arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

pull/397/head
RaptorFactor 2017-05-22 01:56:51 -07:00
parent c925c62509 bc40d36075
commit 39efcc27b4
97 changed files with 10122 additions and 3797 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
.appveyor.yml Normal file
View File

@ -0,0 +1,55 @@
# Appveyor's documentation is at https://www.appveyor.com/docs/build-phase/,
# and a sample configuration file is at https://www.appveyor.com/docs/appveyor-yml/.
# I have to admit its a bit complex and I don't fully understand it.
version: 1.0.{build}
clone_depth: 3
configuration:
- Debug
- Release
platform:
- Win32
- Win64
image:
- Visual Studio 2017
- Visual Studio 2015
- Visual Studio 2013
- Visual Studio 2012
- Visual Studio 2010
build:
project: cryptest.sln
verbosity: minimal
parallel: true
test_script:
- cmd: >-
msbuild /t:CopyCryptestToRoot cryptest.vcxproj
cryptest.exe v
cryptest.exe tv all
# Right now, we have a few failures that we don't know how to workaround.
# - https://stackoverflow.com/questions/43441273/how-to-run-vcupgrade-before-appveyor-build
# - https://stackoverflow.com/questions/43423761/cant-perform-64-bit-testing-under-appveyor
# Appveyor also complains that it can't find VS2010 tools even though the docs state they are there.
matrix:
# allow_failures:
exclude:
- platform: Win64
configuration: Debug
- platform: Win64
configuration: Release
- image: Visual Studio 2010
- image: Visual Studio 2017

56
.travis.yml Normal file
View File

@ -0,0 +1,56 @@
language: cpp
os:
- linux
- osx
dist: trusty
sudo: false
# OS X only supports one image. Us the latest.
osx_image:
- xcode8.2
# - xcode7.3
# - xcode6.4
git:
depth: 3
compiler:
- clang
- gcc
env:
global:
- BUILD_JOBS=2
matrix:
- BUILD_MODE="shared"
- BUILD_MODE="static"
- BUILD_MODE="no-asm"
- BUILD_MODE="asan"
- BUILD_MODE="ubsan"
- BUILD_MODE="valgrind"
exclude:
# Skip GCC on OS X entirely
- os: osx
compiler: gcc
# The sanitizer builds under Clang run the tests very
# slowly and cause CI timeouts.
- compiler: clang
env: BUILD_MODE="asan"
- compiler: clang
env: BUILD_MODE="ubsan"
- compiler: clang
env: BUILD_MODE="valgrind"
# whitelist branches to avoid testing feature branches twice
branches:
only:
- master
#notifications:
# email: jdoe@example.com

90
CMakeLists.txt
View File

@ -1,4 +1,5 @@
# Please ensure your changes or patch meets minimum requirements.
# Please ensure your changes or patch meets minimum requirements.
# The minimum requirements are 2.8.5. They roughly equate to Ubuntu 12.04 LTS
# Please do not check in something for 2.8.12 or 3.5.0. To test your changes,
# please set up a Ubuntu 12.04 LTS system. Then, manually install Cmake 2.8.5
@ -44,7 +45,9 @@ endif()
option(DISABLE_ASM "Disable ASM" OFF)
option(DISABLE_SSSE3 "Disable SSSE3" OFF)
option(DISABLE_SSE4 "Disable SSE4" OFF)
option(DISABLE_AESNI "Disable AES-NI" OFF)
option(DISABLE_SHA "Disable SHA" OFF)
option(DISABLE_NATIVE_ARCH "Disable the addition of -march=native" OFF)
set(CRYPTOPP_DATA_DIR "" CACHE PATH "Crypto++ test data directory")
@ -88,8 +91,7 @@ if(IS_BIG_ENDIAN)
add_definitions(-DIS_BIG_ENDIAN)
endif()
# No DISABLE_NATIVE_ARCH with DISABLE_ASM for now
# See http://github.com/weidai11/cryptopp/issues/395
# Also see http://github.com/weidai11/cryptopp/issues/395
if(DISABLE_ASM)
add_definitions(-DCRYPTOPP_DISABLE_ASM)
endif()
@ -101,10 +103,83 @@ if(DISABLE_AESNI)
add_definitions(-DCRYPTOPP_DISABLE_AESNI)
set(DISABLE_NATIVE_ARCH 1)
endif()
if(DISABLE_SHA)
add_definitions(-DCRYPTOPP_DISABLE_SHA)
set(DISABLE_NATIVE_ARCH 1)
endif()
if(NOT CRYPTOPP_DATA_DIR STREQUAL "")
add_definitions(-DCRYPTOPP_DATA_DIR="${CRYPTOPP_DATA_DIR}")
endif()
if (CMAKE_CXX_COMPILER_ID MATCHES "GNU")
# TODO(unassigned): should we avoid these (for cross-platform compatability)?
set(SHELL_CMD sh -c)
set(GREP_CMD egrep -c)
execute_process(COMMAND ${SHELL_CMD} "${CMAKE_CXX_COMPILER} --version 2>&1"
COMMAND ${GREP_CMD} -i macports
OUTPUT_VARIABLE MACPORTS
OUTPUT_STRIP_TRAILING_WHITESPACE)
if (MACPORTS EQUAL 0)
# Get GAS version, add defs + set as appropriate
set(GAS_CMD ${SHELL_CMD} "${CMAKE_CXX_COMPILER} -xc -c /dev/null -Wa,-v -o/dev/null 2>&1")
execute_process(COMMAND ${GAS_CMD}
OUTPUT_VARIABLE GAS_STRING
OUTPUT_STRIP_TRAILING_WHITESPACE)
string(FIND ${GAS_STRING} "GNU assumbler" GAS_OUTPUT)
if (GAS_OUTPUT)
#.intel_syntax wasn't supported until GNU assembler 2.10
# No DISABLE_NATIVE_ARCH with CRYPTOPP_DISABLE_ASM for now
# See http://github.com/weidai11/cryptopp/issues/395
# TODO(unassigned): string() REGEX was not cooperating at time of writing. Re-implement as needed.
execute_process(COMMAND echo ${GAS_STRING}
COMMAND ${GREP_CMD} "GNU assembler version (2\\.[1-9][0-9]|[3-9])"
OUTPUT_VARIABLE GAS210_OR_LATER)
if (GAS210_OR_LATER EQUAL 0)
add_definitions(-DCRYPTOPP_DISABLE_ASM)
endif()
execute_process(COMMAND echo ${GAS_STRING}
COMMAND ${GREP_CMD} "GNU assembler version (2\\.1[7-9]|2\\.[2-9]|[3-9])"
OUTPUT_VARIABLE GAS217_OR_LATER)
if (GAS217_OR_LATER EQUAL 0)
add_definitions(-DCRYPTOPP_DISABLE_SSSE3)
set(DISABLE_NATIVE_ARCH 1)
endif()
# OpenBSD and CentOS 5 needed this one due to ARIA and BLAKE2
execute_process(COMMAND echo ${GAS_STRING}
COMMAND ${GREP_CMD} "GNU assembler version (2\\.1[8-9]|2\\.[2-9]|[3-9])"
OUTPUT_VARIABLE GAS218_OR_LATER)
if (GAS218_OR_LATER EQUAL 0)
add_definitions(-DCRYPTOPP_DISABLE_SSE4)
set(DISABLE_NATIVE_ARCH 1)
endif()
execute_process(COMMAND echo ${GAS_STRING}
COMMAND ${GREP_CMD} "GNU assembler version (2\\.19|2\\.[2-9]|[3-9])"
OUTPUT_VARIABLE GAS219_OR_LATER)
if (GAS219_OR_LATER EQUAL 0)
add_definitions(-DCRYPTOPP_DISABLE_AESNI)
set(DISABLE_NATIVE_ARCH 1)
endif()
# Ubuntu 10 and Ubuntu 12 needed this one
execute_process(COMMAND echo ${GAS_STRING}
COMMAND ${GREP_CMD} "GNU assembler version (2\\.2[3-9]|2\\.[3-9]|[3-9])"
OUTPUT_VARIABLE GAS223_OR_LATER)
if (GAS223_OR_LATER EQUAL 0)
add_definitions(-DCRYPTOPP_DISABLE_SHA)
set(DISABLE_NATIVE_ARCH 1)
endif()
endif()
endif()
endif()
# We need the output 'uname -s' for Unix and Linux system detection
if (NOT CRYPTOPP_CROSS_COMPILE)
set (UNAME_CMD "uname")
@ -185,6 +260,13 @@ if ((NOT CRYPTOPP_CROSS_COMPILE) AND "${UNAME_SYSTEM}" STREQUAL "SunOS")
if ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "SunPro")
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -template=no%extdef")
endif()
execute_process(COMMAND "uname" "-p" OUTPUT_VARIABLE PLATFORM_SUNOS_ARCH OUTPUT_STRIP_TRAILING_WHITESPACE)
string(TOUPPER "${PLATFORM_SUNOS_ARCH}" PLATFORM_SUNOS_ARCH)
message(STATUS "SunOS platform arch: ${PLATFORM_SUNOS_ARCH}")
if (${PLATFORM_SUNOS_ARCH} MATCHES SPARC)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -xmemalign=4i")
endif ()
endif()
# Link is driven through the compiler, but CXXFLAGS are not used. Also see
@ -201,10 +283,12 @@ endif()
file(GLOB cryptopp_HEADERS *.h)
# Test sources. You can use the GNUmakefile to generate the list: `make sources`.
file(GLOB cryptopp_SOURCES_TEST test.cpp bench1.cpp bench2.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp adhoc.cpp datatest.cpp regtest.cpp fipsalgt.cpp dlltest.cpp fipstest.cpp)
file(GLOB cryptopp_SOURCES_TEST test.cpp bench1.cpp bench2.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp adhoc.cpp datatest.cpp regtest1.cpp regtest2.cpp regtest3.cpp fipsalgt.cpp dlltest.cpp fipstest.cpp)
# Library sources. You can use the GNUmakefile to generate the list: `make sources`.
# Makefile sorted them at http://github.com/weidai11/cryptopp/pull/426.
file(GLOB cryptopp_SOURCES *.cpp)
list(SORT cryptopp_SOURCES)
list(REMOVE_ITEM cryptopp_SOURCES
${CMAKE_CURRENT_SOURCE_DIR}/cryptlib.cpp
${CMAKE_CURRENT_SOURCE_DIR}/cpu.cpp

2
Doxyfile
View File

@ -767,7 +767,7 @@ INPUT = . \
GNUmakefile \
GNUmakefile-cross \
rdrand.asm \
rdrand.S
rdrand.s
# This tag can be used to specify the character encoding of the source files
# that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses

20
Filelist.txt
View File

@ -10,6 +10,8 @@ algparam.cpp
algparam.h
arc4.cpp
arc4.h
aria.cpp
aria.h
argnames.h
asn.cpp
asn.h
@ -144,6 +146,9 @@ integer.cpp
integer.h
iterhash.cpp
iterhash.h
kalynatab.cpp
kalyna.cpp
kalyna.h
keccak.cpp
keccak.h
lubyrack.h
@ -210,12 +215,14 @@ rc6.cpp
rc6.h
rdrand-masm.cmd
rdrand-nasm.sh
rdrand.S
rdrand.s
rdrand.asm
rdrand.cpp
rdrand.h
rdtables.cpp
regtest.cpp
regtest1.cpp
regtest2.cpp
regtest3.cpp
resource.h
rijndael.cpp
rijndael.h
@ -270,6 +277,8 @@ tea.h
test.cpp
trap.h
tftables.cpp
threefish.cpp
threefish.h
tiger.cpp
tiger.h
tigertab.cpp
@ -318,6 +327,7 @@ Install.txt
Filelist.txt
TestData/3desval.dat
TestData/3wayval.dat
TestData/aria.dat
TestData/camellia.dat
TestData/cast128v.dat
TestData/cast256v.dat
@ -382,9 +392,11 @@ TestData/xtrdh342.dat
TestVectors/Readme.txt
TestVectors/aes.txt
TestVectors/all.txt
TestVectors/aria.txt
TestVectors/blake2.txt
TestVectors/blake2b.txt
TestVectors/blake2s.txt
TestVectors/aria.txt
TestVectors/camellia.txt
TestVectors/ccm.txt
TestVectors/chacha.txt
@ -397,6 +409,7 @@ TestVectors/esign.txt
TestVectors/gcm.txt
TestVectors/hkdf.txt
TestVectors/hmac.txt
TestVectors/kalyna.txt
TestVectors/keccak.txt
TestVectors/mars.txt
TestVectors/nr.txt
@ -410,6 +423,8 @@ TestVectors/salsa.txt
TestVectors/seal.txt
TestVectors/seed.txt
TestVectors/sha.txt
TestVectors/sha2.txt
TestVectors/sha3.txt
TestVectors/sha1_fips_180.txt
TestVectors/sha1_160_fips_180.txt
TestVectors/sha2_fips_180.txt
@ -426,6 +441,7 @@ TestVectors/shacal2.txt
TestVectors/siphash.txt
TestVectors/sosemanuk.txt
TestVectors/tea.txt
TestVectors/threefish.txt
TestVectors/ttmac.txt
TestVectors/vmac.txt
TestVectors/wake.txt

167
GNUmakefile
View File

@ -21,6 +21,8 @@ IS_X64 := $(shell uname -m | $(EGREP) -i -c "(_64|d64)")
IS_PPC := $(shell uname -m | $(EGREP) -i -c "ppc|power")
IS_ARM32 := $(shell uname -m | $(EGREP) -i -c "arm")
IS_ARM64 := $(shell uname -m | $(EGREP) -i -c "aarch64")
IS_SPARC := $(shell uname -m | $(EGREP) -i -c "sparc")
IS_SPARC64 := $(shell uname -m | $(EGREP) -i -c "sparc64")
IS_SUN := $(shell uname | $(EGREP) -i -c "SunOS")
IS_LINUX := $(shell $(CXX) -dumpmachine 2>&1 | $(EGREP) -i -c "Linux")
@ -145,7 +147,9 @@ endif
ifneq ($(HAVE_GAS),0)
GAS210_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(EGREP) -c "GNU assembler version (2\.[1-9][0-9]|[3-9])")
GAS217_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(EGREP) -c "GNU assembler version (2\.1[7-9]|2\.[2-9]|[3-9])")
GAS218_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(EGREP) -c "GNU assembler version (2\.1[8-9]|2\.[2-9]|[3-9])")
GAS219_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(EGREP) -c "GNU assembler version (2\.19|2\.[2-9]|[3-9])")
GAS223_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(EGREP) -c "GNU assembler version (2\.2[3-9]|2\.[3-9]|[3-9])")
endif
ICC111_OR_LATER := $(shell $(CXX) --version 2>&1 | $(EGREP) -c "\(ICC\) ([2-9][0-9]|1[2-9]|11\.[1-9])")
@ -160,24 +164,37 @@ endif
# .intel_syntax wasn't supported until GNU assembler 2.10
# No DISABLE_NATIVE_ARCH with CRYPTOPP_DISABLE_ASM for now
# See http://github.com/weidai11/cryptopp/issues/395
ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),)
ifeq ($(HAVE_GAS)$(GAS210_OR_LATER),10)
CXXFLAGS += -DCRYPTOPP_DISABLE_ASM
DISABLE_NATIVE_ARCH := 1
else
ifeq ($(HAVE_GAS)$(GAS217_OR_LATER),10)
CXXFLAGS += -DCRYPTOPP_DISABLE_SSSE3
DISABLE_NATIVE_ARCH := 1
else
ifeq ($(HAVE_GAS)$(GAS218_OR_LATER),10)
CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4
DISABLE_NATIVE_ARCH := 1
else
ifeq ($(HAVE_GAS)$(GAS219_OR_LATER),10)
CXXFLAGS += -DCRYPTOPP_DISABLE_AESNI
DISABLE_NATIVE_ARCH := 1
endif
endif
endif
else
ifeq ($(HAVE_GAS)$(GAS223_OR_LATER),10)
CXXFLAGS += -DCRYPTOPP_DISABLE_SHA
DISABLE_NATIVE_ARCH := 1
endif # -DCRYPTOPP_DISABLE_SHA
endif # -DCRYPTOPP_DISABLE_AESNI
endif # -DCRYPTOPP_DISABLE_SSE4
endif # -DCRYPTOPP_DISABLE_SSSE3
endif # -DCRYPTOPP_DISABLE_ASM
endif # CXXFLAGS
# BEGIN NATIVE_ARCH
# BEGIN_NATIVE_ARCH
# Guard use of -march=native (or -m{32|64} on some platforms)
# Don't add anything if -march=XXX or -mtune=XXX is specified
ifneq ($(DISABLE_NATIVE_ARCH),1)
ifeq ($(DISABLE_NATIVE_ARCH),0)
ifeq ($(findstring -march,$(CXXFLAGS)),)
ifeq ($(findstring -mtune,$(CXXFLAGS)),)
ifeq ($(GCC42_OR_LATER)$(IS_NETBSD),10)
@ -198,23 +215,7 @@ ifeq ($(findstring -mtune,$(CXXFLAGS)),)
endif # -mtune
endif # -march
endif # DISABLE_NATIVE_ARCH
# END NATIVE_ARCH
# Aligned access required for -O3 and above due to vectorization
UNALIGNED_ACCESS := $(shell $(EGREP) -c "^[[:space:]]*//[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_NO_UNALIGNED_DATA_ACCESS" config.h)
ifneq ($(UNALIGNED_ACCESS),0)
ifeq ($(findstring -DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS,$(CXXFLAGS)),)
ifeq ($(findstring -O3,$(CXXFLAGS)),-O3)
CXXFLAGS += -DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS
endif # -O3
ifeq ($(findstring -O5,$(CXXFLAGS)),-O5)
CXXFLAGS += -DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS
endif # -O5
ifeq ($(findstring -Ofast,$(CXXFLAGS)),-Ofast)
CXXFLAGS += -DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS
endif # -Ofast
endif # CRYPTOPP_NO_UNALIGNED_DATA_ACCESS
endif # UNALIGNED_ACCESS
# END_NATIVE_ARCH
ifneq ($(INTEL_COMPILER),0)
CXXFLAGS += -wd68 -wd186 -wd279 -wd327 -wd161 -wd3180
@ -279,28 +280,27 @@ CXXFLAGS += -pipe
endif
endif
# Aligned access required for -O3 and above due to vectorization
UNALIGNED_ACCESS := $(shell $(EGREP) -c "^[[:space:]]*//[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_NO_UNALIGNED_DATA_ACCESS" config.h)
ifneq ($(UNALIGNED_ACCESS),0)
ifeq ($(findstring -DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS,$(CXXFLAGS)),)
ifeq ($(findstring -O3,$(CXXFLAGS)),-O3)
CXXFLAGS += -DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS
endif # -O3
ifeq ($(findstring -O5,$(CXXFLAGS)),-O5)
CXXFLAGS += -DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS
endif # -O5
ifeq ($(findstring -Ofast,$(CXXFLAGS)),-Ofast)
CXXFLAGS += -DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS
endif # -Ofast
endif # CRYPTOPP_NO_UNALIGNED_DATA_ACCESS
endif # UNALIGNED_ACCESS
endif # IS_X86
###########################################################
##### Common #####
###########################################################
# For SunOS, create a Mapfile that allows our object files
# to cantain additional bits (like SSE4 and AES on old Xeon)
# http://www.oracle.com/technetwork/server-storage/solaris/hwcap-modification-139536.html
ifeq ($(IS_SUN)$(SUN_COMPILER),11)
ifneq ($(IS_X86)$(IS_X32)$(IS_X64),000)
ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),)
ifeq ($(wildcard cryptopp.mapfile),)
$(shell echo "hwcap_1 = SSE SSE2 OVERRIDE;" > cryptopp.mapfile)
$(shell echo "" >> cryptopp.mapfile)
endif # Write mapfile
LDFLAGS += -M cryptopp.mapfile
endif # No CRYPTOPP_DISABLE_ASM
endif # X86/X32/X64
endif # SunOS
ifneq ($(IS_MINGW),0)
LDLIBS += -lws2_32
endif
@ -346,6 +346,10 @@ CXXFLAGS += -KPIC
endif
# Add to all Solaris
CXXFLAGS += -template=no%extdef
# http://github.com/weidai11/cryptopp/issues/403
ifneq ($(IS_SPARC)$(IS_SPARC64),00)
CXXFLAGS += -xmemalign=4i
endif
SUN_CC10_BUGGY := $(shell $(CXX) -V 2>&1 | $(EGREP) -c "CC: Sun .* 5\.10 .* (2009|2010/0[1-4])")
ifneq ($(SUN_CC10_BUGGY),0)
# -DCRYPTOPP_INCLUDE_VECTOR_CC is needed for Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21 and was fixed in May 2010
@ -360,14 +364,20 @@ ARFLAGS = -xar -o
RANLIB = true
endif
# Undefined Behavior Sanitizer (UBsan) testing. There's no sense in
# allowing unaligned data access. There will too many findings.
# No ASM for Travis testing
ifeq ($(findstring no-asm,$(MAKECMDGOALS)),no-asm)
ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_DISABLE_ASM
endif # CXXFLAGS
endif # No ASM
# Undefined Behavior Sanitizer (UBsan) testing. Issue 'make ubsan'.
ifeq ($(findstring ubsan,$(MAKECMDGOALS)),ubsan)
ifeq ($(findstring -fsanitize=undefined,$(CXXFLAGS)),)
CXXFLAGS += -fsanitize=undefined
endif # CXXFLAGS
ifeq ($(findstring -DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS
ifeq ($(findstring -DCRYPTOPP_COVERAGE,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_COVERAGE
endif # CXXFLAGS
endif # UBsan
@ -376,6 +386,9 @@ ifeq ($(findstring asan,$(MAKECMDGOALS)),asan)
ifeq ($(findstring -fsanitize=address,$(CXXFLAGS)),)
CXXFLAGS += -fsanitize=address
endif # CXXFLAGS
ifeq ($(findstring -DCRYPTOPP_COVERAGE,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_COVERAGE
endif # CXXFLAGS
ifeq ($(findstring -fno-omit-frame-pointer,$(CXXFLAGS)),)
CXXFLAGS += -fno-omit-frame-pointer
endif # CXXFLAGS
@ -391,20 +404,27 @@ endif # ELF/ELF64
endif # CXXFLAGS
endif # Gold
# Aligned access testing. Issue 'make aligned'.
ifneq ($(filter align aligned,$(MAKECMDGOALS)),)
ifeq ($(findstring -DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS
endif # CXXFLAGS
endif # Aligned access
# GCC code coverage. Issue 'make coverage'.
ifneq ($(filter coverage,$(MAKECMDGOALS)),)
ifeq ($(findstring -DCRYPTOPP_COVERAGE,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_COVERAGE
endif # -coverage
ifeq ($(findstring -coverage,$(CXXFLAGS)),)
CXXFLAGS += -coverage
endif # -coverage
endif # GCC code coverage
# Valgrind testing. Issue 'make valgrind'.
ifneq ($(filter valgrind,$(MAKECMDGOALS)),)
# Tune flags; see http://valgrind.org/docs/manual/quick-start.html
CXXFLAGS := $(CXXFLAGS:-g%=-g3)
CXXFLAGS := $(CXXFLAGS:-O%=-O1)
CXXFLAGS := $(CXXFLAGS:-xO%=-xO1)
ifeq ($(findstring -DCRYPTOPP_VALGRIND,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_VALGRIND
endif # -DCRYPTOPP_VALGRIND
endif # Valgrind
# Debug testing on GNU systems. Triggered by -DDEBUG.
# Newlib test due to http://sourceware.org/bugzilla/show_bug.cgi?id=20268
ifneq ($(filter -DDEBUG -DDEBUG=1,$(CXXFLAGS)),)
@ -460,16 +480,12 @@ endif # HAS_SOLIB_VERSION
###########################################################
# List cryptlib.cpp first, then cpu.cpp, then integer.cpp to tame C++ static initialization problems.
SRCS := cryptlib.cpp cpu.cpp integer.cpp $(filter-out cryptlib.cpp cpu.cpp integer.cpp pch.cpp simple.cpp winpipes.cpp cryptlib_bds.cpp,$(wildcard *.cpp))
SRCS := cryptlib.cpp cpu.cpp integer.cpp $(filter-out cryptlib.cpp cpu.cpp integer.cpp pch.cpp simple.cpp winpipes.cpp cryptlib_bds.cpp,$(sort $(wildcard *.cpp)))
# Need CPU for X86/X64/X32 and ARM
ifeq ($(IS_X86)$(IS_X32)$(IS_X64)$(IS_ARM32)$(IS_ARM64),00000)
SRCS := $(filter-out cpu.cpp, $(SRCS))
endif
# Need RDRAND for X86/X64/X32
ifeq ($(IS_X86)$(IS_X32)$(IS_X64),000)
SRCS := $(filter-out rdrand.cpp, $(SRCS))
endif
ifneq ($(IS_MINGW),0)
SRCS += winpipes.cpp
@ -489,12 +505,12 @@ endif
endif # Nasm
# List test.cpp first to tame C++ static initialization problems.
TESTSRCS := adhoc.cpp test.cpp bench1.cpp bench2.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp datatest.cpp regtest.cpp fipsalgt.cpp dlltest.cpp
TESTSRCS := adhoc.cpp test.cpp bench1.cpp bench2.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp datatest.cpp regtest1.cpp regtest2.cpp regtest3.cpp fipsalgt.cpp dlltest.cpp
TESTOBJS := $(TESTSRCS:.cpp=.o)
LIBOBJS := $(filter-out $(TESTOBJS),$(OBJS))
# List cryptlib.cpp first, then cpu.cpp, then integer.cpp to tame C++ static initialization problems.
DLLSRCS := cryptlib.cpp cpu.cpp integer.cpp shacal2.cpp md5.cpp shark.cpp zinflate.cpp gf2n.cpp salsa.cpp xtr.cpp oaep.cpp poly1305.cpp polynomi.cpp rc2.cpp default.cpp wait.cpp wake.cpp twofish.cpp iterhash.cpp adler32.cpp elgamal.cpp marss.cpp blowfish.cpp ecp.cpp filters.cpp strciphr.cpp camellia.cpp ida.cpp zlib.cpp des.cpp crc.cpp algparam.cpp dessp.cpp tea.cpp eax.cpp network.cpp emsa2.cpp pkcspad.cpp squaretb.cpp idea.cpp authenc.cpp hmac.cpp zdeflate.cpp xtrcrypt.cpp queue.cpp mars.cpp rc5.cpp blake2.cpp hrtimer.cpp eprecomp.cpp hex.cpp dsa.cpp sha.cpp fips140.cpp gzip.cpp seal.cpp files.cpp base32.cpp vmac.cpp tigertab.cpp sharkbox.cpp safer.cpp randpool.cpp esign.cpp arc4.cpp osrng.cpp skipjack.cpp seed.cpp sha3.cpp sosemanuk.cpp bfinit.cpp rabin.cpp 3way.cpp rw.cpp rdrand.cpp rsa.cpp rdtables.cpp gost.cpp socketft.cpp tftables.cpp nbtheory.cpp panama.cpp modes.cpp rijndael.cpp casts.cpp chacha.cpp gfpcrypt.cpp poly1305.cpp dll.cpp ec2n.cpp blumshub.cpp algebra.cpp basecode.cpp base64.cpp cbcmac.cpp rc6.cpp dh2.cpp gf256.cpp mqueue.cpp misc.cpp pssr.cpp channels.cpp tiger.cpp cast.cpp rng.cpp square.cpp asn.cpp whrlpool.cpp md4.cpp dh.cpp ccm.cpp md2.cpp mqv.cpp gf2_32.cpp ttmac.cpp luc.cpp trdlocal.cpp pubkey.cpp gcm.cpp ripemd.cpp eccrypto.cpp serpent.cpp cmac.cpp
DLLSRCS := cryptlib.cpp cpu.cpp integer.cpp shacal2.cpp md5.cpp shark.cpp zinflate.cpp gf2n.cpp salsa.cpp xtr.cpp oaep.cpp poly1305.cpp polynomi.cpp rc2.cpp default.cpp wait.cpp wake.cpp twofish.cpp iterhash.cpp adler32.cpp elgamal.cpp marss.cpp blowfish.cpp ecp.cpp filters.cpp strciphr.cpp camellia.cpp ida.cpp zlib.cpp des.cpp crc.cpp algparam.cpp dessp.cpp tea.cpp eax.cpp network.cpp emsa2.cpp pkcspad.cpp squaretb.cpp idea.cpp authenc.cpp kalyna.cpp threefish.cpp hmac.cpp zdeflate.cpp xtrcrypt.cpp queue.cpp mars.cpp rc5.cpp blake2.cpp hrtimer.cpp eprecomp.cpp hex.cpp dsa.cpp sha.cpp fips140.cpp gzip.cpp seal.cpp files.cpp base32.cpp vmac.cpp tigertab.cpp sharkbox.cpp safer.cpp randpool.cpp esign.cpp arc4.cpp osrng.cpp skipjack.cpp seed.cpp sha3.cpp sosemanuk.cpp bfinit.cpp rabin.cpp 3way.cpp rw.cpp rdrand.cpp rsa.cpp rdtables.cpp gost.cpp socketft.cpp tftables.cpp nbtheory.cpp panama.cpp modes.cpp rijndael.cpp casts.cpp chacha.cpp gfpcrypt.cpp poly1305.cpp dll.cpp ec2n.cpp blumshub.cpp algebra.cpp basecode.cpp base64.cpp cbcmac.cpp rc6.cpp dh2.cpp gf256.cpp mqueue.cpp misc.cpp pssr.cpp channels.cpp tiger.cpp cast.cpp rng.cpp square.cpp asn.cpp whrlpool.cpp md4.cpp dh.cpp ccm.cpp md2.cpp mqv.cpp gf2_32.cpp ttmac.cpp luc.cpp trdlocal.cpp pubkey.cpp gcm.cpp ripemd.cpp eccrypto.cpp serpent.cpp cmac.cpp
DLLOBJS := $(DLLSRCS:.cpp=.export.o)
# Import lib testing
@ -522,8 +538,8 @@ deps GNUmakefile.deps:
$(CXX) $(strip $(CXXFLAGS)) -MM *.cpp > GNUmakefile.deps
# CXXFLAGS are tuned earlier.
.PHONY: asan ubsan align aligned
asan ubsan align aligned: libcryptopp.a cryptest.exe
.PHONY: asan ubsan no-asm
no-asm asan ubsan: libcryptopp.a cryptest.exe
# CXXFLAGS are tuned earlier. Applications must use linker flags
# -Wl,--gc-sections (Linux and Unix) or -Wl,-dead_strip (OS X)
@ -538,9 +554,14 @@ coverage: libcryptopp.a cryptest.exe
./cryptest.exe v
./cryptest.exe tv all
lcov --base-directory . --directory . -c -o cryptest.info
lcov --remove cryptest.info "*test.*" "bench*.cpp" "validat*.*" "/usr/*" -o cryptest.info
lcov --remove cryptest.info "adhoc.cpp" "wait.*" "network.*" "socketft.*" "fips140.*" "*test.*" "bench*.cpp" "validat*.*" "/usr/*" -o cryptest.info
genhtml -o ./TestCoverage/ -t "cryptest.exe test coverage" --num-spaces 4 cryptest.info
# SHould use CXXFLAGS="-g3 -O1"
.PHONY: valgrind
valgrind: libcryptopp.a cryptest.exe
valgrind ./cryptest.exe v
.PHONY: test check
test check: cryptest.exe
./cryptest.exe v
@ -587,9 +608,9 @@ clean:
.PHONY: distclean
distclean: clean
-$(RM) adhoc.cpp adhoc.cpp.copied GNUmakefile.deps benchmarks.html cryptest.txt cryptest-*.txt
-$(RM) adhoc.cpp adhoc.cpp.copied cryptopp.mapfile GNUmakefile.deps benchmarks.html cryptest.txt cryptest-*.txt
@-$(RM) CMakeCache.txt Makefile CTestTestfile.cmake cmake_install.cmake cryptopp-config-version.cmake
@-$(RM) cryptopp.tgz *.o *.bc *.ii *.s *~
@-$(RM) cryptopp.tgz *.o *.bc *.ii *~
@-$(RM) -r $(SRCS:.cpp=.obj) *.suo *.sdf *.pdb Win32/ x64/ ipch/
@-$(RM) -r CMakeFiles/
@-$(RM) -r $(DOCUMENT_DIRECTORY)/
@ -704,21 +725,23 @@ endif
.PHONY: trim
trim:
ifneq ($(IS_DARWIN),0)
sed -i '' -e's/[[:space:]]*$$//' *.sh *.h *.cpp *.asm *.S *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross
sed -i '' -e's/[[:space:]]*$$//' *.sh *.h *.cpp *.asm *.s *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross
sed -i '' -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestScripts/*.sh
make convert
else
sed -i -e's/[[:space:]]*$$//' *.sh *.h *.cpp *.asm *.S *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross
sed -i -e's/[[:space:]]*$$//' *.sh *.h *.cpp *.asm *.s *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross
sed -i -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestScripts/*.sh
make convert
endif
.PHONY: convert
convert:
@-$(CHMOD) 0700 TestVectors/ TestData/ TestScripts/
@-$(CHMOD) 0600 $(TEXT_FILES) *.asm *.S *.zip *.cmake TestVectors/*.txt TestData/*.dat
@-$(CHMOD) 0600 $(TEXT_FILES) *.asm *.s *.zip *.cmake TestVectors/*.txt TestData/*.dat
@-$(CHMOD) 0700 $(EXEC_FILES) *.sh *.cmd TestScripts/*.sh TestScripts/*.pl TestScripts/*.cmd
@-$(CHMOD) 0700 *.cmd *.sh GNUmakefile GNUmakefile-cross TestScripts/*.sh TestScripts/*.pl
-unix2dos --keepdate --quiet $(TEXT_FILES) *.asm *.cmd *.cmake TestScripts/*.pl TestScripts/*.cmd
-dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross *.S *.sh TestScripts/*.sh
-dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross *.s *.sh TestScripts/*.sh
ifneq ($(IS_DARWIN),0)
@-xattr -c *
endif
@ -764,12 +787,24 @@ endif # Dependencies
# Run rdrand-nasm.sh to create the object files
ifeq ($(USE_NASM),1)
rdrand.o: rdrand.h rdrand.cpp rdrand.S
rdrand.o: rdrand.h rdrand.cpp rdrand.s
$(CXX) $(strip $(CXXFLAGS)) -DNASM_RDRAND_ASM_AVAILABLE=1 -DNASM_RDSEED_ASM_AVAILABLE=1 -c rdrand.cpp
rdrand-%.o:
./rdrand-nasm.sh
endif
# Don't build Rijndael with UBsan. Too much noise due to unaligned data accesses.
ifneq ($(findstring -fsanitize=undefined,$(CXXFLAGS)),)
rijndael.o : rijndael.cpp
$(CXX) $(strip $(subst -fsanitize=undefined,,$(CXXFLAGS))) -c $<
endif
# Don't build VMAC and friends with Asan. Too many false positives.
ifneq ($(findstring -fsanitize=address,$(CXXFLAGS)),)
vmac.o : vmac.cpp
$(CXX) $(strip $(subst -fsanitize=address,,$(CXXFLAGS))) -c $<
endif
# Only use CRYPTOPP_DATA_DIR if its not set in CXXFLAGS
ifeq ($(findstring -DCRYPTOPP_DATA_DIR, $(strip $(CXXFLAGS))),)
ifneq ($(strip $(CRYPTOPP_DATA_DIR)),)

