pengjunjie/core
1
0
Fork 1
mirror of https://github.com/ONLYOFFICE/core.git synced 2026-04-07 13:55:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

.

Browse Source
This commit is contained in:
ElenaSubbotina
2018-05-05 13:17:39 +03:00
parent 50ee7d7cc1
commit 2e40b96ed9
57 changed files with 24714 additions and 24737 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Common/3dParty/cryptopp/Doxyfile
View File

@ -41,7 +41,7 @@ PROJECT_NAME = Crypto++
# could be handy for archiving the generated documentation or if some version
# control system is used.
PROJECT_NUMBER = 7.1
PROJECT_NUMBER = 7.0
# Using the PROJECT_BRIEF tag one can provide an optional one line description
# for a project that appears at the top of each page and should give viewer a

2
Common/3dParty/cryptopp/GNUmakefile
View File

@ -954,7 +954,7 @@ libcryptopp.pc:
@echo '' >> libcryptopp.pc
@echo 'Name: Crypto++' >> libcryptopp.pc
@echo 'Description: Crypto++ cryptographic library' >> libcryptopp.pc
@echo 'Version: 7.1' >> libcryptopp.pc
@echo 'Version: 7.0' >> libcryptopp.pc
@echo 'URL: https://cryptopp.com/' >> libcryptopp.pc
@echo '' >> libcryptopp.pc
@echo 'Cflags: -I$${includedir}' >> libcryptopp.pc

2
Common/3dParty/cryptopp/GNUmakefile-cross
View File

@ -88,7 +88,7 @@ ifeq ($(IS_IOS),1)
CXX = clang++
CXXFLAGS += $(IOS_FLAGS) -arch $(IOS_ARCH)
CXXFLAGS += -isysroot "$(IOS_SYSROOT)" -stdlib=libc++
CXXFLAGS += -isysroot $(IOS_SYSROOT) -stdlib=libc++
AR = libtool
ARFLAGS = -static -o

2820
Common/3dParty/cryptopp/adv-simd.h
View File

File diff suppressed because it is too large Load Diff

316
Common/3dParty/cryptopp/aria-simd.cpp
View File

@ -1,158 +1,158 @@
// aria-simd.cpp - written and placed in the public domain by
// Jeffrey Walton, Uri Blumenthal and Marcel Raad.
//
// This source file uses intrinsics to gain access to ARMv7a and
// ARMv8a NEON instructions. A separate source file is needed
// because additional CXXFLAGS are required to enable the
// appropriate instructions sets in some build configurations.
#include "pch.h"
#include "config.h"
#include "misc.h"
#if (CRYPTOPP_SSSE3_AVAILABLE)
# include <tmmintrin.h>
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
# include <arm_neon.h>
#endif
// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many
// compilers don't follow ACLE conventions for the include.
#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE)
# include <stdint.h>
# include <arm_acle.h>
#endif
// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670
#define M128_CAST(x) ((__m128i *)(void *)(x))
#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
// GCC cast warning
#define UINT32_CAST(x) ((uint32_t *)(void *)(x))
#define CONST_UINT32_CAST(x) ((const uint32_t *)(const void *)(x))
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(ARIATab)
extern const word32 S1[256];
extern const word32 S2[256];
extern const word32 X1[256];
extern const word32 X2[256];
extern const word32 KRK[3][4];
NAMESPACE_END
NAMESPACE_END
NAMESPACE_BEGIN(CryptoPP)
using CryptoPP::ARIATab::S1;
using CryptoPP::ARIATab::S2;
using CryptoPP::ARIATab::X1;
using CryptoPP::ARIATab::X2;
using CryptoPP::ARIATab::KRK;
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
template <unsigned int N>
inline void ARIA_GSRK_NEON(const uint32x4_t X, const uint32x4_t Y, byte RK[16])
{
static const unsigned int Q1 = (4-(N/32)) % 4;
static const unsigned int Q2 = (3-(N/32)) % 4;
static const unsigned int R = N % 32;
vst1q_u32(UINT32_CAST(RK),
veorq_u32(X, veorq_u32(
vshrq_n_u32(vextq_u32(Y, Y, Q1), R),
vshlq_n_u32(vextq_u32(Y, Y, Q2), 32-R))));
}
void ARIA_UncheckedSetKey_Schedule_NEON(byte* rk, word32* ws, unsigned int keylen)
{
const uint32x4_t w0 = vld1q_u32(CONST_UINT32_CAST(ws+ 0));
const uint32x4_t w1 = vld1q_u32(CONST_UINT32_CAST(ws+ 8));
const uint32x4_t w2 = vld1q_u32(CONST_UINT32_CAST(ws+12));
const uint32x4_t w3 = vld1q_u32(CONST_UINT32_CAST(ws+16));
ARIA_GSRK_NEON<19>(w0, w1, rk + 0);
ARIA_GSRK_NEON<19>(w1, w2, rk + 16);
ARIA_GSRK_NEON<19>(w2, w3, rk + 32);
ARIA_GSRK_NEON<19>(w3, w0, rk + 48);
ARIA_GSRK_NEON<31>(w0, w1, rk + 64);
ARIA_GSRK_NEON<31>(w1, w2, rk + 80);
ARIA_GSRK_NEON<31>(w2, w3, rk + 96);
ARIA_GSRK_NEON<31>(w3, w0, rk + 112);
ARIA_GSRK_NEON<67>(w0, w1, rk + 128);
ARIA_GSRK_NEON<67>(w1, w2, rk + 144);
ARIA_GSRK_NEON<67>(w2, w3, rk + 160);
ARIA_GSRK_NEON<67>(w3, w0, rk + 176);
ARIA_GSRK_NEON<97>(w0, w1, rk + 192);
if (keylen > 16)
{
ARIA_GSRK_NEON<97>(w1, w2, rk + 208);
ARIA_GSRK_NEON<97>(w2, w3, rk + 224);
if (keylen > 24)
{
ARIA_GSRK_NEON< 97>(w3, w0, rk + 240);
ARIA_GSRK_NEON<109>(w0, w1, rk + 256);
}
}
}
void ARIA_ProcessAndXorBlock_Xor_NEON(const byte* xorBlock, byte* outBlock)
{
vst1q_u32(UINT32_CAST(outBlock), veorq_u32(
vld1q_u32(CONST_UINT32_CAST(outBlock)),
vld1q_u32(CONST_UINT32_CAST(xorBlock))));
}
#endif // CRYPTOPP_ARM_NEON_AVAILABLE
#if (CRYPTOPP_SSSE3_AVAILABLE)
inline byte ARIA_BRF(const word32 x, const int y) {
return GETBYTE(x, y);
}
void ARIA_ProcessAndXorBlock_Xor_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t)
{
const __m128i MASK = _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3);
outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] );
outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8);
outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] );
outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] );
outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] );
outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8);
outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] );
outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] );
outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] );
outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8);
outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] );
outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] );
outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] );
outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8);
outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] );
outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] );
// 'outBlock' may be unaligned.
_mm_storeu_si128(M128_CAST(outBlock),
_mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(outBlock)),
_mm_shuffle_epi8(_mm_load_si128(CONST_M128_CAST(rk)), MASK)));
// 'outBlock' and 'xorBlock' may be unaligned.
if (xorBlock != NULLPTR)
{
_mm_storeu_si128(M128_CAST(outBlock),
_mm_xor_si128(
_mm_loadu_si128(CONST_M128_CAST(outBlock)),
_mm_loadu_si128(CONST_M128_CAST(xorBlock))));
}
}
#endif // CRYPTOPP_SSSE3_AVAILABLE
NAMESPACE_END
// aria-simd.cpp - written and placed in the public domain by
// Jeffrey Walton, Uri Blumenthal and Marcel Raad.
//
// This source file uses intrinsics to gain access to ARMv7a and
// ARMv8a NEON instructions. A separate source file is needed
// because additional CXXFLAGS are required to enable the
// appropriate instructions sets in some build configurations.
#include "pch.h"
#include "config.h"
#include "misc.h"
#if (CRYPTOPP_SSSE3_AVAILABLE)
# include <tmmintrin.h>
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
# include <arm_neon.h>
#endif
// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many
// compilers don't follow ACLE conventions for the include.
#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE)
# include <stdint.h>
# include <arm_acle.h>
#endif
// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670
#define M128_CAST(x) ((__m128i *)(void *)(x))
#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
// GCC cast warning
#define UINT32_CAST(x) ((uint32_t *)(void *)(x))
#define CONST_UINT32_CAST(x) ((const uint32_t *)(const void *)(x))
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(ARIATab)
extern const word32 S1[256];
extern const word32 S2[256];
extern const word32 X1[256];
extern const word32 X2[256];
extern const word32 KRK[3][4];
NAMESPACE_END
NAMESPACE_END
NAMESPACE_BEGIN(CryptoPP)
using CryptoPP::ARIATab::S1;
using CryptoPP::ARIATab::S2;
using CryptoPP::ARIATab::X1;
using CryptoPP::ARIATab::X2;
using CryptoPP::ARIATab::KRK;
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
template <unsigned int N>
inline void ARIA_GSRK_NEON(const uint32x4_t X, const uint32x4_t Y, byte RK[16])
{
static const unsigned int Q1 = (4-(N/32)) % 4;
static const unsigned int Q2 = (3-(N/32)) % 4;
static const unsigned int R = N % 32;
vst1q_u32(UINT32_CAST(RK),
veorq_u32(X, veorq_u32(
vshrq_n_u32(vextq_u32(Y, Y, Q1), R),
vshlq_n_u32(vextq_u32(Y, Y, Q2), 32-R))));
}
void ARIA_UncheckedSetKey_Schedule_NEON(byte* rk, word32* ws, unsigned int keylen)
{
const uint32x4_t w0 = vld1q_u32(CONST_UINT32_CAST(ws+ 0));
const uint32x4_t w1 = vld1q_u32(CONST_UINT32_CAST(ws+ 8));
const uint32x4_t w2 = vld1q_u32(CONST_UINT32_CAST(ws+12));
const uint32x4_t w3 = vld1q_u32(CONST_UINT32_CAST(ws+16));
ARIA_GSRK_NEON<19>(w0, w1, rk + 0);
ARIA_GSRK_NEON<19>(w1, w2, rk + 16);
ARIA_GSRK_NEON<19>(w2, w3, rk + 32);
ARIA_GSRK_NEON<19>(w3, w0, rk + 48);
ARIA_GSRK_NEON<31>(w0, w1, rk + 64);
ARIA_GSRK_NEON<31>(w1, w2, rk + 80);
ARIA_GSRK_NEON<31>(w2, w3, rk + 96);
ARIA_GSRK_NEON<31>(w3, w0, rk + 112);
ARIA_GSRK_NEON<67>(w0, w1, rk + 128);
ARIA_GSRK_NEON<67>(w1, w2, rk + 144);
ARIA_GSRK_NEON<67>(w2, w3, rk + 160);
ARIA_GSRK_NEON<67>(w3, w0, rk + 176);
ARIA_GSRK_NEON<97>(w0, w1, rk + 192);
if (keylen > 16)
{
ARIA_GSRK_NEON<97>(w1, w2, rk + 208);
ARIA_GSRK_NEON<97>(w2, w3, rk + 224);
if (keylen > 24)
{
ARIA_GSRK_NEON< 97>(w3, w0, rk + 240);
ARIA_GSRK_NEON<109>(w0, w1, rk + 256);
}
}
}
void ARIA_ProcessAndXorBlock_Xor_NEON(const byte* xorBlock, byte* outBlock)
{
vst1q_u32(UINT32_CAST(outBlock), veorq_u32(
vld1q_u32(CONST_UINT32_CAST(outBlock)),
vld1q_u32(CONST_UINT32_CAST(xorBlock))));
}
#endif // CRYPTOPP_ARM_NEON_AVAILABLE
#if (CRYPTOPP_SSSE3_AVAILABLE)
inline byte ARIA_BRF(const word32 x, const int y) {
return GETBYTE(x, y);
}
void ARIA_ProcessAndXorBlock_Xor_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t)
{
const __m128i MASK = _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3);
outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] );
outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8);
outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] );
outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] );
outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] );
outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8);
outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] );
outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] );
outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] );
outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8);
outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] );
outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] );
outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] );
outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8);
outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] );
outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] );
// 'outBlock' may be unaligned.
_mm_storeu_si128(M128_CAST(outBlock),
_mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(outBlock)),
_mm_shuffle_epi8(_mm_load_si128(CONST_M128_CAST(rk)), MASK)));
// 'outBlock' and 'xorBlock' may be unaligned.
if (xorBlock != NULLPTR)
{
_mm_storeu_si128(M128_CAST(outBlock),
_mm_xor_si128(
_mm_loadu_si128(CONST_M128_CAST(outBlock)),
_mm_loadu_si128(CONST_M128_CAST(xorBlock))));
}
}
#endif // CRYPTOPP_SSSE3_AVAILABLE
NAMESPACE_END

698
Common/3dParty/cryptopp/aria.cpp
View File

@ -1,349 +1,349 @@
// aria.cpp - written and placed in the public domain by Jeffrey Walton
#include "pch.h"
#include "config.h"
#include "aria.h"
#include "misc.h"
#include "cpu.h"
#if CRYPTOPP_SSE2_INTRIN_AVAILABLE
# define CRYPTOPP_ENABLE_ARIA_SSE2_INTRINSICS 1
#endif
#if CRYPTOPP_SSSE3_AVAILABLE
# define CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS 1
#endif
// GCC cast warning. Note: this is used on round key table,
// which is word32 and naturally aligned.
#define UINT32_CAST(x) ((word32 *)(void *)(x))
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(ARIATab)
extern const word32 S1[256];
extern const word32 S2[256];
extern const word32 X1[256];
extern const word32 X2[256];
extern const word32 KRK[3][4];
NAMESPACE_END
NAMESPACE_END
NAMESPACE_BEGIN(CryptoPP)
using CryptoPP::ARIATab::S1;
using CryptoPP::ARIATab::S2;
using CryptoPP::ARIATab::X1;
using CryptoPP::ARIATab::X2;
using CryptoPP::ARIATab::KRK;
inline byte ARIA_BRF(const word32 x, const int y) {
return GETBYTE(x, y);
}
// Key XOR Layer
#define ARIA_KXL { \
typedef BlockGetAndPut<word32, NativeByteOrder, true, true> NativeBlock; \
NativeBlock::Put(rk, t)(t[0])(t[1])(t[2])(t[3]); \
}
// S-Box Layer 1 + M
#define SBL1_M(T0,T1,T2,T3) { \
T0=S1[ARIA_BRF(T0,3)]^S2[ARIA_BRF(T0,2)]^X1[ARIA_BRF(T0,1)]^X2[ARIA_BRF(T0,0)]; \
T1=S1[ARIA_BRF(T1,3)]^S2[ARIA_BRF(T1,2)]^X1[ARIA_BRF(T1,1)]^X2[ARIA_BRF(T1,0)]; \
T2=S1[ARIA_BRF(T2,3)]^S2[ARIA_BRF(T2,2)]^X1[ARIA_BRF(T2,1)]^X2[ARIA_BRF(T2,0)]; \
T3=S1[ARIA_BRF(T3,3)]^S2[ARIA_BRF(T3,2)]^X1[ARIA_BRF(T3,1)]^X2[ARIA_BRF(T3,0)]; \
}
// S-Box Layer 2 + M
#define SBL2_M(T0,T1,T2,T3) { \
T0=X1[ARIA_BRF(T0,3)]^X2[ARIA_BRF(T0,2)]^S1[ARIA_BRF(T0,1)]^S2[ARIA_BRF(T0,0)]; \
T1=X1[ARIA_BRF(T1,3)]^X2[ARIA_BRF(T1,2)]^S1[ARIA_BRF(T1,1)]^S2[ARIA_BRF(T1,0)]; \
T2=X1[ARIA_BRF(T2,3)]^X2[ARIA_BRF(T2,2)]^S1[ARIA_BRF(T2,1)]^S2[ARIA_BRF(T2,0)]; \
T3=X1[ARIA_BRF(T3,3)]^X2[ARIA_BRF(T3,2)]^S1[ARIA_BRF(T3,1)]^S2[ARIA_BRF(T3,0)]; \
}
#define ARIA_P(T0,T1,T2,T3) { \
(T1) = (((T1)<< 8)&0xff00ff00) ^ (((T1)>> 8)&0x00ff00ff); \
(T2) = rotrConstant<16>(T2); \
(T3) = ByteReverse((T3)); \
}
#define ARIA_M(X,Y) { \
Y=(X)<<8 ^ (X)>>8 ^ (X)<<16 ^ (X)>>16 ^ (X)<<24 ^ (X)>>24; \
}
#define ARIA_MM(T0,T1,T2,T3) { \
(T1)^=(T2); (T2)^=(T3); (T0)^=(T1); \
(T3)^=(T1); (T2)^=(T0); (T1)^=(T2); \
}
#define ARIA_FO {SBL1_M(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3]) ARIA_P(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3])}
#define ARIA_FE {SBL2_M(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3]) ARIA_P(t[2],t[3],t[0],t[1]) ARIA_MM(t[0],t[1],t[2],t[3])}
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
extern void ARIA_UncheckedSetKey_Schedule_NEON(byte* rk, word32* ws, unsigned int keylen);
extern void ARIA_ProcessAndXorBlock_Xor_NEON(const byte* xorBlock, byte* outblock);
#endif
#if (CRYPTOPP_SSSE3_AVAILABLE)
extern void ARIA_ProcessAndXorBlock_Xor_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t);
#endif
// n-bit right shift of Y XORed to X
template <unsigned int N>
inline void ARIA_GSRK(const word32 X[4], const word32 Y[4], byte RK[16])
{
// MSVC is not generating a "rotate immediate". Constify to help it along.
static const unsigned int Q = 4-(N/32);
static const unsigned int R = N % 32;
UINT32_CAST(RK)[0] = (X[0]) ^ ((Y[(Q )%4])>>R) ^ ((Y[(Q+3)%4])<<(32-R));
UINT32_CAST(RK)[1] = (X[1]) ^ ((Y[(Q+1)%4])>>R) ^ ((Y[(Q )%4])<<(32-R));
UINT32_CAST(RK)[2] = (X[2]) ^ ((Y[(Q+2)%4])>>R) ^ ((Y[(Q+1)%4])<<(32-R));
UINT32_CAST(RK)[3] = (X[3]) ^ ((Y[(Q+3)%4])>>R) ^ ((Y[(Q+2)%4])<<(32-R));
}
void ARIA::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params)
{
CRYPTOPP_UNUSED(params);
m_rk.New(16*17); // round keys
m_w.New(4*7); // w0, w1, w2, w3, t and u
const byte *mk = key;
byte *rk = m_rk.data();
int Q, q, R, r;
switch (keylen)
{
case 16:
R = r = m_rounds = 12;
Q = q = 0;
break;
case 32:
R = r = m_rounds = 16;
Q = q = 2;
break;
case 24:
R = r = m_rounds = 14;
Q = q = 1;
break;
default:
Q = q = R = r = m_rounds = 0;
CRYPTOPP_ASSERT(0);
}
// w0 has room for 32 bytes. w1-w3 each has room for 16 bytes. t and u are 16 byte temp areas.
word32 *w0 = m_w.data(), *w1 = m_w.data()+8, *w2 = m_w.data()+12, *w3 = m_w.data()+16, *t = m_w.data()+20;
GetBlock<word32, BigEndian, false>block(key);
block(w0[0])(w0[1])(w0[2])(w0[3]);
t[0]=w0[0]^KRK[q][0]; t[1]=w0[1]^KRK[q][1];
t[2]=w0[2]^KRK[q][2]; t[3]=w0[3]^KRK[q][3];
ARIA_FO;
if (keylen == 32)
{
GetBlock<word32, BigEndian, false>block(mk+16);
block(w1[0])(w1[1])(w1[2])(w1[3]);
}
else if (keylen == 24)
{
GetBlock<word32, BigEndian, false>block(mk+16);
block(w1[0])(w1[1]); w1[2] = w1[3] = 0;
}
else
{
w1[0]=w1[1]=w1[2]=w1[3]=0;
}
w1[0]^=t[0]; w1[1]^=t[1]; w1[2]^=t[2]; w1[3]^=t[3];
::memcpy(t, w1, 16);
q = (q==2) ? 0 : (q+1);
t[0]^=KRK[q][0]; t[1]^=KRK[q][1]; t[2]^=KRK[q][2]; t[3]^=KRK[q][3];
ARIA_FE;
t[0]^=w0[0]; t[1]^=w0[1]; t[2]^=w0[2]; t[3]^=w0[3];
::memcpy(w2, t, 16);
q = (q==2) ? 0 : (q+1);
t[0]^=KRK[q][0]; t[1]^=KRK[q][1]; t[2]^=KRK[q][2]; t[3]^=KRK[q][3];
ARIA_FO;
w3[0]=t[0]^w1[0]; w3[1]=t[1]^w1[1]; w3[2]=t[2]^w1[2]; w3[3]=t[3]^w1[3];
#if CRYPTOPP_ARM_NEON_AVAILABLE
if (HasNEON())
{
ARIA_UncheckedSetKey_Schedule_NEON(rk, m_w, keylen);
}
else
#endif // CRYPTOPP_ARM_NEON_AVAILABLE
{
ARIA_GSRK<19>(w0, w1, rk + 0);
ARIA_GSRK<19>(w1, w2, rk + 16);
ARIA_GSRK<19>(w2, w3, rk + 32);
ARIA_GSRK<19>(w3, w0, rk + 48);
ARIA_GSRK<31>(w0, w1, rk + 64);
ARIA_GSRK<31>(w1, w2, rk + 80);
ARIA_GSRK<31>(w2, w3, rk + 96);
ARIA_GSRK<31>(w3, w0, rk + 112);
ARIA_GSRK<67>(w0, w1, rk + 128);
ARIA_GSRK<67>(w1, w2, rk + 144);
ARIA_GSRK<67>(w2, w3, rk + 160);
ARIA_GSRK<67>(w3, w0, rk + 176);
ARIA_GSRK<97>(w0, w1, rk + 192);
if (keylen > 16)
{
ARIA_GSRK<97>(w1, w2, rk + 208);
ARIA_GSRK<97>(w2, w3, rk + 224);
if (keylen > 24)
{
ARIA_GSRK< 97>(w3, w0, rk + 240);
ARIA_GSRK<109>(w0, w1, rk + 256);
}
}
}
// Decryption operation
if (!IsForwardTransformation())
{
word32 *a, *z, *s;
rk = m_rk.data();
r = R; q = Q;
a=UINT32_CAST(rk); s=m_w.data()+24; z=a+r*4;
::memcpy(t, a, 16); ::memcpy(a, z, 16); ::memcpy(z, t, 16);
a+=4; z-=4;
for (; a<z; a+=4, z-=4)
{
ARIA_M(a[0],t[0]); ARIA_M(a[1],t[1]); ARIA_M(a[2],t[2]); ARIA_M(a[3],t[3]);
ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
::memcpy(s, t, 16);
ARIA_M(z[0],t[0]); ARIA_M(z[1],t[1]); ARIA_M(z[2],t[2]); ARIA_M(z[3],t[3]);
ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
::memcpy(a, t, 16); ::memcpy(z, s, 16);
}
ARIA_M(a[0],t[0]); ARIA_M(a[1],t[1]); ARIA_M(a[2],t[2]); ARIA_M(a[3],t[3]);
ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
::memcpy(z, t, 16);
}
// Silence warnings
CRYPTOPP_UNUSED(Q); CRYPTOPP_UNUSED(R);
CRYPTOPP_UNUSED(q); CRYPTOPP_UNUSED(r);
}
void ARIA::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
const byte *rk = reinterpret_cast<const byte*>(m_rk.data());
word32 *t = const_cast<word32*>(m_w.data()+20);
// Timing attack countermeasure. See comments in Rijndael for more details.
// We used Yun's 32-bit implementation, so we use words rather than bytes.
const int cacheLineSize = GetCacheLineSize();
unsigned int i;
volatile word32 _u = 0;
word32 u = _u;
for (i=0; i<COUNTOF(S1); i+=cacheLineSize/(sizeof(S1[0])))
u |= *(S1+i);
t[0] |= u;
GetBlock<word32, BigEndian>block(inBlock);
block(t[0])(t[1])(t[2])(t[3]);
if (m_rounds > 12) {
ARIA_KXL; rk+= 16; ARIA_FO;
ARIA_KXL; rk+= 16; ARIA_FE;
}
if (m_rounds > 14) {
ARIA_KXL; rk+= 16; ARIA_FO;
ARIA_KXL; rk+= 16; ARIA_FE;
}
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16;
#if CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS
if (HasSSSE3())
{
ARIA_ProcessAndXorBlock_Xor_SSSE3(xorBlock, outBlock, rk, t);
return;
}
else
#endif // CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS
#ifdef CRYPTOPP_LITTLE_ENDIAN
{
outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 3];
outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 2];
outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 1];
outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 0];
outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 7];
outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 6];
outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 5];
outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 4];
outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] ) ^ rk[11];
outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[10];
outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] ) ^ rk[ 9];
outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] ) ^ rk[ 8];
outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] ) ^ rk[15];
outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[14];
outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] ) ^ rk[13];
outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] ) ^ rk[12];
}
#else
{
outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 0];
outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 1];
outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 2];
outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 3];
outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 4];
outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 5];
outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 6];
outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 7];
outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] ) ^ rk[ 8];
outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[ 9];
outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] ) ^ rk[10];
outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] ) ^ rk[11];
outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] ) ^ rk[12];
outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[13];
outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] ) ^ rk[14];
outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] ) ^ rk[15];
}
#endif // CRYPTOPP_LITTLE_ENDIAN
#if CRYPTOPP_ARM_NEON_AVAILABLE
if (HasNEON())
{
if (xorBlock != NULLPTR)
ARIA_ProcessAndXorBlock_Xor_NEON(xorBlock, outBlock);
}
else
#endif // CRYPTOPP_ARM_NEON_AVAILABLE
{
if (xorBlock != NULLPTR)
for (unsigned int n=0; n<ARIA::BLOCKSIZE; ++n)
outBlock[n] ^= xorBlock[n];
}
}
NAMESPACE_END
// aria.cpp - written and placed in the public domain by Jeffrey Walton
#include "pch.h"
#include "config.h"
#include "aria.h"
#include "misc.h"
#include "cpu.h"
#if CRYPTOPP_SSE2_INTRIN_AVAILABLE
# define CRYPTOPP_ENABLE_ARIA_SSE2_INTRINSICS 1
#endif
#if CRYPTOPP_SSSE3_AVAILABLE
# define CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS 1
#endif
// GCC cast warning. Note: this is used on round key table,
// which is word32 and naturally aligned.
#define UINT32_CAST(x) ((word32 *)(void *)(x))
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(ARIATab)
extern const word32 S1[256];
extern const word32 S2[256];
extern const word32 X1[256];
extern const word32 X2[256];
extern const word32 KRK[3][4];
NAMESPACE_END
NAMESPACE_END
NAMESPACE_BEGIN(CryptoPP)
using CryptoPP::ARIATab::S1;
using CryptoPP::ARIATab::S2;
using CryptoPP::ARIATab::X1;
using CryptoPP::ARIATab::X2;
using CryptoPP::ARIATab::KRK;
inline byte ARIA_BRF(const word32 x, const int y) {
return GETBYTE(x, y);
}
// Key XOR Layer
#define ARIA_KXL { \
typedef BlockGetAndPut<word32, NativeByteOrder, true, true> NativeBlock; \
NativeBlock::Put(rk, t)(t[0])(t[1])(t[2])(t[3]); \
}
// S-Box Layer 1 + M
#define SBL1_M(T0,T1,T2,T3) { \
T0=S1[ARIA_BRF(T0,3)]^S2[ARIA_BRF(T0,2)]^X1[ARIA_BRF(T0,1)]^X2[ARIA_BRF(T0,0)]; \
T1=S1[ARIA_BRF(T1,3)]^S2[ARIA_BRF(T1,2)]^X1[ARIA_BRF(T1,1)]^X2[ARIA_BRF(T1,0)]; \
T2=S1[ARIA_BRF(T2,3)]^S2[ARIA_BRF(T2,2)]^X1[ARIA_BRF(T2,1)]^X2[ARIA_BRF(T2,0)]; \
T3=S1[ARIA_BRF(T3,3)]^S2[ARIA_BRF(T3,2)]^X1[ARIA_BRF(T3,1)]^X2[ARIA_BRF(T3,0)]; \
}
// S-Box Layer 2 + M
#define SBL2_M(T0,T1,T2,T3) { \
T0=X1[ARIA_BRF(T0,3)]^X2[ARIA_BRF(T0,2)]^S1[ARIA_BRF(T0,1)]^S2[ARIA_BRF(T0,0)]; \
T1=X1[ARIA_BRF(T1,3)]^X2[ARIA_BRF(T1,2)]^S1[ARIA_BRF(T1,1)]^S2[ARIA_BRF(T1,0)]; \
T2=X1[ARIA_BRF(T2,3)]^X2[ARIA_BRF(T2,2)]^S1[ARIA_BRF(T2,1)]^S2[ARIA_BRF(T2,0)]; \
T3=X1[ARIA_BRF(T3,3)]^X2[ARIA_BRF(T3,2)]^S1[ARIA_BRF(T3,1)]^S2[ARIA_BRF(T3,0)]; \
}
#define ARIA_P(T0,T1,T2,T3) { \
(T1) = (((T1)<< 8)&0xff00ff00) ^ (((T1)>> 8)&0x00ff00ff); \
(T2) = rotrConstant<16>(T2); \
(T3) = ByteReverse((T3)); \
}
#define ARIA_M(X,Y) { \
Y=(X)<<8 ^ (X)>>8 ^ (X)<<16 ^ (X)>>16 ^ (X)<<24 ^ (X)>>24; \
}
#define ARIA_MM(T0,T1,T2,T3) { \
(T1)^=(T2); (T2)^=(T3); (T0)^=(T1); \
(T3)^=(T1); (T2)^=(T0); (T1)^=(T2); \
}
#define ARIA_FO {SBL1_M(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3]) ARIA_P(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3])}
#define ARIA_FE {SBL2_M(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3]) ARIA_P(t[2],t[3],t[0],t[1]) ARIA_MM(t[0],t[1],t[2],t[3])}
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
extern void ARIA_UncheckedSetKey_Schedule_NEON(byte* rk, word32* ws, unsigned int keylen);
extern void ARIA_ProcessAndXorBlock_Xor_NEON(const byte* xorBlock, byte* outblock);
#endif
#if (CRYPTOPP_SSSE3_AVAILABLE)
extern void ARIA_ProcessAndXorBlock_Xor_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t);
#endif
// n-bit right shift of Y XORed to X
template <unsigned int N>
inline void ARIA_GSRK(const word32 X[4], const word32 Y[4], byte RK[16])
{
// MSVC is not generating a "rotate immediate". Constify to help it along.
static const unsigned int Q = 4-(N/32);
static const unsigned int R = N % 32;
UINT32_CAST(RK)[0] = (X[0]) ^ ((Y[(Q )%4])>>R) ^ ((Y[(Q+3)%4])<<(32-R));
UINT32_CAST(RK)[1] = (X[1]) ^ ((Y[(Q+1)%4])>>R) ^ ((Y[(Q )%4])<<(32-R));
UINT32_CAST(RK)[2] = (X[2]) ^ ((Y[(Q+2)%4])>>R) ^ ((Y[(Q+1)%4])<<(32-R));
UINT32_CAST(RK)[3] = (X[3]) ^ ((Y[(Q+3)%4])>>R) ^ ((Y[(Q+2)%4])<<(32-R));
}
void ARIA::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params)
{
CRYPTOPP_UNUSED(params);
m_rk.New(16*17); // round keys
m_w.New(4*7); // w0, w1, w2, w3, t and u
const byte *mk = key;
byte *rk = m_rk.data();
int Q, q, R, r;
switch (keylen)
{
case 16:
R = r = m_rounds = 12;
Q = q = 0;
break;
case 32:
R = r = m_rounds = 16;
Q = q = 2;
break;
case 24:
R = r = m_rounds = 14;
Q = q = 1;
break;
default:
Q = q = R = r = m_rounds = 0;
CRYPTOPP_ASSERT(0);
}
// w0 has room for 32 bytes. w1-w3 each has room for 16 bytes. t and u are 16 byte temp areas.
word32 *w0 = m_w.data(), *w1 = m_w.data()+8, *w2 = m_w.data()+12, *w3 = m_w.data()+16, *t = m_w.data()+20;
GetBlock<word32, BigEndian, false>block(key);
block(w0[0])(w0[1])(w0[2])(w0[3]);
t[0]=w0[0]^KRK[q][0]; t[1]=w0[1]^KRK[q][1];
t[2]=w0[2]^KRK[q][2]; t[3]=w0[3]^KRK[q][3];
ARIA_FO;
if (keylen == 32)
{
GetBlock<word32, BigEndian, false>block(mk+16);
block(w1[0])(w1[1])(w1[2])(w1[3]);
}
else if (keylen == 24)
{
GetBlock<word32, BigEndian, false>block(mk+16);
block(w1[0])(w1[1]); w1[2] = w1[3] = 0;
}
else
{
w1[0]=w1[1]=w1[2]=w1[3]=0;
}
w1[0]^=t[0]; w1[1]^=t[1]; w1[2]^=t[2]; w1[3]^=t[3];
::memcpy(t, w1, 16);
q = (q==2) ? 0 : (q+1);
t[0]^=KRK[q][0]; t[1]^=KRK[q][1]; t[2]^=KRK[q][2]; t[3]^=KRK[q][3];
ARIA_FE;
t[0]^=w0[0]; t[1]^=w0[1]; t[2]^=w0[2]; t[3]^=w0[3];
::memcpy(w2, t, 16);
q = (q==2) ? 0 : (q+1);
t[0]^=KRK[q][0]; t[1]^=KRK[q][1]; t[2]^=KRK[q][2]; t[3]^=KRK[q][3];
ARIA_FO;
w3[0]=t[0]^w1[0]; w3[1]=t[1]^w1[1]; w3[2]=t[2]^w1[2]; w3[3]=t[3]^w1[3];
#if CRYPTOPP_ARM_NEON_AVAILABLE
if (HasNEON())
{
ARIA_UncheckedSetKey_Schedule_NEON(rk, m_w, keylen);
}
else
#endif // CRYPTOPP_ARM_NEON_AVAILABLE
{
ARIA_GSRK<19>(w0, w1, rk + 0);
ARIA_GSRK<19>(w1, w2, rk + 16);
ARIA_GSRK<19>(w2, w3, rk + 32);
ARIA_GSRK<19>(w3, w0, rk + 48);
ARIA_GSRK<31>(w0, w1, rk + 64);
ARIA_GSRK<31>(w1, w2, rk + 80);
ARIA_GSRK<31>(w2, w3, rk + 96);
ARIA_GSRK<31>(w3, w0, rk + 112);
ARIA_GSRK<67>(w0, w1, rk + 128);
ARIA_GSRK<67>(w1, w2, rk + 144);
ARIA_GSRK<67>(w2, w3, rk + 160);
ARIA_GSRK<67>(w3, w0, rk + 176);
ARIA_GSRK<97>(w0, w1, rk + 192);
if (keylen > 16)
{
ARIA_GSRK<97>(w1, w2, rk + 208);
ARIA_GSRK<97>(w2, w3, rk + 224);
if (keylen > 24)
{
ARIA_GSRK< 97>(w3, w0, rk + 240);
ARIA_GSRK<109>(w0, w1, rk + 256);
}
}
}
// Decryption operation
if (!IsForwardTransformation())
{
word32 *a, *z, *s;
rk = m_rk.data();
r = R; q = Q;
a=UINT32_CAST(rk); s=m_w.data()+24; z=a+r*4;
::memcpy(t, a, 16); ::memcpy(a, z, 16); ::memcpy(z, t, 16);
a+=4; z-=4;
for (; a<z; a+=4, z-=4)
{
ARIA_M(a[0],t[0]); ARIA_M(a[1],t[1]); ARIA_M(a[2],t[2]); ARIA_M(a[3],t[3]);
ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
::memcpy(s, t, 16);
ARIA_M(z[0],t[0]); ARIA_M(z[1],t[1]); ARIA_M(z[2],t[2]); ARIA_M(z[3],t[3]);
ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
::memcpy(a, t, 16); ::memcpy(z, s, 16);
}
ARIA_M(a[0],t[0]); ARIA_M(a[1],t[1]); ARIA_M(a[2],t[2]); ARIA_M(a[3],t[3]);
ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
::memcpy(z, t, 16);
}
// Silence warnings
CRYPTOPP_UNUSED(Q); CRYPTOPP_UNUSED(R);
CRYPTOPP_UNUSED(q); CRYPTOPP_UNUSED(r);
}
void ARIA::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
const byte *rk = reinterpret_cast<const byte*>(m_rk.data());
word32 *t = const_cast<word32*>(m_w.data()+20);
// Timing attack countermeasure. See comments in Rijndael for more details.
// We used Yun's 32-bit implementation, so we use words rather than bytes.
const int cacheLineSize = GetCacheLineSize();
unsigned int i;
volatile word32 _u = 0;
word32 u = _u;
for (i=0; i<COUNTOF(S1); i+=cacheLineSize/(sizeof(S1[0])))
u |= *(S1+i);
t[0] |= u;
GetBlock<word32, BigEndian>block(inBlock);
block(t[0])(t[1])(t[2])(t[3]);
if (m_rounds > 12) {
ARIA_KXL; rk+= 16; ARIA_FO;
ARIA_KXL; rk+= 16; ARIA_FE;
}
if (m_rounds > 14) {
ARIA_KXL; rk+= 16; ARIA_FO;
ARIA_KXL; rk+= 16; ARIA_FE;
}
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16;
#if CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS
if (HasSSSE3())
{
ARIA_ProcessAndXorBlock_Xor_SSSE3(xorBlock, outBlock, rk, t);
return;
}
else
#endif // CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS
#ifdef CRYPTOPP_LITTLE_ENDIAN
{
outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 3];
outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 2];
outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 1];
outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 0];
outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 7];
outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 6];
outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 5];
outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 4];
outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] ) ^ rk[11];
outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[10];
outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] ) ^ rk[ 9];
outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] ) ^ rk[ 8];
outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] ) ^ rk[15];
outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[14];
outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] ) ^ rk[13];
outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] ) ^ rk[12];
}
#else
{
outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 0];
outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 1];
outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 2];
outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 3];
outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 4];
outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 5];
outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 6];
outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 7];
outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] ) ^ rk[ 8];
outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[ 9];
outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] ) ^ rk[10];
outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] ) ^ rk[11];
outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] ) ^ rk[12];
outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[13];
outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] ) ^ rk[14];
outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] ) ^ rk[15];
}
#endif // CRYPTOPP_LITTLE_ENDIAN
#if CRYPTOPP_ARM_NEON_AVAILABLE
if (HasNEON())
{
if (xorBlock != NULLPTR)
ARIA_ProcessAndXorBlock_Xor_NEON(xorBlock, outBlock);
}
else
#endif // CRYPTOPP_ARM_NEON_AVAILABLE
{
if (xorBlock != NULLPTR)
for (unsigned int n=0; n<ARIA::BLOCKSIZE; ++n)
outBlock[n] ^= xorBlock[n];
}
}
NAMESPACE_END

142
Common/3dParty/cryptopp/aria.h
View File

@ -1,71 +1,71 @@
// aria.h - written and placed in the public domain by Jeffrey Walton
/// \file aria.h
/// \brief Classes for the ARIA block cipher
/// \details The Crypto++ ARIA implementation is based on the 32-bit implementation by Aaram Yun
/// from the National Security Research Institute, KOREA. Aaram Yun's implementation is based on
/// the 8-bit implementation by Jin Hong. The source files are available in ARIA.zip from the Korea
/// Internet & Security Agency website.
/// \sa <A HREF="http://tools.ietf.org/html/rfc5794">RFC 5794, A Description of the ARIA Encryption Algorithm</A>,
/// <A HREF="http://seed.kisa.or.kr/iwt/ko/bbs/EgovReferenceList.do?bbsId=BBSMSTR_000000000002">Korea
/// Internet & Security Agency homepage</A>
#ifndef CRYPTOPP_ARIA_H
#define CRYPTOPP_ARIA_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief ARIA block cipher information
/// \since Crypto++ 6.0
struct ARIA_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8>
{
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "ARIA";}
};
/// \brief ARIA block cipher
/// \details The Crypto++ ARIA implementation is based on the 32-bit implementation by Aaram Yun
/// from the National Security Research Institute, KOREA. Aaram Yun's implementation is based on
/// the 8-bit implementation by Jin Hong. The source files are available in ARIA.zip from the Korea
/// Internet & Security Agency website.
/// \sa <A HREF="http://tools.ietf.org/html/rfc5794">RFC 5794, A Description of the ARIA Encryption Algorithm</A>,
/// <A HREF="http://seed.kisa.or.kr/iwt/ko/bbs/EgovReferenceList.do?bbsId=BBSMSTR_000000000002">Korea
/// Internet & Security Agency homepage</A>
/// \sa <a href="http://www.cryptopp.com/wiki/ARIA">ARIA</a>
/// \since Crypto++ 6.0
class ARIA : public ARIA_Info, public BlockCipherDocumentation
{
public:
class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<ARIA_Info>
{
public:
Base() : m_rounds(0) {}
protected:
void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params);
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
private:
// Reference implementation allocates a table of 17 round keys.
typedef SecBlock<byte, AllocatorWithCleanup<byte, true> > AlignedByteBlock;
typedef SecBlock<word32, AllocatorWithCleanup<word32, true> > AlignedWordBlock;
AlignedByteBlock m_rk; // round keys
AlignedWordBlock m_w; // w0, w1, w2, w3, t and u
unsigned int m_rounds;
};
public:
typedef BlockCipherFinal<ENCRYPTION, Base> Encryption;
typedef BlockCipherFinal<DECRYPTION, Base> Decryption;
};
typedef ARIA::Encryption ARIAEncryption;
typedef ARIA::Decryption ARIADecryption;
NAMESPACE_END
#endif
// aria.h - written and placed in the public domain by Jeffrey Walton
/// \file aria.h
/// \brief Classes for the ARIA block cipher
/// \details The Crypto++ ARIA implementation is based on the 32-bit implementation by Aaram Yun
/// from the National Security Research Institute, KOREA. Aaram Yun's implementation is based on
/// the 8-bit implementation by Jin Hong. The source files are available in ARIA.zip from the Korea
/// Internet & Security Agency website.
/// \sa <A HREF="http://tools.ietf.org/html/rfc5794">RFC 5794, A Description of the ARIA Encryption Algorithm</A>,
/// <A HREF="http://seed.kisa.or.kr/iwt/ko/bbs/EgovReferenceList.do?bbsId=BBSMSTR_000000000002">Korea
/// Internet & Security Agency homepage</A>
#ifndef CRYPTOPP_ARIA_H
#define CRYPTOPP_ARIA_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief ARIA block cipher information
/// \since Crypto++ 6.0
struct ARIA_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8>
{
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "ARIA";}
};
/// \brief ARIA block cipher
/// \details The Crypto++ ARIA implementation is based on the 32-bit implementation by Aaram Yun
/// from the National Security Research Institute, KOREA. Aaram Yun's implementation is based on
/// the 8-bit implementation by Jin Hong. The source files are available in ARIA.zip from the Korea
/// Internet & Security Agency website.
/// \sa <A HREF="http://tools.ietf.org/html/rfc5794">RFC 5794, A Description of the ARIA Encryption Algorithm</A>,
/// <A HREF="http://seed.kisa.or.kr/iwt/ko/bbs/EgovReferenceList.do?bbsId=BBSMSTR_000000000002">Korea
/// Internet & Security Agency homepage</A>
/// \sa <a href="http://www.cryptopp.com/wiki/ARIA">ARIA</a>
/// \since Crypto++ 6.0
class ARIA : public ARIA_Info, public BlockCipherDocumentation
{
public:
class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<ARIA_Info>
{
public:
Base() : m_rounds(0) {}
protected:
void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params);
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
private:
// Reference implementation allocates a table of 17 round keys.
typedef SecBlock<byte, AllocatorWithCleanup<byte, true> > AlignedByteBlock;
typedef SecBlock<word32, AllocatorWithCleanup<word32, true> > AlignedWordBlock;
AlignedByteBlock m_rk; // round keys
AlignedWordBlock m_w; // w0, w1, w2, w3, t and u
unsigned int m_rounds;
};
public:
typedef BlockCipherFinal<ENCRYPTION, Base> Encryption;
typedef BlockCipherFinal<DECRYPTION, Base> Decryption;
};
typedef ARIA::Encryption ARIAEncryption;
typedef ARIA::Decryption ARIADecryption;
NAMESPACE_END
#endif

