Added gradient testing

Fix bug 63562

.gitignore

@@ -40,7 +40,7 @@ Thumbs.db
 *.opendb
 
 .vs
-
+.vscode
 DesktopEditor/fontengine/js/common/freetype-2.10.4
 *_resource.rc
 

Common/3dParty/cryptopp/.github/issue_template.md

@@ -4,11 +4,15 @@ Thanks for taking the time to report an issue. Reporting issues helps us improve
 
 Please do not ask questions in the bug tracker. Please ask questions on the Crypto++ Users List at http://groups.google.com/forum/#!forum/cryptopp-users.
 
+Please do not ask questions about unsupported build systems, like Autotools, CMake, Conan and NuGet. They are other people's projects. We don't know anything about them.
+
+Please do not ask questions at Stack Overflow. We do not patrol Stack Overflow. We will not be able to answer your question.
+
 There is a wiki page with information on filing useful bug reports. If you have some time please visit http://www.cryptopp.com/wiki/Bug_Report on the wiki. The executive summary is:
 
 * State the operating system and version (Ubutnu 17 x86_64, Windows 7 Professional x64, etc)
-* State the version of the Crypto++ library (Crypto++ 5.6.5, Master, etc)
-* State how you built the library (Makefile, Cmake, distro, etc)
+* State the version of the Crypto++ library (Crypto++ 7.0, Master, etc)
+* State how you built the library (Visual Studio, Makefile, distro provided, etc)
 * Show a typical command line (the output of the compiler for cryptlib.cpp)
 * Show the link command (the output of the linker for libcryptopp.so or cryptest.exe)
 * Show the exact error message you are receiving (copy and paste it); or

Common/3dParty/cryptopp/3way.cpp

@@ -1,4 +1,4 @@
-// 3way.cpp - modifed by Wei Dai from Joan Daemen's 3way.c
+// 3way.cpp - modified by Wei Dai from Joan Daemen's 3way.c
 // The original code and all modifications are in the public domain.
 
 #include "pch.h"

Common/3dParty/cryptopp/Doxyfile

@@ -1,4 +1,4 @@
-# Doxyfile 1.8.9
+# Doxyfile 1.8.13
 
 # This file describes the settings to be used by the documentation system
 # doxygen (www.doxygen.org) for a project.
@@ -12,9 +12,6 @@
 # For lists, items can also be appended using:
 # TAG += value [value, ...]
 # Values that contain spaces should be placed between quotes (\" \").
-#
-# The file can be upgraded to the latest version of Doxygen with `doxygen -u <file`
-#
 
 #---------------------------------------------------------------------------
 # Project related configuration options
@@ -41,14 +38,13 @@ PROJECT_NAME           = Crypto++
 # could be handy for archiving the generated documentation or if some version
 # control system is used.
 
-PROJECT_NUMBER         = 7.0
+PROJECT_NUMBER         = 8.7
 
 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a
 # quick idea about the purpose of the project. Keep the description short.
 
-# Without the HTML escape characters, Doxygen concatenates the string below...
-PROJECT_BRIEF          = Free&nbsp;C&#43;&#43;&nbsp;class&nbsp;library&nbsp;of&nbsp;cryptographic&nbsp;schemes
+PROJECT_BRIEF          = "Free&nbsp;C&#43;&#43;&nbsp;class&nbsp;library&nbsp;of&nbsp;cryptographic&nbsp;schemes"
 
 # With the PROJECT_LOGO tag one can specify a logo or an icon that is included
 # in the documentation. The maximum height of the logo should not exceed 55
@@ -235,12 +231,6 @@ TAB_SIZE               = 4
 
 ALIASES                =
 
-# This tag can be used to specify a number of word-keyword mappings (TCL only).
-# A mapping has the form "name=value". For example adding "class=itcl::class"
-# will allow you to use the command class in the itcl::class meaning.
-
-TCL_SUBST              =
-
 # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources
 # only. Doxygen will then generate output that is more tailored for C. For
 # instance, some of the names that are used will be different. The list of all
@@ -298,6 +288,15 @@ EXTENSION_MAPPING      =
 
 MARKDOWN_SUPPORT       = NO
 
+# When the TOC_INCLUDE_HEADINGS tag is set to a non-zero value, all headings up
+# to that level are automatically included in the table of contents, even if
+# they do not have an id attribute.
+# Note: This feature currently applies only to Markdown headings.
+# Minimum value: 0, maximum value: 99, default value: 0.
+# This tag requires that the tag MARKDOWN_SUPPORT is set to YES.
+
+TOC_INCLUDE_HEADINGS   = 0
+
 # When enabled doxygen tries to link words that correspond to documented
 # classes, or namespaces to their corresponding documentation. Such a link can
 # be prevented in individual cases by putting a % sign in front of the word or
@@ -348,6 +347,13 @@ IDL_PROPERTY_SUPPORT   = NO
 
 DISTRIBUTE_GROUP_DOC   = NO
 
+# If one adds a struct or class to a group and this option is enabled, then also
+# any nested class or struct is added to the same group. By default this option
+# is disabled and one has to add nested compounds explicitly via \ingroup.
+# The default value is: NO.
+
+GROUP_NESTED_COMPOUNDS = NO
+
 # Set the SUBGROUPING tag to YES to allow class member groups of the same type
 # (for instance a group of public functions) to be put as a subgroup of that
 # type (e.g. under the Public Functions section). Set it to NO to prevent
@@ -737,6 +743,12 @@ WARN_IF_DOC_ERROR      = YES
 
 WARN_NO_PARAMDOC       = NO
 
+# If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when
+# a warning is encountered.
+# The default value is: NO.
+
+WARN_AS_ERROR          = NO
+
 # The WARN_FORMAT tag determines the format of the warning messages that doxygen
 # can produce. The string should contain the $file, $line, and $text tags, which
 # will be replaced by the file and line number from which the warning originated
@@ -760,14 +772,13 @@ WARN_LOGFILE           =
 # The INPUT tag is used to specify the files and/or directories that contain
 # documented source files. You may enter file names like myfile.cpp or
 # directories like /usr/src/myproject. Separate the files or directories with
-# spaces.
+# spaces. See also FILE_PATTERNS and EXTENSION_MAPPING
 # Note: If this tag is empty the current directory is searched.
 
 INPUT                  = . \
                          GNUmakefile \
                          GNUmakefile-cross \
-                         rdrand.asm \
-                         rdrand.s
+                         rdrand.asm
 
 # This tag can be used to specify the character encoding of the source files
 # that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses
@@ -780,12 +791,17 @@ INPUT_ENCODING         = UTF-8
 
 # If the value of the INPUT tag contains directories, you can use the
 # FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and
-# *.h) to filter out the source-files in the directories. If left blank the
-# following patterns are tested:*.c, *.cc, *.cxx, *.cpp, *.c++, *.java, *.ii,
-# *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, *.hh, *.hxx, *.hpp,
-# *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, *.m, *.markdown,
-# *.md, *.mm, *.dox, *.py, *.f90, *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf,
-# *.qsf, *.as and *.js.
+# *.h) to filter out the source-files in the directories.
+#
+# Note that for custom extensions or not directly supported extensions you also
+# need to set EXTENSION_MAPPING for the extension otherwise the files are not
+# read by doxygen.
+#
+# If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp,
+# *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h,
+# *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc,
+# *.m, *.markdown, *.md, *.mm, *.dox, *.py, *.pyw, *.f90, *.f95, *.f03, *.f08,
+# *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf and *.qsf.
 
 FILE_PATTERNS          = *.h \
                          *.cpp
@@ -803,7 +819,7 @@ RECURSIVE              = NO
 # Note that relative paths are relative to the directory from which doxygen is
 # run.
 
-EXCLUDE                = adhoc.cpp cryptlib_bds.cpp
+EXCLUDE                = adhoc.cpp
 
 # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
 # directories that are symbolic links (a Unix file system feature) are excluded
@@ -819,7 +835,8 @@ EXCLUDE_SYMLINKS       = NO
 # Note that the wildcards are matched against the file with absolute path, so to
 # exclude all test directories for example use the pattern */test/*
 
-EXCLUDE_PATTERNS       =  *test* *validat*
+EXCLUDE_PATTERNS       = *test* \
+                         *validat*
 
 # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
 # (namespaces, classes, functions, etc.) that should be excluded from the
@@ -872,6 +889,10 @@ IMAGE_PATH             =
 # Note that the filter must not add or remove lines; it is applied before the
 # code is scanned, but not when the output code is generated. If lines are added
 # or removed, the anchors will not be placed correctly.
+#
+# Note that for custom extensions or not directly supported extensions you also
+# need to set EXTENSION_MAPPING for the extension otherwise the files are not
+# properly processed by doxygen.
 
 INPUT_FILTER           =
 
@@ -881,6 +902,10 @@ INPUT_FILTER           =
 # (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how
 # filters are used. If the FILTER_PATTERNS tag is empty or if none of the
 # patterns match the file name, INPUT_FILTER is applied.
+#
+# Note that for custom extensions or not directly supported extensions you also
+# need to set EXTENSION_MAPPING for the extension otherwise the files are not
+# properly processed by doxygen.
 
 FILTER_PATTERNS        =
 
@@ -992,6 +1017,25 @@ USE_HTAGS              = NO
 
 VERBATIM_HEADERS       = YES
 
+# If the CLANG_ASSISTED_PARSING tag is set to YES then doxygen will use the
+# clang parser (see: http://clang.llvm.org/) for more accurate parsing at the
+# cost of reduced performance. This can be particularly helpful with template
+# rich C++ code for which doxygen's built-in parser lacks the necessary type
+# information.
+# Note: The availability of this option depends on whether or not doxygen was
+# generated with the -Duse-libclang=ON option for CMake.
+# The default value is: NO.
+
+CLANG_ASSISTED_PARSING = NO
+
+# If clang assisted parsing is enabled you can provide the compiler with command
+# line options that you would normally use when invoking the compiler. Note that
+# the include paths will already be set by doxygen for the files and directories
+# specified with INPUT and INCLUDE_PATH.
+# This tag requires that the tag CLANG_ASSISTED_PARSING is set to YES.
+
+CLANG_OPTIONS          =
+
 #---------------------------------------------------------------------------
 # Configuration options related to the alphabetical class index
 #---------------------------------------------------------------------------
@@ -1139,8 +1183,9 @@ HTML_COLORSTYLE_GAMMA  = 80
 
 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML
 # page will contain the date and time when the page was generated. Setting this
-# to NO can help when comparing the output of multiple runs.
-# The default value is: YES.
+# to YES can help to show when doxygen was last run and thus if the
+# documentation is up to date.
+# The default value is: NO.
 # This tag requires that the tag GENERATE_HTML is set to YES.
 
 HTML_TIMESTAMP         = YES
@@ -1226,7 +1271,7 @@ DOCSET_PUBLISHER_NAME  = Crypto++
 # The default value is: NO.
 # This tag requires that the tag GENERATE_HTML is set to YES.
 
-GENERATE_HTMLHELP      = YES
+GENERATE_HTMLHELP      = NO
 
 # The CHM_FILE tag can be used to specify the file name of the resulting .chm
 # file. You can add a path in front of the file if the result should not be
@@ -1614,9 +1659,12 @@ COMPACT_LATEX          = NO
 PAPER_TYPE             = a4
 
 # The EXTRA_PACKAGES tag can be used to specify one or more LaTeX package names
-# that should be included in the LaTeX output. To get the times font for
-# instance you can specify
-# EXTRA_PACKAGES=times
+# that should be included in the LaTeX output. The package can be specified just
+# by its name or with the correct syntax as to be used with the LaTeX
+# \usepackage command. To get the times font for instance you can specify :
+# EXTRA_PACKAGES=times or EXTRA_PACKAGES={times}
+# To use the option intlimits with the amsmath package you can specify:
+# EXTRA_PACKAGES=[intlimits]{amsmath}
 # If left blank no extra packages will be included.
 # This tag requires that the tag GENERATE_LATEX is set to YES.
 
@@ -1719,6 +1767,14 @@ LATEX_SOURCE_CODE      = NO
 
 LATEX_BIB_STYLE        = plain
 
+# If the LATEX_TIMESTAMP tag is set to YES then the footer of each generated
+# page will contain the date and time when the page was generated. Setting this
+# to NO can help when comparing the output of multiple runs.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+LATEX_TIMESTAMP        = NO
+
 #---------------------------------------------------------------------------
 # Configuration options related to the RTF output
 #---------------------------------------------------------------------------
@@ -2060,12 +2116,6 @@ EXTERNAL_GROUPS        = YES
 
 EXTERNAL_PAGES         = YES
 
-# The PERL_PATH should be the absolute path and name of the perl script
-# interpreter (i.e. the result of 'which perl').
-# The default file (with absolute path) is: /usr/bin/perl.
-
-PERL_PATH              = /usr/bin/perl
-
 #---------------------------------------------------------------------------
 # Configuration options related to the dot tool
 #---------------------------------------------------------------------------
@@ -2079,15 +2129,6 @@ PERL_PATH              = /usr/bin/perl
 
 CLASS_DIAGRAMS         = YES
 
-# You can define message sequence charts within doxygen comments using the \msc
-# command. Doxygen will then run the mscgen tool (see:
-# http://www.mcternan.me.uk/mscgen/)) to produce the chart and insert it in the
-# documentation. The MSCGEN_PATH tag allows you to specify the directory where
-# the mscgen tool resides. If left empty the tool is assumed to be found in the
-# default search path.
-
-MSCGEN_PATH            =
-
 # You can include diagrams made with dia in doxygen documentation. Doxygen will
 # then run dia to produce the diagram and insert it in the documentation. The
 # DIA_PATH tag allows you to specify the directory where the dia binary resides.
@@ -2106,7 +2147,7 @@ HIDE_UNDOC_RELATIONS   = YES
 # http://www.graphviz.org/), a graph visualization toolkit from AT&T and Lucent
 # Bell Labs. The other options in this section have no effect if this option is
 # set to NO
-# The default value is: NO.
+# The default value is: YES.
 
 HAVE_DOT               = NO
 
@@ -2128,7 +2169,7 @@ DOT_NUM_THREADS        = 0
 # The default value is: Helvetica.
 # This tag requires that the tag HAVE_DOT is set to YES.
 
-# DOT_FONTNAME           = FreeSans.ttf
+DOT_FONTNAME           = Helvetica
 
 # The DOT_FONTSIZE tag can be used to set the size (in points) of the font of
 # dot graphs.
@@ -2220,7 +2261,8 @@ INCLUDED_BY_GRAPH      = YES
 #
 # Note that enabling this option will significantly increase the time of a run.
 # So in most cases it will be better to enable call graphs for selected
-# functions only using the \callgraph command.
+# functions only using the \callgraph command. Disabling a call graph can be
+# accomplished by means of the command \hidecallgraph.
 # The default value is: NO.
 # This tag requires that the tag HAVE_DOT is set to YES.
 
@@ -2231,7 +2273,8 @@ CALL_GRAPH             = NO
 #
 # Note that enabling this option will significantly increase the time of a run.
 # So in most cases it will be better to enable caller graphs for selected
-# functions only using the \callergraph command.
+# functions only using the \callergraph command. Disabling a caller graph can be
+# accomplished by means of the command \hidecallergraph.
 # The default value is: NO.
 # This tag requires that the tag HAVE_DOT is set to YES.
 
@@ -2254,11 +2297,17 @@ GRAPHICAL_HIERARCHY    = YES
 DIRECTORY_GRAPH        = YES
 
 # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
-# generated by dot.
+# generated by dot. For an explanation of the image formats see the section
+# output formats in the documentation of the dot tool (Graphviz (see:
+# http://www.graphviz.org/)).
 # Note: If you choose svg you need to set HTML_FILE_EXTENSION to xhtml in order
 # to make the SVG files visible in IE 9+ (other browsers do not have this
 # requirement).
-# Possible values are: png, jpg, gif and svg.
+# Possible values are: png, png:cairo, png:cairo:cairo, png:cairo:gd, png:gd,
+# png:gd:gd, jpg, jpg:cairo, jpg:cairo:gd, jpg:gd, jpg:gd:gd, gif, gif:cairo,
+# gif:cairo:gd, gif:gd, gif:gd:gd, svg, png:gd, png:gd:gd, png:cairo,
+# png:cairo:gd, png:cairo:cairo, png:cairo:gdiplus, png:gdiplus and
+# png:gdiplus:gdiplus.
 # The default value is: png.
 # This tag requires that the tag HAVE_DOT is set to YES.
 
@@ -2309,6 +2358,11 @@ DIAFILE_DIRS           =
 
 PLANTUML_JAR_PATH      =
 
+# When using plantuml, the PLANTUML_CFG_FILE tag can be used to specify a
+# configuration file for plantuml.
+
+PLANTUML_CFG_FILE      =
+
 # When using plantuml, the specified paths are searched for files specified by
 # the !include statement in a plantuml block.
 

Common/3dParty/cryptopp/Filelist.txt

@@ -1,21 +1,26 @@
 3way.cpp
 3way.h
 adhoc.cpp.proto
-adv-simd.h
+adv_simd.h
 adler32.cpp
 adler32.h
 aes.h
+aes_armv4.h
+aes_armv4.S
 algebra.cpp
 algebra.h
 algparam.cpp
 algparam.h
+allocate.cpp
+allocate.h
 arc4.cpp
 arc4.h
 ariatab.cpp
 aria.cpp
-aria-simd.cpp
+aria_simd.cpp
 aria.h
 argnames.h
+arm_simd.h
 asn.cpp
 asn.h
 authenc.cpp
@@ -30,9 +35,11 @@ bench.h
 bds10.zip
 bench1.cpp
 bench2.cpp
+bench3.cpp
 bfinit.cpp
 blake2.cpp
-blake2-simd.cpp
+blake2s_simd.cpp
+blake2b_simd.cpp
 blake2.h
 blowfish.cpp
 blowfish.h
@@ -48,20 +55,36 @@ cbcmac.h
 ccm.cpp
 ccm.h
 chacha.cpp
+chacha_avx.cpp
+chacha_simd.cpp
 chacha.h
+chachapoly.cpp
+chachapoly.h
+cham.cpp
+cham_simd.cpp
+cham.h
 channels.cpp
 channels.h
 cmac.cpp
 cmac.h
 config.h
+config_align.h
+config_asm.h
+config_cpu.h
+config_cxx.h
+config_dll.h
+config_int.h
+config_misc.h
+config_ns.h
+config_os.h
+config_ver.h
 cpu.cpp
 cpu.h
 crc.cpp
-crc-simd.cpp
+crc_simd.cpp
 crc.h
 cryptdll.vcxproj
 cryptdll.vcxproj.filters
-cryptest.sh
 cryptest.sln
 cryptest.vcxproj
 cryptest.vcxproj.user
@@ -73,6 +96,8 @@ cryptlib.h
 cryptlib.vcxproj
 cryptlib.vcxproj.filters
 cryptopp.rc
+darn.cpp
+darn.h
 datatest.cpp
 default.cpp
 default.h
@@ -90,6 +115,13 @@ dlltest.vcxproj
 dlltest.vcxproj.filters
 dmac.h
 drbg.h
+donna.h
+donna_32.h
+donna_64.h
+donna_sse.h
+donna_32.cpp
+donna_64.cpp
+donna_sse.cpp
 dsa.cpp
 dsa.h
 eax.cpp
@@ -121,13 +153,14 @@ fips140.h
 fipsalgt.cpp
 fipstest.cpp
 fltrimpl.h
-gcm-simd.cpp
+gcm_simd.cpp
 gcm.cpp
 gcm.h
 gf256.cpp
 gf256.h
 gf2_32.cpp
 gf2_32.h
+gf2n_simd.cpp
 gf2n.cpp
 gf2n.h
 gfpcrypt.cpp
@@ -137,8 +170,14 @@ gost.h
 gzip.cpp
 gzip.h
 hashfwd.h
+hc128.cpp
+hc128.h
+hc256.cpp
+hc256.h
 hex.cpp
 hex.h
+hight.h
+hight.cpp
 hkdf.h
 hmac.cpp
 hmac.h
@@ -158,8 +197,20 @@ kalynatab.cpp
 kalyna.cpp
 kalyna.h
 keccak.cpp
+keccak_core.cpp
+keccak_simd.cpp
 keccak.h
 lubyrack.h
+lea.cpp
+lea_simd.cpp
+lea.h
+lsh256.cpp
+lsh256_sse.cpp
+lsh256_avx.cpp
+lsh512.cpp
+lsh512_sse.cpp
+lsh512_avx.cpp
+lsh.h
 luc.cpp
 luc.h
 mars.cpp
@@ -186,9 +237,7 @@ mqv.h
 naclite.h
 nbtheory.cpp
 nbtheory.h
-neon-simd.cpp
-network.cpp
-network.h
+neon_simd.cpp
 nr.h
 oaep.cpp
 oaep.h
@@ -208,8 +257,11 @@ poly1305.cpp
 poly1305.h
 polynomi.cpp
 polynomi.h
-ppc-simd.h
-ppc-simd.cpp
+power7_ppc.cpp
+power8_ppc.cpp
+power9_ppc.cpp
+ppc_simd.cpp
+ppc_simd.h
 pssr.cpp
 pssr.h
 pubkey.cpp
@@ -221,25 +273,26 @@ rabin.cpp
 rabin.h
 randpool.cpp
 randpool.h
+rabbit.cpp
+rabbit.h
 rc2.cpp
 rc2.h
 rc5.cpp
 rc5.h
 rc6.cpp
 rc6.h
-rdrand-masm.cmd
-rdrand-nasm.sh
-rdrand.s
 rdrand.asm
 rdrand.cpp
 rdrand.h
+rdseed.asm
 rdtables.cpp
 regtest1.cpp
 regtest2.cpp
 regtest3.cpp
+regtest4.cpp
 resource.h
 rijndael.cpp
-rijndael-simd.cpp
+rijndael_simd.cpp
 rijndael.h
 ripemd.cpp
 ripemd.h
@@ -258,6 +311,7 @@ scrypt.h
 seal.cpp
 seal.h
 secblock.h
+secblockfwd.h
 seckey.h
 seed.cpp
 seed.h
@@ -265,40 +319,49 @@ serpent.cpp
 serpent.h
 serpentp.h
 sha.cpp
-sha-simd.cpp
+sha_simd.cpp
 sha.h
+sha1_armv4.h
+sha1_armv4.S
+sha256_armv4.h
+sha256_armv4.S
+sha512_armv4.h
+sha512_armv4.S
 sha3.cpp
 sha3.h
 shacal2.cpp
-shacal2-simd.cpp
+shacal2_simd.cpp
 shacal2.h
+shake.cpp
+shake.h
 shark.cpp
 shark.h
 sharkbox.cpp
 simple.cpp
 simple.h
 siphash.h
+simeck.cpp
+simeck.h
 simon.cpp
-simon-simd.cpp
+simon128_simd.cpp
 simon.h
 skipjack.cpp
 skipjack.h
 sm3.cpp
 sm3.h
 sm4.cpp
+sm4_simd.cpp
 sm4.h
 smartptr.h
-socketft.cpp
-socketft.h
 sosemanuk.cpp
 sosemanuk.h
 speck.cpp
-speck-simd.cpp
+speck128_simd.cpp
 speck.h
 square.cpp
 square.h
 squaretb.cpp
-sse-simd.cpp
+sse_simd.cpp
 stdcpp.h
 strciphr.cpp
 strciphr.h
@@ -312,8 +375,6 @@ threefish.h
 tiger.cpp
 tiger.h
 tigertab.cpp
-trdlocal.cpp
-trdlocal.h
 trunhash.h
 ttmac.cpp
 ttmac.h
@@ -326,25 +387,31 @@ validat1.cpp
 validat2.cpp
 validat3.cpp
 validat4.cpp
+validat5.cpp
+validat6.cpp
+validat7.cpp
+validat8.cpp
+validat9.cpp
+validat10.cpp
 validate.h
 vmac.cpp
 vmac.h
 vs2005.zip
-wait.cpp
-wait.h
 wake.cpp
 wake.h
 whrlpool.cpp
 whrlpool.h
-winpipes.cpp
-winpipes.h
 words.h
 x64dll.asm
 x64masm.asm
+xed25519.h
+xed25519.cpp
 xtr.cpp
 xtr.h
 xtrcrypt.cpp
 xtrcrypt.h
+xts.cpp
+xts.h
 zdeflate.cpp
 zdeflate.h
 zinflate.cpp
@@ -366,6 +433,8 @@ TestData/aria.dat
 TestData/camellia.dat
 TestData/cast128v.dat
 TestData/cast256v.dat
+TestData/defdmac1.bin
+TestData/defdmac2.bin
 TestData/descert.dat
 TestData/dh1024.dat
 TestData/dh2048.dat
@@ -374,6 +443,12 @@ TestData/dlie2048.dat
 TestData/dsa1024.dat
 TestData/dsa1024b.dat
 TestData/dsa512.dat
+TestData/ecies_p160.dat
+TestData/ecies_t163.dat
+TestData/ed25519.dat
+TestData/ed25519_ver.dat
+TestData/ed25519v0.dat
+TestData/ed25519v1.dat
 TestData/elgc1024.dat
 TestData/esig1023.dat
 TestData/esig1536.dat
@@ -409,10 +484,10 @@ TestData/rc6val.dat
 TestData/rijndael.dat
 TestData/rsa1024.dat
 TestData/rsa2048.dat
+TestData/rsa2048a.dat
 TestData/rsa400pb.dat
 TestData/rsa400pv.dat
 TestData/rsa512a.dat
-TestData/rsa2048a.dat
 TestData/rw1024.dat
 TestData/rw2048.dat
 TestData/saferval.dat
@@ -423,59 +498,79 @@ TestData/skipjack.dat
 TestData/squareva.dat
 TestData/twofishv.dat
 TestData/usage.dat
+TestData/x25519.dat
+TestData/x25519v0.dat
+TestData/x25519v1.dat
 TestData/xtrdh171.dat
 TestData/xtrdh342.dat
-TestVectors/Readme.txt
+TestVectors/aead.txt
 TestVectors/aes.txt
 TestVectors/all.txt
 TestVectors/aria.txt
 TestVectors/blake2.txt
 TestVectors/blake2b.txt
 TestVectors/blake2s.txt
-TestVectors/aria.txt
 TestVectors/camellia.txt
 TestVectors/ccm.txt
 TestVectors/chacha.txt
+TestVectors/chacha_tls.txt
+TestVectors/chacha20poly1305.txt
+TestVectors/cham.txt
 TestVectors/cmac.txt
 TestVectors/dlies.txt
 TestVectors/dsa.txt
 TestVectors/dsa_1363.txt
+TestVectors/dsa_rfc6979.txt
 TestVectors/eax.txt
 TestVectors/esign.txt
 TestVectors/gcm.txt
+TestVectors/hc128.txt
+TestVectors/hc256.txt
+TestVectors/hight.txt
 TestVectors/hkdf.txt
 TestVectors/hmac.txt
 TestVectors/kalyna.txt
 TestVectors/keccak.txt
+TestVectors/lea.txt
+TestVectors/lsh.txt
+TestVectors/lsh256.txt
+TestVectors/lsh512.txt
+TestVectors/lsh512_256.txt
 TestVectors/mars.txt
 TestVectors/nr.txt
 TestVectors/panama.txt
+TestVectors/poly1305aes.txt
+TestVectors/poly1305_tls.txt
+TestVectors/rabbit.txt
+TestVectors/Readme.txt
 TestVectors/rsa_oaep.txt
 TestVectors/rsa_pkcs1_1_5.txt
 TestVectors/rsa_pss.txt
-TestVectors/dsa_rfc6979.txt
 TestVectors/rw.txt
 TestVectors/salsa.txt
 TestVectors/seal.txt
 TestVectors/seed.txt
 TestVectors/sha.txt
-TestVectors/sha2.txt
-TestVectors/sha3.txt
-TestVectors/sha1_fips_180.txt
 TestVectors/sha1_160_fips_180.txt
-TestVectors/sha2_fips_180.txt
+TestVectors/sha1_fips_180.txt
+TestVectors/sha2.txt
 TestVectors/sha2_224_fips_180.txt
 TestVectors/sha2_256_fips_180.txt
 TestVectors/sha2_384_fips_180.txt
 TestVectors/sha2_512_fips_180.txt
-TestVectors/sha3_fips_202.txt
+TestVectors/sha2_fips_180.txt
+TestVectors/sha3.txt
 TestVectors/sha3_224_fips_202.txt
 TestVectors/sha3_256_fips_202.txt
 TestVectors/sha3_384_fips_202.txt
 TestVectors/sha3_512_fips_202.txt
+TestVectors/sha3_fips_202.txt
+TestVectors/shake.txt
 TestVectors/shacal2.txt
+TestVectors/simeck.txt
 TestVectors/simon.txt
 TestVectors/siphash.txt
+TestVectors/skipjack.txt
 TestVectors/sm3.txt
 TestVectors/sm4.txt
 TestVectors/sosemanuk.txt
@@ -486,3 +581,72 @@ TestVectors/ttmac.txt
 TestVectors/vmac.txt
 TestVectors/wake.txt
 TestVectors/whrlpool.txt
+TestVectors/xchacha.txt
+TestVectors/xts.txt
+TestPrograms/test_32bit.cpp
+TestPrograms/test_64bit.cpp
+TestPrograms/test_arm_acle_header.cpp
+TestPrograms/test_arm_aes.cpp
+TestPrograms/test_arm_armv7.cpp
+TestPrograms/test_arm_asimd.cpp
+TestPrograms/test_arm_crc.cpp
+TestPrograms/test_arm_neon.cpp
+TestPrograms/test_arm_neon_header.cpp
+TestPrograms/test_arm_pmull.cpp
+TestPrograms/test_arm_sha1.cpp
+TestPrograms/test_arm_sha256.cpp
+TestPrograms/test_arm_sha3.cpp
+TestPrograms/test_arm_sha512.cpp
+TestPrograms/test_arm_sm3.cpp
+TestPrograms/test_arm_sm4.cpp
+TestPrograms/test_asm_mixed.cpp
+TestPrograms/test_cxx11_alignas.cpp
+TestPrograms/test_cxx11_alignof.cpp
+TestPrograms/test_cxx11_assert.cpp
+TestPrograms/test_cxx11_atomic.cpp
+TestPrograms/test_cxx11_auto.cpp
+TestPrograms/test_cxx11_constexpr.cpp
+TestPrograms/test_cxx11.cpp
+TestPrograms/test_cxx11_deletefn.cpp
+TestPrograms/test_cxx11_enumtype.cpp
+TestPrograms/test_cxx11_initializer.cpp
+TestPrograms/test_cxx11_lambda.cpp
+TestPrograms/test_cxx11_noexcept.cpp
+TestPrograms/test_cxx11_nullptr.cpp
+TestPrograms/test_cxx11_staticinit.cpp
+TestPrograms/test_cxx11_sync.cpp
+TestPrograms/test_cxx11_vartemplates.cpp
+TestPrograms/test_cxx14.cpp
+TestPrograms/test_cxx17_assert.cpp
+TestPrograms/test_cxx17.cpp
+TestPrograms/test_cxx17_exceptions.cpp
+TestPrograms/test_cxx98_exception.cpp
+TestPrograms/test_cxx.cpp
+TestPrograms/test_glibc.cpp
+TestPrograms/test_newlib.cpp
+TestPrograms/test_nodevirtualize.cpp
+TestPrograms/test_ppc_aes.cpp
+TestPrograms/test_ppc_altivec.cpp
+TestPrograms/test_ppc_power7.cpp
+TestPrograms/test_ppc_power8.cpp
+TestPrograms/test_ppc_power9.cpp
+TestPrograms/test_ppc_sha.cpp
+TestPrograms/test_ppc_vmull.cpp
+TestPrograms/test_pthreads.cpp
+TestPrograms/test_x86_aes.cpp
+TestPrograms/test_x86_avx2.cpp
+TestPrograms/test_x86_avx512.cpp
+TestPrograms/test_x86_avx.cpp
+TestPrograms/test_x86_clmul.cpp
+TestPrograms/test_x86_cpuid.cpp
+TestPrograms/test_x86_rdrand.cpp
+TestPrograms/test_x86_rdseed.cpp
+TestPrograms/test_x86_sha.cpp
+TestPrograms/test_x86_sse2.cpp
+TestPrograms/test_x86_sse3.cpp
+TestPrograms/test_x86_sse41.cpp
+TestPrograms/test_x86_sse42.cpp
+TestPrograms/test_x86_ssse3.cpp
+TestPrograms/test_x86_via_aes.cpp
+TestPrograms/test_x86_via_rng.cpp
+TestPrograms/test_x86_via_sha.cpp

Common/3dParty/cryptopp/History.txt

@@ -4,7 +4,8 @@ The History file contains the items that comprise the release notes. The
 items in the list below used to be in Readme.txt. Readme.txt now contans the
 last several releases.
 
-1.0 - First public release.  Withdrawn at the request of RSA DSI.
+1.0 - First public release
+    - Withdrawn at the request of RSA DSI over patent claims
     - included Blowfish, BBS, DES, DH, Diamond, DSA, ElGamal, IDEA,
       MD5, RC4, RC5, RSA, SHA, WAKE, secret sharing, DEFLATE compression
     - had a serious bug in the RSA key generation code.
@@ -432,3 +433,150 @@ last several releases.
       - remove s_nullNameValuePairs from unnamed namespace
       - ported to MSVC 2017, Xcode 9.3, Sun Studio 12.5, GCC 8.0.1,
         MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1
+
+8.0.0 - December 28, 2018
+      - major release, recompile of programs required
+      - expanded community input and support
+         * 54 unique contributors as of this release
+      - add x25519 key exchange and ed25519 signature scheme
+      - add limited Asymmetric Key Package support from RFC 5958
+      - add Power9 DARN random number generator support
+      - add CHAM, HC-128, HC-256, Hight, LEA, Rabbit, Simeck
+      - fix FixedSizeAllocatorWithCleanup may be unaligned on some platforms
+      - cutover to GNU Make-based cpu feature tests
+      - rename files with dashes to underscores
+      - fix LegacyDecryptor and LegacyDecryptorWithMAC use wrong MAC
+      - fix incorrect AES/CBC decryption on Windows
+      - avoid Singleton<T> when possible, avoid std::call_once completely
+      - fix SPARC alignment problems due to GetAlignmentOf<T>() on word64
+      - add ARM AES asm implementation from Cryptogams
+      - remove CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS support
+
+8.1.0 - February 22, 2019
+      - minor release, no recompile of programs required
+      - expanded community input and support
+        * 56 unique contributors as of this release
+      - fix OS X PowerPC builds with Clang
+      - add Microsoft ARM64 support
+      - fix iPhone Simulator build due to missing symbols
+      - add CRYPTOPP_BUGGY_SIMD_LOAD_AND_STORE
+      - add carryless multiplies for NIST b233 and k233 curves
+      - fix OpenMP build due to use of OpenMP 4 with down-level compilers
+      - add SignStream and VerifyStream for ed25519 and large files
+      - fix missing AlgorithmProvider in PanamaHash
+      - add SHAKE-128 and SHAKE-256
+      - fix AVX2 build due to _mm256_broadcastsi128_si256
+      - add IETF ChaCha, XChaCha, ChaChaPoly1305 and XChaChaPoly1305
+
+8.2.0 - April 28, 2019
+      - minor release, no recompile of programs required
+      - expanded community input and support
+        * 56 unique contributors as of this release
+      - use PowerPC unaligned loads and stores with Power8
+      - add SKIPJACK test vectors
+      - fix SHAKE-128 and SHAKE-256 compile
+      - removed IS_NEON from Makefile
+      - fix Aarch64 build on Fedora 29
+      - fix missing GF2NT_233_Multiply_Reduce_CLMUL in FIPS DLL
+      - add missing BLAKE2 constructors
+      - fix missing BlockSize() in BLAKE2 classes
+
+8.3.0 - December 20, 2020
+      - minor release, recompile of programs required
+      - expanded community input and support
+        * 66 unique contributors as of this release
+      - fix use of macro CRYPTOPP_ALIGN_DATA
+      - fix potential out-of-bounds read in ECDSA
+      - fix std::bad_alloc when using ByteQueue in pipeline
+      - fix missing CRYPTOPP_CXX17_EXCEPTIONS with Clang
+      - fix potential out-of-bounds read in GCM mode
+      - add configure.sh when preprocessor macros fail
+      - fix potential out-of-bounds read in SipHash
+      - fix compile error on POWER9 due to vec_xl_be
+      - fix K233 curve on POWER8
+      - add Cirrus CI testing
+      - fix broken encryption for some 64-bit ciphers
+      - fix Android cpu-features.c using C++ compiler
+      - disable RDRAND and RDSEED for some AMD processors
+      - fix BLAKE2 hash calculation using Salt and Personalization
+      - refresh Android and iOS build scripts
+      - add XTS mode
+      - fix circular dependency between misc.h and secblock.h
+      - add Certificate interface
+      - fix recursion in AES::Encryption without AESNI
+      - add missing OID for ElGamal encryption
+      - fix missing override in KeyDerivationFunction-derived classes
+      - fix RDSEED assemble under MSVC
+      - fix elliptic curve timing leaks (CVE-2019-14318)
+      - add link-library variable to Makefiles
+      - fix SIZE_MAX definition in misc.h
+      - add GetWord64 and PutWord64 to BufferedTransformation
+      - use HKDF in AutoSeededX917RNG::Reseed
+      - fix Asan finding in VMAC on i686 in inline asm
+      - fix undeclared identifier _mm_roti_epi64 on Gentoo
+      - fix ECIES and GetSymmetricKeyLength
+      - fix possible divide by zero in PKCS5_PBKDF2_HMAC
+      - refine ASN.1 encoders and decoders
+      - disable BMI2 code paths in Integer class
+      - fix use of CRYPTOPP_CLANG_VERSION
+      - add NEON SHA1, SHA256 and SHA512 from Cryptogams
+      - add ARM SHA1, SHA256 and SHA512 from Cryptogams
+      - make config.h more autoconf friendly
+      - handle Clang triplet armv8l-unknown-linux-gnueabihf
+      - fix reference binding to misaligned address in xed25519
+      - clear asserts in TestDataNameValuePairs
+
+8.4.0 - January 2, 2021
+      - minor release, recompile of programs required
+      - expanded community input and support
+        * 67 unique contributors as of this release
+      - fix SIGILL on POWER8 when compiling with GCC 10
+      - fix potential out-of-bounds write in FixedSizeAllocatorWithCleanup
+      - fix compile on AIX POWER7 with IBM XLC 12.01
+      - fix compile on Solaris with SunCC 12.6
+      - revert changes for constant-time elliptic curve algorithms
+      - fix makefile clean and distclean recipes
+
+8.5.0 - March 7, 2021
+      - minor release, no recompile of programs required
+      - expanded community input and support
+        * 70 unique contributors as of this release
+      - port to Apple M1 hardware
+
+8.6.0 - September 21, 2021
+      - minor release, recompile of programs required
+      - expanded community input and support
+        * 74 unique contributors as of this release
+      - fix ElGamal encryption
+      - fix ChaCha20 AVX2 implementation
+      - add octal and decimal literal prefix parsing to Integer
+      - add missing overload in ed25519Signer and ed25519Verifier
+      - make SHA-NI independent of AVX and AVX2
+      - fix OldRandomPool GenerateWord32
+      - use CPPFLAGS during feature testing
+      - fix compile on CentOS 5
+      - fix compile on FreeBSD
+      - fix feature testing on ARM A-32 and Aarch64
+      - enable inline ASM for CRC and PMULL on Apple M1
+      - fix Intel oneAPI compile
+      - rename test files with *.cpp extension
+      - fix GCC compile error due to missing _mm256_set_m128i
+      - add LSH-256 and LSH-512 hash functions
+      - add ECIES_P1363 for backwards compatibility
+      - fix AdditiveCipherTemplate<T> ProcessData
+      - remove CRYPTOPP_NO_CXX11 define
+      - add -fno-common for Darwin builds
+      - update documentation
+
+8.7.0 - August 7, 2022
+      - minor release, recompile of programs required
+      - expanded community input and support
+        * 81 unique contributors as of this release
+      - fix RSA key generation for small moduli
+      - fix AES-GCM with AESNI but without CLMUL
+      - fix Clang warning with C++17
+      - fix MinGW builds due to use of O_NOFOLLOW
+      - rework CFB_CipherTemplate::ProcessData and AdditiveCipherTemplate::ProcessData
+        * restored performance and avoided performance penalty of a temp buffer
+      - fix undersized SecBlock buffer in Integer bit operations
+      - work around several GCC 11 & 12 problems

Common/3dParty/cryptopp/Install.txt

@@ -2,6 +2,7 @@ CONTENTS OF THIS FILE
 ---------------------
 
 * Introduction
+* Prerequisites
 * Building the Library
 * Alternate Build Systems
 * Installing the Library
@@ -16,27 +17,34 @@ INTRODUCTION
 
 Crypto++ Library is a free C++ class library of cryptographic algorithms and schemes. The library was originally written and placed in public domain by Wei Dai, but it is now maintained by the community. The library homepage is at http://www.cryptopp.com/. The latest library source code can be found at http://github.com/weidai11/cryptopp. For licensing and copyright information, please see License.txt.
 
-These are general instructions for the AIX, BSDs, Linux, OS X, Solaris and Unix. The library uses a GNU makefile, which combines configuration and a non-anemic make. On AIX, BSD and Solaris you will likely have to use `gmake` to build the library. On Linux, OS X and Unix, the system's make should be OK. On Windows, Crypto++ provides Visual Studio solutions.
+These are general instructions for AIX, BSDs, Linux, OS X, Solaris and Unix. The library uses GNU Make and a GNUmakefile to avoid anemic make. On AIX, BSD and Solaris you will likely have to use `gmake` to build the library. On Linux and OS X, the system's make should be OK. On Windows, Crypto++ provides Visual Studio solutions.
 
 You should look through the GNUmakefile and config.h to ensure settings look reasonable before building. There are two wiki pages that help explain them at http://www.cryptopp.com/wiki/GNUmakefile and http://www.cryptopp.com/wiki/Config.h.
 
 Wiki pages are available for some platforms with specific build instructions. The pages include Android, ARM, iOS, MSBuild and Solaris. Solaris users should visit the wiki for important information on compiling the library with different versions of SunCC and options, and information on improving library performance and features.
 
-Crypto++ does not depend upon other tools or libraries. It does not use Autotools, does not use CMake, and does not use Boost. If you use an alternate build system, like Autotools or CMake, then see the warning below about CXXFLAGS and lack of -DNDEBUG. CMake is available in Master as a matter of convenience, but its not officially supported.
+Crypto++ does not depend upon other tools or libraries. The library only needs GNU Make 3.80 on Unix & Linux; or Visual Studio 2010 and above build tools on Windows. The library does not use Autotools, does not use CMake, and does not use Boost.
 
-There is a partially complete CmakeList.txt available on the wiki at http://www.cryptopp.com/wiki/CMake. It is not recommended for use because it is not in a good state. If you have CMake expertise and can work some problems, then please see the wiki page for tasks related to CMake.
+Autotools and CMake projects are not officially supported. The build systems take too much time and effort. Unofficial projects are available at https://github.com/noloader/cryptopp-autotools and https://github.com/abdes/cryptopp-cmake. The projects provide a central location to support Autotools and CMake. Collaborators for Autotools and CMake are welcomed.
 
 
+PREREQUISITES
+-------------
+
+The library requires a semi-modern C++ compiler and GNU Make 3.81 or above. The compiler must support 64-bit words, C++03, namespaces, RTTI and exceptions.
+
+The library does not depend on other build systems, like Autotools or CMake. The library does not depend on other libraries, like Boost.
+
 BUILDING THE LIBRARY
 --------------------
 
-In general, all you should have to do is open a terminal, and then:
+In general, all you should have to do is open a terminal, cd to the cryptopp directory, and then:
 
     make
     make test
     sudo make install
 
-The command above builds the static library and cryptest.exe program. It also uses a sane set of default flags, which are usually "-DNDEBUG -g2 -O3 -fPIC".
+The command above builds the static library and cryptest.exe program. It also uses a sane default flags, which are usually "-DNDEBUG -g2 -O3 -fPIC".
 
 If you want to build the shared object, then issue:
 
@@ -70,7 +78,16 @@ LLVM's libc++ is also supported, so you can:
     export CXXFLAGS="-std=c++11 -stdlib=libc++"
     make
 
-If you target 32-bit IA-32 machines (i386, i586 or i686), then the makefile forgoes -fPIC due to register pressures. You should add -fPIC yourself in this case:
+If you are using the library on OS X with XCode then you should add LLVM's libc++. You can do so by modifying CXXFLAGS, or you can modify the GNUmakefile. To modify the GNUmakefile, open it and find the line for OS X builds around line 150:
+
+    ifneq ($(IS_DARWIN),0)
+      CXX ?= c++
+      CRYPTOPP_CXXFLAGS += -stdlib=libc++
+      AR = libtool
+      ARFLAGS = -static -o
+    endif
+
+If you target 32-bit IA-32 machines (i386, i586 or i686), then the makefile forgoes -fPIC due to register pressures. You should add -fPIC yourself, if needed:
 
     CXXFLAGS="-DNDEBUG -g2 -O3 -fPIC" make
 
@@ -78,10 +95,27 @@ You can also override a variable so that only your flags are present. That is, t
 
     make CXXFLAGS="-std=c++11"
 
-Crypto++ does not enagage Specter remediations at this time. You can build with Specter resistance with the following flags:
+Crypto++ does not engage Specter remediations at this time. You can build with Specter resistance with the following flags:
 
     CXXFLAGS="-DNDEBUG -g2 -O3 -mfunction-return=thunk -mindirect-branch=thunk" make
 
+The library does not support out-of-tree builds. You must cd to the Crypto++ directory before building. `make distclean` will return the Crypto++ directory to a pristine state.
+
+
+BUILDING WITH VCPKG
+-------------------
+
+You can download and install cryptopp using the [vcpkg](https://github.com/Microsoft/vcpkg/) dependency manager:
+
+    git clone https://github.com/Microsoft/vcpkg.git
+    cd vcpkg
+    ./bootstrap-vcpkg.sh
+    ./vcpkg integrate install
+    ./vcpkg install cryptopp
+
+The cryptopp port in vcpkg is kept up to date by Microsoft team members and community contributors.
+If the version is out of date, please [create an issue or pull request](https://github.com/Microsoft/vcpkg) on the vcpkg repository.
+
 
 ALTERNATE BUILD SYSTEMS
 -----------------------
@@ -124,7 +158,7 @@ The following are some of the targets provided by the GNU makefile.
 
 `make cryptest.exe` builds the library test harness.
 
-`make test` and `make check` are the same recipe and invoke the test harness with the the validation option. That is, it executes `cryptest.exe v`.
+`make test` and `make check` are the same recipe and invoke the test harness with the validation option. That is, it executes `cryptest.exe v`.
 
 `make install` installs the library. By default, the makefile copies into `/usr/local` by default.
 
@@ -147,18 +181,16 @@ The Crypto++ embraces tools like Undefined Behavior sanitizer (UBsan), Address s
 UBsan and Asan are mutually exclusive options, so you can perform only one of these at a time:
 
     make ubsan
-    ./cryptest.exe v 2>&1 | egrep "(error|FAILED)"
-    ./cryptest.exe tv all 2>&1 | egrep "(error|FAILED)"
+    ./cryptest.exe v 2>&1 | grep -E "(error:|FAILED)"
+    ./cryptest.exe tv all 2>&1 | grep -E "(error:|FAILED)"
 
 Or:
 
     make asan
-    ./cryptest.exe v 2>&1 | egrep "(error|FAILED)"
-    ./cryptest.exe tv all 2>&1 | egrep "(error|FAILED)"
+    ./cryptest.exe v 2>&1 | grep -E "(error:|FAILED)"
+    ./cryptest.exe tv all 2>&1 | grep -E "(error:|FAILED)"
 
-If you experience self test failures or see reports of undefined behavior, then you should ensure CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is defined in config.h. CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is not defined due to historical purposes.
-
-If you experience failures under Asan, then gather more information with:
+If you experience failures under Asan, then gather more information with asan_symbolize. You may not need asan_symbolize nowadays:
 
     ./cryptest.exe v 2>&1 | asan_symbolize
 
@@ -172,7 +204,7 @@ ACCEPTANCE TESTING
 
 Crypto++ uses five security gates in its engineering process. The library must maintain the quality provided by the review system and integrity of the test suites. You can use the information to decide if the Crypto++ library suits your needs and provides a compatible security posture.
 
-The first gate is code review and discussion of proposed chnages. Git commits often cross reference a User Group discussions.
+The first gate is code review and discussion of proposed changes. Git commits often cross reference a User Group discussions.
 
 Second is the compiler warning system. The code must clean compile under the equivalent of GCC's -Wall -Wextra (modulo -Wno-type-limits -Wno-unknown-pragmas). This is a moving target as compiler analysis improves.
 
@@ -185,25 +217,25 @@ Fifth, the test harness provides a "validation" option which performs basic syst
     ./cryptest.exe v
     ...
 
-    All tests passed!
-    Test ended at Sun Jul 26 02:10:57 2015
-    Seed used was: 1437891055
+    Seed used was 1612313449
+    Test started at Tue Feb 2 19:50:49 2021
+    Test ended at Tue Feb 2 19:50:52 2021
 
 Sixth, the test harness provides a "test vector" option which uses many known test vectors, even those published by other people (like Brian Gladman for AES). You run the test vectors as shown below. The tail of the output should indicate 0 failed tests.
 
     ./cryptest.exe tv all
     ...
 
-    Testing SymmetricCipher algorithm MARS/ECB.
-    .................
-    Tests complete. Total tests = 4094. Failed tests = 0.
+    Testing SymmetricCipher algorithm AES/XTS.
+    .....................
+    Tests complete. Total tests = 11260. Failed tests = 0.
 
-The library also offers its test script for those who want to use it. The test script is names cryptest.sh, and it repeatedly builds the library and exectues the tests under various configurations. It takes 2 to 4 hours to run on a semi-modern desktop or server; and days to run on an IoT gadget. Also see http://github.com/weidai11/cryptopp/blob/master/cryptest.sh and http://cryptopp.com/wiki/Cryptest.sh.
+The library also offers its test script for those who want to use it. The test script is names cryptest.sh, and it repeatedly builds the library and exectues the tests under various configurations. It takes about 4 hours to run on a semi-modern desktop or server; and several days to run on an IoT gadget. Also see http://github.com/weidai11/cryptopp/blob/master/cryptest.sh and http://cryptopp.com/wiki/Cryptest.sh.
 
 
 REPORTING PROBLEMS
 ------------------
 
-Dirty compiles and failures in the validation suite or test vectors should be reported at the Crypto++ User Group. The User Group is located at http://groups.google.com/forum/#!forum/cryptopp-users.
+Build failures, dirty compiles and failures in the validation suite or test vectors should be reported at the Crypto++ User Group. The User Group is located at http://groups.google.com/forum/#!forum/cryptopp-users.
 
 The library uses Wei Dai's GitHub to track issues. The tracker is located at http://github.com/weidai11/cryptopp/issues. Please do not ask questions in the bug tracker; ask questions on the mailing list instead. Also see http://www.cryptopp.com/wiki/Bug_Report.

Common/3dParty/cryptopp/License.txt

@@ -1,4 +1,4 @@
-Compilation Copyright (c) 1995-2016 by Wei Dai.  All rights reserved.
+Compilation Copyright (c) 1995-2019 by Wei Dai.  All rights reserved.
 This copyright applies only to this software distribution package
 as a compilation, and does not imply a copyright on any particular
 file in the package.
@@ -22,6 +22,20 @@ Richard De Moliner - safer.cpp
 Matthew Skala - twofish.cpp
 Kevin Springle - camellia.cpp, shacal2.cpp, ttmac.cpp, whrlpool.cpp, ripemd.cpp
 Ronny Van Keer - sha3.cpp
+Aumasson, Neves, Wilcox-O'Hearn and Winnerlein - blake2.cpp, blake2b_simd.cpp, blake2s_simd.cpp
+Aaram Yun - aria.cpp, aria_simd.cpp
+Han Lulu, Markku-Juhani O. Saarinen - sm4.cpp sm4_simd.cpp
+Daniel J. Bernstein, Jack Lloyd - chacha.cpp, chacha_simd.cpp, chacha_avx.cpp
+Andrew Moon - ed25519, x25519, donna_32.cpp, donna_64.cpp, donna_sse.cpp
+
+The Crypto++ Library uses portions of Andy Polyakov's CRYPTOGAMS on Linux
+for 32-bit ARM with files aes_armv4.S, sha1_armv4.S and sha256_armv4.S.
+CRYPTOGAMS is dual licensed with a permissive BSD-style license. The
+CRYPTOGAMS license is reproduced below. You can disable Cryptogams code by
+undefining the relevant macros in config_asm.h.
+
+The Crypto++ Library uses portions of Jack Lloyd's Botan for ChaCha SSE2 and
+AVX. Botan placed the code in public domain for Crypto++ to use.
 
 The Crypto++ Library (as a compilation) is currently licensed under the Boost
 Software License 1.0 (http://www.boost.org/users/license.html).
@@ -49,3 +63,22 @@ SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
 FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
 ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 DEALINGS IN THE SOFTWARE.
+
+CRYPTOGAMS License
+
+Copyright (c) 2006-2017, CRYPTOGAMS by <appro@openssl.org>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+* Redistributions of source code must retain copyright notices,
+  this list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above
+  copyright notice, this list of conditions and the following
+  disclaimer in the documentation and/or other materials
+  provided with the distribution.
+* Neither the name of the CRYPTOGAMS nor the names of its copyright
+  holder and contributors may be used to endorse or promote products
+  derived from this software without specific prior written permission.

Common/3dParty/cryptopp/Readme.txt

@@ -1,37 +1,39 @@
 Crypto++: free C++ Class Library of Cryptographic Schemes
-Version 7.0 - APR/08/2018
+Version 8.8 - TBD
 
 Crypto++ Library is a free C++ class library of cryptographic schemes.
 Currently the library contains the following algorithms:
 
                    algorithm type  name
 
- authenticated encryption schemes  GCM, CCM, EAX
+ authenticated encryption schemes  GCM, CCM, EAX, ChaCha20Poly1305 and
+                                   XChaCha20Poly1305
 
-        high speed stream ciphers  ChaCha (8/12/20), Panama, Sosemanuk, Salsa20,
-                                   XSalsa20
+        high speed stream ciphers  ChaCha (8/12/20), ChaCha (IETF), Panama, Salsa20,
+                                   Sosemanuk, XSalsa20, XChaCha20
 
            AES and AES candidates  AES (Rijndael), RC6, MARS, Twofish, Serpent,
                                    CAST-256
 
-                                   ARIA, IDEA, Blowfish, Triple-DES (DES-EDE2 and
-                                   DES-EDE3), Camellia, SEED, Kalyna (128/256/512),
-              other block ciphers  RC5, SIMON-64, SIMON-128, SPECK-64, SPECK-128,
-                                   Skipjack, SHACAL-2, SM4, Threefish (256/512/1024),
-                                   TEA, XTEA
+                                   ARIA, Blowfish, Camellia, CHAM, HIGHT, IDEA,
+                                   Kalyna (128/256/512), LEA, SEED, RC5, SHACAL-2,
+              other block ciphers  SIMON (64/128), Skipjack, SPECK (64/128),
+                                   Simeck, SM4, Threefish (256/512/1024),
+                                   Triple-DES (DES-EDE2 and DES-EDE3), TEA, XTEA
 
   block cipher modes of operation  ECB, CBC, CBC ciphertext stealing (CTS),
-                                   CFB, OFB, counter mode (CTR)
+                                   CFB, OFB, counter mode (CTR), XTS
 
      message authentication codes  BLAKE2s, BLAKE2b, CMAC, CBC-MAC, DMAC, GMAC, HMAC,
-                                   Poly1305, SipHash, Two-Track-MAC, VMAC,
+                                   Poly1305, Poly1305 (IETF), SipHash, Two-Track-MAC,
+                                   VMAC
 
-                                   BLAKE2s, BLAKE2b, Keccack (F1600), SHA-1,
-                   hash functions  SHA-2 (224/256/384/512), SHA-3 (224/256/384/512),
-                                   SipHash, SM3, Tiger, RIPEMD-128, RIPEMD-160,
-                                   RIPEMD-256, RIPEMD-320, WHIRLPOOL
+                                   BLAKE2s, BLAKE2b, Keccack (F1600), LSH (256/512),
+                   hash functions  SHA-1, SHA-2 (224/256/384/512), SHA-3 (224/256),
+                                   SHA-3 (384/512), SHAKE (128/256), SipHash, SM3, Tiger,
+                                   RIPEMD (128/160/256/320), WHIRLPOOL
 
-                                   RSA, DSA, Determinsitic DSA, ElGamal,
+                                   RSA, DSA, Deterministic DSA, ElGamal,
           public-key cryptography  Nyberg-Rueppel (NR), Rabin-Williams (RW), LUC,
                                    LUCELG, EC-based German Digital Signature (ECGDSA),
                                    DLIES (variants of DHAES), ESIGN
@@ -39,11 +41,12 @@ Currently the library contains the following algorithms:
    padding schemes for public-key  PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363
                           systems  EMSA2 and EMSA5
 
-                                   Diffie-Hellman (DH), Unified Diffie-Hellman
-            key agreement schemes  (DH2), Menezes-Qu-Vanstone (MQV), Hashed MQV (HMQV),
+                                   Diffie-Hellman (DH), Unified Diffie-Hellman (DH2),
+            key agreement schemes  Menezes-Qu-Vanstone (MQV), Hashed MQV (HMQV),
                                    Fully Hashed MQV (FHMQV), LUCDIF, XTR-DH
 
-      elliptic curve cryptography  ECDSA, Determinsitic ECDSA, ECNR, ECIES, ECDH, ECMQV
+      elliptic curve cryptography  ECDSA, Deterministic ECDSA, ed25519, ECNR, ECIES,
+                                   ECDH, ECMQV, x25519
 
           insecure or obsolescent  MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL
 algorithms retained for backwards  3.0, WAKE-OFB, DESX (DES-XEX3), RC2,
@@ -53,7 +56,7 @@ algorithms retained for backwards  3.0, WAKE-OFB, DESX (DES-XEX3), RC2,
 Other features include:
 
   * pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool,
-    VIA Padlock, RDRAND, RDSEED, NIST Hash and HMAC DRBGs
+    DARN, VIA Padlock, RDRAND, RDSEED, NIST Hash and HMAC DRBGs
   * password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5,
     PBKDF from PKCS #12 appendix B, HKDF from RFC 5869, Scrypt from RFC 7914
   * Shamir's secret sharing scheme and Rabin's information dispersal algorithm
@@ -68,36 +71,34 @@ Other features include:
       + 32-bit CRC, CRC-C and Adler32 checksum
   * class wrappers for these platform and operating system features (optional):
       + high resolution timers on Windows, Unix, and Mac OS
-      + Berkeley and Windows style sockets
-      + Windows named pipes
       + /dev/random, /dev/urandom, /dev/srandom
       + Microsoft's CryptGenRandom or BCryptGenRandom on Windows
   * A high level interface for most of the above, using a filter/pipeline
     metaphor
   * benchmarks and validation testing
-  * x86, x64 (x86-64), x32 (ILP32), ARM-32, Aarch32, Aarch64 and Power8 in-core code
-    for the commonly used algorithms
+  * x86, x64 (x86-64), x32 (ILP32), ARM-32, Aarch32, Aarch64 and Power8
+    in-core code for the commonly used algorithms
       + run-time CPU feature detection and code selection
       + supports GCC-style and MSVC-style inline assembly, and MASM for x64
       + x86, x64 (x86-64), x32 provides MMX, SSE2, and SSE4 implementations
       + ARM-32, Aarch32 and Aarch64 provides NEON, ASIMD and ARMv8 implementations
       + Power8 provides in-core AES using NX Crypto Acceleration
 
-The Crypto++ library was orginally written by Wei Dai. The library is now
+The Crypto++ library was originally written by Wei Dai. The library is now
 maintained by several team members and the community. You are welcome to use it
 for any purpose without paying anyone, but see License.txt for the fine print.
 
 The following compilers are supported for this release. Please visit
 http://www.cryptopp.com the most up to date build instructions and porting notes.
 
-  * Visual Studio 2003 - 2017
-  * GCC 3.3 - 8.0
-  * Apple Clang 4.3 - 9.3
-  * LLVM Clang 2.9 - 4.0
-  * C++Builder 2010
+  * Visual Studio 2003 - 2022
+  * GCC 3.3 - 12.2
+  * Apple Clang 4.3 - 12.0
+  * LLVM Clang 2.9 - 14.0
+  * C++ Builder 2015
   * Intel C++ Compiler 9 - 16.0
-  * Sun Studio 12u1 - 12.5
-  * IBM XL C/C++ 10.0 - 13.1
+  * Sun Studio 12u1 - 12.7
+  * IBM XL C/C++ 10.0 - 14.0
 
 *** Important Usage Notes ***
 
@@ -127,9 +128,8 @@ cryptdll - This builds the DLL. Please note that if you wish to use Crypto++
 dlltest - This builds a sample application that only uses the DLL.
 
 The DLL used to provide FIPS validated cryptography. The library was moved
-to the CMVP's <A HREF=
-"http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-historical.htm">
-Historical Validation List</A>. The library and the DLL are no longer considered
+to the CMVP's [Historical Validation List](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-historical.htm).
+The library and the DLL are no longer considered
 validated. You should no longer use the DLL.
 
 To use the Crypto++ DLL in your application, #include "dll.h" before including
@@ -204,16 +204,28 @@ library in your programs to help avoid unwanted redirections.
 
 *** Side Channel Attacks ***
 
-Crypto++ attempts to resist side channel attacks using various remediations. We
-believe the library is hardened but the remdiations may be incomplete. The first
-line of defense uses hardware instructions when possible. The library also uses
-cache-aware algoirthms and access patterns to minimize leakage. If you suspect
-or find an information leak then please report it.
+Crypto++ attempts to resist side channel attacks using various remediations.
+The remdiations are applied as a best effort but are probably incomplete. They
+are incomplete due to cpu speculation bugs like Spectre, Meltdown, Foreshadow.
+The attacks target both cpu caches and internal buffers. Intel generally refers
+to internal buffer attacks as "Microarchitectural Data Sampling" (MDS).
 
-Crypto++ does not enagage Specter remediations at this time. The GCC options for
-Specter are -mfunction-return=thunk and -mindirect-branch=thunk, and the library
-uses them during testing. If you want the Specter workarounds then add the GCC
-options to your CXXFLAGS when building the library.
+The library uses hardware instructions when possible for block ciphers, hashes
+and other operations. The hardware acceleration remediates some timing
+attacks. The library also uses cache-aware algorithms and access patterns
+to minimize leakage cache evictions.
+
+Elliptic curves over binary fields are believed to leak information. The task is a
+work in progress. We don't believe binary fields are used in production, so we feel it
+is a low risk at the moment.
+
+Crypto++ does not engage Specter remediations at this time. The GCC options
+for Specter are -mfunction-return=thunk and -mindirect-branch=thunk, and the
+library uses them during testing. If you want the Specter workarounds then add
+the GCC options to your CXXFLAGS when building the library.
+
+To help resist attacks you should disable hyperthreading on cpus. If you
+suspect or find an information leak then please report it.
 
 *** Documentation and Support ***
 
@@ -235,7 +247,7 @@ The source code and its planned changes are available at the following locations
 
   * The Crypto++ GitHub repository allows you to view the latest (unreleased)
     Crypto++ source code via the Linux kernel's git beginning around June 2015.
-    Its also serves as an incubator to nuture and grow the library.
+    Its also serves as an incubator to nurture and grow the library.
   * The former Crypto++ SourceForge repository allows you to view the Crypto++
     source code via Apache's subversion until about July 2015. At that time,
     SourceForge had infrastructure problems and a cutover to GutHub was performed.
@@ -282,124 +294,152 @@ documentation is one of the highest returns on investment.
 The items in this section comprise the most recent history. Please see History.txt
 for the record back to Crypto++ 1.0.
 
-7.0.0 - April 8, 2018
+8.7.0 - August 7, 2022
+      - minor release, recompile of programs required
+      - expanded community input and support
+        * 81 unique contributors as of this release
+      - fix RSA key generation for small moduli
+      - fix AES-GCM with AESNI but without CLMUL
+      - fix Clang warning with C++17
+      - fix MinGW builds due to use of O_NOFOLLOW
+      - rework CFB_CipherTemplate::ProcessData and AdditiveCipherTemplate::ProcessData
+        * restored performance and avoided performance penalty of a temp buffer
+      - fix undersized SecBlock buffer in Integer bit operations
+      - work around several GCC 11 & 12 problems
+
+8.6.0 - September 21, 2021
+      - minor release, recompile of programs required
+      - expanded community input and support
+        * 74 unique contributors as of this release
+      - fix ElGamal encryption
+      - fix ChaCha20 AVX2 implementation
+      - add octal and decimal literal prefix parsing to Integer
+      - add missing overload in ed25519Signer and ed25519Verifier
+      - make SHA-NI independent of AVX and AVX2
+      - fix OldRandomPool GenerateWord32
+      - use CPPFLAGS during feature testing
+      - fix compile on CentOS 5
+      - fix compile on FreeBSD
+      - fix feature testing on ARM A-32 and Aarch64
+      - enable inline ASM for CRC and PMULL on Apple M1
+      - fix Intel oneAPI compile
+      - rename test files with *.cpp extension
+      - fix GCC compile error due to missing _mm256_set_m128i
+      - add LSH-256 and LSH-512 hash functions
+      - add ECIES_P1363 for backwards compatibility
+      - fix AdditiveCipherTemplate<T> ProcessData
+      - remove CRYPTOPP_NO_CXX11 define
+      - add -fno-common for Darwin builds
+      - update documentation
+
+8.5.0 - March 7, 2021
+      - minor release, no recompile of programs required
+      - expanded community input and support
+        * 70 unique contributors as of this release
+      - port to Apple M1 hardware
+
+8.4.0 - January 2, 2021
+      - minor release, recompile of programs required
+      - expanded community input and support
+        * 67 unique contributors as of this release
+      - fix SIGILL on POWER8 when compiling with GCC 10
+      - fix potential out-of-bounds write in FixedSizeAllocatorWithCleanup
+      - fix compile on AIX POWER7 with IBM XLC 12.01
+      - fix compile on Solaris with SunCC 12.6
+      - revert changes for constant-time elliptic curve algorithms
+      - fix makefile clean and distclean recipes
+
+8.3.0 - December 20, 2020
+      - minor release, recompile of programs required
+      - expanded community input and support
+        * 66 unique contributors as of this release
+      - fix use of macro CRYPTOPP_ALIGN_DATA
+      - fix potential out-of-bounds read in ECDSA
+      - fix std::bad_alloc when using ByteQueue in pipeline
+      - fix missing CRYPTOPP_CXX17_EXCEPTIONS with Clang
+      - fix potential out-of-bounds read in GCM mode
+      - add configure.sh when preprocessor macros fail
+      - fix potential out-of-bounds read in SipHash
+      - fix compile error on POWER9 due to vec_xl_be
+      - fix K233 curve on POWER8
+      - add Cirrus CI testing
+      - fix broken encryption for some 64-bit ciphers
+      - fix Android cpu-features.c using C++ compiler
+      - disable RDRAND and RDSEED for some AMD processors
+      - fix BLAKE2 hash calculation using Salt and Personalization
+      - refresh Android and iOS build scripts
+      - add XTS mode
+      - fix circular dependency between misc.h and secblock.h
+      - add Certificate interface
+      - fix recursion in AES::Encryption without AESNI
+      - add missing OID for ElGamal encryption
+      - fix missing override in KeyDerivationFunction-derived classes
+      - fix RDSEED assemble under MSVC
+      - fix elliptic curve timing leaks (CVE-2019-14318)
+      - add link-library variable to Makefiles
+      - fix SIZE_MAX definition in misc.h
+      - add GetWord64 and PutWord64 to BufferedTransformation
+      - use HKDF in AutoSeededX917RNG::Reseed
+      - fix Asan finding in VMAC on i686 in inline asm
+      - fix undeclared identifier _mm_roti_epi64 on Gentoo
+      - fix ECIES and GetSymmetricKeyLength
+      - fix possible divide by zero in PKCS5_PBKDF2_HMAC
+      - refine ASN.1 encoders and decoders
+      - disable BMI2 code paths in Integer class
+      - fix use of CRYPTOPP_CLANG_VERSION
+      - add NEON SHA1, SHA256 and SHA512 from Cryptogams
+      - add ARM SHA1, SHA256 and SHA512 from Cryptogams
+      - make config.h more autoconf friendly
+      - handle Clang triplet armv8l-unknown-linux-gnueabihf
+      - fix reference binding to misaligned address in xed25519
+      - clear asserts in TestDataNameValuePairs
+
+8.2.0 - April 28, 2019
+      - minor release, no recompile of programs required
+      - expanded community input and support
+        * 56 unique contributors as of this release
+      - use PowerPC unaligned loads and stores with Power8
+      - add SKIPJACK test vectors
+      - fix SHAKE-128 and SHAKE-256 compile
+      - removed IS_NEON from Makefile
+      - fix Aarch64 build on Fedora 29
+      - fix missing GF2NT_233_Multiply_Reduce_CLMUL in FIPS DLL
+      - add missing BLAKE2 constructors
+      - fix missing BlockSize() in BLAKE2 classes
+
+8.1.0 - February 22, 2019
+      - minor release, no recompile of programs required
+      - expanded community input and support
+        * 56 unique contributors as of this release
+      - fix OS X PowerPC builds with Clang
+      - add Microsoft ARM64 support
+      - fix iPhone Simulator build due to missing symbols
+      - add CRYPTOPP_BUGGY_SIMD_LOAD_AND_STORE
+      - add carryless multiplies for NIST b233 and k233 curves
+      - fix OpenMP build due to use of OpenMP 4 with down-level compilers
+      - add SignStream and VerifyStream for ed25519 and large files
+      - fix missing AlgorithmProvider in PanamaHash
+      - add SHAKE-128 and SHAKE-256
+      - fix AVX2 build due to _mm256_broadcastsi128_si256
+      - add IETF ChaCha, XChaCha, ChaChaPoly1305 and XChaChaPoly1305
+
+8.0.0 - December 28, 2018
       - major release, recompile of programs required
       - expanded community input and support
-         * 48 unique contributors as of this release
-      - fix incorrect result when using Integer::ModInverse
-         * may be CVE worthy, but request was not submitted
-      - fix ARIA/CTR bus error on Sparc64
-      - fix incorrect result when using a_exp_b_mod_c
-      - fix undeclared identifier uint32_t on early Visual Studio
-      - fix iPhoneSimulator build on i386
-      - fix incorrect adler32 in ZlibDecompressor
-      - fix Power7 test using PPC_FEATURE_ARCH_2_06
-      - workaround incorrect Glibc sysconf return value on ppc64-le
-      - add KeyDerivationFunction interface
-      - add scrypt key derivation function
-      - add Salsa20_Core transform callable from outside class
-      - add sbyte, sword16, sword32 and sword64
-      - remove s_nullNameValuePairs from unnamed namespace
-      - ported to MSVC 2017, Xcode 9.3, Sun Studio 12.5, GCC 8.0.1,
-        MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1
-
-6.1.0 - February 22, 2018
-      - minor release, maintenance items
-      - expanded community input and support
-         * 46 unique contributors as of this release
-      - use 2048-bit modulus default for DSA
-      - fix build under Linuxbrew
-      - use /bin/sh in GNUmakefile
-      - fix missing flags for SIMON and SPECK in GNUMakefile-cross
-      - fix ARM and MinGW misdetection
-      - port setenv-android.sh to latest NDK
-      - fix Clang check for C++11 lambdas
-      - Simon and Speck to little-endian implementation
-      - use LIB_MAJOR for ABI compatibility
-      - fix ODR violation in AdvancedProcessBlocks_{ARCH} templates
-      - handle C++17 std::uncaught_exceptions
-      - ported to MSVC 2017, Xcode 8.1, Sun Studio 12.5, GCC 8.0.1,
-        MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1
-
-6.0.0 - January 22, 2018
-      - major release, recompile of programs required
-      - expanded community input and support
-         * 43 unique contributors as of this release
-      - fixed CVE-2016-9939 (Issue 346, transient DoS)
-      - fixed CVE-2017-9434 (Issue 414, misidentified memory error)
-      - converted to BASE+SIMD implementation
-         * BASE provides an architecture neutral C++ implementation
-         * SIMD provides architecture specific hardware acceleration
-      - improved PowerPC Power4, Power7 and Power8 support
-      - added ARIA, EC German DSA, Deterministic signatures (RFC 6979),
-        Kalyna, NIST Hash and HMAC DRBG, Padlock RNG, Poly1305, SipHash,
-        Simon, Speck, SM3, SM4, Threefish algorithms
-      - added NaCl interface from the compact library
-         * x25519 key exhange and ed25519 signing provided through NaCl interface
-      - improved Testing and QA
-      - ported to MSVC 2017, Xcode 8.1, Sun Studio 12.5, GCC 7.3,
-        MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1
-
-5.6.5 - October 11, 2016
-      - maintenance release, recompile of programs recommended
-      - expanded community input and support
-         * 25 unique contributors as of this release
-      - fixed CVE-2016-7420 (Issue 277, document NDEBUG for production/release)
-      - fixed CVE-2016-7544 (Issue 302, avoid _malloca and _freea)
-      - shipped library in recommended state
-         * backwards compatibility achieved with <config.compat>
-      - Visual Studio project file cleanup
-         * improved X86 and X64 MSBuild support
-         * added ARM-based MSBuild awareness
-      - improved Testing and QA
-         * expanded platforms and compilers
-         * expanded Coverity into OS X and Windows platforms
-         * added Windows test scripts using Strawberry Perl
-      - ported to MSVC 2015 SP3, Xcode 7.3, Sun Studio 12.5, GCC 7.0,
-        MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00
-
-5.6.4 - September 11, 2016
-      - maintenance release, honored API/ABI/Versioning requirements
-      - expanded community input and support
-         * 22 unique contributors for this release
-      - fixed CVE-2016-3995
-      - changed SHA3 to FIPS 202 (F1600, XOF d=0x06)
-      - added Keccak (F1600, XOF d=0x01)
-      - added ChaCha (ChaCha8/12/20)
-      - added HMQV and FHMQV
-         * Hashed and Fully Hashed MQV
-      - added BLAKE2 (BLAKE2s and BLAKE2b)
-         * C++, SSE2, SSE4, ARM NEON and ARMv8 ASIMD
-      - added CRC32-C
-         * C/C++, Amd64 CRC, and ARMv8 CRC
-      - improved Rabin-William signatures
-         * Tweaked roots <em>e</em> and <em>f</em>
-      - improved C++11 support
-         * atomics, threads and fences
-         * alginof, alignas
-         * constexpr
-         * noexcept
-      - improved GCM mode
-         * ARM NEON and ARMv8 ASIMD
-         * ARMv8 carry-less multiply
-      - improved Windows 8 and 10 support
-         * Windows Phone, Universal Windows Platform, Windows Store
-      - improved MIPS, ARMv7 and ARMv8 support
-         * added scripts setenv-{android|embedded|ios}.sh for GNUmakefile-cross
-         * aggressive use of -march=<arch> and -mfpu=<fpu> in cryptest.sh
-      - improved build systems
-         * Visual Studio 2010 default
-         * added CMake support (lacks FindCryptopp.cmake)
-         * archived VC++ 5/0/6.0 project files (vc60.zip)
-         * archived VS2005 project files (vs2005.zip)
-         * archived Borland project files (bds10.zip)
-      - improved Testing and QA
-         * expanded platforms and compilers
-         * added code generation tests based on CPU features
-         * added C++03, C++11, C++14, C++17 testing
-         * added -O3, -O5, -Ofast and -Os testing
-      - ported to MSVC 2015 SP3, Xcode 9.0, Sun Studio 12.5, GCC 7.0,
-        MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00
+         * 54 unique contributors as of this release
+      - add x25519 key exchange and ed25519 signature scheme
+      - add limited Asymmetric Key Package support from RFC 5958
+      - add Power9 DARN random number generator support
+      - add CHAM, HC-128, HC-256, Hight, LEA, Rabbit, Simeck
+      - fix FixedSizeAllocatorWithCleanup may be unaligned on some platforms
+      - cutover to GNU Make-based cpu feature tests
+      - rename files with dashes to underscores
+      - fix LegacyDecryptor and LegacyDecryptorWithMAC use wrong MAC
+      - fix incorrect AES/CBC decryption on Windows
+      - avoid Singleton<T> when possible, avoid std::call_once completely
+      - fix SPARC alignment problems due to GetAlignmentOf<T>() on word64
+      - add ARM AES asm implementation from Cryptogams
+      - remove CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS support
 
 June 2015 - Changing of the guard. Wei Dai turned the library over to the
         community. The first community release was Crypto++ 5.6.3. Wei is

Common/3dParty/cryptopp/Security.md

@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+We support modern versions of the Crypto++ library. Modern versions include the tip of Master and the latest release.
+
+We also support versions of the library supplied by distributions such as Debian, Fedora, Red Hat and Ubuntu. We don't leave distros unsupported simply because we have released a new version of the library. And we don't expect a package maintainer to fix our bugs for us.
+
+## Reporting a Vulnerability
+
+You can report a security related bug in the [GitHub bug tracker](https://github.com/weidai11/cryptopp) or at the [mailing list](https://groups.google.com/g/cryptopp-users).
+
+If we receive a report of a security related bug then we will ensure a Github issue is opened and we will make an announcement on the mailing list. If you corresponded by private email then we will open the Github issue and make the announcement.
+
+All information will be made public. We do not withhold information from users because stake holders need accurate information to access risk and place controls to remediate the risk.

Common/3dParty/cryptopp/adhoc.cpp.proto

@@ -18,7 +18,7 @@ USING_NAMESPACE(std)
 #endif
 
 // Used for testing the compiler and linker in cryptest.sh
-#if defined(CRYPTOPP_ADHOC_MAIN)
+#if defined(CRYPTOPP_ADHOC_MAIN) || defined(ADHOC_MAIN)
 
 int main(int argc, char *argv[])
 {

Common/3dParty/cryptopp/adler32.cpp

@@ -72,7 +72,7 @@ void Adler32::TruncatedFinal(byte *hash, size_t size)
 		hash[0] = byte(m_s2 >> 8);
 		// fall through
 	case 0:
-		;;
+		;
 		// fall through
 	}
 

Common/3dParty/cryptopp/adler32.h

@@ -14,7 +14,7 @@ NAMESPACE_BEGIN(CryptoPP)
 class Adler32 : public HashTransformation
 {
 public:
-	CRYPTOPP_CONSTANT(DIGESTSIZE = 4)
+	CRYPTOPP_CONSTANT(DIGESTSIZE = 4);
 	Adler32() {Reset();}
 	void Update(const byte *input, size_t length);
 	void TruncatedFinal(byte *hash, size_t size);

Common/3dParty/cryptopp/aes.h

@@ -20,7 +20,7 @@ NAMESPACE_BEGIN(CryptoPP)
 /// \sa <a href="http://www.cryptolounge.org/wiki/AES">AES</a> winner, announced on 10/2/2000
 /// \since Rijndael since Crypto++ 3.1, Intel AES-NI since Crypto++ 5.6.1, ARMv8 AES since Crypto++ 6.0,
 ///   Power8 AES since Crypto++ 6.0
-DOCUMENTED_TYPEDEF(Rijndael, AES)
+DOCUMENTED_TYPEDEF(Rijndael, AES);
 
 typedef RijndaelEncryption AESEncryption;
 typedef RijndaelDecryption AESDecryption;

Common/3dParty/cryptopp/aes_armv4.h

@@ -0,0 +1,30 @@
+/* Header file for use with Cryptogam's ARMv4 AES.         */
+/* Also see http://www.openssl.org/~appro/cryptogams/ and  */
+/* https://wiki.openssl.org/index.php?title=Cryptogams_AES */
+
+#ifndef CRYPTOGAMS_AES_ARMV4_H
+#define CRYPTOGAMS_AES_ARMV4_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+//#define AES_MAXNR 14
+//typedef struct AES_KEY_st {
+//    unsigned int rd_key[4 * (AES_MAXNR + 1)];
+//    int rounds;
+//} AES_KEY;
+
+// Instead of AES_KEY we use a 'word32 rkey[4*15+4]'. It has space for
+// both the AES_MAXNR round keys and the number of rounds in the tail.
+
+int cryptogams_AES_set_encrypt_key(const unsigned char *userKey, const int bits, unsigned int *rkey);
+int cryptogams_AES_set_decrypt_key(const unsigned char *userKey, const int bits, unsigned int *rkey);
+void cryptogams_AES_encrypt_block(const unsigned char *in, unsigned char *out, const unsigned int *rkey);
+void cryptogams_AES_decrypt_block(const unsigned char *in, unsigned char *out, const unsigned int *rkey);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  /* CRYPTOGAMS_AES_ARMV4_H */

Common/3dParty/cryptopp/algebra.cpp

@@ -260,7 +260,7 @@ void AbstractGroup<T>::SimultaneousMultiply(T *results, const T &base, const Int
 	exponents.reserve(expCount);
 	unsigned int i;
 
-	for (i=0; i<expCount; i++)
+	for (i=0; expBegin && i<expCount; i++)
 	{
 		CRYPTOPP_ASSERT(expBegin->NotNegative());
 		exponents.push_back(WindowSlider(*expBegin++, InversionIsFast(), 0));

Common/3dParty/cryptopp/algebra.h

@@ -33,56 +33,56 @@ public:
 	/// \brief Compare two elements for equality
 	/// \param a first element
 	/// \param b second element
-	/// \returns true if the elements are equal, false otherwise
+	/// \return true if the elements are equal, false otherwise
 	/// \details Equal() tests the elements for equality using <tt>a==b</tt>
 	virtual bool Equal(const Element &a, const Element &b) const =0;
 
 	/// \brief Provides the Identity element
-	/// \returns the Identity element
+	/// \return the Identity element
 	virtual const Element& Identity() const =0;
 
 	/// \brief Adds elements in the group
 	/// \param a first element
 	/// \param b second element
-	/// \returns the sum of <tt>a</tt> and <tt>b</tt>
+	/// \return the sum of <tt>a</tt> and <tt>b</tt>
 	virtual const Element& Add(const Element &a, const Element &b) const =0;
 
 	/// \brief Inverts the element in the group
 	/// \param a first element
-	/// \returns the inverse of the element
+	/// \return the inverse of the element
 	virtual const Element& Inverse(const Element &a) const =0;
 
 	/// \brief Determine if inversion is fast
-	/// \returns true if inversion is fast, false otherwise
+	/// \return true if inversion is fast, false otherwise
 	virtual bool InversionIsFast() const {return false;}
 
 	/// \brief Doubles an element in the group
 	/// \param a the element
-	/// \returns the element doubled
+	/// \return the element doubled
 	virtual const Element& Double(const Element &a) const;
 
 	/// \brief Subtracts elements in the group
 	/// \param a first element
 	/// \param b second element
-	/// \returns the difference of <tt>a</tt> and <tt>b</tt>. The element <tt>a</tt> must provide a Subtract member function.
+	/// \return the difference of <tt>a</tt> and <tt>b</tt>. The element <tt>a</tt> must provide a Subtract member function.
 	virtual const Element& Subtract(const Element &a, const Element &b) const;
 
 	/// \brief TODO
 	/// \param a first element
 	/// \param b second element
-	/// \returns TODO
+	/// \return TODO
 	virtual Element& Accumulate(Element &a, const Element &b) const;
 
 	/// \brief Reduces an element in the congruence class
 	/// \param a element to reduce
 	/// \param b the congruence class
-	/// \returns the reduced element
+	/// \return the reduced element
 	virtual Element& Reduce(Element &a, const Element &b) const;
 
 	/// \brief Performs a scalar multiplication
 	/// \param a multiplicand
 	/// \param e multiplier
-	/// \returns the product
+	/// \return the product
 	virtual Element ScalarMultiply(const Element &a, const Integer &e) const;
 
 	/// \brief TODO
@@ -90,7 +90,7 @@ public:
 	/// \param e1 the first multiplier
 	/// \param y second multiplicand
 	/// \param e2 the second multiplier
-	/// \returns TODO
+	/// \return TODO
 	virtual Element CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const;
 
 	/// \brief Multiplies a base to multiple exponents in a group
@@ -135,17 +135,17 @@ public:
 
 	/// \brief Determines whether an element is a unit in the group
 	/// \param a the element
-	/// \returns true if the element is a unit after reduction, false otherwise.
+	/// \return true if the element is a unit after reduction, false otherwise.
 	virtual bool IsUnit(const Element &a) const =0;
 
 	/// \brief Retrieves the multiplicative identity
-	/// \returns the multiplicative identity
+	/// \return the multiplicative identity
 	virtual const Element& MultiplicativeIdentity() const =0;
 
 	/// \brief Multiplies elements in the group
 	/// \param a the multiplicand
 	/// \param b the multiplier
-	/// \returns the product of a and b
+	/// \return the product of a and b
 	virtual const Element& Multiply(const Element &a, const Element &b) const =0;
 
 	/// \brief Calculate the multiplicative inverse of an element in the group
@@ -154,19 +154,19 @@ public:
 
 	/// \brief Square an element in the group
 	/// \param a the element
-	/// \returns the element squared
+	/// \return the element squared
 	virtual const Element& Square(const Element &a) const;
 
 	/// \brief Divides elements in the group
 	/// \param a the dividend
 	/// \param b the divisor
-	/// \returns the quotient
+	/// \return the quotient
 	virtual const Element& Divide(const Element &a, const Element &b) const;
 
 	/// \brief Raises a base to an exponent in the group
 	/// \param a the base
 	/// \param e the exponent
-	/// \returns the exponentiation
+	/// \return the exponentiation
 	virtual Element Exponentiate(const Element &a, const Integer &e) const;
 
 	/// \brief TODO
@@ -174,7 +174,7 @@ public:
 	/// \param e1 first exponent
 	/// \param y second element
 	/// \param e2 second exponent
-	/// \returns TODO
+	/// \return TODO
 	virtual Element CascadeExponentiate(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const;
 
 	/// \brief Exponentiates a base to multiple exponents in the Ring
@@ -190,7 +190,7 @@ public:
 	virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
 
 	/// \brief Retrieves the multiplicative group
-	/// \returns the multiplicative group
+	/// \return the multiplicative group
 	virtual const AbstractGroup<T>& MultiplicativeGroup() const
 		{return m_mg;}
 
@@ -288,13 +288,13 @@ public:
 	/// \brief Performs a modular reduction in the ring
 	/// \param a the element
 	/// \param b the modulus
-	/// \returns the result of <tt>a%b</tt>.
+	/// \return the result of <tt>a%b</tt>.
 	virtual const Element& Mod(const Element &a, const Element &b) const =0;
 
 	/// \brief Calculates the greatest common denominator in the ring
 	/// \param a the first element
 	/// \param b the second element
-	/// \returns the the greatest common denominator of a and b.
+	/// \return the greatest common denominator of a and b.
 	virtual const Element& Gcd(const Element &a, const Element &b) const;
 
 protected:

Common/3dParty/cryptopp/algparam.h

@@ -14,6 +14,10 @@
 #include "integer.h"
 #include "misc.h"
 
+#include <string>
+#include <typeinfo>
+#include <exception>
+
 NAMESPACE_BEGIN(CryptoPP)
 
 /// \brief Used to pass byte array input as part of a NameValuePairs object
@@ -28,7 +32,7 @@ public:
 	ConstByteArrayParameter(const char *data = NULLPTR, bool deepCopy = false)
 		: m_deepCopy(false), m_data(NULLPTR), m_size(0)
 	{
-		Assign((const byte *)data, data ? strlen(data) : 0, deepCopy);
+		Assign(reinterpret_cast<const byte *>(data), data ? strlen(data) : 0, deepCopy);
 	}
 
 	/// \brief Construct a ConstByteArrayParameter
@@ -44,8 +48,8 @@ public:
 	}
 
 	/// \brief Construct a ConstByteArrayParameter
-	/// \tparam T a std::basic_string<char> class
-	/// \param string a std::basic_string<char> class
+	/// \tparam T a std::basic_string<char> or std::vector<byte> class
+	/// \param string a std::basic_string<char> or std::vector<byte> object
 	/// \param deepCopy flag indicating whether the data should be copied
 	/// \details The deepCopy option is used when the NameValuePairs object can't
 	///   keep a copy of the data available
@@ -53,7 +57,7 @@ public:
 		: m_deepCopy(false), m_data(NULLPTR), m_size(0)
 	{
 		CRYPTOPP_COMPILE_ASSERT(sizeof(typename T::value_type) == 1);
-		Assign((const byte *)string.data(), string.size(), deepCopy);
+		Assign(reinterpret_cast<const byte *>(&string[0]), string.size(), deepCopy);
 	}
 
 	/// \brief Assign contents from a memory buffer
@@ -309,9 +313,9 @@ public:
 	virtual ~AlgorithmParametersBase() CRYPTOPP_THROW
 	{
 
-#if defined(CRYPTOPP_CXX17_EXCEPTIONS)
+#if defined(CRYPTOPP_CXX17_UNCAUGHT_EXCEPTIONS)
 		if (std::uncaught_exceptions() == 0)
-#elif defined(CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE)
+#elif defined(CRYPTOPP_CXX98_UNCAUGHT_EXCEPTION)
 		if (std::uncaught_exception() == false)
 #else
 		try
@@ -320,10 +324,12 @@ public:
 			if (m_throwIfNotUsed && !m_used)
 				throw ParameterNotUsed(m_name);
 		}
-#if !defined(CRYPTOPP_CXX17_EXCEPTIONS) && !defined(CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE)
+#if !defined(CRYPTOPP_CXX98_UNCAUGHT_EXCEPTION)
+# if !defined(CRYPTOPP_CXX17_UNCAUGHT_EXCEPTIONS)
 		catch(const Exception&)
 		{
 		}
+# endif
 #endif
 	}
 

Common/3dParty/cryptopp/allocate.cpp

@@ -0,0 +1,107 @@
+// allocate.cpp - written and placed in the public domain by Jeffrey Walton
+
+// The functions in allocate.h and allocate.cpp were originally in misc.h
+// and misc.cpp. They were extracted in September 2019 to sidestep a circular
+// dependency with misc.h and secblock.h.
+
+#include "pch.h"
+#include "config.h"
+
+#ifndef CRYPTOPP_IMPORTS
+
+#include "allocate.h"
+#include "stdcpp.h"
+#include "misc.h"
+#include "trap.h"
+
+// for memalign
+#if defined(CRYPTOPP_MEMALIGN_AVAILABLE) || defined(CRYPTOPP_MM_MALLOC_AVAILABLE) || defined(QNX)
+# include <malloc.h>
+#endif
+// for posix_memalign
+#if defined(CRYPTOPP_POSIX_MEMALIGN_AVAILABLE)
+# include <stdlib.h>
+#endif
+
+NAMESPACE_BEGIN(CryptoPP)
+
+void CallNewHandler()
+{
+	using std::new_handler;
+	using std::set_new_handler;
+
+	new_handler newHandler = set_new_handler(NULLPTR);
+	if (newHandler)
+		set_new_handler(newHandler);
+
+	if (newHandler)
+		newHandler();
+	else
+		throw std::bad_alloc();
+}
+
+void * AlignedAllocate(size_t size)
+{
+	byte *p;
+#if defined(CRYPTOPP_MM_MALLOC_AVAILABLE)
+	while ((p = (byte *)_mm_malloc(size, 16)) == NULLPTR)
+#elif defined(CRYPTOPP_MEMALIGN_AVAILABLE)
+	while ((p = (byte *)memalign(16, size)) == NULLPTR)
+#elif defined(CRYPTOPP_MALLOC_ALIGNMENT_IS_16)
+	while ((p = (byte *)malloc(size)) == NULLPTR)
+#elif defined(CRYPTOPP_POSIX_MEMALIGN_AVAILABLE)
+	while (posix_memalign(reinterpret_cast<void**>(&p), 16, size) != 0)
+#else
+	while ((p = (byte *)malloc(size + 16)) == NULLPTR)
+#endif
+		CallNewHandler();
+
+#ifdef CRYPTOPP_NO_ALIGNED_ALLOC
+	size_t adjustment = 16-((size_t)p%16);
+	CRYPTOPP_ASSERT(adjustment > 0);
+	p += adjustment;
+	p[-1] = (byte)adjustment;
+#endif
+
+	// If this assert fires then there are problems that need
+	// to be fixed. Please open a bug report.
+	CRYPTOPP_ASSERT(IsAlignedOn(p, 16));
+	return p;
+}
+
+void AlignedDeallocate(void *p)
+{
+	// Guard pointer due to crash on AIX when CRYPTOPP_NO_ALIGNED_ALLOC
+	// is in effect. The guard was previously in place in SecBlock,
+	// but it was removed at f4d68353ca7c as part of GH #875.
+	CRYPTOPP_ASSERT(p);
+
+	if (p != NULLPTR)
+	{
+#ifdef CRYPTOPP_MM_MALLOC_AVAILABLE
+		_mm_free(p);
+#elif defined(CRYPTOPP_NO_ALIGNED_ALLOC)
+		p = (byte *)p - ((byte *)p)[-1];
+		free(p);
+#else
+		free(p);
+#endif
+	}
+}
+
+void * UnalignedAllocate(size_t size)
+{
+	void *p;
+	while ((p = malloc(size)) == NULLPTR)
+		CallNewHandler();
+	return p;
+}
+
+void UnalignedDeallocate(void *p)
+{
+	free(p);
+}
+
+NAMESPACE_END
+
+#endif  // CRYPTOPP_IMPORTS