2
GNUmakefile-cross
View File

@ -117,7 +117,7 @@ SRCS := cryptlib.cpp cpu.cpp integer.cpp $(filter-out cryptlib.cpp cpu.cpp integ
OBJS := $(SRCS:.cpp=.o)
# List test.cpp first to tame C++ static initialization problems.
TESTSRCS := adhoc.cpp test.cpp bench1.cpp bench2.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp datatest.cpp regtest.cpp fipsalgt.cpp dlltest.cpp
TESTSRCS := adhoc.cpp test.cpp bench1.cpp bench2.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp datatest.cpp regtest1.cpp regtest2.cpp regtest3.cpp fipsalgt.cpp dlltest.cpp
TESTOBJS := $(TESTSRCS:.cpp=.o)
LIBOBJS := $(filter-out $(TESTOBJS),$(OBJS))

26
Readme.txt
View File

@ -14,23 +14,24 @@ Currently the library contains the following algorithms:
AES and AES candidates AES (Rijndael), RC6, MARS, Twofish, Serpent,
CAST-256
IDEA, Triple-DES (DES-EDE2 and DES-EDE3),
other block ciphers Camellia, SEED, RC5, Blowfish, TEA, XTEA,
Skipjack, SHACAL-2
ARIA, IDEA, Triple-DES (DES-EDE2 and DES-EDE3),
other block ciphers Camellia, SEED, Kalyna RC5, Blowfish, TEA, XTEA,
Threefish, Skipjack, SHACAL-2
block cipher modes of operation ECB, CBC, CBC ciphertext stealing (CTS),
CFB, OFB, counter mode (CTR)
message authentication codes VMAC, HMAC, GMAC, CMAC, CBC-MAC, DMAC,
Two-Track-MAC, BLAKE2 (BLAKE2b, BLAKE2s)
Two-Track-MAC, BLAKE2s, BLAKE2b
BLAKE2 (BLAKE2b, BLAKE2s), SHA-1, SHA-2 (SHA-224,
hash functions SHA-256, SHA-384, and SHA-512), SHA-3, Tiger,
WHIRLPOOL, RIPEMD-128, RIPEMD-256, RIPEMD-160,
RIPEMD-320
BLAKE2s, BLAKE2b, Keccack (F1600) SHA-1, SHA-2
hash functions (SHA-224, SHA-256, SHA-384, and SHA-512), SHA-3,
Tiger,WHIRLPOOL, RIPEMD-128, RIPEMD-256,
RIPEMD-160, RIPEMD-320
RSA, DSA, ElGamal, Nyberg-Rueppel (NR),
public-key cryptography Rabin-Williams (RW), LUC, LUCELG,
RSA, DSA, Determinsitic DSA, ElGamal,
public-key cryptography Nyberg-Rueppel (NR), Rabin-Williams (RW), LUC,
LUCELG, EC-based German Digital Signature (ECGDSA),
DLIES (variants of DHAES), ESIGN
padding schemes for public-key PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363
@ -40,7 +41,7 @@ Currently the library contains the following algorithms:
key agreement schemes (DH2), Menezes-Qu-Vanstone (MQV), Hashed MQV (HMQV),
Fully Hashed MQV (FHMQV), LUCDIF, XTR-DH
elliptic curve cryptography ECDSA, ECNR, ECIES, ECDH, ECMQV
elliptic curve cryptography ECDSA, Determinsitic ECDSA, ECNR, ECIES, ECDH, ECMQV
insecure or obsolescent MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL
algorithms retained for backwards 3.0, WAKE-OFB, DESX (DES-XEX3), RC2,
@ -49,7 +50,8 @@ algorithms retained for backwards 3.0, WAKE-OFB, DESX (DES-XEX3), RC2,
Other features include:
* pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool
* pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool,
RDRAND, RDSEED, NIST Hash DRBG, NIST HMAC DRBG
* password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5,
PBKDF from PKCS #12 appendix B, HKDF from RFC 5869
* Shamir's secret sharing scheme and Rabin's information dispersal algorithm

45
TestData/aria.dat Normal file
View File

@ -0,0 +1,45 @@
0123456789ABCDEFFEDCBA9876543210 0123456789ABCDEFFEDCBA9876543210 7DC1917AE0D38FAE8D4A7D1959AEF27C
80000000000000000000000000000000 00000000000000000000000000000000 4ABA3055788204D82F4539D81BC9384B
00000000000000000000000000000001 00000000000000000000000000000000 5FA57C3B2E71144C3E5E1E9BE4F0FE7E
00000000000000000000000000000000 80000000000000000000000000000000 92E51E737DABB6BFD0EABC8D32224F77
00000000000000000000000000000000 00000000000000000000000000000001 B426E1A441F6DBFC2B2D2412D0066D20
00000000000000000000000000000000 00000000000000000000000000000000 4B40A63C7F0171EE3CDDA4363FBFAE75
01010101010101010101010101010101 01010101010101010101010101010101 CCE5D964A71D7A5E93986BCA572BB050
02020202020202020202020202020202 02020202020202020202020202020202 A04100328F459F6AAE8EBAB3B5FE90A8
04040404040404040404040404040404 04040404040404040404040404040404 BFE5C38FE204ADC614A321786CDCA08E
08080808080808080808080808080808 08080808080808080808080808080808 95A3371D4879057FAEB2E573CCE8A7F5
10101010101010101010101010101010 10101010101010101010101010101010 80AF7861CA5855FBED523345D36619EC
20202020202020202020202020202020 20202020202020202020202020202020 82E9D82550AECD0E0BB1B63E4B30CEC3
40404040404040404040404040404040 40404040404040404040404040404040 C80C04BA36ED0DA52B3E6CB430617FAC
80808080808080808080808080808080 80808080808080808080808080808080 41305D0632AC493419B04F3BCDBA6AE4
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF B99D80EF798362ACEB9E960AAE7EECC2
0123456789ABCDEFFEDCBA98765432100011223344556677 0123456789ABCDEFFEDCBA9876543210 6DC2DBDAC3C563E522F5A75942B8AFAC
800000000000000000000000000000000000000000000000 00000000000000000000000000000000 F9BA9C6E7E3C86FAE4BEB607F387548E
000000000000000000000000000000000000000000000001 00000000000000000000000000000000 5BC2C08F01C0CDC2F983073CBE9194D2
000000000000000000000000000000000000000000000000 80000000000000000000000000000000 AE56BF59874ED4DBD7B905878894ADEE
000000000000000000000000000000000000000000000000 00000000000000000000000000000001 D53236B0CDE20C26F57675A7405A9F98
000000000000000000000000000000000000000000000000 00000000000000000000000000000000 D5526B5E6A1E3DF23AD8ECAF20F281D0
010101010101010101010101010101010101010101010101 01010101010101010101010101010101 6E4C91AB71707075F375FFB7B3D27328
020202020202020202020202020202020202020202020202 02020202020202020202020202020202 D686D2A6F3BBBC5E703528FD4B1DBA8F
040404040404040404040404040404040404040404040404 04040404040404040404040404040404 ADE1730DA6F15693FD9F063DFC8EC4D1
080808080808080808080808080808080808080808080808 08080808080808080808080808080808 6A3FCA9070151FF14142B1700BE075EB
101010101010101010101010101010101010101010101010 10101010101010101010101010101010 773EC2820CCD29CA650DEA05E04CEB80
202020202020202020202020202020202020202020202020 20202020202020202020202020202020 531A8B8F5F1228E16B57E5365A1FB02B
404040404040404040404040404040404040404040404040 40404040404040404040404040404040 C0166DB2A70DF611921E7F0AB0E0F15D
808080808080808080808080808080808080808080808080 80808080808080808080808080808080 70F3361D505A220B1C2328EBE32ED731
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF F275975CCC163ED53AA0510443239638
0123456789ABCDEFFEDCBA987654321000112233445566778899AABBCCDDEEFF 0123456789ABCDEFFEDCBA9876543210 2F4792014AE2D9B812ADBAC663DC762B
8000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000 9250C9771F5A5A8612400AA917491263
0000000000000000000000000000000000000000000000000000000000000001 00000000000000000000000000000000 1A6AED07EC57E4373E988BFBB396406F
0000000000000000000000000000000000000000000000000000000000000000 80000000000000000000000000000000 209ACF63CE6DFB56B1F9821DDBFE86E3
0000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000001 678FFFFDCE3177605F9320FEC4D30B5E
0000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000 C20857DD9106DDDE286EC59FA98D77CC
0101010101010101010101010101010101010101010101010101010101010101 01010101010101010101010101010101 15C28D4EC27D8BEDDD8E6B3745A9A261
0202020202020202020202020202020202020202020202020202020202020202 02020202020202020202020202020202 5279DA1773C078835D506B25FED6513E
0404040404040404040404040404040404040404040404040404040404040404 04040404040404040404040404040404 7AED38F56F62FC75F7DB88F7E59D0B02
0808080808080808080808080808080808080808080808080808080808080808 08080808080808080808080808080808 6EB3C2BC1AC20926E860E688786DB872
1010101010101010101010101010101010101010101010101010101010101010 10101010101010101010101010101010 54A8718B4DD1A03B1A4ED06C30B9E6AB
2020202020202020202020202020202020202020202020202020202020202020 20202020202020202020202020202020 A876FA5538F926B373702DABF33025B6
4040404040404040404040404040404040404040404040404040404040404040 40404040404040404040404040404040 B71AB43F56E09592E69E315E7CD06E8A
8080808080808080808080808080808080808080808080808080808080808080 80808080808080808080808080808080 E975FB1435D92A0CF3E1A2487774D699
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 6C833E3962286C0DE0395446ED30F646

407
TestScripts/cryptest.sh
View File

@ -397,7 +397,7 @@ if [[ (-z "$HAVE_O3") ]]; then
fi
# Hit or miss, mostly hit
if [[ (-z "$HAVE_O5") ]]; then
if [[ ( (-z "$HAVE_O5") && ("$CLANG_COMPILER" -eq "0") ) ]]; then
HAVE_O5=0
OPT_O5=
rm -f "$TMP/adhoc.exe" > /dev/null 2>&1
@ -581,34 +581,13 @@ if [[ (-z "$HAVE_X32") ]]; then
fi
fi
# "Modern compiler, old hardware" combinations
HAVE_X86_AES=0
HAVE_X86_RDRAND=0
HAVE_X86_RDSEED=0
HAVE_X86_PCLMUL=0
if [[ ("$IS_X86" -ne "0" || "$IS_X64" -ne "0") && ("$SUN_COMPILER" -eq "0") ]]; then
# Hit or miss, mostly hit
if [[ (-z "$HAVE_NATIVE_ARCH") ]]; then
HAVE_NATIVE_ARCH=0
rm -f "$TMP/adhoc.exe" > /dev/null 2>&1
"$CXX" -DCRYPTOPP_ADHOC_MAIN -maes adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
HAVE_X86_AES=1
fi
rm -f "$TMP/adhoc.exe" > /dev/null 2>&1
"$CXX" -DCRYPTOPP_ADHOC_MAIN -mrdrnd adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
HAVE_X86_RDRAND=1
fi
rm -f "$TMP/adhoc.exe" > /dev/null 2>&1
"$CXX" -DCRYPTOPP_ADHOC_MAIN -mrdseed adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
HAVE_X86_RDSEED=1
fi
rm -f "$TMP/adhoc.exe" > /dev/null 2>&1
"$CXX" -DCRYPTOPP_ADHOC_MAIN -mpclmul adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
HAVE_X86_PCLMUL=1
"$CXX" -DCRYPTOPP_ADHOC_MAIN -march=native adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ ("$?" -eq "0") ]]; then
HAVE_NATIVE_ARCH=1
fi
fi
@ -628,16 +607,6 @@ if [[ (-z "$HAVE_LDGOLD") ]]; then
fi
fi
# GCC unified syntax for ASM. Divided syntax is being deprecated
if [[ (-z "$HAVE_UNIFIED_ASM") ]]; then
HAVE_UNIFIED_ASM=0
rm -f "$TMP/adhoc.exe" > /dev/null 2>&1
"$CXX" -DCRYPTOPP_ADHOC_MAIN -masm-syntax-unified adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
HAVE_UNIFIED_ASM=1
fi
fi
# ARMv7 and ARMv8, including NEON, CRC32 and Crypto extensions
if [[ ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0") ]]; then
@ -1194,7 +1163,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
echo
OBJFILE=sha.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1 -msse -msse2" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
DISASS_TEXT=$("$DISASS" "${DISASSARGS[@]}" "$OBJFILE" 2>/dev/null)
@ -1216,9 +1185,6 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
if [[ ("$X86_SSE2" -ne "0" && "$X86_SHA256_HASH_BLOCKS" -eq "0") ]]; then
echo "ERROR: failed to use X86_SHA256_HashBlocks" | tee -a "$TEST_RESULTS"
if [[ ("$CLANG_COMPILER" -ne "0") ]]; then
echo "This could be due to Clang and lack of expected support for Intel assembly syntax in some versions of the compiler"
fi
fi
if [[ ("$FAILED" -eq "0" && "$X86_SHA256_HASH_BLOCKS" -ne "0") ]]; then
@ -1231,7 +1197,11 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
############################################
# Test AES-NI code generation
X86_AESNI=$(echo -n "$X86_CPU_FLAGS" | "$GREP" -i -c aes)
"$CXX" -DCRYPTOPP_ADHOC_MAIN -maes adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
X86_AESNI=1
fi
if [[ ("$X86_AESNI" -ne "0") ]]; then
echo
echo "************************************" | tee -a "$TEST_RESULTS"
@ -1239,7 +1209,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
echo
OBJFILE=rijndael.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1 -msse -msse2" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
@ -1283,17 +1253,17 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
if [[ ("$FAILED" -eq "0") ]]; then
echo "Verified aesenc, aesenclast, aesdec, aesdeclast, aesimc, aeskeygenassist machine instructions" | tee -a "$TEST_RESULTS"
else
if [[ ("$CLANG_COMPILER" -ne "0" && "$CLANG_37_OR_ABOVE" -eq "0") ]]; then
echo "This could be due to Clang and lack of expected support for SSSE3 (and above) in some versions of the compiler. If so, try Clang 3.7 or above"
fi
fi
fi
############################################
# X86 carryless multiply code generation
X86_PCLMUL=$(echo -n "$X86_CPU_FLAGS" | "$GREP" -i -c pclmulq)
"$CXX" -DCRYPTOPP_ADHOC_MAIN -mpclmul adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
X86_PCLMUL=1
fi
if [[ ("$X86_PCLMUL" -ne "0") ]]; then
echo
echo "************************************" | tee -a "$TEST_RESULTS"
@ -1301,19 +1271,19 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
echo
OBJFILE=gcm.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1 -msse -msse2" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
DISASS_TEXT=$("$DISASS" "${DISASSARGS[@]}" "$OBJFILE" 2>/dev/null)
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c '(pclmullqhq|vpclmulqdq)')
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c '(pclmulqdq|pclmullqhq|vpclmulqdq)')
if [[ ("$COUNT" -eq "0") ]]; then
FAILED=1
echo "ERROR: failed to generate pclmullqhq instruction" | tee -a "$TEST_RESULTS"
fi
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c '(pclmullqlq|vpclmulqdq)')
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c '(pclmulqdq|pclmullqlq|vpclmulqdq)')
if [[ ("$COUNT" -eq "0") ]]; then
FAILED=1
echo "ERROR: failed to generate pclmullqlq instruction" | tee -a "$TEST_RESULTS"
@ -1321,18 +1291,21 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
if [[ ("$FAILED" -eq "0") ]]; then
echo "Verified pclmullqhq and pclmullqlq machine instructions" | tee -a "$TEST_RESULTS"
else
if [[ ("$CLANG_COMPILER" -ne "0" && "$CLANG_37_OR_ABOVE" -eq "0") ]]; then
echo "This could be due to Clang and lack of expected support for SSSE3 (and above) in some versions of the compiler. If so, try Clang 3.7 or above"
fi
fi
fi
############################################
# Test RDRAND and RDSEED code generation
X86_RDRAND=$(echo -n "$X86_CPU_FLAGS" | "$GREP" -i -c rdrand)
X86_RDSEED=$(echo -n "$X86_CPU_FLAGS" | "$GREP" -i -c rdseed)
"$CXX" -DCRYPTOPP_ADHOC_MAIN -mrdrnd adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
X86_RDRAND=1
fi
"$CXX" -DCRYPTOPP_ADHOC_MAIN -mrdseed adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
X86_RDSEED=1
fi
if [[ ("$X86_RDRAND" -ne "0" || "$X86_RDSEED" -ne "0") ]]; then
echo
echo "************************************" | tee -a "$TEST_RESULTS"
@ -1340,7 +1313,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
echo
OBJFILE=rdrand.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1 -msse -msse2" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
@ -1364,17 +1337,17 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
if [[ ("$FAILED" -eq "0") ]]; then
echo "Verified rdrand and rdseed machine instructions" | tee -a "$TEST_RESULTS"
else
if [[ ("$CLANG_COMPILER" -ne "0" && "$CLANG_37_OR_ABOVE" -eq "0") ]]; then
echo "This could be due to Clang and lack of expected support for SSSE3 (and above) in some versions of the compiler. If so, try Clang 3.7 or above"
fi
fi
fi
############################################
# X86 CRC32 code generation
X86_CRC32=$(echo -n "$X86_CPU_FLAGS" | "$EGREP" -i -c '(sse4.2|sse4_2)')
"$CXX" -DCRYPTOPP_ADHOC_MAIN -msse4.2 adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
X86_CRC32=1
fi
if [[ ("$X86_CRC32" -ne "0") ]]; then
echo
echo "************************************" | tee -a "$TEST_RESULTS"
@ -1382,7 +1355,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
echo
OBJFILE=crc.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1 -msse -msse2" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
@ -1402,17 +1375,17 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
if [[ ("$FAILED" -eq "0") ]]; then
echo "Verified crc32l and crc32b machine instructions" | tee -a "$TEST_RESULTS"
else
if [[ ("$CLANG_COMPILER" -ne "0" && "$CLANG_37_OR_ABOVE" -eq "0") ]]; then
echo "This could be due to Clang and lack of expected support for SSSE3 (and above) in some versions of the compiler. If so, try Clang 3.7 or above"
fi
fi
fi
############################################
# X86 SHA code generation
X86_SHA=$(echo -n "$X86_CPU_FLAGS" | "$EGREP" -i -c '(sha_ni)')
"$CXX" -DCRYPTOPP_ADHOC_MAIN -msha adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
X86_SHA=1
fi
if [[ ("$X86_SHA" -ne "0") ]]; then
echo
echo "************************************" | tee -a "$TEST_RESULTS"
@ -1420,7 +1393,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
echo
OBJFILE=sha.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1 -msse -msse2" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
@ -1470,10 +1443,6 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
if [[ ("$FAILED" -eq "0") ]]; then
echo "Verified sha1rnds4, sha1nexte, sha1msg1, sha1msg2, sha256rnds2, sha256msg1 and sha256msg2 machine instructions" | tee -a "$TEST_RESULTS"
else
if [[ ("$CLANG_COMPILER" -ne "0" && "$CLANG_37_OR_ABOVE" -eq "0") ]]; then
echo "This could be due to Clang and lack of expected support for SSSE3 (and above) in some versions of the compiler. If so, try Clang 3.7 or above"
fi
fi
fi
fi
@ -1492,46 +1461,50 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ]
echo "Testing: ARM NEON code generation" | tee -a "$TEST_RESULTS"
echo
OBJFILE=blake2.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
OBJFILE=aria.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
DISASS_TEXT=$("$DISASS" "${DISASSARGS[@]}" "$OBJFILE" 2>/dev/null)
# BLAKE2_NEON_Compress32: 30 each vld1q_u8 and vld1q_u64
# BLAKE2_NEON_Compress64: 22 each vld1q_u8 and vld1q_u64
COUNT1=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'ldr.*q|vld.*128')
COUNT2=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'ldp.*q')
COUNT=$(($COUNT1 + $(($COUNT2 + $COUNT2))))
if [[ ("$COUNT" -lt "25") ]]; then
# ARIA::UncheckedKeySet: 8 vld1q.32
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'vld')
if [[ ("$COUNT" -lt "8") ]]; then
FAILED=1
echo "ERROR: failed to generate expected vector load instructions" | tee -a "$TEST_RESULTS"
fi
# BLAKE2_NEON_Compress{32|64}: 6 each vst1q_u32 and vst1q_u64
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'str.*q|vstr')
if [[ ("$COUNT" -lt "6") ]]; then
# ARIA::UncheckedKeySet: 24 vstr1q.32
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'vst')
if [[ ("$COUNT" -lt "24") ]]; then
FAILED=1
echo "ERROR: failed to generate expected vector store instructions" | tee -a "$TEST_RESULTS"
fi
# BLAKE2_NEON_Compress{32|64}: 409 each vaddq_u32 and vaddq_u64
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'add.*v|vadd')
if [[ ("$COUNT" -lt "400") ]]; then
# ARIA::UncheckedKeySet: 17 vshl.32
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'vshl')
if [[ ("$COUNT" -lt "17") ]]; then
FAILED=1
echo "ERROR: failed to generate expected vector add instructions" | tee -a "$TEST_RESULTS"
echo "ERROR: failed to generate expected vector shift left instructions" | tee -a "$TEST_RESULTS"
fi
# BLAKE2_NEON_Compress{32|64}: 559 each veorq_u32 and veorq_u64
# ARIA::UncheckedKeySet: 17 vshr.32
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'vshl')
if [[ ("$COUNT" -lt "17") ]]; then
FAILED=1
echo "ERROR: failed to generate expected vector shift right instructions" | tee -a "$TEST_RESULTS"
fi
# ARIA::UncheckedKeySet: 34 veor
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'eor.*v|veor')
if [[ ("$COUNT" -lt "550") ]]; then
if [[ ("$COUNT" -lt "34") ]]; then
FAILED=1
echo "ERROR: failed to generate expected vector xor instructions" | tee -a "$TEST_RESULTS"
fi
if [[ ("$FAILED" -eq "0") ]]; then
echo "Verified vector load, store, add, xor machine instructions" | tee -a "$TEST_RESULTS"
echo "Verified vector load, store, shfit left, shift right, xor machine instructions" | tee -a "$TEST_RESULTS"
fi
fi
@ -1546,7 +1519,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ]
echo
OBJFILE=gcm.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
@ -1580,7 +1553,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ]
echo
OBJFILE=crc.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
@ -1846,134 +1819,8 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER"
fi
############################################
# Minimum arch with AESNI, RDRAND and RDSEED
if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER" -ne "0") ]]; then
X86_OPTS=()
if [[ "$HAVE_X86_AES" -ne "0" ]]; then
X86_OPTS+=("-maes")
fi
if [[ "$HAVE_X86_RDRAND" -ne "0" ]]; then
X86_OPTS+=("-mrdrnd")
fi
if [[ "$HAVE_X86_RDSEED" -ne "0" ]]; then
X86_OPTS+=("-mrdseed")
fi
# i586 (lacks MMX, SSE and SSE2; enables X86 hardware)
if [[ "$IS_X86" -ne "0" ]]; then
############################################
# Debug build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Debug, i586, AESNI, RDRAND and RDSEED" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$DEBUG_CXXFLAGS -march=i586 ${X86_OPTS[@]} $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
############################################
# Release build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Release, i586, AESNI, RDRAND and RDSEED" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$RELEASE_CXXFLAGS -march=i586 ${X86_OPTS[@]} $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
fi
# x86-64
if [[ "$IS_X64" -ne "0" ]]; then
############################################
# Debug build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Debug, SSE2, AESNI, RDRAND and RDSEED" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$DEBUG_CXXFLAGS -march=x86-64 ${X86_OPTS[@]} $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
############################################
# Release build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Release, SSE2, AESNI, RDRAND and RDSEED" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$RELEASE_CXXFLAGS -march=x86-64 ${X86_OPTS[@]} $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
fi
fi
############################################
# mismatched arch capabilities
if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER" -ne "0") ]]; then
# Mismatched arch capabilities
if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_NATIVE_ARCH" -ne "0") ]]; then
# i586 (lacks MMX, SSE and SSE2)
if [[ "$IS_X86" -ne "0" ]]; then
@ -1990,7 +1837,8 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER"
CXXFLAGS="$DEBUG_CXXFLAGS -march=i586 $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
CXXFLAGS="$DEBUG_CXXFLAGS -march=native $OPT_PIC"
# The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native
CXXFLAGS="$DEBUG_CXXFLAGS $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
@ -2019,7 +1867,8 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER"
CXXFLAGS="$RELEASE_CXXFLAGS -march=i586 $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
CXXFLAGS="$RELEASE_CXXFLAGS -march=native $OPT_PIC"
# The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native
CXXFLAGS="$RELEASE_CXXFLAGS $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
@ -2051,7 +1900,8 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER"
CXXFLAGS="$DEBUG_CXXFLAGS -march=x86-64 $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
CXXFLAGS="$DEBUG_CXXFLAGS -march=native $OPT_PIC"
# The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native
CXXFLAGS="$DEBUG_CXXFLAGS $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
@ -2080,7 +1930,8 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER"
CXXFLAGS="$RELEASE_CXXFLAGS -march=x86-64 $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
CXXFLAGS="$RELEASE_CXXFLAGS -march=native $OPT_PIC"
# The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native
CXXFLAGS="$RELEASE_CXXFLAGS $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
@ -2839,63 +2690,6 @@ if [[ "$HAVE_LDGOLD" -ne "0" ]]; then
fi
fi
############################################
# Build with Unified ASM
if [[ "$HAVE_UNIFIED_ASM" -ne "0" ]]; then
############################################
# Debug build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Debug, unified asm syntax" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$DEBUG_CXXFLAGS ${PLATFORM_CXXFLAGS[@]} -masm-syntax-unified $USER_CXXFLAGS"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
############################################
# Release build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Release, unified asm syntax" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]} -masm-syntax-unified $USER_CXXFLAGS"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
fi
############################################
# Build at -O3
if [[ "$HAVE_O3" -ne "0" ]]; then
@ -4740,51 +4534,6 @@ if [[ ("$IS_DARWIN" -ne "0" && "$HAVE_CXX17" -ne "0") ]]; then
fi
fi
############################################
# Modern compiler and old hardware, like PII, PIII or Core2
if [[ ("$HAVE_X86_AES" -ne "0" || "$HAVE_X86_RDRAND" -ne "0" || "$HAVE_X86_RDSEED" -ne "0") ]]; then
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: AES, RDRAND and RDSEED" | tee -a "$TEST_RESULTS"
echo
OPTS=()
if [[ ("$GCC_COMPILER" -ne "0") ]]; then
OPTS=("-march=native")
fi
if [[ "$HAVE_X86_AES" -ne "0" ]]; then
OPTS+=("-maes")
fi
if [[ "$HAVE_X86_RDRAND" -ne "0" ]]; then
OPTS+=("-mrdrnd")
fi
if [[ "$HAVE_X86_RDSEED" -ne "0" ]]; then
OPTS+=("-mrdseed")
fi
if [[ "$HAVE_X86_PCLMUL" -ne "0" ]]; then
OPTS+=("-mpclmul")
fi
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$RELEASE_CXXFLAGS ${OPTS[@]} ${PLATFORM_CXXFLAGS[@]} $USER_CXXFLAGS"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
fi
############################################
# Benchmarks
if [[ "$WANT_BENCHMARKS" -ne "0" ]]; then

5
TestVectors/Readme.txt
View File

@ -57,6 +57,7 @@ PublicElement - the public element when KeyFormat=Component
PrivateExponent - the private exponent when KeyFormat=Component
Message - encoded string, message to be signed or verified
Signature - encoded string, signature to be verified or compared with
BlockSize - encoded string, block size for vaiable block ciphers
Plaintext - encoded string
Ciphertext - encoded string
Header - encoded string
@ -79,7 +80,7 @@ Verify - signature/digest/MAC verification should pass
VerifyTruncated - truncated digest/MAC verification should pass
NotVerify - signature/digest/MAC verification should not pass
DeterministicSign - sign message using given seed, and the resulting
signature should be equal to the given signature
signature should equal the given signature
Encrypt - plaintext encrypts to ciphertext
DecryptMatch - ciphertext decrypts to plaintext
(more to come here)

3
TestVectors/all.txt
View File

@ -2,6 +2,7 @@ AlgorithmType: FileList
Name: all.txt collection
Test: TestVectors/tea.txt
Test: TestVectors/wake.txt
Test: TestVectors/aria.txt
Test: TestVectors/camellia.txt
Test: TestVectors/shacal2.txt
Test: TestVectors/ttmac.txt
@ -25,6 +26,8 @@ Test: TestVectors/sha2_fips_180.txt
Test: TestVectors/sha3_fips_202.txt
Test: TestVectors/panama.txt
Test: TestVectors/aes.txt
Test: TestVectors/kalyna.txt
Test: TestVectors/threefish.txt
Test: TestVectors/salsa.txt
Test: TestVectors/chacha.txt
#Test: TestVectors/tls_chacha.txt

158
TestVectors/aria.txt Normal file
View File

@ -0,0 +1,158 @@
AlgorithmType: SymmetricCipher
Name: ARIA/ECB
Source: ARIA Test Vectors PDF (05.05.2004)
Comment: Section 1, ARIA/ECB 128-bit (p.3)
Key: 00112233445566778899aabbccddeeff
Plaintext: 11111111aaaaaaaa11111111bbbbbbbb 11111111cccccccc11111111dddddddd \
22222222aaaaaaaa22222222bbbbbbbb 22222222cccccccc22222222dddddddd \
33333333aaaaaaaa33333333bbbbbbbb 33333333cccccccc33333333dddddddd \
44444444aaaaaaaa44444444bbbbbbbb 44444444cccccccc44444444dddddddd \
55555555aaaaaaaa55555555bbbbbbbb 55555555cccccccc55555555dddddddd
Ciphertext: c6ecd08e22c30abdb215cf74e2075e6e 29ccaac63448708d331b2f816c51b17d \
9e133d1528dbf0af5787c7f3a3f5c2bf 6b6f345907a3055612ce072ff54de7d7 \
88424da6e8ccfe8172b391be49935416 5665ba7864917000a6eeb2ecb4a698ed \
fc7887e7f556377614ab0a282293e6d8 84dbb84206cdb16ed1754e77a1f243fd \
086953f752cc1e46c7c794ae85537dca ec8dd721f55c93b6edfe2adea43873e8
Test: Encrypt
Source: RFC 5794, The ARIA Encryption Algorithm
Comment: A.1, 128-Bit Key (p. 10)
Key: 000102030405060708090a0b0c0d0e0f
Plaintext: 00112233445566778899aabbccddeeff
Ciphertext: d718fbd6ab644c739da95f3be6451778
Test: Encrypt
Source: ARIA Test Vectors PDF (05.05.2004)
Comment: Section 2, ARIA/ECB 192-bit (p.6)
Key: 00112233445566778899aabbccddeeff 0011223344556677
Plaintext: 11111111aaaaaaaa11111111bbbbbbbb 11111111cccccccc11111111dddddddd \
22222222aaaaaaaa22222222bbbbbbbb 22222222cccccccc22222222dddddddd \
33333333aaaaaaaa33333333bbbbbbbb 33333333cccccccc33333333dddddddd \
44444444aaaaaaaa44444444bbbbbbbb 44444444cccccccc44444444dddddddd \
55555555aaaaaaaa55555555bbbbbbbb 55555555cccccccc55555555dddddddd
Ciphertext: 8d1470625f59ebacb0e55b534b3e462b 5f23d33bff78f46c3c15911f4a21809a \
accad80b4bda915aa9dae6bcebe06a6c 83f77fd5391acfe61de2f646b5d447ed \
bfd5bb49b12fbb9145b227895a757b2a f1f7188734863d7b8b6ede5a5b2f06a0 \
a233c8523d2db778fb31b0e311f32700 152f33861e9d040c83b5eb40cd88ea49 \
975709dc629365a189f78a3ec40345fc 6a5a307a8f9a4413091e007eca5645a0
Test: Encrypt
Source: RFC 5794, The ARIA Encryption Algorithm
Comment: A.2, 192-Bit Key (p. 11)
Key: 000102030405060708090a0b0c0d0e0f 1011121314151617
Plaintext: 00112233445566778899aabbccddeeff
Ciphertext: 26449c1805dbe7aa25a468ce263a9e79
Test: Encrypt
Source: ARIA Test Vectors PDF (05.05.2004)
Comment: Section 3, ARIA/ECB 256-bit (p.11)
Key: 00112233445566778899aabbccddeeff 00112233445566778899aabbccddeeff
Plaintext: 11111111aaaaaaaa11111111bbbbbbbb 11111111cccccccc11111111dddddddd \
22222222aaaaaaaa22222222bbbbbbbb 22222222cccccccc22222222dddddddd \
33333333aaaaaaaa33333333bbbbbbbb 33333333cccccccc33333333dddddddd \
44444444aaaaaaaa44444444bbbbbbbb 44444444cccccccc44444444dddddddd \
55555555aaaaaaaa55555555bbbbbbbb 55555555cccccccc55555555dddddddd
Ciphertext: 58a875e6044ad7fffa4f58420f7f442d 8e191016f28e79aefc01e204773280d7 \
018e5f7a938ec30711719953bae86542 cd7ebc752474c1a5f6eaaace2a7e2946 \
2ee7dfa5afdb84177ead95ccd4b4bb6e 1ed17b9534cff0a5fc2941429cfee2ee \
49c7adbeb7e9d1b0d2a8531d94207959 6a27ed79f5b1dd13ecd604b07a48885a \
3afa0627a0e4e60a3c703af292f1baa7 7b702f16c54aa74bc727ea95c7468b00
Test: Encrypt
Source: RFC 5794, The ARIA Encryption Algorithm
Comment: A.3, 256-Bit Key (p. 11)
Key: 000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f
Plaintext: 00112233445566778899aabbccddeeff
Ciphertext: f92bd7c79fb72e2f2b8f80c1972d24fc
Test: Encrypt
AlgorithmType: SymmetricCipher
Name: ARIA/CBC
Source: ARIA Test Vectors PDF (05.05.2004)
Comment: Section 1, ARIA/CBC 128-bit (p.3)
Key: 00112233445566778899aabbccddeeff
IV: 0f1e2d3c4b5a69788796a5b4c3d2e1f0
Plaintext: 11111111aaaaaaaa11111111bbbbbbbb 11111111cccccccc11111111dddddddd \
22222222aaaaaaaa22222222bbbbbbbb 22222222cccccccc22222222dddddddd \
33333333aaaaaaaa33333333bbbbbbbb 33333333cccccccc33333333dddddddd \
44444444aaaaaaaa44444444bbbbbbbb 44444444cccccccc44444444dddddddd \
55555555aaaaaaaa55555555bbbbbbbb 55555555cccccccc55555555dddddddd
Ciphertext: 49d61860b14909109cef0d22a9268134 fadf9fb23151e9645fba75018bdb1538 \
b53334634bbf7d4cd4b5377033060c15 5fe3948ca75de1031e1d85619e0ad61e \
b419a866b3c2dbfd10a4ed18b22149f7 5897f0b8668b0c1c542c687778835fb7 \
cd46e45f85eaa7072437dd9fa6793d6f 8d4ccefc4eb1ac641ac1bd30b18c6d64 \
c49bca137eb21c2e04da62712ca2b4f5 40c57112c38791852cfac7a5d19ed83a
Test: Encrypt
Source: ARIA Test Vectors PDF (05.05.2004)
Comment: Section 1, ARIA/CBC 192-bit (p.6)
Key: 00112233445566778899aabbccddeeff 0011223344556677
IV: 0f1e2d3c4b5a69788796a5b4c3d2e1f0
Plaintext: 11111111aaaaaaaa11111111bbbbbbbb 11111111cccccccc11111111dddddddd \
22222222aaaaaaaa22222222bbbbbbbb 22222222cccccccc22222222dddddddd \
33333333aaaaaaaa33333333bbbbbbbb 33333333cccccccc33333333dddddddd \
44444444aaaaaaaa44444444bbbbbbbb 44444444cccccccc44444444dddddddd \
55555555aaaaaaaa55555555bbbbbbbb 55555555cccccccc55555555dddddddd
Ciphertext: afe6cf23974b533c672a826264ea785f 4e4f7f780dc7f3f1e0962b80902386d5 \
14e9c3e77259de92dd1102ffab086c1e a52a71260db5920a83295c25320e4211 \
47ca45d532f327b856ea947cd2196ae2 e040826548b4c891b0ed0ca6e714dbc4 \
631998d548110d666b3d54c2a091955c 6f05beb4f62309368696c9791fc4c551 \
564a2637f194346ec45fbca6c72a5b46 12e208d531d6c34cc5c64eac6bd0cf8c
Test: Encrypt
Source: ARIA Test Vectors PDF (05.05.2004)
Comment: Section 1, ARIA/CBC 256-bit (p.11)
Key: 00112233445566778899aabbccddeeff 00112233445566778899aabbccddeeff
IV: 0f1e2d3c4b5a69788796a5b4c3d2e1f0
Plaintext: 11111111aaaaaaaa11111111bbbbbbbb 11111111cccccccc11111111dddddddd \
22222222aaaaaaaa22222222bbbbbbbb 22222222cccccccc22222222dddddddd \
33333333aaaaaaaa33333333bbbbbbbb 33333333cccccccc33333333dddddddd \
44444444aaaaaaaa44444444bbbbbbbb 44444444cccccccc44444444dddddddd \
55555555aaaaaaaa55555555bbbbbbbb 55555555cccccccc55555555dddddddd
Ciphertext: 523a8a806ae621f155fdd28dbc34e1ab 7b9b42432ad8b2efb96e23b13f0a6e52 \
f36185d50ad002c5f601bee5493f118b 243ee2e313642bffc3902e7b2efd9a12 \
fa682edd2d23c8b9c5f043c18b17c1ec 4b5867918270fbec1027c19ed6af833d \
a5d620994668ca22f599791d292dd627 3b2959082aafb7a996167cce1eec5f0c \
fd15f610d87e2dda9ba68ce1260ca54b 222491418374294e7909b1e8551cd8de
Test: Encrypt
AlgorithmType: SymmetricCipher
Name: ARIA/CTR
Source: ARIA Test Vectors PDF (05.05.2004)
Comment: Section 1, ARIA/CTR 128-bit (p.3)
Key: 00112233445566778899aabbccddeeff
IV: 00000000000000000000000000000000
Plaintext: 11111111aaaaaaaa11111111bbbbbbbb 11111111cccccccc11111111dddddddd \
22222222aaaaaaaa22222222bbbbbbbb 22222222cccccccc22222222dddddddd \
33333333aaaaaaaa33333333bbbbbbbb 33333333cccccccc33333333dddddddd \
44444444aaaaaaaa44444444bbbbbbbb 44444444cccccccc44444444dddddddd \
55555555aaaaaaaa55555555bbbbbbbb 55555555cccccccc55555555dddddddd
Ciphertext: ac5d7de805a0bf1c57c854501af60fa1 1497e2a34519dea1569e91e5b5ccae2f \
f3bfa1bf975f4571f48be191613546c3 911163c085f871f0e7ae5f2a085b8185 \
1c2a3ddf20ecb8fa51901aec8ee4ba32 a35dab67bb72cd9140ad188a967ac0fb \
bdfa94ea6cce47dcf8525ab5a814cfeb 2bb60ee2b126e2d9d847c1a9e96f9019 \
e3e6a7fe40d3829afb73db1cc245646a ddb62d9b907baaafbe46a73dbc131d3d
Test: Encrypt
Source: ARIA Test Vectors PDF (05.05.2004)
Comment: Section 2, ARIA/CTR 192-bit (p.6)
Key: 00112233445566778899aabbccddeeff 0011223344556677
IV: 00000000000000000000000000000000
Plaintext: 11111111aaaaaaaa11111111bbbbbbbb 11111111cccccccc11111111dddddddd \
22222222aaaaaaaa22222222bbbbbbbb 22222222cccccccc22222222dddddddd \
33333333aaaaaaaa33333333bbbbbbbb 33333333cccccccc33333333dddddddd \
44444444aaaaaaaa44444444bbbbbbbb 44444444cccccccc44444444dddddddd \
55555555aaaaaaaa55555555bbbbbbbb 55555555cccccccc55555555dddddddd
Ciphertext: 08625ca8fe569c19ba7af3760a6ed1ce f4d199263e999dde14082dbba7560b79 \
a4c6b456b8707dce751f9854f18893df db3f4e5afa539733e6f1e70b98ba3789 \
1f8f81e95df8efc26c7ce043504cb189 58b865e4e316cd2aa1c97f31bf23dc04 \
6ef326b95a692a191ba0f2a41c5fe9ae 070f236ff7078e703b42666caafbdd20 \
bad74ac4c20c0f46c7ca24c151716575 c947da16c90cfe1bf217a41cfebe7531
Test: Encrypt
Source: ARIA Test Vectors PDF (05.05.2004)
Comment: Section 3, ARIA/CTR 256-bit (p.11)
Key: 00112233445566778899aabbccddeeff 00112233445566778899aabbccddeeff
IV: 00000000000000000000000000000000
Plaintext: 11111111aaaaaaaa11111111bbbbbbbb 11111111cccccccc11111111dddddddd \
22222222aaaaaaaa22222222bbbbbbbb 22222222cccccccc22222222dddddddd \
33333333aaaaaaaa33333333bbbbbbbb 33333333cccccccc33333333dddddddd \
44444444aaaaaaaa44444444bbbbbbbb 44444444cccccccc44444444dddddddd \
55555555aaaaaaaa55555555bbbbbbbb 55555555cccccccc55555555dddddddd
Ciphertext: 30026c329666141721178b99c0a1f1b2 f06940253f7b3089e2a30ea86aa3c88f \
5940f05ad7ee41d71347bb7261e348f1 8360473fdf7d4e7723bffb4411cc13f6 \
cdd89f3bc7b9c768145022c7a74f14d7 c305cd012a10f16050c23f1ae5c23f45 \
998d13fbaa041e51619577e077276489 6a5d4516d8ffceb3bf7e05f613edd9a6 \
0cdcedaff9cfcaf4e00d445a54334f73 ab2cad944e51d266548e61c6eb0aa1cd
Test: Encrypt