332
Common/3dParty/cryptopp/ariatab.cpp
View File

@ -1,166 +1,166 @@
// ariatab.cpp - written and placed in the public domain by Jeffrey Walton
#include "pch.h"
#include "config.h"
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(ARIATab)
CRYPTOPP_ALIGN_DATA(16)
CRYPTOPP_TABLE
const word32 S1[256]={
0x00636363,0x007c7c7c,0x00777777,0x007b7b7b,0x00f2f2f2,0x006b6b6b,0x006f6f6f,0x00c5c5c5,
0x00303030,0x00010101,0x00676767,0x002b2b2b,0x00fefefe,0x00d7d7d7,0x00ababab,0x00767676,
0x00cacaca,0x00828282,0x00c9c9c9,0x007d7d7d,0x00fafafa,0x00595959,0x00474747,0x00f0f0f0,
0x00adadad,0x00d4d4d4,0x00a2a2a2,0x00afafaf,0x009c9c9c,0x00a4a4a4,0x00727272,0x00c0c0c0,
0x00b7b7b7,0x00fdfdfd,0x00939393,0x00262626,0x00363636,0x003f3f3f,0x00f7f7f7,0x00cccccc,
0x00343434,0x00a5a5a5,0x00e5e5e5,0x00f1f1f1,0x00717171,0x00d8d8d8,0x00313131,0x00151515,
0x00040404,0x00c7c7c7,0x00232323,0x00c3c3c3,0x00181818,0x00969696,0x00050505,0x009a9a9a,
0x00070707,0x00121212,0x00808080,0x00e2e2e2,0x00ebebeb,0x00272727,0x00b2b2b2,0x00757575,
0x00090909,0x00838383,0x002c2c2c,0x001a1a1a,0x001b1b1b,0x006e6e6e,0x005a5a5a,0x00a0a0a0,
0x00525252,0x003b3b3b,0x00d6d6d6,0x00b3b3b3,0x00292929,0x00e3e3e3,0x002f2f2f,0x00848484,
0x00535353,0x00d1d1d1,0x00000000,0x00ededed,0x00202020,0x00fcfcfc,0x00b1b1b1,0x005b5b5b,
0x006a6a6a,0x00cbcbcb,0x00bebebe,0x00393939,0x004a4a4a,0x004c4c4c,0x00585858,0x00cfcfcf,
0x00d0d0d0,0x00efefef,0x00aaaaaa,0x00fbfbfb,0x00434343,0x004d4d4d,0x00333333,0x00858585,
0x00454545,0x00f9f9f9,0x00020202,0x007f7f7f,0x00505050,0x003c3c3c,0x009f9f9f,0x00a8a8a8,
0x00515151,0x00a3a3a3,0x00404040,0x008f8f8f,0x00929292,0x009d9d9d,0x00383838,0x00f5f5f5,
0x00bcbcbc,0x00b6b6b6,0x00dadada,0x00212121,0x00101010,0x00ffffff,0x00f3f3f3,0x00d2d2d2,
0x00cdcdcd,0x000c0c0c,0x00131313,0x00ececec,0x005f5f5f,0x00979797,0x00444444,0x00171717,
0x00c4c4c4,0x00a7a7a7,0x007e7e7e,0x003d3d3d,0x00646464,0x005d5d5d,0x00191919,0x00737373,
0x00606060,0x00818181,0x004f4f4f,0x00dcdcdc,0x00222222,0x002a2a2a,0x00909090,0x00888888,
0x00464646,0x00eeeeee,0x00b8b8b8,0x00141414,0x00dedede,0x005e5e5e,0x000b0b0b,0x00dbdbdb,
0x00e0e0e0,0x00323232,0x003a3a3a,0x000a0a0a,0x00494949,0x00060606,0x00242424,0x005c5c5c,
0x00c2c2c2,0x00d3d3d3,0x00acacac,0x00626262,0x00919191,0x00959595,0x00e4e4e4,0x00797979,
0x00e7e7e7,0x00c8c8c8,0x00373737,0x006d6d6d,0x008d8d8d,0x00d5d5d5,0x004e4e4e,0x00a9a9a9,
0x006c6c6c,0x00565656,0x00f4f4f4,0x00eaeaea,0x00656565,0x007a7a7a,0x00aeaeae,0x00080808,
0x00bababa,0x00787878,0x00252525,0x002e2e2e,0x001c1c1c,0x00a6a6a6,0x00b4b4b4,0x00c6c6c6,
0x00e8e8e8,0x00dddddd,0x00747474,0x001f1f1f,0x004b4b4b,0x00bdbdbd,0x008b8b8b,0x008a8a8a,
0x00707070,0x003e3e3e,0x00b5b5b5,0x00666666,0x00484848,0x00030303,0x00f6f6f6,0x000e0e0e,
0x00616161,0x00353535,0x00575757,0x00b9b9b9,0x00868686,0x00c1c1c1,0x001d1d1d,0x009e9e9e,
0x00e1e1e1,0x00f8f8f8,0x00989898,0x00111111,0x00696969,0x00d9d9d9,0x008e8e8e,0x00949494,
0x009b9b9b,0x001e1e1e,0x00878787,0x00e9e9e9,0x00cecece,0x00555555,0x00282828,0x00dfdfdf,
0x008c8c8c,0x00a1a1a1,0x00898989,0x000d0d0d,0x00bfbfbf,0x00e6e6e6,0x00424242,0x00686868,
0x00414141,0x00999999,0x002d2d2d,0x000f0f0f,0x00b0b0b0,0x00545454,0x00bbbbbb,0x00161616
};
CRYPTOPP_ALIGN_DATA(16)
CRYPTOPP_TABLE
const word32 S2[256]={
0xe200e2e2,0x4e004e4e,0x54005454,0xfc00fcfc,0x94009494,0xc200c2c2,0x4a004a4a,0xcc00cccc,
0x62006262,0x0d000d0d,0x6a006a6a,0x46004646,0x3c003c3c,0x4d004d4d,0x8b008b8b,0xd100d1d1,
0x5e005e5e,0xfa00fafa,0x64006464,0xcb00cbcb,0xb400b4b4,0x97009797,0xbe00bebe,0x2b002b2b,
0xbc00bcbc,0x77007777,0x2e002e2e,0x03000303,0xd300d3d3,0x19001919,0x59005959,0xc100c1c1,
0x1d001d1d,0x06000606,0x41004141,0x6b006b6b,0x55005555,0xf000f0f0,0x99009999,0x69006969,
0xea00eaea,0x9c009c9c,0x18001818,0xae00aeae,0x63006363,0xdf00dfdf,0xe700e7e7,0xbb00bbbb,
0x00000000,0x73007373,0x66006666,0xfb00fbfb,0x96009696,0x4c004c4c,0x85008585,0xe400e4e4,
0x3a003a3a,0x09000909,0x45004545,0xaa00aaaa,0x0f000f0f,0xee00eeee,0x10001010,0xeb00ebeb,
0x2d002d2d,0x7f007f7f,0xf400f4f4,0x29002929,0xac00acac,0xcf00cfcf,0xad00adad,0x91009191,
0x8d008d8d,0x78007878,0xc800c8c8,0x95009595,0xf900f9f9,0x2f002f2f,0xce00cece,0xcd00cdcd,
0x08000808,0x7a007a7a,0x88008888,0x38003838,0x5c005c5c,0x83008383,0x2a002a2a,0x28002828,
0x47004747,0xdb00dbdb,0xb800b8b8,0xc700c7c7,0x93009393,0xa400a4a4,0x12001212,0x53005353,
0xff00ffff,0x87008787,0x0e000e0e,0x31003131,0x36003636,0x21002121,0x58005858,0x48004848,
0x01000101,0x8e008e8e,0x37003737,0x74007474,0x32003232,0xca00caca,0xe900e9e9,0xb100b1b1,
0xb700b7b7,0xab00abab,0x0c000c0c,0xd700d7d7,0xc400c4c4,0x56005656,0x42004242,0x26002626,
0x07000707,0x98009898,0x60006060,0xd900d9d9,0xb600b6b6,0xb900b9b9,0x11001111,0x40004040,
0xec00ecec,0x20002020,0x8c008c8c,0xbd00bdbd,0xa000a0a0,0xc900c9c9,0x84008484,0x04000404,
0x49004949,0x23002323,0xf100f1f1,0x4f004f4f,0x50005050,0x1f001f1f,0x13001313,0xdc00dcdc,
0xd800d8d8,0xc000c0c0,0x9e009e9e,0x57005757,0xe300e3e3,0xc300c3c3,0x7b007b7b,0x65006565,
0x3b003b3b,0x02000202,0x8f008f8f,0x3e003e3e,0xe800e8e8,0x25002525,0x92009292,0xe500e5e5,
0x15001515,0xdd00dddd,0xfd00fdfd,0x17001717,0xa900a9a9,0xbf00bfbf,0xd400d4d4,0x9a009a9a,
0x7e007e7e,0xc500c5c5,0x39003939,0x67006767,0xfe00fefe,0x76007676,0x9d009d9d,0x43004343,
0xa700a7a7,0xe100e1e1,0xd000d0d0,0xf500f5f5,0x68006868,0xf200f2f2,0x1b001b1b,0x34003434,
0x70007070,0x05000505,0xa300a3a3,0x8a008a8a,0xd500d5d5,0x79007979,0x86008686,0xa800a8a8,
0x30003030,0xc600c6c6,0x51005151,0x4b004b4b,0x1e001e1e,0xa600a6a6,0x27002727,0xf600f6f6,
0x35003535,0xd200d2d2,0x6e006e6e,0x24002424,0x16001616,0x82008282,0x5f005f5f,0xda00dada,
0xe600e6e6,0x75007575,0xa200a2a2,0xef00efef,0x2c002c2c,0xb200b2b2,0x1c001c1c,0x9f009f9f,
0x5d005d5d,0x6f006f6f,0x80008080,0x0a000a0a,0x72007272,0x44004444,0x9b009b9b,0x6c006c6c,
0x90009090,0x0b000b0b,0x5b005b5b,0x33003333,0x7d007d7d,0x5a005a5a,0x52005252,0xf300f3f3,
0x61006161,0xa100a1a1,0xf700f7f7,0xb000b0b0,0xd600d6d6,0x3f003f3f,0x7c007c7c,0x6d006d6d,
0xed00eded,0x14001414,0xe000e0e0,0xa500a5a5,0x3d003d3d,0x22002222,0xb300b3b3,0xf800f8f8,
0x89008989,0xde00dede,0x71007171,0x1a001a1a,0xaf00afaf,0xba00baba,0xb500b5b5,0x81008181
};
CRYPTOPP_ALIGN_DATA(16)
CRYPTOPP_TABLE
const word32 X1[256]={
0x52520052,0x09090009,0x6a6a006a,0xd5d500d5,0x30300030,0x36360036,0xa5a500a5,0x38380038,
0xbfbf00bf,0x40400040,0xa3a300a3,0x9e9e009e,0x81810081,0xf3f300f3,0xd7d700d7,0xfbfb00fb,
0x7c7c007c,0xe3e300e3,0x39390039,0x82820082,0x9b9b009b,0x2f2f002f,0xffff00ff,0x87870087,
0x34340034,0x8e8e008e,0x43430043,0x44440044,0xc4c400c4,0xdede00de,0xe9e900e9,0xcbcb00cb,
0x54540054,0x7b7b007b,0x94940094,0x32320032,0xa6a600a6,0xc2c200c2,0x23230023,0x3d3d003d,
0xeeee00ee,0x4c4c004c,0x95950095,0x0b0b000b,0x42420042,0xfafa00fa,0xc3c300c3,0x4e4e004e,
0x08080008,0x2e2e002e,0xa1a100a1,0x66660066,0x28280028,0xd9d900d9,0x24240024,0xb2b200b2,
0x76760076,0x5b5b005b,0xa2a200a2,0x49490049,0x6d6d006d,0x8b8b008b,0xd1d100d1,0x25250025,
0x72720072,0xf8f800f8,0xf6f600f6,0x64640064,0x86860086,0x68680068,0x98980098,0x16160016,
0xd4d400d4,0xa4a400a4,0x5c5c005c,0xcccc00cc,0x5d5d005d,0x65650065,0xb6b600b6,0x92920092,
0x6c6c006c,0x70700070,0x48480048,0x50500050,0xfdfd00fd,0xeded00ed,0xb9b900b9,0xdada00da,
0x5e5e005e,0x15150015,0x46460046,0x57570057,0xa7a700a7,0x8d8d008d,0x9d9d009d,0x84840084,
0x90900090,0xd8d800d8,0xabab00ab,0x00000000,0x8c8c008c,0xbcbc00bc,0xd3d300d3,0x0a0a000a,
0xf7f700f7,0xe4e400e4,0x58580058,0x05050005,0xb8b800b8,0xb3b300b3,0x45450045,0x06060006,
0xd0d000d0,0x2c2c002c,0x1e1e001e,0x8f8f008f,0xcaca00ca,0x3f3f003f,0x0f0f000f,0x02020002,
0xc1c100c1,0xafaf00af,0xbdbd00bd,0x03030003,0x01010001,0x13130013,0x8a8a008a,0x6b6b006b,
0x3a3a003a,0x91910091,0x11110011,0x41410041,0x4f4f004f,0x67670067,0xdcdc00dc,0xeaea00ea,
0x97970097,0xf2f200f2,0xcfcf00cf,0xcece00ce,0xf0f000f0,0xb4b400b4,0xe6e600e6,0x73730073,
0x96960096,0xacac00ac,0x74740074,0x22220022,0xe7e700e7,0xadad00ad,0x35350035,0x85850085,
0xe2e200e2,0xf9f900f9,0x37370037,0xe8e800e8,0x1c1c001c,0x75750075,0xdfdf00df,0x6e6e006e,
0x47470047,0xf1f100f1,0x1a1a001a,0x71710071,0x1d1d001d,0x29290029,0xc5c500c5,0x89890089,
0x6f6f006f,0xb7b700b7,0x62620062,0x0e0e000e,0xaaaa00aa,0x18180018,0xbebe00be,0x1b1b001b,
0xfcfc00fc,0x56560056,0x3e3e003e,0x4b4b004b,0xc6c600c6,0xd2d200d2,0x79790079,0x20200020,
0x9a9a009a,0xdbdb00db,0xc0c000c0,0xfefe00fe,0x78780078,0xcdcd00cd,0x5a5a005a,0xf4f400f4,
0x1f1f001f,0xdddd00dd,0xa8a800a8,0x33330033,0x88880088,0x07070007,0xc7c700c7,0x31310031,
0xb1b100b1,0x12120012,0x10100010,0x59590059,0x27270027,0x80800080,0xecec00ec,0x5f5f005f,
0x60600060,0x51510051,0x7f7f007f,0xa9a900a9,0x19190019,0xb5b500b5,0x4a4a004a,0x0d0d000d,
0x2d2d002d,0xe5e500e5,0x7a7a007a,0x9f9f009f,0x93930093,0xc9c900c9,0x9c9c009c,0xefef00ef,
0xa0a000a0,0xe0e000e0,0x3b3b003b,0x4d4d004d,0xaeae00ae,0x2a2a002a,0xf5f500f5,0xb0b000b0,
0xc8c800c8,0xebeb00eb,0xbbbb00bb,0x3c3c003c,0x83830083,0x53530053,0x99990099,0x61610061,
0x17170017,0x2b2b002b,0x04040004,0x7e7e007e,0xbaba00ba,0x77770077,0xd6d600d6,0x26260026,
0xe1e100e1,0x69690069,0x14140014,0x63630063,0x55550055,0x21210021,0x0c0c000c,0x7d7d007d
};
CRYPTOPP_ALIGN_DATA(16)
CRYPTOPP_TABLE
const word32 X2[256]={
0x30303000,0x68686800,0x99999900,0x1b1b1b00,0x87878700,0xb9b9b900,0x21212100,0x78787800,
0x50505000,0x39393900,0xdbdbdb00,0xe1e1e100,0x72727200,0x09090900,0x62626200,0x3c3c3c00,
0x3e3e3e00,0x7e7e7e00,0x5e5e5e00,0x8e8e8e00,0xf1f1f100,0xa0a0a000,0xcccccc00,0xa3a3a300,
0x2a2a2a00,0x1d1d1d00,0xfbfbfb00,0xb6b6b600,0xd6d6d600,0x20202000,0xc4c4c400,0x8d8d8d00,
0x81818100,0x65656500,0xf5f5f500,0x89898900,0xcbcbcb00,0x9d9d9d00,0x77777700,0xc6c6c600,
0x57575700,0x43434300,0x56565600,0x17171700,0xd4d4d400,0x40404000,0x1a1a1a00,0x4d4d4d00,
0xc0c0c000,0x63636300,0x6c6c6c00,0xe3e3e300,0xb7b7b700,0xc8c8c800,0x64646400,0x6a6a6a00,
0x53535300,0xaaaaaa00,0x38383800,0x98989800,0x0c0c0c00,0xf4f4f400,0x9b9b9b00,0xededed00,
0x7f7f7f00,0x22222200,0x76767600,0xafafaf00,0xdddddd00,0x3a3a3a00,0x0b0b0b00,0x58585800,
0x67676700,0x88888800,0x06060600,0xc3c3c300,0x35353500,0x0d0d0d00,0x01010100,0x8b8b8b00,
0x8c8c8c00,0xc2c2c200,0xe6e6e600,0x5f5f5f00,0x02020200,0x24242400,0x75757500,0x93939300,
0x66666600,0x1e1e1e00,0xe5e5e500,0xe2e2e200,0x54545400,0xd8d8d800,0x10101000,0xcecece00,
0x7a7a7a00,0xe8e8e800,0x08080800,0x2c2c2c00,0x12121200,0x97979700,0x32323200,0xababab00,
0xb4b4b400,0x27272700,0x0a0a0a00,0x23232300,0xdfdfdf00,0xefefef00,0xcacaca00,0xd9d9d900,
0xb8b8b800,0xfafafa00,0xdcdcdc00,0x31313100,0x6b6b6b00,0xd1d1d100,0xadadad00,0x19191900,
0x49494900,0xbdbdbd00,0x51515100,0x96969600,0xeeeeee00,0xe4e4e400,0xa8a8a800,0x41414100,
0xdadada00,0xffffff00,0xcdcdcd00,0x55555500,0x86868600,0x36363600,0xbebebe00,0x61616100,
0x52525200,0xf8f8f800,0xbbbbbb00,0x0e0e0e00,0x82828200,0x48484800,0x69696900,0x9a9a9a00,
0xe0e0e000,0x47474700,0x9e9e9e00,0x5c5c5c00,0x04040400,0x4b4b4b00,0x34343400,0x15151500,
0x79797900,0x26262600,0xa7a7a700,0xdedede00,0x29292900,0xaeaeae00,0x92929200,0xd7d7d700,
0x84848400,0xe9e9e900,0xd2d2d200,0xbababa00,0x5d5d5d00,0xf3f3f300,0xc5c5c500,0xb0b0b000,
0xbfbfbf00,0xa4a4a400,0x3b3b3b00,0x71717100,0x44444400,0x46464600,0x2b2b2b00,0xfcfcfc00,
0xebebeb00,0x6f6f6f00,0xd5d5d500,0xf6f6f600,0x14141400,0xfefefe00,0x7c7c7c00,0x70707000,
0x5a5a5a00,0x7d7d7d00,0xfdfdfd00,0x2f2f2f00,0x18181800,0x83838300,0x16161600,0xa5a5a500,
0x91919100,0x1f1f1f00,0x05050500,0x95959500,0x74747400,0xa9a9a900,0xc1c1c100,0x5b5b5b00,
0x4a4a4a00,0x85858500,0x6d6d6d00,0x13131300,0x07070700,0x4f4f4f00,0x4e4e4e00,0x45454500,
0xb2b2b200,0x0f0f0f00,0xc9c9c900,0x1c1c1c00,0xa6a6a600,0xbcbcbc00,0xececec00,0x73737300,
0x90909000,0x7b7b7b00,0xcfcfcf00,0x59595900,0x8f8f8f00,0xa1a1a100,0xf9f9f900,0x2d2d2d00,
0xf2f2f200,0xb1b1b100,0x00000000,0x94949400,0x37373700,0x9f9f9f00,0xd0d0d000,0x2e2e2e00,
0x9c9c9c00,0x6e6e6e00,0x28282800,0x3f3f3f00,0x80808000,0xf0f0f000,0x3d3d3d00,0xd3d3d300,
0x25252500,0x8a8a8a00,0xb5b5b500,0xe7e7e700,0x42424200,0xb3b3b300,0xc7c7c700,0xeaeaea00,
0xf7f7f700,0x4c4c4c00,0x11111100,0x33333300,0x03030300,0xa2a2a200,0xacacac00,0x60606000
};
CRYPTOPP_ALIGN_DATA(16)
CRYPTOPP_TABLE
const word32 KRK[3][4] = {
{0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0},
{0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0},
{0xdb92371d, 0x2126e970, 0x03249775, 0x04e8c90e}
};
NAMESPACE_END
NAMESPACE_END
// ariatab.cpp - written and placed in the public domain by Jeffrey Walton
#include "pch.h"
#include "config.h"
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(ARIATab)
CRYPTOPP_ALIGN_DATA(16)
CRYPTOPP_TABLE
const word32 S1[256]={
0x00636363,0x007c7c7c,0x00777777,0x007b7b7b,0x00f2f2f2,0x006b6b6b,0x006f6f6f,0x00c5c5c5,
0x00303030,0x00010101,0x00676767,0x002b2b2b,0x00fefefe,0x00d7d7d7,0x00ababab,0x00767676,
0x00cacaca,0x00828282,0x00c9c9c9,0x007d7d7d,0x00fafafa,0x00595959,0x00474747,0x00f0f0f0,
0x00adadad,0x00d4d4d4,0x00a2a2a2,0x00afafaf,0x009c9c9c,0x00a4a4a4,0x00727272,0x00c0c0c0,
0x00b7b7b7,0x00fdfdfd,0x00939393,0x00262626,0x00363636,0x003f3f3f,0x00f7f7f7,0x00cccccc,
0x00343434,0x00a5a5a5,0x00e5e5e5,0x00f1f1f1,0x00717171,0x00d8d8d8,0x00313131,0x00151515,
0x00040404,0x00c7c7c7,0x00232323,0x00c3c3c3,0x00181818,0x00969696,0x00050505,0x009a9a9a,
0x00070707,0x00121212,0x00808080,0x00e2e2e2,0x00ebebeb,0x00272727,0x00b2b2b2,0x00757575,
0x00090909,0x00838383,0x002c2c2c,0x001a1a1a,0x001b1b1b,0x006e6e6e,0x005a5a5a,0x00a0a0a0,
0x00525252,0x003b3b3b,0x00d6d6d6,0x00b3b3b3,0x00292929,0x00e3e3e3,0x002f2f2f,0x00848484,
0x00535353,0x00d1d1d1,0x00000000,0x00ededed,0x00202020,0x00fcfcfc,0x00b1b1b1,0x005b5b5b,
0x006a6a6a,0x00cbcbcb,0x00bebebe,0x00393939,0x004a4a4a,0x004c4c4c,0x00585858,0x00cfcfcf,
0x00d0d0d0,0x00efefef,0x00aaaaaa,0x00fbfbfb,0x00434343,0x004d4d4d,0x00333333,0x00858585,
0x00454545,0x00f9f9f9,0x00020202,0x007f7f7f,0x00505050,0x003c3c3c,0x009f9f9f,0x00a8a8a8,
0x00515151,0x00a3a3a3,0x00404040,0x008f8f8f,0x00929292,0x009d9d9d,0x00383838,0x00f5f5f5,
0x00bcbcbc,0x00b6b6b6,0x00dadada,0x00212121,0x00101010,0x00ffffff,0x00f3f3f3,0x00d2d2d2,
0x00cdcdcd,0x000c0c0c,0x00131313,0x00ececec,0x005f5f5f,0x00979797,0x00444444,0x00171717,
0x00c4c4c4,0x00a7a7a7,0x007e7e7e,0x003d3d3d,0x00646464,0x005d5d5d,0x00191919,0x00737373,
0x00606060,0x00818181,0x004f4f4f,0x00dcdcdc,0x00222222,0x002a2a2a,0x00909090,0x00888888,
0x00464646,0x00eeeeee,0x00b8b8b8,0x00141414,0x00dedede,0x005e5e5e,0x000b0b0b,0x00dbdbdb,
0x00e0e0e0,0x00323232,0x003a3a3a,0x000a0a0a,0x00494949,0x00060606,0x00242424,0x005c5c5c,
0x00c2c2c2,0x00d3d3d3,0x00acacac,0x00626262,0x00919191,0x00959595,0x00e4e4e4,0x00797979,
0x00e7e7e7,0x00c8c8c8,0x00373737,0x006d6d6d,0x008d8d8d,0x00d5d5d5,0x004e4e4e,0x00a9a9a9,
0x006c6c6c,0x00565656,0x00f4f4f4,0x00eaeaea,0x00656565,0x007a7a7a,0x00aeaeae,0x00080808,
0x00bababa,0x00787878,0x00252525,0x002e2e2e,0x001c1c1c,0x00a6a6a6,0x00b4b4b4,0x00c6c6c6,
0x00e8e8e8,0x00dddddd,0x00747474,0x001f1f1f,0x004b4b4b,0x00bdbdbd,0x008b8b8b,0x008a8a8a,
0x00707070,0x003e3e3e,0x00b5b5b5,0x00666666,0x00484848,0x00030303,0x00f6f6f6,0x000e0e0e,
0x00616161,0x00353535,0x00575757,0x00b9b9b9,0x00868686,0x00c1c1c1,0x001d1d1d,0x009e9e9e,
0x00e1e1e1,0x00f8f8f8,0x00989898,0x00111111,0x00696969,0x00d9d9d9,0x008e8e8e,0x00949494,
0x009b9b9b,0x001e1e1e,0x00878787,0x00e9e9e9,0x00cecece,0x00555555,0x00282828,0x00dfdfdf,
0x008c8c8c,0x00a1a1a1,0x00898989,0x000d0d0d,0x00bfbfbf,0x00e6e6e6,0x00424242,0x00686868,
0x00414141,0x00999999,0x002d2d2d,0x000f0f0f,0x00b0b0b0,0x00545454,0x00bbbbbb,0x00161616
};
CRYPTOPP_ALIGN_DATA(16)
CRYPTOPP_TABLE
const word32 S2[256]={
0xe200e2e2,0x4e004e4e,0x54005454,0xfc00fcfc,0x94009494,0xc200c2c2,0x4a004a4a,0xcc00cccc,
0x62006262,0x0d000d0d,0x6a006a6a,0x46004646,0x3c003c3c,0x4d004d4d,0x8b008b8b,0xd100d1d1,
0x5e005e5e,0xfa00fafa,0x64006464,0xcb00cbcb,0xb400b4b4,0x97009797,0xbe00bebe,0x2b002b2b,
0xbc00bcbc,0x77007777,0x2e002e2e,0x03000303,0xd300d3d3,0x19001919,0x59005959,0xc100c1c1,
0x1d001d1d,0x06000606,0x41004141,0x6b006b6b,0x55005555,0xf000f0f0,0x99009999,0x69006969,
0xea00eaea,0x9c009c9c,0x18001818,0xae00aeae,0x63006363,0xdf00dfdf,0xe700e7e7,0xbb00bbbb,
0x00000000,0x73007373,0x66006666,0xfb00fbfb,0x96009696,0x4c004c4c,0x85008585,0xe400e4e4,
0x3a003a3a,0x09000909,0x45004545,0xaa00aaaa,0x0f000f0f,0xee00eeee,0x10001010,0xeb00ebeb,
0x2d002d2d,0x7f007f7f,0xf400f4f4,0x29002929,0xac00acac,0xcf00cfcf,0xad00adad,0x91009191,
0x8d008d8d,0x78007878,0xc800c8c8,0x95009595,0xf900f9f9,0x2f002f2f,0xce00cece,0xcd00cdcd,
0x08000808,0x7a007a7a,0x88008888,0x38003838,0x5c005c5c,0x83008383,0x2a002a2a,0x28002828,
0x47004747,0xdb00dbdb,0xb800b8b8,0xc700c7c7,0x93009393,0xa400a4a4,0x12001212,0x53005353,
0xff00ffff,0x87008787,0x0e000e0e,0x31003131,0x36003636,0x21002121,0x58005858,0x48004848,
0x01000101,0x8e008e8e,0x37003737,0x74007474,0x32003232,0xca00caca,0xe900e9e9,0xb100b1b1,
0xb700b7b7,0xab00abab,0x0c000c0c,0xd700d7d7,0xc400c4c4,0x56005656,0x42004242,0x26002626,
0x07000707,0x98009898,0x60006060,0xd900d9d9,0xb600b6b6,0xb900b9b9,0x11001111,0x40004040,
0xec00ecec,0x20002020,0x8c008c8c,0xbd00bdbd,0xa000a0a0,0xc900c9c9,0x84008484,0x04000404,
0x49004949,0x23002323,0xf100f1f1,0x4f004f4f,0x50005050,0x1f001f1f,0x13001313,0xdc00dcdc,
0xd800d8d8,0xc000c0c0,0x9e009e9e,0x57005757,0xe300e3e3,0xc300c3c3,0x7b007b7b,0x65006565,
0x3b003b3b,0x02000202,0x8f008f8f,0x3e003e3e,0xe800e8e8,0x25002525,0x92009292,0xe500e5e5,
0x15001515,0xdd00dddd,0xfd00fdfd,0x17001717,0xa900a9a9,0xbf00bfbf,0xd400d4d4,0x9a009a9a,
0x7e007e7e,0xc500c5c5,0x39003939,0x67006767,0xfe00fefe,0x76007676,0x9d009d9d,0x43004343,
0xa700a7a7,0xe100e1e1,0xd000d0d0,0xf500f5f5,0x68006868,0xf200f2f2,0x1b001b1b,0x34003434,
0x70007070,0x05000505,0xa300a3a3,0x8a008a8a,0xd500d5d5,0x79007979,0x86008686,0xa800a8a8,
0x30003030,0xc600c6c6,0x51005151,0x4b004b4b,0x1e001e1e,0xa600a6a6,0x27002727,0xf600f6f6,
0x35003535,0xd200d2d2,0x6e006e6e,0x24002424,0x16001616,0x82008282,0x5f005f5f,0xda00dada,
0xe600e6e6,0x75007575,0xa200a2a2,0xef00efef,0x2c002c2c,0xb200b2b2,0x1c001c1c,0x9f009f9f,
0x5d005d5d,0x6f006f6f,0x80008080,0x0a000a0a,0x72007272,0x44004444,0x9b009b9b,0x6c006c6c,
0x90009090,0x0b000b0b,0x5b005b5b,0x33003333,0x7d007d7d,0x5a005a5a,0x52005252,0xf300f3f3,
0x61006161,0xa100a1a1,0xf700f7f7,0xb000b0b0,0xd600d6d6,0x3f003f3f,0x7c007c7c,0x6d006d6d,
0xed00eded,0x14001414,0xe000e0e0,0xa500a5a5,0x3d003d3d,0x22002222,0xb300b3b3,0xf800f8f8,
0x89008989,0xde00dede,0x71007171,0x1a001a1a,0xaf00afaf,0xba00baba,0xb500b5b5,0x81008181
};
CRYPTOPP_ALIGN_DATA(16)
CRYPTOPP_TABLE
const word32 X1[256]={
0x52520052,0x09090009,0x6a6a006a,0xd5d500d5,0x30300030,0x36360036,0xa5a500a5,0x38380038,
0xbfbf00bf,0x40400040,0xa3a300a3,0x9e9e009e,0x81810081,0xf3f300f3,0xd7d700d7,0xfbfb00fb,
0x7c7c007c,0xe3e300e3,0x39390039,0x82820082,0x9b9b009b,0x2f2f002f,0xffff00ff,0x87870087,
0x34340034,0x8e8e008e,0x43430043,0x44440044,0xc4c400c4,0xdede00de,0xe9e900e9,0xcbcb00cb,
0x54540054,0x7b7b007b,0x94940094,0x32320032,0xa6a600a6,0xc2c200c2,0x23230023,0x3d3d003d,
0xeeee00ee,0x4c4c004c,0x95950095,0x0b0b000b,0x42420042,0xfafa00fa,0xc3c300c3,0x4e4e004e,
0x08080008,0x2e2e002e,0xa1a100a1,0x66660066,0x28280028,0xd9d900d9,0x24240024,0xb2b200b2,
0x76760076,0x5b5b005b,0xa2a200a2,0x49490049,0x6d6d006d,0x8b8b008b,0xd1d100d1,0x25250025,
0x72720072,0xf8f800f8,0xf6f600f6,0x64640064,0x86860086,0x68680068,0x98980098,0x16160016,
0xd4d400d4,0xa4a400a4,0x5c5c005c,0xcccc00cc,0x5d5d005d,0x65650065,0xb6b600b6,0x92920092,
0x6c6c006c,0x70700070,0x48480048,0x50500050,0xfdfd00fd,0xeded00ed,0xb9b900b9,0xdada00da,
0x5e5e005e,0x15150015,0x46460046,0x57570057,0xa7a700a7,0x8d8d008d,0x9d9d009d,0x84840084,
0x90900090,0xd8d800d8,0xabab00ab,0x00000000,0x8c8c008c,0xbcbc00bc,0xd3d300d3,0x0a0a000a,
0xf7f700f7,0xe4e400e4,0x58580058,0x05050005,0xb8b800b8,0xb3b300b3,0x45450045,0x06060006,
0xd0d000d0,0x2c2c002c,0x1e1e001e,0x8f8f008f,0xcaca00ca,0x3f3f003f,0x0f0f000f,0x02020002,
0xc1c100c1,0xafaf00af,0xbdbd00bd,0x03030003,0x01010001,0x13130013,0x8a8a008a,0x6b6b006b,
0x3a3a003a,0x91910091,0x11110011,0x41410041,0x4f4f004f,0x67670067,0xdcdc00dc,0xeaea00ea,
0x97970097,0xf2f200f2,0xcfcf00cf,0xcece00ce,0xf0f000f0,0xb4b400b4,0xe6e600e6,0x73730073,
0x96960096,0xacac00ac,0x74740074,0x22220022,0xe7e700e7,0xadad00ad,0x35350035,0x85850085,
0xe2e200e2,0xf9f900f9,0x37370037,0xe8e800e8,0x1c1c001c,0x75750075,0xdfdf00df,0x6e6e006e,
0x47470047,0xf1f100f1,0x1a1a001a,0x71710071,0x1d1d001d,0x29290029,0xc5c500c5,0x89890089,
0x6f6f006f,0xb7b700b7,0x62620062,0x0e0e000e,0xaaaa00aa,0x18180018,0xbebe00be,0x1b1b001b,
0xfcfc00fc,0x56560056,0x3e3e003e,0x4b4b004b,0xc6c600c6,0xd2d200d2,0x79790079,0x20200020,
0x9a9a009a,0xdbdb00db,0xc0c000c0,0xfefe00fe,0x78780078,0xcdcd00cd,0x5a5a005a,0xf4f400f4,
0x1f1f001f,0xdddd00dd,0xa8a800a8,0x33330033,0x88880088,0x07070007,0xc7c700c7,0x31310031,
0xb1b100b1,0x12120012,0x10100010,0x59590059,0x27270027,0x80800080,0xecec00ec,0x5f5f005f,
0x60600060,0x51510051,0x7f7f007f,0xa9a900a9,0x19190019,0xb5b500b5,0x4a4a004a,0x0d0d000d,
0x2d2d002d,0xe5e500e5,0x7a7a007a,0x9f9f009f,0x93930093,0xc9c900c9,0x9c9c009c,0xefef00ef,
0xa0a000a0,0xe0e000e0,0x3b3b003b,0x4d4d004d,0xaeae00ae,0x2a2a002a,0xf5f500f5,0xb0b000b0,
0xc8c800c8,0xebeb00eb,0xbbbb00bb,0x3c3c003c,0x83830083,0x53530053,0x99990099,0x61610061,
0x17170017,0x2b2b002b,0x04040004,0x7e7e007e,0xbaba00ba,0x77770077,0xd6d600d6,0x26260026,
0xe1e100e1,0x69690069,0x14140014,0x63630063,0x55550055,0x21210021,0x0c0c000c,0x7d7d007d
};
CRYPTOPP_ALIGN_DATA(16)
CRYPTOPP_TABLE
const word32 X2[256]={
0x30303000,0x68686800,0x99999900,0x1b1b1b00,0x87878700,0xb9b9b900,0x21212100,0x78787800,
0x50505000,0x39393900,0xdbdbdb00,0xe1e1e100,0x72727200,0x09090900,0x62626200,0x3c3c3c00,
0x3e3e3e00,0x7e7e7e00,0x5e5e5e00,0x8e8e8e00,0xf1f1f100,0xa0a0a000,0xcccccc00,0xa3a3a300,
0x2a2a2a00,0x1d1d1d00,0xfbfbfb00,0xb6b6b600,0xd6d6d600,0x20202000,0xc4c4c400,0x8d8d8d00,
0x81818100,0x65656500,0xf5f5f500,0x89898900,0xcbcbcb00,0x9d9d9d00,0x77777700,0xc6c6c600,
0x57575700,0x43434300,0x56565600,0x17171700,0xd4d4d400,0x40404000,0x1a1a1a00,0x4d4d4d00,
0xc0c0c000,0x63636300,0x6c6c6c00,0xe3e3e300,0xb7b7b700,0xc8c8c800,0x64646400,0x6a6a6a00,
0x53535300,0xaaaaaa00,0x38383800,0x98989800,0x0c0c0c00,0xf4f4f400,0x9b9b9b00,0xededed00,
0x7f7f7f00,0x22222200,0x76767600,0xafafaf00,0xdddddd00,0x3a3a3a00,0x0b0b0b00,0x58585800,
0x67676700,0x88888800,0x06060600,0xc3c3c300,0x35353500,0x0d0d0d00,0x01010100,0x8b8b8b00,
0x8c8c8c00,0xc2c2c200,0xe6e6e600,0x5f5f5f00,0x02020200,0x24242400,0x75757500,0x93939300,
0x66666600,0x1e1e1e00,0xe5e5e500,0xe2e2e200,0x54545400,0xd8d8d800,0x10101000,0xcecece00,
0x7a7a7a00,0xe8e8e800,0x08080800,0x2c2c2c00,0x12121200,0x97979700,0x32323200,0xababab00,
0xb4b4b400,0x27272700,0x0a0a0a00,0x23232300,0xdfdfdf00,0xefefef00,0xcacaca00,0xd9d9d900,
0xb8b8b800,0xfafafa00,0xdcdcdc00,0x31313100,0x6b6b6b00,0xd1d1d100,0xadadad00,0x19191900,
0x49494900,0xbdbdbd00,0x51515100,0x96969600,0xeeeeee00,0xe4e4e400,0xa8a8a800,0x41414100,
0xdadada00,0xffffff00,0xcdcdcd00,0x55555500,0x86868600,0x36363600,0xbebebe00,0x61616100,
0x52525200,0xf8f8f800,0xbbbbbb00,0x0e0e0e00,0x82828200,0x48484800,0x69696900,0x9a9a9a00,
0xe0e0e000,0x47474700,0x9e9e9e00,0x5c5c5c00,0x04040400,0x4b4b4b00,0x34343400,0x15151500,
0x79797900,0x26262600,0xa7a7a700,0xdedede00,0x29292900,0xaeaeae00,0x92929200,0xd7d7d700,
0x84848400,0xe9e9e900,0xd2d2d200,0xbababa00,0x5d5d5d00,0xf3f3f300,0xc5c5c500,0xb0b0b000,
0xbfbfbf00,0xa4a4a400,0x3b3b3b00,0x71717100,0x44444400,0x46464600,0x2b2b2b00,0xfcfcfc00,
0xebebeb00,0x6f6f6f00,0xd5d5d500,0xf6f6f600,0x14141400,0xfefefe00,0x7c7c7c00,0x70707000,
0x5a5a5a00,0x7d7d7d00,0xfdfdfd00,0x2f2f2f00,0x18181800,0x83838300,0x16161600,0xa5a5a500,
0x91919100,0x1f1f1f00,0x05050500,0x95959500,0x74747400,0xa9a9a900,0xc1c1c100,0x5b5b5b00,
0x4a4a4a00,0x85858500,0x6d6d6d00,0x13131300,0x07070700,0x4f4f4f00,0x4e4e4e00,0x45454500,
0xb2b2b200,0x0f0f0f00,0xc9c9c900,0x1c1c1c00,0xa6a6a600,0xbcbcbc00,0xececec00,0x73737300,
0x90909000,0x7b7b7b00,0xcfcfcf00,0x59595900,0x8f8f8f00,0xa1a1a100,0xf9f9f900,0x2d2d2d00,
0xf2f2f200,0xb1b1b100,0x00000000,0x94949400,0x37373700,0x9f9f9f00,0xd0d0d000,0x2e2e2e00,
0x9c9c9c00,0x6e6e6e00,0x28282800,0x3f3f3f00,0x80808000,0xf0f0f000,0x3d3d3d00,0xd3d3d300,
0x25252500,0x8a8a8a00,0xb5b5b500,0xe7e7e700,0x42424200,0xb3b3b300,0xc7c7c700,0xeaeaea00,
0xf7f7f700,0x4c4c4c00,0x11111100,0x33333300,0x03030300,0xa2a2a200,0xacacac00,0x60606000
};
CRYPTOPP_ALIGN_DATA(16)
CRYPTOPP_TABLE
const word32 KRK[3][4] = {
{0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0},
{0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0},
{0xdb92371d, 0x2126e970, 0x03249775, 0x04e8c90e}
};
NAMESPACE_END
NAMESPACE_END

4384
Common/3dParty/cryptopp/blake2-simd.cpp
View File

File diff suppressed because it is too large Load Diff

2
Common/3dParty/cryptopp/config.h
View File

@ -85,7 +85,7 @@
// the version of the library the headers came from. It is not
// necessarily the version of the library built as a shared object if
// versions are inadvertently mixed and matched.
#define CRYPTOPP_VERSION 710
#define CRYPTOPP_VERSION 700
// Define this if you want to set a prefix for TestData/ and TestVectors/
// Be mindful of the trailing slash since its simple concatenation.

316
Common/3dParty/cryptopp/crc-simd.cpp
View File

@ -1,158 +1,158 @@
// crc-simd.cpp - written and placed in the public domain by
// Jeffrey Walton, Uri Blumenthal and Marcel Raad.
//
// This source file uses intrinsics to gain access to SSE4.2 and
// ARMv8a CRC-32 and CRC-32C instructions. A separate source file
// is needed because additional CXXFLAGS are required to enable
// the appropriate instructions sets in some build configurations.
#include "pch.h"
#include "config.h"
#include "misc.h"
#if (CRYPTOPP_SSE42_AVAILABLE)
# include <nmmintrin.h>
#endif
// Use ARMv8 rather than NEON due to compiler inconsistencies
#if (CRYPTOPP_ARM_CRC32_AVAILABLE)
# include <arm_neon.h>
#endif
// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many
// compilers don't follow ACLE conventions for the include.
#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE)
# include <stdint.h>
# include <arm_acle.h>
#endif
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
# include <signal.h>
# include <setjmp.h>
#endif
#ifndef EXCEPTION_EXECUTE_HANDLER
# define EXCEPTION_EXECUTE_HANDLER 1
#endif
NAMESPACE_BEGIN(CryptoPP)
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
extern "C" {
typedef void (*SigHandler)(int);
static jmp_buf s_jmpSIGILL;
static void SigIllHandler(int)
{
longjmp(s_jmpSIGILL, 1);
}
}
#endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64)
bool CPU_ProbeCRC32()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_ARM_CRC32_AVAILABLE)
# if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
volatile bool result = true;
__try
{
word32 w=0, x=1; word16 y=2; byte z=3;
w = __crc32w(w,x);
w = __crc32h(w,y);
w = __crc32b(w,z);
w = __crc32cw(w,x);
w = __crc32ch(w,y);
w = __crc32cb(w,z);
result = !!w;
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
return false;
}
return result;
#else
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile bool result = true;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
word32 w=0, x=1; word16 y=2; byte z=3;
w = __crc32w(w,x);
w = __crc32h(w,y);
w = __crc32b(w,z);
w = __crc32cw(w,x);
w = __crc32ch(w,y);
w = __crc32cb(w,z);
// Hack... GCC optimizes away the code and returns true
result = !!w;
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_ARM_CRC32_AVAILABLE
}
#endif // ARM32 or ARM64
#if (CRYPTOPP_ARM_CRC32_AVAILABLE)
void CRC32_Update_ARMV8(const byte *s, size_t n, word32& c)
{
for(; !IsAligned<word32>(s) && n > 0; s++, n--)
c = __crc32b(c, *s);
for(; n > 4; s+=4, n-=4)
c = __crc32w(c, *(const word32 *)(void*)s);
for(; n > 0; s++, n--)
c = __crc32b(c, *s);
}
void CRC32C_Update_ARMV8(const byte *s, size_t n, word32& c)
{
for(; !IsAligned<word32>(s) && n > 0; s++, n--)
c = __crc32cb(c, *s);
for(; n > 4; s+=4, n-=4)
c = __crc32cw(c, *(const word32 *)(void*)s);
for(; n > 0; s++, n--)
c = __crc32cb(c, *s);
}
#endif
#if (CRYPTOPP_SSE42_AVAILABLE)
void CRC32C_Update_SSE42(const byte *s, size_t n, word32& c)
{
for(; !IsAligned<word32>(s) && n > 0; s++, n--)
c = _mm_crc32_u8(c, *s);
for(; n > 4; s+=4, n-=4)
c = _mm_crc32_u32(c, *(const word32 *)(void*)s);
for(; n > 0; s++, n--)
c = _mm_crc32_u8(c, *s);
}
#endif
NAMESPACE_END
// crc-simd.cpp - written and placed in the public domain by
// Jeffrey Walton, Uri Blumenthal and Marcel Raad.
//
// This source file uses intrinsics to gain access to SSE4.2 and
// ARMv8a CRC-32 and CRC-32C instructions. A separate source file
// is needed because additional CXXFLAGS are required to enable
// the appropriate instructions sets in some build configurations.
#include "pch.h"
#include "config.h"
#include "misc.h"
#if (CRYPTOPP_SSE42_AVAILABLE)
# include <nmmintrin.h>
#endif
// Use ARMv8 rather than NEON due to compiler inconsistencies
#if (CRYPTOPP_ARM_CRC32_AVAILABLE)
# include <arm_neon.h>
#endif
// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many
// compilers don't follow ACLE conventions for the include.
#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE)
# include <stdint.h>
# include <arm_acle.h>
#endif
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
# include <signal.h>
# include <setjmp.h>
#endif
#ifndef EXCEPTION_EXECUTE_HANDLER
# define EXCEPTION_EXECUTE_HANDLER 1
#endif
NAMESPACE_BEGIN(CryptoPP)
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
extern "C" {
typedef void (*SigHandler)(int);
static jmp_buf s_jmpSIGILL;
static void SigIllHandler(int)
{
longjmp(s_jmpSIGILL, 1);
}
}
#endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64)
bool CPU_ProbeCRC32()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_ARM_CRC32_AVAILABLE)
# if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
volatile bool result = true;
__try
{
word32 w=0, x=1; word16 y=2; byte z=3;
w = __crc32w(w,x);
w = __crc32h(w,y);
w = __crc32b(w,z);
w = __crc32cw(w,x);
w = __crc32ch(w,y);
w = __crc32cb(w,z);
result = !!w;
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
return false;
}
return result;
#else
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile bool result = true;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
word32 w=0, x=1; word16 y=2; byte z=3;
w = __crc32w(w,x);
w = __crc32h(w,y);
w = __crc32b(w,z);
w = __crc32cw(w,x);
w = __crc32ch(w,y);
w = __crc32cb(w,z);
// Hack... GCC optimizes away the code and returns true
result = !!w;
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_ARM_CRC32_AVAILABLE
}
#endif // ARM32 or ARM64
#if (CRYPTOPP_ARM_CRC32_AVAILABLE)
void CRC32_Update_ARMV8(const byte *s, size_t n, word32& c)
{
for(; !IsAligned<word32>(s) && n > 0; s++, n--)
c = __crc32b(c, *s);
for(; n > 4; s+=4, n-=4)
c = __crc32w(c, *(const word32 *)(void*)s);
for(; n > 0; s++, n--)
c = __crc32b(c, *s);
}
void CRC32C_Update_ARMV8(const byte *s, size_t n, word32& c)
{
for(; !IsAligned<word32>(s) && n > 0; s++, n--)
c = __crc32cb(c, *s);
for(; n > 4; s+=4, n-=4)
c = __crc32cw(c, *(const word32 *)(void*)s);
for(; n > 0; s++, n--)
c = __crc32cb(c, *s);
}
#endif
#if (CRYPTOPP_SSE42_AVAILABLE)
void CRC32C_Update_SSE42(const byte *s, size_t n, word32& c)
{
for(; !IsAligned<word32>(s) && n > 0; s++, n--)
c = _mm_crc32_u8(c, *s);
for(; n > 4; s+=4, n-=4)
c = _mm_crc32_u32(c, *(const word32 *)(void*)s);
for(; n > 0; s++, n--)
c = _mm_crc32_u8(c, *s);
}
#endif
NAMESPACE_END

2
Common/3dParty/cryptopp/cryptlib.h
View File

@ -3,7 +3,7 @@
/// \file cryptlib.h
/// \brief Abstract base classes that provide a uniform interface to this library.
/*! \mainpage Crypto++ Library 7.1 API Reference
/*! \mainpage Crypto++ Library 7.0 API Reference
<dl>
<dt>Abstract Base Classes<dd>
cryptlib.h

8
Common/3dParty/cryptopp/cryptopp.rc
View File

@ -27,8 +27,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
FILEVERSION 7,1,0,0
PRODUCTVERSION 7,1,0,0
FILEVERSION 7,0,0,0
PRODUCTVERSION 7,0,0,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@ -46,13 +46,13 @@ BEGIN
VALUE "Comments", "Free crypto library, more information available at www.cryptopp.com"
VALUE "CompanyName", "Wei Dai"
VALUE "FileDescription", "Crypto++<2B> Library DLL"
VALUE "FileVersion", "7, 1, 0, 0"
VALUE "FileVersion", "7, 0, 0, 0"
VALUE "InternalName", "cryptopp"
VALUE "LegalCopyright", "Copyright<68> 1995-2018 by Wei Dai"
VALUE "LegalTrademarks", "Crypto++<2B>"
VALUE "OriginalFilename", "cryptopp.dll"
VALUE "ProductName", "Crypto++<2B> Library"
VALUE "ProductVersion", "7, 1, 0, 0"
VALUE "ProductVersion", "7, 0, 0, 0"
END
END
BLOCK "VarFileInfo"

26
Common/3dParty/cryptopp/dlltest.vcxproj.filters
View File

@ -1,14 +1,14 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{d7fe0401-fa2d-40cd-80b9-b91f937996a3}</UniqueIdentifier>
<Extensions>.cpp</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="dlltest.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{d7fe0401-fa2d-40cd-80b9-b91f937996a3}</UniqueIdentifier>
<Extensions>.cpp</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="dlltest.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
</Project>

1490
Common/3dParty/cryptopp/drbg.h
View File

File diff suppressed because it is too large Load Diff

292
Common/3dParty/cryptopp/ecpoint.h
View File

@ -1,146 +1,146 @@
// ecpoint.h - written and placed in the public domain by Jeffrey Walton
// Data structures moved from ecp.h and ec2n.h. Added EncodedPoint interface
/// \file ecpoint.h
/// \brief Classes for Elliptic Curve points
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_ECPOINT_H
#define CRYPTOPP_ECPOINT_H
#include "cryptlib.h"
#include "integer.h"
#include "algebra.h"
#include "gf2n.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief Elliptical Curve Point over GF(p), where p is prime
/// \since Crypto++ 2.0
struct CRYPTOPP_DLL ECPPoint
{
virtual ~ECPPoint() {}
/// \brief Construct an ECPPoint
/// \details identity is set to <tt>true</tt>
ECPPoint() : identity(true) {}
/// \brief Construct an ECPPoint from coordinates
/// \details identity is set to <tt>false</tt>
ECPPoint(const Integer &x, const Integer &y)
: x(x), y(y), identity(false) {}
/// \brief Tests points for equality
/// \param t the other point
/// \returns true if the points are equal, false otherwise
bool operator==(const ECPPoint &t) const
{return (identity && t.identity) || (!identity && !t.identity && x==t.x && y==t.y);}
/// \brief Tests points for ordering
/// \param t the other point
/// \returns true if this point is less than other, false otherwise
bool operator< (const ECPPoint &t) const
{return identity ? !t.identity : (!t.identity && (x<t.x || (x==t.x && y<t.y)));}
Integer x, y;
bool identity;
};
CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<ECPPoint>;
/// \brief Elliptical Curve Point over GF(2^n)
/// \since Crypto++ 2.0
struct CRYPTOPP_DLL EC2NPoint
{
virtual ~EC2NPoint() {}
/// \brief Construct an EC2NPoint
/// \details identity is set to <tt>true</tt>
EC2NPoint() : identity(true) {}
/// \brief Construct an EC2NPoint from coordinates
/// \details identity is set to <tt>false</tt>
EC2NPoint(const PolynomialMod2 &x, const PolynomialMod2 &y)
: x(x), y(y), identity(false) {}
/// \brief Tests points for equality
/// \param t the other point
/// \returns true if the points are equal, false otherwise
bool operator==(const EC2NPoint &t) const
{return (identity && t.identity) || (!identity && !t.identity && x==t.x && y==t.y);}
/// \brief Tests points for ordering
/// \param t the other point
/// \returns true if this point is less than other, false otherwise
bool operator< (const EC2NPoint &t) const
{return identity ? !t.identity : (!t.identity && (x<t.x || (x==t.x && y<t.y)));}
PolynomialMod2 x, y;
bool identity;
};
CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<EC2NPoint>;
/// \brief Abstract class for encoding and decoding ellicptic curve points
/// \tparam Point ellicptic curve point
/// \details EncodedPoint is an interface for encoding and decoding elliptic curve points.
/// The template parameter <tt>Point</tt> should be a class like ECP or EC2N.
/// \since Crypto++ 6.0
template <class Point>
class EncodedPoint
{
public:
virtual ~EncodedPoint() {}
/// \brief Decodes an elliptic curve point
/// \param P point which is decoded
/// \param bt source BufferedTransformation
/// \param len number of bytes to read from the BufferedTransformation
/// \returns true if a point was decoded, false otherwise
virtual bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const =0;
/// \brief Decodes an elliptic curve point
/// \param P point which is decoded
/// \param encodedPoint byte array with the encoded point
/// \param len the size of the array
/// \returns true if a point was decoded, false otherwise
virtual bool DecodePoint(Point &P, const byte *encodedPoint, size_t len) const =0;
/// \brief Verifies points on elliptic curve
/// \param P point to verify
/// \returns true if the point is valid, false otherwise
virtual bool VerifyPoint(const Point &P) const =0;
/// \brief Determines encoded point size
/// \param compressed flag indicating if the point is compressed
/// \returns the minimum number of bytes required to encode the point
virtual unsigned int EncodedPointSize(bool compressed = false) const =0;
/// \brief Encodes an elliptic curve point
/// \param P point which is decoded
/// \param encodedPoint byte array for the encoded point
/// \param compressed flag indicating if the point is compressed
/// \details <tt>encodedPoint</tt> must be at least EncodedPointSize() in length
virtual void EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const =0;
/// \brief Encodes an elliptic curve point
/// \param bt target BufferedTransformation
/// \param P point which is encoded
/// \param compressed flag indicating if the point is compressed
virtual void EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const =0;
/// \brief BER Decodes an elliptic curve point
/// \param bt source BufferedTransformation
/// \returns the decoded elliptic curve point
virtual Point BERDecodePoint(BufferedTransformation &bt) const =0;
/// \brief DER Encodes an elliptic curve point
/// \param bt target BufferedTransformation
/// \param P point which is encoded
/// \param compressed flag indicating if the point is compressed
virtual void DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const =0;
};
NAMESPACE_END
#endif // CRYPTOPP_ECPOINT_H
// ecpoint.h - written and placed in the public domain by Jeffrey Walton
// Data structures moved from ecp.h and ec2n.h. Added EncodedPoint interface
/// \file ecpoint.h
/// \brief Classes for Elliptic Curve points
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_ECPOINT_H
#define CRYPTOPP_ECPOINT_H
#include "cryptlib.h"
#include "integer.h"
#include "algebra.h"
#include "gf2n.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief Elliptical Curve Point over GF(p), where p is prime
/// \since Crypto++ 2.0
struct CRYPTOPP_DLL ECPPoint
{
virtual ~ECPPoint() {}
/// \brief Construct an ECPPoint
/// \details identity is set to <tt>true</tt>
ECPPoint() : identity(true) {}
/// \brief Construct an ECPPoint from coordinates
/// \details identity is set to <tt>false</tt>
ECPPoint(const Integer &x, const Integer &y)
: x(x), y(y), identity(false) {}
/// \brief Tests points for equality
/// \param t the other point
/// \returns true if the points are equal, false otherwise
bool operator==(const ECPPoint &t) const
{return (identity && t.identity) || (!identity && !t.identity && x==t.x && y==t.y);}
/// \brief Tests points for ordering
/// \param t the other point
/// \returns true if this point is less than other, false otherwise
bool operator< (const ECPPoint &t) const
{return identity ? !t.identity : (!t.identity && (x<t.x || (x==t.x && y<t.y)));}
Integer x, y;
bool identity;
};
CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<ECPPoint>;
/// \brief Elliptical Curve Point over GF(2^n)
/// \since Crypto++ 2.0
struct CRYPTOPP_DLL EC2NPoint
{
virtual ~EC2NPoint() {}
/// \brief Construct an EC2NPoint
/// \details identity is set to <tt>true</tt>
EC2NPoint() : identity(true) {}
/// \brief Construct an EC2NPoint from coordinates
/// \details identity is set to <tt>false</tt>
EC2NPoint(const PolynomialMod2 &x, const PolynomialMod2 &y)
: x(x), y(y), identity(false) {}
/// \brief Tests points for equality
/// \param t the other point
/// \returns true if the points are equal, false otherwise
bool operator==(const EC2NPoint &t) const
{return (identity && t.identity) || (!identity && !t.identity && x==t.x && y==t.y);}
/// \brief Tests points for ordering
/// \param t the other point
/// \returns true if this point is less than other, false otherwise
bool operator< (const EC2NPoint &t) const
{return identity ? !t.identity : (!t.identity && (x<t.x || (x==t.x && y<t.y)));}
PolynomialMod2 x, y;
bool identity;
};
CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<EC2NPoint>;
/// \brief Abstract class for encoding and decoding ellicptic curve points
/// \tparam Point ellicptic curve point
/// \details EncodedPoint is an interface for encoding and decoding elliptic curve points.
/// The template parameter <tt>Point</tt> should be a class like ECP or EC2N.
/// \since Crypto++ 6.0
template <class Point>
class EncodedPoint
{
public:
virtual ~EncodedPoint() {}
/// \brief Decodes an elliptic curve point
/// \param P point which is decoded
/// \param bt source BufferedTransformation
/// \param len number of bytes to read from the BufferedTransformation
/// \returns true if a point was decoded, false otherwise
virtual bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const =0;
/// \brief Decodes an elliptic curve point
/// \param P point which is decoded
/// \param encodedPoint byte array with the encoded point
/// \param len the size of the array
/// \returns true if a point was decoded, false otherwise
virtual bool DecodePoint(Point &P, const byte *encodedPoint, size_t len) const =0;
/// \brief Verifies points on elliptic curve
/// \param P point to verify
/// \returns true if the point is valid, false otherwise
virtual bool VerifyPoint(const Point &P) const =0;
/// \brief Determines encoded point size
/// \param compressed flag indicating if the point is compressed
/// \returns the minimum number of bytes required to encode the point
virtual unsigned int EncodedPointSize(bool compressed = false) const =0;
/// \brief Encodes an elliptic curve point
/// \param P point which is decoded
/// \param encodedPoint byte array for the encoded point
/// \param compressed flag indicating if the point is compressed
/// \details <tt>encodedPoint</tt> must be at least EncodedPointSize() in length
virtual void EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const =0;
/// \brief Encodes an elliptic curve point
/// \param bt target BufferedTransformation
/// \param P point which is encoded
/// \param compressed flag indicating if the point is compressed
virtual void EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const =0;
/// \brief BER Decodes an elliptic curve point
/// \param bt source BufferedTransformation
/// \returns the decoded elliptic curve point
virtual Point BERDecodePoint(BufferedTransformation &bt) const =0;
/// \brief DER Encodes an elliptic curve point
/// \param bt target BufferedTransformation
/// \param P point which is encoded
/// \param compressed flag indicating if the point is compressed
virtual void DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const =0;
};
NAMESPACE_END
#endif // CRYPTOPP_ECPOINT_H

1294
Common/3dParty/cryptopp/gcm-simd.cpp
View File

File diff suppressed because it is too large Load Diff

70
Common/3dParty/cryptopp/hashfwd.h
View File

@ -1,35 +1,35 @@
// hashfwd.h - written and placed in the public domain by Jeffrey Walton
/// \file hashfwd.h
/// \brief Forward declarations for hash functions used in signature encoding methods
#ifndef CRYPTOPP_HASHFWD_H
#define CRYPTOPP_HASHFWD_H
#include "config.h"
NAMESPACE_BEGIN(CryptoPP)
class SHA1;
class SHA224;
class SHA256;
class SHA384;
class SHA512;
class SHA3_256;
class SHA3_384;
class SHA3_512;
class Tiger;
class RIPEMD128;
class RIPEMD160;
class Whirlpool;
namespace Weak1 {
class MD2;
class MD5;
}
NAMESPACE_END
#endif // CRYPTOPP_HASHFWD_H
// hashfwd.h - written and placed in the public domain by Jeffrey Walton
/// \file hashfwd.h
/// \brief Forward declarations for hash functions used in signature encoding methods
#ifndef CRYPTOPP_HASHFWD_H
#define CRYPTOPP_HASHFWD_H
#include "config.h"
NAMESPACE_BEGIN(CryptoPP)
class SHA1;
class SHA224;
class SHA256;
class SHA384;
class SHA512;
class SHA3_256;
class SHA3_384;
class SHA3_512;
class Tiger;
class RIPEMD128;
class RIPEMD160;
class Whirlpool;
namespace Weak1 {
class MD2;
class MD5;
}
NAMESPACE_END
#endif // CRYPTOPP_HASHFWD_H

2744
Common/3dParty/cryptopp/kalyna.cpp
View File

File diff suppressed because it is too large Load Diff

436
Common/3dParty/cryptopp/kalyna.h
View File

@ -1,218 +1,218 @@
// kalyna.h - written and placed in the public domain by Jeffrey Walton
// Based on public domain code by Keru Kuro.
/// \file kalyna.h
/// \brief Classes for the Kalyna block cipher
/// \details The Crypto++ implementation relied upon three sources. First was Oliynykov, Gorbenko, Kazymyrov,
/// Ruzhentsev, Kuznetsov, Gorbenko, Dyrda, Dolgov, Pushkaryov, Mordvinov and Kaidalov's "A New Encryption
/// Standard of Ukraine: The Kalyna Block Cipher" (http://eprint.iacr.org/2015/650.pdf). Second was Roman
/// Oliynykov and Oleksandr Kazymyrov's GitHub with the reference implementation
/// (http://github.com/Roman-Oliynykov/Kalyna-reference). The third resource was Keru Kuro's implementation
/// of Kalyna in CppCrypto (http://sourceforge.net/projects/cppcrypto/). Kuro has an outstanding
/// implementation that performed better than the reference implementation and our initial attempts.
#ifndef CRYPTOPP_KALYNA_H
#define CRYPTOPP_KALYNA_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief Kalyna-128 block cipher information
/// \since Crypto++ 6.0
struct CRYPTOPP_NO_VTABLE Kalyna128_Info : public FixedBlockSize<16>, VariableKeyLength<16, 16, 32>
{
static const char* StaticAlgorithmName()
{
// Format is Cipher-Blocksize(Keylength)
return "Kalyna-128";
}
};
/// \brief Kalyna-256 block cipher information
/// \since Crypto++ 6.0
struct CRYPTOPP_NO_VTABLE Kalyna256_Info : public FixedBlockSize<32>, VariableKeyLength<32, 32, 64>
{
static const char* StaticAlgorithmName()
{
// Format is Cipher-Blocksize(Keylength)
return "Kalyna-256";
}
};
/// \brief Kalyna-512 block cipher information
/// \since Crypto++ 6.0
struct CRYPTOPP_NO_VTABLE Kalyna512_Info : public FixedBlockSize<64>, FixedKeyLength<64>
{
static const char* StaticAlgorithmName()
{
// Format is Cipher-Blocksize(Keylength)
return "Kalyna-512";
}
};
/// \brief Kalyna block cipher base class
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Kalyna_Base
{
public:
virtual ~Kalyna_Base() {}
protected:
typedef SecBlock<word64, AllocatorWithCleanup<word64, true> > AlignedSecBlock64;
mutable AlignedSecBlock64 m_wspace; // work space
AlignedSecBlock64 m_mkey; // master key
AlignedSecBlock64 m_rkeys; // round keys
unsigned int m_kl, m_nb, m_nk; // number 64-bit blocks and keys
};
/// \brief Kalyna 128-bit block cipher
/// \details Kalyna128 provides 128-bit block size. The valid key sizes are 128-bit and 256-bit.
/// \since Crypto++ 6.0
class Kalyna128 : public Kalyna128_Info, public BlockCipherDocumentation
{
public:
class CRYPTOPP_NO_VTABLE Base : public Kalyna_Base, public BlockCipherImpl<Kalyna128_Info>
{
public:
/// \brief Provides the name of this algorithm
/// \return the standard algorithm name
/// \details If the object is unkeyed, then the generic name "Kalyna" is returned
/// to the caller. If the algorithm is keyed, then a two or three part name is
/// returned to the caller. The name follows DSTU 7624:2014, where block size is
/// provided first and then key length. The library uses a dash to identify block size
/// and parenthesis to identify key length. For example, Kalyna-128(256) is Kalyna
/// with a 128-bit block size and a 256-bit key length. If a mode is associated
/// with the object, then it follows as expected. For example, Kalyna-128(256)/ECB.
/// DSTU is a little more complex with more parameters, dashes, underscores, but the
/// library does not use the delimiters or full convention.
std::string AlgorithmName() const {
return std::string("Kalyna-128") + "(" + IntToString(m_kl*8) + ")";
}
/// \brief Provides input and output data alignment for optimal performance.
/// \return the input data alignment that provides optimal performance
/// \sa GetAlignment() and OptimalBlockSize()
unsigned int OptimalDataAlignment() const {
return GetAlignmentOf<word64>();
}
protected:
void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params);
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
protected:
void SetKey_22(const word64 key[2]);
void SetKey_24(const word64 key[4]);
void ProcessBlock_22(const word64 inBlock[2], const word64 xorBlock[2], word64 outBlock[2]) const;
void ProcessBlock_24(const word64 inBlock[2], const word64 xorBlock[2] ,word64 outBlock[2]) const;
};
typedef BlockCipherFinal<ENCRYPTION, Base> Encryption;
typedef BlockCipherFinal<DECRYPTION, Base> Decryption;
};
/// \brief Kalyna 256-bit block cipher
/// \details Kalyna256 provides 256-bit block size. The valid key sizes are 256-bit and 512-bit.
/// \since Crypto++ 6.0
class Kalyna256 : public Kalyna256_Info, public BlockCipherDocumentation
{
public:
class CRYPTOPP_NO_VTABLE Base : public Kalyna_Base, public BlockCipherImpl<Kalyna256_Info>
{
public:
/// \brief Provides the name of this algorithm
/// \return the standard algorithm name
/// \details If the object is unkeyed, then the generic name "Kalyna" is returned
/// to the caller. If the algorithm is keyed, then a two or three part name is
/// returned to the caller. The name follows DSTU 7624:2014, where block size is
/// provided first and then key length. The library uses a dash to identify block size
/// and parenthesis to identify key length. For example, Kalyna-128(256) is Kalyna
/// with a 128-bit block size and a 256-bit key length. If a mode is associated
/// with the object, then it follows as expected. For example, Kalyna-128(256)/ECB.
/// DSTU is a little more complex with more parameters, dashes, underscores, but the
/// library does not use the delimiters or full convention.
std::string AlgorithmName() const {
return std::string("Kalyna-256") + "(" + IntToString(m_kl*8) + ")";
}
/// \brief Provides input and output data alignment for optimal performance.
/// \return the input data alignment that provides optimal performance
/// \sa GetAlignment() and OptimalBlockSize()
unsigned int OptimalDataAlignment() const {
return GetAlignmentOf<word64>();
}
protected:
void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params);
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
protected:
void SetKey_44(const word64 key[4]);
void SetKey_48(const word64 key[8]);
void ProcessBlock_44(const word64 inBlock[4], const word64 xorBlock[4], word64 outBlock[4]) const;
void ProcessBlock_48(const word64 inBlock[4], const word64 xorBlock[4], word64 outBlock[4]) const;
};
typedef BlockCipherFinal<ENCRYPTION, Base> Encryption;
typedef BlockCipherFinal<DECRYPTION, Base> Decryption;
};
/// \brief Kalyna 512-bit block cipher
/// \details Kalyna512 provides 512-bit block size. The valid key size is 512-bit.
/// \since Crypto++ 6.0
class Kalyna512 : Kalyna512_Info, public BlockCipherDocumentation
{
public:
class CRYPTOPP_NO_VTABLE Base : public Kalyna_Base, public BlockCipherImpl<Kalyna512_Info>
{
public:
/// \brief Provides the name of this algorithm
/// \return the standard algorithm name
/// \details If the object is unkeyed, then the generic name "Kalyna" is returned
/// to the caller. If the algorithm is keyed, then a two or three part name is
/// returned to the caller. The name follows DSTU 7624:2014, where block size is
/// provided first and then key length. The library uses a dash to identify block size
/// and parenthesis to identify key length. For example, Kalyna-128(256) is Kalyna
/// with a 128-bit block size and a 256-bit key length. If a mode is associated
/// with the object, then it follows as expected. For example, Kalyna-128(256)/ECB.
/// DSTU is a little more complex with more parameters, dashes, underscores, but the
/// library does not use the delimiters or full convention.
std::string AlgorithmName() const {
return std::string("Kalyna-512") + "(" + IntToString(m_kl*8) + ")";
}
/// \brief Provides input and output data alignment for optimal performance.
/// \return the input data alignment that provides optimal performance
/// \sa GetAlignment() and OptimalBlockSize()
unsigned int OptimalDataAlignment() const {
return GetAlignmentOf<word64>();
}
protected:
void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params);
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
protected:
void SetKey_88(const word64 key[8]);
void ProcessBlock_88(const word64 inBlock[8], const word64 xorBlock[8], word64 outBlock[8]) const;
};
typedef BlockCipherFinal<ENCRYPTION, Base> Encryption;
typedef BlockCipherFinal<DECRYPTION, Base> Decryption;
};
typedef Kalyna128::Encryption Kalyna128Encryption;
typedef Kalyna128::Decryption Kalyna128Decryption;
typedef Kalyna256::Encryption Kalyna256Encryption;
typedef Kalyna256::Decryption Kalyna256Decryption;
typedef Kalyna512::Encryption Kalyna512Encryption;
typedef Kalyna512::Decryption Kalyna512Decryption;
NAMESPACE_END
#endif // CRYPTOPP_KALYNA_H
// kalyna.h - written and placed in the public domain by Jeffrey Walton
// Based on public domain code by Keru Kuro.
/// \file kalyna.h
/// \brief Classes for the Kalyna block cipher
/// \details The Crypto++ implementation relied upon three sources. First was Oliynykov, Gorbenko, Kazymyrov,
/// Ruzhentsev, Kuznetsov, Gorbenko, Dyrda, Dolgov, Pushkaryov, Mordvinov and Kaidalov's "A New Encryption
/// Standard of Ukraine: The Kalyna Block Cipher" (http://eprint.iacr.org/2015/650.pdf). Second was Roman
/// Oliynykov and Oleksandr Kazymyrov's GitHub with the reference implementation
/// (http://github.com/Roman-Oliynykov/Kalyna-reference). The third resource was Keru Kuro's implementation
/// of Kalyna in CppCrypto (http://sourceforge.net/projects/cppcrypto/). Kuro has an outstanding
/// implementation that performed better than the reference implementation and our initial attempts.
#ifndef CRYPTOPP_KALYNA_H
#define CRYPTOPP_KALYNA_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief Kalyna-128 block cipher information
/// \since Crypto++ 6.0
struct CRYPTOPP_NO_VTABLE Kalyna128_Info : public FixedBlockSize<16>, VariableKeyLength<16, 16, 32>
{
static const char* StaticAlgorithmName()
{
// Format is Cipher-Blocksize(Keylength)
return "Kalyna-128";
}
};
/// \brief Kalyna-256 block cipher information
/// \since Crypto++ 6.0
struct CRYPTOPP_NO_VTABLE Kalyna256_Info : public FixedBlockSize<32>, VariableKeyLength<32, 32, 64>
{
static const char* StaticAlgorithmName()
{
// Format is Cipher-Blocksize(Keylength)
return "Kalyna-256";
}
};
/// \brief Kalyna-512 block cipher information
/// \since Crypto++ 6.0
struct CRYPTOPP_NO_VTABLE Kalyna512_Info : public FixedBlockSize<64>, FixedKeyLength<64>
{
static const char* StaticAlgorithmName()
{
// Format is Cipher-Blocksize(Keylength)
return "Kalyna-512";
}
};
/// \brief Kalyna block cipher base class
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Kalyna_Base
{
public:
virtual ~Kalyna_Base() {}
protected:
typedef SecBlock<word64, AllocatorWithCleanup<word64, true> > AlignedSecBlock64;
mutable AlignedSecBlock64 m_wspace; // work space
AlignedSecBlock64 m_mkey; // master key
AlignedSecBlock64 m_rkeys; // round keys
unsigned int m_kl, m_nb, m_nk; // number 64-bit blocks and keys
};
/// \brief Kalyna 128-bit block cipher
/// \details Kalyna128 provides 128-bit block size. The valid key sizes are 128-bit and 256-bit.
/// \since Crypto++ 6.0
class Kalyna128 : public Kalyna128_Info, public BlockCipherDocumentation
{
public:
class CRYPTOPP_NO_VTABLE Base : public Kalyna_Base, public BlockCipherImpl<Kalyna128_Info>
{
public:
/// \brief Provides the name of this algorithm
/// \return the standard algorithm name
/// \details If the object is unkeyed, then the generic name "Kalyna" is returned
/// to the caller. If the algorithm is keyed, then a two or three part name is
/// returned to the caller. The name follows DSTU 7624:2014, where block size is
/// provided first and then key length. The library uses a dash to identify block size
/// and parenthesis to identify key length. For example, Kalyna-128(256) is Kalyna
/// with a 128-bit block size and a 256-bit key length. If a mode is associated
/// with the object, then it follows as expected. For example, Kalyna-128(256)/ECB.
/// DSTU is a little more complex with more parameters, dashes, underscores, but the
/// library does not use the delimiters or full convention.
std::string AlgorithmName() const {
return std::string("Kalyna-128") + "(" + IntToString(m_kl*8) + ")";
}
/// \brief Provides input and output data alignment for optimal performance.
/// \return the input data alignment that provides optimal performance
/// \sa GetAlignment() and OptimalBlockSize()
unsigned int OptimalDataAlignment() const {
return GetAlignmentOf<word64>();
}
protected:
void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params);
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
protected:
void SetKey_22(const word64 key[2]);
void SetKey_24(const word64 key[4]);
void ProcessBlock_22(const word64 inBlock[2], const word64 xorBlock[2], word64 outBlock[2]) const;
void ProcessBlock_24(const word64 inBlock[2], const word64 xorBlock[2] ,word64 outBlock[2]) const;
};
typedef BlockCipherFinal<ENCRYPTION, Base> Encryption;
typedef BlockCipherFinal<DECRYPTION, Base> Decryption;
};
/// \brief Kalyna 256-bit block cipher
/// \details Kalyna256 provides 256-bit block size. The valid key sizes are 256-bit and 512-bit.
/// \since Crypto++ 6.0
class Kalyna256 : public Kalyna256_Info, public BlockCipherDocumentation
{
public:
class CRYPTOPP_NO_VTABLE Base : public Kalyna_Base, public BlockCipherImpl<Kalyna256_Info>
{
public:
/// \brief Provides the name of this algorithm
/// \return the standard algorithm name
/// \details If the object is unkeyed, then the generic name "Kalyna" is returned
/// to the caller. If the algorithm is keyed, then a two or three part name is
/// returned to the caller. The name follows DSTU 7624:2014, where block size is
/// provided first and then key length. The library uses a dash to identify block size
/// and parenthesis to identify key length. For example, Kalyna-128(256) is Kalyna
/// with a 128-bit block size and a 256-bit key length. If a mode is associated
/// with the object, then it follows as expected. For example, Kalyna-128(256)/ECB.
/// DSTU is a little more complex with more parameters, dashes, underscores, but the
/// library does not use the delimiters or full convention.
std::string AlgorithmName() const {
return std::string("Kalyna-256") + "(" + IntToString(m_kl*8) + ")";
}
/// \brief Provides input and output data alignment for optimal performance.
/// \return the input data alignment that provides optimal performance
/// \sa GetAlignment() and OptimalBlockSize()
unsigned int OptimalDataAlignment() const {
return GetAlignmentOf<word64>();
}
protected:
void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params);
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
protected:
void SetKey_44(const word64 key[4]);
void SetKey_48(const word64 key[8]);
void ProcessBlock_44(const word64 inBlock[4], const word64 xorBlock[4], word64 outBlock[4]) const;
void ProcessBlock_48(const word64 inBlock[4], const word64 xorBlock[4], word64 outBlock[4]) const;
};
typedef BlockCipherFinal<ENCRYPTION, Base> Encryption;
typedef BlockCipherFinal<DECRYPTION, Base> Decryption;
};
/// \brief Kalyna 512-bit block cipher
/// \details Kalyna512 provides 512-bit block size. The valid key size is 512-bit.
/// \since Crypto++ 6.0
class Kalyna512 : Kalyna512_Info, public BlockCipherDocumentation
{
public:
class CRYPTOPP_NO_VTABLE Base : public Kalyna_Base, public BlockCipherImpl<Kalyna512_Info>
{
public:
/// \brief Provides the name of this algorithm
/// \return the standard algorithm name
/// \details If the object is unkeyed, then the generic name "Kalyna" is returned
/// to the caller. If the algorithm is keyed, then a two or three part name is
/// returned to the caller. The name follows DSTU 7624:2014, where block size is
/// provided first and then key length. The library uses a dash to identify block size
/// and parenthesis to identify key length. For example, Kalyna-128(256) is Kalyna
/// with a 128-bit block size and a 256-bit key length. If a mode is associated
/// with the object, then it follows as expected. For example, Kalyna-128(256)/ECB.
/// DSTU is a little more complex with more parameters, dashes, underscores, but the
/// library does not use the delimiters or full convention.
std::string AlgorithmName() const {
return std::string("Kalyna-512") + "(" + IntToString(m_kl*8) + ")";
}
/// \brief Provides input and output data alignment for optimal performance.
/// \return the input data alignment that provides optimal performance
/// \sa GetAlignment() and OptimalBlockSize()
unsigned int OptimalDataAlignment() const {
return GetAlignmentOf<word64>();
}
protected:
void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params);
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
protected:
void SetKey_88(const word64 key[8]);
void ProcessBlock_88(const word64 inBlock[8], const word64 xorBlock[8], word64 outBlock[8]) const;
};
typedef BlockCipherFinal<ENCRYPTION, Base> Encryption;
typedef BlockCipherFinal<DECRYPTION, Base> Decryption;
};
typedef Kalyna128::Encryption Kalyna128Encryption;
typedef Kalyna128::Decryption Kalyna128Decryption;
typedef Kalyna256::Encryption Kalyna256Encryption;
typedef Kalyna256::Decryption Kalyna256Decryption;
typedef Kalyna512::Encryption Kalyna512Encryption;
typedef Kalyna512::Decryption Kalyna512Decryption;
NAMESPACE_END
#endif // CRYPTOPP_KALYNA_H