Common/3dParty/cryptopp/allocate.h

@@ -0,0 +1,74 @@
+// allocate.h - written and placed in the public domain by Jeffrey Walton
+
+// The functions in allocate.h and allocate.cpp were originally in misc.h
+// and misc.cpp. They were extracted in September 2019 to sidestep a circular
+// dependency with misc.h and secblock.h.
+
+/// \file allocate.h
+/// \brief Functions for allocating aligned buffers
+
+#ifndef CRYPTOPP_ALLOCATE_H
+#define CRYPTOPP_ALLOCATE_H
+
+#include "config.h"
+#include "cryptlib.h"
+
+NAMESPACE_BEGIN(CryptoPP)
+
+/// \brief Attempts to reclaim unused memory
+/// \throw bad_alloc
+/// \details In the normal course of running a program, a request for memory
+///  normally succeeds. If a call to AlignedAllocate or UnalignedAllocate fails,
+///  then CallNewHandler is called in n effort to recover. Internally,
+///  CallNewHandler calls set_new_handler(nullptr) in an effort to free memory.
+///  There is no guarantee CallNewHandler will be able to obtain more memory so
+///  an allocation succeeds. If the call to set_new_handler fails, then CallNewHandler
+///  throws a bad_alloc exception.
+/// \throw bad_alloc on failure
+/// \since Crypto++ 5.0
+/// \sa AlignedAllocate, AlignedDeallocate, UnalignedAllocate, UnalignedDeallocate
+CRYPTOPP_DLL void CRYPTOPP_API CallNewHandler();
+
+/// \brief Allocates a buffer on 16-byte boundary
+/// \param size the size of the buffer
+/// \details AlignedAllocate is primarily used when the data will be
+///  processed by SSE, NEON, ARMv8 or PowerPC instructions. The assembly
+///  language routines rely on the alignment. If the alignment is not
+///  respected, then a SIGBUS could be generated on Unix and Linux, and an
+///  EXCEPTION_DATATYPE_MISALIGNMENT could be generated on Windows.
+/// \details Formerly, AlignedAllocate and AlignedDeallocate were only
+///  available on certain platforms when CRYTPOPP_DISABLE_ASM was not in
+///  effect. However, Android and iOS debug simulator builds got into a
+///  state where the aligned allocator was not available and caused link
+///  failures.
+/// \since AlignedAllocate for SIMD since Crypto++ 1.0, AlignedAllocate
+///  for all builds since Crypto++ 8.1
+/// \sa AlignedDeallocate, UnalignedAllocate, UnalignedDeallocate, CallNewHandler,
+///  <A HREF="http://github.com/weidai11/cryptopp/issues/779">Issue 779</A>
+CRYPTOPP_DLL void* CRYPTOPP_API AlignedAllocate(size_t size);
+
+/// \brief Frees a buffer allocated with AlignedAllocate
+/// \param ptr the buffer to free
+/// \since AlignedDeallocate for SIMD since Crypto++ 1.0, AlignedAllocate
+///  for all builds since Crypto++ 8.1
+/// \sa AlignedAllocate, UnalignedAllocate, UnalignedDeallocate, CallNewHandler,
+///  <A HREF="http://github.com/weidai11/cryptopp/issues/779">Issue 779</A>
+CRYPTOPP_DLL void CRYPTOPP_API AlignedDeallocate(void *ptr);
+
+/// \brief Allocates a buffer
+/// \param size the size of the buffer
+/// \since Crypto++ 1.0
+/// \sa AlignedAllocate, AlignedDeallocate, UnalignedDeallocate, CallNewHandler,
+///  <A HREF="http://github.com/weidai11/cryptopp/issues/779">Issue 779</A>
+CRYPTOPP_DLL void * CRYPTOPP_API UnalignedAllocate(size_t size);
+
+/// \brief Frees a buffer allocated with UnalignedAllocate
+/// \param ptr the buffer to free
+/// \since Crypto++ 1.0
+/// \sa AlignedAllocate, AlignedDeallocate, UnalignedAllocate, CallNewHandler,
+///  <A HREF="http://github.com/weidai11/cryptopp/issues/779">Issue 779</A>
+CRYPTOPP_DLL void CRYPTOPP_API UnalignedDeallocate(void *ptr);
+
+NAMESPACE_END
+
+#endif  // CRYPTOPP_ALLOCATE_H

Common/3dParty/cryptopp/arc4.h

@@ -49,7 +49,7 @@ protected:
 /// \brief Alleged RC4
 /// \sa <a href="http://www.cryptopp.com/wiki/RC4">Alleged RC4</a>
 /// \since Crypto++ 3.1
-DOCUMENTED_TYPEDEF(SymmetricCipherFinal<ARC4_Base>, ARC4)
+DOCUMENTED_TYPEDEF(SymmetricCipherFinal<ARC4_Base>, ARC4);
 
 /// \brief MARC4 base class
 /// \details Implementations and overrides in \p Base apply to both \p ENCRYPTION and \p DECRYPTION directions
@@ -70,7 +70,7 @@ protected:
 /// \brief Modified Alleged RC4
 /// \sa <a href="http://www.cryptopp.com/wiki/RC4">Alleged RC4</a>
 /// \since Crypto++ 3.1
-DOCUMENTED_TYPEDEF(SymmetricCipherFinal<MARC4_Base>, MARC4)
+DOCUMENTED_TYPEDEF(SymmetricCipherFinal<MARC4_Base>, MARC4);
 
 }
 #if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1

Common/3dParty/cryptopp/aria.cpp

@@ -15,10 +15,6 @@
 # define CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS 1
 #endif
 
-// GCC cast warning. Note: this is used on round key table,
-// which is word32 and naturally aligned.
-#define UINT32_CAST(x) ((word32 *)(void *)(x))
-
 NAMESPACE_BEGIN(CryptoPP)
 NAMESPACE_BEGIN(ARIATab)
 
@@ -39,57 +35,75 @@ using CryptoPP::ARIATab::X1;
 using CryptoPP::ARIATab::X2;
 using CryptoPP::ARIATab::KRK;
 
-inline byte ARIA_BRF(const word32 x, const int y) {
-	return GETBYTE(x, y);
+inline word32* UINT32_CAST(const byte* ptr) {
+	return reinterpret_cast<word32*>(const_cast<byte*>(ptr));
 }
 
-// Key XOR Layer
-#define ARIA_KXL {  \
-    typedef BlockGetAndPut<word32, NativeByteOrder, true, true>  NativeBlock; \
-    NativeBlock::Put(rk, t)(t[0])(t[1])(t[2])(t[3]); \
-  }
+inline byte ARIA_BRF(const word32 x, const int y) {
+	return static_cast<byte>(GETBYTE(x, y));
+}
+
+// Key XOR Layer. Bumps the round key pointer.
+inline const byte* ARIA_KXL(const byte rk[16], word32 t[4]) {
+	typedef BlockGetAndPut<word32, NativeByteOrder, true, true>  NativeBlock;
+	NativeBlock::Put(rk, t)(t[0])(t[1])(t[2])(t[3]);
+	return rk+16;
+}
 
 // S-Box Layer 1 + M
-#define SBL1_M(T0,T1,T2,T3) {  \
-    T0=S1[ARIA_BRF(T0,3)]^S2[ARIA_BRF(T0,2)]^X1[ARIA_BRF(T0,1)]^X2[ARIA_BRF(T0,0)];  \
-    T1=S1[ARIA_BRF(T1,3)]^S2[ARIA_BRF(T1,2)]^X1[ARIA_BRF(T1,1)]^X2[ARIA_BRF(T1,0)];  \
-    T2=S1[ARIA_BRF(T2,3)]^S2[ARIA_BRF(T2,2)]^X1[ARIA_BRF(T2,1)]^X2[ARIA_BRF(T2,0)];  \
-    T3=S1[ARIA_BRF(T3,3)]^S2[ARIA_BRF(T3,2)]^X1[ARIA_BRF(T3,1)]^X2[ARIA_BRF(T3,0)];  \
-  }
+inline void SBL1_M(word32& T0, word32& T1, word32& T2, word32& T3) {
+	T0=S1[ARIA_BRF(T0,3)]^S2[ARIA_BRF(T0,2)]^X1[ARIA_BRF(T0,1)]^X2[ARIA_BRF(T0,0)];
+	T1=S1[ARIA_BRF(T1,3)]^S2[ARIA_BRF(T1,2)]^X1[ARIA_BRF(T1,1)]^X2[ARIA_BRF(T1,0)];
+	T2=S1[ARIA_BRF(T2,3)]^S2[ARIA_BRF(T2,2)]^X1[ARIA_BRF(T2,1)]^X2[ARIA_BRF(T2,0)];
+	T3=S1[ARIA_BRF(T3,3)]^S2[ARIA_BRF(T3,2)]^X1[ARIA_BRF(T3,1)]^X2[ARIA_BRF(T3,0)];
+}
 
 // S-Box Layer 2 + M
-#define SBL2_M(T0,T1,T2,T3) {  \
-    T0=X1[ARIA_BRF(T0,3)]^X2[ARIA_BRF(T0,2)]^S1[ARIA_BRF(T0,1)]^S2[ARIA_BRF(T0,0)];  \
-    T1=X1[ARIA_BRF(T1,3)]^X2[ARIA_BRF(T1,2)]^S1[ARIA_BRF(T1,1)]^S2[ARIA_BRF(T1,0)];  \
-    T2=X1[ARIA_BRF(T2,3)]^X2[ARIA_BRF(T2,2)]^S1[ARIA_BRF(T2,1)]^S2[ARIA_BRF(T2,0)];  \
-    T3=X1[ARIA_BRF(T3,3)]^X2[ARIA_BRF(T3,2)]^S1[ARIA_BRF(T3,1)]^S2[ARIA_BRF(T3,0)];  \
+inline void SBL2_M(word32& T0, word32& T1, word32& T2, word32& T3) {
+	T0=X1[ARIA_BRF(T0,3)]^X2[ARIA_BRF(T0,2)]^S1[ARIA_BRF(T0,1)]^S2[ARIA_BRF(T0,0)];
+	T1=X1[ARIA_BRF(T1,3)]^X2[ARIA_BRF(T1,2)]^S1[ARIA_BRF(T1,1)]^S2[ARIA_BRF(T1,0)];
+	T2=X1[ARIA_BRF(T2,3)]^X2[ARIA_BRF(T2,2)]^S1[ARIA_BRF(T2,1)]^S2[ARIA_BRF(T2,0)];
+	T3=X1[ARIA_BRF(T3,3)]^X2[ARIA_BRF(T3,2)]^S1[ARIA_BRF(T3,1)]^S2[ARIA_BRF(T3,0)];
   }
 
-#define ARIA_P(T0,T1,T2,T3) {                                  \
-    (T1) = (((T1)<< 8)&0xff00ff00) ^ (((T1)>> 8)&0x00ff00ff);  \
-    (T2) = rotrConstant<16>(T2);                               \
-    (T3) = ByteReverse((T3));                                  \
-  }
+inline void ARIA_P(word32& T0, word32& T1, word32& T2, word32& T3) {
+	CRYPTOPP_UNUSED(T0);
+	T1 = ((T1<< 8)&0xff00ff00) ^ ((T1>> 8)&0x00ff00ff);
+	T2 = rotrConstant<16>(T2);
+	T3 = ByteReverse((T3));
+}
 
-#define ARIA_M(X,Y) {						\
-    Y=(X)<<8 ^ (X)>>8 ^ (X)<<16 ^ (X)>>16 ^ (X)<<24 ^ (X)>>24;	\
-  }
+inline void ARIA_M(word32& X, word32& Y) {
+	Y=X<<8 ^ X>>8 ^ X<<16 ^ X>>16 ^ X<<24 ^ X>>24;
+}
 
-#define ARIA_MM(T0,T1,T2,T3) {           \
-    (T1)^=(T2); (T2)^=(T3); (T0)^=(T1);  \
-    (T3)^=(T1); (T2)^=(T0); (T1)^=(T2);  \
-  }
 
-#define ARIA_FO {SBL1_M(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3]) ARIA_P(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3])}
-#define ARIA_FE {SBL2_M(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3]) ARIA_P(t[2],t[3],t[0],t[1]) ARIA_MM(t[0],t[1],t[2],t[3])}
+inline void ARIA_MM(word32& T0, word32& T1, word32& T2, word32& T3) {
+	T1^=T2; T2^=T3; T0^=T1;
+	T3^=T1; T2^=T0; T1^=T2;
+}
+
+inline void ARIA_FO(word32 t[4]) {
+	SBL1_M(t[0],t[1],t[2],t[3]);
+	ARIA_MM(t[0],t[1],t[2],t[3]);
+	ARIA_P(t[0],t[1],t[2],t[3]);
+	ARIA_MM(t[0],t[1],t[2],t[3]);
+}
+
+inline void ARIA_FE(word32 t[4]) {
+	SBL2_M(t[0],t[1],t[2],t[3]);
+	ARIA_MM(t[0],t[1],t[2],t[3]);
+	ARIA_P(t[2],t[3],t[0],t[1]);
+	ARIA_MM(t[0],t[1],t[2],t[3]);
+}
 
 #if (CRYPTOPP_ARM_NEON_AVAILABLE)
 extern void ARIA_UncheckedSetKey_Schedule_NEON(byte* rk, word32* ws, unsigned int keylen);
-extern void ARIA_ProcessAndXorBlock_Xor_NEON(const byte* xorBlock, byte* outblock);
+extern void ARIA_ProcessAndXorBlock_NEON(const byte* xorBlock, byte* outblock, const byte *rk, word32 *t);
 #endif
 
 #if (CRYPTOPP_SSSE3_AVAILABLE)
-extern void ARIA_ProcessAndXorBlock_Xor_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t);
+extern void ARIA_ProcessAndXorBlock_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t);
 #endif
 
 // n-bit right shift of Y XORed to X
@@ -109,10 +123,9 @@ void ARIA::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const Nam
 {
 	CRYPTOPP_UNUSED(params);
 
-	m_rk.New(16*17);  // round keys
-	m_w.New(4*7);     // w0, w1, w2, w3, t and u
+	m_rk.New(16*17);   // round keys
+	m_w.New(4*7+4);	// w0, w1, w2, w3, t and u
 
-	const byte *mk = key;
 	byte *rk = m_rk.data();
 	int Q, q, R, r;
 
@@ -144,16 +157,14 @@ void ARIA::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const Nam
 	t[0]=w0[0]^KRK[q][0]; t[1]=w0[1]^KRK[q][1];
 	t[2]=w0[2]^KRK[q][2]; t[3]=w0[3]^KRK[q][3];
 
-	ARIA_FO;
+	ARIA_FO(t);
 
 	if (keylen == 32)
 	{
-		GetBlock<word32, BigEndian, false>block(mk+16);
 		block(w1[0])(w1[1])(w1[2])(w1[3]);
 	}
 	else if (keylen == 24)
 	{
-		GetBlock<word32, BigEndian, false>block(mk+16);
 		block(w1[0])(w1[1]); w1[2] = w1[3] = 0;
 	}
 	else
@@ -162,20 +173,20 @@ void ARIA::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const Nam
 	}
 
 	w1[0]^=t[0]; w1[1]^=t[1]; w1[2]^=t[2]; w1[3]^=t[3];
-	::memcpy(t, w1, 16);
+	std::memcpy(t, w1, 16);
 
 	q = (q==2) ? 0 : (q+1);
 	t[0]^=KRK[q][0]; t[1]^=KRK[q][1]; t[2]^=KRK[q][2]; t[3]^=KRK[q][3];
 
-	ARIA_FE;
+	ARIA_FE(t);
 
 	t[0]^=w0[0]; t[1]^=w0[1]; t[2]^=w0[2]; t[3]^=w0[3];
-	::memcpy(w2, t, 16);
+	std::memcpy(w2, t, 16);
 
 	q = (q==2) ? 0 : (q+1);
 	t[0]^=KRK[q][0]; t[1]^=KRK[q][1]; t[2]^=KRK[q][2]; t[3]^=KRK[q][3];
 
-	ARIA_FO;
+	ARIA_FO(t);
 
 	w3[0]=t[0]^w1[0]; w3[1]=t[1]^w1[1]; w3[2]=t[2]^w1[2]; w3[3]=t[3]^w1[3];
 
@@ -222,23 +233,23 @@ void ARIA::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const Nam
 		r = R; q = Q;
 
 		a=UINT32_CAST(rk); s=m_w.data()+24; z=a+r*4;
-		::memcpy(t, a, 16); ::memcpy(a, z, 16); ::memcpy(z, t, 16);
+		std::memcpy(t, a, 16); std::memcpy(a, z, 16); std::memcpy(z, t, 16);
 
 		a+=4; z-=4;
 		for (; a<z; a+=4, z-=4)
 		{
 			ARIA_M(a[0],t[0]); ARIA_M(a[1],t[1]); ARIA_M(a[2],t[2]); ARIA_M(a[3],t[3]);
 			ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
-			::memcpy(s, t, 16);
+			std::memcpy(s, t, 16);
 
 			ARIA_M(z[0],t[0]); ARIA_M(z[1],t[1]); ARIA_M(z[2],t[2]); ARIA_M(z[3],t[3]);
 			ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
-			::memcpy(a, t, 16); ::memcpy(z, s, 16);
+			std::memcpy(a, t, 16); std::memcpy(z, s, 16);
 		}
 
 		ARIA_M(a[0],t[0]); ARIA_M(a[1],t[1]); ARIA_M(a[2],t[2]); ARIA_M(a[3],t[3]);
 		ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
-		::memcpy(z, t, 16);
+		std::memcpy(z, t, 16);
 	}
 
 	// Silence warnings
@@ -266,32 +277,39 @@ void ARIA::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, b
 	block(t[0])(t[1])(t[2])(t[3]);
 
 	if (m_rounds > 12) {
-		ARIA_KXL; rk+= 16; ARIA_FO;
-		ARIA_KXL; rk+= 16; ARIA_FE;
+		rk = ARIA_KXL(rk, t); ARIA_FO(t);
+		rk = ARIA_KXL(rk, t); ARIA_FE(t);
 	}
 
 	if (m_rounds > 14) {
-		ARIA_KXL; rk+= 16; ARIA_FO;
-		ARIA_KXL; rk+= 16; ARIA_FE;
+		rk = ARIA_KXL(rk, t); ARIA_FO(t);
+		rk = ARIA_KXL(rk, t); ARIA_FE(t);
 	}
 
-	ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
-	ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
-	ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
-	ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
-	ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
-	ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16;
+	rk = ARIA_KXL(rk, t); ARIA_FO(t); rk = ARIA_KXL(rk, t); ARIA_FE(t);
+	rk = ARIA_KXL(rk, t); ARIA_FO(t); rk = ARIA_KXL(rk, t); ARIA_FE(t);
+	rk = ARIA_KXL(rk, t); ARIA_FO(t); rk = ARIA_KXL(rk, t); ARIA_FE(t);
+	rk = ARIA_KXL(rk, t); ARIA_FO(t); rk = ARIA_KXL(rk, t); ARIA_FE(t);
+	rk = ARIA_KXL(rk, t); ARIA_FO(t); rk = ARIA_KXL(rk, t); ARIA_FE(t);
+	rk = ARIA_KXL(rk, t); ARIA_FO(t); rk = ARIA_KXL(rk, t);
 
 #if CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS
 	if (HasSSSE3())
 	{
-		ARIA_ProcessAndXorBlock_Xor_SSSE3(xorBlock, outBlock, rk, t);
+		ARIA_ProcessAndXorBlock_SSSE3(xorBlock, outBlock, rk, t);
 		return;
 	}
 	else
 #endif  // CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS
-
-#ifdef CRYPTOPP_LITTLE_ENDIAN
+#if (CRYPTOPP_ARM_NEON_AVAILABLE)
+	if (HasNEON())
+	{
+		ARIA_ProcessAndXorBlock_NEON(xorBlock, outBlock, rk, t);
+		return;
+	}
+	else
+#endif  // CRYPTOPP_ARM_NEON_AVAILABLE
+#if (CRYPTOPP_LITTLE_ENDIAN)
 	{
 		outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)]   ) ^ rk[ 3];
 		outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 2];
@@ -331,19 +349,9 @@ void ARIA::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, b
 	}
 #endif  // CRYPTOPP_LITTLE_ENDIAN
 
-#if CRYPTOPP_ARM_NEON_AVAILABLE
-	if (HasNEON())
-	{
-		if (xorBlock != NULLPTR)
-			ARIA_ProcessAndXorBlock_Xor_NEON(xorBlock, outBlock);
-	}
-	else
-#endif  // CRYPTOPP_ARM_NEON_AVAILABLE
-	{
-		if (xorBlock != NULLPTR)
-			for (unsigned int n=0; n<ARIA::BLOCKSIZE; ++n)
-				outBlock[n] ^= xorBlock[n];
-	}
+	if (xorBlock != NULLPTR)
+		for (unsigned int n=0; n<ARIA::BLOCKSIZE; ++n)
+			outBlock[n] ^= xorBlock[n];
 }
 
 NAMESPACE_END

Common/3dParty/cryptopp/aria_simd.cpp

@@ -1,158 +1,194 @@
-// aria-simd.cpp - written and placed in the public domain by
-//                 Jeffrey Walton, Uri Blumenthal and Marcel Raad.
-//
-//    This source file uses intrinsics to gain access to ARMv7a and
-//    ARMv8a NEON instructions. A separate source file is needed
-//    because additional CXXFLAGS are required to enable the
-//    appropriate instructions sets in some build configurations.
-
-#include "pch.h"
-#include "config.h"
-#include "misc.h"
-
-#if (CRYPTOPP_SSSE3_AVAILABLE)
-# include <tmmintrin.h>
-#endif
-
-#if (CRYPTOPP_ARM_NEON_AVAILABLE)
-# include <arm_neon.h>
-#endif
-
-// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many
-// compilers don't follow ACLE conventions for the include.
-#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE)
-# include <stdint.h>
-# include <arm_acle.h>
-#endif
-
-// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670
-#define M128_CAST(x) ((__m128i *)(void *)(x))
-#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
-
-// GCC cast warning
-#define UINT32_CAST(x) ((uint32_t *)(void *)(x))
-#define CONST_UINT32_CAST(x) ((const uint32_t *)(const void *)(x))
-
-NAMESPACE_BEGIN(CryptoPP)
-NAMESPACE_BEGIN(ARIATab)
-
-extern const word32 S1[256];
-extern const word32 S2[256];
-extern const word32 X1[256];
-extern const word32 X2[256];
-extern const word32 KRK[3][4];
-
-NAMESPACE_END
-NAMESPACE_END
-
-NAMESPACE_BEGIN(CryptoPP)
-
-using CryptoPP::ARIATab::S1;
-using CryptoPP::ARIATab::S2;
-using CryptoPP::ARIATab::X1;
-using CryptoPP::ARIATab::X2;
-using CryptoPP::ARIATab::KRK;
-
-#if (CRYPTOPP_ARM_NEON_AVAILABLE)
-
-template <unsigned int N>
-inline void ARIA_GSRK_NEON(const uint32x4_t X, const uint32x4_t Y, byte RK[16])
-{
-	static const unsigned int Q1 = (4-(N/32)) % 4;
-	static const unsigned int Q2 = (3-(N/32)) % 4;
-	static const unsigned int R = N % 32;
-
-	vst1q_u32(UINT32_CAST(RK),
-		veorq_u32(X, veorq_u32(
-			vshrq_n_u32(vextq_u32(Y, Y, Q1), R),
-			vshlq_n_u32(vextq_u32(Y, Y, Q2), 32-R))));
-}
-
-void ARIA_UncheckedSetKey_Schedule_NEON(byte* rk, word32* ws, unsigned int keylen)
-{
-	const uint32x4_t w0 = vld1q_u32(CONST_UINT32_CAST(ws+ 0));
-	const uint32x4_t w1 = vld1q_u32(CONST_UINT32_CAST(ws+ 8));
-	const uint32x4_t w2 = vld1q_u32(CONST_UINT32_CAST(ws+12));
-	const uint32x4_t w3 = vld1q_u32(CONST_UINT32_CAST(ws+16));
-
-	ARIA_GSRK_NEON<19>(w0, w1, rk +   0);
-	ARIA_GSRK_NEON<19>(w1, w2, rk +  16);
-	ARIA_GSRK_NEON<19>(w2, w3, rk +  32);
-	ARIA_GSRK_NEON<19>(w3, w0, rk +  48);
-	ARIA_GSRK_NEON<31>(w0, w1, rk +  64);
-	ARIA_GSRK_NEON<31>(w1, w2, rk +  80);
-	ARIA_GSRK_NEON<31>(w2, w3, rk +  96);
-	ARIA_GSRK_NEON<31>(w3, w0, rk + 112);
-	ARIA_GSRK_NEON<67>(w0, w1, rk + 128);
-	ARIA_GSRK_NEON<67>(w1, w2, rk + 144);
-	ARIA_GSRK_NEON<67>(w2, w3, rk + 160);
-	ARIA_GSRK_NEON<67>(w3, w0, rk + 176);
-	ARIA_GSRK_NEON<97>(w0, w1, rk + 192);
-
-	if (keylen > 16)
-	{
-		ARIA_GSRK_NEON<97>(w1, w2, rk + 208);
-		ARIA_GSRK_NEON<97>(w2, w3, rk + 224);
-
-		if (keylen > 24)
-		{
-			ARIA_GSRK_NEON< 97>(w3, w0, rk + 240);
-			ARIA_GSRK_NEON<109>(w0, w1, rk + 256);
-		}
-	}
-}
-
-void ARIA_ProcessAndXorBlock_Xor_NEON(const byte* xorBlock, byte* outBlock)
-{
-	vst1q_u32(UINT32_CAST(outBlock), veorq_u32(
-		vld1q_u32(CONST_UINT32_CAST(outBlock)),
-		vld1q_u32(CONST_UINT32_CAST(xorBlock))));
-}
-
-#endif  // CRYPTOPP_ARM_NEON_AVAILABLE
-
-#if (CRYPTOPP_SSSE3_AVAILABLE)
-
-inline byte ARIA_BRF(const word32 x, const int y) {
-	return GETBYTE(x, y);
-}
-
-void ARIA_ProcessAndXorBlock_Xor_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t)
-{
-	const __m128i MASK = _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3);
-
-	outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)]   );
-	outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8);
-	outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)]   );
-	outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)]   );
-	outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)]   );
-	outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8);
-	outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)]   );
-	outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)]   );
-	outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)]   );
-	outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8);
-	outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)]   );
-	outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)]   );
-	outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)]   );
-	outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8);
-	outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)]   );
-	outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)]   );
-
-	// 'outBlock' may be unaligned.
-	_mm_storeu_si128(M128_CAST(outBlock),
-		_mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(outBlock)),
-			_mm_shuffle_epi8(_mm_load_si128(CONST_M128_CAST(rk)), MASK)));
-
-	// 'outBlock' and 'xorBlock' may be unaligned.
-	if (xorBlock != NULLPTR)
-	{
-		_mm_storeu_si128(M128_CAST(outBlock),
-			_mm_xor_si128(
-				_mm_loadu_si128(CONST_M128_CAST(outBlock)),
-				_mm_loadu_si128(CONST_M128_CAST(xorBlock))));
-	}
-}
-
-#endif  // CRYPTOPP_SSSE3_AVAILABLE
-
-NAMESPACE_END
+// aria_simd.cpp - written and placed in the public domain by
+//                 Jeffrey Walton, Uri Blumenthal and Marcel Raad.
+//
+//    This source file uses intrinsics to gain access to ARMv7a and
+//    ARMv8a NEON instructions. A separate source file is needed
+//    because additional CXXFLAGS are required to enable the
+//    appropriate instructions sets in some build configurations.
+
+#include "pch.h"
+#include "config.h"
+#include "misc.h"
+
+#if (CRYPTOPP_SSSE3_AVAILABLE)
+# include <tmmintrin.h>
+#endif
+
+#if (CRYPTOPP_ARM_NEON_HEADER)
+# include <arm_neon.h>
+#endif
+
+#if (CRYPTOPP_ARM_ACLE_HEADER)
+# include <stdint.h>
+# include <arm_acle.h>
+#endif
+
+// Squash MS LNK4221 and libtool warnings
+extern const char ARIA_SIMD_FNAME[] = __FILE__;
+
+NAMESPACE_BEGIN(CryptoPP)
+NAMESPACE_BEGIN(ARIATab)
+
+extern const word32 S1[256];
+extern const word32 S2[256];
+extern const word32 X1[256];
+extern const word32 X2[256];
+extern const word32 KRK[3][4];
+
+NAMESPACE_END
+NAMESPACE_END
+
+ANONYMOUS_NAMESPACE_BEGIN
+
+using CryptoPP::byte;
+using CryptoPP::word32;
+
+inline byte ARIA_BRF(const word32 x, const int y) {
+	return static_cast<byte>(GETBYTE(x, y));
+}
+
+ANONYMOUS_NAMESPACE_END
+
+NAMESPACE_BEGIN(CryptoPP)
+
+using CryptoPP::ARIATab::S1;
+using CryptoPP::ARIATab::S2;
+using CryptoPP::ARIATab::X1;
+using CryptoPP::ARIATab::X2;
+using CryptoPP::ARIATab::KRK;
+
+#if (CRYPTOPP_ARM_NEON_AVAILABLE)
+
+template <unsigned int N>
+inline void ARIA_GSRK_NEON(const uint32x4_t X, const uint32x4_t Y, byte RK[16])
+{
+	enum { Q1 = (4-(N/32)) % 4,
+	       Q2 = (3-(N/32)) % 4,
+	       R = N % 32
+	};
+
+	vst1q_u8(RK, vreinterpretq_u8_u32(
+		veorq_u32(X, veorq_u32(
+			vshrq_n_u32(vextq_u32(Y, Y, Q1), R),
+			vshlq_n_u32(vextq_u32(Y, Y, Q2), 32-R)))));
+}
+
+void ARIA_UncheckedSetKey_Schedule_NEON(byte* rk, word32* ws, unsigned int keylen)
+{
+	const uint32x4_t w0 = vld1q_u32(ws+ 0);
+	const uint32x4_t w1 = vld1q_u32(ws+ 8);
+	const uint32x4_t w2 = vld1q_u32(ws+12);
+	const uint32x4_t w3 = vld1q_u32(ws+16);
+
+	ARIA_GSRK_NEON<19>(w0, w1, rk +   0);
+	ARIA_GSRK_NEON<19>(w1, w2, rk +  16);
+	ARIA_GSRK_NEON<19>(w2, w3, rk +  32);
+	ARIA_GSRK_NEON<19>(w3, w0, rk +  48);
+	ARIA_GSRK_NEON<31>(w0, w1, rk +  64);
+	ARIA_GSRK_NEON<31>(w1, w2, rk +  80);
+	ARIA_GSRK_NEON<31>(w2, w3, rk +  96);
+	ARIA_GSRK_NEON<31>(w3, w0, rk + 112);
+	ARIA_GSRK_NEON<67>(w0, w1, rk + 128);
+	ARIA_GSRK_NEON<67>(w1, w2, rk + 144);
+	ARIA_GSRK_NEON<67>(w2, w3, rk + 160);
+	ARIA_GSRK_NEON<67>(w3, w0, rk + 176);
+	ARIA_GSRK_NEON<97>(w0, w1, rk + 192);
+
+	if (keylen > 16)
+	{
+		ARIA_GSRK_NEON<97>(w1, w2, rk + 208);
+		ARIA_GSRK_NEON<97>(w2, w3, rk + 224);
+
+		if (keylen > 24)
+		{
+			ARIA_GSRK_NEON< 97>(w3, w0, rk + 240);
+			ARIA_GSRK_NEON<109>(w0, w1, rk + 256);
+		}
+	}
+}
+
+void ARIA_ProcessAndXorBlock_NEON(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t)
+{
+	outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)]   );
+	outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8);
+	outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)]   );
+	outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)]   );
+	outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)]   );
+	outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8);
+	outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)]   );
+	outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)]   );
+	outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)]   );
+	outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8);
+	outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)]   );
+	outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)]   );
+	outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)]   );
+	outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8);
+	outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)]   );
+	outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)]   );
+
+	// 'outBlock' and 'xorBlock' may be unaligned.
+	if (xorBlock != NULLPTR)
+	{
+		vst1q_u8(outBlock,
+			veorq_u8(
+				vld1q_u8(xorBlock),
+				veorq_u8(
+					vld1q_u8(outBlock),
+					vrev32q_u8(vld1q_u8((rk))))));
+	}
+	else
+	{
+		vst1q_u8(outBlock,
+			veorq_u8(
+				vld1q_u8(outBlock),
+				vrev32q_u8(vld1q_u8(rk))));
+	}
+}
+
+#endif  // CRYPTOPP_ARM_NEON_AVAILABLE
+
+#if (CRYPTOPP_SSSE3_AVAILABLE)
+
+void ARIA_ProcessAndXorBlock_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t)
+{
+	const __m128i MASK = _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3);
+
+	outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)]   );
+	outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8);
+	outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)]   );
+	outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)]   );
+	outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)]   );
+	outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8);
+	outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)]   );
+	outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)]   );
+	outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)]   );
+	outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8);
+	outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)]   );
+	outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)]   );
+	outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)]   );
+	outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8);
+	outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)]   );
+	outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)]   );
+
+	// 'outBlock' and 'xorBlock' may be unaligned.
+	if (xorBlock != NULLPTR)
+	{
+		_mm_storeu_si128(M128_CAST(outBlock),
+			_mm_xor_si128(
+				_mm_loadu_si128(CONST_M128_CAST(xorBlock)),
+				_mm_xor_si128(
+					_mm_loadu_si128(CONST_M128_CAST(outBlock)),
+					_mm_shuffle_epi8(_mm_load_si128(CONST_M128_CAST(rk)), MASK)))
+			);
+	}
+	else
+	{
+		_mm_storeu_si128(M128_CAST(outBlock),
+			_mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(outBlock)),
+				_mm_shuffle_epi8(_mm_load_si128(CONST_M128_CAST(rk)), MASK)));
+	}
+}
+
+#endif  // CRYPTOPP_SSSE3_AVAILABLE
+
+NAMESPACE_END

Common/3dParty/cryptopp/arm_simd.h

@@ -0,0 +1,427 @@
+// arm_simd.h - written and placed in public domain by Jeffrey Walton
+
+/// \file arm_simd.h
+/// \brief Support functions for ARM and vector operations
+
+#ifndef CRYPTOPP_ARM_SIMD_H
+#define CRYPTOPP_ARM_SIMD_H
+
+#include "config.h"
+
+#if (CRYPTOPP_ARM_NEON_HEADER)
+# include <stdint.h>
+# include <arm_neon.h>
+#endif
+
+#if (CRYPTOPP_ARM_ACLE_HEADER)
+# include <stdint.h>
+# include <arm_acle.h>
+#endif
+
+#if (CRYPTOPP_ARM_CRC32_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING)
+///	\name CRC32 checksum
+//@{
+
+/// \brief CRC32 checksum
+/// \param crc the starting crc value
+/// \param val the value to checksum
+/// \return CRC32 value
+/// \since Crypto++ 8.6
+inline uint32_t CRC32B (uint32_t crc, uint8_t val)
+{
+#if defined(_MSC_VER)
+	return __crc32b(crc, val);
+#else
+    __asm__ ("crc32b   %w0, %w0, %w1   \n\t"
+            :"+r" (crc) : "r" (val) );
+    return crc;
+#endif
+}
+
+/// \brief CRC32 checksum
+/// \param crc the starting crc value
+/// \param val the value to checksum
+/// \return CRC32 value
+/// \since Crypto++ 8.6
+inline uint32_t CRC32W (uint32_t crc, uint32_t val)
+{
+#if defined(_MSC_VER)
+	return __crc32w(crc, val);
+#else
+    __asm__ ("crc32w   %w0, %w0, %w1   \n\t"
+            :"+r" (crc) : "r" (val) );
+    return crc;
+#endif
+}
+
+/// \brief CRC32 checksum
+/// \param crc the starting crc value
+/// \param vals the values to checksum
+/// \return CRC32 value
+/// \since Crypto++ 8.6
+inline uint32_t CRC32Wx4 (uint32_t crc, const uint32_t vals[4])
+{
+#if defined(_MSC_VER)
+	return __crc32w(__crc32w(__crc32w(__crc32w(
+             crc, vals[0]), vals[1]), vals[2]), vals[3]);
+#else
+    __asm__ ("crc32w   %w0, %w0, %w1   \n\t"
+             "crc32w   %w0, %w0, %w2   \n\t"
+             "crc32w   %w0, %w0, %w3   \n\t"
+             "crc32w   %w0, %w0, %w4   \n\t"
+            :"+r" (crc) : "r" (vals[0]), "r" (vals[1]),
+                          "r" (vals[2]), "r" (vals[3]));
+    return crc;
+#endif
+}
+
+//@}
+///	\name CRC32-C checksum
+
+/// \brief CRC32-C checksum
+/// \param crc the starting crc value
+/// \param val the value to checksum
+/// \return CRC32-C value
+/// \since Crypto++ 8.6
+inline uint32_t CRC32CB (uint32_t crc, uint8_t val)
+{
+#if defined(_MSC_VER)
+	return __crc32cb(crc, val);
+#else
+    __asm__ ("crc32cb   %w0, %w0, %w1   \n\t"
+            :"+r" (crc) : "r" (val) );
+    return crc;
+#endif
+}
+
+/// \brief CRC32-C checksum
+/// \param crc the starting crc value
+/// \param val the value to checksum
+/// \return CRC32-C value
+/// \since Crypto++ 8.6
+inline uint32_t CRC32CW (uint32_t crc, uint32_t val)
+{
+#if defined(_MSC_VER)
+	return __crc32cw(crc, val);
+#else
+    __asm__ ("crc32cw   %w0, %w0, %w1   \n\t"
+            :"+r" (crc) : "r" (val) );
+    return crc;
+#endif
+}
+
+/// \brief CRC32-C checksum
+/// \param crc the starting crc value
+/// \param vals the values to checksum
+/// \return CRC32-C value
+/// \since Crypto++ 8.6
+inline uint32_t CRC32CWx4 (uint32_t crc, const uint32_t vals[4])
+{
+#if defined(_MSC_VER)
+	return __crc32cw(__crc32cw(__crc32cw(__crc32cw(
+             crc, vals[0]), vals[1]), vals[2]), vals[3]);
+#else
+    __asm__ ("crc32cw   %w0, %w0, %w1   \n\t"
+             "crc32cw   %w0, %w0, %w2   \n\t"
+             "crc32cw   %w0, %w0, %w3   \n\t"
+             "crc32cw   %w0, %w0, %w4   \n\t"
+            :"+r" (crc) : "r" (vals[0]), "r" (vals[1]),
+                          "r" (vals[2]), "r" (vals[3]));
+    return crc;
+#endif
+}
+//@}
+#endif  // CRYPTOPP_ARM_CRC32_AVAILABLE
+
+#if (CRYPTOPP_ARM_PMULL_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING)
+///	\name Polynomial multiplication
+//@{
+
+/// \brief Polynomial multiplication
+/// \param a the first value
+/// \param b the second value
+/// \return vector product
+/// \details PMULL_00() performs polynomial multiplication and presents
+///  the result like Intel's <tt>c = _mm_clmulepi64_si128(a, b, 0x00)</tt>.
+///  The <tt>0x00</tt> indicates the low 64-bits of <tt>a</tt> and <tt>b</tt>
+///  are multiplied.
+/// \note An Intel XMM register is composed of 128-bits. The leftmost bit
+///  is MSB and numbered 127, while the rightmost bit is LSB and
+///  numbered 0.
+/// \since Crypto++ 8.0
+inline uint64x2_t PMULL_00(const uint64x2_t a, const uint64x2_t b)
+{
+#if defined(_MSC_VER)
+    const __n64 x = { vgetq_lane_u64(a, 0) };
+    const __n64 y = { vgetq_lane_u64(b, 0) };
+    return vmull_p64(x, y);
+#elif defined(__GNUC__)
+    uint64x2_t r;
+    __asm__ ("pmull    %0.1q, %1.1d, %2.1d   \n\t"
+            :"=w" (r) : "w" (a), "w" (b) );
+    return r;
+#else
+    return (uint64x2_t)(vmull_p64(
+        vgetq_lane_u64(vreinterpretq_u64_u8(a),0),
+        vgetq_lane_u64(vreinterpretq_u64_u8(b),0)));
+#endif
+}
+
+/// \brief Polynomial multiplication
+/// \param a the first value
+/// \param b the second value
+/// \return vector product
+/// \details PMULL_01 performs() polynomial multiplication and presents
+///  the result like Intel's <tt>c = _mm_clmulepi64_si128(a, b, 0x01)</tt>.
+///  The <tt>0x01</tt> indicates the low 64-bits of <tt>a</tt> and high
+///  64-bits of <tt>b</tt> are multiplied.
+/// \note An Intel XMM register is composed of 128-bits. The leftmost bit
+///  is MSB and numbered 127, while the rightmost bit is LSB and
+///  numbered 0.
+/// \since Crypto++ 8.0
+inline uint64x2_t PMULL_01(const uint64x2_t a, const uint64x2_t b)
+{
+#if defined(_MSC_VER)
+    const __n64 x = { vgetq_lane_u64(a, 0) };
+    const __n64 y = { vgetq_lane_u64(b, 1) };
+    return vmull_p64(x, y);
+#elif defined(__GNUC__)
+    uint64x2_t r;
+    __asm__ ("pmull    %0.1q, %1.1d, %2.1d   \n\t"
+            :"=w" (r) : "w" (a), "w" (vget_high_u64(b)) );
+    return r;
+#else
+    return (uint64x2_t)(vmull_p64(
+        vgetq_lane_u64(vreinterpretq_u64_u8(a),0),
+        vgetq_lane_u64(vreinterpretq_u64_u8(b),1)));
+#endif
+}
+
+/// \brief Polynomial multiplication
+/// \param a the first value
+/// \param b the second value
+/// \return vector product
+/// \details PMULL_10() performs polynomial multiplication and presents
+///  the result like Intel's <tt>c = _mm_clmulepi64_si128(a, b, 0x10)</tt>.
+///  The <tt>0x10</tt> indicates the high 64-bits of <tt>a</tt> and low
+///  64-bits of <tt>b</tt> are multiplied.
+/// \note An Intel XMM register is composed of 128-bits. The leftmost bit
+///  is MSB and numbered 127, while the rightmost bit is LSB and
+///  numbered 0.
+/// \since Crypto++ 8.0
+inline uint64x2_t PMULL_10(const uint64x2_t a, const uint64x2_t b)
+{
+#if defined(_MSC_VER)
+    const __n64 x = { vgetq_lane_u64(a, 1) };
+    const __n64 y = { vgetq_lane_u64(b, 0) };
+    return vmull_p64(x, y);
+#elif defined(__GNUC__)
+    uint64x2_t r;
+    __asm__ ("pmull    %0.1q, %1.1d, %2.1d   \n\t"
+            :"=w" (r) : "w" (vget_high_u64(a)), "w" (b) );
+    return r;
+#else
+    return (uint64x2_t)(vmull_p64(
+        vgetq_lane_u64(vreinterpretq_u64_u8(a),1),
+        vgetq_lane_u64(vreinterpretq_u64_u8(b),0)));
+#endif
+}
+
+/// \brief Polynomial multiplication
+/// \param a the first value
+/// \param b the second value
+/// \return vector product
+/// \details PMULL_11() performs polynomial multiplication and presents
+///  the result like Intel's <tt>c = _mm_clmulepi64_si128(a, b, 0x11)</tt>.
+///  The <tt>0x11</tt> indicates the high 64-bits of <tt>a</tt> and <tt>b</tt>
+///  are multiplied.
+/// \note An Intel XMM register is composed of 128-bits. The leftmost bit
+///  is MSB and numbered 127, while the rightmost bit is LSB and
+///  numbered 0.
+/// \since Crypto++ 8.0
+inline uint64x2_t PMULL_11(const uint64x2_t a, const uint64x2_t b)
+{
+#if defined(_MSC_VER)
+    const __n64 x = { vgetq_lane_u64(a, 1) };
+    const __n64 y = { vgetq_lane_u64(b, 1) };
+    return vmull_p64(x, y);
+#elif defined(__GNUC__)
+    uint64x2_t r;
+    __asm__ ("pmull2   %0.1q, %1.2d, %2.2d   \n\t"
+            :"=w" (r) : "w" (a), "w" (b) );
+    return r;
+#else
+    return (uint64x2_t)(vmull_p64(
+        vgetq_lane_u64(vreinterpretq_u64_u8(a),1),
+        vgetq_lane_u64(vreinterpretq_u64_u8(b),1)));
+#endif
+}
+
+/// \brief Polynomial multiplication
+/// \param a the first value
+/// \param b the second value
+/// \return vector product
+/// \details PMULL() performs vmull_p64(). PMULL is provided as
+///  GCC inline assembly due to Clang and lack of support for the intrinsic.
+/// \since Crypto++ 8.0
+inline uint64x2_t PMULL(const uint64x2_t a, const uint64x2_t b)
+{
+#if defined(_MSC_VER)
+    const __n64 x = { vgetq_lane_u64(a, 0) };
+    const __n64 y = { vgetq_lane_u64(b, 0) };
+    return vmull_p64(x, y);
+#elif defined(__GNUC__)
+    uint64x2_t r;
+    __asm__ ("pmull    %0.1q, %1.1d, %2.1d   \n\t"
+            :"=w" (r) : "w" (a), "w" (b) );
+    return r;
+#else
+    return (uint64x2_t)(vmull_p64(
+        vgetq_lane_u64(vreinterpretq_u64_u8(a),0),
+        vgetq_lane_u64(vreinterpretq_u64_u8(b),0)));
+#endif
+}
+
+/// \brief Polynomial multiplication
+/// \param a the first value
+/// \param b the second value
+/// \return vector product
+/// \details PMULL_HIGH() performs vmull_high_p64(). PMULL_HIGH is provided as
+///  GCC inline assembly due to Clang and lack of support for the intrinsic.
+/// \since Crypto++ 8.0
+inline uint64x2_t PMULL_HIGH(const uint64x2_t a, const uint64x2_t b)
+{
+#if defined(_MSC_VER)
+    const __n64 x = { vgetq_lane_u64(a, 1) };
+    const __n64 y = { vgetq_lane_u64(b, 1) };
+    return vmull_p64(x, y);
+#elif defined(__GNUC__)
+    uint64x2_t r;
+    __asm__ ("pmull2   %0.1q, %1.2d, %2.2d   \n\t"
+            :"=w" (r) : "w" (a), "w" (b) );
+    return r;
+#else
+    return (uint64x2_t)(vmull_p64(
+        vgetq_lane_u64(vreinterpretq_u64_u8(a),1),
+        vgetq_lane_u64(vreinterpretq_u64_u8(b),1))));
+#endif
+}
+
+/// \brief Vector extraction
+/// \tparam C the byte count
+/// \param a the first value
+/// \param b the second value
+/// \return vector
+/// \details VEXT_U8() extracts the first <tt>C</tt> bytes of vector
+///  <tt>a</tt> and the remaining bytes in <tt>b</tt>. VEXT_U8 is provided
+///  as GCC inline assembly due to Clang and lack of support for the intrinsic.
+/// \since Crypto++ 8.0
+template <unsigned int C>
+inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b)
+{
+    // https://github.com/weidai11/cryptopp/issues/366
+#if defined(_MSC_VER)
+    return vreinterpretq_u64_u8(vextq_u8(
+        vreinterpretq_u8_u64(a), vreinterpretq_u8_u64(b), C));
+#else
+    uint64x2_t r;
+    __asm__ ("ext   %0.16b, %1.16b, %2.16b, %3   \n\t"
+            :"=w" (r) : "w" (a), "w" (b), "I" (C) );
+    return r;
+#endif
+}
+
+//@}
+#endif // CRYPTOPP_ARM_PMULL_AVAILABLE
+
+#if CRYPTOPP_ARM_SHA3_AVAILABLE  || defined(CRYPTOPP_DOXYGEN_PROCESSING)
+///	\name ARMv8.2 operations
+//@{
+
+/// \brief Three-way XOR
+/// \param a the first value
+/// \param b the second value
+/// \param c the third value
+/// \return three-way exclusive OR of the values
+/// \details VEOR3() performs veor3q_u64(). VEOR3 is provided as GCC inline assembly due
+///  to Clang and lack of support for the intrinsic.
+/// \details VEOR3 requires ARMv8.2.
+/// \since Crypto++ 8.6
+inline uint64x2_t VEOR3(uint64x2_t a, uint64x2_t b, uint64x2_t c)
+{
+#if defined(_MSC_VER)
+    return veor3q_u64(a, b, c);
+#else
+    uint64x2_t r;
+    __asm__ ("eor3   %0.16b, %1.16b, %2.16b, %3.16b   \n\t"
+            :"=w" (r) : "w" (a), "w" (b), "w" (c));
+    return r;
+#endif
+}
+
+/// \brief XOR and rotate
+/// \param a the first value
+/// \param b the second value
+/// \param c the third value
+/// \return two-way exclusive OR of the values, then rotated by c
+/// \details VXARQ() performs vxarq_u64(). VXARQ is provided as GCC inline assembly due
+///  to Clang and lack of support for the intrinsic.
+/// \details VXARQ requires ARMv8.2.
+/// \since Crypto++ 8.6
+inline uint64x2_t VXAR(uint64x2_t a, uint64x2_t b, const int c)
+{
+#if defined(_MSC_VER)
+    return vxarq_u64(a, b, c);
+#else
+    uint64x2_t r;
+    __asm__ ("xar   %0.2d, %1.2d, %2.2d, %3   \n\t"
+            :"=w" (r) : "w" (a), "w" (b), "I" (c));
+    return r;
+#endif
+}
+
+/// \brief XOR and rotate
+/// \tparam C the rotate amount
+/// \param a the first value
+/// \param b the second value
+/// \return two-way exclusive OR of the values, then rotated by C
+/// \details VXARQ() performs vxarq_u64(). VXARQ is provided as GCC inline assembly due
+///  to Clang and lack of support for the intrinsic.
+/// \details VXARQ requires ARMv8.2.
+/// \since Crypto++ 8.6
+template <unsigned int C>
+inline uint64x2_t VXAR(uint64x2_t a, uint64x2_t b)
+{
+#if defined(_MSC_VER)
+    return vxarq_u64(a, b, C);
+#else
+    uint64x2_t r;
+    __asm__ ("xar   %0.2d, %1.2d, %2.2d, %3   \n\t"
+            :"=w" (r) : "w" (a), "w" (b), "I" (C));
+    return r;
+#endif
+}
+
+/// \brief XOR and rotate
+/// \param a the first value
+/// \param b the second value
+/// \return two-way exclusive OR of the values, then rotated 1-bit
+/// \details VRAX1() performs vrax1q_u64(). VRAX1 is provided as GCC inline assembly due
+///  to Clang and lack of support for the intrinsic.
+/// \details VRAX1 requires ARMv8.2.
+/// \since Crypto++ 8.6
+inline uint64x2_t VRAX1(uint64x2_t a, uint64x2_t b)
+{
+#if defined(_MSC_VER)
+    return vrax1q_u64(a, b);
+#else
+    uint64x2_t r;
+    __asm__ ("rax1   %0.2d, %1.2d, %2.2d   \n\t"
+            :"=w" (r) : "w" (a), "w" (b));
+    return r;
+#endif
+}
+//@}
+#endif  // CRYPTOPP_ARM_SHA3_AVAILABLE
+
+#endif // CRYPTOPP_ARM_SIMD_H

Common/3dParty/cryptopp/asn.cpp

@@ -6,14 +6,17 @@
 
 #ifndef CRYPTOPP_IMPORTS
 
+#include "cryptlib.h"
 #include "asn.h"
+#include "misc.h"
 
+#include <iostream>
 #include <iomanip>
+#include <sstream>
 #include <time.h>
 
 NAMESPACE_BEGIN(CryptoPP)
 
-/// DER Length
 size_t DERLengthEncode(BufferedTransformation &bt, lword length)
 {
 	size_t i=0;
@@ -111,7 +114,7 @@ size_t DEREncodeOctetString(BufferedTransformation &bt, const byte *str, size_t
 
 size_t DEREncodeOctetString(BufferedTransformation &bt, const SecByteBlock &str)
 {
-	return DEREncodeOctetString(bt, str.begin(), str.size());
+	return DEREncodeOctetString(bt, ConstBytePtr(str), BytePtrSize(str));
 }
 
 size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str)
@@ -127,7 +130,7 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str)
 		BERDecodeError();
 
 	str.New(bc);
-	if (bc != bt.Get(str, bc))
+	if (bc != bt.Get(BytePtr(str), bc))
 		BERDecodeError();
 	return bc;
 }
@@ -148,12 +151,41 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation &
 	return bc;
 }
 
-size_t DEREncodeTextString(BufferedTransformation &bt, const std::string &str, byte asnTag)
+size_t DEREncodeTextString(BufferedTransformation &bt, const byte* str, size_t strLen, byte asnTag)
 {
 	bt.Put(asnTag);
-	size_t lengthBytes = DERLengthEncode(bt, str.size());
-	bt.Put((const byte *)str.data(), str.size());
-	return 1+lengthBytes+str.size();
+	size_t lengthBytes = DERLengthEncode(bt, strLen);
+	bt.Put(str, strLen);
+	return 1+lengthBytes+strLen;
+}
+
+size_t DEREncodeTextString(BufferedTransformation &bt, const SecByteBlock &str, byte asnTag)
+{
+	return DEREncodeTextString(bt, ConstBytePtr(str), BytePtrSize(str), asnTag);
+}
+
+size_t DEREncodeTextString(BufferedTransformation &bt, const std::string &str, byte asnTag)
+{
+	return DEREncodeTextString(bt, ConstBytePtr(str), BytePtrSize(str), asnTag);
+}
+
+size_t BERDecodeTextString(BufferedTransformation &bt, SecByteBlock &str, byte asnTag)
+{
+	byte b;
+	if (!bt.Get(b) || b != asnTag)
+		BERDecodeError();
+
+	size_t bc;
+	if (!BERLengthDecode(bt, bc))
+		BERDecodeError();
+	if (bc > bt.MaxRetrievable()) // Issue 346
+		BERDecodeError();
+
+	str.resize(bc);
+	if (bc != bt.Get(BytePtr(str), BytePtrSize(str)))
+		BERDecodeError();
+
+	return bc;
 }
 
 size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte asnTag)
@@ -168,17 +200,40 @@ size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte as
 	if (bc > bt.MaxRetrievable()) // Issue 346
 		BERDecodeError();
 
-	SecByteBlock temp(bc);
-	if (bc != bt.Get(temp, bc))
+	str.resize(bc);
+	if (bc != bt.Get(BytePtr(str), BytePtrSize(str)))
 		BERDecodeError();
-	if (bc)
-		str.assign((char *)temp.begin(), bc);
-	else
-		str.clear();
+
+	return bc;
+}
+
+size_t DEREncodeDate(BufferedTransformation &bt, const SecByteBlock &str, byte asnTag)
+{
+	bt.Put(asnTag);
+	size_t lengthBytes = DERLengthEncode(bt, str.size());
+	bt.Put(ConstBytePtr(str), BytePtrSize(str));
+	return 1+lengthBytes+str.size();
+}
+
+size_t BERDecodeDate(BufferedTransformation &bt, SecByteBlock &str, byte asnTag)
+{
+	byte b;
+	if (!bt.Get(b) || b != asnTag)
+		BERDecodeError();
+
+	size_t bc;
+	if (!BERLengthDecode(bt, bc))
+		BERDecodeError();
+	if (bc > bt.MaxRetrievable()) // Issue 346
+		BERDecodeError();
+
+	str.resize(bc);
+	if (bc != bt.Get(BytePtr(str), BytePtrSize(str)))
+		BERDecodeError();
+
 	return bc;
 }
 
-/// ASN BitString
 size_t DEREncodeBitString(BufferedTransformation &bt, const byte *str, size_t strLen, unsigned int unusedBits)
 {
 	bt.Put(BIT_STRING);
@@ -208,7 +263,7 @@ size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigne
 		BERDecodeError();
 	unusedBits = unused;
 	str.resize(bc-1);
-	if ((bc-1) != bt.Get(str, bc-1))
+	if ((bc-1) != bt.Get(BytePtr(str), bc-1))
 		BERDecodeError();
 	return bc-1;
 }
@@ -230,6 +285,25 @@ void DERReencode(BufferedTransformation &source, BufferedTransformation &dest)
 	encoder.MessageEnd();
 }
 
+size_t BERDecodePeekLength(const BufferedTransformation &bt)
+{
+	lword count = (std::min)(bt.MaxRetrievable(), static_cast<lword>(16));
+	if (count == 0) return 0;
+
+	ByteQueue tagAndLength;
+	bt.CopyTo(tagAndLength, count);
+
+	// Skip tag
+	tagAndLength.Skip(1);
+
+	// BERLengthDecode fails for indefinite length.
+	size_t length;
+	if (!BERLengthDecode(tagAndLength, length))
+		return 0;
+
+	return length;
+}
+
 void OID::EncodeValue(BufferedTransformation &bt, word32 v)
 {
 	for (unsigned int i=RoundUpToMultipleOf(STDMAX(7U,BitPrecision(v)), 7U)-7; i != 0; i-=7)
@@ -304,6 +378,18 @@ void OID::BERDecodeAndCheck(BufferedTransformation &bt) const
 		BERDecodeError();
 }
 
+std::ostream& OID::Print(std::ostream& out) const
+{
+	std::ostringstream oss;
+	for (size_t i = 0; i < m_values.size(); ++i)
+	{
+		oss << m_values[i];
+		if (i+1 < m_values.size())
+			oss << ".";
+	}
+	return out << oss.str();
+}
+
 inline BufferedTransformation & EncodedObjectFilter::CurrentTarget()
 {
 	if (m_flags & PUT_OBJECTS)
@@ -368,7 +454,7 @@ void EncodedObjectFilter::Put(const byte *inString, size_t length)
 		// fall through
 		case TAIL:
 		case ALL_DONE:
-		default: ;;
+		default: ;
 		}
 
 		if (m_state == IDENTIFIER && m_level == 0)
@@ -394,14 +480,20 @@ void EncodedObjectFilter::Put(const byte *inString, size_t length)
 	}
 }
 
+BERGeneralDecoder::BERGeneralDecoder(BufferedTransformation &inQueue)
+	: m_inQueue(inQueue), m_length(0), m_finished(false)
+{
+	Init(DefaultTag);
+}
+
 BERGeneralDecoder::BERGeneralDecoder(BufferedTransformation &inQueue, byte asnTag)
-	: m_inQueue(inQueue), m_finished(false)
+	: m_inQueue(inQueue), m_length(0), m_finished(false)
 {
 	Init(asnTag);
 }
 
 BERGeneralDecoder::BERGeneralDecoder(BERGeneralDecoder &inQueue, byte asnTag)
-	: m_inQueue(inQueue), m_finished(false)
+	: m_inQueue(inQueue), m_length(0), m_finished(false)
 {
 	Init(asnTag);
 }
@@ -501,13 +593,18 @@ lword BERGeneralDecoder::ReduceLength(lword delta)
 	return delta;
 }
 
+DERGeneralEncoder::DERGeneralEncoder(BufferedTransformation &outQueue)
+	: m_outQueue(outQueue), m_asnTag(DefaultTag), m_finished(false)
+{
+}
+
 DERGeneralEncoder::DERGeneralEncoder(BufferedTransformation &outQueue, byte asnTag)
-	: ByteQueue(), m_outQueue(outQueue), m_asnTag(asnTag), m_finished(false)
+	: m_outQueue(outQueue), m_asnTag(asnTag), m_finished(false)
 {
 }
 
 DERGeneralEncoder::DERGeneralEncoder(DERGeneralEncoder &outQueue, byte asnTag)
-	: ByteQueue(), m_outQueue(outQueue), m_asnTag(asnTag), m_finished(false)
+	: m_outQueue(outQueue), m_asnTag(asnTag), m_finished(false)
 {
 }
 

Common/3dParty/cryptopp/asn.h

@@ -13,6 +13,8 @@
 #include "queue.h"
 #include "misc.h"
 
+#include <iosfwd>
+
 // Issue 340
 #if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
 # pragma GCC diagnostic push
@@ -23,45 +25,78 @@
 NAMESPACE_BEGIN(CryptoPP)
 
 /// \brief ASN.1 types
-/// \note These tags and flags are not complete
+/// \note These tags are not complete
 enum ASNTag
 {
+	/// \brief ASN.1 Boolean
 	BOOLEAN 			= 0x01,
+	/// \brief ASN.1 Integer
 	INTEGER 			= 0x02,
+	/// \brief ASN.1 Bit string
 	BIT_STRING			= 0x03,
+	/// \brief ASN.1 Octet string
 	OCTET_STRING		= 0x04,
+	/// \brief ASN.1 Null
 	TAG_NULL			= 0x05,
+	/// \brief ASN.1 Object identifier
 	OBJECT_IDENTIFIER	= 0x06,
+	/// \brief ASN.1 Object descriptor
 	OBJECT_DESCRIPTOR	= 0x07,
+	/// \brief ASN.1 External reference
 	EXTERNAL			= 0x08,
+	/// \brief ASN.1 Real integer
 	REAL				= 0x09,
+	/// \brief ASN.1 Enumerated value
 	ENUMERATED			= 0x0a,
+	/// \brief ASN.1 UTF-8 string
 	UTF8_STRING			= 0x0c,
+	/// \brief ASN.1 Sequence
 	SEQUENCE			= 0x10,
+	/// \brief ASN.1 Set
 	SET 				= 0x11,
+	/// \brief ASN.1 Numeric string
 	NUMERIC_STRING		= 0x12,
+	/// \brief ASN.1 Printable string
 	PRINTABLE_STRING 	= 0x13,
+	/// \brief ASN.1 T61 string
 	T61_STRING			= 0x14,
+	/// \brief ASN.1 Videotext string
 	VIDEOTEXT_STRING 	= 0x15,
+	/// \brief ASN.1 IA5 string
 	IA5_STRING			= 0x16,
+	/// \brief ASN.1 UTC time
 	UTC_TIME 			= 0x17,
+	/// \brief ASN.1 Generalized time
 	GENERALIZED_TIME 	= 0x18,
+	/// \brief ASN.1 Graphic string
 	GRAPHIC_STRING		= 0x19,
+	/// \brief ASN.1 Visible string
 	VISIBLE_STRING		= 0x1a,
-	GENERAL_STRING		= 0x1b
+	/// \brief ASN.1 General string
+	GENERAL_STRING		= 0x1b,
+	/// \brief ASN.1 Universal string
+	UNIVERSAL_STRING	= 0x1c,
+	/// \brief ASN.1 BMP string
+	BMP_STRING  		= 0x1e
 };
 
 /// \brief ASN.1 flags
-/// \note These tags and flags are not complete
+/// \note These flags are not complete
 enum ASNIdFlag
 {
+	/// \brief ASN.1 Universal class
 	UNIVERSAL           = 0x00,
-//	DATA                = 0x01,
-//	HEADER              = 0x02,
+	// DATA           = 0x01,
+	// HEADER           = 0x02,
+	/// \brief ASN.1 Primitive flag
 	PRIMITIVE           = 0x00,
+	/// \brief ASN.1 Constructed flag
 	CONSTRUCTED         = 0x20,
+	/// \brief ASN.1 Application class
 	APPLICATION         = 0x40,
+	/// \brief ASN.1 Context specific class
 	CONTEXT_SPECIFIC    = 0x80,
+	/// \brief ASN.1 Private class
 	PRIVATE             = 0xc0
 };
 
@@ -75,23 +110,21 @@ public:
 	/// \brief Construct an UnknownOID
 	UnknownOID() : BERDecodeErr("BER decode error: unknown object identifier") {}
 	/// \brief Construct an UnknownOID
-	/// \param err error message to use for the execption
+	/// \param err error message to use for the exception
 	UnknownOID(const char *err) : BERDecodeErr(err) {}
 };
 
-// unsigned int DERLengthEncode(unsigned int length, byte *output=0);
-
 /// \brief DER encode a length
 /// \param bt BufferedTransformation object for writing
 /// \param length the size to encode
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 CRYPTOPP_DLL size_t CRYPTOPP_API DERLengthEncode(BufferedTransformation &bt, lword length);
 
 /// \brief BER decode a length
 /// \param bt BufferedTransformation object for reading
 /// \param length the decoded size
-/// \returns true if the value was decoded
-/// \throws BERDecodeError if the value fails to decode or is too large for size_t
+/// \return true if the value was decoded
+/// \throw BERDecodeError if the value fails to decode or is too large for size_t
 /// \details BERLengthDecode() returns false if the encoding is indefinite length.
 CRYPTOPP_DLL bool CRYPTOPP_API BERLengthDecode(BufferedTransformation &bt, size_t &length);
 
@@ -107,54 +140,110 @@ CRYPTOPP_DLL void CRYPTOPP_API BERDecodeNull(BufferedTransformation &bt);
 /// \param bt BufferedTransformation object for writing
 /// \param str the string to encode
 /// \param strLen the length of the string
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeOctetString(BufferedTransformation &bt, const byte *str, size_t strLen);
 
 /// \brief DER encode octet string
 /// \param bt BufferedTransformation object for reading
 /// \param str the string to encode
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeOctetString(BufferedTransformation &bt, const SecByteBlock &str);
 
 /// \brief BER decode octet string
 /// \param bt BufferedTransformation object for reading
 /// \param str the decoded string
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str);
 
 /// \brief BER decode octet string
 /// \param bt BufferedTransformation object for reading
 /// \param str the decoded string
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation &str);
 
 /// \brief DER encode text string
 /// \param bt BufferedTransformation object for writing
 /// \param str the string to encode
-/// \param asnTag the ASN.1 type
-/// \returns the number of octets used for the encoding
+/// \param strLen the length of the string, in bytes
+/// \param asnTag the ASN.1 identifier
+/// \return the number of octets used for the encoding
 /// \details DEREncodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING
+/// \since Crypto++ 8.3
+CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeTextString(BufferedTransformation &bt, const byte* str, size_t strLen, byte asnTag);
+
+/// \brief DER encode text string
+/// \param bt BufferedTransformation object for writing
+/// \param str the string to encode
+/// \param asnTag the ASN.1 identifier
+/// \return the number of octets used for the encoding
+/// \details DEREncodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING
+/// \since Crypto++ 8.3
+CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeTextString(BufferedTransformation &bt, const SecByteBlock &str, byte asnTag);
+
+/// \brief DER encode text string
+/// \param bt BufferedTransformation object for writing
+/// \param str the string to encode
+/// \param asnTag the ASN.1 identifier
+/// \return the number of octets used for the encoding
+/// \details DEREncodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING
+/// \since Crypto++ 6.0
 CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeTextString(BufferedTransformation &bt, const std::string &str, byte asnTag);
 
 /// \brief BER decode text string
 /// \param bt BufferedTransformation object for reading
-/// \param str the string to encode
-/// \param asnTag the ASN.1 type
-/// \details DEREncodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING
+/// \param str the string to decode
+/// \param asnTag the ASN.1 identifier
+/// \details BERDecodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING
+/// \since Crypto++ 8.3
+CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeTextString(BufferedTransformation &bt, SecByteBlock &str, byte asnTag);
+
+/// \brief BER decode text string
+/// \param bt BufferedTransformation object for reading
+/// \param str the string to decode
+/// \param asnTag the ASN.1 identifier
+/// \details BERDecodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING
+/// \since Crypto++ 6.0
 CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte asnTag);
 
+/// \brief DER encode date
+/// \param bt BufferedTransformation object for writing
+/// \param str the date to encode
+/// \param asnTag the ASN.1 identifier
+/// \return the number of octets used for the encoding
+/// \details BERDecodeDate() can be used for UTC_TIME and GENERALIZED_TIME
+/// \since Crypto++ 8.3
+CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeDate(BufferedTransformation &bt, const SecByteBlock &str, byte asnTag);
+
+/// \brief BER decode date
+/// \param bt BufferedTransformation object for reading
+/// \param str the date to decode
+/// \param asnTag the ASN.1 identifier
+/// \details BERDecodeDate() can be used for UTC_TIME and GENERALIZED_TIME
+/// \since Crypto++ 8.3
+CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeDate(BufferedTransformation &bt, SecByteBlock &str, byte asnTag);
+
 /// \brief DER encode bit string
 /// \param bt BufferedTransformation object for writing
 /// \param str the string to encode
 /// \param strLen the length of the string
 /// \param unusedBits the number of unused bits
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
+/// \details The caller is responsible for shifting octets if unusedBits is
+///  not 0. For example, to DER encode a web server X.509 key usage, the 101b
+///  bit mask is often used (digitalSignature and keyEncipherment). In this
+///  case <tt>str</tt> is one octet with a value=0xa0 and unusedBits=5. The
+///  value 0xa0 is <tt>101b << 5</tt>.
 CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeBitString(BufferedTransformation &bt, const byte *str, size_t strLen, unsigned int unusedBits=0);
 
 /// \brief DER decode bit string
 /// \param bt BufferedTransformation object for reading
 /// \param str the decoded string
 /// \param unusedBits the number of unused bits
+/// \details The caller is responsible for shifting octets if unusedBits is
+///  not 0. For example, to DER encode a web server X.509 key usage, the 101b
+///  bit mask is often used (digitalSignature and keyEncipherment). In this
+///  case <tt>str</tt> is one octet with a value=0xa0 and unusedBits=5. The
+///  value 0xa0 is <tt>101b << 5</tt>.
 CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigned int &unusedBits);
 
 /// \brief BER decode and DER re-encode
@@ -162,6 +251,15 @@ CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeBitString(BufferedTransformation &bt,
 /// \param dest BufferedTransformation object
 CRYPTOPP_DLL void CRYPTOPP_API DERReencode(BufferedTransformation &bt, BufferedTransformation &dest);
 
+/// \brief BER decode size
+/// \param bt BufferedTransformation object for reading
+/// \return the length of the ASN.1 value, in bytes
+/// \details BERDecodePeekLength() determines the length of a value without
+///  consuming octets in the stream. The stream must use definite length encoding.
+///  If indefinite length encoding is used or an error occurs, then 0 is returned.
+/// \since Crypto++ 8.3
+CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodePeekLength(const BufferedTransformation &bt);
+
 /// \brief Object Identifier
 class CRYPTOPP_DLL OID
 {
@@ -170,16 +268,22 @@ public:
 
 	/// \brief Construct an OID
 	OID() {}
+
 	/// \brief Construct an OID
 	/// \param v value to initialize the OID
 	OID(word32 v) : m_values(1, v) {}
+
 	/// \brief Construct an OID
 	/// \param bt BufferedTransformation object
-	OID(BufferedTransformation &bt) {BERDecode(bt);}
+	OID(BufferedTransformation &bt) {
+		BERDecode(bt);
+	}
 
 	/// \brief Append a value to an OID
 	/// \param rhs the value to append
-	inline OID & operator+=(word32 rhs) {m_values.push_back(rhs); return *this;}
+	inline OID & operator+=(word32 rhs) {
+		m_values.push_back(rhs); return *this;
+	}
 
 	/// \brief DER encode this OID
 	/// \param bt BufferedTransformation object
@@ -191,7 +295,7 @@ public:
 
 	/// \brief BER decode an OID
 	/// \param bt BufferedTransformation object
-	/// \throws BERDecodeErr() if decoded value doesn't match an expected OID
+	/// \throw BERDecodeErr() if decoded value doesn't match an expected OID
 	/// \details BERDecodeAndCheck() can be used to parse an OID and verify it matches an expected.
 	/// <pre>
 	///   BERSequenceDecoder key(bt);
@@ -201,14 +305,35 @@ public:
 	/// </pre>
 	void BERDecodeAndCheck(BufferedTransformation &bt) const;
 
+	/// \brief Determine if OID is empty
+	/// \return true if OID has 0 elements, false otherwise
+	/// \since Crypto++ 8.0
+	bool Empty() const {
+		return m_values.empty();
+	}
+
+	/// \brief Retrieve OID value array
+	/// \return OID value vector
+	/// \since Crypto++ 8.0
 	const std::vector<word32>& GetValues() const {
 		return m_values;
 	}
 
+	/// \brief Print an OID
+	/// \param out ostream object
+	/// \return ostream reference
+	/// \details Print() writes the OID in a customary format, like
+	///  1.2.840.113549.1.1.11. The caller is reposnsible to convert the
+	///  OID to a friendly name, like sha256WithRSAEncryption.
+	/// \since Crypto++ 8.3
+	std::ostream& Print(std::ostream& out) const;
+
 protected:
 	friend bool operator==(const OID &lhs, const OID &rhs);
 	friend bool operator!=(const OID &lhs, const OID &rhs);
 	friend bool operator<(const OID &lhs, const OID &rhs);
+	friend bool operator<=(const OID &lhs, const OID &rhs);
+	friend bool operator>=(const OID &lhs, const OID &rhs);
 
 	std::vector<word32> m_values;
 
@@ -254,21 +379,99 @@ private:
 class CRYPTOPP_DLL BERGeneralDecoder : public Store
 {
 public:
+	/// \brief Default ASN.1 tag
+	enum {DefaultTag = SEQUENCE | EnumToInt(CONSTRUCTED)};
+
 	virtual ~BERGeneralDecoder();
 
+	/// \brief Construct an ASN.1 decoder
+	/// \param inQueue input byte queue
+	/// \details BERGeneralDecoder uses DefaultTag
+	explicit BERGeneralDecoder(BufferedTransformation &inQueue);
+
+	/// \brief Construct an ASN.1 decoder
+	/// \param inQueue input byte queue
+	/// \param asnTag ASN.1 tag
 	explicit BERGeneralDecoder(BufferedTransformation &inQueue, byte asnTag);
+
+	/// \brief Construct an ASN.1 decoder
+	/// \param inQueue input byte queue
+	/// \param asnTag ASN.1 tag
 	explicit BERGeneralDecoder(BERGeneralDecoder &inQueue, byte asnTag);
 
-	bool IsDefiniteLength() const {return m_definiteLength;}
-	lword RemainingLength() const {CRYPTOPP_ASSERT(m_definiteLength); return m_length;}
+	/// \brief Determine length encoding
+	/// \return true if the ASN.1 object is definite length encoded, false otherwise
+	bool IsDefiniteLength() const {
+		return m_definiteLength;
+	}
+
+	/// \brief Determine remaining length
+	/// \return number of octets that remain to be consumed
+	/// \details RemainingLength() is only valid if IsDefiniteLength()
+	///  returns true.
+	lword RemainingLength() const {
+		CRYPTOPP_ASSERT(m_definiteLength);
+		return IsDefiniteLength() ? m_length : 0;
+	}
+
+	/// \brief Determine end of stream
+	/// \return true if all octets have been consumed, false otherwise
 	bool EndReached() const;
+
+	/// \brief Determine next octet
+	/// \return next octet in the stream
+	/// \details PeekByte does not consume the octet.
+	/// \throw BERDecodeError if there are no octets remaining
 	byte PeekByte() const;
+
+	/// \brief Determine next octet
+	/// \details CheckByte reads the next byte in the stream and verifies
+	///  the octet matches b.
+	/// \throw BERDecodeError if the next octet is not b
 	void CheckByte(byte b);
 
+	/// \brief Transfer bytes to another BufferedTransformation
+	/// \param target the destination BufferedTransformation
+	/// \param transferBytes the number of bytes to transfer
+	/// \param channel the channel on which the transfer should occur
+	/// \param blocking specifies whether the object should block when
+	///  processing input
+	/// \return the number of bytes that remain in the transfer block
+	///  (i.e., bytes not transferred)
+	/// \details TransferTo2() removes bytes and moves
+	///  them to the destination. Transfer begins at the index position
+	///  in the current stream, and not from an absolute position in the
+	///  stream.
+	/// \details transferBytes is an \a IN and \a OUT parameter. When
+	///  the call is made, transferBytes is the requested size of the
+	///  transfer. When the call returns, transferBytes is the number
+	///  of bytes that were transferred.
 	size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);
+
+	/// \brief Copy bytes to another BufferedTransformation
+	/// \param target the destination BufferedTransformation
+	/// \param begin the 0-based index of the first byte to copy in
+	///  the stream
+	/// \param end the 0-based index of the last byte to copy in
+	///  the stream
+	/// \param channel the channel on which the transfer should occur
+	/// \param blocking specifies whether the object should block when
+	///  processing input
+	/// \return the number of bytes that remain in the copy block
+	///  (i.e., bytes not copied)
+	/// \details CopyRangeTo2 copies bytes to the
+	///  destination. The bytes are not removed from this object. Copying
+	///  begins at the index position in the current stream, and not from
+	///  an absolute position in the stream.
+	/// \details begin is an \a IN and \a OUT parameter. When the call is
+	///  made, begin is the starting position of the copy. When the call
+	///  returns, begin is the position of the first byte that was \a not
+	///  copied (which may be different than end). begin can be used for
+	///  subsequent calls to CopyRangeTo2().
 	size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const;
 
-	// call this to denote end of sequence
+	/// \brief Signals the end of messages to the object
+	/// \details Call this to denote end of sequence
 	void MessageEnd();
 
 protected:
@@ -287,12 +490,28 @@ private:
 class CRYPTOPP_DLL DERGeneralEncoder : public ByteQueue
 {
 public:
+	/// \brief Default ASN.1 tag
+	enum {DefaultTag = SEQUENCE | EnumToInt(CONSTRUCTED)};
+
 	virtual ~DERGeneralEncoder();
 
-	explicit DERGeneralEncoder(BufferedTransformation &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED);
-	explicit DERGeneralEncoder(DERGeneralEncoder &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED);
+	/// \brief Construct an ASN.1 encoder
+	/// \param outQueue output byte queue
+	/// \details DERGeneralEncoder uses DefaultTag
+	explicit DERGeneralEncoder(BufferedTransformation &outQueue);
 
-	// call this to denote end of sequence
+	/// \brief Construct an ASN.1 encoder
+	/// \param outQueue output byte queue
+	/// \param asnTag ASN.1 tag
+	explicit DERGeneralEncoder(BufferedTransformation &outQueue, byte asnTag);
+
+	/// \brief Construct an ASN.1 encoder
+	/// \param outQueue output byte queue
+	/// \param asnTag ASN.1 tag
+	explicit DERGeneralEncoder(DERGeneralEncoder &outQueue, byte asnTag);
+
+	/// \brief Signals the end of messages to the object
+	/// \details Call this to denote end of sequence
 	void MessageEnd();
 
 private:
@@ -305,9 +524,31 @@ private:
 class CRYPTOPP_DLL BERSequenceDecoder : public BERGeneralDecoder
 {
 public:
-	explicit BERSequenceDecoder(BufferedTransformation &inQueue, byte asnTag = SEQUENCE | CONSTRUCTED)
+	/// \brief Default ASN.1 tag
+	enum {DefaultTag = SEQUENCE | EnumToInt(CONSTRUCTED)};
+
+	/// \brief Construct an ASN.1 decoder
+	/// \param inQueue input byte queue
+	/// \details BERSequenceDecoder uses DefaultTag
+	explicit BERSequenceDecoder(BufferedTransformation &inQueue)
+		: BERGeneralDecoder(inQueue, DefaultTag) {}
+
+	/// \brief Construct an ASN.1 decoder
+	/// \param inQueue input byte queue
+	/// \param asnTag ASN.1 tag
+	explicit BERSequenceDecoder(BufferedTransformation &inQueue, byte asnTag)
 		: BERGeneralDecoder(inQueue, asnTag) {}
-	explicit BERSequenceDecoder(BERSequenceDecoder &inQueue, byte asnTag = SEQUENCE | CONSTRUCTED)
+
+	/// \brief Construct an ASN.1 decoder
+	/// \param inQueue input byte queue
+	/// \details BERSequenceDecoder uses DefaultTag
+	explicit BERSequenceDecoder(BERSequenceDecoder &inQueue)
+		: BERGeneralDecoder(inQueue, DefaultTag) {}
+
+	/// \brief Construct an ASN.1 decoder
+	/// \param inQueue input byte queue
+	/// \param asnTag ASN.1 tag
+	explicit BERSequenceDecoder(BERSequenceDecoder &inQueue, byte asnTag)
 		: BERGeneralDecoder(inQueue, asnTag) {}
 };
 
@@ -315,9 +556,31 @@ public:
 class CRYPTOPP_DLL DERSequenceEncoder : public DERGeneralEncoder
 {
 public:
-	explicit DERSequenceEncoder(BufferedTransformation &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED)
+	/// \brief Default ASN.1 tag
+	enum {DefaultTag = SEQUENCE | EnumToInt(CONSTRUCTED)};
+
+	/// \brief Construct an ASN.1 encoder
+	/// \param outQueue output byte queue
+	/// \details DERSequenceEncoder uses DefaultTag
+	explicit DERSequenceEncoder(BufferedTransformation &outQueue)
+		: DERGeneralEncoder(outQueue, DefaultTag) {}
+
+	/// \brief Construct an ASN.1 encoder
+	/// \param outQueue output byte queue
+	/// \param asnTag ASN.1 tag
+	explicit DERSequenceEncoder(BufferedTransformation &outQueue, byte asnTag)
 		: DERGeneralEncoder(outQueue, asnTag) {}
-	explicit DERSequenceEncoder(DERSequenceEncoder &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED)
+
+	/// \brief Construct an ASN.1 encoder
+	/// \param outQueue output byte queue
+	/// \details DERSequenceEncoder uses DefaultTag
+	explicit DERSequenceEncoder(DERSequenceEncoder &outQueue)
+		: DERGeneralEncoder(outQueue, DefaultTag) {}
+
+	/// \brief Construct an ASN.1 encoder
+	/// \param outQueue output byte queue
+	/// \param asnTag ASN.1 tag
+	explicit DERSequenceEncoder(DERSequenceEncoder &outQueue, byte asnTag)
 		: DERGeneralEncoder(outQueue, asnTag) {}
 };
 
@@ -325,9 +588,31 @@ public:
 class CRYPTOPP_DLL BERSetDecoder : public BERGeneralDecoder
 {
 public:
-	explicit BERSetDecoder(BufferedTransformation &inQueue, byte asnTag = SET | CONSTRUCTED)
+	/// \brief Default ASN.1 tag
+	enum {DefaultTag = SET | EnumToInt(CONSTRUCTED)};
+
+	/// \brief Construct an ASN.1 decoder
+	/// \param inQueue input byte queue
+	/// \details BERSetDecoder uses DefaultTag
+	explicit BERSetDecoder(BufferedTransformation &inQueue)
+		: BERGeneralDecoder(inQueue, DefaultTag) {}
+
+	/// \brief Construct an ASN.1 decoder
+	/// \param inQueue input byte queue
+	/// \param asnTag ASN.1 tag
+	explicit BERSetDecoder(BufferedTransformation &inQueue, byte asnTag)
 		: BERGeneralDecoder(inQueue, asnTag) {}
-	explicit BERSetDecoder(BERSetDecoder &inQueue, byte asnTag = SET | CONSTRUCTED)
+
+	/// \brief Construct an ASN.1 decoder
+	/// \param inQueue input byte queue
+	/// \details BERSetDecoder uses DefaultTag
+	explicit BERSetDecoder(BERSetDecoder &inQueue)
+		: BERGeneralDecoder(inQueue, DefaultTag) {}
+
+	/// \brief Construct an ASN.1 decoder
+	/// \param inQueue input byte queue
+	/// \param asnTag ASN.1 tag
+	explicit BERSetDecoder(BERSetDecoder &inQueue, byte asnTag)
 		: BERGeneralDecoder(inQueue, asnTag) {}
 };
 
@@ -335,9 +620,31 @@ public:
 class CRYPTOPP_DLL DERSetEncoder : public DERGeneralEncoder
 {
 public:
-	explicit DERSetEncoder(BufferedTransformation &outQueue, byte asnTag = SET | CONSTRUCTED)
+	/// \brief Default ASN.1 tag
+	enum {DefaultTag = SET | EnumToInt(CONSTRUCTED)};
+
+	/// \brief Construct an ASN.1 encoder
+	/// \param outQueue output byte queue
+	/// \details DERSetEncoder uses DefaultTag
+	explicit DERSetEncoder(BufferedTransformation &outQueue)
+		: DERGeneralEncoder(outQueue, DefaultTag) {}
+
+	/// \brief Construct an ASN.1 encoder
+	/// \param outQueue output byte queue
+	/// \param asnTag ASN.1 tag
+	explicit DERSetEncoder(BufferedTransformation &outQueue, byte asnTag)
 		: DERGeneralEncoder(outQueue, asnTag) {}
-	explicit DERSetEncoder(DERSetEncoder &outQueue, byte asnTag = SET | CONSTRUCTED)
+
+	/// \brief Construct an ASN.1 encoder
+	/// \param outQueue output byte queue
+	/// \details DERSetEncoder uses DefaultTag
+	explicit DERSetEncoder(DERSetEncoder &outQueue)
+		: DERGeneralEncoder(outQueue, DefaultTag) {}
+
+	/// \brief Construct an ASN.1 encoder
+	/// \param outQueue output byte queue
+	/// \param asnTag ASN.1 tag
+	explicit DERSetEncoder(DERSetEncoder &outQueue, byte asnTag)
 		: DERGeneralEncoder(outQueue, asnTag) {}
 };
 
@@ -380,7 +687,7 @@ public:
 	/// \param bt BufferedTransformation object
 	/// \details Save() will write the OID associated with algorithm or scheme.
 	///   In the case of public and private keys, this function writes the
-	///   subjectPubicKeyInfo and privateKeyInfo parts.
+	///   subjectPublicKeyInfo and privateKeyInfo parts.
 	void Save(BufferedTransformation &bt) const
 		{BEREncode(bt);}
 
@@ -400,20 +707,43 @@ public:
 	void DEREncode(BufferedTransformation &bt) const;
 
 	/// \brief Retrieves the OID of the algorithm
-	/// \returns OID of the algorithm
+	/// \return OID of the algorithm
 	virtual OID GetAlgorithmID() const =0;
+
+	/// \brief Decode algorithm parameters
+	/// \param bt BufferedTransformation object
+	/// \sa BERDecodePublicKey, <A HREF="http://www.ietf.org/rfc/rfc2459.txt">RFC
+	///  2459, section 7.3.1</A>
 	virtual bool BERDecodeAlgorithmParameters(BufferedTransformation &bt)
 		{BERDecodeNull(bt); return false;}
-	virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const
-		{DEREncodeNull(bt); return false;}	// see RFC 2459, section 7.3.1
 
-	/// decode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header
+	/// \brief Encode algorithm parameters
+	/// \param bt BufferedTransformation object
+	/// \sa DEREncodePublicKey, <A HREF="http://www.ietf.org/rfc/rfc2459.txt">RFC
+	///  2459, section 7.3.1</A>
+	virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const
+		{DEREncodeNull(bt); return false;}
+
+	/// \brief Decode subjectPublicKey part of subjectPublicKeyInfo
+	/// \param bt BufferedTransformation object
+	/// \param parametersPresent flag indicating if algorithm parameters are present
+	/// \param size number of octets to read for the parameters, in bytes
+	/// \details BERDecodePublicKey() the decodes subjectPublicKey part of
+	///  subjectPublicKeyInfo, without the BIT STRING header.
+	/// \details When <tt>parametersPresent = true</tt> then BERDecodePublicKey() calls
+	///  BERDecodeAlgorithmParameters() to parse algorithm parameters.
+	/// \sa BERDecodeAlgorithmParameters
 	virtual void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size) =0;
-	/// encode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header
+
+	/// \brief Encode subjectPublicKey part of subjectPublicKeyInfo
+	/// \param bt BufferedTransformation object
+	/// \details DEREncodePublicKey() encodes the subjectPublicKey part of
+	///  subjectPublicKeyInfo, without the BIT STRING header.
+	/// \sa DEREncodeAlgorithmParameters
 	virtual void DEREncodePublicKey(BufferedTransformation &bt) const =0;
 };
 
-/// \brief Encodes and decodesprivateKeyInfo
+/// \brief Encodes and Decodes privateKeyInfo
 class CRYPTOPP_DLL PKCS8PrivateKey : public ASN1CryptoMaterial<PrivateKey>
 {
 public:
@@ -423,22 +753,55 @@ public:
 	void DEREncode(BufferedTransformation &bt) const;
 
 	/// \brief Retrieves the OID of the algorithm
-	/// \returns OID of the algorithm
+	/// \return OID of the algorithm
 	virtual OID GetAlgorithmID() const =0;
+
+	/// \brief Decode optional parameters
+	/// \param bt BufferedTransformation object
+	/// \sa BERDecodePrivateKey, <A HREF="http://www.ietf.org/rfc/rfc2459.txt">RFC
+	///  2459, section 7.3.1</A>
 	virtual bool BERDecodeAlgorithmParameters(BufferedTransformation &bt)
 		{BERDecodeNull(bt); return false;}
-	virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const
-		{DEREncodeNull(bt); return false;}	// see RFC 2459, section 7.3.1
 
-	/// decode privateKey part of privateKeyInfo, without the OCTET STRING header
+	/// \brief Encode optional parameters
+	/// \param bt BufferedTransformation object
+	/// \sa DEREncodePrivateKey, <A HREF="http://www.ietf.org/rfc/rfc2459.txt">RFC
+	///  2459, section 7.3.1</A>
+	virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const
+		{DEREncodeNull(bt); return false;}
+
+	/// \brief Decode privateKey part of privateKeyInfo
+	/// \param bt BufferedTransformation object
+	/// \param parametersPresent flag indicating if algorithm parameters are present
+	/// \param size number of octets to read for the parameters, in bytes
+	/// \details BERDecodePrivateKey() the decodes privateKey part of privateKeyInfo,
+	///  without the OCTET STRING header.
+	/// \details When <tt>parametersPresent = true</tt> then BERDecodePrivateKey() calls
+	///  BERDecodeAlgorithmParameters() to parse algorithm parameters.
+	/// \sa BERDecodeAlgorithmParameters
 	virtual void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size) =0;
-	/// encode privateKey part of privateKeyInfo, without the OCTET STRING header
+
+	/// \brief Encode privateKey part of privateKeyInfo
+	/// \param bt BufferedTransformation object
+	/// \details DEREncodePrivateKey() encodes the privateKey part of privateKeyInfo,
+	///  without the OCTET STRING header.
+	/// \sa DEREncodeAlgorithmParameters
 	virtual void DEREncodePrivateKey(BufferedTransformation &bt) const =0;
 
