(diff.reg+bSize, aSize-bSize, borrow); - assert(!borrow); - diff.sign = Integer::POSITIVE; - } - else - { - word borrow = Subtract(diff.reg, b.reg, a.reg, aSize); - CopyWords(diff.reg+aSize, b.reg+aSize, bSize-aSize); - borrow = Decrement(diff.reg+aSize, bSize-aSize, borrow); - assert(!borrow); - diff.sign = Integer::NEGATIVE; - } -} - -// MSVC .NET 2003 workaround -template <class T> inline const T& STDMAX2(const T& a, const T& b) -{ - return a < b ? b : a; -} - -Integer Integer::Plus(const Integer& b) const -{ - Integer sum((word)0, STDMAX2(reg.size(), b.reg.size())); - if (NotNegative()) - { - if (b.NotNegative()) - PositiveAdd(sum, *this, b); - else - PositiveSubtract(sum, *this, b); - } - else - { - if (b.NotNegative()) - PositiveSubtract(sum, b, *this); - else - { - PositiveAdd(sum, *this, b); - sum.sign = Integer::NEGATIVE; - } - } - return sum; -} - -Integer& Integer::operator+=(const Integer& t) -{ - reg.CleanGrow(t.reg.size()); - if (NotNegative()) - { - if (t.NotNegative()) - PositiveAdd(*this, *this, t); - else - PositiveSubtract(*this, *this, t); - } - else - { - if (t.NotNegative()) - PositiveSubtract(*this, t, *this); - else - { - PositiveAdd(*this, *this, t); - sign = Integer::NEGATIVE; - } - } - return *this; -} - -Integer Integer::Minus(const Integer& b) const -{ - Integer diff((word)0, STDMAX2(reg.size(), b.reg.size())); - if (NotNegative()) - { - if (b.NotNegative()) - PositiveSubtract(diff, *this, b); - else - PositiveAdd(diff, *this, b); - } - else - { - if (b.NotNegative()) - { - PositiveAdd(diff, *this, b); - diff.sign = Integer::NEGATIVE; - } - else - PositiveSubtract(diff, b, *this); - } - return diff; -} - -Integer& Integer::operator-=(const Integer& t) -{ - reg.CleanGrow(t.reg.size()); - if (NotNegative()) - { - if (t.NotNegative()) - PositiveSubtract(*this, *this, t); - else - PositiveAdd(*this, *this, t); - } - else - { - if (t.NotNegative()) - { - PositiveAdd(*this, *this, t); - sign = Integer::NEGATIVE; - } - else - PositiveSubtract(*this, t, *this); - } - return *this; -} - -Integer& Integer::operator<<=(size_t n) -{ - const size_t wordCount = WordCount(); - const size_t shiftWords = n / WORD_BITS; - const unsigned int shiftBits = (unsigned int)(n % WORD_BITS); - - reg.CleanGrow(RoundupSize(wordCount+BitsToWords(n))); - ShiftWordsLeftByWords(reg, wordCount + shiftWords, shiftWords); - ShiftWordsLeftByBits(reg+shiftWords, wordCount+BitsToWords(shiftBits), shiftBits); - return *this; -} - -Integer& Integer::operator>>=(size_t n) -{ - const size_t wordCount = WordCount(); - const size_t shiftWords = n / WORD_BITS; - const unsigned int shiftBits = (unsigned int)(n % WORD_BITS); - - ShiftWordsRightByWords(reg, wordCount, shiftWords); - if (wordCount > shiftWords) - ShiftWordsRightByBits(reg, wordCount-shiftWords, shiftBits); - if (IsNegative() && WordCount()==0) // avoid -0 - *this = Zero(); - return *this; -} - -void PositiveMultiply(Integer &product, const Integer &a, const Integer &b) -{ - size_t aSize = RoundupSize(a.WordCount()); - size_t bSize = RoundupSize(b.WordCount()); - - product.reg.CleanNew(RoundupSize(aSize+bSize)); - product.sign = Integer::POSITIVE; - - IntegerSecBlock workspace(aSize + bSize); - AsymmetricMultiply(product.reg, workspace, a.reg, aSize, b.reg, bSize); -} - -void Multiply(Integer &product, const Integer &a, const Integer &b) -{ - PositiveMultiply(product, a, b); - - if (a.NotNegative() != b.NotNegative()) - product.Negate(); -} - -Integer Integer::Times(const Integer &b) const -{ - Integer product; - Multiply(product, *this, b); - return product; -} - -/* -void PositiveDivide(Integer &remainder, Integer "ient, - const Integer ÷nd, const Integer &divisor) -{ - remainder.reg.CleanNew(divisor.reg.size()); - remainder.sign = Integer::POSITIVE; - quotient.reg.New(0); - quotient.sign = Integer::POSITIVE; - unsigned i=dividend.BitCount(); - while (i--) - { - word overflow = ShiftWordsLeftByBits(remainder.reg, remainder.reg.size(), 1); - remainder.reg[0] |= dividend[i]; - if (overflow || remainder >= divisor) - { - Subtract(remainder.reg, remainder.reg, divisor.reg, remainder.reg.size()); - quotient.SetBit(i); - } - } -} -*/ - -void PositiveDivide(Integer &remainder, Integer "ient, - const Integer &a, const Integer &b) -{ - unsigned aSize = a.WordCount(); - unsigned bSize = b.WordCount(); - - if (!bSize) - throw Integer::DivideByZero(); - - if (aSize < bSize) - { - remainder = a; - remainder.sign = Integer::POSITIVE; - quotient = Integer::Zero(); - return; - } - - aSize += aSize%2; // round up to next even number - bSize += bSize%2; - - remainder.reg.CleanNew(RoundupSize(bSize)); - remainder.sign = Integer::POSITIVE; - quotient.reg.CleanNew(RoundupSize(aSize-bSize+2)); - quotient.sign = Integer::POSITIVE; - - IntegerSecBlock T(aSize+3*(bSize+2)); - Divide(remainder.reg, quotient.reg, T, a.reg, aSize, b.reg, bSize); -} - -void Integer::Divide(Integer &remainder, Integer "ient, const Integer ÷nd, const Integer &divisor) -{ - PositiveDivide(remainder, quotient, dividend, divisor); - - if (dividend.IsNegative()) - { - quotient.Negate(); - if (remainder.NotZero()) - { - --quotient; - remainder = divisor.AbsoluteValue() - remainder; - } - } - - if (divisor.IsNegative()) - quotient.Negate(); -} - -void Integer::DivideByPowerOf2(Integer &r, Integer &q, const Integer &a, unsigned int n) -{ - q = a; - q >>= n; - - const size_t wordCount = BitsToWords(n); - if (wordCount <= a.WordCount()) - { - r.reg.resize(RoundupSize(wordCount)); - CopyWords(r.reg, a.reg, wordCount); - SetWords(r.reg+wordCount, 0, r.reg.size()-wordCount); - if (n % WORD_BITS != 0) - r.reg[wordCount-1] %= (word(1) << (n % WORD_BITS)); - } - else - { - r.reg.resize(RoundupSize(a.WordCount())); - CopyWords(r.reg, a.reg, r.reg.size()); - } - r.sign = POSITIVE; - - if (a.IsNegative() && r.NotZero()) - { - --q; - r = Power2(n) - r; - } -} - -Integer Integer::DividedBy(const Integer &b) const -{ - Integer remainder, quotient; - Integer::Divide(remainder, quotient, *this, b); - return quotient; -} - -Integer Integer::Modulo(const Integer &b) const -{ - Integer remainder, quotient; - Integer::Divide(remainder, quotient, *this, b); - return remainder; -} - -void Integer::Divide(word &remainder, Integer "ient, const Integer ÷nd, word divisor) -{ - if (!divisor) - throw Integer::DivideByZero(); - - assert(divisor); - - if ((divisor & (divisor-1)) == 0) // divisor is a power of 2 - { - quotient = dividend >> (BitPrecision(divisor)-1); - remainder = dividend.reg[0] & (divisor-1); - return; - } - - unsigned int i = dividend.WordCount(); - quotient.reg.CleanNew(RoundupSize(i)); - remainder = 0; - while (i--) - { - quotient.reg[i] = DWord(dividend.reg[i], remainder) / divisor; - remainder = DWord(dividend.reg[i], remainder) % divisor; - } - - if (dividend.NotNegative()) - quotient.sign = POSITIVE; - else - { - quotient.sign = NEGATIVE; - if (remainder) - { - --quotient; - remainder = divisor - remainder; - } - } -} - -Integer Integer::DividedBy(word b) const -{ - word remainder; - Integer quotient; - Integer::Divide(remainder, quotient, *this, b); - return quotient; -} - -word Integer::Modulo(word divisor) const -{ - if (!divisor) - throw Integer::DivideByZero(); - - assert(divisor); - - word remainder; - - if ((divisor & (divisor-1)) == 0) // divisor is a power of 2 - remainder = reg[0] & (divisor-1); - else - { - unsigned int i = WordCount(); - - if (divisor <= 5) - { - DWord sum(0, 0); - while (i--) - sum += reg[i]; - remainder = sum % divisor; - } - else - { - remainder = 0; - while (i--) - remainder = DWord(reg[i], remainder) % divisor; - } - } - - if (IsNegative() && remainder) - remainder = divisor - remainder; - - return remainder; -} - -void Integer::Negate() -{ - if (!!(*this)) // don't flip sign if *this==0 - sign = Sign(1-sign); -} - -int Integer::PositiveCompare(const Integer& t) const -{ - unsigned size = WordCount(), tSize = t.WordCount(); - - if (size == tSize) - return CryptoPP::Compare(reg, t.reg, size); - else - return size > tSize ? 1 : -1; -} - -int Integer::Compare(const Integer& t) const -{ - if (NotNegative()) - { - if (t.NotNegative()) - return PositiveCompare(t); - else - return 1; - } - else - { - if (t.NotNegative()) - return -1; - else - return -PositiveCompare(t); - } -} - -Integer Integer::SquareRoot() const -{ - if (!IsPositive()) - return Zero(); - - // overestimate square root - Integer x, y = Power2((BitCount()+1)/2); - assert(y*y >= *this); - - do - { - x = y; - y = (x + *this/x) >> 1; - } while (y<x); - - return x; -} - -bool Integer::IsSquare() const -{ - Integer r = SquareRoot(); - return *this == r.Squared(); -} - -bool Integer::IsUnit() const -{ - return (WordCount() == 1) && (reg[0] == 1); -} - -Integer Integer::MultiplicativeInverse() const -{ - return IsUnit() ? *this : Zero(); -} - -Integer a_times_b_mod_c(const Integer &x, const Integer& y, const Integer& m) -{ - return x*y%m; -} - -Integer a_exp_b_mod_c(const Integer &x, const Integer& e, const Integer& m) -{ - ModularArithmetic mr(m); - return mr.Exponentiate(x, e); -} - -Integer Integer::Gcd(const Integer &a, const Integer &b) -{ - return EuclideanDomainOf<Integer>().Gcd(a, b); -} - -Integer Integer::InverseMod(const Integer &m) const -{ - assert(m.NotNegative()); - - if (IsNegative()) - return Modulo(m).InverseMod(m); - - if (m.IsEven()) - { - if (!m || IsEven()) - return Zero(); // no inverse - if (*this == One()) - return One(); - - Integer u = m.Modulo(*this).InverseMod(*this); - return !u ? Zero() : (m*(*this-u)+1)/(*this); - } - - SecBlock<word> T(m.reg.size() * 4); - Integer r((word)0, m.reg.size()); - unsigned k = AlmostInverse(r.reg, T, reg, reg.size(), m.reg, m.reg.size()); - DivideByPower2Mod(r.reg, r.reg, k, m.reg, m.reg.size()); - return r; -} - -word Integer::InverseMod(word mod) const -{ - word g0 = mod, g1 = *this % mod; - word v0 = 0, v1 = 1; - word y; - - while (g1) - { - if (g1 == 1) - return v1; - y = g0 / g1; - g0 = g0 % g1; - v0 += y * v1; - - if (!g0) - break; - if (g0 == 1) - return mod-v0; - y = g1 / g0; - g1 = g1 % g0; - v1 += y * v0; - } - return 0; -} - -// ******************************************************** - -ModularArithmetic::ModularArithmetic(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - OID oid(seq); - if (oid != ASN1::prime_field()) - BERDecodeError(); - m_modulus.BERDecode(seq); - seq.MessageEnd(); - m_result.reg.resize(m_modulus.reg.size()); -} - -void ModularArithmetic::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - ASN1::prime_field().DEREncode(seq); - m_modulus.DEREncode(seq); - seq.MessageEnd(); -} - -void ModularArithmetic::DEREncodeElement(BufferedTransformation &out, const Element &a) const -{ - a.DEREncodeAsOctetString(out, MaxElementByteLength()); -} - -void ModularArithmetic::BERDecodeElement(BufferedTransformation &in, Element &a) const -{ - a.BERDecodeAsOctetString(in, MaxElementByteLength()); -} - -const Integer& ModularArithmetic::Half(const Integer &a) const -{ - if (a.reg.size()==m_modulus.reg.size()) - { - CryptoPP::DivideByPower2Mod(m_result.reg.begin(), a.reg, 1, m_modulus.reg, a.reg.size()); - return m_result; - } - else - return m_result1 = (a.IsEven() ? (a >> 1) : ((a+m_modulus) >> 1)); -} - -const Integer& ModularArithmetic::Add(const Integer &a, const Integer &b) const -{ - if (a.reg.size()==m_modulus.reg.size() && b.reg.size()==m_modulus.reg.size()) - { - if (CryptoPP::Add(m_result.reg.begin(), a.reg, b.reg, a.reg.size()) - || Compare(m_result.reg, m_modulus.reg, a.reg.size()) >= 0) - { - CryptoPP::Subtract(m_result.reg.begin(), m_result.reg, m_modulus.reg, a.reg.size()); - } - return m_result; - } - else - { - m_result1 = a+b; - if (m_result1 >= m_modulus) - m_result1 -= m_modulus; - return m_result1; - } -} - -Integer& ModularArithmetic::Accumulate(Integer &a, const Integer &b) const -{ - if (a.reg.size()==m_modulus.reg.size() && b.reg.size()==m_modulus.reg.size()) - { - if (CryptoPP::Add(a.reg, a.reg, b.reg, a.reg.size()) - || Compare(a.reg, m_modulus.reg, a.reg.size()) >= 0) - { - CryptoPP::Subtract(a.reg, a.reg, m_modulus.reg, a.reg.size()); - } - } - else - { - a+=b; - if (a>=m_modulus) - a-=m_modulus; - } - - return a; -} - -const Integer& ModularArithmetic::Subtract(const Integer &a, const Integer &b) const -{ - if (a.reg.size()==m_modulus.reg.size() && b.reg.size()==m_modulus.reg.size()) - { - if (CryptoPP::Subtract(m_result.reg.begin(), a.reg, b.reg, a.reg.size())) - CryptoPP::Add(m_result.reg.begin(), m_result.reg, m_modulus.reg, a.reg.size()); - return m_result; - } - else - { - m_result1 = a-b; - if (m_result1.IsNegative()) - m_result1 += m_modulus; - return m_result1; - } -} - -Integer& ModularArithmetic::Reduce(Integer &a, const Integer &b) const -{ - if (a.reg.size()==m_modulus.reg.size() && b.reg.size()==m_modulus.reg.size()) - { - if (CryptoPP::Subtract(a.reg, a.reg, b.reg, a.reg.size())) - CryptoPP::Add(a.reg, a.reg, m_modulus.reg, a.reg.size()); - } - else - { - a-=b; - if (a.IsNegative()) - a+=m_modulus; - } - - return a; -} - -const Integer& ModularArithmetic::Inverse(const Integer &a) const -{ - if (!a) - return a; - - CopyWords(m_result.reg.begin(), m_modulus.reg, m_modulus.reg.size()); - if (CryptoPP::Subtract(m_result.reg.begin(), m_result.reg, a.reg, a.reg.size())) - Decrement(m_result.reg.begin()+a.reg.size(), m_modulus.reg.size()-a.reg.size()); - - return m_result; -} - -Integer ModularArithmetic::CascadeExponentiate(const Integer &x, const Integer &e1, const Integer &y, const Integer &e2) const -{ - if (m_modulus.IsOdd()) - { - MontgomeryRepresentation dr(m_modulus); - return dr.ConvertOut(dr.CascadeExponentiate(dr.ConvertIn(x), e1, dr.ConvertIn(y), e2)); - } - else - return AbstractRing<Integer>::CascadeExponentiate(x, e1, y, e2); -} - -void ModularArithmetic::SimultaneousExponentiate(Integer *results, const Integer &base, const Integer *exponents, unsigned int exponentsCount) const -{ - if (m_modulus.IsOdd()) - { - MontgomeryRepresentation dr(m_modulus); - dr.SimultaneousExponentiate(results, dr.ConvertIn(base), exponents, exponentsCount); - for (unsigned int i=0; i<exponentsCount; i++) - results[i] = dr.ConvertOut(results[i]); - } - else - AbstractRing<Integer>::SimultaneousExponentiate(results, base, exponents, exponentsCount); -} - -MontgomeryRepresentation::MontgomeryRepresentation(const Integer &m) // modulus must be odd - : ModularArithmetic(m), - m_u((word)0, m_modulus.reg.size()), - m_workspace(5*m_modulus.reg.size()) -{ - if (!m_modulus.IsOdd()) - throw InvalidArgument("MontgomeryRepresentation: Montgomery representation requires an odd modulus"); - - RecursiveInverseModPower2(m_u.reg, m_workspace, m_modulus.reg, m_modulus.reg.size()); -} - -const Integer& MontgomeryRepresentation::Multiply(const Integer &a, const Integer &b) const -{ - word *const T = m_workspace.begin(); - word *const R = m_result.reg.begin(); - const size_t N = m_modulus.reg.size(); - assert(a.reg.size()<=N && b.reg.size()<=N); - - AsymmetricMultiply(T, T+2*N, a.reg, a.reg.size(), b.reg, b.reg.size()); - SetWords(T+a.reg.size()+b.reg.size(), 0, 2*N-a.reg.size()-b.reg.size()); - MontgomeryReduce(R, T+2*N, T, m_modulus.reg, m_u.reg, N); - return m_result; -} - -const Integer& MontgomeryRepresentation::Square(const Integer &a) const -{ - word *const T = m_workspace.begin(); - word *const R = m_result.reg.begin(); - const size_t N = m_modulus.reg.size(); - assert(a.reg.size()<=N); - - CryptoPP::Square(T, T+2*N, a.reg, a.reg.size()); - SetWords(T+2*a.reg.size(), 0, 2*N-2*a.reg.size()); - MontgomeryReduce(R, T+2*N, T, m_modulus.reg, m_u.reg, N); - return m_result; -} - -Integer MontgomeryRepresentation::ConvertOut(const Integer &a) const -{ - word *const T = m_workspace.begin(); - word *const R = m_result.reg.begin(); - const size_t N = m_modulus.reg.size(); - assert(a.reg.size()<=N); - - CopyWords(T, a.reg, a.reg.size()); - SetWords(T+a.reg.size(), 0, 2*N-a.reg.size()); - MontgomeryReduce(R, T+2*N, T, m_modulus.reg, m_u.reg, N); - return m_result; -} - -const Integer& MontgomeryRepresentation::MultiplicativeInverse(const Integer &a) const -{ -// return (EuclideanMultiplicativeInverse(a, modulus)<<(2*WORD_BITS*modulus.reg.size()))%modulus; - word *const T = m_workspace.begin(); - word *const R = m_result.reg.begin(); - const size_t N = m_modulus.reg.size(); - assert(a.reg.size()<=N); - - CopyWords(T, a.reg, a.reg.size()); - SetWords(T+a.reg.size(), 0, 2*N-a.reg.size()); - MontgomeryReduce(R, T+2*N, T, m_modulus.reg, m_u.reg, N); - unsigned k = AlmostInverse(R, T, R, N, m_modulus.reg, N); - -// cout << "k=" << k << " N*32=" << 32*N << endl; - - if (k>N*WORD_BITS) - DivideByPower2Mod(R, R, k-N*WORD_BITS, m_modulus.reg, N); - else - MultiplyByPower2Mod(R, R, N*WORD_BITS-k, m_modulus.reg, N); - - return m_result; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/integer.h b/cryptopp562/integer.h deleted file mode 100644 index 6d844fa..0000000 --- a/cryptopp562/integer.h +++ /dev/null @@ -1,420 +0,0 @@ -#ifndef CRYPTOPP_INTEGER_H -#define CRYPTOPP_INTEGER_H - -/** \file */ - -#include "cryptlib.h" -#include "secblock.h" - -#include <iosfwd> -#include <algorithm> - -NAMESPACE_BEGIN(CryptoPP) - -struct InitializeInteger // used to initialize static variables -{ - InitializeInteger(); -}; - -typedef SecBlock<word, AllocatorWithCleanup<word, CRYPTOPP_BOOL_X86> > IntegerSecBlock; - -//! multiple precision integer and basic arithmetics -/*! This class can represent positive and negative integers - with absolute value less than (256**sizeof(word)) ** (256**sizeof(int)). - \nosubgrouping -*/ -class CRYPTOPP_DLL Integer : private InitializeInteger, public ASN1Object -{ -public: - //! \name ENUMS, EXCEPTIONS, and TYPEDEFS - //@{ - //! division by zero exception - class DivideByZero : public Exception - { - public: - DivideByZero() : Exception(OTHER_ERROR, "Integer: division by zero") {} - }; - - //! - class RandomNumberNotFound : public Exception - { - public: - RandomNumberNotFound() : Exception(OTHER_ERROR, "Integer: no integer satisfies the given parameters") {} - }; - - //! - enum Sign {POSITIVE=0, NEGATIVE=1}; - - //! - enum Signedness { - //! - UNSIGNED, - //! - SIGNED}; - - //! - enum RandomNumberType { - //! - ANY, - //! - PRIME}; - //@} - - //! \name CREATORS - //@{ - //! creates the zero integer - Integer(); - - //! copy constructor - Integer(const Integer& t); - - //! convert from signed long - Integer(signed long value); - - //! convert from lword - Integer(Sign s, lword value); - - //! convert from two words - Integer(Sign s, word highWord, word lowWord); - - //! convert from string - /*! str can be in base 2, 8, 10, or 16. Base is determined by a - case insensitive suffix of 'h', 'o', or 'b'. No suffix means base 10. - */ - explicit Integer(const char *str); - explicit Integer(const wchar_t *str); - - //! convert from big-endian byte array - Integer(const byte *encodedInteger, size_t byteCount, Signedness s=UNSIGNED); - - //! convert from big-endian form stored in a BufferedTransformation - Integer(BufferedTransformation &bt, size_t byteCount, Signedness s=UNSIGNED); - - //! convert from BER encoded byte array stored in a BufferedTransformation object - explicit Integer(BufferedTransformation &bt); - - //! create a random integer - /*! The random integer created is uniformly distributed over [0, 2**bitcount). */ - Integer(RandomNumberGenerator &rng, size_t bitcount); - - //! avoid calling constructors for these frequently used integers - static const Integer & CRYPTOPP_API Zero(); - //! avoid calling constructors for these frequently used integers - static const Integer & CRYPTOPP_API One(); - //! avoid calling constructors for these frequently used integers - static const Integer & CRYPTOPP_API Two(); - - //! create a random integer of special type - /*! Ideally, the random integer created should be uniformly distributed - over {x | min <= x <= max and x is of rnType and x % mod == equiv}. - However the actual distribution may not be uniform because sequential - search is used to find an appropriate number from a random starting - point. - May return (with very small probability) a pseudoprime when a prime - is requested and max > lastSmallPrime*lastSmallPrime (lastSmallPrime - is declared in nbtheory.h). - \throw RandomNumberNotFound if the set is empty. - */ - Integer(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType=ANY, const Integer &equiv=Zero(), const Integer &mod=One()); - - //! return the integer 2**e - static Integer CRYPTOPP_API Power2(size_t e); - //@} - - //! \name ENCODE/DECODE - //@{ - //! minimum number of bytes to encode this integer - /*! MinEncodedSize of 0 is 1 */ - size_t MinEncodedSize(Signedness=UNSIGNED) const; - //! encode in big-endian format - /*! unsigned means encode absolute value, signed means encode two's complement if negative. - if outputLen < MinEncodedSize, the most significant bytes will be dropped - if outputLen > MinEncodedSize, the most significant bytes will be padded - */ - void Encode(byte *output, size_t outputLen, Signedness=UNSIGNED) const; - //! - void Encode(BufferedTransformation &bt, size_t outputLen, Signedness=UNSIGNED) const; - - //! encode using Distinguished Encoding Rules, put result into a BufferedTransformation object - void DEREncode(BufferedTransformation &bt) const; - - //! encode absolute value as big-endian octet string - void DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const; - - //! encode absolute value in OpenPGP format, return length of output - size_t OpenPGPEncode(byte *output, size_t bufferSize) const; - //! encode absolute value in OpenPGP format, put result into a BufferedTransformation object - size_t OpenPGPEncode(BufferedTransformation &bt) const; - - //! - void Decode(const byte *input, size_t inputLen, Signedness=UNSIGNED); - //! - //* Precondition: bt.MaxRetrievable() >= inputLen - void Decode(BufferedTransformation &bt, size_t inputLen, Signedness=UNSIGNED); - - //! - void BERDecode(const byte *input, size_t inputLen); - //! - void BERDecode(BufferedTransformation &bt); - - //! decode nonnegative value as big-endian octet string - void BERDecodeAsOctetString(BufferedTransformation &bt, size_t length); - - class OpenPGPDecodeErr : public Exception - { - public: - OpenPGPDecodeErr() : Exception(INVALID_DATA_FORMAT, "OpenPGP decode error") {} - }; - - //! - void OpenPGPDecode(const byte *input, size_t inputLen); - //! - void OpenPGPDecode(BufferedTransformation &bt); - //@} - - //! \name ACCESSORS - //@{ - //! return true if *this can be represented as a signed long - bool IsConvertableToLong() const; - //! return equivalent signed long if possible, otherwise undefined - signed long ConvertToLong() const; - - //! number of significant bits = floor(log2(abs(*this))) + 1 - unsigned int BitCount() const; - //! number of significant bytes = ceiling(BitCount()/8) - unsigned int ByteCount() const; - //! number of significant words = ceiling(ByteCount()/sizeof(word)) - unsigned int WordCount() const; - - //! return the i-th bit, i=0 being the least significant bit - bool GetBit(size_t i) const; - //! return the i-th byte - byte GetByte(size_t i) const; - //! return n lowest bits of *this >> i - lword GetBits(size_t i, size_t n) const; - - //! - bool IsZero() const {return !*this;} - //! - bool NotZero() const {return !IsZero();} - //! - bool IsNegative() const {return sign == NEGATIVE;} - //! - bool NotNegative() const {return !IsNegative();} - //! - bool IsPositive() const {return NotNegative() && NotZero();} - //! - bool NotPositive() const {return !IsPositive();} - //! - bool IsEven() const {return GetBit(0) == 0;} - //! - bool IsOdd() const {return GetBit(0) == 1;} - //@} - - //! \name MANIPULATORS - //@{ - //! - Integer& operator=(const Integer& t); - - //! - Integer& operator+=(const Integer& t); - //! - Integer& operator-=(const Integer& t); - //! - Integer& operator*=(const Integer& t) {return *this = Times(t);} - //! - Integer& operator/=(const Integer& t) {return *this = DividedBy(t);} - //! - Integer& operator%=(const Integer& t) {return *this = Modulo(t);} - //! - Integer& operator/=(word t) {return *this = DividedBy(t);} - //! - Integer& operator%=(word t) {return *this = Integer(POSITIVE, 0, Modulo(t));} - - //! - Integer& operator<<=(size_t); - //! - Integer& operator>>=(size_t); - - //! - void Randomize(RandomNumberGenerator &rng, size_t bitcount); - //! - void Randomize(RandomNumberGenerator &rng, const Integer &min, const Integer &max); - //! set this Integer to a random element of {x | min <= x <= max and x is of rnType and x % mod == equiv} - /*! returns false if the set is empty */ - bool Randomize(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType, const Integer &equiv=Zero(), const Integer &mod=One()); - - bool GenerateRandomNoThrow(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs); - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs) - { - if (!GenerateRandomNoThrow(rng, params)) - throw RandomNumberNotFound(); - } - - //! set the n-th bit to value - void SetBit(size_t n, bool value=1); - //! set the n-th byte to value - void SetByte(size_t n, byte value); - - //! - void Negate(); - //! - void SetPositive() {sign = POSITIVE;} - //! - void SetNegative() {if (!!(*this)) sign = NEGATIVE;} - - //! - void swap(Integer &a); - //@} - - //! \name UNARY OPERATORS - //@{ - //! - bool operator!() const; - //! - Integer operator+() const {return *this;} - //! - Integer operator-() const; - //! - Integer& operator++(); - //! - Integer& operator--(); - //! - Integer operator++(int) {Integer temp = *this; ++*this; return temp;} - //! - Integer operator--(int) {Integer temp = *this; --*this; return temp;} - //@} - - //! \name BINARY OPERATORS - //@{ - //! signed comparison - /*! \retval -1 if *this < a - \retval 0 if *this = a - \retval 1 if *this > a - */ - int Compare(const Integer& a) const; - - //! - Integer Plus(const Integer &b) const; - //! - Integer Minus(const Integer &b) const; - //! - Integer Times(const Integer &b) const; - //! - Integer DividedBy(const Integer &b) const; - //! - Integer Modulo(const Integer &b) const; - //! - Integer DividedBy(word b) const; - //! - word Modulo(word b) const; - - //! - Integer operator>>(size_t n) const {return Integer(*this)>>=n;} - //! - Integer operator<<(size_t n) const {return Integer(*this)<<=n;} - //@} - - //! \name OTHER ARITHMETIC FUNCTIONS - //@{ - //! - Integer AbsoluteValue() const; - //! - Integer Doubled() const {return Plus(*this);} - //! - Integer Squared() const {return Times(*this);} - //! extract square root, if negative return 0, else return floor of square root - Integer SquareRoot() const; - //! return whether this integer is a perfect square - bool IsSquare() const; - - //! is 1 or -1 - bool IsUnit() const; - //! return inverse if 1 or -1, otherwise return 0 - Integer MultiplicativeInverse() const; - - //! modular multiplication - CRYPTOPP_DLL friend Integer CRYPTOPP_API a_times_b_mod_c(const Integer &x, const Integer& y, const Integer& m); - //! modular exponentiation - CRYPTOPP_DLL friend Integer CRYPTOPP_API a_exp_b_mod_c(const Integer &x, const Integer& e, const Integer& m); - - //! calculate r and q such that (a == d*q + r) && (0 <= r < abs(d)) - static void CRYPTOPP_API Divide(Integer &r, Integer &q, const Integer &a, const Integer &d); - //! use a faster division algorithm when divisor is short - static void CRYPTOPP_API Divide(word &r, Integer &q, const Integer &a, word d); - - //! returns same result as Divide(r, q, a, Power2(n)), but faster - static void CRYPTOPP_API DivideByPowerOf2(Integer &r, Integer &q, const Integer &a, unsigned int n); - - //! greatest common divisor - static Integer CRYPTOPP_API Gcd(const Integer &a, const Integer &n); - //! calculate multiplicative inverse of *this mod n - Integer InverseMod(const Integer &n) const; - //! - word InverseMod(word n) const; - //@} - - //! \name INPUT/OUTPUT - //@{ - //! - friend CRYPTOPP_DLL std::istream& CRYPTOPP_API operator>>(std::istream& in, Integer &a); - //! - friend CRYPTOPP_DLL std::ostream& CRYPTOPP_API operator<<(std::ostream& out, const Integer &a); - //@} - -private: - friend class ModularArithmetic; - friend class MontgomeryRepresentation; - friend class HalfMontgomeryRepresentation; - - Integer(word value, size_t length); - - int PositiveCompare(const Integer &t) const; - friend void PositiveAdd(Integer &sum, const Integer &a, const Integer &b); - friend void PositiveSubtract(Integer &diff, const Integer &a, const Integer &b); - friend void PositiveMultiply(Integer &product, const Integer &a, const Integer &b); - friend void PositiveDivide(Integer &remainder, Integer "ient, const Integer ÷nd, const Integer &divisor); - - IntegerSecBlock reg; - Sign sign; -}; - -//! -inline bool operator==(const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)==0;} -//! -inline bool operator!=(const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)!=0;} -//! -inline bool operator> (const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)> 0;} -//! -inline bool operator>=(const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)>=0;} -//! -inline bool operator< (const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)< 0;} -//! -inline bool operator<=(const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)<=0;} -//! -inline CryptoPP::Integer operator+(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Plus(b);} -//! -inline CryptoPP::Integer operator-(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Minus(b);} -//! -inline CryptoPP::Integer operator*(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Times(b);} -//! -inline CryptoPP::Integer operator/(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.DividedBy(b);} -//! -inline CryptoPP::Integer operator%(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Modulo(b);} -//! -inline CryptoPP::Integer operator/(const CryptoPP::Integer &a, CryptoPP::word b) {return a.DividedBy(b);} -//! -inline CryptoPP::word operator%(const CryptoPP::Integer &a, CryptoPP::word b) {return a.Modulo(b);} - -NAMESPACE_END - -#ifndef __BORLANDC__ -NAMESPACE_BEGIN(std) -inline void swap(CryptoPP::Integer &a, CryptoPP::Integer &b) -{ - a.swap(b); -} -NAMESPACE_END -#endif - -#endif diff --git a/cryptopp562/iterhash.cpp b/cryptopp562/iterhash.cpp deleted file mode 100644 index 1e31e9f..0000000 --- a/cryptopp562/iterhash.cpp +++ /dev/null @@ -1,160 +0,0 @@ -// iterhash.cpp - written and placed in the public domain by Wei Dai - -#ifndef __GNUC__ -#define CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES -#endif - -#include "iterhash.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -template <class T, class BASE> void IteratedHashBase<T, BASE>::Update(const byte *input, size_t len) -{ - HashWordType oldCountLo = m_countLo, oldCountHi = m_countHi; - if ((m_countLo = oldCountLo + HashWordType(len)) < oldCountLo) - m_countHi++; // carry from low to high - m_countHi += (HashWordType)SafeRightShift<8*sizeof(HashWordType)>(len); - if (m_countHi < oldCountHi || SafeRightShift<2*8*sizeof(HashWordType)>(len) != 0) - throw HashInputTooLong(this->AlgorithmName()); - - unsigned int blockSize = this->BlockSize(); - unsigned int num = ModPowerOf2(oldCountLo, blockSize); - T* dataBuf = this->DataBuf(); - byte* data = (byte *)dataBuf; - - if (num != 0) // process left over data - { - if (num+len >= blockSize) - { - memcpy(data+num, input, blockSize-num); - HashBlock(dataBuf); - input += (blockSize-num); - len -= (blockSize-num); - num = 0; - // drop through and do the rest - } - else - { - memcpy(data+num, input, len); - return; - } - } - - // now process the input data in blocks of blockSize bytes and save the leftovers to m_data - if (len >= blockSize) - { - if (input == data) - { - assert(len == blockSize); - HashBlock(dataBuf); - return; - } - else if (IsAligned<T>(input)) - { - size_t leftOver = HashMultipleBlocks((T *)input, len); - input += (len - leftOver); - len = leftOver; - } - else - do - { // copy input first if it's not aligned correctly - memcpy(data, input, blockSize); - HashBlock(dataBuf); - input+=blockSize; - len-=blockSize; - } while (len >= blockSize); - } - - if (len && data != input) - memcpy(data, input, len); -} - -template <class T, class BASE> byte * IteratedHashBase<T, BASE>::CreateUpdateSpace(size_t &size) -{ - unsigned int blockSize = this->BlockSize(); - unsigned int num = ModPowerOf2(m_countLo, blockSize); - size = blockSize - num; - return (byte *)DataBuf() + num; -} - -template <class T, class BASE> size_t IteratedHashBase<T, BASE>::HashMultipleBlocks(const T *input, size_t length) -{ - unsigned int blockSize = this->BlockSize(); - bool noReverse = NativeByteOrderIs(this->GetByteOrder()); - T* dataBuf = this->DataBuf(); - do - { - if (noReverse) - this->HashEndianCorrectedBlock(input); - else - { - ByteReverse(dataBuf, input, this->BlockSize()); - this->HashEndianCorrectedBlock(dataBuf); - } - - input += blockSize/sizeof(T); - length -= blockSize; - } - while (length >= blockSize); - return length; -} - -template <class T, class BASE> void IteratedHashBase<T, BASE>::PadLastBlock(unsigned int lastBlockSize, byte padFirst) -{ - unsigned int blockSize = this->BlockSize(); - unsigned int num = ModPowerOf2(m_countLo, blockSize); - T* dataBuf = this->DataBuf(); - byte* data = (byte *)dataBuf; - data[num++] = padFirst; - if (num <= lastBlockSize) - memset(data+num, 0, lastBlockSize-num); - else - { - memset(data+num, 0, blockSize-num); - HashBlock(dataBuf); - memset(data, 0, lastBlockSize); - } -} - -template <class T, class BASE> void IteratedHashBase<T, BASE>::Restart() -{ - m_countLo = m_countHi = 0; - Init(); -} - -template <class T, class BASE> void IteratedHashBase<T, BASE>::TruncatedFinal(byte *digest, size_t size) -{ - this->ThrowIfInvalidTruncatedSize(size); - - T* dataBuf = this->DataBuf(); - T* stateBuf = this->StateBuf(); - unsigned int blockSize = this->BlockSize(); - ByteOrder order = this->GetByteOrder(); - - PadLastBlock(blockSize - 2*sizeof(HashWordType)); - dataBuf[blockSize/sizeof(T)-2+order] = ConditionalByteReverse(order, this->GetBitCountLo()); - dataBuf[blockSize/sizeof(T)-1-order] = ConditionalByteReverse(order, this->GetBitCountHi()); - - HashBlock(dataBuf); - - if (IsAligned<HashWordType>(digest) && size%sizeof(HashWordType)==0) - ConditionalByteReverse<HashWordType>(order, (HashWordType *)digest, stateBuf, size); - else - { - ConditionalByteReverse<HashWordType>(order, stateBuf, stateBuf, this->DigestSize()); - memcpy(digest, stateBuf, size); - } - - this->Restart(); // reinit for next use -} - -#ifdef __GNUC__ - template class IteratedHashBase<word64, HashTransformation>; - template class IteratedHashBase<word64, MessageAuthenticationCode>; - - template class IteratedHashBase<word32, HashTransformation>; - template class IteratedHashBase<word32, MessageAuthenticationCode>; -#endif - -NAMESPACE_END diff --git a/cryptopp562/iterhash.h b/cryptopp562/iterhash.h deleted file mode 100644 index cce9e82..0000000 --- a/cryptopp562/iterhash.h +++ /dev/null @@ -1,106 +0,0 @@ -#ifndef CRYPTOPP_ITERHASH_H -#define CRYPTOPP_ITERHASH_H - -#include "cryptlib.h" -#include "secblock.h" -#include "misc.h" -#include "simple.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! exception thrown when trying to hash more data than is allowed by a hash function -class CRYPTOPP_DLL HashInputTooLong : public InvalidDataFormat -{ -public: - explicit HashInputTooLong(const std::string &alg) - : InvalidDataFormat("IteratedHashBase: input data exceeds maximum allowed by hash function " + alg) {} -}; - -//! _ -template <class T, class BASE> -class CRYPTOPP_NO_VTABLE IteratedHashBase : public BASE -{ -public: - typedef T HashWordType; - - IteratedHashBase() : m_countLo(0), m_countHi(0) {} - unsigned int OptimalBlockSize() const {return this->BlockSize();} - unsigned int OptimalDataAlignment() const {return GetAlignmentOf<T>();} - void Update(const byte *input, size_t length); - byte * CreateUpdateSpace(size_t &size); - void Restart(); - void TruncatedFinal(byte *digest, size_t size); - -protected: - inline T GetBitCountHi() const {return (m_countLo >> (8*sizeof(T)-3)) + (m_countHi << 3);} - inline T GetBitCountLo() const {return m_countLo << 3;} - - void PadLastBlock(unsigned int lastBlockSize, byte padFirst=0x80); - virtual void Init() =0; - - virtual ByteOrder GetByteOrder() const =0; - virtual void HashEndianCorrectedBlock(const HashWordType *data) =0; - virtual size_t HashMultipleBlocks(const T *input, size_t length); - void HashBlock(const HashWordType *input) {HashMultipleBlocks(input, this->BlockSize());} - - virtual T* DataBuf() =0; - virtual T* StateBuf() =0; - -private: - T m_countLo, m_countHi; -}; - -//! _ -template <class T_HashWordType, class T_Endianness, unsigned int T_BlockSize, class T_Base = HashTransformation> -class CRYPTOPP_NO_VTABLE IteratedHash : public IteratedHashBase<T_HashWordType, T_Base> -{ -public: - typedef T_Endianness ByteOrderClass; - typedef T_HashWordType HashWordType; - - CRYPTOPP_CONSTANT(BLOCKSIZE = T_BlockSize) - // BCB2006 workaround: can't use BLOCKSIZE here - CRYPTOPP_COMPILE_ASSERT((T_BlockSize & (T_BlockSize - 1)) == 0); // blockSize is a power of 2 - unsigned int BlockSize() const {return T_BlockSize;} - - ByteOrder GetByteOrder() const {return T_Endianness::ToEnum();} - - inline static void CorrectEndianess(HashWordType *out, const HashWordType *in, size_t byteCount) - { - ConditionalByteReverse(T_Endianness::ToEnum(), out, in, byteCount); - } - -protected: - T_HashWordType* DataBuf() {return this->m_data;} - FixedSizeSecBlock<T_HashWordType, T_BlockSize/sizeof(T_HashWordType)> m_data; -}; - -//! _ -template <class T_HashWordType, class T_Endianness, unsigned int T_BlockSize, unsigned int T_StateSize, class T_Transform, unsigned int T_DigestSize = 0, bool T_StateAligned = false> -class CRYPTOPP_NO_VTABLE IteratedHashWithStaticTransform - : public ClonableImpl<T_Transform, AlgorithmImpl<IteratedHash<T_HashWordType, T_Endianness, T_BlockSize>, T_Transform> > -{ -public: - CRYPTOPP_CONSTANT(DIGESTSIZE = T_DigestSize ? T_DigestSize : T_StateSize) - unsigned int DigestSize() const {return DIGESTSIZE;}; - -protected: - IteratedHashWithStaticTransform() {this->Init();} - void HashEndianCorrectedBlock(const T_HashWordType *data) {T_Transform::Transform(this->m_state, data);} - void Init() {T_Transform::InitState(this->m_state);} - - T_HashWordType* StateBuf() {return this->m_state;} - FixedSizeAlignedSecBlock<T_HashWordType, T_BlockSize/sizeof(T_HashWordType), T_StateAligned> m_state; -}; - -#ifndef __GNUC__ - CRYPTOPP_DLL_TEMPLATE_CLASS IteratedHashBase<word64, HashTransformation>; - CRYPTOPP_STATIC_TEMPLATE_CLASS IteratedHashBase<word64, MessageAuthenticationCode>; - - CRYPTOPP_DLL_TEMPLATE_CLASS IteratedHashBase<word32, HashTransformation>; - CRYPTOPP_STATIC_TEMPLATE_CLASS IteratedHashBase<word32, MessageAuthenticationCode>; -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/lubyrack.h b/cryptopp562/lubyrack.h deleted file mode 100644 index e8fd2f7..0000000 --- a/cryptopp562/lubyrack.h +++ /dev/null @@ -1,141 +0,0 @@ -// lubyrack.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_LUBYRACK_H -#define CRYPTOPP_LUBYRACK_H - -/** \file */ - -#include "simple.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -template <class T> struct DigestSizeDoubleWorkaround // VC60 workaround -{ - CRYPTOPP_CONSTANT(RESULT = 2*T::DIGESTSIZE) -}; - -//! algorithm info -template <class T> -struct LR_Info : public VariableKeyLength<16, 0, 2*(INT_MAX/2), 2>, public FixedBlockSize<DigestSizeDoubleWorkaround<T>::RESULT> -{ - static std::string StaticAlgorithmName() {return std::string("LR/")+T::StaticAlgorithmName();} -}; - -//! Luby-Rackoff -template <class T> -class LR : public LR_Info<T>, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<LR_Info<T> > - { - public: - // VC60 workaround: have to define these functions within class definition - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms) - { - this->AssertValidKeyLength(length); - - L = length/2; - buffer.New(2*S); - digest.New(S); - key.Assign(userKey, 2*L); - } - - protected: - CRYPTOPP_CONSTANT(S=T::DIGESTSIZE) - unsigned int L; // key length / 2 - SecByteBlock key; - - mutable T hm; - mutable SecByteBlock buffer, digest; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - -#define KL this->key -#define KR this->key+this->L -#define BL this->buffer -#define BR this->buffer+this->S -#define IL inBlock -#define IR inBlock+this->S -#define OL outBlock -#define OR outBlock+this->S - - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const - { - this->hm.Update(KL, this->L); - this->hm.Update(IL, this->S); - this->hm.Final(BR); - xorbuf(BR, IR, this->S); - - this->hm.Update(KR, this->L); - this->hm.Update(BR, this->S); - this->hm.Final(BL); - xorbuf(BL, IL, this->S); - - this->hm.Update(KL, this->L); - this->hm.Update(BL, this->S); - this->hm.Final(this->digest); - xorbuf(BR, this->digest, this->S); - - this->hm.Update(KR, this->L); - this->hm.Update(OR, this->S); - this->hm.Final(this->digest); - xorbuf(BL, this->digest, this->S); - - if (xorBlock) - xorbuf(outBlock, xorBlock, this->buffer, 2*this->S); - else - memcpy_s(outBlock, 2*this->S, this->buffer, 2*this->S); - } - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const - { - this->hm.Update(KR, this->L); - this->hm.Update(IR, this->S); - this->hm.Final(BL); - xorbuf(BL, IL, this->S); - - this->hm.Update(KL, this->L); - this->hm.Update(BL, this->S); - this->hm.Final(BR); - xorbuf(BR, IR, this->S); - - this->hm.Update(KR, this->L); - this->hm.Update(BR, this->S); - this->hm.Final(this->digest); - xorbuf(BL, this->digest, this->S); - - this->hm.Update(KL, this->L); - this->hm.Update(OL, this->S); - this->hm.Final(this->digest); - xorbuf(BR, this->digest, this->S); - - if (xorBlock) - xorbuf(outBlock, xorBlock, this->buffer, 2*this->S); - else - memcpy(outBlock, this->buffer, 2*this->S); - } -#undef KL -#undef KR -#undef BL -#undef BR -#undef IL -#undef IR -#undef OL -#undef OR - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/luc.cpp b/cryptopp562/luc.cpp deleted file mode 100644 index 43cd2ed..0000000 --- a/cryptopp562/luc.cpp +++ /dev/null @@ -1,210 +0,0 @@ -// luc.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "luc.h" -#include "asn.h" -#include "nbtheory.h" -#include "sha.h" -#include "algparam.h" - -NAMESPACE_BEGIN(CryptoPP) - -void LUC_TestInstantiations() -{ - LUC_HMP<SHA>::Signer t1; - LUCFunction t2; - InvertibleLUCFunction t3; -} - -void DL_Algorithm_LUC_HMP::Sign(const DL_GroupParameters<Integer> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const -{ - const Integer &q = params.GetSubgroupOrder(); - r = params.ExponentiateBase(k); - s = (k + x*(r+e)) % q; -} - -bool DL_Algorithm_LUC_HMP::Verify(const DL_GroupParameters<Integer> ¶ms, const DL_PublicKey<Integer> &publicKey, const Integer &e, const Integer &r, const Integer &s) const -{ - Integer p = params.GetGroupOrder()-1; - const Integer &q = params.GetSubgroupOrder(); - - Integer Vsg = params.ExponentiateBase(s); - Integer Vry = publicKey.ExponentiatePublicElement((r+e)%q); - return (Vsg*Vsg + Vry*Vry + r*r) % p == (Vsg * Vry * r + 4) % p; -} - -Integer DL_BasePrecomputation_LUC::Exponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent) const -{ - return Lucas(exponent, m_g, static_cast<const DL_GroupPrecomputation_LUC &>(group).GetModulus()); -} - -void DL_GroupParameters_LUC::SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const -{ - for (unsigned int i=0; i<exponentsCount; i++) - results[i] = Lucas(exponents[i], base, GetModulus()); -} - -void LUCFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - m_e.BERDecode(seq); - seq.MessageEnd(); -} - -void LUCFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - m_e.DEREncode(seq); - seq.MessageEnd(); -} - -Integer LUCFunction::ApplyFunction(const Integer &x) const -{ - DoQuickSanityCheck(); - return Lucas(m_e, x, m_n); -} - -bool LUCFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_n > Integer::One() && m_n.IsOdd(); - pass = pass && m_e > Integer::One() && m_e.IsOdd() && m_e < m_n; - return pass; -} - -bool LUCFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent) - ; -} - -void LUCFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent) - ; -} - -// ***************************************************************************** -// private key operations: - -class LUCPrimeSelector : public PrimeSelector -{ -public: - LUCPrimeSelector(const Integer &e) : m_e(e) {} - bool IsAcceptable(const Integer &candidate) const - { - return RelativelyPrime(m_e, candidate+1) && RelativelyPrime(m_e, candidate-1); - } - Integer m_e; -}; - -void InvertibleLUCFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - int modulusSize = 2048; - alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize); - - if (modulusSize < 16) - throw InvalidArgument("InvertibleLUCFunction: specified modulus size is too small"); - - m_e = alg.GetValueWithDefault("PublicExponent", Integer(17)); - - if (m_e < 5 || m_e.IsEven()) - throw InvalidArgument("InvertibleLUCFunction: invalid public exponent"); - - LUCPrimeSelector selector(m_e); - AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize) - ("PointerToPrimeSelector", selector.GetSelectorPointer()); - m_p.GenerateRandom(rng, primeParam); - m_q.GenerateRandom(rng, primeParam); - - m_n = m_p * m_q; - m_u = m_q.InverseMod(m_p); -} - -void InvertibleLUCFunction::Initialize(RandomNumberGenerator &rng, unsigned int keybits, const Integer &e) -{ - GenerateRandom(rng, MakeParameters("ModulusSize", (int)keybits)("PublicExponent", e)); -} - -void InvertibleLUCFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - - Integer version(seq); - if (!!version) // make sure version is 0 - BERDecodeError(); - - m_n.BERDecode(seq); - m_e.BERDecode(seq); - m_p.BERDecode(seq); - m_q.BERDecode(seq); - m_u.BERDecode(seq); - seq.MessageEnd(); -} - -void InvertibleLUCFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - - const byte version[] = {INTEGER, 1, 0}; - seq.Put(version, sizeof(version)); - m_n.DEREncode(seq); - m_e.DEREncode(seq); - m_p.DEREncode(seq); - m_q.DEREncode(seq); - m_u.DEREncode(seq); - seq.MessageEnd(); -} - -Integer InvertibleLUCFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const -{ - // not clear how to do blinding with LUC - DoQuickSanityCheck(); - return InverseLucas(m_e, x, m_q, m_p, m_u); -} - -bool InvertibleLUCFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = LUCFunction::Validate(rng, level); - pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n; - pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n; - pass = pass && m_u.IsPositive() && m_u < m_p; - if (level >= 1) - { - pass = pass && m_p * m_q == m_n; - pass = pass && RelativelyPrime(m_e, m_p+1); - pass = pass && RelativelyPrime(m_e, m_p-1); - pass = pass && RelativelyPrime(m_e, m_q+1); - pass = pass && RelativelyPrime(m_e, m_q-1); - pass = pass && m_u * m_q % m_p == 1; - } - if (level >= 2) - pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); - return pass; -} - -bool InvertibleLUCFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper<LUCFunction>(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_GET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -void InvertibleLUCFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper<LUCFunction>(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -NAMESPACE_END diff --git a/cryptopp562/luc.h b/cryptopp562/luc.h deleted file mode 100644 index 730776d..0000000 --- a/cryptopp562/luc.h +++ /dev/null @@ -1,236 +0,0 @@ -#ifndef CRYPTOPP_LUC_H -#define CRYPTOPP_LUC_H - -/** \file -*/ - -#include "pkcspad.h" -#include "oaep.h" -#include "integer.h" -#include "dh.h" - -#include <limits.h> - -NAMESPACE_BEGIN(CryptoPP) - -//! The LUC function. -/*! This class is here for historical and pedagogical interest. It has no - practical advantages over other trapdoor functions and probably shouldn't - be used in production software. The discrete log based LUC schemes - defined later in this .h file may be of more practical interest. -*/ -class LUCFunction : public TrapdoorFunction, public PublicKey -{ - typedef LUCFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &e) - {m_n = n; m_e = e;} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return m_n;} - Integer ImageBound() const {return m_n;} - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - // non-derived interface - const Integer & GetModulus() const {return m_n;} - const Integer & GetPublicExponent() const {return m_e;} - - void SetModulus(const Integer &n) {m_n = n;} - void SetPublicExponent(const Integer &e) {m_e = e;} - -protected: - Integer m_n, m_e; -}; - -//! _ -class InvertibleLUCFunction : public LUCFunction, public TrapdoorFunctionInverse, public PrivateKey -{ - typedef InvertibleLUCFunction ThisClass; - -public: - void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits, const Integer &eStart=17); - void Initialize(const Integer &n, const Integer &e, const Integer &p, const Integer &q, const Integer &u) - {m_n = n; m_e = e; m_p = p; m_q = q; m_u = u;} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - /*! parameters: (ModulusSize, PublicExponent (default 17)) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - - // non-derived interface - const Integer& GetPrime1() const {return m_p;} - const Integer& GetPrime2() const {return m_q;} - const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} - - void SetPrime1(const Integer &p) {m_p = p;} - void SetPrime2(const Integer &q) {m_q = q;} - void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} - -protected: - Integer m_p, m_q, m_u; -}; - -struct LUC -{ - static std::string StaticAlgorithmName() {return "LUC";} - typedef LUCFunction PublicKey; - typedef InvertibleLUCFunction PrivateKey; -}; - -//! LUC cryptosystem -template <class STANDARD> -struct LUCES : public TF_ES<STANDARD, LUC> -{ -}; - -//! LUC signature scheme with appendix -template <class STANDARD, class H> -struct LUCSS : public TF_SS<STANDARD, H, LUC> -{ -}; - -// analagous to the RSA schemes defined in PKCS #1 v2.0 -typedef LUCES<OAEP<SHA> >::Decryptor LUCES_OAEP_SHA_Decryptor; -typedef LUCES<OAEP<SHA> >::Encryptor LUCES_OAEP_SHA_Encryptor; - -typedef LUCSS<PKCS1v15, SHA>::Signer LUCSSA_PKCS1v15_SHA_Signer; -typedef LUCSS<PKCS1v15, SHA>::Verifier LUCSSA_PKCS1v15_SHA_Verifier; - -// ******************************************************** - -// no actual precomputation -class DL_GroupPrecomputation_LUC : public DL_GroupPrecomputation<Integer> -{ -public: - const AbstractGroup<Element> & GetGroup() const {assert(false); throw 0;} - Element BERDecodeElement(BufferedTransformation &bt) const {return Integer(bt);} - void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {v.DEREncode(bt);} - - // non-inherited - void SetModulus(const Integer &v) {m_p = v;} - const Integer & GetModulus() const {return m_p;} - -private: - Integer m_p; -}; - -//! _ -class DL_BasePrecomputation_LUC : public DL_FixedBasePrecomputation<Integer> -{ -public: - // DL_FixedBasePrecomputation - bool IsInitialized() const {return m_g.NotZero();} - void SetBase(const DL_GroupPrecomputation<Element> &group, const Integer &base) {m_g = base;} - const Integer & GetBase(const DL_GroupPrecomputation<Element> &group) const {return m_g;} - void Precompute(const DL_GroupPrecomputation<Element> &group, unsigned int maxExpBits, unsigned int storage) {} - void Load(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) {} - void Save(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) const {} - Integer Exponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent) const; - Integer CascadeExponentiate(const DL_GroupPrecomputation<Element> &group, const Integer &exponent, const DL_FixedBasePrecomputation<Integer> &pc2, const Integer &exponent2) const - {throw NotImplemented("DL_BasePrecomputation_LUC: CascadeExponentiate not implemented");} // shouldn't be called - -private: - Integer m_g; -}; - -//! _ -class DL_GroupParameters_LUC : public DL_GroupParameters_IntegerBasedImpl<DL_GroupPrecomputation_LUC, DL_BasePrecomputation_LUC> -{ -public: - // DL_GroupParameters - bool IsIdentity(const Integer &element) const {return element == Integer::Two();} - void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; - Element MultiplyElements(const Element &a, const Element &b) const - {throw NotImplemented("LUC_GroupParameters: MultiplyElements can not be implemented");} - Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const - {throw NotImplemented("LUC_GroupParameters: MultiplyElements can not be implemented");} - - // NameValuePairs interface - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable(); - } - -private: - int GetFieldType() const {return 2;} -}; - -//! _ -class DL_GroupParameters_LUC_DefaultSafePrime : public DL_GroupParameters_LUC -{ -public: - typedef NoCofactorMultiplication DefaultCofactorOption; - -protected: - unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;} -}; - -//! _ -class DL_Algorithm_LUC_HMP : public DL_ElgamalLikeSignatureAlgorithm<Integer> -{ -public: - static const char * StaticAlgorithmName() {return "LUC-HMP";} - - void Sign(const DL_GroupParameters<Integer> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const; - bool Verify(const DL_GroupParameters<Integer> ¶ms, const DL_PublicKey<Integer> &publicKey, const Integer &e, const Integer &r, const Integer &s) const; - - size_t RLen(const DL_GroupParameters<Integer> ¶ms) const - {return params.GetGroupOrder().ByteCount();} -}; - -//! _ -struct DL_SignatureKeys_LUC -{ - typedef DL_GroupParameters_LUC GroupParameters; - typedef DL_PublicKey_GFP<GroupParameters> PublicKey; - typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey; -}; - -//! LUC-HMP, based on "Digital signature schemes based on Lucas functions" by Patrick Horster, Markus Michels, Holger Petersen -template <class H> -struct LUC_HMP : public DL_SS<DL_SignatureKeys_LUC, DL_Algorithm_LUC_HMP, DL_SignatureMessageEncodingMethod_DSA, H> -{ -}; - -//! _ -struct DL_CryptoKeys_LUC -{ - typedef DL_GroupParameters_LUC_DefaultSafePrime GroupParameters; - typedef DL_PublicKey_GFP<GroupParameters> PublicKey; - typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey; -}; - -//! LUC-IES -template <class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true> -struct LUC_IES - : public DL_ES< - DL_CryptoKeys_LUC, - DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>, - DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<SHA1> >, - DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>, - LUC_IES<> > -{ - static std::string StaticAlgorithmName() {return "LUC-IES";} // non-standard name -}; - -// ******************************************************** - -//! LUC-DH -typedef DH_Domain<DL_GroupParameters_LUC_DefaultSafePrime> LUC_DH; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/mars.cpp b/cryptopp562/mars.cpp deleted file mode 100644 index fe9b118..0000000 --- a/cryptopp562/mars.cpp +++ /dev/null @@ -1,154 +0,0 @@ -// mars.cpp - written and placed in the public domain by Wei Dai - -// includes IBM's key setup "tweak" proposed in August 1999 (http://www.research.ibm.com/security/key-setup.txt) - -#include "pch.h" -#include "mars.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void MARS::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - // Initialize T[] with the key data - FixedSizeSecBlock<word32, 15> T; - GetUserKey(LITTLE_ENDIAN_ORDER, T.begin(), 15, userKey, length); - T[length/4] = length/4; - - for (unsigned int j=0; j<4; j++) // compute 10 words of K[] in each iteration - { - unsigned int i; - // Do linear transformation - for (i=0; i<15; i++) - T[i] = T[i] ^ rotlFixed(T[(i+8)%15] ^ T[(i+13)%15], 3) ^ (4*i+j); - - // Do four rounds of stirring - for (unsigned int k=0; k<4; k++) - for (i=0; i<15; i++) - T[i] = rotlFixed(T[i] + Sbox[T[(i+14)%15]%512], 9); - - // Store next 10 key words into K[] - for (i=0; i<10; i++) - m_k[10*j+i] = T[4*i%15]; - } - - // Modify multiplication key-words - for(unsigned int i = 5; i < 37; i += 2) - { - word32 m, w = m_k[i] | 3; - m = (~w ^ (w<<1)) & (~w ^ (w>>1)) & 0x7ffffffe; - m &= m>>1; m &= m>>2; m &= m>>4; - m |= m<<1; m |= m<<2; m |= m<<4; - m &= 0x7ffffffc; - w ^= rotlMod(Sbox[265 + (m_k[i] & 3)], m_k[i-1]) & m; - m_k[i] = w; - } -} - -#define S(a) Sbox[(a)&0x1ff] -#define S0(a) Sbox[(a)&0xff] -#define S1(a) Sbox[((a)&0xff) + 256] - -typedef BlockGetAndPut<word32, LittleEndian> Block; - -void MARS::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - unsigned int i; - word32 a, b, c, d, l, m, r, t; - const word32 *k = m_k; - - Block::Get(inBlock)(a)(b)(c)(d); - - a += k[0]; b += k[1]; c += k[2]; d += k[3]; - - for (i=0; i<8; i++) - { - b = (b ^ S0(a)) + S1(a>>8); - c += S0(a>>16); - a = rotrFixed(a, 24); - d ^= S1(a); - a += (i%4==0) ? d : 0; - a += (i%4==1) ? b : 0; - t = a; a = b; b = c; c = d; d = t; - } - - for (i=0; i<16; i++) - { - t = rotlFixed(a, 13); - r = rotlFixed(t * k[2*i+5], 10); - m = a + k[2*i+4]; - l = rotlMod((S(m) ^ rotrFixed(r, 5) ^ r), r); - c += rotlMod(m, rotrFixed(r, 5)); - (i<8 ? b : d) += l; - (i<8 ? d : b) ^= r; - a = b; b = c; c = d; d = t; - } - - for (i=0; i<8; i++) - { - a -= (i%4==2) ? d : 0; - a -= (i%4==3) ? b : 0; - b ^= S1(a); - c -= S0(a>>24); - t = rotlFixed(a, 24); - d = (d - S1(a>>16)) ^ S0(t); - a = b; b = c; c = d; d = t; - } - - a -= k[36]; b -= k[37]; c -= k[38]; d -= k[39]; - - Block::Put(xorBlock, outBlock)(a)(b)(c)(d); -} - -void MARS::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - unsigned int i; - word32 a, b, c, d, l, m, r, t; - const word32 *k = m_k; - - Block::Get(inBlock)(d)(c)(b)(a); - - d += k[36]; c += k[37]; b += k[38]; a += k[39]; - - for (i=0; i<8; i++) - { - b = (b ^ S0(a)) + S1(a>>8); - c += S0(a>>16); - a = rotrFixed(a, 24); - d ^= S1(a); - a += (i%4==0) ? d : 0; - a += (i%4==1) ? b : 0; - t = a; a = b; b = c; c = d; d = t; - } - - for (i=0; i<16; i++) - { - t = rotrFixed(a, 13); - r = rotlFixed(a * k[35-2*i], 10); - m = t + k[34-2*i]; - l = rotlMod((S(m) ^ rotrFixed(r, 5) ^ r), r); - c -= rotlMod(m, rotrFixed(r, 5)); - (i<8 ? b : d) -= l; - (i<8 ? d : b) ^= r; - a = b; b = c; c = d; d = t; - } - - for (i=0; i<8; i++) - { - a -= (i%4==2) ? d : 0; - a -= (i%4==3) ? b : 0; - b ^= S1(a); - c -= S0(a>>24); - t = rotlFixed(a, 24); - d = (d - S1(a>>16)) ^ S0(t); - a = b; b = c; c = d; d = t; - } - - d -= k[0]; c -= k[1]; b -= k[2]; a -= k[3]; - - Block::Put(xorBlock, outBlock)(d)(c)(b)(a); -} - -NAMESPACE_END diff --git a/cryptopp562/mars.h b/cryptopp562/mars.h deleted file mode 100644 index 414adf4..0000000 --- a/cryptopp562/mars.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef CRYPTOPP_MARS_H -#define CRYPTOPP_MARS_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct MARS_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 56, 4> -{ - static const char *StaticAlgorithmName() {return "MARS";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#MARS">MARS</a> -class MARS : public MARS_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<MARS_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - static const word32 Sbox[512]; - - FixedSizeSecBlock<word32, 40> m_k; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef MARS::Encryption MARSEncryption; -typedef MARS::Decryption MARSDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/marss.cpp b/cryptopp562/marss.cpp deleted file mode 100644 index 7c38f14..0000000 --- a/cryptopp562/marss.cpp +++ /dev/null @@ -1,139 +0,0 @@ -// MARS S-Box - -#include "pch.h" -#include "mars.h" - -NAMESPACE_BEGIN(CryptoPP) - -const word32 MARS::Base::Sbox[512] = { - 0x09d0c479, 0x28c8ffe0, 0x84aa6c39, 0x9dad7287, - 0x7dff9be3, 0xd4268361, 0xc96da1d4, 0x7974cc93, - 0x85d0582e, 0x2a4b5705, 0x1ca16a62, 0xc3bd279d, - 0x0f1f25e5, 0x5160372f, 0xc695c1fb, 0x4d7ff1e4, - 0xae5f6bf4, 0x0d72ee46, 0xff23de8a, 0xb1cf8e83, - 0xf14902e2, 0x3e981e42, 0x8bf53eb6, 0x7f4bf8ac, - 0x83631f83, 0x25970205, 0x76afe784, 0x3a7931d4, - 0x4f846450, 0x5c64c3f6, 0x210a5f18, 0xc6986a26, - 0x28f4e826, 0x3a60a81c, 0xd340a664, 0x7ea820c4, - 0x526687c5, 0x7eddd12b, 0x32a11d1d, 0x9c9ef086, - 0x80f6e831, 0xab6f04ad, 0x56fb9b53, 0x8b2e095c, - 0xb68556ae, 0xd2250b0d, 0x294a7721, 0xe21fb253, - 0xae136749, 0xe82aae86, 0x93365104, 0x99404a66, - 0x78a784dc, 0xb69ba84b, 0x04046793, 0x23db5c1e, - 0x46cae1d6, 0x2fe28134, 0x5a223942, 0x1863cd5b, - 0xc190c6e3, 0x07dfb846, 0x6eb88816, 0x2d0dcc4a, - 0xa4ccae59, 0x3798670d, 0xcbfa9493, 0x4f481d45, - 0xeafc8ca8, 0xdb1129d6, 0xb0449e20, 0x0f5407fb, - 0x6167d9a8, 0xd1f45763, 0x4daa96c3, 0x3bec5958, - 0xababa014, 0xb6ccd201, 0x38d6279f, 0x02682215, - 0x8f376cd5, 0x092c237e, 0xbfc56593, 0x32889d2c, - 0x854b3e95, 0x05bb9b43, 0x7dcd5dcd, 0xa02e926c, - 0xfae527e5, 0x36a1c330, 0x3412e1ae, 0xf257f462, - 0x3c4f1d71, 0x30a2e809, 0x68e5f551, 0x9c61ba44, - 0x5ded0ab8, 0x75ce09c8, 0x9654f93e, 0x698c0cca, - 0x243cb3e4, 0x2b062b97, 0x0f3b8d9e, 0x00e050df, - 0xfc5d6166, 0xe35f9288, 0xc079550d, 0x0591aee8, - 0x8e531e74, 0x75fe3578, 0x2f6d829a, 0xf60b21ae, - 0x95e8eb8d, 0x6699486b, 0x901d7d9b, 0xfd6d6e31, - 0x1090acef, 0xe0670dd8, 0xdab2e692, 0xcd6d4365, - 0xe5393514, 0x3af345f0, 0x6241fc4d, 0x460da3a3, - 0x7bcf3729, 0x8bf1d1e0, 0x14aac070, 0x1587ed55, - 0x3afd7d3e, 0xd2f29e01, 0x29a9d1f6, 0xefb10c53, - 0xcf3b870f, 0xb414935c, 0x664465ed, 0x024acac7, - 0x59a744c1, 0x1d2936a7, 0xdc580aa6, 0xcf574ca8, - 0x040a7a10, 0x6cd81807, 0x8a98be4c, 0xaccea063, - 0xc33e92b5, 0xd1e0e03d, 0xb322517e, 0x2092bd13, - 0x386b2c4a, 0x52e8dd58, 0x58656dfb, 0x50820371, - 0x41811896, 0xe337ef7e, 0xd39fb119, 0xc97f0df6, - 0x68fea01b, 0xa150a6e5, 0x55258962, 0xeb6ff41b, - 0xd7c9cd7a, 0xa619cd9e, 0xbcf09576, 0x2672c073, - 0xf003fb3c, 0x4ab7a50b, 0x1484126a, 0x487ba9b1, - 0xa64fc9c6, 0xf6957d49, 0x38b06a75, 0xdd805fcd, - 0x63d094cf, 0xf51c999e, 0x1aa4d343, 0xb8495294, - 0xce9f8e99, 0xbffcd770, 0xc7c275cc, 0x378453a7, - 0x7b21be33, 0x397f41bd, 0x4e94d131, 0x92cc1f98, - 0x5915ea51, 0x99f861b7, 0xc9980a88, 0x1d74fd5f, - 0xb0a495f8, 0x614deed0, 0xb5778eea, 0x5941792d, - 0xfa90c1f8, 0x33f824b4, 0xc4965372, 0x3ff6d550, - 0x4ca5fec0, 0x8630e964, 0x5b3fbbd6, 0x7da26a48, - 0xb203231a, 0x04297514, 0x2d639306, 0x2eb13149, - 0x16a45272, 0x532459a0, 0x8e5f4872, 0xf966c7d9, - 0x07128dc0, 0x0d44db62, 0xafc8d52d, 0x06316131, - 0xd838e7ce, 0x1bc41d00, 0x3a2e8c0f, 0xea83837e, - 0xb984737d, 0x13ba4891, 0xc4f8b949, 0xa6d6acb3, - 0xa215cdce, 0x8359838b, 0x6bd1aa31, 0xf579dd52, - 0x21b93f93, 0xf5176781, 0x187dfdde, 0xe94aeb76, - 0x2b38fd54, 0x431de1da, 0xab394825, 0x9ad3048f, - 0xdfea32aa, 0x659473e3, 0x623f7863, 0xf3346c59, - 0xab3ab685, 0x3346a90b, 0x6b56443e, 0xc6de01f8, - 0x8d421fc0, 0x9b0ed10c, 0x88f1a1e9, 0x54c1f029, - 0x7dead57b, 0x8d7ba426, 0x4cf5178a, 0x551a7cca, - 0x1a9a5f08, 0xfcd651b9, 0x25605182, 0xe11fc6c3, - 0xb6fd9676, 0x337b3027, 0xb7c8eb14, 0x9e5fd030, - 0x6b57e354, 0xad913cf7, 0x7e16688d, 0x58872a69, - 0x2c2fc7df, 0xe389ccc6, 0x30738df1, 0x0824a734, - 0xe1797a8b, 0xa4a8d57b, 0x5b5d193b, 0xc8a8309b, - 0x73f9a978, 0x73398d32, 0x0f59573e, 0xe9df2b03, - 0xe8a5b6c8, 0x848d0704, 0x98df93c2, 0x720a1dc3, - 0x684f259a, 0x943ba848, 0xa6370152, 0x863b5ea3, - 0xd17b978b, 0x6d9b58ef, 0x0a700dd4, 0xa73d36bf, - 0x8e6a0829, 0x8695bc14, 0xe35b3447, 0x933ac568, - 0x8894b022, 0x2f511c27, 0xddfbcc3c, 0x006662b6, - 0x117c83fe, 0x4e12b414, 0xc2bca766, 0x3a2fec10, - 0xf4562420, 0x55792e2a, 0x46f5d857, 0xceda25ce, - 0xc3601d3b, 0x6c00ab46, 0xefac9c28, 0xb3c35047, - 0x611dfee3, 0x257c3207, 0xfdd58482, 0x3b14d84f, - 0x23becb64, 0xa075f3a3, 0x088f8ead, 0x07adf158, - 0x7796943c, 0xfacabf3d, 0xc09730cd, 0xf7679969, - 0xda44e9ed, 0x2c854c12, 0x35935fa3, 0x2f057d9f, - 0x690624f8, 0x1cb0bafd, 0x7b0dbdc6, 0x810f23bb, - 0xfa929a1a, 0x6d969a17, 0x6742979b, 0x74ac7d05, - 0x010e65c4, 0x86a3d963, 0xf907b5a0, 0xd0042bd3, - 0x158d7d03, 0x287a8255, 0xbba8366f, 0x096edc33, - 0x21916a7b, 0x77b56b86, 0x951622f9, 0xa6c5e650, - 0x8cea17d1, 0xcd8c62bc, 0xa3d63433, 0x358a68fd, - 0x0f9b9d3c, 0xd6aa295b, 0xfe33384a, 0xc000738e, - 0xcd67eb2f, 0xe2eb6dc2, 0x97338b02, 0x06c9f246, - 0x419cf1ad, 0x2b83c045, 0x3723f18a, 0xcb5b3089, - 0x160bead7, 0x5d494656, 0x35f8a74b, 0x1e4e6c9e, - 0x000399bd, 0x67466880, 0xb4174831, 0xacf423b2, - 0xca815ab3, 0x5a6395e7, 0x302a67c5, 0x8bdb446b, - 0x108f8fa4, 0x10223eda, 0x92b8b48b, 0x7f38d0ee, - 0xab2701d4, 0x0262d415, 0xaf224a30, 0xb3d88aba, - 0xf8b2c3af, 0xdaf7ef70, 0xcc97d3b7, 0xe9614b6c, - 0x2baebff4, 0x70f687cf, 0x386c9156, 0xce092ee5, - 0x01e87da6, 0x6ce91e6a, 0xbb7bcc84, 0xc7922c20, - 0x9d3b71fd, 0x060e41c6, 0xd7590f15, 0x4e03bb47, - 0x183c198e, 0x63eeb240, 0x2ddbf49a, 0x6d5cba54, - 0x923750af, 0xf9e14236, 0x7838162b, 0x59726c72, - 0x81b66760, 0xbb2926c1, 0x48a0ce0d, 0xa6c0496d, - 0xad43507b, 0x718d496a, 0x9df057af, 0x44b1bde6, - 0x054356dc, 0xde7ced35, 0xd51a138b, 0x62088cc9, - 0x35830311, 0xc96efca2, 0x686f86ec, 0x8e77cb68, - 0x63e1d6b8, 0xc80f9778, 0x79c491fd, 0x1b4c67f2, - 0x72698d7d, 0x5e368c31, 0xf7d95e2e, 0xa1d3493f, - 0xdcd9433e, 0x896f1552, 0x4bc4ca7a, 0xa6d1baf4, - 0xa5a96dcc, 0x0bef8b46, 0xa169fda7, 0x74df40b7, - 0x4e208804, 0x9a756607, 0x038e87c8, 0x20211e44, - 0x8b7ad4bf, 0xc6403f35, 0x1848e36d, 0x80bdb038, - 0x1e62891c, 0x643d2107, 0xbf04d6f8, 0x21092c8c, - 0xf644f389, 0x0778404e, 0x7b78adb8, 0xa2c52d53, - 0x42157abe, 0xa2253e2e, 0x7bf3f4ae, 0x80f594f9, - 0x953194e7, 0x77eb92ed, 0xb3816930, 0xda8d9336, - 0xbf447469, 0xf26d9483, 0xee6faed5, 0x71371235, - 0xde425f73, 0xb4e59f43, 0x7dbe2d4e, 0x2d37b185, - 0x49dc9a63, 0x98c39d98, 0x1301c9a2, 0x389b1bbf, - 0x0c18588d, 0xa421c1ba, 0x7aa3865c, 0x71e08558, - 0x3c5cfcaa, 0x7d239ca4, 0x0297d9dd, 0xd7dc2830, - 0x4b37802b, 0x7428ab54, 0xaeee0347, 0x4b3fbb85, - 0x692f2f08, 0x134e578e, 0x36d9e0bf, 0xae8b5fcf, - 0xedb93ecf, 0x2b27248e, 0x170eb1ef, 0x7dc57fd6, - 0x1e760f16, 0xb1136601, 0x864e1b9b, 0xd7ea7319, - 0x3ab871bd, 0xcfa4d76f, 0xe31bd782, 0x0dbeb469, - 0xabb96061, 0x5370f85d, 0xffb07e37, 0xda30d0fb, - 0xebc977b6, 0x0b98b40f, 0x3a4d0fe6, 0xdf4fc26b, - 0x159cf22a, 0xc298d6e2, 0x2b78ef6a, 0x61a94ac0, - 0xab561187, 0x14eea0f0, 0xdf0d4164, 0x19af70ee -}; - -NAMESPACE_END diff --git a/cryptopp562/md2.cpp b/cryptopp562/md2.cpp deleted file mode 100644 index 41f714b..0000000 --- a/cryptopp562/md2.cpp +++ /dev/null @@ -1,120 +0,0 @@ -// md2.cpp - modified by Wei Dai from Andrew M. Kuchling's md2.c -// The original code and all modifications are in the public domain. - -// This is the original introductory comment: - -/* - * md2.c : MD2 hash algorithm. - * - * Part of the Python Cryptography Toolkit, version 1.1 - * - * Distribute and use freely; there are no restrictions on further - * dissemination and usage except those imposed by the laws of your - * country of residence. - * - */ - -#include "pch.h" -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "md2.h" - -NAMESPACE_BEGIN(CryptoPP) -namespace Weak1 { - -MD2::MD2() - : m_X(48), m_C(16), m_buf(16) -{ - Init(); -} - -void MD2::Init() -{ - memset(m_X, 0, 48); - memset(m_C, 0, 16); - memset(m_buf, 0, 16); - m_count = 0; -} - -void MD2::Update(const byte *buf, size_t len) -{ - static const byte S[256] = { - 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, - 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, - 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, - 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, - 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, - 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, - 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, - 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, - 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, - 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, - 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, - 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, - 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, - 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, - 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, - 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, - 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, - 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 - }; - - while (len) - { - unsigned int L = UnsignedMin(16U-m_count, len); - memcpy(m_buf+m_count, buf, L); - m_count+=L; - buf+=L; - len-=L; - if (m_count==16) - { - byte t; - int i,j; - - m_count=0; - memcpy(m_X+16, m_buf, 16); - t=m_C[15]; - for(i=0; i<16; i++) - { - m_X[32+i]=m_X[16+i]^m_X[i]; - t=m_C[i]^=S[m_buf[i]^t]; - } - - t=0; - for(i=0; i<18; i++) - { - for(j=0; j<48; j+=8) - { - t=m_X[j+0]^=S[t]; - t=m_X[j+1]^=S[t]; - t=m_X[j+2]^=S[t]; - t=m_X[j+3]^=S[t]; - t=m_X[j+4]^=S[t]; - t=m_X[j+5]^=S[t]; - t=m_X[j+6]^=S[t]; - t=m_X[j+7]^=S[t]; - } - t=(t+i) & 0xFF; - } - } - } -} - -void MD2::TruncatedFinal(byte *hash, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - byte padding[16]; - word32 padlen; - unsigned int i; - - padlen= 16-m_count; - for(i=0; i<padlen; i++) padding[i]=(byte)padlen; - Update(padding, padlen); - Update(m_C, 16); - memcpy(hash, m_X, size); - - Init(); -} - -} -NAMESPACE_END diff --git a/cryptopp562/md2.h b/cryptopp562/md2.h deleted file mode 100644 index b0837c8..0000000 --- a/cryptopp562/md2.h +++ /dev/null @@ -1,46 +0,0 @@ -#ifndef CRYPTOPP_MD2_H -#define CRYPTOPP_MD2_H - -#include "cryptlib.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -namespace Weak1 { - -/// <a href="http://www.cryptolounge.org/wiki/MD2">MD2</a> -class MD2 : public HashTransformation -{ -public: - MD2(); - void Update(const byte *input, size_t length); - void TruncatedFinal(byte *hash, size_t size); - unsigned int DigestSize() const {return DIGESTSIZE;} - unsigned int BlockSize() const {return BLOCKSIZE;} - static const char * StaticAlgorithmName() {return "MD2";} - - CRYPTOPP_CONSTANT(DIGESTSIZE = 16) - CRYPTOPP_CONSTANT(BLOCKSIZE = 16) - -private: - void Transform(); - void Init(); - SecByteBlock m_X, m_C, m_buf; - unsigned int m_count; -}; - -} -#if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1 -namespace Weak {using namespace Weak1;} // import Weak1 into CryptoPP::Weak -#else -using namespace Weak1; // import Weak1 into CryptoPP with warning -#ifdef __GNUC__ -#warning "You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning." -#else -#pragma message("You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning.") -#endif -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/md4.cpp b/cryptopp562/md4.cpp deleted file mode 100644 index 9ed639c..0000000 --- a/cryptopp562/md4.cpp +++ /dev/null @@ -1,110 +0,0 @@ -// md4.cpp - modified by Wei Dai from Andrew M. Kuchling's md4.c -// The original code and all modifications are in the public domain. - -// This is the original introductory comment: - -/* - * md4.c : MD4 hash algorithm. - * - * Part of the Python Cryptography Toolkit, version 1.1 - * - * Distribute and use freely; there are no restrictions on further - * dissemination and usage except those imposed by the laws of your - * country of residence. - * - */ - -#include "pch.h" -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "md4.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) -namespace Weak1 { - -void MD4::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xefcdab89L; - state[2] = 0x98badcfeL; - state[3] = 0x10325476L; -} - -void MD4::Transform (word32 *digest, const word32 *in) -{ -// #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) -#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) - - word32 A, B, C, D; - - A=digest[0]; - B=digest[1]; - C=digest[2]; - D=digest[3]; - -#define function(a,b,c,d,k,s) a=rotlFixed(a+F(b,c,d)+in[k],s); - function(A,B,C,D, 0, 3); - function(D,A,B,C, 1, 7); - function(C,D,A,B, 2,11); - function(B,C,D,A, 3,19); - function(A,B,C,D, 4, 3); - function(D,A,B,C, 5, 7); - function(C,D,A,B, 6,11); - function(B,C,D,A, 7,19); - function(A,B,C,D, 8, 3); - function(D,A,B,C, 9, 7); - function(C,D,A,B,10,11); - function(B,C,D,A,11,19); - function(A,B,C,D,12, 3); - function(D,A,B,C,13, 7); - function(C,D,A,B,14,11); - function(B,C,D,A,15,19); - -#undef function -#define function(a,b,c,d,k,s) a=rotlFixed(a+G(b,c,d)+in[k]+0x5a827999,s); - function(A,B,C,D, 0, 3); - function(D,A,B,C, 4, 5); - function(C,D,A,B, 8, 9); - function(B,C,D,A,12,13); - function(A,B,C,D, 1, 3); - function(D,A,B,C, 5, 5); - function(C,D,A,B, 9, 9); - function(B,C,D,A,13,13); - function(A,B,C,D, 2, 3); - function(D,A,B,C, 6, 5); - function(C,D,A,B,10, 9); - function(B,C,D,A,14,13); - function(A,B,C,D, 3, 3); - function(D,A,B,C, 7, 5); - function(C,D,A,B,11, 9); - function(B,C,D,A,15,13); - -#undef function -#define function(a,b,c,d,k,s) a=rotlFixed(a+H(b,c,d)+in[k]+0x6ed9eba1,s); - function(A,B,C,D, 0, 3); - function(D,A,B,C, 8, 9); - function(C,D,A,B, 4,11); - function(B,C,D,A,12,15); - function(A,B,C,D, 2, 3); - function(D,A,B,C,10, 9); - function(C,D,A,B, 6,11); - function(B,C,D,A,14,15); - function(A,B,C,D, 1, 3); - function(D,A,B,C, 9, 9); - function(C,D,A,B, 5,11); - function(B,C,D,A,13,15); - function(A,B,C,D, 3, 3); - function(D,A,B,C,11, 9); - function(C,D,A,B, 7,11); - function(B,C,D,A,15,15); - - digest[0]+=A; - digest[1]+=B; - digest[2]+=C; - digest[3]+=D; -} - -} -NAMESPACE_END diff --git a/cryptopp562/md4.h b/cryptopp562/md4.h deleted file mode 100644 index 5338700..0000000 --- a/cryptopp562/md4.h +++ /dev/null @@ -1,35 +0,0 @@ -#ifndef CRYPTOPP_MD4_H -#define CRYPTOPP_MD4_H - -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -namespace Weak1 { - -//! <a href="http://www.weidai.com/scan-mirror/md.html#MD4">MD4</a> -/*! \warning MD4 is considered insecure, and should not be used - unless you absolutely need it for compatibility. */ -class MD4 : public IteratedHashWithStaticTransform<word32, LittleEndian, 64, 16, MD4> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word32 *digest, const word32 *data); - static const char *StaticAlgorithmName() {return "MD4";} -}; - -} -#if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1 -namespace Weak {using namespace Weak1;} // import Weak1 into CryptoPP::Weak -#else -using namespace Weak1; // import Weak1 into CryptoPP with warning -#ifdef __GNUC__ -#warning "You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning." -#else -#pragma message("You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning.") -#endif -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/md5.cpp b/cryptopp562/md5.cpp deleted file mode 100644 index a522978..0000000 --- a/cryptopp562/md5.cpp +++ /dev/null @@ -1,118 +0,0 @@ -// md5.cpp - modified by Wei Dai from Colin Plumb's public domain md5.c -// any modifications are placed in the public domain - -#include "pch.h" -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "md5.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) -namespace Weak1 { - -void MD5_TestInstantiations() -{ - MD5 x; -} - -void MD5::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xefcdab89L; - state[2] = 0x98badcfeL; - state[3] = 0x10325476L; -} - -void MD5::Transform (word32 *digest, const word32 *in) -{ -// #define F1(x, y, z) (x & y | ~x & z) -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) - -#define MD5STEP(f, w, x, y, z, data, s) \ - w = rotlFixed(w + f(x, y, z) + data, s) + x - - word32 a, b, c, d; - - a=digest[0]; - b=digest[1]; - c=digest[2]; - d=digest[3]; - - MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); - - MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); - - digest[0]+=a; - digest[1]+=b; - digest[2]+=c; - digest[3]+=d; -} - -} -NAMESPACE_END diff --git a/cryptopp562/md5.h b/cryptopp562/md5.h deleted file mode 100644 index 73ec532..0000000 --- a/cryptopp562/md5.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef CRYPTOPP_MD5_H -#define CRYPTOPP_MD5_H - -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -namespace Weak1 { - -//! <a href="http://www.cryptolounge.org/wiki/MD5">MD5</a> -class MD5 : public IteratedHashWithStaticTransform<word32, LittleEndian, 64, 16, MD5> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word32 *digest, const word32 *data); - static const char * StaticAlgorithmName() {return "MD5";} -}; - -} -#if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1 -namespace Weak {using namespace Weak1;} // import Weak1 into CryptoPP::Weak -#else -using namespace Weak1; // import Weak1 into CryptoPP with warning -#ifdef __GNUC__ -#warning "You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning." -#else -#pragma message("You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning.") -#endif -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/mdc.h b/cryptopp562/mdc.h deleted file mode 100644 index cc90cdc..0000000 --- a/cryptopp562/mdc.h +++ /dev/null @@ -1,72 +0,0 @@ - // mdc.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_MDC_H -#define CRYPTOPP_MDC_H - -/** \file -*/ - -#include "seckey.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class T> -struct MDC_Info : public FixedBlockSize<T::DIGESTSIZE>, public FixedKeyLength<T::BLOCKSIZE> -{ - static std::string StaticAlgorithmName() {return std::string("MDC/")+T::StaticAlgorithmName();} -}; - -//! <a href="http://www.weidai.com/scan-mirror/cs.html#MDC">MDC</a> -/*! a construction by Peter Gutmann to turn an iterated hash function into a PRF */ -template <class T> -class MDC : public MDC_Info<T> -{ - class CRYPTOPP_NO_VTABLE Enc : public BlockCipherImpl<MDC_Info<T> > - { - typedef typename T::HashWordType HashWordType; - - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms) - { - this->AssertValidKeyLength(length); - memcpy_s(m_key, m_key.size(), userKey, this->KEYLENGTH); - T::CorrectEndianess(Key(), Key(), this->KEYLENGTH); - } - - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const - { - T::CorrectEndianess(Buffer(), (HashWordType *)inBlock, this->BLOCKSIZE); - T::Transform(Buffer(), Key()); - if (xorBlock) - { - T::CorrectEndianess(Buffer(), Buffer(), this->BLOCKSIZE); - xorbuf(outBlock, xorBlock, m_buffer, this->BLOCKSIZE); - } - else - T::CorrectEndianess((HashWordType *)outBlock, Buffer(), this->BLOCKSIZE); - } - - bool IsPermutation() const {return false;} - - unsigned int OptimalDataAlignment() const {return sizeof(HashWordType);} - - private: - HashWordType *Key() {return (HashWordType *)m_key.data();} - const HashWordType *Key() const {return (const HashWordType *)m_key.data();} - HashWordType *Buffer() const {return (HashWordType *)m_buffer.data();} - - // VC60 workaround: bug triggered if using FixedSizeAllocatorWithCleanup - FixedSizeSecBlock<byte, MDC_Info<T>::KEYLENGTH, AllocatorWithCleanup<byte> > m_key; - mutable FixedSizeSecBlock<byte, MDC_Info<T>::BLOCKSIZE, AllocatorWithCleanup<byte> > m_buffer; - }; - -public: - //! use BlockCipher interface - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/misc.cpp b/cryptopp562/misc.cpp deleted file mode 100644 index 3c2c2a5..0000000 --- a/cryptopp562/misc.cpp +++ /dev/null @@ -1,187 +0,0 @@ -// misc.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "misc.h" -#include "words.h" -#include <new> - -#if defined(CRYPTOPP_MEMALIGN_AVAILABLE) || defined(CRYPTOPP_MM_MALLOC_AVAILABLE) || defined(QNX) -#include <malloc.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -void xorbuf(byte *buf, const byte *mask, size_t count) -{ - size_t i; - - if (IsAligned<word32>(buf) && IsAligned<word32>(mask)) - { - if (!CRYPTOPP_BOOL_SLOW_WORD64 && IsAligned<word64>(buf) && IsAligned<word64>(mask)) - { - for (i=0; i<count/8; i++) - ((word64*)buf)[i] ^= ((word64*)mask)[i]; - count -= 8*i; - if (!count) - return; - buf += 8*i; - mask += 8*i; - } - - for (i=0; i<count/4; i++) - ((word32*)buf)[i] ^= ((word32*)mask)[i]; - count -= 4*i; - if (!count) - return; - buf += 4*i; - mask += 4*i; - } - - for (i=0; i<count; i++) - buf[i] ^= mask[i]; -} - -void xorbuf(byte *output, const byte *input, const byte *mask, size_t count) -{ - size_t i; - - if (IsAligned<word32>(output) && IsAligned<word32>(input) && IsAligned<word32>(mask)) - { - if (!CRYPTOPP_BOOL_SLOW_WORD64 && IsAligned<word64>(output) && IsAligned<word64>(input) && IsAligned<word64>(mask)) - { - for (i=0; i<count/8; i++) - ((word64*)output)[i] = ((word64*)input)[i] ^ ((word64*)mask)[i]; - count -= 8*i; - if (!count) - return; - output += 8*i; - input += 8*i; - mask += 8*i; - } - - for (i=0; i<count/4; i++) - ((word32*)output)[i] = ((word32*)input)[i] ^ ((word32*)mask)[i]; - count -= 4*i; - if (!count) - return; - output += 4*i; - input += 4*i; - mask += 4*i; - } - - for (i=0; i<count; i++) - output[i] = input[i] ^ mask[i]; -} - -bool VerifyBufsEqual(const byte *buf, const byte *mask, size_t count) -{ - size_t i; - byte acc8 = 0; - - if (IsAligned<word32>(buf) && IsAligned<word32>(mask)) - { - word32 acc32 = 0; - if (!CRYPTOPP_BOOL_SLOW_WORD64 && IsAligned<word64>(buf) && IsAligned<word64>(mask)) - { - word64 acc64 = 0; - for (i=0; i<count/8; i++) - acc64 |= ((word64*)buf)[i] ^ ((word64*)mask)[i]; - count -= 8*i; - if (!count) - return acc64 == 0; - buf += 8*i; - mask += 8*i; - acc32 = word32(acc64) | word32(acc64>>32); - } - - for (i=0; i<count/4; i++) - acc32 |= ((word32*)buf)[i] ^ ((word32*)mask)[i]; - count -= 4*i; - if (!count) - return acc32 == 0; - buf += 4*i; - mask += 4*i; - acc8 = byte(acc32) | byte(acc32>>8) | byte(acc32>>16) | byte(acc32>>24); - } - - for (i=0; i<count; i++) - acc8 |= buf[i] ^ mask[i]; - return acc8 == 0; -} - -#if !(defined(_MSC_VER) && (_MSC_VER < 1300)) -using std::new_handler; -using std::set_new_handler; -#endif - -void CallNewHandler() -{ - new_handler newHandler = set_new_handler(NULL); - if (newHandler) - set_new_handler(newHandler); - - if (newHandler) - newHandler(); - else - throw std::bad_alloc(); -} - -#if CRYPTOPP_BOOL_ALIGN16_ENABLED - -void * AlignedAllocate(size_t size) -{ - byte *p; -#ifdef CRYPTOPP_MM_MALLOC_AVAILABLE - while (!(p = (byte *)_mm_malloc(size, 16))) -#elif defined(CRYPTOPP_MEMALIGN_AVAILABLE) - while (!(p = (byte *)memalign(16, size))) -#elif defined(CRYPTOPP_MALLOC_ALIGNMENT_IS_16) - while (!(p = (byte *)malloc(size))) -#else - while (!(p = (byte *)malloc(size + 16))) -#endif - CallNewHandler(); - -#ifdef CRYPTOPP_NO_ALIGNED_ALLOC - size_t adjustment = 16-((size_t)p%16); - p += adjustment; - p[-1] = (byte)adjustment; -#endif - - assert(IsAlignedOn(p, 16)); - return p; -} - -void AlignedDeallocate(void *p) -{ -#ifdef CRYPTOPP_MM_MALLOC_AVAILABLE - _mm_free(p); -#elif defined(CRYPTOPP_NO_ALIGNED_ALLOC) - p = (byte *)p - ((byte *)p)[-1]; - free(p); -#else - free(p); -#endif -} - -#endif - -void * UnalignedAllocate(size_t size) -{ - void *p; - while (!(p = malloc(size))) - CallNewHandler(); - return p; -} - -void UnalignedDeallocate(void *p) -{ - free(p); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/misc.h b/cryptopp562/misc.h deleted file mode 100644 index 2b326dd..0000000 --- a/cryptopp562/misc.h +++ /dev/null @@ -1,1282 +0,0 @@ -#ifndef CRYPTOPP_MISC_H -#define CRYPTOPP_MISC_H - -#include "cryptlib.h" -#include "smartptr.h" -#include <string.h> // for memcpy and memmove - -#ifdef _MSC_VER - #if _MSC_VER >= 1400 - // VC2005 workaround: disable declarations that conflict with winnt.h - #define _interlockedbittestandset CRYPTOPP_DISABLED_INTRINSIC_1 - #define _interlockedbittestandreset CRYPTOPP_DISABLED_INTRINSIC_2 - #define _interlockedbittestandset64 CRYPTOPP_DISABLED_INTRINSIC_3 - #define _interlockedbittestandreset64 CRYPTOPP_DISABLED_INTRINSIC_4 - #include <intrin.h> - #undef _interlockedbittestandset - #undef _interlockedbittestandreset - #undef _interlockedbittestandset64 - #undef _interlockedbittestandreset64 - #define CRYPTOPP_FAST_ROTATE(x) 1 - #elif _MSC_VER >= 1300 - #define CRYPTOPP_FAST_ROTATE(x) ((x) == 32 | (x) == 64) - #else - #define CRYPTOPP_FAST_ROTATE(x) ((x) == 32) - #endif -#elif (defined(__MWERKS__) && TARGET_CPU_PPC) || \ - (defined(__GNUC__) && (defined(_ARCH_PWR2) || defined(_ARCH_PWR) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || defined(_ARCH_COM))) - #define CRYPTOPP_FAST_ROTATE(x) ((x) == 32) -#elif defined(__GNUC__) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86) // depend on GCC's peephole optimization to generate rotate instructions - #define CRYPTOPP_FAST_ROTATE(x) 1 -#else - #define CRYPTOPP_FAST_ROTATE(x) 0 -#endif - -#ifdef __BORLANDC__ -#include <mem.h> -#endif - -#if defined(__GNUC__) && defined(__linux__) -#define CRYPTOPP_BYTESWAP_AVAILABLE -#include <byteswap.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -// ************** compile-time assertion *************** - -template <bool b> -struct CompileAssert -{ - static char dummy[2*b-1]; -}; - -#define CRYPTOPP_COMPILE_ASSERT(assertion) CRYPTOPP_COMPILE_ASSERT_INSTANCE(assertion, __LINE__) -#if defined(CRYPTOPP_EXPORTS) || defined(CRYPTOPP_IMPORTS) -#define CRYPTOPP_COMPILE_ASSERT_INSTANCE(assertion, instance) -#else -#define CRYPTOPP_COMPILE_ASSERT_INSTANCE(assertion, instance) static CompileAssert<(assertion)> CRYPTOPP_ASSERT_JOIN(cryptopp_assert_, instance) -#endif -#define CRYPTOPP_ASSERT_JOIN(X, Y) CRYPTOPP_DO_ASSERT_JOIN(X, Y) -#define CRYPTOPP_DO_ASSERT_JOIN(X, Y) X##Y - -// ************** misc classes *************** - -class CRYPTOPP_DLL Empty -{ -}; - -//! _ -template <class BASE1, class BASE2> -class CRYPTOPP_NO_VTABLE TwoBases : public BASE1, public BASE2 -{ -}; - -//! _ -template <class BASE1, class BASE2, class BASE3> -class CRYPTOPP_NO_VTABLE ThreeBases : public BASE1, public BASE2, public BASE3 -{ -}; - -template <class T> -class ObjectHolder -{ -protected: - T m_object; -}; - -class NotCopyable -{ -public: - NotCopyable() {} -private: - NotCopyable(const NotCopyable &); - void operator=(const NotCopyable &); -}; - -template <class T> -struct NewObject -{ - T* operator()() const {return new T;} -}; - -/*! This function safely initializes a static object in a multithreaded environment without using locks (for portability). - Note that if two threads call Ref() at the same time, they may get back different references, and one object - may end up being memory leaked. This is by design. -*/ -template <class T, class F = NewObject<T>, int instance=0> -class Singleton -{ -public: - Singleton(F objectFactory = F()) : m_objectFactory(objectFactory) {} - - // prevent this function from being inlined - CRYPTOPP_NOINLINE const T & Ref(CRYPTOPP_NOINLINE_DOTDOTDOT) const; - -private: - F m_objectFactory; -}; - -template <class T, class F, int instance> -const T & Singleton<T, F, instance>::Ref(CRYPTOPP_NOINLINE_DOTDOTDOT) const -{ - static volatile simple_ptr<T> s_pObject; - T *p = s_pObject.m_p; - - if (p) - return *p; - - T *newObject = m_objectFactory(); - p = s_pObject.m_p; - - if (p) - { - delete newObject; - return *p; - } - - s_pObject.m_p = newObject; - return *newObject; -} - -// ************** misc functions *************** - -#if (!__STDC_WANT_SECURE_LIB__ && !defined(_MEMORY_S_DEFINED)) -inline void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count) -{ - if (count > sizeInBytes) - throw InvalidArgument("memcpy_s: buffer overflow"); - memcpy(dest, src, count); -} - -inline void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t count) -{ - if (count > sizeInBytes) - throw InvalidArgument("memmove_s: buffer overflow"); - memmove(dest, src, count); -} - -#if __BORLANDC__ >= 0x620 -// C++Builder 2010 workaround: can't use std::memcpy_s because it doesn't allow 0 lengths -#define memcpy_s CryptoPP::memcpy_s -#define memmove_s CryptoPP::memmove_s -#endif -#endif - -inline void * memset_z(void *ptr, int value, size_t num) -{ -// avoid extranous warning on GCC 4.3.2 Ubuntu 8.10 -#if CRYPTOPP_GCC_VERSION >= 30001 - if (__builtin_constant_p(num) && num==0) - return ptr; -#endif - return memset(ptr, value, num); -} - -// can't use std::min or std::max in MSVC60 or Cygwin 1.1.0 -template <class T> inline const T& STDMIN(const T& a, const T& b) -{ - return b < a ? b : a; -} - -template <class T1, class T2> inline const T1 UnsignedMin(const T1& a, const T2& b) -{ - CRYPTOPP_COMPILE_ASSERT((sizeof(T1)<=sizeof(T2) && T2(-1)>0) || (sizeof(T1)>sizeof(T2) && T1(-1)>0)); - assert(a==0 || a>0); // GCC workaround: get rid of the warning "comparison is always true due to limited range of data type" - assert(b>=0); - - if (sizeof(T1)<=sizeof(T2)) - return b < (T2)a ? (T1)b : a; - else - return (T1)b < a ? (T1)b : a; -} - -template <class T> inline const T& STDMAX(const T& a, const T& b) -{ - return a < b ? b : a; -} - -#define RETURN_IF_NONZERO(x) size_t returnedValue = x; if (returnedValue) return returnedValue - -// this version of the macro is fastest on Pentium 3 and Pentium 4 with MSVC 6 SP5 w/ Processor Pack -#define GETBYTE(x, y) (unsigned int)byte((x)>>(8*(y))) -// these may be faster on other CPUs/compilers -// #define GETBYTE(x, y) (unsigned int)(((x)>>(8*(y)))&255) -// #define GETBYTE(x, y) (((byte *)&(x))[y]) - -#define CRYPTOPP_GET_BYTE_AS_BYTE(x, y) byte((x)>>(8*(y))) - -template <class T> -unsigned int Parity(T value) -{ - for (unsigned int i=8*sizeof(value)/2; i>0; i/=2) - value ^= value >> i; - return (unsigned int)value&1; -} - -template <class T> -unsigned int BytePrecision(const T &value) -{ - if (!value) - return 0; - - unsigned int l=0, h=8*sizeof(value); - - while (h-l > 8) - { - unsigned int t = (l+h)/2; - if (value >> t) - l = t; - else - h = t; - } - - return h/8; -} - -template <class T> -unsigned int BitPrecision(const T &value) -{ - if (!value) - return 0; - - unsigned int l=0, h=8*sizeof(value); - - while (h-l > 1) - { - unsigned int t = (l+h)/2; - if (value >> t) - l = t; - else - h = t; - } - - return h; -} - -inline unsigned int TrailingZeros(word32 v) -{ -#if defined(__GNUC__) && CRYPTOPP_GCC_VERSION >= 30400 - return __builtin_ctz(v); -#elif defined(_MSC_VER) && _MSC_VER >= 1400 - unsigned long result; - _BitScanForward(&result, v); - return result; -#else - // from http://graphics.stanford.edu/~seander/bithacks.html#ZerosOnRightMultLookup - static const int MultiplyDeBruijnBitPosition[32] = - { - 0, 1, 28, 2, 29, 14, 24, 3, 30, 22, 20, 15, 25, 17, 4, 8, - 31, 27, 13, 23, 21, 19, 16, 7, 26, 12, 18, 6, 11, 5, 10, 9 - }; - return MultiplyDeBruijnBitPosition[((word32)((v & -v) * 0x077CB531U)) >> 27]; -#endif -} - -inline unsigned int TrailingZeros(word64 v) -{ -#if defined(__GNUC__) && CRYPTOPP_GCC_VERSION >= 30400 - return __builtin_ctzll(v); -#elif defined(_MSC_VER) && _MSC_VER >= 1400 && (defined(_M_X64) || defined(_M_IA64)) - unsigned long result; - _BitScanForward64(&result, v); - return result; -#else - return word32(v) ? TrailingZeros(word32(v)) : 32 + TrailingZeros(word32(v>>32)); -#endif -} - -template <class T> -inline T Crop(T value, size_t size) -{ - if (size < 8*sizeof(value)) - return T(value & ((T(1) << size) - 1)); - else - return value; -} - -template <class T1, class T2> -inline bool SafeConvert(T1 from, T2 &to) -{ - to = (T2)from; - if (from != to || (from > 0) != (to > 0)) - return false; - return true; -} - -inline size_t BitsToBytes(size_t bitCount) -{ - return ((bitCount+7)/(8)); -} - -inline size_t BytesToWords(size_t byteCount) -{ - return ((byteCount+WORD_SIZE-1)/WORD_SIZE); -} - -inline size_t BitsToWords(size_t bitCount) -{ - return ((bitCount+WORD_BITS-1)/(WORD_BITS)); -} - -inline size_t BitsToDwords(size_t bitCount) -{ - return ((bitCount+2*WORD_BITS-1)/(2*WORD_BITS)); -} - -CRYPTOPP_DLL void CRYPTOPP_API xorbuf(byte *buf, const byte *mask, size_t count); -CRYPTOPP_DLL void CRYPTOPP_API xorbuf(byte *output, const byte *input, const byte *mask, size_t count); - -CRYPTOPP_DLL bool CRYPTOPP_API VerifyBufsEqual(const byte *buf1, const byte *buf2, size_t count); - -template <class T> -inline bool IsPowerOf2(const T &n) -{ - return n > 0 && (n & (n-1)) == 0; -} - -template <class T1, class T2> -inline T2 ModPowerOf2(const T1 &a, const T2 &b) -{ - assert(IsPowerOf2(b)); - return T2(a) & (b-1); -} - -template <class T1, class T2> -inline T1 RoundDownToMultipleOf(const T1 &n, const T2 &m) -{ - if (IsPowerOf2(m)) - return n - ModPowerOf2(n, m); - else - return n - n%m; -} - -template <class T1, class T2> -inline T1 RoundUpToMultipleOf(const T1 &n, const T2 &m) -{ - if (n+m-1 < n) - throw InvalidArgument("RoundUpToMultipleOf: integer overflow"); - return RoundDownToMultipleOf(n+m-1, m); -} - -template <class T> -inline unsigned int GetAlignmentOf(T *dummy=NULL) // VC60 workaround -{ -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - if (sizeof(T) < 16) - return 1; -#endif - -#if (_MSC_VER >= 1300) - return __alignof(T); -#elif defined(__GNUC__) - return __alignof__(T); -#elif CRYPTOPP_BOOL_SLOW_WORD64 - return UnsignedMin(4U, sizeof(T)); -#else - return sizeof(T); -#endif -} - -inline bool IsAlignedOn(const void *p, unsigned int alignment) -{ - return alignment==1 || (IsPowerOf2(alignment) ? ModPowerOf2((size_t)p, alignment) == 0 : (size_t)p % alignment == 0); -} - -template <class T> -inline bool IsAligned(const void *p, T *dummy=NULL) // VC60 workaround -{ - return IsAlignedOn(p, GetAlignmentOf<T>()); -} - -#ifdef IS_LITTLE_ENDIAN - typedef LittleEndian NativeByteOrder; -#else - typedef BigEndian NativeByteOrder; -#endif - -inline ByteOrder GetNativeByteOrder() -{ - return NativeByteOrder::ToEnum(); -} - -inline bool NativeByteOrderIs(ByteOrder order) -{ - return order == GetNativeByteOrder(); -} - -template <class T> -std::string IntToString(T a, unsigned int base = 10) -{ - if (a == 0) - return "0"; - bool negate = false; - if (a < 0) - { - negate = true; - a = 0-a; // VC .NET does not like -a - } - std::string result; - while (a > 0) - { - T digit = a % base; - result = char((digit < 10 ? '0' : ('a' - 10)) + digit) + result; - a /= base; - } - if (negate) - result = "-" + result; - return result; -} - -template <class T1, class T2> -inline T1 SaturatingSubtract(const T1 &a, const T2 &b) -{ - return T1((a > b) ? (a - b) : 0); -} - -template <class T> -inline CipherDir GetCipherDir(const T &obj) -{ - return obj.IsForwardTransformation() ? ENCRYPTION : DECRYPTION; -} - -CRYPTOPP_DLL void CRYPTOPP_API CallNewHandler(); - -inline void IncrementCounterByOne(byte *inout, unsigned int s) -{ - for (int i=s-1, carry=1; i>=0 && carry; i--) - carry = !++inout[i]; -} - -inline void IncrementCounterByOne(byte *output, const byte *input, unsigned int s) -{ - int i, carry; - for (i=s-1, carry=1; i>=0 && carry; i--) - carry = ((output[i] = input[i]+1) == 0); - memcpy_s(output, s, input, i+1); -} - -template <class T> -inline void ConditionalSwap(bool c, T &a, T &b) -{ - T t = c * (a ^ b); - a ^= t; - b ^= t; -} - -template <class T> -inline void ConditionalSwapPointers(bool c, T &a, T &b) -{ - ptrdiff_t t = c * (a - b); - a -= t; - b += t; -} - -// see http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/protect-secrets.html -// and https://www.securecoding.cert.org/confluence/display/cplusplus/MSC06-CPP.+Be+aware+of+compiler+optimization+when+dealing+with+sensitive+data -template <class T> -void SecureWipeBuffer(T *buf, size_t n) -{ - // GCC 4.3.2 on Cygwin optimizes away the first store if this loop is done in the forward direction - volatile T *p = buf+n; - while (n--) - *(--p) = 0; -} - -#if (_MSC_VER >= 1400 || defined(__GNUC__)) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86) - -template<> inline void SecureWipeBuffer(byte *buf, size_t n) -{ - volatile byte *p = buf; -#ifdef __GNUC__ - asm volatile("rep stosb" : "+c"(n), "+D"(p) : "a"(0) : "memory"); -#else - __stosb((byte *)(size_t)p, 0, n); -#endif -} - -template<> inline void SecureWipeBuffer(word16 *buf, size_t n) -{ - volatile word16 *p = buf; -#ifdef __GNUC__ - asm volatile("rep stosw" : "+c"(n), "+D"(p) : "a"(0) : "memory"); -#else - __stosw((word16 *)(size_t)p, 0, n); -#endif -} - -template<> inline void SecureWipeBuffer(word32 *buf, size_t n) -{ - volatile word32 *p = buf; -#ifdef __GNUC__ - asm volatile("rep stosl" : "+c"(n), "+D"(p) : "a"(0) : "memory"); -#else - __stosd((unsigned long *)(size_t)p, 0, n); -#endif -} - -template<> inline void SecureWipeBuffer(word64 *buf, size_t n) -{ -#if CRYPTOPP_BOOL_X64 - volatile word64 *p = buf; -#ifdef __GNUC__ - asm volatile("rep stosq" : "+c"(n), "+D"(p) : "a"(0) : "memory"); -#else - __stosq((word64 *)(size_t)p, 0, n); -#endif -#else - SecureWipeBuffer((word32 *)buf, 2*n); -#endif -} - -#endif // #if (_MSC_VER >= 1400 || defined(__GNUC__)) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86) - -template <class T> -inline void SecureWipeArray(T *buf, size_t n) -{ - if (sizeof(T) % 8 == 0 && GetAlignmentOf<T>() % GetAlignmentOf<word64>() == 0) - SecureWipeBuffer((word64 *)buf, n * (sizeof(T)/8)); - else if (sizeof(T) % 4 == 0 && GetAlignmentOf<T>() % GetAlignmentOf<word32>() == 0) - SecureWipeBuffer((word32 *)buf, n * (sizeof(T)/4)); - else if (sizeof(T) % 2 == 0 && GetAlignmentOf<T>() % GetAlignmentOf<word16>() == 0) - SecureWipeBuffer((word16 *)buf, n * (sizeof(T)/2)); - else - SecureWipeBuffer((byte *)buf, n * sizeof(T)); -} - -// this function uses wcstombs(), which assumes that setlocale() has been called -static std::string StringNarrow(const wchar_t *str, bool throwOnError = true) -{ -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning(disable: 4996) // 'wcstombs': This function or variable may be unsafe. -#endif - size_t size = wcstombs(NULL, str, 0); - if (size == size_t(0)-1) - { - if (throwOnError) - throw InvalidArgument("StringNarrow: wcstombs() call failed"); - else - return std::string(); - } - std::string result(size, 0); - wcstombs(&result[0], str, size); - return result; -#ifdef _MSC_VER -#pragma warning(pop) -#endif -} - -#if CRYPTOPP_BOOL_ALIGN16_ENABLED -CRYPTOPP_DLL void * CRYPTOPP_API AlignedAllocate(size_t size); -CRYPTOPP_DLL void CRYPTOPP_API AlignedDeallocate(void *p); -#endif - -CRYPTOPP_DLL void * CRYPTOPP_API UnalignedAllocate(size_t size); -CRYPTOPP_DLL void CRYPTOPP_API UnalignedDeallocate(void *p); - -// ************** rotate functions *************** - -template <class T> inline T rotlFixed(T x, unsigned int y) -{ - assert(y < sizeof(T)*8); - return y ? T((x<<y) | (x>>(sizeof(T)*8-y))) : x; -} - -template <class T> inline T rotrFixed(T x, unsigned int y) -{ - assert(y < sizeof(T)*8); - return y ? T((x>>y) | (x<<(sizeof(T)*8-y))) : x; -} - -template <class T> inline T rotlVariable(T x, unsigned int y) -{ - assert(y < sizeof(T)*8); - return T((x<<y) | (x>>(sizeof(T)*8-y))); -} - -template <class T> inline T rotrVariable(T x, unsigned int y) -{ - assert(y < sizeof(T)*8); - return T((x>>y) | (x<<(sizeof(T)*8-y))); -} - -template <class T> inline T rotlMod(T x, unsigned int y) -{ - y %= sizeof(T)*8; - return T((x<<y) | (x>>(sizeof(T)*8-y))); -} - -template <class T> inline T rotrMod(T x, unsigned int y) -{ - y %= sizeof(T)*8; - return T((x>>y) | (x<<(sizeof(T)*8-y))); -} - -#ifdef _MSC_VER - -template<> inline word32 rotlFixed<word32>(word32 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _lrotl(x, y) : x; -} - -template<> inline word32 rotrFixed<word32>(word32 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _lrotr(x, y) : x; -} - -template<> inline word32 rotlVariable<word32>(word32 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _lrotl(x, y); -} - -template<> inline word32 rotrVariable<word32>(word32 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _lrotr(x, y); -} - -template<> inline word32 rotlMod<word32>(word32 x, unsigned int y) -{ - return _lrotl(x, y); -} - -template<> inline word32 rotrMod<word32>(word32 x, unsigned int y) -{ - return _lrotr(x, y); -} - -#endif // #ifdef _MSC_VER - -#if _MSC_VER >= 1300 && !defined(__INTEL_COMPILER) -// Intel C++ Compiler 10.0 calls a function instead of using the rotate instruction when using these instructions - -template<> inline word64 rotlFixed<word64>(word64 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _rotl64(x, y) : x; -} - -template<> inline word64 rotrFixed<word64>(word64 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _rotr64(x, y) : x; -} - -template<> inline word64 rotlVariable<word64>(word64 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _rotl64(x, y); -} - -template<> inline word64 rotrVariable<word64>(word64 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _rotr64(x, y); -} - -template<> inline word64 rotlMod<word64>(word64 x, unsigned int y) -{ - return _rotl64(x, y); -} - -template<> inline word64 rotrMod<word64>(word64 x, unsigned int y) -{ - return _rotr64(x, y); -} - -#endif // #if _MSC_VER >= 1310 - -#if _MSC_VER >= 1400 && !defined(__INTEL_COMPILER) -// Intel C++ Compiler 10.0 gives undefined externals with these - -template<> inline word16 rotlFixed<word16>(word16 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _rotl16(x, y) : x; -} - -template<> inline word16 rotrFixed<word16>(word16 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _rotr16(x, y) : x; -} - -template<> inline word16 rotlVariable<word16>(word16 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _rotl16(x, y); -} - -template<> inline word16 rotrVariable<word16>(word16 x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _rotr16(x, y); -} - -template<> inline word16 rotlMod<word16>(word16 x, unsigned int y) -{ - return _rotl16(x, y); -} - -template<> inline word16 rotrMod<word16>(word16 x, unsigned int y) -{ - return _rotr16(x, y); -} - -template<> inline byte rotlFixed<byte>(byte x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _rotl8(x, y) : x; -} - -template<> inline byte rotrFixed<byte>(byte x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return y ? _rotr8(x, y) : x; -} - -template<> inline byte rotlVariable<byte>(byte x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _rotl8(x, y); -} - -template<> inline byte rotrVariable<byte>(byte x, unsigned int y) -{ - assert(y < 8*sizeof(x)); - return _rotr8(x, y); -} - -template<> inline byte rotlMod<byte>(byte x, unsigned int y) -{ - return _rotl8(x, y); -} - -template<> inline byte rotrMod<byte>(byte x, unsigned int y) -{ - return _rotr8(x, y); -} - -#endif // #if _MSC_VER >= 1400 - -#if (defined(__MWERKS__) && TARGET_CPU_PPC) - -template<> inline word32 rotlFixed<word32>(word32 x, unsigned int y) -{ - assert(y < 32); - return y ? __rlwinm(x,y,0,31) : x; -} - -template<> inline word32 rotrFixed<word32>(word32 x, unsigned int y) -{ - assert(y < 32); - return y ? __rlwinm(x,32-y,0,31) : x; -} - -template<> inline word32 rotlVariable<word32>(word32 x, unsigned int y) -{ - assert(y < 32); - return (__rlwnm(x,y,0,31)); -} - -template<> inline word32 rotrVariable<word32>(word32 x, unsigned int y) -{ - assert(y < 32); - return (__rlwnm(x,32-y,0,31)); -} - -template<> inline word32 rotlMod<word32>(word32 x, unsigned int y) -{ - return (__rlwnm(x,y,0,31)); -} - -template<> inline word32 rotrMod<word32>(word32 x, unsigned int y) -{ - return (__rlwnm(x,32-y,0,31)); -} - -#endif // #if (defined(__MWERKS__) && TARGET_CPU_PPC) - -// ************** endian reversal *************** - -template <class T> -inline unsigned int GetByte(ByteOrder order, T value, unsigned int index) -{ - if (order == LITTLE_ENDIAN_ORDER) - return GETBYTE(value, index); - else - return GETBYTE(value, sizeof(T)-index-1); -} - -inline byte ByteReverse(byte value) -{ - return value; -} - -inline word16 ByteReverse(word16 value) -{ -#ifdef CRYPTOPP_BYTESWAP_AVAILABLE - return bswap_16(value); -#elif defined(_MSC_VER) && _MSC_VER >= 1300 - return _byteswap_ushort(value); -#else - return rotlFixed(value, 8U); -#endif -} - -inline word32 ByteReverse(word32 value) -{ -#if defined(__GNUC__) && defined(CRYPTOPP_X86_ASM_AVAILABLE) - __asm__ ("bswap %0" : "=r" (value) : "0" (value)); - return value; -#elif defined(CRYPTOPP_BYTESWAP_AVAILABLE) - return bswap_32(value); -#elif defined(__MWERKS__) && TARGET_CPU_PPC - return (word32)__lwbrx(&value,0); -#elif _MSC_VER >= 1400 || (_MSC_VER >= 1300 && !defined(_DLL)) - return _byteswap_ulong(value); -#elif CRYPTOPP_FAST_ROTATE(32) - // 5 instructions with rotate instruction, 9 without - return (rotrFixed(value, 8U) & 0xff00ff00) | (rotlFixed(value, 8U) & 0x00ff00ff); -#else - // 6 instructions with rotate instruction, 8 without - value = ((value & 0xFF00FF00) >> 8) | ((value & 0x00FF00FF) << 8); - return rotlFixed(value, 16U); -#endif -} - -inline word64 ByteReverse(word64 value) -{ -#if defined(__GNUC__) && defined(CRYPTOPP_X86_ASM_AVAILABLE) && defined(__x86_64__) - __asm__ ("bswap %0" : "=r" (value) : "0" (value)); - return value; -#elif defined(CRYPTOPP_BYTESWAP_AVAILABLE) - return bswap_64(value); -#elif defined(_MSC_VER) && _MSC_VER >= 1300 - return _byteswap_uint64(value); -#elif CRYPTOPP_BOOL_SLOW_WORD64 - return (word64(ByteReverse(word32(value))) << 32) | ByteReverse(word32(value>>32)); -#else - value = ((value & W64LIT(0xFF00FF00FF00FF00)) >> 8) | ((value & W64LIT(0x00FF00FF00FF00FF)) << 8); - value = ((value & W64LIT(0xFFFF0000FFFF0000)) >> 16) | ((value & W64LIT(0x0000FFFF0000FFFF)) << 16); - return rotlFixed(value, 32U); -#endif -} - -inline byte BitReverse(byte value) -{ - value = ((value & 0xAA) >> 1) | ((value & 0x55) << 1); - value = ((value & 0xCC) >> 2) | ((value & 0x33) << 2); - return rotlFixed(value, 4U); -} - -inline word16 BitReverse(word16 value) -{ - value = ((value & 0xAAAA) >> 1) | ((value & 0x5555) << 1); - value = ((value & 0xCCCC) >> 2) | ((value & 0x3333) << 2); - value = ((value & 0xF0F0) >> 4) | ((value & 0x0F0F) << 4); - return ByteReverse(value); -} - -inline word32 BitReverse(word32 value) -{ - value = ((value & 0xAAAAAAAA) >> 1) | ((value & 0x55555555) << 1); - value = ((value & 0xCCCCCCCC) >> 2) | ((value & 0x33333333) << 2); - value = ((value & 0xF0F0F0F0) >> 4) | ((value & 0x0F0F0F0F) << 4); - return ByteReverse(value); -} - -inline word64 BitReverse(word64 value) -{ -#if CRYPTOPP_BOOL_SLOW_WORD64 - return (word64(BitReverse(word32(value))) << 32) | BitReverse(word32(value>>32)); -#else - value = ((value & W64LIT(0xAAAAAAAAAAAAAAAA)) >> 1) | ((value & W64LIT(0x5555555555555555)) << 1); - value = ((value & W64LIT(0xCCCCCCCCCCCCCCCC)) >> 2) | ((value & W64LIT(0x3333333333333333)) << 2); - value = ((value & W64LIT(0xF0F0F0F0F0F0F0F0)) >> 4) | ((value & W64LIT(0x0F0F0F0F0F0F0F0F)) << 4); - return ByteReverse(value); -#endif -} - -template <class T> -inline T BitReverse(T value) -{ - if (sizeof(T) == 1) - return (T)BitReverse((byte)value); - else if (sizeof(T) == 2) - return (T)BitReverse((word16)value); - else if (sizeof(T) == 4) - return (T)BitReverse((word32)value); - else - { - assert(sizeof(T) == 8); - return (T)BitReverse((word64)value); - } -} - -template <class T> -inline T ConditionalByteReverse(ByteOrder order, T value) -{ - return NativeByteOrderIs(order) ? value : ByteReverse(value); -} - -template <class T> -void ByteReverse(T *out, const T *in, size_t byteCount) -{ - assert(byteCount % sizeof(T) == 0); - size_t count = byteCount/sizeof(T); - for (size_t i=0; i<count; i++) - out[i] = ByteReverse(in[i]); -} - -template <class T> -inline void ConditionalByteReverse(ByteOrder order, T *out, const T *in, size_t byteCount) -{ - if (!NativeByteOrderIs(order)) - ByteReverse(out, in, byteCount); - else if (in != out) - memcpy_s(out, byteCount, in, byteCount); -} - -template <class T> -inline void GetUserKey(ByteOrder order, T *out, size_t outlen, const byte *in, size_t inlen) -{ - const size_t U = sizeof(T); - assert(inlen <= outlen*U); - memcpy_s(out, outlen*U, in, inlen); - memset_z((byte *)out+inlen, 0, outlen*U-inlen); - ConditionalByteReverse(order, out, out, RoundUpToMultipleOf(inlen, U)); -} - -#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS -inline byte UnalignedGetWordNonTemplate(ByteOrder order, const byte *block, const byte *) -{ - return block[0]; -} - -inline word16 UnalignedGetWordNonTemplate(ByteOrder order, const byte *block, const word16 *) -{ - return (order == BIG_ENDIAN_ORDER) - ? block[1] | (block[0] << 8) - : block[0] | (block[1] << 8); -} - -inline word32 UnalignedGetWordNonTemplate(ByteOrder order, const byte *block, const word32 *) -{ - return (order == BIG_ENDIAN_ORDER) - ? word32(block[3]) | (word32(block[2]) << 8) | (word32(block[1]) << 16) | (word32(block[0]) << 24) - : word32(block[0]) | (word32(block[1]) << 8) | (word32(block[2]) << 16) | (word32(block[3]) << 24); -} - -inline word64 UnalignedGetWordNonTemplate(ByteOrder order, const byte *block, const word64 *) -{ - return (order == BIG_ENDIAN_ORDER) - ? - (word64(block[7]) | - (word64(block[6]) << 8) | - (word64(block[5]) << 16) | - (word64(block[4]) << 24) | - (word64(block[3]) << 32) | - (word64(block[2]) << 40) | - (word64(block[1]) << 48) | - (word64(block[0]) << 56)) - : - (word64(block[0]) | - (word64(block[1]) << 8) | - (word64(block[2]) << 16) | - (word64(block[3]) << 24) | - (word64(block[4]) << 32) | - (word64(block[5]) << 40) | - (word64(block[6]) << 48) | - (word64(block[7]) << 56)); -} - -inline void UnalignedPutWordNonTemplate(ByteOrder order, byte *block, byte value, const byte *xorBlock) -{ - block[0] = xorBlock ? (value ^ xorBlock[0]) : value; -} - -inline void UnalignedPutWordNonTemplate(ByteOrder order, byte *block, word16 value, const byte *xorBlock) -{ - if (order == BIG_ENDIAN_ORDER) - { - if (xorBlock) - { - block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - } - else - { - block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - } - } - else - { - if (xorBlock) - { - block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - } - else - { - block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - } - } -} - -inline void UnalignedPutWordNonTemplate(ByteOrder order, byte *block, word32 value, const byte *xorBlock) -{ - if (order == BIG_ENDIAN_ORDER) - { - if (xorBlock) - { - block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[2] = xorBlock[2] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[3] = xorBlock[3] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - } - else - { - block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[2] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[3] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - } - } - else - { - if (xorBlock) - { - block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[2] = xorBlock[2] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[3] = xorBlock[3] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - } - else - { - block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[2] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[3] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - } - } -} - -inline void UnalignedPutWordNonTemplate(ByteOrder order, byte *block, word64 value, const byte *xorBlock) -{ - if (order == BIG_ENDIAN_ORDER) - { - if (xorBlock) - { - block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 7); - block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 6); - block[2] = xorBlock[2] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 5); - block[3] = xorBlock[3] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 4); - block[4] = xorBlock[4] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - block[5] = xorBlock[5] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[6] = xorBlock[6] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[7] = xorBlock[7] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - } - else - { - block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 7); - block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 6); - block[2] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 5); - block[3] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 4); - block[4] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - block[5] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[6] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[7] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - } - } - else - { - if (xorBlock) - { - block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[2] = xorBlock[2] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[3] = xorBlock[3] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - block[4] = xorBlock[4] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 4); - block[5] = xorBlock[5] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 5); - block[6] = xorBlock[6] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 6); - block[7] = xorBlock[7] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 7); - } - else - { - block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); - block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); - block[2] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); - block[3] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); - block[4] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 4); - block[5] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 5); - block[6] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 6); - block[7] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 7); - } - } -} -#endif // #ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - -template <class T> -inline T GetWord(bool assumeAligned, ByteOrder order, const byte *block) -{ -#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - if (!assumeAligned) - return UnalignedGetWordNonTemplate(order, block, (T*)NULL); - assert(IsAligned<T>(block)); -#endif - return ConditionalByteReverse(order, *reinterpret_cast<const T *>(block)); -} - -template <class T> -inline void GetWord(bool assumeAligned, ByteOrder order, T &result, const byte *block) -{ - result = GetWord<T>(assumeAligned, order, block); -} - -template <class T> -inline void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock = NULL) -{ -#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - if (!assumeAligned) - return UnalignedPutWordNonTemplate(order, block, value, xorBlock); - assert(IsAligned<T>(block)); - assert(IsAligned<T>(xorBlock)); -#endif - *reinterpret_cast<T *>(block) = ConditionalByteReverse(order, value) ^ (xorBlock ? *reinterpret_cast<const T *>(xorBlock) : 0); -} - -template <class T, class B, bool A=false> -class GetBlock -{ -public: - GetBlock(const void *block) - : m_block((const byte *)block) {} - - template <class U> - inline GetBlock<T, B, A> & operator()(U &x) - { - CRYPTOPP_COMPILE_ASSERT(sizeof(U) >= sizeof(T)); - x = GetWord<T>(A, B::ToEnum(), m_block); - m_block += sizeof(T); - return *this; - } - -private: - const byte *m_block; -}; - -template <class T, class B, bool A=false> -class PutBlock -{ -public: - PutBlock(const void *xorBlock, void *block) - : m_xorBlock((const byte *)xorBlock), m_block((byte *)block) {} - - template <class U> - inline PutBlock<T, B, A> & operator()(U x) - { - PutWord(A, B::ToEnum(), m_block, (T)x, m_xorBlock); - m_block += sizeof(T); - if (m_xorBlock) - m_xorBlock += sizeof(T); - return *this; - } - -private: - const byte *m_xorBlock; - byte *m_block; -}; - -template <class T, class B, bool GA=false, bool PA=false> -struct BlockGetAndPut -{ - // function needed because of C++ grammatical ambiguity between expression-statements and declarations - static inline GetBlock<T, B, GA> Get(const void *block) {return GetBlock<T, B, GA>(block);} - typedef PutBlock<T, B, PA> Put; -}; - -template <class T> -std::string WordToString(T value, ByteOrder order = BIG_ENDIAN_ORDER) -{ - if (!NativeByteOrderIs(order)) - value = ByteReverse(value); - - return std::string((char *)&value, sizeof(value)); -} - -template <class T> -T StringToWord(const std::string &str, ByteOrder order = BIG_ENDIAN_ORDER) -{ - T value = 0; - memcpy_s(&value, sizeof(value), str.data(), UnsignedMin(str.size(), sizeof(value))); - return NativeByteOrderIs(order) ? value : ByteReverse(value); -} - -// ************** help remove warning on g++ *************** - -template <bool overflow> struct SafeShifter; - -template<> struct SafeShifter<true> -{ - template <class T> - static inline T RightShift(T value, unsigned int bits) - { - return 0; - } - - template <class T> - static inline T LeftShift(T value, unsigned int bits) - { - return 0; - } -}; - -template<> struct SafeShifter<false> -{ - template <class T> - static inline T RightShift(T value, unsigned int bits) - { - return value >> bits; - } - - template <class T> - static inline T LeftShift(T value, unsigned int bits) - { - return value << bits; - } -}; - -template <unsigned int bits, class T> -inline T SafeRightShift(T value) -{ - return SafeShifter<(bits>=(8*sizeof(T)))>::RightShift(value, bits); -} - -template <unsigned int bits, class T> -inline T SafeLeftShift(T value) -{ - return SafeShifter<(bits>=(8*sizeof(T)))>::LeftShift(value, bits); -} - -// ************** use one buffer for multiple data members *************** - -#define CRYPTOPP_BLOCK_1(n, t, s) t* m_##n() {return (t *)(m_aggregate+0);} size_t SS1() {return sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_2(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS1());} size_t SS2() {return SS1()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_3(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS2());} size_t SS3() {return SS2()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_4(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS3());} size_t SS4() {return SS3()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_5(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS4());} size_t SS5() {return SS4()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_6(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS5());} size_t SS6() {return SS5()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_7(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS6());} size_t SS7() {return SS6()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCK_8(n, t, s) t* m_##n() {return (t *)(m_aggregate+SS7());} size_t SS8() {return SS7()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} -#define CRYPTOPP_BLOCKS_END(i) size_t SST() {return SS##i();} void AllocateBlocks() {m_aggregate.New(SST());} AlignedSecByteBlock m_aggregate; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/modarith.h b/cryptopp562/modarith.h deleted file mode 100644 index c0368e3..0000000 --- a/cryptopp562/modarith.h +++ /dev/null @@ -1,158 +0,0 @@ -#ifndef CRYPTOPP_MODARITH_H -#define CRYPTOPP_MODARITH_H - -// implementations are in integer.cpp - -#include "cryptlib.h" -#include "misc.h" -#include "integer.h" -#include "algebra.h" - -NAMESPACE_BEGIN(CryptoPP) - -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<Integer>; -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractRing<Integer>; -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractEuclideanDomain<Integer>; - -//! ring of congruence classes modulo n -/*! \note this implementation represents each congruence class as the smallest non-negative integer in that class */ -class CRYPTOPP_DLL ModularArithmetic : public AbstractRing<Integer> -{ -public: - - typedef int RandomizationParameter; - typedef Integer Element; - - ModularArithmetic(const Integer &modulus = Integer::One()) - : m_modulus(modulus), m_result((word)0, modulus.reg.size()) {} - - ModularArithmetic(const ModularArithmetic &ma) - : m_modulus(ma.m_modulus), m_result((word)0, m_modulus.reg.size()) {} - - ModularArithmetic(BufferedTransformation &bt); // construct from BER encoded parameters - - virtual ModularArithmetic * Clone() const {return new ModularArithmetic(*this);} - - void DEREncode(BufferedTransformation &bt) const; - - void DEREncodeElement(BufferedTransformation &out, const Element &a) const; - void BERDecodeElement(BufferedTransformation &in, Element &a) const; - - const Integer& GetModulus() const {return m_modulus;} - void SetModulus(const Integer &newModulus) {m_modulus = newModulus; m_result.reg.resize(m_modulus.reg.size());} - - virtual bool IsMontgomeryRepresentation() const {return false;} - - virtual Integer ConvertIn(const Integer &a) const - {return a%m_modulus;} - - virtual Integer ConvertOut(const Integer &a) const - {return a;} - - const Integer& Half(const Integer &a) const; - - bool Equal(const Integer &a, const Integer &b) const - {return a==b;} - - const Integer& Identity() const - {return Integer::Zero();} - - const Integer& Add(const Integer &a, const Integer &b) const; - - Integer& Accumulate(Integer &a, const Integer &b) const; - - const Integer& Inverse(const Integer &a) const; - - const Integer& Subtract(const Integer &a, const Integer &b) const; - - Integer& Reduce(Integer &a, const Integer &b) const; - - const Integer& Double(const Integer &a) const - {return Add(a, a);} - - const Integer& MultiplicativeIdentity() const - {return Integer::One();} - - const Integer& Multiply(const Integer &a, const Integer &b) const - {return m_result1 = a*b%m_modulus;} - - const Integer& Square(const Integer &a) const - {return m_result1 = a.Squared()%m_modulus;} - - bool IsUnit(const Integer &a) const - {return Integer::Gcd(a, m_modulus).IsUnit();} - - const Integer& MultiplicativeInverse(const Integer &a) const - {return m_result1 = a.InverseMod(m_modulus);} - - const Integer& Divide(const Integer &a, const Integer &b) const - {return Multiply(a, MultiplicativeInverse(b));} - - Integer CascadeExponentiate(const Integer &x, const Integer &e1, const Integer &y, const Integer &e2) const; - - void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; - - unsigned int MaxElementBitLength() const - {return (m_modulus-1).BitCount();} - - unsigned int MaxElementByteLength() const - {return (m_modulus-1).ByteCount();} - - Element RandomElement( RandomNumberGenerator &rng , const RandomizationParameter &ignore_for_now = 0 ) const - // left RandomizationParameter arg as ref in case RandomizationParameter becomes a more complicated struct - { - return Element( rng , Integer( (long) 0) , m_modulus - Integer( (long) 1 ) ) ; - } - - bool operator==(const ModularArithmetic &rhs) const - {return m_modulus == rhs.m_modulus;} - - static const RandomizationParameter DefaultRandomizationParameter ; - -protected: - Integer m_modulus; - mutable Integer m_result, m_result1; - -}; - -// const ModularArithmetic::RandomizationParameter ModularArithmetic::DefaultRandomizationParameter = 0 ; - -//! do modular arithmetics in Montgomery representation for increased speed -/*! \note the Montgomery representation represents each congruence class [a] as a*r%n, where r is a convenient power of 2 */ -class CRYPTOPP_DLL MontgomeryRepresentation : public ModularArithmetic -{ -public: - MontgomeryRepresentation(const Integer &modulus); // modulus must be odd - - virtual ModularArithmetic * Clone() const {return new MontgomeryRepresentation(*this);} - - bool IsMontgomeryRepresentation() const {return true;} - - Integer ConvertIn(const Integer &a) const - {return (a<<(WORD_BITS*m_modulus.reg.size()))%m_modulus;} - - Integer ConvertOut(const Integer &a) const; - - const Integer& MultiplicativeIdentity() const - {return m_result1 = Integer::Power2(WORD_BITS*m_modulus.reg.size())%m_modulus;} - - const Integer& Multiply(const Integer &a, const Integer &b) const; - - const Integer& Square(const Integer &a) const; - - const Integer& MultiplicativeInverse(const Integer &a) const; - - Integer CascadeExponentiate(const Integer &x, const Integer &e1, const Integer &y, const Integer &e2) const - {return AbstractRing<Integer>::CascadeExponentiate(x, e1, y, e2);} - - void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const - {AbstractRing<Integer>::SimultaneousExponentiate(results, base, exponents, exponentsCount);} - -private: - Integer m_u; - mutable IntegerSecBlock m_workspace; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/modes.cpp b/cryptopp562/modes.cpp deleted file mode 100644 index 4633228..0000000 --- a/cryptopp562/modes.cpp +++ /dev/null @@ -1,245 +0,0 @@ -// modes.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "modes.h" - -#ifndef NDEBUG -#include "des.h" -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifndef NDEBUG -void Modes_TestInstantiations() -{ - CFB_Mode<DES>::Encryption m0; - CFB_Mode<DES>::Decryption m1; - OFB_Mode<DES>::Encryption m2; - CTR_Mode<DES>::Encryption m3; - ECB_Mode<DES>::Encryption m4; - CBC_Mode<DES>::Encryption m5; -} -#endif - -void CFB_ModePolicy::Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount) -{ - assert(m_cipher->IsForwardTransformation()); // CFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt - assert(m_feedbackSize == BlockSize()); - - unsigned int s = BlockSize(); - if (dir == ENCRYPTION) - { - m_cipher->ProcessAndXorBlock(m_register, input, output); - m_cipher->AdvancedProcessBlocks(output, input+s, output+s, (iterationCount-1)*s, 0); - memcpy(m_register, output+(iterationCount-1)*s, s); - } - else - { - memcpy(m_temp, input+(iterationCount-1)*s, s); // make copy first in case of in-place decryption - m_cipher->AdvancedProcessBlocks(input, input+s, output+s, (iterationCount-1)*s, BlockTransformation::BT_ReverseDirection); - m_cipher->ProcessAndXorBlock(m_register, input, output); - memcpy(m_register, m_temp, s); - } -} - -void CFB_ModePolicy::TransformRegister() -{ - assert(m_cipher->IsForwardTransformation()); // CFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt - m_cipher->ProcessBlock(m_register, m_temp); - unsigned int updateSize = BlockSize()-m_feedbackSize; - memmove_s(m_register, m_register.size(), m_register+m_feedbackSize, updateSize); - memcpy_s(m_register+updateSize, m_register.size()-updateSize, m_temp, m_feedbackSize); -} - -void CFB_ModePolicy::CipherResynchronize(const byte *iv, size_t length) -{ - assert(length == BlockSize()); - CopyOrZero(m_register, iv, length); - TransformRegister(); -} - -void CFB_ModePolicy::SetFeedbackSize(unsigned int feedbackSize) -{ - if (feedbackSize > BlockSize()) - throw InvalidArgument("CFB_Mode: invalid feedback size"); - m_feedbackSize = feedbackSize ? feedbackSize : BlockSize(); -} - -void CFB_ModePolicy::ResizeBuffers() -{ - CipherModeBase::ResizeBuffers(); - m_temp.New(BlockSize()); -} - -void OFB_ModePolicy::WriteKeystream(byte *keystreamBuffer, size_t iterationCount) -{ - assert(m_cipher->IsForwardTransformation()); // OFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt - unsigned int s = BlockSize(); - m_cipher->ProcessBlock(m_register, keystreamBuffer); - if (iterationCount > 1) - m_cipher->AdvancedProcessBlocks(keystreamBuffer, NULL, keystreamBuffer+s, s*(iterationCount-1), 0); - memcpy(m_register, keystreamBuffer+s*(iterationCount-1), s); -} - -void OFB_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) -{ - assert(length == BlockSize()); - CopyOrZero(m_register, iv, length); -} - -void CTR_ModePolicy::SeekToIteration(lword iterationCount) -{ - int carry=0; - for (int i=BlockSize()-1; i>=0; i--) - { - unsigned int sum = m_register[i] + byte(iterationCount) + carry; - m_counterArray[i] = (byte) sum; - carry = sum >> 8; - iterationCount >>= 8; - } -} - -void CTR_ModePolicy::IncrementCounterBy256() -{ - IncrementCounterByOne(m_counterArray, BlockSize()-1); -} - -void CTR_ModePolicy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) -{ - assert(m_cipher->IsForwardTransformation()); // CTR mode needs the "encrypt" direction of the underlying block cipher, even to decrypt - unsigned int s = BlockSize(); - unsigned int inputIncrement = input ? s : 0; - - while (iterationCount) - { - byte lsb = m_counterArray[s-1]; - size_t blocks = UnsignedMin(iterationCount, 256U-lsb); - m_cipher->AdvancedProcessBlocks(m_counterArray, input, output, blocks*s, BlockTransformation::BT_InBlockIsCounter|BlockTransformation::BT_AllowParallel); - if ((m_counterArray[s-1] = lsb + (byte)blocks) == 0) - IncrementCounterBy256(); - - output += blocks*s; - input += blocks*inputIncrement; - iterationCount -= blocks; - } -} - -void CTR_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) -{ - assert(length == BlockSize()); - CopyOrZero(m_register, iv, length); - m_counterArray = m_register; -} - -void BlockOrientedCipherModeBase::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) -{ - m_cipher->SetKey(key, length, params); - ResizeBuffers(); - if (IsResynchronizable()) - { - size_t ivLength; - const byte *iv = GetIVAndThrowIfInvalid(params, ivLength); - Resynchronize(iv, (int)ivLength); - } -} - -void ECB_OneWay::ProcessData(byte *outString, const byte *inString, size_t length) -{ - assert(length%BlockSize()==0); - m_cipher->AdvancedProcessBlocks(inString, NULL, outString, length, BlockTransformation::BT_AllowParallel); -} - -void CBC_Encryption::ProcessData(byte *outString, const byte *inString, size_t length) -{ - if (!length) - return; - assert(length%BlockSize()==0); - - unsigned int blockSize = BlockSize(); - m_cipher->AdvancedProcessBlocks(inString, m_register, outString, blockSize, BlockTransformation::BT_XorInput); - if (length > blockSize) - m_cipher->AdvancedProcessBlocks(inString+blockSize, outString, outString+blockSize, length-blockSize, BlockTransformation::BT_XorInput); - memcpy(m_register, outString + length - blockSize, blockSize); -} - -void CBC_CTS_Encryption::ProcessLastBlock(byte *outString, const byte *inString, size_t length) -{ - if (length <= BlockSize()) - { - if (!m_stolenIV) - throw InvalidArgument("CBC_Encryption: message is too short for ciphertext stealing"); - - // steal from IV - memcpy(outString, m_register, length); - outString = m_stolenIV; - } - else - { - // steal from next to last block - xorbuf(m_register, inString, BlockSize()); - m_cipher->ProcessBlock(m_register); - inString += BlockSize(); - length -= BlockSize(); - memcpy(outString+BlockSize(), m_register, length); - } - - // output last full ciphertext block - xorbuf(m_register, inString, length); - m_cipher->ProcessBlock(m_register); - memcpy(outString, m_register, BlockSize()); -} - -void CBC_Decryption::ProcessData(byte *outString, const byte *inString, size_t length) -{ - if (!length) - return; - assert(length%BlockSize()==0); - - unsigned int blockSize = BlockSize(); - memcpy(m_temp, inString+length-blockSize, blockSize); // save copy now in case of in-place decryption - if (length > blockSize) - m_cipher->AdvancedProcessBlocks(inString+blockSize, inString, outString+blockSize, length-blockSize, BlockTransformation::BT_ReverseDirection|BlockTransformation::BT_AllowParallel); - m_cipher->ProcessAndXorBlock(inString, m_register, outString); - m_register.swap(m_temp); -} - -void CBC_CTS_Decryption::ProcessLastBlock(byte *outString, const byte *inString, size_t length) -{ - const byte *pn, *pn1; - bool stealIV = length <= BlockSize(); - - if (stealIV) - { - pn = inString; - pn1 = m_register; - } - else - { - pn = inString + BlockSize(); - pn1 = inString; - length -= BlockSize(); - } - - // decrypt last partial plaintext block - memcpy(m_temp, pn1, BlockSize()); - m_cipher->ProcessBlock(m_temp); - xorbuf(m_temp, pn, length); - - if (stealIV) - memcpy(outString, m_temp, length); - else - { - memcpy(outString+BlockSize(), m_temp, length); - // decrypt next to last plaintext block - memcpy(m_temp, pn, length); - m_cipher->ProcessBlock(m_temp); - xorbuf(outString, m_temp, m_register, BlockSize()); - } -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/modes.h b/cryptopp562/modes.h deleted file mode 100644 index c0c30c4..0000000 --- a/cryptopp562/modes.h +++ /dev/null @@ -1,422 +0,0 @@ -#ifndef CRYPTOPP_MODES_H -#define CRYPTOPP_MODES_H - -/*! \file -*/ - -#include "cryptlib.h" -#include "secblock.h" -#include "misc.h" -#include "strciphr.h" -#include "argnames.h" -#include "algparam.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Cipher modes documentation. See NIST SP 800-38A for definitions of these modes. See AuthenticatedSymmetricCipherDocumentation for authenticated encryption modes. - -/*! Each class derived from this one defines two types, Encryption and Decryption, - both of which implement the SymmetricCipher interface. - For each mode there are two classes, one of which is a template class, - and the other one has a name that ends in "_ExternalCipher". - The "external cipher" mode objects hold a reference to the underlying block cipher, - instead of holding an instance of it. The reference must be passed in to the constructor. - For the "cipher holder" classes, the CIPHER template parameter should be a class - derived from BlockCipherDocumentation, for example DES or AES. -*/ -struct CipherModeDocumentation : public SymmetricCipherDocumentation -{ -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CipherModeBase : public SymmetricCipher -{ -public: - size_t MinKeyLength() const {return m_cipher->MinKeyLength();} - size_t MaxKeyLength() const {return m_cipher->MaxKeyLength();} - size_t DefaultKeyLength() const {return m_cipher->DefaultKeyLength();} - size_t GetValidKeyLength(size_t n) const {return m_cipher->GetValidKeyLength(n);} - bool IsValidKeyLength(size_t n) const {return m_cipher->IsValidKeyLength(n);} - - unsigned int OptimalDataAlignment() const {return m_cipher->OptimalDataAlignment();} - - unsigned int IVSize() const {return BlockSize();} - virtual IV_Requirement IVRequirement() const =0; - - void SetCipher(BlockCipher &cipher) - { - this->ThrowIfResynchronizable(); - this->m_cipher = &cipher; - this->ResizeBuffers(); - } - - void SetCipherWithIV(BlockCipher &cipher, const byte *iv, int feedbackSize = 0) - { - this->ThrowIfInvalidIV(iv); - this->m_cipher = &cipher; - this->ResizeBuffers(); - this->SetFeedbackSize(feedbackSize); - if (this->IsResynchronizable()) - this->Resynchronize(iv); - } - -protected: - CipherModeBase() : m_cipher(NULL) {} - inline unsigned int BlockSize() const {assert(m_register.size() > 0); return (unsigned int)m_register.size();} - virtual void SetFeedbackSize(unsigned int feedbackSize) - { - if (!(feedbackSize == 0 || feedbackSize == BlockSize())) - throw InvalidArgument("CipherModeBase: feedback size cannot be specified for this cipher mode"); - } - virtual void ResizeBuffers() - { - m_register.New(m_cipher->BlockSize()); - } - - BlockCipher *m_cipher; - AlignedSecByteBlock m_register; -}; - -template <class POLICY_INTERFACE> -class CRYPTOPP_NO_VTABLE ModePolicyCommonTemplate : public CipherModeBase, public POLICY_INTERFACE -{ - unsigned int GetAlignment() const {return m_cipher->OptimalDataAlignment();} - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); -}; - -template <class POLICY_INTERFACE> -void ModePolicyCommonTemplate<POLICY_INTERFACE>::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) -{ - m_cipher->SetKey(key, length, params); - ResizeBuffers(); - int feedbackSize = params.GetIntValueWithDefault(Name::FeedbackSize(), 0); - SetFeedbackSize(feedbackSize); -} - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CFB_ModePolicy : public ModePolicyCommonTemplate<CFB_CipherAbstractPolicy> -{ -public: - IV_Requirement IVRequirement() const {return RANDOM_IV;} - static const char * CRYPTOPP_API StaticAlgorithmName() {return "CFB";} - -protected: - unsigned int GetBytesPerIteration() const {return m_feedbackSize;} - byte * GetRegisterBegin() {return m_register + BlockSize() - m_feedbackSize;} - bool CanIterate() const {return m_feedbackSize == BlockSize();} - void Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount); - void TransformRegister(); - void CipherResynchronize(const byte *iv, size_t length); - void SetFeedbackSize(unsigned int feedbackSize); - void ResizeBuffers(); - - SecByteBlock m_temp; - unsigned int m_feedbackSize; -}; - -inline void CopyOrZero(void *dest, const void *src, size_t s) -{ - if (src) - memcpy_s(dest, s, src, s); - else - memset(dest, 0, s); -} - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE OFB_ModePolicy : public ModePolicyCommonTemplate<AdditiveCipherAbstractPolicy> -{ -public: - bool CipherIsRandomAccess() const {return false;} - IV_Requirement IVRequirement() const {return UNIQUE_IV;} - static const char * CRYPTOPP_API StaticAlgorithmName() {return "OFB";} - -private: - unsigned int GetBytesPerIteration() const {return BlockSize();} - unsigned int GetIterationsToBuffer() const {return m_cipher->OptimalNumberOfParallelBlocks();} - void WriteKeystream(byte *keystreamBuffer, size_t iterationCount); - void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CTR_ModePolicy : public ModePolicyCommonTemplate<AdditiveCipherAbstractPolicy> -{ -public: - bool CipherIsRandomAccess() const {return true;} - IV_Requirement IVRequirement() const {return RANDOM_IV;} - static const char * CRYPTOPP_API StaticAlgorithmName() {return "CTR";} - -protected: - virtual void IncrementCounterBy256(); - - unsigned int GetAlignment() const {return m_cipher->OptimalDataAlignment();} - unsigned int GetBytesPerIteration() const {return BlockSize();} - unsigned int GetIterationsToBuffer() const {return m_cipher->OptimalNumberOfParallelBlocks();} - void WriteKeystream(byte *buffer, size_t iterationCount) - {OperateKeystream(WRITE_KEYSTREAM, buffer, NULL, iterationCount);} - bool CanOperateKeystream() const {return true;} - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); - void SeekToIteration(lword iterationCount); - - AlignedSecByteBlock m_counterArray; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockOrientedCipherModeBase : public CipherModeBase -{ -public: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - unsigned int MandatoryBlockSize() const {return BlockSize();} - bool IsRandomAccess() const {return false;} - bool IsSelfInverting() const {return false;} - bool IsForwardTransformation() const {return m_cipher->IsForwardTransformation();} - void Resynchronize(const byte *iv, int length=-1) {memcpy_s(m_register, m_register.size(), iv, ThrowIfInvalidIVLength(length));} - -protected: - bool RequireAlignedInput() const {return true;} - void ResizeBuffers() - { - CipherModeBase::ResizeBuffers(); - m_buffer.New(BlockSize()); - } - - SecByteBlock m_buffer; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ECB_OneWay : public BlockOrientedCipherModeBase -{ -public: - void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms = g_nullNameValuePairs) - {m_cipher->SetKey(key, length, params); BlockOrientedCipherModeBase::ResizeBuffers();} - IV_Requirement IVRequirement() const {return NOT_RESYNCHRONIZABLE;} - unsigned int OptimalBlockSize() const {return BlockSize() * m_cipher->OptimalNumberOfParallelBlocks();} - void ProcessData(byte *outString, const byte *inString, size_t length); - static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECB";} -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_ModeBase : public BlockOrientedCipherModeBase -{ -public: - IV_Requirement IVRequirement() const {return UNPREDICTABLE_RANDOM_IV;} - bool RequireAlignedInput() const {return false;} - unsigned int MinLastBlockSize() const {return 0;} - static const char * CRYPTOPP_API StaticAlgorithmName() {return "CBC";} -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_Encryption : public CBC_ModeBase -{ -public: - void ProcessData(byte *outString, const byte *inString, size_t length); -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_CTS_Encryption : public CBC_Encryption -{ -public: - void SetStolenIV(byte *iv) {m_stolenIV = iv;} - unsigned int MinLastBlockSize() const {return BlockSize()+1;} - void ProcessLastBlock(byte *outString, const byte *inString, size_t length); - static const char * CRYPTOPP_API StaticAlgorithmName() {return "CBC/CTS";} - -protected: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) - { - CBC_Encryption::UncheckedSetKey(key, length, params); - m_stolenIV = params.GetValueWithDefault(Name::StolenIV(), (byte *)NULL); - } - - byte *m_stolenIV; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_Decryption : public CBC_ModeBase -{ -public: - void ProcessData(byte *outString, const byte *inString, size_t length); - -protected: - void ResizeBuffers() - { - BlockOrientedCipherModeBase::ResizeBuffers(); - m_temp.New(BlockSize()); - } - AlignedSecByteBlock m_temp; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_CTS_Decryption : public CBC_Decryption -{ -public: - unsigned int MinLastBlockSize() const {return BlockSize()+1;} - void ProcessLastBlock(byte *outString, const byte *inString, size_t length); -}; - -//! _ -template <class CIPHER, class BASE> -class CipherModeFinalTemplate_CipherHolder : protected ObjectHolder<CIPHER>, public AlgorithmImpl<BASE, CipherModeFinalTemplate_CipherHolder<CIPHER, BASE> > -{ -public: - CipherModeFinalTemplate_CipherHolder() - { - this->m_cipher = &this->m_object; - this->ResizeBuffers(); - } - CipherModeFinalTemplate_CipherHolder(const byte *key, size_t length) - { - this->m_cipher = &this->m_object; - this->SetKey(key, length); - } - CipherModeFinalTemplate_CipherHolder(const byte *key, size_t length, const byte *iv) - { - this->m_cipher = &this->m_object; - this->SetKey(key, length, MakeParameters(Name::IV(), ConstByteArrayParameter(iv, this->m_cipher->BlockSize()))); - } - CipherModeFinalTemplate_CipherHolder(const byte *key, size_t length, const byte *iv, int feedbackSize) - { - this->m_cipher = &this->m_object; - this->SetKey(key, length, MakeParameters(Name::IV(), ConstByteArrayParameter(iv, this->m_cipher->BlockSize()))(Name::FeedbackSize(), feedbackSize)); - } - - static std::string CRYPTOPP_API StaticAlgorithmName() - {return CIPHER::StaticAlgorithmName() + "/" + BASE::StaticAlgorithmName();} -}; - -//! _ -template <class BASE> -class CipherModeFinalTemplate_ExternalCipher : public BASE -{ -public: - CipherModeFinalTemplate_ExternalCipher() {} - CipherModeFinalTemplate_ExternalCipher(BlockCipher &cipher) - {this->SetCipher(cipher);} - CipherModeFinalTemplate_ExternalCipher(BlockCipher &cipher, const byte *iv, int feedbackSize = 0) - {this->SetCipherWithIV(cipher, iv, feedbackSize);} - - std::string AlgorithmName() const - {return (this->m_cipher ? this->m_cipher->AlgorithmName() + "/" : std::string("")) + BASE::StaticAlgorithmName();} -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS CFB_CipherTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> >; -CRYPTOPP_DLL_TEMPLATE_CLASS CFB_EncryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> >; -CRYPTOPP_DLL_TEMPLATE_CLASS CFB_DecryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> >; - -//! CFB mode -template <class CIPHER> -struct CFB_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ConcretePolicyHolder<Empty, CFB_EncryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > Encryption; - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ConcretePolicyHolder<Empty, CFB_DecryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > Decryption; -}; - -//! CFB mode, external cipher -struct CFB_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, CFB_EncryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > Encryption; - typedef CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, CFB_DecryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > Decryption; -}; - -//! CFB mode FIPS variant, requiring full block plaintext according to FIPS 800-38A -template <class CIPHER> -struct CFB_FIPS_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ConcretePolicyHolder<Empty, CFB_RequireFullDataBlocks<CFB_EncryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > > Encryption; - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ConcretePolicyHolder<Empty, CFB_RequireFullDataBlocks<CFB_DecryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > > Decryption; -}; - -//! CFB mode FIPS variant, requiring full block plaintext according to FIPS 800-38A, external cipher -struct CFB_FIPS_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, CFB_RequireFullDataBlocks<CFB_EncryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > > Encryption; - typedef CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, CFB_RequireFullDataBlocks<CFB_DecryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, CFB_ModePolicy> > > > > Decryption; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, OFB_ModePolicy> >; - -//! OFB mode -template <class CIPHER> -struct OFB_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ConcretePolicyHolder<Empty, AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, OFB_ModePolicy> > > > Encryption; - typedef Encryption Decryption; -}; - -//! OFB mode, external cipher -struct OFB_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, OFB_ModePolicy> > > > Encryption; - typedef Encryption Decryption; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, CTR_ModePolicy> >; -CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, CTR_ModePolicy> > > >; - -//! CTR mode -template <class CIPHER> -struct CTR_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ConcretePolicyHolder<Empty, AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, CTR_ModePolicy> > > > Encryption; - typedef Encryption Decryption; -}; - -//! CTR mode, external cipher -struct CTR_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<ConcretePolicyHolder<Empty, AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, CTR_ModePolicy> > > > Encryption; - typedef Encryption Decryption; -}; - -//! ECB mode -template <class CIPHER> -struct ECB_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, ECB_OneWay> Encryption; - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Decryption, ECB_OneWay> Decryption; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher<ECB_OneWay>; - -//! ECB mode, external cipher -struct ECB_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<ECB_OneWay> Encryption; - typedef Encryption Decryption; -}; - -//! CBC mode -template <class CIPHER> -struct CBC_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, CBC_Encryption> Encryption; - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Decryption, CBC_Decryption> Decryption; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher<CBC_Encryption>; -CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher<CBC_Decryption>; - -//! CBC mode, external cipher -struct CBC_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<CBC_Encryption> Encryption; - typedef CipherModeFinalTemplate_ExternalCipher<CBC_Decryption> Decryption; -}; - -//! CBC mode with ciphertext stealing -template <class CIPHER> -struct CBC_CTS_Mode : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Encryption, CBC_CTS_Encryption> Encryption; - typedef CipherModeFinalTemplate_CipherHolder<CPP_TYPENAME CIPHER::Decryption, CBC_CTS_Decryption> Decryption; -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher<CBC_CTS_Encryption>; -CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher<CBC_CTS_Decryption>; - -//! CBC mode with ciphertext stealing, external cipher -struct CBC_CTS_Mode_ExternalCipher : public CipherModeDocumentation -{ - typedef CipherModeFinalTemplate_ExternalCipher<CBC_CTS_Encryption> Encryption; - typedef CipherModeFinalTemplate_ExternalCipher<CBC_CTS_Decryption> Decryption; -}; - -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY -typedef CFB_Mode_ExternalCipher::Encryption CFBEncryption; -typedef CFB_Mode_ExternalCipher::Decryption CFBDecryption; -typedef OFB_Mode_ExternalCipher::Encryption OFB; -typedef CTR_Mode_ExternalCipher::Encryption CounterMode; -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/modexppc.h b/cryptopp562/modexppc.h deleted file mode 100644 index fbe7012..0000000 --- a/cryptopp562/modexppc.h +++ /dev/null @@ -1,34 +0,0 @@ -#ifndef CRYPTOPP_MODEXPPC_H -#define CRYPTOPP_MODEXPPC_H - -#include "modarith.h" -#include "eprecomp.h" -#include "smartptr.h" -#include "pubkey.h" - -NAMESPACE_BEGIN(CryptoPP) - -CRYPTOPP_DLL_TEMPLATE_CLASS DL_FixedBasePrecomputationImpl<Integer>; - -class ModExpPrecomputation : public DL_GroupPrecomputation<Integer> -{ -public: - // DL_GroupPrecomputation - bool NeedConversions() const {return true;} - Element ConvertIn(const Element &v) const {return m_mr->ConvertIn(v);} - virtual Element ConvertOut(const Element &v) const {return m_mr->ConvertOut(v);} - const AbstractGroup<Element> & GetGroup() const {return m_mr->MultiplicativeGroup();} - Element BERDecodeElement(BufferedTransformation &bt) const {return Integer(bt);} - void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {v.DEREncode(bt);} - - // non-inherited - void SetModulus(const Integer &v) {m_mr.reset(new MontgomeryRepresentation(v));} - const Integer & GetModulus() const {return m_mr->GetModulus();} - -private: - value_ptr<MontgomeryRepresentation> m_mr; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/mqueue.cpp b/cryptopp562/mqueue.cpp deleted file mode 100644 index 1d645d8..0000000 --- a/cryptopp562/mqueue.cpp +++ /dev/null @@ -1,174 +0,0 @@ -// mqueue.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "mqueue.h" - -NAMESPACE_BEGIN(CryptoPP) - -MessageQueue::MessageQueue(unsigned int nodeSize) - : m_queue(nodeSize), m_lengths(1, 0U), m_messageCounts(1, 0U) -{ -} - -size_t MessageQueue::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - if (begin >= MaxRetrievable()) - return 0; - - return m_queue.CopyRangeTo2(target, begin, STDMIN(MaxRetrievable(), end), channel, blocking); -} - -size_t MessageQueue::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - transferBytes = STDMIN(MaxRetrievable(), transferBytes); - size_t blockedBytes = m_queue.TransferTo2(target, transferBytes, channel, blocking); - m_lengths.front() -= transferBytes; - return blockedBytes; -} - -bool MessageQueue::GetNextMessage() -{ - if (NumberOfMessages() > 0 && !AnyRetrievable()) - { - m_lengths.pop_front(); - if (m_messageCounts[0] == 0 && m_messageCounts.size() > 1) - m_messageCounts.pop_front(); - return true; - } - else - return false; -} - -unsigned int MessageQueue::CopyMessagesTo(BufferedTransformation &target, unsigned int count, const std::string &channel) const -{ - ByteQueue::Walker walker(m_queue); - std::deque<lword>::const_iterator it = m_lengths.begin(); - unsigned int i; - for (i=0; i<count && it != --m_lengths.end(); ++i, ++it) - { - walker.TransferTo(target, *it, channel); - if (GetAutoSignalPropagation()) - target.ChannelMessageEnd(channel, GetAutoSignalPropagation()-1); - } - return i; -} - -void MessageQueue::swap(MessageQueue &rhs) -{ - m_queue.swap(rhs.m_queue); - m_lengths.swap(rhs.m_lengths); -} - -const byte * MessageQueue::Spy(size_t &contiguousSize) const -{ - const byte *result = m_queue.Spy(contiguousSize); - contiguousSize = UnsignedMin(contiguousSize, MaxRetrievable()); - return result; -} - -// ************************************************************* - -unsigned int EqualityComparisonFilter::MapChannel(const std::string &channel) const -{ - if (channel == m_firstChannel) - return 0; - else if (channel == m_secondChannel) - return 1; - else - return 2; -} - -size_t EqualityComparisonFilter::ChannelPut2(const std::string &channel, const byte *inString, size_t length, int messageEnd, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("EqualityComparisonFilter"); - - unsigned int i = MapChannel(channel); - - if (i == 2) - return Output(3, inString, length, messageEnd, blocking, channel); - else if (m_mismatchDetected) - return 0; - else - { - MessageQueue &q1 = m_q[i], &q2 = m_q[1-i]; - - if (q2.AnyMessages() && q2.MaxRetrievable() < length) - goto mismatch; - - while (length > 0 && q2.AnyRetrievable()) - { - size_t len = length; - const byte *data = q2.Spy(len); - len = STDMIN(len, length); - if (memcmp(inString, data, len) != 0) - goto mismatch; - inString += len; - length -= len; - q2.Skip(len); - } - - q1.Put(inString, length); - - if (messageEnd) - { - if (q2.AnyRetrievable()) - goto mismatch; - else if (q2.AnyMessages()) - q2.GetNextMessage(); - else if (q2.NumberOfMessageSeries() > 0) - goto mismatch; - else - q1.MessageEnd(); - } - - return 0; - -mismatch: - return HandleMismatchDetected(blocking); - } -} - -bool EqualityComparisonFilter::ChannelMessageSeriesEnd(const std::string &channel, int propagation, bool blocking) -{ - unsigned int i = MapChannel(channel); - - if (i == 2) - { - OutputMessageSeriesEnd(4, propagation, blocking, channel); - return false; - } - else if (m_mismatchDetected) - return false; - else - { - MessageQueue &q1 = m_q[i], &q2 = m_q[1-i]; - - if (q2.AnyRetrievable() || q2.AnyMessages()) - goto mismatch; - else if (q2.NumberOfMessageSeries() > 0) - return Output(2, (const byte *)"\1", 1, 0, blocking) != 0; - else - q1.MessageSeriesEnd(); - - return false; - -mismatch: - return HandleMismatchDetected(blocking); - } -} - -bool EqualityComparisonFilter::HandleMismatchDetected(bool blocking) -{ - m_mismatchDetected = true; - if (m_throwIfNotEqual) - throw MismatchDetected(); - return Output(1, (const byte *)"\0", 1, 0, blocking) != 0; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/mqueue.h b/cryptopp562/mqueue.h deleted file mode 100644 index efa57a7..0000000 --- a/cryptopp562/mqueue.h +++ /dev/null @@ -1,100 +0,0 @@ -#ifndef CRYPTOPP_MQUEUE_H -#define CRYPTOPP_MQUEUE_H - -#include "queue.h" -#include "filters.h" -#include <deque> - -NAMESPACE_BEGIN(CryptoPP) - -//! Message Queue -class CRYPTOPP_DLL MessageQueue : public AutoSignaling<BufferedTransformation> -{ -public: - MessageQueue(unsigned int nodeSize=256); - - void IsolatedInitialize(const NameValuePairs ¶meters) - {m_queue.IsolatedInitialize(parameters); m_lengths.assign(1, 0U); m_messageCounts.assign(1, 0U);} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - { - m_queue.Put(begin, length); - m_lengths.back() += length; - if (messageEnd) - { - m_lengths.push_back(0); - m_messageCounts.back()++; - } - return 0; - } - bool IsolatedFlush(bool hardFlush, bool blocking) {return false;} - bool IsolatedMessageSeriesEnd(bool blocking) - {m_messageCounts.push_back(0); return false;} - - lword MaxRetrievable() const - {return m_lengths.front();} - bool AnyRetrievable() const - {return m_lengths.front() > 0;} - - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - - lword TotalBytesRetrievable() const - {return m_queue.MaxRetrievable();} - unsigned int NumberOfMessages() const - {return (unsigned int)m_lengths.size()-1;} - bool GetNextMessage(); - - unsigned int NumberOfMessagesInThisSeries() const - {return m_messageCounts[0];} - unsigned int NumberOfMessageSeries() const - {return (unsigned int)m_messageCounts.size()-1;} - - unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const; - - const byte * Spy(size_t &contiguousSize) const; - - void swap(MessageQueue &rhs); - -private: - ByteQueue m_queue; - std::deque<lword> m_lengths; - std::deque<unsigned int> m_messageCounts; -}; - - -//! A filter that checks messages on two channels for equality -class CRYPTOPP_DLL EqualityComparisonFilter : public Unflushable<Multichannel<Filter> > -{ -public: - struct MismatchDetected : public Exception {MismatchDetected() : Exception(DATA_INTEGRITY_CHECK_FAILED, "EqualityComparisonFilter: did not receive the same data on two channels") {}}; - - /*! if throwIfNotEqual is false, this filter will output a '\\0' byte when it detects a mismatch, '\\1' otherwise */ - EqualityComparisonFilter(BufferedTransformation *attachment=NULL, bool throwIfNotEqual=true, const std::string &firstChannel="0", const std::string &secondChannel="1") - : m_throwIfNotEqual(throwIfNotEqual), m_mismatchDetected(false) - , m_firstChannel(firstChannel), m_secondChannel(secondChannel) - {Detach(attachment);} - - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); - bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true); - -private: - unsigned int MapChannel(const std::string &channel) const; - bool HandleMismatchDetected(bool blocking); - - bool m_throwIfNotEqual, m_mismatchDetected; - std::string m_firstChannel, m_secondChannel; - MessageQueue m_q[2]; -}; - -NAMESPACE_END - -#ifndef __BORLANDC__ -NAMESPACE_BEGIN(std) -template<> inline void swap(CryptoPP::MessageQueue &a, CryptoPP::MessageQueue &b) -{ - a.swap(b); -} -NAMESPACE_END -#endif - -#endif diff --git a/cryptopp562/mqv.cpp b/cryptopp562/mqv.cpp deleted file mode 100644 index c427561..0000000 --- a/cryptopp562/mqv.cpp +++ /dev/null @@ -1,13 +0,0 @@ -// mqv.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "mqv.h" - -NAMESPACE_BEGIN(CryptoPP) - -void TestInstantiations_MQV() -{ - MQV mqv; -} - -NAMESPACE_END diff --git a/cryptopp562/mqv.h b/cryptopp562/mqv.h deleted file mode 100644 index 2683817..0000000 --- a/cryptopp562/mqv.h +++ /dev/null @@ -1,141 +0,0 @@ -#ifndef CRYPTOPP_MQV_H -#define CRYPTOPP_MQV_H - -/** \file -*/ - -#include "gfpcrypt.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class GROUP_PARAMETERS, class COFACTOR_OPTION = CPP_TYPENAME GROUP_PARAMETERS::DefaultCofactorOption> -class MQV_Domain : public AuthenticatedKeyAgreementDomain -{ -public: - typedef GROUP_PARAMETERS GroupParameters; - typedef typename GroupParameters::Element Element; - typedef MQV_Domain<GROUP_PARAMETERS, COFACTOR_OPTION> Domain; - - MQV_Domain() {} - - MQV_Domain(const GroupParameters ¶ms) - : m_groupParameters(params) {} - - MQV_Domain(BufferedTransformation &bt) - {m_groupParameters.BERDecode(bt);} - - template <class T1, class T2> - MQV_Domain(T1 v1, T2 v2) - {m_groupParameters.Initialize(v1, v2);} - - template <class T1, class T2, class T3> - MQV_Domain(T1 v1, T2 v2, T3 v3) - {m_groupParameters.Initialize(v1, v2, v3);} - - template <class T1, class T2, class T3, class T4> - MQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4) - {m_groupParameters.Initialize(v1, v2, v3, v4);} - - const GroupParameters & GetGroupParameters() const {return m_groupParameters;} - GroupParameters & AccessGroupParameters() {return m_groupParameters;} - - CryptoParameters & AccessCryptoParameters() {return AccessAbstractGroupParameters();} - - unsigned int AgreedValueLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(false);} - unsigned int StaticPrivateKeyLength() const {return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();} - unsigned int StaticPublicKeyLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(true);} - - void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const - { - Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent()); - x.Encode(privateKey, StaticPrivateKeyLength()); - } - - void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const - { - const DL_GroupParameters<Element> ¶ms = GetAbstractGroupParameters(); - Integer x(privateKey, StaticPrivateKeyLength()); - Element y = params.ExponentiateBase(x); - params.EncodeElement(true, y, publicKey); - } - - unsigned int EphemeralPrivateKeyLength() const {return StaticPrivateKeyLength() + StaticPublicKeyLength();} - unsigned int EphemeralPublicKeyLength() const {return StaticPublicKeyLength();} - - void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const - { - const DL_GroupParameters<Element> ¶ms = GetAbstractGroupParameters(); - Integer x(rng, Integer::One(), params.GetMaxExponent()); - x.Encode(privateKey, StaticPrivateKeyLength()); - Element y = params.ExponentiateBase(x); - params.EncodeElement(true, y, privateKey+StaticPrivateKeyLength()); - } - - void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const - { - memcpy(publicKey, privateKey+StaticPrivateKeyLength(), EphemeralPublicKeyLength()); - } - - bool Agree(byte *agreedValue, - const byte *staticPrivateKey, const byte *ephemeralPrivateKey, - const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, - bool validateStaticOtherPublicKey=true) const - { - try - { - const DL_GroupParameters<Element> ¶ms = GetAbstractGroupParameters(); - Element WW = params.DecodeElement(staticOtherPublicKey, validateStaticOtherPublicKey); - Element VV = params.DecodeElement(ephemeralOtherPublicKey, true); - - Integer s(staticPrivateKey, StaticPrivateKeyLength()); - Integer u(ephemeralPrivateKey, StaticPrivateKeyLength()); - Element V = params.DecodeElement(ephemeralPrivateKey+StaticPrivateKeyLength(), false); - - const Integer &r = params.GetSubgroupOrder(); - Integer h2 = Integer::Power2((r.BitCount()+1)/2); - Integer e = ((h2+params.ConvertElementToInteger(V)%h2)*s+u) % r; - Integer tt = h2 + params.ConvertElementToInteger(VV) % h2; - - if (COFACTOR_OPTION::ToEnum() == NO_COFACTOR_MULTIPLICTION) - { - Element P = params.ExponentiateElement(WW, tt); - P = m_groupParameters.MultiplyElements(P, VV); - Element R[2]; - const Integer e2[2] = {r, e}; - params.SimultaneousExponentiate(R, P, e2, 2); - if (!params.IsIdentity(R[0]) || params.IsIdentity(R[1])) - return false; - params.EncodeElement(false, R[1], agreedValue); - } - else - { - const Integer &k = params.GetCofactor(); - if (COFACTOR_OPTION::ToEnum() == COMPATIBLE_COFACTOR_MULTIPLICTION) - e = ModularArithmetic(r).Divide(e, k); - Element P = m_groupParameters.CascadeExponentiate(VV, k*e, WW, k*(e*tt%r)); - if (params.IsIdentity(P)) - return false; - params.EncodeElement(false, P, agreedValue); - } - } - catch (DL_BadElement &) - { - return false; - } - return true; - } - -private: - DL_GroupParameters<Element> & AccessAbstractGroupParameters() {return m_groupParameters;} - const DL_GroupParameters<Element> & GetAbstractGroupParameters() const {return m_groupParameters;} - - GroupParameters m_groupParameters; -}; - -//! Menezes-Qu-Vanstone in GF(p) with key validation, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#MQV">MQV</a> -typedef MQV_Domain<DL_GroupParameters_GFP_DefaultSafePrime> MQV; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/nbtheory.cpp b/cryptopp562/nbtheory.cpp deleted file mode 100644 index 3fdea4e..0000000 --- a/cryptopp562/nbtheory.cpp +++ /dev/null @@ -1,1123 +0,0 @@ -// nbtheory.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "nbtheory.h" -#include "modarith.h" -#include "algparam.h" - -#include <math.h> -#include <vector> - -#ifdef _OPENMP -// needed in MSVC 2005 to generate correct manifest -#include <omp.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -const word s_lastSmallPrime = 32719; - -struct NewPrimeTable -{ - std::vector<word16> * operator()() const - { - const unsigned int maxPrimeTableSize = 3511; - - std::auto_ptr<std::vector<word16> > pPrimeTable(new std::vector<word16>); - std::vector<word16> &primeTable = *pPrimeTable; - primeTable.reserve(maxPrimeTableSize); - - primeTable.push_back(2); - unsigned int testEntriesEnd = 1; - - for (unsigned int p=3; p<=s_lastSmallPrime; p+=2) - { - unsigned int j; - for (j=1; j<testEntriesEnd; j++) - if (p%primeTable[j] == 0) - break; - if (j == testEntriesEnd) - { - primeTable.push_back(p); - testEntriesEnd = UnsignedMin(54U, primeTable.size()); - } - } - - return pPrimeTable.release(); - } -}; - -const word16 * GetPrimeTable(unsigned int &size) -{ - const std::vector<word16> &primeTable = Singleton<std::vector<word16>, NewPrimeTable>().Ref(); - size = (unsigned int)primeTable.size(); - return &primeTable[0]; -} - -bool IsSmallPrime(const Integer &p) -{ - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - - if (p.IsPositive() && p <= primeTable[primeTableSize-1]) - return std::binary_search(primeTable, primeTable+primeTableSize, (word16)p.ConvertToLong()); - else - return false; -} - -bool TrialDivision(const Integer &p, unsigned bound) -{ - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - - assert(primeTable[primeTableSize-1] >= bound); - - unsigned int i; - for (i = 0; primeTable[i]<bound; i++) - if ((p % primeTable[i]) == 0) - return true; - - if (bound == primeTable[i]) - return (p % bound == 0); - else - return false; -} - -bool SmallDivisorsTest(const Integer &p) -{ - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - return !TrialDivision(p, primeTable[primeTableSize-1]); -} - -bool IsFermatProbablePrime(const Integer &n, const Integer &b) -{ - if (n <= 3) - return n==2 || n==3; - - assert(n>3 && b>1 && b<n-1); - return a_exp_b_mod_c(b, n-1, n)==1; -} - -bool IsStrongProbablePrime(const Integer &n, const Integer &b) -{ - if (n <= 3) - return n==2 || n==3; - - assert(n>3 && b>1 && b<n-1); - - if ((n.IsEven() && n!=2) || GCD(b, n) != 1) - return false; - - Integer nminus1 = (n-1); - unsigned int a; - - // calculate a = largest power of 2 that divides (n-1) - for (a=0; ; a++) - if (nminus1.GetBit(a)) - break; - Integer m = nminus1>>a; - - Integer z = a_exp_b_mod_c(b, m, n); - if (z==1 || z==nminus1) - return true; - for (unsigned j=1; j<a; j++) - { - z = z.Squared()%n; - if (z==nminus1) - return true; - if (z==1) - return false; - } - return false; -} - -bool RabinMillerTest(RandomNumberGenerator &rng, const Integer &n, unsigned int rounds) -{ - if (n <= 3) - return n==2 || n==3; - - assert(n>3); - - Integer b; - for (unsigned int i=0; i<rounds; i++) - { - b.Randomize(rng, 2, n-2); - if (!IsStrongProbablePrime(n, b)) - return false; - } - return true; -} - -bool IsLucasProbablePrime(const Integer &n) -{ - if (n <= 1) - return false; - - if (n.IsEven()) - return n==2; - - assert(n>2); - - Integer b=3; - unsigned int i=0; - int j; - - while ((j=Jacobi(b.Squared()-4, n)) == 1) - { - if (++i==64 && n.IsSquare()) // avoid infinite loop if n is a square - return false; - ++b; ++b; - } - - if (j==0) - return false; - else - return Lucas(n+1, b, n)==2; -} - -bool IsStrongLucasProbablePrime(const Integer &n) -{ - if (n <= 1) - return false; - - if (n.IsEven()) - return n==2; - - assert(n>2); - - Integer b=3; - unsigned int i=0; - int j; - - while ((j=Jacobi(b.Squared()-4, n)) == 1) - { - if (++i==64 && n.IsSquare()) // avoid infinite loop if n is a square - return false; - ++b; ++b; - } - - if (j==0) - return false; - - Integer n1 = n+1; - unsigned int a; - - // calculate a = largest power of 2 that divides n1 - for (a=0; ; a++) - if (n1.GetBit(a)) - break; - Integer m = n1>>a; - - Integer z = Lucas(m, b, n); - if (z==2 || z==n-2) - return true; - for (i=1; i<a; i++) - { - z = (z.Squared()-2)%n; - if (z==n-2) - return true; - if (z==2) - return false; - } - return false; -} - -struct NewLastSmallPrimeSquared -{ - Integer * operator()() const - { - return new Integer(Integer(s_lastSmallPrime).Squared()); - } -}; - -bool IsPrime(const Integer &p) -{ - if (p <= s_lastSmallPrime) - return IsSmallPrime(p); - else if (p <= Singleton<Integer, NewLastSmallPrimeSquared>().Ref()) - return SmallDivisorsTest(p); - else - return SmallDivisorsTest(p) && IsStrongProbablePrime(p, 3) && IsStrongLucasProbablePrime(p); -} - -bool VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level) -{ - bool pass = IsPrime(p) && RabinMillerTest(rng, p, 1); - if (level >= 1) - pass = pass && RabinMillerTest(rng, p, 10); - return pass; -} - -unsigned int PrimeSearchInterval(const Integer &max) -{ - return max.BitCount(); -} - -static inline bool FastProbablePrimeTest(const Integer &n) -{ - return IsStrongProbablePrime(n,2); -} - -AlgorithmParameters MakeParametersForTwoPrimesOfEqualSize(unsigned int productBitLength) -{ - if (productBitLength < 16) - throw InvalidArgument("invalid bit length"); - - Integer minP, maxP; - - if (productBitLength%2==0) - { - minP = Integer(182) << (productBitLength/2-8); - maxP = Integer::Power2(productBitLength/2)-1; - } - else - { - minP = Integer::Power2((productBitLength-1)/2); - maxP = Integer(181) << ((productBitLength+1)/2-8); - } - - return MakeParameters("RandomNumberType", Integer::PRIME)("Min", minP)("Max", maxP); -} - -class PrimeSieve -{ -public: - // delta == 1 or -1 means double sieve with p = 2*q + delta - PrimeSieve(const Integer &first, const Integer &last, const Integer &step, signed int delta=0); - bool NextCandidate(Integer &c); - - void DoSieve(); - static void SieveSingle(std::vector<bool> &sieve, word16 p, const Integer &first, const Integer &step, word16 stepInv); - - Integer m_first, m_last, m_step; - signed int m_delta; - word m_next; - std::vector<bool> m_sieve; -}; - -PrimeSieve::PrimeSieve(const Integer &first, const Integer &last, const Integer &step, signed int delta) - : m_first(first), m_last(last), m_step(step), m_delta(delta), m_next(0) -{ - DoSieve(); -} - -bool PrimeSieve::NextCandidate(Integer &c) -{ - bool safe = SafeConvert(std::find(m_sieve.begin()+m_next, m_sieve.end(), false) - m_sieve.begin(), m_next); - assert(safe); - if (m_next == m_sieve.size()) - { - m_first += long(m_sieve.size())*m_step; - if (m_first > m_last) - return false; - else - { - m_next = 0; - DoSieve(); - return NextCandidate(c); - } - } - else - { - c = m_first + long(m_next)*m_step; - ++m_next; - return true; - } -} - -void PrimeSieve::SieveSingle(std::vector<bool> &sieve, word16 p, const Integer &first, const Integer &step, word16 stepInv) -{ - if (stepInv) - { - size_t sieveSize = sieve.size(); - size_t j = (word32(p-(first%p))*stepInv) % p; - // if the first multiple of p is p, skip it - if (first.WordCount() <= 1 && first + step*long(j) == p) - j += p; - for (; j < sieveSize; j += p) - sieve[j] = true; - } -} - -void PrimeSieve::DoSieve() -{ - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - - const unsigned int maxSieveSize = 32768; - unsigned int sieveSize = STDMIN(Integer(maxSieveSize), (m_last-m_first)/m_step+1).ConvertToLong(); - - m_sieve.clear(); - m_sieve.resize(sieveSize, false); - - if (m_delta == 0) - { - for (unsigned int i = 0; i < primeTableSize; ++i) - SieveSingle(m_sieve, primeTable[i], m_first, m_step, (word16)m_step.InverseMod(primeTable[i])); - } - else - { - assert(m_step%2==0); - Integer qFirst = (m_first-m_delta) >> 1; - Integer halfStep = m_step >> 1; - for (unsigned int i = 0; i < primeTableSize; ++i) - { - word16 p = primeTable[i]; - word16 stepInv = (word16)m_step.InverseMod(p); - SieveSingle(m_sieve, p, m_first, m_step, stepInv); - - word16 halfStepInv = 2*stepInv < p ? 