2462
Common/3dParty/cryptopp/kalynatab.cpp
View File

File diff suppressed because it is too large Load Diff

834
Common/3dParty/cryptopp/naclite.h
View File

@ -1,417 +1,417 @@
// naclite.h - written and placed in the public domain by Jeffrey Walton
// based on public domain NaCl source code written by
// Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen,
// Tanja Lange, Peter Schwabe and Sjaak Smetsers.
/// \file naclite.h
/// \brief Crypto++ interface to TweetNaCl library (20140917)
/// \details TweetNaCl is a compact reimplementation of the NaCl library by
/// Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange,
/// Peter Schwabe and Sjaak Smetsers. The library is less than 20 KB in size
/// and provides 25 of the NaCl library functions.
/// \details The compact library uses curve25519, XSalsa20, Poly1305 and
/// SHA-512 as default primitives, and includes both x25519 key exchange and
/// ed25519 signatures. The complete list of functions can be found in
/// <A HREF="https://tweetnacl.cr.yp.to/tweetnacl-20140917.pdf">TweetNaCl:
/// A crypto library in 100 tweets</A> (20140917), Table 1, page 5.
/// \details Crypto++ rejects small order elements using libsodium's blacklist. The
/// TweetNaCl library allowed them but the library predated the attack. If you wish
/// to allow small elements then use the "unchecked" versions of crypto_box_unchecked,
/// crypto_box_open_unchecked and crypto_box_beforenm_unchecked.
/// \details TweetNaCl is well written but not well optimzed. It runs 2x to 3x
/// slower than optimized routines from libsodium. However, the library is still
/// 2x to 4x faster than the algorithms NaCl was designed to replace.
/// \details The Crypto++ wrapper for TweetNaCl requires OS features. That is,
/// <tt>NO_OS_DEPENDENCE</tt> cannot be defined. It is due to TweetNaCl's
/// internal function <tt>randombytes</tt>. Crypto++ used
/// <tt>DefaultAutoSeededRNG</tt> within <tt>randombytes</tt>, so OS integration
/// must be enabled. You can use another generator like <tt>RDRAND</tt> to
/// avoid the restriction.
/// \sa <A HREF="https://cr.yp.to/highspeed/coolnacl-20120725.pdf">The security impact
/// of a new cryptographic library</A>, <A
/// HREF="https://tweetnacl.cr.yp.to/tweetnacl-20140917.pdf">TweetNaCl:
/// A crypto library in 100 tweets</A> (20140917), <A
/// HREF="https://eprint.iacr.org/2017/806.pdf">May the Fourth Be With You: A
/// Microarchitectural Side Channel Attack on Several Real-World Applications of
/// Curve25519</A>, <A
/// HREF="https://github.com/jedisct1/libsodium/commit/afabd7e7386e1194">libsodium
/// commit afabd7e7386e1194</A> and <A HREF="https://tools.ietf.org/html/rfc7748">RFC
/// 7748, Elliptic Curves for Security</A>, Section 6.
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_NACL_H
#define CRYPTOPP_NACL_H
#include "config.h"
#include "stdcpp.h"
#if defined(NO_OS_DEPENDENCE)
# define CRYPTOPP_DISABLE_NACL 1
#endif
#ifndef CRYPTOPP_DISABLE_NACL
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(NaCl)
/// \brief Hash size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_hash documentation</A>
CRYPTOPP_CONSTANT(crypto_hash_BYTES = 64)
/// \brief Key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
CRYPTOPP_CONSTANT(crypto_stream_KEYBYTES = 32)
/// \brief Nonce size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
CRYPTOPP_CONSTANT(crypto_stream_NONCEBYTES = 24)
/// \brief Key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/auth.html">NaCl crypto_auth documentation</A>
CRYPTOPP_CONSTANT(crypto_auth_KEYBYTES = 32)
/// \brief Tag size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/auth.html">NaCl crypto_auth documentation</A>
CRYPTOPP_CONSTANT(crypto_auth_BYTES = 16)
/// \brief Key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A>
CRYPTOPP_CONSTANT(crypto_onetimeauth_KEYBYTES = 32)
/// \brief Tag size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A>
CRYPTOPP_CONSTANT(crypto_onetimeauth_BYTES = 16)
/// \brief Key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
CRYPTOPP_CONSTANT(crypto_secretbox_KEYBYTES = 32)
/// \brief Nonce size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
CRYPTOPP_CONSTANT(crypto_secretbox_NONCEBYTES = 24)
/// \brief Zero-padded message prefix in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
CRYPTOPP_CONSTANT(crypto_secretbox_ZEROBYTES = 32)
/// \brief Zero-padded message prefix in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
CRYPTOPP_CONSTANT(crypto_secretbox_BOXZEROBYTES = 16)
/// \brief Private key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_SECRETKEYBYTES = 32)
/// \brief Public key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_PUBLICKEYBYTES = 32)
/// \brief Nonce size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_NONCEBYTES = 24)
/// \brief Message 0-byte prefix in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_ZEROBYTES = 32)
/// \brief Open box 0-byte prefix in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_BOXZEROBYTES = 16)
/// \brief Precomputation 0-byte prefix in bytes in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_BEFORENMBYTES = 32)
/// \brief MAC size in bytes
/// \details crypto_box_MACBYTES was missing from tweetnacl.h. Its is defined as
/// crypto_box_curve25519xsalsa20poly1305_MACBYTES, which is defined as 16U.
/// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_MACBYTES = 16)
/// \brief Private key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
CRYPTOPP_CONSTANT(crypto_sign_SECRETKEYBYTES = 64)
/// \brief Public key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
CRYPTOPP_CONSTANT(crypto_sign_PUBLICKEYBYTES = 32)
/// \brief Seed size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
CRYPTOPP_CONSTANT(crypto_sign_SEEDBYTES = 32)
/// \brief Signature size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
CRYPTOPP_CONSTANT(crypto_sign_BYTES = 64)
/// \brief Group element size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A>
CRYPTOPP_CONSTANT(crypto_scalarmult_BYTES = 32)
/// \brief Integer size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A>
CRYPTOPP_CONSTANT(crypto_scalarmult_SCALARBYTES = 32)
/// \brief Encrypt and authenticate a message
/// \param c output byte buffer
/// \param m input byte buffer
/// \param d size of the input byte buffer
/// \param n nonce byte buffer
/// \param y other's public key
/// \param x private key
/// \details crypto_box() uses crypto_box_curve25519xsalsa20poly1305
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
/// \since Crypto++ 6.0
int crypto_box(byte *c,const byte *m,word64 d,const byte *n,const byte *y,const byte *x);
/// \brief Verify and decrypt a message
/// \param m output byte buffer
/// \param c input byte buffer
/// \param d size of the input byte buffer
/// \param n nonce byte buffer
/// \param y other's public key
/// \param x private key
/// \details crypto_box_open() uses crypto_box_curve25519xsalsa20poly1305
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
/// \since Crypto++ 6.0
int crypto_box_open(byte *m,const byte *c,word64 d,const byte *n,const byte *y,const byte *x);
/// \brief Generate a keypair for encryption
/// \param y public key byte buffer
/// \param x private key byte buffer
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
/// \since Crypto++ 6.0
int crypto_box_keypair(byte *y,byte *x);
/// \brief Encrypt and authenticate a message
/// \param k shared secret byte buffer
/// \param y other's public key
/// \param x private key
/// \details crypto_box_beforenm() performs message-independent precomputation to derive the key.
/// Once the key is derived multiple calls to crypto_box_afternm() can be made to process the message.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
/// \since Crypto++ 6.0
int crypto_box_beforenm(byte *k,const byte *y,const byte *x);
/// \brief Encrypt and authenticate a message
/// \param m output byte buffer
/// \param c input byte buffer
/// \param d size of the input byte buffer
/// \param n nonce byte buffer
/// \param k shared secret byte buffer
/// \details crypto_box_afternm() performs message-dependent computation using the derived the key.
/// Once the key is derived using crypto_box_beforenm() multiple calls to crypto_box_afternm()
/// can be made to process the message.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
/// \since Crypto++ 6.0
int crypto_box_afternm(byte *c,const byte *m,word64 d,const byte *n,const byte *k);
/// \brief Verify and decrypt a message
/// \param m output byte buffer
/// \param c input byte buffer
/// \param d size of the input byte buffer
/// \param n nonce byte buffer
/// \param k shared secret byte buffer
/// \details crypto_box_afternm() performs message-dependent computation using the derived the key.
/// Once the key is derived using crypto_box_beforenm() multiple calls to crypto_box_open_afternm()
/// can be made to process the message.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
/// \since Crypto++ 6.0
int crypto_box_open_afternm(byte *m,const byte *c,word64 d,const byte *n,const byte *k);
/// \brief Encrypt and authenticate a message
/// \param c output byte buffer
/// \param m input byte buffer
/// \param d size of the input byte buffer
/// \param n nonce byte buffer
/// \param y other's public key
/// \param x private key
/// \details crypto_box() uses crypto_box_curve25519xsalsa20poly1305.
/// \details This version of crypto_box() does not check for small order elements. It can be unsafe
/// but it exists for backwards compatibility with downlevel clients. Without the compatibility
/// interop with early versions of NaCl, libsodium and other libraries does not exist. The
/// downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero
/// and Zcash.
/// \returns 0 on success, non-0 otherwise
/// \warning This version of crypto_box() does not check for small order elements. It should not
/// be used in new software.
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>,
/// <A HREF="https://eprint.iacr.org/2017/806.pdf">May the Fourth Be With You: A Microarchitectural
/// Side Channel Attack on Several Real-World Applications of Curve25519</A>,
/// <A HREF="https://github.com/jedisct1/libsodium/commit/afabd7e7386e1194">libsodium commit
/// afabd7e7386e1194</A>.
/// \since Crypto++ 6.0
int crypto_box_unchecked(byte *c,const byte *m,word64 d,const byte *n,const byte *y,const byte *x);
/// \brief Verify and decrypt a message
/// \param m output byte buffer
/// \param c input byte buffer
/// \param d size of the input byte buffer
/// \param n nonce byte buffer
/// \param y other's public key
/// \param x private key
/// \details crypto_box_open() uses crypto_box_curve25519xsalsa20poly1305.
/// \details This version of crypto_box_open() does not check for small order elements. It can be unsafe
/// but it exists for backwards compatibility with downlevel clients. Without the compatibility
/// interop with early versions of NaCl, libsodium and other libraries does not exist. The
/// downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero
/// and Zcash.
/// \returns 0 on success, non-0 otherwise
/// \warning This version of crypto_box_open() does not check for small order elements. It should not
/// be used in new software.
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>,
/// <A HREF="https://eprint.iacr.org/2017/806.pdf">May the Fourth Be With You: A Microarchitectural
/// Side Channel Attack on Several Real-World Applications of Curve25519</A>,
/// <A HREF="https://github.com/jedisct1/libsodium/commit/afabd7e7386e1194">libsodium commit
/// afabd7e7386e1194</A>.
/// \since Crypto++ 6.0
int crypto_box_open_unchecked(byte *m,const byte *c,word64 d,const byte *n,const byte *y,const byte *x);
/// \brief Encrypt and authenticate a message
/// \param k shared secret byte buffer
/// \param y other's public key
/// \param x private key
/// \details crypto_box_beforenm() performs message-independent precomputation to derive the key.
/// Once the key is derived multiple calls to crypto_box_afternm() can be made to process the message.
/// \details This version of crypto_box_beforenm() does not check for small order elements. It can be unsafe
/// but it exists for backwards compatibility with downlevel clients. Without the compatibility
/// interop with early versions of NaCl, libsodium and other libraries does not exist. The
/// downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero
/// and Zcash.
/// \returns 0 on success, non-0 otherwise
/// \warning This version of crypto_box_beforenm() does not check for small order elements. It should not
/// be used in new software.
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>,
/// <A HREF="https://eprint.iacr.org/2017/806.pdf">May the Fourth Be With You: A Microarchitectural
/// Side Channel Attack on Several Real-World Applications of Curve25519</A>,
/// <A HREF="https://github.com/jedisct1/libsodium/commit/afabd7e7386e1194">libsodium commit
/// afabd7e7386e1194</A>.
/// \since Crypto++ 6.0
int crypto_box_beforenm_unchecked(byte *k,const byte *y,const byte *x);
/// \brief TODO
int crypto_core_salsa20(byte *out,const byte *in,const byte *k,const byte *c);
/// \brief TODO
/// \returns 0 on success, non-0 otherwise
/// \since Crypto++ 6.0
int crypto_core_hsalsa20(byte *out,const byte *in,const byte *k,const byte *c);
/// \brief Hash multiple blocks
/// \details crypto_hashblocks() uses crypto_hashblocks_sha512.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_hash documentation</A>
/// \since Crypto++ 6.0
int crypto_hashblocks(byte *x,const byte *m,word64 n);
/// \brief Hash a message
/// \details crypto_hash() uses crypto_hash_sha512.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_hash documentation</A>
/// \since Crypto++ 6.0
int crypto_hash(byte *out,const byte *m,word64 n);
/// \brief Create an authentication tag for a message
/// \details crypto_onetimeauth() uses crypto_onetimeauth_poly1305.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A>
/// \since Crypto++ 6.0
int crypto_onetimeauth(byte *out,const byte *m,word64 n,const byte *k);
/// \brief Verify an authentication tag on a message
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A>
/// \since Crypto++ 6.0
int crypto_onetimeauth_verify(const byte *h,const byte *m,word64 n,const byte *k);
/// \brief Scalar multiplication of a point
/// \details crypto_scalarmult() uses crypto_scalarmult_curve25519
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A>
/// \since Crypto++ 6.0
int crypto_scalarmult(byte *q,const byte *n,const byte *p);
/// \brief Scalar multiplication of base point
/// \details crypto_scalarmult_base() uses crypto_scalarmult_curve25519
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A>
/// \since Crypto++ 6.0
int crypto_scalarmult_base(byte *q,const byte *n);
/// \brief Encrypt and authenticate a message
/// \details crypto_secretbox() uses a symmetric key to encrypt and authenticate a message.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
/// \since Crypto++ 6.0
int crypto_secretbox(byte *c,const byte *m,word64 d,const byte *n,const byte *k);
/// \brief Verify and decrypt a message
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
/// \since Crypto++ 6.0
int crypto_secretbox_open(byte *m,const byte *c,word64 d,const byte *n,const byte *k);
/// \brief Sign a message
/// \param sm output byte buffer
/// \param smlen size of the output byte buffer
/// \param m input byte buffer
/// \param n size of the input byte buffer
/// \param sk private key
/// \details crypto_sign() uses crypto_sign_ed25519.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
/// \since Crypto++ 6.0
int crypto_sign(byte *sm,word64 *smlen,const byte *m,word64 n,const byte *sk);
/// \brief Verify a message
/// \param m output byte buffer
/// \param mlen size of the output byte buffer
/// \param sm input byte buffer
/// \param n size of the input byte buffer
/// \param pk public key
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
/// \since Crypto++ 6.0
int crypto_sign_open(byte *m,word64 *mlen,const byte *sm,word64 n,const byte *pk);
/// \brief Generate a keypair for signing
/// \param pk public key byte buffer
/// \param sk private key byte buffer
/// \details crypto_sign_keypair() creates an ed25519 keypair.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
/// \since Crypto++ 6.0
int crypto_sign_keypair(byte *pk, byte *sk);
/// \brief Produce a keystream using XSalsa20
/// \details crypto_stream() uses crypto_stream_xsalsa20
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
/// \since Crypto++ 6.0
int crypto_stream(byte *c,word64 d,const byte *n,const byte *k);
/// \brief Encrypt a message using XSalsa20
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
/// \since Crypto++ 6.0
int crypto_stream_xor(byte *c,const byte *m,word64 d,const byte *n,const byte *k);
/// \brief Produce a keystream using Salsa20
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
/// \since Crypto++ 6.0
int crypto_stream_salsa20(byte *c,word64 d,const byte *n,const byte *k);
/// \brief Encrypt a message using Salsa20
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
/// \since Crypto++ 6.0
int crypto_stream_salsa20_xor(byte *c,const byte *m,word64 b,const byte *n,const byte *k);
/// \brief Compare 16-byte buffers
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/verify.html">NaCl crypto_verify documentation</A>
/// \since Crypto++ 6.0
int crypto_verify_16(const byte *x,const byte *y);
/// \brief Compare 32-byte buffers
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/verify.html">NaCl crypto_verify documentation</A>
/// \since Crypto++ 6.0
int crypto_verify_32(const byte *x,const byte *y);
NAMESPACE_END // CryptoPP
NAMESPACE_END // NaCl
#endif // CRYPTOPP_DISABLE_NACL
#endif // CRYPTOPP_NACL_H
// naclite.h - written and placed in the public domain by Jeffrey Walton
// based on public domain NaCl source code written by
// Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen,
// Tanja Lange, Peter Schwabe and Sjaak Smetsers.
/// \file naclite.h
/// \brief Crypto++ interface to TweetNaCl library (20140917)
/// \details TweetNaCl is a compact reimplementation of the NaCl library by
/// Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange,
/// Peter Schwabe and Sjaak Smetsers. The library is less than 20 KB in size
/// and provides 25 of the NaCl library functions.
/// \details The compact library uses curve25519, XSalsa20, Poly1305 and
/// SHA-512 as default primitives, and includes both x25519 key exchange and
/// ed25519 signatures. The complete list of functions can be found in
/// <A HREF="https://tweetnacl.cr.yp.to/tweetnacl-20140917.pdf">TweetNaCl:
/// A crypto library in 100 tweets</A> (20140917), Table 1, page 5.
/// \details Crypto++ rejects small order elements using libsodium's blacklist. The
/// TweetNaCl library allowed them but the library predated the attack. If you wish
/// to allow small elements then use the "unchecked" versions of crypto_box_unchecked,
/// crypto_box_open_unchecked and crypto_box_beforenm_unchecked.
/// \details TweetNaCl is well written but not well optimzed. It runs 2x to 3x
/// slower than optimized routines from libsodium. However, the library is still
/// 2x to 4x faster than the algorithms NaCl was designed to replace.
/// \details The Crypto++ wrapper for TweetNaCl requires OS features. That is,
/// <tt>NO_OS_DEPENDENCE</tt> cannot be defined. It is due to TweetNaCl's
/// internal function <tt>randombytes</tt>. Crypto++ used
/// <tt>DefaultAutoSeededRNG</tt> within <tt>randombytes</tt>, so OS integration
/// must be enabled. You can use another generator like <tt>RDRAND</tt> to
/// avoid the restriction.
/// \sa <A HREF="https://cr.yp.to/highspeed/coolnacl-20120725.pdf">The security impact
/// of a new cryptographic library</A>, <A
/// HREF="https://tweetnacl.cr.yp.to/tweetnacl-20140917.pdf">TweetNaCl:
/// A crypto library in 100 tweets</A> (20140917), <A
/// HREF="https://eprint.iacr.org/2017/806.pdf">May the Fourth Be With You: A
/// Microarchitectural Side Channel Attack on Several Real-World Applications of
/// Curve25519</A>, <A
/// HREF="https://github.com/jedisct1/libsodium/commit/afabd7e7386e1194">libsodium
/// commit afabd7e7386e1194</A> and <A HREF="https://tools.ietf.org/html/rfc7748">RFC
/// 7748, Elliptic Curves for Security</A>, Section 6.
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_NACL_H
#define CRYPTOPP_NACL_H
#include "config.h"
#include "stdcpp.h"
#if defined(NO_OS_DEPENDENCE)
# define CRYPTOPP_DISABLE_NACL 1
#endif
#ifndef CRYPTOPP_DISABLE_NACL
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(NaCl)
/// \brief Hash size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_hash documentation</A>
CRYPTOPP_CONSTANT(crypto_hash_BYTES = 64)
/// \brief Key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
CRYPTOPP_CONSTANT(crypto_stream_KEYBYTES = 32)
/// \brief Nonce size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
CRYPTOPP_CONSTANT(crypto_stream_NONCEBYTES = 24)
/// \brief Key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/auth.html">NaCl crypto_auth documentation</A>
CRYPTOPP_CONSTANT(crypto_auth_KEYBYTES = 32)
/// \brief Tag size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/auth.html">NaCl crypto_auth documentation</A>
CRYPTOPP_CONSTANT(crypto_auth_BYTES = 16)
/// \brief Key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A>
CRYPTOPP_CONSTANT(crypto_onetimeauth_KEYBYTES = 32)
/// \brief Tag size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A>
CRYPTOPP_CONSTANT(crypto_onetimeauth_BYTES = 16)
/// \brief Key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
CRYPTOPP_CONSTANT(crypto_secretbox_KEYBYTES = 32)
/// \brief Nonce size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
CRYPTOPP_CONSTANT(crypto_secretbox_NONCEBYTES = 24)
/// \brief Zero-padded message prefix in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
CRYPTOPP_CONSTANT(crypto_secretbox_ZEROBYTES = 32)
/// \brief Zero-padded message prefix in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
CRYPTOPP_CONSTANT(crypto_secretbox_BOXZEROBYTES = 16)
/// \brief Private key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_SECRETKEYBYTES = 32)
/// \brief Public key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_PUBLICKEYBYTES = 32)
/// \brief Nonce size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_NONCEBYTES = 24)
/// \brief Message 0-byte prefix in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_ZEROBYTES = 32)
/// \brief Open box 0-byte prefix in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_BOXZEROBYTES = 16)
/// \brief Precomputation 0-byte prefix in bytes in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_BEFORENMBYTES = 32)
/// \brief MAC size in bytes
/// \details crypto_box_MACBYTES was missing from tweetnacl.h. Its is defined as
/// crypto_box_curve25519xsalsa20poly1305_MACBYTES, which is defined as 16U.
/// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_box documentation</A>
CRYPTOPP_CONSTANT(crypto_box_MACBYTES = 16)
/// \brief Private key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
CRYPTOPP_CONSTANT(crypto_sign_SECRETKEYBYTES = 64)
/// \brief Public key size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
CRYPTOPP_CONSTANT(crypto_sign_PUBLICKEYBYTES = 32)
/// \brief Seed size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
CRYPTOPP_CONSTANT(crypto_sign_SEEDBYTES = 32)
/// \brief Signature size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
CRYPTOPP_CONSTANT(crypto_sign_BYTES = 64)
/// \brief Group element size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A>
CRYPTOPP_CONSTANT(crypto_scalarmult_BYTES = 32)
/// \brief Integer size in bytes
/// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A>
CRYPTOPP_CONSTANT(crypto_scalarmult_SCALARBYTES = 32)
/// \brief Encrypt and authenticate a message
/// \param c output byte buffer
/// \param m input byte buffer
/// \param d size of the input byte buffer
/// \param n nonce byte buffer
/// \param y other's public key
/// \param x private key
/// \details crypto_box() uses crypto_box_curve25519xsalsa20poly1305
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
/// \since Crypto++ 6.0
int crypto_box(byte *c,const byte *m,word64 d,const byte *n,const byte *y,const byte *x);
/// \brief Verify and decrypt a message
/// \param m output byte buffer
/// \param c input byte buffer
/// \param d size of the input byte buffer
/// \param n nonce byte buffer
/// \param y other's public key
/// \param x private key
/// \details crypto_box_open() uses crypto_box_curve25519xsalsa20poly1305
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
/// \since Crypto++ 6.0
int crypto_box_open(byte *m,const byte *c,word64 d,const byte *n,const byte *y,const byte *x);
/// \brief Generate a keypair for encryption
/// \param y public key byte buffer
/// \param x private key byte buffer
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
/// \since Crypto++ 6.0
int crypto_box_keypair(byte *y,byte *x);
/// \brief Encrypt and authenticate a message
/// \param k shared secret byte buffer
/// \param y other's public key
/// \param x private key
/// \details crypto_box_beforenm() performs message-independent precomputation to derive the key.
/// Once the key is derived multiple calls to crypto_box_afternm() can be made to process the message.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
/// \since Crypto++ 6.0
int crypto_box_beforenm(byte *k,const byte *y,const byte *x);
/// \brief Encrypt and authenticate a message
/// \param m output byte buffer
/// \param c input byte buffer
/// \param d size of the input byte buffer
/// \param n nonce byte buffer
/// \param k shared secret byte buffer
/// \details crypto_box_afternm() performs message-dependent computation using the derived the key.
/// Once the key is derived using crypto_box_beforenm() multiple calls to crypto_box_afternm()
/// can be made to process the message.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
/// \since Crypto++ 6.0
int crypto_box_afternm(byte *c,const byte *m,word64 d,const byte *n,const byte *k);
/// \brief Verify and decrypt a message
/// \param m output byte buffer
/// \param c input byte buffer
/// \param d size of the input byte buffer
/// \param n nonce byte buffer
/// \param k shared secret byte buffer
/// \details crypto_box_afternm() performs message-dependent computation using the derived the key.
/// Once the key is derived using crypto_box_beforenm() multiple calls to crypto_box_open_afternm()
/// can be made to process the message.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
/// \since Crypto++ 6.0
int crypto_box_open_afternm(byte *m,const byte *c,word64 d,const byte *n,const byte *k);
/// \brief Encrypt and authenticate a message
/// \param c output byte buffer
/// \param m input byte buffer
/// \param d size of the input byte buffer
/// \param n nonce byte buffer
/// \param y other's public key
/// \param x private key
/// \details crypto_box() uses crypto_box_curve25519xsalsa20poly1305.
/// \details This version of crypto_box() does not check for small order elements. It can be unsafe
/// but it exists for backwards compatibility with downlevel clients. Without the compatibility
/// interop with early versions of NaCl, libsodium and other libraries does not exist. The
/// downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero
/// and Zcash.
/// \returns 0 on success, non-0 otherwise
/// \warning This version of crypto_box() does not check for small order elements. It should not
/// be used in new software.
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>,
/// <A HREF="https://eprint.iacr.org/2017/806.pdf">May the Fourth Be With You: A Microarchitectural
/// Side Channel Attack on Several Real-World Applications of Curve25519</A>,
/// <A HREF="https://github.com/jedisct1/libsodium/commit/afabd7e7386e1194">libsodium commit
/// afabd7e7386e1194</A>.
/// \since Crypto++ 6.0
int crypto_box_unchecked(byte *c,const byte *m,word64 d,const byte *n,const byte *y,const byte *x);
/// \brief Verify and decrypt a message
/// \param m output byte buffer
/// \param c input byte buffer
/// \param d size of the input byte buffer
/// \param n nonce byte buffer
/// \param y other's public key
/// \param x private key
/// \details crypto_box_open() uses crypto_box_curve25519xsalsa20poly1305.
/// \details This version of crypto_box_open() does not check for small order elements. It can be unsafe
/// but it exists for backwards compatibility with downlevel clients. Without the compatibility
/// interop with early versions of NaCl, libsodium and other libraries does not exist. The
/// downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero
/// and Zcash.
/// \returns 0 on success, non-0 otherwise
/// \warning This version of crypto_box_open() does not check for small order elements. It should not
/// be used in new software.
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>,
/// <A HREF="https://eprint.iacr.org/2017/806.pdf">May the Fourth Be With You: A Microarchitectural
/// Side Channel Attack on Several Real-World Applications of Curve25519</A>,
/// <A HREF="https://github.com/jedisct1/libsodium/commit/afabd7e7386e1194">libsodium commit
/// afabd7e7386e1194</A>.
/// \since Crypto++ 6.0
int crypto_box_open_unchecked(byte *m,const byte *c,word64 d,const byte *n,const byte *y,const byte *x);
/// \brief Encrypt and authenticate a message
/// \param k shared secret byte buffer
/// \param y other's public key
/// \param x private key
/// \details crypto_box_beforenm() performs message-independent precomputation to derive the key.
/// Once the key is derived multiple calls to crypto_box_afternm() can be made to process the message.
/// \details This version of crypto_box_beforenm() does not check for small order elements. It can be unsafe
/// but it exists for backwards compatibility with downlevel clients. Without the compatibility
/// interop with early versions of NaCl, libsodium and other libraries does not exist. The
/// downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero
/// and Zcash.
/// \returns 0 on success, non-0 otherwise
/// \warning This version of crypto_box_beforenm() does not check for small order elements. It should not
/// be used in new software.
/// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>,
/// <A HREF="https://eprint.iacr.org/2017/806.pdf">May the Fourth Be With You: A Microarchitectural
/// Side Channel Attack on Several Real-World Applications of Curve25519</A>,
/// <A HREF="https://github.com/jedisct1/libsodium/commit/afabd7e7386e1194">libsodium commit
/// afabd7e7386e1194</A>.
/// \since Crypto++ 6.0
int crypto_box_beforenm_unchecked(byte *k,const byte *y,const byte *x);
/// \brief TODO
int crypto_core_salsa20(byte *out,const byte *in,const byte *k,const byte *c);
/// \brief TODO
/// \returns 0 on success, non-0 otherwise
/// \since Crypto++ 6.0
int crypto_core_hsalsa20(byte *out,const byte *in,const byte *k,const byte *c);
/// \brief Hash multiple blocks
/// \details crypto_hashblocks() uses crypto_hashblocks_sha512.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_hash documentation</A>
/// \since Crypto++ 6.0
int crypto_hashblocks(byte *x,const byte *m,word64 n);
/// \brief Hash a message
/// \details crypto_hash() uses crypto_hash_sha512.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_hash documentation</A>
/// \since Crypto++ 6.0
int crypto_hash(byte *out,const byte *m,word64 n);
/// \brief Create an authentication tag for a message
/// \details crypto_onetimeauth() uses crypto_onetimeauth_poly1305.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A>
/// \since Crypto++ 6.0
int crypto_onetimeauth(byte *out,const byte *m,word64 n,const byte *k);
/// \brief Verify an authentication tag on a message
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A>
/// \since Crypto++ 6.0
int crypto_onetimeauth_verify(const byte *h,const byte *m,word64 n,const byte *k);
/// \brief Scalar multiplication of a point
/// \details crypto_scalarmult() uses crypto_scalarmult_curve25519
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A>
/// \since Crypto++ 6.0
int crypto_scalarmult(byte *q,const byte *n,const byte *p);
/// \brief Scalar multiplication of base point
/// \details crypto_scalarmult_base() uses crypto_scalarmult_curve25519
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A>
/// \since Crypto++ 6.0
int crypto_scalarmult_base(byte *q,const byte *n);
/// \brief Encrypt and authenticate a message
/// \details crypto_secretbox() uses a symmetric key to encrypt and authenticate a message.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
/// \since Crypto++ 6.0
int crypto_secretbox(byte *c,const byte *m,word64 d,const byte *n,const byte *k);
/// \brief Verify and decrypt a message
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
/// \since Crypto++ 6.0
int crypto_secretbox_open(byte *m,const byte *c,word64 d,const byte *n,const byte *k);
/// \brief Sign a message
/// \param sm output byte buffer
/// \param smlen size of the output byte buffer
/// \param m input byte buffer
/// \param n size of the input byte buffer
/// \param sk private key
/// \details crypto_sign() uses crypto_sign_ed25519.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
/// \since Crypto++ 6.0
int crypto_sign(byte *sm,word64 *smlen,const byte *m,word64 n,const byte *sk);
/// \brief Verify a message
/// \param m output byte buffer
/// \param mlen size of the output byte buffer
/// \param sm input byte buffer
/// \param n size of the input byte buffer
/// \param pk public key
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
/// \since Crypto++ 6.0
int crypto_sign_open(byte *m,word64 *mlen,const byte *sm,word64 n,const byte *pk);
/// \brief Generate a keypair for signing
/// \param pk public key byte buffer
/// \param sk private key byte buffer
/// \details crypto_sign_keypair() creates an ed25519 keypair.
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
/// \since Crypto++ 6.0
int crypto_sign_keypair(byte *pk, byte *sk);
/// \brief Produce a keystream using XSalsa20
/// \details crypto_stream() uses crypto_stream_xsalsa20
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
/// \since Crypto++ 6.0
int crypto_stream(byte *c,word64 d,const byte *n,const byte *k);
/// \brief Encrypt a message using XSalsa20
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
/// \since Crypto++ 6.0
int crypto_stream_xor(byte *c,const byte *m,word64 d,const byte *n,const byte *k);
/// \brief Produce a keystream using Salsa20
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
/// \since Crypto++ 6.0
int crypto_stream_salsa20(byte *c,word64 d,const byte *n,const byte *k);
/// \brief Encrypt a message using Salsa20
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
/// \since Crypto++ 6.0
int crypto_stream_salsa20_xor(byte *c,const byte *m,word64 b,const byte *n,const byte *k);
/// \brief Compare 16-byte buffers
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/verify.html">NaCl crypto_verify documentation</A>
/// \since Crypto++ 6.0
int crypto_verify_16(const byte *x,const byte *y);
/// \brief Compare 32-byte buffers
/// \returns 0 on success, non-0 otherwise
/// \sa <A HREF="https://nacl.cr.yp.to/verify.html">NaCl crypto_verify documentation</A>
/// \since Crypto++ 6.0
int crypto_verify_32(const byte *x,const byte *y);
NAMESPACE_END // CryptoPP
NAMESPACE_END // NaCl
#endif // CRYPTOPP_DISABLE_NACL
#endif // CRYPTOPP_NACL_H

236
Common/3dParty/cryptopp/neon-simd.cpp
View File

@ -1,118 +1,118 @@
// crc-simd.cpp - written and placed in the public domain by
// Jeffrey Walton, Uri Blumenthal and Marcel Raad.
//
// This source file uses intrinsics to gain access to ARMv7a and
// ARMv8a NEON instructions. A separate source file is needed
// because additional CXXFLAGS are required to enable the
// appropriate instructions sets in some build configurations.
#include "pch.h"
#include "config.h"
#include "stdcpp.h"
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
# include <arm_neon.h>
#endif
// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many
// compilers don't follow ACLE conventions for the include.
#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE)
# include <stdint.h>
# include <arm_acle.h>
#endif
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
# include <signal.h>
# include <setjmp.h>
#endif
#ifndef EXCEPTION_EXECUTE_HANDLER
# define EXCEPTION_EXECUTE_HANDLER 1
#endif
NAMESPACE_BEGIN(CryptoPP)
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
extern "C" {
typedef void (*SigHandler)(int);
static jmp_buf s_jmpSIGILL;
static void SigIllHandler(int)
{
longjmp(s_jmpSIGILL, 1);
}
}
#endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
bool CPU_ProbeNEON()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_ARM_NEON_AVAILABLE)
# if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
volatile bool result = true;
__try
{
uint32_t v1[4] = {1,1,1,1};
uint32x4_t x1 = vld1q_u32(v1);
uint64_t v2[2] = {1,1};
uint64x2_t x2 = vld1q_u64(v2);
uint32x4_t x3 = vdupq_n_u32(2);
x3 = vsetq_lane_u32(vgetq_lane_u32(x1,0),x3,0);
x3 = vsetq_lane_u32(vgetq_lane_u32(x1,3),x3,3);
uint64x2_t x4 = vdupq_n_u64(2);
x4 = vsetq_lane_u64(vgetq_lane_u64(x2,0),x4,0);
x4 = vsetq_lane_u64(vgetq_lane_u64(x2,1),x4,1);
result = !!(vgetq_lane_u32(x3,0) | vgetq_lane_u64(x4,1));
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
return false;
}
return result;
# else
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile bool result = true;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
uint32_t v1[4] = {1,1,1,1};
uint32x4_t x1 = vld1q_u32(v1);
uint64_t v2[2] = {1,1};
uint64x2_t x2 = vld1q_u64(v2);
uint32x4_t x3 = {0,0,0,0};
x3 = vsetq_lane_u32(vgetq_lane_u32(x1,0),x3,0);
x3 = vsetq_lane_u32(vgetq_lane_u32(x1,3),x3,3);
uint64x2_t x4 = {0,0};
x4 = vsetq_lane_u64(vgetq_lane_u64(x2,0),x4,0);
x4 = vsetq_lane_u64(vgetq_lane_u64(x2,1),x4,1);
// Hack... GCC optimizes away the code and returns true
result = !!(vgetq_lane_u32(x3,0) | vgetq_lane_u64(x4,1));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_ARM_NEON_AVAILABLE
}
NAMESPACE_END
// crc-simd.cpp - written and placed in the public domain by
// Jeffrey Walton, Uri Blumenthal and Marcel Raad.
//
// This source file uses intrinsics to gain access to ARMv7a and
// ARMv8a NEON instructions. A separate source file is needed
// because additional CXXFLAGS are required to enable the
// appropriate instructions sets in some build configurations.
#include "pch.h"
#include "config.h"
#include "stdcpp.h"
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
# include <arm_neon.h>
#endif
// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many
// compilers don't follow ACLE conventions for the include.
#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE)
# include <stdint.h>
# include <arm_acle.h>
#endif
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
# include <signal.h>
# include <setjmp.h>
#endif
#ifndef EXCEPTION_EXECUTE_HANDLER
# define EXCEPTION_EXECUTE_HANDLER 1
#endif
NAMESPACE_BEGIN(CryptoPP)
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
extern "C" {
typedef void (*SigHandler)(int);
static jmp_buf s_jmpSIGILL;
static void SigIllHandler(int)
{
longjmp(s_jmpSIGILL, 1);
}
}
#endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
bool CPU_ProbeNEON()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_ARM_NEON_AVAILABLE)
# if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
volatile bool result = true;
__try
{
uint32_t v1[4] = {1,1,1,1};
uint32x4_t x1 = vld1q_u32(v1);
uint64_t v2[2] = {1,1};
uint64x2_t x2 = vld1q_u64(v2);
uint32x4_t x3 = vdupq_n_u32(2);
x3 = vsetq_lane_u32(vgetq_lane_u32(x1,0),x3,0);
x3 = vsetq_lane_u32(vgetq_lane_u32(x1,3),x3,3);
uint64x2_t x4 = vdupq_n_u64(2);
x4 = vsetq_lane_u64(vgetq_lane_u64(x2,0),x4,0);
x4 = vsetq_lane_u64(vgetq_lane_u64(x2,1),x4,1);
result = !!(vgetq_lane_u32(x3,0) | vgetq_lane_u64(x4,1));
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
return false;
}
return result;
# else
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile bool result = true;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
uint32_t v1[4] = {1,1,1,1};
uint32x4_t x1 = vld1q_u32(v1);
uint64_t v2[2] = {1,1};
uint64x2_t x2 = vld1q_u64(v2);
uint32x4_t x3 = {0,0,0,0};
x3 = vsetq_lane_u32(vgetq_lane_u32(x1,0),x3,0);
x3 = vsetq_lane_u32(vgetq_lane_u32(x1,3),x3,3);
uint64x2_t x4 = {0,0};
x4 = vsetq_lane_u64(vgetq_lane_u64(x2,0),x4,0);
x4 = vsetq_lane_u64(vgetq_lane_u64(x2,1),x4,1);
// Hack... GCC optimizes away the code and returns true
result = !!(vgetq_lane_u32(x3,0) | vgetq_lane_u64(x4,1));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_ARM_NEON_AVAILABLE
}
NAMESPACE_END

202
Common/3dParty/cryptopp/padlkrng.cpp
View File

@ -1,101 +1,101 @@
// via-rng.cpp - written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
#include "pch.h"
#include "config.h"
#include "cryptlib.h"
#include "secblock.h"
#include "padlkrng.h"
#include "cpu.h"
// The Padlock Security Engine RNG has a few items to be aware of. You can
// find copies of the Programmer's manual, Cryptography Research Inc audit
// report, and other goodies at http://www.cryptopp.com/wiki/VIA_Padlock.
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4702)
#endif
NAMESPACE_BEGIN(CryptoPP)
PadlockRNG::PadlockRNG(word32 divisor)
: m_divisor(DivisorHelper(divisor)), m_msr(0)
{
#if defined(CRYPTOPP_X86_ASM_AVAILABLE)
if (!HasPadlockRNG())
throw PadlockRNG_Err("PadlockRNG", "PadlockRNG generator not available");
#else
throw PadlockRNG_Err("PadlockRNG", "PadlockRNG generator not available");
#endif
}
void PadlockRNG::GenerateBlock(byte *output, size_t size)
{
CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(size);
#if defined(CRYPTOPP_X86_ASM_AVAILABLE) && defined(__GNUC__)
while (size)
{
__asm__ __volatile__
(
#if (CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
"mov %1, %%rdi ;\n"
"movl %2, %%edx ;\n"
#else
"mov %1, %%edi ;\n"
"movl %2, %%edx ;\n"
#endif
".byte 0x0f, 0xa7, 0xc0 ;\n"
"movl %%eax, %0 ;\n"
: "=g" (m_msr) : "g" (m_buffer.data()), "g" (m_divisor)
#if (CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
: "eax", "edx", "rdi", "cc"
#else
: "eax", "edx", "edi", "cc"
#endif
);
const size_t ret = m_msr & 0x1f;
const size_t rem = STDMIN<size_t>(ret, STDMIN<size_t>(size, 16U /*buffer size*/));
std::memcpy(output, m_buffer, rem);
size -= rem; output += rem;
}
#elif defined(CRYPTOPP_X86_ASM_AVAILABLE) && defined(_MSC_VER) && defined(_M_IX86)
while (size)
{
word32 result, divisor = m_divisor;
byte *buffer = reinterpret_cast<byte*>(m_buffer.data());
__asm {
mov edi, buffer
mov edx, divisor
_emit 0x0f
_emit 0xa7
_emit 0xc0
mov result, eax
}
const size_t ret = (m_msr = result) & 0x1f;
const size_t rem = STDMIN<size_t>(ret, STDMIN<size_t>(size, 16U /*buffer size*/));
std::memcpy(output, buffer, rem);
size -= rem; output += rem;
}
#else
throw PadlockRNG_Err("GenerateBlock", "PadlockRNG generator not available");
#endif // CRYPTOPP_X86_ASM_AVAILABLE
}
void PadlockRNG::DiscardBytes(size_t n)
{
FixedSizeSecBlock<word32, 4> discard;
n = RoundUpToMultipleOf(n, sizeof(word32));
size_t count = STDMIN(n, discard.SizeInBytes());
while (count)
{
GenerateBlock(discard.BytePtr(), count);
n -= count;
count = STDMIN(n, discard.SizeInBytes());
}
}
NAMESPACE_END
// via-rng.cpp - written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
#include "pch.h"
#include "config.h"
#include "cryptlib.h"
#include "secblock.h"
#include "padlkrng.h"
#include "cpu.h"
// The Padlock Security Engine RNG has a few items to be aware of. You can
// find copies of the Programmer's manual, Cryptography Research Inc audit
// report, and other goodies at http://www.cryptopp.com/wiki/VIA_Padlock.
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4702)
#endif
NAMESPACE_BEGIN(CryptoPP)
PadlockRNG::PadlockRNG(word32 divisor)
: m_divisor(DivisorHelper(divisor)), m_msr(0)
{
#if defined(CRYPTOPP_X86_ASM_AVAILABLE)
if (!HasPadlockRNG())
throw PadlockRNG_Err("PadlockRNG", "PadlockRNG generator not available");
#else
throw PadlockRNG_Err("PadlockRNG", "PadlockRNG generator not available");
#endif
}
void PadlockRNG::GenerateBlock(byte *output, size_t size)
{
CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(size);
#if defined(CRYPTOPP_X86_ASM_AVAILABLE) && defined(__GNUC__)
while (size)
{
__asm__ __volatile__
(
#if (CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
"mov %1, %%rdi ;\n"
"movl %2, %%edx ;\n"
#else
"mov %1, %%edi ;\n"
"movl %2, %%edx ;\n"
#endif
".byte 0x0f, 0xa7, 0xc0 ;\n"
"movl %%eax, %0 ;\n"
: "=g" (m_msr) : "g" (m_buffer.data()), "g" (m_divisor)
#if (CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
: "eax", "edx", "rdi", "cc"
#else
: "eax", "edx", "edi", "cc"
#endif
);
const size_t ret = m_msr & 0x1f;
const size_t rem = STDMIN<size_t>(ret, STDMIN<size_t>(size, 16U /*buffer size*/));
std::memcpy(output, m_buffer, rem);
size -= rem; output += rem;
}
#elif defined(CRYPTOPP_X86_ASM_AVAILABLE) && defined(_MSC_VER) && defined(_M_IX86)
while (size)
{
word32 result, divisor = m_divisor;
byte *buffer = reinterpret_cast<byte*>(m_buffer.data());
__asm {
mov edi, buffer
mov edx, divisor
_emit 0x0f
_emit 0xa7
_emit 0xc0
mov result, eax
}
const size_t ret = (m_msr = result) & 0x1f;
const size_t rem = STDMIN<size_t>(ret, STDMIN<size_t>(size, 16U /*buffer size*/));
std::memcpy(output, buffer, rem);
size -= rem; output += rem;
}
#else
throw PadlockRNG_Err("GenerateBlock", "PadlockRNG generator not available");
#endif // CRYPTOPP_X86_ASM_AVAILABLE
}
void PadlockRNG::DiscardBytes(size_t n)
{
FixedSizeSecBlock<word32, 4> discard;
n = RoundUpToMultipleOf(n, sizeof(word32));
size_t count = STDMIN(n, discard.SizeInBytes());
while (count)
{
GenerateBlock(discard.BytePtr(), count);
n -= count;
count = STDMIN(n, discard.SizeInBytes());
}
}
NAMESPACE_END

272
Common/3dParty/cryptopp/padlkrng.h
View File

@ -1,136 +1,136 @@
// via-rng.h - written and placed in public domain by Jeffrey Walton
/// \file padlkrng.h
/// \brief Classes for VIA Padlock RNG
/// \since Crypto++ 6.0
/// \sa <A HREF="http://www.cryptopp.com/wiki/VIA_Padlock">VIA
/// Padlock</A> on the Crypto++ wiki
#ifndef CRYPTOPP_PADLOCK_RNG_H
#define CRYPTOPP_PADLOCK_RNG_H
#include "cryptlib.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief Exception thrown when a PadlockRNG generator encounters
/// a generator related error.
/// \since Crypto++ 6.0
class PadlockRNG_Err : public Exception
{
public:
PadlockRNG_Err(const std::string &operation)
: Exception(OTHER_ERROR, "PadlockRNG: " + operation + " operation failed") {}
PadlockRNG_Err(const std::string &component, const std::string &message)
: Exception(OTHER_ERROR, component + ": " + message) {}
};
/// \brief Hardware generated random numbers using VIA XSTORE
/// \details Some VIA processors provide a Security Engine called Padlock. The Padlock
/// Security Engine provides AES, SHA and a RNG. The PadlockRNG class provides access
/// to the RNG.
/// \details The VIA generator uses an 8 byte FIFO buffer for random numbers. The
/// generator can be configured to discard bits from the buffer to resist analysis.
/// The <tt>divisor</tt> controls the number of bytes discarded. The formula for
/// the discard amount is <tt>2**divisor - 1</tt>. When <tt>divisor=0</tt> no bits
/// are discarded and the entire 8 byte buffer is read. If <tt>divisor=3</tt> then
/// 7 bytes are discarded and 1 byte is read. TheVIA SDK samples use <tt>divisor=1</tt>.
/// \details Cryptography Research, Inc (CRI) audited the Padlock Security Engine
/// in 2003. CRI provided recommendations to operate the generator for secure and
/// non-secure applications. Additionally, the Programmers Guide and SDK provided a
/// different configuration in the sample code.
/// \details You can operate the generator according to CRI recommendations by setting
/// <tt>divisor</tt>, reading one word (or partial word) at a time from the FIFO, and
/// then inspecting the MSR after each read.
/// \details The audit report with recommendations is available on the Crypto++ wiki
/// at <A HREF="http://www.cryptopp.com/wiki/VIA_Padlock">VIA Padlock</A>.
/// \sa MaurerRandomnessTest() for random bit generators
/// \since Crypto++ 6.0
class PadlockRNG : public RandomNumberGenerator
{
public:
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "PadlockRNG"; }
virtual ~PadlockRNG() {}
/// \brief Construct a PadlockRNG generator
/// \param divisor the XSTORE divisor
/// \details Some VIA processors provide a Security Engine called Padlock. The Padlock
/// Security Engine provides AES, SHA and a RNG. The PadlockRNG class provides access
/// to the RNG.
/// \details The VIA generator uses an 8 byte FIFO buffer for random numbers. The
/// generator can be configured to discard bits from the buffer to resist analysis.
/// The <tt>divisor</tt> controls the number of bytes discarded. The formula for
/// the discard amount is <tt>2**divisor - 1</tt>. When <tt>divisor=0</tt> no bits
/// are discarded and the entire 8 byte buffer is read. If <tt>divisor=3</tt> then
/// 7 bytes are discarded and 1 byte is read. VIA SDK samples use <tt>divisor=1</tt>.
/// \details Cryptography Research, Inc (CRI) audited the Padlock Security Engine
/// in 2003. CRI provided recommendations to operate the generator for secure and
/// non-secure applications. Additionally, the Programmers SDK provided a different
/// configuration in the sample code.
/// \details The audit report with recommendations is available on the Crypto++ wiki
/// at <A HREF="http://www.cryptopp.com/wiki/VIA_Padlock">VIA Padlock</A>.
/// \sa SetDivisor, GetDivisor
PadlockRNG(word32 divisor=1);
/// \brief Generate random array of bytes
/// \param output the byte buffer
/// \param size the length of the buffer, in bytes
virtual void GenerateBlock(byte *output, size_t size);
/// \brief Generate and discard n bytes
/// \param n the number of bytes to generate and discard
/// \details the Padlock generator discards words, not bytes. If n is
/// not a multiple of a 32-bit word, then it is rounded up to
/// that size.
virtual void DiscardBytes(size_t n);
/// \brief Update RNG state with additional unpredictable values
/// \param input unused
/// \param length unused
/// \details The operation is a nop for this generator.
virtual void IncorporateEntropy(const byte *input, size_t length)
{
// Override to avoid the base class' throw.
CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(length);
}
/// \brief Set the XSTORE divisor
/// \param divisor the XSTORE divisor
/// \returns the old XSTORE divisor
word32 SetDivisor(word32 divisor)
{
word32 old = m_divisor;
m_divisor = DivisorHelper(divisor);
return old;
}
/// \brief Get the XSTORE divisor
/// \returns the current XSTORE divisor
word32 GetDivisor() const
{
return m_divisor;
}
/// \brief Get the MSR for the last operation
/// \returns the MSR for the last read operation
word32 GetMSR() const
{
return m_msr;
}
protected:
inline word32 DivisorHelper(word32 divisor)
{
return divisor > 3 ? 3 : divisor;
}
private:
FixedSizeAlignedSecBlock<word32, 4, true> m_buffer;
word32 m_divisor, m_msr;
};
NAMESPACE_END
#endif // CRYPTOPP_PADLOCK_RNG_H
// via-rng.h - written and placed in public domain by Jeffrey Walton
/// \file padlkrng.h
/// \brief Classes for VIA Padlock RNG
/// \since Crypto++ 6.0
/// \sa <A HREF="http://www.cryptopp.com/wiki/VIA_Padlock">VIA
/// Padlock</A> on the Crypto++ wiki
#ifndef CRYPTOPP_PADLOCK_RNG_H
#define CRYPTOPP_PADLOCK_RNG_H
#include "cryptlib.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief Exception thrown when a PadlockRNG generator encounters
/// a generator related error.
/// \since Crypto++ 6.0
class PadlockRNG_Err : public Exception
{
public:
PadlockRNG_Err(const std::string &operation)
: Exception(OTHER_ERROR, "PadlockRNG: " + operation + " operation failed") {}
PadlockRNG_Err(const std::string &component, const std::string &message)
: Exception(OTHER_ERROR, component + ": " + message) {}
};
/// \brief Hardware generated random numbers using VIA XSTORE
/// \details Some VIA processors provide a Security Engine called Padlock. The Padlock
/// Security Engine provides AES, SHA and a RNG. The PadlockRNG class provides access
/// to the RNG.
/// \details The VIA generator uses an 8 byte FIFO buffer for random numbers. The
/// generator can be configured to discard bits from the buffer to resist analysis.
/// The <tt>divisor</tt> controls the number of bytes discarded. The formula for
/// the discard amount is <tt>2**divisor - 1</tt>. When <tt>divisor=0</tt> no bits
/// are discarded and the entire 8 byte buffer is read. If <tt>divisor=3</tt> then
/// 7 bytes are discarded and 1 byte is read. TheVIA SDK samples use <tt>divisor=1</tt>.
/// \details Cryptography Research, Inc (CRI) audited the Padlock Security Engine
/// in 2003. CRI provided recommendations to operate the generator for secure and
/// non-secure applications. Additionally, the Programmers Guide and SDK provided a
/// different configuration in the sample code.
/// \details You can operate the generator according to CRI recommendations by setting
/// <tt>divisor</tt>, reading one word (or partial word) at a time from the FIFO, and
/// then inspecting the MSR after each read.
/// \details The audit report with recommendations is available on the Crypto++ wiki
/// at <A HREF="http://www.cryptopp.com/wiki/VIA_Padlock">VIA Padlock</A>.
/// \sa MaurerRandomnessTest() for random bit generators
/// \since Crypto++ 6.0
class PadlockRNG : public RandomNumberGenerator
{
public:
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "PadlockRNG"; }
virtual ~PadlockRNG() {}
/// \brief Construct a PadlockRNG generator
/// \param divisor the XSTORE divisor
/// \details Some VIA processors provide a Security Engine called Padlock. The Padlock
/// Security Engine provides AES, SHA and a RNG. The PadlockRNG class provides access
/// to the RNG.
/// \details The VIA generator uses an 8 byte FIFO buffer for random numbers. The
/// generator can be configured to discard bits from the buffer to resist analysis.
/// The <tt>divisor</tt> controls the number of bytes discarded. The formula for
/// the discard amount is <tt>2**divisor - 1</tt>. When <tt>divisor=0</tt> no bits
/// are discarded and the entire 8 byte buffer is read. If <tt>divisor=3</tt> then
/// 7 bytes are discarded and 1 byte is read. VIA SDK samples use <tt>divisor=1</tt>.
/// \details Cryptography Research, Inc (CRI) audited the Padlock Security Engine
/// in 2003. CRI provided recommendations to operate the generator for secure and
/// non-secure applications. Additionally, the Programmers SDK provided a different
/// configuration in the sample code.
/// \details The audit report with recommendations is available on the Crypto++ wiki
/// at <A HREF="http://www.cryptopp.com/wiki/VIA_Padlock">VIA Padlock</A>.
/// \sa SetDivisor, GetDivisor
PadlockRNG(word32 divisor=1);
/// \brief Generate random array of bytes
/// \param output the byte buffer
/// \param size the length of the buffer, in bytes
virtual void GenerateBlock(byte *output, size_t size);
/// \brief Generate and discard n bytes
/// \param n the number of bytes to generate and discard
/// \details the Padlock generator discards words, not bytes. If n is
/// not a multiple of a 32-bit word, then it is rounded up to
/// that size.
virtual void DiscardBytes(size_t n);
/// \brief Update RNG state with additional unpredictable values
/// \param input unused
/// \param length unused
/// \details The operation is a nop for this generator.
virtual void IncorporateEntropy(const byte *input, size_t length)
{
// Override to avoid the base class' throw.
CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(length);
}
/// \brief Set the XSTORE divisor
/// \param divisor the XSTORE divisor
/// \returns the old XSTORE divisor
word32 SetDivisor(word32 divisor)
{
word32 old = m_divisor;
m_divisor = DivisorHelper(divisor);
return old;
}
/// \brief Get the XSTORE divisor
/// \returns the current XSTORE divisor
word32 GetDivisor() const
{
return m_divisor;
}
/// \brief Get the MSR for the last operation
/// \returns the MSR for the last read operation
word32 GetMSR() const
{
return m_msr;
}
protected:
inline word32 DivisorHelper(word32 divisor)
{
return divisor > 3 ? 3 : divisor;
}
private:
FixedSizeAlignedSecBlock<word32, 4, true> m_buffer;
word32 m_divisor, m_msr;
};
NAMESPACE_END
#endif // CRYPTOPP_PADLOCK_RNG_H