-	/// decode optional attributes including context-specific tag
-	/*! /note default implementation stores attributes to be output in DEREncodeOptionalAttributes */
+	/// \brief Decode optional attributes
+	/// \param bt BufferedTransformation object
+	/// \details BERDecodeOptionalAttributes() decodes optional attributes including
+	///  context-specific tag.
+	/// \sa BERDecodeAlgorithmParameters, DEREncodeOptionalAttributes
+	/// \note default implementation stores attributes to be output using
+	///  DEREncodeOptionalAttributes
 	virtual void BERDecodeOptionalAttributes(BufferedTransformation &bt);
-	/// encode optional attributes including context-specific tag
+
+	/// \brief Encode optional attributes
+	/// \param bt BufferedTransformation object
+	/// \details DEREncodeOptionalAttributes() encodes optional attributes including
+	///  context-specific tag.
+	/// \sa BERDecodeAlgorithmParameters
 	virtual void DEREncodeOptionalAttributes(BufferedTransformation &bt) const;
 
 protected:
@@ -451,7 +814,7 @@ protected:
 /// \tparam T class or type
 /// \param out BufferedTransformation object
 /// \param w unsigned value to encode
-/// \param asnTag the ASN.1 type
+/// \param asnTag the ASN.1 identifier
 /// \details DEREncodeUnsigned() can be used with INTEGER, BOOLEAN, and ENUM
 template <class T>
 size_t DEREncodeUnsigned(BufferedTransformation &out, T w, byte asnTag = INTEGER)
@@ -484,10 +847,10 @@ size_t DEREncodeUnsigned(BufferedTransformation &out, T w, byte asnTag = INTEGER
 /// \tparam T fundamental C++ type
 /// \param in BufferedTransformation object
 /// \param w the decoded value
-/// \param asnTag the ASN.1 type
+/// \param asnTag the ASN.1 identifier
 /// \param minValue the minimum expected value
 /// \param maxValue the maximum expected value
-/// \throws BERDecodeErr() if the value cannot be parsed or the decoded value is not within range.
+/// \throw BERDecodeErr() if the value cannot be parsed or the decoded value is not within range.
 /// \details DEREncodeUnsigned() can be used with INTEGER, BOOLEAN, and ENUM
 template <class T>
 void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER,
@@ -539,23 +902,42 @@ void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER,
 /// \brief Compare two OIDs for equality
 /// \param lhs the first OID
 /// \param rhs the second OID
-/// \returns true if the OIDs are equal, false otherwise
+/// \return true if the OIDs are equal, false otherwise
 inline bool operator==(const OID &lhs, const OID &rhs);
 /// \brief Compare two OIDs for inequality
 /// \param lhs the first OID
 /// \param rhs the second OID
-/// \returns true if the OIDs are not equal, false otherwise
+/// \return true if the OIDs are not equal, false otherwise
 inline bool operator!=(const OID &lhs, const OID &rhs);
 /// \brief Compare two OIDs for ordering
 /// \param lhs the first OID
 /// \param rhs the second OID
-/// \returns true if the first OID is less than the second OID, false otherwise
+/// \return true if the first OID is less than the second OID, false otherwise
 /// \details operator<() calls std::lexicographical_compare() on each element in the array of values.
 inline bool operator<(const OID &lhs, const OID &rhs);
+/// \brief Compare two OIDs for ordering
+/// \param lhs the first OID
+/// \param rhs the second OID
+/// \return true if the first OID is less than or equal to the second OID, false otherwise
+/// \details operator<=() is implemented in terms of operator==() and operator<().
+/// \since Crypto++ 8.3
+inline bool operator<=(const OID &lhs, const OID &rhs);
+/// \brief Compare two OIDs for ordering
+/// \param lhs the first OID
+/// \param rhs the second OID
+/// \return true if the first OID is greater than or equal to the second OID, false otherwise
+/// \details operator>=() is implemented in terms of operator<().
+/// \since Crypto++ 8.3
+inline bool operator>=(const OID &lhs, const OID &rhs);
 /// \brief Append a value to an OID
 /// \param lhs the OID
 /// \param rhs the value to append
 inline OID operator+(const OID &lhs, unsigned long rhs);
+/// \brief Print a OID value
+/// \param out the output stream
+/// \param oid the OID
+inline std::ostream& operator<<(std::ostream& out, const OID &oid)
+	{ return oid.Print(out); }
 #else
 inline bool operator==(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs)
 	{return lhs.m_values == rhs.m_values;}
@@ -563,8 +945,14 @@ inline bool operator!=(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs)
 	{return lhs.m_values != rhs.m_values;}
 inline bool operator<(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs)
 	{return std::lexicographical_compare(lhs.m_values.begin(), lhs.m_values.end(), rhs.m_values.begin(), rhs.m_values.end());}
+inline bool operator<=(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs)
+	{return lhs<rhs || lhs==rhs;}
+inline bool operator>=(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs)
+	{return ! (lhs<rhs);}
 inline ::CryptoPP::OID operator+(const ::CryptoPP::OID &lhs, unsigned long rhs)
 	{return ::CryptoPP::OID(lhs)+=rhs;}
+inline std::ostream& operator<<(std::ostream& out, const OID &oid)
+	{ return oid.Print(out); }
 #endif
 
 NAMESPACE_END

Common/3dParty/cryptopp/authenc.cpp

@@ -10,11 +10,15 @@ NAMESPACE_BEGIN(CryptoPP)
 
 void AuthenticatedSymmetricCipherBase::AuthenticateData(const byte *input, size_t len)
 {
+	// UBsan finding with -std=c++03 using memcpy
+	CRYPTOPP_ASSERT(input && len);
+	if(!input || !len) return;
+
 	unsigned int blockSize = AuthenticationBlockSize();
 	unsigned int &num = m_bufferedDataLength;
 	byte* data = m_buffer.begin();
 
-	if (num != 0)	// process left over data
+	if (data && num)	// process left over data
 	{
 		if (num+len >= blockSize)
 		{
@@ -41,7 +45,8 @@ void AuthenticatedSymmetricCipherBase::AuthenticateData(const byte *input, size_
 		len = leftOver;
 	}
 
-	memcpy(data, input, len);
+	if (data && len)
+		memcpy(data, input, len);
 	num = (unsigned int)len;
 }
 
@@ -74,6 +79,7 @@ void AuthenticatedSymmetricCipherBase::Resynchronize(const byte *iv, int length)
 
 void AuthenticatedSymmetricCipherBase::Update(const byte *input, size_t length)
 {
+	// Part of original authenc.cpp code. Don't remove it.
 	if (length == 0) {return;}
 
 	switch (m_state)
@@ -102,9 +108,9 @@ void AuthenticatedSymmetricCipherBase::Update(const byte *input, size_t length)
 
 void AuthenticatedSymmetricCipherBase::ProcessData(byte *outString, const byte *inString, size_t length)
 {
-	m_totalMessageLength += length;
-	if (m_state >= State_IVSet && m_totalMessageLength > MaxMessageLength())
+	if (m_state >= State_IVSet && length > MaxMessageLength()-m_totalMessageLength)
 		throw InvalidArgument(AlgorithmName() + ": message length exceeds maximum");
+	m_totalMessageLength += length;
 
 reswitch:
 	switch (m_state)
@@ -134,6 +140,9 @@ reswitch:
 
 void AuthenticatedSymmetricCipherBase::TruncatedFinal(byte *mac, size_t macSize)
 {
+	// https://github.com/weidai11/cryptopp/issues/954
+	this->ThrowIfInvalidTruncatedSize(macSize);
+
 	if (m_totalHeaderLength > MaxHeaderLength())
 		throw InvalidArgument(AlgorithmName() + ": header length of " + IntToString(m_totalHeaderLength) + " exceeds the maximum of " + IntToString(MaxHeaderLength()));
 

Common/3dParty/cryptopp/authenc.h

@@ -60,7 +60,7 @@ protected:
 
 	void AuthenticateData(const byte *data, size_t len);
 	const SymmetricCipher & GetSymmetricCipher() const
-		{return const_cast<AuthenticatedSymmetricCipherBase *>(this)->AccessSymmetricCipher();};
+		{return const_cast<AuthenticatedSymmetricCipherBase *>(this)->AccessSymmetricCipher();}
 
 	virtual SymmetricCipher & AccessSymmetricCipher() =0;
 	virtual bool AuthenticationIsOnPlaintext() const =0;

Common/3dParty/cryptopp/basecode.cpp

@@ -182,7 +182,7 @@ void BaseN_Decoder::InitializeDecodingLookupArray(int *lookup, const byte *alpha
 	for (unsigned int i=0; i<base; i++)
 	{
 		// Debug asserts for 'lookup[alphabet[i]] == -1' removed because the self tests
-		// have unusal tests that try to break the encoders and decoders. Tests include
+		// have unusual tests that try to break the encoders and decoders. Tests include
 		// a string of the same characters. I.,e., a string of stars like '********...'.
 		if (caseInsensitive && isalpha(alphabet[i]))
 		{

Common/3dParty/cryptopp/basecode.h

@@ -30,16 +30,18 @@ public:
 	/// \param attachment a BufferedTransformation to attach to this object
 	/// \param padding the character to use as padding
 	/// \pre log2base must be between 1 and 7 inclusive
-	/// \throws InvalidArgument if log2base is not between 1 and 7
+	/// \throw InvalidArgument if log2base is not between 1 and 7
 	BaseN_Encoder(const byte *alphabet, int log2base, BufferedTransformation *attachment=NULLPTR, int padding=-1)
 		: m_alphabet(NULLPTR), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
 	{
 		Detach(attachment);
-		IsolatedInitialize(MakeParameters(Name::EncodingLookupArray(), alphabet)
-			(Name::Log2Base(), log2base)
-			(Name::Pad(), padding != -1)
-			(Name::PaddingByte(), byte(padding)));
+		BaseN_Encoder::IsolatedInitialize(
+			MakeParameters
+				(Name::EncodingLookupArray(), alphabet)
+				(Name::Log2Base(), log2base)
+				(Name::Pad(), padding != -1)
+				(Name::PaddingByte(), byte(padding)));
 	}
 
 	void IsolatedInitialize(const NameValuePairs &parameters);
@@ -61,7 +63,7 @@ public:
 	/// \details padding is set to -1, which means use default padding. If not
 	///   required, then the value must be set via IsolatedInitialize().
 	BaseN_Decoder(BufferedTransformation *attachment=NULLPTR)
-		: m_lookup(NULLPTR), m_padding(0), m_bitsPerChar(0)
+		: m_lookup(NULLPTR), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
 			{Detach(attachment);}
 
@@ -74,11 +76,14 @@ public:
 	/// \details padding is set to -1, which means use default padding. If not
 	///   required, then the value must be set via IsolatedInitialize().
 	BaseN_Decoder(const int *lookup, int log2base, BufferedTransformation *attachment=NULLPTR)
-		: m_lookup(NULLPTR), m_padding(0), m_bitsPerChar(0)
+		: m_lookup(NULLPTR), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
 	{
 		Detach(attachment);
-		IsolatedInitialize(MakeParameters(Name::DecodingLookupArray(), lookup)(Name::Log2Base(), log2base));
+		BaseN_Decoder::IsolatedInitialize(
+			MakeParameters
+				(Name::DecodingLookupArray(), lookup)
+				(Name::Log2Base(), log2base));
 	}
 
 	void IsolatedInitialize(const NameValuePairs &parameters);
@@ -98,7 +103,7 @@ public:
 
 private:
 	const int *m_lookup;
-	int m_padding, m_bitsPerChar, m_outputBlockSize;
+	int m_bitsPerChar, m_outputBlockSize;
 	int m_bytePos, m_bitPos;
 	SecByteBlock m_outBuf;
 };
@@ -121,9 +126,11 @@ public:
 		: m_groupSize(0), m_counter(0)
 	{
 		Detach(attachment);
-		IsolatedInitialize(MakeParameters(Name::GroupSize(), groupSize)
-			(Name::Separator(), ConstByteArrayParameter(separator))
-			(Name::Terminator(), ConstByteArrayParameter(terminator)));
+		Grouper::IsolatedInitialize(
+			MakeParameters
+				(Name::GroupSize(), groupSize)
+				(Name::Separator(), ConstByteArrayParameter(separator))
+				(Name::Terminator(), ConstByteArrayParameter(terminator)));
 	}
 
 	void IsolatedInitialize(const NameValuePairs &parameters);

Common/3dParty/cryptopp/bench.h

@@ -16,14 +16,48 @@ NAMESPACE_BEGIN(Test)
 
 // More granular control over benchmarks
 enum TestClass {
-	UnkeyedRNG=(1<<0),UnkeyedHash=(1<<1),UnkeyedOther=(1<<2),
-	SharedKeyMAC=(1<<3),SharedKeyStream=(1<<4),SharedKeyBlock=(1<<5),SharedKeyOther=(1<<6),
-	PublicKeyAgreement=(1<<7),PublicKeyEncryption=(1<<8),PublicKeySignature=(1<<9),PublicKeyOther=(1<<10),
+	/// \brief Random number generators
+	UnkeyedRNG=(1<<0),
+	/// \brief Message digests
+	UnkeyedHash=(1<<1),
+	/// \brief Other unkeyed algorithms
+	UnkeyedOther=(1<<2),
+
+	/// \brief Message authentication codes
+	SharedKeyMAC=(1<<3),
+	/// \brief Stream ciphers
+	SharedKeyStream=(1<<4),
+	/// \brief Block ciphers ciphers
+	SharedKeyBlock=(1<<5),
+	/// \brief Other shared key algorithms
+	SharedKeyOther=(1<<6),
+
+	/// \brief Key agreement algorithms over integers
+	PublicKeyAgreement=(1<<7),
+	/// \brief Encryption algorithms over integers
+	PublicKeyEncryption=(1<<8),
+	/// \brief Signature algorithms over integers
+	PublicKeySignature=(1<<9),
+	/// \brief Other public key algorithms over integers
+	PublicKeyOther=(1<<10),
+
+	/// \brief Key agreement algorithms over EC
+	PublicKeyAgreementEC=(1<<11),
+	/// \brief Encryption algorithms over EC
+	PublicKeyEncryptionEC=(1<<12),
+	/// \brief Signature algorithms over EC
+	PublicKeySignatureEC=(1<<13),
+	/// \brief Other public key algorithms over EC
+	PublicKeyOtherEC=(1<<14),
+
 	Unkeyed=UnkeyedRNG|UnkeyedHash|UnkeyedOther,
 	SharedKey=SharedKeyMAC|SharedKeyStream|SharedKeyBlock|SharedKeyOther,
 	PublicKey=PublicKeyAgreement|PublicKeyEncryption|PublicKeySignature|PublicKeyOther,
-	All=Unkeyed|SharedKey|PublicKey,
-	TestFirst=(0), TestLast=(1<<11)
+	PublicKeyEC=PublicKeyAgreementEC|PublicKeyEncryptionEC|PublicKeySignatureEC|PublicKeyOtherEC,
+
+	All=Unkeyed|SharedKey|PublicKey|PublicKeyEC,
+
+	TestFirst=(0), TestLast=(1<<15)
 };
 
 extern const double CLOCK_TICKS_PER_SECOND;
@@ -37,19 +71,33 @@ extern const byte defaultKey[];
 extern time_t g_testBegin;
 extern time_t g_testEnd;
 
-// Command handler
+// Benchmark command handler
 void BenchmarkWithCommand(int argc, const char* const argv[]);
 // Top level, prints preamble and postamble
 void Benchmark(Test::TestClass suites, double t, double hertz);
 // Unkeyed systems
-void Benchmark1(double t, double hertz);
+void BenchmarkUnkeyedAlgorithms(double t, double hertz);
 // Shared key systems
-void Benchmark2(double t, double hertz);
-// Public key systems
-void Benchmark3(double t, double hertz);
+void BenchmarkSharedKeyedAlgorithms(double t, double hertz);
+// Public key systems over integers
+void BenchmarkPublicKeyAlgorithms(double t, double hertz);
+// Public key systems over elliptic curves
+void BenchmarkEllipticCurveAlgorithms(double t, double hertz);
 
-void OutputResultBytes(const char *name, double length, double timeTaken);
-void OutputResultOperations(const char *name, const char *operation, bool pc, unsigned long iterations, double timeTaken);
+// These are defined in bench1.cpp
+extern void OutputResultKeying(double iterations, double timeTaken);
+extern void OutputResultBytes(const char *name, const char *provider, double length, double timeTaken);
+extern void OutputResultOperations(const char *name, const char *provider, const char *operation, bool pc, unsigned long iterations, double timeTaken);
+
+// These are defined in bench1.cpp
+extern void BenchMark(const char *name, BufferedTransformation &bt, double timeTotal);
+extern void BenchMark(const char *name, StreamTransformation &cipher, double timeTotal);
+extern void BenchMark(const char *name, HashTransformation &ht, double timeTotal);
+extern void BenchMark(const char *name, RandomNumberGenerator &rng, double timeTotal);
+
+// These are defined in bench2.cpp
+extern void BenchMarkKeying(SimpleKeyingInterface &c, size_t keyLength, const NameValuePairs &params);
+extern void BenchMark(const char *name, AuthenticatedSymmetricCipher &cipher, double timeTotal);
 
 NAMESPACE_END  // Test
 NAMESPACE_END  // CryptoPP

Common/3dParty/cryptopp/bench1.cpp

@@ -5,21 +5,23 @@
 #include "bench.h"
 #include "validate.h"
 
-#include "aes.h"
-#include "kalyna.h"
-#include "threefish.h"
-#include "blumshub.h"
-#include "files.h"
-#include "filters.h"
-#include "hex.h"
-#include "modes.h"
-#include "factory.h"
-#include "smartptr.h"
 #include "cpu.h"
+#include "factory.h"
+#include "algparam.h"
+#include "argnames.h"
+#include "smartptr.h"
+#include "stdcpp.h"
+
+#include "osrng.h"
 #include "drbg.h"
+#include "darn.h"
+#include "mersenne.h"
 #include "rdrand.h"
 #include "padlkrng.h"
-#include "stdcpp.h"
+
+#include <iostream>
+#include <iomanip>
+#include <sstream>
 
 #if CRYPTOPP_MSC_VERSION
 # pragma warning(disable: 4355)
@@ -40,7 +42,7 @@ const double CLOCK_TICKS_PER_SECOND = (double)CLK_TCK;
 const double CLOCK_TICKS_PER_SECOND = 1000000.0;
 #endif
 
-const byte defaultKey[] = "0123456789" // 168 + NULL
+extern const byte defaultKey[] = "0123456789" // 168 + NULL
 	"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
 	"00000000000000000000000000000000000000000000000000000"
 	"00000000000000000000000000000000000000000000000000000";
@@ -49,68 +51,90 @@ double g_allocatedTime = 0.0, g_hertz = 0.0, g_logTotal = 0.0;
 unsigned int g_logCount = 0;
 time_t g_testBegin, g_testEnd;
 
-void OutputResultBytes(const char *name, double length, double timeTaken)
+inline std::string HertzToString(double hertz)
 {
-	// Coverity finding, also see http://stackoverflow.com/a/34509163/608639.
-	StreamState ss(std::cout);
+	std::ostringstream oss;
+	oss.precision(3);
+
+	if (hertz >= 0.999e+9)
+		oss << hertz / 1e+9 << " GHz";
+	else if (hertz >= 0.999e+6)
+		oss << hertz / 1e+6 << " MHz";
+	else if (hertz >= 0.999e+3)
+		oss << hertz / 1e+3 << " KHz";
+	else
+		oss << hertz << " Hz";
+
+	return oss.str();
+}
+
+void OutputResultBytes(const char *name, const char *provider, double length, double timeTaken)
+{
+	std::ostringstream oss;
 
 	// Coverity finding
 	if (length < 0.000001f) length = 0.000001f;
 	if (timeTaken < 0.000001f) timeTaken = 0.000001f;
 
 	double mbs = length / timeTaken / (1024*1024);
-	std::cout << "\n<TR><TD>" << name;
-	std::cout << std::setiosflags(std::ios::fixed);
-	std::cout << "<TD>" << std::setprecision(0) << std::setiosflags(std::ios::fixed) << mbs;
+	oss << "\n<TR><TD>" << name << "<TD>" << provider;
+	oss << std::setiosflags(std::ios::fixed);
+	oss << "<TD>" << std::setprecision(0) << std::setiosflags(std::ios::fixed) << mbs;
 	if (g_hertz > 1.0f)
 	{
 		const double cpb = timeTaken * g_hertz / length;
 		if (cpb < 24.0f)
-			std::cout << "<TD>" << std::setprecision(2) << std::setiosflags(std::ios::fixed) << cpb;
+			oss << "<TD>" << std::setprecision(2) << std::setiosflags(std::ios::fixed) << cpb;
 		else
-			std::cout << "<TD>" << std::setprecision(1) << std::setiosflags(std::ios::fixed) << cpb;
+			oss << "<TD>" << std::setprecision(1) << std::setiosflags(std::ios::fixed) << cpb;
 	}
 	g_logTotal += log(mbs);
 	g_logCount++;
+
+	std::cout << oss.str();
 }
 
 void OutputResultKeying(double iterations, double timeTaken)
 {
-	// Coverity finding, also see http://stackoverflow.com/a/34509163/608639.
-	StreamState ss(std::cout);
+	std::ostringstream oss;
 
 	// Coverity finding
 	if (iterations < 0.000001f) iterations = 0.000001f;
 	if (timeTaken < 0.000001f) timeTaken = 0.000001f;
 
-	std::cout << "<TD>" << std::setprecision(3) << std::setiosflags(std::ios::fixed) << (1000*1000*timeTaken/iterations);
+	oss << "<TD>" << std::setprecision(3) << std::setiosflags(std::ios::fixed) << (1000*1000*timeTaken/iterations);
 
 	// Coverity finding
 	if (g_hertz > 1.0f)
-		std::cout << "<TD>" << std::setprecision(0) << std::setiosflags(std::ios::fixed) << timeTaken * g_hertz / iterations;
+		oss << "<TD>" << std::setprecision(0) << std::setiosflags(std::ios::fixed) << timeTaken * g_hertz / iterations;
+
+	std::cout << oss.str();
 }
 
-void OutputResultOperations(const char *name, const char *operation, bool pc, unsigned long iterations, double timeTaken)
+void OutputResultOperations(const char *name, const char *provider, const char *operation, bool pc, unsigned long iterations, double timeTaken)
 {
-	// Coverity finding, also see http://stackoverflow.com/a/34509163/608639.
-	StreamState ss(std::cout);
+	CRYPTOPP_UNUSED(provider);
+	std::ostringstream oss;
 
 	// Coverity finding
 	if (!iterations) iterations++;
 	if (timeTaken < 0.000001f) timeTaken = 0.000001f;
 
-	std::cout << "\n<TR><TD>" << name << " " << operation << (pc ? " with precomputation" : "");
-	std::cout << "<TD>" << std::setprecision(2) << std::setiosflags(std::ios::fixed) << (1000*timeTaken/iterations);
+	oss << "\n<TR><TD>" << name << " " << operation << (pc ? " with precomputation" : "");
+	//oss << "<TD>" << provider;
+	oss << "<TD>" << std::setprecision(3) << std::setiosflags(std::ios::fixed) << (1000*timeTaken/iterations);
 
 	// Coverity finding
 	if (g_hertz > 1.0f)
 	{
 		const double t = timeTaken * g_hertz / iterations / 1000000;
-		std::cout << "<TD>" << std::setprecision(2) << std::setiosflags(std::ios::fixed) << t;
+		oss << "<TD>" << std::setprecision(3) << std::setiosflags(std::ios::fixed) << t;
 	}
 
 	g_logTotal += log(iterations/timeTaken);
 	g_logCount++;
+
+	std::cout << oss.str();
 }
 
 /*
@@ -158,15 +182,8 @@ void BenchMark(const char *name, StreamTransformation &cipher, double timeTotal)
 	}
 	while (timeTaken < 2.0/3*timeTotal);
 
-	OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken);
-}
-
-void BenchMark(const char *name, AuthenticatedSymmetricCipher &cipher, double timeTotal)
-{
-	if (cipher.NeedsPrespecifiedDataLengths())
-		cipher.SpecifyDataLengths(0, cipher.MaxMessageLength(), 0);
-
-	BenchMark(name, static_cast<StreamTransformation &>(cipher), timeTotal);
+	std::string provider = cipher.AlgorithmProvider();
+	OutputResultBytes(name, provider.c_str(), double(blocks) * BUF_SIZE, timeTaken);
 }
 
 void BenchMark(const char *name, HashTransformation &ht, double timeTotal)
@@ -189,7 +206,8 @@ void BenchMark(const char *name, HashTransformation &ht, double timeTotal)
 	}
 	while (timeTaken < 2.0/3*timeTotal);
 
-	OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken);
+	std::string provider = ht.AlgorithmProvider();
+	OutputResultBytes(name, provider.c_str(), double(blocks) * BUF_SIZE, timeTaken);
 }
 
 void BenchMark(const char *name, BufferedTransformation &bt, double timeTotal)
@@ -212,7 +230,8 @@ void BenchMark(const char *name, BufferedTransformation &bt, double timeTotal)
 	}
 	while (timeTaken < 2.0/3*timeTotal);
 
-	OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken);
+	std::string provider = bt.AlgorithmProvider();
+	OutputResultBytes(name, provider.c_str(), double(blocks) * BUF_SIZE, timeTaken);
 }
 
 void BenchMark(const char *name, RandomNumberGenerator &rng, double timeTotal)
@@ -243,7 +262,8 @@ void BenchMark(const char *name, RandomNumberGenerator &rng, double timeTotal)
 		timeTaken = double(::clock() - start) / CLOCK_TICKS_PER_SECOND;
 	} while (timeTaken < timeTotal);
 
-	OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken);
+	std::string provider = rng.AlgorithmProvider();
+	OutputResultBytes(name, provider.c_str(), double(blocks) * BUF_SIZE, timeTaken);
 }
 
 // Hack, but we probably need a KeyedRandomNumberGenerator interface
@@ -269,56 +289,12 @@ void BenchMark(const char *name, NIST_DRBG &rng, double timeTotal)
 		timeTaken = double(::clock() - start) / CLOCK_TICKS_PER_SECOND;
 	} while (timeTaken < timeTotal);
 
-	OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken);
-}
-
-void BenchMarkKeying(SimpleKeyingInterface &c, size_t keyLength, const NameValuePairs &params)
-{
-	unsigned long iterations = 0;
-	double timeTaken;
-
-	clock_t start = ::clock();
-	do
-	{
-		for (unsigned int i=0; i<1024; i++)
-			c.SetKey(defaultKey, keyLength, params);
-		timeTaken = double(::clock() - start) / CLOCK_TICKS_PER_SECOND;
-		iterations += 1024;
-	}
-	while (timeTaken < g_allocatedTime);
-
-	OutputResultKeying(iterations, timeTaken);
-}
-
-template <class T_FactoryOutput, class T_Interface>
-void BenchMarkByName2(const char *factoryName, size_t keyLength = 0, const char *displayName=NULLPTR, const NameValuePairs &params = g_nullNameValuePairs)
-{
-	std::string name(factoryName ? factoryName : "");
-	member_ptr<T_FactoryOutput> obj(ObjectFactoryRegistry<T_FactoryOutput>::Registry().CreateObject(name.c_str()));
-
-	if (!keyLength)
-		keyLength = obj->DefaultKeyLength();
-
-	if (displayName)
-		name = displayName;
-	else if (keyLength)
-		name += " (" + IntToString(keyLength * 8) + "-bit key)";
-
-	const int blockSize = params.GetIntValueWithDefault(Name::BlockSize(), 0);
-	obj->SetKey(defaultKey, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, blockSize ? blockSize : obj->IVSize()), false)));
-	BenchMark(name.c_str(), *static_cast<T_Interface *>(obj.get()), g_allocatedTime);
-	BenchMarkKeying(*obj, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, blockSize ? blockSize : obj->IVSize()), false)));
-}
-
-template <class T_FactoryOutput>
-void BenchMarkByName(const char *factoryName, size_t keyLength = 0, const char *displayName=NULLPTR, const NameValuePairs &params = g_nullNameValuePairs)
-{
-	CRYPTOPP_UNUSED(params);
-	BenchMarkByName2<T_FactoryOutput, T_FactoryOutput>(factoryName, keyLength, displayName, params);
+	std::string provider = rng.AlgorithmProvider();
+	OutputResultBytes(name, provider.c_str(), double(blocks) * BUF_SIZE, timeTaken);
 }
 
 template <class T>
-void BenchMarkByNameKeyLess(const char *factoryName, const char *displayName=NULLPTR, const NameValuePairs &params = g_nullNameValuePairs)
+void BenchMarkByNameKeyLess(const char *factoryName, const char *displayName = NULLPTR, const NameValuePairs &params = g_nullNameValuePairs)
 {
 	CRYPTOPP_UNUSED(params);
 	std::string name = factoryName;
@@ -331,34 +307,39 @@ void BenchMarkByNameKeyLess(const char *factoryName, const char *displayName=NUL
 
 void AddHtmlHeader()
 {
+	std::ostringstream oss;
+
 	// HTML5
-	std::cout << "<!DOCTYPE HTML>";
-	std::cout << "\n<HTML lang=\"en\">";
+	oss << "<!DOCTYPE HTML>";
+	oss << "\n<HTML lang=\"en\">";
 
-	std::cout << "\n<HEAD>";
-	std::cout << "\n<META charset=\"UTF-8\">";
-	std::cout << "\n<TITLE>Speed Comparison of Popular Crypto Algorithms</TITLE>";
-	std::cout << "\n<STYLE>\n  table {border-collapse: collapse;}";
-	std::cout << "\n  table, th, td, tr {border: 1px solid black;}\n</STYLE>";
-	std::cout << "\n</HEAD>";
+	oss << "\n<HEAD>";
+	oss << "\n<META charset=\"UTF-8\">";
+	oss << "\n<TITLE>Speed Comparison of Popular Crypto Algorithms</TITLE>";
+	oss << "\n<STYLE>\n  table {border-collapse: collapse;}";
+	oss << "\n  table, th, td, tr {border: 1px solid black;}\n</STYLE>";
+	oss << "\n</HEAD>";
 
-	std::cout << "\n<BODY>";
+	oss << "\n<BODY>";
 
-	std::cout << "\n<H1><A href=\"http://www.cryptopp.com\">Crypto++</A> " << CRYPTOPP_VERSION / 100;
-	std::cout << '.' << (CRYPTOPP_VERSION % 100) / 10 << '.' << CRYPTOPP_VERSION % 10 << " Benchmarks</H1>";
+	oss << "\n<H1><A href=\"http://www.cryptopp.com\">Crypto++ " << CRYPTOPP_VERSION / 100;
+	oss << '.' << (CRYPTOPP_VERSION % 100) / 10 << '.' << CRYPTOPP_VERSION % 10 << "</A> Benchmarks</H1>";
 
-	std::cout << "\n<P>Here are speed benchmarks for some commonly used cryptographic algorithms.</P>";
+	oss << "\n<P>Here are speed benchmarks for some commonly used cryptographic algorithms.</P>";
 
 	if (g_hertz > 1.0f)
-		std::cout << "\n<P>CPU frequency of the test platform is " << g_hertz << " Hz.</P>";
+		oss << "\n<P>CPU frequency of the test platform is " << HertzToString(g_hertz) << ".</P>";
 	else
-		std::cout << "\n<P>CPU frequency of the test platform was not provided.</P>" << std::endl;
+		oss << "\n<P>CPU frequency of the test platform was not provided.</P>" << std::endl;
+
+	std::cout << oss.str();
 }
 
 void AddHtmlFooter()
 {
-	std::cout << "\n</BODY>";
-	std::cout << "\n</HTML>" << std::endl;
+	std::ostringstream oss;
+	oss << "\n</BODY>\n</HTML>\n";
+	std::cout << oss.str();
 }
 
 void BenchmarkWithCommand(int argc, const char* const argv[])
@@ -368,8 +349,14 @@ void BenchmarkWithCommand(int argc, const char* const argv[])
 	float cpuFreq(argc >= 4 ? Test::StringToValue<float, true>(argv[3])*float(1e9) : 0.0f);
 	std::string algoName(argc >= 5 ? argv[4] : "");
 
+	// https://github.com/weidai11/cryptopp/issues/983
+	if (runningTime > 10.0f)
+		runningTime = 10.0f;
+
 	if (command == "b")  // All benchmarks
 		Benchmark(Test::All, runningTime, cpuFreq);
+	else if (command == "b4")  // Public key algorithms over EC
+		Test::Benchmark(Test::PublicKeyEC, runningTime, cpuFreq);
 	else if (command == "b3")  // Public key algorithms
 		Test::Benchmark(Test::PublicKey, runningTime, cpuFreq);
 	else if (command == "b2")  // Shared key algorithms
@@ -383,6 +370,9 @@ void Benchmark(Test::TestClass suites, double t, double hertz)
 	g_allocatedTime = t;
 	g_hertz = hertz;
 
+	// Add <br> in between tables
+	size_t count_breaks = 0;
+
 	AddHtmlHeader();
 
 	g_testBegin = ::time(NULLPTR);
@@ -393,47 +383,65 @@ void Benchmark(Test::TestClass suites, double t, double hertz)
 	// Unkeyed algorithms
 	if (suites & Test::Unkeyed)
 	{
-		std::cout << "\n<BR>";
-		Benchmark1(t, hertz);
+		if (count_breaks)
+			std::cout << "\n<BR>";
+		count_breaks++;
+
+		BenchmarkUnkeyedAlgorithms(t, hertz);
 	}
 
 	// Shared key algorithms
 	if (suites & Test::SharedKey)
 	{
-		std::cout << "\n<BR>";
-		Benchmark2(t, hertz);
+		if (count_breaks)
+			std::cout << "\n<BR>";
+		count_breaks++;
+
+		BenchmarkSharedKeyedAlgorithms(t, hertz);
 	}
 
 	// Public key algorithms
 	if (suites & Test::PublicKey)
 	{
-		std::cout << "\n<BR>";
-		Benchmark3(t, hertz);
+		if (count_breaks)
+			std::cout << "\n<BR>";
+		count_breaks++;
+
+		BenchmarkPublicKeyAlgorithms(t, hertz);
+	}
+
+	// Public key algorithms over EC
+	if (suites & Test::PublicKeyEC)
+	{
+		if (count_breaks)
+			std::cout << "\n<BR>";
+		count_breaks++;
+
+		BenchmarkEllipticCurveAlgorithms(t, hertz);
 	}
 
 	g_testEnd = ::time(NULLPTR);
 
-	{
-		StreamState state(std::cout);
-		std::cout << "\n<P>Throughput Geometric Average: " << std::setiosflags(std::ios::fixed);
-		std::cout << std::exp(g_logTotal/(g_logCount > 0.0f ? g_logCount : 1.0f)) << std::endl;
-	}
+	std::ostringstream oss;
+	oss << "\n<P>Throughput Geometric Average: " << std::setiosflags(std::ios::fixed);
+	oss << std::exp(g_logTotal/(g_logCount > 0.0f ? g_logCount : 1.0f)) << std::endl;
 
-	std::cout << "\n<P>Test started at " << TimeToString(g_testBegin);
-	std::cout << "\n<BR>Test ended at " << TimeToString(g_testEnd);
-	std::cout << std::endl;
+	oss << "\n<P>Test started at " << TimeToString(g_testBegin);
+	oss << "\n<BR>Test ended at " << TimeToString(g_testEnd);
+	oss << "\n";
+	std::cout << oss.str();
 
 	AddHtmlFooter();
 }
 
-void Benchmark1(double t, double hertz)
+void BenchmarkUnkeyedAlgorithms(double t, double hertz)
 {
 	g_allocatedTime = t;
 	g_hertz = hertz;
 
 	const char *cpb;
 	if (g_hertz > 1.0f)
-		cpb = "<TH>Cycles Per Byte";
+		cpb = "<TH>Cycles/Byte";
 	else
 		cpb = "";
 
@@ -442,7 +450,7 @@ void Benchmark1(double t, double hertz)
 	std::cout << "\n<COLGROUP><COL style=\"text-align: left;\"><COL style=\"text-align: right;\">";
 	std::cout << "<COL style=\"text-align: right;\">";
 	std::cout << "\n<THEAD style=\"background: #F0F0F0\">";
-	std::cout << "\n<TR><TH>Algorithm<TH>MiB/Second" << cpb;
+	std::cout << "\n<TR><TH>Algorithm<TH>Provider<TH>MiB/Second" << cpb;
 
 	std::cout << "\n<TBODY style=\"background: white;\">";
 	{
@@ -454,15 +462,19 @@ void Benchmark1(double t, double hertz)
 		BenchMarkByNameKeyLess<RandomNumberGenerator>("AutoSeededX917RNG(AES)");
 #endif
 		BenchMarkByNameKeyLess<RandomNumberGenerator>("MT19937");
-#if (CRYPTOPP_BOOL_X86)
+#if (CRYPTOPP_BOOL_X86) && !defined(CRYPTOPP_DISABLE_ASM)
 		if (HasPadlockRNG())
 			BenchMarkByNameKeyLess<RandomNumberGenerator>("PadlockRNG");
 #endif
-#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
+#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) && !defined(CRYPTOPP_DISABLE_ASM)
 		if (HasRDRAND())
 			BenchMarkByNameKeyLess<RandomNumberGenerator>("RDRAND");
 		if (HasRDSEED())
 			BenchMarkByNameKeyLess<RandomNumberGenerator>("RDSEED");
+#endif
+#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) && !defined(CRYPTOPP_DISABLE_ASM)
+		if (HasDARN())
+			BenchMarkByNameKeyLess<RandomNumberGenerator>("DARN");
 #endif
 		BenchMarkByNameKeyLess<RandomNumberGenerator>("AES/OFB RNG");
 		BenchMarkByNameKeyLess<NIST_DRBG>("Hash_DRBG(SHA1)");
@@ -497,154 +509,8 @@ void Benchmark1(double t, double hertz)
 		BenchMarkByNameKeyLess<HashTransformation>("SM3");
 		BenchMarkByNameKeyLess<HashTransformation>("BLAKE2s");
 		BenchMarkByNameKeyLess<HashTransformation>("BLAKE2b");
-	}
-
-	std::cout << "\n</TABLE>" << std::endl;
-}
-
-void Benchmark2(double t, double hertz)
-{
-	g_allocatedTime = t;
-	g_hertz = hertz;
-
-	const char *cpb, *cpk;
-	if (g_hertz > 1.0f)
-	{
-		cpb = "<TH>Cycles Per Byte";
-		cpk = "<TH>Cycles to<BR>Setup Key and IV";
-	}
-	else
-	{
-		cpb = cpk = "";
-	}
-
-	std::cout << "\n<TABLE>";
-	std::cout << "\n<COLGROUP><COL style=\"text-align: left;\"><COL style=\"text-align: right;\"><COL style=";
-	std::cout << "\"text-align: right;\"><COL style=\"text-align: right;\"><COL style=\"text-align: right;\">";
-	std::cout << "\n<THEAD style=\"background: #F0F0F0\">";
-	std::cout << "\n<TR><TH>Algorithm<TH>MiB/Second" << cpb;
-	std::cout << "<TH>Microseconds to<BR>Setup Key and IV" << cpk;
-
-	std::cout << "\n<TBODY style=\"background: white;\">";
-	{
-#if CRYPTOPP_AESNI_AVAILABLE
-		if (HasCLMUL())
-			BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES)");
-		else
-#elif CRYPTOPP_ARM_PMULL_AVAILABLE
-		if (HasPMULL())
-			BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES)");
-		else
-#endif
-		{
-			BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES) (2K tables)", MakeParameters(Name::TableSize(), 2048));
-			BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES) (64K tables)", MakeParameters(Name::TableSize(), 64 * 1024));
-		}
-
-		BenchMarkByName<MessageAuthenticationCode>("VMAC(AES)-64");
-		BenchMarkByName<MessageAuthenticationCode>("VMAC(AES)-128");
-		BenchMarkByName<MessageAuthenticationCode>("HMAC(SHA-1)");
-		BenchMarkByName<MessageAuthenticationCode>("HMAC(SHA-256)");
-		BenchMarkByName<MessageAuthenticationCode>("Two-Track-MAC");
-		BenchMarkByName<MessageAuthenticationCode>("CMAC(AES)");
-		BenchMarkByName<MessageAuthenticationCode>("DMAC(AES)");
-		BenchMarkByName<MessageAuthenticationCode>("Poly1305(AES)");
-		BenchMarkByName<MessageAuthenticationCode>("BLAKE2s");
-		BenchMarkByName<MessageAuthenticationCode>("BLAKE2b");
-		BenchMarkByName<MessageAuthenticationCode>("SipHash-2-4");
-		BenchMarkByName<MessageAuthenticationCode>("SipHash-4-8");
-	}
-
-	std::cout << "\n<TBODY style=\"background: yellow;\">";
-	{
-		BenchMarkByName<SymmetricCipher>("Panama-LE");
-		BenchMarkByName<SymmetricCipher>("Panama-BE");
-		BenchMarkByName<SymmetricCipher>("Salsa20");
-		BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20/12", MakeParameters(Name::Rounds(), 12));
-		BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20/8", MakeParameters(Name::Rounds(), 8));
-		BenchMarkByName<SymmetricCipher>("ChaCha20");
-		BenchMarkByName<SymmetricCipher>("ChaCha12");
-		BenchMarkByName<SymmetricCipher>("ChaCha8");
-		BenchMarkByName<SymmetricCipher>("Sosemanuk");
-		BenchMarkByName<SymmetricCipher>("MARC4");
-		BenchMarkByName<SymmetricCipher>("SEAL-3.0-LE");
-		BenchMarkByName<SymmetricCipher>("WAKE-OFB-LE");
-	}
-
-	std::cout << "\n<TBODY style=\"background: white;\">";
-	{
-		BenchMarkByName<SymmetricCipher>("AES/CTR", 16);
-		BenchMarkByName<SymmetricCipher>("AES/CTR", 24);
-		BenchMarkByName<SymmetricCipher>("AES/CTR", 32);
-		BenchMarkByName<SymmetricCipher>("AES/CBC", 16);
-		BenchMarkByName<SymmetricCipher>("AES/CBC", 24);
-		BenchMarkByName<SymmetricCipher>("AES/CBC", 32);
-		BenchMarkByName<SymmetricCipher>("AES/OFB", 16);
-		BenchMarkByName<SymmetricCipher>("AES/CFB", 16);
-		BenchMarkByName<SymmetricCipher>("AES/ECB", 16);
-		BenchMarkByName<SymmetricCipher>("ARIA/CTR", 16);
-		BenchMarkByName<SymmetricCipher>("ARIA/CTR", 32);
-		BenchMarkByName<SymmetricCipher>("Camellia/CTR", 16);
-		BenchMarkByName<SymmetricCipher>("Camellia/CTR", 32);
-		BenchMarkByName<SymmetricCipher>("Twofish/CTR");
-		BenchMarkByName<SymmetricCipher>("Threefish-256(256)/CTR", 32);
-		BenchMarkByName<SymmetricCipher>("Threefish-512(512)/CTR", 64);
-		BenchMarkByName<SymmetricCipher>("Threefish-1024(1024)/CTR", 128);
-		BenchMarkByName<SymmetricCipher>("Serpent/CTR");
-		BenchMarkByName<SymmetricCipher>("CAST-128/CTR");
-		BenchMarkByName<SymmetricCipher>("CAST-256/CTR");
-		BenchMarkByName<SymmetricCipher>("RC6/CTR");
-		BenchMarkByName<SymmetricCipher>("MARS/CTR");
-		BenchMarkByName<SymmetricCipher>("SHACAL-2/CTR", 16);
-		BenchMarkByName<SymmetricCipher>("SHACAL-2/CTR", 64);
-		BenchMarkByName<SymmetricCipher>("DES/CTR");
-		BenchMarkByName<SymmetricCipher>("DES-XEX3/CTR");
-		BenchMarkByName<SymmetricCipher>("DES-EDE3/CTR");
-		BenchMarkByName<SymmetricCipher>("IDEA/CTR");
-		BenchMarkByName<SymmetricCipher>("RC5/CTR", 0, "RC5 (r=16)");
-		BenchMarkByName<SymmetricCipher>("Blowfish/CTR");
-		BenchMarkByName<SymmetricCipher>("TEA/CTR");
-		BenchMarkByName<SymmetricCipher>("XTEA/CTR");
-		BenchMarkByName<SymmetricCipher>("SKIPJACK/CTR");
-		BenchMarkByName<SymmetricCipher>("SEED/CTR", 0, "SEED/CTR (1/2 K table)");
-		BenchMarkByName<SymmetricCipher>("SM4/CTR");
-
-		BenchMarkByName<SymmetricCipher>("Kalyna-128/CTR", 16, "Kalyna-128(128)/CTR (128-bit key)");
-		BenchMarkByName<SymmetricCipher>("Kalyna-128/CTR", 32, "Kalyna-128(256)/CTR (256-bit key)");
-		BenchMarkByName<SymmetricCipher>("Kalyna-256/CTR", 32, "Kalyna-256(256)/CTR (256-bit key)");
-		BenchMarkByName<SymmetricCipher>("Kalyna-256/CTR", 64, "Kalyna-256(512)/CTR (512-bit key)");
-		BenchMarkByName<SymmetricCipher>("Kalyna-512/CTR", 64, "Kalyna-512(512)/CTR (512-bit key)");
-
-		BenchMarkByName<SymmetricCipher>("SIMON-64/CTR", 12, "SIMON-64(96)/CTR (96-bit key)");
-		BenchMarkByName<SymmetricCipher>("SIMON-64/CTR", 16, "SIMON-64(128)/CTR (128-bit key)");
-		BenchMarkByName<SymmetricCipher>("SIMON-128/CTR", 16, "SIMON-128(128)/CTR (128-bit key)");
-		BenchMarkByName<SymmetricCipher>("SIMON-128/CTR", 24, "SIMON-128(192)/CTR (192-bit key)");
-		BenchMarkByName<SymmetricCipher>("SIMON-128/CTR", 32, "SIMON-128(256)/CTR (256-bit key)");
-
-		BenchMarkByName<SymmetricCipher>("SPECK-64/CTR", 12, "SPECK-64(96)/CTR (96-bit key)");
-		BenchMarkByName<SymmetricCipher>("SPECK-64/CTR", 16, "SPECK-64(128)/CTR (128-bit key)");
-		BenchMarkByName<SymmetricCipher>("SPECK-128/CTR", 16, "SPECK-128(128)/CTR (128-bit key)");
-		BenchMarkByName<SymmetricCipher>("SPECK-128/CTR", 24, "SPECK-128(192)/CTR (192-bit key)");
-		BenchMarkByName<SymmetricCipher>("SPECK-128/CTR", 32, "SPECK-128(256)/CTR (256-bit key)");
-	}
-
-	std::cout << "\n<TBODY style=\"background: yellow;\">";
-	{
-#if CRYPTOPP_AESNI_AVAILABLE
-		if (HasCLMUL())
-			BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM");
-		else
-#elif CRYPTOPP_ARM_PMULL_AVAILABLE
-		if (HasPMULL())
-			BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM");
-		else
-#endif
-		{
-			BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM (2K tables)", MakeParameters(Name::TableSize(), 2048));
-			BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM (64K tables)", MakeParameters(Name::TableSize(), 64 * 1024));
-		}
-		BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/CCM");
-		BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/EAX");
+		BenchMarkByNameKeyLess<HashTransformation>("LSH-256");
+		BenchMarkByNameKeyLess<HashTransformation>("LSH-512");
 	}
 
 	std::cout << "\n</TABLE>" << std::endl;

Common/3dParty/cryptopp/bench2.cpp

@@ -5,33 +5,22 @@
 #include "bench.h"
 #include "validate.h"
 
-#include "pubkey.h"
-#include "gfpcrypt.h"
-#include "eccrypto.h"
-#include "pkcspad.h"
-
-#include "files.h"
-#include "filters.h"
-#include "hex.h"
-#include "rsa.h"
-#include "nr.h"
-#include "dsa.h"
-#include "luc.h"
-#include "rw.h"
-#include "ecp.h"
-#include "ec2n.h"
-#include "asn.h"
-#include "dh.h"
-#include "mqv.h"
-#include "hmqv.h"
-#include "fhmqv.h"
-#include "xtrcrypt.h"
-#include "esign.h"
-#include "pssr.h"
-#include "oids.h"
-#include "randpool.h"
+#include "cpu.h"
+#include "factory.h"
+#include "algparam.h"
+#include "argnames.h"
+#include "smartptr.h"
 #include "stdcpp.h"
-#include "hrtimer.h"
+
+#include "vmac.h"
+#include "hmac.h"
+#include "ttmac.h"
+#include "cmac.h"
+#include "dmac.h"
+
+#if CRYPTOPP_MSC_VERSION
+# pragma warning(disable: 4355)
+#endif
 
 #if CRYPTOPP_MSC_VERSION
 # pragma warning(disable: 4505 4355)
@@ -40,381 +29,235 @@
 NAMESPACE_BEGIN(CryptoPP)
 NAMESPACE_BEGIN(Test)
 
-void BenchMarkEncryption(const char *name, PK_Encryptor &key, double timeTotal, bool pc=false)
+void BenchMarkKeying(SimpleKeyingInterface &c, size_t keyLength, const NameValuePairs &params)
 {
-	unsigned int len = 16;
-	SecByteBlock plaintext(len), ciphertext(key.CiphertextLength(len));
-	Test::GlobalRNG().GenerateBlock(plaintext, len);
-
-	unsigned int i = 0;
+	unsigned long iterations = 0;
 	double timeTaken;
 
-	ThreadUserTimer timer;
-	timer.StartTimer();
-
+	clock_t start = ::clock();
 	do
 	{
-		key.Encrypt(Test::GlobalRNG(), plaintext, len, ciphertext);
-		++i; timeTaken = timer.ElapsedTimeAsDouble();
+		for (unsigned int i=0; i<1024; i++)
+			c.SetKey(defaultKey, keyLength, params);
+		timeTaken = double(::clock() - start) / CLOCK_TICKS_PER_SECOND;
+		iterations += 1024;
 	}
-	while (timeTaken < timeTotal);
+	while (timeTaken < g_allocatedTime);
 
-	OutputResultOperations(name, "Encryption", pc, i, timeTaken);
-
-	if (!pc && key.GetMaterial().SupportsPrecomputation())
-	{
-		key.AccessMaterial().Precompute(16);
-		BenchMarkEncryption(name, key, timeTotal, true);
-	}
+	OutputResultKeying(iterations, timeTaken);
 }
 
-void BenchMarkDecryption(const char *name, PK_Decryptor &priv, PK_Encryptor &pub, double timeTotal)
+void BenchMark(const char *name, AuthenticatedSymmetricCipher &cipher, double timeTotal)
 {
-	unsigned int len = 16;
-	SecByteBlock ciphertext(pub.CiphertextLength(len));
-	SecByteBlock plaintext(pub.MaxPlaintextLength(ciphertext.size()));
-	Test::GlobalRNG().GenerateBlock(plaintext, len);
-	pub.Encrypt(Test::GlobalRNG(), plaintext, len, ciphertext);
+	if (cipher.NeedsPrespecifiedDataLengths())
+		cipher.SpecifyDataLengths(0, cipher.MaxMessageLength(), 0);
 
-	unsigned int i = 0;
-	double timeTaken;
-
-	ThreadUserTimer timer;
-	timer.StartTimer();
-
-	do
-	{
-		priv.Decrypt(Test::GlobalRNG(), ciphertext, ciphertext.size(), plaintext);
-		++i; timeTaken = timer.ElapsedTimeAsDouble();
-	}
-	while (timeTaken < timeTotal);
-
-	OutputResultOperations(name, "Decryption", false, i, timeTaken);
+	BenchMark(name, static_cast<StreamTransformation &>(cipher), timeTotal);
 }
 
-void BenchMarkSigning(const char *name, PK_Signer &key, double timeTotal, bool pc=false)
+template <class T_FactoryOutput, class T_Interface>
+void BenchMarkByName2(const char *factoryName, size_t keyLength=0, const char *displayName=NULLPTR, const NameValuePairs &params = g_nullNameValuePairs)
 {
-	unsigned int len = 16;
-	AlignedSecByteBlock message(len), signature(key.SignatureLength());
-	Test::GlobalRNG().GenerateBlock(message, len);
+	std::string name(factoryName ? factoryName : "");
+	member_ptr<T_FactoryOutput> obj(ObjectFactoryRegistry<T_FactoryOutput>::Registry().CreateObject(name.c_str()));
 
-	unsigned int i = 0;
-	double timeTaken;
+	if (keyLength == 0)
+		keyLength = obj->DefaultKeyLength();
 
-	ThreadUserTimer timer;
-	timer.StartTimer();
+	if (displayName != NULLPTR)
+		name = displayName;
+	else if (keyLength != 0)
+		name += " (" + IntToString(keyLength * 8) + "-bit key)";
 
-	do
-	{
-		(void)key.SignMessage(Test::GlobalRNG(), message, len, signature);
-		++i; timeTaken = timer.ElapsedTimeAsDouble();
-	}
-	while (timeTaken < timeTotal);
-
-	OutputResultOperations(name, "Signature", pc, i, timeTaken);
-
-	if (!pc && key.GetMaterial().SupportsPrecomputation())
-	{
-		key.AccessMaterial().Precompute(16);
-		BenchMarkSigning(name, key, timeTotal, true);
-	}
+	obj->SetKey(defaultKey, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, obj->IVSize()), false)));
+	BenchMark(name.c_str(), *static_cast<T_Interface *>(obj.get()), g_allocatedTime);
+	BenchMarkKeying(*obj, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, obj->IVSize()), false)));
 }
 
-void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false)
+template <class T_FactoryOutput>
+void BenchMarkByName(const char *factoryName, size_t keyLength=0, const char *displayName=NULLPTR, const NameValuePairs &params = g_nullNameValuePairs)
 {
-	unsigned int len = 16;
-	AlignedSecByteBlock message(len), signature(pub.SignatureLength());
-	Test::GlobalRNG().GenerateBlock(message, len);
-	priv.SignMessage(Test::GlobalRNG(), message, len, signature);
-
-	unsigned int i = 0;
-	double timeTaken;
-
-	ThreadUserTimer timer;
-	timer.StartTimer();
-
-	do
-	{
-		(void)pub.VerifyMessage(message, len, signature, signature.size());
-		++i; timeTaken = timer.ElapsedTimeAsDouble();
-	}
-	while (timeTaken < timeTotal);
-
-	OutputResultOperations(name, "Verification", pc, i, timeTaken);
-
-	if (!pc && pub.GetMaterial().SupportsPrecomputation())
-	{
-		pub.AccessMaterial().Precompute(16);
-		BenchMarkVerification(name, priv, pub, timeTotal, true);
-	}
+	BenchMarkByName2<T_FactoryOutput,T_FactoryOutput>(factoryName, keyLength, displayName, params);
 }
 
-void BenchMarkKeyGen(const char *name, SimpleKeyAgreementDomain &d, double timeTotal, bool pc=false)
-{
-	SecByteBlock priv(d.PrivateKeyLength()), pub(d.PublicKeyLength());
-
-	unsigned int i = 0;
-	double timeTaken;
-
-	ThreadUserTimer timer;
-	timer.StartTimer();
-
-	do
-	{
-		d.GenerateKeyPair(Test::GlobalRNG(), priv, pub);
-		++i; timeTaken = timer.ElapsedTimeAsDouble();
-	}
-	while (timeTaken < timeTotal);
-
-	OutputResultOperations(name, "Key-Pair Generation", pc, i, timeTaken);
-
-	if (!pc && d.GetMaterial().SupportsPrecomputation())
-	{
-		d.AccessMaterial().Precompute(16);
-		BenchMarkKeyGen(name, d, timeTotal, true);
-	}
-}
-
-void BenchMarkKeyGen(const char *name, AuthenticatedKeyAgreementDomain &d, double timeTotal, bool pc=false)
-{
-	SecByteBlock priv(d.EphemeralPrivateKeyLength()), pub(d.EphemeralPublicKeyLength());
-
-	unsigned int i = 0;
-	double timeTaken;
-
-	ThreadUserTimer timer;
-	timer.StartTimer();
-
-	do
-	{
-		d.GenerateEphemeralKeyPair(Test::GlobalRNG(), priv, pub);
-		++i; timeTaken = timer.ElapsedTimeAsDouble();
-	}
-	while (timeTaken < timeTotal);
-
-	OutputResultOperations(name, "Key-Pair Generation", pc, i, timeTaken);
-
-	if (!pc && d.GetMaterial().SupportsPrecomputation())
-	{
-		d.AccessMaterial().Precompute(16);
-		BenchMarkKeyGen(name, d, timeTotal, true);
-	}
-}
-
-void BenchMarkAgreement(const char *name, SimpleKeyAgreementDomain &d, double timeTotal, bool pc=false)
-{
-	SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength());
-	SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength());
-	d.GenerateKeyPair(Test::GlobalRNG(), priv1, pub1);
-	d.GenerateKeyPair(Test::GlobalRNG(), priv2, pub2);
-	SecByteBlock val(d.AgreedValueLength());
-
-	unsigned int i = 0;
-	double timeTaken;
-
-	ThreadUserTimer timer;
-	timer.StartTimer();
-
-	do
-	{
-		d.Agree(val, priv1, pub2);
-		d.Agree(val, priv2, pub1);
-		i+=2; timeTaken = timer.ElapsedTimeAsDouble();
-	}
-	while (timeTaken < timeTotal);
-
-	OutputResultOperations(name, "Key Agreement", pc, i, timeTaken);
-}
-
-void BenchMarkAgreement(const char *name, AuthenticatedKeyAgreementDomain &d, double timeTotal, bool pc=false)
-{
-	SecByteBlock spriv1(d.StaticPrivateKeyLength()), spriv2(d.StaticPrivateKeyLength());
-	SecByteBlock epriv1(d.EphemeralPrivateKeyLength()), epriv2(d.EphemeralPrivateKeyLength());
-	SecByteBlock spub1(d.StaticPublicKeyLength()), spub2(d.StaticPublicKeyLength());
-	SecByteBlock epub1(d.EphemeralPublicKeyLength()), epub2(d.EphemeralPublicKeyLength());
-	d.GenerateStaticKeyPair(Test::GlobalRNG(), spriv1, spub1);
-	d.GenerateStaticKeyPair(Test::GlobalRNG(), spriv2, spub2);
-	d.GenerateEphemeralKeyPair(Test::GlobalRNG(), epriv1, epub1);
-	d.GenerateEphemeralKeyPair(Test::GlobalRNG(), epriv2, epub2);
-	SecByteBlock val(d.AgreedValueLength());
-
-	unsigned int i = 0;
-	double timeTaken;
-
-	ThreadUserTimer timer;
-	timer.StartTimer();
-
-	do
-	{
-		d.Agree(val, spriv1, epriv1, spub2, epub2);
-		d.Agree(val, spriv2, epriv2, spub1, epub1);
-		i+=2; timeTaken = timer.ElapsedTimeAsDouble();
-	}
-	while (timeTaken < timeTotal);
-
-	OutputResultOperations(name, "Key Agreement", pc, i, timeTaken);
-}
-
-template <class SCHEME>
-void BenchMarkCrypto(const char *filename, const char *name, double timeTotal)
-{
-	FileSource f(filename, true, new HexDecoder);
-	typename SCHEME::Decryptor priv(f);
-	typename SCHEME::Encryptor pub(priv);
-	BenchMarkEncryption(name, pub, timeTotal);
-	BenchMarkDecryption(name, priv, pub, timeTotal);
-}
-
-template <class SCHEME>
-void BenchMarkSignature(const char *filename, const char *name, double timeTotal)
-{
-	FileSource f(filename, true, new HexDecoder);
-	typename SCHEME::Signer priv(f);
-	typename SCHEME::Verifier pub(priv);
-	BenchMarkSigning(name, priv, timeTotal);
-	BenchMarkVerification(name, priv, pub, timeTotal);
-}
-
-template <class D>
-void BenchMarkKeyAgreement(const char *filename, const char *name, double timeTotal)
-{
-	FileSource f(filename, true, new HexDecoder);
-	D d(f);
-	BenchMarkKeyGen(name, d, timeTotal);
-	BenchMarkAgreement(name, d, timeTotal);
-}
-
-void Benchmark3(double t, double hertz)
+void BenchmarkSharedKeyedAlgorithms(double t, double hertz)
 {
 	g_allocatedTime = t;
 	g_hertz = hertz;
 
-	const char *mco;
+	const char *cpb, *cpk;
 	if (g_hertz > 1.0f)
-		mco = "<TH>Megacycles/Operation";
+	{
+		cpb = "<TH>Cycles/Byte";
+		cpk = "<TH>Cycles to<BR>Setup Key and IV";
+	}
 	else
-		mco = "";
+	{
+		cpb = cpk = "";
+	}
 
 	std::cout << "\n<TABLE>";
-	std::cout << "\n<COLGROUP><COL style=\"text-align: left;\"><COL style=";
-	std::cout << "\"text-align: right;\"><COL style=\"text-align: right;\">";
+	std::cout << "\n<COLGROUP><COL style=\"text-align: left;\"><COL style=\"text-align: right;\"><COL style=";
+	std::cout << "\"text-align: right;\"><COL style=\"text-align: right;\"><COL style=\"text-align: right;\">";
 	std::cout << "\n<THEAD style=\"background: #F0F0F0\">";
-	std::cout << "\n<TR><TH>Operation<TH>Milliseconds/Operation" << mco;
+	std::cout << "\n<TR><TH>Algorithm<TH>Provider<TH>MiB/Second" << cpb;
+	std::cout << "<TH>Microseconds to<BR>Setup Key and IV" << cpk;
 
 	std::cout << "\n<TBODY style=\"background: white;\">";
 	{
-		BenchMarkCrypto<RSAES<OAEP<SHA1> > >(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", "RSA 1024", t);
-		BenchMarkCrypto<LUCES<OAEP<SHA1> > >(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", "LUC 1024", t);
-		BenchMarkCrypto<DLIES<> >(CRYPTOPP_DATA_DIR "TestData/dlie1024.dat", "DLIES 1024", t);
-		BenchMarkCrypto<LUC_IES<> >(CRYPTOPP_DATA_DIR "TestData/lucc512.dat", "LUCELG 512", t);
-	}
-
-	std::cout << "\n<TBODY style=\"background: yellow;\">";
-	{
-		BenchMarkCrypto<RSAES<OAEP<SHA1> > >(CRYPTOPP_DATA_DIR "TestData/rsa2048.dat", "RSA 2048", t);
-		BenchMarkCrypto<LUCES<OAEP<SHA1> > >(CRYPTOPP_DATA_DIR "TestData/luc2048.dat", "LUC 2048", t);
-		BenchMarkCrypto<DLIES<> >(CRYPTOPP_DATA_DIR "TestData/dlie2048.dat", "DLIES 2048", t);
-		BenchMarkCrypto<LUC_IES<> >(CRYPTOPP_DATA_DIR "TestData/lucc1024.dat", "LUCELG 1024", t);
-	}
-
-	std::cout << "\n<TBODY style=\"background: white;\">";
-	{
-		BenchMarkSignature<RSASS<PSSR, SHA1> >(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", "RSA 1024", t);
-		BenchMarkSignature<RWSS<PSSR, SHA1> >(CRYPTOPP_DATA_DIR "TestData/rw1024.dat", "RW 1024", t);
-		BenchMarkSignature<LUCSS<PSSR, SHA1> >(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", "LUC 1024", t);
-		BenchMarkSignature<NR<SHA1> >(CRYPTOPP_DATA_DIR "TestData/nr1024.dat", "NR 1024", t);
-		BenchMarkSignature<DSA>(CRYPTOPP_DATA_DIR "TestData/dsa1024.dat", "DSA 1024", t);
-		BenchMarkSignature<LUC_HMP<SHA1> >(CRYPTOPP_DATA_DIR "TestData/lucs512.dat", "LUC-HMP 512", t);
-		BenchMarkSignature<ESIGN<SHA1> >(CRYPTOPP_DATA_DIR "TestData/esig1023.dat", "ESIGN 1023", t);
-		BenchMarkSignature<ESIGN<SHA1> >(CRYPTOPP_DATA_DIR "TestData/esig1536.dat", "ESIGN 1536", t);
-	}
-
-	std::cout << "\n<TBODY style=\"background: yellow;\">";
-	{
-		BenchMarkSignature<RSASS<PSSR, SHA1> >(CRYPTOPP_DATA_DIR "TestData/rsa2048.dat", "RSA 2048", t);
-		BenchMarkSignature<RWSS<PSSR, SHA1> >(CRYPTOPP_DATA_DIR "TestData/rw2048.dat", "RW 2048", t);
-		BenchMarkSignature<LUCSS<PSSR, SHA1> >(CRYPTOPP_DATA_DIR "TestData/luc2048.dat", "LUC 2048", t);
-		BenchMarkSignature<NR<SHA1> >(CRYPTOPP_DATA_DIR "TestData/nr2048.dat", "NR 2048", t);
-		BenchMarkSignature<LUC_HMP<SHA1> >(CRYPTOPP_DATA_DIR "TestData/lucs1024.dat", "LUC-HMP 1024", t);
-		BenchMarkSignature<ESIGN<SHA1> >(CRYPTOPP_DATA_DIR "TestData/esig2046.dat", "ESIGN 2046", t);
-	}
-
-	std::cout << "\n<TBODY style=\"background: white;\">";
-	{
-		BenchMarkKeyAgreement<XTR_DH>(CRYPTOPP_DATA_DIR "TestData/xtrdh171.dat", "XTR-DH 171", t);
-		BenchMarkKeyAgreement<XTR_DH>(CRYPTOPP_DATA_DIR "TestData/xtrdh342.dat", "XTR-DH 342", t);
-		BenchMarkKeyAgreement<DH>(CRYPTOPP_DATA_DIR "TestData/dh1024.dat", "DH 1024", t);
-		BenchMarkKeyAgreement<DH>(CRYPTOPP_DATA_DIR "TestData/dh2048.dat", "DH 2048", t);
-		BenchMarkKeyAgreement<LUC_DH>(CRYPTOPP_DATA_DIR "TestData/lucd512.dat", "LUCDIF 512", t);
-		BenchMarkKeyAgreement<LUC_DH>(CRYPTOPP_DATA_DIR "TestData/lucd1024.dat", "LUCDIF 1024", t);
-		BenchMarkKeyAgreement<MQV>(CRYPTOPP_DATA_DIR "TestData/mqv1024.dat", "MQV 1024", t);
-		BenchMarkKeyAgreement<MQV>(CRYPTOPP_DATA_DIR "TestData/mqv2048.dat", "MQV 2048", t);
-
-#if 0
-		BenchMarkKeyAgreement<ECHMQV160>(CRYPTOPP_DATA_DIR "TestData/hmqv160.dat", "HMQV P-160", t);
-		BenchMarkKeyAgreement<ECHMQV256>(CRYPTOPP_DATA_DIR "TestData/hmqv256.dat", "HMQV P-256", t);
-		BenchMarkKeyAgreement<ECHMQV384>(CRYPTOPP_DATA_DIR "TestData/hmqv384.dat", "HMQV P-384", t);
-		BenchMarkKeyAgreement<ECHMQV512>(CRYPTOPP_DATA_DIR "TestData/hmqv512.dat", "HMQV P-512", t);
-
-		BenchMarkKeyAgreement<ECFHMQV160>(CRYPTOPP_DATA_DIR "TestData/fhmqv160.dat", "FHMQV P-160", t);
-		BenchMarkKeyAgreement<ECFHMQV256>(CRYPTOPP_DATA_DIR "TestData/fhmqv256.dat", "FHMQV P-256", t);
-		BenchMarkKeyAgreement<ECFHMQV384>(CRYPTOPP_DATA_DIR "TestData/fhmqv384.dat", "FHMQV P-384", t);
-		BenchMarkKeyAgreement<ECFHMQV512>(CRYPTOPP_DATA_DIR "TestData/fhmqv512.dat", "FHMQV P-512", t);
+#if CRYPTOPP_AESNI_AVAILABLE
+		if (HasCLMUL())
+			BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES)");
+		else
+#elif CRYPTOPP_ARM_PMULL_AVAILABLE
+		if (HasPMULL())
+			BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES)");
+		else
+#elif CRYPTOPP_POWER8_VMULL_AVAILABLE
+		if (HasPMULL())
+			BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES)");
+		else
 #endif
+		{
+			BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES) (2K tables)", MakeParameters(Name::TableSize(), 2048));
+			BenchMarkByName2<AuthenticatedSymmetricCipher, MessageAuthenticationCode>("AES/GCM", 0, "GMAC(AES) (64K tables)", MakeParameters(Name::TableSize(), 64 * 1024));
+		}
+
+		BenchMarkByName<MessageAuthenticationCode>("VMAC(AES)-64");
+		BenchMarkByName<MessageAuthenticationCode>("VMAC(AES)-128");
+		BenchMarkByName<MessageAuthenticationCode>("HMAC(SHA-1)");
+		BenchMarkByName<MessageAuthenticationCode>("HMAC(SHA-256)");
+		BenchMarkByName<MessageAuthenticationCode>("Two-Track-MAC");
+		BenchMarkByName<MessageAuthenticationCode>("CMAC(AES)");
+		BenchMarkByName<MessageAuthenticationCode>("DMAC(AES)");
+		BenchMarkByName<MessageAuthenticationCode>("Poly1305(AES)");
+		BenchMarkByName<MessageAuthenticationCode>("Poly1305TLS");
+		BenchMarkByName<MessageAuthenticationCode>("BLAKE2s");
+		BenchMarkByName<MessageAuthenticationCode>("BLAKE2b");
+		BenchMarkByName<MessageAuthenticationCode>("SipHash-2-4");
+		BenchMarkByName<MessageAuthenticationCode>("SipHash-4-8");
 	}
 
 	std::cout << "\n<TBODY style=\"background: yellow;\">";
 	{
-		ECIES<ECP>::Decryptor cpriv(Test::GlobalRNG(), ASN1::secp256k1());
-		ECIES<ECP>::Encryptor cpub(cpriv);
-		ECDSA<ECP, SHA1>::Signer spriv(cpriv);
-		ECDSA<ECP, SHA1>::Verifier spub(spriv);
-		ECDSA_RFC6979<ECP, SHA1>::Signer spriv2(cpriv);
-		ECDSA_RFC6979<ECP, SHA1>::Verifier spub2(spriv);
-		ECGDSA<ECP, SHA1>::Signer spriv3(Test::GlobalRNG(), ASN1::secp256k1());
-		ECGDSA<ECP, SHA1>::Verifier spub3(spriv3);
-		ECDH<ECP>::Domain ecdhc(ASN1::secp256k1());
-		ECMQV<ECP>::Domain ecmqvc(ASN1::secp256k1());
-
-		BenchMarkEncryption("ECIES over GF(p) 256", cpub, t);
-		BenchMarkDecryption("ECIES over GF(p) 256", cpriv, cpub, t);
-		BenchMarkSigning("ECDSA over GF(p) 256", spriv, t);
-		BenchMarkVerification("ECDSA over GF(p) 256", spriv, spub, t);
-		BenchMarkSigning("ECDSA-RFC6979 over GF(p) 256", spriv2, t);
-		BenchMarkVerification("ECDSA-RFC6979 over GF(p) 256", spriv2, spub2, t);
-		BenchMarkSigning("ECGDSA over GF(p) 256", spriv3, t);
-		BenchMarkVerification("ECGDSA over GF(p) 256", spriv3, spub3, t);
-		BenchMarkKeyGen("ECDHC over GF(p) 256", ecdhc, t);
-		BenchMarkAgreement("ECDHC over GF(p) 256", ecdhc, t);
-		BenchMarkKeyGen("ECMQVC over GF(p) 256", ecmqvc, t);
-		BenchMarkAgreement("ECMQVC over GF(p) 256", ecmqvc, t);
+		BenchMarkByName<SymmetricCipher>("Panama-LE");
+		BenchMarkByName<SymmetricCipher>("Panama-BE");
+		BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20");
+		BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20/12", MakeParameters(Name::Rounds(), 12));
+		BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20/8", MakeParameters(Name::Rounds(), 8));
+		BenchMarkByName<SymmetricCipher>("ChaCha", 0, "ChaCha20");
+		BenchMarkByName<SymmetricCipher>("ChaCha", 0, "ChaCha12", MakeParameters(Name::Rounds(), 12));
+		BenchMarkByName<SymmetricCipher>("ChaCha", 0, "ChaCha8", MakeParameters(Name::Rounds(), 8));
+		BenchMarkByName<SymmetricCipher>("ChaChaTLS");
+		BenchMarkByName<SymmetricCipher>("Sosemanuk");
+		BenchMarkByName<SymmetricCipher>("Rabbit");
+		BenchMarkByName<SymmetricCipher>("RabbitWithIV");
+		BenchMarkByName<SymmetricCipher>("HC-128");
+		BenchMarkByName<SymmetricCipher>("HC-256");
+		BenchMarkByName<SymmetricCipher>("MARC4");
+		BenchMarkByName<SymmetricCipher>("SEAL-3.0-LE");
+		BenchMarkByName<SymmetricCipher>("WAKE-OFB-LE");
 	}
 
 	std::cout << "\n<TBODY style=\"background: white;\">";
 	{
-		ECIES<EC2N>::Decryptor cpriv(Test::GlobalRNG(), ASN1::sect233r1());
-		ECIES<EC2N>::Encryptor cpub(cpriv);
-		ECDSA<EC2N, SHA1>::Signer spriv(cpriv);
-		ECDSA<EC2N, SHA1>::Verifier spub(spriv);
-		ECDSA_RFC6979<EC2N, SHA1>::Signer spriv2(cpriv);
-		ECDSA_RFC6979<EC2N, SHA1>::Verifier spub2(spriv);
-		ECGDSA<EC2N, SHA1>::Signer spriv3(Test::GlobalRNG(), ASN1::sect233r1());
-		ECGDSA<EC2N, SHA1>::Verifier spub3(spriv3);
-		ECDH<EC2N>::Domain ecdhc(ASN1::sect233r1());
-		ECMQV<EC2N>::Domain ecmqvc(ASN1::sect233r1());
+		BenchMarkByName<SymmetricCipher>("AES/CTR", 16);
+		BenchMarkByName<SymmetricCipher>("AES/CTR", 24);
+		BenchMarkByName<SymmetricCipher>("AES/CTR", 32);
+		BenchMarkByName<SymmetricCipher>("AES/CBC", 16);
+		BenchMarkByName<SymmetricCipher>("AES/CBC", 24);
+		BenchMarkByName<SymmetricCipher>("AES/CBC", 32);
+		BenchMarkByName<SymmetricCipher>("AES/XTS", 32);
+		BenchMarkByName<SymmetricCipher>("AES/XTS", 48);
+		BenchMarkByName<SymmetricCipher>("AES/XTS", 64);
+		BenchMarkByName<SymmetricCipher>("AES/OFB", 16);
+		BenchMarkByName<SymmetricCipher>("AES/CFB", 16);
+		BenchMarkByName<SymmetricCipher>("AES/ECB", 16);
+		BenchMarkByName<SymmetricCipher>("ARIA/CTR", 16);
+		BenchMarkByName<SymmetricCipher>("ARIA/CTR", 32);
+		BenchMarkByName<SymmetricCipher>("HIGHT/CTR");
+		BenchMarkByName<SymmetricCipher>("Camellia/CTR", 16);
+		BenchMarkByName<SymmetricCipher>("Camellia/CTR", 32);
+		BenchMarkByName<SymmetricCipher>("Twofish/CTR");
+		BenchMarkByName<SymmetricCipher>("Threefish-256(256)/CTR", 32);
+		BenchMarkByName<SymmetricCipher>("Threefish-512(512)/CTR", 64);
+		BenchMarkByName<SymmetricCipher>("Threefish-1024(1024)/CTR", 128);
+		BenchMarkByName<SymmetricCipher>("Serpent/CTR");
+		BenchMarkByName<SymmetricCipher>("CAST-128/CTR");
+		BenchMarkByName<SymmetricCipher>("CAST-256/CTR", 32);
+		BenchMarkByName<SymmetricCipher>("RC6/CTR");
+		BenchMarkByName<SymmetricCipher>("MARS/CTR");
+		BenchMarkByName<SymmetricCipher>("SHACAL-2/CTR", 16);
+		BenchMarkByName<SymmetricCipher>("SHACAL-2/CTR", 64);
+		BenchMarkByName<SymmetricCipher>("DES/CTR");
+		BenchMarkByName<SymmetricCipher>("DES-XEX3/CTR");
+		BenchMarkByName<SymmetricCipher>("DES-EDE3/CTR");
+		BenchMarkByName<SymmetricCipher>("IDEA/CTR");
+		BenchMarkByName<SymmetricCipher>("RC5/CTR", 0, "RC5 (r=16)");
+		BenchMarkByName<SymmetricCipher>("Blowfish/CTR");
+		BenchMarkByName<SymmetricCipher>("SKIPJACK/CTR");
+		BenchMarkByName<SymmetricCipher>("SEED/CTR", 0, "SEED/CTR (1/2 K table)");
+		BenchMarkByName<SymmetricCipher>("SM4/CTR");
 
-		BenchMarkEncryption("ECIES over GF(2^n) 233", cpub, t);
-		BenchMarkDecryption("ECIES over GF(2^n) 233", cpriv, cpub, t);
-		BenchMarkSigning("ECDSA over GF(2^n) 233", spriv, t);
-		BenchMarkVerification("ECDSA over GF(2^n) 233", spriv, spub, t);
-		BenchMarkSigning("ECDSA-RFC6979 over GF(2^n) 233", spriv2, t);
-		BenchMarkVerification("ECDSA-RFC6979 over GF(2^n) 233", spriv2, spub2, t);
-		BenchMarkSigning("ECGDSA over GF(2^n) 233", spriv3, t);
-		BenchMarkVerification("ECGDSA over GF(2^n) 233", spriv3, spub3, t);
-		BenchMarkKeyGen("ECDHC over GF(2^n) 233", ecdhc, t);
-		BenchMarkAgreement("ECDHC over GF(2^n) 233", ecdhc, t);
-		BenchMarkKeyGen("ECMQVC over GF(2^n) 233", ecmqvc, t);
-		BenchMarkAgreement("ECMQVC over GF(2^n) 233", ecmqvc, t);
+		BenchMarkByName<SymmetricCipher>("Kalyna-128/CTR", 16, "Kalyna-128(128)/CTR (128-bit key)");
+		BenchMarkByName<SymmetricCipher>("Kalyna-128/CTR", 32, "Kalyna-128(256)/CTR (256-bit key)");
+		BenchMarkByName<SymmetricCipher>("Kalyna-256/CTR", 32, "Kalyna-256(256)/CTR (256-bit key)");
+		BenchMarkByName<SymmetricCipher>("Kalyna-256/CTR", 64, "Kalyna-256(512)/CTR (512-bit key)");
+		BenchMarkByName<SymmetricCipher>("Kalyna-512/CTR", 64, "Kalyna-512(512)/CTR (512-bit key)");
+	}
+
+	std::cout << "\n<TBODY style=\"background: yellow;\">";
+	{
+		BenchMarkByName<SymmetricCipher>("CHAM-64/CTR", 16, "CHAM-64(128)/CTR (128-bit key)");
+		BenchMarkByName<SymmetricCipher>("CHAM-128/CTR", 16, "CHAM-128(128)/CTR (128-bit key)");
+		BenchMarkByName<SymmetricCipher>("CHAM-128/CTR", 32, "CHAM-128(256)/CTR (256-bit key)");
+
+		BenchMarkByName<SymmetricCipher>("LEA-128/CTR", 16, "LEA-128(128)/CTR (128-bit key)");
+		BenchMarkByName<SymmetricCipher>("LEA-128/CTR", 24, "LEA-128(192)/CTR (192-bit key)");
+		BenchMarkByName<SymmetricCipher>("LEA-128/CTR", 32, "LEA-128(256)/CTR (256-bit key)");
+
+		BenchMarkByName<SymmetricCipher>("SIMECK-32/CTR", 8, "SIMECK-32(64)/CTR (64-bit key)");
+		BenchMarkByName<SymmetricCipher>("SIMECK-64/CTR", 16, "SIMECK-64(128)/CTR (128-bit key)");
+
+		BenchMarkByName<SymmetricCipher>("SIMON-64/CTR", 12, "SIMON-64(96)/CTR (96-bit key)");
+		BenchMarkByName<SymmetricCipher>("SIMON-64/CTR", 16, "SIMON-64(128)/CTR (128-bit key)");
+		BenchMarkByName<SymmetricCipher>("SIMON-128/CTR", 16, "SIMON-128(128)/CTR (128-bit key)");
+		BenchMarkByName<SymmetricCipher>("SIMON-128/CTR", 24, "SIMON-128(192)/CTR (192-bit key)");
+		BenchMarkByName<SymmetricCipher>("SIMON-128/CTR", 32, "SIMON-128(256)/CTR (256-bit key)");
+
+		BenchMarkByName<SymmetricCipher>("SPECK-64/CTR", 12, "SPECK-64(96)/CTR (96-bit key)");
+		BenchMarkByName<SymmetricCipher>("SPECK-64/CTR", 16, "SPECK-64(128)/CTR (128-bit key)");
+		BenchMarkByName<SymmetricCipher>("SPECK-128/CTR", 16, "SPECK-128(128)/CTR (128-bit key)");
+		BenchMarkByName<SymmetricCipher>("SPECK-128/CTR", 24, "SPECK-128(192)/CTR (192-bit key)");
+		BenchMarkByName<SymmetricCipher>("SPECK-128/CTR", 32, "SPECK-128(256)/CTR (256-bit key)");
+
+		BenchMarkByName<SymmetricCipher>("TEA/CTR");
+		BenchMarkByName<SymmetricCipher>("XTEA/CTR");
+	}
+
+	std::cout << "\n<TBODY style=\"background: white;\">";
+	{
+#if CRYPTOPP_AESNI_AVAILABLE
+		if (HasCLMUL())
+			BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM");
+		else
+#elif CRYPTOPP_ARM_PMULL_AVAILABLE
+		if (HasPMULL())
+			BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM");
+		else
+#elif CRYPTOPP_POWER8_VMULL_AVAILABLE
+		if (HasPMULL())
+			BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM");
+		else
+#endif
+		{
+			BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM (2K tables)", MakeParameters(Name::TableSize(), 2048));
+			BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/GCM", 0, "AES/GCM (64K tables)", MakeParameters(Name::TableSize(), 64 * 1024));
+		}
+		BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/CCM");
+		BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("AES/EAX");
+		BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("ChaCha20/Poly1305");
+		BenchMarkByName2<AuthenticatedSymmetricCipher, AuthenticatedSymmetricCipher>("XChaCha20/Poly1305");
 	}
 
 	std::cout << "\n</TABLE>" << std::endl;