409
TestVectors/dsa_rfc6979.txt
View File

@ -51,210 +51,6 @@ Message: 74657374
Signature: 42AB2052FD43E123F0607F115052A67DCD9C5C77183916B0230D45B9931491D4C6B0BD2FB4AAF088
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-224
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-224
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
Message: 73616D706C65
Signature: 4BC3B686AEA70145856814A6F1BB53346F02101E410697B92295D994D21EDD2F4ADA85566F6F94C1
Test: Verify
Message: 74657374
Signature: 6868E9964E36C1689F6037F91F28D5F2C30610F249CEC3ACDC83018C5BD2674ECAAD35B8CD22940F
Test: Verify
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-224
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-224
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
PrivateExponent: 411602CB19A6CCC34494D79D98EF1E7ED5AF25F7
Message: 73616D706C65
Signature: 4BC3B686AEA70145856814A6F1BB53346F02101E410697B92295D994D21EDD2F4ADA85566F6F94C1
Test: DeterministicSign
Message: 74657374
Signature: 6868E9964E36C1689F6037F91F28D5F2C30610F249CEC3ACDC83018C5BD2674ECAAD35B8CD22940F
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-256
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-256
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
Message: 73616D706C65
Signature: 81F2F5850BE5BC123C43F71A3033E9384611C5454CDD914B65EB6C66A8AAAD27299BEE6B035F5E89
Test: Verify
Message: 74657374
Signature: 22518C127299B0F6FDC9872B282B9E70D07908126837EC18F150D55DE95B5E29BE7AF5D01E4FE160
Test: Verify
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-256
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-256
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
PrivateExponent: 411602CB19A6CCC34494D79D98EF1E7ED5AF25F7
Message: 73616D706C65
Signature: 81F2F5850BE5BC123C43F71A3033E9384611C5454CDD914B65EB6C66A8AAAD27299BEE6B035F5E89
Test: DeterministicSign
Message: 74657374
Signature: 22518C127299B0F6FDC9872B282B9E70D07908126837EC18F150D55DE95B5E29BE7AF5D01E4FE160
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-384
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-384
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
Message: 73616D706C65
Signature: 07F2108557EE0E3921BC1774F1CA9B410B4CE65A54DF70456C86FAC10FAB47C1949AB83F2C6F7595
Test: Verify
Message: 74657374
Signature: 854CF929B58D73C3CBFDC421E8D5430CD6DB5E6691D0E0F53E22F898D158380676A871A157CDA622
Test: Verify
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-384
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-384
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
PrivateExponent: 411602CB19A6CCC34494D79D98EF1E7ED5AF25F7
Message: 73616D706C65
Signature: 07F2108557EE0E3921BC1774F1CA9B410B4CE65A54DF70456C86FAC10FAB47C1949AB83F2C6F7595
Test: DeterministicSign
Message: 74657374
Signature: 854CF929B58D73C3CBFDC421E8D5430CD6DB5E6691D0E0F53E22F898D158380676A871A157CDA622
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-512
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-512
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
Message: 73616D706C65
Signature: 16C3491F9B8C3FBBDD5E7A7B667057F0D8EE8E1B02C36A127A7B89EDBB72E4FFBC71DABC7D4FC69C
Test: Verify
Message: 74657374
Signature: 8EA47E475BA8AC6F2D821DA3BD212D11A3DEB9A07C670C7AD72B6C050C109E1790008097125433E8
Test: Verify
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-512
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-512
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
PrivateExponent: 411602CB19A6CCC34494D79D98EF1E7ED5AF25F7
Message: 73616D706C65
Signature: 16C3491F9B8C3FBBDD5E7A7B667057F0D8EE8E1B02C36A127A7B89EDBB72E4FFBC71DABC7D4FC69C
Test: DeterministicSign
Message: 74657374
Signature: 8EA47E475BA8AC6F2D821DA3BD212D11A3DEB9A07C670C7AD72B6C050C109E1790008097125433E8
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-1
Source: RFC 6979
@ -336,6 +132,57 @@ Signature: C18270A93CFC6063F57A4DFA86024F700D980E4CF4E2CB65A504397273D98EA0\
414F22E5F31A8B6D33295C7539C1C1BA3A6160D7D68D50AC0D3A5BEAC2884FAA
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-224
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-224
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
Message: 73616D706C65
Signature: 4BC3B686AEA70145856814A6F1BB53346F02101E410697B92295D994D21EDD2F4ADA85566F6F94C1
Test: Verify
Message: 74657374
Signature: 6868E9964E36C1689F6037F91F28D5F2C30610F249CEC3ACDC83018C5BD2674ECAAD35B8CD22940F
Test: Verify
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-224
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-224
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
PrivateExponent: 411602CB19A6CCC34494D79D98EF1E7ED5AF25F7
Message: 73616D706C65
Signature: 4BC3B686AEA70145856814A6F1BB53346F02101E410697B92295D994D21EDD2F4ADA85566F6F94C1
Test: DeterministicSign
Message: 74657374
Signature: 6868E9964E36C1689F6037F91F28D5F2C30610F249CEC3ACDC83018C5BD2674ECAAD35B8CD22940F
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-224
Source: RFC 6979
@ -417,6 +264,58 @@ Signature: 272ABA31572F6CC55E30BF616B7A265312018DD325BE031BE0CC82AA17870EA3\
E9CC286A52CCE201586722D36D1E917EB96A4EBDB47932F9576AC645B3A60806
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-256
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-256
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
Message: 73616D706C65
Signature: 81F2F5850BE5BC123C43F71A3033E9384611C5454CDD914B65EB6C66A8AAAD27299BEE6B035F5E89
Test: Verify
Message: 74657374
Signature: 22518C127299B0F6FDC9872B282B9E70D07908126837EC18F150D55DE95B5E29BE7AF5D01E4FE160
Test: Verify
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-256
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-256
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
PrivateExponent: 411602CB19A6CCC34494D79D98EF1E7ED5AF25F7
Message: 73616D706C65
Signature: 81F2F5850BE5BC123C43F71A3033E9384611C5454CDD914B65EB6C66A8AAAD27299BEE6B035F5E89
Test: DeterministicSign
Message: 74657374
Signature: 22518C127299B0F6FDC9872B282B9E70D07908126837EC18F150D55DE95B5E29BE7AF5D01E4FE160
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-256
Source: RFC 6979
@ -498,6 +397,57 @@ Signature: 8190012A1969F9957D56FCCAAD223186F423398D58EF5B3CEFD5A4146A4476F0\
7452A53F7075D417B4B013B278D1BB8BBD21863F5E7B1CEE679CF2188E1AB19E
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-384
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-384
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
Message: 73616D706C65
Signature: 07F2108557EE0E3921BC1774F1CA9B410B4CE65A54DF70456C86FAC10FAB47C1949AB83F2C6F7595
Test: Verify
Message: 74657374
Signature: 854CF929B58D73C3CBFDC421E8D5430CD6DB5E6691D0E0F53E22F898D158380676A871A157CDA622
Test: Verify
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-384
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-384
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
PrivateExponent: 411602CB19A6CCC34494D79D98EF1E7ED5AF25F7
Message: 73616D706C65
Signature: 07F2108557EE0E3921BC1774F1CA9B410B4CE65A54DF70456C86FAC10FAB47C1949AB83F2C6F7595
Test: DeterministicSign
Message: 74657374
Signature: 854CF929B58D73C3CBFDC421E8D5430CD6DB5E6691D0E0F53E22F898D158380676A871A157CDA622
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-384
Source: RFC 6979
@ -579,6 +529,57 @@ Signature: 239E66DDBE8F8C230A3D071D601B6FFBDFB5901F94D444C6AF56F732BEB954BE\
6BD737513D5E72FE85D1C750E0F73921FE299B945AAD1C802F15C26A43D34961
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-512
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-512
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
Message: 73616D706C65
Signature: 16C3491F9B8C3FBBDD5E7A7B667057F0D8EE8E1B02C36A127A7B89EDBB72E4FFBC71DABC7D4FC69C
Test: Verify
Message: 74657374
Signature: 8EA47E475BA8AC6F2D821DA3BD212D11A3DEB9A07C670C7AD72B6C050C109E1790008097125433E8
Test: Verify
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-512
Source: RFC 6979
Comment: Section A.2.1. DSA, 1024 Bits, SHA-512
KeyFormat: Component
Modulus: 86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447\
E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88\
73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C\
881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779
SubgroupOrder: 996F967F6C8E388D9E28D01E205FBA957A5698B1
SubgroupGenerator: 07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D\
89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD\
87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4\
17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD
PublicElement: 5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653\
92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D\
4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6\
82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B
PrivateExponent: 411602CB19A6CCC34494D79D98EF1E7ED5AF25F7
Message: 73616D706C65
Signature: 16C3491F9B8C3FBBDD5E7A7B667057F0D8EE8E1B02C36A127A7B89EDBB72E4FFBC71DABC7D4FC69C
Test: DeterministicSign
Message: 74657374
Signature: 8EA47E475BA8AC6F2D821DA3BD212D11A3DEB9A07C670C7AD72B6C050C109E1790008097125433E8
Test: DeterministicSign
AlgorithmType: Signature
Name: DSA-RFC6979/SHA-512
Source: RFC 6979

104
TestVectors/kalyna.txt Normal file
View File

@ -0,0 +1,104 @@
AlgorithmType: SymmetricCipher
Name: Kalyna/ECB
Source: Kalyna reference implementation
Comment: Kalyna 128-bit key, 128-bit block
Key: 000102030405060708090A0B0C0D0E0F
BlockSize: 16
Plaintext: 101112131415161718191A1B1C1D1E1F
Ciphertext: 81BF1C7D779BAC20E1C9EA39B4D2AD06
Test: Encrypt
Name: Kalyna/ECB
Source: Kalyna reference implementation
Comment: Kalyna 256-bit key, 128-bit block
Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
BlockSize: 16
Plaintext: 202122232425262728292A2B2C2D2E2F
Ciphertext: 58EC3E091000158A1148F7166F334F14
Test: Encrypt
Name: Kalyna/ECB
Source: Kalyna reference implementation
Comment: Kalyna 256-bit key, 256-bit block
Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
BlockSize: 32
Plaintext: 202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
Ciphertext: F66E3D570EC92135AEDAE323DCBD2A8CA03963EC206A0D5A88385C24617FD92C
Test: Encrypt
Name: Kalyna/ECB
Source: Kalyna reference implementation
Comment: Kalyna 512-bit key, 256-bit block
Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
BlockSize: 32
Plaintext: 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Ciphertext: 606990E9E6B7B67A4BD6D893D72268B78E02C83C3CD7E102FD2E74A8FDFE5DD9
Test: Encrypt
Name: Kalyna/ECB
Source: Kalyna reference implementation
Comment: Kalyna 512-bit key, 512-bit block
Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
BlockSize: 64
Plaintext: 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F
Ciphertext: 4A26E31B811C356AA61DD6CA0596231A67BA8354AA47F3A13E1DEEC320EB56B895D0F417175BAB662FD6F134BB15C86CCB906A26856EFEB7C5BC6472940DD9D9
Test: Encrypt
Name: Kalyna/CBC
Source: DSTU 7624:2014, Section B.6.1 (p.148)
Comment: Kalyna 128-bit key, 128-bit block
Key: 000102030405060708090A0B0C0D0E0F
IV: 101112131415161718191A1B1C1D1E1F
BlockSize: 16
Plaintext: 202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F
Ciphertext: A73625D7BE994E85469A9FAABCEDAAB6DBC5F65DD77BB35E06BD7D1D8EAFC8624D6CB31CE189C82B8979F2936DE9BF14
Test: Encrypt
Name: Kalyna/CBC
Source: DSTU 7624:2014, Section B.6.3 (p.149)
Comment: Kalyna 256-bit key, 128-bit block, OneAndZeros padding
Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
IV: 202122232425262728292A2B2C2D2E2F
BlockSize: 16
BlockPaddingScheme: 3 # OneAndZeroPadding
Plaintext: 303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D
Ciphertext: 13EA15843AD14C50BC03ECEF1F43E398E4217752D3EB046AC393DACC5CA1D6FA0EB9FCEB229362B4F1565527EE3D8433
Test: Encrypt
Name: Kalyna/CBC
Source: DSTU 7624:2014, Section B.6.5 (p.150)
Comment: Kalyna 256-bit key, 256-bit block
Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
IV: 202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
BlockSize: 32
Plaintext: 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F \
606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F \
808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9F
Ciphertext: 9CDFDAA75929E7C2A5CFC1BF16B42C5AE3886D0258E8C577DC01DAF62D185FB9 \
99B9867736B87110F5F1BC7481912C593F48FF79E2AFDFAB9F704A277EC3E557 \
B1B0A9F223DAE6ED5AF591C4F2D6FB22E48334F5E9B96B1A2EA5200F30A406CE
Test: Encrypt
Name: Kalyna/CBC
Source: DSTU 7624:2014, Section B.6.7 (p.151)
Comment: Kalyna 512-bit key, 256-bit block
Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F \
202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
IV: 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
BlockSize: 32
Plaintext: 606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F \
808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9F \
A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBF
Ciphertext: B8A2474578C2FEBF3F94703587BD5FDC3F4A4D2F43575B6144A1E1031FB3D145 \
2B7FD52F5E3411461DAC506869FF8D2FAEF4FEE60379AE00B33AA3EAF911645A \
F8091CD8A45D141D1FB150E5A01C1F26FF3DBD26AC4225EC7577B2CE57A5B0FF
Test: Encrypt
Name: Kalyna/CBC
Source: DSTU 7624:2014, Section B.6.9 (p.152)
Comment: Kalyna 512-bit key, 512-bit block
Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F \
202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
IV: 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F \
606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F
BlockSize: 64
Plaintext: 808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9F \
A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBF \
C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDF \
E0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF
Ciphertext: D4739B829EF901B24C1162AE4FDEF897EDA41FAC7F5770CDC90E1D1CDF124E8D \
7831E06B4498A4B6F6EC815DF2461DC99BB0449B0F09FCAA2C84090534BCC932 \
9626FD74EF8F0A0BCB5765184629C3CBF53B0FB134F6D0421174B1C4E884D1CD \
1069A7AD19752DCEBF655842E79B7858BDE01390A760D85E88925BFE38B0FA57
Test: Encrypt

6
TestVectors/sha2.txt Normal file
View File

@ -0,0 +1,6 @@
AlgorithmType: FileList
Name: SHA2 FIPS 180 collection
Test: TestVectors/sha2_224_fips_180.txt
Test: TestVectors/sha2_256_fips_180.txt
Test: TestVectors/sha2_384_fips_180.txt
Test: TestVectors/sha2_512_fips_180.txt

6
TestVectors/sha3.txt Normal file
View File

@ -0,0 +1,6 @@
AlgorithmType: FileList
Name: SHA3 FIPS 202 collection
Test: TestVectors/sha3_224_fips_202.txt
Test: TestVectors/sha3_256_fips_202.txt
Test: TestVectors/sha3_384_fips_202.txt
Test: TestVectors/sha3_512_fips_202.txt

118
TestVectors/threefish.txt Normal file
View File

@ -0,0 +1,118 @@
AlgorithmType: SymmetricCipher
Name: Threefish/ECB
Comment: Test Vector 1
Source: Botan test vectors (threefish.vec)
Key: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 \
0000000000000000 0000000000000000 0000000000000000 0000000000000000
Plaintext: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 \
0000000000000000 0000000000000000 0000000000000000 0000000000000000
Ciphertext: B1A2BBC6EF6025BC 40EB3822161F36E3 75D1BB0AEE3186FB D19E47C5D479947B \
7BC2F8586E35F0CF F7E7F03084B0B7B1 F1AB3961A580A3E9 7EB41EA14A6D7BBE
Test: Encrypt
Name: Threefish/ECB
Comment: Test Vector 2
Source: Botan test vectors (threefish.vec)
Key: B1A2BBC6EF6025BC 40EB3822161F36E3 75D1BB0AEE3186FB D19E47C5D479947B \
7BC2F8586E35F0CF F7E7F03084B0B7B1 F1AB3961A580A3E9 7EB41EA14A6D7BBE
Plaintext: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 \
0000000000000000 0000000000000000 0000000000000000 0000000000000000
Ciphertext: F13CA06760DD9BBE AB87B6C56F3BBBDB E9D08A77978B942A C02D471DC10268F2 \
261C3D4330D6CA34 1F4BD4115DEE16A2 1DCDA2A34A0A76FB A976174E4CF1E306
Test: Encrypt
Name: Threefish/ECB
Comment: Test Vector 3
Source: Botan test vectors (threefish.vec)
Key: F13CA06760DD9BBE AB87B6C56F3BBBDB E9D08A77978B942A C02D471DC10268F2 \
261C3D4330D6CA34 1F4BD4115DEE16A2 1DCDA2A34A0A76FB A976174E4CF1E306
Plaintext: B1A2BBC6EF6025BC 40EB3822161F36E3 75D1BB0AEE3186FB D19E47C5D479947B \
7BC2F8586E35F0CF F7E7F03084B0B7B1 F1AB3961A580A3E9 7EB41EA14A6D7BBE
Ciphertext: 1BEC82CBA1357566 B34E1CF1FBF123A1 41C8F4089F6E4CE3 209AEA10095AEC93 \
C900D068BDC7F7A2 DD58513C11DEC956 B93169B1C4F24CED E31A265DE83E36B4
Test: Encrypt
Name: Threefish/ECB
Comment: Test Vector 4
Source: Botan test vectors (threefish.vec)
Key: F13CA06760DD9BBE AB87B6C56F3BBBDB E9D08A77978B942A C02D471DC10268F2 \
261C3D4330D6CA34 1F4BD4115DEE16A2 1DCDA2A34A0A76FB A976174E4CF1E306
Plaintext: B1A2BBC6EF6025BC 40EB3822161F36E3 75D1BB0AEE3186FB D19E47C5D479947B \
7BC2F8586E35F0CF F7E7F03084B0B7B1 F1AB3961A580A3E9 7EB41EA14A6D7BBE \
B1A2BBC6EF6025BC 40EB3822161F36E3 75D1BB0AEE3186FB D19E47C5D479947B \
7BC2F8586E35F0CF F7E7F03084B0B7B1 F1AB3961A580A3E9 7EB41EA14A6D7BBF
Ciphertext: 1BEC82CBA1357566 B34E1CF1FBF123A1 41C8F4089F6E4CE3 209AEA10095AEC93 \
C900D068BDC7F7A2 DD58513C11DEC956 B93169B1C4F24CED E31A265DE83E36B4 \
073CB5F8FABFA17D B751477F294EB3DD 4ACD92B78397331F CC36A9C3D3055B81 \
D867CBDD56279037 373359CA1832669A F4B87A1F2FDAF8D3 6E2FB7A6D19F5D45
Test: Encrypt
##################################################################################
Name: Threefish/ECB
Comment: Test Vector 5, Threefish-256, null tweak
Source: skein_golden_kat_internals.txt
Tweak: word64 0000000000000000 0000000000000000
Key: word64 0000000000000000 0000000000000000 0000000000000000 0000000000000000
Plaintext: word64 0000000000000000 0000000000000000 0000000000000000 0000000000000000
Ciphertext: word64 94EEEA8B1F2ADA84 ADF103313EAE6670 952419A1F4B16D53 D83F13E63C9F6B11
Test: Encrypt
Name: Threefish/ECB
Comment: Test Vector 6, Threefish-256, tweak
Source: skein_golden_kat_internals.txt
Tweak: word64 0706050403020100 0F0E0D0C0B0A0908
Key: word64 1716151413121110 1F1E1D1C1B1A1918 2726252423222120 2F2E2D2C2B2A2928
Plaintext: word64 F8F9FAFBFCFDFEFF F0F1F2F3F4F5F6F7 E8E9EAEBECEDEEEF E0E1E2E3E4E5E6E7
Ciphertext: word64 DF8FEA0EFF91D0E0 D50AD82EE69281C9 76F48D58085D869D DF975E95B5567065
Test: Encrypt
Name: Threefish/ECB
Comment: Test Vector 7, Threefish-512, null tweak
Source: skein_golden_kat_internals.txt
Tweak: word64 0000000000000000 0000000000000000
Key: word64 0000000000000000 0000000000000000 0000000000000000 0000000000000000 \
0000000000000000 0000000000000000 0000000000000000 0000000000000000
Plaintext: word64 0000000000000000 0000000000000000 0000000000000000 0000000000000000 \
0000000000000000 0000000000000000 0000000000000000 0000000000000000
Ciphertext: word64 BC2560EFC6BBA2B1 E3361F162238EB40 FB8631EE0ABBD175 7B9479D4C5479ED1 \
CFF0356E58F8C27B B1B7B08430F0E7F7 E9A380A56139ABF1 BE7B6D4AA11EB47E
Test: Encrypt
Name: Threefish/ECB
Comment: Test Vector 8, Threefish-512, tweak
Source: skein_golden_kat_internals.txt
Tweak: word64 0706050403020100 0F0E0D0C0B0A0908
Key: word64 1716151413121110 1F1E1D1C1B1A1918 2726252423222120 2F2E2D2C2B2A2928 \
3736353433323130 3F3E3D3C3B3A3938 4746454443424140 4F4E4D4C4B4A4948
Plaintext: word64 F8F9FAFBFCFDFEFF F0F1F2F3F4F5F6F7 E8E9EAEBECEDEEEF E0E1E2E3E4E5E6E7 \
D8D9DADBDCDDDEDF D0D1D2D3D4D5D6D7 C8C9CACBCCCDCECF C0C1C2C3C4C5C6C7
Ciphertext: word64 2C5AD426964304E3 9A2436D6D8CA01B4 DD456DB00E333863 794725970EB9368B \
043546998D0A2A27 25A7C918EA204478 346201A1FEDF11AF 3DAF1C5C3D672789
Test: Encrypt
Name: Threefish/ECB
Comment: Test Vector 9, Threefish-1024, null tweak
Source: skein_golden_kat_internals.txt
Tweak: word64 0000000000000000 0000000000000000
Key: word64 0000000000000000 0000000000000000 0000000000000000 0000000000000000 \
0000000000000000 0000000000000000 0000000000000000 0000000000000000 \
0000000000000000 0000000000000000 0000000000000000 0000000000000000 \
0000000000000000 0000000000000000 0000000000000000 0000000000000000
Plaintext: word64 0000000000000000 0000000000000000 0000000000000000 0000000000000000 \
0000000000000000 0000000000000000 0000000000000000 0000000000000000 \
0000000000000000 0000000000000000 0000000000000000 0000000000000000 \
0000000000000000 0000000000000000 0000000000000000 0000000000000000
Ciphertext: word64 04B3053D0A3D5CF0 0136E0D1C7DD85F7 067B212F6EA78A5C 0DA9C10B4C54E1C6 \
0F4EC27394CBACF0 32437F0568EA4FD5 CFF56D1D7654B49C A2D5FB14369B2E7B \
540306B460472E0B 71C18254BCEA820D C36B4068BEAF32C8 FA4329597A360095 \
C4A36C28434A5B9A D54331444B1046CF DF11834830B2A460 1E39E8DFE1F7EE4F
Test: Encrypt
Name: Threefish/ECB
Comment: Test Vector 10, Threefish-1024, tweak
Source: skein_golden_kat_internals.txt
Tweak: word64 0706050403020100 0F0E0D0C0B0A0908
Key: word64 1716151413121110 1F1E1D1C1B1A1918 2726252423222120 2F2E2D2C2B2A2928 \
3736353433323130 3F3E3D3C3B3A3938 4746454443424140 4F4E4D4C4B4A4948 \
5756555453525150 5F5E5D5C5B5A5958 6766656463626160 6F6E6D6C6B6A6968 \
7776757473727170 7F7E7D7C7B7A7978 8786858483828180 8F8E8D8C8B8A8988
Plaintext: word64 F8F9FAFBFCFDFEFF F0F1F2F3F4F5F6F7 E8E9EAEBECEDEEEF E0E1E2E3E4E5E6E7 \
D8D9DADBDCDDDEDF D0D1D2D3D4D5D6D7 C8C9CACBCCCDCECF C0C1C2C3C4C5C6C7 \
B8B9BABBBCBDBEBF B0B1B2B3B4B5B6B7 A8A9AAABACADAEAF A0A1A2A3A4A5A6A7 \
98999A9B9C9D9E9F 9091929394959697 88898A8B8C8D8E8F 8081828384858687
Ciphertext: word64 B0C33CD7DB4D65A6 BC49A85A1077D75D 6855FCAFEA7293E4 1C5385AB1B7754D2 \
30E4AAFFE780F794 E1BBEE708CAFD8D5 9CA837B7423B0F76 BD1403670D4963B3 \
451F2E3CE61EA48A B360832F9277D4FB 0AAFC7A65E12D688 C8906E79016D05D7 \
B316570A15F41333 74E98A2869F5D50E 57CE6F9247432BCE DE7CDD77215144DE
Test: Encrypt

2
algparam.cpp
View File

@ -9,8 +9,6 @@
NAMESPACE_BEGIN(CryptoPP)
PAssignIntToInteger g_pAssignIntToInteger = NULLPTR;
bool CombinedNameValuePairs::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
{
if (strcmp(name, "ValueNames") == 0)

14
algparam.h
View File

@ -298,9 +298,11 @@ AssignFromHelperClass<T, T> AssignFromHelper(T *pObject, const NameValuePairs &s
// ********************************************************
// to allow the linker to discard Integer code if not needed.
typedef bool (CRYPTOPP_API * PAssignIntToInteger)(const std::type_info &valueType, void *pInteger, const void *pInt);
CRYPTOPP_DLL extern PAssignIntToInteger g_pAssignIntToInteger;
#ifndef CRYPTOPP_NO_ASSIGN_TO_INTEGER
// Allow the linker to discard Integer code if not needed.
// Also see http://github.com/weidai11/cryptopp/issues/389.
bool AssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt);
#endif
CRYPTOPP_DLL const std::type_info & CRYPTOPP_API IntegerTypeId();
@ -386,8 +388,10 @@ public:
void AssignValue(const char *name, const std::type_info &valueType, void *pValue) const
{
// special case for retrieving an Integer parameter when an int was passed in
if (!(g_pAssignIntToInteger != NULLPTR && typeid(T) == typeid(int) && g_pAssignIntToInteger(valueType, pValue, &m_value)))
#ifndef CRYPTOPP_NO_ASSIGN_TO_INTEGER
// Special case for retrieving an Integer parameter when an int was passed in
if (!(typeid(T) == typeid(int) && AssignIntToInteger(valueType, pValue, &m_value)))
#endif
{
NameValuePairs::ThrowIfTypeMismatch(name, typeid(T), valueType);
*reinterpret_cast<T *>(pValue) = m_value;

3
argnames.h
View File

@ -88,6 +88,9 @@ CRYPTOPP_DEFINE_NAME_STRING(Salt) //!< ConstByteArrayParameter
CRYPTOPP_DEFINE_NAME_STRING(Tweak) //!< ConstByteArrayParameter
CRYPTOPP_DEFINE_NAME_STRING(SaltSize) //!< int, in bytes
CRYPTOPP_DEFINE_NAME_STRING(TreeMode) //< byte
CRYPTOPP_DEFINE_NAME_STRING(FileName) //!< const char *
CRYPTOPP_DEFINE_NAME_STRING(FileTime) //!< int
CRYPTOPP_DEFINE_NAME_STRING(Comment) //!< const char *
DOCUMENTED_NAMESPACE_END
NAMESPACE_END