536
Common/3dParty/cryptopp/poly1305.cpp
View File

@ -1,268 +1,268 @@
// poly1305.cpp - written and placed in the public domain by Jeffrey Walton and Jean-Pierre Munch
// Based on Andy Polyakov's Base-2^26 scalar multiplication implementation for OpenSSL.
#include "pch.h"
#include "cryptlib.h"
#include "aes.h"
#include "cpu.h"
#include "poly1305.h"
NAMESPACE_BEGIN(CryptoPP)
#define CONSTANT_TIME_CARRY(a,b) ((a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1))
template <class T>
void Poly1305_Base<T>::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
{
if (key && length)
{
// key is {k,r} pair, r is 16 bytes
length = SaturatingSubtract(length, (unsigned)BLOCKSIZE);
m_cipher.SetKey(key, length);
key += length;
// Rbar is clamped and little endian
m_r[0] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, key + 0) & 0x0fffffff;
m_r[1] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, key + 4) & 0x0ffffffc;
m_r[2] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, key + 8) & 0x0ffffffc;
m_r[3] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, key + 12) & 0x0ffffffc;
m_used = false;
}
ConstByteArrayParameter t;
if (params.GetValue(Name::IV(), t) && t.begin() && t.size())
{
// Nonce key is a class member to avoid the zeroizer on a temporary
CRYPTOPP_ASSERT(t.size() == m_nk.size());
std::memcpy(m_nk.begin(), t.begin(), m_nk.size());
m_cipher.ProcessBlock(m_nk.begin());
m_n[0] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, m_nk + 0);
m_n[1] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, m_nk + 4);
m_n[2] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, m_nk + 8);
m_n[3] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, m_nk + 12);
m_used = false;
}
Restart();
}
template <class T>
void Poly1305_Base<T>::Update(const byte *input, size_t length)
{
CRYPTOPP_ASSERT((input && length) || !length);
if (!length) return;
size_t rem, num = m_idx;
if (num)
{
rem = BLOCKSIZE - num;
if (length >= rem)
{
// Process
memcpy_s(m_acc + num, BLOCKSIZE - num, input, rem);
HashBlocks(m_acc, BLOCKSIZE, 1);
input += rem;
length -= rem;
}
else
{
// Accumulate
memcpy_s(m_acc + num, BLOCKSIZE - num, input, length);
m_idx = num + length;
return;
}
}
rem = length % BLOCKSIZE;
length -= rem;
if (length >= BLOCKSIZE) {
HashBlocks(input, length, 1);
input += length;
}
if (rem)
memcpy(m_acc, input, rem);
m_idx = rem;
}
template <class T>
void Poly1305_Base<T>::HashBlocks(const byte *input, size_t length, word32 padbit)
{
word32 r0, r1, r2, r3;
word32 s1, s2, s3;
word32 h0, h1, h2, h3, h4, c;
word64 d0, d1, d2, d3;
r0 = m_r[0]; r1 = m_r[1];
r2 = m_r[2]; r3 = m_r[3];
s1 = r1 + (r1 >> 2);
s2 = r2 + (r2 >> 2);
s3 = r3 + (r3 >> 2);
h0 = m_h[0]; h1 = m_h[1]; h2 = m_h[2];
h3 = m_h[3]; h4 = m_h[4];
while (length >= BLOCKSIZE)
{
// h += m[i]
h0 = (word32)(d0 = (word64)h0 + GetWord<word32>(false, LITTLE_ENDIAN_ORDER, input + 0));
h1 = (word32)(d1 = (word64)h1 + (d0 >> 32) + GetWord<word32>(false, LITTLE_ENDIAN_ORDER, input + 4));
h2 = (word32)(d2 = (word64)h2 + (d1 >> 32) + GetWord<word32>(false, LITTLE_ENDIAN_ORDER, input + 8));
h3 = (word32)(d3 = (word64)h3 + (d2 >> 32) + GetWord<word32>(false, LITTLE_ENDIAN_ORDER, input + 12));
h4 += (word32)(d3 >> 32) + padbit;
// h *= r "%" p
d0 = ((word64)h0 * r0) +
((word64)h1 * s3) +
((word64)h2 * s2) +
((word64)h3 * s1);
d1 = ((word64)h0 * r1) +
((word64)h1 * r0) +
((word64)h2 * s3) +
((word64)h3 * s2) +
(h4 * s1);
d2 = ((word64)h0 * r2) +
((word64)h1 * r1) +
((word64)h2 * r0) +
((word64)h3 * s3) +
(h4 * s2);
d3 = ((word64)h0 * r3) +
((word64)h1 * r2) +
((word64)h2 * r1) +
((word64)h3 * r0) +
(h4 * s3);
h4 = (h4 * r0);
// a) h4:h0 = h4<<128 + d3<<96 + d2<<64 + d1<<32 + d0
h0 = (word32)d0;
h1 = (word32)(d1 += d0 >> 32);
h2 = (word32)(d2 += d1 >> 32);
h3 = (word32)(d3 += d2 >> 32);
h4 += (word32)(d3 >> 32);
// b) (h4:h0 += (h4:h0>>130) * 5) %= 2^130
c = (h4 >> 2) + (h4 & ~3U);
h4 &= 3;
h0 += c;
h1 += (c = CONSTANT_TIME_CARRY(h0,c));
h2 += (c = CONSTANT_TIME_CARRY(h1,c));
h3 += (c = CONSTANT_TIME_CARRY(h2,c));
h4 += CONSTANT_TIME_CARRY(h3,c);
input += BLOCKSIZE;
length -= BLOCKSIZE;
}
m_h[0] = h0; m_h[1] = h1; m_h[2] = h2;
m_h[3] = h3; m_h[4] = h4;
}
template <class T>
void Poly1305_Base<T>::TruncatedFinal(byte *mac, size_t size)
{
CRYPTOPP_ASSERT(mac); // Pointer is valid
CRYPTOPP_ASSERT(!m_used); // Nonce is fresh
ThrowIfInvalidTruncatedSize(size);
size_t num = m_idx;
if (num)
{
m_acc[num++] = 1; /* pad bit */
while (num < BLOCKSIZE)
m_acc[num++] = 0;
HashBlocks(m_acc, BLOCKSIZE, 0);
}
HashFinal(mac, size);
// Restart
m_used = true;
Restart();
}
template <class T>
void Poly1305_Base<T>::HashFinal(byte *mac, size_t size)
{
word32 h0, h1, h2, h3, h4;
word32 g0, g1, g2, g3, g4;
word32 mask;
word64 t;
h0 = m_h[0];
h1 = m_h[1];
h2 = m_h[2];
h3 = m_h[3];
h4 = m_h[4];
// compare to modulus by computing h + -p
g0 = (word32)(t = (word64)h0 + 5);
g1 = (word32)(t = (word64)h1 + (t >> 32));
g2 = (word32)(t = (word64)h2 + (t >> 32));
g3 = (word32)(t = (word64)h3 + (t >> 32));
g4 = h4 + (word32)(t >> 32);
// if there was carry into 131st bit, h3:h0 = g3:g0
mask = 0 - (g4 >> 2);
g0 &= mask; g1 &= mask;
g2 &= mask; g3 &= mask;
mask = ~mask;
h0 = (h0 & mask) | g0; h1 = (h1 & mask) | g1;
h2 = (h2 & mask) | g2; h3 = (h3 & mask) | g3;
// mac = (h + nonce) % (2^128)
h0 = (word32)(t = (word64)h0 + m_n[0]);
h1 = (word32)(t = (word64)h1 + (t >> 32) + m_n[1]);
h2 = (word32)(t = (word64)h2 + (t >> 32) + m_n[2]);
h3 = (word32)(t = (word64)h3 + (t >> 32) + m_n[3]);
if (size >= BLOCKSIZE)
{
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, mac + 0, h0);
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, mac + 4, h1);
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, mac + 8, h2);
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, mac + 12, h3);
}
else
{
FixedSizeAlignedSecBlock<byte, BLOCKSIZE> m;
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, m + 0, h0);
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, m + 4, h1);
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, m + 8, h2);
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, m + 12, h3);
memcpy(mac, m, size);
}
}
template <class T>
void Poly1305_Base<T>::Resynchronize(const byte *nonce, int nonceLength)
{
CRYPTOPP_ASSERT(nonceLength == -1 || nonceLength == (int)BLOCKSIZE);
nonceLength == -1 ? nonceLength = BLOCKSIZE : nonceLength;
this->UncheckedSetKey(NULLPTR, 0, MakeParameters(Name::IV(), ConstByteArrayParameter(nonce, nonceLength)));
}
template <class T>
void Poly1305_Base<T>::GetNextIV(RandomNumberGenerator &rng, byte *iv)
{
rng.GenerateBlock(iv, BLOCKSIZE);
}
template <class T>
void Poly1305_Base<T>::Restart()
{
m_h[0] = m_h[1] = m_h[2] = m_h[3] = m_h[4] = 0;
// m_r[0] = m_r[1] = m_r[2] = m_r[3] = 0;
m_idx = 0;
}
template class Poly1305_Base<AES>;
template class Poly1305<AES>;
NAMESPACE_END
// poly1305.cpp - written and placed in the public domain by Jeffrey Walton and Jean-Pierre Munch
// Based on Andy Polyakov's Base-2^26 scalar multiplication implementation for OpenSSL.
#include "pch.h"
#include "cryptlib.h"
#include "aes.h"
#include "cpu.h"
#include "poly1305.h"
NAMESPACE_BEGIN(CryptoPP)
#define CONSTANT_TIME_CARRY(a,b) ((a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1))
template <class T>
void Poly1305_Base<T>::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
{
if (key && length)
{
// key is {k,r} pair, r is 16 bytes
length = SaturatingSubtract(length, (unsigned)BLOCKSIZE);
m_cipher.SetKey(key, length);
key += length;
// Rbar is clamped and little endian
m_r[0] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, key + 0) & 0x0fffffff;
m_r[1] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, key + 4) & 0x0ffffffc;
m_r[2] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, key + 8) & 0x0ffffffc;
m_r[3] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, key + 12) & 0x0ffffffc;
m_used = false;
}
ConstByteArrayParameter t;
if (params.GetValue(Name::IV(), t) && t.begin() && t.size())
{
// Nonce key is a class member to avoid the zeroizer on a temporary
CRYPTOPP_ASSERT(t.size() == m_nk.size());
std::memcpy(m_nk.begin(), t.begin(), m_nk.size());
m_cipher.ProcessBlock(m_nk.begin());
m_n[0] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, m_nk + 0);
m_n[1] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, m_nk + 4);
m_n[2] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, m_nk + 8);
m_n[3] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, m_nk + 12);
m_used = false;
}
Restart();
}
template <class T>
void Poly1305_Base<T>::Update(const byte *input, size_t length)
{
CRYPTOPP_ASSERT((input && length) || !length);
if (!length) return;
size_t rem, num = m_idx;
if (num)
{
rem = BLOCKSIZE - num;
if (length >= rem)
{
// Process
memcpy_s(m_acc + num, BLOCKSIZE - num, input, rem);
HashBlocks(m_acc, BLOCKSIZE, 1);
input += rem;
length -= rem;
}
else
{
// Accumulate
memcpy_s(m_acc + num, BLOCKSIZE - num, input, length);
m_idx = num + length;
return;
}
}
rem = length % BLOCKSIZE;
length -= rem;
if (length >= BLOCKSIZE) {
HashBlocks(input, length, 1);
input += length;
}
if (rem)
memcpy(m_acc, input, rem);
m_idx = rem;
}
template <class T>
void Poly1305_Base<T>::HashBlocks(const byte *input, size_t length, word32 padbit)
{
word32 r0, r1, r2, r3;
word32 s1, s2, s3;
word32 h0, h1, h2, h3, h4, c;
word64 d0, d1, d2, d3;
r0 = m_r[0]; r1 = m_r[1];
r2 = m_r[2]; r3 = m_r[3];
s1 = r1 + (r1 >> 2);
s2 = r2 + (r2 >> 2);
s3 = r3 + (r3 >> 2);
h0 = m_h[0]; h1 = m_h[1]; h2 = m_h[2];
h3 = m_h[3]; h4 = m_h[4];
while (length >= BLOCKSIZE)
{
// h += m[i]
h0 = (word32)(d0 = (word64)h0 + GetWord<word32>(false, LITTLE_ENDIAN_ORDER, input + 0));
h1 = (word32)(d1 = (word64)h1 + (d0 >> 32) + GetWord<word32>(false, LITTLE_ENDIAN_ORDER, input + 4));
h2 = (word32)(d2 = (word64)h2 + (d1 >> 32) + GetWord<word32>(false, LITTLE_ENDIAN_ORDER, input + 8));
h3 = (word32)(d3 = (word64)h3 + (d2 >> 32) + GetWord<word32>(false, LITTLE_ENDIAN_ORDER, input + 12));
h4 += (word32)(d3 >> 32) + padbit;
// h *= r "%" p
d0 = ((word64)h0 * r0) +
((word64)h1 * s3) +
((word64)h2 * s2) +
((word64)h3 * s1);
d1 = ((word64)h0 * r1) +
((word64)h1 * r0) +
((word64)h2 * s3) +
((word64)h3 * s2) +
(h4 * s1);
d2 = ((word64)h0 * r2) +
((word64)h1 * r1) +
((word64)h2 * r0) +
((word64)h3 * s3) +
(h4 * s2);
d3 = ((word64)h0 * r3) +
((word64)h1 * r2) +
((word64)h2 * r1) +
((word64)h3 * r0) +
(h4 * s3);
h4 = (h4 * r0);
// a) h4:h0 = h4<<128 + d3<<96 + d2<<64 + d1<<32 + d0
h0 = (word32)d0;
h1 = (word32)(d1 += d0 >> 32);
h2 = (word32)(d2 += d1 >> 32);
h3 = (word32)(d3 += d2 >> 32);
h4 += (word32)(d3 >> 32);
// b) (h4:h0 += (h4:h0>>130) * 5) %= 2^130
c = (h4 >> 2) + (h4 & ~3U);
h4 &= 3;
h0 += c;
h1 += (c = CONSTANT_TIME_CARRY(h0,c));
h2 += (c = CONSTANT_TIME_CARRY(h1,c));
h3 += (c = CONSTANT_TIME_CARRY(h2,c));
h4 += CONSTANT_TIME_CARRY(h3,c);
input += BLOCKSIZE;
length -= BLOCKSIZE;
}
m_h[0] = h0; m_h[1] = h1; m_h[2] = h2;
m_h[3] = h3; m_h[4] = h4;
}
template <class T>
void Poly1305_Base<T>::TruncatedFinal(byte *mac, size_t size)
{
CRYPTOPP_ASSERT(mac); // Pointer is valid
CRYPTOPP_ASSERT(!m_used); // Nonce is fresh
ThrowIfInvalidTruncatedSize(size);
size_t num = m_idx;
if (num)
{
m_acc[num++] = 1; /* pad bit */
while (num < BLOCKSIZE)
m_acc[num++] = 0;
HashBlocks(m_acc, BLOCKSIZE, 0);
}
HashFinal(mac, size);
// Restart
m_used = true;
Restart();
}
template <class T>
void Poly1305_Base<T>::HashFinal(byte *mac, size_t size)
{
word32 h0, h1, h2, h3, h4;
word32 g0, g1, g2, g3, g4;
word32 mask;
word64 t;
h0 = m_h[0];
h1 = m_h[1];
h2 = m_h[2];
h3 = m_h[3];
h4 = m_h[4];
// compare to modulus by computing h + -p
g0 = (word32)(t = (word64)h0 + 5);
g1 = (word32)(t = (word64)h1 + (t >> 32));
g2 = (word32)(t = (word64)h2 + (t >> 32));
g3 = (word32)(t = (word64)h3 + (t >> 32));
g4 = h4 + (word32)(t >> 32);
// if there was carry into 131st bit, h3:h0 = g3:g0
mask = 0 - (g4 >> 2);
g0 &= mask; g1 &= mask;
g2 &= mask; g3 &= mask;
mask = ~mask;
h0 = (h0 & mask) | g0; h1 = (h1 & mask) | g1;
h2 = (h2 & mask) | g2; h3 = (h3 & mask) | g3;
// mac = (h + nonce) % (2^128)
h0 = (word32)(t = (word64)h0 + m_n[0]);
h1 = (word32)(t = (word64)h1 + (t >> 32) + m_n[1]);
h2 = (word32)(t = (word64)h2 + (t >> 32) + m_n[2]);
h3 = (word32)(t = (word64)h3 + (t >> 32) + m_n[3]);
if (size >= BLOCKSIZE)
{
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, mac + 0, h0);
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, mac + 4, h1);
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, mac + 8, h2);
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, mac + 12, h3);
}
else
{
FixedSizeAlignedSecBlock<byte, BLOCKSIZE> m;
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, m + 0, h0);
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, m + 4, h1);
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, m + 8, h2);
PutWord<word32>(false, LITTLE_ENDIAN_ORDER, m + 12, h3);
memcpy(mac, m, size);
}
}
template <class T>
void Poly1305_Base<T>::Resynchronize(const byte *nonce, int nonceLength)
{
CRYPTOPP_ASSERT(nonceLength == -1 || nonceLength == (int)BLOCKSIZE);
nonceLength == -1 ? nonceLength = BLOCKSIZE : nonceLength;
this->UncheckedSetKey(NULLPTR, 0, MakeParameters(Name::IV(), ConstByteArrayParameter(nonce, nonceLength)));
}
template <class T>
void Poly1305_Base<T>::GetNextIV(RandomNumberGenerator &rng, byte *iv)
{
rng.GenerateBlock(iv, BLOCKSIZE);
}
template <class T>
void Poly1305_Base<T>::Restart()
{
m_h[0] = m_h[1] = m_h[2] = m_h[3] = m_h[4] = 0;
// m_r[0] = m_r[1] = m_r[2] = m_r[3] = 0;
m_idx = 0;
}
template class Poly1305_Base<AES>;
template class Poly1305<AES>;
NAMESPACE_END

334
Common/3dParty/cryptopp/poly1305.h
View File

@ -1,167 +1,167 @@
// poly1305.h - written and placed in the public domain by Jeffrey Walton and Jean-Pierre Munch
// Based on Andy Polyakov's Base-2^26 scalar multiplication implementation for OpenSSL.
/// \file poly1305.h
/// \brief Classes for Poly1305 message authentication code
/// \details Poly1305-AES is a state-of-the-art message-authentication code suitable for a wide
/// variety of applications. Poly1305-AES computes a 16-byte authenticator of a variable-length
/// message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce.
/// \details Each message must use a unique security context, which means either the key or nonce
/// must be changed after each message. It can be accomplished in one of two ways. First, you
/// can create a new Poly1305 object with a key and nonce each time its needed.
/// <pre> SecByteBlock key(32), nonce(16);
/// prng.GenerateBlock(key, key.size());
/// prng.GenerateBlock(nonce, nonce.size());
///
/// Poly1305<AES> poly1305(key, key.size(), nonce, nonce.size());
/// poly1305.Update(...);
/// poly1305.Final(...);</pre>
///
/// \details Second, you can create a Poly1305 object, reuse the key, and set a fresh nonce
/// for each message. The second and subsequent nonces can be generated directly using a
/// RandomNumberGenerator() derived class; or it can be generated using GetNextIV().
/// <pre> SecByteBlock key(32), nonce(16);
/// prng.GenerateBlock(key, key.size());
/// prng.GenerateBlock(nonce, nonce.size());
///
/// // First message
/// Poly1305<AES> poly1305(key, key.size());
/// poly1305.Resynchronize(nonce);
/// poly1305.Update(...);
/// poly1305.Final(...);
///
/// // Second message
/// poly1305.GetNextIV(prng, nonce);
/// poly1305.Resynchronize(nonce);
/// poly1305.Update(...);
/// poly1305.Final(...);
/// ...</pre>
/// \sa Daniel J. Bernstein <A HREF="http://cr.yp.to/mac/poly1305-20050329.pdf">The Poly1305-AES
/// Message-Authentication Code (20050329)</A> and Andy Polyakov <A
/// HREF="http://www.openssl.org/blog/blog/2016/02/15/poly1305-revised/">Poly1305 Revised</A>
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_POLY1305_H
#define CRYPTOPP_POLY1305_H
#include "cryptlib.h"
#include "seckey.h"
#include "secblock.h"
#include "argnames.h"
#include "algparam.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief Poly1305 message authentication code base class
/// \tparam T class derived from BlockCipherDocumentation with 16-byte key and 16-byte blocksize
/// \since Crypto++ 6.0
template <class T>
class CRYPTOPP_NO_VTABLE Poly1305_Base : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 16>, public MessageAuthenticationCode
{
CRYPTOPP_COMPILE_ASSERT(T::DEFAULT_KEYLENGTH == 16);
CRYPTOPP_COMPILE_ASSERT(T::BLOCKSIZE == 16);
public:
static std::string StaticAlgorithmName() {return std::string("Poly1305(") + T::StaticAlgorithmName() + ")";}
CRYPTOPP_CONSTANT(DIGESTSIZE=T::BLOCKSIZE)
CRYPTOPP_CONSTANT(BLOCKSIZE=T::BLOCKSIZE)
Poly1305_Base() : m_idx(0), m_used(true) {}
void Resynchronize (const byte *iv, int ivLength=-1);
void GetNextIV (RandomNumberGenerator &rng, byte *iv);
void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params);
void Update(const byte *input, size_t length);
void TruncatedFinal(byte *mac, size_t size);
void Restart();
unsigned int BlockSize() const {return BLOCKSIZE;}
unsigned int DigestSize() const {return DIGESTSIZE;}
protected:
void HashBlocks(const byte *input, size_t length, word32 padbit);
void HashFinal(byte *mac, size_t length);
typename T::Encryption m_cipher;
// Accumulated hash, clamped r-key, and encrypted nonce
FixedSizeAlignedSecBlock<word32, 5> m_h;
FixedSizeAlignedSecBlock<word32, 4> m_r;
FixedSizeAlignedSecBlock<word32, 4> m_n;
// Accumulated message bytes and index
FixedSizeAlignedSecBlock<byte, BLOCKSIZE> m_acc, m_nk;
size_t m_idx;
// Track nonce reuse; assert in debug but continue
bool m_used;
};
/// \brief Poly1305 message authentication code
/// \tparam T class derived from BlockCipherDocumentation with 16-byte key and 16-byte blocksize
/// \details Poly1305-AES is a state-of-the-art message-authentication code suitable for a wide
/// variety of applications. Poly1305-AES computes a 16-byte authenticator of a variable-length
/// message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce.
/// \details Each message must use a unique security context, which means either the key or nonce
/// must be changed after each message. It can be accomplished in one of two ways. First, you
/// can create a new Poly1305 object with a key and nonce each time its needed.
/// <pre> SecByteBlock key(32), nonce(16);
/// prng.GenerateBlock(key, key.size());
/// prng.GenerateBlock(nonce, nonce.size());
///
/// Poly1305<AES> poly1305(key, key.size(), nonce, nonce.size());
/// poly1305.Update(...);
/// poly1305.Final(...);</pre>
///
/// \details Second, you can create a Poly1305 object, reuse the key, and set a fresh nonce
/// for each message. The second and subsequent nonces can be generated directly using a
/// RandomNumberGenerator() derived class; or it can be generated using GetNextIV().
/// <pre> SecByteBlock key(32), nonce(16);
/// prng.GenerateBlock(key, key.size());
/// prng.GenerateBlock(nonce, nonce.size());
///
/// // First message
/// Poly1305<AES> poly1305(key, key.size());
/// poly1305.Resynchronize(nonce);
/// poly1305.Update(...);
/// poly1305.Final(...);
///
/// // Second message
/// poly1305.GetNextIV(prng, nonce);
/// poly1305.Resynchronize(nonce);
/// poly1305.Update(...);
/// poly1305.Final(...);
/// ...</pre>
/// \warning The Poly1305 class does not enforce a fresh nonce for each message. The source code
/// will assert in debug builds to alert of nonce reuse. No action is taken in release builds.
/// \sa Daniel J. Bernstein <A HREF="http://cr.yp.to/mac/poly1305-20050329.pdf">The Poly1305-AES
/// Message-Authentication Code (20050329)</A> and Andy Polyakov <A
/// HREF="http://www.openssl.org/blog/blog/2016/02/15/poly1305-revised/">Poly1305 Revised</A>
/// \since Crypto++ 6.0
template <class T>
class Poly1305 : public MessageAuthenticationCodeFinal<Poly1305_Base<T> >
{
public:
CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=Poly1305_Base<T>::DEFAULT_KEYLENGTH)
/// \brief Construct a Poly1305
Poly1305() {}
/// \brief Construct a Poly1305
/// \param key a byte array used to key the cipher
/// \param keyLength the size of the byte array, in bytes
/// \param nonce a byte array used to key the cipher
/// \param nonceLength the size of the byte array, in bytes
/// \details key is the 32-byte key composed of the 16-byte AES key and the 16 additional key
/// bytes used for <tt>r</tt>.
/// \details Each message requires a unique security context. You can use GetNextIV() and
/// Resynchronize() to set a new nonce under a key for a message.
Poly1305(const byte *key, size_t keyLength=DEFAULT_KEYLENGTH, const byte *nonce=NULLPTR, size_t nonceLength=0)
{this->SetKey(key, keyLength, MakeParameters(Name::IV(), ConstByteArrayParameter(nonce, nonceLength)));}
};
NAMESPACE_END
#endif // CRYPTOPP_POLY1305_H
// poly1305.h - written and placed in the public domain by Jeffrey Walton and Jean-Pierre Munch
// Based on Andy Polyakov's Base-2^26 scalar multiplication implementation for OpenSSL.
/// \file poly1305.h
/// \brief Classes for Poly1305 message authentication code
/// \details Poly1305-AES is a state-of-the-art message-authentication code suitable for a wide
/// variety of applications. Poly1305-AES computes a 16-byte authenticator of a variable-length
/// message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce.
/// \details Each message must use a unique security context, which means either the key or nonce
/// must be changed after each message. It can be accomplished in one of two ways. First, you
/// can create a new Poly1305 object with a key and nonce each time its needed.
/// <pre> SecByteBlock key(32), nonce(16);
/// prng.GenerateBlock(key, key.size());
/// prng.GenerateBlock(nonce, nonce.size());
///
/// Poly1305<AES> poly1305(key, key.size(), nonce, nonce.size());
/// poly1305.Update(...);
/// poly1305.Final(...);</pre>
///
/// \details Second, you can create a Poly1305 object, reuse the key, and set a fresh nonce
/// for each message. The second and subsequent nonces can be generated directly using a
/// RandomNumberGenerator() derived class; or it can be generated using GetNextIV().
/// <pre> SecByteBlock key(32), nonce(16);
/// prng.GenerateBlock(key, key.size());
/// prng.GenerateBlock(nonce, nonce.size());
///
/// // First message
/// Poly1305<AES> poly1305(key, key.size());
/// poly1305.Resynchronize(nonce);
/// poly1305.Update(...);
/// poly1305.Final(...);
///
/// // Second message
/// poly1305.GetNextIV(prng, nonce);
/// poly1305.Resynchronize(nonce);
/// poly1305.Update(...);
/// poly1305.Final(...);
/// ...</pre>
/// \sa Daniel J. Bernstein <A HREF="http://cr.yp.to/mac/poly1305-20050329.pdf">The Poly1305-AES
/// Message-Authentication Code (20050329)</A> and Andy Polyakov <A
/// HREF="http://www.openssl.org/blog/blog/2016/02/15/poly1305-revised/">Poly1305 Revised</A>
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_POLY1305_H
#define CRYPTOPP_POLY1305_H
#include "cryptlib.h"
#include "seckey.h"
#include "secblock.h"
#include "argnames.h"
#include "algparam.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief Poly1305 message authentication code base class
/// \tparam T class derived from BlockCipherDocumentation with 16-byte key and 16-byte blocksize
/// \since Crypto++ 6.0
template <class T>
class CRYPTOPP_NO_VTABLE Poly1305_Base : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 16>, public MessageAuthenticationCode
{
CRYPTOPP_COMPILE_ASSERT(T::DEFAULT_KEYLENGTH == 16);
CRYPTOPP_COMPILE_ASSERT(T::BLOCKSIZE == 16);
public:
static std::string StaticAlgorithmName() {return std::string("Poly1305(") + T::StaticAlgorithmName() + ")";}
CRYPTOPP_CONSTANT(DIGESTSIZE=T::BLOCKSIZE)
CRYPTOPP_CONSTANT(BLOCKSIZE=T::BLOCKSIZE)
Poly1305_Base() : m_idx(0), m_used(true) {}
void Resynchronize (const byte *iv, int ivLength=-1);
void GetNextIV (RandomNumberGenerator &rng, byte *iv);
void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params);
void Update(const byte *input, size_t length);
void TruncatedFinal(byte *mac, size_t size);
void Restart();
unsigned int BlockSize() const {return BLOCKSIZE;}
unsigned int DigestSize() const {return DIGESTSIZE;}
protected:
void HashBlocks(const byte *input, size_t length, word32 padbit);
void HashFinal(byte *mac, size_t length);
typename T::Encryption m_cipher;
// Accumulated hash, clamped r-key, and encrypted nonce
FixedSizeAlignedSecBlock<word32, 5> m_h;
FixedSizeAlignedSecBlock<word32, 4> m_r;
FixedSizeAlignedSecBlock<word32, 4> m_n;
// Accumulated message bytes and index
FixedSizeAlignedSecBlock<byte, BLOCKSIZE> m_acc, m_nk;
size_t m_idx;
// Track nonce reuse; assert in debug but continue
bool m_used;
};
/// \brief Poly1305 message authentication code
/// \tparam T class derived from BlockCipherDocumentation with 16-byte key and 16-byte blocksize
/// \details Poly1305-AES is a state-of-the-art message-authentication code suitable for a wide
/// variety of applications. Poly1305-AES computes a 16-byte authenticator of a variable-length
/// message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce.
/// \details Each message must use a unique security context, which means either the key or nonce
/// must be changed after each message. It can be accomplished in one of two ways. First, you
/// can create a new Poly1305 object with a key and nonce each time its needed.
/// <pre> SecByteBlock key(32), nonce(16);
/// prng.GenerateBlock(key, key.size());
/// prng.GenerateBlock(nonce, nonce.size());
///
/// Poly1305<AES> poly1305(key, key.size(), nonce, nonce.size());
/// poly1305.Update(...);
/// poly1305.Final(...);</pre>
///
/// \details Second, you can create a Poly1305 object, reuse the key, and set a fresh nonce
/// for each message. The second and subsequent nonces can be generated directly using a
/// RandomNumberGenerator() derived class; or it can be generated using GetNextIV().
/// <pre> SecByteBlock key(32), nonce(16);
/// prng.GenerateBlock(key, key.size());
/// prng.GenerateBlock(nonce, nonce.size());
///
/// // First message
/// Poly1305<AES> poly1305(key, key.size());
/// poly1305.Resynchronize(nonce);
/// poly1305.Update(...);
/// poly1305.Final(...);
///
/// // Second message
/// poly1305.GetNextIV(prng, nonce);
/// poly1305.Resynchronize(nonce);
/// poly1305.Update(...);
/// poly1305.Final(...);
/// ...</pre>
/// \warning The Poly1305 class does not enforce a fresh nonce for each message. The source code
/// will assert in debug builds to alert of nonce reuse. No action is taken in release builds.
/// \sa Daniel J. Bernstein <A HREF="http://cr.yp.to/mac/poly1305-20050329.pdf">The Poly1305-AES
/// Message-Authentication Code (20050329)</A> and Andy Polyakov <A
/// HREF="http://www.openssl.org/blog/blog/2016/02/15/poly1305-revised/">Poly1305 Revised</A>
/// \since Crypto++ 6.0
template <class T>
class Poly1305 : public MessageAuthenticationCodeFinal<Poly1305_Base<T> >
{
public:
CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=Poly1305_Base<T>::DEFAULT_KEYLENGTH)
/// \brief Construct a Poly1305
Poly1305() {}
/// \brief Construct a Poly1305
/// \param key a byte array used to key the cipher
/// \param keyLength the size of the byte array, in bytes
/// \param nonce a byte array used to key the cipher
/// \param nonceLength the size of the byte array, in bytes
/// \details key is the 32-byte key composed of the 16-byte AES key and the 16 additional key
/// bytes used for <tt>r</tt>.
/// \details Each message requires a unique security context. You can use GetNextIV() and
/// Resynchronize() to set a new nonce under a key for a message.
Poly1305(const byte *key, size_t keyLength=DEFAULT_KEYLENGTH, const byte *nonce=NULLPTR, size_t nonceLength=0)
{this->SetKey(key, keyLength, MakeParameters(Name::IV(), ConstByteArrayParameter(nonce, nonceLength)));}
};
NAMESPACE_END
#endif // CRYPTOPP_POLY1305_H

628
Common/3dParty/cryptopp/ppc-simd.cpp
View File

@ -1,314 +1,314 @@
// ppc-simd.cpp - written and placed in the public domain by
// Jeffrey Walton, Uri Blumenthal and Marcel Raad.
//
// This source file uses intrinsics to gain access to AltiVec,
// Power8 and in-core crypto instructions. A separate source file
// is needed because additional CXXFLAGS are required to enable the
// appropriate instructions sets in some build configurations.
// TODO: we still need to implement Power8 SHA. Once we have Power8 SHA,
// we should be able to use CRYPTOPP_POWER8_AES_AVAILABLE and
// CRYPTOPP_POWER8_SHA_AVAILABLE instead of the broader
// CRYPTOPP_POWER8_AVAILABLE. The change will need to be coordinated
// with the defines in config.h.
// TODO: Bob Wilkinson reported we are misdetecting CRYPTOPP_POWER8_AVAILABLE.
// The problem is, the updated compiler supports them but the down-level
// assembler and linker do not. We will probably need to fix it through
// the makefile, similar to the way x86 AES and SHA are handled. For the time
// being CRYPTOPP_DISABLE_POWER8 will have to be applied manually. Another
// twist is, we don't have access to a test machine and it must be fixed
// for two compilers (IBM XL C/C++ and GCC). Ugh...
#include "pch.h"
#include "config.h"
#include "stdcpp.h"
#if defined(CRYPTOPP_ALTIVEC_AVAILABLE)
# include "ppc-simd.h"
#endif
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
# include <signal.h>
# include <setjmp.h>
#endif
#ifndef EXCEPTION_EXECUTE_HANDLER
# define EXCEPTION_EXECUTE_HANDLER 1
#endif
NAMESPACE_BEGIN(CryptoPP)
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
extern "C" {
typedef void (*SigHandler)(int);
static jmp_buf s_jmpSIGILL;
static void SigIllHandler(int)
{
longjmp(s_jmpSIGILL, 1);
}
}
#endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64)
bool CPU_ProbeAltivec()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_ALTIVEC_AVAILABLE)
# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile int result = true;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
const byte b1[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
const byte b2[16] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1};
byte b3[16];
const uint8x16_p v1 = (uint8x16_p)VectorLoad(0, b1);
const uint8x16_p v2 = (uint8x16_p)VectorLoad(0, b2);
const uint8x16_p v3 = (uint8x16_p)VectorXor(v1, v2);
VectorStore(v3, b3);
result = (0 == std::memcmp(b2, b3, 16));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_ALTIVEC_AVAILABLE
}
bool CPU_ProbePower7()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_POWER7_AVAILABLE)
# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile int result = false;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
byte b1[19] = {255, 255, 255, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}, b2[17];
const uint8x16_p v1 = (uint8x16_p)VectorLoad(0, b1+3);
VectorStore(v1, b2+1);
result = (0 == std::memcmp(b1+3, b2+1, 16));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_POWER7_AVAILABLE
}
bool CPU_ProbePower8()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_POWER8_AVAILABLE)
# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile int result = true;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
byte b1[19] = {255, 255, 255, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}, b2[17];
const uint8x16_p v1 = (uint8x16_p)VectorLoad(0, b1+3);
VectorStore(v1, b2+1);
result = (0 == std::memcmp(b1+3, b2+1, 16));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_POWER8_AVAILABLE
}
bool CPU_ProbeAES()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_POWER8_AVAILABLE)
# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile int result = true;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
byte key[16] = {0xA0, 0xFA, 0xFE, 0x17, 0x88, 0x54, 0x2c, 0xb1,
0x23, 0xa3, 0x39, 0x39, 0x2a, 0x6c, 0x76, 0x05};
byte state[16] = {0x19, 0x3d, 0xe3, 0xb3, 0xa0, 0xf4, 0xe2, 0x2b,
0x9a, 0xc6, 0x8d, 0x2a, 0xe9, 0xf8, 0x48, 0x08};
byte r[16] = {255}, z[16] = {};
uint8x16_p k = (uint8x16_p)VectorLoad(0, key);
uint8x16_p s = (uint8x16_p)VectorLoad(0, state);
s = VectorEncrypt(s, k);
s = VectorEncryptLast(s, k);
s = VectorDecrypt(s, k);
s = VectorDecryptLast(s, k);
VectorStore(s, r);
result = (0 != std::memcmp(r, z, 16));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_ALTIVEC_AVAILABLE
}
bool CPU_ProbeSHA256()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_POWER8_AVAILABLE)
# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile int result = false;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
byte r[16], z[16] = {0};
uint8x16_p x = ((uint8x16_p){0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0});
x = VectorSHA256<0,0>(x);
x = VectorSHA256<0,1>(x);
x = VectorSHA256<1,0>(x);
x = VectorSHA256<1,1>(x);
VectorStore(x, r);
result = (0 == std::memcmp(r, z, 16));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_ALTIVEC_AVAILABLE
}
bool CPU_ProbeSHA512()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_POWER8_AVAILABLE)
# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile int result = false;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
byte r[16], z[16] = {0};
uint8x16_p x = ((uint8x16_p){0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0});
x = VectorSHA512<0,0>(x);
x = VectorSHA512<0,1>(x);
x = VectorSHA512<1,0>(x);
x = VectorSHA512<1,1>(x);
VectorStore(x, r);
result = (0 == std::memcmp(r, z, 16));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_POWER8_AVAILABLE
}
# endif // CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64
NAMESPACE_END
// ppc-simd.cpp - written and placed in the public domain by
// Jeffrey Walton, Uri Blumenthal and Marcel Raad.
//
// This source file uses intrinsics to gain access to AltiVec,
// Power8 and in-core crypto instructions. A separate source file
// is needed because additional CXXFLAGS are required to enable the
// appropriate instructions sets in some build configurations.
// TODO: we still need to implement Power8 SHA. Once we have Power8 SHA,
// we should be able to use CRYPTOPP_POWER8_AES_AVAILABLE and
// CRYPTOPP_POWER8_SHA_AVAILABLE instead of the broader
// CRYPTOPP_POWER8_AVAILABLE. The change will need to be coordinated
// with the defines in config.h.
// TODO: Bob Wilkinson reported we are misdetecting CRYPTOPP_POWER8_AVAILABLE.
// The problem is, the updated compiler supports them but the down-level
// assembler and linker do not. We will probably need to fix it through
// the makefile, similar to the way x86 AES and SHA are handled. For the time
// being CRYPTOPP_DISABLE_POWER8 will have to be applied manually. Another
// twist is, we don't have access to a test machine and it must be fixed
// for two compilers (IBM XL C/C++ and GCC). Ugh...
#include "pch.h"
#include "config.h"
#include "stdcpp.h"
#if defined(CRYPTOPP_ALTIVEC_AVAILABLE)
# include "ppc-simd.h"
#endif
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
# include <signal.h>
# include <setjmp.h>
#endif
#ifndef EXCEPTION_EXECUTE_HANDLER
# define EXCEPTION_EXECUTE_HANDLER 1
#endif
NAMESPACE_BEGIN(CryptoPP)
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
extern "C" {
typedef void (*SigHandler)(int);
static jmp_buf s_jmpSIGILL;
static void SigIllHandler(int)
{
longjmp(s_jmpSIGILL, 1);
}
}
#endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64)
bool CPU_ProbeAltivec()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_ALTIVEC_AVAILABLE)
# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile int result = true;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
const byte b1[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
const byte b2[16] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1};
byte b3[16];
const uint8x16_p v1 = (uint8x16_p)VectorLoad(0, b1);
const uint8x16_p v2 = (uint8x16_p)VectorLoad(0, b2);
const uint8x16_p v3 = (uint8x16_p)VectorXor(v1, v2);
VectorStore(v3, b3);
result = (0 == std::memcmp(b2, b3, 16));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_ALTIVEC_AVAILABLE
}
bool CPU_ProbePower7()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_POWER7_AVAILABLE)
# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile int result = false;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
byte b1[19] = {255, 255, 255, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}, b2[17];
const uint8x16_p v1 = (uint8x16_p)VectorLoad(0, b1+3);
VectorStore(v1, b2+1);
result = (0 == std::memcmp(b1+3, b2+1, 16));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_POWER7_AVAILABLE
}
bool CPU_ProbePower8()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_POWER8_AVAILABLE)
# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile int result = true;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
byte b1[19] = {255, 255, 255, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}, b2[17];
const uint8x16_p v1 = (uint8x16_p)VectorLoad(0, b1+3);
VectorStore(v1, b2+1);
result = (0 == std::memcmp(b1+3, b2+1, 16));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_POWER8_AVAILABLE
}
bool CPU_ProbeAES()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_POWER8_AVAILABLE)
# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile int result = true;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
byte key[16] = {0xA0, 0xFA, 0xFE, 0x17, 0x88, 0x54, 0x2c, 0xb1,
0x23, 0xa3, 0x39, 0x39, 0x2a, 0x6c, 0x76, 0x05};
byte state[16] = {0x19, 0x3d, 0xe3, 0xb3, 0xa0, 0xf4, 0xe2, 0x2b,
0x9a, 0xc6, 0x8d, 0x2a, 0xe9, 0xf8, 0x48, 0x08};
byte r[16] = {255}, z[16] = {};
uint8x16_p k = (uint8x16_p)VectorLoad(0, key);
uint8x16_p s = (uint8x16_p)VectorLoad(0, state);
s = VectorEncrypt(s, k);
s = VectorEncryptLast(s, k);
s = VectorDecrypt(s, k);
s = VectorDecryptLast(s, k);
VectorStore(s, r);
result = (0 != std::memcmp(r, z, 16));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_ALTIVEC_AVAILABLE
}
bool CPU_ProbeSHA256()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_POWER8_AVAILABLE)
# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile int result = false;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
byte r[16], z[16] = {0};
uint8x16_p x = ((uint8x16_p){0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0});
x = VectorSHA256<0,0>(x);
x = VectorSHA256<0,1>(x);
x = VectorSHA256<1,0>(x);
x = VectorSHA256<1,1>(x);
VectorStore(x, r);
result = (0 == std::memcmp(r, z, 16));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_ALTIVEC_AVAILABLE
}
bool CPU_ProbeSHA512()
{
#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif (CRYPTOPP_POWER8_AVAILABLE)
# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY)
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile int result = false;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
if (oldHandler == SIG_ERR)
return false;
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
if (setjmp(s_jmpSIGILL))
result = false;
else
{
byte r[16], z[16] = {0};
uint8x16_p x = ((uint8x16_p){0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0});
x = VectorSHA512<0,0>(x);
x = VectorSHA512<0,1>(x);
x = VectorSHA512<1,0>(x);
x = VectorSHA512<1,1>(x);
VectorStore(x, r);
result = (0 == std::memcmp(r, z, 16));
}
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
signal(SIGILL, oldHandler);
return result;
# endif
#else
return false;
#endif // CRYPTOPP_POWER8_AVAILABLE
}
# endif // CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64
NAMESPACE_END

1106
Common/3dParty/cryptopp/ppc-simd.h
View File

File diff suppressed because it is too large Load Diff

82
Common/3dParty/cryptopp/project/cryptopp.pro
View File

@ -11,6 +11,9 @@ PWD_ROOT_DIR = $$PWD
include(../../../../Common/base.pri)
core_linux {
DEFINES -= NDEBUG
}
core_mac {
DEFINES -= MAC
}
@ -46,7 +49,6 @@ HEADERS += \
../config.h \
../cpu.h \
../crc.h \
../cryptlib.h \
../default.h \
../des.h \
../dh.h \
@ -184,21 +186,30 @@ HEADERS += \
../drbg.h \
../chacha.h \
../aria.h \
../adv-simd.h
../adv-simd.h \
../cryptlib.h
# List cryptlib.cpp first, then cpu.cpp, then integer.cpp to tame C++ static initialization problems.
SOURCES += \
../cryptlib.cpp \
../cpu.cpp \
../integer.cpp \
../3way.cpp \
../adler32.cpp \
../adler32.cpp \
../algebra.cpp \
../algparam.cpp \
../arc4.cpp \
../aria-simd.cpp \
../aria.cpp \
../ariatab.cpp \
../asn.cpp \
../authenc.cpp \
../base32.cpp \
../base64.cpp \
../basecode.cpp \
../bench2.cpp \
../bfinit.cpp \
../blake2-simd.cpp \
../blake2.cpp \
../blowfish.cpp \
../blumshub.cpp \
../camellia.cpp \
@ -206,16 +217,17 @@ SOURCES += \
../casts.cpp \
../cbcmac.cpp \
../ccm.cpp \
../chacha.cpp \
../channels.cpp \
../cmac.cpp \
../crc-simd.cpp \
../crc.cpp \
../cryptlib.cpp \
../datatest.cpp \
../default.cpp \
../des.cpp \
../dessp.cpp \
../dh.cpp \
../dh2.cpp \
../dll.cpp \
../dsa.cpp \
../eax.cpp \
../ec2n.cpp \
@ -228,12 +240,12 @@ SOURCES += \
../files.cpp \
../filters.cpp \
../fips140.cpp \
../fipsalgt.cpp \
../fipstest.cpp \
../gcm-simd.cpp \
../gcm.cpp \
../gf256.cpp \
../gf2_32.cpp \
../gf2n.cpp \
../gf256.cpp \
../gfpcrypt.cpp \
../gost.cpp \
../gzip.cpp \
@ -242,8 +254,10 @@ SOURCES += \
../hrtimer.cpp \
../ida.cpp \
../idea.cpp \
../integer.cpp \
../iterhash.cpp \
../kalyna.cpp \
../kalynatab.cpp \
../keccak.cpp \
../luc.cpp \
../mars.cpp \
../marss.cpp \
@ -255,12 +269,13 @@ SOURCES += \
../mqueue.cpp \
../mqv.cpp \
../nbtheory.cpp \
../neon-simd.cpp \
../network.cpp \
../oaep.cpp \
../osrng.cpp \
../panama.cpp \
../pch.cpp \
../pkcspad.cpp \
../poly1305.cpp \
../polynomi.cpp \
../pssr.cpp \
../pubkey.cpp \
@ -282,71 +297,34 @@ SOURCES += \
../seal.cpp \
../seed.cpp \
../serpent.cpp \
../sha-simd.cpp \
../sha.cpp \
../sha3.cpp \
../shacal2-simd.cpp \
../shacal2.cpp \
../shark.cpp \
../sharkbox.cpp \
../simple.cpp \
../skipjack.cpp \
../socketft.cpp \
../sosemanuk.cpp \
../square.cpp \
../squaretb.cpp \
../sse-simd.cpp \
../strciphr.cpp \
../tea.cpp \
../test.cpp \
../tftables.cpp \
../threefish.cpp \
../tiger.cpp \
../tigertab.cpp \
../trdlocal.cpp \
../ttmac.cpp \
../twofish.cpp \
../validat1.cpp \
../validat2.cpp \
../validat3.cpp \
../vmac.cpp \
../wait.cpp \
../wake.cpp \
../whrlpool.cpp \
../winpipes.cpp \
../xtr.cpp \
../xtrcrypt.cpp \
../zdeflate.cpp \
../zinflate.cpp \
../zlib.cpp \
../cpu.cpp \
../validat4.cpp \
../validat0.cpp \
../tweetnacl.cpp \
../threefish.cpp \
../sse-simd.cpp \
../speck-simd.cpp \
../speck.cpp \
../sm4.cpp \
../sm3.cpp \
../simon-simd.cpp \
../simon.cpp \
../shacal2-simd.cpp \
../sha-simd.cpp \
../scrypt.cpp \
../rijndael-simd.cpp \
../regtest3.cpp \
../regtest2.cpp \
../regtest1.cpp \
../ppc-simd.cpp \
../poly1305.cpp \
../padlkrng.cpp \
../neon-simd.cpp \
../keccak.cpp \
../kalynatab.cpp \
../kalyna.cpp \
../gcm-simd.cpp \
../crc-simd.cpp \
../chacha.cpp \
../blake2-simd.cpp \
../blake2.cpp \
../bench1.cpp \
../ariatab.cpp \
../aria-simd.cpp \
../aria.cpp
../zlib.cpp

262
Common/3dParty/cryptopp/regtest1.cpp
View File

@ -1,131 +1,131 @@
// regtest1.cpp - originally written and placed in the public domain by Wei Dai
// regtest.cpp split into 3 files due to OOM kills by JW in April 2017
#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
#include "cryptlib.h"
#include "factory.h"
#include "bench.h"
#include "cpu.h"
#include "crc.h"
#include "adler32.h"
#include "md2.h"
#include "md5.h"
#include "keccak.h"
#include "sha3.h"
#include "blake2.h"
#include "sha.h"
#include "sha3.h"
#include "sm3.h"
#include "tiger.h"
#include "ripemd.h"
#include "panama.h"
#include "whrlpool.h"
#include "osrng.h"
#include "drbg.h"
#include "mersenne.h"
#include "rdrand.h"
#include "padlkrng.h"
#include "modes.h"
#include "aes.h"
// Aggressive stack checking with VS2005 SP1 and above.
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
USING_NAMESPACE(CryptoPP)
// Unkeyed ciphers
void RegisterFactories1();
// Shared key ciphers
void RegisterFactories2();
// Public key ciphers
void RegisterFactories3();
void RegisterFactories(Test::TestClass suites)
{
static bool s_registered = false;
if (s_registered)
return;
if ((suites & Test::Unkeyed) == Test::Unkeyed)
RegisterFactories1();
if ((suites & Test::SharedKeyMAC) == Test::SharedKeyMAC ||
(suites & Test::SharedKeyStream) == Test::SharedKeyStream ||
(suites & Test::SharedKeyBlock) == Test::SharedKeyBlock)
RegisterFactories2();
if ((suites & Test::PublicKey) == Test::PublicKey)
RegisterFactories3();
s_registered = true;
}
// Unkeyed ciphers
void RegisterFactories1()
{
RegisterDefaultFactoryFor<HashTransformation, CRC32>();
RegisterDefaultFactoryFor<HashTransformation, CRC32C>();
RegisterDefaultFactoryFor<HashTransformation, Adler32>();
RegisterDefaultFactoryFor<HashTransformation, Weak::MD5>();
RegisterDefaultFactoryFor<HashTransformation, SHA1>();
RegisterDefaultFactoryFor<HashTransformation, SHA224>();
RegisterDefaultFactoryFor<HashTransformation, SHA256>();
RegisterDefaultFactoryFor<HashTransformation, SHA384>();
RegisterDefaultFactoryFor<HashTransformation, SHA512>();
RegisterDefaultFactoryFor<HashTransformation, Whirlpool>();
RegisterDefaultFactoryFor<HashTransformation, Tiger>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD160>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD320>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD128>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD256>();
RegisterDefaultFactoryFor<HashTransformation, Weak::PanamaHash<LittleEndian> >();
RegisterDefaultFactoryFor<HashTransformation, Weak::PanamaHash<BigEndian> >();
RegisterDefaultFactoryFor<HashTransformation, Keccak_224>();
RegisterDefaultFactoryFor<HashTransformation, Keccak_256>();
RegisterDefaultFactoryFor<HashTransformation, Keccak_384>();
RegisterDefaultFactoryFor<HashTransformation, Keccak_512>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_224>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_256>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_384>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_512>();
RegisterDefaultFactoryFor<HashTransformation, SM3>();
RegisterDefaultFactoryFor<HashTransformation, BLAKE2s>();
RegisterDefaultFactoryFor<HashTransformation, BLAKE2b>();
#ifdef BLOCKING_RNG_AVAILABLE
RegisterDefaultFactoryFor<RandomNumberGenerator, BlockingRng>();
#endif
#ifdef NONBLOCKING_RNG_AVAILABLE
RegisterDefaultFactoryFor<RandomNumberGenerator, NonblockingRng>();
#endif
#ifdef OS_RNG_AVAILABLE
RegisterDefaultFactoryFor<RandomNumberGenerator, AutoSeededRandomPool>();
RegisterDefaultFactoryFor<RandomNumberGenerator, AutoSeededX917RNG<AES> >();
#endif
RegisterDefaultFactoryFor<RandomNumberGenerator, MT19937>();
#if (CRYPTOPP_BOOL_X86)
if (HasPadlockRNG())
RegisterDefaultFactoryFor<RandomNumberGenerator, PadlockRNG>();
#endif
#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
if (HasRDRAND())
RegisterDefaultFactoryFor<RandomNumberGenerator, RDRAND>();
if (HasRDSEED())
RegisterDefaultFactoryFor<RandomNumberGenerator, RDSEED>();
#endif
RegisterDefaultFactoryFor<RandomNumberGenerator, OFB_Mode<AES>::Encryption >("AES/OFB RNG");
RegisterDefaultFactoryFor<NIST_DRBG, Hash_DRBG<SHA1> >("Hash_DRBG(SHA1)");
RegisterDefaultFactoryFor<NIST_DRBG, Hash_DRBG<SHA256> >("Hash_DRBG(SHA256)");
RegisterDefaultFactoryFor<NIST_DRBG, HMAC_DRBG<SHA1> >("HMAC_DRBG(SHA1)");
RegisterDefaultFactoryFor<NIST_DRBG, HMAC_DRBG<SHA256> >("HMAC_DRBG(SHA256)");
}
// regtest1.cpp - originally written and placed in the public domain by Wei Dai
// regtest.cpp split into 3 files due to OOM kills by JW in April 2017
#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
#include "cryptlib.h"
#include "factory.h"
#include "bench.h"
#include "cpu.h"
#include "crc.h"
#include "adler32.h"
#include "md2.h"
#include "md5.h"
#include "keccak.h"
#include "sha3.h"
#include "blake2.h"
#include "sha.h"
#include "sha3.h"
#include "sm3.h"
#include "tiger.h"
#include "ripemd.h"
#include "panama.h"
#include "whrlpool.h"
#include "osrng.h"
#include "drbg.h"
#include "mersenne.h"
#include "rdrand.h"
#include "padlkrng.h"
#include "modes.h"
#include "aes.h"
// Aggressive stack checking with VS2005 SP1 and above.
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
USING_NAMESPACE(CryptoPP)
// Unkeyed ciphers
void RegisterFactories1();
// Shared key ciphers
void RegisterFactories2();
// Public key ciphers
void RegisterFactories3();
void RegisterFactories(Test::TestClass suites)
{
static bool s_registered = false;
if (s_registered)
return;
if ((suites & Test::Unkeyed) == Test::Unkeyed)
RegisterFactories1();
if ((suites & Test::SharedKeyMAC) == Test::SharedKeyMAC ||
(suites & Test::SharedKeyStream) == Test::SharedKeyStream ||
(suites & Test::SharedKeyBlock) == Test::SharedKeyBlock)
RegisterFactories2();
if ((suites & Test::PublicKey) == Test::PublicKey)
RegisterFactories3();
s_registered = true;
}
// Unkeyed ciphers
void RegisterFactories1()
{
RegisterDefaultFactoryFor<HashTransformation, CRC32>();
RegisterDefaultFactoryFor<HashTransformation, CRC32C>();
RegisterDefaultFactoryFor<HashTransformation, Adler32>();
RegisterDefaultFactoryFor<HashTransformation, Weak::MD5>();
RegisterDefaultFactoryFor<HashTransformation, SHA1>();
RegisterDefaultFactoryFor<HashTransformation, SHA224>();
RegisterDefaultFactoryFor<HashTransformation, SHA256>();
RegisterDefaultFactoryFor<HashTransformation, SHA384>();
RegisterDefaultFactoryFor<HashTransformation, SHA512>();
RegisterDefaultFactoryFor<HashTransformation, Whirlpool>();
RegisterDefaultFactoryFor<HashTransformation, Tiger>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD160>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD320>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD128>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD256>();
RegisterDefaultFactoryFor<HashTransformation, Weak::PanamaHash<LittleEndian> >();
RegisterDefaultFactoryFor<HashTransformation, Weak::PanamaHash<BigEndian> >();
RegisterDefaultFactoryFor<HashTransformation, Keccak_224>();
RegisterDefaultFactoryFor<HashTransformation, Keccak_256>();
RegisterDefaultFactoryFor<HashTransformation, Keccak_384>();
RegisterDefaultFactoryFor<HashTransformation, Keccak_512>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_224>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_256>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_384>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_512>();
RegisterDefaultFactoryFor<HashTransformation, SM3>();
RegisterDefaultFactoryFor<HashTransformation, BLAKE2s>();
RegisterDefaultFactoryFor<HashTransformation, BLAKE2b>();
#ifdef BLOCKING_RNG_AVAILABLE
RegisterDefaultFactoryFor<RandomNumberGenerator, BlockingRng>();
#endif
#ifdef NONBLOCKING_RNG_AVAILABLE
RegisterDefaultFactoryFor<RandomNumberGenerator, NonblockingRng>();
#endif
#ifdef OS_RNG_AVAILABLE
RegisterDefaultFactoryFor<RandomNumberGenerator, AutoSeededRandomPool>();
RegisterDefaultFactoryFor<RandomNumberGenerator, AutoSeededX917RNG<AES> >();
#endif
RegisterDefaultFactoryFor<RandomNumberGenerator, MT19937>();
#if (CRYPTOPP_BOOL_X86)
if (HasPadlockRNG())
RegisterDefaultFactoryFor<RandomNumberGenerator, PadlockRNG>();
#endif
#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
if (HasRDRAND())
RegisterDefaultFactoryFor<RandomNumberGenerator, RDRAND>();
if (HasRDSEED())
RegisterDefaultFactoryFor<RandomNumberGenerator, RDSEED>();
#endif
RegisterDefaultFactoryFor<RandomNumberGenerator, OFB_Mode<AES>::Encryption >("AES/OFB RNG");
RegisterDefaultFactoryFor<NIST_DRBG, Hash_DRBG<SHA1> >("Hash_DRBG(SHA1)");
RegisterDefaultFactoryFor<NIST_DRBG, Hash_DRBG<SHA256> >("Hash_DRBG(SHA256)");
RegisterDefaultFactoryFor<NIST_DRBG, HMAC_DRBG<SHA1> >("HMAC_DRBG(SHA1)");
RegisterDefaultFactoryFor<NIST_DRBG, HMAC_DRBG<SHA256> >("HMAC_DRBG(SHA256)");
}