Common/3dParty/cryptopp/bench3.cpp

@@ -0,0 +1,480 @@
+// bench3.cpp - originally written and placed in the public domain by Wei Dai
+//              CryptoPP::Test namespace added by JW in February 2017
+
+#include "cryptlib.h"
+#include "bench.h"
+#include "validate.h"
+
+#include "cpu.h"
+#include "factory.h"
+#include "algparam.h"
+#include "argnames.h"
+#include "smartptr.h"
+#include "stdcpp.h"
+
+#include "pubkey.h"
+#include "gfpcrypt.h"
+#include "eccrypto.h"
+#include "pkcspad.h"
+
+#include "files.h"
+#include "filters.h"
+#include "hex.h"
+#include "rsa.h"
+#include "nr.h"
+#include "dsa.h"
+#include "luc.h"
+#include "rw.h"
+#include "ecp.h"
+#include "ec2n.h"
+#include "asn.h"
+#include "dh.h"
+#include "mqv.h"
+#include "hmqv.h"
+#include "fhmqv.h"
+#include "xed25519.h"
+#include "xtrcrypt.h"
+#include "esign.h"
+#include "pssr.h"
+#include "oids.h"
+#include "randpool.h"
+#include "stdcpp.h"
+#include "hrtimer.h"
+
+#if CRYPTOPP_MSC_VERSION
+# pragma warning(disable: 4505 4355)
+#endif
+
+NAMESPACE_BEGIN(CryptoPP)
+NAMESPACE_BEGIN(Test)
+
+void BenchMarkEncryption(const char *name, PK_Encryptor &key, double timeTotal, bool pc = false)
+{
+	unsigned int len = 16;
+	SecByteBlock plaintext(len), ciphertext(key.CiphertextLength(len));
+	Test::GlobalRNG().GenerateBlock(plaintext, len);
+
+	unsigned int i = 0;
+	double timeTaken;
+
+	ThreadUserTimer timer;
+	timer.StartTimer();
+
+	do
+	{
+		key.Encrypt(Test::GlobalRNG(), plaintext, len, ciphertext);
+		++i; timeTaken = timer.ElapsedTimeAsDouble();
+	}
+	while (timeTaken < timeTotal);
+
+	std::string provider = key.AlgorithmProvider();
+	OutputResultOperations(name, provider.c_str(), "Encryption", pc, i, timeTaken);
+
+	if (!pc && key.GetMaterial().SupportsPrecomputation())
+	{
+		key.AccessMaterial().Precompute(16);
+		BenchMarkEncryption(name, key, timeTotal, true);
+	}
+}
+
+void BenchMarkDecryption(const char *name, PK_Decryptor &priv, PK_Encryptor &pub, double timeTotal)
+{
+	unsigned int len = 16;
+	SecByteBlock ciphertext(pub.CiphertextLength(len));
+	SecByteBlock plaintext(pub.MaxPlaintextLength(ciphertext.size()));
+	Test::GlobalRNG().GenerateBlock(plaintext, len);
+	pub.Encrypt(Test::GlobalRNG(), plaintext, len, ciphertext);
+
+	unsigned int i = 0;
+	double timeTaken;
+
+	ThreadUserTimer timer;
+	timer.StartTimer();
+
+	do
+	{
+		priv.Decrypt(Test::GlobalRNG(), ciphertext, ciphertext.size(), plaintext);
+		++i; timeTaken = timer.ElapsedTimeAsDouble();
+	}
+	while (timeTaken < timeTotal);
+
+	std::string provider = priv.AlgorithmProvider();
+	OutputResultOperations(name, provider.c_str(), "Decryption", false, i, timeTaken);
+}
+
+void BenchMarkSigning(const char *name, PK_Signer &key, double timeTotal, bool pc=false)
+{
+	unsigned int len = 16;
+	AlignedSecByteBlock message(len), signature(key.SignatureLength());
+	Test::GlobalRNG().GenerateBlock(message, len);
+
+	unsigned int i = 0;
+	double timeTaken;
+
+	ThreadUserTimer timer;
+	timer.StartTimer();
+
+	do
+	{
+		(void)key.SignMessage(Test::GlobalRNG(), message, len, signature);
+		++i; timeTaken = timer.ElapsedTimeAsDouble();
+	}
+	while (timeTaken < timeTotal);
+
+	std::string provider = key.AlgorithmProvider();
+	OutputResultOperations(name, provider.c_str(), "Signature", pc, i, timeTaken);
+
+	if (!pc && key.GetMaterial().SupportsPrecomputation())
+	{
+		key.AccessMaterial().Precompute(16);
+		BenchMarkSigning(name, key, timeTotal, true);
+	}
+}
+
+void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false)
+{
+	unsigned int len = 16;
+	AlignedSecByteBlock message(len), signature(pub.SignatureLength());
+	Test::GlobalRNG().GenerateBlock(message, len);
+	priv.SignMessage(Test::GlobalRNG(), message, len, signature);
+
+	unsigned int i = 0;
+	double timeTaken;
+
+	ThreadUserTimer timer;
+	timer.StartTimer();
+
+	do
+	{
+		(void)pub.VerifyMessage(message, len, signature, signature.size());
+		++i; timeTaken = timer.ElapsedTimeAsDouble();
+	}
+	while (timeTaken < timeTotal);
+
+	std::string provider = pub.AlgorithmProvider();
+	OutputResultOperations(name, provider.c_str(), "Verification", pc, i, timeTaken);
+
+	if (!pc && pub.GetMaterial().SupportsPrecomputation())
+	{
+		pub.AccessMaterial().Precompute(16);
+		BenchMarkVerification(name, priv, pub, timeTotal, true);
+	}
+}
+
+void BenchMarkKeyGen(const char *name, SimpleKeyAgreementDomain &d, double timeTotal, bool pc=false)
+{
+	SecByteBlock priv(d.PrivateKeyLength()), pub(d.PublicKeyLength());
+
+	unsigned int i = 0;
+	double timeTaken;
+
+	ThreadUserTimer timer;
+	timer.StartTimer();
+
+	do
+	{
+		d.GenerateKeyPair(Test::GlobalRNG(), priv, pub);
+		++i; timeTaken = timer.ElapsedTimeAsDouble();
+	}
+	while (timeTaken < timeTotal);
+
+	std::string provider = d.AlgorithmProvider();
+	OutputResultOperations(name, provider.c_str(), "Key-Pair Generation", pc, i, timeTaken);
+
+	if (!pc && d.GetMaterial().SupportsPrecomputation())
+	{
+		d.AccessMaterial().Precompute(16);
+		BenchMarkKeyGen(name, d, timeTotal, true);
+	}
+}
+
+void BenchMarkKeyGen(const char *name, AuthenticatedKeyAgreementDomain &d, double timeTotal, bool pc=false)
+{
+	SecByteBlock priv(d.EphemeralPrivateKeyLength()), pub(d.EphemeralPublicKeyLength());
+
+	unsigned int i = 0;
+	double timeTaken;
+
+	ThreadUserTimer timer;
+	timer.StartTimer();
+
+	do
+	{
+		d.GenerateEphemeralKeyPair(Test::GlobalRNG(), priv, pub);
+		++i; timeTaken = timer.ElapsedTimeAsDouble();
+	}
+	while (timeTaken < timeTotal);
+
+	std::string provider = d.AlgorithmProvider();
+	OutputResultOperations(name, provider.c_str(), "Key-Pair Generation", pc, i, timeTaken);
+
+	if (!pc && d.GetMaterial().SupportsPrecomputation())
+	{
+		d.AccessMaterial().Precompute(16);
+		BenchMarkKeyGen(name, d, timeTotal, true);
+	}
+}
+
+void BenchMarkAgreement(const char *name, SimpleKeyAgreementDomain &d, double timeTotal, bool pc=false)
+{
+	SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength());
+	SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength());
+	d.GenerateKeyPair(Test::GlobalRNG(), priv1, pub1);
+	d.GenerateKeyPair(Test::GlobalRNG(), priv2, pub2);
+	SecByteBlock val(d.AgreedValueLength());
+
+	unsigned int i = 0;
+	double timeTaken;
+
+	ThreadUserTimer timer;
+	timer.StartTimer();
+
+	do
+	{
+		d.Agree(val, priv1, pub2);
+		d.Agree(val, priv2, pub1);
+		i+=2; timeTaken = timer.ElapsedTimeAsDouble();
+	}
+	while (timeTaken < timeTotal);
+
+	std::string provider = d.AlgorithmProvider();
+	OutputResultOperations(name, provider.c_str(), "Key Agreement", pc, i, timeTaken);
+}
+
+void BenchMarkAgreement(const char *name, AuthenticatedKeyAgreementDomain &d, double timeTotal, bool pc=false)
+{
+	SecByteBlock spriv1(d.StaticPrivateKeyLength()), spriv2(d.StaticPrivateKeyLength());
+	SecByteBlock epriv1(d.EphemeralPrivateKeyLength()), epriv2(d.EphemeralPrivateKeyLength());
+	SecByteBlock spub1(d.StaticPublicKeyLength()), spub2(d.StaticPublicKeyLength());
+	SecByteBlock epub1(d.EphemeralPublicKeyLength()), epub2(d.EphemeralPublicKeyLength());
+	d.GenerateStaticKeyPair(Test::GlobalRNG(), spriv1, spub1);
+	d.GenerateStaticKeyPair(Test::GlobalRNG(), spriv2, spub2);
+	d.GenerateEphemeralKeyPair(Test::GlobalRNG(), epriv1, epub1);
+	d.GenerateEphemeralKeyPair(Test::GlobalRNG(), epriv2, epub2);
+	SecByteBlock val(d.AgreedValueLength());
+
+	unsigned int i = 0;
+	double timeTaken;
+
+	ThreadUserTimer timer;
+	timer.StartTimer();
+
+	do
+	{
+		d.Agree(val, spriv1, epriv1, spub2, epub2);
+		d.Agree(val, spriv2, epriv2, spub1, epub1);
+		i+=2; timeTaken = timer.ElapsedTimeAsDouble();
+	}
+	while (timeTaken < timeTotal);
+
+	std::string provider = d.AlgorithmProvider();
+	OutputResultOperations(name, provider.c_str(), "Key Agreement", pc, i, timeTaken);
+}
+
+template <class SCHEME>
+void BenchMarkCrypto(const char *filename, const char *name, double timeTotal)
+{
+	FileSource f(DataDir(filename).c_str(), true, new HexDecoder);
+	typename SCHEME::Decryptor priv(f);
+	typename SCHEME::Encryptor pub(priv);
+	BenchMarkEncryption(name, pub, timeTotal);
+	BenchMarkDecryption(name, priv, pub, timeTotal);
+}
+
+template <class SCHEME>
+void BenchMarkSignature(const char *filename, const char *name, double timeTotal)
+{
+	FileSource f(DataDir(filename).c_str(), true, new HexDecoder);
+	typename SCHEME::Signer priv(f);
+	typename SCHEME::Verifier pub(priv);
+	BenchMarkSigning(name, priv, timeTotal);
+	BenchMarkVerification(name, priv, pub, timeTotal);
+}
+
+template <class D>
+void BenchMarkKeyAgreement(const char *filename, const char *name, double timeTotal)
+{
+	FileSource f(DataDir(filename).c_str(), true, new HexDecoder);
+	D d(f);
+	BenchMarkKeyGen(name, d, timeTotal);
+	BenchMarkAgreement(name, d, timeTotal);
+}
+
+void BenchmarkPublicKeyAlgorithms(double t, double hertz)
+{
+	g_allocatedTime = t;
+	g_hertz = hertz;
+
+	const char *mco;
+	if (g_hertz > 1.0f)
+		mco = "<TH>Megacycles/Operation";
+	else
+		mco = "";
+
+	std::cout << "\n<TABLE>";
+	std::cout << "\n<COLGROUP><COL style=\"text-align: left;\"><COL style=";
+	std::cout << "\"text-align: right;\"><COL style=\"text-align: right;\">";
+	std::cout << "\n<THEAD style=\"background: #F0F0F0\">";
+	std::cout << "\n<TR><TH>Operation<TH>Milliseconds/Operation" << mco;
+
+	std::cout << "\n<TBODY style=\"background: white;\">";
+	{
+		BenchMarkCrypto<RSAES<OAEP<SHA1> > >("TestData/rsa1024.dat", "RSA 1024", t);
+		BenchMarkCrypto<LUCES<OAEP<SHA1> > >("TestData/luc1024.dat", "LUC 1024", t);
+		BenchMarkCrypto<DLIES<> >("TestData/dlie1024.dat", "DLIES 1024", t);
+		BenchMarkCrypto<LUC_IES<> >("TestData/lucc512.dat", "LUCELG 512", t);
+	}
+
+	std::cout << "\n<TBODY style=\"background: yellow;\">";
+	{
+		BenchMarkCrypto<RSAES<OAEP<SHA1> > >("TestData/rsa2048.dat", "RSA 2048", t);
+		BenchMarkCrypto<LUCES<OAEP<SHA1> > >("TestData/luc2048.dat", "LUC 2048", t);
+		BenchMarkCrypto<DLIES<> >("TestData/dlie2048.dat", "DLIES 2048", t);
+		BenchMarkCrypto<LUC_IES<> >("TestData/lucc1024.dat", "LUCELG 1024", t);
+	}
+
+	std::cout << "\n<TBODY style=\"background: white;\">";
+	{
+		BenchMarkSignature<RSASS<PSSR, SHA1> >("TestData/rsa1024.dat", "RSA 1024", t);
+		BenchMarkSignature<RWSS<PSSR, SHA1> >("TestData/rw1024.dat", "RW 1024", t);
+		BenchMarkSignature<LUCSS<PSSR, SHA1> >("TestData/luc1024.dat", "LUC 1024", t);
+		BenchMarkSignature<NR<SHA1> >("TestData/nr1024.dat", "NR 1024", t);
+		BenchMarkSignature<DSA>("TestData/dsa1024.dat", "DSA 1024", t);
+		BenchMarkSignature<LUC_HMP<SHA1> >("TestData/lucs512.dat", "LUC-HMP 512", t);
+		BenchMarkSignature<ESIGN<SHA1> >("TestData/esig1023.dat", "ESIGN 1023", t);
+		BenchMarkSignature<ESIGN<SHA1> >("TestData/esig1536.dat", "ESIGN 1536", t);
+	}
+
+	std::cout << "\n<TBODY style=\"background: yellow;\">";
+	{
+		BenchMarkSignature<RSASS<PSSR, SHA1> >("TestData/rsa2048.dat", "RSA 2048", t);
+		BenchMarkSignature<RWSS<PSSR, SHA1> >("TestData/rw2048.dat", "RW 2048", t);
+		BenchMarkSignature<LUCSS<PSSR, SHA1> >("TestData/luc2048.dat", "LUC 2048", t);
+		BenchMarkSignature<NR<SHA1> >("TestData/nr2048.dat", "NR 2048", t);
+		BenchMarkSignature<LUC_HMP<SHA1> >("TestData/lucs1024.dat", "LUC-HMP 1024", t);
+		BenchMarkSignature<ESIGN<SHA1> >("TestData/esig2046.dat", "ESIGN 2046", t);
+	}
+
+	std::cout << "\n<TBODY style=\"background: white;\">";
+	{
+		BenchMarkKeyAgreement<XTR_DH>("TestData/xtrdh171.dat", "XTR-DH 171", t);
+		BenchMarkKeyAgreement<XTR_DH>("TestData/xtrdh342.dat", "XTR-DH 342", t);
+		BenchMarkKeyAgreement<DH>("TestData/dh1024.dat", "DH 1024", t);
+		BenchMarkKeyAgreement<DH>("TestData/dh2048.dat", "DH 2048", t);
+		BenchMarkKeyAgreement<LUC_DH>("TestData/lucd512.dat", "LUCDIF 512", t);
+		BenchMarkKeyAgreement<LUC_DH>("TestData/lucd1024.dat", "LUCDIF 1024", t);
+		BenchMarkKeyAgreement<MQV>("TestData/mqv1024.dat", "MQV 1024", t);
+		BenchMarkKeyAgreement<MQV>("TestData/mqv2048.dat", "MQV 2048", t);
+	}
+
+	std::cout << "\n</TABLE>" << std::endl;
+}
+
+void BenchmarkEllipticCurveAlgorithms(double t, double hertz)
+{
+	g_allocatedTime = t;
+	g_hertz = hertz;
+
+	const char *mco;
+	if (g_hertz > 1.0f)
+		mco = "<TH>Megacycles/Operation";
+	else
+		mco = "";
+
+	std::cout << "\n<TABLE>";
+	std::cout << "\n<COLGROUP><COL style=\"text-align: left;\"><COL style=";
+	std::cout << "\"text-align: right;\"><COL style=\"text-align: right;\">";
+	std::cout << "\n<THEAD style=\"background: #F0F0F0\">";
+	std::cout << "\n<TR><TH>Operation<TH>Milliseconds/Operation" << mco;
+
+	std::cout << "\n<TBODY style=\"background: white;\">";
+	{
+		ed25519::Signer sign(Test::GlobalRNG());
+		ed25519::Verifier verify(sign);
+		x25519 agree(Test::GlobalRNG());
+
+		BenchMarkSigning("ed25519", sign, t);
+		BenchMarkVerification("ed25519", sign, verify, t);
+		BenchMarkKeyGen("x25519", agree, t);
+		BenchMarkAgreement("x25519", agree, t);
+	}
+
+#if 0
+	std::cout << "\n<TBODY style=\"background: yellow;\">";
+	{
+		BenchMarkKeyAgreement<ECMQV160>("TestData/mqv160.dat", "MQV P-160", t);
+		BenchMarkKeyAgreement<ECMQV256>("TestData/mqv256.dat", "MQV P-256", t);
+		BenchMarkKeyAgreement<ECMQV384>("TestData/mqv384.dat", "MQV P-384", t);
+		BenchMarkKeyAgreement<ECMQV512>("TestData/mqv512.dat", "MQV P-521", t);
+
+		BenchMarkKeyAgreement<ECHMQV160>("TestData/hmqv160.dat", "HMQV P-160", t);
+		BenchMarkKeyAgreement<ECHMQV256>("TestData/hmqv256.dat", "HMQV P-256", t);
+		BenchMarkKeyAgreement<ECHMQV384>("TestData/hmqv384.dat", "HMQV P-384", t);
+		BenchMarkKeyAgreement<ECHMQV512>("TestData/hmqv512.dat", "HMQV P-521", t);
+
+		BenchMarkKeyAgreement<ECFHMQV160>("TestData/fhmqv160.dat", "FHMQV P-160", t);
+		BenchMarkKeyAgreement<ECFHMQV256>("TestData/fhmqv256.dat", "FHMQV P-256", t);
+		BenchMarkKeyAgreement<ECFHMQV384>("TestData/fhmqv384.dat", "FHMQV P-384", t);
+		BenchMarkKeyAgreement<ECFHMQV512>("TestData/fhmqv512.dat", "FHMQV P-521", t);
+	}
+#endif
+
+	std::cout << "\n<TBODY style=\"background: yellow;\">";
+	{
+		ECIES<ECP>::Decryptor cpriv(Test::GlobalRNG(), ASN1::secp256k1());
+		ECIES<ECP>::Encryptor cpub(cpriv);
+		ECDSA<ECP, SHA1>::Signer spriv(cpriv);
+		ECDSA<ECP, SHA1>::Verifier spub(spriv);
+		ECDSA_RFC6979<ECP, SHA1>::Signer spriv2(cpriv);
+		ECDSA_RFC6979<ECP, SHA1>::Verifier spub2(spriv2);
+		ECGDSA<ECP, SHA1>::Signer spriv3(Test::GlobalRNG(), ASN1::secp256k1());
+		ECGDSA<ECP, SHA1>::Verifier spub3(spriv3);
+		ECDH<ECP>::Domain ecdhc(ASN1::secp256k1());
+		ECMQV<ECP>::Domain ecmqvc(ASN1::secp256k1());
+
+		BenchMarkEncryption("ECIES over GF(p) 256", cpub, t);
+		BenchMarkDecryption("ECIES over GF(p) 256", cpriv, cpub, t);
+		BenchMarkSigning("ECDSA over GF(p) 256", spriv, t);
+		BenchMarkVerification("ECDSA over GF(p) 256", spriv, spub, t);
+		BenchMarkSigning("ECDSA-RFC6979 over GF(p) 256", spriv2, t);
+		BenchMarkVerification("ECDSA-RFC6979 over GF(p) 256", spriv2, spub2, t);
+		BenchMarkSigning("ECGDSA over GF(p) 256", spriv3, t);
+		BenchMarkVerification("ECGDSA over GF(p) 256", spriv3, spub3, t);
+		BenchMarkKeyGen("ECDHC over GF(p) 256", ecdhc, t);
+		BenchMarkAgreement("ECDHC over GF(p) 256", ecdhc, t);
+		BenchMarkKeyGen("ECMQVC over GF(p) 256", ecmqvc, t);
+		BenchMarkAgreement("ECMQVC over GF(p) 256", ecmqvc, t);
+	}
+
+	std::cout << "\n<TBODY style=\"background: white;\">";
+	{
+		ECIES<EC2N>::Decryptor cpriv(Test::GlobalRNG(), ASN1::sect233r1());
+		ECIES<EC2N>::Encryptor cpub(cpriv);
+		ECDSA<EC2N, SHA1>::Signer spriv(cpriv);
+		ECDSA<EC2N, SHA1>::Verifier spub(spriv);
+		ECDSA_RFC6979<EC2N, SHA1>::Signer spriv2(cpriv);
+		ECDSA_RFC6979<EC2N, SHA1>::Verifier spub2(spriv2);
+		ECGDSA<EC2N, SHA1>::Signer spriv3(Test::GlobalRNG(), ASN1::sect233r1());
+		ECGDSA<EC2N, SHA1>::Verifier spub3(spriv3);
+		ECDH<EC2N>::Domain ecdhc(ASN1::sect233r1());
+		ECMQV<EC2N>::Domain ecmqvc(ASN1::sect233r1());
+
+		BenchMarkEncryption("ECIES over GF(2^n) 233", cpub, t);
+		BenchMarkDecryption("ECIES over GF(2^n) 233", cpriv, cpub, t);
+		BenchMarkSigning("ECDSA over GF(2^n) 233", spriv, t);
+		BenchMarkVerification("ECDSA over GF(2^n) 233", spriv, spub, t);
+		BenchMarkSigning("ECDSA-RFC6979 over GF(2^n) 233", spriv2, t);
+		BenchMarkVerification("ECDSA-RFC6979 over GF(2^n) 233", spriv2, spub2, t);
+		BenchMarkSigning("ECGDSA over GF(2^n) 233", spriv3, t);
+		BenchMarkVerification("ECGDSA over GF(2^n) 233", spriv3, spub3, t);
+		BenchMarkKeyGen("ECDHC over GF(2^n) 233", ecdhc, t);
+		BenchMarkAgreement("ECDHC over GF(2^n) 233", ecdhc, t);
+		BenchMarkKeyGen("ECMQVC over GF(2^n) 233", ecmqvc, t);
+		BenchMarkAgreement("ECMQVC over GF(2^n) 233", ecmqvc, t);
+	}
+
+	std::cout << "\n</TABLE>" << std::endl;
+}
+
+NAMESPACE_END  // Test
+NAMESPACE_END  // CryptoPP

Common/3dParty/cryptopp/blake2.cpp

@@ -1,6 +1,17 @@
-// blake2.cpp - written and placed in the public domain by Jeffrey Walton and Zooko
-//              Wilcox-O'Hearn. Based on Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's
-//              reference BLAKE2 implementation at http://github.com/BLAKE2/BLAKE2.
+// blake2.cpp - written and placed in the public domain by Jeffrey Walton
+//              and Zooko Wilcox-O'Hearn. Based on Aumasson, Neves,
+//              Wilcox-O'Hearn and Winnerlein's reference BLAKE2
+//              implementation at http://github.com/BLAKE2/BLAKE2.
+//
+// The BLAKE2b and BLAKE2s numbers are consistent with the BLAKE2 team's
+// numbers. However, we have an Altivec implementation of BLAKE2s,
+// and a POWER8 implementation of BLAKE2b (BLAKE2 team is missing them).
+// Altivec code is about 2x faster than C++ when using GCC 5.0 or
+// above. The POWER8 code is about 2.5x faster than C++ when using GCC 5.0
+// or above. If you use GCC 4.0 (PowerMac) or GCC 4.8 (GCC Compile Farm)
+// then the PowerPC code will be slower than C++. Be sure to use GCC 5.0
+// or above for PowerPC builds or disable Altivec for BLAKE2b and BLAKE2s
+// if using the old compilers.
 
 #include "pch.h"
 #include "config.h"
@@ -11,9 +22,11 @@
 #include "cpu.h"
 
 // Uncomment for benchmarking C++ against SSE2 or NEON.
-// Do so in both blake2.cpp and blake2-simd.cpp.
+// Do so in both blake2.cpp and blake2_simd.cpp.
 // #undef CRYPTOPP_SSE41_AVAILABLE
 // #undef CRYPTOPP_ARM_NEON_AVAILABLE
+// #undef CRYPTOPP_ALTIVEC_AVAILABLE
+// #undef CRYPTOPP_POWER8_AVAILABLE
 
 // Disable NEON/ASIMD for Cortex-A53 and A57. The shifts are too slow and C/C++ is about
 // 3 cpb faster than NEON/ASIMD. Also see http://github.com/weidai11/cryptopp/issues/367.
@@ -21,6 +34,47 @@
 # undef CRYPTOPP_ARM_NEON_AVAILABLE
 #endif
 
+// BLAKE2s bug on AIX 7.1 (POWER7) with XLC 12.01
+// https://github.com/weidai11/cryptopp/issues/743
+#if defined(__xlC__) && (__xlC__ < 0x0d01)
+# define CRYPTOPP_DISABLE_ALTIVEC 1
+# undef CRYPTOPP_POWER7_AVAILABLE
+# undef CRYPTOPP_POWER8_AVAILABLE
+# undef CRYPTOPP_ALTIVEC_AVAILABLE
+#endif
+
+// Can't use GetAlignmentOf<word64>() because of C++11 and constexpr
+// Can use 'const unsigned int' because of MSVC 2013
+#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
+# define ALIGN_SPEC32 16
+# define ALIGN_SPEC64 16
+#else
+# define ALIGN_SPEC32 4
+# define ALIGN_SPEC64 8
+#endif
+
+NAMESPACE_BEGIN(CryptoPP)
+
+// Export the tables to the SIMD files
+extern const word32 BLAKE2S_IV[8];
+extern const word64 BLAKE2B_IV[8];
+
+CRYPTOPP_ALIGN_DATA(ALIGN_SPEC32)
+const word32 BLAKE2S_IV[8] = {
+    0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,
+    0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL
+};
+
+CRYPTOPP_ALIGN_DATA(ALIGN_SPEC64)
+const word64 BLAKE2B_IV[8] = {
+    W64LIT(0x6a09e667f3bcc908), W64LIT(0xbb67ae8584caa73b),
+    W64LIT(0x3c6ef372fe94f82b), W64LIT(0xa54ff53a5f1d36f1),
+    W64LIT(0x510e527fade682d1), W64LIT(0x9b05688c2b3e6c1f),
+    W64LIT(0x1f83d9abfb41bd6b), W64LIT(0x5be0cd19137e2179)
+};
+
+NAMESPACE_END
+
 ANONYMOUS_NAMESPACE_BEGIN
 
 using CryptoPP::byte;
@@ -28,28 +82,7 @@ using CryptoPP::word32;
 using CryptoPP::word64;
 using CryptoPP::rotrConstant;
 
-template <class W, bool T_64bit>
-struct BLAKE2_IV
-{
-    CRYPTOPP_ALIGN_DATA(16)
-    static const W iv[8];
-};
-
-template <>
-const word32 BLAKE2_IV<word32, false>::iv[8] = {
-    0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,
-    0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL
-};
-
-template <>
-const word64 BLAKE2_IV<word64, true>::iv[8] = {
-    W64LIT(0x6a09e667f3bcc908), W64LIT(0xbb67ae8584caa73b),
-    W64LIT(0x3c6ef372fe94f82b), W64LIT(0xa54ff53a5f1d36f1),
-    W64LIT(0x510e527fade682d1), W64LIT(0x9b05688c2b3e6c1f),
-    W64LIT(0x1f83d9abfb41bd6b), W64LIT(0x5be0cd19137e2179)
-};
-
-CRYPTOPP_ALIGN_DATA(16)
+CRYPTOPP_ALIGN_DATA(ALIGN_SPEC32)
 const byte BLAKE2S_SIGMA[10][16] = {
     {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 },
     { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 },
@@ -63,7 +96,7 @@ const byte BLAKE2S_SIGMA[10][16] = {
     { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 },
 };
 
-CRYPTOPP_ALIGN_DATA(16)
+CRYPTOPP_ALIGN_DATA(ALIGN_SPEC32)
 const byte BLAKE2B_SIGMA[12][16] = {
     {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 },
     { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 },
@@ -135,346 +168,576 @@ ANONYMOUS_NAMESPACE_END
 
 NAMESPACE_BEGIN(CryptoPP)
 
-void BLAKE2_Compress32_CXX(const byte* input, BLAKE2_State<word32, false>& state);
-void BLAKE2_Compress64_CXX(const byte* input, BLAKE2_State<word64, true>& state);
+void BLAKE2_Compress32_CXX(const byte* input, BLAKE2s_State& state);
+void BLAKE2_Compress64_CXX(const byte* input, BLAKE2b_State& state);
 
 #if CRYPTOPP_SSE41_AVAILABLE
-extern void BLAKE2_Compress32_SSE4(const byte* input, BLAKE2_State<word32, false>& state);
-extern void BLAKE2_Compress64_SSE4(const byte* input, BLAKE2_State<word64, true>& state);
+extern void BLAKE2_Compress32_SSE4(const byte* input, BLAKE2s_State& state);
+extern void BLAKE2_Compress64_SSE4(const byte* input, BLAKE2b_State& state);
 #endif
 
 #if CRYPTOPP_ARM_NEON_AVAILABLE
-extern void BLAKE2_Compress32_NEON(const byte* input, BLAKE2_State<word32, false>& state);
-extern void BLAKE2_Compress64_NEON(const byte* input, BLAKE2_State<word64, true>& state);
+extern void BLAKE2_Compress32_NEON(const byte* input, BLAKE2s_State& state);
+extern void BLAKE2_Compress64_NEON(const byte* input, BLAKE2b_State& state);
 #endif
 
-BLAKE2_ParameterBlock<false>::BLAKE2_ParameterBlock(size_t digestLen, size_t keyLen,
+#if CRYPTOPP_ALTIVEC_AVAILABLE
+extern void BLAKE2_Compress32_ALTIVEC(const byte* input, BLAKE2s_State& state);
+#endif
+
+#if CRYPTOPP_POWER8_AVAILABLE
+extern void BLAKE2_Compress64_POWER8(const byte* input, BLAKE2b_State& state);
+#endif
+
+unsigned int BLAKE2b::OptimalDataAlignment() const
+{
+#if defined(CRYPTOPP_SSE41_AVAILABLE)
+    if (HasSSE41())
+        return 16;  // load __m128i
+    else
+#endif
+#if (CRYPTOPP_ARM_NEON_AVAILABLE)
+    if (HasNEON())
+        return 8;  // load uint64x2_t
+    else
+#endif
+#if (CRYPTOPP_POWER8_AVAILABLE)
+    if (HasPower8())
+        return 16;  // load vector long long
+    else
+#endif
+    return GetAlignmentOf<word64>();
+}
+
+std::string BLAKE2b::AlgorithmProvider() const
+{
+#if defined(CRYPTOPP_SSE41_AVAILABLE)
+    if (HasSSE41())
+        return "SSE4.1";
+    else
+#endif
+#if (CRYPTOPP_ARM_NEON_AVAILABLE)
+    if (HasNEON())
+        return "NEON";
+    else
+#endif
+#if (CRYPTOPP_POWER8_AVAILABLE)
+    if (HasPower8())
+        return "Power8";
+    else
+#endif
+    return "C++";
+}
+
+unsigned int BLAKE2s::OptimalDataAlignment() const
+{
+#if defined(CRYPTOPP_SSE41_AVAILABLE)
+    if (HasSSE41())
+        return 16;  // load __m128i
+    else
+#endif
+#if (CRYPTOPP_ARM_NEON_AVAILABLE)
+    if (HasNEON())
+        return 4;  // load uint32x4_t
+    else
+#endif
+#if (CRYPTOPP_ALTIVEC_AVAILABLE)
+    if (HasAltivec())
+        return 16;  // load vector unsigned int
+    else
+#endif
+    return GetAlignmentOf<word32>();
+}
+
+std::string BLAKE2s::AlgorithmProvider() const
+{
+#if defined(CRYPTOPP_SSE41_AVAILABLE)
+    if (HasSSE41())
+        return "SSE4.1";
+    else
+#endif
+#if (CRYPTOPP_ARM_NEON_AVAILABLE)
+    if (HasNEON())
+        return "NEON";
+    else
+#endif
+#if (CRYPTOPP_ALTIVEC_AVAILABLE)
+    if (HasAltivec())
+        return "Altivec";
+    else
+#endif
+    return "C++";
+}
+
+void BLAKE2s_State::Reset()
+{
+    std::memset(m_hft, 0x00, m_hft.SizeInBytes());
+    m_len = 0;
+}
+
+void BLAKE2b_State::Reset()
+{
+    std::memset(m_hft, 0x00, m_hft.SizeInBytes());
+    m_len = 0;
+}
+
+BLAKE2s_ParameterBlock::BLAKE2s_ParameterBlock(size_t digestLen, size_t keyLen,
         const byte* saltStr, size_t saltLen,
         const byte* personalizationStr, size_t personalizationLen)
 {
-    // Avoid Coverity finding SIZEOF_MISMATCH/suspicious_sizeof
-    digestLength = (byte)digestLen;
-    keyLength = (byte)keyLen;
-    fanout = depth = 1;
-    nodeDepth = innerLength = 0;
-
-    memset(leafLength, 0x00, COUNTOF(leafLength));
-    memset(nodeOffset, 0x00, COUNTOF(nodeOffset));
+    Reset(digestLen, keyLen);
 
     if (saltStr && saltLen)
-    {
-        memcpy_s(salt, COUNTOF(salt), saltStr, saltLen);
-        const size_t rem = COUNTOF(salt) - saltLen;
-        const size_t off = COUNTOF(salt) - rem;
-        if (rem)
-            memset(salt+off, 0x00, rem);
-    }
-    else
-    {
-        memset(salt, 0x00, COUNTOF(salt));
-    }
+        memcpy_s(salt(), SALTSIZE, saltStr, saltLen);
 
     if (personalizationStr && personalizationLen)
-    {
-        memcpy_s(personalization, COUNTOF(personalization), personalizationStr, personalizationLen);
-        const size_t rem = COUNTOF(personalization) - personalizationLen;
-        const size_t off = COUNTOF(personalization) - rem;
-        if (rem)
-            memset(personalization+off, 0x00, rem);
-    }
-    else
-    {
-        memset(personalization, 0x00, COUNTOF(personalization));
-    }
+        memcpy_s(personalization(), PERSONALIZATIONSIZE, personalizationStr, personalizationLen);
 }
 
-BLAKE2_ParameterBlock<true>::BLAKE2_ParameterBlock(size_t digestLen, size_t keyLen,
+BLAKE2b_ParameterBlock::BLAKE2b_ParameterBlock(size_t digestLen, size_t keyLen,
         const byte* saltStr, size_t saltLen,
         const byte* personalizationStr, size_t personalizationLen)
 {
-    // Avoid Coverity finding SIZEOF_MISMATCH/suspicious_sizeof
-    digestLength = (byte)digestLen;
-    keyLength = (byte)keyLen;
-    fanout = depth = 1;
-    nodeDepth = innerLength = 0;
-
-    memset(rfu, 0x00, COUNTOF(rfu));
-    memset(leafLength, 0x00, COUNTOF(leafLength));
-    memset(nodeOffset, 0x00, COUNTOF(nodeOffset));
+    Reset(digestLen, keyLen);
 
     if (saltStr && saltLen)
-    {
-        memcpy_s(salt, COUNTOF(salt), saltStr, saltLen);
-        const size_t rem = COUNTOF(salt) - saltLen;
-        const size_t off = COUNTOF(salt) - rem;
-        if (rem)
-            memset(salt+off, 0x00, rem);
-    }
-    else
-    {
-        memset(salt, 0x00, COUNTOF(salt));
-    }
+        memcpy_s(salt(), SALTSIZE, saltStr, saltLen);
 
     if (personalizationStr && personalizationLen)
-    {
-        memcpy_s(personalization, COUNTOF(personalization), personalizationStr, personalizationLen);
-        const size_t rem = COUNTOF(personalization) - personalizationLen;
-        const size_t off = COUNTOF(personalization) - rem;
-        if (rem)
-            memset(personalization+off, 0x00, rem);
-    }
-    else
-    {
-        memset(personalization, 0x00, COUNTOF(personalization));
-    }
+        memcpy_s(personalization(), PERSONALIZATIONSIZE, personalizationStr, personalizationLen);
 }
 
-template <class W, bool T_64bit>
-void BLAKE2_Base<W, T_64bit>::UncheckedSetKey(const byte *key, unsigned int length, const CryptoPP::NameValuePairs& params)
+void BLAKE2s_ParameterBlock::Reset(size_t digestLen, size_t keyLen)
 {
-    if (key && length)
-    {
-        AlignedSecByteBlock temp(BLOCKSIZE);
-        memcpy_s(temp, BLOCKSIZE, key, length);
-
-        const size_t rem = BLOCKSIZE - length;
-        if (rem)
-            memset(temp+length, 0x00, rem);
-
-        m_key.swap(temp);
-    }
-    else
-    {
-        m_key.resize(0);
-    }
-
-    // Avoid Coverity finding SIZEOF_MISMATCH/suspicious_sizeof
-    ParameterBlock& block = *m_block.data();
-    memset(m_block.data(), 0x00, sizeof(ParameterBlock));
-
-    block.keyLength = (byte)length;
-    block.digestLength = (byte)params.GetIntValueWithDefault(Name::DigestSize(), DIGESTSIZE);
-    block.fanout = block.depth = 1;
-
-    ConstByteArrayParameter t;
-    if (params.GetValue(Name::Salt(), t) && t.begin() && t.size())
-    {
-        memcpy_s(block.salt, COUNTOF(block.salt), t.begin(), t.size());
-        const size_t rem = COUNTOF(block.salt) - t.size();
-        const size_t off = COUNTOF(block.salt) - rem;
-        if (rem)
-            memset(block.salt+off, 0x00, rem);
-    }
-    else
-    {
-        memset(block.salt, 0x00, COUNTOF(block.salt));
-    }
-
-    if (params.GetValue(Name::Personalization(), t) && t.begin() && t.size())
-    {
-        memcpy_s(block.personalization, COUNTOF(block.personalization), t.begin(), t.size());
-        const size_t rem = COUNTOF(block.personalization) - t.size();
-        const size_t off = COUNTOF(block.personalization) - rem;
-        if (rem)
-            memset(block.personalization+off, 0x00, rem);
-    }
-    else
-    {
-        memset(block.personalization, 0x00, COUNTOF(block.personalization));
-    }
+    std::memset(m_data, 0x00, m_data.size());
+    m_data[DigestOff] = static_cast<byte>(digestLen);
+    m_data[KeyOff] = static_cast<byte>(keyLen);
+    m_data[FanoutOff] = m_data[DepthOff] = 1;
 }
 
-template <class W, bool T_64bit>
-BLAKE2_Base<W, T_64bit>::BLAKE2_Base() : m_state(1), m_block(1), m_digestSize(DIGESTSIZE), m_treeMode(false)
+void BLAKE2b_ParameterBlock::Reset(size_t digestLen, size_t keyLen)
 {
-    UncheckedSetKey(NULLPTR, 0, g_nullNameValuePairs);
-    Restart();
+    std::memset(m_data, 0x00, m_data.size());
+    m_data[DigestOff] = static_cast<byte>(digestLen);
+    m_data[KeyOff] = static_cast<byte>(keyLen);
+    m_data[FanoutOff] = m_data[DepthOff] = 1;
 }
 
-template <class W, bool T_64bit>
-BLAKE2_Base<W, T_64bit>::BLAKE2_Base(bool treeMode, unsigned int digestSize) : m_state(1), m_block(1), m_digestSize(digestSize), m_treeMode(treeMode)
+BLAKE2s::BLAKE2s(bool treeMode, unsigned int digestSize)
+    : m_digestSize(digestSize), m_keyLength(0), m_treeMode(treeMode)
 {
     CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
 
-    UncheckedSetKey(NULLPTR, 0, MakeParameters(Name::DigestSize(), (int)digestSize)(Name::TreeMode(), treeMode, false));
-    Restart();
+    UncheckedSetKey(NULLPTR, 0, MakeParameters
+        (Name::DigestSize(), (int)digestSize)
+        (Name::TreeMode(), treeMode));
 }
 
-template <class W, bool T_64bit>
-BLAKE2_Base<W, T_64bit>::BLAKE2_Base(const byte *key, size_t keyLength, const byte* salt, size_t saltLength,
+BLAKE2b::BLAKE2b(bool treeMode, unsigned int digestSize)
+    : m_digestSize(digestSize), m_keyLength(0), m_treeMode(treeMode)
+{
+    CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
+
+    UncheckedSetKey(NULLPTR, 0, MakeParameters
+        (Name::DigestSize(), (int)digestSize)
+        (Name::TreeMode(), treeMode));
+}
+
+BLAKE2s::BLAKE2s(unsigned int digestSize)
+    : m_digestSize(digestSize), m_keyLength(0), m_treeMode(false)
+{
+    CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
+
+    UncheckedSetKey(NULLPTR, 0, MakeParameters
+        (Name::DigestSize(), (int)digestSize)
+        (Name::TreeMode(), false));
+}
+
+BLAKE2b::BLAKE2b(unsigned int digestSize)
+    : m_digestSize(digestSize), m_keyLength(0), m_treeMode(false)
+{
+    CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
+
+    UncheckedSetKey(NULLPTR, 0, MakeParameters
+        (Name::DigestSize(), (int)digestSize)
+        (Name::TreeMode(), false));
+}
+
+BLAKE2s::BLAKE2s(const byte *key, size_t keyLength, const byte* salt, size_t saltLength,
     const byte* personalization, size_t personalizationLength, bool treeMode, unsigned int digestSize)
-    : m_state(1), m_block(1), m_digestSize(digestSize), m_treeMode(treeMode)
+    : m_digestSize(digestSize), m_keyLength(static_cast<unsigned int>(keyLength)), m_treeMode(treeMode)
 {
     CRYPTOPP_ASSERT(keyLength <= MAX_KEYLENGTH);
     CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
     CRYPTOPP_ASSERT(saltLength <= SALTSIZE);
     CRYPTOPP_ASSERT(personalizationLength <= PERSONALIZATIONSIZE);
 
-    UncheckedSetKey(key, static_cast<unsigned int>(keyLength), MakeParameters(Name::DigestSize(),(int)digestSize)(Name::TreeMode(),treeMode, false)
-        (Name::Salt(), ConstByteArrayParameter(salt, saltLength))(Name::Personalization(), ConstByteArrayParameter(personalization, personalizationLength)));
+    UncheckedSetKey(key, static_cast<unsigned int>(keyLength), MakeParameters
+        (Name::DigestSize(),(int)digestSize)
+        (Name::TreeMode(),treeMode)
+        (Name::Salt(), ConstByteArrayParameter(salt, saltLength))
+        (Name::Personalization(), ConstByteArrayParameter(personalization, personalizationLength)));
+}
+
+BLAKE2b::BLAKE2b(const byte *key, size_t keyLength, const byte* salt, size_t saltLength,
+    const byte* personalization, size_t personalizationLength, bool treeMode, unsigned int digestSize)
+    : m_digestSize(digestSize), m_keyLength(static_cast<unsigned int>(keyLength)), m_treeMode(treeMode)
+{
+    CRYPTOPP_ASSERT(keyLength <= MAX_KEYLENGTH);
+    CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
+    CRYPTOPP_ASSERT(saltLength <= SALTSIZE);
+    CRYPTOPP_ASSERT(personalizationLength <= PERSONALIZATIONSIZE);
+
+    UncheckedSetKey(key, static_cast<unsigned int>(keyLength), MakeParameters
+        (Name::DigestSize(),(int)digestSize)
+        (Name::TreeMode(),treeMode)
+        (Name::Salt(), ConstByteArrayParameter(salt, saltLength))
+        (Name::Personalization(), ConstByteArrayParameter(personalization, personalizationLength)));
+}
+
+void BLAKE2s::UncheckedSetKey(const byte *key, unsigned int length, const CryptoPP::NameValuePairs& params)
+{
+    if (key && length)
+    {
+        m_key.New(BLOCKSIZE);
+        std::memcpy(m_key, key, length);
+        std::memset(m_key + length, 0x00, BLOCKSIZE - length);
+        m_keyLength = length;
+    }
+    else
+    {
+        m_key.resize(0);
+        m_keyLength = 0;
+    }
+
+    m_digestSize = static_cast<unsigned int>(params.GetIntValueWithDefault(
+                       Name::DigestSize(), static_cast<int>(m_digestSize)));
+
+    m_state.Reset();
+    m_block.Reset(m_digestSize, m_keyLength);
+    (void)params.GetValue(Name::TreeMode(), m_treeMode);
+
+    ConstByteArrayParameter t;
+    if (params.GetValue(Name::Salt(), t) && t.begin() && t.size())
+        memcpy_s(m_block.salt(), SALTSIZE, t.begin(), t.size());
+
+    if (params.GetValue(Name::Personalization(), t) && t.begin() && t.size())
+        memcpy_s(m_block.personalization(), PERSONALIZATIONSIZE, t.begin(), t.size());
+
     Restart();
 }
 
-template <class W, bool T_64bit>
-void BLAKE2_Base<W, T_64bit>::Restart()
+void BLAKE2b::UncheckedSetKey(const byte *key, unsigned int length, const CryptoPP::NameValuePairs& params)
 {
-    static const W zero[2] = {0,0};
-    Restart(*m_block.data(), zero);
-}
-
-template <class W, bool T_64bit>
-void BLAKE2_Base<W, T_64bit>::Restart(const BLAKE2_ParameterBlock<T_64bit>& block, const W counter[2])
-{
-    // We take a parameter block as a parameter to allow customized state.
-    // Avoid the copy of the parameter block when we are passing our own block.
-    if (&block != m_block.data())
+    if (key && length)
     {
-        memcpy_s(m_block.data(), sizeof(ParameterBlock), &block, sizeof(ParameterBlock));
-        m_block.data()->digestLength = (byte)m_digestSize;
-        m_block.data()->keyLength = (byte)m_key.size();
+        m_key.New(BLOCKSIZE);
+        std::memcpy(m_key, key, length);
+        std::memset(m_key + length, 0x00, BLOCKSIZE - length);
+        m_keyLength = length;
+    }
+    else
+    {
+        m_key.resize(0);
+        m_keyLength = 0;
     }
 
-    State& state = *m_state.data();
-    state.t[0] = state.t[1] = 0, state.f[0] = state.f[1] = 0, state.length = 0;
+    m_digestSize = static_cast<unsigned int>(params.GetIntValueWithDefault(
+                       Name::DigestSize(), static_cast<int>(m_digestSize)));
 
+    m_state.Reset();
+    m_block.Reset(m_digestSize, m_keyLength);
+    (void)params.GetValue(Name::TreeMode(), m_treeMode);
+
+    ConstByteArrayParameter t;
+    if (params.GetValue(Name::Salt(), t) && t.begin() && t.size())
+        memcpy_s(m_block.salt(), SALTSIZE, t.begin(), t.size());
+
+    if (params.GetValue(Name::Personalization(), t) && t.begin() && t.size())
+        memcpy_s(m_block.personalization(), PERSONALIZATIONSIZE, t.begin(), t.size());
+
+    Restart();
+}
+
+void BLAKE2s::Restart()
+{
+    static const word32 zero[2] = {0,0};
+    Restart(m_block, zero);
+}
+
+void BLAKE2b::Restart()
+{
+    static const word64 zero[2] = {0,0};
+    Restart(m_block, zero);
+}
+
+void BLAKE2s::Restart(const BLAKE2s_ParameterBlock& block, const word32 counter[2])
+{
+    // We take a counter as a parameter to allow customized state.
+    m_state.Reset();
     if (counter != NULLPTR)
     {
-        state.t[0] = counter[0];
-        state.t[1] = counter[1];
+        word32* t = m_state.t();
+        t[0] = counter[0];
+        t[1] = counter[1];
     }
 
-    const W* iv = BLAKE2_IV<W, T_64bit>::iv;
-    PutBlock<W, LittleEndian, true> put(m_block.data(), &state.h[0]);
+    // We take a parameter block as a parameter to allow customized state.
+    // Avoid the copy of the parameter block when we are passing our own block.
+    if (block.data() != m_block.data()) {
+        std::memcpy(m_block.data(), block.data(), m_block.size());
+    }
+
+    m_block.m_data[BLAKE2s_ParameterBlock::DigestOff] = (byte)m_digestSize;
+    m_block.m_data[BLAKE2s_ParameterBlock::KeyOff] = (byte)m_keyLength;
+
+    const word32* iv = BLAKE2S_IV;
+    PutBlock<word32, LittleEndian, true> put(m_block.data(), m_state.h());
     put(iv[0])(iv[1])(iv[2])(iv[3])(iv[4])(iv[5])(iv[6])(iv[7]);
 
-    // When BLAKE2 is keyed, the input stream is simply {key||message}. Key it
-    // during Restart to avoid FirstPut and friends. Key size == 0 means no key.
-    if (m_key.size())
-        Update(m_key, m_key.size());
+    // When BLAKE2 is keyed, the input stream is simply {key || 0 || message}.
+    // The key is padded to a full Blocksize with 0. Key it during Restart to
+    // avoid FirstPut and friends. Key size == 0 means no key.
+    if (m_keyLength)
+        Update(m_key, BLOCKSIZE);
 }
 
-template <class W, bool T_64bit>
-void BLAKE2_Base<W, T_64bit>::Update(const byte *input, size_t length)
+void BLAKE2b::Restart(const BLAKE2b_ParameterBlock& block, const word64 counter[2])
 {
-    State& state = *m_state.data();
-    if (state.length + length > BLOCKSIZE)
+    // We take a counter as a parameter to allow customized state.
+    m_state.Reset();
+    if (counter != NULLPTR)
     {
-        // Complete current block
-        const size_t fill = BLOCKSIZE - state.length;
-        memcpy_s(&state.buffer[state.length], fill, input, fill);
+        word64* t = m_state.t();
+        t[0] = counter[0];
+        t[1] = counter[1];
+    }
 
-        IncrementCounter();
-        Compress(state.buffer);
-        state.length = 0;
+    // We take a parameter block as a parameter to allow customized state.
+    // Avoid the copy of the parameter block when we are passing our own block.
+    if (block.data() != m_block.data()) {
+        std::memcpy(m_block.data(), block.data(), m_block.size());
+    }
 
-        length -= fill, input += fill;
+    m_block.m_data[BLAKE2b_ParameterBlock::DigestOff] = (byte)m_digestSize;
+    m_block.m_data[BLAKE2b_ParameterBlock::KeyOff] = (byte)m_keyLength;
+
+    const word64* iv = BLAKE2B_IV;
+    PutBlock<word64, LittleEndian, true> put(m_block.data(), m_state.h());
+    put(iv[0])(iv[1])(iv[2])(iv[3])(iv[4])(iv[5])(iv[6])(iv[7]);
+
+    // When BLAKE2 is keyed, the input stream is simply {key || 0 || message}.
+    // The key is padded to a full Blocksize with 0. Key it during Restart to
+    // avoid FirstPut and friends. Key size == 0 means no key.
+    if (m_keyLength)
+        Update(m_key, BLOCKSIZE);
+}
+
+void BLAKE2s::Update(const byte *input, size_t length)
+{
+    CRYPTOPP_ASSERT(input != NULLPTR || length == 0);
+
+    if (length > BLOCKSIZE - m_state.m_len)
+    {
+        if (m_state.m_len != 0)
+        {
+            // Complete current block
+            const size_t fill = BLOCKSIZE - m_state.m_len;
+            std::memcpy(m_state.m_buf+m_state.m_len, input, fill);
+
+            IncrementCounter(BLOCKSIZE);
+            Compress(m_state.m_buf);
+            m_state.m_len = 0;
+
+            length -= fill, input += fill;
+        }
 
         // Compress in-place to avoid copies
         while (length > BLOCKSIZE)
         {
-            IncrementCounter();
+            IncrementCounter(BLOCKSIZE);
             Compress(input);
             length -= BLOCKSIZE, input += BLOCKSIZE;
         }
     }
 
     // Copy tail bytes
-    if (input && length)
+    if (length)
     {
-        CRYPTOPP_ASSERT(length <= BLOCKSIZE - state.length);
-        memcpy_s(&state.buffer[state.length], length, input, length);
-        state.length += static_cast<unsigned int>(length);
+        CRYPTOPP_ASSERT(length <= BLOCKSIZE - m_state.m_len);
+        std::memcpy(m_state.m_buf+m_state.m_len, input, length);
+        m_state.m_len += static_cast<unsigned int>(length);
     }
 }
 
-template <class W, bool T_64bit>
-void BLAKE2_Base<W, T_64bit>::TruncatedFinal(byte *hash, size_t size)
+void BLAKE2b::Update(const byte *input, size_t length)
 {
+    CRYPTOPP_ASSERT(input != NULLPTR || length == 0);
+
+    if (length > BLOCKSIZE - m_state.m_len)
+    {
+        if (m_state.m_len != 0)
+        {
+            // Complete current block
+            const size_t fill = BLOCKSIZE - m_state.m_len;
+            std::memcpy(m_state.m_buf+m_state.m_len, input, fill);
+
+            IncrementCounter(BLOCKSIZE);
+            Compress(m_state.m_buf);
+            m_state.m_len = 0;
+
+            length -= fill, input += fill;
+        }
+
+        // Compress in-place to avoid copies
+        while (length > BLOCKSIZE)
+        {
+            CRYPTOPP_ASSERT(m_state.m_len == 0);
+            IncrementCounter(BLOCKSIZE);
+            Compress(input);
+            length -= BLOCKSIZE, input += BLOCKSIZE;
+        }
+    }
+
+    // Copy tail bytes
+    if (length)
+    {
+        CRYPTOPP_ASSERT(length <= BLOCKSIZE - m_state.m_len);
+        std::memcpy(m_state.m_buf + m_state.m_len, input, length);
+        m_state.m_len += static_cast<unsigned int>(length);
+    }
+}
+
+void BLAKE2s::TruncatedFinal(byte *hash, size_t size)
+{
+    CRYPTOPP_ASSERT(hash != NULLPTR);
     this->ThrowIfInvalidTruncatedSize(size);
+    word32* f = m_state.f();
 
     // Set last block unconditionally
-    State& state = *m_state.data();
-    state.f[0] = static_cast<W>(-1);
+    f[0] = ~static_cast<word32>(0);
 
     // Set last node if tree mode
     if (m_treeMode)
-        state.f[1] = static_cast<W>(-1);
+        f[1] = ~static_cast<word32>(0);
 
     // Increment counter for tail bytes only
-    IncrementCounter(state.length);
+    IncrementCounter(m_state.m_len);
 
-    memset(state.buffer + state.length, 0x00, BLOCKSIZE - state.length);
-    Compress(state.buffer);
+    std::memset(m_state.m_buf + m_state.m_len, 0x00, BLOCKSIZE - m_state.m_len);
+    Compress(m_state.m_buf);
 
     // Copy to caller buffer
-    memcpy_s(hash, size, &state.h[0], size);
+    std::memcpy(hash, m_state.h(), size);
 
     Restart();
 }
 
-template <class W, bool T_64bit>
-void BLAKE2_Base<W, T_64bit>::IncrementCounter(size_t count)
+void BLAKE2b::TruncatedFinal(byte *hash, size_t size)
 {
-    State& state = *m_state.data();
-    state.t[0] += static_cast<W>(count);
-    state.t[1] += !!(state.t[0] < count);
+    CRYPTOPP_ASSERT(hash != NULLPTR);
+    this->ThrowIfInvalidTruncatedSize(size);
+    word64* f = m_state.f();
+
+    // Set last block unconditionally
+    f[0] = ~static_cast<word64>(0);
+
+    // Set last node if tree mode
+    if (m_treeMode)
+        f[1] = ~static_cast<word64>(0);
+
+    // Increment counter for tail bytes only
+    IncrementCounter(m_state.m_len);
+
+    std::memset(m_state.m_buf + m_state.m_len, 0x00, BLOCKSIZE - m_state.m_len);
+    Compress(m_state.m_buf);
+
+    // Copy to caller buffer
+    std::memcpy(hash, m_state.h(), size);
+
+    Restart();
 }
 
-template <>
-void BLAKE2_Base<word64, true>::Compress(const byte *input)
+void BLAKE2s::IncrementCounter(size_t count)
+{
+    word32* t = m_state.t();
+    t[0] += static_cast<word32>(count);
+    t[1] += !!(t[0] < count);
+}
+
+void BLAKE2b::IncrementCounter(size_t count)
+{
+    word64* t = m_state.t();
+    t[0] += static_cast<word64>(count);
+    t[1] += !!(t[0] < count);
+}
+
+void BLAKE2s::Compress(const byte *input)
 {
 #if CRYPTOPP_SSE41_AVAILABLE
     if(HasSSE41())
     {
-        return BLAKE2_Compress64_SSE4(input, *m_state.data());
+        return BLAKE2_Compress32_SSE4(input, m_state);
     }
 #endif
 #if CRYPTOPP_ARM_NEON_AVAILABLE
     if(HasNEON())
     {
-        return BLAKE2_Compress64_NEON(input, *m_state.data());
+        return BLAKE2_Compress32_NEON(input, m_state);
     }
 #endif
-    return BLAKE2_Compress64_CXX(input, *m_state.data());
+#if CRYPTOPP_ALTIVEC_AVAILABLE
+    if(HasAltivec())
+    {
+        return BLAKE2_Compress32_ALTIVEC(input, m_state);
+    }
+#endif
+    return BLAKE2_Compress32_CXX(input, m_state);
 }
 
-template <>
-void BLAKE2_Base<word32, false>::Compress(const byte *input)
+void BLAKE2b::Compress(const byte *input)
 {
 #if CRYPTOPP_SSE41_AVAILABLE
     if(HasSSE41())
     {
-        return BLAKE2_Compress32_SSE4(input, *m_state.data());
+        return BLAKE2_Compress64_SSE4(input, m_state);
     }
 #endif
 #if CRYPTOPP_ARM_NEON_AVAILABLE
     if(HasNEON())
     {
-        return BLAKE2_Compress32_NEON(input, *m_state.data());
+        return BLAKE2_Compress64_NEON(input, m_state);
     }
 #endif
-    return BLAKE2_Compress32_CXX(input, *m_state.data());
+#if CRYPTOPP_POWER8_AVAILABLE
+    if(HasPower8())
+    {
+        return BLAKE2_Compress64_POWER8(input, m_state);
+    }
+#endif
+    return BLAKE2_Compress64_CXX(input, m_state);
 }
 
-void BLAKE2_Compress64_CXX(const byte* input, BLAKE2_State<word64, true>& state)
+void BLAKE2_Compress64_CXX(const byte* input, BLAKE2b_State& state)
 {
     word64 m[16], v[16];
 
     GetBlock<word64, LittleEndian, true> get1(input);
     get1(m[0])(m[1])(m[2])(m[3])(m[4])(m[5])(m[6])(m[7])(m[8])(m[9])(m[10])(m[11])(m[12])(m[13])(m[14])(m[15]);
 
-    GetBlock<word64, LittleEndian, true> get2(&state.h[0]);
+    GetBlock<word64, LittleEndian, true> get2(state.h());
     get2(v[0])(v[1])(v[2])(v[3])(v[4])(v[5])(v[6])(v[7]);
 
-    const word64* iv = BLAKE2_IV<word64, true>::iv;
+    const word64* iv = BLAKE2B_IV;
+    const word64* tf = state.t();
     v[ 8] = iv[0];
     v[ 9] = iv[1];
     v[10] = iv[2];
     v[11] = iv[3];
-    v[12] = state.t[0] ^ iv[4];
-    v[13] = state.t[1] ^ iv[5];
-    v[14] = state.f[0] ^ iv[6];
-    v[15] = state.f[1] ^ iv[7];
+    v[12] = tf[0] ^ iv[4];
+    v[13] = tf[1] ^ iv[5];
+    v[14] = tf[2] ^ iv[6];
+    v[15] = tf[3] ^ iv[7];
 
     BLAKE2B_ROUND<0>(m, v);
     BLAKE2B_ROUND<1>(m, v);
@@ -489,29 +752,31 @@ void BLAKE2_Compress64_CXX(const byte* input, BLAKE2_State<word64, true>& state)
     BLAKE2B_ROUND<10>(m, v);
     BLAKE2B_ROUND<11>(m, v);
 
-    for(unsigned int i = 0; i < 8; ++i)
-        state.h[i] = state.h[i] ^ ConditionalByteReverse(LittleEndian::ToEnum(), v[i] ^ v[i + 8]);
+    word64* h = state.h();
+    for (unsigned int i = 0; i < 8; ++i)
+        h[i] = h[i] ^ ConditionalByteReverse(LITTLE_ENDIAN_ORDER, v[i] ^ v[i + 8]);
 }
 
-void BLAKE2_Compress32_CXX(const byte* input, BLAKE2_State<word32, false>& state)
+void BLAKE2_Compress32_CXX(const byte* input, BLAKE2s_State& state)
 {
     word32 m[16], v[16];
 
     GetBlock<word32, LittleEndian, true> get1(input);
     get1(m[0])(m[1])(m[2])(m[3])(m[4])(m[5])(m[6])(m[7])(m[8])(m[9])(m[10])(m[11])(m[12])(m[13])(m[14])(m[15]);
 
-    GetBlock<word32, LittleEndian, true> get2(&state.h[0]);
+    GetBlock<word32, LittleEndian, true> get2(state.h());
     get2(v[0])(v[1])(v[2])(v[3])(v[4])(v[5])(v[6])(v[7]);
 
-    const word32* iv = BLAKE2_IV<word32, false>::iv;
+    const word32* iv = BLAKE2S_IV;
+    const word32* tf = state.t();
     v[ 8] = iv[0];
     v[ 9] = iv[1];
     v[10] = iv[2];
     v[11] = iv[3];
-    v[12] = state.t[0] ^ iv[4];
-    v[13] = state.t[1] ^ iv[5];
-    v[14] = state.f[0] ^ iv[6];
-    v[15] = state.f[1] ^ iv[7];
+    v[12] = tf[0] ^ iv[4];
+    v[13] = tf[1] ^ iv[5];
+    v[14] = tf[2] ^ iv[6];
+    v[15] = tf[3] ^ iv[7];
 
     BLAKE2S_ROUND<0>(m, v);
     BLAKE2S_ROUND<1>(m, v);
@@ -524,11 +789,9 @@ void BLAKE2_Compress32_CXX(const byte* input, BLAKE2_State<word32, false>& state
     BLAKE2S_ROUND<8>(m, v);
     BLAKE2S_ROUND<9>(m, v);
 
-    for(unsigned int i = 0; i < 8; ++i)
-        state.h[i] = state.h[i] ^ ConditionalByteReverse(LittleEndian::ToEnum(), v[i] ^ v[i + 8]);
+    word32* h = state.h();
+    for (unsigned int i = 0; i < 8; ++i)
+        h[i] = h[i] ^ ConditionalByteReverse(LITTLE_ENDIAN_ORDER, v[i] ^ v[i + 8]);
 }
 
-template class BLAKE2_Base<word32, false>;
-template class BLAKE2_Base<word64, true>;
-
 NAMESPACE_END

Common/3dParty/cryptopp/blake2.h

@@ -1,6 +1,7 @@
-// blake2.h - written and placed in the public domain by Jeffrey Walton and Zooko
-//            Wilcox-O'Hearn. Based on Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's
-//            reference BLAKE2 implementation at http://github.com/BLAKE2/BLAKE2.
+// blake2.h - written and placed in the public domain by Jeffrey Walton
+//            and Zooko Wilcox-O'Hearn. Based on Aumasson, Neves,
+//            Wilcox-O'Hearn and Winnerlein's reference BLAKE2
+//            implementation at http://github.com/BLAKE2/BLAKE2.
 
 /// \file blake2.h
 /// \brief Classes for BLAKE2b and BLAKE2s message digests and keyed message digests
@@ -9,10 +10,8 @@
 ///   Static algorithm name return either "BLAKE2b" or "BLAKE2s". An object algorithm name follows
 ///   the naming described in <A HREF="http://tools.ietf.org/html/rfc7693#section-4">RFC 7693, The
 ///   BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)</A>.
-/// \details The library provides specialized SSE2, SSE4 and NEON version of the BLAKE2 compression
-///   function. For best results under ARM NEON, specify both an architecture and cpu. For example:
-///   <pre>CXXFLAGS="-DNDEBUG -march=armv8-a+crc -mcpu=cortex-a53 ..."</pre>
-/// \since Crypto++ 5.6.4
+/// \since C++ since Crypto++ 5.6.4, SSE since Crypto++ 5.6.4, NEON since Crypto++ 6.0,
+///   Power8 since Crypto++ 8.0
 
 #ifndef CRYPTOPP_BLAKE2_H
 #define CRYPTOPP_BLAKE2_H
@@ -23,249 +22,206 @@
 
 NAMESPACE_BEGIN(CryptoPP)
 
-/// \brief BLAKE2 hash information
-/// \tparam T_64bit flag indicating 64-bit
+/// \brief BLAKE2s hash information
 /// \since Crypto++ 5.6.4
-template <bool T_64bit>
-struct BLAKE2_Info : public VariableKeyLength<(T_64bit ? 64 : 32),0,(T_64bit ? 64 : 32),1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE>
+struct BLAKE2s_Info : public VariableKeyLength<32,0,32,1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE>
 {
-	typedef VariableKeyLength<(T_64bit ? 64 : 32),0,(T_64bit ? 64 : 32),1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE> KeyBase;
-	CRYPTOPP_CONSTANT(MIN_KEYLENGTH = KeyBase::MIN_KEYLENGTH)
-	CRYPTOPP_CONSTANT(MAX_KEYLENGTH = KeyBase::MAX_KEYLENGTH)
-	CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = KeyBase::DEFAULT_KEYLENGTH)
+    typedef VariableKeyLength<32,0,32,1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE> KeyBase;
+    CRYPTOPP_CONSTANT(MIN_KEYLENGTH = KeyBase::MIN_KEYLENGTH);
+    CRYPTOPP_CONSTANT(MAX_KEYLENGTH = KeyBase::MAX_KEYLENGTH);
+    CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = KeyBase::DEFAULT_KEYLENGTH);
 
-	CRYPTOPP_CONSTANT(BLOCKSIZE = (T_64bit ? 128 : 64))
-	CRYPTOPP_CONSTANT(DIGESTSIZE = (T_64bit ? 64 : 32))
-	CRYPTOPP_CONSTANT(SALTSIZE = (T_64bit ? 16 : 8))
-	CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = (T_64bit ? 16 : 8))
+    CRYPTOPP_CONSTANT(BLOCKSIZE = 64);
+    CRYPTOPP_CONSTANT(DIGESTSIZE = 32);
+    CRYPTOPP_CONSTANT(SALTSIZE = 8);
+    CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = 8);
 
-	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return (T_64bit ? "BLAKE2b" : "BLAKE2s");}
+    CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BLAKE2s";}
 };
 
-/// \brief BLAKE2 parameter block
-/// \tparam T_64bit flag indicating 64-bit
-/// \details BLAKE2b uses BLAKE2_ParameterBlock<true>, while BLAKE2s
-///   uses BLAKE2_ParameterBlock<false>.
+/// \brief BLAKE2b hash information
 /// \since Crypto++ 5.6.4
-template <bool T_64bit>
-struct CRYPTOPP_NO_VTABLE BLAKE2_ParameterBlock
+struct BLAKE2b_Info : public VariableKeyLength<64,0,64,1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE>
 {
+    typedef VariableKeyLength<64,0,64,1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE> KeyBase;
+    CRYPTOPP_CONSTANT(MIN_KEYLENGTH = KeyBase::MIN_KEYLENGTH);
+    CRYPTOPP_CONSTANT(MAX_KEYLENGTH = KeyBase::MAX_KEYLENGTH);
+    CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = KeyBase::DEFAULT_KEYLENGTH);
+
+    CRYPTOPP_CONSTANT(BLOCKSIZE = 128);
+    CRYPTOPP_CONSTANT(DIGESTSIZE = 64);
+    CRYPTOPP_CONSTANT(SALTSIZE = 16);
+    CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = 16);
+
+    CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BLAKE2b";}
 };
 
-/// \brief BLAKE2b parameter block specialization
-template<>
-struct CRYPTOPP_NO_VTABLE BLAKE2_ParameterBlock<true>
+/// \brief BLAKE2s parameter block
+struct CRYPTOPP_NO_VTABLE BLAKE2s_ParameterBlock
 {
-	CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2_Info<true>::SALTSIZE)
-	CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2_Info<true>::DIGESTSIZE)
-	CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2_Info<true>::PERSONALIZATIONSIZE)
+    CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2s_Info::SALTSIZE);
+    CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2s_Info::DIGESTSIZE);
+    CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2s_Info::PERSONALIZATIONSIZE);
 
-	BLAKE2_ParameterBlock()
-	{
-		memset(this, 0x00, sizeof(*this));
-		digestLength = DIGESTSIZE;
-		fanout = depth = 1;
-	}
+    BLAKE2s_ParameterBlock()
+    {
+        Reset();
+    }
 
-	BLAKE2_ParameterBlock(size_t digestSize)
-	{
-		CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
-		memset(this, 0x00, sizeof(*this));
-		digestLength = (byte)digestSize;
-		fanout = depth = 1;
-	}
+    BLAKE2s_ParameterBlock(size_t digestSize)
+    {
+        Reset(digestSize);
+    }
 
-	BLAKE2_ParameterBlock(size_t digestSize, size_t keyLength, const byte* salt, size_t saltLength,
-		const byte* personalization, size_t personalizationLength);
+    BLAKE2s_ParameterBlock(size_t digestSize, size_t keyLength, const byte* salt, size_t saltLength,
+        const byte* personalization, size_t personalizationLength);
 
-	byte digestLength;
-	byte keyLength, fanout, depth;
-	byte leafLength[4];
-	byte nodeOffset[8];
-	byte nodeDepth, innerLength, rfu[14];
-	byte salt[SALTSIZE];
-	byte personalization[PERSONALIZATIONSIZE];
+    void Reset(size_t digestLength=DIGESTSIZE, size_t keyLength=0);
+
+    byte* data() {
+        return m_data.data();
+    }
+
+    const byte* data() const {
+        return m_data.data();
+    }
+
+    size_t size() const {
+        return m_data.size();
+    }
+
+    byte* salt() {
+        return m_data + SaltOff;
+    }
+
+    byte* personalization() {
+        return m_data + PersonalizationOff;
+    }
+
+    // Offsets into the byte array
+    enum {
+        DigestOff = 0, KeyOff = 1, FanoutOff = 2, DepthOff = 3, LeafOff = 4, NodeOff = 8,
+        NodeDepthOff = 14, InnerOff = 15, SaltOff = 16, PersonalizationOff = 24
+    };
+
+    FixedSizeAlignedSecBlock<byte, 32, true> m_data;
 };
 
-/// \brief BLAKE2s parameter block specialization
-template<>
-struct CRYPTOPP_NO_VTABLE BLAKE2_ParameterBlock<false>
+/// \brief BLAKE2b parameter block
+struct CRYPTOPP_NO_VTABLE BLAKE2b_ParameterBlock
 {
-	CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2_Info<false>::SALTSIZE)
-	CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2_Info<false>::DIGESTSIZE)
-	CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2_Info<false>::PERSONALIZATIONSIZE)
+    CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2b_Info::SALTSIZE);
+    CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2b_Info::DIGESTSIZE);
+    CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2b_Info::PERSONALIZATIONSIZE);
 
-	BLAKE2_ParameterBlock()
-	{
-		memset(this, 0x00, sizeof(*this));
-		digestLength = DIGESTSIZE;
-		fanout = depth = 1;
-	}
+    BLAKE2b_ParameterBlock()
+    {
+        Reset();
+    }
 
-	BLAKE2_ParameterBlock(size_t digestSize)
-	{
-		CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
-		memset(this, 0x00, sizeof(*this));
-		digestLength = (byte)digestSize;
-		fanout = depth = 1;
-	}
+    BLAKE2b_ParameterBlock(size_t digestSize)
+    {
+        Reset(digestSize);
+    }
 
-	BLAKE2_ParameterBlock(size_t digestSize, size_t keyLength, const byte* salt, size_t saltLength,
-		const byte* personalization, size_t personalizationLength);
+    BLAKE2b_ParameterBlock(size_t digestSize, size_t keyLength, const byte* salt, size_t saltLength,
+        const byte* personalization, size_t personalizationLength);
 
-	byte digestLength;
-	byte keyLength, fanout, depth;
-	byte leafLength[4];
-	byte nodeOffset[6];
-	byte nodeDepth, innerLength;
-	byte salt[SALTSIZE];
-	byte personalization[PERSONALIZATIONSIZE];
+    void Reset(size_t digestLength=DIGESTSIZE, size_t keyLength=0);
+
+    byte* data() {
+        return m_data.data();
+    }
+
+    const byte* data() const {
+        return m_data.data();
+    }
+
+    size_t size() const {
+        return m_data.size();
+    }
+
+    byte* salt() {
+        return m_data + SaltOff;
+    }
+
+    byte* personalization() {
+        return m_data + PersonalizationOff;
+    }
+
+    // Offsets into the byte array
+    enum {
+        DigestOff = 0, KeyOff = 1, FanoutOff = 2, DepthOff = 3, LeafOff = 4, NodeOff = 8,
+        NodeDepthOff = 16, InnerOff = 17, RfuOff = 18, SaltOff = 32, PersonalizationOff = 48
+    };
+
+    FixedSizeAlignedSecBlock<byte, 64, true> m_data;
 };
 
-/// \brief BLAKE2 state information
-/// \tparam W word type
-/// \tparam T_64bit flag indicating 64-bit
-/// \details BLAKE2b uses BLAKE2_State<word64, true>, while BLAKE2s
-///   uses BLAKE2_State<word32, false>.
+/// \brief BLAKE2s state information
 /// \since Crypto++ 5.6.4
-template <class W, bool T_64bit>
-struct CRYPTOPP_NO_VTABLE BLAKE2_State
+struct CRYPTOPP_NO_VTABLE BLAKE2s_State
 {
-	CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2_Info<T_64bit>::BLOCKSIZE)
+    BLAKE2s_State() {
+        Reset();
+    }
 
-	BLAKE2_State()
-	{
-		// Set all members except scratch buffer[]
-		h[0]=h[1]=h[2]=h[3]=h[4]=h[5]=h[6]=h[7] = 0;
-		t[0]=t[1]=f[0]=f[1] = 0;
-		length = 0;
-	}
+    void Reset();
 
-	// SSE2, SSE4 and NEON depend upon t[] and f[] being side-by-side
-	W h[8], t[2], f[2];
-	byte  buffer[BLOCKSIZE];
-	size_t length;
+    inline word32* h() {
+        return m_hft.data();
+    }
+
+    inline word32* t() {
+        return m_hft.data() + 8;
+    }
+
+    inline word32* f() {
+        return m_hft.data() + 10;
+    }
+
+    inline byte* data() {
+        return m_buf.data();
+    }
+
+    // SSE4, Power7 and NEON depend upon t[] and f[] being side-by-side
+    CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2s_Info::BLOCKSIZE);
+    FixedSizeAlignedSecBlock<word32, 8+2+2, true> m_hft;
+    FixedSizeAlignedSecBlock<byte, BLOCKSIZE, true> m_buf;
+    size_t m_len;
 };
 
-/// \brief BLAKE2 hash implementation
-/// \tparam W word type
-/// \tparam T_64bit flag indicating 64-bit
-/// \details BLAKE2b uses BLAKE2_Base<word64, true>, while BLAKE2s
-///   uses BLAKE2_Base<word32, false>.
+/// \brief BLAKE2b state information
 /// \since Crypto++ 5.6.4
-template <class W, bool T_64bit>
-class BLAKE2_Base : public SimpleKeyingInterfaceImpl<MessageAuthenticationCode, BLAKE2_Info<T_64bit> >
+struct CRYPTOPP_NO_VTABLE BLAKE2b_State
 {
-public:
-	CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = BLAKE2_Info<T_64bit>::DEFAULT_KEYLENGTH)
-	CRYPTOPP_CONSTANT(MIN_KEYLENGTH = BLAKE2_Info<T_64bit>::MIN_KEYLENGTH)
-	CRYPTOPP_CONSTANT(MAX_KEYLENGTH = BLAKE2_Info<T_64bit>::MAX_KEYLENGTH)
+    BLAKE2b_State() {
+        Reset();
+    }
 
-	CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2_Info<T_64bit>::DIGESTSIZE)
-	CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2_Info<T_64bit>::BLOCKSIZE)
-	CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2_Info<T_64bit>::SALTSIZE)
-	CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2_Info<T_64bit>::PERSONALIZATIONSIZE)
+    void Reset();
 
-	typedef BLAKE2_State<W, T_64bit> State;
-	typedef BLAKE2_ParameterBlock<T_64bit> ParameterBlock;
-	typedef SecBlock<State, AllocatorWithCleanup<State, true> > AlignedState;
-	typedef SecBlock<ParameterBlock, AllocatorWithCleanup<ParameterBlock, true> > AlignedParameterBlock;
+    inline word64* h() {
+        return m_hft.data();
+    }
 
-	virtual ~BLAKE2_Base() {}
+    inline word64* t() {
+        return m_hft.data() + 8;
+    }
 
-	/// \brief Retrieve the static algorithm name
-	/// \returns the algorithm name (BLAKE2s or BLAKE2b)
-	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return BLAKE2_Info<T_64bit>::StaticAlgorithmName();}
+    inline word64* f() {
+        return m_hft.data() + 10;
+    }
 
-	/// \brief Retrieve the object's name
-	/// \returns the object's algorithm name following RFC 7693
-	/// \details Object algorithm name follows the naming described in
-	///   <A HREF="http://tools.ietf.org/html/rfc7693#section-4">RFC 7693, The BLAKE2 Cryptographic Hash and
-	/// Message Authentication Code (MAC)</A>. For example, "BLAKE2b-512" and "BLAKE2s-256".
-	std::string AlgorithmName() const {return std::string(StaticAlgorithmName()) + "-" + IntToString(this->DigestSize()*8);}
+    inline byte* data() {
+        return m_buf.data();
+    }
 
-	unsigned int DigestSize() const {return m_digestSize;}
-	unsigned int OptimalDataAlignment() const {return (CRYPTOPP_BOOL_ALIGN16 ? 16 : GetAlignmentOf<W>());}
-
-	void Update(const byte *input, size_t length);
-	void Restart();
-
-	/// \brief Restart a hash with parameter block and counter
-	/// \param block parameter block
-	/// \param counter counter array
-	/// \details Parameter block is persisted across calls to Restart().
-	void Restart(const BLAKE2_ParameterBlock<T_64bit>& block, const W counter[2]);
-
-	/// \brief Set tree mode
-	/// \param mode the new tree mode
-	/// \details BLAKE2 has two finalization flags, called State::f[0] and State::f[1].
-	///   If <tt>treeMode=false</tt> (default), then State::f[1] is never set. If
-	///   <tt>treeMode=true</tt>, then State::f[1] is set when State::f[0] is set.
-	///   Tree mode is persisted across calls to Restart().
-	void SetTreeMode(bool mode) {m_treeMode=mode;}
-
-	/// \brief Get tree mode
-	/// \returns the current tree mode
-	/// \details Tree mode is persisted across calls to Restart().
-	bool GetTreeMode() const {return m_treeMode;}
-
-	void TruncatedFinal(byte *hash, size_t size);
-
-protected:
-	BLAKE2_Base();
-	BLAKE2_Base(bool treeMode, unsigned int digestSize);
-	BLAKE2_Base(const byte *key, size_t keyLength, const byte* salt, size_t saltLength,
-		const byte* personalization, size_t personalizationLength,
-		bool treeMode, unsigned int digestSize);
-
-	// Operates on state buffer and/or input. Must be BLOCKSIZE, final block will pad with 0's.
-	void Compress(const byte *input);
-	inline void IncrementCounter(size_t count=BLOCKSIZE);
-
-	void UncheckedSetKey(const byte* key, unsigned int length, const CryptoPP::NameValuePairs& params);
-
-private:
-	AlignedState m_state;
-	AlignedParameterBlock m_block;
-	AlignedSecByteBlock m_key;
-	word32 m_digestSize;
-	bool m_treeMode;
-};
-
-/// \brief The BLAKE2b cryptographic hash function
-/// \details BLAKE2b can function as both a hash and keyed hash. If you want only the hash,
-///   then use the BLAKE2b constructor that accepts no parameters or digest size. If you
-///   want a keyed hash, then use the constructor that accpts the key as a parameter.
-///   Once a key and digest size are selected, its effectively immutable. The Restart()
-///   method that accepts a ParameterBlock does not allow you to change it.
-/// \sa Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's
-///   <A HREF="http://blake2.net/blake2.pdf">BLAKE2: simpler, smaller, fast as MD5</A> (2013.01.29).
-/// \since Crypto++ 5.6.4
-class BLAKE2b : public BLAKE2_Base<word64, true>
-{
-public:
-	typedef BLAKE2_Base<word64, true> ThisBase; // Early Visual Studio workaround
-	typedef BLAKE2_ParameterBlock<true> ParameterBlock;
-	CRYPTOPP_COMPILE_ASSERT(sizeof(ParameterBlock) == 64);
-
-	/// \brief Construct a BLAKE2b hash
-	/// \param digestSize the digest size, in bytes
-	/// \param treeMode flag indicating tree mode
-	BLAKE2b(bool treeMode=false, unsigned int digestSize = DIGESTSIZE) : ThisBase(treeMode, digestSize) {}
-
-	/// \brief Construct a BLAKE2b hash
-	/// \param key a byte array used to key the cipher
-	/// \param keyLength the size of the byte array
-	/// \param salt a byte array used as salt
-	/// \param saltLength the size of the byte array
-	/// \param personalization a byte array used as prsonalization string
-	/// \param personalizationLength the size of the byte array
-	/// \param treeMode flag indicating tree mode
-	/// \param digestSize the digest size, in bytes
-	BLAKE2b(const byte *key, size_t keyLength, const byte* salt = NULLPTR, size_t saltLength = 0,
-		const byte* personalization = NULLPTR, size_t personalizationLength = 0,
-		bool treeMode=false, unsigned int digestSize = DIGESTSIZE)
-		: ThisBase(key, keyLength, salt, saltLength, personalization, personalizationLength, treeMode, digestSize) {}
+    // SSE4, Power8 and NEON depend upon t[] and f[] being side-by-side
+    CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2b_Info::BLOCKSIZE);
+    FixedSizeAlignedSecBlock<word64, 8+2+2, true> m_hft;
+    FixedSizeAlignedSecBlock<byte, BLOCKSIZE, true> m_buf;
+    size_t m_len;
 };
 
 /// \brief The BLAKE2s cryptographic hash function
@@ -276,32 +232,211 @@ public:
 ///   method that accepts a ParameterBlock does not allow you to change it.
 /// \sa Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's
 ///   <A HREF="http://blake2.net/blake2.pdf">BLAKE2: simpler, smaller, fast as MD5</A> (2013.01.29).
-/// \since Crypto++ 5.6.4
-class BLAKE2s : public BLAKE2_Base<word32, false>
+/// \since C++ since Crypto++ 5.6.4, SSE since Crypto++ 5.6.4, NEON since Crypto++ 6.0,
+///   Power8 since Crypto++ 8.0
+class BLAKE2s : public SimpleKeyingInterfaceImpl<MessageAuthenticationCode, BLAKE2s_Info>
 {
 public:
-	typedef BLAKE2_Base<word32, false> ThisBase; // Early Visual Studio workaround
-	typedef BLAKE2_ParameterBlock<false> ParameterBlock;
-	CRYPTOPP_COMPILE_ASSERT(sizeof(ParameterBlock) == 32);
+    CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = BLAKE2s_Info::DEFAULT_KEYLENGTH);
+    CRYPTOPP_CONSTANT(MIN_KEYLENGTH = BLAKE2s_Info::MIN_KEYLENGTH);
+    CRYPTOPP_CONSTANT(MAX_KEYLENGTH = BLAKE2s_Info::MAX_KEYLENGTH);
 
-	/// \brief Construct a BLAKE2s hash
-	/// \param digestSize the digest size, in bytes
-	/// \param treeMode flag indicating tree mode
-	BLAKE2s(bool treeMode=false, unsigned int digestSize = DIGESTSIZE) : ThisBase(treeMode, digestSize) {}
+    CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2s_Info::DIGESTSIZE);
+    CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2s_Info::BLOCKSIZE);
+    CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2s_Info::SALTSIZE);
+    CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2s_Info::PERSONALIZATIONSIZE);
 
-	/// \brief Construct a BLAKE2s hash
-	/// \param key a byte array used to key the cipher
-	/// \param keyLength the size of the byte array
-	/// \param salt a byte array used as salt
-	/// \param saltLength the size of the byte array
-	/// \param personalization a byte array used as prsonalization string
-	/// \param personalizationLength the size of the byte array
-	/// \param treeMode flag indicating tree mode
-	/// \param digestSize the digest size, in bytes
-	BLAKE2s(const byte *key, size_t keyLength, const byte* salt = NULLPTR, size_t saltLength = 0,
-		const byte* personalization = NULLPTR, size_t personalizationLength = 0,
-		bool treeMode=false, unsigned int digestSize = DIGESTSIZE)
-		: ThisBase(key, keyLength, salt, saltLength, personalization, personalizationLength, treeMode, digestSize) {}
+    typedef BLAKE2s_State State;
+    typedef BLAKE2s_ParameterBlock ParameterBlock;
+
+    CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BLAKE2s";}
+
+    virtual ~BLAKE2s() {}
+
+    /// \brief Construct a BLAKE2s hash
+    /// \param digestSize the digest size, in bytes
+    /// \param treeMode flag indicating tree mode
+    /// \since Crypto++ 5.6.4
+    BLAKE2s(bool treeMode=false, unsigned int digestSize = DIGESTSIZE);
+
+    /// \brief Construct a BLAKE2s hash
+    /// \param digestSize the digest size, in bytes
+    /// \details treeMode flag is set to false
+    /// \since Crypto++ 8.2
+    BLAKE2s(unsigned int digestSize);
+
+    /// \brief Construct a BLAKE2s hash
+    /// \param key a byte array used to key the cipher
+    /// \param keyLength the size of the byte array
+    /// \param salt a byte array used as salt
+    /// \param saltLength the size of the byte array
+    /// \param personalization a byte array used as personalization string
+    /// \param personalizationLength the size of the byte array
+    /// \param treeMode flag indicating tree mode
+    /// \param digestSize the digest size, in bytes
+    /// \since Crypto++ 5.6.4
+    BLAKE2s(const byte *key, size_t keyLength, const byte* salt = NULLPTR, size_t saltLength = 0,
+        const byte* personalization = NULLPTR, size_t personalizationLength = 0,
+        bool treeMode=false, unsigned int digestSize = DIGESTSIZE);
+
+    /// \brief Retrieve the object's name
+    /// \return the object's algorithm name following RFC 7693
+    /// \details Object algorithm name follows the naming described in
+    ///   <A HREF="http://tools.ietf.org/html/rfc7693#section-4">RFC 7693, The BLAKE2 Cryptographic Hash and
+    /// Message Authentication Code (MAC)</A>. For example, "BLAKE2b-512" and "BLAKE2s-256".
+    std::string AlgorithmName() const {return std::string(BLAKE2s_Info::StaticAlgorithmName()) + "-" + IntToString(DigestSize()*8);}
+
+    unsigned int BlockSize() const {return BLOCKSIZE;}
+    unsigned int DigestSize() const {return m_digestSize;}
+    unsigned int OptimalDataAlignment() const;
+
+    void Update(const byte *input, size_t length);
+    void Restart();
+
+    /// \brief Restart a hash with parameter block and counter
+    /// \param block parameter block
+    /// \param counter counter array
+    /// \details Parameter block is persisted across calls to Restart().
+    void Restart(const BLAKE2s_ParameterBlock& block, const word32 counter[2]);
+
+    /// \brief Set tree mode
+    /// \param mode the new tree mode
+    /// \details BLAKE2 has two finalization flags, called State::f[0] and State::f[1].
+    ///   If <tt>treeMode=false</tt> (default), then State::f[1] is never set. If
+    ///   <tt>treeMode=true</tt>, then State::f[1] is set when State::f[0] is set.
+    ///   Tree mode is persisted across calls to Restart().
+    void SetTreeMode(bool mode) {m_treeMode=mode;}
+
+    /// \brief Get tree mode
+    /// \return the current tree mode
+    /// \details Tree mode is persisted across calls to Restart().
+    bool GetTreeMode() const {return m_treeMode;}
+
+    void TruncatedFinal(byte *hash, size_t size);
+
+    std::string AlgorithmProvider() const;
+
+protected:
+    // Operates on state buffer and/or input. Must be BLOCKSIZE, final block will pad with 0's.
+    void Compress(const byte *input);
+    inline void IncrementCounter(size_t count=BLOCKSIZE);
+
+    void UncheckedSetKey(const byte* key, unsigned int length, const CryptoPP::NameValuePairs& params);
+
+private:
+    State m_state;
+    ParameterBlock m_block;
+    AlignedSecByteBlock m_key;
+    word32 m_digestSize, m_keyLength;
+    bool m_treeMode;
+};
+
+/// \brief The BLAKE2b cryptographic hash function
+/// \details BLAKE2b can function as both a hash and keyed hash. If you want only the hash,
+///   then use the BLAKE2b constructor that accepts no parameters or digest size. If you
+///   want a keyed hash, then use the constructor that accpts the key as a parameter.
+///   Once a key and digest size are selected, its effectively immutable. The Restart()
+///   method that accepts a ParameterBlock does not allow you to change it.
+/// \sa Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's
+///   <A HREF="http://blake2.net/blake2.pdf">BLAKE2: simpler, smaller, fast as MD5</A> (2013.01.29).
+/// \since C++ since Crypto++ 5.6.4, SSE since Crypto++ 5.6.4, NEON since Crypto++ 6.0,
+///   Power8 since Crypto++ 8.0
+class BLAKE2b : public SimpleKeyingInterfaceImpl<MessageAuthenticationCode, BLAKE2b_Info>
+{
+public:
+    CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = BLAKE2b_Info::DEFAULT_KEYLENGTH);
+    CRYPTOPP_CONSTANT(MIN_KEYLENGTH = BLAKE2b_Info::MIN_KEYLENGTH);
+    CRYPTOPP_CONSTANT(MAX_KEYLENGTH = BLAKE2b_Info::MAX_KEYLENGTH);
+
+    CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2b_Info::DIGESTSIZE);
+    CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2b_Info::BLOCKSIZE);
+    CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2b_Info::SALTSIZE);
+    CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2b_Info::PERSONALIZATIONSIZE);
+
+    typedef BLAKE2b_State State;
+    typedef BLAKE2b_ParameterBlock ParameterBlock;
+
+    CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BLAKE2b";}
+
+    virtual ~BLAKE2b() {}
+
+    /// \brief Construct a BLAKE2b hash
+    /// \param digestSize the digest size, in bytes
+    /// \param treeMode flag indicating tree mode
+    /// \since Crypto++ 5.6.4
+    BLAKE2b(bool treeMode=false, unsigned int digestSize = DIGESTSIZE);
+
+    /// \brief Construct a BLAKE2s hash
+    /// \param digestSize the digest size, in bytes
+    /// \details treeMode flag is set to false
+    /// \since Crypto++ 8.2
+    BLAKE2b(unsigned int digestSize);
+
+    /// \brief Construct a BLAKE2b hash
+    /// \param key a byte array used to key the cipher
+    /// \param keyLength the size of the byte array
+    /// \param salt a byte array used as salt
+    /// \param saltLength the size of the byte array
+    /// \param personalization a byte array used as personalization string
+    /// \param personalizationLength the size of the byte array
+    /// \param treeMode flag indicating tree mode
+    /// \param digestSize the digest size, in bytes
+    /// \since Crypto++ 5.6.4
+    BLAKE2b(const byte *key, size_t keyLength, const byte* salt = NULLPTR, size_t saltLength = 0,
+        const byte* personalization = NULLPTR, size_t personalizationLength = 0,
+        bool treeMode=false, unsigned int digestSize = DIGESTSIZE);
+
+    /// \brief Retrieve the object's name
+    /// \return the object's algorithm name following RFC 7693
+    /// \details Object algorithm name follows the naming described in
+    ///   <A HREF="http://tools.ietf.org/html/rfc7693#section-4">RFC 7693, The BLAKE2 Cryptographic Hash and
+    /// Message Authentication Code (MAC)</A>. For example, "BLAKE2b-512" and "BLAKE2s-256".
+    std::string AlgorithmName() const {return std::string(BLAKE2b_Info::StaticAlgorithmName()) + "-" + IntToString(DigestSize()*8);}
+
+    unsigned int BlockSize() const {return BLOCKSIZE;}
+    unsigned int DigestSize() const {return m_digestSize;}
+    unsigned int OptimalDataAlignment() const;
+
+    void Update(const byte *input, size_t length);
+    void Restart();
+
+    /// \brief Restart a hash with parameter block and counter
+    /// \param block parameter block
+    /// \param counter counter array
+    /// \details Parameter block is persisted across calls to Restart().
+    void Restart(const BLAKE2b_ParameterBlock& block, const word64 counter[2]);
+
+    /// \brief Set tree mode
+    /// \param mode the new tree mode
+    /// \details BLAKE2 has two finalization flags, called State::f[0] and State::f[1].
+    ///   If <tt>treeMode=false</tt> (default), then State::f[1] is never set. If
+    ///   <tt>treeMode=true</tt>, then State::f[1] is set when State::f[0] is set.
+    ///   Tree mode is persisted across calls to Restart().
+    void SetTreeMode(bool mode) {m_treeMode=mode;}
+
+    /// \brief Get tree mode
+    /// \return the current tree mode
+    /// \details Tree mode is persisted across calls to Restart().
+    bool GetTreeMode() const {return m_treeMode;}
+
+    void TruncatedFinal(byte *hash, size_t size);
+
+    std::string AlgorithmProvider() const;
+
+protected:
+
+    // Operates on state buffer and/or input. Must be BLOCKSIZE, final block will pad with 0's.
+    void Compress(const byte *input);
+    inline void IncrementCounter(size_t count=BLOCKSIZE);
+
+    void UncheckedSetKey(const byte* key, unsigned int length, const CryptoPP::NameValuePairs& params);
+
+private:
+    State m_state;
+    ParameterBlock m_block;
+    AlignedSecByteBlock m_key;
+    word32 m_digestSize, m_keyLength;
+    bool m_treeMode;
 };
 
 NAMESPACE_END

Common/3dParty/cryptopp/blumshub.h

@@ -12,13 +12,19 @@
 
 NAMESPACE_BEGIN(CryptoPP)
 
-/// BlumBlumShub without factorization of the modulus
+/// \brief BlumBlumShub without factorization of the modulus
+/// \details You should reseed the generator after a fork() to avoid multiple generators
+///  with the same internal state.
 class PublicBlumBlumShub : public RandomNumberGenerator,
 						   public StreamTransformation
 {
 public:
 	virtual ~PublicBlumBlumShub() {}
 
+	/// \brief Construct a PublicBlumBlumShub
+	/// \param n the modulus
+	/// \param seed the seed for the generator
+	/// \details seed is the secret key and should be about as large as n.
 	PublicBlumBlumShub(const Integer &n, const Integer &seed);
 
 	unsigned int GenerateBit();
@@ -35,14 +41,20 @@ protected:
 	word maxBits, bitsLeft;
 };
 
-/// BlumBlumShub with factorization of the modulus
+/// \brief BlumBlumShub with factorization of the modulus
+/// \details You should reseed the generator after a fork() to avoid multiple generators
+///  with the same internal state.
 class BlumBlumShub : public PublicBlumBlumShub
 {
 public:
 	virtual ~BlumBlumShub() {}
 
-	// Make sure p and q are both primes congruent to 3 mod 4 and at least 512 bits long,
-	// seed is the secret key and should be about as big as p*q
+	/// \brief Construct a BlumBlumShub
+	/// \param p the first prime factor
+	/// \param q the second prime factor
+	/// \param seed the seed for the generator
+	/// \details Esure p and q are both primes congruent to 3 mod 4 and at least 512 bits long.
+	///  seed is the secret key and should be about as large as p*q.
 	BlumBlumShub(const Integer &p, const Integer &q, const Integer &seed);
 
 	bool IsRandomAccess() const {return true;}

Common/3dParty/cryptopp/camellia.cpp

@@ -60,7 +60,7 @@ NAMESPACE_BEGIN(CryptoPP)
 	ROUND(lh, ll, rh, rl, k0, k1)						\
 	ROUND(rh, rl, lh, ll, k2, k3)
 
-#ifdef CRYPTOPP_LITTLE_ENDIAN
+#if (CRYPTOPP_LITTLE_ENDIAN)
 #define EFI(i) (1-(i))
 #else
 #define EFI(i) (i)

Common/3dParty/cryptopp/cbcmac.h

@@ -43,7 +43,11 @@ template <class T>
 class CBC_MAC : public MessageAuthenticationCodeImpl<CBC_MAC_Base, CBC_MAC<T> >, public SameKeyLengthAs<T>
 {
 public:
+	/// \brief Construct a CBC_MAC
 	CBC_MAC() {}
+	/// \brief Construct a CBC_MAC
+	/// \param key a byte buffer used to key the cipher
+	/// \param length the length of the byte buffer
 	CBC_MAC(const byte *key, size_t length=SameKeyLengthAs<T>::DEFAULT_KEYLENGTH)
 		{this->SetKey(key, length);}
 

Common/3dParty/cryptopp/ccm.h

@@ -24,6 +24,8 @@ public:
 	// AuthenticatedSymmetricCipher
 	std::string AlgorithmName() const
 		{return GetBlockCipher().AlgorithmName() + std::string("/CCM");}
+	std::string AlgorithmProvider() const
+		{return GetBlockCipher().AlgorithmProvider();}
 	size_t MinKeyLength() const
 		{return GetBlockCipher().MinKeyLength();}
 	size_t MaxKeyLength() const
@@ -71,7 +73,7 @@ protected:
 	virtual BlockCipher & AccessBlockCipher() =0;
 	virtual int DefaultDigestSize() const =0;
 
-	const BlockCipher & GetBlockCipher() const {return const_cast<CCM_Base *>(this)->AccessBlockCipher();};
+	const BlockCipher & GetBlockCipher() const {return const_cast<CCM_Base *>(this)->AccessBlockCipher();}
 	byte *CBC_Buffer() {return m_buffer+REQUIRED_BLOCKSIZE;}
 
 	enum {REQUIRED_BLOCKSIZE = 16};

Common/3dParty/cryptopp/chacha.cpp

@@ -1,6 +1,7 @@
 // chacha.cpp - written and placed in the public domain by Jeffrey Walton.
-//              Based on Wei Dai's Salsa20 and Bernstein's reference ChaCha
-//              family implementation at http://cr.yp.to/chacha.html.
+//              Based on Wei Dai's Salsa20, Botan's SSE2 implementation,
+//              and Bernstein's reference ChaCha family implementation at
+//              http://cr.yp.to/chacha.html.
 