2*stepInv : 2*stepInv-p; - SieveSingle(m_sieve, p, qFirst, halfStep, halfStepInv); - } - } -} - -bool FirstPrime(Integer &p, const Integer &max, const Integer &equiv, const Integer &mod, const PrimeSelector *pSelector) -{ - assert(!equiv.IsNegative() && equiv < mod); - - Integer gcd = GCD(equiv, mod); - if (gcd != Integer::One()) - { - // the only possible prime p such that p%mod==equiv where GCD(mod,equiv)!=1 is GCD(mod,equiv) - if (p <= gcd && gcd <= max && IsPrime(gcd) && (!pSelector || pSelector->IsAcceptable(gcd))) - { - p = gcd; - return true; - } - else - return false; - } - - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - - if (p <= primeTable[primeTableSize-1]) - { - const word16 *pItr; - - --p; - if (p.IsPositive()) - pItr = std::upper_bound(primeTable, primeTable+primeTableSize, (word)p.ConvertToLong()); - else - pItr = primeTable; - - while (pItr < primeTable+primeTableSize && !(*pItr%mod == equiv && (!pSelector || pSelector->IsAcceptable(*pItr)))) - ++pItr; - - if (pItr < primeTable+primeTableSize) - { - p = *pItr; - return p <= max; - } - - p = primeTable[primeTableSize-1]+1; - } - - assert(p > primeTable[primeTableSize-1]); - - if (mod.IsOdd()) - return FirstPrime(p, max, CRT(equiv, mod, 1, 2, 1), mod<<1, pSelector); - - p += (equiv-p)%mod; - - if (p>max) - return false; - - PrimeSieve sieve(p, max, mod); - - while (sieve.NextCandidate(p)) - { - if ((!pSelector || pSelector->IsAcceptable(p)) && FastProbablePrimeTest(p) && IsPrime(p)) - return true; - } - - return false; -} - -// the following two functions are based on code and comments provided by Preda Mihailescu -static bool ProvePrime(const Integer &p, const Integer &q) -{ - assert(p < q*q*q); - assert(p % q == 1); - -// this is the Quisquater test. Numbers p having passed the Lucas - Lehmer test -// for q and verifying p < q^3 can only be built up of two factors, both = 1 mod q, -// or be prime. The next two lines build the discriminant of a quadratic equation -// which holds iff p is built up of two factors (excercise ... ) - - Integer r = (p-1)/q; - if (((r%q).Squared()-4*(r/q)).IsSquare()) - return false; - - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - - assert(primeTableSize >= 50); - for (int i=0; i<50; i++) - { - Integer b = a_exp_b_mod_c(primeTable[i], r, p); - if (b != 1) - return a_exp_b_mod_c(b, q, p) == 1; - } - return false; -} - -Integer MihailescuProvablePrime(RandomNumberGenerator &rng, unsigned int pbits) -{ - Integer p; - Integer minP = Integer::Power2(pbits-1); - Integer maxP = Integer::Power2(pbits) - 1; - - if (maxP <= Integer(s_lastSmallPrime).Squared()) - { - // Randomize() will generate a prime provable by trial division - p.Randomize(rng, minP, maxP, Integer::PRIME); - return p; - } - - unsigned int qbits = (pbits+2)/3 + 1 + rng.GenerateWord32(0, pbits/36); - Integer q = MihailescuProvablePrime(rng, qbits); - Integer q2 = q<<1; - - while (true) - { - // this initializes the sieve to search in the arithmetic - // progression p = p_0 + \lambda * q2 = p_0 + 2 * \lambda * q, - // with q the recursively generated prime above. We will be able - // to use Lucas tets for proving primality. A trick of Quisquater - // allows taking q > cubic_root(p) rather then square_root: this - // decreases the recursion. - - p.Randomize(rng, minP, maxP, Integer::ANY, 1, q2); - PrimeSieve sieve(p, STDMIN(p+PrimeSearchInterval(maxP)*q2, maxP), q2); - - while (sieve.NextCandidate(p)) - { - if (FastProbablePrimeTest(p) && ProvePrime(p, q)) - return p; - } - } - - // not reached - return p; -} - -Integer MaurerProvablePrime(RandomNumberGenerator &rng, unsigned int bits) -{ - const unsigned smallPrimeBound = 29, c_opt=10; - Integer p; - - unsigned int primeTableSize; - const word16 * primeTable = GetPrimeTable(primeTableSize); - - if (bits < smallPrimeBound) - { - do - p.Randomize(rng, Integer::Power2(bits-1), Integer::Power2(bits)-1, Integer::ANY, 1, 2); - while (TrialDivision(p, 1 << ((bits+1)/2))); - } - else - { - const unsigned margin = bits > 50 ? 20 : (bits-10)/2; - double relativeSize; - do - relativeSize = pow(2.0, double(rng.GenerateWord32())/0xffffffff - 1); - while (bits * relativeSize >= bits - margin); - - Integer a,b; - Integer q = MaurerProvablePrime(rng, unsigned(bits*relativeSize)); - Integer I = Integer::Power2(bits-2)/q; - Integer I2 = I << 1; - unsigned int trialDivisorBound = (unsigned int)STDMIN((unsigned long)primeTable[primeTableSize-1], (unsigned long)bits*bits/c_opt); - bool success = false; - while (!success) - { - p.Randomize(rng, I, I2, Integer::ANY); - p *= q; p <<= 1; ++p; - if (!TrialDivision(p, trialDivisorBound)) - { - a.Randomize(rng, 2, p-1, Integer::ANY); - b = a_exp_b_mod_c(a, (p-1)/q, p); - success = (GCD(b-1, p) == 1) && (a_exp_b_mod_c(b, q, p) == 1); - } - } - } - return p; -} - -Integer CRT(const Integer &xp, const Integer &p, const Integer &xq, const Integer &q, const Integer &u) -{ - // isn't operator overloading great? - return p * (u * (xq-xp) % q) + xp; -/* - Integer t1 = xq-xp; - cout << hex << t1 << endl; - Integer t2 = u * t1; - cout << hex << t2 << endl; - Integer t3 = t2 % q; - cout << hex << t3 << endl; - Integer t4 = p * t3; - cout << hex << t4 << endl; - Integer t5 = t4 + xp; - cout << hex << t5 << endl; - return t5; -*/ -} - -Integer ModularSquareRoot(const Integer &a, const Integer &p) -{ - if (p%4 == 3) - return a_exp_b_mod_c(a, (p+1)/4, p); - - Integer q=p-1; - unsigned int r=0; - while (q.IsEven()) - { - r++; - q >>= 1; - } - - Integer n=2; - while (Jacobi(n, p) != -1) - ++n; - - Integer y = a_exp_b_mod_c(n, q, p); - Integer x = a_exp_b_mod_c(a, (q-1)/2, p); - Integer b = (x.Squared()%p)*a%p; - x = a*x%p; - Integer tempb, t; - - while (b != 1) - { - unsigned m=0; - tempb = b; - do - { - m++; - b = b.Squared()%p; - if (m==r) - return Integer::Zero(); - } - while (b != 1); - - t = y; - for (unsigned i=0; i<r-m-1; i++) - t = t.Squared()%p; - y = t.Squared()%p; - r = m; - x = x*t%p; - b = tempb*y%p; - } - - assert(x.Squared()%p == a); - return x; -} - -bool SolveModularQuadraticEquation(Integer &r1, Integer &r2, const Integer &a, const Integer &b, const Integer &c, const Integer &p) -{ - Integer D = (b.Squared() - 4*a*c) % p; - switch (Jacobi(D, p)) - { - default: - assert(false); // not reached - return false; - case -1: - return false; - case 0: - r1 = r2 = (-b*(a+a).InverseMod(p)) % p; - assert(((r1.Squared()*a + r1*b + c) % p).IsZero()); - return true; - case 1: - Integer s = ModularSquareRoot(D, p); - Integer t = (a+a).InverseMod(p); - r1 = (s-b)*t % p; - r2 = (-s-b)*t % p; - assert(((r1.Squared()*a + r1*b + c) % p).IsZero()); - assert(((r2.Squared()*a + r2*b + c) % p).IsZero()); - return true; - } -} - -Integer ModularRoot(const Integer &a, const Integer &dp, const Integer &dq, - const Integer &p, const Integer &q, const Integer &u) -{ - Integer p2, q2; - #pragma omp parallel - #pragma omp sections - { - #pragma omp section - p2 = ModularExponentiation((a % p), dp, p); - #pragma omp section - q2 = ModularExponentiation((a % q), dq, q); - } - return CRT(p2, p, q2, q, u); -} - -Integer ModularRoot(const Integer &a, const Integer &e, - const Integer &p, const Integer &q) -{ - Integer dp = EuclideanMultiplicativeInverse(e, p-1); - Integer dq = EuclideanMultiplicativeInverse(e, q-1); - Integer u = EuclideanMultiplicativeInverse(p, q); - assert(!!dp && !!dq && !!u); - return ModularRoot(a, dp, dq, p, q, u); -} - -/* -Integer GCDI(const Integer &x, const Integer &y) -{ - Integer a=x, b=y; - unsigned k=0; - - assert(!!a && !!b); - - while (a[0]==0 && b[0]==0) - { - a >>= 1; - b >>= 1; - k++; - } - - while (a[0]==0) - a >>= 1; - - while (b[0]==0) - b >>= 1; - - while (1) - { - switch (a.Compare(b)) - { - case -1: - b -= a; - while (b[0]==0) - b >>= 1; - break; - - case 0: - return (a <<= k); - - case 1: - a -= b; - while (a[0]==0) - a >>= 1; - break; - - default: - assert(false); - } - } -} - -Integer EuclideanMultiplicativeInverse(const Integer &a, const Integer &b) -{ - assert(b.Positive()); - - if (a.Negative()) - return EuclideanMultiplicativeInverse(a%b, b); - - if (b[0]==0) - { - if (!b || a[0]==0) - return Integer::Zero(); // no inverse - if (a==1) - return 1; - Integer u = EuclideanMultiplicativeInverse(b, a); - if (!u) - return Integer::Zero(); // no inverse - else - return (b*(a-u)+1)/a; - } - - Integer u=1, d=a, v1=b, v3=b, t1, t3, b2=(b+1)>>1; - - if (a[0]) - { - t1 = Integer::Zero(); - t3 = -b; - } - else - { - t1 = b2; - t3 = a>>1; - } - - while (!!t3) - { - while (t3[0]==0) - { - t3 >>= 1; - if (t1[0]==0) - t1 >>= 1; - else - { - t1 >>= 1; - t1 += b2; - } - } - if (t3.Positive()) - { - u = t1; - d = t3; - } - else - { - v1 = b-t1; - v3 = -t3; - } - t1 = u-v1; - t3 = d-v3; - if (t1.Negative()) - t1 += b; - } - if (d==1) - return u; - else - return Integer::Zero(); // no inverse -} -*/ - -int Jacobi(const Integer &aIn, const Integer &bIn) -{ - assert(bIn.IsOdd()); - - Integer b = bIn, a = aIn%bIn; - int result = 1; - - while (!!a) - { - unsigned i=0; - while (a.GetBit(i)==0) - i++; - a>>=i; - - if (i%2==1 && (b%8==3 || b%8==5)) - result = -result; - - if (a%4==3 && b%4==3) - result = -result; - - std::swap(a, b); - a %= b; - } - - return (b==1) ? result : 0; -} - -Integer Lucas(const Integer &e, const Integer &pIn, const Integer &n) -{ - unsigned i = e.BitCount(); - if (i==0) - return Integer::Two(); - - MontgomeryRepresentation m(n); - Integer p=m.ConvertIn(pIn%n), two=m.ConvertIn(Integer::Two()); - Integer v=p, v1=m.Subtract(m.Square(p), two); - - i--; - while (i--) - { - if (e.GetBit(i)) - { - // v = (v*v1 - p) % m; - v = m.Subtract(m.Multiply(v,v1), p); - // v1 = (v1*v1 - 2) % m; - v1 = m.Subtract(m.Square(v1), two); - } - else - { - // v1 = (v*v1 - p) % m; - v1 = m.Subtract(m.Multiply(v,v1), p); - // v = (v*v - 2) % m; - v = m.Subtract(m.Square(v), two); - } - } - return m.ConvertOut(v); -} - -// This is Peter Montgomery's unpublished Lucas sequence evalutation algorithm. -// The total number of multiplies and squares used is less than the binary -// algorithm (see above). Unfortunately I can't get it to run as fast as -// the binary algorithm because of the extra overhead. -/* -Integer Lucas(const Integer &n, const Integer &P, const Integer &modulus) -{ - if (!n) - return 2; - -#define f(A, B, C) m.Subtract(m.Multiply(A, B), C) -#define X2(A) m.Subtract(m.Square(A), two) -#define X3(A) m.Multiply(A, m.Subtract(m.Square(A), three)) - - MontgomeryRepresentation m(modulus); - Integer two=m.ConvertIn(2), three=m.ConvertIn(3); - Integer A=m.ConvertIn(P), B, C, p, d=n, e, r, t, T, U; - - while (d!=1) - { - p = d; - unsigned int b = WORD_BITS * p.WordCount(); - Integer alpha = (Integer(5)<<(2*b-2)).SquareRoot() - Integer::Power2(b-1); - r = (p*alpha)>>b; - e = d-r; - B = A; - C = two; - d = r; - - while (d!=e) - { - if (d<e) - { - swap(d, e); - swap(A, B); - } - - unsigned int dm2 = d[0], em2 = e[0]; - unsigned int dm3 = d%3, em3 = e%3; - -// if ((dm6+em6)%3 == 0 && d <= e + (e>>2)) - if ((dm3+em3==0 || dm3+em3==3) && (t = e, t >>= 2, t += e, d <= t)) - { - // #1 -// t = (d+d-e)/3; -// t = d; t += d; t -= e; t /= 3; -// e = (e+e-d)/3; -// e += e; e -= d; e /= 3; -// d = t; - -// t = (d+e)/3 - t = d; t += e; t /= 3; - e -= t; - d -= t; - - T = f(A, B, C); - U = f(T, A, B); - B = f(T, B, A); - A = U; - continue; - } - -// if (dm6 == em6 && d <= e + (e>>2)) - if (dm3 == em3 && dm2 == em2 && (t = e, t >>= 2, t += e, d <= t)) - { - // #2 -// d = (d-e)>>1; - d -= e; d >>= 1; - B = f(A, B, C); - A = X2(A); - continue; - } - -// if (d <= (e<<2)) - if (d <= (t = e, t <<= 2)) - { - // #3 - d -= e; - C = f(A, B, C); - swap(B, C); - continue; - } - - if (dm2 == em2) - { - // #4 -// d = (d-e)>>1; - d -= e; d >>= 1; - B = f(A, B, C); - A = X2(A); - continue; - } - - if (dm2 == 0) - { - // #5 - d >>= 1; - C = f(A, C, B); - A = X2(A); - continue; - } - - if (dm3 == 0) - { - // #6 -// d = d/3 - e; - d /= 3; d -= e; - T = X2(A); - C = f(T, f(A, B, C), C); - swap(B, C); - A = f(T, A, A); - continue; - } - - if (dm3+em3==0 || dm3+em3==3) - { - // #7 -// d = (d-e-e)/3; - d -= e; d -= e; d /= 3; - T = f(A, B, C); - B = f(T, A, B); - A = X3(A); - continue; - } - - if (dm3 == em3) - { - // #8 -// d = (d-e)/3; - d -= e; d /= 3; - T = f(A, B, C); - C = f(A, C, B); - B = T; - A = X3(A); - continue; - } - - assert(em2 == 0); - // #9 - e >>= 1; - C = f(C, B, A); - B = X2(B); - } - - A = f(A, B, C); - } - -#undef f -#undef X2 -#undef X3 - - return m.ConvertOut(A); -} -*/ - -Integer InverseLucas(const Integer &e, const Integer &m, const Integer &p, const Integer &q, const Integer &u) -{ - Integer d = (m*m-4); - Integer p2, q2; - #pragma omp parallel - #pragma omp sections - { - #pragma omp section - { - p2 = p-Jacobi(d,p); - p2 = Lucas(EuclideanMultiplicativeInverse(e,p2), m, p); - } - #pragma omp section - { - q2 = q-Jacobi(d,q); - q2 = Lucas(EuclideanMultiplicativeInverse(e,q2), m, q); - } - } - return CRT(p2, p, q2, q, u); -} - -unsigned int FactoringWorkFactor(unsigned int n) -{ - // extrapolated from the table in Odlyzko's "The Future of Integer Factorization" - // updated to reflect the factoring of RSA-130 - if (n<5) return 0; - else return (unsigned int)(2.4 * pow((double)n, 1.0/3.0) * pow(log(double(n)), 2.0/3.0) - 5); -} - -unsigned int DiscreteLogWorkFactor(unsigned int n) -{ - // assuming discrete log takes about the same time as factoring - if (n<5) return 0; - else return (unsigned int)(2.4 * pow((double)n, 1.0/3.0) * pow(log(double(n)), 2.0/3.0) - 5); -} - -// ******************************************************** - -void PrimeAndGenerator::Generate(signed int delta, RandomNumberGenerator &rng, unsigned int pbits, unsigned int qbits) -{ - // no prime exists for delta = -1, qbits = 4, and pbits = 5 - assert(qbits > 4); - assert(pbits > qbits); - - if (qbits+1 == pbits) - { - Integer minP = Integer::Power2(pbits-1); - Integer maxP = Integer::Power2(pbits) - 1; - bool success = false; - - while (!success) - { - p.Randomize(rng, minP, maxP, Integer::ANY, 6+5*delta, 12); - PrimeSieve sieve(p, STDMIN(p+PrimeSearchInterval(maxP)*12, maxP), 12, delta); - - while (sieve.NextCandidate(p)) - { - assert(IsSmallPrime(p) || SmallDivisorsTest(p)); - q = (p-delta) >> 1; - assert(IsSmallPrime(q) || SmallDivisorsTest(q)); - if (FastProbablePrimeTest(q) && FastProbablePrimeTest(p) && IsPrime(q) && IsPrime(p)) - { - success = true; - break; - } - } - } - - if (delta == 1) - { - // find g such that g is a quadratic residue mod p, then g has order q - // g=4 always works, but this way we get the smallest quadratic residue (other than 1) - for (g=2; Jacobi(g, p) != 1; ++g) {} - // contributed by Walt Tuvell: g should be the following according to the Law of Quadratic Reciprocity - assert((p%8==1 || p%8==7) ? g==2 : (p%12==1 || p%12==11) ? g==3 : g==4); - } - else - { - assert(delta == -1); - // find g such that g*g-4 is a quadratic non-residue, - // and such that g has order q - for (g=3; ; ++g) - if (Jacobi(g*g-4, p)==-1 && Lucas(q, g, p)==2) - break; - } - } - else - { - Integer minQ = Integer::Power2(qbits-1); - Integer maxQ = Integer::Power2(qbits) - 1; - Integer minP = Integer::Power2(pbits-1); - Integer maxP = Integer::Power2(pbits) - 1; - - do - { - q.Randomize(rng, minQ, maxQ, Integer::PRIME); - } while (!p.Randomize(rng, minP, maxP, Integer::PRIME, delta%q, q)); - - // find a random g of order q - if (delta==1) - { - do - { - Integer h(rng, 2, p-2, Integer::ANY); - g = a_exp_b_mod_c(h, (p-1)/q, p); - } while (g <= 1); - assert(a_exp_b_mod_c(g, q, p)==1); - } - else - { - assert(delta==-1); - do - { - Integer h(rng, 3, p-1, Integer::ANY); - if (Jacobi(h*h-4, p)==1) - continue; - g = Lucas((p+1)/q, h, p); - } while (g <= 2); - assert(Lucas(q, g, p) == 2); - } - } -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/nbtheory.h b/cryptopp562/nbtheory.h deleted file mode 100644 index 6364792..0000000 --- a/cryptopp562/nbtheory.h +++ /dev/null @@ -1,131 +0,0 @@ -// nbtheory.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_NBTHEORY_H -#define CRYPTOPP_NBTHEORY_H - -#include "integer.h" -#include "algparam.h" - -NAMESPACE_BEGIN(CryptoPP) - -// obtain pointer to small prime table and get its size -CRYPTOPP_DLL const word16 * CRYPTOPP_API GetPrimeTable(unsigned int &size); - -// ************ primality testing **************** - -// generate a provable prime -CRYPTOPP_DLL Integer CRYPTOPP_API MaurerProvablePrime(RandomNumberGenerator &rng, unsigned int bits); -CRYPTOPP_DLL Integer CRYPTOPP_API MihailescuProvablePrime(RandomNumberGenerator &rng, unsigned int bits); - -CRYPTOPP_DLL bool CRYPTOPP_API IsSmallPrime(const Integer &p); - -// returns true if p is divisible by some prime less than bound -// bound not be greater than the largest entry in the prime table -CRYPTOPP_DLL bool CRYPTOPP_API TrialDivision(const Integer &p, unsigned bound); - -// returns true if p is NOT divisible by small primes -CRYPTOPP_DLL bool CRYPTOPP_API SmallDivisorsTest(const Integer &p); - -// These is no reason to use these two, use the ones below instead -CRYPTOPP_DLL bool CRYPTOPP_API IsFermatProbablePrime(const Integer &n, const Integer &b); -CRYPTOPP_DLL bool CRYPTOPP_API IsLucasProbablePrime(const Integer &n); - -CRYPTOPP_DLL bool CRYPTOPP_API IsStrongProbablePrime(const Integer &n, const Integer &b); -CRYPTOPP_DLL bool CRYPTOPP_API IsStrongLucasProbablePrime(const Integer &n); - -// Rabin-Miller primality test, i.e. repeating the strong probable prime test -// for several rounds with random bases -CRYPTOPP_DLL bool CRYPTOPP_API RabinMillerTest(RandomNumberGenerator &rng, const Integer &w, unsigned int rounds); - -// primality test, used to generate primes -CRYPTOPP_DLL bool CRYPTOPP_API IsPrime(const Integer &p); - -// more reliable than IsPrime(), used to verify primes generated by others -CRYPTOPP_DLL bool CRYPTOPP_API VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level = 1); - -class CRYPTOPP_DLL PrimeSelector -{ -public: - const PrimeSelector *GetSelectorPointer() const {return this;} - virtual bool IsAcceptable(const Integer &candidate) const =0; -}; - -// use a fast sieve to find the first probable prime in {x | p<=x<=max and x%mod==equiv} -// returns true iff successful, value of p is undefined if no such prime exists -CRYPTOPP_DLL bool CRYPTOPP_API FirstPrime(Integer &p, const Integer &max, const Integer &equiv, const Integer &mod, const PrimeSelector *pSelector); - -CRYPTOPP_DLL unsigned int CRYPTOPP_API PrimeSearchInterval(const Integer &max); - -CRYPTOPP_DLL AlgorithmParameters CRYPTOPP_API MakeParametersForTwoPrimesOfEqualSize(unsigned int productBitLength); - -// ********** other number theoretic functions ************ - -inline Integer GCD(const Integer &a, const Integer &b) - {return Integer::Gcd(a,b);} -inline bool RelativelyPrime(const Integer &a, const Integer &b) - {return Integer::Gcd(a,b) == Integer::One();} -inline Integer LCM(const Integer &a, const Integer &b) - {return a/Integer::Gcd(a,b)*b;} -inline Integer EuclideanMultiplicativeInverse(const Integer &a, const Integer &b) - {return a.InverseMod(b);} - -// use Chinese Remainder Theorem to calculate x given x mod p and x mod q, and u = inverse of p mod q -CRYPTOPP_DLL Integer CRYPTOPP_API CRT(const Integer &xp, const Integer &p, const Integer &xq, const Integer &q, const Integer &u); - -// if b is prime, then Jacobi(a, b) returns 0 if a%b==0, 1 if a is quadratic residue mod b, -1 otherwise -// check a number theory book for what Jacobi symbol means when b is not prime -CRYPTOPP_DLL int CRYPTOPP_API Jacobi(const Integer &a, const Integer &b); - -// calculates the Lucas function V_e(p, 1) mod n -CRYPTOPP_DLL Integer CRYPTOPP_API Lucas(const Integer &e, const Integer &p, const Integer &n); -// calculates x such that m==Lucas(e, x, p*q), p q primes, u=inverse of p mod q -CRYPTOPP_DLL Integer CRYPTOPP_API InverseLucas(const Integer &e, const Integer &m, const Integer &p, const Integer &q, const Integer &u); - -inline Integer ModularExponentiation(const Integer &a, const Integer &e, const Integer &m) - {return a_exp_b_mod_c(a, e, m);} -// returns x such that x*x%p == a, p prime -CRYPTOPP_DLL Integer CRYPTOPP_API ModularSquareRoot(const Integer &a, const Integer &p); -// returns x such that a==ModularExponentiation(x, e, p*q), p q primes, -// and e relatively prime to (p-1)*(q-1) -// dp=d%(p-1), dq=d%(q-1), (d is inverse of e mod (p-1)*(q-1)) -// and u=inverse of p mod q -CRYPTOPP_DLL Integer CRYPTOPP_API ModularRoot(const Integer &a, const Integer &dp, const Integer &dq, const Integer &p, const Integer &q, const Integer &u); - -// find r1 and r2 such that ax^2 + bx + c == 0 (mod p) for x in {r1, r2}, p prime -// returns true if solutions exist -CRYPTOPP_DLL bool CRYPTOPP_API SolveModularQuadraticEquation(Integer &r1, Integer &r2, const Integer &a, const Integer &b, const Integer &c, const Integer &p); - -// returns log base 2 of estimated number of operations to calculate discrete log or factor a number -CRYPTOPP_DLL unsigned int CRYPTOPP_API DiscreteLogWorkFactor(unsigned int bitlength); -CRYPTOPP_DLL unsigned int CRYPTOPP_API FactoringWorkFactor(unsigned int bitlength); - -// ******************************************************** - -//! generator of prime numbers of special forms -class CRYPTOPP_DLL PrimeAndGenerator -{ -public: - PrimeAndGenerator() {} - // generate a random prime p of the form 2*q+delta, where delta is 1 or -1 and q is also prime - // Precondition: pbits > 5 - // warning: this is slow, because primes of this form are harder to find - PrimeAndGenerator(signed int delta, RandomNumberGenerator &rng, unsigned int pbits) - {Generate(delta, rng, pbits, pbits-1);} - // generate a random prime p of the form 2*r*q+delta, where q is also prime - // Precondition: qbits > 4 && pbits > qbits - PrimeAndGenerator(signed int delta, RandomNumberGenerator &rng, unsigned int pbits, unsigned qbits) - {Generate(delta, rng, pbits, qbits);} - - void Generate(signed int delta, RandomNumberGenerator &rng, unsigned int pbits, unsigned qbits); - - const Integer& Prime() const {return p;} - const Integer& SubPrime() const {return q;} - const Integer& Generator() const {return g;} - -private: - Integer p, q, g; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/network.cpp b/cryptopp562/network.cpp deleted file mode 100644 index 9b7198d..0000000 --- a/cryptopp562/network.cpp +++ /dev/null @@ -1,550 +0,0 @@ -// network.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "network.h" -#include "wait.h" - -#define CRYPTOPP_TRACE_NETWORK 0 - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef HIGHRES_TIMER_AVAILABLE - -lword LimitedBandwidth::ComputeCurrentTransceiveLimit() -{ - if (!m_maxBytesPerSecond) - return ULONG_MAX; - - double curTime = GetCurTimeAndCleanUp(); - lword total = 0; - for (OpQueue::size_type i=0; i!=m_ops.size(); ++i) - total += m_ops[i].second; - return SaturatingSubtract(m_maxBytesPerSecond, total); -} - -double LimitedBandwidth::TimeToNextTransceive() -{ - if (!m_maxBytesPerSecond) - return 0; - - if (!m_nextTransceiveTime) - ComputeNextTransceiveTime(); - - return SaturatingSubtract(m_nextTransceiveTime, m_timer.ElapsedTimeAsDouble()); -} - -void LimitedBandwidth::NoteTransceive(lword size) -{ - if (m_maxBytesPerSecond) - { - double curTime = GetCurTimeAndCleanUp(); - m_ops.push_back(std::make_pair(curTime, size)); - m_nextTransceiveTime = 0; - } -} - -void LimitedBandwidth::ComputeNextTransceiveTime() -{ - double curTime = GetCurTimeAndCleanUp(); - lword total = 0; - for (unsigned int i=0; i!=m_ops.size(); ++i) - total += m_ops[i].second; - m_nextTransceiveTime = - (total < m_maxBytesPerSecond) ? curTime : m_ops.front().first + 1000; -} - -double LimitedBandwidth::GetCurTimeAndCleanUp() -{ - if (!m_maxBytesPerSecond) - return 0; - - double curTime = m_timer.ElapsedTimeAsDouble(); - while (m_ops.size() && (m_ops.front().first + 1000 < curTime)) - m_ops.pop_front(); - return curTime; -} - -void LimitedBandwidth::GetWaitObjects(WaitObjectContainer &container, const CallStack &callStack) -{ - double nextTransceiveTime = TimeToNextTransceive(); - if (nextTransceiveTime) - container.ScheduleEvent(nextTransceiveTime, CallStack("LimitedBandwidth::GetWaitObjects()", &callStack)); -} - -// ************************************************************* - -size_t NonblockingSource::GeneralPump2( - lword& byteCount, bool blockingOutput, - unsigned long maxTime, bool checkDelimiter, byte delimiter) -{ - m_blockedBySpeedLimit = false; - - if (!GetMaxBytesPerSecond()) - { - size_t ret = DoPump(byteCount, blockingOutput, maxTime, checkDelimiter, delimiter); - m_doPumpBlocked = (ret != 0); - return ret; - } - - bool forever = (maxTime == INFINITE_TIME); - unsigned long timeToGo = maxTime; - Timer timer(Timer::MILLISECONDS, forever); - lword maxSize = byteCount; - byteCount = 0; - - timer.StartTimer(); - - while (true) - { - lword curMaxSize = UnsignedMin(ComputeCurrentTransceiveLimit(), maxSize - byteCount); - - if (curMaxSize || m_doPumpBlocked) - { - if (!forever) timeToGo = SaturatingSubtract(maxTime, timer.ElapsedTime()); - size_t ret = DoPump(curMaxSize, blockingOutput, timeToGo, checkDelimiter, delimiter); - m_doPumpBlocked = (ret != 0); - if (curMaxSize) - { - NoteTransceive(curMaxSize); - byteCount += curMaxSize; - } - if (ret) - return ret; - } - - if (maxSize != ULONG_MAX && byteCount >= maxSize) - break; - - if (!forever) - { - timeToGo = SaturatingSubtract(maxTime, timer.ElapsedTime()); - if (!timeToGo) - break; - } - - double waitTime = TimeToNextTransceive(); - if (!forever && waitTime > timeToGo) - { - m_blockedBySpeedLimit = true; - break; - } - - WaitObjectContainer container; - LimitedBandwidth::GetWaitObjects(container, CallStack("NonblockingSource::GeneralPump2() - speed limit", 0)); - container.Wait((unsigned long)waitTime); - } - - return 0; -} - -size_t NonblockingSource::PumpMessages2(unsigned int &messageCount, bool blocking) -{ - if (messageCount == 0) - return 0; - - messageCount = 0; - - lword byteCount; - do { - byteCount = LWORD_MAX; - RETURN_IF_NONZERO(Pump2(byteCount, blocking)); - } while(byteCount == LWORD_MAX); - - if (!m_messageEndSent && SourceExhausted()) - { - RETURN_IF_NONZERO(AttachedTransformation()->Put2(NULL, 0, GetAutoSignalPropagation(), true)); - m_messageEndSent = true; - messageCount = 1; - } - return 0; -} - -lword NonblockingSink::TimedFlush(unsigned long maxTime, size_t targetSize) -{ - m_blockedBySpeedLimit = false; - - size_t curBufSize = GetCurrentBufferSize(); - if (curBufSize <= targetSize && (targetSize || !EofPending())) - return 0; - - if (!GetMaxBytesPerSecond()) - return DoFlush(maxTime, targetSize); - - bool forever = (maxTime == INFINITE_TIME); - unsigned long timeToGo = maxTime; - Timer timer(Timer::MILLISECONDS, forever); - lword totalFlushed = 0; - - timer.StartTimer(); - - while (true) - { - size_t flushSize = UnsignedMin(curBufSize - targetSize, ComputeCurrentTransceiveLimit()); - if (flushSize || EofPending()) - { - if (!forever) timeToGo = SaturatingSubtract(maxTime, timer.ElapsedTime()); - size_t ret = (size_t)DoFlush(timeToGo, curBufSize - flushSize); - if (ret) - { - NoteTransceive(ret); - curBufSize -= ret; - totalFlushed += ret; - } - } - - if (curBufSize <= targetSize && (targetSize || !EofPending())) - break; - - if (!forever) - { - timeToGo = SaturatingSubtract(maxTime, timer.ElapsedTime()); - if (!timeToGo) - break; - } - - double waitTime = TimeToNextTransceive(); - if (!forever && waitTime > timeToGo) - { - m_blockedBySpeedLimit = true; - break; - } - - WaitObjectContainer container; - LimitedBandwidth::GetWaitObjects(container, CallStack("NonblockingSink::TimedFlush() - speed limit", 0)); - container.Wait((unsigned long)waitTime); - } - - return totalFlushed; -} - -bool NonblockingSink::IsolatedFlush(bool hardFlush, bool blocking) -{ - TimedFlush(blocking ? INFINITE_TIME : 0); - return hardFlush && (!!GetCurrentBufferSize() || EofPending()); -} - -// ************************************************************* - -NetworkSource::NetworkSource(BufferedTransformation *attachment) - : NonblockingSource(attachment), m_buf(1024*16) - , m_waitingForResult(false), m_outputBlocked(false) - , m_dataBegin(0), m_dataEnd(0) -{ -} - -unsigned int NetworkSource::GetMaxWaitObjectCount() const -{ - return LimitedBandwidth::GetMaxWaitObjectCount() - + GetReceiver().GetMaxWaitObjectCount() - + AttachedTransformation()->GetMaxWaitObjectCount(); -} - -void NetworkSource::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (BlockedBySpeedLimit()) - LimitedBandwidth::GetWaitObjects(container, CallStack("NetworkSource::GetWaitObjects() - speed limit", &callStack)); - else if (!m_outputBlocked) - { - if (m_dataBegin == m_dataEnd) - AccessReceiver().GetWaitObjects(container, CallStack("NetworkSource::GetWaitObjects() - no data", &callStack)); - else - container.SetNoWait(CallStack("NetworkSource::GetWaitObjects() - have data", &callStack)); - } - - AttachedTransformation()->GetWaitObjects(container, CallStack("NetworkSource::GetWaitObjects() - attachment", &callStack)); -} - -size_t NetworkSource::DoPump(lword &byteCount, bool blockingOutput, unsigned long maxTime, bool checkDelimiter, byte delimiter) -{ - NetworkReceiver &receiver = AccessReceiver(); - - lword maxSize = byteCount; - byteCount = 0; - bool forever = maxTime == INFINITE_TIME; - Timer timer(Timer::MILLISECONDS, forever); - BufferedTransformation *t = AttachedTransformation(); - - if (m_outputBlocked) - goto DoOutput; - - while (true) - { - if (m_dataBegin == m_dataEnd) - { - if (receiver.EofReceived()) - break; - - if (m_waitingForResult) - { - if (receiver.MustWaitForResult() && - !receiver.Wait(SaturatingSubtract(maxTime, timer.ElapsedTime()), - CallStack("NetworkSource::DoPump() - wait receive result", 0))) - break; - - unsigned int recvResult = receiver.GetReceiveResult(); -#if CRYPTOPP_TRACE_NETWORK - OutputDebugString((IntToString((unsigned int)this) + ": Received " + IntToString(recvResult) + " bytes\n").c_str()); -#endif - m_dataEnd += recvResult; - m_waitingForResult = false; - - if (!receiver.MustWaitToReceive() && !receiver.EofReceived() && m_dataEnd != m_buf.size()) - goto ReceiveNoWait; - } - else - { - m_dataEnd = m_dataBegin = 0; - - if (receiver.MustWaitToReceive()) - { - if (!receiver.Wait(SaturatingSubtract(maxTime, timer.ElapsedTime()), - CallStack("NetworkSource::DoPump() - wait receive", 0))) - break; - - receiver.Receive(m_buf+m_dataEnd, m_buf.size()-m_dataEnd); - m_waitingForResult = true; - } - else - { -ReceiveNoWait: - m_waitingForResult = true; - // call Receive repeatedly as long as data is immediately available, - // because some receivers tend to return data in small pieces -#if CRYPTOPP_TRACE_NETWORK - OutputDebugString((IntToString((unsigned int)this) + ": Receiving " + IntToString(m_buf.size()-m_dataEnd) + " bytes\n").c_str()); -#endif - while (receiver.Receive(m_buf+m_dataEnd, m_buf.size()-m_dataEnd)) - { - unsigned int recvResult = receiver.GetReceiveResult(); -#if CRYPTOPP_TRACE_NETWORK - OutputDebugString((IntToString((unsigned int)this) + ": Received " + IntToString(recvResult) + " bytes\n").c_str()); -#endif - m_dataEnd += recvResult; - if (receiver.EofReceived() || m_dataEnd > m_buf.size() /2) - { - m_waitingForResult = false; - break; - } - } - } - } - } - else - { - m_putSize = UnsignedMin(m_dataEnd - m_dataBegin, maxSize - byteCount); - - if (checkDelimiter) - m_putSize = std::find(m_buf+m_dataBegin, m_buf+m_dataBegin+m_putSize, delimiter) - (m_buf+m_dataBegin); - -DoOutput: - size_t result = t->PutModifiable2(m_buf+m_dataBegin, m_putSize, 0, forever || blockingOutput); - if (result) - { - if (t->Wait(SaturatingSubtract(maxTime, timer.ElapsedTime()), - CallStack("NetworkSource::DoPump() - wait attachment", 0))) - goto DoOutput; - else - { - m_outputBlocked = true; - return result; - } - } - m_outputBlocked = false; - - byteCount += m_putSize; - m_dataBegin += m_putSize; - if (checkDelimiter && m_dataBegin < m_dataEnd && m_buf[m_dataBegin] == delimiter) - break; - if (maxSize != ULONG_MAX && byteCount == maxSize) - break; - // once time limit is reached, return even if there is more data waiting - // but make 0 a special case so caller can request a large amount of data to be - // pumped as long as it is immediately available - if (maxTime > 0 && timer.ElapsedTime() > maxTime) - break; - } - } - - return 0; -} - -// ************************************************************* - -NetworkSink::NetworkSink(unsigned int maxBufferSize, unsigned int autoFlushBound) - : m_maxBufferSize(maxBufferSize), m_autoFlushBound(autoFlushBound) - , m_needSendResult(false), m_wasBlocked(false), m_eofState(EOF_NONE) - , m_buffer(STDMIN(16U*1024U+256, maxBufferSize)), m_skipBytes(0) - , m_speedTimer(Timer::MILLISECONDS), m_byteCountSinceLastTimerReset(0) - , m_currentSpeed(0), m_maxObservedSpeed(0) -{ -} - -float NetworkSink::ComputeCurrentSpeed() -{ - if (m_speedTimer.ElapsedTime() > 1000) - { - m_currentSpeed = m_byteCountSinceLastTimerReset * 1000 / m_speedTimer.ElapsedTime(); - m_maxObservedSpeed = STDMAX(m_currentSpeed, m_maxObservedSpeed * 0.98f); - m_byteCountSinceLastTimerReset = 0; - m_speedTimer.StartTimer(); -// OutputDebugString(("max speed: " + IntToString((int)m_maxObservedSpeed) + " current speed: " + IntToString((int)m_currentSpeed) + "\n").c_str()); - } - return m_currentSpeed; -} - -float NetworkSink::GetMaxObservedSpeed() const -{ - lword m = GetMaxBytesPerSecond(); - return m ? STDMIN(m_maxObservedSpeed, float(CRYPTOPP_VC6_INT64 m)) : m_maxObservedSpeed; -} - -unsigned int NetworkSink::GetMaxWaitObjectCount() const -{ - return LimitedBandwidth::GetMaxWaitObjectCount() + GetSender().GetMaxWaitObjectCount(); -} - -void NetworkSink::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (BlockedBySpeedLimit()) - LimitedBandwidth::GetWaitObjects(container, CallStack("NetworkSink::GetWaitObjects() - speed limit", &callStack)); - else if (m_wasBlocked) - AccessSender().GetWaitObjects(container, CallStack("NetworkSink::GetWaitObjects() - was blocked", &callStack)); - else if (!m_buffer.IsEmpty()) - AccessSender().GetWaitObjects(container, CallStack("NetworkSink::GetWaitObjects() - buffer not empty", &callStack)); - else if (EofPending()) - AccessSender().GetWaitObjects(container, CallStack("NetworkSink::GetWaitObjects() - EOF pending", &callStack)); -} - -size_t NetworkSink::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - if (m_eofState == EOF_DONE) - { - if (length || messageEnd) - throw Exception(Exception::OTHER_ERROR, "NetworkSink::Put2() being called after EOF had been sent"); - - return 0; - } - - if (m_eofState > EOF_NONE) - goto EofSite; - - { - if (m_skipBytes) - { - assert(length >= m_skipBytes); - inString += m_skipBytes; - length -= m_skipBytes; - } - - m_buffer.Put(inString, length); - - if (!blocking || m_buffer.CurrentSize() > m_autoFlushBound) - TimedFlush(0, 0); - - size_t targetSize = messageEnd ? 0 : m_maxBufferSize; - if (blocking) - TimedFlush(INFINITE_TIME, targetSize); - - if (m_buffer.CurrentSize() > targetSize) - { - assert(!blocking); - m_wasBlocked = true; - m_skipBytes += length; - size_t blockedBytes = UnsignedMin(length, m_buffer.CurrentSize() - targetSize); - return STDMAX<size_t>(blockedBytes, 1); - } - - m_wasBlocked = false; - m_skipBytes = 0; - } - - if (messageEnd) - { - m_eofState = EOF_PENDING_SEND; - - EofSite: - TimedFlush(blocking ? INFINITE_TIME : 0, 0); - if (m_eofState != EOF_DONE) - return 1; - } - - return 0; -} - -lword NetworkSink::DoFlush(unsigned long maxTime, size_t targetSize) -{ - NetworkSender &sender = AccessSender(); - - bool forever = maxTime == INFINITE_TIME; - Timer timer(Timer::MILLISECONDS, forever); - unsigned int totalFlushSize = 0; - - while (true) - { - if (m_buffer.CurrentSize() <= targetSize) - break; - - if (m_needSendResult) - { - if (sender.MustWaitForResult() && - !sender.Wait(SaturatingSubtract(maxTime, timer.ElapsedTime()), - CallStack("NetworkSink::DoFlush() - wait send result", 0))) - break; - - unsigned int sendResult = sender.GetSendResult(); -#if CRYPTOPP_TRACE_NETWORK - OutputDebugString((IntToString((unsigned int)this) + ": Sent " + IntToString(sendResult) + " bytes\n").c_str()); -#endif - m_buffer.Skip(sendResult); - totalFlushSize += sendResult; - m_needSendResult = false; - - if (!m_buffer.AnyRetrievable()) - break; - } - - unsigned long timeOut = maxTime ? SaturatingSubtract(maxTime, timer.ElapsedTime()) : 0; - if (sender.MustWaitToSend() && !sender.Wait(timeOut, CallStack("NetworkSink::DoFlush() - wait send", 0))) - break; - - size_t contiguousSize = 0; - const byte *block = m_buffer.Spy(contiguousSize); - -#if CRYPTOPP_TRACE_NETWORK - OutputDebugString((IntToString((unsigned int)this) + ": Sending " + IntToString(contiguousSize) + " bytes\n").c_str()); -#endif - sender.Send(block, contiguousSize); - m_needSendResult = true; - - if (maxTime > 0 && timeOut == 0) - break; // once time limit is reached, return even if there is more data waiting - } - - m_byteCountSinceLastTimerReset += totalFlushSize; - ComputeCurrentSpeed(); - - if (m_buffer.IsEmpty() && !m_needSendResult) - { - if (m_eofState == EOF_PENDING_SEND) - { - sender.SendEof(); - m_eofState = sender.MustWaitForEof() ? EOF_PENDING_DELIVERY : EOF_DONE; - } - - while (m_eofState == EOF_PENDING_DELIVERY) - { - unsigned long timeOut = maxTime ? SaturatingSubtract(maxTime, timer.ElapsedTime()) : 0; - if (!sender.Wait(timeOut, CallStack("NetworkSink::DoFlush() - wait EOF", 0))) - break; - - if (sender.EofSent()) - m_eofState = EOF_DONE; - } - } - - return totalFlushSize; -} - -#endif // #ifdef HIGHRES_TIMER_AVAILABLE - -NAMESPACE_END diff --git a/cryptopp562/network.h b/cryptopp562/network.h deleted file mode 100644 index 96cd456..0000000 --- a/cryptopp562/network.h +++ /dev/null @@ -1,235 +0,0 @@ -#ifndef CRYPTOPP_NETWORK_H -#define CRYPTOPP_NETWORK_H - -#include "config.h" - -#ifdef HIGHRES_TIMER_AVAILABLE - -#include "filters.h" -#include "hrtimer.h" - -#include <deque> - -NAMESPACE_BEGIN(CryptoPP) - -class LimitedBandwidth -{ -public: - LimitedBandwidth(lword maxBytesPerSecond = 0) - : m_maxBytesPerSecond(maxBytesPerSecond), m_timer(Timer::MILLISECONDS) - , m_nextTransceiveTime(0) - { m_timer.StartTimer(); } - - lword GetMaxBytesPerSecond() const - { return m_maxBytesPerSecond; } - - void SetMaxBytesPerSecond(lword v) - { m_maxBytesPerSecond = v; } - - lword ComputeCurrentTransceiveLimit(); - - double TimeToNextTransceive(); - - void NoteTransceive(lword size); - -public: - /*! GetWaitObjects() must be called despite the 0 return from GetMaxWaitObjectCount(); - the 0 is because the ScheduleEvent() method is used instead of adding a wait object */ - unsigned int GetMaxWaitObjectCount() const { return 0; } - void GetWaitObjects(WaitObjectContainer &container, const CallStack &callStack); - -private: - lword m_maxBytesPerSecond; - - typedef std::deque<std::pair<double, lword> > OpQueue; - OpQueue m_ops; - - Timer m_timer; - double m_nextTransceiveTime; - - void ComputeNextTransceiveTime(); - double GetCurTimeAndCleanUp(); -}; - -//! a Source class that can pump from a device for a specified amount of time. -class CRYPTOPP_NO_VTABLE NonblockingSource : public AutoSignaling<Source>, public LimitedBandwidth -{ -public: - NonblockingSource(BufferedTransformation *attachment) - : m_messageEndSent(false) , m_doPumpBlocked(false), m_blockedBySpeedLimit(false) {Detach(attachment);} - - //! \name NONBLOCKING SOURCE - //@{ - - //! pump up to maxSize bytes using at most maxTime milliseconds - /*! If checkDelimiter is true, pump up to delimiter, which itself is not extracted or pumped. */ - size_t GeneralPump2(lword &byteCount, bool blockingOutput=true, unsigned long maxTime=INFINITE_TIME, bool checkDelimiter=false, byte delimiter='\n'); - - lword GeneralPump(lword maxSize=LWORD_MAX, unsigned long maxTime=INFINITE_TIME, bool checkDelimiter=false, byte delimiter='\n') - { - GeneralPump2(maxSize, true, maxTime, checkDelimiter, delimiter); - return maxSize; - } - lword TimedPump(unsigned long maxTime) - {return GeneralPump(LWORD_MAX, maxTime);} - lword PumpLine(byte delimiter='\n', lword maxSize=1024) - {return GeneralPump(maxSize, INFINITE_TIME, true, delimiter);} - - size_t Pump2(lword &byteCount, bool blocking=true) - {return GeneralPump2(byteCount, blocking, blocking ? INFINITE_TIME : 0);} - size_t PumpMessages2(unsigned int &messageCount, bool blocking=true); - //@} - -protected: - virtual size_t DoPump(lword &byteCount, bool blockingOutput, - unsigned long maxTime, bool checkDelimiter, byte delimiter) =0; - - bool BlockedBySpeedLimit() const { return m_blockedBySpeedLimit; } - -private: - bool m_messageEndSent, m_doPumpBlocked, m_blockedBySpeedLimit; -}; - -//! Network Receiver -class CRYPTOPP_NO_VTABLE NetworkReceiver : public Waitable -{ -public: - virtual bool MustWaitToReceive() {return false;} - virtual bool MustWaitForResult() {return false;} - //! receive data from network source, returns whether result is immediately available - virtual bool Receive(byte* buf, size_t bufLen) =0; - virtual unsigned int GetReceiveResult() =0; - virtual bool EofReceived() const =0; -}; - -class CRYPTOPP_NO_VTABLE NonblockingSinkInfo -{ -public: - virtual ~NonblockingSinkInfo() {} - virtual size_t GetMaxBufferSize() const =0; - virtual size_t GetCurrentBufferSize() const =0; - virtual bool EofPending() const =0; - //! compute the current speed of this sink in bytes per second - virtual float ComputeCurrentSpeed() =0; - //! get the maximum observed speed of this sink in bytes per second - virtual float GetMaxObservedSpeed() const =0; -}; - -//! a Sink class that queues input and can flush to a device for a specified amount of time. -class CRYPTOPP_NO_VTABLE NonblockingSink : public Sink, public NonblockingSinkInfo, public LimitedBandwidth -{ -public: - NonblockingSink() : m_blockedBySpeedLimit(false) {} - - bool IsolatedFlush(bool hardFlush, bool blocking); - - //! flush to device for no more than maxTime milliseconds - /*! This function will repeatedly attempt to flush data to some device, until - the queue is empty, or a total of maxTime milliseconds have elapsed. - If maxTime == 0, at least one attempt will be made to flush some data, but - it is likely that not all queued data will be flushed, even if the device - is ready to receive more data without waiting. If you want to flush as much data - as possible without waiting for the device, call this function in a loop. - For example: while (sink.TimedFlush(0) > 0) {} - \return number of bytes flushed - */ - lword TimedFlush(unsigned long maxTime, size_t targetSize = 0); - - virtual void SetMaxBufferSize(size_t maxBufferSize) =0; - //! set a bound which will cause sink to flush if exceeded by GetCurrentBufferSize() - virtual void SetAutoFlushBound(size_t bound) =0; - -protected: - virtual lword DoFlush(unsigned long maxTime, size_t targetSize) = 0; - - bool BlockedBySpeedLimit() const { return m_blockedBySpeedLimit; } - -private: - bool m_blockedBySpeedLimit; -}; - -//! Network Sender -class CRYPTOPP_NO_VTABLE NetworkSender : public Waitable -{ -public: - virtual bool MustWaitToSend() {return false;} - virtual bool MustWaitForResult() {return false;} - virtual void Send(const byte* buf, size_t bufLen) =0; - virtual unsigned int GetSendResult() =0; - virtual bool MustWaitForEof() {return false;} - virtual void SendEof() =0; - virtual bool EofSent() {return false;} // implement if MustWaitForEof() == true -}; - -//! Network Source -class CRYPTOPP_NO_VTABLE NetworkSource : public NonblockingSource -{ -public: - NetworkSource(BufferedTransformation *attachment); - - unsigned int GetMaxWaitObjectCount() const; - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - - bool SourceExhausted() const {return m_dataBegin == m_dataEnd && GetReceiver().EofReceived();} - -protected: - size_t DoPump(lword &byteCount, bool blockingOutput, unsigned long maxTime, bool checkDelimiter, byte delimiter); - - virtual NetworkReceiver & AccessReceiver() =0; - const NetworkReceiver & GetReceiver() const {return const_cast<NetworkSource *>(this)->AccessReceiver();} - -private: - SecByteBlock m_buf; - size_t m_putSize, m_dataBegin, m_dataEnd; - bool m_waitingForResult, m_outputBlocked; -}; - -//! Network Sink -class CRYPTOPP_NO_VTABLE NetworkSink : public NonblockingSink -{ -public: - NetworkSink(unsigned int maxBufferSize, unsigned int autoFlushBound); - - unsigned int GetMaxWaitObjectCount() const; - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - - void SetMaxBufferSize(size_t maxBufferSize) {m_maxBufferSize = maxBufferSize; m_buffer.SetNodeSize(UnsignedMin(maxBufferSize, 16U*1024U+256U));} - void SetAutoFlushBound(size_t bound) {m_autoFlushBound = bound;} - - size_t GetMaxBufferSize() const {return m_maxBufferSize;} - size_t GetCurrentBufferSize() const {return (size_t)m_buffer.CurrentSize();} - - void ClearBuffer() { m_buffer.Clear(); } - - bool EofPending() const { return m_eofState > EOF_NONE && m_eofState < EOF_DONE; } - - //! compute the current speed of this sink in bytes per second - float ComputeCurrentSpeed(); - //! get the maximum observed speed of this sink in bytes per second - float GetMaxObservedSpeed() const; - -protected: - lword DoFlush(unsigned long maxTime, size_t targetSize); - - virtual NetworkSender & AccessSender() =0; - const NetworkSender & GetSender() const {return const_cast<NetworkSink *>(this)->AccessSender();} - -private: - enum EofState { EOF_NONE, EOF_PENDING_SEND, EOF_PENDING_DELIVERY, EOF_DONE }; - - size_t m_maxBufferSize, m_autoFlushBound; - bool m_needSendResult, m_wasBlocked; - EofState m_eofState; - ByteQueue m_buffer; - size_t m_skipBytes; - Timer m_speedTimer; - float m_byteCountSinceLastTimerReset, m_currentSpeed, m_maxObservedSpeed; -}; - -NAMESPACE_END - -#endif // #ifdef HIGHRES_TIMER_AVAILABLE - -#endif diff --git a/cryptopp562/nr.h b/cryptopp562/nr.h deleted file mode 100644 index c398e35..0000000 --- a/cryptopp562/nr.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifndef CRYPTOPP_NR_H -#define CRYPTOPP_NR_H - -#include "gfpcrypt.h" - -#endif diff --git a/cryptopp562/oaep.cpp b/cryptopp562/oaep.cpp deleted file mode 100644 index 1d474be..0000000 --- a/cryptopp562/oaep.cpp +++ /dev/null @@ -1,97 +0,0 @@ -// oaep.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "oaep.h" -#include <functional> - -NAMESPACE_BEGIN(CryptoPP) - -// ******************************************************** - -size_t OAEP_Base::MaxUnpaddedLength(size_t paddedLength) const -{ - return SaturatingSubtract(paddedLength/8, 1+2*DigestSize()); -} - -void OAEP_Base::Pad(RandomNumberGenerator &rng, const byte *input, size_t inputLength, byte *oaepBlock, size_t oaepBlockLen, const NameValuePairs ¶meters) const -{ - assert (inputLength <= MaxUnpaddedLength(oaepBlockLen)); - - // convert from bit length to byte length - if (oaepBlockLen % 8 != 0) - { - oaepBlock[0] = 0; - oaepBlock++; - } - oaepBlockLen /= 8; - - std::auto_ptr<HashTransformation> pHash(NewHash()); - const size_t hLen = pHash->DigestSize(); - const size_t seedLen = hLen, dbLen = oaepBlockLen-seedLen; - byte *const maskedSeed = oaepBlock; - byte *const maskedDB = oaepBlock+seedLen; - - ConstByteArrayParameter encodingParameters; - parameters.GetValue(Name::EncodingParameters(), encodingParameters); - - // DB = pHash || 00 ... || 01 || M - pHash->CalculateDigest(maskedDB, encodingParameters.begin(), encodingParameters.size()); - memset(maskedDB+hLen, 0, dbLen-hLen-inputLength-1); - maskedDB[dbLen-inputLength-1] = 0x01; - memcpy(maskedDB+dbLen-inputLength, input, inputLength); - - rng.GenerateBlock(maskedSeed, seedLen); - std::auto_ptr<MaskGeneratingFunction> pMGF(NewMGF()); - pMGF->GenerateAndMask(*pHash, maskedDB, dbLen, maskedSeed, seedLen); - pMGF->GenerateAndMask(*pHash, maskedSeed, seedLen, maskedDB, dbLen); -} - -DecodingResult OAEP_Base::Unpad(const byte *oaepBlock, size_t oaepBlockLen, byte *output, const NameValuePairs ¶meters) const -{ - bool invalid = false; - - // convert from bit length to byte length - if (oaepBlockLen % 8 != 0) - { - invalid = (oaepBlock[0] != 0) || invalid; - oaepBlock++; - } - oaepBlockLen /= 8; - - std::auto_ptr<HashTransformation> pHash(NewHash()); - const size_t hLen = pHash->DigestSize(); - const size_t seedLen = hLen, dbLen = oaepBlockLen-seedLen; - - invalid = (oaepBlockLen < 2*hLen+1) || invalid; - - SecByteBlock t(oaepBlock, oaepBlockLen); - byte *const maskedSeed = t; - byte *const maskedDB = t+seedLen; - - std::auto_ptr<MaskGeneratingFunction> pMGF(NewMGF()); - pMGF->GenerateAndMask(*pHash, maskedSeed, seedLen, maskedDB, dbLen); - pMGF->GenerateAndMask(*pHash, maskedDB, dbLen, maskedSeed, seedLen); - - ConstByteArrayParameter encodingParameters; - parameters.GetValue(Name::EncodingParameters(), encodingParameters); - - // DB = pHash' || 00 ... || 01 || M - byte *M = std::find(maskedDB+hLen, maskedDB+dbLen, 0x01); - invalid = (M == maskedDB+dbLen) || invalid; - invalid = (std::find_if(maskedDB+hLen, M, std::bind2nd(std::not_equal_to<byte>(), 0)) != M) || invalid; - invalid = !pHash->VerifyDigest(maskedDB, encodingParameters.begin(), encodingParameters.size()) || invalid; - - if (invalid) - return DecodingResult(); - - M++; - memcpy(output, M, maskedDB+dbLen-M); - return DecodingResult(maskedDB+dbLen-M); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/oaep.h b/cryptopp562/oaep.h deleted file mode 100644 index 4bf6b0d..0000000 --- a/cryptopp562/oaep.h +++ /dev/null @@ -1,42 +0,0 @@ -#ifndef CRYPTOPP_OAEP_H -#define CRYPTOPP_OAEP_H - -#include "pubkey.h" -#include "sha.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_DLL OAEP_Base : public PK_EncryptionMessageEncodingMethod -{ -public: - bool ParameterSupported(const char *name) const {return strcmp(name, Name::EncodingParameters()) == 0;} - size_t MaxUnpaddedLength(size_t paddedLength) const; - void Pad(RandomNumberGenerator &rng, const byte *raw, size_t inputLength, byte *padded, size_t paddedLength, const NameValuePairs ¶meters) const; - DecodingResult Unpad(const byte *padded, size_t paddedLength, byte *raw, const NameValuePairs ¶meters) const; - -protected: - virtual unsigned int DigestSize() const =0; - virtual HashTransformation * NewHash() const =0; - virtual MaskGeneratingFunction * NewMGF() const =0; -}; - -//! <a href="http://www.weidai.com/scan-mirror/ca.html#cem_OAEP-MGF1">EME-OAEP</a>, for use with classes derived from TF_ES -template <class H, class MGF=P1363_MGF1> -class OAEP : public OAEP_Base, public EncryptionStandard -{ -public: - static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string("OAEP-") + MGF::StaticAlgorithmName() + "(" + H::StaticAlgorithmName() + ")";} - typedef OAEP<H, MGF> EncryptionMessageEncodingMethod; - -protected: - unsigned int DigestSize() const {return H::DIGESTSIZE;} - HashTransformation * NewHash() const {return new H;} - MaskGeneratingFunction * NewMGF() const {return new MGF;} -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS OAEP<SHA>; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/oids.h b/cryptopp562/oids.h deleted file mode 100644 index 8b10301..0000000 --- a/cryptopp562/oids.h +++ /dev/null @@ -1,123 +0,0 @@ -#ifndef CRYPTOPP_OIDS_H -#define CRYPTOPP_OIDS_H - -// crypto-related ASN.1 object identifiers - -#include "asn.h" - -NAMESPACE_BEGIN(CryptoPP) - -NAMESPACE_BEGIN(ASN1) - -#define DEFINE_OID(value, name) inline OID name() {return value;} - -DEFINE_OID(1, iso) - DEFINE_OID(iso()+2, member_body) - DEFINE_OID(member_body()+840, iso_us) - DEFINE_OID(iso_us()+10040, ansi_x9_57) - DEFINE_OID(ansi_x9_57()+4+1, id_dsa) - DEFINE_OID(iso_us()+10045, ansi_x9_62) - DEFINE_OID(ansi_x9_62()+1, id_fieldType) - DEFINE_OID(id_fieldType()+1, prime_field) - DEFINE_OID(id_fieldType()+2, characteristic_two_field) - DEFINE_OID(characteristic_two_field()+3, id_characteristic_two_basis) - DEFINE_OID(id_characteristic_two_basis()+1, gnBasis) - DEFINE_OID(id_characteristic_two_basis()+2, tpBasis) - DEFINE_OID(id_characteristic_two_basis()+3, ppBasis) - DEFINE_OID(ansi_x9_62()+2, id_publicKeyType) - DEFINE_OID(id_publicKeyType()+1, id_ecPublicKey) - DEFINE_OID(ansi_x9_62()+3, ansi_x9_62_curves) - DEFINE_OID(ansi_x9_62_curves()+1, ansi_x9_62_curves_prime) - DEFINE_OID(ansi_x9_62_curves_prime()+1, secp192r1) - DEFINE_OID(ansi_x9_62_curves_prime()+7, secp256r1) - DEFINE_OID(iso_us()+113549, rsadsi) - DEFINE_OID(rsadsi()+1, pkcs) - DEFINE_OID(pkcs()+1, pkcs_1) - DEFINE_OID(pkcs_1()+1, rsaEncryption); - DEFINE_OID(rsadsi()+2, rsadsi_digestAlgorithm) - DEFINE_OID(rsadsi_digestAlgorithm()+2, id_md2) - DEFINE_OID(rsadsi_digestAlgorithm()+5, id_md5) - DEFINE_OID(iso()+3, identified_organization); - DEFINE_OID(identified_organization()+14, oiw); - DEFINE_OID(oiw()+3, oiw_secsig); - DEFINE_OID(oiw_secsig()+2, oiw_secsig_algorithms); - DEFINE_OID(oiw_secsig_algorithms()+26, id_sha1); - - DEFINE_OID(identified_organization()+36, teletrust); - DEFINE_OID(teletrust()+3, teletrust_algorithm) - DEFINE_OID(teletrust_algorithm()+2+1, id_ripemd160) - DEFINE_OID(teletrust_algorithm()+3+2+8+1, teletrust_ellipticCurve) - DEFINE_OID(teletrust_ellipticCurve()+1+1, brainpoolP160r1) - DEFINE_OID(teletrust_ellipticCurve()+1+3, brainpoolP192r1) - DEFINE_OID(teletrust_ellipticCurve()+1+5, brainpoolP224r1) - DEFINE_OID(teletrust_ellipticCurve()+1+7, brainpoolP256r1) - DEFINE_OID(teletrust_ellipticCurve()+1+9, brainpoolP320r1) - DEFINE_OID(teletrust_ellipticCurve()+1+11, brainpoolP384r1) - DEFINE_OID(teletrust_ellipticCurve()+1+13, brainpoolP512r1) - - DEFINE_OID(identified_organization()+132, certicom); - DEFINE_OID(certicom()+0, certicom_ellipticCurve); - // these are sorted by curve type and then by OID - // first curves based on GF(p) - DEFINE_OID(certicom_ellipticCurve()+6, secp112r1); - DEFINE_OID(certicom_ellipticCurve()+7, secp112r2); - DEFINE_OID(certicom_ellipticCurve()+8, secp160r1); - DEFINE_OID(certicom_ellipticCurve()+9, secp160k1); - DEFINE_OID(certicom_ellipticCurve()+10, secp256k1); - DEFINE_OID(certicom_ellipticCurve()+28, secp128r1); - DEFINE_OID(certicom_ellipticCurve()+29, secp128r2); - DEFINE_OID(certicom_ellipticCurve()+30, secp160r2); - DEFINE_OID(certicom_ellipticCurve()+31, secp192k1); - DEFINE_OID(certicom_ellipticCurve()+32, secp224k1); - DEFINE_OID(certicom_ellipticCurve()+33, secp224r1); - DEFINE_OID(certicom_ellipticCurve()+34, secp384r1); - DEFINE_OID(certicom_ellipticCurve()+35, secp521r1); - // then curves based on GF(2^n) - DEFINE_OID(certicom_ellipticCurve()+1, sect163k1); - DEFINE_OID(certicom_ellipticCurve()+2, sect163r1); - DEFINE_OID(certicom_ellipticCurve()+3, sect239k1); - DEFINE_OID(certicom_ellipticCurve()+4, sect113r1); - DEFINE_OID(certicom_ellipticCurve()+5, sect113r2); - DEFINE_OID(certicom_ellipticCurve()+15, sect163r2); - DEFINE_OID(certicom_ellipticCurve()+16, sect283k1); - DEFINE_OID(certicom_ellipticCurve()+17, sect283r1); - DEFINE_OID(certicom_ellipticCurve()+22, sect131r1); - DEFINE_OID(certicom_ellipticCurve()+23, sect131r2); - DEFINE_OID(certicom_ellipticCurve()+24, sect193r1); - DEFINE_OID(certicom_ellipticCurve()+25, sect193r2); - DEFINE_OID(certicom_ellipticCurve()+26, sect233k1); - DEFINE_OID(certicom_ellipticCurve()+27, sect233r1); - DEFINE_OID(certicom_ellipticCurve()+36, sect409k1); - DEFINE_OID(certicom_ellipticCurve()+37, sect409r1); - DEFINE_OID(certicom_ellipticCurve()+38, sect571k1); - DEFINE_OID(certicom_ellipticCurve()+39, sect571r1); -DEFINE_OID(2, joint_iso_ccitt) - DEFINE_OID(joint_iso_ccitt()+16, country) - DEFINE_OID(country()+840, joint_iso_ccitt_us) - DEFINE_OID(joint_iso_ccitt_us()+1, us_organization) - DEFINE_OID(us_organization()+101, us_gov) - DEFINE_OID(us_gov()+3, csor) - DEFINE_OID(csor()+4, nistalgorithms) - DEFINE_OID(nistalgorithms()+1, aes) - DEFINE_OID(aes()+1, id_aes128_ECB) - DEFINE_OID(aes()+2, id_aes128_cbc) - DEFINE_OID(aes()+3, id_aes128_ofb) - DEFINE_OID(aes()+4, id_aes128_cfb) - DEFINE_OID(aes()+21, id_aes192_ECB) - DEFINE_OID(aes()+22, id_aes192_cbc) - DEFINE_OID(aes()+23, id_aes192_ofb) - DEFINE_OID(aes()+24, id_aes192_cfb) - DEFINE_OID(aes()+41, id_aes256_ECB) - DEFINE_OID(aes()+42, id_aes256_cbc) - DEFINE_OID(aes()+43, id_aes256_ofb) - DEFINE_OID(aes()+44, id_aes256_cfb) - DEFINE_OID(nistalgorithms()+2, nist_hashalgs) - DEFINE_OID(nist_hashalgs()+1, id_sha256) - DEFINE_OID(nist_hashalgs()+2, id_sha384) - DEFINE_OID(nist_hashalgs()+3, id_sha512) - -NAMESPACE_END - -NAMESPACE_END - -#endif diff --git a/cryptopp562/osrng.cpp b/cryptopp562/osrng.cpp deleted file mode 100644 index 76e486b..0000000 --- a/cryptopp562/osrng.cpp +++ /dev/null @@ -1,192 +0,0 @@ -// osrng.cpp - written and placed in the public domain by Wei Dai - -// Thanks to Leonard Janke for the suggestion for AutoSeededRandomPool. - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "osrng.h" - -#ifdef OS_RNG_AVAILABLE - -#include "rng.h" - -#ifdef CRYPTOPP_WIN32_AVAILABLE -#ifndef _WIN32_WINNT -#define _WIN32_WINNT 0x0400 -#endif -#include <windows.h> -#include <wincrypt.h> -#endif - -#ifdef CRYPTOPP_UNIX_AVAILABLE -#include <errno.h> -#include <fcntl.h> -#include <unistd.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#if defined(NONBLOCKING_RNG_AVAILABLE) || defined(BLOCKING_RNG_AVAILABLE) -OS_RNG_Err::OS_RNG_Err(const std::string &operation) - : Exception(OTHER_ERROR, "OS_Rng: " + operation + " operation failed with error " + -#ifdef CRYPTOPP_WIN32_AVAILABLE - "0x" + IntToString(GetLastError(), 16) -#else - IntToString(errno) -#endif - ) -{ -} -#endif - -#ifdef NONBLOCKING_RNG_AVAILABLE - -#ifdef CRYPTOPP_WIN32_AVAILABLE - -MicrosoftCryptoProvider::MicrosoftCryptoProvider() -{ - if(!CryptAcquireContext(&m_hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) - throw OS_RNG_Err("CryptAcquireContext"); -} - -MicrosoftCryptoProvider::~MicrosoftCryptoProvider() -{ - CryptReleaseContext(m_hProvider, 0); -} - -#endif - -NonblockingRng::NonblockingRng() -{ -#ifndef CRYPTOPP_WIN32_AVAILABLE - m_fd = open("/dev/urandom",O_RDONLY); - if (m_fd == -1) - throw OS_RNG_Err("open /dev/urandom"); -#endif -} - -NonblockingRng::~NonblockingRng() -{ -#ifndef CRYPTOPP_WIN32_AVAILABLE - close(m_fd); -#endif -} - -void NonblockingRng::GenerateBlock(byte *output, size_t size) -{ -#ifdef CRYPTOPP_WIN32_AVAILABLE -# ifdef WORKAROUND_MS_BUG_Q258000 - const MicrosoftCryptoProvider &m_Provider = Singleton<MicrosoftCryptoProvider>().Ref(); -# endif - if (!CryptGenRandom(m_Provider.GetProviderHandle(), (DWORD)size, output)) - throw OS_RNG_Err("CryptGenRandom"); -#else - while (size) - { - ssize_t len = read(m_fd, output, size); - - if (len < 0) - { - // /dev/urandom reads CAN give EAGAIN errors! (maybe EINTR as well) - if (errno != EINTR && errno != EAGAIN) - throw OS_RNG_Err("read /dev/urandom"); - - continue; - } - - output += len; - size -= len; - } -#endif -} - -#endif - -// ************************************************************* - -#ifdef BLOCKING_RNG_AVAILABLE - -#ifndef CRYPTOPP_BLOCKING_RNG_FILENAME -#ifdef __OpenBSD__ -#define CRYPTOPP_BLOCKING_RNG_FILENAME "/dev/srandom" -#else -#define CRYPTOPP_BLOCKING_RNG_FILENAME "/dev/random" -#endif -#endif - -BlockingRng::BlockingRng() -{ - m_fd = open(CRYPTOPP_BLOCKING_RNG_FILENAME,O_RDONLY); - if (m_fd == -1) - throw OS_RNG_Err("open " CRYPTOPP_BLOCKING_RNG_FILENAME); -} - -BlockingRng::~BlockingRng() -{ - close(m_fd); -} - -void BlockingRng::GenerateBlock(byte *output, size_t size) -{ - while (size) - { - // on some systems /dev/random will block until all bytes - // are available, on others it returns immediately - ssize_t len = read(m_fd, output, size); - if (len < 0) - { - // /dev/random reads CAN give EAGAIN errors! (maybe EINTR as well) - if (errno != EINTR && errno != EAGAIN) - throw OS_RNG_Err("read " CRYPTOPP_BLOCKING_RNG_FILENAME); - - continue; - } - - size -= len; - output += len; - if (size) - sleep(1); - } -} - -#endif - -// ************************************************************* - -void OS_GenerateRandomBlock(bool blocking, byte *output, size_t size) -{ -#ifdef NONBLOCKING_RNG_AVAILABLE - if (blocking) -#endif - { -#ifdef BLOCKING_RNG_AVAILABLE - BlockingRng rng; - rng.GenerateBlock(output, size); -#endif - } - -#ifdef BLOCKING_RNG_AVAILABLE - if (!blocking) -#endif - { -#ifdef NONBLOCKING_RNG_AVAILABLE - NonblockingRng rng; - rng.GenerateBlock(output, size); -#endif - } -} - -void AutoSeededRandomPool::Reseed(bool blocking, unsigned int seedSize) -{ - SecByteBlock seed(seedSize); - OS_GenerateRandomBlock(blocking, seed, seedSize); - IncorporateEntropy(seed, seedSize); -} - -NAMESPACE_END - -#endif - -#endif diff --git a/cryptopp562/osrng.h b/cryptopp562/osrng.h deleted file mode 100644 index ae07d05..0000000 --- a/cryptopp562/osrng.h +++ /dev/null @@ -1,156 +0,0 @@ -#ifndef CRYPTOPP_OSRNG_H -#define CRYPTOPP_OSRNG_H - -//! \file - -#include "config.h" - -#ifdef OS_RNG_AVAILABLE - -#include "randpool.h" -#include "rng.h" -#include "aes.h" -#include "sha.h" -#include "fips140.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Exception class for Operating-System Random Number Generator. -class CRYPTOPP_DLL OS_RNG_Err : public Exception -{ -public: - OS_RNG_Err(const std::string &operation); -}; - -#ifdef NONBLOCKING_RNG_AVAILABLE - -#ifdef CRYPTOPP_WIN32_AVAILABLE -class CRYPTOPP_DLL MicrosoftCryptoProvider -{ -public: - MicrosoftCryptoProvider(); - ~MicrosoftCryptoProvider(); -#if defined(_WIN64) - typedef unsigned __int64 ProviderHandle; // type HCRYPTPROV, avoid #include <windows.h> -#else - typedef unsigned long ProviderHandle; -#endif - ProviderHandle GetProviderHandle() const {return m_hProvider;} -private: - ProviderHandle m_hProvider; -}; - -#pragma comment(lib, "advapi32.lib") -#endif - -//! encapsulate CryptoAPI's CryptGenRandom or /dev/urandom -class CRYPTOPP_DLL NonblockingRng : public RandomNumberGenerator -{ -public: - NonblockingRng(); - ~NonblockingRng(); - void GenerateBlock(byte *output, size_t size); - -protected: -#ifdef CRYPTOPP_WIN32_AVAILABLE -# ifndef WORKAROUND_MS_BUG_Q258000 - MicrosoftCryptoProvider m_Provider; -# endif -#else - int m_fd; -#endif -}; - -#endif - -#ifdef BLOCKING_RNG_AVAILABLE - -//! encapsulate /dev/random, or /dev/srandom on OpenBSD -class CRYPTOPP_DLL BlockingRng : public RandomNumberGenerator -{ -public: - BlockingRng(); - ~BlockingRng(); - void GenerateBlock(byte *output, size_t size); - -protected: - int m_fd; -}; - -#endif - -CRYPTOPP_DLL void CRYPTOPP_API OS_GenerateRandomBlock(bool blocking, byte *output, size_t size); - -//! Automaticly Seeded Randomness Pool -/*! This class seeds itself using an operating system provided RNG. */ -class CRYPTOPP_DLL AutoSeededRandomPool : public RandomPool -{ -public: - //! use blocking to choose seeding with BlockingRng or NonblockingRng. the parameter is ignored if only one of these is available - explicit AutoSeededRandomPool(bool blocking = false, unsigned int seedSize = 32) - {Reseed(blocking, seedSize);} - void Reseed(bool blocking = false, unsigned int seedSize = 32); -}; - -//! RNG from ANSI X9.17 Appendix C, seeded using an OS provided RNG -template <class BLOCK_CIPHER> -class AutoSeededX917RNG : public RandomNumberGenerator, public NotCopyable -{ -public: - //! use blocking to choose seeding with BlockingRng or NonblockingRng. the parameter is ignored if only one of these is available - explicit AutoSeededX917RNG(bool blocking = false, bool autoSeed = true) - {if (autoSeed) Reseed(blocking);} - void Reseed(bool blocking = false, const byte *additionalEntropy = NULL, size_t length = 0); - // exposed for testing - void Reseed(const byte *key, size_t keylength, const byte *seed, const byte *timeVector); - - bool CanIncorporateEntropy() const {return true;} - void IncorporateEntropy(const byte *input, size_t length) {Reseed(false, input, length);} - void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length) {m_rng->GenerateIntoBufferedTransformation(target, channel, length);} - -private: - member_ptr<RandomNumberGenerator> m_rng; -}; - -template <class BLOCK_CIPHER> -void AutoSeededX917RNG<BLOCK_CIPHER>::Reseed(const byte *key, size_t keylength, const byte *seed, const byte *timeVector) -{ - m_rng.reset(new X917RNG(new typename BLOCK_CIPHER::Encryption(key, keylength), seed, timeVector)); -} - -template <class BLOCK_CIPHER> -void AutoSeededX917RNG<BLOCK_CIPHER>::Reseed(bool blocking, const byte *input, size_t length) -{ - SecByteBlock seed(BLOCK_CIPHER::BLOCKSIZE + BLOCK_CIPHER::DEFAULT_KEYLENGTH); - const byte *key; - do - { - OS_GenerateRandomBlock(blocking, seed, seed.size()); - if (length > 0) - { - SHA256 hash; - hash.Update(seed, seed.size()); - hash.Update(input, length); - hash.TruncatedFinal(seed, UnsignedMin(hash.DigestSize(), seed.size())); - } - key = seed + BLOCK_CIPHER::BLOCKSIZE; - } // check that seed and key don't have same value - while (memcmp(key, seed, STDMIN((unsigned int)BLOCK_CIPHER::BLOCKSIZE, (unsigned int)BLOCK_CIPHER::DEFAULT_KEYLENGTH)) == 0); - - Reseed(key, BLOCK_CIPHER::DEFAULT_KEYLENGTH, seed, NULL); -} - -CRYPTOPP_DLL_TEMPLATE_CLASS AutoSeededX917RNG<AES>; - -//! this is AutoSeededX917RNG\<AES\> in FIPS mode, otherwise it's AutoSeededRandomPool -#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 -typedef AutoSeededX917RNG<AES> DefaultAutoSeededRNG; -#else -typedef AutoSeededRandomPool DefaultAutoSeededRNG; -#endif - -NAMESPACE_END - -#endif - -#endif diff --git a/cryptopp562/panama.cpp b/cryptopp562/panama.cpp deleted file mode 100644 index 5fc4f94..0000000 --- a/cryptopp562/panama.cpp +++ /dev/null @@ -1,507 +0,0 @@ -// panama.cpp - written and placed in the public domain by Wei Dai - -// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM panama.cpp" to generate MASM code - -#include "pch.h" - -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#include "panama.h" -#include "misc.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -template <class B> -void Panama<B>::Reset() -{ - memset(m_state, 0, m_state.SizeInBytes()); -#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE - m_state[17] = HasSSSE3(); -#endif -} - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE -extern "C" { -void Panama_SSE2_Pull(size_t count, word32 *state, word32 *z, const word32 *y); -} -#elif CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - -#ifdef CRYPTOPP_GENERATE_X64_MASM - Panama_SSE2_Pull PROC FRAME - rex_push_reg rdi - alloc_stack(2*16) - save_xmm128 xmm6, 0h - save_xmm128 xmm7, 10h - .endprolog -#else -#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code -void CRYPTOPP_NOINLINE Panama_SSE2_Pull(size_t count, word32 *state, word32 *z, const word32 *y) -{ -#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY - asm __volatile__ - ( - ".intel_syntax noprefix;" - AS_PUSH_IF86( bx) -#else - AS2( mov AS_REG_1, count) - AS2( mov AS_REG_2, state) - AS2( mov AS_REG_3, z) - AS2( mov AS_REG_4, y) -#endif -#endif // #ifdef CRYPTOPP_GENERATE_X64_MASM - -#if CRYPTOPP_BOOL_X86 - #define REG_loopEnd [esp] -#elif defined(CRYPTOPP_GENERATE_X64_MASM) - #define REG_loopEnd rdi -#else - #define REG_loopEnd r8 -#endif - - AS2( shl AS_REG_1, 5) - ASJ( jz, 5, f) - AS2( mov AS_REG_6d, [AS_REG_2+4*17]) - AS2( add AS_REG_1, AS_REG_6) - - #if CRYPTOPP_BOOL_X64 - AS2( mov REG_loopEnd, AS_REG_1) - #else - AS1( push ebp) - AS1( push AS_REG_1) - #endif - - AS2( movdqa xmm0, XMMWORD_PTR [AS_REG_2+0*16]) - AS2( movdqa xmm1, XMMWORD_PTR [AS_REG_2+1*16]) - AS2( movdqa xmm2, XMMWORD_PTR [AS_REG_2+2*16]) - AS2( movdqa xmm3, XMMWORD_PTR [AS_REG_2+3*16]) - AS2( mov eax, dword ptr [AS_REG_2+4*16]) - - ASL(4) - // gamma and pi -#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE - AS2( test AS_REG_6, 1) - ASJ( jnz, 6, f) -#endif - AS2( movdqa xmm6, xmm2) - AS2( movss xmm6, xmm3) - ASS( pshufd xmm5, xmm6, 0, 3, 2, 1) - AS2( movd xmm6, eax) - AS2( movdqa xmm7, xmm3) - AS2( movss xmm7, xmm6) - ASS( pshufd xmm6, xmm7, 0, 3, 2, 1) -#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE - ASJ( jmp, 7, f) - ASL(6) - AS2( movdqa xmm5, xmm3) - AS3( palignr xmm5, xmm2, 4) - AS2( movd xmm6, eax) - AS3( palignr xmm6, xmm3, 4) - ASL(7) -#endif - - AS2( movd AS_REG_1d, xmm2) - AS1( not AS_REG_1d) - AS2( movd AS_REG_7d, xmm3) - AS2( or AS_REG_1d, AS_REG_7d) - AS2( xor eax, AS_REG_1d) - -#define SSE2_Index(i) ASM_MOD(((i)*13+16), 17) - -#define pi(i) \ - AS2( movd AS_REG_1d, xmm7)\ - AS2( rol AS_REG_1d, ASM_MOD((ASM_MOD(5*i,17)*(ASM_MOD(5*i,17)+1)/2), 32))\ - AS2( mov [AS_REG_2+SSE2_Index(ASM_MOD(5*(i), 17))*4], AS_REG_1d) - -#define pi4(x, y, z, a, b, c, d) \ - AS2( pcmpeqb xmm7, xmm7)\ - AS2( pxor xmm7, x)\ - AS2( por xmm7, y)\ - AS2( pxor xmm7, z)\ - pi(a)\ - ASS( pshuflw xmm7, xmm7, 1, 0, 3, 2)\ - pi(b)\ - AS2( punpckhqdq xmm7, xmm7)\ - pi(c)\ - ASS( pshuflw xmm7, xmm7, 1, 0, 3, 2)\ - pi(d) - - pi4(xmm1, xmm2, xmm3, 1, 5, 9, 13) - pi4(xmm0, xmm1, xmm2, 2, 6, 10, 14) - pi4(xmm6, xmm0, xmm1, 3, 7, 11, 15) - pi4(xmm5, xmm6, xmm0, 4, 8, 12, 16) - - // output keystream and update buffer here to hide partial memory stalls between pi and theta - AS2( movdqa xmm4, xmm3) - AS2( punpcklqdq xmm3, xmm2) // 1 5 2 6 - AS2( punpckhdq xmm4, xmm2) // 9 10 13 14 - AS2( movdqa xmm2, xmm1) - AS2( punpcklqdq xmm1, xmm0) // 3 7 4 8 - AS2( punpckhdq xmm2, xmm0) // 11 12 15 16 - - // keystream - AS2( test AS_REG_3, AS_REG_3) - ASJ( jz, 0, f) - AS2( movdqa xmm6, xmm4) - AS2( punpcklqdq xmm4, xmm2) - AS2( punpckhqdq xmm6, xmm2) - AS2( test AS_REG_4, 15) - ASJ( jnz, 2, f) - AS2( test AS_REG_4, AS_REG_4) - ASJ( jz, 1, f) - AS2( pxor xmm4, [AS_REG_4]) - AS2( pxor xmm6, [AS_REG_4+16]) - AS2( add AS_REG_4, 32) - ASJ( jmp, 1, f) - ASL(2) - AS2( movdqu xmm0, [AS_REG_4]) - AS2( movdqu xmm2, [AS_REG_4+16]) - AS2( pxor xmm4, xmm0) - AS2( pxor xmm6, xmm2) - AS2( add AS_REG_4, 32) - ASL(1) - AS2( test AS_REG_3, 15) - ASJ( jnz, 3, f) - AS2( movdqa XMMWORD_PTR [AS_REG_3], xmm4) - AS2( movdqa XMMWORD_PTR [AS_REG_3+16], xmm6) - AS2( add AS_REG_3, 32) - ASJ( jmp, 0, f) - ASL(3) - AS2( movdqu XMMWORD_PTR [AS_REG_3], xmm4) - AS2( movdqu XMMWORD_PTR [AS_REG_3+16], xmm6) - AS2( add AS_REG_3, 32) - ASL(0) - - // buffer update - AS2( lea AS_REG_1, [AS_REG_6 + 32]) - AS2( and AS_REG_1, 31*32) - AS2( lea AS_REG_7, [AS_REG_6 + (32-24)*32]) - AS2( and AS_REG_7, 31*32) - - AS2( movdqa xmm0, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_1+0*8]) - AS2( pxor xmm3, xmm0) - ASS( pshufd xmm0, xmm0, 2, 3, 0, 1) - AS2( movdqa XMMWORD_PTR [AS_REG_2+20*4+AS_REG_1+0*8], xmm3) - AS2( pxor xmm0, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_7+2*8]) - AS2( movdqa XMMWORD_PTR [AS_REG_2+20*4+AS_REG_7+2*8], xmm0) - - AS2( movdqa xmm4, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_1+2*8]) - AS2( pxor xmm1, xmm4) - AS2( movdqa XMMWORD_PTR [AS_REG_2+20*4+AS_REG_1+2*8], xmm1) - AS2( pxor xmm4, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_7+0*8]) - AS2( movdqa XMMWORD_PTR [AS_REG_2+20*4+AS_REG_7+0*8], xmm4) - - // theta - AS2( movdqa xmm3, XMMWORD_PTR [AS_REG_2+3*16]) - AS2( movdqa xmm2, XMMWORD_PTR [AS_REG_2+2*16]) - AS2( movdqa xmm1, XMMWORD_PTR [AS_REG_2+1*16]) - AS2( movdqa xmm0, XMMWORD_PTR [AS_REG_2+0*16]) - -#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE - AS2( test AS_REG_6, 1) - ASJ( jnz, 8, f) -#endif - AS2( movd xmm6, eax) - AS2( movdqa xmm7, xmm3) - AS2( movss xmm7, xmm6) - AS2( movdqa xmm6, xmm2) - AS2( movss xmm6, xmm3) - AS2( movdqa xmm5, xmm1) - AS2( movss xmm5, xmm2) - AS2( movdqa xmm4, xmm0) - AS2( movss xmm4, xmm1) - ASS( pshufd xmm7, xmm7, 0, 3, 2, 1) - ASS( pshufd xmm6, xmm6, 0, 3, 2, 1) - ASS( pshufd xmm5, xmm5, 0, 3, 2, 1) - ASS( pshufd xmm4, xmm4, 0, 3, 2, 1) -#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE - ASJ( jmp, 9, f) - ASL(8) - AS2( movd xmm7, eax) - AS3( palignr xmm7, xmm3, 4) - AS2( movq xmm6, xmm3) - AS3( palignr xmm6, xmm2, 4) - AS2( movq xmm5, xmm2) - AS3( palignr xmm5, xmm1, 4) - AS2( movq xmm4, xmm1) - AS3( palignr xmm4, xmm0, 4) - ASL(9) -#endif - - AS2( xor eax, 1) - AS2( movd AS_REG_1d, xmm0) - AS2( xor eax, AS_REG_1d) - AS2( movd AS_REG_1d, xmm3) - AS2( xor eax, AS_REG_1d) - - AS2( pxor xmm3, xmm2) - AS2( pxor xmm2, xmm1) - AS2( pxor xmm1, xmm0) - AS2( pxor xmm0, xmm7) - AS2( pxor xmm3, xmm7) - AS2( pxor xmm2, xmm6) - AS2( pxor xmm1, xmm5) - AS2( pxor xmm0, xmm4) - - // sigma - AS2( lea AS_REG_1, [AS_REG_6 + (32-4)*32]) - AS2( and AS_REG_1, 31*32) - AS2( lea AS_REG_7, [AS_REG_6 + 16*32]) - AS2( and AS_REG_7, 31*32) - - AS2( movdqa xmm4, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_1+0*16]) - AS2( movdqa xmm5, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_7+0*16]) - AS2( movdqa xmm6, xmm4) - AS2( punpcklqdq xmm4, xmm5) - AS2( punpckhqdq xmm6, xmm5) - AS2( pxor xmm3, xmm4) - AS2( pxor xmm2, xmm6) - - AS2( movdqa xmm4, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_1+1*16]) - AS2( movdqa xmm5, XMMWORD_PTR [AS_REG_2+20*4+AS_REG_7+1*16]) - AS2( movdqa xmm6, xmm4) - AS2( punpcklqdq xmm4, xmm5) - AS2( punpckhqdq xmm6, xmm5) - AS2( pxor xmm1, xmm4) - AS2( pxor xmm0, xmm6) - - // loop - AS2( add AS_REG_6, 32) - AS2( cmp AS_REG_6, REG_loopEnd) - ASJ( jne, 4, b) - - // save state - AS2( mov [AS_REG_2+4*16], eax) - AS2( movdqa XMMWORD_PTR [AS_REG_2+3*16], xmm3) - AS2( movdqa XMMWORD_PTR [AS_REG_2+2*16], xmm2) - AS2( movdqa XMMWORD_PTR [AS_REG_2+1*16], xmm1) - AS2( movdqa XMMWORD_PTR [AS_REG_2+0*16], xmm0) - - #if CRYPTOPP_BOOL_X86 - AS2( add esp, 4) - AS1( pop ebp) - #endif - ASL(5) - -#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY - AS_POP_IF86( bx) - ".att_syntax prefix;" - : - #if CRYPTOPP_BOOL_X64 - : "D" (count), "S" (state), "d" (z), "c" (y) - : "%r8", "%r9", "r10", "%eax", "memory", "cc", "%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7" - #else - : "c" (count), "d" (state), "S" (z), "D" (y) - : "%eax", "memory", "cc" - #endif - ); -#endif -#ifdef CRYPTOPP_GENERATE_X64_MASM - movdqa xmm6, [rsp + 0h] - movdqa xmm7, [rsp + 10h] - add rsp, 2*16 - pop rdi - ret - Panama_SSE2_Pull ENDP -#else -} -#endif -#endif // #ifdef CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - -#ifndef CRYPTOPP_GENERATE_X64_MASM - -template <class B> -void Panama<B>::Iterate(size_t count, const word32 *p, byte *output, const byte *input, KeystreamOperation operation) -{ - word32 bstart = m_state[17]; - word32 *const aPtr = m_state; - word32 cPtr[17]; - -#define bPtr ((byte *)(aPtr+20)) - -// reorder the state for SSE2 -// a and c: 4 8 12 16 | 3 7 11 15 | 2 6 10 14 | 1 5 9 13 | 0 -// xmm0 xmm1 xmm2 xmm3 eax -#define a(i) aPtr[((i)*13+16) % 17] // 13 is inverse of 4 mod 17 -#define c(i) cPtr[((i)*13+16) % 17] -// b: 0 4 | 1 5 | 2 6 | 3 7 -#define b(i, j) b##i[(j)*2%8 + (j)/4] - -// buffer update -#define US(i) {word32 t=b(0,i); b(0,i)=ConditionalByteReverse(B::ToEnum(), p[i])^t; b(25,(i+6)%8)^=t;} -#define UL(i) {word32 t=b(0,i); b(0,i)=a(i+1)^t; b(25,(i+6)%8)^=t;} -// gamma and pi -#define GP(i) c(5*i%17) = rotlFixed(a(i) ^ (a((i+1)%17) | ~a((i+2)%17)), ((5*i%17)*((5*i%17)+1)/2)%32) -// theta and sigma -#define T(i,x) a(i) = c(i) ^ c((i+1)%17) ^ c((i+4)%17) ^ x -#define TS1S(i) T(i+1, ConditionalByteReverse(B::ToEnum(), p[i])) -#define TS1L(i) T(i+1, b(4,i)) -#define TS2(i) T(i+9, b(16,i)) - - while (count--) - { - if (output) - { -#define PANAMA_OUTPUT(x) \ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 0, a(0+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 1, a(1+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 2, a(2+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 3, a(3+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 4, a(4+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 5, a(5+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 6, a(6+9));\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 7, a(7+9)); - - typedef word32 WordType; - CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(PANAMA_OUTPUT, 4*8); - } - - word32 *const b16 = (word32 *)(bPtr+((bstart+16*32) & 31*32)); - word32 *const b4 = (word32 *)(bPtr+((bstart+(32-4)*32) & 31*32)); - bstart += 32; - word32 *const b0 = (word32 *)(bPtr+((bstart) & 31*32)); - word32 *const b25 = (word32 *)(bPtr+((bstart+(32-25)*32) & 31*32)); - - if (p) - { - US(0); US(1); US(2); US(3); US(4); US(5); US(6); US(7); - } - else - { - UL(0); UL(1); UL(2); UL(3); UL(4); UL(5); UL(6); UL(7); - } - - GP(0); - GP(1); - GP(2); - GP(3); - GP(4); - GP(5); - GP(6); - GP(7); - GP(8); - GP(9); - GP(10); - GP(11); - GP(12); - GP(13); - GP(14); - GP(15); - GP(16); - - T(0,1); - - if (p) - { - TS1S(0); TS1S(1); TS1S(2); TS1S(3); TS1S(4); TS1S(5); TS1S(6); TS1S(7); - p += 8; - } - else - { - TS1L(0); TS1L(1); TS1L(2); TS1L(3); TS1L(4); TS1L(5); TS1L(6); TS1L(7); - } - - TS2(0); TS2(1); TS2(2); TS2(3); TS2(4); TS2(5); TS2(6); TS2(7); - } - m_state[17] = bstart; -} - -namespace Weak { -template <class B> -size_t PanamaHash<B>::HashMultipleBlocks(const word32 *input, size_t length) -{ - this->Iterate(length / this->BLOCKSIZE, input); - return length % this->BLOCKSIZE; -} - -template <class B> -void PanamaHash<B>::TruncatedFinal(byte *hash, size_t size) -{ - this->ThrowIfInvalidTruncatedSize(size); - - this->PadLastBlock(this->BLOCKSIZE, 0x01); - - HashEndianCorrectedBlock(this->m_data); - - this->Iterate(32); // pull - - FixedSizeSecBlock<word32, 8> buf; - this->Iterate(1, NULL, buf.BytePtr(), NULL); - - memcpy(hash, buf, size); - - this->Restart(); // reinit for next use -} -} - -template <class B> -void PanamaCipherPolicy<B>::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) -{ - assert(length==32); - memcpy(m_key, key, 32); -} - -template <class B> -void PanamaCipherPolicy<B>::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) -{ - assert(length==32); - this->Reset(); - this->Iterate(1, m_key); - if (iv && IsAligned<word32>(iv)) - this->Iterate(1, (const word32 *)iv); - else - { - FixedSizeSecBlock<word32, 8> buf; - if (iv) - memcpy(buf, iv, 32); - else - memset(buf, 0, 32); - this->Iterate(1, buf); - } - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - if (B::ToEnum() == LITTLE_ENDIAN_ORDER && HasSSE2() && !IsP4()) // SSE2 code is slower on P4 Prescott - Panama_SSE2_Pull(32, this->m_state, NULL, NULL); - else -#endif - this->Iterate(32); -} - -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 -template <class B> -unsigned int PanamaCipherPolicy<B>::GetAlignment() const -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - if (B::ToEnum() == LITTLE_ENDIAN_ORDER && HasSSE2()) - return 16; - else -#endif - return 1; -} -#endif - -template <class B> -void PanamaCipherPolicy<B>::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - if (B::ToEnum() == LITTLE_ENDIAN_ORDER && HasSSE2()) - Panama_SSE2_Pull(iterationCount, this->m_state, (word32 *)output, (const word32 *)input); - else -#endif - this->Iterate(iterationCount, NULL, output, input, operation); -} - -template class Panama<BigEndian>; -template class Panama<LittleEndian>; - -template class Weak::PanamaHash<BigEndian>; -template class Weak::PanamaHash<LittleEndian>; - -template class PanamaCipherPolicy<BigEndian>; -template class PanamaCipherPolicy<LittleEndian>; - -NAMESPACE_END - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM diff --git a/cryptopp562/panama.h b/cryptopp562/panama.h deleted file mode 100644 index 5888f24..0000000 --- a/cryptopp562/panama.h +++ /dev/null @@ -1,144 +0,0 @@ -#ifndef CRYPTOPP_PANAMA_H -#define CRYPTOPP_PANAMA_H - -#include "strciphr.h" -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// base class, do not use directly -template <class B> -class CRYPTOPP_NO_VTABLE Panama -{ -public: - void Reset(); - void Iterate(size_t count, const word32 *p=NULL, byte *output=NULL, const byte *input=NULL, KeystreamOperation operation=WRITE_KEYSTREAM); - -protected: - typedef word32 Stage[8]; - CRYPTOPP_CONSTANT(STAGES = 32) - - FixedSizeAlignedSecBlock<word32, 20 + 8*32> m_state; -}; - -namespace Weak { -/// <a href="http://www.weidai.com/scan-mirror/md.html#Panama">Panama Hash</a> -template <class B = LittleEndian> -class PanamaHash : protected Panama<B>, public AlgorithmImpl<IteratedHash<word32, NativeByteOrder, 32>, PanamaHash<B> > -{ -public: - CRYPTOPP_CONSTANT(DIGESTSIZE = 32) - PanamaHash() {Panama<B>::Reset();} - unsigned int DigestSize() const {return DIGESTSIZE;} - void TruncatedFinal(byte *hash, size_t size); - static const char * StaticAlgorithmName() {return B::ToEnum() == BIG_ENDIAN_ORDER ? "Panama-BE" : "Panama-LE";} - -protected: - void Init() {Panama<B>::Reset();} - void HashEndianCorrectedBlock(const word32 *data) {this->Iterate(1, data);} // push - size_t HashMultipleBlocks(const word32 *input, size_t length); - word32* StateBuf() {return NULL;} -}; -} - -//! MAC construction using a hermetic hash function -template <class T_Hash, class T_Info = T_Hash> -class HermeticHashFunctionMAC : public AlgorithmImpl<SimpleKeyingInterfaceImpl<TwoBases<MessageAuthenticationCode, VariableKeyLength<32, 0, INT_MAX> > >, T_Info> -{ -public: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) - { - m_key.Assign(key, length); - Restart(); - } - - void Restart() - { - m_hash.Restart(); - m_keyed = false; - } - - void Update(const byte *input, size_t length) - { - if (!m_keyed) - KeyHash(); - m_hash.Update(input, length); - } - - void TruncatedFinal(byte *digest, size_t digestSize) - { - if (!m_keyed) - KeyHash(); - m_hash.TruncatedFinal(digest, digestSize); - m_keyed = false; - } - - unsigned int DigestSize() const - {return m_hash.DigestSize();} - unsigned int BlockSize() const - {return m_hash.BlockSize();} - unsigned int OptimalBlockSize() const - {return m_hash.OptimalBlockSize();} - unsigned int OptimalDataAlignment() const - {return m_hash.OptimalDataAlignment();} - -protected: - void KeyHash() - { - m_hash.Update(m_key, m_key.size()); - m_keyed = true; - } - - T_Hash m_hash; - bool m_keyed; - SecByteBlock m_key; -}; - -namespace Weak { -/// Panama MAC -template <class B = LittleEndian> -class PanamaMAC : public HermeticHashFunctionMAC<PanamaHash<B> > -{ -public: - PanamaMAC() {} - PanamaMAC(const byte *key, unsigned int length) - {this->SetKey(key, length);} -}; -} - -//! algorithm info -template <class B> -struct PanamaCipherInfo : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 32> -{ - static const char * StaticAlgorithmName() {return B::ToEnum() == BIG_ENDIAN_ORDER ? "Panama-BE" : "Panama-LE";} -}; - -//! _ -template <class B> -class PanamaCipherPolicy : public AdditiveCipherConcretePolicy<word32, 8>, - public PanamaCipherInfo<B>, - protected Panama<B> -{ -protected: - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - bool CipherIsRandomAccess() const {return false;} - void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 - unsigned int GetAlignment() const; -#endif - - FixedSizeSecBlock<word32, 8> m_key; -}; - -//! <a href="http://www.cryptolounge.org/wiki/PANAMA">Panama Stream Cipher</a> -template <class B = LittleEndian> -struct PanamaCipher : public PanamaCipherInfo<B>, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal<ConcretePolicyHolder<PanamaCipherPolicy<B>, AdditiveCipherTemplate<> >, PanamaCipherInfo<B> > Encryption; - typedef Encryption Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/pch.cpp b/cryptopp562/pch.cpp deleted file mode 100644 index 1d9f38c..0000000 --- a/cryptopp562/pch.cpp +++ /dev/null @@ -1 +0,0 @@ -#include "pch.h" diff --git a/cryptopp562/pch.h b/cryptopp562/pch.h deleted file mode 100644 index 418c390..0000000 --- a/cryptopp562/pch.h +++ /dev/null @@ -1,21 +0,0 @@ -#ifndef CRYPTOPP_PCH_H -#define CRYPTOPP_PCH_H - -#ifdef CRYPTOPP_GENERATE_X64_MASM - - #include "cpu.h" - -#else - - #include "config.h" - - #ifdef USE_PRECOMPILED_HEADERS - #include "simple.h" - #include "secblock.h" - #include "misc.h" - #include "smartptr.h" - #endif - -#endif - -#endif diff --git a/cryptopp562/pkcspad.cpp b/cryptopp562/pkcspad.cpp deleted file mode 100644 index e1f1d1e..0000000 --- a/cryptopp562/pkcspad.cpp +++ /dev/null @@ -1,124 +0,0 @@ -// pkcspad.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_PKCSPAD_CPP // SunCC workaround: compiler could cause this file to be included twice -#define CRYPTOPP_PKCSPAD_CPP - -#include "pkcspad.h" -#include <assert.h> - -NAMESPACE_BEGIN(CryptoPP) - -// more in dll.cpp -template<> const byte PKCS_DigestDecoration<Weak1::MD2>::decoration[] = {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,0x04,0x10}; -template<> const unsigned int PKCS_DigestDecoration<Weak1::MD2>::length = sizeof(PKCS_DigestDecoration<Weak1::MD2>::decoration); - -template<> const byte PKCS_DigestDecoration<Weak1::MD5>::decoration[] = {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x04,0x10}; -template<> const unsigned int PKCS_DigestDecoration<Weak1::MD5>::length = sizeof(PKCS_DigestDecoration<Weak1::MD5>::decoration); - -template<> const byte PKCS_DigestDecoration<RIPEMD160>::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x24,0x03,0x02,0x01,0x05,0x00,0x04,0x14}; -template<> const unsigned int PKCS_DigestDecoration<RIPEMD160>::length = sizeof(PKCS_DigestDecoration<RIPEMD160>::decoration); - -template<> const byte PKCS_DigestDecoration<Tiger>::decoration[] = {0x30,0x29,0x30,0x0D,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0C,0x02,0x05,0x00,0x04,0x18}; -template<> const unsigned int PKCS_DigestDecoration<Tiger>::length = sizeof(PKCS_DigestDecoration<Tiger>::decoration); - -size_t PKCS_EncryptionPaddingScheme::MaxUnpaddedLength(size_t paddedLength) const -{ - return SaturatingSubtract(paddedLength/8, 10U); -} - -void PKCS_EncryptionPaddingScheme::Pad(RandomNumberGenerator &rng, const byte *input, size_t inputLen, byte *pkcsBlock, size_t pkcsBlockLen, const NameValuePairs ¶meters) const -{ - assert (inputLen <= MaxUnpaddedLength(pkcsBlockLen)); // this should be checked by caller - - // convert from bit length to byte length - if (pkcsBlockLen % 8 != 0) - { - pkcsBlock[0] = 0; - pkcsBlock++; - } - pkcsBlockLen /= 8; - - pkcsBlock[0] = 2; // block type 2 - - // pad with non-zero random bytes - for (unsigned i = 1; i < pkcsBlockLen-inputLen-1; i++) - pkcsBlock[i] = (byte)rng.GenerateWord32(1, 0xff); - - pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator - memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); -} - -DecodingResult PKCS_EncryptionPaddingScheme::Unpad(const byte *pkcsBlock, size_t pkcsBlockLen, byte *output, const NameValuePairs ¶meters) const -{ - bool invalid = false; - size_t maxOutputLen = MaxUnpaddedLength(pkcsBlockLen); - - // convert from bit length to byte length - if (pkcsBlockLen % 8 != 0) - { - invalid = (pkcsBlock[0] != 0) || invalid; - pkcsBlock++; - } - pkcsBlockLen /= 8; - - // Require block type 2. - invalid = (pkcsBlock[0] != 2) || invalid; - - // skip past the padding until we find the separator - size_t i=1; - while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body - } - assert(i==pkcsBlockLen || pkcsBlock[i-1]==0); - - size_t outputLen = pkcsBlockLen - i; - invalid = (outputLen > maxOutputLen) || invalid; - - if (invalid) - return DecodingResult(); - - memcpy (output, pkcsBlock+i, outputLen); - return DecodingResult(outputLen); -} - -// ******************************************************** - -#ifndef CRYPTOPP_IMPORTS - -void PKCS1v15_SignatureMessageEncodingMethod::ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize())); - - size_t pkcsBlockLen = representativeBitLength; - // convert from bit length to byte length - if (pkcsBlockLen % 8 != 0) - { - representative[0] = 0; - representative++; - } - pkcsBlockLen /= 8; - - representative[0] = 1; // block type 1 - - unsigned int digestSize = hash.DigestSize(); - byte *pPadding = representative + 1; - byte *pDigest = representative + pkcsBlockLen - digestSize; - byte *pHashId = pDigest - hashIdentifier.second; - byte *pSeparator = pHashId - 1; - - // pad with 0xff - memset(pPadding, 0xff, pSeparator-pPadding); - *pSeparator = 0; - memcpy(pHashId, hashIdentifier.first, hashIdentifier.second); - hash.Final(pDigest); -} - -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/pkcspad.h b/cryptopp562/pkcspad.h deleted file mode 100644 index 6371c76..0000000 --- a/cryptopp562/pkcspad.h +++ /dev/null @@ -1,94 +0,0 @@ -#ifndef CRYPTOPP_PKCSPAD_H -#define CRYPTOPP_PKCSPAD_H - -#include "cryptlib.h" -#include "pubkey.h" - -#ifdef CRYPTOPP_IS_DLL -#include "sha.h" -#endif - -NAMESPACE_BEGIN(CryptoPP) - -//! <a href="http://www.weidai.com/scan-mirror/ca.html#cem_PKCS1-1.5">EME-PKCS1-v1_5</a> -class PKCS_EncryptionPaddingScheme : public PK_EncryptionMessageEncodingMethod -{ -public: - static const char * StaticAlgorithmName() {return "EME-PKCS1-v1_5";} - - size_t MaxUnpaddedLength(size_t paddedLength) const; - void Pad(RandomNumberGenerator &rng, const byte *raw, size_t inputLength, byte *padded, size_t paddedLength, const NameValuePairs ¶meters) const; - DecodingResult Unpad(const byte *padded, size_t paddedLength, byte *raw, const NameValuePairs ¶meters) const; -}; - -template <class H> class PKCS_DigestDecoration -{ -public: - static const byte decoration[]; - static const unsigned int length; -}; - -// PKCS_DigestDecoration can be instantiated with the following -// classes as specified in PKCS#1 v2.0 and P1363a -class SHA1; -class RIPEMD160; -class Tiger; -class SHA224; -class SHA256; -class SHA384; -class SHA512; -namespace Weak1 { -class MD2; -class MD5; -} -// end of list - -#ifdef CRYPTOPP_IS_DLL -CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration<SHA1>; -CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration<SHA224>; -CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration<SHA256>; -CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration<SHA384>; -CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration<SHA512>; -#endif - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PKCS1-1.5">EMSA-PKCS1-v1_5</a> -class CRYPTOPP_DLL PKCS1v15_SignatureMessageEncodingMethod : public PK_DeterministicSignatureMessageEncodingMethod -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "EMSA-PKCS1-v1_5";} - - size_t MinRepresentativeBitLength(size_t hashIdentifierSize, size_t digestSize) const - {return 8 * (digestSize + hashIdentifierSize + 10);} - - void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; - - struct HashIdentifierLookup - { - template <class H> struct HashIdentifierLookup2 - { - static HashIdentifier Lookup() - { - return HashIdentifier(PKCS_DigestDecoration<H>::decoration, PKCS_DigestDecoration<H>::length); - } - }; - }; -}; - -//! PKCS #1 version 1.5, for use with RSAES and RSASS -/*! Only the following hash functions are supported by this signature standard: - \dontinclude pkcspad.h - \skip can be instantiated - \until end of list -*/ -struct PKCS1v15 : public SignatureStandard, public EncryptionStandard -{ - typedef PKCS_EncryptionPaddingScheme EncryptionMessageEncodingMethod; - typedef PKCS1v15_SignatureMessageEncodingMethod SignatureMessageEncodingMethod; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/polynomi.cpp b/cryptopp562/polynomi.cpp deleted file mode 100644 index 734cae9..0000000 --- a/cryptopp562/polynomi.cpp +++ /dev/null @@ -1,577 +0,0 @@ -// polynomi.cpp - written and placed in the public domain by Wei Dai - -// Part of the code for polynomial evaluation and interpolation -// originally came from Hal Finney's public domain secsplit.c. - -#include "pch.h" -#include "polynomi.h" -#include "secblock.h" - -#include <sstream> -#include <iostream> - -NAMESPACE_BEGIN(CryptoPP) - -template <class T> -void PolynomialOver<T>::Randomize(RandomNumberGenerator &rng, const RandomizationParameter ¶meter, const Ring &ring) -{ - m_coefficients.resize(parameter.m_coefficientCount); - for (unsigned int i=0; i<m_coefficients.size(); ++i) - m_coefficients[i] = ring.RandomElement(rng, parameter.m_coefficientParameter); -} - -template <class T> -void PolynomialOver<T>::FromStr(const char *str, const Ring &ring) -{ - std::istringstream in((char *)str); - bool positive = true; - CoefficientType coef; - unsigned int power; - - while (in) - { - std::ws(in); - if (in.peek() == 'x') - coef = ring.MultiplicativeIdentity(); - else - in >> coef; - - std::ws(in); - if (in.peek() == 'x') - { - in.get(); - std::ws(in); - if (in.peek() == '^') - { - in.get(); - in >> power; - } - else - power = 1; - } - else - power = 0; - - if (!positive) - coef = ring.Inverse(coef); - - SetCoefficient(power, coef, ring); - - std::ws(in); - switch (in.get()) - { - case '+': - positive = true; - break; - case '-': - positive = false; - break; - default: - return; // something's wrong with the input string - } - } -} - -template <class T> -unsigned int PolynomialOver<T>::CoefficientCount(const Ring &ring) const -{ - unsigned count = m_coefficients.size(); - while (count && ring.Equal(m_coefficients[count-1], ring.Identity())) - count--; - const_cast<std::vector<CoefficientType> &>(m_coefficients).resize(count); - return count; -} - -template <class T> -typename PolynomialOver<T>::CoefficientType PolynomialOver<T>::GetCoefficient(unsigned int i, const Ring &ring) const -{ - return (i < m_coefficients.size()) ? m_coefficients[i] : ring.Identity(); -} - -template <class T> -PolynomialOver<T>& PolynomialOver<T>::operator=(const PolynomialOver<T>& t) -{ - if (this != &t) - { - m_coefficients.resize(t.m_coefficients.size()); - for (unsigned int i=0; i<m_coefficients.size(); i++) - m_coefficients[i] = t.m_coefficients[i]; - } - return *this; -} - -template <class T> -PolynomialOver<T>& PolynomialOver<T>::Accumulate(const PolynomialOver<T>& t, const Ring &ring) -{ - unsigned int count = t.CoefficientCount(ring); - - if (count > CoefficientCount(ring)) - m_coefficients.resize(count, ring.Identity()); - - for (unsigned int i=0; i<count; i++) - ring.Accumulate(m_coefficients[i], t.GetCoefficient(i, ring)); - - return *this; -} - -template <class T> -PolynomialOver<T>& PolynomialOver<T>::Reduce(const PolynomialOver<T>& t, const Ring &ring) -{ - unsigned int count = t.CoefficientCount(ring); - - if (count > CoefficientCount(ring)) - m_coefficients.resize(count, ring.Identity()); - - for (unsigned int i=0; i<count; i++) - ring.Reduce(m_coefficients[i], t.GetCoefficient(i, ring)); - - return *this; -} - -template <class T> -typename PolynomialOver<T>::CoefficientType PolynomialOver<T>::EvaluateAt(const CoefficientType &x, const Ring &ring) const -{ - int degree = Degree(ring); - - if (degree < 0) - return ring.Identity(); - - CoefficientType result = m_coefficients[degree]; - for (int j=degree-1; j>=0; j--) - { - result = ring.Multiply(result, x); - ring.Accumulate(result, m_coefficients[j]); - } - return result; -} - -template <class T> -PolynomialOver<T>& PolynomialOver<T>::ShiftLeft(unsigned int n, const Ring &ring) -{ - unsigned int i = CoefficientCount(ring) + n; - m_coefficients.resize(i, ring.Identity()); - while (i > n) - { - i--; - m_coefficients[i] = m_coefficients[i-n]; - } - while (i) - { - i--; - m_coefficients[i] = ring.Identity(); - } - return *this; -} - -template <class T> -PolynomialOver<T>& PolynomialOver<T>::ShiftRight(unsigned int n, const Ring &ring) -{ - unsigned int count = CoefficientCount(ring); - if (count > n) - { - for (unsigned int i=0; i<count-n; i++) - m_coefficients[i] = m_coefficients[i+n]; - m_coefficients.resize(count-n, ring.Identity()); - } - else - m_coefficients.resize(0, ring.Identity()); - return *this; -} - -template <class T> -void PolynomialOver<T>::SetCoefficient(unsigned int i, const CoefficientType &value, const Ring &ring) -{ - if (i >= m_coefficients.size()) - m_coefficients.resize(i+1, ring.Identity()); - m_coefficients[i] = value; -} - -template <class T> -void PolynomialOver<T>::Negate(const Ring &ring) -{ - unsigned int count = CoefficientCount(ring); - for (unsigned int i=0; i<count; i++) - m_coefficients[i] = ring.Inverse(m_coefficients[i]); -} - -template <class T> -void PolynomialOver<T>::swap(PolynomialOver<T> &t) -{ - m_coefficients.swap(t.m_coefficients); -} - -template <class T> -bool PolynomialOver<T>::Equals(const PolynomialOver<T>& t, const Ring &ring) const -{ - unsigned int count = CoefficientCount(ring); - - if (count != t.CoefficientCount(ring)) - return false; - - for (unsigned int i=0; i<count; i++) - if (!ring.Equal(m_coefficients[i], t.m_coefficients[i])) - return false; - - return true; -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::Plus(const PolynomialOver<T>& t, const Ring &ring) const -{ - unsigned int i; - unsigned int count = CoefficientCount(ring); - unsigned int tCount = t.CoefficientCount(ring); - - if (count > tCount) - { - PolynomialOver<T> result(ring, count); - - for (i=0; i<tCount; i++) - result.m_coefficients[i] = ring.Add(m_coefficients[i], t.m_coefficients[i]); - for (; i<count; i++) - result.m_coefficients[i] = m_coefficients[i]; - - return result; - } - else - { - PolynomialOver<T> result(ring, tCount); - - for (i=0; i<count; i++) - result.m_coefficients[i] = ring.Add(m_coefficients[i], t.m_coefficients[i]); - for (; i<tCount; i++) - result.m_coefficients[i] = t.m_coefficients[i]; - - return result; - } -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::Minus(const PolynomialOver<T>& t, const Ring &ring) const -{ - unsigned int i; - unsigned int count = CoefficientCount(ring); - unsigned int tCount = t.CoefficientCount(ring); - - if (count > tCount) - { - PolynomialOver<T> result(ring, count); - - for (i=0; i<tCount; i++) - result.m_coefficients[i] = ring.Subtract(m_coefficients[i], t.m_coefficients[i]); - for (; i<count; i++) - result.m_coefficients[i] = m_coefficients[i]; - - return result; - } - else - { - PolynomialOver<T> result(ring, tCount); - - for (i=0; i<count; i++) - result.m_coefficients[i] = ring.Subtract(m_coefficients[i], t.m_coefficients[i]); - for (; i<tCount; i++) - result.m_coefficients[i] = ring.Inverse(t.m_coefficients[i]); - - return result; - } -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::Inverse(const Ring &ring) const -{ - unsigned int count = CoefficientCount(ring); - PolynomialOver<T> result(ring, count); - - for (unsigned int i=0; i<count; i++) - result.m_coefficients[i] = ring.Inverse(m_coefficients[i]); - - return result; -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::Times(const PolynomialOver<T>& t, const Ring &ring) const -{ - if (IsZero(ring) || t.IsZero(ring)) - return PolynomialOver<T>(); - - unsigned int count1 = CoefficientCount(ring), count2 = t.CoefficientCount(ring); - PolynomialOver<T> result(ring, count1 + count2 - 1); - - for (unsigned int i=0; i<count1; i++) - for (unsigned int j=0; j<count2; j++) - ring.Accumulate(result.m_coefficients[i+j], ring.Multiply(m_coefficients[i], t.m_coefficients[j])); - - return result; -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::DividedBy(const PolynomialOver<T>& t, const Ring &ring) const -{ - PolynomialOver<T> remainder, quotient; - Divide(remainder, quotient, *this, t, ring); - return quotient; -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::Modulo(const PolynomialOver<T>& t, const Ring &ring) const -{ - PolynomialOver<T> remainder, quotient; - Divide(remainder, quotient, *this, t, ring); - return remainder; -} - -template <class T> -PolynomialOver<T> PolynomialOver<T>::MultiplicativeInverse(const Ring &ring) const -{ - return Degree(ring)==0 ? ring.MultiplicativeInverse(m_coefficients[0]) : ring.Identity(); -} - -template <class T> -bool PolynomialOver<T>::IsUnit(const Ring &ring) const -{ - return Degree(ring)==0 && ring.IsUnit(m_coefficients[0]); -} - -template <class T> -std::istream& PolynomialOver<T>::Input(std::istream &in, const Ring &ring) -{ - char c; - unsigned int length = 0; - SecBlock<char> str(length + 16); - bool paren = false; - - std::ws(in); - - if (in.peek() == '(') - { - paren = true; - in.get(); - } - - do - { - in.read(&c, 1); - str[length++] = c; - if (length >= str.size()) - str.Grow(length + 16); - } - // if we started with a left paren, then read until we find a right paren, - // otherwise read until the end of the line - while (in && ((paren && c != ')') || (!paren && c != '\n'))); - - str[length-1] = '\0'; - *this = PolynomialOver<T>(str, ring); - - return in; -} - -template <class T> -std::ostream& PolynomialOver<T>::Output(std::ostream &out, const Ring &ring) const -{ - unsigned int i = CoefficientCount(ring); - if (i) - { - bool firstTerm = true; - - while (i--) - { - if (m_coefficients[i] != ring.Identity()) - { - if (firstTerm) - { - firstTerm = false; - if (!i || !ring.Equal(m_coefficients[i], ring.MultiplicativeIdentity())) - out << m_coefficients[i]; - } - else - { - CoefficientType inverse = ring.Inverse(m_coefficients[i]); - std::ostringstream pstr, nstr; - - pstr << m_coefficients[i]; - nstr << inverse; - - if (pstr.str().size() <= nstr.str().size()) - { - out << " + "; - if (!i || !ring.Equal(m_coefficients[i], ring.MultiplicativeIdentity())) - out << m_coefficients[i]; - } - else - { - out << " - "; - if (!i || !ring.Equal(inverse, ring.MultiplicativeIdentity())) - out << inverse; - } - } - - switch (i) - { - case 0: - break; - case 1: - out << "x"; - break; - default: - out << "x^" << i; - } - } - } - } - else - { - out << ring.Identity(); - } - return out; -} - -template <class T> -void PolynomialOver<T>::Divide(PolynomialOver<T> &r, PolynomialOver<T> &q, const PolynomialOver<T> &a, const PolynomialOver<T> &d, const Ring &ring) -{ - unsigned int i = a.CoefficientCount(ring); - const int dDegree = d.Degree(ring); - - if (dDegree < 0) - throw DivideByZero(); - - r = a; - q.m_coefficients.resize(STDMAX(0, int(i - dDegree))); - - while (i > (unsigned int)dDegree) - { - --i; - q.m_coefficients[i-dDegree] = ring.Divide(r.m_coefficients[i], d.m_coefficients[dDegree]); - for (int j=0; j<=dDegree; j++) - ring.Reduce(r.m_coefficients[i-dDegree+j], ring.Multiply(q.m_coefficients[i-dDegree], d.m_coefficients[j])); - } - - r.CoefficientCount(ring); // resize r.m_coefficients -} - -// ******************************************************** - -// helper function for Interpolate() and InterpolateAt() -template <class T> -void RingOfPolynomialsOver<T>::CalculateAlpha(std::vector<CoefficientType> &alpha, const CoefficientType x[], const CoefficientType y[], unsigned int n) const -{ - for (unsigned int j=0; j<n; ++j) - alpha[j] = y[j]; - - for (unsigned int k=1; k<n; ++k) - { - for (unsigned int j=n-1; j>=k; --j) - { - m_ring.Reduce(alpha[j], alpha[j-1]); - - CoefficientType d = m_ring.Subtract(x[j], x[j-k]); - if (!m_ring.IsUnit(d)) - throw InterpolationFailed(); - alpha[j] = m_ring.Divide(alpha[j], d); - } - } -} - -template <class T> -typename RingOfPolynomialsOver<T>::Element RingOfPolynomialsOver<T>::Interpolate(const CoefficientType x[], const CoefficientType y[], unsigned int n) const -{ - assert(n > 0); - - std::vector<CoefficientType> alpha(n); - CalculateAlpha(alpha, x, y, n); - - std::vector<CoefficientType> coefficients((size_t)n, m_ring.Identity()); - coefficients[0] = alpha[n-1]; - - for (int j=n-2; j>=0; --j) - { - for (unsigned int i=n-j-1; i>0; i--) - coefficients[i] = m_ring.Subtract(coefficients[i-1], m_ring.Multiply(coefficients[i], x[j])); - - coefficients[0] = m_ring.Subtract(alpha[j], m_ring.Multiply(coefficients[0], x[j])); - } - - return PolynomialOver<T>(coefficients.begin(), coefficients.end()); -} - -template <class T> -typename RingOfPolynomialsOver<T>::CoefficientType RingOfPolynomialsOver<T>::InterpolateAt(const CoefficientType &position, const CoefficientType x[], const CoefficientType y[], unsigned int n) const -{ - assert(n > 0); - - std::vector<CoefficientType> alpha(n); - CalculateAlpha(alpha, x, y, n); - - CoefficientType result = alpha[n-1]; - for (int j=n-2; j>=0; --j) - { - result = m_ring.Multiply(result, m_ring.Subtract(position, x[j])); - m_ring.Accumulate(result, alpha[j]); - } - return result; -} - -template <class Ring, class Element> -void PrepareBulkPolynomialInterpolation(const Ring &ring, Element *w, const Element x[], unsigned int n) -{ - for (unsigned int i=0; i<n; i++) - { - Element t = ring.MultiplicativeIdentity(); - for (unsigned int j=0; j<n; j++) - if (i != j) - t = ring.Multiply(t, ring.Subtract(x[i], x[j])); - w[i] = ring.MultiplicativeInverse(t); - } -} - -template <class Ring, class Element> -void PrepareBulkPolynomialInterpolationAt(const Ring &ring, Element *v, const Element &position, const Element x[], const Element w[], unsigned int n) -{ - assert(n > 0); - - std::vector<Element> a(2*n-1); - unsigned int i; - - for (i=0; i<n; i++) - a[n-1+i] = ring.Subtract(position, x[i]); - - for (i=n-1; i>1; i--) - a[i-1] = ring.Multiply(a[2*i], a[2*i-1]); - - a[0] = ring.MultiplicativeIdentity(); - - for (i=0; i<n-1; i++) - { - std::swap(a[2*i+1], a[2*i+2]); - a[2*i+1] = ring.Multiply(a[i], a[2*i+1]); - a[2*i+2] = ring.Multiply(a[i], a[2*i+2]); - } - - for (i=0; i<n; i++) - v[i] = ring.Multiply(a[n-1+i], w[i]); -} - -template <class Ring, class Element> -Element BulkPolynomialInterpolateAt(const Ring &ring, const Element y[], const Element v[], unsigned int n) -{ - Element result = ring.Identity(); - for (unsigned int i=0; i<n; i++) - ring.Accumulate(result, ring.Multiply(y[i], v[i])); - return result; -} - -// ******************************************************** - -template <class T, int instance> -const PolynomialOverFixedRing<T, instance> &PolynomialOverFixedRing<T, instance>::Zero() -{ - return Singleton<ThisType>().Ref(); -} - -template <class T, int instance> -const PolynomialOverFixedRing<T, instance> &PolynomialOverFixedRing<T, instance>::One() -{ - return Singleton<ThisType, NewOnePolynomial>().Ref(); -} - -NAMESPACE_END diff --git a/cryptopp562/polynomi.h b/cryptopp562/polynomi.h deleted file mode 100644 index cddadae..0000000 --- a/cryptopp562/polynomi.h +++ /dev/null @@ -1,459 +0,0 @@ -#ifndef CRYPTOPP_POLYNOMI_H -#define CRYPTOPP_POLYNOMI_H - -/*! \file */ - -#include "cryptlib.h" -#include "misc.h" -#include "algebra.h" - -#include <iosfwd> -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -//! represents single-variable polynomials over arbitrary rings -/*! \nosubgrouping */ -template <class T> class PolynomialOver -{ -public: - //! \name ENUMS, EXCEPTIONS, and TYPEDEFS - //@{ - //! division by zero exception - class DivideByZero : public Exception - { - public: - DivideByZero() : Exception(OTHER_ERROR, "PolynomialOver<T>: division by zero") {} - }; - - //! specify the distribution for randomization functions - class RandomizationParameter - { - public: - RandomizationParameter(unsigned int coefficientCount, const typename T::RandomizationParameter &coefficientParameter ) - : m_coefficientCount(coefficientCount), m_coefficientParameter(coefficientParameter) {} - - private: - unsigned int m_coefficientCount; - typename T::RandomizationParameter m_coefficientParameter; - friend class PolynomialOver<T>; - }; - - typedef T Ring; - typedef typename T::Element CoefficientType; - //@} - - //! \name CREATORS - //@{ - //! creates the zero polynomial - PolynomialOver() {} - - //! - PolynomialOver(const Ring &ring, unsigned int count) - : m_coefficients((size_t)count, ring.Identity()) {} - - //! copy constructor - PolynomialOver(const PolynomialOver<Ring> &t) - : m_coefficients(t.m_coefficients.size()) {*this = t;} - - //! construct constant polynomial - PolynomialOver(const CoefficientType &element) - : m_coefficients(1, element) {} - - //! construct polynomial with specified coefficients, starting from coefficient of x^0 - template <typename Iterator> PolynomialOver(Iterator begin, Iterator end) - : m_coefficients(begin, end) {} - - //! convert from string - PolynomialOver(const char *str, const Ring &ring) {FromStr(str, ring);} - - //! convert from big-endian byte array - PolynomialOver(const byte *encodedPolynomialOver, unsigned int byteCount); - - //! convert from Basic Encoding Rules encoded byte array - explicit PolynomialOver(const byte *BEREncodedPolynomialOver); - - //! convert from BER encoded byte array stored in a BufferedTransformation object - explicit PolynomialOver(BufferedTransformation &bt); - - //! create a random PolynomialOver<T> - PolynomialOver(RandomNumberGenerator &rng, const RandomizationParameter ¶meter, const Ring &ring) - {Randomize(rng, parameter, ring);} - //@} - - //! \name ACCESSORS - //@{ - //! the zero polynomial will return a degree of -1 - int Degree(const Ring &ring) const {return int(CoefficientCount(ring))-1;} - //! - unsigned int CoefficientCount(const Ring &ring) const; - //! return coefficient for x^i - CoefficientType GetCoefficient(unsigned int i, const Ring &ring) const; - //@} - - //! \name MANIPULATORS - //@{ - //! - PolynomialOver<Ring>& operator=(const PolynomialOver<Ring>& t); - - //! - void Randomize(RandomNumberGenerator &rng, const RandomizationParameter ¶meter, const Ring &ring); - - //! set the coefficient for x^i to value - void SetCoefficient(unsigned int i, const CoefficientType &value, const Ring &ring); - - //! - void Negate(const Ring &ring); - - //! - void swap(PolynomialOver<Ring> &t); - //@} - - - //! \name BASIC ARITHMETIC ON POLYNOMIALS - //@{ - bool Equals(const PolynomialOver<Ring> &t, const Ring &ring) const; - bool IsZero(const Ring &ring) const {return CoefficientCount(ring)==0;} - - PolynomialOver<Ring> Plus(const PolynomialOver<Ring>& t, const Ring &ring) const; - PolynomialOver<Ring> Minus(const PolynomialOver<Ring>& t, const Ring &ring) const; - PolynomialOver<Ring> Inverse(const Ring &ring) const; - - PolynomialOver<Ring> Times(const PolynomialOver<Ring>& t, const Ring &ring) const; - PolynomialOver<Ring> DividedBy(const PolynomialOver<Ring>& t, const Ring &ring) const; - PolynomialOver<Ring> Modulo(const PolynomialOver<Ring>& t, const Ring &ring) const; - PolynomialOver<Ring> MultiplicativeInverse(const Ring &ring) const; - bool IsUnit(const Ring &ring) const; - - PolynomialOver<Ring>& Accumulate(const PolynomialOver<Ring>& t, const Ring &ring); - PolynomialOver<Ring>& Reduce(const PolynomialOver<Ring>& t, const Ring &ring); - - //! - PolynomialOver<Ring> Doubled(const Ring &ring) const {return Plus(*this, ring);} - //! - PolynomialOver<Ring> Squared(const Ring &ring) const {return Times(*this, ring);} - - CoefficientType EvaluateAt(const CoefficientType &x, const Ring &ring) const; - - PolynomialOver<Ring>& ShiftLeft(unsigned int n, const Ring &ring); - PolynomialOver<Ring>& ShiftRight(unsigned int n, const Ring &ring); - - //! calculate r and q such that (a == d*q + r) && (0 <= degree of r < degree of d) - static void Divide(PolynomialOver<Ring> &r, PolynomialOver<Ring> &q, const PolynomialOver<Ring> &a, const PolynomialOver<Ring> &d, const Ring &ring); - //@} - - //! \name INPUT/OUTPUT - //@{ - std::istream& Input(std::istream &in, const Ring &ring); - std::ostream& Output(std::ostream &out, const Ring &ring) const; - //@} - -private: - void FromStr(const char *str, const Ring &ring); - - std::vector<CoefficientType> m_coefficients; -}; - -//! Polynomials over a fixed ring -/*! Having a fixed ring allows overloaded operators */ -template <class T, int instance> class PolynomialOverFixedRing : private PolynomialOver<T> -{ - typedef PolynomialOver<T> B; - typedef PolynomialOverFixedRing<T, instance> ThisType; - -public: - typedef T Ring; - typedef typename T::Element CoefficientType; - typedef typename B::DivideByZero DivideByZero; - typedef typename B::RandomizationParameter RandomizationParameter; - - //! \name CREATORS - //@{ - //! creates the zero polynomial - PolynomialOverFixedRing(unsigned int count = 0) : B(ms_fixedRing, count) {} - - //! copy constructor - PolynomialOverFixedRing(const ThisType &t) : B(t) {} - - explicit PolynomialOverFixedRing(const B &t) : B(t) {} - - //! construct constant polynomial - PolynomialOverFixedRing(const CoefficientType &element) : B(element) {} - - //! construct polynomial with specified coefficients, starting from coefficient of x^0 - template <typename Iterator> PolynomialOverFixedRing(Iterator first, Iterator last) - : B(first, last) {} - - //! convert from string - explicit PolynomialOverFixedRing(const char *str) : B(str, ms_fixedRing) {} - - //! convert from big-endian byte array - PolynomialOverFixedRing(const byte *encodedPoly, unsigned int byteCount) : B(encodedPoly, byteCount) {} - - //! convert from Basic Encoding Rules encoded byte array - explicit PolynomialOverFixedRing(const byte *BEREncodedPoly) : B(BEREncodedPoly) {} - - //! convert from BER encoded byte array stored in a BufferedTransformation object - explicit PolynomialOverFixedRing(BufferedTransformation &bt) : B(bt) {} - - //! create a random PolynomialOverFixedRing - PolynomialOverFixedRing(RandomNumberGenerator &rng, const RandomizationParameter ¶meter) : B(rng, parameter, ms_fixedRing) {} - - static const ThisType &Zero(); - static const ThisType &One(); - //@} - - //! \name ACCESSORS - //@{ - //! the zero polynomial will return a degree of -1 - int Degree() const {return B::Degree(ms_fixedRing);} - //! degree + 1 - unsigned int CoefficientCount() const {return B::CoefficientCount(ms_fixedRing);} - //! return coefficient for x^i - CoefficientType GetCoefficient(unsigned int i) const {return B::GetCoefficient(i, ms_fixedRing);} - //! return coefficient for x^i - CoefficientType operator[](unsigned int i) const {return B::GetCoefficient(i, ms_fixedRing);} - //@} - - //! \name MANIPULATORS - //@{ - //! - ThisType& operator=(const ThisType& t) {B::operator=(t); return *this;} - //! - ThisType& operator+=(const ThisType& t) {Accumulate(t, ms_fixedRing); return *this;} - //! - ThisType& operator-=(const ThisType& t) {Reduce(t, ms_fixedRing); return *this;} - //! - ThisType& operator*=(const ThisType& t) {return *this = *this*t;} - //! - ThisType& operator/=(const ThisType& t) {return *this = *this/t;} - //! - ThisType& operator%=(const ThisType& t) {return *this = *this%t;} - - //! - ThisType& operator<<=(unsigned int n) {ShiftLeft(n, ms_fixedRing); return *this;} - //! - ThisType& operator>>=(unsigned int n) {ShiftRight(n, ms_fixedRing); return *this;} - - //! set the coefficient for x^i to value - void SetCoefficient(unsigned int i, const CoefficientType &value) {B::SetCoefficient(i, value, ms_fixedRing);} - - //! - void Randomize(RandomNumberGenerator &rng, const RandomizationParameter ¶meter) {B::Randomize(rng, parameter, ms_fixedRing);} - - //! - void Negate() {B::Negate(ms_fixedRing);} - - void swap(ThisType &t) {B::swap(t);} - //@} - - //! \name UNARY OPERATORS - //@{ - //! - bool operator!() const {return CoefficientCount()==0;} - //! - ThisType operator+() const {return *this;} - //! - ThisType operator-() const {return ThisType(Inverse(ms_fixedRing));} - //@} - - //! \name BINARY OPERATORS - //@{ - //! - friend ThisType operator>>(ThisType a, unsigned int n) {return ThisType(a>>=n);} - //! - friend ThisType operator<<(ThisType a, unsigned int n) {return ThisType(a<<=n);} - //@} - - //! \name OTHER ARITHMETIC FUNCTIONS - //@{ - //! - ThisType MultiplicativeInverse() const {return ThisType(B::MultiplicativeInverse(ms_fixedRing));} - //! - bool IsUnit() const {return B::IsUnit(ms_fixedRing);} - - //! - ThisType Doubled() const {return ThisType(B::Doubled(ms_fixedRing));} - //! - ThisType Squared() const {return ThisType(B::Squared(ms_fixedRing));} - - CoefficientType EvaluateAt(const CoefficientType &x) const {return B::EvaluateAt(x, ms_fixedRing);} - - //! calculate r and q such that (a == d*q + r) && (0 <= r < abs(d)) - static void Divide(ThisType &r, ThisType &q, const ThisType &a, const ThisType &d) - {B::Divide(r, q, a, d, ms_fixedRing);} - //@} - - //! \name INPUT/OUTPUT - //@{ - //! - friend std::istream& operator>>(std::istream& in, ThisType &a) - {return a.Input(in, ms_fixedRing);} - //! - friend std::ostream& operator<<(std::ostream& out, const ThisType &a) - {return a.Output(out, ms_fixedRing);} - //@} - -private: - struct NewOnePolynomial - { - ThisType * operator()() const - { - return new ThisType(ms_fixedRing.MultiplicativeIdentity()); - } - }; - - static const Ring ms_fixedRing; -}; - -//! Ring of polynomials over another ring -template <class T> class RingOfPolynomialsOver : public AbstractEuclideanDomain<PolynomialOver<T> > -{ -public: - typedef T CoefficientRing; - typedef PolynomialOver<T> Element; - typedef typename Element::CoefficientType CoefficientType; - typedef typename Element::RandomizationParameter RandomizationParameter; - - RingOfPolynomialsOver(const CoefficientRing &ring) : m_ring(ring) {} - - Element RandomElement(RandomNumberGenerator &rng, const RandomizationParameter ¶meter) - {return Element(rng, parameter, m_ring);} - - bool Equal(const Element &a, const Element &b) const - {return a.Equals(b, m_ring);} - - const Element& Identity() const - {return this->result = m_ring.Identity();} - - const Element& Add(const Element &a, const Element &b) const - {return this->result = a.Plus(b, m_ring);} - - Element& Accumulate(Element &a, const Element &b) const - {a.Accumulate(b, m_ring); return a;} - - const Element& Inverse(const Element &a) const - {return this->result = a.Inverse(m_ring);} - - const Element& Subtract(const Element &a, const Element &b) const - {return this->result = a.Minus(b, m_ring);} - - Element& Reduce(Element &a, const Element &b) const - {return a.Reduce(b, m_ring);} - - const Element& Double(const Element &a) const - {return this->result = a.Doubled(m_ring);} - - const Element& MultiplicativeIdentity() const - {return this->result = m_ring.MultiplicativeIdentity();} - - const Element& Multiply(const Element &a, const Element &b) const - {return this->result = a.Times(b, m_ring);} - - const Element& Square(const Element &a) const - {return this->result = a.Squared(m_ring);} - - bool IsUnit(const Element &a) const - {return a.IsUnit(m_ring);} - - const Element& MultiplicativeInverse(const Element &a) const - {return this->result = a.MultiplicativeInverse(m_ring);} - - const Element& Divide(const Element &a, const Element &b) const - {return this->result = a.DividedBy(b, m_ring);} - - const Element& Mod(const Element &a, const Element &b) const - {return this->result = a.Modulo(b, m_ring);} - - void DivisionAlgorithm(Element &r, Element &q, const Element &a, const Element &d) const - {Element::Divide(r, q, a, d, m_ring);} - - class InterpolationFailed : public Exception - { - public: - InterpolationFailed() : Exception(OTHER_ERROR, "RingOfPolynomialsOver<T>: interpolation failed") {} - }; - - Element Interpolate(const CoefficientType x[], const CoefficientType y[], unsigned int n) const; - - // a faster version of Interpolate(x, y, n).EvaluateAt(position) - CoefficientType InterpolateAt(const CoefficientType &position, const CoefficientType x[], const CoefficientType y[], unsigned int n) const; -/* - void PrepareBulkInterpolation(CoefficientType *w, const CoefficientType x[], unsigned int n) const; - void PrepareBulkInterpolationAt(CoefficientType *v, const CoefficientType &position, const CoefficientType x[], const CoefficientType w[], unsigned int n) const; - CoefficientType BulkInterpolateAt(const CoefficientType y[], const CoefficientType v[], unsigned int n) const; -*/ -protected: - void CalculateAlpha(std::vector<CoefficientType> &alpha, const CoefficientType x[], const CoefficientType y[], unsigned int n) const; - - CoefficientRing m_ring; -}; - -template <class Ring, class Element> -void PrepareBulkPolynomialInterpolation(const Ring &ring, Element *w, const Element x[], unsigned int n); -template <class Ring, class Element> -void PrepareBulkPolynomialInterpolationAt(const Ring &ring, Element *v, const Element &position, const Element x[], const Element w[], unsigned int n); -template <class Ring, class Element> -Element BulkPolynomialInterpolateAt(const Ring &ring, const Element y[], const Element v[], unsigned int n); - -//! -template <class T, int instance> -inline bool operator==(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return a.Equals(b, a.ms_fixedRing);} -//! -template <class T, int instance> -inline bool operator!=(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return !(a==b);} - -//! -template <class T, int instance> -inline bool operator> (const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return a.Degree() > b.Degree();} -//! -template <class T, int instance> -inline bool operator>=(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return a.Degree() >= b.Degree();} -//! -template <class T, int instance> -inline bool operator< (const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return a.Degree() < b.Degree();} -//! -template <class T, int instance> -inline bool operator<=(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return a.Degree() <= b.Degree();} - -//! -template <class T, int instance> -inline CryptoPP::PolynomialOverFixedRing<T, instance> operator+(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return CryptoPP::PolynomialOverFixedRing<T, instance>(a.Plus(b, a.ms_fixedRing));} -//! -template <class T, int instance> -inline CryptoPP::PolynomialOverFixedRing<T, instance> operator-(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return CryptoPP::PolynomialOverFixedRing<T, instance>(a.Minus(b, a.ms_fixedRing));} -//! -template <class T, int instance> -inline CryptoPP::PolynomialOverFixedRing<T, instance> operator*(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return CryptoPP::PolynomialOverFixedRing<T, instance>(a.Times(b, a.ms_fixedRing));} -//! -template <class T, int instance> -inline CryptoPP::PolynomialOverFixedRing<T, instance> operator/(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return CryptoPP::PolynomialOverFixedRing<T, instance>(a.DividedBy(b, a.ms_fixedRing));} -//! -template <class T, int instance> -inline CryptoPP::PolynomialOverFixedRing<T, instance> operator%(const CryptoPP::PolynomialOverFixedRing<T, instance> &a, const CryptoPP::PolynomialOverFixedRing<T, instance> &b) - {return CryptoPP::PolynomialOverFixedRing<T, instance>(a.Modulo(b, a.ms_fixedRing));} - -NAMESPACE_END - -NAMESPACE_BEGIN(std) -template<class T> inline void swap(CryptoPP::PolynomialOver<T> &a, CryptoPP::PolynomialOver<T> &b) -{ - a.swap(b); -} -template<class T, int i> inline void swap(CryptoPP::PolynomialOverFixedRing<T,i> &a, CryptoPP::PolynomialOverFixedRing<T,i> &b) -{ - a.swap(b); -} -NAMESPACE_END - -#endif diff --git a/cryptopp562/pssr.cpp b/cryptopp562/pssr.cpp deleted file mode 100644 index ccbe4ee..0000000 --- a/cryptopp562/pssr.cpp +++ /dev/null @@ -1,145 +0,0 @@ -// pssr.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "pssr.h" -#include <functional> - -NAMESPACE_BEGIN(CryptoPP) - -// more in dll.cpp -template<> const byte EMSA2HashId<RIPEMD160>::id = 0x31; -template<> const byte EMSA2HashId<RIPEMD128>::id = 0x32; -template<> const byte EMSA2HashId<Whirlpool>::id = 0x37; - -#ifndef CRYPTOPP_IMPORTS - -size_t PSSR_MEM_Base::MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const -{ - size_t saltLen = SaltLen(digestLength); - size_t minPadLen = MinPadLen(digestLength); - return 9 + 8*(minPadLen + saltLen + digestLength + hashIdentifierLength); -} - -size_t PSSR_MEM_Base::MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const -{ - if (AllowRecovery()) - return SaturatingSubtract(representativeBitLength, MinRepresentativeBitLength(hashIdentifierLength, digestLength)) / 8; - return 0; -} - -bool PSSR_MEM_Base::IsProbabilistic() const -{ - return SaltLen(1) > 0; -} - -bool PSSR_MEM_Base::AllowNonrecoverablePart() const -{ - return true; -} - -bool PSSR_MEM_Base::RecoverablePartFirst() const -{ - return false; -} - -void PSSR_MEM_Base::ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize())); - - const size_t u = hashIdentifier.second + 1; - const size_t representativeByteLength = BitsToBytes(representativeBitLength); - const size_t digestSize = hash.DigestSize(); - const size_t saltSize = SaltLen(digestSize); - byte *const h = representative + representativeByteLength - u - digestSize; - - SecByteBlock digest(digestSize), salt(saltSize); - hash.Final(digest); - rng.GenerateBlock(salt, saltSize); - - // compute H = hash of M' - byte c[8]; - PutWord(false, BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength)); - PutWord(false, BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3)); - hash.Update(c, 8); - hash.Update(recoverableMessage, recoverableMessageLength); - hash.Update(digest, digestSize); - hash.Update(salt, saltSize); - hash.Final(h); - - // compute representative - GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize, false); - byte *xorStart = representative + representativeByteLength - u - digestSize - salt.size() - recoverableMessageLength - 1; - xorStart[0] ^= 1; - xorbuf(xorStart + 1, recoverableMessage, recoverableMessageLength); - xorbuf(xorStart + 1 + recoverableMessageLength, salt, salt.size()); - memcpy(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second); - representative[representativeByteLength - 1] = hashIdentifier.second ? 0xcc : 0xbc; - if (representativeBitLength % 8 != 0) - representative[0] = (byte)Crop(representative[0], representativeBitLength % 8); -} - -DecodingResult PSSR_MEM_Base::RecoverMessageFromRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength, - byte *recoverableMessage) const -{ - assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize())); - - const size_t u = hashIdentifier.second + 1; - const size_t representativeByteLength = BitsToBytes(representativeBitLength); - const size_t digestSize = hash.DigestSize(); - const size_t saltSize = SaltLen(digestSize); - const byte *const h = representative + representativeByteLength - u - digestSize; - - SecByteBlock digest(digestSize); - hash.Final(digest); - - DecodingResult result(0); - bool &valid = result.isValidCoding; - size_t &recoverableMessageLength = result.messageLength; - - valid = (representative[representativeByteLength - 1] == (hashIdentifier.second ? 0xcc : 0xbc)) && valid; - valid = VerifyBufsEqual(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second) && valid; - - GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize); - if (representativeBitLength % 8 != 0) - representative[0] = (byte)Crop(representative[0], representativeBitLength % 8); - - // extract salt and recoverableMessage from DB = 00 ... || 01 || M || salt - byte *salt = representative + representativeByteLength - u - digestSize - saltSize; - byte *M = std::find_if(representative, salt-1, std::bind2nd(std::not_equal_to<byte>(), 0)); - recoverableMessageLength = salt-M-1; - if (*M == 0x01 - && (size_t)(M - representative - (representativeBitLength % 8 != 0)) >= MinPadLen(digestSize) - && recoverableMessageLength <= MaxRecoverableLength(representativeBitLength, hashIdentifier.second, digestSize)) - { - memcpy(recoverableMessage, M+1, recoverableMessageLength); - } - else - { - recoverableMessageLength = 0; - valid = false; - } - - // verify H = hash of M' - byte c[8]; - PutWord(false, BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength)); - PutWord(false, BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3)); - hash.Update(c, 8); - hash.Update(recoverableMessage, recoverableMessageLength); - hash.Update(digest, digestSize); - hash.Update(salt, saltSize); - valid = hash.Verify(h) && valid; - - if (!AllowRecovery() && valid && recoverableMessageLength != 0) - {throw NotImplemented("PSSR_MEM: message recovery disabled");} - - return result; -} - -#endif - -NAMESPACE_END diff --git a/cryptopp562/pssr.h b/cryptopp562/pssr.h deleted file mode 100644 index 6ec6936..0000000 --- a/cryptopp562/pssr.h +++ /dev/null @@ -1,66 +0,0 @@ -#ifndef CRYPTOPP_PSSR_H -#define CRYPTOPP_PSSR_H - -#include "pubkey.h" -#include "emsa2.h" - -#ifdef CRYPTOPP_IS_DLL -#include "sha.h" -#endif - -NAMESPACE_BEGIN(CryptoPP) - -class CRYPTOPP_DLL PSSR_MEM_Base : public PK_RecoverableSignatureMessageEncodingMethod -{ - virtual bool AllowRecovery() const =0; - virtual size_t SaltLen(size_t hashLen) const =0; - virtual size_t MinPadLen(size_t hashLen) const =0; - virtual const MaskGeneratingFunction & GetMGF() const =0; - -public: - size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const; - size_t MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const; - bool IsProbabilistic() const; - bool AllowNonrecoverablePart() const; - bool RecoverablePartFirst() const; - void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; - DecodingResult RecoverMessageFromRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength, - byte *recoverableMessage) const; -}; - -template <bool USE_HASH_ID> class PSSR_MEM_BaseWithHashId; -template<> class PSSR_MEM_BaseWithHashId<true> : public EMSA2HashIdLookup<PSSR_MEM_Base> {}; -template<> class PSSR_MEM_BaseWithHashId<false> : public PSSR_MEM_Base {}; - -template <bool ALLOW_RECOVERY, class MGF=P1363_MGF1, int SALT_LEN=-1, int MIN_PAD_LEN=0, bool USE_HASH_ID=false> -class PSSR_MEM : public PSSR_MEM_BaseWithHashId<USE_HASH_ID> -{ - virtual bool AllowRecovery() const {return ALLOW_RECOVERY;} - virtual size_t SaltLen(size_t hashLen) const {return SALT_LEN < 0 ? hashLen : SALT_LEN;} - virtual size_t MinPadLen(size_t hashLen) const {return MIN_PAD_LEN < 0 ? hashLen : MIN_PAD_LEN;} - virtual const MaskGeneratingFunction & GetMGF() const {static MGF mgf; return mgf;} - -public: - static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(ALLOW_RECOVERY ? "PSSR-" : "PSS-") + MGF::StaticAlgorithmName();} -}; - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSSR-MGF1">PSSR-MGF1</a> -struct PSSR : public SignatureStandard -{ - typedef PSSR_MEM<true> SignatureMessageEncodingMethod; -}; - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSS-MGF1">PSS-MGF1</a> -struct PSS : public SignatureStandard -{ - typedef PSSR_MEM<false> SignatureMessageEncodingMethod; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/pubkey.cpp b/cryptopp562/pubkey.cpp deleted file mode 100644 index 1159e53..0000000 --- a/cryptopp562/pubkey.cpp +++ /dev/null @@ -1,165 +0,0 @@ -// pubkey.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "pubkey.h" - -NAMESPACE_BEGIN(CryptoPP) - -void P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, const byte *derivationParams, size_t derivationParamsLength, bool mask, unsigned int counterStart) -{ - ArraySink *sink; - HashFilter filter(hash, sink = mask ? new ArrayXorSink(output, outputLength) : new ArraySink(output, outputLength)); - word32 counter = counterStart; - while (sink->AvailableSize() > 0) - { - filter.Put(input, inputLength); - filter.PutWord32(counter++); - filter.Put(derivationParams, derivationParamsLength); - filter.MessageEnd(); - } -} - -bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - SecByteBlock computedRepresentative(BitsToBytes(representativeBitLength)); - ComputeMessageRepresentative(NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength); - return VerifyBufsEqual(representative, computedRepresentative, computedRepresentative.size()); -} - -bool PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const -{ - SecByteBlock recoveredMessage(MaxRecoverableLength(representativeBitLength, hashIdentifier.second, hash.DigestSize())); - DecodingResult result = RecoverMessageFromRepresentative( - hash, hashIdentifier, messageEmpty, representative, representativeBitLength, recoveredMessage); - return result.isValidCoding && result.messageLength == 0; -} - -void TF_SignerBase::InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const -{ - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - HashIdentifier id = GetHashIdentifier(); - const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); - - if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) - throw PK_SignatureScheme::KeyTooShort(); - - size_t maxRecoverableLength = encoding.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().DigestSize()); - - if (maxRecoverableLength == 0) - {throw NotImplemented("TF_SignerBase: this algorithm does not support messsage recovery or the key is too short");} - if (recoverableMessageLength > maxRecoverableLength) - throw InvalidArgument("TF_SignerBase: the recoverable message part is too long for the given key and algorithm"); - - ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength); - encoding.ProcessRecoverableMessage( - ma.AccessHash(), - recoverableMessage, recoverableMessageLength, - NULL, 0, ma.m_semisignature); -} - -size_t TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const -{ - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - HashIdentifier id = GetHashIdentifier(); - const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); - - if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) - throw PK_SignatureScheme::KeyTooShort(); - - SecByteBlock representative(MessageRepresentativeLength()); - encoding.ComputeMessageRepresentative(rng, - ma.m_recoverableMessage, ma.m_recoverableMessage.size(), - ma.AccessHash(), id, ma.m_empty, - representative, MessageRepresentativeBitLength()); - ma.m_empty = true; - - Integer r(representative, representative.size()); - size_t signatureLength = SignatureLength(); - GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength); - return signatureLength; -} - -void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const -{ - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - HashIdentifier id = GetHashIdentifier(); - const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); - - if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) - throw PK_SignatureScheme::KeyTooShort(); - - ma.m_representative.New(MessageRepresentativeLength()); - Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength)); - if (x.BitCount() > MessageRepresentativeBitLength()) - x = Integer::Zero(); // don't return false here to prevent timing attack - x.Encode(ma.m_representative, ma.m_representative.size()); -} - -bool TF_VerifierBase::VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const -{ - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - HashIdentifier id = GetHashIdentifier(); - const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); - - if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) - throw PK_SignatureScheme::KeyTooShort(); - - bool result = encoding.VerifyMessageRepresentative( - ma.AccessHash(), id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength()); - ma.m_empty = true; - return result; -} - -DecodingResult TF_VerifierBase::RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const -{ - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - HashIdentifier id = GetHashIdentifier(); - const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); - - if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) - throw PK_SignatureScheme::KeyTooShort(); - - DecodingResult result = encoding.RecoverMessageFromRepresentative( - ma.AccessHash(), id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage); - ma.m_empty = true; - return result; -} - -DecodingResult TF_DecryptorBase::Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const -{ - if (ciphertextLength != FixedCiphertextLength()) - throw InvalidArgument(AlgorithmName() + ": ciphertext length of " + IntToString(ciphertextLength) + " doesn't match the required length of " + IntToString(FixedCiphertextLength()) + " for this key"); - - SecByteBlock paddedBlock(PaddedBlockByteLength()); - Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(ciphertext, ciphertextLength)); - if (x.ByteCount() > paddedBlock.size()) - x = Integer::Zero(); // don't return false here to prevent timing attack - x.Encode(paddedBlock, paddedBlock.size()); - return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters); -} - -void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters) const -{ - if (plaintextLength > FixedMaxPlaintextLength()) - { - if (FixedMaxPlaintextLength() < 1) - throw InvalidArgument(AlgorithmName() + ": this key is too short to encrypt any messages"); - else - throw InvalidArgument(AlgorithmName() + ": message length of " + IntToString(plaintextLength) + " exceeds the maximum of " + IntToString(FixedMaxPlaintextLength()) + " for this public key"); - } - - SecByteBlock paddedBlock(PaddedBlockByteLength()); - GetMessageEncodingInterface().Pad(rng, plaintext, plaintextLength, paddedBlock, PaddedBlockBitLength(), parameters); - GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, Integer(paddedBlock, paddedBlock.size())).Encode(ciphertext, FixedCiphertextLength()); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/pubkey.h b/cryptopp562/pubkey.h deleted file mode 100644 index 3a3f3bc..0000000 --- a/cryptopp562/pubkey.h +++ /dev/null @@ -1,1678 +0,0 @@ -// pubkey.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_PUBKEY_H -#define CRYPTOPP_PUBKEY_H - -/** \file - - This file contains helper classes/functions for implementing public key algorithms. - - The class hierachies in this .h file tend to look like this: -<pre> - x1 - / \ - y1 z1 - | | - x2<y1> x2<z1> - | | - y2 z2 - | | - x3<y2> x3<z2> - | | - y3 z3 -</pre> - - x1, y1, z1 are abstract interface classes defined in cryptlib.h - - x2, y2, z2 are implementations of the interfaces using "abstract policies", which - are pure virtual functions that should return interfaces to interchangeable algorithms. - These classes have "Base" suffixes. - - x3, y3, z3 hold actual algorithms and implement those virtual functions. - These classes have "Impl" suffixes. - - The "TF_" prefix means an implementation using trapdoor functions on integers. - The "DL_" prefix means an implementation using group operations (in groups where discrete log is hard). -*/ - -#include "modarith.h" -#include "filters.h" -#include "eprecomp.h" -#include "fips140.h" -#include "argnames.h" -#include <memory> - -// VC60 workaround: this macro is defined in shlobj.h and conflicts with a template parameter used in this file -#undef INTERFACE - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TrapdoorFunctionBounds -{ -public: - virtual ~TrapdoorFunctionBounds() {} - - virtual Integer PreimageBound() const =0; - virtual Integer ImageBound() const =0; - virtual Integer MaxPreimage() const {return --PreimageBound();} - virtual Integer MaxImage() const {return --ImageBound();} -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomizedTrapdoorFunction : public TrapdoorFunctionBounds -{ -public: - virtual Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const =0; - virtual bool IsRandomized() const {return true;} -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TrapdoorFunction : public RandomizedTrapdoorFunction -{ -public: - Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const - {return ApplyFunction(x);} - bool IsRandomized() const {return false;} - - virtual Integer ApplyFunction(const Integer &x) const =0; -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomizedTrapdoorFunctionInverse -{ -public: - virtual ~RandomizedTrapdoorFunctionInverse() {} - - virtual Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const =0; - virtual bool IsRandomized() const {return true;} -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TrapdoorFunctionInverse : public RandomizedTrapdoorFunctionInverse -{ -public: - virtual ~TrapdoorFunctionInverse() {} - - Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const - {return CalculateInverse(rng, x);} - bool IsRandomized() const {return false;} - - virtual Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const =0; -}; - -// ******************************************************** - -//! message encoding method for public key encryption -class CRYPTOPP_NO_VTABLE PK_EncryptionMessageEncodingMethod -{ -public: - virtual ~PK_EncryptionMessageEncodingMethod() {} - - virtual bool ParameterSupported(const char *name) const {return false;} - - //! max size of unpadded message in bytes, given max size of padded message in bits (1 less than size of modulus) - virtual size_t MaxUnpaddedLength(size_t paddedLength) const =0; - - virtual void Pad(RandomNumberGenerator &rng, const byte *raw, size_t inputLength, byte *padded, size_t paddedBitLength, const NameValuePairs ¶meters) const =0; - - virtual DecodingResult Unpad(const byte *padded, size_t paddedBitLength, byte *raw, const NameValuePairs ¶meters) const =0; -}; - -// ******************************************************** - -//! _ -template <class TFI, class MEI> -class CRYPTOPP_NO_VTABLE TF_Base -{ -protected: - virtual const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const =0; - - typedef TFI TrapdoorFunctionInterface; - virtual const TrapdoorFunctionInterface & GetTrapdoorFunctionInterface() const =0; - - typedef MEI MessageEncodingInterface; - virtual const MessageEncodingInterface & GetMessageEncodingInterface() const =0; -}; - -// ******************************************************** - -//! _ -template <class BASE> -class CRYPTOPP_NO_VTABLE PK_FixedLengthCryptoSystemImpl : public BASE -{ -public: - size_t MaxPlaintextLength(size_t ciphertextLength) const - {return ciphertextLength == FixedCiphertextLength() ? FixedMaxPlaintextLength() : 0;} - size_t CiphertextLength(size_t plaintextLength) const - {return plaintextLength <= FixedMaxPlaintextLength() ? FixedCiphertextLength() : 0;} - - virtual size_t FixedMaxPlaintextLength() const =0; - virtual size_t FixedCiphertextLength() const =0; -}; - -//! _ -template <class INTERFACE, class BASE> -class CRYPTOPP_NO_VTABLE TF_CryptoSystemBase : public PK_FixedLengthCryptoSystemImpl<INTERFACE>, protected BASE -{ -public: - bool ParameterSupported(const char *name) const {return this->GetMessageEncodingInterface().ParameterSupported(name);} - size_t FixedMaxPlaintextLength() const {return this->GetMessageEncodingInterface().MaxUnpaddedLength(PaddedBlockBitLength());} - size_t FixedCiphertextLength() const {return this->GetTrapdoorFunctionBounds().MaxImage().ByteCount();} - -protected: - size_t PaddedBlockByteLength() const {return BitsToBytes(PaddedBlockBitLength());} - size_t PaddedBlockBitLength() const {return this->GetTrapdoorFunctionBounds().PreimageBound().BitCount()-1;} -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TF_DecryptorBase : public TF_CryptoSystemBase<PK_Decryptor, TF_Base<TrapdoorFunctionInverse, PK_EncryptionMessageEncodingMethod> > -{ -public: - DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const; -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TF_EncryptorBase : public TF_CryptoSystemBase<PK_Encryptor, TF_Base<RandomizedTrapdoorFunction, PK_EncryptionMessageEncodingMethod> > -{ -public: - void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const; -}; - -// ******************************************************** - -typedef std::pair<const byte *, size_t> HashIdentifier; - -//! interface for message encoding method for public key signature schemes -class CRYPTOPP_NO_VTABLE PK_SignatureMessageEncodingMethod -{ -public: - virtual ~PK_SignatureMessageEncodingMethod() {} - - virtual size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const - {return 0;} - virtual size_t MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const - {return 0;} - - bool IsProbabilistic() const - {return true;} - bool AllowNonrecoverablePart() const - {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} - virtual bool RecoverablePartFirst() const - {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} - - // for verification, DL - virtual void ProcessSemisignature(HashTransformation &hash, const byte *semisignature, size_t semisignatureLength) const {} - - // for signature - virtual void ProcessRecoverableMessage(HashTransformation &hash, - const byte *recoverableMessage, size_t recoverableMessageLength, - const byte *presignature, size_t presignatureLength, - SecByteBlock &semisignature) const - { - if (RecoverablePartFirst()) - assert(!"ProcessRecoverableMessage() not implemented"); - } - - virtual void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const =0; - - virtual bool VerifyMessageRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const =0; - - virtual DecodingResult RecoverMessageFromRepresentative( // for TF - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength, - byte *recoveredMessage) const - {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} - - virtual DecodingResult RecoverMessageFromSemisignature( // for DL - HashTransformation &hash, HashIdentifier hashIdentifier, - const byte *presignature, size_t presignatureLength, - const byte *semisignature, size_t semisignatureLength, - byte *recoveredMessage) const - {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} - - // VC60 workaround - struct HashIdentifierLookup - { - template <class H> struct HashIdentifierLookup2 - { - static HashIdentifier CRYPTOPP_API Lookup() - { - return HashIdentifier((const byte *)NULL, 0); - } - }; - }; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_DeterministicSignatureMessageEncodingMethod : public PK_SignatureMessageEncodingMethod -{ -public: - bool VerifyMessageRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_RecoverableSignatureMessageEncodingMethod : public PK_SignatureMessageEncodingMethod -{ -public: - bool VerifyMessageRepresentative( - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; -}; - -class CRYPTOPP_DLL DL_SignatureMessageEncodingMethod_DSA : public PK_DeterministicSignatureMessageEncodingMethod -{ -public: - void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; -}; - -class CRYPTOPP_DLL DL_SignatureMessageEncodingMethod_NR : public PK_DeterministicSignatureMessageEncodingMethod -{ -public: - void ComputeMessageRepresentative(RandomNumberGenerator &rng, - const byte *recoverableMessage, size_t recoverableMessageLength, - HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, - byte *representative, size_t representativeBitLength) const; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_MessageAccumulatorBase : public PK_MessageAccumulator -{ -public: - PK_MessageAccumulatorBase() : m_empty(true) {} - - virtual HashTransformation & AccessHash() =0; - - void Update(const byte *input, size_t length) - { - AccessHash().Update(input, length); - m_empty = m_empty && length == 0; - } - - SecByteBlock m_recoverableMessage, m_representative, m_presignature, m_semisignature; - Integer m_k, m_s; - bool m_empty; -}; - -template <class HASH_ALGORITHM> -class PK_MessageAccumulatorImpl : public PK_MessageAccumulatorBase, protected ObjectHolder<HASH_ALGORITHM> -{ -public: - HashTransformation & AccessHash() {return this->m_object;} -}; - -//! _ -template <class INTERFACE, class BASE> -class CRYPTOPP_NO_VTABLE TF_SignatureSchemeBase : public INTERFACE, protected BASE -{ -public: - size_t SignatureLength() const - {return this->GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();} - size_t MaxRecoverableLength() const - {return this->GetMessageEncodingInterface().MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, GetDigestSize());} - size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const - {return this->MaxRecoverableLength();} - - bool IsProbabilistic() const - {return this->GetTrapdoorFunctionInterface().IsRandomized() || this->GetMessageEncodingInterface().IsProbabilistic();} - bool AllowNonrecoverablePart() const - {return this->GetMessageEncodingInterface().AllowNonrecoverablePart();} - bool RecoverablePartFirst() const - {return this->GetMessageEncodingInterface().RecoverablePartFirst();} - -protected: - size_t MessageRepresentativeLength() const {return BitsToBytes(MessageRepresentativeBitLength());} - size_t MessageRepresentativeBitLength() const {return this->GetTrapdoorFunctionBounds().ImageBound().BitCount()-1;} - virtual HashIdentifier GetHashIdentifier() const =0; - virtual size_t GetDigestSize() const =0; -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TF_SignerBase : public TF_SignatureSchemeBase<PK_Signer, TF_Base<RandomizedTrapdoorFunctionInverse, PK_SignatureMessageEncodingMethod> > -{ -public: - void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const; - size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const; -}; - -//! _ -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TF_VerifierBase : public TF_SignatureSchemeBase<PK_Verifier, TF_Base<TrapdoorFunction, PK_SignatureMessageEncodingMethod> > -{ -public: - void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const; - bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const; - DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &recoveryAccumulator) const; -}; - -// ******************************************************** - -//! _ -template <class T1, class T2, class T3> -struct TF_CryptoSchemeOptions -{ - typedef T1 AlgorithmInfo; - typedef T2 Keys; - typedef typename Keys::PrivateKey PrivateKey; - typedef typename Keys::PublicKey PublicKey; - typedef T3 MessageEncodingMethod; -}; - -//! _ -template <class T1, class T2, class T3, class T4> -struct TF_SignatureSchemeOptions : public TF_CryptoSchemeOptions<T1, T2, T3> -{ - typedef T4 HashFunction; -}; - -//! _ -template <class BASE, class SCHEME_OPTIONS, class KEY_CLASS> -class CRYPTOPP_NO_VTABLE TF_ObjectImplBase : public AlgorithmImpl<BASE, typename SCHEME_OPTIONS::AlgorithmInfo> -{ -public: - typedef SCHEME_OPTIONS SchemeOptions; - typedef KEY_CLASS KeyClass; - - PublicKey & AccessPublicKey() {return AccessKey();} - const PublicKey & GetPublicKey() const {return GetKey();} - - PrivateKey & AccessPrivateKey() {return AccessKey();} - const PrivateKey & GetPrivateKey() const {return GetKey();} - - virtual const KeyClass & GetKey() const =0; - virtual KeyClass & AccessKey() =0; - - const KeyClass & GetTrapdoorFunction() const {return GetKey();} - - PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const - { - return new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>; - } - PK_MessageAccumulator * NewVerificationAccumulator() const - { - return new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>; - } - -protected: - const typename BASE::MessageEncodingInterface & GetMessageEncodingInterface() const - {return Singleton<CPP_TYPENAME SCHEME_OPTIONS::MessageEncodingMethod>().Ref();} - const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const - {return GetKey();} - const typename BASE::TrapdoorFunctionInterface & GetTrapdoorFunctionInterface() const - {return GetKey();} - - // for signature scheme - HashIdentifier GetHashIdentifier() const - { - typedef CPP_TYPENAME SchemeOptions::MessageEncodingMethod::HashIdentifierLookup::template HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction> L; - return L::Lookup(); - } - size_t GetDigestSize() const - { - typedef CPP_TYPENAME SchemeOptions::HashFunction H; - return H::DIGESTSIZE; - } -}; - -//! _ -template <class BASE, class SCHEME_OPTIONS, class KEY> -class TF_ObjectImplExtRef : public TF_ObjectImplBase<BASE, SCHEME_OPTIONS, KEY> -{ -public: - TF_ObjectImplExtRef(const KEY *pKey = NULL) : m_pKey(pKey) {} - void SetKeyPtr(const KEY *pKey) {m_pKey = pKey;} - - const KEY & GetKey() const {return *m_pKey;} - KEY & AccessKey() {throw NotImplemented("TF_ObjectImplExtRef: cannot modify refererenced key");} - -private: - const KEY * m_pKey; -}; - -//! _ -template <class BASE, class SCHEME_OPTIONS, class KEY_CLASS> -class CRYPTOPP_NO_VTABLE TF_ObjectImpl : public TF_ObjectImplBase<BASE, SCHEME_OPTIONS, KEY_CLASS> -{ -public: - typedef KEY_CLASS KeyClass; - - const KeyClass & GetKey() const {return m_trapdoorFunction;} - KeyClass & AccessKey() {return m_trapdoorFunction;} - -private: - KeyClass m_trapdoorFunction; -}; - -//! _ -template <class SCHEME_OPTIONS> -class TF_DecryptorImpl : public TF_ObjectImpl<TF_DecryptorBase, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PrivateKey> -{ -}; - -//! _ -template <class SCHEME_OPTIONS> -class TF_EncryptorImpl : public TF_ObjectImpl<TF_EncryptorBase, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PublicKey> -{ -}; - -//! _ -template <class SCHEME_OPTIONS> -class TF_SignerImpl : public TF_ObjectImpl<TF_SignerBase, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PrivateKey> -{ -}; - -//! _ -template <class SCHEME_OPTIONS> -class TF_VerifierImpl : public TF_ObjectImpl<TF_VerifierBase, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PublicKey> -{ -}; - -// ******************************************************** - -//! _ -class CRYPTOPP_NO_VTABLE MaskGeneratingFunction -{ -public: - virtual ~MaskGeneratingFunction() {} - virtual void GenerateAndMask(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, bool mask = true) const =0; -}; - -CRYPTOPP_DLL void CRYPTOPP_API P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, const byte *derivationParams, size_t derivationParamsLength, bool mask, unsigned int counterStart); - -//! _ -class P1363_MGF1 : public MaskGeneratingFunction -{ -public: - static const char * CRYPTOPP_API StaticAlgorithmName() {return "MGF1";} - void GenerateAndMask(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, bool mask = true) const - { - P1363_MGF1KDF2_Common(hash, output, outputLength, input, inputLength, NULL, 0, mask, 0); - } -}; - -// ******************************************************** - -//! _ -template <class H> -class P1363_KDF2 -{ -public: - static void CRYPTOPP_API DeriveKey(byte *output, size_t outputLength, const byte *input, size_t inputLength, const byte *derivationParams, size_t derivationParamsLength) - { - H h; - P1363_MGF1KDF2_Common(h, output, outputLength, input, inputLength, derivationParams, derivationParamsLength, false, 1); - } -}; - -// ******************************************************** - -//! to be thrown by DecodeElement and AgreeWithStaticPrivateKey -class DL_BadElement : public InvalidDataFormat -{ -public: - DL_BadElement() : InvalidDataFormat("CryptoPP: invalid group element") {} -}; - -//! interface for DL group parameters -template <class T> -class CRYPTOPP_NO_VTABLE DL_GroupParameters : public CryptoParameters -{ - typedef DL_GroupParameters<T> ThisClass; - -public: - typedef T Element; - - DL_GroupParameters() : m_validationLevel(0) {} - - // CryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const - { - if (!GetBasePrecomputation().IsInitialized()) - return false; - - if (m_validationLevel > level) - return true; - - bool pass = ValidateGroup(rng, level); - pass = pass && ValidateElement(level, GetSubgroupGenerator(), &GetBasePrecomputation()); - - m_validationLevel = pass ? level+1 : 0; - - return pass; - } - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper(this, name, valueType, pValue) - CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupOrder) - CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupGenerator) - ; - } - - bool SupportsPrecomputation() const {return true;} - - void Precompute(unsigned int precomputationStorage=16) - { - AccessBasePrecomputation().Precompute(GetGroupPrecomputation(), GetSubgroupOrder().BitCount(), precomputationStorage); - } - - void LoadPrecomputation(BufferedTransformation &storedPrecomputation) - { - AccessBasePrecomputation().Load(GetGroupPrecomputation(), storedPrecomputation); - m_validationLevel = 0; - } - - void SavePrecomputation(BufferedTransformation &storedPrecomputation) const - { - GetBasePrecomputation().Save(GetGroupPrecomputation(), storedPrecomputation); - } - - // non-inherited - virtual const Element & GetSubgroupGenerator() const {return GetBasePrecomputation().GetBase(GetGroupPrecomputation());} - virtual void SetSubgroupGenerator(const Element &base) {AccessBasePrecomputation().SetBase(GetGroupPrecomputation(), base);} - virtual Element ExponentiateBase(const Integer &exponent) const - { - return GetBasePrecomputation().Exponentiate(GetGroupPrecomputation(), exponent); - } - virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const - { - Element result; - SimultaneousExponentiate(&result, base, &exponent, 1); - return result; - } - - virtual const DL_GroupPrecomputation<Element> & GetGroupPrecomputation() const =0; - virtual const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const =0; - virtual DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() =0; - virtual const Integer & GetSubgroupOrder() const =0; // order of subgroup generated by base element - virtual Integer GetMaxExponent() const =0; - virtual Integer GetGroupOrder() const {return GetSubgroupOrder()*GetCofactor();} // one of these two needs to be overriden - virtual Integer GetCofactor() const {return GetGroupOrder()/GetSubgroupOrder();} - virtual unsigned int GetEncodedElementSize(bool reversible) const =0; - virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0; - virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0; - virtual Integer ConvertElementToInteger(const Element &element) const =0; - virtual bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const =0; - virtual bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation<Element> *precomp) const =0; - virtual bool FastSubgroupCheckAvailable() const =0; - virtual bool IsIdentity(const Element &element) const =0; - virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const =0; - -protected: - void ParametersChanged() {m_validationLevel = 0;} - -private: - mutable unsigned int m_validationLevel; -}; - -//! _ -template <class GROUP_PRECOMP, class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element>, class BASE = DL_GroupParameters<CPP_TYPENAME GROUP_PRECOMP::Element> > -class DL_GroupParametersImpl : public BASE -{ -public: - typedef GROUP_PRECOMP GroupPrecomputation; - typedef typename GROUP_PRECOMP::Element Element; - typedef BASE_PRECOMP BasePrecomputation; - - const DL_GroupPrecomputation<Element> & GetGroupPrecomputation() const {return m_groupPrecomputation;} - const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return m_gpc;} - DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return m_gpc;} - -protected: - GROUP_PRECOMP m_groupPrecomputation; - BASE_PRECOMP m_gpc; -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DL_Key -{ -public: - virtual const DL_GroupParameters<T> & GetAbstractGroupParameters() const =0; - virtual DL_GroupParameters<T> & AccessAbstractGroupParameters() =0; -}; - -//! interface for DL public keys -template <class T> -class CRYPTOPP_NO_VTABLE DL_PublicKey : public DL_Key<T> -{ - typedef DL_PublicKey<T> ThisClass; - -public: - typedef T Element; - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper(this, name, valueType, pValue, &this->GetAbstractGroupParameters()) - CRYPTOPP_GET_FUNCTION_ENTRY(PublicElement); - } - - void AssignFrom(const NameValuePairs &source); - - // non-inherited - virtual const Element & GetPublicElement() const {return GetPublicPrecomputation().GetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation());} - virtual void SetPublicElement(const Element &y) {AccessPublicPrecomputation().SetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation(), y);} - virtual Element ExponentiatePublicElement(const Integer &exponent) const - { - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - return GetPublicPrecomputation().Exponentiate(params.GetGroupPrecomputation(), exponent); - } - virtual Element CascadeExponentiateBaseAndPublicElement(const Integer &baseExp, const Integer &publicExp) const - { - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - return params.GetBasePrecomputation().CascadeExponentiate(params.GetGroupPrecomputation(), baseExp, GetPublicPrecomputation(), publicExp); - } - - virtual const DL_FixedBasePrecomputation<T> & GetPublicPrecomputation() const =0; - virtual DL_FixedBasePrecomputation<T> & AccessPublicPrecomputation() =0; -}; - -//! interface for DL private keys -template <class T> -class CRYPTOPP_NO_VTABLE DL_PrivateKey : public DL_Key<T> -{ - typedef DL_PrivateKey<T> ThisClass; - -public: - typedef T Element; - - void MakePublicKey(DL_PublicKey<T> &pub) const - { - pub.AccessAbstractGroupParameters().AssignFrom(this->GetAbstractGroupParameters()); - pub.SetPublicElement(this->GetAbstractGroupParameters().ExponentiateBase(GetPrivateExponent())); - } - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper(this, name, valueType, pValue, &this->GetAbstractGroupParameters()) - CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent); - } - - void AssignFrom(const NameValuePairs &source) - { - this->AccessAbstractGroupParameters().AssignFrom(source); - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent); - } - - virtual const Integer & GetPrivateExponent() const =0; - virtual void SetPrivateExponent(const Integer &x) =0; -}; - -template <class T> -void DL_PublicKey<T>::AssignFrom(const NameValuePairs &source) -{ - DL_PrivateKey<T> *pPrivateKey = NULL; - if (source.GetThisPointer(pPrivateKey)) - pPrivateKey->MakePublicKey(*this); - else - { - this->AccessAbstractGroupParameters().AssignFrom(source); - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(PublicElement); - } -} - -class OID; - -//! _ -template <class PK, class GP, class O = OID> -class DL_KeyImpl : public PK -{ -public: - typedef GP GroupParameters; - - O GetAlgorithmID() const {return GetGroupParameters().GetAlgorithmID();} -// void BERDecode(BufferedTransformation &bt) -// {PK::BERDecode(bt);} -// void DEREncode(BufferedTransformation &bt) const -// {PK::DEREncode(bt);} - bool BERDecodeAlgorithmParameters(BufferedTransformation &bt) - {AccessGroupParameters().BERDecode(bt); return true;} - bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const - {GetGroupParameters().DEREncode(bt); return true;} - - const GP & GetGroupParameters() const {return m_groupParameters;} - GP & AccessGroupParameters() {return m_groupParameters;} - -private: - GP m_groupParameters; -}; - -class X509PublicKey; -class PKCS8PrivateKey; - -//! _ -template <class GP> -class DL_PrivateKeyImpl : public DL_PrivateKey<CPP_TYPENAME GP::Element>, public DL_KeyImpl<PKCS8PrivateKey, GP> -{ -public: - typedef typename GP::Element Element; - - // GeneratableCryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const - { - bool pass = GetAbstractGroupParameters().Validate(rng, level); - - const Integer &q = GetAbstractGroupParameters().GetSubgroupOrder(); - const Integer &x = GetPrivateExponent(); - - pass = pass && x.IsPositive() && x < q; - if (level >= 1) - pass = pass && Integer::Gcd(x, q) == Integer::One(); - return pass; - } - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper<DL_PrivateKey<Element> >(this, name, valueType, pValue).Assignable(); - } - - void AssignFrom(const NameValuePairs &source) - { - AssignFromHelper<DL_PrivateKey<Element> >(this, source); - } - - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms) - { - if (!params.GetThisObject(this->AccessGroupParameters())) - this->AccessGroupParameters().GenerateRandom(rng, params); -// std::pair<const byte *, int> seed; - Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent()); -// Integer::ANY, Integer::Zero(), Integer::One(), -// params.GetValue("DeterministicKeyGenerationSeed", seed) ? &seed : NULL); - SetPrivateExponent(x); - } - - bool SupportsPrecomputation() const {return true;} - - void Precompute(unsigned int precomputationStorage=16) - {AccessAbstractGroupParameters().Precompute(precomputationStorage);} - - void LoadPrecomputation(BufferedTransformation &storedPrecomputation) - {AccessAbstractGroupParameters().LoadPrecomputation(storedPrecomputation);} - - void SavePrecomputation(BufferedTransformation &storedPrecomputation) const - {GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);} - - // DL_Key - const DL_GroupParameters<Element> & GetAbstractGroupParameters() const {return this->GetGroupParameters();} - DL_GroupParameters<Element> & AccessAbstractGroupParameters() {return this->AccessGroupParameters();} - - // DL_PrivateKey - const Integer & GetPrivateExponent() const {return m_x;} - void SetPrivateExponent(const Integer &x) {m_x = x;} - - // PKCS8PrivateKey - void BERDecodePrivateKey(BufferedTransformation &bt, bool, size_t) - {m_x.BERDecode(bt);} - void DEREncodePrivateKey(BufferedTransformation &bt) const - {m_x.DEREncode(bt);} - -private: - Integer m_x; -}; - -//! _ -template <class BASE, class SIGNATURE_SCHEME> -class DL_PrivateKey_WithSignaturePairwiseConsistencyTest : public BASE -{ -public: - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms) - { - BASE::GenerateRandom(rng, params); - - if (FIPS_140_2_ComplianceEnabled()) - { - typename SIGNATURE_SCHEME::Signer signer(*this); - typename SIGNATURE_SCHEME::Verifier verifier(signer); - SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier); - } - } -}; - -//! _ -template <class GP> -class DL_PublicKeyImpl : public DL_PublicKey<typename GP::Element>, public DL_KeyImpl<X509PublicKey, GP> -{ -public: - typedef typename GP::Element Element; - - // CryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const - { - bool pass = GetAbstractGroupParameters().Validate(rng, level); - pass = pass && GetAbstractGroupParameters().ValidateElement(level, this->GetPublicElement(), &GetPublicPrecomputation()); - return pass; - } - - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - { - return GetValueHelper<DL_PublicKey<Element> >(this, name, valueType, pValue).Assignable(); - } - - void AssignFrom(const NameValuePairs &source) - { - AssignFromHelper<DL_PublicKey<Element> >(this, source); - } - - bool SupportsPrecomputation() const {return true;} - - void Precompute(unsigned int precomputationStorage=16) - { - AccessAbstractGroupParameters().Precompute(precomputationStorage); - AccessPublicPrecomputation().Precompute(GetAbstractGroupParameters().GetGroupPrecomputation(), GetAbstractGroupParameters().GetSubgroupOrder().BitCount(), precomputationStorage); - } - - void LoadPrecomputation(BufferedTransformation &storedPrecomputation) - { - AccessAbstractGroupParameters().LoadPrecomputation(storedPrecomputation); - AccessPublicPrecomputation().Load(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation); - } - - void SavePrecomputation(BufferedTransformation &storedPrecomputation) const - { - GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation); - GetPublicPrecomputation().Save(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation); - } - - // DL_Key - const DL_GroupParameters<Element> & GetAbstractGroupParameters() const {return this->GetGroupParameters();} - DL_GroupParameters<Element> & AccessAbstractGroupParameters() {return this->AccessGroupParameters();} - - // DL_PublicKey - const DL_FixedBasePrecomputation<Element> & GetPublicPrecomputation() const {return m_ypc;} - DL_FixedBasePrecomputation<Element> & AccessPublicPrecomputation() {return m_ypc;} - - // non-inherited - bool operator==(const DL_PublicKeyImpl<GP> &rhs) const - {return this->GetGroupParameters() == rhs.GetGroupParameters() && this->GetPublicElement() == rhs.GetPublicElement();} - -private: - typename GP::BasePrecomputation m_ypc; -}; - -//! interface for Elgamal-like signature algorithms -template <class T> -class CRYPTOPP_NO_VTABLE DL_ElgamalLikeSignatureAlgorithm -{ -public: - virtual void Sign(const DL_GroupParameters<T> ¶ms, const Integer &privateKey, const Integer &k, const Integer &e, Integer &r, Integer &s) const =0; - virtual bool Verify(const DL_GroupParameters<T> ¶ms, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const =0; - virtual Integer RecoverPresignature(const DL_GroupParameters<T> ¶ms, const DL_PublicKey<T> &publicKey, const Integer &r, const Integer &s) const - {throw NotImplemented("DL_ElgamalLikeSignatureAlgorithm: this signature scheme does not support message recovery");} - virtual size_t RLen(const DL_GroupParameters<T> ¶ms) const - {return params.GetSubgroupOrder().ByteCount();} - virtual size_t SLen(const DL_GroupParameters<T> ¶ms) const - {return params.GetSubgroupOrder().ByteCount();} -}; - -//! interface for DL key agreement algorithms -template <class T> -class CRYPTOPP_NO_VTABLE DL_KeyAgreementAlgorithm -{ -public: - typedef T Element; - - virtual Element AgreeWithEphemeralPrivateKey(const DL_GroupParameters<Element> ¶ms, const DL_FixedBasePrecomputation<Element> &publicPrecomputation, const Integer &privateExponent) const =0; - virtual Element AgreeWithStaticPrivateKey(const DL_GroupParameters<Element> ¶ms, const Element &publicElement, bool validateOtherPublicKey, const Integer &privateExponent) const =0; -}; - -//! interface for key derivation algorithms used in DL cryptosystems -template <class T> -class CRYPTOPP_NO_VTABLE DL_KeyDerivationAlgorithm -{ -public: - virtual bool ParameterSupported(const char *name) const {return false;} - virtual void Derive(const DL_GroupParameters<T> &groupParams, byte *derivedKey, size_t derivedLength, const T &agreedElement, const T &ephemeralPublicKey, const NameValuePairs &derivationParams) const =0; -}; - -//! interface for symmetric encryption algorithms used in DL cryptosystems -class CRYPTOPP_NO_VTABLE DL_SymmetricEncryptionAlgorithm -{ -public: - virtual bool ParameterSupported(const char *name) const {return false;} - virtual size_t GetSymmetricKeyLength(size_t plaintextLength) const =0; - virtual size_t GetSymmetricCiphertextLength(size_t plaintextLength) const =0; - virtual size_t GetMaxSymmetricPlaintextLength(size_t ciphertextLength) const =0; - virtual void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters) const =0; - virtual DecodingResult SymmetricDecrypt(const byte *key, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const =0; -}; - -//! _ -template <class KI> -class CRYPTOPP_NO_VTABLE DL_Base -{ -protected: - typedef KI KeyInterface; - typedef typename KI::Element Element; - - const DL_GroupParameters<Element> & GetAbstractGroupParameters() const {return GetKeyInterface().GetAbstractGroupParameters();} - DL_GroupParameters<Element> & AccessAbstractGroupParameters() {return AccessKeyInterface().AccessAbstractGroupParameters();} - - virtual KeyInterface & AccessKeyInterface() =0; - virtual const KeyInterface & GetKeyInterface() const =0; -}; - -//! _ -template <class INTERFACE, class KEY_INTERFACE> -class CRYPTOPP_NO_VTABLE DL_SignatureSchemeBase : public INTERFACE, public DL_Base<KEY_INTERFACE> -{ -public: - size_t SignatureLength() const - { - return GetSignatureAlgorithm().RLen(this->GetAbstractGroupParameters()) - + GetSignatureAlgorithm().SLen(this->GetAbstractGroupParameters()); - } - size_t MaxRecoverableLength() const - {return GetMessageEncodingInterface().MaxRecoverableLength(0, GetHashIdentifier().second, GetDigestSize());} - size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const - {assert(false); return 0;} // TODO - - bool IsProbabilistic() const - {return true;} - bool AllowNonrecoverablePart() const - {return GetMessageEncodingInterface().AllowNonrecoverablePart();} - bool RecoverablePartFirst() const - {return GetMessageEncodingInterface().RecoverablePartFirst();} - -protected: - size_t MessageRepresentativeLength() const {return BitsToBytes(MessageRepresentativeBitLength());} - size_t MessageRepresentativeBitLength() const {return this->GetAbstractGroupParameters().GetSubgroupOrder().BitCount();} - - virtual const DL_ElgamalLikeSignatureAlgorithm<CPP_TYPENAME KEY_INTERFACE::Element> & GetSignatureAlgorithm() const =0; - virtual const PK_SignatureMessageEncodingMethod & GetMessageEncodingInterface() const =0; - virtual HashIdentifier GetHashIdentifier() const =0; - virtual size_t GetDigestSize() const =0; -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DL_SignerBase : public DL_SignatureSchemeBase<PK_Signer, DL_PrivateKey<T> > -{ -public: - // for validation testing - void RawSign(const Integer &k, const Integer &e, Integer &r, Integer &s) const - { - const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - const DL_PrivateKey<T> &key = this->GetKeyInterface(); - - r = params.ConvertElementToInteger(params.ExponentiateBase(k)); - alg.Sign(params, key.GetPrivateExponent(), k, e, r, s); - } - - void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const - { - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength); - this->GetMessageEncodingInterface().ProcessRecoverableMessage(ma.AccessHash(), - recoverableMessage, recoverableMessageLength, - ma.m_presignature, ma.m_presignature.size(), - ma.m_semisignature); - } - - size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const - { - this->GetMaterial().DoQuickSanityCheck(); - - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - const DL_PrivateKey<T> &key = this->GetKeyInterface(); - - SecByteBlock representative(this->MessageRepresentativeLength()); - this->GetMessageEncodingInterface().ComputeMessageRepresentative( - rng, - ma.m_recoverableMessage, ma.m_recoverableMessage.size(), - ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty, - representative, this->MessageRepresentativeBitLength()); - ma.m_empty = true; - Integer e(representative, representative.size()); - - // hash message digest into random number k to prevent reusing the same k on a different messages - // after virtual machine rollback - if (rng.CanIncorporateEntropy()) - rng.IncorporateEntropy(representative, representative.size()); - Integer k(rng, 1, params.GetSubgroupOrder()-1); - Integer r, s; - r = params.ConvertElementToInteger(params.ExponentiateBase(k)); - alg.Sign(params, key.GetPrivateExponent(), k, e, r, s); - - /* - Integer r, s; - if (this->MaxRecoverableLength() > 0) - r.Decode(ma.m_semisignature, ma.m_semisignature.size()); - else - r.Decode(ma.m_presignature, ma.m_presignature.size()); - alg.Sign(params, key.GetPrivateExponent(), ma.m_k, e, r, s); - */ - - size_t rLen = alg.RLen(params); - r.Encode(signature, rLen); - s.Encode(signature+rLen, alg.SLen(params)); - - if (restart) - RestartMessageAccumulator(rng, ma); - - return this->SignatureLength(); - } - -protected: - void RestartMessageAccumulator(RandomNumberGenerator &rng, PK_MessageAccumulatorBase &ma) const - { - // k needs to be generated before hashing for signature schemes with recovery - // but to defend against VM rollbacks we need to generate k after hashing. - // so this code is commented out, since no DL-based signature scheme with recovery - // has been implemented in Crypto++ anyway - /* - const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - ma.m_k.Randomize(rng, 1, params.GetSubgroupOrder()-1); - ma.m_presignature.New(params.GetEncodedElementSize(false)); - params.ConvertElementToInteger(params.ExponentiateBase(ma.m_k)).Encode(ma.m_presignature, ma.m_presignature.size()); - */ - } -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DL_VerifierBase : public DL_SignatureSchemeBase<PK_Verifier, DL_PublicKey<T> > -{ -public: - void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const - { - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - - size_t rLen = alg.RLen(params); - ma.m_semisignature.Assign(signature, rLen); - ma.m_s.Decode(signature+rLen, alg.SLen(params)); - - this->GetMessageEncodingInterface().ProcessSemisignature(ma.AccessHash(), ma.m_semisignature, ma.m_semisignature.size()); - } - - bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const - { - this->GetMaterial().DoQuickSanityCheck(); - - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - const DL_PublicKey<T> &key = this->GetKeyInterface(); - - SecByteBlock representative(this->MessageRepresentativeLength()); - this->GetMessageEncodingInterface().ComputeMessageRepresentative(NullRNG(), ma.m_recoverableMessage, ma.m_recoverableMessage.size(), - ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty, - representative, this->MessageRepresentativeBitLength()); - ma.m_empty = true; - Integer e(representative, representative.size()); - - Integer r(ma.m_semisignature, ma.m_semisignature.size()); - return alg.Verify(params, key, e, r, ma.m_s); - } - - DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const - { - this->GetMaterial().DoQuickSanityCheck(); - - PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); - const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - const DL_PublicKey<T> &key = this->GetKeyInterface(); - - SecByteBlock representative(this->MessageRepresentativeLength()); - this->GetMessageEncodingInterface().ComputeMessageRepresentative( - NullRNG(), - ma.m_recoverableMessage, ma.m_recoverableMessage.size(), - ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty, - representative, this->MessageRepresentativeBitLength()); - ma.m_empty = true; - Integer e(representative, representative.size()); - - ma.m_presignature.New(params.GetEncodedElementSize(false)); - Integer r(ma.m_semisignature, ma.m_semisignature.size()); - alg.RecoverPresignature(params, key, r, ma.m_s).Encode(ma.m_presignature, ma.m_presignature.size()); - - return this->GetMessageEncodingInterface().RecoverMessageFromSemisignature( - ma.AccessHash(), this->GetHashIdentifier(), - ma.m_presignature, ma.m_presignature.size(), - ma.m_semisignature, ma.m_semisignature.size(), - recoveredMessage); - } -}; - -//! _ -template <class PK, class KI> -class CRYPTOPP_NO_VTABLE DL_CryptoSystemBase : public PK, public DL_Base<KI> -{ -public: - typedef typename DL_Base<KI>::Element Element; - - size_t MaxPlaintextLength(size_t ciphertextLength) const - { - unsigned int minLen = this->GetAbstractGroupParameters().GetEncodedElementSize(true); - return ciphertextLength < minLen ? 