376
Common/3dParty/cryptopp/regtest2.cpp
View File

@ -1,188 +1,188 @@
// regtest2.cpp - originally written and placed in the public domain by Wei Dai
// regtest.cpp split into 3 files due to OOM kills by JW in April 2017
#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
#include "cryptlib.h"
#include "factory.h"
#include "bench.h"
#include "cpu.h"
#include "modes.h"
#include "seal.h"
#include "ttmac.h"
#include "aria.h"
#include "camellia.h"
#include "shacal2.h"
#include "tea.h"
#include "aes.h"
#include "salsa.h"
#include "chacha.h"
#include "vmac.h"
#include "tiger.h"
#include "sosemanuk.h"
#include "arc4.h"
#include "ccm.h"
#include "gcm.h"
#include "eax.h"
#include "twofish.h"
#include "serpent.h"
#include "cast.h"
#include "rc6.h"
#include "mars.h"
#include "kalyna.h"
#include "threefish.h"
#include "simon.h"
#include "speck.h"
#include "sm4.h"
#include "des.h"
#include "idea.h"
#include "rc5.h"
#include "tea.h"
#include "skipjack.h"
#include "cmac.h"
#include "dmac.h"
#include "blowfish.h"
#include "seed.h"
#include "wake.h"
#include "hkdf.h"
// For HMAC's
#include "md5.h"
#include "keccak.h"
#include "sha.h"
#include "sha3.h"
#include "blake2.h"
#include "ripemd.h"
#include "poly1305.h"
#include "siphash.h"
#include "whrlpool.h"
#include "panama.h"
// Aggressive stack checking with VS2005 SP1 and above.
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
USING_NAMESPACE(CryptoPP)
// Shared key ciphers
void RegisterFactories2()
{
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<Weak::MD5> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<RIPEMD160> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA1> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA224> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA256> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA384> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA512> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, TTMAC>();
RegisterDefaultFactoryFor<MessageAuthenticationCode, VMAC<AES> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, VMAC<AES, 64> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, Weak::PanamaMAC<LittleEndian> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, Weak::PanamaMAC<BigEndian> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, CMAC<AES> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, DMAC<AES> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, Poly1305<AES> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, CMAC<DES_EDE3> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, BLAKE2s>();
RegisterDefaultFactoryFor<MessageAuthenticationCode, BLAKE2b>();
RegisterDefaultFactoryFor<MessageAuthenticationCode, SipHash<2,4> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, SipHash<4,8> >();
RegisterSymmetricCipherDefaultFactories<SEAL<> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SHACAL2> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<ARIA> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Camellia> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<TEA> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<XTEA> >();
RegisterSymmetricCipherDefaultFactories<PanamaCipher<LittleEndian> >();
RegisterSymmetricCipherDefaultFactories<PanamaCipher<BigEndian> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<AES> >();
RegisterSymmetricCipherDefaultFactories<CBC_Mode<AES> >();
RegisterSymmetricCipherDefaultFactories<CFB_Mode<AES> >();
RegisterSymmetricCipherDefaultFactories<OFB_Mode<AES> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<AES> >();
RegisterSymmetricCipherDefaultFactories<Salsa20>();
RegisterSymmetricCipherDefaultFactories<XSalsa20>();
RegisterSymmetricCipherDefaultFactories<ChaCha8>();
RegisterSymmetricCipherDefaultFactories<ChaCha12>();
RegisterSymmetricCipherDefaultFactories<ChaCha20>();
RegisterSymmetricCipherDefaultFactories<Sosemanuk>();
RegisterSymmetricCipherDefaultFactories<Weak::MARC4>();
RegisterSymmetricCipherDefaultFactories<WAKE_OFB<LittleEndian> >();
RegisterSymmetricCipherDefaultFactories<WAKE_OFB<BigEndian> >();
RegisterSymmetricCipherDefaultFactories<SEAL<LittleEndian> >();
RegisterAuthenticatedSymmetricCipherDefaultFactories<CCM<AES> >();
RegisterAuthenticatedSymmetricCipherDefaultFactories<GCM<AES> >();
RegisterAuthenticatedSymmetricCipherDefaultFactories<EAX<AES> >();
RegisterSymmetricCipherDefaultFactories<CBC_Mode<ARIA> >(); // For test vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<ARIA> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Camellia> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Twofish> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Serpent> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<CAST256> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<RC6> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<MARS> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<MARS> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SHACAL2> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<DES> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<DES_XEX3> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<DES_EDE3> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<IDEA> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<RC5> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<TEA> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<XTEA> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<CAST128> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SKIPJACK> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Blowfish> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SEED> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SEED> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Kalyna128> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Kalyna128> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Kalyna256> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Kalyna256> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Kalyna512> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Kalyna512> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Kalyna128> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Kalyna256> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Kalyna512> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Threefish256> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Threefish256> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Threefish512> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Threefish512> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Threefish1024> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Threefish1024> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Threefish256> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Threefish512> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Threefish1024> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SIMON64> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<SIMON64> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SIMON128> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<SIMON128> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SIMON64> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SIMON128> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SPECK64> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<SPECK64> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SPECK128> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<SPECK128> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SPECK64> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SPECK128> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SM4> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<SM4> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SM4> >(); // Benchmarks
RegisterDefaultFactoryFor<KeyDerivationFunction, HKDF<SHA1> >();
RegisterDefaultFactoryFor<KeyDerivationFunction, HKDF<SHA256> >();
RegisterDefaultFactoryFor<KeyDerivationFunction, HKDF<SHA512> >();
RegisterDefaultFactoryFor<KeyDerivationFunction, HKDF<Whirlpool> >();
}
// regtest2.cpp - originally written and placed in the public domain by Wei Dai
// regtest.cpp split into 3 files due to OOM kills by JW in April 2017
#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
#include "cryptlib.h"
#include "factory.h"
#include "bench.h"
#include "cpu.h"
#include "modes.h"
#include "seal.h"
#include "ttmac.h"
#include "aria.h"
#include "camellia.h"
#include "shacal2.h"
#include "tea.h"
#include "aes.h"
#include "salsa.h"
#include "chacha.h"
#include "vmac.h"
#include "tiger.h"
#include "sosemanuk.h"
#include "arc4.h"
#include "ccm.h"
#include "gcm.h"
#include "eax.h"
#include "twofish.h"
#include "serpent.h"
#include "cast.h"
#include "rc6.h"
#include "mars.h"
#include "kalyna.h"
#include "threefish.h"
#include "simon.h"
#include "speck.h"
#include "sm4.h"
#include "des.h"
#include "idea.h"
#include "rc5.h"
#include "tea.h"
#include "skipjack.h"
#include "cmac.h"
#include "dmac.h"
#include "blowfish.h"
#include "seed.h"
#include "wake.h"
#include "hkdf.h"
// For HMAC's
#include "md5.h"
#include "keccak.h"
#include "sha.h"
#include "sha3.h"
#include "blake2.h"
#include "ripemd.h"
#include "poly1305.h"
#include "siphash.h"
#include "whrlpool.h"
#include "panama.h"
// Aggressive stack checking with VS2005 SP1 and above.
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
USING_NAMESPACE(CryptoPP)
// Shared key ciphers
void RegisterFactories2()
{
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<Weak::MD5> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<RIPEMD160> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA1> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA224> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA256> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA384> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA512> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, TTMAC>();
RegisterDefaultFactoryFor<MessageAuthenticationCode, VMAC<AES> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, VMAC<AES, 64> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, Weak::PanamaMAC<LittleEndian> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, Weak::PanamaMAC<BigEndian> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, CMAC<AES> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, DMAC<AES> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, Poly1305<AES> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, CMAC<DES_EDE3> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, BLAKE2s>();
RegisterDefaultFactoryFor<MessageAuthenticationCode, BLAKE2b>();
RegisterDefaultFactoryFor<MessageAuthenticationCode, SipHash<2,4> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, SipHash<4,8> >();
RegisterSymmetricCipherDefaultFactories<SEAL<> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SHACAL2> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<ARIA> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Camellia> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<TEA> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<XTEA> >();
RegisterSymmetricCipherDefaultFactories<PanamaCipher<LittleEndian> >();
RegisterSymmetricCipherDefaultFactories<PanamaCipher<BigEndian> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<AES> >();
RegisterSymmetricCipherDefaultFactories<CBC_Mode<AES> >();
RegisterSymmetricCipherDefaultFactories<CFB_Mode<AES> >();
RegisterSymmetricCipherDefaultFactories<OFB_Mode<AES> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<AES> >();
RegisterSymmetricCipherDefaultFactories<Salsa20>();
RegisterSymmetricCipherDefaultFactories<XSalsa20>();
RegisterSymmetricCipherDefaultFactories<ChaCha8>();
RegisterSymmetricCipherDefaultFactories<ChaCha12>();
RegisterSymmetricCipherDefaultFactories<ChaCha20>();
RegisterSymmetricCipherDefaultFactories<Sosemanuk>();
RegisterSymmetricCipherDefaultFactories<Weak::MARC4>();
RegisterSymmetricCipherDefaultFactories<WAKE_OFB<LittleEndian> >();
RegisterSymmetricCipherDefaultFactories<WAKE_OFB<BigEndian> >();
RegisterSymmetricCipherDefaultFactories<SEAL<LittleEndian> >();
RegisterAuthenticatedSymmetricCipherDefaultFactories<CCM<AES> >();
RegisterAuthenticatedSymmetricCipherDefaultFactories<GCM<AES> >();
RegisterAuthenticatedSymmetricCipherDefaultFactories<EAX<AES> >();
RegisterSymmetricCipherDefaultFactories<CBC_Mode<ARIA> >(); // For test vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<ARIA> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Camellia> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Twofish> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Serpent> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<CAST256> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<RC6> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<MARS> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<MARS> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SHACAL2> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<DES> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<DES_XEX3> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<DES_EDE3> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<IDEA> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<RC5> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<TEA> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<XTEA> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<CAST128> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SKIPJACK> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Blowfish> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SEED> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SEED> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Kalyna128> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Kalyna128> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Kalyna256> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Kalyna256> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Kalyna512> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Kalyna512> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Kalyna128> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Kalyna256> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Kalyna512> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Threefish256> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Threefish256> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Threefish512> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Threefish512> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Threefish1024> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Threefish1024> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Threefish256> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Threefish512> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Threefish1024> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SIMON64> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<SIMON64> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SIMON128> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<SIMON128> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SIMON64> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SIMON128> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SPECK64> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<SPECK64> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SPECK128> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<SPECK128> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SPECK64> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SPECK128> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SM4> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<SM4> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SM4> >(); // Benchmarks
RegisterDefaultFactoryFor<KeyDerivationFunction, HKDF<SHA1> >();
RegisterDefaultFactoryFor<KeyDerivationFunction, HKDF<SHA256> >();
RegisterDefaultFactoryFor<KeyDerivationFunction, HKDF<SHA512> >();
RegisterDefaultFactoryFor<KeyDerivationFunction, HKDF<Whirlpool> >();
}

114
Common/3dParty/cryptopp/regtest3.cpp
View File

@ -1,57 +1,57 @@
// regtest.cpp - originally written and placed in the public domain by Wei Dai
// regtest.cpp split into 3 files due to OOM kills by JW in April 2017
#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
#include "cryptlib.h"
#include "factory.h"
#include "bench.h"
#include "cpu.h"
#include "dh.h"
#include "nr.h"
#include "rw.h"
#include "rsa.h"
#include "dsa.h"
#include "pssr.h"
#include "esign.h"
// Hashes
#include "md2.h"
#include "md5.h"
#include "sha.h"
// Aggressive stack checking with VS2005 SP1 and above.
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
USING_NAMESPACE(CryptoPP)
void RegisterFactories3()
{
RegisterDefaultFactoryFor<SimpleKeyAgreementDomain, DH>();
RegisterAsymmetricCipherDefaultFactories<RSAES<OAEP<SHA1> > >("RSA/OAEP-MGF1(SHA-1)");
RegisterAsymmetricCipherDefaultFactories<DLIES<> >("DLIES(NoCofactorMultiplication, KDF2(SHA-1), XOR, HMAC(SHA-1), DHAES)");
RegisterSignatureSchemeDefaultFactories<DSA>();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA224> >();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA256> >();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA384> >();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA512> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA1> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA224> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA256> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA384> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA512> >();
RegisterSignatureSchemeDefaultFactories<NR<SHA1> >("NR(1363)/EMSA1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<GDSA<SHA1> >("DSA-1363/EMSA1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, Weak::MD2> >("RSA/PKCS1-1.5(MD2)");
RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, SHA1> >("RSA/PKCS1-1.5(SHA-1)");
RegisterSignatureSchemeDefaultFactories<ESIGN<SHA1> >("ESIGN/EMSA5-MGF1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<RWSS<P1363_EMSA2, SHA1> >("RW/EMSA2(SHA-1)");
RegisterSignatureSchemeDefaultFactories<RSASS<PSS, SHA1> >("RSA/PSS-MGF1(SHA-1)");
}
// regtest.cpp - originally written and placed in the public domain by Wei Dai
// regtest.cpp split into 3 files due to OOM kills by JW in April 2017
#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
#include "cryptlib.h"
#include "factory.h"
#include "bench.h"
#include "cpu.h"
#include "dh.h"
#include "nr.h"
#include "rw.h"
#include "rsa.h"
#include "dsa.h"
#include "pssr.h"
#include "esign.h"
// Hashes
#include "md2.h"
#include "md5.h"
#include "sha.h"
// Aggressive stack checking with VS2005 SP1 and above.
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
USING_NAMESPACE(CryptoPP)
void RegisterFactories3()
{
RegisterDefaultFactoryFor<SimpleKeyAgreementDomain, DH>();
RegisterAsymmetricCipherDefaultFactories<RSAES<OAEP<SHA1> > >("RSA/OAEP-MGF1(SHA-1)");
RegisterAsymmetricCipherDefaultFactories<DLIES<> >("DLIES(NoCofactorMultiplication, KDF2(SHA-1), XOR, HMAC(SHA-1), DHAES)");
RegisterSignatureSchemeDefaultFactories<DSA>();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA224> >();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA256> >();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA384> >();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA512> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA1> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA224> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA256> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA384> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA512> >();
RegisterSignatureSchemeDefaultFactories<NR<SHA1> >("NR(1363)/EMSA1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<GDSA<SHA1> >("DSA-1363/EMSA1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, Weak::MD2> >("RSA/PKCS1-1.5(MD2)");
RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, SHA1> >("RSA/PKCS1-1.5(SHA-1)");
RegisterSignatureSchemeDefaultFactories<ESIGN<SHA1> >("ESIGN/EMSA5-MGF1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<RWSS<P1363_EMSA2, SHA1> >("RW/EMSA2(SHA-1)");
RegisterSignatureSchemeDefaultFactories<RSASS<PSS, SHA1> >("RSA/PSS-MGF1(SHA-1)");
}

1470
Common/3dParty/cryptopp/rijndael-simd.cpp
View File

File diff suppressed because it is too large Load Diff

542
Common/3dParty/cryptopp/scrypt.cpp
View File

@ -1,271 +1,271 @@
// scrypt.cpp - written and placed in public domain by Jeffrey Walton.
// Based on reference source code by Colin Percival for
// Scrypt and Daniel Bernstein for Salsa20 core.
#include "pch.h"
#include "scrypt.h"
#include "algparam.h"
#include "argnames.h"
#include "pwdbased.h"
#include "stdcpp.h"
#include "salsa.h"
#include "misc.h"
#include "sha.h"
#include <sstream>
#ifdef _OPENMP
# include <omp.h>
#endif
ANONYMOUS_NAMESPACE_BEGIN
using CryptoPP::byte;
using CryptoPP::word32;
using CryptoPP::word64;
using CryptoPP::GetWord;
using CryptoPP::PutWord;
using CryptoPP::Salsa20_Core;
using CryptoPP::rotlConstant;
using CryptoPP::LITTLE_ENDIAN_ORDER;
using CryptoPP::AlignedSecByteBlock;
static inline void LE32ENC(byte* out, word32 in)
{
PutWord(false, LITTLE_ENDIAN_ORDER, out, in);
}
static inline word32 LE32DEC(const byte* in)
{
return GetWord<word32>(false, LITTLE_ENDIAN_ORDER, in);
}
static inline word64 LE64DEC(const byte* in)
{
return GetWord<word64>(false, LITTLE_ENDIAN_ORDER, in);
}
static inline void BlockCopy(byte* dest, byte* src, size_t len)
{
for (size_t i = 0; i < len; ++i)
dest[i] = src[i];
}
static inline void BlockXOR(byte* dest, byte* src, size_t len)
{
#pragma omp simd
for (size_t i = 0; i < len; ++i)
dest[i] ^= src[i];
}
static inline void PBKDF2_SHA256(byte* buf, size_t dkLen,
const byte* passwd, size_t passwdlen,
const byte* salt, size_t saltlen, byte count)
{
using CryptoPP::SHA256;
using CryptoPP::PKCS5_PBKDF2_HMAC;
PKCS5_PBKDF2_HMAC<SHA256> pbkdf;
pbkdf.DeriveKey(buf, dkLen, 0, passwd, passwdlen, salt, saltlen, count, 0.0f);
}
static inline void Salsa20_8(byte B[64])
{
word32 B32[16];
for (size_t i = 0; i < 16; ++i)
B32[i] = LE32DEC(&B[i * 4]);
Salsa20_Core(B32, 8);
for (size_t i = 0; i < 16; ++i)
LE32ENC(&B[4 * i], B32[i]);
}
static inline void BlockMix(byte* B, byte* Y, size_t r)
{
byte X[64];
// 1: X <-- B_{2r - 1}
BlockCopy(X, &B[(2 * r - 1) * 64], 64);
// 2: for i = 0 to 2r - 1 do
for (size_t i = 0; i < 2 * r; ++i)
{
// 3: X <-- H(X \xor B_i)
BlockXOR(X, &B[i * 64], 64);
Salsa20_8(X);
// 4: Y_i <-- X
BlockCopy(&Y[i * 64], X, 64);
}
// 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1})
for (size_t i = 0; i < r; ++i)
BlockCopy(&B[i * 64], &Y[(i * 2) * 64], 64);
for (size_t i = 0; i < r; ++i)
BlockCopy(&B[(i + r) * 64], &Y[(i * 2 + 1) * 64], 64);
}
static inline word64 Integerify(byte* B, size_t r)
{
byte* X = &B[(2 * r - 1) * 64];
return LE64DEC(X);
}
static inline void Smix(byte* B, size_t r, word64 N, byte* V, byte* XY)
{
byte* X = XY;
byte* Y = XY+128*r;
// 1: X <-- B
BlockCopy(X, B, 128 * r);
// 2: for i = 0 to N - 1 do
for (word64 i = 0; i < N; ++i)
{
// 3: V_i <-- X
BlockCopy(&V[i * (128 * r)], X, 128 * r);
// 4: X <-- H(X)
BlockMix(X, Y, r);
}
// 6: for i = 0 to N - 1 do
for (word64 i = 0; i < N; ++i)
{
// 7: j <-- Integerify(X) mod N
word64 j = Integerify(X, r) & (N - 1);
// 8: X <-- H(X \xor V_j)
BlockXOR(X, &V[j * (128 * r)], 128 * r);
BlockMix(X, Y, r);
}
// 10: B' <-- X
BlockCopy(B, X, 128 * r);
}
ANONYMOUS_NAMESPACE_END
NAMESPACE_BEGIN(CryptoPP)
size_t Scrypt::GetValidDerivedLength(size_t keylength) const
{
if (keylength > MaxDerivedLength())
return MaxDerivedLength();
return keylength;
}
void Scrypt::ValidateParameters(size_t derivedLen, word64 cost, word64 blockSize, word64 parallelization) const
{
// Optimizer should remove this on 32-bit platforms
if (std::numeric_limits<size_t>::max() > std::numeric_limits<word32>::max())
{
const word64 maxLen = ((static_cast<word64>(1) << 32) - 1) * 32;
if (derivedLen > maxLen) {
std::ostringstream oss;
oss << "derivedLen " << derivedLen << " is larger than " << maxLen;
throw InvalidArgument("Scrypt: " + oss.str());
}
}
CRYPTOPP_ASSERT(IsPowerOf2(cost));
if (IsPowerOf2(cost) == false)
throw InvalidArgument("Scrypt: cost must be a power of 2");
const word64 prod = static_cast<word64>(blockSize) * parallelization;
CRYPTOPP_ASSERT(prod < (1U << 30));
if (prod >= (1U << 30)) {
std::ostringstream oss;
oss << "r*p " << prod << " is larger than " << (1U << 30);
throw InvalidArgument("Scrypt: " + oss.str());
}
// Scrypt has several tests that effectively verify allocations like
// '128 * r * N' and '128 * r * p' do not overflow. They are the tests
// that set errno to ENOMEM. We can make the logic a little more clear
// using word128. At first blush the word128 may seem like overkill.
// However, this alogirthm is dominated by slow moving parts, so a
// one-time check is insignificant in the bigger picture.
#if defined(CRYPTOPP_WORD128_AVAILABLE)
const word128 maxElems = static_cast<word128>(SIZE_MAX);
bool bLimit = (maxElems >= static_cast<word128>(cost) * blockSize * 128U);
bool xyLimit = (maxElems >= static_cast<word128>(parallelization) * blockSize * 128U);
bool vLimit = (maxElems >= static_cast<word128>(blockSize) * 256U + 64U);
#else
const word64 maxElems = static_cast<word64>(SIZE_MAX);
bool bLimit = (blockSize < maxElems / 128U / cost);
bool xyLimit = (blockSize < maxElems / 128U / parallelization);
bool vLimit = (blockSize < (maxElems - 64U) / 256U);
#endif
CRYPTOPP_ASSERT(bLimit); CRYPTOPP_ASSERT(xyLimit); CRYPTOPP_ASSERT(vLimit);
if (!bLimit || !xyLimit || !vLimit)
throw std::bad_alloc();
}
size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen,
const byte*secret, size_t secretLen, const NameValuePairs& params) const
{
CRYPTOPP_ASSERT(secret /*&& secretLen*/);
CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength());
word64 cost=0, blockSize=0, parallelization=0;
if(params.GetValue("Cost", cost) == false)
cost = defaultCost;
if(params.GetValue("BlockSize", blockSize) == false)
blockSize = defaultBlockSize;
if(params.GetValue("Parallelization", parallelization) == false)
parallelization = defaultParallelization;
ConstByteArrayParameter salt;
(void)params.GetValue("Salt", salt);
return DeriveKey(derived, derivedLen, secret, secretLen, salt.begin(), salt.size(), cost, blockSize, parallelization);
}
size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen, const byte*secret, size_t secretLen,
const byte*salt, size_t saltLen, word64 cost, word64 blockSize, word64 parallel) const
{
CRYPTOPP_ASSERT(secret /*&& secretLen*/);
CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength());
ThrowIfInvalidDerivedLength(derivedLen);
ValidateParameters(derivedLen, cost, blockSize, parallel);
AlignedSecByteBlock B(static_cast<size_t>(blockSize * parallel * 128U));
// 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen)
PBKDF2_SHA256(B, B.size(), secret, secretLen, salt, saltLen, 1);
// http://stackoverflow.com/q/49604260/608639
#pragma omp parallel
{
// Each thread gets its own copy
AlignedSecByteBlock XY(static_cast<size_t>(blockSize * 256U));
AlignedSecByteBlock V(static_cast<size_t>(blockSize * cost * 128U));
// 2: for i = 0 to p - 1 do
#pragma omp for
for (size_t i = 0; i < static_cast<size_t>(parallel); ++i)
{
// 3: B_i <-- MF(B_i, N)
const ptrdiff_t offset = static_cast<ptrdiff_t>(blockSize*i*128);
Smix(B+offset, static_cast<size_t>(blockSize), cost, V, XY);
}
}
// 5: DK <-- PBKDF2(P, B, 1, dkLen)
PBKDF2_SHA256(derived, derivedLen, secret, secretLen, B, B.size(), 1);
return 1;
}
NAMESPACE_END
// scrypt.cpp - written and placed in public domain by Jeffrey Walton.
// Based on reference source code by Colin Percival for
// Scrypt and Daniel Bernstein for Salsa20 core.
#include "pch.h"
#include "scrypt.h"
#include "algparam.h"
#include "argnames.h"
#include "pwdbased.h"
#include "stdcpp.h"
#include "salsa.h"
#include "misc.h"
#include "sha.h"
#include <sstream>
#ifdef _OPENMP
# include <omp.h>
#endif
ANONYMOUS_NAMESPACE_BEGIN
using CryptoPP::byte;
using CryptoPP::word32;
using CryptoPP::word64;
using CryptoPP::GetWord;
using CryptoPP::PutWord;
using CryptoPP::Salsa20_Core;
using CryptoPP::rotlConstant;
using CryptoPP::LITTLE_ENDIAN_ORDER;
using CryptoPP::AlignedSecByteBlock;
static inline void LE32ENC(byte* out, word32 in)
{
PutWord(false, LITTLE_ENDIAN_ORDER, out, in);
}
static inline word32 LE32DEC(const byte* in)
{
return GetWord<word32>(false, LITTLE_ENDIAN_ORDER, in);
}
static inline word64 LE64DEC(const byte* in)
{
return GetWord<word64>(false, LITTLE_ENDIAN_ORDER, in);
}
static inline void BlockCopy(byte* dest, byte* src, size_t len)
{
for (size_t i = 0; i < len; ++i)
dest[i] = src[i];
}
static inline void BlockXOR(byte* dest, byte* src, size_t len)
{
#pragma omp simd
for (size_t i = 0; i < len; ++i)
dest[i] ^= src[i];
}
static inline void PBKDF2_SHA256(byte* buf, size_t dkLen,
const byte* passwd, size_t passwdlen,
const byte* salt, size_t saltlen, byte count)
{
using CryptoPP::SHA256;
using CryptoPP::PKCS5_PBKDF2_HMAC;
PKCS5_PBKDF2_HMAC<SHA256> pbkdf;
pbkdf.DeriveKey(buf, dkLen, 0, passwd, passwdlen, salt, saltlen, count, 0.0f);
}
static inline void Salsa20_8(byte B[64])
{
word32 B32[16];
for (size_t i = 0; i < 16; ++i)
B32[i] = LE32DEC(&B[i * 4]);
Salsa20_Core(B32, 8);
for (size_t i = 0; i < 16; ++i)
LE32ENC(&B[4 * i], B32[i]);
}
static inline void BlockMix(byte* B, byte* Y, size_t r)
{
byte X[64];
// 1: X <-- B_{2r - 1}
BlockCopy(X, &B[(2 * r - 1) * 64], 64);
// 2: for i = 0 to 2r - 1 do
for (size_t i = 0; i < 2 * r; ++i)
{
// 3: X <-- H(X \xor B_i)
BlockXOR(X, &B[i * 64], 64);
Salsa20_8(X);
// 4: Y_i <-- X
BlockCopy(&Y[i * 64], X, 64);
}
// 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1})
for (size_t i = 0; i < r; ++i)
BlockCopy(&B[i * 64], &Y[(i * 2) * 64], 64);
for (size_t i = 0; i < r; ++i)
BlockCopy(&B[(i + r) * 64], &Y[(i * 2 + 1) * 64], 64);
}
static inline word64 Integerify(byte* B, size_t r)
{
byte* X = &B[(2 * r - 1) * 64];
return LE64DEC(X);
}
static inline void Smix(byte* B, size_t r, word64 N, byte* V, byte* XY)
{
byte* X = XY;
byte* Y = XY+128*r;
// 1: X <-- B
BlockCopy(X, B, 128 * r);
// 2: for i = 0 to N - 1 do
for (word64 i = 0; i < N; ++i)
{
// 3: V_i <-- X
BlockCopy(&V[i * (128 * r)], X, 128 * r);
// 4: X <-- H(X)
BlockMix(X, Y, r);
}
// 6: for i = 0 to N - 1 do
for (word64 i = 0; i < N; ++i)
{
// 7: j <-- Integerify(X) mod N
word64 j = Integerify(X, r) & (N - 1);
// 8: X <-- H(X \xor V_j)
BlockXOR(X, &V[j * (128 * r)], 128 * r);
BlockMix(X, Y, r);
}
// 10: B' <-- X
BlockCopy(B, X, 128 * r);
}
ANONYMOUS_NAMESPACE_END
NAMESPACE_BEGIN(CryptoPP)
size_t Scrypt::GetValidDerivedLength(size_t keylength) const
{
if (keylength > MaxDerivedLength())
return MaxDerivedLength();
return keylength;
}
void Scrypt::ValidateParameters(size_t derivedLen, word64 cost, word64 blockSize, word64 parallelization) const
{
// Optimizer should remove this on 32-bit platforms
if (std::numeric_limits<size_t>::max() > std::numeric_limits<word32>::max())
{
const word64 maxLen = ((static_cast<word64>(1) << 32) - 1) * 32;
if (derivedLen > maxLen) {
std::ostringstream oss;
oss << "derivedLen " << derivedLen << " is larger than " << maxLen;
throw InvalidArgument("Scrypt: " + oss.str());
}
}
CRYPTOPP_ASSERT(IsPowerOf2(cost));
if (IsPowerOf2(cost) == false)
throw InvalidArgument("Scrypt: cost must be a power of 2");
const word64 prod = static_cast<word64>(blockSize) * parallelization;
CRYPTOPP_ASSERT(prod < (1U << 30));
if (prod >= (1U << 30)) {
std::ostringstream oss;
oss << "r*p " << prod << " is larger than " << (1U << 30);
throw InvalidArgument("Scrypt: " + oss.str());
}
// Scrypt has several tests that effectively verify allocations like
// '128 * r * N' and '128 * r * p' do not overflow. They are the tests
// that set errno to ENOMEM. We can make the logic a little more clear
// using word128. At first blush the word128 may seem like overkill.
// However, this alogirthm is dominated by slow moving parts, so a
// one-time check is insignificant in the bigger picture.
#if defined(CRYPTOPP_WORD128_AVAILABLE)
const word128 maxElems = static_cast<word128>(SIZE_MAX);
bool bLimit = (maxElems >= static_cast<word128>(cost) * blockSize * 128U);
bool xyLimit = (maxElems >= static_cast<word128>(parallelization) * blockSize * 128U);
bool vLimit = (maxElems >= static_cast<word128>(blockSize) * 256U + 64U);
#else
const word64 maxElems = static_cast<word64>(SIZE_MAX);
bool bLimit = (blockSize < maxElems / 128U / cost);
bool xyLimit = (blockSize < maxElems / 128U / parallelization);
bool vLimit = (blockSize < (maxElems - 64U) / 256U);
#endif
CRYPTOPP_ASSERT(bLimit); CRYPTOPP_ASSERT(xyLimit); CRYPTOPP_ASSERT(vLimit);
if (!bLimit || !xyLimit || !vLimit)
throw std::bad_alloc();
}
size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen,
const byte*secret, size_t secretLen, const NameValuePairs& params) const
{
CRYPTOPP_ASSERT(secret /*&& secretLen*/);
CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength());
word64 cost=0, blockSize=0, parallelization=0;
if(params.GetValue("Cost", cost) == false)
cost = defaultCost;
if(params.GetValue("BlockSize", blockSize) == false)
blockSize = defaultBlockSize;
if(params.GetValue("Parallelization", parallelization) == false)
parallelization = defaultParallelization;
ConstByteArrayParameter salt;
(void)params.GetValue("Salt", salt);
return DeriveKey(derived, derivedLen, secret, secretLen, salt.begin(), salt.size(), cost, blockSize, parallelization);
}
size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen, const byte*secret, size_t secretLen,
const byte*salt, size_t saltLen, word64 cost, word64 blockSize, word64 parallel) const
{
CRYPTOPP_ASSERT(secret /*&& secretLen*/);
CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength());
ThrowIfInvalidDerivedLength(derivedLen);
ValidateParameters(derivedLen, cost, blockSize, parallel);
AlignedSecByteBlock B(static_cast<size_t>(blockSize * parallel * 128U));
// 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen)
PBKDF2_SHA256(B, B.size(), secret, secretLen, salt, saltLen, 1);
// http://stackoverflow.com/q/49604260/608639
#pragma omp parallel
{
// Each thread gets its own copy
AlignedSecByteBlock XY(static_cast<size_t>(blockSize * 256U));
AlignedSecByteBlock V(static_cast<size_t>(blockSize * cost * 128U));
// 2: for i = 0 to p - 1 do
#pragma omp for
for (size_t i = 0; i < static_cast<size_t>(parallel); ++i)
{
// 3: B_i <-- MF(B_i, N)
const ptrdiff_t offset = static_cast<ptrdiff_t>(blockSize*i*128);
Smix(B+offset, static_cast<size_t>(blockSize), cost, V, XY);
}
}
// 5: DK <-- PBKDF2(P, B, 1, dkLen)
PBKDF2_SHA256(derived, derivedLen, secret, secretLen, B, B.size(), 1);
return 1;
}
NAMESPACE_END

202
Common/3dParty/cryptopp/scrypt.h
View File

@ -1,101 +1,101 @@
// scrypt.h - written and placed in public domain by Jeffrey Walton.
// Based on reference source code by Colin Percival.
/// \file scrypt.h
/// \brief Classes for Scrypt from RFC 7914
/// \sa <A HREF="https://www.tarsnap.com/scrypt/scrypt.pdf">Stronger Key Derivation via
/// Sequential Memory-Hard Functions</a>,
/// <A HREF="https://www.tarsnap.com/scrypt.html">The scrypt key derivation function</A>
/// and <A HREF="https://tools.ietf.org/html/rfc7914">RFC 7914, The scrypt Password-Based
/// Key Derivation Function</A>
/// \since Crypto++ 6.2
#ifndef CRYPTOPP_SCRYPT_H
#define CRYPTOPP_SCRYPT_H
#include "cryptlib.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief Scrypt key derivation function
/// \details The Crypto++ implementation uses OpenMP to accelerate the derivation when
/// available.
/// \details The Crypto++ implementation of Scrypt is limited by C++ datatypes. For
/// example, the library is limited to a derived key length of <tt>SIZE_MAX</tt>,
/// and not <tt>(2^32 - 1) * 32</tt>.
/// \sa <A HREF="https://www.tarsnap.com/scrypt/scrypt.pdf">Stronger Key Derivation via
/// Sequential Memory-Hard Functions</a>,
/// <A HREF="https://www.tarsnap.com/scrypt.html">The scrypt key derivation function</A>
/// and <A HREF="https://tools.ietf.org/html/rfc7914">RFC 7914, The scrypt Password-Based
/// Key Derivation Function</A>
/// \since Crypto++ 6.2
class Scrypt : public KeyDerivationFunction
{
public:
virtual ~Scrypt() {}
static std::string StaticAlgorithmName () {
return "scrypt";
}
// KeyDerivationFunction interface
std::string AlgorithmName() const {
return StaticAlgorithmName();
}
// KeyDerivationFunction interface
size_t MaxDerivedLength() const {
return static_cast<size_t>(-1);
}
// KeyDerivationFunction interface
size_t GetValidDerivedLength(size_t keylength) const;
// KeyDerivationFunction interface
size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen,
const NameValuePairs& params) const;
/// \brief Derive a key from a seed
/// \param derived the derived output buffer
/// \param derivedLen the size of the derived buffer, in bytes
/// \param secret the seed input buffer
/// \param secretLen the size of the secret buffer, in bytes
/// \param salt the salt input buffer
/// \param saltLen the size of the salt buffer, in bytes
/// \param cost the CPU/memory cost factor
/// \param blockSize the block size
/// \param parallelization the parallelization factor
/// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from
/// a seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function.
/// \details The CPU/Memory <tt>cost</tt> parameter ("N" in the documents) must be
/// larger than 1, a power of 2, and less than <tt>2^(128 * r / 8)</tt>.
/// \details The parameter <tt>blockSize</tt> ("r" in the documents) specifies the block
/// size.
/// \details The <tt>parallelization</tt> parameter ("p" in the documents) is a positive
/// integer less than or equal to <tt>((2^32-1) * 32) / (128 * r)</tt>.
/// \details Scrypt always returns 1 because it only performs 1 iteration. Other
/// derivation functions, like PBKDF's, will return more interesting values.
/// \details The Crypto++ implementation of Scrypt is limited by C++ datatypes. For
/// example, the library is limited to a derived key length of <tt>SIZE_MAX</tt>,
/// and not <tt>(2^32 - 1) * 32</tt>.
size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen,
const byte *salt, size_t saltLen, word64 cost=2, word64 blockSize=8, word64 parallelization=1) const;
protected:
enum {defaultCost=2, defaultBlockSize=8, defaultParallelization=1};
// KeyDerivationFunction interface
const Algorithm & GetAlgorithm() const {
return *this;
}
inline void ValidateParameters(size_t derivedlen, word64 cost, word64 blockSize, word64 parallelization) const;
};
NAMESPACE_END
#endif // CRYPTOPP_SCRYPT_H
// scrypt.h - written and placed in public domain by Jeffrey Walton.
// Based on reference source code by Colin Percival.
/// \file scrypt.h
/// \brief Classes for Scrypt from RFC 7914
/// \sa <A HREF="https://www.tarsnap.com/scrypt/scrypt.pdf">Stronger Key Derivation via
/// Sequential Memory-Hard Functions</a>,
/// <A HREF="https://www.tarsnap.com/scrypt.html">The scrypt key derivation function</A>
/// and <A HREF="https://tools.ietf.org/html/rfc7914">RFC 7914, The scrypt Password-Based
/// Key Derivation Function</A>
/// \since Crypto++ 6.2
#ifndef CRYPTOPP_SCRYPT_H
#define CRYPTOPP_SCRYPT_H
#include "cryptlib.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief Scrypt key derivation function
/// \details The Crypto++ implementation uses OpenMP to accelerate the derivation when
/// available.
/// \details The Crypto++ implementation of Scrypt is limited by C++ datatypes. For
/// example, the library is limited to a derived key length of <tt>SIZE_MAX</tt>,
/// and not <tt>(2^32 - 1) * 32</tt>.
/// \sa <A HREF="https://www.tarsnap.com/scrypt/scrypt.pdf">Stronger Key Derivation via
/// Sequential Memory-Hard Functions</a>,
/// <A HREF="https://www.tarsnap.com/scrypt.html">The scrypt key derivation function</A>
/// and <A HREF="https://tools.ietf.org/html/rfc7914">RFC 7914, The scrypt Password-Based
/// Key Derivation Function</A>
/// \since Crypto++ 6.2
class Scrypt : public KeyDerivationFunction
{
public:
virtual ~Scrypt() {}
static std::string StaticAlgorithmName () {
return "scrypt";
}
// KeyDerivationFunction interface
std::string AlgorithmName() const {
return StaticAlgorithmName();
}
// KeyDerivationFunction interface
size_t MaxDerivedLength() const {
return static_cast<size_t>(-1);
}
// KeyDerivationFunction interface
size_t GetValidDerivedLength(size_t keylength) const;
// KeyDerivationFunction interface
size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen,
const NameValuePairs& params) const;
/// \brief Derive a key from a seed
/// \param derived the derived output buffer
/// \param derivedLen the size of the derived buffer, in bytes
/// \param secret the seed input buffer
/// \param secretLen the size of the secret buffer, in bytes
/// \param salt the salt input buffer
/// \param saltLen the size of the salt buffer, in bytes
/// \param cost the CPU/memory cost factor
/// \param blockSize the block size
/// \param parallelization the parallelization factor
/// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from
/// a seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function.
/// \details The CPU/Memory <tt>cost</tt> parameter ("N" in the documents) must be
/// larger than 1, a power of 2, and less than <tt>2^(128 * r / 8)</tt>.
/// \details The parameter <tt>blockSize</tt> ("r" in the documents) specifies the block
/// size.
/// \details The <tt>parallelization</tt> parameter ("p" in the documents) is a positive
/// integer less than or equal to <tt>((2^32-1) * 32) / (128 * r)</tt>.
/// \details Scrypt always returns 1 because it only performs 1 iteration. Other
/// derivation functions, like PBKDF's, will return more interesting values.
/// \details The Crypto++ implementation of Scrypt is limited by C++ datatypes. For
/// example, the library is limited to a derived key length of <tt>SIZE_MAX</tt>,
/// and not <tt>(2^32 - 1) * 32</tt>.
size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen,
const byte *salt, size_t saltLen, word64 cost=2, word64 blockSize=8, word64 parallelization=1) const;
protected:
enum {defaultCost=2, defaultBlockSize=8, defaultParallelization=1};
// KeyDerivationFunction interface
const Algorithm & GetAlgorithm() const {
return *this;
}
inline void ValidateParameters(size_t derivedlen, word64 cost, word64 blockSize, word64 parallelization) const;
};
NAMESPACE_END
#endif // CRYPTOPP_SCRYPT_H

3278
Common/3dParty/cryptopp/sha-simd.cpp
View File

File diff suppressed because it is too large Load Diff

214
Common/3dParty/cryptopp/shacal2-simd.cpp
View File

@ -1,107 +1,107 @@
// shacla2-simd.cpp - written and placed in the public domain by
// Jeffrey Walton and Jack Lloyd
//
// Jack Lloyd and the Botan team allowed Crypto++ to use parts of
// Botan's implementation under the same license as Crypto++
// is released. The code for SHACAL2_Enc_ProcessAndXorBlock_SHANI
// below is Botan's x86_encrypt_blocks with minor tweaks. Many thanks
// to the Botan team. Also see http://github.com/randombit/botan/.
//
// This source file uses intrinsics to gain access to SHA-NI and
// ARMv8a SHA instructions. A separate source file is needed because
// additional CXXFLAGS are required to enable the appropriate instruction
// sets in some build configurations.
#include "pch.h"
#include "config.h"
#include "sha.h"
#include "misc.h"
#if (CRYPTOPP_SHANI_AVAILABLE)
# include <nmmintrin.h>
# include <immintrin.h>
#endif
// Use ARMv8 rather than NEON due to compiler inconsistencies
#if (CRYPTOPP_ARM_SHA_AVAILABLE)
# include <arm_neon.h>
#endif
// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many
// compilers don't follow ACLE conventions for the include.
#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE)
# include <stdint.h>
# include <arm_acle.h>
#endif
// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670
#define M128_CAST(x) ((__m128i *)(void *)(x))
#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
NAMESPACE_BEGIN(CryptoPP)
#if CRYPTOPP_SHANI_AVAILABLE
void SHACAL2_Enc_ProcessAndXorBlock_SHANI(const word32* subKeys, const byte *inBlock, const byte *xorBlock, byte *outBlock)
{
CRYPTOPP_ASSERT(subKeys);
CRYPTOPP_ASSERT(inBlock);
CRYPTOPP_ASSERT(outBlock);
const __m128i MASK1 = _mm_set_epi8(8,9,10,11, 12,13,14,15, 0,1,2,3, 4,5,6,7);
const __m128i MASK2 = _mm_set_epi8(0,1,2,3, 4,5,6,7, 8,9,10,11, 12,13,14,15);
__m128i B0 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(inBlock + 0)), MASK1);
__m128i B1 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(inBlock + 16)), MASK2);
__m128i TMP = _mm_alignr_epi8(B0, B1, 8);
B1 = _mm_blend_epi16(B1, B0, 0xF0);
B0 = TMP;
#if 0
// SSE2 + SSSE3, but 0.2 cpb slower on a Celeraon J3455
const __m128i MASK1 = _mm_set_epi8(8,9,10,11, 12,13,14,15, 0,1,2,3, 4,5,6,7);
const __m128i MASK2 = _mm_set_epi8(0,1,2,3, 4,5,6,7, 8,9,10,11, 12,13,14,15);
__m128i B0 = _mm_loadu_si128(CONST_M128_CAST(inBlock + 0));
__m128i B1 = _mm_loadu_si128(CONST_M128_CAST(inBlock + 16));
__m128i TMP = _mm_shuffle_epi8(_mm_unpacklo_epi64(B0, B1), MASK2);
B1 = _mm_shuffle_epi8(_mm_unpackhi_epi64(B0, B1), MASK2);
B0 = TMP;
#endif
const byte* keys = reinterpret_cast<const byte*>(subKeys);
for (size_t i = 0; i != 8; ++i)
{
const __m128i RK0 = _mm_load_si128(CONST_M128_CAST(keys + 32*i));
const __m128i RK2 = _mm_load_si128(CONST_M128_CAST(keys + 32*i+16));
const __m128i RK1 = _mm_srli_si128(RK0, 8);
const __m128i RK3 = _mm_srli_si128(RK2, 8);
B1 = _mm_sha256rnds2_epu32(B1, B0, RK0);
B0 = _mm_sha256rnds2_epu32(B0, B1, RK1);
B1 = _mm_sha256rnds2_epu32(B1, B0, RK2);
B0 = _mm_sha256rnds2_epu32(B0, B1, RK3);
}
TMP = _mm_shuffle_epi8(_mm_unpackhi_epi64(B0, B1), MASK1);
B1 = _mm_shuffle_epi8(_mm_unpacklo_epi64(B0, B1), MASK1);
B0 = TMP;
if (xorBlock)
{
_mm_storeu_si128(M128_CAST(outBlock + 0),
_mm_xor_si128(B0, _mm_loadu_si128(CONST_M128_CAST(xorBlock + 0))));
_mm_storeu_si128(M128_CAST(outBlock + 16),
_mm_xor_si128(B1, _mm_loadu_si128(CONST_M128_CAST(xorBlock + 16))));
}
else
{
_mm_storeu_si128(M128_CAST(outBlock + 0), B0);
_mm_storeu_si128(M128_CAST(outBlock + 16), B1);
}
}
#endif
NAMESPACE_END
// shacla2-simd.cpp - written and placed in the public domain by
// Jeffrey Walton and Jack Lloyd
//
// Jack Lloyd and the Botan team allowed Crypto++ to use parts of
// Botan's implementation under the same license as Crypto++
// is released. The code for SHACAL2_Enc_ProcessAndXorBlock_SHANI
// below is Botan's x86_encrypt_blocks with minor tweaks. Many thanks
// to the Botan team. Also see http://github.com/randombit/botan/.
//
// This source file uses intrinsics to gain access to SHA-NI and
// ARMv8a SHA instructions. A separate source file is needed because
// additional CXXFLAGS are required to enable the appropriate instruction
// sets in some build configurations.
#include "pch.h"
#include "config.h"
#include "sha.h"
#include "misc.h"
#if (CRYPTOPP_SHANI_AVAILABLE)
# include <nmmintrin.h>
# include <immintrin.h>
#endif
// Use ARMv8 rather than NEON due to compiler inconsistencies
#if (CRYPTOPP_ARM_SHA_AVAILABLE)
# include <arm_neon.h>
#endif
// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many
// compilers don't follow ACLE conventions for the include.
#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE)
# include <stdint.h>
# include <arm_acle.h>
#endif
// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670
#define M128_CAST(x) ((__m128i *)(void *)(x))
#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
NAMESPACE_BEGIN(CryptoPP)
#if CRYPTOPP_SHANI_AVAILABLE
void SHACAL2_Enc_ProcessAndXorBlock_SHANI(const word32* subKeys, const byte *inBlock, const byte *xorBlock, byte *outBlock)
{
CRYPTOPP_ASSERT(subKeys);
CRYPTOPP_ASSERT(inBlock);
CRYPTOPP_ASSERT(outBlock);
const __m128i MASK1 = _mm_set_epi8(8,9,10,11, 12,13,14,15, 0,1,2,3, 4,5,6,7);
const __m128i MASK2 = _mm_set_epi8(0,1,2,3, 4,5,6,7, 8,9,10,11, 12,13,14,15);
__m128i B0 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(inBlock + 0)), MASK1);
__m128i B1 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(inBlock + 16)), MASK2);
__m128i TMP = _mm_alignr_epi8(B0, B1, 8);
B1 = _mm_blend_epi16(B1, B0, 0xF0);
B0 = TMP;
#if 0
// SSE2 + SSSE3, but 0.2 cpb slower on a Celeraon J3455
const __m128i MASK1 = _mm_set_epi8(8,9,10,11, 12,13,14,15, 0,1,2,3, 4,5,6,7);
const __m128i MASK2 = _mm_set_epi8(0,1,2,3, 4,5,6,7, 8,9,10,11, 12,13,14,15);
__m128i B0 = _mm_loadu_si128(CONST_M128_CAST(inBlock + 0));
__m128i B1 = _mm_loadu_si128(CONST_M128_CAST(inBlock + 16));
__m128i TMP = _mm_shuffle_epi8(_mm_unpacklo_epi64(B0, B1), MASK2);
B1 = _mm_shuffle_epi8(_mm_unpackhi_epi64(B0, B1), MASK2);
B0 = TMP;
#endif
const byte* keys = reinterpret_cast<const byte*>(subKeys);
for (size_t i = 0; i != 8; ++i)
{
const __m128i RK0 = _mm_load_si128(CONST_M128_CAST(keys + 32*i));
const __m128i RK2 = _mm_load_si128(CONST_M128_CAST(keys + 32*i+16));
const __m128i RK1 = _mm_srli_si128(RK0, 8);
const __m128i RK3 = _mm_srli_si128(RK2, 8);
B1 = _mm_sha256rnds2_epu32(B1, B0, RK0);
B0 = _mm_sha256rnds2_epu32(B0, B1, RK1);
B1 = _mm_sha256rnds2_epu32(B1, B0, RK2);
B0 = _mm_sha256rnds2_epu32(B0, B1, RK3);
}
TMP = _mm_shuffle_epi8(_mm_unpackhi_epi64(B0, B1), MASK1);
B1 = _mm_shuffle_epi8(_mm_unpacklo_epi64(B0, B1), MASK1);
B0 = TMP;
if (xorBlock)
{
_mm_storeu_si128(M128_CAST(outBlock + 0),
_mm_xor_si128(B0, _mm_loadu_si128(CONST_M128_CAST(xorBlock + 0))));
_mm_storeu_si128(M128_CAST(outBlock + 16),
_mm_xor_si128(B1, _mm_loadu_si128(CONST_M128_CAST(xorBlock + 16))));
}
else
{
_mm_storeu_si128(M128_CAST(outBlock + 0), B0);
_mm_storeu_si128(M128_CAST(outBlock + 16), B1);
}
}
#endif
NAMESPACE_END