 #include "pch.h"
 #include "config.h"
@@ -9,144 +10,559 @@
 #include "misc.h"
 #include "cpu.h"
 
+// Internal compiler error in GCC 3.3 and below
+#if defined(__GNUC__) && (__GNUC__ < 4)
+# undef CRYPTOPP_SSE2_INTRIN_AVAILABLE
+#endif
+
 NAMESPACE_BEGIN(CryptoPP)
 
+#if (CRYPTOPP_ARM_NEON_AVAILABLE)
+extern void ChaCha_OperateKeystream_NEON(const word32 *state, const byte* input, byte *output, unsigned int rounds);
+#endif
+
+#if (CRYPTOPP_AVX2_AVAILABLE)
+extern void ChaCha_OperateKeystream_AVX2(const word32 *state, const byte* input, byte *output, unsigned int rounds);
+#endif
+#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE)
+extern void ChaCha_OperateKeystream_SSE2(const word32 *state, const byte* input, byte *output, unsigned int rounds);
+#endif
+
+#if (CRYPTOPP_ALTIVEC_AVAILABLE)
+extern void ChaCha_OperateKeystream_ALTIVEC(const word32 *state, const byte* input, byte *output, unsigned int rounds);
+#endif
+
+#if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
+void ChaCha_TestInstantiations()
+{
+    ChaCha::Encryption x;
+    ChaChaTLS::Encryption y;
+    XChaCha20::Encryption z;
+}
+#endif
+
+NAMESPACE_END  // CryptoPP
+
+////////////////////////////// ChaCha Core //////////////////////////////
+
 #define CHACHA_QUARTER_ROUND(a,b,c,d) \
     a += b; d ^= a; d = rotlConstant<16,word32>(d); \
     c += d; b ^= c; b = rotlConstant<12,word32>(b); \
     a += b; d ^= a; d = rotlConstant<8,word32>(d); \
     c += d; b ^= c; b = rotlConstant<7,word32>(b);
 
-#if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
-void ChaCha_TestInstantiations()
+#define CHACHA_OUTPUT(x){\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 0, x0 + state[0]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 1, x1 + state[1]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 2, x2 + state[2]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 3, x3 + state[3]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 4, x4 + state[4]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 5, x5 + state[5]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 6, x6 + state[6]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 7, x7 + state[7]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 8, x8 + state[8]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 9, x9 + state[9]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 10, x10 + state[10]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 11, x11 + state[11]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 12, x12 + state[12]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 13, x13 + state[13]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 14, x14 + state[14]);\
+    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 15, x15 + state[15]);}
+
+ANONYMOUS_NAMESPACE_BEGIN
+
+// Hacks... Bring in all symbols, and supply
+// the stuff the templates normally provide.
+using namespace CryptoPP;
+typedef word32 WordType;
+enum {BYTES_PER_ITERATION=64};
+
+// MultiBlockSafe detects a condition that can arise in the SIMD
+// implementations where we overflow one of the 32-bit state words during
+// addition in an intermediate result. Preconditions for the issue include
+// a user seeks to around 2^32 blocks (256 GB of data) for ChaCha; or a
+// user specifies an arbitrarily large initial counter block for ChaChaTLS.
+// Also see https://github.com/weidai11/cryptopp/issues/732.
+inline bool MultiBlockSafe(unsigned int ctrLow, unsigned int blocks)
 {
-	 ChaCha8::Encryption x1;
-	ChaCha12::Encryption x2;
-	ChaCha20::Encryption x3;
+    return 0xffffffff - ctrLow > blocks;
 }
+
+// OperateKeystream always produces a key stream. The key stream is written
+// to output. Optionally a message may be supplied to xor with the key stream.
+// The message is input, and output = output ^ input.
+void ChaCha_OperateKeystream(KeystreamOperation operation,
+        word32 state[16], word32& ctrLow, word32& ctrHigh, word32 rounds,
+        byte *output, const byte *input, size_t iterationCount)
+{
+    do
+    {
+#if (CRYPTOPP_AVX2_AVAILABLE)
+        if (HasAVX2())
+        {
+            while (iterationCount >= 8 && MultiBlockSafe(state[12], 8))
+            {
+                const bool xorInput = (operation & EnumToInt(INPUT_NULL)) != EnumToInt(INPUT_NULL);
+                ChaCha_OperateKeystream_AVX2(state, xorInput ? input : NULLPTR, output, rounds);
+
+                // MultiBlockSafe avoids overflow on the counter words
+                state[12] += 8;
+
+                input += (!!xorInput) * 8 * BYTES_PER_ITERATION;
+                output += 8 * BYTES_PER_ITERATION;
+                iterationCount -= 8;
+            }
+        }
 #endif
 
-template <unsigned int R>
-void ChaCha_Policy<R>::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)
-{
-	CRYPTOPP_UNUSED(params);
-	CRYPTOPP_ASSERT(length == 16 || length == 32);
+#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE)
+        if (HasSSE2())
+        {
+            while (iterationCount >= 4 && MultiBlockSafe(state[12], 4))
+            {
+                const bool xorInput = (operation & EnumToInt(INPUT_NULL)) != EnumToInt(INPUT_NULL);
+                ChaCha_OperateKeystream_SSE2(state, xorInput ? input : NULLPTR, output, rounds);
 
-	// "expand 16-byte k" or "expand 32-byte k"
-	m_state[0] = 0x61707865;
-	m_state[1] = (length == 16) ? 0x3120646e : 0x3320646e;
-	m_state[2] = (length == 16) ? 0x79622d36 : 0x79622d32;
-	m_state[3] = 0x6b206574;
+                // MultiBlockSafe avoids overflow on the counter words
+                state[12] += 4;
 
-	GetBlock<word32, LittleEndian> get1(key);
-	get1(m_state[4])(m_state[5])(m_state[6])(m_state[7]);
-
-	GetBlock<word32, LittleEndian> get2(key + ((length == 32) ? 16 : 0));
-	get2(m_state[8])(m_state[9])(m_state[10])(m_state[11]);
-}
-
-template <unsigned int R>
-void ChaCha_Policy<R>::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length)
-{
-	CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
-	CRYPTOPP_ASSERT(length==8);
-
-	GetBlock<word32, LittleEndian> get(IV);
-	m_state[12] = m_state[13] = 0;
-	get(m_state[14])(m_state[15]);
-}
-
-template<unsigned int R>
-void ChaCha_Policy<R>::SeekToIteration(lword iterationCount)
-{
-	CRYPTOPP_UNUSED(iterationCount);
-	throw NotImplemented(std::string(ChaCha_Info<R>::StaticAlgorithmName()) + ":  SeekToIteration is not yet implemented");
-
-	// TODO: these were Salsa20, and Wei re-arranged the state array for SSE2 operations.
-	// If we can generate some out-of-band test vectors, then test and implement. Also
-	//  see the test vectors in salsa.txt and the use of Seek test argument.
-	// m_state[8] = (word32)iterationCount;
-	// m_state[5] = (word32)SafeRightShift<32>(iterationCount);
-}
-
-template<unsigned int R>
-unsigned int ChaCha_Policy<R>::GetAlignment() const
-{
-#if CRYPTOPP_SSE2_ASM_AVAILABLE && 0
-	if (HasSSE2())
-		return 16;
-	else
-#endif
-		return GetAlignmentOf<word32>();
-}
-
-template<unsigned int R>
-unsigned int ChaCha_Policy<R>::GetOptimalBlockSize() const
-{
-#if CRYPTOPP_SSE2_ASM_AVAILABLE && 0
-	if (HasSSE2())
-		return 4*BYTES_PER_ITERATION;
-	else
-#endif
-		return BYTES_PER_ITERATION;
-}
-
-template<unsigned int R>
-void ChaCha_Policy<R>::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)
-{
-	word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
-
-	while (iterationCount--)
-	{
-		x0 = m_state[0];	x1 = m_state[1];	x2 = m_state[2];	x3 = m_state[3];
-		x4 = m_state[4];	x5 = m_state[5];	x6 = m_state[6];	x7 = m_state[7];
-		x8 = m_state[8];	x9 = m_state[9];	x10 = m_state[10];	x11 = m_state[11];
-		x12 = m_state[12];	x13 = m_state[13];	x14 = m_state[14];	x15 = m_state[15];
-
-		for (int i = static_cast<int>(ROUNDS); i > 0; i -= 2)
-		{
-			CHACHA_QUARTER_ROUND(x0, x4,  x8, x12);
-			CHACHA_QUARTER_ROUND(x1, x5,  x9, x13);
-			CHACHA_QUARTER_ROUND(x2, x6, x10, x14);
-			CHACHA_QUARTER_ROUND(x3, x7, x11, x15);
-
-			CHACHA_QUARTER_ROUND(x0, x5, x10, x15);
-			CHACHA_QUARTER_ROUND(x1, x6, x11, x12);
-			CHACHA_QUARTER_ROUND(x2, x7,  x8, x13);
-			CHACHA_QUARTER_ROUND(x3, x4,  x9, x14);
-		}
-
-		#undef CHACHA_OUTPUT
-		#define CHACHA_OUTPUT(x){\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 0, x0 + m_state[0]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 1, x1 + m_state[1]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 2, x2 + m_state[2]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 3, x3 + m_state[3]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 4, x4 + m_state[4]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 5, x5 + m_state[5]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 6, x6 + m_state[6]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 7, x7 + m_state[7]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 8, x8 + m_state[8]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 9, x9 + m_state[9]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 10, x10 + m_state[10]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 11, x11 + m_state[11]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 12, x12 + m_state[12]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 13, x13 + m_state[13]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 14, x14 + m_state[14]);\
-			CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 15, x15 + m_state[15]);}
-
-#ifndef CRYPTOPP_DOXYGEN_PROCESSING
-		CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(CHACHA_OUTPUT, BYTES_PER_ITERATION);
+                input += (!!xorInput)*4*BYTES_PER_ITERATION;
+                output += 4*BYTES_PER_ITERATION;
+                iterationCount -= 4;
+            }
+        }
 #endif
 
-		++m_state[12];
-		m_state[13] += static_cast<word32>(m_state[12] == 0);
-	}
+#if (CRYPTOPP_ARM_NEON_AVAILABLE)
+        if (HasNEON())
+        {
+            while (iterationCount >= 4 && MultiBlockSafe(state[12], 4))
+            {
+                const bool xorInput = (operation & EnumToInt(INPUT_NULL)) != EnumToInt(INPUT_NULL);
+                ChaCha_OperateKeystream_NEON(state, xorInput ? input : NULLPTR, output, rounds);
+
+                // MultiBlockSafe avoids overflow on the counter words
+                state[12] += 4;
+
+                input += (!!xorInput)*4*BYTES_PER_ITERATION;
+                output += 4*BYTES_PER_ITERATION;
+                iterationCount -= 4;
+            }
+        }
+#endif
+
+#if (CRYPTOPP_ALTIVEC_AVAILABLE)
+        if (HasAltivec())
+        {
+            while (iterationCount >= 4 && MultiBlockSafe(state[12], 4))
+            {
+                const bool xorInput = (operation & EnumToInt(INPUT_NULL)) != EnumToInt(INPUT_NULL);
+                ChaCha_OperateKeystream_ALTIVEC(state, xorInput ? input : NULLPTR, output, rounds);
+
+                // MultiBlockSafe avoids overflow on the counter words
+                state[12] += 4;
+
+                input += (!!xorInput)*4*BYTES_PER_ITERATION;
+                output += 4*BYTES_PER_ITERATION;
+                iterationCount -= 4;
+            }
+        }
+#endif
+
+        if (iterationCount)
+        {
+            word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+
+            x0 = state[0];    x1 = state[1];    x2 = state[2];    x3 = state[3];
+            x4 = state[4];    x5 = state[5];    x6 = state[6];    x7 = state[7];
+            x8 = state[8];    x9 = state[9];    x10 = state[10];  x11 = state[11];
+            x12 = state[12];  x13 = state[13];  x14 = state[14];  x15 = state[15];
+
+            for (int i = static_cast<int>(rounds); i > 0; i -= 2)
+            {
+                CHACHA_QUARTER_ROUND(x0, x4,  x8, x12);
+                CHACHA_QUARTER_ROUND(x1, x5,  x9, x13);
+                CHACHA_QUARTER_ROUND(x2, x6, x10, x14);
+                CHACHA_QUARTER_ROUND(x3, x7, x11, x15);
+
+                CHACHA_QUARTER_ROUND(x0, x5, x10, x15);
+                CHACHA_QUARTER_ROUND(x1, x6, x11, x12);
+                CHACHA_QUARTER_ROUND(x2, x7,  x8, x13);
+                CHACHA_QUARTER_ROUND(x3, x4,  x9, x14);
+            }
+
+            CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(CHACHA_OUTPUT, BYTES_PER_ITERATION);
+
+            // This is state[12] and state[13] from ChaCha. In the case of
+            // ChaChaTLS ctrHigh is a reference to a discard value.
+            if (++ctrLow == 0)
+                ctrHigh++;
+        }
+
+    // We may re-enter a SIMD keystream operation from here.
+    } while (iterationCount--);
 }
 
-template class ChaCha_Policy<8>;
-template class ChaCha_Policy<12>;
-template class ChaCha_Policy<20>;
+// XChaCha key derivation
+void HChaCha_OperateKeystream(const word32 state[16], word32 output[8])
+{
+    word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+
+    x0 = state[0];    x1 = state[1];    x2 = state[2];    x3 = state[3];
+    x4 = state[4];    x5 = state[5];    x6 = state[6];    x7 = state[7];
+    x8 = state[8];    x9 = state[9];    x10 = state[10];  x11 = state[11];
+    x12 = state[12];  x13 = state[13];  x14 = state[14];  x15 = state[15];
+
+    for (int i = 20; i > 0; i -= 2)
+    {
+        CHACHA_QUARTER_ROUND(x0, x4,  x8, x12);
+        CHACHA_QUARTER_ROUND(x1, x5,  x9, x13);
+        CHACHA_QUARTER_ROUND(x2, x6, x10, x14);
+        CHACHA_QUARTER_ROUND(x3, x7, x11, x15);
+
+        CHACHA_QUARTER_ROUND(x0, x5, x10, x15);
+        CHACHA_QUARTER_ROUND(x1, x6, x11, x12);
+        CHACHA_QUARTER_ROUND(x2, x7,  x8, x13);
+        CHACHA_QUARTER_ROUND(x3, x4,  x9, x14);
+    }
+
+    output[0] =  x0; output[1] =  x1;
+    output[2] =  x2; output[3] =  x3;
+    output[4] = x12; output[5] = x13;
+    output[6] = x14; output[7] = x15;
+}
+
+std::string ChaCha_AlgorithmProvider()
+{
+#if (CRYPTOPP_AVX2_AVAILABLE)
+    if (HasAVX2())
+        return "AVX2";
+    else
+#endif
+#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE)
+    if (HasSSE2())
+        return "SSE2";
+    else
+#endif
+#if (CRYPTOPP_ARM_NEON_AVAILABLE)
+    if (HasNEON())
+        return "NEON";
+    else
+#endif
+#if (CRYPTOPP_ALTIVEC_AVAILABLE)
+    if (HasAltivec())
+        return "Altivec";
+    else
+#endif
+    return "C++";
+}
+
+unsigned int ChaCha_GetAlignment()
+{
+#if (CRYPTOPP_AVX2_AVAILABLE)
+    if (HasAVX2())
+        return 16;
+    else
+#endif
+#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE)
+    if (HasSSE2())
+        return 16;
+    else
+#endif
+#if (CRYPTOPP_ALTIVEC_AVAILABLE)
+    if (HasAltivec())
+        return 16;
+    else
+#endif
+        return GetAlignmentOf<word32>();
+}
+
+unsigned int ChaCha_GetOptimalBlockSize()
+{
+#if (CRYPTOPP_AVX2_AVAILABLE)
+    if (HasAVX2())
+        return 8 * BYTES_PER_ITERATION;
+    else
+#endif
+#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE)
+    if (HasSSE2())
+        return 4*BYTES_PER_ITERATION;
+    else
+#endif
+#if (CRYPTOPP_ARM_NEON_AVAILABLE)
+    if (HasNEON())
+        return 4*BYTES_PER_ITERATION;
+    else
+#endif
+#if (CRYPTOPP_ALTIVEC_AVAILABLE)
+    if (HasAltivec())
+        return 4*BYTES_PER_ITERATION;
+    else
+#endif
+        return BYTES_PER_ITERATION;
+}
+
+ANONYMOUS_NAMESPACE_END
+
+NAMESPACE_BEGIN(CryptoPP)
+
+////////////////////////////// Bernstein ChaCha //////////////////////////////
+
+std::string ChaCha_Policy::AlgorithmName() const
+{
+    return std::string("ChaCha")+IntToString(m_rounds);
+}
+
+std::string ChaCha_Policy::AlgorithmProvider() const
+{
+    return ChaCha_AlgorithmProvider();
+}
+
+void ChaCha_Policy::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)
+{
+    CRYPTOPP_ASSERT(key); CRYPTOPP_ASSERT(length == 16 || length == 32);
+    CRYPTOPP_UNUSED(key); CRYPTOPP_UNUSED(length);
+
+    // Use previous rounds as the default value
+    int rounds = params.GetIntValueWithDefault(Name::Rounds(), m_rounds);
+    if (rounds != 20 && rounds != 12 && rounds != 8)
+        throw InvalidRounds(ChaCha::StaticAlgorithmName(), rounds);
+
+    // Latch a good value
+    m_rounds = rounds;
+
+    // "expand 16-byte k" or "expand 32-byte k"
+    m_state[0] = 0x61707865;
+    m_state[1] = (length == 16) ? 0x3120646e : 0x3320646e;
+    m_state[2] = (length == 16) ? 0x79622d36 : 0x79622d32;
+    m_state[3] = 0x6b206574;
+
+    GetBlock<word32, LittleEndian> get1(key);
+    get1(m_state[4])(m_state[5])(m_state[6])(m_state[7]);
+
+    GetBlock<word32, LittleEndian> get2(key + ((length == 32) ? 16 : 0));
+    get2(m_state[8])(m_state[9])(m_state[10])(m_state[11]);
+}
+
+void ChaCha_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length)
+{
+    CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
+    CRYPTOPP_ASSERT(length==8); CRYPTOPP_UNUSED(length);
+
+    GetBlock<word32, LittleEndian> get(IV);
+    m_state[12] = m_state[13] = 0;
+    get(m_state[14])(m_state[15]);
+}
+
+void ChaCha_Policy::SeekToIteration(lword iterationCount)
+{
+    m_state[12] = (word32)iterationCount;  // low word
+    m_state[13] = (word32)SafeRightShift<32>(iterationCount);
+}
+
+unsigned int ChaCha_Policy::GetAlignment() const
+{
+    return ChaCha_GetAlignment();
+}
+
+unsigned int ChaCha_Policy::GetOptimalBlockSize() const
+{
+    return ChaCha_GetOptimalBlockSize();
+}
+
+void ChaCha_Policy::OperateKeystream(KeystreamOperation operation,
+        byte *output, const byte *input, size_t iterationCount)
+{
+    ChaCha_OperateKeystream(operation, m_state, m_state[12], m_state[13],
+        m_rounds, output, input, iterationCount);
+}
+
+////////////////////////////// IETF ChaChaTLS //////////////////////////////
+
+std::string ChaChaTLS_Policy::AlgorithmName() const
+{
+    return std::string("ChaChaTLS");
+}
+
+std::string ChaChaTLS_Policy::AlgorithmProvider() const
+{
+    return ChaCha_AlgorithmProvider();
+}
+
+void ChaChaTLS_Policy::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)
+{
+    CRYPTOPP_ASSERT(key); CRYPTOPP_ASSERT(length == 32);
+    CRYPTOPP_UNUSED(length);
+
+    // ChaChaTLS is always 20 rounds. Fetch Rounds() to avoid a spurious failure.
+    int rounds = params.GetIntValueWithDefault(Name::Rounds(), ROUNDS);
+    if (rounds != 20)
+        throw InvalidRounds(ChaChaTLS::StaticAlgorithmName(), rounds);
+
+    // RFC 8439 test vectors use an initial block counter. However, the counter
+    // can be an arbitrary value per RFC 8439 Section 2.4. We stash the counter
+    // away in state[16] and use it for a Resynchronize() operation. I think
+    // the initial counter is used more like a Tweak when non-0, and it should
+    // be provided in Resynchronize() (light-weight re-keying). However,
+    // Resynchronize() does not have an overload that allows us to pass it into
+    // the function, so we have to use the heavier-weight SetKey to change it.
+    word64 block;
+    if (params.GetValue("InitialBlock", block))
+        m_counter = static_cast<word32>(block);
+    else
+        m_counter = 0;
+
+    // State words are defined in RFC 8439, Section 2.3. Key is 32-bytes.
+    GetBlock<word32, LittleEndian> get(key);
+    get(m_state[KEY+0])(m_state[KEY+1])(m_state[KEY+2])(m_state[KEY+3])
+        (m_state[KEY+4])(m_state[KEY+5])(m_state[KEY+6])(m_state[KEY+7]);
+}
+
+void ChaChaTLS_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length)
+{
+    CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
+    CRYPTOPP_ASSERT(length==12);
+
+    // State words are defined in RFC 8439, Section 2.3.
+    m_state[0] = 0x61707865; m_state[1] = 0x3320646e;
+    m_state[2] = 0x79622d32; m_state[3] = 0x6b206574;
+
+    // Copy saved key into state
+    std::memcpy(m_state+4, m_state+KEY, 8*sizeof(word32));
+
+    // State words are defined in RFC 8439, Section 2.3
+    GetBlock<word32, LittleEndian> get(IV);
+    m_state[12] = m_counter;
+    get(m_state[13])(m_state[14])(m_state[15]);
+}
+
+void ChaChaTLS_Policy::SeekToIteration(lword iterationCount)
+{
+    // Should we throw here??? If the initial block counter is
+    // large then we can wrap and process more data as long as
+    // data processed in the security context does not exceed
+    // 2^32 blocks or approximately 256 GB of data.
+    CRYPTOPP_ASSERT(iterationCount <= std::numeric_limits<word32>::max());
+    m_state[12] = (word32)iterationCount;  // low word
+}
+
+unsigned int ChaChaTLS_Policy::GetAlignment() const
+{
+    return ChaCha_GetAlignment();
+}
+
+unsigned int ChaChaTLS_Policy::GetOptimalBlockSize() const
+{
+    return ChaCha_GetOptimalBlockSize();
+}
+
+void ChaChaTLS_Policy::OperateKeystream(KeystreamOperation operation,
+        byte *output, const byte *input, size_t iterationCount)
+{
+    word32 discard=0;
+    ChaCha_OperateKeystream(operation, m_state, m_state[12], discard,
+            ROUNDS, output, input, iterationCount);
+
+    // If this fires it means ChaCha_OperateKeystream generated a counter
+    // block carry that was discarded. The problem is, the RFC does not
+    // specify what should happen when the counter block wraps. All we can
+    // do is inform the user that something bad may happen because we don't
+    // know what we should do.
+    // Also see https://github.com/weidai11/cryptopp/issues/790 and
+    // https://mailarchive.ietf.org/arch/msg/cfrg/gsOnTJzcbgG6OqD8Sc0GO5aR_tU
+    // CRYPTOPP_ASSERT(discard==0);
+}
+
+////////////////////////////// IETF XChaCha20 //////////////////////////////
+
+std::string XChaCha20_Policy::AlgorithmName() const
+{
+    return std::string("XChaCha20");
+}
+
+std::string XChaCha20_Policy::AlgorithmProvider() const
+{
+    return ChaCha_AlgorithmProvider();
+}
+
+void XChaCha20_Policy::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)
+{
+    CRYPTOPP_ASSERT(key); CRYPTOPP_ASSERT(length == 32);
+    CRYPTOPP_UNUSED(length);
+
+    // Use previous rounds as the default value
+    int rounds = params.GetIntValueWithDefault(Name::Rounds(), m_rounds);
+    if (rounds != 20 && rounds != 12)
+        throw InvalidRounds(ChaCha::StaticAlgorithmName(), rounds);
+
+    // Latch a good value
+    m_rounds = rounds;
+
+    word64 block;
+    if (params.GetValue("InitialBlock", block))
+        m_counter = static_cast<word32>(block);
+    else
+        m_counter = 1;
+
+    // Stash key away for use in CipherResynchronize
+    GetBlock<word32, LittleEndian> get(key);
+    get(m_state[KEY+0])(m_state[KEY+1])(m_state[KEY+2])(m_state[KEY+3])
+        (m_state[KEY+4])(m_state[KEY+5])(m_state[KEY+6])(m_state[KEY+7]);
+}
+
+void XChaCha20_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
+{
+    CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
+    CRYPTOPP_ASSERT(length==24);
+
+    // HChaCha derivation
+    m_state[0] = 0x61707865; m_state[1] = 0x3320646e;
+    m_state[2] = 0x79622d32; m_state[3] = 0x6b206574;
+
+    // Copy saved key into state
+    std::memcpy(m_state+4, m_state+KEY, 8*sizeof(word32));
+
+    GetBlock<word32, LittleEndian> get(iv);
+    get(m_state[12])(m_state[13])(m_state[14])(m_state[15]);
+
+    // Operate the keystream without adding state back in.
+    // This function also gathers the key words into a
+    // contiguous 8-word block.
+    HChaCha_OperateKeystream(m_state, m_state+4);
+
+    // XChaCha state
+    m_state[0] = 0x61707865; m_state[1] = 0x3320646e;
+    m_state[2] = 0x79622d32; m_state[3] = 0x6b206574;
+
+    // Setup new IV
+    m_state[12] = m_counter;
+    m_state[13] = 0;
+    m_state[14] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, iv+16);
+    m_state[15] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, iv+20);
+}
+
+void XChaCha20_Policy::SeekToIteration(lword iterationCount)
+{
+    // Should we throw here??? XChaCha does not have a block
+    // counter, so I'm not sure how to seek on it.
+    CRYPTOPP_ASSERT(0); CRYPTOPP_UNUSED(iterationCount);
+}
+
+unsigned int XChaCha20_Policy::GetAlignment() const
+{
+    return ChaCha_GetAlignment();
+}
+
+unsigned int XChaCha20_Policy::GetOptimalBlockSize() const
+{
+    return ChaCha_GetOptimalBlockSize();
+}
+
+void XChaCha20_Policy::OperateKeystream(KeystreamOperation operation,
+        byte *output, const byte *input, size_t iterationCount)
+{
+    ChaCha_OperateKeystream(operation, m_state, m_state[12], m_state[13],
+            m_rounds, output, input, iterationCount);
+}
 
 NAMESPACE_END
-

Common/3dParty/cryptopp/chacha.h

@@ -1,14 +1,30 @@
 // chacha.h - written and placed in the public domain by Jeffrey Walton.
-//            Based on Wei Dai's Salsa20 and Bernstein's reference ChaCha
-//            family implementation at http://cr.yp.to/chacha.html.
+//            Based on Wei Dai's Salsa20, Botan's SSE2 implementation,
+//            and Bernstein's reference ChaCha family implementation at
+//            http://cr.yp.to/chacha.html.
+
+// The library added Bernstein's ChaCha classes at Crypto++ 5.6.4. The IETF
+// uses a slightly different implementation than Bernstein, and the IETF
+// ChaCha and XChaCha classes were added at Crypto++ 8.1. We wanted to maintain
+// ABI compatibility at the 8.1 release so the original ChaCha classes were not
+// disturbed. Instead new classes were added for IETF ChaCha. The back-end
+// implementation shares code as expected, however.
 
 /// \file chacha.h
 /// \brief Classes for ChaCha8, ChaCha12 and ChaCha20 stream ciphers
-/// \details Crypto++ provides Bernstein and ECRYPT's ChaCha from <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha,
-///   a variant of Salsa20</a> (2008.01.28). Bernstein's implementation is _slightly_ different from the TLS working group's
-///   implementation for cipher suites <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
-///   <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>.
-/// \since Crypto++ 5.6.4
+/// \details Crypto++ provides Bernstein and ECRYPT's ChaCha from <a
+///  href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha, a
+///  variant of Salsa20</a> (2008.01.28). Crypto++ also provides the
+///  IETF implementation of ChaCha using the ChaChaTLS name. Bernstein's
+///  implementation is _slightly_ different from the TLS working group's
+///  implementation for cipher suites
+///  <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
+///  <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
+///  and <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>. Finally,
+///  the library provides <a
+///  href="https://tools.ietf.org/html/draft-arciszewski-xchacha">XChaCha:
+///  eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305 (rev. 03)</a>.
+/// \since ChaCha since Crypto++ 5.6.4, ChaChaTLS and XChaCha20 since Crypto++ 8.1
 
 #ifndef CRYPTOPP_CHACHA_H
 #define CRYPTOPP_CHACHA_H
@@ -18,66 +34,188 @@
 
 NAMESPACE_BEGIN(CryptoPP)
 
+////////////////////////////// Bernstein ChaCha //////////////////////////////
+
 /// \brief ChaCha stream cipher information
 /// \since Crypto++ 5.6.4
-template <unsigned int R>
-struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>, public FixedRounds<R>
+struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>
 {
-	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {
-		return (R==8?"ChaCha8":(R==12?"ChaCha12":(R==20?"ChaCha20":"ChaCha")));
-	}
+    /// \brief The algorithm name
+    /// \return the algorithm name
+    /// \details StaticAlgorithmName returns the algorithm's name as a static
+    ///  member function.
+    /// \details Bernstein named the cipher variants ChaCha8, ChaCha12 and
+    ///  ChaCha20. More generally, Bernstein called the family ChaCha{r}.
+    ///  AlgorithmName() provides the exact name once rounds are set.
+    static const char* StaticAlgorithmName() {
+        return "ChaCha";
+    }
 };
 
 /// \brief ChaCha stream cipher implementation
 /// \since Crypto++ 5.6.4
-template <unsigned int R>
 class CRYPTOPP_NO_VTABLE ChaCha_Policy : public AdditiveCipherConcretePolicy<word32, 16>
 {
+public:
+    virtual ~ChaCha_Policy() {}
+    ChaCha_Policy() : m_rounds(ROUNDS) {}
+
 protected:
-	CRYPTOPP_CONSTANT(ROUNDS=FixedRounds<R>::ROUNDS)
+    void CipherSetKey(const NameValuePairs &params, const byte *key, size_t length);
+    void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount);
+    void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length);
+    bool CipherIsRandomAccess() const {return true;}
+    void SeekToIteration(lword iterationCount);
+    unsigned int GetAlignment() const;
+    unsigned int GetOptimalBlockSize() const;
 
-	void CipherSetKey(const NameValuePairs &params, const byte *key, size_t length);
-	void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount);
-	void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length);
-	bool CipherIsRandomAccess() const {return false;} // TODO
-	void SeekToIteration(lword iterationCount);
-	unsigned int GetAlignment() const;
-	unsigned int GetOptimalBlockSize() const;
+    std::string AlgorithmName() const;
+    std::string AlgorithmProvider() const;
 
-	FixedSizeAlignedSecBlock<word32, 16> m_state;
+    CRYPTOPP_CONSTANT(ROUNDS = 20);  // Default rounds
+    FixedSizeAlignedSecBlock<word32, 16> m_state;
+    unsigned int m_rounds;
 };
 
-/// \brief ChaCha8 stream cipher
-/// \sa <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28).
+/// \brief ChaCha stream cipher
+/// \details This is Bernstein and ECRYPT's ChaCha. It is _slightly_ different
+///  from the IETF's version of ChaCha called ChaChaTLS.
+/// \sa <a href="http://cr.yp.to/chacha/chacha-20080208.pdf">ChaCha, a variant
+///  of Salsa20</a> (2008.01.28).
 /// \since Crypto++ 5.6.4
-struct ChaCha8 : public ChaCha_Info<8>, public SymmetricCipherDocumentation
+struct ChaCha : public ChaCha_Info, public SymmetricCipherDocumentation
 {
-	typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy<8>, AdditiveCipherTemplate<> >, ChaCha_Info<8> > Encryption;
-	typedef Encryption Decryption;
+    /// \brief ChaCha Encryption
+    typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy, AdditiveCipherTemplate<> >, ChaCha_Info > Encryption;
+    /// \brief ChaCha Decryption
+    typedef Encryption Decryption;
 };
 
-/// \brief ChaCha12 stream cipher
-/// \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working group's implementation for
-///   cipher suites <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
-///   <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>.
-/// \sa <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28).
-/// \since Crypto++ 5.6.4
-struct ChaCha12 : public ChaCha_Info<12>, public SymmetricCipherDocumentation
+////////////////////////////// IETF ChaChaTLS //////////////////////////////
+
+/// \brief IETF ChaCha20 stream cipher information
+/// \since Crypto++ 8.1
+struct ChaChaTLS_Info : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 12>, FixedRounds<20>
 {
-	typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy<12>, AdditiveCipherTemplate<> >, ChaCha_Info<12> > Encryption;
-	typedef Encryption Decryption;
+    /// \brief The algorithm name
+    /// \return the algorithm name
+    /// \details StaticAlgorithmName returns the algorithm's name as a static
+    ///  member function.
+    /// \details This is the IETF's variant of Bernstein's ChaCha from RFC
+    ///  8439. IETF ChaCha is called ChaChaTLS in the Crypto++ library. It
+    ///  is _slightly_ different from Bernstein's implementation.
+    static const char* StaticAlgorithmName() {
+        return "ChaChaTLS";
+    }
 };
 
-/// \brief ChaCha20 stream cipher
-/// \sa <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28).
-/// \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working group's implementation for
-///   cipher suites <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
-///   <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>.
-/// \since Crypto++ 5.6.4
-struct ChaCha20 : public ChaCha_Info<20>, public SymmetricCipherDocumentation
+/// \brief IETF ChaCha20 stream cipher implementation
+/// \since Crypto++ 8.1
+class CRYPTOPP_NO_VTABLE ChaChaTLS_Policy : public AdditiveCipherConcretePolicy<word32, 16>
 {
-	typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy<20>, AdditiveCipherTemplate<> >, ChaCha_Info<20> > Encryption;
-	typedef Encryption Decryption;
+public:
+    virtual ~ChaChaTLS_Policy() {}
+    ChaChaTLS_Policy() : m_counter(0) {}
+
+protected:
+    void CipherSetKey(const NameValuePairs &params, const byte *key, size_t length);
+    void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount);
+    void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length);
+    bool CipherIsRandomAccess() const {return true;}
+    void SeekToIteration(lword iterationCount);
+    unsigned int GetAlignment() const;
+    unsigned int GetOptimalBlockSize() const;
+
+    std::string AlgorithmName() const;
+    std::string AlgorithmProvider() const;
+
+    FixedSizeAlignedSecBlock<word32, 16+8> m_state;
+    unsigned int m_counter;
+    CRYPTOPP_CONSTANT(ROUNDS = ChaChaTLS_Info::ROUNDS);
+    CRYPTOPP_CONSTANT(KEY = 16);  // Index into m_state
+    CRYPTOPP_CONSTANT(CTR = 24);  // Index into m_state
+};
+
+/// \brief IETF ChaCha20 stream cipher
+/// \details This is the IETF's variant of Bernstein's ChaCha from RFC 8439.
+///  IETF ChaCha is called ChaChaTLS in the Crypto++ library. It is
+///  _slightly_ different from the Bernstein implementation. ChaCha-TLS
+///  can be used for cipher suites
+///  <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
+///  <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and
+///  <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>.
+/// \sa <a href="https://tools.ietf.org/html/rfc8439">RFC 8439, ChaCha20 and
+///  Poly1305 for IETF Protocols</a>, <A
+///  HREF="https://mailarchive.ietf.org/arch/msg/cfrg/gsOnTJzcbgG6OqD8Sc0GO5aR_tU">How
+///  to handle block counter wrap in IETF's ChaCha algorithm?</A> and
+///  <A HREF="https://github.com/weidai11/cryptopp/issues/790">Issue
+///  790, ChaChaTLS results when counter block wraps</A>.
+/// \since Crypto++ 8.1
+struct ChaChaTLS : public ChaChaTLS_Info, public SymmetricCipherDocumentation
+{
+    /// \brief ChaCha-TLS Encryption
+    typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaChaTLS_Policy, AdditiveCipherTemplate<> >, ChaChaTLS_Info > Encryption;
+    /// \brief ChaCha-TLS Decryption
+    typedef Encryption Decryption;
+};
+
+////////////////////////////// IETF XChaCha20 draft //////////////////////////////
+
+/// \brief IETF XChaCha20 stream cipher information
+/// \since Crypto++ 8.1
+struct XChaCha20_Info : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 24>
+{
+    /// \brief The algorithm name
+    /// \return the algorithm name
+    /// \details StaticAlgorithmName returns the algorithm's name as a static
+    ///  member function.
+    /// \details This is the IETF's XChaCha from draft-arciszewski-xchacha.
+    static const char* StaticAlgorithmName() {
+        return "XChaCha20";
+    }
+};
+
+/// \brief IETF XChaCha20 stream cipher implementation
+/// \since Crypto++ 8.1
+class CRYPTOPP_NO_VTABLE XChaCha20_Policy : public AdditiveCipherConcretePolicy<word32, 16>
+{
+public:
+    virtual ~XChaCha20_Policy() {}
+    XChaCha20_Policy() : m_counter(0), m_rounds(ROUNDS) {}
+
+protected:
+    void CipherSetKey(const NameValuePairs &params, const byte *key, size_t length);
+    void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount);
+    void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length);
+    bool CipherIsRandomAccess() const {return false;}
+    void SeekToIteration(lword iterationCount);
+    unsigned int GetAlignment() const;
+    unsigned int GetOptimalBlockSize() const;
+
+    std::string AlgorithmName() const;
+    std::string AlgorithmProvider() const;
+
+    FixedSizeAlignedSecBlock<word32, 16+8> m_state;
+    unsigned int m_counter, m_rounds;
+    CRYPTOPP_CONSTANT(ROUNDS = 20);  // Default rounds
+    CRYPTOPP_CONSTANT(KEY = 16);  // Index into m_state
+};
+
+/// \brief IETF XChaCha20 stream cipher
+/// \details This is the IETF's XChaCha from draft-arciszewski-xchacha.
+/// \sa <a href="https://tools.ietf.org/html/draft-arciszewski-xchacha">XChaCha:
+///  eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305 (rev. 03)</a>, <A
+///  HREF="https://mailarchive.ietf.org/arch/msg/cfrg/gsOnTJzcbgG6OqD8Sc0GO5aR_tU">How
+///  to handle block counter wrap in IETF's ChaCha algorithm?</A> and
+///  <A HREF="https://github.com/weidai11/cryptopp/issues/790">Issue
+///  790, ChaCha20 results when counter block wraps</A>.
+/// \since Crypto++ 8.1
+struct XChaCha20 : public XChaCha20_Info, public SymmetricCipherDocumentation
+{
+    /// \brief XChaCha Encryption
+    typedef SymmetricCipherFinal<ConcretePolicyHolder<XChaCha20_Policy, AdditiveCipherTemplate<> >, XChaCha20_Info > Encryption;
+    /// \brief XChaCha Decryption
+    typedef Encryption Decryption;
 };
 
 NAMESPACE_END

Common/3dParty/cryptopp/chacha_avx.cpp

@@ -0,0 +1,421 @@
+// chacha_avx.cpp - written and placed in the public domain by
+//                  Jack Lloyd and Jeffrey Walton
+//
+//    This source file uses intrinsics and built-ins to gain access to
+//    AVX2 instructions. A separate source file is needed because
+//    additional CXXFLAGS are required to enable the appropriate
+//    instructions sets in some build configurations.
+//
+//    AVX2 implementation based on Botan's chacha_avx.cpp. Many thanks
+//    to Jack Lloyd and the Botan team for allowing us to use it.
+//
+//    Here are some relative numbers for ChaCha8:
+//    * Intel Skylake,   3.0 GHz: AVX2 at 4411 MB/s; 0.57 cpb.
+//    * Intel Broadwell, 2.3 GHz: AVX2 at 3828 MB/s; 0.58 cpb.
+//    * AMD Bulldozer,   3.3 GHz: AVX2 at 1680 MB/s; 1.47 cpb.
+
+#include "pch.h"
+#include "config.h"
+
+#include "chacha.h"
+#include "misc.h"
+
+#if defined(CRYPTOPP_AVX2_AVAILABLE)
+# include <xmmintrin.h>
+# include <emmintrin.h>
+# include <immintrin.h>
+#endif
+
+// Squash MS LNK4221 and libtool warnings
+extern const char CHACHA_AVX_FNAME[] = __FILE__;
+
+// Sun Studio 12.4 OK, 12.5 and 12.6 compile error.
+#if (__SUNPRO_CC >= 0x5140) && (__SUNPRO_CC <= 0x5150)
+# define MAYBE_CONST
+#else
+# define MAYBE_CONST const
+#endif
+
+// VS2017 and global optimization bug. Also see
+// https://github.com/weidai11/cryptopp/issues/649 and
+// https://github.com/weidai11/cryptopp/issues/735. The
+// 649 issue affects AES but it is the same here. The 735
+// issue is ChaCha AVX2 cut-in where it surfaced again.
+#if (_MSC_VER >= 1910) && (_MSC_VER <= 1916)
+# ifndef CRYPTOPP_DEBUG
+#  pragma optimize("", off)
+#  pragma optimize("ts", on)
+# endif
+#endif
+
+// The data is aligned, but Clang issues warning based on type
+// and not the actual alignment of the variable and data.
+#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
+# pragma GCC diagnostic ignored "-Wcast-align"
+#endif
+
+ANONYMOUS_NAMESPACE_BEGIN
+
+#if (CRYPTOPP_AVX2_AVAILABLE)
+
+template <unsigned int R>
+inline __m256i RotateLeft(const __m256i val)
+{
+    return _mm256_or_si256(_mm256_slli_epi32(val, R), _mm256_srli_epi32(val, 32-R));
+}
+
+template <>
+inline __m256i RotateLeft<8>(const __m256i val)
+{
+    const __m256i mask = _mm256_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3,
+                                         14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3);
+    return _mm256_shuffle_epi8(val, mask);
+}
+
+template <>
+inline __m256i RotateLeft<16>(const __m256i val)
+{
+    const __m256i mask = _mm256_set_epi8(13,12,15,14, 9,8,11,10, 5,4,7,6, 1,0,3,2,
+                                         13,12,15,14, 9,8,11,10, 5,4,7,6, 1,0,3,2);
+    return _mm256_shuffle_epi8(val, mask);
+}
+
+#endif  // CRYPTOPP_AVX2_AVAILABLE
+
+ANONYMOUS_NAMESPACE_END
+
+NAMESPACE_BEGIN(CryptoPP)
+
+#if (CRYPTOPP_AVX2_AVAILABLE)
+
+void ChaCha_OperateKeystream_AVX2(const word32 *state, const byte* input, byte *output, unsigned int rounds)
+{
+    const __m256i state0 = _mm256_broadcastsi128_si256(
+        _mm_loadu_si128(reinterpret_cast<const __m128i*>(state+0*4)));
+    const __m256i state1 = _mm256_broadcastsi128_si256(
+        _mm_loadu_si128(reinterpret_cast<const __m128i*>(state+1*4)));
+    const __m256i state2 = _mm256_broadcastsi128_si256(
+        _mm_loadu_si128(reinterpret_cast<const __m128i*>(state+2*4)));
+    const __m256i state3 = _mm256_broadcastsi128_si256(
+        _mm_loadu_si128(reinterpret_cast<const __m128i*>(state+3*4)));
+
+    const word32 C = 0xFFFFFFFFu - state[12];
+    const __m256i CTR0 = _mm256_set_epi32(0, 0,     0, 0, 0, 0, C < 4, 4);
+    const __m256i CTR1 = _mm256_set_epi32(0, 0, C < 1, 1, 0, 0, C < 5, 5);
+    const __m256i CTR2 = _mm256_set_epi32(0, 0, C < 2, 2, 0, 0, C < 6, 6);
+    const __m256i CTR3 = _mm256_set_epi32(0, 0, C < 3, 3, 0, 0, C < 7, 7);
+
+    __m256i X0_0 = state0;
+    __m256i X0_1 = state1;
+    __m256i X0_2 = state2;
+    __m256i X0_3 = _mm256_add_epi32(state3, CTR0);
+
+    __m256i X1_0 = state0;
+    __m256i X1_1 = state1;
+    __m256i X1_2 = state2;
+    __m256i X1_3 = _mm256_add_epi32(state3, CTR1);
+
+    __m256i X2_0 = state0;
+    __m256i X2_1 = state1;
+    __m256i X2_2 = state2;
+    __m256i X2_3 = _mm256_add_epi32(state3, CTR2);
+
+    __m256i X3_0 = state0;
+    __m256i X3_1 = state1;
+    __m256i X3_2 = state2;
+    __m256i X3_3 = _mm256_add_epi32(state3, CTR3);
+
+    for (int i = static_cast<int>(rounds); i > 0; i -= 2)
+    {
+        X0_0 = _mm256_add_epi32(X0_0, X0_1);
+        X1_0 = _mm256_add_epi32(X1_0, X1_1);
+        X2_0 = _mm256_add_epi32(X2_0, X2_1);
+        X3_0 = _mm256_add_epi32(X3_0, X3_1);
+
+        X0_3 = _mm256_xor_si256(X0_3, X0_0);
+        X1_3 = _mm256_xor_si256(X1_3, X1_0);
+        X2_3 = _mm256_xor_si256(X2_3, X2_0);
+        X3_3 = _mm256_xor_si256(X3_3, X3_0);
+
+        X0_3 = RotateLeft<16>(X0_3);
+        X1_3 = RotateLeft<16>(X1_3);
+        X2_3 = RotateLeft<16>(X2_3);
+        X3_3 = RotateLeft<16>(X3_3);
+
+        X0_2 = _mm256_add_epi32(X0_2, X0_3);
+        X1_2 = _mm256_add_epi32(X1_2, X1_3);
+        X2_2 = _mm256_add_epi32(X2_2, X2_3);
+        X3_2 = _mm256_add_epi32(X3_2, X3_3);
+
+        X0_1 = _mm256_xor_si256(X0_1, X0_2);
+        X1_1 = _mm256_xor_si256(X1_1, X1_2);
+        X2_1 = _mm256_xor_si256(X2_1, X2_2);
+        X3_1 = _mm256_xor_si256(X3_1, X3_2);
+
+        X0_1 = RotateLeft<12>(X0_1);
+        X1_1 = RotateLeft<12>(X1_1);
+        X2_1 = RotateLeft<12>(X2_1);
+        X3_1 = RotateLeft<12>(X3_1);
+
+        X0_0 = _mm256_add_epi32(X0_0, X0_1);
+        X1_0 = _mm256_add_epi32(X1_0, X1_1);
+        X2_0 = _mm256_add_epi32(X2_0, X2_1);
+        X3_0 = _mm256_add_epi32(X3_0, X3_1);
+
+        X0_3 = _mm256_xor_si256(X0_3, X0_0);
+        X1_3 = _mm256_xor_si256(X1_3, X1_0);
+        X2_3 = _mm256_xor_si256(X2_3, X2_0);
+        X3_3 = _mm256_xor_si256(X3_3, X3_0);
+
+        X0_3 = RotateLeft<8>(X0_3);
+        X1_3 = RotateLeft<8>(X1_3);
+        X2_3 = RotateLeft<8>(X2_3);
+        X3_3 = RotateLeft<8>(X3_3);
+
+        X0_2 = _mm256_add_epi32(X0_2, X0_3);
+        X1_2 = _mm256_add_epi32(X1_2, X1_3);
+        X2_2 = _mm256_add_epi32(X2_2, X2_3);
+        X3_2 = _mm256_add_epi32(X3_2, X3_3);
+
+        X0_1 = _mm256_xor_si256(X0_1, X0_2);
+        X1_1 = _mm256_xor_si256(X1_1, X1_2);
+        X2_1 = _mm256_xor_si256(X2_1, X2_2);
+        X3_1 = _mm256_xor_si256(X3_1, X3_2);
+
+        X0_1 = RotateLeft<7>(X0_1);
+        X1_1 = RotateLeft<7>(X1_1);
+        X2_1 = RotateLeft<7>(X2_1);
+        X3_1 = RotateLeft<7>(X3_1);
+
+        X0_1 = _mm256_shuffle_epi32(X0_1, _MM_SHUFFLE(0, 3, 2, 1));
+        X0_2 = _mm256_shuffle_epi32(X0_2, _MM_SHUFFLE(1, 0, 3, 2));
+        X0_3 = _mm256_shuffle_epi32(X0_3, _MM_SHUFFLE(2, 1, 0, 3));
+
+        X1_1 = _mm256_shuffle_epi32(X1_1, _MM_SHUFFLE(0, 3, 2, 1));
+        X1_2 = _mm256_shuffle_epi32(X1_2, _MM_SHUFFLE(1, 0, 3, 2));
+        X1_3 = _mm256_shuffle_epi32(X1_3, _MM_SHUFFLE(2, 1, 0, 3));
+
+        X2_1 = _mm256_shuffle_epi32(X2_1, _MM_SHUFFLE(0, 3, 2, 1));
+        X2_2 = _mm256_shuffle_epi32(X2_2, _MM_SHUFFLE(1, 0, 3, 2));
+        X2_3 = _mm256_shuffle_epi32(X2_3, _MM_SHUFFLE(2, 1, 0, 3));
+
+        X3_1 = _mm256_shuffle_epi32(X3_1, _MM_SHUFFLE(0, 3, 2, 1));
+        X3_2 = _mm256_shuffle_epi32(X3_2, _MM_SHUFFLE(1, 0, 3, 2));
+        X3_3 = _mm256_shuffle_epi32(X3_3, _MM_SHUFFLE(2, 1, 0, 3));
+
+        X0_0 = _mm256_add_epi32(X0_0, X0_1);
+        X1_0 = _mm256_add_epi32(X1_0, X1_1);
+        X2_0 = _mm256_add_epi32(X2_0, X2_1);
+        X3_0 = _mm256_add_epi32(X3_0, X3_1);
+
+        X0_3 = _mm256_xor_si256(X0_3, X0_0);
+        X1_3 = _mm256_xor_si256(X1_3, X1_0);
+        X2_3 = _mm256_xor_si256(X2_3, X2_0);
+        X3_3 = _mm256_xor_si256(X3_3, X3_0);
+
+        X0_3 = RotateLeft<16>(X0_3);
+        X1_3 = RotateLeft<16>(X1_3);
+        X2_3 = RotateLeft<16>(X2_3);
+        X3_3 = RotateLeft<16>(X3_3);
+
+        X0_2 = _mm256_add_epi32(X0_2, X0_3);
+        X1_2 = _mm256_add_epi32(X1_2, X1_3);
+        X2_2 = _mm256_add_epi32(X2_2, X2_3);
+        X3_2 = _mm256_add_epi32(X3_2, X3_3);
+
+        X0_1 = _mm256_xor_si256(X0_1, X0_2);
+        X1_1 = _mm256_xor_si256(X1_1, X1_2);
+        X2_1 = _mm256_xor_si256(X2_1, X2_2);
+        X3_1 = _mm256_xor_si256(X3_1, X3_2);
+
+        X0_1 = RotateLeft<12>(X0_1);
+        X1_1 = RotateLeft<12>(X1_1);
+        X2_1 = RotateLeft<12>(X2_1);
+        X3_1 = RotateLeft<12>(X3_1);
+
+        X0_0 = _mm256_add_epi32(X0_0, X0_1);
+        X1_0 = _mm256_add_epi32(X1_0, X1_1);
+        X2_0 = _mm256_add_epi32(X2_0, X2_1);
+        X3_0 = _mm256_add_epi32(X3_0, X3_1);
+
+        X0_3 = _mm256_xor_si256(X0_3, X0_0);
+        X1_3 = _mm256_xor_si256(X1_3, X1_0);
+        X2_3 = _mm256_xor_si256(X2_3, X2_0);
+        X3_3 = _mm256_xor_si256(X3_3, X3_0);
+
+        X0_3 = RotateLeft<8>(X0_3);
+        X1_3 = RotateLeft<8>(X1_3);
+        X2_3 = RotateLeft<8>(X2_3);
+        X3_3 = RotateLeft<8>(X3_3);
+
+        X0_2 = _mm256_add_epi32(X0_2, X0_3);
+        X1_2 = _mm256_add_epi32(X1_2, X1_3);
+        X2_2 = _mm256_add_epi32(X2_2, X2_3);
+        X3_2 = _mm256_add_epi32(X3_2, X3_3);
+
+        X0_1 = _mm256_xor_si256(X0_1, X0_2);
+        X1_1 = _mm256_xor_si256(X1_1, X1_2);
+        X2_1 = _mm256_xor_si256(X2_1, X2_2);
+        X3_1 = _mm256_xor_si256(X3_1, X3_2);
+
+        X0_1 = RotateLeft<7>(X0_1);
+        X1_1 = RotateLeft<7>(X1_1);
+        X2_1 = RotateLeft<7>(X2_1);
+        X3_1 = RotateLeft<7>(X3_1);
+
+        X0_1 = _mm256_shuffle_epi32(X0_1, _MM_SHUFFLE(2, 1, 0, 3));
+        X0_2 = _mm256_shuffle_epi32(X0_2, _MM_SHUFFLE(1, 0, 3, 2));
+        X0_3 = _mm256_shuffle_epi32(X0_3, _MM_SHUFFLE(0, 3, 2, 1));
+
+        X1_1 = _mm256_shuffle_epi32(X1_1, _MM_SHUFFLE(2, 1, 0, 3));
+        X1_2 = _mm256_shuffle_epi32(X1_2, _MM_SHUFFLE(1, 0, 3, 2));
+        X1_3 = _mm256_shuffle_epi32(X1_3, _MM_SHUFFLE(0, 3, 2, 1));
+
+        X2_1 = _mm256_shuffle_epi32(X2_1, _MM_SHUFFLE(2, 1, 0, 3));
+        X2_2 = _mm256_shuffle_epi32(X2_2, _MM_SHUFFLE(1, 0, 3, 2));
+        X2_3 = _mm256_shuffle_epi32(X2_3, _MM_SHUFFLE(0, 3, 2, 1));
+
+        X3_1 = _mm256_shuffle_epi32(X3_1, _MM_SHUFFLE(2, 1, 0, 3));
+        X3_2 = _mm256_shuffle_epi32(X3_2, _MM_SHUFFLE(1, 0, 3, 2));
+        X3_3 = _mm256_shuffle_epi32(X3_3, _MM_SHUFFLE(0, 3, 2, 1));
+    }
+
+    X0_0 = _mm256_add_epi32(X0_0, state0);
+    X0_1 = _mm256_add_epi32(X0_1, state1);
+    X0_2 = _mm256_add_epi32(X0_2, state2);
+    X0_3 = _mm256_add_epi32(X0_3, state3);
+    X0_3 = _mm256_add_epi32(X0_3, CTR0);
+
+    X1_0 = _mm256_add_epi32(X1_0, state0);
+    X1_1 = _mm256_add_epi32(X1_1, state1);
+    X1_2 = _mm256_add_epi32(X1_2, state2);
+    X1_3 = _mm256_add_epi32(X1_3, state3);
+    X1_3 = _mm256_add_epi32(X1_3, CTR1);
+
+    X2_0 = _mm256_add_epi32(X2_0, state0);
+    X2_1 = _mm256_add_epi32(X2_1, state1);
+    X2_2 = _mm256_add_epi32(X2_2, state2);
+    X2_3 = _mm256_add_epi32(X2_3, state3);
+    X2_3 = _mm256_add_epi32(X2_3, CTR2);
+
+    X3_0 = _mm256_add_epi32(X3_0, state0);
+    X3_1 = _mm256_add_epi32(X3_1, state1);
+    X3_2 = _mm256_add_epi32(X3_2, state2);
+    X3_3 = _mm256_add_epi32(X3_3, state3);
+    X3_3 = _mm256_add_epi32(X3_3, CTR3);
+
+    if (input)
+    {
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+0*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X0_0, X0_1, 1 + (3 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+0*32)))));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+1*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X0_2, X0_3, 1 + (3 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+1*32)))));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+2*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X1_0, X1_1, 1 + (3 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+2*32)))));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+3*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X1_2, X1_3, 1 + (3 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+3*32)))));
+    }
+    else
+    {
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+0*32),
+            _mm256_permute2x128_si256(X0_0, X0_1, 1 + (3 << 4)));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+1*32),
+            _mm256_permute2x128_si256(X0_2, X0_3, 1 + (3 << 4)));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+2*32),
+            _mm256_permute2x128_si256(X1_0, X1_1, 1 + (3 << 4)));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+3*32),
+            _mm256_permute2x128_si256(X1_2, X1_3, 1 + (3 << 4)));
+    }
+
+    if (input)
+    {
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+4*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X2_0, X2_1, 1 + (3 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+4*32)))));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+5*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X2_2, X2_3, 1 + (3 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+5*32)))));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+6*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X3_0, X3_1, 1 + (3 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+6*32)))));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+7*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X3_2, X3_3, 1 + (3 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+7*32)))));
+    }
+    else
+    {
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+4*32),
+            _mm256_permute2x128_si256(X2_0, X2_1, 1 + (3 << 4)));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+5*32),
+            _mm256_permute2x128_si256(X2_2, X2_3, 1 + (3 << 4)));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+6*32),
+            _mm256_permute2x128_si256(X3_0, X3_1, 1 + (3 << 4)));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+7*32),
+            _mm256_permute2x128_si256(X3_2, X3_3, 1 + (3 << 4)));
+    }
+
+    if (input)
+    {
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+ 8*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X0_0, X0_1, 0 + (2 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+8*32)))));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+ 9*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X0_2, X0_3, 0 + (2 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+9*32)))));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+10*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X1_0, X1_1, 0 + (2 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+10*32)))));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+11*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X1_2, X1_3, 0 + (2 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+11*32)))));
+    }
+    else
+    {
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+ 8*32),
+            _mm256_permute2x128_si256(X0_0, X0_1, 0 + (2 << 4)));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+ 9*32),
+            _mm256_permute2x128_si256(X0_2, X0_3, 0 + (2 << 4)));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+10*32),
+            _mm256_permute2x128_si256(X1_0, X1_1, 0 + (2 << 4)));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+11*32),
+            _mm256_permute2x128_si256(X1_2, X1_3, 0 + (2 << 4)));
+    }
+
+    if (input)
+    {
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+12*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X2_0, X2_1, 0 + (2 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+12*32)))));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+13*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X2_2, X2_3, 0 + (2 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+13*32)))));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+14*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X3_0, X3_1, 0 + (2 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+14*32)))));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+15*32),
+            _mm256_xor_si256(_mm256_permute2x128_si256(X3_2, X3_3, 0 + (2 << 4)),
+            _mm256_loadu_si256(const_cast<MAYBE_CONST __m256i*>(reinterpret_cast<const __m256i*>(input+15*32)))));
+    }
+    else
+    {
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+12*32),
+            _mm256_permute2x128_si256(X2_0, X2_1, 0 + (2 << 4)));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+13*32),
+            _mm256_permute2x128_si256(X2_2, X2_3, 0 + (2 << 4)));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+14*32),
+            _mm256_permute2x128_si256(X3_0, X3_1, 0 + (2 << 4)));
+        _mm256_storeu_si256(reinterpret_cast<__m256i*>(output+15*32),
+            _mm256_permute2x128_si256(X3_2, X3_3, 0 + (2 << 4)));
+    }
+
+    // https://software.intel.com/en-us/articles/avoiding-avx-sse-transition-penalties
+    _mm256_zeroupper();
+}
+
+#endif  // CRYPTOPP_AVX2_AVAILABLE
+
+NAMESPACE_END

Common/3dParty/cryptopp/chachapoly.cpp

@@ -0,0 +1,211 @@
+// chachapoly.cpp - written and placed in the public domain by Jeffrey Walton
+//                  RFC 8439, Section 2.8, AEAD Construction, http://tools.ietf.org/html/rfc8439
+
+#include "pch.h"
+#include "chachapoly.h"
+#include "algparam.h"
+#include "misc.h"
+
+#if CRYPTOPP_MSC_VERSION
+# pragma warning(disable: 4244)
+#endif
+
+NAMESPACE_BEGIN(CryptoPP)
+
+////////////////////////////// IETF ChaChaTLS //////////////////////////////
+
+// RekeyCipherAndMac is heavier-weight than we like. The Authenc framework was
+// predicated on BlockCiphers, where the key and key schedule could be
+// calculated independent of the IV being used. However, the ChaCha and
+// ChaCha20Poly1305 construction combines key setup and IV. That is, both are
+// needed to key or rekey the cipher. Even a simple Resync() requires us to
+// regenerate the initial state for both ChaCha20 and Poly1305.
+void ChaCha20Poly1305_Base::RekeyCipherAndMac(const byte *userKey, size_t keylength, const NameValuePairs &params)
+{
+	// Derive MAC key
+	AlgorithmParameters block0 = MakeParameters("InitialBlock", (word64)0, true);
+	AccessSymmetricCipher().SetKey(userKey, keylength, CombinedNameValuePairs(params, block0));
+
+	// Only the first 256-bits are used to key the MAC
+	SecByteBlock derived(NULLPTR, 32);
+	AccessSymmetricCipher().ProcessString(derived, derived.size());
+
+	// Key the Poly1305 MAC
+	AccessMAC().SetKey(derived, derived.size(), params);
+
+	// Key the ChaCha20 cipher
+	AlgorithmParameters block1 = MakeParameters("InitialBlock", (word64)1, true);
+	AccessSymmetricCipher().SetKey(userKey, keylength, CombinedNameValuePairs(params, block1));
+}
+
+void ChaCha20Poly1305_Base::SetKeyWithoutResync(const byte *userKey, size_t userKeyLength, const NameValuePairs &params)
+{
+	CRYPTOPP_ASSERT(userKey && userKeyLength == 32);
+	m_userKey.Assign(userKey, userKeyLength);
+
+	// ChaCha/Poly1305 initial state depends on both the key and IV. The
+	// IV may or may not be present during the call to SetKeyWithoutResync.
+	// If the IV is present, the framework will call SetKeyWithoutResync
+	// followed by Resynchronize which calls Resync. In this case we defer
+	// calculating the initial state until the call to Resynchronize.
+	// If the IV is not present, it avoids calling ChaCha's SetKey without
+	// an IV, which results in an exception. In this case the user will need
+	// to call Resynchronize to key ChaCha and Poly1305.
+	// RekeyCipherAndMac(userKey, userKeyLength, params);
+	CRYPTOPP_UNUSED(params);
+}
+
+void ChaCha20Poly1305_Base::Resync(const byte *iv, size_t len)
+{
+	CRYPTOPP_ASSERT(iv && len == 12);
+	RekeyCipherAndMac(m_userKey, m_userKey.SizeInBytes(),
+		MakeParameters(Name::IV(), ConstByteArrayParameter(iv,len)));
+}
+
+size_t ChaCha20Poly1305_Base::AuthenticateBlocks(const byte *data, size_t len)
+{
+	AccessMAC().Update(data, len);
+	return 0;
+}
+
+void ChaCha20Poly1305_Base::AuthenticateLastHeaderBlock()
+{
+	// Pad to a multiple of 16 or 0
+	const byte zero[16] = {0};
+	size_t pad = (16U - (m_totalHeaderLength % 16)) % 16;
+	AccessMAC().Update(zero, pad);
+}
+
+void ChaCha20Poly1305_Base::AuthenticateLastConfidentialBlock()
+{
+	// Pad to a multiple of 16 or 0
+	const byte zero[16] = {0};
+	size_t pad = (16U - (m_totalMessageLength % 16)) % 16;
+	AccessMAC().Update(zero, pad);
+}
+
+void ChaCha20Poly1305_Base::AuthenticateLastFooterBlock(byte *mac, size_t macSize)
+{
+	CRYPTOPP_ALIGN_DATA(8) byte length[2*sizeof(word64)];
+	PutWord(true, LITTLE_ENDIAN_ORDER, length+0, m_totalHeaderLength);
+	PutWord(true, LITTLE_ENDIAN_ORDER, length+8, m_totalMessageLength);
+	AccessMAC().Update(length, sizeof(length));
+	AccessMAC().TruncatedFinal(mac, macSize);
+	m_state = State_KeySet;
+}
+
+void ChaCha20Poly1305_Base::EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *aad, size_t aadLength, const byte *message, size_t messageLength)
+{
+	Resynchronize(iv, ivLength);
+	Update(aad, aadLength);
+	ProcessString(ciphertext, message, messageLength);
+	TruncatedFinal(mac, macSize);
+}
+
+bool ChaCha20Poly1305_Base::DecryptAndVerify(byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *aad, size_t aadLength, const byte *ciphertext, size_t ciphertextLength)
+{
+	Resynchronize(iv, ivLength);
+	Update(aad, aadLength);
+	ProcessString(message, ciphertext, ciphertextLength);
+	return TruncatedVerify(mac, macLength);
+}
+
+////////////////////////////// IETF XChaCha20 draft //////////////////////////////
+
+// RekeyCipherAndMac is heavier-weight than we like. The Authenc framework was
+// predicated on BlockCiphers, where the key and key schedule could be
+// calculated independent of the IV being used. However, the ChaCha and
+// ChaCha20Poly1305 construction combines key setup and IV. That is, both are
+// needed to key or rekey the cipher. Even a simple Resync() requires us to
+// regenerate the initial state for both ChaCha20 and Poly1305.
+void XChaCha20Poly1305_Base::RekeyCipherAndMac(const byte *userKey, size_t keylength, const NameValuePairs &params)
+{
+	// Derive MAC key
+	AlgorithmParameters block0 = MakeParameters("InitialBlock", (word64)0, true);
+	AccessSymmetricCipher().SetKey(userKey, keylength, CombinedNameValuePairs(params, block0));
+
+	// Only the first 256-bits are used to key the MAC
+	SecByteBlock derived(NULLPTR, 32);
+	AccessSymmetricCipher().ProcessString(derived, derived.size());
+
+	// Key the Poly1305 MAC
+	AccessMAC().SetKey(derived, derived.size(), params);
+
+	// Key the ChaCha20 cipher
+	AlgorithmParameters block1 = MakeParameters("InitialBlock", (word64)1, true);
+	AccessSymmetricCipher().SetKey(userKey, keylength, CombinedNameValuePairs(params, block1));
+}
+
+void XChaCha20Poly1305_Base::SetKeyWithoutResync(const byte *userKey, size_t userKeyLength, const NameValuePairs &params)
+{
+	CRYPTOPP_ASSERT(userKey && userKeyLength == 32);
+	m_userKey.Assign(userKey, userKeyLength);
+
+	// XChaCha20/Poly1305 initial state depends on both the key and IV. The
+	// IV may or may not be present during the call to SetKeyWithoutResync.
+	// If the IV is present, the framework will call SetKeyWithoutResync
+	// followed by Resynchronize which calls Resync. In this case we defer
+	// calculating the initial state until the call to Resynchronize.
+	// If the IV is not present, it avoids calling ChaCha's SetKey without
+	// an IV, which results in an exception. In this case the user will need
+	// to call Resynchronize to key ChaCha and Poly1305.
+	// RekeyCipherAndMac(userKey, userKeyLength, params);
+	CRYPTOPP_UNUSED(params);
+}
+
+void XChaCha20Poly1305_Base::Resync(const byte *iv, size_t len)
+{
+	CRYPTOPP_ASSERT(iv && len == 24);
+	RekeyCipherAndMac(m_userKey, m_userKey.SizeInBytes(),
+		MakeParameters(Name::IV(), ConstByteArrayParameter(iv,len)));
+}
+
+size_t XChaCha20Poly1305_Base::AuthenticateBlocks(const byte *data, size_t len)
+{
+	AccessMAC().Update(data, len);
+	return 0;
+}
+
+void XChaCha20Poly1305_Base::AuthenticateLastHeaderBlock()
+{
+	// Pad to a multiple of 16 or 0
+	const byte zero[16] = {0};
+	size_t pad = (16 - (m_totalHeaderLength % 16)) % 16;
+	AccessMAC().Update(zero, pad);
+}
+
+void XChaCha20Poly1305_Base::AuthenticateLastConfidentialBlock()
+{
+	// Pad to a multiple of 16 or 0
+	const byte zero[16] = {0};
+	size_t pad = (16 - (m_totalMessageLength % 16)) % 16;
+	AccessMAC().Update(zero, pad);
+}
+
+void XChaCha20Poly1305_Base::AuthenticateLastFooterBlock(byte *mac, size_t macSize)
+{
+	CRYPTOPP_ALIGN_DATA(8) byte length[2*sizeof(word64)];
+	PutWord(true, LITTLE_ENDIAN_ORDER, length+0, m_totalHeaderLength);
+	PutWord(true, LITTLE_ENDIAN_ORDER, length+8, m_totalMessageLength);
+	AccessMAC().Update(length, sizeof(length));
+	AccessMAC().TruncatedFinal(mac, macSize);
+	m_state = State_KeySet;
+}
+
+void XChaCha20Poly1305_Base::EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *aad, size_t aadLength, const byte *message, size_t messageLength)
+{
+	Resynchronize(iv, ivLength);
+	Update(aad, aadLength);
+	ProcessString(ciphertext, message, messageLength);
+	TruncatedFinal(mac, macSize);
+}
+
+bool XChaCha20Poly1305_Base::DecryptAndVerify(byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *aad, size_t aadLength, const byte *ciphertext, size_t ciphertextLength)
+{
+	Resynchronize(iv, ivLength);
+	Update(aad, aadLength);
+	ProcessString(message, ciphertext, ciphertextLength);
+	return TruncatedVerify(mac, macLength);
+}
+
+NAMESPACE_END

Common/3dParty/cryptopp/chachapoly.h

@@ -0,0 +1,322 @@
+// chachapoly.h - written and placed in the public domain by Jeffrey Walton
+//                RFC 8439, Section 2.8, AEAD Construction, http://tools.ietf.org/html/rfc8439
+
+/// \file chachapoly.h
+/// \brief IETF ChaCha20/Poly1305 AEAD scheme
+/// \details ChaCha20Poly1305 is an authenticated encryption scheme that combines
+///  ChaCha20TLS and Poly1305TLS. The scheme is defined in RFC 8439, section 2.8,
+///  AEAD_CHACHA20_POLY1305 construction, and uses the IETF versions of ChaCha20
+///  and Poly1305.
+/// \sa <A HREF="http://tools.ietf.org/html/rfc8439">RFC 8439, ChaCha20 and Poly1305
+///  for IETF Protocols</A>.
+/// \since Crypto++ 8.1
+
+#ifndef CRYPTOPP_CHACHA_POLY1305_H
+#define CRYPTOPP_CHACHA_POLY1305_H
+
+#include "cryptlib.h"
+#include "authenc.h"
+#include "chacha.h"
+#include "poly1305.h"
+
+NAMESPACE_BEGIN(CryptoPP)
+
+////////////////////////////// IETF ChaChaTLS //////////////////////////////
+
+/// \brief IETF ChaCha20Poly1305 cipher base implementation
+/// \details Base implementation of the AuthenticatedSymmetricCipher interface
+/// \since Crypto++ 8.1
+class ChaCha20Poly1305_Base : public AuthenticatedSymmetricCipherBase
+{
+public:
+	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName()
+		{return "ChaCha20/Poly1305";}
+
+	virtual ~ChaCha20Poly1305_Base() {}
+
+	// AuthenticatedSymmetricCipher
+	std::string AlgorithmName() const
+		{return std::string("ChaCha20/Poly1305");}
+	std::string AlgorithmProvider() const
+		{return GetSymmetricCipher().AlgorithmProvider();}
+	size_t MinKeyLength() const
+		{return 32;}
+	size_t MaxKeyLength() const
+		{return 32;}
+	size_t DefaultKeyLength() const
+		{return 32;}
+	size_t GetValidKeyLength(size_t n) const
+		{CRYPTOPP_UNUSED(n); return 32;}
+	bool IsValidKeyLength(size_t n) const
+		{return n==32;}
+	unsigned int OptimalDataAlignment() const
+		{return GetSymmetricCipher().OptimalDataAlignment();}
+	IV_Requirement IVRequirement() const
+		{return UNIQUE_IV;}
+	unsigned int IVSize() const
+		{return 12;}
+	unsigned int MinIVLength() const
+		{return 12;}
+	unsigned int MaxIVLength() const
+		{return 12;}
+	unsigned int DigestSize() const
+		{return 16;}
+	lword MaxHeaderLength() const
+		{return LWORD_MAX;}  // 2^64-1 bytes
+	lword MaxMessageLength() const
+		{return W64LIT(274877906880);}  // 2^38-1 blocks
+	lword MaxFooterLength() const
+		{return 0;}
+
+	/// \brief Encrypts and calculates a MAC in one call
+	/// \param ciphertext the encryption buffer
+	/// \param mac the mac buffer
+	/// \param macSize the size of the MAC buffer, in bytes
+	/// \param iv the iv buffer
+	/// \param ivLength the size of the IV buffer, in bytes
+	/// \param aad the AAD buffer
+	/// \param aadLength the size of the AAD buffer, in bytes
+	/// \param message the message buffer
+	/// \param messageLength the size of the messagetext buffer, in bytes
+	/// \details EncryptAndAuthenticate() encrypts and generates the MAC in one call. The function
+	///   truncates the MAC if <tt>macSize < TagSize()</tt>.
+	virtual void EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *aad, size_t aadLength, const byte *message, size_t messageLength);
+
+	/// \brief Decrypts and verifies a MAC in one call
+	/// \param message the decryption buffer
+	/// \param mac the mac buffer
+	/// \param macSize the size of the MAC buffer, in bytes
+	/// \param iv the iv buffer
+	/// \param ivLength the size of the IV buffer, in bytes
+	/// \param aad the AAD buffer
+	/// \param aadLength the size of the AAD buffer, in bytes
+	/// \param ciphertext the cipher buffer
+	/// \param ciphertextLength the size of the ciphertext buffer, in bytes
+	/// \return true if the MAC is valid and the decoding succeeded, false otherwise
+	/// \details DecryptAndVerify() decrypts and verifies the MAC in one call.
+	/// <tt>message</tt> is a decryption buffer and should be at least as large as the ciphertext buffer.
+	/// \details The function returns true iff MAC is valid. DecryptAndVerify() assumes the MAC
+	///  is truncated if <tt>macLength < TagSize()</tt>.
+	virtual bool DecryptAndVerify(byte *message, const byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *aad, size_t aadLength, const byte *ciphertext, size_t ciphertextLength);
+
+protected:
+	// AuthenticatedSymmetricCipherBase
+	bool AuthenticationIsOnPlaintext() const {return false;}
+	unsigned int AuthenticationBlockSize() const {return 1;}
+	void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs &params);
+	void Resync(const byte *iv, size_t len);
+	size_t AuthenticateBlocks(const byte *data, size_t len);
+	void AuthenticateLastHeaderBlock();
+	void AuthenticateLastConfidentialBlock();
+	void AuthenticateLastFooterBlock(byte *mac, size_t macSize);
+
+	// See comments in chachapoly.cpp
+	void RekeyCipherAndMac(const byte *userKey, size_t userKeyLength, const NameValuePairs &params);
+
+	virtual const MessageAuthenticationCode & GetMAC() const = 0;
+	virtual MessageAuthenticationCode & AccessMAC() = 0;
+
+private:
+	SecByteBlock m_userKey;
+};
+
+/// \brief IETF ChaCha20Poly1305 cipher final implementation
+/// \tparam T_IsEncryption flag indicating cipher direction
+/// \details ChaCha20Poly1305 is an authenticated encryption scheme that combines
+///  ChaCha20TLS and Poly1305TLS. The scheme is defined in RFC 8439, section 2.8,
+///  AEAD_CHACHA20_POLY1305 construction, and uses the IETF versions of ChaCha20
+///  and Poly1305.
+/// \sa <A HREF="http://tools.ietf.org/html/rfc8439">RFC 8439, ChaCha20 and Poly1305
+///  for IETF Protocols</A>.
+/// \since Crypto++ 8.1
+template <bool T_IsEncryption>
+class ChaCha20Poly1305_Final : public ChaCha20Poly1305_Base
+{
+public:
+	virtual ~ChaCha20Poly1305_Final() {}
+
+protected:
+	const SymmetricCipher & GetSymmetricCipher()
+		{return const_cast<ChaCha20Poly1305_Final *>(this)->AccessSymmetricCipher();}
+	SymmetricCipher & AccessSymmetricCipher()
+		{return m_cipher;}
+	bool IsForwardTransformation() const
+		{return T_IsEncryption;}
+
+	const MessageAuthenticationCode & GetMAC() const
+		{return const_cast<ChaCha20Poly1305_Final *>(this)->AccessMAC();}
+	MessageAuthenticationCode & AccessMAC()
+		{return m_mac;}
+
+private:
+	ChaChaTLS::Encryption m_cipher;
+	Poly1305TLS m_mac;
+};
+
+/// \brief IETF ChaCha20/Poly1305 AEAD scheme
+/// \details ChaCha20Poly1305 is an authenticated encryption scheme that combines
+///  ChaCha20TLS and Poly1305TLS. The scheme is defined in RFC 8439, section 2.8,
+///  AEAD_CHACHA20_POLY1305 construction, and uses the IETF versions of ChaCha20
+///  and Poly1305.
+/// \sa <A HREF="http://tools.ietf.org/html/rfc8439">RFC 8439, ChaCha20 and Poly1305
+///  for IETF Protocols</A>.
+/// \since Crypto++ 8.1
+struct ChaCha20Poly1305 : public AuthenticatedSymmetricCipherDocumentation
+{
+	/// \brief ChaCha20Poly1305 encryption
+	typedef ChaCha20Poly1305_Final<true> Encryption;
+	/// \brief ChaCha20Poly1305 decryption
+	typedef ChaCha20Poly1305_Final<false> Decryption;
+};
+
+////////////////////////////// IETF XChaCha20 draft //////////////////////////////
+
+/// \brief IETF XChaCha20Poly1305 cipher base implementation
+/// \details Base implementation of the AuthenticatedSymmetricCipher interface
+/// \since Crypto++ 8.1
+class XChaCha20Poly1305_Base : public AuthenticatedSymmetricCipherBase
+{
+public:
+	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName()
+		{return "XChaCha20/Poly1305";}
+
+	virtual ~XChaCha20Poly1305_Base() {}
+
+	// AuthenticatedSymmetricCipher
+	std::string AlgorithmName() const
+		{return std::string("XChaCha20/Poly1305");}
+	std::string AlgorithmProvider() const
+		{return GetSymmetricCipher().AlgorithmProvider();}
+	size_t MinKeyLength() const
+		{return 32;}
+	size_t MaxKeyLength() const
+		{return 32;}
+	size_t DefaultKeyLength() const
+		{return 32;}
+	size_t GetValidKeyLength(size_t n) const
+		{CRYPTOPP_UNUSED(n); return 32;}
+	bool IsValidKeyLength(size_t n) const
+		{return n==32;}
+	unsigned int OptimalDataAlignment() const
+		{return GetSymmetricCipher().OptimalDataAlignment();}
+	IV_Requirement IVRequirement() const
+		{return UNIQUE_IV;}
+	unsigned int IVSize() const
+		{return 24;}
+	unsigned int MinIVLength() const
+		{return 24;}
+	unsigned int MaxIVLength() const
+		{return 24;}
+	unsigned int DigestSize() const
+		{return 16;}
+	lword MaxHeaderLength() const
+		{return LWORD_MAX;}  // 2^64-1 bytes
+	lword MaxMessageLength() const
+		{return W64LIT(274877906880);}  // 2^38-1 blocks
+	lword MaxFooterLength() const
+		{return 0;}
+
+	/// \brief Encrypts and calculates a MAC in one call
+	/// \param ciphertext the encryption buffer
+	/// \param mac the mac buffer
+	/// \param macSize the size of the MAC buffer, in bytes
+	/// \param iv the iv buffer
+	/// \param ivLength the size of the IV buffer, in bytes
+	/// \param aad the AAD buffer
+	/// \param aadLength the size of the AAD buffer, in bytes
+	/// \param message the message buffer
+	/// \param messageLength the size of the messagetext buffer, in bytes
+	/// \details EncryptAndAuthenticate() encrypts and generates the MAC in one call. The function
+	///   truncates the MAC if <tt>macSize < TagSize()</tt>.
+	virtual void EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *aad, size_t aadLength, const byte *message, size_t messageLength);
+
+	/// \brief Decrypts and verifies a MAC in one call
+	/// \param message the decryption buffer
+	/// \param mac the mac buffer
+	/// \param macSize the size of the MAC buffer, in bytes
+	/// \param iv the iv buffer
+	/// \param ivLength the size of the IV buffer, in bytes
+	/// \param aad the AAD buffer
+	/// \param aadLength the size of the AAD buffer, in bytes
+	/// \param ciphertext the cipher buffer
+	/// \param ciphertextLength the size of the ciphertext buffer, in bytes
+	/// \return true if the MAC is valid and the decoding succeeded, false otherwise
+	/// \details DecryptAndVerify() decrypts and verifies the MAC in one call.
+	/// <tt>message</tt> is a decryption buffer and should be at least as large as the ciphertext buffer.
+	/// \details The function returns true iff MAC is valid. DecryptAndVerify() assumes the MAC
+	///  is truncated if <tt>macLength < TagSize()</tt>.
+	virtual bool DecryptAndVerify(byte *message, const byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *aad, size_t aadLength, const byte *ciphertext, size_t ciphertextLength);
+
+protected:
+	// AuthenticatedSymmetricCipherBase
+	bool AuthenticationIsOnPlaintext() const {return false;}
+	unsigned int AuthenticationBlockSize() const {return 1;}
+	void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs &params);
+	void Resync(const byte *iv, size_t len);
+	size_t AuthenticateBlocks(const byte *data, size_t len);
+	void AuthenticateLastHeaderBlock();
+	void AuthenticateLastConfidentialBlock();
+	void AuthenticateLastFooterBlock(byte *mac, size_t macSize);
+
+	// See comments in chachapoly.cpp
+	void RekeyCipherAndMac(const byte *userKey, size_t userKeyLength, const NameValuePairs &params);
+
+	virtual const MessageAuthenticationCode & GetMAC() const = 0;
+	virtual MessageAuthenticationCode & AccessMAC() = 0;
+
+private:
+	SecByteBlock m_userKey;
+};
+
+/// \brief IETF XChaCha20Poly1305 cipher final implementation
+/// \tparam T_IsEncryption flag indicating cipher direction
+/// \details XChaCha20Poly1305 is an authenticated encryption scheme that combines
+///  XChaCha20 and Poly1305-TLS. The scheme is defined in RFC 8439, section 2.8,
+///  AEAD_CHACHA20_POLY1305 construction, and uses the IETF versions of ChaCha20
+///  and Poly1305.
+/// \sa <A HREF="http://tools.ietf.org/html/rfc8439">RFC 8439, ChaCha20 and Poly1305
+///  for IETF Protocols</A>.
+/// \since Crypto++ 8.1
+template <bool T_IsEncryption>
+class XChaCha20Poly1305_Final : public XChaCha20Poly1305_Base
+{
+public:
+	virtual ~XChaCha20Poly1305_Final() {}
+
+protected:
+	const SymmetricCipher & GetSymmetricCipher()
+		{return const_cast<XChaCha20Poly1305_Final *>(this)->AccessSymmetricCipher();}
+	SymmetricCipher & AccessSymmetricCipher()
+		{return m_cipher;}
+	bool IsForwardTransformation() const
+		{return T_IsEncryption;}
+
+	const MessageAuthenticationCode & GetMAC() const
+		{return const_cast<XChaCha20Poly1305_Final *>(this)->AccessMAC();}
+	MessageAuthenticationCode & AccessMAC()
+		{return m_mac;}
+
+private:
+	XChaCha20::Encryption m_cipher;
+	Poly1305TLS m_mac;
+};
+
+/// \brief IETF XChaCha20/Poly1305 AEAD scheme
+/// \details XChaCha20Poly1305 is an authenticated encryption scheme that combines
+///  XChaCha20 and Poly1305-TLS. The scheme is defined in RFC 8439, section 2.8,
+///  AEAD_XCHACHA20_POLY1305 construction, and uses the IETF versions of ChaCha20
+///  and Poly1305.
+/// \sa <A HREF="http://tools.ietf.org/html/rfc8439">RFC 8439, ChaCha20 and Poly1305
+///  for IETF Protocols</A>.
+/// \since Crypto++ 8.1
+struct XChaCha20Poly1305 : public AuthenticatedSymmetricCipherDocumentation
+{
+	/// \brief XChaCha20Poly1305 encryption
+	typedef XChaCha20Poly1305_Final<true> Encryption;
+	/// \brief XChaCha20Poly1305 decryption
+	typedef XChaCha20Poly1305_Final<false> Decryption;
+};
+
+NAMESPACE_END
+
+#endif  // CRYPTOPP_CHACHA_POLY1305_H