640
aria.cpp Normal file
View File

@ -0,0 +1,640 @@
// aria.cpp - written and placed in the public domain by Jeffrey Walton
#include "pch.h"
#include "config.h"
#include "aria.h"
#include "misc.h"
#include "cpu.h"
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
# define CRYPTOPP_ENABLE_ARIA_SSE2_INTRINSICS 1
#endif
#if CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE
# define CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS 1
#endif
#if CRYPTOPP_BOOL_NEON_INTRINSICS_AVAILABLE
# define CRYPTOPP_ENABLE_ARIA_NEON_INTRINSICS 1
#endif
ANONYMOUS_NAMESPACE_BEGIN
CRYPTOPP_ALIGN_DATA(16)
const CryptoPP::word32 S1[256]={
0x00636363,0x007c7c7c,0x00777777,0x007b7b7b,0x00f2f2f2,0x006b6b6b,0x006f6f6f,0x00c5c5c5,
0x00303030,0x00010101,0x00676767,0x002b2b2b,0x00fefefe,0x00d7d7d7,0x00ababab,0x00767676,
0x00cacaca,0x00828282,0x00c9c9c9,0x007d7d7d,0x00fafafa,0x00595959,0x00474747,0x00f0f0f0,
0x00adadad,0x00d4d4d4,0x00a2a2a2,0x00afafaf,0x009c9c9c,0x00a4a4a4,0x00727272,0x00c0c0c0,
0x00b7b7b7,0x00fdfdfd,0x00939393,0x00262626,0x00363636,0x003f3f3f,0x00f7f7f7,0x00cccccc,
0x00343434,0x00a5a5a5,0x00e5e5e5,0x00f1f1f1,0x00717171,0x00d8d8d8,0x00313131,0x00151515,
0x00040404,0x00c7c7c7,0x00232323,0x00c3c3c3,0x00181818,0x00969696,0x00050505,0x009a9a9a,
0x00070707,0x00121212,0x00808080,0x00e2e2e2,0x00ebebeb,0x00272727,0x00b2b2b2,0x00757575,
0x00090909,0x00838383,0x002c2c2c,0x001a1a1a,0x001b1b1b,0x006e6e6e,0x005a5a5a,0x00a0a0a0,
0x00525252,0x003b3b3b,0x00d6d6d6,0x00b3b3b3,0x00292929,0x00e3e3e3,0x002f2f2f,0x00848484,
0x00535353,0x00d1d1d1,0x00000000,0x00ededed,0x00202020,0x00fcfcfc,0x00b1b1b1,0x005b5b5b,
0x006a6a6a,0x00cbcbcb,0x00bebebe,0x00393939,0x004a4a4a,0x004c4c4c,0x00585858,0x00cfcfcf,
0x00d0d0d0,0x00efefef,0x00aaaaaa,0x00fbfbfb,0x00434343,0x004d4d4d,0x00333333,0x00858585,
0x00454545,0x00f9f9f9,0x00020202,0x007f7f7f,0x00505050,0x003c3c3c,0x009f9f9f,0x00a8a8a8,
0x00515151,0x00a3a3a3,0x00404040,0x008f8f8f,0x00929292,0x009d9d9d,0x00383838,0x00f5f5f5,
0x00bcbcbc,0x00b6b6b6,0x00dadada,0x00212121,0x00101010,0x00ffffff,0x00f3f3f3,0x00d2d2d2,
0x00cdcdcd,0x000c0c0c,0x00131313,0x00ececec,0x005f5f5f,0x00979797,0x00444444,0x00171717,
0x00c4c4c4,0x00a7a7a7,0x007e7e7e,0x003d3d3d,0x00646464,0x005d5d5d,0x00191919,0x00737373,
0x00606060,0x00818181,0x004f4f4f,0x00dcdcdc,0x00222222,0x002a2a2a,0x00909090,0x00888888,
0x00464646,0x00eeeeee,0x00b8b8b8,0x00141414,0x00dedede,0x005e5e5e,0x000b0b0b,0x00dbdbdb,
0x00e0e0e0,0x00323232,0x003a3a3a,0x000a0a0a,0x00494949,0x00060606,0x00242424,0x005c5c5c,
0x00c2c2c2,0x00d3d3d3,0x00acacac,0x00626262,0x00919191,0x00959595,0x00e4e4e4,0x00797979,
0x00e7e7e7,0x00c8c8c8,0x00373737,0x006d6d6d,0x008d8d8d,0x00d5d5d5,0x004e4e4e,0x00a9a9a9,
0x006c6c6c,0x00565656,0x00f4f4f4,0x00eaeaea,0x00656565,0x007a7a7a,0x00aeaeae,0x00080808,
0x00bababa,0x00787878,0x00252525,0x002e2e2e,0x001c1c1c,0x00a6a6a6,0x00b4b4b4,0x00c6c6c6,
0x00e8e8e8,0x00dddddd,0x00747474,0x001f1f1f,0x004b4b4b,0x00bdbdbd,0x008b8b8b,0x008a8a8a,
0x00707070,0x003e3e3e,0x00b5b5b5,0x00666666,0x00484848,0x00030303,0x00f6f6f6,0x000e0e0e,
0x00616161,0x00353535,0x00575757,0x00b9b9b9,0x00868686,0x00c1c1c1,0x001d1d1d,0x009e9e9e,
0x00e1e1e1,0x00f8f8f8,0x00989898,0x00111111,0x00696969,0x00d9d9d9,0x008e8e8e,0x00949494,
0x009b9b9b,0x001e1e1e,0x00878787,0x00e9e9e9,0x00cecece,0x00555555,0x00282828,0x00dfdfdf,
0x008c8c8c,0x00a1a1a1,0x00898989,0x000d0d0d,0x00bfbfbf,0x00e6e6e6,0x00424242,0x00686868,
0x00414141,0x00999999,0x002d2d2d,0x000f0f0f,0x00b0b0b0,0x00545454,0x00bbbbbb,0x00161616
};
CRYPTOPP_ALIGN_DATA(16)
const CryptoPP::word32 S2[256]={
0xe200e2e2,0x4e004e4e,0x54005454,0xfc00fcfc,0x94009494,0xc200c2c2,0x4a004a4a,0xcc00cccc,
0x62006262,0x0d000d0d,0x6a006a6a,0x46004646,0x3c003c3c,0x4d004d4d,0x8b008b8b,0xd100d1d1,
0x5e005e5e,0xfa00fafa,0x64006464,0xcb00cbcb,0xb400b4b4,0x97009797,0xbe00bebe,0x2b002b2b,
0xbc00bcbc,0x77007777,0x2e002e2e,0x03000303,0xd300d3d3,0x19001919,0x59005959,0xc100c1c1,
0x1d001d1d,0x06000606,0x41004141,0x6b006b6b,0x55005555,0xf000f0f0,0x99009999,0x69006969,
0xea00eaea,0x9c009c9c,0x18001818,0xae00aeae,0x63006363,0xdf00dfdf,0xe700e7e7,0xbb00bbbb,
0x00000000,0x73007373,0x66006666,0xfb00fbfb,0x96009696,0x4c004c4c,0x85008585,0xe400e4e4,
0x3a003a3a,0x09000909,0x45004545,0xaa00aaaa,0x0f000f0f,0xee00eeee,0x10001010,0xeb00ebeb,
0x2d002d2d,0x7f007f7f,0xf400f4f4,0x29002929,0xac00acac,0xcf00cfcf,0xad00adad,0x91009191,
0x8d008d8d,0x78007878,0xc800c8c8,0x95009595,0xf900f9f9,0x2f002f2f,0xce00cece,0xcd00cdcd,
0x08000808,0x7a007a7a,0x88008888,0x38003838,0x5c005c5c,0x83008383,0x2a002a2a,0x28002828,
0x47004747,0xdb00dbdb,0xb800b8b8,0xc700c7c7,0x93009393,0xa400a4a4,0x12001212,0x53005353,
0xff00ffff,0x87008787,0x0e000e0e,0x31003131,0x36003636,0x21002121,0x58005858,0x48004848,
0x01000101,0x8e008e8e,0x37003737,0x74007474,0x32003232,0xca00caca,0xe900e9e9,0xb100b1b1,
0xb700b7b7,0xab00abab,0x0c000c0c,0xd700d7d7,0xc400c4c4,0x56005656,0x42004242,0x26002626,
0x07000707,0x98009898,0x60006060,0xd900d9d9,0xb600b6b6,0xb900b9b9,0x11001111,0x40004040,
0xec00ecec,0x20002020,0x8c008c8c,0xbd00bdbd,0xa000a0a0,0xc900c9c9,0x84008484,0x04000404,
0x49004949,0x23002323,0xf100f1f1,0x4f004f4f,0x50005050,0x1f001f1f,0x13001313,0xdc00dcdc,
0xd800d8d8,0xc000c0c0,0x9e009e9e,0x57005757,0xe300e3e3,0xc300c3c3,0x7b007b7b,0x65006565,
0x3b003b3b,0x02000202,0x8f008f8f,0x3e003e3e,0xe800e8e8,0x25002525,0x92009292,0xe500e5e5,
0x15001515,0xdd00dddd,0xfd00fdfd,0x17001717,0xa900a9a9,0xbf00bfbf,0xd400d4d4,0x9a009a9a,
0x7e007e7e,0xc500c5c5,0x39003939,0x67006767,0xfe00fefe,0x76007676,0x9d009d9d,0x43004343,
0xa700a7a7,0xe100e1e1,0xd000d0d0,0xf500f5f5,0x68006868,0xf200f2f2,0x1b001b1b,0x34003434,
0x70007070,0x05000505,0xa300a3a3,0x8a008a8a,0xd500d5d5,0x79007979,0x86008686,0xa800a8a8,
0x30003030,0xc600c6c6,0x51005151,0x4b004b4b,0x1e001e1e,0xa600a6a6,0x27002727,0xf600f6f6,
0x35003535,0xd200d2d2,0x6e006e6e,0x24002424,0x16001616,0x82008282,0x5f005f5f,0xda00dada,
0xe600e6e6,0x75007575,0xa200a2a2,0xef00efef,0x2c002c2c,0xb200b2b2,0x1c001c1c,0x9f009f9f,
0x5d005d5d,0x6f006f6f,0x80008080,0x0a000a0a,0x72007272,0x44004444,0x9b009b9b,0x6c006c6c,
0x90009090,0x0b000b0b,0x5b005b5b,0x33003333,0x7d007d7d,0x5a005a5a,0x52005252,0xf300f3f3,
0x61006161,0xa100a1a1,0xf700f7f7,0xb000b0b0,0xd600d6d6,0x3f003f3f,0x7c007c7c,0x6d006d6d,
0xed00eded,0x14001414,0xe000e0e0,0xa500a5a5,0x3d003d3d,0x22002222,0xb300b3b3,0xf800f8f8,
0x89008989,0xde00dede,0x71007171,0x1a001a1a,0xaf00afaf,0xba00baba,0xb500b5b5,0x81008181
};
CRYPTOPP_ALIGN_DATA(16)
const CryptoPP::word32 X1[256]={
0x52520052,0x09090009,0x6a6a006a,0xd5d500d5,0x30300030,0x36360036,0xa5a500a5,0x38380038,
0xbfbf00bf,0x40400040,0xa3a300a3,0x9e9e009e,0x81810081,0xf3f300f3,0xd7d700d7,0xfbfb00fb,
0x7c7c007c,0xe3e300e3,0x39390039,0x82820082,0x9b9b009b,0x2f2f002f,0xffff00ff,0x87870087,
0x34340034,0x8e8e008e,0x43430043,0x44440044,0xc4c400c4,0xdede00de,0xe9e900e9,0xcbcb00cb,
0x54540054,0x7b7b007b,0x94940094,0x32320032,0xa6a600a6,0xc2c200c2,0x23230023,0x3d3d003d,
0xeeee00ee,0x4c4c004c,0x95950095,0x0b0b000b,0x42420042,0xfafa00fa,0xc3c300c3,0x4e4e004e,
0x08080008,0x2e2e002e,0xa1a100a1,0x66660066,0x28280028,0xd9d900d9,0x24240024,0xb2b200b2,
0x76760076,0x5b5b005b,0xa2a200a2,0x49490049,0x6d6d006d,0x8b8b008b,0xd1d100d1,0x25250025,
0x72720072,0xf8f800f8,0xf6f600f6,0x64640064,0x86860086,0x68680068,0x98980098,0x16160016,
0xd4d400d4,0xa4a400a4,0x5c5c005c,0xcccc00cc,0x5d5d005d,0x65650065,0xb6b600b6,0x92920092,
0x6c6c006c,0x70700070,0x48480048,0x50500050,0xfdfd00fd,0xeded00ed,0xb9b900b9,0xdada00da,
0x5e5e005e,0x15150015,0x46460046,0x57570057,0xa7a700a7,0x8d8d008d,0x9d9d009d,0x84840084,
0x90900090,0xd8d800d8,0xabab00ab,0x00000000,0x8c8c008c,0xbcbc00bc,0xd3d300d3,0x0a0a000a,
0xf7f700f7,0xe4e400e4,0x58580058,0x05050005,0xb8b800b8,0xb3b300b3,0x45450045,0x06060006,
0xd0d000d0,0x2c2c002c,0x1e1e001e,0x8f8f008f,0xcaca00ca,0x3f3f003f,0x0f0f000f,0x02020002,
0xc1c100c1,0xafaf00af,0xbdbd00bd,0x03030003,0x01010001,0x13130013,0x8a8a008a,0x6b6b006b,
0x3a3a003a,0x91910091,0x11110011,0x41410041,0x4f4f004f,0x67670067,0xdcdc00dc,0xeaea00ea,
0x97970097,0xf2f200f2,0xcfcf00cf,0xcece00ce,0xf0f000f0,0xb4b400b4,0xe6e600e6,0x73730073,
0x96960096,0xacac00ac,0x74740074,0x22220022,0xe7e700e7,0xadad00ad,0x35350035,0x85850085,
0xe2e200e2,0xf9f900f9,0x37370037,0xe8e800e8,0x1c1c001c,0x75750075,0xdfdf00df,0x6e6e006e,
0x47470047,0xf1f100f1,0x1a1a001a,0x71710071,0x1d1d001d,0x29290029,0xc5c500c5,0x89890089,
0x6f6f006f,0xb7b700b7,0x62620062,0x0e0e000e,0xaaaa00aa,0x18180018,0xbebe00be,0x1b1b001b,
0xfcfc00fc,0x56560056,0x3e3e003e,0x4b4b004b,0xc6c600c6,0xd2d200d2,0x79790079,0x20200020,
0x9a9a009a,0xdbdb00db,0xc0c000c0,0xfefe00fe,0x78780078,0xcdcd00cd,0x5a5a005a,0xf4f400f4,
0x1f1f001f,0xdddd00dd,0xa8a800a8,0x33330033,0x88880088,0x07070007,0xc7c700c7,0x31310031,
0xb1b100b1,0x12120012,0x10100010,0x59590059,0x27270027,0x80800080,0xecec00ec,0x5f5f005f,
0x60600060,0x51510051,0x7f7f007f,0xa9a900a9,0x19190019,0xb5b500b5,0x4a4a004a,0x0d0d000d,
0x2d2d002d,0xe5e500e5,0x7a7a007a,0x9f9f009f,0x93930093,0xc9c900c9,0x9c9c009c,0xefef00ef,
0xa0a000a0,0xe0e000e0,0x3b3b003b,0x4d4d004d,0xaeae00ae,0x2a2a002a,0xf5f500f5,0xb0b000b0,
0xc8c800c8,0xebeb00eb,0xbbbb00bb,0x3c3c003c,0x83830083,0x53530053,0x99990099,0x61610061,
0x17170017,0x2b2b002b,0x04040004,0x7e7e007e,0xbaba00ba,0x77770077,0xd6d600d6,0x26260026,
0xe1e100e1,0x69690069,0x14140014,0x63630063,0x55550055,0x21210021,0x0c0c000c,0x7d7d007d
};
CRYPTOPP_ALIGN_DATA(16)
const CryptoPP::word32 X2[256]={
0x30303000,0x68686800,0x99999900,0x1b1b1b00,0x87878700,0xb9b9b900,0x21212100,0x78787800,
0x50505000,0x39393900,0xdbdbdb00,0xe1e1e100,0x72727200,0x09090900,0x62626200,0x3c3c3c00,
0x3e3e3e00,0x7e7e7e00,0x5e5e5e00,0x8e8e8e00,0xf1f1f100,0xa0a0a000,0xcccccc00,0xa3a3a300,
0x2a2a2a00,0x1d1d1d00,0xfbfbfb00,0xb6b6b600,0xd6d6d600,0x20202000,0xc4c4c400,0x8d8d8d00,
0x81818100,0x65656500,0xf5f5f500,0x89898900,0xcbcbcb00,0x9d9d9d00,0x77777700,0xc6c6c600,
0x57575700,0x43434300,0x56565600,0x17171700,0xd4d4d400,0x40404000,0x1a1a1a00,0x4d4d4d00,
0xc0c0c000,0x63636300,0x6c6c6c00,0xe3e3e300,0xb7b7b700,0xc8c8c800,0x64646400,0x6a6a6a00,
0x53535300,0xaaaaaa00,0x38383800,0x98989800,0x0c0c0c00,0xf4f4f400,0x9b9b9b00,0xededed00,
0x7f7f7f00,0x22222200,0x76767600,0xafafaf00,0xdddddd00,0x3a3a3a00,0x0b0b0b00,0x58585800,
0x67676700,0x88888800,0x06060600,0xc3c3c300,0x35353500,0x0d0d0d00,0x01010100,0x8b8b8b00,
0x8c8c8c00,0xc2c2c200,0xe6e6e600,0x5f5f5f00,0x02020200,0x24242400,0x75757500,0x93939300,
0x66666600,0x1e1e1e00,0xe5e5e500,0xe2e2e200,0x54545400,0xd8d8d800,0x10101000,0xcecece00,
0x7a7a7a00,0xe8e8e800,0x08080800,0x2c2c2c00,0x12121200,0x97979700,0x32323200,0xababab00,
0xb4b4b400,0x27272700,0x0a0a0a00,0x23232300,0xdfdfdf00,0xefefef00,0xcacaca00,0xd9d9d900,
0xb8b8b800,0xfafafa00,0xdcdcdc00,0x31313100,0x6b6b6b00,0xd1d1d100,0xadadad00,0x19191900,
0x49494900,0xbdbdbd00,0x51515100,0x96969600,0xeeeeee00,0xe4e4e400,0xa8a8a800,0x41414100,
0xdadada00,0xffffff00,0xcdcdcd00,0x55555500,0x86868600,0x36363600,0xbebebe00,0x61616100,
0x52525200,0xf8f8f800,0xbbbbbb00,0x0e0e0e00,0x82828200,0x48484800,0x69696900,0x9a9a9a00,
0xe0e0e000,0x47474700,0x9e9e9e00,0x5c5c5c00,0x04040400,0x4b4b4b00,0x34343400,0x15151500,
0x79797900,0x26262600,0xa7a7a700,0xdedede00,0x29292900,0xaeaeae00,0x92929200,0xd7d7d700,
0x84848400,0xe9e9e900,0xd2d2d200,0xbababa00,0x5d5d5d00,0xf3f3f300,0xc5c5c500,0xb0b0b000,
0xbfbfbf00,0xa4a4a400,0x3b3b3b00,0x71717100,0x44444400,0x46464600,0x2b2b2b00,0xfcfcfc00,
0xebebeb00,0x6f6f6f00,0xd5d5d500,0xf6f6f600,0x14141400,0xfefefe00,0x7c7c7c00,0x70707000,
0x5a5a5a00,0x7d7d7d00,0xfdfdfd00,0x2f2f2f00,0x18181800,0x83838300,0x16161600,0xa5a5a500,
0x91919100,0x1f1f1f00,0x05050500,0x95959500,0x74747400,0xa9a9a900,0xc1c1c100,0x5b5b5b00,
0x4a4a4a00,0x85858500,0x6d6d6d00,0x13131300,0x07070700,0x4f4f4f00,0x4e4e4e00,0x45454500,
0xb2b2b200,0x0f0f0f00,0xc9c9c900,0x1c1c1c00,0xa6a6a600,0xbcbcbc00,0xececec00,0x73737300,
0x90909000,0x7b7b7b00,0xcfcfcf00,0x59595900,0x8f8f8f00,0xa1a1a100,0xf9f9f900,0x2d2d2d00,
0xf2f2f200,0xb1b1b100,0x00000000,0x94949400,0x37373700,0x9f9f9f00,0xd0d0d000,0x2e2e2e00,
0x9c9c9c00,0x6e6e6e00,0x28282800,0x3f3f3f00,0x80808000,0xf0f0f000,0x3d3d3d00,0xd3d3d300,
0x25252500,0x8a8a8a00,0xb5b5b500,0xe7e7e700,0x42424200,0xb3b3b300,0xc7c7c700,0xeaeaea00,
0xf7f7f700,0x4c4c4c00,0x11111100,0x33333300,0x03030300,0xa2a2a200,0xacacac00,0x60606000
};
CRYPTOPP_ALIGN_DATA(16)
const CryptoPP::word32 KRK[3][4] = {
{0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0},
{0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0},
{0xdb92371d, 0x2126e970, 0x03249775, 0x04e8c90e}
};
ANONYMOUS_NAMESPACE_END
NAMESPACE_BEGIN(CryptoPP)
typedef BlockGetAndPut<word32, BigEndian, false, false> BigEndianBlock;
typedef BlockGetAndPut<word32, NativeByteOrder, true, true> NativeEndianBlock;
inline byte ARIA_BRF(const word32 x, const int y) {
return GETBYTE(x, y);
}
// Key XOR Layer
#define ARIA_KXL { \
NativeEndianBlock::Put(rk, t)(t[0])(t[1])(t[2])(t[3]); \
}
// S-Box Layer 1 + M
#define SBL1_M(T0,T1,T2,T3) { \
T0=S1[ARIA_BRF(T0,3)]^S2[ARIA_BRF(T0,2)]^X1[ARIA_BRF(T0,1)]^X2[ARIA_BRF(T0,0)]; \
T1=S1[ARIA_BRF(T1,3)]^S2[ARIA_BRF(T1,2)]^X1[ARIA_BRF(T1,1)]^X2[ARIA_BRF(T1,0)]; \
T2=S1[ARIA_BRF(T2,3)]^S2[ARIA_BRF(T2,2)]^X1[ARIA_BRF(T2,1)]^X2[ARIA_BRF(T2,0)]; \
T3=S1[ARIA_BRF(T3,3)]^S2[ARIA_BRF(T3,2)]^X1[ARIA_BRF(T3,1)]^X2[ARIA_BRF(T3,0)]; \
}
// S-Box Layer 2 + M
#define SBL2_M(T0,T1,T2,T3) { \
T0=X1[ARIA_BRF(T0,3)]^X2[ARIA_BRF(T0,2)]^S1[ARIA_BRF(T0,1)]^S2[ARIA_BRF(T0,0)]; \
T1=X1[ARIA_BRF(T1,3)]^X2[ARIA_BRF(T1,2)]^S1[ARIA_BRF(T1,1)]^S2[ARIA_BRF(T1,0)]; \
T2=X1[ARIA_BRF(T2,3)]^X2[ARIA_BRF(T2,2)]^S1[ARIA_BRF(T2,1)]^S2[ARIA_BRF(T2,0)]; \
T3=X1[ARIA_BRF(T3,3)]^X2[ARIA_BRF(T3,2)]^S1[ARIA_BRF(T3,1)]^S2[ARIA_BRF(T3,0)]; \
}
#define ARIA_P(T0,T1,T2,T3) { \
(T1) = (((T1)<< 8)&0xff00ff00) ^ (((T1)>> 8)&0x00ff00ff); \
(T2) = rotrFixed((T2),16); \
(T3) = ByteReverse((T3)); \
}
#define ARIA_M(X,Y) { \
Y=(X)<<8 ^ (X)>>8 ^ (X)<<16 ^ (X)>>16 ^ (X)<<24 ^ (X)>>24; \
}
#define ARIA_MM(T0,T1,T2,T3) { \
(T1)^=(T2); (T2)^=(T3); (T0)^=(T1); \
(T3)^=(T1); (T2)^=(T0); (T1)^=(T2); \
}
#define ARIA_FO {SBL1_M(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3]) ARIA_P(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3])}
#define ARIA_FE {SBL2_M(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3]) ARIA_P(t[2],t[3],t[0],t[1]) ARIA_MM(t[0],t[1],t[2],t[3])}
// n-bit right shift of Y XORed to X
template <unsigned int N>
inline void ARIA_GSRK(const word32 X[4], const word32 Y[4], byte RK[16])
{
// MSVC is not generating a "rotate immediate". Constify to help it along.
static const unsigned int Q = 4-(N/32);
static const unsigned int R = N % 32;
reinterpret_cast<word32*>(RK)[0] = (X[0]) ^ ((Y[(Q )%4])>>R) ^ ((Y[(Q+3)%4])<<(32-R));
reinterpret_cast<word32*>(RK)[1] = (X[1]) ^ ((Y[(Q+1)%4])>>R) ^ ((Y[(Q )%4])<<(32-R));
reinterpret_cast<word32*>(RK)[2] = (X[2]) ^ ((Y[(Q+2)%4])>>R) ^ ((Y[(Q+1)%4])<<(32-R));
reinterpret_cast<word32*>(RK)[3] = (X[3]) ^ ((Y[(Q+3)%4])>>R) ^ ((Y[(Q+2)%4])<<(32-R));
}
#if CRYPTOPP_ENABLE_ARIA_NEON_INTRINSICS
template <unsigned int N>
inline void ARIA_GSRK_NEON(const uint32x4_t X, const uint32x4_t Y, byte RK[16])
{
static const unsigned int Q1 = (4-(N/32)) % 4;
static const unsigned int Q2 = (3-(N/32)) % 4;
static const unsigned int R = N % 32;
vst1q_u32(reinterpret_cast<uint32_t*>(RK),
veorq_u32(X, veorq_u32(
vshrq_n_u32(vextq_u32(Y, Y, Q1), R),
vshlq_n_u32(vextq_u32(Y, Y, Q2), 32-R))));
}
#endif
void ARIA::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params)
{
CRYPTOPP_UNUSED(params);
const byte *mk = key;
byte *rk = m_rk.data();
int Q, q, R, r;
switch (keylen)
{
case 16:
R = r = m_rounds = 12;
Q = q = 0;
break;
case 32:
R = r = m_rounds = 16;
Q = q = 2;
break;
case 24:
R = r = m_rounds = 14;
Q = q = 1;
break;
default:
Q = q = R = r = m_rounds = 0;
CRYPTOPP_ASSERT(0);
}
// w0 has room for 32 bytes. w1-w3 each has room for 16 bytes. t and u are 16 byte temp areas.
word32 *w0 = m_w.data(), *w1 = m_w.data()+8, *w2 = m_w.data()+12, *w3 = m_w.data()+16, *t = m_w.data()+20;
#if CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS
const __m128i MASK = _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3);
if (HasSSSE3())
{
// 'mk' may be unaligned.
const __m128i w = _mm_shuffle_epi8(_mm_loadu_si128((const __m128i*)(mk)), MASK);
_mm_store_si128((__m128i*)w0, w);
_mm_store_si128((__m128i*)t, _mm_xor_si128(w, _mm_load_si128((const __m128i*)(KRK[q]))));
ARIA_FO;
if (keylen == 32)
{
// 'mk' may be unaligned.
_mm_store_si128(reinterpret_cast<__m128i*>(w1),
_mm_shuffle_epi8(_mm_loadu_si128((const __m128i*)(mk+16)), MASK));
}
else if (keylen == 24)
{
BigEndianBlock::Get(mk+16)(w1[0])(w1[1]);
w1[2] = w1[3] = 0;
}
else
{
w1[0]=w1[1]=w1[2]=w1[3]=0;
}
}
else
#endif // CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS
{
BigEndianBlock::Get(mk)(w0[0])(w0[1])(w0[2])(w0[3]);
t[0]=w0[0]^KRK[q][0]; t[1]=w0[1]^KRK[q][1];
t[2]=w0[2]^KRK[q][2]; t[3]=w0[3]^KRK[q][3];
ARIA_FO;
if (keylen == 32)
{
BigEndianBlock::Get(mk+16)(w1[0])(w1[1])(w1[2])(w1[3]);
}
else if (keylen == 24)
{
BigEndianBlock::Get(mk+16)(w1[0])(w1[1]);
w1[2] = w1[3] = 0;
}
else
{
w1[0]=w1[1]=w1[2]=w1[3]=0;
}
}
#if CRYPTOPP_ENABLE_ARIA_SSE2_INTRINSICS
if (HasSSE2())
{
const __m128i x = _mm_xor_si128(
_mm_load_si128((const __m128i*)(w1)),
_mm_load_si128((const __m128i*)(t)));
_mm_store_si128((__m128i*)(w1), x);
q = (q==2) ? 0 : (q+1);
_mm_store_si128((__m128i*)(t), _mm_xor_si128(x,
_mm_load_si128((const __m128i*)(KRK[q]))));
ARIA_FE;
const __m128i y = _mm_xor_si128(
_mm_load_si128((const __m128i*)(w0)),
_mm_load_si128((const __m128i*)(t)));
_mm_store_si128((__m128i*)(w2), y);
q = (q==2) ? 0 : (q+1);
_mm_store_si128((__m128i*)(t), _mm_xor_si128(y,
_mm_load_si128((const __m128i*)(KRK[q]))));
ARIA_FO;
_mm_store_si128((__m128i*)(w3), _mm_xor_si128(
_mm_load_si128((const __m128i*)(w1)),
_mm_load_si128((const __m128i*)(t))));
}
else
#endif // CRYPTOPP_ENABLE_ARIA_SSE2_INTRINSICS
{
w1[0]^=t[0]; w1[1]^=t[1]; w1[2]^=t[2]; w1[3]^=t[3];
::memcpy(t, w1, 16);
q = (q==2) ? 0 : (q+1);
t[0]^=KRK[q][0]; t[1]^=KRK[q][1]; t[2]^=KRK[q][2]; t[3]^=KRK[q][3];
ARIA_FE;
t[0]^=w0[0]; t[1]^=w0[1]; t[2]^=w0[2]; t[3]^=w0[3];
::memcpy(w2, t, 16);
q = (q==2) ? 0 : (q+1);
t[0]^=KRK[q][0]; t[1]^=KRK[q][1]; t[2]^=KRK[q][2]; t[3]^=KRK[q][3];
ARIA_FO;
w3[0]=t[0]^w1[0]; w3[1]=t[1]^w1[1]; w3[2]=t[2]^w1[2]; w3[3]=t[3]^w1[3];
}
#if CRYPTOPP_ENABLE_ARIA_NEON_INTRINSICS
if (HasNEON())
{
const uint32x4_t w0 = vld1q_u32((const uint32_t*)(m_w.data()+0));
const uint32x4_t w1 = vld1q_u32((const uint32_t*)(m_w.data()+8));
const uint32x4_t w2 = vld1q_u32((const uint32_t*)(m_w.data()+12));
const uint32x4_t w3 = vld1q_u32((const uint32_t*)(m_w.data()+16));
ARIA_GSRK_NEON<19>(w0, w1, rk + 0);
ARIA_GSRK_NEON<19>(w1, w2, rk + 16);
ARIA_GSRK_NEON<19>(w2, w3, rk + 32);
ARIA_GSRK_NEON<19>(w3, w0, rk + 48);
ARIA_GSRK_NEON<31>(w0, w1, rk + 64);
ARIA_GSRK_NEON<31>(w1, w2, rk + 80);
ARIA_GSRK_NEON<31>(w2, w3, rk + 96);
ARIA_GSRK_NEON<31>(w3, w0, rk + 112);
ARIA_GSRK_NEON<67>(w0, w1, rk + 128);
ARIA_GSRK_NEON<67>(w1, w2, rk + 144);
ARIA_GSRK_NEON<67>(w2, w3, rk + 160);
ARIA_GSRK_NEON<67>(w3, w0, rk + 176);
ARIA_GSRK_NEON<97>(w0, w1, rk + 192);
if (keylen > 16)
{
ARIA_GSRK_NEON<97>(w1, w2, rk + 208);
ARIA_GSRK_NEON<97>(w2, w3, rk + 224);
if (keylen > 24)
{
ARIA_GSRK_NEON< 97>(w3, w0, rk + 240);
ARIA_GSRK_NEON<109>(w0, w1, rk + 256);
}
}
}
else
#endif // CRYPTOPP_ENABLE_ARIA_NEON_INTRINSICS
{
ARIA_GSRK<19>(w0, w1, rk + 0);
ARIA_GSRK<19>(w1, w2, rk + 16);
ARIA_GSRK<19>(w2, w3, rk + 32);
ARIA_GSRK<19>(w3, w0, rk + 48);
ARIA_GSRK<31>(w0, w1, rk + 64);
ARIA_GSRK<31>(w1, w2, rk + 80);
ARIA_GSRK<31>(w2, w3, rk + 96);
ARIA_GSRK<31>(w3, w0, rk + 112);
ARIA_GSRK<67>(w0, w1, rk + 128);
ARIA_GSRK<67>(w1, w2, rk + 144);
ARIA_GSRK<67>(w2, w3, rk + 160);
ARIA_GSRK<67>(w3, w0, rk + 176);
ARIA_GSRK<97>(w0, w1, rk + 192);
if (keylen > 16)
{
ARIA_GSRK<97>(w1, w2, rk + 208);
ARIA_GSRK<97>(w2, w3, rk + 224);
if (keylen > 24)
{
ARIA_GSRK< 97>(w3, w0, rk + 240);
ARIA_GSRK<109>(w0, w1, rk + 256);
}
}
}
// Decryption operation
if (!IsForwardTransformation())
{
word32 *a, *z, *s;
rk = m_rk.data();
r = R; q = Q;
#if CRYPTOPP_ENABLE_ARIA_SSE2_INTRINSICS && !defined(__SUNPRO_CC)
if (HasSSE2())
{
a=reinterpret_cast<word32*>(rk); s=m_w.data()+24; z=a+r*4;
_mm_store_si128((__m128i*)t, _mm_load_si128((const __m128i*)a));
_mm_store_si128((__m128i*)a, _mm_load_si128((const __m128i*)z));
_mm_store_si128((__m128i*)z, _mm_load_si128((const __m128i*)t));
a+=4; z-=4;
for (; a<z; a+=4, z-=4)
{
ARIA_M(a[0],t[0]); ARIA_M(a[1],t[1]); ARIA_M(a[2],t[2]); ARIA_M(a[3],t[3]);
ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
_mm_store_si128((__m128i*)s, _mm_load_si128((const __m128i*)t));
ARIA_M(z[0],t[0]); ARIA_M(z[1],t[1]); ARIA_M(z[2],t[2]); ARIA_M(z[3],t[3]);
ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
_mm_store_si128((__m128i*)a, _mm_load_si128((const __m128i*)t));
_mm_store_si128((__m128i*)z, _mm_load_si128((const __m128i*)s));
}
ARIA_M(a[0],t[0]); ARIA_M(a[1],t[1]); ARIA_M(a[2],t[2]); ARIA_M(a[3],t[3]);
ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
_mm_store_si128((__m128i*)z, _mm_load_si128((const __m128i*)t));
}
else
#endif
{
a=reinterpret_cast<word32*>(rk); s=m_w.data()+24; z=a+r*4;
::memcpy(t, a, 16); ::memcpy(a, z, 16); ::memcpy(z, t, 16);
a+=4; z-=4;
for (; a<z; a+=4, z-=4)
{
ARIA_M(a[0],t[0]); ARIA_M(a[1],t[1]); ARIA_M(a[2],t[2]); ARIA_M(a[3],t[3]);
ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
::memcpy(s, t, 16);
ARIA_M(z[0],t[0]); ARIA_M(z[1],t[1]); ARIA_M(z[2],t[2]); ARIA_M(z[3],t[3]);
ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
::memcpy(a, t, 16); ::memcpy(z, s, 16);
}
ARIA_M(a[0],t[0]); ARIA_M(a[1],t[1]); ARIA_M(a[2],t[2]); ARIA_M(a[3],t[3]);
ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
::memcpy(z, t, 16);
}
}
}
void ARIA::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
const byte *rk = reinterpret_cast<const byte*>(m_rk.data());
word32 *t = const_cast<word32*>(m_w.data()+20);
// Timing attack countermeasure. See comments in Rijndael for more details.
// We used Yun's 32-bit implementation, so we use words rather than bytes.
const int cacheLineSize = GetCacheLineSize();
unsigned int i;
volatile word32 _u = 0;
word32 u = _u;
for (i=0; i<COUNTOF(S1); i+=cacheLineSize/(sizeof(S1[0])))
u |= *(S1+i);
t[0] |= u;
BigEndianBlock::Get(inBlock)(t[0])(t[1])(t[2])(t[3]);
if (m_rounds > 12) {
ARIA_KXL; rk+= 16; ARIA_FO;
ARIA_KXL; rk+= 16; ARIA_FE;
}
if (m_rounds > 14) {
ARIA_KXL; rk+= 16; ARIA_FO;
ARIA_KXL; rk+= 16; ARIA_FE;
}
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16;
#ifdef IS_LITTLE_ENDIAN
# if CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS
const __m128i MASK = _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3);
if (HasSSSE3())
{
outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] );
outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8);
outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] );
outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] );
outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] );
outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8);
outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] );
outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] );
outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] );
outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8);
outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] );
outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] );
outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] );
outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8);
outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] );
outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] );
// 'outBlock' may be unaligned.
_mm_storeu_si128(reinterpret_cast<__m128i*>(outBlock),
_mm_xor_si128(_mm_loadu_si128((const __m128i*)(outBlock)),
_mm_shuffle_epi8(_mm_load_si128((const __m128i*)(rk)), MASK)));
// 'outBlock' and 'xorBlock' may be unaligned.
if (xorBlock != NULLPTR)
{
_mm_storeu_si128((__m128i*)(outBlock),
_mm_xor_si128(
_mm_loadu_si128((const __m128i*)(outBlock)),
_mm_loadu_si128((const __m128i*)(xorBlock))));
}
return;
}
else
# endif // CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS
{
outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 3];
outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 2];
outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 1];
outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 0];
outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 7];
outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 6];
outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 5];
outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 4];
outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] ) ^ rk[11];
outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[10];
outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] ) ^ rk[ 9];
outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] ) ^ rk[ 8];
outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] ) ^ rk[15];
outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[14];
outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] ) ^ rk[13];
outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] ) ^ rk[12];
}
#else
outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] );
outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8);
outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] );
outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] );
outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] );
outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8);
outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] );
outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] );
outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] );
outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8);
outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] );
outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] );
outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] );
outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8);
outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] );
outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] );
t = reinterpret_cast<word32*>(outBlock);
BigEndianBlock::Put(rk, t)(t[0])(t[1])(t[2])(t[3]);
#endif
#if CRYPTOPP_ENABLE_ARIA_NEON_INTRINSICS
if (HasNEON())
{
if (xorBlock != NULLPTR)
{
vst1q_u32(reinterpret_cast<uint32_t*>(outBlock),
veorq_u32(
vld1q_u32((const uint32_t*)outBlock),
vld1q_u32((const uint32_t*)xorBlock)));
}
}
else
#endif // CRYPTOPP_ENABLE_ARIA_NEON_INTRINSICS
{
if (xorBlock != NULLPTR)
for (unsigned int n=0; n<16; ++n)
outBlock[n] ^= xorBlock[n];
}
}
NAMESPACE_END