2190
Common/3dParty/cryptopp/simon-simd.cpp
View File

File diff suppressed because it is too large Load Diff

926
Common/3dParty/cryptopp/simon.cpp
View File

@ -1,463 +1,463 @@
// simon.h - written and placed in the public domain by Jeffrey Walton
#include "pch.h"
#include "config.h"
#include "simon.h"
#include "misc.h"
#include "cpu.h"
// Uncomment for benchmarking C++ against SSE or NEON.
// Do so in both simon.cpp and simon-simd.cpp.
// #undef CRYPTOPP_SSSE3_AVAILABLE
// #undef CRYPTOPP_SSE41_AVAILABLE
// #undef CRYPTOPP_ARM_NEON_AVAILABLE
ANONYMOUS_NAMESPACE_BEGIN
using CryptoPP::word32;
using CryptoPP::word64;
using CryptoPP::rotlConstant;
using CryptoPP::rotrConstant;
/// \brief Round transformation helper
/// \tparam W word type
/// \param v value
template <class W>
inline W f(const W v)
{
return (rotlConstant<1>(v) & rotlConstant<8>(v)) ^ rotlConstant<2>(v);
}
/// \brief Round transformation
/// \tparam W word type
/// \param x value
/// \param y value
/// \param k value
/// \param l value
template <class W>
inline void R2(W& x, W& y, const W k, const W l)
{
y ^= f(x); y ^= k;
x ^= f(y); x ^= l;
}
/// \brief Forward transformation
/// \tparam W word type
/// \tparam R number of rounds
/// \param c output array
/// \param p input array
/// \param k subkey array
template <class W, unsigned int R>
inline void SIMON_Encrypt(W c[2], const W p[2], const W k[R])
{
c[0]=p[0]; c[1]=p[1];
for (int i = 0; i < static_cast<int>(R-1); i += 2)
R2(c[0], c[1], k[i], k[i + 1]);
if (R & 1)
{
c[1] ^= f(c[0]); c[1] ^= k[R-1];
W t = c[0]; c[0] = c[1]; c[1] = t;
}
}
/// \brief Reverse transformation
/// \tparam W word type
/// \tparam R number of rounds
/// \param p output array
/// \param c input array
/// \param k subkey array
template <class W, unsigned int R>
inline void SIMON_Decrypt(W p[2], const W c[2], const W k[R])
{
p[0]=c[0]; p[1]=c[1];
unsigned int rounds = R;
if (R & 1)
{
const W t = p[1]; p[1] = p[0]; p[0] = t;
p[1] ^= k[R - 1]; p[1] ^= f(p[0]);
rounds--;
}
for (int i = static_cast<int>(rounds - 2); i >= 0; i -= 2)
R2(p[1], p[0], k[i + 1], k[i]);
}
/// \brief Subkey generation function
/// \details Used for SIMON-64 with 96-bit key and 42 rounds. A template was
/// not worthwhile because all instantiations would need specialization.
/// \param key empty subkey array
/// \param k user key array
inline void SIMON64_ExpandKey_3W(word32 key[42], const word32 k[3])
{
const word32 c = 0xfffffffc;
word64 z = W64LIT(0x7369f885192c0ef5);
key[0] = k[2]; key[1] = k[1]; key[2] = k[0];
for (size_t i = 3; i<42; ++i)
{
key[i] = c ^ (z & 1) ^ key[i - 3] ^ rotrConstant<3>(key[i - 1]) ^ rotrConstant<4>(key[i - 1]);
z >>= 1;
}
}
/// \brief Subkey generation function
/// \details Used for SIMON-64 with 128-bit key and 44 rounds. A template was
/// not worthwhile because all instantiations would need specialization.
/// \param key empty subkey array
/// \param k user key array
inline void SIMON64_ExpandKey_4W(word32 key[44], const word32 k[4])
{
const word32 c = 0xfffffffc;
word64 z = W64LIT(0xfc2ce51207a635db);
key[0] = k[3]; key[1] = k[2]; key[2] = k[1]; key[3] = k[0];
for (size_t i = 4; i<44; ++i)
{
key[i] = c ^ (z & 1) ^ key[i - 4] ^ rotrConstant<3>(key[i - 1]) ^ key[i - 3] ^ rotrConstant<4>(key[i - 1]) ^ rotrConstant<1>(key[i - 3]);
z >>= 1;
}
}
/// \brief Subkey generation function
/// \details Used for SIMON-128 with 128-bit key and 68 rounds. A template was
/// not worthwhile because all instantiations would need specialization.
/// \param key empty subkey array
/// \param k user key array
inline void SIMON128_ExpandKey_2W(word64 key[68], const word64 k[2])
{
const word64 c = W64LIT(0xfffffffffffffffc);
word64 z = W64LIT(0x7369f885192c0ef5);
key[0] = k[1]; key[1] = k[0];
for (size_t i=2; i<66; ++i)
{
key[i] = c ^ (z & 1) ^ key[i - 2] ^ rotrConstant<3>(key[i - 1]) ^ rotrConstant<4>(key[i - 1]);
z>>=1;
}
key[66] = c ^ 1 ^ key[64] ^ rotrConstant<3>(key[65]) ^ rotrConstant<4>(key[65]);
key[67] = c^key[65] ^ rotrConstant<3>(key[66]) ^ rotrConstant<4>(key[66]);
}
/// \brief Subkey generation function
/// \details Used for SIMON-128 with 192-bit key and 69 rounds. A template was
/// not worthwhile because all instantiations would need specialization.
/// \param key empty subkey array
/// \param k user key array
inline void SIMON128_ExpandKey_3W(word64 key[69], const word64 k[3])
{
const word64 c = W64LIT(0xfffffffffffffffc);
word64 z = W64LIT(0xfc2ce51207a635db);
key[0]=k[2]; key[1]=k[1]; key[2]=k[0];
for (size_t i=3; i<67; ++i)
{
key[i] = c ^ (z & 1) ^ key[i - 3] ^ rotrConstant<3>(key[i - 1]) ^ rotrConstant<4>(key[i - 1]);
z>>=1;
}
key[67] = c^key[64] ^ rotrConstant<3>(key[66]) ^ rotrConstant<4>(key[66]);
key[68] = c ^ 1 ^ key[65] ^ rotrConstant<3>(key[67]) ^ rotrConstant<4>(key[67]);
}
/// \brief Subkey generation function
/// \details Used for SIMON-128 with 256-bit key and 72 rounds. A template was
/// not worthwhile because all instantiations would need specialization.
/// \param key empty subkey array
/// \param k user key array
inline void SIMON128_ExpandKey_4W(word64 key[72], const word64 k[4])
{
const word64 c = W64LIT(0xfffffffffffffffc);
word64 z = W64LIT(0xfdc94c3a046d678b);
key[0]=k[3]; key[1]=k[2]; key[2]=k[1]; key[3]=k[0];
for (size_t i=4; i<68; ++i)
{
key[i] = c ^ (z & 1) ^ key[i - 4] ^ rotrConstant<3>(key[i - 1]) ^ key[i - 3] ^ rotrConstant<4>(key[i - 1]) ^ rotrConstant<1>(key[i - 3]);
z>>=1;
}
key[68] = c^key[64] ^ rotrConstant<3>(key[67]) ^ key[65] ^ rotrConstant<4>(key[67]) ^ rotrConstant<1>(key[65]);
key[69] = c ^ 1 ^ key[65] ^ rotrConstant<3>(key[68]) ^ key[66] ^ rotrConstant<4>(key[68]) ^ rotrConstant<1>(key[66]);
key[70] = c^key[66] ^ rotrConstant<3>(key[69]) ^ key[67] ^ rotrConstant<4>(key[69]) ^ rotrConstant<1>(key[67]);
key[71] = c^key[67] ^ rotrConstant<3>(key[70]) ^ key[68] ^ rotrConstant<4>(key[70]) ^ rotrConstant<1>(key[68]);
}
ANONYMOUS_NAMESPACE_END
///////////////////////////////////////////////////////////
NAMESPACE_BEGIN(CryptoPP)
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
extern size_t SIMON64_Enc_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SIMON64_Dec_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
extern size_t SIMON128_Enc_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SIMON128_Dec_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
#if defined(CRYPTOPP_SSE41_AVAILABLE)
extern size_t SIMON64_Enc_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SIMON64_Dec_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
#if defined(CRYPTOPP_SSSE3_AVAILABLE)
extern size_t SIMON128_Enc_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SIMON128_Dec_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
void SIMON64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params)
{
CRYPTOPP_ASSERT(keyLength == 12 || keyLength == 16);
CRYPTOPP_UNUSED(params);
// Building the key schedule table requires {3,4} words workspace.
// Encrypting and decrypting requires 4 words workspace.
m_kwords = keyLength/sizeof(word32);
m_wspace.New(4U);
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word32, LittleEndian, false> KeyBlock;
KeyBlock kblk(userKey);
switch (m_kwords)
{
case 3:
m_rkeys.New((m_rounds = 42));
kblk(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SIMON64_ExpandKey_3W(m_rkeys, m_wspace);
break;
case 4:
m_rkeys.New((m_rounds = 44));
kblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SIMON64_ExpandKey_4W(m_rkeys, m_wspace);
break;
default:
CRYPTOPP_ASSERT(0);;
}
}
void SIMON64::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word32, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 42:
SIMON_Encrypt<word32, 42>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 44:
SIMON_Encrypt<word32, 44>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word32, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
void SIMON64::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word32, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 42:
SIMON_Decrypt<word32, 42>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 44:
SIMON_Decrypt<word32, 44>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word32, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
///////////////////////////////////////////////////////////
void SIMON128::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params)
{
CRYPTOPP_ASSERT(keyLength == 16 || keyLength == 24 || keyLength == 32);
CRYPTOPP_UNUSED(params);
// Building the key schedule table requires {2,3,4} words workspace.
// Encrypting and decrypting requires 4 words workspace.
m_kwords = keyLength/sizeof(word64);
m_wspace.New(4U);
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word64, LittleEndian, false> KeyBlock;
KeyBlock kblk(userKey);
switch (m_kwords)
{
case 2:
m_rkeys.New((m_rounds = 68));
kblk(m_wspace[1])(m_wspace[0]);
SIMON128_ExpandKey_2W(m_rkeys, m_wspace);
break;
case 3:
m_rkeys.New((m_rounds = 69));
kblk(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SIMON128_ExpandKey_3W(m_rkeys, m_wspace);
break;
case 4:
m_rkeys.New((m_rounds = 72));
kblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SIMON128_ExpandKey_4W(m_rkeys, m_wspace);
break;
default:
CRYPTOPP_ASSERT(0);;
}
}
void SIMON128::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 68:
SIMON_Encrypt<word64, 68>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 69:
SIMON_Encrypt<word64, 69>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 72:
SIMON_Encrypt<word64, 72>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
void SIMON128::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 68:
SIMON_Decrypt<word64, 68>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 69:
SIMON_Decrypt<word64, 69>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 72:
SIMON_Decrypt<word64, 72>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
#if defined(CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS)
size_t SIMON64::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSE41_AVAILABLE)
if (HasSSE41())
return SIMON64_Enc_AdvancedProcessBlocks_SSE41(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SIMON64_Enc_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
size_t SIMON64::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSE41_AVAILABLE)
if (HasSSE41())
return SIMON64_Dec_AdvancedProcessBlocks_SSE41(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SIMON64_Dec_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
#endif // CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS
#if defined(CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS)
size_t SIMON128::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSSE3_AVAILABLE)
if (HasSSSE3())
return SIMON128_Enc_AdvancedProcessBlocks_SSSE3(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SIMON128_Enc_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
size_t SIMON128::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSSE3_AVAILABLE)
if (HasSSSE3())
return SIMON128_Dec_AdvancedProcessBlocks_SSSE3(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SIMON128_Dec_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
#endif // CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS
NAMESPACE_END
// simon.h - written and placed in the public domain by Jeffrey Walton
#include "pch.h"
#include "config.h"
#include "simon.h"
#include "misc.h"
#include "cpu.h"
// Uncomment for benchmarking C++ against SSE or NEON.
// Do so in both simon.cpp and simon-simd.cpp.
// #undef CRYPTOPP_SSSE3_AVAILABLE
// #undef CRYPTOPP_SSE41_AVAILABLE
// #undef CRYPTOPP_ARM_NEON_AVAILABLE
ANONYMOUS_NAMESPACE_BEGIN
using CryptoPP::word32;
using CryptoPP::word64;
using CryptoPP::rotlConstant;
using CryptoPP::rotrConstant;
/// \brief Round transformation helper
/// \tparam W word type
/// \param v value
template <class W>
inline W f(const W v)
{
return (rotlConstant<1>(v) & rotlConstant<8>(v)) ^ rotlConstant<2>(v);
}
/// \brief Round transformation
/// \tparam W word type
/// \param x value
/// \param y value
/// \param k value
/// \param l value
template <class W>
inline void R2(W& x, W& y, const W k, const W l)
{
y ^= f(x); y ^= k;
x ^= f(y); x ^= l;
}
/// \brief Forward transformation
/// \tparam W word type
/// \tparam R number of rounds
/// \param c output array
/// \param p input array
/// \param k subkey array
template <class W, unsigned int R>
inline void SIMON_Encrypt(W c[2], const W p[2], const W k[R])
{
c[0]=p[0]; c[1]=p[1];
for (int i = 0; i < static_cast<int>(R-1); i += 2)
R2(c[0], c[1], k[i], k[i + 1]);
if (R & 1)
{
c[1] ^= f(c[0]); c[1] ^= k[R-1];
W t = c[0]; c[0] = c[1]; c[1] = t;
}
}
/// \brief Reverse transformation
/// \tparam W word type
/// \tparam R number of rounds
/// \param p output array
/// \param c input array
/// \param k subkey array
template <class W, unsigned int R>
inline void SIMON_Decrypt(W p[2], const W c[2], const W k[R])
{
p[0]=c[0]; p[1]=c[1];
unsigned int rounds = R;
if (R & 1)
{
const W t = p[1]; p[1] = p[0]; p[0] = t;
p[1] ^= k[R - 1]; p[1] ^= f(p[0]);
rounds--;
}
for (int i = static_cast<int>(rounds - 2); i >= 0; i -= 2)
R2(p[1], p[0], k[i + 1], k[i]);
}
/// \brief Subkey generation function
/// \details Used for SIMON-64 with 96-bit key and 42 rounds. A template was
/// not worthwhile because all instantiations would need specialization.
/// \param key empty subkey array
/// \param k user key array
inline void SIMON64_ExpandKey_3W(word32 key[42], const word32 k[3])
{
const word32 c = 0xfffffffc;
word64 z = W64LIT(0x7369f885192c0ef5);
key[0] = k[2]; key[1] = k[1]; key[2] = k[0];
for (size_t i = 3; i<42; ++i)
{
key[i] = c ^ (z & 1) ^ key[i - 3] ^ rotrConstant<3>(key[i - 1]) ^ rotrConstant<4>(key[i - 1]);
z >>= 1;
}
}
/// \brief Subkey generation function
/// \details Used for SIMON-64 with 128-bit key and 44 rounds. A template was
/// not worthwhile because all instantiations would need specialization.
/// \param key empty subkey array
/// \param k user key array
inline void SIMON64_ExpandKey_4W(word32 key[44], const word32 k[4])
{
const word32 c = 0xfffffffc;
word64 z = W64LIT(0xfc2ce51207a635db);
key[0] = k[3]; key[1] = k[2]; key[2] = k[1]; key[3] = k[0];
for (size_t i = 4; i<44; ++i)
{
key[i] = c ^ (z & 1) ^ key[i - 4] ^ rotrConstant<3>(key[i - 1]) ^ key[i - 3] ^ rotrConstant<4>(key[i - 1]) ^ rotrConstant<1>(key[i - 3]);
z >>= 1;
}
}
/// \brief Subkey generation function
/// \details Used for SIMON-128 with 128-bit key and 68 rounds. A template was
/// not worthwhile because all instantiations would need specialization.
/// \param key empty subkey array
/// \param k user key array
inline void SIMON128_ExpandKey_2W(word64 key[68], const word64 k[2])
{
const word64 c = W64LIT(0xfffffffffffffffc);
word64 z = W64LIT(0x7369f885192c0ef5);
key[0] = k[1]; key[1] = k[0];
for (size_t i=2; i<66; ++i)
{
key[i] = c ^ (z & 1) ^ key[i - 2] ^ rotrConstant<3>(key[i - 1]) ^ rotrConstant<4>(key[i - 1]);
z>>=1;
}
key[66] = c ^ 1 ^ key[64] ^ rotrConstant<3>(key[65]) ^ rotrConstant<4>(key[65]);
key[67] = c^key[65] ^ rotrConstant<3>(key[66]) ^ rotrConstant<4>(key[66]);
}
/// \brief Subkey generation function
/// \details Used for SIMON-128 with 192-bit key and 69 rounds. A template was
/// not worthwhile because all instantiations would need specialization.
/// \param key empty subkey array
/// \param k user key array
inline void SIMON128_ExpandKey_3W(word64 key[69], const word64 k[3])
{
const word64 c = W64LIT(0xfffffffffffffffc);
word64 z = W64LIT(0xfc2ce51207a635db);
key[0]=k[2]; key[1]=k[1]; key[2]=k[0];
for (size_t i=3; i<67; ++i)
{
key[i] = c ^ (z & 1) ^ key[i - 3] ^ rotrConstant<3>(key[i - 1]) ^ rotrConstant<4>(key[i - 1]);
z>>=1;
}
key[67] = c^key[64] ^ rotrConstant<3>(key[66]) ^ rotrConstant<4>(key[66]);
key[68] = c ^ 1 ^ key[65] ^ rotrConstant<3>(key[67]) ^ rotrConstant<4>(key[67]);
}
/// \brief Subkey generation function
/// \details Used for SIMON-128 with 256-bit key and 72 rounds. A template was
/// not worthwhile because all instantiations would need specialization.
/// \param key empty subkey array
/// \param k user key array
inline void SIMON128_ExpandKey_4W(word64 key[72], const word64 k[4])
{
const word64 c = W64LIT(0xfffffffffffffffc);
word64 z = W64LIT(0xfdc94c3a046d678b);
key[0]=k[3]; key[1]=k[2]; key[2]=k[1]; key[3]=k[0];
for (size_t i=4; i<68; ++i)
{
key[i] = c ^ (z & 1) ^ key[i - 4] ^ rotrConstant<3>(key[i - 1]) ^ key[i - 3] ^ rotrConstant<4>(key[i - 1]) ^ rotrConstant<1>(key[i - 3]);
z>>=1;
}
key[68] = c^key[64] ^ rotrConstant<3>(key[67]) ^ key[65] ^ rotrConstant<4>(key[67]) ^ rotrConstant<1>(key[65]);
key[69] = c ^ 1 ^ key[65] ^ rotrConstant<3>(key[68]) ^ key[66] ^ rotrConstant<4>(key[68]) ^ rotrConstant<1>(key[66]);
key[70] = c^key[66] ^ rotrConstant<3>(key[69]) ^ key[67] ^ rotrConstant<4>(key[69]) ^ rotrConstant<1>(key[67]);
key[71] = c^key[67] ^ rotrConstant<3>(key[70]) ^ key[68] ^ rotrConstant<4>(key[70]) ^ rotrConstant<1>(key[68]);
}
ANONYMOUS_NAMESPACE_END
///////////////////////////////////////////////////////////
NAMESPACE_BEGIN(CryptoPP)
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
extern size_t SIMON64_Enc_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SIMON64_Dec_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
extern size_t SIMON128_Enc_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SIMON128_Dec_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
#if defined(CRYPTOPP_SSE41_AVAILABLE)
extern size_t SIMON64_Enc_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SIMON64_Dec_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
#if defined(CRYPTOPP_SSSE3_AVAILABLE)
extern size_t SIMON128_Enc_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SIMON128_Dec_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
void SIMON64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params)
{
CRYPTOPP_ASSERT(keyLength == 12 || keyLength == 16);
CRYPTOPP_UNUSED(params);
// Building the key schedule table requires {3,4} words workspace.
// Encrypting and decrypting requires 4 words workspace.
m_kwords = keyLength/sizeof(word32);
m_wspace.New(4U);
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word32, LittleEndian, false> KeyBlock;
KeyBlock kblk(userKey);
switch (m_kwords)
{
case 3:
m_rkeys.New((m_rounds = 42));
kblk(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SIMON64_ExpandKey_3W(m_rkeys, m_wspace);
break;
case 4:
m_rkeys.New((m_rounds = 44));
kblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SIMON64_ExpandKey_4W(m_rkeys, m_wspace);
break;
default:
CRYPTOPP_ASSERT(0);;
}
}
void SIMON64::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word32, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 42:
SIMON_Encrypt<word32, 42>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 44:
SIMON_Encrypt<word32, 44>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word32, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
void SIMON64::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word32, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 42:
SIMON_Decrypt<word32, 42>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 44:
SIMON_Decrypt<word32, 44>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word32, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
///////////////////////////////////////////////////////////
void SIMON128::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params)
{
CRYPTOPP_ASSERT(keyLength == 16 || keyLength == 24 || keyLength == 32);
CRYPTOPP_UNUSED(params);
// Building the key schedule table requires {2,3,4} words workspace.
// Encrypting and decrypting requires 4 words workspace.
m_kwords = keyLength/sizeof(word64);
m_wspace.New(4U);
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word64, LittleEndian, false> KeyBlock;
KeyBlock kblk(userKey);
switch (m_kwords)
{
case 2:
m_rkeys.New((m_rounds = 68));
kblk(m_wspace[1])(m_wspace[0]);
SIMON128_ExpandKey_2W(m_rkeys, m_wspace);
break;
case 3:
m_rkeys.New((m_rounds = 69));
kblk(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SIMON128_ExpandKey_3W(m_rkeys, m_wspace);
break;
case 4:
m_rkeys.New((m_rounds = 72));
kblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SIMON128_ExpandKey_4W(m_rkeys, m_wspace);
break;
default:
CRYPTOPP_ASSERT(0);;
}
}
void SIMON128::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 68:
SIMON_Encrypt<word64, 68>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 69:
SIMON_Encrypt<word64, 69>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 72:
SIMON_Encrypt<word64, 72>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
void SIMON128::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 68:
SIMON_Decrypt<word64, 68>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 69:
SIMON_Decrypt<word64, 69>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 72:
SIMON_Decrypt<word64, 72>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
#if defined(CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS)
size_t SIMON64::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSE41_AVAILABLE)
if (HasSSE41())
return SIMON64_Enc_AdvancedProcessBlocks_SSE41(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SIMON64_Enc_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
size_t SIMON64::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSE41_AVAILABLE)
if (HasSSE41())
return SIMON64_Dec_AdvancedProcessBlocks_SSE41(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SIMON64_Dec_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
#endif // CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS
#if defined(CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS)
size_t SIMON128::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSSE3_AVAILABLE)
if (HasSSSE3())
return SIMON128_Enc_AdvancedProcessBlocks_SSSE3(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SIMON128_Enc_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
size_t SIMON128::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSSE3_AVAILABLE)
if (HasSSSE3())
return SIMON128_Dec_AdvancedProcessBlocks_SSSE3(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SIMON128_Dec_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
#endif // CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS
NAMESPACE_END

360
Common/3dParty/cryptopp/simon.h
View File

@ -1,180 +1,180 @@
// simon.h - written and placed in the public domain by Jeffrey Walton
/// \file simon.h
/// \brief Classes for the Simon block cipher
/// \details Simon is a block cipher designed by Ray Beaulieu, Douglas Shors, Jason Smith,
/// Stefan Treatman-Clark, Bryan Weeks and Louis Wingers.
/// \sa <A HREF="http://eprint.iacr.org/2013/404">The SIMON and SPECK Families of
/// Lightweight Block Ciphers</A>, <A HREF="http://iadgov.github.io/simon-speck/">
/// The Simon and Speck GitHub</A> and <A HREF="https://www.cryptopp.com/wiki/SIMON">
/// SIMON</A> on the Crypto++ wiki.
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_SIMON_H
#define CRYPTOPP_SIMON_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64
# define CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS 1
#endif
#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64
# define CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS 1
#endif
NAMESPACE_BEGIN(CryptoPP)
/// \brief SIMON block cipher information
/// \tparam L block size of the cipher, in bytes
/// \tparam D default key length, in bytes
/// \tparam N minimum key length, in bytes
/// \tparam M maximum key length, in bytes
/// \since Crypto++ 6.0
template <unsigned int L, unsigned int D, unsigned int N, unsigned int M>
struct SIMON_Info : public FixedBlockSize<L>, VariableKeyLength<D, N, M>
{
static const std::string StaticAlgorithmName()
{
// Format is Cipher-Blocksize(Keylength)
return "SIMON-" + IntToString(L*8);
}
};
/// \brief SIMON block cipher base class
/// \tparam W the word type
/// \details User code should use SIMON64 or SIMON128
/// \sa SIMON64, SIMON128, <a href="http://www.cryptopp.com/wiki/SIMON">SIMON</a> on the Crypto++ wiki
/// \since Crypto++ 6.0
template <class W>
struct SIMON_Base
{
virtual ~SIMON_Base() {}
SIMON_Base() : m_kwords(0), m_rounds(0) {}
typedef SecBlock<W, AllocatorWithCleanup<W, true> > AlignedSecBlock;
mutable AlignedSecBlock m_wspace; // workspace
AlignedSecBlock m_rkeys; // round keys
unsigned int m_kwords; // number of key words
unsigned int m_rounds; // number of rounds
};
/// \brief SIMON 64-bit block cipher
/// \details Simon is a block cipher designed by Ray Beaulieu, Douglas Shors, Jason Smith,
/// Stefan Treatman-Clark, Bryan Weeks and Louis Wingers.
/// \details SIMON64 provides 64-bit block size. The valid key sizes are 96-bit and 128-bit.
/// \sa SIMON64, SIMON128, <A HREF="http://eprint.iacr.org/2013/404">The SIMON and SIMON
/// Families of Lightweight Block Ciphers</A>, <A HREF="http://iadgov.github.io/simon-speck/">
/// The Simon and Speck GitHub</A>, <a href="http://www.cryptopp.com/wiki/SIMON">SIMON</a> on the
/// Crypto++ wiki
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE SIMON64 : public SIMON_Info<8, 12, 12, 16>, public BlockCipherDocumentation
{
public:
/// \brief SIMON block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : protected SIMON_Base<word32>, public BlockCipherImpl<SIMON_Info<8, 12, 12, 16> >
{
public:
std::string AlgorithmName() const {
return StaticAlgorithmName() + (m_kwords == 0 ? "" :
"(" + IntToString(m_kwords*sizeof(word32)*8) + ")");
}
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
public:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
public:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
/// \brief SIMON 128-bit block cipher
/// \details Simon is a block cipher designed by Ray Beaulieu, Douglas Shors, Jason Smith,
/// Stefan Treatman-Clark, Bryan Weeks and Louis Wingers.
/// \details SIMON128 provides 128-bit block size. The valid key sizes are 128-bit, 192-bit and 256-bit.
/// \sa SIMON64, SIMON128, <A HREF="http://eprint.iacr.org/2013/404">The SIMON and SIMON
/// Families of Lightweight Block Ciphers</A>, <A HREF="http://iadgov.github.io/simon-speck/">
/// The Simon and Speck GitHub</A>, <a href="http://www.cryptopp.com/wiki/SIMON">SIMON</a> on the
/// Crypto++ wiki
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE SIMON128 : public SIMON_Info<16, 16, 16, 32>, public BlockCipherDocumentation
{
public:
/// \brief SIMON block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : protected SIMON_Base<word64>, public BlockCipherImpl<SIMON_Info<16, 16, 16, 32> >
{
public:
std::string AlgorithmName() const {
return StaticAlgorithmName() + (m_kwords == 0 ? "" :
"(" + IntToString(m_kwords*sizeof(word64)*8) + ")");
}
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
public:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
public:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
NAMESPACE_END
#endif // CRYPTOPP_SIMON_H
// simon.h - written and placed in the public domain by Jeffrey Walton
/// \file simon.h
/// \brief Classes for the Simon block cipher
/// \details Simon is a block cipher designed by Ray Beaulieu, Douglas Shors, Jason Smith,
/// Stefan Treatman-Clark, Bryan Weeks and Louis Wingers.
/// \sa <A HREF="http://eprint.iacr.org/2013/404">The SIMON and SPECK Families of
/// Lightweight Block Ciphers</A>, <A HREF="http://iadgov.github.io/simon-speck/">
/// The Simon and Speck GitHub</A> and <A HREF="https://www.cryptopp.com/wiki/SIMON">
/// SIMON</A> on the Crypto++ wiki.
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_SIMON_H
#define CRYPTOPP_SIMON_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64
# define CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS 1
#endif
#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64
# define CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS 1
#endif
NAMESPACE_BEGIN(CryptoPP)
/// \brief SIMON block cipher information
/// \tparam L block size of the cipher, in bytes
/// \tparam D default key length, in bytes
/// \tparam N minimum key length, in bytes
/// \tparam M maximum key length, in bytes
/// \since Crypto++ 6.0
template <unsigned int L, unsigned int D, unsigned int N, unsigned int M>
struct SIMON_Info : public FixedBlockSize<L>, VariableKeyLength<D, N, M>
{
static const std::string StaticAlgorithmName()
{
// Format is Cipher-Blocksize(Keylength)
return "SIMON-" + IntToString(L*8);
}
};
/// \brief SIMON block cipher base class
/// \tparam W the word type
/// \details User code should use SIMON64 or SIMON128
/// \sa SIMON64, SIMON128, <a href="http://www.cryptopp.com/wiki/SIMON">SIMON</a> on the Crypto++ wiki
/// \since Crypto++ 6.0
template <class W>
struct SIMON_Base
{
virtual ~SIMON_Base() {}
SIMON_Base() : m_kwords(0), m_rounds(0) {}
typedef SecBlock<W, AllocatorWithCleanup<W, true> > AlignedSecBlock;
mutable AlignedSecBlock m_wspace; // workspace
AlignedSecBlock m_rkeys; // round keys
unsigned int m_kwords; // number of key words
unsigned int m_rounds; // number of rounds
};
/// \brief SIMON 64-bit block cipher
/// \details Simon is a block cipher designed by Ray Beaulieu, Douglas Shors, Jason Smith,
/// Stefan Treatman-Clark, Bryan Weeks and Louis Wingers.
/// \details SIMON64 provides 64-bit block size. The valid key sizes are 96-bit and 128-bit.
/// \sa SIMON64, SIMON128, <A HREF="http://eprint.iacr.org/2013/404">The SIMON and SIMON
/// Families of Lightweight Block Ciphers</A>, <A HREF="http://iadgov.github.io/simon-speck/">
/// The Simon and Speck GitHub</A>, <a href="http://www.cryptopp.com/wiki/SIMON">SIMON</a> on the
/// Crypto++ wiki
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE SIMON64 : public SIMON_Info<8, 12, 12, 16>, public BlockCipherDocumentation
{
public:
/// \brief SIMON block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : protected SIMON_Base<word32>, public BlockCipherImpl<SIMON_Info<8, 12, 12, 16> >
{
public:
std::string AlgorithmName() const {
return StaticAlgorithmName() + (m_kwords == 0 ? "" :
"(" + IntToString(m_kwords*sizeof(word32)*8) + ")");
}
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
/// \brief SIMON 128-bit block cipher
/// \details Simon is a block cipher designed by Ray Beaulieu, Douglas Shors, Jason Smith,
/// Stefan Treatman-Clark, Bryan Weeks and Louis Wingers.
/// \details SIMON128 provides 128-bit block size. The valid key sizes are 128-bit, 192-bit and 256-bit.
/// \sa SIMON64, SIMON128, <A HREF="http://eprint.iacr.org/2013/404">The SIMON and SIMON
/// Families of Lightweight Block Ciphers</A>, <A HREF="http://iadgov.github.io/simon-speck/">
/// The Simon and Speck GitHub</A>, <a href="http://www.cryptopp.com/wiki/SIMON">SIMON</a> on the
/// Crypto++ wiki
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE SIMON128 : public SIMON_Info<16, 16, 16, 32>, public BlockCipherDocumentation
{
public:
/// \brief SIMON block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : protected SIMON_Base<word64>, public BlockCipherImpl<SIMON_Info<16, 16, 16, 32> >
{
public:
std::string AlgorithmName() const {
return StaticAlgorithmName() + (m_kwords == 0 ? "" :
"(" + IntToString(m_kwords*sizeof(word64)*8) + ")");
}
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
NAMESPACE_END
#endif // CRYPTOPP_SIMON_H

624
Common/3dParty/cryptopp/siphash.h
View File

@ -1,312 +1,312 @@
// siphash.h - written and placed in public domain by Jeffrey Walton.
/// \file siphash.h
/// \brief Classes for SipHash message authentication code
/// \details SipHash computes a 64-bit or 128-bit message authentication code from a variable-length
/// message and 128-bit secret key. It was designed to be efficient even for short inputs, with
/// performance comparable to non-cryptographic hash functions.
/// \details To create a SipHash-2-4 object with a 64-bit MAC use code similar to the following.
/// <pre> SecByteBlock key(16);
/// prng.GenerateBlock(key, key.size());
///
/// SipHash<2,4,false> hash(key, key.size());
/// hash.Update(...);
/// hash.Final(...);</pre>
/// \details To create a SipHash-2-4 object with a 128-bit MAC use code similar to the following.
/// <pre> SecByteBlock key(16);
/// prng.GenerateBlock(key, key.size());
///
/// SipHash<2,4,true> hash(key, key.size());
/// hash.Update(...);
/// hash.Final(...);</pre>
/// \sa Jean-Philippe Aumasson and Daniel J. Bernstein <A HREF="http://131002.net/siphash/siphash.pdf">SipHash:
/// a fast short-input PRF</A>
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_SIPHASH_H
#define CRYPTOPP_SIPHASH_H
#include "cryptlib.h"
#include "secblock.h"
#include "misc.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief SipHash message authentication code information
/// \tparam T_128bit flag indicating 128-bit (true) versus 64-bit (false) digest size
template <bool T_128bit>
class SipHash_Info : public FixedKeyLength<16>
{
public:
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "SipHash";}
CRYPTOPP_CONSTANT(DIGESTSIZE = (T_128bit ? 16 : 8))
};
/// \brief SipHash message authentication code base class
/// \tparam C the number of compression rounds
/// \tparam D the number of finalization rounds
/// \tparam T_128bit flag indicating 128-bit (true) versus 64-bit (false) digest size
template <unsigned int C, unsigned int D, bool T_128bit>
class SipHash_Base : public MessageAuthenticationCode, public SipHash_Info<T_128bit>
{
public:
static std::string StaticAlgorithmName() {
return std::string(SipHash_Info<T_128bit>::StaticAlgorithmName())+"-"+IntToString(C)+"-"+IntToString(D);
}
virtual ~SipHash_Base() {}
SipHash_Base() : m_idx(0) {}
virtual unsigned int DigestSize() const
{return SipHash_Info<T_128bit>::DIGESTSIZE;}
virtual size_t MinKeyLength() const
{return SipHash_Info<T_128bit>::MIN_KEYLENGTH;}
virtual size_t MaxKeyLength() const
{return SipHash_Info<T_128bit>::MAX_KEYLENGTH;}
virtual size_t DefaultKeyLength() const
{return SipHash_Info<T_128bit>::DEFAULT_KEYLENGTH;}
virtual size_t GetValidKeyLength(size_t keylength) const
{CRYPTOPP_UNUSED(keylength); return SipHash_Info<T_128bit>::DEFAULT_KEYLENGTH;}
virtual IV_Requirement IVRequirement() const
{return SimpleKeyingInterface::NOT_RESYNCHRONIZABLE;}
virtual unsigned int IVSize() const
{return 0;}
virtual unsigned int OptimalBlockSize() const
{return sizeof(word64);}
virtual unsigned int OptimalDataAlignment () const
{return GetAlignmentOf<word64>();}
virtual void Update(const byte *input, size_t length);
virtual void TruncatedFinal(byte *digest, size_t digestSize);
protected:
virtual void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params);
virtual void Restart();
inline void SIPROUND()
{
m_v[0] += m_v[1];
m_v[1] = rotlConstant<13>(m_v[1]);
m_v[1] ^= m_v[0];
m_v[0] = rotlConstant<32>(m_v[0]);
m_v[2] += m_v[3];
m_v[3] = rotlConstant<16>(m_v[3]);
m_v[3] ^= m_v[2];
m_v[0] += m_v[3];
m_v[3] = rotlConstant<21>(m_v[3]);
m_v[3] ^= m_v[0];
m_v[2] += m_v[1];
m_v[1] = rotlConstant<17>(m_v[1]);
m_v[1] ^= m_v[2];
m_v[2] = rotlConstant<32>(m_v[2]);
}
private:
FixedSizeSecBlock<word64, 4> m_v;
FixedSizeSecBlock<word64, 2> m_k;
FixedSizeSecBlock<word64, 2> m_b;
// Tail bytes
FixedSizeSecBlock<byte, 8> m_acc;
size_t m_idx;
};
/// \brief SipHash message authentication code
/// \tparam C the number of compression rounds
/// \tparam D the number of finalization rounds
/// \tparam T_128bit flag indicating 128-bit (true) versus 64-bit (false) digest size
/// \details SipHash computes a 64-bit or 128-bit message authentication code from a variable-length
/// message and 128-bit secret key. It was designed to be efficient even for short inputs, with
/// performance comparable to non-cryptographic hash functions.
/// \details To create a SipHash-2-4 object with a 64-bit MAC use code similar to the following.
/// <pre> SecByteBlock key(16);
/// prng.GenerateBlock(key, key.size());
///
/// SipHash<2,4,false> hash(key, key.size());
/// hash.Update(...);
/// hash.Final(...);</pre>
/// \details To create a SipHash-2-4 object with a 128-bit MAC use code similar to the following.
/// <pre> SecByteBlock key(16);
/// prng.GenerateBlock(key, key.size());
///
/// SipHash<2,4,true> hash(key, key.size());
/// hash.Update(...);
/// hash.Final(...);</pre>
/// \sa Jean-Philippe Aumasson and Daniel J. Bernstein <A HREF="http://131002.net/siphash/siphash.pdf">SipHash:
/// a fast short-input PRF</A>
/// \since Crypto++ 6.0
template <unsigned int C=2, unsigned int D=4, bool T_128bit=false>
class SipHash : public SipHash_Base<C, D, T_128bit>
{
public:
/// \brief Create a SipHash
SipHash()
{this->UncheckedSetKey(NULLPTR, 0, g_nullNameValuePairs);}
/// \brief Create a SipHash
/// \param key a byte array used to key the cipher
/// \param length the size of the byte array, in bytes
SipHash(const byte *key, unsigned int length)
{this->UncheckedSetKey(key, length, g_nullNameValuePairs);}
};
template <unsigned int C, unsigned int D, bool T_128bit>
void SipHash_Base<C,D,T_128bit>::Update(const byte *input, size_t length)
{
CRYPTOPP_ASSERT((input && length) || !length);
if (!length) return;
if (m_idx)
{
size_t head = STDMIN(size_t(8U-m_idx), length);
memcpy(m_acc+m_idx, input, head);
m_idx += head; input += head; length -= head;
if (m_idx == 8)
{
word64 m = GetWord<word64>(true, LITTLE_ENDIAN_ORDER, m_acc);
m_v[3] ^= m;
for (unsigned int i = 0; i < C; ++i)
SIPROUND();
m_v[0] ^= m;
m_b[0] += 8;
m_idx = 0;
}
}
while (length >= 8)
{
word64 m = GetWord<word64>(false, LITTLE_ENDIAN_ORDER, input);
m_v[3] ^= m;
for (unsigned int i = 0; i < C; ++i)
SIPROUND();
m_v[0] ^= m;
m_b[0] += 8;
input += 8;
length -= 8;
}
CRYPTOPP_ASSERT(length < 8);
size_t tail = length % 8;
if (tail)
{
memcpy(m_acc+m_idx, input, tail);
m_idx += tail;
}
}
template <unsigned int C, unsigned int D, bool T_128bit>
void SipHash_Base<C,D,T_128bit>::TruncatedFinal(byte *digest, size_t digestSize)
{
CRYPTOPP_ASSERT(digest); // Pointer is valid
ThrowIfInvalidTruncatedSize(digestSize);
// The high octet holds length and is digested mod 256
m_b[0] += m_idx; m_b[0] <<= 56U;
switch (m_idx)
{
case 7:
m_b[0] |= ((word64)m_acc[6]) << 48;
// fall through
case 6:
m_b[0] |= ((word64)m_acc[5]) << 40;
// fall through
case 5:
m_b[0] |= ((word64)m_acc[4]) << 32;
// fall through
case 4:
m_b[0] |= ((word64)m_acc[3]) << 24;
// fall through
case 3:
m_b[0] |= ((word64)m_acc[2]) << 16;
// fall through
case 2:
m_b[0] |= ((word64)m_acc[1]) << 8;
// fall through
case 1:
m_b[0] |= ((word64)m_acc[0]);
// fall through
case 0:
break;
}
m_v[3] ^= m_b[0];
for (unsigned int i=0; i<C; i++)
SIPROUND();
m_v[0] ^= m_b[0];
if (T_128bit)
m_v[2] ^= 0xee;
else
m_v[2] ^= 0xff;
for (unsigned int i=0; i<D; i++)
SIPROUND();
m_b[0] = m_v[0] ^ m_v[1] ^ m_v[2] ^ m_v[3];
m_b[0] = ConditionalByteReverse(LITTLE_ENDIAN_ORDER, m_b[0]);
if (T_128bit)
{
m_v[1] ^= 0xdd;
for (unsigned int i = 0; i<D; ++i)
SIPROUND();
m_b[1] = m_v[0] ^ m_v[1] ^ m_v[2] ^ m_v[3];
m_b[1] = ConditionalByteReverse(LITTLE_ENDIAN_ORDER, m_b[1]);
}
memcpy_s(digest, digestSize, m_b.begin(), STDMIN(digestSize, (size_t)SipHash_Info<T_128bit>::DIGESTSIZE));
Restart();
}
template <unsigned int C, unsigned int D, bool T_128bit>
void SipHash_Base<C,D,T_128bit>::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
{
CRYPTOPP_UNUSED(params);
if (key && length)
{
m_k[0] = GetWord<word64>(false, LITTLE_ENDIAN_ORDER, key);
m_k[1] = GetWord<word64>(false, LITTLE_ENDIAN_ORDER, key+8);
}
else
{
// Avoid Coverity finding
m_k[0] = m_k[1] = 0;
}
Restart();
}
template <unsigned int C, unsigned int D, bool T_128bit>
void SipHash_Base<C,D,T_128bit>::Restart ()
{
m_v[0] = W64LIT(0x736f6d6570736575);
m_v[1] = W64LIT(0x646f72616e646f6d);
m_v[2] = W64LIT(0x6c7967656e657261);
m_v[3] = W64LIT(0x7465646279746573);
m_v[3] ^= m_k[1];
m_v[2] ^= m_k[0];
m_v[1] ^= m_k[1];
m_v[0] ^= m_k[0];
if (T_128bit)
{
m_v[1] ^= 0xee;
}
m_idx = 0;
m_b[0] = 0;
}
NAMESPACE_END
#endif // CRYPTOPP_SIPHASH_H
// siphash.h - written and placed in public domain by Jeffrey Walton.
/// \file siphash.h
/// \brief Classes for SipHash message authentication code
/// \details SipHash computes a 64-bit or 128-bit message authentication code from a variable-length
/// message and 128-bit secret key. It was designed to be efficient even for short inputs, with
/// performance comparable to non-cryptographic hash functions.
/// \details To create a SipHash-2-4 object with a 64-bit MAC use code similar to the following.
/// <pre> SecByteBlock key(16);
/// prng.GenerateBlock(key, key.size());
///
/// SipHash<2,4,false> hash(key, key.size());
/// hash.Update(...);
/// hash.Final(...);</pre>
/// \details To create a SipHash-2-4 object with a 128-bit MAC use code similar to the following.
/// <pre> SecByteBlock key(16);
/// prng.GenerateBlock(key, key.size());
///
/// SipHash<2,4,true> hash(key, key.size());
/// hash.Update(...);
/// hash.Final(...);</pre>
/// \sa Jean-Philippe Aumasson and Daniel J. Bernstein <A HREF="http://131002.net/siphash/siphash.pdf">SipHash:
/// a fast short-input PRF</A>
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_SIPHASH_H
#define CRYPTOPP_SIPHASH_H
#include "cryptlib.h"
#include "secblock.h"
#include "misc.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief SipHash message authentication code information
/// \tparam T_128bit flag indicating 128-bit (true) versus 64-bit (false) digest size
template <bool T_128bit>
class SipHash_Info : public FixedKeyLength<16>
{
public:
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "SipHash";}
CRYPTOPP_CONSTANT(DIGESTSIZE = (T_128bit ? 16 : 8))
};
/// \brief SipHash message authentication code base class
/// \tparam C the number of compression rounds
/// \tparam D the number of finalization rounds
/// \tparam T_128bit flag indicating 128-bit (true) versus 64-bit (false) digest size
template <unsigned int C, unsigned int D, bool T_128bit>
class SipHash_Base : public MessageAuthenticationCode, public SipHash_Info<T_128bit>
{
public:
static std::string StaticAlgorithmName() {
return std::string(SipHash_Info<T_128bit>::StaticAlgorithmName())+"-"+IntToString(C)+"-"+IntToString(D);
}
virtual ~SipHash_Base() {}
SipHash_Base() : m_idx(0) {}
virtual unsigned int DigestSize() const
{return SipHash_Info<T_128bit>::DIGESTSIZE;}
virtual size_t MinKeyLength() const
{return SipHash_Info<T_128bit>::MIN_KEYLENGTH;}
virtual size_t MaxKeyLength() const
{return SipHash_Info<T_128bit>::MAX_KEYLENGTH;}
virtual size_t DefaultKeyLength() const
{return SipHash_Info<T_128bit>::DEFAULT_KEYLENGTH;}
virtual size_t GetValidKeyLength(size_t keylength) const
{CRYPTOPP_UNUSED(keylength); return SipHash_Info<T_128bit>::DEFAULT_KEYLENGTH;}
virtual IV_Requirement IVRequirement() const
{return SimpleKeyingInterface::NOT_RESYNCHRONIZABLE;}
virtual unsigned int IVSize() const
{return 0;}
virtual unsigned int OptimalBlockSize() const
{return sizeof(word64);}
virtual unsigned int OptimalDataAlignment () const
{return GetAlignmentOf<word64>();}
virtual void Update(const byte *input, size_t length);
virtual void TruncatedFinal(byte *digest, size_t digestSize);
protected:
virtual void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params);
virtual void Restart();
inline void SIPROUND()
{
m_v[0] += m_v[1];
m_v[1] = rotlConstant<13>(m_v[1]);
m_v[1] ^= m_v[0];
m_v[0] = rotlConstant<32>(m_v[0]);
m_v[2] += m_v[3];
m_v[3] = rotlConstant<16>(m_v[3]);
m_v[3] ^= m_v[2];
m_v[0] += m_v[3];
m_v[3] = rotlConstant<21>(m_v[3]);
m_v[3] ^= m_v[0];
m_v[2] += m_v[1];
m_v[1] = rotlConstant<17>(m_v[1]);
m_v[1] ^= m_v[2];
m_v[2] = rotlConstant<32>(m_v[2]);
}
private:
FixedSizeSecBlock<word64, 4> m_v;
FixedSizeSecBlock<word64, 2> m_k;
FixedSizeSecBlock<word64, 2> m_b;
// Tail bytes
FixedSizeSecBlock<byte, 8> m_acc;
size_t m_idx;
};
/// \brief SipHash message authentication code
/// \tparam C the number of compression rounds
/// \tparam D the number of finalization rounds
/// \tparam T_128bit flag indicating 128-bit (true) versus 64-bit (false) digest size
/// \details SipHash computes a 64-bit or 128-bit message authentication code from a variable-length
/// message and 128-bit secret key. It was designed to be efficient even for short inputs, with
/// performance comparable to non-cryptographic hash functions.
/// \details To create a SipHash-2-4 object with a 64-bit MAC use code similar to the following.
/// <pre> SecByteBlock key(16);
/// prng.GenerateBlock(key, key.size());
///
/// SipHash<2,4,false> hash(key, key.size());
/// hash.Update(...);
/// hash.Final(...);</pre>
/// \details To create a SipHash-2-4 object with a 128-bit MAC use code similar to the following.
/// <pre> SecByteBlock key(16);
/// prng.GenerateBlock(key, key.size());
///
/// SipHash<2,4,true> hash(key, key.size());
/// hash.Update(...);
/// hash.Final(...);</pre>
/// \sa Jean-Philippe Aumasson and Daniel J. Bernstein <A HREF="http://131002.net/siphash/siphash.pdf">SipHash:
/// a fast short-input PRF</A>
/// \since Crypto++ 6.0
template <unsigned int C=2, unsigned int D=4, bool T_128bit=false>
class SipHash : public SipHash_Base<C, D, T_128bit>
{
public:
/// \brief Create a SipHash
SipHash()
{this->UncheckedSetKey(NULLPTR, 0, g_nullNameValuePairs);}
/// \brief Create a SipHash
/// \param key a byte array used to key the cipher
/// \param length the size of the byte array, in bytes
SipHash(const byte *key, unsigned int length)
{this->UncheckedSetKey(key, length, g_nullNameValuePairs);}
};
template <unsigned int C, unsigned int D, bool T_128bit>
void SipHash_Base<C,D,T_128bit>::Update(const byte *input, size_t length)
{
CRYPTOPP_ASSERT((input && length) || !length);
if (!length) return;
if (m_idx)
{
size_t head = STDMIN(size_t(8U-m_idx), length);
memcpy(m_acc+m_idx, input, head);
m_idx += head; input += head; length -= head;
if (m_idx == 8)
{
word64 m = GetWord<word64>(true, LITTLE_ENDIAN_ORDER, m_acc);
m_v[3] ^= m;
for (unsigned int i = 0; i < C; ++i)
SIPROUND();
m_v[0] ^= m;
m_b[0] += 8;
m_idx = 0;
}
}
while (length >= 8)
{
word64 m = GetWord<word64>(false, LITTLE_ENDIAN_ORDER, input);
m_v[3] ^= m;
for (unsigned int i = 0; i < C; ++i)
SIPROUND();
m_v[0] ^= m;
m_b[0] += 8;
input += 8;
length -= 8;
}
CRYPTOPP_ASSERT(length < 8);
size_t tail = length % 8;
if (tail)
{
memcpy(m_acc+m_idx, input, tail);
m_idx += tail;
}
}
template <unsigned int C, unsigned int D, bool T_128bit>
void SipHash_Base<C,D,T_128bit>::TruncatedFinal(byte *digest, size_t digestSize)
{
CRYPTOPP_ASSERT(digest); // Pointer is valid
ThrowIfInvalidTruncatedSize(digestSize);
// The high octet holds length and is digested mod 256
m_b[0] += m_idx; m_b[0] <<= 56U;
switch (m_idx)
{
case 7:
m_b[0] |= ((word64)m_acc[6]) << 48;
// fall through
case 6:
m_b[0] |= ((word64)m_acc[5]) << 40;
// fall through
case 5:
m_b[0] |= ((word64)m_acc[4]) << 32;
// fall through
case 4:
m_b[0] |= ((word64)m_acc[3]) << 24;
// fall through
case 3:
m_b[0] |= ((word64)m_acc[2]) << 16;
// fall through
case 2:
m_b[0] |= ((word64)m_acc[1]) << 8;
// fall through
case 1:
m_b[0] |= ((word64)m_acc[0]);
// fall through
case 0:
break;
}
m_v[3] ^= m_b[0];
for (unsigned int i=0; i<C; i++)
SIPROUND();
m_v[0] ^= m_b[0];
if (T_128bit)
m_v[2] ^= 0xee;
else
m_v[2] ^= 0xff;
for (unsigned int i=0; i<D; i++)
SIPROUND();
m_b[0] = m_v[0] ^ m_v[1] ^ m_v[2] ^ m_v[3];
m_b[0] = ConditionalByteReverse(LITTLE_ENDIAN_ORDER, m_b[0]);
if (T_128bit)
{
m_v[1] ^= 0xdd;
for (unsigned int i = 0; i<D; ++i)
SIPROUND();
m_b[1] = m_v[0] ^ m_v[1] ^ m_v[2] ^ m_v[3];
m_b[1] = ConditionalByteReverse(LITTLE_ENDIAN_ORDER, m_b[1]);
}
memcpy_s(digest, digestSize, m_b.begin(), STDMIN(digestSize, (size_t)SipHash_Info<T_128bit>::DIGESTSIZE));
Restart();
}
template <unsigned int C, unsigned int D, bool T_128bit>
void SipHash_Base<C,D,T_128bit>::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
{
CRYPTOPP_UNUSED(params);
if (key && length)
{
m_k[0] = GetWord<word64>(false, LITTLE_ENDIAN_ORDER, key);
m_k[1] = GetWord<word64>(false, LITTLE_ENDIAN_ORDER, key+8);
}
else
{
// Avoid Coverity finding
m_k[0] = m_k[1] = 0;
}
Restart();
}
template <unsigned int C, unsigned int D, bool T_128bit>
void SipHash_Base<C,D,T_128bit>::Restart ()
{
m_v[0] = W64LIT(0x736f6d6570736575);
m_v[1] = W64LIT(0x646f72616e646f6d);
m_v[2] = W64LIT(0x6c7967656e657261);
m_v[3] = W64LIT(0x7465646279746573);
m_v[3] ^= m_k[1];
m_v[2] ^= m_k[0];
m_v[1] ^= m_k[1];
m_v[0] ^= m_k[0];
if (T_128bit)
{
m_v[1] ^= 0xee;
}
m_idx = 0;
m_b[0] = 0;
}
NAMESPACE_END
#endif // CRYPTOPP_SIPHASH_H