0 : GetSymmetricEncryptionAlgorithm().GetMaxSymmetricPlaintextLength(ciphertextLength - minLen); - } - - size_t CiphertextLength(size_t plaintextLength) const - { - size_t len = GetSymmetricEncryptionAlgorithm().GetSymmetricCiphertextLength(plaintextLength); - return len == 0 ? 0 : this->GetAbstractGroupParameters().GetEncodedElementSize(true) + len; - } - - bool ParameterSupported(const char *name) const - {return GetKeyDerivationAlgorithm().ParameterSupported(name) || GetSymmetricEncryptionAlgorithm().ParameterSupported(name);} - -protected: - virtual const DL_KeyAgreementAlgorithm<Element> & GetKeyAgreementAlgorithm() const =0; - virtual const DL_KeyDerivationAlgorithm<Element> & GetKeyDerivationAlgorithm() const =0; - virtual const DL_SymmetricEncryptionAlgorithm & GetSymmetricEncryptionAlgorithm() const =0; -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DL_DecryptorBase : public DL_CryptoSystemBase<PK_Decryptor, DL_PrivateKey<T> > -{ -public: - typedef T Element; - - DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const - { - try - { - const DL_KeyAgreementAlgorithm<T> &agreeAlg = this->GetKeyAgreementAlgorithm(); - const DL_KeyDerivationAlgorithm<T> &derivAlg = this->GetKeyDerivationAlgorithm(); - const DL_SymmetricEncryptionAlgorithm &encAlg = this->GetSymmetricEncryptionAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - const DL_PrivateKey<T> &key = this->GetKeyInterface(); - - Element q = params.DecodeElement(ciphertext, true); - size_t elementSize = params.GetEncodedElementSize(true); - ciphertext += elementSize; - ciphertextLength -= elementSize; - - Element z = agreeAlg.AgreeWithStaticPrivateKey(params, q, true, key.GetPrivateExponent()); - - SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(encAlg.GetMaxSymmetricPlaintextLength(ciphertextLength))); - derivAlg.Derive(params, derivedKey, derivedKey.size(), z, q, parameters); - - return encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters); - } - catch (DL_BadElement &) - { - return DecodingResult(); - } - } -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DL_EncryptorBase : public DL_CryptoSystemBase<PK_Encryptor, DL_PublicKey<T> > -{ -public: - typedef T Element; - - void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const - { - const DL_KeyAgreementAlgorithm<T> &agreeAlg = this->GetKeyAgreementAlgorithm(); - const DL_KeyDerivationAlgorithm<T> &derivAlg = this->GetKeyDerivationAlgorithm(); - const DL_SymmetricEncryptionAlgorithm &encAlg = this->GetSymmetricEncryptionAlgorithm(); - const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters(); - const DL_PublicKey<T> &key = this->GetKeyInterface(); - - Integer x(rng, Integer::One(), params.GetMaxExponent()); - Element q = params.ExponentiateBase(x); - params.EncodeElement(true, q, ciphertext); - unsigned int elementSize = params.GetEncodedElementSize(true); - ciphertext += elementSize; - - Element z = agreeAlg.AgreeWithEphemeralPrivateKey(params, key.GetPublicPrecomputation(), x); - - SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(plaintextLength)); - derivAlg.Derive(params, derivedKey, derivedKey.size(), z, q, parameters); - - encAlg.SymmetricEncrypt(rng, derivedKey, plaintext, plaintextLength, ciphertext, parameters); - } -}; - -//! _ -template <class T1, class T2> -struct DL_SchemeOptionsBase -{ - typedef T1 AlgorithmInfo; - typedef T2 GroupParameters; - typedef typename GroupParameters::Element Element; -}; - -//! _ -template <class T1, class T2> -struct DL_KeyedSchemeOptions : public DL_SchemeOptionsBase<T1, typename T2::PublicKey::GroupParameters> -{ - typedef T2 Keys; - typedef typename Keys::PrivateKey PrivateKey; - typedef typename Keys::PublicKey PublicKey; -}; - -//! _ -template <class T1, class T2, class T3, class T4, class T5> -struct DL_SignatureSchemeOptions : public DL_KeyedSchemeOptions<T1, T2> -{ - typedef T3 SignatureAlgorithm; - typedef T4 MessageEncodingMethod; - typedef T5 HashFunction; -}; - -//! _ -template <class T1, class T2, class T3, class T4, class T5> -struct DL_CryptoSchemeOptions : public DL_KeyedSchemeOptions<T1, T2> -{ - typedef T3 KeyAgreementAlgorithm; - typedef T4 KeyDerivationAlgorithm; - typedef T5 SymmetricEncryptionAlgorithm; -}; - -//! _ -template <class BASE, class SCHEME_OPTIONS, class KEY> -class CRYPTOPP_NO_VTABLE DL_ObjectImplBase : public AlgorithmImpl<BASE, typename SCHEME_OPTIONS::AlgorithmInfo> -{ -public: - typedef SCHEME_OPTIONS SchemeOptions; - typedef typename KEY::Element Element; - - PrivateKey & AccessPrivateKey() {return m_key;} - PublicKey & AccessPublicKey() {return m_key;} - - // KeyAccessor - const KEY & GetKey() const {return m_key;} - KEY & AccessKey() {return m_key;} - -protected: - typename BASE::KeyInterface & AccessKeyInterface() {return m_key;} - const typename BASE::KeyInterface & GetKeyInterface() const {return m_key;} - - // for signature scheme - HashIdentifier GetHashIdentifier() const - { - typedef typename SchemeOptions::MessageEncodingMethod::HashIdentifierLookup HashLookup; - return HashLookup::template HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction>::Lookup(); - } - size_t GetDigestSize() const - { - typedef CPP_TYPENAME SchemeOptions::HashFunction H; - return H::DIGESTSIZE; - } - -private: - KEY m_key; -}; - -//! _ -template <class BASE, class SCHEME_OPTIONS, class KEY> -class CRYPTOPP_NO_VTABLE DL_ObjectImpl : public DL_ObjectImplBase<BASE, SCHEME_OPTIONS, KEY> -{ -public: - typedef typename KEY::Element Element; - -protected: - const DL_ElgamalLikeSignatureAlgorithm<Element> & GetSignatureAlgorithm() const - {return Singleton<CPP_TYPENAME SCHEME_OPTIONS::SignatureAlgorithm>().Ref();} - const DL_KeyAgreementAlgorithm<Element> & GetKeyAgreementAlgorithm() const - {return Singleton<CPP_TYPENAME SCHEME_OPTIONS::KeyAgreementAlgorithm>().Ref();} - const DL_KeyDerivationAlgorithm<Element> & GetKeyDerivationAlgorithm() const - {return Singleton<CPP_TYPENAME SCHEME_OPTIONS::KeyDerivationAlgorithm>().Ref();} - const DL_SymmetricEncryptionAlgorithm & GetSymmetricEncryptionAlgorithm() const - {return Singleton<CPP_TYPENAME SCHEME_OPTIONS::SymmetricEncryptionAlgorithm>().Ref();} - HashIdentifier GetHashIdentifier() const - {return HashIdentifier();} - const PK_SignatureMessageEncodingMethod & GetMessageEncodingInterface() const - {return Singleton<CPP_TYPENAME SCHEME_OPTIONS::MessageEncodingMethod>().Ref();} -}; - -//! _ -template <class SCHEME_OPTIONS> -class DL_SignerImpl : public DL_ObjectImpl<DL_SignerBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PrivateKey> -{ -public: - PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const - { - std::auto_ptr<PK_MessageAccumulatorBase> p(new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>); - this->RestartMessageAccumulator(rng, *p); - return p.release(); - } -}; - -//! _ -template <class SCHEME_OPTIONS> -class DL_VerifierImpl : public DL_ObjectImpl<DL_VerifierBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PublicKey> -{ -public: - PK_MessageAccumulator * NewVerificationAccumulator() const - { - return new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>; - } -}; - -//! _ -template <class SCHEME_OPTIONS> -class DL_EncryptorImpl : public DL_ObjectImpl<DL_EncryptorBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PublicKey> -{ -}; - -//! _ -template <class SCHEME_OPTIONS> -class DL_DecryptorImpl : public DL_ObjectImpl<DL_DecryptorBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PrivateKey> -{ -}; - -// ******************************************************** - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE DL_SimpleKeyAgreementDomainBase : public SimpleKeyAgreementDomain -{ -public: - typedef T Element; - - CryptoParameters & AccessCryptoParameters() {return AccessAbstractGroupParameters();} - unsigned int AgreedValueLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(false);} - unsigned int PrivateKeyLength() const {return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();} - unsigned int PublicKeyLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(true);} - - void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const - { - Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent()); - x.Encode(privateKey, PrivateKeyLength()); - } - - void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const - { - const DL_GroupParameters<T> ¶ms = GetAbstractGroupParameters(); - Integer x(privateKey, PrivateKeyLength()); - Element y = params.ExponentiateBase(x); - params.EncodeElement(true, y, publicKey); - } - - bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const - { - try - { - const DL_GroupParameters<T> ¶ms = GetAbstractGroupParameters(); - Integer x(privateKey, PrivateKeyLength()); - Element w = params.DecodeElement(otherPublicKey, validateOtherPublicKey); - - Element z = GetKeyAgreementAlgorithm().AgreeWithStaticPrivateKey( - GetAbstractGroupParameters(), w, validateOtherPublicKey, x); - params.EncodeElement(false, z, agreedValue); - } - catch (DL_BadElement &) - { - return false; - } - return true; - } - - const Element &GetGenerator() const {return GetAbstractGroupParameters().GetSubgroupGenerator();} - -protected: - virtual const DL_KeyAgreementAlgorithm<Element> & GetKeyAgreementAlgorithm() const =0; - virtual DL_GroupParameters<Element> & AccessAbstractGroupParameters() =0; - const DL_GroupParameters<Element> & GetAbstractGroupParameters() const {return const_cast<DL_SimpleKeyAgreementDomainBase<Element> *>(this)->AccessAbstractGroupParameters();} -}; - -enum CofactorMultiplicationOption {NO_COFACTOR_MULTIPLICTION, COMPATIBLE_COFACTOR_MULTIPLICTION, INCOMPATIBLE_COFACTOR_MULTIPLICTION}; -typedef EnumToType<CofactorMultiplicationOption, NO_COFACTOR_MULTIPLICTION> NoCofactorMultiplication; -typedef EnumToType<CofactorMultiplicationOption, COMPATIBLE_COFACTOR_MULTIPLICTION> CompatibleCofactorMultiplication; -typedef EnumToType<CofactorMultiplicationOption, INCOMPATIBLE_COFACTOR_MULTIPLICTION> IncompatibleCofactorMultiplication; - -//! DH key agreement algorithm -template <class ELEMENT, class COFACTOR_OPTION> -class DL_KeyAgreementAlgorithm_DH : public DL_KeyAgreementAlgorithm<ELEMENT> -{ -public: - typedef ELEMENT Element; - - static const char * CRYPTOPP_API StaticAlgorithmName() - {return COFACTOR_OPTION::ToEnum() == INCOMPATIBLE_COFACTOR_MULTIPLICTION ? "DHC" : "DH";} - - Element AgreeWithEphemeralPrivateKey(const DL_GroupParameters<Element> ¶ms, const DL_FixedBasePrecomputation<Element> &publicPrecomputation, const Integer &privateExponent) const - { - return publicPrecomputation.Exponentiate(params.GetGroupPrecomputation(), - COFACTOR_OPTION::ToEnum() == INCOMPATIBLE_COFACTOR_MULTIPLICTION ? privateExponent*params.GetCofactor() : privateExponent); - } - - Element AgreeWithStaticPrivateKey(const DL_GroupParameters<Element> ¶ms, const Element &publicElement, bool validateOtherPublicKey, const Integer &privateExponent) const - { - if (COFACTOR_OPTION::ToEnum() == COMPATIBLE_COFACTOR_MULTIPLICTION) - { - const Integer &k = params.GetCofactor(); - return params.ExponentiateElement(publicElement, - ModularArithmetic(params.GetSubgroupOrder()).Divide(privateExponent, k)*k); - } - else if (COFACTOR_OPTION::ToEnum() == INCOMPATIBLE_COFACTOR_MULTIPLICTION) - return params.ExponentiateElement(publicElement, privateExponent*params.GetCofactor()); - else - { - assert(COFACTOR_OPTION::ToEnum() == NO_COFACTOR_MULTIPLICTION); - - if (!validateOtherPublicKey) - return params.ExponentiateElement(publicElement, privateExponent); - - if (params.FastSubgroupCheckAvailable()) - { - if (!params.ValidateElement(2, publicElement, NULL)) - throw DL_BadElement(); - return params.ExponentiateElement(publicElement, privateExponent); - } - else - { - const Integer e[2] = {params.GetSubgroupOrder(), privateExponent}; - Element r[2]; - params.SimultaneousExponentiate(r, publicElement, e, 2); - if (!params.IsIdentity(r[0])) - throw DL_BadElement(); - return r[1]; - } - } - } -}; - -// ******************************************************** - -//! A template implementing constructors for public key algorithm classes -template <class BASE> -class CRYPTOPP_NO_VTABLE PK_FinalTemplate : public BASE -{ -public: - PK_FinalTemplate() {} - - PK_FinalTemplate(const CryptoMaterial &key) - {this->AccessKey().AssignFrom(key);} - - PK_FinalTemplate(BufferedTransformation &bt) - {this->AccessKey().BERDecode(bt);} - - PK_FinalTemplate(const AsymmetricAlgorithm &algorithm) - {this->AccessKey().AssignFrom(algorithm.GetMaterial());} - - PK_FinalTemplate(const Integer &v1) - {this->AccessKey().Initialize(v1);} - -#if (defined(_MSC_VER) && _MSC_VER < 1300) - - template <class T1, class T2> - PK_FinalTemplate(T1 &v1, T2 &v2) - {this->AccessKey().Initialize(v1, v2);} - - template <class T1, class T2, class T3> - PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3) - {this->AccessKey().Initialize(v1, v2, v3);} - - template <class T1, class T2, class T3, class T4> - PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4) - {this->AccessKey().Initialize(v1, v2, v3, v4);} - - template <class T1, class T2, class T3, class T4, class T5> - PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5);} - - template <class T1, class T2, class T3, class T4, class T5, class T6> - PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);} - - template <class T1, class T2, class T3, class T4, class T5, class T6, class T7> - PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6, T7 &v7) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);} - - template <class T1, class T2, class T3, class T4, class T5, class T6, class T7, class T8> - PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6, T7 &v7, T8 &v8) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);} - -#else - - template <class T1, class T2> - PK_FinalTemplate(const T1 &v1, const T2 &v2) - {this->AccessKey().Initialize(v1, v2);} - - template <class T1, class T2, class T3> - PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3) - {this->AccessKey().Initialize(v1, v2, v3);} - - template <class T1, class T2, class T3, class T4> - PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4) - {this->AccessKey().Initialize(v1, v2, v3, v4);} - - template <class T1, class T2, class T3, class T4, class T5> - PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5);} - - template <class T1, class T2, class T3, class T4, class T5, class T6> - PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);} - - template <class T1, class T2, class T3, class T4, class T5, class T6, class T7> - PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6, const T7 &v7) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);} - - template <class T1, class T2, class T3, class T4, class T5, class T6, class T7, class T8> - PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6, const T7 &v7, const T8 &v8) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);} - - template <class T1, class T2> - PK_FinalTemplate(T1 &v1, const T2 &v2) - {this->AccessKey().Initialize(v1, v2);} - - template <class T1, class T2, class T3> - PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3) - {this->AccessKey().Initialize(v1, v2, v3);} - - template <class T1, class T2, class T3, class T4> - PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4) - {this->AccessKey().Initialize(v1, v2, v3, v4);} - - template <class T1, class T2, class T3, class T4, class T5> - PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5);} - - template <class T1, class T2, class T3, class T4, class T5, class T6> - PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);} - - template <class T1, class T2, class T3, class T4, class T5, class T6, class T7> - PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6, const T7 &v7) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);} - - template <class T1, class T2, class T3, class T4, class T5, class T6, class T7, class T8> - PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6, const T7 &v7, const T8 &v8) - {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);} - -#endif -}; - -//! Base class for public key encryption standard classes. These classes are used to select from variants of algorithms. Note that not all standards apply to all algorithms. -struct EncryptionStandard {}; - -//! Base class for public key signature standard classes. These classes are used to select from variants of algorithms. Note that not all standards apply to all algorithms. -struct SignatureStandard {}; - -template <class STANDARD, class KEYS, class ALG_INFO> -class TF_ES; - -//! Trapdoor Function Based Encryption Scheme -template <class STANDARD, class KEYS, class ALG_INFO = TF_ES<STANDARD, KEYS, int> > -class TF_ES : public KEYS -{ - typedef typename STANDARD::EncryptionMessageEncodingMethod MessageEncodingMethod; - -public: - //! see EncryptionStandard for a list of standards - typedef STANDARD Standard; - typedef TF_CryptoSchemeOptions<ALG_INFO, KEYS, MessageEncodingMethod> SchemeOptions; - - static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(KEYS::StaticAlgorithmName()) + "/" + MessageEncodingMethod::StaticAlgorithmName();} - - //! implements PK_Decryptor interface - typedef PK_FinalTemplate<TF_DecryptorImpl<SchemeOptions> > Decryptor; - //! implements PK_Encryptor interface - typedef PK_FinalTemplate<TF_EncryptorImpl<SchemeOptions> > Encryptor; -}; - -template <class STANDARD, class H, class KEYS, class ALG_INFO> // VC60 workaround: doesn't work if KEYS is first parameter -class TF_SS; - -//! Trapdoor Function Based Signature Scheme -template <class STANDARD, class H, class KEYS, class ALG_INFO = TF_SS<STANDARD, H, KEYS, int> > // VC60 workaround: doesn't work if KEYS is first parameter -class TF_SS : public KEYS -{ -public: - //! see SignatureStandard for a list of standards - typedef STANDARD Standard; - typedef typename Standard::SignatureMessageEncodingMethod MessageEncodingMethod; - typedef TF_SignatureSchemeOptions<ALG_INFO, KEYS, MessageEncodingMethod, H> SchemeOptions; - - static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(KEYS::StaticAlgorithmName()) + "/" + MessageEncodingMethod::StaticAlgorithmName() + "(" + H::StaticAlgorithmName() + ")";} - - //! implements PK_Signer interface - typedef PK_FinalTemplate<TF_SignerImpl<SchemeOptions> > Signer; - //! implements PK_Verifier interface - typedef PK_FinalTemplate<TF_VerifierImpl<SchemeOptions> > Verifier; -}; - -template <class KEYS, class SA, class MEM, class H, class ALG_INFO> -class DL_SS; - -//! Discrete Log Based Signature Scheme -template <class KEYS, class SA, class MEM, class H, class ALG_INFO = DL_SS<KEYS, SA, MEM, H, int> > -class DL_SS : public KEYS -{ - typedef DL_SignatureSchemeOptions<ALG_INFO, KEYS, SA, MEM, H> SchemeOptions; - -public: - static std::string StaticAlgorithmName() {return SA::StaticAlgorithmName() + std::string("/EMSA1(") + H::StaticAlgorithmName() + ")";} - - //! implements PK_Signer interface - typedef PK_FinalTemplate<DL_SignerImpl<SchemeOptions> > Signer; - //! implements PK_Verifier interface - typedef PK_FinalTemplate<DL_VerifierImpl<SchemeOptions> > Verifier; -}; - -//! Discrete Log Based Encryption Scheme -template <class KEYS, class AA, class DA, class EA, class ALG_INFO> -class DL_ES : public KEYS -{ - typedef DL_CryptoSchemeOptions<ALG_INFO, KEYS, AA, DA, EA> SchemeOptions; - -public: - //! implements PK_Decryptor interface - typedef PK_FinalTemplate<DL_DecryptorImpl<SchemeOptions> > Decryptor; - //! implements PK_Encryptor interface - typedef PK_FinalTemplate<DL_EncryptorImpl<SchemeOptions> > Encryptor; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/pwdbased.h b/cryptopp562/pwdbased.h deleted file mode 100644 index f755724..0000000 --- a/cryptopp562/pwdbased.h +++ /dev/null @@ -1,214 +0,0 @@ -// pwdbased.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_PWDBASED_H -#define CRYPTOPP_PWDBASED_H - -#include "cryptlib.h" -#include "hmac.h" -#include "hrtimer.h" -#include "integer.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! abstract base class for password based key derivation function -class PasswordBasedKeyDerivationFunction -{ -public: - virtual size_t MaxDerivedKeyLength() const =0; - virtual bool UsesPurposeByte() const =0; - //! derive key from password - /*! If timeInSeconds != 0, will iterate until time elapsed, as measured by ThreadUserTimer - Returns actual iteration count, which is equal to iterations if timeInSeconds == 0, and not less than iterations otherwise. */ - virtual unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const =0; -}; - -//! PBKDF1 from PKCS #5, T should be a HashTransformation class -template <class T> -class PKCS5_PBKDF1 : public PasswordBasedKeyDerivationFunction -{ -public: - size_t MaxDerivedKeyLength() const {return T::DIGESTSIZE;} - bool UsesPurposeByte() const {return false;} - // PKCS #5 says PBKDF1 should only take 8-byte salts. This implementation allows salts of any length. - unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const; -}; - -//! PBKDF2 from PKCS #5, T should be a HashTransformation class -template <class T> -class PKCS5_PBKDF2_HMAC : public PasswordBasedKeyDerivationFunction -{ -public: - size_t MaxDerivedKeyLength() const {return 0xffffffffU;} // should multiply by T::DIGESTSIZE, but gets overflow that way - bool UsesPurposeByte() const {return false;} - unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const; -}; - -/* -class PBKDF2Params -{ -public: - SecByteBlock m_salt; - unsigned int m_interationCount; - ASNOptional<ASNUnsignedWrapper<word32> > m_keyLength; -}; -*/ - -template <class T> -unsigned int PKCS5_PBKDF1<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const -{ - assert(derivedLen <= MaxDerivedKeyLength()); - assert(iterations > 0 || timeInSeconds > 0); - - if (!iterations) - iterations = 1; - - T hash; - hash.Update(password, passwordLen); - hash.Update(salt, saltLen); - - SecByteBlock buffer(hash.DigestSize()); - hash.Final(buffer); - - unsigned int i; - ThreadUserTimer timer; - - if (timeInSeconds) - timer.StartTimer(); - - for (i=1; i<iterations || (timeInSeconds && (i%128!=0 || timer.ElapsedTimeAsDouble() < timeInSeconds)); i++) - hash.CalculateDigest(buffer, buffer, buffer.size()); - - memcpy(derived, buffer, derivedLen); - return i; -} - -template <class T> -unsigned int PKCS5_PBKDF2_HMAC<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const -{ - assert(derivedLen <= MaxDerivedKeyLength()); - assert(iterations > 0 || timeInSeconds > 0); - - if (!iterations) - iterations = 1; - - HMAC<T> hmac(password, passwordLen); - SecByteBlock buffer(hmac.DigestSize()); - ThreadUserTimer timer; - - unsigned int i=1; - while (derivedLen > 0) - { - hmac.Update(salt, saltLen); - unsigned int j; - for (j=0; j<4; j++) - { - byte b = byte(i >> ((3-j)*8)); - hmac.Update(&b, 1); - } - hmac.Final(buffer); - - size_t segmentLen = STDMIN(derivedLen, buffer.size()); - memcpy(derived, buffer, segmentLen); - - if (timeInSeconds) - { - timeInSeconds = timeInSeconds / ((derivedLen + buffer.size() - 1) / buffer.size()); - timer.StartTimer(); - } - - for (j=1; j<iterations || (timeInSeconds && (j%128!=0 || timer.ElapsedTimeAsDouble() < timeInSeconds)); j++) - { - hmac.CalculateDigest(buffer, buffer, buffer.size()); - xorbuf(derived, buffer, segmentLen); - } - - if (timeInSeconds) - { - iterations = j; - timeInSeconds = 0; - } - - derived += segmentLen; - derivedLen -= segmentLen; - i++; - } - - return iterations; -} - -//! PBKDF from PKCS #12, appendix B, T should be a HashTransformation class -template <class T> -class PKCS12_PBKDF : public PasswordBasedKeyDerivationFunction -{ -public: - size_t MaxDerivedKeyLength() const {return size_t(0)-1;} - bool UsesPurposeByte() const {return true;} - unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const; -}; - -template <class T> -unsigned int PKCS12_PBKDF<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const -{ - assert(derivedLen <= MaxDerivedKeyLength()); - assert(iterations > 0 || timeInSeconds > 0); - - if (!iterations) - iterations = 1; - - const size_t v = T::BLOCKSIZE; // v is in bytes rather than bits as in PKCS #12 - const size_t DLen = v, SLen = RoundUpToMultipleOf(saltLen, v); - const size_t PLen = RoundUpToMultipleOf(passwordLen, v), ILen = SLen + PLen; - SecByteBlock buffer(DLen + SLen + PLen); - byte *D = buffer, *S = buffer+DLen, *P = buffer+DLen+SLen, *I = S; - - memset(D, purpose, DLen); - size_t i; - for (i=0; i<SLen; i++) - S[i] = salt[i % saltLen]; - for (i=0; i<PLen; i++) - P[i] = password[i % passwordLen]; - - - T hash; - SecByteBlock Ai(T::DIGESTSIZE), B(v); - ThreadUserTimer timer; - - while (derivedLen > 0) - { - hash.CalculateDigest(Ai, buffer, buffer.size()); - - if (timeInSeconds) - { - timeInSeconds = timeInSeconds / ((derivedLen + Ai.size() - 1) / Ai.size()); - timer.StartTimer(); - } - - for (i=1; i<iterations || (timeInSeconds && (i%128!=0 || timer.ElapsedTimeAsDouble() < timeInSeconds)); i++) - hash.CalculateDigest(Ai, Ai, Ai.size()); - - if (timeInSeconds) - { - iterations = (unsigned int)i; - timeInSeconds = 0; - } - - for (i=0; i<B.size(); i++) - B[i] = Ai[i % Ai.size()]; - - Integer B1(B, B.size()); - ++B1; - for (i=0; i<ILen; i+=v) - (Integer(I+i, v) + B1).Encode(I+i, v); - - size_t segmentLen = STDMIN(derivedLen, Ai.size()); - memcpy(derived, Ai, segmentLen); - derived += segmentLen; - derivedLen -= segmentLen; - } - - return iterations; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/queue.cpp b/cryptopp562/queue.cpp deleted file mode 100644 index ff2f0d3..0000000 --- a/cryptopp562/queue.cpp +++ /dev/null @@ -1,565 +0,0 @@ -// queue.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "queue.h" -#include "filters.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const unsigned int s_maxAutoNodeSize = 16*1024; - -// this class for use by ByteQueue only -class ByteQueueNode -{ -public: - ByteQueueNode(size_t maxSize) - : buf(maxSize) - { - m_head = m_tail = 0; - next = 0; - } - - inline size_t MaxSize() const {return buf.size();} - - inline size_t CurrentSize() const - { - return m_tail-m_head; - } - - inline bool UsedUp() const - { - return (m_head==MaxSize()); - } - - inline void Clear() - { - m_head = m_tail = 0; - } - - inline size_t Put(const byte *begin, size_t length) - { - size_t l = STDMIN(length, MaxSize()-m_tail); - if (buf+m_tail != begin) - memcpy(buf+m_tail, begin, l); - m_tail += l; - return l; - } - - inline size_t Peek(byte &outByte) const - { - if (m_tail==m_head) - return 0; - - outByte=buf[m_head]; - return 1; - } - - inline size_t Peek(byte *target, size_t copyMax) const - { - size_t len = STDMIN(copyMax, m_tail-m_head); - memcpy(target, buf+m_head, len); - return len; - } - - inline size_t CopyTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) const - { - size_t len = m_tail-m_head; - target.ChannelPut(channel, buf+m_head, len); - return len; - } - - inline size_t CopyTo(BufferedTransformation &target, size_t copyMax, const std::string &channel=DEFAULT_CHANNEL) const - { - size_t len = STDMIN(copyMax, m_tail-m_head); - target.ChannelPut(channel, buf+m_head, len); - return len; - } - - inline size_t Get(byte &outByte) - { - size_t len = Peek(outByte); - m_head += len; - return len; - } - - inline size_t Get(byte *outString, size_t getMax) - { - size_t len = Peek(outString, getMax); - m_head += len; - return len; - } - - inline size_t TransferTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) - { - size_t len = m_tail-m_head; - target.ChannelPutModifiable(channel, buf+m_head, len); - m_head = m_tail; - return len; - } - - inline size_t TransferTo(BufferedTransformation &target, lword transferMax, const std::string &channel=DEFAULT_CHANNEL) - { - size_t len = UnsignedMin(m_tail-m_head, transferMax); - target.ChannelPutModifiable(channel, buf+m_head, len); - m_head += len; - return len; - } - - inline size_t Skip(size_t skipMax) - { - size_t len = STDMIN(skipMax, m_tail-m_head); - m_head += len; - return len; - } - - inline byte operator[](size_t i) const - { - return buf[m_head+i]; - } - - ByteQueueNode *next; - - SecByteBlock buf; - size_t m_head, m_tail; -}; - -// ******************************************************** - -ByteQueue::ByteQueue(size_t nodeSize) - : m_lazyString(NULL), m_lazyLength(0) -{ - SetNodeSize(nodeSize); - m_head = m_tail = new ByteQueueNode(m_nodeSize); -} - -void ByteQueue::SetNodeSize(size_t nodeSize) -{ - m_autoNodeSize = !nodeSize; - m_nodeSize = m_autoNodeSize ? 256 : nodeSize; -} - -ByteQueue::ByteQueue(const ByteQueue ©) - : m_lazyString(NULL) -{ - CopyFrom(copy); -} - -void ByteQueue::CopyFrom(const ByteQueue ©) -{ - m_lazyLength = 0; - m_autoNodeSize = copy.m_autoNodeSize; - m_nodeSize = copy.m_nodeSize; - m_head = m_tail = new ByteQueueNode(*copy.m_head); - - for (ByteQueueNode *current=copy.m_head->next; current; current=current->next) - { - m_tail->next = new ByteQueueNode(*current); - m_tail = m_tail->next; - } - - m_tail->next = NULL; - - Put(copy.m_lazyString, copy.m_lazyLength); -} - -ByteQueue::~ByteQueue() -{ - Destroy(); -} - -void ByteQueue::Destroy() -{ - for (ByteQueueNode *next, *current=m_head; current; current=next) - { - next=current->next; - delete current; - } -} - -void ByteQueue::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_nodeSize = parameters.GetIntValueWithDefault("NodeSize", 256); - Clear(); -} - -lword ByteQueue::CurrentSize() const -{ - lword size=0; - - for (ByteQueueNode *current=m_head; current; current=current->next) - size += current->CurrentSize(); - - return size + m_lazyLength; -} - -bool ByteQueue::IsEmpty() const -{ - return m_head==m_tail && m_head->CurrentSize()==0 && m_lazyLength==0; -} - -void ByteQueue::Clear() -{ - for (ByteQueueNode *next, *current=m_head->next; current; current=next) - { - next=current->next; - delete current; - } - - m_tail = m_head; - m_head->Clear(); - m_head->next = NULL; - m_lazyLength = 0; -} - -size_t ByteQueue::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - if (m_lazyLength > 0) - FinalizeLazyPut(); - - size_t len; - while ((len=m_tail->Put(inString, length)) < length) - { - inString += len; - length -= len; - if (m_autoNodeSize && m_nodeSize < s_maxAutoNodeSize) - do - { - m_nodeSize *= 2; - } - while (m_nodeSize < length && m_nodeSize < s_maxAutoNodeSize); - m_tail->next = new ByteQueueNode(STDMAX(m_nodeSize, length)); - m_tail = m_tail->next; - } - - return 0; -} - -void ByteQueue::CleanupUsedNodes() -{ - while (m_head != m_tail && m_head->UsedUp()) - { - ByteQueueNode *temp=m_head; - m_head=m_head->next; - delete temp; - } - - if (m_head->CurrentSize() == 0) - m_head->Clear(); -} - -void ByteQueue::LazyPut(const byte *inString, size_t size) -{ - if (m_lazyLength > 0) - FinalizeLazyPut(); - - if (inString == m_tail->buf+m_tail->m_tail) - Put(inString, size); - else - { - m_lazyString = const_cast<byte *>(inString); - m_lazyLength = size; - m_lazyStringModifiable = false; - } -} - -void ByteQueue::LazyPutModifiable(byte *inString, size_t size) -{ - if (m_lazyLength > 0) - FinalizeLazyPut(); - m_lazyString = inString; - m_lazyLength = size; - m_lazyStringModifiable = true; -} - -void ByteQueue::UndoLazyPut(size_t size) -{ - if (m_lazyLength < size) - throw InvalidArgument("ByteQueue: size specified for UndoLazyPut is too large"); - - m_lazyLength -= size; -} - -void ByteQueue::FinalizeLazyPut() -{ - size_t len = m_lazyLength; - m_lazyLength = 0; - if (len) - Put(m_lazyString, len); -} - -size_t ByteQueue::Get(byte &outByte) -{ - if (m_head->Get(outByte)) - { - if (m_head->UsedUp()) - CleanupUsedNodes(); - return 1; - } - else if (m_lazyLength > 0) - { - outByte = *m_lazyString++; - m_lazyLength--; - return 1; - } - else - return 0; -} - -size_t ByteQueue::Get(byte *outString, size_t getMax) -{ - ArraySink sink(outString, getMax); - return (size_t)TransferTo(sink, getMax); -} - -size_t ByteQueue::Peek(byte &outByte) const -{ - if (m_head->Peek(outByte)) - return 1; - else if (m_lazyLength > 0) - { - outByte = *m_lazyString; - return 1; - } - else - return 0; -} - -size_t ByteQueue::Peek(byte *outString, size_t peekMax) const -{ - ArraySink sink(outString, peekMax); - return (size_t)CopyTo(sink, peekMax); -} - -size_t ByteQueue::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - if (blocking) - { - lword bytesLeft = transferBytes; - for (ByteQueueNode *current=m_head; bytesLeft && current; current=current->next) - bytesLeft -= current->TransferTo(target, bytesLeft, channel); - CleanupUsedNodes(); - - size_t len = (size_t)STDMIN(bytesLeft, (lword)m_lazyLength); - if (len) - { - if (m_lazyStringModifiable) - target.ChannelPutModifiable(channel, m_lazyString, len); - else - target.ChannelPut(channel, m_lazyString, len); - m_lazyString += len; - m_lazyLength -= len; - bytesLeft -= len; - } - transferBytes -= bytesLeft; - return 0; - } - else - { - Walker walker(*this); - size_t blockedBytes = walker.TransferTo2(target, transferBytes, channel, blocking); - Skip(transferBytes); - return blockedBytes; - } -} - -size_t ByteQueue::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - Walker walker(*this); - walker.Skip(begin); - lword transferBytes = end-begin; - size_t blockedBytes = walker.TransferTo2(target, transferBytes, channel, blocking); - begin += transferBytes; - return blockedBytes; -} - -void ByteQueue::Unget(byte inByte) -{ - Unget(&inByte, 1); -} - -void ByteQueue::Unget(const byte *inString, size_t length) -{ - size_t len = STDMIN(length, m_head->m_head); - length -= len; - m_head->m_head -= len; - memcpy(m_head->buf + m_head->m_head, inString + length, len); - - if (length > 0) - { - ByteQueueNode *newHead = new ByteQueueNode(length); - newHead->next = m_head; - m_head = newHead; - m_head->Put(inString, length); - } -} - -const byte * ByteQueue::Spy(size_t &contiguousSize) const -{ - contiguousSize = m_head->m_tail - m_head->m_head; - if (contiguousSize == 0 && m_lazyLength > 0) - { - contiguousSize = m_lazyLength; - return m_lazyString; - } - else - return m_head->buf + m_head->m_head; -} - -byte * ByteQueue::CreatePutSpace(size_t &size) -{ - if (m_lazyLength > 0) - FinalizeLazyPut(); - - if (m_tail->m_tail == m_tail->MaxSize()) - { - m_tail->next = new ByteQueueNode(STDMAX(m_nodeSize, size)); - m_tail = m_tail->next; - } - - size = m_tail->MaxSize() - m_tail->m_tail; - return m_tail->buf + m_tail->m_tail; -} - -ByteQueue & ByteQueue::operator=(const ByteQueue &rhs) -{ - Destroy(); - CopyFrom(rhs); - return *this; -} - -bool ByteQueue::operator==(const ByteQueue &rhs) const -{ - const lword currentSize = CurrentSize(); - - if (currentSize != rhs.CurrentSize()) - return false; - - Walker walker1(*this), walker2(rhs); - byte b1, b2; - - while (walker1.Get(b1) && walker2.Get(b2)) - if (b1 != b2) - return false; - - return true; -} - -byte ByteQueue::operator[](lword i) const -{ - for (ByteQueueNode *current=m_head; current; current=current->next) - { - if (i < current->CurrentSize()) - return (*current)[(size_t)i]; - - i -= current->CurrentSize(); - } - - assert(i < m_lazyLength); - return m_lazyString[i]; -} - -void ByteQueue::swap(ByteQueue &rhs) -{ - std::swap(m_autoNodeSize, rhs.m_autoNodeSize); - std::swap(m_nodeSize, rhs.m_nodeSize); - std::swap(m_head, rhs.m_head); - std::swap(m_tail, rhs.m_tail); - std::swap(m_lazyString, rhs.m_lazyString); - std::swap(m_lazyLength, rhs.m_lazyLength); - std::swap(m_lazyStringModifiable, rhs.m_lazyStringModifiable); -} - -// ******************************************************** - -void ByteQueue::Walker::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_node = m_queue.m_head; - m_position = 0; - m_offset = 0; - m_lazyString = m_queue.m_lazyString; - m_lazyLength = m_queue.m_lazyLength; -} - -size_t ByteQueue::Walker::Get(byte &outByte) -{ - ArraySink sink(&outByte, 1); - return (size_t)TransferTo(sink, 1); -} - -size_t ByteQueue::Walker::Get(byte *outString, size_t getMax) -{ - ArraySink sink(outString, getMax); - return (size_t)TransferTo(sink, getMax); -} - -size_t ByteQueue::Walker::Peek(byte &outByte) const -{ - ArraySink sink(&outByte, 1); - return (size_t)CopyTo(sink, 1); -} - -size_t ByteQueue::Walker::Peek(byte *outString, size_t peekMax) const -{ - ArraySink sink(outString, peekMax); - return (size_t)CopyTo(sink, peekMax); -} - -size_t ByteQueue::Walker::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking) -{ - lword bytesLeft = transferBytes; - size_t blockedBytes = 0; - - while (m_node) - { - size_t len = (size_t)STDMIN(bytesLeft, (lword)m_node->CurrentSize()-m_offset); - blockedBytes = target.ChannelPut2(channel, m_node->buf+m_node->m_head+m_offset, len, 0, blocking); - - if (blockedBytes) - goto done; - - m_position += len; - bytesLeft -= len; - - if (!bytesLeft) - { - m_offset += len; - goto done; - } - - m_node = m_node->next; - m_offset = 0; - } - - if (bytesLeft && m_lazyLength) - { - size_t len = (size_t)STDMIN(bytesLeft, (lword)m_lazyLength); - blockedBytes = target.ChannelPut2(channel, m_lazyString, len, 0, blocking); - if (blockedBytes) - goto done; - - m_lazyString += len; - m_lazyLength -= len; - bytesLeft -= len; - } - -done: - transferBytes -= bytesLeft; - return blockedBytes; -} - -size_t ByteQueue::Walker::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const -{ - Walker walker(*this); - walker.Skip(begin); - lword transferBytes = end-begin; - size_t blockedBytes = walker.TransferTo2(target, transferBytes, channel, blocking); - begin += transferBytes; - return blockedBytes; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/queue.h b/cryptopp562/queue.h deleted file mode 100644 index ab89dbd..0000000 --- a/cryptopp562/queue.h +++ /dev/null @@ -1,144 +0,0 @@ -// specification file for an unlimited queue for storing bytes - -#ifndef CRYPTOPP_QUEUE_H -#define CRYPTOPP_QUEUE_H - -#include "simple.h" -//#include <algorithm> - -NAMESPACE_BEGIN(CryptoPP) - -/** The queue is implemented as a linked list of byte arrays, but you don't need to - know about that. So just ignore this next line. :) */ -class ByteQueueNode; - -//! Byte Queue -class CRYPTOPP_DLL ByteQueue : public Bufferless<BufferedTransformation> -{ -public: - ByteQueue(size_t nodeSize=0); - ByteQueue(const ByteQueue ©); - ~ByteQueue(); - - lword MaxRetrievable() const - {return CurrentSize();} - bool AnyRetrievable() const - {return !IsEmpty();} - - void IsolatedInitialize(const NameValuePairs ¶meters); - byte * CreatePutSpace(size_t &size); - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - - size_t Get(byte &outByte); - size_t Get(byte *outString, size_t getMax); - - size_t Peek(byte &outByte) const; - size_t Peek(byte *outString, size_t peekMax) const; - - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - - // these member functions are not inherited - void SetNodeSize(size_t nodeSize); - - lword CurrentSize() const; - bool IsEmpty() const; - - void Clear(); - - void Unget(byte inByte); - void Unget(const byte *inString, size_t length); - - const byte * Spy(size_t &contiguousSize) const; - - void LazyPut(const byte *inString, size_t size); - void LazyPutModifiable(byte *inString, size_t size); - void UndoLazyPut(size_t size); - void FinalizeLazyPut(); - - ByteQueue & operator=(const ByteQueue &rhs); - bool operator==(const ByteQueue &rhs) const; - bool operator!=(const ByteQueue &rhs) const {return !operator==(rhs);} - byte operator[](lword i) const; - void swap(ByteQueue &rhs); - - class Walker : public InputRejecting<BufferedTransformation> - { - public: - Walker(const ByteQueue &queue) - : m_queue(queue) {Initialize();} - - lword GetCurrentPosition() {return m_position;} - - lword MaxRetrievable() const - {return m_queue.CurrentSize() - m_position;} - - void IsolatedInitialize(const NameValuePairs ¶meters); - - size_t Get(byte &outByte); - size_t Get(byte *outString, size_t getMax); - - size_t Peek(byte &outByte) const; - size_t Peek(byte *outString, size_t peekMax) const; - - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; - - private: - const ByteQueue &m_queue; - const ByteQueueNode *m_node; - lword m_position; - size_t m_offset; - const byte *m_lazyString; - size_t m_lazyLength; - }; - - friend class Walker; - -private: - void CleanupUsedNodes(); - void CopyFrom(const ByteQueue ©); - void Destroy(); - - bool m_autoNodeSize; - size_t m_nodeSize; - ByteQueueNode *m_head, *m_tail; - byte *m_lazyString; - size_t m_lazyLength; - bool m_lazyStringModifiable; -}; - -//! use this to make sure LazyPut is finalized in event of exception -class CRYPTOPP_DLL LazyPutter -{ -public: - LazyPutter(ByteQueue &bq, const byte *inString, size_t size) - : m_bq(bq) {bq.LazyPut(inString, size);} - ~LazyPutter() - {try {m_bq.FinalizeLazyPut();} catch(...) {}} -protected: - LazyPutter(ByteQueue &bq) : m_bq(bq) {} -private: - ByteQueue &m_bq; -}; - -//! like LazyPutter, but does a LazyPutModifiable instead -class LazyPutterModifiable : public LazyPutter -{ -public: - LazyPutterModifiable(ByteQueue &bq, byte *inString, size_t size) - : LazyPutter(bq) {bq.LazyPutModifiable(inString, size);} -}; - -NAMESPACE_END - -#ifndef __BORLANDC__ -NAMESPACE_BEGIN(std) -template<> inline void swap(CryptoPP::ByteQueue &a, CryptoPP::ByteQueue &b) -{ - a.swap(b); -} -NAMESPACE_END -#endif - -#endif diff --git a/cryptopp562/rabin.cpp b/cryptopp562/rabin.cpp deleted file mode 100644 index d496333..0000000 --- a/cryptopp562/rabin.cpp +++ /dev/null @@ -1,221 +0,0 @@ -// rabin.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "rabin.h" -#include "nbtheory.h" -#include "asn.h" -#include "sha.h" -#include "modarith.h" - -NAMESPACE_BEGIN(CryptoPP) - -void RabinFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - m_r.BERDecode(seq); - m_s.BERDecode(seq); - seq.MessageEnd(); -} - -void RabinFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - m_r.DEREncode(seq); - m_s.DEREncode(seq); - seq.MessageEnd(); -} - -Integer RabinFunction::ApplyFunction(const Integer &in) const -{ - DoQuickSanityCheck(); - - Integer out = in.Squared()%m_n; - if (in.IsOdd()) - out = out*m_r%m_n; - if (Jacobi(in, m_n)==-1) - out = out*m_s%m_n; - return out; -} - -bool RabinFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_n > Integer::One() && m_n%4 == 1; - pass = pass && m_r > Integer::One() && m_r < m_n; - pass = pass && m_s > Integer::One() && m_s < m_n; - if (level >= 1) - pass = pass && Jacobi(m_r, m_n) == -1 && Jacobi(m_s, m_n) == -1; - return pass; -} - -bool RabinFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_GET_FUNCTION_ENTRY(QuadraticResidueModPrime1) - CRYPTOPP_GET_FUNCTION_ENTRY(QuadraticResidueModPrime2) - ; -} - -void RabinFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_SET_FUNCTION_ENTRY(QuadraticResidueModPrime1) - CRYPTOPP_SET_FUNCTION_ENTRY(QuadraticResidueModPrime2) - ; -} - -// ***************************************************************************** -// private key operations: - -// generate a random private key -void InvertibleRabinFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - int modulusSize = 2048; - alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize); - - if (modulusSize < 16) - throw InvalidArgument("InvertibleRabinFunction: specified modulus size is too small"); - - // VC70 workaround: putting these after primeParam causes overlapped stack allocation - bool rFound=false, sFound=false; - Integer t=2; - - AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize) - ("EquivalentTo", 3)("Mod", 4); - m_p.GenerateRandom(rng, primeParam); - m_q.GenerateRandom(rng, primeParam); - - while (!(rFound && sFound)) - { - int jp = Jacobi(t, m_p); - int jq = Jacobi(t, m_q); - - if (!rFound && jp==1 && jq==-1) - { - m_r = t; - rFound = true; - } - - if (!sFound && jp==-1 && jq==1) - { - m_s = t; - sFound = true; - } - - ++t; - } - - m_n = m_p * m_q; - m_u = m_q.InverseMod(m_p); -} - -void InvertibleRabinFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - m_r.BERDecode(seq); - m_s.BERDecode(seq); - m_p.BERDecode(seq); - m_q.BERDecode(seq); - m_u.BERDecode(seq); - seq.MessageEnd(); -} - -void InvertibleRabinFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - m_r.DEREncode(seq); - m_s.DEREncode(seq); - m_p.DEREncode(seq); - m_q.DEREncode(seq); - m_u.DEREncode(seq); - seq.MessageEnd(); -} - -Integer InvertibleRabinFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &in) const -{ - DoQuickSanityCheck(); - - ModularArithmetic modn(m_n); - Integer r(rng, Integer::One(), m_n - Integer::One()); - r = modn.Square(r); - Integer r2 = modn.Square(r); - Integer c = modn.Multiply(in, r2); // blind - - Integer cp=c%m_p, cq=c%m_q; - - int jp = Jacobi(cp, m_p); - int jq = Jacobi(cq, m_q); - - if (jq==-1) - { - cp = cp*EuclideanMultiplicativeInverse(m_r, m_p)%m_p; - cq = cq*EuclideanMultiplicativeInverse(m_r, m_q)%m_q; - } - - if (jp==-1) - { - cp = cp*EuclideanMultiplicativeInverse(m_s, m_p)%m_p; - cq = cq*EuclideanMultiplicativeInverse(m_s, m_q)%m_q; - } - - cp = ModularSquareRoot(cp, m_p); - cq = ModularSquareRoot(cq, m_q); - - if (jp==-1) - cp = m_p-cp; - - Integer out = CRT(cq, m_q, cp, m_p, m_u); - - out = modn.Divide(out, r); // unblind - - if ((jq==-1 && out.IsEven()) || (jq==1 && out.IsOdd())) - out = m_n-out; - - return out; -} - -bool InvertibleRabinFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = RabinFunction::Validate(rng, level); - pass = pass && m_p > Integer::One() && m_p%4 == 3 && m_p < m_n; - pass = pass && m_q > Integer::One() && m_q%4 == 3 && m_q < m_n; - pass = pass && m_u.IsPositive() && m_u < m_p; - if (level >= 1) - { - pass = pass && m_p * m_q == m_n; - pass = pass && m_u * m_q % m_p == 1; - pass = pass && Jacobi(m_r, m_p) == 1; - pass = pass && Jacobi(m_r, m_q) == -1; - pass = pass && Jacobi(m_s, m_p) == -1; - pass = pass && Jacobi(m_s, m_q) == 1; - } - if (level >= 2) - pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); - return pass; -} - -bool InvertibleRabinFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper<RabinFunction>(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_GET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -void InvertibleRabinFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper<RabinFunction>(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -NAMESPACE_END diff --git a/cryptopp562/rabin.h b/cryptopp562/rabin.h deleted file mode 100644 index 1c9bcbb..0000000 --- a/cryptopp562/rabin.h +++ /dev/null @@ -1,107 +0,0 @@ -#ifndef CRYPTOPP_RABIN_H -#define CRYPTOPP_RABIN_H - -/** \file -*/ - -#include "oaep.h" -#include "pssr.h" -#include "integer.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class RabinFunction : public TrapdoorFunction, public PublicKey -{ - typedef RabinFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &r, const Integer &s) - {m_n = n; m_r = r; m_s = s;} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return m_n;} - Integer ImageBound() const {return m_n;} - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - const Integer& GetModulus() const {return m_n;} - const Integer& GetQuadraticResidueModPrime1() const {return m_r;} - const Integer& GetQuadraticResidueModPrime2() const {return m_s;} - - void SetModulus(const Integer &n) {m_n = n;} - void SetQuadraticResidueModPrime1(const Integer &r) {m_r = r;} - void SetQuadraticResidueModPrime2(const Integer &s) {m_s = s;} - -protected: - Integer m_n, m_r, m_s; -}; - -//! _ -class InvertibleRabinFunction : public RabinFunction, public TrapdoorFunctionInverse, public PrivateKey -{ - typedef InvertibleRabinFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &r, const Integer &s, - const Integer &p, const Integer &q, const Integer &u) - {m_n = n; m_r = r; m_s = s; m_p = p; m_q = q; m_u = u;} - void Initialize(RandomNumberGenerator &rng, unsigned int keybits) - {GenerateRandomWithKeySize(rng, keybits);} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - /*! parameters: (ModulusSize) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - - const Integer& GetPrime1() const {return m_p;} - const Integer& GetPrime2() const {return m_q;} - const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} - - void SetPrime1(const Integer &p) {m_p = p;} - void SetPrime2(const Integer &q) {m_q = q;} - void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} - -protected: - Integer m_p, m_q, m_u; -}; - -//! Rabin -struct Rabin -{ - static std::string StaticAlgorithmName() {return "Rabin-Crypto++Variant";} - typedef RabinFunction PublicKey; - typedef InvertibleRabinFunction PrivateKey; -}; - -//! Rabin encryption -template <class STANDARD> -struct RabinES : public TF_ES<STANDARD, Rabin> -{ -}; - -//! Rabin signature -template <class STANDARD, class H> -struct RabinSS : public TF_SS<STANDARD, H, Rabin> -{ -}; - -// More typedefs for backwards compatibility -class SHA1; -typedef RabinES<OAEP<SHA1> >::Decryptor RabinDecryptor; -typedef RabinES<OAEP<SHA1> >::Encryptor RabinEncryptor; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/randpool.cpp b/cryptopp562/randpool.cpp deleted file mode 100644 index a063c89..0000000 --- a/cryptopp562/randpool.cpp +++ /dev/null @@ -1,63 +0,0 @@ -// randpool.cpp - written and placed in the public domain by Wei Dai -// RandomPool used to follow the design of randpool in PGP 2.6.x, -// but as of version 5.5 it has been redesigned to reduce the risk -// of reusing random numbers after state rollback (which may occur -// when running in a virtual machine like VMware). - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "randpool.h" -#include "aes.h" -#include "sha.h" -#include "hrtimer.h" -#include <time.h> - -NAMESPACE_BEGIN(CryptoPP) - -RandomPool::RandomPool() - : m_pCipher(new AES::Encryption), m_keySet(false) -{ - memset(m_key, 0, m_key.SizeInBytes()); - memset(m_seed, 0, m_seed.SizeInBytes()); -} - -void RandomPool::IncorporateEntropy(const byte *input, size_t length) -{ - SHA256 hash; - hash.Update(m_key, 32); - hash.Update(input, length); - hash.Final(m_key); - m_keySet = false; -} - -void RandomPool::GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size) -{ - if (size > 0) - { - if (!m_keySet) - m_pCipher->SetKey(m_key, 32); - - Timer timer; - TimerWord tw = timer.GetCurrentTimerValue(); - CRYPTOPP_COMPILE_ASSERT(sizeof(tw) <= 16); - *(TimerWord *)m_seed.data() += tw; - - time_t t = time(NULL); - CRYPTOPP_COMPILE_ASSERT(sizeof(t) <= 8); - *(time_t *)(m_seed.data()+8) += t; - - do - { - m_pCipher->ProcessBlock(m_seed); - size_t len = UnsignedMin(16, size); - target.ChannelPut(channel, m_seed, len); - size -= len; - } while (size > 0); - } -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/randpool.h b/cryptopp562/randpool.h deleted file mode 100644 index c25bc9b..0000000 --- a/cryptopp562/randpool.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef CRYPTOPP_RANDPOOL_H -#define CRYPTOPP_RANDPOOL_H - -#include "cryptlib.h" -#include "filters.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! Randomness Pool -/*! This class can be used to generate cryptographic quality - pseudorandom bytes after seeding the pool with IncorporateEntropy() */ -class CRYPTOPP_DLL RandomPool : public RandomNumberGenerator, public NotCopyable -{ -public: - RandomPool(); - - bool CanIncorporateEntropy() const {return true;} - void IncorporateEntropy(const byte *input, size_t length); - void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size); - - // for backwards compatibility. use RandomNumberSource, RandomNumberStore, and RandomNumberSink for other BufferTransformation functionality - void Put(const byte *input, size_t length) {IncorporateEntropy(input, length);} - -private: - FixedSizeSecBlock<byte, 32> m_key; - FixedSizeSecBlock<byte, 16> m_seed; - member_ptr<BlockCipher> m_pCipher; - bool m_keySet; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rc2.cpp b/cryptopp562/rc2.cpp deleted file mode 100644 index 48df2ef..0000000 --- a/cryptopp562/rc2.cpp +++ /dev/null @@ -1,118 +0,0 @@ -// rc2.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "rc2.h" -#include "misc.h" -#include "argnames.h" - -NAMESPACE_BEGIN(CryptoPP) - -void RC2::Base::UncheckedSetKey(const byte *key, unsigned int keyLen, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(keyLen); - - int effectiveLen = params.GetIntValueWithDefault(Name::EffectiveKeyLength(), DEFAULT_EFFECTIVE_KEYLENGTH); - if (effectiveLen > MAX_EFFECTIVE_KEYLENGTH) - throw InvalidArgument("RC2: effective key length parameter exceeds maximum"); - - static const unsigned char PITABLE[256] = { - 217,120,249,196, 25,221,181,237, 40,233,253,121, 74,160,216,157, - 198,126, 55,131, 43,118, 83,142, 98, 76,100,136, 68,139,251,162, - 23,154, 89,245,135,179, 79, 19, 97, 69,109,141, 9,129,125, 50, - 189,143, 64,235,134,183,123, 11,240,149, 33, 34, 92,107, 78,130, - 84,214,101,147,206, 96,178, 28,115, 86,192, 20,167,140,241,220, - 18,117,202, 31, 59,190,228,209, 66, 61,212, 48,163, 60,182, 38, - 111,191, 14,218, 70,105, 7, 87, 39,242, 29,155,188,148, 67, 3, - 248, 17,199,246,144,239, 62,231, 6,195,213, 47,200,102, 30,215, - 8,232,234,222,128, 82,238,247,132,170,114,172, 53, 77,106, 42, - 150, 26,210,113, 90, 21, 73,116, 75,159,208, 94, 4, 24,164,236, - 194,224, 65,110, 15, 81,203,204, 36,145,175, 80,161,244,112, 57, - 153,124, 58,133, 35,184,180,122,252, 2, 54, 91, 37, 85,151, 49, - 45, 93,250,152,227,138,146,174, 5,223, 41, 16,103,108,186,201, - 211, 0,230,207,225,158,168, 44, 99, 22, 1, 63, 88,226,137,169, - 13, 56, 52, 27,171, 51,255,176,187, 72, 12, 95,185,177,205, 46, - 197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173}; - - SecByteBlock L(128); - memcpy(L, key, keyLen); - - int i; - for (i=keyLen; i<128; i++) - L[i] = PITABLE[(L[i-1] + L[i-keyLen]) & 255]; - - unsigned int T8 = (effectiveLen+7) / 8; - byte TM = 255 >> ((8-(effectiveLen%8))%8); - L[128-T8] = PITABLE[L[128-T8] & TM]; - - for (i=127-T8; i>=0; i--) - L[i] = PITABLE[L[i+1] ^ L[i+T8]]; - - for (i=0; i<64; i++) - K[i] = L[2*i] + (L[2*i+1] << 8); -} - -typedef BlockGetAndPut<word16, LittleEndian> Block; - -void RC2::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word16 R0, R1, R2, R3; - Block::Get(inBlock)(R0)(R1)(R2)(R3); - - for (int i = 0; i < 16; i++) - { - R0 += (R1 & ~R3) + (R2 & R3) + K[4*i+0]; - R0 = rotlFixed(R0, 1); - - R1 += (R2 & ~R0) + (R3 & R0) + K[4*i+1]; - R1 = rotlFixed(R1, 2); - - R2 += (R3 & ~R1) + (R0 & R1) + K[4*i+2]; - R2 = rotlFixed(R2, 3); - - R3 += (R0 & ~R2) + (R1 & R2) + K[4*i+3]; - R3 = rotlFixed(R3, 5); - - if (i == 4 || i == 10) - { - R0 += K[R3 & 63]; - R1 += K[R0 & 63]; - R2 += K[R1 & 63]; - R3 += K[R2 & 63]; - } - } - - Block::Put(xorBlock, outBlock)(R0)(R1)(R2)(R3); -} - -void RC2::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word16 R0, R1, R2, R3; - Block::Get(inBlock)(R0)(R1)(R2)(R3); - - for (int i = 15; i >= 0; i--) - { - if (i == 4 || i == 10) - { - R3 -= K[R2 & 63]; - R2 -= K[R1 & 63]; - R1 -= K[R0 & 63]; - R0 -= K[R3 & 63]; - } - - R3 = rotrFixed(R3, 5); - R3 -= (R0 & ~R2) + (R1 & R2) + K[4*i+3]; - - R2 = rotrFixed(R2, 3); - R2 -= (R3 & ~R1) + (R0 & R1) + K[4*i+2]; - - R1 = rotrFixed(R1, 2); - R1 -= (R2 & ~R0) + (R3 & R0) + K[4*i+1]; - - R0 = rotrFixed(R0, 1); - R0 -= (R1 & ~R3) + (R2 & R3) + K[4*i+0]; - } - - Block::Put(xorBlock, outBlock)(R0)(R1)(R2)(R3); -} - -NAMESPACE_END diff --git a/cryptopp562/rc2.h b/cryptopp562/rc2.h deleted file mode 100644 index ebff798..0000000 --- a/cryptopp562/rc2.h +++ /dev/null @@ -1,73 +0,0 @@ -#ifndef CRYPTOPP_RC2_H -#define CRYPTOPP_RC2_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" -#include "algparam.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct RC2_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 1, 128> -{ - CRYPTOPP_CONSTANT(DEFAULT_EFFECTIVE_KEYLENGTH = 1024) - CRYPTOPP_CONSTANT(MAX_EFFECTIVE_KEYLENGTH = 1024) - static const char *StaticAlgorithmName() {return "RC2";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#RC2">RC2</a> -class RC2 : public RC2_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<RC2_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - unsigned int OptimalDataAlignment() const {return GetAlignmentOf<word16>();} - - protected: - FixedSizeSecBlock<word16, 64> K; // expanded key table - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - class Encryption : public BlockCipherFinal<ENCRYPTION, Enc> - { - public: - Encryption() {} - Encryption(const byte *key, size_t keyLen=DEFAULT_KEYLENGTH) - {SetKey(key, keyLen);} - Encryption(const byte *key, size_t keyLen, int effectiveKeyLen) - {SetKey(key, keyLen, MakeParameters("EffectiveKeyLength", effectiveKeyLen));} - }; - - class Decryption : public BlockCipherFinal<DECRYPTION, Dec> - { - public: - Decryption() {} - Decryption(const byte *key, size_t keyLen=DEFAULT_KEYLENGTH) - {SetKey(key, keyLen);} - Decryption(const byte *key, size_t keyLen, int effectiveKeyLen) - {SetKey(key, keyLen, MakeParameters("EffectiveKeyLength", effectiveKeyLen));} - }; -}; - -typedef RC2::Encryption RC2Encryption; -typedef RC2::Decryption RC2Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rc5.cpp b/cryptopp562/rc5.cpp deleted file mode 100644 index 2b730de..0000000 --- a/cryptopp562/rc5.cpp +++ /dev/null @@ -1,79 +0,0 @@ -// rc5.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "rc5.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void RC5::Base::UncheckedSetKey(const byte *k, unsigned int keylen, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(keylen); - - r = GetRoundsAndThrowIfInvalid(params, this); - sTable.New(2*(r+1)); - - static const RC5_WORD MAGIC_P = 0xb7e15163L; // magic constant P for wordsize - static const RC5_WORD MAGIC_Q = 0x9e3779b9L; // magic constant Q for wordsize - static const int U=sizeof(RC5_WORD); - - const unsigned int c = STDMAX((keylen+U-1)/U, 1U); // RC6 paper says c=1 if keylen==0 - SecBlock<RC5_WORD> l(c); - - GetUserKey(LITTLE_ENDIAN_ORDER, l.begin(), c, k, keylen); - - sTable[0] = MAGIC_P; - for (unsigned j=1; j<sTable.size();j++) - sTable[j] = sTable[j-1] + MAGIC_Q; - - RC5_WORD a=0, b=0; - const unsigned n = 3*STDMAX((unsigned int)sTable.size(), c); - - for (unsigned h=0; h < n; h++) - { - a = sTable[h % sTable.size()] = rotlFixed((sTable[h % sTable.size()] + a + b), 3); - b = l[h % c] = rotlMod((l[h % c] + a + b), (a+b)); - } -} - -typedef BlockGetAndPut<RC5::RC5_WORD, LittleEndian> Block; - -void RC5::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - const RC5_WORD *sptr = sTable; - RC5_WORD a, b; - - Block::Get(inBlock)(a)(b); - a += sptr[0]; - b += sptr[1]; - sptr += 2; - - for(unsigned i=0; i<r; i++) - { - a = rotlMod(a^b,b) + sptr[2*i+0]; - b = rotlMod(a^b,a) + sptr[2*i+1]; - } - - Block::Put(xorBlock, outBlock)(a)(b); -} - -void RC5::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - const RC5_WORD *sptr = sTable.end(); - RC5_WORD a, b; - - Block::Get(inBlock)(a)(b); - - for (unsigned i=0; i<r; i++) - { - sptr-=2; - b = rotrMod(b-sptr[1], a) ^ a; - a = rotrMod(a-sptr[0], b) ^ b; - } - b -= sTable[1]; - a -= sTable[0]; - - Block::Put(xorBlock, outBlock)(a)(b); -} - -NAMESPACE_END diff --git a/cryptopp562/rc5.h b/cryptopp562/rc5.h deleted file mode 100644 index f842a9b..0000000 --- a/cryptopp562/rc5.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef CRYPTOPP_RC5_H -#define CRYPTOPP_RC5_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct RC5_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 0, 255>, public VariableRounds<16> -{ - static const char *StaticAlgorithmName() {return "RC5";} - typedef word32 RC5_WORD; -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#RC5">RC5</a> -class RC5 : public RC5_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<RC5_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - unsigned int r; // number of rounds - SecBlock<RC5_WORD> sTable; // expanded key table - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef RC5::Encryption RC5Encryption; -typedef RC5::Decryption RC5Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rc6.cpp b/cryptopp562/rc6.cpp deleted file mode 100644 index e58cb6a..0000000 --- a/cryptopp562/rc6.cpp +++ /dev/null @@ -1,96 +0,0 @@ -// rc6.cpp - written and placed in the public domain by Sean Woods -// based on Wei Dai's RC5 code. - -#include "pch.h" -#include "rc6.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void RC6::Base::UncheckedSetKey(const byte *k, unsigned int keylen, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(keylen); - - r = GetRoundsAndThrowIfInvalid(params, this); - sTable.New(2*(r+2)); - - static const RC6_WORD MAGIC_P = 0xb7e15163L; // magic constant P for wordsize - static const RC6_WORD MAGIC_Q = 0x9e3779b9L; // magic constant Q for wordsize - static const int U=sizeof(RC6_WORD); - - const unsigned int c = STDMAX((keylen+U-1)/U, 1U); // RC6 paper says c=1 if keylen==0 - SecBlock<RC6_WORD> l(c); - - GetUserKey(LITTLE_ENDIAN_ORDER, l.begin(), c, k, keylen); - - sTable[0] = MAGIC_P; - for (unsigned j=1; j<sTable.size();j++) - sTable[j] = sTable[j-1] + MAGIC_Q; - - RC6_WORD a=0, b=0; - const unsigned n = 3*STDMAX((unsigned int)sTable.size(), c); - - for (unsigned h=0; h < n; h++) - { - a = sTable[h % sTable.size()] = rotlFixed((sTable[h % sTable.size()] + a + b), 3); - b = l[h % c] = rotlMod((l[h % c] + a + b), (a+b)); - } -} - -typedef BlockGetAndPut<RC6::RC6_WORD, LittleEndian> Block; - -void RC6::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - const RC6_WORD *sptr = sTable; - RC6_WORD a, b, c, d, t, u; - - Block::Get(inBlock)(a)(b)(c)(d); - b += sptr[0]; - d += sptr[1]; - sptr += 2; - - for(unsigned i=0; i<r; i++) - { - t = rotlFixed(b*(2*b+1), 5); - u = rotlFixed(d*(2*d+1), 5); - a = rotlMod(a^t,u) + sptr[0]; - c = rotlMod(c^u,t) + sptr[1]; - t = a; a = b; b = c; c = d; d = t; - sptr += 2; - } - - a += sptr[0]; - c += sptr[1]; - - Block::Put(xorBlock, outBlock)(a)(b)(c)(d); -} - -void RC6::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - const RC6_WORD *sptr = sTable.end(); - RC6_WORD a, b, c, d, t, u; - - Block::Get(inBlock)(a)(b)(c)(d); - - sptr -= 2; - c -= sptr[1]; - a -= sptr[0]; - - for (unsigned i=0; i < r; i++) - { - sptr -= 2; - t = a; a = d; d = c; c = b; b = t; - u = rotlFixed(d*(2*d+1), 5); - t = rotlFixed(b*(2*b+1), 5); - c = rotrMod(c-sptr[1], t) ^ u; - a = rotrMod(a-sptr[0], u) ^ t; - } - - sptr -= 2; - d -= sTable[1]; - b -= sTable[0]; - - Block::Put(xorBlock, outBlock)(a)(b)(c)(d); -} - -NAMESPACE_END diff --git a/cryptopp562/rc6.h b/cryptopp562/rc6.h deleted file mode 100644 index df3d1ee..0000000 --- a/cryptopp562/rc6.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef CRYPTOPP_RC6_H -#define CRYPTOPP_RC6_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct RC6_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 0, 255>, public VariableRounds<20> -{ - static const char *StaticAlgorithmName() {return "RC6";} - typedef word32 RC6_WORD; -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#RC6">RC6</a> -class RC6 : public RC6_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<RC6_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - unsigned int r; // number of rounds - SecBlock<RC6_WORD> sTable; // expanded key table - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef RC6::Encryption RC6Encryption; -typedef RC6::Decryption RC6Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rdtables.cpp b/cryptopp562/rdtables.cpp deleted file mode 100644 index 4937932..0000000 --- a/cryptopp562/rdtables.cpp +++ /dev/null @@ -1,172 +0,0 @@ -// Rijndael tables - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "rijndael.h" - -// VC60 workaround: gives a C4786 warning without this function -// when runtime lib is set to multithread debug DLL -// even though warning 4786 is disabled! -void Rijndael_VC60Workaround() -{ -} - -NAMESPACE_BEGIN(CryptoPP) - -/* -Te0[x] = S [x].[02, 01, 01, 03]; -Te1[x] = S [x].[03, 02, 01, 01]; -Te2[x] = S [x].[01, 03, 02, 01]; -Te3[x] = S [x].[01, 01, 03, 02]; - -Td0[x] = Si[x].[0e, 09, 0d, 0b]; -Td1[x] = Si[x].[0b, 0e, 09, 0d]; -Td2[x] = Si[x].[0d, 0b, 0e, 09]; -Td3[x] = Si[x].[09, 0d, 0b, 0e]; -*/ - -const byte Rijndael::Base::Se[256] = { - 0x63, 0x7c, 0x77, 0x7b, - 0xf2, 0x6b, 0x6f, 0xc5, - 0x30, 0x01, 0x67, 0x2b, - 0xfe, 0xd7, 0xab, 0x76, - 0xca, 0x82, 0xc9, 0x7d, - 0xfa, 0x59, 0x47, 0xf0, - 0xad, 0xd4, 0xa2, 0xaf, - 0x9c, 0xa4, 0x72, 0xc0, - 0xb7, 0xfd, 0x93, 0x26, - 0x36, 0x3f, 0xf7, 0xcc, - 0x34, 0xa5, 0xe5, 0xf1, - 0x71, 0xd8, 0x31, 0x15, - 0x04, 0xc7, 0x23, 0xc3, - 0x18, 0x96, 0x05, 0x9a, - 0x07, 0x12, 0x80, 0xe2, - 0xeb, 0x27, 0xb2, 0x75, - 0x09, 0x83, 0x2c, 0x1a, - 0x1b, 0x6e, 0x5a, 0xa0, - 0x52, 0x3b, 0xd6, 0xb3, - 0x29, 0xe3, 0x2f, 0x84, - 0x53, 0xd1, 0x00, 0xed, - 0x20, 0xfc, 0xb1, 0x5b, - 0x6a, 0xcb, 0xbe, 0x39, - 0x4a, 0x4c, 0x58, 0xcf, - 0xd0, 0xef, 0xaa, 0xfb, - 0x43, 0x4d, 0x33, 0x85, - 0x45, 0xf9, 0x02, 0x7f, - 0x50, 0x3c, 0x9f, 0xa8, - 0x51, 0xa3, 0x40, 0x8f, - 0x92, 0x9d, 0x38, 0xf5, - 0xbc, 0xb6, 0xda, 0x21, - 0x10, 0xff, 0xf3, 0xd2, - 0xcd, 0x0c, 0x13, 0xec, - 0x5f, 0x97, 0x44, 0x17, - 0xc4, 0xa7, 0x7e, 0x3d, - 0x64, 0x5d, 0x19, 0x73, - 0x60, 0x81, 0x4f, 0xdc, - 0x22, 0x2a, 0x90, 0x88, - 0x46, 0xee, 0xb8, 0x14, - 0xde, 0x5e, 0x0b, 0xdb, - 0xe0, 0x32, 0x3a, 0x0a, - 0x49, 0x06, 0x24, 0x5c, - 0xc2, 0xd3, 0xac, 0x62, - 0x91, 0x95, 0xe4, 0x79, - 0xe7, 0xc8, 0x37, 0x6d, - 0x8d, 0xd5, 0x4e, 0xa9, - 0x6c, 0x56, 0xf4, 0xea, - 0x65, 0x7a, 0xae, 0x08, - 0xba, 0x78, 0x25, 0x2e, - 0x1c, 0xa6, 0xb4, 0xc6, - 0xe8, 0xdd, 0x74, 0x1f, - 0x4b, 0xbd, 0x8b, 0x8a, - 0x70, 0x3e, 0xb5, 0x66, - 0x48, 0x03, 0xf6, 0x0e, - 0x61, 0x35, 0x57, 0xb9, - 0x86, 0xc1, 0x1d, 0x9e, - 0xe1, 0xf8, 0x98, 0x11, - 0x69, 0xd9, 0x8e, 0x94, - 0x9b, 0x1e, 0x87, 0xe9, - 0xce, 0x55, 0x28, 0xdf, - 0x8c, 0xa1, 0x89, 0x0d, - 0xbf, 0xe6, 0x42, 0x68, - 0x41, 0x99, 0x2d, 0x0f, - 0xb0, 0x54, 0xbb, 0x16, -}; - -const byte Rijndael::Base::Sd[256] = { - 0x52, 0x09, 0x6a, 0xd5, - 0x30, 0x36, 0xa5, 0x38, - 0xbf, 0x40, 0xa3, 0x9e, - 0x81, 0xf3, 0xd7, 0xfb, - 0x7c, 0xe3, 0x39, 0x82, - 0x9b, 0x2f, 0xff, 0x87, - 0x34, 0x8e, 0x43, 0x44, - 0xc4, 0xde, 0xe9, 0xcb, - 0x54, 0x7b, 0x94, 0x32, - 0xa6, 0xc2, 0x23, 0x3d, - 0xee, 0x4c, 0x95, 0x0b, - 0x42, 0xfa, 0xc3, 0x4e, - 0x08, 0x2e, 0xa1, 0x66, - 0x28, 0xd9, 0x24, 0xb2, - 0x76, 0x5b, 0xa2, 0x49, - 0x6d, 0x8b, 0xd1, 0x25, - 0x72, 0xf8, 0xf6, 0x64, - 0x86, 0x68, 0x98, 0x16, - 0xd4, 0xa4, 0x5c, 0xcc, - 0x5d, 0x65, 0xb6, 0x92, - 0x6c, 0x70, 0x48, 0x50, - 0xfd, 0xed, 0xb9, 0xda, - 0x5e, 0x15, 0x46, 0x57, - 0xa7, 0x8d, 0x9d, 0x84, - 0x90, 0xd8, 0xab, 0x00, - 0x8c, 0xbc, 0xd3, 0x0a, - 0xf7, 0xe4, 0x58, 0x05, - 0xb8, 0xb3, 0x45, 0x06, - 0xd0, 0x2c, 0x1e, 0x8f, - 0xca, 0x3f, 0x0f, 0x02, - 0xc1, 0xaf, 0xbd, 0x03, - 0x01, 0x13, 0x8a, 0x6b, - 0x3a, 0x91, 0x11, 0x41, - 0x4f, 0x67, 0xdc, 0xea, - 0x97, 0xf2, 0xcf, 0xce, - 0xf0, 0xb4, 0xe6, 0x73, - 0x96, 0xac, 0x74, 0x22, - 0xe7, 0xad, 0x35, 0x85, - 0xe2, 0xf9, 0x37, 0xe8, - 0x1c, 0x75, 0xdf, 0x6e, - 0x47, 0xf1, 0x1a, 0x71, - 0x1d, 0x29, 0xc5, 0x89, - 0x6f, 0xb7, 0x62, 0x0e, - 0xaa, 0x18, 0xbe, 0x1b, - 0xfc, 0x56, 0x3e, 0x4b, - 0xc6, 0xd2, 0x79, 0x20, - 0x9a, 0xdb, 0xc0, 0xfe, - 0x78, 0xcd, 0x5a, 0xf4, - 0x1f, 0xdd, 0xa8, 0x33, - 0x88, 0x07, 0xc7, 0x31, - 0xb1, 0x12, 0x10, 0x59, - 0x27, 0x80, 0xec, 0x5f, - 0x60, 0x51, 0x7f, 0xa9, - 0x19, 0xb5, 0x4a, 0x0d, - 0x2d, 0xe5, 0x7a, 0x9f, - 0x93, 0xc9, 0x9c, 0xef, - 0xa0, 0xe0, 0x3b, 0x4d, - 0xae, 0x2a, 0xf5, 0xb0, - 0xc8, 0xeb, 0xbb, 0x3c, - 0x83, 0x53, 0x99, 0x61, - 0x17, 0x2b, 0x04, 0x7e, - 0xba, 0x77, 0xd6, 0x26, - 0xe1, 0x69, 0x14, 0x63, - 0x55, 0x21, 0x0c, 0x7d, -}; - -const word32 Rijndael::Base::rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/regtest.cpp b/cryptopp562/regtest.cpp deleted file mode 100644 index 49a67c4..0000000 --- a/cryptopp562/regtest.cpp +++ /dev/null @@ -1,153 +0,0 @@ -#include "factory.h" - -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "modes.h" -#include "dh.h" -#include "esign.h" -#include "md2.h" -#include "rw.h" -#include "md5.h" -#include "rsa.h" -#include "ripemd.h" -#include "dsa.h" -#include "seal.h" -#include "whrlpool.h" -#include "ttmac.h" -#include "camellia.h" -#include "shacal2.h" -#include "tea.h" -#include "panama.h" -#include "pssr.h" -#include "aes.h" -#include "salsa.h" -#include "vmac.h" -#include "tiger.h" -#include "md5.h" -#include "sosemanuk.h" -#include "arc4.h" -#include "ccm.h" -#include "gcm.h" -#include "eax.h" -#include "twofish.h" -#include "serpent.h" -#include "cast.h" -#include "rc6.h" -#include "mars.h" -#include "des.h" -#include "idea.h" -#include "rc5.h" -#include "tea.h" -#include "skipjack.h" -#include "cmac.h" -#include "dmac.h" -#include "blowfish.h" -#include "seed.h" -#include "wake.h" -#include "seal.h" -#include "crc.h" -#include "adler32.h" -#include "sha3.h" - -USING_NAMESPACE(CryptoPP) - -void RegisterFactories() -{ - static bool s_registered = false; - if (s_registered) - return; - - RegisterDefaultFactoryFor<SimpleKeyAgreementDomain, DH>(); - RegisterDefaultFactoryFor<HashTransformation, CRC32>(); - RegisterDefaultFactoryFor<HashTransformation, Adler32>(); - RegisterDefaultFactoryFor<HashTransformation, Weak::MD5>(); - RegisterDefaultFactoryFor<HashTransformation, SHA1>(); - RegisterDefaultFactoryFor<HashTransformation, SHA224>(); - RegisterDefaultFactoryFor<HashTransformation, SHA256>(); - RegisterDefaultFactoryFor<HashTransformation, SHA384>(); - RegisterDefaultFactoryFor<HashTransformation, SHA512>(); - RegisterDefaultFactoryFor<HashTransformation, Whirlpool>(); - RegisterDefaultFactoryFor<HashTransformation, Tiger>(); - RegisterDefaultFactoryFor<HashTransformation, RIPEMD160>(); - RegisterDefaultFactoryFor<HashTransformation, RIPEMD320>(); - RegisterDefaultFactoryFor<HashTransformation, RIPEMD128>(); - RegisterDefaultFactoryFor<HashTransformation, RIPEMD256>(); - RegisterDefaultFactoryFor<HashTransformation, Weak::PanamaHash<LittleEndian> >(); - RegisterDefaultFactoryFor<HashTransformation, Weak::PanamaHash<BigEndian> >(); - RegisterDefaultFactoryFor<HashTransformation, SHA3_224>(); - RegisterDefaultFactoryFor<HashTransformation, SHA3_256>(); - RegisterDefaultFactoryFor<HashTransformation, SHA3_384>(); - RegisterDefaultFactoryFor<HashTransformation, SHA3_512>(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<Weak::MD5> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA1> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<RIPEMD160> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA224> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA256> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA384> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA512> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, TTMAC>(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, VMAC<AES> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, VMAC<AES, 64> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, Weak::PanamaMAC<LittleEndian> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, Weak::PanamaMAC<BigEndian> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, CMAC<AES> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, DMAC<AES> >(); - RegisterDefaultFactoryFor<MessageAuthenticationCode, CMAC<DES_EDE3> >(); - RegisterAsymmetricCipherDefaultFactories<RSAES<OAEP<SHA1> > >("RSA/OAEP-MGF1(SHA-1)"); - RegisterAsymmetricCipherDefaultFactories<DLIES<> >("DLIES(NoCofactorMultiplication, KDF2(SHA-1), XOR, HMAC(SHA-1), DHAES)"); - RegisterSignatureSchemeDefaultFactories<DSA>(); - RegisterSignatureSchemeDefaultFactories<DSA2<SHA224> >(); - RegisterSignatureSchemeDefaultFactories<DSA2<SHA256> >(); - RegisterSignatureSchemeDefaultFactories<DSA2<SHA384> >(); - RegisterSignatureSchemeDefaultFactories<DSA2<SHA512> >(); - RegisterSignatureSchemeDefaultFactories<NR<SHA1> >("NR(1363)/EMSA1(SHA-1)"); - RegisterSignatureSchemeDefaultFactories<GDSA<SHA1> >("DSA-1363/EMSA1(SHA-1)"); - RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, Weak::MD2> >("RSA/PKCS1-1.5(MD2)"); - RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, SHA1> >("RSA/PKCS1-1.5(SHA-1)"); - RegisterSignatureSchemeDefaultFactories<ESIGN<SHA1> >("ESIGN/EMSA5-MGF1(SHA-1)"); - RegisterSignatureSchemeDefaultFactories<RWSS<P1363_EMSA2, SHA1> >("RW/EMSA2(SHA-1)"); - RegisterSignatureSchemeDefaultFactories<RSASS<PSS, SHA1> >("RSA/PSS-MGF1(SHA-1)"); - RegisterSymmetricCipherDefaultFactories<SEAL<> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<SHACAL2> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<Camellia> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<TEA> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<XTEA> >(); - RegisterSymmetricCipherDefaultFactories<PanamaCipher<LittleEndian> >(); - RegisterSymmetricCipherDefaultFactories<PanamaCipher<BigEndian> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<AES> >(); - RegisterSymmetricCipherDefaultFactories<CBC_Mode<AES> >(); - RegisterSymmetricCipherDefaultFactories<CFB_Mode<AES> >(); - RegisterSymmetricCipherDefaultFactories<OFB_Mode<AES> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<AES> >(); - RegisterSymmetricCipherDefaultFactories<Salsa20>(); - RegisterSymmetricCipherDefaultFactories<XSalsa20>(); - RegisterSymmetricCipherDefaultFactories<Sosemanuk>(); - RegisterSymmetricCipherDefaultFactories<Weak::MARC4>(); - RegisterSymmetricCipherDefaultFactories<WAKE_OFB<LittleEndian> >(); - RegisterSymmetricCipherDefaultFactories<WAKE_OFB<BigEndian> >(); - RegisterSymmetricCipherDefaultFactories<SEAL<LittleEndian> >(); - RegisterAuthenticatedSymmetricCipherDefaultFactories<CCM<AES> >(); - RegisterAuthenticatedSymmetricCipherDefaultFactories<GCM<AES> >(); - RegisterAuthenticatedSymmetricCipherDefaultFactories<EAX<AES> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<Camellia> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<Twofish> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<Serpent> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<CAST256> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<RC6> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<MARS> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<MARS> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<SHACAL2> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<DES> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<DES_XEX3> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<DES_EDE3> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<IDEA> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<RC5> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<TEA> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<XTEA> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<CAST128> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<SKIPJACK> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<Blowfish> >(); - RegisterSymmetricCipherDefaultFactories<ECB_Mode<SEED> >(); - RegisterSymmetricCipherDefaultFactories<CTR_Mode<SEED> >(); - - s_registered = true; -} diff --git a/cryptopp562/resource.h b/cryptopp562/resource.h deleted file mode 100644 index 861e22b..0000000 --- a/cryptopp562/resource.h +++ /dev/null @@ -1,15 +0,0 @@ -//{{NO_DEPENDENCIES}} -// Microsoft Developer Studio generated include file. -// Used by cryptopp.rc -// - -// Next default values for new objects -// -#ifdef APSTUDIO_INVOKED -#ifndef APSTUDIO_READONLY_SYMBOLS -#define _APS_NEXT_RESOURCE_VALUE 101 -#define _APS_NEXT_COMMAND_VALUE 40001 -#define _APS_NEXT_CONTROL_VALUE 1000 -#define _APS_NEXT_SYMED_VALUE 101 -#endif -#endif diff --git a/cryptopp562/rijndael.cpp b/cryptopp562/rijndael.cpp deleted file mode 100644 index c185032..0000000 --- a/cryptopp562/rijndael.cpp +++ /dev/null @@ -1,1261 +0,0 @@ -// rijndael.cpp - modified by Chris Morgan <cmorgan@wpi.edu> -// and Wei Dai from Paulo Baretto's Rijndael implementation -// The original code and all modifications are in the public domain. - -// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM rijndael.cpp" to generate MASM code - -/* -July 2010: Added support for AES-NI instructions via compiler intrinsics. -*/ - -/* -Feb 2009: The x86/x64 assembly code was rewritten in by Wei Dai to do counter mode -caching, which was invented by Hongjun Wu and popularized by Daniel J. Bernstein -and Peter Schwabe in their paper "New AES software speed records". The round -function was also modified to include a trick similar to one in Brian Gladman's -x86 assembly code, doing an 8-bit register move to minimize the number of -register spills. Also switched to compressed tables and copying round keys to -the stack. - -The C++ implementation now uses compressed tables if -CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined. -*/ - -/* -July 2006: Defense against timing attacks was added in by Wei Dai. - -The code now uses smaller tables in the first and last rounds, -and preloads them into L1 cache before usage (by loading at least -one element in each cache line). - -We try to delay subsequent accesses to each table (used in the first -and last rounds) until all of the table has been preloaded. Hopefully -the compiler isn't smart enough to optimize that code away. - -After preloading the table, we also try not to access any memory location -other than the table and the stack, in order to prevent table entries from -being unloaded from L1 cache, until that round is finished. -(Some popular CPUs have 2-way associative caches.) -*/ - -// This is the original introductory comment: - -/** - * version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> - * author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> - * author Paulo Barreto <paulo.barreto@terra.com.br> - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#include "rijndael.h" -#include "misc.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) -namespace rdtable {CRYPTOPP_ALIGN_DATA(16) word64 Te[256+2];} -using namespace rdtable; -#else -static word64 Te[256]; -#endif -static word64 Td[256]; -#else -static word32 Te[256*4], Td[256*4]; -#endif -static volatile bool s_TeFilled = false, s_TdFilled = false; - -// ************************* Portable Code ************************************ - -#define QUARTER_ROUND(L, T, t, a, b, c, d) \ - a ^= L(T, 3, byte(t)); t >>= 8;\ - b ^= L(T, 2, byte(t)); t >>= 8;\ - c ^= L(T, 1, byte(t)); t >>= 8;\ - d ^= L(T, 0, t); - -#define QUARTER_ROUND_LE(t, a, b, c, d) \ - tempBlock[a] = ((byte *)(Te+byte(t)))[1]; t >>= 8;\ - tempBlock[b] = ((byte *)(Te+byte(t)))[1]; t >>= 8;\ - tempBlock[c] = ((byte *)(Te+byte(t)))[1]; t >>= 8;\ - tempBlock[d] = ((byte *)(Te+t))[1]; - -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - #define QUARTER_ROUND_LD(t, a, b, c, d) \ - tempBlock[a] = ((byte *)(Td+byte(t)))[GetNativeByteOrder()*7]; t >>= 8;\ - tempBlock[b] = ((byte *)(Td+byte(t)))[GetNativeByteOrder()*7]; t >>= 8;\ - tempBlock[c] = ((byte *)(Td+byte(t)))[GetNativeByteOrder()*7]; t >>= 8;\ - tempBlock[d] = ((byte *)(Td+t))[GetNativeByteOrder()*7]; -#else - #define QUARTER_ROUND_LD(t, a, b, c, d) \ - tempBlock[a] = Sd[byte(t)]; t >>= 8;\ - tempBlock[b] = Sd[byte(t)]; t >>= 8;\ - tempBlock[c] = Sd[byte(t)]; t >>= 8;\ - tempBlock[d] = Sd[t]; -#endif - -#define QUARTER_ROUND_E(t, a, b, c, d) QUARTER_ROUND(TL_M, Te, t, a, b, c, d) -#define QUARTER_ROUND_D(t, a, b, c, d) QUARTER_ROUND(TL_M, Td, t, a, b, c, d) - -#ifdef IS_LITTLE_ENDIAN - #define QUARTER_ROUND_FE(t, a, b, c, d) QUARTER_ROUND(TL_F, Te, t, d, c, b, a) - #define QUARTER_ROUND_FD(t, a, b, c, d) QUARTER_ROUND(TL_F, Td, t, d, c, b, a) - #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - #define TL_F(T, i, x) (*(word32 *)((byte *)T + x*8 + (6-i)%4+1)) - #define TL_M(T, i, x) (*(word32 *)((byte *)T + x*8 + (i+3)%4+1)) - #else - #define TL_F(T, i, x) rotrFixed(T[x], (3-i)*8) - #define TL_M(T, i, x) T[i*256 + x] - #endif -#else - #define QUARTER_ROUND_FE(t, a, b, c, d) QUARTER_ROUND(TL_F, Te, t, a, b, c, d) - #define QUARTER_ROUND_FD(t, a, b, c, d) QUARTER_ROUND(TL_F, Td, t, a, b, c, d) - #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - #define TL_F(T, i, x) (*(word32 *)((byte *)T + x*8 + (4-i)%4)) - #define TL_M TL_F - #else - #define TL_F(T, i, x) rotrFixed(T[x], i*8) - #define TL_M(T, i, x) T[i*256 + x] - #endif -#endif - - -#define f2(x) ((x<<1)^(((x>>7)&1)*0x11b)) -#define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b)) -#define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b)) - -#define f3(x) (f2(x) ^ x) -#define f9(x) (f8(x) ^ x) -#define fb(x) (f8(x) ^ f2(x) ^ x) -#define fd(x) (f8(x) ^ f4(x) ^ x) -#define fe(x) (f8(x) ^ f4(x) ^ f2(x)) - -void Rijndael::Base::FillEncTable() -{ - for (int i=0; i<256; i++) - { - byte x = Se[i]; -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - word32 y = word32(x)<<8 | word32(x)<<16 | word32(f2(x))<<24; - Te[i] = word64(y | f3(x))<<32 | y; -#else - word32 y = f3(x) | word32(x)<<8 | word32(x)<<16 | word32(f2(x))<<24; - for (int j=0; j<4; j++) - { - Te[i+j*256] = y; - y = rotrFixed(y, 8); - } -#endif - } -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - Te[256] = Te[257] = 0; -#endif - s_TeFilled = true; -} - -void Rijndael::Base::FillDecTable() -{ - for (int i=0; i<256; i++) - { - byte x = Sd[i]; -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - word32 y = word32(fd(x))<<8 | word32(f9(x))<<16 | word32(fe(x))<<24; - Td[i] = word64(y | fb(x))<<32 | y | x; -#else - word32 y = fb(x) | word32(fd(x))<<8 | word32(f9(x))<<16 | word32(fe(x))<<24;; - for (int j=0; j<4; j++) - { - Td[i+j*256] = y; - y = rotrFixed(y, 8); - } -#endif - } - s_TdFilled = true; -} - -void Rijndael::Base::UncheckedSetKey(const byte *userKey, unsigned int keylen, const NameValuePairs &) -{ - AssertValidKeyLength(keylen); - - m_rounds = keylen/4 + 6; - m_key.New(4*(m_rounds+1)); - - word32 *rk = m_key; - -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE && (!defined(_MSC_VER) || _MSC_VER >= 1600 || CRYPTOPP_BOOL_X86) - // MSVC 2008 SP1 generates bad code for _mm_extract_epi32() when compiling for X64 - if (HasAESNI()) - { - static const word32 rcLE[] = { - 0x01, 0x02, 0x04, 0x08, - 0x10, 0x20, 0x40, 0x80, - 0x1B, 0x36, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ - }; - const word32 *rc = rcLE; - - __m128i temp = _mm_loadu_si128((__m128i *)(userKey+keylen-16)); - memcpy(rk, userKey, keylen); - - while (true) - { - rk[keylen/4] = rk[0] ^ _mm_extract_epi32(_mm_aeskeygenassist_si128(temp, 0), 3) ^ *(rc++); - rk[keylen/4+1] = rk[1] ^ rk[keylen/4]; - rk[keylen/4+2] = rk[2] ^ rk[keylen/4+1]; - rk[keylen/4+3] = rk[3] ^ rk[keylen/4+2]; - - if (rk + keylen/4 + 4 == m_key.end()) - break; - - if (keylen == 24) - { - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - temp = _mm_insert_epi32(temp, rk[11], 3); - } - else if (keylen == 32) - { - temp = _mm_insert_epi32(temp, rk[11], 3); - rk[12] = rk[ 4] ^ _mm_extract_epi32(_mm_aeskeygenassist_si128(temp, 0), 2); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - temp = _mm_insert_epi32(temp, rk[15], 3); - } - else - temp = _mm_insert_epi32(temp, rk[7], 3); - - rk += keylen/4; - } - - if (!IsForwardTransformation()) - { - rk = m_key; - unsigned int i, j; - - std::swap(*(__m128i *)(rk), *(__m128i *)(rk+4*m_rounds)); - - for (i = 4, j = 4*m_rounds-4; i < j; i += 4, j -= 4) - { - temp = _mm_aesimc_si128(*(__m128i *)(rk+i)); - *(__m128i *)(rk+i) = _mm_aesimc_si128(*(__m128i *)(rk+j)); - *(__m128i *)(rk+j) = temp; - } - - *(__m128i *)(rk+i) = _mm_aesimc_si128(*(__m128i *)(rk+i)); - } - - return; - } -#endif - - GetUserKey(BIG_ENDIAN_ORDER, rk, keylen/4, userKey, keylen); - const word32 *rc = rcon; - word32 temp; - - while (true) - { - temp = rk[keylen/4-1]; - word32 x = (word32(Se[GETBYTE(temp, 2)]) << 24) ^ (word32(Se[GETBYTE(temp, 1)]) << 16) ^ (word32(Se[GETBYTE(temp, 0)]) << 8) ^ Se[GETBYTE(temp, 3)]; - rk[keylen/4] = rk[0] ^ x ^ *(rc++); - rk[keylen/4+1] = rk[1] ^ rk[keylen/4]; - rk[keylen/4+2] = rk[2] ^ rk[keylen/4+1]; - rk[keylen/4+3] = rk[3] ^ rk[keylen/4+2]; - - if (rk + keylen/4 + 4 == m_key.end()) - break; - - if (keylen == 24) - { - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - } - else if (keylen == 32) - { - temp = rk[11]; - rk[12] = rk[ 4] ^ (word32(Se[GETBYTE(temp, 3)]) << 24) ^ (word32(Se[GETBYTE(temp, 2)]) << 16) ^ (word32(Se[GETBYTE(temp, 1)]) << 8) ^ Se[GETBYTE(temp, 0)]; - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - } - rk += keylen/4; - } - - rk = m_key; - - if (IsForwardTransformation()) - { - if (!s_TeFilled) - FillEncTable(); - - ConditionalByteReverse(BIG_ENDIAN_ORDER, rk, rk, 16); - ConditionalByteReverse(BIG_ENDIAN_ORDER, rk + m_rounds*4, rk + m_rounds*4, 16); - } - else - { - if (!s_TdFilled) - FillDecTable(); - - unsigned int i, j; - -#define InverseMixColumn(x) TL_M(Td, 0, Se[GETBYTE(x, 3)]) ^ TL_M(Td, 1, Se[GETBYTE(x, 2)]) ^ TL_M(Td, 2, Se[GETBYTE(x, 1)]) ^ TL_M(Td, 3, Se[GETBYTE(x, 0)]) - - for (i = 4, j = 4*m_rounds-4; i < j; i += 4, j -= 4) - { - temp = InverseMixColumn(rk[i ]); rk[i ] = InverseMixColumn(rk[j ]); rk[j ] = temp; - temp = InverseMixColumn(rk[i + 1]); rk[i + 1] = InverseMixColumn(rk[j + 1]); rk[j + 1] = temp; - temp = InverseMixColumn(rk[i + 2]); rk[i + 2] = InverseMixColumn(rk[j + 2]); rk[j + 2] = temp; - temp = InverseMixColumn(rk[i + 3]); rk[i + 3] = InverseMixColumn(rk[j + 3]); rk[j + 3] = temp; - } - - rk[i+0] = InverseMixColumn(rk[i+0]); - rk[i+1] = InverseMixColumn(rk[i+1]); - rk[i+2] = InverseMixColumn(rk[i+2]); - rk[i+3] = InverseMixColumn(rk[i+3]); - - temp = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[0]); rk[0] = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[4*m_rounds+0]); rk[4*m_rounds+0] = temp; - temp = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[1]); rk[1] = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[4*m_rounds+1]); rk[4*m_rounds+1] = temp; - temp = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[2]); rk[2] = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[4*m_rounds+2]); rk[4*m_rounds+2] = temp; - temp = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[3]); rk[3] = ConditionalByteReverse(BIG_ENDIAN_ORDER, rk[4*m_rounds+3]); rk[4*m_rounds+3] = temp; - } - -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - if (HasAESNI()) - ConditionalByteReverse(BIG_ENDIAN_ORDER, rk+4, rk+4, (m_rounds-1)*16); -#endif -} - -void Rijndael::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) || CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - if (HasSSE2()) -#else - if (HasAESNI()) -#endif - { - Rijndael::Enc::AdvancedProcessBlocks(inBlock, xorBlock, outBlock, 16, 0); - return; - } -#endif - - typedef BlockGetAndPut<word32, NativeByteOrder> Block; - - word32 s0, s1, s2, s3, t0, t1, t2, t3; - Block::Get(inBlock)(s0)(s1)(s2)(s3); - - const word32 *rk = m_key; - s0 ^= rk[0]; - s1 ^= rk[1]; - s2 ^= rk[2]; - s3 ^= rk[3]; - t0 = rk[4]; - t1 = rk[5]; - t2 = rk[6]; - t3 = rk[7]; - rk += 8; - - // timing attack countermeasure. see comments at top for more details - const int cacheLineSize = GetCacheLineSize(); - unsigned int i; - word32 u = 0; -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - for (i=0; i<2048; i+=cacheLineSize) -#else - for (i=0; i<1024; i+=cacheLineSize) -#endif - u &= *(const word32 *)(((const byte *)Te)+i); - u &= Te[255]; - s0 |= u; s1 |= u; s2 |= u; s3 |= u; - - QUARTER_ROUND_FE(s3, t0, t1, t2, t3) - QUARTER_ROUND_FE(s2, t3, t0, t1, t2) - QUARTER_ROUND_FE(s1, t2, t3, t0, t1) - QUARTER_ROUND_FE(s0, t1, t2, t3, t0) - - // Nr - 2 full rounds: - unsigned int r = m_rounds/2 - 1; - do - { - s0 = rk[0]; s1 = rk[1]; s2 = rk[2]; s3 = rk[3]; - - QUARTER_ROUND_E(t3, s0, s1, s2, s3) - QUARTER_ROUND_E(t2, s3, s0, s1, s2) - QUARTER_ROUND_E(t1, s2, s3, s0, s1) - QUARTER_ROUND_E(t0, s1, s2, s3, s0) - - t0 = rk[4]; t1 = rk[5]; t2 = rk[6]; t3 = rk[7]; - - QUARTER_ROUND_E(s3, t0, t1, t2, t3) - QUARTER_ROUND_E(s2, t3, t0, t1, t2) - QUARTER_ROUND_E(s1, t2, t3, t0, t1) - QUARTER_ROUND_E(s0, t1, t2, t3, t0) - - rk += 8; - } while (--r); - - word32 tbw[4]; - byte *const tempBlock = (byte *)tbw; - - QUARTER_ROUND_LE(t2, 15, 2, 5, 8) - QUARTER_ROUND_LE(t1, 11, 14, 1, 4) - QUARTER_ROUND_LE(t0, 7, 10, 13, 0) - QUARTER_ROUND_LE(t3, 3, 6, 9, 12) - - Block::Put(xorBlock, outBlock)(tbw[0]^rk[0])(tbw[1]^rk[1])(tbw[2]^rk[2])(tbw[3]^rk[3]); -} - -void Rijndael::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - if (HasAESNI()) - { - Rijndael::Dec::AdvancedProcessBlocks(inBlock, xorBlock, outBlock, 16, 0); - return; - } -#endif - - typedef BlockGetAndPut<word32, NativeByteOrder> Block; - - word32 s0, s1, s2, s3, t0, t1, t2, t3; - Block::Get(inBlock)(s0)(s1)(s2)(s3); - - const word32 *rk = m_key; - s0 ^= rk[0]; - s1 ^= rk[1]; - s2 ^= rk[2]; - s3 ^= rk[3]; - t0 = rk[4]; - t1 = rk[5]; - t2 = rk[6]; - t3 = rk[7]; - rk += 8; - - // timing attack countermeasure. see comments at top for more details - const int cacheLineSize = GetCacheLineSize(); - unsigned int i; - word32 u = 0; -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - for (i=0; i<2048; i+=cacheLineSize) -#else - for (i=0; i<1024; i+=cacheLineSize) -#endif - u &= *(const word32 *)(((const byte *)Td)+i); - u &= Td[255]; - s0 |= u; s1 |= u; s2 |= u; s3 |= u; - - QUARTER_ROUND_FD(s3, t2, t1, t0, t3) - QUARTER_ROUND_FD(s2, t1, t0, t3, t2) - QUARTER_ROUND_FD(s1, t0, t3, t2, t1) - QUARTER_ROUND_FD(s0, t3, t2, t1, t0) - - // Nr - 2 full rounds: - unsigned int r = m_rounds/2 - 1; - do - { - s0 = rk[0]; s1 = rk[1]; s2 = rk[2]; s3 = rk[3]; - - QUARTER_ROUND_D(t3, s2, s1, s0, s3) - QUARTER_ROUND_D(t2, s1, s0, s3, s2) - QUARTER_ROUND_D(t1, s0, s3, s2, s1) - QUARTER_ROUND_D(t0, s3, s2, s1, s0) - - t0 = rk[4]; t1 = rk[5]; t2 = rk[6]; t3 = rk[7]; - - QUARTER_ROUND_D(s3, t2, t1, t0, t3) - QUARTER_ROUND_D(s2, t1, t0, t3, t2) - QUARTER_ROUND_D(s1, t0, t3, t2, t1) - QUARTER_ROUND_D(s0, t3, t2, t1, t0) - - rk += 8; - } while (--r); - -#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - // timing attack countermeasure. see comments at top for more details - // If CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined, - // QUARTER_ROUND_LD will use Td, which is already preloaded. - u = 0; - for (i=0; i<256; i+=cacheLineSize) - u &= *(const word32 *)(Sd+i); - u &= *(const word32 *)(Sd+252); - t0 |= u; t1 |= u; t2 |= u; t3 |= u; -#endif - - word32 tbw[4]; - byte *const tempBlock = (byte *)tbw; - - QUARTER_ROUND_LD(t2, 7, 2, 13, 8) - QUARTER_ROUND_LD(t1, 3, 14, 9, 4) - QUARTER_ROUND_LD(t0, 15, 10, 5, 0) - QUARTER_ROUND_LD(t3, 11, 6, 1, 12) - - Block::Put(xorBlock, outBlock)(tbw[0]^rk[0])(tbw[1]^rk[1])(tbw[2]^rk[2])(tbw[3]^rk[3]); -} - -// ************************* Assembly Code ************************************ - -#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - -CRYPTOPP_NAKED void CRYPTOPP_FASTCALL Rijndael_Enc_AdvancedProcessBlocks(void *locals, const word32 *k) -{ -#if CRYPTOPP_BOOL_X86 - -#define L_REG esp -#define L_INDEX(i) (L_REG+768+i) -#define L_INXORBLOCKS L_INBLOCKS+4 -#define L_OUTXORBLOCKS L_INBLOCKS+8 -#define L_OUTBLOCKS L_INBLOCKS+12 -#define L_INCREMENTS L_INDEX(16*15) -#define L_SP L_INDEX(16*16) -#define L_LENGTH L_INDEX(16*16+4) -#define L_KEYS_BEGIN L_INDEX(16*16+8) - -#define MOVD movd -#define MM(i) mm##i - -#define MXOR(a,b,c) \ - AS2( movzx esi, b)\ - AS2( movd mm7, DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ - AS2( pxor MM(a), mm7)\ - -#define MMOV(a,b,c) \ - AS2( movzx esi, b)\ - AS2( movd MM(a), DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ - -#else - -#define L_REG r8 -#define L_INDEX(i) (L_REG+i) -#define L_INXORBLOCKS L_INBLOCKS+8 -#define L_OUTXORBLOCKS L_INBLOCKS+16 -#define L_OUTBLOCKS L_INBLOCKS+24 -#define L_INCREMENTS L_INDEX(16*16) -#define L_LENGTH L_INDEX(16*18+8) -#define L_KEYS_BEGIN L_INDEX(16*19) - -#define MOVD mov -#define MM_0 r9d -#define MM_1 r12d -#ifdef __GNUC__ -#define MM_2 r11d -#else -#define MM_2 r10d -#endif -#define MM(i) MM_##i - -#define MXOR(a,b,c) \ - AS2( movzx esi, b)\ - AS2( xor MM(a), DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ - -#define MMOV(a,b,c) \ - AS2( movzx esi, b)\ - AS2( mov MM(a), DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ - -#endif - -#define L_SUBKEYS L_INDEX(0) -#define L_SAVED_X L_SUBKEYS -#define L_KEY12 L_INDEX(16*12) -#define L_LASTROUND L_INDEX(16*13) -#define L_INBLOCKS L_INDEX(16*14) -#define MAP0TO4(i) (ASM_MOD(i+3,4)+1) - -#define XOR(a,b,c) \ - AS2( movzx esi, b)\ - AS2( xor a, DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ - -#define MOV(a,b,c) \ - AS2( movzx esi, b)\ - AS2( mov a, DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ - -#ifdef CRYPTOPP_GENERATE_X64_MASM - ALIGN 8 - Rijndael_Enc_AdvancedProcessBlocks PROC FRAME - rex_push_reg rsi - push_reg rdi - push_reg rbx - push_reg r12 - .endprolog - mov L_REG, rcx - mov AS_REG_7, ?Te@rdtable@CryptoPP@@3PA_KA - mov edi, DWORD PTR [?g_cacheLineSize@CryptoPP@@3IA] -#elif defined(__GNUC__) - __asm__ __volatile__ - ( - ".intel_syntax noprefix;" - #if CRYPTOPP_BOOL_X64 - AS2( mov L_REG, rcx) - #endif - AS_PUSH_IF86(bx) - AS_PUSH_IF86(bp) - AS2( mov AS_REG_7, WORD_REG(si)) -#else - AS_PUSH_IF86(si) - AS_PUSH_IF86(di) - AS_PUSH_IF86(bx) - AS_PUSH_IF86(bp) - AS2( lea AS_REG_7, [Te]) - AS2( mov edi, [g_cacheLineSize]) -#endif - -#if CRYPTOPP_BOOL_X86 - AS2( mov [ecx+16*12+16*4], esp) // save esp to L_SP - AS2( lea esp, [ecx-768]) -#endif - - // copy subkeys to stack - AS2( mov WORD_REG(si), [L_KEYS_BEGIN]) - AS2( mov WORD_REG(ax), 16) - AS2( and WORD_REG(ax), WORD_REG(si)) - AS2( movdqa xmm3, XMMWORD_PTR [WORD_REG(dx)+16+WORD_REG(ax)]) // subkey 1 (non-counter) or 2 (counter) - AS2( movdqa [L_KEY12], xmm3) - AS2( lea WORD_REG(ax), [WORD_REG(dx)+WORD_REG(ax)+2*16]) - AS2( sub WORD_REG(ax), WORD_REG(si)) - ASL(0) - AS2( movdqa xmm0, [WORD_REG(ax)+WORD_REG(si)]) - AS2( movdqa XMMWORD_PTR [L_SUBKEYS+WORD_REG(si)], xmm0) - AS2( add WORD_REG(si), 16) - AS2( cmp WORD_REG(si), 16*12) - ASJ( jl, 0, b) - - // read subkeys 0, 1 and last - AS2( movdqa xmm4, [WORD_REG(ax)+WORD_REG(si)]) // last subkey - AS2( movdqa xmm1, [WORD_REG(dx)]) // subkey 0 - AS2( MOVD MM(1), [WORD_REG(dx)+4*4]) // 0,1,2,3 - AS2( mov ebx, [WORD_REG(dx)+5*4]) // 4,5,6,7 - AS2( mov ecx, [WORD_REG(dx)+6*4]) // 8,9,10,11 - AS2( mov edx, [WORD_REG(dx)+7*4]) // 12,13,14,15 - - // load table into cache - AS2( xor WORD_REG(ax), WORD_REG(ax)) - ASL(9) - AS2( mov esi, [AS_REG_7+WORD_REG(ax)]) - AS2( add WORD_REG(ax), WORD_REG(di)) - AS2( mov esi, [AS_REG_7+WORD_REG(ax)]) - AS2( add WORD_REG(ax), WORD_REG(di)) - AS2( mov esi, [AS_REG_7+WORD_REG(ax)]) - AS2( add WORD_REG(ax), WORD_REG(di)) - AS2( mov esi, [AS_REG_7+WORD_REG(ax)]) - AS2( add WORD_REG(ax), WORD_REG(di)) - AS2( cmp WORD_REG(ax), 2048) - ASJ( jl, 9, b) - AS1( lfence) - - AS2( test DWORD PTR [L_LENGTH], 1) - ASJ( jz, 8, f) - - // counter mode one-time setup - AS2( mov WORD_REG(si), [L_INBLOCKS]) - AS2( movdqu xmm2, [WORD_REG(si)]) // counter - AS2( pxor xmm2, xmm1) - AS2( psrldq xmm1, 14) - AS2( movd eax, xmm1) - AS2( mov al, BYTE PTR [WORD_REG(si)+15]) - AS2( MOVD MM(2), eax) -#if CRYPTOPP_BOOL_X86 - AS2( mov eax, 1) - AS2( movd mm3, eax) -#endif - - // partial first round, in: xmm2(15,14,13,12;11,10,9,8;7,6,5,4;3,2,1,0), out: mm1, ebx, ecx, edx - AS2( movd eax, xmm2) - AS2( psrldq xmm2, 4) - AS2( movd edi, xmm2) - AS2( psrldq xmm2, 4) - MXOR( 1, al, 0) // 0 - XOR( edx, ah, 1) // 1 - AS2( shr eax, 16) - XOR( ecx, al, 2) // 2 - XOR( ebx, ah, 3) // 3 - AS2( mov eax, edi) - AS2( movd edi, xmm2) - AS2( psrldq xmm2, 4) - XOR( ebx, al, 0) // 4 - MXOR( 1, ah, 1) // 5 - AS2( shr eax, 16) - XOR( edx, al, 2) // 6 - XOR( ecx, ah, 3) // 7 - AS2( mov eax, edi) - AS2( movd edi, xmm2) - XOR( ecx, al, 0) // 8 - XOR( ebx, ah, 1) // 9 - AS2( shr eax, 16) - MXOR( 1, al, 2) // 10 - XOR( edx, ah, 3) // 11 - AS2( mov eax, edi) - XOR( edx, al, 0) // 12 - XOR( ecx, ah, 1) // 13 - AS2( shr eax, 16) - XOR( ebx, al, 2) // 14 - AS2( psrldq xmm2, 3) - - // partial second round, in: ebx(4,5,6,7), ecx(8,9,10,11), edx(12,13,14,15), out: eax, ebx, edi, mm0 - AS2( mov eax, [L_KEY12+0*4]) - AS2( mov edi, [L_KEY12+2*4]) - AS2( MOVD MM(0), [L_KEY12+3*4]) - MXOR( 0, cl, 3) /* 11 */ - XOR( edi, bl, 3) /* 7 */ - MXOR( 0, bh, 2) /* 6 */ - AS2( shr ebx, 16) /* 4,5 */ - XOR( eax, bl, 1) /* 5 */ - MOV( ebx, bh, 0) /* 4 */ - AS2( xor ebx, [L_KEY12+1*4]) - XOR( eax, ch, 2) /* 10 */ - AS2( shr ecx, 16) /* 8,9 */ - XOR( eax, dl, 3) /* 15 */ - XOR( ebx, dh, 2) /* 14 */ - AS2( shr edx, 16) /* 12,13 */ - XOR( edi, ch, 0) /* 8 */ - XOR( ebx, cl, 1) /* 9 */ - XOR( edi, dl, 1) /* 13 */ - MXOR( 0, dh, 0) /* 12 */ - - AS2( movd ecx, xmm2) - AS2( MOVD edx, MM(1)) - AS2( MOVD [L_SAVED_X+3*4], MM(0)) - AS2( mov [L_SAVED_X+0*4], eax) - AS2( mov [L_SAVED_X+1*4], ebx) - AS2( mov [L_SAVED_X+2*4], edi) - ASJ( jmp, 5, f) - - ASL(3) - // non-counter mode per-block setup - AS2( MOVD MM(1), [L_KEY12+0*4]) // 0,1,2,3 - AS2( mov ebx, [L_KEY12+1*4]) // 4,5,6,7 - AS2( mov ecx, [L_KEY12+2*4]) // 8,9,10,11 - AS2( mov edx, [L_KEY12+3*4]) // 12,13,14,15 - ASL(8) - AS2( mov WORD_REG(ax), [L_INBLOCKS]) - AS2( movdqu xmm2, [WORD_REG(ax)]) - AS2( mov WORD_REG(si), [L_INXORBLOCKS]) - AS2( movdqu xmm5, [WORD_REG(si)]) - AS2( pxor xmm2, xmm1) - AS2( pxor xmm2, xmm5) - - // first round, in: xmm2(15,14,13,12;11,10,9,8;7,6,5,4;3,2,1,0), out: eax, ebx, ecx, edx - AS2( movd eax, xmm2) - AS2( psrldq xmm2, 4) - AS2( movd edi, xmm2) - AS2( psrldq xmm2, 4) - MXOR( 1, al, 0) // 0 - XOR( edx, ah, 1) // 1 - AS2( shr eax, 16) - XOR( ecx, al, 2) // 2 - XOR( ebx, ah, 3) // 3 - AS2( mov eax, edi) - AS2( movd edi, xmm2) - AS2( psrldq xmm2, 4) - XOR( ebx, al, 0) // 4 - MXOR( 1, ah, 1) // 5 - AS2( shr eax, 16) - XOR( edx, al, 2) // 6 - XOR( ecx, ah, 3) // 7 - AS2( mov eax, edi) - AS2( movd edi, xmm2) - XOR( ecx, al, 0) // 8 - XOR( ebx, ah, 1) // 9 - AS2( shr eax, 16) - MXOR( 1, al, 2) // 10 - XOR( edx, ah, 3) // 11 - AS2( mov eax, edi) - XOR( edx, al, 0) // 12 - XOR( ecx, ah, 1) // 13 - AS2( shr eax, 16) - XOR( ebx, al, 2) // 14 - MXOR( 1, ah, 3) // 15 - AS2( MOVD eax, MM(1)) - - AS2( add L_REG, [L_KEYS_BEGIN]) - AS2( add L_REG, 4*16) - ASJ( jmp, 2, f) - - ASL(1) - // counter-mode per-block setup - AS2( MOVD ecx, MM(2)) - AS2( MOVD edx, MM(1)) - AS2( mov eax, [L_SAVED_X+0*4]) - AS2( mov ebx, [L_SAVED_X+1*4]) - AS2( xor cl, ch) - AS2( and WORD_REG(cx), 255) - ASL(5) -#if CRYPTOPP_BOOL_X86 - AS2( paddb MM(2), mm3) -#else - AS2( add MM(2), 1) -#endif - // remaining part of second round, in: edx(previous round),esi(keyed counter byte) eax,ebx,[L_SAVED_X+2*4],[L_SAVED_X+3*4], out: eax,ebx,ecx,edx - AS2( xor edx, DWORD PTR [AS_REG_7+WORD_REG(cx)*8+3]) - XOR( ebx, dl, 3) - MOV( ecx, dh, 2) - AS2( shr edx, 16) - AS2( xor ecx, [L_SAVED_X+2*4]) - XOR( eax, dh, 0) - MOV( edx, dl, 1) - AS2( xor edx, [L_SAVED_X+3*4]) - - AS2( add L_REG, [L_KEYS_BEGIN]) - AS2( add L_REG, 3*16) - ASJ( jmp, 4, f) - -// in: eax(0,1,2,3), ebx(4,5,6,7), ecx(8,9,10,11), edx(12,13,14,15) -// out: eax, ebx, edi, mm0 -#define ROUND() \ - MXOR( 0, cl, 3) /* 11 */\ - AS2( mov cl, al) /* 8,9,10,3 */\ - XOR( edi, ah, 2) /* 2 */\ - AS2( shr eax, 16) /* 0,1 */\ - XOR( edi, bl, 3) /* 7 */\ - MXOR( 0, bh, 2) /* 6 */\ - AS2( shr ebx, 16) /* 4,5 */\ - MXOR( 0, al, 1) /* 1 */\ - MOV( eax, ah, 0) /* 0 */\ - XOR( eax, bl, 1) /* 5 */\ - MOV( ebx, bh, 0) /* 4 */\ - XOR( eax, ch, 2) /* 10 */\ - XOR( ebx, cl, 3) /* 3 */\ - AS2( shr ecx, 16) /* 8,9 */\ - XOR( eax, dl, 3) /* 15 */\ - XOR( ebx, dh, 2) /* 14 */\ - AS2( shr edx, 16) /* 12,13 */\ - XOR( edi, ch, 0) /* 8 */\ - XOR( ebx, cl, 1) /* 9 */\ - XOR( edi, dl, 1) /* 13 */\ - MXOR( 0, dh, 0) /* 12 */\ - - ASL(2) // 2-round loop - AS2( MOVD MM(0), [L_SUBKEYS-4*16+3*4]) - AS2( mov edi, [L_SUBKEYS-4*16+2*4]) - ROUND() - AS2( mov ecx, edi) - AS2( xor eax, [L_SUBKEYS-4*16+0*4]) - AS2( xor ebx, [L_SUBKEYS-4*16+1*4]) - AS2( MOVD edx, MM(0)) - - ASL(4) - AS2( MOVD MM(0), [L_SUBKEYS-4*16+7*4]) - AS2( mov edi, [L_SUBKEYS-4*16+6*4]) - ROUND() - AS2( mov ecx, edi) - AS2( xor eax, [L_SUBKEYS-4*16+4*4]) - AS2( xor ebx, [L_SUBKEYS-4*16+5*4]) - AS2( MOVD edx, MM(0)) - - AS2( add L_REG, 32) - AS2( test L_REG, 255) - ASJ( jnz, 2, b) - AS2( sub L_REG, 16*16) - -#define LAST(a, b, c) \ - AS2( movzx esi, a )\ - AS2( movzx edi, BYTE PTR [AS_REG_7+WORD_REG(si)*8+1] )\ - AS2( movzx esi, b )\ - AS2( xor edi, DWORD PTR [AS_REG_7+WORD_REG(si)*8+0] )\ - AS2( mov WORD PTR [L_LASTROUND+c], di )\ - - // last round - LAST(ch, dl, 2) - LAST(dh, al, 6) - AS2( shr edx, 16) - LAST(ah, bl, 10) - AS2( shr eax, 16) - LAST(bh, cl, 14) - AS2( shr ebx, 16) - LAST(dh, al, 12) - AS2( shr ecx, 16) - LAST(ah, bl, 0) - LAST(bh, cl, 4) - LAST(ch, dl, 8) - - AS2( mov WORD_REG(ax), [L_OUTXORBLOCKS]) - AS2( mov WORD_REG(bx), [L_OUTBLOCKS]) - - AS2( mov WORD_REG(cx), [L_LENGTH]) - AS2( sub WORD_REG(cx), 16) - - AS2( movdqu xmm2, [WORD_REG(ax)]) - AS2( pxor xmm2, xmm4) - -#if CRYPTOPP_BOOL_X86 - AS2( movdqa xmm0, [L_INCREMENTS]) - AS2( paddd xmm0, [L_INBLOCKS]) - AS2( movdqa [L_INBLOCKS], xmm0) -#else - AS2( movdqa xmm0, [L_INCREMENTS+16]) - AS2( paddq xmm0, [L_INBLOCKS+16]) - AS2( movdqa [L_INBLOCKS+16], xmm0) -#endif - - AS2( pxor xmm2, [L_LASTROUND]) - AS2( movdqu [WORD_REG(bx)], xmm2) - - ASJ( jle, 7, f) - AS2( mov [L_LENGTH], WORD_REG(cx)) - AS2( test WORD_REG(cx), 1) - ASJ( jnz, 1, b) -#if CRYPTOPP_BOOL_X64 - AS2( movdqa xmm0, [L_INCREMENTS]) - AS2( paddq xmm0, [L_INBLOCKS]) - AS2( movdqa [L_INBLOCKS], xmm0) -#endif - ASJ( jmp, 3, b) - - ASL(7) - // erase keys on stack - AS2( xorps xmm0, xmm0) - AS2( lea WORD_REG(ax), [L_SUBKEYS+7*16]) - AS2( movaps [WORD_REG(ax)-7*16], xmm0) - AS2( movaps [WORD_REG(ax)-6*16], xmm0) - AS2( movaps [WORD_REG(ax)-5*16], xmm0) - AS2( movaps [WORD_REG(ax)-4*16], xmm0) - AS2( movaps [WORD_REG(ax)-3*16], xmm0) - AS2( movaps [WORD_REG(ax)-2*16], xmm0) - AS2( movaps [WORD_REG(ax)-1*16], xmm0) - AS2( movaps [WORD_REG(ax)+0*16], xmm0) - AS2( movaps [WORD_REG(ax)+1*16], xmm0) - AS2( movaps [WORD_REG(ax)+2*16], xmm0) - AS2( movaps [WORD_REG(ax)+3*16], xmm0) - AS2( movaps [WORD_REG(ax)+4*16], xmm0) - AS2( movaps [WORD_REG(ax)+5*16], xmm0) - AS2( movaps [WORD_REG(ax)+6*16], xmm0) -#if CRYPTOPP_BOOL_X86 - AS2( mov esp, [L_SP]) - AS1( emms) -#endif - AS_POP_IF86(bp) - AS_POP_IF86(bx) -#if defined(_MSC_VER) && CRYPTOPP_BOOL_X86 - AS_POP_IF86(di) - AS_POP_IF86(si) - AS1(ret) -#endif -#ifdef CRYPTOPP_GENERATE_X64_MASM - pop r12 - pop rbx - pop rdi - pop rsi - ret - Rijndael_Enc_AdvancedProcessBlocks ENDP -#endif -#ifdef __GNUC__ - ".att_syntax prefix;" - : - : "c" (locals), "d" (k), "S" (Te), "D" (g_cacheLineSize) - : "memory", "cc", "%eax" - #if CRYPTOPP_BOOL_X64 - , "%rbx", "%r8", "%r9", "%r10", "%r11", "%r12" - #endif - ); -#endif -} - -#endif - -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE -extern "C" { -void Rijndael_Enc_AdvancedProcessBlocks(void *locals, const word32 *k); -} -#endif - -#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 - -static inline bool AliasedWithTable(const byte *begin, const byte *end) -{ - size_t s0 = size_t(begin)%4096, s1 = size_t(end)%4096; - size_t t0 = size_t(Te)%4096, t1 = (size_t(Te)+sizeof(Te))%4096; - if (t1 > t0) - return (s0 >= t0 && s0 < t1) || (s1 > t0 && s1 <= t1); - else - return (s0 < t1 || s1 <= t1) || (s0 >= t0 || s1 > t0); -} - -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - -inline void AESNI_Enc_Block(__m128i &block, const __m128i *subkeys, unsigned int rounds) -{ - block = _mm_xor_si128(block, subkeys[0]); - for (unsigned int i=1; i<rounds-1; i+=2) - { - block = _mm_aesenc_si128(block, subkeys[i]); - block = _mm_aesenc_si128(block, subkeys[i+1]); - } - block = _mm_aesenc_si128(block, subkeys[rounds-1]); - block = _mm_aesenclast_si128(block, subkeys[rounds]); -} - -inline void AESNI_Enc_4_Blocks(__m128i &block0, __m128i &block1, __m128i &block2, __m128i &block3, const __m128i *subkeys, unsigned int rounds) -{ - __m128i rk = subkeys[0]; - block0 = _mm_xor_si128(block0, rk); - block1 = _mm_xor_si128(block1, rk); - block2 = _mm_xor_si128(block2, rk); - block3 = _mm_xor_si128(block3, rk); - for (unsigned int i=1; i<rounds; i++) - { - rk = subkeys[i]; - block0 = _mm_aesenc_si128(block0, rk); - block1 = _mm_aesenc_si128(block1, rk); - block2 = _mm_aesenc_si128(block2, rk); - block3 = _mm_aesenc_si128(block3, rk); - } - rk = subkeys[rounds]; - block0 = _mm_aesenclast_si128(block0, rk); - block1 = _mm_aesenclast_si128(block1, rk); - block2 = _mm_aesenclast_si128(block2, rk); - block3 = _mm_aesenclast_si128(block3, rk); -} - -inline void AESNI_Dec_Block(__m128i &block, const __m128i *subkeys, unsigned int rounds) -{ - block = _mm_xor_si128(block, subkeys[0]); - for (unsigned int i=1; i<rounds-1; i+=2) - { - block = _mm_aesdec_si128(block, subkeys[i]); - block = _mm_aesdec_si128(block, subkeys[i+1]); - } - block = _mm_aesdec_si128(block, subkeys[rounds-1]); - block = _mm_aesdeclast_si128(block, subkeys[rounds]); -} - -inline void AESNI_Dec_4_Blocks(__m128i &block0, __m128i &block1, __m128i &block2, __m128i &block3, const __m128i *subkeys, unsigned int rounds) -{ - __m128i rk = subkeys[0]; - block0 = _mm_xor_si128(block0, rk); - block1 = _mm_xor_si128(block1, rk); - block2 = _mm_xor_si128(block2, rk); - block3 = _mm_xor_si128(block3, rk); - for (unsigned int i=1; i<rounds; i++) - { - rk = subkeys[i]; - block0 = _mm_aesdec_si128(block0, rk); - block1 = _mm_aesdec_si128(block1, rk); - block2 = _mm_aesdec_si128(block2, rk); - block3 = _mm_aesdec_si128(block3, rk); - } - rk = subkeys[rounds]; - block0 = _mm_aesdeclast_si128(block0, rk); - block1 = _mm_aesdeclast_si128(block1, rk); - block2 = _mm_aesdeclast_si128(block2, rk); - block3 = _mm_aesdeclast_si128(block3, rk); -} - -static CRYPTOPP_ALIGN_DATA(16) const word32 s_one[] = {0, 0, 0, 1<<24}; - -template <typename F1, typename F4> -inline size_t AESNI_AdvancedProcessBlocks(F1 func1, F4 func4, const __m128i *subkeys, unsigned int rounds, const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - size_t blockSize = 16; - size_t inIncrement = (flags & (BlockTransformation::BT_InBlockIsCounter|BlockTransformation::BT_DontIncrementInOutPointers)) ? 0 : blockSize; - size_t xorIncrement = xorBlocks ? blockSize : 0; - size_t outIncrement = (flags & BlockTransformation::BT_DontIncrementInOutPointers) ? 0 : blockSize; - - if (flags & BlockTransformation::BT_ReverseDirection) - { - assert(length % blockSize == 0); - inBlocks += length - blockSize; - xorBlocks += length - blockSize; - outBlocks += length - blockSize; - inIncrement = 0-inIncrement; - xorIncrement = 0-xorIncrement; - outIncrement = 0-outIncrement; - } - - if (flags & BlockTransformation::BT_AllowParallel) - { - while (length >= 4*blockSize) - { - __m128i block0 = _mm_loadu_si128((const __m128i *)inBlocks), block1, block2, block3; - if (flags & BlockTransformation::BT_InBlockIsCounter) - { - const __m128i be1 = *(const __m128i *)s_one; - block1 = _mm_add_epi32(block0, be1); - block2 = _mm_add_epi32(block1, be1); - block3 = _mm_add_epi32(block2, be1); - _mm_storeu_si128((__m128i *)inBlocks, _mm_add_epi32(block3, be1)); - } - else - { - inBlocks += inIncrement; - block1 = _mm_loadu_si128((const __m128i *)inBlocks); - inBlocks += inIncrement; - block2 = _mm_loadu_si128((const __m128i *)inBlocks); - inBlocks += inIncrement; - block3 = _mm_loadu_si128((const __m128i *)inBlocks); - inBlocks += inIncrement; - } - - if (flags & BlockTransformation::BT_XorInput) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - block2 = _mm_xor_si128(block2, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - block3 = _mm_xor_si128(block3, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - } - - func4(block0, block1, block2, block3, subkeys, rounds); - - if (xorBlocks && !(flags & BlockTransformation::BT_XorInput)) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - block2 = _mm_xor_si128(block2, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - block3 = _mm_xor_si128(block3, _mm_loadu_si128((const __m128i *)xorBlocks)); - xorBlocks += xorIncrement; - } - - _mm_storeu_si128((__m128i *)outBlocks, block0); - outBlocks += outIncrement; - _mm_storeu_si128((__m128i *)outBlocks, block1); - outBlocks += outIncrement; - _mm_storeu_si128((__m128i *)outBlocks, block2); - outBlocks += outIncrement; - _mm_storeu_si128((__m128i *)outBlocks, block3); - outBlocks += outIncrement; - - length -= 4*blockSize; - } - } - - while (length >= blockSize) - { - __m128i block = _mm_loadu_si128((const __m128i *)inBlocks); - - if (flags & BlockTransformation::BT_XorInput) - block = _mm_xor_si128(block, _mm_loadu_si128((const __m128i *)xorBlocks)); - - if (flags & BlockTransformation::BT_InBlockIsCounter) - const_cast<byte *>(inBlocks)[15]++; - - func1(block, subkeys, rounds); - - if (xorBlocks && !(flags & BlockTransformation::BT_XorInput)) - block = _mm_xor_si128(block, _mm_loadu_si128((const __m128i *)xorBlocks)); - - _mm_storeu_si128((__m128i *)outBlocks, block); - - inBlocks += inIncrement; - outBlocks += outIncrement; - xorBlocks += xorIncrement; - length -= blockSize; - } - - return length; -} -#endif - -size_t Rijndael::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const -{ -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - if (HasAESNI()) - return AESNI_AdvancedProcessBlocks(AESNI_Enc_Block, AESNI_Enc_4_Blocks, (const __m128i *)m_key.begin(), m_rounds, inBlocks, xorBlocks, outBlocks, length, flags); -#endif - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - if (HasSSE2()) - { - if (length < BLOCKSIZE) - return length; - - struct Locals - { - word32 subkeys[4*12], workspace[8]; - const byte *inBlocks, *inXorBlocks, *outXorBlocks; - byte *outBlocks; - size_t inIncrement, inXorIncrement, outXorIncrement, outIncrement; - size_t regSpill, lengthAndCounterFlag, keysBegin; - }; - - size_t increment = BLOCKSIZE; - const byte* zeros = (byte *)(Te+256); - byte *space; - - do { - space = (byte *)alloca(255+sizeof(Locals)); - space += (256-(size_t)space%256)%256; - } - while (AliasedWithTable(space, space+sizeof(Locals))); - - if (flags & BT_ReverseDirection) - { - assert(length % BLOCKSIZE == 0); - inBlocks += length - BLOCKSIZE; - xorBlocks += length - BLOCKSIZE; - outBlocks += length - BLOCKSIZE; - increment = 0-increment; - } - - Locals &locals = *(Locals *)space; - - locals.inBlocks = inBlocks; - locals.inXorBlocks = (flags & BT_XorInput) && xorBlocks ? xorBlocks : zeros; - locals.outXorBlocks = (flags & BT_XorInput) || !xorBlocks ? zeros : xorBlocks; - locals.outBlocks = outBlocks; - - locals.inIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : increment; - locals.inXorIncrement = (flags & BT_XorInput) && xorBlocks ? increment : 0; - locals.outXorIncrement = (flags & BT_XorInput) || !xorBlocks ? 0 : increment; - locals.outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : increment; - - locals.lengthAndCounterFlag = length - (length%16) - bool(flags & BT_InBlockIsCounter); - int keysToCopy = m_rounds - (flags & BT_InBlockIsCounter ? 3 : 2); - locals.keysBegin = (12-keysToCopy)*16; - - Rijndael_Enc_AdvancedProcessBlocks(&locals, m_key); - return length % BLOCKSIZE; - } -#endif - - return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); -} - -#endif - -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - -size_t Rijndael::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const -{ - if (HasAESNI()) - return AESNI_AdvancedProcessBlocks(AESNI_Dec_Block, AESNI_Dec_4_Blocks, (const __m128i *)m_key.begin(), m_rounds, inBlocks, xorBlocks, outBlocks, length, flags); - - return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); -} - -#endif // #if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - -NAMESPACE_END - -#endif -#endif diff --git a/cryptopp562/rijndael.h b/cryptopp562/rijndael.h deleted file mode 100644 index 64c784b..0000000 --- a/cryptopp562/rijndael.h +++ /dev/null @@ -1,68 +0,0 @@ -#ifndef CRYPTOPP_RIJNDAEL_H -#define CRYPTOPP_RIJNDAEL_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Rijndael_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8> -{ - CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return CRYPTOPP_RIJNDAEL_NAME;} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#Rijndael">Rijndael</a> -class CRYPTOPP_DLL Rijndael : public Rijndael_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<Rijndael_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - static void FillEncTable(); - static void FillDecTable(); - - // VS2005 workaround: have to put these on seperate lines, or error C2487 is triggered in DLL build - static const byte Se[256]; - static const byte Sd[256]; - - static const word32 rcon[]; - - unsigned int m_rounds; - FixedSizeAlignedSecBlock<word32, 4*15> m_key; - }; - - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; -#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 - size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; -#endif - }; - - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE - size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; -#endif - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef Rijndael::Encryption RijndaelEncryption; -typedef Rijndael::Decryption RijndaelDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ripemd.cpp b/cryptopp562/ripemd.cpp deleted file mode 100644 index 3476aa8..0000000 --- a/cryptopp562/ripemd.cpp +++ /dev/null @@ -1,803 +0,0 @@ -// ripemd.cpp -// RIPEMD-160 written and placed in the public domain by Wei Dai -// RIPEMD-320, RIPEMD-128, RIPEMD-256 written by Kevin Springle -// and also placed in the public domain - -#include "pch.h" -#include "ripemd.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -#define F(x, y, z) (x ^ y ^ z) -#define G(x, y, z) (z ^ (x & (y^z))) -#define H(x, y, z) (z ^ (x | ~y)) -#define I(x, y, z) (y ^ (z & (x^y))) -#define J(x, y, z) (x ^ (y | ~z)) - -#define k0 0 -#define k1 0x5a827999UL -#define k2 0x6ed9eba1UL -#define k3 0x8f1bbcdcUL -#define k4 0xa953fd4eUL -#define k5 0x50a28be6UL -#define k6 0x5c4dd124UL -#define k7 0x6d703ef3UL -#define k8 0x7a6d76e9UL -#define k9 0 - -// ************************************************************* - -// for 160 and 320 -#define Subround(f, a, b, c, d, e, x, s, k) \ - a += f(b, c, d) + x + k;\ - a = rotlFixed((word32)a, s) + e;\ - c = rotlFixed((word32)c, 10U) - -void RIPEMD160::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xefcdab89L; - state[2] = 0x98badcfeL; - state[3] = 0x10325476L; - state[4] = 0xc3d2e1f0L; -} - -void RIPEMD160::Transform (word32 *digest, const word32 *X) -{ - unsigned long a1, b1, c1, d1, e1, a2, b2, c2, d2, e2; - a1 = a2 = digest[0]; - b1 = b2 = digest[1]; - c1 = c2 = digest[2]; - d1 = d2 = digest[3]; - e1 = e2 = digest[4]; - - Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0); - Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0); - Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0); - Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0); - Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0); - Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0); - Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0); - Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0); - - Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1); - Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1); - Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1); - Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1); - Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1); - Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1); - Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1); - - Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2); - Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2); - Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2); - Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2); - Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2); - Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2); - Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2); - - Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3); - Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3); - Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3); - Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3); - Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3); - Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3); - Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3); - Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3); - - Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4); - Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4); - Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4); - Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4); - Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4); - Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4); - Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4); - Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4); - Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4); - - Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5); - Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5); - Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5); - Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5); - Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5); - Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5); - Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5); - Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5); - - Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6); - Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6); - Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6); - Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6); - Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6); - Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6); - Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6); - - Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7); - Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7); - Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7); - Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7); - Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7); - Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7); - - Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8); - Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8); - Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8); - Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8); - Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8); - Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8); - Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8); - Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8); - Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8); - Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8); - - Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9); - Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9); - Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9); - Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9); - Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9); - Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9); - Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9); - - c1 = digest[1] + c1 + d2; - digest[1] = digest[2] + d1 + e2; - digest[2] = digest[3] + e1 + a2; - digest[3] = digest[4] + a1 + b2; - digest[4] = digest[0] + b1 + c2; - digest[0] = c1; -} - -// ************************************************************* - -void RIPEMD320::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xefcdab89L; - state[2] = 0x98badcfeL; - state[3] = 0x10325476L; - state[4] = 0xc3d2e1f0L; - state[5] = 0x76543210L; - state[6] = 0xfedcba98L; - state[7] = 0x89abcdefL; - state[8] = 0x01234567L; - state[9] = 0x3c2d1e0fL; -} - -void RIPEMD320::Transform (word32 *digest, const word32 *X) -{ - unsigned long a1, b1, c1, d1, e1, a2, b2, c2, d2, e2, t; - a1 = digest[0]; - b1 = digest[1]; - c1 = digest[2]; - d1 = digest[3]; - e1 = digest[4]; - a2 = digest[5]; - b2 = digest[6]; - c2 = digest[7]; - d2 = digest[8]; - e2 = digest[9]; - - Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0); - Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0); - Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0); - Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0); - Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0); - Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0); - Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0); - Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0); - - Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5); - Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5); - Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5); - Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5); - Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5); - Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5); - Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5); - Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5); - - t = a1; a1 = a2; a2 = t; - - Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1); - Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1); - Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1); - Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1); - Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1); - Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1); - Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1); - - Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6); - Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6); - Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6); - Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6); - Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6); - Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6); - Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6); - - t = b1; b1 = b2; b2 = t; - - Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2); - Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2); - Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2); - Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2); - Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2); - Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2); - Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2); - - Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7); - Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7); - Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7); - Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7); - Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7); - Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7); - - t = c1; c1 = c2; c2 = t; - - Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3); - Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3); - Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3); - Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3); - Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3); - Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3); - Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3); - Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3); - - Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8); - Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8); - Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8); - Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8); - Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8); - Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8); - Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8); - Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8); - Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8); - Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8); - - t = d1; d1 = d2; d2 = t; - - Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4); - Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4); - Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4); - Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4); - Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4); - Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4); - Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4); - Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4); - Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4); - - Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9); - Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9); - Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9); - Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9); - Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9); - Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9); - Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9); - - t = e1; e1 = e2; e2 = t; - - digest[0] += a1; - digest[1] += b1; - digest[2] += c1; - digest[3] += d1; - digest[4] += e1; - digest[5] += a2; - digest[6] += b2; - digest[7] += c2; - digest[8] += d2; - digest[9] += e2; -} - -#undef Subround - -// ************************************************************* - -// for 128 and 256 -#define Subround(f, a, b, c, d, x, s, k) \ - a += f(b, c, d) + x + k;\ - a = rotlFixed((word32)a, s); - -void RIPEMD128::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xefcdab89L; - state[2] = 0x98badcfeL; - state[3] = 0x10325476L; -} - -void RIPEMD128::Transform (word32 *digest, const word32 *X) -{ - unsigned long a1, b1, c1, d1, a2, b2, c2, d2; - a1 = a2 = digest[0]; - b1 = b2 = digest[1]; - c1 = c2 = digest[2]; - d1 = d2 = digest[3]; - - Subround(F, a1, b1, c1, d1, X[ 0], 11, k0); - Subround(F, d1, a1, b1, c1, X[ 1], 14, k0); - Subround(F, c1, d1, a1, b1, X[ 2], 15, k0); - Subround(F, b1, c1, d1, a1, X[ 3], 12, k0); - Subround(F, a1, b1, c1, d1, X[ 4], 5, k0); - Subround(F, d1, a1, b1, c1, X[ 5], 8, k0); - Subround(F, c1, d1, a1, b1, X[ 6], 7, k0); - Subround(F, b1, c1, d1, a1, X[ 7], 9, k0); - Subround(F, a1, b1, c1, d1, X[ 8], 11, k0); - Subround(F, d1, a1, b1, c1, X[ 9], 13, k0); - Subround(F, c1, d1, a1, b1, X[10], 14, k0); - Subround(F, b1, c1, d1, a1, X[11], 15, k0); - Subround(F, a1, b1, c1, d1, X[12], 6, k0); - Subround(F, d1, a1, b1, c1, X[13], 7, k0); - Subround(F, c1, d1, a1, b1, X[14], 9, k0); - Subround(F, b1, c1, d1, a1, X[15], 8, k0); - - Subround(G, a1, b1, c1, d1, X[ 7], 7, k1); - Subround(G, d1, a1, b1, c1, X[ 4], 6, k1); - Subround(G, c1, d1, a1, b1, X[13], 8, k1); - Subround(G, b1, c1, d1, a1, X[ 1], 13, k1); - Subround(G, a1, b1, c1, d1, X[10], 11, k1); - Subround(G, d1, a1, b1, c1, X[ 6], 9, k1); - Subround(G, c1, d1, a1, b1, X[15], 7, k1); - Subround(G, b1, c1, d1, a1, X[ 3], 15, k1); - Subround(G, a1, b1, c1, d1, X[12], 7, k1); - Subround(G, d1, a1, b1, c1, X[ 0], 12, k1); - Subround(G, c1, d1, a1, b1, X[ 9], 15, k1); - Subround(G, b1, c1, d1, a1, X[ 5], 9, k1); - Subround(G, a1, b1, c1, d1, X[ 2], 11, k1); - Subround(G, d1, a1, b1, c1, X[14], 7, k1); - Subround(G, c1, d1, a1, b1, X[11], 13, k1); - Subround(G, b1, c1, d1, a1, X[ 8], 12, k1); - - Subround(H, a1, b1, c1, d1, X[ 3], 11, k2); - Subround(H, d1, a1, b1, c1, X[10], 13, k2); - Subround(H, c1, d1, a1, b1, X[14], 6, k2); - Subround(H, b1, c1, d1, a1, X[ 4], 7, k2); - Subround(H, a1, b1, c1, d1, X[ 9], 14, k2); - Subround(H, d1, a1, b1, c1, X[15], 9, k2); - Subround(H, c1, d1, a1, b1, X[ 8], 13, k2); - Subround(H, b1, c1, d1, a1, X[ 1], 15, k2); - Subround(H, a1, b1, c1, d1, X[ 2], 14, k2); - Subround(H, d1, a1, b1, c1, X[ 7], 8, k2); - Subround(H, c1, d1, a1, b1, X[ 0], 13, k2); - Subround(H, b1, c1, d1, a1, X[ 6], 6, k2); - Subround(H, a1, b1, c1, d1, X[13], 5, k2); - Subround(H, d1, a1, b1, c1, X[11], 12, k2); - Subround(H, c1, d1, a1, b1, X[ 5], 7, k2); - Subround(H, b1, c1, d1, a1, X[12], 5, k2); - - Subround(I, a1, b1, c1, d1, X[ 1], 11, k3); - Subround(I, d1, a1, b1, c1, X[ 9], 12, k3); - Subround(I, c1, d1, a1, b1, X[11], 14, k3); - Subround(I, b1, c1, d1, a1, X[10], 15, k3); - Subround(I, a1, b1, c1, d1, X[ 0], 14, k3); - Subround(I, d1, a1, b1, c1, X[ 8], 15, k3); - Subround(I, c1, d1, a1, b1, X[12], 9, k3); - Subround(I, b1, c1, d1, a1, X[ 4], 8, k3); - Subround(I, a1, b1, c1, d1, X[13], 9, k3); - Subround(I, d1, a1, b1, c1, X[ 3], 14, k3); - Subround(I, c1, d1, a1, b1, X[ 7], 5, k3); - Subround(I, b1, c1, d1, a1, X[15], 6, k3); - Subround(I, a1, b1, c1, d1, X[14], 8, k3); - Subround(I, d1, a1, b1, c1, X[ 5], 6, k3); - Subround(I, c1, d1, a1, b1, X[ 6], 5, k3); - Subround(I, b1, c1, d1, a1, X[ 2], 12, k3); - - Subround(I, a2, b2, c2, d2, X[ 5], 8, k5); - Subround(I, d2, a2, b2, c2, X[14], 9, k5); - Subround(I, c2, d2, a2, b2, X[ 7], 9, k5); - Subround(I, b2, c2, d2, a2, X[ 0], 11, k5); - Subround(I, a2, b2, c2, d2, X[ 9], 13, k5); - Subround(I, d2, a2, b2, c2, X[ 2], 15, k5); - Subround(I, c2, d2, a2, b2, X[11], 15, k5); - Subround(I, b2, c2, d2, a2, X[ 4], 5, k5); - Subround(I, a2, b2, c2, d2, X[13], 7, k5); - Subround(I, d2, a2, b2, c2, X[ 6], 7, k5); - Subround(I, c2, d2, a2, b2, X[15], 8, k5); - Subround(I, b2, c2, d2, a2, X[ 8], 11, k5); - Subround(I, a2, b2, c2, d2, X[ 1], 14, k5); - Subround(I, d2, a2, b2, c2, X[10], 14, k5); - Subround(I, c2, d2, a2, b2, X[ 3], 12, k5); - Subround(I, b2, c2, d2, a2, X[12], 6, k5); - - Subround(H, a2, b2, c2, d2, X[ 6], 9, k6); - Subround(H, d2, a2, b2, c2, X[11], 13, k6); - Subround(H, c2, d2, a2, b2, X[ 3], 15, k6); - Subround(H, b2, c2, d2, a2, X[ 7], 7, k6); - Subround(H, a2, b2, c2, d2, X[ 0], 12, k6); - Subround(H, d2, a2, b2, c2, X[13], 8, k6); - Subround(H, c2, d2, a2, b2, X[ 5], 9, k6); - Subround(H, b2, c2, d2, a2, X[10], 11, k6); - Subround(H, a2, b2, c2, d2, X[14], 7, k6); - Subround(H, d2, a2, b2, c2, X[15], 7, k6); - Subround(H, c2, d2, a2, b2, X[ 8], 12, k6); - Subround(H, b2, c2, d2, a2, X[12], 7, k6); - Subround(H, a2, b2, c2, d2, X[ 4], 6, k6); - Subround(H, d2, a2, b2, c2, X[ 9], 15, k6); - Subround(H, c2, d2, a2, b2, X[ 1], 13, k6); - Subround(H, b2, c2, d2, a2, X[ 2], 11, k6); - - Subround(G, a2, b2, c2, d2, X[15], 9, k7); - Subround(G, d2, a2, b2, c2, X[ 5], 7, k7); - Subround(G, c2, d2, a2, b2, X[ 1], 15, k7); - Subround(G, b2, c2, d2, a2, X[ 3], 11, k7); - Subround(G, a2, b2, c2, d2, X[ 7], 8, k7); - Subround(G, d2, a2, b2, c2, X[14], 6, k7); - Subround(G, c2, d2, a2, b2, X[ 6], 6, k7); - Subround(G, b2, c2, d2, a2, X[ 9], 14, k7); - Subround(G, a2, b2, c2, d2, X[11], 12, k7); - Subround(G, d2, a2, b2, c2, X[ 8], 13, k7); - Subround(G, c2, d2, a2, b2, X[12], 5, k7); - Subround(G, b2, c2, d2, a2, X[ 2], 14, k7); - Subround(G, a2, b2, c2, d2, X[10], 13, k7); - Subround(G, d2, a2, b2, c2, X[ 0], 13, k7); - Subround(G, c2, d2, a2, b2, X[ 4], 7, k7); - Subround(G, b2, c2, d2, a2, X[13], 5, k7); - - Subround(F, a2, b2, c2, d2, X[ 8], 15, k9); - Subround(F, d2, a2, b2, c2, X[ 6], 5, k9); - Subround(F, c2, d2, a2, b2, X[ 4], 8, k9); - Subround(F, b2, c2, d2, a2, X[ 1], 11, k9); - Subround(F, a2, b2, c2, d2, X[ 3], 14, k9); - Subround(F, d2, a2, b2, c2, X[11], 14, k9); - Subround(F, c2, d2, a2, b2, X[15], 6, k9); - Subround(F, b2, c2, d2, a2, X[ 0], 14, k9); - Subround(F, a2, b2, c2, d2, X[ 5], 6, k9); - Subround(F, d2, a2, b2, c2, X[12], 9, k9); - Subround(F, c2, d2, a2, b2, X[ 2], 12, k9); - Subround(F, b2, c2, d2, a2, X[13], 9, k9); - Subround(F, a2, b2, c2, d2, X[ 9], 12, k9); - Subround(F, d2, a2, b2, c2, X[ 7], 5, k9); - Subround(F, c2, d2, a2, b2, X[10], 15, k9); - Subround(F, b2, c2, d2, a2, X[14], 8, k9); - - c1 = digest[1] + c1 + d2; - digest[1] = digest[2] + d1 + a2; - digest[2] = digest[3] + a1 + b2; - digest[3] = digest[0] + b1 + c2; - digest[0] = c1; -} - -// ************************************************************* - -void RIPEMD256::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xefcdab89L; - state[2] = 0x98badcfeL; - state[3] = 0x10325476L; - state[4] = 0x76543210L; - state[5] = 0xfedcba98L; - state[6] = 0x89abcdefL; - state[7] = 0x01234567L; -} - -void RIPEMD256::Transform (word32 *digest, const word32 *X) -{ - unsigned long a1, b1, c1, d1, a2, b2, c2, d2, t; - a1 = digest[0]; - b1 = digest[1]; - c1 = digest[2]; - d1 = digest[3]; - a2 = digest[4]; - b2 = digest[5]; - c2 = digest[6]; - d2 = digest[7]; - - Subround(F, a1, b1, c1, d1, X[ 0], 11, k0); - Subround(F, d1, a1, b1, c1, X[ 1], 14, k0); - Subround(F, c1, d1, a1, b1, X[ 2], 15, k0); - Subround(F, b1, c1, d1, a1, X[ 3], 12, k0); - Subround(F, a1, b1, c1, d1, X[ 4], 5, k0); - Subround(F, d1, a1, b1, c1, X[ 5], 8, k0); - Subround(F, c1, d1, a1, b1, X[ 6], 7, k0); - Subround(F, b1, c1, d1, a1, X[ 7], 9, k0); - Subround(F, a1, b1, c1, d1, X[ 8], 11, k0); - Subround(F, d1, a1, b1, c1, X[ 9], 13, k0); - Subround(F, c1, d1, a1, b1, X[10], 14, k0); - Subround(F, b1, c1, d1, a1, X[11], 15, k0); - Subround(F, a1, b1, c1, d1, X[12], 6, k0); - Subround(F, d1, a1, b1, c1, X[13], 7, k0); - Subround(F, c1, d1, a1, b1, X[14], 9, k0); - Subround(F, b1, c1, d1, a1, X[15], 8, k0); - - Subround(I, a2, b2, c2, d2, X[ 5], 8, k5); - Subround(I, d2, a2, b2, c2, X[14], 9, k5); - Subround(I, c2, d2, a2, b2, X[ 7], 9, k5); - Subround(I, b2, c2, d2, a2, X[ 0], 11, k5); - Subround(I, a2, b2, c2, d2, X[ 9], 13, k5); - Subround(I, d2, a2, b2, c2, X[ 2], 15, k5); - Subround(I, c2, d2, a2, b2, X[11], 15, k5); - Subround(I, b2, c2, d2, a2, X[ 4], 5, k5); - Subround(I, a2, b2, c2, d2, X[13], 7, k5); - Subround(I, d2, a2, b2, c2, X[ 6], 7, k5); - Subround(I, c2, d2, a2, b2, X[15], 8, k5); - Subround(I, b2, c2, d2, a2, X[ 8], 11, k5); - Subround(I, a2, b2, c2, d2, X[ 1], 14, k5); - Subround(I, d2, a2, b2, c2, X[10], 14, k5); - Subround(I, c2, d2, a2, b2, X[ 3], 12, k5); - Subround(I, b2, c2, d2, a2, X[12], 6, k5); - - t = a1; a1 = a2; a2 = t; - - Subround(G, a1, b1, c1, d1, X[ 7], 7, k1); - Subround(G, d1, a1, b1, c1, X[ 4], 6, k1); - Subround(G, c1, d1, a1, b1, X[13], 8, k1); - Subround(G, b1, c1, d1, a1, X[ 1], 13, k1); - Subround(G, a1, b1, c1, d1, X[10], 11, k1); - Subround(G, d1, a1, b1, c1, X[ 6], 9, k1); - Subround(G, c1, d1, a1, b1, X[15], 7, k1); - Subround(G, b1, c1, d1, a1, X[ 3], 15, k1); - Subround(G, a1, b1, c1, d1, X[12], 7, k1); - Subround(G, d1, a1, b1, c1, X[ 0], 12, k1); - Subround(G, c1, d1, a1, b1, X[ 9], 15, k1); - Subround(G, b1, c1, d1, a1, X[ 5], 9, k1); - Subround(G, a1, b1, c1, d1, X[ 2], 11, k1); - Subround(G, d1, a1, b1, c1, X[14], 7, k1); - Subround(G, c1, d1, a1, b1, X[11], 13, k1); - Subround(G, b1, c1, d1, a1, X[ 8], 12, k1); - - Subround(H, a2, b2, c2, d2, X[ 6], 9, k6); - Subround(H, d2, a2, b2, c2, X[11], 13, k6); - Subround(H, c2, d2, a2, b2, X[ 3], 15, k6); - Subround(H, b2, c2, d2, a2, X[ 7], 7, k6); - Subround(H, a2, b2, c2, d2, X[ 0], 12, k6); - Subround(H, d2, a2, b2, c2, X[13], 8, k6); - Subround(H, c2, d2, a2, b2, X[ 5], 9, k6); - Subround(H, b2, c2, d2, a2, X[10], 11, k6); - Subround(H, a2, b2, c2, d2, X[14], 7, k6); - Subround(H, d2, a2, b2, c2, X[15], 7, k6); - Subround(H, c2, d2, a2, b2, X[ 8], 12, k6); - Subround(H, b2, c2, d2, a2, X[12], 7, k6); - Subround(H, a2, b2, c2, d2, X[ 4], 6, k6); - Subround(H, d2, a2, b2, c2, X[ 9], 15, k6); - Subround(H, c2, d2, a2, b2, X[ 1], 13, k6); - Subround(H, b2, c2, d2, a2, X[ 2], 11, k6); - - t = b1; b1 = b2; b2 = t; - - Subround(H, a1, b1, c1, d1, X[ 3], 11, k2); - Subround(H, d1, a1, b1, c1, X[10], 13, k2); - Subround(H, c1, d1, a1, b1, X[14], 6, k2); - Subround(H, b1, c1, d1, a1, X[ 4], 7, k2); - Subround(H, a1, b1, c1, d1, X[ 9], 14, k2); - Subround(H, d1, a1, b1, c1, X[15], 9, k2); - Subround(H, c1, d1, a1, b1, X[ 8], 13, k2); - Subround(H, b1, c1, d1, a1, X[ 1], 15, k2); - Subround(H, a1, b1, c1, d1, X[ 2], 14, k2); - Subround(H, d1, a1, b1, c1, X[ 7], 8, k2); - Subround(H, c1, d1, a1, b1, X[ 0], 13, k2); - Subround(H, b1, c1, d1, a1, X[ 6], 6, k2); - Subround(H, a1, b1, c1, d1, X[13], 5, k2); - Subround(H, d1, a1, b1, c1, X[11], 12, k2); - Subround(H, c1, d1, a1, b1, X[ 5], 7, k2); - Subround(H, b1, c1, d1, a1, X[12], 5, k2); - - Subround(G, a2, b2, c2, d2, X[15], 9, k7); - Subround(G, d2, a2, b2, c2, X[ 5], 7, k7); - Subround(G, c2, d2, a2, b2, X[ 1], 15, k7); - Subround(G, b2, c2, d2, a2, X[ 3], 11, k7); - Subround(G, a2, b2, c2, d2, X[ 7], 8, k7); - Subround(G, d2, a2, b2, c2, X[14], 6, k7); - Subround(G, c2, d2, a2, b2, X[ 6], 6, k7); - Subround(G, b2, c2, d2, a2, X[ 9], 14, k7); - Subround(G, a2, b2, c2, d2, X[11], 12, k7); - Subround(G, d2, a2, b2, c2, X[ 8], 13, k7); - Subround(G, c2, d2, a2, b2, X[12], 5, k7); - Subround(G, b2, c2, d2, a2, X[ 2], 14, k7); - Subround(G, a2, b2, c2, d2, X[10], 13, k7); - Subround(G, d2, a2, b2, c2, X[ 0], 13, k7); - Subround(G, c2, d2, a2, b2, X[ 4], 7, k7); - Subround(G, b2, c2, d2, a2, X[13], 5, k7); - - t = c1; c1 = c2; c2 = t; - - Subround(I, a1, b1, c1, d1, X[ 1], 11, k3); - Subround(I, d1, a1, b1, c1, X[ 9], 12, k3); - Subround(I, c1, d1, a1, b1, X[11], 14, k3); - Subround(I, b1, c1, d1, a1, X[10], 15, k3); - Subround(I, a1, b1, c1, d1, X[ 0], 14, k3); - Subround(I, d1, a1, b1, c1, X[ 8], 15, k3); - Subround(I, c1, d1, a1, b1, X[12], 9, k3); - Subround(I, b1, c1, d1, a1, X[ 4], 8, k3); - Subround(I, a1, b1, c1, d1, X[13], 9, k3); - Subround(I, d1, a1, b1, c1, X[ 3], 14, k3); - Subround(I, c1, d1, a1, b1, X[ 7], 5, k3); - Subround(I, b1, c1, d1, a1, X[15], 6, k3); - Subround(I, a1, b1, c1, d1, X[14], 8, k3); - Subround(I, d1, a1, b1, c1, X[ 5], 6, k3); - Subround(I, c1, d1, a1, b1, X[ 6], 5, k3); - Subround(I, b1, c1, d1, a1, X[ 2], 12, k3); - - Subround(F, a2, b2, c2, d2, X[ 8], 15, k9); - Subround(F, d2, a2, b2, c2, X[ 6], 5, k9); - Subround(F, c2, d2, a2, b2, X[ 4], 8, k9); - Subround(F, b2, c2, d2, a2, X[ 1], 11, k9); - Subround(F, a2, b2, c2, d2, X[ 3], 14, k9); - Subround(F, d2, a2, b2, c2, X[11], 14, k9); - Subround(F, c2, d2, a2, b2, X[15], 6, k9); - Subround(F, b2, c2, d2, a2, X[ 0], 14, k9); - Subround(F, a2, b2, c2, d2, X[ 5], 6, k9); - Subround(F, d2, a2, b2, c2, X[12], 9, k9); - Subround(F, c2, d2, a2, b2, X[ 2], 12, k9); - Subround(F, b2, c2, d2, a2, X[13], 9, k9); - Subround(F, a2, b2, c2, d2, X[ 9], 12, k9); - Subround(F, d2, a2, b2, c2, X[ 7], 5, k9); - Subround(F, c2, d2, a2, b2, X[10], 15, k9); - Subround(F, b2, c2, d2, a2, X[14], 8, k9); - - t = d1; d1 = d2; d2 = t; - - digest[0] += a1; - digest[1] += b1; - digest[2] += c1; - digest[3] += d1; - digest[4] += a2; - digest[5] += b2; - digest[6] += c2; - digest[7] += d2; -} - -NAMESPACE_END diff --git a/cryptopp562/ripemd.h b/cryptopp562/ripemd.h deleted file mode 100644 index 56871a9..0000000 --- a/cryptopp562/ripemd.h +++ /dev/null @@ -1,49 +0,0 @@ -#ifndef CRYPTOPP_RIPEMD_H -#define CRYPTOPP_RIPEMD_H - -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! <a href="http://www.weidai.com/scan-mirror/md.html#RIPEMD-160">RIPEMD-160</a> -/*! Digest Length = 160 bits */ -class RIPEMD160 : public IteratedHashWithStaticTransform<word32, LittleEndian, 64, 20, RIPEMD160> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word32 *digest, const word32 *data); - static const char * StaticAlgorithmName() {return "RIPEMD-160";} -}; - -/*! Digest Length = 320 bits, Security is similar to RIPEMD-160 */ -class RIPEMD320 : public IteratedHashWithStaticTransform<word32, LittleEndian, 64, 40, RIPEMD320> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word32 *digest, const word32 *data); - static const char * StaticAlgorithmName() {return "RIPEMD-320";} -}; - -/*! \warning RIPEMD-128 is considered insecure, and should not be used - unless you absolutely need it for compatibility. */ -class RIPEMD128 : public IteratedHashWithStaticTransform<word32, LittleEndian, 64, 16, RIPEMD128> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word32 *digest, const word32 *data); - static const char * StaticAlgorithmName() {return "RIPEMD-128";} -}; - -/*! \warning RIPEMD-256 is considered insecure, and should not be used - unless you absolutely need it for compatibility. */ -class RIPEMD256 : public IteratedHashWithStaticTransform<word32, LittleEndian, 64, 32, RIPEMD256> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word32 *digest, const word32 *data); - static const char * StaticAlgorithmName() {return "RIPEMD-256";} -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rng.cpp b/cryptopp562/rng.cpp deleted file mode 100644 index 9866cd8..0000000 --- a/cryptopp562/rng.cpp +++ /dev/null @@ -1,155 +0,0 @@ -// rng.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#include "rng.h" -#include "fips140.h" - -#include <time.h> -#include <math.h> - -NAMESPACE_BEGIN(CryptoPP) - -// linear congruential generator -// originally by William S. England - -// do not use for cryptographic purposes - -/* -** Original_numbers are the original published m and q in the -** ACM article above. John Burton has furnished numbers for -** a reportedly better generator. The new numbers are now -** used in this program by default. -*/ - -#ifndef LCRNG_ORIGINAL_NUMBERS -const word32 LC_RNG::m=2147483647L; -const word32 LC_RNG::q=44488L; - -const word16 LC_RNG::a=(unsigned int)48271L; -const word16 LC_RNG::r=3399; -#else -const word32 LC_RNG::m=2147483647L; -const word32 LC_RNG::q=127773L; - -const word16 LC_RNG::a=16807; -const word16 LC_RNG::r=2836; -#endif - -void LC_RNG::GenerateBlock(byte *output, size_t size) -{ - while (size--) - { - word32 hi = seed/q; - word32 lo = seed%q; - - long test = a*lo - r*hi; - - if (test > 0) - seed = test; - else - seed = test+ m; - - *output++ = (GETBYTE(seed, 0) ^ GETBYTE(seed, 1) ^ GETBYTE(seed, 2) ^ GETBYTE(seed, 3)); - } -} - -// ******************************************************** - -#ifndef CRYPTOPP_IMPORTS - -X917RNG::X917RNG(BlockTransformation *c, const byte *seed, const byte *deterministicTimeVector) - : cipher(c), - S(cipher->BlockSize()), - dtbuf(S), - randseed(seed, S), - m_lastBlock(S), - m_deterministicTimeVector(deterministicTimeVector, deterministicTimeVector ? S : 0) -{ - if (!deterministicTimeVector) - { - time_t tstamp1 = time(0); - xorbuf(dtbuf, (byte *)&tstamp1, UnsignedMin(sizeof(tstamp1), S)); - cipher->ProcessBlock(dtbuf); - clock_t tstamp2 = clock(); - xorbuf(dtbuf, (byte *)&tstamp2, UnsignedMin(sizeof(tstamp2), S)); - cipher->ProcessBlock(dtbuf); - } - - // for FIPS 140-2 - GenerateBlock(m_lastBlock, S); -} - -void X917RNG::GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size) -{ - while (size > 0) - { - // calculate new enciphered timestamp - if (m_deterministicTimeVector.size()) - { - cipher->ProcessBlock(m_deterministicTimeVector, dtbuf); - IncrementCounterByOne(m_deterministicTimeVector, S); - } - else - { - clock_t c = clock(); - xorbuf(dtbuf, (byte *)&c, UnsignedMin(sizeof(c), S)); - time_t t = time(NULL); - xorbuf(dtbuf+S-UnsignedMin(sizeof(t), S), (byte *)&t, UnsignedMin(sizeof(t), S)); - cipher->ProcessBlock(dtbuf); - } - - // combine enciphered timestamp with seed - xorbuf(randseed, dtbuf, S); - - // generate a new block of random bytes - cipher->ProcessBlock(randseed); - if (memcmp(m_lastBlock, randseed, S) == 0) - throw SelfTestFailure("X917RNG: Continuous random number generator test failed."); - - // output random bytes - size_t len = UnsignedMin(S, size); - target.ChannelPut(channel, randseed, len); - size -= len; - - // compute new seed vector - memcpy(m_lastBlock, randseed, S); - xorbuf(randseed, dtbuf, S); - cipher->ProcessBlock(randseed); - } -} - -#endif - -MaurerRandomnessTest::MaurerRandomnessTest() - : sum(0.0), n(0) -{ - for (unsigned i=0; i<V; i++) - tab[i] = 0; -} - -size_t MaurerRandomnessTest::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - while (length--) - { - byte inByte = *inString++; - if (n >= Q) - sum += log(double(n - tab[inByte])); - tab[inByte] = n; - n++; - } - return 0; -} - -double MaurerRandomnessTest::GetTestValue() const -{ - if (BytesNeeded() > 0) - throw Exception(Exception::OTHER_ERROR, "MaurerRandomnessTest: " + IntToString(BytesNeeded()) + " more bytes of input needed"); - - double fTu = (sum/(n-Q))/log(2.0); // this is the test value defined by Maurer - - double value = fTu * 0.1392; // arbitrarily normalize it to - return value > 1.0 ? 1.0 : value; // a number between 0 and 1 -} - -NAMESPACE_END diff --git a/cryptopp562/rng.h b/cryptopp562/rng.h deleted file mode 100644 index 2439dee..0000000 --- a/cryptopp562/rng.h +++ /dev/null @@ -1,77 +0,0 @@ -// rng.h - misc RNG related classes, see also osrng.h, randpool.h - -#ifndef CRYPTOPP_RNG_H -#define CRYPTOPP_RNG_H - -#include "cryptlib.h" -#include "filters.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! linear congruential generator -/*! originally by William S. England, do not use for cryptographic purposes */ -class LC_RNG : public RandomNumberGenerator -{ -public: - LC_RNG(word32 init_seed) - : seed(init_seed) {} - - void GenerateBlock(byte *output, size_t size); - - word32 GetSeed() {return seed;} - -private: - word32 seed; - - static const word32 m; - static const word32 q; - static const word16 a; - static const word16 r; -}; - -//! RNG derived from ANSI X9.17 Appendix C - -class CRYPTOPP_DLL X917RNG : public RandomNumberGenerator, public NotCopyable -{ -public: - // cipher will be deleted by destructor, deterministicTimeVector = 0 means obtain time vector from system - X917RNG(BlockTransformation *cipher, const byte *seed, const byte *deterministicTimeVector = 0); - - void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size); - -private: - member_ptr<BlockTransformation> cipher; - unsigned int S; // blocksize of cipher - SecByteBlock dtbuf; // buffer for enciphered timestamp - SecByteBlock randseed, m_lastBlock, m_deterministicTimeVector; -}; - -/** This class implements Maurer's Universal Statistical Test for Random Bit Generators - it is intended for measuring the randomness of *PHYSICAL* RNGs. - For more details see his paper in Journal of Cryptology, 1992. */ - -class MaurerRandomnessTest : public Bufferless<Sink> -{ -public: - MaurerRandomnessTest(); - - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - - // BytesNeeded() returns how many more bytes of input is needed by the test - // GetTestValue() should not be called before BytesNeeded()==0 - unsigned int BytesNeeded() const {return n >= (Q+K) ? 0 : Q+K-n;} - - // returns a number between 0.0 and 1.0, describing the quality of the - // random numbers entered - double GetTestValue() const; - -private: - enum {L=8, V=256, Q=2000, K=2000}; - double sum; - unsigned int n; - unsigned int tab[V]; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rsa.cpp b/cryptopp562/rsa.cpp deleted file mode 100644 index 59449c4..0000000 --- a/cryptopp562/rsa.cpp +++ /dev/null @@ -1,304 +0,0 @@ -// rsa.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "rsa.h" -#include "asn.h" -#include "oids.h" -#include "modarith.h" -#include "nbtheory.h" -#include "sha.h" -#include "algparam.h" -#include "fips140.h" - -#if !defined(NDEBUG) && !defined(CRYPTOPP_IS_DLL) -#include "pssr.h" -NAMESPACE_BEGIN(CryptoPP) -void RSA_TestInstantiations() -{ - RSASS<PKCS1v15, SHA>::Verifier x1(1, 1); - RSASS<PKCS1v15, SHA>::Signer x2(NullRNG(), 1); - RSASS<PKCS1v15, SHA>::Verifier x3(x2); - RSASS<PKCS1v15, SHA>::Verifier x4(x2.GetKey()); - RSASS<PSS, SHA>::Verifier x5(x3); -#ifndef __MWERKS__ - RSASS<PSSR, SHA>::Signer x6 = x2; - x3 = x2; - x6 = x2; -#endif - RSAES<PKCS1v15>::Encryptor x7(x2); -#ifndef __GNUC__ - RSAES<PKCS1v15>::Encryptor x8(x3); -#endif - RSAES<OAEP<SHA> >::Encryptor x9(x2); - - x4 = x2.GetKey(); -} -NAMESPACE_END -#endif - -#ifndef CRYPTOPP_IMPORTS - -NAMESPACE_BEGIN(CryptoPP) - -OID RSAFunction::GetAlgorithmID() const -{ - return ASN1::rsaEncryption(); -} - -void RSAFunction::BERDecodePublicKey(BufferedTransformation &bt, bool, size_t) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - m_e.BERDecode(seq); - seq.MessageEnd(); -} - -void RSAFunction::DEREncodePublicKey(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - m_e.DEREncode(seq); - seq.MessageEnd(); -} - -Integer RSAFunction::ApplyFunction(const Integer &x) const -{ - DoQuickSanityCheck(); - return a_exp_b_mod_c(x, m_e, m_n); -} - -bool RSAFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_n > Integer::One() && m_n.IsOdd(); - pass = pass && m_e > Integer::One() && m_e.IsOdd() && m_e < m_n; - return pass; -} - -bool RSAFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent) - ; -} - -void RSAFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent) - ; -} - -// ***************************************************************************** - -class RSAPrimeSelector : public PrimeSelector -{ -public: - RSAPrimeSelector(const Integer &e) : m_e(e) {} - bool IsAcceptable(const Integer &candidate) const {return RelativelyPrime(m_e, candidate-Integer::One());} - Integer m_e; -}; - -void InvertibleRSAFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - int modulusSize = 2048; - alg.GetIntValue(Name::ModulusSize(), modulusSize) || alg.GetIntValue(Name::KeySize(), modulusSize); - - if (modulusSize < 16) - throw InvalidArgument("InvertibleRSAFunction: specified modulus size is too small"); - - m_e = alg.GetValueWithDefault(Name::PublicExponent(), Integer(17)); - - if (m_e < 3 || m_e.IsEven()) - throw InvalidArgument("InvertibleRSAFunction: invalid public exponent"); - - RSAPrimeSelector selector(m_e); - AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize) - (Name::PointerToPrimeSelector(), selector.GetSelectorPointer()); - m_p.GenerateRandom(rng, primeParam); - m_q.GenerateRandom(rng, primeParam); - - m_d = m_e.InverseMod(LCM(m_p-1, m_q-1)); - assert(m_d.IsPositive()); - - m_dp = m_d % (m_p-1); - m_dq = m_d % (m_q-1); - m_n = m_p * m_q; - m_u = m_q.InverseMod(m_p); - - if (FIPS_140_2_ComplianceEnabled()) - { - RSASS<PKCS1v15, SHA>::Signer signer(*this); - RSASS<PKCS1v15, SHA>::Verifier verifier(signer); - SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier); - - RSAES<OAEP<SHA> >::Decryptor decryptor(*this); - RSAES<OAEP<SHA> >::Encryptor encryptor(decryptor); - EncryptionPairwiseConsistencyTest_FIPS_140_Only(encryptor, decryptor); - } -} - -void InvertibleRSAFunction::Initialize(RandomNumberGenerator &rng, unsigned int keybits, const Integer &e) -{ - GenerateRandom(rng, MakeParameters(Name::ModulusSize(), (int)keybits)(Name::PublicExponent(), e+e.IsEven())); -} - -void InvertibleRSAFunction::Initialize(const Integer &n, const Integer &e, const Integer &d) -{ - if (n.IsEven() || e.IsEven() | d.IsEven()) - throw InvalidArgument("InvertibleRSAFunction: input is not a valid RSA private key"); - - m_n = n; - m_e = e; - m_d = d; - - Integer r = --(d*e); - unsigned int s = 0; - while (r.IsEven()) - { - r >>= 1; - s++; - } - - ModularArithmetic modn(n); - for (Integer i = 2; ; ++i) - { - Integer a = modn.Exponentiate(i, r); - if (a == 1) - continue; - Integer b; - unsigned int j = 0; - while (a != n-1) - { - b = modn.Square(a); - if (b == 1) - { - m_p = GCD(a-1, n); - m_q = n/m_p; - m_dp = m_d % (m_p-1); - m_dq = m_d % (m_q-1); - m_u = m_q.InverseMod(m_p); - return; - } - if (++j == s) - throw InvalidArgument("InvertibleRSAFunction: input is not a valid RSA private key"); - a = b; - } - } -} - -void InvertibleRSAFunction::BERDecodePrivateKey(BufferedTransformation &bt, bool, size_t) -{ - BERSequenceDecoder privateKey(bt); - word32 version; - BERDecodeUnsigned<word32>(privateKey, version, INTEGER, 0, 0); // check version - m_n.BERDecode(privateKey); - m_e.BERDecode(privateKey); - m_d.BERDecode(privateKey); - m_p.BERDecode(privateKey); - m_q.BERDecode(privateKey); - m_dp.BERDecode(privateKey); - m_dq.BERDecode(privateKey); - m_u.BERDecode(privateKey); - privateKey.MessageEnd(); -} - -void InvertibleRSAFunction::DEREncodePrivateKey(BufferedTransformation &bt) const -{ - DERSequenceEncoder privateKey(bt); - DEREncodeUnsigned<word32>(privateKey, 0); // version - m_n.DEREncode(privateKey); - m_e.DEREncode(privateKey); - m_d.DEREncode(privateKey); - m_p.DEREncode(privateKey); - m_q.DEREncode(privateKey); - m_dp.DEREncode(privateKey); - m_dq.DEREncode(privateKey); - m_u.DEREncode(privateKey); - privateKey.MessageEnd(); -} - -Integer InvertibleRSAFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const -{ - DoQuickSanityCheck(); - ModularArithmetic modn(m_n); - Integer r, rInv; - do { // do this in a loop for people using small numbers for testing - r.Randomize(rng, Integer::One(), m_n - Integer::One()); - rInv = modn.MultiplicativeInverse(r); - } while (rInv.IsZero()); - Integer re = modn.Exponentiate(r, m_e); - re = modn.Multiply(re, x); // blind - // here we follow the notation of PKCS #1 and let u=q inverse mod p - // but in ModRoot, u=p inverse mod q, so we reverse the order of p and q - Integer y = ModularRoot(re, m_dq, m_dp, m_q, m_p, m_u); - y = modn.Multiply(y, rInv); // unblind - if (modn.Exponentiate(y, m_e) != x) // check - throw Exception(Exception::OTHER_ERROR, "InvertibleRSAFunction: computational error during private key operation"); - return y; -} - -bool InvertibleRSAFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = RSAFunction::Validate(rng, level); - pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n; - pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n; - pass = pass && m_d > Integer::One() && m_d.IsOdd() && m_d < m_n; - pass = pass && m_dp > Integer::One() && m_dp.IsOdd() && m_dp < m_p; - pass = pass && m_dq > Integer::One() && m_dq.IsOdd() && m_dq < m_q; - pass = pass && m_u.IsPositive() && m_u < m_p; - if (level >= 1) - { - pass = pass && m_p * m_q == m_n; - pass = pass && m_e*m_d % LCM(m_p-1, m_q-1) == 1; - pass = pass && m_dp == m_d%(m_p-1) && m_dq == m_d%(m_q-1); - pass = pass && m_u * m_q % m_p == 1; - } - if (level >= 2) - pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); - return pass; -} - -bool InvertibleRSAFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper<RSAFunction>(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_GET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent) - CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime1PrivateExponent) - CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime2PrivateExponent) - CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -void InvertibleRSAFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper<RSAFunction>(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent) - CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime1PrivateExponent) - CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime2PrivateExponent) - CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -// ***************************************************************************** - -Integer RSAFunction_ISO::ApplyFunction(const Integer &x) const -{ - Integer t = RSAFunction::ApplyFunction(x); - return t % 16 == 12 ? t : m_n - t; -} - -Integer InvertibleRSAFunction_ISO::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const -{ - Integer t = InvertibleRSAFunction::CalculateInverse(rng, x); - return STDMIN(t, m_n-t); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rsa.h b/cryptopp562/rsa.h deleted file mode 100644 index 6a8b185..0000000 --- a/cryptopp562/rsa.h +++ /dev/null @@ -1,174 +0,0 @@ -#ifndef CRYPTOPP_RSA_H -#define CRYPTOPP_RSA_H - -/** \file - This file contains classes that implement the RSA - ciphers and signature schemes as defined in PKCS #1 v2.0. -*/ - -#include "pubkey.h" -#include "asn.h" -#include "pkcspad.h" -#include "oaep.h" -#include "emsa2.