67
aria.h Normal file
View File

@ -0,0 +1,67 @@
// aria.h - written and placed in the public domain by Jeffrey Walton
//! \file aria.h
//! \brief Classes for the ARIA block cipher
//! \details The Crypto++ ARIA implementation is based on the 32-bit implementation by Aaram Yun
//! from the National Security Research Institute, KOREA. Aaram Yun's implementation is based on
//! the 8-bit implementation by Jin Hong. The source files are available in ARIA.zip from the Korea
//! Internet & Security Agency website.
//! \sa <A HREF="http://tools.ietf.org/html/rfc5794">RFC 5794, A Description of the ARIA Encryption Algorithm</A>,
//! <A HREF="http://seed.kisa.or.kr/iwt/ko/bbs/EgovReferenceList.do?bbsId=BBSMSTR_000000000002">Korea
//! Internet & Security Agency homepage</A>
#ifndef CRYPTOPP_ARIA_H
#define CRYPTOPP_ARIA_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
//! \class ARIA_Info
//! \brief ARIA block cipher information
//! \since Crypto++ 6.0
struct ARIA_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8>
{
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "ARIA";}
};
//! \class ARIA
//! \brief ARIA block cipher
//! \details The Crypto++ ARIA implementation is based on the 32-bit implementation by Aaram Yun
//! from the National Security Research Institute, KOREA. Aaram Yun's implementation is based on
//! the 8-bit implementation by Jin Hong. The source files are available in ARIA.zip from the Korea
//! Internet & Security Agency website.
//! \sa <A HREF="http://tools.ietf.org/html/rfc5794">RFC 5794, A Description of the ARIA Encryption Algorithm</A>,
//! <A HREF="http://seed.kisa.or.kr/iwt/ko/bbs/EgovReferenceList.do?bbsId=BBSMSTR_000000000002">Korea
//! Internet & Security Agency homepage</A>
//! \sa <a href="http://www.weidai.com/scan-mirror/cs.html#ARIA">ARIA</a>
//! \since Crypto++ 6.0
class ARIA : public ARIA_Info, public BlockCipherDocumentation
{
public:
class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<ARIA_Info>
{
protected:
void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params);
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
private:
// Reference implementation allocates a table of 17 round keys.
FixedSizeAlignedSecBlock<byte, 16*17> m_rk; // round keys
FixedSizeAlignedSecBlock<word32, 4*7> m_w; // w0, w1, w2, w3, t and u
unsigned int m_rounds;
};
public:
typedef BlockCipherFinal<ENCRYPTION, Base> Encryption;
typedef BlockCipherFinal<DECRYPTION, Base> Decryption;
};
typedef ARIA::Encryption ARIAEncryption;
typedef ARIA::Decryption ARIADecryption;
NAMESPACE_END
#endif

13
bench.h
View File

@ -14,6 +14,15 @@
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(Test)
// More granular control over benchmarks
enum TestClass {
Unkeyed=1,SharedKeyMAC=2,SharedKeyStream=4,SharedKeyBlock=8,SharedKeyOther=16,
PublicKeyAgreement=32,PublicKeyEncryption=64,PublicKeySignature=128,PublicKeyOther=256,
SharedKey=SharedKeyMAC|SharedKeyStream|SharedKeyBlock|SharedKeyOther,
PublicKey=PublicKeyAgreement|PublicKeyEncryption|PublicKeySignature|PublicKeyOther,
All=Unkeyed|SharedKey|PublicKey
};
extern const double CLOCK_TICKS_PER_SECOND;
extern double g_allocatedTime;
extern double g_hertz;
@ -25,8 +34,10 @@ extern const byte defaultKey[];
extern time_t g_testBegin;
extern time_t g_testEnd;
// Command handler
void BenchmarkWithCommand(int argc, const char* const argv[]);
// Top level, prints preamble and postamble
void Benchmark(int suites, double t, double hertz);
void Benchmark(Test::TestClass suites, double t, double hertz);
// Unkeyed systems
void Benchmark1(double t, double hertz);
// Shared key systems

75
bench1.cpp
View File

@ -271,7 +271,6 @@ void BenchMarkKeying(SimpleKeyingInterface &c, size_t keyLength, const NameValue
template <class T_FactoryOutput, class T_Interface>
void BenchMarkByName2(const char *factoryName, size_t keyLength = 0, const char *displayName=NULLPTR, const NameValuePairs &params = g_nullNameValuePairs)
{
CRYPTOPP_UNUSED(params);
std::string name(factoryName ? factoryName : "");
member_ptr<T_FactoryOutput> obj(ObjectFactoryRegistry<T_FactoryOutput>::Registry().CreateObject(name.c_str()));
@ -283,9 +282,10 @@ void BenchMarkByName2(const char *factoryName, size_t keyLength = 0, const char
else if (keyLength)
name += " (" + IntToString(keyLength * 8) + "-bit key)";
obj->SetKey(defaultKey, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, obj->IVSize()), false)));
const int blockSize = params.GetIntValueWithDefault(Name::BlockSize(), 0);
obj->SetKey(defaultKey, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, blockSize ? blockSize : obj->IVSize()), false)));
BenchMark(name.c_str(), *static_cast<T_Interface *>(obj.get()), g_allocatedTime);
BenchMarkKeying(*obj, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, obj->IVSize()), false)));
BenchMarkKeying(*obj, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, blockSize ? blockSize : obj->IVSize()), false)));
}
template <class T_FactoryOutput>
@ -339,35 +339,69 @@ void AddHtmlFooter()
std::cout << "\n</HTML>" << std::endl;
}
void Benchmark(int suites, double t, double hertz)
void BenchmarkWithCommand(int argc, const char* const argv[])
{
std::string command(argv[1]);
float runningTime(argc >= 3 ? Test::StringToValue<float, true>(argv[2]) : 1.0f);
float cpuFreq(argc >= 4 ? Test::StringToValue<float, true>(argv[3])*float(1e9) : 0.0f);
std::string algoName(argc >= 5 ? argv[4] : "");
if (command == "b") // All benchmarks
Benchmark(Test::All, runningTime, cpuFreq);
else if (command == "b3") // Public key algorithms
Test::Benchmark(Test::PublicKey, runningTime, cpuFreq);
else if (command == "b2") // Shared key algorithms
Test::Benchmark(Test::SharedKey, runningTime, cpuFreq);
else if (command == "b1") // Unkeyed algorithms
Test::Benchmark(Test::Unkeyed, runningTime, cpuFreq);
}
void Benchmark(Test::TestClass suites, double t, double hertz)
{
g_allocatedTime = t;
g_hertz = hertz;
g_testBegin = std::time(NULLPTR);
AddHtmlHeader();
if (suites > 7)
suites = 7;
g_testBegin = std::time(NULLPTR);
if (static_cast<int>(suites) > 256 || static_cast<int>(suites) == 0)
suites = Test::All;
// Unkeyed algorithms
if (suites & 1)
if (suites & Test::Unkeyed)
{
std::cout << "\n<BR>";
Benchmark1(t, hertz);
}
if (suites > 1)
// Shared key algorithms (MACs)
if (suites & Test::SharedKeyMAC)
{
std::cout << "\n<BR>";
// Shared key algorithms
if (suites & 2)
Benchmark2(t, hertz);
}
if (suites > 2)
// Shared key algorithms (stream ciphers)
if (suites & Test::SharedKeyStream)
{
std::cout << "\n<BR>";
Benchmark2(t, hertz);
}
// Shared key algorithms (block ciphers)
if (suites & Test::SharedKeyBlock)
{
std::cout << "\n<BR>";
Benchmark2(t, hertz);
}
// Public key algorithms
if (suites & 4)
if (suites & Test::PublicKey)
{
std::cout << "\n<BR>";
Benchmark3(t, hertz);
}
g_testEnd = std::time(NULLPTR);
@ -396,6 +430,7 @@ void Benchmark1(double t, double hertz)
cpb = "";
std::cout << "\n<TABLE>";
std::cout << "\n<COLGROUP><COL style=\"text-align: left;\"><COL style=\"text-align: right;\">";
std::cout << "<COL style=\"text-align: right;\">";
std::cout << "\n<THEAD style=\"background: #F0F0F0\"><TR><TH>Algorithm<TH>MiB/Second" << cpb;
@ -531,9 +566,14 @@ void Benchmark2(double t, double hertz)
BenchMarkByName<SymmetricCipher>("AES/OFB", 16);
BenchMarkByName<SymmetricCipher>("AES/CFB", 16);
BenchMarkByName<SymmetricCipher>("AES/ECB", 16);
BenchMarkByName<SymmetricCipher>("ARIA/CTR", 16);
BenchMarkByName<SymmetricCipher>("ARIA/CTR", 32);
BenchMarkByName<SymmetricCipher>("Camellia/CTR", 16);
BenchMarkByName<SymmetricCipher>("Camellia/CTR", 32);
BenchMarkByName<SymmetricCipher>("Twofish/CTR");
BenchMarkByName<SymmetricCipher>("Threefish/CTR", 32, "Threefish/CTR (256-bit key)", MakeParameters(Name::BlockSize(), 32));
BenchMarkByName<SymmetricCipher>("Threefish/CTR", 64, "Threefish/CTR (512-bit key)", MakeParameters(Name::BlockSize(), 64));
BenchMarkByName<SymmetricCipher>("Threefish/CTR", 128, "Threefish/CTR (1024-bit key)", MakeParameters(Name::BlockSize(), 128));
BenchMarkByName<SymmetricCipher>("Serpent/CTR");
BenchMarkByName<SymmetricCipher>("CAST-256/CTR");
BenchMarkByName<SymmetricCipher>("RC6/CTR");
@ -551,6 +591,11 @@ void Benchmark2(double t, double hertz)
BenchMarkByName<SymmetricCipher>("CAST-128/CTR");
BenchMarkByName<SymmetricCipher>("SKIPJACK/CTR");
BenchMarkByName<SymmetricCipher>("SEED/CTR", 0, "SEED/CTR (1/2 K table)");
BenchMarkByName<SymmetricCipher>("Kalyna/CTR", 16, "Kalyna-128(128) (128-bit key)", MakeParameters(Name::BlockSize(), 16));
BenchMarkByName<SymmetricCipher>("Kalyna/CTR", 32, "Kalyna-128(256) (256-bit key)", MakeParameters(Name::BlockSize(), 16));
BenchMarkByName<SymmetricCipher>("Kalyna/CTR", 32, "Kalyna-256(256) (256-bit key)", MakeParameters(Name::BlockSize(), 32));
BenchMarkByName<SymmetricCipher>("Kalyna/CTR", 64, "Kalyna-256(512) (512-bit key)", MakeParameters(Name::BlockSize(), 32));
BenchMarkByName<SymmetricCipher>("Kalyna/CTR", 64, "Kalyna-512(512) (512-bit key)", MakeParameters(Name::BlockSize(), 64));
}
std::cout << "\n<TBODY style=\"background: yellow;\">";

58
bench2.cpp
View File

@ -246,40 +246,40 @@ void Benchmark3(double t, double hertz)
std::cout << "\n<TBODY style=\"background: white;\">";
{
BenchMarkCrypto<RSAES<OAEP<SHA> > >(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", "RSA 1024", t);
BenchMarkCrypto<LUCES<OAEP<SHA> > >(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", "LUC 1024", t);
BenchMarkCrypto<RSAES<OAEP<SHA1> > >(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", "RSA 1024", t);
BenchMarkCrypto<LUCES<OAEP<SHA1> > >(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", "LUC 1024", t);
BenchMarkCrypto<DLIES<> >(CRYPTOPP_DATA_DIR "TestData/dlie1024.dat", "DLIES 1024", t);
BenchMarkCrypto<LUC_IES<> >(CRYPTOPP_DATA_DIR "TestData/lucc512.dat", "LUCELG 512", t);
}
std::cout << "\n<TBODY style=\"background: yellow;\">";
{
BenchMarkCrypto<RSAES<OAEP<SHA> > >(CRYPTOPP_DATA_DIR "TestData/rsa2048.dat", "RSA 2048", t);
BenchMarkCrypto<LUCES<OAEP<SHA> > >(CRYPTOPP_DATA_DIR "TestData/luc2048.dat", "LUC 2048", t);
BenchMarkCrypto<RSAES<OAEP<SHA1> > >(CRYPTOPP_DATA_DIR "TestData/rsa2048.dat", "RSA 2048", t);
BenchMarkCrypto<LUCES<OAEP<SHA1> > >(CRYPTOPP_DATA_DIR "TestData/luc2048.dat", "LUC 2048", t);
BenchMarkCrypto<DLIES<> >(CRYPTOPP_DATA_DIR "TestData/dlie2048.dat", "DLIES 2048", t);
BenchMarkCrypto<LUC_IES<> >(CRYPTOPP_DATA_DIR "TestData/lucc1024.dat", "LUCELG 1024", t);
}
std::cout << "\n<TBODY style=\"background: white;\">";
{
BenchMarkSignature<RSASS<PSSR, SHA> >(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", "RSA 1024", t);
BenchMarkSignature<RWSS<PSSR, SHA> >(CRYPTOPP_DATA_DIR "TestData/rw1024.dat", "RW 1024", t);
BenchMarkSignature<LUCSS<PSSR, SHA> >(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", "LUC 1024", t);
BenchMarkSignature<NR<SHA> >(CRYPTOPP_DATA_DIR "TestData/nr1024.dat", "NR 1024", t);
BenchMarkSignature<RSASS<PSSR, SHA1> >(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", "RSA 1024", t);
BenchMarkSignature<RWSS<PSSR, SHA1> >(CRYPTOPP_DATA_DIR "TestData/rw1024.dat", "RW 1024", t);
BenchMarkSignature<LUCSS<PSSR, SHA1> >(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", "LUC 1024", t);
BenchMarkSignature<NR<SHA1> >(CRYPTOPP_DATA_DIR "TestData/nr1024.dat", "NR 1024", t);
BenchMarkSignature<DSA>(CRYPTOPP_DATA_DIR "TestData/dsa1024.dat", "DSA 1024", t);
BenchMarkSignature<LUC_HMP<SHA> >(CRYPTOPP_DATA_DIR "TestData/lucs512.dat", "LUC-HMP 512", t);
BenchMarkSignature<ESIGN<SHA> >(CRYPTOPP_DATA_DIR "TestData/esig1023.dat", "ESIGN 1023", t);
BenchMarkSignature<ESIGN<SHA> >(CRYPTOPP_DATA_DIR "TestData/esig1536.dat", "ESIGN 1536", t);
BenchMarkSignature<LUC_HMP<SHA1> >(CRYPTOPP_DATA_DIR "TestData/lucs512.dat", "LUC-HMP 512", t);
BenchMarkSignature<ESIGN<SHA1> >(CRYPTOPP_DATA_DIR "TestData/esig1023.dat", "ESIGN 1023", t);
BenchMarkSignature<ESIGN<SHA1> >(CRYPTOPP_DATA_DIR "TestData/esig1536.dat", "ESIGN 1536", t);
}
std::cout << "\n<TBODY style=\"background: yellow;\">";
{
BenchMarkSignature<RSASS<PSSR, SHA> >(CRYPTOPP_DATA_DIR "TestData/rsa2048.dat", "RSA 2048", t);
BenchMarkSignature<RWSS<PSSR, SHA> >(CRYPTOPP_DATA_DIR "TestData/rw2048.dat", "RW 2048", t);
BenchMarkSignature<LUCSS<PSSR, SHA> >(CRYPTOPP_DATA_DIR "TestData/luc2048.dat", "LUC 2048", t);
BenchMarkSignature<NR<SHA> >(CRYPTOPP_DATA_DIR "TestData/nr2048.dat", "NR 2048", t);
BenchMarkSignature<LUC_HMP<SHA> >(CRYPTOPP_DATA_DIR "TestData/lucs1024.dat", "LUC-HMP 1024", t);
BenchMarkSignature<ESIGN<SHA> >(CRYPTOPP_DATA_DIR "TestData/esig2046.dat", "ESIGN 2046", t);
BenchMarkSignature<RSASS<PSSR, SHA1> >(CRYPTOPP_DATA_DIR "TestData/rsa2048.dat", "RSA 2048", t);
BenchMarkSignature<RWSS<PSSR, SHA1> >(CRYPTOPP_DATA_DIR "TestData/rw2048.dat", "RW 2048", t);
BenchMarkSignature<LUCSS<PSSR, SHA1> >(CRYPTOPP_DATA_DIR "TestData/luc2048.dat", "LUC 2048", t);
BenchMarkSignature<NR<SHA1> >(CRYPTOPP_DATA_DIR "TestData/nr2048.dat", "NR 2048", t);
BenchMarkSignature<LUC_HMP<SHA1> >(CRYPTOPP_DATA_DIR "TestData/lucs1024.dat", "LUC-HMP 1024", t);
BenchMarkSignature<ESIGN<SHA1> >(CRYPTOPP_DATA_DIR "TestData/esig2046.dat", "ESIGN 2046", t);
}
std::cout << "\n<TBODY style=\"background: white;\">";
@ -310,12 +310,12 @@ void Benchmark3(double t, double hertz)
{
ECIES<ECP>::Decryptor cpriv(Test::GlobalRNG(), ASN1::secp256k1());
ECIES<ECP>::Encryptor cpub(cpriv);
ECDSA<ECP, SHA>::Signer spriv(cpriv);
ECDSA<ECP, SHA>::Verifier spub(spriv);
ECDSA_RFC6979<ECP, SHA>::Signer spriv2(cpriv);
ECDSA_RFC6979<ECP, SHA>::Verifier spub2(spriv);
ECGDSA<ECP, SHA>::Signer spriv3(Test::GlobalRNG(), ASN1::secp256k1());
ECGDSA<ECP, SHA>::Verifier spub3(spriv3);
ECDSA<ECP, SHA1>::Signer spriv(cpriv);
ECDSA<ECP, SHA1>::Verifier spub(spriv);
ECDSA_RFC6979<ECP, SHA1>::Signer spriv2(cpriv);
ECDSA_RFC6979<ECP, SHA1>::Verifier spub2(spriv);
ECGDSA<ECP, SHA1>::Signer spriv3(Test::GlobalRNG(), ASN1::secp256k1());
ECGDSA<ECP, SHA1>::Verifier spub3(spriv3);
ECDH<ECP>::Domain ecdhc(ASN1::secp256k1());
ECMQV<ECP>::Domain ecmqvc(ASN1::secp256k1());
@ -337,12 +337,12 @@ void Benchmark3(double t, double hertz)
{
ECIES<EC2N>::Decryptor cpriv(Test::GlobalRNG(), ASN1::sect233r1());
ECIES<EC2N>::Encryptor cpub(cpriv);
ECDSA<EC2N, SHA>::Signer spriv(cpriv);
ECDSA<EC2N, SHA>::Verifier spub(spriv);
ECDSA_RFC6979<EC2N, SHA>::Signer spriv2(cpriv);
ECDSA_RFC6979<EC2N, SHA>::Verifier spub2(spriv);
ECGDSA<EC2N, SHA>::Signer spriv3(Test::GlobalRNG(), ASN1::sect233r1());
ECGDSA<EC2N, SHA>::Verifier spub3(spriv3);
ECDSA<EC2N, SHA1>::Signer spriv(cpriv);
ECDSA<EC2N, SHA1>::Verifier spub(spriv);
ECDSA_RFC6979<EC2N, SHA1>::Signer spriv2(cpriv);
ECDSA_RFC6979<EC2N, SHA1>::Verifier spub2(spriv);
ECGDSA<EC2N, SHA1>::Signer spriv3(Test::GlobalRNG(), ASN1::sect233r1());
ECGDSA<EC2N, SHA1>::Verifier spub3(spriv3);
ECDH<EC2N>::Domain ecdhc(ASN1::sect233r1());
ECMQV<EC2N>::Domain ecmqvc(ASN1::sect233r1());

5
blake2.cpp
View File

@ -28,7 +28,7 @@ NAMESPACE_BEGIN(CryptoPP)
inline __m128i MM_SET_EPI64X(const word64 a, const word64 b)
{
const word64 t[2] = {b,a}; __m128i r;
memcpy(&r, &t, sizeof(r));
memcpy(&r, &t, sizeof(t));
return r;
}
#else
@ -351,7 +351,7 @@ BLAKE2_Base<W, T_64bit>::BLAKE2_Base(bool treeMode, unsigned int digestSize) : m
{
CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
UncheckedSetKey(NULLPTR, 0, g_nullNameValuePairs);
UncheckedSetKey(NULLPTR, 0, MakeParameters(Name::DigestSize(), (int)digestSize)(Name::TreeMode(), treeMode, false));
Restart();
}
@ -3905,7 +3905,6 @@ static void BLAKE2_NEON_Compress64(const byte* input, BLAKE2_State<word64, true>
#define BLAKE2B_LOAD_MSG_9_4(b0, b1) \
do { b0 = vextq_u64(m5, m7, 1); b1 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m0)); } while(0)
#undef BLAKE2B_LOAD_MSG_10_1
#define BLAKE2B_LOAD_MSG_10_1(b0, b1) \
do { b0 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m1)); b1 = vcombine_u64(vget_low_u64(m2), vget_low_u64(m3)); } while(0)

3
camellia.cpp
View File

@ -216,13 +216,12 @@ void Camellia::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBloc
rh ^= KS(0,2);
rl ^= KS(0,3);
// timing attack countermeasure. see comments at top for more details
// Timing attack countermeasure. see comments in Rijndael for more details
const int cacheLineSize = GetCacheLineSize();
unsigned int i;
volatile word32 _u = 0;
word32 u = _u;
CRYPTOPP_ASSERT(IsAlignedOn(s1,GetAlignmentOf<word32>()));
for (i=0; i<256; i+=cacheLineSize)
u &= *(const word32 *)(void*)(s1+i);
u &= *(const word32 *)(void*)(s1+252);

2
camellia.h
View File

@ -1,7 +1,7 @@
// camellia.h - originally written and placed in the public domain by Wei Dai
//! \file camellia.h
//! \brief Classes for the Cameliia block cipher
//! \brief Classes for the Camellia block cipher
#ifndef CRYPTOPP_CAMELLIA_H
#define CRYPTOPP_CAMELLIA_H

19
cmac.cpp
View File

@ -31,9 +31,24 @@ static void MulU(byte *k, unsigned int length)
k[15] ^= 0x87;
break;
case 32:
// https://crypto.stackexchange.com/q/9815/10496
// Polynomial x^256 + x^10 + x^5 + x + 1
k[30] ^= 4;
k[31] ^= 0x23;
break;
case 64:
// https://crypto.stackexchange.com/q/9815/10496
// Polynomial x^512 + x^8 + x^5 + x^2 + 1
k[62] ^= 1;
k[63] ^= 0x25;
break;
case 128:
// https://crypto.stackexchange.com/q/9815/10496
// Polynomial x^1024 + x^19 + x^6 + x + 1
k[125] ^= 8;
k[126] ^= 0x00;
k[127] ^= 0x43;
break;
default:
throw InvalidArgument("CMAC: " + IntToString(length) + " is not a supported cipher block size");
}
@ -43,9 +58,9 @@ static void MulU(byte *k, unsigned int length)
void CMAC_Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
{
BlockCipher &cipher = AccessCipher();
unsigned int blockSize = cipher.BlockSize();
cipher.SetKey(key, length, params);
unsigned int blockSize = cipher.BlockSize();
m_reg.CleanNew(3*blockSize);
m_counter = 0;

44
config.h
View File

@ -9,13 +9,13 @@
// ***************** Important Settings ********************
// define this if running on a big-endian CPU
#if !defined(IS_LITTLE_ENDIAN) && (defined(__BIG_ENDIAN__) || (defined(__s390__) || defined(__s390x__) || defined(__zarch__)) || (defined(__m68k__) || defined(__MC68K__)) || defined(__sparc) || defined(__sparc__) || defined(__hppa__) || defined(__MIPSEB__) || defined(__ARMEB__) || (defined(__MWERKS__) && !defined(__INTEL__)))
#if !defined(IS_LITTLE_ENDIAN) && !defined(IS_BIG_ENDIAN) && (defined(__BIG_ENDIAN__) || (defined(__s390__) || defined(__s390x__) || defined(__zarch__)) || (defined(__m68k__) || defined(__MC68K__)) || defined(__sparc) || defined(__sparc__) || defined(__hppa__) || defined(__MIPSEB__) || defined(__ARMEB__) || (defined(__MWERKS__) && !defined(__INTEL__)))
# define IS_BIG_ENDIAN
#endif
// define this if running on a little-endian CPU
// big endian will be assumed if IS_LITTLE_ENDIAN is not defined
#ifndef IS_BIG_ENDIAN
#if !defined(IS_BIG_ENDIAN) && !defined(IS_LITTLE_ENDIAN)
# define IS_LITTLE_ENDIAN
#endif
@ -103,6 +103,13 @@
// of 'b', 'o', 'h' or '.' (the last for decimal).
// #define CRYPTOPP_USE_STD_SHOWBASE
// Define this if you want to decouple AlgorithmParameters and Integer
// The decoupling should make it easier for the linker to remove Integer
// related code for those who do not need Integer, and avoid a potential
// race during AssignIntToInteger pointer initialization. Also
// see http://github.com/weidai11/cryptopp/issues/389.
// #define CRYPTOPP_NO_ASSIGN_TO_INTEGER
// choose which style of sockets to wrap (mostly useful for MinGW which has both)
#if !defined(NO_BERKELEY_STYLE_SOCKETS) && !defined(PREFER_BERKELEY_STYLE_SOCKETS)
# define PREFER_BERKELEY_STYLE_SOCKETS
@ -245,8 +252,9 @@ const lword LWORD_MAX = W64LIT(0xffffffffffffffff);
#else
#define CRYPTOPP_NATIVE_DWORD_AVAILABLE 1
#if defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || defined(__x86_64__) || defined(__mips64) || defined(__sparc64__)
#if defined(__GNUC__) && !defined(__INTEL_COMPILER) && !(CRYPTOPP_GCC_VERSION == 40001 && defined(__APPLE__)) && CRYPTOPP_GCC_VERSION >= 30400
#if defined(__GNUC__) && !defined(__INTEL_COMPILER) && !(CRYPTOPP_GCC_VERSION == 40001 && defined(__APPLE__)) && !(defined(__GNUC__) && CRYPTOPP_GCC_VERSION < 50000 && defined(_ARCH_PPC64)) && CRYPTOPP_GCC_VERSION >= 30400
// GCC 4.0.1 on MacOS X is missing __umodti3 and __udivti3
// GCC 4.8.3 and bad uint128_t ops on PPC64/POWER7 (Issue 421)
// mode(TI) division broken on amd64 with GCC earlier than GCC 3.4
typedef word32 hword;
typedef word64 word;
@ -340,7 +348,7 @@ NAMESPACE_END
// 4786: identifier was truncated in debug information
// 4355: 'this' : used in base member initializer list
// 4910: '__declspec(dllexport)' and 'extern' are incompatible on an explicit instantiation
# pragma warning(disable: 4127 4231 4250 4251 4275 4505 4512 4660 4661 4786 4355 4910)
# pragma warning(disable: 4127 4512 4661)
// Security related, possible defects
// http://blogs.msdn.com/b/vcblog/archive/2010/12/14/off-by-default-compiler-warnings-in-visual-c.aspx
# pragma warning(once: 4191 4242 4263 4264 4266 4302 4826 4905 4906 4928)
@ -389,7 +397,7 @@ NAMESPACE_END
#define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 0
#endif
#if !defined(CRYPTOPP_DISABLE_SSE3) && (_MSC_VER >= 1500 || (defined(__SSE3__) && defined(__SSSE3__)))
#if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1500 || (defined(__SSE3__) && defined(__SSSE3__)))
#define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 1
#else
#define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 0
@ -410,6 +418,12 @@ NAMESPACE_END
#define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 0
#endif
#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(_M_ARM) && (_MSC_VER >= 1500 || (defined(__SSSE3__) && defined(__SSSE3__)))
#define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 1
#else
#define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 0
#endif
// Intrinsics availible in GCC 4.3 (http://gcc.gnu.org/gcc-4.3/changes.html) and
// MSVC 2008 (http://msdn.microsoft.com/en-us/library/bb892950%28v=vs.90%29.aspx)
// SunCC could generate SSE4 at 12.1, but the intrinsics are missing until 12.4.
@ -583,13 +597,14 @@ NAMESPACE_END
# define CRYPTOPP_USER_PRIORITY 350
#endif
#if (CRYPTOPP_INIT_PRIORITY > 0) && !(defined(__APPLE__) || defined(__sun__))
// Most platforms allow us to specify when to create C++ objects. Apple and Sun do not.
#if (CRYPTOPP_INIT_PRIORITY > 0) && !(defined(NO_OS_DEPENDENCE) || defined(__APPLE__) || defined(__sun__))
# if (CRYPTOPP_GCC_VERSION >= 30000) || (CRYPTOPP_LLVM_CLANG_VERSION >= 20900) || (_INTEL_COMPILER >= 800)
# define HAVE_GCC_INIT_PRIORITY 1
# elif (CRYPTOPP_MSC_VERSION >= 1310)
# define HAVE_MSC_INIT_PRIORITY 1
# endif
#endif // CRYPTOPP_INIT_PRIORITY, Sun, Darwin
#endif // CRYPTOPP_INIT_PRIORITY, NO_OS_DEPENDENCE, Apple, Sun
// ***************** determine availability of OS features ********************
@ -743,14 +758,23 @@ NAMESPACE_END
// ************** Deprecated ***************
#if (CRYPTOPP_GCC_VERSION >= 40500) || (CRYPTOPP_LLVM_CLANG_VERSION >= 20800)
# define CRYPTOPP_DEPRECATED(msg) __attribute__((deprecated (msg)));
#if (CRYPTOPP_GCC_VERSION >= 40500) || (CRYPTOPP_LLVM_CLANG_VERSION >= 20800) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40200)
# define CRYPTOPP_DEPRECATED(msg) __attribute__((deprecated (msg)))
#elif (CRYPTOPP_GCC_VERSION)
# define CRYPTOPP_DEPRECATED(msg) __attribute__((deprecated));
# define CRYPTOPP_DEPRECATED(msg) __attribute__((deprecated))
#else
# define CRYPTOPP_DEPRECATED(msg)
#endif
// ************** Instrumentation ***************
// GCC does not support; see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78204
#if (CRYPTOPP_LLVM_CLANG_VERSION >= 30700) || (CRYPTOPP_APPLE_CLANG_VERSION >= 70000)
# define CRYPTOPP_NO_SANITIZE(x) __attribute__((no_sanitize(x)))
#else
# define CRYPTOPP_NO_SANITIZE(x)
#endif
// ***************** C++11 related ********************
// Visual Studio began at VS2010, http://msdn.microsoft.com/en-us/library/hh567368%28v=vs.110%29.aspx.