510
Common/3dParty/cryptopp/sm3.cpp
View File

@ -1,255 +1,255 @@
// sm3.cpp - written and placed in the public domain by Jeffrey Walton and Han Lulu
// Based on the specification provided by Sean Shen and Xiaodong Lee.
// Based on code by Krzysztof Kwiatkowski and Jack Lloyd.
// Also see https://tools.ietf.org/html/draft-shen-sm3-hash.
//
// We understand future ARMv8 enhancements are supposed
// to include SM3 and SM4 related instructions so the function
// is stubbed for an eventual SM3_HashMultipleBlocks_ARMV8.
#include "pch.h"
#include "config.h"
#include "sm3.h"
#include "misc.h"
#include "cpu.h"
ANONYMOUS_NAMESPACE_BEGIN
using CryptoPP::byte;
using CryptoPP::word32;
using CryptoPP::rotlConstant;
using CryptoPP::SM3;
using CryptoPP::GetBlock;
using CryptoPP::BigEndian;
inline word32 P0(word32 X)
{
return X ^ rotlConstant<9>(X) ^ rotlConstant<17>(X);
}
inline word32 P1(word32 X)
{
return X ^ rotlConstant<15>(X) ^ rotlConstant<23>(X);
}
inline word32 EE(word32 W0, word32 W7, word32 W13, word32 W3, word32 W10)
{
return P1(W0 ^ W7 ^ rotlConstant<15>(W13)) ^ rotlConstant<7>(W3) ^ W10;
}
inline word32 FF(word32 X, word32 Y, word32 Z)
{
return (X & Y) | ((X | Y) & Z);
}
inline word32 GG(word32 X, word32 Y, word32 Z)
{
return ((Z ^ (X & (Y ^ Z))));
}
inline void R1(word32 A, word32& B, word32 C, word32& D, word32 E, word32& F,
word32 G, word32& H, word32 TJ, word32 Wi, word32 Wj)
{
const word32 A12 = rotlConstant<12>(A);
const word32 TT0 = rotlConstant<7>(A12 + E + TJ);
const word32 TT1 = (A ^ B ^ C) + D + (TT0 ^ A12) + Wj;
const word32 TT2 = (E ^ F ^ G) + H + TT0 + Wi;
B = rotlConstant<9>(B); D = TT1;
F = rotlConstant<19>(F); H = P0(TT2);
}
inline void R2(word32 A, word32& B, word32 C, word32& D, word32 E, word32& F,
word32 G, word32& H, word32 TJ, word32 Wi, word32 Wj)
{
const word32 A12 = rotlConstant<12>(A);
const word32 TT0 = rotlConstant<7>(A12 + E + TJ);
const word32 TT1 = FF(A, B, C) + D + (TT0 ^ A12) + Wj;
const word32 TT2 = GG(E, F, G) + H + TT0 + Wi;
B = rotlConstant<9>(B); D = TT1;
F = rotlConstant<19>(F); H = P0(TT2);
}
// Krzysztof Kwiatkowski did a very nice job with this function.
size_t SM3_HashMultipleBlocks_CXX(word32 *state, const word32 *data, size_t length)
{
CRYPTOPP_ASSERT(data);
word32 A = state[0], B = state[1], C = state[2], D = state[3];
word32 E = state[4], F = state[5], G = state[6], H = state[7];
while (length >= SM3::BLOCKSIZE)
{
// Reverse bytes on LittleEndian; align pointer on BigEndian
typedef GetBlock<word32, BigEndian, false> InBlock;
InBlock iblk(data);
word32 W00, W01, W02, W03, W04, W05, W06, W07, W08, W09, W10, W11, W12, W13, W14, W15;
iblk(W00)(W01)(W02)(W03)(W04)(W05)(W06)(W07)(W08)(W09)(W10)(W11)(W12)(W13)(W14)(W15);
R1(A, B, C, D, E, F, G, H, 0x79CC4519, W00, W00 ^ W04);
W00 = EE(W00, W07, W13, W03, W10);
R1(D, A, B, C, H, E, F, G, 0xF3988A32, W01, W01 ^ W05);
W01 = EE(W01, W08, W14, W04, W11);
R1(C, D, A, B, G, H, E, F, 0xE7311465, W02, W02 ^ W06);
W02 = EE(W02, W09, W15, W05, W12);
R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W03, W03 ^ W07);
W03 = EE(W03, W10, W00, W06, W13);
R1(A, B, C, D, E, F, G, H, 0x9CC45197, W04, W04 ^ W08);
W04 = EE(W04, W11, W01, W07, W14);
R1(D, A, B, C, H, E, F, G, 0x3988A32F, W05, W05 ^ W09);
W05 = EE(W05, W12, W02, W08, W15);
R1(C, D, A, B, G, H, E, F, 0x7311465E, W06, W06 ^ W10);
W06 = EE(W06, W13, W03, W09, W00);
R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W07, W07 ^ W11);
W07 = EE(W07, W14, W04, W10, W01);
R1(A, B, C, D, E, F, G, H, 0xCC451979, W08, W08 ^ W12);
W08 = EE(W08, W15, W05, W11, W02);
R1(D, A, B, C, H, E, F, G, 0x988A32F3, W09, W09 ^ W13);
W09 = EE(W09, W00, W06, W12, W03);
R1(C, D, A, B, G, H, E, F, 0x311465E7, W10, W10 ^ W14);
W10 = EE(W10, W01, W07, W13, W04);
R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W11, W11 ^ W15);
W11 = EE(W11, W02, W08, W14, W05);
R1(A, B, C, D, E, F, G, H, 0xC451979C, W12, W12 ^ W00);
W12 = EE(W12, W03, W09, W15, W06);
R1(D, A, B, C, H, E, F, G, 0x88A32F39, W13, W13 ^ W01);
W13 = EE(W13, W04, W10, W00, W07);
R1(C, D, A, B, G, H, E, F, 0x11465E73, W14, W14 ^ W02);
W14 = EE(W14, W05, W11, W01, W08);
R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W15, W15 ^ W03);
W15 = EE(W15, W06, W12, W02, W09);
R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
W00 = EE(W00, W07, W13, W03, W10);
R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
W01 = EE(W01, W08, W14, W04, W11);
R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
W02 = EE(W02, W09, W15, W05, W12);
R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
W03 = EE(W03, W10, W00, W06, W13);
R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
W04 = EE(W04, W11, W01, W07, W14);
R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
W05 = EE(W05, W12, W02, W08, W15);
R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
W06 = EE(W06, W13, W03, W09, W00);
R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
W07 = EE(W07, W14, W04, W10, W01);
R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
W08 = EE(W08, W15, W05, W11, W02);
R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
W09 = EE(W09, W00, W06, W12, W03);
R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
W10 = EE(W10, W01, W07, W13, W04);
R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
W11 = EE(W11, W02, W08, W14, W05);
R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
W12 = EE(W12, W03, W09, W15, W06);
R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
W13 = EE(W13, W04, W10, W00, W07);
R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
W14 = EE(W14, W05, W11, W01, W08);
R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
W15 = EE(W15, W06, W12, W02, W09);
R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W00, W00 ^ W04);
W00 = EE(W00, W07, W13, W03, W10);
R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W01, W01 ^ W05);
W01 = EE(W01, W08, W14, W04, W11);
R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W02, W02 ^ W06);
W02 = EE(W02, W09, W15, W05, W12);
R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W03, W03 ^ W07);
W03 = EE(W03, W10, W00, W06, W13);
R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W04, W04 ^ W08);
W04 = EE(W04, W11, W01, W07, W14);
R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W05, W05 ^ W09);
W05 = EE(W05, W12, W02, W08, W15);
R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W06, W06 ^ W10);
W06 = EE(W06, W13, W03, W09, W00);
R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W07, W07 ^ W11);
W07 = EE(W07, W14, W04, W10, W01);
R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W08, W08 ^ W12);
W08 = EE(W08, W15, W05, W11, W02);
R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W09, W09 ^ W13);
W09 = EE(W09, W00, W06, W12, W03);
R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W10, W10 ^ W14);
W10 = EE(W10, W01, W07, W13, W04);
R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W11, W11 ^ W15);
W11 = EE(W11, W02, W08, W14, W05);
R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W12, W12 ^ W00);
W12 = EE(W12, W03, W09, W15, W06);
R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W13, W13 ^ W01);
W13 = EE(W13, W04, W10, W00, W07);
R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W14, W14 ^ W02);
W14 = EE(W14, W05, W11, W01, W08);
R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W15, W15 ^ W03);
W15 = EE(W15, W06, W12, W02, W09);
R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
W00 = EE(W00, W07, W13, W03, W10);
R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
W01 = EE(W01, W08, W14, W04, W11);
R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
W02 = EE(W02, W09, W15, W05, W12);
R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
W03 = EE(W03, W10, W00, W06, W13);
R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
A = (state[0] ^= A);
B = (state[1] ^= B);
C = (state[2] ^= C);
D = (state[3] ^= D);
E = (state[4] ^= E);
F = (state[5] ^= F);
G = (state[6] ^= G);
H = (state[7] ^= H);
data += SM3::BLOCKSIZE/sizeof(word32);
length -= SM3::BLOCKSIZE;
}
return length;
}
ANONYMOUS_NAMESPACE_END
NAMESPACE_BEGIN(CryptoPP)
void SM3::InitState(HashWordType *state)
{
const word32 s[] = {
0x7380166f, 0x4914b2b9, 0x172442d7, 0xda8a0600,
0xa96f30bc, 0x163138aa, 0xe38dee4d, 0xb0fb0e4e
};
std::memcpy(state, s, sizeof(s));
}
void SM3::Transform(word32 *state, const word32 *data)
{
CRYPTOPP_ASSERT(state);
CRYPTOPP_ASSERT(data);
SM3_HashMultipleBlocks_CXX(state, data, SM3::BLOCKSIZE);
}
size_t SM3::HashMultipleBlocks(const HashWordType *input, size_t length)
{
const size_t res = length & (SM3::BLOCKSIZE - 1);
SM3_HashMultipleBlocks_CXX(m_state, input, length-res);
return res;
}
NAMESPACE_END
// sm3.cpp - written and placed in the public domain by Jeffrey Walton and Han Lulu
// Based on the specification provided by Sean Shen and Xiaodong Lee.
// Based on code by Krzysztof Kwiatkowski and Jack Lloyd.
// Also see https://tools.ietf.org/html/draft-shen-sm3-hash.
//
// We understand future ARMv8 enhancements are supposed
// to include SM3 and SM4 related instructions so the function
// is stubbed for an eventual SM3_HashMultipleBlocks_ARMV8.
#include "pch.h"
#include "config.h"
#include "sm3.h"
#include "misc.h"
#include "cpu.h"
ANONYMOUS_NAMESPACE_BEGIN
using CryptoPP::byte;
using CryptoPP::word32;
using CryptoPP::rotlConstant;
using CryptoPP::SM3;
using CryptoPP::GetBlock;
using CryptoPP::BigEndian;
inline word32 P0(word32 X)
{
return X ^ rotlConstant<9>(X) ^ rotlConstant<17>(X);
}
inline word32 P1(word32 X)
{
return X ^ rotlConstant<15>(X) ^ rotlConstant<23>(X);
}
inline word32 EE(word32 W0, word32 W7, word32 W13, word32 W3, word32 W10)
{
return P1(W0 ^ W7 ^ rotlConstant<15>(W13)) ^ rotlConstant<7>(W3) ^ W10;
}
inline word32 FF(word32 X, word32 Y, word32 Z)
{
return (X & Y) | ((X | Y) & Z);
}
inline word32 GG(word32 X, word32 Y, word32 Z)
{
return ((Z ^ (X & (Y ^ Z))));
}
inline void R1(word32 A, word32& B, word32 C, word32& D, word32 E, word32& F,
word32 G, word32& H, word32 TJ, word32 Wi, word32 Wj)
{
const word32 A12 = rotlConstant<12>(A);
const word32 TT0 = rotlConstant<7>(A12 + E + TJ);
const word32 TT1 = (A ^ B ^ C) + D + (TT0 ^ A12) + Wj;
const word32 TT2 = (E ^ F ^ G) + H + TT0 + Wi;
B = rotlConstant<9>(B); D = TT1;
F = rotlConstant<19>(F); H = P0(TT2);
}
inline void R2(word32 A, word32& B, word32 C, word32& D, word32 E, word32& F,
word32 G, word32& H, word32 TJ, word32 Wi, word32 Wj)
{
const word32 A12 = rotlConstant<12>(A);
const word32 TT0 = rotlConstant<7>(A12 + E + TJ);
const word32 TT1 = FF(A, B, C) + D + (TT0 ^ A12) + Wj;
const word32 TT2 = GG(E, F, G) + H + TT0 + Wi;
B = rotlConstant<9>(B); D = TT1;
F = rotlConstant<19>(F); H = P0(TT2);
}
// Krzysztof Kwiatkowski did a very nice job with this function.
size_t SM3_HashMultipleBlocks_CXX(word32 *state, const word32 *data, size_t length)
{
CRYPTOPP_ASSERT(data);
word32 A = state[0], B = state[1], C = state[2], D = state[3];
word32 E = state[4], F = state[5], G = state[6], H = state[7];
while (length >= SM3::BLOCKSIZE)
{
// Reverse bytes on LittleEndian; align pointer on BigEndian
typedef GetBlock<word32, BigEndian, false> InBlock;
InBlock iblk(data);
word32 W00, W01, W02, W03, W04, W05, W06, W07, W08, W09, W10, W11, W12, W13, W14, W15;
iblk(W00)(W01)(W02)(W03)(W04)(W05)(W06)(W07)(W08)(W09)(W10)(W11)(W12)(W13)(W14)(W15);
R1(A, B, C, D, E, F, G, H, 0x79CC4519, W00, W00 ^ W04);
W00 = EE(W00, W07, W13, W03, W10);
R1(D, A, B, C, H, E, F, G, 0xF3988A32, W01, W01 ^ W05);
W01 = EE(W01, W08, W14, W04, W11);
R1(C, D, A, B, G, H, E, F, 0xE7311465, W02, W02 ^ W06);
W02 = EE(W02, W09, W15, W05, W12);
R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W03, W03 ^ W07);
W03 = EE(W03, W10, W00, W06, W13);
R1(A, B, C, D, E, F, G, H, 0x9CC45197, W04, W04 ^ W08);
W04 = EE(W04, W11, W01, W07, W14);
R1(D, A, B, C, H, E, F, G, 0x3988A32F, W05, W05 ^ W09);
W05 = EE(W05, W12, W02, W08, W15);
R1(C, D, A, B, G, H, E, F, 0x7311465E, W06, W06 ^ W10);
W06 = EE(W06, W13, W03, W09, W00);
R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W07, W07 ^ W11);
W07 = EE(W07, W14, W04, W10, W01);
R1(A, B, C, D, E, F, G, H, 0xCC451979, W08, W08 ^ W12);
W08 = EE(W08, W15, W05, W11, W02);
R1(D, A, B, C, H, E, F, G, 0x988A32F3, W09, W09 ^ W13);
W09 = EE(W09, W00, W06, W12, W03);
R1(C, D, A, B, G, H, E, F, 0x311465E7, W10, W10 ^ W14);
W10 = EE(W10, W01, W07, W13, W04);
R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W11, W11 ^ W15);
W11 = EE(W11, W02, W08, W14, W05);
R1(A, B, C, D, E, F, G, H, 0xC451979C, W12, W12 ^ W00);
W12 = EE(W12, W03, W09, W15, W06);
R1(D, A, B, C, H, E, F, G, 0x88A32F39, W13, W13 ^ W01);
W13 = EE(W13, W04, W10, W00, W07);
R1(C, D, A, B, G, H, E, F, 0x11465E73, W14, W14 ^ W02);
W14 = EE(W14, W05, W11, W01, W08);
R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W15, W15 ^ W03);
W15 = EE(W15, W06, W12, W02, W09);
R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
W00 = EE(W00, W07, W13, W03, W10);
R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
W01 = EE(W01, W08, W14, W04, W11);
R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
W02 = EE(W02, W09, W15, W05, W12);
R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
W03 = EE(W03, W10, W00, W06, W13);
R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
W04 = EE(W04, W11, W01, W07, W14);
R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
W05 = EE(W05, W12, W02, W08, W15);
R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
W06 = EE(W06, W13, W03, W09, W00);
R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
W07 = EE(W07, W14, W04, W10, W01);
R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
W08 = EE(W08, W15, W05, W11, W02);
R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
W09 = EE(W09, W00, W06, W12, W03);
R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
W10 = EE(W10, W01, W07, W13, W04);
R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
W11 = EE(W11, W02, W08, W14, W05);
R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
W12 = EE(W12, W03, W09, W15, W06);
R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
W13 = EE(W13, W04, W10, W00, W07);
R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
W14 = EE(W14, W05, W11, W01, W08);
R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
W15 = EE(W15, W06, W12, W02, W09);
R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W00, W00 ^ W04);
W00 = EE(W00, W07, W13, W03, W10);
R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W01, W01 ^ W05);
W01 = EE(W01, W08, W14, W04, W11);
R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W02, W02 ^ W06);
W02 = EE(W02, W09, W15, W05, W12);
R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W03, W03 ^ W07);
W03 = EE(W03, W10, W00, W06, W13);
R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W04, W04 ^ W08);
W04 = EE(W04, W11, W01, W07, W14);
R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W05, W05 ^ W09);
W05 = EE(W05, W12, W02, W08, W15);
R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W06, W06 ^ W10);
W06 = EE(W06, W13, W03, W09, W00);
R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W07, W07 ^ W11);
W07 = EE(W07, W14, W04, W10, W01);
R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W08, W08 ^ W12);
W08 = EE(W08, W15, W05, W11, W02);
R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W09, W09 ^ W13);
W09 = EE(W09, W00, W06, W12, W03);
R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W10, W10 ^ W14);
W10 = EE(W10, W01, W07, W13, W04);
R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W11, W11 ^ W15);
W11 = EE(W11, W02, W08, W14, W05);
R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W12, W12 ^ W00);
W12 = EE(W12, W03, W09, W15, W06);
R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W13, W13 ^ W01);
W13 = EE(W13, W04, W10, W00, W07);
R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W14, W14 ^ W02);
W14 = EE(W14, W05, W11, W01, W08);
R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W15, W15 ^ W03);
W15 = EE(W15, W06, W12, W02, W09);
R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
W00 = EE(W00, W07, W13, W03, W10);
R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
W01 = EE(W01, W08, W14, W04, W11);
R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
W02 = EE(W02, W09, W15, W05, W12);
R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
W03 = EE(W03, W10, W00, W06, W13);
R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
A = (state[0] ^= A);
B = (state[1] ^= B);
C = (state[2] ^= C);
D = (state[3] ^= D);
E = (state[4] ^= E);
F = (state[5] ^= F);
G = (state[6] ^= G);
H = (state[7] ^= H);
data += SM3::BLOCKSIZE/sizeof(word32);
length -= SM3::BLOCKSIZE;
}
return length;
}
ANONYMOUS_NAMESPACE_END
NAMESPACE_BEGIN(CryptoPP)
void SM3::InitState(HashWordType *state)
{
const word32 s[] = {
0x7380166f, 0x4914b2b9, 0x172442d7, 0xda8a0600,
0xa96f30bc, 0x163138aa, 0xe38dee4d, 0xb0fb0e4e
};
std::memcpy(state, s, sizeof(s));
}
void SM3::Transform(word32 *state, const word32 *data)
{
CRYPTOPP_ASSERT(state);
CRYPTOPP_ASSERT(data);
SM3_HashMultipleBlocks_CXX(state, data, SM3::BLOCKSIZE);
}
size_t SM3::HashMultipleBlocks(const HashWordType *input, size_t length)
{
const size_t res = length & (SM3::BLOCKSIZE - 1);
SM3_HashMultipleBlocks_CXX(m_state, input, length-res);
return res;
}
NAMESPACE_END

122
Common/3dParty/cryptopp/sm3.h
View File

@ -1,61 +1,61 @@
// sm3.h - written and placed in the public domain by Jeffrey Walton and Han Lulu
// Based on the specification provided by Sean Shen and Xiaodong Lee.
// Based on code by Krzysztof Kwiatkowski and Jack Lloyd.
// Also see https://tools.ietf.org/html/draft-shen-sm3-hash.
/// \file sm3.h
/// \brief Classes for the SM3 hash function
/// \details SM3 is a hash function designed by Xiaoyun Wang, et al. The hash is part of the
/// Chinese State Cryptography Administration portfolio.
/// \sa <A HREF="https://tools.ietf.org/html/draft-shen-sm3-hash">SM3 Hash Function</A> and
/// <A HREF="http://github.com/guanzhi/GmSSL">Reference implementation using OpenSSL</A>.
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_SM3_H
#define CRYPTOPP_SM3_H
#include "config.h"
#include "iterhash.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief SM3 hash function
/// \details SM3 is a hash function designed by Xiaoyun Wang, et al. The hash is part of the
/// Chinese State Cryptography Administration portfolio.
/// \sa <A HREF="https://tools.ietf.org/html/draft-shen-sm3-hash">SM3 Hash Function</A>
/// \since Crypto++ 6.0
class SM3 : public IteratedHashWithStaticTransform<word32, BigEndian, 64, 32, SM3, 32, true>
{
public:
/// \brief Initialize state array
/// \param state the state of the hash
/// \details InitState sets a state array to SHA256 initial values
/// \details Hashes which derive from IteratedHashWithStaticTransform provide static
/// member functions InitState() and Transform(). External classes, like SEAL and MDC,
/// can initialize state with a user provided key and operate the hash on the data
/// with the user supplied state.
static void InitState(HashWordType *state);
/// \brief Operate the hash
/// \param digest the state of the hash
/// \param data the data to be digested
/// \details Transform() operates the hash on <tt>data</tt>. When the call is invoked
/// <tt>digest</tt> holds initial or current state. Upon return <tt>digest</tt> holds
/// the hash or updated state.
/// \details Hashes which derive from IteratedHashWithStaticTransform provide static
/// member functions InitState() and Transform(). External classes, like SEAL and MDC,
/// can initialize state with a user provided key and operate the hash on the data
/// with the user supplied state.
static void Transform(HashWordType *digest, const HashWordType *data);
/// \brief The algorithm name
/// \returns C-style string "SM3"
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "SM3"; }
protected:
size_t HashMultipleBlocks(const HashWordType *input, size_t length);
};
NAMESPACE_END
#endif // CRYPTOPP_SM3_H
// sm3.h - written and placed in the public domain by Jeffrey Walton and Han Lulu
// Based on the specification provided by Sean Shen and Xiaodong Lee.
// Based on code by Krzysztof Kwiatkowski and Jack Lloyd.
// Also see https://tools.ietf.org/html/draft-shen-sm3-hash.
/// \file sm3.h
/// \brief Classes for the SM3 hash function
/// \details SM3 is a hash function designed by Xiaoyun Wang, et al. The hash is part of the
/// Chinese State Cryptography Administration portfolio.
/// \sa <A HREF="https://tools.ietf.org/html/draft-shen-sm3-hash">SM3 Hash Function</A> and
/// <A HREF="http://github.com/guanzhi/GmSSL">Reference implementation using OpenSSL</A>.
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_SM3_H
#define CRYPTOPP_SM3_H
#include "config.h"
#include "iterhash.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief SM3 hash function
/// \details SM3 is a hash function designed by Xiaoyun Wang, et al. The hash is part of the
/// Chinese State Cryptography Administration portfolio.
/// \sa <A HREF="https://tools.ietf.org/html/draft-shen-sm3-hash">SM3 Hash Function</A>
/// \since Crypto++ 6.0
class SM3 : public IteratedHashWithStaticTransform<word32, BigEndian, 64, 32, SM3, 32, true>
{
public:
/// \brief Initialize state array
/// \param state the state of the hash
/// \details InitState sets a state array to SHA256 initial values
/// \details Hashes which derive from IteratedHashWithStaticTransform provide static
/// member functions InitState() and Transform(). External classes, like SEAL and MDC,
/// can initialize state with a user provided key and operate the hash on the data
/// with the user supplied state.
static void InitState(HashWordType *state);
/// \brief Operate the hash
/// \param digest the state of the hash
/// \param data the data to be digested
/// \details Transform() operates the hash on <tt>data</tt>. When the call is invoked
/// <tt>digest</tt> holds initial or current state. Upon return <tt>digest</tt> holds
/// the hash or updated state.
/// \details Hashes which derive from IteratedHashWithStaticTransform provide static
/// member functions InitState() and Transform(). External classes, like SEAL and MDC,
/// can initialize state with a user provided key and operate the hash on the data
/// with the user supplied state.
static void Transform(HashWordType *digest, const HashWordType *data);
/// \brief The algorithm name
/// \returns C-style string "SM3"
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "SM3"; }
protected:
size_t HashMultipleBlocks(const HashWordType *input, size_t length);
};
NAMESPACE_END
#endif // CRYPTOPP_SM3_H

354
Common/3dParty/cryptopp/sm4.cpp
View File

@ -1,177 +1,177 @@
// sm4.cpp - written and placed in the public domain by Jeffrey Walton and Han Lulu
//
// We understand future ARMv8 enhancements are supposed
// to include SM3 and SM4 related instructions so the function
// is stubbed for an eventual SM4_Round_ARMV8.
#include "pch.h"
#include "config.h"
#include "sm4.h"
#include "misc.h"
#include "cpu.h"
ANONYMOUS_NAMESPACE_BEGIN
using CryptoPP::byte;
using CryptoPP::word32;
using CryptoPP::rotlConstant;
const byte S[256] =
{
0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, 0x28, 0xFB, 0x2C, 0x05,
0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3, 0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99,
0x9C, 0x42, 0x50, 0xF4, 0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62,
0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA, 0x75, 0x8F, 0x3F, 0xA6,
0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA, 0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8,
0x68, 0x6B, 0x81, 0xB2, 0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35,
0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B, 0x01, 0x21, 0x78, 0x87,
0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52, 0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E,
0xEA, 0xBF, 0x8A, 0xD2, 0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1,
0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30, 0xF5, 0x8C, 0xB1, 0xE3,
0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60, 0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F,
0xD5, 0xDB, 0x37, 0x45, 0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51,
0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41, 0x1F, 0x10, 0x5A, 0xD8,
0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD, 0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0,
0x89, 0x69, 0x97, 0x4A, 0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84,
0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E, 0xD7, 0xCB, 0x39, 0x48
};
const word32 CK[32] =
{
0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269,
0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9,
0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249,
0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9,
0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229,
0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299,
0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209,
0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279
};
inline word32 SM4_H(word32 x)
{
return (S[GETBYTE(x, 3)] << 24) | (S[GETBYTE(x, 2)] << 16) | (S[GETBYTE(x, 1)] << 8) | (S[GETBYTE(x, 0)]);
}
inline word32 SM4_G(word32 x)
{
const word32 t = SM4_H(x);
return t ^ rotlConstant<13>(t) ^ rotlConstant<23>(t);
}
inline word32 SM4_F(word32 x)
{
const word32 t = SM4_H(x);
return t ^ rotlConstant<2>(t) ^ rotlConstant<10>(t) ^ rotlConstant<18>(t) ^ rotlConstant<24>(t);
}
template <unsigned int R, bool FWD>
inline void SM4_Round(word32 wspace[4], const word32 rkeys[32])
{
if (FWD)
{
wspace[0] ^= SM4_F(wspace[1] ^ wspace[2] ^ wspace[3] ^ rkeys[R+0]);
wspace[1] ^= SM4_F(wspace[0] ^ wspace[2] ^ wspace[3] ^ rkeys[R+1]);
wspace[2] ^= SM4_F(wspace[0] ^ wspace[1] ^ wspace[3] ^ rkeys[R+2]);
wspace[3] ^= SM4_F(wspace[0] ^ wspace[1] ^ wspace[2] ^ rkeys[R+3]);
}
else
{
wspace[0] ^= SM4_F(wspace[1] ^ wspace[2] ^ wspace[3] ^ rkeys[R-0]);
wspace[1] ^= SM4_F(wspace[0] ^ wspace[2] ^ wspace[3] ^ rkeys[R-1]);
wspace[2] ^= SM4_F(wspace[0] ^ wspace[1] ^ wspace[3] ^ rkeys[R-2]);
wspace[3] ^= SM4_F(wspace[0] ^ wspace[1] ^ wspace[2] ^ rkeys[R-3]);
}
}
ANONYMOUS_NAMESPACE_END
NAMESPACE_BEGIN(CryptoPP)
void SM4::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params)
{
CRYPTOPP_ASSERT(keyLength == 16);
CRYPTOPP_UNUSED(params);
m_rkeys.New(32);
m_wspace.New(5);
GetUserKey(BIG_ENDIAN_ORDER, m_wspace.begin(), 4, userKey, keyLength);
m_wspace[0] ^= 0xa3b1bac6; m_wspace[1] ^= 0x56aa3350;
m_wspace[2] ^= 0x677d9197; m_wspace[3] ^= 0xb27022dc;
size_t i=0;
do
{
m_rkeys[i] = (m_wspace[0] ^= SM4_G(m_wspace[1] ^ m_wspace[2] ^ m_wspace[3] ^ CK[i])); i++;
m_rkeys[i] = (m_wspace[1] ^= SM4_G(m_wspace[2] ^ m_wspace[3] ^ m_wspace[0] ^ CK[i])); i++;
m_rkeys[i] = (m_wspace[2] ^= SM4_G(m_wspace[3] ^ m_wspace[0] ^ m_wspace[1] ^ CK[i])); i++;
m_rkeys[i] = (m_wspace[3] ^= SM4_G(m_wspace[0] ^ m_wspace[1] ^ m_wspace[2] ^ CK[i])); i++;
}
while (i < 32);
}
void SM4::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Reverse bytes on LittleEndian; align pointer on BigEndian
typedef GetBlock<word32, BigEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[0])(m_wspace[1])(m_wspace[2])(m_wspace[3]);
// Timing attack countermeasure, see comments in Rijndael for more details.
// The hardening does not materially affect benchmarks. SM4 runs at
// 30.5 cpb on a Core i5 Skylake with and without the code below.
const int cacheLineSize = GetCacheLineSize();
volatile word32 _u = 0;
word32 u = _u;
for (unsigned int i=0; i<sizeof(S); i+=cacheLineSize)
u |= *(const word32 *)(void*)(S+i);
m_wspace[4] = u;
SM4_Round< 0, true>(m_wspace, m_rkeys);
SM4_Round< 4, true>(m_wspace, m_rkeys);
SM4_Round< 8, true>(m_wspace, m_rkeys);
SM4_Round<12, true>(m_wspace, m_rkeys);
SM4_Round<16, true>(m_wspace, m_rkeys);
SM4_Round<20, true>(m_wspace, m_rkeys);
SM4_Round<24, true>(m_wspace, m_rkeys);
SM4_Round<28, true>(m_wspace, m_rkeys);
// Reverse bytes on LittleEndian; align pointer on BigEndian
typedef PutBlock<word32, BigEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]);
}
void SM4::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Reverse bytes on LittleEndian; align pointer on BigEndian
typedef GetBlock<word32, BigEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[0])(m_wspace[1])(m_wspace[2])(m_wspace[3]);
// Timing attack countermeasure, see comments in Rijndael for more details.
// The hardening does not materially affect benchmarks. SM4 runs at
// 30.5 cpb on a Core i5 Skylake with and without the code below.
const int cacheLineSize = GetCacheLineSize();
volatile word32 _u = 0;
word32 u = _u;
for (unsigned int i=0; i<sizeof(S); i+=cacheLineSize)
u |= *(const word32 *)(void*)(S+i);
m_wspace[4] = u;
SM4_Round<31, false>(m_wspace, m_rkeys);
SM4_Round<27, false>(m_wspace, m_rkeys);
SM4_Round<23, false>(m_wspace, m_rkeys);
SM4_Round<19, false>(m_wspace, m_rkeys);
SM4_Round<15, false>(m_wspace, m_rkeys);
SM4_Round<11, false>(m_wspace, m_rkeys);
SM4_Round< 7, false>(m_wspace, m_rkeys);
SM4_Round< 3, false>(m_wspace, m_rkeys);
// Reverse bytes on LittleEndian; align pointer on BigEndian
typedef PutBlock<word32, BigEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]);
}
NAMESPACE_END
// sm4.cpp - written and placed in the public domain by Jeffrey Walton and Han Lulu
//
// We understand future ARMv8 enhancements are supposed
// to include SM3 and SM4 related instructions so the function
// is stubbed for an eventual SM4_Round_ARMV8.
#include "pch.h"
#include "config.h"
#include "sm4.h"
#include "misc.h"
#include "cpu.h"
ANONYMOUS_NAMESPACE_BEGIN
using CryptoPP::byte;
using CryptoPP::word32;
using CryptoPP::rotlConstant;
const byte S[256] =
{
0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, 0x28, 0xFB, 0x2C, 0x05,
0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3, 0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99,
0x9C, 0x42, 0x50, 0xF4, 0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62,
0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA, 0x75, 0x8F, 0x3F, 0xA6,
0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA, 0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8,
0x68, 0x6B, 0x81, 0xB2, 0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35,
0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B, 0x01, 0x21, 0x78, 0x87,
0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52, 0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E,
0xEA, 0xBF, 0x8A, 0xD2, 0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1,
0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30, 0xF5, 0x8C, 0xB1, 0xE3,
0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60, 0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F,
0xD5, 0xDB, 0x37, 0x45, 0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51,
0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41, 0x1F, 0x10, 0x5A, 0xD8,
0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD, 0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0,
0x89, 0x69, 0x97, 0x4A, 0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84,
0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E, 0xD7, 0xCB, 0x39, 0x48
};
const word32 CK[32] =
{
0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269,
0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9,
0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249,
0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9,
0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229,
0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299,
0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209,
0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279
};
inline word32 SM4_H(word32 x)
{
return (S[GETBYTE(x, 3)] << 24) | (S[GETBYTE(x, 2)] << 16) | (S[GETBYTE(x, 1)] << 8) | (S[GETBYTE(x, 0)]);
}
inline word32 SM4_G(word32 x)
{
const word32 t = SM4_H(x);
return t ^ rotlConstant<13>(t) ^ rotlConstant<23>(t);
}
inline word32 SM4_F(word32 x)
{
const word32 t = SM4_H(x);
return t ^ rotlConstant<2>(t) ^ rotlConstant<10>(t) ^ rotlConstant<18>(t) ^ rotlConstant<24>(t);
}
template <unsigned int R, bool FWD>
inline void SM4_Round(word32 wspace[4], const word32 rkeys[32])
{
if (FWD)
{
wspace[0] ^= SM4_F(wspace[1] ^ wspace[2] ^ wspace[3] ^ rkeys[R+0]);
wspace[1] ^= SM4_F(wspace[0] ^ wspace[2] ^ wspace[3] ^ rkeys[R+1]);
wspace[2] ^= SM4_F(wspace[0] ^ wspace[1] ^ wspace[3] ^ rkeys[R+2]);
wspace[3] ^= SM4_F(wspace[0] ^ wspace[1] ^ wspace[2] ^ rkeys[R+3]);
}
else
{
wspace[0] ^= SM4_F(wspace[1] ^ wspace[2] ^ wspace[3] ^ rkeys[R-0]);
wspace[1] ^= SM4_F(wspace[0] ^ wspace[2] ^ wspace[3] ^ rkeys[R-1]);
wspace[2] ^= SM4_F(wspace[0] ^ wspace[1] ^ wspace[3] ^ rkeys[R-2]);
wspace[3] ^= SM4_F(wspace[0] ^ wspace[1] ^ wspace[2] ^ rkeys[R-3]);
}
}
ANONYMOUS_NAMESPACE_END
NAMESPACE_BEGIN(CryptoPP)
void SM4::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params)
{
CRYPTOPP_ASSERT(keyLength == 16);
CRYPTOPP_UNUSED(params);
m_rkeys.New(32);
m_wspace.New(5);
GetUserKey(BIG_ENDIAN_ORDER, m_wspace.begin(), 4, userKey, keyLength);
m_wspace[0] ^= 0xa3b1bac6; m_wspace[1] ^= 0x56aa3350;
m_wspace[2] ^= 0x677d9197; m_wspace[3] ^= 0xb27022dc;
size_t i=0;
do
{
m_rkeys[i] = (m_wspace[0] ^= SM4_G(m_wspace[1] ^ m_wspace[2] ^ m_wspace[3] ^ CK[i])); i++;
m_rkeys[i] = (m_wspace[1] ^= SM4_G(m_wspace[2] ^ m_wspace[3] ^ m_wspace[0] ^ CK[i])); i++;
m_rkeys[i] = (m_wspace[2] ^= SM4_G(m_wspace[3] ^ m_wspace[0] ^ m_wspace[1] ^ CK[i])); i++;
m_rkeys[i] = (m_wspace[3] ^= SM4_G(m_wspace[0] ^ m_wspace[1] ^ m_wspace[2] ^ CK[i])); i++;
}
while (i < 32);
}
void SM4::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Reverse bytes on LittleEndian; align pointer on BigEndian
typedef GetBlock<word32, BigEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[0])(m_wspace[1])(m_wspace[2])(m_wspace[3]);
// Timing attack countermeasure, see comments in Rijndael for more details.
// The hardening does not materially affect benchmarks. SM4 runs at
// 30.5 cpb on a Core i5 Skylake with and without the code below.
const int cacheLineSize = GetCacheLineSize();
volatile word32 _u = 0;
word32 u = _u;
for (unsigned int i=0; i<sizeof(S); i+=cacheLineSize)
u |= *(const word32 *)(void*)(S+i);
m_wspace[4] = u;
SM4_Round< 0, true>(m_wspace, m_rkeys);
SM4_Round< 4, true>(m_wspace, m_rkeys);
SM4_Round< 8, true>(m_wspace, m_rkeys);
SM4_Round<12, true>(m_wspace, m_rkeys);
SM4_Round<16, true>(m_wspace, m_rkeys);
SM4_Round<20, true>(m_wspace, m_rkeys);
SM4_Round<24, true>(m_wspace, m_rkeys);
SM4_Round<28, true>(m_wspace, m_rkeys);
// Reverse bytes on LittleEndian; align pointer on BigEndian
typedef PutBlock<word32, BigEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]);
}
void SM4::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Reverse bytes on LittleEndian; align pointer on BigEndian
typedef GetBlock<word32, BigEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[0])(m_wspace[1])(m_wspace[2])(m_wspace[3]);
// Timing attack countermeasure, see comments in Rijndael for more details.
// The hardening does not materially affect benchmarks. SM4 runs at
// 30.5 cpb on a Core i5 Skylake with and without the code below.
const int cacheLineSize = GetCacheLineSize();
volatile word32 _u = 0;
word32 u = _u;
for (unsigned int i=0; i<sizeof(S); i+=cacheLineSize)
u |= *(const word32 *)(void*)(S+i);
m_wspace[4] = u;
SM4_Round<31, false>(m_wspace, m_rkeys);
SM4_Round<27, false>(m_wspace, m_rkeys);
SM4_Round<23, false>(m_wspace, m_rkeys);
SM4_Round<19, false>(m_wspace, m_rkeys);
SM4_Round<15, false>(m_wspace, m_rkeys);
SM4_Round<11, false>(m_wspace, m_rkeys);
SM4_Round< 7, false>(m_wspace, m_rkeys);
SM4_Round< 3, false>(m_wspace, m_rkeys);
// Reverse bytes on LittleEndian; align pointer on BigEndian
typedef PutBlock<word32, BigEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]);
}
NAMESPACE_END

152
Common/3dParty/cryptopp/sm4.h
View File

@ -1,76 +1,76 @@
// sm4.h - written and placed in the public domain by Jeffrey Walton and Han Lulu
/// \file sm4.h
/// \brief Classes for the SM4 block cipher
/// \details SM4 is a block cipher designed by Xiaoyun Wang, et al. The block cipher is part of the
/// Chinese State Cryptography Administration portfolio. The cipher was formely known as SMS4.
/// \sa <A HREF="http://eprint.iacr.org/2008/329.pdf">SMS4 Encryption Algorithm for Wireless Networks</A> and
/// <A HREF="http://github.com/guanzhi/GmSSL">Reference implementation using OpenSSL</A>.
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_SM4_H
#define CRYPTOPP_SM4_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief SM4 block cipher information
/// \since Crypto++ 6.0
struct SM4_Info : public FixedBlockSize<16>, FixedKeyLength<16>
{
static const std::string StaticAlgorithmName()
{
return "SM4";
}
};
/// \brief Classes for the SM4 block cipher
/// \details SM4 is a block cipher designed by Xiaoyun Wang, et al. The block cipher is part of the
/// Chinese State Cryptography Administration portfolio. The cipher was formely known as SMS4.
/// \sa <A HREF="http://eprint.iacr.org/2008/329.pdf">SMS4 Encryption Algorithm for Wireless Networks</A>
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE SM4 : public SM4_Info, public BlockCipherDocumentation
{
public:
/// \brief SM4 block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<SM4_Info>
{
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
protected:
SecBlock<word32, AllocatorWithCleanup<word32> > m_rkeys;
mutable SecBlock<word32, AllocatorWithCleanup<word32> > m_wspace;
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
NAMESPACE_END
#endif // CRYPTOPP_SM4_H
// sm4.h - written and placed in the public domain by Jeffrey Walton and Han Lulu
/// \file sm4.h
/// \brief Classes for the SM4 block cipher
/// \details SM4 is a block cipher designed by Xiaoyun Wang, et al. The block cipher is part of the
/// Chinese State Cryptography Administration portfolio. The cipher was formely known as SMS4.
/// \sa <A HREF="http://eprint.iacr.org/2008/329.pdf">SMS4 Encryption Algorithm for Wireless Networks</A> and
/// <A HREF="http://github.com/guanzhi/GmSSL">Reference implementation using OpenSSL</A>.
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_SM4_H
#define CRYPTOPP_SM4_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief SM4 block cipher information
/// \since Crypto++ 6.0
struct SM4_Info : public FixedBlockSize<16>, FixedKeyLength<16>
{
static const std::string StaticAlgorithmName()
{
return "SM4";
}
};
/// \brief Classes for the SM4 block cipher
/// \details SM4 is a block cipher designed by Xiaoyun Wang, et al. The block cipher is part of the
/// Chinese State Cryptography Administration portfolio. The cipher was formely known as SMS4.
/// \sa <A HREF="http://eprint.iacr.org/2008/329.pdf">SMS4 Encryption Algorithm for Wireless Networks</A>
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE SM4 : public SM4_Info, public BlockCipherDocumentation
{
public:
/// \brief SM4 block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<SM4_Info>
{
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
protected:
SecBlock<word32, AllocatorWithCleanup<word32> > m_rkeys;
mutable SecBlock<word32, AllocatorWithCleanup<word32> > m_wspace;
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
NAMESPACE_END
#endif // CRYPTOPP_SM4_H

1962
Common/3dParty/cryptopp/speck-simd.cpp
View File

File diff suppressed because it is too large Load Diff

876
Common/3dParty/cryptopp/speck.cpp
View File

@ -1,438 +1,438 @@
// speck.cpp - written and placed in the public domain by Jeffrey Walton
#include "pch.h"
#include "config.h"
#include "speck.h"
#include "misc.h"
#include "cpu.h"
// Uncomment for benchmarking C++ against SSE or NEON.
// Do so in both speck.cpp and speck-simd.cpp.
// #undef CRYPTOPP_SSSE3_AVAILABLE
// #undef CRYPTOPP_SSE41_AVAILABLE
// #undef CRYPTOPP_ARM_NEON_AVAILABLE
ANONYMOUS_NAMESPACE_BEGIN
using CryptoPP::word32;
using CryptoPP::word64;
using CryptoPP::rotlConstant;
using CryptoPP::rotrConstant;
/// \brief Forward round transformation
/// \tparam W word type
/// \details TF83() is the forward round transformation using a=8 and b=3 rotations.
/// The initial test implementation provided template parameters, but they were
/// removed because SPECK32 using a=7 and b=2 was not on the road map. The
/// additional template parameters also made calling SPECK_Encrypt and SPECK_Decrypt
/// kind of messy.
template <class W>
inline void TF83(W& x, W& y, const W k)
{
x = rotrConstant<8>(x);
x += y; x ^= k;
y = rotlConstant<3>(y);
y ^= x;
}
/// \brief Reverse round transformation
/// \tparam W word type
/// \details TR83() is the reverse round transformation using a=8 and b=3 rotations.
/// The initial test implementation provided template parameters, but they were
/// removed because SPECK32 using a=7 and b=2 was not on the road map. The
/// additional template parameters also made calling SPECK_Encrypt and SPECK_Decrypt
/// kind of messy.
template <class W>
inline void TR83(W& x, W& y, const W k)
{
y ^= x;
y = rotrConstant<3>(y);
x ^= k; x -= y;
x = rotlConstant<8>(x);
}
/// \brief Forward transformation
/// \tparam W word type
/// \tparam R number of rounds
/// \param c output array
/// \param p input array
/// \param k subkey array
template <class W, unsigned int R>
inline void SPECK_Encrypt(W c[2], const W p[2], const W k[R])
{
c[0]=p[0]; c[1]=p[1];
// Don't unroll this loop. Things slow down.
for (int i = 0; i < static_cast<int>(R); ++i)
TF83(c[0], c[1], k[i]);
}
/// \brief Reverse transformation
/// \tparam W word type
/// \tparam R number of rounds
/// \param p output array
/// \param c input array
/// \param k subkey array
template <class W, unsigned int R>
inline void SPECK_Decrypt(W p[2], const W c[2], const W k[R])
{
p[0]=c[0]; p[1]=c[1];
// Don't unroll this loop. Things slow down.
for (int i = static_cast<int>(R-1); i >= 0; --i)
TR83(p[0], p[1], k[i]);
}
/// \brief Subkey generation function
/// \details Used when the user key consists of 2 words
/// \tparam W word type
/// \tparam R number of rounds
/// \param key empty subkey array
/// \param k user key array
template <class W, unsigned int R>
inline void SPECK_ExpandKey_2W(W key[R], const W k[2])
{
CRYPTOPP_ASSERT(R==32);
W i=0, B=k[0], A=k[1];
while (i<R-1)
{
key[i]=A; TF83(B, A, i);
i++;
}
key[R-1]=A;
}
/// \brief Subkey generation function
/// \details Used when the user key consists of 3 words
/// \tparam W word type
/// \tparam R number of rounds
/// \param key empty subkey array
/// \param k user key array
template <class W, unsigned int R>
inline void SPECK_ExpandKey_3W(W key[R], const W k[3])
{
CRYPTOPP_ASSERT(R==33 || R==26);
W i=0, C=k[0], B=k[1], A=k[2];
unsigned int blocks = R/2;
while (blocks--)
{
key[i+0]=A; TF83(B, A, i+0);
key[i+1]=A; TF83(C, A, i+1);
i+=2;
}
// The constexpr residue should allow the optimizer to remove unneeded statements
if(R%2 == 1)
{
key[R-1]=A;
}
}
/// \brief Subkey generation function
/// \details Used when the user key consists of 4 words
/// \tparam W word type
/// \tparam R number of rounds
/// \param key empty subkey array
/// \param k user key array
template <class W, unsigned int R>
inline void SPECK_ExpandKey_4W(W key[R], const W k[4])
{
CRYPTOPP_ASSERT(R==34 || R==27);
W i=0, D=k[0], C=k[1], B=k[2], A=k[3];
unsigned int blocks = R/3;
while (blocks--)
{
key[i+0]=A; TF83(B, A, i+0);
key[i+1]=A; TF83(C, A, i+1);
key[i+2]=A; TF83(D, A, i+2);
i+=3;
}
// The constexpr residue should allow the optimizer to remove unneeded statements
if(R%3 == 1)
{
key[R-1]=A;
}
else if(R%3 == 2)
{
key[R-2]=A; TF83(B, A, W(R-2));
key[R-1]=A;
}
}
ANONYMOUS_NAMESPACE_END
///////////////////////////////////////////////////////////
NAMESPACE_BEGIN(CryptoPP)
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
extern size_t SPECK64_Enc_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SPECK64_Dec_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SPECK128_Enc_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SPECK128_Dec_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
#if defined(CRYPTOPP_SSE41_AVAILABLE)
extern size_t SPECK64_Enc_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SPECK64_Dec_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
#if defined(CRYPTOPP_SSSE3_AVAILABLE)
extern size_t SPECK128_Enc_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SPECK128_Dec_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
void SPECK64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params)
{
CRYPTOPP_ASSERT(keyLength == 12 || keyLength == 16);
CRYPTOPP_UNUSED(params);
// Building the key schedule table requires {3,4} words workspace.
// Encrypting and decrypting requires 4 words workspace.
m_kwords = keyLength/sizeof(word32);
m_wspace.New(4U);
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word32, LittleEndian, false> KeyBlock;
KeyBlock kblk(userKey);
switch (m_kwords)
{
case 3:
m_rkeys.New((m_rounds = 26));
kblk(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SPECK_ExpandKey_3W<word32, 26>(m_rkeys, m_wspace);
break;
case 4:
m_rkeys.New((m_rounds = 27));
kblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SPECK_ExpandKey_4W<word32, 27>(m_rkeys, m_wspace);
break;
default:
CRYPTOPP_ASSERT(0);;
}
}
void SPECK64::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word32, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 26:
SPECK_Encrypt<word32, 26>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 27:
SPECK_Encrypt<word32, 27>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word32, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
void SPECK64::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word32, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 26:
SPECK_Decrypt<word32, 26>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 27:
SPECK_Decrypt<word32, 27>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word32, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
///////////////////////////////////////////////////////////
void SPECK128::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params)
{
CRYPTOPP_ASSERT(keyLength == 16 || keyLength == 24 || keyLength == 32);
CRYPTOPP_UNUSED(params);
// Building the key schedule table requires {2,3,4} words workspace.
// Encrypting and decrypting requires 4 words workspace.
m_kwords = keyLength/sizeof(word64);
m_wspace.New(4U);
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word64, LittleEndian, false> KeyBlock;
KeyBlock kblk(userKey);
switch (m_kwords)
{
case 2:
m_rkeys.New((m_rounds = 32));
kblk(m_wspace[1])(m_wspace[0]);
SPECK_ExpandKey_2W<word64, 32>(m_rkeys, m_wspace);
break;
case 3:
m_rkeys.New((m_rounds = 33));
kblk(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SPECK_ExpandKey_3W<word64, 33>(m_rkeys, m_wspace);
break;
case 4:
m_rkeys.New((m_rounds = 34));
kblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SPECK_ExpandKey_4W<word64, 34>(m_rkeys, m_wspace);
break;
default:
CRYPTOPP_ASSERT(0);;
}
}
void SPECK128::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 32:
SPECK_Encrypt<word64, 32>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 33:
SPECK_Encrypt<word64, 33>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 34:
SPECK_Encrypt<word64, 34>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
void SPECK128::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 32:
SPECK_Decrypt<word64, 32>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 33:
SPECK_Decrypt<word64, 33>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 34:
SPECK_Decrypt<word64, 34>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
#if defined(CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS)
size_t SPECK64::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSE41_AVAILABLE)
if (HasSSE41())
return SPECK64_Enc_AdvancedProcessBlocks_SSE41(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SPECK64_Enc_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
size_t SPECK64::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSE41_AVAILABLE)
if (HasSSE41())
return SPECK64_Dec_AdvancedProcessBlocks_SSE41(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SPECK64_Dec_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
#endif // CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS
#if defined(CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS)
size_t SPECK128::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSSE3_AVAILABLE)
if (HasSSSE3())
return SPECK128_Enc_AdvancedProcessBlocks_SSSE3(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SPECK128_Enc_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
size_t SPECK128::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSSE3_AVAILABLE)
if (HasSSSE3())
return SPECK128_Dec_AdvancedProcessBlocks_SSSE3(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SPECK128_Dec_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
#endif // CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS
NAMESPACE_END
// speck.cpp - written and placed in the public domain by Jeffrey Walton
#include "pch.h"
#include "config.h"
#include "speck.h"
#include "misc.h"
#include "cpu.h"
// Uncomment for benchmarking C++ against SSE or NEON.
// Do so in both speck.cpp and speck-simd.cpp.
// #undef CRYPTOPP_SSSE3_AVAILABLE
// #undef CRYPTOPP_SSE41_AVAILABLE
// #undef CRYPTOPP_ARM_NEON_AVAILABLE
ANONYMOUS_NAMESPACE_BEGIN
using CryptoPP::word32;
using CryptoPP::word64;
using CryptoPP::rotlConstant;
using CryptoPP::rotrConstant;
/// \brief Forward round transformation
/// \tparam W word type
/// \details TF83() is the forward round transformation using a=8 and b=3 rotations.
/// The initial test implementation provided template parameters, but they were
/// removed because SPECK32 using a=7 and b=2 was not on the road map. The
/// additional template parameters also made calling SPECK_Encrypt and SPECK_Decrypt
/// kind of messy.
template <class W>
inline void TF83(W& x, W& y, const W k)
{
x = rotrConstant<8>(x);
x += y; x ^= k;
y = rotlConstant<3>(y);
y ^= x;
}
/// \brief Reverse round transformation
/// \tparam W word type
/// \details TR83() is the reverse round transformation using a=8 and b=3 rotations.
/// The initial test implementation provided template parameters, but they were
/// removed because SPECK32 using a=7 and b=2 was not on the road map. The
/// additional template parameters also made calling SPECK_Encrypt and SPECK_Decrypt
/// kind of messy.
template <class W>
inline void TR83(W& x, W& y, const W k)
{
y ^= x;
y = rotrConstant<3>(y);
x ^= k; x -= y;
x = rotlConstant<8>(x);
}
/// \brief Forward transformation
/// \tparam W word type
/// \tparam R number of rounds
/// \param c output array
/// \param p input array
/// \param k subkey array
template <class W, unsigned int R>
inline void SPECK_Encrypt(W c[2], const W p[2], const W k[R])
{
c[0]=p[0]; c[1]=p[1];
// Don't unroll this loop. Things slow down.
for (int i = 0; i < static_cast<int>(R); ++i)
TF83(c[0], c[1], k[i]);
}
/// \brief Reverse transformation
/// \tparam W word type
/// \tparam R number of rounds
/// \param p output array
/// \param c input array
/// \param k subkey array
template <class W, unsigned int R>
inline void SPECK_Decrypt(W p[2], const W c[2], const W k[R])
{
p[0]=c[0]; p[1]=c[1];
// Don't unroll this loop. Things slow down.
for (int i = static_cast<int>(R-1); i >= 0; --i)
TR83(p[0], p[1], k[i]);
}
/// \brief Subkey generation function
/// \details Used when the user key consists of 2 words
/// \tparam W word type
/// \tparam R number of rounds
/// \param key empty subkey array
/// \param k user key array
template <class W, unsigned int R>
inline void SPECK_ExpandKey_2W(W key[R], const W k[2])
{
CRYPTOPP_ASSERT(R==32);
W i=0, B=k[0], A=k[1];
while (i<R-1)
{
key[i]=A; TF83(B, A, i);
i++;
}
key[R-1]=A;
}
/// \brief Subkey generation function
/// \details Used when the user key consists of 3 words
/// \tparam W word type
/// \tparam R number of rounds
/// \param key empty subkey array
/// \param k user key array
template <class W, unsigned int R>
inline void SPECK_ExpandKey_3W(W key[R], const W k[3])
{
CRYPTOPP_ASSERT(R==33 || R==26);
W i=0, C=k[0], B=k[1], A=k[2];
unsigned int blocks = R/2;
while (blocks--)
{
key[i+0]=A; TF83(B, A, i+0);
key[i+1]=A; TF83(C, A, i+1);
i+=2;
}
// The constexpr residue should allow the optimizer to remove unneeded statements
if(R%2 == 1)
{
key[R-1]=A;
}
}
/// \brief Subkey generation function
/// \details Used when the user key consists of 4 words
/// \tparam W word type
/// \tparam R number of rounds
/// \param key empty subkey array
/// \param k user key array
template <class W, unsigned int R>
inline void SPECK_ExpandKey_4W(W key[R], const W k[4])
{
CRYPTOPP_ASSERT(R==34 || R==27);
W i=0, D=k[0], C=k[1], B=k[2], A=k[3];
unsigned int blocks = R/3;
while (blocks--)
{
key[i+0]=A; TF83(B, A, i+0);
key[i+1]=A; TF83(C, A, i+1);
key[i+2]=A; TF83(D, A, i+2);
i+=3;
}
// The constexpr residue should allow the optimizer to remove unneeded statements
if(R%3 == 1)
{
key[R-1]=A;
}
else if(R%3 == 2)
{
key[R-2]=A; TF83(B, A, W(R-2));
key[R-1]=A;
}
}
ANONYMOUS_NAMESPACE_END
///////////////////////////////////////////////////////////
NAMESPACE_BEGIN(CryptoPP)
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
extern size_t SPECK64_Enc_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SPECK64_Dec_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SPECK128_Enc_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SPECK128_Dec_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
#if defined(CRYPTOPP_SSE41_AVAILABLE)
extern size_t SPECK64_Enc_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SPECK64_Dec_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
#if defined(CRYPTOPP_SSSE3_AVAILABLE)
extern size_t SPECK128_Enc_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
extern size_t SPECK128_Dec_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds,
const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
#endif
void SPECK64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params)
{
CRYPTOPP_ASSERT(keyLength == 12 || keyLength == 16);
CRYPTOPP_UNUSED(params);
// Building the key schedule table requires {3,4} words workspace.
// Encrypting and decrypting requires 4 words workspace.
m_kwords = keyLength/sizeof(word32);
m_wspace.New(4U);
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word32, LittleEndian, false> KeyBlock;
KeyBlock kblk(userKey);
switch (m_kwords)
{
case 3:
m_rkeys.New((m_rounds = 26));
kblk(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SPECK_ExpandKey_3W<word32, 26>(m_rkeys, m_wspace);
break;
case 4:
m_rkeys.New((m_rounds = 27));
kblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SPECK_ExpandKey_4W<word32, 27>(m_rkeys, m_wspace);
break;
default:
CRYPTOPP_ASSERT(0);;
}
}
void SPECK64::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word32, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 26:
SPECK_Encrypt<word32, 26>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 27:
SPECK_Encrypt<word32, 27>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word32, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
void SPECK64::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word32, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 26:
SPECK_Decrypt<word32, 26>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 27:
SPECK_Decrypt<word32, 27>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word32, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
///////////////////////////////////////////////////////////
void SPECK128::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params)
{
CRYPTOPP_ASSERT(keyLength == 16 || keyLength == 24 || keyLength == 32);
CRYPTOPP_UNUSED(params);
// Building the key schedule table requires {2,3,4} words workspace.
// Encrypting and decrypting requires 4 words workspace.
m_kwords = keyLength/sizeof(word64);
m_wspace.New(4U);
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word64, LittleEndian, false> KeyBlock;
KeyBlock kblk(userKey);
switch (m_kwords)
{
case 2:
m_rkeys.New((m_rounds = 32));
kblk(m_wspace[1])(m_wspace[0]);
SPECK_ExpandKey_2W<word64, 32>(m_rkeys, m_wspace);
break;
case 3:
m_rkeys.New((m_rounds = 33));
kblk(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SPECK_ExpandKey_3W<word64, 33>(m_rkeys, m_wspace);
break;
case 4:
m_rkeys.New((m_rounds = 34));
kblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]);
SPECK_ExpandKey_4W<word64, 34>(m_rkeys, m_wspace);
break;
default:
CRYPTOPP_ASSERT(0);;
}
}
void SPECK128::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 32:
SPECK_Encrypt<word64, 32>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 33:
SPECK_Encrypt<word64, 33>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 34:
SPECK_Encrypt<word64, 34>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
void SPECK128::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
// Do the endian gyrations from the paper and align pointers
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]);
switch (m_rounds)
{
case 32:
SPECK_Decrypt<word64, 32>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 33:
SPECK_Decrypt<word64, 33>(m_wspace+2, m_wspace+0, m_rkeys);
break;
case 34:
SPECK_Decrypt<word64, 34>(m_wspace+2, m_wspace+0, m_rkeys);
break;
default:
CRYPTOPP_ASSERT(0);;
}
// Do the endian gyrations from the paper and align pointers
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]);
}
#if defined(CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS)
size_t SPECK64::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSE41_AVAILABLE)
if (HasSSE41())
return SPECK64_Enc_AdvancedProcessBlocks_SSE41(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SPECK64_Enc_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
size_t SPECK64::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSE41_AVAILABLE)
if (HasSSE41())
return SPECK64_Dec_AdvancedProcessBlocks_SSE41(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SPECK64_Dec_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
#endif // CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS
#if defined(CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS)
size_t SPECK128::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSSE3_AVAILABLE)
if (HasSSSE3())
return SPECK128_Enc_AdvancedProcessBlocks_SSSE3(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SPECK128_Enc_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
size_t SPECK128::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
byte *outBlocks, size_t length, word32 flags) const
{
#if defined(CRYPTOPP_SSSE3_AVAILABLE)
if (HasSSSE3())
return SPECK128_Dec_AdvancedProcessBlocks_SSSE3(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
#if (CRYPTOPP_ARM_NEON_AVAILABLE)
if (HasNEON())
return SPECK128_Dec_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds,
inBlocks, xorBlocks, outBlocks, length, flags);
#endif
return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
}
#endif // CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS
NAMESPACE_END

360
Common/3dParty/cryptopp/speck.h
View File

@ -1,180 +1,180 @@
// speck.h - written and placed in the public domain by Jeffrey Walton
/// \file speck.h
/// \brief Classes for the Speck block cipher
/// \details Speck is a block cipher designed by Ray Beaulieu, Douglas Shors, Jason Smith,
/// Stefan Treatman-Clark, Bryan Weeks and Louis Wingers.
/// \sa <A HREF="http://eprint.iacr.org/2013/404">The SIMON and SPECK Families of
/// Lightweight Block Ciphers</A>, <A HREF="http://iadgov.github.io/simon-speck/">
/// The Simon and Speck GitHub</A> and <A HREF="https://www.cryptopp.com/wiki/SPECK">
/// SPECK</A> on the Crypto++ wiki.
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_SPECK_H
#define CRYPTOPP_SPECK_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64
# define CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS 1
#endif
#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64
# define CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS 1
#endif
NAMESPACE_BEGIN(CryptoPP)
/// \brief SPECK block cipher information
/// \tparam L block size of the cipher, in bytes
/// \tparam D default key length, in bytes
/// \tparam N minimum key length, in bytes
/// \tparam M maximum key length, in bytes
/// \since Crypto++ 6.0
template <unsigned int L, unsigned int D, unsigned int N, unsigned int M>
struct SPECK_Info : public FixedBlockSize<L>, VariableKeyLength<D, N, M>
{
static const std::string StaticAlgorithmName()
{
// Format is Cipher-Blocksize(Keylength)
return "SPECK-" + IntToString(L*8);
}
};
/// \brief SPECK block cipher base class
/// \tparam W the word type
/// \details User code should use SPECK64 or SPECK128
/// \sa SPECK64, SPECK128, <a href="http://www.cryptopp.com/wiki/SPECK">SPECK</a>
/// \since Crypto++ 6.0
template <class W>
struct SPECK_Base
{
virtual ~SPECK_Base() {}
SPECK_Base() : m_kwords(0), m_rounds(0) {}
typedef SecBlock<W, AllocatorWithCleanup<W, true> > AlignedSecBlock;
mutable AlignedSecBlock m_wspace; // workspace
AlignedSecBlock m_rkeys; // round keys
unsigned int m_kwords; // number of key words
unsigned int m_rounds; // number of rounds
};
/// \brief SPECK 64-bit block cipher
/// \details Speck is a block cipher designed by Ray Beaulieu, Douglas Shors, Jason Smith,
/// Stefan Treatman-Clark, Bryan Weeks and Louis Wingers.
/// \details SPECK64 provides 64-bit block size. The valid key sizes are 96-bit and 128-bit.
/// \sa SPECK64, SPECK128, <A HREF="http://eprint.iacr.org/2013/404">The SIMON and SPECK
/// Families of Lightweight Block Ciphers</A>, <A HREF="http://iadgov.github.io/simon-speck/">
/// The Simon and Speck GitHub</A>, <a href="http://www.cryptopp.com/wiki/SPECK">SPECK</a> on the
/// Crypto++ wiki
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE SPECK64 : public SPECK_Info<8, 12, 12, 16>, public BlockCipherDocumentation
{
public:
/// \brief SPECK block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : protected SPECK_Base<word32>, public BlockCipherImpl<SPECK_Info<8, 12, 12, 16> >
{
public:
std::string AlgorithmName() const {
return StaticAlgorithmName() + (m_kwords == 0 ? "" :
"(" + IntToString(m_kwords*sizeof(word32)*8) + ")");
}
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
public:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
public:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
/// \brief SPECK 128-bit block cipher
/// \details Speck is a block cipher designed by Ray Beaulieu, Douglas Shors, Jason Smith,
/// Stefan Treatman-Clark, Bryan Weeks and Louis Wingers.
/// \details SPECK128 provides 128-bit block size. The valid key sizes are 128-bit, 192-bit and 256-bit.
/// \sa SPECK64, SPECK128, <A HREF="http://eprint.iacr.org/2013/404">The SIMON and SPECK
/// Families of Lightweight Block Ciphers</A>, <A HREF="http://iadgov.github.io/simon-speck/">
/// The Simon and Speck GitHub</A>, <a href="http://www.cryptopp.com/wiki/SPECK">SPECK</a> on the
/// Crypto++ wiki
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE SPECK128 : public SPECK_Info<16, 16, 16, 32>, public BlockCipherDocumentation
{
public:
/// \brief SPECK block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : protected SPECK_Base<word64>, public BlockCipherImpl<SPECK_Info<16, 16, 16, 32> >
{
public:
std::string AlgorithmName() const {
return StaticAlgorithmName() + (m_kwords == 0 ? "" :
"(" + IntToString(m_kwords*sizeof(word64)*8) + ")");
}
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
public:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
public:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
NAMESPACE_END
#endif // CRYPTOPP_SPECK_H
// speck.h - written and placed in the public domain by Jeffrey Walton
/// \file speck.h
/// \brief Classes for the Speck block cipher
/// \details Speck is a block cipher designed by Ray Beaulieu, Douglas Shors, Jason Smith,
/// Stefan Treatman-Clark, Bryan Weeks and Louis Wingers.
/// \sa <A HREF="http://eprint.iacr.org/2013/404">The SIMON and SPECK Families of
/// Lightweight Block Ciphers</A>, <A HREF="http://iadgov.github.io/simon-speck/">
/// The Simon and Speck GitHub</A> and <A HREF="https://www.cryptopp.com/wiki/SPECK">
/// SPECK</A> on the Crypto++ wiki.
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_SPECK_H
#define CRYPTOPP_SPECK_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64
# define CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS 1
#endif
#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64
# define CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS 1
#endif
NAMESPACE_BEGIN(CryptoPP)
/// \brief SPECK block cipher information
/// \tparam L block size of the cipher, in bytes
/// \tparam D default key length, in bytes
/// \tparam N minimum key length, in bytes
/// \tparam M maximum key length, in bytes
/// \since Crypto++ 6.0
template <unsigned int L, unsigned int D, unsigned int N, unsigned int M>
struct SPECK_Info : public FixedBlockSize<L>, VariableKeyLength<D, N, M>
{
static const std::string StaticAlgorithmName()
{
// Format is Cipher-Blocksize(Keylength)
return "SPECK-" + IntToString(L*8);
}
};
/// \brief SPECK block cipher base class
/// \tparam W the word type
/// \details User code should use SPECK64 or SPECK128
/// \sa SPECK64, SPECK128, <a href="http://www.cryptopp.com/wiki/SPECK">SPECK</a>
/// \since Crypto++ 6.0
template <class W>
struct SPECK_Base
{
virtual ~SPECK_Base() {}
SPECK_Base() : m_kwords(0), m_rounds(0) {}
typedef SecBlock<W, AllocatorWithCleanup<W, true> > AlignedSecBlock;
mutable AlignedSecBlock m_wspace; // workspace
AlignedSecBlock m_rkeys; // round keys
unsigned int m_kwords; // number of key words
unsigned int m_rounds; // number of rounds
};
/// \brief SPECK 64-bit block cipher
/// \details Speck is a block cipher designed by Ray Beaulieu, Douglas Shors, Jason Smith,
/// Stefan Treatman-Clark, Bryan Weeks and Louis Wingers.
/// \details SPECK64 provides 64-bit block size. The valid key sizes are 96-bit and 128-bit.
/// \sa SPECK64, SPECK128, <A HREF="http://eprint.iacr.org/2013/404">The SIMON and SPECK
/// Families of Lightweight Block Ciphers</A>, <A HREF="http://iadgov.github.io/simon-speck/">
/// The Simon and Speck GitHub</A>, <a href="http://www.cryptopp.com/wiki/SPECK">SPECK</a> on the
/// Crypto++ wiki
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE SPECK64 : public SPECK_Info<8, 12, 12, 16>, public BlockCipherDocumentation
{
public:
/// \brief SPECK block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : protected SPECK_Base<word32>, public BlockCipherImpl<SPECK_Info<8, 12, 12, 16> >
{
public:
std::string AlgorithmName() const {
return StaticAlgorithmName() + (m_kwords == 0 ? "" :
"(" + IntToString(m_kwords*sizeof(word32)*8) + ")");
}
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
/// \brief SPECK 128-bit block cipher
/// \details Speck is a block cipher designed by Ray Beaulieu, Douglas Shors, Jason Smith,
/// Stefan Treatman-Clark, Bryan Weeks and Louis Wingers.
/// \details SPECK128 provides 128-bit block size. The valid key sizes are 128-bit, 192-bit and 256-bit.
/// \sa SPECK64, SPECK128, <A HREF="http://eprint.iacr.org/2013/404">The SIMON and SPECK
/// Families of Lightweight Block Ciphers</A>, <A HREF="http://iadgov.github.io/simon-speck/">
/// The Simon and Speck GitHub</A>, <a href="http://www.cryptopp.com/wiki/SPECK">SPECK</a> on the
/// Crypto++ wiki
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE SPECK128 : public SPECK_Info<16, 16, 16, 32>, public BlockCipherDocumentation
{
public:
/// \brief SPECK block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : protected SPECK_Base<word64>, public BlockCipherImpl<SPECK_Info<16, 16, 16, 32> >
{
public:
std::string AlgorithmName() const {
return StaticAlgorithmName() + (m_kwords == 0 ? "" :
"(" + IntToString(m_kwords*sizeof(word64)*8) + ")");
}
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
#if CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS
size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
#endif
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
NAMESPACE_END
#endif // CRYPTOPP_SPECK_H