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_DLL RSAFunction : public TrapdoorFunction, public X509PublicKey -{ - typedef RSAFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &e) - {m_n = n; m_e = e;} - - // X509PublicKey - OID GetAlgorithmID() const; - void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size); - void DEREncodePublicKey(BufferedTransformation &bt) const; - - // CryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - // TrapdoorFunction - Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return m_n;} - Integer ImageBound() const {return m_n;} - - // non-derived - const Integer & GetModulus() const {return m_n;} - const Integer & GetPublicExponent() const {return m_e;} - - void SetModulus(const Integer &n) {m_n = n;} - void SetPublicExponent(const Integer &e) {m_e = e;} - -protected: - Integer m_n, m_e; -}; - -//! _ -class CRYPTOPP_DLL InvertibleRSAFunction : public RSAFunction, public TrapdoorFunctionInverse, public PKCS8PrivateKey -{ - typedef InvertibleRSAFunction ThisClass; - -public: - void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits, const Integer &e = 17); - void Initialize(const Integer &n, const Integer &e, const Integer &d, const Integer &p, const Integer &q, const Integer &dp, const Integer &dq, const Integer &u) - {m_n = n; m_e = e; m_d = d; m_p = p; m_q = q; m_dp = dp; m_dq = dq; m_u = u;} - //! factor n given private exponent - void Initialize(const Integer &n, const Integer &e, const Integer &d); - - // PKCS8PrivateKey - void BERDecode(BufferedTransformation &bt) - {PKCS8PrivateKey::BERDecode(bt);} - void DEREncode(BufferedTransformation &bt) const - {PKCS8PrivateKey::DEREncode(bt);} - void Load(BufferedTransformation &bt) - {PKCS8PrivateKey::BERDecode(bt);} - void Save(BufferedTransformation &bt) const - {PKCS8PrivateKey::DEREncode(bt);} - OID GetAlgorithmID() const {return RSAFunction::GetAlgorithmID();} - void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size); - void DEREncodePrivateKey(BufferedTransformation &bt) const; - - // TrapdoorFunctionInverse - Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; - - // GeneratableCryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - /*! parameters: (ModulusSize, PublicExponent (default 17)) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - // non-derived interface - const Integer& GetPrime1() const {return m_p;} - const Integer& GetPrime2() const {return m_q;} - const Integer& GetPrivateExponent() const {return m_d;} - const Integer& GetModPrime1PrivateExponent() const {return m_dp;} - const Integer& GetModPrime2PrivateExponent() const {return m_dq;} - const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} - - void SetPrime1(const Integer &p) {m_p = p;} - void SetPrime2(const Integer &q) {m_q = q;} - void SetPrivateExponent(const Integer &d) {m_d = d;} - void SetModPrime1PrivateExponent(const Integer &dp) {m_dp = dp;} - void SetModPrime2PrivateExponent(const Integer &dq) {m_dq = dq;} - void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} - -protected: - Integer m_d, m_p, m_q, m_dp, m_dq, m_u; -}; - -class CRYPTOPP_DLL RSAFunction_ISO : public RSAFunction -{ -public: - Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return ++(m_n>>1);} -}; - -class CRYPTOPP_DLL InvertibleRSAFunction_ISO : public InvertibleRSAFunction -{ -public: - Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; - Integer PreimageBound() const {return ++(m_n>>1);} -}; - -//! RSA -struct CRYPTOPP_DLL RSA -{ - static const char * CRYPTOPP_API StaticAlgorithmName() {return "RSA";} - typedef RSAFunction PublicKey; - typedef InvertibleRSAFunction PrivateKey; -}; - -//! <a href="http://www.weidai.com/scan-mirror/ca.html#RSA">RSA cryptosystem</a> -template <class STANDARD> -struct RSAES : public TF_ES<STANDARD, RSA> -{ -}; - -//! <a href="http://www.weidai.com/scan-mirror/sig.html#RSA">RSA signature scheme with appendix</a> -/*! See documentation of PKCS1v15 for a list of hash functions that can be used with it. */ -template <class STANDARD, class H> -struct RSASS : public TF_SS<STANDARD, H, RSA> -{ -}; - -struct CRYPTOPP_DLL RSA_ISO -{ - static const char * CRYPTOPP_API StaticAlgorithmName() {return "RSA-ISO";} - typedef RSAFunction_ISO PublicKey; - typedef InvertibleRSAFunction_ISO PrivateKey; -}; - -template <class H> -struct RSASS_ISO : public TF_SS<P1363_EMSA2, H, RSA_ISO> -{ -}; - -// The two RSA encryption schemes defined in PKCS #1 v2.0 -typedef RSAES<PKCS1v15>::Decryptor RSAES_PKCS1v15_Decryptor; -typedef RSAES<PKCS1v15>::Encryptor RSAES_PKCS1v15_Encryptor; - -typedef RSAES<OAEP<SHA> >::Decryptor RSAES_OAEP_SHA_Decryptor; -typedef RSAES<OAEP<SHA> >::Encryptor RSAES_OAEP_SHA_Encryptor; - -// The three RSA signature schemes defined in PKCS #1 v2.0 -typedef RSASS<PKCS1v15, SHA>::Signer RSASSA_PKCS1v15_SHA_Signer; -typedef RSASS<PKCS1v15, SHA>::Verifier RSASSA_PKCS1v15_SHA_Verifier; - -namespace Weak { -typedef RSASS<PKCS1v15, Weak1::MD2>::Signer RSASSA_PKCS1v15_MD2_Signer; -typedef RSASS<PKCS1v15, Weak1::MD2>::Verifier RSASSA_PKCS1v15_MD2_Verifier; - -typedef RSASS<PKCS1v15, Weak1::MD5>::Signer RSASSA_PKCS1v15_MD5_Signer; -typedef RSASS<PKCS1v15, Weak1::MD5>::Verifier RSASSA_PKCS1v15_MD5_Verifier; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rw.cpp b/cryptopp562/rw.cpp deleted file mode 100644 index cdd9f2d..0000000 --- a/cryptopp562/rw.cpp +++ /dev/null @@ -1,196 +0,0 @@ -// rw.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "rw.h" -#include "nbtheory.h" -#include "asn.h" - -#ifndef CRYPTOPP_IMPORTS - -NAMESPACE_BEGIN(CryptoPP) - -void RWFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - seq.MessageEnd(); -} - -void RWFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - seq.MessageEnd(); -} - -Integer RWFunction::ApplyFunction(const Integer &in) const -{ - DoQuickSanityCheck(); - - Integer out = in.Squared()%m_n; - const word r = 12; - // this code was written to handle both r = 6 and r = 12, - // but now only r = 12 is used in P1363 - const word r2 = r/2; - const word r3a = (16 + 5 - r) % 16; // n%16 could be 5 or 13 - const word r3b = (16 + 13 - r) % 16; - const word r4 = (8 + 5 - r/2) % 8; // n%8 == 5 - switch (out % 16) - { - case r: - break; - case r2: - case r2+8: - out <<= 1; - break; - case r3a: - case r3b: - out.Negate(); - out += m_n; - break; - case r4: - case r4+8: - out.Negate(); - out += m_n; - out <<= 1; - break; - default: - out = Integer::Zero(); - } - return out; -} - -bool RWFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_n > Integer::One() && m_n%8 == 5; - return pass; -} - -bool RWFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) - ; -} - -void RWFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) - ; -} - -// ***************************************************************************** -// private key operations: - -// generate a random private key -void InvertibleRWFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) -{ - int modulusSize = 2048; - alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize); - - if (modulusSize < 16) - throw InvalidArgument("InvertibleRWFunction: specified modulus length is too small"); - - AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize); - m_p.GenerateRandom(rng, CombinedNameValuePairs(primeParam, MakeParameters("EquivalentTo", 3)("Mod", 8))); - m_q.GenerateRandom(rng, CombinedNameValuePairs(primeParam, MakeParameters("EquivalentTo", 7)("Mod", 8))); - - m_n = m_p * m_q; - m_u = m_q.InverseMod(m_p); -} - -void InvertibleRWFunction::BERDecode(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_n.BERDecode(seq); - m_p.BERDecode(seq); - m_q.BERDecode(seq); - m_u.BERDecode(seq); - seq.MessageEnd(); -} - -void InvertibleRWFunction::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_n.DEREncode(seq); - m_p.DEREncode(seq); - m_q.DEREncode(seq); - m_u.DEREncode(seq); - seq.MessageEnd(); -} - -Integer InvertibleRWFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const -{ - DoQuickSanityCheck(); - ModularArithmetic modn(m_n); - Integer r, rInv; - do { // do this in a loop for people using small numbers for testing - r.Randomize(rng, Integer::One(), m_n - Integer::One()); - rInv = modn.MultiplicativeInverse(r); - } while (rInv.IsZero()); - Integer re = modn.Square(r); - re = modn.Multiply(re, x); // blind - - Integer cp=re%m_p, cq=re%m_q; - if (Jacobi(cp, m_p) * Jacobi(cq, m_q) != 1) - { - cp = cp.IsOdd() ? (cp+m_p) >> 1 : cp >> 1; - cq = cq.IsOdd() ? (cq+m_q) >> 1 : cq >> 1; - } - - #pragma omp parallel - #pragma omp sections - { - #pragma omp section - cp = ModularSquareRoot(cp, m_p); - #pragma omp section - cq = ModularSquareRoot(cq, m_q); - } - - Integer y = CRT(cq, m_q, cp, m_p, m_u); - y = modn.Multiply(y, rInv); // unblind - y = STDMIN(y, m_n-y); - if (ApplyFunction(y) != x) // check - throw Exception(Exception::OTHER_ERROR, "InvertibleRWFunction: computational error during private key operation"); - return y; -} - -bool InvertibleRWFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = RWFunction::Validate(rng, level); - pass = pass && m_p > Integer::One() && m_p%8 == 3 && m_p < m_n; - pass = pass && m_q > Integer::One() && m_q%8 == 7 && m_q < m_n; - pass = pass && m_u.IsPositive() && m_u < m_p; - if (level >= 1) - { - pass = pass && m_p * m_q == m_n; - pass = pass && m_u * m_q % m_p == 1; - } - if (level >= 2) - pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); - return pass; -} - -bool InvertibleRWFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper<RWFunction>(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_GET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -void InvertibleRWFunction::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper<RWFunction>(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime1) - CRYPTOPP_SET_FUNCTION_ENTRY(Prime2) - CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) - ; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/rw.h b/cryptopp562/rw.h deleted file mode 100644 index 6820251..0000000 --- a/cryptopp562/rw.h +++ /dev/null @@ -1,102 +0,0 @@ -#ifndef CRYPTOPP_RW_H -#define CRYPTOPP_RW_H - -/** \file - This file contains classes that implement the - Rabin-Williams signature schemes as defined in IEEE P1363. -*/ - -#include "pubkey.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_DLL RWFunction : public TrapdoorFunction, public PublicKey -{ - typedef RWFunction ThisClass; - -public: - void Initialize(const Integer &n) - {m_n = n;} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - void Save(BufferedTransformation &bt) const - {DEREncode(bt);} - void Load(BufferedTransformation &bt) - {BERDecode(bt);} - - Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return ++(m_n>>1);} - Integer ImageBound() const {return m_n;} - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - - const Integer& GetModulus() const {return m_n;} - void SetModulus(const Integer &n) {m_n = n;} - -protected: - Integer m_n; -}; - -//! _ -class CRYPTOPP_DLL InvertibleRWFunction : public RWFunction, public TrapdoorFunctionInverse, public PrivateKey -{ - typedef InvertibleRWFunction ThisClass; - -public: - void Initialize(const Integer &n, const Integer &p, const Integer &q, const Integer &u) - {m_n = n; m_p = p; m_q = q; m_u = u;} - // generate a random private key - void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits) - {GenerateRandomWithKeySize(rng, modulusBits);} - - void BERDecode(BufferedTransformation &bt); - void DEREncode(BufferedTransformation &bt) const; - - void Save(BufferedTransformation &bt) const - {DEREncode(bt);} - void Load(BufferedTransformation &bt) - {BERDecode(bt);} - - Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; - - // GeneratibleCryptoMaterial - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - /*! parameters: (ModulusSize) */ - void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); - - const Integer& GetPrime1() const {return m_p;} - const Integer& GetPrime2() const {return m_q;} - const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} - - void SetPrime1(const Integer &p) {m_p = p;} - void SetPrime2(const Integer &q) {m_q = q;} - void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} - -protected: - Integer m_p, m_q, m_u; -}; - -//! RW -struct RW -{ - static std::string StaticAlgorithmName() {return "RW";} - typedef RWFunction PublicKey; - typedef InvertibleRWFunction PrivateKey; -}; - -//! RWSS -template <class STANDARD, class H> -struct RWSS : public TF_SS<STANDARD, H, RW> -{ -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/safer.cpp b/cryptopp562/safer.cpp deleted file mode 100644 index d46ca64..0000000 --- a/cryptopp562/safer.cpp +++ /dev/null @@ -1,153 +0,0 @@ -// safer.cpp - modified by by Wei Dai from Richard De Moliner's safer.c - -#include "pch.h" -#include "safer.h" -#include "misc.h" -#include "argnames.h" - -NAMESPACE_BEGIN(CryptoPP) - -const byte SAFER::Base::exp_tab[256] = - {1, 45, 226, 147, 190, 69, 21, 174, 120, 3, 135, 164, 184, 56, 207, 63, - 8, 103, 9, 148, 235, 38, 168, 107, 189, 24, 52, 27, 187, 191, 114, 247, - 64, 53, 72, 156, 81, 47, 59, 85, 227, 192, 159, 216, 211, 243, 141, 177, - 255, 167, 62, 220, 134, 119, 215, 166, 17, 251, 244, 186, 146, 145, 100, 131, - 241, 51, 239, 218, 44, 181, 178, 43, 136, 209, 153, 203, 140, 132, 29, 20, - 129, 151, 113, 202, 95, 163, 139, 87, 60, 130, 196, 82, 92, 28, 232, 160, - 4, 180, 133, 74, 246, 19, 84, 182, 223, 12, 26, 142, 222, 224, 57, 252, - 32, 155, 36, 78, 169, 152, 158, 171, 242, 96, 208, 108, 234, 250, 199, 217, - 0, 212, 31, 110, 67, 188, 236, 83, 137, 254, 122, 93, 73, 201, 50, 194, - 249, 154, 248, 109, 22, 219, 89, 150, 68, 233, 205, 230, 70, 66, 143, 10, - 193, 204, 185, 101, 176, 210, 198, 172, 30, 65, 98, 41, 46, 14, 116, 80, - 2, 90, 195, 37, 123, 138, 42, 91, 240, 6, 13, 71, 111, 112, 157, 126, - 16, 206, 18, 39, 213, 76, 79, 214, 121, 48, 104, 54, 117, 125, 228, 237, - 128, 106, 144, 55, 162, 94, 118, 170, 197, 127, 61, 175, 165, 229, 25, 97, - 253, 77, 124, 183, 11, 238, 173, 75, 34, 245, 231, 115, 35, 33, 200, 5, - 225, 102, 221, 179, 88, 105, 99, 86, 15, 161, 49, 149, 23, 7, 58, 40}; - -const byte SAFER::Base::log_tab[256] = - {128, 0, 176, 9, 96, 239, 185, 253, 16, 18, 159, 228, 105, 186, 173, 248, - 192, 56, 194, 101, 79, 6, 148, 252, 25, 222, 106, 27, 93, 78, 168, 130, - 112, 237, 232, 236, 114, 179, 21, 195, 255, 171, 182, 71, 68, 1, 172, 37, - 201, 250, 142, 65, 26, 33, 203, 211, 13, 110, 254, 38, 88, 218, 50, 15, - 32, 169, 157, 132, 152, 5, 156, 187, 34, 140, 99, 231, 197, 225, 115, 198, - 175, 36, 91, 135, 102, 39, 247, 87, 244, 150, 177, 183, 92, 139, 213, 84, - 121, 223, 170, 246, 62, 163, 241, 17, 202, 245, 209, 23, 123, 147, 131, 188, - 189, 82, 30, 235, 174, 204, 214, 53, 8, 200, 138, 180, 226, 205, 191, 217, - 208, 80, 89, 63, 77, 98, 52, 10, 72, 136, 181, 86, 76, 46, 107, 158, - 210, 61, 60, 3, 19, 251, 151, 81, 117, 74, 145, 113, 35, 190, 118, 42, - 95, 249, 212, 85, 11, 220, 55, 49, 22, 116, 215, 119, 167, 230, 7, 219, - 164, 47, 70, 243, 97, 69, 103, 227, 12, 162, 59, 28, 133, 24, 4, 29, - 41, 160, 143, 178, 90, 216, 166, 126, 238, 141, 83, 75, 161, 154, 193, 14, - 122, 73, 165, 44, 129, 196, 199, 54, 43, 127, 67, 149, 51, 242, 108, 104, - 109, 240, 2, 40, 206, 221, 155, 234, 94, 153, 124, 20, 134, 207, 229, 66, - 184, 64, 120, 45, 58, 233, 100, 31, 146, 144, 125, 57, 111, 224, 137, 48}; - -#define EXP(x) exp_tab[(x)] -#define LOG(x) log_tab[(x)] -#define PHT(x, y) { y += x; x += y; } -#define IPHT(x, y) { x -= y; y -= x; } - -static const unsigned int BLOCKSIZE = 8; -static const unsigned int MAX_ROUNDS = 13; - -void SAFER::Base::UncheckedSetKey(const byte *userkey_1, unsigned int length, const NameValuePairs ¶ms) -{ - bool strengthened = Strengthened(); - unsigned int nof_rounds = params.GetIntValueWithDefault(Name::Rounds(), length == 8 ? (strengthened ? 8 : 6) : 10); - - const byte *userkey_2 = length == 8 ? userkey_1 : userkey_1 + 8; - keySchedule.New(1 + BLOCKSIZE * (1 + 2 * nof_rounds)); - - unsigned int i, j; - byte *key = keySchedule; - SecByteBlock ka(BLOCKSIZE + 1), kb(BLOCKSIZE + 1); - - if (MAX_ROUNDS < nof_rounds) - nof_rounds = MAX_ROUNDS; - *key++ = (unsigned char)nof_rounds; - ka[BLOCKSIZE] = 0; - kb[BLOCKSIZE] = 0; - for (j = 0; j < BLOCKSIZE; j++) - { - ka[BLOCKSIZE] ^= ka[j] = rotlFixed(userkey_1[j], 5U); - kb[BLOCKSIZE] ^= kb[j] = *key++ = userkey_2[j]; - } - - for (i = 1; i <= nof_rounds; i++) - { - for (j = 0; j < BLOCKSIZE + 1; j++) - { - ka[j] = rotlFixed(ka[j], 6U); - kb[j] = rotlFixed(kb[j], 6U); - } - for (j = 0; j < BLOCKSIZE; j++) - if (strengthened) - *key++ = (ka[(j + 2 * i - 1) % (BLOCKSIZE + 1)] - + exp_tab[exp_tab[18 * i + j + 1]]) & 0xFF; - else - *key++ = (ka[j] + exp_tab[exp_tab[18 * i + j + 1]]) & 0xFF; - for (j = 0; j < BLOCKSIZE; j++) - if (strengthened) - *key++ = (kb[(j + 2 * i) % (BLOCKSIZE + 1)] - + exp_tab[exp_tab[18 * i + j + 10]]) & 0xFF; - else - *key++ = (kb[j] + exp_tab[exp_tab[18 * i + j + 10]]) & 0xFF; - } -} - -typedef BlockGetAndPut<byte, BigEndian> Block; - -void SAFER::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - byte a, b, c, d, e, f, g, h, t; - const byte *key = keySchedule+1; - unsigned int round = keySchedule[0]; - - Block::Get(inBlock)(a)(b)(c)(d)(e)(f)(g)(h); - while(round--) - { - a ^= key[0]; b += key[1]; c += key[2]; d ^= key[3]; - e ^= key[4]; f += key[5]; g += key[6]; h ^= key[7]; - a = EXP(a) + key[ 8]; b = LOG(b) ^ key[ 9]; - c = LOG(c) ^ key[10]; d = EXP(d) + key[11]; - e = EXP(e) + key[12]; f = LOG(f) ^ key[13]; - g = LOG(g) ^ key[14]; h = EXP(h) + key[15]; - key += 16; - PHT(a, b); PHT(c, d); PHT(e, f); PHT(g, h); - PHT(a, c); PHT(e, g); PHT(b, d); PHT(f, h); - PHT(a, e); PHT(b, f); PHT(c, g); PHT(d, h); - t = b; b = e; e = c; c = t; t = d; d = f; f = g; g = t; - } - a ^= key[0]; b += key[1]; c += key[2]; d ^= key[3]; - e ^= key[4]; f += key[5]; g += key[6]; h ^= key[7]; - Block::Put(xorBlock, outBlock)(a)(b)(c)(d)(e)(f)(g)(h); -} - -void SAFER::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - byte a, b, c, d, e, f, g, h, t; - unsigned int round = keySchedule[0]; - const byte *key = keySchedule + BLOCKSIZE * (1 + 2 * round) - 7; - - Block::Get(inBlock)(a)(b)(c)(d)(e)(f)(g)(h); - h ^= key[7]; g -= key[6]; f -= key[5]; e ^= key[4]; - d ^= key[3]; c -= key[2]; b -= key[1]; a ^= key[0]; - while (round--) - { - key -= 16; - t = e; e = b; b = c; c = t; t = f; f = d; d = g; g = t; - IPHT(a, e); IPHT(b, f); IPHT(c, g); IPHT(d, h); - IPHT(a, c); IPHT(e, g); IPHT(b, d); IPHT(f, h); - IPHT(a, b); IPHT(c, d); IPHT(e, f); IPHT(g, h); - h -= key[15]; g ^= key[14]; f ^= key[13]; e -= key[12]; - d -= key[11]; c ^= key[10]; b ^= key[9]; a -= key[8]; - h = LOG(h) ^ key[7]; g = EXP(g) - key[6]; - f = EXP(f) - key[5]; e = LOG(e) ^ key[4]; - d = LOG(d) ^ key[3]; c = EXP(c) - key[2]; - b = EXP(b) - key[1]; a = LOG(a) ^ key[0]; - } - Block::Put(xorBlock, outBlock)(a)(b)(c)(d)(e)(f)(g)(h); -} - -NAMESPACE_END diff --git a/cryptopp562/safer.h b/cryptopp562/safer.h deleted file mode 100644 index f9a3c9e..0000000 --- a/cryptopp562/safer.h +++ /dev/null @@ -1,86 +0,0 @@ -#ifndef CRYPTOPP_SAFER_H -#define CRYPTOPP_SAFER_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// base class, do not use directly -class SAFER -{ -public: - class CRYPTOPP_NO_VTABLE Base : public BlockCipher - { - public: - unsigned int OptimalDataAlignment() const {return 1;} - void UncheckedSetKey(const byte *userkey, unsigned int length, const NameValuePairs ¶ms); - - protected: - virtual bool Strengthened() const =0; - - SecByteBlock keySchedule; - static const byte exp_tab[256]; - static const byte log_tab[256]; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; -}; - -template <class BASE, class INFO, bool STR> -class CRYPTOPP_NO_VTABLE SAFER_Impl : public BlockCipherImpl<INFO, BASE> -{ -protected: - bool Strengthened() const {return STR;} -}; - -//! _ -struct SAFER_K_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 8, 16, 8>, public VariableRounds<10, 1, 13> -{ - static const char *StaticAlgorithmName() {return "SAFER-K";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#SAFER-K">SAFER-K</a> -class SAFER_K : public SAFER_K_Info, public SAFER, public BlockCipherDocumentation -{ -public: - typedef BlockCipherFinal<ENCRYPTION, SAFER_Impl<Enc, SAFER_K_Info, false> > Encryption; - typedef BlockCipherFinal<DECRYPTION, SAFER_Impl<Dec, SAFER_K_Info, false> > Decryption; -}; - -//! _ -struct SAFER_SK_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 8, 16, 8>, public VariableRounds<10, 1, 13> -{ - static const char *StaticAlgorithmName() {return "SAFER-SK";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#SAFER-SK">SAFER-SK</a> -class SAFER_SK : public SAFER_SK_Info, public SAFER, public BlockCipherDocumentation -{ -public: - typedef BlockCipherFinal<ENCRYPTION, SAFER_Impl<Enc, SAFER_SK_Info, true> > Encryption; - typedef BlockCipherFinal<DECRYPTION, SAFER_Impl<Dec, SAFER_SK_Info, true> > Decryption; -}; - -typedef SAFER_K::Encryption SAFER_K_Encryption; -typedef SAFER_K::Decryption SAFER_K_Decryption; - -typedef SAFER_SK::Encryption SAFER_SK_Encryption; -typedef SAFER_SK::Decryption SAFER_SK_Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/salsa.cpp b/cryptopp562/salsa.cpp deleted file mode 100644 index bdc5d75..0000000 --- a/cryptopp562/salsa.cpp +++ /dev/null @@ -1,599 +0,0 @@ -// salsa.cpp - written and placed in the public domain by Wei Dai - -// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM salsa.cpp" to generate MASM code - -#include "pch.h" - -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#include "salsa.h" -#include "misc.h" -#include "argnames.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Salsa20_TestInstantiations() -{ - Salsa20::Encryption x; -} - -void Salsa20_Policy::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) -{ - m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20); - - if (!(m_rounds == 8 || m_rounds == 12 || m_rounds == 20)) - throw InvalidRounds(Salsa20::StaticAlgorithmName(), m_rounds); - - // m_state is reordered for SSE2 - GetBlock<word32, LittleEndian> get1(key); - get1(m_state[13])(m_state[10])(m_state[7])(m_state[4]); - GetBlock<word32, LittleEndian> get2(key + length - 16); - get2(m_state[15])(m_state[12])(m_state[9])(m_state[6]); - - // "expand 16-byte k" or "expand 32-byte k" - m_state[0] = 0x61707865; - m_state[1] = (length == 16) ? 0x3120646e : 0x3320646e; - m_state[2] = (length == 16) ? 0x79622d36 : 0x79622d32; - m_state[3] = 0x6b206574; -} - -void Salsa20_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length) -{ - assert(length==8); - GetBlock<word32, LittleEndian> get(IV); - get(m_state[14])(m_state[11]); - m_state[8] = m_state[5] = 0; -} - -void Salsa20_Policy::SeekToIteration(lword iterationCount) -{ - m_state[8] = (word32)iterationCount; - m_state[5] = (word32)SafeRightShift<32>(iterationCount); -} - -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 -unsigned int Salsa20_Policy::GetAlignment() const -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - if (HasSSE2()) - return 16; - else -#endif - return GetAlignmentOf<word32>(); -} - -unsigned int Salsa20_Policy::GetOptimalBlockSize() const -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - if (HasSSE2()) - return 4*BYTES_PER_ITERATION; - else -#endif - return BYTES_PER_ITERATION; -} -#endif - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE -extern "C" { -void Salsa20_OperateKeystream(byte *output, const byte *input, size_t iterationCount, int rounds, void *state); -} -#endif - -#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code - -void Salsa20_Policy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) -{ -#endif // #ifdef CRYPTOPP_GENERATE_X64_MASM - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE - Salsa20_OperateKeystream(output, input, iterationCount, m_rounds, m_state.data()); - return; -#endif - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#ifdef CRYPTOPP_GENERATE_X64_MASM - ALIGN 8 - Salsa20_OperateKeystream PROC FRAME - mov r10, [rsp + 5*8] ; state - alloc_stack(10*16 + 32*16 + 8) - save_xmm128 xmm6, 0200h - save_xmm128 xmm7, 0210h - save_xmm128 xmm8, 0220h - save_xmm128 xmm9, 0230h - save_xmm128 xmm10, 0240h - save_xmm128 xmm11, 0250h - save_xmm128 xmm12, 0260h - save_xmm128 xmm13, 0270h - save_xmm128 xmm14, 0280h - save_xmm128 xmm15, 0290h - .endprolog - - #define REG_output rcx - #define REG_input rdx - #define REG_iterationCount r8 - #define REG_state r10 - #define REG_rounds e9d - #define REG_roundsLeft eax - #define REG_temp32 r11d - #define REG_temp r11 - #define SSE2_WORKSPACE rsp -#else - if (HasSSE2()) - { - #if CRYPTOPP_BOOL_X64 - #define REG_output %1 - #define REG_input %0 - #define REG_iterationCount %2 - #define REG_state %4 /* constant */ - #define REG_rounds %3 /* constant */ - #define REG_roundsLeft eax - #define REG_temp32 edx - #define REG_temp rdx - #define SSE2_WORKSPACE %5 /* constant */ - - CRYPTOPP_ALIGN_DATA(16) byte workspace[16*32]; - #else - #define REG_output edi - #define REG_input eax - #define REG_iterationCount ecx - #define REG_state esi - #define REG_rounds edx - #define REG_roundsLeft ebx - #define REG_temp32 ebp - #define REG_temp ebp - #define SSE2_WORKSPACE esp + WORD_SZ - #endif - - #ifdef __GNUC__ - __asm__ __volatile__ - ( - ".intel_syntax noprefix;" - AS_PUSH_IF86( bx) - #else - void *s = m_state.data(); - word32 r = m_rounds; - - AS2( mov REG_iterationCount, iterationCount) - AS2( mov REG_input, input) - AS2( mov REG_output, output) - AS2( mov REG_state, s) - AS2( mov REG_rounds, r) - #endif -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM - - AS_PUSH_IF86( bp) - AS2( cmp REG_iterationCount, 4) - ASJ( jl, 5, f) - -#if CRYPTOPP_BOOL_X86 - AS2( mov ebx, esp) - AS2( and esp, -16) - AS2( sub esp, 32*16) - AS1( push ebx) -#endif - -#define SSE2_EXPAND_S(i, j) \ - ASS( pshufd xmm4, xmm##i, j, j, j, j) \ - AS2( movdqa [SSE2_WORKSPACE + (i*4+j)*16 + 256], xmm4) - - AS2( movdqa xmm0, [REG_state + 0*16]) - AS2( movdqa xmm1, [REG_state + 1*16]) - AS2( movdqa xmm2, [REG_state + 2*16]) - AS2( movdqa xmm3, [REG_state + 3*16]) - SSE2_EXPAND_S(0, 0) - SSE2_EXPAND_S(0, 1) - SSE2_EXPAND_S(0, 2) - SSE2_EXPAND_S(0, 3) - SSE2_EXPAND_S(1, 0) - SSE2_EXPAND_S(1, 2) - SSE2_EXPAND_S(1, 3) - SSE2_EXPAND_S(2, 1) - SSE2_EXPAND_S(2, 2) - SSE2_EXPAND_S(2, 3) - SSE2_EXPAND_S(3, 0) - SSE2_EXPAND_S(3, 1) - SSE2_EXPAND_S(3, 2) - SSE2_EXPAND_S(3, 3) - -#define SSE2_EXPAND_S85(i) \ - AS2( mov dword ptr [SSE2_WORKSPACE + 8*16 + i*4 + 256], REG_roundsLeft) \ - AS2( mov dword ptr [SSE2_WORKSPACE + 5*16 + i*4 + 256], REG_temp32) \ - AS2( add REG_roundsLeft, 1) \ - AS2( adc REG_temp32, 0) - - ASL(1) - AS2( mov REG_roundsLeft, dword ptr [REG_state + 8*4]) - AS2( mov REG_temp32, dword ptr [REG_state + 5*4]) - SSE2_EXPAND_S85(0) - SSE2_EXPAND_S85(1) - SSE2_EXPAND_S85(2) - SSE2_EXPAND_S85(3) - AS2( mov dword ptr [REG_state + 8*4], REG_roundsLeft) - AS2( mov dword ptr [REG_state + 5*4], REG_temp32) - -#define SSE2_QUARTER_ROUND(a, b, d, i) \ - AS2( movdqa xmm4, xmm##d) \ - AS2( paddd xmm4, xmm##a) \ - AS2( movdqa xmm5, xmm4) \ - AS2( pslld xmm4, i) \ - AS2( psrld xmm5, 32-i) \ - AS2( pxor xmm##b, xmm4) \ - AS2( pxor xmm##b, xmm5) - -#define L01(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##A, [SSE2_WORKSPACE + d*16 + i*256]) /* y3 */ -#define L02(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##C, [SSE2_WORKSPACE + a*16 + i*256]) /* y0 */ -#define L03(A,B,C,D,a,b,c,d,i) AS2( paddd xmm##A, xmm##C) /* y0+y3 */ -#define L04(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##B, xmm##A) -#define L05(A,B,C,D,a,b,c,d,i) AS2( pslld xmm##A, 7) -#define L06(A,B,C,D,a,b,c,d,i) AS2( psrld xmm##B, 32-7) -#define L07(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, [SSE2_WORKSPACE + b*16 + i*256]) -#define L08(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, xmm##B) /* z1 */ -#define L09(A,B,C,D,a,b,c,d,i) AS2( movdqa [SSE2_WORKSPACE + b*16], xmm##A) -#define L10(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##B, xmm##A) -#define L11(A,B,C,D,a,b,c,d,i) AS2( paddd xmm##A, xmm##C) /* z1+y0 */ -#define L12(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##D, xmm##A) -#define L13(A,B,C,D,a,b,c,d,i) AS2( pslld xmm##A, 9) -#define L14(A,B,C,D,a,b,c,d,i) AS2( psrld xmm##D, 32-9) -#define L15(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, [SSE2_WORKSPACE + c*16 + i*256]) -#define L16(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, xmm##D) /* z2 */ -#define L17(A,B,C,D,a,b,c,d,i) AS2( movdqa [SSE2_WORKSPACE + c*16], xmm##A) -#define L18(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##D, xmm##A) -#define L19(A,B,C,D,a,b,c,d,i) AS2( paddd xmm##A, xmm##B) /* z2+z1 */ -#define L20(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##B, xmm##A) -#define L21(A,B,C,D,a,b,c,d,i) AS2( pslld xmm##A, 13) -#define L22(A,B,C,D,a,b,c,d,i) AS2( psrld xmm##B, 32-13) -#define L23(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, [SSE2_WORKSPACE + d*16 + i*256]) -#define L24(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, xmm##B) /* z3 */ -#define L25(A,B,C,D,a,b,c,d,i) AS2( movdqa [SSE2_WORKSPACE + d*16], xmm##A) -#define L26(A,B,C,D,a,b,c,d,i) AS2( paddd xmm##A, xmm##D) /* z3+z2 */ -#define L27(A,B,C,D,a,b,c,d,i) AS2( movdqa xmm##D, xmm##A) -#define L28(A,B,C,D,a,b,c,d,i) AS2( pslld xmm##A, 18) -#define L29(A,B,C,D,a,b,c,d,i) AS2( psrld xmm##D, 32-18) -#define L30(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, xmm##C) /* xor y0 */ -#define L31(A,B,C,D,a,b,c,d,i) AS2( pxor xmm##A, xmm##D) /* z0 */ -#define L32(A,B,C,D,a,b,c,d,i) AS2( movdqa [SSE2_WORKSPACE + a*16], xmm##A) - -#define SSE2_QUARTER_ROUND_X8(i, a, b, c, d, e, f, g, h) \ - L01(0,1,2,3, a,b,c,d, i) L01(4,5,6,7, e,f,g,h, i) \ - L02(0,1,2,3, a,b,c,d, i) L02(4,5,6,7, e,f,g,h, i) \ - L03(0,1,2,3, a,b,c,d, i) L03(4,5,6,7, e,f,g,h, i) \ - L04(0,1,2,3, a,b,c,d, i) L04(4,5,6,7, e,f,g,h, i) \ - L05(0,1,2,3, a,b,c,d, i) L05(4,5,6,7, e,f,g,h, i) \ - L06(0,1,2,3, a,b,c,d, i) L06(4,5,6,7, e,f,g,h, i) \ - L07(0,1,2,3, a,b,c,d, i) L07(4,5,6,7, e,f,g,h, i) \ - L08(0,1,2,3, a,b,c,d, i) L08(4,5,6,7, e,f,g,h, i) \ - L09(0,1,2,3, a,b,c,d, i) L09(4,5,6,7, e,f,g,h, i) \ - L10(0,1,2,3, a,b,c,d, i) L10(4,5,6,7, e,f,g,h, i) \ - L11(0,1,2,3, a,b,c,d, i) L11(4,5,6,7, e,f,g,h, i) \ - L12(0,1,2,3, a,b,c,d, i) L12(4,5,6,7, e,f,g,h, i) \ - L13(0,1,2,3, a,b,c,d, i) L13(4,5,6,7, e,f,g,h, i) \ - L14(0,1,2,3, a,b,c,d, i) L14(4,5,6,7, e,f,g,h, i) \ - L15(0,1,2,3, a,b,c,d, i) L15(4,5,6,7, e,f,g,h, i) \ - L16(0,1,2,3, a,b,c,d, i) L16(4,5,6,7, e,f,g,h, i) \ - L17(0,1,2,3, a,b,c,d, i) L17(4,5,6,7, e,f,g,h, i) \ - L18(0,1,2,3, a,b,c,d, i) L18(4,5,6,7, e,f,g,h, i) \ - L19(0,1,2,3, a,b,c,d, i) L19(4,5,6,7, e,f,g,h, i) \ - L20(0,1,2,3, a,b,c,d, i) L20(4,5,6,7, e,f,g,h, i) \ - L21(0,1,2,3, a,b,c,d, i) L21(4,5,6,7, e,f,g,h, i) \ - L22(0,1,2,3, a,b,c,d, i) L22(4,5,6,7, e,f,g,h, i) \ - L23(0,1,2,3, a,b,c,d, i) L23(4,5,6,7, e,f,g,h, i) \ - L24(0,1,2,3, a,b,c,d, i) L24(4,5,6,7, e,f,g,h, i) \ - L25(0,1,2,3, a,b,c,d, i) L25(4,5,6,7, e,f,g,h, i) \ - L26(0,1,2,3, a,b,c,d, i) L26(4,5,6,7, e,f,g,h, i) \ - L27(0,1,2,3, a,b,c,d, i) L27(4,5,6,7, e,f,g,h, i) \ - L28(0,1,2,3, a,b,c,d, i) L28(4,5,6,7, e,f,g,h, i) \ - L29(0,1,2,3, a,b,c,d, i) L29(4,5,6,7, e,f,g,h, i) \ - L30(0,1,2,3, a,b,c,d, i) L30(4,5,6,7, e,f,g,h, i) \ - L31(0,1,2,3, a,b,c,d, i) L31(4,5,6,7, e,f,g,h, i) \ - L32(0,1,2,3, a,b,c,d, i) L32(4,5,6,7, e,f,g,h, i) - -#define SSE2_QUARTER_ROUND_X16(i, a, b, c, d, e, f, g, h, A, B, C, D, E, F, G, H) \ - L01(0,1,2,3, a,b,c,d, i) L01(4,5,6,7, e,f,g,h, i) L01(8,9,10,11, A,B,C,D, i) L01(12,13,14,15, E,F,G,H, i) \ - L02(0,1,2,3, a,b,c,d, i) L02(4,5,6,7, e,f,g,h, i) L02(8,9,10,11, A,B,C,D, i) L02(12,13,14,15, E,F,G,H, i) \ - L03(0,1,2,3, a,b,c,d, i) L03(4,5,6,7, e,f,g,h, i) L03(8,9,10,11, A,B,C,D, i) L03(12,13,14,15, E,F,G,H, i) \ - L04(0,1,2,3, a,b,c,d, i) L04(4,5,6,7, e,f,g,h, i) L04(8,9,10,11, A,B,C,D, i) L04(12,13,14,15, E,F,G,H, i) \ - L05(0,1,2,3, a,b,c,d, i) L05(4,5,6,7, e,f,g,h, i) L05(8,9,10,11, A,B,C,D, i) L05(12,13,14,15, E,F,G,H, i) \ - L06(0,1,2,3, a,b,c,d, i) L06(4,5,6,7, e,f,g,h, i) L06(8,9,10,11, A,B,C,D, i) L06(12,13,14,15, E,F,G,H, i) \ - L07(0,1,2,3, a,b,c,d, i) L07(4,5,6,7, e,f,g,h, i) L07(8,9,10,11, A,B,C,D, i) L07(12,13,14,15, E,F,G,H, i) \ - L08(0,1,2,3, a,b,c,d, i) L08(4,5,6,7, e,f,g,h, i) L08(8,9,10,11, A,B,C,D, i) L08(12,13,14,15, E,F,G,H, i) \ - L09(0,1,2,3, a,b,c,d, i) L09(4,5,6,7, e,f,g,h, i) L09(8,9,10,11, A,B,C,D, i) L09(12,13,14,15, E,F,G,H, i) \ - L10(0,1,2,3, a,b,c,d, i) L10(4,5,6,7, e,f,g,h, i) L10(8,9,10,11, A,B,C,D, i) L10(12,13,14,15, E,F,G,H, i) \ - L11(0,1,2,3, a,b,c,d, i) L11(4,5,6,7, e,f,g,h, i) L11(8,9,10,11, A,B,C,D, i) L11(12,13,14,15, E,F,G,H, i) \ - L12(0,1,2,3, a,b,c,d, i) L12(4,5,6,7, e,f,g,h, i) L12(8,9,10,11, A,B,C,D, i) L12(12,13,14,15, E,F,G,H, i) \ - L13(0,1,2,3, a,b,c,d, i) L13(4,5,6,7, e,f,g,h, i) L13(8,9,10,11, A,B,C,D, i) L13(12,13,14,15, E,F,G,H, i) \ - L14(0,1,2,3, a,b,c,d, i) L14(4,5,6,7, e,f,g,h, i) L14(8,9,10,11, A,B,C,D, i) L14(12,13,14,15, E,F,G,H, i) \ - L15(0,1,2,3, a,b,c,d, i) L15(4,5,6,7, e,f,g,h, i) L15(8,9,10,11, A,B,C,D, i) L15(12,13,14,15, E,F,G,H, i) \ - L16(0,1,2,3, a,b,c,d, i) L16(4,5,6,7, e,f,g,h, i) L16(8,9,10,11, A,B,C,D, i) L16(12,13,14,15, E,F,G,H, i) \ - L17(0,1,2,3, a,b,c,d, i) L17(4,5,6,7, e,f,g,h, i) L17(8,9,10,11, A,B,C,D, i) L17(12,13,14,15, E,F,G,H, i) \ - L18(0,1,2,3, a,b,c,d, i) L18(4,5,6,7, e,f,g,h, i) L18(8,9,10,11, A,B,C,D, i) L18(12,13,14,15, E,F,G,H, i) \ - L19(0,1,2,3, a,b,c,d, i) L19(4,5,6,7, e,f,g,h, i) L19(8,9,10,11, A,B,C,D, i) L19(12,13,14,15, E,F,G,H, i) \ - L20(0,1,2,3, a,b,c,d, i) L20(4,5,6,7, e,f,g,h, i) L20(8,9,10,11, A,B,C,D, i) L20(12,13,14,15, E,F,G,H, i) \ - L21(0,1,2,3, a,b,c,d, i) L21(4,5,6,7, e,f,g,h, i) L21(8,9,10,11, A,B,C,D, i) L21(12,13,14,15, E,F,G,H, i) \ - L22(0,1,2,3, a,b,c,d, i) L22(4,5,6,7, e,f,g,h, i) L22(8,9,10,11, A,B,C,D, i) L22(12,13,14,15, E,F,G,H, i) \ - L23(0,1,2,3, a,b,c,d, i) L23(4,5,6,7, e,f,g,h, i) L23(8,9,10,11, A,B,C,D, i) L23(12,13,14,15, E,F,G,H, i) \ - L24(0,1,2,3, a,b,c,d, i) L24(4,5,6,7, e,f,g,h, i) L24(8,9,10,11, A,B,C,D, i) L24(12,13,14,15, E,F,G,H, i) \ - L25(0,1,2,3, a,b,c,d, i) L25(4,5,6,7, e,f,g,h, i) L25(8,9,10,11, A,B,C,D, i) L25(12,13,14,15, E,F,G,H, i) \ - L26(0,1,2,3, a,b,c,d, i) L26(4,5,6,7, e,f,g,h, i) L26(8,9,10,11, A,B,C,D, i) L26(12,13,14,15, E,F,G,H, i) \ - L27(0,1,2,3, a,b,c,d, i) L27(4,5,6,7, e,f,g,h, i) L27(8,9,10,11, A,B,C,D, i) L27(12,13,14,15, E,F,G,H, i) \ - L28(0,1,2,3, a,b,c,d, i) L28(4,5,6,7, e,f,g,h, i) L28(8,9,10,11, A,B,C,D, i) L28(12,13,14,15, E,F,G,H, i) \ - L29(0,1,2,3, a,b,c,d, i) L29(4,5,6,7, e,f,g,h, i) L29(8,9,10,11, A,B,C,D, i) L29(12,13,14,15, E,F,G,H, i) \ - L30(0,1,2,3, a,b,c,d, i) L30(4,5,6,7, e,f,g,h, i) L30(8,9,10,11, A,B,C,D, i) L30(12,13,14,15, E,F,G,H, i) \ - L31(0,1,2,3, a,b,c,d, i) L31(4,5,6,7, e,f,g,h, i) L31(8,9,10,11, A,B,C,D, i) L31(12,13,14,15, E,F,G,H, i) \ - L32(0,1,2,3, a,b,c,d, i) L32(4,5,6,7, e,f,g,h, i) L32(8,9,10,11, A,B,C,D, i) L32(12,13,14,15, E,F,G,H, i) - -#if CRYPTOPP_BOOL_X64 - SSE2_QUARTER_ROUND_X16(1, 0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15) -#else - SSE2_QUARTER_ROUND_X8(1, 2, 6, 10, 14, 3, 7, 11, 15) - SSE2_QUARTER_ROUND_X8(1, 0, 4, 8, 12, 1, 5, 9, 13) -#endif - AS2( mov REG_roundsLeft, REG_rounds) - ASJ( jmp, 2, f) - - ASL(SSE2_Salsa_Output) - AS2( movdqa xmm0, xmm4) - AS2( punpckldq xmm4, xmm5) - AS2( movdqa xmm1, xmm6) - AS2( punpckldq xmm6, xmm7) - AS2( movdqa xmm2, xmm4) - AS2( punpcklqdq xmm4, xmm6) // e - AS2( punpckhqdq xmm2, xmm6) // f - AS2( punpckhdq xmm0, xmm5) - AS2( punpckhdq xmm1, xmm7) - AS2( movdqa xmm6, xmm0) - AS2( punpcklqdq xmm0, xmm1) // g - AS2( punpckhqdq xmm6, xmm1) // h - AS_XMM_OUTPUT4(SSE2_Salsa_Output_A, REG_input, REG_output, 4, 2, 0, 6, 1, 0, 4, 8, 12, 1) - AS1( ret) - - ASL(6) -#if CRYPTOPP_BOOL_X64 - SSE2_QUARTER_ROUND_X16(0, 0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15) - ASL(2) - SSE2_QUARTER_ROUND_X16(0, 0, 13, 10, 7, 1, 14, 11, 4, 2, 15, 8, 5, 3, 12, 9, 6) -#else - SSE2_QUARTER_ROUND_X8(0, 2, 6, 10, 14, 3, 7, 11, 15) - SSE2_QUARTER_ROUND_X8(0, 0, 4, 8, 12, 1, 5, 9, 13) - ASL(2) - SSE2_QUARTER_ROUND_X8(0, 2, 15, 8, 5, 3, 12, 9, 6) - SSE2_QUARTER_ROUND_X8(0, 0, 13, 10, 7, 1, 14, 11, 4) -#endif - AS2( sub REG_roundsLeft, 2) - ASJ( jnz, 6, b) - -#define SSE2_OUTPUT_4(a, b, c, d) \ - AS2( movdqa xmm4, [SSE2_WORKSPACE + a*16 + 256])\ - AS2( paddd xmm4, [SSE2_WORKSPACE + a*16])\ - AS2( movdqa xmm5, [SSE2_WORKSPACE + b*16 + 256])\ - AS2( paddd xmm5, [SSE2_WORKSPACE + b*16])\ - AS2( movdqa xmm6, [SSE2_WORKSPACE + c*16 + 256])\ - AS2( paddd xmm6, [SSE2_WORKSPACE + c*16])\ - AS2( movdqa xmm7, [SSE2_WORKSPACE + d*16 + 256])\ - AS2( paddd xmm7, [SSE2_WORKSPACE + d*16])\ - ASC( call, SSE2_Salsa_Output) - - SSE2_OUTPUT_4(0, 13, 10, 7) - SSE2_OUTPUT_4(4, 1, 14, 11) - SSE2_OUTPUT_4(8, 5, 2, 15) - SSE2_OUTPUT_4(12, 9, 6, 3) - AS2( test REG_input, REG_input) - ASJ( jz, 9, f) - AS2( add REG_input, 12*16) - ASL(9) - AS2( add REG_output, 12*16) - AS2( sub REG_iterationCount, 4) - AS2( cmp REG_iterationCount, 4) - ASJ( jge, 1, b) - AS_POP_IF86( sp) - - ASL(5) - AS2( sub REG_iterationCount, 1) - ASJ( jl, 4, f) - AS2( movdqa xmm0, [REG_state + 0*16]) - AS2( movdqa xmm1, [REG_state + 1*16]) - AS2( movdqa xmm2, [REG_state + 2*16]) - AS2( movdqa xmm3, [REG_state + 3*16]) - AS2( mov REG_roundsLeft, REG_rounds) - - ASL(0) - SSE2_QUARTER_ROUND(0, 1, 3, 7) - SSE2_QUARTER_ROUND(1, 2, 0, 9) - SSE2_QUARTER_ROUND(2, 3, 1, 13) - SSE2_QUARTER_ROUND(3, 0, 2, 18) - ASS( pshufd xmm1, xmm1, 2, 1, 0, 3) - ASS( pshufd xmm2, xmm2, 1, 0, 3, 2) - ASS( pshufd xmm3, xmm3, 0, 3, 2, 1) - SSE2_QUARTER_ROUND(0, 3, 1, 7) - SSE2_QUARTER_ROUND(3, 2, 0, 9) - SSE2_QUARTER_ROUND(2, 1, 3, 13) - SSE2_QUARTER_ROUND(1, 0, 2, 18) - ASS( pshufd xmm1, xmm1, 0, 3, 2, 1) - ASS( pshufd xmm2, xmm2, 1, 0, 3, 2) - ASS( pshufd xmm3, xmm3, 2, 1, 0, 3) - AS2( sub REG_roundsLeft, 2) - ASJ( jnz, 0, b) - - AS2( paddd xmm0, [REG_state + 0*16]) - AS2( paddd xmm1, [REG_state + 1*16]) - AS2( paddd xmm2, [REG_state + 2*16]) - AS2( paddd xmm3, [REG_state + 3*16]) - - AS2( add dword ptr [REG_state + 8*4], 1) - AS2( adc dword ptr [REG_state + 5*4], 0) - - AS2( pcmpeqb xmm6, xmm6) // all ones - AS2( psrlq xmm6, 32) // lo32 mask - ASS( pshufd xmm7, xmm6, 0, 1, 2, 3) // hi32 mask - AS2( movdqa xmm4, xmm0) - AS2( movdqa xmm5, xmm3) - AS2( pand xmm0, xmm7) - AS2( pand xmm4, xmm6) - AS2( pand xmm3, xmm6) - AS2( pand xmm5, xmm7) - AS2( por xmm4, xmm5) // 0,13,2,15 - AS2( movdqa xmm5, xmm1) - AS2( pand xmm1, xmm7) - AS2( pand xmm5, xmm6) - AS2( por xmm0, xmm5) // 4,1,6,3 - AS2( pand xmm6, xmm2) - AS2( pand xmm2, xmm7) - AS2( por xmm1, xmm6) // 8,5,10,7 - AS2( por xmm2, xmm3) // 12,9,14,11 - - AS2( movdqa xmm5, xmm4) - AS2( movdqa xmm6, xmm0) - AS3( shufpd xmm4, xmm1, 2) // 0,13,10,7 - AS3( shufpd xmm0, xmm2, 2) // 4,1,14,11 - AS3( shufpd xmm1, xmm5, 2) // 8,5,2,15 - AS3( shufpd xmm2, xmm6, 2) // 12,9,6,3 - - // output keystream - AS_XMM_OUTPUT4(SSE2_Salsa_Output_B, REG_input, REG_output, 4, 0, 1, 2, 3, 0, 1, 2, 3, 4) - ASJ( jmp, 5, b) - ASL(4) - - AS_POP_IF86( bp) -#ifdef __GNUC__ - AS_POP_IF86( bx) - ".att_syntax prefix;" - #if CRYPTOPP_BOOL_X64 - : "+r" (input), "+r" (output), "+r" (iterationCount) - : "r" (m_rounds), "r" (m_state.m_ptr), "r" (workspace) - : "%eax", "%rdx", "memory", "cc", "%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7", "%xmm8", "%xmm9", "%xmm10", "%xmm11", "%xmm12", "%xmm13", "%xmm14", "%xmm15" - #else - : "+a" (input), "+D" (output), "+c" (iterationCount) - : "d" (m_rounds), "S" (m_state.m_ptr) - : "memory", "cc" - #endif - ); -#endif -#ifdef CRYPTOPP_GENERATE_X64_MASM - movdqa xmm6, [rsp + 0200h] - movdqa xmm7, [rsp + 0210h] - movdqa xmm8, [rsp + 0220h] - movdqa xmm9, [rsp + 0230h] - movdqa xmm10, [rsp + 0240h] - movdqa xmm11, [rsp + 0250h] - movdqa xmm12, [rsp + 0260h] - movdqa xmm13, [rsp + 0270h] - movdqa xmm14, [rsp + 0280h] - movdqa xmm15, [rsp + 0290h] - add rsp, 10*16 + 32*16 + 8 - ret -Salsa20_OperateKeystream ENDP -#else - } - else -#endif -#endif -#ifndef CRYPTOPP_GENERATE_X64_MASM - { - word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; - - while (iterationCount--) - { - x0 = m_state[0]; x1 = m_state[1]; x2 = m_state[2]; x3 = m_state[3]; - x4 = m_state[4]; x5 = m_state[5]; x6 = m_state[6]; x7 = m_state[7]; - x8 = m_state[8]; x9 = m_state[9]; x10 = m_state[10]; x11 = m_state[11]; - x12 = m_state[12]; x13 = m_state[13]; x14 = m_state[14]; x15 = m_state[15]; - - for (int i=m_rounds; i>0; i-=2) - { - #define QUARTER_ROUND(a, b, c, d) \ - b = b ^ rotlFixed(a + d, 7); \ - c = c ^ rotlFixed(b + a, 9); \ - d = d ^ rotlFixed(c + b, 13); \ - a = a ^ rotlFixed(d + c, 18); - - QUARTER_ROUND(x0, x4, x8, x12) - QUARTER_ROUND(x1, x5, x9, x13) - QUARTER_ROUND(x2, x6, x10, x14) - QUARTER_ROUND(x3, x7, x11, x15) - - QUARTER_ROUND(x0, x13, x10, x7) - QUARTER_ROUND(x1, x14, x11, x4) - QUARTER_ROUND(x2, x15, x8, x5) - QUARTER_ROUND(x3, x12, x9, x6) - } - - #define SALSA_OUTPUT(x) {\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 0, x0 + m_state[0]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 1, x13 + m_state[13]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 2, x10 + m_state[10]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 3, x7 + m_state[7]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 4, x4 + m_state[4]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 5, x1 + m_state[1]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 6, x14 + m_state[14]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 7, x11 + m_state[11]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 8, x8 + m_state[8]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 9, x5 + m_state[5]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 10, x2 + m_state[2]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 11, x15 + m_state[15]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 12, x12 + m_state[12]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 13, x9 + m_state[9]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 14, x6 + m_state[6]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 15, x3 + m_state[3]);} - -#ifndef CRYPTOPP_DOXYGEN_PROCESSING - CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(SALSA_OUTPUT, BYTES_PER_ITERATION); -#endif - - if (++m_state[8] == 0) - ++m_state[5]; - } - } -} // see comment above if an internal compiler error occurs here - -void XSalsa20_Policy::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) -{ - m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20); - - if (!(m_rounds == 8 || m_rounds == 12 || m_rounds == 20)) - throw InvalidRounds(XSalsa20::StaticAlgorithmName(), m_rounds); - - GetUserKey(LITTLE_ENDIAN_ORDER, m_key.begin(), m_key.size(), key, length); - if (length == 16) - memcpy(m_key.begin()+4, m_key.begin(), 16); - - // "expand 32-byte k" - m_state[0] = 0x61707865; - m_state[1] = 0x3320646e; - m_state[2] = 0x79622d32; - m_state[3] = 0x6b206574; -} - -void XSalsa20_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length) -{ - assert(length==24); - - word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; - - GetBlock<word32, LittleEndian> get(IV); - get(x14)(x11)(x8)(x5)(m_state[14])(m_state[11]); - - x13 = m_key[0]; x10 = m_key[1]; x7 = m_key[2]; x4 = m_key[3]; - x15 = m_key[4]; x12 = m_key[5]; x9 = m_key[6]; x6 = m_key[7]; - x0 = m_state[0]; x1 = m_state[1]; x2 = m_state[2]; x3 = m_state[3]; - - for (int i=m_rounds; i>0; i-=2) - { - QUARTER_ROUND(x0, x4, x8, x12) - QUARTER_ROUND(x1, x5, x9, x13) - QUARTER_ROUND(x2, x6, x10, x14) - QUARTER_ROUND(x3, x7, x11, x15) - - QUARTER_ROUND(x0, x13, x10, x7) - QUARTER_ROUND(x1, x14, x11, x4) - QUARTER_ROUND(x2, x15, x8, x5) - QUARTER_ROUND(x3, x12, x9, x6) - } - - m_state[13] = x0; m_state[10] = x1; m_state[7] = x2; m_state[4] = x3; - m_state[15] = x14; m_state[12] = x11; m_state[9] = x8; m_state[6] = x5; - m_state[8] = m_state[5] = 0; -} - -NAMESPACE_END - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM diff --git a/cryptopp562/salsa.h b/cryptopp562/salsa.h deleted file mode 100644 index 49af885..0000000 --- a/cryptopp562/salsa.h +++ /dev/null @@ -1,65 +0,0 @@ -// salsa.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_SALSA_H -#define CRYPTOPP_SALSA_H - -#include "strciphr.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Salsa20_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8> -{ - static const char *StaticAlgorithmName() {return "Salsa20";} -}; - -class CRYPTOPP_NO_VTABLE Salsa20_Policy : public AdditiveCipherConcretePolicy<word32, 16> -{ -protected: - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); - bool CipherIsRandomAccess() const {return true;} - void SeekToIteration(lword iterationCount); -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 - unsigned int GetAlignment() const; - unsigned int GetOptimalBlockSize() const; -#endif - - FixedSizeAlignedSecBlock<word32, 16> m_state; - int m_rounds; -}; - -/// <a href="http://www.cryptolounge.org/wiki/Salsa20">Salsa20</a>, variable rounds: 8, 12 or 20 (default 20) -struct Salsa20 : public Salsa20_Info, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal<ConcretePolicyHolder<Salsa20_Policy, AdditiveCipherTemplate<> >, Salsa20_Info> Encryption; - typedef Encryption Decryption; -}; - -//! _ -struct XSalsa20_Info : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 24> -{ - static const char *StaticAlgorithmName() {return "XSalsa20";} -}; - -class CRYPTOPP_NO_VTABLE XSalsa20_Policy : public Salsa20_Policy -{ -public: - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); - -protected: - FixedSizeSecBlock<word32, 8> m_key; -}; - -/// <a href="http://www.cryptolounge.org/wiki/XSalsa20">XSalsa20</a>, variable rounds: 8, 12 or 20 (default 20) -struct XSalsa20 : public XSalsa20_Info, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal<ConcretePolicyHolder<XSalsa20_Policy, AdditiveCipherTemplate<> >, XSalsa20_Info> Encryption; - typedef Encryption Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/seal.cpp b/cryptopp562/seal.cpp deleted file mode 100644 index f49b522..0000000 --- a/cryptopp562/seal.cpp +++ /dev/null @@ -1,213 +0,0 @@ -// seal.cpp - written and placed in the public domain by Wei Dai -// updated to SEAL 3.0 by Leonard Janke - -#include "pch.h" - -#include "seal.h" -#include "sha.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void SEAL_TestInstantiations() -{ - SEAL<>::Encryption x; -} - -struct SEAL_Gamma -{ - SEAL_Gamma(const byte *key) - : H(5), Z(5), D(16), lastIndex(0xffffffff) - { - GetUserKey(BIG_ENDIAN_ORDER, H.begin(), 5, key, 20); - memset(D, 0, 64); - } - - word32 Apply(word32 i); - - SecBlock<word32> H, Z, D; - word32 lastIndex; -}; - -word32 SEAL_Gamma::Apply(word32 i) -{ - word32 shaIndex = i/5; - if (shaIndex != lastIndex) - { - memcpy(Z, H, 20); - D[0] = shaIndex; - SHA::Transform(Z, D); - lastIndex = shaIndex; - } - return Z[i%5]; -} - -template <class B> -void SEAL_Policy<B>::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) -{ - m_insideCounter = m_outsideCounter = m_startCount = 0; - - unsigned int L = params.GetIntValueWithDefault("NumberOfOutputBitsPerPositionIndex", 32*1024); - m_iterationsPerCount = L / 8192; - - SEAL_Gamma gamma(key); - unsigned int i; - - for (i=0; i<512; i++) - m_T[i] = gamma.Apply(i); - - for (i=0; i<256; i++) - m_S[i] = gamma.Apply(0x1000+i); - - m_R.New(4*(L/8192)); - - for (i=0; i<m_R.size(); i++) - m_R[i] = gamma.Apply(0x2000+i); -} - -template <class B> -void SEAL_Policy<B>::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length) -{ - assert(length==4); - m_outsideCounter = IV ? GetWord<word32>(false, BIG_ENDIAN_ORDER, IV) : 0; - m_startCount = m_outsideCounter; - m_insideCounter = 0; -} - -template <class B> -void SEAL_Policy<B>::SeekToIteration(lword iterationCount) -{ - m_outsideCounter = m_startCount + (unsigned int)(iterationCount / m_iterationsPerCount); - m_insideCounter = (unsigned int)(iterationCount % m_iterationsPerCount); -} - -template <class B> -void SEAL_Policy<B>::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) -{ - word32 a, b, c, d, n1, n2, n3, n4; - unsigned int p, q; - - for (size_t iteration = 0; iteration < iterationCount; ++iteration) - { -#define Ttab(x) *(word32 *)((byte *)m_T.begin()+x) - - a = m_outsideCounter ^ m_R[4*m_insideCounter]; - b = rotrFixed(m_outsideCounter, 8U) ^ m_R[4*m_insideCounter+1]; - c = rotrFixed(m_outsideCounter, 16U) ^ m_R[4*m_insideCounter+2]; - d = rotrFixed(m_outsideCounter, 24U) ^ m_R[4*m_insideCounter+3]; - - for (unsigned int j=0; j<2; j++) - { - p = a & 0x7fc; - b += Ttab(p); - a = rotrFixed(a, 9U); - - p = b & 0x7fc; - c += Ttab(p); - b = rotrFixed(b, 9U); - - p = c & 0x7fc; - d += Ttab(p); - c = rotrFixed(c, 9U); - - p = d & 0x7fc; - a += Ttab(p); - d = rotrFixed(d, 9U); - } - - n1 = d, n2 = b, n3 = a, n4 = c; - - p = a & 0x7fc; - b += Ttab(p); - a = rotrFixed(a, 9U); - - p = b & 0x7fc; - c += Ttab(p); - b = rotrFixed(b, 9U); - - p = c & 0x7fc; - d += Ttab(p); - c = rotrFixed(c, 9U); - - p = d & 0x7fc; - a += Ttab(p); - d = rotrFixed(d, 9U); - - // generate 8192 bits - for (unsigned int i=0; i<64; i++) - { - p = a & 0x7fc; - a = rotrFixed(a, 9U); - b += Ttab(p); - b ^= a; - - q = b & 0x7fc; - b = rotrFixed(b, 9U); - c ^= Ttab(q); - c += b; - - p = (p+c) & 0x7fc; - c = rotrFixed(c, 9U); - d += Ttab(p); - d ^= c; - - q = (q+d) & 0x7fc; - d = rotrFixed(d, 9U); - a ^= Ttab(q); - a += d; - - p = (p+a) & 0x7fc; - b ^= Ttab(p); - a = rotrFixed(a, 9U); - - q = (q+b) & 0x7fc; - c += Ttab(q); - b = rotrFixed(b, 9U); - - p = (p+c) & 0x7fc; - d ^= Ttab(p); - c = rotrFixed(c, 9U); - - q = (q+d) & 0x7fc; - d = rotrFixed(d, 9U); - a += Ttab(q); - -#define SEAL_OUTPUT(x) \ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 0, b + m_S[4*i+0]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 1, c ^ m_S[4*i+1]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 2, d + m_S[4*i+2]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 3, a ^ m_S[4*i+3]); - - CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(SEAL_OUTPUT, 4*4); - - if (i & 1) - { - a += n3; - b += n4; - c ^= n3; - d ^= n4; - } - else - { - a += n1; - b += n2; - c ^= n1; - d ^= n2; - } - } - - if (++m_insideCounter == m_iterationsPerCount) - { - ++m_outsideCounter; - m_insideCounter = 0; - } - } - - a = b = c = d = n1 = n2 = n3 = n4 = 0; - p = q = 0; -} - -template class SEAL_Policy<BigEndian>; -template class SEAL_Policy<LittleEndian>; - -NAMESPACE_END diff --git a/cryptopp562/seal.h b/cryptopp562/seal.h deleted file mode 100644 index e14ae1c..0000000 --- a/cryptopp562/seal.h +++ /dev/null @@ -1,44 +0,0 @@ -#ifndef CRYPTOPP_SEAL_H -#define CRYPTOPP_SEAL_H - -#include "strciphr.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class B = BigEndian> -struct SEAL_Info : public FixedKeyLength<20, SimpleKeyingInterface::INTERNALLY_GENERATED_IV, 4> -{ - static const char *StaticAlgorithmName() {return B::ToEnum() == LITTLE_ENDIAN_ORDER ? "SEAL-3.0-LE" : "SEAL-3.0-BE";} -}; - -template <class B = BigEndian> -class CRYPTOPP_NO_VTABLE SEAL_Policy : public AdditiveCipherConcretePolicy<word32, 256>, public SEAL_Info<B> -{ -protected: - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); - bool CipherIsRandomAccess() const {return true;} - void SeekToIteration(lword iterationCount); - -private: - FixedSizeSecBlock<word32, 512> m_T; - FixedSizeSecBlock<word32, 256> m_S; - SecBlock<word32> m_R; - - word32 m_startCount, m_iterationsPerCount; - word32 m_outsideCounter, m_insideCounter; -}; - -//! <a href="http://www.weidai.com/scan-mirror/cs.html#SEAL-3.0-BE">SEAL</a> -template <class B = BigEndian> -struct SEAL : public SEAL_Info<B>, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal<ConcretePolicyHolder<SEAL_Policy<B>, AdditiveCipherTemplate<> >, SEAL_Info<B> > Encryption; - typedef Encryption Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/secblock.h b/cryptopp562/secblock.h deleted file mode 100644 index 40cce33..0000000 --- a/cryptopp562/secblock.h +++ /dev/null @@ -1,467 +0,0 @@ -// secblock.h - written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_SECBLOCK_H -#define CRYPTOPP_SECBLOCK_H - -#include "config.h" -#include "misc.h" -#include <assert.h> - -NAMESPACE_BEGIN(CryptoPP) - -// ************** secure memory allocation *************** - -template<class T> -class AllocatorBase -{ -public: - typedef T value_type; - typedef size_t size_type; -#ifdef CRYPTOPP_MSVCRT6 - typedef ptrdiff_t difference_type; -#else - typedef std::ptrdiff_t difference_type; -#endif - typedef T * pointer; - typedef const T * const_pointer; - typedef T & reference; - typedef const T & const_reference; - - pointer address(reference r) const {return (&r);} - const_pointer address(const_reference r) const {return (&r); } - void construct(pointer p, const T& val) {new (p) T(val);} - void destroy(pointer p) {p->~T();} - size_type max_size() const {return ~size_type(0)/sizeof(T);} // switch to std::numeric_limits<T>::max later - -protected: - static void CheckSize(size_t n) - { - if (n > ~size_t(0) / sizeof(T)) - throw InvalidArgument("AllocatorBase: requested size would cause integer overflow"); - } -}; - -#define CRYPTOPP_INHERIT_ALLOCATOR_TYPES \ -typedef typename AllocatorBase<T>::value_type value_type;\ -typedef typename AllocatorBase<T>::size_type size_type;\ -typedef typename AllocatorBase<T>::difference_type difference_type;\ -typedef typename AllocatorBase<T>::pointer pointer;\ -typedef typename AllocatorBase<T>::const_pointer const_pointer;\ -typedef typename AllocatorBase<T>::reference reference;\ -typedef typename AllocatorBase<T>::const_reference const_reference; - -#if defined(_MSC_VER) && (_MSC_VER < 1300) -// this pragma causes an internal compiler error if placed immediately before std::swap(a, b) -#pragma warning(push) -#pragma warning(disable: 4700) // VC60 workaround: don't know how to get rid of this warning -#endif - -template <class T, class A> -typename A::pointer StandardReallocate(A& a, T *p, typename A::size_type oldSize, typename A::size_type newSize, bool preserve) -{ - if (oldSize == newSize) - return p; - - if (preserve) - { - typename A::pointer newPointer = a.allocate(newSize, NULL); - memcpy_s(newPointer, sizeof(T)*newSize, p, sizeof(T)*STDMIN(oldSize, newSize)); - a.deallocate(p, oldSize); - return newPointer; - } - else - { - a.deallocate(p, oldSize); - return a.allocate(newSize, NULL); - } -} - -#if defined(_MSC_VER) && (_MSC_VER < 1300) -#pragma warning(pop) -#endif - -template <class T, bool T_Align16 = false> -class AllocatorWithCleanup : public AllocatorBase<T> -{ -public: - CRYPTOPP_INHERIT_ALLOCATOR_TYPES - - pointer allocate(size_type n, const void * = NULL) - { - this->CheckSize(n); - if (n == 0) - return NULL; - -#if CRYPTOPP_BOOL_ALIGN16_ENABLED - if (T_Align16 && n*sizeof(T) >= 16) - return (pointer)AlignedAllocate(n*sizeof(T)); -#endif - - return (pointer)UnalignedAllocate(n*sizeof(T)); - } - - void deallocate(void *p, size_type n) - { - SecureWipeArray((pointer)p, n); - -#if CRYPTOPP_BOOL_ALIGN16_ENABLED - if (T_Align16 && n*sizeof(T) >= 16) - return AlignedDeallocate(p); -#endif - - UnalignedDeallocate(p); - } - - pointer reallocate(T *p, size_type oldSize, size_type newSize, bool preserve) - { - return StandardReallocate(*this, p, oldSize, newSize, preserve); - } - - // VS.NET STL enforces the policy of "All STL-compliant allocators have to provide a - // template class member called rebind". - template <class U> struct rebind { typedef AllocatorWithCleanup<U, T_Align16> other; }; -#if _MSC_VER >= 1500 - AllocatorWithCleanup() {} - template <class U, bool A> AllocatorWithCleanup(const AllocatorWithCleanup<U, A> &) {} -#endif -}; - -CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup<byte>; -CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup<word16>; -CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup<word32>; -CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup<word64>; -#if CRYPTOPP_BOOL_X86 -CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup<word, true>; // for Integer -#endif - -template <class T> -class NullAllocator : public AllocatorBase<T> -{ -public: - CRYPTOPP_INHERIT_ALLOCATOR_TYPES - - pointer allocate(size_type n, const void * = NULL) - { - assert(false); - return NULL; - } - - void deallocate(void *p, size_type n) - { - assert(false); - } - - size_type max_size() const {return 0;} -}; - -// This allocator can't be used with standard collections because -// they require that all objects of the same allocator type are equivalent. -// So this is for use with SecBlock only. -template <class T, size_t S, class A = NullAllocator<T>, bool T_Align16 = false> -class FixedSizeAllocatorWithCleanup : public AllocatorBase<T> -{ -public: - CRYPTOPP_INHERIT_ALLOCATOR_TYPES - - FixedSizeAllocatorWithCleanup() : m_allocated(false) {} - - pointer allocate(size_type n) - { - assert(IsAlignedOn(m_array, 8)); - - if (n <= S && !m_allocated) - { - m_allocated = true; - return GetAlignedArray(); - } - else - return m_fallbackAllocator.allocate(n); - } - - pointer allocate(size_type n, const void *hint) - { - if (n <= S && !m_allocated) - { - m_allocated = true; - return GetAlignedArray(); - } - else - return m_fallbackAllocator.allocate(n, hint); - } - - void deallocate(void *p, size_type n) - { - if (p == GetAlignedArray()) - { - assert(n <= S); - assert(m_allocated); - m_allocated = false; - SecureWipeArray((pointer)p, n); - } - else - m_fallbackAllocator.deallocate(p, n); - } - - pointer reallocate(pointer p, size_type oldSize, size_type newSize, bool preserve) - { - if (p == GetAlignedArray() && newSize <= S) - { - assert(oldSize <= S); - if (oldSize > newSize) - SecureWipeArray(p+newSize, oldSize-newSize); - return p; - } - - pointer newPointer = allocate(newSize, NULL); - if (preserve) - memcpy(newPointer, p, sizeof(T)*STDMIN(oldSize, newSize)); - deallocate(p, oldSize); - return newPointer; - } - - size_type max_size() const {return STDMAX(m_fallbackAllocator.max_size(), S);} - -private: -#ifdef __BORLANDC__ - T* GetAlignedArray() {return m_array;} - T m_array[S]; -#else - T* GetAlignedArray() {return (CRYPTOPP_BOOL_ALIGN16_ENABLED && T_Align16) ? (T*)(((byte *)m_array) + (0-(size_t)m_array)%16) : m_array;} - CRYPTOPP_ALIGN_DATA(8) T m_array[(CRYPTOPP_BOOL_ALIGN16_ENABLED && T_Align16) ? S+8/sizeof(T) : S]; -#endif - A m_fallbackAllocator; - bool m_allocated; -}; - -//! a block of memory allocated using A -template <class T, class A = AllocatorWithCleanup<T> > -class SecBlock -{ -public: - typedef typename A::value_type value_type; - typedef typename A::pointer iterator; - typedef typename A::const_pointer const_iterator; - typedef typename A::size_type size_type; - - explicit SecBlock(size_type size=0) - : m_size(size) {m_ptr = m_alloc.allocate(size, NULL);} - SecBlock(const SecBlock<T, A> &t) - : m_size(t.m_size) {m_ptr = m_alloc.allocate(m_size, NULL); memcpy_s(m_ptr, m_size*sizeof(T), t.m_ptr, m_size*sizeof(T));} - SecBlock(const T *t, size_type len) - : m_size(len) - { - m_ptr = m_alloc.allocate(len, NULL); - if (t == NULL) - memset_z(m_ptr, 0, len*sizeof(T)); - else - memcpy(m_ptr, t, len*sizeof(T)); - } - - ~SecBlock() - {m_alloc.deallocate(m_ptr, m_size);} - -#ifdef __BORLANDC__ - operator T *() const - {return (T*)m_ptr;} -#else - operator const void *() const - {return m_ptr;} - operator void *() - {return m_ptr;} - - operator const T *() const - {return m_ptr;} - operator T *() - {return m_ptr;} -#endif - -// T *operator +(size_type offset) -// {return m_ptr+offset;} - -// const T *operator +(size_type offset) const -// {return m_ptr+offset;} - -// T& operator[](size_type index) -// {assert(index >= 0 && index < m_size); return m_ptr[index];} - -// const T& operator[](size_type index) const -// {assert(index >= 0 && index < m_size); return m_ptr[index];} - - iterator begin() - {return m_ptr;} - const_iterator begin() const - {return m_ptr;} - iterator end() - {return m_ptr+m_size;} - const_iterator end() const - {return m_ptr+m_size;} - - typename A::pointer data() {return m_ptr;} - typename A::const_pointer data() const {return m_ptr;} - - size_type size() const {return m_size;} - bool empty() const {return m_size == 0;} - - byte * BytePtr() {return (byte *)m_ptr;} - const byte * BytePtr() const {return (const byte *)m_ptr;} - size_type SizeInBytes() const {return m_size*sizeof(T);} - - //! set contents and size - void Assign(const T *t, size_type len) - { - New(len); - memcpy_s(m_ptr, m_size*sizeof(T), t, len*sizeof(T)); - } - - //! copy contents and size from another SecBlock - void Assign(const SecBlock<T, A> &t) - { - if (this != &t) - { - New(t.m_size); - memcpy_s(m_ptr, m_size*sizeof(T), t.m_ptr, m_size*sizeof(T)); - } - } - - SecBlock<T, A>& operator=(const SecBlock<T, A> &t) - { - Assign(t); - return *this; - } - - // append to this object - SecBlock<T, A>& operator+=(const SecBlock<T, A> &t) - { - size_type oldSize = m_size; - Grow(m_size+t.m_size); - memcpy_s(m_ptr+oldSize, m_size*sizeof(T), t.m_ptr, t.m_size*sizeof(T)); - return *this; - } - - // append operator - SecBlock<T, A> operator+(const SecBlock<T, A> &t) - { - SecBlock<T, A> result(m_size+t.m_size); - memcpy_s(result.m_ptr, result.m_size*sizeof(T), m_ptr, m_size*sizeof(T)); - memcpy_s(result.m_ptr+m_size, t.m_size*sizeof(T), t.m_ptr, t.m_size*sizeof(T)); - return result; - } - - bool operator==(const SecBlock<T, A> &t) const - { - return m_size == t.m_size && VerifyBufsEqual(m_ptr, t.m_ptr, m_size*sizeof(T)); - } - - bool operator!=(const SecBlock<T, A> &t) const - { - return !operator==(t); - } - - //! change size, without preserving contents - void New(size_type newSize) - { - m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, false); - m_size = newSize; - } - - //! change size and set contents to 0 - void CleanNew(size_type newSize) - { - New(newSize); - memset_z(m_ptr, 0, m_size*sizeof(T)); - } - - //! change size only if newSize > current size. contents are preserved - void Grow(size_type newSize) - { - if (newSize > m_size) - { - m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true); - m_size = newSize; - } - } - - //! change size only if newSize > current size. contents are preserved and additional area is set to 0 - void CleanGrow(size_type newSize) - { - if (newSize > m_size) - { - m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true); - memset(m_ptr+m_size, 0, (newSize-m_size)*sizeof(T)); - m_size = newSize; - } - } - - //! change size and preserve contents - void resize(size_type newSize) - { - m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true); - m_size = newSize; - } - - //! swap contents and size with another SecBlock - void swap(SecBlock<T, A> &b) - { - std::swap(m_alloc, b.m_alloc); - std::swap(m_size, b.m_size); - std::swap(m_ptr, b.m_ptr); - } - -//private: - A m_alloc; - size_type m_size; - T *m_ptr; -}; - -typedef SecBlock<byte> SecByteBlock; -typedef SecBlock<byte, AllocatorWithCleanup<byte, true> > AlignedSecByteBlock; -typedef SecBlock<word> SecWordBlock; - -//! a SecBlock with fixed size, allocated statically -template <class T, unsigned int S, class A = FixedSizeAllocatorWithCleanup<T, S> > -class FixedSizeSecBlock : public SecBlock<T, A> -{ -public: - explicit FixedSizeSecBlock() : SecBlock<T, A>(S) {} -}; - -template <class T, unsigned int S, bool T_Align16 = true> -class FixedSizeAlignedSecBlock : public FixedSizeSecBlock<T, S, FixedSizeAllocatorWithCleanup<T, S, NullAllocator<T>, T_Align16> > -{ -}; - -//! a SecBlock that preallocates size S statically, and uses the heap when this size is exceeded -template <class T, unsigned int S, class A = FixedSizeAllocatorWithCleanup<T, S, AllocatorWithCleanup<T> > > -class SecBlockWithHint : public SecBlock<T, A> -{ -public: - explicit SecBlockWithHint(size_t size) : SecBlock<T, A>(size) {} -}; - -template<class T, bool A, class U, bool B> -inline bool operator==(const CryptoPP::AllocatorWithCleanup<T, A>&, const CryptoPP::AllocatorWithCleanup<U, B>&) {return (true);} -template<class T, bool A, class U, bool B> -inline bool operator!=(const CryptoPP::AllocatorWithCleanup<T, A>&, const CryptoPP::AllocatorWithCleanup<U, B>&) {return (false);} - -NAMESPACE_END - -NAMESPACE_BEGIN(std) -template <class T, class A> -inline void swap(CryptoPP::SecBlock<T, A> &a, CryptoPP::SecBlock<T, A> &b) -{ - a.swap(b); -} - -#if defined(_STLP_DONT_SUPPORT_REBIND_MEMBER_TEMPLATE) || (defined(_STLPORT_VERSION) && !defined(_STLP_MEMBER_TEMPLATE_CLASSES)) -// working for STLport 5.1.3 and MSVC 6 SP5 -template <class _Tp1, class _Tp2> -inline CryptoPP::AllocatorWithCleanup<_Tp2>& -__stl_alloc_rebind(CryptoPP::AllocatorWithCleanup<_Tp1>& __a, const _Tp2*) -{ - return (CryptoPP::AllocatorWithCleanup<_Tp2>&)(__a); -} -#endif - -NAMESPACE_END - -#endif diff --git a/cryptopp562/seckey.h b/cryptopp562/seckey.h deleted file mode 100644 index 35046a6..0000000 --- a/cryptopp562/seckey.h +++ /dev/null @@ -1,221 +0,0 @@ -// seckey.h - written and placed in the public domain by Wei Dai - -// This file contains helper classes/functions for implementing secret key algorithms. - -#ifndef CRYPTOPP_SECKEY_H -#define CRYPTOPP_SECKEY_H - -#include "cryptlib.h" -#include "misc.h" -#include "simple.h" - -NAMESPACE_BEGIN(CryptoPP) - -inline CipherDir ReverseCipherDir(CipherDir dir) -{ - return (dir == ENCRYPTION) ? DECRYPTION : ENCRYPTION; -} - -//! to be inherited by block ciphers with fixed block size -template <unsigned int N> -class FixedBlockSize -{ -public: - CRYPTOPP_CONSTANT(BLOCKSIZE = N) -}; - -// ************** rounds *************** - -//! to be inherited by ciphers with fixed number of rounds -template <unsigned int R> -class FixedRounds -{ -public: - CRYPTOPP_CONSTANT(ROUNDS = R) -}; - -//! to be inherited by ciphers with variable number of rounds -template <unsigned int D, unsigned int N=1, unsigned int M=INT_MAX> // use INT_MAX here because enums are treated as signed ints -class VariableRounds -{ -public: - CRYPTOPP_CONSTANT(DEFAULT_ROUNDS = D) - CRYPTOPP_CONSTANT(MIN_ROUNDS = N) - CRYPTOPP_CONSTANT(MAX_ROUNDS = M) - static unsigned int StaticGetDefaultRounds(size_t keylength) {return DEFAULT_ROUNDS;} - -protected: - inline void ThrowIfInvalidRounds(int rounds, const Algorithm *alg) - { - if (rounds < MIN_ROUNDS || rounds > MAX_ROUNDS) - throw InvalidRounds(alg->AlgorithmName(), rounds); - } - - inline unsigned int GetRoundsAndThrowIfInvalid(const NameValuePairs ¶m, const Algorithm *alg) - { - int rounds = param.GetIntValueWithDefault("Rounds", DEFAULT_ROUNDS); - ThrowIfInvalidRounds(rounds, alg); - return (unsigned int)rounds; - } -}; - -// ************** key length *************** - -//! to be inherited by keyed algorithms with fixed key length -template <unsigned int N, unsigned int IV_REQ = SimpleKeyingInterface::NOT_RESYNCHRONIZABLE, unsigned int IV_L = 0> -class FixedKeyLength -{ -public: - CRYPTOPP_CONSTANT(KEYLENGTH=N) - CRYPTOPP_CONSTANT(MIN_KEYLENGTH=N) - CRYPTOPP_CONSTANT(MAX_KEYLENGTH=N) - CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=N) - CRYPTOPP_CONSTANT(IV_REQUIREMENT = IV_REQ) - CRYPTOPP_CONSTANT(IV_LENGTH = IV_L) - static size_t CRYPTOPP_API StaticGetValidKeyLength(size_t) {return KEYLENGTH;} -}; - -/// support query of variable key length, template parameters are default, min, max, multiple (default multiple 1) -template <unsigned int D, unsigned int N, unsigned int M, unsigned int Q = 1, unsigned int IV_REQ = SimpleKeyingInterface::NOT_RESYNCHRONIZABLE, unsigned int IV_L = 0> -class VariableKeyLength -{ - // make these private to avoid Doxygen documenting them in all derived classes - CRYPTOPP_COMPILE_ASSERT(Q > 0); - CRYPTOPP_COMPILE_ASSERT(N % Q == 0); - CRYPTOPP_COMPILE_ASSERT(M % Q == 0); - CRYPTOPP_COMPILE_ASSERT(N < M); - CRYPTOPP_COMPILE_ASSERT(D >= N); - CRYPTOPP_COMPILE_ASSERT(M >= D); - -public: - CRYPTOPP_CONSTANT(MIN_KEYLENGTH=N) - CRYPTOPP_CONSTANT(MAX_KEYLENGTH=M) - CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=D) - CRYPTOPP_CONSTANT(KEYLENGTH_MULTIPLE=Q) - CRYPTOPP_CONSTANT(IV_REQUIREMENT=IV_REQ) - CRYPTOPP_CONSTANT(IV_LENGTH=IV_L) - - static size_t CRYPTOPP_API StaticGetValidKeyLength(size_t n) - { - if (n < (size_t)MIN_KEYLENGTH) - return MIN_KEYLENGTH; - else if (n > (size_t)MAX_KEYLENGTH) - return (size_t)MAX_KEYLENGTH; - else - { - n += KEYLENGTH_MULTIPLE-1; - return n - n%KEYLENGTH_MULTIPLE; - } - } -}; - -/// support query of key length that's the same as another class -template <class T, unsigned int IV_REQ = SimpleKeyingInterface::NOT_RESYNCHRONIZABLE, unsigned int IV_L = 0> -class SameKeyLengthAs -{ -public: - CRYPTOPP_CONSTANT(MIN_KEYLENGTH=T::MIN_KEYLENGTH) - CRYPTOPP_CONSTANT(MAX_KEYLENGTH=T::MAX_KEYLENGTH) - CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=T::DEFAULT_KEYLENGTH) - CRYPTOPP_CONSTANT(IV_REQUIREMENT=IV_REQ) - CRYPTOPP_CONSTANT(IV_LENGTH=IV_L) - - static size_t CRYPTOPP_API StaticGetValidKeyLength(size_t keylength) - {return T::StaticGetValidKeyLength(keylength);} -}; - -// ************** implementation helper for SimpleKeyed *************** - -//! _ -template <class BASE, class INFO = BASE> -class CRYPTOPP_NO_VTABLE SimpleKeyingInterfaceImpl : public BASE -{ -public: - size_t MinKeyLength() const {return INFO::MIN_KEYLENGTH;} - size_t MaxKeyLength() const {return (size_t)INFO::MAX_KEYLENGTH;} - size_t DefaultKeyLength() const {return INFO::DEFAULT_KEYLENGTH;} - size_t GetValidKeyLength(size_t n) const {return INFO::StaticGetValidKeyLength(n);} - SimpleKeyingInterface::IV_Requirement IVRequirement() const {return (SimpleKeyingInterface::IV_Requirement)INFO::IV_REQUIREMENT;} - unsigned int IVSize() const {return INFO::IV_LENGTH;} -}; - -template <class INFO, class BASE = BlockCipher> -class CRYPTOPP_NO_VTABLE BlockCipherImpl : public AlgorithmImpl<SimpleKeyingInterfaceImpl<TwoBases<BASE, INFO> > > -{ -public: - unsigned int BlockSize() const {return this->BLOCKSIZE;} -}; - -//! _ -template <CipherDir DIR, class BASE> -class BlockCipherFinal : public ClonableImpl<BlockCipherFinal<DIR, BASE>, BASE> -{ -public: - BlockCipherFinal() {} - BlockCipherFinal(const byte *key) - {this->SetKey(key, this->DEFAULT_KEYLENGTH);} - BlockCipherFinal(const byte *key, size_t length) - {this->SetKey(key, length);} - BlockCipherFinal(const byte *key, size_t length, unsigned int rounds) - {this->SetKeyWithRounds(key, length, rounds);} - - bool IsForwardTransformation() const {return DIR == ENCRYPTION;} -}; - -//! _ -template <class BASE, class INFO = BASE> -class MessageAuthenticationCodeImpl : public AlgorithmImpl<SimpleKeyingInterfaceImpl<BASE, INFO>, INFO> -{ -}; - -//! _ -template <class BASE> -class MessageAuthenticationCodeFinal : public ClonableImpl<MessageAuthenticationCodeFinal<BASE>, MessageAuthenticationCodeImpl<BASE> > -{ -public: - MessageAuthenticationCodeFinal() {} - MessageAuthenticationCodeFinal(const byte *key) - {this->SetKey(key, this->DEFAULT_KEYLENGTH);} - MessageAuthenticationCodeFinal(const byte *key, size_t length) - {this->SetKey(key, length);} -}; - -// ************** documentation *************** - -//! These objects usually should not be used directly. See CipherModeDocumentation instead. -/*! Each class derived from this one defines two types, Encryption and Decryption, - both of which implement the BlockCipher interface. */ -struct BlockCipherDocumentation -{ - //! implements the BlockCipher interface - typedef BlockCipher Encryption; - //! implements the BlockCipher interface - typedef BlockCipher Decryption; -}; - -/*! \brief Each class derived from this one defines two types, Encryption and Decryption, - both of which implement the SymmetricCipher interface. Two types of classes derive - from this class: stream ciphers and block cipher modes. Stream ciphers can be used - alone, cipher mode classes need to be used with a block cipher. See CipherModeDocumentation - for more for information about using cipher modes and block ciphers. */ -struct SymmetricCipherDocumentation -{ - //! implements the SymmetricCipher interface - typedef SymmetricCipher Encryption; - //! implements the SymmetricCipher interface - typedef SymmetricCipher Decryption; -}; - -/*! \brief Each class derived from this one defines two types, Encryption and Decryption, - both of which implement the AuthenticatedSymmetricCipher interface. */ -struct AuthenticatedSymmetricCipherDocumentation -{ - //! implements the AuthenticatedSymmetricCipher interface - typedef AuthenticatedSymmetricCipher Encryption; - //! implements the AuthenticatedSymmetricCipher interface - typedef AuthenticatedSymmetricCipher Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/seed.cpp b/cryptopp562/seed.cpp deleted file mode 100644 index 6c739b4..0000000 --- a/cryptopp562/seed.cpp +++ /dev/null @@ -1,104 +0,0 @@ -// seed.cpp - written and placed in the public domain by Wei Dai
-
-#include "pch.h"
-#include "seed.h"
-#include "misc.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-static const word32 s_kc[16] = {
- 0x9e3779b9, 0x3c6ef373, 0x78dde6e6, 0xf1bbcdcc, 0xe3779b99, 0xc6ef3733, 0x8dde6e67, 0x1bbcdccf,
- 0x3779b99e, 0x6ef3733c, 0xdde6e678, 0xbbcdccf1, 0x779b99e3, 0xef3733c6, 0xde6e678d, 0xbcdccf1b};
-
-static const byte s_s0[256] = {
- 0xA9, 0x85, 0xD6, 0xD3, 0x54, 0x1D, 0xAC, 0x25, 0x5D, 0x43, 0x18, 0x1E, 0x51, 0xFC, 0xCA, 0x63, 0x28,
- 0x44, 0x20, 0x9D, 0xE0, 0xE2, 0xC8, 0x17, 0xA5, 0x8F, 0x03, 0x7B, 0xBB, 0x13, 0xD2, 0xEE, 0x70, 0x8C,
- 0x3F, 0xA8, 0x32, 0xDD, 0xF6, 0x74, 0xEC, 0x95, 0x0B, 0x57, 0x5C, 0x5B, 0xBD, 0x01, 0x24, 0x1C, 0x73,
- 0x98, 0x10, 0xCC, 0xF2, 0xD9, 0x2C, 0xE7, 0x72, 0x83, 0x9B, 0xD1, 0x86, 0xC9, 0x60, 0x50, 0xA3, 0xEB,
- 0x0D, 0xB6, 0x9E, 0x4F, 0xB7, 0x5A, 0xC6, 0x78, 0xA6, 0x12, 0xAF, 0xD5, 0x61, 0xC3, 0xB4, 0x41, 0x52,
- 0x7D, 0x8D, 0x08, 0x1F, 0x99, 0x00, 0x19, 0x04, 0x53, 0xF7, 0xE1, 0xFD, 0x76, 0x2F, 0x27, 0xB0, 0x8B,
- 0x0E, 0xAB, 0xA2, 0x6E, 0x93, 0x4D, 0x69, 0x7C, 0x09, 0x0A, 0xBF, 0xEF, 0xF3, 0xC5, 0x87, 0x14, 0xFE,
- 0x64, 0xDE, 0x2E, 0x4B, 0x1A, 0x06, 0x21, 0x6B, 0x66, 0x02, 0xF5, 0x92, 0x8A, 0x0C, 0xB3, 0x7E, 0xD0,
- 0x7A, 0x47, 0x96, 0xE5, 0x26, 0x80, 0xAD, 0xDF, 0xA1, 0x30, 0x37, 0xAE, 0x36, 0x15, 0x22, 0x38, 0xF4,
- 0xA7, 0x45, 0x4C, 0x81, 0xE9, 0x84, 0x97, 0x35, 0xCB, 0xCE, 0x3C, 0x71, 0x11, 0xC7, 0x89, 0x75, 0xFB,
- 0xDA, 0xF8, 0x94, 0x59, 0x82, 0xC4, 0xFF, 0x49, 0x39, 0x67, 0xC0, 0xCF, 0xD7, 0xB8, 0x0F, 0x8E, 0x42,
- 0x23, 0x91, 0x6C, 0xDB, 0xA4, 0x34, 0xF1, 0x48, 0xC2, 0x6F, 0x3D, 0x2D, 0x40, 0xBE, 0x3E, 0xBC, 0xC1,
- 0xAA, 0xBA, 0x4E, 0x55, 0x3B, 0xDC, 0x68, 0x7F, 0x9C, 0xD8, 0x4A, 0x56, 0x77, 0xA0, 0xED, 0x46, 0xB5,
- 0x2B, 0x65, 0xFA, 0xE3, 0xB9, 0xB1, 0x9F, 0x5E, 0xF9, 0xE6, 0xB2, 0x31, 0xEA, 0x6D, 0x5F, 0xE4, 0xF0,
- 0xCD, 0x88, 0x16, 0x3A, 0x58, 0xD4, 0x62, 0x29, 0x07, 0x33, 0xE8, 0x1B, 0x05, 0x79, 0x90, 0x6A, 0x2A,
- 0x9A};
-
-static const byte s_s1[256] = {
- 0x38, 0xE8, 0x2D, 0xA6, 0xCF, 0xDE, 0xB3, 0xB8, 0xAF, 0x60, 0x55, 0xC7, 0x44, 0x6F, 0x6B, 0x5B, 0xC3,
- 0x62, 0x33, 0xB5, 0x29, 0xA0, 0xE2, 0xA7, 0xD3, 0x91, 0x11, 0x06, 0x1C, 0xBC, 0x36, 0x4B, 0xEF, 0x88,
- 0x6C, 0xA8, 0x17, 0xC4, 0x16, 0xF4, 0xC2, 0x45, 0xE1, 0xD6, 0x3F, 0x3D, 0x8E, 0x98, 0x28, 0x4E, 0xF6,
- 0x3E, 0xA5, 0xF9, 0x0D, 0xDF, 0xD8, 0x2B, 0x66, 0x7A, 0x27, 0x2F, 0xF1, 0x72, 0x42, 0xD4, 0x41, 0xC0,
- 0x73, 0x67, 0xAC, 0x8B, 0xF7, 0xAD, 0x80, 0x1F, 0xCA, 0x2C, 0xAA, 0x34, 0xD2, 0x0B, 0xEE, 0xE9, 0x5D,
- 0x94, 0x18, 0xF8, 0x57, 0xAE, 0x08, 0xC5, 0x13, 0xCD, 0x86, 0xB9, 0xFF, 0x7D, 0xC1, 0x31, 0xF5, 0x8A,
- 0x6A, 0xB1, 0xD1, 0x20, 0xD7, 0x02, 0x22, 0x04, 0x68, 0x71, 0x07, 0xDB, 0x9D, 0x99, 0x61, 0xBE, 0xE6,
- 0x59, 0xDD, 0x51, 0x90, 0xDC, 0x9A, 0xA3, 0xAB, 0xD0, 0x81, 0x0F, 0x47, 0x1A, 0xE3, 0xEC, 0x8D, 0xBF,
- 0x96, 0x7B, 0x5C, 0xA2, 0xA1, 0x63, 0x23, 0x4D, 0xC8, 0x9E, 0x9C, 0x3A, 0x0C, 0x2E, 0xBA, 0x6E, 0x9F,
- 0x5A, 0xF2, 0x92, 0xF3, 0x49, 0x78, 0xCC, 0x15, 0xFB, 0x70, 0x75, 0x7F, 0x35, 0x10, 0x03, 0x64, 0x6D,
- 0xC6, 0x74, 0xD5, 0xB4, 0xEA, 0x09, 0x76, 0x19, 0xFE, 0x40, 0x12, 0xE0, 0xBD, 0x05, 0xFA, 0x01, 0xF0,
- 0x2A, 0x5E, 0xA9, 0x56, 0x43, 0x85, 0x14, 0x89, 0x9B, 0xB0, 0xE5, 0x48, 0x79, 0x97, 0xFC, 0x1E, 0x82,
- 0x21, 0x8C, 0x1B, 0x5F, 0x77, 0x54, 0xB2, 0x1D, 0x25, 0x4F, 0x00, 0x46, 0xED, 0x58, 0x52, 0xEB, 0x7E,
- 0xDA, 0xC9, 0xFD, 0x30, 0x95, 0x65, 0x3C, 0xB6, 0xE4, 0xBB, 0x7C, 0x0E, 0x50, 0x39, 0x26, 0x32, 0x84,
- 0x69, 0x93, 0x37, 0xE7, 0x24, 0xA4, 0xCB, 0x53, 0x0A, 0x87, 0xD9, 0x4C, 0x83, 0x8F, 0xCE, 0x3B, 0x4A,
- 0xB7};
-
-#define SS0(x) ((s_s0[x]*0x01010101UL) & 0x3FCFF3FC)
-#define SS1(x) ((s_s1[x]*0x01010101UL) & 0xFC3FCFF3)
-#define SS2(x) ((s_s0[x]*0x01010101UL) & 0xF3FC3FCF)
-#define SS3(x) ((s_s1[x]*0x01010101UL) & 0xCFF3FC3F)
-#define G(x) (SS0(GETBYTE(x, 0)) ^ SS1(GETBYTE(x, 1)) ^ SS2(GETBYTE(x, 2)) ^ SS3(GETBYTE(x, 3)))
-
-void SEED::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms)
-{
- AssertValidKeyLength(length);
-
- word64 key01, key23;
- GetBlock<word64, BigEndian> get(userKey);
- get(key01)(key23);
- word32 *k = m_k;
- size_t kInc = 2;
- if (!IsForwardTransformation())
- {
- k = k+30;
- kInc = 0-kInc;
- }
-
- for (int i=0; i<ROUNDS; i++)
- {
- word32 t0 = word32(key01>>32) + word32(key23>>32) - s_kc[i];
- word32 t1 = word32(key01) - word32(key23) + s_kc[i];
- k[0] = G(t0);
- k[1] = G(t1);
- k+=kInc;
- if (i&1)
- key23 = rotlFixed<word64>(key23, 8);
- else
- key01 = rotrFixed<word64>(key01, 8);
- }
-}
-
-void SEED::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
-{
- typedef BlockGetAndPut<word32, BigEndian> Block;
- word32 a0, a1, b0, b1, t0, t1;
- Block::Get(inBlock)(a0)(a1)(b0)(b1);
-
- for (int i=0; i<ROUNDS; i+=2)
- {
- t0 = b0 ^ m_k[2*i+0]; t1 = b1 ^ m_k[2*i+1] ^ t0;
- t1 = G(t1); t0 += t1; t0 = G(t0); t1 += t0; t1 = G(t1);
- a0 ^= t0 + t1; a1 ^= t1;
-
- t0 = a0 ^ m_k[2*i+2]; t1 = a1 ^ m_k[2*i+3] ^ t0;
- t1 = G(t1); t0 += t1; t0 = G(t0); t1 += t0; t1 = G(t1);
- b0 ^= t0 + t1; b1 ^= t1;
- }
-
- Block::Put(xorBlock, outBlock)(b0)(b1)(a0)(a1);
-}
-
-NAMESPACE_END
diff --git a/cryptopp562/seed.h b/cryptopp562/seed.h deleted file mode 100644 index 871284d..0000000 --- a/cryptopp562/seed.h +++ /dev/null @@ -1,38 +0,0 @@ -#ifndef CRYPTOPP_SEED_H -#define CRYPTOPP_SEED_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct SEED_Info : public FixedBlockSize<16>, public FixedKeyLength<16>, public FixedRounds<16> -{ - static const char *StaticAlgorithmName() {return "SEED";} -}; - -/// <a href="http://www.cryptolounge.org/wiki/SEED">SEED</a> -class SEED : public SEED_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<SEED_Info> - { - public: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - protected: - FixedSizeSecBlock<word32, 32> m_k; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Base> Encryption; - typedef BlockCipherFinal<DECRYPTION, Base> Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/serpent.cpp b/cryptopp562/serpent.cpp deleted file mode 100644 index 40fab23..0000000 --- a/cryptopp562/serpent.cpp +++ /dev/null @@ -1,123 +0,0 @@ -// serpent.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "serpent.h" -#include "misc.h" - -#include "serpentp.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Serpent_KeySchedule(word32 *k, unsigned int rounds, const byte *userKey, size_t keylen) -{ - FixedSizeSecBlock<word32, 8> k0; - GetUserKey(LITTLE_ENDIAN_ORDER, k0.begin(), 8, userKey, keylen); - if (keylen < 32) - k0[keylen/4] |= word32(1) << ((keylen%4)*8); - - word32 t = k0[7]; - unsigned int i; - for (i = 0; i < 8; ++i) - k[i] = k0[i] = t = rotlFixed(k0[i] ^ k0[(i+3)%8] ^ k0[(i+5)%8] ^ t ^ 0x9e3779b9 ^ i, 11); - for (i = 8; i < 4*(rounds+1); ++i) - k[i] = t = rotlFixed(k[i-8] ^ k[i-5] ^ k[i-3] ^ t ^ 0x9e3779b9 ^ i, 11); - k -= 20; - - word32 a,b,c,d,e; - for (i=0; i<rounds/8; i++) - { - afterS2(LK); afterS2(S3); afterS3(SK); - afterS1(LK); afterS1(S2); afterS2(SK); - afterS0(LK); afterS0(S1); afterS1(SK); - beforeS0(LK); beforeS0(S0); afterS0(SK); - k += 8*4; - afterS6(LK); afterS6(S7); afterS7(SK); - afterS5(LK); afterS5(S6); afterS6(SK); - afterS4(LK); afterS4(S5); afterS5(SK); - afterS3(LK); afterS3(S4); afterS4(SK); - } - afterS2(LK); afterS2(S3); afterS3(SK); -} - -void Serpent::Base::UncheckedSetKey(const byte *userKey, unsigned int keylen, const NameValuePairs &) -{ - AssertValidKeyLength(keylen); - Serpent_KeySchedule(m_key, 32, userKey, keylen); -} - -typedef BlockGetAndPut<word32, LittleEndian> Block; - -void Serpent::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 a, b, c, d, e; - - Block::Get(inBlock)(a)(b)(c)(d); - - const word32 *k = m_key; - unsigned int i=1; - - do - { - beforeS0(KX); beforeS0(S0); afterS0(LT); - afterS0(KX); afterS0(S1); afterS1(LT); - afterS1(KX); afterS1(S2); afterS2(LT); - afterS2(KX); afterS2(S3); afterS3(LT); - afterS3(KX); afterS3(S4); afterS4(LT); - afterS4(KX); afterS4(S5); afterS5(LT); - afterS5(KX); afterS5(S6); afterS6(LT); - afterS6(KX); afterS6(S7); - - if (i == 4) - break; - - ++i; - c = b; - b = e; - e = d; - d = a; - a = e; - k += 32; - beforeS0(LT); - } - while (true); - - afterS7(KX); - - Block::Put(xorBlock, outBlock)(d)(e)(b)(a); -} - -void Serpent::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 a, b, c, d, e; - - Block::Get(inBlock)(a)(b)(c)(d); - - const word32 *k = m_key + 96; - unsigned int i=4; - - beforeI7(KX); - goto start; - - do - { - c = b; - b = d; - d = e; - k -= 32; - beforeI7(ILT); -start: - beforeI7(I7); afterI7(KX); - afterI7(ILT); afterI7(I6); afterI6(KX); - afterI6(ILT); afterI6(I5); afterI5(KX); - afterI5(ILT); afterI5(I4); afterI4(KX); - afterI4(ILT); afterI4(I3); afterI3(KX); - afterI3(ILT); afterI3(I2); afterI2(KX); - afterI2(ILT); afterI2(I1); afterI1(KX); - afterI1(ILT); afterI1(I0); afterI0(KX); - } - while (--i != 0); - - Block::Put(xorBlock, outBlock)(a)(d)(b)(e); -} - -NAMESPACE_END diff --git a/cryptopp562/serpent.h b/cryptopp562/serpent.h deleted file mode 100644 index f7ee8d6..0000000 --- a/cryptopp562/serpent.h +++ /dev/null @@ -1,52 +0,0 @@ -#ifndef CRYPTOPP_SERPENT_H -#define CRYPTOPP_SERPENT_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Serpent_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 0, 32>, public FixedRounds<32> -{ - static const char *StaticAlgorithmName() {return "Serpent";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#Serpent">Serpent</a> -class Serpent : public Serpent_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<Serpent_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - FixedSizeSecBlock<word32, 33*4> m_key; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef Serpent::Encryption SerpentEncryption; -typedef Serpent::Decryption SerpentDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/serpentp.h b/cryptopp562/serpentp.h deleted file mode 100644 index 7869a3f..0000000 --- a/cryptopp562/serpentp.h +++ /dev/null @@ -1,434 +0,0 @@ -// private header for Serpent and Sosemanuk - -NAMESPACE_BEGIN(CryptoPP) - -// linear transformation -#define LT(i,a,b,c,d,e) {\ - a = rotlFixed(a, 13); \ - c = rotlFixed(c, 3); \ - d = rotlFixed(d ^ c ^ (a << 3), 7); \ - b = rotlFixed(b ^ a ^ c, 1); \ - a = rotlFixed(a ^ b ^ d, 5); \ - c = rotlFixed(c ^ d ^ (b << 7), 22);} - -// inverse linear transformation -#define ILT(i,a,b,c,d,e) {\ - c = rotrFixed(c, 22); \ - a = rotrFixed(a, 5); \ - c ^= d ^ (b << 7); \ - a ^= b ^ d; \ - b = rotrFixed(b, 1); \ - d = rotrFixed(d, 7) ^ c ^ (a << 3); \ - b ^= a ^ c; \ - c = rotrFixed(c, 3); \ - a = rotrFixed(a, 13);} - -// order of output from S-box functions -#define beforeS0(f) f(0,a,b,c,d,e) -#define afterS0(f) f(1,b,e,c,a,d) -#define afterS1(f) f(2,c,b,a,e,d) -#define afterS2(f) f(3,a,e,b,d,c) -#define afterS3(f) f(4,e,b,d,c,a) -#define afterS4(f) f(5,b,a,e,c,d) -#define afterS5(f) f(6,a,c,b,e,d) -#define afterS6(f) f(7,a,c,d,b,e) -#define afterS7(f) f(8,d,e,b,a,c) - -// order of output from inverse S-box functions -#define beforeI7(f) f(8,a,b,c,d,e) -#define afterI7(f) f(7,d,a,b,e,c) -#define afterI6(f) f(6,a,b,c,e,d) -#define afterI5(f) f(5,b,d,e,c,a) -#define afterI4(f) f(4,b,c,e,a,d) -#define afterI3(f) f(3,a,b,e,c,d) -#define afterI2(f) f(2,b,d,e,c,a) -#define afterI1(f) f(1,a,b,c,e,d) -#define afterI0(f) f(0,a,d,b,e,c) - -// The instruction sequences for the S-box functions -// come from Dag Arne Osvik's paper "Speeding up Serpent". - -#define S0(i, r0, r1, r2, r3, r4) \ - { \ - r3 ^= r0; \ - r4 = r1; \ - r1 &= r3; \ - r4 ^= r2; \ - r1 ^= r0; \ - r0 |= r3; \ - r0 ^= r4; \ - r4 ^= r3; \ - r3 ^= r2; \ - r2 |= r1; \ - r2 ^= r4; \ - r4 = ~r4; \ - r4 |= r1; \ - r1 ^= r3; \ - r1 ^= r4; \ - r3 |= r0; \ - r1 ^= r3; \ - r4 ^= r3; \ - } - -#define I0(i, r0, r1, r2, r3, r4) \ - { \ - r2 = ~r2; \ - r4 = r1; \ - r1 |= r0; \ - r4 = ~r4; \ - r1 ^= r2; \ - r2 |= r4; \ - r1 ^= r3; \ - r0 ^= r4; \ - r2 ^= r0; \ - r0 &= r3; \ - r4 ^= r0; \ - r0 |= r1; \ - r0 ^= r2; \ - r3 ^= r4; \ - r2 ^= r1; \ - r3 ^= r0; \ - r3 ^= r1; \ - r2 &= r3; \ - r4 ^= r2; \ - } - -#define S1(i, r0, r1, r2, r3, r4) \ - { \ - r0 = ~r0; \ - r2 = ~r2; \ - r4 = r0; \ - r0 &= r1; \ - r2 ^= r0; \ - r0 |= r3; \ - r3 ^= r2; \ - r1 ^= r0; \ - r0 ^= r4; \ - r4 |= r1; \ - r1 ^= r3; \ - r2 |= r0; \ - r2 &= r4; \ - r0 ^= r1; \ - r1 &= r2; \ - r1 ^= r0; \ - r0 &= r2; \ - r0 ^= r4; \ - } - -#define I1(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r1; \ - r1 ^= r3; \ - r3 &= r1; \ - r4 ^= r2; \ - r3 ^= r0; \ - r0 |= r1; \ - r2 ^= r3; \ - r0 ^= r4; \ - r0 |= r2; \ - r1 ^= r3; \ - r0 ^= r1; \ - r1 |= r3; \ - r1 ^= r0; \ - r4 = ~r4; \ - r4 ^= r1; \ - r1 |= r0; \ - r1 ^= r0; \ - r1 |= r4; \ - r3 ^= r1; \ - } - -#define S2(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r0; \ - r0 &= r2; \ - r0 ^= r3; \ - r2 ^= r1; \ - r2 ^= r0; \ - r3 |= r4; \ - r3 ^= r1; \ - r4 ^= r2; \ - r1 = r3; \ - r3 |= r4; \ - r3 ^= r0; \ - r0 &= r1; \ - r4 ^= r0; \ - r1 ^= r3; \ - r1 ^= r4; \ - r4 = ~r4; \ - } - -#define I2(i, r0, r1, r2, r3, r4) \ - { \ - r2 ^= r3; \ - r3 ^= r0; \ - r4 = r3; \ - r3 &= r2; \ - r3 ^= r1; \ - r1 |= r2; \ - r1 ^= r4; \ - r4 &= r3; \ - r2 ^= r3; \ - r4 &= r0; \ - r4 ^= r2; \ - r2 &= r1; \ - r2 |= r0; \ - r3 = ~r3; \ - r2 ^= r3; \ - r0 ^= r3; \ - r0 &= r1; \ - r3 ^= r4; \ - r3 ^= r0; \ - } - -#define S3(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r0; \ - r0 |= r3; \ - r3 ^= r1; \ - r1 &= r4; \ - r4 ^= r2; \ - r2 ^= r3; \ - r3 &= r0; \ - r4 |= r1; \ - r3 ^= r4; \ - r0 ^= r1; \ - r4 &= r0; \ - r1 ^= r3; \ - r4 ^= r2; \ - r1 |= r0; \ - r1 ^= r2; \ - r0 ^= r3; \ - r2 = r1; \ - r1 |= r3; \ - r1 ^= r0; \ - } - -#define I3(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r2; \ - r2 ^= r1; \ - r1 &= r2; \ - r1 ^= r0; \ - r0 &= r4; \ - r4 ^= r3; \ - r3 |= r1; \ - r3 ^= r2; \ - r0 ^= r4; \ - r2 ^= r0; \ - r0 |= r3; \ - r0 ^= r1; \ - r4 ^= r2; \ - r2 &= r3; \ - r1 |= r3; \ - r1 ^= r2; \ - r4 ^= r0; \ - r2 ^= r4; \ - } - -#define S4(i, r0, r1, r2, r3, r4) \ - { \ - r1 ^= r3; \ - r3 = ~r3; \ - r2 ^= r3; \ - r3 ^= r0; \ - r4 = r1; \ - r1 &= r3; \ - r1 ^= r2; \ - r4 ^= r3; \ - r0 ^= r4; \ - r2 &= r4; \ - r2 ^= r0; \ - r0 &= r1; \ - r3 ^= r0; \ - r4 |= r1; \ - r4 ^= r0; \ - r0 |= r3; \ - r0 ^= r2; \ - r2 &= r3; \ - r0 = ~r0; \ - r4 ^= r2; \ - } - -#define I4(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r2; \ - r2 &= r3; \ - r2 ^= r1; \ - r1 |= r3; \ - r1 &= r0; \ - r4 ^= r2; \ - r4 ^= r1; \ - r1 &= r2; \ - r0 = ~r0; \ - r3 ^= r4; \ - r1 ^= r3; \ - r3 &= r0; \ - r3 ^= r2; \ - r0 ^= r1; \ - r2 &= r0; \ - r3 ^= r0; \ - r2 ^= r4; \ - r2 |= r3; \ - r3 ^= r0; \ - r2 ^= r1; \ - } - -#define S5(i, r0, r1, r2, r3, r4) \ - { \ - r0 ^= r1; \ - r1 ^= r3; \ - r3 = ~r3; \ - r4 = r1; \ - r1 &= r0; \ - r2 ^= r3; \ - r1 ^= r2; \ - r2 |= r4; \ - r4 ^= r3; \ - r3 &= r1; \ - r3 ^= r0; \ - r4 ^= r1; \ - r4 ^= r2; \ - r2 ^= r0; \ - r0 &= r3; \ - r2 = ~r2; \ - r0 ^= r4; \ - r4 |= r3; \ - r2 ^= r4; \ - } - -#define I5(i, r0, r1, r2, r3, r4) \ - { \ - r1 = ~r1; \ - r4 = r3; \ - r2 ^= r1; \ - r3 |= r0; \ - r3 ^= r2; \ - r2 |= r1; \ - r2 &= r0; \ - r4 ^= r3; \ - r2 ^= r4; \ - r4 |= r0; \ - r4 ^= r1; \ - r1 &= r2; \ - r1 ^= r3; \ - r4 ^= r2; \ - r3 &= r4; \ - r4 ^= r1; \ - r3 ^= r0; \ - r3 ^= r4; \ - r4 = ~r4; \ - } - -#define S6(i, r0, r1, r2, r3, r4) \ - { \ - r2 = ~r2; \ - r4 = r3; \ - r3 &= r0; \ - r0 ^= r4; \ - r3 ^= r2; \ - r2 |= r4; \ - r1 ^= r3; \ - r2 ^= r0; \ - r0 |= r1; \ - r2 ^= r1; \ - r4 ^= r0; \ - r0 |= r3; \ - r0 ^= r2; \ - r4 ^= r3; \ - r4 ^= r0; \ - r3 = ~r3; \ - r2 &= r4; \ - r2 ^= r3; \ - } - -#define I6(i, r0, r1, r2, r3, r4) \ - { \ - r0 ^= r2; \ - r4 = r2; \ - r2 &= r0; \ - r4 ^= r3; \ - r2 = ~r2; \ - r3 ^= r1; \ - r2 ^= r3; \ - r4 |= r0; \ - r0 ^= r2; \ - r3 ^= r4; \ - r4 ^= r1; \ - r1 &= r3; \ - r1 ^= r0; \ - r0 ^= r3; \ - r0 |= r2; \ - r3 ^= r1; \ - r4 ^= r0; \ - } - -#define S7(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r2; \ - r2 &= r1; \ - r2 ^= r3; \ - r3 &= r1; \ - r4 ^= r2; \ - r2 ^= r1; \ - r1 ^= r0; \ - r0 |= r4; \ - r0 ^= r2; \ - r3 ^= r1; \ - r2 ^= r3; \ - r3 &= r0; \ - r3 ^= r4; \ - r4 ^= r2; \ - r2 &= r0; \ - r4 = ~r4; \ - r2 ^= r4; \ - r4 &= r0; \ - r1 ^= r3; \ - r4 ^= r1; \ - } - -#define I7(i, r0, r1, r2, r3, r4) \ - { \ - r4 = r2; \ - r2 ^= r0; \ - r0 &= r3; \ - r2 = ~r2; \ - r4 |= r3; \ - r3 ^= r1; \ - r1 |= r0; \ - r0 ^= r2; \ - r2 &= r4; \ - r1 ^= r2; \ - r2 ^= r0; \ - r0 |= r2; \ - r3 &= r4; \ - r0 ^= r3; \ - r4 ^= r1; \ - r3 ^= r4; \ - r4 |= r0; \ - r3 ^= r2; \ - r4 ^= r2; \ - } - -// key xor -#define KX(r, a, b, c, d, e) {\ - a ^= k[4 * r + 0]; \ - b ^= k[4 * r + 1]; \ - c ^= k[4 * r + 2]; \ - d ^= k[4 * r + 3];} - -#define LK(r, a, b, c, d, e) {\ - a = k[(8-r)*4 + 0]; \ - b = k[(8-r)*4 + 1]; \ - c = k[(8-r)*4 + 2]; \ - d = k[(8-r)*4 + 3];} - -#define SK(r, a, b, c, d, e) {\ - k[(8-r)*4 + 4] = a; \ - k[(8-r)*4 + 5] = b; \ - k[(8-r)*4 + 6] = c; \ - k[(8-r)*4 + 7] = d;} - -void Serpent_KeySchedule(word32 *k, unsigned int rounds, const byte *userKey, size_t keylen); - -NAMESPACE_END diff --git a/cryptopp562/sha.cpp b/cryptopp562/sha.cpp deleted file mode 100644 index df947ad..0000000 --- a/cryptopp562/sha.cpp +++ /dev/null @@ -1,900 +0,0 @@ -// sha.cpp - modified by Wei Dai from Steve Reid's public domain sha1.c - -// Steve Reid implemented SHA-1. Wei Dai implemented SHA-2. -// Both are in the public domain. - -// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM sha.cpp" to generate MASM code - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#include "sha.h" -#include "misc.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -// start of Steve Reid's code - -#define blk0(i) (W[i] = data[i]) -#define blk1(i) (W[i&15] = rotlFixed(W[(i+13)&15]^W[(i+8)&15]^W[(i+2)&15]^W[i&15],1)) - -void SHA1::InitState(HashWordType *state) -{ - state[0] = 0x67452301L; - state[1] = 0xEFCDAB89L; - state[2] = 0x98BADCFEL; - state[3] = 0x10325476L; - state[4] = 0xC3D2E1F0L; -} - -#define f1(x,y,z) (z^(x&(y^z))) -#define f2(x,y,z) (x^y^z) -#define f3(x,y,z) ((x&y)|(z&(x|y))) -#define f4(x,y,z) (x^y^z) - -/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ -#define R0(v,w,x,y,z,i) z+=f1(w,x,y)+blk0(i)+0x5A827999+rotlFixed(v,5);w=rotlFixed(w,30); -#define R1(v,w,x,y,z,i) z+=f1(w,x,y)+blk1(i)+0x5A827999+rotlFixed(v,5);w=rotlFixed(w,30); -#define R2(v,w,x,y,z,i) z+=f2(w,x,y)+blk1(i)+0x6ED9EBA1+rotlFixed(v,5);w=rotlFixed(w,30); -#define R3(v,w,x,y,z,i) z+=f3(w,x,y)+blk1(i)+0x8F1BBCDC+rotlFixed(v,5);w=rotlFixed(w,30); -#define R4(v,w,x,y,z,i) z+=f4(w,x,y)+blk1(i)+0xCA62C1D6+rotlFixed(v,5);w=rotlFixed(w,30); - -void SHA1::Transform(word32 *state, const word32 *data) -{ - word32 W[16]; - /* Copy context->state[] to working vars */ - word32 a = state[0]; - word32 b = state[1]; - word32 c = state[2]; - word32 d = state[3]; - word32 e = state[4]; - /* 4 rounds of 20 operations each. Loop unrolled. */ - R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); - R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); - R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); - R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); - R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); - R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); - R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); - R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); - R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); - R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); - R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); - R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); - R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); - R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); - R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); - R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); - /* Add the working vars back into context.state[] */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; -} - -// end of Steve Reid's code - -// ************************************************************* - -void SHA224::InitState(HashWordType *state) -{ - static const word32 s[8] = {0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4}; - memcpy(state, s, sizeof(s)); -} - -void SHA256::InitState(HashWordType *state) -{ - static const word32 s[8] = {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; - memcpy(state, s, sizeof(s)); -} - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -CRYPTOPP_ALIGN_DATA(16) extern const word32 SHA256_K[64] CRYPTOPP_SECTION_ALIGN16 = { -#else -extern const word32 SHA256_K[64] = { -#endif - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -}; - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM - -#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_GENERATE_X64_MASM) - -#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code - -static void CRYPTOPP_FASTCALL X86_SHA256_HashBlocks(word32 *state, const word32 *data, size_t len -#if defined(_MSC_VER) && (_MSC_VER == 1200) - , ... // VC60 workaround: prevent VC 6 from inlining this function -#endif - ) -{ -#if defined(_MSC_VER) && (_MSC_VER == 1200) - AS2(mov ecx, [state]) - AS2(mov edx, [data]) -#endif - - #define LOCALS_SIZE 8*4 + 16*4 + 4*WORD_SZ - #define H(i) [BASE+ASM_MOD(1024+7-(i),8)*4] - #define G(i) H(i+1) - #define F(i) H(i+2) - #define E(i) H(i+3) - #define D(i) H(i+4) - #define C(i) H(i+5) - #define B(i) H(i+6) - #define A(i) H(i+7) - #define Wt(i) BASE+8*4+ASM_MOD(1024+15-(i),16)*4 - #define Wt_2(i) Wt((i)-2) - #define Wt_15(i) Wt((i)-15) - #define Wt_7(i) Wt((i)-7) - #define K_END [BASE+8*4+16*4+0*WORD_SZ] - #define STATE_SAVE [BASE+8*4+16*4+1*WORD_SZ] - #define DATA_SAVE [BASE+8*4+16*4+2*WORD_SZ] - #define DATA_END [BASE+8*4+16*4+3*WORD_SZ] - #define Kt(i) WORD_REG(si)+(i)*4 -#if CRYPTOPP_BOOL_X86 - #define BASE esp+4 -#elif defined(__GNUC__) - #define BASE r8 -#else - #define BASE rsp -#endif - -#define RA0(i, edx, edi) \ - AS2( add edx, [Kt(i)] )\ - AS2( add edx, [Wt(i)] )\ - AS2( add edx, H(i) )\ - -#define RA1(i, edx, edi) - -#define RB0(i, edx, edi) - -#define RB1(i, edx, edi) \ - AS2( mov AS_REG_7d, [Wt_2(i)] )\ - AS2( mov edi, [Wt_15(i)])\ - AS2( mov ebx, AS_REG_7d )\ - AS2( shr AS_REG_7d, 10 )\ - AS2( ror ebx, 17 )\ - AS2( xor AS_REG_7d, ebx )\ - AS2( ror ebx, 2 )\ - AS2( xor ebx, AS_REG_7d )/* s1(W_t-2) */\ - AS2( add ebx, [Wt_7(i)])\ - AS2( mov AS_REG_7d, edi )\ - AS2( shr AS_REG_7d, 3 )\ - AS2( ror edi, 7 )\ - AS2( add ebx, [Wt(i)])/* s1(W_t-2) + W_t-7 + W_t-16 */\ - AS2( xor AS_REG_7d, edi )\ - AS2( add edx, [Kt(i)])\ - AS2( ror edi, 11 )\ - AS2( add edx, H(i) )\ - AS2( xor AS_REG_7d, edi )/* s0(W_t-15) */\ - AS2( add AS_REG_7d, ebx )/* W_t = s1(W_t-2) + W_t-7 + s0(W_t-15) W_t-16*/\ - AS2( mov [Wt(i)], AS_REG_7d)\ - AS2( add edx, AS_REG_7d )\ - -#define ROUND(i, r, eax, ecx, edi, edx)\ - /* in: edi = E */\ - /* unused: eax, ecx, temp: ebx, AS_REG_7d, out: edx = T1 */\ - AS2( mov edx, F(i) )\ - AS2( xor edx, G(i) )\ - AS2( and edx, edi )\ - AS2( xor edx, G(i) )/* Ch(E,F,G) = (G^(E&(F^G))) */\ - AS2( mov AS_REG_7d, edi )\ - AS2( ror edi, 6 )\ - AS2( ror AS_REG_7d, 25 )\ - RA##r(i, edx, edi )/* H + Wt + Kt + Ch(E,F,G) */\ - AS2( xor AS_REG_7d, edi )\ - AS2( ror edi, 5 )\ - AS2( xor AS_REG_7d, edi )/* S1(E) */\ - AS2( add edx, AS_REG_7d )/* T1 = S1(E) + Ch(E,F,G) + H + Wt + Kt */\ - RB##r(i, edx, edi )/* H + Wt + Kt + Ch(E,F,G) */\ - /* in: ecx = A, eax = B^C, edx = T1 */\ - /* unused: edx, temp: ebx, AS_REG_7d, out: eax = A, ecx = B^C, edx = E */\ - AS2( mov ebx, ecx )\ - AS2( xor ecx, B(i) )/* A^B */\ - AS2( and eax, ecx )\ - AS2( xor eax, B(i) )/* Maj(A,B,C) = B^((A^B)&(B^C) */\ - AS2( mov AS_REG_7d, ebx )\ - AS2( ror ebx, 2 )\ - AS2( add eax, edx )/* T1 + Maj(A,B,C) */\ - AS2( add edx, D(i) )\ - AS2( mov D(i), edx )\ - AS2( ror AS_REG_7d, 22 )\ - AS2( xor AS_REG_7d, ebx )\ - AS2( ror ebx, 11 )\ - AS2( xor AS_REG_7d, ebx )\ - AS2( add eax, AS_REG_7d )/* T1 + S0(A) + Maj(A,B,C) */\ - AS2( mov H(i), eax )\ - -#define SWAP_COPY(i) \ - AS2( mov WORD_REG(bx), [WORD_REG(dx)+i*WORD_SZ])\ - AS1( bswap WORD_REG(bx))\ - AS2( mov [Wt(i*(1+CRYPTOPP_BOOL_X64)+CRYPTOPP_BOOL_X64)], WORD_REG(bx)) - -#if defined(__GNUC__) - #if CRYPTOPP_BOOL_X64 - FixedSizeAlignedSecBlock<byte, LOCALS_SIZE> workspace; - #endif - __asm__ __volatile__ - ( - #if CRYPTOPP_BOOL_X64 - "lea %4, %%r8;" - #endif - ".intel_syntax noprefix;" -#elif defined(CRYPTOPP_GENERATE_X64_MASM) - ALIGN 8 - X86_SHA256_HashBlocks PROC FRAME - rex_push_reg rsi - push_reg rdi - push_reg rbx - push_reg rbp - alloc_stack(LOCALS_SIZE+8) - .endprolog - mov rdi, r8 - lea rsi, [?SHA256_K@CryptoPP@@3QBIB + 48*4] -#endif - -#if CRYPTOPP_BOOL_X86 - #ifndef __GNUC__ - AS2( mov edi, [len]) - AS2( lea WORD_REG(si), [SHA256_K+48*4]) - #endif - #if !defined(_MSC_VER) || (_MSC_VER < 1400) - AS_PUSH_IF86(bx) - #endif - - AS_PUSH_IF86(bp) - AS2( mov ebx, esp) - AS2( and esp, -16) - AS2( sub WORD_REG(sp), LOCALS_SIZE) - AS_PUSH_IF86(bx) -#endif - AS2( mov STATE_SAVE, WORD_REG(cx)) - AS2( mov DATA_SAVE, WORD_REG(dx)) - AS2( lea WORD_REG(ax), [WORD_REG(di) + WORD_REG(dx)]) - AS2( mov DATA_END, WORD_REG(ax)) - AS2( mov K_END, WORD_REG(si)) - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#if CRYPTOPP_BOOL_X86 - AS2( test edi, 1) - ASJ( jnz, 2, f) - AS1( dec DWORD PTR K_END) -#endif - AS2( movdqa xmm0, XMMWORD_PTR [WORD_REG(cx)+0*16]) - AS2( movdqa xmm1, XMMWORD_PTR [WORD_REG(cx)+1*16]) -#endif - -#if CRYPTOPP_BOOL_X86 -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - ASJ( jmp, 0, f) -#endif - ASL(2) // non-SSE2 - AS2( mov esi, ecx) - AS2( lea edi, A(0)) - AS2( mov ecx, 8) - AS1( rep movsd) - AS2( mov esi, K_END) - ASJ( jmp, 3, f) -#endif - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - ASL(0) - AS2( movdqa E(0), xmm1) - AS2( movdqa A(0), xmm0) -#endif -#if CRYPTOPP_BOOL_X86 - ASL(3) -#endif - AS2( sub WORD_REG(si), 48*4) - SWAP_COPY(0) SWAP_COPY(1) SWAP_COPY(2) SWAP_COPY(3) - SWAP_COPY(4) SWAP_COPY(5) SWAP_COPY(6) SWAP_COPY(7) -#if CRYPTOPP_BOOL_X86 - SWAP_COPY(8) SWAP_COPY(9) SWAP_COPY(10) SWAP_COPY(11) - SWAP_COPY(12) SWAP_COPY(13) SWAP_COPY(14) SWAP_COPY(15) -#endif - AS2( mov edi, E(0)) // E - AS2( mov eax, B(0)) // B - AS2( xor eax, C(0)) // B^C - AS2( mov ecx, A(0)) // A - - ROUND(0, 0, eax, ecx, edi, edx) - ROUND(1, 0, ecx, eax, edx, edi) - ROUND(2, 0, eax, ecx, edi, edx) - ROUND(3, 0, ecx, eax, edx, edi) - ROUND(4, 0, eax, ecx, edi, edx) - ROUND(5, 0, ecx, eax, edx, edi) - ROUND(6, 0, eax, ecx, edi, edx) - ROUND(7, 0, ecx, eax, edx, edi) - ROUND(8, 0, eax, ecx, edi, edx) - ROUND(9, 0, ecx, eax, edx, edi) - ROUND(10, 0, eax, ecx, edi, edx) - ROUND(11, 0, ecx, eax, edx, edi) - ROUND(12, 0, eax, ecx, edi, edx) - ROUND(13, 0, ecx, eax, edx, edi) - ROUND(14, 0, eax, ecx, edi, edx) - ROUND(15, 0, ecx, eax, edx, edi) - - ASL(1) - AS2(add WORD_REG(si), 4*16) - ROUND(0, 1, eax, ecx, edi, edx) - ROUND(1, 1, ecx, eax, edx, edi) - ROUND(2, 1, eax, ecx, edi, edx) - ROUND(3, 1, ecx, eax, edx, edi) - ROUND(4, 1, eax, ecx, edi, edx) - ROUND(5, 1, ecx, eax, edx, edi) - ROUND(6, 1, eax, ecx, edi, edx) - ROUND(7, 1, ecx, eax, edx, edi) - ROUND(8, 1, eax, ecx, edi, edx) - ROUND(9, 1, ecx, eax, edx, edi) - ROUND(10, 1, eax, ecx, edi, edx) - ROUND(11, 1, ecx, eax, edx, edi) - ROUND(12, 1, eax, ecx, edi, edx) - ROUND(13, 1, ecx, eax, edx, edi) - ROUND(14, 1, eax, ecx, edi, edx) - ROUND(15, 1, ecx, eax, edx, edi) - AS2( cmp WORD_REG(si), K_END) - ASJ( jb, 1, b) - - AS2( mov WORD_REG(dx), DATA_SAVE) - AS2( add WORD_REG(dx), 64) - AS2( mov AS_REG_7, STATE_SAVE) - AS2( mov DATA_SAVE, WORD_REG(dx)) - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#if CRYPTOPP_BOOL_X86 - AS2( test DWORD PTR K_END, 1) - ASJ( jz, 4, f) -#endif - AS2( movdqa xmm1, XMMWORD_PTR [AS_REG_7+1*16]) - AS2( movdqa xmm0, XMMWORD_PTR [AS_REG_7+0*16]) - AS2( paddd xmm1, E(0)) - AS2( paddd xmm0, A(0)) - AS2( movdqa [AS_REG_7+1*16], xmm1) - AS2( movdqa [AS_REG_7+0*16], xmm0) - AS2( cmp WORD_REG(dx), DATA_END) - ASJ( jb, 0, b) -#endif - -#if CRYPTOPP_BOOL_X86 -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - ASJ( jmp, 5, f) - ASL(4) // non-SSE2 -#endif - AS2( add [AS_REG_7+0*4], ecx) // A - AS2( add [AS_REG_7+4*4], edi) // E - AS2( mov eax, B(0)) - AS2( mov ebx, C(0)) - AS2( mov ecx, D(0)) - AS2( add [AS_REG_7+1*4], eax) - AS2( add [AS_REG_7+2*4], ebx) - AS2( add [AS_REG_7+3*4], ecx) - AS2( mov eax, F(0)) - AS2( mov ebx, G(0)) - AS2( mov ecx, H(0)) - AS2( add [AS_REG_7+5*4], eax) - AS2( add [AS_REG_7+6*4], ebx) - AS2( add [AS_REG_7+7*4], ecx) - AS2( mov ecx, AS_REG_7d) - AS2( cmp WORD_REG(dx), DATA_END) - ASJ( jb, 2, b) -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - ASL(5) -#endif -#endif - - AS_POP_IF86(sp) - AS_POP_IF86(bp) - #if !defined(_MSC_VER) || (_MSC_VER < 1400) - AS_POP_IF86(bx) - #endif - -#ifdef CRYPTOPP_GENERATE_X64_MASM - add rsp, LOCALS_SIZE+8 - pop rbp - pop rbx - pop rdi - pop rsi - ret - X86_SHA256_HashBlocks ENDP -#endif - -#ifdef __GNUC__ - ".att_syntax prefix;" - : - : "c" (state), "d" (data), "S" (SHA256_K+48), "D" (len) - #if CRYPTOPP_BOOL_X64 - , "m" (workspace[0]) - #endif - : "memory", "cc", "%eax" - #if CRYPTOPP_BOOL_X64 - , "%rbx", "%r8", "%r10" - #endif - ); -#endif -} - -#endif // #if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_GENERATE_X64_MASM) - -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE -extern "C" { -void CRYPTOPP_FASTCALL X86_SHA256_HashBlocks(word32 *state, const word32 *data, size_t len); -} -#endif - -#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE) - -size_t SHA256::HashMultipleBlocks(const word32 *input, size_t length) -{ - X86_SHA256_HashBlocks(m_state, input, (length&(size_t(0)-BLOCKSIZE)) - !HasSSE2()); - return length % BLOCKSIZE; -} - -size_t SHA224::HashMultipleBlocks(const word32 *input, size_t length) -{ - X86_SHA256_HashBlocks(m_state, input, (length&(size_t(0)-BLOCKSIZE)) - !HasSSE2()); - return length % BLOCKSIZE; -} - -#endif - -#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15])) - -#define Ch(x,y,z) (z^(x&(y^z))) -#define Maj(x,y,z) (y^((x^y)&(y^z))) - -#define a(i) T[(0-i)&7] -#define b(i) T[(1-i)&7] -#define c(i) T[(2-i)&7] -#define d(i) T[(3-i)&7] -#define e(i) T[(4-i)&7] -#define f(i) T[(5-i)&7] -#define g(i) T[(6-i)&7] -#define h(i) T[(7-i)&7] - -#define R(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i));\ - d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)) - -// for SHA256 -#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22)) -#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25)) -#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3)) -#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10)) - -void SHA256::Transform(word32 *state, const word32 *data) -{ - word32 W[16]; -#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE) - // this byte reverse is a waste of time, but this function is only called by MDC - ByteReverse(W, data, BLOCKSIZE); - X86_SHA256_HashBlocks(state, W, BLOCKSIZE - !HasSSE2()); -#else - word32 T[8]; - /* Copy context->state[] to working vars */ - memcpy(T, state, sizeof(T)); - /* 64 operations, partially loop unrolled */ - for (unsigned int j=0; j<64; j+=16) - { - R( 0); R( 1); R( 2); R( 3); - R( 4); R( 5); R( 6); R( 7); - R( 8); R( 9); R(10); R(11); - R(12); R(13); R(14); R(15); - } - /* Add the working vars back into context.state[] */ - state[0] += a(0); - state[1] += b(0); - state[2] += c(0); - state[3] += d(0); - state[4] += e(0); - state[5] += f(0); - state[6] += g(0); - state[7] += h(0); -#endif -} - -/* -// smaller but slower -void SHA256::Transform(word32 *state, const word32 *data) -{ - word32 T[20]; - word32 W[32]; - unsigned int i = 0, j = 0; - word32 *t = T+8; - - memcpy(t, state, 8*4); - word32 e = t[4], a = t[0]; - - do - { - word32 w = data[j]; - W[j] = w; - w += SHA256_K[j]; - w += t[7]; - w += S1(e); - w += Ch(e, t[5], t[6]); - e = t[3] + w; - t[3] = t[3+8] = e; - w += S0(t[0]); - a = w + Maj(a, t[1], t[2]); - t[-1] = t[7] = a; - --t; - ++j; - if (j%8 == 0) - t += 8; - } while (j<16); - - do - { - i = j&0xf; - word32 w = s1(W[i+16-2]) + s0(W[i+16-15]) + W[i] + W[i+16-7]; - W[i+16] = W[i] = w; - w += SHA256_K[j]; - w += t[7]; - w += S1(e); - w += Ch(e, t[5], t[6]); - e = t[3] + w; - t[3] = t[3+8] = e; - w += S0(t[0]); - a = w + Maj(a, t[1], t[2]); - t[-1] = t[7] = a; - - w = s1(W[(i+1)+16-2]) + s0(W[(i+1)+16-15]) + W[(i+1)] + W[(i+1)+16-7]; - W[(i+1)+16] = W[(i+1)] = w; - w += SHA256_K[j+1]; - w += (t-1)[7]; - w += S1(e); - w += Ch(e, (t-1)[5], (t-1)[6]); - e = (t-1)[3] + w; - (t-1)[3] = (t-1)[3+8] = e; - w += S0((t-1)[0]); - a = w + Maj(a, (t-1)[1], (t-1)[2]); - (t-1)[-1] = (t-1)[7] = a; - - t-=2; - j+=2; - if (j%8 == 0) - t += 8; - } while (j<64); - - state[0] += a; - state[1] += t[1]; - state[2] += t[2]; - state[3] += t[3]; - state[4] += e; - state[5] += t[5]; - state[6] += t[6]; - state[7] += t[7]; -} -*/ - -#undef S0 -#undef S1 -#undef s0 -#undef s1 -#undef R - -// ************************************************************* - -void SHA384::InitState(HashWordType *state) -{ - static const word64 s[8] = { - W64LIT(0xcbbb9d5dc1059ed8), W64LIT(0x629a292a367cd507), - W64LIT(0x9159015a3070dd17), W64LIT(0x152fecd8f70e5939), - W64LIT(0x67332667ffc00b31), W64LIT(0x8eb44a8768581511), - W64LIT(0xdb0c2e0d64f98fa7), W64LIT(0x47b5481dbefa4fa4)}; - memcpy(state, s, sizeof(s)); -} - -void SHA512::InitState(HashWordType *state) -{ - static const word64 s[8] = { - W64LIT(0x6a09e667f3bcc908), W64LIT(0xbb67ae8584caa73b), - W64LIT(0x3c6ef372fe94f82b), W64LIT(0xa54ff53a5f1d36f1), - W64LIT(0x510e527fade682d1), W64LIT(0x9b05688c2b3e6c1f), - W64LIT(0x1f83d9abfb41bd6b), W64LIT(0x5be0cd19137e2179)}; - memcpy(state, s, sizeof(s)); -} - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 -CRYPTOPP_ALIGN_DATA(16) static const word64 SHA512_K[80] CRYPTOPP_SECTION_ALIGN16 = { -#else -static const word64 SHA512_K[80] = { -#endif - W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd), - W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc), - W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019), - W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118), - W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe), - W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2), - W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1), - W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694), - W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3), - W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65), - W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483), - W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5), - W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210), - W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4), - W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725), - W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70), - W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926), - W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df), - W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8), - W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b), - W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001), - W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30), - W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910), - W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8), - W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53), - W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8), - W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb), - W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3), - W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60), - W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec), - W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9), - W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b), - W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207), - W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178), - W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6), - W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b), - W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493), - W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c), - W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a), - W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817) -}; - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 -// put assembly version in separate function, otherwise MSVC 2005 SP1 doesn't generate correct code for the non-assembly version -CRYPTOPP_NAKED static void CRYPTOPP_FASTCALL SHA512_SSE2_Transform(word64 *state, const word64 *data) -{ -#ifdef __GNUC__ - __asm__ __volatile__ - ( - ".intel_syntax noprefix;" - AS1( push ebx) - AS2( mov ebx, eax) -#else - AS1( push ebx) - AS1( push esi) - AS1( push edi) - AS2( lea ebx, SHA512_K) -#endif - - AS2( mov eax, esp) - AS2( and esp, 0xfffffff0) - AS2( sub esp, 27*16) // 17*16 for expanded data, 20*8 for state - AS1( push eax) - AS2( xor eax, eax) - AS2( lea edi, [esp+4+8*8]) // start at middle of state buffer. will decrement pointer each round to avoid copying - AS2( lea esi, [esp+4+20*8+8]) // 16-byte alignment, then add 8 - - AS2( movdqa xmm0, [ecx+0*16]) - AS2( movdq2q mm4, xmm0) - AS2( movdqa [edi+0*16], xmm0) - AS2( movdqa xmm0, [ecx+1*16]) - AS2( movdqa [edi+1*16], xmm0) - AS2( movdqa xmm0, [ecx+2*16]) - AS2( movdq2q mm5, xmm0) - AS2( movdqa [edi+2*16], xmm0) - AS2( movdqa xmm0, [ecx+3*16]) - AS2( movdqa [edi+3*16], xmm0) - ASJ( jmp, 0, f) - -#define SSE2_S0_S1(r, a, b, c) \ - AS2( movq mm6, r)\ - AS2( psrlq r, a)\ - AS2( movq mm7, r)\ - AS2( psllq mm6, 64-c)\ - AS2( pxor mm7, mm6)\ - AS2( psrlq r, b-a)\ - AS2( pxor mm7, r)\ - AS2( psllq mm6, c-b)\ - AS2( pxor mm7, mm6)\ - AS2( psrlq r, c-b)\ - AS2( pxor r, mm7)\ - AS2( psllq mm6, b-a)\ - AS2( pxor r, mm6) - -#define SSE2_s0(r, a, b, c) \ - AS2( movdqa xmm6, r)\ - AS2( psrlq r, a)\ - AS2( movdqa xmm7, r)\ - AS2( psllq xmm6, 64-c)\ - AS2( pxor xmm7, xmm6)\ - AS2( psrlq r, b-a)\ - AS2( pxor xmm7, r)\ - AS2( psrlq r, c-b)\ - AS2( pxor r, xmm7)\ - AS2( psllq xmm6, c-a)\ - AS2( pxor r, xmm6) - -#define SSE2_s1(r, a, b, c) \ - AS2( movdqa xmm6, r)\ - AS2( psrlq r, a)\ - AS2( movdqa xmm7, r)\ - AS2( psllq xmm6, 64-c)\ - AS2( pxor xmm7, xmm6)\ - AS2( psrlq r, b-a)\ - AS2( pxor xmm7, r)\ - AS2( psllq xmm6, c-b)\ - AS2( pxor xmm7, xmm6)\ - AS2( psrlq r, c-b)\ - AS2( pxor r, xmm7) - - ASL(SHA512_Round) - // k + w is in mm0, a is in mm4, e is in mm5 - AS2( paddq mm0, [edi+7*8]) // h - AS2( movq mm2, [edi+5*8]) // f - AS2( movq mm3, [edi+6*8]) // g - AS2( pxor mm2, mm3) - AS2( pand mm2, mm5) - SSE2_S0_S1(mm5,14,18,41) - AS2( pxor mm2, mm3) - AS2( paddq mm0, mm2) // h += Ch(e,f,g) - AS2( paddq mm5, mm0) // h += S1(e) - AS2( movq mm2, [edi+1*8]) // b - AS2( movq mm1, mm2) - AS2( por mm2, mm4) - AS2( pand mm2, [edi+2*8]) // c - AS2( pand mm1, mm4) - AS2( por mm1, mm2) - AS2( paddq mm1, mm5) // temp = h + Maj(a,b,c) - AS2( paddq mm5, [edi+3*8]) // e = d + h - AS2( movq [edi+3*8], mm5) - AS2( movq [edi+11*8], mm5) - SSE2_S0_S1(mm4,28,34,39) // S0(a) - AS2( paddq mm4, mm1) // a = temp + S0(a) - AS2( movq [edi-8], mm4) - AS2( movq [edi+7*8], mm4) - AS1( ret) - - // first 16 rounds - ASL(0) - AS2( movq mm0, [edx+eax*8]) - AS2( movq [esi+eax*8], mm0) - AS2( movq [esi+eax*8+16*8], mm0) - AS2( paddq mm0, [ebx+eax*8]) - ASC( call, SHA512_Round) - AS1( inc eax) - AS2( sub edi, 8) - AS2( test eax, 7) - ASJ( jnz, 0, b) - AS2( add edi, 8*8) - AS2( cmp eax, 16) - ASJ( jne, 0, b) - - // rest of the rounds - AS2( movdqu xmm0, [esi+(16-2)*8]) - ASL(1) - // data expansion, W[i-2] already in xmm0 - AS2( movdqu xmm3, [esi]) - AS2( paddq xmm3, [esi+(16-7)*8]) - AS2( movdqa xmm2, [esi+(16-15)*8]) - SSE2_s1(xmm0, 6, 19, 61) - AS2( paddq xmm0, xmm3) - SSE2_s0(xmm2, 1, 7, 8) - AS2( paddq xmm0, xmm2) - AS2( movdq2q mm0, xmm0) - AS2( movhlps xmm1, xmm0) - AS2( paddq mm0, [ebx+eax*8]) - AS2( movlps [esi], xmm0) - AS2( movlps [esi+8], xmm1) - AS2( movlps [esi+8*16], xmm0) - AS2( movlps [esi+8*17], xmm1) - // 2 rounds - ASC( call, SHA512_Round) - AS2( sub edi, 8) - AS2( movdq2q mm0, xmm1) - AS2( paddq mm0, [ebx+eax*8+8]) - ASC( call, SHA512_Round) - // update indices and loop - AS2( add esi, 16) - AS2( add eax, 2) - AS2( sub edi, 8) - AS2( test eax, 7) - ASJ( jnz, 1, b) - // do housekeeping every 8 rounds - AS2( mov esi, 0xf) - AS2( and esi, eax) - AS2( lea esi, [esp+4+20*8+8+esi*8]) - AS2( add edi, 8*8) - AS2( cmp eax, 80) - ASJ( jne, 1, b) - -#define SSE2_CombineState(i) \ - AS2( movdqa xmm0, [edi+i*16])\ - AS2( paddq xmm0, [ecx+i*16])\ - AS2( movdqa [ecx+i*16], xmm0) - - SSE2_CombineState(0) - SSE2_CombineState(1) - SSE2_CombineState(2) - SSE2_CombineState(3) - - AS1( pop esp) - AS1( emms) - -#if defined(__GNUC__) - AS1( pop ebx) - ".att_syntax prefix;" - : - : "a" (SHA512_K), "c" (state), "d" (data) - : "%esi", "%edi", "memory", "cc" - ); -#else - AS1( pop edi) - AS1( pop esi) - AS1( pop ebx) - AS1( ret) -#endif -} -#endif // #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - -void SHA512::Transform(word64 *state, const word64 *data) -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 - if (HasSSE2()) - { - SHA512_SSE2_Transform(state, data); - return; - } -#endif - -#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39)) -#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41)) -#define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7)) -#define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6)) - -#define R(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i));\ - d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)) - - word64 W[16]; - word64 T[8]; - /* Copy context->state[] to working vars */ - memcpy(T, state, sizeof(T)); - /* 80 operations, partially loop unrolled */ - for (unsigned int j=0; j<80; j+=16) - { - R( 0); R( 1); R( 2); R( 3); - R( 4); R( 5); R( 6); R( 7); - R( 8); R( 9); R(10); R(11); - R(12); R(13); R(14); R(15); - } - /* Add the working vars back into context.state[] */ - state[0] += a(0); - state[1] += b(0); - state[2] += c(0); - state[3] += d(0); - state[4] += e(0); - state[5] += f(0); - state[6] += g(0); - state[7] += h(0); -} - -NAMESPACE_END - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM -#endif // #ifndef CRYPTOPP_IMPORTS diff --git a/cryptopp562/sha.h b/cryptopp562/sha.h deleted file mode 100644 index 679081e..0000000 --- a/cryptopp562/sha.h +++ /dev/null @@ -1,63 +0,0 @@ -#ifndef CRYPTOPP_SHA_H -#define CRYPTOPP_SHA_H - -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// <a href="http://www.weidai.com/scan-mirror/md.html#SHA-1">SHA-1</a> -class CRYPTOPP_DLL SHA1 : public IteratedHashWithStaticTransform<word32, BigEndian, 64, 20, SHA1> -{ -public: - static void CRYPTOPP_API InitState(HashWordType *state); - static void CRYPTOPP_API Transform(word32 *digest, const word32 *data); - static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-1";} -}; - -typedef SHA1 SHA; // for backwards compatibility - -//! implements the SHA-256 standard -class CRYPTOPP_DLL SHA256 : public IteratedHashWithStaticTransform<word32, BigEndian, 64, 32, SHA256, 32, true> -{ -public: -#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE) - size_t HashMultipleBlocks(const word32 *input, size_t length); -#endif - static void CRYPTOPP_API InitState(HashWordType *state); - static void CRYPTOPP_API Transform(word32 *digest, const word32 *data); - static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-256";} -}; - -//! implements the SHA-224 standard -class CRYPTOPP_DLL SHA224 : public IteratedHashWithStaticTransform<word32, BigEndian, 64, 32, SHA224, 28, true> -{ -public: -#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE) - size_t HashMultipleBlocks(const word32 *input, size_t length); -#endif - static void CRYPTOPP_API InitState(HashWordType *state); - static void CRYPTOPP_API Transform(word32 *digest, const word32 *data) {SHA256::Transform(digest, data);} - static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-224";} -}; - -//! implements the SHA-512 standard -class CRYPTOPP_DLL SHA512 : public IteratedHashWithStaticTransform<word64, BigEndian, 128, 64, SHA512, 64, CRYPTOPP_BOOL_X86> -{ -public: - static void CRYPTOPP_API InitState(HashWordType *state); - static void CRYPTOPP_API Transform(word64 *digest, const word64 *data); - static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-512";} -}; - -//! implements the SHA-384 standard -class CRYPTOPP_DLL SHA384 : public IteratedHashWithStaticTransform<word64, BigEndian, 128, 64, SHA384, 48, CRYPTOPP_BOOL_X86> -{ -public: - static void CRYPTOPP_API InitState(HashWordType *state); - static void CRYPTOPP_API Transform(word64 *digest, const word64 *data) {SHA512::Transform(digest, data);} - static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-384";} -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/sha3.cpp b/cryptopp562/sha3.cpp deleted file mode 100644 index 7db82c1..0000000 --- a/cryptopp562/sha3.cpp +++ /dev/null @@ -1,284 +0,0 @@ -// sha3.cpp - modified by Wei Dai from Ronny Van Keer's public domain Keccak-simple.c
-// all modifications here are placed in the public domain by Wei Dai
-
-/*
-The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
-Michael Peeters and Gilles Van Assche. For more information, feedback or
-questions, please refer to our website: http://keccak.noekeon.org/
-
-Implementation by Ronny Van Keer,
-hereby denoted as "the implementer".
-
-To the extent possible under law, the implementer has waived all copyright
-and related or neighboring rights to the source code in this file.
-http://creativecommons.org/publicdomain/zero/1.0/
-*/
-
-#include "pch.h"
-#include "sha3.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-static const word64 KeccakF_RoundConstants[24] =
-{
- W64LIT(0x0000000000000001), W64LIT(0x0000000000008082), W64LIT(0x800000000000808a),
- W64LIT(0x8000000080008000), W64LIT(0x000000000000808b), W64LIT(0x0000000080000001),
- W64LIT(0x8000000080008081), W64LIT(0x8000000000008009), W64LIT(0x000000000000008a),
- W64LIT(0x0000000000000088), W64LIT(0x0000000080008009), W64LIT(0x000000008000000a),
- W64LIT(0x000000008000808b), W64LIT(0x800000000000008b), W64LIT(0x8000000000008089),
- W64LIT(0x8000000000008003), W64LIT(0x8000000000008002), W64LIT(0x8000000000000080),
- W64LIT(0x000000000000800a), W64LIT(0x800000008000000a), W64LIT(0x8000000080008081),
- W64LIT(0x8000000000008080), W64LIT(0x0000000080000001), W64LIT(0x8000000080008008)
-};
-
-static void KeccakF1600(word64 *state)
-{
- {
- word64 Aba, Abe, Abi, Abo, Abu;
- word64 Aga, Age, Agi, Ago, Agu;
- word64 Aka, Ake, Aki, Ako, Aku;
- word64 Ama, Ame, Ami, Amo, Amu;
- word64 Asa, Ase, Asi, Aso, Asu;
- word64 BCa, BCe, BCi, BCo, BCu;
- word64 Da, De, Di, Do, Du;
- word64 Eba, Ebe, Ebi, Ebo, Ebu;
- word64 Ega, Ege, Egi, Ego, Egu;
- word64 Eka, Eke, Eki, Eko, Eku;
- word64 Ema, Eme, Emi, Emo, Emu;
- word64 Esa, Ese, Esi, Eso, Esu;
-
- //copyFromState(A, state)
- typedef BlockGetAndPut<word64, LittleEndian, true, true> Block;
- Block::Get(state)(Aba)(Abe)(Abi)(Abo)(Abu)(Aga)(Age)(Agi)(Ago)(Agu)(Aka)(Ake)(Aki)(Ako)(Aku)(Ama)(Ame)(Ami)(Amo)(Amu)(Asa)(Ase)(Asi)(Aso)(Asu);
-
- for( unsigned int round = 0; round < 24; round += 2 )
- {
- // prepareTheta
- BCa = Aba^Aga^Aka^Ama^Asa;
- BCe = Abe^Age^Ake^Ame^Ase;
- BCi = Abi^Agi^Aki^Ami^Asi;
- BCo = Abo^Ago^Ako^Amo^Aso;
- BCu = Abu^Agu^Aku^Amu^Asu;
-
- //thetaRhoPiChiIotaPrepareTheta(round , A, E)
- Da = BCu^rotlFixed(BCe, 1);
- De = BCa^rotlFixed(BCi, 1);
- Di = BCe^rotlFixed(BCo, 1);
- Do = BCi^rotlFixed(BCu, 1);
- Du = BCo^rotlFixed(BCa, 1);
-
- Aba ^= Da;
- BCa = Aba;
- Age ^= De;
- BCe = rotlFixed(Age, 44);
- Aki ^= Di;
- BCi = rotlFixed(Aki, 43);
- Amo ^= Do;
- BCo = rotlFixed(Amo, 21);
- Asu ^= Du;
- BCu = rotlFixed(Asu, 14);
- Eba = BCa ^((~BCe)& BCi );
- Eba ^= (word64)KeccakF_RoundConstants[round];
- Ebe = BCe ^((~BCi)& BCo );
- Ebi = BCi ^((~BCo)& BCu );
- Ebo = BCo ^((~BCu)& BCa );
- Ebu = BCu ^((~BCa)& BCe );
-
- Abo ^= Do;
- BCa = rotlFixed(Abo, 28);
- Agu ^= Du;
- BCe = rotlFixed(Agu, 20);
- Aka ^= Da;
- BCi = rotlFixed(Aka, 3);
- Ame ^= De;
- BCo = rotlFixed(Ame, 45);
- Asi ^= Di;
- BCu = rotlFixed(Asi, 61);
- Ega = BCa ^((~BCe)& BCi );
- Ege = BCe ^((~BCi)& BCo );
- Egi = BCi ^((~BCo)& BCu );
- Ego = BCo ^((~BCu)& BCa );
- Egu = BCu ^((~BCa)& BCe );
-
- Abe ^= De;
- BCa = rotlFixed(Abe, 1);
- Agi ^= Di;
- BCe = rotlFixed(Agi, 6);
- Ako ^= Do;
- BCi = rotlFixed(Ako, 25);
- Amu ^= Du;
- BCo = rotlFixed(Amu, 8);
- Asa ^= Da;
- BCu = rotlFixed(Asa, 18);
- Eka = BCa ^((~BCe)& BCi );
- Eke = BCe ^((~BCi)& BCo );
- Eki = BCi ^((~BCo)& BCu );
- Eko = BCo ^((~BCu)& BCa );
- Eku = BCu ^((~BCa)& BCe );
-
- Abu ^= Du;
- BCa = rotlFixed(Abu, 27);
- Aga ^= Da;
- BCe = rotlFixed(Aga, 36);
- Ake ^= De;
- BCi = rotlFixed(Ake, 10);
- Ami ^= Di;
- BCo = rotlFixed(Ami, 15);
- Aso ^= Do;
- BCu = rotlFixed(Aso, 56);
- Ema = BCa ^((~BCe)& BCi );
- Eme = BCe ^((~BCi)& BCo );
- Emi = BCi ^((~BCo)& BCu );
- Emo = BCo ^((~BCu)& BCa );
- Emu = BCu ^((~BCa)& BCe );
-
- Abi ^= Di;
- BCa = rotlFixed(Abi, 62);
- Ago ^= Do;
- BCe = rotlFixed(Ago, 55);
- Aku ^= Du;
- BCi = rotlFixed(Aku, 39);
- Ama ^= Da;
- BCo = rotlFixed(Ama, 41);
- Ase ^= De;
- BCu = rotlFixed(Ase, 2);
- Esa = BCa ^((~BCe)& BCi );
- Ese = BCe ^((~BCi)& BCo );
- Esi = BCi ^((~BCo)& BCu );
- Eso = BCo ^((~BCu)& BCa );
- Esu = BCu ^((~BCa)& BCe );
-
- // prepareTheta
- BCa = Eba^Ega^Eka^Ema^Esa;
- BCe = Ebe^Ege^Eke^Eme^Ese;
- BCi = Ebi^Egi^Eki^Emi^Esi;
- BCo = Ebo^Ego^Eko^Emo^Eso;
- BCu = Ebu^Egu^Eku^Emu^Esu;
-
- //thetaRhoPiChiIotaPrepareTheta(round+1, E, A)
- Da = BCu^rotlFixed(BCe, 1);
- De = BCa^rotlFixed(BCi, 1);
- Di = BCe^rotlFixed(BCo, 1);
- Do = BCi^rotlFixed(BCu, 1);
- Du = BCo^rotlFixed(BCa, 1);
-
- Eba ^= Da;
- BCa = Eba;
- Ege ^= De;
- BCe = rotlFixed(Ege, 44);
- Eki ^= Di;
- BCi = rotlFixed(Eki, 43);
- Emo ^= Do;
- BCo = rotlFixed(Emo, 21);
- Esu ^= Du;
- BCu = rotlFixed(Esu, 14);
- Aba = BCa ^((~BCe)& BCi );
- Aba ^= (word64)KeccakF_RoundConstants[round+1];
- Abe = BCe ^((~BCi)& BCo );
- Abi = BCi ^((~BCo)& BCu );
- Abo = BCo ^((~BCu)& BCa );
- Abu = BCu ^((~BCa)& BCe );
-
- Ebo ^= Do;
- BCa = rotlFixed(Ebo, 28);
- Egu ^= Du;
- BCe = rotlFixed(Egu, 20);
- Eka ^= Da;
- BCi = rotlFixed(Eka, 3);
- Eme ^= De;
- BCo = rotlFixed(Eme, 45);
- Esi ^= Di;
- BCu = rotlFixed(Esi, 61);
- Aga = BCa ^((~BCe)& BCi );
- Age = BCe ^((~BCi)& BCo );
- Agi = BCi ^((~BCo)& BCu );
- Ago = BCo ^((~BCu)& BCa );
- Agu = BCu ^((~BCa)& BCe );
-
- Ebe ^= De;
- BCa = rotlFixed(Ebe, 1);
- Egi ^= Di;
- BCe = rotlFixed(Egi, 6);
- Eko ^= Do;
- BCi = rotlFixed(Eko, 25);
- Emu ^= Du;
- BCo = rotlFixed(Emu, 8);
- Esa ^= Da;
- BCu = rotlFixed(Esa, 18);
- Aka = BCa ^((~BCe)& BCi );
- Ake = BCe ^((~BCi)& BCo );
- Aki = BCi ^((~BCo)& BCu );
- Ako = BCo ^((~BCu)& BCa );
- Aku = BCu ^((~BCa)& BCe );
-
- Ebu ^= Du;
- BCa = rotlFixed(Ebu, 27);
- Ega ^= Da;
- BCe = rotlFixed(Ega, 36);
- Eke ^= De;
- BCi = rotlFixed(Eke, 10);
- Emi ^= Di;
- BCo = rotlFixed(Emi, 15);
- Eso ^= Do;
- BCu = rotlFixed(Eso, 56);
- Ama = BCa ^((~BCe)& BCi );
- Ame = BCe ^((~BCi)& BCo );
- Ami = BCi ^((~BCo)& BCu );
- Amo = BCo ^((~BCu)& BCa );
- Amu = BCu ^((~BCa)& BCe );
-
- Ebi ^= Di;
- BCa = rotlFixed(Ebi, 62);
- Ego ^= Do;
- BCe = rotlFixed(Ego, 55);
- Eku ^= Du;
- BCi = rotlFixed(Eku, 39);
- Ema ^= Da;
- BCo = rotlFixed(Ema, 41);
- Ese ^= De;
- BCu = rotlFixed(Ese, 2);
- Asa = BCa ^((~BCe)& BCi );
- Ase = BCe ^((~BCi)& BCo );
- Asi = BCi ^((~BCo)& BCu );
- Aso = BCo ^((~BCu)& BCa );
- Asu = BCu ^((~BCa)& BCe );
- }
-
- //copyToState(state, A)
- Block::Put(NULL, state)(Aba)(Abe)(Abi)(Abo)(Abu)(Aga)(Age)(Agi)(Ago)(Agu)(Aka)(Ake)(Aki)(Ako)(Aku)(Ama)(Ame)(Ami)(Amo)(Amu)(Asa)(Ase)(Asi)(Aso)(Asu);
- }
-}
-
-void SHA3::Update(const byte *input, size_t length)
-{
- size_t spaceLeft;
- while (length >= (spaceLeft = r() - m_counter))
- {
- xorbuf(m_state.BytePtr() + m_counter, input, spaceLeft);
- KeccakF1600(m_state);
- input += spaceLeft;
- length -= spaceLeft;
- m_counter = 0;
- }
-
- xorbuf(m_state.BytePtr() + m_counter, input, length);
- m_counter += (unsigned int)length;
-}
-
-void SHA3::Restart()
-{
- memset(m_state, 0, m_state.SizeInBytes());
- m_counter = 0;
-}
-
-void SHA3::TruncatedFinal(byte *hash, size_t size)
-{
- ThrowIfInvalidTruncatedSize(size);
- m_state.BytePtr()[m_counter] ^= 1;
- m_state.BytePtr()[r()-1] ^= 0x80;
- KeccakF1600(m_state);
- memcpy(hash, m_state, size);
- Restart();
-}
-
-NAMESPACE_END
diff --git a/cryptopp562/sha3.h b/cryptopp562/sha3.h deleted file mode 100644 index 232bae5..0000000 --- a/cryptopp562/sha3.h +++ /dev/null @@ -1,65 +0,0 @@ -// sha3.h - written and placed in the public domain by Wei Dai
-
-#ifndef CRYPTOPP_SHA3_H
-#define CRYPTOPP_SHA3_H
-
-#include "cryptlib.h"
-#include "secblock.h"
-
-NAMESPACE_BEGIN(CryptoPP)
-
-/// <a href="http://en.wikipedia.org/wiki/SHA-3">SHA-3</a>
-class SHA3 : public HashTransformation
-{
-public:
- SHA3(unsigned int digestSize) : m_digestSize(digestSize) {Restart();}
- unsigned int DigestSize() const {return m_digestSize;}
- std::string AlgorithmName() const {return "SHA-3-" + IntToString(m_digestSize*8);}
- unsigned int OptimalDataAlignment() const {return GetAlignmentOf<word64>();}
-
- void Update(const byte *input, size_t length);
- void Restart();
- void TruncatedFinal(byte *hash, size_t size);
-
-protected:
- inline unsigned int r() const {return 200 - 2 * m_digestSize;}
-
- FixedSizeSecBlock<word64, 25> m_state;
- unsigned int m_digestSize, m_counter;
-};
-
-class SHA3_224 : public SHA3
-{
-public:
- CRYPTOPP_CONSTANT(DIGESTSIZE = 28)
- SHA3_224() : SHA3(DIGESTSIZE) {}
- static const char * StaticAlgorithmName() {return "SHA-3-224";}
-};
-
-class SHA3_256 : public SHA3
-{
-public:
- CRYPTOPP_CONSTANT(DIGESTSIZE = 32)
- SHA3_256() : SHA3(DIGESTSIZE) {}
- static const char * StaticAlgorithmName() {return "SHA-3-256";}
-};
-
-class SHA3_384 : public SHA3
-{
-public:
- CRYPTOPP_CONSTANT(DIGESTSIZE = 48)
- SHA3_384() : SHA3(DIGESTSIZE) {}
- static const char * StaticAlgorithmName() {return "SHA-3-384";}
-};
-
-class SHA3_512 : public SHA3
-{
-public:
- CRYPTOPP_CONSTANT(DIGESTSIZE = 64)
- SHA3_512() : SHA3(DIGESTSIZE) {}
- static const char * StaticAlgorithmName() {return "SHA-3-512";}
-};
-
-NAMESPACE_END
-
-#endif
diff --git a/cryptopp562/shacal2.cpp b/cryptopp562/shacal2.cpp deleted file mode 100644 index b0360e4..0000000 --- a/cryptopp562/shacal2.cpp +++ /dev/null @@ -1,140 +0,0 @@ -// shacal2.cpp - by Kevin Springle, 2003 -// -// Portions of this code were derived from -// Wei Dai's implementation of SHA-2 -// -// The original code and all modifications are in the public domain. - -#include "pch.h" -#include "shacal2.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -// SHACAL-2 function and round definitions - -#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22)) -#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25)) -#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3)) -#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10)) - -#define Ch(x,y,z) (z^(x&(y^z))) -#define Maj(x,y,z) ((x&y)|(z&(x|y))) - -/* R is the SHA-256 round function. */ -/* This macro increments the k argument as a side effect. */ -#define R(a,b,c,d,e,f,g,h,k) \ - h+=S1(e)+Ch(e,f,g)+*k++;d+=h;h+=S0(a)+Maj(a,b,c); - -/* P is the inverse of the SHA-256 round function. */ -/* This macro decrements the k argument as a side effect. */ -#define P(a,b,c,d,e,f,g,h,k) \ - h-=S0(a)+Maj(a,b,c);d-=h;h-=S1(e)+Ch(e,f,g)+*--k; - -void SHACAL2::Base::UncheckedSetKey(const byte *userKey, unsigned int keylen, const NameValuePairs &) -{ - AssertValidKeyLength(keylen); - - word32 *rk = m_key; - unsigned int i; - - GetUserKey(BIG_ENDIAN_ORDER, rk, m_key.size(), userKey, keylen); - for (i = 0; i < 48; i++, rk++) - { - rk[16] = rk[0] + s0(rk[1]) + rk[9] + s1(rk[14]); - rk[0] += K[i]; - } - for (i = 48; i < 64; i++, rk++) - { - rk[0] += K[i]; - } -} - -typedef BlockGetAndPut<word32, BigEndian> Block; - -void SHACAL2::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 a, b, c, d, e, f, g, h; - const word32 *rk = m_key; - - /* - * map byte array block to cipher state: - */ - Block::Get(inBlock)(a)(b)(c)(d)(e)(f)(g)(h); - - // Perform SHA-256 transformation. - - /* 64 operations, partially loop unrolled */ - for (unsigned int j=0; j<64; j+=8) - { - R(a,b,c,d,e,f,g,h,rk); - R(h,a,b,c,d,e,f,g,rk); - R(g,h,a,b,c,d,e,f,rk); - R(f,g,h,a,b,c,d,e,rk); - R(e,f,g,h,a,b,c,d,rk); - R(d,e,f,g,h,a,b,c,rk); - R(c,d,e,f,g,h,a,b,rk); - R(b,c,d,e,f,g,h,a,rk); - } - - /* - * map cipher state to byte array block: - */ - - Block::Put(xorBlock, outBlock)(a)(b)(c)(d)(e)(f)(g)(h); -} - -void SHACAL2::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 a, b, c, d, e, f, g, h; - const word32 *rk = m_key + 64; - - /* - * map byte array block to cipher state: - */ - Block::Get(inBlock)(a)(b)(c)(d)(e)(f)(g)(h); - - // Perform inverse SHA-256 transformation. - - /* 64 operations, partially loop unrolled */ - for (unsigned int j=0; j<64; j+=8) - { - P(b,c,d,e,f,g,h,a,rk); - P(c,d,e,f,g,h,a,b,rk); - P(d,e,f,g,h,a,b,c,rk); - P(e,f,g,h,a,b,c,d,rk); - P(f,g,h,a,b,c,d,e,rk); - P(g,h,a,b,c,d,e,f,rk); - P(h,a,b,c,d,e,f,g,rk); - P(a,b,c,d,e,f,g,h,rk); - } - - /* - * map cipher state to byte array block: - */ - - Block::Put(xorBlock, outBlock)(a)(b)(c)(d)(e)(f)(g)(h); -} - -// The SHACAL-2 round constants are identical to the SHA-256 round constants. -const word32 SHACAL2::Base::K[64] = -{ - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -}; - -NAMESPACE_END diff --git a/cryptopp562/shacal2.h b/cryptopp562/shacal2.h deleted file mode 100644 index 66c987f..0000000 --- a/cryptopp562/shacal2.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef CRYPTOPP_SHACAL2_H -#define CRYPTOPP_SHACAL2_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct SHACAL2_Info : public FixedBlockSize<32>, public VariableKeyLength<16, 16, 64> -{ - static const char *StaticAlgorithmName() {return "SHACAL-2";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#SHACAL-2">SHACAL-2</a> -class SHACAL2 : public SHACAL2_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<SHACAL2_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - FixedSizeSecBlock<word32, 64> m_key; - - static const word32 K[64]; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef SHACAL2::Encryption SHACAL2Encryption; -typedef SHACAL2::Decryption SHACAL2Decryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/shark.cpp b/cryptopp562/shark.cpp deleted file mode 100644 index 361147e..0000000 --- a/cryptopp562/shark.cpp +++ /dev/null @@ -1,136 +0,0 @@ -// shark.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "shark.h" -#include "misc.h" -#include "modes.h" -#include "gf256.h" - -NAMESPACE_BEGIN(CryptoPP) - -static word64 SHARKTransform(word64 a) -{ - static const byte iG[8][8] = { - 0xe7, 0x30, 0x90, 0x85, 0xd0, 0x4b, 0x91, 0x41, - 0x53, 0x95, 0x9b, 0xa5, 0x96, 0xbc, 0xa1, 0x68, - 0x02, 0x45, 0xf7, 0x65, 0x5c, 0x1f, 0xb6, 0x52, - 0xa2, 0xca, 0x22, 0x94, 0x44, 0x63, 0x2a, 0xa2, - 0xfc, 0x67, 0x8e, 0x10, 0x29, 0x75, 0x85, 0x71, - 0x24, 0x45, 0xa2, 0xcf, 0x2f, 0x22, 0xc1, 0x0e, - 0xa1, 0xf1, 0x71, 0x40, 0x91, 0x27, 0x18, 0xa5, - 0x56, 0xf4, 0xaf, 0x32, 0xd2, 0xa4, 0xdc, 0x71, - }; - - word64 result=0; - GF256 gf256(0xf5); - for (unsigned int i=0; i<8; i++) - for(unsigned int j=0; j<8; j++) - result ^= word64(gf256.Multiply(iG[i][j], GF256::Element(a>>(56-8*j)))) << (56-8*i); - return result; -} - -void SHARK::Base::UncheckedSetKey(const byte *key, unsigned int keyLen, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(keyLen); - - m_rounds = GetRoundsAndThrowIfInvalid(params, this); - m_roundKeys.New(m_rounds+1); - - // concatenate key enought times to fill a - for (unsigned int i=0; i<(m_rounds+1)*8; i++) - ((byte *)m_roundKeys.begin())[i] = key[i%keyLen]; - - SHARK::Encryption e; - e.InitForKeySetup(); - byte IV[8] = {0,0,0,0,0,0,0,0}; - CFB_Mode_ExternalCipher::Encryption cfb(e, IV); - - cfb.ProcessString((byte *)m_roundKeys.begin(), (m_rounds+1)*8); - - ConditionalByteReverse(BIG_ENDIAN_ORDER, m_roundKeys.begin(), m_roundKeys.begin(), (m_rounds+1)*8); - - m_roundKeys[m_rounds] = SHARKTransform(m_roundKeys[m_rounds]); - - if (!IsForwardTransformation()) - { - unsigned int i; - - // transform encryption round keys into decryption round keys - for (i=0; i<m_rounds/2; i++) - std::swap(m_roundKeys[i], m_roundKeys[m_rounds-i]); - - for (i=1; i<m_rounds; i++) - m_roundKeys[i] = SHARKTransform(m_roundKeys[i]); - } - -#ifdef IS_LITTLE_ENDIAN - m_roundKeys[0] = ByteReverse(m_roundKeys[0]); - m_roundKeys[m_rounds] = ByteReverse(m_roundKeys[m_rounds]); -#endif -} - -// construct an SHARK_Enc object with fixed round keys, to be used to initialize actual round keys -void SHARK::Enc::InitForKeySetup() -{ - m_rounds = DEFAULT_ROUNDS; - m_roundKeys.New(DEFAULT_ROUNDS+1); - - for (unsigned int i=0; i<DEFAULT_ROUNDS; i++) - m_roundKeys[i] = cbox[0][i]; - - m_roundKeys[DEFAULT_ROUNDS] = SHARKTransform(cbox[0][DEFAULT_ROUNDS]); - -#ifdef IS_LITTLE_ENDIAN - m_roundKeys[0] = ByteReverse(m_roundKeys[0]); - m_roundKeys[m_rounds] = ByteReverse(m_roundKeys[m_rounds]); -#endif -} - -typedef word64 ArrayOf256Word64s[256]; - -template <const byte *sbox, const ArrayOf256Word64s *cbox> -struct SharkProcessAndXorBlock{ // VC60 workaround: problem with template functions -inline SharkProcessAndXorBlock(const word64 *roundKeys, unsigned int rounds, const byte *inBlock, const byte *xorBlock, byte *outBlock) -{ - word64 tmp = *(word64 *)inBlock ^ roundKeys[0]; - - ByteOrder order = GetNativeByteOrder(); - tmp = cbox[0][GetByte(order, tmp, 0)] ^ cbox[1][GetByte(order, tmp, 1)] - ^ cbox[2][GetByte(order, tmp, 2)] ^ cbox[3][GetByte(order, tmp, 3)] - ^ cbox[4][GetByte(order, tmp, 4)] ^ cbox[5][GetByte(order, tmp, 5)] - ^ cbox[6][GetByte(order, tmp, 6)] ^ cbox[7][GetByte(order, tmp, 7)] - ^ roundKeys[1]; - - for(unsigned int i=2; i<rounds; i++) - { - tmp = cbox[0][GETBYTE(tmp, 7)] ^ cbox[1][GETBYTE(tmp, 6)] - ^ cbox[2][GETBYTE(tmp, 5)] ^ cbox[3][GETBYTE(tmp, 4)] - ^ cbox[4][GETBYTE(tmp, 3)] ^ cbox[5][GETBYTE(tmp, 2)] - ^ cbox[6][GETBYTE(tmp, 1)] ^ cbox[7][GETBYTE(tmp, 0)] - ^ roundKeys[i]; - } - - PutBlock<byte, BigEndian>(xorBlock, outBlock) - (sbox[GETBYTE(tmp, 7)]) - (sbox[GETBYTE(tmp, 6)]) - (sbox[GETBYTE(tmp, 5)]) - (sbox[GETBYTE(tmp, 4)]) - (sbox[GETBYTE(tmp, 3)]) - (sbox[GETBYTE(tmp, 2)]) - (sbox[GETBYTE(tmp, 1)]) - (sbox[GETBYTE(tmp, 0)]); - - *(word64 *)outBlock ^= roundKeys[rounds]; -}}; - -void SHARK::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - SharkProcessAndXorBlock<sbox, cbox>(m_roundKeys, m_rounds, inBlock, xorBlock, outBlock); -} - -void SHARK::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - SharkProcessAndXorBlock<sbox, cbox>(m_roundKeys, m_rounds, inBlock, xorBlock, outBlock); -} - -NAMESPACE_END diff --git a/cryptopp562/shark.h b/cryptopp562/shark.h deleted file mode 100644 index 8d5ce9b..0000000 --- a/cryptopp562/shark.h +++ /dev/null @@ -1,65 +0,0 @@ -#ifndef CRYPTOPP_SHARK_H -#define CRYPTOPP_SHARK_H - -/** \file -*/ - -#include "config.h" -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct SHARK_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 1, 16>, public VariableRounds<6, 2> -{ - static const char *StaticAlgorithmName() {return "SHARK-E";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#SHARK-E">SHARK-E</a> -class SHARK : public SHARK_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<SHARK_Info> - { - public: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶m); - - protected: - unsigned int m_rounds; - SecBlock<word64> m_roundKeys; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - // used by Base to do key setup - void InitForKeySetup(); - - private: - static const byte sbox[256]; - static const word64 cbox[8][256]; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - - private: - static const byte sbox[256]; - static const word64 cbox[8][256]; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef SHARK::Encryption SHARKEncryption; -typedef SHARK::Decryption SHARKDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/sharkbox.cpp b/cryptopp562/sharkbox.cpp deleted file mode 100644 index a0ff31f..0000000 --- a/cryptopp562/sharkbox.cpp +++ /dev/null @@ -1,4162 +0,0 @@ -#include "pch.h" -#include "shark.h" - -NAMESPACE_BEGIN(CryptoPP) - -const byte SHARK::Enc::sbox[256] = { -177, 206, 195, 149, 90, 173, 231, 2, 77, 68, 251, 145, 12, 135, 161, 80, -203, 103, 84, 221, 70, 143, 225, 78, 240, 253, 252, 235, 249, 196, 26, 110, - 94, 245, 204, 141, 28, 86, 67, 254, 7, 97, 248, 117, 89, 255, 3, 34, -138, 209, 19, 238, 136, 0, 14, 52, 21, 128, 148, 227, 237, 181, 83, 35, - 75, 71, 23, 167, 144, 53, 171, 216, 184, 223, 79, 87, 154, 146, 219, 27, - 60, 200, 153, 4, 142, 224, 215, 125, 133, 187, 64, 44, 58, 69, 241, 66, -101, 32, 65, 24, 114, 37, 147, 112, 54, 5, 242, 11, 163, 121, 236, 8, - 39, 49, 50, 182, 124, 176, 10, 115, 91, 123, 183, 129, 210, 13, 106, 38, -158, 88, 156, 131, 116, 179, 172, 48, 122, 105, 119, 15, 174, 33, 222, 208, - 46, 151, 16, 164, 152, 168, 212, 104, 45, 98, 41, 109, 22, 73, 118, 199, -232, 193, 150, 55, 229, 202, 244, 233, 99, 18, 194, 166, 20, 188, 211, 40, -175, 47, 230, 36, 82, 198, 160, 9, 189, 140, 207, 93, 17, 95, 1, 197, -159, 61, 162, 155, 201, 59, 190, 81, 25, 31, 63, 92, 178, 239, 74, 205, -191, 186, 111, 100, 217, 243, 62, 180, 170, 220, 213, 6, 192, 126, 246, 102, -108, 132, 113, 56, 185, 29, 127, 157, 72, 139, 42, 218, 165, 51, 130, 57, -214, 120, 134, 250, 228, 43, 169, 30, 137, 96, 107, 234, 85, 76, 247, 226, -}; - -const byte SHARK::Dec::sbox[256] = { - 53, 190, 7, 46, 83, 105, 219, 40, 111, 183, 118, 107, 12, 125, 54, 139, -146, 188, 169, 50, 172, 56, 156, 66, 99, 200, 30, 79, 36, 229, 247, 201, - 97, 141, 47, 63, 179, 101, 127, 112, 175, 154, 234, 245, 91, 152, 144, 177, -135, 113, 114, 237, 55, 69, 104, 163, 227, 239, 92, 197, 80, 193, 214, 202, - 90, 98, 95, 38, 9, 93, 20, 65, 232, 157, 206, 64, 253, 8, 23, 74, - 15, 199, 180, 62, 18, 252, 37, 75, 129, 44, 4, 120, 203, 187, 32, 189, -249, 41, 153, 168, 211, 96, 223, 17, 151, 137, 126, 250, 224, 155, 31, 210, -103, 226, 100, 119, 132, 43, 158, 138, 241, 109, 136, 121, 116, 87, 221, 230, - 57, 123, 238, 131, 225, 88, 242, 13, 52, 248, 48, 233, 185, 35, 84, 21, - 68, 11, 77, 102, 58, 3, 162, 145, 148, 82, 76, 195, 130, 231, 128, 192, -182, 14, 194, 108, 147, 236, 171, 67, 149, 246, 216, 70, 134, 5, 140, 176, -117, 0, 204, 133, 215, 61, 115, 122, 72, 228, 209, 89, 173, 184, 198, 208, -220, 161, 170, 2, 29, 191, 181, 159, 81, 196, 165, 16, 34, 207, 1, 186, -143, 49, 124, 174, 150, 218, 240, 86, 71, 212, 235, 78, 217, 19, 142, 73, - 85, 22, 255, 59, 244, 164, 178, 6, 160, 167, 251, 27, 110, 60, 51, 205, - 24, 94, 106, 213, 166, 33, 222, 254, 42, 28, 243, 10, 26, 25, 39, 45, -}; - -const word64 SHARK::Enc::cbox[8][256] = { -/* box 0 */ -W64LIT(0x060d838f16f3a365), -W64LIT(0xa68857ee5cae56f6), -W64LIT(0xebf516353c2c4d89), -W64LIT(0x652174be88e85bdc), -W64LIT(0x0d4e9a8086c17921), -W64LIT(0x27ba7d33cffa58a1), -W64LIT(0x88d9e104a237b530), -W64LIT(0x693b8755a4fbe816), -W64LIT(0xdac9591826b254a0), -W64LIT(0x45c2e369fb336af3), -W64LIT(0xa96e1fb87b3e4ef4), -W64LIT(0xb7578f1435eb7ef0), -W64LIT(0x839af80b32056f74), -W64LIT(0xae37f55cc71f277a), -W64LIT(0xa4208538fdff37d5), -W64LIT(0x35991e74ad3cdb6f), -W64LIT(0xba191594b32a07d1), -W64LIT(0x5344d1772e572b7b), -W64LIT(0xe7efe5de103ffe43), -W64LIT(0xa3796fdc41de5e5b), -W64LIT(0x2cf9643c5fc882e5), -W64LIT(0xffdbf6fd48196d22), -W64LIT(0x33949dfbbbcf780a), -W64LIT(0x7d15679dd0cec8bd), -W64LIT(0x5f5e229c024498b1), -W64LIT(0x1223634762c683ce), -W64LIT(0xdcc4da973041f7c5), -W64LIT(0x0b43190f9032da44), -W64LIT(0xc05598eddfc5a6e2), -W64LIT(0x9e5fd31a7753f4b8), -W64LIT(0x9afa8243c0f136fe), -W64LIT(0xcc4f6b06f3d61528), -W64LIT(0xdf38612a3bc25c0d), -W64LIT(0x43cf60e6edc0c996), -W64LIT(0xcfb3d0bbf855bee0), -W64LIT(0x96e071a8ece28534), -W64LIT(0x21b7febcd909fbc4), -W64LIT(0x8ed4628bb4c41655), -W64LIT(0x30682646b04cd3c2), -W64LIT(0xb5ff5dc294ba1fd3), -W64LIT(0x75aac52f4b7fb931), -W64LIT(0xe809ad8837afe641), -W64LIT(0x0eb2213d8d42d2e9), -W64LIT(0x9852509561a057dd), -W64LIT(0xaa92a40570bde53c), -W64LIT(0x7b18e412c63d6bd8), -W64LIT(0xa7dc3e85f67c9c1d), -W64LIT(0xd8618bce87e33583), -W64LIT(0xe34ab487a79d3c05), -W64LIT(0x20e397d773db312f), -W64LIT(0x05f138321d7008ad), -W64LIT(0x17d25b757fb68b63), -W64LIT(0x8a7133d20366d413), -W64LIT(0x0000000000000000), -W64LIT(0xeaa17f5e96fe8762), -W64LIT(0xc101f18675176c09), -W64LIT(0xbebc44cd0488c597), -W64LIT(0xdb9d30738c609e4b), -W64LIT(0xabc6cd6eda6f2fd7), -W64LIT(0x5aaf1aae1f34901c), -W64LIT(0xb00e65f089ca177e), -W64LIT(0xd47b7825abf08649), -W64LIT(0x924520f15b404772), -W64LIT(0x1686321ed5644188), -W64LIT(0x618425e73f4a999a), -W64LIT(0xe21eddec0d4ff6ee), -W64LIT(0xd787c398a0732d81), -W64LIT(0x1f6df9c7e407faef), -W64LIT(0x79b036c4676c0afb), -W64LIT(0x0fe6485627901802), -W64LIT(0x9cf701ccd602959b), -W64LIT(0xbfe82da6ae5a0f7c), -W64LIT(0x990639fecb729d36), -W64LIT(0xca42e889e525b64d), -W64LIT(0xb3f2de4d8249bcb6), -W64LIT(0x4033db5be643625e), -W64LIT(0x4167b2304c91a8b5), -W64LIT(0x108bb191c397e2ed), -W64LIT(0x1834132358269361), -W64LIT(0x541d3b93927642f5), -W64LIT(0x90edf227fa112651), -W64LIT(0x1dc52b1145569bcc), -W64LIT(0xe6bb8cb5baed34a8), -W64LIT(0xd276fbaabd03252c), -W64LIT(0x313c4f2d1a9e1929), -W64LIT(0xfd73242be9480c01), -W64LIT(0x9baeeb286a23fc15), -W64LIT(0xc9be5334eea61d85), -W64LIT(0xc70c720963e4cf6c), -W64LIT(0x3eda077b3d0e012b), -W64LIT(0x97b418c346304fdf), -W64LIT(0x32c0f490111db2e1), -W64LIT(0x2ba08ed8e3e9eb6b), -W64LIT(0x8b255ab9a9b41ef8), -W64LIT(0x91b99b4c50c3ecba), -W64LIT(0xfe8f9f96e2cba7c9), -W64LIT(0x3a7f56228aacc36d), -W64LIT(0xb15a0c9b2318dd95), -W64LIT(0x5953a11314b73bd4), -W64LIT(0xf3c10516640adee8), -W64LIT(0xedf895ba2adfeeec), -W64LIT(0xadcb4ee1cc9c8cb2), -W64LIT(0xde6c0841911096e6), -W64LIT(0x84c312ef8e2406fa), -W64LIT(0xa83a76d3d1ec841f), -W64LIT(0x1c91427aef845127), -W64LIT(0x3665a5c9a6bf70a7), -W64LIT(0xf6303d24797ad645), -W64LIT(0xcd1b026d5904dfc3), -W64LIT(0x1bc8a89e53a538a9), -W64LIT(0x7ee9dc20db4d6375), -W64LIT(0x51ec03a18f064a58), -W64LIT(0xc4f0c9b4686764a4), -W64LIT(0xdd90b3fc9a933d2e), -W64LIT(0x7a4c8d796cefa133), -W64LIT(0x73a746a05d8c1a54), -W64LIT(0x0759eae4bc21698e), -W64LIT(0xc8ea3a5f4474d76e), -W64LIT(0x38d784f42bfda24e), -W64LIT(0x231f2c6a78589ae7), -W64LIT(0xc3a92350d4460d2a), -W64LIT(0x72f32fcbf75ed0bf), -W64LIT(0xbd40ff700f0b6e5f), -W64LIT(0x157a89a3dee7ea40), -W64LIT(0x873fa95285a7ad32), -W64LIT(0x4d7d41db60821b7f), -W64LIT(0x1e3990ac4ed53004), -W64LIT(0x0a1770643ae010af), -W64LIT(0x9311499af1928d99), -W64LIT(0x64751dd5223a9137), -W64LIT(0xfa2acecf5569658f), -W64LIT(0x7c410ef67a1c0256), -W64LIT(0x56b5e945332723d6), -W64LIT(0x6f3604dab2084b73), -W64LIT(0xe95dc4e39d7d2caa), -W64LIT(0x13770a2cc8144925), -W64LIT(0xbc14961ba5d9a4b4), -W64LIT(0xb9e5ae29b8a9ac19), -W64LIT(0xf169d7c0c55bbfcb), -W64LIT(0x2446c68ec479f369), -W64LIT(0x806643b63986c4bc), -W64LIT(0x7fbdb54b719fa99e), -W64LIT(0x04a55159b7a2c246), -W64LIT(0xee042e07215c4524), -W64LIT(0x5bfb73c5b5e65af7), -W64LIT(0x0c1af3eb2c13b3ca), -W64LIT(0xa22d06b7eb0c94b0), -W64LIT(0xb8b1c742127b66f2), -W64LIT(0x285c3565e86a40a3), -W64LIT(0x3b2b3f49207e0986), -W64LIT(0x3c72d5ad9c5f6008), -W64LIT(0x770217f9ea2ed812), -W64LIT(0xfc274d40439ac6ea), -W64LIT(0x4fd5930dc1d37a5c), -W64LIT(0x2e51b6eafe99e3c6), -W64LIT(0x6b93558305aa8935), -W64LIT(0x19607a48f2f4598a), -W64LIT(0x08bfa2b29bb1718c), -W64LIT(0x3f8e6e1097dccbc0), -W64LIT(0x3983ed9f812f68a5), -W64LIT(0xac9f278a664e4659), -W64LIT(0x82ce916098d7a59f), -W64LIT(0xc2fd4a3b7e94c7c1), -W64LIT(0x66ddcf03836bf014), -W64LIT(0xe1e2665106cc5d26), -W64LIT(0x74feac44e1ad73da), -W64LIT(0x8d28d936bf47bd9d), -W64LIT(0x62789e5a34c93252), -W64LIT(0x81322add93540e57), -W64LIT(0xcb1681e24ff77ca6), -W64LIT(0x2512afe56eab3982), -W64LIT(0xd18a4017b6808ee4), -W64LIT(0x705bfd1d560fb19c), -W64LIT(0x4b70c2547671b81a), -W64LIT(0x49d81082d720d939), -W64LIT(0xe0b60f3aac1e97cd), -W64LIT(0x4e81fa666b01b0b7), -W64LIT(0x951cca15e7612efc), -W64LIT(0x463e58d4f0b0c13b), -W64LIT(0x632cf7319e1bf8b9), -W64LIT(0x5ca2992109c73379), -W64LIT(0xf764544fd3a81cae), -W64LIT(0x6ac73ce8af7843de), -W64LIT(0x9f0bba71dd813e53), -W64LIT(0x85977b8424f6cc11), -W64LIT(0x5807c878be65f13f), -W64LIT(0x686fee3e0e2922fd), -W64LIT(0x78e45fafcdbec010), -W64LIT(0x6ccabf67b98be0bb), -W64LIT(0x11dfd8fa69452806), -W64LIT(0xcee7b9d05287740b), -W64LIT(0x50b86aca25d480b3), -W64LIT(0x5df6f04aa315f992), -W64LIT(0x5e0a4bf7a896525a), -W64LIT(0x03fcbbbd0b83abc8), -W64LIT(0x8f800be01e16dcbe), -W64LIT(0xd32292c117d1efc7), -W64LIT(0xe5473708b16e9f60), -W64LIT(0x224b4501d28a500c), -W64LIT(0xfb7ea7a4ffbbaf64), -W64LIT(0x3d26bcc6368daae3), -W64LIT(0x866bc0392f7567d9), -W64LIT(0x3731cca20c6dba4c), -W64LIT(0xb603e67f9f39b41b), -W64LIT(0xa1d1bd0ae08f3f78), -W64LIT(0xd935e2a52d31ff68), -W64LIT(0xaf639c376dcded91), -W64LIT(0x0154696baad2caeb), -W64LIT(0xecacfcd1800d2407), -W64LIT(0xf03dbeab6f897520), -W64LIT(0x02a8d2d6a1516123), -W64LIT(0xf498eff2d82bb766), -W64LIT(0x710f9476fcdd7b77), -W64LIT(0xf8821c19f43804ac), -W64LIT(0xf9d675725eeace47), -W64LIT(0x1a9cc1f5f977f242), -W64LIT(0x5210b81c8485e190), -W64LIT(0x6d9ed60c13592a50), -W64LIT(0xf2956c7dced81403), -W64LIT(0xbb4d7cff19f8cd3a), -W64LIT(0x4c2928b0ca50d194), -W64LIT(0x6e626db118da8198), -W64LIT(0xe4135e631bbc558b), -W64LIT(0x9da368a77cd05f70), -W64LIT(0xa574ec53572dfd3e), -W64LIT(0x09ebcbd93163bb67), -W64LIT(0x4a24ab3fdca372f1), -W64LIT(0x429b098d4712037d), -W64LIT(0x57e1802e99f5e93d), -W64LIT(0xef50476c8b8e8fcf), -W64LIT(0xa085d4614a5df593), -W64LIT(0x34cd771f07ee1184), -W64LIT(0xc6581b62c9360587), -W64LIT(0x2dad0d57f51a480e), -W64LIT(0x898d886f08e57fdb), -W64LIT(0xd6d3aaf30aa1e76a), -W64LIT(0x76567e9240fc12f9), -W64LIT(0xb4ab34a93e68d538), -W64LIT(0xb2a6b726289b765d), -W64LIT(0x8c7cb05d15957776), -W64LIT(0x554952f838a4881e), -W64LIT(0xd52f114e01224ca2), -W64LIT(0x60d04c8c95985371), -W64LIT(0x6789a66829b93aff), -W64LIT(0x2f05df81544b292d), -W64LIT(0x476a31bf5a620bd0), -W64LIT(0xf5cc869972f97d8d), -W64LIT(0x488c79e97df213d2), -W64LIT(0x44968a0251e1a018), -W64LIT(0x26ee14586528924a), -W64LIT(0xd0de297c1c52440f), -W64LIT(0xc5a4a0dfc2b5ae4f), -W64LIT(0x29085c0e42b88a48), -W64LIT(0x142ee0c8743520ab), -W64LIT(0x2af4e7b3493b2180), -W64LIT(0x9448a37e4db3e417), -/* box 1 */ -W64LIT(0xe2795ba105ba30ce), -W64LIT(0x65b5d634f5e0fbdd), -W64LIT(0x2d7d7f1464dd8c55), -W64LIT(0xeefbf778add1c20b), -W64LIT(0x1eb0fbd1f11968e7), -W64LIT(0xe6073f45ce30cd8d), -W64LIT(0x21ffd3cdccb67e90), -W64LIT(0xdf0941cfa750a262), -W64LIT(0xc61df5b1b75ef18a), -W64LIT(0xc5c7defa9dc337c6), -W64LIT(0x2581b729073c83d3), -W64LIT(0xa5e97513167173cf), -W64LIT(0xdd3673bd381526b9), -W64LIT(0xe8baa1eef91ebb93), -W64LIT(0x3b314cf8f625eb34), -W64LIT(0x579d4bc8d5fc5df8), -W64LIT(0xbb598ec2e7681b28), -W64LIT(0xc8a06b1a80708794), -W64LIT(0x1c8fc9a36e5cec3c), -W64LIT(0xf60a5a3f0807d374), -W64LIT(0x1ace9f353a9395a4), -W64LIT(0x7e9e50387aab2cee), -W64LIT(0xb5e41069d0466d36), -W64LIT(0x8cea6ee3b92602d9), -W64LIT(0xf952ddad8af1e7fd), -W64LIT(0xb19a748d1bcc9075), -W64LIT(0x2464ae10b2e4c144), -W64LIT(0xfcc9a070f4a35829), -W64LIT(0xfa88f6e6a06c21b1), -W64LIT(0x2c98662dd105cec2), -W64LIT(0x9065a740d77aeee5), -W64LIT(0xcb7a4051aaed41d8), -W64LIT(0x55a279ba4ab9d923), -W64LIT(0x27be855b98790708), -W64LIT(0xbabc97fb52b059bf), -W64LIT(0xa19711f7ddfb8e8c), -W64LIT(0x047e64e4cb8afd43), -W64LIT(0xc386886cc90c4e5e), -W64LIT(0xc422c7c3281b7551), -W64LIT(0xfb6defdf15b46326), -W64LIT(0x01e51939b5d84297), -W64LIT(0x5cbba8be9c809432), -W64LIT(0x6f762c7b09447080), -W64LIT(0xcee13d8cd4bffe0c), -W64LIT(0x54476083ff619bb4), -W64LIT(0x6e933542bc9c3217), -W64LIT(0x4af79b520e78f353), -W64LIT(0x98996f7db49be163), -W64LIT(0xa07208ce6823cc1b), -W64LIT(0x2b3c29823012f5cd), -W64LIT(0x93bf8c0bfde728a9), -W64LIT(0x2225f886e62bb8dc), -W64LIT(0x7f7b4901cf736e79), -W64LIT(0x0000000000000000), -W64LIT(0x023f32729f4584db), -W64LIT(0xd5cabb805bf4293f), -W64LIT(0x07a44fafe1173b0f), -W64LIT(0xe95fb8d74cc6f904), -W64LIT(0x7b052de504f9933a), -W64LIT(0x6aed51a67716cf54), -W64LIT(0x68d263d4e8534b8f), -W64LIT(0xa96bd9cabe1a810a), -W64LIT(0x1d6ad09adb84aeab), -W64LIT(0x0d67b5e01db3b052), -W64LIT(0x52063615abaee22c), -W64LIT(0x8f3045a893bbc495), -W64LIT(0xd8ad0e604647996d), -W64LIT(0xaf2a8f5cead5f892), -W64LIT(0x3017af8ebf5922fe), -W64LIT(0x4034611df2dc780e), -W64LIT(0x721cfce1d2c0de2b), -W64LIT(0x28e602c91a8f3381), -W64LIT(0xe1a370ea2f27f682), -W64LIT(0x29031bf0af577116), -W64LIT(0x1914b47e100e53e8), -W64LIT(0x567852f160241f6f), -W64LIT(0x793a1f979bbc17e1), -W64LIT(0xef1eee411809809c), -W64LIT(0x6211999b14f7c0d2), -W64LIT(0x059b7ddd7e52bfd4), -W64LIT(0x43ee4a56d841be42), -W64LIT(0xf1ae1590e910e87b), -W64LIT(0x33cd84c595c4e4b2), -W64LIT(0x4b12826bbba0b1c4), -W64LIT(0xeb608aa5d3837ddf), -W64LIT(0x201acaf4796e3c07), -W64LIT(0xbf27ea262ce2e66b), -W64LIT(0x58c5cc5a570a6971), -W64LIT(0x37b3e0215e4e19f1), -W64LIT(0xab54ebb8215f05d1), -W64LIT(0x8ed55c9126638602), -W64LIT(0x9aa65d0f2bde65b8), -W64LIT(0xd7f589f2c4b1ade4), -W64LIT(0x5039046734eb66f7), -W64LIT(0x6cac073023d9b6cc), -W64LIT(0x51dc1d5e81332460), -W64LIT(0x17a92ad5272025f6), -W64LIT(0x47902eb213cb4301), -W64LIT(0x1b2b860c8f4bd733), -W64LIT(0x4f6ce68f702a4c87), -W64LIT(0xcf0424b56167bc9b), -W64LIT(0x997c76440143a3f4), -W64LIT(0x7ae034dcb121d1ad), -W64LIT(0x100d657ac6371ef9), -W64LIT(0x0ac3fa4ffca48b5d), -W64LIT(0xdeec58f61288e0f5), -W64LIT(0x265b9c622da1459f), -W64LIT(0xdcd36a848dcd642e), -W64LIT(0xe4380d3751754956), -W64LIT(0x13d74e31ecaad8b5), -W64LIT(0xfd2cb949417b1abe), -W64LIT(0x9624f1d683b5977d), -W64LIT(0x4675378ba6130196), -W64LIT(0x0b26e376497cc9ca), -W64LIT(0x41d1782447043a99), -W64LIT(0xe39c4298b0627259), -W64LIT(0xcd3b16c7fe223840), -W64LIT(0x7787813cac9261ff), -W64LIT(0x492db01924e5351f), -W64LIT(0x5afafe28c84fedaa), -W64LIT(0x8b4e214c583139d6), -W64LIT(0xccde0ffe4bfa7ad7), -W64LIT(0x76629805194a2368), -W64LIT(0x7ca1624ae5eea835), -W64LIT(0x61cbb2d03e6a069e), -W64LIT(0x48c8a920913d7788), -W64LIT(0x8068c23a114df01c), -W64LIT(0xd38bed160f3b50a7), -W64LIT(0x32289dfc201ca625), -W64LIT(0xc1b9ba1e5649ca85), -W64LIT(0xed21dc33874c0447), -W64LIT(0xa3a8238542be0a57), -W64LIT(0x5b1fe7117d97af3d), -W64LIT(0x3d701a6ea2ea92ac), -W64LIT(0x73f9e5d867189cbc), -W64LIT(0x9ed839ebe05498fb), -W64LIT(0x5920d563e2d22be6), -W64LIT(0xca9f59681f35034f), -W64LIT(0x11e87c4373ef5c6e), -W64LIT(0x97c1e8ef366dd5ea), -W64LIT(0xacf0a417c0483ede), -W64LIT(0xd26ef42fbae31230), -W64LIT(0xbcfdc16d067f2027), -W64LIT(0xbec2f31f993aa4fc), -W64LIT(0x45af1cc08c8ec7da), -W64LIT(0x31f2b6b70a816069), -W64LIT(0xd9481759f39fdbfa), -W64LIT(0xe5dd140ee4ad0bc1), -W64LIT(0xa6335e583cecb583), -W64LIT(0x38eb67b3dcb82d78), -W64LIT(0xf5d07174229a1538), -W64LIT(0x5f6183f5b61d527e), -W64LIT(0x0f58879282f63489), -W64LIT(0x164c33ec92f86761), -W64LIT(0x444a05f93956854d), -W64LIT(0x818ddb03a495b28b), -W64LIT(0x4d53d4fdef6fc85c), -W64LIT(0x8d0f77da0cfe404e), -W64LIT(0x8416a6dedac70d5f), -W64LIT(0x666ffd7fdf7d3d91), -W64LIT(0xb63e3b22fadbab7a), -W64LIT(0xf2743edbc38d2e37), -W64LIT(0xa40c6c2aa3a93158), -W64LIT(0x9f3d20d2558cda6c), -W64LIT(0xfef692026be6dcf2), -W64LIT(0x2ea7545f4e404a19), -W64LIT(0xb2405fc631515639), -W64LIT(0x23c0e1bf53f3fa4b), -W64LIT(0x83b2e9713bd03650), -W64LIT(0x0641569654cf7998), -W64LIT(0xb883a589cdf5dd64), -W64LIT(0x3ad455c143fda9a3), -W64LIT(0x925a9532483f6a3e), -W64LIT(0xaab1f28194874746), -W64LIT(0xf435684d974257af), -W64LIT(0xd1b4df64907ed47c), -W64LIT(0x390e7e8a69606fef), -W64LIT(0xd051c65d25a696eb), -W64LIT(0xb4010950659e2fa1), -W64LIT(0x0c82acd9a86bf2c5), -W64LIT(0x88940a0772acff9a), -W64LIT(0xf39127e276556ca0), -W64LIT(0xaecf96655f0dba05), -W64LIT(0x03da2b4b2a9dc64c), -W64LIT(0x3f4f281c3daf1677), -W64LIT(0x3469cb6a74d3dfbd), -W64LIT(0xf04b0ca95cc8aaec), -W64LIT(0x1f55e2e844c12a70), -W64LIT(0x4cb6cdc45ab78acb), -W64LIT(0xc05ca327e3918812), -W64LIT(0x95feda9da9285131), -W64LIT(0xb966bcb0782d9ff3), -W64LIT(0xa7d647618934f714), -W64LIT(0xd61090cb7169ef73), -W64LIT(0x71c6d7aaf85d1867), -W64LIT(0xecc4c50a329446d0), -W64LIT(0x6450cf0d4038b94a), -W64LIT(0x420b536f6d99fcd5), -W64LIT(0x75b8b34e33d7e524), -W64LIT(0xc26391557cd40cc9), -W64LIT(0xda923c12d9021db6), -W64LIT(0x4e89ffb6c5f20e10), -W64LIT(0x0919d104d6394d11), -W64LIT(0x8aab3875ede97b41), -W64LIT(0xa88ec0f30bc2c39d), -W64LIT(0xb7db221b4f03e9ed), -W64LIT(0xc7f8ec880286b31d), -W64LIT(0x2f424d66fb98088e), -W64LIT(0xe04669d39affb415), -W64LIT(0x3eaa3125887754e0), -W64LIT(0x5e849acc03c510e9), -W64LIT(0x8257f0488e0874c7), -W64LIT(0xbd18d854b3a762b0), -W64LIT(0xb3a546ff848914ae), -W64LIT(0x9ce70b997f111c20), -W64LIT(0x3c9503571732d03b), -W64LIT(0xe7e2267c7be88f1a), -W64LIT(0x63f480a2a12f8245), -W64LIT(0x602eabe98bb24409), -W64LIT(0x941bc3a41cf013a6), -W64LIT(0x678ae4466aa57f06), -W64LIT(0x1232570859729a22), -W64LIT(0x6d491e099601f45b), -W64LIT(0x5d5eb1872958d6a5), -W64LIT(0x1473019e0dbde3ba), -W64LIT(0xa24d3abcf76648c0), -W64LIT(0x85f3bfe76f1f4fc8), -W64LIT(0x08fcc83d63e10f86), -W64LIT(0x745daa77860fa7b3), -W64LIT(0x9180be7962a2ac72), -W64LIT(0x87cc8d95f05acb13), -W64LIT(0x78df06ae2e645576), -W64LIT(0x18f1ad47a5d6117f), -W64LIT(0x358cd253c10b9d2a), -W64LIT(0x0ebd9eab372e761e), -W64LIT(0xf7ef4306bddf91e3), -W64LIT(0x7023ce934d855af0), -W64LIT(0xd42fa2b9ee2c6ba8), -W64LIT(0x3656f918eb965b66), -W64LIT(0x9d0212a0cac95eb7), -W64LIT(0x2ad930bb85cab75a), -W64LIT(0x862994ac45828984), -W64LIT(0x7d447b735036eaa2), -W64LIT(0xb07f6db4ae14d2e2), -W64LIT(0x6b08489fc2ce8dc3), -W64LIT(0x9b4344369e06272f), -W64LIT(0xad15bd2e75907c49), -W64LIT(0xdb77252b6cda5f21), -W64LIT(0xea85939c665b3f48), -W64LIT(0xc945722335a8c503), -W64LIT(0x159618a7b865a12d), -W64LIT(0x69377aed5d8b0918), -W64LIT(0x8971133ec774bd0d), -W64LIT(0x53e32f2c1e76a0bb), -W64LIT(0xf8b7c4943f29a56a), -W64LIT(0xff138b3bde3e9e65), -/* box 2 */ -W64LIT(0x7c6a2eb5fdabecc6), -W64LIT(0x401cda0a752bbea0), -W64LIT(0x1925217156dc57c4), -W64LIT(0x56dec6d301d70787), -W64LIT(0x41c751ff73c6ac58), -W64LIT(0xc9067697a92cb5f9), -W64LIT(0x3391c917aaa0bc85), -W64LIT(0xae0a9a4c0e742afe), -W64LIT(0xaa8ca972162a62f4), -W64LIT(0x5aa193912935df99), -W64LIT(0x86fd9135fe27e5ba), -W64LIT(0xffca074b1d3f538e), -W64LIT(0x0e3cb65d24cdfc1b), -W64LIT(0x4384b2e07fe9885d), -W64LIT(0xc73ac0ca8de149e2), -W64LIT(0x48e5bc7645972eb4), -W64LIT(0xbe0d56b46ef9ffd6), -W64LIT(0x200e6d05c0ef5f50), -W64LIT(0xe1f17dee597f7abd), -W64LIT(0x0243e31f0c2f2405), -W64LIT(0xf4ab09dd2741f567), -W64LIT(0xe4acc52547cc204f), -W64LIT(0x348f92c3b83cc272), -W64LIT(0x53837e181f645d75), -W64LIT(0xd8da319acf4c7229), -W64LIT(0x81e3cae1ecbb9b4d), -W64LIT(0xd6e687c7eb818e32), -W64LIT(0x3dad7f4a8e6d409e), -W64LIT(0x28f70b79f053cf44), -W64LIT(0x493e3783437a3c4c), -W64LIT(0xb27203f6461b27c8), -W64LIT(0xd02357e6fff0e23d), -W64LIT(0xe8d390676f2ef851), -W64LIT(0x26cbbd24d49e335f), -W64LIT(0xee1640467b5f945e), -W64LIT(0x4aa65f6949b80ab1), -W64LIT(0xb56c58225487593f), -W64LIT(0x4ffbe7a2570b5043), -W64LIT(0x0aba85633c93b411), -W64LIT(0x78ec1d8be5f5a4cc), -W64LIT(0x501b16f215a66b88), -W64LIT(0x271036d1d27321a7), -W64LIT(0x7ff2465ff769da3b), -W64LIT(0x35541936bed1d08a), -W64LIT(0xb8c886957a8893d9), -W64LIT(0x2fe950ade2cfb1b3), -W64LIT(0xf90fd76a094e3f81), -W64LIT(0x2daab3b2eee095b6), -W64LIT(0x1abd499b5c1e6139), -W64LIT(0x0c7f554228e2d81e), -W64LIT(0x425f391579049aa5), -W64LIT(0xc3bcf3f495bf01e8), -W64LIT(0xb4b7d3d7526a4bc7), -W64LIT(0x0000000000000000), -W64LIT(0xa0362c112ab9d6e5), -W64LIT(0x91e406198c364e65), -W64LIT(0x454162c16b98e452), -W64LIT(0x139fa4126a4fe3d5), -W64LIT(0x01db8bf506ed12f8), -W64LIT(0x9a85088fb648e88c), -W64LIT(0x3ab3249e9cf13e69), -W64LIT(0xd57eef2de143b8cf), -W64LIT(0xb1ea6b1c4cd91135), -W64LIT(0x7aaffe94e9da80c9), -W64LIT(0xad92f2a604b61c03), -W64LIT(0xa3ae44fb207be018), -W64LIT(0xeb4bf88d65ecceac), -W64LIT(0xc0249b1e9f7d3715), -W64LIT(0xa8cf4a6d1a0546f1), -W64LIT(0xc6e14b3f8b0c5b1a), -W64LIT(0xce182d43bbb0cb0e), -W64LIT(0xfc526fa117fd6573), -W64LIT(0x8c471456c2b451ab), -W64LIT(0xac497953025b0efb), -W64LIT(0x0486333e185e480a), -W64LIT(0x18feaa845031453c), -W64LIT(0xa1eda7e42c54c41d), -W64LIT(0x06c5d02114716c0f), -W64LIT(0x055db8cb1eb35af2), -W64LIT(0xe5774ed0412132b7), -W64LIT(0x36cc71dcb413e677), -W64LIT(0x470281de67b7c057), -W64LIT(0x58e2708e251afb9c), -W64LIT(0xa914c1981ce85409), -W64LIT(0xb3a9880340f63530), -W64LIT(0x638adfe5bf06d70d), -W64LIT(0x0b610e963a7ea6e9), -W64LIT(0x927c6ef386f47898), -W64LIT(0xed8e28ac719da2a3), -W64LIT(0x7548c33ccbfa6e2a), -W64LIT(0xf3b5520935dd8b90), -W64LIT(0x8d9c9fa3c4594353), -W64LIT(0x31d22a08a68f9880), -W64LIT(0x0da4deb72e0fcae6), -W64LIT(0x8fdf7cbcc8766756), -W64LIT(0x5dbfc8453ba9a16e), -W64LIT(0x8e04f749ce9b75ae), -W64LIT(0x83a029fee094bf48), -W64LIT(0xa4b01f2f32e79eef), -W64LIT(0x1c7899ba486f0d36), -W64LIT(0x654f0fc4ab77bb02), -W64LIT(0x7db1a540fb46fe3e), -W64LIT(0x51c09d07134b7970), -W64LIT(0xcb459588a50391fc), -W64LIT(0x3fee9c558242649b), -W64LIT(0xfe118cbe1bd24176), -W64LIT(0x76d0abd6c13858d7), -W64LIT(0x5e27a0af316b9793), -W64LIT(0x69305a868395631c), -W64LIT(0x3b68af6b9a1c2c91), -W64LIT(0x6db669b89bcb2b16), -W64LIT(0xa72877c53825a812), -W64LIT(0xd3bb3f0cf532d4c0), -W64LIT(0x6ff58aa797e40f13), -W64LIT(0x96fa5dcd9eaa3092), -W64LIT(0x2c713847e80d874e), -W64LIT(0xc57923d581ce6de7), -W64LIT(0x2b6f6393fa91f9b9), -W64LIT(0x0922ed89365182ec), -W64LIT(0x324a42e2ac4dae7d), -W64LIT(0x16c21cd974fcb927), -W64LIT(0x956235279468066f), -W64LIT(0x7b747561ef379231), -W64LIT(0x449ae9346d75f6aa), -W64LIT(0xf570822821ace79f), -W64LIT(0x5939fb7b23f7e964), -W64LIT(0x7937967ee318b634), -W64LIT(0x84be722af208c1bf), -W64LIT(0x08f9667c30bc9014), -W64LIT(0xefcdcbb37db286a6), -W64LIT(0xa6f3fc303ec8baea), -W64LIT(0xea9073786301dc54), -W64LIT(0x62515410b9ebc5f5), -W64LIT(0xd260b4f9f3dfc638), -W64LIT(0x9e033bb1ae16a086), -W64LIT(0x38f0c78190de1a6c), -W64LIT(0xc267780193521310), -W64LIT(0x80384114ea5689b5), -W64LIT(0x9b5e837ab0a5fa74), -W64LIT(0xf73361372d83c39a), -W64LIT(0x3009a1fda0628a78), -W64LIT(0xd4a564d8e7aeaa37), -W64LIT(0xfb4c347505611b84), -W64LIT(0x5b7a18642fd8cd61), -W64LIT(0x239605efca2d69ad), -W64LIT(0xf8d45c9f0fa32d79), -W64LIT(0xbb50ee7f704aa524), -W64LIT(0x392b4c7496330894), -W64LIT(0x0fe73da82220eee3), -W64LIT(0x3717fa29b2fef48f), -W64LIT(0xf26ed9fc33309968), -W64LIT(0xd73d0c32ed6c9cca), -W64LIT(0xda99d285c363562c), -W64LIT(0xde1fe1bbdb3d1e26), -W64LIT(0x738d131ddf8b0225), -W64LIT(0x292c808cf6beddbc), -W64LIT(0xbc4eb5ab62d6dbd3), -W64LIT(0x039868ea0ac236fd), -W64LIT(0xcc5bce5cb79fef0b), -W64LIT(0xb031e0e94a3403cd), -W64LIT(0xc4a2a82087237f1f), -W64LIT(0xb72fbb3d58a87d3a), -W64LIT(0xafd111b908993806), -W64LIT(0x68ebd173857871e4), -W64LIT(0x9d9b535ba4d4967b), -W64LIT(0xe9081b9269c3eaa9), -W64LIT(0x71cef002d3a42620), -W64LIT(0x93a7e50680196a60), -W64LIT(0x891aac9ddc070b59), -W64LIT(0x155a74337e3e8fda), -W64LIT(0x4e206c5751e642bb), -W64LIT(0x9721d6389847226a), -W64LIT(0x12442fe76ca2f12d), -W64LIT(0x2553d5cede5c05a2), -W64LIT(0xa275cf0e2696f2e0), -W64LIT(0x24885e3bd8b1175a), -W64LIT(0x670cecdba7589f07), -W64LIT(0x749348c9cd177cd2), -W64LIT(0x64948431ad9aa9fa), -W64LIT(0x2ab4e866fc7ceb41), -W64LIT(0xe6ef263a4be3044a), -W64LIT(0xe734adcf4d0e16b2), -W64LIT(0x903f8dec8adb5c9d), -W64LIT(0xf02d3ae33f1fbd6d), -W64LIT(0x725698e8d96610dd), -W64LIT(0x1da3124f4e821fce), -W64LIT(0x1719972c7211abdf), -W64LIT(0x11dc470d6660c7d0), -W64LIT(0xec55a3597770b05b), -W64LIT(0xbfd6dd416814ed2e), -W64LIT(0x57054d26073a157f), -W64LIT(0x1e3b7aa544402933), -W64LIT(0x5ffc2b5a3786856b), -W64LIT(0x61c93cfab329f308), -W64LIT(0x3e3517a084af7663), -W64LIT(0xf6e8eac22b6ed162), -W64LIT(0x1007ccf8608dd528), -W64LIT(0x66d7672ea1b58dff), -W64LIT(0x8b594f82d0282f5c), -W64LIT(0x1fe0f15042ad3bcb), -W64LIT(0x4b7dd49c4f551849), -W64LIT(0x4c638f485dc966be), -W64LIT(0xcfc3a6b6bd5dd9f6), -W64LIT(0x46d90a2b615ad2af), -W64LIT(0x8565f9dff4e5d347), -W64LIT(0x94b9bed292851497), -W64LIT(0xfa97bf80038c097c), -W64LIT(0xb9130d607c658121), -W64LIT(0xdc5c02a4d7123a23), -W64LIT(0x224d8e1accc07b55), -W64LIT(0x87261ac0f8caf742), -W64LIT(0xd901ba6fc9a160d1), -W64LIT(0xab57228710c7700c), -W64LIT(0x21d5e6f0c6024da8), -W64LIT(0x98c6eb90ba67cc89), -W64LIT(0x827ba20be679adb0), -W64LIT(0x991d6065bc8ade71), -W64LIT(0x5546ae390b15317a), -W64LIT(0xa56b94da340a8c17), -W64LIT(0x071e5bd4129c7ef7), -W64LIT(0xe02af61b5f926845), -W64LIT(0x6b73b9998fba4719), -W64LIT(0xdfc46a4eddd00cde), -W64LIT(0x770b2023c7d54a2f), -W64LIT(0x7e29cdaaf184c8c3), -W64LIT(0xba8b658a76a7b7dc), -W64LIT(0x9c40d8aea2398483), -W64LIT(0x9fd8b044a8fbb27e), -W64LIT(0xdb425970c58e44d4), -W64LIT(0xe269150453bd4c40), -W64LIT(0x3c76f4bf88805266), -W64LIT(0xf1f6b11639f2af95), -W64LIT(0x549d25cc0df82382), -W64LIT(0x4db804bd5b247446), -W64LIT(0x8a82c477d6c53da4), -W64LIT(0x5258f5ed19894f8d), -W64LIT(0x6e2e015291091deb), -W64LIT(0xc1ff10eb999025ed), -W64LIT(0xbd953e5e643bc92b), -W64LIT(0xc8ddfd62afc1a701), -W64LIT(0x5c6443b03d44b396), -W64LIT(0x6c6de24d9d2639ee), -W64LIT(0x1481ffc678d39d22), -W64LIT(0xd1f8dc13f91df0c5), -W64LIT(0xca9e1e7da3ee8304), -W64LIT(0xdd878951d1ff28db), -W64LIT(0x6012b70fb5c4e1f0), -W64LIT(0x1b66c26e5af373c1), -W64LIT(0xe3b29ef155505eb8), -W64LIT(0x70157bf7d54934d8), -W64LIT(0x2e32db58e422a34b), -W64LIT(0x6aa8326c895755e1), -W64LIT(0xb6f430c85e456fc2), -W64LIT(0xfd89e4541110778b), -W64LIT(0x88c12768daea19a1), -W64LIT(0xcd8045a9b172fdf3), -/* box 3 */ -W64LIT(0x99183e616655b742), -W64LIT(0xb2872032a50d6860), -W64LIT(0x0946f63b060528ef), -W64LIT(0x36612b9a141ef07d), -W64LIT(0x0634da84dd49579b), -W64LIT(0xfc9c9e9b486c8a57), -W64LIT(0xa63fe3c0744e6fd0), -W64LIT(0xf1515758d8b46bf9), -W64LIT(0x3e82559fcd5197ff), -W64LIT(0x92e12d262bc40177), -W64LIT(0xc3bb433a5a7752c5), -W64LIT(0x21c3852a5183267a), -W64LIT(0x39130725cf528f09), -W64LIT(0x9ba7db1d2dc12998), -W64LIT(0xc58f99be873e055e), -W64LIT(0xd9d424498f32656c), -W64LIT(0x27f75fae8cca71e1), -W64LIT(0x59b91019a8fc3430), -W64LIT(0xce768af9caafb36b), -W64LIT(0x9d930199f0887e03), -W64LIT(0x63b07a7ef3706a8e), -W64LIT(0xb5167288a70e7096), -W64LIT(0x40cc1a28e967d22e), -W64LIT(0x4d01d3eb79bf3380), -W64LIT(0x9e896cdb6456afb4), -W64LIT(0x2548bad2c75eef3b), -W64LIT(0xa79a6bfeab0420bd), -W64LIT(0x9f2ce4e5bb1ce0d9), -W64LIT(0x32ea146282c3393c), -W64LIT(0x6d67defff7765a97), -W64LIT(0x83775912b31080eb), -W64LIT(0xf5da68a04e69a2b8), -W64LIT(0x1196743498d4819c), -W64LIT(0x0bf913474d91b635), -W64LIT(0x43d6776a7db90399), -W64LIT(0x444725d07fba1b6f), -W64LIT(0x6584a0fa2e393d15), -W64LIT(0x3f27dda1121bd892), -W64LIT(0xf6c005e2dab7730f), -W64LIT(0x56cb3ca673b04b44), -W64LIT(0x642128c4f1737278), -W64LIT(0xbf4ae9f135d589ce), -W64LIT(0xb038c54eee99f6ba), -W64LIT(0xf47fe09e9123edd5), -W64LIT(0x75b75cf069a7f3e4), -W64LIT(0xd419ed8a1fea84c2), -W64LIT(0x73838674b4eea47f), -W64LIT(0x498aec13ef62fac1), -W64LIT(0x20660d148ec96917), -W64LIT(0xa48006bc3fdaf10a), -W64LIT(0x2f1421ab55851663), -W64LIT(0x0a5c9b7992dbf958), -W64LIT(0xd1375a4c567d02ee), -W64LIT(0x0000000000000000), -W64LIT(0xc842507d17e6e4f0), -W64LIT(0xf3eeb2249320f523), -W64LIT(0xc9e7d843c8acab9d), -W64LIT(0xff86f3d9dcb25be0), -W64LIT(0xb4b3fab678443ffb), -W64LIT(0xb19d4d7031d3b9d7), -W64LIT(0x79df1d0d26355d27), -W64LIT(0x8eba90d123c86145), -W64LIT(0xaa57a23d3bdcc113), -W64LIT(0xcb583d3f83383547), -W64LIT(0xd871ac7750782a01), -W64LIT(0xe162ab529f2aa508), -W64LIT(0x38b68f1b1018c064), -W64LIT(0x237c60561a17b8a0), -W64LIT(0xa31154063dd9e9fc), -W64LIT(0x713c6308ff7a3aa5), -W64LIT(0x1a6f6773d54537a9), -W64LIT(0x08e37e05d94f6782), -W64LIT(0x357b46d880c021ca), -W64LIT(0x6cc256c1283c15fa), -W64LIT(0xcfd302c715e5fc06), -W64LIT(0xbdf50c8d7e411714), -W64LIT(0x7cf1aacb6fa2db0b), -W64LIT(0x5240035ee56d8205), -W64LIT(0x7b60f8716da1c3fd), -W64LIT(0x01a5883edf4a4f6d), -W64LIT(0xdd5f1bb119efac2d), -W64LIT(0x5474d9da3824d59e), -W64LIT(0x0f722cbfdb4c7f74), -W64LIT(0x17a2aeb0459dd607), -W64LIT(0x37c4a3a4cb54bf10), -W64LIT(0xc21ecb04853d1da8), -W64LIT(0x4273ff54a2f34cf4), -W64LIT(0xdace490b1becb4db), -W64LIT(0x6af68c45f5754261), -W64LIT(0x46f8c0ac342e85b5), -W64LIT(0x854383966e59d770), -W64LIT(0x81c8bc6ef8841e31), -W64LIT(0x3bace25984c611d3), -W64LIT(0x1033fc0a479ecef1), -W64LIT(0x1c5bbdf7080c6032), -W64LIT(0x7412d4ceb6edbc89), -W64LIT(0xa8e8474170485fc9), -W64LIT(0xb8dbbb4b37d69138), -W64LIT(0x079152ba020318f6), -W64LIT(0x72260e4a6ba4eb12), -W64LIT(0x905ec85a60509fad), -W64LIT(0x2dabc4d71e1188b9), -W64LIT(0xd092d27289374d83), -W64LIT(0x610f9f02b8e4f454), -W64LIT(0x02bfe57c4b949eda), -W64LIT(0x95707f9c29c71981), -W64LIT(0x6fd83b83bce2c44d), -W64LIT(0x5d322fe13e21fd71), -W64LIT(0x34decee65f8a6ea7), -W64LIT(0xcd6ce7bb5e7162dc), -W64LIT(0xfb0dcc214a6f92a1), -W64LIT(0x2eb1a9958acf590e), -W64LIT(0xdcfa938fc6a5e340), -W64LIT(0x669ecdb8bae7eca2), -W64LIT(0x151d4bcc0e0948dd), -W64LIT(0xfd3916a59726c53a), -W64LIT(0x581c982777b67b5d), -W64LIT(0x1bcaef4d0a0f78c4), -W64LIT(0xdfe0fecd527b32f7), -W64LIT(0x128c19760c0a502b), -W64LIT(0x84e60ba8b113981d), -W64LIT(0x3c3db0e386c50925), -W64LIT(0x7febc789fb7c0abc), -W64LIT(0x7d5422f5b0e89466), -W64LIT(0xd70380c88b345575), -W64LIT(0xbbc1d609a308408f), -W64LIT(0xe278c6100bf474bf), -W64LIT(0x5e2842a3aaff2cc6), -W64LIT(0x6b53047b2a3f0d0c), -W64LIT(0xf7658ddc05fd3c62), -W64LIT(0x9a025323f28b66f5), -W64LIT(0x8c0575ad685cff9f), -W64LIT(0x76ad31b2fd792253), -W64LIT(0x68496939bee1dcbb), -W64LIT(0x7e4e4fb7243645d1), -W64LIT(0xe44c1c94d6bd2324), -W64LIT(0xbeef61cfea9fc6a3), -W64LIT(0x91fb4064bf1ad0c0), -W64LIT(0x052eb7c64997862c), -W64LIT(0x4a9081517bbc2b76), -W64LIT(0x8f1f18effc822e28), -W64LIT(0x3a096a675b8c5ebe), -W64LIT(0xee1087ed4466da7c), -W64LIT(0x2652d79053803e8c), -W64LIT(0x7099eb36203075c8), -W64LIT(0xc7307cc2ccaa9b84), -W64LIT(0x5c97a7dfe16bb21c), -W64LIT(0x50ffe622aef91cdf), -W64LIT(0x8da0fd93b716b0f2), -W64LIT(0x69ece10761ab93d6), -W64LIT(0x31f07920161de88b), -W64LIT(0x13299148d3401f46), -W64LIT(0x031a6d4294ded1b7), -W64LIT(0xccc96f85813b2db1), -W64LIT(0x14b8c3f2d14307b0), -W64LIT(0x8659eed4fa8706c7), -W64LIT(0xba645e377c420fe2), -W64LIT(0x2920fb2f88cc41f8), -W64LIT(0x87fc66ea25cd49aa), -W64LIT(0x1ee4588b4398fee8), -W64LIT(0xecaf62910ff244a6), -W64LIT(0xf817a163deb14316), -W64LIT(0x45e2adeea0f05402), -W64LIT(0x806d345027ce515c), -W64LIT(0x576eb498acfa0429), -W64LIT(0xa5258e82e090be67), -W64LIT(0x892bc26b21cb79b3), -W64LIT(0x6e7db3bd63a88b20), -W64LIT(0x4e1bbea9ed61e237), -W64LIT(0xadc6f08739dfd9e5), -W64LIT(0x8b9427176a5fe769), -W64LIT(0xa1aeb17a764d7726), -W64LIT(0x4b35096fa4f6641b), -W64LIT(0x22d9e868c55df7cd), -W64LIT(0x55d151e4e76e9af3), -W64LIT(0x966a12debd19c836), -W64LIT(0x0dcdc9c390d8e1ae), -W64LIT(0xf24b3a1a4c6aba4e), -W64LIT(0x24ed32ec1814a056), -W64LIT(0xaf7915fb724b473f), -W64LIT(0x2885731157860e95), -W64LIT(0x9c3689a72fc2316e), -W64LIT(0x475d4892eb64cad8), -W64LIT(0xac6378b9e6959688), -W64LIT(0xa00b3944a907384b), -W64LIT(0xc695f4fc13e0d4e9), -W64LIT(0x3055f11ec957a7e6), -W64LIT(0x6215f2402c3a25e3), -W64LIT(0xde4576f38d317d9a), -W64LIT(0x9344a518f48e4e1a), -W64LIT(0x82d2d12c6c5acf86), -W64LIT(0xefb50fd39b2c9511), -W64LIT(0xe981d5574665c28a), -W64LIT(0x5f8dca9d75b563ab), -W64LIT(0xb60c1fca33d0a121), -W64LIT(0xfe237be703f8148d), -W64LIT(0xd6a608f6547e1a18), -W64LIT(0xb97e3375e89cde55), -W64LIT(0xd388bf301de99c34), -W64LIT(0x5b06f565e368aaea), -W64LIT(0xf0f4df6607fe2494), -W64LIT(0x1607268e9ad7996a), -W64LIT(0xaedc9dc5ad010852), -W64LIT(0xe0c7236c4060ea65), -W64LIT(0xea9bb815d2bb133d), -W64LIT(0x888e4a55fe8136de), -W64LIT(0x5aa37d5b3c22e587), -W64LIT(0xc104a64611e3cc1f), -W64LIT(0x515a6e1c71b353b2), -W64LIT(0xc42a118058744a33), -W64LIT(0x7708b98c22336d3e), -W64LIT(0x2a3a966d1c12904f), -W64LIT(0x8a31af29b515a804), -W64LIT(0xed0aeaafd0b80bcb), -W64LIT(0x2c0e4ce9c15bc7d4), -W64LIT(0x0c6841fd4f92aec3), -W64LIT(0x98bdb65fb91ff82f), -W64LIT(0x1f41d0b59cd2b185), -W64LIT(0xb322a80c7a47270d), -W64LIT(0xe6f3f9e89d29bdfe), -W64LIT(0x7ac5704fb2eb8c90), -W64LIT(0xa94dcf7faf0210a4), -W64LIT(0x787a9533f97f124a), -W64LIT(0xdb6bc135c4a6fbb6), -W64LIT(0x048b3ff896ddc941), -W64LIT(0xe8245d69992f8de7), -W64LIT(0xe3dd4e2ed4be3bd2), -W64LIT(0xcafdb5015c727a2a), -W64LIT(0xb7a997f4ec9aee4c), -W64LIT(0xe75671d64263f293), -W64LIT(0x2b9f1e53c358df22), -W64LIT(0x18d0820f9ed1a973), -W64LIT(0xabf22a03e4968e7e), -W64LIT(0xa2b4dc38e293a691), -W64LIT(0x673b458665ada3cf), -W64LIT(0xf9b2295d01fb0c7b), -W64LIT(0xd22d370ec2a3d359), -W64LIT(0x97cf9ae06253875b), -W64LIT(0x0ed7a48104063019), -W64LIT(0x482f642d3028b5ac), -W64LIT(0xc0a12e78cea98372), -W64LIT(0x4fbe3697322bad5a), -W64LIT(0x19750a31419be61e), -W64LIT(0x41699216362d9d43), -W64LIT(0xd5bc65b4c0a0cbaf), -W64LIT(0xe5e994aa09f76c49), -W64LIT(0xeb3e302b0df15c50), -W64LIT(0x94d5f7a2f68d56ec), -W64LIT(0x53e58b603a27cd68), -W64LIT(0x3d9838dd598f4648), -W64LIT(0x60aa173c67aebb39), -W64LIT(0x1dfe35c9d7462f5f), -W64LIT(0x4ca45bd5a6f57ced), -W64LIT(0xbc5084b3a10b5879), -W64LIT(0xfaa8441f9525ddcc), -W64LIT(0x334f9c5c5d897651), -/* box 