11
cpu.cpp
View File

@ -267,10 +267,21 @@ void DetectX86Features()
else if (IsAMD(cpuid1))
{
static const unsigned int RDRAND_FLAG = (1 << 30);
static const unsigned int RDSEED_FLAG = (1 << 18);
static const unsigned int SHA_FLAG = (1 << 29);
CpuId(0x01, cpuid1);
g_hasRDRAND = !!(cpuid1[2] /*ECX*/ & RDRAND_FLAG);
if (cpuid1[0] /*EAX*/ >= 7)
{
if (CpuId(7, cpuid3))
{
g_hasRDSEED = !!(cpuid3[1] /*EBX*/ & RDSEED_FLAG);
g_hasSHA = !!(cpuid3[1] /*EBX*/ & SHA_FLAG);
}
}
CpuId(0x80000005, cpuid1);
g_cacheLineSize = GETBYTE(cpuid1[2], 0);
}

14
cpu.h
View File

@ -32,6 +32,18 @@
# endif
#endif // ARM32 and ARM64 Headers
// Used when supplying ASM due to missing intrinsics
#if defined(__clang__)
# define GCC_INLINE inline
# define GCC_INLINE_ATTRIB __attribute__((__gnu_inline__, __always_inline__))
#elif (CRYPTOPP_GCC_VERSION >= 30300) || defined(__INTEL_COMPILER)
# define GCC_INLINE __inline
# define GCC_INLINE_ATTRIB __attribute__((__gnu_inline__, __always_inline__, __artificial__))
#else
# define GCC_INLINE inline
# define GCC_INLINE_ATTRIB
# endif
// X86/X64/X32 Headers
#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
@ -47,7 +59,7 @@
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
# include <emmintrin.h> // __m64, __m128i, _mm_set_epi64x
#endif
#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE
#if CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE
# include <tmmintrin.h> // _mm_shuffle_pi8, _mm_shuffle_epi8
#endif // tmmintrin.h
#if CRYPTOPP_BOOL_SSE4_INTRINSICS_AVAILABLE

32
crc.cpp
View File

@ -13,6 +13,32 @@ NAMESPACE_BEGIN(CryptoPP)
# undef CRYPTOPP_BOOL_SSE4_INTRINSICS_AVAILABLE
#endif
// Use inline ASM to provide the instructions when the user omits -march=native or -msse4.2
#if (CRYPTOPP_GCC_VERSION >= 40300 || __INTEL_COMPILER >= 1000 || __SUNPRO_CC >= 0x5110 || CRYPTOPP_LLVM_CLANG_VERSION >= 20300 || CRYPTOPP_APPLE_CLANG_VERSION >= 40000) && !defined(__SSE4_2__)
GCC_INLINE unsigned int GCC_INLINE_ATTRIB
MM_CRC32_U8(unsigned int crc, unsigned char val)
{
asm ("crc32 %1, %0" : "+r"(crc) : "r"(val));
return crc;
}
GCC_INLINE unsigned int GCC_INLINE_ATTRIB
MM_CRC32_U16(unsigned int crc, unsigned short val)
{
asm ("crc32 %1, %0" : "+r"(crc) : "r"(val));
return crc;
}
GCC_INLINE unsigned int GCC_INLINE_ATTRIB
MM_CRC32_U32(unsigned int crc, unsigned int val)
{
asm ("crc32 %1, %0" : "+r"(crc) : "r"(val));
return crc;
}
#else
#define MM_CRC32_U8(a,b) _mm_crc32_u8(a,b)
#define MM_CRC32_U16(a,b) _mm_crc32_u16(a,b)
#define MM_CRC32_U32(a,b) _mm_crc32_u32(a,b)
#endif
/* Table of CRC-32's of all single byte values (made by makecrc.c) */
const word32 CRC32::m_tab[] = {
#ifdef IS_LITTLE_ENDIAN
@ -303,13 +329,13 @@ void CRC32C::Update(const byte *s, size_t n)
if (HasSSE4())
{
for(; !IsAligned<word32>(s) && n > 0; s++, n--)
m_crc = _mm_crc32_u8(m_crc, *s);
m_crc = MM_CRC32_U8(m_crc, *s);
for(; n > 4; s+=4, n-=4)
m_crc = _mm_crc32_u32(m_crc, *(const word32 *)(void*)s);
m_crc = MM_CRC32_U32(m_crc, *(const word32 *)(void*)s);
for(; n > 0; s++, n--)
m_crc = _mm_crc32_u8(m_crc, *s);
m_crc = MM_CRC32_U8(m_crc, *s);
return;
}

2
cryptdll.vcxproj
View File

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">

2
cryptdll.vcxproj.filters
View File

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">

8
cryptest.nmake
View File

@ -48,13 +48,13 @@
# If you use 'make sources' from Linux makefile, then add 'winpipes.cpp'. Platform specific
# classes, like 'rdrand.cpp', should not be included. Add them under the X86 and X64 rules.
LIB_SRCS = cryptlib.cpp cpu.cpp integer.cpp shacal2.cpp md5.cpp shark.cpp zinflate.cpp gf2n.cpp salsa.cpp xtr.cpp oaep.cpp rc2.cpp default.cpp wait.cpp wake.cpp twofish.cpp iterhash.cpp adler32.cpp algparam.cpp marss.cpp blowfish.cpp ecp.cpp strciphr.cpp camellia.cpp dh2.cpp ida.cpp zlib.cpp elgamal.cpp crc.cpp dessp.cpp tea.cpp eax.cpp network.cpp sha.cpp emsa2.cpp pkcspad.cpp squaretb.cpp idea.cpp authenc.cpp hmac.cpp xtrcrypt.cpp queue.cpp mars.cpp rc5.cpp md2.cpp hrtimer.cpp vmac.cpp eprecomp.cpp hex.cpp dsa.cpp fips140.cpp gzip.cpp seal.cpp blake2.cpp files.cpp base32.cpp sharkbox.cpp safer.cpp randpool.cpp sosemanuk.cpp arc4.cpp osrng.cpp skipjack.cpp seed.cpp sha3.cpp filters.cpp bfinit.cpp rabin.cpp 3way.cpp rw.cpp rdtables.cpp rsa.cpp tftables.cpp gost.cpp socketft.cpp nbtheory.cpp panama.cpp modes.cpp rijndael.cpp casts.cpp algebra.cpp esign.cpp gfpcrypt.cpp dll.cpp ec2n.cpp poly1305.cpp polynomi.cpp blumshub.cpp des.cpp basecode.cpp zdeflate.cpp base64.cpp rc6.cpp gf256.cpp mqueue.cpp misc.cpp pssr.cpp channels.cpp rng.cpp tiger.cpp cast.cpp square.cpp asn.cpp chacha.cpp whrlpool.cpp md4.cpp dh.cpp ccm.cpp mqv.cpp tigertab.cpp gf2_32.cpp cbcmac.cpp ttmac.cpp luc.cpp trdlocal.cpp pubkey.cpp gcm.cpp ripemd.cpp keccak.cpp eccrypto.cpp serpent.cpp cmac.cpp winpipes.cpp
LIB_SRCS = cryptlib.cpp cpu.cpp integer.cpp shacal2.cpp md5.cpp shark.cpp zinflate.cpp gf2n.cpp salsa.cpp xtr.cpp oaep.cpp rc2.cpp default.cpp wait.cpp wake.cpp twofish.cpp iterhash.cpp adler32.cpp algparam.cpp marss.cpp blowfish.cpp ecp.cpp strciphr.cpp aria.cpp camellia.cpp dh2.cpp ida.cpp zlib.cpp elgamal.cpp crc.cpp dessp.cpp tea.cpp eax.cpp network.cpp sha.cpp emsa2.cpp pkcspad.cpp squaretb.cpp idea.cpp authenc.cpp hmac.cpp xtrcrypt.cpp queue.cpp mars.cpp rc5.cpp md2.cpp hrtimer.cpp vmac.cpp eprecomp.cpp hex.cpp dsa.cpp fips140.cpp gzip.cpp seal.cpp blake2.cpp files.cpp base32.cpp sharkbox.cpp safer.cpp randpool.cpp sosemanuk.cpp arc4.cpp osrng.cpp skipjack.cpp seed.cpp sha3.cpp filters.cpp bfinit.cpp rabin.cpp 3way.cpp rw.cpp rdtables.cpp rsa.cpp tftables.cpp gost.cpp socketft.cpp nbtheory.cpp panama.cpp modes.cpp rijndael.cpp casts.cpp algebra.cpp esign.cpp gfpcrypt.cpp dll.cpp ec2n.cpp poly1305.cpp polynomi.cpp blumshub.cpp des.cpp basecode.cpp zdeflate.cpp base64.cpp rc6.cpp gf256.cpp mqueue.cpp misc.cpp pssr.cpp channels.cpp rng.cpp threefish.cpp tiger.cpp cast.cpp square.cpp asn.cpp chacha.cpp whrlpool.cpp md4.cpp dh.cpp ccm.cpp mqv.cpp tigertab.cpp gf2_32.cpp cbcmac.cpp ttmac.cpp luc.cpp trdlocal.cpp pubkey.cpp gcm.cpp ripemd.cpp kalyna.cpp kalynatab.cpp keccak.cpp eccrypto.cpp serpent.cpp cmac.cpp winpipes.cpp
LIB_OBJS = cryptlib.obj cpu.obj integer.obj shacal2.obj md5.obj shark.obj zinflate.obj gf2n.obj salsa.obj xtr.obj oaep.obj rc2.obj default.obj wait.obj wake.obj twofish.obj iterhash.obj adler32.obj algparam.obj marss.obj blowfish.obj ecp.obj strciphr.obj camellia.obj dh2.obj ida.obj zlib.obj elgamal.obj crc.obj dessp.obj tea.obj eax.obj network.obj sha.obj emsa2.obj pkcspad.obj squaretb.obj idea.obj authenc.obj hmac.obj xtrcrypt.obj queue.obj mars.obj rc5.obj md2.obj hrtimer.obj vmac.obj eprecomp.obj hex.obj dsa.obj fips140.obj gzip.obj seal.obj blake2.obj files.obj base32.obj sharkbox.obj safer.obj randpool.obj sosemanuk.obj arc4.obj osrng.obj skipjack.obj seed.obj sha3.obj filters.obj bfinit.obj rabin.obj 3way.obj rw.obj rdtables.obj rsa.obj tftables.obj gost.obj socketft.obj nbtheory.obj panama.obj modes.obj rijndael.obj casts.obj algebra.obj esign.obj gfpcrypt.obj dll.obj ec2n.obj poly1305.obj polynomi.obj blumshub.obj des.obj basecode.obj zdeflate.obj base64.obj rc6.obj gf256.obj mqueue.obj misc.obj pssr.obj channels.obj rng.obj tiger.obj cast.obj square.obj asn.obj chacha.obj whrlpool.obj md4.obj dh.obj ccm.obj mqv.obj tigertab.obj gf2_32.obj cbcmac.obj ttmac.obj luc.obj trdlocal.obj pubkey.obj gcm.obj ripemd.obj keccak.obj eccrypto.obj serpent.obj cmac.obj winpipes.obj
LIB_OBJS = cryptlib.obj cpu.obj integer.obj shacal2.obj md5.obj shark.obj zinflate.obj gf2n.obj salsa.obj xtr.obj oaep.obj rc2.obj default.obj wait.obj wake.obj twofish.obj iterhash.obj adler32.obj algparam.obj marss.obj blowfish.obj ecp.obj strciphr.obj aria.obj camellia.obj dh2.obj ida.obj zlib.obj elgamal.obj crc.obj dessp.obj tea.obj eax.obj network.obj sha.obj emsa2.obj pkcspad.obj squaretb.obj idea.obj authenc.obj hmac.obj xtrcrypt.obj queue.obj mars.obj rc5.obj md2.obj hrtimer.obj vmac.obj eprecomp.obj hex.obj dsa.obj fips140.obj gzip.obj seal.obj blake2.obj files.obj base32.obj sharkbox.obj safer.obj randpool.obj sosemanuk.obj arc4.obj osrng.obj skipjack.obj seed.obj sha3.obj filters.obj bfinit.obj rabin.obj 3way.obj rw.obj rdtables.obj rsa.obj tftables.obj gost.obj socketft.obj nbtheory.obj panama.obj modes.obj rijndael.obj casts.obj algebra.obj esign.obj gfpcrypt.obj dll.obj ec2n.obj poly1305.obj polynomi.obj blumshub.obj des.obj basecode.obj zdeflate.obj base64.obj rc6.obj gf256.obj mqueue.obj misc.obj pssr.obj channels.obj rng.obj threefish.obj tiger.obj cast.obj square.obj asn.obj chacha.obj whrlpool.obj md4.obj dh.obj ccm.obj mqv.obj tigertab.obj gf2_32.obj cbcmac.obj ttmac.obj luc.obj trdlocal.obj pubkey.obj gcm.obj ripemd.obj kalyna.obj kalynatab.obj keccak.obj eccrypto.obj serpent.obj cmac.obj winpipes.obj
TEST_SRCS = bench1.cpp bench2.cpp test.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp datatest.cpp regtest.cpp fipsalgt.cpp dlltest.cpp fipstest.cpp
TEST_SRCS = bench1.cpp bench2.cpp test.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp datatest.cpp regtest1.cpp regtest2.cpp regtest3.cpp fipsalgt.cpp dlltest.cpp fipstest.cpp
TEST_OBJS = bench1.obj bench2.obj test.obj validat0.obj validat1.obj validat2.obj validat3.obj datatest.obj regtest.obj fipsalgt.obj dlltest.obj fipstest.obj
TEST_OBJS = bench1.obj bench2.obj test.obj validat0.obj validat1.obj validat2.obj validat3.obj datatest.obj regtest1.obj regtest2.obj regtest3.obj fipsalgt.obj dlltest.obj fipstest.obj
CXX = cl.exe
LD = link.exe

407
cryptest.sh
View File

@ -397,7 +397,7 @@ if [[ (-z "$HAVE_O3") ]]; then
fi
# Hit or miss, mostly hit
if [[ (-z "$HAVE_O5") ]]; then
if [[ ( (-z "$HAVE_O5") && ("$CLANG_COMPILER" -eq "0") ) ]]; then
HAVE_O5=0
OPT_O5=
rm -f "$TMP/adhoc.exe" > /dev/null 2>&1
@ -581,34 +581,13 @@ if [[ (-z "$HAVE_X32") ]]; then
fi
fi
# "Modern compiler, old hardware" combinations
HAVE_X86_AES=0
HAVE_X86_RDRAND=0
HAVE_X86_RDSEED=0
HAVE_X86_PCLMUL=0
if [[ ("$IS_X86" -ne "0" || "$IS_X64" -ne "0") && ("$SUN_COMPILER" -eq "0") ]]; then
# Hit or miss, mostly hit
if [[ (-z "$HAVE_NATIVE_ARCH") ]]; then
HAVE_NATIVE_ARCH=0
rm -f "$TMP/adhoc.exe" > /dev/null 2>&1
"$CXX" -DCRYPTOPP_ADHOC_MAIN -maes adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
HAVE_X86_AES=1
fi
rm -f "$TMP/adhoc.exe" > /dev/null 2>&1
"$CXX" -DCRYPTOPP_ADHOC_MAIN -mrdrnd adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
HAVE_X86_RDRAND=1
fi
rm -f "$TMP/adhoc.exe" > /dev/null 2>&1
"$CXX" -DCRYPTOPP_ADHOC_MAIN -mrdseed adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
HAVE_X86_RDSEED=1
fi
rm -f "$TMP/adhoc.exe" > /dev/null 2>&1
"$CXX" -DCRYPTOPP_ADHOC_MAIN -mpclmul adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
HAVE_X86_PCLMUL=1
"$CXX" -DCRYPTOPP_ADHOC_MAIN -march=native adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ ("$?" -eq "0") ]]; then
HAVE_NATIVE_ARCH=1
fi
fi
@ -628,16 +607,6 @@ if [[ (-z "$HAVE_LDGOLD") ]]; then
fi
fi
# GCC unified syntax for ASM. Divided syntax is being deprecated
if [[ (-z "$HAVE_UNIFIED_ASM") ]]; then
HAVE_UNIFIED_ASM=0
rm -f "$TMP/adhoc.exe" > /dev/null 2>&1
"$CXX" -DCRYPTOPP_ADHOC_MAIN -masm-syntax-unified adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
HAVE_UNIFIED_ASM=1
fi
fi
# ARMv7 and ARMv8, including NEON, CRC32 and Crypto extensions
if [[ ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0") ]]; then
@ -1194,7 +1163,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
echo
OBJFILE=sha.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1 -msse -msse2" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
DISASS_TEXT=$("$DISASS" "${DISASSARGS[@]}" "$OBJFILE" 2>/dev/null)
@ -1216,9 +1185,6 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
if [[ ("$X86_SSE2" -ne "0" && "$X86_SHA256_HASH_BLOCKS" -eq "0") ]]; then
echo "ERROR: failed to use X86_SHA256_HashBlocks" | tee -a "$TEST_RESULTS"
if [[ ("$CLANG_COMPILER" -ne "0") ]]; then
echo "This could be due to Clang and lack of expected support for Intel assembly syntax in some versions of the compiler"
fi
fi
if [[ ("$FAILED" -eq "0" && "$X86_SHA256_HASH_BLOCKS" -ne "0") ]]; then
@ -1231,7 +1197,11 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
############################################
# Test AES-NI code generation
X86_AESNI=$(echo -n "$X86_CPU_FLAGS" | "$GREP" -i -c aes)
"$CXX" -DCRYPTOPP_ADHOC_MAIN -maes adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
X86_AESNI=1
fi
if [[ ("$X86_AESNI" -ne "0") ]]; then
echo
echo "************************************" | tee -a "$TEST_RESULTS"
@ -1239,7 +1209,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
echo
OBJFILE=rijndael.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1 -msse -msse2" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
@ -1283,17 +1253,17 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
if [[ ("$FAILED" -eq "0") ]]; then
echo "Verified aesenc, aesenclast, aesdec, aesdeclast, aesimc, aeskeygenassist machine instructions" | tee -a "$TEST_RESULTS"
else
if [[ ("$CLANG_COMPILER" -ne "0" && "$CLANG_37_OR_ABOVE" -eq "0") ]]; then
echo "This could be due to Clang and lack of expected support for SSSE3 (and above) in some versions of the compiler. If so, try Clang 3.7 or above"
fi
fi
fi
############################################
# X86 carryless multiply code generation
X86_PCLMUL=$(echo -n "$X86_CPU_FLAGS" | "$GREP" -i -c pclmulq)
"$CXX" -DCRYPTOPP_ADHOC_MAIN -mpclmul adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
X86_PCLMUL=1
fi
if [[ ("$X86_PCLMUL" -ne "0") ]]; then
echo
echo "************************************" | tee -a "$TEST_RESULTS"
@ -1301,19 +1271,19 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
echo
OBJFILE=gcm.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1 -msse -msse2" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
DISASS_TEXT=$("$DISASS" "${DISASSARGS[@]}" "$OBJFILE" 2>/dev/null)
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c '(pclmullqhq|vpclmulqdq)')
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c '(pclmulqdq|pclmullqhq|vpclmulqdq)')
if [[ ("$COUNT" -eq "0") ]]; then
FAILED=1
echo "ERROR: failed to generate pclmullqhq instruction" | tee -a "$TEST_RESULTS"
fi
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c '(pclmullqlq|vpclmulqdq)')
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c '(pclmulqdq|pclmullqlq|vpclmulqdq)')
if [[ ("$COUNT" -eq "0") ]]; then
FAILED=1
echo "ERROR: failed to generate pclmullqlq instruction" | tee -a "$TEST_RESULTS"
@ -1321,18 +1291,21 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
if [[ ("$FAILED" -eq "0") ]]; then
echo "Verified pclmullqhq and pclmullqlq machine instructions" | tee -a "$TEST_RESULTS"
else
if [[ ("$CLANG_COMPILER" -ne "0" && "$CLANG_37_OR_ABOVE" -eq "0") ]]; then
echo "This could be due to Clang and lack of expected support for SSSE3 (and above) in some versions of the compiler. If so, try Clang 3.7 or above"
fi
fi
fi
############################################
# Test RDRAND and RDSEED code generation
X86_RDRAND=$(echo -n "$X86_CPU_FLAGS" | "$GREP" -i -c rdrand)
X86_RDSEED=$(echo -n "$X86_CPU_FLAGS" | "$GREP" -i -c rdseed)
"$CXX" -DCRYPTOPP_ADHOC_MAIN -mrdrnd adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
X86_RDRAND=1
fi
"$CXX" -DCRYPTOPP_ADHOC_MAIN -mrdseed adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
X86_RDSEED=1
fi
if [[ ("$X86_RDRAND" -ne "0" || "$X86_RDSEED" -ne "0") ]]; then
echo
echo "************************************" | tee -a "$TEST_RESULTS"
@ -1340,7 +1313,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
echo
OBJFILE=rdrand.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1 -msse -msse2" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
@ -1364,17 +1337,17 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
if [[ ("$FAILED" -eq "0") ]]; then
echo "Verified rdrand and rdseed machine instructions" | tee -a "$TEST_RESULTS"
else
if [[ ("$CLANG_COMPILER" -ne "0" && "$CLANG_37_OR_ABOVE" -eq "0") ]]; then
echo "This could be due to Clang and lack of expected support for SSSE3 (and above) in some versions of the compiler. If so, try Clang 3.7 or above"
fi
fi
fi
############################################
# X86 CRC32 code generation
X86_CRC32=$(echo -n "$X86_CPU_FLAGS" | "$EGREP" -i -c '(sse4.2|sse4_2)')
"$CXX" -DCRYPTOPP_ADHOC_MAIN -msse4.2 adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
X86_CRC32=1
fi
if [[ ("$X86_CRC32" -ne "0") ]]; then
echo
echo "************************************" | tee -a "$TEST_RESULTS"
@ -1382,7 +1355,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
echo
OBJFILE=crc.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1 -msse -msse2" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
@ -1402,17 +1375,17 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
if [[ ("$FAILED" -eq "0") ]]; then
echo "Verified crc32l and crc32b machine instructions" | tee -a "$TEST_RESULTS"
else
if [[ ("$CLANG_COMPILER" -ne "0" && "$CLANG_37_OR_ABOVE" -eq "0") ]]; then
echo "This could be due to Clang and lack of expected support for SSSE3 (and above) in some versions of the compiler. If so, try Clang 3.7 or above"
fi
fi
fi
############################################
# X86 SHA code generation
X86_SHA=$(echo -n "$X86_CPU_FLAGS" | "$EGREP" -i -c '(sha_ni)')
"$CXX" -DCRYPTOPP_ADHOC_MAIN -msha adhoc.cpp -o "$TMP/adhoc.exe" > /dev/null 2>&1
if [[ "$?" -eq "0" ]]; then
X86_SHA=1
fi
if [[ ("$X86_SHA" -ne "0") ]]; then
echo
echo "************************************" | tee -a "$TEST_RESULTS"
@ -1420,7 +1393,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
echo
OBJFILE=sha.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1 -msse -msse2" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
@ -1470,10 +1443,6 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t
if [[ ("$FAILED" -eq "0") ]]; then
echo "Verified sha1rnds4, sha1nexte, sha1msg1, sha1msg2, sha256rnds2, sha256msg1 and sha256msg2 machine instructions" | tee -a "$TEST_RESULTS"
else
if [[ ("$CLANG_COMPILER" -ne "0" && "$CLANG_37_OR_ABOVE" -eq "0") ]]; then
echo "This could be due to Clang and lack of expected support for SSSE3 (and above) in some versions of the compiler. If so, try Clang 3.7 or above"
fi
fi
fi
fi
@ -1492,46 +1461,50 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ]
echo "Testing: ARM NEON code generation" | tee -a "$TEST_RESULTS"
echo
OBJFILE=blake2.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
OBJFILE=aria.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
DISASS_TEXT=$("$DISASS" "${DISASSARGS[@]}" "$OBJFILE" 2>/dev/null)
# BLAKE2_NEON_Compress32: 30 each vld1q_u8 and vld1q_u64
# BLAKE2_NEON_Compress64: 22 each vld1q_u8 and vld1q_u64
COUNT1=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'ldr.*q|vld.*128')
COUNT2=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'ldp.*q')
COUNT=$(($COUNT1 + $(($COUNT2 + $COUNT2))))
if [[ ("$COUNT" -lt "25") ]]; then
# ARIA::UncheckedKeySet: 8 vld1q.32
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'vld')
if [[ ("$COUNT" -lt "8") ]]; then
FAILED=1
echo "ERROR: failed to generate expected vector load instructions" | tee -a "$TEST_RESULTS"
fi
# BLAKE2_NEON_Compress{32|64}: 6 each vst1q_u32 and vst1q_u64
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'str.*q|vstr')
if [[ ("$COUNT" -lt "6") ]]; then
# ARIA::UncheckedKeySet: 24 vstr1q.32
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'vst')
if [[ ("$COUNT" -lt "24") ]]; then
FAILED=1
echo "ERROR: failed to generate expected vector store instructions" | tee -a "$TEST_RESULTS"
fi
# BLAKE2_NEON_Compress{32|64}: 409 each vaddq_u32 and vaddq_u64
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'add.*v|vadd')
if [[ ("$COUNT" -lt "400") ]]; then
# ARIA::UncheckedKeySet: 17 vshl.32
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'vshl')
if [[ ("$COUNT" -lt "17") ]]; then
FAILED=1
echo "ERROR: failed to generate expected vector add instructions" | tee -a "$TEST_RESULTS"
echo "ERROR: failed to generate expected vector shift left instructions" | tee -a "$TEST_RESULTS"
fi
# BLAKE2_NEON_Compress{32|64}: 559 each veorq_u32 and veorq_u64
# ARIA::UncheckedKeySet: 17 vshr.32
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'vshl')
if [[ ("$COUNT" -lt "17") ]]; then
FAILED=1
echo "ERROR: failed to generate expected vector shift right instructions" | tee -a "$TEST_RESULTS"
fi
# ARIA::UncheckedKeySet: 34 veor
COUNT=$(echo -n "$DISASS_TEXT" | "$EGREP" -i -c 'eor.*v|veor')
if [[ ("$COUNT" -lt "550") ]]; then
if [[ ("$COUNT" -lt "34") ]]; then
FAILED=1
echo "ERROR: failed to generate expected vector xor instructions" | tee -a "$TEST_RESULTS"
fi
if [[ ("$FAILED" -eq "0") ]]; then
echo "Verified vector load, store, add, xor machine instructions" | tee -a "$TEST_RESULTS"
echo "Verified vector load, store, shfit left, shift right, xor machine instructions" | tee -a "$TEST_RESULTS"
fi
fi
@ -1546,7 +1519,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ]
echo
OBJFILE=gcm.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
@ -1580,7 +1553,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ]
echo
OBJFILE=crc.o; rm -f "$OBJFILE" 2>/dev/null
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]}" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS -DDISABLE_NATIVE_ARCH=1" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
COUNT=0
FAILED=0
@ -1846,134 +1819,8 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER"
fi
############################################
# Minimum arch with AESNI, RDRAND and RDSEED
if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER" -ne "0") ]]; then
X86_OPTS=()
if [[ "$HAVE_X86_AES" -ne "0" ]]; then
X86_OPTS+=("-maes")
fi
if [[ "$HAVE_X86_RDRAND" -ne "0" ]]; then
X86_OPTS+=("-mrdrnd")
fi
if [[ "$HAVE_X86_RDSEED" -ne "0" ]]; then
X86_OPTS+=("-mrdseed")
fi
# i586 (lacks MMX, SSE and SSE2; enables X86 hardware)
if [[ "$IS_X86" -ne "0" ]]; then
############################################
# Debug build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Debug, i586, AESNI, RDRAND and RDSEED" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$DEBUG_CXXFLAGS -march=i586 ${X86_OPTS[@]} $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
############################################
# Release build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Release, i586, AESNI, RDRAND and RDSEED" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$RELEASE_CXXFLAGS -march=i586 ${X86_OPTS[@]} $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
fi
# x86-64
if [[ "$IS_X64" -ne "0" ]]; then
############################################
# Debug build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Debug, SSE2, AESNI, RDRAND and RDSEED" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$DEBUG_CXXFLAGS -march=x86-64 ${X86_OPTS[@]} $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
############################################
# Release build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Release, SSE2, AESNI, RDRAND and RDSEED" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$RELEASE_CXXFLAGS -march=x86-64 ${X86_OPTS[@]} $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
fi
fi
############################################
# mismatched arch capabilities
if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER" -ne "0") ]]; then
# Mismatched arch capabilities
if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_NATIVE_ARCH" -ne "0") ]]; then
# i586 (lacks MMX, SSE and SSE2)
if [[ "$IS_X86" -ne "0" ]]; then
@ -1990,7 +1837,8 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER"
CXXFLAGS="$DEBUG_CXXFLAGS -march=i586 $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
CXXFLAGS="$DEBUG_CXXFLAGS -march=native $OPT_PIC"
# The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native
CXXFLAGS="$DEBUG_CXXFLAGS $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
@ -2019,7 +1867,8 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER"
CXXFLAGS="$RELEASE_CXXFLAGS -march=i586 $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
CXXFLAGS="$RELEASE_CXXFLAGS -march=native $OPT_PIC"
# The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native
CXXFLAGS="$RELEASE_CXXFLAGS $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
@ -2051,7 +1900,8 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER"
CXXFLAGS="$DEBUG_CXXFLAGS -march=x86-64 $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
CXXFLAGS="$DEBUG_CXXFLAGS -march=native $OPT_PIC"
# The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native
CXXFLAGS="$DEBUG_CXXFLAGS $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
@ -2080,7 +1930,8 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER"
CXXFLAGS="$RELEASE_CXXFLAGS -march=x86-64 $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
CXXFLAGS="$RELEASE_CXXFLAGS -march=native $OPT_PIC"
# The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native
CXXFLAGS="$RELEASE_CXXFLAGS $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
@ -2839,63 +2690,6 @@ if [[ "$HAVE_LDGOLD" -ne "0" ]]; then
fi
fi
############################################
# Build with Unified ASM
if [[ "$HAVE_UNIFIED_ASM" -ne "0" ]]; then
############################################
# Debug build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Debug, unified asm syntax" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$DEBUG_CXXFLAGS ${PLATFORM_CXXFLAGS[@]} -masm-syntax-unified $USER_CXXFLAGS"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
############################################
# Release build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Release, unified asm syntax" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$RELEASE_CXXFLAGS ${PLATFORM_CXXFLAGS[@]} -masm-syntax-unified $USER_CXXFLAGS"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
fi
############################################
# Build at -O3
if [[ "$HAVE_O3" -ne "0" ]]; then
@ -4740,51 +4534,6 @@ if [[ ("$IS_DARWIN" -ne "0" && "$HAVE_CXX17" -ne "0") ]]; then
fi
fi
############################################
# Modern compiler and old hardware, like PII, PIII or Core2
if [[ ("$HAVE_X86_AES" -ne "0" || "$HAVE_X86_RDRAND" -ne "0" || "$HAVE_X86_RDSEED" -ne "0") ]]; then
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: AES, RDRAND and RDSEED" | tee -a "$TEST_RESULTS"
echo
OPTS=()
if [[ ("$GCC_COMPILER" -ne "0") ]]; then
OPTS=("-march=native")
fi
if [[ "$HAVE_X86_AES" -ne "0" ]]; then
OPTS+=("-maes")
fi
if [[ "$HAVE_X86_RDRAND" -ne "0" ]]; then
OPTS+=("-mrdrnd")
fi
if [[ "$HAVE_X86_RDSEED" -ne "0" ]]; then
OPTS+=("-mrdseed")
fi
if [[ "$HAVE_X86_PCLMUL" -ne "0" ]]; then
OPTS+=("-mpclmul")
fi
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$RELEASE_CXXFLAGS ${OPTS[@]} ${PLATFORM_CXXFLAGS[@]} $USER_CXXFLAGS"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
fi
############################################
# Benchmarks
if [[ "$WANT_BENCHMARKS" -ne "0" ]]; then

20
cryptest.vcxproj
View File

@ -180,7 +180,7 @@
<!-- FIPS Validated Warning -->
<ItemDefinitionGroup Label="FIPS Warning">
<PreBuildEvent Condition="'$(Configuration)'=='DLL-Import Debug' Or '$(Configuration)'=='DLL-Import Release'">
<Command>
<Command>
echo *************************************************************************
echo This configuration requires cryptopp.dll. You can build it yourself using
echo the cryptdll project, or obtain a pre-built, FIPS 140-2 validated DLL. If
@ -191,6 +191,13 @@
</PreBuildEvent>
</ItemDefinitionGroup>
<!-- Target for Appvoyer -->
<!-- The rule copies cryptest.exe to the project -->
<!-- root directory so it can be executed in place -->
<Target Name="CopyCryptestToRoot">
<Exec Command="copy $(Platform)\Output\$(Configuration)\cryptest.exe $(SolutionDir)" />
</Target>
<!-- Source Files -->
<ItemGroup>
<ClCompile Include="adhoc.cpp" />
@ -199,7 +206,9 @@
<ClCompile Include="datatest.cpp" />
<ClCompile Include="dlltest.cpp" />
<ClCompile Include="fipsalgt.cpp" />
<ClCompile Include="regtest.cpp" />
<ClCompile Include="regtest1.cpp" />
<ClCompile Include="regtest2.cpp" />
<ClCompile Include="regtest3.cpp" />
<ClCompile Include="test.cpp" />
<ClCompile Include="validat0.cpp" />
<ClCompile Include="validat1.cpp" />
@ -221,6 +230,7 @@
<None Include="TestVectors\blake2.txt" />
<None Include="TestVectors\blake2b.txt" />
<None Include="TestVectors\blake2s.txt" />
<None Include="TestVectors\aria.txt" />
<None Include="TestVectors\camellia.txt" />
<None Include="TestVectors\ccm.txt" />
<None Include="TestVectors\chacha.txt" />
@ -234,6 +244,7 @@
<None Include="TestVectors\gcm.txt" />
<None Include="TestVectors\hkdf.txt" />
<None Include="TestVectors\hmac.txt" />
<None Include="TestVectors\kalyna.txt" />
<None Include="TestVectors\mars.txt" />
<None Include="TestVectors\nr.txt" />
<None Include="TestVectors\panama.txt" />
@ -246,17 +257,20 @@
<None Include="TestVectors\seal.txt" />
<None Include="TestVectors\seed.txt" />
<None Include="TestVectors\sha.txt" />
<None Include="TestVectors\sha2.txt" />
<None Include="TestVectors\sha3.txt" />
<None Include="TestVectors\shacal2.txt" />
<None Include="TestVectors\siphash.txt" />
<None Include="TestVectors\sosemanuk.txt" />
<None Include="TestVectors\tea.txt" />
<None Include="TestVectors\threefish.txt" />
<None Include="TestVectors\ttmac.txt" />
<None Include="TestVectors\vmac.txt" />
<None Include="TestVectors\wake.txt" />
<None Include="TestVectors\whrlpool.txt" />
<None Include="TestData\3desval.dat" />
<None Include="TestData\3wayval.dat" />
<None Include="TestData\aria.dat" />
<None Include="TestData\camellia.dat" />
<None Include="TestData\cast128v.dat" />
<None Include="TestData\cast256v.dat" />
@ -322,4 +336,4 @@
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
</Project>

23
cryptest.vcxproj.filters
View File

@ -33,6 +33,9 @@
<None Include="TestVectors\blake2s.txt">
<Filter>TestVectors</Filter>
</None>
<None Include="TestVectors\aria.txt">
<Filter>TestVectors</Filter>
</None>
<None Include="TestVectors\camellia.txt">
<Filter>TestVectors</Filter>
</None>
@ -72,6 +75,9 @@
<None Include="TestVectors\hmac.txt">
<Filter>TestVectors</Filter>
</None>
<None Include="TestVectors\kalyna.txt">
<Filter>TestVectors</Filter>
</None>
<None Include="TestVectors\mars.txt">
<Filter>TestVectors</Filter>
</None>
@ -108,6 +114,9 @@
<None Include="TestVectors\sha.txt">
<Filter>TestVectors</Filter>
</None>
<None Include="TestVectors\sha2.txt">
<Filter>TestVectors</Filter>
</None>
<None Include="TestVectors\sha3.txt">
<Filter>TestVectors</Filter>
</None>
@ -123,6 +132,9 @@
<None Include="TestVectors\tea.txt">
<Filter>TestVectors</Filter>
</None>
<None Include="TestVectors\threefish.txt">
<Filter>TestVectors</Filter>
</None>
<None Include="TestVectors\ttmac.txt">
<Filter>TestVectors</Filter>
</None>
@ -141,6 +153,9 @@
<None Include="TestData\3wayval.dat">
<Filter>TestData</Filter>
</None>
<None Include="TestData\aria.dat">
<Filter>TestData</Filter>
</None>
<None Include="TestData\camellia.dat">
<Filter>TestData</Filter>
</None>
@ -341,7 +356,13 @@
<ClCompile Include="dlltest.cpp">
<Filter>Source Code</Filter>
</ClCompile>
<ClCompile Include="regtest.cpp">
<ClCompile Include="regtest1.cpp">
<Filter>Source Code</Filter>
</ClCompile>
<ClCompile Include="regtest2.cpp">
<Filter>Source Code</Filter>
</ClCompile>
<ClCompile Include="regtest3.cpp">
<Filter>Source Code</Filter>
</ClCompile>
<ClCompile Include="test.cpp">