Common/3dParty/cryptopp/cham.cpp

@@ -0,0 +1,365 @@
+// cham.cpp - written and placed in the public domain by Kim Sung Hee and Jeffrey Walton
+//            Based on "CHAM: A Family of Lightweight Block Ciphers for
+//            Resource-Constrained Devices" by Bonwook Koo, Dongyoung Roh,
+//            Hyeonjin Kim, Younghoon Jung, Dong-Geon Lee, and Daesung Kwon
+
+#include "pch.h"
+#include "config.h"
+
+#include "cham.h"
+#include "misc.h"
+#include "cpu.h"
+
+//                 CHAM table of parameters
+//  +-------------------------------------------------
+//  +cipher          n      k      r     w      k/w
+//  +-------------------------------------------------
+//  +CHAM-64/128     64     128    80    16     8
+//  +CHAM-128/128    128    128    80    32     4
+//  +CHAM-128/256    128    256    96    32     8
+//  +-------------------------------------------------
+
+ANONYMOUS_NAMESPACE_BEGIN
+
+using CryptoPP::rotlConstant;
+using CryptoPP::rotrConstant;
+
+/// \brief CHAM encryption round
+/// \tparam RR the round number residue
+/// \tparam KW the number of key words
+/// \tparam T words type
+/// \param x the state array
+/// \param k the subkey table
+/// \param i the round number
+/// \details CHAM_EncRound applies the encryption round to the plain text.
+///  RR is the "round residue" and it is used modulo 4. ProcessAndXorBlock
+///  may provide a fully unrolled encryption transformation, or provide
+///  a transformation that loops using multiples of 4 encryption rounds.
+/// \details CHAM_EncRound calculates indexes into the x[] array based
+///  on the round number residue. There is no need for the assignments
+///  that shift values in preparations for the next round.
+/// \details CHAM_EncRound depends on the round number. The actual round
+///  being executed is passed through the parameter <tt>i</tt>. If
+///  ProcessAndXorBlock fully unrolled the loop then the parameter
+///  <tt>i</tt> would be unnecessary.
+template <unsigned int RR, unsigned int KW, class T>
+inline void CHAM_EncRound(T x[4], const T k[KW], unsigned int i)
+{
+    CRYPTOPP_CONSTANT(IDX0 = (RR+0) % 4);
+    CRYPTOPP_CONSTANT(IDX1 = (RR+1) % 4);
+    CRYPTOPP_CONSTANT(IDX3 = (RR+3+1) % 4);
+    CRYPTOPP_CONSTANT(R1 = (RR % 2 == 0) ? 1 : 8);
+    CRYPTOPP_CONSTANT(R2 = (RR % 2 == 0) ? 8 : 1);
+
+    // Follows conventions in the ref impl
+    const T kk = k[i % KW];
+    const T aa = x[IDX0] ^ static_cast<T>(i);
+    const T bb = rotlConstant<R1>(x[IDX1]) ^ kk;
+    x[IDX3] = rotlConstant<R2>(static_cast<T>(aa + bb));
+}
+
+/// \brief CHAM decryption round
+/// \tparam RR the round number residue
+/// \tparam KW the number of key words
+/// \tparam T words type
+/// \param x the state array
+/// \param k the subkey table
+/// \param i the round number
+/// \details CHAM_DecRound applies the decryption round to the cipher text.
+///  RR is the "round residue" and it is used modulo 4. ProcessAndXorBlock
+///  may provide a fully unrolled decryption transformation, or provide
+///  a transformation that loops using multiples of 4 decryption rounds.
+/// \details CHAM_DecRound calculates indexes into the x[] array based
+///  on the round number residue. There is no need for the assignments
+///  that shift values in preparations for the next round.
+/// \details CHAM_DecRound depends on the round number. The actual round
+///  being executed is passed through the parameter <tt>i</tt>. If
+///  ProcessAndXorBlock fully unrolled the loop then the parameter
+///  <tt>i</tt> would be unnecessary.
+template <unsigned int RR, unsigned int KW, class T>
+inline void CHAM_DecRound(T x[4], const T k[KW], unsigned int i)
+{
+    CRYPTOPP_CONSTANT(IDX0 = (RR+0) % 4);
+    CRYPTOPP_CONSTANT(IDX1 = (RR+1) % 4);
+    CRYPTOPP_CONSTANT(IDX3 = (RR+3+1) % 4);
+    CRYPTOPP_CONSTANT(R1 = (RR % 2 == 0) ? 8 : 1);
+    CRYPTOPP_CONSTANT(R2 = (RR % 2 == 0) ? 1 : 8);
+
+    // Follows conventions in the ref impl
+    const T kk = k[i % KW];
+    const T aa = rotrConstant<R1>(x[IDX3]);
+    const T bb = rotlConstant<R2>(x[IDX1]) ^ kk;
+    x[IDX0] = static_cast<T>(aa - bb) ^ static_cast<T>(i);
+}
+
+ANONYMOUS_NAMESPACE_END
+
+NAMESPACE_BEGIN(CryptoPP)
+
+#if CRYPTOPP_CHAM128_ADVANCED_PROCESS_BLOCKS
+# if (CRYPTOPP_SSSE3_AVAILABLE)
+extern size_t CHAM64_Enc_AdvancedProcessBlocks_SSSE3(const word16* subKeys, size_t rounds,
+    const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
+
+extern size_t CHAM64_Dec_AdvancedProcessBlocks_SSSE3(const word16* subKeys, size_t rounds,
+    const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
+
+extern size_t CHAM128_Enc_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds,
+    const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
+
+extern size_t CHAM128_Dec_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds,
+    const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags);
+# endif  // CRYPTOPP_SSSE3_AVAILABLE
+#endif  // CRYPTOPP_CHAM128_ADVANCED_PROCESS_BLOCKS
+
+void CHAM64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params)
+{
+    CRYPTOPP_UNUSED(params);
+    m_kw = keyLength/sizeof(word16);
+    m_rk.New(2*m_kw);
+
+    for (size_t i = 0; i < m_kw; userKey += sizeof(word32))
+    {
+        // Do not cast the buffer. It will SIGBUS on some ARM and SPARC.
+        const word32 rk = GetWord<word32>(false, BIG_ENDIAN_ORDER, userKey);
+
+        const word16 rk1 = static_cast<word16>(rk >> 16);
+        m_rk[i] = rk1 ^ rotlConstant<1>(rk1) ^ rotlConstant<8>(rk1);
+        m_rk[(i + m_kw) ^ 1] = rk1 ^ rotlConstant<1>(rk1) ^ rotlConstant<11>(rk1);
+        i++;
+
+        const word16 rk2 = static_cast<word16>(rk & 0xffff);
+        m_rk[i] = rk2 ^ rotlConstant<1>(rk2) ^ rotlConstant<8>(rk2);
+        m_rk[(i + m_kw) ^ 1] = rk2 ^ rotlConstant<1>(rk2) ^ rotlConstant<11>(rk2);
+        i++;
+    }
+}
+
+void CHAM64::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
+{
+    // Do not cast the buffer. It will SIGBUS on some ARM and SPARC.
+    GetBlock<word16, BigEndian> iblock(inBlock);
+    iblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]);
+
+    const int R = 80;
+    for (int i = 0; i < R; i+=16)
+    {
+        CHAM_EncRound< 0, 16>(m_x.begin(), m_rk.begin(),  i+0);
+        CHAM_EncRound< 1, 16>(m_x.begin(), m_rk.begin(),  i+1);
+        CHAM_EncRound< 2, 16>(m_x.begin(), m_rk.begin(),  i+2);
+        CHAM_EncRound< 3, 16>(m_x.begin(), m_rk.begin(),  i+3);
+        CHAM_EncRound< 4, 16>(m_x.begin(), m_rk.begin(),  i+4);
+        CHAM_EncRound< 5, 16>(m_x.begin(), m_rk.begin(),  i+5);
+        CHAM_EncRound< 6, 16>(m_x.begin(), m_rk.begin(),  i+6);
+        CHAM_EncRound< 7, 16>(m_x.begin(), m_rk.begin(),  i+7);
+        CHAM_EncRound< 8, 16>(m_x.begin(), m_rk.begin(),  i+8);
+        CHAM_EncRound< 9, 16>(m_x.begin(), m_rk.begin(),  i+9);
+        CHAM_EncRound<10, 16>(m_x.begin(), m_rk.begin(), i+10);
+        CHAM_EncRound<11, 16>(m_x.begin(), m_rk.begin(), i+11);
+        CHAM_EncRound<12, 16>(m_x.begin(), m_rk.begin(), i+12);
+        CHAM_EncRound<13, 16>(m_x.begin(), m_rk.begin(), i+13);
+        CHAM_EncRound<14, 16>(m_x.begin(), m_rk.begin(), i+14);
+        CHAM_EncRound<15, 16>(m_x.begin(), m_rk.begin(), i+15);
+    }
+
+    PutBlock<word16, BigEndian> oblock(xorBlock, outBlock);
+    oblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]);
+}
+
+void CHAM64::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
+{
+    // Do not cast the buffer. It will SIGBUS on some ARM and SPARC.
+    GetBlock<word16, BigEndian> iblock(inBlock);
+    iblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]);
+
+    const int R = 80;
+    for (int i = R-1; i >=0 ; i-=16)
+    {
+        CHAM_DecRound<15, 16>(m_x.begin(), m_rk.begin(),  i-0);
+        CHAM_DecRound<14, 16>(m_x.begin(), m_rk.begin(),  i-1);
+        CHAM_DecRound<13, 16>(m_x.begin(), m_rk.begin(),  i-2);
+        CHAM_DecRound<12, 16>(m_x.begin(), m_rk.begin(),  i-3);
+        CHAM_DecRound<11, 16>(m_x.begin(), m_rk.begin(),  i-4);
+        CHAM_DecRound<10, 16>(m_x.begin(), m_rk.begin(),  i-5);
+        CHAM_DecRound< 9, 16>(m_x.begin(), m_rk.begin(),  i-6);
+        CHAM_DecRound< 8, 16>(m_x.begin(), m_rk.begin(),  i-7);
+        CHAM_DecRound< 7, 16>(m_x.begin(), m_rk.begin(),  i-8);
+        CHAM_DecRound< 6, 16>(m_x.begin(), m_rk.begin(),  i-9);
+        CHAM_DecRound< 5, 16>(m_x.begin(), m_rk.begin(), i-10);
+        CHAM_DecRound< 4, 16>(m_x.begin(), m_rk.begin(), i-11);
+        CHAM_DecRound< 3, 16>(m_x.begin(), m_rk.begin(), i-12);
+        CHAM_DecRound< 2, 16>(m_x.begin(), m_rk.begin(), i-13);
+        CHAM_DecRound< 1, 16>(m_x.begin(), m_rk.begin(), i-14);
+        CHAM_DecRound< 0, 16>(m_x.begin(), m_rk.begin(), i-15);
+    }
+
+    PutBlock<word16, BigEndian> oblock(xorBlock, outBlock);
+    oblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]);
+}
+
+std::string CHAM128::Base::AlgorithmProvider() const
+{
+#if defined(CRYPTOPP_SSSE3_AVAILABLE)
+    if (HasSSSE3())
+        return "SSSE3";
+#endif
+    return "C++";
+}
+
+void CHAM128::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params)
+{
+    CRYPTOPP_UNUSED(params);
+    m_kw = keyLength/sizeof(word32);
+    m_rk.New(2*m_kw);
+
+    for (size_t i = 0; i < m_kw; userKey += sizeof(word32))
+    {
+        // Do not cast the buffer. It will SIGBUS on some ARM and SPARC.
+        const word32 rk = GetWord<word32>(false, BIG_ENDIAN_ORDER, userKey);
+        m_rk[i] = rk ^ rotlConstant<1>(rk) ^ rotlConstant<8>(rk);
+        m_rk[(i + m_kw) ^ 1] = rk ^ rotlConstant<1>(rk) ^ rotlConstant<11>(rk);
+        i++;
+    }
+}
+
+void CHAM128::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
+{
+    // Do not cast the buffer. It will SIGBUS on some ARM and SPARC.
+    GetBlock<word32, BigEndian> iblock(inBlock);
+    iblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]);
+
+    switch (m_kw)
+    {
+    case 4:  // 128-bit key
+    {
+        const int R = 80;
+        for (int i = 0; i < R; i+=8)
+        {
+            CHAM_EncRound<0, 8>(m_x.begin(), m_rk.begin(), i+0);
+            CHAM_EncRound<1, 8>(m_x.begin(), m_rk.begin(), i+1);
+            CHAM_EncRound<2, 8>(m_x.begin(), m_rk.begin(), i+2);
+            CHAM_EncRound<3, 8>(m_x.begin(), m_rk.begin(), i+3);
+            CHAM_EncRound<4, 8>(m_x.begin(), m_rk.begin(), i+4);
+            CHAM_EncRound<5, 8>(m_x.begin(), m_rk.begin(), i+5);
+            CHAM_EncRound<6, 8>(m_x.begin(), m_rk.begin(), i+6);
+            CHAM_EncRound<7, 8>(m_x.begin(), m_rk.begin(), i+7);
+        }
+        break;
+    }
+    case 8:  // 256-bit key
+    {
+        const int R = 96;
+        for (int i = 0; i < R; i+=16)
+        {
+            CHAM_EncRound< 0, 16>(m_x.begin(), m_rk.begin(),  i+0);
+            CHAM_EncRound< 1, 16>(m_x.begin(), m_rk.begin(),  i+1);
+            CHAM_EncRound< 2, 16>(m_x.begin(), m_rk.begin(),  i+2);
+            CHAM_EncRound< 3, 16>(m_x.begin(), m_rk.begin(),  i+3);
+            CHAM_EncRound< 4, 16>(m_x.begin(), m_rk.begin(),  i+4);
+            CHAM_EncRound< 5, 16>(m_x.begin(), m_rk.begin(),  i+5);
+            CHAM_EncRound< 6, 16>(m_x.begin(), m_rk.begin(),  i+6);
+            CHAM_EncRound< 7, 16>(m_x.begin(), m_rk.begin(),  i+7);
+            CHAM_EncRound< 8, 16>(m_x.begin(), m_rk.begin(),  i+8);
+            CHAM_EncRound< 9, 16>(m_x.begin(), m_rk.begin(),  i+9);
+            CHAM_EncRound<10, 16>(m_x.begin(), m_rk.begin(), i+10);
+            CHAM_EncRound<11, 16>(m_x.begin(), m_rk.begin(), i+11);
+            CHAM_EncRound<12, 16>(m_x.begin(), m_rk.begin(), i+12);
+            CHAM_EncRound<13, 16>(m_x.begin(), m_rk.begin(), i+13);
+            CHAM_EncRound<14, 16>(m_x.begin(), m_rk.begin(), i+14);
+            CHAM_EncRound<15, 16>(m_x.begin(), m_rk.begin(), i+15);
+        }
+        break;
+    }
+    default:
+        CRYPTOPP_ASSERT(0);
+    }
+
+    PutBlock<word32, BigEndian> oblock(xorBlock, outBlock);
+    oblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]);
+}
+
+void CHAM128::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
+{
+    // Do not cast the buffer. It will SIGBUS on some ARM and SPARC.
+    GetBlock<word32, BigEndian> iblock(inBlock);
+    iblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]);
+
+    switch (m_kw)
+    {
+    case 4:  // 128-bit key
+    {
+        const int R = 80;
+        for (int i = R-1; i >= 0; i-=8)
+        {
+            CHAM_DecRound<7, 8>(m_x.begin(), m_rk.begin(), i-0);
+            CHAM_DecRound<6, 8>(m_x.begin(), m_rk.begin(), i-1);
+            CHAM_DecRound<5, 8>(m_x.begin(), m_rk.begin(), i-2);
+            CHAM_DecRound<4, 8>(m_x.begin(), m_rk.begin(), i-3);
+            CHAM_DecRound<3, 8>(m_x.begin(), m_rk.begin(), i-4);
+            CHAM_DecRound<2, 8>(m_x.begin(), m_rk.begin(), i-5);
+            CHAM_DecRound<1, 8>(m_x.begin(), m_rk.begin(), i-6);
+            CHAM_DecRound<0, 8>(m_x.begin(), m_rk.begin(), i-7);
+        }
+        break;
+    }
+    case 8:  // 256-bit key
+    {
+        const int R = 96;
+        for (int i = R-1; i >= 0; i-=16)
+        {
+            CHAM_DecRound<15, 16>(m_x.begin(), m_rk.begin(),  i-0);
+            CHAM_DecRound<14, 16>(m_x.begin(), m_rk.begin(),  i-1);
+            CHAM_DecRound<13, 16>(m_x.begin(), m_rk.begin(),  i-2);
+            CHAM_DecRound<12, 16>(m_x.begin(), m_rk.begin(),  i-3);
+            CHAM_DecRound<11, 16>(m_x.begin(), m_rk.begin(),  i-4);
+            CHAM_DecRound<10, 16>(m_x.begin(), m_rk.begin(),  i-5);
+            CHAM_DecRound< 9, 16>(m_x.begin(), m_rk.begin(),  i-6);
+            CHAM_DecRound< 8, 16>(m_x.begin(), m_rk.begin(),  i-7);
+            CHAM_DecRound< 7, 16>(m_x.begin(), m_rk.begin(),  i-8);
+            CHAM_DecRound< 6, 16>(m_x.begin(), m_rk.begin(),  i-9);
+            CHAM_DecRound< 5, 16>(m_x.begin(), m_rk.begin(), i-10);
+            CHAM_DecRound< 4, 16>(m_x.begin(), m_rk.begin(), i-11);
+            CHAM_DecRound< 3, 16>(m_x.begin(), m_rk.begin(), i-12);
+            CHAM_DecRound< 2, 16>(m_x.begin(), m_rk.begin(), i-13);
+            CHAM_DecRound< 1, 16>(m_x.begin(), m_rk.begin(), i-14);
+            CHAM_DecRound< 0, 16>(m_x.begin(), m_rk.begin(), i-15);
+        }
+        break;
+    }
+    default:
+        CRYPTOPP_ASSERT(0);
+    }
+
+    PutBlock<word32, BigEndian> oblock(xorBlock, outBlock);
+    oblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]);
+}
+
+#if CRYPTOPP_CHAM128_ADVANCED_PROCESS_BLOCKS
+size_t CHAM128::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
+        byte *outBlocks, size_t length, word32 flags) const
+{
+# if (CRYPTOPP_SSSE3_AVAILABLE)
+    if (HasSSSE3()) {
+        const size_t rounds = (m_kw == 4 ? 80 : 96);
+        return CHAM128_Enc_AdvancedProcessBlocks_SSSE3(m_rk, rounds,
+            inBlocks, xorBlocks, outBlocks, length, flags);
+    }
+# endif  // CRYPTOPP_SSSE3_AVAILABLE
+    return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
+}
+
+size_t CHAM128::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks,
+        byte *outBlocks, size_t length, word32 flags) const
+{
+# if (CRYPTOPP_SSSE3_AVAILABLE)
+    if (HasSSSE3()) {
+        const size_t rounds = (m_kw == 4 ? 80 : 96);
+        return CHAM128_Dec_AdvancedProcessBlocks_SSSE3(m_rk, rounds,
+            inBlocks, xorBlocks, outBlocks, length, flags);
+    }
+# endif  // CRYPTOPP_SSSE3_AVAILABLE
+    return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags);
+}
+#endif  // CRYPTOPP_CHAM128_ADVANCED_PROCESS_BLOCKS
+
+NAMESPACE_END

Common/3dParty/cryptopp/cham.h

@@ -0,0 +1,179 @@
+// cham.h - written and placed in the public domain by Kim Sung Hee and Jeffrey Walton
+//          Based on "CHAM: A Family of Lightweight Block Ciphers for
+//          Resource-Constrained Devices" by Bonwook Koo, Dongyoung Roh,
+//          Hyeonjin Kim, Younghoon Jung, Dong-Geon Lee, and Daesung Kwon
+
+/// \file cham.h
+/// \brief Classes for the CHAM block cipher
+/// \since Crypto++ 8.0
+
+#ifndef CRYPTOPP_CHAM_H
+#define CRYPTOPP_CHAM_H
+
+#include "config.h"
+#include "seckey.h"
+#include "secblock.h"
+#include "algparam.h"
+
+#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86)
+# define CRYPTOPP_CHAM128_ADVANCED_PROCESS_BLOCKS 1
+#endif
+
+// Yet another SunStudio/SunCC workaround. Failed self tests
+// in SSE code paths on i386 for SunStudio 12.3 and below.
+#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5120)
+# undef CRYPTOPP_CHAM128_ADVANCED_PROCESS_BLOCKS
+#endif
+
+NAMESPACE_BEGIN(CryptoPP)
+
+/// \brief CHAM block cipher information
+/// \since Crypto++ 8.0
+struct CHAM64_Info : public FixedBlockSize<8>, public FixedKeyLength<16>
+{
+    /// \brief The algorithm name
+    /// \return the algorithm name
+    /// \details StaticAlgorithmName returns the algorithm's name as a static
+    ///   member function.
+    static const std::string StaticAlgorithmName()
+    {
+        // Format is Cipher-Blocksize
+        return "CHAM-64";
+    }
+};
+
+/// \brief CHAM block cipher information
+/// \since Crypto++ 8.0
+struct CHAM128_Info : public FixedBlockSize<16>, public VariableKeyLength<16,16,32,16>
+{
+    /// \brief The algorithm name
+    /// \return the algorithm name
+    /// \details StaticAlgorithmName returns the algorithm's name as a static
+    ///   member function.
+    static const std::string StaticAlgorithmName()
+    {
+        // Format is Cipher-Blocksize
+        return "CHAM-128";
+    }
+};
+
+/// \brief CHAM 64-bit block cipher
+/// \details CHAM64 provides 64-bit block size. The valid key size is 128-bit.
+/// \note Crypto++ provides a byte oriented implementation
+/// \sa CHAM128, <a href="http://www.cryptopp.com/wiki/CHAM">CHAM</a>,
+///   <a href="https://pdfs.semanticscholar.org/2f57/61b5c2614cffd58a09cc83c375a2b32a2ed3.pdf">
+///   CHAM: A Family of Lightweight Block Ciphers for Resource-Constrained Devices</a>
+/// \since Crypto++ 8.0
+class CRYPTOPP_NO_VTABLE CHAM64 : public CHAM64_Info, public BlockCipherDocumentation
+{
+public:
+    /// \brief CHAM block cipher transformation functions
+    /// \details Provides implementation common to encryption and decryption
+    /// \since Crypto++ 8.0
+    class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<CHAM64_Info>
+    {
+    protected:
+        void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
+
+        SecBlock<word16> m_rk;
+        mutable FixedSizeSecBlock<word16, 4> m_x;
+        unsigned int m_kw;
+    };
+
+    /// \brief Encryption transformation
+    /// \details Enc provides implementation for encryption transformation. All key and block
+    ///   sizes are supported.
+    /// \since Crypto++ 8.0
+    class CRYPTOPP_NO_VTABLE Enc : public Base
+    {
+    public:
+        void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
+    };
+
+    /// \brief Decryption transformation
+    /// \details Dec provides implementation for decryption transformation. All key and block
+    ///   sizes are supported.
+    /// \since Crypto++ 8.0
+    class CRYPTOPP_NO_VTABLE Dec : public Base
+    {
+    public:
+        void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
+    };
+
+    /// \brief CHAM64 encryption
+    typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
+    /// \brief CHAM64 decryption
+    typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
+};
+
+/// \brief CHAM64 encryption
+typedef CHAM64::Encryption CHAM64Encryption;
+/// \brief CHAM64 decryption
+typedef CHAM64::Decryption CHAM64Decryption;
+
+/// \brief CHAM 128-bit block cipher
+/// \details CHAM128 provides 128-bit block size. The valid key size is 128-bit and 256-bit.
+/// \note Crypto++ provides a byte oriented implementation
+/// \sa CHAM64, <a href="http://www.cryptopp.com/wiki/CHAM">CHAM</a>,
+///   <a href="https://pdfs.semanticscholar.org/2f57/61b5c2614cffd58a09cc83c375a2b32a2ed3.pdf">
+///   CHAM: A Family of Lightweight Block Ciphers for Resource-Constrained Devices</a>
+/// \since Crypto++ 8.0
+class CRYPTOPP_NO_VTABLE CHAM128 : public CHAM128_Info, public BlockCipherDocumentation
+{
+public:
+    /// \brief CHAM block cipher transformation functions
+    /// \details Provides implementation common to encryption and decryption
+    /// \since Crypto++ 8.0
+    class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<CHAM128_Info>
+    {
+    protected:
+        void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs &params);
+        std::string AlgorithmProvider() const;
+
+        SecBlock<word32> m_rk;
+        mutable FixedSizeSecBlock<word32, 4> m_x;
+        unsigned int m_kw;
+    };
+
+    /// \brief Encryption transformation
+    /// \details Enc provides implementation for encryption transformation. All key and block
+    ///   sizes are supported.
+    /// \since Crypto++ 8.0
+    class CRYPTOPP_NO_VTABLE Enc : public Base
+    {
+    public:
+        void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
+
+#if CRYPTOPP_CHAM128_ADVANCED_PROCESS_BLOCKS
+        size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
+#endif
+    };
+
+    /// \brief Decryption transformation
+    /// \details Dec provides implementation for decryption transformation. All key and block
+    ///   sizes are supported.
+    /// \since Crypto++ 8.0
+    class CRYPTOPP_NO_VTABLE Dec : public Base
+    {
+    public:
+        void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
+
+#if CRYPTOPP_CHAM128_ADVANCED_PROCESS_BLOCKS
+        size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
+#endif
+    };
+
+    /// \brief CHAM128 encryption
+    typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
+    /// \brief CHAM128 decryption
+    typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
+};
+
+/// \brief CHAM128 encryption
+typedef CHAM128::Encryption CHAM128Encryption;
+/// \brief CHAM128 decryption
+typedef CHAM128::Decryption CHAM128Decryption;
+
+NAMESPACE_END
+
+#endif  // CRYPTOPP_CHAM_H

Common/3dParty/cryptopp/cham_simd.cpp

@@ -0,0 +1,478 @@
+// cham_simd.cpp - written and placed in the public domain by Jeffrey Walton
+//
+//    This source file uses intrinsics and built-ins to gain access to
+//    SSSE3, ARM NEON and ARMv8a, and Power7 Altivec instructions. A separate
+//    source file is needed because additional CXXFLAGS are required to enable
+//    the appropriate instructions sets in some build configurations.
+
+#include "pch.h"
+#include "config.h"
+
+#include "cham.h"
+#include "misc.h"
+
+// Uncomment for benchmarking C++ against SSE or NEON.
+// Do so in both simon.cpp and simon_simd.cpp.
+// #undef CRYPTOPP_SSSE3_AVAILABLE
+// #undef CRYPTOPP_ARM_NEON_AVAILABLE
+
+#if (CRYPTOPP_SSSE3_AVAILABLE)
+#include "adv_simd.h"
+# include <pmmintrin.h>
+# include <tmmintrin.h>
+#endif
+
+#if defined(__XOP__)
+# include <ammintrin.h>
+# if defined(__GNUC__)
+#  include <x86intrin.h>
+# endif
+#endif
+
+// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670
+#define DOUBLE_CAST(x) ((double*)(void*)(x))
+#define CONST_DOUBLE_CAST(x) ((const double*)(const void*)(x))
+
+// Squash MS LNK4221 and libtool warnings
+extern const char CHAM_SIMD_FNAME[] = __FILE__;
+
+ANONYMOUS_NAMESPACE_BEGIN
+
+using CryptoPP::word16;
+using CryptoPP::word32;
+
+#if (CRYPTOPP_SSSE3_AVAILABLE)
+
+//////////////////////////////////////////////////////////////////////////
+
+NAMESPACE_BEGIN(W32)  // CHAM128, 32-bit word size
+
+template <unsigned int R>
+inline __m128i RotateLeft32(const __m128i& val)
+{
+#if defined(__XOP__)
+    return _mm_roti_epi32(val, R);
+#else
+    return _mm_or_si128(
+        _mm_slli_epi32(val, R), _mm_srli_epi32(val, 32-R));
+#endif
+}
+
+template <unsigned int R>
+inline __m128i RotateRight32(const __m128i& val)
+{
+#if defined(__XOP__)
+    return _mm_roti_epi32(val, 32-R);
+#else
+    return _mm_or_si128(
+        _mm_slli_epi32(val, 32-R), _mm_srli_epi32(val, R));
+#endif
+}
+
+// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks.
+template <>
+inline __m128i RotateLeft32<8>(const __m128i& val)
+{
+#if defined(__XOP__)
+    return _mm_roti_epi32(val, 8);
+#else
+    const __m128i mask = _mm_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3);
+    return _mm_shuffle_epi8(val, mask);
+#endif
+}
+
+// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks.
+template <>
+inline __m128i RotateRight32<8>(const __m128i& val)
+{
+#if defined(__XOP__)
+    return _mm_roti_epi32(val, 32-8);
+#else
+    const __m128i mask = _mm_set_epi8(12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1);
+    return _mm_shuffle_epi8(val, mask);
+#endif
+}
+
+template <unsigned int IDX>
+inline __m128i UnpackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
+{
+    // Should not be instantiated
+    CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b);
+    CRYPTOPP_UNUSED(c); CRYPTOPP_UNUSED(d);
+    CRYPTOPP_ASSERT(0);
+    return _mm_setzero_si128();
+}
+
+template <>
+inline __m128i UnpackXMM<0>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
+{
+    // The shuffle converts to and from little-endian for SSE. A specialized
+    // CHAM implementation can avoid the shuffle by framing the data for
+    // encryption, decryption and benchmarks. The library cannot take the
+    // speed-up because of the byte oriented API.
+    const __m128i r1 = _mm_unpacklo_epi32(a, b);
+    const __m128i r2 = _mm_unpacklo_epi32(c, d);
+    return _mm_shuffle_epi8(_mm_unpacklo_epi64(r1, r2),
+        _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3));
+}
+
+template <>
+inline __m128i UnpackXMM<1>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
+{
+    // The shuffle converts to and from little-endian for SSE. A specialized
+    // CHAM implementation can avoid the shuffle by framing the data for
+    // encryption, decryption and benchmarks. The library cannot take the
+    // speed-up because of the byte oriented API.
+    const __m128i r1 = _mm_unpacklo_epi32(a, b);
+    const __m128i r2 = _mm_unpacklo_epi32(c, d);
+    return _mm_shuffle_epi8(_mm_unpackhi_epi64(r1, r2),
+        _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3));
+}
+
+template <>
+inline __m128i UnpackXMM<2>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
+{
+    // The shuffle converts to and from little-endian for SSE. A specialized
+    // CHAM implementation can avoid the shuffle by framing the data for
+    // encryption, decryption and benchmarks. The library cannot take the
+    // speed-up because of the byte oriented API.
+    const __m128i r1 = _mm_unpackhi_epi32(a, b);
+    const __m128i r2 = _mm_unpackhi_epi32(c, d);
+    return _mm_shuffle_epi8(_mm_unpacklo_epi64(r1, r2),
+        _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3));
+}
+
+template <>
+inline __m128i UnpackXMM<3>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
+{
+    // The shuffle converts to and from little-endian for SSE. A specialized
+    // CHAM implementation can avoid the shuffle by framing the data for
+    // encryption, decryption and benchmarks. The library cannot take the
+    // speed-up because of the byte oriented API.
+    const __m128i r1 = _mm_unpackhi_epi32(a, b);
+    const __m128i r2 = _mm_unpackhi_epi32(c, d);
+    return _mm_shuffle_epi8(_mm_unpackhi_epi64(r1, r2),
+        _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3));
+}
+
+template <unsigned int IDX>
+inline __m128i UnpackXMM(const __m128i& v)
+{
+    // Should not be instantiated
+    CRYPTOPP_UNUSED(v); CRYPTOPP_ASSERT(0);
+    return _mm_setzero_si128();
+}
+
+template <>
+inline __m128i UnpackXMM<0>(const __m128i& v)
+{
+    return _mm_shuffle_epi8(v, _mm_set_epi8(0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3));
+}
+
+template <>
+inline __m128i UnpackXMM<1>(const __m128i& v)
+{
+    return _mm_shuffle_epi8(v, _mm_set_epi8(4,5,6,7, 4,5,6,7, 4,5,6,7, 4,5,6,7));
+}
+
+template <>
+inline __m128i UnpackXMM<2>(const __m128i& v)
+{
+    return _mm_shuffle_epi8(v, _mm_set_epi8(8,9,10,11, 8,9,10,11, 8,9,10,11, 8,9,10,11));
+}
+
+template <>
+inline __m128i UnpackXMM<3>(const __m128i& v)
+{
+    return _mm_shuffle_epi8(v, _mm_set_epi8(12,13,14,15, 12,13,14,15, 12,13,14,15, 12,13,14,15));
+}
+
+template <unsigned int IDX>
+inline __m128i RepackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
+{
+    return UnpackXMM<IDX>(a, b, c, d);
+}
+
+template <unsigned int IDX>
+inline __m128i RepackXMM(const __m128i& v)
+{
+    return UnpackXMM<IDX>(v);
+}
+
+inline void CHAM128_Enc_Block(__m128i &block0,
+    const word32 *subkeys, unsigned int rounds)
+{
+    // Rearrange the data for vectorization. UnpackXMM includes a
+    // little-endian swap for SSE. Thanks to Peter Cordes for help
+    // with packing and unpacking.
+    // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ...
+    __m128i a = UnpackXMM<0>(block0);
+    __m128i b = UnpackXMM<1>(block0);
+    __m128i c = UnpackXMM<2>(block0);
+    __m128i d = UnpackXMM<3>(block0);
+
+    __m128i counter = _mm_set_epi32(0,0,0,0);
+    __m128i increment = _mm_set_epi32(1,1,1,1);
+
+    const unsigned int MASK = (rounds == 80 ? 7 : 15);
+    for (int i=0; i<static_cast<int>(rounds); i+=4)
+    {
+        __m128i k, k1, k2, t1, t2;
+        k = _mm_castpd_si128(_mm_load_sd(CONST_DOUBLE_CAST(&subkeys[(i+0) & MASK])));
+
+        // Shuffle out two subkeys
+        k1 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0));
+        k2 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4));
+
+        t1 = _mm_xor_si128(a, counter);
+        t2 = _mm_xor_si128(RotateLeft32<1>(b), k1);
+        a = RotateLeft32<8>(_mm_add_epi32(t1, t2));
+
+        counter = _mm_add_epi32(counter, increment);
+
+        t1 = _mm_xor_si128(b, counter);
+        t2 = _mm_xor_si128(RotateLeft32<8>(c), k2);
+        b = RotateLeft32<1>(_mm_add_epi32(t1, t2));
+
+        counter = _mm_add_epi32(counter, increment);
+        k = _mm_castpd_si128(_mm_load_sd(CONST_DOUBLE_CAST(&subkeys[(i+2) & MASK])));
+
+        // Shuffle out two subkeys
+        k1 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0));
+        k2 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4));
+
+        t1 = _mm_xor_si128(c, counter);
+        t2 = _mm_xor_si128(RotateLeft32<1>(d), k1);
+        c = RotateLeft32<8>(_mm_add_epi32(t1, t2));
+
+        counter = _mm_add_epi32(counter, increment);
+
+        t1 = _mm_xor_si128(d, counter);
+        t2 = _mm_xor_si128(RotateLeft32<8>(a), k2);
+        d = RotateLeft32<1>(_mm_add_epi32(t1, t2));
+
+        counter = _mm_add_epi32(counter, increment);
+    }
+
+    // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ...
+    block0 = RepackXMM<0>(a,b,c,d);
+}
+
+inline void CHAM128_Dec_Block(__m128i &block0,
+    const word32 *subkeys, unsigned int rounds)
+{
+    // Rearrange the data for vectorization. UnpackXMM includes a
+    // little-endian swap for SSE. Thanks to Peter Cordes for help
+    // with packing and unpacking.
+    // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ...
+    __m128i a = UnpackXMM<0>(block0);
+    __m128i b = UnpackXMM<1>(block0);
+    __m128i c = UnpackXMM<2>(block0);
+    __m128i d = UnpackXMM<3>(block0);
+
+    __m128i counter = _mm_set_epi32(rounds-1,rounds-1,rounds-1,rounds-1);
+    __m128i decrement = _mm_set_epi32(1,1,1,1);
+
+    const unsigned int MASK = (rounds == 80 ? 7 : 15);
+    for (int i = static_cast<int>(rounds)-1; i >= 0; i-=4)
+    {
+        __m128i k, k1, k2, t1, t2;
+        k = _mm_castpd_si128(_mm_load_sd(CONST_DOUBLE_CAST(&subkeys[(i-1) & MASK])));
+
+        // Shuffle out two subkeys
+        k1 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4));
+        k2 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0));
+
+        // Odd round
+        t1 = RotateRight32<1>(d);
+        t2 = _mm_xor_si128(RotateLeft32<8>(a), k1);
+        d = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter);
+
+        counter = _mm_sub_epi32(counter, decrement);
+
+        // Even round
+        t1 = RotateRight32<8>(c);
+        t2 = _mm_xor_si128(RotateLeft32<1>(d), k2);
+        c = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter);
+
+        counter = _mm_sub_epi32(counter, decrement);
+        k = _mm_castpd_si128(_mm_load_sd(CONST_DOUBLE_CAST(&subkeys[(i-3) & MASK])));
+
+        // Shuffle out two subkeys
+        k1 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4));
+        k2 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0));
+
+        // Odd round
+        t1 = RotateRight32<1>(b);
+        t2 = _mm_xor_si128(RotateLeft32<8>(c), k1);
+        b = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter);
+
+        counter = _mm_sub_epi32(counter, decrement);
+
+        // Even round
+        t1 = RotateRight32<8>(a);
+        t2 = _mm_xor_si128(RotateLeft32<1>(b), k2);
+        a = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter);
+
+        counter = _mm_sub_epi32(counter, decrement);
+    }
+
+    // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ...
+    block0 = RepackXMM<0>(a,b,c,d);
+}
+
+inline void CHAM128_Enc_4_Blocks(__m128i &block0, __m128i &block1,
+    __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int rounds)
+{
+    // Rearrange the data for vectorization. UnpackXMM includes a
+    // little-endian swap for SSE. Thanks to Peter Cordes for help
+    // with packing and unpacking.
+    // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ...
+    __m128i a = UnpackXMM<0>(block0, block1, block2, block3);
+    __m128i b = UnpackXMM<1>(block0, block1, block2, block3);
+    __m128i c = UnpackXMM<2>(block0, block1, block2, block3);
+    __m128i d = UnpackXMM<3>(block0, block1, block2, block3);
+
+    __m128i counter = _mm_set_epi32(0,0,0,0);
+    __m128i increment = _mm_set_epi32(1,1,1,1);
+
+    const unsigned int MASK = (rounds == 80 ? 7 : 15);
+    for (int i=0; i<static_cast<int>(rounds); i+=4)
+    {
+        __m128i k, k1, k2, t1, t2;
+        k = _mm_castpd_si128(_mm_load_sd(CONST_DOUBLE_CAST(&subkeys[(i+0) & MASK])));
+
+        // Shuffle out two subkeys
+        k1 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0));
+        k2 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4));
+
+        t1 = _mm_xor_si128(a, counter);
+        t2 = _mm_xor_si128(RotateLeft32<1>(b), k1);
+        a = RotateLeft32<8>(_mm_add_epi32(t1, t2));
+
+        counter = _mm_add_epi32(counter, increment);
+
+        t1 = _mm_xor_si128(b, counter);
+        t2 = _mm_xor_si128(RotateLeft32<8>(c), k2);
+        b = RotateLeft32<1>(_mm_add_epi32(t1, t2));
+
+        counter = _mm_add_epi32(counter, increment);
+        k = _mm_castpd_si128(_mm_load_sd(CONST_DOUBLE_CAST(&subkeys[(i+2) & MASK])));
+
+        // Shuffle out two subkeys
+        k1 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0));
+        k2 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4));
+
+        t1 = _mm_xor_si128(c, counter);
+        t2 = _mm_xor_si128(RotateLeft32<1>(d), k1);
+        c = RotateLeft32<8>(_mm_add_epi32(t1, t2));
+
+        counter = _mm_add_epi32(counter, increment);
+
+        t1 = _mm_xor_si128(d, counter);
+        t2 = _mm_xor_si128(RotateLeft32<8>(a), k2);
+        d = RotateLeft32<1>(_mm_add_epi32(t1, t2));
+
+        counter = _mm_add_epi32(counter, increment);
+    }
+
+    // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ...
+    block0 = RepackXMM<0>(a,b,c,d);
+    block1 = RepackXMM<1>(a,b,c,d);
+    block2 = RepackXMM<2>(a,b,c,d);
+    block3 = RepackXMM<3>(a,b,c,d);
+}
+
+inline void CHAM128_Dec_4_Blocks(__m128i &block0, __m128i &block1,
+    __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int rounds)
+{
+    // Rearrange the data for vectorization. UnpackXMM includes a
+    // little-endian swap for SSE. Thanks to Peter Cordes for help
+    // with packing and unpacking.
+    // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ...
+    __m128i a = UnpackXMM<0>(block0, block1, block2, block3);
+    __m128i b = UnpackXMM<1>(block0, block1, block2, block3);
+    __m128i c = UnpackXMM<2>(block0, block1, block2, block3);
+    __m128i d = UnpackXMM<3>(block0, block1, block2, block3);
+
+    __m128i counter = _mm_set_epi32(rounds-1,rounds-1,rounds-1,rounds-1);
+    __m128i decrement = _mm_set_epi32(1,1,1,1);
+
+    const unsigned int MASK = (rounds == 80 ? 7 : 15);
+    for (int i = static_cast<int>(rounds)-1; i >= 0; i-=4)
+    {
+        __m128i k, k1, k2, t1, t2;
+        k = _mm_castpd_si128(_mm_load_sd(CONST_DOUBLE_CAST(&subkeys[(i-1) & MASK])));
+
+        // Shuffle out two subkeys
+        k1 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4));
+        k2 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0));
+
+        // Odd round
+        t1 = RotateRight32<1>(d);
+        t2 = _mm_xor_si128(RotateLeft32<8>(a), k1);
+        d = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter);
+
+        counter = _mm_sub_epi32(counter, decrement);
+
+        // Even round
+        t1 = RotateRight32<8>(c);
+        t2 = _mm_xor_si128(RotateLeft32<1>(d), k2);
+        c = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter);
+
+        counter = _mm_sub_epi32(counter, decrement);
+        k = _mm_castpd_si128(_mm_load_sd(CONST_DOUBLE_CAST(&subkeys[(i-3) & MASK])));
+
+        // Shuffle out two subkeys
+        k1 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4));
+        k2 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0));
+
+        // Odd round
+        t1 = RotateRight32<1>(b);
+        t2 = _mm_xor_si128(RotateLeft32<8>(c), k1);
+        b = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter);
+
+        counter = _mm_sub_epi32(counter, decrement);
+
+        // Even round
+        t1 = RotateRight32<8>(a);
+        t2 = _mm_xor_si128(RotateLeft32<1>(b), k2);
+        a = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter);
+
+        counter = _mm_sub_epi32(counter, decrement);
+    }
+
+    // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ...
+    block0 = RepackXMM<0>(a,b,c,d);
+    block1 = RepackXMM<1>(a,b,c,d);
+    block2 = RepackXMM<2>(a,b,c,d);
+    block3 = RepackXMM<3>(a,b,c,d);
+}
+
+//////////////////////////////////////////////////////////////////////////
+
+NAMESPACE_END  // W32
+
+#endif  // CRYPTOPP_SSSE3_AVAILABLE
+
+ANONYMOUS_NAMESPACE_END
+
+NAMESPACE_BEGIN(CryptoPP)
+
+#if defined(CRYPTOPP_SSSE3_AVAILABLE)
+size_t CHAM128_Enc_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds,
+    const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags)
+{
+    return AdvancedProcessBlocks128_4x1_SSE(W32::CHAM128_Enc_Block, W32::CHAM128_Enc_4_Blocks,
+        subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags);
+}
+
+size_t CHAM128_Dec_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds,
+    const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags)
+{
+    return AdvancedProcessBlocks128_4x1_SSE(W32::CHAM128_Dec_Block, W32::CHAM128_Dec_4_Blocks,
+        subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags);
+}
+#endif // CRYPTOPP_SSSE3_AVAILABLE
+
+NAMESPACE_END

Common/3dParty/cryptopp/cmac.cpp

@@ -5,14 +5,17 @@
 #ifndef CRYPTOPP_IMPORTS
 
 #include "cmac.h"
+#include "misc.h"
 
-NAMESPACE_BEGIN(CryptoPP)
+ANONYMOUS_NAMESPACE_BEGIN
 
-static void MulU(byte *k, unsigned int length)
+using CryptoPP::byte;
+using CryptoPP::IsPowerOf2;
+
+void MulU(byte *k, unsigned int len)
 {
 	byte carry = 0;
-
-	for (int i=length-1; i>=1; i-=2)
+	for (int i=len-1; i>=1; i-=2)
 	{
 		byte carry2 = k[i] >> 7;
 		k[i] += k[i] + carry;
@@ -20,9 +23,22 @@ static void MulU(byte *k, unsigned int length)
 		k[i-1] += k[i-1] + carry2;
 	}
 
+#ifndef CRYPTOPP_CMAC_WIDE_BLOCK_CIPHERS
+	CRYPTOPP_ASSERT(len == 16);
+
 	if (carry)
 	{
-		switch (length)
+		k[15] ^= 0x87;
+		return;
+	}
+#else
+	CRYPTOPP_ASSERT(IsPowerOf2(len));
+	CRYPTOPP_ASSERT(len >= 8);
+	CRYPTOPP_ASSERT(len <= 128);
+
+	if (carry)
+	{
+		switch (len)
 		{
 		case 8:
 			k[7] ^= 0x1b;
@@ -50,11 +66,16 @@ static void MulU(byte *k, unsigned int length)
 			k[127] ^= 0x43;
 			break;
 		default:
-			throw InvalidArgument("CMAC: " + IntToString(length) + " is not a supported cipher block size");
+			CRYPTOPP_ASSERT(0);
 		}
 	}
+#endif  // CRYPTOPP_CMAC_WIDE_BLOCK_CIPHERS
 }
 
+ANONYMOUS_NAMESPACE_END
+
+NAMESPACE_BEGIN(CryptoPP)
+
 void CMAC_Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
 {
 	BlockCipher &cipher = AccessCipher();
@@ -130,7 +151,9 @@ void CMAC_Base::TruncatedFinal(byte *mac, size_t size)
 	else
 		cipher.AdvancedProcessBlocks(m_reg, m_reg+blockSize, m_reg, blockSize, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
 
-	memcpy(mac, m_reg, size);
+	// UBsan finding
+	if (mac)
+		memcpy(mac, m_reg, size);
 
 	m_counter = 0;
 	memset(m_reg, 0, blockSize);

Common/3dParty/cryptopp/cmac.h

@@ -10,6 +10,13 @@
 #include "seckey.h"
 #include "secblock.h"
 
+/// \brief Enable CMAC and wide block ciphers
+/// \details CMAC is only defined for AES. The library can support wide
+///  block ciphers like Kaylna and Threefish since we know the polynomials.
+#ifndef CRYPTOPP_CMAC_WIDE_BLOCK_CIPHERS
+# define CRYPTOPP_CMAC_WIDE_BLOCK_CIPHERS 1
+#endif  // CRYPTOPP_CMAC_WIDE_BLOCK_CIPHERS
+
 NAMESPACE_BEGIN(CryptoPP)
 
 /// \brief CMAC base implementation
@@ -17,6 +24,8 @@ NAMESPACE_BEGIN(CryptoPP)
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CMAC_Base : public MessageAuthenticationCode
 {
 public:
+
+	virtual ~CMAC_Base() {}
 	CMAC_Base() : m_counter(0) {}
 
 	void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params);
@@ -25,6 +34,7 @@ public:
 	unsigned int DigestSize() const {return GetCipher().BlockSize();}
 	unsigned int OptimalBlockSize() const {return GetCipher().BlockSize();}
 	unsigned int OptimalDataAlignment() const {return GetCipher().OptimalDataAlignment();}
+	std::string AlgorithmProvider() const {return GetCipher().AlgorithmProvider();}
 
 protected:
 	friend class EAX_Base;

Common/3dParty/cryptopp/config_align.h

@@ -0,0 +1,72 @@
+// config_align.h - written and placed in public domain by Jeffrey Walton
+//                  the bits that make up this source file are from the
+//                  library's monolithic config.h.
+
+/// \file config_align.h
+/// \brief Library configuration file
+/// \details <tt>config_align.h</tt> provides defines for aligned memory
+///  allocations.
+/// \details <tt>config.h</tt> was split into components in May 2019 to better
+///  integrate with Autoconf and its feature tests. The splitting occurred so
+///  users could continue to include <tt>config.h</tt> while allowing Autoconf
+///  to write new <tt>config_asm.h</tt> and new <tt>config_cxx.h</tt> using
+///  its feature tests.
+/// \note You should include <tt>config.h</tt> rather than <tt>config_align.h</tt>
+///  directly.
+/// \sa <A HREF="https://github.com/weidai11/cryptopp/issues/835">Issue 835,
+///  Make config.h more autoconf friendly</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Configure.sh">Configure.sh script</A>
+///  on the Crypto++ wiki
+/// \since Crypto++ 8.3
+
+#ifndef CRYPTOPP_CONFIG_ALIGN_H
+#define CRYPTOPP_CONFIG_ALIGN_H
+
+#include "config_asm.h"  // CRYPTOPP_DISABLE_ASM
+#include "config_cpu.h"  // X86, X32, X64, ARM32, ARM64, etc
+#include "config_cxx.h"  // CRYPTOPP_CXX11_ALIGNAS
+#include "config_ver.h"  // Compiler versions
+
+// Nearly all Intel's and AMD's have SSE. Enable it independent of SSE ASM and intrinsics.
+// ARM NEON and ARMv8 ASIMD only need natural alignment of an element in the vector.
+// Altivec through POWER7 need vector alignment. POWER8 and POWER9 relax the requirement.
+#if defined(CRYPTOPP_DISABLE_ASM)
+	#define CRYPTOPP_BOOL_ALIGN16 0
+#elif (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64 || \
+       CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64)
+	#define CRYPTOPP_BOOL_ALIGN16 1
+#else
+	#define CRYPTOPP_BOOL_ALIGN16 0
+#endif
+
+// How to allocate 16-byte aligned memory (for SSE2)
+// posix_memalign see https://forum.kde.org/viewtopic.php?p=66274
+#if defined(_MSC_VER)
+	#define CRYPTOPP_MM_MALLOC_AVAILABLE
+#elif defined(__linux__) || defined(__sun__) || defined(__CYGWIN__)
+	#define CRYPTOPP_MEMALIGN_AVAILABLE
+#elif defined(__APPLE__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__DragonFly__)
+	#define CRYPTOPP_MALLOC_ALIGNMENT_IS_16
+#elif (defined(_GNU_SOURCE) || ((_XOPEN_SOURCE + 0) >= 600)) && (_POSIX_ADVISORY_INFO > 0)
+	#define CRYPTOPP_POSIX_MEMALIGN_AVAILABLE
+#else
+	#define CRYPTOPP_NO_ALIGNED_ALLOC
+#endif
+
+// Sun Studio Express 3 (December 2006) provides GCC-style attributes.
+// IBM XL C/C++ alignment modifier per Optimization Guide, pp. 19-20.
+// __IBM_ATTRIBUTES per XLC 12.1 AIX Compiler Manual, p. 473.
+// CRYPTOPP_ALIGN_DATA may not be reliable on AIX.
+#if defined(CRYPTOPP_CXX11_ALIGNAS)
+	#define CRYPTOPP_ALIGN_DATA(x) alignas(x)
+#elif defined(_MSC_VER)
+	#define CRYPTOPP_ALIGN_DATA(x) __declspec(align(x))
+#elif defined(__GNUC__) || defined(__clang__) || (__SUNPRO_CC >= 0x5100)
+	#define CRYPTOPP_ALIGN_DATA(x) __attribute__((aligned(x)))
+#elif defined(__xlc__) || defined(__xlC__)
+	#define CRYPTOPP_ALIGN_DATA(x) __attribute__((aligned(x)))
+#else
+	#define CRYPTOPP_ALIGN_DATA(x)
+#endif
+
+#endif  // CRYPTOPP_CONFIG_ALIGN_H

Common/3dParty/cryptopp/config_asm.h

@@ -0,0 +1,488 @@
+// config_asm.h - written and placed in public domain by Jeffrey Walton
+//                the bits that make up this source file are from the
+//                library's monolithic config.h.
+
+/// \file config_asm.h
+/// \brief Library configuration file
+/// \details <tt>config_asm.h</tt> provides defines for instruction set
+///  architectures
+///  and inline assembly.
+/// \details <tt>config.h</tt> was split into components in May 2019 to better
+///  integrate with Autoconf and its feature tests. The splitting occurred so
+///  users could continue to include <tt>config.h</tt> while allowing Autoconf
+///  to write new <tt>config_asm.h</tt> and new <tt>config_cxx.h</tt> using
+///  its feature tests.
+/// \note You should include <tt>config.h</tt> rather than <tt>config_asm.h</tt>
+///  directly.
+/// \sa <A HREF="https://github.com/weidai11/cryptopp/issues/835">Issue 835,
+///  Make config.h more autoconf friendly</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Configure.sh">Configure.sh script</A>
+///  on the Crypto++ wiki
+/// \since Crypto++ 8.3
+
+#ifndef CRYPTOPP_CONFIG_ASM_H
+#define CRYPTOPP_CONFIG_ASM_H
+
+#include "config_os.h"
+#include "config_cpu.h"
+#include "config_ver.h"
+
+// Define this to disable ASM, intrinsics and built-ins. The library will be
+// compiled using C++ only. The library code will not include SSE2 (and
+// above), NEON, Aarch32, Aarch64, or Altivec (and above). Note the compiler
+// may use higher ISAs depending on compiler options, but the library will not
+// explicitly use the ISAs. When disabling ASM, it is best to do it from
+// config.h to ensure the library and all programs share the setting.
+// #define CRYPTOPP_DISABLE_ASM 1
+
+// https://github.com/weidai11/cryptopp/issues/719
+#if defined(__native_client__)
+# undef CRYPTOPP_DISABLE_ASM
+# define CRYPTOPP_DISABLE_ASM 1
+#endif
+
+// Some Clang and SunCC cannot handle mixed asm with positional arguments,
+// where the body is Intel style with no prefix and the templates are
+// AT&T style. Define this if the Makefile misdetects the configuration.
+// Also see https://bugs.llvm.org/show_bug.cgi?id=39895 .
+// #define CRYPTOPP_DISABLE_MIXED_ASM 1
+
+#if defined(__clang__) || (defined(__APPLE__) && defined(__GNUC__)) || defined(__SUNPRO_CC)
+# undef CRYPTOPP_DISABLE_MIXED_ASM
+# define CRYPTOPP_DISABLE_MIXED_ASM 1
+#endif
+
+// Define this if you need to disable Android advanced ISAs.
+// The problem is, Android-mk does not allow us to specify an
+// ISA option, like -maes or -march=armv8-a+crypto for AES.
+// Lack of an option results in a compile failure. To avoid
+// the compile failure, set this define. Also see
+// https://github.com/weidai11/cryptopp/issues/1015
+// CRYPTOPP_DISABLE_ANDROID_ADVANCED_ISA 1
+
+// ***************** IA32 CPU features ********************
+
+#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
+
+// Apple Clang prior to 5.0 cannot handle SSE2
+#if defined(CRYPTOPP_APPLE_CLANG_VERSION) && (CRYPTOPP_APPLE_CLANG_VERSION < 50000)
+# define CRYPTOPP_DISABLE_ASM 1
+#endif
+
+// Sun Studio 12.1 provides GCC inline assembly
+// http://blogs.oracle.com/x86be/entry/gcc_style_asm_inlining_support
+#if defined(__SUNPRO_CC) && (__SUNPRO_CC < 0x5100)
+# define CRYPTOPP_DISABLE_ASM 1
+#endif
+
+// Guard everything in CRYPTOPP_DISABLE_ASM
+#if !defined(CRYPTOPP_DISABLE_ASM)
+
+#if (defined(_MSC_VER) && defined(_M_IX86)) || ((defined(__GNUC__) && (defined(__i386__)) || defined(__x86_64__)))
+	// C++Builder 2010 does not allow "call label" where label is defined within inline assembly
+	#define CRYPTOPP_X86_ASM_AVAILABLE 1
+
+	#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(_MSC_VER) || CRYPTOPP_GCC_VERSION >= 30300 || defined(__SSE2__))
+		#define CRYPTOPP_SSE2_ASM_AVAILABLE 1
+	#endif
+
+	#if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1500 || CRYPTOPP_GCC_VERSION >= 40300 || defined(__SSSE3__))
+		#define CRYPTOPP_SSSE3_ASM_AVAILABLE 1
+	#endif
+#endif
+
+#if defined(_MSC_VER) && defined(_M_X64)
+	#define CRYPTOPP_X64_MASM_AVAILABLE 1
+#endif
+
+#if defined(__GNUC__) && defined(__x86_64__)
+	#define CRYPTOPP_X64_ASM_AVAILABLE 1
+#endif
+
+// 32-bit SunCC does not enable SSE2 by default.
+#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(_MSC_VER) || CRYPTOPP_GCC_VERSION >= 30300 || defined(__SSE2__) || (__SUNPRO_CC >= 0x5100))
+	#define CRYPTOPP_SSE2_INTRIN_AVAILABLE 1
+#endif
+
+#if !defined(CRYPTOPP_DISABLE_SSSE3)
+# if defined(__SSSE3__) || (_MSC_VER >= 1500) || \
+	(CRYPTOPP_GCC_VERSION >= 40300) || (__INTEL_COMPILER >= 1000) || (__SUNPRO_CC >= 0x5110) || \
+	(CRYPTOPP_LLVM_CLANG_VERSION >= 20300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40000)
+	#define CRYPTOPP_SSSE3_AVAILABLE 1
+# endif
+#endif
+
+// Intrinsics available in GCC 4.3 (http://gcc.gnu.org/gcc-4.3/changes.html) and
+// MSVC 2008 (http://msdn.microsoft.com/en-us/library/bb892950%28v=vs.90%29.aspx)
+// SunCC could generate SSE4 at 12.1, but the intrinsics are missing until 12.4.
+#if !defined(CRYPTOPP_DISABLE_SSE4) && defined(CRYPTOPP_SSSE3_AVAILABLE) && \
+	(defined(__SSE4_1__) || (CRYPTOPP_MSC_VERSION >= 1500) || \
+	(CRYPTOPP_GCC_VERSION >= 40300) || (__INTEL_COMPILER >= 1000) || (__SUNPRO_CC >= 0x5110) || \
+	(CRYPTOPP_LLVM_CLANG_VERSION >= 20300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40000))
+	#define CRYPTOPP_SSE41_AVAILABLE 1
+#endif
+
+#if !defined(CRYPTOPP_DISABLE_SSE4) && defined(CRYPTOPP_SSSE3_AVAILABLE) && \
+	(defined(__SSE4_2__) || (CRYPTOPP_MSC_VERSION >= 1500) || (__SUNPRO_CC >= 0x5110) || \
+	(CRYPTOPP_GCC_VERSION >= 40300) || (__INTEL_COMPILER >= 1000) || \
+	(CRYPTOPP_LLVM_CLANG_VERSION >= 20300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40000))
+	#define CRYPTOPP_SSE42_AVAILABLE 1
+#endif
+
+// Couple to CRYPTOPP_DISABLE_AESNI, but use CRYPTOPP_CLMUL_AVAILABLE so we can selectively
+//  disable for misbehaving platforms and compilers, like Solaris or some Clang.
+#if defined(CRYPTOPP_DISABLE_AESNI)
+	#define CRYPTOPP_DISABLE_CLMUL 1
+#endif
+
+// Requires Sun Studio 12.3 (SunCC 0x5120) in theory.
+#if !defined(CRYPTOPP_DISABLE_CLMUL) && defined(CRYPTOPP_SSE42_AVAILABLE) && \
+	(defined(__PCLMUL__) || (_MSC_FULL_VER >= 150030729) || (__SUNPRO_CC >= 0x5120) || \
+	(CRYPTOPP_GCC_VERSION >= 40300) || (__INTEL_COMPILER >= 1110) || \
+	(CRYPTOPP_LLVM_CLANG_VERSION >= 30200) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40300))
+	#define CRYPTOPP_CLMUL_AVAILABLE 1
+#endif
+
+// Requires Sun Studio 12.3 (SunCC 0x5120)
+#if !defined(CRYPTOPP_DISABLE_AESNI) && defined(CRYPTOPP_SSE42_AVAILABLE) && \
+	(defined(__AES__) || (_MSC_FULL_VER >= 150030729) || (__SUNPRO_CC >= 0x5120) || \
+	(CRYPTOPP_GCC_VERSION >= 40300) || (__INTEL_COMPILER >= 1110) || \
+	(CRYPTOPP_LLVM_CLANG_VERSION >= 30200) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40300))
+	#define CRYPTOPP_AESNI_AVAILABLE 1
+#endif
+
+// Requires Binutils 2.24
+#if !defined(CRYPTOPP_DISABLE_AVX) && defined(CRYPTOPP_SSE42_AVAILABLE) && \
+	(defined(__AVX2__) || (CRYPTOPP_MSC_VERSION >= 1800) || (__SUNPRO_CC >= 0x5130) || \
+	(CRYPTOPP_GCC_VERSION >= 40700) || (__INTEL_COMPILER >= 1400) || \
+	(CRYPTOPP_LLVM_CLANG_VERSION >= 30100) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40600))
+#define CRYPTOPP_AVX_AVAILABLE 1
+#endif
+
+// Requires Binutils 2.24
+#if !defined(CRYPTOPP_DISABLE_AVX2) && defined(CRYPTOPP_AVX_AVAILABLE) && \
+	(defined(__AVX2__) || (CRYPTOPP_MSC_VERSION >= 1800) || (__SUNPRO_CC >= 0x5130) || \
+	(CRYPTOPP_GCC_VERSION >= 40900) || (__INTEL_COMPILER >= 1400) || \
+	(CRYPTOPP_LLVM_CLANG_VERSION >= 30100) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40600))
+#define CRYPTOPP_AVX2_AVAILABLE 1
+#endif
+
+// Guessing at SHA for SunCC. Its not in Sun Studio 12.6. Also see
+// http://stackoverflow.com/questions/45872180/which-xarch-for-sha-extensions-on-solaris
+// Guessing for Intel ICPC. A slide deck says SHA support is in version 16.0-beta
+// https://www.alcf.anl.gov/files/ken_intel_compiler_optimization.pdf
+#if !defined(CRYPTOPP_DISABLE_SHANI) && defined(CRYPTOPP_SSE42_AVAILABLE) && \
+	(defined(__SHA__) || (CRYPTOPP_MSC_VERSION >= 1900) || (__SUNPRO_CC >= 0x5160) || \
+	(CRYPTOPP_GCC_VERSION >= 40900) || (__INTEL_COMPILER >= 1600) || \
+	(CRYPTOPP_LLVM_CLANG_VERSION >= 30400) || (CRYPTOPP_APPLE_CLANG_VERSION >= 50100))
+	#define CRYPTOPP_SHANI_AVAILABLE 1
+#endif
+
+// RDRAND uses byte codes. All we need is x86 ASM for it.
+// However tie it to AES-NI since SecureKey was available with it.
+#if !defined(CRYPTOPP_DISABLE_RDRAND) && defined(CRYPTOPP_AESNI_AVAILABLE)
+	#define CRYPTOPP_RDRAND_AVAILABLE 1
+#endif
+
+// RDSEED uses byte codes. All we need is x86 ASM for it.
+// However tie it to AES-NI since SecureKey was available with it.
+#if !defined(CRYPTOPP_DISABLE_RDSEED) && defined(CRYPTOPP_AESNI_AVAILABLE)
+	#define CRYPTOPP_RDSEED_AVAILABLE 1
+#endif
+
+// PadlockRNG uses byte codes. All we need is x86 ASM for it.
+#if !defined(CRYPTOPP_DISABLE_PADLOCK) && \
+	!(defined(__ANDROID__) || defined(ANDROID) || defined(__APPLE__)) && \
+	defined(CRYPTOPP_X86_ASM_AVAILABLE)
+	#define CRYPTOPP_PADLOCK_AVAILABLE 1
+	#define CRYPTOPP_PADLOCK_RNG_AVAILABLE 1
+	#define CRYPTOPP_PADLOCK_ACE_AVAILABLE 1
+	#define CRYPTOPP_PADLOCK_ACE2_AVAILABLE 1
+	#define CRYPTOPP_PADLOCK_PHE_AVAILABLE 1
+	#define CRYPTOPP_PADLOCK_PMM_AVAILABLE 1
+#endif
+
+// Fixup for SunCC 12.1-12.4. Bad code generation in AES_Encrypt and friends.
+#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5130)
+# undef CRYPTOPP_AESNI_AVAILABLE
+#endif
+
+// Fixup for SunCC 12.1-12.6. Compiler crash on GCM_Reduce_CLMUL.
+// http://github.com/weidai11/cryptopp/issues/226
+#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5150)
+# undef CRYPTOPP_CLMUL_AVAILABLE
+#endif
+
+// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670
+#define M128_CAST(x) ((__m128i *)(void *)(x))
+#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
+#define M256_CAST(x) ((__m256i *)(void *)(x))
+#define CONST_M256_CAST(x) ((const __m256i *)(const void *)(x))
+
+#endif  // CRYPTOPP_DISABLE_ASM
+
+#endif  // X86, X32, X64
+
+// ***************** ARM CPU features ********************
+
+#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8)
+
+// We don't have an ARM big endian test rig. Disable
+// ARM-BE ASM and instrinsics until we can test it.
+#if (CRYPTOPP_BIG_ENDIAN)
+# define CRYPTOPP_DISABLE_ASM 1
+#endif
+
+// Guard everything in CRYPTOPP_DISABLE_ASM
+#if !defined(CRYPTOPP_DISABLE_ASM)
+
+// Requires ACLE 1.0. -mfpu=neon or above must be present
+// Requires GCC 4.3, Clang 2.8 or Visual Studio 2012
+// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead.
+#if !defined(CRYPTOPP_ARM_NEON_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_NEON)
+# if defined(__arm__) || defined(__ARM_NEON) || defined(__ARM_FEATURE_NEON) || defined(_M_ARM)
+#  if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_LLVM_CLANG_VERSION >= 20800) || \
+      (CRYPTOPP_APPLE_CLANG_VERSION >= 30200) || (CRYPTOPP_MSC_VERSION >= 1700)
+#   define CRYPTOPP_ARM_NEON_AVAILABLE 1
+#  endif  // Compilers
+# endif  // Platforms
+#endif
+
+// ARMv8 and ASIMD. -march=armv8-a or above must be present
+// Requires GCC 4.8, Clang 3.3 or Visual Studio 2017
+// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead.
+#if !defined(CRYPTOPP_ARM_ASIMD_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_ASIMD)
+# if defined(__aarch32__) || defined(__aarch64__) || defined(__arm64__) || defined(_M_ARM64)
+#  if defined(__ARM_NEON) || defined(__ARM_ASIMD) || defined(__ARM_FEATURE_NEON) || defined(__ARM_FEATURE_ASIMD) || \
+      (CRYPTOPP_GCC_VERSION >= 40800) || (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || \
+      (CRYPTOPP_APPLE_CLANG_VERSION >= 40000) || (CRYPTOPP_MSC_VERSION >= 1916)
+#   define CRYPTOPP_ARM_NEON_AVAILABLE 1
+#   define CRYPTOPP_ARM_ASIMD_AVAILABLE 1
+#  endif  // Compilers
+# endif  // Platforms
+#endif
+
+// ARMv8 and ASIMD. -march=armv8-a+crc or above must be present
+// Requires GCC 4.8, Clang 3.3 or Visual Studio 2017
+#if !defined(CRYPTOPP_ARM_CRC32_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_CRC32)
+# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64)
+#  if defined(__ARM_FEATURE_CRC32) || (CRYPTOPP_GCC_VERSION >= 40800) || \
+      (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40300) || \
+      (CRYPTOPP_MSC_VERSION >= 1916)
+#   define CRYPTOPP_ARM_CRC32_AVAILABLE 1
+#  endif  // Compilers
+# endif  // Platforms
+#endif
+
+// ARMv8 and AES. -march=armv8-a+crypto or above must be present
+// Requires GCC 4.8, Clang 3.3 or Visual Studio 2017
+#if !defined(CRYPTOPP_ARM_AES_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_AES)
+# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64)
+#  if defined(__ARM_FEATURE_CRYPTO) || (CRYPTOPP_GCC_VERSION >= 40800) || \
+      (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40300) || \
+      (CRYPTOPP_MSC_VERSION >= 1916)
+#   define CRYPTOPP_ARM_AES_AVAILABLE 1
+#  endif  // Compilers
+# endif  // Platforms
+#endif
+
+// ARMv8 and PMULL. -march=armv8-a+crypto or above must be present
+// Requires GCC 4.8, Clang 3.3 or Visual Studio 2017
+#if !defined(CRYPTOPP_ARM_PMULL_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_PMULL)
+# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64)
+#  if defined(__ARM_FEATURE_CRYPTO) || (CRYPTOPP_GCC_VERSION >= 40800) || \
+      (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40300) || \
+      (CRYPTOPP_MSC_VERSION >= 1916)
+#   define CRYPTOPP_ARM_PMULL_AVAILABLE 1
+#  endif  // Compilers
+# endif  // Platforms
+#endif
+
+// ARMv8 and SHA-1, SHA-256. -march=armv8-a+crypto or above must be present
+// Requires GCC 4.8, Clang 3.3 or Visual Studio 2017
+#if !defined(CRYPTOPP_ARM_SHA_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_SHA)
+# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64)
+#  if defined(__ARM_FEATURE_CRYPTO) || (CRYPTOPP_GCC_VERSION >= 40800) || \
+      (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40300) || \
+      (CRYPTOPP_MSC_VERSION >= 1916)
+#   define CRYPTOPP_ARM_SHA1_AVAILABLE 1
+#   define CRYPTOPP_ARM_SHA2_AVAILABLE 1
+#  endif  // Compilers
+# endif  // Platforms
+#endif
+
+// Buggy Microsoft compiler, https://github.com/weidai11/cryptopp/issues/1096
+#if defined(_MSC_VER)
+# undef CRYPTOPP_ARM_SHA1_AVAILABLE
+# undef CRYPTOPP_ARM_SHA2_AVAILABLE
+#endif
+
+// ARMv8 and SHA-512, SHA-3. -march=armv8.2-a+crypto or above must be present
+// Requires GCC 8.0, Clang 11.0, Apple Clang 12.0 or Visual Studio 20??
+#if !defined(CRYPTOPP_ARM_SHA3_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_SHA)
+# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64)
+#  if defined(__ARM_FEATURE_SHA3) || (CRYPTOPP_GCC_VERSION >= 80000) || \
+      (CRYPTOPP_APPLE_CLANG_VERSION >= 120000) || (CRYPTOPP_LLVM_CLANG_VERSION >= 110000)
+#   define CRYPTOPP_ARM_SHA512_AVAILABLE 1
+#   define CRYPTOPP_ARM_SHA3_AVAILABLE 1
+#  endif  // Compilers
+# endif  // Platforms
+#endif
+
+// ARMv8 and SM3, SM4. -march=armv8.2-a+crypto or above must be present
+// Requires GCC 8.0, Clang ??? or Visual Studio 20??
+// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead.
+#if !defined(CRYPTOPP_ARM_SM3_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_SM3)
+# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64)
+#  if defined(__ARM_FEATURE_SM3) || (CRYPTOPP_GCC_VERSION >= 80000)
+#   define CRYPTOPP_ARM_SM3_AVAILABLE 1
+#   define CRYPTOPP_ARM_SM4_AVAILABLE 1
+#  endif  // Compilers
+# endif  // Platforms
+#endif
+
+// Limit the <arm_neon.h> include.
+#if !defined(CRYPTOPP_ARM_NEON_HEADER)
+# if defined(CRYPTOPP_ARM_NEON_AVAILABLE) || defined (CRYPTOPP_ARM_ASIMD_AVAILABLE)
+#  if !defined(_M_ARM64)
+#   define CRYPTOPP_ARM_NEON_HEADER 1
+#  endif
+# endif
+#endif
+
+// Limit the <arm_acle.h> include.
+#if !defined(CRYPTOPP_ARM_ACLE_HEADER)
+# if defined(__aarch32__) || defined(__aarch64__) || (__ARM_ARCH >= 8) || defined(__ARM_ACLE)
+#  define CRYPTOPP_ARM_ACLE_HEADER 1
+# endif
+#endif
+
+// Apple M1 hack. Xcode cross-compiles for iOS lack
+// arm_acle.h. Apple M1 needs arm_acle.h. The problem
+// in practice is, we can't get CRYPTOPP_ARM_ACLE_HEADER
+// quite right based on ARM preprocessor macros.
+#if defined(__APPLE__) && !defined(__ARM_FEATURE_CRC32)
+# undef CRYPTOPP_ARM_ACLE_HEADER
+#endif
+
+// Cryptogams offers an ARM asm implementations for AES and SHA. Crypto++ does
+// not provide an asm implementation. The Cryptogams AES implementation is
+// about 50% faster than C/C++, and SHA implementation is about 30% faster
+// than C/C++. Define this to use the Cryptogams AES and SHA implementations
+// on GNU Linux systems. When defined, Crypto++ will use aes_armv4.S,
+// sha1_armv4.S and sha256_armv4.S. https://www.cryptopp.com/wiki/Cryptogams.
+#if !defined(CRYPTOPP_DISABLE_ARM_NEON)
+# if defined(__arm__) && defined(__linux__)
+#  if defined(__GNUC__) || defined(__clang__)
+#   define CRYPTOGAMS_ARM_AES      1
+#   define CRYPTOGAMS_ARM_SHA1     1
+#   define CRYPTOGAMS_ARM_SHA256   1
+#   define CRYPTOGAMS_ARM_SHA512   1
+#  endif
+# endif
+#endif
+
+// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670
+#define UINT64_CAST(x) ((uint64_t *)(void *)(x))
+#define CONST_UINT64_CAST(x) ((const uint64_t *)(const void *)(x))
+
+#endif  // CRYPTOPP_DISABLE_ASM
+
+#endif  // ARM32, ARM64
+
+// ***************** AltiVec and Power8 ********************
+
+#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64)
+
+// Guard everything in CRYPTOPP_DISABLE_ASM
+#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_ALTIVEC)
+
+// An old Apple G5 with GCC 4.01 has AltiVec, but its only Power4 or so.
+#if !defined(CRYPTOPP_ALTIVEC_AVAILABLE)
+# if defined(_ARCH_PWR4) || defined(__ALTIVEC__) || \
+	(CRYPTOPP_XLC_VERSION >= 100000) || (CRYPTOPP_GCC_VERSION >= 40001) || \
+    (CRYPTOPP_LLVM_CLANG_VERSION >= 20900)
+#  define CRYPTOPP_ALTIVEC_AVAILABLE 1
+# endif
+#endif
+
+#if defined(CRYPTOPP_ALTIVEC_AVAILABLE)
+
+// We need Power7 for unaligned loads and stores
+#if !defined(CRYPTOPP_POWER7_AVAILABLE) && !defined(CRYPTOPP_DISABLE_POWER7)
+# if defined(_ARCH_PWR7) || (CRYPTOPP_XLC_VERSION >= 100000) || \
+    (CRYPTOPP_GCC_VERSION >= 40100) || (CRYPTOPP_LLVM_CLANG_VERSION >= 30100)
+#  define CRYPTOPP_POWER7_AVAILABLE 1
+# endif
+#endif
+
+#if defined(CRYPTOPP_POWER7_AVAILABLE)
+
+// We need Power8 for in-core crypto and 64-bit vector types
+#if !defined(CRYPTOPP_POWER8_AVAILABLE) && !defined(CRYPTOPP_DISABLE_POWER8)
+# if defined(_ARCH_PWR8) || (CRYPTOPP_XLC_VERSION >= 130000) || \
+    (CRYPTOPP_GCC_VERSION >= 40800) || (CRYPTOPP_LLVM_CLANG_VERSION >= 70000)
+#  define CRYPTOPP_POWER8_AVAILABLE 1
+# endif
+#endif
+
+#if !defined(CRYPTOPP_POWER8_AES_AVAILABLE) && !defined(CRYPTOPP_DISABLE_POWER8_AES) && defined(CRYPTOPP_POWER8_AVAILABLE)
+# if defined(__CRYPTO__) || defined(_ARCH_PWR8) || (CRYPTOPP_XLC_VERSION >= 130000) || \
+    (CRYPTOPP_GCC_VERSION >= 40800) || (CRYPTOPP_LLVM_CLANG_VERSION >= 70000)
+//#  define CRYPTOPP_POWER8_CRC_AVAILABLE 1
+#  define CRYPTOPP_POWER8_AES_AVAILABLE 1
+#  define CRYPTOPP_POWER8_VMULL_AVAILABLE 1
+#  define CRYPTOPP_POWER8_SHA_AVAILABLE 1
+# endif
+#endif
+
+#if defined(CRYPTOPP_POWER8_AVAILABLE)
+
+// Power9 for random numbers
+#if !defined(CRYPTOPP_POWER9_AVAILABLE) && !defined(CRYPTOPP_DISABLE_POWER9)
+# if defined(_ARCH_PWR9) || (CRYPTOPP_XLC_VERSION >= 130200) || \
+    (CRYPTOPP_GCC_VERSION >= 70000) || (CRYPTOPP_LLVM_CLANG_VERSION >= 80000)
+#  define CRYPTOPP_POWER9_AVAILABLE 1
+# endif
+#endif
+
+#endif  // CRYPTOPP_POWER8_AVAILABLE
+#endif  // CRYPTOPP_POWER7_AVAILABLE
+#endif  // CRYPTOPP_ALTIVEC_AVAILABLE
+#endif  // CRYPTOPP_DISABLE_ASM
+#endif  // PPC32, PPC64
+
+// https://github.com/weidai11/cryptopp/issues/1015
+#if defined(CRYPTOPP_DISABLE_ANDROID_ADVANCED_ISA)
+# if defined(__ANDROID__) || defined(ANDROID)
+#  if (CRYPTOPP_BOOL_X86)
+#   undef CRYPTOPP_SSE41_AVAILABLE
+#   undef CRYPTOPP_SSE42_AVAILABLE
+#   undef CRYPTOPP_CLMUL_AVAILABLE
+#   undef CRYPTOPP_AESNI_AVAILABLE
+#   undef CRYPTOPP_SHANI_AVAILABLE
+#   undef CRYPTOPP_RDRAND_AVAILABLE
+#   undef CRYPTOPP_RDSEED_AVAILABLE
+#   undef CRYPTOPP_AVX_AVAILABLE
+#   undef CRYPTOPP_AVX2_AVAILABLE
+#  endif
+#  if (CRYPTOPP_BOOL_X64)
+#   undef CRYPTOPP_CLMUL_AVAILABLE
+#   undef CRYPTOPP_AESNI_AVAILABLE
+#   undef CRYPTOPP_SHANI_AVAILABLE
+#   undef CRYPTOPP_RDRAND_AVAILABLE
+#   undef CRYPTOPP_RDSEED_AVAILABLE
+#   undef CRYPTOPP_AVX_AVAILABLE
+#   undef CRYPTOPP_AVX2_AVAILABLE
+#  endif
+#  if (CRYPTOPP_BOOL_ARMV8)
+#   undef CRYPTOPP_ARM_CRC32_AVAILABLE
+#   undef CRYPTOPP_ARM_PMULL_AVAILABLE
+#   undef CRYPTOPP_ARM_AES_AVAILABLE
+#   undef CRYPTOPP_ARM_SHA1_AVAILABLE
+#   undef CRYPTOPP_ARM_SHA2_AVAILABLE
+#  endif
+# endif  // ANDROID
+#endif   // CRYPTOPP_DISABLE_ANDROID_ADVANCED_ISA
+
+#endif  // CRYPTOPP_CONFIG_ASM_H

Common/3dParty/cryptopp/config_cpu.h

@@ -0,0 +1,211 @@
+// config_cpu.h - written and placed in public domain by Jeffrey Walton
+//                the bits that make up this source file are from the
+//                library's monolithic config.h.
+
+/// \file config_cpu.h
+/// \brief Library configuration file
+/// \details <tt>config_cpu.h</tt> provides defines for the cpu and machine
+///  architecture.
+/// \details <tt>config.h</tt> was split into components in May 2019 to better
+///  integrate with Autoconf and its feature tests. The splitting occurred so
+///  users could continue to include <tt>config.h</tt> while allowing Autoconf
+///  to write new <tt>config_asm.h</tt> and new <tt>config_cxx.h</tt> using
+///  its feature tests.
+/// \note You should include <tt>config.h</tt> rather than <tt>config_cpu.h</tt>
+///  directly.
+/// \sa <A HREF="https://github.com/weidai11/cryptopp/issues/835">Issue 835,
+///  Make config.h more autoconf friendly</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Configure.sh">Configure.sh script</A>
+///  on the Crypto++ wiki,
+///  <A HREF="https://sourceforge.net/p/predef/wiki/Architectures/">Sourceforge
+///  Pre-defined Compiler Macros</A>
+/// \since Crypto++ 8.3
+
+#ifndef CRYPTOPP_CONFIG_CPU_H
+#define CRYPTOPP_CONFIG_CPU_H
+
+#include "config_ver.h"
+
+#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
+	/// \brief 32-bit x32 platform
+	/// \details CRYPTOPP_BOOL_X32 is defined to 1 when building the library
+	///  for a 32-bit x32 platform. Otherwise, the macro is not defined.
+	/// \details x32 is sometimes referred to as x86_32. x32 is the ILP32 data
+	///  model on a 64-bit cpu. Integers, longs and pointers are 32-bit but the
+	///  program runs on a 64-bit cpu.
+	/// \details The significance of x32 is, inline assembly must operate on
+	///  64-bit registers, not 32-bit registers. That means, for example,
+	///  function prologues and epilogues must push and pop RSP, not ESP.
+	/// \note: Clang defines __ILP32__ on any 32-bit platform. Therefore,
+	///  CRYPTOPP_BOOL_X32 depends upon both __ILP32__ and __x86_64__.
+	/// \sa <A HREF="https://wiki.debian.org/X32Port">Debian X32 Port</A>,
+	///  <A HREF="https://wiki.gentoo.org/wiki/Project:Multilib/Concepts">Gentoo
+	///  Multilib Concepts</A>
+	#define CRYPTOPP_BOOL_X32 ...
+	/// \brief 32-bit x86 platform
+	/// \details CRYPTOPP_BOOL_X64 is defined to 1 when building the library
+	///  for a 64-bit x64 platform. Otherwise, the macro is not defined.
+	#define CRYPTOPP_BOOL_X64 ...
+	/// \brief 32-bit x86 platform
+	/// \details CRYPTOPP_BOOL_X86 is defined to 1 when building the library
+	///  for a 32-bit x86 platform. Otherwise, the macro is not defined.
+	#define CRYPTOPP_BOOL_X86 ...
+#elif (defined(__ILP32__) || defined(_ILP32)) && defined(__x86_64__)
+	#define CRYPTOPP_BOOL_X32 1
+#elif (defined(_M_X64) || defined(__x86_64__))
+	#define CRYPTOPP_BOOL_X64 1
+#elif (defined(_M_IX86) || defined(__i386__) || defined(__i386) || defined(_X86_) || defined(__I86__) || defined(__INTEL__))
+	#define CRYPTOPP_BOOL_X86 1
+#endif
+
+#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
+	/// \brief ARMv8 platform
+	/// \details CRYPTOPP_BOOL_ARMV8 is defined to 1 when building the library
+	///  for an ARMv8 platform. Otherwise, the macro is not defined.
+	/// \details ARMv8 includes both Aarch32 and Aarch64. Aarch32 is a 32-bit
+	///  execution environment on Aarch64.
+	#define CRYPTOPP_BOOL_ARMV8 ...
+	/// \brief 64-bit ARM platform
+	/// \details CRYPTOPP_BOOL_ARM64 is defined to 1 when building the library
+	///  for a 64-bit x64 platform. Otherwise, the macro is not defined.
+	/// \details Currently the macro indicates an ARM 64-bit architecture.
+	#define CRYPTOPP_BOOL_ARM64 ...
+	/// \brief 32-bit ARM platform
+	/// \details CRYPTOPP_BOOL_ARM32 is defined to 1 when building the library
+	///  for a 32-bit ARM platform. Otherwise, the macro is not defined.
+	/// \details Currently the macro indicates an ARM A-32 architecture.
+	#define CRYPTOPP_BOOL_ARM32 ...
+#elif defined(__arm64__) || defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64)
+	// Microsoft added ARM64 define December 2017.
+	#define CRYPTOPP_BOOL_ARMV8 1
+#endif
+#if defined(__arm64__) || defined(__aarch64__) || defined(_M_ARM64)
+	#define CRYPTOPP_BOOL_ARM64 1
+#elif defined(__arm__) || defined(_M_ARM)
+	#define CRYPTOPP_BOOL_ARM32 1
+#endif
+
+#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
+	/// \brief 64-bit PowerPC platform
+	/// \details CRYPTOPP_BOOL_PPC64 is defined to 1 when building the library
+	///  for a 64-bit PowerPC platform. Otherwise, the macro is not defined.
+	#define CRYPTOPP_BOOL_PPC64 ...
+	/// \brief 32-bit PowerPC platform
+	/// \details CRYPTOPP_BOOL_PPC32 is defined to 1 when building the library
+	///  for a 32-bit PowerPC platform. Otherwise, the macro is not defined.
+	#define CRYPTOPP_BOOL_PPC32 ...
+#elif defined(__ppc64__) || defined(__powerpc64__) || defined(__PPC64__) || defined(_ARCH_PPC64)
+	#define CRYPTOPP_BOOL_PPC64 1
+#elif defined(__powerpc__) || defined(__ppc__) || defined(__PPC__) || defined(_ARCH_PPC)
+	#define CRYPTOPP_BOOL_PPC32 1
+#endif
+
+#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
+	/// \brief 64-bit MIPS platform
+	/// \details CRYPTOPP_BOOL_MIPS64 is defined to 1 when building the library
+	///  for a 64-bit MIPS platform. Otherwise, the macro is not defined.
+	#define CRYPTOPP_BOOL_MIPS64 ...
+	/// \brief 64-bit MIPS platform
+	/// \details CRYPTOPP_BOOL_MIPS32 is defined to 1 when building the library
+	///  for a 32-bit MIPS platform. Otherwise, the macro is not defined.
+	#define CRYPTOPP_BOOL_MIPS32 ...
+#elif defined(__mips64__)
+	#define CRYPTOPP_BOOL_MIPS64 1
+#elif defined(__mips__)
+	#define CRYPTOPP_BOOL_MIPS32 1
+#endif
+
+#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
+	/// \brief 64-bit SPARC platform
+	/// \details CRYPTOPP_BOOL_SPARC64 is defined to 1 when building the library
+	///  for a 64-bit SPARC platform. Otherwise, the macro is not defined.
+	#define CRYPTOPP_BOOL_SPARC64 ...
+	/// \brief 32-bit SPARC platform
+	/// \details CRYPTOPP_BOOL_SPARC32 is defined to 1 when building the library
+	///  for a 32-bit SPARC platform. Otherwise, the macro is not defined.
+	#define CRYPTOPP_BOOL_SPARC32 ...
+#elif defined(__sparc64__) || defined(__sparc64) || defined(__sparcv9) || defined(__sparc_v9__)
+	#define CRYPTOPP_BOOL_SPARC64 1
+#elif defined(__sparc__) || defined(__sparc) || defined(__sparcv8) || defined(__sparc_v8__)
+	#define CRYPTOPP_BOOL_SPARC32 1
+#endif
+
+#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
+	/// \brief L1 data cache line size
+	/// \details CRYPTOPP_L1_CACHE_LINE_SIZE should be a lower bound on the L1
+	///  data cache line size. It is used for defense against some timing attacks.
+	/// \details CRYPTOPP_L1_CACHE_LINE_SIZE default value on 32-bit platforms
+	///  is 32, and the default value on 64-bit platforms is 64. On PowerPC the
+	///  default value is 128 since all PowerPC cpu's starting at PPC 970 provide
+	///  it.
+	/// \note The runtime library on some PowerPC platforms misreport the size
+	///  of the cache line size. The runtime library reports 64, while the cpu
+	///  has a cache line size of 128.
+	/// \sa <A HREF="https://bugs.centos.org/view.php?id=14599">CentOS Issue
+	///  14599: sysconf(_SC_LEVEL1_DCACHE_LINESIZE) returns 0 instead of 128</A>
+	/// \since Crypto++ 5.3
+	#define CRYPTOPP_L1_CACHE_LINE_SIZE ...
+#else
+	#ifndef CRYPTOPP_L1_CACHE_LINE_SIZE
+		#if defined(CRYPTOPP_BOOL_X32) || defined(CRYPTOPP_BOOL_X64) || defined(CRYPTOPP_BOOL_ARMV8) || \
+		    defined(CRYPTOPP_BOOL_MIPS64) || defined(CRYPTOPP_BOOL_SPARC64)
+			#define CRYPTOPP_L1_CACHE_LINE_SIZE 64
+		#elif defined(CRYPTOPP_BOOL_PPC32) || defined(CRYPTOPP_BOOL_PPC64)
+			// http://lists.llvm.org/pipermail/llvm-dev/2017-March/110982.html
+			#define CRYPTOPP_L1_CACHE_LINE_SIZE 128
+		#else
+			// L1 cache line size is 32 on Pentium III and earlier
+			#define CRYPTOPP_L1_CACHE_LINE_SIZE 32
+		#endif
+	#endif
+#endif
+
+#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
+	/// \brief Initialized data section
+	/// \details CRYPTOPP_SECTION_INIT is added to variables to place them in the
+	///  initialized data section (sometimes denoted <tt>.data</tt>). The placement
+	///  helps avoid "uninitialized variable" warnings from Valgrind and other tools.
+	#define CRYPTOPP_SECTION_INIT ...
+#else
+	// The section attribute attempts to initialize CPU flags to avoid Valgrind findings above -O1
+	#if ((defined(__MACH__) && defined(__APPLE__)) && ((CRYPTOPP_LLVM_CLANG_VERSION >= 30600) || \
+	    (CRYPTOPP_APPLE_CLANG_VERSION >= 70100) || (CRYPTOPP_GCC_VERSION >= 40300)))
+		#define CRYPTOPP_SECTION_INIT __attribute__((section ("__DATA,__data")))
+	#elif (defined(__ELF__) && (CRYPTOPP_GCC_VERSION >= 40300))
+		#define CRYPTOPP_SECTION_INIT __attribute__((section ("nocommon")))
+	#elif defined(__ELF__) && (defined(__xlC__) || defined(__ibmxl__))
+		#define CRYPTOPP_SECTION_INIT __attribute__((section ("nocommon")))
+	#else
+		#define CRYPTOPP_SECTION_INIT
+	#endif
+#endif
+
+// How to disable CPU feature probing. We determine machine
+// capabilities by performing an os/platform *query* first,
+// like getauxv(). If the *query* fails, we move onto a
+// cpu *probe*. The cpu *probe* tries to exeute an instruction
+// and then catches a SIGILL on Linux or the exception
+// EXCEPTION_ILLEGAL_INSTRUCTION on Windows. Some OSes
+// fail to hangle a SIGILL gracefully, like Apple OSes. Apple
+// machines corrupt memory and variables around the probe.
+#if defined(__APPLE__)
+	#define CRYPTOPP_NO_CPU_FEATURE_PROBES 1
+#endif
+
+// Flavor of inline assembly language
+#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
+	/// \brief Microsoft style inline assembly
+	/// \details CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY is defined when either
+	///  <tt>_MSC_VER</tt> or <tt>__BORLANDC__</tt> are defined.
+	#define CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY ...
+	/// \brief GNU style inline assembly
+	/// \details CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY is defined when neither
+	///  <tt>_MSC_VER</tt> nor <tt>__BORLANDC__</tt> are defined.
+	#define CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY ...
+#elif defined(_MSC_VER) || defined(__BORLANDC__)
+	#define CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY 1
+#else
+	#define CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY 1
+#endif
+
+#endif  // CRYPTOPP_CONFIG_CPU_H

Common/3dParty/cryptopp/config_cxx.h

@@ -0,0 +1,250 @@
+// config_cxx.h - written and placed in public domain by Jeffrey Walton
+//                the bits that make up this source file are from the
+//                library's monolithic config.h.
+
+/// \file config_cxx.h
+/// \brief Library configuration file
+/// \details <tt>config_cxx.h</tt> provides defines for C++ language and
+///  runtime library
+///  features.
+/// \details <tt>config.h</tt> was split into components in May 2019 to better
+///  integrate with Autoconf and its feature tests. The splitting occurred so
+///  users could continue to include <tt>config.h</tt> while allowing Autoconf
+///  to write new <tt>config_asm.h</tt> and new <tt>config_cxx.h</tt> using
+///  its feature tests.
+/// \note You should include <tt>config.h</tt> rather than <tt>config_cxx.h</tt>
+///  directly.
+/// \sa <A HREF="https://github.com/weidai11/cryptopp/issues/835">Issue 835,
+///  Make config.h more autoconf friendly</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Configure.sh">Configure.sh script</A>
+///  on the Crypto++ wiki
+/// \since Crypto++ 8.3
+
+// Visual Studio began at VS2010, http://msdn.microsoft.com/en-us/library/hh567368%28v=vs.110%29.aspx
+//   and https://docs.microsoft.com/en-us/cpp/visual-cpp-language-conformance
+// Intel, http://software.intel.com/en-us/articles/c0x-features-supported-by-intel-c-compiler
+// GCC, http://gcc.gnu.org/projects/cxx0x.html
+// Clang, http://clang.llvm.org/cxx_status.html
+
+#ifndef CRYPTOPP_CONFIG_CXX_H
+#define CRYPTOPP_CONFIG_CXX_H
+
+#include "config_os.h"
+#include "config_cpu.h"
+#include "config_ver.h"
+
+// https://github.com/weidai11/cryptopp/issues/960
+#include <string>
+#include <exception>
+
+// You may need to force include a C++ header on Android when using STLPort
+// to ensure _STLPORT_VERSION is defined
+#if (defined(_MSC_VER) && _MSC_VER <= 1300) || \
+	defined(__MWERKS__) || \
+	(defined(_STLPORT_VERSION) && ((_STLPORT_VERSION < 0x450) || defined(_STLP_NO_UNCAUGHT_EXCEPT_SUPPORT)) || \
+	(__cplusplus >= 202002L))
+#define CRYPTOPP_DISABLE_UNCAUGHT_EXCEPTION
+#endif
+
+// Ancient Crypto++ define, dating back to C++98.
+#ifndef CRYPTOPP_DISABLE_UNCAUGHT_EXCEPTION
+# define CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE 1
+# define CRYPTOPP_CXX98_UNCAUGHT_EXCEPTION 1
+#endif
+
+// Compatibility with non-clang compilers.
+#ifndef __has_feature
+# define __has_feature(x) 0
+#endif
+
+// C++11 macro version, https://stackoverflow.com/q/7223991/608639
+#if ((_MSC_VER >= 1600) || (__cplusplus >= 201103L)) && !defined(_STLPORT_VERSION)
+#  define CRYPTOPP_CXX11 1
+#endif
+
+// Hack ahead. Apple's standard library does not have C++'s unique_ptr in C++11.
+// We can't test for unique_ptr directly because some of the non-Apple Clangs
+// on OS X fail the same way. However, modern standard libraries have
+// <forward_list>, so we test for it instead. Thanks to Jonathan Wakely for
+// devising the clever test for modern/ancient versions. TODO: test under
+// Xcode 3, where g++ is really g++.
+#if defined(__APPLE__) && defined(__clang__)
+#  if !(defined(__has_include) && __has_include(<forward_list>))
+#    undef CRYPTOPP_CXX11
+#  endif
+#endif
+
+// C++14 macro version, https://stackoverflow.com/q/26089319/608639
+#if defined(CRYPTOPP_CXX11) && !defined(CRYPTOPP_NO_CXX14)
+#  if ((_MSC_VER >= 1900) || (__cplusplus >= 201402L)) && !defined(_STLPORT_VERSION)
+#    define CRYPTOPP_CXX14 1
+#  endif
+#endif
+
+// C++17 macro version, https://stackoverflow.com/q/38456127/608639
+#if defined(CRYPTOPP_CXX14) && !defined(CRYPTOPP_NO_CXX17)
+#  if ((_MSC_VER >= 1900) || (__cplusplus >= 201703L)) && !defined(_STLPORT_VERSION)
+#    define CRYPTOPP_CXX17 1
+#  endif
+#endif
+
+// ***************** C++11 and above ********************
+
+#if defined(CRYPTOPP_CXX11)
+
+// atomics: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.1/3.2; Intel 13.0; SunCC 5.14.
+#if (CRYPTOPP_MSC_VERSION >= 1700) || __has_feature(cxx_atomic) || \
+	(__INTEL_COMPILER >= 1300) || (CRYPTOPP_GCC_VERSION >= 40400) || (__SUNPRO_CC >= 0x5140)
+# define CRYPTOPP_CXX11_ATOMIC 1
+#endif // atomics
+
+// synchronization: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.3; Xcode 5.0; Intel 12.0; SunCC 5.13.
+// TODO: verify Clang and Intel versions; find __has_feature(x) extension for Clang
+#if (CRYPTOPP_MSC_VERSION >= 1700) || (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || \
+	(CRYPTOPP_APPLE_CLANG_VERSION >= 50000) || (__INTEL_COMPILER >= 1200) || \
+	(CRYPTOPP_GCC_VERSION >= 40400) || (__SUNPRO_CC >= 0x5130)
+// Hack ahead. New GCC compilers like GCC 6 on AIX 7.0 or earlier as well as original MinGW
+// don't have the synchronization gear. However, Wakely's test used for Apple does not work
+// on the GCC/AIX combination. Another twist is we need other stuff from C++11,
+// like no-except destructors. Dumping preprocessors shows the following may
+// apply: http://stackoverflow.com/q/14191566/608639.
+# include <cstddef>
+# if !defined(__GLIBCXX__) || defined(_GLIBCXX_HAS_GTHREADS)
+#  define CRYPTOPP_CXX11_SYNCHRONIZATION 1
+# endif
+#endif // synchronization
+
+// Dynamic Initialization and Destruction with Concurrency ("Magic Statics")
+// MS at VS2015 with Vista (19.00); GCC at 4.3; LLVM Clang at 2.9; Apple Clang at 4.0; Intel 11.1; SunCC 5.13.
+// Microsoft's implementation only works for Vista and above, so its further
+// limited. http://connect.microsoft.com/VisualStudio/feedback/details/1789709
+// Clang may not support this as early as we indicate. Also see https://bugs.llvm.org/show_bug.cgi?id=47012.
+#if (__cpp_threadsafe_static_init >= 200806) || \
+	(CRYPTOPP_MSC_VERSION >= 1900) && ((WINVER >= 0x0600) || (_WIN32_WINNT >= 0x0600)) || \
+	(CRYPTOPP_LLVM_CLANG_VERSION >= 20900) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40000)  || \
+	(__INTEL_COMPILER >= 1110) || (CRYPTOPP_GCC_VERSION >= 40300) || (__SUNPRO_CC >= 0x5130)
+# define CRYPTOPP_CXX11_STATIC_INIT 1
+#endif // Dynamic Initialization compilers
+
+// deleted functions: MS at VS2013 (18.00); GCC at 4.3; Clang at 2.9; Intel 12.1; SunCC 5.13.
+#if (CRYPTOPP_MSC_VERSION >= 1800) || (CRYPTOPP_LLVM_CLANG_VERSION >= 20900) || \
+	(CRYPTOPP_APPLE_CLANG_VERSION >= 40000) || (__INTEL_COMPILER >= 1210) || \
+	(CRYPTOPP_GCC_VERSION >= 40300) || (__SUNPRO_CC >= 0x5130)
+# define CRYPTOPP_CXX11_DELETED_FUNCTIONS 1
+#endif // deleted functions
+
+// alignof/alignas: MS at VS2015 (19.00); GCC at 4.8; Clang at 3.0; Intel 15.0; SunCC 5.13.
+#if (CRYPTOPP_MSC_VERSION >= 1900) || __has_feature(cxx_alignas) || \
+	(__INTEL_COMPILER >= 1500) || (CRYPTOPP_GCC_VERSION >= 40800) || (__SUNPRO_CC >= 0x5130)
+#  define CRYPTOPP_CXX11_ALIGNAS 1
+#endif // alignas
+
+// alignof: MS at VS2015 (19.00); GCC at 4.5; Clang at 2.9; Intel 15.0; SunCC 5.13.
+#if (CRYPTOPP_MSC_VERSION >= 1900) || __has_feature(cxx_alignof) || \
+	(__INTEL_COMPILER >= 1500) || (CRYPTOPP_GCC_VERSION >= 40500) || (__SUNPRO_CC >= 0x5130)
+#  define CRYPTOPP_CXX11_ALIGNOF 1
+#endif // alignof
+
+// initializer lists: MS at VS2013 (18.00); GCC at 4.4; Clang at 3.1; Intel 14.0; SunCC 5.13.
+#if (CRYPTOPP_MSC_VERSION >= 1800) || (CRYPTOPP_LLVM_CLANG_VERSION >= 30100) || \
+	(CRYPTOPP_APPLE_CLANG_VERSION >= 40000) || (__INTEL_COMPILER >= 1400) || \
+	(CRYPTOPP_GCC_VERSION >= 40400) || (__SUNPRO_CC >= 0x5130)
+#  define CRYPTOPP_CXX11_INITIALIZER_LIST 1
+#endif // alignas
+
+// lambdas: MS at VS2012 (17.00); GCC at 4.9; Clang at 3.3; Intel 12.0; SunCC 5.14.
+#if (CRYPTOPP_MSC_VERSION >= 1700) || __has_feature(cxx_lambdas) || \
+	(__INTEL_COMPILER >= 1200) || (CRYPTOPP_GCC_VERSION >= 40900) || (__SUNPRO_CC >= 0x5140)
+#  define CRYPTOPP_CXX11_LAMBDA 1
+#endif // lambdas
+
+// noexcept: MS at VS2015 (19.00); GCC at 4.6; Clang at 3.0; Intel 14.0; SunCC 5.13.
+#if (CRYPTOPP_MSC_VERSION >= 1900) || __has_feature(cxx_noexcept) || \
+	(__INTEL_COMPILER >= 1400) || (CRYPTOPP_GCC_VERSION >= 40600) || (__SUNPRO_CC >= 0x5130)
+# define CRYPTOPP_CXX11_NOEXCEPT 1
+#endif // noexcept compilers
+
+// variadic templates: MS at VS2013 (18.00); GCC at 4.3; Clang at 2.9; Intel 12.1; SunCC 5.13.
+#if (__cpp_variadic_templates >= 200704) || __has_feature(cxx_variadic_templates) || \
+	(CRYPTOPP_MSC_VERSION >= 1800) || (__INTEL_COMPILER >= 1210) || \
+	(CRYPTOPP_GCC_VERSION >= 40300) || (__SUNPRO_CC >= 0x5130)
+# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
+#endif // variadic templates
+
+// constexpr: MS at VS2015 (19.00); GCC at 4.6; Clang at 3.1; Intel 16.0; SunCC 5.13.
+// Intel has mis-supported the feature since at least ICPC 13.00
+#if (__cpp_constexpr >= 200704) || __has_feature(cxx_constexpr) || \
+	(CRYPTOPP_MSC_VERSION >= 1900) || (__INTEL_COMPILER >= 1600) || \
+	(CRYPTOPP_GCC_VERSION >= 40600) || (__SUNPRO_CC >= 0x5130)
+# define CRYPTOPP_CXX11_CONSTEXPR 1
+#endif // constexpr compilers
+
+// strong typed enums: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.3; Intel 14.0; SunCC 5.12.
+// Mircorosft and Intel had partial support earlier, but we require full support.
+#if (CRYPTOPP_MSC_VERSION >= 1700) || __has_feature(cxx_strong_enums) || \
+	(__INTEL_COMPILER >= 1400) || (CRYPTOPP_GCC_VERSION >= 40400) || (__SUNPRO_CC >= 0x5120)
+# define CRYPTOPP_CXX11_STRONG_ENUM 1
+#endif // constexpr compilers
+
+// nullptr_t: MS at VS2010 (16.00); GCC at 4.6; Clang at 3.3; Intel 10.0; SunCC 5.13.
+#if (CRYPTOPP_MSC_VERSION >= 1600) || __has_feature(cxx_nullptr) || \
+	(__INTEL_COMPILER >= 1000) || (CRYPTOPP_GCC_VERSION >= 40600) || \
+    (__SUNPRO_CC >= 0x5130) || defined(__IBMCPP_NULLPTR)
+# define CRYPTOPP_CXX11_NULLPTR 1
+#endif // nullptr_t compilers
+
+#endif // CRYPTOPP_CXX11
+
+// ***************** C++14 and above ********************
+
+#if defined(CRYPTOPP_CXX14)
+
+// Extended static_assert with one argument
+// Microsoft cannot handle the single argument static_assert as of VS2019 (cl.exe 19.00)
+#if (__cpp_static_assert >= 201411)
+# define CRYPTOPP_CXX17_STATIC_ASSERT 1
+#endif // static_assert
+
+#endif
+
+// ***************** C++17 and above ********************
+
+// C++17 is available
+#if defined(CRYPTOPP_CXX17)
+
+// C++17 uncaught_exceptions: MS at VS2015 (19.00); GCC at 6.0; Clang at 3.5; Intel 18.0.
+// Clang and __EXCEPTIONS see http://releases.llvm.org/3.6.0/tools/clang/docs/ReleaseNotes.html
+// Also see https://github.com/weidai11/cryptopp/issues/980. I'm not sure what
+// to do when the compiler defines __cpp_lib_uncaught_exceptions but the platform
+// does not support std::uncaught_exceptions. What was Apple thinking???
+#if defined(__clang__)
+# if __EXCEPTIONS && __has_feature(cxx_exceptions)
+#  if __cpp_lib_uncaught_exceptions >= 201411L
+#   define CRYPTOPP_CXX17_UNCAUGHT_EXCEPTIONS 1
+#  endif
+# endif
+#elif (CRYPTOPP_MSC_VERSION >= 1900) || (__INTEL_COMPILER >= 1800) || \
+      (CRYPTOPP_GCC_VERSION >= 60000) || (__cpp_lib_uncaught_exceptions >= 201411L)
+# define CRYPTOPP_CXX17_UNCAUGHT_EXCEPTIONS 1
+#endif // uncaught_exceptions compilers
+
+#endif  // CRYPTOPP_CXX17
+
+// ***************** C++ fixups ********************
+
+#if defined(CRYPTOPP_CXX11_NOEXCEPT)
+#  define CRYPTOPP_THROW noexcept(false)
+#  define CRYPTOPP_NO_THROW noexcept(true)
+#else
+#  define CRYPTOPP_THROW
+#  define CRYPTOPP_NO_THROW
+#endif // CRYPTOPP_CXX11_NOEXCEPT
+
+// Hack... C++11 nullptr_t type safety and analysis
+#if defined(CRYPTOPP_CXX11_NULLPTR) && !defined(NULLPTR)
+# define NULLPTR nullptr
+#elif !defined(NULLPTR)
+# define NULLPTR NULL
+#endif // CRYPTOPP_CXX11_NULLPTR
+
+#endif  // CRYPTOPP_CONFIG_CXX_H