4 */ -W64LIT(0xda1687a883adf27e), -W64LIT(0xe35c9378578d9f22), -W64LIT(0x303ca4531637fa40), -W64LIT(0xa088321f74b20375), -W64LIT(0xc9863f3a9acb95e9), -W64LIT(0x5fcf47c57d0b0ed4), -W64LIT(0x4aa211e4e1280b4b), -W64LIT(0xe1a4c9ba871d1289), -W64LIT(0x4926664759f03a4f), -W64LIT(0xadfb36ede3707bca), -W64LIT(0xcf7bd1891f8ef7e1), -W64LIT(0x9735559e8f882792), -W64LIT(0x5932a976f84e6cdc), -W64LIT(0x9dc792bef547818a), -W64LIT(0x06fdeeb385456208), -W64LIT(0x46ad38771ea2cf5b), -W64LIT(0x5eb36aa41543b27b), -W64LIT(0x8b2eb33cd1bcb511), -W64LIT(0x71105ff6e598ebbc), -W64LIT(0x5441ad846f8c1463), -W64LIT(0x4c5fff57646d6943), -W64LIT(0xf3485c49f633c9b1), -W64LIT(0x9cbbbfdf9d0f3d25), -W64LIT(0x22d031a067192178), -W64LIT(0xca0248992213a4ed), -W64LIT(0x19627fb263a9c18f), -W64LIT(0x9330e1efda5dc831), -W64LIT(0x1390b89219666797), -W64LIT(0x2edf18339893e568), -W64LIT(0x6c779435d3e4c590), -W64LIT(0x53c06e568281cac4), -W64LIT(0x6ff3e3966b3cf494), -W64LIT(0xfe3b58bb61f1b10e), -W64LIT(0x77edb14560dd89b4), -W64LIT(0x02f85ac2d0908dab), -W64LIT(0x12ec95f3712edb38), -W64LIT(0x85d9c06dfea6fcaa), -W64LIT(0x90b4964c6285f935), -W64LIT(0xf1b0068b26a3441a), -W64LIT(0x729428555d40dab8), -W64LIT(0x5c4b3066c5d33fd0), -W64LIT(0x5d371d07ad9b837f), -W64LIT(0xa48d866e2167ecd6), -W64LIT(0xb661139d504937ee), -W64LIT(0xa27068dda4228ede), -W64LIT(0xf8c6b608e4b4d306), -W64LIT(0x6bf657e73ee91b37), -W64LIT(0xac871b8c8b38c765), -W64LIT(0x4ea7a595b4fde4e8), -W64LIT(0x0d7304f297c278bf), -W64LIT(0xb71d3efc38018b41), -W64LIT(0xae7f414e5ba84ace), -W64LIT(0xaf036c2f33e0f661), -W64LIT(0x0000000000000000), -W64LIT(0xb89660cc7f537e55), -W64LIT(0xa675dcacf1f7617d), -W64LIT(0x610490c74426bd2f), -W64LIT(0xc18ca2d83094be5a), -W64LIT(0x2adaac42cd460acb), -W64LIT(0x7d1f76651a122fac), -W64LIT(0xc58916a9654151f9), -W64LIT(0xedabe0297897d699), -W64LIT(0x2d5b6f90204bd46c), -W64LIT(0x26d585d132cccedb), -W64LIT(0x9f3fc87c25d70c21), -W64LIT(0xc60d610add9960fd), -W64LIT(0x80a0597dc33bafa6), -W64LIT(0xd0e44088f9625466), -W64LIT(0x1d67cbc3367c2e2c), -W64LIT(0x2c2742f1480368c3), -W64LIT(0x89d6e9fe012c38ba), -W64LIT(0xe9ae54582d42393a), -W64LIT(0x3ecbd702392db3fb), -W64LIT(0xb5e5643ee89106ea), -W64LIT(0xa882affddeed28c6), -W64LIT(0x1ae60811db71f08b), -W64LIT(0x924ccc8eb215749e), -W64LIT(0xfcc30279b1613ca5), -W64LIT(0x825803bf13ab220d), -W64LIT(0xd992f00b3b75c37a), -W64LIT(0xc8fa125bf2832946), -W64LIT(0x35453d432baaa94c), -W64LIT(0xf9ba9b698cfc6fa9), -W64LIT(0x37bd6781fb3a24e7), -W64LIT(0x791ac2144fc7c00f), -W64LIT(0x16e9218224fb349b), -W64LIT(0xdb6aaac9ebe54ed1), -W64LIT(0xd8eedd6a533d7fd5), -W64LIT(0x7c635b04725a9303), -W64LIT(0x553d80e507c4a8cc), -W64LIT(0x9a46516c184a5f2d), -W64LIT(0x14117b40f46bb930), -W64LIT(0x1ee3bc608ea41f28), -W64LIT(0x27a9a8b05a847274), -W64LIT(0x4050d6c49be7ad53), -W64LIT(0x7be298d69f574da4), -W64LIT(0x6a8a7a8656a1a798), -W64LIT(0x4d23d2360c25d5ec), -W64LIT(0x1014cf31a1be5693), -W64LIT(0xb264a7ec059cd84d), -W64LIT(0xea2a23fb959a083e), -W64LIT(0xf0cc2bea4eebf8b5), -W64LIT(0x76919c240895351b), -W64LIT(0x0b8eea4112871ab7), -W64LIT(0x47d1151676ea73f4), -W64LIT(0xbdeff9dc42ce2d59), -W64LIT(0x2ba68123a50eb664), -W64LIT(0x057999103d9d530c), -W64LIT(0xe759270902587081), -W64LIT(0xef53baeba8075b32), -W64LIT(0x4fdb88f4dcb55847), -W64LIT(0x6e8fcef70374483b), -W64LIT(0x1168e250c9f6ea3c), -W64LIT(0x1b9a2570b3394c24), -W64LIT(0x706c72978dd05713), -W64LIT(0x865db7ce467ecdae), -W64LIT(0x52bc4337eac9766b), -W64LIT(0x504419f53a59fbc0), -W64LIT(0x8f2b074d84695ab2), -W64LIT(0x6078bda62c6e0180), -W64LIT(0x43d4a167233f9c57), -W64LIT(0x0ef773512f1a49bb), -W64LIT(0x0c0f2993ff8ac410), -W64LIT(0x4bde3c858960b7e4), -W64LIT(0x66855315a92b6388), -W64LIT(0xd360372b41ba6562), -W64LIT(0x584e84179006d073), -W64LIT(0x9b3a7c0d7002e382), -W64LIT(0xa5f1ab0f492f5079), -W64LIT(0x2822f6801dd68760), -W64LIT(0x445562b5ce3242f0), -W64LIT(0xaa7af53f0e7da56d), -W64LIT(0x3c338dc0e9bd3e50), -W64LIT(0x3bb24e1204b0e0f7), -W64LIT(0xd59dd998c4ff076a), -W64LIT(0x91c8bb2d0acd459a), -W64LIT(0x84a5ed0c96ee4005), -W64LIT(0x33b8d3f0aeefcb44), -W64LIT(0x57c5da27d7542567), -W64LIT(0x32c4fe91c6a777eb), -W64LIT(0x3439102243e215e3), -W64LIT(0xc7714c6bb5d1dc52), -W64LIT(0x3fb7fa6351650f54), -W64LIT(0x87219aaf2e367101), -W64LIT(0xf5b5b2fa7376abb9), -W64LIT(0x412cfba5f3af11fc), -W64LIT(0xdceb691b06e89076), -W64LIT(0xbb12176fc78b4f51), -W64LIT(0x73e8053435086617), -W64LIT(0xe220be193fc5238d), -W64LIT(0xb09cfd2ed50c55e6), -W64LIT(0xb9ea4dad171bc2fa), -W64LIT(0x9e43e51d4d9fb08e), -W64LIT(0x36c14ae093729848), -W64LIT(0xa9fe829cb6a59469), -W64LIT(0x0405b47155d5efa3), -W64LIT(0x0af2c7207acfa618), -W64LIT(0x7e9b01c6a2ca1ea8), -W64LIT(0xdd97447a6ea02cd9), -W64LIT(0x0781c3d2ed0ddea7), -W64LIT(0x7866ef75278f7ca0), -W64LIT(0xd1986de9912ae8c9), -W64LIT(0xcb7e65f84a5b1842), -W64LIT(0xcd838b4bcf1e7a4a), -W64LIT(0xab06d85e663519c2), -W64LIT(0xd4e1f4f9acb7bbc5), -W64LIT(0xfdbf2f18d929800a), -W64LIT(0xf23471289e7b751e), -W64LIT(0xbc93d4bd2a8691f6), -W64LIT(0x3d4fa0a181f582ff), -W64LIT(0xba6e3a0eafc3f3fe), -W64LIT(0x5ab6ded540965dd8), -W64LIT(0xeb560e9afdd2b491), -W64LIT(0x0976b083c217971c), -W64LIT(0xecd7cd4810df6a36), -W64LIT(0x23ac1cc10f519dd7), -W64LIT(0xbe6b8e7ffa161c5d), -W64LIT(0x7fe72ca7ca82a207), -W64LIT(0xc0f08fb958dc02f5), -W64LIT(0x7a9eb5b7f71ff10b), -W64LIT(0xa709f1cd99bfddd2), -W64LIT(0x8dd35d8f54f9d719), -W64LIT(0x8caf70ee3cb16bb6), -W64LIT(0xe4dd50aaba804185), -W64LIT(0x83242ede7be39ea2), -W64LIT(0x98be0baec8dad286), -W64LIT(0x690e0d25ee79969c), -W64LIT(0x95cd0f5c5f18aa39), -W64LIT(0x56b9f746bf1c99c8), -W64LIT(0x7469c6e6d805b8b0), -W64LIT(0x8a529e5db9f409be), -W64LIT(0xe6250a686a10cc2e), -W64LIT(0x2fa33552f0db59c7), -W64LIT(0x42a88c064b7720f8), -W64LIT(0x6d0bb954bbac793f), -W64LIT(0x181e52d30be17d20), -W64LIT(0xbf17a31e925ea0f2), -W64LIT(0x94b1223d37501696), -W64LIT(0xe8d27939450a8595), -W64LIT(0xccffa62aa756c6e5), -W64LIT(0x383639b1bc68d1f3), -W64LIT(0xee2f978ac04fe79d), -W64LIT(0xa30c45bccc6a3271), -W64LIT(0x1f9f9101e6eca387), -W64LIT(0xb1e0d04fbd44e949), -W64LIT(0x242ddf13e25c4370), -W64LIT(0x156d56219c23059f), -W64LIT(0x88aac49f69648415), -W64LIT(0x6280e764fcfe8c2b), -W64LIT(0xdf6f1eb8be30a172), -W64LIT(0xe5a17dcbd2c8fd2a), -W64LIT(0xe0d8e4dbef55ae26), -W64LIT(0x63fcca0594b63084), -W64LIT(0xa1f41f7e1cfabfda), -W64LIT(0x295edbe1759e3bcf), -W64LIT(0x67f97e74c163df27), -W64LIT(0x038477a3b8d83104), -W64LIT(0xde1333d9d6781ddd), -W64LIT(0x3ace63736cf85c58), -W64LIT(0xd619ae3b7c27366e), -W64LIT(0x5bcaf3b428dee177), -W64LIT(0xb3188a8d6dd464e2), -W64LIT(0x1c1be6a25e349283), -W64LIT(0x017c2d616848bcaf), -W64LIT(0x8e572a2cec21e61d), -W64LIT(0xf631c559cbae9abd), -W64LIT(0x81dc741cab731309), -W64LIT(0xff4775da09b90da1), -W64LIT(0xb499495f80d9ba45), -W64LIT(0x0f8b5e304752f514), -W64LIT(0x394a14d0d4206d5c), -W64LIT(0xce07fce877c64b4e), -W64LIT(0xf4c99f9b1b3e1716), -W64LIT(0xc4f53bc80d09ed56), -W64LIT(0xc208d57b884c8f5e), -W64LIT(0x080a9de2aa5f2bb3), -W64LIT(0x314089327e7f46ef), -W64LIT(0xfa3eecca34245ead), -W64LIT(0x20286b62b789acd3), -W64LIT(0x7515eb87b04d041f), -W64LIT(0x513834945211476f), -W64LIT(0x650124b611f3528c), -W64LIT(0x17950ce34cb38834), -W64LIT(0x45294fd4a67afe5f), -W64LIT(0x21544603dfc1107c), -W64LIT(0x485a4b2631b886e0), -W64LIT(0x6872204486312a33), -W64LIT(0x647d09d779bbee23), -W64LIT(0x2551f2728a14ffdf), -W64LIT(0xd765835a146f8ac1), -W64LIT(0xd21c1a4a29f2d9cd), -W64LIT(0x99c226cfa0926e29), -W64LIT(0xfb42c1ab5c6ce202), -W64LIT(0xc374f81ae00433f1), -W64LIT(0x964978ffe7c09b3d), -W64LIT(0xf74de838a3e62612), -/* box 5 */ -W64LIT(0x74b87b36b0592c6a), -W64LIT(0x3d82d75dffb4b81c), -W64LIT(0x8884246715267825), -W64LIT(0xdaf2d8a77ed4e5de), -W64LIT(0xfeb118650e53f9c7), -W64LIT(0xbd2d1aea59226b06), -W64LIT(0x26ce87f6dbabb191), -W64LIT(0x32772ecbeb66bd0a), -W64LIT(0xd4bbf82bc5104c8c), -W64LIT(0x055357720c4e03a1), -W64LIT(0xef5be62a32d0f6fd), -W64LIT(0xbe1c84c45d186aca), -W64LIT(0xacc7e4a565a1643c), -W64LIT(0x8dd7731519687b84), -W64LIT(0x11eafe4f3c830f3a), -W64LIT(0x04ef8e68a358afe5), -W64LIT(0x40ad9ca1534b930d), -W64LIT(0xe44191d4855a5c0e), -W64LIT(0x6001d20b809420f1), -W64LIT(0x73666b70173b8243), -W64LIT(0x372479b9e728beab), -W64LIT(0x45fecbd35f0590ac), -W64LIT(0x7057f55e1301838f), -W64LIT(0xff0dc17fa1455583), -W64LIT(0x0cc467b810e804da), -W64LIT(0xb9c29482fa7ac4e3), -W64LIT(0xa003831d754960e6), -W64LIT(0x8a096353be0ad5ad), -W64LIT(0xdd2cc8e1d9b64bf7), -W64LIT(0xc7dc415052bfee3e), -W64LIT(0x9f0c137421d17572), -W64LIT(0x35a93e8d4c041323), -W64LIT(0x9a5f44062d9f76d3), -W64LIT(0x71eb2c44bc172fcb), -W64LIT(0x0ff5f99614d20516), -W64LIT(0x7789e518b4632da6), -W64LIT(0xc99561dce97b476c), -W64LIT(0x5276fcc06bf29dfb), -W64LIT(0x4a0b32454bd795ba), -W64LIT(0x9274add69e2fddec), -W64LIT(0x4f5865374799961b), -W64LIT(0xb2d8e37c4df06e10), -W64LIT(0xc4eddf7e5685eff2), -W64LIT(0xb3643a66e2e6c254), -W64LIT(0xd50721316a06e0c8), -W64LIT(0x8bb5ba49111c79e9), -W64LIT(0x2bb639546455190f), -W64LIT(0xf8d3d1390627fbaa), -W64LIT(0x38d1802ff3fabbbd), -W64LIT(0xdfa18fd5729ae67f), -W64LIT(0x4ee4bc2de88f3a5f), -W64LIT(0xf72628af12f5febc), -W64LIT(0x0aa6aee4189c06b7), -W64LIT(0x0000000000000000), -W64LIT(0x9eb0ca6e8ec7d936), -W64LIT(0xcb1826e84257eae4), -W64LIT(0x187dce8520250841), -W64LIT(0xc28f16225ef1ed9f), -W64LIT(0xc333cf38f1e741db), -W64LIT(0x4220db95f8673e85), -W64LIT(0xdc9011fb76a0e7b3), -W64LIT(0x105627559395a37e), -W64LIT(0x2f59b73cc70db6ea), -W64LIT(0xe112c6a689145faf), -W64LIT(0x82228a830dba7e92), -W64LIT(0x2ee56e26681b1aae), -W64LIT(0x2a0ae04ecb43b54b), -W64LIT(0x47738ce7f4293d24), -W64LIT(0xa7dd935bd22bcecf), -W64LIT(0xd2d93177cd644ee1), -W64LIT(0xebb4684291885918), -W64LIT(0x0e49208cbbc4a952), -W64LIT(0xa550d46f79076347), -W64LIT(0x411145bbfc5d3f49), -W64LIT(0xe6ccd6e02e76f186), -W64LIT(0x4bb7eb5fe4c139fe), -W64LIT(0x5d8305567f2098ed), -W64LIT(0x95aabd90394d73c5), -W64LIT(0x25ff19d8df91b05d), -W64LIT(0x86cd04ebaee2d177), -W64LIT(0x03319e2e043a01cc), -W64LIT(0x6b1ba5f5371e8a02), -W64LIT(0x76353c021b7581e2), -W64LIT(0x64ee5c6323cc8f14), -W64LIT(0x5c3fdc4cd03634a9), -W64LIT(0x6996e2c19c32278a), -W64LIT(0x8938fd7dba30d461), -W64LIT(0x7b4d82a0a48b297c), -W64LIT(0xbfa05ddef20ec68e), -W64LIT(0x8ee6ed3b1d527a48), -W64LIT(0x61bd0b112f828cb5), -W64LIT(0x66631b5788e0229c), -W64LIT(0x55a8ec86cc9033d2), -W64LIT(0x1c9240ed837da7a4), -W64LIT(0x150570279fdba0df), -W64LIT(0x53ca25dac4e431bf), -W64LIT(0xd636bf1f6e3ce104), -W64LIT(0xcaa4fff2ed4146a0), -W64LIT(0x787c1c8ea0b128b0), -W64LIT(0xad7b3dbfcab7c878), -W64LIT(0xfc3c5f51a57f544f), -W64LIT(0xb78bb40e41be6db1), -W64LIT(0x8c6baa0fb67ed7c0), -W64LIT(0xce4b719a4e19e945), -W64LIT(0xf96f0823a93157ee), -W64LIT(0x7d2f4bfcacff2b11), -W64LIT(0x3eb34973fb8eb9d0), -W64LIT(0xe39f81922238f227), -W64LIT(0x239dd084d7e5b230), -W64LIT(0x1fa3dec38747a668), -W64LIT(0xc5510664f99343b6), -W64LIT(0xc829b8c6466deb28), -W64LIT(0x85fc9ac5aad8d0bb), -W64LIT(0xb6376d14eea8c1f5), -W64LIT(0x9d8154408afdd8fa), -W64LIT(0x3be01e01f7c0ba71), -W64LIT(0x628c953f2bb88d79), -W64LIT(0x6d796ca93f6a886f), -W64LIT(0xfa5e960dad0b5622), -W64LIT(0xe5fd48ce2a4cf04a), -W64LIT(0xe7700ffa81605dc2), -W64LIT(0x2dd4f0086c211b62), -W64LIT(0x2221099e78f31e74), -W64LIT(0xdb4e01bdd1c2499a), -W64LIT(0xf417b68116cfff70), -W64LIT(0xb506f33aea92c039), -W64LIT(0x514762ee6fc89c37), -W64LIT(0x9c3d8d5a25eb74be), -W64LIT(0x396d59355cec17f9), -W64LIT(0xccc636aee53544cd), -W64LIT(0x0b1a77feb78aaaf3), -W64LIT(0xe9392f763aa4f490), -W64LIT(0xaaa52df96dd56651), -W64LIT(0x46cf55fd5b3f9160), -W64LIT(0xa4ec0d75d611cf03), -W64LIT(0xaff67a8b619b65f0), -W64LIT(0x3415e797e312bf67), -W64LIT(0x7af15bba0b9d8538), -W64LIT(0x811314ad09807f5e), -W64LIT(0x8771ddf101f47d33), -W64LIT(0x969b23be3d777209), -W64LIT(0xd365e86d6272e2a5), -W64LIT(0x58d05224736e9b4c), -W64LIT(0xc660984afda9427a), -W64LIT(0x5414359c63869f96), -W64LIT(0xe885f66c95b258d4), -W64LIT(0x655285798cda2350), -W64LIT(0x6cc5b5b3907c242b), -W64LIT(0x6ff42b9d944625e7), -W64LIT(0xc0025116f5dd4017), -W64LIT(0xa28ec429de65cd6e), -W64LIT(0x63304c2584ae213d), -W64LIT(0x7fa20cc807d38699), -W64LIT(0x996eda2829a5771f), -W64LIT(0x1b4c50ab241f098d), -W64LIT(0x1e1f07d928510a2c), -W64LIT(0x33cbf7d14470114e), -W64LIT(0xb055a448e6dcc398), -W64LIT(0x98d2033286b3db5b), -W64LIT(0xec6a780436eaf731), -W64LIT(0xa1bf5a07da5fcca2), -W64LIT(0xbaf30aacfe40c52f), -W64LIT(0xf144e1f31a81fcd1), -W64LIT(0xe0ae1fbc2602f3eb), -W64LIT(0x14b9a93d30cd0c9b), -W64LIT(0x596c8b3edc783708), -W64LIT(0x682a3bdb33248bce), -W64LIT(0xb87e4d98556c68a7), -W64LIT(0x80afcdb7a696d31a), -W64LIT(0x5725abb267bc9e5a), -W64LIT(0x914533f89a15dc20), -W64LIT(0x5eb29b787b1a9921), -W64LIT(0x01bcd91aaf16ac44), -W64LIT(0xc1be880c5acbec53), -W64LIT(0xedd6a11e99fc5b75), -W64LIT(0x028d4734ab2cad88), -W64LIT(0x8f5a3421b244d60c), -W64LIT(0x4dd52203ecb53b93), -W64LIT(0x3f0f906954981594), -W64LIT(0xae4aa391ce8dc9b4), -W64LIT(0x3698a0a3483e12ef), -W64LIT(0xf5ab6f9bb9d95334), -W64LIT(0x082be9d0b3b0ab3f), -W64LIT(0xd1e8af59c95e4f2d), -W64LIT(0xd87f9f93d5f84856), -W64LIT(0x6e48f2873b5089a3), -W64LIT(0x2443c0c270871c19), -W64LIT(0xb1e97d5249ca6fdc), -W64LIT(0x7c9392e603e98755), -W64LIT(0x839e5399a2acd2d6), -W64LIT(0x19c1179f8f33a405), -W64LIT(0xde1d56cfdd8c4a3b), -W64LIT(0x20ac4eaad3dfb3fc), -W64LIT(0x1af089b18b09a5c9), -W64LIT(0x3a5cc71b58d61635), -W64LIT(0x444212c9f0133ce8), -W64LIT(0x72dab26ab82d2e07), -W64LIT(0x4c69fb1943a397d7), -W64LIT(0xf3c9a6c7b1ad5159), -W64LIT(0x1d2e99f72c6b0be0), -W64LIT(0xb4ba2a2045846c7d), -W64LIT(0xe22358888d2e5e63), -W64LIT(0x2887a77a606f18c3), -W64LIT(0xa8286acdc6f9cbd9), -W64LIT(0x5f0e4262d40c3565), -W64LIT(0xeee73f309dc65ab9), -W64LIT(0x9be39d1c8289da97), -W64LIT(0x1634ee099be1a113), -W64LIT(0xea08b1583e9ef55c), -W64LIT(0x9727faa49261de4d), -W64LIT(0x2c682912c337b726), -W64LIT(0xcff7a880e10f4501), -W64LIT(0x1788371334f70d57), -W64LIT(0x27725eec74bd1dd5), -W64LIT(0x3146b0e5ef5cbcc6), -W64LIT(0x099730ca1ca6077b), -W64LIT(0xf2757fdd1ebbfd1d), -W64LIT(0x6aa77cef98082646), -W64LIT(0xbb4fd3b65156696b), -W64LIT(0x569972a8c8aa321e), -W64LIT(0xa3321d337173612a), -W64LIT(0x50fbbbf4c0de3073), -W64LIT(0x5a5d1510d84236c4), -W64LIT(0xfd80864b0a69f80b), -W64LIT(0x07de1046a762ae29), -W64LIT(0xa6614a417d3d628b), -W64LIT(0xd78a6605c12a4d40), -W64LIT(0x67dfc24d27f68ed8), -W64LIT(0xbc91c3f0f634c742), -W64LIT(0xd05476436648e369), -W64LIT(0x493aac6b4fed9476), -W64LIT(0x12db606138b90ef6), -W64LIT(0xa994b3d769ef679d), -W64LIT(0x211097b07cc91fb8), -W64LIT(0x30fa69ff404a1082), -W64LIT(0x3c3e0e4750a21458), -W64LIT(0x7504a22c1f4f802e), -W64LIT(0x844043df05ce7cff), -W64LIT(0xf0f838e9b5975095), -W64LIT(0x7e1ed5d2a8c52add), -W64LIT(0x90f9eae235037064), -W64LIT(0x0662c95c0874026d), -W64LIT(0x9416648a965bdf81), -W64LIT(0xf69af1b5bde352f8), -W64LIT(0x0d78bea2bffea89e), -W64LIT(0x293b7e60cf79b487), -W64LIT(0xd9c346897aeee412), -W64LIT(0xfbe24f17021dfa66), -W64LIT(0x1367b97b97afa2b2), -W64LIT(0xab19f4e3c2c3ca15), -W64LIT(0x48867571e0fb3832), -W64LIT(0x93c874cc313971a8), -W64LIT(0x79c0c5940fa784f4), -W64LIT(0xcd7aefb44a23e889), -W64LIT(0x439c028f577192c1), -W64LIT(0x5be1cc0a77549a80), -/* box 6 */ -W64LIT(0x714d28d778656928), -W64LIT(0xc88a7c6b84f64f7c), -W64LIT(0xec43cac5ab89aaca), -W64LIT(0x777fa38110dc16a3), -W64LIT(0x0f7d5c87e4213b5c), -W64LIT(0x73f051e5f3a1ef51), -W64LIT(0xea714193c330d541), -W64LIT(0x95e5f3dae016c4f3), -W64LIT(0x63d3738095a0e173), -W64LIT(0x9825d66f8ff379d6), -W64LIT(0xe8cc38a148f45338), -W64LIT(0xa840b0c025f06bb0), -W64LIT(0x944135c35f748735), -W64LIT(0x74661caa247ad31c), -W64LIT(0xe7b16426acd56864), -W64LIT(0xd1e689df6e6f0589), -W64LIT(0xa73dec47c1d150ec), -W64LIT(0x64453ecf427bdd3e), -W64LIT(0x0ed99a9e5b43789a), -W64LIT(0x7b1b402dc05be840), -W64LIT(0x0dc025b56fe5bd25), -W64LIT(0x3f183a284e22293a), -W64LIT(0xa0aba108160a6ca1), -W64LIT(0x46be033705bd4703), -W64LIT(0x86df6e94b2b10f6e), -W64LIT(0xa216d83a9dceead8), -W64LIT(0x129e5b57edc5885b), -W64LIT(0x7e3074509c445274), -W64LIT(0x7d29cb7ba8e297cb), -W64LIT(0x1611a9330eb871a9), -W64LIT(0x486799a95efe3f99), -W64LIT(0x9fb39b205828459b), -W64LIT(0xd0424fc6d10d464f), -W64LIT(0xe968feb8f79610fe), -W64LIT(0x5d6f8fb164e08b8f), -W64LIT(0xaafdc9f2ae34edc9), -W64LIT(0x02bd79328bc48679), -W64LIT(0x9b3c6944bb55bc69), -W64LIT(0x6277b5992ac2a2b5), -W64LIT(0x877ba88d0dd34ca8), -W64LIT(0xfa5263f6a531db63), -W64LIT(0x2e9fde54974164de), -W64LIT(0xcda14816d8e9f548), -W64LIT(0x675c81e476dd1881), -W64LIT(0x2a102c30743c9d2c), -W64LIT(0x37f32be07dd82e2b), -W64LIT(0x256d70b7901da670), -W64LIT(0x4ce86bcdbd83c66b), -W64LIT(0x50afaa040b0536aa), -W64LIT(0xef5a75ee9f2f6f75), -W64LIT(0xb3913c4644ada73c), -W64LIT(0x1187e47cd9634de4), -W64LIT(0xc54a59deeb13f259), -W64LIT(0x0000000000000000), -W64LIT(0x01a4c619bf6243c6), -W64LIT(0x90cec7a7bc097ec7), -W64LIT(0xf94bdcdd91971edc), -W64LIT(0x8e347f5c814b087f), -W64LIT(0xc7f720ec60d77420), -W64LIT(0x354e52d2f61ca852), -W64LIT(0x34ea94cb497eeb94), -W64LIT(0xae723b964d49143b), -W64LIT(0xf48bf968fe72a3f9), -W64LIT(0xfc60e8a0cd88a4e8), -W64LIT(0x2909931b409a5893), -W64LIT(0xbd48a6d81feedfa6), -W64LIT(0x6cae2f077181da2f), -W64LIT(0xad6b84bd79efd184), -W64LIT(0x18c833ad55fb0933), -W64LIT(0x204644cacc021c44), -W64LIT(0x392ab17e269b56b1), -W64LIT(0x14acd001857cf7d0), -W64LIT(0x8abb8d386236f18d), -W64LIT(0xeefeb3f7204d2cb3), -W64LIT(0xf636805a75b62580), -W64LIT(0x2bb4ea29cb5edeea), -W64LIT(0xc653e6f5dfb537e6), -W64LIT(0x8d2dc077b5edcdc0), -W64LIT(0x31c1a0b6156151a0), -W64LIT(0xf8ef1ac42ef55d1a), -W64LIT(0xdbb0e125d65184e1), -W64LIT(0x82509cf051ccf69c), -W64LIT(0xe33e96424fa89196), -W64LIT(0xdf3f1341352c7d13), -W64LIT(0x8f90b9453e294bb9), -W64LIT(0x1023226566010e22), -W64LIT(0xa58095754a15d695), -W64LIT(0x2c22a7661c85e2a7), -W64LIT(0xe183ef70c46c17ef), -W64LIT(0xafd6fd8ff22b57fd), -W64LIT(0x471ac52ebadf04c5), -W64LIT(0x4d4cadd402e185ad), -W64LIT(0x916a01be036b3d01), -W64LIT(0x28ad5502fff81b55), -W64LIT(0x3657edf9c2ba6ded), -W64LIT(0xd2ff36f45ac9c036), -W64LIT(0xf1a0cd15a26d19cd), -W64LIT(0xd90d98175d950298), -W64LIT(0xf7924643cad46646), -W64LIT(0xdd826a73bee8fb6a), -W64LIT(0x9d0ee212d3ecc3e2), -W64LIT(0xb6ba083b18b21d08), -W64LIT(0x3da5431ac5e6af43), -W64LIT(0x08eb11c833fa0711), -W64LIT(0x052b347d5c1fba34), -W64LIT(0x6fb7902c45271f90), -W64LIT(0x133a9d4e52a7cb9d), -W64LIT(0x6e135635fa455c56), -W64LIT(0x725497fc4cc3ac97), -W64LIT(0xf31db42729a99fb4), -W64LIT(0x846217a639758917), -W64LIT(0x4b7e26826a58fa26), -W64LIT(0x235ffbe1f8a4d9fb), -W64LIT(0xff79578bf92e6157), -W64LIT(0xda14273c6933c727), -W64LIT(0x8b1f4b21dd54b24b), -W64LIT(0x9caa240b6c8e8024), -W64LIT(0xc1c5abba086e0bab), -W64LIT(0xde9bd5588a4e3ed5), -W64LIT(0x2d86617fa3e7a161), -W64LIT(0xbff5dfea942a59df), -W64LIT(0x66f847fdc9bf5b47), -W64LIT(0x3b97c84cad5fd0c8), -W64LIT(0x3ebcfc31f1406afc), -W64LIT(0xca3705590f32c905), -W64LIT(0x24c9b6ae2f7fe5b6), -W64LIT(0x408c88616d043888), -W64LIT(0x93d7788c88afbb78), -W64LIT(0x196cf5b4ea994af5), -W64LIT(0x9a98af5d0437ffaf), -W64LIT(0x8c89066e0a8f8e06), -W64LIT(0xab590feb1156ae0f), -W64LIT(0xd7d4028906d67a02), -W64LIT(0xe4a8db0d9873addb), -W64LIT(0xc378d28883aa8dd2), -W64LIT(0x4ff1d4e6892503d4), -W64LIT(0xd670c490b9b439c4), -W64LIT(0x65e1f8d6fd199ef8), -W64LIT(0xf2b9723e96cbdc72), -W64LIT(0xb12c4574cf692145), -W64LIT(0x569d215263bc4921), -W64LIT(0x69851b7a2d9e601b), -W64LIT(0x5e76309a50464e30), -W64LIT(0x5fd2f683ef240df6), -W64LIT(0xd8a95e0ee2f7415e), -W64LIT(0xe29a505bf0cad250), -W64LIT(0x96fc4cf1d4b0014c), -W64LIT(0x8806f40ae9f277f4), -W64LIT(0x53b6152f3fa3f315), -W64LIT(0x1c47c1c9b686f0c1), -W64LIT(0x80ede5c2da0870e5), -W64LIT(0xd5697bbb8d12fc7b), -W64LIT(0xfdc42eb972eae72e), -W64LIT(0x0bf2aee3075cc2ae), -W64LIT(0x22fb3df847c69a3d), -W64LIT(0xbadeeb97c835e3eb), -W64LIT(0xdc26ac6a018ab8ac), -W64LIT(0xbcec60c1a08c9c60), -W64LIT(0x4231f153e6c0bef1), -W64LIT(0x337cd9849ea5d7d9), -W64LIT(0x5b5d04e70c59f404), -W64LIT(0x79a6391f4b9f6e39), -W64LIT(0x5212d33680c1b0d3), -W64LIT(0xb5a3b7102c14d8b7), -W64LIT(0x7f94b249232611b2), -W64LIT(0x17b56f2ab1da326f), -W64LIT(0x59e07dd5879d727d), -W64LIT(0xebd5878a7c529687), -W64LIT(0xbb7a2d8e7757a02d), -W64LIT(0x0319bf2b34a6c5bf), -W64LIT(0x5ccb49a8db82c849), -W64LIT(0x1de307d009e4b307), -W64LIT(0x49c35fb0e19c7c5f), -W64LIT(0x55849e79571a8c9e), -W64LIT(0x7abf86347f39ab86), -W64LIT(0x9273be9537cdf8be), -W64LIT(0xe615a23f13b72ba2), -W64LIT(0x6821dd6392fc23dd), -W64LIT(0x5af9c2feb33bb7c2), -W64LIT(0x06328b5668b97f8b), -W64LIT(0x44037a058e79c17a), -W64LIT(0x83f45ae9eeaeb55a), -W64LIT(0x5739e74bdcde0ae7), -W64LIT(0xfbf6a5ef1a5398a5), -W64LIT(0xe50c1d142711ee1d), -W64LIT(0x1a754a9fde3f8f4a), -W64LIT(0x7802ff06f4fd2dff), -W64LIT(0xf52f3f714110e03f), -W64LIT(0x2674cf9ca4bb63cf), -W64LIT(0x60caccaba10624cc), -W64LIT(0xb088836d700b6283), -W64LIT(0xa6992a5e7eb3132a), -W64LIT(0xa9e476d99a922876), -W64LIT(0x6b386248a65ae662), -W64LIT(0xc2dc14913cc8ce14), -W64LIT(0x76db6598afbe5565), -W64LIT(0x32d81f9d21c7941f), -W64LIT(0x21e282d373605f82), -W64LIT(0xc0616da3b70c486d), -W64LIT(0x616e0ab21e64670a), -W64LIT(0x6d0ae91ecee399e9), -W64LIT(0x27d009851bd92009), -W64LIT(0xfedd9192464c2291), -W64LIT(0x45a7bc1c311b82bc), -W64LIT(0x54205860e878cf58), -W64LIT(0xa10f6711a9682f67), -W64LIT(0x9981107630913a10), -W64LIT(0xede70cdc14ebe90c), -W64LIT(0x70e9eecec7072aee), -W64LIT(0x1f5e7ee28220357e), -W64LIT(0x2f3b184d28232718), -W64LIT(0x41284e78d2667b4e), -W64LIT(0xa424536cf5779553), -W64LIT(0xa3b21e2322aca91e), -W64LIT(0x4e5512ff36474012), -W64LIT(0x1efab8fb3d4276b8), -W64LIT(0x89a2321356903432), -W64LIT(0xcb93c340b0508ac3), -W64LIT(0x306566afaa031266), -W64LIT(0x4adae09bd53ab9e0), -W64LIT(0xc92eba723b940cba), -W64LIT(0x094fd7d18c9844d7), -W64LIT(0xcc058e0f678bb68e), -W64LIT(0xd4cdbda23270bfbd), -W64LIT(0x0a5668fab83e8168), -W64LIT(0x510b6c1db467756c), -W64LIT(0xb86392a543f16592), -W64LIT(0x048ff264e37df9f2), -W64LIT(0x3a330e55123d930e), -W64LIT(0xb235fa5ffbcfe4fa), -W64LIT(0xb9c754bcfc932654), -W64LIT(0x3c0185037a84ec85), -W64LIT(0x0c64e3acd087fee3), -W64LIT(0xe02729697b0e5429), -W64LIT(0x07964d4fd7db3c4d), -W64LIT(0x814923db656a3323), -W64LIT(0x388e776799f91577), -W64LIT(0x6a9ca4511938a5a4), -W64LIT(0x1bd18c86615dcc8c), -W64LIT(0xb407710993769b71), -W64LIT(0x150816183a1eb416), -W64LIT(0x4395374a59a2fd37), -W64LIT(0xc4ee9fc75471b19f), -W64LIT(0x5844bbcc38ff31bb), -W64LIT(0xcf1c3124532d7331), -W64LIT(0xb71ece22a7d05ece), -W64LIT(0xaccf42a4c68d9242), -W64LIT(0x97588ae86bd2428a), -W64LIT(0x75c2dab39b1890da), -W64LIT(0x9e175d39e74a065d), -W64LIT(0xf0040b0c1d0f5a0b), -W64LIT(0xceb8f73dec4f30f7), -W64LIT(0xbe5119f32b481a19), -W64LIT(0xd35bf0ede5ab83f0), -W64LIT(0x7c8d0d621780d40d), -W64LIT(0x85c6d1bf8617cad1), -/* box 7 */ -W64LIT(0xb1c742127b66f2a4), -W64LIT(0xce916098d7a59fc1), -W64LIT(0xc312ef8e2406fa70), -W64LIT(0x956c7dced81403d5), -W64LIT(0x5a0c9b2318dd9520), -W64LIT(0xad0d57f51a480e8b), -W64LIT(0xe7b9d05287740b01), -W64LIT(0x0217f9ea2ed81268), -W64LIT(0x4d7cff19f8cd3a06), -W64LIT(0x44d1772e572b7b67), -W64LIT(0xfb73c5b5e65af72e), -W64LIT(0x91427aef84512705), -W64LIT(0x0c720963e4cf6c85), -W64LIT(0x87c398a0732d8117), -W64LIT(0xa17f5e96fe87620e), -W64LIT(0x50476c8b8e8fcf1d), -W64LIT(0xcb4ee1cc9c8cb225), -W64LIT(0x67b2304c91a8b59a), -W64LIT(0x54696baad2caebcd), -W64LIT(0xddcf03836bf01437), -W64LIT(0x46c68ec479f3690f), -W64LIT(0x8f9f96e2cba7c942), -W64LIT(0xe1802e99f5e93db9), -W64LIT(0x4e9a8086c179215a), -W64LIT(0xf0c9b4686764a427), -W64LIT(0xfd4a3b7e94c7c196), -W64LIT(0xfcbbbd0b83abc8a2), -W64LIT(0xebcbd93163bb6784), -W64LIT(0xf9643c5fc882e546), -W64LIT(0xc4da973041f7c5fc), -W64LIT(0x1af3eb2c13b3ca97), -W64LIT(0x6e1fb87b3e4ef4fb), -W64LIT(0x5e229c024498b1f0), -W64LIT(0xf516353c2c4d89c3), -W64LIT(0xcc869972f97d8da9), -W64LIT(0x8d886f08e57fdb2a), -W64LIT(0x1cca15e7612efc2f), -W64LIT(0x567e9240fc12f9a5), -W64LIT(0x43190f9032da44eb), -W64LIT(0xfeac44e1ad73daca), -W64LIT(0x07c878be65f13f8c), -W64LIT(0x618bce87e3358322), -W64LIT(0xf895ba2adfeeec72), -W64LIT(0x751dd5223a913758), -W64LIT(0x59eae4bc21698e7c), -W64LIT(0xff5dc294ba1fd3fe), -W64LIT(0x03e67f9f39b41b5c), -W64LIT(0x2292c117d1efc7c9), -W64LIT(0x8a4017b6808ee4a6), -W64LIT(0xd1bd0ae08f3f78b2), -W64LIT(0x135e631bbc558bf6), -W64LIT(0xee14586528924a60), -W64LIT(0x8857ee5cae56f6ce), -W64LIT(0x0000000000000000), -W64LIT(0x0e65f089ca177eed), -W64LIT(0x34132358269361db), -W64LIT(0x15679dd0cec8bd4e), -W64LIT(0x800be01e16dcbe9b), -W64LIT(0x949dfbbbcf780ae1), -W64LIT(0xe397d773db312fd1), -W64LIT(0xedf227fa1126513c), -W64LIT(0xb5e945332723d674), -W64LIT(0x53a11314b73bd441), -W64LIT(0x23634762c683cefd), -W64LIT(0x4b4501d28a500cbe), -W64LIT(0x473708b16e9f603b), -W64LIT(0x1770643ae010af26), -W64LIT(0xa746a05d8c1a54b6), -W64LIT(0x90b3fc9a933d2e31), -W64LIT(0x35e2a52d31ff68ef), -W64LIT(0xab34a93e68d53833), -W64LIT(0xd81082d720d939d3), -W64LIT(0xb86aca25d480b3c5), -W64LIT(0xdfd8fa694528065f), -W64LIT(0x4f6b06f3d615286e), -W64LIT(0x578f1435eb7ef091), -W64LIT(0x9af80b32056f740c), -W64LIT(0x92a40570bde53c59), -W64LIT(0xdbf6fd48196d228f), -W64LIT(0x1b026d5904dfc3a3), -W64LIT(0x3c4f2d1a9e19298e), -W64LIT(0xc8a89e53a538a979), -W64LIT(0x991e74ad3cdb6f50), -W64LIT(0x042e07215c4524d0), -W64LIT(0x8e6e1097dccbc076), -W64LIT(0xe071a8ece285348d), -W64LIT(0xd784f42bfda24e0a), -W64LIT(0x7d41db60821b7f0d), -W64LIT(0x85d4614a5df5937f), -W64LIT(0xbb8cb5baed34a899), -W64LIT(0x40ff700f0b6e5fb7), -W64LIT(0x2cf7319e1bf8b924), -W64LIT(0x3a76d3d1ec841f36), -W64LIT(0x4520f15b40477253), -W64LIT(0xf138321d7008ad13), -W64LIT(0x42e889e525b64ddf), -W64LIT(0x65a5c9a6bf70a7f2), -W64LIT(0x208538fdff37d5a1), -W64LIT(0x410ef67a1c025683), -W64LIT(0x18e412c63d6bd8ff), -W64LIT(0x72d5ad9c5f6008d4), -W64LIT(0x255ab9a9b41ef845), -W64LIT(0x93558305aa89356d), -W64LIT(0x70c2547671b81abc), -W64LIT(0x3604dab2084b73b3), -W64LIT(0x05df81544b292de4), -W64LIT(0xf2de4d8249bcb64f), -W64LIT(0x0bba71dd813e5309), -W64LIT(0xa368a77cd05f7066), -W64LIT(0x796fdc41de5e5bdd), -W64LIT(0xec03a18f064a5808), -W64LIT(0x085c0e42b88a4855), -W64LIT(0x274d40439ac6ea2d), -W64LIT(0x31cca20c6dba4c3f), -W64LIT(0x322add93540e5763), -W64LIT(0xb60f3aac1e97cd28), -W64LIT(0x7cb05d1595777639), -W64LIT(0xb036c4676c0afb90), -W64LIT(0x0a4bf7a896525a3d), -W64LIT(0x73242be9480c01e0), -W64LIT(0x5bfd1d560fb19c14), -W64LIT(0x7b7825abf08649b5), -W64LIT(0xb7febcd909fbc41c), -W64LIT(0x81fa666b01b0b7af), -W64LIT(0xd25b757fb68b63ee), -W64LIT(0x0d838f16f3a365b1), -W64LIT(0x6a31bf5a620bd02b), -W64LIT(0x26bcc6368daae319), -W64LIT(0x9ed60c13592a50dc), -W64LIT(0x581b62c936058748), -W64LIT(0x9cc1f5f977f242b4), -W64LIT(0x83ed9f812f68a5c7), -W64LIT(0x74ec53572dfd3e6c), -W64LIT(0xb3d0bbf855bee0cc), -W64LIT(0xacfcd1800d2407bf), -W64LIT(0x303d24797ad6450b), -W64LIT(0x7a89a3dee7ea4081), -W64LIT(0x69d7c0c55bbfcb77), -W64LIT(0x770a2cc814492530), -W64LIT(0x0f9476fcdd7b77d9), -W64LIT(0xaeeb286a23fc15d7), -W64LIT(0x2174be88e85bdc95), -W64LIT(0xde297c1c52440f6b), -W64LIT(0xd04c8c9598537186), -W64LIT(0x2ee0c8743520ab4c), -W64LIT(0x977b8424f6cc11bd), -W64LIT(0x10b81c8485e190aa), -W64LIT(0xa4a0dfc2b5ae4fea), -W64LIT(0x98eff2d82bb76664), -W64LIT(0xa8d2d6a15161236f), -W64LIT(0xd4628bb4c4165556), -W64LIT(0x682646b04cd3c243), -W64LIT(0x2d06b7eb0c94b010), -W64LIT(0x626db118da81987e), -W64LIT(0x2928b0ca50d194c0), -W64LIT(0x6df9c7e407faefa7), -W64LIT(0x1681e24ff77ca612), -W64LIT(0x4952f838a4881ed6), -W64LIT(0x76fbaabd03252c04), -W64LIT(0xc73ce8af7843dea0), -W64LIT(0xe82da6ae5a0f7cd8), -W64LIT(0xc10516640adee818), -W64LIT(0x968a0251e1a01889), -W64LIT(0x37f55cc71f277a87), -W64LIT(0xe5ae29b8a9ac1969), -W64LIT(0xcabf67b98be0bb11), -W64LIT(0xf4e7b3493b2180f7), -W64LIT(0xe9dc20db4d6375ec), -W64LIT(0x639c376dcded914a), -W64LIT(0x12afe56eab3982c2), -W64LIT(0xc2e369fb336af344), -W64LIT(0xa6b726289b765d82), -W64LIT(0x14961ba5d9a4b47a), -W64LIT(0xbc44cd0488c59715), -W64LIT(0xd3aaf30aa1e76ada), -W64LIT(0x28d936bf47bd9df4), -W64LIT(0xaf1aae1f34901ce3), -W64LIT(0x2f114e01224ca278), -W64LIT(0xe648562790180235), -W64LIT(0x24ab3fdca372f171), -W64LIT(0x52509561a057dd75), -W64LIT(0xc6cd6eda6f2fd794), -W64LIT(0xa08ed8e3e9eb6b3a), -W64LIT(0x09ad8837afe64161), -W64LIT(0xbdb54b719fa99e21), -W64LIT(0x8c79e97df213d21e), -W64LIT(0xcf60e6edc0c996f5), -W64LIT(0x5dc4e39d7d2caaac), -W64LIT(0x11499af1928d999e), -W64LIT(0x5fd31a7753f4b8c4), -W64LIT(0x01f18675176c0934), -W64LIT(0xc52b1145569bccc8), -W64LIT(0x9f278a664e4659e8), -W64LIT(0x3dbeab6f897520ba), -W64LIT(0xa2992109c7337952), -W64LIT(0x9b098d4712037d38), -W64LIT(0xc9591826b254a04d), -W64LIT(0x3b8755a4fbe81602), -W64LIT(0xbe5334eea61d857d), -W64LIT(0x51b6eafe99e3c629), -W64LIT(0x191594b32a07d1cb), -W64LIT(0x1f2c6a78589ae773), -W64LIT(0x3fa95285a7ad32d2), -W64LIT(0x5c3565e86a40a398), -W64LIT(0xb2213d8d42d2e9f8), -W64LIT(0xefe5de103ffe4354), -W64LIT(0x4ab487a79d3c058a), -W64LIT(0xcd771f07ee11849d), -W64LIT(0xbfa2b29bb1718c49), -W64LIT(0xba7d33cffa58a1ad), -W64LIT(0x6fee3e0e2922fdcf), -W64LIT(0x64544fd3a81caec6), -W64LIT(0xd9e104a237b530e7), -W64LIT(0xf32fcbf75ed0bf7b), -W64LIT(0x3e58d4f0b0c13be6), -W64LIT(0xb418c346304fdf40), -W64LIT(0xaac52f4b7fb93107), -W64LIT(0xdc3e85f67c9c1d03), -W64LIT(0xd5930dc1d37a5c62), -W64LIT(0x0639fecb729d36b8), -W64LIT(0xc0f490111db2e12c), -W64LIT(0x7ea7a4ffbbaf6451), -W64LIT(0xf6f04aa315f9929f), -W64LIT(0x6643b63986c4bcae), -W64LIT(0x6c0841911096e693), -W64LIT(0x8425e73f4a999a4b), -W64LIT(0x7133d20366d41388), -W64LIT(0x38612a3bc25c0d5e), -W64LIT(0xb99b4c50c3ecbaf1), -W64LIT(0x1d3b93927642f51b), -W64LIT(0x7f56228aacc36d65), -W64LIT(0x9d30738c609e4b80), -W64LIT(0x48a37e4db3e417e2), -W64LIT(0x8bb191c397e2ed92), -W64LIT(0x2acecf5569658f9c), -W64LIT(0xda077b3d0e012bbb), -W64LIT(0xa55159b7a2c246de), -W64LIT(0x33db5be643625e57), -W64LIT(0x821c19f43804acf3), -W64LIT(0x3990ac4ed530046a), -W64LIT(0xd675725eeace473e), -W64LIT(0x789e5a34c93252e9), -W64LIT(0x86321ed564418823), -W64LIT(0xfa8243c0f136fe1a), -W64LIT(0xe45fafcdbec0105d), -W64LIT(0x2b3f49207e0986a8), -W64LIT(0xa92350d4460d2a5b), -W64LIT(0x1eddec0d4ff6ee47), -W64LIT(0x89a66829b93afffa), -W64LIT(0x607a48f2f4598a16), -W64LIT(0x6bc0392f7567d91f), -W64LIT(0xea3a5f4474d76eb0), -W64LIT(0x5598eddfc5a6e2f9), -W64LIT(0x4c8d796cefa13332), -W64LIT(0xf701ccd602959bab), -W64LIT(0xe2665106cc5d26e5), -}; - -const word64 SHARK::Dec::cbox[8][256] = { -/* box 0 */ -W64LIT(0xe6126af05e55aff3), -W64LIT(0x4b6c893f310b0835), -W64LIT(0xaa4c0e84ebfc8d57), -W64LIT(0xfb9b5c7bf3b3090d), -W64LIT(0x4508a6a9ccba5ce2), -W64LIT(0xe5d1d2064dc6bde9), -W64LIT(0x348343755288edde), -W64LIT(0xb684505de46b250c), -W64LIT(0xa8cede205a1e91e8), -W64LIT(0x40b89b46f9fa6acc), -W64LIT(0x8ee1ec1afab080ba), -W64LIT(0xde77d6b7408e0a45), -W64LIT(0x9a3e184c2e455802), -W64LIT(0xbe93fad23f0955ef), -W64LIT(0x3ae76ce3af39b909), -W64LIT(0xad7ee3cf6f5ea7c6), -W64LIT(0x8b51d1f5cff0b694), -W64LIT(0x70ca8d8e3c43bf99), -W64LIT(0xccdba7f8b2a8f6c9), -W64LIT(0x4c5e6474b5a922a4), -W64LIT(0x5d31adcd541ccc32), -W64LIT(0x9b7f701e8c3456a7), -W64LIT(0x2ac9cd08ecfd593a), -W64LIT(0x8fa0844858c18e1f), -W64LIT(0x32f0c66c745bc9ea), -W64LIT(0xc58d6525cbbb888f), -W64LIT(0x8c633cbe4b529c05), -W64LIT(0xf2cd9ea68aa0774b), -W64LIT(0x2cba4811ca2e7d0e), -W64LIT(0xe2e33f4dc9649778), -W64LIT(0xf4be1bbfac73537f), -W64LIT(0x22de6787379f29d9), -W64LIT(0x0956c2dd79137e46), -W64LIT(0xe061efe978868bc7), -W64LIT(0x1cc85ed90f97a85b), -W64LIT(0x31337e9a67c8dbf0), -W64LIT(0x360193d1e36af161), -W64LIT(0x7fefca4a6383e5eb), -W64LIT(0x8535fe633241e243), -W64LIT(0xc3fee03ced68acbb), -W64LIT(0x81c4abdea570dac8), -W64LIT(0x67d6c12efb25753b), -W64LIT(0xa4282112164dd980), -W64LIT(0xcf181f0ea13be4d3), -W64LIT(0xa98fb672f86f9f4d), -W64LIT(0x5c70c59ff66dc297), -W64LIT(0xb0f7d544c2b80138), -W64LIT(0x0da79760ee2246cd), -W64LIT(0x3740fb83411bffc4), -W64LIT(0x24ade29e114c0ded), -W64LIT(0xf858e48de0201b17), -W64LIT(0x0e642f96fdb154d7), -W64LIT(0xddb46e41531d185f), -W64LIT(0x25ec8accb33d0348), -W64LIT(0x0282d0a4b1e21cbf), -W64LIT(0x1bfab3928b3582ca), -W64LIT(0xaffc336bdebcbb79), -W64LIT(0x35c22b27f0f9e37b), -W64LIT(0x03c3b8f61393121a), -W64LIT(0xb8e07fcb19da71db), -W64LIT(0x99fda0ba3dd64a18), -W64LIT(0xce59775c034aea76), -W64LIT(0x49ee599b80e9148a), -W64LIT(0xfe2b6194c6f33f23), -W64LIT(0x4edcb4d0044b3e1b), -W64LIT(0xd5a3c4ce887f68bc), -W64LIT(0xdf36bee5e2ff04e0), -W64LIT(0x171c4ca0c766caa2), -W64LIT(0x0bd41279c8f162f9), -W64LIT(0xe490ba54efb7b34c), -W64LIT(0x5b4228d472cfe806), -W64LIT(0x5355825ba9ad98e5), -W64LIT(0x9f8e25a31b056e2c), -W64LIT(0xcd9acfaa10d9f86c), -W64LIT(0x88926903dc63a48e), -W64LIT(0xb40680f9558939b3), -W64LIT(0x239f0fd595ee277c), -W64LIT(0xec8710db34d5c3af), -W64LIT(0x87b72ec783a3fefc), -W64LIT(0x632794936c144db0), -W64LIT(0x46cb1e5fdf294ef8), -W64LIT(0x83467b7a1492c677), -W64LIT(0x9c4d9d5508967c36), -W64LIT(0xd6607c389bec7aa6), -W64LIT(0x165d24f26517c407), -W64LIT(0xc4cc0d7769ca862a), -W64LIT(0xcbe94ab3360adc58), -W64LIT(0x847496319030ece6), -W64LIT(0x7a5ff7a556c3d3c5), -W64LIT(0xc03d58cafefbbea1), -W64LIT(0x76b908971a909bad), -W64LIT(0x2f79f0e7d9bd6f14), -W64LIT(0x197863363ad79e75), -W64LIT(0xda86830ad7bf32ce), -W64LIT(0x5a034086d0bee6a3), -W64LIT(0x97998f2cc0671ecf), -W64LIT(0x552607428f7ebcd1), -W64LIT(0x51d752ff184f845a), -W64LIT(0xbb23c73d0a4963c1), -W64LIT(0x2b88a55a4e8c579f), -W64LIT(0xd80453ae665d2e71), -W64LIT(0xee05c07f8537df10), -W64LIT(0x423a4be248187673), -W64LIT(0xcaa822e1947bd2fd), -W64LIT(0x1abbdbc029448c6f), -W64LIT(0x96d8e77e6216106a), -W64LIT(0x6266fcc1ce654315), -W64LIT(0x89d301517e12aa2b), -W64LIT(0x730935782fd0ad83), -W64LIT(0x8085c38c0701d46d), -W64LIT(0x6b303e1cb7763d53), -W64LIT(0x3f57510c9a798f27), -W64LIT(0x4449cefb6ecb5247), -W64LIT(0x48af31c922981a2f), -W64LIT(0x98bcc8e89fa744bd), -W64LIT(0x69b2eeb8069421ec), -W64LIT(0xebb5fd90b077e93e), -W64LIT(0x6a71564e150733f6), -W64LIT(0x116fc9b9e1b5ee96), -W64LIT(0x4a2de16d937a0690), -W64LIT(0xb9a11799bbab7f7e), -W64LIT(0x9368da9157562644), -W64LIT(0x718be5dc9e32b13c), -W64LIT(0xc82af2452599ce42), -W64LIT(0xb547e8abf7f83716), -W64LIT(0x33b1ae3ed62ac74f), -W64LIT(0x799c4f534550c1df), -W64LIT(0x3e16395e38088182), -W64LIT(0x7c2c72bc7010f7f1), -W64LIT(0xf38cf6f428d179ee), -W64LIT(0xd29129850cdd422d), -W64LIT(0x41f9f3145b8b6469), -W64LIT(0x945a37dad3f40cd5), -W64LIT(0x757ab061090389b7), -W64LIT(0x6554118a4ac76984), -W64LIT(0x7d6d1aeed261f954), -W64LIT(0x01416852a2710ea5), -W64LIT(0xb27505e0735a1d87), -W64LIT(0x77f860c5b8e19508), -W64LIT(0x78dd2701e721cf7a), -W64LIT(0xe12087bbdaf78562), -W64LIT(0x86f6469521d2f059), -W64LIT(0xef44a82d2746d1b5), -W64LIT(0xbc112a768eeb4950), -W64LIT(0xc2bf886e4f19a21e), -W64LIT(0x307216c8c5b9d555), -W64LIT(0xc96b9a1787e8c0e7), -W64LIT(0xa31acc5992eff311), -W64LIT(0xa0d974af817ce10b), -W64LIT(0xdcf50613f16c16fa), -W64LIT(0xfca9b1307711239c), -W64LIT(0x57a4d7e63e9ca06e), -W64LIT(0xc64eddd3d8289a95), -W64LIT(0xa25ba40b309efdb4), -W64LIT(0x2e3898b57bcc61b1), -W64LIT(0xf5ff73ed0e025dda), -W64LIT(0xa6aaf1b6a7afc53f), -W64LIT(0xd9453bfcc42c20d4), -W64LIT(0x9d0cf507aae77293), -W64LIT(0x290a75feff6e4b20), -W64LIT(0xa7eb99e405decb9a), -W64LIT(0xa1981cfd230defae), -W64LIT(0x12ac714ff226fc8c), -W64LIT(0x743bd833ab728712), -W64LIT(0x6c02d35733d417c2), -W64LIT(0xe9372d340195f581), -W64LIT(0xf77da349bfe04165), -W64LIT(0x68f386eaa4e52f49), -W64LIT(0x211ddf71240c3bc3), -W64LIT(0x13ed191d5057f229), -W64LIT(0xe8764566a3e4fb24), -W64LIT(0xf9198cdf425115b2), -W64LIT(0xd013f921bd3f5e92), -W64LIT(0x91ea0a35e6b43afb), -W64LIT(0x0732ed4b84a22a91), -W64LIT(0xeaf495c21206e79b), -W64LIT(0x5214ea090bdc9640), -W64LIT(0x0000000000000000), -W64LIT(0xb3346db2d12b1322), -W64LIT(0x0ce6ff324c534868), -W64LIT(0xaebd5b397ccdb5dc), -W64LIT(0x0a957a2b6a806c5c), -W64LIT(0x1f0be62f1c04ba41), -W64LIT(0x14dff456d4f5d8b8), -W64LIT(0x58819022615cfa1c), -W64LIT(0x05b03def3540362e), -W64LIT(0xe3a2571f6b1599dd), -W64LIT(0x9229b2c3f52728e1), -W64LIT(0xba62af6fa8386d64), -W64LIT(0x0673851926d32434), -W64LIT(0x641579d8e8b66721), -W64LIT(0x04f155bd9731388b), -W64LIT(0x9ecf4df1b9746089), -W64LIT(0x205cb723867d3566), -W64LIT(0x102ea1eb43c4e033), -W64LIT(0x3ba604b10d48b7ac), -W64LIT(0x50963aadba3e8aff), -W64LIT(0xac3f8b9dcd2fa963), -W64LIT(0x7b1e9ff7f4b2dd60), -W64LIT(0xf63ccb1b1d914fc0), -W64LIT(0x7eaea218c1f2eb4e), -W64LIT(0x5fb37d69e5fed08d), -W64LIT(0x56e5bfb49cedaecb), -W64LIT(0x2dfb2043685f73ab), -W64LIT(0x61a54437ddf6510f), -W64LIT(0x6fc16ba1204705d8), -W64LIT(0xe75302a2fc24a156), -W64LIT(0x3dd581a82b9b9398), -W64LIT(0xdbc7eb5875ce3c6b), -W64LIT(0x90ab626744c5345e), -W64LIT(0x59c0f870c32df4b9), -W64LIT(0x6697a97c59547b9e), -W64LIT(0xfde8d962d5602d39), -W64LIT(0xd3d041d7aeac4c88), -W64LIT(0x5ef2153b478fde28), -W64LIT(0xd4e2ac9c2a0e6619), -W64LIT(0x1e4a8e7dbe75b4e4), -W64LIT(0x72485d2a8da1a326), -W64LIT(0x437b23b0ea6978d6), -W64LIT(0x159e9c047684d61d), -W64LIT(0x0f2547c45fc05a72), -W64LIT(0xf10e265099336551), -W64LIT(0x3c94e9fa89ea9d3d), -W64LIT(0xbfd292809d785b4a), -W64LIT(0x0817aa8fdb6270e3), -W64LIT(0x60e42c657f875faa), -W64LIT(0x18390b6498a690d0), -W64LIT(0x478a760d7d58405d), -W64LIT(0x284b1dac5d1f4585), -W64LIT(0xb1b6bd1660c90f9d), -W64LIT(0xd15291731f4e5037), -W64LIT(0x4d1f0c2617d82c01), -W64LIT(0xc70fb5817a599430), -W64LIT(0x6d43bb0591a51967), -W64LIT(0x6e8003f382360b7d), -W64LIT(0x1d89368bade6a6fe), -W64LIT(0x4f9ddc82a63a30be), -W64LIT(0xedc6788996a4cd0a), -W64LIT(0xab0d66d6498d83f2), -W64LIT(0x54676f102d0fb274), -W64LIT(0xc17c30985c8ab004), -W64LIT(0x3865bc471edba5b6), -W64LIT(0x3924d415bcaaab13), -W64LIT(0x951b5f8871850270), -W64LIT(0x8a10b9a76d81b831), -W64LIT(0xbd5042242c9a47f5), -W64LIT(0xa5694940b43cd725), -W64LIT(0xff6a09c664823186), -W64LIT(0x8d2254ece92392a0), -W64LIT(0xb7c5380f461a2ba9), -W64LIT(0x82071328b6e3c8d2), -W64LIT(0xd721146a399d7403), -W64LIT(0xfada342951c207a8), -W64LIT(0x262f323aa0ae1152), -W64LIT(0xf04f4e023b426bf4), -W64LIT(0x276e5a6802df1ff7), -/* box 1 */ -W64LIT(0x3b4016dbfd16e203), -W64LIT(0x9a7574c51174530a), -W64LIT(0x90012e69c02ec8d3), -W64LIT(0xf44580e3d780e076), -W64LIT(0xf81dec2b49eca14b), -W64LIT(0x26cae3e8a6e3d7ef), -W64LIT(0x0962419e0c41f6ab), -W64LIT(0x54d1eb4070ebd951), -W64LIT(0x865e884b0188eec8), -W64LIT(0xdf76067ea406fe8a), -W64LIT(0x29849412e594fba0), -W64LIT(0x461569896869c0f2), -W64LIT(0xb5ddd6b3bbd6724e), -W64LIT(0x0c586cc89e6c413d), -W64LIT(0x6b0ad97054d904ea), -W64LIT(0xa135621eec62b109), -W64LIT(0x0eef7e47087ea461), -W64LIT(0xfaaafea4dffe4417), -W64LIT(0xe0ad344e80342331), -W64LIT(0xab4138b23d382ad0), -W64LIT(0x107390468e90fcff), -W64LIT(0xbe0885a2218561b9), -W64LIT(0xdbed22957d22c132), -W64LIT(0x2251c7037fc7e857), -W64LIT(0x33835ef8ba5e9c86), -W64LIT(0xb3f1e0d7f4e0a8aa), -W64LIT(0x3fdb32302432ddbb), -W64LIT(0xa719547aa3546bed), -W64LIT(0xe10c3df3cb3dab1f), -W64LIT(0x17feaf9f8aafae35), -W64LIT(0x9df84b1c154b01c0), -W64LIT(0x8364a51d93a5595e), -W64LIT(0x535cd49974d48b9b), -W64LIT(0x01a109bd4b09882e), -W64LIT(0xc4d0c529b0c51182), -W64LIT(0x2e09abcbe1aba96a), -W64LIT(0x1f3de7bccde7d0b0), -W64LIT(0x9317355b1d35a5a1), -W64LIT(0x6c87e6a950e65620), -W64LIT(0x8910ffb142ffc287), -W64LIT(0x40395fed275f1a16), -W64LIT(0x7b794936da49f815), -W64LIT(0xf269b68798b63a92), -W64LIT(0xfd27c17ddbc116dd), -W64LIT(0x8d8bdb5a9bdbfd3f), -W64LIT(0x1ba6c35714c3ef08), -W64LIT(0x6e30f426c6f4b37c), -W64LIT(0x7fe26ddd036dc7ad), -W64LIT(0x14e8b4ad57b4c347), -W64LIT(0xb985ba7b25ba3373), -W64LIT(0xe9cf75d08c75d59a), -W64LIT(0x626898ee5898f241), -W64LIT(0x5b9f9cba339cf51e), -W64LIT(0xb250e96abfe92084), -W64LIT(0x165fa622c1a6261b), -W64LIT(0xf5e4895e9c896858), -W64LIT(0xb76ac43c2dc49712), -W64LIT(0x02b7128f9612e55c), -W64LIT(0x1d8af5335bf535ec), -W64LIT(0x36b973ae28732b10), -W64LIT(0xa8572380e02347a2), -W64LIT(0xf6f2926c4192052a), -W64LIT(0x8c2ad2e7d0d27511), -W64LIT(0xd32e6ab63a6abfb7), -W64LIT(0xbd1e9e90fc9e0ccb), -W64LIT(0x03161b32dd1b6d72), -W64LIT(0x4dc03a98f23ad305), -W64LIT(0x81d3b79205b7bc02), -W64LIT(0x450372bbb572ad80), -W64LIT(0x2d1fb0f93cb0c418), -W64LIT(0x2a928f20388f96d2), -W64LIT(0x721b08a8d6080ebe), -W64LIT(0x92b63ce6563c2d8f), -W64LIT(0xeb78675f1a6730c6), -W64LIT(0x13658b74538b918d), -W64LIT(0x428e4d62b14dff4a), -W64LIT(0x88b1f60c09f64aa9), -W64LIT(0x75963771d2375c74), -W64LIT(0x7ad8408b9140703b), -W64LIT(0x57c7f072adf0b423), -W64LIT(0xe5971918121994a7), -W64LIT(0x5666f9cfe6f93c0d), -W64LIT(0x8f3cc9d50dc91863), -W64LIT(0x1e9cee0186ee589e), -W64LIT(0x8a06e4839fe4aff5), -W64LIT(0xb824b3c66eb3bb5d), -W64LIT(0xd1997839ac785aeb), -W64LIT(0x6752b5b8cab545d7), -W64LIT(0xb47cdf0ef0dffa60), -W64LIT(0x949a0a82190af76b), -W64LIT(0xc04be1c269e12e3a), -W64LIT(0xfc86c8c090c89ef3), -W64LIT(0xe3bb2f7c5d2f4e43), -W64LIT(0x6aabd0cd1fd08cc4), -W64LIT(0x2147dc31a2dc8525), -W64LIT(0xca3fbb6eb8bbb5e3), -W64LIT(0x48fa17ce60176493), -W64LIT(0x6444ae8a17ae28a5), -W64LIT(0x2b33869d73861efc), -W64LIT(0xd0387184e771d2c5), -W64LIT(0x7cf476efde76aadf), -W64LIT(0x63c9915313917a6f), -W64LIT(0xc929a05c65a0d891), -W64LIT(0xda4c2b28362b491c), -W64LIT(0xfe31da4f06da7baf), -W64LIT(0xc1eae87f22e8a614), -W64LIT(0x5c12a36337a3a7d4), -W64LIT(0x18b0d865c9d8827a), -W64LIT(0xe7200b97840b71fb), -W64LIT(0x4bec0cfcbd0c09e1), -W64LIT(0x0f4e77fa43772c4f), -W64LIT(0x4c613325b9335b2b), -W64LIT(0xf3c8bf3ad3bfb2bc), -W64LIT(0x87ff81f64a8166e6), -W64LIT(0xa38270917a705455), -W64LIT(0x1911d1d882d10a54), -W64LIT(0x44a27b06fe7b25ae), -W64LIT(0x049b24ebd9243fb8), -W64LIT(0xbb32a8f4b3a8d62f), -W64LIT(0x91a027d48b2740fd), -W64LIT(0x3d6c20bfb22038e7), -W64LIT(0xe681022acf02f9d5), -W64LIT(0xf17fadb545ad57e0), -W64LIT(0xcc138d0af78d6f07), -W64LIT(0x495b1e732b1eecbd), -W64LIT(0x38560de9200d8f71), -W64LIT(0xa9f62a3dab2acf8c), -W64LIT(0x47b46034236048dc), -W64LIT(0x8e9dc06846c0904d), -W64LIT(0xaccc076b3907781a), -W64LIT(0x32225745f15714a8), -W64LIT(0xd4a3556f3e55ed7d), -W64LIT(0xd7b54e5de34e800f), -W64LIT(0xddc114f132141bd6), -W64LIT(0x6d26ef141befde0e), -W64LIT(0x85489379dc9383ba), -W64LIT(0x0bd553119a5313f7), -W64LIT(0x786f520407529567), -W64LIT(0xcb9eb2d3f3b23dcd), -W64LIT(0xa223792c3179dc7b), -W64LIT(0x0a745aacd15a9bd9), -W64LIT(0x710d139a0b1363cc), -W64LIT(0x681cc24289c26998), -W64LIT(0x1a07caea5fca6726), -W64LIT(0x82c5aca0d8acd170), -W64LIT(0x25dcf8da7bf8ba9d), -W64LIT(0xc7c6de1b6dde7cf0), -W64LIT(0xc35dfaf0b4fa4348), -W64LIT(0xded70fc3ef0f76a4), -W64LIT(0x504acfaba9cfe6e9), -W64LIT(0xc571cc94fbcc99ac), -W64LIT(0x5ea5b1eca1b14288), -W64LIT(0xae7b15e4af159d46), -W64LIT(0xc888a9e12ea950bf), -W64LIT(0xf7539bd10a9b8d04), -W64LIT(0x962d180d8f181237), -W64LIT(0xe43610a559101c89), -W64LIT(0x772125fe4425b928), -W64LIT(0x84e99ac4979a0b94), -W64LIT(0xc667d7a626d7f4de), -W64LIT(0xefe343b4c3430f7e), -W64LIT(0xd5025cd2755c6553), -W64LIT(0xa6b85dc7e85de3c3), -W64LIT(0xd61447e0a8470821), -W64LIT(0x3e7a3b8d6f3b5595), -W64LIT(0x52fddd243fdd03b5), -W64LIT(0x8072be2f4ebe342c), -W64LIT(0x12c482c9188219a3), -W64LIT(0x9eee502ec8506cb2), -W64LIT(0xad6d0ed6720ef034), -W64LIT(0x59288e35a58e1042), -W64LIT(0xe21a26c11626c66d), -W64LIT(0x247df16730f132b3), -W64LIT(0xf0dea4080ea4dfce), -W64LIT(0x31344c772c4c79da), -W64LIT(0x4f77281764283659), -W64LIT(0x79ce5bb94c5b1d49), -W64LIT(0x0000000000000000), -W64LIT(0x73ba01159d018690), -W64LIT(0x74373ecc993ed45a), -W64LIT(0xbcbf972db79784e5), -W64LIT(0x4ed621aa2f21be77), -W64LIT(0xd95a301aeb30246e), -W64LIT(0x9c5942a15e4289ee), -W64LIT(0x37187a13637aa33e), -W64LIT(0x276bea55edea5fc1), -W64LIT(0x1c2bfc8e10fcbdc2), -W64LIT(0xed54513b5551ea22), -W64LIT(0x20e6d58ce9d50d0b), -W64LIT(0x3ae11f66b61f6a2d), -W64LIT(0x66f3bc0581bccdf9), -W64LIT(0x2cbeb94477b94c36), -W64LIT(0x99636ff7cc6f3e78), -W64LIT(0x953b033f52037f45), -W64LIT(0xb0e7fbe529fbc5d8), -W64LIT(0x60df8a61ce8a171d), -W64LIT(0x6f91fd9b8dfd3b52), -W64LIT(0xaae0310f7631a2fe), -W64LIT(0xbfa98c1f6a8ce997), -W64LIT(0x8ba7ed3ed4ed27db), -W64LIT(0x98c2664a8766b656), -W64LIT(0x062c36644f36dae4), -W64LIT(0x5570e2fd3be2517f), -W64LIT(0xead96ee2516eb8e8), -W64LIT(0x419856506c569238), -W64LIT(0x23f0cebe34ce6079), -W64LIT(0x309545ca6745f1f4), -W64LIT(0x5a3e950778957d30), -W64LIT(0x617e83dc85839f33), -W64LIT(0xfb0bf71994f7cc39), -W64LIT(0x3ccd2902f929b0c9), -W64LIT(0x70ac1a27401aebe2), -W64LIT(0xcea49f85619f8a5b), -W64LIT(0x39f704546b04075f), -W64LIT(0x0df96575d565c913), -W64LIT(0x08c3482347487e85), -W64LIT(0xd28f630b71633799), -W64LIT(0xecf558861e58620c), -W64LIT(0xc2fcf34dfff3cb66), -W64LIT(0x978c11b0c4119a19), -W64LIT(0x69bdcbffc2cbe1b6), -W64LIT(0xba93a149f8a15e01), -W64LIT(0x51ebc616e2c66ec7), -W64LIT(0x078d3fd9043f52ca), -W64LIT(0x58898788ee87986c), -W64LIT(0x4a4d0541f60581cf), -W64LIT(0xe86e7c6dc77c5db4), -W64LIT(0xee424a09884a8750), -W64LIT(0xcdb284b7bc84e729), -W64LIT(0x65e5a7375ca7a08b), -W64LIT(0x2fa8a276aaa22144), -W64LIT(0xa0946ba3a76b3927), -W64LIT(0xa5ae46f535468eb1), -W64LIT(0x35af689cf5684662), -W64LIT(0x28259dafae9d738e), -W64LIT(0xcf0596382a960275), -W64LIT(0xb6cbcd8166cd1f3c), -W64LIT(0x7e43646048644f83), -W64LIT(0x9bd47d785a7ddb24), -W64LIT(0x432f44dffa447764), -W64LIT(0x9f4f59938359e49c), -W64LIT(0x7d557f52957f22f1), -W64LIT(0x76802c430f2c3106), -W64LIT(0xdc601d4c791d93f8), -W64LIT(0x053a2d56922db796), -W64LIT(0x11d299fbc59974d1), -W64LIT(0xf9bce59602e52965), -W64LIT(0xd8fb39a7a039ac40), -W64LIT(0x340e6121be61ce4c), -W64LIT(0x5f04b851eab8caa6), -W64LIT(0x5db3aade7caa2ffa), -W64LIT(0x1549bd101cbd4b69), -W64LIT(0xff90d3f24dd3f381), -W64LIT(0xafda1c59e41c1568), -W64LIT(0xb146f25862f24df6), -W64LIT(0xa40f4f487e4f069f), -/* box 2 */ -W64LIT(0xa1a35cebf8f0f94c), -W64LIT(0x2c203d650f3f095d), -W64LIT(0x1a2bdaee4084a2a7), -W64LIT(0xd32404574d7bcc68), -W64LIT(0xf785bea594a9adc4), -W64LIT(0xf2eb54456206949c), -W64LIT(0x3f5e334d0475ced1), -W64LIT(0x5994299b835d1f60), -W64LIT(0x785b7989ac204794), -W64LIT(0x025da6a2cf461a41), -W64LIT(0xdf1f3a71f01a901b), -W64LIT(0x27284f018bb77637), -W64LIT(0xe1955a6d694c5310), -W64LIT(0x24a1baf2d9d261ac), -W64LIT(0xe4fbb08d9fe36a48), -W64LIT(0x8d83618ef7cff011), -W64LIT(0x2ac72276abf5279e), -W64LIT(0xf9e32621e68eebf6), -W64LIT(0xbf323fb4d3f86f69), -W64LIT(0xbb888605b8745beb), -W64LIT(0x70dafe1e7acd2f65), -W64LIT(0xd0adf1a41f1edbf3), -W64LIT(0x1e91635f2b089625), -W64LIT(0xee2791b8864818f8), -W64LIT(0x99ce23e4c56c1484), -W64LIT(0xf33f0714ff259946), -W64LIT(0xbd6f99161cbe7528), -W64LIT(0x9f293cf761a63a47), -W64LIT(0xb80173f6ea114c70), -W64LIT(0x6543ef25d54dc62a), -W64LIT(0x39b92c5ea0bfe012), -W64LIT(0x63a4f0367187e8e9), -W64LIT(0x4c0d38a02cddf62f), -W64LIT(0x07334c4239e92319), -W64LIT(0x43bff375c3d9bdc7), -W64LIT(0xca862b4a5f9a7954), -W64LIT(0x5d2e902ae8d12be2), -W64LIT(0x137e0e280b4ac78c), -W64LIT(0xf162a1b630638307), -W64LIT(0x55af17bd3e3c4313), -W64LIT(0x358212781ddebc61), -W64LIT(0x94214e93e52e452d), -W64LIT(0xc18e592edb12063e), -W64LIT(0xec7a371a490e02b9), -W64LIT(0x4963d240da72cf77), -W64LIT(0x41e255d70c9fa786), -W64LIT(0xff0439324244c535), -W64LIT(0x88ed8b6e0160c949), -W64LIT(0x6c163be39e83a301), -W64LIT(0xc534e09fb09e32bc), -W64LIT(0x806c0cf9d78da1b8), -W64LIT(0xdba583c09b96a499), -W64LIT(0x746047af11411be7), -W64LIT(0xf40c4b56c6ccba5f), -W64LIT(0x6270a367eca4e533), -W64LIT(0xd41748157492ef71), -W64LIT(0xeff3c2e91b6b1522), -W64LIT(0x0e66988472274632), -W64LIT(0x534808ae9af66dd0), -W64LIT(0x8231aa5b18cbbbf9), -W64LIT(0xb2dd52c3f3ba3ec0), -W64LIT(0xdd429cd33f5c8a5a), -W64LIT(0x4e509e02e39bec6e), -W64LIT(0x26fc1c5016947bed), -W64LIT(0xd9f8256254d0bed8), -W64LIT(0x0955d4c64bce652b), -W64LIT(0x1610e4c8fde5fed4), -W64LIT(0x6dc268b203a0aedb), -W64LIT(0x2e7d9bc7c079131c), -W64LIT(0xc3d3ff8c14541c7f), -W64LIT(0xd64aeeb7bbd4f530), -W64LIT(0xab7f7ddee15b8bfc), -W64LIT(0x144d426a32a3e495), -W64LIT(0x8e0a947da5aae78a), -W64LIT(0x798f2ad831034a4e), -W64LIT(0x3be48afc6ff9fa53), -W64LIT(0x529c5bff07d5600a), -W64LIT(0xbee66ce54edb62b3), -W64LIT(0x931202d1dcc76634), -W64LIT(0x50c1fd5dc8937a4b), -W64LIT(0xa4cdb60b0e5fc014), -W64LIT(0x57f2b11ff17a5952), -W64LIT(0x47054ac4a8558945), -W64LIT(0x5a1ddc68d13808fb), -W64LIT(0x5cfac37b75f22638), -W64LIT(0xc207acdd897711a5), -W64LIT(0x289a84d464b33ddf), -W64LIT(0xc05a0a7f46310be4), -W64LIT(0xe6a6162f50a57009), -W64LIT(0x06e71f13a4ca2ec3), -W64LIT(0x5f733688279731a3), -W64LIT(0xeb497b5870e721a0), -W64LIT(0xb667eb7298360a42), -W64LIT(0xe3c8fccfa60a4951), -W64LIT(0xe772457ecd867dd3), -W64LIT(0x6978d103682c9a59), -W64LIT(0x0def6d77204251a9), -W64LIT(0xc90fdeb90dff6ecf), -W64LIT(0xd179a2f5823dd629), -W64LIT(0x2fa9c8965d5a1ec6), -W64LIT(0x81b85fa84aaeac62), -W64LIT(0xdc96cf82a27f8780), -W64LIT(0x602d05c523e2ff72), -W64LIT(0x19a22f1d12e1b53c), -W64LIT(0xe52fe3dc02c06792), -W64LIT(0x58407aca1e7e12ba), -W64LIT(0x61f95694bec1f2a8), -W64LIT(0x48b781114751c2ad), -W64LIT(0xaaab2e8f7c788626), -W64LIT(0x04bab9b16b8c3482), -W64LIT(0x2df46e34921c0487), -W64LIT(0x1123a88ac40cddcd), -W64LIT(0xc6bd156ce2fb2527), -W64LIT(0x7f6835cb95c9648d), -W64LIT(0x83e5f90a85e8b623), -W64LIT(0x4f84cd537eb8e1b4), -W64LIT(0x294ed785f9903005), -W64LIT(0x1cccc5fde44e8c64), -W64LIT(0xcb52781bc2b9748e), -W64LIT(0x1d1896ac796d81be), -W64LIT(0xb30901926e99331a), -W64LIT(0xad9862cd4591a53f), -W64LIT(0xc8db8de890dc6315), -W64LIT(0x7bd28c7afe45500f), -W64LIT(0x0adc213519ab72b0), -W64LIT(0xa8f6882db33e9c67), -W64LIT(0xb5ee1e81ca531dd9), -W64LIT(0x201b0343b25e552e), -W64LIT(0x4036068691bcaa5c), -W64LIT(0xae11973e17f4b2a4), -W64LIT(0x9efd6fa6fc85379d), -W64LIT(0x33650d6bb91492a2), -W64LIT(0x3a30d9adf2daf789), -W64LIT(0x0c3b3e26bd615c73), -W64LIT(0xf651edf4098aa01e), -W64LIT(0x710ead4fe7ee22bf), -W64LIT(0x3138abc9765288e3), -W64LIT(0x9d749a55aee02006), -W64LIT(0x6e4b9d4151c5b940), -W64LIT(0x84d6b548bc01953a), -W64LIT(0x360be78b4fbbabfa), -W64LIT(0xa22aa918aa95eed7), -W64LIT(0xedae644bd42d0f63), -W64LIT(0x46d119953576849f), -W64LIT(0x6497bc74486ecbf0), -W64LIT(0xfbbe808329c8f1b7), -W64LIT(0x4aea27b38817d8ec), -W64LIT(0x5626e24e6c595488), -W64LIT(0x056eeae0f6af3958), -W64LIT(0x4558ec6667139304), -W64LIT(0x448cbf37fa309ede), -W64LIT(0x6f9fce10cce6b49a), -W64LIT(0xa0770fba65d3f496), -W64LIT(0x671e49871a0bdc6b), -W64LIT(0xda71d09106b5a943), -W64LIT(0x08818797d6ed68f1), -W64LIT(0xa3fefa4937b6e30d), -W64LIT(0xb080f4613cfc2481), -W64LIT(0x763de10dde0701a6), -W64LIT(0x4dd96bf1b1fefbf5), -W64LIT(0x92c6518041e46bee), -W64LIT(0x3456412980fdb1bb), -W64LIT(0x981a70b5584f195e), -W64LIT(0x3d0395efcb33d490), -W64LIT(0xba5cd55425575631), -W64LIT(0x4b3e74e21534d536), -W64LIT(0x6af124f03a498dc2), -W64LIT(0x7ebc669a08ea6957), -W64LIT(0x30ecf898eb718539), -W64LIT(0xa922db7c2e1d91bd), -W64LIT(0x7a06df2b63665dd5), -W64LIT(0xb154a730a1df295b), -W64LIT(0xfc8dccc11021d2ae), -W64LIT(0xcfe8c1aaa935400c), -W64LIT(0x97a8bb60b74b52b6), -W64LIT(0x18767c4c8fc2b8e6), -W64LIT(0x9a47d6179709031f), -W64LIT(0x0000000000000000), -W64LIT(0xac4c319cd8b2a8e5), -W64LIT(0xb9d520a7773241aa), -W64LIT(0xdecb69206d399dc1), -W64LIT(0x1f45300eb62b9bff), -W64LIT(0x10f7fbdb592fd017), -W64LIT(0x3e8a601c9956c30b), -W64LIT(0x8502e619212298e0), -W64LIT(0xf5d818075befb785), -W64LIT(0x547b44eca31f4ec9), -W64LIT(0x9ca0c90433c32ddc), -W64LIT(0xe041093cf46f5eca), -W64LIT(0xa69010a9c119da55), -W64LIT(0xc769463d7fd828fd), -W64LIT(0xc4e0b3ce2dbd3f66), -W64LIT(0x2575e9a344f16c76), -W64LIT(0x01d453519d230dda), -W64LIT(0xfa6ad3d2b4ebfc6d), -W64LIT(0xd5c31b44e9b1e2ab), -W64LIT(0xf83775707bade62c), -W64LIT(0xbcbbca47819d78f2), -W64LIT(0xd79ebde626f7f8ea), -W64LIT(0x5bc98f394c1b0521), -W64LIT(0x2246a5e17d184f6f), -W64LIT(0x12aa5d799669ca56), -W64LIT(0x5ea765d9bab43c79), -W64LIT(0x8939d83f9c43c493), -W64LIT(0x32b15e3a24379f78), -W64LIT(0xe914ddfabfa13be1), -W64LIT(0x909bf7228ea271af), -W64LIT(0x73530bed28a838fe), -W64LIT(0xd2f05706d058c1b2), -W64LIT(0xfed06a63df67c8ef), -W64LIT(0xb43a4dd057701003), -W64LIT(0xa519e55a937ccdce), -W64LIT(0x75b414fe8c62163d), -W64LIT(0xafc5c46f8ad7bf7e), -W64LIT(0x2392f6b0e03b42b5), -W64LIT(0x386d7f0f3d9cedc8), -W64LIT(0x21cf50122f7d58f4), -W64LIT(0x9b9385460a2a0ec5), -W64LIT(0x5115ae0c55b07791), -W64LIT(0x0fb2cbd5ef044be8), -W64LIT(0xea9d2809edc42c7a), -W64LIT(0xcc613459fb505797), -W64LIT(0x426ba0245efab01d), -W64LIT(0x1599113baf80e94f), -W64LIT(0x7d3593695a8f7ecc), -W64LIT(0x0389f5f35265179b), -W64LIT(0x875f40bbee6482a1), -W64LIT(0x95f51dc2780d48f7), -W64LIT(0x7ce1c038c7ac7316), -W64LIT(0xce3c92fb34164dd6), -W64LIT(0xcdb5670866735a4d), -W64LIT(0x8ab02dccce26d308), -W64LIT(0x914fa47313817c75), -W64LIT(0x8b647e9d5305ded2), -W64LIT(0xd82c7633c9f3b302), -W64LIT(0x728758bcb58b3524), -W64LIT(0xe8c08eab2282363b), -W64LIT(0x8fdec72c3889ea50), -W64LIT(0x2b13712736d62a44), -W64LIT(0x3cd7c6be5610d94a), -W64LIT(0x37dfb4dad298a620), -W64LIT(0x868b13ea73478f7b), -W64LIT(0xb7b3b82305150798), -W64LIT(0x0b08726484887f6a), -W64LIT(0x1bff89bfdda7af7d), -W64LIT(0x77e9b25c43240c7c), -W64LIT(0xf0b6f2e7ad408edd), -W64LIT(0x17c4b79960c6f30e), -W64LIT(0x8c5732df6aecfdcb), -W64LIT(0x68ac8252f50f9783), -W64LIT(0x66ca1ad68728d1b1), -W64LIT(0x6b2577a1a76a8018), -W64LIT(0xe21caf9e3b29448b), -W64LIT(0xa74443f85c3ad78f), -W64LIT(0xfd599f908d02df74), -W64LIT(0x967ce8312a685f6c), -/* box 3 */ -W64LIT(0xfa7b9775ba3af751), -W64LIT(0x03ef98cb769c2d13), -W64LIT(0x7191ce067072359e), -W64LIT(0xbab18b6bff7516a8), -W64LIT(0xe6e5ef4efbc1065e), -W64LIT(0x7bec74a3b1d0dbf4), -W64LIT(0x656b4fb907c31c4a), -W64LIT(0x4e8520f99fc86304), -W64LIT(0x8fd8df31d16dae58), -W64LIT(0x90a93fc1e60a7244), -W64LIT(0x30ad09f2b449cfc5), -W64LIT(0x8453be7e91bb5b90), -W64LIT(0x1d68a3d1c08feaad), -W64LIT(0x5c54642504b410f6), -W64LIT(0x8061383c8a9e3707), -W64LIT(0xf9940fbecca6da42), -W64LIT(0x46e1d97da982bbdf), -W64LIT(0xfc50521656f7ad77), -W64LIT(0x5e4d2704f35c2647), -W64LIT(0x8bea5973ca48c2cf), -W64LIT(0xd06323dfa34593bd), -W64LIT(0x62b651306a7a5dce), -W64LIT(0xa436b0714966d116), -W64LIT(0x4f73fb131ebc78a6), -W64LIT(0x92b07ce011e244f5), -W64LIT(0x33429139c2d5e2d6), -W64LIT(0xcee418c515565403), -W64LIT(0xd7be3d56cefcd239), -W64LIT(0x53ed83285f4789a9), -W64LIT(0xf3e9b51b0d043428), -W64LIT(0x20650e0fd8dd8a86), -W64LIT(0xb6e7f4add21aa2e4), -W64LIT(0x6d0fb63d3189c491), -W64LIT(0x0da0a42cac1bafee), -W64LIT(0x3f14eeffefba569a), -W64LIT(0x13279f361a086850), -W64LIT(0x9b225e8ea6dc878c), -W64LIT(0x6684d772715f3159), -W64LIT(0xa3ebaef824df9092), -W64LIT(0xc499a260d4f4ba69), -W64LIT(0xaa798c9693e153eb), -W64LIT(0x50021be329dba4ba), -W64LIT(0x949bb983fd2f1ed3), -W64LIT(0xdfdac4d2f8b60ae2), -W64LIT(0xf0062dd07b98193b), -W64LIT(0xafbdd13e09b024de), -W64LIT(0xb95e13a089e93bbb), -W64LIT(0x649d945386b707e8), -W64LIT(0xe4fcac6f0c2930ef), -W64LIT(0x413cc7f4c43bfa5b), -W64LIT(0x3b2668bdf49f3a0d), -W64LIT(0xe50a77858d5d2b4d), -W64LIT(0x05c45da89a517735), -W64LIT(0x3ee235156ece4d38), -W64LIT(0xfe491137a11f9bc6), -W64LIT(0xb7112f47536eb946), -W64LIT(0x07dd1e896db94184), -W64LIT(0x1ab5bd58ad36ab29), -W64LIT(0x8197e3d60bea2ca5), -W64LIT(0xab8f577c12954849), -W64LIT(0x9cff4007cb65c608), -W64LIT(0xa00436335243bd81), -W64LIT(0xfda689fcd783b6d5), -W64LIT(0xccfd5be4e2be62b2), -W64LIT(0x75a348446b575909), -W64LIT(0x17151974012d04c7), -W64LIT(0xfb8d4c9f3b4eecf3), -W64LIT(0xac5249f57f2c09cd), -W64LIT(0x9346a70a90965f57), -W64LIT(0x043286421b256c97), -W64LIT(0x27b81086b564cb02), -W64LIT(0x3569545a2e18b8f0), -W64LIT(0x6b24735edd449eb7), -W64LIT(0x2193d5e559a99124), -W64LIT(0xc7763aaba268977a), -W64LIT(0xb0cc31ce3ed7f8c2), -W64LIT(0xc939064c78ef1587), -W64LIT(0x16e3c29e80591f65), -W64LIT(0x5da2bfcf85c00b54), -W64LIT(0x5990398d9ee567c3), -W64LIT(0x67720c98f02b2afb), -W64LIT(0x54309da132fec82d), -W64LIT(0xeab39088d6aeb212), -W64LIT(0x9682faa20ac72862), -W64LIT(0xd38cbb14d5d9beae), -W64LIT(0x4c9c63d8682055b5), -W64LIT(0xd648e6bc4f88c99b), -W64LIT(0xdc355c198e2a27f1), -W64LIT(0x10c807fd6c944543), -W64LIT(0x450e41b6df1e96cc), -W64LIT(0x0b8b614f40d6f5c8), -W64LIT(0xd27a60fe54ada50c), -W64LIT(0x49583e70f2712280), -W64LIT(0x8dc19c10268598e9), -W64LIT(0x5866e2671f917c61), -W64LIT(0x79f537824638ed45), -W64LIT(0xc2b267033839e04f), -W64LIT(0xcb20456d8f072336), -W64LIT(0x2a18b4aa197f64ec), -W64LIT(0xdbe84290e3936675), -W64LIT(0x73888d27879a032f), -W64LIT(0xe8aad3a9214684a3), -W64LIT(0x6ee02ef64715e982), -W64LIT(0xa996145de57d7ef8), -W64LIT(0xc8cfdda6f99b0e25), -W64LIT(0x062bc563eccd5a26), -W64LIT(0x264ecb6c3410d0a0), -W64LIT(0xb8a8c84a089d2019), -W64LIT(0x7dc7b1c05d1d81d2), -W64LIT(0xd5a77e773914e488), -W64LIT(0x4b417d5105991431), -W64LIT(0xf62de8b39755431d), -W64LIT(0x993b1daf5134b13d), -W64LIT(0x82787b1d7d7601b6), -W64LIT(0xe321b2e66190716b), -W64LIT(0xb5086c66a4868ff7), -W64LIT(0x9ee603263c8df0b9), -W64LIT(0x349f8fb0af6ca352), -W64LIT(0x5b897aac690d5172), -W64LIT(0x7c316a2adc699a70), -W64LIT(0xd451a59db860ff2a), -W64LIT(0x706715ecf1062e3c), -W64LIT(0x838ea0f7fc021a14), -W64LIT(0x57df056a4462e53e), -W64LIT(0xcf12c32f94224fa1), -W64LIT(0xed6e8e01bb17f396), -W64LIT(0x915fe42b677e69e6), -W64LIT(0x89f31a523da0f47e), -W64LIT(0xe71334a47ab51dfc), -W64LIT(0xa860cfb76409655a), -W64LIT(0x9f10d8ccbdf9eb1b), -W64LIT(0xef77cd204cffc527), -W64LIT(0xf862d4544dd2c1e0), -W64LIT(0x8a1c82994b3cd96d), -W64LIT(0xae4b0ad488c43f7c), -W64LIT(0x98cdc645d040aa9f), -W64LIT(0x7fdef2e1aaf5b763), -W64LIT(0x4717029728f6a07d), -W64LIT(0x745593aeea2342ab), -W64LIT(0xee8116cacd8bde85), -W64LIT(0x727e56cd06ee188d), -W64LIT(0x227c4d2e2f35bc37), -W64LIT(0x977421488bb333c0), -W64LIT(0xa21d7512a5ab8b30), -W64LIT(0xbb4750817e010d0a), -W64LIT(0x6cf96dd7b0fddf33), -W64LIT(0x2801f78bee97525d), -W64LIT(0x1c9e783b41fbf10f), -W64LIT(0x9d099bed4a11ddaa), -W64LIT(0x7a1aaf4930a4c056), -W64LIT(0x32b44ad343a1f974), -W64LIT(0x3cfb763499267b89), -W64LIT(0xb2d572efc93fce73), -W64LIT(0x63408adaeb0e466c), -W64LIT(0xada4921ffe58126f), -W64LIT(0x5fbbfcee72283de5), -W64LIT(0x6ad2a8b45c308515), -W64LIT(0x0c567fc62d6fb44c), -W64LIT(0x956d62697c5b0571), -W64LIT(0x25a153a7428cfdb3), -W64LIT(0x150c5a55f6c53276), -W64LIT(0xe2d7690ce0e46ac9), -W64LIT(0xda1e997a62e77dd7), -W64LIT(0xf5c27078e1c96e0e), -W64LIT(0xc344bce9b94dfbed), -W64LIT(0x60af12119d926b7f), -W64LIT(0xa1f2edd9d337a623), -W64LIT(0xcad69e870e733894), -W64LIT(0x3770177bd9f08e41), -W64LIT(0xa5c06b9bc812cab4), -W64LIT(0x1f71e0f03767dc1c), -W64LIT(0x44f89a5c5e6a8d6e), -W64LIT(0x6159c9fb1ce670dd), -W64LIT(0x8e2e04db5019b5fa), -W64LIT(0x8805c1b8bcd4efdc), -W64LIT(0xe138f1c7967847da), -W64LIT(0x4ab7a6bb84ed0f93), -W64LIT(0x0000000000000000), -W64LIT(0x38c9f0768203171e), -W64LIT(0x1b4366b22c42b08b), -W64LIT(0x7803ec68c74cf6e7), -W64LIT(0xec9855eb3a63e834), -W64LIT(0xbe830d29e4507a3f), -W64LIT(0x2dc5aa2374c62568), -W64LIT(0xa62ff350be8ee7a7), -W64LIT(0x764cd08f1dcb741a), -W64LIT(0x8c3747faa7f1834b), -W64LIT(0x0fb9e70d5bf3995f), -W64LIT(0x55c6464bb38ad38f), -W64LIT(0xf7db3359162158bf), -W64LIT(0xd195f8352231881f), -W64LIT(0x0992226eb73ec379), -W64LIT(0x14fa81bf77b129d4), -W64LIT(0x48aee59a73053922), -W64LIT(0x2457884dc3f8e611), -W64LIT(0xffbfcadd206b8064), -W64LIT(0xb4feb78c25f29455), -W64LIT(0x864afd5f66536d21), -W64LIT(0x6f16f51cc661f220), -W64LIT(0xde2c1f3879c21140), -W64LIT(0x195a2593dbaa863a), -W64LIT(0x2e2a32e8025a087b), -W64LIT(0x432584d533d3ccea), -W64LIT(0x2c3371c9f5b23eca), -W64LIT(0xa7d928ba3ffafc05), -W64LIT(0x42d35f3fb2a7d748), -W64LIT(0x85a5659410cf4032), -W64LIT(0x0864f984364ad8db), -W64LIT(0xf21f6ef18c702f8a), -W64LIT(0xf1f0f63afaec0299), -W64LIT(0xd9f101b1147b50c4), -W64LIT(0x2fdce902832e13d9), -W64LIT(0x4d6ab832e9544e17), -W64LIT(0xe0ce2a2d170c5c78), -W64LIT(0x51f4c009a8afbf18), -W64LIT(0x68cbeb95abd8b3a4), -W64LIT(0xc15dffc84ea5cd5c), -W64LIT(0x02194321f7e836b1), -W64LIT(0x113edc17ede05ee1), -W64LIT(0x521b58c2de33920b), -W64LIT(0x9ad4856427a89c2e), -W64LIT(0x5629de80c516fe9c), -W64LIT(0x77ba0b659cbf6fb8), -W64LIT(0x238a96c4ae41a795), -W64LIT(0x12d144dc9b7c73f2), -W64LIT(0xd807da5b950f4b66), -W64LIT(0x3686cc91588495e3), -W64LIT(0x18acfe795ade9d98), -W64LIT(0x5a7fa146e8794ad0), -W64LIT(0xc680e141231c8cd8), -W64LIT(0x1e873b1ab613c7be), -W64LIT(0xf434ab9260bd75ac), -W64LIT(0xcd0b800e63ca7910), -W64LIT(0xbc9a4e0813b84c8e), -W64LIT(0x3d0dadde1852602b), -W64LIT(0x40ca1c1e454fe1f9), -W64LIT(0x0a7dbaa5c1a2ee6a), -W64LIT(0x693d307f2aaca806), -W64LIT(0x0e4f3ce7da8782fd), -W64LIT(0xbd6c95e292cc572c), -W64LIT(0x3ad0b35775eb21af), -W64LIT(0x7e28290b2b81acc1), -W64LIT(0x01f6dbea81741ba2), -W64LIT(0x87bc26b5e7277683), -W64LIT(0x393f2b9c03770cbc), -W64LIT(0xddc387f30f5e3c53), -W64LIT(0xeb454b6257daa9b0), -W64LIT(0xb323a905484bd5d1), -W64LIT(0xb13aea24bfa3e360), -W64LIT(0x315bd218353dd467), -W64LIT(0x2bee6f40980b7f4e), -W64LIT(0xe95c0843a0329f01), -W64LIT(0xc56f798a5580a1cb), -W64LIT(0xbf75d6c36524619d), -W64LIT(0x29f72c616fe349ff), -W64LIT(0xc0ab2422cfd1d6fe), -/* box 4 */ -W64LIT(0x561fc423e957943c), -W64LIT(0x014287ca69079288), -W64LIT(0x2f086129dfcd1d21), -W64LIT(0xc537d4aea044fd99), -W64LIT(0xf1e8c3bfd7c8a457), -W64LIT(0x2971998a5cdf9bfb), -W64LIT(0x23fa649a2ce9e460), -W64LIT(0x3aa9e9c356a6716a), -W64LIT(0xd6efa4e7aa3d1708), -W64LIT(0x705a24b1fda5b5eb), -W64LIT(0x101e0ce2b170a9fc), -W64LIT(0x7ca821020e814caa), -W64LIT(0x0bc97ada1931ed13), -W64LIT(0x34df1711778c59ce), -W64LIT(0xd35020ef9226d2bf), -W64LIT(0x575d43e9805006b4), -W64LIT(0x91acebec9b1db840), -W64LIT(0x549b3f423b5945d9), -W64LIT(0x99a3ed9d3925163e), -W64LIT(0x7917a50a369a891d), -W64LIT(0xe372343cb4b6dc4e), -W64LIT(0x8d40e2bdd949e8fd), -W64LIT(0xcfbc29bed0728202), -W64LIT(0x969794857108ac12), -W64LIT(0xdd26de3db30cfa1b), -W64LIT(0x115c8b28d8773b74), -W64LIT(0xe9f9c92cc480a3d5), -W64LIT(0x4dc8b21b4116d0d3), -W64LIT(0x316093194f979c79), -W64LIT(0x5124bb4a0342806e), -W64LIT(0xb31408bcdef3cea8), -W64LIT(0xc1cad76cf158aaa6), -W64LIT(0x88ff66b5e1522d4a), -W64LIT(0xa8c37e8476b28a47), -W64LIT(0x15a188ea896b6c4b), -W64LIT(0xa24883940684f5dc), -W64LIT(0xda1da1545919ee49), -W64LIT(0x22b8e35045ee76e8), -W64LIT(0x6106af9925d28e9f), -W64LIT(0xef80318f4792250f), -W64LIT(0x663dd0f0cfc79acd), -W64LIT(0x302214d326900ef1), -W64LIT(0xdfa2255c61022bfe), -W64LIT(0xe6cdb0348cad19f9), -W64LIT(0x50663c806a4512e6), -W64LIT(0x65fbac5b74ced9a0), -W64LIT(0xc4755364c9436f11), -W64LIT(0x8fc419dc0b473918), -W64LIT(0x5c9439339961eba7), -W64LIT(0x3f166dcb6ebdb4dd), -W64LIT(0xba59890715ccf25e), -W64LIT(0xf0aa4475becf36df), -W64LIT(0x03c67cabbb09436d), -W64LIT(0xb99ff5acaec5b133), -W64LIT(0xf9e7c5ce75f00a29), -W64LIT(0x6df4aa2ad6f677de), -W64LIT(0xaeba8627f5a00c9d), -W64LIT(0xa573fcfdec91e18e), -W64LIT(0x7f6e5da9b5880fc7), -W64LIT(0xca03adb6e86947b5), -W64LIT(0x74a72773acb9e2d4), -W64LIT(0x604428534cd51c17), -W64LIT(0xf8a542041cf798a1), -W64LIT(0x448533a08a29ec25), -W64LIT(0x80f060c4436a8334), -W64LIT(0x0db082799a236bc9), -W64LIT(0xfa21b965cef94944), -W64LIT(0x64b92b911dc94b28), -W64LIT(0x7118a37b94a22763), -W64LIT(0xaff801ed9ca79e15), -W64LIT(0x1dae8e9b2b53c235), -W64LIT(0x13d870490a79ea91), -W64LIT(0x8a7b9dd4335cfcaf), -W64LIT(0x1f2a75faf95d13d0), -W64LIT(0xeec2b6452e95b787), -W64LIT(0xc34e2c0d23567b43), -W64LIT(0x47434f0b3120af48), -W64LIT(0xa18eff3fbd8db6b1), -W64LIT(0x98e16a57502284b6), -W64LIT(0x37196bbacc851aa3), -W64LIT(0x8e869e166240ab90), -W64LIT(0x9fda153eba3790e4), -W64LIT(0xf515c07d86d4f368), -W64LIT(0x72dedfd02fab640e), -W64LIT(0xe230b3f6ddb14ec6), -W64LIT(0x97d5134f180f3e9a), -W64LIT(0xe1f6cf5d66b80dab), -W64LIT(0xe78f37fee5aa8b71), -W64LIT(0xa30a045e6f836754), -W64LIT(0x90ee6c26f21a2ac8), -W64LIT(0xaa4785e5a4bc5ba2), -W64LIT(0x4e0eceb0fa1f93be), -W64LIT(0x94136fe4a3067df7), -W64LIT(0x7b935e6be49458f8), -W64LIT(0x9b2716fceb2bc7db), -W64LIT(0x840d63061276d40b), -W64LIT(0xed04caee959cf4ea), -W64LIT(0xea3fb5877f89e0b8), -W64LIT(0xb56df01f5de14872), -W64LIT(0x4935b1d9100a87ec), -W64LIT(0x82749ba5916452d1), -W64LIT(0x58693af1c87dbc98), -W64LIT(0x89bde17f8855bfc2), -W64LIT(0x677f573aa6c00845), -W64LIT(0xeb7d324d168e7230), -W64LIT(0x0284fb61d20ed1e5), -W64LIT(0xb190f3dd0cfd1f4d), -W64LIT(0x684b2e22eeedb269), -W64LIT(0x2bf562eb8ed14a1e), -W64LIT(0xe0b448970fbf9f23), -W64LIT(0x396f9568edaf3207), -W64LIT(0x52e2c7e1b84bc303), -W64LIT(0x77615bd817b0a1b9), -W64LIT(0x7e2cda63dc8f9d4f), -W64LIT(0xf22ebf146cc1e73a), -W64LIT(0xc08850a6985f382e), -W64LIT(0xd9dbddffe210ad24), -W64LIT(0xbfe60d0f2dd737e9), -W64LIT(0x9a659136822c5553), -W64LIT(0x87cb1fada97f9766), -W64LIT(0x4c8a35d12811425b), -W64LIT(0x83361c6ff863c059), -W64LIT(0xd212a725fb214037), -W64LIT(0x9e9892f4d330026c), -W64LIT(0x45c7b46ae32e7ead), -W64LIT(0x5baf465a7374fff5), -W64LIT(0xdc6459f7da0b6893), -W64LIT(0xd46b5f867833c6ed), -W64LIT(0x5dd6bef9f066792f), -W64LIT(0xcb412a7c816ed53d), -W64LIT(0x75e5a0b9c5be705c), -W64LIT(0xf6d3bcd63dddb005), -W64LIT(0xfb633eafa7fedbcc), -W64LIT(0xd529d84c11345465), -W64LIT(0xc9c5d11d536004d8), -W64LIT(0xdb5f269e301e7cc1), -W64LIT(0x86899867c07805ee), -W64LIT(0x3d9296aabcb36538), -W64LIT(0x2cce1d8264c45e4c), -W64LIT(0x5aedc1901a736d7d), -W64LIT(0x2e4ae6e3b6ca8fa9), -W64LIT(0x1e68f230905a8158), -W64LIT(0xdee0a2960805b976), -W64LIT(0xcd38d2df027c53e7), -W64LIT(0x6909a9e887ea20e1), -W64LIT(0x24c11bf3c6fcf032), -W64LIT(0x18110a9313480782), -W64LIT(0xa7f7079c3e9f306b), -W64LIT(0xd8995a358b173fac), -W64LIT(0x854fe4cc7b714683), -W64LIT(0xbd62f66effd9e60c), -W64LIT(0x14e30f20e06cfec3), -W64LIT(0x6e32d6816dff34b3), -W64LIT(0x217e9ffbfee73585), -W64LIT(0xc88756d73a679650), -W64LIT(0x359d90db1e8bcb46), -W64LIT(0x2645e09214f221d7), -W64LIT(0x04fd03c2511c573f), -W64LIT(0x739c581a46acf686), -W64LIT(0xb0d2741765fa8dc5), -W64LIT(0xa0cc78f5d48a2439), -W64LIT(0x5e10c2524b6f3a42), -W64LIT(0xe50bcc9f37a45a94), -W64LIT(0x53a0402bd14c518b), -W64LIT(0x413ab7a8b2322992), -W64LIT(0x203c183197e0a70d), -W64LIT(0xcc7a55156b7bc16f), -W64LIT(0x4601c8c158273dc0), -W64LIT(0xbea48ac544d0a561), -W64LIT(0x638254f8f7dc5f7a), -W64LIT(0xa6b580565798a2e3), -W64LIT(0x3cd01160d5b4f7b0), -W64LIT(0x8c026577b04e7a75), -W64LIT(0x7ad1d9a18d93ca70), -W64LIT(0x785522c05f9d1b95), -W64LIT(0x5f5245982268a8ca), -W64LIT(0x9551e82eca01ef7f), -W64LIT(0x0000000000000000), -W64LIT(0xbb1b0ecd7ccb60d6), -W64LIT(0x094d81bbcb3f3cf6), -W64LIT(0x28331e4035d80973), -W64LIT(0xf7913b1c54da228d), -W64LIT(0x6acfd5433ce3638c), -W64LIT(0x1bd77638a84144ef), -W64LIT(0x62c0d3329edbcdf2), -W64LIT(0x81b2e70e2a6d11bc), -W64LIT(0xd7ad232dc33a8580), -W64LIT(0x05bf8408381bc5b7), -W64LIT(0x33e468789d994d9c), -W64LIT(0xfedcbaa79fe51e7b), -W64LIT(0x4f4c497a93180136), -W64LIT(0x073b7f69ea151452), -W64LIT(0x0cf205b3f324f941), -W64LIT(0x382d12a284a8a08f), -W64LIT(0x1cec0951425450bd), -W64LIT(0x55d9b888525ed751), -W64LIT(0x6cb62de0bff1e556), -W64LIT(0xd1d4db8e4028035a), -W64LIT(0x25839c39affb62ba), -W64LIT(0x4af3cd72ab03c481), -W64LIT(0xa4317b3785967306), -W64LIT(0x1a95f1f2c146d667), -W64LIT(0x926a97472014fb2d), -W64LIT(0xb7e90b7e8fef9997), -W64LIT(0xcefeae74b975108a), -W64LIT(0x3e54ea0107ba2655), -W64LIT(0xd0965c44292f91d2), -W64LIT(0xab05022fcdbbc92a), -W64LIT(0xfd1ac60c24ec5d16), -W64LIT(0xfc5841c64debcf9e), -W64LIT(0xe4494b555ea3c81c), -W64LIT(0xb6ab8cb4e6e80b1f), -W64LIT(0x3beb6e093fa1e3e2), -W64LIT(0xf36c38de05c675b2), -W64LIT(0x9c1c6995013ed389), -W64LIT(0x8b391a1e5a5b6e27), -W64LIT(0xec464d24fc9b6662), -W64LIT(0xad7cfa8c4ea94ff0), -W64LIT(0x0f347918482dba2c), -W64LIT(0x9d5eee5f68394101), -W64LIT(0x7623dc127eb73331), -W64LIT(0x32a6efb2f49edf14), -W64LIT(0x2d8c9a480dc3ccc4), -W64LIT(0xb2568f76b7f45c20), -W64LIT(0x0e76fed2212a28a4), -W64LIT(0x48773613790d1564), -W64LIT(0x129af783637e7819), -W64LIT(0x080f0671a238ae7e), -W64LIT(0x365bec70a582882b), -W64LIT(0x42fccb03093b6aff), -W64LIT(0x0a8bfd1070367f9b), -W64LIT(0xff9e3d6df6e28cf3), -W64LIT(0xe8bb4ee6ad87315d), -W64LIT(0xc7b32fcf724a2c7c), -W64LIT(0xb8dd7266c7c223bb), -W64LIT(0x9328108d491369a5), -W64LIT(0x0679f8a3831286da), -W64LIT(0x270767587df5b35f), -W64LIT(0xa981f94e1fb518cf), -W64LIT(0x6b8d528955e4f104), -W64LIT(0x1667f44132622f26), -W64LIT(0x2ab7e521e7d6d896), -W64LIT(0xac3e7d4627aedd78), -W64LIT(0x7deaa6c86786de22), -W64LIT(0x1725738b5b65bdae), -W64LIT(0x4bb14ab8c2045609), -W64LIT(0x592bbd3ba17a2e10), -W64LIT(0xc20cabc74a51e9cb), -W64LIT(0x6f70514b04f8a63b), -W64LIT(0xbc2071a496de7484), -W64LIT(0x19538d597a4f950a), -W64LIT(0xf45747b7efd361e0), -W64LIT(0x43be4cc9603cf877), -W64LIT(0xc6f1a8051b4dbef4), -W64LIT(0xb42f77d534e6dafa), -W64LIT(0x40783062db35bb1a), -/* box 5 */ -W64LIT(0xf5a96c292deb0a4e), -W64LIT(0x211c9df6ee653c51), -W64LIT(0x04de5ddcbeeef596), -W64LIT(0xe1e5b06f7457c19f), -W64LIT(0x74ca30f014a54fb6), -W64LIT(0xc296f9f7c5457d85), -W64LIT(0x7d4ee08a484d10b0), -W64LIT(0xae87f2d0bf9b13ad), -W64LIT(0x8df4bb480e89afb7), -W64LIT(0x2d8b7a67d9a2d61e), -W64LIT(0x0f3559c8bd712adb), -W64LIT(0x541bc7312f013338), -W64LIT(0x9ec4848b636d5164), -W64LIT(0x952f809f60f28e29), -W64LIT(0x28984d8cb28d6357), -W64LIT(0xd4b5f1dfc38e361f), -W64LIT(0x5674135f7076b373), -W64LIT(0xb791a330042172ec), -W64LIT(0xab94c53bd4b4a6e4), -W64LIT(0xf17731f59305ffd8), -W64LIT(0x39c7a621801e1dcf), -W64LIT(0x20d1f7c13ba47c8e), -W64LIT(0x5e3da912f95facaa), -W64LIT(0xb1202a82e5b80731), -W64LIT(0x13303fc36de4fed3), -W64LIT(0x2e29c43e5314168a), -W64LIT(0x861fbf5c0d1670fa), -W64LIT(0x6458b16af3f771f1), -W64LIT(0x3043765bdcf642c9), -W64LIT(0x12fd55f4b825be0c), -W64LIT(0x0a266e23d65e9f92), -W64LIT(0x6595db5d2636312e), -W64LIT(0x85bd010587a0b06e), -W64LIT(0x9bd7b3600842e42d), -W64LIT(0xaa59af0c0175e63b), -W64LIT(0x240faa1d854a8918), -W64LIT(0xf464061ef82a4a91), -W64LIT(0x5c527d7ca6282ce1), -W64LIT(0x03a2be598ab6c094), -W64LIT(0x40571b7776bdf8e9), -W64LIT(0xe4f687841f7874d6), -W64LIT(0x115febad32937e98), -W64LIT(0x5108f0da442e8671), -W64LIT(0x9cab50e53c1ad12f), -W64LIT(0x33e1c8025640825d), -W64LIT(0x87d2d56bd8d73025), -W64LIT(0xc0f92d999a32fdce), -W64LIT(0x62e938d8126e042c), -W64LIT(0x4a717554a0e3677b), -W64LIT(0x0beb0414039fdf4d), -W64LIT(0xd6da25b19cf9b654), -W64LIT(0x55d6ad06fac073e7), -W64LIT(0x632452efc7af44f3), -W64LIT(0xb5fe775e5b56f2a7), -W64LIT(0x892ae694b0675a21), -W64LIT(0x7a32030f7c1525b2), -W64LIT(0x5d9f174b73e96c3e), -W64LIT(0xc35b93c010843d5a), -W64LIT(0x373f95dee8ae77cb), -W64LIT(0xfb515fd6455b604a), -W64LIT(0xa9fb11558bc326af), -W64LIT(0x22be23af64d3fcc5), -W64LIT(0xa8367b625e026670), -W64LIT(0xb8a4faf8b9505837), -W64LIT(0x785dd7612362a5f9), -W64LIT(0x588c20a018c6d977), -W64LIT(0xea0eb47b77c81ed2), -W64LIT(0xa6ce489d36b20c74), -W64LIT(0x0c97e79137c7ea4f), -W64LIT(0x7c838abd9d8c506f), -W64LIT(0x57b97968a5b7f3ac), -W64LIT(0x6c110b277ade6e28), -W64LIT(0xc785ce1cae6ac8cc), -W64LIT(0x1581b6718c7d8b0e), -W64LIT(0x614b868198d8c4b8), -W64LIT(0x27ad14440ffc498c), -W64LIT(0xdb80a8177eff1cc4), -W64LIT(0x472bf8f242e5cdeb), -W64LIT(0x8a8858cd3ad19ab5), -W64LIT(0xf60bd270a75dcada), -W64LIT(0x43f5a52efc0b387d), -W64LIT(0x6ddc6110af1f2ef7), -W64LIT(0xf0ba5bc246c4bf07), -W64LIT(0x6fb3b57ef068aebc), -W64LIT(0x18db3bd76e7b219e), -W64LIT(0x903cb7740bdd3b60), -W64LIT(0x7bff6938a9d4656d), -W64LIT(0xbdb7cd13d27fed7e), -W64LIT(0x051337eb6b2fb549), -W64LIT(0x77688ea99e138f22), -W64LIT(0xd9ef7c7921889c8f), -W64LIT(0x077ce38534583502), -W64LIT(0xf318e59bcc727f93), -W64LIT(0xb34ffeecbacf877a), -W64LIT(0xe9ac0a22fd7ede46), -W64LIT(0xfc2dbc5371035548), -W64LIT(0x026fd46e5f77804b), -W64LIT(0xe53bedb3cab93409), -W64LIT(0xcc6eca08adf51781), -W64LIT(0xe028da58a1968140), -W64LIT(0x3a6518780aa8dd5b), -W64LIT(0xce011e66f28297ca), -W64LIT(0xa4a19cf369c58c3f), -W64LIT(0xc5ea1a72f11d4887), -W64LIT(0xc427704524dc0858), -W64LIT(0x4238cf1929ca78a2), -W64LIT(0x481ea13aff94e730), -W64LIT(0xdf5ef5cbc011e952), -W64LIT(0x80ae36eeec8f0527), -W64LIT(0x5ae3f4ce47b1593c), -W64LIT(0xcda3a03f7834575e), -W64LIT(0x71d9071b7f8afaff), -W64LIT(0xcadf43ba4c6c625c), -W64LIT(0x1623082806cb4b9a), -W64LIT(0x17ee621fd30a0b45), -W64LIT(0x448946abc8530d7f), -W64LIT(0x974054f13f850e62), -W64LIT(0x73b6d37520fd7ab4), -W64LIT(0xc8b097d4131be217), -W64LIT(0x9f09eebcb6ac11bb), -W64LIT(0x45442c9c1d924da0), -W64LIT(0x1b79858ee4cde10a), -W64LIT(0x0984d07a5ce85f06), -W64LIT(0x4cc0fce6417a12a6), -W64LIT(0x99b8670e57356466), -W64LIT(0xad254c89352dd339), -W64LIT(0x322ca2358381c282), -W64LIT(0xcfcc74512743d715), -W64LIT(0x6b6de8a24e865b2a), -W64LIT(0xda4dc220ab3e5c1b), -W64LIT(0x88e78ca365a61afe), -W64LIT(0x939e092d816bfbf4), -W64LIT(0xcb12298d99ad2283), -W64LIT(0xeed0e9a7c926eb44), -W64LIT(0x98750d3982f424b9), -W64LIT(0xd5789be8164f76c0), -W64LIT(0xbe15734a58c92dea), -W64LIT(0x49d3cb0d2a55a7ef), -W64LIT(0x67fa0f337941b165), -W64LIT(0x8c39d17fdb48ef68), -W64LIT(0x25c2c02a508bc9c7), -W64LIT(0x349d2b876218b75f), -W64LIT(0x70146d2caa4bba20), -W64LIT(0x1c05660bd095d408), -W64LIT(0xfe42683d2e74d503), -W64LIT(0x9a1ad957dd83a4f2), -W64LIT(0xf2d58fac19b33f4c), -W64LIT(0x81635cd9394e45f8), -W64LIT(0xb65cc907d1e03233), -W64LIT(0xdd3121a59f666919), -W64LIT(0x318e1c6c09370216), -W64LIT(0x8b4532faef10da6a), -W64LIT(0x191651e0bbba6141), -W64LIT(0x3f762f9361876812), -W64LIT(0xb96990cf6c9118e8), -W64LIT(0xb4331d698e97b278), -W64LIT(0xd822164ef449dc50), -W64LIT(0x84706b325261f0b1), -W64LIT(0x4eaf28881e0d92ed), -W64LIT(0x69023ccc11f1db61), -W64LIT(0x66376504ac80f1ba), -W64LIT(0x0849ba4d89291fd9), -W64LIT(0xff8f020afbb595dc), -W64LIT(0x50c59aed91efc6ae), -W64LIT(0x1dc80c3c055494d7), -W64LIT(0x1e6ab2658fe25443), -W64LIT(0x3d19fbfd3ef0e859), -W64LIT(0xfa9c35e1909a2095), -W64LIT(0x52aa4e83ce9846e5), -W64LIT(0x419a7140a37cb836), -W64LIT(0xa07fc12fd72b79a9), -W64LIT(0x68cf56fbc4309bbe), -W64LIT(0x01cd6a37d5c140df), -W64LIT(0x9253631a54aabb2b), -W64LIT(0xd06bac037d60c389), -W64LIT(0x295527bb674c2388), -W64LIT(0xd204786d221743c2), -W64LIT(0x0000000000000000), -W64LIT(0xf7c6b847729c8a05), -W64LIT(0xdcfc4b924aa729c6), -W64LIT(0xe38a64012b2041d4), -W64LIT(0xb28294db6f0ec7a5), -W64LIT(0x9d663ad2e9db91f0), -W64LIT(0x91f1dd43de1c7bbf), -W64LIT(0x6086ecb64d198467), -W64LIT(0x59414a97cd0799a8), -W64LIT(0xace826bee0ec93e6), -W64LIT(0xa56cf6c4bc04cce0), -W64LIT(0x727bb942f53c3a6b), -W64LIT(0x6e7edf4925a9ee63), -W64LIT(0x26607e73da3d0953), -W64LIT(0xe75439dd95ceb442), -W64LIT(0x7990bd56f6a3e526), -W64LIT(0xecbf3dc996516b0f), -W64LIT(0x76a5e49e4bd2cffd), -W64LIT(0x968d3ec6ea444ebd), -W64LIT(0x5b2e9ef9927019e3), -W64LIT(0x6aa082959b471bf5), -W64LIT(0xbb0644a133e698a3), -W64LIT(0x830c88b76639c5b3), -W64LIT(0xe2470e36fee1010b), -W64LIT(0xb0ed40b5307947ee), -W64LIT(0x355041b0b7d9f780), -W64LIT(0x8e560511843f6f23), -W64LIT(0x7f2134e4173a90fb), -W64LIT(0x2af799e2edfae31c), -W64LIT(0x4bbc1f63752227a4), -W64LIT(0xf8f3e18fcfeda0de), -W64LIT(0x0d5a8da6e206aa90), -W64LIT(0x2c4610500c6396c1), -W64LIT(0xde939ffc15d0a98d), -W64LIT(0xaf4a98e76a5a5372), -W64LIT(0x8f9b6f2651fe2ffc), -W64LIT(0x36f2ffe93d6f3714), -W64LIT(0x0ef833ff68b06a04), -W64LIT(0xe69953ea400ff49d), -W64LIT(0x23734998b112bc1a), -W64LIT(0x3ebb45a4b44628cd), -W64LIT(0x1ab4efb9310ca1d5), -W64LIT(0x2fe4ae0986d55655), -W64LIT(0xebc3de4ca2095e0d), -W64LIT(0x536724b41b59063a), -W64LIT(0x46e692c597248d34), -W64LIT(0x2b3af3d5383ba3c3), -W64LIT(0x3ba8724fdf699d84), -W64LIT(0xc13447ae4ff3bd11), -W64LIT(0x4d0d96d194bb5279), -W64LIT(0xfde0d664a4c21597), -W64LIT(0xd7174f864938f68b), -W64LIT(0x7eec5ed3c2fbd024), -W64LIT(0xbfd8197d8d086d35), -W64LIT(0x4f6242bfcbccd232), -W64LIT(0xa70322aae3734cab), -W64LIT(0xa3dd7f765d9db93d), -W64LIT(0x94e2eaa8b533cef6), -W64LIT(0x144cdc4659bccbd1), -W64LIT(0xc648a42b7bab8813), -W64LIT(0xf93e8bb81a2ce001), -W64LIT(0xbacb2e96e627d87c), -W64LIT(0xbc7aa72407beada1), -W64LIT(0xc97dfde3c6daa2c8), -W64LIT(0xa1b2ab1802ea3976), -W64LIT(0x1fa7d8525a23149c), -W64LIT(0x75075ac7c1640f69), -W64LIT(0xe861601528bf9e99), -W64LIT(0xa2101541885cf9e2), -W64LIT(0xef1d83901ce7ab9b), -W64LIT(0x06b189b2e19975dd), -W64LIT(0x380acc1655df5d10), -W64LIT(0x1092819ae7523e47), -W64LIT(0xd3c9125af7d6031d), -W64LIT(0xd1a6c634a8a18356), -W64LIT(0x5ff0c3252c9eec75), -W64LIT(0x82c1e280b3f8856c), -W64LIT(0xed7257fe43902bd0), -W64LIT(0x3cd491caeb31a886), -/* box 6 */ -W64LIT(0x94af9eb6fad9e7df), -W64LIT(0x9208ae5e03c94ddd), -W64LIT(0x1d8de8d67158480b), -W64LIT(0xfd093cd2ba147af8), -W64LIT(0xa45ceb22e6597ccf), -W64LIT(0x9bbde6e77bf113da), -W64LIT(0xe4edf4b465fffe5c), -W64LIT(0x7125622e4e8d2a2f), -W64LIT(0x1791b81b8f68430d), -W64LIT(0xb56a63d1902195c0), -W64LIT(0xa980832b30d2ee67), -W64LIT(0x4c0a7fb384862397), -W64LIT(0xed58bc0d1dc7a05b), -W64LIT(0x5955d7f05c4d0637), -W64LIT(0xd2b9b1c8806fcf4e), -W64LIT(0x06a730e8f910aa02), -W64LIT(0xb8b60bd846aa0768), -W64LIT(0x45bf370afcbe7d90), -W64LIT(0x16f6b0375ec370a1), -W64LIT(0x892276608b81afd4), -W64LIT(0xdcccc1b5d0ec08e7), -W64LIT(0xe856949162df5f58), -W64LIT(0x82592e81a41a977e), -W64LIT(0xac8eabb74fca1164), -W64LIT(0xfac9041692afe356), -W64LIT(0x3b882d75331ba3ba), -W64LIT(0xa39cd3e6cee2e561), -W64LIT(0xd077a190d7cca9e3), -W64LIT(0x9c7dde23534a8a74), -W64LIT(0x80973ed9f3b9f1d3), -W64LIT(0xce535132209cb4e9), -W64LIT(0xaa299b5fb6dabb66), -W64LIT(0x2d7e9d426dd8d31b), -W64LIT(0x8a8b6e140d89fad5), -W64LIT(0x6ca88af83fd56224), -W64LIT(0xf5db7c4713871753), -W64LIT(0xeef1a4799bcff55a), -W64LIT(0x76e55aea6636b381), -W64LIT(0x8ee24ea4a33a367a), -W64LIT(0x25acddd7c44bbeb0), -W64LIT(0x9adaeecbaa5a2076), -W64LIT(0x0e75707d5083c7a9), -W64LIT(0x2bd9adaa94c87919), -W64LIT(0x19e4c866dfeb84a4), -W64LIT(0x129f9087f070bc0e), -W64LIT(0xd9c2e929aff4f7e4), -W64LIT(0x6f01928cb9dd3725), -W64LIT(0x39463d2d64b8c517), -W64LIT(0xebff8ce5e4d70a59), -W64LIT(0xb40d6bfd418aa66c), -W64LIT(0xf21b44833b3c8efd), -W64LIT(0x3654457ce5903112), -W64LIT(0x431807e205aed792), -W64LIT(0xb10343613e92596f), -W64LIT(0x0a1c50cdfe300b06), -W64LIT(0x778252c6b79d802d), -W64LIT(0x0cbb60250720a104), -W64LIT(0xe1e3dc281ae7015f), -W64LIT(0x0f1278518128f405), -W64LIT(0x47712752ab1d1b3d), -W64LIT(0xe24ac45c9cef545e), -W64LIT(0x1ceae0faa0f37ba7), -W64LIT(0x9814fe93fdf946db), -W64LIT(0xec3fb421cc6c93f7), -W64LIT(0x833e26ad75b1a4d2), -W64LIT(0x6b68b23c176efb8a), -W64LIT(0x4904572ffb9edc94), -W64LIT(0x4bca4777ac3dba39), -W64LIT(0x2762cd8f93e8d81d), -W64LIT(0x9eb3ce7b04e9ecd9), -W64LIT(0xc2e8311727bc15ed), -W64LIT(0xea9884c9357c39f5), -W64LIT(0xfc6e34fe6bbf4954), -W64LIT(0x13f898ab21db8fa2), -W64LIT(0xb7a47389c782f36d), -W64LIT(0x7b3932e3b0bd2129), -W64LIT(0xaf27b3c3c9c24465), -W64LIT(0xb6c37ba51629c0c1), -W64LIT(0x84fe1e695d0a3d7c), -W64LIT(0x1a4dd01259e3d1a5), -W64LIT(0xab4e9373677188ca), -W64LIT(0x90c6be06546a2b70), -W64LIT(0xf37c4cafea97bd51), -W64LIT(0x647aca6d96460f8f), -W64LIT(0x4ec46febd325453a), -W64LIT(0x3e8605e94c035cb9), -W64LIT(0x0ddc6809d68b92a8), -W64LIT(0x8bec6638dc22c979), -W64LIT(0x67d3d219104e5a8e), -W64LIT(0x2abea58645634ab5), -W64LIT(0x5b9bc7a80bee609a), -W64LIT(0x936fa672d2627e71), -W64LIT(0x7d9e020b49ad8b2b), -W64LIT(0x5832dfdc8de6359b), -W64LIT(0xc7e6198b58a4eaee), -W64LIT(0xd41e8120797f654c), -W64LIT(0xf4bc746bc22c24ff), -W64LIT(0xe084d404cb4c32f3), -W64LIT(0x48635f032a35ef38), -W64LIT(0x8757061ddb02687d), -W64LIT(0x522e8f1173d63e9d), -W64LIT(0xbcdf2b68e819cbc7), -W64LIT(0xbf76331c6e119ec6), -W64LIT(0x08d24095a9936dab), -W64LIT(0x728c7a5ac8857f2e), -W64LIT(0xd110a9bc06679a4f), -W64LIT(0x1f43f88e26fb2ea6), -W64LIT(0xb2aa5b15b89a0c6e), -W64LIT(0x4aad4f5b7d968995), -W64LIT(0x9fd4c657d542df75), -W64LIT(0x323d65cc4b23fdbd), -W64LIT(0xc38f393bf6172641), -W64LIT(0xa152c3be994183cc), -W64LIT(0x9d1ad60f82e1b9d8), -W64LIT(0xe744ecc0e3f7ab5d), -W64LIT(0x38213501b513f6bb), -W64LIT(0xade9a39b9e6122c8), -W64LIT(0x37334d50343b02be), -W64LIT(0x55eeb7d55b6da733), -W64LIT(0x970686c27cd1b2de), -W64LIT(0x427f0fced405e43e), -W64LIT(0xc026214f701f7340), -W64LIT(0x40b11f9683a68293), -W64LIT(0x02ce105857a366ad), -W64LIT(0x7e371a7fcfa5de2a), -W64LIT(0xffc72c8aedb71c55), -W64LIT(0x68c1aa489166ae8b), -W64LIT(0xc68111a7890fd942), -W64LIT(0x79f722bbe71e4784), -W64LIT(0xd579890ca8d456e0), -W64LIT(0x70426a029f261983), -W64LIT(0xb0644b4def396ac3), -W64LIT(0xdb0cf971f8579149), -W64LIT(0x5489bff98ac6949f), -W64LIT(0x046920b0aeb3ccaf), -W64LIT(0x7cf90a279806b887), -W64LIT(0x050e289c7f18ff03), -W64LIT(0x651dc24147ed3c23), -W64LIT(0x5e95ef3474f69f99), -W64LIT(0x6dcf82d4ee7e5188), -W64LIT(0x8f854688729105d6), -W64LIT(0x81f036f52212c27f), -W64LIT(0xb9d103f4970134c4), -W64LIT(0x5349873da27d0d31), -W64LIT(0x20a2f54bbb5341b3), -W64LIT(0xf0d554db6c9fe850), -W64LIT(0x07c038c428bb99ae), -W64LIT(0x30f375941c809b10), -W64LIT(0x3fe10dc59da86f15), -W64LIT(0x46162f7e7ab62891), -W64LIT(0xe623e4ec325c98f1), -W64LIT(0xfea024a63c1c2ff9), -W64LIT(0x349a5524b23357bf), -W64LIT(0x35fd5d0863986413), -W64LIT(0x96618eeead7a8172), -W64LIT(0xcb5d79ae5f844bea), -W64LIT(0x21c5fd676af8721f), -W64LIT(0x5720a78d0ccec19e), -W64LIT(0xf6726433958f4252), -W64LIT(0x8d4b56d02532637b), -W64LIT(0x24cbd5fb15e08d1c), -W64LIT(0x3aef2559e2b09016), -W64LIT(0x5afccf84da455336), -W64LIT(0x51879765f5de6b9c), -W64LIT(0x2917bdf2c36b1fb4), -W64LIT(0xa7f5f356605129ce), -W64LIT(0xc1412963a1b440ec), -W64LIT(0x3d2f1d9dca0b09b8), -W64LIT(0xa53be30e37f24f63), -W64LIT(0x5ff2e718a55dac35), -W64LIT(0xa2fbdbca1f49d6cd), -W64LIT(0xf7156c1f442471fe), -W64LIT(0x7a5e3acf61161285), -W64LIT(0xca3a71828e2f7846), -W64LIT(0x1b2ad83e8848e209), -W64LIT(0xa8e78b07e179ddcb), -W64LIT(0xef96ac554a64c6f6), -W64LIT(0x0000000000000000), -W64LIT(0x6013eadd38f5c320), -W64LIT(0x3c4815b11ba03a14), -W64LIT(0x09b548b978385e07), -W64LIT(0x226ce513ecf0271e), -W64LIT(0x63baf2a9befd9621), -W64LIT(0x44d83f262d154e3c), -W64LIT(0xcdfa4946a694e1e8), -W64LIT(0x113688f37678e90f), -W64LIT(0x859916458ca10ed0), -W64LIT(0xc52809d30f078c43), -W64LIT(0x4d6d779f552d103b), -W64LIT(0x1e24f0a2f7501d0a), -W64LIT(0x0167082cd1ab33ac), -W64LIT(0x1438a06f0960160c), -W64LIT(0xf9601c6214a7b657), -W64LIT(0xa035cb9248eab060), -W64LIT(0x50e09f4924755830), -W64LIT(0xd7b79954ff77304d), -W64LIT(0xe58afc98b454cdf0), -W64LIT(0x03a9187486085501), -W64LIT(0x62ddfa856f56a58d), -W64LIT(0xc44f01ffdeacbfef), -W64LIT(0x73eb7276192e4c82), -W64LIT(0xd6d091782edc03e1), -W64LIT(0xfbae0c3a4304d0fa), -W64LIT(0x9973f6bf2c527577), -W64LIT(0x105180dfa7d3daa3), -W64LIT(0x2605c5a34243ebb1), -W64LIT(0x91a1b62a85c118dc), -W64LIT(0xc99369f608272d47), -W64LIT(0x5d3cf740f2feca98), -W64LIT(0xcf34591ef1378745), -W64LIT(0xc8f461dad98c1eeb), -W64LIT(0x0b7b58e12f9b38aa), -W64LIT(0xe32dcc704d4467f2), -W64LIT(0x754c429ee03ee680), -W64LIT(0xd3deb9e451c4fce2), -W64LIT(0x6e669aa068760489), -W64LIT(0x66b4da35c1e56922), -W64LIT(0x4fa367c7028e7696), -W64LIT(0xba781b80110961c5), -W64LIT(0x41d617ba520db13f), -W64LIT(0x335a6de09a88ce11), -W64LIT(0xdf65d9c156e45de6), -W64LIT(0xcc9d416a773fd244), -W64LIT(0x5c5bff6c2355f934), -W64LIT(0x2870b5de12c02c18), -W64LIT(0x155fa843d8cb25a0), -W64LIT(0x78902a9736b57428), -W64LIT(0xae40bbef186977c9), -W64LIT(0x88457e4c5a2a9c78), -W64LIT(0x6a0fba10c6c5c826), -W64LIT(0x7f5012531e0eed86), -W64LIT(0x8c2c5efcf49950d7), -W64LIT(0x31947db8cd2ba8bc), -W64LIT(0x2c19956ebc73e0b7), -W64LIT(0x230bed3f3d5b14b2), -W64LIT(0x69a6a26440cd9d27), -W64LIT(0x86300e310aa95bd1), -W64LIT(0xb3cd533969313fc2), -W64LIT(0x1883c04a0e40b708), -W64LIT(0xf1b25cf7bd34dbfc), -W64LIT(0x2fb08d1a3a7bb5b6), -W64LIT(0xd8a5e1057e5fc448), -W64LIT(0xddabc99901473b4b), -W64LIT(0xde02d1ed874f6e4a), -W64LIT(0xbdb8234439b2f86b), -W64LIT(0x5647afa1dd65f232), -W64LIT(0x2ed78536ebd0861a), -W64LIT(0xe9319cbdb3746cf4), -W64LIT(0xa692fb7ab1fa1a62), -W64LIT(0x742b4ab23195d52c), -W64LIT(0x95c8969a2b72d473), -W64LIT(0x6174e2f1e95ef08c), -W64LIT(0xf807144ec50c85fb), -W64LIT(0xbe113b30bfbaad6a), -W64LIT(0xda6bf15d29fca2e5), -W64LIT(0xbb1f13acc0a25269), -/* box 7 */ -W64LIT(0xc22b27f0f9e37bf9), -W64LIT(0x93fad23f0955ef09), -W64LIT(0x32ed4b84a22a91a2), -W64LIT(0x3898b57bcc61b1cc), -W64LIT(0x55825ba9ad98e5ad), -W64LIT(0xb2eeb8069421ec94), -W64LIT(0xc7eb5875ce3c6bce), -W64LIT(0x4b1dac5d1f45851f), -W64LIT(0xc16ba1204705d847), -W64LIT(0xc5380f461a2ba91a), -W64LIT(0xb908971a909bad90), -W64LIT(0x303e1cb7763d5376), -W64LIT(0xe6ff324c53486853), -W64LIT(0x6d1aeed261f95461), -W64LIT(0x0193d1e36af1616a), -W64LIT(0x51d1f5cff0b694f0), -W64LIT(0x29b2c3f52728e127), -W64LIT(0x112a768eeb4950eb), -W64LIT(0x8fb672f86f9f4d6f), -W64LIT(0xf0c66c745bc9ea5b), -W64LIT(0x3f8b9dcd2fa9632f), -W64LIT(0x65bc471edba5b6db), -W64LIT(0x4d9d5508967c3696), -W64LIT(0x3a4be24818767318), -W64LIT(0x2794936c144db014), -W64LIT(0x2af2452599ce4299), -W64LIT(0x4a8e7dbe75b4e475), -W64LIT(0x9ddc82a63a30be3a), -W64LIT(0xade29e114c0ded4c), -W64LIT(0xd1d2064dc6bde9c6), -W64LIT(0x7da349bfe04165e0), -W64LIT(0x6b9a1787e8c0e7e8), -W64LIT(0xa54437ddf6510ff6), -W64LIT(0x2254ece92392a023), -W64LIT(0x79f0e7d9bd6f14bd), -W64LIT(0x57510c9a798f2779), -W64LIT(0x346db2d12b13222b), -W64LIT(0x54118a4ac76984c7), -W64LIT(0xefca4a6383e5eb83), -W64LIT(0xca8d8e3c43bf9943), -W64LIT(0xfc336bdebcbb79bc), -W64LIT(0x3e184c2e45580245), -W64LIT(0xf495c21206e79b06), -W64LIT(0xff73ed0e025dda02), -W64LIT(0x4228d472cfe806cf), -W64LIT(0xbcc8e89fa744bda7), -W64LIT(0xab626744c5345ec5), -W64LIT(0xb6bd1660c90f9dc9), -W64LIT(0xb72ec783a3fefca3), -W64LIT(0x8be5dc9e32b13c32), -W64LIT(0x485d2a8da1a326a1), -W64LIT(0xc6788996a4cd0aa4), -W64LIT(0x40fb83411bffc41b), -W64LIT(0x08a6a9ccba5ce2ba), -W64LIT(0xf386eaa4e52f49e5), -W64LIT(0x1acc5992eff311ef), -W64LIT(0xa2571f6b1599dd15), -W64LIT(0x44a82d2746d1b546), -W64LIT(0x70c59ff66dc2976d), -W64LIT(0x8d6525cbbb888fbb), -W64LIT(0x963aadba3e8aff3e), -W64LIT(0x7c30985c8ab0048a), -W64LIT(0x607c389bec7aa6ec), -W64LIT(0xa822e1947bd2fd7b), -W64LIT(0x034086d0bee6a3be), -W64LIT(0x66fcc1ce65431565), -W64LIT(0xb37d69e5fed08dfe), -W64LIT(0x2f323aa0ae1152ae), -W64LIT(0x56c2dd79137e4613), -W64LIT(0x31adcd541ccc321c), -W64LIT(0xdff456d4f5d8b8f5), -W64LIT(0xf9f3145b8b64698b), -W64LIT(0x764566a3e4fb24e4), -W64LIT(0x0cf507aae77293e7), -W64LIT(0x59775c034aea764a), -W64LIT(0xb89b46f9fa6accfa), -W64LIT(0xe8d962d5602d3960), -W64LIT(0x17aa8fdb6270e362), -W64LIT(0x1c4ca0c766caa266), -W64LIT(0x2de16d937a06907a), -W64LIT(0x2547c45fc05a72c0), -W64LIT(0x0fb5817a59943059), -W64LIT(0x0680f9558939b389), -W64LIT(0x16395e3808818208), -W64LIT(0xac714ff226fc8c26), -W64LIT(0xa9b1307711239c11), -W64LIT(0xec8accb33d03483d), -W64LIT(0x6c893f310b08350b), -W64LIT(0xc4abdea570dac870), -W64LIT(0xba4811ca2e7d0e2e), -W64LIT(0xf155bd9731388b31), -W64LIT(0xdd2701e721cf7a21), -W64LIT(0xe94ab3360adc580a), -W64LIT(0x23c73d0a4963c149), -W64LIT(0x5cb723867d35667d), -W64LIT(0x5042242c9a47f59a), -W64LIT(0x198cdf425115b251), -W64LIT(0x0a75feff6e4b206e), -W64LIT(0xfda0ba3dd64a18d6), -W64LIT(0xcede205a1e91e81e), -W64LIT(0xd041d7aeac4c88ac), -W64LIT(0xe42c657f875faa87), -W64LIT(0x36bee5e2ff04e0ff), -W64LIT(0x6fc9b9e1b5ee96b5), -W64LIT(0x998f2cc0671ecf67), -W64LIT(0xd301517e12aa2b12), -W64LIT(0xaea218c1f2eb4ef2), -W64LIT(0xda342951c207a8c2), -W64LIT(0x61efe978868bc786), -W64LIT(0x7f701e8c3456a734), -W64LIT(0x0be62f1c04ba4104), -W64LIT(0x9129850cdd422ddd), -W64LIT(0xd6c12efb25753b25), -W64LIT(0xe33f4dc964977864), -W64LIT(0x1579d8e8b66721b6), -W64LIT(0xf860c5b8e19508e1), -W64LIT(0x7496319030ece630), -W64LIT(0x88a55a4e8c579f8c), -W64LIT(0xcf4df1b974608974), -W64LIT(0x10b9a76d81b83181), -W64LIT(0x0e26509933655133), -W64LIT(0x43bb0591a51967a5), -W64LIT(0x926903dc63a48e63), -W64LIT(0x9c4f534550c1df50), -W64LIT(0x3bd833ab72871272), -W64LIT(0xa4d7e63e9ca06e9c), -W64LIT(0xb46e41531d185f1d), -W64LIT(0x126af05e55aff355), -W64LIT(0x24d415bcaaab13aa), -W64LIT(0x1e9ff7f4b2dd60b2), -W64LIT(0x05c07f8537df1037), -W64LIT(0x467b7a1492c67792), -W64LIT(0x2087bbdaf78562f7), -W64LIT(0x819022615cfa1c5c), -W64LIT(0xcd9ea68aa0774ba0), -W64LIT(0xa79760ee2246cd22), -W64LIT(0x8343755288edde88), -W64LIT(0x58e48de0201b1720), -W64LIT(0x7216c8c5b9d555b9), -W64LIT(0x372d340195f58195), -W64LIT(0xa11799bbab7f7eab), -W64LIT(0x9f0fd595ee277cee), -W64LIT(0x676f102d0fb2740f), -W64LIT(0x9e9c047684d61d84), -W64LIT(0x49cefb6ecb5247cb), -W64LIT(0xd41279c8f162f9f1), -W64LIT(0x1f0c2617d82c01d8), -W64LIT(0x97a97c59547b9e54), -W64LIT(0xe76ce3af39b90939), -W64LIT(0xc3b8f61393121a93), -W64LIT(0x5ba40b309efdb49e), -W64LIT(0xea0a35e6b43afbb4), -W64LIT(0x5a37dad3f40cd5f4), -W64LIT(0x14ea090bdc9640dc), -W64LIT(0x5e6474b5a922a4a9), -W64LIT(0xfee03ced68acbb68), -W64LIT(0x071328b6e3c8d2e3), -W64LIT(0x5302a2fc24a15624), -W64LIT(0x85c38c0701d46d01), -W64LIT(0x3d58cafefbbea1fb), -W64LIT(0x84505de46b250c6b), -W64LIT(0x642f96fdb154d7b1), -W64LIT(0xbf886e4f19a21e19), -W64LIT(0x02d35733d417c2d4), -W64LIT(0x68da915756264456), -W64LIT(0x8710db34d5c3afd5), -W64LIT(0x0d66d6498d83f28d), -W64LIT(0x7b23b0ea6978d669), -W64LIT(0x1b5f887185027085), -W64LIT(0x3ccb1b1d914fc091), -W64LIT(0x0453ae665d2e715d), -W64LIT(0xcb1e5fdf294ef829), -W64LIT(0xf6469521d2f059d2), -W64LIT(0xb03def3540362e40), -W64LIT(0x633cbe4b529c0552), -W64LIT(0xf7d544c2b80138b8), -W64LIT(0x7ab061090389b703), -W64LIT(0x0000000000000000), -W64LIT(0xdba7f8b2a8f6c9a8), -W64LIT(0x35fe633241e24341), -W64LIT(0x21146a399d74039d), -W64LIT(0xd581a82b9b93989b), -W64LIT(0x0935782fd0ad83d0), -W64LIT(0x5ff7a556c3d3c5c3), -W64LIT(0xaf31c922981a2f98), -W64LIT(0x90ba54efb7b34cb7), -W64LIT(0x5291731f4e50374e), -W64LIT(0xc0f870c32df4b92d), -W64LIT(0x7ee3cf6f5ea7c65e), -W64LIT(0xe07fcb19da71dbda), -W64LIT(0x4eddd3d8289a9528), -W64LIT(0x13f921bd3f5e923f), -W64LIT(0xf50613f16c16fa6c), -W64LIT(0x981cfd230defae0d), -W64LIT(0x4c0e84ebfc8d57fc), -W64LIT(0x82d0a4b1e21cbfe2), -W64LIT(0x89368bade6a6fee6), -W64LIT(0xd292809d785b4a78), -W64LIT(0x47e8abf7f83716f8), -W64LIT(0x8e25a31b056e2c05), -W64LIT(0xd752ff184f845a4f), -W64LIT(0xcc0d7769ca862aca), -W64LIT(0x694940b43cd7253c), -W64LIT(0x2ea1eb43c4e033c4), -W64LIT(0xde6787379f29d99f), -W64LIT(0x181f0ea13be4d33b), -W64LIT(0x416852a2710ea571), -W64LIT(0x62af6fa8386d6438), -W64LIT(0xa0844858c18e1fc1), -W64LIT(0x337e9a67c8dbf0c8), -W64LIT(0x2c72bc7010f7f110), -W64LIT(0xbd5b397ccdb5dccd), -W64LIT(0xd8e77e6216106a16), -W64LIT(0x86830ad7bf32cebf), -W64LIT(0x4f4e023b426bf442), -W64LIT(0xe5bfb49cedaecbed), -W64LIT(0x8a760d7d58405d58), -W64LIT(0xe2ac9c2a0e66190e), -W64LIT(0xb5fd90b077e93e77), -W64LIT(0xdcb4d0044b3e1b4b), -W64LIT(0x453bfcc42c20d42c), -W64LIT(0xed191d5057f22957), -W64LIT(0xe1ec1afab080bab0), -W64LIT(0xee599b80e9148ae9), -W64LIT(0x2607428f7ebcd17e), -W64LIT(0x5d24f26517c40717), -W64LIT(0x6a09c66482318682), -W64LIT(0xa604b10d48b7ac48), -W64LIT(0xbe1bbfac73537f73), -W64LIT(0x282112164dd9804d), -W64LIT(0x7505e0735a1d875a), -W64LIT(0x73851926d32434d3), -W64LIT(0xd974af817ce10b7c), -W64LIT(0xeb99e405decb9ade), -W64LIT(0x9b5c7bf3b3090db3), -W64LIT(0xfab3928b3582ca35), -W64LIT(0x8003f382360b7d36), -W64LIT(0x94e9fa89ea9d3dea), -W64LIT(0xb1ae3ed62ac74f2a), -W64LIT(0x9acfaa10d9f86cd9), -W64LIT(0x390b6498a690d0a6), -W64LIT(0xf2153b478fde288f), -W64LIT(0x71564e150733f607), -W64LIT(0xa3c4ce887f68bc7f), -W64LIT(0xaaf1b6a7afc53faf), -W64LIT(0x1ddf71240c3bc30c), -W64LIT(0x77d6b7408e0a458e), -W64LIT(0x2b6194c6f33f23f3), -W64LIT(0xc9cd08ecfd593afd), -W64LIT(0xc85ed90f97a85b97), -W64LIT(0x8cf6f428d179eed1), -W64LIT(0x957a2b6a806c5c80), -W64LIT(0xbbdbc029448c6f44), -W64LIT(0x7863363ad79e75d7), -W64LIT(0x6e5a6802df1ff7df), -W64LIT(0xfb2043685f73ab5f), -}; - -NAMESPACE_END diff --git a/cryptopp562/simple.cpp b/cryptopp562/simple.cpp deleted file mode 100644 index 96f256b..0000000 --- a/cryptopp562/simple.cpp +++ /dev/null @@ -1,14 +0,0 @@ -// simple.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "simple.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -NAMESPACE_END - -#endif diff --git a/cryptopp562/simple.h b/cryptopp562/simple.h deleted file mode 100644 index 35fd65a..0000000 --- a/cryptopp562/simple.h +++ /dev/null @@ -1,209 +0,0 @@ -// simple.h - written and placed in the public domain by Wei Dai -/*! \file - Simple non-interface classes derived from classes in cryptlib.h. -*/ - -#ifndef CRYPTOPP_SIMPLE_H -#define CRYPTOPP_SIMPLE_H - -#include "cryptlib.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class DERIVED, class BASE> -class CRYPTOPP_NO_VTABLE ClonableImpl : public BASE -{ -public: - Clonable * Clone() const {return new DERIVED(*static_cast<const DERIVED *>(this));} -}; - -//! _ -template <class BASE, class ALGORITHM_INFO=BASE> -class CRYPTOPP_NO_VTABLE AlgorithmImpl : public BASE -{ -public: - static std::string CRYPTOPP_API StaticAlgorithmName() {return ALGORITHM_INFO::StaticAlgorithmName();} - std::string AlgorithmName() const {return ALGORITHM_INFO::StaticAlgorithmName();} -}; - -//! _ -class CRYPTOPP_DLL InvalidKeyLength : public InvalidArgument -{ -public: - explicit InvalidKeyLength(const std::string &algorithm, size_t length) : InvalidArgument(algorithm + ": " + IntToString(length) + " is not a valid key length") {} -}; - -//! _ -class CRYPTOPP_DLL InvalidRounds : public InvalidArgument -{ -public: - explicit InvalidRounds(const std::string &algorithm, unsigned int rounds) : InvalidArgument(algorithm + ": " + IntToString(rounds) + " is not a valid number of rounds") {} -}; - -// ***************************** - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE Bufferless : public T -{ -public: - bool IsolatedFlush(bool hardFlush, bool blocking) {return false;} -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE Unflushable : public T -{ -public: - bool Flush(bool completeFlush, int propagation=-1, bool blocking=true) - {return ChannelFlush(DEFAULT_CHANNEL, completeFlush, propagation, blocking);} - bool IsolatedFlush(bool hardFlush, bool blocking) - {assert(false); return false;} - bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true) - { - if (hardFlush && !InputBufferIsEmpty()) - throw CannotFlush("Unflushable<T>: this object has buffered input that cannot be flushed"); - else - { - BufferedTransformation *attached = this->AttachedTransformation(); - return attached && propagation ? attached->ChannelFlush(channel, hardFlush, propagation-1, blocking) : false; - } - } - -protected: - virtual bool InputBufferIsEmpty() const {return false;} -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE InputRejecting : public T -{ -public: - struct InputRejected : public NotImplemented - {InputRejected() : NotImplemented("BufferedTransformation: this object doesn't allow input") {}}; - - // shouldn't be calling these functions on this class - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - {throw InputRejected();} - bool IsolatedFlush(bool, bool) {return false;} - bool IsolatedMessageSeriesEnd(bool) {throw InputRejected();} - - size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) - {throw InputRejected();} - bool ChannelMessageSeriesEnd(const std::string &, int, bool) {throw InputRejected();} -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE CustomFlushPropagation : public T -{ -public: - virtual bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) =0; - -private: - bool IsolatedFlush(bool hardFlush, bool blocking) {assert(false); return false;} -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE CustomSignalPropagation : public CustomFlushPropagation<T> -{ -public: - virtual void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1) =0; - -private: - void IsolatedInitialize(const NameValuePairs ¶meters) {assert(false);} -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE Multichannel : public CustomFlushPropagation<T> -{ -public: - bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) - {return this->ChannelFlush(DEFAULT_CHANNEL, hardFlush, propagation, blocking);} - bool MessageSeriesEnd(int propagation=-1, bool blocking=true) - {return this->ChannelMessageSeriesEnd(DEFAULT_CHANNEL, propagation, blocking);} - byte * CreatePutSpace(size_t &size) - {return this->ChannelCreatePutSpace(DEFAULT_CHANNEL, size);} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - {return this->ChannelPut2(DEFAULT_CHANNEL, begin, length, messageEnd, blocking);} - size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking) - {return this->ChannelPutModifiable2(DEFAULT_CHANNEL, inString, length, messageEnd, blocking);} - -// void ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1) -// {PropagateMessageSeriesEnd(propagation, channel);} - byte * ChannelCreatePutSpace(const std::string &channel, size_t &size) - {size = 0; return NULL;} - bool ChannelPutModifiable(const std::string &channel, byte *inString, size_t length) - {this->ChannelPut(channel, inString, length); return false;} - - virtual size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) =0; - size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking) - {return ChannelPut2(channel, begin, length, messageEnd, blocking);} - - virtual bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true) =0; -}; - -//! _ -template <class T> -class CRYPTOPP_NO_VTABLE AutoSignaling : public T -{ -public: - AutoSignaling(int propagation=-1) : m_autoSignalPropagation(propagation) {} - - void SetAutoSignalPropagation(int propagation) - {m_autoSignalPropagation = propagation;} - int GetAutoSignalPropagation() const - {return m_autoSignalPropagation;} - -private: - int m_autoSignalPropagation; -}; - -//! A BufferedTransformation that only contains pre-existing data as "output" -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Store : public AutoSignaling<InputRejecting<BufferedTransformation> > -{ -public: - Store() : m_messageEnd(false) {} - - void IsolatedInitialize(const NameValuePairs ¶meters) - { - m_messageEnd = false; - StoreInitialize(parameters); - } - - unsigned int NumberOfMessages() const {return m_messageEnd ? 0 : 1;} - bool GetNextMessage(); - unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const; - -protected: - virtual void StoreInitialize(const NameValuePairs ¶meters) =0; - - bool m_messageEnd; -}; - -//! A BufferedTransformation that doesn't produce any retrievable output -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Sink : public BufferedTransformation -{ -public: - size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) - {transferBytes = 0; return 0;} - size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const - {return 0;} -}; - -class CRYPTOPP_DLL BitBucket : public Bufferless<Sink> -{ -public: - std::string AlgorithmName() const {return "BitBucket";} - void IsolatedInitialize(const NameValuePairs ¶meters) {} - size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) - {return 0;} -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/skipjack.cpp b/cryptopp562/skipjack.cpp deleted file mode 100644 index dad14bd..0000000 --- a/cryptopp562/skipjack.cpp +++ /dev/null @@ -1,202 +0,0 @@ -// skipjack.cpp - modified by Wei Dai from Paulo Barreto's skipjack32.c, -// which is public domain according to his web site. - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "skipjack.h" - -/* - * Optimized implementation of SKIPJACK algorithm - * - * originally written by Panu Rissanen <bande@lut.fi> 1998.06.24 - * optimized by Mark Tillotson <markt@chaos.org.uk> 1998.06.25 - * optimized by Paulo Barreto <pbarreto@nw.com.br> 1998.06.30 - */ - -NAMESPACE_BEGIN(CryptoPP) - -/** - * The F-table byte permutation (see description of the G-box permutation) - */ -const byte SKIPJACK::Base::fTable[256] = { - 0xa3,0xd7,0x09,0x83,0xf8,0x48,0xf6,0xf4,0xb3,0x21,0x15,0x78,0x99,0xb1,0xaf,0xf9, - 0xe7,0x2d,0x4d,0x8a,0xce,0x4c,0xca,0x2e,0x52,0x95,0xd9,0x1e,0x4e,0x38,0x44,0x28, - 0x0a,0xdf,0x02,0xa0,0x17,0xf1,0x60,0x68,0x12,0xb7,0x7a,0xc3,0xe9,0xfa,0x3d,0x53, - 0x96,0x84,0x6b,0xba,0xf2,0x63,0x9a,0x19,0x7c,0xae,0xe5,0xf5,0xf7,0x16,0x6a,0xa2, - 0x39,0xb6,0x7b,0x0f,0xc1,0x93,0x81,0x1b,0xee,0xb4,0x1a,0xea,0xd0,0x91,0x2f,0xb8, - 0x55,0xb9,0xda,0x85,0x3f,0x41,0xbf,0xe0,0x5a,0x58,0x80,0x5f,0x66,0x0b,0xd8,0x90, - 0x35,0xd5,0xc0,0xa7,0x33,0x06,0x65,0x69,0x45,0x00,0x94,0x56,0x6d,0x98,0x9b,0x76, - 0x97,0xfc,0xb2,0xc2,0xb0,0xfe,0xdb,0x20,0xe1,0xeb,0xd6,0xe4,0xdd,0x47,0x4a,0x1d, - 0x42,0xed,0x9e,0x6e,0x49,0x3c,0xcd,0x43,0x27,0xd2,0x07,0xd4,0xde,0xc7,0x67,0x18, - 0x89,0xcb,0x30,0x1f,0x8d,0xc6,0x8f,0xaa,0xc8,0x74,0xdc,0xc9,0x5d,0x5c,0x31,0xa4, - 0x70,0x88,0x61,0x2c,0x9f,0x0d,0x2b,0x87,0x50,0x82,0x54,0x64,0x26,0x7d,0x03,0x40, - 0x34,0x4b,0x1c,0x73,0xd1,0xc4,0xfd,0x3b,0xcc,0xfb,0x7f,0xab,0xe6,0x3e,0x5b,0xa5, - 0xad,0x04,0x23,0x9c,0x14,0x51,0x22,0xf0,0x29,0x79,0x71,0x7e,0xff,0x8c,0x0e,0xe2, - 0x0c,0xef,0xbc,0x72,0x75,0x6f,0x37,0xa1,0xec,0xd3,0x8e,0x62,0x8b,0x86,0x10,0xe8, - 0x08,0x77,0x11,0xbe,0x92,0x4f,0x24,0xc5,0x32,0x36,0x9d,0xcf,0xf3,0xa6,0xbb,0xac, - 0x5e,0x6c,0xa9,0x13,0x57,0x25,0xb5,0xe3,0xbd,0xa8,0x3a,0x01,0x05,0x59,0x2a,0x46 -}; - -/** - * The key-dependent permutation G on V^16 is a four-round Feistel network. - * The round function is a fixed byte-substitution table (permutation on V^8), - * the F-table. Each round of G incorporates a single byte from the key. - */ -#define g(tab, w, i, j, k, l) \ -{ \ - w ^= (word)tab[i*256 + (w & 0xff)] << 8; \ - w ^= (word)tab[j*256 + (w >> 8)]; \ - w ^= (word)tab[k*256 + (w & 0xff)] << 8; \ - w ^= (word)tab[l*256 + (w >> 8)]; \ -} - -#define g0(tab, w) g(tab, w, 0, 1, 2, 3) -#define g1(tab, w) g(tab, w, 4, 5, 6, 7) -#define g2(tab, w) g(tab, w, 8, 9, 0, 1) -#define g3(tab, w) g(tab, w, 2, 3, 4, 5) -#define g4(tab, w) g(tab, w, 6, 7, 8, 9) - -/** - * The inverse of the G permutation. - */ -#define h(tab, w, i, j, k, l) \ -{ \ - w ^= (word)tab[l*256 + (w >> 8)]; \ - w ^= (word)tab[k*256 + (w & 0xff)] << 8; \ - w ^= (word)tab[j*256 + (w >> 8)]; \ - w ^= (word)tab[i*256 + (w & 0xff)] << 8; \ -} - -#define h0(tab, w) h(tab, w, 0, 1, 2, 3) -#define h1(tab, w) h(tab, w, 4, 5, 6, 7) -#define h2(tab, w) h(tab, w, 8, 9, 0, 1) -#define h3(tab, w) h(tab, w, 2, 3, 4, 5) -#define h4(tab, w) h(tab, w, 6, 7, 8, 9) - -/** - * Preprocess a user key into a table to save an XOR at each F-table access. - */ -void SKIPJACK::Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - /* tab[i][c] = fTable[c ^ key[i]] */ - int i; - for (i = 0; i < 10; i++) { - byte *t = tab+i*256, k = key[9-i]; - int c; - for (c = 0; c < 256; c++) { - t[c] = fTable[c ^ k]; - } - } -} - -typedef BlockGetAndPut<word16, LittleEndian> Block; - -/** - * Encrypt a single block of data. - */ -void SKIPJACK::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word16 w1, w2, w3, w4; - Block::Get(inBlock)(w4)(w3)(w2)(w1); - - /* stepping rule A: */ - g0(tab, w1); w4 ^= w1 ^ 1; - g1(tab, w4); w3 ^= w4 ^ 2; - g2(tab, w3); w2 ^= w3 ^ 3; - g3(tab, w2); w1 ^= w2 ^ 4; - g4(tab, w1); w4 ^= w1 ^ 5; - g0(tab, w4); w3 ^= w4 ^ 6; - g1(tab, w3); w2 ^= w3 ^ 7; - g2(tab, w2); w1 ^= w2 ^ 8; - - /* stepping rule B: */ - w2 ^= w1 ^ 9; g3(tab, w1); - w1 ^= w4 ^ 10; g4(tab, w4); - w4 ^= w3 ^ 11; g0(tab, w3); - w3 ^= w2 ^ 12; g1(tab, w2); - w2 ^= w1 ^ 13; g2(tab, w1); - w1 ^= w4 ^ 14; g3(tab, w4); - w4 ^= w3 ^ 15; g4(tab, w3); - w3 ^= w2 ^ 16; g0(tab, w2); - - /* stepping rule A: */ - g1(tab, w1); w4 ^= w1 ^ 17; - g2(tab, w4); w3 ^= w4 ^ 18; - g3(tab, w3); w2 ^= w3 ^ 19; - g4(tab, w2); w1 ^= w2 ^ 20; - g0(tab, w1); w4 ^= w1 ^ 21; - g1(tab, w4); w3 ^= w4 ^ 22; - g2(tab, w3); w2 ^= w3 ^ 23; - g3(tab, w2); w1 ^= w2 ^ 24; - - /* stepping rule B: */ - w2 ^= w1 ^ 25; g4(tab, w1); - w1 ^= w4 ^ 26; g0(tab, w4); - w4 ^= w3 ^ 27; g1(tab, w3); - w3 ^= w2 ^ 28; g2(tab, w2); - w2 ^= w1 ^ 29; g3(tab, w1); - w1 ^= w4 ^ 30; g4(tab, w4); - w4 ^= w3 ^ 31; g0(tab, w3); - w3 ^= w2 ^ 32; g1(tab, w2); - - Block::Put(xorBlock, outBlock)(w4)(w3)(w2)(w1); -} - -/** - * Decrypt a single block of data. - */ -void SKIPJACK::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word16 w1, w2, w3, w4; - Block::Get(inBlock)(w4)(w3)(w2)(w1); - - /* stepping rule A: */ - h1(tab, w2); w3 ^= w2 ^ 32; - h0(tab, w3); w4 ^= w3 ^ 31; - h4(tab, w4); w1 ^= w4 ^ 30; - h3(tab, w1); w2 ^= w1 ^ 29; - h2(tab, w2); w3 ^= w2 ^ 28; - h1(tab, w3); w4 ^= w3 ^ 27; - h0(tab, w4); w1 ^= w4 ^ 26; - h4(tab, w1); w2 ^= w1 ^ 25; - - /* stepping rule B: */ - w1 ^= w2 ^ 24; h3(tab, w2); - w2 ^= w3 ^ 23; h2(tab, w3); - w3 ^= w4 ^ 22; h1(tab, w4); - w4 ^= w1 ^ 21; h0(tab, w1); - w1 ^= w2 ^ 20; h4(tab, w2); - w2 ^= w3 ^ 19; h3(tab, w3); - w3 ^= w4 ^ 18; h2(tab, w4); - w4 ^= w1 ^ 17; h1(tab, w1); - - /* stepping rule A: */ - h0(tab, w2); w3 ^= w2 ^ 16; - h4(tab, w3); w4 ^= w3 ^ 15; - h3(tab, w4); w1 ^= w4 ^ 14; - h2(tab, w1); w2 ^= w1 ^ 13; - h1(tab, w2); w3 ^= w2 ^ 12; - h0(tab, w3); w4 ^= w3 ^ 11; - h4(tab, w4); w1 ^= w4 ^ 10; - h3(tab, w1); w2 ^= w1 ^ 9; - - /* stepping rule B: */ - w1 ^= w2 ^ 8; h2(tab, w2); - w2 ^= w3 ^ 7; h1(tab, w3); - w3 ^= w4 ^ 6; h0(tab, w4); - w4 ^= w1 ^ 5; h4(tab, w1); - w1 ^= w2 ^ 4; h3(tab, w2); - w2 ^= w3 ^ 3; h2(tab, w3); - w3 ^= w4 ^ 2; h1(tab, w4); - w4 ^= w1 ^ 1; h0(tab, w1); - - Block::Put(xorBlock, outBlock)(w4)(w3)(w2)(w1); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/skipjack.h b/cryptopp562/skipjack.h deleted file mode 100644 index 6b12647..0000000 --- a/cryptopp562/skipjack.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifndef CRYPTOPP_SKIPJACK_H -#define CRYPTOPP_SKIPJACK_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct SKIPJACK_Info : public FixedBlockSize<8>, public FixedKeyLength<10> -{ - CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return "SKIPJACK";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#SKIPJACK">SKIPJACK</a> -class SKIPJACK : public SKIPJACK_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<SKIPJACK_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - unsigned int OptimalDataAlignment() const {return GetAlignmentOf<word16>();} - - protected: - static const byte fTable[256]; - - FixedSizeSecBlock<byte, 10*256> tab; - }; - - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - private: - static const byte Se[256]; - static const word32 Te[4][256]; - }; - - class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - private: - static const byte Sd[256]; - static const word32 Td[4][256]; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef SKIPJACK::Encryption SKIPJACKEncryption; -typedef SKIPJACK::Decryption SKIPJACKDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/smartptr.h b/cryptopp562/smartptr.h deleted file mode 100644 index a0a727e..0000000 --- a/cryptopp562/smartptr.h +++ /dev/null @@ -1,223 +0,0 @@ -#ifndef CRYPTOPP_SMARTPTR_H -#define CRYPTOPP_SMARTPTR_H - -#include "config.h" -#include <algorithm> - -NAMESPACE_BEGIN(CryptoPP) - -template <class T> class simple_ptr -{ -public: - simple_ptr(T *p = NULL) : m_p(p) {} - ~simple_ptr() {delete m_p; m_p = NULL;} // set m_p to NULL so double destruction (which might occur in Singleton) will be harmless - T *m_p; -}; - -template <class T> class member_ptr -{ -public: - explicit member_ptr(T *p = NULL) : m_p(p) {} - - ~member_ptr(); - - const T& operator*() const { return *m_p; } - T& operator*() { return *m_p; } - - const T* operator->() const { return m_p; } - T* operator->() { return m_p; } - - const T* get() const { return m_p; } - T* get() { return m_p; } - - T* release() - { - T *old_p = m_p; - m_p = 0; - return old_p; - } - - void reset(T *p = 0); - -protected: - member_ptr(const member_ptr<T>& rhs); // copy not allowed - void operator=(const member_ptr<T>& rhs); // assignment not allowed - - T *m_p; -}; - -template <class T> member_ptr<T>::~member_ptr() {delete m_p;} -template <class T> void member_ptr<T>::reset(T *p) {delete m_p; m_p = p;} - -// ******************************************************** - -template<class T> class value_ptr : public member_ptr<T> -{ -public: - value_ptr(const T &obj) : member_ptr<T>(new T(obj)) {} - value_ptr(T *p = NULL) : member_ptr<T>(p) {} - value_ptr(const value_ptr<T>& rhs) - : member_ptr<T>(rhs.m_p ? new T(*rhs.m_p) : NULL) {} - - value_ptr<T>& operator=(const value_ptr<T>& rhs); - bool operator==(const value_ptr<T>& rhs) - { - return (!this->m_p && !rhs.m_p) || (this->m_p && rhs.m_p && *this->m_p == *rhs.m_p); - } -}; - -template <class T> value_ptr<T>& value_ptr<T>::operator=(const value_ptr<T>& rhs) -{ - T *old_p = this->m_p; - this->m_p = rhs.m_p ? new T(*rhs.m_p) : NULL; - delete old_p; - return *this; -} - -// ******************************************************** - -template<class T> class clonable_ptr : public member_ptr<T> -{ -public: - clonable_ptr(const T &obj) : member_ptr<T>(obj.Clone()) {} - clonable_ptr(T *p = NULL) : member_ptr<T>(p) {} - clonable_ptr(const clonable_ptr<T>& rhs) - : member_ptr<T>(rhs.m_p ? rhs.m_p->Clone() : NULL) {} - - clonable_ptr<T>& operator=(const clonable_ptr<T>& rhs); -}; - -template <class T> clonable_ptr<T>& clonable_ptr<T>::operator=(const clonable_ptr<T>& rhs) -{ - T *old_p = this->m_p; - this->m_p = rhs.m_p ? rhs.m_p->Clone() : NULL; - delete old_p; - return *this; -} - -// ******************************************************** - -template<class T> class counted_ptr -{ -public: - explicit counted_ptr(T *p = 0); - counted_ptr(const T &r) : m_p(0) {attach(r);} - counted_ptr(const counted_ptr<T>& rhs); - - ~counted_ptr(); - - const T& operator*() const { return *m_p; } - T& operator*() { return *m_p; } - - const T* operator->() const { return m_p; } - T* operator->() { return get(); } - - const T* get() const { return m_p; } - T* get(); - - void attach(const T &p); - - counted_ptr<T> & operator=(const counted_ptr<T>& rhs); - -private: - T *m_p; -}; - -template <class T> counted_ptr<T>::counted_ptr(T *p) - : m_p(p) -{ - if (m_p) - m_p->m_referenceCount = 1; -} - -template <class T> counted_ptr<T>::counted_ptr(const counted_ptr<T>& rhs) - : m_p(rhs.m_p) -{ - if (m_p) - m_p->m_referenceCount++; -} - -template <class T> counted_ptr<T>::~counted_ptr() -{ - if (m_p && --m_p->m_referenceCount == 0) - delete m_p; -} - -template <class T> void counted_ptr<T>::attach(const T &r) -{ - if (m_p && --m_p->m_referenceCount == 0) - delete m_p; - if (r.m_referenceCount == 0) - { - m_p = r.clone(); - m_p->m_referenceCount = 1; - } - else - { - m_p = const_cast<T *>(&r); - m_p->m_referenceCount++; - } -} - -template <class T> T* counted_ptr<T>::get() -{ - if (m_p && m_p->m_referenceCount > 1) - { - T *temp = m_p->clone(); - m_p->m_referenceCount--; - m_p = temp; - m_p->m_referenceCount = 1; - } - return m_p; -} - -template <class T> counted_ptr<T> & counted_ptr<T>::operator=(const counted_ptr<T>& rhs) -{ - if (m_p != rhs.m_p) - { - if (m_p && --m_p->m_referenceCount == 0) - delete m_p; - m_p = rhs.m_p; - if (m_p) - m_p->m_referenceCount++; - } - return *this; -} - -// ******************************************************** - -template <class T> class vector_member_ptrs -{ -public: - vector_member_ptrs(size_t size=0) - : m_size(size), m_ptr(new member_ptr<T>[size]) {} - ~vector_member_ptrs() - {delete [] this->m_ptr;} - - member_ptr<T>& operator[](size_t index) - {assert(index<this->m_size); return this->m_ptr[index];} - const member_ptr<T>& operator[](size_t index) const - {assert(index<this->m_size); return this->m_ptr[index];} - - size_t size() const {return this->m_size;} - void resize(size_t newSize) - { - member_ptr<T> *newPtr = new member_ptr<T>[newSize]; - for (size_t i=0; i<this->m_size && i<newSize; i++) - newPtr[i].reset(this->m_ptr[i].release()); - delete [] this->m_ptr; - this->m_size = newSize; - this->m_ptr = newPtr; - } - -private: - vector_member_ptrs(const vector_member_ptrs<T> &c); // copy not allowed - void operator=(const vector_member_ptrs<T> &x); // assignment not allowed - - size_t m_size; - member_ptr<T> *m_ptr; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/socketft.cpp b/cryptopp562/socketft.cpp deleted file mode 100644 index 6c5a8ff..0000000 --- a/cryptopp562/socketft.cpp +++ /dev/null @@ -1,531 +0,0 @@ -// socketft.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "socketft.h" - -#ifdef SOCKETS_AVAILABLE - -#include "wait.h" - -#ifdef USE_BERKELEY_STYLE_SOCKETS -#include <errno.h> -#include <netdb.h> -#include <unistd.h> -#include <arpa/inet.h> -#include <netinet/in.h> -#include <sys/ioctl.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef USE_WINDOWS_STYLE_SOCKETS -const int SOCKET_EINVAL = WSAEINVAL; -const int SOCKET_EWOULDBLOCK = WSAEWOULDBLOCK; -typedef int socklen_t; -#else -const int SOCKET_EINVAL = EINVAL; -const int SOCKET_EWOULDBLOCK = EWOULDBLOCK; -#endif - -Socket::Err::Err(socket_t s, const std::string& operation, int error) - : OS_Error(IO_ERROR, "Socket: " + operation + " operation failed with error " + IntToString(error), operation, error) - , m_s(s) -{ -} - -Socket::~Socket() -{ - if (m_own) - { - try - { - CloseSocket(); - } - catch (...) - { - } - } -} - -void Socket::AttachSocket(socket_t s, bool own) -{ - if (m_own) - CloseSocket(); - - m_s = s; - m_own = own; - SocketChanged(); -} - -socket_t Socket::DetachSocket() -{ - socket_t s = m_s; - m_s = INVALID_SOCKET; - SocketChanged(); - return s; -} - -void Socket::Create(int nType) -{ - assert(m_s == INVALID_SOCKET); - m_s = socket(AF_INET, nType, 0); - CheckAndHandleError("socket", m_s); - m_own = true; - SocketChanged(); -} - -void Socket::CloseSocket() -{ - if (m_s != INVALID_SOCKET) - { -#ifdef USE_WINDOWS_STYLE_SOCKETS - CancelIo((HANDLE) m_s); - CheckAndHandleError_int("closesocket", closesocket(m_s)); -#else - CheckAndHandleError_int("close", close(m_s)); -#endif - m_s = INVALID_SOCKET; - SocketChanged(); - } -} - -void Socket::Bind(unsigned int port, const char *addr) -{ - sockaddr_in sa; - memset(&sa, 0, sizeof(sa)); - sa.sin_family = AF_INET; - - if (addr == NULL) - sa.sin_addr.s_addr = htonl(INADDR_ANY); - else - { - unsigned long result = inet_addr(addr); - if (result == -1) // Solaris doesn't have INADDR_NONE - { - SetLastError(SOCKET_EINVAL); - CheckAndHandleError_int("inet_addr", SOCKET_ERROR); - } - sa.sin_addr.s_addr = result; - } - - sa.sin_port = htons((u_short)port); - - Bind((sockaddr *)&sa, sizeof(sa)); -} - -void Socket::Bind(const sockaddr *psa, socklen_t saLen) -{ - assert(m_s != INVALID_SOCKET); - // cygwin workaround: needs const_cast - CheckAndHandleError_int("bind", bind(m_s, const_cast<sockaddr *>(psa), saLen)); -} - -void Socket::Listen(int backlog) -{ - assert(m_s != INVALID_SOCKET); - CheckAndHandleError_int("listen", listen(m_s, backlog)); -} - -bool Socket::Connect(const char *addr, unsigned int port) -{ - assert(addr != NULL); - - sockaddr_in sa; - memset(&sa, 0, sizeof(sa)); - sa.sin_family = AF_INET; - sa.sin_addr.s_addr = inet_addr(addr); - - if (sa.sin_addr.s_addr == -1) // Solaris doesn't have INADDR_NONE - { - hostent *lphost = gethostbyname(addr); - if (lphost == NULL) - { - SetLastError(SOCKET_EINVAL); - CheckAndHandleError_int("gethostbyname", SOCKET_ERROR); - } - - sa.sin_addr.s_addr = ((in_addr *)lphost->h_addr)->s_addr; - } - - sa.sin_port = htons((u_short)port); - - return Connect((const sockaddr *)&sa, sizeof(sa)); -} - -bool Socket::Connect(const sockaddr* psa, socklen_t saLen) -{ - assert(m_s != INVALID_SOCKET); - int result = connect(m_s, const_cast<sockaddr*>(psa), saLen); - if (result == SOCKET_ERROR && GetLastError() == SOCKET_EWOULDBLOCK) - return false; - CheckAndHandleError_int("connect", result); - return true; -} - -bool Socket::Accept(Socket& target, sockaddr *psa, socklen_t *psaLen) -{ - assert(m_s != INVALID_SOCKET); - socket_t s = accept(m_s, psa, psaLen); - if (s == INVALID_SOCKET && GetLastError() == SOCKET_EWOULDBLOCK) - return false; - CheckAndHandleError("accept", s); - target.AttachSocket(s, true); - return true; -} - -void Socket::GetSockName(sockaddr *psa, socklen_t *psaLen) -{ - assert(m_s != INVALID_SOCKET); - CheckAndHandleError_int("getsockname", getsockname(m_s, psa, psaLen)); -} - -void Socket::GetPeerName(sockaddr *psa, socklen_t *psaLen) -{ - assert(m_s != INVALID_SOCKET); - CheckAndHandleError_int("getpeername", getpeername(m_s, psa, psaLen)); -} - -unsigned int Socket::Send(const byte* buf, size_t bufLen, int flags) -{ - assert(m_s != INVALID_SOCKET); - int result = send(m_s, (const char *)buf, UnsignedMin(INT_MAX, bufLen), flags); - CheckAndHandleError_int("send", result); - return result; -} - -unsigned int Socket::Receive(byte* buf, size_t bufLen, int flags) -{ - assert(m_s != INVALID_SOCKET); - int result = recv(m_s, (char *)buf, UnsignedMin(INT_MAX, bufLen), flags); - CheckAndHandleError_int("recv", result); - return result; -} - -void Socket::ShutDown(int how) -{ - assert(m_s != INVALID_SOCKET); - int result = shutdown(m_s, how); - CheckAndHandleError_int("shutdown", result); -} - -void Socket::IOCtl(long cmd, unsigned long *argp) -{ - assert(m_s != INVALID_SOCKET); -#ifdef USE_WINDOWS_STYLE_SOCKETS - CheckAndHandleError_int("ioctlsocket", ioctlsocket(m_s, cmd, argp)); -#else - CheckAndHandleError_int("ioctl", ioctl(m_s, cmd, argp)); -#endif -} - -bool Socket::SendReady(const timeval *timeout) -{ - fd_set fds; - FD_ZERO(&fds); - FD_SET(m_s, &fds); - int ready; - if (timeout == NULL) - ready = select((int)m_s+1, NULL, &fds, NULL, NULL); - else - { - timeval timeoutCopy = *timeout; // select() modified timeout on Linux - ready = select((int)m_s+1, NULL, &fds, NULL, &timeoutCopy); - } - CheckAndHandleError_int("select", ready); - return ready > 0; -} - -bool Socket::ReceiveReady(const timeval *timeout) -{ - fd_set fds; - FD_ZERO(&fds); - FD_SET(m_s, &fds); - int ready; - if (timeout == NULL) - ready = select((int)m_s+1, &fds, NULL, NULL, NULL); - else - { - timeval timeoutCopy = *timeout; // select() modified timeout on Linux - ready = select((int)m_s+1, &fds, NULL, NULL, &timeoutCopy); - } - CheckAndHandleError_int("select", ready); - return ready > 0; -} - -unsigned int Socket::PortNameToNumber(const char *name, const char *protocol) -{ - int port = atoi(name); - if (IntToString(port) == name) - return port; - - servent *se = getservbyname(name, protocol); - if (!se) - throw Err(INVALID_SOCKET, "getservbyname", SOCKET_EINVAL); - return ntohs(se->s_port); -} - -void Socket::StartSockets() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - WSADATA wsd; - int result = WSAStartup(0x0202, &wsd); - if (result != 0) - throw Err(INVALID_SOCKET, "WSAStartup", result); -#endif -} - -void Socket::ShutdownSockets() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - int result = WSACleanup(); - if (result != 0) - throw Err(INVALID_SOCKET, "WSACleanup", result); -#endif -} - -int Socket::GetLastError() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - return WSAGetLastError(); -#else - return errno; -#endif -} - -void Socket::SetLastError(int errorCode) -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - WSASetLastError(errorCode); -#else - errno = errorCode; -#endif -} - -void Socket::HandleError(const char *operation) const -{ - int err = GetLastError(); - throw Err(m_s, operation, err); -} - -#ifdef USE_WINDOWS_STYLE_SOCKETS - -SocketReceiver::SocketReceiver(Socket &s) - : m_s(s), m_resultPending(false), m_eofReceived(false) -{ - m_event.AttachHandle(CreateEvent(NULL, true, false, NULL), true); - m_s.CheckAndHandleError("CreateEvent", m_event.HandleValid()); - memset(&m_overlapped, 0, sizeof(m_overlapped)); - m_overlapped.hEvent = m_event; -} - -SocketReceiver::~SocketReceiver() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - CancelIo((HANDLE) m_s.GetSocket()); -#endif -} - -bool SocketReceiver::Receive(byte* buf, size_t bufLen) -{ - assert(!m_resultPending && !m_eofReceived); - - DWORD flags = 0; - // don't queue too much at once, or we might use up non-paged memory - WSABUF wsabuf = {UnsignedMin((u_long)128*1024, bufLen), (char *)buf}; - if (WSARecv(m_s, &wsabuf, 1, &m_lastResult, &flags, &m_overlapped, NULL) == 0) - { - if (m_lastResult == 0) - m_eofReceived = true; - } - else - { - switch (WSAGetLastError()) - { - default: - m_s.CheckAndHandleError_int("WSARecv", SOCKET_ERROR); - case WSAEDISCON: - m_lastResult = 0; - m_eofReceived = true; - break; - case WSA_IO_PENDING: - m_resultPending = true; - } - } - return !m_resultPending; -} - -void SocketReceiver::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (m_resultPending) - container.AddHandle(m_event, CallStack("SocketReceiver::GetWaitObjects() - result pending", &callStack)); - else if (!m_eofReceived) - container.SetNoWait(CallStack("SocketReceiver::GetWaitObjects() - result ready", &callStack)); -} - -unsigned int SocketReceiver::GetReceiveResult() -{ - if (m_resultPending) - { - DWORD flags = 0; - if (WSAGetOverlappedResult(m_s, &m_overlapped, &m_lastResult, false, &flags)) - { - if (m_lastResult == 0) - m_eofReceived = true; - } - else - { - switch (WSAGetLastError()) - { - default: - m_s.CheckAndHandleError("WSAGetOverlappedResult", FALSE); - case WSAEDISCON: - m_lastResult = 0; - m_eofReceived = true; - } - } - m_resultPending = false; - } - return m_lastResult; -} - -// ************************************************************* - -SocketSender::SocketSender(Socket &s) - : m_s(s), m_resultPending(false), m_lastResult(0) -{ - m_event.AttachHandle(CreateEvent(NULL, true, false, NULL), true); - m_s.CheckAndHandleError("CreateEvent", m_event.HandleValid()); - memset(&m_overlapped, 0, sizeof(m_overlapped)); - m_overlapped.hEvent = m_event; -} - - -SocketSender::~SocketSender() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - CancelIo((HANDLE) m_s.GetSocket()); -#endif -} - -void SocketSender::Send(const byte* buf, size_t bufLen) -{ - assert(!m_resultPending); - DWORD written = 0; - // don't queue too much at once, or we might use up non-paged memory - WSABUF wsabuf = {UnsignedMin((u_long)128*1024, bufLen), (char *)buf}; - if (WSASend(m_s, &wsabuf, 1, &written, 0, &m_overlapped, NULL) == 0) - { - m_resultPending = false; - m_lastResult = written; - } - else - { - if (WSAGetLastError() != WSA_IO_PENDING) - m_s.CheckAndHandleError_int("WSASend", SOCKET_ERROR); - - m_resultPending = true; - } -} - -void SocketSender::SendEof() -{ - assert(!m_resultPending); - m_s.ShutDown(SD_SEND); - m_s.CheckAndHandleError("ResetEvent", ResetEvent(m_event)); - m_s.CheckAndHandleError_int("WSAEventSelect", WSAEventSelect(m_s, m_event, FD_CLOSE)); - m_resultPending = true; -} - -bool SocketSender::EofSent() -{ - if (m_resultPending) - { - WSANETWORKEVENTS events; - m_s.CheckAndHandleError_int("WSAEnumNetworkEvents", WSAEnumNetworkEvents(m_s, m_event, &events)); - if ((events.lNetworkEvents & FD_CLOSE) != FD_CLOSE) - throw Socket::Err(m_s, "WSAEnumNetworkEvents (FD_CLOSE not present)", E_FAIL); - if (events.iErrorCode[FD_CLOSE_BIT] != 0) - throw Socket::Err(m_s, "FD_CLOSE (via WSAEnumNetworkEvents)", events.iErrorCode[FD_CLOSE_BIT]); - m_resultPending = false; - } - return m_lastResult != 0; -} - -void SocketSender::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (m_resultPending) - container.AddHandle(m_event, CallStack("SocketSender::GetWaitObjects() - result pending", &callStack)); - else - container.SetNoWait(CallStack("SocketSender::GetWaitObjects() - result ready", &callStack)); -} - -unsigned int SocketSender::GetSendResult() -{ - if (m_resultPending) - { - DWORD flags = 0; - BOOL result = WSAGetOverlappedResult(m_s, &m_overlapped, &m_lastResult, false, &flags); - m_s.CheckAndHandleError("WSAGetOverlappedResult", result); - m_resultPending = false; - } - return m_lastResult; -} - -#endif - -#ifdef USE_BERKELEY_STYLE_SOCKETS - -SocketReceiver::SocketReceiver(Socket &s) - : m_s(s), m_lastResult(0), m_eofReceived(false) -{ -} - -void SocketReceiver::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (!m_eofReceived) - container.AddReadFd(m_s, CallStack("SocketReceiver::GetWaitObjects()", &callStack)); -} - -bool SocketReceiver::Receive(byte* buf, size_t bufLen) -{ - m_lastResult = m_s.Receive(buf, bufLen); - if (bufLen > 0 && m_lastResult == 0) - m_eofReceived = true; - return true; -} - -unsigned int SocketReceiver::GetReceiveResult() -{ - return m_lastResult; -} - -SocketSender::SocketSender(Socket &s) - : m_s(s), m_lastResult(0) -{ -} - -void SocketSender::Send(const byte* buf, size_t bufLen) -{ - m_lastResult = m_s.Send(buf, bufLen); -} - -void SocketSender::SendEof() -{ - m_s.ShutDown(SD_SEND); -} - -unsigned int SocketSender::GetSendResult() -{ - return m_lastResult; -} - -void SocketSender::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - container.AddWriteFd(m_s, CallStack("SocketSender::GetWaitObjects()", &callStack)); -} - -#endif - -NAMESPACE_END - -#endif // #ifdef SOCKETS_AVAILABLE diff --git a/cryptopp562/socketft.h b/cryptopp562/socketft.h deleted file mode 100644 index e414aa6..0000000 --- a/cryptopp562/socketft.h +++ /dev/null @@ -1,224 +0,0 @@ -#ifndef CRYPTOPP_SOCKETFT_H -#define CRYPTOPP_SOCKETFT_H - -#include "config.h" - -#ifdef SOCKETS_AVAILABLE - -#include "network.h" -#include "queue.h" - -#ifdef USE_WINDOWS_STYLE_SOCKETS -# if defined(_WINSOCKAPI_) && !defined(_WINSOCK2API_) -# error Winsock 1 is not supported by this library. Please include this file or winsock2.h before windows.h. -# endif -#include <winsock2.h> -#include "winpipes.h" -#else -#include <sys/time.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <unistd.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef USE_WINDOWS_STYLE_SOCKETS -typedef ::SOCKET socket_t; -#else -typedef int socket_t; -const socket_t INVALID_SOCKET = -1; -// cygwin 1.1.4 doesn't have SHUT_RD -const int SD_RECEIVE = 0; -const int SD_SEND = 1; -const int SD_BOTH = 2; -const int SOCKET_ERROR = -1; -#endif - -#ifndef socklen_t -typedef TYPE_OF_SOCKLEN_T socklen_t; // see config.h -#endif - -//! wrapper for Windows or Berkeley Sockets -class Socket -{ -public: - //! exception thrown by Socket class - class Err : public OS_Error - { - public: - Err(socket_t s, const std::string& operation, int error); - socket_t GetSocket() const {return m_s;} - - private: - socket_t m_s; - }; - - Socket(socket_t s = INVALID_SOCKET, bool own=false) : m_s(s), m_own(own) {} - Socket(const Socket &s) : m_s(s.m_s), m_own(false) {} - virtual ~Socket(); - - bool GetOwnership() const {return m_own;} - void SetOwnership(bool own) {m_own = own;} - - operator socket_t() {return m_s;} - socket_t GetSocket() const {return m_s;} - void AttachSocket(socket_t s, bool own=false); - socket_t DetachSocket(); - void CloseSocket(); - - void Create(int nType = SOCK_STREAM); - void Bind(unsigned int port, const char *addr=NULL); - void Bind(const sockaddr* psa, socklen_t saLen); - void Listen(int backlog=5); - // the next three functions return false if the socket is in nonblocking mode - // and the operation cannot be completed immediately - bool Connect(const char *addr, unsigned int port); - bool Connect(const sockaddr* psa, socklen_t saLen); - bool Accept(Socket& s, sockaddr *psa=NULL, socklen_t *psaLen=NULL); - void GetSockName(sockaddr *psa, socklen_t *psaLen); - void GetPeerName(sockaddr *psa, socklen_t *psaLen); - unsigned int Send(const byte* buf, size_t bufLen, int flags=0); - unsigned int Receive(byte* buf, size_t bufLen, int flags=0); - void ShutDown(int how = SD_SEND); - - void IOCtl(long cmd, unsigned long *argp); - bool SendReady(const timeval *timeout); - bool ReceiveReady(const timeval *timeout); - - virtual void HandleError(const char *operation) const; - void CheckAndHandleError_int(const char *operation, int result) const - {if (result == SOCKET_ERROR) HandleError(operation);} - void CheckAndHandleError(const char *operation, socket_t result) const - {if (result == SOCKET_ERROR) HandleError(operation);} -#ifdef USE_WINDOWS_STYLE_SOCKETS - void CheckAndHandleError(const char *operation, BOOL result) const - {assert(result==TRUE || result==FALSE); if (!result) HandleError(operation);} - void CheckAndHandleError(const char *operation, bool result) const - {if (!result) HandleError(operation);} -#endif - - //! look up the port number given its name, returns 0 if not found - static unsigned int PortNameToNumber(const char *name, const char *protocol="tcp"); - //! start Windows Sockets 2 - static void StartSockets(); - //! calls WSACleanup for Windows Sockets - static void ShutdownSockets(); - //! returns errno or WSAGetLastError - static int GetLastError(); - //! sets errno or calls WSASetLastError - static void SetLastError(int errorCode); - -protected: - virtual void SocketChanged() {} - - socket_t m_s; - bool m_own; -}; - -class SocketsInitializer -{ -public: - SocketsInitializer() {Socket::StartSockets();} - ~SocketsInitializer() {try {Socket::ShutdownSockets();} catch (...) {}} -}; - -class SocketReceiver : public NetworkReceiver -{ -public: - SocketReceiver(Socket &s); - -#ifdef USE_BERKELEY_STYLE_SOCKETS - bool MustWaitToReceive() {return true;} -#else - ~SocketReceiver(); - bool MustWaitForResult() {return true;} -#endif - bool Receive(byte* buf, size_t bufLen); - unsigned int GetReceiveResult(); - bool EofReceived() const {return m_eofReceived;} - - unsigned int GetMaxWaitObjectCount() const {return 1;} - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - -private: - Socket &m_s; - bool m_eofReceived; - -#ifdef USE_WINDOWS_STYLE_SOCKETS - WindowsHandle m_event; - OVERLAPPED m_overlapped; - bool m_resultPending; - DWORD m_lastResult; -#else - unsigned int m_lastResult; -#endif -}; - -class SocketSender : public NetworkSender -{ -public: - SocketSender(Socket &s); - -#ifdef USE_BERKELEY_STYLE_SOCKETS - bool MustWaitToSend() {return true;} -#else - ~SocketSender(); - bool MustWaitForResult() {return true;} - bool MustWaitForEof() { return true; } - bool EofSent(); -#endif - void Send(const byte* buf, size_t bufLen); - unsigned int GetSendResult(); - void SendEof(); - - unsigned int GetMaxWaitObjectCount() const {return 1;} - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - -private: - Socket &m_s; -#ifdef USE_WINDOWS_STYLE_SOCKETS - WindowsHandle m_event; - OVERLAPPED m_overlapped; - bool m_resultPending; - DWORD m_lastResult; -#else - unsigned int m_lastResult; -#endif -}; - -//! socket-based implementation of NetworkSource -class SocketSource : public NetworkSource, public Socket -{ -public: - SocketSource(socket_t s = INVALID_SOCKET, bool pumpAll = false, BufferedTransformation *attachment = NULL) - : NetworkSource(attachment), Socket(s), m_receiver(*this) - { - if (pumpAll) - PumpAll(); - } - -private: - NetworkReceiver & AccessReceiver() {return m_receiver;} - SocketReceiver m_receiver; -}; - -//! socket-based implementation of NetworkSink -class SocketSink : public NetworkSink, public Socket -{ -public: - SocketSink(socket_t s=INVALID_SOCKET, unsigned int maxBufferSize=0, unsigned int autoFlushBound=16*1024) - : NetworkSink(maxBufferSize, autoFlushBound), Socket(s), m_sender(*this) {} - - void SendEof() {ShutDown(SD_SEND);} - -private: - NetworkSender & AccessSender() {return m_sender;} - SocketSender m_sender; -}; - -NAMESPACE_END - -#endif // #ifdef SOCKETS_AVAILABLE - -#endif diff --git a/cryptopp562/sosemanuk.cpp b/cryptopp562/sosemanuk.cpp deleted file mode 100644 index 0863675..0000000 --- a/cryptopp562/sosemanuk.cpp +++ /dev/null @@ -1,711 +0,0 @@ -// sosemanuk.cpp - written and placed in the public domain by Wei Dai - -// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM sosemanuk.cpp" to generate MASM code - -#include "pch.h" - -#ifndef CRYPTOPP_GENERATE_X64_MASM - -#include "sosemanuk.h" -#include "misc.h" -#include "cpu.h" - -#include "serpentp.h" - -NAMESPACE_BEGIN(CryptoPP) - -void SosemanukPolicy::CipherSetKey(const NameValuePairs ¶ms, const byte *userKey, size_t keylen) -{ - Serpent_KeySchedule(m_key, 24, userKey, keylen); -} - -void SosemanukPolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) -{ - assert(length==16); - - word32 a, b, c, d, e; - - typedef BlockGetAndPut<word32, LittleEndian> Block; - Block::Get(iv)(a)(b)(c)(d); - - const word32 *k = m_key; - unsigned int i=1; - - do - { - beforeS0(KX); beforeS0(S0); afterS0(LT); - afterS0(KX); afterS0(S1); afterS1(LT); - if (i == 3) // after 18th round - { - m_state[4] = b; - m_state[5] = e; - m_state[10] = c; - m_state[11] = a; - } - afterS1(KX); afterS1(S2); afterS2(LT); - afterS2(KX); afterS2(S3); afterS3(LT); - if (i == 2) // after 12th round - { - m_state[6] = c; - m_state[7] = d; - m_state[8] = b; - m_state[9] = e; - } - afterS3(KX); afterS3(S4); afterS4(LT); - afterS4(KX); afterS4(S5); afterS5(LT); - afterS5(KX); afterS5(S6); afterS6(LT); - afterS6(KX); afterS6(S7); afterS7(LT); - - if (i == 3) - break; - - ++i; - c = b; - b = e; - e = d; - d = a; - a = e; - k += 32; - } - while (true); - - afterS7(KX); - - m_state[0] = a; - m_state[1] = b; - m_state[2] = e; - m_state[3] = d; - -#define XMUX(c, x, y) (x ^ (y & (0 - (c & 1)))) - m_state[11] += XMUX(m_state[10], m_state[1], m_state[8]); - m_state[10] = rotlFixed(m_state[10] * 0x54655307, 7); -} - -extern "C" { -word32 s_sosemanukMulTables[512] = { -#if CRYPTOPP_BOOL_X86 | CRYPTOPP_BOOL_X64 - 0x00000000, 0xE19FCF12, 0x6B973724, 0x8A08F836, - 0xD6876E48, 0x3718A15A, 0xBD10596C, 0x5C8F967E, - 0x05A7DC90, 0xE4381382, 0x6E30EBB4, 0x8FAF24A6, - 0xD320B2D8, 0x32BF7DCA, 0xB8B785FC, 0x59284AEE, - 0x0AE71189, 0xEB78DE9B, 0x617026AD, 0x80EFE9BF, - 0xDC607FC1, 0x3DFFB0D3, 0xB7F748E5, 0x566887F7, - 0x0F40CD19, 0xEEDF020B, 0x64D7FA3D, 0x8548352F, - 0xD9C7A351, 0x38586C43, 0xB2509475, 0x53CF5B67, - 0x146722BB, 0xF5F8EDA9, 0x7FF0159F, 0x9E6FDA8D, - 0xC2E04CF3, 0x237F83E1, 0xA9777BD7, 0x48E8B4C5, - 0x11C0FE2B, 0xF05F3139, 0x7A57C90F, 0x9BC8061D, - 0xC7479063, 0x26D85F71, 0xACD0A747, 0x4D4F6855, - 0x1E803332, 0xFF1FFC20, 0x75170416, 0x9488CB04, - 0xC8075D7A, 0x29989268, 0xA3906A5E, 0x420FA54C, - 0x1B27EFA2, 0xFAB820B0, 0x70B0D886, 0x912F1794, - 0xCDA081EA, 0x2C3F4EF8, 0xA637B6CE, 0x47A879DC, - 0x28CE44DF, 0xC9518BCD, 0x435973FB, 0xA2C6BCE9, - 0xFE492A97, 0x1FD6E585, 0x95DE1DB3, 0x7441D2A1, - 0x2D69984F, 0xCCF6575D, 0x46FEAF6B, 0xA7616079, - 0xFBEEF607, 0x1A713915, 0x9079C123, 0x71E60E31, - 0x22295556, 0xC3B69A44, 0x49BE6272, 0xA821AD60, - 0xF4AE3B1E, 0x1531F40C, 0x9F390C3A, 0x7EA6C328, - 0x278E89C6, 0xC61146D4, 0x4C19BEE2, 0xAD8671F0, - 0xF109E78E, 0x1096289C, 0x9A9ED0AA, 0x7B011FB8, - 0x3CA96664, 0xDD36A976, 0x573E5140, 0xB6A19E52, - 0xEA2E082C, 0x0BB1C73E, 0x81B93F08, 0x6026F01A, - 0x390EBAF4, 0xD89175E6, 0x52998DD0, 0xB30642C2, - 0xEF89D4BC, 0x0E161BAE, 0x841EE398, 0x65812C8A, - 0x364E77ED, 0xD7D1B8FF, 0x5DD940C9, 0xBC468FDB, - 0xE0C919A5, 0x0156D6B7, 0x8B5E2E81, 0x6AC1E193, - 0x33E9AB7D, 0xD276646F, 0x587E9C59, 0xB9E1534B, - 0xE56EC535, 0x04F10A27, 0x8EF9F211, 0x6F663D03, - 0x50358817, 0xB1AA4705, 0x3BA2BF33, 0xDA3D7021, - 0x86B2E65F, 0x672D294D, 0xED25D17B, 0x0CBA1E69, - 0x55925487, 0xB40D9B95, 0x3E0563A3, 0xDF9AACB1, - 0x83153ACF, 0x628AF5DD, 0xE8820DEB, 0x091DC2F9, - 0x5AD2999E, 0xBB4D568C, 0x3145AEBA, 0xD0DA61A8, - 0x8C55F7D6, 0x6DCA38C4, 0xE7C2C0F2, 0x065D0FE0, - 0x5F75450E, 0xBEEA8A1C, 0x34E2722A, 0xD57DBD38, - 0x89F22B46, 0x686DE454, 0xE2651C62, 0x03FAD370, - 0x4452AAAC, 0xA5CD65BE, 0x2FC59D88, 0xCE5A529A, - 0x92D5C4E4, 0x734A0BF6, 0xF942F3C0, 0x18DD3CD2, - 0x41F5763C, 0xA06AB92E, 0x2A624118, 0xCBFD8E0A, - 0x97721874, 0x76EDD766, 0xFCE52F50, 0x1D7AE042, - 0x4EB5BB25, 0xAF2A7437, 0x25228C01, 0xC4BD4313, - 0x9832D56D, 0x79AD1A7F, 0xF3A5E249, 0x123A2D5B, - 0x4B1267B5, 0xAA8DA8A7, 0x20855091, 0xC11A9F83, - 0x9D9509FD, 0x7C0AC6EF, 0xF6023ED9, 0x179DF1CB, - 0x78FBCCC8, 0x996403DA, 0x136CFBEC, 0xF2F334FE, - 0xAE7CA280, 0x4FE36D92, 0xC5EB95A4, 0x24745AB6, - 0x7D5C1058, 0x9CC3DF4A, 0x16CB277C, 0xF754E86E, - 0xABDB7E10, 0x4A44B102, 0xC04C4934, 0x21D38626, - 0x721CDD41, 0x93831253, 0x198BEA65, 0xF8142577, - 0xA49BB309, 0x45047C1B, 0xCF0C842D, 0x2E934B3F, - 0x77BB01D1, 0x9624CEC3, 0x1C2C36F5, 0xFDB3F9E7, - 0xA13C6F99, 0x40A3A08B, 0xCAAB58BD, 0x2B3497AF, - 0x6C9CEE73, 0x8D032161, 0x070BD957, 0xE6941645, - 0xBA1B803B, 0x5B844F29, 0xD18CB71F, 0x3013780D, - 0x693B32E3, 0x88A4FDF1, 0x02AC05C7, 0xE333CAD5, - 0xBFBC5CAB, 0x5E2393B9, 0xD42B6B8F, 0x35B4A49D, - 0x667BFFFA, 0x87E430E8, 0x0DECC8DE, 0xEC7307CC, - 0xB0FC91B2, 0x51635EA0, 0xDB6BA696, 0x3AF46984, - 0x63DC236A, 0x8243EC78, 0x084B144E, 0xE9D4DB5C, - 0xB55B4D22, 0x54C48230, 0xDECC7A06, 0x3F53B514, -#else - 0x00000000, 0xE19FCF13, 0x6B973726, 0x8A08F835, - 0xD6876E4C, 0x3718A15F, 0xBD10596A, 0x5C8F9679, - 0x05A7DC98, 0xE438138B, 0x6E30EBBE, 0x8FAF24AD, - 0xD320B2D4, 0x32BF7DC7, 0xB8B785F2, 0x59284AE1, - 0x0AE71199, 0xEB78DE8A, 0x617026BF, 0x80EFE9AC, - 0xDC607FD5, 0x3DFFB0C6, 0xB7F748F3, 0x566887E0, - 0x0F40CD01, 0xEEDF0212, 0x64D7FA27, 0x85483534, - 0xD9C7A34D, 0x38586C5E, 0xB250946B, 0x53CF5B78, - 0x1467229B, 0xF5F8ED88, 0x7FF015BD, 0x9E6FDAAE, - 0xC2E04CD7, 0x237F83C4, 0xA9777BF1, 0x48E8B4E2, - 0x11C0FE03, 0xF05F3110, 0x7A57C925, 0x9BC80636, - 0xC747904F, 0x26D85F5C, 0xACD0A769, 0x4D4F687A, - 0x1E803302, 0xFF1FFC11, 0x75170424, 0x9488CB37, - 0xC8075D4E, 0x2998925D, 0xA3906A68, 0x420FA57B, - 0x1B27EF9A, 0xFAB82089, 0x70B0D8BC, 0x912F17AF, - 0xCDA081D6, 0x2C3F4EC5, 0xA637B6F0, 0x47A879E3, - 0x28CE449F, 0xC9518B8C, 0x435973B9, 0xA2C6BCAA, - 0xFE492AD3, 0x1FD6E5C0, 0x95DE1DF5, 0x7441D2E6, - 0x2D699807, 0xCCF65714, 0x46FEAF21, 0xA7616032, - 0xFBEEF64B, 0x1A713958, 0x9079C16D, 0x71E60E7E, - 0x22295506, 0xC3B69A15, 0x49BE6220, 0xA821AD33, - 0xF4AE3B4A, 0x1531F459, 0x9F390C6C, 0x7EA6C37F, - 0x278E899E, 0xC611468D, 0x4C19BEB8, 0xAD8671AB, - 0xF109E7D2, 0x109628C1, 0x9A9ED0F4, 0x7B011FE7, - 0x3CA96604, 0xDD36A917, 0x573E5122, 0xB6A19E31, - 0xEA2E0848, 0x0BB1C75B, 0x81B93F6E, 0x6026F07D, - 0x390EBA9C, 0xD891758F, 0x52998DBA, 0xB30642A9, - 0xEF89D4D0, 0x0E161BC3, 0x841EE3F6, 0x65812CE5, - 0x364E779D, 0xD7D1B88E, 0x5DD940BB, 0xBC468FA8, - 0xE0C919D1, 0x0156D6C2, 0x8B5E2EF7, 0x6AC1E1E4, - 0x33E9AB05, 0xD2766416, 0x587E9C23, 0xB9E15330, - 0xE56EC549, 0x04F10A5A, 0x8EF9F26F, 0x6F663D7C, - 0x50358897, 0xB1AA4784, 0x3BA2BFB1, 0xDA3D70A2, - 0x86B2E6DB, 0x672D29C8, 0xED25D1FD, 0x0CBA1EEE, - 0x5592540F, 0xB40D9B1C, 0x3E056329, 0xDF9AAC3A, - 0x83153A43, 0x628AF550, 0xE8820D65, 0x091DC276, - 0x5AD2990E, 0xBB4D561D, 0x3145AE28, 0xD0DA613B, - 0x8C55F742, 0x6DCA3851, 0xE7C2C064, 0x065D0F77, - 0x5F754596, 0xBEEA8A85, 0x34E272B0, 0xD57DBDA3, - 0x89F22BDA, 0x686DE4C9, 0xE2651CFC, 0x03FAD3EF, - 0x4452AA0C, 0xA5CD651F, 0x2FC59D2A, 0xCE5A5239, - 0x92D5C440, 0x734A0B53, 0xF942F366, 0x18DD3C75, - 0x41F57694, 0xA06AB987, 0x2A6241B2, 0xCBFD8EA1, - 0x977218D8, 0x76EDD7CB, 0xFCE52FFE, 0x1D7AE0ED, - 0x4EB5BB95, 0xAF2A7486, 0x25228CB3, 0xC4BD43A0, - 0x9832D5D9, 0x79AD1ACA, 0xF3A5E2FF, 0x123A2DEC, - 0x4B12670D, 0xAA8DA81E, 0x2085502B, 0xC11A9F38, - 0x9D950941, 0x7C0AC652, 0xF6023E67, 0x179DF174, - 0x78FBCC08, 0x9964031B, 0x136CFB2E, 0xF2F3343D, - 0xAE7CA244, 0x4FE36D57, 0xC5EB9562, 0x24745A71, - 0x7D5C1090, 0x9CC3DF83, 0x16CB27B6, 0xF754E8A5, - 0xABDB7EDC, 0x4A44B1CF, 0xC04C49FA, 0x21D386E9, - 0x721CDD91, 0x93831282, 0x198BEAB7, 0xF81425A4, - 0xA49BB3DD, 0x45047CCE, 0xCF0C84FB, 0x2E934BE8, - 0x77BB0109, 0x9624CE1A, 0x1C2C362F, 0xFDB3F93C, - 0xA13C6F45, 0x40A3A056, 0xCAAB5863, 0x2B349770, - 0x6C9CEE93, 0x8D032180, 0x070BD9B5, 0xE69416A6, - 0xBA1B80DF, 0x5B844FCC, 0xD18CB7F9, 0x301378EA, - 0x693B320B, 0x88A4FD18, 0x02AC052D, 0xE333CA3E, - 0xBFBC5C47, 0x5E239354, 0xD42B6B61, 0x35B4A472, - 0x667BFF0A, 0x87E43019, 0x0DECC82C, 0xEC73073F, - 0xB0FC9146, 0x51635E55, 0xDB6BA660, 0x3AF46973, - 0x63DC2392, 0x8243EC81, 0x084B14B4, 0xE9D4DBA7, - 0xB55B4DDE, 0x54C482CD, 0xDECC7AF8, 0x3F53B5EB, -#endif - 0x00000000, 0x180F40CD, 0x301E8033, 0x2811C0FE, - 0x603CA966, 0x7833E9AB, 0x50222955, 0x482D6998, - 0xC078FBCC, 0xD877BB01, 0xF0667BFF, 0xE8693B32, - 0xA04452AA, 0xB84B1267, 0x905AD299, 0x88559254, - 0x29F05F31, 0x31FF1FFC, 0x19EEDF02, 0x01E19FCF, - 0x49CCF657, 0x51C3B69A, 0x79D27664, 0x61DD36A9, - 0xE988A4FD, 0xF187E430, 0xD99624CE, 0xC1996403, - 0x89B40D9B, 0x91BB4D56, 0xB9AA8DA8, 0xA1A5CD65, - 0x5249BE62, 0x4A46FEAF, 0x62573E51, 0x7A587E9C, - 0x32751704, 0x2A7A57C9, 0x026B9737, 0x1A64D7FA, - 0x923145AE, 0x8A3E0563, 0xA22FC59D, 0xBA208550, - 0xF20DECC8, 0xEA02AC05, 0xC2136CFB, 0xDA1C2C36, - 0x7BB9E153, 0x63B6A19E, 0x4BA76160, 0x53A821AD, - 0x1B854835, 0x038A08F8, 0x2B9BC806, 0x339488CB, - 0xBBC11A9F, 0xA3CE5A52, 0x8BDF9AAC, 0x93D0DA61, - 0xDBFDB3F9, 0xC3F2F334, 0xEBE333CA, 0xF3EC7307, - 0xA492D5C4, 0xBC9D9509, 0x948C55F7, 0x8C83153A, - 0xC4AE7CA2, 0xDCA13C6F, 0xF4B0FC91, 0xECBFBC5C, - 0x64EA2E08, 0x7CE56EC5, 0x54F4AE3B, 0x4CFBEEF6, - 0x04D6876E, 0x1CD9C7A3, 0x34C8075D, 0x2CC74790, - 0x8D628AF5, 0x956DCA38, 0xBD7C0AC6, 0xA5734A0B, - 0xED5E2393, 0xF551635E, 0xDD40A3A0, 0xC54FE36D, - 0x4D1A7139, 0x551531F4, 0x7D04F10A, 0x650BB1C7, - 0x2D26D85F, 0x35299892, 0x1D38586C, 0x053718A1, - 0xF6DB6BA6, 0xEED42B6B, 0xC6C5EB95, 0xDECAAB58, - 0x96E7C2C0, 0x8EE8820D, 0xA6F942F3, 0xBEF6023E, - 0x36A3906A, 0x2EACD0A7, 0x06BD1059, 0x1EB25094, - 0x569F390C, 0x4E9079C1, 0x6681B93F, 0x7E8EF9F2, - 0xDF2B3497, 0xC724745A, 0xEF35B4A4, 0xF73AF469, - 0xBF179DF1, 0xA718DD3C, 0x8F091DC2, 0x97065D0F, - 0x1F53CF5B, 0x075C8F96, 0x2F4D4F68, 0x37420FA5, - 0x7F6F663D, 0x676026F0, 0x4F71E60E, 0x577EA6C3, - 0xE18D0321, 0xF98243EC, 0xD1938312, 0xC99CC3DF, - 0x81B1AA47, 0x99BEEA8A, 0xB1AF2A74, 0xA9A06AB9, - 0x21F5F8ED, 0x39FAB820, 0x11EB78DE, 0x09E43813, - 0x41C9518B, 0x59C61146, 0x71D7D1B8, 0x69D89175, - 0xC87D5C10, 0xD0721CDD, 0xF863DC23, 0xE06C9CEE, - 0xA841F576, 0xB04EB5BB, 0x985F7545, 0x80503588, - 0x0805A7DC, 0x100AE711, 0x381B27EF, 0x20146722, - 0x68390EBA, 0x70364E77, 0x58278E89, 0x4028CE44, - 0xB3C4BD43, 0xABCBFD8E, 0x83DA3D70, 0x9BD57DBD, - 0xD3F81425, 0xCBF754E8, 0xE3E69416, 0xFBE9D4DB, - 0x73BC468F, 0x6BB30642, 0x43A2C6BC, 0x5BAD8671, - 0x1380EFE9, 0x0B8FAF24, 0x239E6FDA, 0x3B912F17, - 0x9A34E272, 0x823BA2BF, 0xAA2A6241, 0xB225228C, - 0xFA084B14, 0xE2070BD9, 0xCA16CB27, 0xD2198BEA, - 0x5A4C19BE, 0x42435973, 0x6A52998D, 0x725DD940, - 0x3A70B0D8, 0x227FF015, 0x0A6E30EB, 0x12617026, - 0x451FD6E5, 0x5D109628, 0x750156D6, 0x6D0E161B, - 0x25237F83, 0x3D2C3F4E, 0x153DFFB0, 0x0D32BF7D, - 0x85672D29, 0x9D686DE4, 0xB579AD1A, 0xAD76EDD7, - 0xE55B844F, 0xFD54C482, 0xD545047C, 0xCD4A44B1, - 0x6CEF89D4, 0x74E0C919, 0x5CF109E7, 0x44FE492A, - 0x0CD320B2, 0x14DC607F, 0x3CCDA081, 0x24C2E04C, - 0xAC977218, 0xB49832D5, 0x9C89F22B, 0x8486B2E6, - 0xCCABDB7E, 0xD4A49BB3, 0xFCB55B4D, 0xE4BA1B80, - 0x17566887, 0x0F59284A, 0x2748E8B4, 0x3F47A879, - 0x776AC1E1, 0x6F65812C, 0x477441D2, 0x5F7B011F, - 0xD72E934B, 0xCF21D386, 0xE7301378, 0xFF3F53B5, - 0xB7123A2D, 0xAF1D7AE0, 0x870CBA1E, 0x9F03FAD3, - 0x3EA637B6, 0x26A9777B, 0x0EB8B785, 0x16B7F748, - 0x5E9A9ED0, 0x4695DE1D, 0x6E841EE3, 0x768B5E2E, - 0xFEDECC7A, 0xE6D18CB7, 0xCEC04C49, 0xD6CF0C84, - 0x9EE2651C, 0x86ED25D1, 0xAEFCE52F, 0xB6F3A5E2 -}; -} - -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 -unsigned int SosemanukPolicy::GetAlignment() const -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#ifdef __INTEL_COMPILER - if (HasSSE2() && !IsP4()) // Intel compiler produces faster code for this algorithm on the P4 -#else - if (HasSSE2()) -#endif - return 16; - else -#endif - return GetAlignmentOf<word32>(); -} - -unsigned int SosemanukPolicy::GetOptimalBlockSize() const -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#ifdef __INTEL_COMPILER - if (HasSSE2() && !IsP4()) // Intel compiler produces faster code for this algorithm on the P4 -#else - if (HasSSE2()) -#endif - return 4*BYTES_PER_ITERATION; - else -#endif - return BYTES_PER_ITERATION; -} -#endif - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE -extern "C" { -void Sosemanuk_OperateKeystream(size_t iterationCount, const byte *input, byte *output, word32 *state); -} -#endif - -#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code - -void SosemanukPolicy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) -{ -#endif // #ifdef CRYPTOPP_GENERATE_X64_MASM - -#ifdef CRYPTOPP_X64_MASM_AVAILABLE - Sosemanuk_OperateKeystream(iterationCount, input, output, m_state.data()); - return; -#endif - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -#ifdef CRYPTOPP_GENERATE_X64_MASM - ALIGN 8 - Sosemanuk_OperateKeystream PROC FRAME - rex_push_reg rsi - push_reg rdi - alloc_stack(80*4*2+12*4+8*WORD_SZ + 2*16+8) - save_xmm128 xmm6, 02f0h - save_xmm128 xmm7, 0300h - .endprolog - mov rdi, r8 - mov rax, r9 -#else -#ifdef __INTEL_COMPILER - if (HasSSE2() && !IsP4()) // Intel compiler produces faster code for this algorithm on the P4 -#else - if (HasSSE2()) -#endif - { -#ifdef __GNUC__ - #if CRYPTOPP_BOOL_X64 - FixedSizeAlignedSecBlock<byte, 80*4*2+12*4+8*WORD_SZ> workspace; - #endif - __asm__ __volatile__ - ( - ".intel_syntax noprefix;" - AS_PUSH_IF86( bx) -#else - word32 *state = m_state; - AS2( mov WORD_REG(ax), state) - AS2( mov WORD_REG(di), output) - AS2( mov WORD_REG(dx), input) - AS2( mov WORD_REG(cx), iterationCount) -#endif -#endif // #ifdef CRYPTOPP_GENERATE_X64_MASM - -#if defined(__GNUC__) && CRYPTOPP_BOOL_X64 - #define SSE2_workspace %5 -#else - #define SSE2_workspace WORD_REG(sp) -#endif - -#define SSE2_output WORD_PTR [SSE2_workspace+1*WORD_SZ] -#define SSE2_input WORD_PTR [SSE2_workspace+2*WORD_SZ] -#define SSE2_wordsLeft WORD_PTR [SSE2_workspace+3*WORD_SZ] -#define SSE2_diEnd WORD_PTR [SSE2_workspace+4*WORD_SZ] -#define SSE2_pMulTables WORD_PTR [SSE2_workspace+5*WORD_SZ] -#define SSE2_state WORD_PTR [SSE2_workspace+6*WORD_SZ] -#define SSE2_wordsLeft2 WORD_PTR [SSE2_workspace+7*WORD_SZ] -#define SSE2_stateCopy SSE2_workspace + 8*WORD_SZ -#define SSE2_uvStart SSE2_stateCopy + 12*4 - -#if CRYPTOPP_BOOL_X86 - AS_PUSH_IF86( bp) - AS2( mov AS_REG_6, esp) - AS2( and esp, -16) - AS2( sub esp, 80*4*2+12*4+8*WORD_SZ) // 80 v's, 80 u's, 12 state, 8 locals - AS2( mov [esp], AS_REG_6) -#endif - AS2( mov SSE2_output, WORD_REG(di)) - AS2( mov SSE2_input, WORD_REG(dx)) - AS2( mov SSE2_state, WORD_REG(ax)) -#ifndef _MSC_VER - AS2( mov SSE2_pMulTables, WORD_REG(si)) -#endif - AS2( lea WORD_REG(cx), [4*WORD_REG(cx)+WORD_REG(cx)]) - AS2( lea WORD_REG(si), [4*WORD_REG(cx)]) - AS2( mov SSE2_wordsLeft, WORD_REG(si)) - AS2( movdqa xmm0, [WORD_REG(ax)+0*16]) // copy state to stack to save a register - AS2( movdqa [SSE2_stateCopy+0*16], xmm0) - AS2( movdqa xmm0, [WORD_REG(ax)+1*16]) - AS2( movdqa [SSE2_stateCopy+1*16], xmm0) - AS2( movq xmm0, QWORD PTR [WORD_REG(ax)+2*16]) - AS2( movq QWORD PTR [SSE2_stateCopy+2*16], xmm0) - AS2( psrlq xmm0, 32) - AS2( movd AS_REG_6d, xmm0) // s(9) - AS2( mov ecx, [WORD_REG(ax)+10*4]) - AS2( mov edx, [WORD_REG(ax)+11*4]) - AS2( pcmpeqb xmm7, xmm7) // all ones - -#define s(i) SSE2_stateCopy + ASM_MOD(i,10)*4 -#define u(j) WORD_REG(di) + (ASM_MOD(j,4)*20 + (j/4)) * 4 -#define v(j) WORD_REG(di) + (ASM_MOD(j,4)*20 + (j/4)) * 4 + 80*4 - -#define R10 ecx -#define R11 edx -#define R20 edx -#define R21 ecx -// workaround bug in GAS 2.15 -#define R20r WORD_REG(dx) -#define R21r WORD_REG(cx) - -#define SSE2_STEP(i, j) \ - AS2( mov eax, [s(i+0)])\ - AS2( mov [v(i)], eax)\ - AS2( rol eax, 8)\ - AS2( lea AS_REG_7, [AS_REG_6 + R2##j##r])\ - AS2( xor AS_REG_7d, R1##j)\ - AS2( mov [u(i)], AS_REG_7d)\ - AS2( mov AS_REG_7d, 1)\ - AS2( and AS_REG_7d, R2##j)\ - AS1( neg AS_REG_7d)\ - AS2( and AS_REG_7d, AS_REG_6d)\ - AS2( xor AS_REG_6d, eax)\ - AS2( movzx eax, al)\ - AS2( xor AS_REG_6d, [WORD_REG(si)+WORD_REG(ax)*4])\ - AS2( mov eax, [s(i+3)])\ - AS2( xor AS_REG_7d, [s(i+2)])\ - AS2( add R1##j, AS_REG_7d)\ - AS2( movzx AS_REG_7d, al)\ - AS2( shr eax, 8)\ - AS2( xor AS_REG_6d, [WORD_REG(si)+1024+AS_REG_7*4])\ - AS2( xor AS_REG_6d, eax)\ - AS2( imul R2##j, AS_HEX(54655307))\ - AS2( rol R2##j, 7)\ - AS2( mov [s(i+0)], AS_REG_6d)\ - - ASL(2) // outer loop, each iteration of this processes 80 words - AS2( lea WORD_REG(di), [SSE2_uvStart]) // start of v and u - AS2( mov WORD_REG(ax), 80) - AS2( cmp WORD_REG(si), 80) - AS2( cmovg WORD_REG(si), WORD_REG(ax)) - AS2( mov SSE2_wordsLeft2, WORD_REG(si)) - AS2( lea WORD_REG(si), [WORD_REG(di)+WORD_REG(si)]) // use to end first inner loop - AS2( mov SSE2_diEnd, WORD_REG(si)) -#ifdef _MSC_VER - AS2( lea WORD_REG(si), s_sosemanukMulTables) -#else - AS2( mov WORD_REG(si), SSE2_pMulTables) -#endif - - ASL(0) // first inner loop, 20 words each, 4 iterations - SSE2_STEP(0, 0) - SSE2_STEP(1, 1) - SSE2_STEP(2, 0) - SSE2_STEP(3, 1) - SSE2_STEP(4, 0) - SSE2_STEP(5, 1) - SSE2_STEP(6, 0) - SSE2_STEP(7, 1) - SSE2_STEP(8, 0) - SSE2_STEP(9, 1) - SSE2_STEP(10, 0) - SSE2_STEP(11, 1) - SSE2_STEP(12, 0) - SSE2_STEP(13, 1) - SSE2_STEP(14, 0) - SSE2_STEP(15, 1) - SSE2_STEP(16, 0) - SSE2_STEP(17, 1) - SSE2_STEP(18, 0) - SSE2_STEP(19, 1) - // loop - AS2( add WORD_REG(di), 5*4) - AS2( cmp WORD_REG(di), SSE2_diEnd) - ASJ( jne, 0, b) - - AS2( mov WORD_REG(ax), SSE2_input) - AS2( mov AS_REG_7, SSE2_output) - AS2( lea WORD_REG(di), [SSE2_uvStart]) // start of v and u - AS2( mov WORD_REG(si), SSE2_wordsLeft2) - - ASL(1) // second inner loop, 16 words each, 5 iterations - AS2( movdqa xmm0, [WORD_REG(di)+0*20*4]) - AS2( movdqa xmm2, [WORD_REG(di)+2*20*4]) - AS2( movdqa xmm3, [WORD_REG(di)+3*20*4]) - AS2( movdqa xmm1, [WORD_REG(di)+1*20*4]) - // S2 - AS2( movdqa xmm4, xmm0) - AS2( pand xmm0, xmm2) - AS2( pxor xmm0, xmm3) - AS2( pxor xmm2, xmm1) - AS2( pxor xmm2, xmm0) - AS2( por xmm3, xmm4) - AS2( pxor xmm3, xmm1) - AS2( pxor xmm4, xmm2) - AS2( movdqa xmm1, xmm3) - AS2( por xmm3, xmm4) - AS2( pxor xmm3, xmm0) - AS2( pand xmm0, xmm1) - AS2( pxor xmm4, xmm0) - AS2( pxor xmm1, xmm3) - AS2( pxor xmm1, xmm4) - AS2( pxor xmm4, xmm7) - // xor with v - AS2( pxor xmm2, [WORD_REG(di)+80*4]) - AS2( pxor xmm3, [WORD_REG(di)+80*5]) - AS2( pxor xmm1, [WORD_REG(di)+80*6]) - AS2( pxor xmm4, [WORD_REG(di)+80*7]) - // exit loop early if less than 16 words left to output - // this is necessary because block size is 20 words, and we output 16 words in each iteration of this loop - AS2( cmp WORD_REG(si), 16) - ASJ( jl, 4, f) - // unpack - AS2( movdqa xmm6, xmm2) - AS2( punpckldq xmm2, xmm3) - AS2( movdqa xmm5, xmm1) - AS2( punpckldq xmm1, xmm4) - AS2( movdqa xmm0, xmm2) - AS2( punpcklqdq xmm2, xmm1) - AS2( punpckhqdq xmm0, xmm1) - AS2( punpckhdq xmm6, xmm3) - AS2( punpckhdq xmm5, xmm4) - AS2( movdqa xmm3, xmm6) - AS2( punpcklqdq xmm6, xmm5) - AS2( punpckhqdq xmm3, xmm5) - // output keystream - AS_XMM_OUTPUT4(SSE2_Sosemanuk_Output, WORD_REG(ax), AS_REG_7, 2,0,6,3, 1, 0,1,2,3, 4) - - // loop - AS2( add WORD_REG(di), 4*4) - AS2( sub WORD_REG(si), 16) - ASJ( jnz, 1, b) - - // outer loop - AS2( mov WORD_REG(si), SSE2_wordsLeft) - AS2( sub WORD_REG(si), 80) - ASJ( jz, 6, f) - AS2( mov SSE2_wordsLeft, WORD_REG(si)) - AS2( mov SSE2_input, WORD_REG(ax)) - AS2( mov SSE2_output, AS_REG_7) - ASJ( jmp, 2, b) - - ASL(4) // final output of less than 16 words - AS2( test WORD_REG(ax), WORD_REG(ax)) - ASJ( jz, 5, f) - AS2( movd xmm0, dword ptr [WORD_REG(ax)+0*4]) - AS2( pxor xmm2, xmm0) - AS2( movd xmm0, dword ptr [WORD_REG(ax)+1*4]) - AS2( pxor xmm3, xmm0) - AS2( movd xmm0, dword ptr [WORD_REG(ax)+2*4]) - AS2( pxor xmm1, xmm0) - AS2( movd xmm0, dword ptr [WORD_REG(ax)+3*4]) - AS2( pxor xmm4, xmm0) - AS2( add WORD_REG(ax), 16) - ASL(5) - AS2( movd dword ptr [AS_REG_7+0*4], xmm2) - AS2( movd dword ptr [AS_REG_7+1*4], xmm3) - AS2( movd dword ptr [AS_REG_7+2*4], xmm1) - AS2( movd dword ptr [AS_REG_7+3*4], xmm4) - AS2( sub WORD_REG(si), 4) - ASJ( jz, 6, f) - AS2( add AS_REG_7, 16) - AS2( psrldq xmm2, 4) - AS2( psrldq xmm3, 4) - AS2( psrldq xmm1, 4) - AS2( psrldq xmm4, 4) - ASJ( jmp, 4, b) - - ASL(6) // save state - AS2( mov AS_REG_6, SSE2_state) - AS2( movdqa xmm0, [SSE2_stateCopy+0*16]) - AS2( movdqa [AS_REG_6+0*16], xmm0) - AS2( movdqa xmm0, [SSE2_stateCopy+1*16]) - AS2( movdqa [AS_REG_6+1*16], xmm0) - AS2( movq xmm0, QWORD PTR [SSE2_stateCopy+2*16]) - AS2( movq QWORD PTR [AS_REG_6+2*16], xmm0) - AS2( mov [AS_REG_6+10*4], ecx) - AS2( mov [AS_REG_6+11*4], edx) - - AS_POP_IF86( sp) - AS_POP_IF86( bp) - -#ifdef __GNUC__ - AS_POP_IF86( bx) - ".att_syntax prefix;" - : - : "a" (m_state.m_ptr), "c" (iterationCount), "S" (s_sosemanukMulTables), "D" (output), "d" (input) - #if CRYPTOPP_BOOL_X64 - , "r" (workspace.m_ptr) - : "memory", "cc", "%r9", "%r10", "%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7" - #else - : "memory", "cc" - #endif - ); -#endif -#ifdef CRYPTOPP_GENERATE_X64_MASM - movdqa xmm6, [rsp + 02f0h] - movdqa xmm7, [rsp + 0300h] - add rsp, 80*4*2+12*4+8*WORD_SZ + 2*16+8 - pop rdi - pop rsi - ret - Sosemanuk_OperateKeystream ENDP -#else - } - else -#endif -#endif -#ifndef CRYPTOPP_GENERATE_X64_MASM - { -#if CRYPTOPP_BOOL_X86 | CRYPTOPP_BOOL_X64 -#define MUL_A(x) (x = rotlFixed(x, 8), x ^ s_sosemanukMulTables[byte(x)]) -#else -#define MUL_A(x) (((x) << 8) ^ s_sosemanukMulTables[(x) >> 24]) -#endif - -#define DIV_A(x) (((x) >> 8) ^ s_sosemanukMulTables[256 + byte(x)]) - -#define r1(i) ((i%2) ? reg2 : reg1) -#define r2(i) ((i%2) ? reg1 : reg2) - -#define STEP(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, v, u) \ - u = (s##x9 + r2(x0)) ^ r1(x0);\ - v = s##x0;\ - s##x0 = MUL_A(s##x0) ^ DIV_A(s##x3) ^ s##x9;\ - r1(x0) += XMUX(r2(x0), s##x2, s##x9);\ - r2(x0) = rotlFixed(r2(x0) * 0x54655307, 7);\ - -#define SOSEMANUK_OUTPUT(x) \ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 0, u2 ^ v0);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 1, u3 ^ v1);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 2, u1 ^ v2);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 3, u4 ^ v3); - -#define OUTPUT4 \ - S2(0, u0, u1, u2, u3, u4);\ - CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(SOSEMANUK_OUTPUT, 4*4); - - word32 s0 = m_state[0]; - word32 s1 = m_state[1]; - word32 s2 = m_state[2]; - word32 s3 = m_state[3]; - word32 s4 = m_state[4]; - word32 s5 = m_state[5]; - word32 s6 = m_state[6]; - word32 s7 = m_state[7]; - word32 s8 = m_state[8]; - word32 s9 = m_state[9]; - word32 reg1 = m_state[10]; - word32 reg2 = m_state[11]; - word32 u0, u1, u2, u3, u4, v0, v1, v2, v3; - - do - { - STEP(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, v0, u0) - STEP(1, 2, 3, 4, 5, 6, 7, 8, 9, 0, v1, u1) - STEP(2, 3, 4, 5, 6, 7, 8, 9, 0, 1, v2, u2) - STEP(3, 4, 5, 6, 7, 8, 9, 0, 1, 2, v3, u3) - OUTPUT4 - STEP(4, 5, 6, 7, 8, 9, 0, 1, 2, 3, v0, u0) - STEP(5, 6, 7, 8, 9, 0, 1, 2, 3, 4, v1, u1) - STEP(6, 7, 8, 9, 0, 1, 2, 3, 4, 5, v2, u2) - STEP(7, 8, 9, 0, 1, 2, 3, 4, 5, 6, v3, u3) - OUTPUT4 - STEP(8, 9, 0, 1, 2, 3, 4, 5, 6, 7, v0, u0) - STEP(9, 0, 1, 2, 3, 4, 5, 6, 7, 8, v1, u1) - STEP(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, v2, u2) - STEP(1, 2, 3, 4, 5, 6, 7, 8, 9, 0, v3, u3) - OUTPUT4 - STEP(2, 3, 4, 5, 6, 7, 8, 9, 0, 1, v0, u0) - STEP(3, 4, 5, 6, 7, 8, 9, 0, 1, 2, v1, u1) - STEP(4, 5, 6, 7, 8, 9, 0, 1, 2, 3, v2, u2) - STEP(5, 6, 7, 8, 9, 0, 1, 2, 3, 4, v3, u3) - OUTPUT4 - STEP(6, 7, 8, 9, 0, 1, 2, 3, 4, 5, v0, u0) - STEP(7, 8, 9, 0, 1, 2, 3, 4, 5, 6, v1, u1) - STEP(8, 9, 0, 1, 2, 3, 4, 5, 6, 7, v2, u2) - STEP(9, 0, 1, 2, 3, 4, 5, 6, 7, 8, v3, u3) - OUTPUT4 - } - while (--iterationCount); - - m_state[0] = s0; - m_state[1] = s1; - m_state[2] = s2; - m_state[3] = s3; - m_state[4] = s4; - m_state[5] = s5; - m_state[6] = s6; - m_state[7] = s7; - m_state[8] = s8; - m_state[9] = s9; - m_state[10] = reg1; - m_state[11] = reg2; - } -} - -NAMESPACE_END - -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM diff --git a/cryptopp562/sosemanuk.h b/cryptopp562/sosemanuk.h deleted file mode 100644 index ff1d820..0000000 --- a/cryptopp562/sosemanuk.h +++ /dev/null @@ -1,40 +0,0 @@ -#ifndef CRYPTOPP_SOSEMANUK_H -#define CRYPTOPP_SOSEMANUK_H - -#include "strciphr.