16
cryptlib.cpp
View File

@ -71,7 +71,7 @@ Algorithm::Algorithm(bool checkSelfTestStatus)
void SimpleKeyingInterface::SetKey(const byte *key, size_t length, const NameValuePairs &params)
{
this->ThrowIfInvalidKeyLength(length);
this->UncheckedSetKey(key, (unsigned int)length, params);
this->UncheckedSetKey(key, static_cast<unsigned int>(length), params);
}
void SimpleKeyingInterface::SetKeyWithRounds(const byte *key, size_t length, int rounds)
@ -127,7 +127,7 @@ const byte * SimpleKeyingInterface::GetIVAndThrowIfInvalid(const NameValuePairs
{
iv = ivWithLength.begin();
ThrowIfInvalidIV(iv);
size = ThrowIfInvalidIVLength((int)ivWithLength.size());
size = ThrowIfInvalidIVLength(static_cast<int>(ivWithLength.size()));
return iv;
}
else if (params.GetValue(Name::IV(), iv))
@ -171,21 +171,19 @@ size_t BlockTransformation::AdvancedProcessBlocks(const byte *inBlocks, const by
outIncrement = 0-outIncrement;
}
// Coverity finding.
bool xorFlag = xorBlocks && (flags & BT_XorInput);
while (length >= blockSize)
{
if (flags & BT_XorInput)
if (xorFlag)
{
// Coverity finding. However, xorBlocks is never NULL if BT_XorInput.
CRYPTOPP_ASSERT(xorBlocks);
#if defined(__COVERITY__)
if (xorBlocks)
#endif
// xorBlocks non-NULL and with BT_XorInput.
xorbuf(outBlocks, xorBlocks, inBlocks, blockSize);
ProcessBlock(outBlocks);
}
else
{
// xorBlocks can be NULL. See, for example, ECB_OneWay::ProcessData.
// xorBlocks may be non-NULL and without BT_XorInput.
ProcessAndXorBlock(inBlocks, xorBlocks, outBlocks);
}

42
cryptlib.h
View File

@ -10,29 +10,35 @@
<dt>Authenticated Encryption Modes<dd>
CCM, EAX, \ref GCM "GCM (2K tables)", \ref GCM "GCM (64K tables)"
<dt>Block Ciphers<dd>
\ref Rijndael "AES", Weak::ARC4, Blowfish, BTEA, Camellia, CAST128, CAST256, DES, \ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES",
\ref DES_XEX3 "DESX", GOST, IDEA, \ref LR "Luby-Rackoff", MARS, RC2, RC5, RC6, \ref SAFER_K "SAFER-K", \ref SAFER_SK "SAFER-SK", SEED, Serpent,
\ref SHACAL2 "SHACAL-2", SHARK, SKIPJACK,
Square, TEA, \ref ThreeWay "3-Way", Twofish, XTEA
\ref Rijndael "AES", ARIA, Weak::ARC4, Blowfish, BTEA, Camellia, CAST128, CAST256, DES,
\ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES", \ref DES_XEX3 "DESX",
GOST, IDEA, \ref LR "Luby-Rackoff", MARS, RC2, RC5, RC6, \ref SAFER_K "SAFER-K",
\ref SAFER_SK "SAFER-SK", SEED, Serpent, \ref SHACAL2 "SHACAL-2", SHARK, SKIPJACK,
Square, TEA, \ref ThreeWay "3-Way", Threefish, Twofish, XTEA
<dt>Stream Ciphers<dd>
ChaCha8, ChaCha12, ChaCha20, \ref Panama "Panama-LE", \ref Panama "Panama-BE", Salsa20, \ref SEAL "SEAL-LE", \ref SEAL "SEAL-BE", WAKE, XSalsa20
ChaCha8, ChaCha12, ChaCha20, \ref Panama "Panama-LE", \ref Panama "Panama-BE", Salsa20,
\ref SEAL "SEAL-LE", \ref SEAL "SEAL-BE", WAKE, XSalsa20
<dt>Hash Functions<dd>
BLAKE2s, BLAKE2b, \ref Keccak "Keccak (F1600)", SHA1, SHA224, SHA256, SHA384, SHA512, \ref SHA3 "SHA-3", Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak::MD2, Weak::MD4, Weak::MD5
BLAKE2s, BLAKE2b, \ref Keccak "Keccak (F1600)", SHA1, SHA224, SHA256, SHA384, SHA512,
\ref SHA3 "SHA-3", Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, SipHash,
Weak::MD2, Weak::MD4, Weak::MD5
<dt>Non-Cryptographic Checksums<dd>
CRC32, Adler32
<dt>Message Authentication Codes<dd>
VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, \ref GCM "GCM (GMAC)", BLAKE2 (BLAKE2b and BLAKE2s), Poly1305
<dt>Random Number Generators<dd>
NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG,
\ref MersenneTwister "MersenneTwister (MT19937 and MT19937-AR)", RDRAND, RDSEED
NIST Hash_DRBG and HMAC_DRBG, \ref MersenneTwister "MersenneTwister (MT19937 and MT19937-AR)", RDRAND, RDSEED
<dt>Key Derivation and Password-based Cryptography<dd>
HKDF, \ref PKCS12_PBKDF "PBKDF (PKCS #12)", \ref PKCS5_PBKDF1 "PBKDF-1 (PKCS #5)", \ref PKCS5_PBKDF2_HMAC "PBKDF-2/HMAC (PKCS #5)"
HKDF, \ref PKCS12_PBKDF "PBKDF (PKCS #12)", \ref PKCS5_PBKDF1 "PBKDF-1 (PKCS #5)",
\ref PKCS5_PBKDF2_HMAC "PBKDF-2/HMAC (PKCS #5)"
<dt>Public Key Cryptosystems<dd>
DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES
<dt>Public Key Signature Schemes<dd>
DSA2, GDSA, ECDSA, NR, ECNR, LUCSS, RSASS, RSASS_ISO, RabinSS, RWSS, ESIGN
<dt>Key Agreement<dd>
DH, DH2, \ref MQV_Domain "MQV", \ref HMQV_Domain "HMQV", \ref FHMQV_Domain "FHMQV", ECDH, ECMQV, ECHMQV, ECFHMQV, XTR_DH
DH, DH2, \ref MQV_Domain "MQV", \ref HMQV_Domain "HMQV", \ref FHMQV_Domain "FHMQV", ECDH, ECMQV, ECHMQV,
ECFHMQV, XTR_DH
<dt>Algebraic Structures<dd>
Integer, PolynomialMod2, PolynomialOver, RingOfPolynomialsOver,
ModularArithmetic, MontgomeryRepresentation, GFP2_ONB, GF2NP, GF256, GF2_32, EC2N, ECP
@ -45,9 +51,11 @@ Square, TEA, \ref ThreeWay "3-Way", Twofish, XTEA
<dt>Output Sink Classes<dd>
StringSinkTemplate, StringSink, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink
<dt>Filter Wrappers<dd>
StreamTransformationFilter, AuthenticatedEncryptionFilter, AuthenticatedDecryptionFilter, HashFilter, HashVerificationFilter, SignerFilter, SignatureVerificationFilter
StreamTransformationFilter, AuthenticatedEncryptionFilter, AuthenticatedDecryptionFilter, HashFilter,
HashVerificationFilter, SignerFilter, SignatureVerificationFilter
<dt>Binary to Text Encoders and Decoders<dd>
HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base64URLEncoder, Base64URLDecoder, Base32Encoder, Base32Decoder
HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base64URLEncoder, Base64URLDecoder, Base32Encoder,
Base32Decoder
<dt>Wrappers for OS features<dd>
Timer, Socket, WindowsHandle, ThreadLocalStorage, ThreadUserTimer
<dt>FIPS 140 validated cryptography<dd>
@ -59,11 +67,13 @@ In the DLL version of Crypto++, only the following implementation class are avai
<dt>Block Ciphers<dd>
AES, \ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES", SKIPJACK
<dt>Cipher Modes (replace template parameter BC with one of the block ciphers above)<dd>
\ref ECB_Mode "ECB_Mode<BC>", \ref CTR_Mode "CTR_Mode<BC>", \ref CBC_Mode "CBC_Mode<BC>", \ref CFB_FIPS_Mode "CFB_FIPS_Mode<BC>", \ref OFB_Mode "OFB_Mode<BC>", \ref GCM "GCM<AES>"
\ref ECB_Mode "ECB_Mode<BC>", \ref CTR_Mode "CTR_Mode<BC>", \ref CBC_Mode "CBC_Mode<BC>",
\ref CFB_FIPS_Mode "CFB_FIPS_Mode<BC>", \ref OFB_Mode "OFB_Mode<BC>", \ref GCM "GCM<AES>"
<dt>Hash Functions<dd>
SHA1, SHA224, SHA256, SHA384, SHA512
<dt>Public Key Signature Schemes (replace template parameter H with one of the hash functions above)<dd>
RSASS\<PKCS1v15, H\>, RSASS\<PSS, H\>, RSASS_ISO\<H\>, RWSS\<P1363_EMSA2, H\>, DSA, ECDSA\<ECP, H\>, ECDSA\<EC2N, H\>
RSASS\<PKCS1v15, H\>, RSASS\<PSS, H\>, RSASS_ISO\<H\>, RWSS\<P1363_EMSA2, H\>, DSA, ECDSA\<ECP, H\>,
ECDSA\<EC2N, H\>
<dt>Message Authentication Codes (replace template parameter H with one of the hash functions above)<dd>
HMAC\<H\>, CBC_MAC\<DES_EDE2\>, CBC_MAC\<DES_EDE3\>, GCM\<AES\>
<dt>Random Number Generators<dd>
@ -706,7 +716,7 @@ protected:
//! \brief Validates the IV length
//! \param length the size of an IV, in bytes
//! \throws InvalidArgument if the number of rounds are invalid
//! \throws InvalidArgument if the IV length is invalid
size_t ThrowIfInvalidIVLength(int length);
//! \brief Retrieves and validates the IV
@ -1084,8 +1094,6 @@ protected:
void ThrowIfInvalidTruncatedSize(size_t size) const;
};
typedef HashTransformation HashFunction;
//! \brief Interface for one direction (encryption or decryption) of a block cipher
//! \details These objects usually should not be used directly. See BlockTransformation for more details.
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockCipher : public SimpleKeyingInterface, public BlockTransformation
@ -1257,7 +1265,7 @@ public:
{
// TODO: What happens if there are more than 2^32 elements?
for (; begin != end; ++begin)
std::iter_swap(begin, begin + GenerateWord32(0, end-begin-1));
std::iter_swap(begin, begin + GenerateWord32(0, static_cast<word32>(end-begin-1)));
}
};

16
cryptlib.vcxproj
View File

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
@ -34,17 +34,14 @@
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{c39f4b46-6e89-4074-902e-ca57073044d2}</ProjectGuid>
<RootNamespace>cryptlib</RootNamespace>
<PlatformToolset>v100</PlatformToolset>
<ConfigurationType>StaticLibrary</ConfigurationType>
<ConfigurationType>StaticLibrary</ConfigurationType>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
<Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" />
</ImportGroup>
@ -173,6 +170,7 @@
<ClCompile Include="algebra.cpp" />
<ClCompile Include="algparam.cpp" />
<ClCompile Include="arc4.cpp" />
<ClCompile Include="aria.cpp" />
<ClCompile Include="asn.cpp" />
<ClCompile Include="authenc.cpp" />
<ClCompile Include="base32.cpp" />
@ -231,6 +229,8 @@
<ClCompile Include="iterhash.cpp">
<PrecompiledHeader />
</ClCompile>
<ClCompile Include="kalyna.cpp" />
<ClCompile Include="kalynatab.cpp" />
<ClCompile Include="keccak.cpp" />
<ClCompile Include="luc.cpp" />
<ClCompile Include="mars.cpp" />
@ -287,6 +287,7 @@
<ClCompile Include="strciphr.cpp" />
<ClCompile Include="tea.cpp" />
<ClCompile Include="tftables.cpp" />
<ClCompile Include="threefish.cpp" />
<ClCompile Include="tiger.cpp" />
<ClCompile Include="tigertab.cpp" />
<ClCompile Include="trdlocal.cpp" />
@ -345,6 +346,7 @@
<ClInclude Include="algebra.h" />
<ClInclude Include="algparam.h" />
<ClInclude Include="arc4.h" />
<ClInclude Include="aria.h" />
<ClInclude Include="argnames.h" />
<ClInclude Include="asn.h" />
<ClInclude Include="authenc.h" />
@ -402,6 +404,7 @@
<ClInclude Include="idea.h" />
<ClInclude Include="integer.h" />
<ClInclude Include="iterhash.h" />
<ClInclude Include="kalyna.h" />
<ClInclude Include="keccak.h" />
<ClInclude Include="lubyrack.h" />
<ClInclude Include="luc.h" />
@ -463,6 +466,7 @@
<ClInclude Include="stdcpp.h" />
<ClInclude Include="strciphr.h" />
<ClInclude Include="tea.h" />
<ClInclude Include="threefish.h" />
<ClInclude Include="tiger.h" />
<ClInclude Include="trap.h" />
<ClInclude Include="trdlocal.h" />
@ -485,4 +489,4 @@
<ImportGroup Label="ExtensionTargets">
<Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
</ImportGroup>
</Project>
</Project>

23
cryptlib.vcxproj.filters
View File

@ -29,6 +29,9 @@
<ClCompile Include="arc4.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="aria.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="asn.cpp">
<Filter>Source Files</Filter>
</ClCompile>
@ -188,6 +191,12 @@
<ClCompile Include="iterhash.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="kalyna.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="kalynatab.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="keccak.cpp">
<Filter>Source Files</Filter>
</ClCompile>
@ -350,6 +359,9 @@
<ClCompile Include="tftables.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="threefish.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="tiger.cpp">
<Filter>Source Files</Filter>
</ClCompile>
@ -429,6 +441,9 @@
<ClInclude Include="arc4.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="aria.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="argnames.h">
<Filter>Header Files</Filter>
</ClInclude>
@ -597,6 +612,9 @@
<ClInclude Include="iterhash.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="kalyna.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="keccak.h">
<Filter>Header Files</Filter>
</ClInclude>
@ -780,6 +798,9 @@
<ClInclude Include="tea.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="threefish.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="tiger.h">
<Filter>Header Files</Filter>
</ClInclude>
@ -849,4 +870,4 @@
<Filter>Source Files</Filter>
</CustomBuild>
</ItemGroup>
</Project>
</Project>

183
datatest.cpp
View File

@ -18,9 +18,10 @@
#include "hkdf.h"
#include "stdcpp.h"
#include <iostream>
#include <sstream>
// Aggressive stack checking with VS2005 SP1 and above.
#if (CRYPTOPP_MSC_VERSION >= 1410)
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
@ -111,12 +112,41 @@ void PutDecodedDatumInto(const TestData &data, const char *name, BufferedTransfo
int repeat = 1;
if (s1[0] == 'r')
{
repeat = atoi(s1.c_str()+1);
repeat = ::atoi(s1.c_str()+1);
s1 = s1.substr(s1.find(' ')+1);
}
s2 = ""; // MSVC 6 doesn't have clear();
// Convert endian order. Use it with 64-bit words like this:
// Key: word64 BC2560EFC6BBA2B1 E3361F162238EB40 FB8631EE0ABBD175 7B9479D4C5479ED1
// BC2560EFC6BBA2B1 will be processed into B1A2BBC6EF6025BC.
// or:
// Key: word32 BC2560EF E3361F16 FB8631EE 7B9479D4
// BC2560EF will be processed into EF6025BC.
if (s1.length() >= 6 && (s1.substr(0,6) == "word32" || s1.substr(0,6) == "word64"))
{
std::istringstream iss(s1.substr(6));
if (s1.substr(0,6) == "word64")
{
word64 value;
while (iss >> std::skipws >> std::hex >> value)
{
value = ConditionalByteReverse(LITTLE_ENDIAN_ORDER, value);
q.Put((const byte *)&value, 8);
}
}
else
{
word32 value;
while (iss >> std::skipws >> std::hex >> value)
{
value = ConditionalByteReverse(LITTLE_ENDIAN_ORDER, value);
q.Put((const byte *)&value, 4);
}
}
goto end;
}
s2.clear();
if (s1[0] == '\"')
{
s2 = s1.substr(1, s1.find('\"', 1)-1);
@ -375,8 +405,17 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters)
lastName = name;
}
// Most block ciphers don't specify BlockSize. Kalyna and Threefish use it.
int blockSize = pairs.GetIntValueWithDefault(Name::BlockSize(), 0);
// Most block ciphers don't specify BlockPaddingScheme. Kalyna uses it in test vectors.
// 0 is NoPadding, 1 is ZerosPadding, 2 is PkcsPadding, 3 is OneAndZerosPadding, etc
// Note: The machinery is wired such that paddingScheme is effectively latched. An
// old paddingScheme may be unintentionally used in a subsequent test.
int paddingScheme = pairs.GetIntValueWithDefault(Name::BlockPaddingScheme(), 0);
ConstByteArrayParameter iv;
if (pairs.GetValue(Name::IV(), iv) && iv.size() != encryptor->IVSize())
if (pairs.GetValue(Name::IV(), iv) && iv.size() != encryptor->IVSize() && (int)iv.size() != blockSize)
SignalTestFailure();
if (test == "Resync")
@ -397,6 +436,16 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters)
decryptor->Seek(seek);
}
// If a per-test vector parameter was set for a test, like BlockPadding, BlockSize or Tweak,
// then it becomes latched in testDataPairs. The old value is used in subsequent tests, and
// it could cause a self test failure in the next test. The behavior surfaced under Kalyna
// and Threefish. The Kalyna test vectors use NO_PADDING for all tests excpet one. For
// Threefish, using (and not using) a Tweak caused problems as we marched through test
// vectors. For BlockPadding, BlockSize or Tweak, unlatch them now, after the key has been
// set and NameValuePairs have been processed. Also note we only unlatch from testDataPairs.
// If overrideParameters are specified, the caller is responsible for managing the parameter.
v.erase("Tweak"); v.erase("BlockSize"); v.erase("BlockPaddingScheme");
std::string encrypted, xorDigest, ciphertext, ciphertextXorDigest;
if (test == "EncryptionMCT" || test == "DecryptionMCT")
{
@ -427,7 +476,7 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters)
ciphertext = GetDecodedDatum(v, test == "EncryptionMCT" ? "Ciphertext" : "Plaintext");
if (encrypted != ciphertext)
{
std::cout << "incorrectly encrypted: ";
std::cout << "\nincorrectly encrypted: ";
StringSource xx(encrypted, false, new HexEncoder(new FileSink(std::cout)));
xx.Pump(256); xx.Flush(false);
std::cout << "\n";
@ -436,13 +485,15 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters)
return;
}
StreamTransformationFilter encFilter(*encryptor, new StringSink(encrypted), StreamTransformationFilter::NO_PADDING);
StreamTransformationFilter encFilter(*encryptor, new StringSink(encrypted),
static_cast<BlockPaddingSchemeDef::BlockPaddingScheme>(paddingScheme));
RandomizedTransfer(StringStore(plaintext).Ref(), encFilter, true);
encFilter.MessageEnd();
/*{
std::string z;
encryptor->Seek(seek);
StringSource ss(plaintext, false, new StreamTransformationFilter(*encryptor, new StringSink(z), StreamTransformationFilter::NO_PADDING));
StringSource ss(plaintext, false, new StreamTransformationFilter(*encryptor, new StringSink(z),
static_cast<BlockPaddingSchemeDef::BlockPaddingScheme>(paddingScheme)));
while (ss.Pump(64)) {}
ss.PumpAll();
for (int i=0; i<z.length(); i++)
@ -459,19 +510,20 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters)
}
if (test != "EncryptXorDigest" ? encrypted != ciphertext : xorDigest != ciphertextXorDigest)
{
std::cout << "incorrectly encrypted: ";
std::cout << "\nincorrectly encrypted: ";
StringSource xx(encrypted, false, new HexEncoder(new FileSink(std::cout)));
xx.Pump(2048); xx.Flush(false);
std::cout << "\n";
SignalTestFailure();
}
std::string decrypted;
StreamTransformationFilter decFilter(*decryptor, new StringSink(decrypted), StreamTransformationFilter::NO_PADDING);
StreamTransformationFilter decFilter(*decryptor, new StringSink(decrypted),
static_cast<BlockPaddingSchemeDef::BlockPaddingScheme>(paddingScheme));
RandomizedTransfer(StringStore(encrypted).Ref(), decFilter, true);
decFilter.MessageEnd();
if (decrypted != plaintext)
{
std::cout << "incorrectly decrypted: ";
std::cout << "\nincorrectly decrypted: ";
StringSource xx(decrypted, false, new HexEncoder(new FileSink(std::cout)));
xx.Pump(256); xx.Flush(false);
std::cout << "\n";
@ -480,7 +532,7 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters)
}
else
{
std::cout << "unexpected test name\n";
std::cout << "\nunexpected test name\n";
SignalTestError();
}
}
@ -538,7 +590,7 @@ void TestAuthenticatedSymmetricCipher(TestData &v, const NameValuePairs &overrid
if (test == "Encrypt" && encrypted != ciphertext+mac)
{
std::cout << "incorrectly encrypted: ";
std::cout << "\nincorrectly encrypted: ";
StringSource xx(encrypted, false, new HexEncoder(new FileSink(std::cout)));
xx.Pump(2048); xx.Flush(false);
std::cout << "\n";
@ -546,7 +598,7 @@ void TestAuthenticatedSymmetricCipher(TestData &v, const NameValuePairs &overrid
}
if (test == "Encrypt" && decrypted != plaintext)
{
std::cout << "incorrectly decrypted: ";
std::cout << "\nincorrectly decrypted: ";
StringSource xx(decrypted, false, new HexEncoder(new FileSink(std::cout)));
xx.Pump(256); xx.Flush(false);
std::cout << "\n";
@ -555,18 +607,18 @@ void TestAuthenticatedSymmetricCipher(TestData &v, const NameValuePairs &overrid
if (ciphertext.size()+mac.size()-plaintext.size() != asc1->DigestSize())
{
std::cout << "bad MAC size\n";
std::cout << "\nbad MAC size\n";
SignalTestFailure();
}
if (df.GetLastResult() != (test == "Encrypt"))
{
std::cout << "MAC incorrectly verified\n";
std::cout << "\nMAC incorrectly verified\n";
SignalTestFailure();
}
}
else
{
std::cout << "unexpected test name\n";
std::cout << "\nunexpected test name\n";
SignalTestError();
}
}
@ -645,8 +697,13 @@ void TestKeyDerivationFunction(TestData &v)
SignalTestFailure();
}
// GetField parses the name/value pairs. The tricky part is the insertion operator
// because Unix&Linux uses LF, OS X uses CR, and Windows uses CRLF. If this function
// is modified, then run 'cryptest.exe tv rsa_pkcs1_1_5' as a test. Its the parser
// file from hell. If it can be parsed without error, then things are likely OK.
bool GetField(std::istream &is, std::string &name, std::string &value)
{
// ***** Name *****
name.clear();
is >> name;
@ -666,56 +723,56 @@ bool GetField(std::istream &is, std::string &name, std::string &value)
while (is.peek() == ' ')
is.ignore(1);
// VC60 workaround: getline bug
char buffer[128];
// ***** Value *****
value.clear();
bool continueLine, space = false;
std::string line;
bool continueLine = true;
do
while (continueLine && std::getline(is, line))
{
do
{
is.get(buffer, sizeof(buffer));
value += buffer;
if (buffer[0] == ' ')
space = true;
}
while (buffer[0] != 0);
is.clear();
is.ignore();
if (!value.empty() && value[value.size()-1] == '\r')
value.resize(value.size()-1);
if (!value.empty() && value[value.size()-1] == '\\')
{
value.resize(value.size()-1);
continueLine = true;
}
else
continueLine = false;
std::string::size_type i = value.find('#');
if (i != std::string::npos)
value.erase(i);
}
while (continueLine);
// Strip intermediate spaces for some values.
if (space && (name == "Modulus" || name == "SubgroupOrder" || name == "SubgroupGenerator" ||
name == "PublicElement" || name == "PrivateExponent" || name == "Signature"))
{
std::string temp;
temp.reserve(value.size());
std::string::const_iterator it;
for(it = value.begin(); it != value.end(); it++)
{
if(*it != ' ')
temp.push_back(*it);
// Unix and Linux may have a stray \r because of Windows
if (!line.empty() && (line[line.size() - 1] == '\r' || line[line.size() - 1] == '\n')) {
line.erase(line.size()-1);
}
std::swap(temp, value);
continueLine = false;
if (!line.empty())
{
// Early out for immediate line continuation
if (line[0] == '\\') {
continueLine = true;
continue;
}
// Check end of line. It must be last character
if (line[line.size() - 1] == '\\') {
continueLine = true;
}
// Check for comment. It can be first character
if (line[0] == '#') {
continue;
}
}
// Leading and trailing position. The leading position moves right, and
// trailing position moves left. The sub-string in the middle is the value
// for the name. We leave one space when line continuation is in effect.
// The value can be an empty string. One Plaintext value is often empty
// for algorithm testing.
std::string::size_type l=0, t=std::string::npos;
const std::string whitespace = "\t \r\n";
l = line.find_first_not_of(whitespace, l);
if (l == std::string::npos) { l = 0; }
t = line.find('#', l);
if (t != std::string::npos) { t--; }
t = line.find_last_not_of(whitespace+"\\", t);
if (t != std::string::npos) { t++; }
CRYPTOPP_ASSERT(t >= l);
value += line.substr(l, t - l);
if (continueLine)
value += ' ';
}
return true;
@ -764,6 +821,7 @@ void TestDataFile(std::string filename, const NameValuePairs &overrideParameters
std::ifstream file(filename.c_str());
if (!file.good())
throw Exception(Exception::OTHER_ERROR, "Can not open file " + filename + " for reading");
TestData v;
s_currentTestData = &v;
std::string name, value, lastAlgName;
@ -778,6 +836,9 @@ void TestDataFile(std::string filename, const NameValuePairs &overrideParameters
if (!GetField(file, name, value))
break;
// Can't assert value. Plaintext is sometimes empty.
// CRYPTOPP_ASSERT(!value.empty());
v[name] = value;
if (name == "Test" && (s_thorough || v["SlowTest"] != "1"))

14
default.h
View File

@ -19,7 +19,7 @@ NAMESPACE_BEGIN(CryptoPP)
//! \brief Legacy block cipher for LegacyEncryptor, LegacyDecryptor, LegacyEncryptorWithMAC and LegacyDecryptorWithMAC
typedef DES_EDE2 LegacyBlockCipher;
//! \brief Legacy hash for use with LegacyEncryptorWithMAC and LegacyDecryptorWithMAC
typedef SHA LegacyHashModule;
typedef SHA1 LegacyHashModule;
//! \brief Legacy HMAC for use withLegacyEncryptorWithMAC and LegacyDecryptorWithMAC
typedef HMAC<LegacyHashModule> LegacyMAC;
@ -180,6 +180,12 @@ template <class BC, class H, class MAC, class Info>
class DataEncryptorWithMAC : public ProxyFilter
{
public:
CRYPTOPP_CONSTANT(BLOCKSIZE = Info::BLOCKSIZE)
CRYPTOPP_CONSTANT(KEYLENGTH = Info::KEYLENGTH)
CRYPTOPP_CONSTANT(SALTLENGTH = Info::SALTLENGTH)
CRYPTOPP_CONSTANT(DIGESTSIZE = Info::DIGESTSIZE)
CRYPTOPP_CONSTANT(ITERATIONS = Info::ITERATIONS)
//! \brief Constructs a DataEncryptorWithMAC
//! \param passphrase a C-String password
//! \param attachment a BufferedTransformation to attach to this object
@ -220,6 +226,12 @@ template <class BC, class H, class MAC, class Info>
class DataDecryptorWithMAC : public ProxyFilter
{
public:
CRYPTOPP_CONSTANT(BLOCKSIZE = Info::BLOCKSIZE)
CRYPTOPP_CONSTANT(KEYLENGTH = Info::KEYLENGTH)
CRYPTOPP_CONSTANT(SALTLENGTH = Info::SALTLENGTH)
CRYPTOPP_CONSTANT(DIGESTSIZE = Info::DIGESTSIZE)
CRYPTOPP_CONSTANT(ITERATIONS = Info::ITERATIONS)
//! \brief Constructs a DataDecryptor
//! \param passphrase a C-String password
//! \param attachment a BufferedTransformation to attach to this object

14
dll.cpp
View File

@ -5,15 +5,10 @@
#include "dll.h"
#include "config.h"
#include "iterhash.h"
// TODO: fix the C4589 warnings
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4589)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(default: 4660)
#endif
// Cast from FARPROC to funcptr with args, http://stackoverflow.com/q/4192058/608639
#pragma warning(disable: 4191)
#if defined(CRYPTOPP_EXPORTS) && defined(CRYPTOPP_WIN32_AVAILABLE)
#include <windows.h>
@ -70,9 +65,6 @@ static void * New (size_t size)
return p;
}
// Cast from FARPROC to funcptr with args, http://stackoverflow.com/q/4192058/608639
#pragma warning(disable: 4191)
static void SetNewAndDeleteFunctionPointers()
{
void *p = NULLPTR;

2
dlltest.vcxproj
View File

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">

2
eccrypto.h
View File

@ -398,7 +398,7 @@ struct ECDSA_RFC6979 : public DL_SS<
//! \brief Elliptic Curve NR (ECNR) signature scheme
//! \tparam EC elliptic curve field
//! \tparam H HashTransformation derived class
template <class EC, class H = SHA>
template <class EC, class H = SHA1>
struct ECNR : public DL_SS<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, DL_SignatureMessageEncodingMethod_NR, H>
{
};

14
esign.cpp
View File

@ -21,15 +21,15 @@ NAMESPACE_BEGIN(CryptoPP)
#if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
void ESIGN_TestInstantiations()
{
ESIGN<SHA>::Verifier x1(1, 1);
ESIGN<SHA>::Signer x2(NullRNG(), 1);
ESIGN<SHA>::Verifier x3(x2);
ESIGN<SHA>::Verifier x4(x2.GetKey());
ESIGN<SHA>::Verifier x5(x3);
ESIGN<SHA>::Signer x6 = x2;
ESIGN<SHA1>::Verifier x1(1, 1);
ESIGN<SHA1>::Signer x2(NullRNG(), 1);
ESIGN<SHA1>::Verifier x3(x2);
ESIGN<SHA1>::Verifier x4(x2.GetKey());
ESIGN<SHA1>::Verifier x5(x3);
ESIGN<SHA1>::Signer x6 = x2;
x6 = x2;
x3 = ESIGN<SHA>::Verifier(x2);
x3 = ESIGN<SHA1>::Verifier(x2);
x4 = x2.GetKey();
}
#endif

8
esign.h
View File

@ -85,6 +85,14 @@ public:
void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
{GenerateRandomWithKeySize(rng, modulusBits);}
// Squash Visual Studio C4250 warning
void Save(BufferedTransformation &bt) const
{BEREncode(bt);}
// Squash Visual Studio C4250 warning
void Load(BufferedTransformation &bt)
{BERDecode(bt);}
void BERDecode(BufferedTransformation &bt);
void DEREncode(BufferedTransformation &bt) const;

4
files.h
View File

@ -59,6 +59,10 @@ public:
//! \returns the internal stream pointer
std::istream* GetStream() {return m_stream;}
//! \brief Retrieves the internal stream
//! \returns the internal stream pointer
const std::istream* GetStream() const {return m_stream;}
lword MaxRetrievable() const;
size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);
size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const;

11
filters.cpp
View File

@ -611,8 +611,15 @@ void StreamTransformationFilter::InitializeDerivedAndReturnNewSizes(const NameVa
else
m_padding = padding;
if (!isBlockCipher && (m_padding == PKCS_PADDING || m_padding == ONE_AND_ZEROS_PADDING))
throw InvalidArgument("StreamTransformationFilter: PKCS_PADDING and ONE_AND_ZEROS_PADDING cannot be used with " + m_cipher.AlgorithmName());
if (!isBlockCipher)
{
if (m_padding == PKCS_PADDING)
throw InvalidArgument("StreamTransformationFilter: PKCS_PADDING cannot be used with " + m_cipher.AlgorithmName());
else if (m_padding == W3C_PADDING)
throw InvalidArgument("StreamTransformationFilter: W3C_PADDING cannot be used with " + m_cipher.AlgorithmName());
else if (m_padding == ONE_AND_ZEROS_PADDING)
throw InvalidArgument("StreamTransformationFilter: ONE_AND_ZEROS_PADDING cannot be used with " + m_cipher.AlgorithmName());
}
firstSize = 0;
blockSize = m_cipher.MandatoryBlockSize();

2
fipsalgt.cpp
View File

@ -457,7 +457,7 @@ protected:
Integer p, q, h, g;
int counter;
SecByteBlock seed(SHA::DIGESTSIZE);
SecByteBlock seed(SHA1::DIGESTSIZE);
do
{
m_rng.GenerateBlock(seed, seed.size());

2
fipstest.cpp
View File

@ -46,7 +46,7 @@ extern "C" {void __cdecl _CRT_DEBUGGER_HOOK(int); }
#include <iostream>
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4100)
# pragma warning(disable: 4100 4702)
#endif
NAMESPACE_BEGIN(CryptoPP)

6
gf2n.cpp
View File

@ -155,12 +155,16 @@ void PolynomialMod2::Encode(byte *output, size_t outputLen) const
void PolynomialMod2::Decode(BufferedTransformation &bt, size_t inputLen)
{
CRYPTOPP_ASSERT(bt.MaxRetrievable() >= inputLen);
if (bt.MaxRetrievable() < inputLen)
throw InvalidArgument("PolynomialMod2: input length is too small");
reg.CleanNew(BytesToWords(inputLen));
for (size_t i=inputLen; i > 0; i--)
{
byte b;
bt.Get(b);
(void)bt.Get(b);
reg[(i-1)/WORD_SIZE] |= word(b) << ((i-1)%WORD_SIZE)*8;
}
}

8
gfpcrypt.cpp
View File

@ -23,12 +23,12 @@ NAMESPACE_BEGIN(CryptoPP)
#if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
void TestInstantiations_gfpcrypt()
{
GDSA<SHA>::Signer test;
GDSA<SHA>::Verifier test1;
GDSA<SHA1>::Signer test;
GDSA<SHA1>::Verifier test1;
DSA::Signer test5(NullRNG(), 100);
DSA::Signer test2(test5);
NR<SHA>::Signer test3;
NR<SHA>::Verifier test4;
NR<SHA1>::Signer test3;
NR<SHA1>::Verifier test4;
DLIES<>::Encryptor test6;
DLIES<>::Decryptor test7;
}

4
gfpcrypt.h
View File

@ -737,7 +737,7 @@ class DSA2;
struct DL_Keys_DSA
{
typedef DL_PublicKey_GFP<DL_GroupParameters_DSA> PublicKey;
typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, DSA2<SHA> > PrivateKey;
typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, DSA2<SHA1> > PrivateKey;
};
//! \class DSA2
@ -779,7 +779,7 @@ typedef DSA2<SHA1> DSA;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_GFP<DL_GroupParameters_DSA>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_GFP<DL_GroupParameters_DSA>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, DSA2<SHA> >;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, DSA2<SHA1> >;
//! \class DL_EncryptionAlgorithm_Xor
//! \brief P1363 based XOR Encryption Method