214
Common/3dParty/cryptopp/sse-simd.cpp
View File

@ -1,107 +1,107 @@
// sse-simd.cpp - written and placed in the public domain by
// Jeffrey Walton, Uri Blumenthal and Marcel Raad.
//
// This source file uses intrinsics to gain access to SSE for CPU
// feature testing. A separate source file is needed because additional
// CXXFLAGS are required to enable the appropriate instructions set in
// some build configurations.
#include "pch.h"
#include "config.h"
#include "cpu.h"
// Needed by MIPS for definition of NULL
#include "stdcpp.h"
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
# include <signal.h>
# include <setjmp.h>
#endif
#ifndef EXCEPTION_EXECUTE_HANDLER
# define EXCEPTION_EXECUTE_HANDLER 1
#endif
// Needed by SunCC and MSVC
#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
# include <emmintrin.h>
#endif
NAMESPACE_BEGIN(CryptoPP)
#ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
extern "C" {
typedef void (*SigHandler)(int);
}
extern "C"
{
static jmp_buf s_jmpNoSSE2;
static void SigIllHandlerSSE2(int)
{
longjmp(s_jmpNoSSE2, 1);
}
}
#endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
bool CPU_ProbeSSE2()
{
// Apple switched to Intel desktops in 2005/2006 using
// Core2 Duo's, which provides SSE2 and above.
#if CRYPTOPP_BOOL_X64 || defined(__APPLE__)
return true;
#elif defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
__try
{
# if CRYPTOPP_SSE2_ASM_AVAILABLE
AS2(por xmm0, xmm0) // executing SSE2 instruction
# elif CRYPTOPP_SSE2_INTRIN_AVAILABLE
__m128i x = _mm_setzero_si128();
return _mm_cvtsi128_si32(x) == 0;
# endif
}
// GetExceptionCode() == EXCEPTION_ILLEGAL_INSTRUCTION
__except (EXCEPTION_EXECUTE_HANDLER)
{
return false;
}
return true;
#else
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile bool result = true;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandlerSSE2);
if (oldHandler == SIG_ERR)
return false;
# ifndef __MINGW32__
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
# endif
if (setjmp(s_jmpNoSSE2))
result = false;
else
{
# if CRYPTOPP_SSE2_ASM_AVAILABLE
__asm __volatile ("por %xmm0, %xmm0");
# elif CRYPTOPP_SSE2_INTRIN_AVAILABLE
__m128i x = _mm_setzero_si128();
result = _mm_cvtsi128_si32(x) == 0;
# endif
}
# ifndef __MINGW32__
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
# endif
signal(SIGILL, oldHandler);
return result;
#endif
}
NAMESPACE_END
// sse-simd.cpp - written and placed in the public domain by
// Jeffrey Walton, Uri Blumenthal and Marcel Raad.
//
// This source file uses intrinsics to gain access to SSE for CPU
// feature testing. A separate source file is needed because additional
// CXXFLAGS are required to enable the appropriate instructions set in
// some build configurations.
#include "pch.h"
#include "config.h"
#include "cpu.h"
// Needed by MIPS for definition of NULL
#include "stdcpp.h"
#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
# include <signal.h>
# include <setjmp.h>
#endif
#ifndef EXCEPTION_EXECUTE_HANDLER
# define EXCEPTION_EXECUTE_HANDLER 1
#endif
// Needed by SunCC and MSVC
#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
# include <emmintrin.h>
#endif
NAMESPACE_BEGIN(CryptoPP)
#ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
extern "C" {
typedef void (*SigHandler)(int);
}
extern "C"
{
static jmp_buf s_jmpNoSSE2;
static void SigIllHandlerSSE2(int)
{
longjmp(s_jmpNoSSE2, 1);
}
}
#endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
bool CPU_ProbeSSE2()
{
// Apple switched to Intel desktops in 2005/2006 using
// Core2 Duo's, which provides SSE2 and above.
#if CRYPTOPP_BOOL_X64 || defined(__APPLE__)
return true;
#elif defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
return false;
#elif defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
__try
{
# if CRYPTOPP_SSE2_ASM_AVAILABLE
AS2(por xmm0, xmm0) // executing SSE2 instruction
# elif CRYPTOPP_SSE2_INTRIN_AVAILABLE
__m128i x = _mm_setzero_si128();
return _mm_cvtsi128_si32(x) == 0;
# endif
}
// GetExceptionCode() == EXCEPTION_ILLEGAL_INSTRUCTION
__except (EXCEPTION_EXECUTE_HANDLER)
{
return false;
}
return true;
#else
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
volatile bool result = true;
volatile SigHandler oldHandler = signal(SIGILL, SigIllHandlerSSE2);
if (oldHandler == SIG_ERR)
return false;
# ifndef __MINGW32__
volatile sigset_t oldMask;
if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
return false;
# endif
if (setjmp(s_jmpNoSSE2))
result = false;
else
{
# if CRYPTOPP_SSE2_ASM_AVAILABLE
__asm __volatile ("por %xmm0, %xmm0");
# elif CRYPTOPP_SSE2_INTRIN_AVAILABLE
__m128i x = _mm_setzero_si128();
result = _mm_cvtsi128_si32(x) == 0;
# endif
}
# ifndef __MINGW32__
sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
# endif
signal(SIGILL, oldHandler);
return result;
#endif
}
NAMESPACE_END

1006
Common/3dParty/cryptopp/threefish.cpp
View File

File diff suppressed because it is too large Load Diff

402
Common/3dParty/cryptopp/threefish.h
View File

@ -1,201 +1,201 @@
// threefish.h - written and placed in the public domain by Jeffrey Walton
// Based on public domain code by Keru Kuro. Kuro's code is
// available at http://cppcrypto.sourceforge.net/.
/// \file Threefish.h
/// \brief Classes for the Threefish block cipher
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_THREEFISH_H
#define CRYPTOPP_THREEFISH_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
#include "algparam.h"
#include "argnames.h"
#include "stdcpp.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief Threefish block cipher information
/// \tparam BS block size of the cipher, in bytes
/// \since Crypto++ 6.0
template <unsigned int BS>
struct Threefish_Info : public FixedBlockSize<BS>, FixedKeyLength<BS>
{
static const std::string StaticAlgorithmName()
{
// Format is Cipher-Blocksize(Keylength)
return "Threefish-" + IntToString(BS*8) + "(" + IntToString(BS*8) + ")";
}
};
/// \brief Threefish block cipher base class
/// \tparam BS block size of the cipher, in bytes
/// \details User code should use Threefish256, Threefish512, Threefish1024
/// \sa Threefish256, Threefish512, Threefish1024, <a href="http://www.cryptopp.com/wiki/Threefish">Threefish</a>
/// \since Crypto++ 6.0
template <unsigned int BS>
struct CRYPTOPP_NO_VTABLE Threefish_Base
{
virtual ~Threefish_Base() {}
void SetTweak(const NameValuePairs &params)
{
m_tweak.New(3);
ConstByteArrayParameter t;
if (params.GetValue(Name::Tweak(), t))
{
// Tweak size is fixed at 16 for Threefish
CRYPTOPP_ASSERT(t.size() == 16);
GetUserKey(LITTLE_ENDIAN_ORDER, m_tweak.begin(), 2, t.begin(), 16);
m_tweak[2] = m_tweak[0] ^ m_tweak[1];
}
else
{
std::memset(m_tweak.begin(), 0x00, 24);
}
}
typedef SecBlock<word64, AllocatorWithCleanup<word64, true> > AlignedSecBlock64;
mutable AlignedSecBlock64 m_wspace; // workspace
AlignedSecBlock64 m_rkey; // keys
AlignedSecBlock64 m_tweak;
};
/// \brief Threefish 256-bit block cipher
/// \details Threefish256 provides 256-bit block size. The valid key size is 256-bit.
/// \note Crypto++ provides a byte oriented implementation
/// \sa Threefish256, Threefish512, Threefish1024, <a href="http://www.cryptopp.com/wiki/Threefish">Threefish</a>
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Threefish256 : public Threefish_Info<32>, public BlockCipherDocumentation
{
public:
/// \brief Threefish block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : public Threefish_Base<32>, public BlockCipherImpl<Threefish_Info<32> >
{
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key and block
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key and block
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
typedef Threefish256::Encryption Threefish256Encryption;
typedef Threefish256::Decryption Threefish256Decryption;
/// \brief Threefish 512-bit block cipher
/// \details Threefish512 provides 512-bit block size. The valid key size is 512-bit.
/// \note Crypto++ provides a byte oriented implementation
/// \sa Threefish256, Threefish512, Threefish1024, <a href="http://www.cryptopp.com/wiki/Threefish">Threefish</a>
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Threefish512 : public Threefish_Base<32>, public BlockCipherDocumentation
{
public:
/// \brief Threefish block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : public Threefish_Base<64>, public BlockCipherImpl<Threefish_Info<64> >
{
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key and block
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key and block
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
typedef Threefish512::Encryption Threefish512Encryption;
typedef Threefish512::Decryption Threefish512Decryption;
/// \brief Threefish 1024-bit block cipher
/// \details Threefish1024 provides 1024-bit block size. The valid key size is 1024-bit.
/// \note Crypto++ provides a byte oriented implementation
/// \sa Threefish256, Threefish512, Threefish1024, <a href="http://www.cryptopp.com/wiki/Threefish">Threefish</a>
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Threefish1024 : public Threefish_Base<32>, public BlockCipherDocumentation
{
public:
/// \brief Threefish block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : public Threefish_Base<128>, public BlockCipherImpl<Threefish_Info<128> >
{
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key and block
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key and block
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
typedef Threefish1024::Encryption Threefish1024Encryption;
typedef Threefish1024::Decryption Threefish1024Decryption;
NAMESPACE_END
#endif // CRYPTOPP_THREEFISH_H
// threefish.h - written and placed in the public domain by Jeffrey Walton
// Based on public domain code by Keru Kuro. Kuro's code is
// available at http://cppcrypto.sourceforge.net/.
/// \file Threefish.h
/// \brief Classes for the Threefish block cipher
/// \since Crypto++ 6.0
#ifndef CRYPTOPP_THREEFISH_H
#define CRYPTOPP_THREEFISH_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
#include "algparam.h"
#include "argnames.h"
#include "stdcpp.h"
NAMESPACE_BEGIN(CryptoPP)
/// \brief Threefish block cipher information
/// \tparam BS block size of the cipher, in bytes
/// \since Crypto++ 6.0
template <unsigned int BS>
struct Threefish_Info : public FixedBlockSize<BS>, FixedKeyLength<BS>
{
static const std::string StaticAlgorithmName()
{
// Format is Cipher-Blocksize(Keylength)
return "Threefish-" + IntToString(BS*8) + "(" + IntToString(BS*8) + ")";
}
};
/// \brief Threefish block cipher base class
/// \tparam BS block size of the cipher, in bytes
/// \details User code should use Threefish256, Threefish512, Threefish1024
/// \sa Threefish256, Threefish512, Threefish1024, <a href="http://www.cryptopp.com/wiki/Threefish">Threefish</a>
/// \since Crypto++ 6.0
template <unsigned int BS>
struct CRYPTOPP_NO_VTABLE Threefish_Base
{
virtual ~Threefish_Base() {}
void SetTweak(const NameValuePairs &params)
{
m_tweak.New(3);
ConstByteArrayParameter t;
if (params.GetValue(Name::Tweak(), t))
{
// Tweak size is fixed at 16 for Threefish
CRYPTOPP_ASSERT(t.size() == 16);
GetUserKey(LITTLE_ENDIAN_ORDER, m_tweak.begin(), 2, t.begin(), 16);
m_tweak[2] = m_tweak[0] ^ m_tweak[1];
}
else
{
std::memset(m_tweak.begin(), 0x00, 24);
}
}
typedef SecBlock<word64, AllocatorWithCleanup<word64, true> > AlignedSecBlock64;
mutable AlignedSecBlock64 m_wspace; // workspace
AlignedSecBlock64 m_rkey; // keys
AlignedSecBlock64 m_tweak;
};
/// \brief Threefish 256-bit block cipher
/// \details Threefish256 provides 256-bit block size. The valid key size is 256-bit.
/// \note Crypto++ provides a byte oriented implementation
/// \sa Threefish256, Threefish512, Threefish1024, <a href="http://www.cryptopp.com/wiki/Threefish">Threefish</a>
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Threefish256 : public Threefish_Info<32>, public BlockCipherDocumentation
{
public:
/// \brief Threefish block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : public Threefish_Base<32>, public BlockCipherImpl<Threefish_Info<32> >
{
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key and block
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key and block
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
typedef Threefish256::Encryption Threefish256Encryption;
typedef Threefish256::Decryption Threefish256Decryption;
/// \brief Threefish 512-bit block cipher
/// \details Threefish512 provides 512-bit block size. The valid key size is 512-bit.
/// \note Crypto++ provides a byte oriented implementation
/// \sa Threefish256, Threefish512, Threefish1024, <a href="http://www.cryptopp.com/wiki/Threefish">Threefish</a>
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Threefish512 : public Threefish_Base<32>, public BlockCipherDocumentation
{
public:
/// \brief Threefish block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : public Threefish_Base<64>, public BlockCipherImpl<Threefish_Info<64> >
{
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key and block
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key and block
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
typedef Threefish512::Encryption Threefish512Encryption;
typedef Threefish512::Decryption Threefish512Decryption;
/// \brief Threefish 1024-bit block cipher
/// \details Threefish1024 provides 1024-bit block size. The valid key size is 1024-bit.
/// \note Crypto++ provides a byte oriented implementation
/// \sa Threefish256, Threefish512, Threefish1024, <a href="http://www.cryptopp.com/wiki/Threefish">Threefish</a>
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Threefish1024 : public Threefish_Base<32>, public BlockCipherDocumentation
{
public:
/// \brief Threefish block cipher transformation functions
/// \details Provides implementation common to encryption and decryption
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Base : public Threefish_Base<128>, public BlockCipherImpl<Threefish_Info<128> >
{
protected:
void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
};
/// \brief Provides implementation for encryption transformation
/// \details Enc provides implementation for encryption transformation. All key and block
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
/// \brief Provides implementation for encryption transformation
/// \details Dec provides implementation for decryption transformation. All key and block
/// sizes are supported.
/// \since Crypto++ 6.0
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
typedef Threefish1024::Encryption Threefish1024Encryption;
typedef Threefish1024::Decryption Threefish1024Decryption;
NAMESPACE_END
#endif // CRYPTOPP_THREEFISH_H

1800
Common/3dParty/cryptopp/tweetnacl.cpp
View File

File diff suppressed because it is too large Load Diff

544
Common/3dParty/cryptopp/tweetnacl.h
View File

@ -1,272 +1,272 @@
#ifndef TWEETNACL_H
#define TWEETNACL_H
#define crypto_auth_PRIMITIVE "hmacsha512256"
#define crypto_auth crypto_auth_hmacsha512256
#define crypto_auth_verify crypto_auth_hmacsha512256_verify
#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES
#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES
#define crypto_auth_IMPLEMENTATION crypto_auth_hmacsha512256_IMPLEMENTATION
#define crypto_auth_VERSION crypto_auth_hmacsha512256_VERSION
#define crypto_auth_hmacsha512256_tweet_BYTES 32
#define crypto_auth_hmacsha512256_tweet_KEYBYTES 32
extern int crypto_auth_hmacsha512256_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
extern int crypto_auth_hmacsha512256_tweet_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
#define crypto_auth_hmacsha512256_tweet_VERSION "-"
#define crypto_auth_hmacsha512256 crypto_auth_hmacsha512256_tweet
#define crypto_auth_hmacsha512256_verify crypto_auth_hmacsha512256_tweet_verify
#define crypto_auth_hmacsha512256_BYTES crypto_auth_hmacsha512256_tweet_BYTES
#define crypto_auth_hmacsha512256_KEYBYTES crypto_auth_hmacsha512256_tweet_KEYBYTES
#define crypto_auth_hmacsha512256_VERSION crypto_auth_hmacsha512256_tweet_VERSION
#define crypto_auth_hmacsha512256_IMPLEMENTATION "crypto_auth/hmacsha512256/tweet"
#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305"
#define crypto_box crypto_box_curve25519xsalsa20poly1305
#define crypto_box_open crypto_box_curve25519xsalsa20poly1305_open
#define crypto_box_keypair crypto_box_curve25519xsalsa20poly1305_keypair
#define crypto_box_beforenm crypto_box_curve25519xsalsa20poly1305_beforenm
#define crypto_box_afternm crypto_box_curve25519xsalsa20poly1305_afternm
#define crypto_box_open_afternm crypto_box_curve25519xsalsa20poly1305_open_afternm
#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
#define crypto_box_IMPLEMENTATION crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION
#define crypto_box_VERSION crypto_box_curve25519xsalsa20poly1305_VERSION
#define crypto_box_curve25519xsalsa20poly1305_tweet_PUBLICKEYBYTES 32
#define crypto_box_curve25519xsalsa20poly1305_tweet_SECRETKEYBYTES 32
#define crypto_box_curve25519xsalsa20poly1305_tweet_BEFORENMBYTES 32
#define crypto_box_curve25519xsalsa20poly1305_tweet_NONCEBYTES 24
#define crypto_box_curve25519xsalsa20poly1305_tweet_ZEROBYTES 32
#define crypto_box_curve25519xsalsa20poly1305_tweet_BOXZEROBYTES 16
extern int crypto_box_curve25519xsalsa20poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
extern int crypto_box_curve25519xsalsa20poly1305_tweet_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
extern int crypto_box_curve25519xsalsa20poly1305_tweet_keypair(unsigned char *,unsigned char *);
extern int crypto_box_curve25519xsalsa20poly1305_tweet_beforenm(unsigned char *,const unsigned char *,const unsigned char *);
extern int crypto_box_curve25519xsalsa20poly1305_tweet_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
extern int crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
#define crypto_box_curve25519xsalsa20poly1305_tweet_VERSION "-"
#define crypto_box_curve25519xsalsa20poly1305 crypto_box_curve25519xsalsa20poly1305_tweet
#define crypto_box_curve25519xsalsa20poly1305_open crypto_box_curve25519xsalsa20poly1305_tweet_open
#define crypto_box_curve25519xsalsa20poly1305_keypair crypto_box_curve25519xsalsa20poly1305_tweet_keypair
#define crypto_box_curve25519xsalsa20poly1305_beforenm crypto_box_curve25519xsalsa20poly1305_tweet_beforenm
#define crypto_box_curve25519xsalsa20poly1305_afternm crypto_box_curve25519xsalsa20poly1305_tweet_afternm
#define crypto_box_curve25519xsalsa20poly1305_open_afternm crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm
#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_tweet_PUBLICKEYBYTES
#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_tweet_SECRETKEYBYTES
#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_tweet_BEFORENMBYTES
#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_tweet_NONCEBYTES
#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_tweet_ZEROBYTES
#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_tweet_BOXZEROBYTES
#define crypto_box_curve25519xsalsa20poly1305_VERSION crypto_box_curve25519xsalsa20poly1305_tweet_VERSION
#define crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION "crypto_box/curve25519xsalsa20poly1305/tweet"
#define crypto_core_PRIMITIVE "salsa20"
#define crypto_core crypto_core_salsa20
#define crypto_core_OUTPUTBYTES crypto_core_salsa20_OUTPUTBYTES
#define crypto_core_INPUTBYTES crypto_core_salsa20_INPUTBYTES
#define crypto_core_KEYBYTES crypto_core_salsa20_KEYBYTES
#define crypto_core_CONSTBYTES crypto_core_salsa20_CONSTBYTES
#define crypto_core_IMPLEMENTATION crypto_core_salsa20_IMPLEMENTATION
#define crypto_core_VERSION crypto_core_salsa20_VERSION
#define crypto_core_salsa20_tweet_OUTPUTBYTES 64
#define crypto_core_salsa20_tweet_INPUTBYTES 16
#define crypto_core_salsa20_tweet_KEYBYTES 32
#define crypto_core_salsa20_tweet_CONSTBYTES 16
extern int crypto_core_salsa20_tweet(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
#define crypto_core_salsa20_tweet_VERSION "-"
#define crypto_core_salsa20 crypto_core_salsa20_tweet
#define crypto_core_salsa20_OUTPUTBYTES crypto_core_salsa20_tweet_OUTPUTBYTES
#define crypto_core_salsa20_INPUTBYTES crypto_core_salsa20_tweet_INPUTBYTES
#define crypto_core_salsa20_KEYBYTES crypto_core_salsa20_tweet_KEYBYTES
#define crypto_core_salsa20_CONSTBYTES crypto_core_salsa20_tweet_CONSTBYTES
#define crypto_core_salsa20_VERSION crypto_core_salsa20_tweet_VERSION
#define crypto_core_salsa20_IMPLEMENTATION "crypto_core/salsa20/tweet"
#define crypto_core_hsalsa20_tweet_OUTPUTBYTES 32
#define crypto_core_hsalsa20_tweet_INPUTBYTES 16
#define crypto_core_hsalsa20_tweet_KEYBYTES 32
#define crypto_core_hsalsa20_tweet_CONSTBYTES 16
extern int crypto_core_hsalsa20_tweet(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
#define crypto_core_hsalsa20_tweet_VERSION "-"
#define crypto_core_hsalsa20 crypto_core_hsalsa20_tweet
#define crypto_core_hsalsa20_OUTPUTBYTES crypto_core_hsalsa20_tweet_OUTPUTBYTES
#define crypto_core_hsalsa20_INPUTBYTES crypto_core_hsalsa20_tweet_INPUTBYTES
#define crypto_core_hsalsa20_KEYBYTES crypto_core_hsalsa20_tweet_KEYBYTES
#define crypto_core_hsalsa20_CONSTBYTES crypto_core_hsalsa20_tweet_CONSTBYTES
#define crypto_core_hsalsa20_VERSION crypto_core_hsalsa20_tweet_VERSION
#define crypto_core_hsalsa20_IMPLEMENTATION "crypto_core/hsalsa20/tweet"
#define crypto_hashblocks_PRIMITIVE "sha512"
#define crypto_hashblocks crypto_hashblocks_sha512
#define crypto_hashblocks_STATEBYTES crypto_hashblocks_sha512_STATEBYTES
#define crypto_hashblocks_BLOCKBYTES crypto_hashblocks_sha512_BLOCKBYTES
#define crypto_hashblocks_IMPLEMENTATION crypto_hashblocks_sha512_IMPLEMENTATION
#define crypto_hashblocks_VERSION crypto_hashblocks_sha512_VERSION
#define crypto_hashblocks_sha512_tweet_STATEBYTES 64
#define crypto_hashblocks_sha512_tweet_BLOCKBYTES 128
extern int crypto_hashblocks_sha512_tweet(unsigned char *,const unsigned char *,unsigned long long);
#define crypto_hashblocks_sha512_tweet_VERSION "-"
#define crypto_hashblocks_sha512 crypto_hashblocks_sha512_tweet
#define crypto_hashblocks_sha512_STATEBYTES crypto_hashblocks_sha512_tweet_STATEBYTES
#define crypto_hashblocks_sha512_BLOCKBYTES crypto_hashblocks_sha512_tweet_BLOCKBYTES
#define crypto_hashblocks_sha512_VERSION crypto_hashblocks_sha512_tweet_VERSION
#define crypto_hashblocks_sha512_IMPLEMENTATION "crypto_hashblocks/sha512/tweet"
#define crypto_hashblocks_sha256_tweet_STATEBYTES 32
#define crypto_hashblocks_sha256_tweet_BLOCKBYTES 64
extern int crypto_hashblocks_sha256_tweet(unsigned char *,const unsigned char *,unsigned long long);
#define crypto_hashblocks_sha256_tweet_VERSION "-"
#define crypto_hashblocks_sha256 crypto_hashblocks_sha256_tweet
#define crypto_hashblocks_sha256_STATEBYTES crypto_hashblocks_sha256_tweet_STATEBYTES
#define crypto_hashblocks_sha256_BLOCKBYTES crypto_hashblocks_sha256_tweet_BLOCKBYTES
#define crypto_hashblocks_sha256_VERSION crypto_hashblocks_sha256_tweet_VERSION
#define crypto_hashblocks_sha256_IMPLEMENTATION "crypto_hashblocks/sha256/tweet"
#define crypto_hash_PRIMITIVE "sha512"
#define crypto_hash crypto_hash_sha512
#define crypto_hash_BYTES crypto_hash_sha512_BYTES
#define crypto_hash_IMPLEMENTATION crypto_hash_sha512_IMPLEMENTATION
#define crypto_hash_VERSION crypto_hash_sha512_VERSION
#define crypto_hash_sha512_tweet_BYTES 64
extern int crypto_hash_sha512_tweet(unsigned char *,const unsigned char *,unsigned long long);
#define crypto_hash_sha512_tweet_VERSION "-"
#define crypto_hash_sha512 crypto_hash_sha512_tweet
#define crypto_hash_sha512_BYTES crypto_hash_sha512_tweet_BYTES
#define crypto_hash_sha512_VERSION crypto_hash_sha512_tweet_VERSION
#define crypto_hash_sha512_IMPLEMENTATION "crypto_hash/sha512/tweet"
#define crypto_hash_sha256_tweet_BYTES 32
extern int crypto_hash_sha256_tweet(unsigned char *,const unsigned char *,unsigned long long);
#define crypto_hash_sha256_tweet_VERSION "-"
#define crypto_hash_sha256 crypto_hash_sha256_tweet
#define crypto_hash_sha256_BYTES crypto_hash_sha256_tweet_BYTES
#define crypto_hash_sha256_VERSION crypto_hash_sha256_tweet_VERSION
#define crypto_hash_sha256_IMPLEMENTATION "crypto_hash/sha256/tweet"
#define crypto_onetimeauth_PRIMITIVE "poly1305"
#define crypto_onetimeauth crypto_onetimeauth_poly1305
#define crypto_onetimeauth_verify crypto_onetimeauth_poly1305_verify
#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES
#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES
#define crypto_onetimeauth_IMPLEMENTATION crypto_onetimeauth_poly1305_IMPLEMENTATION
#define crypto_onetimeauth_VERSION crypto_onetimeauth_poly1305_VERSION
#define crypto_onetimeauth_poly1305_tweet_BYTES 16
#define crypto_onetimeauth_poly1305_tweet_KEYBYTES 32
extern int crypto_onetimeauth_poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
extern int crypto_onetimeauth_poly1305_tweet_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
#define crypto_onetimeauth_poly1305_tweet_VERSION "-"
#define crypto_onetimeauth_poly1305 crypto_onetimeauth_poly1305_tweet
#define crypto_onetimeauth_poly1305_verify crypto_onetimeauth_poly1305_tweet_verify
#define crypto_onetimeauth_poly1305_BYTES crypto_onetimeauth_poly1305_tweet_BYTES
#define crypto_onetimeauth_poly1305_KEYBYTES crypto_onetimeauth_poly1305_tweet_KEYBYTES
#define crypto_onetimeauth_poly1305_VERSION crypto_onetimeauth_poly1305_tweet_VERSION
#define crypto_onetimeauth_poly1305_IMPLEMENTATION "crypto_onetimeauth/poly1305/tweet"
#define crypto_scalarmult_PRIMITIVE "curve25519"
#define crypto_scalarmult crypto_scalarmult_curve25519
#define crypto_scalarmult_base crypto_scalarmult_curve25519_base
#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES
#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES
#define crypto_scalarmult_IMPLEMENTATION crypto_scalarmult_curve25519_IMPLEMENTATION
#define crypto_scalarmult_VERSION crypto_scalarmult_curve25519_VERSION
#define crypto_scalarmult_curve25519_tweet_BYTES 32
#define crypto_scalarmult_curve25519_tweet_SCALARBYTES 32
extern int crypto_scalarmult_curve25519_tweet(unsigned char *,const unsigned char *,const unsigned char *);
extern int crypto_scalarmult_curve25519_tweet_base(unsigned char *,const unsigned char *);
#define crypto_scalarmult_curve25519_tweet_VERSION "-"
#define crypto_scalarmult_curve25519 crypto_scalarmult_curve25519_tweet
#define crypto_scalarmult_curve25519_base crypto_scalarmult_curve25519_tweet_base
#define crypto_scalarmult_curve25519_BYTES crypto_scalarmult_curve25519_tweet_BYTES
#define crypto_scalarmult_curve25519_SCALARBYTES crypto_scalarmult_curve25519_tweet_SCALARBYTES
#define crypto_scalarmult_curve25519_VERSION crypto_scalarmult_curve25519_tweet_VERSION
#define crypto_scalarmult_curve25519_IMPLEMENTATION "crypto_scalarmult/curve25519/tweet"
#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305"
#define crypto_secretbox crypto_secretbox_xsalsa20poly1305
#define crypto_secretbox_open crypto_secretbox_xsalsa20poly1305_open
#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES
#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES
#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
#define crypto_secretbox_IMPLEMENTATION crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION
#define crypto_secretbox_VERSION crypto_secretbox_xsalsa20poly1305_VERSION
#define crypto_secretbox_xsalsa20poly1305_tweet_KEYBYTES 32
#define crypto_secretbox_xsalsa20poly1305_tweet_NONCEBYTES 24
#define crypto_secretbox_xsalsa20poly1305_tweet_ZEROBYTES 32
#define crypto_secretbox_xsalsa20poly1305_tweet_BOXZEROBYTES 16
extern int crypto_secretbox_xsalsa20poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
extern int crypto_secretbox_xsalsa20poly1305_tweet_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
#define crypto_secretbox_xsalsa20poly1305_tweet_VERSION "-"
#define crypto_secretbox_xsalsa20poly1305 crypto_secretbox_xsalsa20poly1305_tweet
#define crypto_secretbox_xsalsa20poly1305_open crypto_secretbox_xsalsa20poly1305_tweet_open
#define crypto_secretbox_xsalsa20poly1305_KEYBYTES crypto_secretbox_xsalsa20poly1305_tweet_KEYBYTES
#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES crypto_secretbox_xsalsa20poly1305_tweet_NONCEBYTES
#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES crypto_secretbox_xsalsa20poly1305_tweet_ZEROBYTES
#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_tweet_BOXZEROBYTES
#define crypto_secretbox_xsalsa20poly1305_VERSION crypto_secretbox_xsalsa20poly1305_tweet_VERSION
#define crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION "crypto_secretbox/xsalsa20poly1305/tweet"
#define crypto_sign_PRIMITIVE "ed25519"
#define crypto_sign crypto_sign_ed25519
#define crypto_sign_open crypto_sign_ed25519_open
#define crypto_sign_keypair crypto_sign_ed25519_keypair
#define crypto_sign_BYTES crypto_sign_ed25519_BYTES
#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES
#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES
#define crypto_sign_IMPLEMENTATION crypto_sign_ed25519_IMPLEMENTATION
#define crypto_sign_VERSION crypto_sign_ed25519_VERSION
#define crypto_sign_ed25519_tweet_BYTES 64
#define crypto_sign_ed25519_tweet_PUBLICKEYBYTES 32
#define crypto_sign_ed25519_tweet_SECRETKEYBYTES 64
extern int crypto_sign_ed25519_tweet(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
extern int crypto_sign_ed25519_tweet_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
extern int crypto_sign_ed25519_tweet_keypair(unsigned char *,unsigned char *);
#define crypto_sign_ed25519_tweet_VERSION "-"
#define crypto_sign_ed25519 crypto_sign_ed25519_tweet
#define crypto_sign_ed25519_open crypto_sign_ed25519_tweet_open
#define crypto_sign_ed25519_keypair crypto_sign_ed25519_tweet_keypair
#define crypto_sign_ed25519_BYTES crypto_sign_ed25519_tweet_BYTES
#define crypto_sign_ed25519_PUBLICKEYBYTES crypto_sign_ed25519_tweet_PUBLICKEYBYTES
#define crypto_sign_ed25519_SECRETKEYBYTES crypto_sign_ed25519_tweet_SECRETKEYBYTES
#define crypto_sign_ed25519_VERSION crypto_sign_ed25519_tweet_VERSION
#define crypto_sign_ed25519_IMPLEMENTATION "crypto_sign/ed25519/tweet"
#define crypto_stream_PRIMITIVE "xsalsa20"
#define crypto_stream crypto_stream_xsalsa20
#define crypto_stream_xor crypto_stream_xsalsa20_xor
#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES
#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES
#define crypto_stream_IMPLEMENTATION crypto_stream_xsalsa20_IMPLEMENTATION
#define crypto_stream_VERSION crypto_stream_xsalsa20_VERSION
#define crypto_stream_xsalsa20_tweet_KEYBYTES 32
#define crypto_stream_xsalsa20_tweet_NONCEBYTES 24
extern int crypto_stream_xsalsa20_tweet(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
extern int crypto_stream_xsalsa20_tweet_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
#define crypto_stream_xsalsa20_tweet_VERSION "-"
#define crypto_stream_xsalsa20 crypto_stream_xsalsa20_tweet
#define crypto_stream_xsalsa20_xor crypto_stream_xsalsa20_tweet_xor
#define crypto_stream_xsalsa20_KEYBYTES crypto_stream_xsalsa20_tweet_KEYBYTES
#define crypto_stream_xsalsa20_NONCEBYTES crypto_stream_xsalsa20_tweet_NONCEBYTES
#define crypto_stream_xsalsa20_VERSION crypto_stream_xsalsa20_tweet_VERSION
#define crypto_stream_xsalsa20_IMPLEMENTATION "crypto_stream/xsalsa20/tweet"
#define crypto_stream_salsa20_tweet_KEYBYTES 32
#define crypto_stream_salsa20_tweet_NONCEBYTES 8
extern int crypto_stream_salsa20_tweet(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
extern int crypto_stream_salsa20_tweet_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
#define crypto_stream_salsa20_tweet_VERSION "-"
#define crypto_stream_salsa20 crypto_stream_salsa20_tweet
#define crypto_stream_salsa20_xor crypto_stream_salsa20_tweet_xor
#define crypto_stream_salsa20_KEYBYTES crypto_stream_salsa20_tweet_KEYBYTES
#define crypto_stream_salsa20_NONCEBYTES crypto_stream_salsa20_tweet_NONCEBYTES
#define crypto_stream_salsa20_VERSION crypto_stream_salsa20_tweet_VERSION
#define crypto_stream_salsa20_IMPLEMENTATION "crypto_stream/salsa20/tweet"
#define crypto_verify_PRIMITIVE "16"
#define crypto_verify crypto_verify_16
#define crypto_verify_BYTES crypto_verify_16_BYTES
#define crypto_verify_IMPLEMENTATION crypto_verify_16_IMPLEMENTATION
#define crypto_verify_VERSION crypto_verify_16_VERSION
#define crypto_verify_16_tweet_BYTES 16
extern int crypto_verify_16_tweet(const unsigned char *,const unsigned char *);
#define crypto_verify_16_tweet_VERSION "-"
#define crypto_verify_16 crypto_verify_16_tweet
#define crypto_verify_16_BYTES crypto_verify_16_tweet_BYTES
#define crypto_verify_16_VERSION crypto_verify_16_tweet_VERSION
#define crypto_verify_16_IMPLEMENTATION "crypto_verify/16/tweet"
#define crypto_verify_32_tweet_BYTES 32
extern int crypto_verify_32_tweet(const unsigned char *,const unsigned char *);
#define crypto_verify_32_tweet_VERSION "-"
#define crypto_verify_32 crypto_verify_32_tweet
#define crypto_verify_32_BYTES crypto_verify_32_tweet_BYTES
#define crypto_verify_32_VERSION crypto_verify_32_tweet_VERSION
#define crypto_verify_32_IMPLEMENTATION "crypto_verify/32/tweet"
#endif
#ifndef TWEETNACL_H
#define TWEETNACL_H
#define crypto_auth_PRIMITIVE "hmacsha512256"
#define crypto_auth crypto_auth_hmacsha512256
#define crypto_auth_verify crypto_auth_hmacsha512256_verify
#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES
#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES
#define crypto_auth_IMPLEMENTATION crypto_auth_hmacsha512256_IMPLEMENTATION
#define crypto_auth_VERSION crypto_auth_hmacsha512256_VERSION
#define crypto_auth_hmacsha512256_tweet_BYTES 32
#define crypto_auth_hmacsha512256_tweet_KEYBYTES 32
extern int crypto_auth_hmacsha512256_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
extern int crypto_auth_hmacsha512256_tweet_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
#define crypto_auth_hmacsha512256_tweet_VERSION "-"
#define crypto_auth_hmacsha512256 crypto_auth_hmacsha512256_tweet
#define crypto_auth_hmacsha512256_verify crypto_auth_hmacsha512256_tweet_verify
#define crypto_auth_hmacsha512256_BYTES crypto_auth_hmacsha512256_tweet_BYTES
#define crypto_auth_hmacsha512256_KEYBYTES crypto_auth_hmacsha512256_tweet_KEYBYTES
#define crypto_auth_hmacsha512256_VERSION crypto_auth_hmacsha512256_tweet_VERSION
#define crypto_auth_hmacsha512256_IMPLEMENTATION "crypto_auth/hmacsha512256/tweet"
#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305"
#define crypto_box crypto_box_curve25519xsalsa20poly1305
#define crypto_box_open crypto_box_curve25519xsalsa20poly1305_open
#define crypto_box_keypair crypto_box_curve25519xsalsa20poly1305_keypair
#define crypto_box_beforenm crypto_box_curve25519xsalsa20poly1305_beforenm
#define crypto_box_afternm crypto_box_curve25519xsalsa20poly1305_afternm
#define crypto_box_open_afternm crypto_box_curve25519xsalsa20poly1305_open_afternm
#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
#define crypto_box_IMPLEMENTATION crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION
#define crypto_box_VERSION crypto_box_curve25519xsalsa20poly1305_VERSION
#define crypto_box_curve25519xsalsa20poly1305_tweet_PUBLICKEYBYTES 32
#define crypto_box_curve25519xsalsa20poly1305_tweet_SECRETKEYBYTES 32
#define crypto_box_curve25519xsalsa20poly1305_tweet_BEFORENMBYTES 32
#define crypto_box_curve25519xsalsa20poly1305_tweet_NONCEBYTES 24
#define crypto_box_curve25519xsalsa20poly1305_tweet_ZEROBYTES 32
#define crypto_box_curve25519xsalsa20poly1305_tweet_BOXZEROBYTES 16
extern int crypto_box_curve25519xsalsa20poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
extern int crypto_box_curve25519xsalsa20poly1305_tweet_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
extern int crypto_box_curve25519xsalsa20poly1305_tweet_keypair(unsigned char *,unsigned char *);
extern int crypto_box_curve25519xsalsa20poly1305_tweet_beforenm(unsigned char *,const unsigned char *,const unsigned char *);
extern int crypto_box_curve25519xsalsa20poly1305_tweet_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
extern int crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
#define crypto_box_curve25519xsalsa20poly1305_tweet_VERSION "-"
#define crypto_box_curve25519xsalsa20poly1305 crypto_box_curve25519xsalsa20poly1305_tweet
#define crypto_box_curve25519xsalsa20poly1305_open crypto_box_curve25519xsalsa20poly1305_tweet_open
#define crypto_box_curve25519xsalsa20poly1305_keypair crypto_box_curve25519xsalsa20poly1305_tweet_keypair
#define crypto_box_curve25519xsalsa20poly1305_beforenm crypto_box_curve25519xsalsa20poly1305_tweet_beforenm
#define crypto_box_curve25519xsalsa20poly1305_afternm crypto_box_curve25519xsalsa20poly1305_tweet_afternm
#define crypto_box_curve25519xsalsa20poly1305_open_afternm crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm
#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_tweet_PUBLICKEYBYTES
#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_tweet_SECRETKEYBYTES
#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_tweet_BEFORENMBYTES
#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_tweet_NONCEBYTES
#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_tweet_ZEROBYTES
#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_tweet_BOXZEROBYTES
#define crypto_box_curve25519xsalsa20poly1305_VERSION crypto_box_curve25519xsalsa20poly1305_tweet_VERSION
#define crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION "crypto_box/curve25519xsalsa20poly1305/tweet"
#define crypto_core_PRIMITIVE "salsa20"
#define crypto_core crypto_core_salsa20
#define crypto_core_OUTPUTBYTES crypto_core_salsa20_OUTPUTBYTES
#define crypto_core_INPUTBYTES crypto_core_salsa20_INPUTBYTES
#define crypto_core_KEYBYTES crypto_core_salsa20_KEYBYTES
#define crypto_core_CONSTBYTES crypto_core_salsa20_CONSTBYTES
#define crypto_core_IMPLEMENTATION crypto_core_salsa20_IMPLEMENTATION
#define crypto_core_VERSION crypto_core_salsa20_VERSION
#define crypto_core_salsa20_tweet_OUTPUTBYTES 64
#define crypto_core_salsa20_tweet_INPUTBYTES 16
#define crypto_core_salsa20_tweet_KEYBYTES 32
#define crypto_core_salsa20_tweet_CONSTBYTES 16
extern int crypto_core_salsa20_tweet(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
#define crypto_core_salsa20_tweet_VERSION "-"
#define crypto_core_salsa20 crypto_core_salsa20_tweet
#define crypto_core_salsa20_OUTPUTBYTES crypto_core_salsa20_tweet_OUTPUTBYTES
#define crypto_core_salsa20_INPUTBYTES crypto_core_salsa20_tweet_INPUTBYTES
#define crypto_core_salsa20_KEYBYTES crypto_core_salsa20_tweet_KEYBYTES
#define crypto_core_salsa20_CONSTBYTES crypto_core_salsa20_tweet_CONSTBYTES
#define crypto_core_salsa20_VERSION crypto_core_salsa20_tweet_VERSION
#define crypto_core_salsa20_IMPLEMENTATION "crypto_core/salsa20/tweet"
#define crypto_core_hsalsa20_tweet_OUTPUTBYTES 32
#define crypto_core_hsalsa20_tweet_INPUTBYTES 16
#define crypto_core_hsalsa20_tweet_KEYBYTES 32
#define crypto_core_hsalsa20_tweet_CONSTBYTES 16
extern int crypto_core_hsalsa20_tweet(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
#define crypto_core_hsalsa20_tweet_VERSION "-"
#define crypto_core_hsalsa20 crypto_core_hsalsa20_tweet
#define crypto_core_hsalsa20_OUTPUTBYTES crypto_core_hsalsa20_tweet_OUTPUTBYTES
#define crypto_core_hsalsa20_INPUTBYTES crypto_core_hsalsa20_tweet_INPUTBYTES
#define crypto_core_hsalsa20_KEYBYTES crypto_core_hsalsa20_tweet_KEYBYTES
#define crypto_core_hsalsa20_CONSTBYTES crypto_core_hsalsa20_tweet_CONSTBYTES
#define crypto_core_hsalsa20_VERSION crypto_core_hsalsa20_tweet_VERSION
#define crypto_core_hsalsa20_IMPLEMENTATION "crypto_core/hsalsa20/tweet"
#define crypto_hashblocks_PRIMITIVE "sha512"
#define crypto_hashblocks crypto_hashblocks_sha512
#define crypto_hashblocks_STATEBYTES crypto_hashblocks_sha512_STATEBYTES
#define crypto_hashblocks_BLOCKBYTES crypto_hashblocks_sha512_BLOCKBYTES
#define crypto_hashblocks_IMPLEMENTATION crypto_hashblocks_sha512_IMPLEMENTATION
#define crypto_hashblocks_VERSION crypto_hashblocks_sha512_VERSION
#define crypto_hashblocks_sha512_tweet_STATEBYTES 64
#define crypto_hashblocks_sha512_tweet_BLOCKBYTES 128
extern int crypto_hashblocks_sha512_tweet(unsigned char *,const unsigned char *,unsigned long long);
#define crypto_hashblocks_sha512_tweet_VERSION "-"
#define crypto_hashblocks_sha512 crypto_hashblocks_sha512_tweet
#define crypto_hashblocks_sha512_STATEBYTES crypto_hashblocks_sha512_tweet_STATEBYTES
#define crypto_hashblocks_sha512_BLOCKBYTES crypto_hashblocks_sha512_tweet_BLOCKBYTES
#define crypto_hashblocks_sha512_VERSION crypto_hashblocks_sha512_tweet_VERSION
#define crypto_hashblocks_sha512_IMPLEMENTATION "crypto_hashblocks/sha512/tweet"
#define crypto_hashblocks_sha256_tweet_STATEBYTES 32
#define crypto_hashblocks_sha256_tweet_BLOCKBYTES 64
extern int crypto_hashblocks_sha256_tweet(unsigned char *,const unsigned char *,unsigned long long);
#define crypto_hashblocks_sha256_tweet_VERSION "-"
#define crypto_hashblocks_sha256 crypto_hashblocks_sha256_tweet
#define crypto_hashblocks_sha256_STATEBYTES crypto_hashblocks_sha256_tweet_STATEBYTES
#define crypto_hashblocks_sha256_BLOCKBYTES crypto_hashblocks_sha256_tweet_BLOCKBYTES
#define crypto_hashblocks_sha256_VERSION crypto_hashblocks_sha256_tweet_VERSION
#define crypto_hashblocks_sha256_IMPLEMENTATION "crypto_hashblocks/sha256/tweet"
#define crypto_hash_PRIMITIVE "sha512"
#define crypto_hash crypto_hash_sha512
#define crypto_hash_BYTES crypto_hash_sha512_BYTES
#define crypto_hash_IMPLEMENTATION crypto_hash_sha512_IMPLEMENTATION
#define crypto_hash_VERSION crypto_hash_sha512_VERSION
#define crypto_hash_sha512_tweet_BYTES 64
extern int crypto_hash_sha512_tweet(unsigned char *,const unsigned char *,unsigned long long);
#define crypto_hash_sha512_tweet_VERSION "-"
#define crypto_hash_sha512 crypto_hash_sha512_tweet
#define crypto_hash_sha512_BYTES crypto_hash_sha512_tweet_BYTES
#define crypto_hash_sha512_VERSION crypto_hash_sha512_tweet_VERSION
#define crypto_hash_sha512_IMPLEMENTATION "crypto_hash/sha512/tweet"
#define crypto_hash_sha256_tweet_BYTES 32
extern int crypto_hash_sha256_tweet(unsigned char *,const unsigned char *,unsigned long long);
#define crypto_hash_sha256_tweet_VERSION "-"
#define crypto_hash_sha256 crypto_hash_sha256_tweet
#define crypto_hash_sha256_BYTES crypto_hash_sha256_tweet_BYTES
#define crypto_hash_sha256_VERSION crypto_hash_sha256_tweet_VERSION
#define crypto_hash_sha256_IMPLEMENTATION "crypto_hash/sha256/tweet"
#define crypto_onetimeauth_PRIMITIVE "poly1305"
#define crypto_onetimeauth crypto_onetimeauth_poly1305
#define crypto_onetimeauth_verify crypto_onetimeauth_poly1305_verify
#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES
#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES
#define crypto_onetimeauth_IMPLEMENTATION crypto_onetimeauth_poly1305_IMPLEMENTATION
#define crypto_onetimeauth_VERSION crypto_onetimeauth_poly1305_VERSION
#define crypto_onetimeauth_poly1305_tweet_BYTES 16
#define crypto_onetimeauth_poly1305_tweet_KEYBYTES 32
extern int crypto_onetimeauth_poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
extern int crypto_onetimeauth_poly1305_tweet_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
#define crypto_onetimeauth_poly1305_tweet_VERSION "-"
#define crypto_onetimeauth_poly1305 crypto_onetimeauth_poly1305_tweet
#define crypto_onetimeauth_poly1305_verify crypto_onetimeauth_poly1305_tweet_verify
#define crypto_onetimeauth_poly1305_BYTES crypto_onetimeauth_poly1305_tweet_BYTES
#define crypto_onetimeauth_poly1305_KEYBYTES crypto_onetimeauth_poly1305_tweet_KEYBYTES
#define crypto_onetimeauth_poly1305_VERSION crypto_onetimeauth_poly1305_tweet_VERSION
#define crypto_onetimeauth_poly1305_IMPLEMENTATION "crypto_onetimeauth/poly1305/tweet"
#define crypto_scalarmult_PRIMITIVE "curve25519"
#define crypto_scalarmult crypto_scalarmult_curve25519
#define crypto_scalarmult_base crypto_scalarmult_curve25519_base
#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES
#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES
#define crypto_scalarmult_IMPLEMENTATION crypto_scalarmult_curve25519_IMPLEMENTATION
#define crypto_scalarmult_VERSION crypto_scalarmult_curve25519_VERSION
#define crypto_scalarmult_curve25519_tweet_BYTES 32
#define crypto_scalarmult_curve25519_tweet_SCALARBYTES 32
extern int crypto_scalarmult_curve25519_tweet(unsigned char *,const unsigned char *,const unsigned char *);
extern int crypto_scalarmult_curve25519_tweet_base(unsigned char *,const unsigned char *);
#define crypto_scalarmult_curve25519_tweet_VERSION "-"
#define crypto_scalarmult_curve25519 crypto_scalarmult_curve25519_tweet
#define crypto_scalarmult_curve25519_base crypto_scalarmult_curve25519_tweet_base
#define crypto_scalarmult_curve25519_BYTES crypto_scalarmult_curve25519_tweet_BYTES
#define crypto_scalarmult_curve25519_SCALARBYTES crypto_scalarmult_curve25519_tweet_SCALARBYTES
#define crypto_scalarmult_curve25519_VERSION crypto_scalarmult_curve25519_tweet_VERSION
#define crypto_scalarmult_curve25519_IMPLEMENTATION "crypto_scalarmult/curve25519/tweet"
#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305"
#define crypto_secretbox crypto_secretbox_xsalsa20poly1305
#define crypto_secretbox_open crypto_secretbox_xsalsa20poly1305_open
#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES
#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES
#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
#define crypto_secretbox_IMPLEMENTATION crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION
#define crypto_secretbox_VERSION crypto_secretbox_xsalsa20poly1305_VERSION
#define crypto_secretbox_xsalsa20poly1305_tweet_KEYBYTES 32
#define crypto_secretbox_xsalsa20poly1305_tweet_NONCEBYTES 24
#define crypto_secretbox_xsalsa20poly1305_tweet_ZEROBYTES 32
#define crypto_secretbox_xsalsa20poly1305_tweet_BOXZEROBYTES 16
extern int crypto_secretbox_xsalsa20poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
extern int crypto_secretbox_xsalsa20poly1305_tweet_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
#define crypto_secretbox_xsalsa20poly1305_tweet_VERSION "-"
#define crypto_secretbox_xsalsa20poly1305 crypto_secretbox_xsalsa20poly1305_tweet
#define crypto_secretbox_xsalsa20poly1305_open crypto_secretbox_xsalsa20poly1305_tweet_open
#define crypto_secretbox_xsalsa20poly1305_KEYBYTES crypto_secretbox_xsalsa20poly1305_tweet_KEYBYTES
#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES crypto_secretbox_xsalsa20poly1305_tweet_NONCEBYTES
#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES crypto_secretbox_xsalsa20poly1305_tweet_ZEROBYTES
#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_tweet_BOXZEROBYTES
#define crypto_secretbox_xsalsa20poly1305_VERSION crypto_secretbox_xsalsa20poly1305_tweet_VERSION
#define crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION "crypto_secretbox/xsalsa20poly1305/tweet"
#define crypto_sign_PRIMITIVE "ed25519"
#define crypto_sign crypto_sign_ed25519
#define crypto_sign_open crypto_sign_ed25519_open
#define crypto_sign_keypair crypto_sign_ed25519_keypair
#define crypto_sign_BYTES crypto_sign_ed25519_BYTES
#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES
#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES
#define crypto_sign_IMPLEMENTATION crypto_sign_ed25519_IMPLEMENTATION
#define crypto_sign_VERSION crypto_sign_ed25519_VERSION
#define crypto_sign_ed25519_tweet_BYTES 64
#define crypto_sign_ed25519_tweet_PUBLICKEYBYTES 32
#define crypto_sign_ed25519_tweet_SECRETKEYBYTES 64
extern int crypto_sign_ed25519_tweet(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
extern int crypto_sign_ed25519_tweet_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
extern int crypto_sign_ed25519_tweet_keypair(unsigned char *,unsigned char *);
#define crypto_sign_ed25519_tweet_VERSION "-"
#define crypto_sign_ed25519 crypto_sign_ed25519_tweet
#define crypto_sign_ed25519_open crypto_sign_ed25519_tweet_open
#define crypto_sign_ed25519_keypair crypto_sign_ed25519_tweet_keypair
#define crypto_sign_ed25519_BYTES crypto_sign_ed25519_tweet_BYTES
#define crypto_sign_ed25519_PUBLICKEYBYTES crypto_sign_ed25519_tweet_PUBLICKEYBYTES
#define crypto_sign_ed25519_SECRETKEYBYTES crypto_sign_ed25519_tweet_SECRETKEYBYTES
#define crypto_sign_ed25519_VERSION crypto_sign_ed25519_tweet_VERSION
#define crypto_sign_ed25519_IMPLEMENTATION "crypto_sign/ed25519/tweet"
#define crypto_stream_PRIMITIVE "xsalsa20"
#define crypto_stream crypto_stream_xsalsa20
#define crypto_stream_xor crypto_stream_xsalsa20_xor
#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES
#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES
#define crypto_stream_IMPLEMENTATION crypto_stream_xsalsa20_IMPLEMENTATION
#define crypto_stream_VERSION crypto_stream_xsalsa20_VERSION
#define crypto_stream_xsalsa20_tweet_KEYBYTES 32
#define crypto_stream_xsalsa20_tweet_NONCEBYTES 24
extern int crypto_stream_xsalsa20_tweet(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
extern int crypto_stream_xsalsa20_tweet_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
#define crypto_stream_xsalsa20_tweet_VERSION "-"
#define crypto_stream_xsalsa20 crypto_stream_xsalsa20_tweet
#define crypto_stream_xsalsa20_xor crypto_stream_xsalsa20_tweet_xor
#define crypto_stream_xsalsa20_KEYBYTES crypto_stream_xsalsa20_tweet_KEYBYTES
#define crypto_stream_xsalsa20_NONCEBYTES crypto_stream_xsalsa20_tweet_NONCEBYTES
#define crypto_stream_xsalsa20_VERSION crypto_stream_xsalsa20_tweet_VERSION
#define crypto_stream_xsalsa20_IMPLEMENTATION "crypto_stream/xsalsa20/tweet"
#define crypto_stream_salsa20_tweet_KEYBYTES 32
#define crypto_stream_salsa20_tweet_NONCEBYTES 8
extern int crypto_stream_salsa20_tweet(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
extern int crypto_stream_salsa20_tweet_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
#define crypto_stream_salsa20_tweet_VERSION "-"
#define crypto_stream_salsa20 crypto_stream_salsa20_tweet
#define crypto_stream_salsa20_xor crypto_stream_salsa20_tweet_xor
#define crypto_stream_salsa20_KEYBYTES crypto_stream_salsa20_tweet_KEYBYTES
#define crypto_stream_salsa20_NONCEBYTES crypto_stream_salsa20_tweet_NONCEBYTES
#define crypto_stream_salsa20_VERSION crypto_stream_salsa20_tweet_VERSION
#define crypto_stream_salsa20_IMPLEMENTATION "crypto_stream/salsa20/tweet"
#define crypto_verify_PRIMITIVE "16"
#define crypto_verify crypto_verify_16
#define crypto_verify_BYTES crypto_verify_16_BYTES
#define crypto_verify_IMPLEMENTATION crypto_verify_16_IMPLEMENTATION
#define crypto_verify_VERSION crypto_verify_16_VERSION
#define crypto_verify_16_tweet_BYTES 16
extern int crypto_verify_16_tweet(const unsigned char *,const unsigned char *);
#define crypto_verify_16_tweet_VERSION "-"
#define crypto_verify_16 crypto_verify_16_tweet
#define crypto_verify_16_BYTES crypto_verify_16_tweet_BYTES
#define crypto_verify_16_VERSION crypto_verify_16_tweet_VERSION
#define crypto_verify_16_IMPLEMENTATION "crypto_verify/16/tweet"
#define crypto_verify_32_tweet_BYTES 32
extern int crypto_verify_32_tweet(const unsigned char *,const unsigned char *);
#define crypto_verify_32_tweet_VERSION "-"
#define crypto_verify_32 crypto_verify_32_tweet
#define crypto_verify_32_BYTES crypto_verify_32_tweet_BYTES
#define crypto_verify_32_VERSION crypto_verify_32_tweet_VERSION
#define crypto_verify_32_IMPLEMENTATION "crypto_verify/32/tweet"
#endif

7464
Common/3dParty/cryptopp/validat0.cpp
View File

File diff suppressed because it is too large Load Diff

1052
Common/3dParty/cryptopp/validat4.cpp
View File

File diff suppressed because it is too large Load Diff