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! algorithm info -struct SosemanukInfo : public VariableKeyLength<16, 1, 32, 1, SimpleKeyingInterface::UNIQUE_IV, 16> -{ - static const char * StaticAlgorithmName() {return "Sosemanuk";} -}; - -//! _ -class SosemanukPolicy : public AdditiveCipherConcretePolicy<word32, 20>, public SosemanukInfo -{ -protected: - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); - bool CipherIsRandomAccess() const {return false;} -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64 - unsigned int GetAlignment() const; - unsigned int GetOptimalBlockSize() const; -#endif - - FixedSizeSecBlock<word32, 25*4> m_key; - FixedSizeAlignedSecBlock<word32, 12> m_state; -}; - -//! <a href="http://www.cryptolounge.org/wiki/Sosemanuk">Sosemanuk</a> -struct Sosemanuk : public SosemanukInfo, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal<ConcretePolicyHolder<SosemanukPolicy, AdditiveCipherTemplate<> >, SosemanukInfo> Encryption; - typedef Encryption Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/square.cpp b/cryptopp562/square.cpp deleted file mode 100644 index 00e6bdd..0000000 --- a/cryptopp562/square.cpp +++ /dev/null @@ -1,177 +0,0 @@ -// square.cpp - written and placed in the public domain by Wei Dai -// Based on Paulo S.L.M. Barreto's public domain implementation - -#include "pch.h" -#include "square.h" -#include "misc.h" -#include "gf256.h" - -NAMESPACE_BEGIN(CryptoPP) - -// apply theta to a roundkey -static void SquareTransform (word32 in[4], word32 out[4]) -{ - static const byte G[4][4] = - { - 0x02U, 0x01U, 0x01U, 0x03U, - 0x03U, 0x02U, 0x01U, 0x01U, - 0x01U, 0x03U, 0x02U, 0x01U, - 0x01U, 0x01U, 0x03U, 0x02U - }; - - GF256 gf256(0xf5); - - for (int i = 0; i < 4; i++) - { - word32 temp = 0; - for (int j = 0; j < 4; j++) - for (int k = 0; k < 4; k++) - temp ^= (word32)gf256.Multiply(GETBYTE(in[i], 3-k), G[k][j]) << ((3-j)*8); - out[i] = temp; - } -} - -#define roundkeys(i, j) m_roundkeys[(i)*4+(j)] -#define roundkeys4(i) (m_roundkeys+(i)*4) - -void Square::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &) -{ - AssertValidKeyLength(length); - - static const word32 offset[ROUNDS] = { - 0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL, - 0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL, - }; - - GetUserKey(BIG_ENDIAN_ORDER, m_roundkeys.data(), KEYLENGTH/4, userKey, KEYLENGTH); - - /* apply the key evolution function */ - for (int i = 1; i < ROUNDS+1; i++) - { - roundkeys(i, 0) = roundkeys(i-1, 0) ^ rotlFixed(roundkeys(i-1, 3), 8U) ^ offset[i-1]; - roundkeys(i, 1) = roundkeys(i-1, 1) ^ roundkeys(i, 0); - roundkeys(i, 2) = roundkeys(i-1, 2) ^ roundkeys(i, 1); - roundkeys(i, 3) = roundkeys(i-1, 3) ^ roundkeys(i, 2); - } - - /* produce the round keys */ - if (IsForwardTransformation()) - { - for (int i = 0; i < ROUNDS; i++) - SquareTransform (roundkeys4(i), roundkeys4(i)); - } - else - { - for (int i = 0; i < ROUNDS/2; i++) - for (int j = 0; j < 4; j++) - std::swap(roundkeys(i, j), roundkeys(ROUNDS-i, j)); - SquareTransform (roundkeys4(ROUNDS), roundkeys4(ROUNDS)); - } -} - -#define MSB(x) (((x) >> 24) & 0xffU) /* most significant byte */ -#define SSB(x) (((x) >> 16) & 0xffU) /* second in significance */ -#define TSB(x) (((x) >> 8) & 0xffU) /* third in significance */ -#define LSB(x) (((x) ) & 0xffU) /* least significant byte */ - -#define squareRound(text, temp, T0, T1, T2, T3, roundkey) \ -{ \ - temp[0] = T0[MSB (text[0])] \ - ^ T1[MSB (text[1])] \ - ^ T2[MSB (text[2])] \ - ^ T3[MSB (text[3])] \ - ^ roundkey[0]; \ - temp[1] = T0[SSB (text[0])] \ - ^ T1[SSB (text[1])] \ - ^ T2[SSB (text[2])] \ - ^ T3[SSB (text[3])] \ - ^ roundkey[1]; \ - temp[2] = T0[TSB (text[0])] \ - ^ T1[TSB (text[1])] \ - ^ T2[TSB (text[2])] \ - ^ T3[TSB (text[3])] \ - ^ roundkey[2]; \ - temp[3] = T0[LSB (text[0])] \ - ^ T1[LSB (text[1])] \ - ^ T2[LSB (text[2])] \ - ^ T3[LSB (text[3])] \ - ^ roundkey[3]; \ -} /* squareRound */ - -#define squareFinal(text, temp, S, roundkey) \ -{ \ - text[0] = ((word32) (S[MSB (temp[0])]) << 24) \ - ^ ((word32) (S[MSB (temp[1])]) << 16) \ - ^ ((word32) (S[MSB (temp[2])]) << 8) \ - ^ (word32) (S[MSB (temp[3])]) \ - ^ roundkey[0]; \ - text[1] = ((word32) (S[SSB (temp[0])]) << 24) \ - ^ ((word32) (S[SSB (temp[1])]) << 16) \ - ^ ((word32) (S[SSB (temp[2])]) << 8) \ - ^ (word32) (S[SSB (temp[3])]) \ - ^ roundkey[1]; \ - text[2] = ((word32) (S[TSB (temp[0])]) << 24) \ - ^ ((word32) (S[TSB (temp[1])]) << 16) \ - ^ ((word32) (S[TSB (temp[2])]) << 8) \ - ^ (word32) (S[TSB (temp[3])]) \ - ^ roundkey[2]; \ - text[3] = ((word32) (S[LSB (temp[0])]) << 24) \ - ^ ((word32) (S[LSB (temp[1])]) << 16) \ - ^ ((word32) (S[LSB (temp[2])]) << 8) \ - ^ (word32) (S[LSB (temp[3])]) \ - ^ roundkey[3]; \ -} /* squareFinal */ - -typedef BlockGetAndPut<word32, BigEndian> Block; - -void Square::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 text[4], temp[4]; - Block::Get(inBlock)(text[0])(text[1])(text[2])(text[3]); - - /* initial key addition */ - text[0] ^= roundkeys(0, 0); - text[1] ^= roundkeys(0, 1); - text[2] ^= roundkeys(0, 2); - text[3] ^= roundkeys(0, 3); - - /* ROUNDS - 1 full rounds */ - for (int i=1; i+1<ROUNDS; i+=2) - { - squareRound (text, temp, Te[0], Te[1], Te[2], Te[3], roundkeys4(i)); - squareRound (temp, text, Te[0], Te[1], Te[2], Te[3], roundkeys4(i+1)); - } - squareRound (text, temp, Te[0], Te[1], Te[2], Te[3], roundkeys4(ROUNDS-1)); - - /* last round (diffusion becomes only transposition) */ - squareFinal (text, temp, Se, roundkeys4(ROUNDS)); - - Block::Put(xorBlock, outBlock)(text[0])(text[1])(text[2])(text[3]); -} - -void Square::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 text[4], temp[4]; - Block::Get(inBlock)(text[0])(text[1])(text[2])(text[3]); - - /* initial key addition */ - text[0] ^= roundkeys(0, 0); - text[1] ^= roundkeys(0, 1); - text[2] ^= roundkeys(0, 2); - text[3] ^= roundkeys(0, 3); - - /* ROUNDS - 1 full rounds */ - for (int i=1; i+1<ROUNDS; i+=2) - { - squareRound (text, temp, Td[0], Td[1], Td[2], Td[3], roundkeys4(i)); - squareRound (temp, text, Td[0], Td[1], Td[2], Td[3], roundkeys4(i+1)); - } - squareRound (text, temp, Td[0], Td[1], Td[2], Td[3], roundkeys4(ROUNDS-1)); - - /* last round (diffusion becomes only transposition) */ - squareFinal (text, temp, Sd, roundkeys4(ROUNDS)); - - Block::Put(xorBlock, outBlock)(text[0])(text[1])(text[2])(text[3]); -} - -NAMESPACE_END diff --git a/cryptopp562/square.h b/cryptopp562/square.h deleted file mode 100644 index d7e23c2..0000000 --- a/cryptopp562/square.h +++ /dev/null @@ -1,58 +0,0 @@ -#ifndef CRYPTOPP_SQUARE_H -#define CRYPTOPP_SQUARE_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Square_Info : public FixedBlockSize<16>, public FixedKeyLength<16>, FixedRounds<8> -{ - static const char *StaticAlgorithmName() {return "Square";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#Square">Square</a> -class Square : public Square_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<Square_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - FixedSizeSecBlock<word32, 4*(ROUNDS+1)> m_roundkeys; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - private: - static const byte Se[256]; - static const word32 Te[4][256]; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - private: - static const byte Sd[256]; - static const word32 Td[4][256]; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef Square::Encryption SquareEncryption; -typedef Square::Decryption SquareDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/squaretb.cpp b/cryptopp562/squaretb.cpp deleted file mode 100644 index bc3bee7..0000000 --- a/cryptopp562/squaretb.cpp +++ /dev/null @@ -1,582 +0,0 @@ -#include "pch.h" -#include "square.h" - -NAMESPACE_BEGIN(CryptoPP) - -const byte Square::Enc::Se[256] = { -177, 206, 195, 149, 90, 173, 231, 2, 77, 68, 251, 145, 12, 135, 161, 80, -203, 103, 84, 221, 70, 143, 225, 78, 240, 253, 252, 235, 249, 196, 26, 110, - 94, 245, 204, 141, 28, 86, 67, 254, 7, 97, 248, 117, 89, 255, 3, 34, -138, 209, 19, 238, 136, 0, 14, 52, 21, 128, 148, 227, 237, 181, 83, 35, - 75, 71, 23, 167, 144, 53, 171, 216, 184, 223, 79, 87, 154, 146, 219, 27, - 60, 200, 153, 4, 142, 224, 215, 125, 133, 187, 64, 44, 58, 69, 241, 66, -101, 32, 65, 24, 114, 37, 147, 112, 54, 5, 242, 11, 163, 121, 236, 8, - 39, 49, 50, 182, 124, 176, 10, 115, 91, 123, 183, 129, 210, 13, 106, 38, -158, 88, 156, 131, 116, 179, 172, 48, 122, 105, 119, 15, 174, 33, 222, 208, - 46, 151, 16, 164, 152, 168, 212, 104, 45, 98, 41, 109, 22, 73, 118, 199, -232, 193, 150, 55, 229, 202, 244, 233, 99, 18, 194, 166, 20, 188, 211, 40, -175, 47, 230, 36, 82, 198, 160, 9, 189, 140, 207, 93, 17, 95, 1, 197, -159, 61, 162, 155, 201, 59, 190, 81, 25, 31, 63, 92, 178, 239, 74, 205, -191, 186, 111, 100, 217, 243, 62, 180, 170, 220, 213, 6, 192, 126, 246, 102, -108, 132, 113, 56, 185, 29, 127, 157, 72, 139, 42, 218, 165, 51, 130, 57, -214, 120, 134, 250, 228, 43, 169, 30, 137, 96, 107, 234, 85, 76, 247, 226, -}; - -const byte Square::Dec::Sd[256] = { - 53, 190, 7, 46, 83, 105, 219, 40, 111, 183, 118, 107, 12, 125, 54, 139, -146, 188, 169, 50, 172, 56, 156, 66, 99, 200, 30, 79, 36, 229, 247, 201, - 97, 141, 47, 63, 179, 101, 127, 112, 175, 154, 234, 245, 91, 152, 144, 177, -135, 113, 114, 237, 55, 69, 104, 163, 227, 239, 92, 197, 80, 193, 214, 202, - 90, 98, 95, 38, 9, 93, 20, 65, 232, 157, 206, 64, 253, 8, 23, 74, - 15, 199, 180, 62, 18, 252, 37, 75, 129, 44, 4, 120, 203, 187, 32, 189, -249, 41, 153, 168, 211, 96, 223, 17, 151, 137, 126, 250, 224, 155, 31, 210, -103, 226, 100, 119, 132, 43, 158, 138, 241, 109, 136, 121, 116, 87, 221, 230, - 57, 123, 238, 131, 225, 88, 242, 13, 52, 248, 48, 233, 185, 35, 84, 21, - 68, 11, 77, 102, 58, 3, 162, 145, 148, 82, 76, 195, 130, 231, 128, 192, -182, 14, 194, 108, 147, 236, 171, 67, 149, 246, 216, 70, 134, 5, 140, 176, -117, 0, 204, 133, 215, 61, 115, 122, 72, 228, 209, 89, 173, 184, 198, 208, -220, 161, 170, 2, 29, 191, 181, 159, 81, 196, 165, 16, 34, 207, 1, 186, -143, 49, 124, 174, 150, 218, 240, 86, 71, 212, 235, 78, 217, 19, 142, 73, - 85, 22, 255, 59, 244, 164, 178, 6, 160, 167, 251, 27, 110, 60, 51, 205, - 24, 94, 106, 213, 166, 33, 222, 254, 42, 28, 243, 10, 26, 25, 39, 45, -}; - -const word32 Square::Enc::Te[4][256] = { -{ -0x97b1b126UL, 0x69cecea7UL, 0x73c3c3b0UL, 0xdf95954aUL, -0xb45a5aeeUL, 0xafadad02UL, 0x3be7e7dcUL, 0x04020206UL, -0x9a4d4dd7UL, 0x884444ccUL, 0x03fbfbf8UL, 0xd7919146UL, -0x180c0c14UL, 0xfb87877cUL, 0xb7a1a116UL, 0xa05050f0UL, -0x63cbcba8UL, 0xce6767a9UL, 0xa85454fcUL, 0x4fdddd92UL, -0x8c4646caUL, 0xeb8f8f64UL, 0x37e1e1d6UL, 0x9c4e4ed2UL, -0x15f0f0e5UL, 0x0ffdfdf2UL, 0x0dfcfcf1UL, 0x23ebebc8UL, -0x07f9f9feUL, 0x7dc4c4b9UL, 0x341a1a2eUL, 0xdc6e6eb2UL, -0xbc5e5ee2UL, 0x1ff5f5eaUL, 0x6dcccca1UL, 0xef8d8d62UL, -0x381c1c24UL, 0xac5656faUL, 0x864343c5UL, 0x09fefef7UL, -0x0e070709UL, 0xc26161a3UL, 0x05f8f8fdUL, 0xea75759fUL, -0xb25959ebUL, 0x0bfffff4UL, 0x06030305UL, 0x44222266UL, -0xe18a8a6bUL, 0x57d1d186UL, 0x26131335UL, 0x29eeeec7UL, -0xe588886dUL, 0x00000000UL, 0x1c0e0e12UL, 0x6834345cUL, -0x2a15153fUL, 0xf5808075UL, 0xdd949449UL, 0x33e3e3d0UL, -0x2fededc2UL, 0x9fb5b52aUL, 0xa65353f5UL, 0x46232365UL, -0x964b4bddUL, 0x8e4747c9UL, 0x2e171739UL, 0xbba7a71cUL, -0xd5909045UL, 0x6a35355fUL, 0xa3abab08UL, 0x45d8d89dUL, -0x85b8b83dUL, 0x4bdfdf94UL, 0x9e4f4fd1UL, 0xae5757f9UL, -0xc19a9a5bUL, 0xd1929243UL, 0x43dbdb98UL, 0x361b1b2dUL, -0x783c3c44UL, 0x65c8c8adUL, 0xc799995eUL, 0x0804040cUL, -0xe98e8e67UL, 0x35e0e0d5UL, 0x5bd7d78cUL, 0xfa7d7d87UL, -0xff85857aUL, 0x83bbbb38UL, 0x804040c0UL, 0x582c2c74UL, -0x743a3a4eUL, 0x8a4545cfUL, 0x17f1f1e6UL, 0x844242c6UL, -0xca6565afUL, 0x40202060UL, 0x824141c3UL, 0x30181828UL, -0xe4727296UL, 0x4a25256fUL, 0xd3939340UL, 0xe0707090UL, -0x6c36365aUL, 0x0a05050fUL, 0x11f2f2e3UL, 0x160b0b1dUL, -0xb3a3a310UL, 0xf279798bUL, 0x2dececc1UL, 0x10080818UL, -0x4e272769UL, 0x62313153UL, 0x64323256UL, 0x99b6b62fUL, -0xf87c7c84UL, 0x95b0b025UL, 0x140a0a1eUL, 0xe6737395UL, -0xb65b5bedUL, 0xf67b7b8dUL, 0x9bb7b72cUL, 0xf7818176UL, -0x51d2d283UL, 0x1a0d0d17UL, 0xd46a6abeUL, 0x4c26266aUL, -0xc99e9e57UL, 0xb05858e8UL, 0xcd9c9c51UL, 0xf3838370UL, -0xe874749cUL, 0x93b3b320UL, 0xadacac01UL, 0x60303050UL, -0xf47a7a8eUL, 0xd26969bbUL, 0xee777799UL, 0x1e0f0f11UL, -0xa9aeae07UL, 0x42212163UL, 0x49dede97UL, 0x55d0d085UL, -0x5c2e2e72UL, 0xdb97974cUL, 0x20101030UL, 0xbda4a419UL, -0xc598985dUL, 0xa5a8a80dUL, 0x5dd4d489UL, 0xd06868b8UL, -0x5a2d2d77UL, 0xc46262a6UL, 0x5229297bUL, 0xda6d6db7UL, -0x2c16163aUL, 0x924949dbUL, 0xec76769aUL, 0x7bc7c7bcUL, -0x25e8e8cdUL, 0x77c1c1b6UL, 0xd996964fUL, 0x6e373759UL, -0x3fe5e5daUL, 0x61cacaabUL, 0x1df4f4e9UL, 0x27e9e9ceUL, -0xc66363a5UL, 0x24121236UL, 0x71c2c2b3UL, 0xb9a6a61fUL, -0x2814143cUL, 0x8dbcbc31UL, 0x53d3d380UL, 0x50282878UL, -0xabafaf04UL, 0x5e2f2f71UL, 0x39e6e6dfUL, 0x4824246cUL, -0xa45252f6UL, 0x79c6c6bfUL, 0xb5a0a015UL, 0x1209091bUL, -0x8fbdbd32UL, 0xed8c8c61UL, 0x6bcfcfa4UL, 0xba5d5de7UL, -0x22111133UL, 0xbe5f5fe1UL, 0x02010103UL, 0x7fc5c5baUL, -0xcb9f9f54UL, 0x7a3d3d47UL, 0xb1a2a213UL, 0xc39b9b58UL, -0x67c9c9aeUL, 0x763b3b4dUL, 0x89bebe37UL, 0xa25151f3UL, -0x3219192bUL, 0x3e1f1f21UL, 0x7e3f3f41UL, 0xb85c5ce4UL, -0x91b2b223UL, 0x2befefc4UL, 0x944a4adeUL, 0x6fcdcda2UL, -0x8bbfbf34UL, 0x81baba3bUL, 0xde6f6fb1UL, 0xc86464acUL, -0x47d9d99eUL, 0x13f3f3e0UL, 0x7c3e3e42UL, 0x9db4b429UL, -0xa1aaaa0bUL, 0x4ddcdc91UL, 0x5fd5d58aUL, 0x0c06060aUL, -0x75c0c0b5UL, 0xfc7e7e82UL, 0x19f6f6efUL, 0xcc6666aaUL, -0xd86c6cb4UL, 0xfd848479UL, 0xe2717193UL, 0x70383848UL, -0x87b9b93eUL, 0x3a1d1d27UL, 0xfe7f7f81UL, 0xcf9d9d52UL, -0x904848d8UL, 0xe38b8b68UL, 0x542a2a7eUL, 0x41dada9bUL, -0xbfa5a51aUL, 0x66333355UL, 0xf1828273UL, 0x7239394bUL, -0x59d6d68fUL, 0xf0787888UL, 0xf986867fUL, 0x01fafafbUL, -0x3de4e4d9UL, 0x562b2b7dUL, 0xa7a9a90eUL, 0x3c1e1e22UL, -0xe789896eUL, 0xc06060a0UL, 0xd66b6bbdUL, 0x21eaeacbUL, -0xaa5555ffUL, 0x984c4cd4UL, 0x1bf7f7ecUL, 0x31e2e2d3UL, -}, - -{ -0x2697b1b1UL, 0xa769ceceUL, 0xb073c3c3UL, 0x4adf9595UL, -0xeeb45a5aUL, 0x02afadadUL, 0xdc3be7e7UL, 0x06040202UL, -0xd79a4d4dUL, 0xcc884444UL, 0xf803fbfbUL, 0x46d79191UL, -0x14180c0cUL, 0x7cfb8787UL, 0x16b7a1a1UL, 0xf0a05050UL, -0xa863cbcbUL, 0xa9ce6767UL, 0xfca85454UL, 0x924fddddUL, -0xca8c4646UL, 0x64eb8f8fUL, 0xd637e1e1UL, 0xd29c4e4eUL, -0xe515f0f0UL, 0xf20ffdfdUL, 0xf10dfcfcUL, 0xc823ebebUL, -0xfe07f9f9UL, 0xb97dc4c4UL, 0x2e341a1aUL, 0xb2dc6e6eUL, -0xe2bc5e5eUL, 0xea1ff5f5UL, 0xa16dccccUL, 0x62ef8d8dUL, -0x24381c1cUL, 0xfaac5656UL, 0xc5864343UL, 0xf709fefeUL, -0x090e0707UL, 0xa3c26161UL, 0xfd05f8f8UL, 0x9fea7575UL, -0xebb25959UL, 0xf40bffffUL, 0x05060303UL, 0x66442222UL, -0x6be18a8aUL, 0x8657d1d1UL, 0x35261313UL, 0xc729eeeeUL, -0x6de58888UL, 0x00000000UL, 0x121c0e0eUL, 0x5c683434UL, -0x3f2a1515UL, 0x75f58080UL, 0x49dd9494UL, 0xd033e3e3UL, -0xc22fededUL, 0x2a9fb5b5UL, 0xf5a65353UL, 0x65462323UL, -0xdd964b4bUL, 0xc98e4747UL, 0x392e1717UL, 0x1cbba7a7UL, -0x45d59090UL, 0x5f6a3535UL, 0x08a3ababUL, 0x9d45d8d8UL, -0x3d85b8b8UL, 0x944bdfdfUL, 0xd19e4f4fUL, 0xf9ae5757UL, -0x5bc19a9aUL, 0x43d19292UL, 0x9843dbdbUL, 0x2d361b1bUL, -0x44783c3cUL, 0xad65c8c8UL, 0x5ec79999UL, 0x0c080404UL, -0x67e98e8eUL, 0xd535e0e0UL, 0x8c5bd7d7UL, 0x87fa7d7dUL, -0x7aff8585UL, 0x3883bbbbUL, 0xc0804040UL, 0x74582c2cUL, -0x4e743a3aUL, 0xcf8a4545UL, 0xe617f1f1UL, 0xc6844242UL, -0xafca6565UL, 0x60402020UL, 0xc3824141UL, 0x28301818UL, -0x96e47272UL, 0x6f4a2525UL, 0x40d39393UL, 0x90e07070UL, -0x5a6c3636UL, 0x0f0a0505UL, 0xe311f2f2UL, 0x1d160b0bUL, -0x10b3a3a3UL, 0x8bf27979UL, 0xc12dececUL, 0x18100808UL, -0x694e2727UL, 0x53623131UL, 0x56643232UL, 0x2f99b6b6UL, -0x84f87c7cUL, 0x2595b0b0UL, 0x1e140a0aUL, 0x95e67373UL, -0xedb65b5bUL, 0x8df67b7bUL, 0x2c9bb7b7UL, 0x76f78181UL, -0x8351d2d2UL, 0x171a0d0dUL, 0xbed46a6aUL, 0x6a4c2626UL, -0x57c99e9eUL, 0xe8b05858UL, 0x51cd9c9cUL, 0x70f38383UL, -0x9ce87474UL, 0x2093b3b3UL, 0x01adacacUL, 0x50603030UL, -0x8ef47a7aUL, 0xbbd26969UL, 0x99ee7777UL, 0x111e0f0fUL, -0x07a9aeaeUL, 0x63422121UL, 0x9749dedeUL, 0x8555d0d0UL, -0x725c2e2eUL, 0x4cdb9797UL, 0x30201010UL, 0x19bda4a4UL, -0x5dc59898UL, 0x0da5a8a8UL, 0x895dd4d4UL, 0xb8d06868UL, -0x775a2d2dUL, 0xa6c46262UL, 0x7b522929UL, 0xb7da6d6dUL, -0x3a2c1616UL, 0xdb924949UL, 0x9aec7676UL, 0xbc7bc7c7UL, -0xcd25e8e8UL, 0xb677c1c1UL, 0x4fd99696UL, 0x596e3737UL, -0xda3fe5e5UL, 0xab61cacaUL, 0xe91df4f4UL, 0xce27e9e9UL, -0xa5c66363UL, 0x36241212UL, 0xb371c2c2UL, 0x1fb9a6a6UL, -0x3c281414UL, 0x318dbcbcUL, 0x8053d3d3UL, 0x78502828UL, -0x04abafafUL, 0x715e2f2fUL, 0xdf39e6e6UL, 0x6c482424UL, -0xf6a45252UL, 0xbf79c6c6UL, 0x15b5a0a0UL, 0x1b120909UL, -0x328fbdbdUL, 0x61ed8c8cUL, 0xa46bcfcfUL, 0xe7ba5d5dUL, -0x33221111UL, 0xe1be5f5fUL, 0x03020101UL, 0xba7fc5c5UL, -0x54cb9f9fUL, 0x477a3d3dUL, 0x13b1a2a2UL, 0x58c39b9bUL, -0xae67c9c9UL, 0x4d763b3bUL, 0x3789bebeUL, 0xf3a25151UL, -0x2b321919UL, 0x213e1f1fUL, 0x417e3f3fUL, 0xe4b85c5cUL, -0x2391b2b2UL, 0xc42befefUL, 0xde944a4aUL, 0xa26fcdcdUL, -0x348bbfbfUL, 0x3b81babaUL, 0xb1de6f6fUL, 0xacc86464UL, -0x9e47d9d9UL, 0xe013f3f3UL, 0x427c3e3eUL, 0x299db4b4UL, -0x0ba1aaaaUL, 0x914ddcdcUL, 0x8a5fd5d5UL, 0x0a0c0606UL, -0xb575c0c0UL, 0x82fc7e7eUL, 0xef19f6f6UL, 0xaacc6666UL, -0xb4d86c6cUL, 0x79fd8484UL, 0x93e27171UL, 0x48703838UL, -0x3e87b9b9UL, 0x273a1d1dUL, 0x81fe7f7fUL, 0x52cf9d9dUL, -0xd8904848UL, 0x68e38b8bUL, 0x7e542a2aUL, 0x9b41dadaUL, -0x1abfa5a5UL, 0x55663333UL, 0x73f18282UL, 0x4b723939UL, -0x8f59d6d6UL, 0x88f07878UL, 0x7ff98686UL, 0xfb01fafaUL, -0xd93de4e4UL, 0x7d562b2bUL, 0x0ea7a9a9UL, 0x223c1e1eUL, -0x6ee78989UL, 0xa0c06060UL, 0xbdd66b6bUL, 0xcb21eaeaUL, -0xffaa5555UL, 0xd4984c4cUL, 0xec1bf7f7UL, 0xd331e2e2UL, -}, - -{ -0xb12697b1UL, 0xcea769ceUL, 0xc3b073c3UL, 0x954adf95UL, -0x5aeeb45aUL, 0xad02afadUL, 0xe7dc3be7UL, 0x02060402UL, -0x4dd79a4dUL, 0x44cc8844UL, 0xfbf803fbUL, 0x9146d791UL, -0x0c14180cUL, 0x877cfb87UL, 0xa116b7a1UL, 0x50f0a050UL, -0xcba863cbUL, 0x67a9ce67UL, 0x54fca854UL, 0xdd924fddUL, -0x46ca8c46UL, 0x8f64eb8fUL, 0xe1d637e1UL, 0x4ed29c4eUL, -0xf0e515f0UL, 0xfdf20ffdUL, 0xfcf10dfcUL, 0xebc823ebUL, -0xf9fe07f9UL, 0xc4b97dc4UL, 0x1a2e341aUL, 0x6eb2dc6eUL, -0x5ee2bc5eUL, 0xf5ea1ff5UL, 0xcca16dccUL, 0x8d62ef8dUL, -0x1c24381cUL, 0x56faac56UL, 0x43c58643UL, 0xfef709feUL, -0x07090e07UL, 0x61a3c261UL, 0xf8fd05f8UL, 0x759fea75UL, -0x59ebb259UL, 0xfff40bffUL, 0x03050603UL, 0x22664422UL, -0x8a6be18aUL, 0xd18657d1UL, 0x13352613UL, 0xeec729eeUL, -0x886de588UL, 0x00000000UL, 0x0e121c0eUL, 0x345c6834UL, -0x153f2a15UL, 0x8075f580UL, 0x9449dd94UL, 0xe3d033e3UL, -0xedc22fedUL, 0xb52a9fb5UL, 0x53f5a653UL, 0x23654623UL, -0x4bdd964bUL, 0x47c98e47UL, 0x17392e17UL, 0xa71cbba7UL, -0x9045d590UL, 0x355f6a35UL, 0xab08a3abUL, 0xd89d45d8UL, -0xb83d85b8UL, 0xdf944bdfUL, 0x4fd19e4fUL, 0x57f9ae57UL, -0x9a5bc19aUL, 0x9243d192UL, 0xdb9843dbUL, 0x1b2d361bUL, -0x3c44783cUL, 0xc8ad65c8UL, 0x995ec799UL, 0x040c0804UL, -0x8e67e98eUL, 0xe0d535e0UL, 0xd78c5bd7UL, 0x7d87fa7dUL, -0x857aff85UL, 0xbb3883bbUL, 0x40c08040UL, 0x2c74582cUL, -0x3a4e743aUL, 0x45cf8a45UL, 0xf1e617f1UL, 0x42c68442UL, -0x65afca65UL, 0x20604020UL, 0x41c38241UL, 0x18283018UL, -0x7296e472UL, 0x256f4a25UL, 0x9340d393UL, 0x7090e070UL, -0x365a6c36UL, 0x050f0a05UL, 0xf2e311f2UL, 0x0b1d160bUL, -0xa310b3a3UL, 0x798bf279UL, 0xecc12decUL, 0x08181008UL, -0x27694e27UL, 0x31536231UL, 0x32566432UL, 0xb62f99b6UL, -0x7c84f87cUL, 0xb02595b0UL, 0x0a1e140aUL, 0x7395e673UL, -0x5bedb65bUL, 0x7b8df67bUL, 0xb72c9bb7UL, 0x8176f781UL, -0xd28351d2UL, 0x0d171a0dUL, 0x6abed46aUL, 0x266a4c26UL, -0x9e57c99eUL, 0x58e8b058UL, 0x9c51cd9cUL, 0x8370f383UL, -0x749ce874UL, 0xb32093b3UL, 0xac01adacUL, 0x30506030UL, -0x7a8ef47aUL, 0x69bbd269UL, 0x7799ee77UL, 0x0f111e0fUL, -0xae07a9aeUL, 0x21634221UL, 0xde9749deUL, 0xd08555d0UL, -0x2e725c2eUL, 0x974cdb97UL, 0x10302010UL, 0xa419bda4UL, -0x985dc598UL, 0xa80da5a8UL, 0xd4895dd4UL, 0x68b8d068UL, -0x2d775a2dUL, 0x62a6c462UL, 0x297b5229UL, 0x6db7da6dUL, -0x163a2c16UL, 0x49db9249UL, 0x769aec76UL, 0xc7bc7bc7UL, -0xe8cd25e8UL, 0xc1b677c1UL, 0x964fd996UL, 0x37596e37UL, -0xe5da3fe5UL, 0xcaab61caUL, 0xf4e91df4UL, 0xe9ce27e9UL, -0x63a5c663UL, 0x12362412UL, 0xc2b371c2UL, 0xa61fb9a6UL, -0x143c2814UL, 0xbc318dbcUL, 0xd38053d3UL, 0x28785028UL, -0xaf04abafUL, 0x2f715e2fUL, 0xe6df39e6UL, 0x246c4824UL, -0x52f6a452UL, 0xc6bf79c6UL, 0xa015b5a0UL, 0x091b1209UL, -0xbd328fbdUL, 0x8c61ed8cUL, 0xcfa46bcfUL, 0x5de7ba5dUL, -0x11332211UL, 0x5fe1be5fUL, 0x01030201UL, 0xc5ba7fc5UL, -0x9f54cb9fUL, 0x3d477a3dUL, 0xa213b1a2UL, 0x9b58c39bUL, -0xc9ae67c9UL, 0x3b4d763bUL, 0xbe3789beUL, 0x51f3a251UL, -0x192b3219UL, 0x1f213e1fUL, 0x3f417e3fUL, 0x5ce4b85cUL, -0xb22391b2UL, 0xefc42befUL, 0x4ade944aUL, 0xcda26fcdUL, -0xbf348bbfUL, 0xba3b81baUL, 0x6fb1de6fUL, 0x64acc864UL, -0xd99e47d9UL, 0xf3e013f3UL, 0x3e427c3eUL, 0xb4299db4UL, -0xaa0ba1aaUL, 0xdc914ddcUL, 0xd58a5fd5UL, 0x060a0c06UL, -0xc0b575c0UL, 0x7e82fc7eUL, 0xf6ef19f6UL, 0x66aacc66UL, -0x6cb4d86cUL, 0x8479fd84UL, 0x7193e271UL, 0x38487038UL, -0xb93e87b9UL, 0x1d273a1dUL, 0x7f81fe7fUL, 0x9d52cf9dUL, -0x48d89048UL, 0x8b68e38bUL, 0x2a7e542aUL, 0xda9b41daUL, -0xa51abfa5UL, 0x33556633UL, 0x8273f182UL, 0x394b7239UL, -0xd68f59d6UL, 0x7888f078UL, 0x867ff986UL, 0xfafb01faUL, -0xe4d93de4UL, 0x2b7d562bUL, 0xa90ea7a9UL, 0x1e223c1eUL, -0x896ee789UL, 0x60a0c060UL, 0x6bbdd66bUL, 0xeacb21eaUL, -0x55ffaa55UL, 0x4cd4984cUL, 0xf7ec1bf7UL, 0xe2d331e2UL, -}, - -{ -0xb1b12697UL, 0xcecea769UL, 0xc3c3b073UL, 0x95954adfUL, -0x5a5aeeb4UL, 0xadad02afUL, 0xe7e7dc3bUL, 0x02020604UL, -0x4d4dd79aUL, 0x4444cc88UL, 0xfbfbf803UL, 0x919146d7UL, -0x0c0c1418UL, 0x87877cfbUL, 0xa1a116b7UL, 0x5050f0a0UL, -0xcbcba863UL, 0x6767a9ceUL, 0x5454fca8UL, 0xdddd924fUL, -0x4646ca8cUL, 0x8f8f64ebUL, 0xe1e1d637UL, 0x4e4ed29cUL, -0xf0f0e515UL, 0xfdfdf20fUL, 0xfcfcf10dUL, 0xebebc823UL, -0xf9f9fe07UL, 0xc4c4b97dUL, 0x1a1a2e34UL, 0x6e6eb2dcUL, -0x5e5ee2bcUL, 0xf5f5ea1fUL, 0xcccca16dUL, 0x8d8d62efUL, -0x1c1c2438UL, 0x5656faacUL, 0x4343c586UL, 0xfefef709UL, -0x0707090eUL, 0x6161a3c2UL, 0xf8f8fd05UL, 0x75759feaUL, -0x5959ebb2UL, 0xfffff40bUL, 0x03030506UL, 0x22226644UL, -0x8a8a6be1UL, 0xd1d18657UL, 0x13133526UL, 0xeeeec729UL, -0x88886de5UL, 0x00000000UL, 0x0e0e121cUL, 0x34345c68UL, -0x15153f2aUL, 0x808075f5UL, 0x949449ddUL, 0xe3e3d033UL, -0xededc22fUL, 0xb5b52a9fUL, 0x5353f5a6UL, 0x23236546UL, -0x4b4bdd96UL, 0x4747c98eUL, 0x1717392eUL, 0xa7a71cbbUL, -0x909045d5UL, 0x35355f6aUL, 0xabab08a3UL, 0xd8d89d45UL, -0xb8b83d85UL, 0xdfdf944bUL, 0x4f4fd19eUL, 0x5757f9aeUL, -0x9a9a5bc1UL, 0x929243d1UL, 0xdbdb9843UL, 0x1b1b2d36UL, -0x3c3c4478UL, 0xc8c8ad65UL, 0x99995ec7UL, 0x04040c08UL, -0x8e8e67e9UL, 0xe0e0d535UL, 0xd7d78c5bUL, 0x7d7d87faUL, -0x85857affUL, 0xbbbb3883UL, 0x4040c080UL, 0x2c2c7458UL, -0x3a3a4e74UL, 0x4545cf8aUL, 0xf1f1e617UL, 0x4242c684UL, -0x6565afcaUL, 0x20206040UL, 0x4141c382UL, 0x18182830UL, -0x727296e4UL, 0x25256f4aUL, 0x939340d3UL, 0x707090e0UL, -0x36365a6cUL, 0x05050f0aUL, 0xf2f2e311UL, 0x0b0b1d16UL, -0xa3a310b3UL, 0x79798bf2UL, 0xececc12dUL, 0x08081810UL, -0x2727694eUL, 0x31315362UL, 0x32325664UL, 0xb6b62f99UL, -0x7c7c84f8UL, 0xb0b02595UL, 0x0a0a1e14UL, 0x737395e6UL, -0x5b5bedb6UL, 0x7b7b8df6UL, 0xb7b72c9bUL, 0x818176f7UL, -0xd2d28351UL, 0x0d0d171aUL, 0x6a6abed4UL, 0x26266a4cUL, -0x9e9e57c9UL, 0x5858e8b0UL, 0x9c9c51cdUL, 0x838370f3UL, -0x74749ce8UL, 0xb3b32093UL, 0xacac01adUL, 0x30305060UL, -0x7a7a8ef4UL, 0x6969bbd2UL, 0x777799eeUL, 0x0f0f111eUL, -0xaeae07a9UL, 0x21216342UL, 0xdede9749UL, 0xd0d08555UL, -0x2e2e725cUL, 0x97974cdbUL, 0x10103020UL, 0xa4a419bdUL, -0x98985dc5UL, 0xa8a80da5UL, 0xd4d4895dUL, 0x6868b8d0UL, -0x2d2d775aUL, 0x6262a6c4UL, 0x29297b52UL, 0x6d6db7daUL, -0x16163a2cUL, 0x4949db92UL, 0x76769aecUL, 0xc7c7bc7bUL, -0xe8e8cd25UL, 0xc1c1b677UL, 0x96964fd9UL, 0x3737596eUL, -0xe5e5da3fUL, 0xcacaab61UL, 0xf4f4e91dUL, 0xe9e9ce27UL, -0x6363a5c6UL, 0x12123624UL, 0xc2c2b371UL, 0xa6a61fb9UL, -0x14143c28UL, 0xbcbc318dUL, 0xd3d38053UL, 0x28287850UL, -0xafaf04abUL, 0x2f2f715eUL, 0xe6e6df39UL, 0x24246c48UL, -0x5252f6a4UL, 0xc6c6bf79UL, 0xa0a015b5UL, 0x09091b12UL, -0xbdbd328fUL, 0x8c8c61edUL, 0xcfcfa46bUL, 0x5d5de7baUL, -0x11113322UL, 0x5f5fe1beUL, 0x01010302UL, 0xc5c5ba7fUL, -0x9f9f54cbUL, 0x3d3d477aUL, 0xa2a213b1UL, 0x9b9b58c3UL, -0xc9c9ae67UL, 0x3b3b4d76UL, 0xbebe3789UL, 0x5151f3a2UL, -0x19192b32UL, 0x1f1f213eUL, 0x3f3f417eUL, 0x5c5ce4b8UL, -0xb2b22391UL, 0xefefc42bUL, 0x4a4ade94UL, 0xcdcda26fUL, -0xbfbf348bUL, 0xbaba3b81UL, 0x6f6fb1deUL, 0x6464acc8UL, -0xd9d99e47UL, 0xf3f3e013UL, 0x3e3e427cUL, 0xb4b4299dUL, -0xaaaa0ba1UL, 0xdcdc914dUL, 0xd5d58a5fUL, 0x06060a0cUL, -0xc0c0b575UL, 0x7e7e82fcUL, 0xf6f6ef19UL, 0x6666aaccUL, -0x6c6cb4d8UL, 0x848479fdUL, 0x717193e2UL, 0x38384870UL, -0xb9b93e87UL, 0x1d1d273aUL, 0x7f7f81feUL, 0x9d9d52cfUL, -0x4848d890UL, 0x8b8b68e3UL, 0x2a2a7e54UL, 0xdada9b41UL, -0xa5a51abfUL, 0x33335566UL, 0x828273f1UL, 0x39394b72UL, -0xd6d68f59UL, 0x787888f0UL, 0x86867ff9UL, 0xfafafb01UL, -0xe4e4d93dUL, 0x2b2b7d56UL, 0xa9a90ea7UL, 0x1e1e223cUL, -0x89896ee7UL, 0x6060a0c0UL, 0x6b6bbdd6UL, 0xeaeacb21UL, -0x5555ffaaUL, 0x4c4cd498UL, 0xf7f7ec1bUL, 0xe2e2d331UL, -}}; - -const word32 Square::Dec::Td[4][256] = { -{ -0xe368bc02UL, 0x5585620cUL, 0x2a3f2331UL, 0x61ab13f7UL, -0x98d46d72UL, 0x21cb9a19UL, 0x3c22a461UL, 0x459d3dcdUL, -0x05fdb423UL, 0x2bc4075fUL, 0x9b2c01c0UL, 0x3dd9800fUL, -0x486c5c74UL, 0xf97f7e85UL, 0xf173ab1fUL, 0xb6edde0eUL, -0x283c6bedUL, 0x4997781aUL, 0x9f2a918dUL, 0xc9579f33UL, -0xa907a8aaUL, 0xa50ded7dUL, 0x7c422d8fUL, 0x764db0c9UL, -0x4d91e857UL, 0xcea963ccUL, 0xb4ee96d2UL, 0x3028e1b6UL, -0x0df161b9UL, 0xbd196726UL, 0x419bad80UL, 0xc0a06ec7UL, -0x5183f241UL, 0x92dbf034UL, 0x6fa21efcUL, 0x8f32ce4cUL, -0x13e03373UL, 0x69a7c66dUL, 0xe56d6493UL, 0xbf1a2ffaUL, -0xbb1cbfb7UL, 0x587403b5UL, 0xe76e2c4fUL, 0x5d89b796UL, -0xe89c052aUL, 0x446619a3UL, 0x342e71fbUL, 0x0ff22965UL, -0xfe81827aUL, 0xb11322f1UL, 0xa30835ecUL, 0xcd510f7eUL, -0xff7aa614UL, 0x5c7293f8UL, 0x2fc29712UL, 0xf370e3c3UL, -0x992f491cUL, 0xd1431568UL, 0xc2a3261bUL, 0x88cc32b3UL, -0x8acf7a6fUL, 0xb0e8069fUL, 0x7a47f51eUL, 0xd2bb79daUL, -0xe6950821UL, 0x4398e55cUL, 0xd0b83106UL, 0x11e37bafUL, -0x7e416553UL, 0xccaa2b10UL, 0xd8b4e49cUL, 0x6456a7d4UL, -0xfb7c3659UL, 0x724b2084UL, 0xea9f4df6UL, 0x6a5faadfUL, -0x2dc1dfceUL, 0x70486858UL, 0xcaaff381UL, 0x0605d891UL, -0x5a774b69UL, 0x94de28a5UL, 0x39df1042UL, 0x813bc347UL, -0xfc82caa6UL, 0x23c8d2c5UL, 0x03f86cb2UL, 0x080cd59aUL, -0xdab7ac40UL, 0x7db909e1UL, 0x3824342cUL, 0xcf5247a2UL, -0xdcb274d1UL, 0x63a85b2bUL, 0x35d55595UL, 0x479e7511UL, -0x15e5ebe2UL, 0x4b9430c6UL, 0x4a6f14a8UL, 0x91239c86UL, -0x4c6acc39UL, 0x5f8aff4aUL, 0x0406904dUL, 0xee99ddbbUL, -0x1e1152caUL, 0xaaffc418UL, 0xeb646998UL, 0x07fefcffUL, -0x8b345e01UL, 0x567d0ebeUL, 0xbae79bd9UL, 0x4263c132UL, -0x75b5dc7bUL, 0x97264417UL, 0x67aecb66UL, 0x95250ccbUL, -0xec9a9567UL, 0x57862ad0UL, 0x60503799UL, 0xb8e4d305UL, -0x65ad83baUL, 0x19efae35UL, 0xa4f6c913UL, 0xc15b4aa9UL, -0x873e1bd6UL, 0xa0f0595eUL, 0x18148a5bUL, 0xaf02703bUL, -0xab04e076UL, 0xdd4950bfUL, 0xdf4a1863UL, 0xc6a5b656UL, -0x853d530aUL, 0xfa871237UL, 0x77b694a7UL, 0x4665517fUL, -0xed61b109UL, 0x1bece6e9UL, 0xd5458525UL, 0xf5753b52UL, -0x7fba413dUL, 0x27ce4288UL, 0xb2eb4e43UL, 0xd6bde997UL, -0x527b9ef3UL, 0x62537f45UL, 0x2c3afba0UL, 0x7bbcd170UL, -0xb91ff76bUL, 0x121b171dUL, 0xfd79eec8UL, 0x3a277cf0UL, -0x0c0a45d7UL, 0x96dd6079UL, 0x2233f6abUL, 0xacfa1c89UL, -0xc8acbb5dUL, 0xa10b7d30UL, 0xd4bea14bUL, 0xbee10b94UL, -0x25cd0a54UL, 0x547e4662UL, 0xa2f31182UL, 0x17e6a33eUL, -0x263566e6UL, 0xc3580275UL, 0x83388b9bUL, 0x7844bdc2UL, -0x020348dcUL, 0x4f92a08bUL, 0x2e39b37cUL, 0x4e6984e5UL, -0xf0888f71UL, 0x362d3927UL, 0x9cd2fd3fUL, 0x01fb246eUL, -0x893716ddUL, 0x00000000UL, 0xf68d57e0UL, 0xe293986cUL, -0x744ef815UL, 0x9320d45aUL, 0xad0138e7UL, 0xd3405db4UL, -0x1a17c287UL, 0xb3106a2dUL, 0x5078d62fUL, 0xf48e1f3cUL, -0xa70ea5a1UL, 0x71b34c36UL, 0x9ad725aeUL, 0x5e71db24UL, -0x161d8750UL, 0xef62f9d5UL, 0x8d318690UL, 0x1c121a16UL, -0xa6f581cfUL, 0x5b8c6f07UL, 0x37d61d49UL, 0x6e593a92UL, -0x84c67764UL, 0x86c53fb8UL, 0xd746cdf9UL, 0xe090d0b0UL, -0x29c74f83UL, 0xe49640fdUL, 0x0e090d0bUL, 0x6da15620UL, -0x8ec9ea22UL, 0xdb4c882eUL, 0xf776738eUL, 0xb515b2bcUL, -0x10185fc1UL, 0x322ba96aUL, 0x6ba48eb1UL, 0xaef95455UL, -0x406089eeUL, 0x6655ef08UL, 0xe9672144UL, 0x3e21ecbdUL, -0x2030be77UL, 0xf28bc7adUL, 0x80c0e729UL, 0x141ecf8cUL, -0xbce24348UL, 0xc4a6fe8aUL, 0x31d3c5d8UL, 0xb716fa60UL, -0x5380ba9dUL, 0xd94fc0f2UL, 0x1de93e78UL, 0x24362e3aUL, -0xe16bf4deUL, 0xcb54d7efUL, 0x09f7f1f4UL, 0x82c3aff5UL, -0x0bf4b928UL, 0x9d29d951UL, 0xc75e9238UL, 0xf8845aebUL, -0x90d8b8e8UL, 0xdeb13c0dUL, 0x33d08d04UL, 0x685ce203UL, -0xc55ddae4UL, 0x3bdc589eUL, 0x0a0f9d46UL, 0x3fdac8d3UL, -0x598f27dbUL, 0xa8fc8cc4UL, 0x79bf99acUL, 0x6c5a724eUL, -0x8ccaa2feUL, 0x9ed1b5e3UL, 0x1fea76a4UL, 0x73b004eaUL, -}, - -{ -0x02e368bcUL, 0x0c558562UL, 0x312a3f23UL, 0xf761ab13UL, -0x7298d46dUL, 0x1921cb9aUL, 0x613c22a4UL, 0xcd459d3dUL, -0x2305fdb4UL, 0x5f2bc407UL, 0xc09b2c01UL, 0x0f3dd980UL, -0x74486c5cUL, 0x85f97f7eUL, 0x1ff173abUL, 0x0eb6eddeUL, -0xed283c6bUL, 0x1a499778UL, 0x8d9f2a91UL, 0x33c9579fUL, -0xaaa907a8UL, 0x7da50dedUL, 0x8f7c422dUL, 0xc9764db0UL, -0x574d91e8UL, 0xcccea963UL, 0xd2b4ee96UL, 0xb63028e1UL, -0xb90df161UL, 0x26bd1967UL, 0x80419badUL, 0xc7c0a06eUL, -0x415183f2UL, 0x3492dbf0UL, 0xfc6fa21eUL, 0x4c8f32ceUL, -0x7313e033UL, 0x6d69a7c6UL, 0x93e56d64UL, 0xfabf1a2fUL, -0xb7bb1cbfUL, 0xb5587403UL, 0x4fe76e2cUL, 0x965d89b7UL, -0x2ae89c05UL, 0xa3446619UL, 0xfb342e71UL, 0x650ff229UL, -0x7afe8182UL, 0xf1b11322UL, 0xeca30835UL, 0x7ecd510fUL, -0x14ff7aa6UL, 0xf85c7293UL, 0x122fc297UL, 0xc3f370e3UL, -0x1c992f49UL, 0x68d14315UL, 0x1bc2a326UL, 0xb388cc32UL, -0x6f8acf7aUL, 0x9fb0e806UL, 0x1e7a47f5UL, 0xdad2bb79UL, -0x21e69508UL, 0x5c4398e5UL, 0x06d0b831UL, 0xaf11e37bUL, -0x537e4165UL, 0x10ccaa2bUL, 0x9cd8b4e4UL, 0xd46456a7UL, -0x59fb7c36UL, 0x84724b20UL, 0xf6ea9f4dUL, 0xdf6a5faaUL, -0xce2dc1dfUL, 0x58704868UL, 0x81caaff3UL, 0x910605d8UL, -0x695a774bUL, 0xa594de28UL, 0x4239df10UL, 0x47813bc3UL, -0xa6fc82caUL, 0xc523c8d2UL, 0xb203f86cUL, 0x9a080cd5UL, -0x40dab7acUL, 0xe17db909UL, 0x2c382434UL, 0xa2cf5247UL, -0xd1dcb274UL, 0x2b63a85bUL, 0x9535d555UL, 0x11479e75UL, -0xe215e5ebUL, 0xc64b9430UL, 0xa84a6f14UL, 0x8691239cUL, -0x394c6accUL, 0x4a5f8affUL, 0x4d040690UL, 0xbbee99ddUL, -0xca1e1152UL, 0x18aaffc4UL, 0x98eb6469UL, 0xff07fefcUL, -0x018b345eUL, 0xbe567d0eUL, 0xd9bae79bUL, 0x324263c1UL, -0x7b75b5dcUL, 0x17972644UL, 0x6667aecbUL, 0xcb95250cUL, -0x67ec9a95UL, 0xd057862aUL, 0x99605037UL, 0x05b8e4d3UL, -0xba65ad83UL, 0x3519efaeUL, 0x13a4f6c9UL, 0xa9c15b4aUL, -0xd6873e1bUL, 0x5ea0f059UL, 0x5b18148aUL, 0x3baf0270UL, -0x76ab04e0UL, 0xbfdd4950UL, 0x63df4a18UL, 0x56c6a5b6UL, -0x0a853d53UL, 0x37fa8712UL, 0xa777b694UL, 0x7f466551UL, -0x09ed61b1UL, 0xe91bece6UL, 0x25d54585UL, 0x52f5753bUL, -0x3d7fba41UL, 0x8827ce42UL, 0x43b2eb4eUL, 0x97d6bde9UL, -0xf3527b9eUL, 0x4562537fUL, 0xa02c3afbUL, 0x707bbcd1UL, -0x6bb91ff7UL, 0x1d121b17UL, 0xc8fd79eeUL, 0xf03a277cUL, -0xd70c0a45UL, 0x7996dd60UL, 0xab2233f6UL, 0x89acfa1cUL, -0x5dc8acbbUL, 0x30a10b7dUL, 0x4bd4bea1UL, 0x94bee10bUL, -0x5425cd0aUL, 0x62547e46UL, 0x82a2f311UL, 0x3e17e6a3UL, -0xe6263566UL, 0x75c35802UL, 0x9b83388bUL, 0xc27844bdUL, -0xdc020348UL, 0x8b4f92a0UL, 0x7c2e39b3UL, 0xe54e6984UL, -0x71f0888fUL, 0x27362d39UL, 0x3f9cd2fdUL, 0x6e01fb24UL, -0xdd893716UL, 0x00000000UL, 0xe0f68d57UL, 0x6ce29398UL, -0x15744ef8UL, 0x5a9320d4UL, 0xe7ad0138UL, 0xb4d3405dUL, -0x871a17c2UL, 0x2db3106aUL, 0x2f5078d6UL, 0x3cf48e1fUL, -0xa1a70ea5UL, 0x3671b34cUL, 0xae9ad725UL, 0x245e71dbUL, -0x50161d87UL, 0xd5ef62f9UL, 0x908d3186UL, 0x161c121aUL, -0xcfa6f581UL, 0x075b8c6fUL, 0x4937d61dUL, 0x926e593aUL, -0x6484c677UL, 0xb886c53fUL, 0xf9d746cdUL, 0xb0e090d0UL, -0x8329c74fUL, 0xfde49640UL, 0x0b0e090dUL, 0x206da156UL, -0x228ec9eaUL, 0x2edb4c88UL, 0x8ef77673UL, 0xbcb515b2UL, -0xc110185fUL, 0x6a322ba9UL, 0xb16ba48eUL, 0x55aef954UL, -0xee406089UL, 0x086655efUL, 0x44e96721UL, 0xbd3e21ecUL, -0x772030beUL, 0xadf28bc7UL, 0x2980c0e7UL, 0x8c141ecfUL, -0x48bce243UL, 0x8ac4a6feUL, 0xd831d3c5UL, 0x60b716faUL, -0x9d5380baUL, 0xf2d94fc0UL, 0x781de93eUL, 0x3a24362eUL, -0xdee16bf4UL, 0xefcb54d7UL, 0xf409f7f1UL, 0xf582c3afUL, -0x280bf4b9UL, 0x519d29d9UL, 0x38c75e92UL, 0xebf8845aUL, -0xe890d8b8UL, 0x0ddeb13cUL, 0x0433d08dUL, 0x03685ce2UL, -0xe4c55ddaUL, 0x9e3bdc58UL, 0x460a0f9dUL, 0xd33fdac8UL, -0xdb598f27UL, 0xc4a8fc8cUL, 0xac79bf99UL, 0x4e6c5a72UL, -0xfe8ccaa2UL, 0xe39ed1b5UL, 0xa41fea76UL, 0xea73b004UL, -}, - -{ -0xbc02e368UL, 0x620c5585UL, 0x23312a3fUL, 0x13f761abUL, -0x6d7298d4UL, 0x9a1921cbUL, 0xa4613c22UL, 0x3dcd459dUL, -0xb42305fdUL, 0x075f2bc4UL, 0x01c09b2cUL, 0x800f3dd9UL, -0x5c74486cUL, 0x7e85f97fUL, 0xab1ff173UL, 0xde0eb6edUL, -0x6bed283cUL, 0x781a4997UL, 0x918d9f2aUL, 0x9f33c957UL, -0xa8aaa907UL, 0xed7da50dUL, 0x2d8f7c42UL, 0xb0c9764dUL, -0xe8574d91UL, 0x63cccea9UL, 0x96d2b4eeUL, 0xe1b63028UL, -0x61b90df1UL, 0x6726bd19UL, 0xad80419bUL, 0x6ec7c0a0UL, -0xf2415183UL, 0xf03492dbUL, 0x1efc6fa2UL, 0xce4c8f32UL, -0x337313e0UL, 0xc66d69a7UL, 0x6493e56dUL, 0x2ffabf1aUL, -0xbfb7bb1cUL, 0x03b55874UL, 0x2c4fe76eUL, 0xb7965d89UL, -0x052ae89cUL, 0x19a34466UL, 0x71fb342eUL, 0x29650ff2UL, -0x827afe81UL, 0x22f1b113UL, 0x35eca308UL, 0x0f7ecd51UL, -0xa614ff7aUL, 0x93f85c72UL, 0x97122fc2UL, 0xe3c3f370UL, -0x491c992fUL, 0x1568d143UL, 0x261bc2a3UL, 0x32b388ccUL, -0x7a6f8acfUL, 0x069fb0e8UL, 0xf51e7a47UL, 0x79dad2bbUL, -0x0821e695UL, 0xe55c4398UL, 0x3106d0b8UL, 0x7baf11e3UL, -0x65537e41UL, 0x2b10ccaaUL, 0xe49cd8b4UL, 0xa7d46456UL, -0x3659fb7cUL, 0x2084724bUL, 0x4df6ea9fUL, 0xaadf6a5fUL, -0xdfce2dc1UL, 0x68587048UL, 0xf381caafUL, 0xd8910605UL, -0x4b695a77UL, 0x28a594deUL, 0x104239dfUL, 0xc347813bUL, -0xcaa6fc82UL, 0xd2c523c8UL, 0x6cb203f8UL, 0xd59a080cUL, -0xac40dab7UL, 0x09e17db9UL, 0x342c3824UL, 0x47a2cf52UL, -0x74d1dcb2UL, 0x5b2b63a8UL, 0x559535d5UL, 0x7511479eUL, -0xebe215e5UL, 0x30c64b94UL, 0x14a84a6fUL, 0x9c869123UL, -0xcc394c6aUL, 0xff4a5f8aUL, 0x904d0406UL, 0xddbbee99UL, -0x52ca1e11UL, 0xc418aaffUL, 0x6998eb64UL, 0xfcff07feUL, -0x5e018b34UL, 0x0ebe567dUL, 0x9bd9bae7UL, 0xc1324263UL, -0xdc7b75b5UL, 0x44179726UL, 0xcb6667aeUL, 0x0ccb9525UL, -0x9567ec9aUL, 0x2ad05786UL, 0x37996050UL, 0xd305b8e4UL, -0x83ba65adUL, 0xae3519efUL, 0xc913a4f6UL, 0x4aa9c15bUL, -0x1bd6873eUL, 0x595ea0f0UL, 0x8a5b1814UL, 0x703baf02UL, -0xe076ab04UL, 0x50bfdd49UL, 0x1863df4aUL, 0xb656c6a5UL, -0x530a853dUL, 0x1237fa87UL, 0x94a777b6UL, 0x517f4665UL, -0xb109ed61UL, 0xe6e91becUL, 0x8525d545UL, 0x3b52f575UL, -0x413d7fbaUL, 0x428827ceUL, 0x4e43b2ebUL, 0xe997d6bdUL, -0x9ef3527bUL, 0x7f456253UL, 0xfba02c3aUL, 0xd1707bbcUL, -0xf76bb91fUL, 0x171d121bUL, 0xeec8fd79UL, 0x7cf03a27UL, -0x45d70c0aUL, 0x607996ddUL, 0xf6ab2233UL, 0x1c89acfaUL, -0xbb5dc8acUL, 0x7d30a10bUL, 0xa14bd4beUL, 0x0b94bee1UL, -0x0a5425cdUL, 0x4662547eUL, 0x1182a2f3UL, 0xa33e17e6UL, -0x66e62635UL, 0x0275c358UL, 0x8b9b8338UL, 0xbdc27844UL, -0x48dc0203UL, 0xa08b4f92UL, 0xb37c2e39UL, 0x84e54e69UL, -0x8f71f088UL, 0x3927362dUL, 0xfd3f9cd2UL, 0x246e01fbUL, -0x16dd8937UL, 0x00000000UL, 0x57e0f68dUL, 0x986ce293UL, -0xf815744eUL, 0xd45a9320UL, 0x38e7ad01UL, 0x5db4d340UL, -0xc2871a17UL, 0x6a2db310UL, 0xd62f5078UL, 0x1f3cf48eUL, -0xa5a1a70eUL, 0x4c3671b3UL, 0x25ae9ad7UL, 0xdb245e71UL, -0x8750161dUL, 0xf9d5ef62UL, 0x86908d31UL, 0x1a161c12UL, -0x81cfa6f5UL, 0x6f075b8cUL, 0x1d4937d6UL, 0x3a926e59UL, -0x776484c6UL, 0x3fb886c5UL, 0xcdf9d746UL, 0xd0b0e090UL, -0x4f8329c7UL, 0x40fde496UL, 0x0d0b0e09UL, 0x56206da1UL, -0xea228ec9UL, 0x882edb4cUL, 0x738ef776UL, 0xb2bcb515UL, -0x5fc11018UL, 0xa96a322bUL, 0x8eb16ba4UL, 0x5455aef9UL, -0x89ee4060UL, 0xef086655UL, 0x2144e967UL, 0xecbd3e21UL, -0xbe772030UL, 0xc7adf28bUL, 0xe72980c0UL, 0xcf8c141eUL, -0x4348bce2UL, 0xfe8ac4a6UL, 0xc5d831d3UL, 0xfa60b716UL, -0xba9d5380UL, 0xc0f2d94fUL, 0x3e781de9UL, 0x2e3a2436UL, -0xf4dee16bUL, 0xd7efcb54UL, 0xf1f409f7UL, 0xaff582c3UL, -0xb9280bf4UL, 0xd9519d29UL, 0x9238c75eUL, 0x5aebf884UL, -0xb8e890d8UL, 0x3c0ddeb1UL, 0x8d0433d0UL, 0xe203685cUL, -0xdae4c55dUL, 0x589e3bdcUL, 0x9d460a0fUL, 0xc8d33fdaUL, -0x27db598fUL, 0x8cc4a8fcUL, 0x99ac79bfUL, 0x724e6c5aUL, -0xa2fe8ccaUL, 0xb5e39ed1UL, 0x76a41feaUL, 0x04ea73b0UL, -}, - -{ -0x68bc02e3UL, 0x85620c55UL, 0x3f23312aUL, 0xab13f761UL, -0xd46d7298UL, 0xcb9a1921UL, 0x22a4613cUL, 0x9d3dcd45UL, -0xfdb42305UL, 0xc4075f2bUL, 0x2c01c09bUL, 0xd9800f3dUL, -0x6c5c7448UL, 0x7f7e85f9UL, 0x73ab1ff1UL, 0xedde0eb6UL, -0x3c6bed28UL, 0x97781a49UL, 0x2a918d9fUL, 0x579f33c9UL, -0x07a8aaa9UL, 0x0ded7da5UL, 0x422d8f7cUL, 0x4db0c976UL, -0x91e8574dUL, 0xa963ccceUL, 0xee96d2b4UL, 0x28e1b630UL, -0xf161b90dUL, 0x196726bdUL, 0x9bad8041UL, 0xa06ec7c0UL, -0x83f24151UL, 0xdbf03492UL, 0xa21efc6fUL, 0x32ce4c8fUL, -0xe0337313UL, 0xa7c66d69UL, 0x6d6493e5UL, 0x1a2ffabfUL, -0x1cbfb7bbUL, 0x7403b558UL, 0x6e2c4fe7UL, 0x89b7965dUL, -0x9c052ae8UL, 0x6619a344UL, 0x2e71fb34UL, 0xf229650fUL, -0x81827afeUL, 0x1322f1b1UL, 0x0835eca3UL, 0x510f7ecdUL, -0x7aa614ffUL, 0x7293f85cUL, 0xc297122fUL, 0x70e3c3f3UL, -0x2f491c99UL, 0x431568d1UL, 0xa3261bc2UL, 0xcc32b388UL, -0xcf7a6f8aUL, 0xe8069fb0UL, 0x47f51e7aUL, 0xbb79dad2UL, -0x950821e6UL, 0x98e55c43UL, 0xb83106d0UL, 0xe37baf11UL, -0x4165537eUL, 0xaa2b10ccUL, 0xb4e49cd8UL, 0x56a7d464UL, -0x7c3659fbUL, 0x4b208472UL, 0x9f4df6eaUL, 0x5faadf6aUL, -0xc1dfce2dUL, 0x48685870UL, 0xaff381caUL, 0x05d89106UL, -0x774b695aUL, 0xde28a594UL, 0xdf104239UL, 0x3bc34781UL, -0x82caa6fcUL, 0xc8d2c523UL, 0xf86cb203UL, 0x0cd59a08UL, -0xb7ac40daUL, 0xb909e17dUL, 0x24342c38UL, 0x5247a2cfUL, -0xb274d1dcUL, 0xa85b2b63UL, 0xd5559535UL, 0x9e751147UL, -0xe5ebe215UL, 0x9430c64bUL, 0x6f14a84aUL, 0x239c8691UL, -0x6acc394cUL, 0x8aff4a5fUL, 0x06904d04UL, 0x99ddbbeeUL, -0x1152ca1eUL, 0xffc418aaUL, 0x646998ebUL, 0xfefcff07UL, -0x345e018bUL, 0x7d0ebe56UL, 0xe79bd9baUL, 0x63c13242UL, -0xb5dc7b75UL, 0x26441797UL, 0xaecb6667UL, 0x250ccb95UL, -0x9a9567ecUL, 0x862ad057UL, 0x50379960UL, 0xe4d305b8UL, -0xad83ba65UL, 0xefae3519UL, 0xf6c913a4UL, 0x5b4aa9c1UL, -0x3e1bd687UL, 0xf0595ea0UL, 0x148a5b18UL, 0x02703bafUL, -0x04e076abUL, 0x4950bfddUL, 0x4a1863dfUL, 0xa5b656c6UL, -0x3d530a85UL, 0x871237faUL, 0xb694a777UL, 0x65517f46UL, -0x61b109edUL, 0xece6e91bUL, 0x458525d5UL, 0x753b52f5UL, -0xba413d7fUL, 0xce428827UL, 0xeb4e43b2UL, 0xbde997d6UL, -0x7b9ef352UL, 0x537f4562UL, 0x3afba02cUL, 0xbcd1707bUL, -0x1ff76bb9UL, 0x1b171d12UL, 0x79eec8fdUL, 0x277cf03aUL, -0x0a45d70cUL, 0xdd607996UL, 0x33f6ab22UL, 0xfa1c89acUL, -0xacbb5dc8UL, 0x0b7d30a1UL, 0xbea14bd4UL, 0xe10b94beUL, -0xcd0a5425UL, 0x7e466254UL, 0xf31182a2UL, 0xe6a33e17UL, -0x3566e626UL, 0x580275c3UL, 0x388b9b83UL, 0x44bdc278UL, -0x0348dc02UL, 0x92a08b4fUL, 0x39b37c2eUL, 0x6984e54eUL, -0x888f71f0UL, 0x2d392736UL, 0xd2fd3f9cUL, 0xfb246e01UL, -0x3716dd89UL, 0x00000000UL, 0x8d57e0f6UL, 0x93986ce2UL, -0x4ef81574UL, 0x20d45a93UL, 0x0138e7adUL, 0x405db4d3UL, -0x17c2871aUL, 0x106a2db3UL, 0x78d62f50UL, 0x8e1f3cf4UL, -0x0ea5a1a7UL, 0xb34c3671UL, 0xd725ae9aUL, 0x71db245eUL, -0x1d875016UL, 0x62f9d5efUL, 0x3186908dUL, 0x121a161cUL, -0xf581cfa6UL, 0x8c6f075bUL, 0xd61d4937UL, 0x593a926eUL, -0xc6776484UL, 0xc53fb886UL, 0x46cdf9d7UL, 0x90d0b0e0UL, -0xc74f8329UL, 0x9640fde4UL, 0x090d0b0eUL, 0xa156206dUL, -0xc9ea228eUL, 0x4c882edbUL, 0x76738ef7UL, 0x15b2bcb5UL, -0x185fc110UL, 0x2ba96a32UL, 0xa48eb16bUL, 0xf95455aeUL, -0x6089ee40UL, 0x55ef0866UL, 0x672144e9UL, 0x21ecbd3eUL, -0x30be7720UL, 0x8bc7adf2UL, 0xc0e72980UL, 0x1ecf8c14UL, -0xe24348bcUL, 0xa6fe8ac4UL, 0xd3c5d831UL, 0x16fa60b7UL, -0x80ba9d53UL, 0x4fc0f2d9UL, 0xe93e781dUL, 0x362e3a24UL, -0x6bf4dee1UL, 0x54d7efcbUL, 0xf7f1f409UL, 0xc3aff582UL, -0xf4b9280bUL, 0x29d9519dUL, 0x5e9238c7UL, 0x845aebf8UL, -0xd8b8e890UL, 0xb13c0ddeUL, 0xd08d0433UL, 0x5ce20368UL, -0x5ddae4c5UL, 0xdc589e3bUL, 0x0f9d460aUL, 0xdac8d33fUL, -0x8f27db59UL, 0xfc8cc4a8UL, 0xbf99ac79UL, 0x5a724e6cUL, -0xcaa2fe8cUL, 0xd1b5e39eUL, 0xea76a41fUL, 0xb004ea73UL, -}}; - -NAMESPACE_END diff --git a/cryptopp562/stdcpp.h b/cryptopp562/stdcpp.h deleted file mode 100644 index 6511c4f..0000000 --- a/cryptopp562/stdcpp.h +++ /dev/null @@ -1,41 +0,0 @@ -#ifndef CRYPTOPP_STDCPP_H -#define CRYPTOPP_STDCPP_H - -#if _MSC_VER >= 1500 -#define _DO_NOT_DECLARE_INTERLOCKED_INTRINSICS_IN_MEMORY -#include <intrin.h> -#endif - -#include <stddef.h> -#include <assert.h> -#include <limits.h> -#include <stdlib.h> -#include <string.h> -#include <memory> -#include <string> -#include <exception> -#include <typeinfo> -#include <algorithm> -#include <map> -#include <vector> - -#ifdef CRYPTOPP_INCLUDE_VECTOR_CC -// workaround needed on Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21 -#include <vector.cc> -#endif - -// for alloca -#ifdef __sun -#include <alloca.h> -#elif defined(__MINGW32__) || defined(__BORLANDC__) -#include <malloc.h> -#endif - -#ifdef _MSC_VER -#pragma warning(disable: 4231) // re-disable this -#ifdef _CRTAPI1 -#define CRYPTOPP_MSVCRT6 -#endif -#endif - -#endif diff --git a/cryptopp562/strciphr.cpp b/cryptopp562/strciphr.cpp deleted file mode 100644 index 53e0073..0000000 --- a/cryptopp562/strciphr.cpp +++ /dev/null @@ -1,252 +0,0 @@ -// strciphr.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS - -#include "strciphr.h" - -NAMESPACE_BEGIN(CryptoPP) - -template <class S> -void AdditiveCipherTemplate<S>::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) -{ - PolicyInterface &policy = this->AccessPolicy(); - policy.CipherSetKey(params, key, length); - m_leftOver = 0; - unsigned int bufferByteSize = policy.CanOperateKeystream() ? GetBufferByteSize(policy) : RoundUpToMultipleOf(1024U, GetBufferByteSize(policy)); - m_buffer.New(bufferByteSize); - - if (this->IsResynchronizable()) - { - size_t ivLength; - const byte *iv = this->GetIVAndThrowIfInvalid(params, ivLength); - policy.CipherResynchronize(m_buffer, iv, ivLength); - } -} - -template <class S> -void AdditiveCipherTemplate<S>::GenerateBlock(byte *outString, size_t length) -{ - if (m_leftOver > 0) - { - size_t len = STDMIN(m_leftOver, length); - memcpy(outString, KeystreamBufferEnd()-m_leftOver, len); - length -= len; - m_leftOver -= len; - outString += len; - - if (!length) - return; - } - assert(m_leftOver == 0); - - PolicyInterface &policy = this->AccessPolicy(); - unsigned int bytesPerIteration = policy.GetBytesPerIteration(); - - if (length >= bytesPerIteration) - { - size_t iterations = length / bytesPerIteration; - policy.WriteKeystream(outString, iterations); - outString += iterations * bytesPerIteration; - length -= iterations * bytesPerIteration; - } - - if (length > 0) - { - size_t bufferByteSize = RoundUpToMultipleOf(length, bytesPerIteration); - size_t bufferIterations = bufferByteSize / bytesPerIteration; - - policy.WriteKeystream(KeystreamBufferEnd()-bufferByteSize, bufferIterations); - memcpy(outString, KeystreamBufferEnd()-bufferByteSize, length); - m_leftOver = bufferByteSize - length; - } -} - -template <class S> -void AdditiveCipherTemplate<S>::ProcessData(byte *outString, const byte *inString, size_t length) -{ - if (m_leftOver > 0) - { - size_t len = STDMIN(m_leftOver, length); - xorbuf(outString, inString, KeystreamBufferEnd()-m_leftOver, len); - length -= len; - m_leftOver -= len; - inString += len; - outString += len; - - if (!length) - return; - } - assert(m_leftOver == 0); - - PolicyInterface &policy = this->AccessPolicy(); - unsigned int bytesPerIteration = policy.GetBytesPerIteration(); - - if (policy.CanOperateKeystream() && length >= bytesPerIteration) - { - size_t iterations = length / bytesPerIteration; - unsigned int alignment = policy.GetAlignment(); - KeystreamOperation operation = KeystreamOperation((IsAlignedOn(inString, alignment) * 2) | (int)IsAlignedOn(outString, alignment)); - - policy.OperateKeystream(operation, outString, inString, iterations); - - inString += iterations * bytesPerIteration; - outString += iterations * bytesPerIteration; - length -= iterations * bytesPerIteration; - - if (!length) - return; - } - - size_t bufferByteSize = m_buffer.size(); - size_t bufferIterations = bufferByteSize / bytesPerIteration; - - while (length >= bufferByteSize) - { - policy.WriteKeystream(m_buffer, bufferIterations); - xorbuf(outString, inString, KeystreamBufferBegin(), bufferByteSize); - length -= bufferByteSize; - inString += bufferByteSize; - outString += bufferByteSize; - } - - if (length > 0) - { - bufferByteSize = RoundUpToMultipleOf(length, bytesPerIteration); - bufferIterations = bufferByteSize / bytesPerIteration; - - policy.WriteKeystream(KeystreamBufferEnd()-bufferByteSize, bufferIterations); - xorbuf(outString, inString, KeystreamBufferEnd()-bufferByteSize, length); - m_leftOver = bufferByteSize - length; - } -} - -template <class S> -void AdditiveCipherTemplate<S>::Resynchronize(const byte *iv, int length) -{ - PolicyInterface &policy = this->AccessPolicy(); - m_leftOver = 0; - m_buffer.New(GetBufferByteSize(policy)); - policy.CipherResynchronize(m_buffer, iv, this->ThrowIfInvalidIVLength(length)); -} - -template <class BASE> -void AdditiveCipherTemplate<BASE>::Seek(lword position) -{ - PolicyInterface &policy = this->AccessPolicy(); - unsigned int bytesPerIteration = policy.GetBytesPerIteration(); - - policy.SeekToIteration(position / bytesPerIteration); - position %= bytesPerIteration; - - if (position > 0) - { - policy.WriteKeystream(KeystreamBufferEnd()-bytesPerIteration, 1); - m_leftOver = bytesPerIteration - (unsigned int)position; - } - else - m_leftOver = 0; -} - -template <class BASE> -void CFB_CipherTemplate<BASE>::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) -{ - PolicyInterface &policy = this->AccessPolicy(); - policy.CipherSetKey(params, key, length); - - if (this->IsResynchronizable()) - { - size_t ivLength; - const byte *iv = this->GetIVAndThrowIfInvalid(params, ivLength); - policy.CipherResynchronize(iv, ivLength); - } - - m_leftOver = policy.GetBytesPerIteration(); -} - -template <class BASE> -void CFB_CipherTemplate<BASE>::Resynchronize(const byte *iv, int length) -{ - PolicyInterface &policy = this->AccessPolicy(); - policy.CipherResynchronize(iv, this->ThrowIfInvalidIVLength(length)); - m_leftOver = policy.GetBytesPerIteration(); -} - -template <class BASE> -void CFB_CipherTemplate<BASE>::ProcessData(byte *outString, const byte *inString, size_t length) -{ - assert(length % this->MandatoryBlockSize() == 0); - - PolicyInterface &policy = this->AccessPolicy(); - unsigned int bytesPerIteration = policy.GetBytesPerIteration(); - unsigned int alignment = policy.GetAlignment(); - byte *reg = policy.GetRegisterBegin(); - - if (m_leftOver) - { - size_t len = STDMIN(m_leftOver, length); - CombineMessageAndShiftRegister(outString, reg + bytesPerIteration - m_leftOver, inString, len); - m_leftOver -= len; - length -= len; - inString += len; - outString += len; - } - - if (!length) - return; - - assert(m_leftOver == 0); - - if (policy.CanIterate() && length >= bytesPerIteration && IsAlignedOn(outString, alignment)) - { - if (IsAlignedOn(inString, alignment)) - policy.Iterate(outString, inString, GetCipherDir(*this), length / bytesPerIteration); - else - { - memcpy(outString, inString, length); - policy.Iterate(outString, outString, GetCipherDir(*this), length / bytesPerIteration); - } - inString += length - length % bytesPerIteration; - outString += length - length % bytesPerIteration; - length %= bytesPerIteration; - } - - while (length >= bytesPerIteration) - { - policy.TransformRegister(); - CombineMessageAndShiftRegister(outString, reg, inString, bytesPerIteration); - length -= bytesPerIteration; - inString += bytesPerIteration; - outString += bytesPerIteration; - } - - if (length > 0) - { - policy.TransformRegister(); - CombineMessageAndShiftRegister(outString, reg, inString, length); - m_leftOver = bytesPerIteration - length; - } -} - -template <class BASE> -void CFB_EncryptionTemplate<BASE>::CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length) -{ - xorbuf(reg, message, length); - memcpy(output, reg, length); -} - -template <class BASE> -void CFB_DecryptionTemplate<BASE>::CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length) -{ - for (unsigned int i=0; i<length; i++) - { - byte b = message[i]; - output[i] = reg[i] ^ b; - reg[i] = b; - } -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/strciphr.h b/cryptopp562/strciphr.h deleted file mode 100644 index d1d11a1..0000000 --- a/cryptopp562/strciphr.h +++ /dev/null @@ -1,306 +0,0 @@ -/*! \file - This file contains helper classes for implementing stream ciphers. - - All this infrastructure may look very complex compared to what's in Crypto++ 4.x, - but stream ciphers implementations now support a lot of new functionality, - including better performance (minimizing copying), resetting of keys and IVs, and methods to - query which features are supported by a cipher. - - Here's an explanation of these classes. The word "policy" is used here to mean a class with a - set of methods that must be implemented by individual stream cipher implementations. - This is usually much simpler than the full stream cipher API, which is implemented by - either AdditiveCipherTemplate or CFB_CipherTemplate using the policy. So for example, an - implementation of SEAL only needs to implement the AdditiveCipherAbstractPolicy interface - (since it's an additive cipher, i.e., it xors a keystream into the plaintext). - See this line in seal.h: - - typedef SymmetricCipherFinal\<ConcretePolicyHolder\<SEAL_Policy\<B\>, AdditiveCipherTemplate\<\> \> \> Encryption; - - AdditiveCipherTemplate and CFB_CipherTemplate are designed so that they don't need - to take a policy class as a template parameter (although this is allowed), so that - their code is not duplicated for each new cipher. Instead they each - get a reference to an abstract policy interface by calling AccessPolicy() on itself, so - AccessPolicy() must be overriden to return the actual policy reference. This is done - by the ConceretePolicyHolder class. Finally, SymmetricCipherFinal implements the constructors and - other functions that must be implemented by the most derived class. -*/ - -#ifndef CRYPTOPP_STRCIPHR_H -#define CRYPTOPP_STRCIPHR_H - -#include "seckey.h" -#include "secblock.h" -#include "argnames.h" - -NAMESPACE_BEGIN(CryptoPP) - -template <class POLICY_INTERFACE, class BASE = Empty> -class CRYPTOPP_NO_VTABLE AbstractPolicyHolder : public BASE -{ -public: - typedef POLICY_INTERFACE PolicyInterface; - virtual ~AbstractPolicyHolder() {} - -protected: - virtual const POLICY_INTERFACE & GetPolicy() const =0; - virtual POLICY_INTERFACE & AccessPolicy() =0; -}; - -template <class POLICY, class BASE, class POLICY_INTERFACE = CPP_TYPENAME BASE::PolicyInterface> -class ConcretePolicyHolder : public BASE, protected POLICY -{ -protected: - const POLICY_INTERFACE & GetPolicy() const {return *this;} - POLICY_INTERFACE & AccessPolicy() {return *this;} -}; - -enum KeystreamOperationFlags {OUTPUT_ALIGNED=1, INPUT_ALIGNED=2, INPUT_NULL = 4}; -enum KeystreamOperation { - WRITE_KEYSTREAM = INPUT_NULL, - WRITE_KEYSTREAM_ALIGNED = INPUT_NULL | OUTPUT_ALIGNED, - XOR_KEYSTREAM = 0, - XOR_KEYSTREAM_INPUT_ALIGNED = INPUT_ALIGNED, - XOR_KEYSTREAM_OUTPUT_ALIGNED= OUTPUT_ALIGNED, - XOR_KEYSTREAM_BOTH_ALIGNED = OUTPUT_ALIGNED | INPUT_ALIGNED}; - -struct CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AdditiveCipherAbstractPolicy -{ - virtual ~AdditiveCipherAbstractPolicy() {} - virtual unsigned int GetAlignment() const {return 1;} - virtual unsigned int GetBytesPerIteration() const =0; - virtual unsigned int GetOptimalBlockSize() const {return GetBytesPerIteration();} - virtual unsigned int GetIterationsToBuffer() const =0; - virtual void WriteKeystream(byte *keystream, size_t iterationCount) - {OperateKeystream(KeystreamOperation(INPUT_NULL | (KeystreamOperationFlags)IsAlignedOn(keystream, GetAlignment())), keystream, NULL, iterationCount);} - virtual bool CanOperateKeystream() const {return false;} - virtual void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) {assert(false);} - virtual void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) =0; - virtual void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) {throw NotImplemented("SimpleKeyingInterface: this object doesn't support resynchronization");} - virtual bool CipherIsRandomAccess() const =0; - virtual void SeekToIteration(lword iterationCount) {assert(!CipherIsRandomAccess()); throw NotImplemented("StreamTransformation: this object doesn't support random access");} -}; - -template <typename WT, unsigned int W, unsigned int X = 1, class BASE = AdditiveCipherAbstractPolicy> -struct CRYPTOPP_NO_VTABLE AdditiveCipherConcretePolicy : public BASE -{ - typedef WT WordType; - CRYPTOPP_CONSTANT(BYTES_PER_ITERATION = sizeof(WordType) * W) - -#if !(CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64) - unsigned int GetAlignment() const {return GetAlignmentOf<WordType>();} -#endif - unsigned int GetBytesPerIteration() const {return BYTES_PER_ITERATION;} - unsigned int GetIterationsToBuffer() const {return X;} - bool CanOperateKeystream() const {return true;} - virtual void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) =0; -}; - -// use these to implement OperateKeystream -#define CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, b, i, a) \ - PutWord(bool(x & OUTPUT_ALIGNED), b, output+i*sizeof(WordType), (x & INPUT_NULL) ? a : a ^ GetWord<WordType>(bool(x & INPUT_ALIGNED), b, input+i*sizeof(WordType))); -#define CRYPTOPP_KEYSTREAM_OUTPUT_XMM(x, i, a) {\ - __m128i t = (x & INPUT_NULL) ? a : _mm_xor_si128(a, (x & INPUT_ALIGNED) ? _mm_load_si128((__m128i *)input+i) : _mm_loadu_si128((__m128i *)input+i));\ - if (x & OUTPUT_ALIGNED) _mm_store_si128((__m128i *)output+i, t);\ - else _mm_storeu_si128((__m128i *)output+i, t);} -#define CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(x, y) \ - switch (operation) \ - { \ - case WRITE_KEYSTREAM: \ - x(WRITE_KEYSTREAM) \ - break; \ - case XOR_KEYSTREAM: \ - x(XOR_KEYSTREAM) \ - input += y; \ - break; \ - case XOR_KEYSTREAM_INPUT_ALIGNED: \ - x(XOR_KEYSTREAM_INPUT_ALIGNED) \ - input += y; \ - break; \ - case XOR_KEYSTREAM_OUTPUT_ALIGNED: \ - x(XOR_KEYSTREAM_OUTPUT_ALIGNED) \ - input += y; \ - break; \ - case WRITE_KEYSTREAM_ALIGNED: \ - x(WRITE_KEYSTREAM_ALIGNED) \ - break; \ - case XOR_KEYSTREAM_BOTH_ALIGNED: \ - x(XOR_KEYSTREAM_BOTH_ALIGNED) \ - input += y; \ - break; \ - } \ - output += y; - -template <class BASE = AbstractPolicyHolder<AdditiveCipherAbstractPolicy, SymmetricCipher> > -class CRYPTOPP_NO_VTABLE AdditiveCipherTemplate : public BASE, public RandomNumberGenerator -{ -public: - void GenerateBlock(byte *output, size_t size); - void ProcessData(byte *outString, const byte *inString, size_t length); - void Resynchronize(const byte *iv, int length=-1); - unsigned int OptimalBlockSize() const {return this->GetPolicy().GetOptimalBlockSize();} - unsigned int GetOptimalNextBlockSize() const {return (unsigned int)this->m_leftOver;} - unsigned int OptimalDataAlignment() const {return this->GetPolicy().GetAlignment();} - bool IsSelfInverting() const {return true;} - bool IsForwardTransformation() const {return true;} - bool IsRandomAccess() const {return this->GetPolicy().CipherIsRandomAccess();} - void Seek(lword position); - - typedef typename BASE::PolicyInterface PolicyInterface; - -protected: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - - unsigned int GetBufferByteSize(const PolicyInterface &policy) const {return policy.GetBytesPerIteration() * policy.GetIterationsToBuffer();} - - inline byte * KeystreamBufferBegin() {return this->m_buffer.data();} - inline byte * KeystreamBufferEnd() {return (this->m_buffer.data() + this->m_buffer.size());} - - SecByteBlock m_buffer; - size_t m_leftOver; -}; - -class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CFB_CipherAbstractPolicy -{ -public: - virtual ~CFB_CipherAbstractPolicy() {} - virtual unsigned int GetAlignment() const =0; - virtual unsigned int GetBytesPerIteration() const =0; - virtual byte * GetRegisterBegin() =0; - virtual void TransformRegister() =0; - virtual bool CanIterate() const {return false;} - virtual void Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount) {assert(false); throw 0;} - virtual void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) =0; - virtual void CipherResynchronize(const byte *iv, size_t length) {throw NotImplemented("SimpleKeyingInterface: this object doesn't support resynchronization");} -}; - -template <typename WT, unsigned int W, class BASE = CFB_CipherAbstractPolicy> -struct CRYPTOPP_NO_VTABLE CFB_CipherConcretePolicy : public BASE -{ - typedef WT WordType; - - unsigned int GetAlignment() const {return sizeof(WordType);} - unsigned int GetBytesPerIteration() const {return sizeof(WordType) * W;} - bool CanIterate() const {return true;} - void TransformRegister() {this->Iterate(NULL, NULL, ENCRYPTION, 1);} - - template <class B> - struct RegisterOutput - { - RegisterOutput(byte *output, const byte *input, CipherDir dir) - : m_output(output), m_input(input), m_dir(dir) {} - - inline RegisterOutput& operator()(WordType ®isterWord) - { - assert(IsAligned<WordType>(m_output)); - assert(IsAligned<WordType>(m_input)); - - if (!NativeByteOrderIs(B::ToEnum())) - registerWord = ByteReverse(registerWord); - - if (m_dir == ENCRYPTION) - { - if (m_input == NULL) - assert(m_output == NULL); - else - { - WordType ct = *(const WordType *)m_input ^ registerWord; - registerWord = ct; - *(WordType*)m_output = ct; - m_input += sizeof(WordType); - m_output += sizeof(WordType); - } - } - else - { - WordType ct = *(const WordType *)m_input; - *(WordType*)m_output = registerWord ^ ct; - registerWord = ct; - m_input += sizeof(WordType); - m_output += sizeof(WordType); - } - - // registerWord is left unreversed so it can be xor-ed with further input - - return *this; - } - - byte *m_output; - const byte *m_input; - CipherDir m_dir; - }; -}; - -template <class BASE> -class CRYPTOPP_NO_VTABLE CFB_CipherTemplate : public BASE -{ -public: - void ProcessData(byte *outString, const byte *inString, size_t length); - void Resynchronize(const byte *iv, int length=-1); - unsigned int OptimalBlockSize() const {return this->GetPolicy().GetBytesPerIteration();} - unsigned int GetOptimalNextBlockSize() const {return (unsigned int)m_leftOver;} - unsigned int OptimalDataAlignment() const {return this->GetPolicy().GetAlignment();} - bool IsRandomAccess() const {return false;} - bool IsSelfInverting() const {return false;} - - typedef typename BASE::PolicyInterface PolicyInterface; - -protected: - virtual void CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length) =0; - - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); - - size_t m_leftOver; -}; - -template <class BASE = AbstractPolicyHolder<CFB_CipherAbstractPolicy, SymmetricCipher> > -class CRYPTOPP_NO_VTABLE CFB_EncryptionTemplate : public CFB_CipherTemplate<BASE> -{ - bool IsForwardTransformation() const {return true;} - void CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length); -}; - -template <class BASE = AbstractPolicyHolder<CFB_CipherAbstractPolicy, SymmetricCipher> > -class CRYPTOPP_NO_VTABLE CFB_DecryptionTemplate : public CFB_CipherTemplate<BASE> -{ - bool IsForwardTransformation() const {return false;} - void CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length); -}; - -template <class BASE> -class CFB_RequireFullDataBlocks : public BASE -{ -public: - unsigned int MandatoryBlockSize() const {return this->OptimalBlockSize();} -}; - -//! _ -template <class BASE, class INFO = BASE> -class SymmetricCipherFinal : public AlgorithmImpl<SimpleKeyingInterfaceImpl<BASE, INFO>, INFO> -{ -public: - SymmetricCipherFinal() {} - SymmetricCipherFinal(const byte *key) - {this->SetKey(key, this->DEFAULT_KEYLENGTH);} - SymmetricCipherFinal(const byte *key, size_t length) - {this->SetKey(key, length);} - SymmetricCipherFinal(const byte *key, size_t length, const byte *iv) - {this->SetKeyWithIV(key, length, iv);} - - Clonable * Clone() const {return static_cast<SymmetricCipher *>(new SymmetricCipherFinal<BASE, INFO>(*this));} -}; - -NAMESPACE_END - -#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES -#include "strciphr.cpp" -#endif - -NAMESPACE_BEGIN(CryptoPP) -CRYPTOPP_DLL_TEMPLATE_CLASS AbstractPolicyHolder<AdditiveCipherAbstractPolicy, SymmetricCipher>; -CRYPTOPP_DLL_TEMPLATE_CLASS AdditiveCipherTemplate<AbstractPolicyHolder<AdditiveCipherAbstractPolicy, SymmetricCipher> >; -CRYPTOPP_DLL_TEMPLATE_CLASS CFB_CipherTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, SymmetricCipher> >; -CRYPTOPP_DLL_TEMPLATE_CLASS CFB_EncryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, SymmetricCipher> >; -CRYPTOPP_DLL_TEMPLATE_CLASS CFB_DecryptionTemplate<AbstractPolicyHolder<CFB_CipherAbstractPolicy, SymmetricCipher> >; -NAMESPACE_END - -#endif diff --git a/cryptopp562/tea.cpp b/cryptopp562/tea.cpp deleted file mode 100644 index b1fb6f1..0000000 --- a/cryptopp562/tea.cpp +++ /dev/null @@ -1,159 +0,0 @@ -// tea.cpp - modified by Wei Dai from code in the original paper - -#include "pch.h" -#include "tea.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const word32 DELTA = 0x9e3779b9; -typedef BlockGetAndPut<word32, BigEndian> Block; - -void TEA::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(length); - - GetUserKey(BIG_ENDIAN_ORDER, m_k.begin(), 4, userKey, KEYLENGTH); - m_limit = GetRoundsAndThrowIfInvalid(params, this) * DELTA; -} - -void TEA::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 y, z; - Block::Get(inBlock)(y)(z); - - word32 sum = 0; - while (sum != m_limit) - { - sum += DELTA; - y += (z << 4) + m_k[0] ^ z + sum ^ (z >> 5) + m_k[1]; - z += (y << 4) + m_k[2] ^ y + sum ^ (y >> 5) + m_k[3]; - } - - Block::Put(xorBlock, outBlock)(y)(z); -} - -void TEA::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 y, z; - Block::Get(inBlock)(y)(z); - - word32 sum = m_limit; - while (sum != 0) - { - z -= (y << 4) + m_k[2] ^ y + sum ^ (y >> 5) + m_k[3]; - y -= (z << 4) + m_k[0] ^ z + sum ^ (z >> 5) + m_k[1]; - sum -= DELTA; - } - - Block::Put(xorBlock, outBlock)(y)(z); -} - -void XTEA::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms) -{ - AssertValidKeyLength(length); - - GetUserKey(BIG_ENDIAN_ORDER, m_k.begin(), 4, userKey, KEYLENGTH); - m_limit = GetRoundsAndThrowIfInvalid(params, this) * DELTA; -} - -void XTEA::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 y, z; - Block::Get(inBlock)(y)(z); - -#ifdef __SUNPRO_CC - // workaround needed on Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21 - size_t sum = 0; - while ((sum&0xffffffff) != m_limit) -#else - word32 sum = 0; - while (sum != m_limit) -#endif - { - y += (z<<4 ^ z>>5) + z ^ sum + m_k[sum&3]; - sum += DELTA; - z += (y<<4 ^ y>>5) + y ^ sum + m_k[sum>>11 & 3]; - } - - Block::Put(xorBlock, outBlock)(y)(z); -} - -void XTEA::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 y, z; - Block::Get(inBlock)(y)(z); - -#ifdef __SUNPRO_CC - // workaround needed on Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21 - size_t sum = m_limit; - while ((sum&0xffffffff) != 0) -#else - word32 sum = m_limit; - while (sum != 0) -#endif - { - z -= (y<<4 ^ y>>5) + y ^ sum + m_k[sum>>11 & 3]; - sum -= DELTA; - y -= (z<<4 ^ z>>5) + z ^ sum + m_k[sum&3]; - } - - Block::Put(xorBlock, outBlock)(y)(z); -} - -#define MX (z>>5^y<<2)+(y>>3^z<<4)^(sum^y)+(m_k[p&3^e]^z) - -void BTEA::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - unsigned int n = m_blockSize / 4; - word32 *v = (word32*)outBlock; - ConditionalByteReverse(BIG_ENDIAN_ORDER, v, (const word32*)inBlock, m_blockSize); - - word32 y = v[0], z = v[n-1], e; - word32 p, q = 6+52/n; - word32 sum = 0; - - while (q-- > 0) - { - sum += DELTA; - e = sum>>2 & 3; - for (p = 0; p < n-1; p++) - { - y = v[p+1]; - z = v[p] += MX; - } - y = v[0]; - z = v[n-1] += MX; - } - - ConditionalByteReverse(BIG_ENDIAN_ORDER, v, v, m_blockSize); -} - -void BTEA::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - unsigned int n = m_blockSize / 4; - word32 *v = (word32*)outBlock; - ConditionalByteReverse(BIG_ENDIAN_ORDER, v, (const word32*)inBlock, m_blockSize); - - word32 y = v[0], z = v[n-1], e; - word32 p, q = 6+52/n; - word32 sum = q * DELTA; - - while (sum != 0) - { - e = sum>>2 & 3; - for (p = n-1; p > 0; p--) - { - z = v[p-1]; - y = v[p] -= MX; - } - - z = v[n-1]; - y = v[0] -= MX; - sum -= DELTA; - } - - ConditionalByteReverse(BIG_ENDIAN_ORDER, v, v, m_blockSize); -} - -NAMESPACE_END diff --git a/cryptopp562/tea.h b/cryptopp562/tea.h deleted file mode 100644 index d8ddded..0000000 --- a/cryptopp562/tea.h +++ /dev/null @@ -1,132 +0,0 @@ -#ifndef CRYPTOPP_TEA_H -#define CRYPTOPP_TEA_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct TEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public VariableRounds<32> -{ - static const char *StaticAlgorithmName() {return "TEA";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#TEA">TEA</a> -class TEA : public TEA_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<TEA_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - FixedSizeSecBlock<word32, 4> m_k; - word32 m_limit; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef TEA::Encryption TEAEncryption; -typedef TEA::Decryption TEADecryption; - -//! _ -struct XTEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public VariableRounds<32> -{ - static const char *StaticAlgorithmName() {return "XTEA";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#TEA">XTEA</a> -class XTEA : public XTEA_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<XTEA_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - FixedSizeSecBlock<word32, 4> m_k; - word32 m_limit; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -//! _ -struct BTEA_Info : public FixedKeyLength<16> -{ - static const char *StaticAlgorithmName() {return "BTEA";} -}; - -//! <a href="http://www.weidai.com/scan-mirror/cs.html#TEA">corrected Block TEA</a> (as described in "xxtea"). -/*! This class hasn't been tested yet. */ -class BTEA : public BTEA_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public AlgorithmImpl<SimpleKeyingInterfaceImpl<BlockCipher, BTEA_Info>, BTEA_Info>, public BTEA_Info - { - public: - void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) - { - m_blockSize = params.GetIntValueWithDefault("BlockSize", 60*4); - GetUserKey(BIG_ENDIAN_ORDER, m_k.begin(), 4, key, KEYLENGTH); - } - - unsigned int BlockSize() const {return m_blockSize;} - - protected: - FixedSizeSecBlock<word32, 4> m_k; - unsigned int m_blockSize; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/test.cpp b/cryptopp562/test.cpp deleted file mode 100644 index 5ef7e4a..0000000 --- a/cryptopp562/test.cpp +++ /dev/null @@ -1,852 +0,0 @@ -// test.cpp - written and placed in the public domain by Wei Dai - -#define _CRT_SECURE_NO_DEPRECATE -#define CRYPTOPP_DEFAULT_NO_DLL -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 - -#include "dll.h" -#include "md5.h" -#include "ripemd.h" -#include "rng.h" -#include "gzip.h" -#include "default.h" -#include "randpool.h" -#include "ida.h" -#include "base64.h" -#include "socketft.h" -#include "wait.h" -#include "factory.h" -#include "whrlpool.h" -#include "tiger.h" - -#include "validate.h" -#include "bench.h" - -#include <iostream> -#include <time.h> - -#ifdef CRYPTOPP_WIN32_AVAILABLE -#include <windows.h> -#endif - -#if defined(USE_BERKELEY_STYLE_SOCKETS) && !defined(macintosh) -#include <netinet/in.h> -#include <netinet/tcp.h> -#endif - -#if (_MSC_VER >= 1000) -#include <crtdbg.h> // for the debug heap -#endif - -#if defined(__MWERKS__) && defined(macintosh) -#include <console.h> -#endif - -#ifdef __BORLANDC__ -#pragma comment(lib, "cryptlib_bds.lib") -#pragma comment(lib, "ws2_32.lib") -#endif - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -const int MAX_PHRASE_LENGTH=250; - -void RegisterFactories(); - -void GenerateRSAKey(unsigned int keyLength, const char *privFilename, const char *pubFilename, const char *seed); -string RSAEncryptString(const char *pubFilename, const char *seed, const char *message); -string RSADecryptString(const char *privFilename, const char *ciphertext); -void RSASignFile(const char *privFilename, const char *messageFilename, const char *signatureFilename); -bool RSAVerifyFile(const char *pubFilename, const char *messageFilename, const char *signatureFilename); - -void DigestFile(const char *file); -void HmacFile(const char *hexKey, const char *file); - -void AES_CTR_Encrypt(const char *hexKey, const char *hexIV, const char *infile, const char *outfile); - -string EncryptString(const char *plaintext, const char *passPhrase); -string DecryptString(const char *ciphertext, const char *passPhrase); - -void EncryptFile(const char *in, const char *out, const char *passPhrase); -void DecryptFile(const char *in, const char *out, const char *passPhrase); - -void SecretShareFile(int threshold, int nShares, const char *filename, const char *seed); -void SecretRecoverFile(int threshold, const char *outFilename, char *const *inFilenames); - -void InformationDisperseFile(int threshold, int nShares, const char *filename); -void InformationRecoverFile(int threshold, const char *outFilename, char *const *inFilenames); - -void GzipFile(const char *in, const char *out, int deflate_level); -void GunzipFile(const char *in, const char *out); - -void Base64Encode(const char *infile, const char *outfile); -void Base64Decode(const char *infile, const char *outfile); -void HexEncode(const char *infile, const char *outfile); -void HexDecode(const char *infile, const char *outfile); - -void ForwardTcpPort(const char *sourcePort, const char *destinationHost, const char *destinationPort); - -void FIPS140_SampleApplication(); -void FIPS140_GenerateRandomFiles(); - -bool Validate(int, bool, const char *); - -int (*AdhocTest)(int argc, char *argv[]) = NULL; - -static OFB_Mode<AES>::Encryption s_globalRNG; - -RandomNumberGenerator & GlobalRNG() -{ - return s_globalRNG; -} - -/*int CRYPTOPP_API main(int argc, char *argv[]) -{ -#ifdef _CRTDBG_LEAK_CHECK_DF - // Turn on leak-checking - int tempflag = _CrtSetDbgFlag( _CRTDBG_REPORT_FLAG ); - tempflag |= _CRTDBG_LEAK_CHECK_DF; - _CrtSetDbgFlag( tempflag ); -#endif - -#if defined(__MWERKS__) && defined(macintosh) - argc = ccommand(&argv); -#endif - - try - { - RegisterFactories(); - - std::string seed = IntToString(time(NULL)); - seed.resize(16); - s_globalRNG.SetKeyWithIV((byte *)seed.data(), 16, (byte *)seed.data()); - - std::string command, executableName, macFilename; - - if (argc < 2) - command = 'h'; - else - command = argv[1]; - - if (command == "g") - { - char seed[1024], privFilename[128], pubFilename[128]; - unsigned int keyLength; - - cout << "Key length in bits: "; - cin >> keyLength; - - cout << "\nSave private key to file: "; - cin >> privFilename; - - cout << "\nSave public key to file: "; - cin >> pubFilename; - - cout << "\nRandom Seed: "; - ws(cin); - cin.getline(seed, 1024); - - GenerateRSAKey(keyLength, privFilename, pubFilename, seed); - } - else if (command == "rs") - RSASignFile(argv[2], argv[3], argv[4]); - else if (command == "rv") - { - bool verified = RSAVerifyFile(argv[2], argv[3], argv[4]); - cout << (verified ? "valid signature" : "invalid signature") << endl; - } - else if (command == "r") - { - char privFilename[128], pubFilename[128]; - char seed[1024], message[1024]; - - cout << "Private key file: "; - cin >> privFilename; - - cout << "\nPublic key file: "; - cin >> pubFilename; - - cout << "\nRandom Seed: "; - ws(cin); - cin.getline(seed, 1024); - - cout << "\nMessage: "; - cin.getline(message, 1024); - - string ciphertext = RSAEncryptString(pubFilename, seed, message); - cout << "\nCiphertext: " << ciphertext << endl; - - string decrypted = RSADecryptString(privFilename, ciphertext.c_str()); - cout << "\nDecrypted: " << decrypted << endl; - } - else if (command == "mt") - { - MaurerRandomnessTest mt; - FileStore fs(argv[2]); - fs.TransferAllTo(mt); - cout << "Maurer Test Value: " << mt.GetTestValue() << endl; - } - else if (command == "mac_dll") - { - // sanity check on file size - std::fstream dllFile(argv[2], ios::in | ios::out | ios::binary); - std::ifstream::pos_type fileEnd = dllFile.seekg(0, std::ios_base::end).tellg(); - if (fileEnd > 20*1000*1000) - { - cerr << "Input file too large (more than 20 MB).\n"; - return 1; - } - - // read file into memory - unsigned int fileSize = (unsigned int)fileEnd; - SecByteBlock buf(fileSize); - dllFile.seekg(0, std::ios_base::beg); - dllFile.read((char *)buf.begin(), fileSize); - - // find positions of relevant sections in the file, based on version 8 of documentation from http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx - word32 coffPos = *(word16 *)(buf+0x3c); - word32 optionalHeaderPos = coffPos + 24; - word16 optionalHeaderMagic = *(word16 *)(buf+optionalHeaderPos); - if (optionalHeaderMagic != 0x10b && optionalHeaderMagic != 0x20b) - { - cerr << "Target file is not a PE32 or PE32+ image.\n"; - return 3; - } - word32 checksumPos = optionalHeaderPos + 64; - word32 certificateTableDirectoryPos = optionalHeaderPos + (optionalHeaderMagic == 0x10b ? 128 : 144); - word32 certificateTablePos = *(word32 *)(buf+certificateTableDirectoryPos); - word32 certificateTableSize = *(word32 *)(buf+certificateTableDirectoryPos+4); - if (certificateTableSize != 0) - cerr << "Warning: certificate table (IMAGE_DIRECTORY_ENTRY_SECURITY) of target image is not empty.\n"; - - // find where to place computed MAC - byte mac[] = CRYPTOPP_DUMMY_DLL_MAC; - byte *found = std::search(buf.begin(), buf.end(), mac+0, mac+sizeof(mac)); - if (found == buf.end()) - { - cerr << "MAC placeholder not found. Possibly the actual MAC was already placed.\n"; - return 2; - } - word32 macPos = (unsigned int)(found-buf.begin()); - - // compute MAC - member_ptr<MessageAuthenticationCode> pMac(NewIntegrityCheckingMAC()); - assert(pMac->DigestSize() == sizeof(mac)); - MeterFilter f(new HashFilter(*pMac, new ArraySink(mac, sizeof(mac)))); - f.AddRangeToSkip(0, checksumPos, 4); - f.AddRangeToSkip(0, certificateTableDirectoryPos, 8); - f.AddRangeToSkip(0, macPos, sizeof(mac)); - f.AddRangeToSkip(0, certificateTablePos, certificateTableSize); - f.PutMessageEnd(buf.begin(), buf.size()); - - // place MAC - cout << "Placing MAC in file " << argv[2] << ", location " << macPos << ".\n"; - dllFile.seekg(macPos, std::ios_base::beg); - dllFile.write((char *)mac, sizeof(mac)); - } - else if (command == "m") - DigestFile(argv[2]); - else if (command == "tv") - { - std::string fname = argv[2]; - if (fname.find(".txt") == std::string::npos) - fname = "TestVectors/" + fname + ".txt"; - return !RunTestDataFile(fname.c_str()); - } - else if (command == "t") - { - // VC60 workaround: use char array instead of std::string to workaround MSVC's getline bug - char passPhrase[MAX_PHRASE_LENGTH], plaintext[1024]; - - cout << "Passphrase: "; - cin.getline(passPhrase, MAX_PHRASE_LENGTH); - - cout << "\nPlaintext: "; - cin.getline(plaintext, 1024); - - string ciphertext = EncryptString(plaintext, passPhrase); - cout << "\nCiphertext: " << ciphertext << endl; - - string decrypted = DecryptString(ciphertext.c_str(), passPhrase); - cout << "\nDecrypted: " << decrypted << endl; - - return 0; - } - else if (command == "e64") - Base64Encode(argv[2], argv[3]); - else if (command == "d64") - Base64Decode(argv[2], argv[3]); - else if (command == "e16") - HexEncode(argv[2], argv[3]); - else if (command == "d16") - HexDecode(argv[2], argv[3]); - else if (command == "e" || command == "d") - { - char passPhrase[MAX_PHRASE_LENGTH]; - cout << "Passphrase: "; - cin.getline(passPhrase, MAX_PHRASE_LENGTH); - if (command == "e") - EncryptFile(argv[2], argv[3], passPhrase); - else - DecryptFile(argv[2], argv[3], passPhrase); - } - else if (command == "ss") - { - char seed[1024]; - cout << "\nRandom Seed: "; - ws(cin); - cin.getline(seed, 1024); - SecretShareFile(atoi(argv[2]), atoi(argv[3]), argv[4], seed); - } - else if (command == "sr") - SecretRecoverFile(argc-3, argv[2], argv+3); - else if (command == "id") - InformationDisperseFile(atoi(argv[2]), atoi(argv[3]), argv[4]); - else if (command == "ir") - InformationRecoverFile(argc-3, argv[2], argv+3); - else if (command == "v" || command == "vv") - return !Validate(argc>2 ? atoi(argv[2]) : 0, argv[1][1] == 'v', argc>3 ? argv[3] : NULL); - else if (command == "b") - BenchmarkAll(argc<3 ? 1 : atof(argv[2]), argc<4 ? 0 : atof(argv[3])*1e9); - else if (command == "b2") - BenchmarkAll2(argc<3 ? 1 : atof(argv[2]), argc<4 ? 0 : atof(argv[3])*1e9); - else if (command == "z") - GzipFile(argv[3], argv[4], argv[2][0]-'0'); - else if (command == "u") - GunzipFile(argv[2], argv[3]); - else if (command == "fips") - FIPS140_SampleApplication(); - else if (command == "fips-rand") - FIPS140_GenerateRandomFiles(); - else if (command == "ft") - ForwardTcpPort(argv[2], argv[3], argv[4]); - else if (command == "a") - { - if (AdhocTest) - return (*AdhocTest)(argc, argv); - else - { - cerr << "AdhocTest not defined.\n"; - return 1; - } - } - else if (command == "hmac") - HmacFile(argv[2], argv[3]); - else if (command == "ae") - AES_CTR_Encrypt(argv[2], argv[3], argv[4], argv[5]); - else if (command == "h") - { - FileSource usage("TestData/usage.dat", true, new FileSink(cout)); - return 1; - } - else if (command == "V") - { - cout << CRYPTOPP_VERSION / 100 << '.' << (CRYPTOPP_VERSION % 100) / 10 << '.' << CRYPTOPP_VERSION % 10 << endl; - } - else - { - cerr << "Unrecognized command. Run \"cryptest h\" to obtain usage information.\n"; - return 1; - } - return 0; - } - catch(CryptoPP::Exception &e) - { - cout << "\nCryptoPP::Exception caught: " << e.what() << endl; - return -1; - } - catch(std::exception &e) - { - cout << "\nstd::exception caught: " << e.what() << endl; - return -2; - } -}*/ - -void FIPS140_GenerateRandomFiles() -{ -#ifdef OS_RNG_AVAILABLE - DefaultAutoSeededRNG rng; - RandomNumberStore store(rng, ULONG_MAX); - - for (unsigned int i=0; i<100000; i++) - store.TransferTo(FileSink((IntToString(i) + ".rnd").c_str()).Ref(), 20000); -#else - cout << "OS provided RNG not available.\n"; - exit(-1); -#endif -} - -SecByteBlock HexDecodeString(const char *hex) -{ - StringSource ss(hex, true, new HexDecoder); - SecByteBlock result((size_t)ss.MaxRetrievable()); - ss.Get(result, result.size()); - return result; -} - -void GenerateRSAKey(unsigned int keyLength, const char *privFilename, const char *pubFilename, const char *seed) -{ - RandomPool randPool; - randPool.IncorporateEntropy((byte *)seed, strlen(seed)); - - RSAES_OAEP_SHA_Decryptor priv(randPool, keyLength); - HexEncoder privFile(new FileSink(privFilename)); - priv.DEREncode(privFile); - privFile.MessageEnd(); - - RSAES_OAEP_SHA_Encryptor pub(priv); - HexEncoder pubFile(new FileSink(pubFilename)); - pub.DEREncode(pubFile); - pubFile.MessageEnd(); -} - -string RSAEncryptString(const char *pubFilename, const char *seed, const char *message) -{ - FileSource pubFile(pubFilename, true, new HexDecoder); - RSAES_OAEP_SHA_Encryptor pub(pubFile); - - RandomPool randPool; - randPool.IncorporateEntropy((byte *)seed, strlen(seed)); - - string result; - StringSource(message, true, new PK_EncryptorFilter(randPool, pub, new HexEncoder(new StringSink(result)))); - return result; -} - -string RSADecryptString(const char *privFilename, const char *ciphertext) -{ - FileSource privFile(privFilename, true, new HexDecoder); - RSAES_OAEP_SHA_Decryptor priv(privFile); - - string result; - StringSource(ciphertext, true, new HexDecoder(new PK_DecryptorFilter(GlobalRNG(), priv, new StringSink(result)))); - return result; -} - -void RSASignFile(const char *privFilename, const char *messageFilename, const char *signatureFilename) -{ - FileSource privFile(privFilename, true, new HexDecoder); - RSASS<PKCS1v15, SHA>::Signer priv(privFile); - FileSource f(messageFilename, true, new SignerFilter(GlobalRNG(), priv, new HexEncoder(new FileSink(signatureFilename)))); -} - -bool RSAVerifyFile(const char *pubFilename, const char *messageFilename, const char *signatureFilename) -{ - FileSource pubFile(pubFilename, true, new HexDecoder); - RSASS<PKCS1v15, SHA>::Verifier pub(pubFile); - - FileSource signatureFile(signatureFilename, true, new HexDecoder); - if (signatureFile.MaxRetrievable() != pub.SignatureLength()) - return false; - SecByteBlock signature(pub.SignatureLength()); - signatureFile.Get(signature, signature.size()); - - VerifierFilter *verifierFilter = new VerifierFilter(pub); - verifierFilter->Put(signature, pub.SignatureLength()); - FileSource f(messageFilename, true, verifierFilter); - - return verifierFilter->GetLastResult(); -} - -void DigestFile(const char *filename) -{ - SHA1 sha; - RIPEMD160 ripemd; - SHA256 sha256; - Tiger tiger; - SHA512 sha512; - Whirlpool whirlpool; - vector_member_ptrs<HashFilter> filters(6); - filters[0].reset(new HashFilter(sha)); - filters[1].reset(new HashFilter(ripemd)); - filters[2].reset(new HashFilter(tiger)); - filters[3].reset(new HashFilter(sha256)); - filters[4].reset(new HashFilter(sha512)); - filters[5].reset(new HashFilter(whirlpool)); - - auto_ptr<ChannelSwitch> channelSwitch(new ChannelSwitch); - size_t i; - for (i=0; i<filters.size(); i++) - channelSwitch->AddDefaultRoute(*filters[i]); - FileSource(filename, true, channelSwitch.release()); - - HexEncoder encoder(new FileSink(cout), false); - for (i=0; i<filters.size(); i++) - { - cout << filters[i]->AlgorithmName() << ": "; - filters[i]->TransferTo(encoder); - cout << "\n"; - } -} - -void HmacFile(const char *hexKey, const char *file) -{ - member_ptr<MessageAuthenticationCode> mac; - if (strcmp(hexKey, "selftest") == 0) - { - cerr << "Computing HMAC/SHA1 value for self test.\n"; - mac.reset(NewIntegrityCheckingMAC()); - } - else - { - std::string decodedKey; - StringSource(hexKey, true, new HexDecoder(new StringSink(decodedKey))); - mac.reset(new HMAC<SHA1>((const byte *)decodedKey.data(), decodedKey.size())); - } - FileSource(file, true, new HashFilter(*mac, new HexEncoder(new FileSink(cout)))); -} - -void AES_CTR_Encrypt(const char *hexKey, const char *hexIV, const char *infile, const char *outfile) -{ - SecByteBlock key = HexDecodeString(hexKey); - SecByteBlock iv = HexDecodeString(hexIV); - CTR_Mode<AES>::Encryption aes(key, key.size(), iv); - FileSource(infile, true, new StreamTransformationFilter(aes, new FileSink(outfile))); -} - -string EncryptString(const char *instr, const char *passPhrase) -{ - string outstr; - - DefaultEncryptorWithMAC encryptor(passPhrase, new HexEncoder(new StringSink(outstr))); - encryptor.Put((byte *)instr, strlen(instr)); - encryptor.MessageEnd(); - - return outstr; -} - -string DecryptString(const char *instr, const char *passPhrase) -{ - string outstr; - - HexDecoder decryptor(new DefaultDecryptorWithMAC(passPhrase, new StringSink(outstr))); - decryptor.Put((byte *)instr, strlen(instr)); - decryptor.MessageEnd(); - - return outstr; -} - -void EncryptFile(const char *in, const char *out, const char *passPhrase) -{ - FileSource f(in, true, new DefaultEncryptorWithMAC(passPhrase, new FileSink(out))); -} - -void DecryptFile(const char *in, const char *out, const char *passPhrase) -{ - FileSource f(in, true, new DefaultDecryptorWithMAC(passPhrase, new FileSink(out))); -} - -void SecretShareFile(int threshold, int nShares, const char *filename, const char *seed) -{ - assert(nShares<=1000); - - RandomPool rng; - rng.IncorporateEntropy((byte *)seed, strlen(seed)); - - ChannelSwitch *channelSwitch; - FileSource source(filename, false, new SecretSharing(rng, threshold, nShares, channelSwitch = new ChannelSwitch)); - - vector_member_ptrs<FileSink> fileSinks(nShares); - string channel; - for (int i=0; i<nShares; i++) - { - char extension[5] = ".000"; - extension[1]='0'+byte(i/100); - extension[2]='0'+byte((i/10)%10); - extension[3]='0'+byte(i%10); - fileSinks[i].reset(new FileSink((string(filename)+extension).c_str())); - - channel = WordToString<word32>(i); - fileSinks[i]->Put((byte *)channel.data(), 4); - channelSwitch->AddRoute(channel, *fileSinks[i], DEFAULT_CHANNEL); - } - - source.PumpAll(); -} - -void SecretRecoverFile(int threshold, const char *outFilename, char *const *inFilenames) -{ - assert(threshold<=1000); - - SecretRecovery recovery(threshold, new FileSink(outFilename)); - - vector_member_ptrs<FileSource> fileSources(threshold); - SecByteBlock channel(4); - int i; - for (i=0; i<threshold; i++) - { - fileSources[i].reset(new FileSource(inFilenames[i], false)); - fileSources[i]->Pump(4); - fileSources[i]->Get(channel, 4); - fileSources[i]->Attach(new ChannelSwitch(recovery, string((char *)channel.begin(), 4))); - } - - while (fileSources[0]->Pump(256)) - for (i=1; i<threshold; i++) - fileSources[i]->Pump(256); - - for (i=0; i<threshold; i++) - fileSources[i]->PumpAll(); -} - -void InformationDisperseFile(int threshold, int nShares, const char *filename) -{ - assert(nShares<=1000); - - ChannelSwitch *channelSwitch; - FileSource source(filename, false, new InformationDispersal(threshold, nShares, channelSwitch = new ChannelSwitch)); - - vector_member_ptrs<FileSink> fileSinks(nShares); - string channel; - for (int i=0; i<nShares; i++) - { - char extension[5] = ".000"; - extension[1]='0'+byte(i/100); - extension[2]='0'+byte((i/10)%10); - extension[3]='0'+byte(i%10); - fileSinks[i].reset(new FileSink((string(filename)+extension).c_str())); - - channel = WordToString<word32>(i); - fileSinks[i]->Put((byte *)channel.data(), 4); - channelSwitch->AddRoute(channel, *fileSinks[i], DEFAULT_CHANNEL); - } - - source.PumpAll(); -} - -void InformationRecoverFile(int threshold, const char *outFilename, char *const *inFilenames) -{ - assert(threshold<=1000); - - InformationRecovery recovery(threshold, new FileSink(outFilename)); - - vector_member_ptrs<FileSource> fileSources(threshold); - SecByteBlock channel(4); - int i; - for (i=0; i<threshold; i++) - { - fileSources[i].reset(new FileSource(inFilenames[i], false)); - fileSources[i]->Pump(4); - fileSources[i]->Get(channel, 4); - fileSources[i]->Attach(new ChannelSwitch(recovery, string((char *)channel.begin(), 4))); - } - - while (fileSources[0]->Pump(256)) - for (i=1; i<threshold; i++) - fileSources[i]->Pump(256); - - for (i=0; i<threshold; i++) - fileSources[i]->PumpAll(); -} - -void GzipFile(const char *in, const char *out, int deflate_level) -{ -// FileSource(in, true, new Gzip(new FileSink(out), deflate_level)); - - // use a filter graph to compare decompressed data with original - // - // Source ----> Gzip ------> Sink - // \ | - // \ Gunzip - // \ | - // \ v - // > ComparisonFilter - - EqualityComparisonFilter comparison; - - Gunzip gunzip(new ChannelSwitch(comparison, "0")); - gunzip.SetAutoSignalPropagation(0); - - FileSink sink(out); - - ChannelSwitch *cs; - Gzip gzip(cs = new ChannelSwitch(sink), deflate_level); - cs->AddDefaultRoute(gunzip); - - cs = new ChannelSwitch(gzip); - cs->AddDefaultRoute(comparison, "1"); - FileSource source(in, true, cs); - - comparison.ChannelMessageSeriesEnd("0"); - comparison.ChannelMessageSeriesEnd("1"); -} - -void GunzipFile(const char *in, const char *out) -{ - FileSource(in, true, new Gunzip(new FileSink(out))); -} - -void Base64Encode(const char *in, const char *out) -{ - FileSource(in, true, new Base64Encoder(new FileSink(out))); -} - -void Base64Decode(const char *in, const char *out) -{ - FileSource(in, true, new Base64Decoder(new FileSink(out))); -} - -void HexEncode(const char *in, const char *out) -{ - FileSource(in, true, new HexEncoder(new FileSink(out))); -} - -void HexDecode(const char *in, const char *out) -{ - FileSource(in, true, new HexDecoder(new FileSink(out))); -} - -void ForwardTcpPort(const char *sourcePortName, const char *destinationHost, const char *destinationPortName) -{ -#ifdef SOCKETS_AVAILABLE - SocketsInitializer sockInit; - - Socket sockListen, sockSource, sockDestination; - - int sourcePort = Socket::PortNameToNumber(sourcePortName); - int destinationPort = Socket::PortNameToNumber(destinationPortName); - - sockListen.Create(); - sockListen.Bind(sourcePort); - setsockopt(sockListen, IPPROTO_TCP, TCP_NODELAY, "\x01", 1); - - cout << "Listing on port " << sourcePort << ".\n"; - sockListen.Listen(); - - sockListen.Accept(sockSource); - cout << "Connection accepted on port " << sourcePort << ".\n"; - sockListen.CloseSocket(); - - cout << "Making connection to " << destinationHost << ", port " << destinationPort << ".\n"; - sockDestination.Create(); - sockDestination.Connect(destinationHost, destinationPort); - - cout << "Connection made to " << destinationHost << ", starting to forward.\n"; - - SocketSource out(sockSource, false, new SocketSink(sockDestination)); - SocketSource in(sockDestination, false, new SocketSink(sockSource)); - - WaitObjectContainer waitObjects; - - while (!(in.SourceExhausted() && out.SourceExhausted())) - { - waitObjects.Clear(); - - out.GetWaitObjects(waitObjects, CallStack("ForwardTcpPort - out", NULL)); - in.GetWaitObjects(waitObjects, CallStack("ForwardTcpPort - in", NULL)); - - waitObjects.Wait(INFINITE_TIME); - - if (!out.SourceExhausted()) - { - cout << "o" << flush; - out.PumpAll2(false); - if (out.SourceExhausted()) - cout << "EOF received on source socket.\n"; - } - - if (!in.SourceExhausted()) - { - cout << "i" << flush; - in.PumpAll2(false); - if (in.SourceExhausted()) - cout << "EOF received on destination socket.\n"; - } - } -#else - cout << "Socket support was not enabled at compile time.\n"; - exit(-1); -#endif -} - -bool Validate(int alg, bool thorough, const char *seedInput) -{ - bool result; - - std::string seed = seedInput ? std::string(seedInput) : IntToString(time(NULL)); - seed.resize(16); - - cout << "Using seed: " << seed << endl << endl; - s_globalRNG.SetKeyWithIV((byte *)seed.data(), 16, (byte *)seed.data()); - - switch (alg) - { - case 0: result = ValidateAll(thorough); break; - case 1: result = TestSettings(); break; - case 2: result = TestOS_RNG(); break; - case 3: result = ValidateMD5(); break; - case 4: result = ValidateSHA(); break; - case 5: result = ValidateDES(); break; - case 6: result = ValidateIDEA(); break; - case 7: result = ValidateARC4(); break; - case 8: result = ValidateRC5(); break; - case 9: result = ValidateBlowfish(); break; -// case 10: result = ValidateDiamond2(); break; - case 11: result = ValidateThreeWay(); break; - case 12: result = ValidateBBS(); break; - case 13: result = ValidateDH(); break; - case 14: result = ValidateRSA(); break; - case 15: result = ValidateElGamal(); break; - case 16: result = ValidateDSA(thorough); break; -// case 17: result = ValidateHAVAL(); break; - case 18: result = ValidateSAFER(); break; - case 19: result = ValidateLUC(); break; - case 20: result = ValidateRabin(); break; -// case 21: result = ValidateBlumGoldwasser(); break; - case 22: result = ValidateECP(); break; - case 23: result = ValidateEC2N(); break; -// case 24: result = ValidateMD5MAC(); break; - case 25: result = ValidateGOST(); break; - case 26: result = ValidateTiger(); break; - case 27: result = ValidateRIPEMD(); break; - case 28: result = ValidateHMAC(); break; -// case 29: result = ValidateXMACC(); break; - case 30: result = ValidateSHARK(); break; - case 32: result = ValidateLUC_DH(); break; - case 33: result = ValidateLUC_DL(); break; - case 34: result = ValidateSEAL(); break; - case 35: result = ValidateCAST(); break; - case 36: result = ValidateSquare(); break; - case 37: result = ValidateRC2(); break; - case 38: result = ValidateRC6(); break; - case 39: result = ValidateMARS(); break; - case 40: result = ValidateRW(); break; - case 41: result = ValidateMD2(); break; - case 42: result = ValidateNR(); break; - case 43: result = ValidateMQV(); break; - case 44: result = ValidateRijndael(); break; - case 45: result = ValidateTwofish(); break; - case 46: result = ValidateSerpent(); break; - case 47: result = ValidateCipherModes(); break; - case 48: result = ValidateCRC32(); break; - case 49: result = ValidateECDSA(); break; - case 50: result = ValidateXTR_DH(); break; - case 51: result = ValidateSKIPJACK(); break; - case 52: result = ValidateSHA2(); break; - case 53: result = ValidatePanama(); break; - case 54: result = ValidateAdler32(); break; - case 55: result = ValidateMD4(); break; - case 56: result = ValidatePBKDF(); break; - case 57: result = ValidateESIGN(); break; - case 58: result = ValidateDLIES(); break; - case 59: result = ValidateBaseCode(); break; - case 60: result = ValidateSHACAL2(); break; - case 61: result = ValidateCamellia(); break; - case 62: result = ValidateWhirlpool(); break; - case 63: result = ValidateTTMAC(); break; - case 64: result = ValidateSalsa(); break; - case 65: result = ValidateSosemanuk(); break; - case 66: result = ValidateVMAC(); break; - case 67: result = ValidateCCM(); break; - case 68: result = ValidateGCM(); break; - case 69: result = ValidateCMAC(); break; - default: return false; - } - - time_t endTime = time(NULL); - cout << "\nTest ended at " << asctime(localtime(&endTime)); - cout << "Seed used was: " << seed << endl; - - return result; -} diff --git a/cryptopp562/tftables.cpp b/cryptopp562/tftables.cpp deleted file mode 100644 index dc654cf..0000000 --- a/cryptopp562/tftables.cpp +++ /dev/null @@ -1,317 +0,0 @@ -// Twofish tables - -#include "pch.h" -#include "twofish.h" - -NAMESPACE_BEGIN(CryptoPP) - -const byte Twofish::Base::q[2][256] = { - 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78, - 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, - 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30, - 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, - 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE, - 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, - 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45, - 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, - 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF, - 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, - 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED, - 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, - 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B, - 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, - 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F, - 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, - 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17, - 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, - 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68, - 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, - 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42, - 0x4A, 0x5E, 0xC1, 0xE0, - - 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B, - 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, - 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B, - 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, - 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54, - 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, - 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7, - 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, - 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF, - 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, - 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D, - 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, - 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21, - 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, - 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E, - 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, - 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44, - 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, - 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B, - 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, - 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56, - 0x55, 0x09, 0xBE, 0x91 -}; - -const word32 Twofish::Base::mds[4][256] = { - 0xbcbc3275, 0xecec21f3, 0x202043c6, 0xb3b3c9f4, - 0xdada03db, 0x02028b7b, 0xe2e22bfb, 0x9e9efac8, - 0xc9c9ec4a, 0xd4d409d3, 0x18186be6, 0x1e1e9f6b, - 0x98980e45, 0xb2b2387d, 0xa6a6d2e8, 0x2626b74b, - 0x3c3c57d6, 0x93938a32, 0x8282eed8, 0x525298fd, - 0x7b7bd437, 0xbbbb3771, 0x5b5b97f1, 0x474783e1, - 0x24243c30, 0x5151e20f, 0xbabac6f8, 0x4a4af31b, - 0xbfbf4887, 0x0d0d70fa, 0xb0b0b306, 0x7575de3f, - 0xd2d2fd5e, 0x7d7d20ba, 0x666631ae, 0x3a3aa35b, - 0x59591c8a, 0x00000000, 0xcdcd93bc, 0x1a1ae09d, - 0xaeae2c6d, 0x7f7fabc1, 0x2b2bc7b1, 0xbebeb90e, - 0xe0e0a080, 0x8a8a105d, 0x3b3b52d2, 0x6464bad5, - 0xd8d888a0, 0xe7e7a584, 0x5f5fe807, 0x1b1b1114, - 0x2c2cc2b5, 0xfcfcb490, 0x3131272c, 0x808065a3, - 0x73732ab2, 0x0c0c8173, 0x79795f4c, 0x6b6b4154, - 0x4b4b0292, 0x53536974, 0x94948f36, 0x83831f51, - 0x2a2a3638, 0xc4c49cb0, 0x2222c8bd, 0xd5d5f85a, - 0xbdbdc3fc, 0x48487860, 0xffffce62, 0x4c4c0796, - 0x4141776c, 0xc7c7e642, 0xebeb24f7, 0x1c1c1410, - 0x5d5d637c, 0x36362228, 0x6767c027, 0xe9e9af8c, - 0x4444f913, 0x1414ea95, 0xf5f5bb9c, 0xcfcf18c7, - 0x3f3f2d24, 0xc0c0e346, 0x7272db3b, 0x54546c70, - 0x29294cca, 0xf0f035e3, 0x0808fe85, 0xc6c617cb, - 0xf3f34f11, 0x8c8ce4d0, 0xa4a45993, 0xcaca96b8, - 0x68683ba6, 0xb8b84d83, 0x38382820, 0xe5e52eff, - 0xadad569f, 0x0b0b8477, 0xc8c81dc3, 0x9999ffcc, - 0x5858ed03, 0x19199a6f, 0x0e0e0a08, 0x95957ebf, - 0x70705040, 0xf7f730e7, 0x6e6ecf2b, 0x1f1f6ee2, - 0xb5b53d79, 0x09090f0c, 0x616134aa, 0x57571682, - 0x9f9f0b41, 0x9d9d803a, 0x111164ea, 0x2525cdb9, - 0xafafdde4, 0x4545089a, 0xdfdf8da4, 0xa3a35c97, - 0xeaead57e, 0x353558da, 0xededd07a, 0x4343fc17, - 0xf8f8cb66, 0xfbfbb194, 0x3737d3a1, 0xfafa401d, - 0xc2c2683d, 0xb4b4ccf0, 0x32325dde, 0x9c9c71b3, - 0x5656e70b, 0xe3e3da72, 0x878760a7, 0x15151b1c, - 0xf9f93aef, 0x6363bfd1, 0x3434a953, 0x9a9a853e, - 0xb1b1428f, 0x7c7cd133, 0x88889b26, 0x3d3da65f, - 0xa1a1d7ec, 0xe4e4df76, 0x8181942a, 0x91910149, - 0x0f0ffb81, 0xeeeeaa88, 0x161661ee, 0xd7d77321, - 0x9797f5c4, 0xa5a5a81a, 0xfefe3feb, 0x6d6db5d9, - 0x7878aec5, 0xc5c56d39, 0x1d1de599, 0x7676a4cd, - 0x3e3edcad, 0xcbcb6731, 0xb6b6478b, 0xefef5b01, - 0x12121e18, 0x6060c523, 0x6a6ab0dd, 0x4d4df61f, - 0xcecee94e, 0xdede7c2d, 0x55559df9, 0x7e7e5a48, - 0x2121b24f, 0x03037af2, 0xa0a02665, 0x5e5e198e, - 0x5a5a6678, 0x65654b5c, 0x62624e58, 0xfdfd4519, - 0x0606f48d, 0x404086e5, 0xf2f2be98, 0x3333ac57, - 0x17179067, 0x05058e7f, 0xe8e85e05, 0x4f4f7d64, - 0x89896aaf, 0x10109563, 0x74742fb6, 0x0a0a75fe, - 0x5c5c92f5, 0x9b9b74b7, 0x2d2d333c, 0x3030d6a5, - 0x2e2e49ce, 0x494989e9, 0x46467268, 0x77775544, - 0xa8a8d8e0, 0x9696044d, 0x2828bd43, 0xa9a92969, - 0xd9d97929, 0x8686912e, 0xd1d187ac, 0xf4f44a15, - 0x8d8d1559, 0xd6d682a8, 0xb9b9bc0a, 0x42420d9e, - 0xf6f6c16e, 0x2f2fb847, 0xdddd06df, 0x23233934, - 0xcccc6235, 0xf1f1c46a, 0xc1c112cf, 0x8585ebdc, - 0x8f8f9e22, 0x7171a1c9, 0x9090f0c0, 0xaaaa539b, - 0x0101f189, 0x8b8be1d4, 0x4e4e8ced, 0x8e8e6fab, - 0xababa212, 0x6f6f3ea2, 0xe6e6540d, 0xdbdbf252, - 0x92927bbb, 0xb7b7b602, 0x6969ca2f, 0x3939d9a9, - 0xd3d30cd7, 0xa7a72361, 0xa2a2ad1e, 0xc3c399b4, - 0x6c6c4450, 0x07070504, 0x04047ff6, 0x272746c2, - 0xacaca716, 0xd0d07625, 0x50501386, 0xdcdcf756, - 0x84841a55, 0xe1e15109, 0x7a7a25be, 0x1313ef91, - - 0xa9d93939, 0x67901717, 0xb3719c9c, 0xe8d2a6a6, - 0x04050707, 0xfd985252, 0xa3658080, 0x76dfe4e4, - 0x9a084545, 0x92024b4b, 0x80a0e0e0, 0x78665a5a, - 0xe4ddafaf, 0xddb06a6a, 0xd1bf6363, 0x38362a2a, - 0x0d54e6e6, 0xc6432020, 0x3562cccc, 0x98bef2f2, - 0x181e1212, 0xf724ebeb, 0xecd7a1a1, 0x6c774141, - 0x43bd2828, 0x7532bcbc, 0x37d47b7b, 0x269b8888, - 0xfa700d0d, 0x13f94444, 0x94b1fbfb, 0x485a7e7e, - 0xf27a0303, 0xd0e48c8c, 0x8b47b6b6, 0x303c2424, - 0x84a5e7e7, 0x54416b6b, 0xdf06dddd, 0x23c56060, - 0x1945fdfd, 0x5ba33a3a, 0x3d68c2c2, 0x59158d8d, - 0xf321ecec, 0xae316666, 0xa23e6f6f, 0x82165757, - 0x63951010, 0x015befef, 0x834db8b8, 0x2e918686, - 0xd9b56d6d, 0x511f8383, 0x9b53aaaa, 0x7c635d5d, - 0xa63b6868, 0xeb3ffefe, 0xa5d63030, 0xbe257a7a, - 0x16a7acac, 0x0c0f0909, 0xe335f0f0, 0x6123a7a7, - 0xc0f09090, 0x8cafe9e9, 0x3a809d9d, 0xf5925c5c, - 0x73810c0c, 0x2c273131, 0x2576d0d0, 0x0be75656, - 0xbb7b9292, 0x4ee9cece, 0x89f10101, 0x6b9f1e1e, - 0x53a93434, 0x6ac4f1f1, 0xb499c3c3, 0xf1975b5b, - 0xe1834747, 0xe66b1818, 0xbdc82222, 0x450e9898, - 0xe26e1f1f, 0xf4c9b3b3, 0xb62f7474, 0x66cbf8f8, - 0xccff9999, 0x95ea1414, 0x03ed5858, 0x56f7dcdc, - 0xd4e18b8b, 0x1c1b1515, 0x1eada2a2, 0xd70cd3d3, - 0xfb2be2e2, 0xc31dc8c8, 0x8e195e5e, 0xb5c22c2c, - 0xe9894949, 0xcf12c1c1, 0xbf7e9595, 0xba207d7d, - 0xea641111, 0x77840b0b, 0x396dc5c5, 0xaf6a8989, - 0x33d17c7c, 0xc9a17171, 0x62ceffff, 0x7137bbbb, - 0x81fb0f0f, 0x793db5b5, 0x0951e1e1, 0xaddc3e3e, - 0x242d3f3f, 0xcda47676, 0xf99d5555, 0xd8ee8282, - 0xe5864040, 0xc5ae7878, 0xb9cd2525, 0x4d049696, - 0x44557777, 0x080a0e0e, 0x86135050, 0xe730f7f7, - 0xa1d33737, 0x1d40fafa, 0xaa346161, 0xed8c4e4e, - 0x06b3b0b0, 0x706c5454, 0xb22a7373, 0xd2523b3b, - 0x410b9f9f, 0x7b8b0202, 0xa088d8d8, 0x114ff3f3, - 0x3167cbcb, 0xc2462727, 0x27c06767, 0x90b4fcfc, - 0x20283838, 0xf67f0404, 0x60784848, 0xff2ee5e5, - 0x96074c4c, 0x5c4b6565, 0xb1c72b2b, 0xab6f8e8e, - 0x9e0d4242, 0x9cbbf5f5, 0x52f2dbdb, 0x1bf34a4a, - 0x5fa63d3d, 0x9359a4a4, 0x0abcb9b9, 0xef3af9f9, - 0x91ef1313, 0x85fe0808, 0x49019191, 0xee611616, - 0x2d7cdede, 0x4fb22121, 0x8f42b1b1, 0x3bdb7272, - 0x47b82f2f, 0x8748bfbf, 0x6d2caeae, 0x46e3c0c0, - 0xd6573c3c, 0x3e859a9a, 0x6929a9a9, 0x647d4f4f, - 0x2a948181, 0xce492e2e, 0xcb17c6c6, 0x2fca6969, - 0xfcc3bdbd, 0x975ca3a3, 0x055ee8e8, 0x7ad0eded, - 0xac87d1d1, 0x7f8e0505, 0xd5ba6464, 0x1aa8a5a5, - 0x4bb72626, 0x0eb9bebe, 0xa7608787, 0x5af8d5d5, - 0x28223636, 0x14111b1b, 0x3fde7575, 0x2979d9d9, - 0x88aaeeee, 0x3c332d2d, 0x4c5f7979, 0x02b6b7b7, - 0xb896caca, 0xda583535, 0xb09cc4c4, 0x17fc4343, - 0x551a8484, 0x1ff64d4d, 0x8a1c5959, 0x7d38b2b2, - 0x57ac3333, 0xc718cfcf, 0x8df40606, 0x74695353, - 0xb7749b9b, 0xc4f59797, 0x9f56adad, 0x72dae3e3, - 0x7ed5eaea, 0x154af4f4, 0x229e8f8f, 0x12a2abab, - 0x584e6262, 0x07e85f5f, 0x99e51d1d, 0x34392323, - 0x6ec1f6f6, 0x50446c6c, 0xde5d3232, 0x68724646, - 0x6526a0a0, 0xbc93cdcd, 0xdb03dada, 0xf8c6baba, - 0xc8fa9e9e, 0xa882d6d6, 0x2bcf6e6e, 0x40507070, - 0xdceb8585, 0xfe750a0a, 0x328a9393, 0xa48ddfdf, - 0xca4c2929, 0x10141c1c, 0x2173d7d7, 0xf0ccb4b4, - 0xd309d4d4, 0x5d108a8a, 0x0fe25151, 0x00000000, - 0x6f9a1919, 0x9de01a1a, 0x368f9494, 0x42e6c7c7, - 0x4aecc9c9, 0x5efdd2d2, 0xc1ab7f7f, 0xe0d8a8a8, - - 0xbc75bc32, 0xecf3ec21, 0x20c62043, 0xb3f4b3c9, - 0xdadbda03, 0x027b028b, 0xe2fbe22b, 0x9ec89efa, - 0xc94ac9ec, 0xd4d3d409, 0x18e6186b, 0x1e6b1e9f, - 0x9845980e, 0xb27db238, 0xa6e8a6d2, 0x264b26b7, - 0x3cd63c57, 0x9332938a, 0x82d882ee, 0x52fd5298, - 0x7b377bd4, 0xbb71bb37, 0x5bf15b97, 0x47e14783, - 0x2430243c, 0x510f51e2, 0xbaf8bac6, 0x4a1b4af3, - 0xbf87bf48, 0x0dfa0d70, 0xb006b0b3, 0x753f75de, - 0xd25ed2fd, 0x7dba7d20, 0x66ae6631, 0x3a5b3aa3, - 0x598a591c, 0x00000000, 0xcdbccd93, 0x1a9d1ae0, - 0xae6dae2c, 0x7fc17fab, 0x2bb12bc7, 0xbe0ebeb9, - 0xe080e0a0, 0x8a5d8a10, 0x3bd23b52, 0x64d564ba, - 0xd8a0d888, 0xe784e7a5, 0x5f075fe8, 0x1b141b11, - 0x2cb52cc2, 0xfc90fcb4, 0x312c3127, 0x80a38065, - 0x73b2732a, 0x0c730c81, 0x794c795f, 0x6b546b41, - 0x4b924b02, 0x53745369, 0x9436948f, 0x8351831f, - 0x2a382a36, 0xc4b0c49c, 0x22bd22c8, 0xd55ad5f8, - 0xbdfcbdc3, 0x48604878, 0xff62ffce, 0x4c964c07, - 0x416c4177, 0xc742c7e6, 0xebf7eb24, 0x1c101c14, - 0x5d7c5d63, 0x36283622, 0x672767c0, 0xe98ce9af, - 0x441344f9, 0x149514ea, 0xf59cf5bb, 0xcfc7cf18, - 0x3f243f2d, 0xc046c0e3, 0x723b72db, 0x5470546c, - 0x29ca294c, 0xf0e3f035, 0x088508fe, 0xc6cbc617, - 0xf311f34f, 0x8cd08ce4, 0xa493a459, 0xcab8ca96, - 0x68a6683b, 0xb883b84d, 0x38203828, 0xe5ffe52e, - 0xad9fad56, 0x0b770b84, 0xc8c3c81d, 0x99cc99ff, - 0x580358ed, 0x196f199a, 0x0e080e0a, 0x95bf957e, - 0x70407050, 0xf7e7f730, 0x6e2b6ecf, 0x1fe21f6e, - 0xb579b53d, 0x090c090f, 0x61aa6134, 0x57825716, - 0x9f419f0b, 0x9d3a9d80, 0x11ea1164, 0x25b925cd, - 0xafe4afdd, 0x459a4508, 0xdfa4df8d, 0xa397a35c, - 0xea7eead5, 0x35da3558, 0xed7aedd0, 0x431743fc, - 0xf866f8cb, 0xfb94fbb1, 0x37a137d3, 0xfa1dfa40, - 0xc23dc268, 0xb4f0b4cc, 0x32de325d, 0x9cb39c71, - 0x560b56e7, 0xe372e3da, 0x87a78760, 0x151c151b, - 0xf9eff93a, 0x63d163bf, 0x345334a9, 0x9a3e9a85, - 0xb18fb142, 0x7c337cd1, 0x8826889b, 0x3d5f3da6, - 0xa1eca1d7, 0xe476e4df, 0x812a8194, 0x91499101, - 0x0f810ffb, 0xee88eeaa, 0x16ee1661, 0xd721d773, - 0x97c497f5, 0xa51aa5a8, 0xfeebfe3f, 0x6dd96db5, - 0x78c578ae, 0xc539c56d, 0x1d991de5, 0x76cd76a4, - 0x3ead3edc, 0xcb31cb67, 0xb68bb647, 0xef01ef5b, - 0x1218121e, 0x602360c5, 0x6add6ab0, 0x4d1f4df6, - 0xce4ecee9, 0xde2dde7c, 0x55f9559d, 0x7e487e5a, - 0x214f21b2, 0x03f2037a, 0xa065a026, 0x5e8e5e19, - 0x5a785a66, 0x655c654b, 0x6258624e, 0xfd19fd45, - 0x068d06f4, 0x40e54086, 0xf298f2be, 0x335733ac, - 0x17671790, 0x057f058e, 0xe805e85e, 0x4f644f7d, - 0x89af896a, 0x10631095, 0x74b6742f, 0x0afe0a75, - 0x5cf55c92, 0x9bb79b74, 0x2d3c2d33, 0x30a530d6, - 0x2ece2e49, 0x49e94989, 0x46684672, 0x77447755, - 0xa8e0a8d8, 0x964d9604, 0x284328bd, 0xa969a929, - 0xd929d979, 0x862e8691, 0xd1acd187, 0xf415f44a, - 0x8d598d15, 0xd6a8d682, 0xb90ab9bc, 0x429e420d, - 0xf66ef6c1, 0x2f472fb8, 0xdddfdd06, 0x23342339, - 0xcc35cc62, 0xf16af1c4, 0xc1cfc112, 0x85dc85eb, - 0x8f228f9e, 0x71c971a1, 0x90c090f0, 0xaa9baa53, - 0x018901f1, 0x8bd48be1, 0x4eed4e8c, 0x8eab8e6f, - 0xab12aba2, 0x6fa26f3e, 0xe60de654, 0xdb52dbf2, - 0x92bb927b, 0xb702b7b6, 0x692f69ca, 0x39a939d9, - 0xd3d7d30c, 0xa761a723, 0xa21ea2ad, 0xc3b4c399, - 0x6c506c44, 0x07040705, 0x04f6047f, 0x27c22746, - 0xac16aca7, 0xd025d076, 0x50865013, 0xdc56dcf7, - 0x8455841a, 0xe109e151, 0x7abe7a25, 0x139113ef, - - 0xd939a9d9, 0x90176790, 0x719cb371, 0xd2a6e8d2, - 0x05070405, 0x9852fd98, 0x6580a365, 0xdfe476df, - 0x08459a08, 0x024b9202, 0xa0e080a0, 0x665a7866, - 0xddafe4dd, 0xb06addb0, 0xbf63d1bf, 0x362a3836, - 0x54e60d54, 0x4320c643, 0x62cc3562, 0xbef298be, - 0x1e12181e, 0x24ebf724, 0xd7a1ecd7, 0x77416c77, - 0xbd2843bd, 0x32bc7532, 0xd47b37d4, 0x9b88269b, - 0x700dfa70, 0xf94413f9, 0xb1fb94b1, 0x5a7e485a, - 0x7a03f27a, 0xe48cd0e4, 0x47b68b47, 0x3c24303c, - 0xa5e784a5, 0x416b5441, 0x06dddf06, 0xc56023c5, - 0x45fd1945, 0xa33a5ba3, 0x68c23d68, 0x158d5915, - 0x21ecf321, 0x3166ae31, 0x3e6fa23e, 0x16578216, - 0x95106395, 0x5bef015b, 0x4db8834d, 0x91862e91, - 0xb56dd9b5, 0x1f83511f, 0x53aa9b53, 0x635d7c63, - 0x3b68a63b, 0x3ffeeb3f, 0xd630a5d6, 0x257abe25, - 0xa7ac16a7, 0x0f090c0f, 0x35f0e335, 0x23a76123, - 0xf090c0f0, 0xafe98caf, 0x809d3a80, 0x925cf592, - 0x810c7381, 0x27312c27, 0x76d02576, 0xe7560be7, - 0x7b92bb7b, 0xe9ce4ee9, 0xf10189f1, 0x9f1e6b9f, - 0xa93453a9, 0xc4f16ac4, 0x99c3b499, 0x975bf197, - 0x8347e183, 0x6b18e66b, 0xc822bdc8, 0x0e98450e, - 0x6e1fe26e, 0xc9b3f4c9, 0x2f74b62f, 0xcbf866cb, - 0xff99ccff, 0xea1495ea, 0xed5803ed, 0xf7dc56f7, - 0xe18bd4e1, 0x1b151c1b, 0xada21ead, 0x0cd3d70c, - 0x2be2fb2b, 0x1dc8c31d, 0x195e8e19, 0xc22cb5c2, - 0x8949e989, 0x12c1cf12, 0x7e95bf7e, 0x207dba20, - 0x6411ea64, 0x840b7784, 0x6dc5396d, 0x6a89af6a, - 0xd17c33d1, 0xa171c9a1, 0xceff62ce, 0x37bb7137, - 0xfb0f81fb, 0x3db5793d, 0x51e10951, 0xdc3eaddc, - 0x2d3f242d, 0xa476cda4, 0x9d55f99d, 0xee82d8ee, - 0x8640e586, 0xae78c5ae, 0xcd25b9cd, 0x04964d04, - 0x55774455, 0x0a0e080a, 0x13508613, 0x30f7e730, - 0xd337a1d3, 0x40fa1d40, 0x3461aa34, 0x8c4eed8c, - 0xb3b006b3, 0x6c54706c, 0x2a73b22a, 0x523bd252, - 0x0b9f410b, 0x8b027b8b, 0x88d8a088, 0x4ff3114f, - 0x67cb3167, 0x4627c246, 0xc06727c0, 0xb4fc90b4, - 0x28382028, 0x7f04f67f, 0x78486078, 0x2ee5ff2e, - 0x074c9607, 0x4b655c4b, 0xc72bb1c7, 0x6f8eab6f, - 0x0d429e0d, 0xbbf59cbb, 0xf2db52f2, 0xf34a1bf3, - 0xa63d5fa6, 0x59a49359, 0xbcb90abc, 0x3af9ef3a, - 0xef1391ef, 0xfe0885fe, 0x01914901, 0x6116ee61, - 0x7cde2d7c, 0xb2214fb2, 0x42b18f42, 0xdb723bdb, - 0xb82f47b8, 0x48bf8748, 0x2cae6d2c, 0xe3c046e3, - 0x573cd657, 0x859a3e85, 0x29a96929, 0x7d4f647d, - 0x94812a94, 0x492ece49, 0x17c6cb17, 0xca692fca, - 0xc3bdfcc3, 0x5ca3975c, 0x5ee8055e, 0xd0ed7ad0, - 0x87d1ac87, 0x8e057f8e, 0xba64d5ba, 0xa8a51aa8, - 0xb7264bb7, 0xb9be0eb9, 0x6087a760, 0xf8d55af8, - 0x22362822, 0x111b1411, 0xde753fde, 0x79d92979, - 0xaaee88aa, 0x332d3c33, 0x5f794c5f, 0xb6b702b6, - 0x96cab896, 0x5835da58, 0x9cc4b09c, 0xfc4317fc, - 0x1a84551a, 0xf64d1ff6, 0x1c598a1c, 0x38b27d38, - 0xac3357ac, 0x18cfc718, 0xf4068df4, 0x69537469, - 0x749bb774, 0xf597c4f5, 0x56ad9f56, 0xdae372da, - 0xd5ea7ed5, 0x4af4154a, 0x9e8f229e, 0xa2ab12a2, - 0x4e62584e, 0xe85f07e8, 0xe51d99e5, 0x39233439, - 0xc1f66ec1, 0x446c5044, 0x5d32de5d, 0x72466872, - 0x26a06526, 0x93cdbc93, 0x03dadb03, 0xc6baf8c6, - 0xfa9ec8fa, 0x82d6a882, 0xcf6e2bcf, 0x50704050, - 0xeb85dceb, 0x750afe75, 0x8a93328a, 0x8ddfa48d, - 0x4c29ca4c, 0x141c1014, 0x73d72173, 0xccb4f0cc, - 0x09d4d309, 0x108a5d10, 0xe2510fe2, 0x00000000, - 0x9a196f9a, 0xe01a9de0, 0x8f94368f, 0xe6c742e6, - 0xecc94aec, 0xfdd25efd, 0xab7fc1ab, 0xd8a8e0d8}; - -NAMESPACE_END diff --git a/cryptopp562/tiger.cpp b/cryptopp562/tiger.cpp deleted file mode 100644 index c6c05ca..0000000 --- a/cryptopp562/tiger.cpp +++ /dev/null @@ -1,265 +0,0 @@ -// tiger.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "tiger.h" -#include "misc.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Tiger::InitState(HashWordType *state) -{ - state[0] = W64LIT(0x0123456789ABCDEF); - state[1] = W64LIT(0xFEDCBA9876543210); - state[2] = W64LIT(0xF096A5B4C3B2E187); -} - -void Tiger::TruncatedFinal(byte *hash, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - PadLastBlock(56, 0x01); - CorrectEndianess(m_data, m_data, 56); - - m_data[7] = GetBitCountLo(); - - Transform(m_state, m_data); - CorrectEndianess(m_state, m_state, DigestSize()); - memcpy(hash, m_state, size); - - Restart(); // reinit for next use -} - -void Tiger::Transform (word64 *digest, const word64 *X) -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 - if (HasSSE2()) - { -#ifdef __GNUC__ - __asm__ __volatile__ - ( - ".intel_syntax noprefix;" - AS1( push ebx) -#else - #if _MSC_VER < 1300 - const word64 *t = table; - AS2( mov edx, t) - #else - AS2( lea edx, [table]) - #endif - AS2( mov eax, digest) - AS2( mov esi, X) -#endif - AS2( movq mm0, [eax]) - AS2( movq mm1, [eax+1*8]) - AS2( movq mm5, mm1) - AS2( movq mm2, [eax+2*8]) - AS2( movq mm7, [edx+4*2048+0*8]) - AS2( movq mm6, [edx+4*2048+1*8]) - AS2( mov ecx, esp) - AS2( and esp, 0xfffffff0) - AS2( sub esp, 8*8) - AS1( push ecx) - -#define SSE2_round(a,b,c,x,mul) \ - AS2( pxor c, [x])\ - AS2( movd ecx, c)\ - AS2( movzx edi, cl)\ - AS2( movq mm3, [edx+0*2048+edi*8])\ - AS2( movzx edi, ch)\ - AS2( movq mm4, [edx+3*2048+edi*8])\ - AS2( shr ecx, 16)\ - AS2( movzx edi, cl)\ - AS2( pxor mm3, [edx+1*2048+edi*8])\ - AS2( movzx edi, ch)\ - AS2( pxor mm4, [edx+2*2048+edi*8])\ - AS3( pextrw ecx, c, 2)\ - AS2( movzx edi, cl)\ - AS2( pxor mm3, [edx+2*2048+edi*8])\ - AS2( movzx edi, ch)\ - AS2( pxor mm4, [edx+1*2048+edi*8])\ - AS3( pextrw ecx, c, 3)\ - AS2( movzx edi, cl)\ - AS2( pxor mm3, [edx+3*2048+edi*8])\ - AS2( psubq a, mm3)\ - AS2( movzx edi, ch)\ - AS2( pxor mm4, [edx+0*2048+edi*8])\ - AS2( paddq b, mm4)\ - SSE2_mul_##mul(b) - -#define SSE2_mul_5(b) \ - AS2( movq mm3, b)\ - AS2( psllq b, 2)\ - AS2( paddq b, mm3) - -#define SSE2_mul_7(b) \ - AS2( movq mm3, b)\ - AS2( psllq b, 3)\ - AS2( psubq b, mm3) - -#define SSE2_mul_9(b) \ - AS2( movq mm3, b)\ - AS2( psllq b, 3)\ - AS2( paddq b, mm3) - -#define label2_5 1 -#define label2_7 2 -#define label2_9 3 - -#define SSE2_pass(A,B,C,mul,X) \ - AS2( xor ebx, ebx)\ - ASL(mul)\ - SSE2_round(A,B,C,X+0*8+ebx,mul)\ - SSE2_round(B,C,A,X+1*8+ebx,mul)\ - AS2( cmp ebx, 6*8)\ - ASJ( je, label2_##mul, f)\ - SSE2_round(C,A,B,X+2*8+ebx,mul)\ - AS2( add ebx, 3*8)\ - ASJ( jmp, mul, b)\ - ASL(label2_##mul) - -#define SSE2_key_schedule(Y,X) \ - AS2( movq mm3, [X+7*8])\ - AS2( pxor mm3, mm6)\ - AS2( movq mm4, [X+0*8])\ - AS2( psubq mm4, mm3)\ - AS2( movq [Y+0*8], mm4)\ - AS2( pxor mm4, [X+1*8])\ - AS2( movq mm3, mm4)\ - AS2( movq [Y+1*8], mm4)\ - AS2( paddq mm4, [X+2*8])\ - AS2( pxor mm3, mm7)\ - AS2( psllq mm3, 19)\ - AS2( movq [Y+2*8], mm4)\ - AS2( pxor mm3, mm4)\ - AS2( movq mm4, [X+3*8])\ - AS2( psubq mm4, mm3)\ - AS2( movq [Y+3*8], mm4)\ - AS2( pxor mm4, [X+4*8])\ - AS2( movq mm3, mm4)\ - AS2( movq [Y+4*8], mm4)\ - AS2( paddq mm4, [X+5*8])\ - AS2( pxor mm3, mm7)\ - AS2( psrlq mm3, 23)\ - AS2( movq [Y+5*8], mm4)\ - AS2( pxor mm3, mm4)\ - AS2( movq mm4, [X+6*8])\ - AS2( psubq mm4, mm3)\ - AS2( movq [Y+6*8], mm4)\ - AS2( pxor mm4, [X+7*8])\ - AS2( movq mm3, mm4)\ - AS2( movq [Y+7*8], mm4)\ - AS2( paddq mm4, [Y+0*8])\ - AS2( pxor mm3, mm7)\ - AS2( psllq mm3, 19)\ - AS2( movq [Y+0*8], mm4)\ - AS2( pxor mm3, mm4)\ - AS2( movq mm4, [Y+1*8])\ - AS2( psubq mm4, mm3)\ - AS2( movq [Y+1*8], mm4)\ - AS2( pxor mm4, [Y+2*8])\ - AS2( movq mm3, mm4)\ - AS2( movq [Y+2*8], mm4)\ - AS2( paddq mm4, [Y+3*8])\ - AS2( pxor mm3, mm7)\ - AS2( psrlq mm3, 23)\ - AS2( movq [Y+3*8], mm4)\ - AS2( pxor mm3, mm4)\ - AS2( movq mm4, [Y+4*8])\ - AS2( psubq mm4, mm3)\ - AS2( movq [Y+4*8], mm4)\ - AS2( pxor mm4, [Y+5*8])\ - AS2( movq [Y+5*8], mm4)\ - AS2( paddq mm4, [Y+6*8])\ - AS2( movq [Y+6*8], mm4)\ - AS2( pxor mm4, [edx+4*2048+2*8])\ - AS2( movq mm3, [Y+7*8])\ - AS2( psubq mm3, mm4)\ - AS2( movq [Y+7*8], mm3) - - SSE2_pass(mm0, mm1, mm2, 5, esi) - SSE2_key_schedule(esp+4, esi) - SSE2_pass(mm2, mm0, mm1, 7, esp+4) - SSE2_key_schedule(esp+4, esp+4) - SSE2_pass(mm1, mm2, mm0, 9, esp+4) - - AS2( pxor mm0, [eax+0*8]) - AS2( movq [eax+0*8], mm0) - AS2( psubq mm1, mm5) - AS2( movq [eax+1*8], mm1) - AS2( paddq mm2, [eax+2*8]) - AS2( movq [eax+2*8], mm2) - - AS1( pop esp) - AS1( emms) -#ifdef __GNUC__ - AS1( pop ebx) - ".att_syntax prefix;" - : - : "a" (digest), "S" (X), "d" (table) - : "%ecx", "%edi", "memory", "cc" - ); -#endif - } - else -#endif - { - word64 a = digest[0]; - word64 b = digest[1]; - word64 c = digest[2]; - word64 Y[8]; - -#define t1 (table) -#define t2 (table+256) -#define t3 (table+256*2) -#define t4 (table+256*3) - -#define round(a,b,c,x,mul) \ - c ^= x; \ - a -= t1[GETBYTE(c,0)] ^ t2[GETBYTE(c,2)] ^ t3[GETBYTE(c,4)] ^ t4[GETBYTE(c,6)]; \ - b += t4[GETBYTE(c,1)] ^ t3[GETBYTE(c,3)] ^ t2[GETBYTE(c,5)] ^ t1[GETBYTE(c,7)]; \ - b *= mul - -#define pass(a,b,c,mul,X) {\ - int i=0;\ - while (true)\ - {\ - round(a,b,c,X[i+0],mul); \ - round(b,c,a,X[i+1],mul); \ - if (i==6)\ - break;\ - round(c,a,b,X[i+2],mul); \ - i+=3;\ - }} - -#define key_schedule(Y,X) \ - Y[0] = X[0] - (X[7]^W64LIT(0xA5A5A5A5A5A5A5A5)); \ - Y[1] = X[1] ^ Y[0]; \ - Y[2] = X[2] + Y[1]; \ - Y[3] = X[3] - (Y[2] ^ ((~Y[1])<<19)); \ - Y[4] = X[4] ^ Y[3]; \ - Y[5] = X[5] + Y[4]; \ - Y[6] = X[6] - (Y[5] ^ ((~Y[4])>>23)); \ - Y[7] = X[7] ^ Y[6]; \ - Y[0] += Y[7]; \ - Y[1] -= Y[0] ^ ((~Y[7])<<19); \ - Y[2] ^= Y[1]; \ - Y[3] += Y[2]; \ - Y[4] -= Y[3] ^ ((~Y[2])>>23); \ - Y[5] ^= Y[4]; \ - Y[6] += Y[5]; \ - Y[7] -= Y[6] ^ W64LIT(0x0123456789ABCDEF) - - pass(a,b,c,5,X); - key_schedule(Y,X); - pass(c,a,b,7,Y); - key_schedule(Y,Y); - pass(b,c,a,9,Y); - - digest[0] = a ^ digest[0]; - digest[1] = b - digest[1]; - digest[2] = c + digest[2]; - } -} - -NAMESPACE_END diff --git a/cryptopp562/tiger.h b/cryptopp562/tiger.h deleted file mode 100644 index 5f6e941..0000000 --- a/cryptopp562/tiger.h +++ /dev/null @@ -1,24 +0,0 @@ -#ifndef CRYPTOPP_TIGER_H -#define CRYPTOPP_TIGER_H - -#include "config.h" -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// <a href="http://www.cryptolounge.org/wiki/Tiger">Tiger</a> -class Tiger : public IteratedHashWithStaticTransform<word64, LittleEndian, 64, 24, Tiger> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word64 *digest, const word64 *data); - void TruncatedFinal(byte *hash, size_t size); - static const char * StaticAlgorithmName() {return "Tiger";} - -protected: - static const word64 table[4*256+3]; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/tigertab.cpp b/cryptopp562/tigertab.cpp deleted file mode 100644 index 5c1595b..0000000 --- a/cryptopp562/tigertab.cpp +++ /dev/null @@ -1,525 +0,0 @@ -#include "pch.h" -#include "tiger.h" - -NAMESPACE_BEGIN(CryptoPP) - -const word64 Tiger::table[4*256+3] = -{ - W64LIT(0x02AAB17CF7E90C5E) /* 0 */, W64LIT(0xAC424B03E243A8EC) /* 1 */, - W64LIT(0x72CD5BE30DD5FCD3) /* 2 */, W64LIT(0x6D019B93F6F97F3A) /* 3 */, - W64LIT(0xCD9978FFD21F9193) /* 4 */, W64LIT(0x7573A1C9708029E2) /* 5 */, - W64LIT(0xB164326B922A83C3) /* 6 */, W64LIT(0x46883EEE04915870) /* 7 */, - W64LIT(0xEAACE3057103ECE6) /* 8 */, W64LIT(0xC54169B808A3535C) /* 9 */, - W64LIT(0x4CE754918DDEC47C) /* 10 */, W64LIT(0x0AA2F4DFDC0DF40C) /* 11 */, - W64LIT(0x10B76F18A74DBEFA) /* 12 */, W64LIT(0xC6CCB6235AD1AB6A) /* 13 */, - W64LIT(0x13726121572FE2FF) /* 14 */, W64LIT(0x1A488C6F199D921E) /* 15 */, - W64LIT(0x4BC9F9F4DA0007CA) /* 16 */, W64LIT(0x26F5E6F6E85241C7) /* 17 */, - W64LIT(0x859079DBEA5947B6) /* 18 */, W64LIT(0x4F1885C5C99E8C92) /* 19 */, - W64LIT(0xD78E761EA96F864B) /* 20 */, W64LIT(0x8E36428C52B5C17D) /* 21 */, - W64LIT(0x69CF6827373063C1) /* 22 */, W64LIT(0xB607C93D9BB4C56E) /* 23 */, - W64LIT(0x7D820E760E76B5EA) /* 24 */, W64LIT(0x645C9CC6F07FDC42) /* 25 */, - W64LIT(0xBF38A078243342E0) /* 26 */, W64LIT(0x5F6B343C9D2E7D04) /* 27 */, - W64LIT(0xF2C28AEB600B0EC6) /* 28 */, W64LIT(0x6C0ED85F7254BCAC) /* 29 */, - W64LIT(0x71592281A4DB4FE5) /* 30 */, W64LIT(0x1967FA69CE0FED9F) /* 31 */, - W64LIT(0xFD5293F8B96545DB) /* 32 */, W64LIT(0xC879E9D7F2A7600B) /* 33 */, - W64LIT(0x860248920193194E) /* 34 */, W64LIT(0xA4F9533B2D9CC0B3) /* 35 */, - W64LIT(0x9053836C15957613) /* 36 */, W64LIT(0xDB6DCF8AFC357BF1) /* 37 */, - W64LIT(0x18BEEA7A7A370F57) /* 38 */, W64LIT(0x037117CA50B99066) /* 39 */, - W64LIT(0x6AB30A9774424A35) /* 40 */, W64LIT(0xF4E92F02E325249B) /* 41 */, - W64LIT(0x7739DB07061CCAE1) /* 42 */, W64LIT(0xD8F3B49CECA42A05) /* 43 */, - W64LIT(0xBD56BE3F51382F73) /* 44 */, W64LIT(0x45FAED5843B0BB28) /* 45 */, - W64LIT(0x1C813D5C11BF1F83) /* 46 */, W64LIT(0x8AF0E4B6D75FA169) /* 47 */, - W64LIT(0x33EE18A487AD9999) /* 48 */, W64LIT(0x3C26E8EAB1C94410) /* 49 */, - W64LIT(0xB510102BC0A822F9) /* 50 */, W64LIT(0x141EEF310CE6123B) /* 51 */, - W64LIT(0xFC65B90059DDB154) /* 52 */, W64LIT(0xE0158640C5E0E607) /* 53 */, - W64LIT(0x884E079826C3A3CF) /* 54 */, W64LIT(0x930D0D9523C535FD) /* 55 */, - W64LIT(0x35638D754E9A2B00) /* 56 */, W64LIT(0x4085FCCF40469DD5) /* 57 */, - W64LIT(0xC4B17AD28BE23A4C) /* 58 */, W64LIT(0xCAB2F0FC6A3E6A2E) /* 59 */, - W64LIT(0x2860971A6B943FCD) /* 60 */, W64LIT(0x3DDE6EE212E30446) /* 61 */, - W64LIT(0x6222F32AE01765AE) /* 62 */, W64LIT(0x5D550BB5478308FE) /* 63 */, - W64LIT(0xA9EFA98DA0EDA22A) /* 64 */, W64LIT(0xC351A71686C40DA7) /* 65 */, - W64LIT(0x1105586D9C867C84) /* 66 */, W64LIT(0xDCFFEE85FDA22853) /* 67 */, - W64LIT(0xCCFBD0262C5EEF76) /* 68 */, W64LIT(0xBAF294CB8990D201) /* 69 */, - W64LIT(0xE69464F52AFAD975) /* 70 */, W64LIT(0x94B013AFDF133E14) /* 71 */, - W64LIT(0x06A7D1A32823C958) /* 72 */, W64LIT(0x6F95FE5130F61119) /* 73 */, - W64LIT(0xD92AB34E462C06C0) /* 74 */, W64LIT(0xED7BDE33887C71D2) /* 75 */, - W64LIT(0x79746D6E6518393E) /* 76 */, W64LIT(0x5BA419385D713329) /* 77 */, - W64LIT(0x7C1BA6B948A97564) /* 78 */, W64LIT(0x31987C197BFDAC67) /* 79 */, - W64LIT(0xDE6C23C44B053D02) /* 80 */, W64LIT(0x581C49FED002D64D) /* 81 */, - W64LIT(0xDD474D6338261571) /* 82 */, W64LIT(0xAA4546C3E473D062) /* 83 */, - W64LIT(0x928FCE349455F860) /* 84 */, W64LIT(0x48161BBACAAB94D9) /* 85 */, - W64LIT(0x63912430770E6F68) /* 86 */, W64LIT(0x6EC8A5E602C6641C) /* 87 */, - W64LIT(0x87282515337DDD2B) /* 88 */, W64LIT(0x2CDA6B42034B701B) /* 89 */, - W64LIT(0xB03D37C181CB096D) /* 90 */, W64LIT(0xE108438266C71C6F) /* 91 */, - W64LIT(0x2B3180C7EB51B255) /* 92 */, W64LIT(0xDF92B82F96C08BBC) /* 93 */, - W64LIT(0x5C68C8C0A632F3BA) /* 94 */, W64LIT(0x5504CC861C3D0556) /* 95 */, - W64LIT(0xABBFA4E55FB26B8F) /* 96 */, W64LIT(0x41848B0AB3BACEB4) /* 97 */, - W64LIT(0xB334A273AA445D32) /* 98 */, W64LIT(0xBCA696F0A85AD881) /* 99 */, - W64LIT(0x24F6EC65B528D56C) /* 100 */, W64LIT(0x0CE1512E90F4524A) /* 101 */, - W64LIT(0x4E9DD79D5506D35A) /* 102 */, W64LIT(0x258905FAC6CE9779) /* 103 */, - W64LIT(0x2019295B3E109B33) /* 104 */, W64LIT(0xF8A9478B73A054CC) /* 105 */, - W64LIT(0x2924F2F934417EB0) /* 106 */, W64LIT(0x3993357D536D1BC4) /* 107 */, - W64LIT(0x38A81AC21DB6FF8B) /* 108 */, W64LIT(0x47C4FBF17D6016BF) /* 109 */, - W64LIT(0x1E0FAADD7667E3F5) /* 110 */, W64LIT(0x7ABCFF62938BEB96) /* 111 */, - W64LIT(0xA78DAD948FC179C9) /* 112 */, W64LIT(0x8F1F98B72911E50D) /* 113 */, - W64LIT(0x61E48EAE27121A91) /* 114 */, W64LIT(0x4D62F7AD31859808) /* 115 */, - W64LIT(0xECEBA345EF5CEAEB) /* 116 */, W64LIT(0xF5CEB25EBC9684CE) /* 117 */, - W64LIT(0xF633E20CB7F76221) /* 118 */, W64LIT(0xA32CDF06AB8293E4) /* 119 */, - W64LIT(0x985A202CA5EE2CA4) /* 120 */, W64LIT(0xCF0B8447CC8A8FB1) /* 121 */, - W64LIT(0x9F765244979859A3) /* 122 */, W64LIT(0xA8D516B1A1240017) /* 123 */, - W64LIT(0x0BD7BA3EBB5DC726) /* 124 */, W64LIT(0xE54BCA55B86ADB39) /* 125 */, - W64LIT(0x1D7A3AFD6C478063) /* 126 */, W64LIT(0x519EC608E7669EDD) /* 127 */, - W64LIT(0x0E5715A2D149AA23) /* 128 */, W64LIT(0x177D4571848FF194) /* 129 */, - W64LIT(0xEEB55F3241014C22) /* 130 */, W64LIT(0x0F5E5CA13A6E2EC2) /* 131 */, - W64LIT(0x8029927B75F5C361) /* 132 */, W64LIT(0xAD139FABC3D6E436) /* 133 */, - W64LIT(0x0D5DF1A94CCF402F) /* 134 */, W64LIT(0x3E8BD948BEA5DFC8) /* 135 */, - W64LIT(0xA5A0D357BD3FF77E) /* 136 */, W64LIT(0xA2D12E251F74F645) /* 137 */, - W64LIT(0x66FD9E525E81A082) /* 138 */, W64LIT(0x2E0C90CE7F687A49) /* 139 */, - W64LIT(0xC2E8BCBEBA973BC5) /* 140 */, W64LIT(0x000001BCE509745F) /* 141 */, - W64LIT(0x423777BBE6DAB3D6) /* 142 */, W64LIT(0xD1661C7EAEF06EB5) /* 143 */, - W64LIT(0xA1781F354DAACFD8) /* 144 */, W64LIT(0x2D11284A2B16AFFC) /* 145 */, - W64LIT(0xF1FC4F67FA891D1F) /* 146 */, W64LIT(0x73ECC25DCB920ADA) /* 147 */, - W64LIT(0xAE610C22C2A12651) /* 148 */, W64LIT(0x96E0A810D356B78A) /* 149 */, - W64LIT(0x5A9A381F2FE7870F) /* 150 */, W64LIT(0xD5AD62EDE94E5530) /* 151 */, - W64LIT(0xD225E5E8368D1427) /* 152 */, W64LIT(0x65977B70C7AF4631) /* 153 */, - W64LIT(0x99F889B2DE39D74F) /* 154 */, W64LIT(0x233F30BF54E1D143) /* 155 */, - W64LIT(0x9A9675D3D9A63C97) /* 156 */, W64LIT(0x5470554FF334F9A8) /* 157 */, - W64LIT(0x166ACB744A4F5688) /* 158 */, W64LIT(0x70C74CAAB2E4AEAD) /* 159 */, - W64LIT(0xF0D091646F294D12) /* 160 */, W64LIT(0x57B82A89684031D1) /* 161 */, - W64LIT(0xEFD95A5A61BE0B6B) /* 162 */, W64LIT(0x2FBD12E969F2F29A) /* 163 */, - W64LIT(0x9BD37013FEFF9FE8) /* 164 */, W64LIT(0x3F9B0404D6085A06) /* 165 */, - W64LIT(0x4940C1F3166CFE15) /* 166 */, W64LIT(0x09542C4DCDF3DEFB) /* 167 */, - W64LIT(0xB4C5218385CD5CE3) /* 168 */, W64LIT(0xC935B7DC4462A641) /* 169 */, - W64LIT(0x3417F8A68ED3B63F) /* 170 */, W64LIT(0xB80959295B215B40) /* 171 */, - W64LIT(0xF99CDAEF3B8C8572) /* 172 */, W64LIT(0x018C0614F8FCB95D) /* 173 */, - W64LIT(0x1B14ACCD1A3ACDF3) /* 174 */, W64LIT(0x84D471F200BB732D) /* 175 */, - W64LIT(0xC1A3110E95E8DA16) /* 176 */, W64LIT(0x430A7220BF1A82B8) /* 177 */, - W64LIT(0xB77E090D39DF210E) /* 178 */, W64LIT(0x5EF4BD9F3CD05E9D) /* 179 */, - W64LIT(0x9D4FF6DA7E57A444) /* 180 */, W64LIT(0xDA1D60E183D4A5F8) /* 181 */, - W64LIT(0xB287C38417998E47) /* 182 */, W64LIT(0xFE3EDC121BB31886) /* 183 */, - W64LIT(0xC7FE3CCC980CCBEF) /* 184 */, W64LIT(0xE46FB590189BFD03) /* 185 */, - W64LIT(0x3732FD469A4C57DC) /* 186 */, W64LIT(0x7EF700A07CF1AD65) /* 187 */, - W64LIT(0x59C64468A31D8859) /* 188 */, W64LIT(0x762FB0B4D45B61F6) /* 189 */, - W64LIT(0x155BAED099047718) /* 190 */, W64LIT(0x68755E4C3D50BAA6) /* 191 */, - W64LIT(0xE9214E7F22D8B4DF) /* 192 */, W64LIT(0x2ADDBF532EAC95F4) /* 193 */, - W64LIT(0x32AE3909B4BD0109) /* 194 */, W64LIT(0x834DF537B08E3450) /* 195 */, - W64LIT(0xFA209DA84220728D) /* 196 */, W64LIT(0x9E691D9B9EFE23F7) /* 197 */, - W64LIT(0x0446D288C4AE8D7F) /* 198 */, W64LIT(0x7B4CC524E169785B) /* 199 */, - W64LIT(0x21D87F0135CA1385) /* 200 */, W64LIT(0xCEBB400F137B8AA5) /* 201 */, - W64LIT(0x272E2B66580796BE) /* 202 */, W64LIT(0x3612264125C2B0DE) /* 203 */, - W64LIT(0x057702BDAD1EFBB2) /* 204 */, W64LIT(0xD4BABB8EACF84BE9) /* 205 */, - W64LIT(0x91583139641BC67B) /* 206 */, W64LIT(0x8BDC2DE08036E024) /* 207 */, - W64LIT(0x603C8156F49F68ED) /* 208 */, W64LIT(0xF7D236F7DBEF5111) /* 209 */, - W64LIT(0x9727C4598AD21E80) /* 210 */, W64LIT(0xA08A0896670A5FD7) /* 211 */, - W64LIT(0xCB4A8F4309EBA9CB) /* 212 */, W64LIT(0x81AF564B0F7036A1) /* 213 */, - W64LIT(0xC0B99AA778199ABD) /* 214 */, W64LIT(0x959F1EC83FC8E952) /* 215 */, - W64LIT(0x8C505077794A81B9) /* 216 */, W64LIT(0x3ACAAF8F056338F0) /* 217 */, - W64LIT(0x07B43F50627A6778) /* 218 */, W64LIT(0x4A44AB49F5ECCC77) /* 219 */, - W64LIT(0x3BC3D6E4B679EE98) /* 220 */, W64LIT(0x9CC0D4D1CF14108C) /* 221 */, - W64LIT(0x4406C00B206BC8A0) /* 222 */, W64LIT(0x82A18854C8D72D89) /* 223 */, - W64LIT(0x67E366B35C3C432C) /* 224 */, W64LIT(0xB923DD61102B37F2) /* 225 */, - W64LIT(0x56AB2779D884271D) /* 226 */, W64LIT(0xBE83E1B0FF1525AF) /* 227 */, - W64LIT(0xFB7C65D4217E49A9) /* 228 */, W64LIT(0x6BDBE0E76D48E7D4) /* 229 */, - W64LIT(0x08DF828745D9179E) /* 230 */, W64LIT(0x22EA6A9ADD53BD34) /* 231 */, - W64LIT(0xE36E141C5622200A) /* 232 */, W64LIT(0x7F805D1B8CB750EE) /* 233 */, - W64LIT(0xAFE5C7A59F58E837) /* 234 */, W64LIT(0xE27F996A4FB1C23C) /* 235 */, - W64LIT(0xD3867DFB0775F0D0) /* 236 */, W64LIT(0xD0E673DE6E88891A) /* 237 */, - W64LIT(0x123AEB9EAFB86C25) /* 238 */, W64LIT(0x30F1D5D5C145B895) /* 239 */, - W64LIT(0xBB434A2DEE7269E7) /* 240 */, W64LIT(0x78CB67ECF931FA38) /* 241 */, - W64LIT(0xF33B0372323BBF9C) /* 242 */, W64LIT(0x52D66336FB279C74) /* 243 */, - W64LIT(0x505F33AC0AFB4EAA) /* 244 */, W64LIT(0xE8A5CD99A2CCE187) /* 245 */, - W64LIT(0x534974801E2D30BB) /* 246 */, W64LIT(0x8D2D5711D5876D90) /* 247 */, - W64LIT(0x1F1A412891BC038E) /* 248 */, W64LIT(0xD6E2E71D82E56648) /* 249 */, - W64LIT(0x74036C3A497732B7) /* 250 */, W64LIT(0x89B67ED96361F5AB) /* 251 */, - W64LIT(0xFFED95D8F1EA02A2) /* 252 */, W64LIT(0xE72B3BD61464D43D) /* 253 */, - W64LIT(0xA6300F170BDC4820) /* 254 */, W64LIT(0xEBC18760ED78A77A) /* 255 */, - W64LIT(0xE6A6BE5A05A12138) /* 256 */, W64LIT(0xB5A122A5B4F87C98) /* 257 */, - W64LIT(0x563C6089140B6990) /* 258 */, W64LIT(0x4C46CB2E391F5DD5) /* 259 */, - W64LIT(0xD932ADDBC9B79434) /* 260 */, W64LIT(0x08EA70E42015AFF5) /* 261 */, - W64LIT(0xD765A6673E478CF1) /* 262 */, W64LIT(0xC4FB757EAB278D99) /* 263 */, - W64LIT(0xDF11C6862D6E0692) /* 264 */, W64LIT(0xDDEB84F10D7F3B16) /* 265 */, - W64LIT(0x6F2EF604A665EA04) /* 266 */, W64LIT(0x4A8E0F0FF0E0DFB3) /* 267 */, - W64LIT(0xA5EDEEF83DBCBA51) /* 268 */, W64LIT(0xFC4F0A2A0EA4371E) /* 269 */, - W64LIT(0xE83E1DA85CB38429) /* 270 */, W64LIT(0xDC8FF882BA1B1CE2) /* 271 */, - W64LIT(0xCD45505E8353E80D) /* 272 */, W64LIT(0x18D19A00D4DB0717) /* 273 */, - W64LIT(0x34A0CFEDA5F38101) /* 274 */, W64LIT(0x0BE77E518887CAF2) /* 275 */, - W64LIT(0x1E341438B3C45136) /* 276 */, W64LIT(0xE05797F49089CCF9) /* 277 */, - W64LIT(0xFFD23F9DF2591D14) /* 278 */, W64LIT(0x543DDA228595C5CD) /* 279 */, - W64LIT(0x661F81FD99052A33) /* 280 */, W64LIT(0x8736E641DB0F7B76) /* 281 */, - W64LIT(0x15227725418E5307) /* 282 */, W64LIT(0xE25F7F46162EB2FA) /* 283 */, - W64LIT(0x48A8B2126C13D9FE) /* 284 */, W64LIT(0xAFDC541792E76EEA) /* 285 */, - W64LIT(0x03D912BFC6D1898F) /* 286 */, W64LIT(0x31B1AAFA1B83F51B) /* 287 */, - W64LIT(0xF1AC2796E42AB7D9) /* 288 */, W64LIT(0x40A3A7D7FCD2EBAC) /* 289 */, - W64LIT(0x1056136D0AFBBCC5) /* 290 */, W64LIT(0x7889E1DD9A6D0C85) /* 291 */, - W64LIT(0xD33525782A7974AA) /* 292 */, W64LIT(0xA7E25D09078AC09B) /* 293 */, - W64LIT(0xBD4138B3EAC6EDD0) /* 294 */, W64LIT(0x920ABFBE71EB9E70) /* 295 */, - W64LIT(0xA2A5D0F54FC2625C) /* 296 */, W64LIT(0xC054E36B0B1290A3) /* 297 */, - W64LIT(0xF6DD59FF62FE932B) /* 298 */, W64LIT(0x3537354511A8AC7D) /* 299 */, - W64LIT(0xCA845E9172FADCD4) /* 300 */, W64LIT(0x84F82B60329D20DC) /* 301 */, - W64LIT(0x79C62CE1CD672F18) /* 302 */, W64LIT(0x8B09A2ADD124642C) /* 303 */, - W64LIT(0xD0C1E96A19D9E726) /* 304 */, W64LIT(0x5A786A9B4BA9500C) /* 305 */, - W64LIT(0x0E020336634C43F3) /* 306 */, W64LIT(0xC17B474AEB66D822) /* 307 */, - W64LIT(0x6A731AE3EC9BAAC2) /* 308 */, W64LIT(0x8226667AE0840258) /* 309 */, - W64LIT(0x67D4567691CAECA5) /* 310 */, W64LIT(0x1D94155C4875ADB5) /* 311 */, - W64LIT(0x6D00FD985B813FDF) /* 312 */, W64LIT(0x51286EFCB774CD06) /* 313 */, - W64LIT(0x5E8834471FA744AF) /* 314 */, W64LIT(0xF72CA0AEE761AE2E) /* 315 */, - W64LIT(0xBE40E4CDAEE8E09A) /* 316 */, W64LIT(0xE9970BBB5118F665) /* 317 */, - W64LIT(0x726E4BEB33DF1964) /* 318 */, W64LIT(0x703B000729199762) /* 319 */, - W64LIT(0x4631D816F5EF30A7) /* 320 */, W64LIT(0xB880B5B51504A6BE) /* 321 */, - W64LIT(0x641793C37ED84B6C) /* 322 */, W64LIT(0x7B21ED77F6E97D96) /* 323 */, - W64LIT(0x776306312EF96B73) /* 324 */, W64LIT(0xAE528948E86FF3F4) /* 325 */, - W64LIT(0x53DBD7F286A3F8F8) /* 326 */, W64LIT(0x16CADCE74CFC1063) /* 327 */, - W64LIT(0x005C19BDFA52C6DD) /* 328 */, W64LIT(0x68868F5D64D46AD3) /* 329 */, - W64LIT(0x3A9D512CCF1E186A) /* 330 */, W64LIT(0x367E62C2385660AE) /* 331 */, - W64LIT(0xE359E7EA77DCB1D7) /* 332 */, W64LIT(0x526C0773749ABE6E) /* 333 */, - W64LIT(0x735AE5F9D09F734B) /* 334 */, W64LIT(0x493FC7CC8A558BA8) /* 335 */, - W64LIT(0xB0B9C1533041AB45) /* 336 */, W64LIT(0x321958BA470A59BD) /* 337 */, - W64LIT(0x852DB00B5F46C393) /* 338 */, W64LIT(0x91209B2BD336B0E5) /* 339 */, - W64LIT(0x6E604F7D659EF19F) /* 340 */, W64LIT(0xB99A8AE2782CCB24) /* 341 */, - W64LIT(0xCCF52AB6C814C4C7) /* 342 */, W64LIT(0x4727D9AFBE11727B) /* 343 */, - W64LIT(0x7E950D0C0121B34D) /* 344 */, W64LIT(0x756F435670AD471F) /* 345 */, - W64LIT(0xF5ADD442615A6849) /* 346 */, W64LIT(0x4E87E09980B9957A) /* 347 */, - W64LIT(0x2ACFA1DF50AEE355) /* 348 */, W64LIT(0xD898263AFD2FD556) /* 349 */, - W64LIT(0xC8F4924DD80C8FD6) /* 350 */, W64LIT(0xCF99CA3D754A173A) /* 351 */, - W64LIT(0xFE477BACAF91BF3C) /* 352 */, W64LIT(0xED5371F6D690C12D) /* 353 */, - W64LIT(0x831A5C285E687094) /* 354 */, W64LIT(0xC5D3C90A3708A0A4) /* 355 */, - W64LIT(0x0F7F903717D06580) /* 356 */, W64LIT(0x19F9BB13B8FDF27F) /* 357 */, - W64LIT(0xB1BD6F1B4D502843) /* 358 */, W64LIT(0x1C761BA38FFF4012) /* 359 */, - W64LIT(0x0D1530C4E2E21F3B) /* 360 */, W64LIT(0x8943CE69A7372C8A) /* 361 */, - W64LIT(0xE5184E11FEB5CE66) /* 362 */, W64LIT(0x618BDB80BD736621) /* 363 */, - W64LIT(0x7D29BAD68B574D0B) /* 364 */, W64LIT(0x81BB613E25E6FE5B) /* 365 */, - W64LIT(0x071C9C10BC07913F) /* 366 */, W64LIT(0xC7BEEB7909AC2D97) /* 367 */, - W64LIT(0xC3E58D353BC5D757) /* 368 */, W64LIT(0xEB017892F38F61E8) /* 369 */, - W64LIT(0xD4EFFB9C9B1CC21A) /* 370 */, W64LIT(0x99727D26F494F7AB) /* 371 */, - W64LIT(0xA3E063A2956B3E03) /* 372 */, W64LIT(0x9D4A8B9A4AA09C30) /* 373 */, - W64LIT(0x3F6AB7D500090FB4) /* 374 */, W64LIT(0x9CC0F2A057268AC0) /* 375 */, - W64LIT(0x3DEE9D2DEDBF42D1) /* 376 */, W64LIT(0x330F49C87960A972) /* 377 */, - W64LIT(0xC6B2720287421B41) /* 378 */, W64LIT(0x0AC59EC07C00369C) /* 379 */, - W64LIT(0xEF4EAC49CB353425) /* 380 */, W64LIT(0xF450244EEF0129D8) /* 381 */, - W64LIT(0x8ACC46E5CAF4DEB6) /* 382 */, W64LIT(0x2FFEAB63989263F7) /* 383 */, - W64LIT(0x8F7CB9FE5D7A4578) /* 384 */, W64LIT(0x5BD8F7644E634635) /* 385 */, - W64LIT(0x427A7315BF2DC900) /* 386 */, W64LIT(0x17D0C4AA2125261C) /* 387 */, - W64LIT(0x3992486C93518E50) /* 388 */, W64LIT(0xB4CBFEE0A2D7D4C3) /* 389 */, - W64LIT(0x7C75D6202C5DDD8D) /* 390 */, W64LIT(0xDBC295D8E35B6C61) /* 391 */, - W64LIT(0x60B369D302032B19) /* 392 */, W64LIT(0xCE42685FDCE44132) /* 393 */, - W64LIT(0x06F3DDB9DDF65610) /* 394 */, W64LIT(0x8EA4D21DB5E148F0) /* 395 */, - W64LIT(0x20B0FCE62FCD496F) /* 396 */, W64LIT(0x2C1B912358B0EE31) /* 397 */, - W64LIT(0xB28317B818F5A308) /* 398 */, W64LIT(0xA89C1E189CA6D2CF) /* 399 */, - W64LIT(0x0C6B18576AAADBC8) /* 400 */, W64LIT(0xB65DEAA91299FAE3) /* 401 */, - W64LIT(0xFB2B794B7F1027E7) /* 402 */, W64LIT(0x04E4317F443B5BEB) /* 403 */, - W64LIT(0x4B852D325939D0A6) /* 404 */, W64LIT(0xD5AE6BEEFB207FFC) /* 405 */, - W64LIT(0x309682B281C7D374) /* 406 */, W64LIT(0xBAE309A194C3B475) /* 407 */, - W64LIT(0x8CC3F97B13B49F05) /* 408 */, W64LIT(0x98A9422FF8293967) /* 409 */, - W64LIT(0x244B16B01076FF7C) /* 410 */, W64LIT(0xF8BF571C663D67EE) /* 411 */, - W64LIT(0x1F0D6758EEE30DA1) /* 412 */, W64LIT(0xC9B611D97ADEB9B7) /* 413 */, - W64LIT(0xB7AFD5887B6C57A2) /* 414 */, W64LIT(0x6290AE846B984FE1) /* 415 */, - W64LIT(0x94DF4CDEACC1A5FD) /* 416 */, W64LIT(0x058A5BD1C5483AFF) /* 417 */, - W64LIT(0x63166CC142BA3C37) /* 418 */, W64LIT(0x8DB8526EB2F76F40) /* 419 */, - W64LIT(0xE10880036F0D6D4E) /* 420 */, W64LIT(0x9E0523C9971D311D) /* 421 */, - W64LIT(0x45EC2824CC7CD691) /* 422 */, W64LIT(0x575B8359E62382C9) /* 423 */, - W64LIT(0xFA9E400DC4889995) /* 424 */, W64LIT(0xD1823ECB45721568) /* 425 */, - W64LIT(0xDAFD983B8206082F) /* 426 */, W64LIT(0xAA7D29082386A8CB) /* 427 */, - W64LIT(0x269FCD4403B87588) /* 428 */, W64LIT(0x1B91F5F728BDD1E0) /* 429 */, - W64LIT(0xE4669F39040201F6) /* 430 */, W64LIT(0x7A1D7C218CF04ADE) /* 431 */, - W64LIT(0x65623C29D79CE5CE) /* 432 */, W64LIT(0x2368449096C00BB1) /* 433 */, - W64LIT(0xAB9BF1879DA503BA) /* 434 */, W64LIT(0xBC23ECB1A458058E) /* 435 */, - W64LIT(0x9A58DF01BB401ECC) /* 436 */, W64LIT(0xA070E868A85F143D) /* 437 */, - W64LIT(0x4FF188307DF2239E) /* 438 */, W64LIT(0x14D565B41A641183) /* 439 */, - W64LIT(0xEE13337452701602) /* 440 */, W64LIT(0x950E3DCF3F285E09) /* 441 */, - W64LIT(0x59930254B9C80953) /* 442 */, W64LIT(0x3BF299408930DA6D) /* 443 */, - W64LIT(0xA955943F53691387) /* 444 */, W64LIT(0xA15EDECAA9CB8784) /* 445 */, - W64LIT(0x29142127352BE9A0) /* 446 */, W64LIT(0x76F0371FFF4E7AFB) /* 447 */, - W64LIT(0x0239F450274F2228) /* 448 */, W64LIT(0xBB073AF01D5E868B) /* 449 */, - W64LIT(0xBFC80571C10E96C1) /* 450 */, W64LIT(0xD267088568222E23) /* 451 */, - W64LIT(0x9671A3D48E80B5B0) /* 452 */, W64LIT(0x55B5D38AE193BB81) /* 453 */, - W64LIT(0x693AE2D0A18B04B8) /* 454 */, W64LIT(0x5C48B4ECADD5335F) /* 455 */, - W64LIT(0xFD743B194916A1CA) /* 456 */, W64LIT(0x2577018134BE98C4) /* 457 */, - W64LIT(0xE77987E83C54A4AD) /* 458 */, W64LIT(0x28E11014DA33E1B9) /* 459 */, - W64LIT(0x270CC59E226AA213) /* 460 */, W64LIT(0x71495F756D1A5F60) /* 461 */, - W64LIT(0x9BE853FB60AFEF77) /* 462 */, W64LIT(0xADC786A7F7443DBF) /* 463 */, - W64LIT(0x0904456173B29A82) /* 464 */, W64LIT(0x58BC7A66C232BD5E) /* 465 */, - W64LIT(0xF306558C673AC8B2) /* 466 */, W64LIT(0x41F639C6B6C9772A) /* 467 */, - W64LIT(0x216DEFE99FDA35DA) /* 468 */, W64LIT(0x11640CC71C7BE615) /* 469 */, - W64LIT(0x93C43694565C5527) /* 470 */, W64LIT(0xEA038E6246777839) /* 471 */, - W64LIT(0xF9ABF3CE5A3E2469) /* 472 */, W64LIT(0x741E768D0FD312D2) /* 473 */, - W64LIT(0x0144B883CED652C6) /* 474 */, W64LIT(0xC20B5A5BA33F8552) /* 475 */, - W64LIT(0x1AE69633C3435A9D) /* 476 */, W64LIT(0x97A28CA4088CFDEC) /* 477 */, - W64LIT(0x8824A43C1E96F420) /* 478 */, W64LIT(0x37612FA66EEEA746) /* 479 */, - W64LIT(0x6B4CB165F9CF0E5A) /* 480 */, W64LIT(0x43AA1C06A0ABFB4A) /* 481 */, - W64LIT(0x7F4DC26FF162796B) /* 482 */, W64LIT(0x6CBACC8E54ED9B0F) /* 483 */, - W64LIT(0xA6B7FFEFD2BB253E) /* 484 */, W64LIT(0x2E25BC95B0A29D4F) /* 485 */, - W64LIT(0x86D6A58BDEF1388C) /* 486 */, W64LIT(0xDED74AC576B6F054) /* 487 */, - W64LIT(0x8030BDBC2B45805D) /* 488 */, W64LIT(0x3C81AF70E94D9289) /* 489 */, - W64LIT(0x3EFF6DDA9E3100DB) /* 490 */, W64LIT(0xB38DC39FDFCC8847) /* 491 */, - W64LIT(0x123885528D17B87E) /* 492 */, W64LIT(0xF2DA0ED240B1B642) /* 493 */, - W64LIT(0x44CEFADCD54BF9A9) /* 494 */, W64LIT(0x1312200E433C7EE6) /* 495 */, - W64LIT(0x9FFCC84F3A78C748) /* 496 */, W64LIT(0xF0CD1F72248576BB) /* 497 */, - W64LIT(0xEC6974053638CFE4) /* 498 */, W64LIT(0x2BA7B67C0CEC4E4C) /* 499 */, - W64LIT(0xAC2F4DF3E5CE32ED) /* 500 */, W64LIT(0xCB33D14326EA4C11) /* 501 */, - W64LIT(0xA4E9044CC77E58BC) /* 502 */, W64LIT(0x5F513293D934FCEF) /* 503 */, - W64LIT(0x5DC9645506E55444) /* 504 */, W64LIT(0x50DE418F317DE40A) /* 505 */, - W64LIT(0x388CB31A69DDE259) /* 506 */, W64LIT(0x2DB4A83455820A86) /* 507 */, - W64LIT(0x9010A91E84711AE9) /* 508 */, W64LIT(0x4DF7F0B7B1498371) /* 509 */, - W64LIT(0xD62A2EABC0977179) /* 510 */, W64LIT(0x22FAC097AA8D5C0E) /* 511 */, - W64LIT(0xF49FCC2FF1DAF39B) /* 512 */, W64LIT(0x487FD5C66FF29281) /* 513 */, - W64LIT(0xE8A30667FCDCA83F) /* 514 */, W64LIT(0x2C9B4BE3D2FCCE63) /* 515 */, - W64LIT(0xDA3FF74B93FBBBC2) /* 516 */, W64LIT(0x2FA165D2FE70BA66) /* 517 */, - W64LIT(0xA103E279970E93D4) /* 518 */, W64LIT(0xBECDEC77B0E45E71) /* 519 */, - W64LIT(0xCFB41E723985E497) /* 520 */, W64LIT(0xB70AAA025EF75017) /* 521 */, - W64LIT(0xD42309F03840B8E0) /* 522 */, W64LIT(0x8EFC1AD035898579) /* 523 */, - W64LIT(0x96C6920BE2B2ABC5) /* 524 */, W64LIT(0x66AF4163375A9172) /* 525 */, - W64LIT(0x2174ABDCCA7127FB) /* 526 */, W64LIT(0xB33CCEA64A72FF41) /* 527 */, - W64LIT(0xF04A4933083066A5) /* 528 */, W64LIT(0x8D970ACDD7289AF5) /* 529 */, - W64LIT(0x8F96E8E031C8C25E) /* 530 */, W64LIT(0xF3FEC02276875D47) /* 531 */, - W64LIT(0xEC7BF310056190DD) /* 532 */, W64LIT(0xF5ADB0AEBB0F1491) /* 533 */, - W64LIT(0x9B50F8850FD58892) /* 534 */, W64LIT(0x4975488358B74DE8) /* 535 */, - W64LIT(0xA3354FF691531C61) /* 536 */, W64LIT(0x0702BBE481D2C6EE) /* 537 */, - W64LIT(0x89FB24057DEDED98) /* 538 */, W64LIT(0xAC3075138596E902) /* 539 */, - W64LIT(0x1D2D3580172772ED) /* 540 */, W64LIT(0xEB738FC28E6BC30D) /* 541 */, - W64LIT(0x5854EF8F63044326) /* 542 */, W64LIT(0x9E5C52325ADD3BBE) /* 543 */, - W64LIT(0x90AA53CF325C4623) /* 544 */, W64LIT(0xC1D24D51349DD067) /* 545 */, - W64LIT(0x2051CFEEA69EA624) /* 546 */, W64LIT(0x13220F0A862E7E4F) /* 547 */, - W64LIT(0xCE39399404E04864) /* 548 */, W64LIT(0xD9C42CA47086FCB7) /* 549 */, - W64LIT(0x685AD2238A03E7CC) /* 550 */, W64LIT(0x066484B2AB2FF1DB) /* 551 */, - W64LIT(0xFE9D5D70EFBF79EC) /* 552 */, W64LIT(0x5B13B9DD9C481854) /* 553 */, - W64LIT(0x15F0D475ED1509AD) /* 554 */, W64LIT(0x0BEBCD060EC79851) /* 555 */, - W64LIT(0xD58C6791183AB7F8) /* 556 */, W64LIT(0xD1187C5052F3EEE4) /* 557 */, - W64LIT(0xC95D1192E54E82FF) /* 558 */, W64LIT(0x86EEA14CB9AC6CA2) /* 559 */, - W64LIT(0x3485BEB153677D5D) /* 560 */, W64LIT(0xDD191D781F8C492A) /* 561 */, - W64LIT(0xF60866BAA784EBF9) /* 562 */, W64LIT(0x518F643BA2D08C74) /* 563 */, - W64LIT(0x8852E956E1087C22) /* 564 */, W64LIT(0xA768CB8DC410AE8D) /* 565 */, - W64LIT(0x38047726BFEC8E1A) /* 566 */, W64LIT(0xA67738B4CD3B45AA) /* 567 */, - W64LIT(0xAD16691CEC0DDE19) /* 568 */, W64LIT(0xC6D4319380462E07) /* 569 */, - W64LIT(0xC5A5876D0BA61938) /* 570 */, W64LIT(0x16B9FA1FA58FD840) /* 571 */, - W64LIT(0x188AB1173CA74F18) /* 572 */, W64LIT(0xABDA2F98C99C021F) /* 573 */, - W64LIT(0x3E0580AB134AE816) /* 574 */, W64LIT(0x5F3B05B773645ABB) /* 575 */, - W64LIT(0x2501A2BE5575F2F6) /* 576 */, W64LIT(0x1B2F74004E7E8BA9) /* 577 */, - W64LIT(0x1CD7580371E8D953) /* 578 */, W64LIT(0x7F6ED89562764E30) /* 579 */, - W64LIT(0xB15926FF596F003D) /* 580 */, W64LIT(0x9F65293DA8C5D6B9) /* 581 */, - W64LIT(0x6ECEF04DD690F84C) /* 582 */, W64LIT(0x4782275FFF33AF88) /* 583 */, - W64LIT(0xE41433083F820801) /* 584 */, W64LIT(0xFD0DFE409A1AF9B5) /* 585 */, - W64LIT(0x4325A3342CDB396B) /* 586 */, W64LIT(0x8AE77E62B301B252) /* 587 */, - W64LIT(0xC36F9E9F6655615A) /* 588 */, W64LIT(0x85455A2D92D32C09) /* 589 */, - W64LIT(0xF2C7DEA949477485) /* 590 */, W64LIT(0x63CFB4C133A39EBA) /* 591 */, - W64LIT(0x83B040CC6EBC5462) /* 592 */, W64LIT(0x3B9454C8FDB326B0) /* 593 */, - W64LIT(0x56F56A9E87FFD78C) /* 594 */, W64LIT(0x2DC2940D99F42BC6) /* 595 */, - W64LIT(0x98F7DF096B096E2D) /* 596 */, W64LIT(0x19A6E01E3AD852BF) /* 597 */, - W64LIT(0x42A99CCBDBD4B40B) /* 598 */, W64LIT(0xA59998AF45E9C559) /* 599 */, - W64LIT(0x366295E807D93186) /* 600 */, W64LIT(0x6B48181BFAA1F773) /* 601 */, - W64LIT(0x1FEC57E2157A0A1D) /* 602 */, W64LIT(0x4667446AF6201AD5) /* 603 */, - W64LIT(0xE615EBCACFB0F075) /* 604 */, W64LIT(0xB8F31F4F68290778) /* 605 */, - W64LIT(0x22713ED6CE22D11E) /* 606 */, W64LIT(0x3057C1A72EC3C93B) /* 607 */, - W64LIT(0xCB46ACC37C3F1F2F) /* 608 */, W64LIT(0xDBB893FD02AAF50E) /* 609 */, - W64LIT(0x331FD92E600B9FCF) /* 610 */, W64LIT(0xA498F96148EA3AD6) /* 611 */, - W64LIT(0xA8D8426E8B6A83EA) /* 612 */, W64LIT(0xA089B274B7735CDC) /* 613 */, - W64LIT(0x87F6B3731E524A11) /* 614 */, W64LIT(0x118808E5CBC96749) /* 615 */, - W64LIT(0x9906E4C7B19BD394) /* 616 */, W64LIT(0xAFED7F7E9B24A20C) /* 617 */, - W64LIT(0x6509EADEEB3644A7) /* 618 */, W64LIT(0x6C1EF1D3E8EF0EDE) /* 619 */, - W64LIT(0xB9C97D43E9798FB4) /* 620 */, W64LIT(0xA2F2D784740C28A3) /* 621 */, - W64LIT(0x7B8496476197566F) /* 622 */, W64LIT(0x7A5BE3E6B65F069D) /* 623 */, - W64LIT(0xF96330ED78BE6F10) /* 624 */, W64LIT(0xEEE60DE77A076A15) /* 625 */, - W64LIT(0x2B4BEE4AA08B9BD0) /* 626 */, W64LIT(0x6A56A63EC7B8894E) /* 627 */, - W64LIT(0x02121359BA34FEF4) /* 628 */, W64LIT(0x4CBF99F8283703FC) /* 629 */, - W64LIT(0x398071350CAF30C8) /* 630 */, W64LIT(0xD0A77A89F017687A) /* 631 */, - W64LIT(0xF1C1A9EB9E423569) /* 632 */, W64LIT(0x8C7976282DEE8199) /* 633 */, - W64LIT(0x5D1737A5DD1F7ABD) /* 634 */, W64LIT(0x4F53433C09A9FA80) /* 635 */, - W64LIT(0xFA8B0C53DF7CA1D9) /* 636 */, W64LIT(0x3FD9DCBC886CCB77) /* 637 */, - W64LIT(0xC040917CA91B4720) /* 638 */, W64LIT(0x7DD00142F9D1DCDF) /* 639 */, - W64LIT(0x8476FC1D4F387B58) /* 640 */, W64LIT(0x23F8E7C5F3316503) /* 641 */, - W64LIT(0x032A2244E7E37339) /* 642 */, W64LIT(0x5C87A5D750F5A74B) /* 643 */, - W64LIT(0x082B4CC43698992E) /* 644 */, W64LIT(0xDF917BECB858F63C) /* 645 */, - W64LIT(0x3270B8FC5BF86DDA) /* 646 */, W64LIT(0x10AE72BB29B5DD76) /* 647 */, - W64LIT(0x576AC94E7700362B) /* 648 */, W64LIT(0x1AD112DAC61EFB8F) /* 649 */, - W64LIT(0x691BC30EC5FAA427) /* 650 */, W64LIT(0xFF246311CC327143) /* 651 */, - W64LIT(0x3142368E30E53206) /* 652 */, W64LIT(0x71380E31E02CA396) /* 653 */, - W64LIT(0x958D5C960AAD76F1) /* 654 */, W64LIT(0xF8D6F430C16DA536) /* 655 */, - W64LIT(0xC8FFD13F1BE7E1D2) /* 656 */, W64LIT(0x7578AE66004DDBE1) /* 657 */, - W64LIT(0x05833F01067BE646) /* 658 */, W64LIT(0xBB34B5AD3BFE586D) /* 659 */, - W64LIT(0x095F34C9A12B97F0) /* 660 */, W64LIT(0x247AB64525D60CA8) /* 661 */, - W64LIT(0xDCDBC6F3017477D1) /* 662 */, W64LIT(0x4A2E14D4DECAD24D) /* 663 */, - W64LIT(0xBDB5E6D9BE0A1EEB) /* 664 */, W64LIT(0x2A7E70F7794301AB) /* 665 */, - W64LIT(0xDEF42D8A270540FD) /* 666 */, W64LIT(0x01078EC0A34C22C1) /* 667 */, - W64LIT(0xE5DE511AF4C16387) /* 668 */, W64LIT(0x7EBB3A52BD9A330A) /* 669 */, - W64LIT(0x77697857AA7D6435) /* 670 */, W64LIT(0x004E831603AE4C32) /* 671 */, - W64LIT(0xE7A21020AD78E312) /* 672 */, W64LIT(0x9D41A70C6AB420F2) /* 673 */, - W64LIT(0x28E06C18EA1141E6) /* 674 */, W64LIT(0xD2B28CBD984F6B28) /* 675 */, - W64LIT(0x26B75F6C446E9D83) /* 676 */, W64LIT(0xBA47568C4D418D7F) /* 677 */, - W64LIT(0xD80BADBFE6183D8E) /* 678 */, W64LIT(0x0E206D7F5F166044) /* 679 */, - W64LIT(0xE258A43911CBCA3E) /* 680 */, W64LIT(0x723A1746B21DC0BC) /* 681 */, - W64LIT(0xC7CAA854F5D7CDD3) /* 682 */, W64LIT(0x7CAC32883D261D9C) /* 683 */, - W64LIT(0x7690C26423BA942C) /* 684 */, W64LIT(0x17E55524478042B8) /* 685 */, - W64LIT(0xE0BE477656A2389F) /* 686 */, W64LIT(0x4D289B5E67AB2DA0) /* 687 */, - W64LIT(0x44862B9C8FBBFD31) /* 688 */, W64LIT(0xB47CC8049D141365) /* 689 */, - W64LIT(0x822C1B362B91C793) /* 690 */, W64LIT(0x4EB14655FB13DFD8) /* 691 */, - W64LIT(0x1ECBBA0714E2A97B) /* 692 */, W64LIT(0x6143459D5CDE5F14) /* 693 */, - W64LIT(0x53A8FBF1D5F0AC89) /* 694 */, W64LIT(0x97EA04D81C5E5B00) /* 695 */, - W64LIT(0x622181A8D4FDB3F3) /* 696 */, W64LIT(0xE9BCD341572A1208) /* 697 */, - W64LIT(0x1411258643CCE58A) /* 698 */, W64LIT(0x9144C5FEA4C6E0A4) /* 699 */, - W64LIT(0x0D33D06565CF620F) /* 700 */, W64LIT(0x54A48D489F219CA1) /* 701 */, - W64LIT(0xC43E5EAC6D63C821) /* 702 */, W64LIT(0xA9728B3A72770DAF) /* 703 */, - W64LIT(0xD7934E7B20DF87EF) /* 704 */, W64LIT(0xE35503B61A3E86E5) /* 705 */, - W64LIT(0xCAE321FBC819D504) /* 706 */, W64LIT(0x129A50B3AC60BFA6) /* 707 */, - W64LIT(0xCD5E68EA7E9FB6C3) /* 708 */, W64LIT(0xB01C90199483B1C7) /* 709 */, - W64LIT(0x3DE93CD5C295376C) /* 710 */, W64LIT(0xAED52EDF2AB9AD13) /* 711 */, - W64LIT(0x2E60F512C0A07884) /* 712 */, W64LIT(0xBC3D86A3E36210C9) /* 713 */, - W64LIT(0x35269D9B163951CE) /* 714 */, W64LIT(0x0C7D6E2AD0CDB5FA) /* 715 */, - W64LIT(0x59E86297D87F5733) /* 716 */, W64LIT(0x298EF221898DB0E7) /* 717 */, - W64LIT(0x55000029D1A5AA7E) /* 718 */, W64LIT(0x8BC08AE1B5061B45) /* 719 */, - W64LIT(0xC2C31C2B6C92703A) /* 720 */, W64LIT(0x94CC596BAF25EF42) /* 721 */, - W64LIT(0x0A1D73DB22540456) /* 722 */, W64LIT(0x04B6A0F9D9C4179A) /* 723 */, - W64LIT(0xEFFDAFA2AE3D3C60) /* 724 */, W64LIT(0xF7C8075BB49496C4) /* 725 */, - W64LIT(0x9CC5C7141D1CD4E3) /* 726 */, W64LIT(0x78BD1638218E5534) /* 727 */, - W64LIT(0xB2F11568F850246A) /* 728 */, W64LIT(0xEDFABCFA9502BC29) /* 729 */, - W64LIT(0x796CE5F2DA23051B) /* 730 */, W64LIT(0xAAE128B0DC93537C) /* 731 */, - W64LIT(0x3A493DA0EE4B29AE) /* 732 */, W64LIT(0xB5DF6B2C416895D7) /* 733 */, - W64LIT(0xFCABBD25122D7F37) /* 734 */, W64LIT(0x70810B58105DC4B1) /* 735 */, - W64LIT(0xE10FDD37F7882A90) /* 736 */, W64LIT(0x524DCAB5518A3F5C) /* 737 */, - W64LIT(0x3C9E85878451255B) /* 738 */, W64LIT(0x4029828119BD34E2) /* 739 */, - W64LIT(0x74A05B6F5D3CECCB) /* 740 */, W64LIT(0xB610021542E13ECA) /* 741 */, - W64LIT(0x0FF979D12F59E2AC) /* 742 */, W64LIT(0x6037DA27E4F9CC50) /* 743 */, - W64LIT(0x5E92975A0DF1847D) /* 744 */, W64LIT(0xD66DE190D3E623FE) /* 745 */, - W64LIT(0x5032D6B87B568048) /* 746 */, W64LIT(0x9A36B7CE8235216E) /* 747 */, - W64LIT(0x80272A7A24F64B4A) /* 748 */, W64LIT(0x93EFED8B8C6916F7) /* 749 */, - W64LIT(0x37DDBFF44CCE1555) /* 750 */, W64LIT(0x4B95DB5D4B99BD25) /* 751 */, - W64LIT(0x92D3FDA169812FC0) /* 752 */, W64LIT(0xFB1A4A9A90660BB6) /* 753 */, - W64LIT(0x730C196946A4B9B2) /* 754 */, W64LIT(0x81E289AA7F49DA68) /* 755 */, - W64LIT(0x64669A0F83B1A05F) /* 756 */, W64LIT(0x27B3FF7D9644F48B) /* 757 */, - W64LIT(0xCC6B615C8DB675B3) /* 758 */, W64LIT(0x674F20B9BCEBBE95) /* 759 */, - W64LIT(0x6F31238275655982) /* 760 */, W64LIT(0x5AE488713E45CF05) /* 761 */, - W64LIT(0xBF619F9954C21157) /* 762 */, W64LIT(0xEABAC46040A8EAE9) /* 763 */, - W64LIT(0x454C6FE9F2C0C1CD) /* 764 */, W64LIT(0x419CF6496412691C) /* 765 */, - W64LIT(0xD3DC3BEF265B0F70) /* 766 */, W64LIT(0x6D0E60F5C3578A9E) /* 767 */, - W64LIT(0x5B0E608526323C55) /* 768 */, W64LIT(0x1A46C1A9FA1B59F5) /* 769 */, - W64LIT(0xA9E245A17C4C8FFA) /* 770 */, W64LIT(0x65CA5159DB2955D7) /* 771 */, - W64LIT(0x05DB0A76CE35AFC2) /* 772 */, W64LIT(0x81EAC77EA9113D45) /* 773 */, - W64LIT(0x528EF88AB6AC0A0D) /* 774 */, W64LIT(0xA09EA253597BE3FF) /* 775 */, - W64LIT(0x430DDFB3AC48CD56) /* 776 */, W64LIT(0xC4B3A67AF45CE46F) /* 777 */, - W64LIT(0x4ECECFD8FBE2D05E) /* 778 */, W64LIT(0x3EF56F10B39935F0) /* 779 */, - W64LIT(0x0B22D6829CD619C6) /* 780 */, W64LIT(0x17FD460A74DF2069) /* 781 */, - W64LIT(0x6CF8CC8E8510ED40) /* 782 */, W64LIT(0xD6C824BF3A6ECAA7) /* 783 */, - W64LIT(0x61243D581A817049) /* 784 */, W64LIT(0x048BACB6BBC163A2) /* 785 */, - W64LIT(0xD9A38AC27D44CC32) /* 786 */, W64LIT(0x7FDDFF5BAAF410AB) /* 787 */, - W64LIT(0xAD6D495AA804824B) /* 788 */, W64LIT(0xE1A6A74F2D8C9F94) /* 789 */, - W64LIT(0xD4F7851235DEE8E3) /* 790 */, W64LIT(0xFD4B7F886540D893) /* 791 */, - W64LIT(0x247C20042AA4BFDA) /* 792 */, W64LIT(0x096EA1C517D1327C) /* 793 */, - W64LIT(0xD56966B4361A6685) /* 794 */, W64LIT(0x277DA5C31221057D) /* 795 */, - W64LIT(0x94D59893A43ACFF7) /* 796 */, W64LIT(0x64F0C51CCDC02281) /* 797 */, - W64LIT(0x3D33BCC4FF6189DB) /* 798 */, W64LIT(0xE005CB184CE66AF1) /* 799 */, - W64LIT(0xFF5CCD1D1DB99BEA) /* 800 */, W64LIT(0xB0B854A7FE42980F) /* 801 */, - W64LIT(0x7BD46A6A718D4B9F) /* 802 */, W64LIT(0xD10FA8CC22A5FD8C) /* 803 */, - W64LIT(0xD31484952BE4BD31) /* 804 */, W64LIT(0xC7FA975FCB243847) /* 805 */, - W64LIT(0x4886ED1E5846C407) /* 806 */, W64LIT(0x28CDDB791EB70B04) /* 807 */, - W64LIT(0xC2B00BE2F573417F) /* 808 */, W64LIT(0x5C9590452180F877) /* 809 */, - W64LIT(0x7A6BDDFFF370EB00) /* 810 */, W64LIT(0xCE509E38D6D9D6A4) /* 811 */, - W64LIT(0xEBEB0F00647FA702) /* 812 */, W64LIT(0x1DCC06CF76606F06) /* 813 */, - W64LIT(0xE4D9F28BA286FF0A) /* 814 */, W64LIT(0xD85A305DC918C262) /* 815 */, - W64LIT(0x475B1D8732225F54) /* 816 */, W64LIT(0x2D4FB51668CCB5FE) /* 817 */, - W64LIT(0xA679B9D9D72BBA20) /* 818 */, W64LIT(0x53841C0D912D43A5) /* 819 */, - W64LIT(0x3B7EAA48BF12A4E8) /* 820 */, W64LIT(0x781E0E47F22F1DDF) /* 821 */, - W64LIT(0xEFF20CE60AB50973) /* 822 */, W64LIT(0x20D261D19DFFB742) /* 823 */, - W64LIT(0x16A12B03062A2E39) /* 824 */, W64LIT(0x1960EB2239650495) /* 825 */, - W64LIT(0x251C16FED50EB8B8) /* 826 */, W64LIT(0x9AC0C330F826016E) /* 827 */, - W64LIT(0xED152665953E7671) /* 828 */, W64LIT(0x02D63194A6369570) /* 829 */, - W64LIT(0x5074F08394B1C987) /* 830 */, W64LIT(0x70BA598C90B25CE1) /* 831 */, - W64LIT(0x794A15810B9742F6) /* 832 */, W64LIT(0x0D5925E9FCAF8C6C) /* 833 */, - W64LIT(0x3067716CD868744E) /* 834 */, W64LIT(0x910AB077E8D7731B) /* 835 */, - W64LIT(0x6A61BBDB5AC42F61) /* 836 */, W64LIT(0x93513EFBF0851567) /* 837 */, - W64LIT(0xF494724B9E83E9D5) /* 838 */, W64LIT(0xE887E1985C09648D) /* 839 */, - W64LIT(0x34B1D3C675370CFD) /* 840 */, W64LIT(0xDC35E433BC0D255D) /* 841 */, - W64LIT(0xD0AAB84234131BE0) /* 842 */, W64LIT(0x08042A50B48B7EAF) /* 843 */, - W64LIT(0x9997C4EE44A3AB35) /* 844 */, W64LIT(0x829A7B49201799D0) /* 845 */, - W64LIT(0x263B8307B7C54441) /* 846 */, W64LIT(0x752F95F4FD6A6CA6) /* 847 */, - W64LIT(0x927217402C08C6E5) /* 848 */, W64LIT(0x2A8AB754A795D9EE) /* 849 */, - W64LIT(0xA442F7552F72943D) /* 850 */, W64LIT(0x2C31334E19781208) /* 851 */, - W64LIT(0x4FA98D7CEAEE6291) /* 852 */, W64LIT(0x55C3862F665DB309) /* 853 */, - W64LIT(0xBD0610175D53B1F3) /* 854 */, W64LIT(0x46FE6CB840413F27) /* 855 */, - W64LIT(0x3FE03792DF0CFA59) /* 856 */, W64LIT(0xCFE700372EB85E8F) /* 857 */, - W64LIT(0xA7BE29E7ADBCE118) /* 858 */, W64LIT(0xE544EE5CDE8431DD) /* 859 */, - W64LIT(0x8A781B1B41F1873E) /* 860 */, W64LIT(0xA5C94C78A0D2F0E7) /* 861 */, - W64LIT(0x39412E2877B60728) /* 862 */, W64LIT(0xA1265EF3AFC9A62C) /* 863 */, - W64LIT(0xBCC2770C6A2506C5) /* 864 */, W64LIT(0x3AB66DD5DCE1CE12) /* 865 */, - W64LIT(0xE65499D04A675B37) /* 866 */, W64LIT(0x7D8F523481BFD216) /* 867 */, - W64LIT(0x0F6F64FCEC15F389) /* 868 */, W64LIT(0x74EFBE618B5B13C8) /* 869 */, - W64LIT(0xACDC82B714273E1D) /* 870 */, W64LIT(0xDD40BFE003199D17) /* 871 */, - W64LIT(0x37E99257E7E061F8) /* 872 */, W64LIT(0xFA52626904775AAA) /* 873 */, - W64LIT(0x8BBBF63A463D56F9) /* 874 */, W64LIT(0xF0013F1543A26E64) /* 875 */, - W64LIT(0xA8307E9F879EC898) /* 876 */, W64LIT(0xCC4C27A4150177CC) /* 877 */, - W64LIT(0x1B432F2CCA1D3348) /* 878 */, W64LIT(0xDE1D1F8F9F6FA013) /* 879 */, - W64LIT(0x606602A047A7DDD6) /* 880 */, W64LIT(0xD237AB64CC1CB2C7) /* 881 */, - W64LIT(0x9B938E7225FCD1D3) /* 882 */, W64LIT(0xEC4E03708E0FF476) /* 883 */, - W64LIT(0xFEB2FBDA3D03C12D) /* 884 */, W64LIT(0xAE0BCED2EE43889A) /* 885 */, - W64LIT(0x22CB8923EBFB4F43) /* 886 */, W64LIT(0x69360D013CF7396D) /* 887 */, - W64LIT(0x855E3602D2D4E022) /* 888 */, W64LIT(0x073805BAD01F784C) /* 889 */, - W64LIT(0x33E17A133852F546) /* 890 */, W64LIT(0xDF4874058AC7B638) /* 891 */, - W64LIT(0xBA92B29C678AA14A) /* 892 */, W64LIT(0x0CE89FC76CFAADCD) /* 893 */, - W64LIT(0x5F9D4E0908339E34) /* 894 */, W64LIT(0xF1AFE9291F5923B9) /* 895 */, - W64LIT(0x6E3480F60F4A265F) /* 896 */, W64LIT(0xEEBF3A2AB29B841C) /* 897 */, - W64LIT(0xE21938A88F91B4AD) /* 898 */, W64LIT(0x57DFEFF845C6D3C3) /* 899 */, - W64LIT(0x2F006B0BF62CAAF2) /* 900 */, W64LIT(0x62F479EF6F75EE78) /* 901 */, - W64LIT(0x11A55AD41C8916A9) /* 902 */, W64LIT(0xF229D29084FED453) /* 903 */, - W64LIT(0x42F1C27B16B000E6) /* 904 */, W64LIT(0x2B1F76749823C074) /* 905 */, - W64LIT(0x4B76ECA3C2745360) /* 906 */, W64LIT(0x8C98F463B91691BD) /* 907 */, - W64LIT(0x14BCC93CF1ADE66A) /* 908 */, W64LIT(0x8885213E6D458397) /* 909 */, - W64LIT(0x8E177DF0274D4711) /* 910 */, W64LIT(0xB49B73B5503F2951) /* 911 */, - W64LIT(0x10168168C3F96B6B) /* 912 */, W64LIT(0x0E3D963B63CAB0AE) /* 913 */, - W64LIT(0x8DFC4B5655A1DB14) /* 914 */, W64LIT(0xF789F1356E14DE5C) /* 915 */, - W64LIT(0x683E68AF4E51DAC1) /* 916 */, W64LIT(0xC9A84F9D8D4B0FD9) /* 917 */, - W64LIT(0x3691E03F52A0F9D1) /* 918 */, W64LIT(0x5ED86E46E1878E80) /* 919 */, - W64LIT(0x3C711A0E99D07150) /* 920 */, W64LIT(0x5A0865B20C4E9310) /* 921 */, - W64LIT(0x56FBFC1FE4F0682E) /* 922 */, W64LIT(0xEA8D5DE3105EDF9B) /* 923 */, - W64LIT(0x71ABFDB12379187A) /* 924 */, W64LIT(0x2EB99DE1BEE77B9C) /* 925 */, - W64LIT(0x21ECC0EA33CF4523) /* 926 */, W64LIT(0x59A4D7521805C7A1) /* 927 */, - W64LIT(0x3896F5EB56AE7C72) /* 928 */, W64LIT(0xAA638F3DB18F75DC) /* 929 */, - W64LIT(0x9F39358DABE9808E) /* 930 */, W64LIT(0xB7DEFA91C00B72AC) /* 931 */, - W64LIT(0x6B5541FD62492D92) /* 932 */, W64LIT(0x6DC6DEE8F92E4D5B) /* 933 */, - W64LIT(0x353F57ABC4BEEA7E) /* 934 */, W64LIT(0x735769D6DA5690CE) /* 935 */, - W64LIT(0x0A234AA642391484) /* 936 */, W64LIT(0xF6F9508028F80D9D) /* 937 */, - W64LIT(0xB8E319A27AB3F215) /* 938 */, W64LIT(0x31AD9C1151341A4D) /* 939 */, - W64LIT(0x773C22A57BEF5805) /* 940 */, W64LIT(0x45C7561A07968633) /* 941 */, - W64LIT(0xF913DA9E249DBE36) /* 942 */, W64LIT(0xDA652D9B78A64C68) /* 943 */, - W64LIT(0x4C27A97F3BC334EF) /* 944 */, W64LIT(0x76621220E66B17F4) /* 945 */, - W64LIT(0x967743899ACD7D0B) /* 946 */, W64LIT(0xF3EE5BCAE0ED6782) /* 947 */, - W64LIT(0x409F753600C879FC) /* 948 */, W64LIT(0x06D09A39B5926DB6) /* 949 */, - W64LIT(0x6F83AEB0317AC588) /* 950 */, W64LIT(0x01E6CA4A86381F21) /* 951 */, - W64LIT(0x66FF3462D19F3025) /* 952 */, W64LIT(0x72207C24DDFD3BFB) /* 953 */, - W64LIT(0x4AF6B6D3E2ECE2EB) /* 954 */, W64LIT(0x9C994DBEC7EA08DE) /* 955 */, - W64LIT(0x49ACE597B09A8BC4) /* 956 */, W64LIT(0xB38C4766CF0797BA) /* 957 */, - W64LIT(0x131B9373C57C2A75) /* 958 */, W64LIT(0xB1822CCE61931E58) /* 959 */, - W64LIT(0x9D7555B909BA1C0C) /* 960 */, W64LIT(0x127FAFDD937D11D2) /* 961 */, - W64LIT(0x29DA3BADC66D92E4) /* 962 */, W64LIT(0xA2C1D57154C2ECBC) /* 963 */, - W64LIT(0x58C5134D82F6FE24) /* 964 */, W64LIT(0x1C3AE3515B62274F) /* 965 */, - W64LIT(0xE907C82E01CB8126) /* 966 */, W64LIT(0xF8ED091913E37FCB) /* 967 */, - W64LIT(0x3249D8F9C80046C9) /* 968 */, W64LIT(0x80CF9BEDE388FB63) /* 969 */, - W64LIT(0x1881539A116CF19E) /* 970 */, W64LIT(0x5103F3F76BD52457) /* 971 */, - W64LIT(0x15B7E6F5AE47F7A8) /* 972 */, W64LIT(0xDBD7C6DED47E9CCF) /* 973 */, - W64LIT(0x44E55C410228BB1A) /* 974 */, W64LIT(0xB647D4255EDB4E99) /* 975 */, - W64LIT(0x5D11882BB8AAFC30) /* 976 */, W64LIT(0xF5098BBB29D3212A) /* 977 */, - W64LIT(0x8FB5EA14E90296B3) /* 978 */, W64LIT(0x677B942157DD025A) /* 979 */, - W64LIT(0xFB58E7C0A390ACB5) /* 980 */, W64LIT(0x89D3674C83BD4A01) /* 981 */, - W64LIT(0x9E2DA4DF4BF3B93B) /* 982 */, W64LIT(0xFCC41E328CAB4829) /* 983 */, - W64LIT(0x03F38C96BA582C52) /* 984 */, W64LIT(0xCAD1BDBD7FD85DB2) /* 985 */, - W64LIT(0xBBB442C16082AE83) /* 986 */, W64LIT(0xB95FE86BA5DA9AB0) /* 987 */, - W64LIT(0xB22E04673771A93F) /* 988 */, W64LIT(0x845358C9493152D8) /* 989 */, - W64LIT(0xBE2A488697B4541E) /* 990 */, W64LIT(0x95A2DC2DD38E6966) /* 991 */, - W64LIT(0xC02C11AC923C852B) /* 992 */, W64LIT(0x2388B1990DF2A87B) /* 993 */, - W64LIT(0x7C8008FA1B4F37BE) /* 994 */, W64LIT(0x1F70D0C84D54E503) /* 995 */, - W64LIT(0x5490ADEC7ECE57D4) /* 996 */, W64LIT(0x002B3C27D9063A3A) /* 997 */, - W64LIT(0x7EAEA3848030A2BF) /* 998 */, W64LIT(0xC602326DED2003C0) /* 999 */, - W64LIT(0x83A7287D69A94086) /* 1000 */, W64LIT(0xC57A5FCB30F57A8A) /* 1001 */, - W64LIT(0xB56844E479EBE779) /* 1002 */, W64LIT(0xA373B40F05DCBCE9) /* 1003 */, - W64LIT(0xD71A786E88570EE2) /* 1004 */, W64LIT(0x879CBACDBDE8F6A0) /* 1005 */, - W64LIT(0x976AD1BCC164A32F) /* 1006 */, W64LIT(0xAB21E25E9666D78B) /* 1007 */, - W64LIT(0x901063AAE5E5C33C) /* 1008 */, W64LIT(0x9818B34448698D90) /* 1009 */, - W64LIT(0xE36487AE3E1E8ABB) /* 1010 */, W64LIT(0xAFBDF931893BDCB4) /* 1011 */, - W64LIT(0x6345A0DC5FBBD519) /* 1012 */, W64LIT(0x8628FE269B9465CA) /* 1013 */, - W64LIT(0x1E5D01603F9C51EC) /* 1014 */, W64LIT(0x4DE44006A15049B7) /* 1015 */, - W64LIT(0xBF6C70E5F776CBB1) /* 1016 */, W64LIT(0x411218F2EF552BED) /* 1017 */, - W64LIT(0xCB0C0708705A36A3) /* 1018 */, W64LIT(0xE74D14754F986044) /* 1019 */, - W64LIT(0xCD56D9430EA8280E) /* 1020 */, W64LIT(0xC12591D7535F5065) /* 1021 */, - W64LIT(0xC83223F1720AEF96) /* 1022 */, W64LIT(0xC3A0396F7363A51F) /* 1023 */, - W64LIT(0xffffffffffffffff), - W64LIT(0xA5A5A5A5A5A5A5A5), - W64LIT(0x0123456789ABCDEF), -}; - -NAMESPACE_END diff --git a/cryptopp562/trdlocal.cpp b/cryptopp562/trdlocal.cpp deleted file mode 100644 index 6d6b822..0000000 --- a/cryptopp562/trdlocal.cpp +++ /dev/null @@ -1,73 +0,0 @@ -// trdlocal.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#ifndef CRYPTOPP_IMPORTS -#ifdef THREADS_AVAILABLE - -#include "trdlocal.h" - -#ifdef HAS_WINTHREADS -#include <windows.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -ThreadLocalStorage::Err::Err(const std::string& operation, int error) - : OS_Error(OTHER_ERROR, "ThreadLocalStorage: " + operation + " operation failed with error 0x" + IntToString(error, 16), operation, error) -{ -} - -ThreadLocalStorage::ThreadLocalStorage() -{ -#ifdef HAS_WINTHREADS - m_index = TlsAlloc(); - if (m_index == TLS_OUT_OF_INDEXES) - throw Err("TlsAlloc", GetLastError()); -#else - int error = pthread_key_create(&m_index, NULL); - if (error) - throw Err("pthread_key_create", error); -#endif -} - -ThreadLocalStorage::~ThreadLocalStorage() -{ -#ifdef HAS_WINTHREADS - if (!TlsFree(m_index)) - throw Err("TlsFree", GetLastError()); -#else - int error = pthread_key_delete(m_index); - if (error) - throw Err("pthread_key_delete", error); -#endif -} - -void ThreadLocalStorage::SetValue(void *value) -{ -#ifdef HAS_WINTHREADS - if (!TlsSetValue(m_index, value)) - throw Err("TlsSetValue", GetLastError()); -#else - int error = pthread_setspecific(m_index, value); - if (error) - throw Err("pthread_key_getspecific", error); -#endif -} - -void *ThreadLocalStorage::GetValue() const -{ -#ifdef HAS_WINTHREADS - void *result = TlsGetValue(m_index); - if (!result && GetLastError() != NO_ERROR) - throw Err("TlsGetValue", GetLastError()); -#else - void *result = pthread_getspecific(m_index); -#endif - return result; -} - -NAMESPACE_END - -#endif // #ifdef THREADS_AVAILABLE -#endif diff --git a/cryptopp562/trdlocal.h b/cryptopp562/trdlocal.h deleted file mode 100644 index 92d244a..0000000 --- a/cryptopp562/trdlocal.h +++ /dev/null @@ -1,44 +0,0 @@ -#ifndef CRYPTOPP_TRDLOCAL_H -#define CRYPTOPP_TRDLOCAL_H - -#include "config.h" - -#ifdef THREADS_AVAILABLE - -#include "misc.h" - -#ifdef HAS_WINTHREADS -typedef unsigned long ThreadLocalIndexType; -#else -#include <pthread.h> -typedef pthread_key_t ThreadLocalIndexType; -#endif - -NAMESPACE_BEGIN(CryptoPP) - -//! thread local storage -class CRYPTOPP_DLL ThreadLocalStorage : public NotCopyable -{ -public: - //! exception thrown by ThreadLocalStorage class - class Err : public OS_Error - { - public: - Err(const std::string& operation, int error); - }; - - ThreadLocalStorage(); - ~ThreadLocalStorage(); - - void SetValue(void *value); - void *GetValue() const; - -private: - ThreadLocalIndexType m_index; -}; - -NAMESPACE_END - -#endif // #ifdef THREADS_AVAILABLE - -#endif diff --git a/cryptopp562/trunhash.h b/cryptopp562/trunhash.h deleted file mode 100644 index c1c4e9b..0000000 --- a/cryptopp562/trunhash.h +++ /dev/null @@ -1,48 +0,0 @@ -#ifndef CRYPTOPP_TRUNHASH_H -#define CRYPTOPP_TRUNHASH_H - -#include "cryptlib.h" - -NAMESPACE_BEGIN(CryptoPP) - -class NullHash : public HashTransformation -{ -public: - void Update(const byte *input, size_t length) {} - unsigned int DigestSize() const {return 0;} - void TruncatedFinal(byte *digest, size_t digestSize) {} - bool TruncatedVerify(const byte *digest, size_t digestLength) {return true;} -}; - -//! construct new HashModule with smaller DigestSize() from existing one -template <class T> -class TruncatedHashTemplate : public HashTransformation -{ -public: - TruncatedHashTemplate(T hm, unsigned int digestSize) - : m_hm(hm), m_digestSize(digestSize) {} - TruncatedHashTemplate(const byte *key, size_t keyLength, unsigned int digestSize) - : m_hm(key, keyLength), m_digestSize(digestSize) {} - TruncatedHashTemplate(size_t digestSize) - : m_digestSize(digestSize) {} - - void Restart() - {m_hm.Restart();} - void Update(const byte *input, size_t length) - {m_hm.Update(input, length);} - unsigned int DigestSize() const {return m_digestSize;} - void TruncatedFinal(byte *digest, size_t digestSize) - {m_hm.TruncatedFinal(digest, digestSize);} - bool TruncatedVerify(const byte *digest, size_t digestLength) - {return m_hm.TruncatedVerify(digest, digestLength);} - -private: - T m_hm; - unsigned int m_digestSize; -}; - -typedef TruncatedHashTemplate<HashTransformation &> TruncatedHashModule; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/ttmac.cpp b/cryptopp562/ttmac.cpp deleted file mode 100644 index d4ff381..0000000 --- a/cryptopp562/ttmac.cpp +++ /dev/null @@ -1,338 +0,0 @@ -// ttmac.cpp - written and placed in the public domain by Kevin Springle - -#include "pch.h" -#include "ttmac.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -void TTMAC_Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &) -{ - AssertValidKeyLength(keylength); - - memcpy(m_key, userKey, KEYLENGTH); - CorrectEndianess(m_key, m_key, KEYLENGTH); - - Init(); -} - -void TTMAC_Base::Init() -{ - m_digest[0] = m_digest[5] = m_key[0]; - m_digest[1] = m_digest[6] = m_key[1]; - m_digest[2] = m_digest[7] = m_key[2]; - m_digest[3] = m_digest[8] = m_key[3]; - m_digest[4] = m_digest[9] = m_key[4]; -} - -void TTMAC_Base::TruncatedFinal(byte *hash, size_t size) -{ - PadLastBlock(BlockSize() - 2*sizeof(HashWordType)); - CorrectEndianess(m_data, m_data, BlockSize() - 2*sizeof(HashWordType)); - - m_data[m_data.size()-2] = GetBitCountLo(); - m_data[m_data.size()-1] = GetBitCountHi(); - - Transform(m_digest, m_data, true); - - word32 t2 = m_digest[2]; - word32 t3 = m_digest[3]; - if (size != DIGESTSIZE) - { - switch (size) - { - case 16: - m_digest[3] += m_digest[1] + m_digest[4]; - - case 12: - m_digest[2] += m_digest[0] + t3; - - case 8: - m_digest[0] += m_digest[1] + t3; - m_digest[1] += m_digest[4] + t2; - break; - - case 4: - m_digest[0] += - m_digest[1] + - m_digest[2] + - m_digest[3] + - m_digest[4]; - break; - - case 0: - // Used by HashTransformation::Restart() - break; - - default: - throw InvalidArgument("TTMAC_Base: can't truncate a Two-Track-MAC 20 byte digest to " + IntToString(size) + " bytes"); - break; - } - } - - CorrectEndianess(m_digest, m_digest, size); - memcpy(hash, m_digest, size); - - Restart(); // reinit for next use -} - -// RIPEMD-160 definitions used by Two-Track-MAC - -#define F(x, y, z) (x ^ y ^ z) -#define G(x, y, z) (z ^ (x & (y^z))) -#define H(x, y, z) (z ^ (x | ~y)) -#define I(x, y, z) (y ^ (z & (x^y))) -#define J(x, y, z) (x ^ (y | ~z)) - -#define k0 0 -#define k1 0x5a827999UL -#define k2 0x6ed9eba1UL -#define k3 0x8f1bbcdcUL -#define k4 0xa953fd4eUL -#define k5 0x50a28be6UL -#define k6 0x5c4dd124UL -#define k7 0x6d703ef3UL -#define k8 0x7a6d76e9UL -#define k9 0 - -void TTMAC_Base::Transform(word32 *digest, const word32 *X, bool last) -{ -#define Subround(f, a, b, c, d, e, x, s, k) \ - a += f(b, c, d) + x + k;\ - a = rotlFixed((word32)a, s) + e;\ - c = rotlFixed((word32)c, 10U) - - word32 a1, b1, c1, d1, e1, a2, b2, c2, d2, e2; - word32 *trackA, *trackB; - - if (!last) - { - trackA = digest; - trackB = digest+5; - } - else - { - trackB = digest; - trackA = digest+5; - } - a1 = trackA[0]; - b1 = trackA[1]; - c1 = trackA[2]; - d1 = trackA[3]; - e1 = trackA[4]; - a2 = trackB[0]; - b2 = trackB[1]; - c2 = trackB[2]; - d2 = trackB[3]; - e2 = trackB[4]; - - Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0); - Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0); - Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0); - Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0); - Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0); - Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0); - Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0); - Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0); - - Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1); - Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1); - Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1); - Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1); - Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1); - Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1); - Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1); - - Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2); - Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2); - Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2); - Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2); - Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2); - Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2); - Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2); - - Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3); - Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3); - Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3); - Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3); - Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3); - Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3); - Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3); - Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3); - - Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4); - Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4); - Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4); - Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4); - Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4); - Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4); - Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4); - Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4); - Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4); - - Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5); - Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5); - Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5); - Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5); - Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5); - Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5); - Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5); - Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5); - - Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6); - Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6); - Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6); - Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6); - Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6); - Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6); - Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6); - - Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7); - Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7); - Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7); - Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7); - Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7); - Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7); - - Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8); - Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8); - Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8); - Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8); - Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8); - Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8); - Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8); - Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8); - Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8); - Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8); - - Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9); - Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9); - Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9); - Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9); - Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9); - Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9); - Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9); - - a1 -= trackA[0]; - b1 -= trackA[1]; - c1 -= trackA[2]; - d1 -= trackA[3]; - e1 -= trackA[4]; - a2 -= trackB[0]; - b2 -= trackB[1]; - c2 -= trackB[2]; - d2 -= trackB[3]; - e2 -= trackB[4]; - - if (!last) - { - trackA[0] = (b1 + e1) - d2; - trackA[1] = c1 - e2; - trackA[2] = d1 - a2; - trackA[3] = e1 - b2; - trackA[4] = a1 - c2; - trackB[0] = d1 - e2; - trackB[1] = (e1 + c1) - a2; - trackB[2] = a1 - b2; - trackB[3] = b1 - c2; - trackB[4] = c1 - d2; - } - else - { - trackB[0] = a2 - a1; - trackB[1] = b2 - b1; - trackB[2] = c2 - c1; - trackB[3] = d2 - d1; - trackB[4] = e2 - e1; - trackA[0] = 0; - trackA[1] = 0; - trackA[2] = 0; - trackA[3] = 0; - trackA[4] = 0; - } -} - -NAMESPACE_END diff --git a/cryptopp562/ttmac.h b/cryptopp562/ttmac.h deleted file mode 100644 index b4bf86e..0000000 --- a/cryptopp562/ttmac.h +++ /dev/null @@ -1,38 +0,0 @@ -// ttmac.h - written and placed in the public domain by Kevin Springle - -#ifndef CRYPTOPP_TTMAC_H -#define CRYPTOPP_TTMAC_H - -#include "seckey.h" -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class CRYPTOPP_NO_VTABLE TTMAC_Base : public FixedKeyLength<20>, public IteratedHash<word32, LittleEndian, 64, MessageAuthenticationCode> -{ -public: - static std::string StaticAlgorithmName() {return std::string("Two-Track-MAC");} - CRYPTOPP_CONSTANT(DIGESTSIZE=20) - - unsigned int DigestSize() const {return DIGESTSIZE;}; - void UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms); - void TruncatedFinal(byte *mac, size_t size); - -protected: - static void Transform (word32 *digest, const word32 *X, bool last); - void HashEndianCorrectedBlock(const word32 *data) {Transform(m_digest, data, false);} - void Init(); - word32* StateBuf() {return m_digest;} - - FixedSizeSecBlock<word32, 10> m_digest; - FixedSizeSecBlock<word32, 5> m_key; -}; - -//! <a href="http://www.weidai.com/scan-mirror/mac.html#TTMAC">Two-Track-MAC</a> -/*! 160 Bit MAC with 160 Bit Key */ -DOCUMENTED_TYPEDEF(MessageAuthenticationCodeFinal<TTMAC_Base>, TTMAC) - -NAMESPACE_END - -#endif diff --git a/cryptopp562/twofish.cpp b/cryptopp562/twofish.cpp deleted file mode 100644 index 064f16c..0000000 --- a/cryptopp562/twofish.cpp +++ /dev/null @@ -1,168 +0,0 @@ -// twofish.cpp - modified by Wei Dai from Matthew Skala's twofish.c -// The original code and all modifications are in the public domain. - -#include "pch.h" -#include "twofish.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -// compute (c * x^4) mod (x^4 + (a + 1/a) * x^3 + a * x^2 + (a + 1/a) * x + 1) -// over GF(256) -static inline unsigned int Mod(unsigned int c) -{ - static const unsigned int modulus = 0x14d; - unsigned int c2 = (c<<1) ^ ((c & 0x80) ? modulus : 0); - unsigned int c1 = c2 ^ (c>>1) ^ ((c & 1) ? (modulus>>1) : 0); - return c | (c1 << 8) | (c2 << 16) | (c1 << 24); -} - -// compute RS(12,8) code with the above polynomial as generator -// this is equivalent to multiplying by the RS matrix -static word32 ReedSolomon(word32 high, word32 low) -{ - for (unsigned int i=0; i<8; i++) - { - high = Mod(high>>24) ^ (high<<8) ^ (low>>24); - low <<= 8; - } - return high; -} - -inline word32 Twofish::Base::h0(word32 x, const word32 *key, unsigned int kLen) -{ - x = x | (x<<8) | (x<<16) | (x<<24); - switch(kLen) - { -#define Q(a, b, c, d, t) q[a][GETBYTE(t,0)] ^ (q[b][GETBYTE(t,1)] << 8) ^ (q[c][GETBYTE(t,2)] << 16) ^ (q[d][GETBYTE(t,3)] << 24) - case 4: x = Q(1, 0, 0, 1, x) ^ key[6]; - case 3: x = Q(1, 1, 0, 0, x) ^ key[4]; - case 2: x = Q(0, 1, 0, 1, x) ^ key[2]; - x = Q(0, 0, 1, 1, x) ^ key[0]; - } - return x; -} - -inline word32 Twofish::Base::h(word32 x, const word32 *key, unsigned int kLen) -{ - x = h0(x, key, kLen); - return mds[0][GETBYTE(x,0)] ^ mds[1][GETBYTE(x,1)] ^ mds[2][GETBYTE(x,2)] ^ mds[3][GETBYTE(x,3)]; -} - -void Twofish::Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &) -{ - AssertValidKeyLength(keylength); - - unsigned int len = (keylength <= 16 ? 2 : (keylength <= 24 ? 3 : 4)); - SecBlock<word32> key(len*2); - GetUserKey(LITTLE_ENDIAN_ORDER, key.begin(), len*2, userKey, keylength); - - unsigned int i; - for (i=0; i<40; i+=2) - { - word32 a = h(i, key, len); - word32 b = rotlFixed(h(i+1, key+1, len), 8); - m_k[i] = a+b; - m_k[i+1] = rotlFixed(a+2*b, 9); - } - - SecBlock<word32> svec(2*len); - for (i=0; i<len; i++) - svec[2*(len-i-1)] = ReedSolomon(key[2*i+1], key[2*i]); - for (i=0; i<256; i++) - { - word32 t = h0(i, svec, len); - m_s[0*256+i] = mds[0][GETBYTE(t, 0)]; - m_s[1*256+i] = mds[1][GETBYTE(t, 1)]; - m_s[2*256+i] = mds[2][GETBYTE(t, 2)]; - m_s[3*256+i] = mds[3][GETBYTE(t, 3)]; - } -} - -#define G1(x) (m_s[0*256+GETBYTE(x,0)] ^ m_s[1*256+GETBYTE(x,1)] ^ m_s[2*256+GETBYTE(x,2)] ^ m_s[3*256+GETBYTE(x,3)]) -#define G2(x) (m_s[0*256+GETBYTE(x,3)] ^ m_s[1*256+GETBYTE(x,0)] ^ m_s[2*256+GETBYTE(x,1)] ^ m_s[3*256+GETBYTE(x,2)]) - -#define ENCROUND(n, a, b, c, d) \ - x = G1 (a); y = G2 (b); \ - x += y; y += x + k[2 * (n) + 1]; \ - (c) ^= x + k[2 * (n)]; \ - (c) = rotrFixed(c, 1); \ - (d) = rotlFixed(d, 1) ^ y - -#define ENCCYCLE(n) \ - ENCROUND (2 * (n), a, b, c, d); \ - ENCROUND (2 * (n) + 1, c, d, a, b) - -#define DECROUND(n, a, b, c, d) \ - x = G1 (a); y = G2 (b); \ - x += y; y += x; \ - (d) ^= y + k[2 * (n) + 1]; \ - (d) = rotrFixed(d, 1); \ - (c) = rotlFixed(c, 1); \ - (c) ^= (x + k[2 * (n)]) - -#define DECCYCLE(n) \ - DECROUND (2 * (n) + 1, c, d, a, b); \ - DECROUND (2 * (n), a, b, c, d) - -typedef BlockGetAndPut<word32, LittleEndian> Block; - -void Twofish::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 x, y, a, b, c, d; - - Block::Get(inBlock)(a)(b)(c)(d); - - a ^= m_k[0]; - b ^= m_k[1]; - c ^= m_k[2]; - d ^= m_k[3]; - - const word32 *k = m_k+8; - ENCCYCLE (0); - ENCCYCLE (1); - ENCCYCLE (2); - ENCCYCLE (3); - ENCCYCLE (4); - ENCCYCLE (5); - ENCCYCLE (6); - ENCCYCLE (7); - - c ^= m_k[4]; - d ^= m_k[5]; - a ^= m_k[6]; - b ^= m_k[7]; - - Block::Put(xorBlock, outBlock)(c)(d)(a)(b); -} - -void Twofish::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const -{ - word32 x, y, a, b, c, d; - - Block::Get(inBlock)(c)(d)(a)(b); - - c ^= m_k[4]; - d ^= m_k[5]; - a ^= m_k[6]; - b ^= m_k[7]; - - const word32 *k = m_k+8; - DECCYCLE (7); - DECCYCLE (6); - DECCYCLE (5); - DECCYCLE (4); - DECCYCLE (3); - DECCYCLE (2); - DECCYCLE (1); - DECCYCLE (0); - - a ^= m_k[0]; - b ^= m_k[1]; - c ^= m_k[2]; - d ^= m_k[3]; - - Block::Put(xorBlock, outBlock)(a)(b)(c)(d); -} - -NAMESPACE_END diff --git a/cryptopp562/twofish.h b/cryptopp562/twofish.h deleted file mode 100644 index 9ba2903..0000000 --- a/cryptopp562/twofish.h +++ /dev/null @@ -1,59 +0,0 @@ -#ifndef CRYPTOPP_TWOFISH_H -#define CRYPTOPP_TWOFISH_H - -/** \file -*/ - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -struct Twofish_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 0, 32>, FixedRounds<16> -{ - static const char *StaticAlgorithmName() {return "Twofish";} -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#Twofish">Twofish</a> -class Twofish : public Twofish_Info, public BlockCipherDocumentation -{ - class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<Twofish_Info> - { - public: - void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); - - protected: - static word32 h0(word32 x, const word32 *key, unsigned int kLen); - static word32 h(word32 x, const word32 *key, unsigned int kLen); - - static const byte q[2][256]; - static const word32 mds[4][256]; - - FixedSizeSecBlock<word32, 40> m_k; - FixedSizeSecBlock<word32, 4*256> m_s; - }; - - class CRYPTOPP_NO_VTABLE Enc : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - - class CRYPTOPP_NO_VTABLE Dec : public Base - { - public: - void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; - }; - -public: - typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption; - typedef BlockCipherFinal<DECRYPTION, Dec> Decryption; -}; - -typedef Twofish::Encryption TwofishEncryption; -typedef Twofish::Decryption TwofishDecryption; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/validat1.cpp b/cryptopp562/validat1.cpp deleted file mode 100644 index a40816b..0000000 --- a/cryptopp562/validat1.cpp +++ /dev/null @@ -1,1409 +0,0 @@ -// validat1.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "files.h" -#include "hex.h" -#include "base32.h" -#include "base64.h" -#include "modes.h" -#include "cbcmac.h" -#include "dmac.h" -#include "idea.h" -#include "des.h" -#include "rc2.h" -#include "arc4.h" -#include "rc5.h" -#include "blowfish.h" -#include "3way.h" -#include "safer.h" -#include "gost.h" -#include "shark.h" -#include "cast.h" -#include "square.h" -#include "seal.h" -#include "rc6.h" -#include "mars.h" -#include "rijndael.h" -#include "twofish.h" -#include "serpent.h" -#include "skipjack.h" -#include "shacal2.h" -#include "camellia.h" -#include "osrng.h" -#include "zdeflate.h" -#include "cpu.h" - -#include <time.h> -#include <memory> -#include <iostream> -#include <iomanip> - -#include "validate.h" - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -bool ValidateAll(bool thorough) -{ - bool pass=TestSettings(); - pass=TestOS_RNG() && pass; - - pass=ValidateCRC32() && pass; - pass=ValidateAdler32() && pass; - pass=ValidateMD2() && pass; - pass=ValidateMD5() && pass; - pass=ValidateSHA() && pass; - pass=RunTestDataFile("TestVectors/sha3.txt") && pass; - pass=ValidateTiger() && pass; - pass=ValidateRIPEMD() && pass; - pass=ValidatePanama() && pass; - pass=ValidateWhirlpool() && pass; - - pass=ValidateHMAC() && pass; - pass=ValidateTTMAC() && pass; - - pass=ValidatePBKDF() && pass; - - pass=ValidateDES() && pass; - pass=ValidateCipherModes() && pass; - pass=ValidateIDEA() && pass; - pass=ValidateSAFER() && pass; - pass=ValidateRC2() && pass; - pass=ValidateARC4() && pass; - pass=ValidateRC5() && pass; - pass=ValidateBlowfish() && pass; - pass=ValidateThreeWay() && pass; - pass=ValidateGOST() && pass; - pass=ValidateSHARK() && pass; - pass=ValidateCAST() && pass; - pass=ValidateSquare() && pass; - pass=ValidateSKIPJACK() && pass; - pass=ValidateSEAL() && pass; - pass=ValidateRC6() && pass; - pass=ValidateMARS() && pass; - pass=ValidateRijndael() && pass; - pass=ValidateTwofish() && pass; - pass=ValidateSerpent() && pass; - pass=ValidateSHACAL2() && pass; - pass=ValidateCamellia() && pass; - pass=ValidateSalsa() && pass; - pass=ValidateSosemanuk() && pass; - pass=ValidateVMAC() && pass; - pass=ValidateCCM() && pass; - pass=ValidateGCM() && pass; - pass=ValidateCMAC() && pass; - pass=RunTestDataFile("TestVectors/eax.txt") && pass; - pass=RunTestDataFile("TestVectors/seed.txt") && pass; - - pass=ValidateBBS() && pass; - pass=ValidateDH() && pass; - pass=ValidateMQV() && pass; - pass=ValidateRSA() && pass; - pass=ValidateElGamal() && pass; - pass=ValidateDLIES() && pass; - pass=ValidateNR() && pass; - pass=ValidateDSA(thorough) && pass; - pass=ValidateLUC() && pass; - pass=ValidateLUC_DH() && pass; - pass=ValidateLUC_DL() && pass; - pass=ValidateXTR_DH() && pass; - pass=ValidateRabin() && pass; - pass=ValidateRW() && pass; -// pass=ValidateBlumGoldwasser() && pass; - pass=ValidateECP() && pass; - pass=ValidateEC2N() && pass; - pass=ValidateECDSA() && pass; - pass=ValidateESIGN() && pass; - - if (pass) - cout << "\nAll tests passed!