Common/3dParty/cryptopp/config_dll.h

@@ -0,0 +1,178 @@
+// config_dll.h - written and placed in public domain by Jeffrey Walton
+//                the bits that make up this source file are from the
+//                library's monolithic config.h.
+
+/// \file config_dll.h
+/// \brief Library configuration file
+/// \details <tt>config_dll.h</tt> provides defines for shared objects and
+///  dynamic libraries. Generally speaking the macros are used to export
+///  classes and template classes from the Win32 dynamic link library.
+///  When not building the Win32 dynamic link library they are mostly an extern
+///  template declaration.
+/// \details In practice they are a furball coughed up by a cat and then peed
+///  on by a dog. They are awful to get just right because of inconsistent
+///  compiler support for extern templates, manual instantiation and the FIPS DLL.
+/// \details <tt>config.h</tt> was split into components in May 2019 to better
+///  integrate with Autoconf and its feature tests. The splitting occurred so
+///  users could continue to include <tt>config.h</tt> while allowing Autoconf
+///  to write new <tt>config_asm.h</tt> and new <tt>config_cxx.h</tt> using
+///  its feature tests.
+/// \note You should include <tt>config.h</tt> rather than <tt>config_dll.h</tt>
+///  directly.
+/// \sa <A HREF="https://github.com/weidai11/cryptopp/issues/835">Issue 835,
+///  Make config.h more autoconf friendly</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Configure.sh">Configure.sh script</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Visual_Studio">Visual Studio</A>,
+///  and <A HREF="https://www.cryptopp.com/wiki/FIPS_DLL">FIPS DLL</A>
+///  on the Crypto++ wiki
+/// \since Crypto++ 8.3
+
+#ifndef CRYPTOPP_CONFIG_DLL_H
+#define CRYPTOPP_CONFIG_DLL_H
+
+#include "config_os.h"
+
+#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
+
+	/// \brief Win32 define for dynamic link libraries
+	/// \details CRYPTOPP_IMPORTS is set in the Visual Studio project files.
+	///  When the macro is set, <tt>CRYPTOPP_DLL</tt> is defined to
+	///  <tt>__declspec(dllimport)</tt>.
+	/// \details This macro has no effect on Unix &amp; Linux.
+	/// \sa <A HREF="https://www.cryptopp.com/wiki/Visual_Studio">Visual Studio</A>,
+	///  and <A HREF="https://www.cryptopp.com/wiki/FIPS_DLL">FIPS DLL</A>
+	///  on the Crypto++ wiki
+	#define CRYPTOPP_IMPORTS ...
+
+	/// \brief Win32 define for dynamic link libraries
+	/// \details CRYPTOPP_EXPORTS is set in the Visual Studio project files.
+	///  When the macro is set, <tt>CRYPTOPP_DLL</tt> is defined to
+	///  <tt>__declspec(dllexport)</tt>.
+	/// \details This macro has no effect on Unix &amp; Linux.
+	/// \sa <A HREF="https://www.cryptopp.com/wiki/Visual_Studio">Visual Studio</A>,
+	///  and <A HREF="https://www.cryptopp.com/wiki/FIPS_DLL">FIPS DLL</A>
+	///  on the Crypto++ wiki
+	#define CRYPTOPP_EXPORTS ...
+
+	/// \brief Win32 define for dynamic link libraries
+	/// \details CRYPTOPP_IS_DLL is set in the Visual Studio project files.
+	/// \sa <A HREF="https://www.cryptopp.com/wiki/Visual_Studio">Visual Studio</A>,
+	///  and <A HREF="https://www.cryptopp.com/wiki/FIPS_DLL">FIPS DLL</A>
+	///  on the Crypto++ wiki
+	#define CRYPTOPP_IS_DLL
+
+	/// \brief Instantiate templates in a dynamic library
+	/// \details CRYPTOPP_DLL_TEMPLATE_CLASS decoration should be used
+	///  for classes intended to be exported from dynamic link libraries.
+	/// \details This macro is primarily used on Win32, but sees some
+	///  action on Unix &amp; Linux due to the source file <tt>dll.cpp</tt>.
+	/// \sa <A HREF="https://www.cryptopp.com/wiki/Visual_Studio">Visual Studio</A>,
+	///  and <A HREF="https://www.cryptopp.com/wiki/FIPS_DLL">FIPS DLL</A>
+	///  on the Crypto++ wiki
+	#define CRYPTOPP_DLL_TEMPLATE_CLASS ...
+
+	/// \brief Instantiate templates in a dynamic library
+	/// \details CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS decoration should be used
+	///  for template classes intended to be exported from dynamic link libraries.
+	/// \details This macro is primarily used on Win32, but sees some
+	///  action on Unix &amp; Linux due to the source file <tt>dll.cpp</tt>.
+	/// \sa <A HREF="https://www.cryptopp.com/wiki/Visual_Studio">Visual Studio</A>,
+	///  and <A HREF="https://www.cryptopp.com/wiki/FIPS_DLL">FIPS DLL</A>
+	///  on the Crypto++ wiki
+	#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS ...
+
+	/// \brief Instantiate templates in a dynamic library
+	/// \details CRYPTOPP_STATIC_TEMPLATE_CLASS decoration should be used
+	///  for template classes intended to be exported from dynamic link libraries.
+	/// \details This macro is primarily used on Win32, but sees some
+	///  action on Unix &amp; Linux due to the source file <tt>dll.cpp</tt>.
+	/// \sa <A HREF="https://www.cryptopp.com/wiki/Visual_Studio">Visual Studio</A>,
+	///  and <A HREF="https://www.cryptopp.com/wiki/FIPS_DLL">FIPS DLL</A>
+	///  on the Crypto++ wiki
+	#define CRYPTOPP_STATIC_TEMPLATE_CLASS ...
+
+	/// \brief Instantiate templates in a dynamic library
+	/// \details CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS decoration should be used
+	///  for template classes intended to be exported from dynamic link libraries.
+	/// \details This macro is primarily used on Win32, but sees some
+	///  action on Unix &amp; Linux due to the source file <tt>dll.cpp</tt>.
+	/// \sa <A HREF="https://www.cryptopp.com/wiki/Visual_Studio">Visual Studio</A>,
+	///  and <A HREF="https://www.cryptopp.com/wiki/FIPS_DLL">FIPS DLL</A>
+	///  on the Crypto++ wiki
+	#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS ...
+
+	/// \brief Override for internal linkage
+	/// \details CRYPTOPP_TABLE can be used to override internal linkage
+	///  on tables with the <tt>const</tt> qualifier. According to C++ rules
+	///  a declaration with <tt>const</tt> qualifier is internal linkage.
+	/// \note The name CRYPTOPP_TABLE was chosen because it is often used to
+	///  export a table, like AES or SHA constants. The name avoids collisions
+	///  with the DLL gear macros, like CRYPTOPP_EXPORTS and CRYPTOPP_EXTERN.
+	#define CRYPTOPP_TABLE extern
+
+	/// \brief Win32 calling convention
+	/// \details CRYPTOPP_API sets the calling convention on Win32.
+	///  On Win32 CRYPTOPP_API is <tt>__cedcl</tt>. On Unix &amp; Linux
+	///  CRYPTOPP_API is defined to nothing.
+	/// \sa <A HREF="https://www.cryptopp.com/wiki/Visual_Studio">Visual Studio</A>
+	///  on the Crypto++ wiki
+	#define CRYPTOPP_API ...
+
+#else  // CRYPTOPP_DOXYGEN_PROCESSING
+
+#if defined(CRYPTOPP_WIN32_AVAILABLE)
+
+	#if defined(CRYPTOPP_EXPORTS)
+	#  define CRYPTOPP_IS_DLL
+	#  define CRYPTOPP_DLL __declspec(dllexport)
+	#elif defined(CRYPTOPP_IMPORTS)
+	#  define CRYPTOPP_IS_DLL
+	#  define CRYPTOPP_DLL __declspec(dllimport)
+	#else
+	#  define CRYPTOPP_DLL
+	#endif
+
+	// C++ makes const internal linkage
+	#define CRYPTOPP_TABLE extern
+	#define CRYPTOPP_API __cdecl
+
+#else	// not CRYPTOPP_WIN32_AVAILABLE
+
+	// C++ makes const internal linkage
+	#define CRYPTOPP_TABLE extern
+	#define CRYPTOPP_DLL
+	#define CRYPTOPP_API
+
+#endif	// CRYPTOPP_WIN32_AVAILABLE
+
+#if defined(__MWERKS__)
+#  define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS extern class CRYPTOPP_DLL
+#elif defined(__BORLANDC__) || defined(__SUNPRO_CC)
+#  define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS template class CRYPTOPP_DLL
+#else
+#  define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS extern template class CRYPTOPP_DLL
+#endif
+
+#if defined(CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES) && !defined(CRYPTOPP_IMPORTS)
+#  define CRYPTOPP_DLL_TEMPLATE_CLASS template class CRYPTOPP_DLL
+#else
+#  define CRYPTOPP_DLL_TEMPLATE_CLASS CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS
+#endif
+
+#if defined(__MWERKS__)
+#  define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS extern class
+#elif defined(__BORLANDC__) || defined(__SUNPRO_CC)
+#  define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS template class
+#else
+#  define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS extern template class
+#endif
+
+#if defined(CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES) && !defined(CRYPTOPP_EXPORTS)
+#  define CRYPTOPP_STATIC_TEMPLATE_CLASS template class
+#else
+#  define CRYPTOPP_STATIC_TEMPLATE_CLASS CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS
+#endif
+
+#endif  // CRYPTOPP_DOXYGEN_PROCESSING
+
+#endif  // CRYPTOPP_CONFIG_DLL_H

Common/3dParty/cryptopp/config_int.h

@@ -0,0 +1,268 @@
+// config_int.h - written and placed in public domain by Jeffrey Walton
+//                the bits that make up this source file are from the
+//                library's monolithic config.h.
+
+/// \file config_int.h
+/// \brief Library configuration file
+/// \details <tt>config_int.h</tt> provides defines and typedefs for fixed
+///  size integers. The library's choices for fixed size integers predates other
+///  standard-based integers by about 5 years. After fixed sizes were
+///  made standard, the library continued to use its own definitions for
+///  compatibility with previous versions of the library.
+/// \details <tt>config.h</tt> was split into components in May 2019 to better
+///  integrate with Autoconf and its feature tests. The splitting occurred so
+///  users could continue to include <tt>config.h</tt> while allowing Autoconf
+///  to write new <tt>config_asm.h</tt> and new <tt>config_cxx.h</tt> using
+///  its feature tests.
+/// \note You should include <tt>config.h</tt> rather than <tt>config_int.h</tt>
+///  directly.
+/// \sa <A HREF="https://github.com/weidai11/cryptopp/issues/835">Issue 835,
+///  Make config.h more autoconf friendly</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Configure.sh">Configure.sh script</A>
+///  on the Crypto++ wiki
+/// \since Crypto++ 8.3
+
+#ifndef CRYPTOPP_CONFIG_INT_H
+#define CRYPTOPP_CONFIG_INT_H
+
+#include "config_ns.h"
+#include "config_ver.h"
+#include "config_misc.h"
+
+// C5264 new for VS2022/v17.4, MSC v17.3.4
+// https://github.com/weidai11/cryptopp/issues/1185
+#if (CRYPTOPP_MSC_VERSION)
+# pragma warning(push)
+# if (CRYPTOPP_MSC_VERSION >= 1933)
+#  pragma warning(disable: 5264)
+# endif
+#endif
+
+/// \brief Library byte guard
+/// \details CRYPTOPP_NO_GLOBAL_BYTE indicates <tt>byte</tt> is in the Crypto++
+///  namespace.
+/// \details The Crypto++ <tt>byte</tt> was originally in global namespace to avoid
+///  ambiguity with other byte typedefs. <tt>byte</tt> was moved to CryptoPP namespace
+///  at Crypto++ 6.0 due to C++17, <tt>std::byte</tt> and potential compile problems.
+/// \sa <A HREF="http://github.com/weidai11/cryptopp/issues/442">Issue 442</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Configure.sh">std::byte</A> on the
+///  Crypto++ wiki
+/// \since Crypto++ 6.0
+#define CRYPTOPP_NO_GLOBAL_BYTE 1
+
+NAMESPACE_BEGIN(CryptoPP)
+
+// Signed words added at Issue 609 for early versions of and Visual Studio and
+// the NaCl gear. Also see https://github.com/weidai11/cryptopp/issues/609.
+
+/// \brief 8-bit unsigned datatype
+/// \details The Crypto++ <tt>byte</tt> was originally in global namespace to avoid
+///  ambiguity with other byte typedefs. <tt>byte</tt> was moved to CryptoPP namespace
+///  at Crypto++ 6.0 due to C++17, <tt>std::byte</tt> and potential compile problems.
+/// \sa CRYPTOPP_NO_GLOBAL_BYTE, <A HREF="http://github.com/weidai11/cryptopp/issues/442">Issue 442</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Configure.sh">std::byte</A> on the
+///  Crypto++ wiki
+/// \since Crypto++ 1.0, CryptoPP namespace since Crypto++ 6.0
+typedef unsigned char byte;
+/// \brief 16-bit unsigned datatype
+/// \since Crypto++ 1.0
+typedef unsigned short word16;
+/// \brief 32-bit unsigned datatype
+/// \since Crypto++ 1.0
+typedef unsigned int word32;
+
+/// \brief 8-bit signed datatype
+/// \details The 8-bit signed datatype was added to support constant time
+///  implementations for curve25519, X25519 key agreement and ed25519
+///  signatures.
+/// \since Crypto++ 8.0
+typedef signed char sbyte;
+/// \brief 16-bit signed datatype
+/// \details The 32-bit signed datatype was added to support constant time
+///  implementations for curve25519, X25519 key agreement and ed25519
+///  signatures.
+/// \since Crypto++ 8.0
+typedef signed short sword16;
+/// \brief 32-bit signed datatype
+/// \details The 32-bit signed datatype was added to support constant time
+///  implementations for curve25519, X25519 key agreement and ed25519
+///  signatures.
+/// \since Crypto++ 8.0
+typedef signed int sword32;
+
+#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
+
+	/// \brief 64-bit unsigned datatype
+	/// \details The typedef for <tt>word64</tt> varies depending on the platform.
+	///  On Microsoft platforms it is <tt>unsigned __int64</tt>. On Unix &amp; Linux
+	///  with LP64 data model it is <tt>unsigned long</tt>. On Unix &amp; Linux with ILP32
+	///  data model it is <tt>unsigned long long</tt>.
+	/// \since Crypto++ 1.0
+	typedef unsigned long long word64;
+
+	/// \brief 64-bit signed datatype
+	/// \details The typedef for <tt>sword64</tt> varies depending on the platform.
+	///  On Microsoft platforms it is <tt>signed __int64</tt>. On Unix &amp; Linux
+	///  with LP64 data model it is <tt>signed long</tt>. On Unix &amp; Linux with ILP32
+	///  data model it is <tt>signed long long</tt>.
+	/// \since Crypto++ 8.0
+	typedef signed long long sword64;
+
+	/// \brief 128-bit unsigned datatype
+	/// \details The typedef for <tt>word128</tt> varies depending on the platform.
+	///  <tt>word128</tt> is only available on 64-bit machines when
+	///  <tt>CRYPTOPP_WORD128_AVAILABLE</tt> is defined.
+	///  On Unix &amp; Linux with LP64 data model it is <tt>__uint128_t</tt>.
+	///  Microsoft platforms do not provide a 128-bit integer type. 32-bit platforms
+	///  do not provide a 128-bit integer type.
+	/// \since Crypto++ 5.6
+	typedef __uint128_t word128;
+
+	/// \brief Declare an unsigned word64
+	/// \details W64LIT is used to portability declare or assign 64-bit literal values.
+	///  W64LIT will append the proper suffix to ensure the compiler accepts the literal.
+	/// \details Use the macro like shown below.
+	///  <pre>
+	///    word64 x = W64LIT(0xffffffffffffffff);
+	///  </pre>
+	/// \since Crypto++ 1.0
+	#define W64LIT(x) ...
+
+	/// \brief Declare a signed word64
+	/// \details SW64LIT is used to portability declare or assign 64-bit literal values.
+	///  SW64LIT will append the proper suffix to ensure the compiler accepts the literal.
+	/// \details Use the macro like shown below.
+	///  <pre>
+	///    sword64 x = SW64LIT(0xffffffffffffffff);
+	///  </pre>
+	/// \since Crypto++ 8.0
+	#define SW64LIT(x) ...
+
+	/// \brief Declare ops on word64 are slow
+	/// \details CRYPTOPP_BOOL_SLOW_WORD64 is typically defined to 1 on platforms
+	///  that have a machine word smaller than 64-bits. That is, the define
+	///  is present on 32-bit platforms. The define is also present on platforms
+	///  where the cpu is slow even with a 64-bit cpu.
+	#define CRYPTOPP_BOOL_SLOW_WORD64 ...
+
+#elif defined(_MSC_VER) || defined(__BORLANDC__)
+	typedef signed __int64 sword64;
+	typedef unsigned __int64 word64;
+	#define SW64LIT(x) x##i64
+	#define W64LIT(x) x##ui64
+#elif (_LP64 || __LP64__)
+	typedef signed long sword64;
+	typedef unsigned long word64;
+	#define SW64LIT(x) x##L
+	#define W64LIT(x) x##UL
+#else
+	typedef signed long long sword64;
+	typedef unsigned long long word64;
+	#define SW64LIT(x) x##LL
+	#define W64LIT(x) x##ULL
+#endif
+
+/// \brief Large word type
+/// \details lword is a typedef for large word types. It is used for file
+///  offsets and such.
+typedef word64 lword;
+
+/// \brief Large word type max value
+/// \details LWORD_MAX is the maximum value for large word types.
+///  Since an <tt>lword</tt> is an unsigned type, the value is
+///  <tt>0xffffffffffffffff</tt>. W64LIT will append the proper suffix.
+CRYPTOPP_CONST_OR_CONSTEXPR lword LWORD_MAX = W64LIT(0xffffffffffffffff);
+
+#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
+	/// \brief Half word used for multiprecision integer arithmetic
+	/// \details hword is used for multiprecision integer arithmetic.
+	///  The typedef for <tt>hword</tt> varies depending on the platform.
+	///  On 32-bit platforms it is usually <tt>word16</tt>. On 64-bit platforms
+	///  it is usually <tt>word32</tt>.
+	/// \details Library users typically use byte, word16, word32 and word64.
+	/// \since Crypto++ 2.0
+	typedef word32 hword;
+	/// \brief Full word used for multiprecision integer arithmetic
+	/// \details word is used for multiprecision integer arithmetic.
+	///  The typedef for <tt>word</tt> varies depending on the platform.
+	///  On 32-bit platforms it is usually <tt>word32</tt>. On 64-bit platforms
+	///  it is usually <tt>word64</tt>.
+	/// \details Library users typically use byte, word16, word32 and word64.
+	/// \since Crypto++ 2.0
+	typedef word64 word;
+	/// \brief Double word used for multiprecision integer arithmetic
+	/// \details dword is used for multiprecision integer arithmetic.
+	///  The typedef for <tt>dword</tt> varies depending on the platform.
+	///  On 32-bit platforms it is usually <tt>word64</tt>. On 64-bit Unix &amp;
+	///  Linux platforms it is usually <tt>word128</tt>. <tt>word128</tt> is
+	///  not available on Microsoft platforms. <tt>word128</tt> is only available
+	///  when <tt>CRYPTOPP_WORD128_AVAILABLE</tt> is defined.
+	/// \details Library users typically use byte, word16, word32 and word64.
+	/// \sa CRYPTOPP_WORD128_AVAILABLE
+	/// \since Crypto++ 2.0
+	typedef word128 dword;
+
+	/// \brief 128-bit word availability
+	/// \details CRYPTOPP_WORD128_AVAILABLE indicates a 128-bit word is
+	///  available from the platform. 128-bit words are usually available on
+	///  64-bit platforms, but not available 32-bit platforms.
+	/// \details If CRYPTOPP_WORD128_AVAILABLE is not defined, then 128-bit
+	///  words are not available.
+	/// \details GCC and compatible compilers signal 128-bit word availability
+	///  with the preporcessor macro <tt>__SIZEOF_INT128__ >= 16</tt>.
+	/// \since Crypto++ 2.0
+	#define CRYPTOPP_WORD128_AVAILABLE ...
+#else
+	// define hword, word, and dword. these are used for multiprecision integer arithmetic
+	// Intel compiler won't have _umul128 until version 10.0. See http://softwarecommunity.intel.com/isn/Community/en-US/forums/thread/30231625.aspx
+	#if (defined(_MSC_VER) && (!defined(__INTEL_COMPILER) || __INTEL_COMPILER >= 1000) && (defined(_M_X64) || defined(_M_IA64))) || (defined(__DECCXX) && defined(__alpha__)) || (defined(__INTEL_COMPILER) && defined(__x86_64__)) || (defined(__SUNPRO_CC) && defined(__x86_64__))
+		typedef word32 hword;
+		typedef word64 word;
+	#else
+		#define CRYPTOPP_NATIVE_DWORD_AVAILABLE 1
+		#if defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || defined(__x86_64__) || defined(__mips64) || defined(__sparc64__) || defined(__aarch64__)
+			#if ((CRYPTOPP_GCC_VERSION >= 30400) || (CRYPTOPP_LLVM_CLANG_VERSION >= 30000) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40300)) && (__SIZEOF_INT128__ >= 16)
+				// GCC 4.0.1 on MacOS X is missing __umodti3 and __udivti3
+				// GCC 4.8.3 and bad uint128_t ops on PPC64/POWER7 (Issue 421)
+				// mode(TI) division broken on amd64 with GCC earlier than GCC 3.4
+				typedef word32 hword;
+				typedef word64 word;
+				typedef __uint128_t dword;
+				typedef __uint128_t word128;
+				#define CRYPTOPP_WORD128_AVAILABLE 1
+			#else
+				// if we're here, it means we're on a 64-bit CPU but we don't have a way to obtain 128-bit multiplication results
+				typedef word16 hword;
+				typedef word32 word;
+				typedef word64 dword;
+			#endif
+		#else
+			// being here means the native register size is probably 32 bits or less
+			#define CRYPTOPP_BOOL_SLOW_WORD64 1
+			typedef word16 hword;
+			typedef word32 word;
+			typedef word64 dword;
+		#endif
+	#endif
+#endif
+
+#ifndef CRYPTOPP_BOOL_SLOW_WORD64
+# define CRYPTOPP_BOOL_SLOW_WORD64 0
+#endif
+
+/// \brief Size of a platform word in bytes
+/// \details The size of a platform word, in bytes
+CRYPTOPP_CONST_OR_CONSTEXPR unsigned int WORD_SIZE = sizeof(word);
+
+/// \brief Size of a platform word in bits
+/// \details The size of a platform word, in bits
+/// \sa https://github.com/weidai11/cryptopp/issues/1185
+CRYPTOPP_CONST_OR_CONSTEXPR unsigned int WORD_BITS = WORD_SIZE * 8;
+
+NAMESPACE_END
+
+#if (CRYPTOPP_MSC_VERSION)
+# pragma warning(pop)
+#endif
+
+#endif  // CRYPTOPP_CONFIG_INT_H

Common/3dParty/cryptopp/config_misc.h

@@ -0,0 +1,199 @@
+// config_misc.h - written and placed in public domain by Jeffrey Walton
+//                 the bits that make up this source file are from the
+//                 library's monolithic config.h.
+
+/// \file config_misc.h
+/// \brief Library configuration file
+/// \details <tt>config_misc.h</tt> provides miscellaneous defines.
+/// \details <tt>config.h</tt> was split into components in May 2019 to better
+///  integrate with Autoconf and its feature tests. The splitting occurred so
+///  users could continue to include <tt>config.h</tt> while allowing Autoconf
+///  to write new <tt>config_asm.h</tt> and new <tt>config_cxx.h</tt> using
+///  its feature tests.
+/// \note You should include <tt>config.h</tt> rather than <tt>config_misc.h</tt>
+///  directly.
+/// \sa <A HREF="https://github.com/weidai11/cryptopp/issues/835">Issue 835,
+///  Make config.h more autoconf friendly</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Configure.sh">Configure.sh script</A>
+///  on the Crypto++ wiki
+/// \since Crypto++ 8.3
+
+#ifndef CRYPTOPP_CONFIG_MISC_H
+#define CRYPTOPP_CONFIG_MISC_H
+
+#include "config_asm.h"
+#include "config_cxx.h"
+#include "config_os.h"
+#include "config_ver.h"
+
+// Define this if running on a big-endian CPU
+// big endian will be assumed if CRYPTOPP_LITTLE_ENDIAN is not non-0
+#if !defined(CRYPTOPP_LITTLE_ENDIAN) && !defined(CRYPTOPP_BIG_ENDIAN) && (defined(__BIG_ENDIAN__) || (defined(__s390__) || defined(__s390x__) || defined(__zarch__)) || (defined(__m68k__) || defined(__MC68K__)) || defined(__sparc) || defined(__sparc__) || defined(__hppa__) || defined(__MIPSEB__) || defined(__ARMEB__) || (defined(__MWERKS__) && !defined(__INTEL__)))
+#	define CRYPTOPP_BIG_ENDIAN 1
+#endif
+
+// Define this if running on a little-endian CPU
+// big endian will be assumed if CRYPTOPP_LITTLE_ENDIAN is not non-0
+#if !defined(CRYPTOPP_BIG_ENDIAN) && !defined(CRYPTOPP_LITTLE_ENDIAN)
+#	define CRYPTOPP_LITTLE_ENDIAN 1
+#endif
+
+// Define this if you want to set a prefix for TestData/ and TestVectors/
+// Be sure to add the trailing slash since its simple concatenation.
+// After https://github.com/weidai11/cryptopp/issues/760 the library
+// should find the test vectors and data without much effort. It
+// will search in "./" and "$ORIGIN/../share/cryptopp" automatically.
+#ifndef CRYPTOPP_DATA_DIR
+# define CRYPTOPP_DATA_DIR ""
+#endif
+
+// Define this to disable the test suite from searching for test
+// vectors and data in "./" and "$ORIGIN/../share/cryptopp". The
+// library will still search in CRYPTOPP_DATA_DIR, regardless.
+// Some distros may want to disable this feature. Also see
+// https://github.com/weidai11/cryptopp/issues/760
+// #ifndef CRYPTOPP_DISABLE_DATA_DIR_SEARCH
+// # define CRYPTOPP_DISABLE_DATA_DIR_SEARCH
+// #endif
+
+// Define this if you want or need the library's memcpy_s and memmove_s.
+// See http://github.com/weidai11/cryptopp/issues/28.
+// #if !defined(CRYPTOPP_WANT_SECURE_LIB)
+// # define CRYPTOPP_WANT_SECURE_LIB
+// #endif
+
+// Define this if ARMv8 shifts are slow. ARM Cortex-A53 and Cortex-A57 shift
+// operation perform poorly, so NEON and ASIMD code that relies on shifts
+// or rotates often performs worse than C/C++ code. Also see
+// http://github.com/weidai11/cryptopp/issues/367.
+#define CRYPTOPP_SLOW_ARMV8_SHIFT 1
+
+// CRYPTOPP_DEBUG enables the library's CRYPTOPP_ASSERT. CRYPTOPP_ASSERT
+// raises a SIGTRAP (Unix) or calls DebugBreak() (Windows). CRYPTOPP_ASSERT
+// is only in effect when CRYPTOPP_DEBUG, DEBUG or _DEBUG is defined. Unlike
+// Posix assert, CRYPTOPP_ASSERT is not affected by NDEBUG (or failure to
+// define it). According to the ndk-build docs, Android use NDK_DEBUG=1 to
+// signal a DEBUG build (and NDK_DEBUG=0 to signal non-DEBUG build).
+// Also see http://github.com/weidai11/cryptopp/issues/277, CVE-2016-7420 and
+// https://developer.android.com/ndk/guides/ndk-build
+#if (defined(DEBUG) || defined(_DEBUG)) || (defined(NDK_DEBUG) && (NDK_DEBUG > 0))
+# undef CRYPTOPP_DEBUG
+# define CRYPTOPP_DEBUG 1
+#endif
+
+// File system code to use when creating GZIP archive.
+// http://www.gzip.org/format.txt
+#if !defined(GZIP_OS_CODE)
+# if defined(__macintosh__)
+#  define GZIP_OS_CODE 7
+# elif defined(__unix__) || defined(__linux__)
+#  define GZIP_OS_CODE 3
+# else
+#  define GZIP_OS_CODE 0
+# endif
+#endif
+
+// Try this if your CPU has 256K internal cache or a slow multiply instruction
+// and you want a (possibly) faster IDEA implementation using log tables
+// #define IDEA_LARGECACHE
+
+// Define this if, for the linear congruential RNG, you want to use
+// the original constants as specified in S.K. Park and K.W. Miller's
+// CACM paper.
+// #define LCRNG_ORIGINAL_NUMBERS
+
+// Define this if you want Integer's operator<< to honor std::showbase (and
+// std::noshowbase). If defined, Integer will use a suffix of 'b', 'o', 'h'
+// or '.' (the last for decimal) when std::showbase is in effect. If
+// std::noshowbase is set, then the suffix is not added to the Integer. If
+// not defined, existing behavior is preserved and Integer will use a suffix
+// of 'b', 'o', 'h' or '.' (the last for decimal).
+// #define CRYPTOPP_USE_STD_SHOWBASE
+
+// Define this if you want to decouple AlgorithmParameters and Integer
+// The decoupling should make it easier for the linker to remove Integer
+// related code for those who do not need Integer, and avoid a potential
+// race during AssignIntToInteger pointer initialization. Also
+// see http://github.com/weidai11/cryptopp/issues/389.
+// #define CRYPTOPP_NO_ASSIGN_TO_INTEGER
+
+// Need GCC 4.6/Clang 1.7/Apple Clang 2.0 or above due to "GCC diagnostic {push|pop}"
+#if (CRYPTOPP_GCC_VERSION >= 40600) || (CRYPTOPP_LLVM_CLANG_VERSION >= 10700) || \
+    (CRYPTOPP_APPLE_CLANG_VERSION >= 20000)
+	#define CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE 1
+#endif
+
+// Portable way to suppress warnings.
+// Moved from misc.h due to circular depenedencies.
+#ifndef CRYPTOPP_UNUSED
+	#define CRYPTOPP_UNUSED(x) ((void)(x))
+#endif
+
+// how to disable inlining
+#if defined(_MSC_VER)
+#	define CRYPTOPP_NOINLINE_DOTDOTDOT
+#	define CRYPTOPP_NOINLINE __declspec(noinline)
+#elif defined(__xlc__) || defined(__xlC__) || defined(__ibmxl__)
+#	define CRYPTOPP_NOINLINE_DOTDOTDOT ...
+#	define CRYPTOPP_NOINLINE __attribute__((noinline))
+#elif defined(__GNUC__)
+#	define CRYPTOPP_NOINLINE_DOTDOTDOT
+#	define CRYPTOPP_NOINLINE __attribute__((noinline))
+#else
+#	define CRYPTOPP_NOINLINE_DOTDOTDOT ...
+#	define CRYPTOPP_NOINLINE
+#endif
+
+// http://stackoverflow.com/a/13867690/608639
+// CRYPTOPP_CONST_OR_CONSTEXPR due to https://github.com/weidai11/cryptopp/issues/1185
+#if defined(CRYPTOPP_CXX11_CONSTEXPR)
+#  define CRYPTOPP_STATIC_CONSTEXPR static constexpr
+#  define CRYPTOPP_STATIC_CONST_OR_CONSTEXPR static constexpr
+#  define CRYPTOPP_CONST_OR_CONSTEXPR constexpr
+#  define CRYPTOPP_CONSTEXPR constexpr
+#else
+#  define CRYPTOPP_STATIC_CONSTEXPR static
+#  define CRYPTOPP_STATIC_CONST_OR_CONSTEXPR static const
+#  define CRYPTOPP_CONST_OR_CONSTEXPR const
+#  define CRYPTOPP_CONSTEXPR
+#endif // CRYPTOPP_CXX11_CONSTEXPR
+
+#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
+# define CRYPTOPP_CONSTANT(x) static const int x
+#elif defined(CRYPTOPP_CXX11_STRONG_ENUM)
+# define CRYPTOPP_CONSTANT(x) enum : int { x }
+#elif defined(CRYPTOPP_CXX11_CONSTEXPR)
+# define CRYPTOPP_CONSTANT(x) constexpr static int x
+#else
+# define CRYPTOPP_CONSTANT(x) static const int x
+#endif
+
+// Warnings
+#ifdef _MSC_VER
+	// 4127: conditional expression is constant
+	// 4512: assignment operator not generated
+	// 4661: no suitable definition provided for explicit template instantiation request
+	// 4910: '__declspec(dllexport)' and 'extern' are incompatible on an explicit instantiation
+#	pragma warning(disable: 4127 4512 4661 4910)
+	// _MSC_VER 1920 is VS2019
+#	if _MSC_VER >= 1920
+		// 5054: operator '|': deprecated between enumerations of different types
+#		pragma warning(disable: 5054)
+#	endif
+	// Security related, possible defects
+	// http://blogs.msdn.com/b/vcblog/archive/2010/12/14/off-by-default-compiler-warnings-in-visual-c.aspx
+#	pragma warning(once: 4191 4242 4263 4264 4266 4302 4826 4905 4906 4928)
+#endif
+
+#ifdef __BORLANDC__
+// 8037: non-const function called for const object. needed to work around BCB2006 bug
+#	pragma warn -8037
+#endif
+
+// [GCC Bug 53431] "C++ preprocessor ignores #pragma GCC diagnostic". Clang honors it.
+#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
+# pragma GCC diagnostic ignored "-Wunknown-pragmas"
+# pragma GCC diagnostic ignored "-Wunused-function"
+#endif
+
+#endif  // CRYPTOPP_CONFIG_MISC_H

Common/3dParty/cryptopp/config_ns.h

@@ -0,0 +1,76 @@
+// config_ns.h - written and placed in public domain by Jeffrey Walton
+//               the bits that make up this source file are from the
+//               library's monolithic config.h.
+
+/// \file config_ns.h
+/// \brief Library configuration file
+/// \details <tt>config_ns.h</tt> provides defines for C++ and library
+///  namespaces.
+/// \details <tt>config.h</tt> was split into components in May 2019 to better
+///  integrate with Autoconf and its feature tests. The splitting occurred so
+///  users could continue to include <tt>config.h</tt> while allowing Autoconf
+///  to write new <tt>config_asm.h</tt> and new <tt>config_cxx.h</tt> using
+///  its feature tests.
+/// \note You should include <tt>config.h</tt> rather than <tt>config_ns.h</tt>
+///  directly.
+/// \sa <A HREF="https://github.com/weidai11/cryptopp/issues/835">Issue 835,
+///  Make config.h more autoconf friendly</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Configure.sh">Configure.sh script</A>
+///  on the Crypto++ wiki
+/// \since Crypto++ 8.3
+
+#ifndef CRYPTOPP_CONFIG_NAMESPACE_H
+#define CRYPTOPP_CONFIG_NAMESPACE_H
+
+// namespace support is now required
+#ifdef NO_NAMESPACE
+# error namespace support is now required
+#endif
+
+#ifdef CRYPTOPP_DOXYGEN_PROCESSING
+
+/// \namespace CryptoPP
+/// \brief Crypto++ library namespace
+/// \details Nearly all classes are located in the CryptoPP namespace. Within
+///  the namespace, there are four additional namespaces.
+///   <ul>
+///     <li>Name - namespace for names used with NameValuePairs and documented
+///         in argnames.h
+///     <li>NaCl - namespace for NaCl test functions like crypto_box,
+///         crypto_box_open, crypto_sign, and crypto_sign_open
+///     <li>Donna - namespace for curve25519 library operations. The name was
+///         selected due to use of Langley and Moon's curve25519-donna.
+///     <li>Test - namespace for testing and benchmarks classes
+///     <li>Weak - namespace for weak and wounded algorithms, like ARC4, MD5
+///         and Pananma
+///   </ul>
+/// \since Crypto++ 3.0
+namespace CryptoPP { }
+
+// Bring in the symbols found in the weak namespace; and fold Weak1 into Weak
+#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
+#define Weak1 Weak
+// Avoid putting "CryptoPP::" in front of everything in Doxygen output
+#define CryptoPP
+#define NAMESPACE_BEGIN(x)
+#define NAMESPACE_END
+// Get Doxygen to generate better documentation for these typedefs
+#define DOCUMENTED_TYPEDEF(x, y) class y : public x {}
+// Make "protected" "private" so the functions and members are not documented
+#define protected private
+
+#else
+// Not Doxygen
+#define NAMESPACE_BEGIN(x) namespace x {
+#define NAMESPACE_END }
+#define DOCUMENTED_TYPEDEF(x, y) typedef x y
+
+#endif  // CRYPTOPP_DOXYGEN_PROCESSING
+
+#define ANONYMOUS_NAMESPACE_BEGIN namespace {
+#define ANONYMOUS_NAMESPACE_END }
+#define USING_NAMESPACE(x) using namespace x;
+#define DOCUMENTED_NAMESPACE_BEGIN(x) namespace x {
+#define DOCUMENTED_NAMESPACE_END }
+
+#endif  // CRYPTOPP_CONFIG_NAMESPACE_H

Common/3dParty/cryptopp/config_os.h

@@ -0,0 +1,169 @@
+// config_os.h - written and placed in public domain by Jeffrey Walton
+//               the bits that make up this source file are from the
+//               library's monolithic config.h.
+
+/// \file config_os.h
+/// \brief Library configuration file
+/// \details <tt>config_os.h</tt> provides defines for platforms and operating
+///  systems.
+/// \details <tt>config.h</tt> was split into components in May 2019 to better
+///  integrate with Autoconf and its feature tests. The splitting occurred so
+///  users could continue to include <tt>config.h</tt> while allowing Autoconf
+///  to write new <tt>config_asm.h</tt> and new <tt>config_cxx.h</tt> using
+///  its feature tests.
+/// \note You should include <tt>config.h</tt> rather than <tt>config_os.h</tt>
+///  directly.
+/// \sa <A HREF="https://github.com/weidai11/cryptopp/issues/835">Issue 835,
+///  Make config.h more autoconf friendly</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Configure.sh">Configure.sh script</A>
+///  on the Crypto++ wiki
+/// \since Crypto++ 8.3
+
+#ifndef CRYPTOPP_CONFIG_OS_H
+#define CRYPTOPP_CONFIG_OS_H
+
+#include "config_ver.h"
+
+// It is OK to remove the hard stop below, but you are on your own.
+// After building the library be sure to run self tests described
+// https://www.cryptopp.com/wiki/Release_Process#Self_Tests
+// The problems with Clang pretending to be other compilers is
+// discussed at http://github.com/weidai11/cryptopp/issues/147.
+#if (defined(_MSC_VER) && defined(__clang__) && \
+   !(defined( __clang_analyzer__)) && !defined(__INTEL_LLVM_COMPILER))
+# error: "Unsupported configuration"
+#endif
+
+// Windows platform
+#if defined(_WIN32) || defined(_WIN64) || defined(__CYGWIN__)
+#define CRYPTOPP_WIN32_AVAILABLE
+#endif
+
+// Unix and Linux platforms
+#if defined(__unix__) || defined(__MACH__) || defined(__NetBSD__) || defined(__sun)
+#define CRYPTOPP_UNIX_AVAILABLE
+#endif
+
+// BSD platforms
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__DragonFly__)
+#define CRYPTOPP_BSD_AVAILABLE
+#endif
+
+// Microsoft compilers
+#if defined(_MSC_VER) || defined(__fastcall)
+	#define CRYPTOPP_FASTCALL __fastcall
+#else
+	#define CRYPTOPP_FASTCALL
+#endif
+
+// Microsoft compilers
+#if defined(_MSC_VER)
+	#define CRYPTOPP_NO_VTABLE __declspec(novtable)
+#else
+	#define CRYPTOPP_NO_VTABLE
+#endif
+
+// Define this if you want to disable all OS-dependent features,
+// such as sockets and OS-provided random number generators
+// #define NO_OS_DEPENDENCE
+
+// Define this to use features provided by Microsoft's CryptoAPI.
+// Currently the only feature used is Windows random number generation.
+// This macro will be ignored if NO_OS_DEPENDENCE is defined.
+// #define USE_MS_CRYPTOAPI
+
+// Define this to use features provided by Microsoft's CryptoNG API.
+// CryptoNG API is available in Vista and above and its cross platform,
+// including desktop apps and store apps. Currently the only feature
+// used is Windows random number generation.
+// This macro will be ignored if NO_OS_DEPENDENCE is defined.
+// #define USE_MS_CNGAPI
+
+// If the user did not make a choice, then select CryptoNG if
+// targeting Windows 8 or above.
+#if !defined(USE_MS_CRYPTOAPI) && !defined(USE_MS_CNGAPI)
+# if !defined(_USING_V110_SDK71_) && ((WINVER >= 0x0602 /*_WIN32_WINNT_WIN8*/) || \
+     (_WIN32_WINNT >= 0x0602 /*_WIN32_WINNT_WIN8*/))
+#  define USE_MS_CNGAPI
+# else
+#  define USE_MS_CRYPTOAPI
+# endif
+#endif
+
+// Begin OS features, like init priorities and random numbers
+#ifndef NO_OS_DEPENDENCE
+
+// CRYPTOPP_INIT_PRIORITY attempts to manage initialization of C++ static objects.
+// Under GCC, the library uses init_priority attribute in the range
+// [CRYPTOPP_INIT_PRIORITY, CRYPTOPP_INIT_PRIORITY+100]. Under Windows,
+// CRYPTOPP_INIT_PRIORITY enlists "#pragma init_seg(lib)". The platforms
+// with gaps are Apple and Sun because they require linker scripts. Apple and
+// Sun will use the library's Singletons to initialize and acquire resources.
+// Also see http://cryptopp.com/wiki/Static_Initialization_Order_Fiasco
+#ifndef CRYPTOPP_INIT_PRIORITY
+# define CRYPTOPP_INIT_PRIORITY 250
+#endif
+
+// CRYPTOPP_USER_PRIORITY is for other libraries and user code that is using Crypto++
+// and managing C++ static object creation. It is guaranteed not to conflict with
+// values used by (or would be used by) the Crypto++ library.
+#ifndef CRYPTOPP_USER_PRIORITY
+# define CRYPTOPP_USER_PRIORITY (CRYPTOPP_INIT_PRIORITY+101)
+#endif
+
+// Most platforms allow us to specify when to create C++ objects. Apple and Sun do not.
+#if (CRYPTOPP_INIT_PRIORITY > 0) && !(defined(NO_OS_DEPENDENCE) || defined(__APPLE__) || defined(__sun__))
+# if (CRYPTOPP_GCC_VERSION >= 30000) || (CRYPTOPP_LLVM_CLANG_VERSION >= 20900) || (_INTEL_COMPILER >= 800)
+#  define HAVE_GCC_INIT_PRIORITY 1
+# elif (CRYPTOPP_MSC_VERSION >= 1310)
+#  define HAVE_MSC_INIT_PRIORITY 1
+# elif defined(__xlc__) || defined(__xlC__) || defined(__ibmxl__)
+#  define HAVE_XLC_INIT_PRIORITY 1
+# endif
+#endif  // CRYPTOPP_INIT_PRIORITY, NO_OS_DEPENDENCE, Apple, Sun
+
+#if defined(CRYPTOPP_WIN32_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE)
+#	define HIGHRES_TIMER_AVAILABLE
+#endif
+
+#ifdef CRYPTOPP_WIN32_AVAILABLE
+# if !defined(WINAPI_FAMILY)
+#	define THREAD_TIMER_AVAILABLE
+# elif defined(WINAPI_FAMILY)
+#   if (WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP))
+#	  define THREAD_TIMER_AVAILABLE
+#  endif
+# endif
+#endif
+
+#if defined(CRYPTOPP_UNIX_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING)
+#	define NONBLOCKING_RNG_AVAILABLE
+#	define BLOCKING_RNG_AVAILABLE
+#	define OS_RNG_AVAILABLE
+#endif
+
+// Cygwin/Newlib requires _XOPEN_SOURCE=600
+#if defined(CRYPTOPP_UNIX_AVAILABLE)
+# define UNIX_SIGNALS_AVAILABLE 1
+#endif
+
+#ifdef CRYPTOPP_WIN32_AVAILABLE
+# if !defined(WINAPI_FAMILY)
+#	define NONBLOCKING_RNG_AVAILABLE
+#	define OS_RNG_AVAILABLE
+# elif defined(WINAPI_FAMILY)
+#   if (WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP))
+#	  define NONBLOCKING_RNG_AVAILABLE
+#	  define OS_RNG_AVAILABLE
+#   elif !(WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP))
+#     if ((WINVER >= 0x0A00 /*_WIN32_WINNT_WIN10*/) || (_WIN32_WINNT >= 0x0A00 /*_WIN32_WINNT_WIN10*/))
+#	    define NONBLOCKING_RNG_AVAILABLE
+#	    define OS_RNG_AVAILABLE
+#     endif
+#   endif
+# endif
+#endif
+
+#endif	// NO_OS_DEPENDENCE
+
+#endif  // CRYPTOPP_CONFIG_OS_H

Common/3dParty/cryptopp/config_ver.h

@@ -0,0 +1,90 @@
+// config_ver.h - written and placed in public domain by Jeffrey Walton
+//                the bits that make up this source file are from the
+//                library's monolithic config.h.
+
+/// \file config_ver.h
+/// \brief Library configuration file
+/// \details <tt>config_ver.h</tt> provides defines for library and compiler
+///  versions.
+/// \details <tt>config.h</tt> was split into components in May 2019 to better
+///  integrate with Autoconf and its feature tests. The splitting occurred so
+///  users could continue to include <tt>config.h</tt> while allowing Autoconf
+///  to write new <tt>config_asm.h</tt> and new <tt>config_cxx.h</tt> using
+///  its feature tests.
+/// \note You should include <tt>config.h</tt> rather than <tt>config_ver.h</tt>
+///  directly.
+/// \sa <A HREF="https://github.com/weidai11/cryptopp/issues/835">Issue 835,
+///  Make config.h more autoconf friendly</A>,
+///  <A HREF="https://www.cryptopp.com/wiki/Configure.sh">Configure.sh script</A>
+///  on the Crypto++ wiki
+/// \since Crypto++ 8.3
+
+#ifndef CRYPTOPP_CONFIG_VERSION_H
+#define CRYPTOPP_CONFIG_VERSION_H
+
+/// \brief Library major version
+/// \details CRYPTOPP_MAJOR reflects the major version of the library the
+///  headers came from. It is not necessarily the version of the library built
+///  as a shared object if versions are inadvertently mixed and matched.
+/// \sa CRYPTOPP_VERSION, LibraryVersion(), HeaderVersion()
+/// \since Crypto++ 8.2
+#define CRYPTOPP_MAJOR 8
+/// \brief Library minor version
+/// \details CRYPTOPP_MINOR reflects the minor version of the library the
+///  headers came from. It is not necessarily the version of the library built
+///  as a shared object if versions are inadvertently mixed and matched.
+/// \sa CRYPTOPP_VERSION, LibraryVersion(), HeaderVersion()
+/// \since Crypto++ 8.2
+#define CRYPTOPP_MINOR 7
+/// \brief Library revision number
+/// \details CRYPTOPP_REVISION reflects the revision number of the library the
+///  headers came from. It is not necessarily the revision of the library built
+///  as a shared object if versions are inadvertently mixed and matched.
+/// \sa CRYPTOPP_VERSION, LibraryVersion(), HeaderVersion()
+/// \since Crypto++ 8.2
+#define CRYPTOPP_REVISION 0
+
+/// \brief Full library version
+/// \details CRYPTOPP_VERSION reflects the version of the library the headers
+///  came from. It is not necessarily the version of the library built as a
+///  shared object if versions are inadvertently mixed and matched.
+/// \sa CRYPTOPP_MAJOR, CRYPTOPP_MINOR, CRYPTOPP_REVISION, LibraryVersion(), HeaderVersion()
+/// \since Crypto++ 5.6
+#define CRYPTOPP_VERSION 870
+
+// Compiler version macros
+
+#if defined(__GNUC__)
+# define CRYPTOPP_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
+#endif
+
+// Apple and LLVM Clang versions. Apple Clang version 7.0 roughly equals
+// LLVM Clang version 3.7. Also see https://gist.github.com/yamaya/2924292
+#if defined(__clang__) && defined(__apple_build_version__)
+# undef CRYPTOPP_GCC_VERSION
+# define CRYPTOPP_APPLE_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__)
+#elif defined(__clang__)
+# undef CRYPTOPP_GCC_VERSION
+# define CRYPTOPP_LLVM_CLANG_VERSION  (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__)
+#endif
+
+// Clang pretends to be other compilers. The compiler gets into
+// code paths that it cannot compile. Unset Clang to save the grief.
+// Also see http://github.com/weidai11/cryptopp/issues/147.
+
+#if defined(__xlc__) || defined(__xlC__)
+# undef CRYPTOPP_LLVM_CLANG_VERSION
+# define CRYPTOPP_XLC_VERSION ((__xlC__ / 256) * 10000 + (__xlC__ % 256) * 100)
+#endif
+
+#ifdef __INTEL_COMPILER
+# undef CRYPTOPP_LLVM_CLANG_VERSION
+# define CRYPTOPP_INTEL_VERSION (__INTEL_COMPILER)
+#endif
+
+#ifdef _MSC_VER
+# undef CRYPTOPP_LLVM_CLANG_VERSION
+# define CRYPTOPP_MSC_VERSION (_MSC_VER)
+#endif
+
+#endif  // CRYPTOPP_CONFIG_VERSION_H

Common/3dParty/cryptopp/crc.cpp

@@ -8,20 +8,20 @@
 
 NAMESPACE_BEGIN(CryptoPP)
 
-// crc-simd.cpp
+// crc_simd.cpp
 #if (CRYPTOPP_ARM_CRC32_AVAILABLE)
 extern void CRC32_Update_ARMV8(const byte *s, size_t n, word32& c);
 extern void CRC32C_Update_ARMV8(const byte *s, size_t n, word32& c);
 #endif
 
-// crc-simd.cpp
+// crc_simd.cpp
 #if (CRYPTOPP_SSE42_AVAILABLE)
 extern void CRC32C_Update_SSE42(const byte *s, size_t n, word32& c);
 #endif
 
 /* Table of CRC-32's of all single byte values (made by makecrc.c) */
 const word32 CRC32::m_tab[] = {
-#ifdef CRYPTOPP_LITTLE_ENDIAN
+#if (CRYPTOPP_LITTLE_ENDIAN)
 	0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
 	0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
 	0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
@@ -130,6 +130,15 @@ const word32 CRC32::m_tab[] = {
 #endif
 };
 
+std::string CRC32::AlgorithmProvider() const
+{
+#if (CRYPTOPP_ARM_CRC32_AVAILABLE)
+	if (HasCRC32())
+		return "ARMv8";
+#endif
+	return "C++";
+}
+
 CRC32::CRC32()
 {
 	Reset();
@@ -180,7 +189,7 @@ void CRC32::TruncatedFinal(byte *hash, size_t size)
 // Castagnoli CRC32C (iSCSI)
 
 const word32 CRC32C::m_tab[] = {
-#ifdef CRYPTOPP_LITTLE_ENDIAN
+#if (CRYPTOPP_LITTLE_ENDIAN)
     0x00000000L, 0xf26b8303L, 0xe13b70f7L, 0x1350f3f4L, 0xc79a971fL,
     0x35f1141cL, 0x26a1e7e8L, 0xd4ca64ebL, 0x8ad958cfL, 0x78b2dbccL,
     0x6be22838L, 0x9989ab3bL, 0x4d43cfd0L, 0xbf284cd3L, 0xac78bf27L,
@@ -289,6 +298,19 @@ const word32 CRC32C::m_tab[] = {
 #endif
 };
 
+std::string CRC32C::AlgorithmProvider() const
+{
+#if (CRYPTOPP_ARM_CRC32_AVAILABLE)
+	if (HasCRC32())
+		return "ARMv8";
+#endif
+#if (CRYPTOPP_SSE42_AVAILABLE)
+	if (HasSSE42())
+		return "SSE4.2";
+#endif
+	return "C++";
+}
+
 CRC32C::CRC32C()
 {
 	Reset();

Common/3dParty/cryptopp/crc.h

@@ -12,7 +12,7 @@ NAMESPACE_BEGIN(CryptoPP)
 
 const word32 CRC32_NEGL = 0xffffffffL;
 
-#ifdef CRYPTOPP_LITTLE_ENDIAN
+#if (CRYPTOPP_LITTLE_ENDIAN)
 #define CRC32_INDEX(c) (c & 0xff)
 #define CRC32_SHIFTED(c) (c >> 8)
 #else
@@ -25,16 +25,24 @@ const word32 CRC32_NEGL = 0xffffffffL;
 class CRC32 : public HashTransformation
 {
 public:
-	CRYPTOPP_CONSTANT(DIGESTSIZE = 4)
+	CRYPTOPP_CONSTANT(DIGESTSIZE = 4);
 	CRC32();
 	void Update(const byte *input, size_t length);
 	void TruncatedFinal(byte *hash, size_t size);
 	unsigned int DigestSize() const {return DIGESTSIZE;}
-    CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "CRC32";}
-    std::string AlgorithmName() const {return StaticAlgorithmName();}
+	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "CRC32";}
+	std::string AlgorithmName() const {return StaticAlgorithmName();}
 
+	/// \brief Updates a CRC with additional input
+	/// \param b the additional input as a byte
 	void UpdateByte(byte b) {m_crc = m_tab[CRC32_INDEX(m_crc) ^ b] ^ CRC32_SHIFTED(m_crc);}
-	byte GetCrcByte(size_t i) const {return ((byte *)&(m_crc))[i];}
+
+	/// \brief Retrieves the i-th byte of the CRC
+	/// \param i the additional input as a byte
+	/// \return the byte at the i-th position
+	byte GetCrcByte(size_t i) const {return reinterpret_cast<const byte *>(&m_crc)[i];}
+
+	std::string AlgorithmProvider() const;
 
 protected:
 	void Reset() {m_crc = CRC32_NEGL;}
@@ -50,16 +58,24 @@ private:
 class CRC32C : public HashTransformation
 {
 public:
-	CRYPTOPP_CONSTANT(DIGESTSIZE = 4)
+	CRYPTOPP_CONSTANT(DIGESTSIZE = 4);
 	CRC32C();
 	void Update(const byte *input, size_t length);
 	void TruncatedFinal(byte *hash, size_t size);
 	unsigned int DigestSize() const {return DIGESTSIZE;}
-    CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "CRC32C";}
-    std::string AlgorithmName() const {return StaticAlgorithmName();}
+	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "CRC32C";}
+	std::string AlgorithmName() const {return StaticAlgorithmName();}
 
+	/// \brief Updates a CRC with additional input
+	/// \param b the additional input as a byte
 	void UpdateByte(byte b) {m_crc = m_tab[CRC32_INDEX(m_crc) ^ b] ^ CRC32_SHIFTED(m_crc);}
-	byte GetCrcByte(size_t i) const {return ((byte *)&(m_crc))[i];}
+
+	/// \brief Retrieves the i-th byte of the CRC
+	/// \param i the additional input as a byte
+	/// \return the byte at the i-th position
+	byte GetCrcByte(size_t i) const {return reinterpret_cast<const byte *>(&m_crc)[i];}
+
+	std::string AlgorithmProvider() const;
 
 protected:
 	void Reset() {m_crc = CRC32_NEGL;}

Common/3dParty/cryptopp/crc_simd.cpp

@@ -1,158 +1,172 @@
-// crc-simd.cpp - written and placed in the public domain by
-//                Jeffrey Walton, Uri Blumenthal and Marcel Raad.
-//
-//    This source file uses intrinsics to gain access to SSE4.2 and
-//    ARMv8a CRC-32 and CRC-32C instructions. A separate source file
-//    is needed because additional CXXFLAGS are required to enable
-//    the appropriate instructions sets in some build configurations.
-
-#include "pch.h"
-#include "config.h"
-#include "misc.h"
-
-#if (CRYPTOPP_SSE42_AVAILABLE)
-# include <nmmintrin.h>
-#endif
-
-// Use ARMv8 rather than NEON due to compiler inconsistencies
-#if (CRYPTOPP_ARM_CRC32_AVAILABLE)
-# include <arm_neon.h>
-#endif
-
-// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many
-// compilers don't follow ACLE conventions for the include.
-#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE)
-# include <stdint.h>
-# include <arm_acle.h>
-#endif
-
-#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
-# include <signal.h>
-# include <setjmp.h>
-#endif
-
-#ifndef EXCEPTION_EXECUTE_HANDLER
-# define EXCEPTION_EXECUTE_HANDLER 1
-#endif
-
-NAMESPACE_BEGIN(CryptoPP)
-
-#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
-extern "C" {
-    typedef void (*SigHandler)(int);
-
-    static jmp_buf s_jmpSIGILL;
-    static void SigIllHandler(int)
-    {
-        longjmp(s_jmpSIGILL, 1);
-    }
-}
-#endif  // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
-
-#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64)
-
-bool CPU_ProbeCRC32()
-{
-#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
-	return false;
-#elif (CRYPTOPP_ARM_CRC32_AVAILABLE)
-# if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
-    volatile bool result = true;
-    __try
-    {
-        word32 w=0, x=1; word16 y=2; byte z=3;
-        w = __crc32w(w,x);
-        w = __crc32h(w,y);
-        w = __crc32b(w,z);
-        w = __crc32cw(w,x);
-        w = __crc32ch(w,y);
-        w = __crc32cb(w,z);
-
-        result = !!w;
-    }
-    __except (EXCEPTION_EXECUTE_HANDLER)
-    {
-        return false;
-    }
-    return result;
-#else
-
-    // longjmp and clobber warnings. Volatile is required.
-    // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
-    volatile bool result = true;
-
-    volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
-    if (oldHandler == SIG_ERR)
-        return false;
-
-    volatile sigset_t oldMask;
-    if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
-        return false;
-
-    if (setjmp(s_jmpSIGILL))
-        result = false;
-    else
-    {
-        word32 w=0, x=1; word16 y=2; byte z=3;
-        w = __crc32w(w,x);
-        w = __crc32h(w,y);
-        w = __crc32b(w,z);
-        w = __crc32cw(w,x);
-        w = __crc32ch(w,y);
-        w = __crc32cb(w,z);
-
-        // Hack... GCC optimizes away the code and returns true
-        result = !!w;
-    }
-
-    sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
-    signal(SIGILL, oldHandler);
-    return result;
-# endif
-#else
-    return false;
-#endif  // CRYPTOPP_ARM_CRC32_AVAILABLE
-}
-#endif  // ARM32 or ARM64
-
-#if (CRYPTOPP_ARM_CRC32_AVAILABLE)
-void CRC32_Update_ARMV8(const byte *s, size_t n, word32& c)
-{
-    for(; !IsAligned<word32>(s) && n > 0; s++, n--)
-        c = __crc32b(c, *s);
-
-    for(; n > 4; s+=4, n-=4)
-        c = __crc32w(c, *(const word32 *)(void*)s);
-
-    for(; n > 0; s++, n--)
-        c = __crc32b(c, *s);
-}
-
-void CRC32C_Update_ARMV8(const byte *s, size_t n, word32& c)
-{
-    for(; !IsAligned<word32>(s) && n > 0; s++, n--)
-        c = __crc32cb(c, *s);
-
-    for(; n > 4; s+=4, n-=4)
-        c = __crc32cw(c, *(const word32 *)(void*)s);
-
-    for(; n > 0; s++, n--)
-        c = __crc32cb(c, *s);
-}
-#endif
-
-#if (CRYPTOPP_SSE42_AVAILABLE)
-void CRC32C_Update_SSE42(const byte *s, size_t n, word32& c)
-{
-    for(; !IsAligned<word32>(s) && n > 0; s++, n--)
-        c = _mm_crc32_u8(c, *s);
-
-    for(; n > 4; s+=4, n-=4)
-        c = _mm_crc32_u32(c, *(const word32 *)(void*)s);
-
-    for(; n > 0; s++, n--)
-        c = _mm_crc32_u8(c, *s);
-}
-#endif
-
-NAMESPACE_END
+// crc_simd.cpp - written and placed in the public domain by
+//                Jeffrey Walton, Uri Blumenthal and Marcel Raad.
+//
+//    This source file uses intrinsics to gain access to SSE4.2 and
+//    ARMv8a CRC-32 and CRC-32C instructions. A separate source file
+//    is needed because additional CXXFLAGS are required to enable
+//    the appropriate instructions sets in some build configurations.
+
+#include "pch.h"
+#include "config.h"
+#include "misc.h"
+
+#if (CRYPTOPP_SSE42_AVAILABLE)
+# include <nmmintrin.h>
+#endif
+
+#if (CRYPTOPP_ARM_ACLE_HEADER)
+# include <stdint.h>
+# include <arm_acle.h>
+#endif
+
+#if (CRYPTOPP_ARM_CRC32_AVAILABLE)
+# include "arm_simd.h"
+#endif
+
+#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
+# include <signal.h>
+# include <setjmp.h>
+#endif
+
+#ifndef EXCEPTION_EXECUTE_HANDLER
+# define EXCEPTION_EXECUTE_HANDLER 1
+#endif
+
+#define CONST_WORD32_CAST(x) ((const word32 *)(void*)(x))
+
+// Squash MS LNK4221 and libtool warnings
+extern const char CRC_SIMD_FNAME[] = __FILE__;
+
+NAMESPACE_BEGIN(CryptoPP)
+
+#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
+extern "C" {
+    typedef void (*SigHandler)(int);
+
+    static jmp_buf s_jmpSIGILL;
+    static void SigIllHandler(int)
+    {
+        longjmp(s_jmpSIGILL, 1);
+    }
+}
+#endif  // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
+
+#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8)
+
+bool CPU_ProbeCRC32()
+{
+#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES)
+    return false;
+#elif (CRYPTOPP_ARM_CRC32_AVAILABLE)
+# if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
+    volatile bool result = true;
+    __try
+    {
+        word32 w=0, x=1; byte z=3;
+        w = CRC32W(w,x);
+        w = CRC32B(w,z);
+        w = CRC32CW(w,x);
+        w = CRC32CB(w,z);
+
+        result = !!w;
+    }
+    __except (EXCEPTION_EXECUTE_HANDLER)
+    {
+        return false;
+    }
+    return result;
+#else
+
+    // longjmp and clobber warnings. Volatile is required.
+    // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
+    volatile bool result = true;
+
+    volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler);
+    if (oldHandler == SIG_ERR)
+        return false;
+
+    volatile sigset_t oldMask;
+    if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask))
+    {
+        signal(SIGILL, oldHandler);
+        return false;
+    }
+
+    if (setjmp(s_jmpSIGILL))
+        result = false;
+    else
+    {
+        word32 w=0, x=1; byte z=3;
+        w = CRC32W(w,x);
+        w = CRC32B(w,z);
+        w = CRC32CW(w,x);
+        w = CRC32CB(w,z);
+
+        // Hack... GCC optimizes away the code and returns true
+        result = !!w;
+    }
+
+    sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR);
+    signal(SIGILL, oldHandler);
+    return result;
+# endif
+#else
+    return false;
+#endif  // CRYPTOPP_ARM_CRC32_AVAILABLE
+}
+#endif  // ARM32 or ARM64
+
+#if (CRYPTOPP_ARM_CRC32_AVAILABLE)
+void CRC32_Update_ARMV8(const byte *s, size_t n, word32& c)
+{
+    for(; !IsAligned<word32>(s) && n > 0; s++, n--)
+        c = CRC32B(c, *s);
+
+    for(; n >= 16; s+=16, n-=16)
+        c = CRC32Wx4(c, CONST_WORD32_CAST(s));
+
+    for(; n >= 4; s+=4, n-=4)
+        c = CRC32W(c, *CONST_WORD32_CAST(s));
+
+    for(; n > 0; s++, n--)
+        c = CRC32B(c, *s);
+}
+
+void CRC32C_Update_ARMV8(const byte *s, size_t n, word32& c)
+{
+    for(; !IsAligned<word32>(s) && n > 0; s++, n--)
+        c = CRC32CB(c, *s);
+
+    for(; n >= 16; s+=16, n-=16)
+        c = CRC32CWx4(c, CONST_WORD32_CAST(s));
+
+    for(; n >= 4; s+=4, n-=4)
+        c = CRC32CW(c, *CONST_WORD32_CAST(s));
+
+    for(; n > 0; s++, n--)
+        c = CRC32CB(c, *s);
+}
+#endif
+
+#if (CRYPTOPP_SSE42_AVAILABLE)
+void CRC32C_Update_SSE42(const byte *s, size_t n, word32& c)
+{
+    for(; !IsAligned<word32>(s) && n > 0; s++, n--)
+        c = _mm_crc32_u8(c, *s);
+
+    for(; n >= 16; s+=16, n-=16)
+	{
+        c = _mm_crc32_u32(_mm_crc32_u32(_mm_crc32_u32(_mm_crc32_u32(c,
+            *CONST_WORD32_CAST(s+ 0)), *CONST_WORD32_CAST(s+ 4)),
+            *CONST_WORD32_CAST(s+ 8)), *CONST_WORD32_CAST(s+12));
+	}
+
+    for(; n >= 4; s+=4, n-=4)
+        c = _mm_crc32_u32(c, *CONST_WORD32_CAST(s));
+
+    for(; n > 0; s++, n--)
+        c = _mm_crc32_u8(c, *s);
+}
+#endif
+
+NAMESPACE_END

Common/3dParty/cryptopp/cryptdll.vcxproj

@@ -1,322 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <!-- Microsoft documentation for VCXPROJ file format is located at -->
-  <!-- the following URL. The documentation leaves a lot to be desired. -->
-  <!-- https://msdn.microsoft.com/en-us/library/2208a1f2.aspx -->
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <!-- Microsoft documentation clearly shows the Global property group -->
-  <!-- preceeds the import of Cpp.Default.props and Cpp.props -->
-  <!-- https://msdn.microsoft.com/en-us/library/2208a1f2.aspx -->
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{94a428a1-9ba8-4db2-b76e-bd2e3c08f257}</ProjectGuid>
-    <RootNamespace>cryptdll</RootNamespace>
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-  </PropertyGroup>
-  <!-- Use DefaultPlatformToolset after Microsoft.Cpp.Default.props -->
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <!-- Set DefaultPlatformToolset to v100 (VS2010) if not defined -->
-  <PropertyGroup Label="EmptyDefaultPlatformToolset">
-    <DefaultPlatformToolset Condition=" '$(DefaultPlatformToolset)' == '' ">v100</DefaultPlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="PlatformToolset">
-    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings" />
-  <ImportGroup Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <!-- End of Visual Studio boilerplate -->
-  <!-- All Configurations -->
-  <PropertyGroup Label="All Configurations">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <TargetName>cryptopp</TargetName>
-    <TargetExt>.dll</TargetExt>
-    <UseOfMfc>false</UseOfMfc>
-    <CharacterSet>MultiByte</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <OutDir>$(Platform)\DLL_Output\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(ProjectName)\$(Configuration)\</IntDir>
-  </PropertyGroup>
-  <!-- All Configurations -->
-  <ItemDefinitionGroup Label="All Configurations">
-    <ClCompile>
-      <SuppressStartupBanner>true</SuppressStartupBanner>
-      <ErrorReporting>None</ErrorReporting>
-      <WarningLevel>Level4</WarningLevel>
-      <DisableSpecificWarnings>4231; 4251; 4275; 4355; 4505</DisableSpecificWarnings>
-      <PrecompiledHeader>Use</PrecompiledHeader>
-      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
-    </ClCompile>
-    <Link>
-      <ErrorReporting>NoErrorReport</ErrorReporting>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <ProgramDatabaseFile>$(OutDir)\cryptopp.pdb</ProgramDatabaseFile>
-      <BaseAddress>0x42900000</BaseAddress>
-      <RandomizedBaseAddress>false</RandomizedBaseAddress>
-      <PreventDllBinding>true</PreventDllBinding>
-      <OutputFile>$(OutDir)\cryptopp.dll</OutputFile>
-      <ImportLibrary>$(TargetDir)\cryptopp.lib</ImportLibrary>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- Debug Configurations -->
-  <ItemDefinitionGroup Condition="'$(Configuration)'=='Debug'" Label="Debug Configuration">
-    <ClCompile>
-      <PreprocessorDefinitions>CRYPTOPP_EXPORTS;CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2=1;USE_PRECOMPILED_HEADERS</PreprocessorDefinitions>
-      <Optimization>Disabled</Optimization>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
-    </ClCompile>
-    <ResourceCompile>
-      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <Culture>0x0409</Culture>
-    </ResourceCompile>
-  </ItemDefinitionGroup>
-  <!-- Release Configurations -->
-  <ItemDefinitionGroup Condition="'$(Configuration)'=='Release'" Label="Release Configuration">
-    <ClCompile>
-      <PreprocessorDefinitions>NDEBUG;CRYPTOPP_EXPORTS;CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2=1;USE_PRECOMPILED_HEADERS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <OmitFramePointers>true</OmitFramePointers>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <StringPooling>true</StringPooling>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-    </ClCompile>
-    <ResourceCompile>
-      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <Culture>0x0409</Culture>
-    </ResourceCompile>
-    <Link>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- X86 Configurations -->
-  <ItemDefinitionGroup Condition="'$(Platform)'=='Win32'" Label="X86 Configuration">
-    <ClCompile>
-      <EnableEnhancedInstructionSet>StreamingSIMDExtensions2</EnableEnhancedInstructionSet>
-    </ClCompile>
-    <Link>
-      <TargetMachine>MachineX86</TargetMachine>
-      <ImageHasSafeExceptionHandlers>true</ImageHasSafeExceptionHandlers>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- X64 Configurations -->
-  <ItemDefinitionGroup Condition="'$(Platform)'=='x64'" Label="X64 Configuration">
-    <Link>
-      <TargetMachine>MachineX64</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- Win32/Debug cryptest.exe for DLL MAC'ing -->
-  <!-- Broken at the moment; see http://stackoverflow.com/q/39900437 -->
-  <!--   and http://stackoverflow.com/q/39929817/608639              -->
-  <!--
-  <Target Condition="!Exists('Win32\Output\Debug\cryptest.exe')" Name="MAC tool" Label="MAC tool">
-    <Message
-	  Text="Creating Win32/Debug cryptest.exe for MAC computation" />
-    <MSbuild
-      Projects="cryptlib.vcxproj"
-      Properties="Configuration=Debug;Platform=Win32;"/>
-    <MSbuild
-      Projects="cryptest.vcxproj"
-      Properties="Configuration=Debug;Platform=Win32;"/>
-  </Target>
-  -->
-  <ItemDefinitionGroup Condition="!Exists('Win32\Output\Debug\cryptest.exe')" Label="MAC tool">
-    <PreBuildEvent>
-      <Message>Creating Win32/Debug cryptest.exe for MAC computation</Message>
-      <Command>
-        msbuild /t:Build /p:Configuration=Debug;Platform=Win32 cryptlib.vcxproj
-        msbuild /t:Build /p:Configuration=Debug;Platform=Win32 cryptest.vcxproj
-      </Command>
-    </PreBuildEvent>
-  </ItemDefinitionGroup>
-  <!-- DLL MAC'ing performed by cryptest.exe -->
-  <ItemDefinitionGroup Label="DLL MAC">
-    <PostBuildEvent>
-      <Message>Adding MAC to DLL</Message>
-      <Command>
-        Win32\output\debug\cryptest.exe mac_dll "$(TargetPath)"
-        IF %ERRORLEVEL% EQU 0 (echo mac done &gt; "$(OutDir)"\cryptopp.mac.done)
-      </Command>
-      <Inputs>%(Inputs)</Inputs>
-      <Outputs>$(OutDir)cryptopp.mac.done;%(Outputs)</Outputs>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <!-- Original File with special treatment -->
-  <ItemGroup>
-    <CustomBuild Condition="'$(Platform)'=='x64' AND ('$(Configuration)'=='Debug' Or '$(Configuration)'=='Release')" Include="x64dll.asm">
-      <Message>Building and assembling x64dll.asm</Message>
-      <Command>ml64.exe /c /nologo /D_M_X64 /W3 /Zi /Fo"$(IntDir)x64dll.obj" "%(FullPath)"</Command>
-      <Outputs>$(IntDir)x64dll.obj;%(Outputs)</Outputs>
-    </CustomBuild>
-  </ItemGroup>
-  <!-- Source Files -->
-  <ItemGroup>
-    <ClCompile Include="pch.cpp">
-      <PrecompiledHeader>Create</PrecompiledHeader>
-    </ClCompile>
-    <ClCompile Include="dll.cpp">
-      <PrecompiledHeader />
-    </ClCompile>
-    <ClCompile Include="iterhash.cpp">
-      <PrecompiledHeader />
-    </ClCompile>
-    <ClCompile Include="algebra.cpp" />
-    <ClCompile Include="algparam.cpp" />
-    <ClCompile Include="asn.cpp" />
-    <ClCompile Include="authenc.cpp" />
-    <ClCompile Include="basecode.cpp" />
-    <ClCompile Include="cbcmac.cpp" />
-    <ClCompile Include="ccm.cpp" />
-    <ClCompile Include="channels.cpp" />
-    <ClCompile Include="cmac.cpp" />
-    <ClCompile Include="cpu.cpp" />
-    <ClCompile Include="cryptlib.cpp" />
-    <ClCompile Include="des.cpp" />
-    <ClCompile Include="dessp.cpp" />
-    <ClCompile Include="dh.cpp" />
-    <ClCompile Include="dsa.cpp" />
-    <ClCompile Include="ec2n.cpp" />
-    <ClCompile Include="eccrypto.cpp" />
-    <ClCompile Include="ecp.cpp" />
-    <ClCompile Include="emsa2.cpp" />
-    <ClCompile Include="eprecomp.cpp" />
-    <ClCompile Include="files.cpp" />
-    <ClCompile Include="filters.cpp" />
-    <ClCompile Include="fips140.cpp" />
-    <ClCompile Include="fipstest.cpp" />
-    <ClCompile Include="gcm.cpp" />
-    <ClCompile Include="gcm-simd.cpp" />
-    <ClCompile Include="gf2n.cpp" />
-    <ClCompile Include="gfpcrypt.cpp" />
-    <ClCompile Include="hex.cpp" />
-    <ClCompile Include="hmac.cpp" />
-    <ClCompile Include="hrtimer.cpp" />
-    <ClCompile Include="integer.cpp" />
-    <ClCompile Include="misc.cpp" />
-    <ClCompile Include="modes.cpp" />
-    <ClCompile Include="mqueue.cpp" />
-    <ClCompile Include="nbtheory.cpp" />
-    <ClCompile Include="oaep.cpp" />
-    <ClCompile Include="osrng.cpp" />
-    <ClCompile Include="pkcspad.cpp" />
-    <ClCompile Include="pssr.cpp" />
-    <ClCompile Include="pubkey.cpp" />
-    <ClCompile Include="queue.cpp" />
-    <ClCompile Include="randpool.cpp" />
-    <ClCompile Include="rdtables.cpp" />
-    <ClCompile Include="rijndael.cpp" />
-    <ClCompile Include="rijndael-simd.cpp" />
-    <ClCompile Include="rng.cpp" />
-    <ClCompile Include="rsa.cpp" />
-    <ClCompile Include="rw.cpp" />
-    <ClCompile Include="sha.cpp" />
-    <ClCompile Include="sha-simd.cpp" />
-    <ClCompile Include="simple.cpp" />
-    <ClCompile Include="skipjack.cpp" />
-    <ClCompile Include="sse-simd.cpp" />
-    <ClCompile Include="strciphr.cpp" />
-    <ClCompile Include="trdlocal.cpp" />
-  </ItemGroup>
-  <!-- Header Files -->
-  <ItemGroup>
-    <ClInclude Include="aes.h" />
-    <ClInclude Include="algebra.h" />
-    <ClInclude Include="algparam.h" />
-    <ClInclude Include="argnames.h" />
-    <ClInclude Include="asn.h" />
-    <ClInclude Include="authenc.h" />
-    <ClInclude Include="basecode.h" />
-    <ClInclude Include="cbcmac.h" />
-    <ClInclude Include="ccm.h" />
-    <ClInclude Include="channels.h" />
-    <ClInclude Include="cmac.h" />
-    <ClInclude Include="config.h" />
-    <ClInclude Include="cpu.h" />
-    <ClInclude Include="cryptlib.h" />
-    <ClInclude Include="des.h" />
-    <ClInclude Include="dh.h" />
-    <ClInclude Include="dll.h" />
-    <ClInclude Include="dsa.h" />
-    <ClInclude Include="ec2n.h" />
-    <ClInclude Include="eccrypto.h" />
-    <ClInclude Include="ecp.h" />
-    <ClInclude Include="ecpoint.h" />
-    <ClInclude Include="emsa2.h" />
-    <ClInclude Include="eprecomp.h" />
-    <ClInclude Include="files.h" />
-    <ClInclude Include="filters.h" />
-    <ClInclude Include="fips140.h" />
-    <ClInclude Include="fltrimpl.h" />
-    <ClInclude Include="gcm.h" />
-    <ClInclude Include="gf2n.h" />
-    <ClInclude Include="gfpcrypt.h" />
-    <ClInclude Include="hex.h" />
-    <ClInclude Include="hmac.h" />
-    <ClInclude Include="integer.h" />
-    <ClInclude Include="iterhash.h" />
-    <ClInclude Include="mdc.h" />
-    <ClInclude Include="misc.h" />
-    <ClInclude Include="modarith.h" />
-    <ClInclude Include="modes.h" />
-    <ClInclude Include="modexppc.h" />
-    <ClInclude Include="mqueue.h" />
-    <ClInclude Include="mqv.h" />
-    <ClInclude Include="nbtheory.h" />
-    <ClInclude Include="oaep.h" />
-    <ClInclude Include="oids.h" />
-    <ClInclude Include="osrng.h" />
-    <ClInclude Include="pch.h" />
-    <ClInclude Include="pkcspad.h" />
-    <ClInclude Include="pssr.h" />
-    <ClInclude Include="pubkey.h" />
-    <ClInclude Include="queue.h" />
-    <ClInclude Include="randpool.h" />
-    <ClInclude Include="rijndael.h" />
-    <ClInclude Include="rng.h" />
-    <ClInclude Include="rsa.h" />
-    <ClInclude Include="rw.h" />
-    <ClInclude Include="secblock.h" />
-    <ClInclude Include="seckey.h" />
-    <ClInclude Include="sha.h" />
-    <ClInclude Include="simple.h" />
-    <ClInclude Include="skipjack.h" />
-    <ClInclude Include="smartptr.h" />
-    <ClInclude Include="stdcpp.h" />
-    <ClInclude Include="strciphr.h" />
-    <ClInclude Include="trap.h" />
-    <ClInclude Include="trdlocal.h" />
-    <ClInclude Include="words.h" />
-  </ItemGroup>
-  <!-- Back to Visual Studio boilerplate -->
-  <ItemGroup>
-    <ResourceCompile Include="cryptopp.rc" />
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-    <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
-  </ImportGroup>
-</Project>

Common/3dParty/cryptopp/cryptdll.vcxproj.filters

@@ -1,405 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <Filter Include="Source Files">
-      <UniqueIdentifier>{82666edd-7baf-4a5a-922c-a06edc2198bd}</UniqueIdentifier>
-      <Extensions>cpp;c;cxx;rc;def;r;odl;idl;hpj;bat</Extensions>
-    </Filter>
-    <Filter Include="Header Files">
-      <UniqueIdentifier>{2029b271-c489-4b4c-9ce5-261b4cfe2d78}</UniqueIdentifier>
-      <Extensions>.h</Extensions>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="algebra.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="algparam.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="asn.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="authenc.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="basecode.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="cbcmac.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="ccm.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="channels.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="cmac.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="cpu.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="cryptlib.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="des.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="dessp.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="dh.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="dll.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="dsa.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="ec2n.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="eccrypto.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="ecp.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="emsa2.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="eprecomp.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="files.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="filters.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="fips140.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="fipstest.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="gcm.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="gcm-simd.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="gf2n.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="gfpcrypt.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="hex.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="hmac.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="hrtimer.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="integer.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="iterhash.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="misc.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="modes.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="mqueue.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="nbtheory.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="oaep.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="osrng.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="pch.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="pkcspad.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="pssr.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="pubkey.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="queue.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="randpool.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="rdtables.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="rijndael.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="rijndael-simd.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="rng.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="rsa.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="rw.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="sha.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="sha-simd.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="simple.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="skipjack.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="sse-simd.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="strciphr.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="trdlocal.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="aes.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="algebra.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="algparam.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="argnames.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="asn.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="authenc.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="basecode.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="cbcmac.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="ccm.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="channels.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="cmac.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="config.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="cpu.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="cryptlib.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="des.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="dh.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="dll.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="dsa.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="ec2n.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="eccrypto.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="ecp.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="ecpoint.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="emsa2.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="eprecomp.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="files.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="filters.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="fips140.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="fltrimpl.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="gcm.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="gf2n.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="gfpcrypt.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="hex.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="hmac.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="integer.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="iterhash.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="mdc.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="misc.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="modarith.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="modes.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="modexppc.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="mqueue.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="mqv.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="nbtheory.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="oaep.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="oids.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="osrng.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="pch.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="pkcspad.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="pssr.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="pubkey.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="queue.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="randpool.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="rijndael.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="rng.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="rsa.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="rw.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="secblock.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="seckey.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="sha.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="simple.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="skipjack.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="smartptr.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="stdcpp.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="strciphr.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="trap.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="trdlocal.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="words.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-  </ItemGroup>
-  <ItemGroup>
-    <ResourceCompile Include="cryptopp.rc">
-      <Filter>Source Files</Filter>
-    </ResourceCompile>
-  </ItemGroup>
-  <ItemGroup>
-    <CustomBuild Include="x64dll.asm">
-      <Filter>Source Files</Filter>
-    </CustomBuild>
-  </ItemGroup>
-</Project>