\n"; - else - cout << "\nOops! Not all tests passed.\n"; - - return pass; -} - -bool TestSettings() -{ - bool pass = true; - - cout << "\nTesting Settings...\n\n"; - - word32 w; - memcpy_s(&w, sizeof(w), "\x01\x02\x03\x04", 4); - - if (w == 0x04030201L) - { -#ifdef IS_LITTLE_ENDIAN - cout << "passed: "; -#else - cout << "FAILED: "; - pass = false; -#endif - cout << "Your machine is little endian.\n"; - } - else if (w == 0x01020304L) - { -#ifndef IS_LITTLE_ENDIAN - cout << "passed: "; -#else - cout << "FAILED: "; - pass = false; -#endif - cout << "Your machine is big endian.\n"; - } - else - { - cout << "FAILED: Your machine is neither big endian nor little endian.\n"; - pass = false; - } - -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - byte testvals[10] = {1,2,2,3,3,3,3,2,2,1}; - if (*(word32 *)(testvals+3) == 0x03030303 && *(word64 *)(testvals+1) == W64LIT(0x0202030303030202)) - cout << "passed: Your machine allows unaligned data access.\n"; - else - { - cout << "FAILED: Unaligned data access gave incorrect results.\n"; - pass = false; - } -#else - cout << "passed: CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is not defined. Will restrict to aligned data access.\n"; -#endif - - if (sizeof(byte) == 1) - cout << "passed: "; - else - { - cout << "FAILED: "; - pass = false; - } - cout << "sizeof(byte) == " << sizeof(byte) << endl; - - if (sizeof(word16) == 2) - cout << "passed: "; - else - { - cout << "FAILED: "; - pass = false; - } - cout << "sizeof(word16) == " << sizeof(word16) << endl; - - if (sizeof(word32) == 4) - cout << "passed: "; - else - { - cout << "FAILED: "; - pass = false; - } - cout << "sizeof(word32) == " << sizeof(word32) << endl; - - if (sizeof(word64) == 8) - cout << "passed: "; - else - { - cout << "FAILED: "; - pass = false; - } - cout << "sizeof(word64) == " << sizeof(word64) << endl; - -#ifdef CRYPTOPP_WORD128_AVAILABLE - if (sizeof(word128) == 16) - cout << "passed: "; - else - { - cout << "FAILED: "; - pass = false; - } - cout << "sizeof(word128) == " << sizeof(word128) << endl; -#endif - - if (sizeof(word) == 2*sizeof(hword) -#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - && sizeof(dword) == 2*sizeof(word) -#endif - ) - cout << "passed: "; - else - { - cout << "FAILED: "; - pass = false; - } - cout << "sizeof(hword) == " << sizeof(hword) << ", sizeof(word) == " << sizeof(word); -#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - cout << ", sizeof(dword) == " << sizeof(dword); -#endif - cout << endl; - -#ifdef CRYPTOPP_CPUID_AVAILABLE - bool hasMMX = HasMMX(); - bool hasISSE = HasISSE(); - bool hasSSE2 = HasSSE2(); - bool hasSSSE3 = HasSSSE3(); - bool isP4 = IsP4(); - int cacheLineSize = GetCacheLineSize(); - - if ((isP4 && (!hasMMX || !hasSSE2)) || (hasSSE2 && !hasMMX) || (cacheLineSize < 16 || cacheLineSize > 256 || !IsPowerOf2(cacheLineSize))) - { - cout << "FAILED: "; - pass = false; - } - else - cout << "passed: "; - - cout << "hasMMX == " << hasMMX << ", hasISSE == " << hasISSE << ", hasSSE2 == " << hasSSE2 << ", hasSSSE3 == " << hasSSSE3 << ", hasAESNI == " << HasAESNI() << ", hasCLMUL == " << HasCLMUL() << ", isP4 == " << isP4 << ", cacheLineSize == " << cacheLineSize; - cout << ", AESNI_INTRINSICS == " << CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE << endl; -#endif - - if (!pass) - { - cout << "Some critical setting in config.h is in error. Please fix it and recompile." << endl; - abort(); - } - return pass; -} - -bool TestOS_RNG() -{ - bool pass = true; - - member_ptr<RandomNumberGenerator> rng; -#ifdef BLOCKING_RNG_AVAILABLE - try {rng.reset(new BlockingRng);} - catch (OS_RNG_Err &) {} -#endif - - if (rng.get()) - { - cout << "\nTesting operating system provided blocking random number generator...\n\n"; - - ArraySink *sink; - RandomNumberSource test(*rng, UINT_MAX, false, new Deflator(sink=new ArraySink(NULL,0))); - unsigned long total=0, length=0; - time_t t = time(NULL), t1 = 0; - - // check that it doesn't take too long to generate a reasonable amount of randomness - while (total < 16 && (t1 < 10 || total*8 > (unsigned long)t1)) - { - test.Pump(1); - total += 1; - t1 = time(NULL) - t; - } - - if (total < 16) - { - cout << "FAILED:"; - pass = false; - } - else - cout << "passed:"; - cout << " it took " << long(t1) << " seconds to generate " << total << " bytes" << endl; - -#if 0 // disable this part. it's causing an unpredictable pause during the validation testing - if (t1 < 2) - { - // that was fast, are we really blocking? - // first exhaust the extropy reserve - t = time(NULL); - while (time(NULL) - t < 2) - { - test.Pump(1); - total += 1; - } - - // if it generates too many bytes in a certain amount of time, - // something's probably wrong - t = time(NULL); - while (time(NULL) - t < 2) - { - test.Pump(1); - total += 1; - length += 1; - } - if (length > 1024) - { - cout << "FAILED:"; - pass = false; - } - else - cout << "passed:"; - cout << " it generated " << length << " bytes in " << long(time(NULL) - t) << " seconds" << endl; - } -#endif - - test.AttachedTransformation()->MessageEnd(); - - if (sink->TotalPutLength() < total) - { - cout << "FAILED:"; - pass = false; - } - else - cout << "passed:"; - cout << " " << total << " generated bytes compressed to " << (size_t)sink->TotalPutLength() << " bytes by DEFLATE" << endl; - } - else - cout << "\nNo operating system provided blocking random number generator, skipping test." << endl; - - rng.reset(NULL); -#ifdef NONBLOCKING_RNG_AVAILABLE - try {rng.reset(new NonblockingRng);} - catch (OS_RNG_Err &) {} -#endif - - if (rng.get()) - { - cout << "\nTesting operating system provided nonblocking random number generator...\n\n"; - - ArraySink *sink; - RandomNumberSource test(*rng, 100000, true, new Deflator(sink=new ArraySink(NULL, 0))); - - if (sink->TotalPutLength() < 100000) - { - cout << "FAILED:"; - pass = false; - } - else - cout << "passed:"; - cout << " 100000 generated bytes compressed to " << (size_t)sink->TotalPutLength() << " bytes by DEFLATE" << endl; - } - else - cout << "\nNo operating system provided nonblocking random number generator, skipping test." << endl; - - return pass; -} - -// VC50 workaround -typedef auto_ptr<BlockTransformation> apbt; - -class CipherFactory -{ -public: - virtual unsigned int BlockSize() const =0; - virtual unsigned int KeyLength() const =0; - - virtual apbt NewEncryption(const byte *key) const =0; - virtual apbt NewDecryption(const byte *key) const =0; -}; - -template <class E, class D> class FixedRoundsCipherFactory : public CipherFactory -{ -public: - FixedRoundsCipherFactory(unsigned int keylen=0) : m_keylen(keylen?keylen:E::DEFAULT_KEYLENGTH) {} - unsigned int BlockSize() const {return E::BLOCKSIZE;} - unsigned int KeyLength() const {return m_keylen;} - - apbt NewEncryption(const byte *key) const - {return apbt(new E(key, m_keylen));} - apbt NewDecryption(const byte *key) const - {return apbt(new D(key, m_keylen));} - - unsigned int m_keylen; -}; - -template <class E, class D> class VariableRoundsCipherFactory : public CipherFactory -{ -public: - VariableRoundsCipherFactory(unsigned int keylen=0, unsigned int rounds=0) - : m_keylen(keylen ? keylen : E::DEFAULT_KEYLENGTH), m_rounds(rounds ? rounds : E::DEFAULT_ROUNDS) {} - unsigned int BlockSize() const {return E::BLOCKSIZE;} - unsigned int KeyLength() const {return m_keylen;} - - apbt NewEncryption(const byte *key) const - {return apbt(new E(key, m_keylen, m_rounds));} - apbt NewDecryption(const byte *key) const - {return apbt(new D(key, m_keylen, m_rounds));} - - unsigned int m_keylen, m_rounds; -}; - -bool BlockTransformationTest(const CipherFactory &cg, BufferedTransformation &valdata, unsigned int tuples = 0xffff) -{ - HexEncoder output(new FileSink(cout)); - SecByteBlock plain(cg.BlockSize()), cipher(cg.BlockSize()), out(cg.BlockSize()), outplain(cg.BlockSize()); - SecByteBlock key(cg.KeyLength()); - bool pass=true, fail; - - while (valdata.MaxRetrievable() && tuples--) - { - valdata.Get(key, cg.KeyLength()); - valdata.Get(plain, cg.BlockSize()); - valdata.Get(cipher, cg.BlockSize()); - - apbt transE = cg.NewEncryption(key); - transE->ProcessBlock(plain, out); - fail = memcmp(out, cipher, cg.BlockSize()) != 0; - - apbt transD = cg.NewDecryption(key); - transD->ProcessBlock(out, outplain); - fail=fail || memcmp(outplain, plain, cg.BlockSize()); - - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - output.Put(key, cg.KeyLength()); - cout << " "; - output.Put(outplain, cg.BlockSize()); - cout << " "; - output.Put(out, cg.BlockSize()); - cout << endl; - } - return pass; -} - -class FilterTester : public Unflushable<Sink> -{ -public: - FilterTester(const byte *validOutput, size_t outputLen) - : validOutput(validOutput), outputLen(outputLen), counter(0), fail(false) {} - void PutByte(byte inByte) - { - if (counter >= outputLen || validOutput[counter] != inByte) - { - std::cerr << "incorrect output " << counter << ", " << (word16)validOutput[counter] << ", " << (word16)inByte << "\n"; - fail = true; - assert(false); - } - counter++; - } - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) - { - while (length--) - FilterTester::PutByte(*inString++); - - if (messageEnd) - if (counter != outputLen) - { - fail = true; - assert(false); - } - - return 0; - } - bool GetResult() - { - return !fail; - } - - const byte *validOutput; - size_t outputLen, counter; - bool fail; -}; - -bool TestFilter(BufferedTransformation &bt, const byte *in, size_t inLen, const byte *out, size_t outLen) -{ - FilterTester *ft; - bt.Attach(ft = new FilterTester(out, outLen)); - - while (inLen) - { - size_t randomLen = GlobalRNG().GenerateWord32(0, (word32)inLen); - bt.Put(in, randomLen); - in += randomLen; - inLen -= randomLen; - } - bt.MessageEnd(); - return ft->GetResult(); -} - -bool ValidateDES() -{ - cout << "\nDES validation suite running...\n\n"; - - FileSource valdata("TestData/descert.dat", true, new HexDecoder); - bool pass = BlockTransformationTest(FixedRoundsCipherFactory<DESEncryption, DESDecryption>(), valdata); - - cout << "\nTesting EDE2, EDE3, and XEX3 variants...\n\n"; - - FileSource valdata1("TestData/3desval.dat", true, new HexDecoder); - pass = BlockTransformationTest(FixedRoundsCipherFactory<DES_EDE2_Encryption, DES_EDE2_Decryption>(), valdata1, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<DES_EDE3_Encryption, DES_EDE3_Decryption>(), valdata1, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<DES_XEX3_Encryption, DES_XEX3_Decryption>(), valdata1, 1) && pass; - - return pass; -} - -bool TestModeIV(SymmetricCipher &e, SymmetricCipher &d) -{ - SecByteBlock lastIV, iv(e.IVSize()); - StreamTransformationFilter filter(e, new StreamTransformationFilter(d)); - byte plaintext[20480]; - - for (unsigned int i=1; i<sizeof(plaintext); i*=2) - { - e.GetNextIV(GlobalRNG(), iv); - if (iv == lastIV) - return false; - else - lastIV = iv; - - e.Resynchronize(iv); - d.Resynchronize(iv); - - unsigned int length = STDMAX(GlobalRNG().GenerateWord32(0, i), (word32)e.MinLastBlockSize()); - GlobalRNG().GenerateBlock(plaintext, length); - - if (!TestFilter(filter, plaintext, length, plaintext, length)) - return false; - } - - return true; -} - -bool ValidateCipherModes() -{ - cout << "\nTesting DES modes...\n\n"; - const byte key[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; - const byte iv[] = {0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; - const byte plain[] = { // "Now is the time for all " without tailing 0 - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20}; - DESEncryption desE(key); - DESDecryption desD(key); - bool pass=true, fail; - - { - // from FIPS 81 - const byte encrypted[] = { - 0x3f, 0xa4, 0x0e, 0x8a, 0x98, 0x4d, 0x48, 0x15, - 0x6a, 0x27, 0x17, 0x87, 0xab, 0x88, 0x83, 0xf9, - 0x89, 0x3d, 0x51, 0xec, 0x4b, 0x56, 0x3b, 0x53}; - - ECB_Mode_ExternalCipher::Encryption modeE(desE); - fail = !TestFilter(StreamTransformationFilter(modeE, NULL, StreamTransformationFilter::NO_PADDING).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "ECB encryption" << endl; - - ECB_Mode_ExternalCipher::Decryption modeD(desD); - fail = !TestFilter(StreamTransformationFilter(modeD, NULL, StreamTransformationFilter::NO_PADDING).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "ECB decryption" << endl; - } - { - // from FIPS 81 - const byte encrypted[] = { - 0xE5, 0xC7, 0xCD, 0xDE, 0x87, 0x2B, 0xF2, 0x7C, - 0x43, 0xE9, 0x34, 0x00, 0x8C, 0x38, 0x9C, 0x0F, - 0x68, 0x37, 0x88, 0x49, 0x9A, 0x7C, 0x05, 0xF6}; - - CBC_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE, NULL, StreamTransformationFilter::NO_PADDING).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC encryption with no padding" << endl; - - CBC_Mode_ExternalCipher::Decryption modeD(desD, iv); - fail = !TestFilter(StreamTransformationFilter(modeD, NULL, StreamTransformationFilter::NO_PADDING).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC decryption with no padding" << endl; - - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC mode IV generation" << endl; - } - { - // generated with Crypto++, matches FIPS 81 - // but has extra 8 bytes as result of padding - const byte encrypted[] = { - 0xE5, 0xC7, 0xCD, 0xDE, 0x87, 0x2B, 0xF2, 0x7C, - 0x43, 0xE9, 0x34, 0x00, 0x8C, 0x38, 0x9C, 0x0F, - 0x68, 0x37, 0x88, 0x49, 0x9A, 0x7C, 0x05, 0xF6, - 0x62, 0xC1, 0x6A, 0x27, 0xE4, 0xFC, 0xF2, 0x77}; - - CBC_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC encryption with PKCS #7 padding" << endl; - - CBC_Mode_ExternalCipher::Decryption modeD(desD, iv); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC decryption with PKCS #7 padding" << endl; - } - { - // generated with Crypto++ 5.2, matches FIPS 81 - // but has extra 8 bytes as result of padding - const byte encrypted[] = { - 0xE5, 0xC7, 0xCD, 0xDE, 0x87, 0x2B, 0xF2, 0x7C, - 0x43, 0xE9, 0x34, 0x00, 0x8C, 0x38, 0x9C, 0x0F, - 0x68, 0x37, 0x88, 0x49, 0x9A, 0x7C, 0x05, 0xF6, - 0xcf, 0xb7, 0xc7, 0x64, 0x0e, 0x7c, 0xd9, 0xa7}; - - CBC_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE, NULL, StreamTransformationFilter::ONE_AND_ZEROS_PADDING).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC encryption with one-and-zeros padding" << endl; - - CBC_Mode_ExternalCipher::Decryption modeD(desD, iv); - fail = !TestFilter(StreamTransformationFilter(modeD, NULL, StreamTransformationFilter::ONE_AND_ZEROS_PADDING).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC decryption with one-and-zeros padding" << endl; - } - { - const byte plain[] = {'a', 0, 0, 0, 0, 0, 0, 0}; - // generated with Crypto++ - const byte encrypted[] = { - 0x9B, 0x47, 0x57, 0x59, 0xD6, 0x9C, 0xF6, 0xD0}; - - CBC_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE, NULL, StreamTransformationFilter::ZEROS_PADDING).Ref(), - plain, 1, encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC encryption with zeros padding" << endl; - - CBC_Mode_ExternalCipher::Decryption modeD(desD, iv); - fail = !TestFilter(StreamTransformationFilter(modeD, NULL, StreamTransformationFilter::ZEROS_PADDING).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC decryption with zeros padding" << endl; - } - { - // generated with Crypto++, matches FIPS 81 - // but with last two blocks swapped as result of CTS - const byte encrypted[] = { - 0xE5, 0xC7, 0xCD, 0xDE, 0x87, 0x2B, 0xF2, 0x7C, - 0x68, 0x37, 0x88, 0x49, 0x9A, 0x7C, 0x05, 0xF6, - 0x43, 0xE9, 0x34, 0x00, 0x8C, 0x38, 0x9C, 0x0F}; - - CBC_CTS_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC encryption with ciphertext stealing (CTS)" << endl; - - CBC_CTS_Mode_ExternalCipher::Decryption modeD(desD, iv); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC decryption with ciphertext stealing (CTS)" << endl; - - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC CTS IV generation" << endl; - } - { - // generated with Crypto++ - const byte decryptionIV[] = {0x4D, 0xD0, 0xAC, 0x8F, 0x47, 0xCF, 0x79, 0xCE}; - const byte encrypted[] = {0x12, 0x34, 0x56}; - - byte stolenIV[8]; - - CBC_CTS_Mode_ExternalCipher::Encryption modeE(desE, iv); - modeE.SetStolenIV(stolenIV); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, 3, encrypted, sizeof(encrypted)); - fail = memcmp(stolenIV, decryptionIV, 8) != 0 || fail; - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC encryption with ciphertext and IV stealing" << endl; - - CBC_CTS_Mode_ExternalCipher::Decryption modeD(desD, stolenIV); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, 3); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC decryption with ciphertext and IV stealing" << endl; - } - { - const byte encrypted[] = { // from FIPS 81 - 0xF3,0x09,0x62,0x49,0xC7,0xF4,0x6E,0x51, - 0xA6,0x9E,0x83,0x9B,0x1A,0x92,0xF7,0x84, - 0x03,0x46,0x71,0x33,0x89,0x8E,0xA6,0x22}; - - CFB_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CFB encryption" << endl; - - CFB_Mode_ExternalCipher::Decryption modeD(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CFB decryption" << endl; - - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CFB mode IV generation" << endl; - } - { - const byte plain[] = { // "Now is the." without tailing 0 - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,0x68,0x65}; - const byte encrypted[] = { // from FIPS 81 - 0xf3,0x1f,0xda,0x07,0x01,0x14,0x62,0xee,0x18,0x7f}; - - CFB_Mode_ExternalCipher::Encryption modeE(desE, iv, 1); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CFB (8-bit feedback) encryption" << endl; - - CFB_Mode_ExternalCipher::Decryption modeD(desE, iv, 1); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CFB (8-bit feedback) decryption" << endl; - - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CFB (8-bit feedback) IV generation" << endl; - } - { - const byte encrypted[] = { // from Eric Young's libdes - 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51, - 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f, - 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3}; - - OFB_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "OFB encryption" << endl; - - OFB_Mode_ExternalCipher::Decryption modeD(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "OFB decryption" << endl; - - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "OFB IV generation" << endl; - } - { - const byte encrypted[] = { // generated with Crypto++ - 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, - 0x16, 0x3A, 0x8C, 0xA0, 0xFF, 0xC9, 0x4C, 0x27, - 0xFA, 0x2F, 0x80, 0xF4, 0x80, 0xB8, 0x6F, 0x75}; - - CTR_Mode_ExternalCipher::Encryption modeE(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeE).Ref(), - plain, sizeof(plain), encrypted, sizeof(encrypted)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "Counter Mode encryption" << endl; - - CTR_Mode_ExternalCipher::Decryption modeD(desE, iv); - fail = !TestFilter(StreamTransformationFilter(modeD).Ref(), - encrypted, sizeof(encrypted), plain, sizeof(plain)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "Counter Mode decryption" << endl; - - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "Counter Mode IV generation" << endl; - } - { - const byte plain[] = { // "7654321 Now is the time for " - 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20, - 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, - 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, - 0x66, 0x6f, 0x72, 0x20}; - const byte mac1[] = { // from FIPS 113 - 0xf1, 0xd3, 0x0f, 0x68, 0x49, 0x31, 0x2c, 0xa4}; - const byte mac2[] = { // generated with Crypto++ - 0x35, 0x80, 0xC5, 0xC4, 0x6B, 0x81, 0x24, 0xE2}; - - CBC_MAC<DES> cbcmac(key); - HashFilter cbcmacFilter(cbcmac); - fail = !TestFilter(cbcmacFilter, plain, sizeof(plain), mac1, sizeof(mac1)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "CBC MAC" << endl; - - DMAC<DES> dmac(key); - HashFilter dmacFilter(dmac); - fail = !TestFilter(dmacFilter, plain, sizeof(plain), mac2, sizeof(mac2)); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "DMAC" << endl; - } - { - CTR_Mode<AES>::Encryption modeE(plain, 16, plain); - CTR_Mode<AES>::Decryption modeD(plain, 16, plain); - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "AES CTR Mode" << endl; - } - { - OFB_Mode<AES>::Encryption modeE(plain, 16, plain); - OFB_Mode<AES>::Decryption modeD(plain, 16, plain); - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "AES OFB Mode" << endl; - } - { - CFB_Mode<AES>::Encryption modeE(plain, 16, plain); - CFB_Mode<AES>::Decryption modeD(plain, 16, plain); - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "AES CFB Mode" << endl; - } - { - CBC_Mode<AES>::Encryption modeE(plain, 16, plain); - CBC_Mode<AES>::Decryption modeD(plain, 16, plain); - fail = !TestModeIV(modeE, modeD); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed ") << "AES CBC Mode" << endl; - } - - return pass; -} - -bool ValidateIDEA() -{ - cout << "\nIDEA validation suite running...\n\n"; - - FileSource valdata("TestData/ideaval.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory<IDEAEncryption, IDEADecryption>(), valdata); -} - -bool ValidateSAFER() -{ - cout << "\nSAFER validation suite running...\n\n"; - - FileSource valdata("TestData/saferval.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(VariableRoundsCipherFactory<SAFER_K_Encryption, SAFER_K_Decryption>(8,6), valdata, 4) && pass; - pass = BlockTransformationTest(VariableRoundsCipherFactory<SAFER_K_Encryption, SAFER_K_Decryption>(16,12), valdata, 4) && pass; - pass = BlockTransformationTest(VariableRoundsCipherFactory<SAFER_SK_Encryption, SAFER_SK_Decryption>(8,6), valdata, 4) && pass; - pass = BlockTransformationTest(VariableRoundsCipherFactory<SAFER_SK_Encryption, SAFER_SK_Decryption>(16,10), valdata, 4) && pass; - return pass; -} - -bool ValidateRC2() -{ - cout << "\nRC2 validation suite running...\n\n"; - - FileSource valdata("TestData/rc2val.dat", true, new HexDecoder); - HexEncoder output(new FileSink(cout)); - SecByteBlock plain(RC2Encryption::BLOCKSIZE), cipher(RC2Encryption::BLOCKSIZE), out(RC2Encryption::BLOCKSIZE), outplain(RC2Encryption::BLOCKSIZE); - SecByteBlock key(128); - bool pass=true, fail; - - while (valdata.MaxRetrievable()) - { - byte keyLen, effectiveLen; - - valdata.Get(keyLen); - valdata.Get(effectiveLen); - valdata.Get(key, keyLen); - valdata.Get(plain, RC2Encryption::BLOCKSIZE); - valdata.Get(cipher, RC2Encryption::BLOCKSIZE); - - apbt transE(new RC2Encryption(key, keyLen, effectiveLen)); - transE->ProcessBlock(plain, out); - fail = memcmp(out, cipher, RC2Encryption::BLOCKSIZE) != 0; - - apbt transD(new RC2Decryption(key, keyLen, effectiveLen)); - transD->ProcessBlock(out, outplain); - fail=fail || memcmp(outplain, plain, RC2Encryption::BLOCKSIZE); - - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - output.Put(key, keyLen); - cout << " "; - output.Put(outplain, RC2Encryption::BLOCKSIZE); - cout << " "; - output.Put(out, RC2Encryption::BLOCKSIZE); - cout << endl; - } - return pass; -} - -bool ValidateARC4() -{ - unsigned char Key0[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef }; - unsigned char Input0[]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; - unsigned char Output0[] = {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96}; - - unsigned char Key1[]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; - unsigned char Input1[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - unsigned char Output1[]={0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79}; - - unsigned char Key2[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - unsigned char Input2[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - unsigned char Output2[]={0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a}; - - unsigned char Key3[]={0xef,0x01,0x23,0x45}; - unsigned char Input3[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - unsigned char Output3[]={0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61}; - - unsigned char Key4[]={ 0x01,0x23,0x45,0x67,0x89,0xab, 0xcd,0xef }; - unsigned char Input4[] = - {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01}; - unsigned char Output4[]= { - 0x75,0x95,0xc3,0xe6,0x11,0x4a,0x09,0x78,0x0c,0x4a,0xd4, - 0x52,0x33,0x8e,0x1f,0xfd,0x9a,0x1b,0xe9,0x49,0x8f, - 0x81,0x3d,0x76,0x53,0x34,0x49,0xb6,0x77,0x8d,0xca, - 0xd8,0xc7,0x8a,0x8d,0x2b,0xa9,0xac,0x66,0x08,0x5d, - 0x0e,0x53,0xd5,0x9c,0x26,0xc2,0xd1,0xc4,0x90,0xc1, - 0xeb,0xbe,0x0c,0xe6,0x6d,0x1b,0x6b,0x1b,0x13,0xb6, - 0xb9,0x19,0xb8,0x47,0xc2,0x5a,0x91,0x44,0x7a,0x95, - 0xe7,0x5e,0x4e,0xf1,0x67,0x79,0xcd,0xe8,0xbf,0x0a, - 0x95,0x85,0x0e,0x32,0xaf,0x96,0x89,0x44,0x4f,0xd3, - 0x77,0x10,0x8f,0x98,0xfd,0xcb,0xd4,0xe7,0x26,0x56, - 0x75,0x00,0x99,0x0b,0xcc,0x7e,0x0c,0xa3,0xc4,0xaa, - 0xa3,0x04,0xa3,0x87,0xd2,0x0f,0x3b,0x8f,0xbb,0xcd, - 0x42,0xa1,0xbd,0x31,0x1d,0x7a,0x43,0x03,0xdd,0xa5, - 0xab,0x07,0x88,0x96,0xae,0x80,0xc1,0x8b,0x0a,0xf6, - 0x6d,0xff,0x31,0x96,0x16,0xeb,0x78,0x4e,0x49,0x5a, - 0xd2,0xce,0x90,0xd7,0xf7,0x72,0xa8,0x17,0x47,0xb6, - 0x5f,0x62,0x09,0x3b,0x1e,0x0d,0xb9,0xe5,0xba,0x53, - 0x2f,0xaf,0xec,0x47,0x50,0x83,0x23,0xe6,0x71,0x32, - 0x7d,0xf9,0x44,0x44,0x32,0xcb,0x73,0x67,0xce,0xc8, - 0x2f,0x5d,0x44,0xc0,0xd0,0x0b,0x67,0xd6,0x50,0xa0, - 0x75,0xcd,0x4b,0x70,0xde,0xdd,0x77,0xeb,0x9b,0x10, - 0x23,0x1b,0x6b,0x5b,0x74,0x13,0x47,0x39,0x6d,0x62, - 0x89,0x74,0x21,0xd4,0x3d,0xf9,0xb4,0x2e,0x44,0x6e, - 0x35,0x8e,0x9c,0x11,0xa9,0xb2,0x18,0x4e,0xcb,0xef, - 0x0c,0xd8,0xe7,0xa8,0x77,0xef,0x96,0x8f,0x13,0x90, - 0xec,0x9b,0x3d,0x35,0xa5,0x58,0x5c,0xb0,0x09,0x29, - 0x0e,0x2f,0xcd,0xe7,0xb5,0xec,0x66,0xd9,0x08,0x4b, - 0xe4,0x40,0x55,0xa6,0x19,0xd9,0xdd,0x7f,0xc3,0x16, - 0x6f,0x94,0x87,0xf7,0xcb,0x27,0x29,0x12,0x42,0x64, - 0x45,0x99,0x85,0x14,0xc1,0x5d,0x53,0xa1,0x8c,0x86, - 0x4c,0xe3,0xa2,0xb7,0x55,0x57,0x93,0x98,0x81,0x26, - 0x52,0x0e,0xac,0xf2,0xe3,0x06,0x6e,0x23,0x0c,0x91, - 0xbe,0xe4,0xdd,0x53,0x04,0xf5,0xfd,0x04,0x05,0xb3, - 0x5b,0xd9,0x9c,0x73,0x13,0x5d,0x3d,0x9b,0xc3,0x35, - 0xee,0x04,0x9e,0xf6,0x9b,0x38,0x67,0xbf,0x2d,0x7b, - 0xd1,0xea,0xa5,0x95,0xd8,0xbf,0xc0,0x06,0x6f,0xf8, - 0xd3,0x15,0x09,0xeb,0x0c,0x6c,0xaa,0x00,0x6c,0x80, - 0x7a,0x62,0x3e,0xf8,0x4c,0x3d,0x33,0xc1,0x95,0xd2, - 0x3e,0xe3,0x20,0xc4,0x0d,0xe0,0x55,0x81,0x57,0xc8, - 0x22,0xd4,0xb8,0xc5,0x69,0xd8,0x49,0xae,0xd5,0x9d, - 0x4e,0x0f,0xd7,0xf3,0x79,0x58,0x6b,0x4b,0x7f,0xf6, - 0x84,0xed,0x6a,0x18,0x9f,0x74,0x86,0xd4,0x9b,0x9c, - 0x4b,0xad,0x9b,0xa2,0x4b,0x96,0xab,0xf9,0x24,0x37, - 0x2c,0x8a,0x8f,0xff,0xb1,0x0d,0x55,0x35,0x49,0x00, - 0xa7,0x7a,0x3d,0xb5,0xf2,0x05,0xe1,0xb9,0x9f,0xcd, - 0x86,0x60,0x86,0x3a,0x15,0x9a,0xd4,0xab,0xe4,0x0f, - 0xa4,0x89,0x34,0x16,0x3d,0xdd,0xe5,0x42,0xa6,0x58, - 0x55,0x40,0xfd,0x68,0x3c,0xbf,0xd8,0xc0,0x0f,0x12, - 0x12,0x9a,0x28,0x4d,0xea,0xcc,0x4c,0xde,0xfe,0x58, - 0xbe,0x71,0x37,0x54,0x1c,0x04,0x71,0x26,0xc8,0xd4, - 0x9e,0x27,0x55,0xab,0x18,0x1a,0xb7,0xe9,0x40,0xb0, - 0xc0}; - - // VC60 workaround: auto_ptr lacks reset() - member_ptr<Weak::ARC4> arc4; - bool pass=true, fail; - int i; - - cout << "\nARC4 validation suite running...\n\n"; - - arc4.reset(new Weak::ARC4(Key0, sizeof(Key0))); - arc4->ProcessString(Input0, sizeof(Input0)); - fail = memcmp(Input0, Output0, sizeof(Input0)) != 0; - cout << (fail ? "FAILED" : "passed") << " Test 0" << endl; - pass = pass && !fail; - - arc4.reset(new Weak::ARC4(Key1, sizeof(Key1))); - arc4->ProcessString(Key1, Input1, sizeof(Key1)); - fail = memcmp(Output1, Key1, sizeof(Key1)) != 0; - cout << (fail ? "FAILED" : "passed") << " Test 1" << endl; - pass = pass && !fail; - - arc4.reset(new Weak::ARC4(Key2, sizeof(Key2))); - for (i=0, fail=false; i<sizeof(Input2); i++) - if (arc4->ProcessByte(Input2[i]) != Output2[i]) - fail = true; - cout << (fail ? "FAILED" : "passed") << " Test 2" << endl; - pass = pass && !fail; - - arc4.reset(new Weak::ARC4(Key3, sizeof(Key3))); - for (i=0, fail=false; i<sizeof(Input3); i++) - if (arc4->ProcessByte(Input3[i]) != Output3[i]) - fail = true; - cout << (fail ? "FAILED" : "passed") << " Test 3" << endl; - pass = pass && !fail; - - arc4.reset(new Weak::ARC4(Key4, sizeof(Key4))); - for (i=0, fail=false; i<sizeof(Input4); i++) - if (arc4->ProcessByte(Input4[i]) != Output4[i]) - fail = true; - cout << (fail ? "FAILED" : "passed") << " Test 4" << endl; - pass = pass && !fail; - - return pass; -} - -bool ValidateRC5() -{ - cout << "\nRC5 validation suite running...\n\n"; - - FileSource valdata("TestData/rc5val.dat", true, new HexDecoder); - return BlockTransformationTest(VariableRoundsCipherFactory<RC5Encryption, RC5Decryption>(16, 12), valdata); -} - -bool ValidateRC6() -{ - cout << "\nRC6 validation suite running...\n\n"; - - FileSource valdata("TestData/rc6val.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(FixedRoundsCipherFactory<RC6Encryption, RC6Decryption>(16), valdata, 2) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<RC6Encryption, RC6Decryption>(24), valdata, 2) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<RC6Encryption, RC6Decryption>(32), valdata, 2) && pass; - return pass; -} - -bool ValidateMARS() -{ - cout << "\nMARS validation suite running...\n\n"; - - FileSource valdata("TestData/marsval.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(FixedRoundsCipherFactory<MARSEncryption, MARSDecryption>(16), valdata, 4) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<MARSEncryption, MARSDecryption>(24), valdata, 3) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<MARSEncryption, MARSDecryption>(32), valdata, 2) && pass; - return pass; -} - -bool ValidateRijndael() -{ - cout << "\nRijndael (AES) validation suite running...\n\n"; - - FileSource valdata("TestData/rijndael.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(FixedRoundsCipherFactory<RijndaelEncryption, RijndaelDecryption>(16), valdata, 4) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<RijndaelEncryption, RijndaelDecryption>(24), valdata, 3) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<RijndaelEncryption, RijndaelDecryption>(32), valdata, 2) && pass; - pass = RunTestDataFile("TestVectors/aes.txt") && pass; - return pass; -} - -bool ValidateTwofish() -{ - cout << "\nTwofish validation suite running...\n\n"; - - FileSource valdata("TestData/twofishv.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(FixedRoundsCipherFactory<TwofishEncryption, TwofishDecryption>(16), valdata, 4) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<TwofishEncryption, TwofishDecryption>(24), valdata, 3) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<TwofishEncryption, TwofishDecryption>(32), valdata, 2) && pass; - return pass; -} - -bool ValidateSerpent() -{ - cout << "\nSerpent validation suite running...\n\n"; - - FileSource valdata("TestData/serpentv.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(FixedRoundsCipherFactory<SerpentEncryption, SerpentDecryption>(16), valdata, 5) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<SerpentEncryption, SerpentDecryption>(24), valdata, 4) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<SerpentEncryption, SerpentDecryption>(32), valdata, 3) && pass; - return pass; -} - -bool ValidateBlowfish() -{ - cout << "\nBlowfish validation suite running...\n\n"; - - HexEncoder output(new FileSink(cout)); - const char *key[]={"abcdefghijklmnopqrstuvwxyz", "Who is John Galt?"}; - byte *plain[]={(byte *)"BLOWFISH", (byte *)"\xfe\xdc\xba\x98\x76\x54\x32\x10"}; - byte *cipher[]={(byte *)"\x32\x4e\xd0\xfe\xf4\x13\xa2\x03", (byte *)"\xcc\x91\x73\x2b\x80\x22\xf6\x84"}; - byte out[8], outplain[8]; - bool pass=true, fail; - - for (int i=0; i<2; i++) - { - ECB_Mode<Blowfish>::Encryption enc((byte *)key[i], strlen(key[i])); - enc.ProcessData(out, plain[i], 8); - fail = memcmp(out, cipher[i], 8) != 0; - - ECB_Mode<Blowfish>::Decryption dec((byte *)key[i], strlen(key[i])); - dec.ProcessData(outplain, cipher[i], 8); - fail = fail || memcmp(outplain, plain[i], 8); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << '\"' << key[i] << '\"'; - for (int j=0; j<(signed int)(30-strlen(key[i])); j++) - cout << ' '; - output.Put(outplain, 8); - cout << " "; - output.Put(out, 8); - cout << endl; - } - return pass; -} - -bool ValidateThreeWay() -{ - cout << "\n3-WAY validation suite running...\n\n"; - - FileSource valdata("TestData/3wayval.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory<ThreeWayEncryption, ThreeWayDecryption>(), valdata); -} - -bool ValidateGOST() -{ - cout << "\nGOST validation suite running...\n\n"; - - FileSource valdata("TestData/gostval.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory<GOSTEncryption, GOSTDecryption>(), valdata); -} - -bool ValidateSHARK() -{ - cout << "\nSHARK validation suite running...\n\n"; - - FileSource valdata("TestData/sharkval.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory<SHARKEncryption, SHARKDecryption>(), valdata); -} - -bool ValidateCAST() -{ - bool pass = true; - - cout << "\nCAST-128 validation suite running...\n\n"; - - FileSource val128("TestData/cast128v.dat", true, new HexDecoder); - pass = BlockTransformationTest(FixedRoundsCipherFactory<CAST128Encryption, CAST128Decryption>(16), val128, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<CAST128Encryption, CAST128Decryption>(10), val128, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<CAST128Encryption, CAST128Decryption>(5), val128, 1) && pass; - - cout << "\nCAST-256 validation suite running...\n\n"; - - FileSource val256("TestData/cast256v.dat", true, new HexDecoder); - pass = BlockTransformationTest(FixedRoundsCipherFactory<CAST256Encryption, CAST256Decryption>(16), val256, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<CAST256Encryption, CAST256Decryption>(24), val256, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<CAST256Encryption, CAST256Decryption>(32), val256, 1) && pass; - - return pass; -} - -bool ValidateSquare() -{ - cout << "\nSquare validation suite running...\n\n"; - - FileSource valdata("TestData/squareva.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory<SquareEncryption, SquareDecryption>(), valdata); -} - -bool ValidateSKIPJACK() -{ - cout << "\nSKIPJACK validation suite running...\n\n"; - - FileSource valdata("TestData/skipjack.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory<SKIPJACKEncryption, SKIPJACKDecryption>(), valdata); -} - -bool ValidateSEAL() -{ - byte input[] = {0x37,0xa0,0x05,0x95,0x9b,0x84,0xc4,0x9c,0xa4,0xbe,0x1e,0x05,0x06,0x73,0x53,0x0f,0x5f,0xb0,0x97,0xfd,0xf6,0xa1,0x3f,0xbd,0x6c,0x2c,0xde,0xcd,0x81,0xfd,0xee,0x7c}; - byte output[32]; - byte key[] = {0x67, 0x45, 0x23, 0x01, 0xef, 0xcd, 0xab, 0x89, 0x98, 0xba, 0xdc, 0xfe, 0x10, 0x32, 0x54, 0x76, 0xc3, 0xd2, 0xe1, 0xf0}; - byte iv[] = {0x01, 0x35, 0x77, 0xaf}; - - cout << "\nSEAL validation suite running...\n\n"; - - SEAL<>::Encryption seal(key, sizeof(key), iv); - unsigned int size = sizeof(input); - bool pass = true; - - memset(output, 1, size); - seal.ProcessString(output, input, size); - for (unsigned int i=0; i<size; i++) - if (output[i] != 0) - pass = false; - - seal.Seek(1); - output[1] = seal.ProcessByte(output[1]); - seal.ProcessString(output+2, size-2); - pass = pass && memcmp(output+1, input+1, size-1) == 0; - - cout << (pass ? "passed" : "FAILED") << endl; - return pass; -} - -bool ValidateBaseCode() -{ - bool pass = true, fail; - byte data[255]; - for (unsigned int i=0; i<255; i++) - data[i] = i; - const char *hexEncoded = -"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627" -"28292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F" -"505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071727374757677" -"78797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9F" -"A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7" -"C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEF" -"F0F1F2F3F4F5F6F7F8F9FAFBFCFDFE"; - const char *base32Encoded = -"AAASEA2EAWDAQCAJBIFS2DIQB6IBCESVCSKTNF22DEPBYHA7D2RUAIJCENUCKJTHFAWUWK3NFWZC8NBT" -"GI3VIPJYG66DUQT5HS8V6R4AIFBEGTCFI3DWSUKKJPGE4VURKBIXEW4WKXMFQYC3MJPX2ZK8M7SGC2VD" -"NTUYN35IPFXGY5DPP3ZZA6MUQP4HK7VZRB6ZW856RX9H9AEBSKB2JBNGS8EIVCWMTUG27D6SUGJJHFEX" -"U4M3TGN4VQQJ5HW9WCS4FI7EWYVKRKFJXKX43MPQX82MDNXVYU45PP72ZG7MZRF7Z496BSQC2RCNMTYH" -"3DE6XU8N3ZHN9WGT4MJ7JXQY49NPVYY55VQ77Z9A6HTQH3HF65V8T4RK7RYQ55ZR8D29F69W8Z5RR8H3" -"9M7939R8"; - const char *base64AndHexEncoded = -"41414543417751464267634943516F4C4441304F4478415245684D554652595847426B6147787764" -"486838674953496A4A43556D4A7967704B6973734C5334764D4445794D7A51310A4E6A63344F546F" -"375044302B50304242516B4E4552555A4853456C4B5330784E546B395155564A5456465657563168" -"5A576C746358563566594746695932526C5A6D646F615770720A6247317562334278636E4E306458" -"5A3365486C3665337839666E2B4167594B44684957476834694A696F754D6A5936506B4A47536B35" -"53566C7065596D5A71626E4A32656E3643680A6F714F6B7061616E714B6D717136797472712B7773" -"624B7A744C573274376935757275387662362F774D484377385446787366497963724C7A4D334F7A" -"39445230745055316462580A324E6E6132397A6433742F6734654C6A354F586D352B6A7036757673" -"3765377638504879382F5431397666342B6672372F50332B0A"; - - cout << "\nBase64, base32 and hex coding validation suite running...\n\n"; - - fail = !TestFilter(HexEncoder().Ref(), data, 255, (const byte *)hexEncoded, strlen(hexEncoded)); - cout << (fail ? "FAILED " : "passed "); - cout << "Hex Encoding\n"; - pass = pass && !fail; - - fail = !TestFilter(HexDecoder().Ref(), (const byte *)hexEncoded, strlen(hexEncoded), data, 255); - cout << (fail ? "FAILED " : "passed "); - cout << "Hex Decoding\n"; - pass = pass && !fail; - - fail = !TestFilter(Base32Encoder().Ref(), data, 255, (const byte *)base32Encoded, strlen(base32Encoded)); - cout << (fail ? "FAILED " : "passed "); - cout << "Base32 Encoding\n"; - pass = pass && !fail; - - fail = !TestFilter(Base32Decoder().Ref(), (const byte *)base32Encoded, strlen(base32Encoded), data, 255); - cout << (fail ? "FAILED " : "passed "); - cout << "Base32 Decoding\n"; - pass = pass && !fail; - - fail = !TestFilter(Base64Encoder(new HexEncoder).Ref(), data, 255, (const byte *)base64AndHexEncoded, strlen(base64AndHexEncoded)); - cout << (fail ? "FAILED " : "passed "); - cout << "Base64 Encoding\n"; - pass = pass && !fail; - - fail = !TestFilter(HexDecoder(new Base64Decoder).Ref(), (const byte *)base64AndHexEncoded, strlen(base64AndHexEncoded), data, 255); - cout << (fail ? "FAILED " : "passed "); - cout << "Base64 Decoding\n"; - pass = pass && !fail; - - return pass; -} - -bool ValidateSHACAL2() -{ - cout << "\nSHACAL-2 validation suite running...\n\n"; - - bool pass = true; - FileSource valdata("TestData/shacal2v.dat", true, new HexDecoder); - pass = BlockTransformationTest(FixedRoundsCipherFactory<SHACAL2Encryption, SHACAL2Decryption>(16), valdata, 4) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<SHACAL2Encryption, SHACAL2Decryption>(64), valdata, 10) && pass; - return pass; -} - -bool ValidateCamellia() -{ - cout << "\nCamellia validation suite running...\n\n"; - - bool pass = true; - FileSource valdata("TestData/camellia.dat", true, new HexDecoder); - pass = BlockTransformationTest(FixedRoundsCipherFactory<CamelliaEncryption, CamelliaDecryption>(16), valdata, 15) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<CamelliaEncryption, CamelliaDecryption>(24), valdata, 15) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory<CamelliaEncryption, CamelliaDecryption>(32), valdata, 15) && pass; - return pass; -} - -bool ValidateSalsa() -{ - cout << "\nSalsa validation suite running...\n"; - - return RunTestDataFile("TestVectors/salsa.txt"); -} - -bool ValidateSosemanuk() -{ - cout << "\nSosemanuk validation suite running...\n"; - return RunTestDataFile("TestVectors/sosemanuk.txt"); -} - -bool ValidateVMAC() -{ - cout << "\nVMAC validation suite running...\n"; - return RunTestDataFile("TestVectors/vmac.txt"); -} - -bool ValidateCCM() -{ - cout << "\nAES/CCM validation suite running...\n"; - return RunTestDataFile("TestVectors/ccm.txt"); -} - -bool ValidateGCM() -{ - cout << "\nAES/GCM validation suite running...\n"; - cout << "\n2K tables:"; - bool pass = RunTestDataFile("TestVectors/gcm.txt", MakeParameters(Name::TableSize(), (int)2048)); - cout << "\n64K tables:"; - return RunTestDataFile("TestVectors/gcm.txt", MakeParameters(Name::TableSize(), (int)64*1024)) && pass; -} - -bool ValidateCMAC() -{ - cout << "\nCMAC validation suite running...\n"; - return RunTestDataFile("TestVectors/cmac.txt"); -} diff --git a/cryptopp562/validat2.cpp b/cryptopp562/validat2.cpp deleted file mode 100644 index dd7ccd4..0000000 --- a/cryptopp562/validat2.cpp +++ /dev/null @@ -1,722 +0,0 @@ -// validat2.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" - -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "blumshub.h" -#include "rsa.h" -#include "md2.h" -#include "elgamal.h" -#include "nr.h" -#include "dsa.h" -#include "dh.h" -#include "mqv.h" -#include "luc.h" -#include "xtrcrypt.h" -#include "rabin.h" -#include "rw.h" -#include "eccrypto.h" -#include "ecp.h" -#include "ec2n.h" -#include "asn.h" -#include "rng.h" -#include "files.h" -#include "hex.h" -#include "oids.h" -#include "esign.h" -#include "osrng.h" - -#include <iostream> -#include <iomanip> - -#include "validate.h" - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -class FixedRNG : public RandomNumberGenerator -{ -public: - FixedRNG(BufferedTransformation &source) : m_source(source) {} - - void GenerateBlock(byte *output, size_t size) - { - m_source.Get(output, size); - } - -private: - BufferedTransformation &m_source; -}; - -bool ValidateBBS() -{ - cout << "\nBlumBlumShub validation suite running...\n\n"; - - Integer p("212004934506826557583707108431463840565872545889679278744389317666981496005411448865750399674653351"); - Integer q("100677295735404212434355574418077394581488455772477016953458064183204108039226017738610663984508231"); - Integer seed("63239752671357255800299643604761065219897634268887145610573595874544114193025997412441121667211431"); - BlumBlumShub bbs(p, q, seed); - bool pass = true, fail; - int j; - - const byte output1[] = { - 0x49,0xEA,0x2C,0xFD,0xB0,0x10,0x64,0xA0,0xBB,0xB9, - 0x2A,0xF1,0x01,0xDA,0xC1,0x8A,0x94,0xF7,0xB7,0xCE}; - const byte output2[] = { - 0x74,0x45,0x48,0xAE,0xAC,0xB7,0x0E,0xDF,0xAF,0xD7, - 0xD5,0x0E,0x8E,0x29,0x83,0x75,0x6B,0x27,0x46,0xA1}; - - byte buf[20]; - - bbs.GenerateBlock(buf, 20); - fail = memcmp(output1, buf, 20) != 0; - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - for (j=0;j<20;j++) - cout << setw(2) << setfill('0') << hex << (int)buf[j]; - cout << endl; - - bbs.Seek(10); - bbs.GenerateBlock(buf, 10); - fail = memcmp(output1+10, buf, 10) != 0; - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - for (j=0;j<10;j++) - cout << setw(2) << setfill('0') << hex << (int)buf[j]; - cout << endl; - - bbs.Seek(1234567); - bbs.GenerateBlock(buf, 20); - fail = memcmp(output2, buf, 20) != 0; - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - for (j=0;j<20;j++) - cout << setw(2) << setfill('0') << hex << (int)buf[j]; - cout << endl; - - return pass; -} - -bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false) -{ - bool pass = true, fail; - - fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "signature key validation\n"; - - const byte *message = (byte *)"test message"; - const int messageLen = 12; - - SecByteBlock signature(priv.MaxSignatureLength()); - size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature); - fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "signature and verification\n"; - - ++signature[0]; - fail = pub.VerifyMessage(message, messageLen, signature, signatureLength); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "checking invalid signature" << endl; - - if (priv.MaxRecoverableLength() > 0) - { - signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature); - SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength)); - DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength); - fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "signature and verification with recovery" << endl; - - ++signature[0]; - result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength); - fail = result.isValidCoding; - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "recovery with invalid signature" << endl; - } - - return pass; -} - -bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough = false) -{ - bool pass = true, fail; - - fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "cryptosystem key validation\n"; - - const byte *message = (byte *)"test message"; - const int messageLen = 12; - SecByteBlock ciphertext(priv.CiphertextLength(messageLen)); - SecByteBlock plaintext(priv.MaxPlaintextLength(ciphertext.size())); - - pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext); - fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen); - fail = fail || memcmp(message, plaintext, messageLen); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "encryption and decryption\n"; - - return pass; -} - -bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d) -{ - if (d.GetCryptoParameters().Validate(GlobalRNG(), 3)) - cout << "passed simple key agreement domain parameters validation" << endl; - else - { - cout << "FAILED simple key agreement domain parameters invalid" << endl; - return false; - } - - SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength()); - SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength()); - SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength()); - - d.GenerateKeyPair(GlobalRNG(), priv1, pub1); - d.GenerateKeyPair(GlobalRNG(), priv2, pub2); - - memset(val1.begin(), 0x10, val1.size()); - memset(val2.begin(), 0x11, val2.size()); - - if (!(d.Agree(val1, priv1, pub2) && d.Agree(val2, priv2, pub1))) - { - cout << "FAILED simple key agreement failed" << endl; - return false; - } - - if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength())) - { - cout << "FAILED simple agreed values not equal" << endl; - return false; - } - - cout << "passed simple key agreement" << endl; - return true; -} - -bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d) -{ - if (d.GetCryptoParameters().Validate(GlobalRNG(), 3)) - cout << "passed authenticated key agreement domain parameters validation" << endl; - else - { - cout << "FAILED authenticated key agreement domain parameters invalid" << endl; - return false; - } - - SecByteBlock spriv1(d.StaticPrivateKeyLength()), spriv2(d.StaticPrivateKeyLength()); - SecByteBlock epriv1(d.EphemeralPrivateKeyLength()), epriv2(d.EphemeralPrivateKeyLength()); - SecByteBlock spub1(d.StaticPublicKeyLength()), spub2(d.StaticPublicKeyLength()); - SecByteBlock epub1(d.EphemeralPublicKeyLength()), epub2(d.EphemeralPublicKeyLength()); - SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength()); - - d.GenerateStaticKeyPair(GlobalRNG(), spriv1, spub1); - d.GenerateStaticKeyPair(GlobalRNG(), spriv2, spub2); - d.GenerateEphemeralKeyPair(GlobalRNG(), epriv1, epub1); - d.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2); - - memset(val1.begin(), 0x10, val1.size()); - memset(val2.begin(), 0x11, val2.size()); - - if (!(d.Agree(val1, spriv1, epriv1, spub2, epub2) && d.Agree(val2, spriv2, epriv2, spub1, epub1))) - { - cout << "FAILED authenticated key agreement failed" << endl; - return false; - } - - if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength())) - { - cout << "FAILED authenticated agreed values not equal" << endl; - return false; - } - - cout << "passed authenticated key agreement" << endl; - return true; -} - -bool ValidateRSA() -{ - cout << "\nRSA validation suite running...\n\n"; - - byte out[100], outPlain[100]; - bool pass = true, fail; - - { - const char *plain = "Everyone gets Friday off."; - byte *signature = (byte *) - "\x05\xfa\x6a\x81\x2f\xc7\xdf\x8b\xf4\xf2\x54\x25\x09\xe0\x3e\x84" - "\x6e\x11\xb9\xc6\x20\xbe\x20\x09\xef\xb4\x40\xef\xbc\xc6\x69\x21" - "\x69\x94\xac\x04\xf3\x41\xb5\x7d\x05\x20\x2d\x42\x8f\xb2\xa2\x7b" - "\x5c\x77\xdf\xd9\xb1\x5b\xfc\x3d\x55\x93\x53\x50\x34\x10\xc1\xe1"; - - FileSource keys("TestData/rsa512a.dat", true, new HexDecoder); - Weak::RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys); - Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv); - - size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out); - fail = memcmp(signature, out, 64) != 0; - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "signature check against test vector\n"; - - fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "verification check against test vector\n"; - - out[10]++; - fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "invalid signature verification\n"; - } - { - FileSource keys("TestData/rsa1024.dat", true, new HexDecoder); - RSAES_PKCS1v15_Decryptor rsaPriv(keys); - RSAES_PKCS1v15_Encryptor rsaPub(rsaPriv); - - pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass; - } - { - RSAES<OAEP<SHA> >::Decryptor rsaPriv(GlobalRNG(), 512); - RSAES<OAEP<SHA> >::Encryptor rsaPub(rsaPriv); - - pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass; - } - { - byte *plain = (byte *) - "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; - byte *encrypted = (byte *) - "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" - "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" - "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" - "\x62\x51"; - byte *oaepSeed = (byte *) - "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2" - "\xf0\x6c\xb5\x8f"; - ByteQueue bq; - bq.Put(oaepSeed, 20); - FixedRNG rng(bq); - - FileSource privFile("TestData/rsa400pv.dat", true, new HexDecoder); - FileSource pubFile("TestData/rsa400pb.dat", true, new HexDecoder); - RSAES_OAEP_SHA_Decryptor rsaPriv; - rsaPriv.AccessKey().BERDecodePrivateKey(privFile, false, 0); - RSAES_OAEP_SHA_Encryptor rsaPub(pubFile); - - memset(out, 0, 50); - memset(outPlain, 0, 8); - rsaPub.Encrypt(rng, plain, 8, out); - DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain); - fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "PKCS 2.0 encryption and decryption\n"; - } - - return pass; -} - -bool ValidateDH() -{ - cout << "\nDH validation suite running...\n\n"; - - FileSource f("TestData/dh1024.dat", true, new HexDecoder()); - DH dh(f); - return SimpleKeyAgreementValidate(dh); -} - -bool ValidateMQV() -{ - cout << "\nMQV validation suite running...\n\n"; - - FileSource f("TestData/mqv1024.dat", true, new HexDecoder()); - MQV mqv(f); - return AuthenticatedKeyAgreementValidate(mqv); -} - -bool ValidateLUC_DH() -{ - cout << "\nLUC-DH validation suite running...\n\n"; - - FileSource f("TestData/lucd512.dat", true, new HexDecoder()); - LUC_DH dh(f); - return SimpleKeyAgreementValidate(dh); -} - -bool ValidateXTR_DH() -{ - cout << "\nXTR-DH validation suite running...\n\n"; - - FileSource f("TestData/xtrdh171.dat", true, new HexDecoder()); - XTR_DH dh(f); - return SimpleKeyAgreementValidate(dh); -} - -bool ValidateElGamal() -{ - cout << "\nElGamal validation suite running...\n\n"; - bool pass = true; - { - FileSource fc("TestData/elgc1024.dat", true, new HexDecoder); - ElGamalDecryptor privC(fc); - ElGamalEncryptor pubC(privC); - privC.AccessKey().Precompute(); - ByteQueue queue; - privC.AccessKey().SavePrecomputation(queue); - privC.AccessKey().LoadPrecomputation(queue); - - pass = CryptoSystemValidate(privC, pubC) && pass; - } - return pass; -} - -bool ValidateDLIES() -{ - cout << "\nDLIES validation suite running...\n\n"; - bool pass = true; - { - FileSource fc("TestData/dlie1024.dat", true, new HexDecoder); - DLIES<>::Decryptor privC(fc); - DLIES<>::Encryptor pubC(privC); - pass = CryptoSystemValidate(privC, pubC) && pass; - } - { - cout << "Generating new encryption key..." << endl; - DLIES<>::GroupParameters gp; - gp.GenerateRandomWithKeySize(GlobalRNG(), 128); - DLIES<>::Decryptor decryptor; - decryptor.AccessKey().GenerateRandom(GlobalRNG(), gp); - DLIES<>::Encryptor encryptor(decryptor); - - pass = CryptoSystemValidate(decryptor, encryptor) && pass; - } - return pass; -} - -bool ValidateNR() -{ - cout << "\nNR validation suite running...\n\n"; - bool pass = true; - { - FileSource f("TestData/nr2048.dat", true, new HexDecoder); - NR<SHA>::Signer privS(f); - privS.AccessKey().Precompute(); - NR<SHA>::Verifier pubS(privS); - - pass = SignatureValidate(privS, pubS) && pass; - } - { - cout << "Generating new signature key..." << endl; - NR<SHA>::Signer privS(GlobalRNG(), 256); - NR<SHA>::Verifier pubS(privS); - - pass = SignatureValidate(privS, pubS) && pass; - } - return pass; -} - -bool ValidateDSA(bool thorough) -{ - cout << "\nDSA validation suite running...\n\n"; - - bool pass = true; - FileSource fs1("TestData/dsa1024.dat", true, new HexDecoder()); - DSA::Signer priv(fs1); - DSA::Verifier pub(priv); - FileSource fs2("TestData/dsa1024b.dat", true, new HexDecoder()); - DSA::Verifier pub1(fs2); - assert(pub.GetKey() == pub1.GetKey()); - pass = SignatureValidate(priv, pub, thorough) && pass; - pass = RunTestDataFile("TestVectors/dsa.txt", g_nullNameValuePairs, thorough) && pass; - return pass; -} - -bool ValidateLUC() -{ - cout << "\nLUC validation suite running...\n\n"; - bool pass=true; - - { - FileSource f("TestData/luc1024.dat", true, new HexDecoder); - LUCSSA_PKCS1v15_SHA_Signer priv(f); - LUCSSA_PKCS1v15_SHA_Verifier pub(priv); - pass = SignatureValidate(priv, pub) && pass; - } - { - LUCES_OAEP_SHA_Decryptor priv(GlobalRNG(), 512); - LUCES_OAEP_SHA_Encryptor pub(priv); - pass = CryptoSystemValidate(priv, pub) && pass; - } - return pass; -} - -bool ValidateLUC_DL() -{ - cout << "\nLUC-HMP validation suite running...\n\n"; - - FileSource f("TestData/lucs512.dat", true, new HexDecoder); - LUC_HMP<SHA>::Signer privS(f); - LUC_HMP<SHA>::Verifier pubS(privS); - bool pass = SignatureValidate(privS, pubS); - - cout << "\nLUC-IES validation suite running...\n\n"; - - FileSource fc("TestData/lucc512.dat", true, new HexDecoder); - LUC_IES<>::Decryptor privC(fc); - LUC_IES<>::Encryptor pubC(privC); - pass = CryptoSystemValidate(privC, pubC) && pass; - - return pass; -} - -bool ValidateRabin() -{ - cout << "\nRabin validation suite running...\n\n"; - bool pass=true; - - { - FileSource f("TestData/rabi1024.dat", true, new HexDecoder); - RabinSS<PSSR, SHA>::Signer priv(f); - RabinSS<PSSR, SHA>::Verifier pub(priv); - pass = SignatureValidate(priv, pub) && pass; - } - { - RabinES<OAEP<SHA> >::Decryptor priv(GlobalRNG(), 512); - RabinES<OAEP<SHA> >::Encryptor pub(priv); - pass = CryptoSystemValidate(priv, pub) && pass; - } - return pass; -} - -bool ValidateRW() -{ - cout << "\nRW validation suite running...\n\n"; - - FileSource f("TestData/rw1024.dat", true, new HexDecoder); - RWSS<PSSR, SHA>::Signer priv(f); - RWSS<PSSR, SHA>::Verifier pub(priv); - - return SignatureValidate(priv, pub); -} - -/* -bool ValidateBlumGoldwasser() -{ - cout << "\nBlumGoldwasser validation suite running...\n\n"; - - FileSource f("TestData/blum512.dat", true, new HexDecoder); - BlumGoldwasserPrivateKey priv(f); - BlumGoldwasserPublicKey pub(priv); - - return CryptoSystemValidate(priv, pub); -} -*/ - -bool ValidateECP() -{ - cout << "\nECP validation suite running...\n\n"; - - ECIES<ECP>::Decryptor cpriv(GlobalRNG(), ASN1::secp192r1()); - ECIES<ECP>::Encryptor cpub(cpriv); - ByteQueue bq; - cpriv.GetKey().DEREncode(bq); - cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true); - cpub.GetKey().DEREncode(bq); - ECDSA<ECP, SHA>::Signer spriv(bq); - ECDSA<ECP, SHA>::Verifier spub(bq); - ECDH<ECP>::Domain ecdhc(ASN1::secp192r1()); - ECMQV<ECP>::Domain ecmqvc(ASN1::secp192r1()); - - spriv.AccessKey().Precompute(); - ByteQueue queue; - spriv.AccessKey().SavePrecomputation(queue); - spriv.AccessKey().LoadPrecomputation(queue); - - bool pass = SignatureValidate(spriv, spub); - cpub.AccessKey().Precompute(); - cpriv.AccessKey().Precompute(); - pass = CryptoSystemValidate(cpriv, cpub) && pass; - pass = SimpleKeyAgreementValidate(ecdhc) && pass; - pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; - - cout << "Turning on point compression..." << endl; - cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true); - cpub.AccessKey().AccessGroupParameters().SetPointCompression(true); - ecdhc.AccessGroupParameters().SetPointCompression(true); - ecmqvc.AccessGroupParameters().SetPointCompression(true); - pass = CryptoSystemValidate(cpriv, cpub) && pass; - pass = SimpleKeyAgreementValidate(ecdhc) && pass; - pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; - - cout << "Testing SEC 2, NIST, and Brainpool recommended curves..." << endl; - OID oid; - while (!(oid = DL_GroupParameters_EC<ECP>::GetNextRecommendedParametersOID(oid)).m_values.empty()) - { - DL_GroupParameters_EC<ECP> params(oid); - bool fail = !params.Validate(GlobalRNG(), 2); - cout << (fail ? "FAILED" : "passed") << " " << dec << params.GetCurve().GetField().MaxElementBitLength() << " bits" << endl; - pass = pass && !fail; - } - - return pass; -} - -bool ValidateEC2N() -{ - cout << "\nEC2N validation suite running...\n\n"; - - ECIES<EC2N>::Decryptor cpriv(GlobalRNG(), ASN1::sect193r1()); - ECIES<EC2N>::Encryptor cpub(cpriv); - ByteQueue bq; - cpriv.DEREncode(bq); - cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true); - cpub.DEREncode(bq); - ECDSA<EC2N, SHA>::Signer spriv(bq); - ECDSA<EC2N, SHA>::Verifier spub(bq); - ECDH<EC2N>::Domain ecdhc(ASN1::sect193r1()); - ECMQV<EC2N>::Domain ecmqvc(ASN1::sect193r1()); - - spriv.AccessKey().Precompute(); - ByteQueue queue; - spriv.AccessKey().SavePrecomputation(queue); - spriv.AccessKey().LoadPrecomputation(queue); - - bool pass = SignatureValidate(spriv, spub); - pass = CryptoSystemValidate(cpriv, cpub) && pass; - pass = SimpleKeyAgreementValidate(ecdhc) && pass; - pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; - - cout << "Turning on point compression..." << endl; - cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true); - cpub.AccessKey().AccessGroupParameters().SetPointCompression(true); - ecdhc.AccessGroupParameters().SetPointCompression(true); - ecmqvc.AccessGroupParameters().SetPointCompression(true); - pass = CryptoSystemValidate(cpriv, cpub) && pass; - pass = SimpleKeyAgreementValidate(ecdhc) && pass; - pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; - -#if 0 // TODO: turn this back on when I make EC2N faster for pentanomial basis - cout << "Testing SEC 2 recommended curves..." << endl; - OID oid; - while (!(oid = DL_GroupParameters_EC<EC2N>::GetNextRecommendedParametersOID(oid)).m_values.empty()) - { - DL_GroupParameters_EC<EC2N> params(oid); - bool fail = !params.Validate(GlobalRNG(), 2); - cout << (fail ? "FAILED" : "passed") << " " << params.GetCurve().GetField().MaxElementBitLength() << " bits" << endl; - pass = pass && !fail; - } -#endif - - return pass; -} - -bool ValidateECDSA() -{ - cout << "\nECDSA validation suite running...\n\n"; - - // from Sample Test Vectors for P1363 - GF2NT gf2n(191, 9, 0); - byte a[]="\x28\x66\x53\x7B\x67\x67\x52\x63\x6A\x68\xF5\x65\x54\xE1\x26\x40\x27\x6B\x64\x9E\xF7\x52\x62\x67"; - byte b[]="\x2E\x45\xEF\x57\x1F\x00\x78\x6F\x67\xB0\x08\x1B\x94\x95\xA3\xD9\x54\x62\xF5\xDE\x0A\xA1\x85\xEC"; - EC2N ec(gf2n, PolynomialMod2(a,24), PolynomialMod2(b,24)); - - EC2N::Point P; - ec.DecodePoint(P, (byte *)"\x04\x36\xB3\xDA\xF8\xA2\x32\x06\xF9\xC4\xF2\x99\xD7\xB2\x1A\x9C\x36\x91\x37\xF2\xC8\x4A\xE1\xAA\x0D" - "\x76\x5B\xE7\x34\x33\xB3\xF9\x5E\x33\x29\x32\xE7\x0E\xA2\x45\xCA\x24\x18\xEA\x0E\xF9\x80\x18\xFB", ec.EncodedPointSize()); - Integer n("40000000000000000000000004a20e90c39067c893bbb9a5H"); - Integer d("340562e1dda332f9d2aec168249b5696ee39d0ed4d03760fH"); - EC2N::Point Q(ec.Multiply(d, P)); - ECDSA<EC2N, SHA>::Signer priv(ec, P, n, d); - ECDSA<EC2N, SHA>::Verifier pub(priv); - - Integer h("A9993E364706816ABA3E25717850C26C9CD0D89DH"); - Integer k("3eeace72b4919d991738d521879f787cb590aff8189d2b69H"); - byte sig[]="\x03\x8e\x5a\x11\xfb\x55\xe4\xc6\x54\x71\xdc\xd4\x99\x84\x52\xb1\xe0\x2d\x8a\xf7\x09\x9b\xb9\x30" - "\x0c\x9a\x08\xc3\x44\x68\xc2\x44\xb4\xe5\xd6\xb2\x1b\x3c\x68\x36\x28\x07\x41\x60\x20\x32\x8b\x6e"; - Integer r(sig, 24); - Integer s(sig+24, 24); - - Integer rOut, sOut; - bool fail, pass=true; - - priv.RawSign(k, h, rOut, sOut); - fail = (rOut != r) || (sOut != s); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "signature check against test vector\n"; - - fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig)); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "verification check against test vector\n"; - - fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig)); - pass = pass && !fail; - - pass = SignatureValidate(priv, pub) && pass; - - return pass; -} - -bool ValidateESIGN() -{ - cout << "\nESIGN validation suite running...\n\n"; - - bool pass = true, fail; - - const char *plain = "test"; - const byte *signature = (byte *) - "\xA3\xE3\x20\x65\xDE\xDA\xE7\xEC\x05\xC1\xBF\xCD\x25\x79\x7D\x99\xCD\xD5\x73\x9D\x9D\xF3\xA4\xAA\x9A\xA4\x5A\xC8\x23\x3D\x0D\x37\xFE\xBC\x76\x3F\xF1\x84\xF6\x59" - "\x14\x91\x4F\x0C\x34\x1B\xAE\x9A\x5C\x2E\x2E\x38\x08\x78\x77\xCB\xDC\x3C\x7E\xA0\x34\x44\x5B\x0F\x67\xD9\x35\x2A\x79\x47\x1A\x52\x37\x71\xDB\x12\x67\xC1\xB6\xC6" - "\x66\x73\xB3\x40\x2E\xD6\xF2\x1A\x84\x0A\xB6\x7B\x0F\xEB\x8B\x88\xAB\x33\xDD\xE4\x83\x21\x90\x63\x2D\x51\x2A\xB1\x6F\xAB\xA7\x5C\xFD\x77\x99\xF2\xE1\xEF\x67\x1A" - "\x74\x02\x37\x0E\xED\x0A\x06\xAD\xF4\x15\x65\xB8\xE1\xD1\x45\xAE\x39\x19\xB4\xFF\x5D\xF1\x45\x7B\xE0\xFE\x72\xED\x11\x92\x8F\x61\x41\x4F\x02\x00\xF2\x76\x6F\x7C" - "\x79\xA2\xE5\x52\x20\x5D\x97\x5E\xFE\x39\xAE\x21\x10\xFB\x35\xF4\x80\x81\x41\x13\xDD\xE8\x5F\xCA\x1E\x4F\xF8\x9B\xB2\x68\xFB\x28"; - - FileSource keys("TestData/esig1536.dat", true, new HexDecoder); - ESIGN<SHA>::Signer signer(keys); - ESIGN<SHA>::Verifier verifier(signer); - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - - fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength()); - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - cout << "verification check against test vector\n"; - - cout << "Generating signature key from seed..." << endl; - signer.AccessKey().GenerateRandom(GlobalRNG(), MakeParameters("Seed", ConstByteArrayParameter((const byte *)"test", 4))("KeySize", 3*512)); - verifier = signer; - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - - return pass; -} diff --git a/cryptopp562/validat3.cpp b/cryptopp562/validat3.cpp deleted file mode 100644 index 035b556..0000000 --- a/cryptopp562/validat3.cpp +++ /dev/null @@ -1,591 +0,0 @@ -// validat3.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "validate.h" - -#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -#include "smartptr.h" -#include "crc.h" -#include "adler32.h" -#include "md2.h" -#include "md4.h" -#include "md5.h" -#include "sha.h" -#include "tiger.h" -#include "ripemd.h" - -#include "hmac.h" -#include "ttmac.h" - -#include "integer.h" -#include "pwdbased.h" -#include "filters.h" -#include "hex.h" -#include "files.h" - -#include <iostream> -#include <iomanip> - -USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) - -struct HashTestTuple -{ - HashTestTuple(const char *input, const char *output, unsigned int repeatTimes=1) - : input((byte *)input), output((byte *)output), inputLen(strlen(input)), repeatTimes(repeatTimes) {} - - HashTestTuple(const char *input, unsigned int inputLen, const char *output, unsigned int repeatTimes) - : input((byte *)input), output((byte *)output), inputLen(inputLen), repeatTimes(repeatTimes) {} - - const byte *input, *output; - size_t inputLen; - unsigned int repeatTimes; -}; - -bool HashModuleTest(HashTransformation &md, const HashTestTuple *testSet, unsigned int testSetSize) -{ - bool pass=true, fail; - SecByteBlock digest(md.DigestSize()); - - for (unsigned int i=0; i<testSetSize; i++) - { - unsigned j; - - for (j=0; j<testSet[i].repeatTimes; j++) - md.Update(testSet[i].input, testSet[i].inputLen); - md.Final(digest); - fail = memcmp(digest, testSet[i].output, md.DigestSize()) != 0; - pass = pass && !fail; - - cout << (fail ? "FAILED " : "passed "); - for (j=0; j<md.DigestSize(); j++) - cout << setw(2) << setfill('0') << hex << (int)digest[j]; - cout << " \"" << (char *)testSet[i].input << '\"'; - if (testSet[i].repeatTimes != 1) - cout << " repeated " << dec << testSet[i].repeatTimes << " times"; - cout << endl; - } - - return pass; -} - -bool ValidateCRC32() -{ - HashTestTuple testSet[] = - { - HashTestTuple("", "\x00\x00\x00\x00"), - HashTestTuple("a", "\x43\xbe\xb7\xe8"), - HashTestTuple("abc", "\xc2\x41\x24\x35"), - HashTestTuple("message digest", "\x7f\x9d\x15\x20"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xbd\x50\x27\x4c"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xd2\xe6\xc2\x1f"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\x72\x4a\xa9\x7c"), - HashTestTuple("123456789", "\x26\x39\xf4\xcb") - }; - - CRC32 crc; - - cout << "\nCRC-32 validation suite running...\n\n"; - return HashModuleTest(crc, testSet, sizeof(testSet)/sizeof(testSet[0])); -} - -bool ValidateAdler32() -{ - HashTestTuple testSet[] = - { - HashTestTuple("", "\x00\x00\x00\x01"), - HashTestTuple("a", "\x00\x62\x00\x62"), - HashTestTuple("abc", "\x02\x4d\x01\x27"), - HashTestTuple("message digest", "\x29\x75\x05\x86"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\x90\x86\x0b\x20"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\x8a\xdb\x15\x0c"), - HashTestTuple("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "\x15\xd8\x70\xf9", 15625) - }; - - Adler32 md; - - cout << "\nAdler-32 validation suite running...\n\n"; - return HashModuleTest(md, testSet, sizeof(testSet)/sizeof(testSet[0])); -} - -bool ValidateMD2() -{ - HashTestTuple testSet[] = - { - HashTestTuple("", "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69\x27\x73"), - HashTestTuple("a", "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0\xb5\xd1"), - HashTestTuple("abc", "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde\xd6\xbb"), - HashTestTuple("message digest", "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe\x06\xb0"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47\x94\x0b"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03\x38\xcd"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3\xef\xd8") - }; - - Weak::MD2 md2; - - cout << "\nMD2 validation suite running...\n\n"; - return HashModuleTest(md2, testSet, sizeof(testSet)/sizeof(testSet[0])); -} - -bool ValidateMD4() -{ - HashTestTuple testSet[] = - { - HashTestTuple("", "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89\xc0"), - HashTestTuple("a", "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb\x24"), - HashTestTuple("abc", "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72\x9d"), - HashTestTuple("message digest", "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01\x4b"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d\xa9"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0\xe4"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05\x36") - }; - - Weak::MD4 md4; - - cout << "\nMD4 validation suite running...\n\n"; - return HashModuleTest(md4, testSet, sizeof(testSet)/sizeof(testSet[0])); -} - -bool ValidateMD5() -{ - HashTestTuple testSet[] = - { - HashTestTuple("", "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e"), - HashTestTuple("a", "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8\x31\xc3\x99\xe2\x69\x77\x26\x61"), - HashTestTuple("abc", "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"), - HashTestTuple("message digest", "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1\x3b"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6\x7a") - }; - - Weak::MD5 md5; - - cout << "\nMD5 validation suite running...\n\n"; - return HashModuleTest(md5, testSet, sizeof(testSet)/sizeof(testSet[0])); -} - -bool ValidateSHA() -{ - cout << "\nSHA validation suite running...\n\n"; - return RunTestDataFile("TestVectors/sha.txt"); -} - -bool ValidateSHA2() -{ - cout << "\nSHA validation suite running...\n\n"; - return RunTestDataFile("TestVectors/sha.txt"); -} - -bool ValidateTiger() -{ - cout << "\nTiger validation suite running...\n\n"; - - HashTestTuple testSet[] = - { - HashTestTuple("", "\x32\x93\xac\x63\x0c\x13\xf0\x24\x5f\x92\xbb\xb1\x76\x6e\x16\x16\x7a\x4e\x58\x49\x2d\xde\x73\xf3"), - HashTestTuple("abc", "\x2a\xab\x14\x84\xe8\xc1\x58\xf2\xbf\xb8\xc5\xff\x41\xb5\x7a\x52\x51\x29\x13\x1c\x95\x7b\x5f\x93"), - HashTestTuple("Tiger", "\xdd\x00\x23\x07\x99\xf5\x00\x9f\xec\x6d\xeb\xc8\x38\xbb\x6a\x27\xdf\x2b\x9d\x6f\x11\x0c\x79\x37"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-", "\xf7\x1c\x85\x83\x90\x2a\xfb\x87\x9e\xdf\xe6\x10\xf8\x2c\x0d\x47\x86\xa3\xa5\x34\x50\x44\x86\xb5"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789", "\x48\xce\xeb\x63\x08\xb8\x7d\x46\xe9\x5d\x65\x61\x12\xcd\xf1\x8d\x97\x91\x5f\x97\x65\x65\x89\x57"), - HashTestTuple("Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham", "\x8a\x86\x68\x29\x04\x0a\x41\x0c\x72\x9a\xd2\x3f\x5a\xda\x71\x16\x03\xb3\xcd\xd3\x57\xe4\xc1\x5e"), - HashTestTuple("Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge.", "\xce\x55\xa6\xaf\xd5\x91\xf5\xeb\xac\x54\x7f\xf8\x4f\x89\x22\x7f\x93\x31\xda\xb0\xb6\x11\xc8\x89"), - HashTestTuple("Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge, 1996.", "\x63\x1a\xbd\xd1\x03\xeb\x9a\x3d\x24\x5b\x6d\xfd\x4d\x77\xb2\x57\xfc\x74\x39\x50\x1d\x15\x68\xdd"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-", "\xc5\x40\x34\xe5\xb4\x3e\xb8\x00\x58\x48\xa7\xe0\xae\x6a\xac\x76\xe4\xff\x59\x0a\xe7\x15\xfd\x25") - }; - - Tiger tiger; - - return HashModuleTest(tiger, testSet, sizeof(testSet)/sizeof(testSet[0])); -} - -bool ValidateRIPEMD() -{ - HashTestTuple testSet128[] = - { - HashTestTuple("", "\xcd\xf2\x62\x13\xa1\x50\xdc\x3e\xcb\x61\x0f\x18\xf6\xb3\x8b\x46"), - HashTestTuple("a", "\x86\xbe\x7a\xfa\x33\x9d\x0f\xc7\xcf\xc7\x85\xe7\x2f\x57\x8d\x33"), - HashTestTuple("abc", "\xc1\x4a\x12\x19\x9c\x66\xe4\xba\x84\x63\x6b\x0f\x69\x14\x4c\x77"), - HashTestTuple("message digest", "\x9e\x32\x7b\x3d\x6e\x52\x30\x62\xaf\xc1\x13\x2d\x7d\xf9\xd1\xb8"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xfd\x2a\xa6\x07\xf7\x1d\xc8\xf5\x10\x71\x49\x22\xb3\x71\x83\x4e"), - HashTestTuple("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "\xa1\xaa\x06\x89\xd0\xfa\xfa\x2d\xdc\x22\xe8\x8b\x49\x13\x3a\x06"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xd1\xe9\x59\xeb\x17\x9c\x91\x1f\xae\xa4\x62\x4c\x60\xc5\xc7\x02"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\x3f\x45\xef\x19\x47\x32\xc2\xdb\xb2\xc4\xa2\xc7\x69\x79\x5f\xa3"), - HashTestTuple("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "\x4a\x7f\x57\x23\xf9\x54\xeb\xa1\x21\x6c\x9d\x8f\x63\x20\x43\x1f", 15625) - }; - - HashTestTuple testSet160[] = - { - HashTestTuple("", "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31"), - HashTestTuple("a", "\x0b\xdc\x9d\x2d\x25\x6b\x3e\xe9\xda\xae\x34\x7b\xe6\xf4\xdc\x83\x5a\x46\x7f\xfe"), - HashTestTuple("abc", "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6\xb0\x87\xf1\x5a\x0b\xfc"), - HashTestTuple("message digest", "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8\x5f\xfa\x21\x59\x5f\x36"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xf7\x1c\x27\x10\x9c\x69\x2c\x1b\x56\xbb\xdc\xeb\x5b\x9d\x28\x65\xb3\x70\x8d\xbc"), - HashTestTuple("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc\xf4\x9a\xda\x62\xeb\x2b"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xb0\xe2\x0b\x6e\x31\x16\x64\x02\x86\xed\x3a\x87\xa5\x71\x30\x79\xb2\x1f\x51\x89"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab\x82\xbf\x63\x32\x6b\xfb"), - HashTestTuple("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "\x52\x78\x32\x43\xc1\x69\x7b\xdb\xe1\x6d\x37\xf9\x7f\x68\xf0\x83\x25\xdc\x15\x28", 15625) - }; - - HashTestTuple testSet256[] = - { - HashTestTuple("", "\x02\xba\x4c\x4e\x5f\x8e\xcd\x18\x77\xfc\x52\xd6\x4d\x30\xe3\x7a\x2d\x97\x74\xfb\x1e\x5d\x02\x63\x80\xae\x01\x68\xe3\xc5\x52\x2d"), - HashTestTuple("a", "\xf9\x33\x3e\x45\xd8\x57\xf5\xd9\x0a\x91\xba\xb7\x0a\x1e\xba\x0c\xfb\x1b\xe4\xb0\x78\x3c\x9a\xcf\xcd\x88\x3a\x91\x34\x69\x29\x25"), - HashTestTuple("abc", "\xaf\xbd\x6e\x22\x8b\x9d\x8c\xbb\xce\xf5\xca\x2d\x03\xe6\xdb\xa1\x0a\xc0\xbc\x7d\xcb\xe4\x68\x0e\x1e\x42\xd2\xe9\x75\x45\x9b\x65"), - HashTestTuple("message digest", "\x87\xe9\x71\x75\x9a\x1c\xe4\x7a\x51\x4d\x5c\x91\x4c\x39\x2c\x90\x18\xc7\xc4\x6b\xc1\x44\x65\x55\x4a\xfc\xdf\x54\xa5\x07\x0c\x0e"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\x64\x9d\x30\x34\x75\x1e\xa2\x16\x77\x6b\xf9\xa1\x8a\xcc\x81\xbc\x78\x96\x11\x8a\x51\x97\x96\x87\x82\xdd\x1f\xd9\x7d\x8d\x51\x33"), - HashTestTuple("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "\x38\x43\x04\x55\x83\xaa\xc6\xc8\xc8\xd9\x12\x85\x73\xe7\xa9\x80\x9a\xfb\x2a\x0f\x34\xcc\xc3\x6e\xa9\xe7\x2f\x16\xf6\x36\x8e\x3f"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\x57\x40\xa4\x08\xac\x16\xb7\x20\xb8\x44\x24\xae\x93\x1c\xbb\x1f\xe3\x63\xd1\xd0\xbf\x40\x17\xf1\xa8\x9f\x7e\xa6\xde\x77\xa0\xb8"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\x06\xfd\xcc\x7a\x40\x95\x48\xaa\xf9\x13\x68\xc0\x6a\x62\x75\xb5\x53\xe3\xf0\x99\xbf\x0e\xa4\xed\xfd\x67\x78\xdf\x89\xa8\x90\xdd"), - HashTestTuple("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "\xac\x95\x37\x44\xe1\x0e\x31\x51\x4c\x15\x0d\x4d\x8d\x7b\x67\x73\x42\xe3\x33\x99\x78\x82\x96\xe4\x3a\xe4\x85\x0c\xe4\xf9\x79\x78", 15625) - }; - - HashTestTuple testSet320[] = - { - HashTestTuple("", "\x22\xd6\x5d\x56\x61\x53\x6c\xdc\x75\xc1\xfd\xf5\xc6\xde\x7b\x41\xb9\xf2\x73\x25\xeb\xc6\x1e\x85\x57\x17\x7d\x70\x5a\x0e\xc8\x80\x15\x1c\x3a\x32\xa0\x08\x99\xb8"), - HashTestTuple("a", "\xce\x78\x85\x06\x38\xf9\x26\x58\xa5\xa5\x85\x09\x75\x79\x92\x6d\xda\x66\x7a\x57\x16\x56\x2c\xfc\xf6\xfb\xe7\x7f\x63\x54\x2f\x99\xb0\x47\x05\xd6\x97\x0d\xff\x5d"), - HashTestTuple("abc", "\xde\x4c\x01\xb3\x05\x4f\x89\x30\xa7\x9d\x09\xae\x73\x8e\x92\x30\x1e\x5a\x17\x08\x5b\xef\xfd\xc1\xb8\xd1\x16\x71\x3e\x74\xf8\x2f\xa9\x42\xd6\x4c\xdb\xc4\x68\x2d"), - HashTestTuple("message digest", "\x3a\x8e\x28\x50\x2e\xd4\x5d\x42\x2f\x68\x84\x4f\x9d\xd3\x16\xe7\xb9\x85\x33\xfa\x3f\x2a\x91\xd2\x9f\x84\xd4\x25\xc8\x8d\x6b\x4e\xff\x72\x7d\xf6\x6a\x7c\x01\x97"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xca\xbd\xb1\x81\x0b\x92\x47\x0a\x20\x93\xaa\x6b\xce\x05\x95\x2c\x28\x34\x8c\xf4\x3f\xf6\x08\x41\x97\x51\x66\xbb\x40\xed\x23\x40\x04\xb8\x82\x44\x63\xe6\xb0\x09"), - HashTestTuple("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "\xd0\x34\xa7\x95\x0c\xf7\x22\x02\x1b\xa4\xb8\x4d\xf7\x69\xa5\xde\x20\x60\xe2\x59\xdf\x4c\x9b\xb4\xa4\x26\x8c\x0e\x93\x5b\xbc\x74\x70\xa9\x69\xc9\xd0\x72\xa1\xac"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xed\x54\x49\x40\xc8\x6d\x67\xf2\x50\xd2\x32\xc3\x0b\x7b\x3e\x57\x70\xe0\xc6\x0c\x8c\xb9\xa4\xca\xfe\x3b\x11\x38\x8a\xf9\x92\x0e\x1b\x99\x23\x0b\x84\x3c\x86\xa4"), - HashTestTuple("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "\x55\x78\x88\xaf\x5f\x6d\x8e\xd6\x2a\xb6\x69\x45\xc6\xd2\xa0\xa4\x7e\xcd\x53\x41\xe9\x15\xeb\x8f\xea\x1d\x05\x24\x95\x5f\x82\x5d\xc7\x17\xe4\xa0\x08\xab\x2d\x42"), - HashTestTuple("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "\xbd\xee\x37\xf4\x37\x1e\x20\x64\x6b\x8b\x0d\x86\x2d\xda\x16\x29\x2a\xe3\x6f\x40\x96\x5e\x8c\x85\x09\xe6\x3d\x1d\xbd\xde\xcc\x50\x3e\x2b\x63\xeb\x92\x45\xbb\x66", 15625) - }; - - bool pass = true; - - cout << "\nRIPEMD-128 validation suite running...\n\n"; - RIPEMD128 md128; - pass = HashModuleTest(md128, testSet128, sizeof(testSet128)/sizeof(testSet128[0])) && pass; - - cout << "\nRIPEMD-160 validation suite running...\n\n"; - RIPEMD160 md160; - pass = HashModuleTest(md160, testSet160, sizeof(testSet160)/sizeof(testSet160[0])) && pass; - - cout << "\nRIPEMD-256 validation suite running...\n\n"; - RIPEMD256 md256; - pass = HashModuleTest(md256, testSet256, sizeof(testSet256)/sizeof(testSet256[0])) && pass; - - cout << "\nRIPEMD-320 validation suite running...\n\n"; - RIPEMD320 md320; - pass = HashModuleTest(md320, testSet320, sizeof(testSet320)/sizeof(testSet320[0])) && pass; - - return pass; -} - -#ifdef CRYPTOPP_REMOVED -bool ValidateHAVAL() -{ - HashTestTuple testSet[] = - { - HashTestTuple("", "\xC6\x8F\x39\x91\x3F\x90\x1F\x3D\xDF\x44\xC7\x07\x35\x7A\x7D\x70"), - HashTestTuple("a", "\x4D\xA0\x8F\x51\x4A\x72\x75\xDB\xC4\xCE\xCE\x4A\x34\x73\x85\x98\x39\x83\xA8\x30"), - HashTestTuple("HAVAL", "\x0C\x13\x96\xD7\x77\x26\x89\xC4\x67\x73\xF3\xDA\xAC\xA4\xEF\xA9\x82\xAD\xBF\xB2\xF1\x46\x7E\xEA"), - HashTestTuple("0123456789", "\xBE\xBD\x78\x16\xF0\x9B\xAE\xEC\xF8\x90\x3B\x1B\x9B\xC6\x72\xD9\xFA\x42\x8E\x46\x2B\xA6\x99\xF8\x14\x84\x15\x29"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xC9\xC7\xD8\xAF\xA1\x59\xFD\x9E\x96\x5C\xB8\x3F\xF5\xEE\x6F\x58\xAE\xDA\x35\x2C\x0E\xFF\x00\x55\x48\x15\x3A\x61\x55\x1C\x38\xEE"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xB4\x5C\xB6\xE6\x2F\x2B\x13\x20\xE4\xF8\xF1\xB0\xB2\x73\xD4\x5A\xDD\x47\xC3\x21\xFD\x23\x99\x9D\xCF\x40\x3A\xC3\x76\x36\xD9\x63") - }; - - bool pass=true; - - cout << "\nHAVAL validation suite running...\n\n"; - { - HAVAL3 md(16); - pass = HashModuleTest(md, testSet+0, 1) && pass; - } - { - HAVAL3 md(20); - pass = HashModuleTest(md, testSet+1, 1) && pass; - } - { - HAVAL4 md(24); - pass = HashModuleTest(md, testSet+2, 1) && pass; - } - { - HAVAL4 md(28); - pass = HashModuleTest(md, testSet+3, 1) && pass; - } - { - HAVAL5 md(32); - pass = HashModuleTest(md, testSet+4, 1) && pass; - } - { - HAVAL5 md(32); - pass = HashModuleTest(md, testSet+5, 1) && pass; - } - - return pass; -} -#endif - -bool ValidatePanama() -{ - return RunTestDataFile("TestVectors/panama.txt"); -} - -bool ValidateWhirlpool() -{ - return RunTestDataFile("TestVectors/whrlpool.txt"); -} - -#ifdef CRYPTOPP_REMOVED -bool ValidateMD5MAC() -{ - const byte keys[2][MD5MAC::KEYLENGTH]={ - {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff}, - {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}}; - - const char *TestVals[7]={ - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; - - const byte output[2][7][MD5MAC::DIGESTSIZE]={ - {{0x1f,0x1e,0xf2,0x37,0x5c,0xc0,0xe0,0x84,0x4f,0x98,0xe7,0xe8,0x11,0xa3,0x4d,0xa8}, - {0x7a,0x76,0xee,0x64,0xca,0x71,0xef,0x23,0x7e,0x26,0x29,0xed,0x94,0x52,0x73,0x65}, - {0xe8,0x01,0x3c,0x11,0xf7,0x20,0x9d,0x13,0x28,0xc0,0xca,0xa0,0x4f,0xd0,0x12,0xa6}, - {0xc8,0x95,0x53,0x4f,0x22,0xa1,0x74,0xbc,0x3e,0x6a,0x25,0xa2,0xb2,0xef,0xd6,0x30}, - {0x91,0x72,0x86,0x7e,0xb6,0x00,0x17,0x88,0x4c,0x6f,0xa8,0xcc,0x88,0xeb,0xe7,0xc9}, - {0x3b,0xd0,0xe1,0x1d,0x5e,0x09,0x4c,0xb7,0x1e,0x35,0x44,0xac,0xa9,0xb8,0xbf,0xa2}, - {0x93,0x37,0x16,0x64,0x44,0xcc,0x95,0x35,0xb7,0xd5,0xb8,0x0f,0x91,0xe5,0x29,0xcb}}, - {{0x2f,0x6e,0x73,0x13,0xbf,0xbb,0xbf,0xcc,0x3a,0x2d,0xde,0x26,0x8b,0x59,0xcc,0x4d}, - {0x69,0xf6,0xca,0xff,0x40,0x25,0x36,0xd1,0x7a,0xe1,0x38,0x03,0x2c,0x0c,0x5f,0xfd}, - {0x56,0xd3,0x2b,0x6c,0x34,0x76,0x65,0xd9,0x74,0xd6,0xf7,0x5c,0x3f,0xc6,0xf0,0x40}, - {0xb8,0x02,0xb2,0x15,0x4e,0x59,0x8b,0x6f,0x87,0x60,0x56,0xc7,0x85,0x46,0x2c,0x0b}, - {0x5a,0xde,0xf4,0xbf,0xf8,0x04,0xbe,0x08,0x58,0x7e,0x94,0x41,0xcf,0x6d,0xbd,0x57}, - {0x18,0xe3,0x49,0xa5,0x24,0x44,0xb3,0x0e,0x5e,0xba,0x5a,0xdd,0xdc,0xd9,0xf1,0x8d}, - {0xf2,0xb9,0x06,0xa5,0xb8,0x4b,0x9b,0x4b,0xbe,0x95,0xed,0x32,0x56,0x4e,0xe7,0xeb}}}; - - byte digest[MD5MAC::DIGESTSIZE]; - bool pass=true, fail; - - cout << "\nMD5MAC validation suite running...\n"; - - for (int k=0; k<2; k++) - { - MD5MAC mac(keys[k]); - cout << "\nKEY: "; - for (int j=0;j<MD5MAC::KEYLENGTH;j++) - cout << setw(2) << setfill('0') << hex << (int)keys[k][j]; - cout << endl << endl; - for (int i=0;i<7;i++) - { - mac.Update((byte *)TestVals[i], strlen(TestVals[i])); - mac.Final(digest); - fail = memcmp(digest, output[k][i], MD5MAC::DIGESTSIZE) - || !mac.VerifyDigest(output[k][i], (byte *)TestVals[i], strlen(TestVals[i])); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed "); - for (int j=0;j<MD5MAC::DIGESTSIZE;j++) - cout << setw(2) << setfill('0') << hex << (int)digest[j]; - cout << " \"" << TestVals[i] << '\"' << endl; - } - } - - return pass; -} -#endif - -bool ValidateHMAC() -{ - return RunTestDataFile("TestVectors/hmac.txt"); -} - -#ifdef CRYPTOPP_REMOVED -bool ValidateXMACC() -{ - typedef XMACC<MD5> XMACC_MD5; - - const byte keys[2][XMACC_MD5::KEYLENGTH]={ - {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb}, - {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98}}; - - const word32 counters[2]={0xccddeeff, 0x76543210}; - - const char *TestVals[7]={ - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; - - const byte output[2][7][XMACC_MD5::DIGESTSIZE]={ - {{0xcc,0xdd,0xef,0x00,0xfa,0x89,0x54,0x92,0x86,0x32,0xda,0x2a,0x3f,0x29,0xc5,0x52,0xa0,0x0d,0x05,0x13}, - {0xcc,0xdd,0xef,0x01,0xae,0xdb,0x8b,0x7b,0x69,0x71,0xc7,0x91,0x71,0x48,0x9d,0x18,0xe7,0xdf,0x9d,0x5a}, - {0xcc,0xdd,0xef,0x02,0x5e,0x01,0x2e,0x2e,0x4b,0xc3,0x83,0x62,0xc2,0xf4,0xe6,0x18,0x1c,0x44,0xaf,0xca}, - {0xcc,0xdd,0xef,0x03,0x3e,0xa9,0xf1,0xe0,0x97,0x91,0xf8,0xe2,0xbe,0xe0,0xdf,0xf3,0x41,0x03,0xb3,0x5a}, - {0xcc,0xdd,0xef,0x04,0x2e,0x6a,0x8d,0xb9,0x72,0xe3,0xce,0x9f,0xf4,0x28,0x45,0xe7,0xbc,0x80,0xa9,0xc7}, - {0xcc,0xdd,0xef,0x05,0x1a,0xd5,0x40,0x78,0xfb,0x16,0x37,0xfc,0x7a,0x1d,0xce,0xb4,0x77,0x10,0xb2,0xa0}, - {0xcc,0xdd,0xef,0x06,0x13,0x2f,0x11,0x47,0xd7,0x1b,0xb5,0x52,0x36,0x51,0x26,0xb0,0x96,0xd7,0x60,0x81}}, - {{0x76,0x54,0x32,0x11,0xe9,0xcb,0x74,0x32,0x07,0x93,0xfe,0x01,0xdd,0x27,0xdb,0xde,0x6b,0x77,0xa4,0x56}, - {0x76,0x54,0x32,0x12,0xcd,0x55,0x87,0x5c,0xc0,0x35,0x85,0x99,0x44,0x02,0xa5,0x0b,0x8c,0xe7,0x2c,0x68}, - {0x76,0x54,0x32,0x13,0xac,0xfd,0x87,0x50,0xc3,0x8f,0xcd,0x58,0xaa,0xa5,0x7e,0x7a,0x25,0x63,0x26,0xd1}, - {0x76,0x54,0x32,0x14,0xe3,0x30,0xf5,0xdd,0x27,0x2b,0x76,0x22,0x7f,0xaa,0x90,0x73,0x6a,0x48,0xdb,0x00}, - {0x76,0x54,0x32,0x15,0xfc,0x57,0x00,0x20,0x7c,0x9d,0xf6,0x30,0x6f,0xbd,0x46,0x3e,0xfb,0x8a,0x2c,0x60}, - {0x76,0x54,0x32,0x16,0xfb,0x0f,0xd3,0xdf,0x4c,0x4b,0xc3,0x05,0x9d,0x63,0x1e,0xba,0x25,0x2b,0xbe,0x35}, - {0x76,0x54,0x32,0x17,0xc6,0xfe,0xe6,0x5f,0xb1,0x35,0x8a,0xf5,0x32,0x7a,0x80,0xbd,0xb8,0x72,0xee,0xae}}}; - - byte digest[XMACC_MD5::DIGESTSIZE]; - bool pass=true, fail; - - cout << "\nXMACC/MD5 validation suite running...\n"; - - for (int k=0; k<2; k++) - { - XMACC_MD5 mac(keys[k], counters[k]); - cout << "\nKEY: "; - for (int j=0;j<XMACC_MD5::KEYLENGTH;j++) - cout << setw(2) << setfill('0') << hex << (int)keys[k][j]; - cout << " COUNTER: 0x" << hex << counters[k] << endl << endl; - for (int i=0;i<7;i++) - { - mac.Update((byte *)TestVals[i], strlen(TestVals[i])); - mac.Final(digest); - fail = memcmp(digest, output[k][i], XMACC_MD5::DIGESTSIZE) - || !mac.VerifyDigest(output[k][i], (byte *)TestVals[i], strlen(TestVals[i])); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed "); - for (int j=0;j<XMACC_MD5::DIGESTSIZE;j++) - cout << setw(2) << setfill('0') << hex << (int)digest[j]; - cout << " \"" << TestVals[i] << '\"' << endl; - } - } - - return pass; -} -#endif - -bool ValidateTTMAC() -{ - const byte key[TTMAC::KEYLENGTH]={ - 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99, - 0xaa,0xbb,0xcc,0xdd,0xee,0xff,0x01,0x23,0x45,0x67}; - - const char *TestVals[8]={ - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; - - const byte output[8][TTMAC::DIGESTSIZE]={ - {0x2d,0xec,0x8e,0xd4,0xa0,0xfd,0x71,0x2e,0xd9,0xfb,0xf2,0xab,0x46,0x6e,0xc2,0xdf,0x21,0x21,0x5e,0x4a}, - {0x58,0x93,0xe3,0xe6,0xe3,0x06,0x70,0x4d,0xd7,0x7a,0xd6,0xe6,0xed,0x43,0x2c,0xde,0x32,0x1a,0x77,0x56}, - {0x70,0xbf,0xd1,0x02,0x97,0x97,0xa5,0xc1,0x6d,0xa5,0xb5,0x57,0xa1,0xf0,0xb2,0x77,0x9b,0x78,0x49,0x7e}, - {0x82,0x89,0xf4,0xf1,0x9f,0xfe,0x4f,0x2a,0xf7,0x37,0xde,0x4b,0xd7,0x1c,0x82,0x9d,0x93,0xa9,0x72,0xfa}, - {0x21,0x86,0xca,0x09,0xc5,0x53,0x31,0x98,0xb7,0x37,0x1f,0x24,0x52,0x73,0x50,0x4c,0xa9,0x2b,0xae,0x60}, - {0x8a,0x7b,0xf7,0x7a,0xef,0x62,0xa2,0x57,0x84,0x97,0xa2,0x7c,0x0d,0x65,0x18,0xa4,0x29,0xe7,0xc1,0x4d}, - {0x54,0xba,0xc3,0x92,0xa8,0x86,0x80,0x6d,0x16,0x95,0x56,0xfc,0xbb,0x67,0x89,0xb5,0x4f,0xb3,0x64,0xfb}, - {0x0c,0xed,0x2c,0x9f,0x8f,0x0d,0x9d,0x03,0x98,0x1a,0xb5,0xc8,0x18,0x4b,0xac,0x43,0xdd,0x54,0xc4,0x84}}; - - byte digest[TTMAC::DIGESTSIZE]; - bool pass=true, fail; - - cout << "\nTwo-Track-MAC validation suite running...\n"; - - TTMAC mac(key, sizeof(key)); - for (int k=0; k<sizeof(TestVals)/sizeof(TestVals[0]); k++) - { - mac.Update((byte *)TestVals[k], strlen(TestVals[k])); - mac.Final(digest); - fail = memcmp(digest, output[k], TTMAC::DIGESTSIZE) - || !mac.VerifyDigest(output[k], (byte *)TestVals[k], strlen(TestVals[k])); - pass = pass && !fail; - cout << (fail ? "FAILED " : "passed "); - for (int j=0;j<TTMAC::DIGESTSIZE;j++) - cout << setw(2) << setfill('0') << hex << (int)digest[j]; - cout << " \"" << TestVals[k] << '\"' << endl; - } - - return true; -} - -struct PBKDF_TestTuple -{ - byte purpose; - unsigned int iterations; - const char *hexPassword, *hexSalt, *hexDerivedKey; -}; - -bool TestPBKDF(PasswordBasedKeyDerivationFunction &pbkdf, const PBKDF_TestTuple *testSet, unsigned int testSetSize) -{ - bool pass = true; - - for (unsigned int i=0; i<testSetSize; i++) - { - const PBKDF_TestTuple &tuple = testSet[i]; - - string password, salt, derivedKey; - StringSource(tuple.hexPassword, true, new HexDecoder(new StringSink(password))); - StringSource(tuple.hexSalt, true, new HexDecoder(new StringSink(salt))); - StringSource(tuple.hexDerivedKey, true, new HexDecoder(new StringSink(derivedKey))); - - SecByteBlock derived(derivedKey.size()); - pbkdf.DeriveKey(derived, derived.size(), tuple.purpose, (byte *)password.data(), password.size(), (byte *)salt.data(), salt.size(), tuple.iterations); - bool fail = memcmp(derived, derivedKey.data(), derived.size()) != 0; - pass = pass && !fail; - - HexEncoder enc(new FileSink(cout)); - cout << (fail ? "FAILED " : "passed "); - enc.Put(tuple.purpose); - cout << " " << tuple.iterations; - cout << " " << tuple.hexPassword << " " << tuple.hexSalt << " "; - enc.Put(derived, derived.size()); - cout << endl; - } - - return pass; -} - -bool ValidatePBKDF() -{ - bool pass = true; - - { - // from OpenSSL PKCS#12 Program FAQ v1.77, at http://www.drh-consultancy.demon.co.uk/test.txt - PBKDF_TestTuple testSet[] = - { - {1, 1, "0073006D006500670000", "0A58CF64530D823F", "8AAAE6297B6CB04642AB5B077851284EB7128F1A2A7FBCA3"}, - {2, 1, "0073006D006500670000", "0A58CF64530D823F", "79993DFE048D3B76"}, - {1, 1, "0073006D006500670000", "642B99AB44FB4B1F", "F3A95FEC48D7711E985CFE67908C5AB79FA3D7C5CAA5D966"}, - {2, 1, "0073006D006500670000", "642B99AB44FB4B1F", "C0A38D64A79BEA1D"}, - {3, 1, "0073006D006500670000", "3D83C0E4546AC140", "8D967D88F6CAA9D714800AB3D48051D63F73A312"}, - {1, 1000, "007100750065006500670000", "05DEC959ACFF72F7", "ED2034E36328830FF09DF1E1A07DD357185DAC0D4F9EB3D4"}, - {2, 1000, "007100750065006500670000", "05DEC959ACFF72F7", "11DEDAD7758D4860"}, - {1, 1000, "007100750065006500670000", "1682C0FC5B3F7EC5", "483DD6E919D7DE2E8E648BA8F862F3FBFBDC2BCB2C02957F"}, - {2, 1000, "007100750065006500670000", "1682C0FC5B3F7EC5", "9D461D1B00355C50"}, - {3, 1000, "007100750065006500670000", "263216FCC2FAB31C", "5EC4C7A80DF652294C3925B6489A7AB857C83476"} - }; - - PKCS12_PBKDF<SHA1> pbkdf; - - cout << "\nPKCS #12 PBKDF validation suite running...\n\n"; - pass = TestPBKDF(pbkdf, testSet, sizeof(testSet)/sizeof(testSet[0])) && pass; - } - - { - // from draft-ietf-smime-password-03.txt, at http://www.imc.org/draft-ietf-smime-password - PBKDF_TestTuple testSet[] = - { - {0, 5, "70617373776f7264", "1234567878563412", "D1DAA78615F287E6"}, - {0, 500, "416C6C206E2D656E746974696573206D75737420636F6D6D756E69636174652077697468206F74686572206E2d656E74697469657320766961206E2D3120656E746974656568656568656573", "1234567878563412","6A8970BF68C92CAEA84A8DF28510858607126380CC47AB2D"} - }; - - PKCS5_PBKDF2_HMAC<SHA1> pbkdf; - - cout << "\nPKCS #5 PBKDF2 validation suite running...\n\n"; - pass = TestPBKDF(pbkdf, testSet, sizeof(testSet)/sizeof(testSet[0])) && pass; - } - - return pass; -} diff --git a/cryptopp562/validate.h b/cryptopp562/validate.h deleted file mode 100644 index 0ab23cb..0000000 --- a/cryptopp562/validate.h +++ /dev/null @@ -1,81 +0,0 @@ -#ifndef CRYPTOPP_VALIDATE_H -#define CRYPTOPP_VALIDATE_H - -#include "cryptlib.h" - -bool ValidateAll(bool thorough); -bool TestSettings(); -bool TestOS_RNG(); -bool ValidateBaseCode(); - -bool ValidateCRC32(); -bool ValidateAdler32(); -bool ValidateMD2(); -bool ValidateMD4(); -bool ValidateMD5(); -bool ValidateSHA(); -bool ValidateSHA2(); -bool ValidateTiger(); -bool ValidateRIPEMD(); -bool ValidatePanama(); -bool ValidateWhirlpool(); - -bool ValidateHMAC(); -bool ValidateTTMAC(); - -bool ValidateCipherModes(); -bool ValidatePBKDF(); - -bool ValidateDES(); -bool ValidateIDEA(); -bool ValidateSAFER(); -bool ValidateRC2(); -bool ValidateARC4(); - -bool ValidateRC5(); -bool ValidateBlowfish(); -bool ValidateThreeWay(); -bool ValidateGOST(); -bool ValidateSHARK(); -bool ValidateSEAL(); -bool ValidateCAST(); -bool ValidateSquare(); -bool ValidateSKIPJACK(); -bool ValidateRC6(); -bool ValidateMARS(); -bool ValidateRijndael(); -bool ValidateTwofish(); -bool ValidateSerpent(); -bool ValidateSHACAL2(); -bool ValidateCamellia(); -bool ValidateSalsa(); -bool ValidateSosemanuk(); -bool ValidateVMAC(); -bool ValidateCCM(); -bool ValidateGCM(); -bool ValidateCMAC(); - -bool ValidateBBS(); -bool ValidateDH(); -bool ValidateMQV(); -bool ValidateRSA(); -bool ValidateElGamal(); -bool ValidateDLIES(); -bool ValidateNR(); -bool ValidateDSA(bool thorough); -bool ValidateLUC(); -bool ValidateLUC_DL(); -bool ValidateLUC_DH(); -bool ValidateXTR_DH(); -bool ValidateRabin(); -bool ValidateRW(); -//bool ValidateBlumGoldwasser(); -bool ValidateECP(); -bool ValidateEC2N(); -bool ValidateECDSA(); -bool ValidateESIGN(); - -CryptoPP::RandomNumberGenerator & GlobalRNG(); -bool RunTestDataFile(const char *filename, const CryptoPP::NameValuePairs &overrideParameters=CryptoPP::g_nullNameValuePairs, bool thorough=true); - -#endif diff --git a/cryptopp562/vmac.cpp b/cryptopp562/vmac.cpp deleted file mode 100644 index 6b490f9..0000000 --- a/cryptopp562/vmac.cpp +++ /dev/null @@ -1,832 +0,0 @@ -// vmac.cpp - written and placed in the public domain by Wei Dai -// based on Ted Krovetz's public domain vmac.c and draft-krovetz-vmac-01.txt - -#include "pch.h" -#include "vmac.h" -#include "argnames.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -#if defined(_MSC_VER) && !CRYPTOPP_BOOL_SLOW_WORD64 -#include <intrin.h> -#endif - -#define VMAC_BOOL_WORD128 (defined(CRYPTOPP_WORD128_AVAILABLE) && !defined(CRYPTOPP_X64_ASM_AVAILABLE)) -#ifdef __BORLANDC__ -#define const // Turbo C++ 2006 workaround -#endif -static const word64 p64 = W64LIT(0xfffffffffffffeff); /* 2^64 - 257 prime */ -static const word64 m62 = W64LIT(0x3fffffffffffffff); /* 62-bit mask */ -static const word64 m63 = W64LIT(0x7fffffffffffffff); /* 63-bit mask */ -static const word64 m64 = W64LIT(0xffffffffffffffff); /* 64-bit mask */ -static const word64 mpoly = W64LIT(0x1fffffff1fffffff); /* Poly key mask */ -#ifdef __BORLANDC__ -#undef const -#endif -#if VMAC_BOOL_WORD128 -#ifdef __powerpc__ -// workaround GCC Bug 31690: ICE with const __uint128_t and C++ front-end -#define m126 ((word128(m62)<<64)|m64) -#else -static const word128 m126 = (word128(m62)<<64)|m64; /* 126-bit mask */ -#endif -#endif - -void VMAC_Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms) -{ - int digestLength = params.GetIntValueWithDefault(Name::DigestSize(), DefaultDigestSize()); - if (digestLength != 8 && digestLength != 16) - throw InvalidArgument("VMAC: DigestSize must be 8 or 16"); - m_is128 = digestLength == 16; - - m_L1KeyLength = params.GetIntValueWithDefault(Name::L1KeyLength(), 128); - if (m_L1KeyLength <= 0 || m_L1KeyLength % 128 != 0) - throw InvalidArgument("VMAC: L1KeyLength must be a positive multiple of 128"); - - AllocateBlocks(); - - BlockCipher &cipher = AccessCipher(); - cipher.SetKey(userKey, keylength, params); - unsigned int blockSize = cipher.BlockSize(); - unsigned int blockSizeInWords = blockSize / sizeof(word64); - SecBlock<word64> out(blockSizeInWords); - SecByteBlock in; - in.CleanNew(blockSize); - size_t i; - - /* Fill nh key */ - in[0] = 0x80; - cipher.AdvancedProcessBlocks(in, NULL, (byte *)m_nhKey(), m_nhKeySize()*sizeof(word64), cipher.BT_InBlockIsCounter); - ConditionalByteReverse<word64>(BIG_ENDIAN_ORDER, m_nhKey(), m_nhKey(), m_nhKeySize()*sizeof(word64)); - - /* Fill poly key */ - in[0] = 0xC0; - in[15] = 0; - for (i = 0; i <= (size_t)m_is128; i++) - { - cipher.ProcessBlock(in, out.BytePtr()); - m_polyState()[i*4+2] = GetWord<word64>(true, BIG_ENDIAN_ORDER, out.BytePtr()) & mpoly; - m_polyState()[i*4+3] = GetWord<word64>(true, BIG_ENDIAN_ORDER, out.BytePtr()+8) & mpoly; - in[15]++; - } - - /* Fill ip key */ - in[0] = 0xE0; - in[15] = 0; - word64 *l3Key = m_l3Key(); - for (i = 0; i <= (size_t)m_is128; i++) - do - { - cipher.ProcessBlock(in, out.BytePtr()); - l3Key[i*2+0] = GetWord<word64>(true, BIG_ENDIAN_ORDER, out.BytePtr()); - l3Key[i*2+1] = GetWord<word64>(true, BIG_ENDIAN_ORDER, out.BytePtr()+8); - in[15]++; - } while ((l3Key[i*2+0] >= p64) || (l3Key[i*2+1] >= p64)); - - m_padCached = false; - size_t nonceLength; - const byte *nonce = GetIVAndThrowIfInvalid(params, nonceLength); - Resynchronize(nonce, (int)nonceLength); -} - -void VMAC_Base::GetNextIV(RandomNumberGenerator &rng, byte *IV) -{ - SimpleKeyingInterface::GetNextIV(rng, IV); - IV[0] &= 0x7f; -} - -void VMAC_Base::Resynchronize(const byte *nonce, int len) -{ - size_t length = ThrowIfInvalidIVLength(len); - size_t s = IVSize(); - byte *storedNonce = m_nonce(); - - if (m_is128) - { - memset(storedNonce, 0, s-length); - memcpy(storedNonce+s-length, nonce, length); - AccessCipher().ProcessBlock(storedNonce, m_pad()); - } - else - { - if (m_padCached && (storedNonce[s-1] | 1) == (nonce[length-1] | 1)) - { - m_padCached = VerifyBufsEqual(storedNonce+s-length, nonce, length-1); - for (size_t i=0; m_padCached && i<s-length; i++) - m_padCached = (storedNonce[i] == 0); - } - if (!m_padCached) - { - memset(storedNonce, 0, s-length); - memcpy(storedNonce+s-length, nonce, length-1); - storedNonce[s-1] = nonce[length-1] & 0xfe; - AccessCipher().ProcessBlock(storedNonce, m_pad()); - m_padCached = true; - } - storedNonce[s-1] = nonce[length-1]; - } - m_isFirstBlock = true; - Restart(); -} - -void VMAC_Base::HashEndianCorrectedBlock(const word64 *data) -{ - assert(false); - throw 0; -} - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 -#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code -void -#ifdef __GNUC__ -__attribute__ ((noinline)) // Intel Compiler 9.1 workaround -#endif -VMAC_Base::VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, int tagPart) -{ - const word64 *nhK = m_nhKey(); - word64 *polyS = m_polyState(); - word32 L1KeyLength = m_L1KeyLength; - -#ifdef __GNUC__ - word32 temp; - __asm__ __volatile__ - ( - AS2( mov %%ebx, %0) - AS2( mov %1, %%ebx) - ".intel_syntax noprefix;" -#else - #if _MSC_VER < 1300 || defined(__INTEL_COMPILER) - char isFirstBlock = m_isFirstBlock; - AS2( mov ebx, [L1KeyLength]) - AS2( mov dl, [isFirstBlock]) - #else - AS2( mov ecx, this) - AS2( mov ebx, [ecx+m_L1KeyLength]) - AS2( mov dl, [ecx+m_isFirstBlock]) - #endif - AS2( mov eax, tagPart) - AS2( shl eax, 4) - AS2( mov edi, nhK) - AS2( add edi, eax) - AS2( add eax, eax) - AS2( add eax, polyS) - - AS2( mov esi, data) - AS2( mov ecx, blocksRemainingInWord64) -#endif - - AS2( shr ebx, 3) - AS1( push ebp) - AS2( sub esp, 12) - ASL(4) - AS2( mov ebp, ebx) - AS2( cmp ecx, ebx) - AS2( cmovl ebp, ecx) - AS2( sub ecx, ebp) - AS2( lea ebp, [edi+8*ebp]) // end of nhK - AS2( movq mm6, [esi]) - AS2( paddq mm6, [edi]) - AS2( movq mm5, [esi+8]) - AS2( paddq mm5, [edi+8]) - AS2( add esi, 16) - AS2( add edi, 16) - AS2( movq mm4, mm6) - ASS( pshufw mm2, mm6, 1, 0, 3, 2) - AS2( pmuludq mm6, mm5) - ASS( pshufw mm3, mm5, 1, 0, 3, 2) - AS2( pmuludq mm5, mm2) - AS2( pmuludq mm2, mm3) - AS2( pmuludq mm3, mm4) - AS2( pxor mm7, mm7) - AS2( movd [esp], mm6) - AS2( psrlq mm6, 32) - AS2( movd [esp+4], mm5) - AS2( psrlq mm5, 32) - AS2( cmp edi, ebp) - ASJ( je, 1, f) - ASL(0) - AS2( movq mm0, [esi]) - AS2( paddq mm0, [edi]) - AS2( movq mm1, [esi+8]) - AS2( paddq mm1, [edi+8]) - AS2( add esi, 16) - AS2( add edi, 16) - AS2( movq mm4, mm0) - AS2( paddq mm5, mm2) - ASS( pshufw mm2, mm0, 1, 0, 3, 2) - AS2( pmuludq mm0, mm1) - AS2( movd [esp+8], mm3) - AS2( psrlq mm3, 32) - AS2( paddq mm5, mm3) - ASS( pshufw mm3, mm1, 1, 0, 3, 2) - AS2( pmuludq mm1, mm2) - AS2( pmuludq mm2, mm3) - AS2( pmuludq mm3, mm4) - AS2( movd mm4, [esp]) - AS2( paddq mm7, mm4) - AS2( movd mm4, [esp+4]) - AS2( paddq mm6, mm4) - AS2( movd mm4, [esp+8]) - AS2( paddq mm6, mm4) - AS2( movd [esp], mm0) - AS2( psrlq mm0, 32) - AS2( paddq mm6, mm0) - AS2( movd [esp+4], mm1) - AS2( psrlq mm1, 32) - AS2( paddq mm5, mm1) - AS2( cmp edi, ebp) - ASJ( jne, 0, b) - ASL(1) - AS2( paddq mm5, mm2) - AS2( movd [esp+8], mm3) - AS2( psrlq mm3, 32) - AS2( paddq mm5, mm3) - AS2( movd mm4, [esp]) - AS2( paddq mm7, mm4) - AS2( movd mm4, [esp+4]) - AS2( paddq mm6, mm4) - AS2( movd mm4, [esp+8]) - AS2( paddq mm6, mm4) - AS2( lea ebp, [8*ebx]) - AS2( sub edi, ebp) // reset edi to start of nhK - - AS2( movd [esp], mm7) - AS2( psrlq mm7, 32) - AS2( paddq mm6, mm7) - AS2( movd [esp+4], mm6) - AS2( psrlq mm6, 32) - AS2( paddq mm5, mm6) - AS2( psllq mm5, 2) - AS2( psrlq mm5, 2) - -#define a0 [eax+2*4] -#define a1 [eax+3*4] -#define a2 [eax+0*4] -#define a3 [eax+1*4] -#define k0 [eax+2*8+2*4] -#define k1 [eax+2*8+3*4] -#define k2 [eax+2*8+0*4] -#define k3 [eax+2*8+1*4] - AS2( test dl, dl) - ASJ( jz, 2, f) - AS2( movd mm1, k0) - AS2( movd mm0, [esp]) - AS2( paddq mm0, mm1) - AS2( movd a0, mm0) - AS2( psrlq mm0, 32) - AS2( movd mm1, k1) - AS2( movd mm2, [esp+4]) - AS2( paddq mm1, mm2) - AS2( paddq mm0, mm1) - AS2( movd a1, mm0) - AS2( psrlq mm0, 32) - AS2( paddq mm5, k2) - AS2( paddq mm0, mm5) - AS2( movq a2, mm0) - AS2( xor edx, edx) - ASJ( jmp, 3, f) - ASL(2) - AS2( movd mm0, a3) - AS2( movq mm4, mm0) - AS2( pmuludq mm0, k3) // a3*k3 - AS2( movd mm1, a0) - AS2( pmuludq mm1, k2) // a0*k2 - AS2( movd mm2, a1) - AS2( movd mm6, k1) - AS2( pmuludq mm2, mm6) // a1*k1 - AS2( movd mm3, a2) - AS2( psllq mm0, 1) - AS2( paddq mm0, mm5) - AS2( movq mm5, mm3) - AS2( movd mm7, k0) - AS2( pmuludq mm3, mm7) // a2*k0 - AS2( pmuludq mm4, mm7) // a3*k0 - AS2( pmuludq mm5, mm6) // a2*k1 - AS2( paddq mm0, mm1) - AS2( movd mm1, a1) - AS2( paddq mm4, mm5) - AS2( movq mm5, mm1) - AS2( pmuludq mm1, k2) // a1*k2 - AS2( paddq mm0, mm2) - AS2( movd mm2, a0) - AS2( paddq mm0, mm3) - AS2( movq mm3, mm2) - AS2( pmuludq mm2, k3) // a0*k3 - AS2( pmuludq mm3, mm7) // a0*k0 - AS2( movd [esp+8], mm0) - AS2( psrlq mm0, 32) - AS2( pmuludq mm7, mm5) // a1*k0 - AS2( pmuludq mm5, k3) // a1*k3 - AS2( paddq mm0, mm1) - AS2( movd mm1, a2) - AS2( pmuludq mm1, k2) // a2*k2 - AS2( paddq mm0, mm2) - AS2( paddq mm0, mm4) - AS2( movq mm4, mm0) - AS2( movd mm2, a3) - AS2( pmuludq mm2, mm6) // a3*k1 - AS2( pmuludq mm6, a0) // a0*k1 - AS2( psrlq mm0, 31) - AS2( paddq mm0, mm3) - AS2( movd mm3, [esp]) - AS2( paddq mm0, mm3) - AS2( movd mm3, a2) - AS2( pmuludq mm3, k3) // a2*k3 - AS2( paddq mm5, mm1) - AS2( movd mm1, a3) - AS2( pmuludq mm1, k2) // a3*k2 - AS2( paddq mm5, mm2) - AS2( movd mm2, [esp+4]) - AS2( psllq mm5, 1) - AS2( paddq mm0, mm5) - AS2( psllq mm4, 33) - AS2( movd a0, mm0) - AS2( psrlq mm0, 32) - AS2( paddq mm6, mm7) - AS2( movd mm7, [esp+8]) - AS2( paddq mm0, mm6) - AS2( paddq mm0, mm2) - AS2( paddq mm3, mm1) - AS2( psllq mm3, 1) - AS2( paddq mm0, mm3) - AS2( psrlq mm4, 1) - AS2( movd a1, mm0) - AS2( psrlq mm0, 32) - AS2( por mm4, mm7) - AS2( paddq mm0, mm4) - AS2( movq a2, mm0) -#undef a0 -#undef a1 -#undef a2 -#undef a3 -#undef k0 -#undef k1 -#undef k2 -#undef k3 - - ASL(3) - AS2( test ecx, ecx) - ASJ( jnz, 4, b) - - AS2( add esp, 12) - AS1( pop ebp) - AS1( emms) -#ifdef __GNUC__ - ".att_syntax prefix;" - AS2( mov %0, %%ebx) - : "=m" (temp) - : "m" (L1KeyLength), "c" (blocksRemainingInWord64), "S" (data), "D" (nhK+tagPart*2), "d" (m_isFirstBlock), "a" (polyS+tagPart*4) - : "memory", "cc" - ); -#endif -} -#endif - -#if VMAC_BOOL_WORD128 - #define DeclareNH(a) word128 a=0 - #define MUL64(rh,rl,i1,i2) {word128 p = word128(i1)*(i2); rh = word64(p>>64); rl = word64(p);} - #define AccumulateNH(a, b, c) a += word128(b)*(c) - #define Multiply128(r, i1, i2) r = word128(word64(i1)) * word64(i2) -#else - #if _MSC_VER >= 1400 && !defined(__INTEL_COMPILER) - #define MUL32(a, b) __emulu(word32(a), word32(b)) - #else - #define MUL32(a, b) ((word64)((word32)(a)) * (word32)(b)) - #endif - #if defined(CRYPTOPP_X64_ASM_AVAILABLE) - #define DeclareNH(a) word64 a##0=0, a##1=0 - #define MUL64(rh,rl,i1,i2) asm ("mulq %3" : "=a"(rl), "=d"(rh) : "a"(i1), "g"(i2) : "cc"); - #define AccumulateNH(a, b, c) asm ("mulq %3; addq %%rax, %0; adcq %%rdx, %1" : "+r"(a##0), "+r"(a##1) : "a"(b), "g"(c) : "%rdx", "cc"); - #define ADD128(rh,rl,ih,il) asm ("addq %3, %1; adcq %2, %0" : "+r"(rh),"+r"(rl) : "r"(ih),"r"(il) : "cc"); - #elif defined(_MSC_VER) && !CRYPTOPP_BOOL_SLOW_WORD64 - #define DeclareNH(a) word64 a##0=0, a##1=0 - #define MUL64(rh,rl,i1,i2) (rl) = _umul128(i1,i2,&(rh)); - #define AccumulateNH(a, b, c) {\ - word64 ph, pl;\ - pl = _umul128(b,c,&ph);\ - a##0 += pl;\ - a##1 += ph + (a##0 < pl);} - #else - #define VMAC_BOOL_32BIT 1 - #define DeclareNH(a) word64 a##0=0, a##1=0, a##2=0 - #define MUL64(rh,rl,i1,i2) \ - { word64 _i1 = (i1), _i2 = (i2); \ - word64 m1= MUL32(_i1,_i2>>32); \ - word64 m2= MUL32(_i1>>32,_i2); \ - rh = MUL32(_i1>>32,_i2>>32); \ - rl = MUL32(_i1,_i2); \ - ADD128(rh,rl,(m1 >> 32),(m1 << 32)); \ - ADD128(rh,rl,(m2 >> 32),(m2 << 32)); \ - } - #define AccumulateNH(a, b, c) {\ - word64 p = MUL32(b, c);\ - a##1 += word32((p)>>32);\ - a##0 += word32(p);\ - p = MUL32((b)>>32, c);\ - a##2 += word32((p)>>32);\ - a##1 += word32(p);\ - p = MUL32((b)>>32, (c)>>32);\ - a##2 += p;\ - p = MUL32(b, (c)>>32);\ - a##1 += word32(p);\ - a##2 += word32(p>>32);} - #endif -#endif -#ifndef VMAC_BOOL_32BIT - #define VMAC_BOOL_32BIT 0 -#endif -#ifndef ADD128 - #define ADD128(rh,rl,ih,il) \ - { word64 _il = (il); \ - (rl) += (_il); \ - (rh) += (ih) + ((rl) < (_il)); \ - } -#endif - -#if !(defined(_MSC_VER) && _MSC_VER < 1300) -template <bool T_128BitTag> -#endif -void VMAC_Base::VHASH_Update_Template(const word64 *data, size_t blocksRemainingInWord64) -{ - #define INNER_LOOP_ITERATION(j) {\ - word64 d0 = ConditionalByteReverse(LITTLE_ENDIAN_ORDER, data[i+2*j+0]);\ - word64 d1 = ConditionalByteReverse(LITTLE_ENDIAN_ORDER, data[i+2*j+1]);\ - AccumulateNH(nhA, d0+nhK[i+2*j+0], d1+nhK[i+2*j+1]);\ - if (T_128BitTag)\ - AccumulateNH(nhB, d0+nhK[i+2*j+2], d1+nhK[i+2*j+3]);\ - } - -#if (defined(_MSC_VER) && _MSC_VER < 1300) - bool T_128BitTag = m_is128; -#endif - size_t L1KeyLengthInWord64 = m_L1KeyLength / 8; - size_t innerLoopEnd = L1KeyLengthInWord64; - const word64 *nhK = m_nhKey(); - word64 *polyS = m_polyState(); - bool isFirstBlock = true; - size_t i; - - #if !VMAC_BOOL_32BIT - #if VMAC_BOOL_WORD128 - word128 a1, a2; - #else - word64 ah1, al1, ah2, al2; - #endif - word64 kh1, kl1, kh2, kl2; - kh1=(polyS+0*4+2)[0]; kl1=(polyS+0*4+2)[1]; - if (T_128BitTag) - { - kh2=(polyS+1*4+2)[0]; kl2=(polyS+1*4+2)[1]; - } - #endif - - do - { - DeclareNH(nhA); - DeclareNH(nhB); - - i = 0; - if (blocksRemainingInWord64 < L1KeyLengthInWord64) - { - if (blocksRemainingInWord64 % 8) - { - innerLoopEnd = blocksRemainingInWord64 % 8; - for (; i<innerLoopEnd; i+=2) - INNER_LOOP_ITERATION(0); - } - innerLoopEnd = blocksRemainingInWord64; - } - for (; i<innerLoopEnd; i+=8) - { - INNER_LOOP_ITERATION(0); - INNER_LOOP_ITERATION(1); - INNER_LOOP_ITERATION(2); - INNER_LOOP_ITERATION(3); - } - blocksRemainingInWord64 -= innerLoopEnd; - data += innerLoopEnd; - - #if VMAC_BOOL_32BIT - word32 nh0[2], nh1[2]; - word64 nh2[2]; - - nh0[0] = word32(nhA0); - nhA1 += (nhA0 >> 32); - nh1[0] = word32(nhA1); - nh2[0] = (nhA2 + (nhA1 >> 32)) & m62; - - if (T_128BitTag) - { - nh0[1] = word32(nhB0); - nhB1 += (nhB0 >> 32); - nh1[1] = word32(nhB1); - nh2[1] = (nhB2 + (nhB1 >> 32)) & m62; - } - - #define a0 (((word32 *)(polyS+i*4))[2+NativeByteOrder::ToEnum()]) - #define a1 (*(((word32 *)(polyS+i*4))+3-NativeByteOrder::ToEnum())) // workaround for GCC 3.2 - #define a2 (((word32 *)(polyS+i*4))[0+NativeByteOrder::ToEnum()]) - #define a3 (*(((word32 *)(polyS+i*4))+1-NativeByteOrder::ToEnum())) - #define aHi ((polyS+i*4)[0]) - #define k0 (((word32 *)(polyS+i*4+2))[2+NativeByteOrder::ToEnum()]) - #define k1 (*(((word32 *)(polyS+i*4+2))+3-NativeByteOrder::ToEnum())) - #define k2 (((word32 *)(polyS+i*4+2))[0+NativeByteOrder::ToEnum()]) - #define k3 (*(((word32 *)(polyS+i*4+2))+1-NativeByteOrder::ToEnum())) - #define kHi ((polyS+i*4+2)[0]) - - if (isFirstBlock) - { - isFirstBlock = false; - if (m_isFirstBlock) - { - m_isFirstBlock = false; - for (i=0; i<=(size_t)T_128BitTag; i++) - { - word64 t = (word64)nh0[i] + k0; - a0 = (word32)t; - t = (t >> 32) + nh1[i] + k1; - a1 = (word32)t; - aHi = (t >> 32) + nh2[i] + kHi; - } - continue; - } - } - for (i=0; i<=(size_t)T_128BitTag; i++) - { - word64 p, t; - word32 t2; - - p = MUL32(a3, 2*k3); - p += nh2[i]; - p += MUL32(a0, k2); - p += MUL32(a1, k1); - p += MUL32(a2, k0); - t2 = (word32)p; - p >>= 32; - p += MUL32(a0, k3); - p += MUL32(a1, k2); - p += MUL32(a2, k1); - p += MUL32(a3, k0); - t = (word64(word32(p) & 0x7fffffff) << 32) | t2; - p >>= 31; - p += nh0[i]; - p += MUL32(a0, k0); - p += MUL32(a1, 2*k3); - p += MUL32(a2, 2*k2); - p += MUL32(a3, 2*k1); - t2 = (word32)p; - p >>= 32; - p += nh1[i]; - p += MUL32(a0, k1); - p += MUL32(a1, k0); - p += MUL32(a2, 2*k3); - p += MUL32(a3, 2*k2); - a0 = t2; - a1 = (word32)p; - aHi = (p >> 32) + t; - } - - #undef a0 - #undef a1 - #undef a2 - #undef a3 - #undef aHi - #undef k0 - #undef k1 - #undef k2 - #undef k3 - #undef kHi - #else // #if VMAC_BOOL_32BIT - if (isFirstBlock) - { - isFirstBlock = false; - if (m_isFirstBlock) - { - m_isFirstBlock = false; - #if VMAC_BOOL_WORD128 - #define first_poly_step(a, kh, kl, m) a = (m & m126) + ((word128(kh) << 64) | kl) - - first_poly_step(a1, kh1, kl1, nhA); - if (T_128BitTag) - first_poly_step(a2, kh2, kl2, nhB); - #else - #define first_poly_step(ah, al, kh, kl, mh, ml) {\ - mh &= m62;\ - ADD128(mh, ml, kh, kl); \ - ah = mh; al = ml;} - - first_poly_step(ah1, al1, kh1, kl1, nhA1, nhA0); - if (T_128BitTag) - first_poly_step(ah2, al2, kh2, kl2, nhB1, nhB0); - #endif - continue; - } - else - { - #if VMAC_BOOL_WORD128 - a1 = (word128((polyS+0*4)[0]) << 64) | (polyS+0*4)[1]; - #else - ah1=(polyS+0*4)[0]; al1=(polyS+0*4)[1]; - #endif - if (T_128BitTag) - { - #if VMAC_BOOL_WORD128 - a2 = (word128((polyS+1*4)[0]) << 64) | (polyS+1*4)[1]; - #else - ah2=(polyS+1*4)[0]; al2=(polyS+1*4)[1]; - #endif - } - } - } - - #if VMAC_BOOL_WORD128 - #define poly_step(a, kh, kl, m) \ - { word128 t1, t2, t3, t4;\ - Multiply128(t2, a>>64, kl);\ - Multiply128(t3, a, kh);\ - Multiply128(t1, a, kl);\ - Multiply128(t4, a>>64, 2*kh);\ - t2 += t3;\ - t4 += t1;\ - t2 += t4>>64;\ - a = (word128(word64(t2)&m63) << 64) | word64(t4);\ - t2 *= 2;\ - a += m & m126;\ - a += t2>>64;} - - poly_step(a1, kh1, kl1, nhA); - if (T_128BitTag) - poly_step(a2, kh2, kl2, nhB); - #else - #define poly_step(ah, al, kh, kl, mh, ml) \ - { word64 t1h, t1l, t2h, t2l, t3h, t3l, z=0; \ - /* compute ab*cd, put bd into result registers */ \ - MUL64(t2h,t2l,ah,kl); \ - MUL64(t3h,t3l,al,kh); \ - MUL64(t1h,t1l,ah,2*kh); \ - MUL64(ah,al,al,kl); \ - /* add together ad + bc */ \ - ADD128(t2h,t2l,t3h,t3l); \ - /* add 2 * ac to result */ \ - ADD128(ah,al,t1h,t1l); \ - /* now (ah,al), (t2l,2*t2h) need summing */ \ - /* first add the high registers, carrying into t2h */ \ - ADD128(t2h,ah,z,t2l); \ - /* double t2h and add top bit of ah */ \ - t2h += t2h + (ah >> 63); \ - ah &= m63; \ - /* now add the low registers */ \ - mh &= m62; \ - ADD128(ah,al,mh,ml); \ - ADD128(ah,al,z,t2h); \ - } - - poly_step(ah1, al1, kh1, kl1, nhA1, nhA0); - if (T_128BitTag) - poly_step(ah2, al2, kh2, kl2, nhB1, nhB0); - #endif - #endif // #if VMAC_BOOL_32BIT - } while (blocksRemainingInWord64); - - #if VMAC_BOOL_WORD128 - (polyS+0*4)[0]=word64(a1>>64); (polyS+0*4)[1]=word64(a1); - if (T_128BitTag) - { - (polyS+1*4)[0]=word64(a2>>64); (polyS+1*4)[1]=word64(a2); - } - #elif !VMAC_BOOL_32BIT - (polyS+0*4)[0]=ah1; (polyS+0*4)[1]=al1; - if (T_128BitTag) - { - (polyS+1*4)[0]=ah2; (polyS+1*4)[1]=al2; - } - #endif -} - -inline void VMAC_Base::VHASH_Update(const word64 *data, size_t blocksRemainingInWord64) -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 - if (HasSSE2()) - { - VHASH_Update_SSE2(data, blocksRemainingInWord64, 0); - if (m_is128) - VHASH_Update_SSE2(data, blocksRemainingInWord64, 1); - m_isFirstBlock = false; - } - else -#endif - { -#if defined(_MSC_VER) && _MSC_VER < 1300 - VHASH_Update_Template(data, blocksRemainingInWord64); -#else - if (m_is128) - VHASH_Update_Template<true>(data, blocksRemainingInWord64); - else - VHASH_Update_Template<false>(data, blocksRemainingInWord64); -#endif - } -} - -size_t VMAC_Base::HashMultipleBlocks(const word64 *data, size_t length) -{ - size_t remaining = ModPowerOf2(length, m_L1KeyLength); - VHASH_Update(data, (length-remaining)/8); - return remaining; -} - -static word64 L3Hash(const word64 *input, const word64 *l3Key, size_t len) -{ - word64 rh, rl, t, z=0; - word64 p1 = input[0], p2 = input[1]; - word64 k1 = l3Key[0], k2 = l3Key[1]; - - /* fully reduce (p1,p2)+(len,0) mod p127 */ - t = p1 >> 63; - p1 &= m63; - ADD128(p1, p2, len, t); - /* At this point, (p1,p2) is at most 2^127+(len<<64) */ - t = (p1 > m63) + ((p1 == m63) & (p2 == m64)); - ADD128(p1, p2, z, t); - p1 &= m63; - - /* compute (p1,p2)/(2^64-2^32) and (p1,p2)%(2^64-2^32) */ - t = p1 + (p2 >> 32); - t += (t >> 32); - t += (word32)t > 0xfffffffeU; - p1 += (t >> 32); - p2 += (p1 << 32); - - /* compute (p1+k1)%p64 and (p2+k2)%p64 */ - p1 += k1; - p1 += (0 - (p1 < k1)) & 257; - p2 += k2; - p2 += (0 - (p2 < k2)) & 257; - - /* compute (p1+k1)*(p2+k2)%p64 */ - MUL64(rh, rl, p1, p2); - t = rh >> 56; - ADD128(t, rl, z, rh); - rh <<= 8; - ADD128(t, rl, z, rh); - t += t << 8; - rl += t; - rl += (0 - (rl < t)) & 257; - rl += (0 - (rl > p64-1)) & 257; - return rl; -} - -void VMAC_Base::TruncatedFinal(byte *mac, size_t size) -{ - size_t len = ModPowerOf2(GetBitCountLo()/8, m_L1KeyLength); - - if (len) - { - memset(m_data()+len, 0, (0-len)%16); - VHASH_Update(DataBuf(), ((len+15)/16)*2); - len *= 8; // convert to bits - } - else if (m_isFirstBlock) - { - // special case for empty string - m_polyState()[0] = m_polyState()[2]; - m_polyState()[1] = m_polyState()[3]; - if (m_is128) - { - m_polyState()[4] = m_polyState()[6]; - m_polyState()[5] = m_polyState()[7]; - } - } - - if (m_is128) - { - word64 t[2]; - t[0] = L3Hash(m_polyState(), m_l3Key(), len) + GetWord<word64>(true, BIG_ENDIAN_ORDER, m_pad()); - t[1] = L3Hash(m_polyState()+4, m_l3Key()+2, len) + GetWord<word64>(true, BIG_ENDIAN_ORDER, m_pad()+8); - if (size == 16) - { - PutWord(false, BIG_ENDIAN_ORDER, mac, t[0]); - PutWord(false, BIG_ENDIAN_ORDER, mac+8, t[1]); - } - else - { - t[0] = ConditionalByteReverse(BIG_ENDIAN_ORDER, t[0]); - t[1] = ConditionalByteReverse(BIG_ENDIAN_ORDER, t[1]); - memcpy(mac, t, size); - } - } - else - { - word64 t = L3Hash(m_polyState(), m_l3Key(), len); - t += GetWord<word64>(true, BIG_ENDIAN_ORDER, m_pad() + (m_nonce()[IVSize()-1]&1) * 8); - if (size == 8) - PutWord(false, BIG_ENDIAN_ORDER, mac, t); - else - { - t = ConditionalByteReverse(BIG_ENDIAN_ORDER, t); - memcpy(mac, &t, size); - } - } -} - -NAMESPACE_END diff --git a/cryptopp562/vmac.h b/cryptopp562/vmac.h deleted file mode 100644 index 0724017..0000000 --- a/cryptopp562/vmac.h +++ /dev/null @@ -1,68 +0,0 @@ -#ifndef CRYPTOPP_VMAC_H -#define CRYPTOPP_VMAC_H - -#include "iterhash.h" -#include "seckey.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// . -class VMAC_Base : public IteratedHashBase<word64, MessageAuthenticationCode> -{ -public: - std::string AlgorithmName() const {return std::string("VMAC(") + GetCipher().AlgorithmName() + ")-" + IntToString(DigestSize()*8);} - unsigned int IVSize() const {return GetCipher().BlockSize();} - unsigned int MinIVLength() const {return 1;} - void Resynchronize(const byte *nonce, int length=-1); - void GetNextIV(RandomNumberGenerator &rng, byte *IV); - unsigned int DigestSize() const {return m_is128 ? 16 : 8;}; - void UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms); - void TruncatedFinal(byte *mac, size_t size); - unsigned int BlockSize() const {return m_L1KeyLength;} - ByteOrder GetByteOrder() const {return LITTLE_ENDIAN_ORDER;} - -protected: - virtual BlockCipher & AccessCipher() =0; - virtual int DefaultDigestSize() const =0; - const BlockCipher & GetCipher() const {return const_cast<VMAC_Base *>(this)->AccessCipher();} - void HashEndianCorrectedBlock(const word64 *data); - size_t HashMultipleBlocks(const word64 *input, size_t length); - void Init() {} - word64* StateBuf() {return NULL;} - word64* DataBuf() {return (word64 *)m_data();} - - void VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, int tagPart); -#if !(defined(_MSC_VER) && _MSC_VER < 1300) // can't use function template here with VC6 - template <bool T_128BitTag> -#endif - void VHASH_Update_Template(const word64 *data, size_t blockRemainingInWord128); - void VHASH_Update(const word64 *data, size_t blocksRemainingInWord128); - - CRYPTOPP_BLOCK_1(polyState, word64, 4*(m_is128+1)) - CRYPTOPP_BLOCK_2(nhKey, word64, m_L1KeyLength/sizeof(word64) + 2*m_is128) - CRYPTOPP_BLOCK_3(data, byte, m_L1KeyLength) - CRYPTOPP_BLOCK_4(l3Key, word64, 2*(m_is128+1)) - CRYPTOPP_BLOCK_5(nonce, byte, IVSize()) - CRYPTOPP_BLOCK_6(pad, byte, IVSize()) - CRYPTOPP_BLOCKS_END(6) - - bool m_is128, m_padCached, m_isFirstBlock; - int m_L1KeyLength; -}; - -/// <a href="http://www.cryptolounge.org/wiki/VMAC">VMAC</a> -template <class T_BlockCipher, int T_DigestBitSize = 128> -class VMAC : public SimpleKeyingInterfaceImpl<VMAC_Base, SameKeyLengthAs<T_BlockCipher, SimpleKeyingInterface::UNIQUE_IV, T_BlockCipher::BLOCKSIZE> > -{ -public: - static std::string StaticAlgorithmName() {return std::string("VMAC(") + T_BlockCipher::StaticAlgorithmName() + ")-" + IntToString(T_DigestBitSize);} - -private: - BlockCipher & AccessCipher() {return m_cipher;} - int DefaultDigestSize() const {return T_DigestBitSize/8;} - typename T_BlockCipher::Encryption m_cipher; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/wait.cpp b/cryptopp562/wait.cpp deleted file mode 100644 index 1987858..0000000 --- a/cryptopp562/wait.cpp +++ /dev/null @@ -1,397 +0,0 @@ -// wait.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "wait.h" -#include "misc.h" - -#ifdef SOCKETS_AVAILABLE - -#ifdef USE_BERKELEY_STYLE_SOCKETS -#include <errno.h> -#include <sys/types.h> -#include <sys/time.h> -#include <unistd.h> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -unsigned int WaitObjectContainer::MaxWaitObjects() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - return MAXIMUM_WAIT_OBJECTS * (MAXIMUM_WAIT_OBJECTS-1); -#else - return FD_SETSIZE; -#endif -} - -WaitObjectContainer::WaitObjectContainer(WaitObjectsTracer* tracer) - : m_tracer(tracer), m_eventTimer(Timer::MILLISECONDS) - , m_sameResultCount(0), m_noWaitTimer(Timer::MILLISECONDS) -{ - Clear(); - m_eventTimer.StartTimer(); -} - -void WaitObjectContainer::Clear() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - m_handles.clear(); -#else - m_maxFd = 0; - FD_ZERO(&m_readfds); - FD_ZERO(&m_writefds); -#endif - m_noWait = false; - m_firstEventTime = 0; -} - -inline void WaitObjectContainer::SetLastResult(LastResultType result) -{ - if (result == m_lastResult) - m_sameResultCount++; - else - { - m_lastResult = result; - m_sameResultCount = 0; - } -} - -void WaitObjectContainer::DetectNoWait(LastResultType result, CallStack const& callStack) -{ - if (result == m_lastResult && m_noWaitTimer.ElapsedTime() > 1000) - { - if (m_sameResultCount > m_noWaitTimer.ElapsedTime()) - { - if (m_tracer) - { - std::string desc = "No wait loop detected - m_lastResult: "; - desc.append(IntToString(m_lastResult)).append(", call stack:"); - for (CallStack const* cs = &callStack; cs; cs = cs->Prev()) - desc.append("\n- ").append(cs->Format()); - m_tracer->TraceNoWaitLoop(desc); - } - try { throw 0; } catch (...) {} // help debugger break - } - - m_noWaitTimer.StartTimer(); - m_sameResultCount = 0; - } -} - -void WaitObjectContainer::SetNoWait(CallStack const& callStack) -{ - DetectNoWait(LASTRESULT_NOWAIT, CallStack("WaitObjectContainer::SetNoWait()", &callStack)); - m_noWait = true; -} - -void WaitObjectContainer::ScheduleEvent(double milliseconds, CallStack const& callStack) -{ - if (milliseconds <= 3) - DetectNoWait(LASTRESULT_SCHEDULED, CallStack("WaitObjectContainer::ScheduleEvent()", &callStack)); - double thisEventTime = m_eventTimer.ElapsedTimeAsDouble() + milliseconds; - if (!m_firstEventTime || thisEventTime < m_firstEventTime) - m_firstEventTime = thisEventTime; -} - -#ifdef USE_WINDOWS_STYLE_SOCKETS - -struct WaitingThreadData -{ - bool waitingToWait, terminate; - HANDLE startWaiting, stopWaiting; - const HANDLE *waitHandles; - unsigned int count; - HANDLE threadHandle; - DWORD threadId; - DWORD* error; -}; - -WaitObjectContainer::~WaitObjectContainer() -{ - try // don't let exceptions escape destructor - { - if (!m_threads.empty()) - { - HANDLE threadHandles[MAXIMUM_WAIT_OBJECTS]; - unsigned int i; - for (i=0; i<m_threads.size(); i++) - { - WaitingThreadData &thread = *m_threads[i]; - while (!thread.waitingToWait) // spin until thread is in the initial "waiting to wait" state - Sleep(0); - thread.terminate = true; - threadHandles[i] = thread.threadHandle; - } - PulseEvent(m_startWaiting); - ::WaitForMultipleObjects((DWORD)m_threads.size(), threadHandles, TRUE, INFINITE); - for (i=0; i<m_threads.size(); i++) - CloseHandle(threadHandles[i]); - CloseHandle(m_startWaiting); - CloseHandle(m_stopWaiting); - } - } - catch (...) - { - } -} - - -void WaitObjectContainer::AddHandle(HANDLE handle, CallStack const& callStack) -{ - DetectNoWait(m_handles.size(), CallStack("WaitObjectContainer::AddHandle()", &callStack)); - m_handles.push_back(handle); -} - -DWORD WINAPI WaitingThread(LPVOID lParam) -{ - std::auto_ptr<WaitingThreadData> pThread((WaitingThreadData *)lParam); - WaitingThreadData &thread = *pThread; - std::vector<HANDLE> handles; - - while (true) - { - thread.waitingToWait = true; - ::WaitForSingleObject(thread.startWaiting, INFINITE); - thread.waitingToWait = false; - - if (thread.terminate) - break; - if (!thread.count) - continue; - - handles.resize(thread.count + 1); - handles[0] = thread.stopWaiting; - std::copy(thread.waitHandles, thread.waitHandles+thread.count, handles.begin()+1); - - DWORD result = ::WaitForMultipleObjects((DWORD)handles.size(), &handles[0], FALSE, INFINITE); - - if (result == WAIT_OBJECT_0) - continue; // another thread finished waiting first, so do nothing - SetEvent(thread.stopWaiting); - if (!(result > WAIT_OBJECT_0 && result < WAIT_OBJECT_0 + handles.size())) - { - assert(!"error in WaitingThread"); // break here so we can see which thread has an error - *thread.error = ::GetLastError(); - } - } - - return S_OK; // return a value here to avoid compiler warning -} - -void WaitObjectContainer::CreateThreads(unsigned int count) -{ - size_t currentCount = m_threads.size(); - if (currentCount == 0) - { - m_startWaiting = ::CreateEvent(NULL, TRUE, FALSE, NULL); - m_stopWaiting = ::CreateEvent(NULL, TRUE, FALSE, NULL); - } - - if (currentCount < count) - { - m_threads.resize(count); - for (size_t i=currentCount; i<count; i++) - { - m_threads[i] = new WaitingThreadData; - WaitingThreadData &thread = *m_threads[i]; - thread.terminate = false; - thread.startWaiting = m_startWaiting; - thread.stopWaiting = m_stopWaiting; - thread.waitingToWait = false; - thread.threadHandle = CreateThread(NULL, 0, &WaitingThread, &thread, 0, &thread.threadId); - } - } -} - -bool WaitObjectContainer::Wait(unsigned long milliseconds) -{ - if (m_noWait || (m_handles.empty() && !m_firstEventTime)) - { - SetLastResult(LASTRESULT_NOWAIT); - return true; - } - - bool timeoutIsScheduledEvent = false; - - if (m_firstEventTime) - { - double timeToFirstEvent = SaturatingSubtract(m_firstEventTime, m_eventTimer.ElapsedTimeAsDouble()); - - if (timeToFirstEvent <= milliseconds) - { - milliseconds = (unsigned long)timeToFirstEvent; - timeoutIsScheduledEvent = true; - } - - if (m_handles.empty() || !milliseconds) - { - if (milliseconds) - Sleep(milliseconds); - SetLastResult(timeoutIsScheduledEvent ? LASTRESULT_SCHEDULED : LASTRESULT_TIMEOUT); - return timeoutIsScheduledEvent; - } - } - - if (m_handles.size() > MAXIMUM_WAIT_OBJECTS) - { - // too many wait objects for a single WaitForMultipleObjects call, so use multiple threads - static const unsigned int WAIT_OBJECTS_PER_THREAD = MAXIMUM_WAIT_OBJECTS-1; - unsigned int nThreads = (unsigned int)((m_handles.size() + WAIT_OBJECTS_PER_THREAD - 1) / WAIT_OBJECTS_PER_THREAD); - if (nThreads > MAXIMUM_WAIT_OBJECTS) // still too many wait objects, maybe implement recursive threading later? - throw Err("WaitObjectContainer: number of wait objects exceeds limit"); - CreateThreads(nThreads); - DWORD error = S_OK; - - for (unsigned int i=0; i<m_threads.size(); i++) - { - WaitingThreadData &thread = *m_threads[i]; - while (!thread.waitingToWait) // spin until thread is in the initial "waiting to wait" state - Sleep(0); - if (i<nThreads) - { - thread.waitHandles = &m_handles[i*WAIT_OBJECTS_PER_THREAD]; - thread.count = UnsignedMin(WAIT_OBJECTS_PER_THREAD, m_handles.size() - i*WAIT_OBJECTS_PER_THREAD); - thread.error = &error; - } - else - thread.count = 0; - } - - ResetEvent(m_stopWaiting); - PulseEvent(m_startWaiting); - - DWORD result = ::WaitForSingleObject(m_stopWaiting, milliseconds); - if (result == WAIT_OBJECT_0) - { - if (error == S_OK) - return true; - else - throw Err("WaitObjectContainer: WaitForMultipleObjects in thread failed with error " + IntToString(error)); - } - SetEvent(m_stopWaiting); - if (result == WAIT_TIMEOUT) - { - SetLastResult(timeoutIsScheduledEvent ? LASTRESULT_SCHEDULED : LASTRESULT_TIMEOUT); - return timeoutIsScheduledEvent; - } - else - throw Err("WaitObjectContainer: WaitForSingleObject failed with error " + IntToString(::GetLastError())); - } - else - { -#if TRACE_WAIT - static Timer t(Timer::MICROSECONDS); - static unsigned long lastTime = 0; - unsigned long timeBeforeWait = t.ElapsedTime(); -#endif - DWORD result = ::WaitForMultipleObjects((DWORD)m_handles.size(), &m_handles[0], FALSE, milliseconds); -#if TRACE_WAIT - if (milliseconds > 0) - { - unsigned long timeAfterWait = t.ElapsedTime(); - OutputDebugString(("Handles " + IntToString(m_handles.size()) + ", Woke up by " + IntToString(result-WAIT_OBJECT_0) + ", Busied for " + IntToString(timeBeforeWait-lastTime) + " us, Waited for " + IntToString(timeAfterWait-timeBeforeWait) + " us, max " + IntToString(milliseconds) + "ms\n").c_str()); - lastTime = timeAfterWait; - } -#endif - if (result >= WAIT_OBJECT_0 && result < WAIT_OBJECT_0 + m_handles.size()) - { - if (result == m_lastResult) - m_sameResultCount++; - else - { - m_lastResult = result; - m_sameResultCount = 0; - } - return true; - } - else if (result == WAIT_TIMEOUT) - { - SetLastResult(timeoutIsScheduledEvent ? LASTRESULT_SCHEDULED : LASTRESULT_TIMEOUT); - return timeoutIsScheduledEvent; - } - else - throw Err("WaitObjectContainer: WaitForMultipleObjects failed with error " + IntToString(::GetLastError())); - } -} - -#else // #ifdef USE_WINDOWS_STYLE_SOCKETS - -void WaitObjectContainer::AddReadFd(int fd, CallStack const& callStack) // TODO: do something with callStack -{ - FD_SET(fd, &m_readfds); - m_maxFd = STDMAX(m_maxFd, fd); -} - -void WaitObjectContainer::AddWriteFd(int fd, CallStack const& callStack) // TODO: do something with callStack -{ - FD_SET(fd, &m_writefds); - m_maxFd = STDMAX(m_maxFd, fd); -} - -bool WaitObjectContainer::Wait(unsigned long milliseconds) -{ - if (m_noWait || (!m_maxFd && !m_firstEventTime)) - return true; - - bool timeoutIsScheduledEvent = false; - - if (m_firstEventTime) - { - double timeToFirstEvent = SaturatingSubtract(m_firstEventTime, m_eventTimer.ElapsedTimeAsDouble()); - if (timeToFirstEvent <= milliseconds) - { - milliseconds = (unsigned long)timeToFirstEvent; - timeoutIsScheduledEvent = true; - } - } - - timeval tv, *timeout; - - if (milliseconds == INFINITE_TIME) - timeout = NULL; - else - { - tv.tv_sec = milliseconds / 1000; - tv.tv_usec = (milliseconds % 1000) * 1000; - timeout = &tv; - } - - int result = select(m_maxFd+1, &m_readfds, &m_writefds, NULL, timeout); - - if (result > 0) - return true; - else if (result == 0) - return timeoutIsScheduledEvent; - else - throw Err("WaitObjectContainer: select failed with error " + errno); -} - -#endif - -// ******************************************************** - -std::string CallStack::Format() const -{ - return m_info; -} - -std::string CallStackWithNr::Format() const -{ - return std::string(m_info) + " / nr: " + IntToString(m_nr); -} - -std::string CallStackWithStr::Format() const -{ - return std::string(m_info) + " / " + std::string(m_z); -} - -bool Waitable::Wait(unsigned long milliseconds, CallStack const& callStack) -{ - WaitObjectContainer container; - GetWaitObjects(container, callStack); // reduce clutter by not adding this func to stack - return container.Wait(milliseconds); -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/wait.h b/cryptopp562/wait.h deleted file mode 100644 index 045afbc..0000000 --- a/cryptopp562/wait.h +++ /dev/null @@ -1,208 +0,0 @@ -#ifndef CRYPTOPP_WAIT_H -#define CRYPTOPP_WAIT_H - -#include "config.h" - -#ifdef SOCKETS_AVAILABLE - -#include "misc.h" -#include "cryptlib.h" -#include <vector> - -#ifdef USE_WINDOWS_STYLE_SOCKETS -#include <winsock2.h> -#else -#include <sys/types.h> -#endif - -#include "hrtimer.h" - -NAMESPACE_BEGIN(CryptoPP) - -class Tracer -{ -public: - Tracer(unsigned int level) : m_level(level) {} - virtual ~Tracer() {} - -protected: - //! Override this in your most-derived tracer to do the actual tracing. - virtual void Trace(unsigned int n, std::string const& s) = 0; - - /*! By default, tracers will decide which trace messages to trace according to a trace level - mechanism. If your most-derived tracer uses a different mechanism, override this to - return false. If this method returns false, the default TraceXxxx(void) methods will all - return 0 and must be overridden explicitly by your tracer for trace messages you want. */ - virtual bool UsingDefaults() const { return true; } - -protected: - unsigned int m_level; - - void TraceIf(unsigned int n, std::string const&s) - { if (n) Trace(n, s); } - - /*! Returns nr if, according to the default log settings mechanism (using log levels), - the message should be traced. Returns 0 if the default trace level mechanism is not - in use, or if it is in use but the event should not be traced. Provided as a utility - method for easier and shorter coding of default TraceXxxx(void) implementations. */ - unsigned int Tracing(unsigned int nr, unsigned int minLevel) const - { return (UsingDefaults() && m_level >= minLevel) ? nr : 0; } -}; - -// Your Tracer-derived class should inherit as virtual public from Tracer or another -// Tracer-derived class, and should pass the log level in its constructor. You can use the -// following methods to begin and end your Tracer definition. - -// This constructor macro initializes Tracer directly even if not derived directly from it; -// this is intended, virtual base classes are always initialized by the most derived class. -#define CRYPTOPP_TRACER_CONSTRUCTOR(DERIVED) \ - public: DERIVED(unsigned int level = 0) : Tracer(level) {} - -#define CRYPTOPP_BEGIN_TRACER_CLASS_1(DERIVED, BASE1) \ - class DERIVED : virtual public BASE1 { CRYPTOPP_TRACER_CONSTRUCTOR(DERIVED) - -#define CRYPTOPP_BEGIN_TRACER_CLASS_2(DERIVED, BASE1, BASE2) \ - class DERIVED : virtual public BASE1, virtual public BASE2 { CRYPTOPP_TRACER_CONSTRUCTOR(DERIVED) - -#define CRYPTOPP_END_TRACER_CLASS }; - -// In your Tracer-derived class, you should define a globally unique event number for each -// new event defined. This can be done using the following macros. - -#define CRYPTOPP_BEGIN_TRACER_EVENTS(UNIQUENR) enum { EVENTBASE = UNIQUENR, -#define CRYPTOPP_TRACER_EVENT(EVENTNAME) EventNr_##EVENTNAME, -#define CRYPTOPP_END_TRACER_EVENTS }; - -// In your own Tracer-derived class, you must define two methods per new trace event type: -// - unsigned int TraceXxxx() const -// Your default implementation of this method should return the event number if according -// to the default trace level system the event should be traced, or 0 if it should not. -// - void TraceXxxx(string const& s) -// This method should call TraceIf(TraceXxxx(), s); to do the tracing. -// For your convenience, a macro to define these two types of methods are defined below. -// If you use this macro, you should also use the TRACER_EVENTS macros above to associate -// event names with numbers. - -#define CRYPTOPP_TRACER_EVENT_METHODS(EVENTNAME, LOGLEVEL) \ - virtual unsigned int Trace##EVENTNAME() const { return Tracing(EventNr_##EVENTNAME, LOGLEVEL); } \ - virtual void Trace##EVENTNAME(std::string const& s) { TraceIf(Trace##EVENTNAME(), s); } - - -/*! A simple unidirectional linked list with m_prev == 0 to indicate the final entry. - The aim of this implementation is to provide a very lightweight and practical - tracing mechanism with a low performance impact. Functions and methods supporting - this call-stack mechanism would take a parameter of the form "CallStack const& callStack", - and would pass this parameter to subsequent functions they call using the construct: - - SubFunc(arg1, arg2, CallStack("my func at place such and such", &callStack)); - - The advantage of this approach is that it is easy to use and should be very efficient, - involving no allocation from the heap, just a linked list of stack objects containing - pointers to static ASCIIZ strings (or possibly additional but simple data if derived). */ -class CallStack -{ -public: - CallStack(char const* i, CallStack const* p) : m_info(i), m_prev(p) {} - CallStack const* Prev() const { return m_prev; } - virtual std::string Format() const; - -protected: - char const* m_info; - CallStack const* m_prev; -}; - -/*! An extended CallStack entry type with an additional numeric parameter. */ -class CallStackWithNr : public CallStack -{ -public: - CallStackWithNr(char const* i, word32 n, CallStack const* p) : CallStack(i, p), m_nr(n) {} - std::string Format() const; - -protected: - word32 m_nr; -}; - -/*! An extended CallStack entry type with an additional string parameter. */ -class CallStackWithStr : public CallStack -{ -public: - CallStackWithStr(char const* i, char const* z, CallStack const* p) : CallStack(i, p), m_z(z) {} - std::string Format() const; - -protected: - char const* m_z; -}; - -CRYPTOPP_BEGIN_TRACER_CLASS_1(WaitObjectsTracer, Tracer) - CRYPTOPP_BEGIN_TRACER_EVENTS(0x48752841) - CRYPTOPP_TRACER_EVENT(NoWaitLoop) - CRYPTOPP_END_TRACER_EVENTS - CRYPTOPP_TRACER_EVENT_METHODS(NoWaitLoop, 1) -CRYPTOPP_END_TRACER_CLASS - -struct WaitingThreadData; - -//! container of wait objects -class WaitObjectContainer : public NotCopyable -{ -public: - //! exception thrown by WaitObjectContainer - class Err : public Exception - { - public: - Err(const std::string& s) : Exception(IO_ERROR, s) {} - }; - - static unsigned int MaxWaitObjects(); - - WaitObjectContainer(WaitObjectsTracer* tracer = 0); - - void Clear(); - void SetNoWait(CallStack const& callStack); - void ScheduleEvent(double milliseconds, CallStack const& callStack); - // returns false if timed out - bool Wait(unsigned long milliseconds); - -#ifdef USE_WINDOWS_STYLE_SOCKETS - ~WaitObjectContainer(); - void AddHandle(HANDLE handle, CallStack const& callStack); -#else - void AddReadFd(int fd, CallStack const& callStack); - void AddWriteFd(int fd, CallStack const& callStack); -#endif - -private: - WaitObjectsTracer* m_tracer; - -#ifdef USE_WINDOWS_STYLE_SOCKETS - void CreateThreads(unsigned int count); - std::vector<HANDLE> m_handles; - std::vector<WaitingThreadData *> m_threads; - HANDLE m_startWaiting; - HANDLE m_stopWaiting; -#else - fd_set m_readfds, m_writefds; - int m_maxFd; -#endif - bool m_noWait; - double m_firstEventTime; - Timer m_eventTimer; - -#ifdef USE_WINDOWS_STYLE_SOCKETS - typedef size_t LastResultType; -#else - typedef int LastResultType; -#endif - enum { LASTRESULT_NOWAIT = -1, LASTRESULT_SCHEDULED = -2, LASTRESULT_TIMEOUT = -3 }; - LastResultType m_lastResult; - unsigned int m_sameResultCount; - Timer m_noWaitTimer; - void SetLastResult(LastResultType result); - void DetectNoWait(LastResultType result, CallStack const& callStack); -}; - -NAMESPACE_END - -#endif - -#endif diff --git a/cryptopp562/wake.cpp b/cryptopp562/wake.cpp deleted file mode 100644 index ff40b05..0000000 --- a/cryptopp562/wake.cpp +++ /dev/null @@ -1,109 +0,0 @@ -// wake.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "wake.h" - -NAMESPACE_BEGIN(CryptoPP) - -void WAKE_TestInstantiations() -{ - WAKE_OFB<>::Encryption x2; - WAKE_OFB<>::Decryption x4; -} - -inline word32 WAKE_Base::M(word32 x, word32 y) -{ - word32 w = x+y; - return (w>>8) ^ t[w & 0xff]; -} - -void WAKE_Base::GenKey(word32 k0, word32 k1, word32 k2, word32 k3) -{ - // this code is mostly copied from David Wheeler's paper "A Bulk Data Encryption Algorithm" - signed int x, z, p; - // x and z were declared as "long" in Wheeler's paper, which is a signed type. I don't know if that was intentional, but it's too late to change it now. -- Wei 7/4/2010 - CRYPTOPP_COMPILE_ASSERT(sizeof(x) == 4); - static long long int tt[10]= { - 0x726a8f3b, // table - 0xe69a3b5c, - 0xd3c71fe5, - 0xab3c73d2, - 0x4d3a8eb3, - 0x0396d6e8, - 0x3d4c2f7a, - 0x9ee27cf3, } ; - t[0] = k0; - t[1] = k1; - t[2] = k2; - t[3] = k3; - for (p=4 ; p<256 ; p++) - { - x=t[p-4]+t[p-1] ; // fill t - t[p]= (x>>3) ^ tt[x&7] ; - } - - for (p=0 ; p<23 ; p++) - t[p]+=t[p+89] ; // mix first entries - x=t[33] ; z=t[59] | 0x01000001 ; - z=z&0xff7fffff ; - for (p=0 ; p<256 ; p++) { //change top byte to - x=(x&0xff7fffff)+z ; // a permutation etc - t[p]=(t[p] & 0x00ffffff) ^ x ; } - - t[256]=t[0] ; - byte y=byte(x); - for (p=0 ; p<256 ; p++) { // further change perm. - t[p]=t[y=byte(t[p^y]^y)] ; // and other digits - t[y]=t[p+1] ; } -} - -template <class B> -void WAKE_Policy<B>::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) -{ - word32 k0, k1, k2, k3; - BlockGetAndPut<word32, BigEndian>::Get(key)(r3)(r4)(r5)(r6)(k0)(k1)(k2)(k3); - GenKey(k0, k1, k2, k3); -} - -// OFB -template <class B> -void WAKE_Policy<B>::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) -{ -#define WAKE_OUTPUT(x)\ - while (iterationCount--)\ - {\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 0, r6);\ - r3 = M(r3, r6);\ - r4 = M(r4, r3);\ - r5 = M(r5, r4);\ - r6 = M(r6, r5);\ - output += 4;\ - if (!(x & INPUT_NULL))\ - input += 4;\ - } - - typedef word32 WordType; - CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(WAKE_OUTPUT, 0); -} -/* -template <class B> -void WAKE_ROFB_Policy<B>::Iterate(KeystreamOperation operation, byte *output, const byte *input, unsigned int iterationCount) -{ - KeystreamOutput<B> keystreamOperation(operation, output, input); - - while (iterationCount--) - { - keystreamOperation(r6); - r3 = M(r3, r6); - r4 = M(r4, r3); - r5 = M(r5, r4); - r6 = M(r6, r5); - } -} -*/ -template class WAKE_Policy<BigEndian>; -template class WAKE_Policy<LittleEndian>; -//template class WAKE_ROFB_Policy<BigEndian>; -//template class WAKE_ROFB_Policy<LittleEndian>; - -NAMESPACE_END diff --git a/cryptopp562/wake.h b/cryptopp562/wake.h deleted file mode 100644 index 199957d..0000000 --- a/cryptopp562/wake.h +++ /dev/null @@ -1,63 +0,0 @@ -#ifndef CRYPTOPP_WAKE_H -#define CRYPTOPP_WAKE_H - -#include "seckey.h" -#include "secblock.h" -#include "strciphr.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -template <class B = BigEndian> -struct WAKE_OFB_Info : public FixedKeyLength<32> -{ - static const char *StaticAlgorithmName() {return B::ToEnum() == LITTLE_ENDIAN_ORDER ? "WAKE-OFB-LE" : "WAKE-OFB-BE";} -}; - -class CRYPTOPP_NO_VTABLE WAKE_Base -{ -protected: - word32 M(word32 x, word32 y); - void GenKey(word32 k0, word32 k1, word32 k2, word32 k3); - - word32 t[257]; - word32 r3, r4, r5, r6; -}; - -template <class B = BigEndian> -class CRYPTOPP_NO_VTABLE WAKE_Policy : public AdditiveCipherConcretePolicy<word32, 1, 64>, protected WAKE_Base -{ -protected: - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - // OFB - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - bool CipherIsRandomAccess() const {return false;} -}; - -//! WAKE-OFB -template <class B = BigEndian> -struct WAKE_OFB : public WAKE_OFB_Info<B>, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal<ConcretePolicyHolder<WAKE_Policy<B>, AdditiveCipherTemplate<> >, WAKE_OFB_Info<B> > Encryption; - typedef Encryption Decryption; -}; - -/* -template <class B = BigEndian> -class WAKE_ROFB_Policy : public WAKE_Policy<B> -{ -protected: - void Iterate(KeystreamOperation operation, byte *output, const byte *input, unsigned int iterationCount); -}; - -template <class B = BigEndian> -struct WAKE_ROFB : public WAKE_Info<B> -{ - typedef SymmetricCipherTemplate<ConcretePolicyHolder<AdditiveCipherTemplate<>, WAKE_ROFB_Policy<B> > > Encryption; - typedef Encryption Decryption; -}; -*/ - -NAMESPACE_END - -#endif diff --git a/cryptopp562/whrlpool.cpp b/cryptopp562/whrlpool.cpp deleted file mode 100644 index 9da12e3..0000000 --- a/cryptopp562/whrlpool.cpp +++ /dev/null @@ -1,701 +0,0 @@ -// whrlpool.cpp - originally modified by Kevin Springle from -// Paulo Barreto and Vincent Rijmen's public domain code, whirlpool.c. -// Updated to Whirlpool version 3.0, optimized and SSE version added by Wei Dai -// All modifications are placed in the public domain - -// This is the original introductory comment: - -/** - * The Whirlpool hashing function. - * - * <P> - * <b>References</b> - * - * <P> - * The Whirlpool algorithm was developed by - * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and - * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>. - * - * See - * P.S.L.M. Barreto, V. Rijmen, - * ``The Whirlpool hashing function,'' - * NESSIE submission, 2000 (tweaked version, 2001), - * <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip> - * - * @author Paulo S.L.M. Barreto - * @author Vincent Rijmen. - * - * @version 3.0 (2003.03.12) - * - * ============================================================================= - * - * Differences from version 2.1: - * - * - Suboptimal diffusion matrix replaced by cir(1, 1, 4, 1, 8, 5, 2, 9). - * - * ============================================================================= - * - * Differences from version 2.0: - * - * - Generation of ISO/IEC 10118-3 test vectors. - * - Bug fix: nonzero carry was ignored when tallying the data length - * (this bug apparently only manifested itself when feeding data - * in pieces rather than in a single chunk at once). - * - Support for MS Visual C++ 64-bit integer arithmetic. - * - * Differences from version 1.0: - * - * - Original S-box replaced by the tweaked, hardware-efficient version. - * - * ============================================================================= - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "pch.h" -#include "whrlpool.h" -#include "misc.h" -#include "cpu.h" - -NAMESPACE_BEGIN(CryptoPP) - -void Whirlpool_TestInstantiations() -{ - Whirlpool x; -} - -void Whirlpool::InitState(HashWordType *state) -{ - memset(state, 0, 8*sizeof(state[0])); -} - -void Whirlpool::TruncatedFinal(byte *hash, size_t size) -{ - ThrowIfInvalidTruncatedSize(size); - - PadLastBlock(32); - CorrectEndianess(m_data, m_data, 32); - - m_data[m_data.size()-4] = 0; - m_data[m_data.size()-3] = 0; - m_data[m_data.size()-2] = GetBitCountHi(); - m_data[m_data.size()-1] = GetBitCountLo(); - - Transform(m_state, m_data); - CorrectEndianess(m_state, m_state, DigestSize()); - memcpy(hash, m_state, size); - - Restart(); // reinit for next use -} - -/* - * The number of rounds of the internal dedicated block cipher. - */ -#define R 10 - -/* - * Though Whirlpool is endianness-neutral, the encryption tables are listed - * in BIG-ENDIAN format, which is adopted throughout this implementation - * (but little-endian notation would be equally suitable if consistently - * employed). - */ - -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE -CRYPTOPP_ALIGN_DATA(16) static const word64 Whirlpool_C[4*256+R] CRYPTOPP_SECTION_ALIGN16 = { -#else -static const word64 Whirlpool_C[4*256+R] = { -#endif - W64LIT(0x18186018c07830d8), W64LIT(0x23238c2305af4626), W64LIT(0xc6c63fc67ef991b8), W64LIT(0xe8e887e8136fcdfb), - W64LIT(0x878726874ca113cb), W64LIT(0xb8b8dab8a9626d11), W64LIT(0x0101040108050209), W64LIT(0x4f4f214f426e9e0d), - W64LIT(0x3636d836adee6c9b), W64LIT(0xa6a6a2a6590451ff), W64LIT(0xd2d26fd2debdb90c), W64LIT(0xf5f5f3f5fb06f70e), - W64LIT(0x7979f979ef80f296), W64LIT(0x6f6fa16f5fcede30), W64LIT(0x91917e91fcef3f6d), W64LIT(0x52525552aa07a4f8), - W64LIT(0x60609d6027fdc047), W64LIT(0xbcbccabc89766535), W64LIT(0x9b9b569baccd2b37), W64LIT(0x8e8e028e048c018a), - W64LIT(0xa3a3b6a371155bd2), W64LIT(0x0c0c300c603c186c), W64LIT(0x7b7bf17bff8af684), W64LIT(0x3535d435b5e16a80), - W64LIT(0x1d1d741de8693af5), W64LIT(0xe0e0a7e05347ddb3), W64LIT(0xd7d77bd7f6acb321), W64LIT(0xc2c22fc25eed999c), - W64LIT(0x2e2eb82e6d965c43), W64LIT(0x4b4b314b627a9629), W64LIT(0xfefedffea321e15d), W64LIT(0x575741578216aed5), - W64LIT(0x15155415a8412abd), W64LIT(0x7777c1779fb6eee8), W64LIT(0x3737dc37a5eb6e92), W64LIT(0xe5e5b3e57b56d79e), - W64LIT(0x9f9f469f8cd92313), W64LIT(0xf0f0e7f0d317fd23), W64LIT(0x4a4a354a6a7f9420), W64LIT(0xdada4fda9e95a944), - W64LIT(0x58587d58fa25b0a2), W64LIT(0xc9c903c906ca8fcf), W64LIT(0x2929a429558d527c), W64LIT(0x0a0a280a5022145a), - W64LIT(0xb1b1feb1e14f7f50), W64LIT(0xa0a0baa0691a5dc9), W64LIT(0x6b6bb16b7fdad614), W64LIT(0x85852e855cab17d9), - W64LIT(0xbdbdcebd8173673c), W64LIT(0x5d5d695dd234ba8f), W64LIT(0x1010401080502090), W64LIT(0xf4f4f7f4f303f507), - W64LIT(0xcbcb0bcb16c08bdd), W64LIT(0x3e3ef83eedc67cd3), W64LIT(0x0505140528110a2d), W64LIT(0x676781671fe6ce78), - W64LIT(0xe4e4b7e47353d597), W64LIT(0x27279c2725bb4e02), W64LIT(0x4141194132588273), W64LIT(0x8b8b168b2c9d0ba7), - W64LIT(0xa7a7a6a7510153f6), W64LIT(0x7d7de97dcf94fab2), W64LIT(0x95956e95dcfb3749), W64LIT(0xd8d847d88e9fad56), - W64LIT(0xfbfbcbfb8b30eb70), W64LIT(0xeeee9fee2371c1cd), W64LIT(0x7c7ced7cc791f8bb), W64LIT(0x6666856617e3cc71), - W64LIT(0xdddd53dda68ea77b), W64LIT(0x17175c17b84b2eaf), W64LIT(0x4747014702468e45), W64LIT(0x9e9e429e84dc211a), - W64LIT(0xcaca0fca1ec589d4), W64LIT(0x2d2db42d75995a58), W64LIT(0xbfbfc6bf9179632e), W64LIT(0x07071c07381b0e3f), - W64LIT(0xadad8ead012347ac), W64LIT(0x5a5a755aea2fb4b0), W64LIT(0x838336836cb51bef), W64LIT(0x3333cc3385ff66b6), - W64LIT(0x636391633ff2c65c), W64LIT(0x02020802100a0412), W64LIT(0xaaaa92aa39384993), W64LIT(0x7171d971afa8e2de), - W64LIT(0xc8c807c80ecf8dc6), W64LIT(0x19196419c87d32d1), W64LIT(0x494939497270923b), W64LIT(0xd9d943d9869aaf5f), - W64LIT(0xf2f2eff2c31df931), W64LIT(0xe3e3abe34b48dba8), W64LIT(0x5b5b715be22ab6b9), W64LIT(0x88881a8834920dbc), - W64LIT(0x9a9a529aa4c8293e), W64LIT(0x262698262dbe4c0b), W64LIT(0x3232c8328dfa64bf), W64LIT(0xb0b0fab0e94a7d59), - W64LIT(0xe9e983e91b6acff2), W64LIT(0x0f0f3c0f78331e77), W64LIT(0xd5d573d5e6a6b733), W64LIT(0x80803a8074ba1df4), - W64LIT(0xbebec2be997c6127), W64LIT(0xcdcd13cd26de87eb), W64LIT(0x3434d034bde46889), W64LIT(0x48483d487a759032), - W64LIT(0xffffdbffab24e354), W64LIT(0x7a7af57af78ff48d), W64LIT(0x90907a90f4ea3d64), W64LIT(0x5f5f615fc23ebe9d), - W64LIT(0x202080201da0403d), W64LIT(0x6868bd6867d5d00f), W64LIT(0x1a1a681ad07234ca), W64LIT(0xaeae82ae192c41b7), - W64LIT(0xb4b4eab4c95e757d), W64LIT(0x54544d549a19a8ce), W64LIT(0x93937693ece53b7f), W64LIT(0x222288220daa442f), - W64LIT(0x64648d6407e9c863), W64LIT(0xf1f1e3f1db12ff2a), W64LIT(0x7373d173bfa2e6cc), W64LIT(0x12124812905a2482), - W64LIT(0x40401d403a5d807a), W64LIT(0x0808200840281048), W64LIT(0xc3c32bc356e89b95), W64LIT(0xecec97ec337bc5df), - W64LIT(0xdbdb4bdb9690ab4d), W64LIT(0xa1a1bea1611f5fc0), W64LIT(0x8d8d0e8d1c830791), W64LIT(0x3d3df43df5c97ac8), - W64LIT(0x97976697ccf1335b), W64LIT(0x0000000000000000), W64LIT(0xcfcf1bcf36d483f9), W64LIT(0x2b2bac2b4587566e), - W64LIT(0x7676c57697b3ece1), W64LIT(0x8282328264b019e6), W64LIT(0xd6d67fd6fea9b128), W64LIT(0x1b1b6c1bd87736c3), - W64LIT(0xb5b5eeb5c15b7774), W64LIT(0xafaf86af112943be), W64LIT(0x6a6ab56a77dfd41d), W64LIT(0x50505d50ba0da0ea), - W64LIT(0x45450945124c8a57), W64LIT(0xf3f3ebf3cb18fb38), W64LIT(0x3030c0309df060ad), W64LIT(0xefef9bef2b74c3c4), - W64LIT(0x3f3ffc3fe5c37eda), W64LIT(0x55554955921caac7), W64LIT(0xa2a2b2a2791059db), W64LIT(0xeaea8fea0365c9e9), - W64LIT(0x656589650fecca6a), W64LIT(0xbabad2bab9686903), W64LIT(0x2f2fbc2f65935e4a), W64LIT(0xc0c027c04ee79d8e), - W64LIT(0xdede5fdebe81a160), W64LIT(0x1c1c701ce06c38fc), W64LIT(0xfdfdd3fdbb2ee746), W64LIT(0x4d4d294d52649a1f), - W64LIT(0x92927292e4e03976), W64LIT(0x7575c9758fbceafa), W64LIT(0x06061806301e0c36), W64LIT(0x8a8a128a249809ae), - W64LIT(0xb2b2f2b2f940794b), W64LIT(0xe6e6bfe66359d185), W64LIT(0x0e0e380e70361c7e), W64LIT(0x1f1f7c1ff8633ee7), - W64LIT(0x6262956237f7c455), W64LIT(0xd4d477d4eea3b53a), W64LIT(0xa8a89aa829324d81), W64LIT(0x96966296c4f43152), - W64LIT(0xf9f9c3f99b3aef62), W64LIT(0xc5c533c566f697a3), W64LIT(0x2525942535b14a10), W64LIT(0x59597959f220b2ab), - W64LIT(0x84842a8454ae15d0), W64LIT(0x7272d572b7a7e4c5), W64LIT(0x3939e439d5dd72ec), W64LIT(0x4c4c2d4c5a619816), - W64LIT(0x5e5e655eca3bbc94), W64LIT(0x7878fd78e785f09f), W64LIT(0x3838e038ddd870e5), W64LIT(0x8c8c0a8c14860598), - W64LIT(0xd1d163d1c6b2bf17), W64LIT(0xa5a5aea5410b57e4), W64LIT(0xe2e2afe2434dd9a1), W64LIT(0x616199612ff8c24e), - W64LIT(0xb3b3f6b3f1457b42), W64LIT(0x2121842115a54234), W64LIT(0x9c9c4a9c94d62508), W64LIT(0x1e1e781ef0663cee), - W64LIT(0x4343114322528661), W64LIT(0xc7c73bc776fc93b1), W64LIT(0xfcfcd7fcb32be54f), W64LIT(0x0404100420140824), - W64LIT(0x51515951b208a2e3), W64LIT(0x99995e99bcc72f25), W64LIT(0x6d6da96d4fc4da22), W64LIT(0x0d0d340d68391a65), - W64LIT(0xfafacffa8335e979), W64LIT(0xdfdf5bdfb684a369), W64LIT(0x7e7ee57ed79bfca9), W64LIT(0x242490243db44819), - W64LIT(0x3b3bec3bc5d776fe), W64LIT(0xabab96ab313d4b9a), W64LIT(0xcece1fce3ed181f0), W64LIT(0x1111441188552299), - W64LIT(0x8f8f068f0c890383), W64LIT(0x4e4e254e4a6b9c04), W64LIT(0xb7b7e6b7d1517366), W64LIT(0xebeb8beb0b60cbe0), - W64LIT(0x3c3cf03cfdcc78c1), W64LIT(0x81813e817cbf1ffd), W64LIT(0x94946a94d4fe3540), W64LIT(0xf7f7fbf7eb0cf31c), - W64LIT(0xb9b9deb9a1676f18), W64LIT(0x13134c13985f268b), W64LIT(0x2c2cb02c7d9c5851), W64LIT(0xd3d36bd3d6b8bb05), - W64LIT(0xe7e7bbe76b5cd38c), W64LIT(0x6e6ea56e57cbdc39), W64LIT(0xc4c437c46ef395aa), W64LIT(0x03030c03180f061b), - W64LIT(0x565645568a13acdc), W64LIT(0x44440d441a49885e), W64LIT(0x7f7fe17fdf9efea0), W64LIT(0xa9a99ea921374f88), - W64LIT(0x2a2aa82a4d825467), W64LIT(0xbbbbd6bbb16d6b0a), W64LIT(0xc1c123c146e29f87), W64LIT(0x53535153a202a6f1), - W64LIT(0xdcdc57dcae8ba572), W64LIT(0x0b0b2c0b58271653), W64LIT(0x9d9d4e9d9cd32701), W64LIT(0x6c6cad6c47c1d82b), - W64LIT(0x3131c43195f562a4), W64LIT(0x7474cd7487b9e8f3), W64LIT(0xf6f6fff6e309f115), W64LIT(0x464605460a438c4c), - W64LIT(0xacac8aac092645a5), W64LIT(0x89891e893c970fb5), W64LIT(0x14145014a04428b4), W64LIT(0xe1e1a3e15b42dfba), - W64LIT(0x16165816b04e2ca6), W64LIT(0x3a3ae83acdd274f7), W64LIT(0x6969b9696fd0d206), W64LIT(0x09092409482d1241), - W64LIT(0x7070dd70a7ade0d7), W64LIT(0xb6b6e2b6d954716f), W64LIT(0xd0d067d0ceb7bd1e), W64LIT(0xeded93ed3b7ec7d6), - W64LIT(0xcccc17cc2edb85e2), W64LIT(0x424215422a578468), W64LIT(0x98985a98b4c22d2c), W64LIT(0xa4a4aaa4490e55ed), - W64LIT(0x2828a0285d885075), W64LIT(0x5c5c6d5cda31b886), W64LIT(0xf8f8c7f8933fed6b), W64LIT(0x8686228644a411c2), - - W64LIT(0xd818186018c07830), W64LIT(0x2623238c2305af46), W64LIT(0xb8c6c63fc67ef991), W64LIT(0xfbe8e887e8136fcd), - W64LIT(0xcb878726874ca113), W64LIT(0x11b8b8dab8a9626d), W64LIT(0x0901010401080502), W64LIT(0x0d4f4f214f426e9e), - W64LIT(0x9b3636d836adee6c), W64LIT(0xffa6a6a2a6590451), W64LIT(0x0cd2d26fd2debdb9), W64LIT(0x0ef5f5f3f5fb06f7), - W64LIT(0x967979f979ef80f2), W64LIT(0x306f6fa16f5fcede), W64LIT(0x6d91917e91fcef3f), W64LIT(0xf852525552aa07a4), - W64LIT(0x4760609d6027fdc0), W64LIT(0x35bcbccabc897665), W64LIT(0x379b9b569baccd2b), W64LIT(0x8a8e8e028e048c01), - W64LIT(0xd2a3a3b6a371155b), W64LIT(0x6c0c0c300c603c18), W64LIT(0x847b7bf17bff8af6), W64LIT(0x803535d435b5e16a), - W64LIT(0xf51d1d741de8693a), W64LIT(0xb3e0e0a7e05347dd), W64LIT(0x21d7d77bd7f6acb3), W64LIT(0x9cc2c22fc25eed99), - W64LIT(0x432e2eb82e6d965c), W64LIT(0x294b4b314b627a96), W64LIT(0x5dfefedffea321e1), W64LIT(0xd5575741578216ae), - W64LIT(0xbd15155415a8412a), W64LIT(0xe87777c1779fb6ee), W64LIT(0x923737dc37a5eb6e), W64LIT(0x9ee5e5b3e57b56d7), - W64LIT(0x139f9f469f8cd923), W64LIT(0x23f0f0e7f0d317fd), W64LIT(0x204a4a354a6a7f94), W64LIT(0x44dada4fda9e95a9), - W64LIT(0xa258587d58fa25b0), W64LIT(0xcfc9c903c906ca8f), W64LIT(0x7c2929a429558d52), W64LIT(0x5a0a0a280a502214), - W64LIT(0x50b1b1feb1e14f7f), W64LIT(0xc9a0a0baa0691a5d), W64LIT(0x146b6bb16b7fdad6), W64LIT(0xd985852e855cab17), - W64LIT(0x3cbdbdcebd817367), W64LIT(0x8f5d5d695dd234ba), W64LIT(0x9010104010805020), W64LIT(0x07f4f4f7f4f303f5), - W64LIT(0xddcbcb0bcb16c08b), W64LIT(0xd33e3ef83eedc67c), W64LIT(0x2d0505140528110a), W64LIT(0x78676781671fe6ce), - W64LIT(0x97e4e4b7e47353d5), W64LIT(0x0227279c2725bb4e), W64LIT(0x7341411941325882), W64LIT(0xa78b8b168b2c9d0b), - W64LIT(0xf6a7a7a6a7510153), W64LIT(0xb27d7de97dcf94fa), W64LIT(0x4995956e95dcfb37), W64LIT(0x56d8d847d88e9fad), - W64LIT(0x70fbfbcbfb8b30eb), W64LIT(0xcdeeee9fee2371c1), W64LIT(0xbb7c7ced7cc791f8), W64LIT(0x716666856617e3cc), - W64LIT(0x7bdddd53dda68ea7), W64LIT(0xaf17175c17b84b2e), W64LIT(0x454747014702468e), W64LIT(0x1a9e9e429e84dc21), - W64LIT(0xd4caca0fca1ec589), W64LIT(0x582d2db42d75995a), W64LIT(0x2ebfbfc6bf917963), W64LIT(0x3f07071c07381b0e), - W64LIT(0xacadad8ead012347), W64LIT(0xb05a5a755aea2fb4), W64LIT(0xef838336836cb51b), W64LIT(0xb63333cc3385ff66), - W64LIT(0x5c636391633ff2c6), W64LIT(0x1202020802100a04), W64LIT(0x93aaaa92aa393849), W64LIT(0xde7171d971afa8e2), - W64LIT(0xc6c8c807c80ecf8d), W64LIT(0xd119196419c87d32), W64LIT(0x3b49493949727092), W64LIT(0x5fd9d943d9869aaf), - W64LIT(0x31f2f2eff2c31df9), W64LIT(0xa8e3e3abe34b48db), W64LIT(0xb95b5b715be22ab6), W64LIT(0xbc88881a8834920d), - W64LIT(0x3e9a9a529aa4c829), W64LIT(0x0b262698262dbe4c), W64LIT(0xbf3232c8328dfa64), W64LIT(0x59b0b0fab0e94a7d), - W64LIT(0xf2e9e983e91b6acf), W64LIT(0x770f0f3c0f78331e), W64LIT(0x33d5d573d5e6a6b7), W64LIT(0xf480803a8074ba1d), - W64LIT(0x27bebec2be997c61), W64LIT(0xebcdcd13cd26de87), W64LIT(0x893434d034bde468), W64LIT(0x3248483d487a7590), - W64LIT(0x54ffffdbffab24e3), W64LIT(0x8d7a7af57af78ff4), W64LIT(0x6490907a90f4ea3d), W64LIT(0x9d5f5f615fc23ebe), - W64LIT(0x3d202080201da040), W64LIT(0x0f6868bd6867d5d0), W64LIT(0xca1a1a681ad07234), W64LIT(0xb7aeae82ae192c41), - W64LIT(0x7db4b4eab4c95e75), W64LIT(0xce54544d549a19a8), W64LIT(0x7f93937693ece53b), W64LIT(0x2f222288220daa44), - W64LIT(0x6364648d6407e9c8), W64LIT(0x2af1f1e3f1db12ff), W64LIT(0xcc7373d173bfa2e6), W64LIT(0x8212124812905a24), - W64LIT(0x7a40401d403a5d80), W64LIT(0x4808082008402810), W64LIT(0x95c3c32bc356e89b), W64LIT(0xdfecec97ec337bc5), - W64LIT(0x4ddbdb4bdb9690ab), W64LIT(0xc0a1a1bea1611f5f), W64LIT(0x918d8d0e8d1c8307), W64LIT(0xc83d3df43df5c97a), - W64LIT(0x5b97976697ccf133), W64LIT(0x0000000000000000), W64LIT(0xf9cfcf1bcf36d483), W64LIT(0x6e2b2bac2b458756), - W64LIT(0xe17676c57697b3ec), W64LIT(0xe68282328264b019), W64LIT(0x28d6d67fd6fea9b1), W64LIT(0xc31b1b6c1bd87736), - W64LIT(0x74b5b5eeb5c15b77), W64LIT(0xbeafaf86af112943), W64LIT(0x1d6a6ab56a77dfd4), W64LIT(0xea50505d50ba0da0), - W64LIT(0x5745450945124c8a), W64LIT(0x38f3f3ebf3cb18fb), W64LIT(0xad3030c0309df060), W64LIT(0xc4efef9bef2b74c3), - W64LIT(0xda3f3ffc3fe5c37e), W64LIT(0xc755554955921caa), W64LIT(0xdba2a2b2a2791059), W64LIT(0xe9eaea8fea0365c9), - W64LIT(0x6a656589650fecca), W64LIT(0x03babad2bab96869), W64LIT(0x4a2f2fbc2f65935e), W64LIT(0x8ec0c027c04ee79d), - W64LIT(0x60dede5fdebe81a1), W64LIT(0xfc1c1c701ce06c38), W64LIT(0x46fdfdd3fdbb2ee7), W64LIT(0x1f4d4d294d52649a), - W64LIT(0x7692927292e4e039), W64LIT(0xfa7575c9758fbcea), W64LIT(0x3606061806301e0c), W64LIT(0xae8a8a128a249809), - W64LIT(0x4bb2b2f2b2f94079), W64LIT(0x85e6e6bfe66359d1), W64LIT(0x7e0e0e380e70361c), W64LIT(0xe71f1f7c1ff8633e), - W64LIT(0x556262956237f7c4), W64LIT(0x3ad4d477d4eea3b5), W64LIT(0x81a8a89aa829324d), W64LIT(0x5296966296c4f431), - W64LIT(0x62f9f9c3f99b3aef), W64LIT(0xa3c5c533c566f697), W64LIT(0x102525942535b14a), W64LIT(0xab59597959f220b2), - W64LIT(0xd084842a8454ae15), W64LIT(0xc57272d572b7a7e4), W64LIT(0xec3939e439d5dd72), W64LIT(0x164c4c2d4c5a6198), - W64LIT(0x945e5e655eca3bbc), W64LIT(0x9f7878fd78e785f0), W64LIT(0xe53838e038ddd870), W64LIT(0x988c8c0a8c148605), - W64LIT(0x17d1d163d1c6b2bf), W64LIT(0xe4a5a5aea5410b57), W64LIT(0xa1e2e2afe2434dd9), W64LIT(0x4e616199612ff8c2), - W64LIT(0x42b3b3f6b3f1457b), W64LIT(0x342121842115a542), W64LIT(0x089c9c4a9c94d625), W64LIT(0xee1e1e781ef0663c), - W64LIT(0x6143431143225286), W64LIT(0xb1c7c73bc776fc93), W64LIT(0x4ffcfcd7fcb32be5), W64LIT(0x2404041004201408), - W64LIT(0xe351515951b208a2), W64LIT(0x2599995e99bcc72f), W64LIT(0x226d6da96d4fc4da), W64LIT(0x650d0d340d68391a), - W64LIT(0x79fafacffa8335e9), W64LIT(0x69dfdf5bdfb684a3), W64LIT(0xa97e7ee57ed79bfc), W64LIT(0x19242490243db448), - W64LIT(0xfe3b3bec3bc5d776), W64LIT(0x9aabab96ab313d4b), W64LIT(0xf0cece1fce3ed181), W64LIT(0x9911114411885522), - W64LIT(0x838f8f068f0c8903), W64LIT(0x044e4e254e4a6b9c), W64LIT(0x66b7b7e6b7d15173), W64LIT(0xe0ebeb8beb0b60cb), - W64LIT(0xc13c3cf03cfdcc78), W64LIT(0xfd81813e817cbf1f), W64LIT(0x4094946a94d4fe35), W64LIT(0x1cf7f7fbf7eb0cf3), - W64LIT(0x18b9b9deb9a1676f), W64LIT(0x8b13134c13985f26), W64LIT(0x512c2cb02c7d9c58), W64LIT(0x05d3d36bd3d6b8bb), - W64LIT(0x8ce7e7bbe76b5cd3), W64LIT(0x396e6ea56e57cbdc), W64LIT(0xaac4c437c46ef395), W64LIT(0x1b03030c03180f06), - W64LIT(0xdc565645568a13ac), W64LIT(0x5e44440d441a4988), W64LIT(0xa07f7fe17fdf9efe), W64LIT(0x88a9a99ea921374f), - W64LIT(0x672a2aa82a4d8254), W64LIT(0x0abbbbd6bbb16d6b), W64LIT(0x87c1c123c146e29f), W64LIT(0xf153535153a202a6), - W64LIT(0x72dcdc57dcae8ba5), W64LIT(0x530b0b2c0b582716), W64LIT(0x019d9d4e9d9cd327), W64LIT(0x2b6c6cad6c47c1d8), - W64LIT(0xa43131c43195f562), W64LIT(0xf37474cd7487b9e8), W64LIT(0x15f6f6fff6e309f1), W64LIT(0x4c464605460a438c), - W64LIT(0xa5acac8aac092645), W64LIT(0xb589891e893c970f), W64LIT(0xb414145014a04428), W64LIT(0xbae1e1a3e15b42df), - W64LIT(0xa616165816b04e2c), W64LIT(0xf73a3ae83acdd274), W64LIT(0x066969b9696fd0d2), W64LIT(0x4109092409482d12), - W64LIT(0xd77070dd70a7ade0), W64LIT(0x6fb6b6e2b6d95471), W64LIT(0x1ed0d067d0ceb7bd), W64LIT(0xd6eded93ed3b7ec7), - W64LIT(0xe2cccc17cc2edb85), W64LIT(0x68424215422a5784), W64LIT(0x2c98985a98b4c22d), W64LIT(0xeda4a4aaa4490e55), - W64LIT(0x752828a0285d8850), W64LIT(0x865c5c6d5cda31b8), W64LIT(0x6bf8f8c7f8933fed), W64LIT(0xc28686228644a411), - - W64LIT(0x30d818186018c078), W64LIT(0x462623238c2305af), W64LIT(0x91b8c6c63fc67ef9), W64LIT(0xcdfbe8e887e8136f), - W64LIT(0x13cb878726874ca1), W64LIT(0x6d11b8b8dab8a962), W64LIT(0x0209010104010805), W64LIT(0x9e0d4f4f214f426e), - W64LIT(0x6c9b3636d836adee), W64LIT(0x51ffa6a6a2a65904), W64LIT(0xb90cd2d26fd2debd), W64LIT(0xf70ef5f5f3f5fb06), - W64LIT(0xf2967979f979ef80), W64LIT(0xde306f6fa16f5fce), W64LIT(0x3f6d91917e91fcef), W64LIT(0xa4f852525552aa07), - W64LIT(0xc04760609d6027fd), W64LIT(0x6535bcbccabc8976), W64LIT(0x2b379b9b569baccd), W64LIT(0x018a8e8e028e048c), - W64LIT(0x5bd2a3a3b6a37115), W64LIT(0x186c0c0c300c603c), W64LIT(0xf6847b7bf17bff8a), W64LIT(0x6a803535d435b5e1), - W64LIT(0x3af51d1d741de869), W64LIT(0xddb3e0e0a7e05347), W64LIT(0xb321d7d77bd7f6ac), W64LIT(0x999cc2c22fc25eed), - W64LIT(0x5c432e2eb82e6d96), W64LIT(0x96294b4b314b627a), W64LIT(0xe15dfefedffea321), W64LIT(0xaed5575741578216), - W64LIT(0x2abd15155415a841), W64LIT(0xeee87777c1779fb6), W64LIT(0x6e923737dc37a5eb), W64LIT(0xd79ee5e5b3e57b56), - W64LIT(0x23139f9f469f8cd9), W64LIT(0xfd23f0f0e7f0d317), W64LIT(0x94204a4a354a6a7f), W64LIT(0xa944dada4fda9e95), - W64LIT(0xb0a258587d58fa25), W64LIT(0x8fcfc9c903c906ca), W64LIT(0x527c2929a429558d), W64LIT(0x145a0a0a280a5022), - W64LIT(0x7f50b1b1feb1e14f), W64LIT(0x5dc9a0a0baa0691a), W64LIT(0xd6146b6bb16b7fda), W64LIT(0x17d985852e855cab), - W64LIT(0x673cbdbdcebd8173), W64LIT(0xba8f5d5d695dd234), W64LIT(0x2090101040108050), W64LIT(0xf507f4f4f7f4f303), - W64LIT(0x8bddcbcb0bcb16c0), W64LIT(0x7cd33e3ef83eedc6), W64LIT(0x0a2d050514052811), W64LIT(0xce78676781671fe6), - W64LIT(0xd597e4e4b7e47353), W64LIT(0x4e0227279c2725bb), W64LIT(0x8273414119413258), W64LIT(0x0ba78b8b168b2c9d), - W64LIT(0x53f6a7a7a6a75101), W64LIT(0xfab27d7de97dcf94), W64LIT(0x374995956e95dcfb), W64LIT(0xad56d8d847d88e9f), - W64LIT(0xeb70fbfbcbfb8b30), W64LIT(0xc1cdeeee9fee2371), W64LIT(0xf8bb7c7ced7cc791), W64LIT(0xcc716666856617e3), - W64LIT(0xa77bdddd53dda68e), W64LIT(0x2eaf17175c17b84b), W64LIT(0x8e45474701470246), W64LIT(0x211a9e9e429e84dc), - W64LIT(0x89d4caca0fca1ec5), W64LIT(0x5a582d2db42d7599), W64LIT(0x632ebfbfc6bf9179), W64LIT(0x0e3f07071c07381b), - W64LIT(0x47acadad8ead0123), W64LIT(0xb4b05a5a755aea2f), W64LIT(0x1bef838336836cb5), W64LIT(0x66b63333cc3385ff), - W64LIT(0xc65c636391633ff2), W64LIT(0x041202020802100a), W64LIT(0x4993aaaa92aa3938), W64LIT(0xe2de7171d971afa8), - W64LIT(0x8dc6c8c807c80ecf), W64LIT(0x32d119196419c87d), W64LIT(0x923b494939497270), W64LIT(0xaf5fd9d943d9869a), - W64LIT(0xf931f2f2eff2c31d), W64LIT(0xdba8e3e3abe34b48), W64LIT(0xb6b95b5b715be22a), W64LIT(0x0dbc88881a883492), - W64LIT(0x293e9a9a529aa4c8), W64LIT(0x4c0b262698262dbe), W64LIT(0x64bf3232c8328dfa), W64LIT(0x7d59b0b0fab0e94a), - W64LIT(0xcff2e9e983e91b6a), W64LIT(0x1e770f0f3c0f7833), W64LIT(0xb733d5d573d5e6a6), W64LIT(0x1df480803a8074ba), - W64LIT(0x6127bebec2be997c), W64LIT(0x87ebcdcd13cd26de), W64LIT(0x68893434d034bde4), W64LIT(0x903248483d487a75), - W64LIT(0xe354ffffdbffab24), W64LIT(0xf48d7a7af57af78f), W64LIT(0x3d6490907a90f4ea), W64LIT(0xbe9d5f5f615fc23e), - W64LIT(0x403d202080201da0), W64LIT(0xd00f6868bd6867d5), W64LIT(0x34ca1a1a681ad072), W64LIT(0x41b7aeae82ae192c), - W64LIT(0x757db4b4eab4c95e), W64LIT(0xa8ce54544d549a19), W64LIT(0x3b7f93937693ece5), W64LIT(0x442f222288220daa), - W64LIT(0xc86364648d6407e9), W64LIT(0xff2af1f1e3f1db12), W64LIT(0xe6cc7373d173bfa2), W64LIT(0x248212124812905a), - W64LIT(0x807a40401d403a5d), W64LIT(0x1048080820084028), W64LIT(0x9b95c3c32bc356e8), W64LIT(0xc5dfecec97ec337b), - W64LIT(0xab4ddbdb4bdb9690), W64LIT(0x5fc0a1a1bea1611f), W64LIT(0x07918d8d0e8d1c83), W64LIT(0x7ac83d3df43df5c9), - W64LIT(0x335b97976697ccf1), W64LIT(0x0000000000000000), W64LIT(0x83f9cfcf1bcf36d4), W64LIT(0x566e2b2bac2b4587), - W64LIT(0xece17676c57697b3), W64LIT(0x19e68282328264b0), W64LIT(0xb128d6d67fd6fea9), W64LIT(0x36c31b1b6c1bd877), - W64LIT(0x7774b5b5eeb5c15b), W64LIT(0x43beafaf86af1129), W64LIT(0xd41d6a6ab56a77df), W64LIT(0xa0ea50505d50ba0d), - W64LIT(0x8a5745450945124c), W64LIT(0xfb38f3f3ebf3cb18), W64LIT(0x60ad3030c0309df0), W64LIT(0xc3c4efef9bef2b74), - W64LIT(0x7eda3f3ffc3fe5c3), W64LIT(0xaac755554955921c), W64LIT(0x59dba2a2b2a27910), W64LIT(0xc9e9eaea8fea0365), - W64LIT(0xca6a656589650fec), W64LIT(0x6903babad2bab968), W64LIT(0x5e4a2f2fbc2f6593), W64LIT(0x9d8ec0c027c04ee7), - W64LIT(0xa160dede5fdebe81), W64LIT(0x38fc1c1c701ce06c), W64LIT(0xe746fdfdd3fdbb2e), W64LIT(0x9a1f4d4d294d5264), - W64LIT(0x397692927292e4e0), W64LIT(0xeafa7575c9758fbc), W64LIT(0x0c3606061806301e), W64LIT(0x09ae8a8a128a2498), - W64LIT(0x794bb2b2f2b2f940), W64LIT(0xd185e6e6bfe66359), W64LIT(0x1c7e0e0e380e7036), W64LIT(0x3ee71f1f7c1ff863), - W64LIT(0xc4556262956237f7), W64LIT(0xb53ad4d477d4eea3), W64LIT(0x4d81a8a89aa82932), W64LIT(0x315296966296c4f4), - W64LIT(0xef62f9f9c3f99b3a), W64LIT(0x97a3c5c533c566f6), W64LIT(0x4a102525942535b1), W64LIT(0xb2ab59597959f220), - W64LIT(0x15d084842a8454ae), W64LIT(0xe4c57272d572b7a7), W64LIT(0x72ec3939e439d5dd), W64LIT(0x98164c4c2d4c5a61), - W64LIT(0xbc945e5e655eca3b), W64LIT(0xf09f7878fd78e785), W64LIT(0x70e53838e038ddd8), W64LIT(0x05988c8c0a8c1486), - W64LIT(0xbf17d1d163d1c6b2), W64LIT(0x57e4a5a5aea5410b), W64LIT(0xd9a1e2e2afe2434d), W64LIT(0xc24e616199612ff8), - W64LIT(0x7b42b3b3f6b3f145), W64LIT(0x42342121842115a5), W64LIT(0x25089c9c4a9c94d6), W64LIT(0x3cee1e1e781ef066), - W64LIT(0x8661434311432252), W64LIT(0x93b1c7c73bc776fc), W64LIT(0xe54ffcfcd7fcb32b), W64LIT(0x0824040410042014), - W64LIT(0xa2e351515951b208), W64LIT(0x2f2599995e99bcc7), W64LIT(0xda226d6da96d4fc4), W64LIT(0x1a650d0d340d6839), - W64LIT(0xe979fafacffa8335), W64LIT(0xa369dfdf5bdfb684), W64LIT(0xfca97e7ee57ed79b), W64LIT(0x4819242490243db4), - W64LIT(0x76fe3b3bec3bc5d7), W64LIT(0x4b9aabab96ab313d), W64LIT(0x81f0cece1fce3ed1), W64LIT(0x2299111144118855), - W64LIT(0x03838f8f068f0c89), W64LIT(0x9c044e4e254e4a6b), W64LIT(0x7366b7b7e6b7d151), W64LIT(0xcbe0ebeb8beb0b60), - W64LIT(0x78c13c3cf03cfdcc), W64LIT(0x1ffd81813e817cbf), W64LIT(0x354094946a94d4fe), W64LIT(0xf31cf7f7fbf7eb0c), - W64LIT(0x6f18b9b9deb9a167), W64LIT(0x268b13134c13985f), W64LIT(0x58512c2cb02c7d9c), W64LIT(0xbb05d3d36bd3d6b8), - W64LIT(0xd38ce7e7bbe76b5c), W64LIT(0xdc396e6ea56e57cb), W64LIT(0x95aac4c437c46ef3), W64LIT(0x061b03030c03180f), - W64LIT(0xacdc565645568a13), W64LIT(0x885e44440d441a49), W64LIT(0xfea07f7fe17fdf9e), W64LIT(0x4f88a9a99ea92137), - W64LIT(0x54672a2aa82a4d82), W64LIT(0x6b0abbbbd6bbb16d), W64LIT(0x9f87c1c123c146e2), W64LIT(0xa6f153535153a202), - W64LIT(0xa572dcdc57dcae8b), W64LIT(0x16530b0b2c0b5827), W64LIT(0x27019d9d4e9d9cd3), W64LIT(0xd82b6c6cad6c47c1), - W64LIT(0x62a43131c43195f5), W64LIT(0xe8f37474cd7487b9), W64LIT(0xf115f6f6fff6e309), W64LIT(0x8c4c464605460a43), - W64LIT(0x45a5acac8aac0926), W64LIT(0x0fb589891e893c97), W64LIT(0x28b414145014a044), W64LIT(0xdfbae1e1a3e15b42), - W64LIT(0x2ca616165816b04e), W64LIT(0x74f73a3ae83acdd2), W64LIT(0xd2066969b9696fd0), W64LIT(0x124109092409482d), - W64LIT(0xe0d77070dd70a7ad), W64LIT(0x716fb6b6e2b6d954), W64LIT(0xbd1ed0d067d0ceb7), W64LIT(0xc7d6eded93ed3b7e), - W64LIT(0x85e2cccc17cc2edb), W64LIT(0x8468424215422a57), W64LIT(0x2d2c98985a98b4c2), W64LIT(0x55eda4a4aaa4490e), - W64LIT(0x50752828a0285d88), W64LIT(0xb8865c5c6d5cda31), W64LIT(0xed6bf8f8c7f8933f), W64LIT(0x11c28686228644a4), - - W64LIT(0x7830d818186018c0), W64LIT(0xaf462623238c2305), W64LIT(0xf991b8c6c63fc67e), W64LIT(0x6fcdfbe8e887e813), - W64LIT(0xa113cb878726874c), W64LIT(0x626d11b8b8dab8a9), W64LIT(0x0502090101040108), W64LIT(0x6e9e0d4f4f214f42), - W64LIT(0xee6c9b3636d836ad), W64LIT(0x0451ffa6a6a2a659), W64LIT(0xbdb90cd2d26fd2de), W64LIT(0x06f70ef5f5f3f5fb), - W64LIT(0x80f2967979f979ef), W64LIT(0xcede306f6fa16f5f), W64LIT(0xef3f6d91917e91fc), W64LIT(0x07a4f852525552aa), - W64LIT(0xfdc04760609d6027), W64LIT(0x766535bcbccabc89), W64LIT(0xcd2b379b9b569bac), W64LIT(0x8c018a8e8e028e04), - W64LIT(0x155bd2a3a3b6a371), W64LIT(0x3c186c0c0c300c60), W64LIT(0x8af6847b7bf17bff), W64LIT(0xe16a803535d435b5), - W64LIT(0x693af51d1d741de8), W64LIT(0x47ddb3e0e0a7e053), W64LIT(0xacb321d7d77bd7f6), W64LIT(0xed999cc2c22fc25e), - W64LIT(0x965c432e2eb82e6d), W64LIT(0x7a96294b4b314b62), W64LIT(0x21e15dfefedffea3), W64LIT(0x16aed55757415782), - W64LIT(0x412abd15155415a8), W64LIT(0xb6eee87777c1779f), W64LIT(0xeb6e923737dc37a5), W64LIT(0x56d79ee5e5b3e57b), - W64LIT(0xd923139f9f469f8c), W64LIT(0x17fd23f0f0e7f0d3), W64LIT(0x7f94204a4a354a6a), W64LIT(0x95a944dada4fda9e), - W64LIT(0x25b0a258587d58fa), W64LIT(0xca8fcfc9c903c906), W64LIT(0x8d527c2929a42955), W64LIT(0x22145a0a0a280a50), - W64LIT(0x4f7f50b1b1feb1e1), W64LIT(0x1a5dc9a0a0baa069), W64LIT(0xdad6146b6bb16b7f), W64LIT(0xab17d985852e855c), - W64LIT(0x73673cbdbdcebd81), W64LIT(0x34ba8f5d5d695dd2), W64LIT(0x5020901010401080), W64LIT(0x03f507f4f4f7f4f3), - W64LIT(0xc08bddcbcb0bcb16), W64LIT(0xc67cd33e3ef83eed), W64LIT(0x110a2d0505140528), W64LIT(0xe6ce78676781671f), - W64LIT(0x53d597e4e4b7e473), W64LIT(0xbb4e0227279c2725), W64LIT(0x5882734141194132), W64LIT(0x9d0ba78b8b168b2c), - W64LIT(0x0153f6a7a7a6a751), W64LIT(0x94fab27d7de97dcf), W64LIT(0xfb374995956e95dc), W64LIT(0x9fad56d8d847d88e), - W64LIT(0x30eb70fbfbcbfb8b), W64LIT(0x71c1cdeeee9fee23), W64LIT(0x91f8bb7c7ced7cc7), W64LIT(0xe3cc716666856617), - W64LIT(0x8ea77bdddd53dda6), W64LIT(0x4b2eaf17175c17b8), W64LIT(0x468e454747014702), W64LIT(0xdc211a9e9e429e84), - W64LIT(0xc589d4caca0fca1e), W64LIT(0x995a582d2db42d75), W64LIT(0x79632ebfbfc6bf91), W64LIT(0x1b0e3f07071c0738), - W64LIT(0x2347acadad8ead01), W64LIT(0x2fb4b05a5a755aea), W64LIT(0xb51bef838336836c), W64LIT(0xff66b63333cc3385), - W64LIT(0xf2c65c636391633f), W64LIT(0x0a04120202080210), W64LIT(0x384993aaaa92aa39), W64LIT(0xa8e2de7171d971af), - W64LIT(0xcf8dc6c8c807c80e), W64LIT(0x7d32d119196419c8), W64LIT(0x70923b4949394972), W64LIT(0x9aaf5fd9d943d986), - W64LIT(0x1df931f2f2eff2c3), W64LIT(0x48dba8e3e3abe34b), W64LIT(0x2ab6b95b5b715be2), W64LIT(0x920dbc88881a8834), - W64LIT(0xc8293e9a9a529aa4), W64LIT(0xbe4c0b262698262d), W64LIT(0xfa64bf3232c8328d), W64LIT(0x4a7d59b0b0fab0e9), - W64LIT(0x6acff2e9e983e91b), W64LIT(0x331e770f0f3c0f78), W64LIT(0xa6b733d5d573d5e6), W64LIT(0xba1df480803a8074), - W64LIT(0x7c6127bebec2be99), W64LIT(0xde87ebcdcd13cd26), W64LIT(0xe468893434d034bd), W64LIT(0x75903248483d487a), - W64LIT(0x24e354ffffdbffab), W64LIT(0x8ff48d7a7af57af7), W64LIT(0xea3d6490907a90f4), W64LIT(0x3ebe9d5f5f615fc2), - W64LIT(0xa0403d202080201d), W64LIT(0xd5d00f6868bd6867), W64LIT(0x7234ca1a1a681ad0), W64LIT(0x2c41b7aeae82ae19), - W64LIT(0x5e757db4b4eab4c9), W64LIT(0x19a8ce54544d549a), W64LIT(0xe53b7f93937693ec), W64LIT(0xaa442f222288220d), - W64LIT(0xe9c86364648d6407), W64LIT(0x12ff2af1f1e3f1db), W64LIT(0xa2e6cc7373d173bf), W64LIT(0x5a24821212481290), - W64LIT(0x5d807a40401d403a), W64LIT(0x2810480808200840), W64LIT(0xe89b95c3c32bc356), W64LIT(0x7bc5dfecec97ec33), - W64LIT(0x90ab4ddbdb4bdb96), W64LIT(0x1f5fc0a1a1bea161), W64LIT(0x8307918d8d0e8d1c), W64LIT(0xc97ac83d3df43df5), - W64LIT(0xf1335b97976697cc), W64LIT(0x0000000000000000), W64LIT(0xd483f9cfcf1bcf36), W64LIT(0x87566e2b2bac2b45), - W64LIT(0xb3ece17676c57697), W64LIT(0xb019e68282328264), W64LIT(0xa9b128d6d67fd6fe), W64LIT(0x7736c31b1b6c1bd8), - W64LIT(0x5b7774b5b5eeb5c1), W64LIT(0x2943beafaf86af11), W64LIT(0xdfd41d6a6ab56a77), W64LIT(0x0da0ea50505d50ba), - W64LIT(0x4c8a574545094512), W64LIT(0x18fb38f3f3ebf3cb), W64LIT(0xf060ad3030c0309d), W64LIT(0x74c3c4efef9bef2b), - W64LIT(0xc37eda3f3ffc3fe5), W64LIT(0x1caac75555495592), W64LIT(0x1059dba2a2b2a279), W64LIT(0x65c9e9eaea8fea03), - W64LIT(0xecca6a656589650f), W64LIT(0x686903babad2bab9), W64LIT(0x935e4a2f2fbc2f65), W64LIT(0xe79d8ec0c027c04e), - W64LIT(0x81a160dede5fdebe), W64LIT(0x6c38fc1c1c701ce0), W64LIT(0x2ee746fdfdd3fdbb), W64LIT(0x649a1f4d4d294d52), - W64LIT(0xe0397692927292e4), W64LIT(0xbceafa7575c9758f), W64LIT(0x1e0c360606180630), W64LIT(0x9809ae8a8a128a24), - W64LIT(0x40794bb2b2f2b2f9), W64LIT(0x59d185e6e6bfe663), W64LIT(0x361c7e0e0e380e70), W64LIT(0x633ee71f1f7c1ff8), - W64LIT(0xf7c4556262956237), W64LIT(0xa3b53ad4d477d4ee), W64LIT(0x324d81a8a89aa829), W64LIT(0xf4315296966296c4), - W64LIT(0x3aef62f9f9c3f99b), W64LIT(0xf697a3c5c533c566), W64LIT(0xb14a102525942535), W64LIT(0x20b2ab59597959f2), - W64LIT(0xae15d084842a8454), W64LIT(0xa7e4c57272d572b7), W64LIT(0xdd72ec3939e439d5), W64LIT(0x6198164c4c2d4c5a), - W64LIT(0x3bbc945e5e655eca), W64LIT(0x85f09f7878fd78e7), W64LIT(0xd870e53838e038dd), W64LIT(0x8605988c8c0a8c14), - W64LIT(0xb2bf17d1d163d1c6), W64LIT(0x0b57e4a5a5aea541), W64LIT(0x4dd9a1e2e2afe243), W64LIT(0xf8c24e616199612f), - W64LIT(0x457b42b3b3f6b3f1), W64LIT(0xa542342121842115), W64LIT(0xd625089c9c4a9c94), W64LIT(0x663cee1e1e781ef0), - W64LIT(0x5286614343114322), W64LIT(0xfc93b1c7c73bc776), W64LIT(0x2be54ffcfcd7fcb3), W64LIT(0x1408240404100420), - W64LIT(0x08a2e351515951b2), W64LIT(0xc72f2599995e99bc), W64LIT(0xc4da226d6da96d4f), W64LIT(0x391a650d0d340d68), - W64LIT(0x35e979fafacffa83), W64LIT(0x84a369dfdf5bdfb6), W64LIT(0x9bfca97e7ee57ed7), W64LIT(0xb44819242490243d), - W64LIT(0xd776fe3b3bec3bc5), W64LIT(0x3d4b9aabab96ab31), W64LIT(0xd181f0cece1fce3e), W64LIT(0x5522991111441188), - W64LIT(0x8903838f8f068f0c), W64LIT(0x6b9c044e4e254e4a), W64LIT(0x517366b7b7e6b7d1), W64LIT(0x60cbe0ebeb8beb0b), - W64LIT(0xcc78c13c3cf03cfd), W64LIT(0xbf1ffd81813e817c), W64LIT(0xfe354094946a94d4), W64LIT(0x0cf31cf7f7fbf7eb), - W64LIT(0x676f18b9b9deb9a1), W64LIT(0x5f268b13134c1398), W64LIT(0x9c58512c2cb02c7d), W64LIT(0xb8bb05d3d36bd3d6), - W64LIT(0x5cd38ce7e7bbe76b), W64LIT(0xcbdc396e6ea56e57), W64LIT(0xf395aac4c437c46e), W64LIT(0x0f061b03030c0318), - W64LIT(0x13acdc565645568a), W64LIT(0x49885e44440d441a), W64LIT(0x9efea07f7fe17fdf), W64LIT(0x374f88a9a99ea921), - W64LIT(0x8254672a2aa82a4d), W64LIT(0x6d6b0abbbbd6bbb1), W64LIT(0xe29f87c1c123c146), W64LIT(0x02a6f153535153a2), - W64LIT(0x8ba572dcdc57dcae), W64LIT(0x2716530b0b2c0b58), W64LIT(0xd327019d9d4e9d9c), W64LIT(0xc1d82b6c6cad6c47), - W64LIT(0xf562a43131c43195), W64LIT(0xb9e8f37474cd7487), W64LIT(0x09f115f6f6fff6e3), W64LIT(0x438c4c464605460a), - W64LIT(0x2645a5acac8aac09), W64LIT(0x970fb589891e893c), W64LIT(0x4428b414145014a0), W64LIT(0x42dfbae1e1a3e15b), - W64LIT(0x4e2ca616165816b0), W64LIT(0xd274f73a3ae83acd), W64LIT(0xd0d2066969b9696f), W64LIT(0x2d12410909240948), - W64LIT(0xade0d77070dd70a7), W64LIT(0x54716fb6b6e2b6d9), W64LIT(0xb7bd1ed0d067d0ce), W64LIT(0x7ec7d6eded93ed3b), - W64LIT(0xdb85e2cccc17cc2e), W64LIT(0x578468424215422a), W64LIT(0xc22d2c98985a98b4), W64LIT(0x0e55eda4a4aaa449), - W64LIT(0x8850752828a0285d), W64LIT(0x31b8865c5c6d5cda), W64LIT(0x3fed6bf8f8c7f893), W64LIT(0xa411c28686228644), - - W64LIT(0x1823c6e887b8014f), - W64LIT(0x36a6d2f5796f9152), - W64LIT(0x60bc9b8ea30c7b35), - W64LIT(0x1de0d7c22e4bfe57), - W64LIT(0x157737e59ff04ada), - W64LIT(0x58c9290ab1a06b85), - W64LIT(0xbd5d10f4cb3e0567), - W64LIT(0xe427418ba77d95d8), - W64LIT(0xfbee7c66dd17479e), - W64LIT(0xca2dbf07ad5a8333) -}; - -// Whirlpool basic transformation. Transforms state based on block. -void Whirlpool::Transform(word64 *digest, const word64 *block) -{ -#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE - if (HasISSE()) - { - // MMX version has the same structure as C version below -#ifdef __GNUC__ - #if CRYPTOPP_BOOL_X64 - word64 workspace[16]; - #endif - __asm__ __volatile__ - ( - ".intel_syntax noprefix;" - AS_PUSH_IF86( bx) - AS2( mov AS_REG_6, WORD_REG(ax)) -#else - #if _MSC_VER < 1300 - AS_PUSH_IF86( bx) - #endif - AS2( lea AS_REG_6, [Whirlpool_C]) - AS2( mov WORD_REG(cx), digest) - AS2( mov WORD_REG(dx), block) -#endif -#if CRYPTOPP_BOOL_X86 - AS2( mov eax, esp) - AS2( and esp, -16) - AS2( sub esp, 16*8) - AS1( push eax) - #define SSE2_workspace esp+WORD_SZ -#else - #define SSE2_workspace %3 -#endif - AS2( xor esi, esi) - ASL(0) - AS2( movq mm0, [WORD_REG(cx)+8*WORD_REG(si)]) - AS2( movq [SSE2_workspace+8*WORD_REG(si)], mm0) // k - AS2( pxor mm0, [WORD_REG(dx)+8*WORD_REG(si)]) - AS2( movq [SSE2_workspace+64+8*WORD_REG(si)], mm0) // s - AS2( movq [WORD_REG(cx)+8*WORD_REG(si)], mm0) - AS1( inc WORD_REG(si)) - AS2( cmp WORD_REG(si), 8) - ASJ( jne, 0, b) - - AS2( xor esi, esi) - ASL(1) - -#define KSL0(a, b) AS2(movq mm##a, b) -#define KSL1(a, b) AS2(pxor mm##a, b) - -#define KSL(op, i, a, b, c, d) \ - AS2(mov eax, [SSE2_workspace+8*i])\ - AS2(movzx edi, al)\ - KSL##op(a, [AS_REG_6+3*2048+8*WORD_REG(di)])\ - AS2(movzx edi, ah)\ - KSL##op(b, [AS_REG_6+2*2048+8*WORD_REG(di)])\ - AS2(shr eax, 16)\ - AS2(movzx edi, al)\ - AS2(shr eax, 8)\ - KSL##op(c, [AS_REG_6+1*2048+8*WORD_REG(di)])\ - KSL##op(d, [AS_REG_6+0*2048+8*WORD_REG(ax)]) - -#define KSH0(a, b) \ - ASS(pshufw mm##a, mm##a, 1, 0, 3, 2)\ - AS2(pxor mm##a, b) -#define KSH1(a, b) \ - AS2(pxor mm##a, b) -#define KSH2(a, b) \ - AS2(pxor mm##a, b)\ - AS2(movq [SSE2_workspace+8*a], mm##a) - -#define KSH(op, i, a, b, c, d) \ - AS2(mov eax, [SSE2_workspace+8*((i+4)-8*((i+4)/8))+4])\ - AS2(movzx edi, al)\ - KSH##op(a, [AS_REG_6+3*2048+8*WORD_REG(di)])\ - AS2(movzx edi, ah)\ - KSH##op(b, [AS_REG_6+2*2048+8*WORD_REG(di)])\ - AS2(shr eax, 16)\ - AS2(movzx edi, al)\ - AS2(shr eax, 8)\ - KSH##op(c, [AS_REG_6+1*2048+8*WORD_REG(di)])\ - KSH##op(d, [AS_REG_6+0*2048+8*WORD_REG(ax)]) - -#define TSL(op, i, a, b, c, d) \ - AS2(mov eax, [SSE2_workspace+64+8*i])\ - AS2(movzx edi, al)\ - KSL##op(a, [AS_REG_6+3*2048+8*WORD_REG(di)])\ - AS2(movzx edi, ah)\ - KSL##op(b, [AS_REG_6+2*2048+8*WORD_REG(di)])\ - AS2(shr eax, 16)\ - AS2(movzx edi, al)\ - AS2(shr eax, 8)\ - KSL##op(c, [AS_REG_6+1*2048+8*WORD_REG(di)])\ - KSL##op(d, [AS_REG_6+0*2048+8*WORD_REG(ax)]) - -#define TSH0(a, b) \ - ASS(pshufw mm##a, mm##a, 1, 0, 3, 2)\ - AS2(pxor mm##a, [SSE2_workspace+8*a])\ - AS2(pxor mm##a, b) -#define TSH1(a, b) \ - AS2(pxor mm##a, b) -#define TSH2(a, b) \ - AS2(pxor mm##a, b)\ - AS2(movq [SSE2_workspace+64+8*a], mm##a) -#define TSH3(a, b) \ - AS2(pxor mm##a, b)\ - AS2(pxor mm##a, [WORD_REG(cx)+8*a])\ - AS2(movq [WORD_REG(cx)+8*a], mm##a) - -#define TSH(op, i, a, b, c, d) \ - AS2(mov eax, [SSE2_workspace+64+8*((i+4)-8*((i+4)/8))+4])\ - AS2(movzx edi, al)\ - TSH##op(a, [AS_REG_6+3*2048+8*WORD_REG(di)])\ - AS2(movzx edi, ah)\ - TSH##op(b, [AS_REG_6+2*2048+8*WORD_REG(di)])\ - AS2(shr eax, 16)\ - AS2(movzx edi, al)\ - AS2(shr eax, 8)\ - TSH##op(c, [AS_REG_6+1*2048+8*WORD_REG(di)])\ - TSH##op(d, [AS_REG_6+0*2048+8*WORD_REG(ax)]) - - KSL(0, 4, 3, 2, 1, 0) - KSL(0, 0, 7, 6, 5, 4) - KSL(1, 1, 0, 7, 6, 5) - KSL(1, 2, 1, 0, 7, 6) - KSL(1, 3, 2, 1, 0, 7) - KSL(1, 5, 4, 3, 2, 1) - KSL(1, 6, 5, 4, 3, 2) - KSL(1, 7, 6, 5, 4, 3) - KSH(0, 0, 7, 6, 5, 4) - KSH(0, 4, 3, 2, 1, 0) - KSH(1, 1, 0, 7, 6, 5) - KSH(1, 2, 1, 0, 7, 6) - KSH(1, 5, 4, 3, 2, 1) - KSH(1, 6, 5, 4, 3, 2) - KSH(2, 3, 2, 1, 0, 7) - KSH(2, 7, 6, 5, 4, 3) - - AS2( pxor mm0, [AS_REG_6 + 8*1024 + WORD_REG(si)*8]) - AS2( movq [SSE2_workspace], mm0) - - TSL(0, 4, 3, 2, 1, 0) - TSL(0, 0, 7, 6, 5, 4) - TSL(1, 1, 0, 7, 6, 5) - TSL(1, 2, 1, 0, 7, 6) - TSL(1, 3, 2, 1, 0, 7) - TSL(1, 5, 4, 3, 2, 1) - TSL(1, 6, 5, 4, 3, 2) - TSL(1, 7, 6, 5, 4, 3) - TSH(0, 0, 7, 6, 5, 4) - TSH(0, 4, 3, 2, 1, 0) - TSH(1, 1, 0, 7, 6, 5) - TSH(1, 2, 1, 0, 7, 6) - TSH(1, 5, 4, 3, 2, 1) - TSH(1, 6, 5, 4, 3, 2) - - AS1( inc WORD_REG(si)) - AS2( cmp WORD_REG(si), 10) - ASJ( je, 2, f) - - TSH(2, 3, 2, 1, 0, 7) - TSH(2, 7, 6, 5, 4, 3) - - ASJ( jmp, 1, b) - ASL(2) - - TSH(3, 3, 2, 1, 0, 7) - TSH(3, 7, 6, 5, 4, 3) - -#undef KSL -#undef KSH -#undef TSL -#undef TSH - - AS_POP_IF86( sp) - AS1( emms) - -#if defined(__GNUC__) || (defined(_MSC_VER) && _MSC_VER < 1300) - AS_POP_IF86( bx) -#endif -#ifdef __GNUC__ - ".att_syntax prefix;" - : - : "a" (Whirlpool_C), "c" (digest), "d" (block) - #if CRYPTOPP_BOOL_X64 - , "r" (workspace) - #endif - : "%esi", "%edi", "memory", "cc" - #if CRYPTOPP_BOOL_X64 - , "%r9" - #endif - ); -#endif - } - else -#endif // #ifdef CRYPTOPP_X86_ASM_AVAILABLE - { - word64 s[8]; // the cipher state - word64 k[8]; // the round key - - // Compute and apply K^0 to the cipher state - // Also apply part of the Miyaguchi-Preneel compression function - for (int i=0; i<8; i++) - digest[i] = s[i] = block[i] ^ (k[i] = digest[i]); - -#define KSL(op, i, a, b, c, d) \ - t = (word32)k[i];\ - w##a = Whirlpool_C[3*256 + (byte)t] ^ (op ? w##a : 0);\ - t >>= 8;\ - w##b = Whirlpool_C[2*256 + (byte)t] ^ (op ? w##b : 0);\ - t >>= 8;\ - w##c = Whirlpool_C[1*256 + (byte)t] ^ (op ? w##c : 0);\ - t >>= 8;\ - w##d = Whirlpool_C[0*256 + t] ^ (op ? w##d : 0); - -#define KSH(op, i, a, b, c, d) \ - t = (word32)(k[(i+4)%8]>>32);\ - w##a = Whirlpool_C[3*256 + (byte)t] ^ (op ? w##a : rotrFixed(w##a, 32));\ - if (op==2) k[a] = w##a;\ - t >>= 8;\ - w##b = Whirlpool_C[2*256 + (byte)t] ^ (op ? w##b : rotrFixed(w##b, 32));\ - if (op==2) k[b] = w##b;\ - t >>= 8;\ - w##c = Whirlpool_C[1*256 + (byte)t] ^ (op ? w##c : rotrFixed(w##c, 32));\ - if (op==2) k[c] = w##c;\ - t >>= 8;\ - w##d = Whirlpool_C[0*256 + t] ^ (op ? w##d : rotrFixed(w##d, 32));\ - if (op==2) k[d] = w##d;\ - -#define TSL(op, i, a, b, c, d) \ - t = (word32)s[i];\ - w##a = Whirlpool_C[3*256 + (byte)t] ^ (op ? w##a : 0);\ - t >>= 8;\ - w##b = Whirlpool_C[2*256 + (byte)t] ^ (op ? w##b : 0);\ - t >>= 8;\ - w##c = Whirlpool_C[1*256 + (byte)t] ^ (op ? w##c : 0);\ - t >>= 8;\ - w##d = Whirlpool_C[0*256 + t] ^ (op ? w##d : 0); - -#define TSH_OP(op, a, b) \ - w##a = Whirlpool_C[b*256 + (byte)t] ^ (op ? w##a : rotrFixed(w##a, 32) ^ k[a]);\ - if (op==2) s[a] = w##a;\ - if (op==3) digest[a] ^= w##a;\ - -#define TSH(op, i, a, b, c, d) \ - t = (word32)(s[(i+4)%8]>>32);\ - TSH_OP(op, a, 3);\ - t >>= 8;\ - TSH_OP(op, b, 2);\ - t >>= 8;\ - TSH_OP(op, c, 1);\ - t >>= 8;\ - TSH_OP(op, d, 0);\ - - // Iterate over all rounds: - int r=0; - while (true) - { - word64 w0, w1, w2, w3, w4, w5, w6, w7; // temporary storage - word32 t; - - KSL(0, 4, 3, 2, 1, 0) - KSL(0, 0, 7, 6, 5, 4) - KSL(1, 1, 0, 7, 6, 5) - KSL(1, 2, 1, 0, 7, 6) - KSL(1, 3, 2, 1, 0, 7) - KSL(1, 5, 4, 3, 2, 1) - KSL(1, 6, 5, 4, 3, 2) - KSL(1, 7, 6, 5, 4, 3) - KSH(0, 0, 7, 6, 5, 4) - KSH(0, 4, 3, 2, 1, 0) - KSH(1, 1, 0, 7, 6, 5) - KSH(1, 2, 1, 0, 7, 6) - KSH(1, 5, 4, 3, 2, 1) - KSH(1, 6, 5, 4, 3, 2) - KSH(2, 3, 2, 1, 0, 7) - KSH(2, 7, 6, 5, 4, 3) - - k[0] ^= Whirlpool_C[1024+r]; - - TSL(0, 4, 3, 2, 1, 0) - TSL(0, 0, 7, 6, 5, 4) - TSL(1, 1, 0, 7, 6, 5) - TSL(1, 2, 1, 0, 7, 6) - TSL(1, 3, 2, 1, 0, 7) - TSL(1, 5, 4, 3, 2, 1) - TSL(1, 6, 5, 4, 3, 2) - TSL(1, 7, 6, 5, 4, 3) - TSH(0, 0, 7, 6, 5, 4) - TSH(0, 4, 3, 2, 1, 0) - TSH(1, 1, 0, 7, 6, 5) - TSH(1, 2, 1, 0, 7, 6) - TSH(1, 5, 4, 3, 2, 1) - TSH(1, 6, 5, 4, 3, 2) - - if (++r < R) - { - TSH(2, 3, 2, 1, 0, 7) - TSH(2, 7, 6, 5, 4, 3) - } - else - { - TSH(3, 3, 2, 1, 0, 7) - TSH(3, 7, 6, 5, 4, 3) - break; - } - } - } -} - -NAMESPACE_END diff --git a/cryptopp562/whrlpool.h b/cryptopp562/whrlpool.h deleted file mode 100644 index 62c9d8a..0000000 --- a/cryptopp562/whrlpool.h +++ /dev/null @@ -1,21 +0,0 @@ -#ifndef CRYPTOPP_WHIRLPOOL_H -#define CRYPTOPP_WHIRLPOOL_H - -#include "config.h" -#include "iterhash.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! <a href="http://www.cryptolounge.org/wiki/Whirlpool">Whirlpool</a> -class Whirlpool : public IteratedHashWithStaticTransform<word64, BigEndian, 64, 64, Whirlpool> -{ -public: - static void InitState(HashWordType *state); - static void Transform(word64 *digest, const word64 *data); - void TruncatedFinal(byte *hash, size_t size); - static const char * StaticAlgorithmName() {return "Whirlpool";} -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/winpipes.cpp b/cryptopp562/winpipes.cpp deleted file mode 100644 index 1c2e047..0000000 --- a/cryptopp562/winpipes.cpp +++ /dev/null @@ -1,205 +0,0 @@ -// winpipes.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "winpipes.h" - -#ifdef WINDOWS_PIPES_AVAILABLE - -#include "wait.h" - -NAMESPACE_BEGIN(CryptoPP) - -WindowsHandle::WindowsHandle(HANDLE h, bool own) - : m_h(h), m_own(own) -{ -} - -WindowsHandle::~WindowsHandle() -{ - if (m_own) - { - try - { - CloseHandle(); - } - catch (...) - { - } - } -} - -bool WindowsHandle::HandleValid() const -{ - return m_h && m_h != INVALID_HANDLE_VALUE; -} - -void WindowsHandle::AttachHandle(HANDLE h, bool own) -{ - if (m_own) - CloseHandle(); - - m_h = h; - m_own = own; - HandleChanged(); -} - -HANDLE WindowsHandle::DetachHandle() -{ - HANDLE h = m_h; - m_h = INVALID_HANDLE_VALUE; - HandleChanged(); - return h; -} - -void WindowsHandle::CloseHandle() -{ - if (m_h != INVALID_HANDLE_VALUE) - { - ::CloseHandle(m_h); - m_h = INVALID_HANDLE_VALUE; - HandleChanged(); - } -} - -// ******************************************************** - -void WindowsPipe::HandleError(const char *operation) const -{ - DWORD err = GetLastError(); - throw Err(GetHandle(), operation, err); -} - -WindowsPipe::Err::Err(HANDLE s, const std::string& operation, int error) - : OS_Error(IO_ERROR, "WindowsPipe: " + operation + " operation failed with error 0x" + IntToString(error, 16), operation, error) - , m_h(s) -{ -} - -// ************************************************************* - -WindowsPipeReceiver::WindowsPipeReceiver() - : m_resultPending(false), m_eofReceived(false) -{ - m_event.AttachHandle(CreateEvent(NULL, true, false, NULL), true); - CheckAndHandleError("CreateEvent", m_event.HandleValid()); - memset(&m_overlapped, 0, sizeof(m_overlapped)); - m_overlapped.hEvent = m_event; -} - -bool WindowsPipeReceiver::Receive(byte* buf, size_t bufLen) -{ - assert(!m_resultPending && !m_eofReceived); - - HANDLE h = GetHandle(); - // don't queue too much at once, or we might use up non-paged memory - if (ReadFile(h, buf, UnsignedMin((DWORD)128*1024, bufLen), &m_lastResult, &m_overlapped)) - { - if (m_lastResult == 0) - m_eofReceived = true; - } - else - { - switch (GetLastError()) - { - default: - CheckAndHandleError("ReadFile", false); - case ERROR_BROKEN_PIPE: - case ERROR_HANDLE_EOF: - m_lastResult = 0; - m_eofReceived = true; - break; - case ERROR_IO_PENDING: - m_resultPending = true; - } - } - return !m_resultPending; -} - -void WindowsPipeReceiver::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (m_resultPending) - container.AddHandle(m_event, CallStack("WindowsPipeReceiver::GetWaitObjects() - result pending", &callStack)); - else if (!m_eofReceived) - container.SetNoWait(CallStack("WindowsPipeReceiver::GetWaitObjects() - result ready", &callStack)); -} - -unsigned int WindowsPipeReceiver::GetReceiveResult() -{ - if (m_resultPending) - { - HANDLE h = GetHandle(); - if (GetOverlappedResult(h, &m_overlapped, &m_lastResult, false)) - { - if (m_lastResult == 0) - m_eofReceived = true; - } - else - { - switch (GetLastError()) - { - default: - CheckAndHandleError("GetOverlappedResult", false); - case ERROR_BROKEN_PIPE: - case ERROR_HANDLE_EOF: - m_lastResult = 0; - m_eofReceived = true; - } - } - m_resultPending = false; - } - return m_lastResult; -} - -// ************************************************************* - -WindowsPipeSender::WindowsPipeSender() - : m_resultPending(false), m_lastResult(0) -{ - m_event.AttachHandle(CreateEvent(NULL, true, false, NULL), true); - CheckAndHandleError("CreateEvent", m_event.HandleValid()); - memset(&m_overlapped, 0, sizeof(m_overlapped)); - m_overlapped.hEvent = m_event; -} - -void WindowsPipeSender::Send(const byte* buf, size_t bufLen) -{ - DWORD written = 0; - HANDLE h = GetHandle(); - // don't queue too much at once, or we might use up non-paged memory - if (WriteFile(h, buf, UnsignedMin((DWORD)128*1024, bufLen), &written, &m_overlapped)) - { - m_resultPending = false; - m_lastResult = written; - } - else - { - if (GetLastError() != ERROR_IO_PENDING) - CheckAndHandleError("WriteFile", false); - - m_resultPending = true; - } -} - -void WindowsPipeSender::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (m_resultPending) - container.AddHandle(m_event, CallStack("WindowsPipeSender::GetWaitObjects() - result pending", &callStack)); - else - container.SetNoWait(CallStack("WindowsPipeSender::GetWaitObjects() - result ready", &callStack)); -} - -unsigned int WindowsPipeSender::GetSendResult() -{ - if (m_resultPending) - { - HANDLE h = GetHandle(); - BOOL result = GetOverlappedResult(h, &m_overlapped, &m_lastResult, false); - CheckAndHandleError("GetOverlappedResult", result); - m_resultPending = false; - } - return m_lastResult; -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/winpipes.h b/cryptopp562/winpipes.h deleted file mode 100644 index ade93bb..0000000 --- a/cryptopp562/winpipes.h +++ /dev/null @@ -1,142 +0,0 @@ -#ifndef CRYPTOPP_WINPIPES_H -#define CRYPTOPP_WINPIPES_H - -#include "config.h" - -#ifdef WINDOWS_PIPES_AVAILABLE - -#include "network.h" -#include "queue.h" -#include <winsock2.h> - -NAMESPACE_BEGIN(CryptoPP) - -//! Windows Handle -class WindowsHandle -{ -public: - WindowsHandle(HANDLE h = INVALID_HANDLE_VALUE, bool own=false); - WindowsHandle(const WindowsHandle &h) : m_h(h.m_h), m_own(false) {} - virtual ~WindowsHandle(); - - bool GetOwnership() const {return m_own;} - void SetOwnership(bool own) {m_own = own;} - - operator HANDLE() {return m_h;} - HANDLE GetHandle() const {return m_h;} - bool HandleValid() const; - void AttachHandle(HANDLE h, bool own=false); - HANDLE DetachHandle(); - void CloseHandle(); - -protected: - virtual void HandleChanged() {} - - HANDLE m_h; - bool m_own; -}; - -//! Windows Pipe -class WindowsPipe -{ -public: - class Err : public OS_Error - { - public: - Err(HANDLE h, const std::string& operation, int error); - HANDLE GetHandle() const {return m_h;} - - private: - HANDLE m_h; - }; - -protected: - virtual HANDLE GetHandle() const =0; - virtual void HandleError(const char *operation) const; - void CheckAndHandleError(const char *operation, BOOL result) const - {assert(result==TRUE || result==FALSE); if (!result) HandleError(operation);} -}; - -//! pipe-based implementation of NetworkReceiver -class WindowsPipeReceiver : public WindowsPipe, public NetworkReceiver -{ -public: - WindowsPipeReceiver(); - - bool MustWaitForResult() {return true;} - bool Receive(byte* buf, size_t bufLen); - unsigned int GetReceiveResult(); - bool EofReceived() const {return m_eofReceived;} - - unsigned int GetMaxWaitObjectCount() const {return 1;} - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - -private: - WindowsHandle m_event; - OVERLAPPED m_overlapped; - bool m_resultPending; - DWORD m_lastResult; - bool m_eofReceived; -}; - -//! pipe-based implementation of NetworkSender -class WindowsPipeSender : public WindowsPipe, public NetworkSender -{ -public: - WindowsPipeSender(); - - bool MustWaitForResult() {return true;} - void Send(const byte* buf, size_t bufLen); - unsigned int GetSendResult(); - bool MustWaitForEof() { return false; } - void SendEof() {} - - unsigned int GetMaxWaitObjectCount() const {return 1;} - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - -private: - WindowsHandle m_event; - OVERLAPPED m_overlapped; - bool m_resultPending; - DWORD m_lastResult; -}; - -//! Windows Pipe Source -class WindowsPipeSource : public WindowsHandle, public NetworkSource, public WindowsPipeReceiver -{ -public: - WindowsPipeSource(HANDLE h=INVALID_HANDLE_VALUE, bool pumpAll=false, BufferedTransformation *attachment=NULL) - : WindowsHandle(h), NetworkSource(attachment) - { - if (pumpAll) - PumpAll(); - } - - using NetworkSource::GetMaxWaitObjectCount; - using NetworkSource::GetWaitObjects; - -private: - HANDLE GetHandle() const {return WindowsHandle::GetHandle();} - NetworkReceiver & AccessReceiver() {return *this;} -}; - -//! Windows Pipe Sink -class WindowsPipeSink : public WindowsHandle, public NetworkSink, public WindowsPipeSender -{ -public: - WindowsPipeSink(HANDLE h=INVALID_HANDLE_VALUE, unsigned int maxBufferSize=0, unsigned int autoFlushBound=16*1024) - : WindowsHandle(h), NetworkSink(maxBufferSize, autoFlushBound) {} - - using NetworkSink::GetMaxWaitObjectCount; - using NetworkSink::GetWaitObjects; - -private: - HANDLE GetHandle() const {return WindowsHandle::GetHandle();} - NetworkSender & AccessSender() {return *this;} -}; - -NAMESPACE_END - -#endif - -#endif diff --git a/cryptopp562/words.h b/cryptopp562/words.h deleted file mode 100644 index d5fda71..0000000 --- a/cryptopp562/words.h +++ /dev/null @@ -1,103 +0,0 @@ -#ifndef CRYPTOPP_WORDS_H -#define CRYPTOPP_WORDS_H - -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -inline size_t CountWords(const word *X, size_t N) -{ - while (N && X[N-1]==0) - N--; - return N; -} - -inline void SetWords(word *r, word a, size_t n) -{ - for (size_t i=0; i<n; i++) - r[i] = a; -} - -inline void CopyWords(word *r, const word *a, size_t n) -{ - if (r != a) - memcpy(r, a, n*WORD_SIZE); -} - -inline void XorWords(word *r, const word *a, const word *b, size_t n) -{ - for (size_t i=0; i<n; i++) - r[i] = a[i] ^ b[i]; -} - -inline void XorWords(word *r, const word *a, size_t n) -{ - for (size_t i=0; i<n; i++) - r[i] ^= a[i]; -} - -inline void AndWords(word *r, const word *a, const word *b, size_t n) -{ - for (size_t i=0; i<n; i++) - r[i] = a[i] & b[i]; -} - -inline void AndWords(word *r, const word *a, size_t n) -{ - for (size_t i=0; i<n; i++) - r[i] &= a[i]; -} - -inline word ShiftWordsLeftByBits(word *r, size_t n, unsigned int shiftBits) -{ - assert (shiftBits<WORD_BITS); - word u, carry=0; - if (shiftBits) - for (size_t i=0; i<n; i++) - { - u = r[i]; - r[i] = (u << shiftBits) | carry; - carry = u >> (WORD_BITS-shiftBits); - } - return carry; -} - -inline word ShiftWordsRightByBits(word *r, size_t n, unsigned int shiftBits) -{ - assert (shiftBits<WORD_BITS); - word u, carry=0; - if (shiftBits) - for (size_t i=n; i>0; i--) - { - u = r[i-1]; - r[i-1] = (u >> shiftBits) | carry; - carry = u << (WORD_BITS-shiftBits); - } - return carry; -} - -inline void ShiftWordsLeftByWords(word *r, size_t n, size_t shiftWords) -{ - shiftWords = STDMIN(shiftWords, n); - if (shiftWords) - { - for (size_t i=n-1; i>=shiftWords; i--) - r[i] = r[i-shiftWords]; - SetWords(r, 0, shiftWords); - } -} - -inline void ShiftWordsRightByWords(word *r, size_t n, size_t shiftWords) -{ - shiftWords = STDMIN(shiftWords, n); - if (shiftWords) - { - for (size_t i=0; i+shiftWords<n; i++) - r[i] = r[i+shiftWords]; - SetWords(r+n-shiftWords, 0, shiftWords); - } -} - -NAMESPACE_END - -#endif diff --git a/cryptopp562/x64dll.asm b/cryptopp562/x64dll.asm deleted file mode 100644 index 0d07f36..0000000 --- a/cryptopp562/x64dll.asm +++ /dev/null @@ -1,1968 +0,0 @@ -include ksamd64.inc -EXTERNDEF ?Te@rdtable@CryptoPP@@3PA_KA:FAR -EXTERNDEF ?g_cacheLineSize@CryptoPP@@3IA:FAR -EXTERNDEF ?SHA256_K@CryptoPP@@3QBIB:FAR -.CODE - - ALIGN 8 -Baseline_Add PROC - lea rdx, [rdx+8*rcx] - lea r8, [r8+8*rcx] - lea r9, [r9+8*rcx] - neg rcx ; rcx is negative index - jz $1@Baseline_Add - mov rax,[r8+8*rcx] - add rax,[r9+8*rcx] - mov [rdx+8*rcx],rax -$0@Baseline_Add: - mov rax,[r8+8*rcx+8] - adc rax,[r9+8*rcx+8] - mov [rdx+8*rcx+8],rax - lea rcx,[rcx+2] ; advance index, avoid inc which causes slowdown on Intel Core 2 - jrcxz $1@Baseline_Add ; loop until rcx overflows and becomes zero - mov rax,[r8+8*rcx] - adc rax,[r9+8*rcx] - mov [rdx+8*rcx],rax - jmp $0@Baseline_Add -$1@Baseline_Add: - mov rax, 0 - adc rax, rax ; store carry into rax (return result register) - ret -Baseline_Add ENDP - - ALIGN 8 -Baseline_Sub PROC - lea rdx, [rdx+8*rcx] - lea r8, [r8+8*rcx] - lea r9, [r9+8*rcx] - neg rcx ; rcx is negative index - jz $1@Baseline_Sub - mov rax,[r8+8*rcx] - sub rax,[r9+8*rcx] - mov [rdx+8*rcx],rax -$0@Baseline_Sub: - mov rax,[r8+8*rcx+8] - sbb rax,[r9+8*rcx+8] - mov [rdx+8*rcx+8],rax - lea rcx,[rcx+2] ; advance index, avoid inc which causes slowdown on Intel Core 2 - jrcxz $1@Baseline_Sub ; loop until rcx overflows and becomes zero - mov rax,[r8+8*rcx] - sbb rax,[r9+8*rcx] - mov [rdx+8*rcx],rax - jmp $0@Baseline_Sub -$1@Baseline_Sub: - mov rax, 0 - adc rax, rax ; store carry into rax (return result register) - - ret -Baseline_Sub ENDP - -ALIGN 8 -Rijndael_Enc_AdvancedProcessBlocks PROC FRAME -rex_push_reg rsi -push_reg rdi -push_reg rbx -push_reg r12 -.endprolog -mov r8, rcx -mov r11, ?Te@rdtable@CryptoPP@@3PA_KA -mov edi, DWORD PTR [?g_cacheLineSize@CryptoPP@@3IA] -mov rsi, [(r8+16*19)] -mov rax, 16 -and rax, rsi -movdqa xmm3, XMMWORD PTR [rdx+16+rax] -movdqa [(r8+16*12)], xmm3 -lea rax, [rdx+rax+2*16] -sub rax, rsi -label0: -movdqa xmm0, [rax+rsi] -movdqa XMMWORD PTR [(r8+0)+rsi], xmm0 -add rsi, 16 -cmp rsi, 16*12 -jl label0 -movdqa xmm4, [rax+rsi] -movdqa xmm1, [rdx] -mov r12d, [rdx+4*4] -mov ebx, [rdx+5*4] -mov ecx, [rdx+6*4] -mov edx, [rdx+7*4] -xor rax, rax -label9: -mov esi, [r11+rax] -add rax, rdi -mov esi, [r11+rax] -add rax, rdi -mov esi, [r11+rax] -add rax, rdi -mov esi, [r11+rax] -add rax, rdi -cmp rax, 2048 -jl label9 -lfence -test DWORD PTR [(r8+16*18+8)], 1 -jz label8 -mov rsi, [(r8+16*14)] -movdqu xmm2, [rsi] -pxor xmm2, xmm1 -psrldq xmm1, 14 -movd eax, xmm1 -mov al, BYTE PTR [rsi+15] -mov r10d, eax -movd eax, xmm2 -psrldq xmm2, 4 -movd edi, xmm2 -psrldq xmm2, 4 -movzx esi, al -xor r12d, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor edx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor ecx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor ebx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, edi -movd edi, xmm2 -psrldq xmm2, 4 -movzx esi, al -xor ebx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor r12d, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor edx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor ecx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, edi -movd edi, xmm2 -movzx esi, al -xor ecx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor ebx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor r12d, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor edx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, edi -movzx esi, al -xor edx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor ecx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor ebx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -psrldq xmm2, 3 -mov eax, [(r8+16*12)+0*4] -mov edi, [(r8+16*12)+2*4] -mov r9d, [(r8+16*12)+3*4] -movzx esi, cl -xor r9d, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, bl -xor edi, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, bh -xor r9d, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr ebx, 16 -movzx esi, bl -xor eax, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, bh -mov ebx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -xor ebx, [(r8+16*12)+1*4] -movzx esi, ch -xor eax, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr ecx, 16 -movzx esi, dl -xor eax, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, dh -xor ebx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr edx, 16 -movzx esi, ch -xor edi, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, cl -xor ebx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, dl -xor edi, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, dh -xor r9d, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movd ecx, xmm2 -mov edx, r12d -mov [(r8+0)+3*4], r9d -mov [(r8+0)+0*4], eax -mov [(r8+0)+1*4], ebx -mov [(r8+0)+2*4], edi -jmp label5 -label3: -mov r12d, [(r8+16*12)+0*4] -mov ebx, [(r8+16*12)+1*4] -mov ecx, [(r8+16*12)+2*4] -mov edx, [(r8+16*12)+3*4] -label8: -mov rax, [(r8+16*14)] -movdqu xmm2, [rax] -mov rsi, [(r8+16*14)+8] -movdqu xmm5, [rsi] -pxor xmm2, xmm1 -pxor xmm2, xmm5 -movd eax, xmm2 -psrldq xmm2, 4 -movd edi, xmm2 -psrldq xmm2, 4 -movzx esi, al -xor r12d, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor edx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor ecx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor ebx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, edi -movd edi, xmm2 -psrldq xmm2, 4 -movzx esi, al -xor ebx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor r12d, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor edx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor ecx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, edi -movd edi, xmm2 -movzx esi, al -xor ecx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor ebx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor r12d, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor edx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, edi -movzx esi, al -xor edx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ah -xor ecx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -shr eax, 16 -movzx esi, al -xor ebx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, ah -xor r12d, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov eax, r12d -add r8, [(r8+16*19)] -add r8, 4*16 -jmp label2 -label1: -mov ecx, r10d -mov edx, r12d -mov eax, [(r8+0)+0*4] -mov ebx, [(r8+0)+1*4] -xor cl, ch -and rcx, 255 -label5: -add r10d, 1 -xor edx, DWORD PTR [r11+rcx*8+3] -movzx esi, dl -xor ebx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, dh -mov ecx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr edx, 16 -xor ecx, [(r8+0)+2*4] -movzx esi, dh -xor eax, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, dl -mov edx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -xor edx, [(r8+0)+3*4] -add r8, [(r8+16*19)] -add r8, 3*16 -jmp label4 -label2: -mov r9d, [(r8+0)-4*16+3*4] -mov edi, [(r8+0)-4*16+2*4] -movzx esi, cl -xor r9d, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov cl, al -movzx esi, ah -xor edi, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr eax, 16 -movzx esi, bl -xor edi, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, bh -xor r9d, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr ebx, 16 -movzx esi, al -xor r9d, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, ah -mov eax, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, bl -xor eax, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, bh -mov ebx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ch -xor eax, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, cl -xor ebx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -shr ecx, 16 -movzx esi, dl -xor eax, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, dh -xor ebx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr edx, 16 -movzx esi, ch -xor edi, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, cl -xor ebx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, dl -xor edi, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, dh -xor r9d, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -mov ecx, edi -xor eax, [(r8+0)-4*16+0*4] -xor ebx, [(r8+0)-4*16+1*4] -mov edx, r9d -label4: -mov r9d, [(r8+0)-4*16+7*4] -mov edi, [(r8+0)-4*16+6*4] -movzx esi, cl -xor r9d, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -mov cl, al -movzx esi, ah -xor edi, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr eax, 16 -movzx esi, bl -xor edi, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, bh -xor r9d, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr ebx, 16 -movzx esi, al -xor r9d, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, ah -mov eax, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, bl -xor eax, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, bh -mov ebx, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, ch -xor eax, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -movzx esi, cl -xor ebx, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -shr ecx, 16 -movzx esi, dl -xor eax, DWORD PTR [r11+8*rsi+(((3+3) MOD (4))+1)] -movzx esi, dh -xor ebx, DWORD PTR [r11+8*rsi+(((2+3) MOD (4))+1)] -shr edx, 16 -movzx esi, ch -xor edi, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -movzx esi, cl -xor ebx, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, dl -xor edi, DWORD PTR [r11+8*rsi+(((1+3) MOD (4))+1)] -movzx esi, dh -xor r9d, DWORD PTR [r11+8*rsi+(((0+3) MOD (4))+1)] -mov ecx, edi -xor eax, [(r8+0)-4*16+4*4] -xor ebx, [(r8+0)-4*16+5*4] -mov edx, r9d -add r8, 32 -test r8, 255 -jnz label2 -sub r8, 16*16 -movzx esi, ch -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, dl -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+2], di -movzx esi, dh -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, al -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+6], di -shr edx, 16 -movzx esi, ah -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, bl -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+10], di -shr eax, 16 -movzx esi, bh -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, cl -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+14], di -shr ebx, 16 -movzx esi, dh -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, al -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+12], di -shr ecx, 16 -movzx esi, ah -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, bl -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+0], di -movzx esi, bh -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, cl -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+4], di -movzx esi, ch -movzx edi, BYTE PTR [r11+rsi*8+1] -movzx esi, dl -xor edi, DWORD PTR [r11+rsi*8+0] -mov WORD PTR [(r8+16*13)+8], di -mov rax, [(r8+16*14)+16] -mov rbx, [(r8+16*14)+24] -mov rcx, [(r8+16*18+8)] -sub rcx, 16 -movdqu xmm2, [rax] -pxor xmm2, xmm4 -movdqa xmm0, [(r8+16*16)+16] -paddq xmm0, [(r8+16*14)+16] -movdqa [(r8+16*14)+16], xmm0 -pxor xmm2, [(r8+16*13)] -movdqu [rbx], xmm2 -jle label7 -mov [(r8+16*18+8)], rcx -test rcx, 1 -jnz label1 -movdqa xmm0, [(r8+16*16)] -paddq xmm0, [(r8+16*14)] -movdqa [(r8+16*14)], xmm0 -jmp label3 -label7: -xorps xmm0, xmm0 -lea rax, [(r8+0)+7*16] -movaps [rax-7*16], xmm0 -movaps [rax-6*16], xmm0 -movaps [rax-5*16], xmm0 -movaps [rax-4*16], xmm0 -movaps [rax-3*16], xmm0 -movaps [rax-2*16], xmm0 -movaps [rax-1*16], xmm0 -movaps [rax+0*16], xmm0 -movaps [rax+1*16], xmm0 -movaps [rax+2*16], xmm0 -movaps [rax+3*16], xmm0 -movaps [rax+4*16], xmm0 -movaps [rax+5*16], xmm0 -movaps [rax+6*16], xmm0 -pop r12 -pop rbx -pop rdi -pop rsi -ret -Rijndael_Enc_AdvancedProcessBlocks ENDP - -ALIGN 8 -GCM_AuthenticateBlocks_2K PROC FRAME -rex_push_reg rsi -push_reg rdi -push_reg rbx -.endprolog -mov rsi, r8 -mov r11, r9 -movdqa xmm0, [rsi] -label0: -movdqu xmm4, [rcx] -pxor xmm0, xmm4 -movd ebx, xmm0 -mov eax, 0f0f0f0f0h -and eax, ebx -shl ebx, 4 -and ebx, 0f0f0f0f0h -movzx edi, ah -movdqa xmm5, XMMWORD PTR [rsi + 32 + 1024 + rdi] -movzx edi, al -movdqa xmm4, XMMWORD PTR [rsi + 32 + 1024 + rdi] -shr eax, 16 -movzx edi, ah -movdqa xmm3, XMMWORD PTR [rsi + 32 + 1024 + rdi] -movzx edi, al -movdqa xmm2, XMMWORD PTR [rsi + 32 + 1024 + rdi] -psrldq xmm0, 4 -movd eax, xmm0 -and eax, 0f0f0f0f0h -movzx edi, bh -pxor xmm5, XMMWORD PTR [rsi + 32 + (1-1)*256 + rdi] -movzx edi, bl -pxor xmm4, XMMWORD PTR [rsi + 32 + (1-1)*256 + rdi] -shr ebx, 16 -movzx edi, bh -pxor xmm3, XMMWORD PTR [rsi + 32 + (1-1)*256 + rdi] -movzx edi, bl -pxor xmm2, XMMWORD PTR [rsi + 32 + (1-1)*256 + rdi] -movd ebx, xmm0 -shl ebx, 4 -and ebx, 0f0f0f0f0h -movzx edi, ah -pxor xmm5, XMMWORD PTR [rsi + 32 + 1024 + 1*256 + rdi] -movzx edi, al -pxor xmm4, XMMWORD PTR [rsi + 32 + 1024 + 1*256 + rdi] -shr eax, 16 -movzx edi, ah -pxor xmm3, XMMWORD PTR [rsi + 32 + 1024 + 1*256 + rdi] -movzx edi, al -pxor xmm2, XMMWORD PTR [rsi + 32 + 1024 + 1*256 + rdi] -psrldq xmm0, 4 -movd eax, xmm0 -and eax, 0f0f0f0f0h -movzx edi, bh -pxor xmm5, XMMWORD PTR [rsi + 32 + (2-1)*256 + rdi] -movzx edi, bl -pxor xmm4, XMMWORD PTR [rsi + 32 + (2-1)*256 + rdi] -shr ebx, 16 -movzx edi, bh -pxor xmm3, XMMWORD PTR [rsi + 32 + (2-1)*256 + rdi] -movzx edi, bl -pxor xmm2, XMMWORD PTR [rsi + 32 + (2-1)*256 + rdi] -movd ebx, xmm0 -shl ebx, 4 -and ebx, 0f0f0f0f0h -movzx edi, ah -pxor xmm5, XMMWORD PTR [rsi + 32 + 1024 + 2*256 + rdi] -movzx edi, al -pxor xmm4, XMMWORD PTR [rsi + 32 + 1024 + 2*256 + rdi] -shr eax, 16 -movzx edi, ah -pxor xmm3, XMMWORD PTR [rsi + 32 + 1024 + 2*256 + rdi] -movzx edi, al -pxor xmm2, XMMWORD PTR [rsi + 32 + 1024 + 2*256 + rdi] -psrldq xmm0, 4 -movd eax, xmm0 -and eax, 0f0f0f0f0h -movzx edi, bh -pxor xmm5, XMMWORD PTR [rsi + 32 + (3-1)*256 + rdi] -movzx edi, bl -pxor xmm4, XMMWORD PTR [rsi + 32 + (3-1)*256 + rdi] -shr ebx, 16 -movzx edi, bh -pxor xmm3, XMMWORD PTR [rsi + 32 + (3-1)*256 + rdi] -movzx edi, bl -pxor xmm2, XMMWORD PTR [rsi + 32 + (3-1)*256 + rdi] -movd ebx, xmm0 -shl ebx, 4 -and ebx, 0f0f0f0f0h -movzx edi, ah -pxor xmm5, XMMWORD PTR [rsi + 32 + 1024 + 3*256 + rdi] -movzx edi, al -pxor xmm4, XMMWORD PTR [rsi + 32 + 1024 + 3*256 + rdi] -shr eax, 16 -movzx edi, ah -pxor xmm3, XMMWORD PTR [rsi + 32 + 1024 + 3*256 + rdi] -movzx edi, al -pxor xmm2, XMMWORD PTR [rsi + 32 + 1024 + 3*256 + rdi] -movzx edi, bh -pxor xmm5, XMMWORD PTR [rsi + 32 + 3*256 + rdi] -movzx edi, bl -pxor xmm4, XMMWORD PTR [rsi + 32 + 3*256 + rdi] -shr ebx, 16 -movzx edi, bh -pxor xmm3, XMMWORD PTR [rsi + 32 + 3*256 + rdi] -movzx edi, bl -pxor xmm2, XMMWORD PTR [rsi + 32 + 3*256 + rdi] -movdqa xmm0, xmm3 -pslldq xmm3, 1 -pxor xmm2, xmm3 -movdqa xmm1, xmm2 -pslldq xmm2, 1 -pxor xmm5, xmm2 -psrldq xmm0, 15 -movd rdi, xmm0 -movzx eax, WORD PTR [r11 + rdi*2] -shl eax, 8 -movdqa xmm0, xmm5 -pslldq xmm5, 1 -pxor xmm4, xmm5 -psrldq xmm1, 15 -movd rdi, xmm1 -xor ax, WORD PTR [r11 + rdi*2] -shl eax, 8 -psrldq xmm0, 15 -movd rdi, xmm0 -xor ax, WORD PTR [r11 + rdi*2] -movd xmm0, eax -pxor xmm0, xmm4 -add rcx, 16 -sub rdx, 1 -jnz label0 -movdqa [rsi], xmm0 -pop rbx -pop rdi -pop rsi -ret -GCM_AuthenticateBlocks_2K ENDP - -ALIGN 8 -GCM_AuthenticateBlocks_64K PROC FRAME -rex_push_reg rsi -push_reg rdi -.endprolog -mov rsi, r8 -movdqa xmm0, [rsi] -label1: -movdqu xmm1, [rcx] -pxor xmm1, xmm0 -pxor xmm0, xmm0 -movd eax, xmm1 -psrldq xmm1, 4 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (0*4+0)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (0*4+1)*256*16 + rdi*8] -shr eax, 16 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (0*4+2)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (0*4+3)*256*16 + rdi*8] -movd eax, xmm1 -psrldq xmm1, 4 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (1*4+0)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (1*4+1)*256*16 + rdi*8] -shr eax, 16 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (1*4+2)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (1*4+3)*256*16 + rdi*8] -movd eax, xmm1 -psrldq xmm1, 4 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (2*4+0)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (2*4+1)*256*16 + rdi*8] -shr eax, 16 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (2*4+2)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (2*4+3)*256*16 + rdi*8] -movd eax, xmm1 -psrldq xmm1, 4 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (3*4+0)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (3*4+1)*256*16 + rdi*8] -shr eax, 16 -movzx edi, al -add rdi, rdi -pxor xmm0, [rsi + 32 + (3*4+2)*256*16 + rdi*8] -movzx edi, ah -add rdi, rdi -pxor xmm0, [rsi + 32 + (3*4+3)*256*16 + rdi*8] -add rcx, 16 -sub rdx, 1 -jnz label1 -movdqa [rsi], xmm0 -pop rdi -pop rsi -ret -GCM_AuthenticateBlocks_64K ENDP - -ALIGN 8 -X86_SHA256_HashBlocks PROC FRAME -rex_push_reg rsi -push_reg rdi -push_reg rbx -push_reg rbp -alloc_stack(8*4 + 16*4 + 4*8 + 8) -.endprolog -mov rdi, r8 -lea rsi, [?SHA256_K@CryptoPP@@3QBIB + 48*4] -mov [rsp+8*4+16*4+1*8], rcx -mov [rsp+8*4+16*4+2*8], rdx -add rdi, rdx -mov [rsp+8*4+16*4+3*8], rdi -movdqa xmm0, XMMWORD PTR [rcx+0*16] -movdqa xmm1, XMMWORD PTR [rcx+1*16] -mov [rsp+8*4+16*4+0*8], rsi -label0: -sub rsi, 48*4 -movdqa [rsp+((1024+7-(0+3)) MOD (8))*4], xmm1 -movdqa [rsp+((1024+7-(0+7)) MOD (8))*4], xmm0 -mov rbx, [rdx+0*8] -bswap rbx -mov [rsp+8*4+((1024+15-(0*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+1*8] -bswap rbx -mov [rsp+8*4+((1024+15-(1*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+2*8] -bswap rbx -mov [rsp+8*4+((1024+15-(2*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+3*8] -bswap rbx -mov [rsp+8*4+((1024+15-(3*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+4*8] -bswap rbx -mov [rsp+8*4+((1024+15-(4*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+5*8] -bswap rbx -mov [rsp+8*4+((1024+15-(5*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+6*8] -bswap rbx -mov [rsp+8*4+((1024+15-(6*(1+1)+1)) MOD (16))*4], rbx -mov rbx, [rdx+7*8] -bswap rbx -mov [rsp+8*4+((1024+15-(7*(1+1)+1)) MOD (16))*4], rbx -mov edi, [rsp+((1024+7-(0+3)) MOD (8))*4] -mov eax, [rsp+((1024+7-(0+6)) MOD (8))*4] -xor eax, [rsp+((1024+7-(0+5)) MOD (8))*4] -mov ecx, [rsp+((1024+7-(0+7)) MOD (8))*4] -mov edx, [rsp+((1024+7-(0+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(0+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(0+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(0)*4] -add edx, [rsp+8*4+((1024+15-(0)) MOD (16))*4] -add edx, [rsp+((1024+7-(0)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(0+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(0+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(0+4)) MOD (8))*4] -mov [rsp+((1024+7-(0+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(0)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(1+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(1+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(1+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(1)*4] -add edi, [rsp+8*4+((1024+15-(1)) MOD (16))*4] -add edi, [rsp+((1024+7-(1)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(1+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(1+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(1+4)) MOD (8))*4] -mov [rsp+((1024+7-(1+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(1)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(2+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(2+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(2+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(2)*4] -add edx, [rsp+8*4+((1024+15-(2)) MOD (16))*4] -add edx, [rsp+((1024+7-(2)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(2+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(2+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(2+4)) MOD (8))*4] -mov [rsp+((1024+7-(2+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(2)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(3+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(3+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(3+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(3)*4] -add edi, [rsp+8*4+((1024+15-(3)) MOD (16))*4] -add edi, [rsp+((1024+7-(3)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(3+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(3+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(3+4)) MOD (8))*4] -mov [rsp+((1024+7-(3+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(3)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(4+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(4+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(4+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(4)*4] -add edx, [rsp+8*4+((1024+15-(4)) MOD (16))*4] -add edx, [rsp+((1024+7-(4)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(4+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(4+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(4+4)) MOD (8))*4] -mov [rsp+((1024+7-(4+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(4)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(5+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(5+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(5+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(5)*4] -add edi, [rsp+8*4+((1024+15-(5)) MOD (16))*4] -add edi, [rsp+((1024+7-(5)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(5+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(5+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(5+4)) MOD (8))*4] -mov [rsp+((1024+7-(5+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(5)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(6+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(6+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(6+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(6)*4] -add edx, [rsp+8*4+((1024+15-(6)) MOD (16))*4] -add edx, [rsp+((1024+7-(6)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(6+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(6+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(6+4)) MOD (8))*4] -mov [rsp+((1024+7-(6+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(6)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(7+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(7+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(7+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(7)*4] -add edi, [rsp+8*4+((1024+15-(7)) MOD (16))*4] -add edi, [rsp+((1024+7-(7)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(7+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(7+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(7+4)) MOD (8))*4] -mov [rsp+((1024+7-(7+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(7)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(8+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(8+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(8+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(8)*4] -add edx, [rsp+8*4+((1024+15-(8)) MOD (16))*4] -add edx, [rsp+((1024+7-(8)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(8+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(8+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(8+4)) MOD (8))*4] -mov [rsp+((1024+7-(8+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(8)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(9+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(9+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(9+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(9)*4] -add edi, [rsp+8*4+((1024+15-(9)) MOD (16))*4] -add edi, [rsp+((1024+7-(9)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(9+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(9+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(9+4)) MOD (8))*4] -mov [rsp+((1024+7-(9+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(9)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(10+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(10+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(10+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(10)*4] -add edx, [rsp+8*4+((1024+15-(10)) MOD (16))*4] -add edx, [rsp+((1024+7-(10)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(10+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(10+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(10+4)) MOD (8))*4] -mov [rsp+((1024+7-(10+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(10)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(11+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(11+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(11+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(11)*4] -add edi, [rsp+8*4+((1024+15-(11)) MOD (16))*4] -add edi, [rsp+((1024+7-(11)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(11+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(11+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(11+4)) MOD (8))*4] -mov [rsp+((1024+7-(11+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(11)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(12+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(12+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(12+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(12)*4] -add edx, [rsp+8*4+((1024+15-(12)) MOD (16))*4] -add edx, [rsp+((1024+7-(12)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(12+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(12+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(12+4)) MOD (8))*4] -mov [rsp+((1024+7-(12+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(12)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(13+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(13+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(13+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(13)*4] -add edi, [rsp+8*4+((1024+15-(13)) MOD (16))*4] -add edi, [rsp+((1024+7-(13)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(13+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(13+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(13+4)) MOD (8))*4] -mov [rsp+((1024+7-(13+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(13)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(14+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(14+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(14+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -add edx, [rsi+(14)*4] -add edx, [rsp+8*4+((1024+15-(14)) MOD (16))*4] -add edx, [rsp+((1024+7-(14)) MOD (8))*4] -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(14+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(14+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(14+4)) MOD (8))*4] -mov [rsp+((1024+7-(14+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(14)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(15+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(15+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(15+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -add edi, [rsi+(15)*4] -add edi, [rsp+8*4+((1024+15-(15)) MOD (16))*4] -add edi, [rsp+((1024+7-(15)) MOD (8))*4] -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(15+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(15+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(15+4)) MOD (8))*4] -mov [rsp+((1024+7-(15+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(15)) MOD (8))*4], ecx -label1: -add rsi, 4*16 -mov edx, [rsp+((1024+7-(0+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(0+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(0+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((0)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((0)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((0)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(0)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(0)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(0)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(0)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(0+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(0+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(0+4)) MOD (8))*4] -mov [rsp+((1024+7-(0+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(0)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(1+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(1+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(1+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((1)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((1)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((1)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(1)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(1)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(1)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(1)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(1+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(1+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(1+4)) MOD (8))*4] -mov [rsp+((1024+7-(1+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(1)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(2+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(2+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(2+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((2)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((2)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((2)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(2)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(2)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(2)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(2)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(2+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(2+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(2+4)) MOD (8))*4] -mov [rsp+((1024+7-(2+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(2)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(3+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(3+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(3+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((3)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((3)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((3)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(3)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(3)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(3)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(3)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(3+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(3+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(3+4)) MOD (8))*4] -mov [rsp+((1024+7-(3+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(3)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(4+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(4+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(4+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((4)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((4)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((4)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(4)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(4)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(4)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(4)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(4+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(4+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(4+4)) MOD (8))*4] -mov [rsp+((1024+7-(4+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(4)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(5+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(5+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(5+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((5)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((5)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((5)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(5)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(5)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(5)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(5)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(5+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(5+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(5+4)) MOD (8))*4] -mov [rsp+((1024+7-(5+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(5)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(6+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(6+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(6+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((6)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((6)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((6)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(6)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(6)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(6)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(6)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(6+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(6+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(6+4)) MOD (8))*4] -mov [rsp+((1024+7-(6+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(6)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(7+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(7+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(7+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((7)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((7)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((7)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(7)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(7)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(7)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(7)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(7+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(7+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(7+4)) MOD (8))*4] -mov [rsp+((1024+7-(7+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(7)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(8+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(8+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(8+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((8)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((8)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((8)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(8)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(8)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(8)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(8)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(8+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(8+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(8+4)) MOD (8))*4] -mov [rsp+((1024+7-(8+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(8)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(9+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(9+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(9+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((9)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((9)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((9)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(9)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(9)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(9)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(9)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(9+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(9+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(9+4)) MOD (8))*4] -mov [rsp+((1024+7-(9+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(9)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(10+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(10+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(10+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((10)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((10)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((10)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(10)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(10)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(10)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(10)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(10+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(10+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(10+4)) MOD (8))*4] -mov [rsp+((1024+7-(10+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(10)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(11+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(11+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(11+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((11)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((11)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((11)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(11)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(11)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(11)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(11)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(11+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(11+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(11+4)) MOD (8))*4] -mov [rsp+((1024+7-(11+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(11)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(12+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(12+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(12+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((12)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((12)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((12)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(12)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(12)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(12)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(12)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(12+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(12+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(12+4)) MOD (8))*4] -mov [rsp+((1024+7-(12+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(12)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(13+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(13+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(13+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((13)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((13)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((13)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(13)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(13)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(13)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(13)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(13+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(13+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(13+4)) MOD (8))*4] -mov [rsp+((1024+7-(13+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(13)) MOD (8))*4], ecx -mov edx, [rsp+((1024+7-(14+2)) MOD (8))*4] -xor edx, [rsp+((1024+7-(14+1)) MOD (8))*4] -and edx, edi -xor edx, [rsp+((1024+7-(14+1)) MOD (8))*4] -mov ebp, edi -ror edi, 6 -ror ebp, 25 -xor ebp, edi -ror edi, 5 -xor ebp, edi -add edx, ebp -mov ebp, [rsp+8*4+((1024+15-((14)-2)) MOD (16))*4] -mov edi, [rsp+8*4+((1024+15-((14)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((14)-7)) MOD (16))*4] -mov ebp, edi -shr ebp, 3 -ror edi, 7 -add ebx, [rsp+8*4+((1024+15-(14)) MOD (16))*4] -xor ebp, edi -add edx, [rsi+(14)*4] -ror edi, 11 -add edx, [rsp+((1024+7-(14)) MOD (8))*4] -xor ebp, edi -add ebp, ebx -mov [rsp+8*4+((1024+15-(14)) MOD (16))*4], ebp -add edx, ebp -mov ebx, ecx -xor ecx, [rsp+((1024+7-(14+6)) MOD (8))*4] -and eax, ecx -xor eax, [rsp+((1024+7-(14+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add eax, edx -add edx, [rsp+((1024+7-(14+4)) MOD (8))*4] -mov [rsp+((1024+7-(14+4)) MOD (8))*4], edx -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add eax, ebp -mov [rsp+((1024+7-(14)) MOD (8))*4], eax -mov edi, [rsp+((1024+7-(15+2)) MOD (8))*4] -xor edi, [rsp+((1024+7-(15+1)) MOD (8))*4] -and edi, edx -xor edi, [rsp+((1024+7-(15+1)) MOD (8))*4] -mov ebp, edx -ror edx, 6 -ror ebp, 25 -xor ebp, edx -ror edx, 5 -xor ebp, edx -add edi, ebp -mov ebp, [rsp+8*4+((1024+15-((15)-2)) MOD (16))*4] -mov edx, [rsp+8*4+((1024+15-((15)-15)) MOD (16))*4] -mov ebx, ebp -shr ebp, 10 -ror ebx, 17 -xor ebp, ebx -ror ebx, 2 -xor ebx, ebp -add ebx, [rsp+8*4+((1024+15-((15)-7)) MOD (16))*4] -mov ebp, edx -shr ebp, 3 -ror edx, 7 -add ebx, [rsp+8*4+((1024+15-(15)) MOD (16))*4] -xor ebp, edx -add edi, [rsi+(15)*4] -ror edx, 11 -add edi, [rsp+((1024+7-(15)) MOD (8))*4] -xor ebp, edx -add ebp, ebx -mov [rsp+8*4+((1024+15-(15)) MOD (16))*4], ebp -add edi, ebp -mov ebx, eax -xor eax, [rsp+((1024+7-(15+6)) MOD (8))*4] -and ecx, eax -xor ecx, [rsp+((1024+7-(15+6)) MOD (8))*4] -mov ebp, ebx -ror ebx, 2 -add ecx, edi -add edi, [rsp+((1024+7-(15+4)) MOD (8))*4] -mov [rsp+((1024+7-(15+4)) MOD (8))*4], edi -ror ebp, 22 -xor ebp, ebx -ror ebx, 11 -xor ebp, ebx -add ecx, ebp -mov [rsp+((1024+7-(15)) MOD (8))*4], ecx -cmp rsi, [rsp+8*4+16*4+0*8] -jne label1 -mov rcx, [rsp+8*4+16*4+1*8] -movdqa xmm1, XMMWORD PTR [rcx+1*16] -movdqa xmm0, XMMWORD PTR [rcx+0*16] -paddd xmm1, [rsp+((1024+7-(0+3)) MOD (8))*4] -paddd xmm0, [rsp+((1024+7-(0+7)) MOD (8))*4] -movdqa [rcx+1*16], xmm1 -movdqa [rcx+0*16], xmm0 -mov rdx, [rsp+8*4+16*4+2*8] -add rdx, 64 -mov [rsp+8*4+16*4+2*8], rdx -cmp rdx, [rsp+8*4+16*4+3*8] -jne label0 -add rsp, 8*4 + 16*4 + 4*8 + 8 -pop rbp -pop rbx -pop rdi -pop rsi -ret -X86_SHA256_HashBlocks ENDP - -_TEXT ENDS -END diff --git a/cryptopp562/x64masm.asm b/cryptopp562/x64masm.asm deleted file mode 100644 index c7ff836..0000000 --- a/cryptopp562/x64masm.asm +++ /dev/null @@ -1,1565 +0,0 @@ -include ksamd64.inc -EXTERNDEF s_sosemanukMulTables:FAR -.CODE - -ALIGN 8 -Salsa20_OperateKeystream PROC FRAME -mov r10, [rsp + 5*8] -alloc_stack(10*16 + 32*16 + 8) -save_xmm128 xmm6, 0200h -save_xmm128 xmm7, 0210h -save_xmm128 xmm8, 0220h -save_xmm128 xmm9, 0230h -save_xmm128 xmm10, 0240h -save_xmm128 xmm11, 0250h -save_xmm128 xmm12, 0260h -save_xmm128 xmm13, 0270h -save_xmm128 xmm14, 0280h -save_xmm128 xmm15, 0290h -.endprolog -cmp r8, 4 -jl label5 -movdqa xmm0, [r10 + 0*16] -movdqa xmm1, [r10 + 1*16] -movdqa xmm2, [r10 + 2*16] -movdqa xmm3, [r10 + 3*16] -pshufd xmm4, xmm0, 0*64+0*16+0*4+0 -movdqa [rsp + (0*4+0)*16 + 256], xmm4 -pshufd xmm4, xmm0, 1*64+1*16+1*4+1 -movdqa [rsp + (0*4+1)*16 + 256], xmm4 -pshufd xmm4, xmm0, 2*64+2*16+2*4+2 -movdqa [rsp + (0*4+2)*16 + 256], xmm4 -pshufd xmm4, xmm0, 3*64+3*16+3*4+3 -movdqa [rsp + (0*4+3)*16 + 256], xmm4 -pshufd xmm4, xmm1, 0*64+0*16+0*4+0 -movdqa [rsp + (1*4+0)*16 + 256], xmm4 -pshufd xmm4, xmm1, 2*64+2*16+2*4+2 -movdqa [rsp + (1*4+2)*16 + 256], xmm4 -pshufd xmm4, xmm1, 3*64+3*16+3*4+3 -movdqa [rsp + (1*4+3)*16 + 256], xmm4 -pshufd xmm4, xmm2, 1*64+1*16+1*4+1 -movdqa [rsp + (2*4+1)*16 + 256], xmm4 -pshufd xmm4, xmm2, 2*64+2*16+2*4+2 -movdqa [rsp + (2*4+2)*16 + 256], xmm4 -pshufd xmm4, xmm2, 3*64+3*16+3*4+3 -movdqa [rsp + (2*4+3)*16 + 256], xmm4 -pshufd xmm4, xmm3, 0*64+0*16+0*4+0 -movdqa [rsp + (3*4+0)*16 + 256], xmm4 -pshufd xmm4, xmm3, 1*64+1*16+1*4+1 -movdqa [rsp + (3*4+1)*16 + 256], xmm4 -pshufd xmm4, xmm3, 2*64+2*16+2*4+2 -movdqa [rsp + (3*4+2)*16 + 256], xmm4 -pshufd xmm4, xmm3, 3*64+3*16+3*4+3 -movdqa [rsp + (3*4+3)*16 + 256], xmm4 -label1: -mov eax, dword ptr [r10 + 8*4] -mov r11d, dword ptr [r10 + 5*4] -mov dword ptr [rsp + 8*16 + 0*4 + 256], eax -mov dword ptr [rsp + 5*16 + 0*4 + 256], r11d -add eax, 1 -adc r11d, 0 -mov dword ptr [rsp + 8*16 + 1*4 + 256], eax -mov dword ptr [rsp + 5*16 + 1*4 + 256], r11d -add eax, 1 -adc r11d, 0 -mov dword ptr [rsp + 8*16 + 2*4 + 256], eax -mov dword ptr [rsp + 5*16 + 2*4 + 256], r11d -add eax, 1 -adc r11d, 0 -mov dword ptr [rsp + 8*16 + 3*4 + 256], eax -mov dword ptr [rsp + 5*16 + 3*4 + 256], r11d -add eax, 1 -adc r11d, 0 -mov dword ptr [r10 + 8*4], eax -mov dword ptr [r10 + 5*4], r11d -movdqa xmm0, [rsp + 12*16 + 1*256] -movdqa xmm4, [rsp + 13*16 + 1*256] -movdqa xmm8, [rsp + 14*16 + 1*256] -movdqa xmm12, [rsp + 15*16 + 1*256] -movdqa xmm2, [rsp + 0*16 + 1*256] -movdqa xmm6, [rsp + 1*16 + 1*256] -movdqa xmm10, [rsp + 2*16 + 1*256] -movdqa xmm14, [rsp + 3*16 + 1*256] -paddd xmm0, xmm2 -paddd xmm4, xmm6 -paddd xmm8, xmm10 -paddd xmm12, xmm14 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -pslld xmm0, 7 -pslld xmm4, 7 -pslld xmm8, 7 -pslld xmm12, 7 -psrld xmm1, 32-7 -psrld xmm5, 32-7 -psrld xmm9, 32-7 -psrld xmm13, 32-7 -pxor xmm0, [rsp + 4*16 + 1*256] -pxor xmm4, [rsp + 5*16 + 1*256] -pxor xmm8, [rsp + 6*16 + 1*256] -pxor xmm12, [rsp + 7*16 + 1*256] -pxor xmm0, xmm1 -pxor xmm4, xmm5 -pxor xmm8, xmm9 -pxor xmm12, xmm13 -movdqa [rsp + 4*16], xmm0 -movdqa [rsp + 5*16], xmm4 -movdqa [rsp + 6*16], xmm8 -movdqa [rsp + 7*16], xmm12 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -paddd xmm0, xmm2 -paddd xmm4, xmm6 -paddd xmm8, xmm10 -paddd xmm12, xmm14 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -pslld xmm0, 9 -pslld xmm4, 9 -pslld xmm8, 9 -pslld xmm12, 9 -psrld xmm3, 32-9 -psrld xmm7, 32-9 -psrld xmm11, 32-9 -psrld xmm15, 32-9 -pxor xmm0, [rsp + 8*16 + 1*256] -pxor xmm4, [rsp + 9*16 + 1*256] -pxor xmm8, [rsp + 10*16 + 1*256] -pxor xmm12, [rsp + 11*16 + 1*256] -pxor xmm0, xmm3 -pxor xmm4, xmm7 -pxor xmm8, xmm11 -pxor xmm12, xmm15 -movdqa [rsp + 8*16], xmm0 -movdqa [rsp + 9*16], xmm4 -movdqa [rsp + 10*16], xmm8 -movdqa [rsp + 11*16], xmm12 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -paddd xmm0, xmm1 -paddd xmm4, xmm5 -paddd xmm8, xmm9 -paddd xmm12, xmm13 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -pslld xmm0, 13 -pslld xmm4, 13 -pslld xmm8, 13 -pslld xmm12, 13 -psrld xmm1, 32-13 -psrld xmm5, 32-13 -psrld xmm9, 32-13 -psrld xmm13, 32-13 -pxor xmm0, [rsp + 12*16 + 1*256] -pxor xmm4, [rsp + 13*16 + 1*256] -pxor xmm8, [rsp + 14*16 + 1*256] -pxor xmm12, [rsp + 15*16 + 1*256] -pxor xmm0, xmm1 -pxor xmm4, xmm5 -pxor xmm8, xmm9 -pxor xmm12, xmm13 -movdqa [rsp + 12*16], xmm0 -movdqa [rsp + 13*16], xmm4 -movdqa [rsp + 14*16], xmm8 -movdqa [rsp + 15*16], xmm12 -paddd xmm0, xmm3 -paddd xmm4, xmm7 -paddd xmm8, xmm11 -paddd xmm12, xmm15 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -pslld xmm0, 18 -pslld xmm4, 18 -pslld xmm8, 18 -pslld xmm12, 18 -psrld xmm3, 32-18 -psrld xmm7, 32-18 -psrld xmm11, 32-18 -psrld xmm15, 32-18 -pxor xmm0, xmm2 -pxor xmm4, xmm6 -pxor xmm8, xmm10 -pxor xmm12, xmm14 -pxor xmm0, xmm3 -pxor xmm4, xmm7 -pxor xmm8, xmm11 -pxor xmm12, xmm15 -movdqa [rsp + 0*16], xmm0 -movdqa [rsp + 1*16], xmm4 -movdqa [rsp + 2*16], xmm8 -movdqa [rsp + 3*16], xmm12 -mov rax, r9 -jmp label2 -labelSSE2_Salsa_Output: -movdqa xmm0, xmm4 -punpckldq xmm4, xmm5 -movdqa xmm1, xmm6 -punpckldq xmm6, xmm7 -movdqa xmm2, xmm4 -punpcklqdq xmm4, xmm6 -punpckhqdq xmm2, xmm6 -punpckhdq xmm0, xmm5 -punpckhdq xmm1, xmm7 -movdqa xmm6, xmm0 -punpcklqdq xmm0, xmm1 -punpckhqdq xmm6, xmm1 -test rdx, rdx -jz labelSSE2_Salsa_Output_A3 -test rdx, 15 -jnz labelSSE2_Salsa_Output_A7 -pxor xmm4, [rdx+0*16] -pxor xmm2, [rdx+4*16] -pxor xmm0, [rdx+8*16] -pxor xmm6, [rdx+12*16] -add rdx, 1*16 -jmp labelSSE2_Salsa_Output_A3 -labelSSE2_Salsa_Output_A7: -movdqu xmm1, [rdx+0*16] -pxor xmm4, xmm1 -movdqu xmm1, [rdx+4*16] -pxor xmm2, xmm1 -movdqu xmm1, [rdx+8*16] -pxor xmm0, xmm1 -movdqu xmm1, [rdx+12*16] -pxor xmm6, xmm1 -add rdx, 1*16 -labelSSE2_Salsa_Output_A3: -test rcx, 15 -jnz labelSSE2_Salsa_Output_A8 -movdqa [rcx+0*16], xmm4 -movdqa [rcx+4*16], xmm2 -movdqa [rcx+8*16], xmm0 -movdqa [rcx+12*16], xmm6 -jmp labelSSE2_Salsa_Output_A9 -labelSSE2_Salsa_Output_A8: -movdqu [rcx+0*16], xmm4 -movdqu [rcx+4*16], xmm2 -movdqu [rcx+8*16], xmm0 -movdqu [rcx+12*16], xmm6 -labelSSE2_Salsa_Output_A9: -add rcx, 1*16 -ret -label6: -movdqa xmm0, [rsp + 12*16 + 0*256] -movdqa xmm4, [rsp + 13*16 + 0*256] -movdqa xmm8, [rsp + 14*16 + 0*256] -movdqa xmm12, [rsp + 15*16 + 0*256] -movdqa xmm2, [rsp + 0*16 + 0*256] -movdqa xmm6, [rsp + 1*16 + 0*256] -movdqa xmm10, [rsp + 2*16 + 0*256] -movdqa xmm14, [rsp + 3*16 + 0*256] -paddd xmm0, xmm2 -paddd xmm4, xmm6 -paddd xmm8, xmm10 -paddd xmm12, xmm14 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -pslld xmm0, 7 -pslld xmm4, 7 -pslld xmm8, 7 -pslld xmm12, 7 -psrld xmm1, 32-7 -psrld xmm5, 32-7 -psrld xmm9, 32-7 -psrld xmm13, 32-7 -pxor xmm0, [rsp + 4*16 + 0*256] -pxor xmm4, [rsp + 5*16 + 0*256] -pxor xmm8, [rsp + 6*16 + 0*256] -pxor xmm12, [rsp + 7*16 + 0*256] -pxor xmm0, xmm1 -pxor xmm4, xmm5 -pxor xmm8, xmm9 -pxor xmm12, xmm13 -movdqa [rsp + 4*16], xmm0 -movdqa [rsp + 5*16], xmm4 -movdqa [rsp + 6*16], xmm8 -movdqa [rsp + 7*16], xmm12 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -paddd xmm0, xmm2 -paddd xmm4, xmm6 -paddd xmm8, xmm10 -paddd xmm12, xmm14 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -pslld xmm0, 9 -pslld xmm4, 9 -pslld xmm8, 9 -pslld xmm12, 9 -psrld xmm3, 32-9 -psrld xmm7, 32-9 -psrld xmm11, 32-9 -psrld xmm15, 32-9 -pxor xmm0, [rsp + 8*16 + 0*256] -pxor xmm4, [rsp + 9*16 + 0*256] -pxor xmm8, [rsp + 10*16 + 0*256] -pxor xmm12, [rsp + 11*16 + 0*256] -pxor xmm0, xmm3 -pxor xmm4, xmm7 -pxor xmm8, xmm11 -pxor xmm12, xmm15 -movdqa [rsp + 8*16], xmm0 -movdqa [rsp + 9*16], xmm4 -movdqa [rsp + 10*16], xmm8 -movdqa [rsp + 11*16], xmm12 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -paddd xmm0, xmm1 -paddd xmm4, xmm5 -paddd xmm8, xmm9 -paddd xmm12, xmm13 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -pslld xmm0, 13 -pslld xmm4, 13 -pslld xmm8, 13 -pslld xmm12, 13 -psrld xmm1, 32-13 -psrld xmm5, 32-13 -psrld xmm9, 32-13 -psrld xmm13, 32-13 -pxor xmm0, [rsp + 12*16 + 0*256] -pxor xmm4, [rsp + 13*16 + 0*256] -pxor xmm8, [rsp + 14*16 + 0*256] -pxor xmm12, [rsp + 15*16 + 0*256] -pxor xmm0, xmm1 -pxor xmm4, xmm5 -pxor xmm8, xmm9 -pxor xmm12, xmm13 -movdqa [rsp + 12*16], xmm0 -movdqa [rsp + 13*16], xmm4 -movdqa [rsp + 14*16], xmm8 -movdqa [rsp + 15*16], xmm12 -paddd xmm0, xmm3 -paddd xmm4, xmm7 -paddd xmm8, xmm11 -paddd xmm12, xmm15 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -pslld xmm0, 18 -pslld xmm4, 18 -pslld xmm8, 18 -pslld xmm12, 18 -psrld xmm3, 32-18 -psrld xmm7, 32-18 -psrld xmm11, 32-18 -psrld xmm15, 32-18 -pxor xmm0, xmm2 -pxor xmm4, xmm6 -pxor xmm8, xmm10 -pxor xmm12, xmm14 -pxor xmm0, xmm3 -pxor xmm4, xmm7 -pxor xmm8, xmm11 -pxor xmm12, xmm15 -movdqa [rsp + 0*16], xmm0 -movdqa [rsp + 1*16], xmm4 -movdqa [rsp + 2*16], xmm8 -movdqa [rsp + 3*16], xmm12 -label2: -movdqa xmm0, [rsp + 7*16 + 0*256] -movdqa xmm4, [rsp + 4*16 + 0*256] -movdqa xmm8, [rsp + 5*16 + 0*256] -movdqa xmm12, [rsp + 6*16 + 0*256] -movdqa xmm2, [rsp + 0*16 + 0*256] -movdqa xmm6, [rsp + 1*16 + 0*256] -movdqa xmm10, [rsp + 2*16 + 0*256] -movdqa xmm14, [rsp + 3*16 + 0*256] -paddd xmm0, xmm2 -paddd xmm4, xmm6 -paddd xmm8, xmm10 -paddd xmm12, xmm14 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -pslld xmm0, 7 -pslld xmm4, 7 -pslld xmm8, 7 -pslld xmm12, 7 -psrld xmm1, 32-7 -psrld xmm5, 32-7 -psrld xmm9, 32-7 -psrld xmm13, 32-7 -pxor xmm0, [rsp + 13*16 + 0*256] -pxor xmm4, [rsp + 14*16 + 0*256] -pxor xmm8, [rsp + 15*16 + 0*256] -pxor xmm12, [rsp + 12*16 + 0*256] -pxor xmm0, xmm1 -pxor xmm4, xmm5 -pxor xmm8, xmm9 -pxor xmm12, xmm13 -movdqa [rsp + 13*16], xmm0 -movdqa [rsp + 14*16], xmm4 -movdqa [rsp + 15*16], xmm8 -movdqa [rsp + 12*16], xmm12 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -paddd xmm0, xmm2 -paddd xmm4, xmm6 -paddd xmm8, xmm10 -paddd xmm12, xmm14 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -pslld xmm0, 9 -pslld xmm4, 9 -pslld xmm8, 9 -pslld xmm12, 9 -psrld xmm3, 32-9 -psrld xmm7, 32-9 -psrld xmm11, 32-9 -psrld xmm15, 32-9 -pxor xmm0, [rsp + 10*16 + 0*256] -pxor xmm4, [rsp + 11*16 + 0*256] -pxor xmm8, [rsp + 8*16 + 0*256] -pxor xmm12, [rsp + 9*16 + 0*256] -pxor xmm0, xmm3 -pxor xmm4, xmm7 -pxor xmm8, xmm11 -pxor xmm12, xmm15 -movdqa [rsp + 10*16], xmm0 -movdqa [rsp + 11*16], xmm4 -movdqa [rsp + 8*16], xmm8 -movdqa [rsp + 9*16], xmm12 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -paddd xmm0, xmm1 -paddd xmm4, xmm5 -paddd xmm8, xmm9 -paddd xmm12, xmm13 -movdqa xmm1, xmm0 -movdqa xmm5, xmm4 -movdqa xmm9, xmm8 -movdqa xmm13, xmm12 -pslld xmm0, 13 -pslld xmm4, 13 -pslld xmm8, 13 -pslld xmm12, 13 -psrld xmm1, 32-13 -psrld xmm5, 32-13 -psrld xmm9, 32-13 -psrld xmm13, 32-13 -pxor xmm0, [rsp + 7*16 + 0*256] -pxor xmm4, [rsp + 4*16 + 0*256] -pxor xmm8, [rsp + 5*16 + 0*256] -pxor xmm12, [rsp + 6*16 + 0*256] -pxor xmm0, xmm1 -pxor xmm4, xmm5 -pxor xmm8, xmm9 -pxor xmm12, xmm13 -movdqa [rsp + 7*16], xmm0 -movdqa [rsp + 4*16], xmm4 -movdqa [rsp + 5*16], xmm8 -movdqa [rsp + 6*16], xmm12 -paddd xmm0, xmm3 -paddd xmm4, xmm7 -paddd xmm8, xmm11 -paddd xmm12, xmm15 -movdqa xmm3, xmm0 -movdqa xmm7, xmm4 -movdqa xmm11, xmm8 -movdqa xmm15, xmm12 -pslld xmm0, 18 -pslld xmm4, 18 -pslld xmm8, 18 -pslld xmm12, 18 -psrld xmm3, 32-18 -psrld xmm7, 32-18 -psrld xmm11, 32-18 -psrld xmm15, 32-18 -pxor xmm0, xmm2 -pxor xmm4, xmm6 -pxor xmm8, xmm10 -pxor xmm12, xmm14 -pxor xmm0, xmm3 -pxor xmm4, xmm7 -pxor xmm8, xmm11 -pxor xmm12, xmm15 -movdqa [rsp + 0*16], xmm0 -movdqa [rsp + 1*16], xmm4 -movdqa [rsp + 2*16], xmm8 -movdqa [rsp + 3*16], xmm12 -sub eax, 2 -jnz label6 -movdqa xmm4, [rsp + 0*16 + 256] -paddd xmm4, [rsp + 0*16] -movdqa xmm5, [rsp + 13*16 + 256] -paddd xmm5, [rsp + 13*16] -movdqa xmm6, [rsp + 10*16 + 256] -paddd xmm6, [rsp + 10*16] -movdqa xmm7, [rsp + 7*16 + 256] -paddd xmm7, [rsp + 7*16] -call labelSSE2_Salsa_Output -movdqa xmm4, [rsp + 4*16 + 256] -paddd xmm4, [rsp + 4*16] -movdqa xmm5, [rsp + 1*16 + 256] -paddd xmm5, [rsp + 1*16] -movdqa xmm6, [rsp + 14*16 + 256] -paddd xmm6, [rsp + 14*16] -movdqa xmm7, [rsp + 11*16 + 256] -paddd xmm7, [rsp + 11*16] -call labelSSE2_Salsa_Output -movdqa xmm4, [rsp + 8*16 + 256] -paddd xmm4, [rsp + 8*16] -movdqa xmm5, [rsp + 5*16 + 256] -paddd xmm5, [rsp + 5*16] -movdqa xmm6, [rsp + 2*16 + 256] -paddd xmm6, [rsp + 2*16] -movdqa xmm7, [rsp + 15*16 + 256] -paddd xmm7, [rsp + 15*16] -call labelSSE2_Salsa_Output -movdqa xmm4, [rsp + 12*16 + 256] -paddd xmm4, [rsp + 12*16] -movdqa xmm5, [rsp + 9*16 + 256] -paddd xmm5, [rsp + 9*16] -movdqa xmm6, [rsp + 6*16 + 256] -paddd xmm6, [rsp + 6*16] -movdqa xmm7, [rsp + 3*16 + 256] -paddd xmm7, [rsp + 3*16] -call labelSSE2_Salsa_Output -test rdx, rdx -jz label9 -add rdx, 12*16 -label9: -add rcx, 12*16 -sub r8, 4 -cmp r8, 4 -jge label1 -label5: -sub r8, 1 -jl label4 -movdqa xmm0, [r10 + 0*16] -movdqa xmm1, [r10 + 1*16] -movdqa xmm2, [r10 + 2*16] -movdqa xmm3, [r10 + 3*16] -mov rax, r9 -label0: -movdqa xmm4, xmm3 -paddd xmm4, xmm0 -movdqa xmm5, xmm4 -pslld xmm4, 7 -psrld xmm5, 32-7 -pxor xmm1, xmm4 -pxor xmm1, xmm5 -movdqa xmm4, xmm0 -paddd xmm4, xmm1 -movdqa xmm5, xmm4 -pslld xmm4, 9 -psrld xmm5, 32-9 -pxor xmm2, xmm4 -pxor xmm2, xmm5 -movdqa xmm4, xmm1 -paddd xmm4, xmm2 -movdqa xmm5, xmm4 -pslld xmm4, 13 -psrld xmm5, 32-13 -pxor xmm3, xmm4 -pxor xmm3, xmm5 -movdqa xmm4, xmm2 -paddd xmm4, xmm3 -movdqa xmm5, xmm4 -pslld xmm4, 18 -psrld xmm5, 32-18 -pxor xmm0, xmm4 -pxor xmm0, xmm5 -pshufd xmm1, xmm1, 2*64+1*16+0*4+3 -pshufd xmm2, xmm2, 1*64+0*16+3*4+2 -pshufd xmm3, xmm3, 0*64+3*16+2*4+1 -movdqa xmm4, xmm1 -paddd xmm4, xmm0 -movdqa xmm5, xmm4 -pslld xmm4, 7 -psrld xmm5, 32-7 -pxor xmm3, xmm4 -pxor xmm3, xmm5 -movdqa xmm4, xmm0 -paddd xmm4, xmm3 -movdqa xmm5, xmm4 -pslld xmm4, 9 -psrld xmm5, 32-9 -pxor xmm2, xmm4 -pxor xmm2, xmm5 -movdqa xmm4, xmm3 -paddd xmm4, xmm2 -movdqa xmm5, xmm4 -pslld xmm4, 13 -psrld xmm5, 32-13 -pxor xmm1, xmm4 -pxor xmm1, xmm5 -movdqa xmm4, xmm2 -paddd xmm4, xmm1 -movdqa xmm5, xmm4 -pslld xmm4, 18 -psrld xmm5, 32-18 -pxor xmm0, xmm4 -pxor xmm0, xmm5 -pshufd xmm1, xmm1, 0*64+3*16+2*4+1 -pshufd xmm2, xmm2, 1*64+0*16+3*4+2 -pshufd xmm3, xmm3, 2*64+1*16+0*4+3 -sub eax, 2 -jnz label0 -paddd xmm0, [r10 + 0*16] -paddd xmm1, [r10 + 1*16] -paddd xmm2, [r10 + 2*16] -paddd xmm3, [r10 + 3*16] -add dword ptr [r10 + 8*4], 1 -adc dword ptr [r10 + 5*4], 0 -pcmpeqb xmm6, xmm6 -psrlq xmm6, 32 -pshufd xmm7, xmm6, 0*64+1*16+2*4+3 -movdqa xmm4, xmm0 -movdqa xmm5, xmm3 -pand xmm0, xmm7 -pand xmm4, xmm6 -pand xmm3, xmm6 -pand xmm5, xmm7 -por xmm4, xmm5 -movdqa xmm5, xmm1 -pand xmm1, xmm7 -pand xmm5, xmm6 -por xmm0, xmm5 -pand xmm6, xmm2 -pand xmm2, xmm7 -por xmm1, xmm6 -por xmm2, xmm3 -movdqa xmm5, xmm4 -movdqa xmm6, xmm0 -shufpd xmm4, xmm1, 2 -shufpd xmm0, xmm2, 2 -shufpd xmm1, xmm5, 2 -shufpd xmm2, xmm6, 2 -test rdx, rdx -jz labelSSE2_Salsa_Output_B3 -test rdx, 15 -jnz labelSSE2_Salsa_Output_B7 -pxor xmm4, [rdx+0*16] -pxor xmm0, [rdx+1*16] -pxor xmm1, [rdx+2*16] -pxor xmm2, [rdx+3*16] -add rdx, 4*16 -jmp labelSSE2_Salsa_Output_B3 -labelSSE2_Salsa_Output_B7: -movdqu xmm3, [rdx+0*16] -pxor xmm4, xmm3 -movdqu xmm3, [rdx+1*16] -pxor xmm0, xmm3 -movdqu xmm3, [rdx+2*16] -pxor xmm1, xmm3 -movdqu xmm3, [rdx+3*16] -pxor xmm2, xmm3 -add rdx, 4*16 -labelSSE2_Salsa_Output_B3: -test rcx, 15 -jnz labelSSE2_Salsa_Output_B8 -movdqa [rcx+0*16], xmm4 -movdqa [rcx+1*16], xmm0 -movdqa [rcx+2*16], xmm1 -movdqa [rcx+3*16], xmm2 -jmp labelSSE2_Salsa_Output_B9 -labelSSE2_Salsa_Output_B8: -movdqu [rcx+0*16], xmm4 -movdqu [rcx+1*16], xmm0 -movdqu [rcx+2*16], xmm1 -movdqu [rcx+3*16], xmm2 -labelSSE2_Salsa_Output_B9: -add rcx, 4*16 -jmp label5 -label4: -movdqa xmm6, [rsp + 0200h] -movdqa xmm7, [rsp + 0210h] -movdqa xmm8, [rsp + 0220h] -movdqa xmm9, [rsp + 0230h] -movdqa xmm10, [rsp + 0240h] -movdqa xmm11, [rsp + 0250h] -movdqa xmm12, [rsp + 0260h] -movdqa xmm13, [rsp + 0270h] -movdqa xmm14, [rsp + 0280h] -movdqa xmm15, [rsp + 0290h] -add rsp, 10*16 + 32*16 + 8 -ret -Salsa20_OperateKeystream ENDP - -ALIGN 8 -Sosemanuk_OperateKeystream PROC FRAME -rex_push_reg rsi -push_reg rdi -alloc_stack(80*4*2+12*4+8*8 + 2*16+8) -save_xmm128 xmm6, 02f0h -save_xmm128 xmm7, 0300h -.endprolog -mov rdi, r8 -mov rax, r9 -mov QWORD PTR [rsp+1*8], rdi -mov QWORD PTR [rsp+2*8], rdx -mov QWORD PTR [rsp+6*8], rax -lea rcx, [4*rcx+rcx] -lea rsi, [4*rcx] -mov QWORD PTR [rsp+3*8], rsi -movdqa xmm0, [rax+0*16] -movdqa [rsp + 8*8+0*16], xmm0 -movdqa xmm0, [rax+1*16] -movdqa [rsp + 8*8+1*16], xmm0 -movq xmm0, QWORD PTR [rax+2*16] -movq QWORD PTR [rsp + 8*8+2*16], xmm0 -psrlq xmm0, 32 -movd r10d, xmm0 -mov ecx, [rax+10*4] -mov edx, [rax+11*4] -pcmpeqb xmm7, xmm7 -label2: -lea rdi, [rsp + 8*8 + 12*4] -mov rax, 80 -cmp rsi, 80 -cmovg rsi, rax -mov QWORD PTR [rsp+7*8], rsi -lea rsi, [rdi+rsi] -mov QWORD PTR [rsp+4*8], rsi -lea rsi, s_sosemanukMulTables -label0: -mov eax, [rsp + 8*8 + ((0+0)-((0+0)/(10))*(10))*4] -mov [rdi + (((0)-((0)/(4))*(4))*20 + (0/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((0)-((0)/(4))*(4))*20 + (0/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((0+3)-((0+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((0+2)-((0+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((0+0)-((0+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((1+0)-((1+0)/(10))*(10))*4] -mov [rdi + (((1)-((1)/(4))*(4))*20 + (1/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((1)-((1)/(4))*(4))*20 + (1/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((1+3)-((1+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((1+2)-((1+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((1+0)-((1+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((2+0)-((2+0)/(10))*(10))*4] -mov [rdi + (((2)-((2)/(4))*(4))*20 + (2/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((2)-((2)/(4))*(4))*20 + (2/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((2+3)-((2+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((2+2)-((2+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((2+0)-((2+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((3+0)-((3+0)/(10))*(10))*4] -mov [rdi + (((3)-((3)/(4))*(4))*20 + (3/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((3)-((3)/(4))*(4))*20 + (3/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((3+3)-((3+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((3+2)-((3+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((3+0)-((3+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((4+0)-((4+0)/(10))*(10))*4] -mov [rdi + (((4)-((4)/(4))*(4))*20 + (4/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((4)-((4)/(4))*(4))*20 + (4/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((4+3)-((4+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((4+2)-((4+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((4+0)-((4+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((5+0)-((5+0)/(10))*(10))*4] -mov [rdi + (((5)-((5)/(4))*(4))*20 + (5/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((5)-((5)/(4))*(4))*20 + (5/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((5+3)-((5+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((5+2)-((5+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((5+0)-((5+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((6+0)-((6+0)/(10))*(10))*4] -mov [rdi + (((6)-((6)/(4))*(4))*20 + (6/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((6)-((6)/(4))*(4))*20 + (6/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((6+3)-((6+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((6+2)-((6+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((6+0)-((6+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((7+0)-((7+0)/(10))*(10))*4] -mov [rdi + (((7)-((7)/(4))*(4))*20 + (7/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((7)-((7)/(4))*(4))*20 + (7/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((7+3)-((7+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((7+2)-((7+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((7+0)-((7+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((8+0)-((8+0)/(10))*(10))*4] -mov [rdi + (((8)-((8)/(4))*(4))*20 + (8/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((8)-((8)/(4))*(4))*20 + (8/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((8+3)-((8+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((8+2)-((8+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((8+0)-((8+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((9+0)-((9+0)/(10))*(10))*4] -mov [rdi + (((9)-((9)/(4))*(4))*20 + (9/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((9)-((9)/(4))*(4))*20 + (9/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((9+3)-((9+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((9+2)-((9+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((9+0)-((9+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((10+0)-((10+0)/(10))*(10))*4] -mov [rdi + (((10)-((10)/(4))*(4))*20 + (10/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((10)-((10)/(4))*(4))*20 + (10/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((10+3)-((10+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((10+2)-((10+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((10+0)-((10+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((11+0)-((11+0)/(10))*(10))*4] -mov [rdi + (((11)-((11)/(4))*(4))*20 + (11/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((11)-((11)/(4))*(4))*20 + (11/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((11+3)-((11+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((11+2)-((11+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((11+0)-((11+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((12+0)-((12+0)/(10))*(10))*4] -mov [rdi + (((12)-((12)/(4))*(4))*20 + (12/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((12)-((12)/(4))*(4))*20 + (12/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((12+3)-((12+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((12+2)-((12+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((12+0)-((12+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((13+0)-((13+0)/(10))*(10))*4] -mov [rdi + (((13)-((13)/(4))*(4))*20 + (13/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((13)-((13)/(4))*(4))*20 + (13/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((13+3)-((13+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((13+2)-((13+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((13+0)-((13+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((14+0)-((14+0)/(10))*(10))*4] -mov [rdi + (((14)-((14)/(4))*(4))*20 + (14/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((14)-((14)/(4))*(4))*20 + (14/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((14+3)-((14+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((14+2)-((14+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((14+0)-((14+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((15+0)-((15+0)/(10))*(10))*4] -mov [rdi + (((15)-((15)/(4))*(4))*20 + (15/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((15)-((15)/(4))*(4))*20 + (15/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((15+3)-((15+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((15+2)-((15+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((15+0)-((15+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((16+0)-((16+0)/(10))*(10))*4] -mov [rdi + (((16)-((16)/(4))*(4))*20 + (16/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((16)-((16)/(4))*(4))*20 + (16/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((16+3)-((16+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((16+2)-((16+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((16+0)-((16+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((17+0)-((17+0)/(10))*(10))*4] -mov [rdi + (((17)-((17)/(4))*(4))*20 + (17/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((17)-((17)/(4))*(4))*20 + (17/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((17+3)-((17+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((17+2)-((17+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((17+0)-((17+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((18+0)-((18+0)/(10))*(10))*4] -mov [rdi + (((18)-((18)/(4))*(4))*20 + (18/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + edx] -xor r11d, ecx -mov [rdi + (((18)-((18)/(4))*(4))*20 + (18/4)) * 4], r11d -mov r11d, 1 -and r11d, edx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((18+3)-((18+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((18+2)-((18+2)/(10))*(10))*4] -add ecx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul edx, 54655307h -rol edx, 7 -mov [rsp + 8*8 + ((18+0)-((18+0)/(10))*(10))*4], r10d -mov eax, [rsp + 8*8 + ((19+0)-((19+0)/(10))*(10))*4] -mov [rdi + (((19)-((19)/(4))*(4))*20 + (19/4)) * 4 + 80*4], eax -rol eax, 8 -lea r11d, [r10d + ecx] -xor r11d, edx -mov [rdi + (((19)-((19)/(4))*(4))*20 + (19/4)) * 4], r11d -mov r11d, 1 -and r11d, ecx -neg r11d -and r11d, r10d -xor r10d, eax -movzx eax, al -xor r10d, [rsi+rax*4] -mov eax, [rsp + 8*8 + ((19+3)-((19+3)/(10))*(10))*4] -xor r11d, [rsp + 8*8 + ((19+2)-((19+2)/(10))*(10))*4] -add edx, r11d -movzx r11d, al -shr eax, 8 -xor r10d, [rsi+1024+r11*4] -xor r10d, eax -imul ecx, 54655307h -rol ecx, 7 -mov [rsp + 8*8 + ((19+0)-((19+0)/(10))*(10))*4], r10d -add rdi, 5*4 -cmp rdi, QWORD PTR [rsp+4*8] -jne label0 -mov rax, QWORD PTR [rsp+2*8] -mov r11, QWORD PTR [rsp+1*8] -lea rdi, [rsp + 8*8 + 12*4] -mov rsi, QWORD PTR [rsp+7*8] -label1: -movdqa xmm0, [rdi+0*20*4] -movdqa xmm2, [rdi+2*20*4] -movdqa xmm3, [rdi+3*20*4] -movdqa xmm1, [rdi+1*20*4] -movdqa xmm4, xmm0 -pand xmm0, xmm2 -pxor xmm0, xmm3 -pxor xmm2, xmm1 -pxor xmm2, xmm0 -por xmm3, xmm4 -pxor xmm3, xmm1 -pxor xmm4, xmm2 -movdqa xmm1, xmm3 -por xmm3, xmm4 -pxor xmm3, xmm0 -pand xmm0, xmm1 -pxor xmm4, xmm0 -pxor xmm1, xmm3 -pxor xmm1, xmm4 -pxor xmm4, xmm7 -pxor xmm2, [rdi+80*4] -pxor xmm3, [rdi+80*5] -pxor xmm1, [rdi+80*6] -pxor xmm4, [rdi+80*7] -cmp rsi, 16 -jl label4 -movdqa xmm6, xmm2 -punpckldq xmm2, xmm3 -movdqa xmm5, xmm1 -punpckldq xmm1, xmm4 -movdqa xmm0, xmm2 -punpcklqdq xmm2, xmm1 -punpckhqdq xmm0, xmm1 -punpckhdq xmm6, xmm3 -punpckhdq xmm5, xmm4 -movdqa xmm3, xmm6 -punpcklqdq xmm6, xmm5 -punpckhqdq xmm3, xmm5 -test rax, rax -jz labelSSE2_Sosemanuk_Output3 -test rax, 15 -jnz labelSSE2_Sosemanuk_Output7 -pxor xmm2, [rax+0*16] -pxor xmm0, [rax+1*16] -pxor xmm6, [rax+2*16] -pxor xmm3, [rax+3*16] -add rax, 4*16 -jmp labelSSE2_Sosemanuk_Output3 -labelSSE2_Sosemanuk_Output7: -movdqu xmm1, [rax+0*16] -pxor xmm2, xmm1 -movdqu xmm1, [rax+1*16] -pxor xmm0, xmm1 -movdqu xmm1, [rax+2*16] -pxor xmm6, xmm1 -movdqu xmm1, [rax+3*16] -pxor xmm3, xmm1 -add rax, 4*16 -labelSSE2_Sosemanuk_Output3: -test r11, 15 -jnz labelSSE2_Sosemanuk_Output8 -movdqa [r11+0*16], xmm2 -movdqa [r11+1*16], xmm0 -movdqa [r11+2*16], xmm6 -movdqa [r11+3*16], xmm3 -jmp labelSSE2_Sosemanuk_Output9 -labelSSE2_Sosemanuk_Output8: -movdqu [r11+0*16], xmm2 -movdqu [r11+1*16], xmm0 -movdqu [r11+2*16], xmm6 -movdqu [r11+3*16], xmm3 -labelSSE2_Sosemanuk_Output9: -add r11, 4*16 -add rdi, 4*4 -sub rsi, 16 -jnz label1 -mov rsi, QWORD PTR [rsp+3*8] -sub rsi, 80 -jz label6 -mov QWORD PTR [rsp+3*8], rsi -mov QWORD PTR [rsp+2*8], rax -mov QWORD PTR [rsp+1*8], r11 -jmp label2 -label4: -test rax, rax -jz label5 -movd xmm0, dword ptr [rax+0*4] -pxor xmm2, xmm0 -movd xmm0, dword ptr [rax+1*4] -pxor xmm3, xmm0 -movd xmm0, dword ptr [rax+2*4] -pxor xmm1, xmm0 -movd xmm0, dword ptr [rax+3*4] -pxor xmm4, xmm0 -add rax, 16 -label5: -movd dword ptr [r11+0*4], xmm2 -movd dword ptr [r11+1*4], xmm3 -movd dword ptr [r11+2*4], xmm1 -movd dword ptr [r11+3*4], xmm4 -sub rsi, 4 -jz label6 -add r11, 16 -psrldq xmm2, 4 -psrldq xmm3, 4 -psrldq xmm1, 4 -psrldq xmm4, 4 -jmp label4 -label6: -mov r10, QWORD PTR [rsp+6*8] -movdqa xmm0, [rsp + 8*8+0*16] -movdqa [r10+0*16], xmm0 -movdqa xmm0, [rsp + 8*8+1*16] -movdqa [r10+1*16], xmm0 -movq xmm0, QWORD PTR [rsp + 8*8+2*16] -movq QWORD PTR [r10+2*16], xmm0 -mov [r10+10*4], ecx -mov [r10+11*4], edx -movdqa xmm6, [rsp + 02f0h] -movdqa xmm7, [rsp + 0300h] -add rsp, 80*4*2+12*4+8*8 + 2*16+8 -pop rdi -pop rsi -ret -Sosemanuk_OperateKeystream ENDP - -Panama_SSE2_Pull PROC FRAME -rex_push_reg rdi -alloc_stack(2*16) -save_xmm128 xmm6, 0h -save_xmm128 xmm7, 10h -.endprolog -shl rcx, 5 -jz label5 -mov r10d, [rdx+4*17] -add rcx, r10 -mov rdi, rcx -movdqa xmm0, xmmword ptr [rdx+0*16] -movdqa xmm1, xmmword ptr [rdx+1*16] -movdqa xmm2, xmmword ptr [rdx+2*16] -movdqa xmm3, xmmword ptr [rdx+3*16] -mov eax, dword ptr [rdx+4*16] -label4: -movdqa xmm6, xmm2 -movss xmm6, xmm3 -pshufd xmm5, xmm6, 0*64+3*16+2*4+1 -movd xmm6, eax -movdqa xmm7, xmm3 -movss xmm7, xmm6 -pshufd xmm6, xmm7, 0*64+3*16+2*4+1 -movd ecx, xmm2 -not ecx -movd r11d, xmm3 -or ecx, r11d -xor eax, ecx -pcmpeqb xmm7, xmm7 -pxor xmm7, xmm1 -por xmm7, xmm2 -pxor xmm7, xmm3 -movd ecx, xmm7 -rol ecx, (((((5*1) MOD (17))*(((5*1) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(1)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*5) MOD (17))*(((5*5) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(5)) MOD (17)))*13+16)) MOD (17))*4], ecx -punpckhqdq xmm7, xmm7 -movd ecx, xmm7 -rol ecx, (((((5*9) MOD (17))*(((5*9) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(9)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*13) MOD (17))*(((5*13) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(13)) MOD (17)))*13+16)) MOD (17))*4], ecx -pcmpeqb xmm7, xmm7 -pxor xmm7, xmm0 -por xmm7, xmm1 -pxor xmm7, xmm2 -movd ecx, xmm7 -rol ecx, (((((5*2) MOD (17))*(((5*2) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(2)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*6) MOD (17))*(((5*6) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(6)) MOD (17)))*13+16)) MOD (17))*4], ecx -punpckhqdq xmm7, xmm7 -movd ecx, xmm7 -rol ecx, (((((5*10) MOD (17))*(((5*10) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(10)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*14) MOD (17))*(((5*14) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(14)) MOD (17)))*13+16)) MOD (17))*4], ecx -pcmpeqb xmm7, xmm7 -pxor xmm7, xmm6 -por xmm7, xmm0 -pxor xmm7, xmm1 -movd ecx, xmm7 -rol ecx, (((((5*3) MOD (17))*(((5*3) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(3)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*7) MOD (17))*(((5*7) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(7)) MOD (17)))*13+16)) MOD (17))*4], ecx -punpckhqdq xmm7, xmm7 -movd ecx, xmm7 -rol ecx, (((((5*11) MOD (17))*(((5*11) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(11)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*15) MOD (17))*(((5*15) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(15)) MOD (17)))*13+16)) MOD (17))*4], ecx -pcmpeqb xmm7, xmm7 -pxor xmm7, xmm5 -por xmm7, xmm6 -pxor xmm7, xmm0 -movd ecx, xmm7 -rol ecx, (((((5*4) MOD (17))*(((5*4) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(4)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*8) MOD (17))*(((5*8) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(8)) MOD (17)))*13+16)) MOD (17))*4], ecx -punpckhqdq xmm7, xmm7 -movd ecx, xmm7 -rol ecx, (((((5*12) MOD (17))*(((5*12) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(12)) MOD (17)))*13+16)) MOD (17))*4], ecx -pshuflw xmm7, xmm7, 1*64+0*16+3*4+2 -movd ecx, xmm7 -rol ecx, (((((5*16) MOD (17))*(((5*16) MOD (17))+1)/2)) MOD (32)) -mov [rdx+((((((5*(16)) MOD (17)))*13+16)) MOD (17))*4], ecx -movdqa xmm4, xmm3 -punpcklqdq xmm3, xmm2 -punpckhdq xmm4, xmm2 -movdqa xmm2, xmm1 -punpcklqdq xmm1, xmm0 -punpckhdq xmm2, xmm0 -test r8, r8 -jz label0 -movdqa xmm6, xmm4 -punpcklqdq xmm4, xmm2 -punpckhqdq xmm6, xmm2 -test r9, 15 -jnz label2 -test r9, r9 -jz label1 -pxor xmm4, [r9] -pxor xmm6, [r9+16] -add r9, 32 -jmp label1 -label2: -movdqu xmm0, [r9] -movdqu xmm2, [r9+16] -pxor xmm4, xmm0 -pxor xmm6, xmm2 -add r9, 32 -label1: -test r8, 15 -jnz label3 -movdqa xmmword ptr [r8], xmm4 -movdqa xmmword ptr [r8+16], xmm6 -add r8, 32 -jmp label0 -label3: -movdqu xmmword ptr [r8], xmm4 -movdqu xmmword ptr [r8+16], xmm6 -add r8, 32 -label0: -lea rcx, [r10 + 32] -and rcx, 31*32 -lea r11, [r10 + (32-24)*32] -and r11, 31*32 -movdqa xmm0, xmmword ptr [rdx+20*4+rcx+0*8] -pxor xmm3, xmm0 -pshufd xmm0, xmm0, 2*64+3*16+0*4+1 -movdqa xmmword ptr [rdx+20*4+rcx+0*8], xmm3 -pxor xmm0, xmmword ptr [rdx+20*4+r11+2*8] -movdqa xmmword ptr [rdx+20*4+r11+2*8], xmm0 -movdqa xmm4, xmmword ptr [rdx+20*4+rcx+2*8] -pxor xmm1, xmm4 -movdqa xmmword ptr [rdx+20*4+rcx+2*8], xmm1 -pxor xmm4, xmmword ptr [rdx+20*4+r11+0*8] -movdqa xmmword ptr [rdx+20*4+r11+0*8], xmm4 -movdqa xmm3, xmmword ptr [rdx+3*16] -movdqa xmm2, xmmword ptr [rdx+2*16] -movdqa xmm1, xmmword ptr [rdx+1*16] -movdqa xmm0, xmmword ptr [rdx+0*16] -movd xmm6, eax -movdqa xmm7, xmm3 -movss xmm7, xmm6 -movdqa xmm6, xmm2 -movss xmm6, xmm3 -movdqa xmm5, xmm1 -movss xmm5, xmm2 -movdqa xmm4, xmm0 -movss xmm4, xmm1 -pshufd xmm7, xmm7, 0*64+3*16+2*4+1 -pshufd xmm6, xmm6, 0*64+3*16+2*4+1 -pshufd xmm5, xmm5, 0*64+3*16+2*4+1 -pshufd xmm4, xmm4, 0*64+3*16+2*4+1 -xor eax, 1 -movd ecx, xmm0 -xor eax, ecx -movd ecx, xmm3 -xor eax, ecx -pxor xmm3, xmm2 -pxor xmm2, xmm1 -pxor xmm1, xmm0 -pxor xmm0, xmm7 -pxor xmm3, xmm7 -pxor xmm2, xmm6 -pxor xmm1, xmm5 -pxor xmm0, xmm4 -lea rcx, [r10 + (32-4)*32] -and rcx, 31*32 -lea r11, [r10 + 16*32] -and r11, 31*32 -movdqa xmm4, xmmword ptr [rdx+20*4+rcx+0*16] -movdqa xmm5, xmmword ptr [rdx+20*4+r11+0*16] -movdqa xmm6, xmm4 -punpcklqdq xmm4, xmm5 -punpckhqdq xmm6, xmm5 -pxor xmm3, xmm4 -pxor xmm2, xmm6 -movdqa xmm4, xmmword ptr [rdx+20*4+rcx+1*16] -movdqa xmm5, xmmword ptr [rdx+20*4+r11+1*16] -movdqa xmm6, xmm4 -punpcklqdq xmm4, xmm5 -punpckhqdq xmm6, xmm5 -pxor xmm1, xmm4 -pxor xmm0, xmm6 -add r10, 32 -cmp r10, rdi -jne label4 -mov [rdx+4*16], eax -movdqa xmmword ptr [rdx+3*16], xmm3 -movdqa xmmword ptr [rdx+2*16], xmm2 -movdqa xmmword ptr [rdx+1*16], xmm1 -movdqa xmmword ptr [rdx+0*16], xmm0 -label5: -movdqa xmm6, [rsp + 0h] -movdqa xmm7, [rsp + 10h] -add rsp, 2*16 -pop rdi -ret -Panama_SSE2_Pull ENDP - -_TEXT ENDS -END diff --git a/cryptopp562/xtr.cpp b/cryptopp562/xtr.cpp deleted file mode 100644 index 6739070..0000000 --- a/cryptopp562/xtr.cpp +++ /dev/null @@ -1,100 +0,0 @@ -// cryptlib.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "xtr.h" -#include "nbtheory.h" - -#include "algebra.cpp" - -NAMESPACE_BEGIN(CryptoPP) - -const GFP2Element & GFP2Element::Zero() -{ - return Singleton<GFP2Element>().Ref(); -} - -void XTR_FindPrimesAndGenerator(RandomNumberGenerator &rng, Integer &p, Integer &q, GFP2Element &g, unsigned int pbits, unsigned int qbits) -{ - assert(qbits > 9); // no primes exist for pbits = 10, qbits = 9 - assert(pbits > qbits); - - const Integer minQ = Integer::Power2(qbits - 1); - const Integer maxQ = Integer::Power2(qbits) - 1; - const Integer minP = Integer::Power2(pbits - 1); - const Integer maxP = Integer::Power2(pbits) - 1; - - Integer r1, r2; - do - { - bool qFound = q.Randomize(rng, minQ, maxQ, Integer::PRIME, 7, 12); - assert(qFound); - bool solutionsExist = SolveModularQuadraticEquation(r1, r2, 1, -1, 1, q); - assert(solutionsExist); - } while (!p.Randomize(rng, minP, maxP, Integer::PRIME, CRT(rng.GenerateBit()?r1:r2, q, 2, 3, EuclideanMultiplicativeInverse(p, 3)), 3*q)); - assert(((p.Squared() - p + 1) % q).IsZero()); - - GFP2_ONB<ModularArithmetic> gfp2(p); - GFP2Element three = gfp2.ConvertIn(3), t; - - while (true) - { - g.c1.Randomize(rng, Integer::Zero(), p-1); - g.c2.Randomize(rng, Integer::Zero(), p-1); - t = XTR_Exponentiate(g, p+1, p); - if (t.c1 == t.c2) - continue; - g = XTR_Exponentiate(g, (p.Squared()-p+1)/q, p); - if (g != three) - break; - } - assert(XTR_Exponentiate(g, q, p) == three); -} - -GFP2Element XTR_Exponentiate(const GFP2Element &b, const Integer &e, const Integer &p) -{ - unsigned int bitCount = e.BitCount(); - if (bitCount == 0) - return GFP2Element(-3, -3); - - // find the lowest bit of e that is 1 - unsigned int lowest1bit; - for (lowest1bit=0; e.GetBit(lowest1bit) == 0; lowest1bit++) {} - - GFP2_ONB<MontgomeryRepresentation> gfp2(p); - GFP2Element c = gfp2.ConvertIn(b); - GFP2Element cp = gfp2.PthPower(c); - GFP2Element S[5] = {gfp2.ConvertIn(3), c, gfp2.SpecialOperation1(c)}; - - // do all exponents bits except the lowest zeros starting from the top - unsigned int i; - for (i = e.BitCount() - 1; i>lowest1bit; i--) - { - if (e.GetBit(i)) - { - gfp2.RaiseToPthPower(S[0]); - gfp2.Accumulate(S[0], gfp2.SpecialOperation2(S[2], c, S[1])); - S[1] = gfp2.SpecialOperation1(S[1]); - S[2] = gfp2.SpecialOperation1(S[2]); - S[0].swap(S[1]); - } - else - { - gfp2.RaiseToPthPower(S[2]); - gfp2.Accumulate(S[2], gfp2.SpecialOperation2(S[0], cp, S[1])); - S[1] = gfp2.SpecialOperation1(S[1]); - S[0] = gfp2.SpecialOperation1(S[0]); - S[2].swap(S[1]); - } - } - - // now do the lowest zeros - while (i--) - S[1] = gfp2.SpecialOperation1(S[1]); - - return gfp2.ConvertOut(S[1]); -} - -template class AbstractRing<GFP2Element>; -template class AbstractGroup<GFP2Element>; - -NAMESPACE_END diff --git a/cryptopp562/xtr.h b/cryptopp562/xtr.h deleted file mode 100644 index 89d39f0..0000000 --- a/cryptopp562/xtr.h +++ /dev/null @@ -1,215 +0,0 @@ -#ifndef CRYPTOPP_XTR_H -#define CRYPTOPP_XTR_H - -/** \file - "The XTR public key system" by Arjen K. Lenstra and Eric R. Verheul -*/ - -#include "modarith.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! an element of GF(p^2) -class GFP2Element -{ -public: - GFP2Element() {} - GFP2Element(const Integer &c1, const Integer &c2) : c1(c1), c2(c2) {} - GFP2Element(const byte *encodedElement, unsigned int size) - : c1(encodedElement, size/2), c2(encodedElement+size/2, size/2) {} - - void Encode(byte *encodedElement, unsigned int size) - { - c1.Encode(encodedElement, size/2); - c2.Encode(encodedElement+size/2, size/2); - } - - bool operator==(const GFP2Element &rhs) const {return c1 == rhs.c1 && c2 == rhs.c2;} - bool operator!=(const GFP2Element &rhs) const {return !operator==(rhs);} - - void swap(GFP2Element &a) - { - c1.swap(a.c1); - c2.swap(a.c2); - } - - static const GFP2Element & Zero(); - - Integer c1, c2; -}; - -//! GF(p^2), optimal normal basis -template <class F> -class GFP2_ONB : public AbstractRing<GFP2Element> -{ -public: - typedef F BaseField; - - GFP2_ONB(const Integer &p) : modp(p) - { - if (p%3 != 2) - throw InvalidArgument("GFP2_ONB: modulus must be equivalent to 2 mod 3"); - } - - const Integer& GetModulus() const {return modp.GetModulus();} - - GFP2Element ConvertIn(const Integer &a) const - { - t = modp.Inverse(modp.ConvertIn(a)); - return GFP2Element(t, t); - } - - GFP2Element ConvertIn(const GFP2Element &a) const - {return GFP2Element(modp.ConvertIn(a.c1), modp.ConvertIn(a.c2));} - - GFP2Element ConvertOut(const GFP2Element &a) const - {return GFP2Element(modp.ConvertOut(a.c1), modp.ConvertOut(a.c2));} - - bool Equal(const GFP2Element &a, const GFP2Element &b) const - { - return modp.Equal(a.c1, b.c1) && modp.Equal(a.c2, b.c2); - } - - const Element& Identity() const - { - return GFP2Element::Zero(); - } - - const Element& Add(const Element &a, const Element &b) const - { - result.c1 = modp.Add(a.c1, b.c1); - result.c2 = modp.Add(a.c2, b.c2); - return result; - } - - const Element& Inverse(const Element &a) const - { - result.c1 = modp.Inverse(a.c1); - result.c2 = modp.Inverse(a.c2); - return result; - } - - const Element& Double(const Element &a) const - { - result.c1 = modp.Double(a.c1); - result.c2 = modp.Double(a.c2); - return result; - } - - const Element& Subtract(const Element &a, const Element &b) const - { - result.c1 = modp.Subtract(a.c1, b.c1); - result.c2 = modp.Subtract(a.c2, b.c2); - return result; - } - - Element& Accumulate(Element &a, const Element &b) const - { - modp.Accumulate(a.c1, b.c1); - modp.Accumulate(a.c2, b.c2); - return a; - } - - Element& Reduce(Element &a, const Element &b) const - { - modp.Reduce(a.c1, b.c1); - modp.Reduce(a.c2, b.c2); - return a; - } - - bool IsUnit(const Element &a) const - { - return a.c1.NotZero() || a.c2.NotZero(); - } - - const Element& MultiplicativeIdentity() const - { - result.c1 = result.c2 = modp.Inverse(modp.MultiplicativeIdentity()); - return result; - } - - const Element& Multiply(const Element &a, const Element &b) const - { - t = modp.Add(a.c1, a.c2); - t = modp.Multiply(t, modp.Add(b.c1, b.c2)); - result.c1 = modp.Multiply(a.c1, b.c1); - result.c2 = modp.Multiply(a.c2, b.c2); - result.c1.swap(result.c2); - modp.Reduce(t, result.c1); - modp.Reduce(t, result.c2); - modp.Reduce(result.c1, t); - modp.Reduce(result.c2, t); - return result; - } - - const Element& MultiplicativeInverse(const Element &a) const - { - return result = Exponentiate(a, modp.GetModulus()-2); - } - - const Element& Square(const Element &a) const - { - const Integer &ac1 = (&a == &result) ? (t = a.c1) : a.c1; - result.c1 = modp.Multiply(modp.Subtract(modp.Subtract(a.c2, a.c1), a.c1), a.c2); - result.c2 = modp.Multiply(modp.Subtract(modp.Subtract(ac1, a.c2), a.c2), ac1); - return result; - } - - Element Exponentiate(const Element &a, const Integer &e) const - { - Integer edivp, emodp; - Integer::Divide(emodp, edivp, e, modp.GetModulus()); - Element b = PthPower(a); - return AbstractRing<GFP2Element>::CascadeExponentiate(a, emodp, b, edivp); - } - - const Element & PthPower(const Element &a) const - { - result = a; - result.c1.swap(result.c2); - return result; - } - - void RaiseToPthPower(Element &a) const - { - a.c1.swap(a.c2); - } - - // a^2 - 2a^p - const Element & SpecialOperation1(const Element &a) const - { - assert(&a != &result); - result = Square(a); - modp.Reduce(result.c1, a.c2); - modp.Reduce(result.c1, a.c2); - modp.Reduce(result.c2, a.c1); - modp.Reduce(result.c2, a.c1); - return result; - } - - // x * z - y * z^p - const Element & SpecialOperation2(const Element &x, const Element &y, const Element &z) const - { - assert(&x != &result && &y != &result && &z != &result); - t = modp.Add(x.c2, y.c2); - result.c1 = modp.Multiply(z.c1, modp.Subtract(y.c1, t)); - modp.Accumulate(result.c1, modp.Multiply(z.c2, modp.Subtract(t, x.c1))); - t = modp.Add(x.c1, y.c1); - result.c2 = modp.Multiply(z.c2, modp.Subtract(y.c2, t)); - modp.Accumulate(result.c2, modp.Multiply(z.c1, modp.Subtract(t, x.c2))); - return result; - } - -protected: - BaseField modp; - mutable GFP2Element result; - mutable Integer t; -}; - -void XTR_FindPrimesAndGenerator(RandomNumberGenerator &rng, Integer &p, Integer &q, GFP2Element &g, unsigned int pbits, unsigned int qbits); - -GFP2Element XTR_Exponentiate(const GFP2Element &b, const Integer &e, const Integer &p); - -NAMESPACE_END - -#endif diff --git a/cryptopp562/xtrcrypt.cpp b/cryptopp562/xtrcrypt.cpp deleted file mode 100644 index 20e78e7..0000000 --- a/cryptopp562/xtrcrypt.cpp +++ /dev/null @@ -1,108 +0,0 @@ -// xtrcrypt.cpp - written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "xtrcrypt.h" -#include "nbtheory.h" -#include "asn.h" -#include "argnames.h" - -NAMESPACE_BEGIN(CryptoPP) - -XTR_DH::XTR_DH(const Integer &p, const Integer &q, const GFP2Element &g) - : m_p(p), m_q(q), m_g(g) -{ -} - -XTR_DH::XTR_DH(RandomNumberGenerator &rng, unsigned int pbits, unsigned int qbits) -{ - XTR_FindPrimesAndGenerator(rng, m_p, m_q, m_g, pbits, qbits); -} - -XTR_DH::XTR_DH(BufferedTransformation &bt) -{ - BERSequenceDecoder seq(bt); - m_p.BERDecode(seq); - m_q.BERDecode(seq); - m_g.c1.BERDecode(seq); - m_g.c2.BERDecode(seq); - seq.MessageEnd(); -} - -void XTR_DH::DEREncode(BufferedTransformation &bt) const -{ - DERSequenceEncoder seq(bt); - m_p.DEREncode(seq); - m_q.DEREncode(seq); - m_g.c1.DEREncode(seq); - m_g.c2.DEREncode(seq); - seq.MessageEnd(); -} - -bool XTR_DH::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_p > Integer::One() && m_p.IsOdd(); - pass = pass && m_q > Integer::One() && m_q.IsOdd(); - GFP2Element three = GFP2_ONB<ModularArithmetic>(m_p).ConvertIn(3); - pass = pass && !(m_g.c1.IsNegative() || m_g.c2.IsNegative() || m_g.c1 >= m_p || m_g.c2 >= m_p || m_g == three); - if (level >= 1) - pass = pass && ((m_p.Squared()-m_p+1)%m_q).IsZero(); - if (level >= 2) - { - pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); - pass = pass && XTR_Exponentiate(m_g, (m_p.Squared()-m_p+1)/m_q, m_p) != three; - pass = pass && XTR_Exponentiate(m_g, m_q, m_p) == three; - } - return pass; -} - -bool XTR_DH::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const -{ - return GetValueHelper(this, name, valueType, pValue).Assignable() - CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupOrder) - CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupGenerator) - ; -} - -void XTR_DH::AssignFrom(const NameValuePairs &source) -{ - AssignFromHelper(this, source) - CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) - CRYPTOPP_SET_FUNCTION_ENTRY(SubgroupOrder) - CRYPTOPP_SET_FUNCTION_ENTRY(SubgroupGenerator) - ; -} - -void XTR_DH::GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const -{ - Integer x(rng, Integer::Zero(), m_q-1); - x.Encode(privateKey, PrivateKeyLength()); -} - -void XTR_DH::GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const -{ - Integer x(privateKey, PrivateKeyLength()); - GFP2Element y = XTR_Exponentiate(m_g, x, m_p); - y.Encode(publicKey, PublicKeyLength()); -} - -bool XTR_DH::Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey) const -{ - GFP2Element w(otherPublicKey, PublicKeyLength()); - if (validateOtherPublicKey) - { - GFP2_ONB<ModularArithmetic> gfp2(m_p); - GFP2Element three = gfp2.ConvertIn(3); - if (w.c1.IsNegative() || w.c2.IsNegative() || w.c1 >= m_p || w.c2 >= m_p || w == three) - return false; - if (XTR_Exponentiate(w, m_q, m_p) != three) - return false; - } - Integer s(privateKey, PrivateKeyLength()); - GFP2Element z = XTR_Exponentiate(w, s, m_p); - z.Encode(agreedValue, AgreedValueLength()); - return true; -} - -NAMESPACE_END diff --git a/cryptopp562/xtrcrypt.h b/cryptopp562/xtrcrypt.h deleted file mode 100644 index 6aee127..0000000 --- a/cryptopp562/xtrcrypt.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef CRYPTOPP_XTRCRYPT_H -#define CRYPTOPP_XTRCRYPT_H - -/** \file - "The XTR public key system" by Arjen K. Lenstra and Eric R. Verheul -*/ - -#include "xtr.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! XTR-DH with key validation - -class XTR_DH : public SimpleKeyAgreementDomain, public CryptoParameters -{ - typedef XTR_DH ThisClass; - -public: - XTR_DH(const Integer &p, const Integer &q, const GFP2Element &g); - XTR_DH(RandomNumberGenerator &rng, unsigned int pbits, unsigned int qbits); - XTR_DH(BufferedTransformation &domainParams); - - void DEREncode(BufferedTransformation &domainParams) const; - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; - void AssignFrom(const NameValuePairs &source); - CryptoParameters & AccessCryptoParameters() {return *this;} - unsigned int AgreedValueLength() const {return 2*m_p.ByteCount();} - unsigned int PrivateKeyLength() const {return m_q.ByteCount();} - unsigned int PublicKeyLength() const {return 2*m_p.ByteCount();} - - void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const; - void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const; - bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const; - - const Integer &GetModulus() const {return m_p;} - const Integer &GetSubgroupOrder() const {return m_q;} - const GFP2Element &GetSubgroupGenerator() const {return m_g;} - - void SetModulus(const Integer &p) {m_p = p;} - void SetSubgroupOrder(const Integer &q) {m_q = q;} - void SetSubgroupGenerator(const GFP2Element &g) {m_g = g;} - -private: - unsigned int ExponentBitLength() const; - - Integer m_p, m_q; - GFP2Element m_g; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/zdeflate.cpp b/cryptopp562/zdeflate.cpp deleted file mode 100644 index bdcd7ba..0000000 --- a/cryptopp562/zdeflate.cpp +++ /dev/null @@ -1,801 +0,0 @@ -// zdeflate.cpp - written and placed in the public domain by Wei Dai - -// Many of the algorithms and tables used here came from the deflate implementation -// by Jean-loup Gailly, which was included in Crypto++ 4.0 and earlier. I completely -// rewrote it in order to fix a bug that I could not figure out. This code -// is less clever, but hopefully more understandable and maintainable. - -#include "pch.h" -#include "zdeflate.h" -#include <functional> - -#if _MSC_VER >= 1600 -// for make_unchecked_array_iterator -#include <iterator> -#endif - -NAMESPACE_BEGIN(CryptoPP) - -using namespace std; - -LowFirstBitWriter::LowFirstBitWriter(BufferedTransformation *attachment) - : Filter(attachment), m_counting(false), m_buffer(0), m_bitsBuffered(0), m_bytesBuffered(0) -{ -} - -void LowFirstBitWriter::StartCounting() -{ - assert(!m_counting); - m_counting = true; - m_bitCount = 0; -} - -unsigned long LowFirstBitWriter::FinishCounting() -{ - assert(m_counting); - m_counting = false; - return m_bitCount; -} - -void LowFirstBitWriter::PutBits(unsigned long value, unsigned int length) -{ - if (m_counting) - m_bitCount += length; - else - { - m_buffer |= value << m_bitsBuffered; - m_bitsBuffered += length; - assert(m_bitsBuffered <= sizeof(unsigned long)*8); - while (m_bitsBuffered >= 8) - { - m_outputBuffer[m_bytesBuffered++] = (byte)m_buffer; - if (m_bytesBuffered == m_outputBuffer.size()) - { - AttachedTransformation()->PutModifiable(m_outputBuffer, m_bytesBuffered); - m_bytesBuffered = 0; - } - m_buffer >>= 8; - m_bitsBuffered -= 8; - } - } -} - -void LowFirstBitWriter::FlushBitBuffer() -{ - if (m_counting) - m_bitCount += 8*(m_bitsBuffered > 0); - else - { - if (m_bytesBuffered > 0) - { - AttachedTransformation()->PutModifiable(m_outputBuffer, m_bytesBuffered); - m_bytesBuffered = 0; - } - if (m_bitsBuffered > 0) - { - AttachedTransformation()->Put((byte)m_buffer); - m_buffer = 0; - m_bitsBuffered = 0; - } - } -} - -void LowFirstBitWriter::ClearBitBuffer() -{ - m_buffer = 0; - m_bytesBuffered = 0; - m_bitsBuffered = 0; -} - -HuffmanEncoder::HuffmanEncoder(const unsigned int *codeBits, unsigned int nCodes) -{ - Initialize(codeBits, nCodes); -} - -struct HuffmanNode -{ - size_t symbol; - union {size_t parent; unsigned depth, freq;}; -}; - -struct FreqLessThan -{ - inline bool operator()(unsigned int lhs, const HuffmanNode &rhs) {return lhs < rhs.freq;} - inline bool operator()(const HuffmanNode &lhs, const HuffmanNode &rhs) const {return lhs.freq < rhs.freq;} - // needed for MSVC .NET 2005 - inline bool operator()(const HuffmanNode &lhs, unsigned int rhs) {return lhs.freq < rhs;} -}; - -void HuffmanEncoder::GenerateCodeLengths(unsigned int *codeBits, unsigned int maxCodeBits, const unsigned int *codeCounts, size_t nCodes) -{ - assert(nCodes > 0); - assert(nCodes <= ((size_t)1 << maxCodeBits)); - - size_t i; - SecBlockWithHint<HuffmanNode, 2*286> tree(nCodes); - for (i=0; i<nCodes; i++) - { - tree[i].symbol = i; - tree[i].freq = codeCounts[i]; - } - sort(tree.begin(), tree.end(), FreqLessThan()); - size_t treeBegin = upper_bound(tree.begin(), tree.end(), 0, FreqLessThan()) - tree.begin(); - if (treeBegin == nCodes) - { // special case for no codes - fill(codeBits, codeBits+nCodes, 0); - return; - } - tree.resize(nCodes + nCodes - treeBegin - 1); - - size_t leastLeaf = treeBegin, leastInterior = nCodes; - for (i=nCodes; i<tree.size(); i++) - { - size_t least; - least = (leastLeaf == nCodes || (leastInterior < i && tree[leastInterior].freq < tree[leastLeaf].freq)) ? leastInterior++ : leastLeaf++; - tree[i].freq = tree[least].freq; - tree[least].parent = i; - least = (leastLeaf == nCodes || (leastInterior < i && tree[leastInterior].freq < tree[leastLeaf].freq)) ? leastInterior++ : leastLeaf++; - tree[i].freq += tree[least].freq; - tree[least].parent = i; - } - - tree[tree.size()-1].depth = 0; - if (tree.size() >= 2) - for (i=tree.size()-2; i>=nCodes; i--) - tree[i].depth = tree[tree[i].parent].depth + 1; - unsigned int sum = 0; - SecBlockWithHint<unsigned int, 15+1> blCount(maxCodeBits+1); - fill(blCount.begin(), blCount.end(), 0); - for (i=treeBegin; i<nCodes; i++) - { - size_t depth = STDMIN(maxCodeBits, tree[tree[i].parent].depth + 1); - blCount[depth]++; - sum += 1 << (maxCodeBits - depth); - } - - unsigned int overflow = sum > (unsigned int)(1 << maxCodeBits) ? sum - (1 << maxCodeBits) : 0; - - while (overflow--) - { - unsigned int bits = maxCodeBits-1; - while (blCount[bits] == 0) - bits--; - blCount[bits]--; - blCount[bits+1] += 2; - assert(blCount[maxCodeBits] > 0); - blCount[maxCodeBits]--; - } - - for (i=0; i<treeBegin; i++) - codeBits[tree[i].symbol] = 0; - unsigned int bits = maxCodeBits; - for (i=treeBegin; i<nCodes; i++) - { - while (blCount[bits] == 0) - bits--; - codeBits[tree[i].symbol] = bits; - blCount[bits]--; - } - assert(blCount[bits] == 0); -} - -void HuffmanEncoder::Initialize(const unsigned int *codeBits, unsigned int nCodes) -{ - assert(nCodes > 0); - unsigned int maxCodeBits = *max_element(codeBits, codeBits+nCodes); - if (maxCodeBits == 0) - return; // assume this object won't be used - - SecBlockWithHint<unsigned int, 15+1> blCount(maxCodeBits+1); - fill(blCount.begin(), blCount.end(), 0); - unsigned int i; - for (i=0; i<nCodes; i++) - blCount[codeBits[i]]++; - - code_t code = 0; - SecBlockWithHint<code_t, 15+1> nextCode(maxCodeBits+1); - nextCode[1] = 0; - for (i=2; i<=maxCodeBits; i++) - { - code = (code + blCount[i-1]) << 1; - nextCode[i] = code; - } - assert(maxCodeBits == 1 || code == (1 << maxCodeBits) - blCount[maxCodeBits]); - - m_valueToCode.resize(nCodes); - for (i=0; i<nCodes; i++) - { - unsigned int len = m_valueToCode[i].len = codeBits[i]; - if (len != 0) - m_valueToCode[i].code = BitReverse(nextCode[len]++) >> (8*sizeof(code_t)-len); - } -} - -inline void HuffmanEncoder::Encode(LowFirstBitWriter &writer, value_t value) const -{ - assert(m_valueToCode[value].len > 0); - writer.PutBits(m_valueToCode[value].code, m_valueToCode[value].len); -} - -Deflator::Deflator(BufferedTransformation *attachment, int deflateLevel, int log2WindowSize, bool detectUncompressible) - : LowFirstBitWriter(attachment) - , m_deflateLevel(-1) -{ - InitializeStaticEncoders(); - IsolatedInitialize(MakeParameters("DeflateLevel", deflateLevel)("Log2WindowSize", log2WindowSize)("DetectUncompressible", detectUncompressible)); -} - -Deflator::Deflator(const NameValuePairs ¶meters, BufferedTransformation *attachment) - : LowFirstBitWriter(attachment) - , m_deflateLevel(-1) -{ - InitializeStaticEncoders(); - IsolatedInitialize(parameters); -} - -void Deflator::InitializeStaticEncoders() -{ - unsigned int codeLengths[288]; - fill(codeLengths + 0, codeLengths + 144, 8); - fill(codeLengths + 144, codeLengths + 256, 9); - fill(codeLengths + 256, codeLengths + 280, 7); - fill(codeLengths + 280, codeLengths + 288, 8); - m_staticLiteralEncoder.Initialize(codeLengths, 288); - fill(codeLengths + 0, codeLengths + 32, 5); - m_staticDistanceEncoder.Initialize(codeLengths, 32); -} - -void Deflator::IsolatedInitialize(const NameValuePairs ¶meters) -{ - int log2WindowSize = parameters.GetIntValueWithDefault("Log2WindowSize", DEFAULT_LOG2_WINDOW_SIZE); - if (!(MIN_LOG2_WINDOW_SIZE <= log2WindowSize && log2WindowSize <= MAX_LOG2_WINDOW_SIZE)) - throw InvalidArgument("Deflator: " + IntToString(log2WindowSize) + " is an invalid window size"); - - m_log2WindowSize = log2WindowSize; - DSIZE = 1 << m_log2WindowSize; - DMASK = DSIZE - 1; - HSIZE = 1 << m_log2WindowSize; - HMASK = HSIZE - 1; - m_byteBuffer.New(2*DSIZE); - m_head.New(HSIZE); - m_prev.New(DSIZE); - m_matchBuffer.New(DSIZE/2); - Reset(true); - - SetDeflateLevel(parameters.GetIntValueWithDefault("DeflateLevel", DEFAULT_DEFLATE_LEVEL)); - bool detectUncompressible = parameters.GetValueWithDefault("DetectUncompressible", true); - m_compressibleDeflateLevel = detectUncompressible ? m_deflateLevel : 0; -} - -void Deflator::Reset(bool forceReset) -{ - if (forceReset) - ClearBitBuffer(); - else - assert(m_bitsBuffered == 0); - - m_headerWritten = false; - m_matchAvailable = false; - m_dictionaryEnd = 0; - m_stringStart = 0; - m_lookahead = 0; - m_minLookahead = MAX_MATCH; - m_matchBufferEnd = 0; - m_blockStart = 0; - m_blockLength = 0; - - m_detectCount = 1; - m_detectSkip = 0; - - // m_prev will be initialized automaticly in InsertString - fill(m_head.begin(), m_head.end(), 0); - - fill(m_literalCounts.begin(), m_literalCounts.end(), 0); - fill(m_distanceCounts.begin(), m_distanceCounts.end(), 0); -} - -void Deflator::SetDeflateLevel(int deflateLevel) -{ - if (!(MIN_DEFLATE_LEVEL <= deflateLevel && deflateLevel <= MAX_DEFLATE_LEVEL)) - throw InvalidArgument("Deflator: " + IntToString(deflateLevel) + " is an invalid deflate level"); - - if (deflateLevel == m_deflateLevel) - return; - - EndBlock(false); - - static const unsigned int configurationTable[10][4] = { - /* good lazy nice chain */ - /* 0 */ {0, 0, 0, 0}, /* store only */ - /* 1 */ {4, 3, 8, 4}, /* maximum speed, no lazy matches */ - /* 2 */ {4, 3, 16, 8}, - /* 3 */ {4, 3, 32, 32}, - /* 4 */ {4, 4, 16, 16}, /* lazy matches */ - /* 5 */ {8, 16, 32, 32}, - /* 6 */ {8, 16, 128, 128}, - /* 7 */ {8, 32, 128, 256}, - /* 8 */ {32, 128, 258, 1024}, - /* 9 */ {32, 258, 258, 4096}}; /* maximum compression */ - - GOOD_MATCH = configurationTable[deflateLevel][0]; - MAX_LAZYLENGTH = configurationTable[deflateLevel][1]; - MAX_CHAIN_LENGTH = configurationTable[deflateLevel][3]; - - m_deflateLevel = deflateLevel; -} - -unsigned int Deflator::FillWindow(const byte *str, size_t length) -{ - unsigned int maxBlockSize = (unsigned int)STDMIN(2UL*DSIZE, 0xffffUL); - - if (m_stringStart >= maxBlockSize - MAX_MATCH) - { - if (m_blockStart < DSIZE) - EndBlock(false); - - memcpy(m_byteBuffer, m_byteBuffer + DSIZE, DSIZE); - - m_dictionaryEnd = m_dictionaryEnd < DSIZE ? 0 : m_dictionaryEnd-DSIZE; - assert(m_stringStart >= DSIZE); - m_stringStart -= DSIZE; - assert(!m_matchAvailable || m_previousMatch >= DSIZE); - m_previousMatch -= DSIZE; - assert(m_blockStart >= DSIZE); - m_blockStart -= DSIZE; - - unsigned int i; - - for (i=0; i<HSIZE; i++) - m_head[i] = SaturatingSubtract(m_head[i], DSIZE); - - for (i=0; i<DSIZE; i++) - m_prev[i] = SaturatingSubtract(m_prev[i], DSIZE); - } - - assert(maxBlockSize > m_stringStart+m_lookahead); - unsigned int accepted = UnsignedMin(maxBlockSize-(m_stringStart+m_lookahead), length); - assert(accepted > 0); - memcpy(m_byteBuffer + m_stringStart + m_lookahead, str, accepted); - m_lookahead += accepted; - return accepted; -} - -inline unsigned int Deflator::ComputeHash(const byte *str) const -{ - assert(str+3 <= m_byteBuffer + m_stringStart + m_lookahead); - return ((str[0] << 10) ^ (str[1] << 5) ^ str[2]) & HMASK; -} - -unsigned int Deflator::LongestMatch(unsigned int &bestMatch) const -{ - assert(m_previousLength < MAX_MATCH); - - bestMatch = 0; - unsigned int bestLength = STDMAX(m_previousLength, (unsigned int)MIN_MATCH-1); - if (m_lookahead <= bestLength) - return 0; - - const byte *scan = m_byteBuffer + m_stringStart, *scanEnd = scan + STDMIN((unsigned int)MAX_MATCH, m_lookahead); - unsigned int limit = m_stringStart > (DSIZE-MAX_MATCH) ? m_stringStart - (DSIZE-MAX_MATCH) : 0; - unsigned int current = m_head[ComputeHash(scan)]; - - unsigned int chainLength = MAX_CHAIN_LENGTH; - if (m_previousLength >= GOOD_MATCH) - chainLength >>= 2; - - while (current > limit && --chainLength > 0) - { - const byte *match = m_byteBuffer + current; - assert(scan + bestLength < m_byteBuffer + m_stringStart + m_lookahead); - if (scan[bestLength-1] == match[bestLength-1] && scan[bestLength] == match[bestLength] && scan[0] == match[0] && scan[1] == match[1]) - { - assert(scan[2] == match[2]); - unsigned int len = (unsigned int)( -#if defined(_STDEXT_BEGIN) && !(defined(_MSC_VER) && (_MSC_VER < 1400 || _MSC_VER >= 1600)) && !defined(_STLPORT_VERSION) - stdext::unchecked_mismatch -#else - std::mismatch -#endif -#if _MSC_VER >= 1600 - (stdext::make_unchecked_array_iterator(scan)+3, stdext::make_unchecked_array_iterator(scanEnd), stdext::make_unchecked_array_iterator(match)+3).first - stdext::make_unchecked_array_iterator(scan)); -#else - (scan+3, scanEnd, match+3).first - scan); -#endif - assert(len != bestLength); - if (len > bestLength) - { - bestLength = len; - bestMatch = current; - if (len == (scanEnd - scan)) - break; - } - } - current = m_prev[current & DMASK]; - } - return (bestMatch > 0) ? bestLength : 0; -} - -inline void Deflator::InsertString(unsigned int start) -{ - unsigned int hash = ComputeHash(m_byteBuffer + start); - m_prev[start & DMASK] = m_head[hash]; - m_head[hash] = start; -} - -void Deflator::ProcessBuffer() -{ - if (!m_headerWritten) - { - WritePrestreamHeader(); - m_headerWritten = true; - } - - if (m_deflateLevel == 0) - { - m_stringStart += m_lookahead; - m_lookahead = 0; - m_blockLength = m_stringStart - m_blockStart; - m_matchAvailable = false; - return; - } - - while (m_lookahead > m_minLookahead) - { - while (m_dictionaryEnd < m_stringStart && m_dictionaryEnd+3 <= m_stringStart+m_lookahead) - InsertString(m_dictionaryEnd++); - - if (m_matchAvailable) - { - unsigned int matchPosition, matchLength; - bool usePreviousMatch; - if (m_previousLength >= MAX_LAZYLENGTH) - usePreviousMatch = true; - else - { - matchLength = LongestMatch(matchPosition); - usePreviousMatch = (matchLength == 0); - } - if (usePreviousMatch) - { - MatchFound(m_stringStart-1-m_previousMatch, m_previousLength); - m_stringStart += m_previousLength-1; - m_lookahead -= m_previousLength-1; - m_matchAvailable = false; - } - else - { - m_previousLength = matchLength; - m_previousMatch = matchPosition; - LiteralByte(m_byteBuffer[m_stringStart-1]); - m_stringStart++; - m_lookahead--; - } - } - else - { - m_previousLength = 0; - m_previousLength = LongestMatch(m_previousMatch); - if (m_previousLength) - m_matchAvailable = true; - else - LiteralByte(m_byteBuffer[m_stringStart]); - m_stringStart++; - m_lookahead--; - } - - assert(m_stringStart - (m_blockStart+m_blockLength) == (unsigned int)m_matchAvailable); - } - - if (m_minLookahead == 0 && m_matchAvailable) - { - LiteralByte(m_byteBuffer[m_stringStart-1]); - m_matchAvailable = false; - } -} - -size_t Deflator::Put2(const byte *str, size_t length, int messageEnd, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("Deflator"); - - size_t accepted = 0; - while (accepted < length) - { - unsigned int newAccepted = FillWindow(str+accepted, length-accepted); - ProcessBuffer(); - // call ProcessUncompressedData() after WritePrestreamHeader() - ProcessUncompressedData(str+accepted, newAccepted); - accepted += newAccepted; - } - assert(accepted == length); - - if (messageEnd) - { - m_minLookahead = 0; - ProcessBuffer(); - EndBlock(true); - FlushBitBuffer(); - WritePoststreamTail(); - Reset(); - } - - Output(0, NULL, 0, messageEnd, blocking); - return 0; -} - -bool Deflator::IsolatedFlush(bool hardFlush, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("Deflator"); - - m_minLookahead = 0; - ProcessBuffer(); - m_minLookahead = MAX_MATCH; - EndBlock(false); - if (hardFlush) - EncodeBlock(false, STORED); - return false; -} - -void Deflator::LiteralByte(byte b) -{ - if (m_matchBufferEnd == m_matchBuffer.size()) - EndBlock(false); - - m_matchBuffer[m_matchBufferEnd++].literalCode = b; - m_literalCounts[b]++; - m_blockLength++; -} - -void Deflator::MatchFound(unsigned int distance, unsigned int length) -{ - if (m_matchBufferEnd == m_matchBuffer.size()) - EndBlock(false); - - static const unsigned int lengthCodes[] = { - 257, 258, 259, 260, 261, 262, 263, 264, 265, 265, 266, 266, 267, 267, 268, 268, - 269, 269, 269, 269, 270, 270, 270, 270, 271, 271, 271, 271, 272, 272, 272, 272, - 273, 273, 273, 273, 273, 273, 273, 273, 274, 274, 274, 274, 274, 274, 274, 274, - 275, 275, 275, 275, 275, 275, 275, 275, 276, 276, 276, 276, 276, 276, 276, 276, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, - 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, - 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, - 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, - 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, - 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, - 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, - 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 285}; - static const unsigned int lengthBases[] = {3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258}; - static const unsigned int distanceBases[30] = - {1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577}; - - EncodedMatch &m = m_matchBuffer[m_matchBufferEnd++]; - assert(length >= 3); - unsigned int lengthCode = lengthCodes[length-3]; - m.literalCode = lengthCode; - m.literalExtra = length - lengthBases[lengthCode-257]; - unsigned int distanceCode = (unsigned int)(upper_bound(distanceBases, distanceBases+30, distance) - distanceBases - 1); - m.distanceCode = distanceCode; - m.distanceExtra = distance - distanceBases[distanceCode]; - - m_literalCounts[lengthCode]++; - m_distanceCounts[distanceCode]++; - m_blockLength += length; -} - -inline unsigned int CodeLengthEncode(const unsigned int *begin, - const unsigned int *end, - const unsigned int *& p, - unsigned int &extraBits, - unsigned int &extraBitsLength) -{ - unsigned int v = *p; - if ((end-p) >= 3) - { - const unsigned int *oldp = p; - if (v==0 && p[1]==0 && p[2]==0) - { - for (p=p+3; p!=end && *p==0 && p!=oldp+138; p++) {} - unsigned int repeat = (unsigned int)(p - oldp); - if (repeat <= 10) - { - extraBits = repeat-3; - extraBitsLength = 3; - return 17; - } - else - { - extraBits = repeat-11; - extraBitsLength = 7; - return 18; - } - } - else if (p!=begin && v==p[-1] && v==p[1] && v==p[2]) - { - for (p=p+3; p!=end && *p==v && p!=oldp+6; p++) {} - unsigned int repeat = (unsigned int)(p - oldp); - extraBits = repeat-3; - extraBitsLength = 2; - return 16; - } - } - p++; - extraBits = 0; - extraBitsLength = 0; - return v; -} - -void Deflator::EncodeBlock(bool eof, unsigned int blockType) -{ - PutBits(eof, 1); - PutBits(blockType, 2); - - if (blockType == STORED) - { - assert(m_blockStart + m_blockLength <= m_byteBuffer.size()); - assert(m_blockLength <= 0xffff); - FlushBitBuffer(); - AttachedTransformation()->PutWord16(m_blockLength, LITTLE_ENDIAN_ORDER); - AttachedTransformation()->PutWord16(~m_blockLength, LITTLE_ENDIAN_ORDER); - AttachedTransformation()->Put(m_byteBuffer + m_blockStart, m_blockLength); - } - else - { - if (blockType == DYNAMIC) - { -#if defined(_MSC_VER) && !defined(__MWERKS__) && (_MSC_VER <= 1300) - // VC60 and VC7 workaround: built-in reverse_iterator has two template parameters, Dinkumware only has one - typedef reverse_bidirectional_iterator<unsigned int *, unsigned int> RevIt; -#elif defined(_RWSTD_NO_CLASS_PARTIAL_SPEC) - typedef reverse_iterator<unsigned int *, random_access_iterator_tag, unsigned int> RevIt; -#else - typedef reverse_iterator<unsigned int *> RevIt; -#endif - - FixedSizeSecBlock<unsigned int, 286> literalCodeLengths; - FixedSizeSecBlock<unsigned int, 30> distanceCodeLengths; - - m_literalCounts[256] = 1; - HuffmanEncoder::GenerateCodeLengths(literalCodeLengths, 15, m_literalCounts, 286); - m_dynamicLiteralEncoder.Initialize(literalCodeLengths, 286); - unsigned int hlit = (unsigned int)(find_if(RevIt(literalCodeLengths.end()), RevIt(literalCodeLengths.begin()+257), bind2nd(not_equal_to<unsigned int>(), 0)).base() - (literalCodeLengths.begin()+257)); - - HuffmanEncoder::GenerateCodeLengths(distanceCodeLengths, 15, m_distanceCounts, 30); - m_dynamicDistanceEncoder.Initialize(distanceCodeLengths, 30); - unsigned int hdist = (unsigned int)(find_if(RevIt(distanceCodeLengths.end()), RevIt(distanceCodeLengths.begin()+1), bind2nd(not_equal_to<unsigned int>(), 0)).base() - (distanceCodeLengths.begin()+1)); - - SecBlockWithHint<unsigned int, 286+30> combinedLengths(hlit+257+hdist+1); - memcpy(combinedLengths, literalCodeLengths, (hlit+257)*sizeof(unsigned int)); - memcpy(combinedLengths+hlit+257, distanceCodeLengths, (hdist+1)*sizeof(unsigned int)); - - FixedSizeSecBlock<unsigned int, 19> codeLengthCodeCounts, codeLengthCodeLengths; - fill(codeLengthCodeCounts.begin(), codeLengthCodeCounts.end(), 0); - const unsigned int *p = combinedLengths.begin(), *begin = combinedLengths.begin(), *end = combinedLengths.end(); - while (p != end) - { - unsigned int code, extraBits, extraBitsLength; - code = CodeLengthEncode(begin, end, p, extraBits, extraBitsLength); - codeLengthCodeCounts[code]++; - } - HuffmanEncoder::GenerateCodeLengths(codeLengthCodeLengths, 7, codeLengthCodeCounts, 19); - HuffmanEncoder codeLengthEncoder(codeLengthCodeLengths, 19); - static const unsigned int border[] = { // Order of the bit length code lengths - 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; - unsigned int hclen = 19; - while (hclen > 4 && codeLengthCodeLengths[border[hclen-1]] == 0) - hclen--; - hclen -= 4; - - PutBits(hlit, 5); - PutBits(hdist, 5); - PutBits(hclen, 4); - - for (unsigned int i=0; i<hclen+4; i++) - PutBits(codeLengthCodeLengths[border[i]], 3); - - p = combinedLengths.begin(); - while (p != end) - { - unsigned int code, extraBits, extraBitsLength; - code = CodeLengthEncode(begin, end, p, extraBits, extraBitsLength); - codeLengthEncoder.Encode(*this, code); - PutBits(extraBits, extraBitsLength); - } - } - - static const unsigned int lengthExtraBits[] = { - 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, - 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; - static const unsigned int distanceExtraBits[] = { - 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, - 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, - 12, 12, 13, 13}; - - const HuffmanEncoder &literalEncoder = (blockType == STATIC) ? m_staticLiteralEncoder : m_dynamicLiteralEncoder; - const HuffmanEncoder &distanceEncoder = (blockType == STATIC) ? m_staticDistanceEncoder : m_dynamicDistanceEncoder; - - for (unsigned int i=0; i<m_matchBufferEnd; i++) - { - unsigned int literalCode = m_matchBuffer[i].literalCode; - literalEncoder.Encode(*this, literalCode); - if (literalCode >= 257) - { - assert(literalCode <= 285); - PutBits(m_matchBuffer[i].literalExtra, lengthExtraBits[literalCode-257]); - unsigned int distanceCode = m_matchBuffer[i].distanceCode; - distanceEncoder.Encode(*this, distanceCode); - PutBits(m_matchBuffer[i].distanceExtra, distanceExtraBits[distanceCode]); - } - } - literalEncoder.Encode(*this, 256); // end of block - } -} - -void Deflator::EndBlock(bool eof) -{ - if (m_blockLength == 0 && !eof) - return; - - if (m_deflateLevel == 0) - { - EncodeBlock(eof, STORED); - - if (m_compressibleDeflateLevel > 0 && ++m_detectCount == m_detectSkip) - { - m_deflateLevel = m_compressibleDeflateLevel; - m_detectCount = 1; - } - } - else - { - unsigned long storedLen = 8*((unsigned long)m_blockLength+4) + RoundUpToMultipleOf(m_bitsBuffered+3, 8U)-m_bitsBuffered; - - StartCounting(); - EncodeBlock(eof, STATIC); - unsigned long staticLen = FinishCounting(); - - unsigned long dynamicLen; - if (m_blockLength < 128 && m_deflateLevel < 8) - dynamicLen = ULONG_MAX; - else - { - StartCounting(); - EncodeBlock(eof, DYNAMIC); - dynamicLen = FinishCounting(); - } - - if (storedLen <= staticLen && storedLen <= dynamicLen) - { - EncodeBlock(eof, STORED); - - if (m_compressibleDeflateLevel > 0) - { - if (m_detectSkip) - m_deflateLevel = 0; - m_detectSkip = m_detectSkip ? STDMIN(2*m_detectSkip, 128U) : 1; - } - } - else - { - if (staticLen <= dynamicLen) - EncodeBlock(eof, STATIC); - else - EncodeBlock(eof, DYNAMIC); - - if (m_compressibleDeflateLevel > 0) - m_detectSkip = 0; - } - } - - m_matchBufferEnd = 0; - m_blockStart += m_blockLength; - m_blockLength = 0; - fill(m_literalCounts.begin(), m_literalCounts.end(), 0); - fill(m_distanceCounts.begin(), m_distanceCounts.end(), 0); -} - -NAMESPACE_END diff --git a/cryptopp562/zdeflate.h b/cryptopp562/zdeflate.h deleted file mode 100644 index 8bbd14e..0000000 --- a/cryptopp562/zdeflate.h +++ /dev/null @@ -1,121 +0,0 @@ -#ifndef CRYPTOPP_ZDEFLATE_H -#define CRYPTOPP_ZDEFLATE_H - -#include "filters.h" -#include "misc.h" - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class LowFirstBitWriter : public Filter -{ -public: - LowFirstBitWriter(BufferedTransformation *attachment); - void PutBits(unsigned long value, unsigned int length); - void FlushBitBuffer(); - void ClearBitBuffer(); - - void StartCounting(); - unsigned long FinishCounting(); - -protected: - bool m_counting; - unsigned long m_bitCount; - unsigned long m_buffer; - unsigned int m_bitsBuffered, m_bytesBuffered; - FixedSizeSecBlock<byte, 256> m_outputBuffer; -}; - -//! Huffman Encoder -class HuffmanEncoder -{ -public: - typedef unsigned int code_t; - typedef unsigned int value_t; - - HuffmanEncoder() {} - HuffmanEncoder(const unsigned int *codeBits, unsigned int nCodes); - void Initialize(const unsigned int *codeBits, unsigned int nCodes); - - static void GenerateCodeLengths(unsigned int *codeBits, unsigned int maxCodeBits, const unsigned int *codeCounts, size_t nCodes); - - void Encode(LowFirstBitWriter &writer, value_t value) const; - - struct Code - { - unsigned int code; - unsigned int len; - }; - - SecBlock<Code> m_valueToCode; -}; - -//! DEFLATE (RFC 1951) compressor - -class Deflator : public LowFirstBitWriter -{ -public: - enum {MIN_DEFLATE_LEVEL = 0, DEFAULT_DEFLATE_LEVEL = 6, MAX_DEFLATE_LEVEL = 9}; - enum {MIN_LOG2_WINDOW_SIZE = 9, DEFAULT_LOG2_WINDOW_SIZE = 15, MAX_LOG2_WINDOW_SIZE = 15}; - /*! \note detectUncompressible makes it faster to process uncompressible files, but - if a file has both compressible and uncompressible parts, it may fail to compress some of the - compressible parts. */ - Deflator(BufferedTransformation *attachment=NULL, int deflateLevel=DEFAULT_DEFLATE_LEVEL, int log2WindowSize=DEFAULT_LOG2_WINDOW_SIZE, bool detectUncompressible=true); - //! possible parameter names: Log2WindowSize, DeflateLevel, DetectUncompressible - Deflator(const NameValuePairs ¶meters, BufferedTransformation *attachment=NULL); - - //! this function can be used to set the deflate level in the middle of compression - void SetDeflateLevel(int deflateLevel); - int GetDeflateLevel() const {return m_deflateLevel;} - int GetLog2WindowSize() const {return m_log2WindowSize;} - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - bool IsolatedFlush(bool hardFlush, bool blocking); - -protected: - virtual void WritePrestreamHeader() {} - virtual void ProcessUncompressedData(const byte *string, size_t length) {} - virtual void WritePoststreamTail() {} - - enum {STORED = 0, STATIC = 1, DYNAMIC = 2}; - enum {MIN_MATCH = 3, MAX_MATCH = 258}; - - void InitializeStaticEncoders(); - void Reset(bool forceReset = false); - unsigned int FillWindow(const byte *str, size_t length); - unsigned int ComputeHash(const byte *str) const; - unsigned int LongestMatch(unsigned int &bestMatch) const; - void InsertString(unsigned int start); - void ProcessBuffer(); - - void LiteralByte(byte b); - void MatchFound(unsigned int distance, unsigned int length); - void EncodeBlock(bool eof, unsigned int blockType); - void EndBlock(bool eof); - - struct EncodedMatch - { - unsigned literalCode : 9; - unsigned literalExtra : 5; - unsigned distanceCode : 5; - unsigned distanceExtra : 13; - }; - - int m_deflateLevel, m_log2WindowSize, m_compressibleDeflateLevel; - unsigned int m_detectSkip, m_detectCount; - unsigned int DSIZE, DMASK, HSIZE, HMASK, GOOD_MATCH, MAX_LAZYLENGTH, MAX_CHAIN_LENGTH; - bool m_headerWritten, m_matchAvailable; - unsigned int m_dictionaryEnd, m_stringStart, m_lookahead, m_minLookahead, m_previousMatch, m_previousLength; - HuffmanEncoder m_staticLiteralEncoder, m_staticDistanceEncoder, m_dynamicLiteralEncoder, m_dynamicDistanceEncoder; - SecByteBlock m_byteBuffer; - SecBlock<word16> m_head, m_prev; - FixedSizeSecBlock<unsigned int, 286> m_literalCounts; - FixedSizeSecBlock<unsigned int, 30> m_distanceCounts; - SecBlock<EncodedMatch> m_matchBuffer; - unsigned int m_matchBufferEnd, m_blockStart, m_blockLength; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/zinflate.cpp b/cryptopp562/zinflate.cpp deleted file mode 100644 index 4018e11..0000000 --- a/cryptopp562/zinflate.cpp +++ /dev/null @@ -1,621 +0,0 @@ -// zinflate.cpp - written and placed in the public domain by Wei Dai - -// This is a complete reimplementation of the DEFLATE decompression algorithm. -// It should not be affected by any security vulnerabilities in the zlib -// compression library. In particular it is not affected by the double free bug -// (http://www.kb.cert.org/vuls/id/368819). - -#include "pch.h" -#include "zinflate.h" - -NAMESPACE_BEGIN(CryptoPP) - -struct CodeLessThan -{ - inline bool operator()(CryptoPP::HuffmanDecoder::code_t lhs, const CryptoPP::HuffmanDecoder::CodeInfo &rhs) - {return lhs < rhs.code;} - // needed for MSVC .NET 2005 - inline bool operator()(const CryptoPP::HuffmanDecoder::CodeInfo &lhs, const CryptoPP::HuffmanDecoder::CodeInfo &rhs) - {return lhs.code < rhs.code;} -}; - -inline bool LowFirstBitReader::FillBuffer(unsigned int length) -{ - while (m_bitsBuffered < length) - { - byte b; - if (!m_store.Get(b)) - return false; - m_buffer |= (unsigned long)b << m_bitsBuffered; - m_bitsBuffered += 8; - } - assert(m_bitsBuffered <= sizeof(unsigned long)*8); - return true; -} - -inline unsigned long LowFirstBitReader::PeekBits(unsigned int length) -{ - bool result = FillBuffer(length); - assert(result); - return m_buffer & (((unsigned long)1 << length) - 1); -} - -inline void LowFirstBitReader::SkipBits(unsigned int length) -{ - assert(m_bitsBuffered >= length); - m_buffer >>= length; - m_bitsBuffered -= length; -} - -inline unsigned long LowFirstBitReader::GetBits(unsigned int length) -{ - unsigned long result = PeekBits(length); - SkipBits(length); - return result; -} - -inline HuffmanDecoder::code_t HuffmanDecoder::NormalizeCode(HuffmanDecoder::code_t code, unsigned int codeBits) -{ - return code << (MAX_CODE_BITS - codeBits); -} - -void HuffmanDecoder::Initialize(const unsigned int *codeBits, unsigned int nCodes) -{ - // the Huffman codes are represented in 3 ways in this code: - // - // 1. most significant code bit (i.e. top of code tree) in the least significant bit position - // 2. most significant code bit (i.e. top of code tree) in the most significant bit position - // 3. most significant code bit (i.e. top of code tree) in n-th least significant bit position, - // where n is the maximum code length for this code tree - // - // (1) is the way the codes come in from the deflate stream - // (2) is used to sort codes so they can be binary searched - // (3) is used in this function to compute codes from code lengths - // - // a code in representation (2) is called "normalized" here - // The BitReverse() function is used to convert between (1) and (2) - // The NormalizeCode() function is used to convert from (3) to (2) - - if (nCodes == 0) - throw Err("null code"); - - m_maxCodeBits = *std::max_element(codeBits, codeBits+nCodes); - - if (m_maxCodeBits > MAX_CODE_BITS) - throw Err("code length exceeds maximum"); - - if (m_maxCodeBits == 0) - throw Err("null code"); - - // count number of codes of each length - SecBlockWithHint<unsigned int, 15+1> blCount(m_maxCodeBits+1); - std::fill(blCount.begin(), blCount.end(), 0); - unsigned int i; - for (i=0; i<nCodes; i++) - blCount[codeBits[i]]++; - - // compute the starting code of each length - code_t code = 0; - SecBlockWithHint<code_t, 15+1> nextCode(m_maxCodeBits+1); - nextCode[1] = 0; - for (i=2; i<=m_maxCodeBits; i++) - { - // compute this while checking for overflow: code = (code + blCount[i-1]) << 1 - if (code > code + blCount[i-1]) - throw Err("codes oversubscribed"); - code += blCount[i-1]; - if (code > (code << 1)) - throw Err("codes oversubscribed"); - code <<= 1; - nextCode[i] = code; - } - - if (code > (1 << m_maxCodeBits) - blCount[m_maxCodeBits]) - throw Err("codes oversubscribed"); - else if (m_maxCodeBits != 1 && code < (1 << m_maxCodeBits) - blCount[m_maxCodeBits]) - throw Err("codes incomplete"); - - // compute a vector of <code, length, value> triples sorted by code - m_codeToValue.resize(nCodes - blCount[0]); - unsigned int j=0; - for (i=0; i<nCodes; i++) - { - unsigned int len = codeBits[i]; - if (len != 0) - { - code = NormalizeCode(nextCode[len]++, len); - m_codeToValue[j].code = code; - m_codeToValue[j].len = len; - m_codeToValue[j].value = i; - j++; - } - } - std::sort(m_codeToValue.begin(), m_codeToValue.end()); - - // initialize the decoding cache - m_cacheBits = STDMIN(9U, m_maxCodeBits); - m_cacheMask = (1 << m_cacheBits) - 1; - m_normalizedCacheMask = NormalizeCode(m_cacheMask, m_cacheBits); - assert(m_normalizedCacheMask == BitReverse(m_cacheMask)); - - if (m_cache.size() != size_t(1) << m_cacheBits) - m_cache.resize(1 << m_cacheBits); - - for (i=0; i<m_cache.size(); i++) - m_cache[i].type = 0; -} - -void HuffmanDecoder::FillCacheEntry(LookupEntry &entry, code_t normalizedCode) const -{ - normalizedCode &= m_normalizedCacheMask; - const CodeInfo &codeInfo = *(std::upper_bound(m_codeToValue.begin(), m_codeToValue.end(), normalizedCode, CodeLessThan())-1); - if (codeInfo.len <= m_cacheBits) - { - entry.type = 1; - entry.value = codeInfo.value; - entry.len = codeInfo.len; - } - else - { - entry.begin = &codeInfo; - const CodeInfo *last = & *(std::upper_bound(m_codeToValue.begin(), m_codeToValue.end(), normalizedCode + ~m_normalizedCacheMask, CodeLessThan())-1); - if (codeInfo.len == last->len) - { - entry.type = 2; - entry.len = codeInfo.len; - } - else - { - entry.type = 3; - entry.end = last+1; - } - } -} - -inline unsigned int HuffmanDecoder::Decode(code_t code, /* out */ value_t &value) const -{ - assert(m_codeToValue.size() > 0); - LookupEntry &entry = m_cache[code & m_cacheMask]; - - code_t normalizedCode; - if (entry.type != 1) - normalizedCode = BitReverse(code); - - if (entry.type == 0) - FillCacheEntry(entry, normalizedCode); - - if (entry.type == 1) - { - value = entry.value; - return entry.len; - } - else - { - const CodeInfo &codeInfo = (entry.type == 2) - ? entry.begin[(normalizedCode << m_cacheBits) >> (MAX_CODE_BITS - (entry.len - m_cacheBits))] - : *(std::upper_bound(entry.begin, entry.end, normalizedCode, CodeLessThan())-1); - value = codeInfo.value; - return codeInfo.len; - } -} - -bool HuffmanDecoder::Decode(LowFirstBitReader &reader, value_t &value) const -{ - reader.FillBuffer(m_maxCodeBits); - unsigned int codeBits = Decode(reader.PeekBuffer(), value); - if (codeBits > reader.BitsBuffered()) - return false; - reader.SkipBits(codeBits); - return true; -} - -// ************************************************************* - -Inflator::Inflator(BufferedTransformation *attachment, bool repeat, int propagation) - : AutoSignaling<Filter>(propagation) - , m_state(PRE_STREAM), m_repeat(repeat), m_reader(m_inQueue) -{ - Detach(attachment); -} - -void Inflator::IsolatedInitialize(const NameValuePairs ¶meters) -{ - m_state = PRE_STREAM; - parameters.GetValue("Repeat", m_repeat); - m_inQueue.Clear(); - m_reader.SkipBits(m_reader.BitsBuffered()); -} - -void Inflator::OutputByte(byte b) -{ - m_window[m_current++] = b; - if (m_current == m_window.size()) - { - ProcessDecompressedData(m_window + m_lastFlush, m_window.size() - m_lastFlush); - m_lastFlush = 0; - m_current = 0; - m_wrappedAround = true; - } -} - -void Inflator::OutputString(const byte *string, size_t length) -{ - while (length) - { - size_t len = UnsignedMin(length, m_window.size() - m_current); - memcpy(m_window + m_current, string, len); - m_current += len; - if (m_current == m_window.size()) - { - ProcessDecompressedData(m_window + m_lastFlush, m_window.size() - m_lastFlush); - m_lastFlush = 0; - m_current = 0; - m_wrappedAround = true; - } - string += len; - length -= len; - } -} - -void Inflator::OutputPast(unsigned int length, unsigned int distance) -{ - size_t start; - if (distance <= m_current) - start = m_current - distance; - else if (m_wrappedAround && distance <= m_window.size()) - start = m_current + m_window.size() - distance; - else - throw BadBlockErr(); - - if (start + length > m_window.size()) - { - for (; start < m_window.size(); start++, length--) - OutputByte(m_window[start]); - start = 0; - } - - if (start + length > m_current || m_current + length >= m_window.size()) - { - while (length--) - OutputByte(m_window[start++]); - } - else - { - memcpy(m_window + m_current, m_window + start, length); - m_current += length; - } -} - -size_t Inflator::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("Inflator"); - - LazyPutter lp(m_inQueue, inString, length); - ProcessInput(messageEnd != 0); - - if (messageEnd) - if (!(m_state == PRE_STREAM || m_state == AFTER_END)) - throw UnexpectedEndErr(); - - Output(0, NULL, 0, messageEnd, blocking); - return 0; -} - -bool Inflator::IsolatedFlush(bool hardFlush, bool blocking) -{ - if (!blocking) - throw BlockingInputOnly("Inflator"); - - if (hardFlush) - ProcessInput(true); - FlushOutput(); - - return false; -} - -void Inflator::ProcessInput(bool flush) -{ - while (true) - { - switch (m_state) - { - case PRE_STREAM: - if (!flush && m_inQueue.CurrentSize() < MaxPrestreamHeaderSize()) - return; - ProcessPrestreamHeader(); - m_state = WAIT_HEADER; - m_wrappedAround = false; - m_current = 0; - m_lastFlush = 0; - m_window.New(1 << GetLog2WindowSize()); - break; - case WAIT_HEADER: - { - // maximum number of bytes before actual compressed data starts - const size_t MAX_HEADER_SIZE = BitsToBytes(3+5+5+4+19*7+286*15+19*15); - if (m_inQueue.CurrentSize() < (flush ? 1 : MAX_HEADER_SIZE)) - return; - DecodeHeader(); - break; - } - case DECODING_BODY: - if (!DecodeBody()) - return; - break; - case POST_STREAM: - if (!flush && m_inQueue.CurrentSize() < MaxPoststreamTailSize()) - return; - ProcessPoststreamTail(); - m_state = m_repeat ? PRE_STREAM : AFTER_END; - Output(0, NULL, 0, GetAutoSignalPropagation(), true); // TODO: non-blocking - if (m_inQueue.IsEmpty()) - return; - break; - case AFTER_END: - m_inQueue.TransferTo(*AttachedTransformation()); - return; - } - } -} - -void Inflator::DecodeHeader() -{ - if (!m_reader.FillBuffer(3)) - throw UnexpectedEndErr(); - m_eof = m_reader.GetBits(1) != 0; - m_blockType = (byte)m_reader.GetBits(2); - switch (m_blockType) - { - case 0: // stored - { - m_reader.SkipBits(m_reader.BitsBuffered() % 8); - if (!m_reader.FillBuffer(32)) - throw UnexpectedEndErr(); - m_storedLen = (word16)m_reader.GetBits(16); - word16 nlen = (word16)m_reader.GetBits(16); - if (nlen != (word16)~m_storedLen) - throw BadBlockErr(); - break; - } - case 1: // fixed codes - m_nextDecode = LITERAL; - break; - case 2: // dynamic codes - { - if (!m_reader.FillBuffer(5+5+4)) - throw UnexpectedEndErr(); - unsigned int hlit = m_reader.GetBits(5); - unsigned int hdist = m_reader.GetBits(5); - unsigned int hclen = m_reader.GetBits(4); - - FixedSizeSecBlock<unsigned int, 286+32> codeLengths; - unsigned int i; - static const unsigned int border[] = { // Order of the bit length code lengths - 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; - std::fill(codeLengths.begin(), codeLengths+19, 0); - for (i=0; i<hclen+4; i++) - codeLengths[border[i]] = m_reader.GetBits(3); - - try - { - HuffmanDecoder codeLengthDecoder(codeLengths, 19); - for (i = 0; i < hlit+257+hdist+1; ) - { - unsigned int k, count, repeater; - bool result = codeLengthDecoder.Decode(m_reader, k); - if (!result) - throw UnexpectedEndErr(); - if (k <= 15) - { - count = 1; - repeater = k; - } - else switch (k) - { - case 16: - if (!m_reader.FillBuffer(2)) - throw UnexpectedEndErr(); - count = 3 + m_reader.GetBits(2); - if (i == 0) - throw BadBlockErr(); - repeater = codeLengths[i-1]; - break; - case 17: - if (!m_reader.FillBuffer(3)) - throw UnexpectedEndErr(); - count = 3 + m_reader.GetBits(3); - repeater = 0; - break; - case 18: - if (!m_reader.FillBuffer(7)) - throw UnexpectedEndErr(); - count = 11 + m_reader.GetBits(7); - repeater = 0; - break; - } - if (i + count > hlit+257+hdist+1) - throw BadBlockErr(); - std::fill(codeLengths + i, codeLengths + i + count, repeater); - i += count; - } - m_dynamicLiteralDecoder.Initialize(codeLengths, hlit+257); - if (hdist == 0 && codeLengths[hlit+257] == 0) - { - if (hlit != 0) // a single zero distance code length means all literals - throw BadBlockErr(); - } - else - m_dynamicDistanceDecoder.Initialize(codeLengths+hlit+257, hdist+1); - m_nextDecode = LITERAL; - } - catch (HuffmanDecoder::Err &) - { - throw BadBlockErr(); - } - break; - } - default: - throw BadBlockErr(); // reserved block type - } - m_state = DECODING_BODY; -} - -bool Inflator::DecodeBody() -{ - bool blockEnd = false; - switch (m_blockType) - { - case 0: // stored - assert(m_reader.BitsBuffered() == 0); - while (!m_inQueue.IsEmpty() && !blockEnd) - { - size_t size; - const byte *block = m_inQueue.Spy(size); - size = UnsignedMin(m_storedLen, size); - OutputString(block, size); - m_inQueue.Skip(size); - m_storedLen -= (word16)size; - if (m_storedLen == 0) - blockEnd = true; - } - break; - case 1: // fixed codes - case 2: // dynamic codes - static const unsigned int lengthStarts[] = { - 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, - 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258}; - static const unsigned int lengthExtraBits[] = { - 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, - 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; - static const unsigned int distanceStarts[] = { - 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, - 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, - 8193, 12289, 16385, 24577}; - static const unsigned int distanceExtraBits[] = { - 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, - 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, - 12, 12, 13, 13}; - - const HuffmanDecoder& literalDecoder = GetLiteralDecoder(); - const HuffmanDecoder& distanceDecoder = GetDistanceDecoder(); - - switch (m_nextDecode) - { - case LITERAL: - while (true) - { - if (!literalDecoder.Decode(m_reader, m_literal)) - { - m_nextDecode = LITERAL; - break; - } - if (m_literal < 256) - OutputByte((byte)m_literal); - else if (m_literal == 256) // end of block - { - blockEnd = true; - break; - } - else - { - if (m_literal > 285) - throw BadBlockErr(); - unsigned int bits; - case LENGTH_BITS: - bits = lengthExtraBits[m_literal-257]; - if (!m_reader.FillBuffer(bits)) - { - m_nextDecode = LENGTH_BITS; - break; - } - m_literal = m_reader.GetBits(bits) + lengthStarts[m_literal-257]; - case DISTANCE: - if (!distanceDecoder.Decode(m_reader, m_distance)) - { - m_nextDecode = DISTANCE; - break; - } - case DISTANCE_BITS: - bits = distanceExtraBits[m_distance]; - if (!m_reader.FillBuffer(bits)) - { - m_nextDecode = DISTANCE_BITS; - break; - } - m_distance = m_reader.GetBits(bits) + distanceStarts[m_distance]; - OutputPast(m_literal, m_distance); - } - } - } - } - if (blockEnd) - { - if (m_eof) - { - FlushOutput(); - m_reader.SkipBits(m_reader.BitsBuffered()%8); - if (m_reader.BitsBuffered()) - { - // undo too much lookahead - SecBlockWithHint<byte, 4> buffer(m_reader.BitsBuffered() / 8); - for (unsigned int i=0; i<buffer.size(); i++) - buffer[i] = (byte)m_reader.GetBits(8); - m_inQueue.Unget(buffer, buffer.size()); - } - m_state = POST_STREAM; - } - else - m_state = WAIT_HEADER; - } - return blockEnd; -} - -void Inflator::FlushOutput() -{ - if (m_state != PRE_STREAM) - { - assert(m_current >= m_lastFlush); - ProcessDecompressedData(m_window + m_lastFlush, m_current - m_lastFlush); - m_lastFlush = m_current; - } -} - -struct NewFixedLiteralDecoder -{ - HuffmanDecoder * operator()() const - { - unsigned int codeLengths[288]; - std::fill(codeLengths + 0, codeLengths + 144, 8); - std::fill(codeLengths + 144, codeLengths + 256, 9); - std::fill(codeLengths + 256, codeLengths + 280, 7); - std::fill(codeLengths + 280, codeLengths + 288, 8); - std::auto_ptr<HuffmanDecoder> pDecoder(new HuffmanDecoder); - pDecoder->Initialize(codeLengths, 288); - return pDecoder.release(); - } -}; - -struct NewFixedDistanceDecoder -{ - HuffmanDecoder * operator()() const - { - unsigned int codeLengths[32]; - std::fill(codeLengths + 0, codeLengths + 32, 5); - std::auto_ptr<HuffmanDecoder> pDecoder(new HuffmanDecoder); - pDecoder->Initialize(codeLengths, 32); - return pDecoder.release(); - } -}; - -const HuffmanDecoder& Inflator::GetLiteralDecoder() const -{ - return m_blockType == 1 ? Singleton<HuffmanDecoder, NewFixedLiteralDecoder>().Ref() : m_dynamicLiteralDecoder; -} - -const HuffmanDecoder& Inflator::GetDistanceDecoder() const -{ - return m_blockType == 1 ? Singleton<HuffmanDecoder, NewFixedDistanceDecoder>().Ref() : m_dynamicDistanceDecoder; -} - -NAMESPACE_END diff --git a/cryptopp562/zinflate.h b/cryptopp562/zinflate.h deleted file mode 100644 index 7e1225b..0000000 --- a/cryptopp562/zinflate.h +++ /dev/null @@ -1,149 +0,0 @@ -#ifndef CRYPTOPP_ZINFLATE_H -#define CRYPTOPP_ZINFLATE_H - -#include "filters.h" -#include <vector> - -NAMESPACE_BEGIN(CryptoPP) - -//! _ -class LowFirstBitReader -{ -public: - LowFirstBitReader(BufferedTransformation &store) - : m_store(store), m_buffer(0), m_bitsBuffered(0) {} -// unsigned long BitsLeft() const {return m_store.MaxRetrievable() * 8 + m_bitsBuffered;} - unsigned int BitsBuffered() const {return m_bitsBuffered;} - unsigned long PeekBuffer() const {return m_buffer;} - bool FillBuffer(unsigned int length); - unsigned long PeekBits(unsigned int length); - void SkipBits(unsigned int length); - unsigned long GetBits(unsigned int length); - -private: - BufferedTransformation &m_store; - unsigned long m_buffer; - unsigned int m_bitsBuffered; -}; - -struct CodeLessThan; - -//! Huffman Decoder -class HuffmanDecoder -{ -public: - typedef unsigned int code_t; - typedef unsigned int value_t; - enum {MAX_CODE_BITS = sizeof(code_t)*8}; - - class Err : public Exception {public: Err(const std::string &what) : Exception(INVALID_DATA_FORMAT, "HuffmanDecoder: " + what) {}}; - - HuffmanDecoder() {} - HuffmanDecoder(const unsigned int *codeBitLengths, unsigned int nCodes) {Initialize(codeBitLengths, nCodes);} - - void Initialize(const unsigned int *codeBitLengths, unsigned int nCodes); - unsigned int Decode(code_t code, /* out */ value_t &value) const; - bool Decode(LowFirstBitReader &reader, value_t &value) const; - -private: - friend struct CodeLessThan; - - struct CodeInfo - { - CodeInfo(code_t code=0, unsigned int len=0, value_t value=0) : code(code), len(len), value(value) {} - inline bool operator<(const CodeInfo &rhs) const {return code < rhs.code;} - code_t code; - unsigned int len; - value_t value; - }; - - struct LookupEntry - { - unsigned int type; - union - { - value_t value; - const CodeInfo *begin; - }; - union - { - unsigned int len; - const CodeInfo *end; - }; - }; - - static code_t NormalizeCode(code_t code, unsigned int codeBits); - void FillCacheEntry(LookupEntry &entry, code_t normalizedCode) const; - - unsigned int m_maxCodeBits, m_cacheBits, m_cacheMask, m_normalizedCacheMask; - std::vector<CodeInfo, AllocatorWithCleanup<CodeInfo> > m_codeToValue; - mutable std::vector<LookupEntry, AllocatorWithCleanup<LookupEntry> > m_cache; -}; - -//! DEFLATE (RFC 1951) decompressor - -class Inflator : public AutoSignaling<Filter> -{ -public: - class Err : public Exception - { - public: - Err(ErrorType e, const std::string &s) - : Exception(e, s) {} - }; - class UnexpectedEndErr : public Err {public: UnexpectedEndErr() : Err(INVALID_DATA_FORMAT, "Inflator: unexpected end of compressed block") {}}; - class BadBlockErr : public Err {public: BadBlockErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in compressed block") {}}; - - /*! \param repeat decompress multiple compressed streams in series - \param autoSignalPropagation 0 to turn off MessageEnd signal - */ - Inflator(BufferedTransformation *attachment = NULL, bool repeat = false, int autoSignalPropagation = -1); - - void IsolatedInitialize(const NameValuePairs ¶meters); - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - bool IsolatedFlush(bool hardFlush, bool blocking); - - virtual unsigned int GetLog2WindowSize() const {return 15;} - -protected: - ByteQueue m_inQueue; - -private: - virtual unsigned int MaxPrestreamHeaderSize() const {return 0;} - virtual void ProcessPrestreamHeader() {} - virtual void ProcessDecompressedData(const byte *string, size_t length) - {AttachedTransformation()->Put(string, length);} - virtual unsigned int MaxPoststreamTailSize() const {return 0;} - virtual void ProcessPoststreamTail() {} - - void ProcessInput(bool flush); - void DecodeHeader(); - bool DecodeBody(); - void FlushOutput(); - void OutputByte(byte b); - void OutputString(const byte *string, size_t length); - void OutputPast(unsigned int length, unsigned int distance); - - static const HuffmanDecoder *FixedLiteralDecoder(); - static const HuffmanDecoder *FixedDistanceDecoder(); - - const HuffmanDecoder& GetLiteralDecoder() const; - const HuffmanDecoder& GetDistanceDecoder() const; - - enum State {PRE_STREAM, WAIT_HEADER, DECODING_BODY, POST_STREAM, AFTER_END}; - State m_state; - bool m_repeat, m_eof, m_wrappedAround; - byte m_blockType; - word16 m_storedLen; - enum NextDecode {LITERAL, LENGTH_BITS, DISTANCE, DISTANCE_BITS}; - NextDecode m_nextDecode; - unsigned int m_literal, m_distance; // for LENGTH_BITS or DISTANCE_BITS - HuffmanDecoder m_dynamicLiteralDecoder, m_dynamicDistanceDecoder; - LowFirstBitReader m_reader; - SecByteBlock m_window; - size_t m_current, m_lastFlush; -}; - -NAMESPACE_END - -#endif diff --git a/cryptopp562/zlib.cpp b/cryptopp562/zlib.cpp deleted file mode 100644 index 4abafb0..0000000 --- a/cryptopp562/zlib.cpp +++ /dev/null @@ -1,90 +0,0 @@ -// zlib.cpp - written and placed in the public domain by Wei Dai - -// "zlib" is the name of a well known C language compression library -// (http://www.zlib.org) and also the name of a compression format -// (RFC 1950) that the library implements. This file is part of a -// complete reimplementation of the zlib compression format. - -#include "pch.h" -#include "zlib.h" -#include "zdeflate.h" -#include "zinflate.h" - -NAMESPACE_BEGIN(CryptoPP) - -static const byte DEFLATE_METHOD = 8; -static const byte FDICT_FLAG = 1 << 5; - -// ************************************************************* - -void ZlibCompressor::WritePrestreamHeader() -{ - m_adler32.Restart(); - byte cmf = DEFLATE_METHOD | ((GetLog2WindowSize()-8) << 4); - byte flags = GetCompressionLevel() << 6; - AttachedTransformation()->PutWord16(RoundUpToMultipleOf(cmf*256+flags, 31)); -} - -void ZlibCompressor::ProcessUncompressedData(const byte *inString, size_t length) -{ - m_adler32.Update(inString, length); -} - -void ZlibCompressor::WritePoststreamTail() -{ - FixedSizeSecBlock<byte, 4> adler32; - m_adler32.Final(adler32); - AttachedTransformation()->Put(adler32, 4); -} - -unsigned int ZlibCompressor::GetCompressionLevel() const -{ - static const unsigned int deflateToCompressionLevel[] = {0, 1, 1, 1, 2, 2, 2, 2, 2, 3}; - return deflateToCompressionLevel[GetDeflateLevel()]; -} - -// ************************************************************* - -ZlibDecompressor::ZlibDecompressor(BufferedTransformation *attachment, bool repeat, int propagation) - : Inflator(attachment, repeat, propagation) -{ -} - -void ZlibDecompressor::ProcessPrestreamHeader() -{ - m_adler32.Restart(); - - byte cmf; - byte flags; - - if (!m_inQueue.Get(cmf) || !m_inQueue.Get(flags)) - throw HeaderErr(); - - if ((cmf*256+flags) % 31 != 0) - throw HeaderErr(); // if you hit this exception, you're probably trying to decompress invalid data - - if ((cmf & 0xf) != DEFLATE_METHOD) - throw UnsupportedAlgorithm(); - - if (flags & FDICT_FLAG) - throw UnsupportedPresetDictionary(); - - m_log2WindowSize = 8 + (cmf >> 4); -} - -void ZlibDecompressor::ProcessDecompressedData(const byte *inString, size_t length) -{ - AttachedTransformation()->Put(inString, length); - m_adler32.Update(inString, length); -} - -void ZlibDecompressor::ProcessPoststreamTail() -{ - FixedSizeSecBlock<byte, 4> adler32; - if (m_inQueue.Get(adler32, 4) != 4) - throw Adler32Err(); - if (!m_adler32.Verify(adler32)) - throw Adler32Err(); -} - -NAMESPACE_END diff --git a/cryptopp562/zlib.h b/cryptopp562/zlib.h deleted file mode 100644 index 443b144..0000000 --- a/cryptopp562/zlib.h +++ /dev/null @@ -1,58 +0,0 @@ -#ifndef CRYPTOPP_ZLIB_H -#define CRYPTOPP_ZLIB_H - -#include "adler32.h" -#include "zdeflate.h" -#include "zinflate.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// ZLIB Compressor (RFC 1950) -class ZlibCompressor : public Deflator -{ -public: - ZlibCompressor(BufferedTransformation *attachment=NULL, unsigned int deflateLevel=DEFAULT_DEFLATE_LEVEL, unsigned int log2WindowSize=DEFAULT_LOG2_WINDOW_SIZE, bool detectUncompressible=true) - : Deflator(attachment, deflateLevel, log2WindowSize, detectUncompressible) {} - ZlibCompressor(const NameValuePairs ¶meters, BufferedTransformation *attachment=NULL) - : Deflator(parameters, attachment) {} - - unsigned int GetCompressionLevel() const; - -protected: - void WritePrestreamHeader(); - void ProcessUncompressedData(const byte *string, size_t length); - void WritePoststreamTail(); - - Adler32 m_adler32; -}; - -/// ZLIB Decompressor (RFC 1950) -class ZlibDecompressor : public Inflator -{ -public: - typedef Inflator::Err Err; - class HeaderErr : public Err {public: HeaderErr() : Err(INVALID_DATA_FORMAT, "ZlibDecompressor: header decoding error") {}}; - class Adler32Err : public Err {public: Adler32Err() : Err(DATA_INTEGRITY_CHECK_FAILED, "ZlibDecompressor: ADLER32 check error") {}}; - class UnsupportedAlgorithm : public Err {public: UnsupportedAlgorithm() : Err(INVALID_DATA_FORMAT, "ZlibDecompressor: unsupported algorithm") {}}; - class UnsupportedPresetDictionary : public Err {public: UnsupportedPresetDictionary() : Err(INVALID_DATA_FORMAT, "ZlibDecompressor: unsupported preset dictionary") {}}; - - /*! \param repeat decompress multiple compressed streams in series - \param autoSignalPropagation 0 to turn off MessageEnd signal - */ - ZlibDecompressor(BufferedTransformation *attachment = NULL, bool repeat = false, int autoSignalPropagation = -1); - unsigned int GetLog2WindowSize() const {return m_log2WindowSize;} - -private: - unsigned int MaxPrestreamHeaderSize() const {return 2;} - void ProcessPrestreamHeader(); - void ProcessDecompressedData(const byte *string, size_t length); - unsigned int MaxPoststreamTailSize() const {return 4;} - void ProcessPoststreamTail(); - - unsigned int m_log2WindowSize; - Adler32 m_adler32; -}; - -NAMESPACE_END - -#endif diff --git a/mbedtls b/mbedtls new file mode 160000 +Subproject 2ca6c285a0dd3f33982dd57299012dacab1ff20 |