Common/3dParty/cryptopp/cryptest.nmake

@@ -1,174 +0,0 @@
-# cryptest.nmake - written and placed in public domain by Jeffrey Walton.
-#                  Copyright assigned to the Crypto++ project.
-
-# This makefile is used for testing and building cryptlib.lib and cryptest.exe under nmake. Open a
-#   Visual Studio Developer Prompt and then run "nmake /f cryptest.nmake". The build procedure will
-#   reveal not-so-readily-apparent problems under Microsoft ARM and Metro UI apps.
-
-# The makefile is not intended for production use, though it may be used as a starting point.
-#   For example, you can add switches like /MT and /MTd for dynamic runtime linking against
-#   the Microsoft C++ Runtime libraries. If you are building for Windows Phone or Windows Store, then
-#   you probably want to remove /D_MBCS. The resulting cryptlib.lib may be suitable as a starting
-#   point for a DLL project using Crypto++.
-
-# You must also add /DCRYPTOPP_DEBUG or /DDEBUG if you want a debug build with the library's assert.
-#   The library moved from Posix NDEBUG and assert() to CRYPTOPP_ASSERT at 5.6.5 due to CVE-2016-7420.
-#   CRYPTOPP_ASSERT has the additional benefit of using DebugBreak(), and the  program does not crash
-#   while you are debugging it like would happen with Posix assert().
-
-# The list of LIB_SRCS and TEST_SRCS was generated under Linux with "make sources". The list of
-#   LIB_OBJS and TEST_OBJS was generated under Linux with "make sources | sed 's|.cpp|.obj|g'".
-#   The order of the firt three object files are significant. See C++ Static Initialization Order
-#   Fisaco on the Crypto++ wiki for details.
-
-# You are free to add and remove files to the list. For example, you can remove rdrand.asm
-#   build it using NASM, and then include the NASM object file rdrand_x86.obj or rdrand_x64.obj.
-
-###########################################################################################
-
-# To test debug builds, use the following CXXFLAGS:
-#   - /DDEBUG /D_DEBUG /Oi /Oy- /Od
-# To test release builds, use the following CXXFLAGS:
-#   - /DNDEBUG /D_NDEBUG /Oi /Oy /O2
-# To test with static C++ runtime linking, use the following CXXFLAGS (default below):
-#   - /MT (release) or /MTd (debug)
-# To test with dynamic C++ runtime linking, use the following CXXFLAGS:
-#   - /MD (release) or /MDd (debug)
-# To test Desktop app, use the following CXXFLAGS:
-#   - /DWINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP
-# To test Windows Store app, use the following CXXFLAGS:
-#   - /DWINAPI_FAMILY=WINAPI_FAMILY_APP
-# To test Windows Phone, use the following CXXFLAGS:
-#   - /DWINAPI_FAMILY=WINAPI_FAMILY_PHONE_APP
-# To test Surface RT (ARM tablet), use the following CXXFLAGS:
-#   - /D_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE=1 /DWINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP
-
-###########################################################################################
-
-# If you use 'make sources' from Linux makefile, then add 'winpipes.cpp' to the list below.
-
-LIB_SRCS = cryptlib.cpp cpu.cpp integer.cpp 3way.cpp adler32.cpp algebra.cpp algparam.cpp arc4.cpp aria-simd.cpp aria.cpp ariatab.cpp asn.cpp authenc.cpp base32.cpp base64.cpp basecode.cpp bfinit.cpp blake2-simd.cpp blake2.cpp blowfish.cpp blumshub.cpp camellia.cpp cast.cpp casts.cpp cbcmac.cpp ccm.cpp chacha.cpp channels.cpp cmac.cpp crc-simd.cpp crc.cpp default.cpp des.cpp dessp.cpp dh.cpp dh2.cpp dll.cpp dsa.cpp eax.cpp ec2n.cpp eccrypto.cpp ecp.cpp elgamal.cpp emsa2.cpp eprecomp.cpp esign.cpp files.cpp filters.cpp fips140.cpp fipstest.cpp gcm-simd.cpp gcm.cpp gf256.cpp gf2_32.cpp gf2n.cpp gfpcrypt.cpp gost.cpp gzip.cpp hex.cpp hmac.cpp hrtimer.cpp ida.cpp idea.cpp iterhash.cpp kalyna.cpp kalynatab.cpp keccak.cpp luc.cpp mars.cpp marss.cpp md2.cpp md4.cpp md5.cpp misc.cpp modes.cpp mqueue.cpp mqv.cpp nbtheory.cpp neon-simd.cpp network.cpp oaep.cpp osrng.cpp padlkrng.cpp panama.cpp pkcspad.cpp poly1305.cpp polynomi.cpp pssr.cpp pubkey.cpp queue.cpp rabin.cpp randpool.cpp rc2.cpp rc5.cpp rc6.cpp rdrand.cpp rdtables.cpp rijndael-simd.cpp rijndael.cpp ripemd.cpp rng.cpp rsa.cpp rw.cpp safer.cpp salsa.cpp scrypt.cpp seal.cpp seed.cpp serpent.cpp sha-simd.cpp sha.cpp sha3.cpp shacal2-simd.cpp shacal2.cpp shark.cpp sharkbox.cpp simon.cpp simon-simd.cpp skipjack.cpp sm3.cpp sm4.cpp socketft.cpp sosemanuk.cpp speck.cpp speck-simd.cpp square.cpp squaretb.cpp sse-simd.cpp strciphr.cpp tea.cpp tftables.cpp threefish.cpp tiger.cpp tigertab.cpp trdlocal.cpp ttmac.cpp tweetnacl.cpp twofish.cpp vmac.cpp wait.cpp wake.cpp whrlpool.cpp winpipes.cpp xtr.cpp xtrcrypt.cpp zdeflate.cpp zinflate.cpp zlib.cpp
-
-LIB_OBJS = cryptlib.obj cpu.obj integer.obj 3way.obj adler32.obj algebra.obj algparam.obj arc4.obj aria-simd.obj aria.obj ariatab.obj asn.obj authenc.obj base32.obj base64.obj basecode.obj bfinit.obj blake2-simd.obj blake2.obj blowfish.obj blumshub.obj camellia.obj cast.obj casts.obj cbcmac.obj ccm.obj chacha.obj channels.obj cmac.obj crc-simd.obj crc.obj default.obj des.obj dessp.obj dh.obj dh2.obj dll.obj dsa.obj eax.obj ec2n.obj eccrypto.obj ecp.obj elgamal.obj emsa2.obj eprecomp.obj esign.obj files.obj filters.obj fips140.obj fipstest.obj gcm-simd.obj gcm.obj gf256.obj gf2_32.obj gf2n.obj gfpcrypt.obj gost.obj gzip.obj hex.obj hmac.obj hrtimer.obj ida.obj idea.obj iterhash.obj kalyna.obj kalynatab.obj keccak.obj luc.obj mars.obj marss.obj md2.obj md4.obj md5.obj misc.obj modes.obj mqueue.obj mqv.obj nbtheory.obj neon-simd.obj network.obj oaep.obj osrng.obj padlkrng.obj panama.obj pkcspad.obj poly1305.obj polynomi.obj pssr.obj pubkey.obj queue.obj rabin.obj randpool.obj rc2.obj rc5.obj rc6.obj rdrand.obj rdtables.obj rijndael-simd.obj rijndael.obj ripemd.obj rng.obj rsa.obj rw.obj safer.obj salsa.obj scrypt.obj seal.obj seed.obj serpent.obj sha-simd.obj sha.obj sha3.obj shacal2-simd.obj shacal2.obj shark.obj sharkbox.obj simon.obj simon-simd.obj skipjack.obj sm3.obj sm4.obj socketft.obj sosemanuk.obj speck.obj speck-simd.obj square.obj squaretb.obj sse-simd.obj strciphr.obj tea.obj tftables.obj threefish.obj tiger.obj tigertab.obj trdlocal.obj ttmac.obj tweetnacl.obj twofish.obj vmac.obj wait.obj wake.obj whrlpool.obj winpipes.obj xtr.obj xtrcrypt.obj zdeflate.obj zinflate.obj zlib.obj
-
-TEST_SRCS = bench1.cpp bench2.cpp test.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp validat4.cpp datatest.cpp regtest1.cpp regtest2.cpp regtest3.cpp fipsalgt.cpp dlltest.cpp fipstest.cpp
-
-TEST_OBJS = bench1.obj bench2.obj test.obj validat0.obj validat1.obj validat2.obj validat3.obj validat4.obj datatest.obj regtest1.obj regtest2.obj regtest3.obj fipsalgt.obj dlltest.obj fipstest.obj
-
-CXX = cl.exe
-LD = link.exe
-AR = lib.exe
-RM = del.exe
-
-# C4231 is needed for VS2008 and below. Lots of noise...
-CXXFLAGS = /nologo /W4 /wd4231 /wd4511 /wd4156 /D_MBCS /Zi /TP /GR /EHsc
-LDFLAGS = /nologo /SUBSYSTEM:CONSOLE
-ARFLAGS = /nologo
-LDLIBS =
-
-# Debug build
-# CXXFLAGS = $(CXXFLAGS) /DDEBUG /D_DEBUG /Oi /Oy- /Od /MTd
-# Release build
-CXXFLAGS = $(CXXFLAGS) /DNDEBUG /D_NDEBUG /Oi /Oy /O2 /MT
-
-# Attempt to detect when <sdkddkver.h> and <winapifamily.h> are available
-#   http://stackoverflow.com/q/40577415 ?
-!IF "$(WINDOWSSDKDIR)" != "" || "$(WINDOWSSDKLIBVERSION)" != ""
-CXXFLAGS = $(CXXFLAGS) /FI sdkddkver.h
-!ENDIF
-!IF "$(WINDOWSPHONEKITDIR)" != "" || "$(UNIVERSALCRTSDKDIR)" != "" || "$(UCRTVERSION)" != ""
-CXXFLAGS = $(CXXFLAGS) /FI winapifamily.h
-!ELSEIF "$(PLATFORM)" == "ARM" || "$(PLATFORM)" == "arm" || "$(PLATFORM)" == "ARM64" || "$(PLATFORM)" == "arm64"
-CXXFLAGS = $(CXXFLAGS) /FI winapifamily.h
-!ENDIF
-
-# Check for empty Platform and Processor
-!IF "$(PLATFORM)" == ""
-!IF "$(PROCESSOR_ARCHITECTURE)" == "x86"
-PLATFORM = x86
-!ELSEIF "$(PROCESSOR_ARCHITECTURE)" == "x64" || "$(PROCESSOR_ARCHITECTURE)" == "AMD64"
-PLATFORM = x64
-!ELSE
-!ERROR "Unknown platform"
-!ENDIF
-!ENDIF
-
-!MESSAGE
-!MESSAGE ******************************
-!MESSAGE Platform is $(PLATFORM)
-!MESSAGE ******************************
-!MESSAGE
-
-!IF "$(PLATFORM)" == "x86" || "$(PLATFORM)" == "X86"
-# CXXFLAGS = $(CXXFLAGS) /arch:SSE2
-# CXXFLAGS = $(CXXFLAGS) /DWINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP
-# CXXFLAGS = $(CXXFLAGS) /DWINAPI_FAMILY=WINAPI_FAMILY_APP
-AS = ml.exe
-ASFLAGS = /nologo /D_M_X86 /W3 /Cx /Zi /safeseh
-LIB_SRCS = $(LIB_SRCS) rdrand.cpp rdrand.asm
-LIB_OBJS = $(LIB_OBJS) rdrand.obj rdrand-x86.obj
-LDFLAGS = $(LDFLAGS) /MACHINE:X86
-LDLIBS = $(LDLIBS) ws2_32.lib kernel32.lib
-!ENDIF
-
-# May need $(VCINSTALLDIR)\bin\amd64\ml64.exe
-!IF "$(PLATFORM)" == "x64" || "$(PLATFORM)" == "X64" || "$(PLATFORM)" == "amd64"
-# CXXFLAGS = $(CXXFLAGS) /arch:AVX2
-# CXXFLAGS = $(CXXFLAGS) /DWINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP
-# CXXFLAGS = $(CXXFLAGS) /DWINAPI_FAMILY=WINAPI_FAMILY_APP
-AS = ml64.exe
-ASFLAGS = /nologo /D_M_X64 /W3 /Cx /Zi
-LIB_SRCS = $(LIB_SRCS) rdrand.cpp rdrand.asm
-LIB_OBJS = $(LIB_OBJS) rdrand.obj rdrand-x64.obj x64masm.obj x64dll.obj
-LDFLAGS = $(LDFLAGS) /MACHINE:X64
-LDLIBS = $(LDLIBS) ws2_32.lib kernel32.lib
-!ENDIF
-
-# We still don't know what we need for ARM64 on Windows. ARM64 and arm64 may be incorrect
-!IF "$(PLATFORM)" == "ARM" || "$(PLATFORM)" == "arm" || "$(PLATFORM)" == "ARM64" || "$(PLATFORM)" == "arm64"
-# CXXFLAGS = $(CXXFLAGS) /D_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE=1 /DWINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP
-CXXFLAGS = $(CXXFLAGS) /DWINAPI_FAMILY=WINAPI_FAMILY_PHONE_APP
-LIB_SRCS = $(LIB_SRCS) neon-simd.cpp
-LIB_OBJS = $(LIB_OBJS) neon-simd.obj
-# CXXFLAGS = $(CXXFLAGS) /DWINAPI_FAMILY=WINAPI_FAMILY_APP
-# LDLIBS = $(LDLIBS) ws2_32.lib
-!ENDIF
-
-all: cryptest.exe
-
-cryptest.exe: pch.pch cryptlib.lib $(TEST_OBJS)
-	$(LD) $(LDFLAGS) $(TEST_OBJS) cryptlib.lib $(LDLIBS) /out:$@
-
-cryptlib.lib: $(LIB_OBJS)
-	$(AR) $(ARFLAGS) $(LIB_OBJS) /out:$@
-
-clean:
-	$(RM) /F /Q pch.pch $(LIB_OBJS) pch.obj rdrand-x86.obj rdrand-x64.obj x64masm.obj x64dll.obj cryptlib.lib $(TEST_OBJS) cryptest.exe *.pdb
-
-# Precompiled header
-pch.pch: pch.h pch.cpp
-	$(CXX) $(CXXFLAGS) /Yc"pch.h" /Fp"pch.pch" /c pch.cpp
-
-# No precompiled headers
-iterhash.obj:
-	$(CXX) $(CXXFLAGS) /Y- /c iterhash.cpp
-dll.obj:
-	$(CXX) $(CXXFLAGS) /Y- /c dll.cpp
-rdrand.obj:
-	$(CXX) $(CXXFLAGS) /c rdrand.cpp
-
-# Built for x86/x64
-rdrand-x86.obj:
-	$(AS) $(ASFLAGS) /Fo rdrand-x86.obj /c rdrand.asm
-rdrand-x64.obj:
-	$(AS) $(ASFLAGS) /Fo rdrand-x64.obj /c rdrand.asm
-x64masm.obj:
-	$(AS) $(ASFLAGS) /Fo x64masm.obj /c x64masm.asm
-x64dll.obj:
-	$(AS) $(ASFLAGS) /Fo x64dll.obj /c x64dll.asm
-
-.cpp.obj:
-	$(CXX) $(CXXFLAGS) /c $<
-
-.asm.obj:
-	$(AS) $(ASFLAGS) /c $<

Common/3dParty/cryptopp/cryptest.sln

@@ -1,89 +0,0 @@
-Microsoft Visual Studio Solution File, Format Version 11.00
-# Visual Studio 2010
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cryptest", "cryptest.vcxproj", "{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}"
-	ProjectSection(ProjectDependencies) = postProject
-		{C39F4B46-6E89-4074-902E-CA57073044D2} = {C39F4B46-6E89-4074-902E-CA57073044D2}
-	EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cryptlib", "cryptlib.vcxproj", "{C39F4B46-6E89-4074-902E-CA57073044D2}"
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dlltest", "dlltest.vcxproj", "{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}"
-	ProjectSection(ProjectDependencies) = postProject
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257} = {94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}
-	EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cryptdll", "cryptdll.vcxproj", "{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Win32 = Debug|Win32
-		Debug|x64 = Debug|x64
-		DLL-Import Debug|Win32 = DLL-Import Debug|Win32
-		DLL-Import Debug|x64 = DLL-Import Debug|x64
-		DLL-Import Release|Win32 = DLL-Import Release|Win32
-		DLL-Import Release|x64 = DLL-Import Release|x64
-		Release|Win32 = Release|Win32
-		Release|x64 = Release|x64
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.Debug|Win32.ActiveCfg = Debug|Win32
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.Debug|Win32.Build.0 = Debug|Win32
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.Debug|x64.ActiveCfg = Debug|x64
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.Debug|x64.Build.0 = Debug|x64
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.DLL-Import Debug|Win32.ActiveCfg = DLL-Import Debug|Win32
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.DLL-Import Debug|Win32.Build.0 = DLL-Import Debug|Win32
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.DLL-Import Debug|x64.ActiveCfg = DLL-Import Debug|x64
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.DLL-Import Debug|x64.Build.0 = DLL-Import Debug|x64
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.DLL-Import Release|Win32.ActiveCfg = DLL-Import Release|Win32
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.DLL-Import Release|Win32.Build.0 = DLL-Import Release|Win32
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.DLL-Import Release|x64.ActiveCfg = DLL-Import Release|x64
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.DLL-Import Release|x64.Build.0 = DLL-Import Release|x64
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.Release|Win32.ActiveCfg = Release|Win32
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.Release|Win32.Build.0 = Release|Win32
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.Release|x64.ActiveCfg = Release|x64
-		{09CDAC08-E6AE-48A9-8DE7-0FBC779EEBDE}.Release|x64.Build.0 = Release|x64
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.Debug|Win32.ActiveCfg = Debug|Win32
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.Debug|Win32.Build.0 = Debug|Win32
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.Debug|x64.ActiveCfg = Debug|x64
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.Debug|x64.Build.0 = Debug|x64
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.DLL-Import Debug|Win32.ActiveCfg = DLL-Import Debug|Win32
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.DLL-Import Debug|Win32.Build.0 = DLL-Import Debug|Win32
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.DLL-Import Debug|x64.ActiveCfg = DLL-Import Debug|x64
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.DLL-Import Debug|x64.Build.0 = DLL-Import Debug|x64
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.DLL-Import Release|Win32.ActiveCfg = DLL-Import Release|Win32
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.DLL-Import Release|Win32.Build.0 = DLL-Import Release|Win32
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.DLL-Import Release|x64.ActiveCfg = DLL-Import Release|x64
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.DLL-Import Release|x64.Build.0 = DLL-Import Release|x64
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.Release|Win32.ActiveCfg = Release|Win32
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.Release|Win32.Build.0 = Release|Win32
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.Release|x64.ActiveCfg = Release|x64
-		{C39F4B46-6E89-4074-902E-CA57073044D2}.Release|x64.Build.0 = Release|x64
-		{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}.Debug|Win32.ActiveCfg = Debug|Win32
-		{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}.Debug|x64.ActiveCfg = Debug|x64
-		{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}.DLL-Import Debug|Win32.ActiveCfg = Debug|Win32
-		{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}.DLL-Import Debug|Win32.Build.0 = Debug|Win32
-		{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}.DLL-Import Debug|x64.ActiveCfg = Debug|x64
-		{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}.DLL-Import Debug|x64.Build.0 = Debug|x64
-		{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}.DLL-Import Release|Win32.ActiveCfg = Release|Win32
-		{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}.DLL-Import Release|Win32.Build.0 = Release|Win32
-		{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}.DLL-Import Release|x64.ActiveCfg = Release|x64
-		{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}.DLL-Import Release|x64.Build.0 = Release|x64
-		{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}.Release|Win32.ActiveCfg = Release|Win32
-		{1974A53A-9863-41C9-886D-B2B8C2FC3C8B}.Release|x64.ActiveCfg = Release|x64
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}.Debug|Win32.ActiveCfg = Debug|Win32
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}.Debug|x64.ActiveCfg = Debug|x64
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}.DLL-Import Debug|Win32.ActiveCfg = Debug|Win32
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}.DLL-Import Debug|Win32.Build.0 = Debug|Win32
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}.DLL-Import Debug|x64.ActiveCfg = Debug|x64
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}.DLL-Import Debug|x64.Build.0 = Debug|x64
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}.DLL-Import Release|Win32.ActiveCfg = Release|Win32
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}.DLL-Import Release|Win32.Build.0 = Release|Win32
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}.DLL-Import Release|x64.ActiveCfg = Release|x64
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}.DLL-Import Release|x64.Build.0 = Release|x64
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}.Release|Win32.ActiveCfg = Release|Win32
-		{94A428A1-9BA8-4DB2-B76E-BD2E3C08F257}.Release|x64.ActiveCfg = Release|x64
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-EndGlobal

Common/3dParty/cryptopp/cryptest.vcxproj

@@ -1,340 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <!-- Microsoft documentation for VCXPROJ file format is located at -->
-  <!-- the following URL. The documentation leaves a lot to be desired. -->
-  <!-- https://msdn.microsoft.com/en-us/library/2208a1f2.aspx -->
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL-Import Debug|Win32">
-      <Configuration>DLL-Import Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL-Import Debug|x64">
-      <Configuration>DLL-Import Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL-Import Release|Win32">
-      <Configuration>DLL-Import Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL-Import Release|x64">
-      <Configuration>DLL-Import Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <!-- Microsoft documentation clearly shows the Global property group -->
-  <!-- preceeds the import of Cpp.Default.props and Cpp.props -->
-  <!-- https://msdn.microsoft.com/en-us/library/2208a1f2.aspx -->
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{09cdac08-e6ae-48a9-8de7-0fbc779eebde}</ProjectGuid>
-    <RootNamespace>cryptest</RootNamespace>
-    <ConfigurationType>Application</ConfigurationType>
-  </PropertyGroup>
-  <!-- Use DefaultPlatformToolset after Microsoft.Cpp.Default.props -->
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <!-- Set DefaultPlatformToolset to v100 (VS2010) if not defined -->
-  <PropertyGroup Label="EmptyDefaultPlatformToolset">
-    <DefaultPlatformToolset Condition=" '$(DefaultPlatformToolset)' == '' ">v100</DefaultPlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="PlatformToolset">
-    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-    <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <!-- End of Visual Studio boilerplate -->
-  <!-- All Configurations -->
-  <PropertyGroup Label="All Configurations">
-    <ConfigurationType>Application</ConfigurationType>
-    <TargetName>cryptest</TargetName>
-    <TargetExt>.exe</TargetExt>
-    <UseOfMfc>false</UseOfMfc>
-    <CharacterSet>MultiByte</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
-  <!-- Intermediate and Output directories -->
-  <!-- Cryptlib and Cryptest need extra care due to Non-DLL/DLL configs -->
-  <PropertyGroup Condition="'$(Configuration)'=='Debug' Or '$(Configuration)'=='Release'" Label="Non-DLL Directories">
-    <OutDir>$(Platform)\Output\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(ProjectName)\$(Configuration)\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)'=='DLL-Import Debug'" Label="DLL Directories">
-    <OutDir>$(Platform)\DLL_Output\Debug\</OutDir>
-    <IntDir>$(Platform)\$(ProjectName)\$(Configuration)\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)'=='DLL-Import Release'" Label="DLL Directories">
-    <OutDir>$(Platform)\DLL_Output\Release\</OutDir>
-    <IntDir>$(Platform)\$(ProjectName)\$(Configuration)\</IntDir>
-  </PropertyGroup>
-  <!-- All Configurations -->
-  <ItemDefinitionGroup Label="All Configurations">
-    <ClCompile>
-      <SuppressStartupBanner>true</SuppressStartupBanner>
-      <ErrorReporting>None</ErrorReporting>
-      <WarningLevel>Level4</WarningLevel>
-      <DisableSpecificWarnings>4231; 4251; 4275; 4355; 4505</DisableSpecificWarnings>
-      <PrecompiledHeader />
-      <PrecompiledHeadeFile />
-    </ClCompile>
-    <Link>
-      <ErrorReporting>NoErrorReport</ErrorReporting>
-      <AdditionalDependencies>cryptlib.lib;Ws2_32.lib</AdditionalDependencies>
-      <AdditionalLibraryDirectories>$(Platform)\Output\$(Configuration)</AdditionalLibraryDirectories>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <ProgramDatabaseFile>$(OutDir)\cryptlib.pdb</ProgramDatabaseFile>
-      <OutputFile>$(OutDir)\cryptest.exe</OutputFile>
-      <SubSystem>Console</SubSystem>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- Debug Configurations -->
-  <ItemDefinitionGroup Condition="'$(Configuration)'=='Debug' Or '$(Configuration)'=='DLL-Import Debug'" Label="Debug Configuration">
-    <ClCompile>
-      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <Optimization>Disabled</Optimization>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
-    </ClCompile>
-    <ResourceCompile>
-      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <Culture>0x0409</Culture>
-    </ResourceCompile>
-  </ItemDefinitionGroup>
-  <!-- Release Configurations -->
-  <ItemDefinitionGroup Condition="'$(Configuration)'=='Release' Or '$(Configuration)'=='DLL-Import Release'" Label="Release Configuration">
-    <ClCompile>
-      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <OmitFramePointers>true</OmitFramePointers>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <StringPooling>true</StringPooling>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-    </ClCompile>
-    <ResourceCompile>
-      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <Culture>0x0409</Culture>
-    </ResourceCompile>
-    <Link>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- DLL-Import Overrides for Preprocessor and Libraries -->
-  <ItemDefinitionGroup Condition="'$(Configuration)'=='DLL-Import Debug'" Label="DLL Debug Configuration">
-    <ClCompile>
-      <PreprocessorDefinitions>CRYPTOPP_IMPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-    </ClCompile>
-    <Link>
-      <AdditionalLibraryDirectories>$(Platform)\DLL_Output\Debug</AdditionalLibraryDirectories>
-      <AdditionalDependencies>cryptopp.lib;cryptlib.lib;Ws2_32.lib</AdditionalDependencies>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)'=='DLL-Import Release'" Label="DLL Debug Configuration">
-    <ClCompile>
-      <PreprocessorDefinitions>NDEBUG;CRYPTOPP_IMPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-    </ClCompile>
-    <Link>
-      <AdditionalLibraryDirectories>$(Platform)\DLL_Output\Release</AdditionalLibraryDirectories>
-      <AdditionalDependencies>cryptopp.lib;cryptlib.lib;Ws2_32.lib</AdditionalDependencies>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- X86 Configurations -->
-  <ItemDefinitionGroup Condition="'$(Platform)'=='Win32'" Label="X86 Configuration">
-    <ClCompile>
-      <EnableEnhancedInstructionSet>StreamingSIMDExtensions2</EnableEnhancedInstructionSet>
-    </ClCompile>
-    <Link>
-      <TargetMachine>MachineX86</TargetMachine>
-      <ImageHasSafeExceptionHandlers>true</ImageHasSafeExceptionHandlers>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- X64 Configurations -->
-  <ItemDefinitionGroup Condition="'$(Platform)'=='x64'" Label="X64 Configuration">
-    <Link>
-      <TargetMachine>MachineX64</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- FIPS Validated Warning -->
-  <ItemDefinitionGroup Label="FIPS Warning">
-    <PreBuildEvent Condition="'$(Configuration)'=='DLL-Import Debug' Or '$(Configuration)'=='DLL-Import Release'">
-      <Command>
-        echo *************************************************************************
-        echo This configuration requires cryptopp.dll. You can build it yourself using
-        echo the cryptdll project, or obtain a pre-built, FIPS 140-2 validated DLL. If
-        echo you build it yourself the resulting DLL will not be considered FIPS
-        echo validated unless it undergoes the FIPS validation process.
-        echo *************************************************************************
-      </Command>
-    </PreBuildEvent>
-  </ItemDefinitionGroup>
-  <!-- Target for Appvoyer                           -->
-  <!-- The rule copies cryptest.exe to the project   -->
-  <!-- root directory so it can be executed in place -->
-  <Target Name="CopyCryptestToRoot">
-    <Exec Command="copy $(Platform)\Output\$(Configuration)\cryptest.exe $(SolutionDir)" />
-  </Target>
-  <!-- Source Files -->
-  <ItemGroup>
-    <ClCompile Include="adhoc.cpp" />
-    <ClCompile Include="bench1.cpp" />
-    <ClCompile Include="bench2.cpp" />
-    <ClCompile Include="datatest.cpp" />
-    <ClCompile Include="dlltest.cpp" />
-    <ClCompile Include="fipsalgt.cpp" />
-    <ClCompile Include="regtest1.cpp" />
-    <ClCompile Include="regtest2.cpp" />
-    <ClCompile Include="regtest3.cpp" />
-    <ClCompile Include="test.cpp" />
-    <ClCompile Include="validat0.cpp" />
-    <ClCompile Include="validat1.cpp" />
-    <ClCompile Include="validat2.cpp" />
-    <ClCompile Include="validat3.cpp" />
-    <ClCompile Include="validat4.cpp" />
-  </ItemGroup>
-  <!-- Header Files -->
-  <ItemGroup>
-    <ClInclude Include="bench.h" />
-    <ClInclude Include="factory.h" />
-    <ClInclude Include="validate.h" />
-  </ItemGroup>
-  <!-- Test Files -->
-  <ItemGroup>
-    <None Include="TestVectors\aes.txt" />
-    <None Include="TestVectors\all.txt" />
-    <None Include="TestVectors\blake2.txt" />
-    <None Include="TestVectors\blake2b.txt" />
-    <None Include="TestVectors\blake2s.txt" />
-    <None Include="TestVectors\aria.txt" />
-    <None Include="TestVectors\camellia.txt" />
-    <None Include="TestVectors\ccm.txt" />
-    <None Include="TestVectors\chacha.txt" />
-    <None Include="TestVectors\cmac.txt" />
-    <None Include="TestVectors\dlies.txt" />
-    <None Include="TestVectors\dsa.txt" />
-    <None Include="TestVectors\dsa_1363.txt" />
-    <None Include="TestVectors\dsa_rfc6979.txt" />
-    <None Include="TestVectors\eax.txt" />
-    <None Include="TestVectors\esign.txt" />
-    <None Include="TestVectors\gcm.txt" />
-    <None Include="TestVectors\hkdf.txt" />
-    <None Include="TestVectors\hmac.txt" />
-    <None Include="TestVectors\kalyna.txt" />
-    <None Include="TestVectors\mars.txt" />
-    <None Include="TestVectors\nr.txt" />
-    <None Include="TestVectors\panama.txt" />
-    <None Include="TestVectors\Readme.txt" />
-    <None Include="TestVectors\rsa_oaep.txt" />
-    <None Include="TestVectors\rsa_pkcs1_1_5.txt" />
-    <None Include="TestVectors\rsa_pss.txt" />
-    <None Include="TestVectors\rw.txt" />
-    <None Include="TestVectors\salsa.txt" />
-    <None Include="TestVectors\seal.txt" />
-    <None Include="TestVectors\seed.txt" />
-    <None Include="TestVectors\sha.txt" />
-    <None Include="TestVectors\sha2.txt" />
-    <None Include="TestVectors\sha3.txt" />
-    <None Include="TestVectors\shacal2.txt" />
-    <None Include="TestVectors\simon.txt" />
-    <None Include="TestVectors\siphash.txt" />
-    <Text Include="TestVectors\sm3.txt" />
-    <None Include="TestVectors\sm4.txt" />
-    <None Include="TestVectors\sosemanuk.txt" />
-    <None Include="TestVectors\speck.txt" />
-    <None Include="TestVectors\tea.txt" />
-    <None Include="TestVectors\threefish.txt" />
-    <None Include="TestVectors\ttmac.txt" />
-    <None Include="TestVectors\vmac.txt" />
-    <None Include="TestVectors\wake.txt" />
-    <None Include="TestVectors\whrlpool.txt" />
-    <None Include="TestData\3desval.dat" />
-    <None Include="TestData\3wayval.dat" />
-    <None Include="TestData\aria.dat" />
-    <None Include="TestData\camellia.dat" />
-    <None Include="TestData\cast128v.dat" />
-    <None Include="TestData\cast256v.dat" />
-    <None Include="TestData\descert.dat" />
-    <None Include="TestData\dh1024.dat" />
-    <None Include="TestData\dh2048.dat" />
-    <None Include="TestData\dlie1024.dat" />
-    <None Include="TestData\dlie2048.dat" />
-    <None Include="TestData\dsa1024.dat" />
-    <None Include="TestData\dsa1024b.dat" />
-    <None Include="TestData\dsa512.dat" />
-    <None Include="TestData\elgc1024.dat" />
-    <None Include="TestData\esig1023.dat" />
-    <None Include="TestData\esig1536.dat" />
-    <None Include="TestData\esig2046.dat" />
-    <None Include="TestData\fhmqv160.dat" />
-    <None Include="TestData\fhmqv256.dat" />
-    <None Include="TestData\fhmqv384.dat" />
-    <None Include="TestData\fhmqv512.dat" />
-    <None Include="TestData\gostval.dat" />
-    <None Include="TestData\hmqv160.dat" />
-    <None Include="TestData\hmqv256.dat" />
-    <None Include="TestData\hmqv384.dat" />
-    <None Include="TestData\hmqv512.dat" />
-    <None Include="TestData\ideaval.dat" />
-    <None Include="TestData\luc1024.dat" />
-    <None Include="TestData\luc2048.dat" />
-    <None Include="TestData\lucc1024.dat" />
-    <None Include="TestData\lucc512.dat" />
-    <None Include="TestData\lucd1024.dat" />
-    <None Include="TestData\lucd512.dat" />
-    <None Include="TestData\lucs1024.dat" />
-    <None Include="TestData\lucs512.dat" />
-    <None Include="TestData\marsval.dat" />
-    <None Include="TestData\mqv1024.dat" />
-    <None Include="TestData\mqv2048.dat" />
-    <None Include="TestData\nr1024.dat" />
-    <None Include="TestData\nr2048.dat" />
-    <None Include="TestData\rabi1024.dat" />
-    <None Include="TestData\rabi2048.dat" />
-    <None Include="TestData\rc2val.dat" />
-    <None Include="TestData\rc5val.dat" />
-    <None Include="TestData\rc6val.dat" />
-    <None Include="TestData\rijndael.dat" />
-    <None Include="TestData\rsa1024.dat" />
-    <None Include="TestData\rsa2048.dat" />
-    <None Include="TestData\rsa400pb.dat" />
-    <None Include="TestData\rsa400pv.dat" />
-    <None Include="TestData\rsa512a.dat" />
-    <None Include="TestData\rw1024.dat" />
-    <None Include="TestData\rw2048.dat" />
-    <None Include="TestData\saferval.dat" />
-    <None Include="TestData\serpentv.dat" />
-    <None Include="TestData\shacal2v.dat" />
-    <None Include="TestData\sharkval.dat" />
-    <None Include="TestData\skipjack.dat" />
-    <None Include="TestData\squareva.dat" />
-    <None Include="TestData\twofishv.dat" />
-    <None Include="TestData\usage.dat" />
-    <None Include="TestData\xtrdh171.dat" />
-    <None Include="TestData\xtrdh342.dat" />
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>

Common/3dParty/cryptopp/cryptest.vcxproj.filters

@@ -1,418 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <Filter Include="Header Files">
-      <UniqueIdentifier>{1f4eac20-7b40-40db-a264-4a9256229c5a}</UniqueIdentifier>
-      <Extensions>.h;.hpp</Extensions>
-    </Filter>
-    <Filter Include="Source Code">
-      <UniqueIdentifier>{4c6077b5-a2d6-498c-bc42-10af523a06cb}</UniqueIdentifier>
-      <Extensions>.cpp</Extensions>
-    </Filter>
-    <Filter Include="TestData">
-      <UniqueIdentifier>{a634d4f4-ddc0-44b4-9c37-d9ffdddc7b06}</UniqueIdentifier>
-      <Extensions>.dat</Extensions>
-    </Filter>
-    <Filter Include="TestVectors">
-      <UniqueIdentifier>{2e247f14-f75a-4e15-9804-dccce165306f}</UniqueIdentifier>
-      <Extensions>.txt</Extensions>
-    </Filter>
-    <Filter Include="Miscellaneous">
-      <UniqueIdentifier>{5e447502-2b0f-49c8-9df5-56ea9e7a8fbd}</UniqueIdentifier>
-      <Extensions>.proto</Extensions>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="TestVectors\aes.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\all.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\blake2.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\blake2b.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\blake2s.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\aria.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\camellia.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\ccm.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\chacha.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\cmac.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\dlies.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\dsa.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\dsa_1363.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\dsa_rfc6979.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\eax.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\esign.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\gcm.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\hkdf.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\hmac.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\kalyna.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\mars.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\nr.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\panama.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\Readme.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\rsa_oaep.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\rsa_pkcs1_1_5.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\rsa_pss.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\rw.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\salsa.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\seal.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\seed.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\sha.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\sha2.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\sha3.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\shacal2.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\siphash.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\simon.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <Text Include="TestVectors\sm3.txt">
-      <Filter>TestVectors</Filter>
-    </Text>
-    <None Include="TestVectors\sm4.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\sosemanuk.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\speck.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\tea.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\threefish.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\ttmac.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\vmac.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\wake.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestVectors\whrlpool.txt">
-      <Filter>TestVectors</Filter>
-    </None>
-    <None Include="TestData\3desval.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\3wayval.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\aria.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\camellia.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\cast128v.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\cast256v.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\descert.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\dh1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\dh2048.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\dlie1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\dlie2048.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\dsa1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\dsa1024b.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\dsa512.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\elgc1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\esig1023.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\esig1536.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\esig2046.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\fhmqv160.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\fhmqv256.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\fhmqv384.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\fhmqv512.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\gostval.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\hmqv160.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\hmqv256.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\hmqv384.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\hmqv512.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\ideaval.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\luc1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\luc2048.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\lucc1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\lucc512.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\lucd1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\lucd512.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\lucs1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\lucs512.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\marsval.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\mqv1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\mqv2048.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\nr1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\nr2048.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rabi1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rabi2048.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rc2val.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rc5val.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rc6val.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rijndael.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rsa1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rsa2048.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rsa400pb.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rsa400pv.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rsa512a.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rw1024.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\rw2048.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\saferval.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\serpentv.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\shacal2v.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\sharkval.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\skipjack.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\squareva.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\twofishv.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\usage.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\xtrdh171.dat">
-      <Filter>TestData</Filter>
-    </None>
-    <None Include="TestData\xtrdh342.dat">
-      <Filter>TestData</Filter>
-    </None>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="adhoc.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="bench1.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="bench2.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="datatest.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="dlltest.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="regtest1.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="regtest2.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="regtest3.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="test.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="validat0.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="validat1.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="validat2.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="validat3.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="validat4.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-    <ClCompile Include="fipsalgt.cpp">
-      <Filter>Source Code</Filter>
-    </ClCompile>
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="bench.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="factory.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="validate.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-  </ItemGroup>
-</Project>

Common/3dParty/cryptopp/cryptlib.cpp

@@ -16,22 +16,16 @@
 #ifndef CRYPTOPP_IMPORTS
 
 #include "cryptlib.h"
-#include "misc.h"
 #include "filters.h"
 #include "algparam.h"
 #include "fips140.h"
 #include "argnames.h"
 #include "fltrimpl.h"
-#include "trdlocal.h"
 #include "osrng.h"
 #include "secblock.h"
 #include "smartptr.h"
 #include "stdcpp.h"
-
-// http://www.cygwin.com/faq.html#faq.api.winsock
-#if (defined(__CYGWIN__) || defined(__CYGWIN32__)) && defined(PREFER_WINDOWS_STYLE_SOCKETS)
-# error Cygwin does not support Windows style sockets. See http://www.cygwin.com/faq.html#faq.api.winsock
-#endif
+#include "misc.h"
 
 NAMESPACE_BEGIN(CryptoPP)
 
@@ -150,16 +144,16 @@ size_t BlockTransformation::AdvancedProcessBlocks(const byte *inBlocks, const by
 	CRYPTOPP_ASSERT(outBlocks);
 	CRYPTOPP_ASSERT(length);
 
-	const size_t blockSize = BlockSize();
-	ptrdiff_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize;
-	ptrdiff_t xorIncrement = xorBlocks ? blockSize : 0;
-	ptrdiff_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize;
+	const unsigned int blockSize = BlockSize();
+	size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize;
+	size_t xorIncrement = xorBlocks ? blockSize : 0;
+	size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize;
 
 	if (flags & BT_ReverseDirection)
 	{
-		inBlocks += static_cast<ptrdiff_t>(length) - blockSize;
-		xorBlocks += static_cast<ptrdiff_t>(length) - blockSize;
-		outBlocks += static_cast<ptrdiff_t>(length) - blockSize;
+		inBlocks = PtrAdd(inBlocks, length - blockSize);
+		xorBlocks = PtrAdd(xorBlocks, length - blockSize);
+		outBlocks = PtrAdd(outBlocks, length - blockSize);
 		inIncrement = 0-inIncrement;
 		xorIncrement = 0-xorIncrement;
 		outIncrement = 0-outIncrement;
@@ -184,9 +178,9 @@ size_t BlockTransformation::AdvancedProcessBlocks(const byte *inBlocks, const by
 		if (flags & BT_InBlockIsCounter)
 			const_cast<byte *>(inBlocks)[blockSize-1]++;
 
-		inBlocks += inIncrement;
-		outBlocks += outIncrement;
-		xorBlocks += xorIncrement;
+		inBlocks = PtrAdd(inBlocks, inIncrement);
+		outBlocks = PtrAdd(outBlocks, outIncrement);
+		xorBlocks = PtrAdd(xorBlocks, xorIncrement);
 		length -= blockSize;
 	}
 
@@ -339,20 +333,20 @@ void RandomNumberGenerator::GenerateIntoBufferedTransformation(BufferedTransform
 	}
 }
 
-size_t KeyDerivationFunction::MinDerivedLength() const
+size_t KeyDerivationFunction::MinDerivedKeyLength() const
 {
 	return 0;
 }
 
-size_t KeyDerivationFunction::MaxDerivedLength() const
+size_t KeyDerivationFunction::MaxDerivedKeyLength() const
 {
 	return static_cast<size_t>(-1);
 }
 
-void KeyDerivationFunction::ThrowIfInvalidDerivedLength(size_t length) const
+void KeyDerivationFunction::ThrowIfInvalidDerivedKeyLength(size_t length) const
 {
 	if (!IsValidDerivedLength(length))
-		throw InvalidDerivedLength(GetAlgorithm().AlgorithmName(), length);
+		throw InvalidDerivedKeyLength(GetAlgorithm().AlgorithmName(), length);
 }
 
 void KeyDerivationFunction::SetParameters(const NameValuePairs& params) {
@@ -411,8 +405,9 @@ RandomNumberGenerator & NullRNG()
 
 bool HashTransformation::TruncatedVerify(const byte *digest, size_t digestLength)
 {
+	// Allocate at least 1 for calculated to avoid triggering diagnostics
 	ThrowIfInvalidTruncatedSize(digestLength);
-	SecByteBlock calculated(digestLength);
+	SecByteBlock calculated(digestLength ? digestLength : 1);
 	TruncatedFinal(calculated, digestLength);
 	return VerifyBufsEqual(calculated, digest, digestLength);
 }
@@ -652,7 +647,12 @@ size_t BufferedTransformation::TransferMessagesTo2(BufferedTransformation &targe
 
 			while (AnyRetrievable())
 			{
-				transferredBytes = LWORD_MAX;
+				// MaxRetrievable() instead of LWORD_MAX due to GH #962. If
+				// the target calls CreatePutSpace(), then the allocation
+				// size will be LWORD_MAX. That happens when target is a
+				// ByteQueue. Maybe ByteQueue should check the size, and if
+				// it is LWORD_MAX or -1, then use a default like 4096.
+				transferredBytes = MaxRetrievable();
 				blockedBytes = TransferTo2(target, transferredBytes, channel, blocking);
 				if (blockedBytes > 0)
 					return blockedBytes;
@@ -748,6 +748,12 @@ size_t BufferedTransformation::ChannelPutWord32(const std::string &channel, word
 	return ChannelPut(channel, m_buf, 4, blocking);
 }
 
+size_t BufferedTransformation::ChannelPutWord64(const std::string &channel, word64 value, ByteOrder order, bool blocking)
+{
+	PutWord(false, order, m_buf, value);
+	return ChannelPut(channel, m_buf, 8, blocking);
+}
+
 size_t BufferedTransformation::PutWord16(word16 value, ByteOrder order, bool blocking)
 {
 	return ChannelPutWord16(DEFAULT_CHANNEL, value, order, blocking);
@@ -758,22 +764,20 @@ size_t BufferedTransformation::PutWord32(word32 value, ByteOrder order, bool blo
 	return ChannelPutWord32(DEFAULT_CHANNEL, value, order, blocking);
 }
 
-// Issue 340
-#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
-# pragma GCC diagnostic push
-# pragma GCC diagnostic ignored "-Wconversion"
-# pragma GCC diagnostic ignored "-Wsign-conversion"
-#endif
+size_t BufferedTransformation::PutWord64(word64 value, ByteOrder order, bool blocking)
+{
+	return ChannelPutWord64(DEFAULT_CHANNEL, value, order, blocking);
+}
 
 size_t BufferedTransformation::PeekWord16(word16 &value, ByteOrder order) const
 {
 	byte buf[2] = {0, 0};
 	size_t len = Peek(buf, 2);
 
-	if (order)
-		value = (buf[0] << 8) | buf[1];
+	if (order == BIG_ENDIAN_ORDER)
+		value = word16((buf[0] << 8) | buf[1]);
 	else
-		value = (buf[1] << 8) | buf[0];
+		value = word16((buf[1] << 8) | buf[0]);
 
 	return len;
 }
@@ -783,18 +787,32 @@ size_t BufferedTransformation::PeekWord32(word32 &value, ByteOrder order) const
 	byte buf[4] = {0, 0, 0, 0};
 	size_t len = Peek(buf, 4);
 
-	if (order)
-		value = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf [3];
+	if (order == BIG_ENDIAN_ORDER)
+		value = word32((buf[0] << 24) | (buf[1] << 16) |
+		               (buf[2] << 8)  | (buf[3] << 0));
 	else
-		value = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf [0];
+		value = word32((buf[3] << 24) | (buf[2] << 16) |
+		               (buf[1] << 8)  | (buf[0] << 0));
 
 	return len;
 }
 
-// Issue 340
-#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
-# pragma GCC diagnostic pop
-#endif
+size_t BufferedTransformation::PeekWord64(word64 &value, ByteOrder order) const
+{
+	byte buf[8] = {0, 0, 0, 0, 0, 0, 0, 0};
+	size_t len = Peek(buf, 8);
+
+	if (order == BIG_ENDIAN_ORDER)
+		value = ((word64)buf[0] << 56) | ((word64)buf[1] << 48) | ((word64)buf[2] << 40) |
+		        ((word64)buf[3] << 32) | ((word64)buf[4] << 24) | ((word64)buf[5] << 16) |
+		        ((word64)buf[6] << 8)  |  (word64)buf[7];
+	else
+		value = ((word64)buf[7] << 56) | ((word64)buf[6] << 48) | ((word64)buf[5] << 40) |
+		        ((word64)buf[4] << 32) | ((word64)buf[3] << 24) | ((word64)buf[2] << 16) |
+		        ((word64)buf[1] << 8)  |  (word64)buf[0];
+
+	return len;
+}
 
 size_t BufferedTransformation::GetWord16(word16 &value, ByteOrder order)
 {
@@ -806,6 +824,11 @@ size_t BufferedTransformation::GetWord32(word32 &value, ByteOrder order)
 	return (size_t)Skip(PeekWord32(value, order));
 }
 
+size_t BufferedTransformation::GetWord64(word64 &value, ByteOrder order)
+{
+	return (size_t)Skip(PeekWord64(value, order));
+}
+
 void BufferedTransformation::Attach(BufferedTransformation *newAttachment)
 {
 	if (AttachedTransformation() && AttachedTransformation()->Attachable())
@@ -992,6 +1015,40 @@ int LibraryVersion(CRYPTOPP_NOINLINE_DOTDOTDOT)
 	return CRYPTOPP_BUILD_VERSION;
 }
 
+class NullNameValuePairs : public NameValuePairs
+{
+public:
+	NullNameValuePairs() {}    //  Clang complains a default ctor must be available
+	bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
+		{CRYPTOPP_UNUSED(name); CRYPTOPP_UNUSED(valueType); CRYPTOPP_UNUSED(pValue); return false;}
+};
+
+#if HAVE_GCC_INIT_PRIORITY
+  const std::string DEFAULT_CHANNEL __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 25))) = "";
+  const std::string AAD_CHANNEL __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 26))) = "AAD";
+  const NullNameValuePairs s_nullNameValuePairs __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 27)));
+  const NameValuePairs& g_nullNameValuePairs = s_nullNameValuePairs;
+#elif HAVE_MSC_INIT_PRIORITY
+  #pragma warning(disable: 4073)
+  #pragma init_seg(lib)
+  const std::string DEFAULT_CHANNEL = "";
+  const std::string AAD_CHANNEL = "AAD";
+  const NullNameValuePairs s_nullNameValuePairs;
+  const NameValuePairs& g_nullNameValuePairs = s_nullNameValuePairs;
+  #pragma warning(default: 4073)
+#elif HAVE_XLC_INIT_PRIORITY
+  #pragma priority(260)
+  const std::string DEFAULT_CHANNEL = "";
+  const std::string AAD_CHANNEL = "AAD";
+  const NullNameValuePairs s_nullNameValuePairs;
+  const NameValuePairs& g_nullNameValuePairs = s_nullNameValuePairs;
+#else
+  const std::string DEFAULT_CHANNEL = "";
+  const std::string AAD_CHANNEL = "AAD";
+  const simple_ptr<NullNameValuePairs> s_pNullNameValuePairs(new NullNameValuePairs);
+  const NameValuePairs &g_nullNameValuePairs = *s_pNullNameValuePairs.m_p;
+#endif
+
 NAMESPACE_END  // CryptoPP
 
 #endif  // CRYPTOPP_IMPORTS

Common/3dParty/cryptopp/cryptlib.vcxproj

@@ -151,6 +151,8 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <OutDir>$(Platform)\Output\$(Configuration)\</OutDir>
     <IntDir>$(Platform)\$(ProjectName)\$(Configuration)\</IntDir>
+    <IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);..\..\..\Common\3dParty\boost\build\win_64\include;</IncludePath>
+    <LibraryPath>$(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64);$(NETFXKitsDir)Lib\um\x64;..\..\..\Common\3dParty\boost\build\win_64\lib;</LibraryPath>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL-Import Debug|Win32'">
     <OutDir>$(Platform)\DLL_Output\Debug\</OutDir>
@@ -176,7 +178,6 @@
       <WarningLevel>Level4</WarningLevel>
       <SuppressStartupBanner>true</SuppressStartupBanner>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <EnableParallelCodeGeneration>true</EnableParallelCodeGeneration>
     </ClCompile>
     <ResourceCompile>
       <Culture>0x0409</Culture>
@@ -261,7 +262,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>_DEBUG;_WINDOWS;USE_PRECOMPILED_HEADERS;WIN32;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_DEBUG;_WINDOWS;USE_PRECOMPILED_HEADERS;WIN32;CRYPTOPP_DISABLE_ASM;DISABLE_TYPE_MISMATCH;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MinimalRebuild>true</MinimalRebuild>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -286,7 +287,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>_DEBUG;_WINDOWS;USE_PRECOMPILED_HEADERS;WIN32;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_DEBUG;_WINDOWS;USE_PRECOMPILED_HEADERS;WIN32;CRYPTOPP_DISABLE_ASM;DISABLE_TYPE_MISMATCH;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader>
       </PrecompiledHeader>
@@ -295,6 +296,7 @@
       <WarningLevel>Level4</WarningLevel>
       <SuppressStartupBanner>true</SuppressStartupBanner>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <WholeProgramOptimization>false</WholeProgramOptimization>
     </ClCompile>
     <ResourceCompile>
       <Culture>0x0409</Culture>

Common/3dParty/cryptopp/cryptopp.mapfile

@@ -1,3 +0,0 @@
-# Solaris mapfile to override hardware caps to avoid kills
-
-hwcap_1 = SSE SSE2 OVERRIDE;

Common/3dParty/cryptopp/cryptopp.rc

@@ -27,8 +27,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 7,0,0,0
- PRODUCTVERSION 7,0,0,0
+ FILEVERSION 8,7,0,0
+ PRODUCTVERSION 8,7,0,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -44,15 +44,15 @@ BEGIN
         BLOCK "040904b0"
         BEGIN
             VALUE "Comments", "Free crypto library, more information available at www.cryptopp.com"
-            VALUE "CompanyName", "Wei Dai"
+            VALUE "CompanyName", "Crypto++<2B> project"
             VALUE "FileDescription", "Crypto++<2B> Library DLL"
-            VALUE "FileVersion", "7, 0, 0, 0"
+            VALUE "FileVersion", "8, 7, 0, 0"
             VALUE "InternalName", "cryptopp"
-            VALUE "LegalCopyright", "Copyright<68> 1995-2018 by Wei Dai"
+            VALUE "LegalCopyright", "Copyright<68> 1995-2021 by Wei Dai"
             VALUE "LegalTrademarks", "Crypto++<2B>"
             VALUE "OriginalFilename", "cryptopp.dll"
             VALUE "ProductName", "Crypto++<2B> Library"
-            VALUE "ProductVersion", "7, 0, 0, 0"
+            VALUE "ProductVersion", "8, 7, 0, 0"
         END
     END
     BLOCK "VarFileInfo"
@@ -61,7 +61,6 @@ BEGIN
     END
 END
 
-
 #ifdef APSTUDIO_INVOKED
 /////////////////////////////////////////////////////////////////////////////
 //
@@ -90,15 +89,11 @@ END
 #endif    // English (U.S.) resources
 /////////////////////////////////////////////////////////////////////////////
 
-
-
 #ifndef APSTUDIO_INVOKED
 /////////////////////////////////////////////////////////////////////////////
 //
 // Generated from the TEXTINCLUDE 3 resource.
 //
 
-
 /////////////////////////////////////////////////////////////////////////////
 #endif    // not APSTUDIO_INVOKED
-

Common/3dParty/cryptopp/darn.cpp

@@ -0,0 +1,236 @@
+// darn.cpp - written and placed in public domain by Jeffrey Walton
+
+#include "pch.h"
+#include "config.h"
+#include "cryptlib.h"
+#include "secblock.h"
+#include "darn.h"
+#include "cpu.h"
+
+// At the moment only GCC 7.0 (and above) seems to support __builtin_darn()
+// and __builtin_darn_32(). Clang 7.0 does not provide them, but it does
+// support assembly instructions. XLC is unknown, but there are no hits when
+// searching IBM's site. To cover more platforms we provide GCC inline
+// assembly like we do with RDRAND and RDSEED. Platforms that don't support
+// GCC inline assembly or the builtin will fail the compile.
+
+// Inline assembler available in GCC 3.2 or above. For practical
+// purposes we check for GCC 4.0 or above. GCC impostors claim
+// to be GCC 4.2.1 so it will capture them, too. We exclude the
+// Apple machines because they are not Power9 and use a slightly
+// different syntax in their assembler.
+#if ((__GNUC__ >= 4) || defined(__IBM_GCC_ASM)) && !defined(__APPLE__)
+# define GCC_DARN_ASM_AVAILABLE 1
+#endif
+
+// warning C4702: unreachable code
+#if CRYPTOPP_MSC_VERSION
+# pragma warning(disable: 4702)
+#endif
+
+/////////////////////////////////////////////////////////////////////
+/////////////////////////////////////////////////////////////////////
+
+NAMESPACE_BEGIN(CryptoPP)
+
+#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64)
+
+// *************************** 32-bit *************************** //
+
+#if (CRYPTOPP_BOOL_PPC32)
+
+// Fills 4 bytes, buffer must be aligned
+inline void DARN32(void* output)
+{
+    CRYPTOPP_ASSERT(IsAlignedOn(output, GetAlignmentOf<word32>()));
+    word32* ptr = reinterpret_cast<word32*>(output);
+
+#if defined(GCC_DARN_ASM_AVAILABLE)
+    // This is "darn r3, 0". When L=0 a 32-bit conditioned word
+    // is returned. On failure 0xffffffffffffffff is returned.
+    // The Power manual recommends only checking the low 32-bit
+    // word for this case. See Power ISA 3.0 specification, p. 78.
+    do
+    {
+        __asm__ __volatile__ (
+            #if (CRYPTOPP_BIG_ENDIAN)
+            ".byte 0x7c, 0x60, 0x05, 0xe6  \n\t"  // r3 = darn 3, 0
+            "mr %0, 3                      \n\t"  // val = r3
+            #else
+            ".byte 0xe6, 0x05, 0x60, 0x7c  \n\t"  // r3 = darn 3, 0
+            "mr %0, 3                      \n\t"  // val = r3
+            #endif
+            : "=r" (*ptr) : : "r3"
+        );
+    } while (*ptr == 0xFFFFFFFFu);
+#elif defined(_ARCH_PWR9)
+    // This is probably going to break some platforms.
+    // We will deal with them as we encounter them.
+    *ptr = __builtin_darn_32();
+#elif defined(__APPLE__)
+    // Nop. Apple G4 and G5 machines are too old. They will
+    // avoid this code path because HasPower9() returns false.
+    CRYPTOPP_ASSERT(0);
+#else
+    // Catch other compile breaks
+    int XXX[-1];
+#endif
+}
+#endif  // PPC32
+
+// *************************** 64-bit *************************** //
+
+#if (CRYPTOPP_BOOL_PPC64)
+
+// Fills 8 bytes, buffer must be aligned
+inline void DARN64(void* output)
+{
+    CRYPTOPP_ASSERT(IsAlignedOn(output, GetAlignmentOf<word64>()));
+    word64* ptr = reinterpret_cast<word64*>(output);
+
+#if defined(GCC_DARN_ASM_AVAILABLE)
+    // This is "darn r3, 1". When L=1 a 64-bit conditioned word
+    // is returned. On failure 0xffffffffffffffff is returned.
+    // See Power ISA 3.0 specification, p. 78.
+    do
+    {
+        __asm__ __volatile__ (
+            #if (CRYPTOPP_BIG_ENDIAN)
+            ".byte 0x7c, 0x61, 0x05, 0xe6  \n\t"  // r3 = darn 3, 1
+            "mr %0, 3                      \n\t"  // val = r3
+            #else
+            ".byte 0xe6, 0x05, 0x61, 0x7c  \n\t"  // r3 = darn 3, 1
+            "mr %0, 3                      \n\t"  // val = r3
+            #endif
+            : "=r" (*ptr) : : "r3"
+        );
+    } while (*ptr == 0xFFFFFFFFFFFFFFFFull);
+#elif defined(_ARCH_PWR9)
+    // This is probably going to break some platforms.
+    // We will deal with them as we encounter them.
+    *ptr = __builtin_darn();
+#elif defined(__APPLE__)
+    // Nop. Apple G4 and G5 machines are too old. They will
+    // avoid this code path because HasPower9() returns false.
+    CRYPTOPP_ASSERT(0);
+#else
+    // Catch other compile breaks
+    int XXX[-1];
+#endif
+}
+#endif  // PPC64
+
+// ************************ Standard C++ ************************ //
+
+DARN::DARN()
+{
+    if (!HasDARN())
+        throw DARN_Err("HasDARN");
+
+    // Scratch buffer in case user buffers are unaligned.
+    m_temp.New(8);
+}
+
+void DARN::GenerateBlock(byte *output, size_t size)
+{
+    CRYPTOPP_ASSERT((output && size) || !(output || size));
+    if (size == 0) return;
+    size_t i = 0;
+
+#if (CRYPTOPP_BOOL_PPC64)
+
+    // Check alignment
+    i = reinterpret_cast<uintptr_t>(output) & 0x7;
+    if (i != 0)
+    {
+        DARN64(m_temp);
+        std::memcpy(output, m_temp, i);
+
+        output += i;
+        size -= i;
+    }
+
+    // Output is aligned
+    for (i = 0; i < size/8; i++)
+        DARN64(output+i*8);
+
+    output += i*8;
+    size -= i*8;
+
+    if (size)
+    {
+        DARN64(m_temp);
+        std::memcpy(output, m_temp, size);
+    }
+
+#elif (CRYPTOPP_BOOL_PPC32)
+
+    // Check alignment
+    i = reinterpret_cast<uintptr_t>(output) & 0x3;
+    if (i != 0)
+    {
+        DARN32(m_temp);
+        std::memcpy(output, m_temp, i);
+
+        output += i;
+        size -= i;
+    }
+
+    // Output is aligned
+    for (i = 0; i < size/4; i++)
+        DARN32(output+i*4);
+
+    output += i*4;
+    size -= i*4;
+
+    if (size)
+    {
+        DARN32(m_temp);
+        std::memcpy(output, m_temp, size);
+    }
+
+#else
+    // No suitable compiler found
+    CRYPTOPP_UNUSED(output);
+    throw NotImplemented("DARN: failed to find a suitable implementation");
+#endif
+}
+
+void DARN::DiscardBytes(size_t n)
+{
+    // RoundUpToMultipleOf is used because a full word is read, and its cheaper
+    //   to discard full words. There's no sense in dealing with tail bytes.
+    FixedSizeSecBlock<word64, 16> discard;
+    n = RoundUpToMultipleOf(n, sizeof(word64));
+
+    size_t count = STDMIN(n, discard.SizeInBytes());
+    while (count)
+    {
+        GenerateBlock(discard.BytePtr(), count);
+        n -= count;
+        count = STDMIN(n, discard.SizeInBytes());
+    }
+}
+
+#else  // not PPC32 or PPC64
+
+DARN::DARN()
+{
+    throw DARN_Err("HasDARN");
+}
+
+void DARN::GenerateBlock(byte *output, size_t size)
+{
+    // Constructor will throw, should not get here
+    CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(size);
+}
+
+void DARN::DiscardBytes(size_t n)
+{
+    // Constructor will throw, should not get here
+    CRYPTOPP_UNUSED(n);
+}
+
+#endif  // PPC32 or PPC64
+
+NAMESPACE_END

Common/3dParty/cryptopp/darn.h

@@ -0,0 +1,95 @@
+// darn.h - written and placed in public domain by Jeffrey Walton
+//          DARN requires POWER9/ISA 3.0.
+
+// At the moment only GCC 7.0 (and above) seems to support __builtin_darn()
+// and __builtin_darn_32(). However, GCC generates incorrect code. Clang 7.0
+// does not provide them, but it does support assembly instructions. XLC is
+// unknown, but there are no hits when searching IBM's site. To cover more
+// platforms we provide GCC inline assembly like we do with RDRAND and RDSEED.
+// Platforms that don't support GCC inline assembly or the builtin will fail
+// to compile. Also see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481 and
+// https://gcc.gnu.org/onlinedocs/gcc/Basic-PowerPC-Built-in-Functions-Available-on-ISA-3_002e0.html
+
+/// \file darn.h
+/// \brief Classes for DARN RNG
+/// \sa <A HREF="https://openpowerfoundation.org/?resource_lib=power-isa-version-3-0">Power
+///   ISA Version 3.0B</A>
+/// \since Crypto++ 8.0
+
+#ifndef CRYPTOPP_DARN_H
+#define CRYPTOPP_DARN_H
+
+#include "cryptlib.h"
+
+NAMESPACE_BEGIN(CryptoPP)
+
+/// \brief Exception thrown when a DARN generator encounters
+///    a generator related error.
+/// \since Crypto++ 8.0
+class DARN_Err : public Exception
+{
+public:
+    DARN_Err(const std::string &operation)
+        : Exception(OTHER_ERROR, "DARN: " + operation + " operation failed") {}
+};
+
+/// \brief Hardware generated random numbers using DARN instruction
+/// \details DARN() provides access to Power9's random number generator. The
+///   Crypto++ implementation provides conditioned random numbers from the
+///   generator as opposed to raw random numbers. According to Power ISA 3.0B
+///   manual, a conditioned random number has been processed by hardware to
+///   reduce bias. A raw random number is unconditioned noise source output.
+/// \details According to Power ISA 3.0B manual, the random number generator
+///   provided by the <tt>darn</tt> instruction is NIST SP800-90B and SP800-90C
+///   compliant to the extent possible given the completeness of the standards
+///   at the time the hardware is designed. The random number generator provides
+///   a minimum of 0.5 bits of entropy per bit.
+/// \par Wraps
+///   darn instruction
+/// \sa <A HREF="https://openpowerfoundation.org/?resource_lib=power-isa-version-3-0">Power
+///   ISA Version 3.0B</A>, MaurerRandomnessTest() for random bit generators
+/// \since Crypto++ 8.0
+class DARN : public RandomNumberGenerator
+{
+public:
+    CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "DARN"; }
+
+    virtual ~DARN() {}
+
+    /// \brief Construct a DARN generator
+     /// \throw DARN_Err if the random number generator is not available
+    DARN();
+
+    /// \brief Generate random array of bytes
+    /// \param output the byte buffer
+    /// \param size the length of the buffer, in bytes
+    virtual void GenerateBlock(byte *output, size_t size);
+
+    /// \brief Generate and discard n bytes
+    /// \param n the number of bytes to generate and discard
+    /// \details the RDSEED generator discards words, not bytes. If n is
+    ///   not a multiple of a machine word, then it is rounded up to
+    ///   that size.
+    virtual void DiscardBytes(size_t n);
+
+    /// \brief Update RNG state with additional unpredictable values
+    /// \param input unused
+    /// \param length unused
+    /// \details The operation is a nop for this generator.
+    virtual void IncorporateEntropy(const byte *input, size_t length)
+    {
+        // Override to avoid the base class' throw.
+        CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(length);
+    }
+
+    std::string AlgorithmProvider() const {
+        return "Power9";
+    }
+
+private:
+    SecBlock<byte, AllocatorWithCleanup<byte, true> > m_temp;
+};
+
+NAMESPACE_END
+
+#endif // CRYPTOPP_DARN_H

Common/3dParty/cryptopp/default.cpp

@@ -19,7 +19,7 @@
 NAMESPACE_BEGIN(CryptoPP)
 
 // The purpose of this function Mash() is to take an arbitrary length input
-// string and *deterministicly* produce an arbitrary length output string such
+// string and *deterministically* produce an arbitrary length output string such
 // that (1) it looks random, (2) no information about the input is
 // deducible from it, and (3) it contains as much entropy as it can hold, or
 // the amount of entropy in the input string, whichever is smaller.
@@ -28,7 +28,7 @@ template <class H>
 static void Mash(const byte *in, size_t inLen, byte *out, size_t outLen, int iterations)
 {
 	if (BytePrecision(outLen) > 2)
-		throw InvalidArgument("Mash: output legnth too large");
+		throw InvalidArgument("Mash: output length too large");
 
 	size_t bufSize = RoundUpToMultipleOf(outLen, (size_t)H::DIGESTSIZE);
 	byte b[2];
@@ -73,8 +73,8 @@ static void GenerateKeyIV(const byte *passphrase, size_t passphraseLength, const
 		memcpy(temp+passphraseLength, salt, saltLength);
 
 	// OK. Derived params, cannot be NULL
-	SecByteBlock keyIV(Info::KEYLENGTH+Info::BLOCKSIZE);
-	Mash<H>(temp, passphraseLength + saltLength, keyIV, Info::KEYLENGTH+Info::BLOCKSIZE, iterations);
+	SecByteBlock keyIV(EnumToInt(Info::KEYLENGTH)+EnumToInt(+Info::BLOCKSIZE));
+	Mash<H>(temp, passphraseLength + saltLength, keyIV, EnumToInt(Info::KEYLENGTH)+EnumToInt(+Info::BLOCKSIZE), iterations);
 	memcpy(key, keyIV, Info::KEYLENGTH);
 	memcpy(IV, keyIV+Info::KEYLENGTH, Info::BLOCKSIZE);
 }
@@ -140,7 +140,7 @@ void DataEncryptor<BC,H,Info>::LastPut(const byte *inString, size_t length)
 
 template <class BC, class H, class Info>
 DataDecryptor<BC,H,Info>::DataDecryptor(const char *p, BufferedTransformation *attachment, bool throwException)
-	: ProxyFilter(NULLPTR, SALTLENGTH+BLOCKSIZE, 0, attachment)
+	: ProxyFilter(NULLPTR, EnumToInt(SALTLENGTH)+EnumToInt(BLOCKSIZE), 0, attachment)
 	, m_state(WAITING_FOR_KEYCHECK)
 	, m_passphrase((const byte *)p, strlen(p))
 	, m_throwException(throwException)
@@ -151,7 +151,7 @@ DataDecryptor<BC,H,Info>::DataDecryptor(const char *p, BufferedTransformation *a
 
 template <class BC, class H, class Info>
 DataDecryptor<BC,H,Info>::DataDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment, bool throwException)
-	: ProxyFilter(NULLPTR, SALTLENGTH+BLOCKSIZE, 0, attachment)
+	: ProxyFilter(NULLPTR, EnumToInt(SALTLENGTH)+EnumToInt(BLOCKSIZE), 0, attachment)
 	, m_state(WAITING_FOR_KEYCHECK)
 	, m_passphrase(passphrase, passphraseLength)
 	, m_throwException(throwException)
@@ -202,11 +202,11 @@ void DataDecryptor<BC,H,Info>::CheckKey(const byte *salt, const byte *keyCheck)
 
 	decryptor->Put(keyCheck, BLOCKSIZE);
 	decryptor->ForceNextPut();
-	decryptor->Get(check+BLOCKSIZE, BLOCKSIZE);
+	decryptor->Get(check+EnumToInt(BLOCKSIZE), BLOCKSIZE);
 
 	SetFilter(decryptor.release());
 
-	if (!VerifyBufsEqual(check, check+BLOCKSIZE, BLOCKSIZE))
+	if (!VerifyBufsEqual(check, check+EnumToInt(BLOCKSIZE), BLOCKSIZE))
 	{
 		m_state = KEY_BAD;
 		if (m_throwException)
@@ -299,8 +299,8 @@ template class DataEncryptor<LegacyBlockCipher,LegacyHashModule,LegacyParameters
 template class DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo>;
 template class DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;
 template class DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;
-template class DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo>;
-template class DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo>;
+template class DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo>;
+template class DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo>;
 template class DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;
 template class DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;
 

Common/3dParty/cryptopp/default.h

@@ -56,11 +56,11 @@ class MACBadErr : public DataDecryptorErr
 template <unsigned int BlockSize, unsigned int KeyLength, unsigned int DigestSize, unsigned int SaltSize, unsigned int Iterations>
 struct DataParametersInfo
 {
-	CRYPTOPP_CONSTANT(BLOCKSIZE  = BlockSize)
-	CRYPTOPP_CONSTANT(KEYLENGTH  = KeyLength)
-	CRYPTOPP_CONSTANT(SALTLENGTH = SaltSize)
-	CRYPTOPP_CONSTANT(DIGESTSIZE = DigestSize)
-	CRYPTOPP_CONSTANT(ITERATIONS = Iterations)
+	CRYPTOPP_CONSTANT(BLOCKSIZE  = BlockSize);
+	CRYPTOPP_CONSTANT(KEYLENGTH  = KeyLength);
+	CRYPTOPP_CONSTANT(SALTLENGTH = SaltSize);
+	CRYPTOPP_CONSTANT(DIGESTSIZE = DigestSize);
+	CRYPTOPP_CONSTANT(ITERATIONS = Iterations);
 };
 
 typedef DataParametersInfo<LegacyBlockCipher::BLOCKSIZE, LegacyBlockCipher::DEFAULT_KEYLENGTH, LegacyHashModule::DIGESTSIZE, 8, 200> LegacyParametersInfo;
@@ -78,11 +78,11 @@ template <class BC, class H, class Info>
 class DataEncryptor : public ProxyFilter, public Info
 {
 public:
-	CRYPTOPP_CONSTANT(BLOCKSIZE  = Info::BLOCKSIZE)
-	CRYPTOPP_CONSTANT(KEYLENGTH  = Info::KEYLENGTH)
-	CRYPTOPP_CONSTANT(SALTLENGTH = Info::SALTLENGTH)
-	CRYPTOPP_CONSTANT(DIGESTSIZE = Info::DIGESTSIZE)
-	CRYPTOPP_CONSTANT(ITERATIONS = Info::ITERATIONS)
+	CRYPTOPP_CONSTANT(BLOCKSIZE  = Info::BLOCKSIZE);
+	CRYPTOPP_CONSTANT(KEYLENGTH  = Info::KEYLENGTH);
+	CRYPTOPP_CONSTANT(SALTLENGTH = Info::SALTLENGTH);
+	CRYPTOPP_CONSTANT(DIGESTSIZE = Info::DIGESTSIZE);
+	CRYPTOPP_CONSTANT(ITERATIONS = Info::ITERATIONS);
 
 	/// \brief Construct a DataEncryptor
 	/// \param passphrase a C-String password
@@ -116,23 +116,23 @@ template <class BC, class H, class Info>
 class DataDecryptor : public ProxyFilter, public Info
 {
 public:
-	CRYPTOPP_CONSTANT(BLOCKSIZE  = Info::BLOCKSIZE)
-	CRYPTOPP_CONSTANT(KEYLENGTH  = Info::KEYLENGTH)
-	CRYPTOPP_CONSTANT(SALTLENGTH = Info::SALTLENGTH)
-	CRYPTOPP_CONSTANT(DIGESTSIZE = Info::DIGESTSIZE)
-	CRYPTOPP_CONSTANT(ITERATIONS = Info::ITERATIONS)
+	CRYPTOPP_CONSTANT(BLOCKSIZE  = Info::BLOCKSIZE);
+	CRYPTOPP_CONSTANT(KEYLENGTH  = Info::KEYLENGTH);
+	CRYPTOPP_CONSTANT(SALTLENGTH = Info::SALTLENGTH);
+	CRYPTOPP_CONSTANT(DIGESTSIZE = Info::DIGESTSIZE);
+	CRYPTOPP_CONSTANT(ITERATIONS = Info::ITERATIONS);
 
 	/// \brief Constructs a DataDecryptor
 	/// \param passphrase a C-String password
 	/// \param attachment a BufferedTransformation to attach to this object
-	/// \param throwException a flag specifiying whether an Exception should be thrown on error
+	/// \param throwException a flag specifying whether an Exception should be thrown on error
 	DataDecryptor(const char *passphrase, BufferedTransformation *attachment = NULLPTR, bool throwException=true);
 
 	/// \brief Constructs a DataDecryptor
 	/// \param passphrase a byte string password
 	/// \param passphraseLength the length of the byte string password
 	/// \param attachment a BufferedTransformation to attach to this object
-	/// \param throwException a flag specifiying whether an Exception should be thrown on error
+	/// \param throwException a flag specifying whether an Exception should be thrown on error
 	DataDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULLPTR, bool throwException=true);
 
 	enum State {WAITING_FOR_KEYCHECK, KEY_GOOD, KEY_BAD};
@@ -173,11 +173,11 @@ template <class BC, class H, class MAC, class Info>
 class DataEncryptorWithMAC : public ProxyFilter
 {
 public:
-	CRYPTOPP_CONSTANT(BLOCKSIZE  = Info::BLOCKSIZE)
-	CRYPTOPP_CONSTANT(KEYLENGTH  = Info::KEYLENGTH)
-	CRYPTOPP_CONSTANT(SALTLENGTH = Info::SALTLENGTH)
-	CRYPTOPP_CONSTANT(DIGESTSIZE = Info::DIGESTSIZE)
-	CRYPTOPP_CONSTANT(ITERATIONS = Info::ITERATIONS)
+	CRYPTOPP_CONSTANT(BLOCKSIZE  = Info::BLOCKSIZE);
+	CRYPTOPP_CONSTANT(KEYLENGTH  = Info::KEYLENGTH);
+	CRYPTOPP_CONSTANT(SALTLENGTH = Info::SALTLENGTH);
+	CRYPTOPP_CONSTANT(DIGESTSIZE = Info::DIGESTSIZE);
+	CRYPTOPP_CONSTANT(ITERATIONS = Info::ITERATIONS);
 
 	/// \brief Constructs a DataEncryptorWithMAC
 	/// \param passphrase a C-String password
@@ -218,23 +218,23 @@ template <class BC, class H, class MAC, class Info>
 class DataDecryptorWithMAC : public ProxyFilter
 {
 public:
-	CRYPTOPP_CONSTANT(BLOCKSIZE  = Info::BLOCKSIZE)
-	CRYPTOPP_CONSTANT(KEYLENGTH  = Info::KEYLENGTH)
-	CRYPTOPP_CONSTANT(SALTLENGTH = Info::SALTLENGTH)
-	CRYPTOPP_CONSTANT(DIGESTSIZE = Info::DIGESTSIZE)
-	CRYPTOPP_CONSTANT(ITERATIONS = Info::ITERATIONS)
+	CRYPTOPP_CONSTANT(BLOCKSIZE  = Info::BLOCKSIZE);
+	CRYPTOPP_CONSTANT(KEYLENGTH  = Info::KEYLENGTH);
+	CRYPTOPP_CONSTANT(SALTLENGTH = Info::SALTLENGTH);
+	CRYPTOPP_CONSTANT(DIGESTSIZE = Info::DIGESTSIZE);
+	CRYPTOPP_CONSTANT(ITERATIONS = Info::ITERATIONS);
 
 	/// \brief Constructs a DataDecryptor
 	/// \param passphrase a C-String password
 	/// \param attachment a BufferedTransformation to attach to this object
-	/// \param throwException a flag specifiying whether an Exception should be thrown on error
+	/// \param throwException a flag specifying whether an Exception should be thrown on error
 	DataDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULLPTR, bool throwException=true);
 
 	/// \brief Constructs a DataDecryptor
 	/// \param passphrase a byte string password
 	/// \param passphraseLength the length of the byte string password
 	/// \param attachment a BufferedTransformation to attach to this object
-	/// \param throwException a flag specifiying whether an Exception should be thrown on error
+	/// \param throwException a flag specifying whether an Exception should be thrown on error
 	DataDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULLPTR, bool throwException=true);
 
 	typename DataDecryptor<BC,H,Info>::State CurrentState() const;
@@ -275,12 +275,12 @@ struct DefaultDecryptor : public DataDecryptor<DefaultBlockCipher,DefaultHashMod
 /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.
 ///   Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the
 ///   <tt>Default*</tt> classes, and the old algorithms are available with the <tt>Legacy*</tt> classes.
-struct LegacyEncryptorWithMAC : public DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> {};
+struct LegacyEncryptorWithMAC : public DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> {};
 /// \brief Password-based decryptor with MAC (deprecated)
 /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.
 ///   Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the
 ///   <tt>Default*</tt> classes, and the old algorithms are available with the <tt>Legacy*</tt> classes.
-struct LegacyDecryptorWithMAC : public DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> {};
+struct LegacyDecryptorWithMAC : public DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> {};
 /// \brief Password-based encryptor with MAC
 /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.
 ///   Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the
@@ -298,8 +298,8 @@ typedef DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo> L
 typedef DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo> DefaultEncryptor;
 typedef DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo> DefaultDecryptor;
 
-typedef DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> LegacyEncryptorWithMAC;
-typedef DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> LegacyDecryptorWithMAC;
+typedef DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> LegacyEncryptorWithMAC;
+typedef DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> LegacyDecryptorWithMAC;
 
 typedef DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo> DefaultEncryptorWithMAC;
 typedef DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo> DefaultDecryptorWithMAC;

Common/3dParty/cryptopp/des.cpp

@@ -284,14 +284,16 @@ namespace {
 void RawDES::RawSetKey(CipherDir dir, const byte *key)
 {
 #if (_MSC_VER >= 1600) || (__cplusplus >= 201103L)
-# define register /* Define to nothing for C++11 and above */
+# define REGISTER /* Define to nothing for C++11 and above */
+#else
+# define REGISTER register
 #endif
 
 	SecByteBlock buffer(56+56+8);
 	byte *const pc1m=buffer;                 /* place to modify pc1 into */
 	byte *const pcr=pc1m+56;                 /* place to rotate pc1 into */
 	byte *const ks=pcr+56;
-	register int i,j,l;
+	REGISTER int i,j,l;
 	int m;
 
 	for (j=0; j<56; j++) {          /* convert pc1 to bits of key */

Common/3dParty/cryptopp/dll.cpp

@@ -23,7 +23,7 @@
 NAMESPACE_BEGIN(CryptoPP)
 
 // Guarding based on DLL due to Clang, http://github.com/weidai11/cryptopp/issues/300
-#if defined(CRYPTOPP_IS_DLL)
+#ifdef CRYPTOPP_IS_DLL
 template<> const byte PKCS_DigestDecoration<SHA1>::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,0x05,0x00,0x04,0x14};
 template<> const unsigned int PKCS_DigestDecoration<SHA1>::length = sizeof(PKCS_DigestDecoration<SHA1>::decoration);
 

Common/3dParty/cryptopp/dll.h

@@ -40,7 +40,6 @@
 #include "rw.h"
 #include "sha.h"
 #include "skipjack.h"
-#include "trdlocal.h"
 
 #ifdef CRYPTOPP_IMPORTS
 

Common/3dParty/cryptopp/dlltest.vcxproj

@@ -1,134 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <!-- Microsoft documentation for VCXPROJ file format is located at -->
-  <!-- the following URL. The documentation leaves a lot to be desired. -->
-  <!-- https://msdn.microsoft.com/en-us/library/2208a1f2.aspx -->
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <!-- Microsoft documentation clearly shows the Global property group -->
-  <!-- preceeds the import of Cpp.Default.props and Cpp.props -->
-  <!-- https://msdn.microsoft.com/en-us/library/2208a1f2.aspx -->
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{1974a53a-9863-41c9-886d-b2b8c2fc3c8b}</ProjectGuid>
-    <RootNamespace>dlltest</RootNamespace>
-    <ConfigurationType>Application</ConfigurationType>
-  </PropertyGroup>
-  <!-- Use DefaultPlatformToolset after Microsoft.Cpp.Default.props -->
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <!-- Set DefaultPlatformToolset to v100 (VS2010) if not defined -->
-  <PropertyGroup Label="EmptyDefaultPlatformToolset">
-    <DefaultPlatformToolset Condition=" '$(DefaultPlatformToolset)' == '' ">v100</DefaultPlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="PlatformToolset">
-    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings" />
-  <ImportGroup Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <!-- End of Visual Studio boilerplate -->
-  <!-- All Configurations -->
-  <PropertyGroup Label="All Configurations">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseOfMfc>false</UseOfMfc>
-    <CharacterSet>MultiByte</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <OutDir>$(Platform)\DLL_Output\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(ProjectName)\$(Configuration)\</IntDir>
-  </PropertyGroup>
-  <!-- All Configurations -->
-  <ItemDefinitionGroup Label="All Configurations">
-    <ClCompile>
-      <SuppressStartupBanner>true</SuppressStartupBanner>
-      <ErrorReporting>None</ErrorReporting>
-      <WarningLevel>Level4</WarningLevel>
-      <DisableSpecificWarnings>4231; 4251; 4275; 4355; 4505</DisableSpecificWarnings>
-      <CallingConvention>StdCall</CallingConvention>
-      <PrecompiledHeader />
-    </ClCompile>
-    <Link>
-      <ErrorReporting>NoErrorReport</ErrorReporting>
-      <AdditionalDependencies>cryptopp.lib;Ws2_32.lib</AdditionalDependencies>
-      <AdditionalLibraryDirectories>$(Platform)\DLL_Output\$(Configuration)</AdditionalLibraryDirectories>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- Debug Configurations -->
-  <ItemDefinitionGroup Condition="'$(Configuration)'=='Debug'" Label="Debug Configuration">
-    <ClCompile>
-      <PreprocessorDefinitions>CRYPTOPP_DLL_ONLY;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <Optimization>Disabled</Optimization>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
-    </ClCompile>
-    <ResourceCompile>
-      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <Culture>0x0409</Culture>
-    </ResourceCompile>
-  </ItemDefinitionGroup>
-  <!-- Release Configurations -->
-  <ItemDefinitionGroup Condition="'$(Configuration)'=='Release'" Label="Release Configuration">
-    <ClCompile>
-      <PreprocessorDefinitions>NDEBUG;CRYPTOPP_DLL_ONLY;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <OmitFramePointers>true</OmitFramePointers>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <StringPooling>true</StringPooling>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-    </ClCompile>
-    <ResourceCompile>
-      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <Culture>0x0409</Culture>
-    </ResourceCompile>
-    <Link>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- X86 Configurations -->
-  <ItemDefinitionGroup Condition="'$(Platform)'=='Win32'" Label="X86 Configuration">
-    <ClCompile>
-      <EnableEnhancedInstructionSet>StreamingSIMDExtensions2</EnableEnhancedInstructionSet>
-    </ClCompile>
-    <Link>
-      <TargetMachine>MachineX86</TargetMachine>
-      <ImageHasSafeExceptionHandlers>true</ImageHasSafeExceptionHandlers>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- X64 Configurations -->
-  <ItemDefinitionGroup Condition="'$(Platform)'=='x64'" Label="X64 Configuration">
-    <Link>
-      <TargetMachine>MachineX64</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
-  <!-- Source Files -->
-  <ItemGroup>
-    <ClCompile Include="dlltest.cpp" />
-  </ItemGroup>
-  <!-- Back to Visual Studio boilerplate -->
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>

Common/3dParty/cryptopp/dmac.h

@@ -17,7 +17,7 @@ template <class T>
 class CRYPTOPP_NO_VTABLE DMAC_Base : public SameKeyLengthAs<T>, public MessageAuthenticationCode
 {
 public:
-	CRYPTOPP_CONSTANT(DIGESTSIZE=T::BLOCKSIZE)
+	CRYPTOPP_CONSTANT(DIGESTSIZE=T::BLOCKSIZE);
 	static std::string StaticAlgorithmName() {return std::string("DMAC(") + T::StaticAlgorithmName() + ")";}
 
 	virtual~DMAC_Base() {}
@@ -28,6 +28,8 @@ public:
 	void TruncatedFinal(byte *mac, size_t size);
 	unsigned int DigestSize() const {return DIGESTSIZE;}
 
+	std::string AlgorithmProvider() const;
+
 private:
 	byte *GenerateSubKeys(const byte *key, size_t keylength);
 
@@ -38,6 +40,12 @@ private:
 	unsigned int m_counter;
 };
 
+template <class T>
+std::string DMAC_Base<T>::AlgorithmProvider() const
+{
+	return m_f2.AlgorithmProvider();
+}
+
 /// \brief DMAC message authentication code
 /// \tparam T class derived from BlockCipherDocumentation
 /// \sa <A HREF="https://eprint.iacr.org/1997/010">CBC MAC for Real-Time Data Sources (08.15.1997)</A>

Common/3dParty/cryptopp/donna.h

@@ -0,0 +1,178 @@
+// donna.h - written and placed in public domain by Jeffrey Walton
+//           Crypto++ specific implementation wrapped around Andrew
+//           Moon's public domain curve25519-donna and ed25519-donna,
+//           https://github.com/floodyberry/curve25519-donna and
+//           https://github.com/floodyberry/ed25519-donna.
+
+// The curve25519 and ed25519 source files multiplex different repos and
+// architectures using namespaces. The repos are Andrew Moon's
+// curve25519-donna and ed25519-donna. The architectures are 32-bit, 64-bit
+// and SSE. For example, 32-bit x25519 uses symbols from Donna::X25519 and
+// Donna::Arch32.
+
+// If needed, see Moon's commit "Go back to ignoring 256th bit [sic]",
+// https://github.com/floodyberry/curve25519-donna/commit/57a683d18721a658
+
+/// \file donna.h
+/// \details Functions for curve25519 and ed25519 operations
+/// \details This header provides the entry points into Andrew Moon's
+///   curve25519 and ed25519 curve functions. The Crypto++ classes x25519
+///   and ed25519 use the functions. The functions are in the <tt>Donna</tt>
+///   namespace and are curve25519_mult(), ed25519_publickey(),
+///   ed25519_sign() and ed25519_sign_open().
+/// \details At the moment the hash function for signing is fixed at
+///   SHA512.
+
+#ifndef CRYPTOPP_DONNA_H
+#define CRYPTOPP_DONNA_H
+
+#include "cryptlib.h"
+#include "stdcpp.h"
+
+NAMESPACE_BEGIN(CryptoPP)
+NAMESPACE_BEGIN(Donna)
+
+//***************************** curve25519 *****************************//
+
+/// \brief Generate a public key
+/// \param publicKey byte array for the public key
+/// \param secretKey byte array with the private key
+/// \return 0 on success, non-0 otherwise
+/// \details curve25519_mult() generates a public key from an existing
+///   secret key. Internally curve25519_mult() performs a scalar
+///   multiplication using the base point and writes the result to
+///   <tt>pubkey</tt>.
+int curve25519_mult(byte publicKey[32], const byte secretKey[32]);
+
+/// \brief Generate a shared key
+/// \param sharedKey byte array for the shared secret
+/// \param secretKey byte array with the private key
+/// \param othersKey byte array with the peer's public key
+/// \return 0 on success, non-0 otherwise
+/// \details curve25519_mult() generates a shared key from an existing
+///   secret key and the other party's public key. Internally
+///   curve25519_mult() performs a scalar multiplication using the two keys
+///   and writes the result to <tt>sharedKey</tt>.
+int curve25519_mult(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]);
+
+//******************************* ed25519 *******************************//
+
+/// \brief Creates a public key from a secret key
+/// \param publicKey byte array for the public key
+/// \param secretKey byte array with the private key
+/// \return 0 on success, non-0 otherwise
+/// \details ed25519_publickey() generates a public key from a secret key.
+///   Internally ed25519_publickey() performs a scalar multiplication
+///   using the secret key and then writes the result to <tt>publicKey</tt>.
+int ed25519_publickey(byte publicKey[32], const byte secretKey[32]);
+
+/// \brief Creates a signature on a message
+/// \param message byte array with the message
+/// \param messageLength size of the message, in bytes
+/// \param publicKey byte array with the public key
+/// \param secretKey byte array with the private key
+/// \param signature byte array for the signature
+/// \return 0 on success, non-0 otherwise
+/// \details ed25519_sign() generates a signature on a message using
+///   the public and private keys. The various buffers can be exact
+///   sizes, and do not require extra space like when using the
+///   NaCl library functions.
+/// \details At the moment the hash function for signing is fixed at
+///   SHA512.
+int ed25519_sign(const byte* message, size_t messageLength, const byte secretKey[32], const byte publicKey[32], byte signature[64]);
+
+/// \brief Creates a signature on a message
+/// \param stream std::istream derived class
+/// \param publicKey byte array with the public key
+/// \param secretKey byte array with the private key
+/// \param signature byte array for the signature
+/// \return 0 on success, non-0 otherwise
+/// \details ed25519_sign() generates a signature on a message using
+///   the public and private keys. The various buffers can be exact
+///   sizes, and do not require extra space like when using the
+///   NaCl library functions.
+/// \details This ed25519_sign() overload handles large streams. It
+///   was added for signing and verifying files that are too large
+///   for a memory allocation.
+/// \details At the moment the hash function for signing is fixed at
+///   SHA512.
+int ed25519_sign(std::istream& stream, const byte secretKey[32], const byte publicKey[32], byte signature[64]);
+
+/// \brief Verifies a signature on a message
+/// \param message byte array with the message
+/// \param messageLength size of the message, in bytes
+/// \param publicKey byte array with the public key
+/// \param signature byte array with the signature
+/// \return 0 on success, non-0 otherwise
+/// \details ed25519_sign_open() verifies a signature on a message using
+///   the public key. The various buffers can be exact sizes, and do not
+///   require extra space like when using the NaCl library functions.
+/// \details At the moment the hash function for signing is fixed at
+///   SHA512.
+int
+ed25519_sign_open(const byte *message, size_t messageLength, const byte publicKey[32], const byte signature[64]);
+
+/// \brief Verifies a signature on a message
+/// \param stream std::istream derived class
+/// \param publicKey byte array with the public key
+/// \param signature byte array with the signature
+/// \return 0 on success, non-0 otherwise
+/// \details ed25519_sign_open() verifies a signature on a message using
+///   the public key. The various buffers can be exact sizes, and do not
+///   require extra space like when using the NaCl library functions.
+/// \details This ed25519_sign_open() overload handles large streams. It
+///   was added for signing and verifying files that are too large
+///   for a memory allocation.
+/// \details At the moment the hash function for signing is fixed at
+///   SHA512.
+int
+ed25519_sign_open(std::istream& stream, const byte publicKey[32], const byte signature[64]);
+
+//****************************** Internal ******************************//
+
+#ifndef CRYPTOPP_DOXYGEN_PROCESSING
+
+// CRYPTOPP_WORD128_AVAILABLE mostly depends upon GCC support for
+// __SIZEOF_INT128__. If __SIZEOF_INT128__ is not available then Moon
+// provides routines for MSC and GCC. It should cover most platforms,
+// but there are gaps like MS ARM64 and XLC. We tried to enable the
+// 64-bit path for SunCC from 12.5 but we got the dreaded compile
+// error "The operand ___LCM cannot be assigned to".
+
+#if defined(CRYPTOPP_WORD128_AVAILABLE) || \
+   (defined(_MSC_VER) && defined(_M_X64))
+# define CRYPTOPP_CURVE25519_64BIT 1
+#else
+# define CRYPTOPP_CURVE25519_32BIT 1
+#endif
+
+// Benchmarking on a modern 64-bit Core i5-6400 @2.7 GHz shows SSE2 on Linux
+// is not profitable. Here are the numbers in milliseconds/operation:
+//
+//   * Langley, C++, 0.050
+//   * Moon, C++: 0.040
+//   * Moon, SSE2: 0.061
+//   * Moon, native: 0.045
+//
+// However, a modern 64-bit Core i5-3200 @2.5 GHz shows SSE2 is profitable
+// for MS compilers. Here are the numbers in milliseconds/operation:
+//
+//   * x86, no SSE2, 0.294
+//   * x86, SSE2, 0.097
+//   * x64, no SSE2, 0.081
+//   * x64, SSE2, 0.071
+
+#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE) && defined(_MSC_VER)
+# define CRYPTOPP_CURVE25519_SSE2 1
+#endif
+
+#if (CRYPTOPP_CURVE25519_SSE2)
+  extern int curve25519_mult_SSE2(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]);
+#endif
+
+#endif  // CRYPTOPP_DOXYGEN_PROCESSING
+
+NAMESPACE_END  // Donna
+NAMESPACE_END  // CryptoPP
+
+#endif  // CRYPTOPP_DONNA_H