122
gzip.cpp
View File

@ -2,22 +2,53 @@
#include "pch.h"
#include "gzip.h"
#include "argnames.h"
NAMESPACE_BEGIN(CryptoPP)
// Checks whether the character is valid for ISO/IEC 8859-1 as required by RFC 1952
static inline bool Is8859Character(char c) {
const unsigned char cc = static_cast<unsigned char>(c);
return (cc >= 32 && cc <= 126) || (cc >= 160);
}
void Gzip::IsolatedInitialize(const NameValuePairs &parameters)
{
ConstByteArrayParameter v;
if (parameters.GetValue(Name::FileName(), v))
m_filename.assign(reinterpret_cast<const char*>(v.begin()), v.size());
if (parameters.GetValue(Name::Comment(), v))
m_comment.assign(reinterpret_cast<const char*>(v.begin()), v.size());
m_filetime = parameters.GetIntValueWithDefault(Name::FileTime(), 0);
}
void Gzip::WritePrestreamHeader()
{
m_totalLen = 0;
m_crc.Restart();
int flags = 0;
if(!m_filename.empty())
flags |= FILENAME;
if(!m_comment.empty())
flags |= COMMENTS;
AttachedTransformation()->Put(MAGIC1);
AttachedTransformation()->Put(MAGIC2);
AttachedTransformation()->Put(DEFLATED);
AttachedTransformation()->Put(0); // general flag
AttachedTransformation()->PutWord32(0); // time stamp
byte extra = byte((GetDeflateLevel() == 1) ? FAST : ((GetDeflateLevel() == 9) ? SLOW : 0));
AttachedTransformation()->Put((byte)flags); // general flag
AttachedTransformation()->PutWord32(m_filetime, LITTLE_ENDIAN_ORDER); // time stamp
byte extra = (GetDeflateLevel() == 1) ? FAST : ((GetDeflateLevel() == 9) ? SLOW : 0);
AttachedTransformation()->Put(extra);
AttachedTransformation()->Put(GZIP_OS_CODE);
// Filename is NULL terminated, hence the +1
if(!m_filename.empty())
AttachedTransformation()->Put((const unsigned char*)m_filename.data(), m_filename.size() +1);
// Comment is NULL terminated, hence the +1
if(!m_comment.empty())
AttachedTransformation()->Put((const unsigned char*)m_comment.data(), m_comment.size() +1);
}
void Gzip::ProcessUncompressedData(const byte *inString, size_t length)
@ -32,12 +63,44 @@ void Gzip::WritePoststreamTail()
m_crc.Final(crc);
AttachedTransformation()->Put(crc, 4);
AttachedTransformation()->PutWord32(m_totalLen, LITTLE_ENDIAN_ORDER);
m_filetime = 0;
m_filename.clear();
m_comment.clear();
}
void Gzip::SetComment(const std::string& comment, bool throwOnEncodingError)
{
if(throwOnEncodingError)
{
for(size_t i = 0; i < comment.length(); i++) {
const char c = comment[i];
if(!Is8859Character(c))
throw InvalidDataFormat("The comment is not ISO/IEC 8859-1 encoded");
}
}
m_comment = comment;
}
void Gzip::SetFilename(const std::string& filename, bool throwOnEncodingError)
{
if(throwOnEncodingError)
{
for(size_t i = 0; i < filename.length(); i++) {
const char c = filename[i];
if(!Is8859Character(c))
throw InvalidDataFormat("The filename is not ISO/IEC 8859-1 encoded");
}
}
m_filename = filename;
}
// *************************************************************
Gunzip::Gunzip(BufferedTransformation *attachment, bool repeat, int propagation)
: Inflator(attachment, repeat, propagation), m_length(0)
: Inflator(attachment, repeat, propagation), m_length(0), m_filetime(0)
{
}
@ -46,15 +109,20 @@ void Gunzip::ProcessPrestreamHeader()
m_length = 0;
m_crc.Restart();
m_filetime = 0;
m_filename.clear();
m_comment.clear();
byte buf[6];
byte b, flags;
if (m_inQueue.Get(buf, 2)!=2) throw HeaderErr();
if (buf[0] != MAGIC1 || buf[1] != MAGIC2) throw HeaderErr();
if (!m_inQueue.Skip(1)) throw HeaderErr(); // skip extra flags
if (!m_inQueue.Get(b) || (b != DEFLATED)) throw HeaderErr(); // skip CM flag
if (!m_inQueue.Get(flags)) throw HeaderErr();
if (flags & (ENCRYPTED | CONTINUED)) throw HeaderErr();
if (m_inQueue.Skip(6)!=6) throw HeaderErr(); // Skip file time, extra flags and OS type
if (m_inQueue.GetWord32(m_filetime, LITTLE_ENDIAN_ORDER) != 4) throw HeaderErr();
if (m_inQueue.Skip(2)!=2) throw HeaderErr(); // Skip extra flags and OS type
if (flags & EXTRA_FIELDS) // skip extra fields
{
@ -63,15 +131,25 @@ void Gunzip::ProcessPrestreamHeader()
if (m_inQueue.Skip(length)!=length) throw HeaderErr();
}
if (flags & FILENAME) // skip filename
if (flags & FILENAME) // extract filename
{
do
{
if(!m_inQueue.Get(b)) throw HeaderErr();
if(b) m_filename.append( 1, (char)b );
}
while (b);
}
if (flags & COMMENTS) // skip comments
if (flags & COMMENTS) // extract comments
{
do
{
if(!m_inQueue.Get(b)) throw HeaderErr();
if(b) m_comment.append( 1, (char)b );
}
while (b);
}
}
void Gunzip::ProcessDecompressedData(const byte *inString, size_t length)
@ -96,4 +174,32 @@ void Gunzip::ProcessPoststreamTail()
throw LengthErr();
}
const std::string& Gunzip::GetComment(bool throwOnEncodingError) const
{
if(throwOnEncodingError)
{
for(size_t i = 0; i < m_comment.length(); i++) {
const char c = m_comment[i];
if(!Is8859Character(c))
throw InvalidDataFormat("The comment is not ISO/IEC 8859-1 encoded");
}
}
return m_comment;
}
const std::string& Gunzip::GetFilename(bool throwOnEncodingError) const
{
if(throwOnEncodingError)
{
for(size_t i = 0; i < m_filename.length(); i++) {
const char c = m_filename[i];
if(!Is8859Character(c))
throw InvalidDataFormat("The filename is not ISO/IEC 8859-1 encoded");
}
}
return m_filename;
}
NAMESPACE_END

53
gzip.h
View File

@ -27,24 +27,54 @@ public:
//! if a file has both compressible and uncompressible parts, it may fail to compress
//! some of the compressible parts.
Gzip(BufferedTransformation *attachment=NULLPTR, unsigned int deflateLevel=DEFAULT_DEFLATE_LEVEL, unsigned int log2WindowSize=DEFAULT_LOG2_WINDOW_SIZE, bool detectUncompressible=true)
: Deflator(attachment, deflateLevel, log2WindowSize, detectUncompressible), m_totalLen(0) {}
: Deflator(attachment, deflateLevel, log2WindowSize, detectUncompressible), m_totalLen(0) { }
//! \brief Construct a Gzip compressor
//! \param parameters a set of NameValuePairs to initialize this object
//! \param attachment an attached transformation
//! \details Possible parameter names: Log2WindowSize, DeflateLevel, DetectUncompressible
Gzip(const NameValuePairs &parameters, BufferedTransformation *attachment=NULLPTR)
: Deflator(parameters, attachment), m_totalLen(0) {}
: Deflator(parameters, attachment), m_totalLen(0)
{
IsolatedInitialize(parameters);
}
//! \param filetime the filetime to set in the header. The application is responsible for setting it.
void SetFiletime(word32 filetime) { m_filetime = filetime; }
//! \param filename the original filename to set in the header. The application is responsible for setting it.
//! RFC 1952 requires a ISO/IEC 8859-1 encoding.
//! \param throwOnEncodingError if throwOnEncodingError is true, then the filename is checked to ensure it is
//! ISO/IEC 8859-1 encoded. If the filename does not adhere to ISO/IEC 8859-1, then a InvalidDataFormat
//! is thrown. If throwOnEncodingError is false then the filename is not checked.
void SetFilename(const std::string& filename, bool throwOnEncodingError = false);
//! \param comment the comment to set in the header. The application is responsible for setting it.
//! RFC 1952 requires a ISO/IEC 8859-1 encoding.
//! \param throwOnEncodingError if throwOnEncodingError is true, then the comment is checked to ensure it is
//! ISO/IEC 8859-1 encoded. If the comment does not adhere to ISO/IEC 8859-1, then a InvalidDataFormat
//! is thrown. If throwOnEncodingError is false then the comment is not checked.
void SetComment(const std::string& comment, bool throwOnEncodingError = false);
void IsolatedInitialize(const NameValuePairs &parameters);
protected:
enum {MAGIC1=0x1f, MAGIC2=0x8b, // flags for the header
DEFLATED=8, FAST=4, SLOW=2};
enum FLAG_MASKS {
FILENAME=8, COMMENTS=16};
void WritePrestreamHeader();
void ProcessUncompressedData(const byte *string, size_t length);
void WritePoststreamTail();
word32 m_totalLen;
CRC32 m_crc;
word32 m_filetime;
std::string m_filename;
std::string m_comment;
};
//! \class Gunzip
@ -73,6 +103,21 @@ public:
//! \param autoSignalPropagation 0 to turn off MessageEnd signal
Gunzip(BufferedTransformation *attachment = NULLPTR, bool repeat = false, int autoSignalPropagation = -1);
//! \return the filetime of the stream as set in the header. The application is responsible for setting it on the decompressed file.
word32 GetFiletime() const { return m_filetime; }
//! \return the filename of the stream as set in the header. The application is responsible for setting it on the decompressed file.
//! \param throwOnEncodingError if throwOnEncodingError is true, then the filename is checked to ensure it is
//! ISO/IEC 8859-1 encoded. If the filename does not adhere to ISO/IEC 8859-1, then a InvalidDataFormat is thrown.
//! If throwOnEncodingError is false then the filename is not checked.
const std::string& GetFilename(bool throwOnEncodingError = false) const;
//! \return the comment of the stream as set in the header.
//! \param throwOnEncodingError if throwOnEncodingError is true, then the comment is checked to ensure it is
//! ISO/IEC 8859-1 encoded. If the comment does not adhere to ISO/IEC 8859-1, then a InvalidDataFormat is thrown.
//! If throwOnEncodingError is false then the comment is not checked.
const std::string& GetComment(bool throwOnEncodingError = false) const;
protected:
enum {
//! \brief First header magic value
@ -94,6 +139,10 @@ protected:
word32 m_length;
CRC32 m_crc;
word32 m_filetime;
std::string m_filename;
std::string m_comment;
};
NAMESPACE_END

129
integer.cpp
View File

@ -1,6 +1,37 @@
// integer.cpp - originally written and placed in the public domain by Wei Dai
// contains public domain code contributed by Alister Lee and Leonard Janke
// Notes by JW: The Integer class needs to do two things. First, it needs to set function
// pointers on some platforms, like X86 and X64. The function pointers select a fast multiply
// and addition based on the cpu. Second, it wants to create Integer::Zero(), Integer::One()
// and Integer::Two(). The function pointers are initialized in the class InitializeInteger.
// Wei's original code was much simpler. It uses the Singleton pattern, but it always produced
// memory findings. The Singleton generates memory findings because it used for a Create on
// First Use pattern. Resource destruction effectivley requires running resource acquisition
// with dependencies in reverse. For resources provided through the Singletons, there is no way
// to express the dependency order to safely destroy resources.
// The difference in the changes below is we use platform and language specific remediations
// if they are available. If not available, then we fall back to Wei's original code. If
// NO_OS_DEPENDENCE is defined, then the library uses Wei's original code.
// Under all versions of C++ on Linux and Microsoft platforms, we can use GCC's init_priority
// or MSVC's init_seg(lib) to initialize the function pointers and create the Integers 0, 1 and 2
// after CRT startup. This avoids the Singletons and clears over half the reports of memory
// leaks. However, it does not apply to Apple or Sun platforms.
// C++11 allows us to use call_once to set the function pointers, and Integer does so when
// init_priority and init_seg(lib) are not available. The class also uses the Singleton pattern
// to ensure integers 0, 1 and 2 are available. The Singleton will produce memory findings, but
// we don't have anything else to use in this case.
// C++03 on platforms like Apple and Sun, we use a boolean flag to track when the function pointers
// have been set based on the cpu. Its just a Nifty Counter in disguise, and its similar to using
// the g_pAssignToInteger to track initialization. It has concurrency issues, but a race is not a
// problem. It does not matter if two threads both set the same pointers. The Singleton pattern
// is also used to ensure integers 0, 1 and 2 are available. The Singleton will produce memory
// findings, but we don't have anything else to use in this case.
// While not readily apparent, Integer does not need to inherit from InitializeInteger when
// init_priority and init_seg(lib) are available. They just create an InitializePointers object
// at the right time after CRT initialization. The additional class avoids the small runtime
// overhead associated with checking the flags, and hides the detail from the interface.
#include "pch.h"
#include "config.h"
@ -30,6 +61,7 @@
#include "smartptr.h"
#include "algparam.h"
#include "filters.h"
#include "stdcpp.h"
#include "asn.h"
#include "oids.h"
#include "words.h"
@ -74,6 +106,41 @@
// ***************** C++ Static Initialization ********************
NAMESPACE_BEGIN(CryptoPP)
static void SetFunctionPointers();
#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY)
// Add InitializePointers to perform the work of setting pointers once.
struct InitializePointers
{
InitializePointers()
{
SetFunctionPointers();
}
};
// Leave InitializeInteger empty so no work is done.
InitializeInteger::InitializeInteger()
{
}
#elif defined(CRYPTOPP_CXX11_SYNCHRONIZATION) && defined(CRYPTOPP_CXX11_DYNAMIC_INIT)
std::once_flag s_flag;
InitializeInteger::InitializeInteger()
{
std::call_once(s_flag, []() {
SetFunctionPointers();
});
}
#else
static bool s_flag;
InitializeInteger::InitializeInteger()
{
MEMORY_BARRIER();
if (s_flag == false)
{
SetFunctionPointers();
s_flag = true;
MEMORY_BARRIER();
}
}
#endif
template <long i>
struct NewInteger
{
@ -82,54 +149,28 @@ struct NewInteger
return new Integer(i);
}
};
static void SetFunctionPointers();
bool AssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt);
NAMESPACE_END
ANONYMOUS_NAMESPACE_BEGIN
struct InitializeInteger
{
InitializeInteger()
{
CryptoPP::SetFunctionPointers();
CryptoPP::g_pAssignIntToInteger = (CryptoPP::PAssignIntToInteger)CryptoPP::AssignIntToInteger;
}
};
#if HAVE_GCC_INIT_PRIORITY
const InitializeInteger s_init __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 30))) = InitializeInteger();
#if defined(HAVE_GCC_INIT_PRIORITY)
const CryptoPP::InitializePointers s_init __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 30))) = CryptoPP::InitializePointers();
const CryptoPP::Integer s_zero __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 31))) = CryptoPP::Integer(0L);
const CryptoPP::Integer s_one __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 32))) = CryptoPP::Integer(1L);
const CryptoPP::Integer s_two __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 33))) = CryptoPP::Integer(2L);
#elif HAVE_MSC_INIT_PRIORITY
#elif defined(HAVE_MSC_INIT_PRIORITY)
#pragma warning(disable: 4075)
#pragma init_seg(".CRT$XCU-030")
const InitializeInteger s_init;
const CryptoPP::InitializePointers s_init;
const CryptoPP::Integer s_zero(0L);
const CryptoPP::Integer s_one(1L);
const CryptoPP::Integer s_two(2L);
#pragma warning(default: 4075)
#else
const InitializeInteger& s_init = CryptoPP::Singleton<InitializeInteger>().Ref();
const CryptoPP::Integer& s_zero = CryptoPP::Singleton<CryptoPP::Integer, CryptoPP::NewInteger<0L> >().Ref();
const CryptoPP::Integer& s_one = CryptoPP::Singleton<CryptoPP::Integer, CryptoPP::NewInteger<1L> >().Ref();
const CryptoPP::Integer& s_two = CryptoPP::Singleton<CryptoPP::Integer, CryptoPP::NewInteger<2L> >().Ref();
#endif
ANONYMOUS_NAMESPACE_END
// ***************** Library code ********************
NAMESPACE_BEGIN(CryptoPP)
bool AssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt)
{
if (valueType != typeid(Integer))
return false;
*reinterpret_cast<Integer *>(pInteger) = *reinterpret_cast<const int *>(pInt);
return true;
}
inline static int Compare(const word *A, const word *B, size_t N)
{
while (N--)
@ -3009,7 +3050,7 @@ Integer::Integer(const byte *encodedInteger, size_t byteCount, Signedness s, Byt
if (o == LITTLE_ENDIAN_ORDER)
{
SecByteBlock block(byteCount);
#if (CRYPTOPP_MSC_VERSION >= 1410)
#if (_MSC_FULL_VER >= 140050727)
std::reverse_copy(encodedInteger, encodedInteger+byteCount,
stdext::make_checked_array_iterator(block.begin(), block.size()));
#else
@ -3047,17 +3088,29 @@ Integer Integer::Power2(size_t e)
const Integer &Integer::Zero()
{
#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY)
return s_zero;
#else
return Singleton<Integer, NewInteger<0L> >().Ref();
#endif
}
const Integer &Integer::One()
{
#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY)
return s_one;
#else
return Singleton<Integer, NewInteger<1L> >().Ref();
#endif
}
const Integer &Integer::Two()
{
#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY)
return s_two;
#else
return Singleton<Integer, NewInteger<2L> >().Ref();
#endif
}
bool Integer::operator!() const
@ -3353,7 +3406,7 @@ void Integer::Decode(BufferedTransformation &bt, size_t inputLen, Signedness s)
reg.CleanNew(RoundupSize(BytesToWords(inputLen)));
for (size_t i=inputLen; i > 0; i--)
{
bt.Get(b);
(void)bt.Get(b);
reg[(i-1)/WORD_SIZE] |= word(b) << ((i-1)%WORD_SIZE)*8;
}
@ -4751,6 +4804,18 @@ std::string IntToString<word64>(word64 value, unsigned int base)
return result;
}
#ifndef CRYPTOPP_NO_ASSIGN_TO_INTEGER
// Allow the linker to discard Integer code if not needed.
// Also see http://github.com/weidai11/cryptopp/issues/389.
bool AssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt)
{
if (valueType != typeid(Integer))
return false;
*reinterpret_cast<Integer *>(pInteger) = *reinterpret_cast<const int *>(pInt);
return true;
}
#endif
NAMESPACE_END
#endif

8
integer.h
View File

@ -8,6 +8,9 @@
//! has two data members. The first is a IntegerSecBlock (a SecBlock<word>) and it is
//! used to hold the representation. The second is a Sign (an enumeration), and it is
//! used to track the sign of the Integer.
//! \details For details on how the Integer class initializes its function pointers using
//! InitializeInteger and how it creates Integer::Zero(), Integer::One(), and
//! Integer::Two(), then see the comments at the top of <tt>integer.cpp</tt>.
//! \since Crypto++ 1.0
#ifndef CRYPTOPP_INTEGER_H
@ -38,9 +41,12 @@ typedef SecBlock<word, AllocatorWithCleanup<word, true> > IntegerSecBlock;
//! has two data members. The first is a IntegerSecBlock (a SecBlock<word>) and it is
//! used to hold the representation. The second is a Sign (an enumeration), and it is
//! used to track the sign of the Integer.
//! \details For details on how the Integer class initializes its function pointers using
//! InitializeInteger and how it creates Integer::Zero(), Integer::One(), and
//! Integer::Two(), then see the comments at the top of <tt>integer.cpp</tt>.
//! \since Crypto++ 1.0
//! \nosubgrouping
class CRYPTOPP_DLL Integer : public ASN1Object
class CRYPTOPP_DLL Integer : private InitializeInteger, public ASN1Object
{
public:
//! \name ENUMS, EXCEPTIONS, and TYPEDEFS

1321
kalyna.cpp Normal file
View File

File diff suppressed because it is too large Load Diff

160
kalyna.h Normal file
View File

@ -0,0 +1,160 @@
// kalyna.h - written and placed in the public domain by Jeffrey Walton
// Based on public domain code by Keru Kuro.
//! \file kalyna.h
//! \brief Classes for the Kalyna block cipher
//! \details The Crypto++ implementation relied upon three sources. First was Oliynykov, Gorbenko, Kazymyrov,
//! Ruzhentsev, Kuznetsov, Gorbenko, Dyrda, Dolgov, Pushkaryov, Mordvinov and Kaidalov's "A New Encryption
//! Standard of Ukraine: The Kalyna Block Cipher" (http://eprint.iacr.org/2015/650.pdf). Second was Roman
//! Oliynykov and Oleksandr Kazymyrov's GitHub with the reference implementation
//! (http://github.com/Roman-Oliynykov/Kalyna-reference). The third resource was Keru Kuro's implementation
//! of Kalyna in CppCrypto (http://sourceforge.net/projects/cppcrypto/). Kuro has an outstanding
//! implementation that performed better than the reference implementation and our initial attempts.
#ifndef CRYPTOPP_KALYNA_H
#define CRYPTOPP_KALYNA_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
//! \class Kalyna_Info
//! \brief Kalyna block cipher information
//! \details Kalyna key sizes and block sizes do not fit well into the library. Rather
//! than using VariableKeyLength (which is wrong) or using a GeometricKeyLength
//! (a new class), we just unroll it here. Note that the step size, Q, is still
//! wrong for this implementation.
//! \since Crypto++ 6.0
struct Kalyna_Info : public VariableBlockSize<16, 16, 64>
{
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "Kalyna";}
//! \brief The minimum key length used by the algorithm provided as a constant
//! \details MIN_KEYLENGTH is provided in bytes, not bits
CRYPTOPP_CONSTANT(MIN_KEYLENGTH=16)
//! \brief The maximum key length used by the algorithm provided as a constant
//! \details MIN_KEYLENGTH is provided in bytes, not bits
CRYPTOPP_CONSTANT(MAX_KEYLENGTH=64)
//! \brief The default key length used by the algorithm provided as a constant
//! \details MIN_KEYLENGTH is provided in bytes, not bits
CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=16)
//! \brief The default IV requirements for the algorithm provided as a constant
//! \details The default value is NOT_RESYNCHRONIZABLE. See IV_Requirement
//! in cryptlib.h for allowed values.
CRYPTOPP_CONSTANT(IV_REQUIREMENT=SimpleKeyingInterface::UNIQUE_IV)
//! \brief The default initialization vector length for the algorithm provided as a constant
//! \details IV_LENGTH is provided in bytes, not bits. Kalyna has two different block sizes for
//! each key length. This function returns the default block size for the defult key length.
CRYPTOPP_CONSTANT(IV_LENGTH=16)
//! \brief Provides a valid key length for the algorithm provided by a static function.
//! \param keylength the size of the key, in bytes
//! \details The key length depends on the block size. For each block size, 128, 256 and 512,
//! the key length can be either the block size or twice the block size. That means the
//! valid key lengths are 126, 256, 512 and 1024. Additionally, it means a key length of,
//! say, 32 could be used with either 128-block size or 256-block size.
CRYPTOPP_STATIC_CONSTEXPR size_t CRYPTOPP_API StaticGetValidKeyLength(size_t keylength)
{
return (keylength >= 64) ? 64 :
(keylength >= 32) ? 32 : 16;
}
//! \brief Validates the blocksize for Kalyna.
//! \param keylength the key length of the cipher
//! \param blocksize the candidate blocksize
//! \param alg an Algorithm object used if the blocksize is invalid
//! \throws InvalidBlockSize if the blocksize is invalid
//! \details ThrowIfInvalidBlockSize() validates the blocksize and throws if invalid.
inline void ThrowIfInvalidBlockSize(int blocksize, const Algorithm *alg)
{
if ( blocksize != 16 && blocksize != 32 && blocksize != 64)
throw InvalidBlockSize(alg ? alg->AlgorithmName() : std::string("VariableBlockSize"), blocksize);
}
//! \brief Validates the blocksize for Kalyna.
//! \param keylength the key length of the cipher
//! \param blocksize the candidate blocksize
//! \param alg an Algorithm object used if the blocksize is invalid
//! \throws InvalidBlockSize if the blocksize is invalid
//! \details ThrowIfInvalidBlockSize() validates the blocksize under a key and throws if invalid.
inline void ThrowIfInvalidBlockSize(int keylength, int blocksize, const Algorithm *alg)
{
if ( ((keylength == 16) && (blocksize != 16)) ||
((keylength == 32) && (blocksize != 32 && blocksize != 64)) ||
((keylength == 64) && (blocksize != 32 && blocksize != 64)) )
{
throw InvalidBlockSize(alg ? alg->AlgorithmName() : std::string("VariableBlockSize"), blocksize);
}
}
};
//! \class Kalyna
//! \brief Kalyna block cipher
//! \since Crypto++ 6.0
class Kalyna : public Kalyna_Info, public BlockCipherDocumentation
{
public:
class CRYPTOPP_NO_VTABLE Base : public VariableBlockCipherImpl<Kalyna_Info>
{
public:
//! \brief Provides the name of this algorithm
//! \return the standard algorithm name
//! \details If the object is unkeyed, then the generic name "Kalyna" is returned
//! to the caller. If the algorithm is keyed, then a two or three part name is
//! returned to the caller. The name follows DSTU 7624:2014, where block size is
//! provided first and then key length. The library uses a dash to identify block size
//! and parenthesis to identify key length. For example, Kalyna-128(256) is Kalyna
//! with a 128-bit block size and a 256-bit key length. If a mode is associated
//! with the object, then it follows as expected. For example, Kalyna-128(256)/ECB.
//! DSTU is a little more complex with more parameters, dashes, underscores, but the
//! library does not use the delimiters or full convention.
std::string AlgorithmName() const {
return m_blocksize ? "Kalyna-" + IntToString(m_blocksize*8) + "(" + IntToString(m_kl*8) + ")" : StaticAlgorithmName();
}
unsigned int OptimalDataAlignment() const {
return GetAlignmentOf<word64>();
}
protected:
void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params);
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
protected:
// Visual Studio and C2910: 'Kalyna::Base::SetKey_Template': cannot be explicitly specialized
//template <unsigned int NB, unsigned int NK>
// void SetKey_Template(const word64 key[NK]);
void SetKey_22(const word64 key[2]);
void SetKey_24(const word64 key[4]);
void SetKey_44(const word64 key[4]);
void SetKey_48(const word64 key[8]);
void SetKey_88(const word64 key[8]);
// Visual Studio and C2910: 'Kalyna::Base::ProcessBlock_Template': cannot be explicitly specialized
//template <unsigned int NB, unsigned int NK>
// void ProcessBlock_Template(const word64 inBlock[NB], const word64 outBlock[NB]) const;
void ProcessBlock_22(const word64 inBlock[2], const word64 xorBlock[2], word64 outBlock[2]) const;
void ProcessBlock_24(const word64 inBlock[2], const word64 xorBlock[2] ,word64 outBlock[2]) const;
void ProcessBlock_44(const word64 inBlock[4], const word64 xorBlock[4], word64 outBlock[4]) const;
void ProcessBlock_48(const word64 inBlock[4], const word64 xorBlock[4], word64 outBlock[4]) const;
void ProcessBlock_88(const word64 inBlock[8], const word64 xorBlock[8], word64 outBlock[8]) const;
private:
typedef SecBlock<word64, AllocatorWithCleanup<word64, true> > AlignedSecBlock64;
mutable AlignedSecBlock64 m_wspace; // work space
AlignedSecBlock64 m_mkey; // master key
AlignedSecBlock64 m_rkeys; // round keys
unsigned int m_kl, m_nb, m_nk; // key length, number 64-bit blocks and keys
};
typedef BlockCipherFinal<ENCRYPTION, Base> Encryption;
typedef BlockCipherFinal<DECRYPTION, Base> Decryption;
};
typedef Kalyna::Encryption KalynaEncryption;
typedef Kalyna::Decryption KalynaDecryption;
NAMESPACE_END
#endif // CRYPTOPP_KALYNA_H

1233
kalynatab.cpp Normal file
View File

File diff suppressed because it is too large Load Diff

2
luc.cpp
View File

@ -13,7 +13,7 @@ NAMESPACE_BEGIN(CryptoPP)
#if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
void LUC_TestInstantiations()
{
LUC_HMP<SHA>::Signer t1;
LUC_HMP<SHA1>::Signer t1;
LUCFunction t2;
InvertibleLUCFunction t3;
}

8
luc.h
View File

@ -152,11 +152,11 @@ struct LUCSS : public TF_SS<LUC, STANDARD, H>
};
// analogous to the RSA schemes defined in PKCS #1 v2.0
typedef LUCES<OAEP<SHA> >::Decryptor LUCES_OAEP_SHA_Decryptor;
typedef LUCES<OAEP<SHA> >::Encryptor LUCES_OAEP_SHA_Encryptor;
typedef LUCES<OAEP<SHA1> >::Decryptor LUCES_OAEP_SHA_Decryptor;
typedef LUCES<OAEP<SHA1> >::Encryptor LUCES_OAEP_SHA_Encryptor;
typedef LUCSS<PKCS1v15, SHA>::Signer LUCSSA_PKCS1v15_SHA_Signer;
typedef LUCSS<PKCS1v15, SHA>::Verifier LUCSSA_PKCS1v15_SHA_Verifier;
typedef LUCSS<PKCS1v15, SHA1>::Signer LUCSSA_PKCS1v15_SHA_Signer;
typedef LUCSS<PKCS1v15, SHA1>::Verifier LUCSSA_PKCS1v15_SHA_Verifier;
// ********************************************************

58
mersenne.h
View File

@ -26,7 +26,7 @@ NAMESPACE_BEGIN(CryptoPP)
//! required quickly. It should not be used for cryptographic purposes.
//! \sa MT19937, MT19937ar
//! \since Crypto++ 5.6.3
template <unsigned int K, unsigned int M, unsigned int N, unsigned int F, unsigned long S>
template <unsigned int K, unsigned int M, unsigned int N, unsigned int F, word32 S>
class MersenneTwister : public RandomNumberGenerator
{
public:
@ -38,11 +38,26 @@ public:
//! \param seed 32-bit seed
//! \details Defaults to template parameter S due to changing algorithm
//! parameters over time
MersenneTwister(unsigned long seed = S) : m_seed(seed), m_idx(N)
MersenneTwister(word32 seed = S) : m_seed(seed), m_idx(N)
{
m_state[0] = seed;
for (unsigned int i = 1; i < N+1; i++)
m_state[i] = word32(F * (m_state[i-1] ^ (m_state[i-1] >> 30)) + i);
Reset(seed);
}
bool CanIncorporateEntropy() const {return true;}
//! \brief Update RNG state with additional unpredictable values
//! \param input the entropy to add to the generator
//! \param length the size of the input buffer
//! \details MersenneTwister uses the first 32-bits of <tt>input</tt> to reseed the
//! generator. If fewer bytes are provided, then the seed is padded with 0's.
void IncorporateEntropy(const byte *input, size_t length)
{
word32 temp = 0;
::memcpy(&temp, input, STDMIN(sizeof(temp), length));
Reset(temp);
// Wipe temp
SecureWipeArray(&temp, 1);
}
//! \brief Generate random array of bytes
@ -58,24 +73,15 @@ public:
word32 temp;
for (size_t i=0; i < size/4; i++, output += 4)
{
#if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) && defined(IS_LITTLE_ENDIAN)
*((word32*)output) = ByteReverse(NextMersenneWord());
#elif defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS)
*((word32*)output) = NextMersenneWord();
#else
temp = NextMersenneWord();
output[3] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 0);
output[2] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 1);
output[1] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 2);
output[0] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 3);
#endif
memcpy(output, &temp, 4);
}
// No tail bytes
if (size%4 == 0)
{
// Wipe temp
*((volatile word32*)&temp) = 0;
SecureWipeArray(&temp, 1);
return;
}
@ -91,7 +97,7 @@ public:
}
// Wipe temp
*((volatile word32*)&temp) = 0;
SecureWipeArray(&temp, 1);
}
//! \brief Generate a random 32-bit word in the range min to max, inclusive
@ -128,6 +134,16 @@ public:
protected:
void Reset(word32 seed)
{
m_seed = seed;
m_idx = N;
m_state[0] = seed;
for (unsigned int i = 1; i < N+1; i++)
m_state[i] = word32(F * (m_state[i-1] ^ (m_state[i-1] >> 30)) + i);
}
//! \brief Returns the next 32-bit word from the state array
//! \returns the next 32-bit word from the state array
//! \details fetches the next word frm the state array, performs bit operations on
@ -148,7 +164,7 @@ protected:
//! \brief Performs the twist operaton on the state array
void Twist()
{
static const unsigned long magic[2]={0x0UL, K};
static const word32 magic[2]={0x0UL, K};
word32 kk, temp;
CRYPTOPP_ASSERT(N >= M);
@ -171,7 +187,7 @@ protected:
m_idx = 0;
// Wipe temp
*((volatile word32*)&temp) = 0;
SecureWipeArray(&temp, 1);
}
private:
@ -179,9 +195,9 @@ private:
//! \brief 32-bit word state array of size N
FixedSizeSecBlock<word32, N+1> m_state;
//! \brief the value used to seed the generator
unsigned int m_seed;
word32 m_seed;
//! \brief the current index into the state array
unsigned int m_idx;
word32 m_idx;
};
//! \class MT19937

6
modes.cpp
View File

@ -67,7 +67,7 @@ void CFB_ModePolicy::TransformRegister()
void CFB_ModePolicy::CipherResynchronize(const byte *iv, size_t length)
{
CRYPTOPP_ASSERT(length == BlockSize());
CopyOrZero(m_register, iv, length);
CopyOrZero(m_register, m_register.size(), iv, length);
TransformRegister();
}
@ -99,7 +99,7 @@ void OFB_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv,
CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
CRYPTOPP_ASSERT(length == BlockSize());
CopyOrZero(m_register, iv, length);
CopyOrZero(m_register, m_register.size(), iv, length);
}
void CTR_ModePolicy::SeekToIteration(lword iterationCount)
@ -144,7 +144,7 @@ void CTR_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv,
CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
CRYPTOPP_ASSERT(length == BlockSize());
CopyOrZero(m_register, iv, length);
CopyOrZero(m_register, m_register.size(), iv, length);
m_counterArray = m_register;
}

9
modes.h
View File

@ -130,12 +130,15 @@ protected:
unsigned int m_feedbackSize;
};
inline void CopyOrZero(void *dest, const void *src, size_t s)
inline void CopyOrZero(void *dest, size_t d, const void *src, size_t s)
{
CRYPTOPP_ASSERT(dest);
CRYPTOPP_ASSERT(d >= s);
if (src)
memcpy_s(dest, s, src, s);
memcpy_s(dest, d, src, s);
else
memset(dest, 0, s);
memset(dest, 0, d);
}
//! \class OFB_ModePolicy

2
oaep.h
View File

@ -37,7 +37,7 @@ protected:
MaskGeneratingFunction * NewMGF() const {return new MGF;}
};
CRYPTOPP_DLL_TEMPLATE_CLASS OAEP<SHA>;
CRYPTOPP_DLL_TEMPLATE_CLASS OAEP<SHA1>;
NAMESPACE_END

2
osrng.cpp
View File

@ -146,7 +146,7 @@ void NonblockingRng::GenerateBlock(byte *output, size_t size)
{
#ifdef CRYPTOPP_WIN32_AVAILABLE
// Acquiring a provider is expensive. Do it once and retain the reference.
static const MicrosoftCryptoProvider &hProvider = Singleton<MicrosoftCryptoProvider>().Ref();
const MicrosoftCryptoProvider &hProvider = Singleton<MicrosoftCryptoProvider>().Ref();
# if defined(USE_MS_CRYPTOAPI)
if (!CryptGenRandom(hProvider.GetProviderHandle(), (DWORD)size, output))
throw OS_RNG_Err("CryptGenRandom");

4
randpool.h
View File

@ -20,8 +20,8 @@
//! # Go back one more
//! git checkout HEAD~1
//!
//! $ grep 'MDC<SHA>' *.h *.cpp
//! randpool.cpp:typedef MDC<SHA> RandomPoolCipher;
//! $ grep 'MDC<SHA1>' *.h *.cpp
//! randpool.cpp:typedef MDC<SHA1> RandomPoolCipher;
//! </pre>
//! \since Crypto++ 4.0 (PGP 2.6.x style), Crypto++ 5.5 (AES-256 based)

26
rdrand-nasm.sh
View File

@ -20,39 +20,39 @@ fi
if [ "$IS_LINUX" -eq "1" ]; then
echo "Building rdrand and rdseed modules for Linux"
nasm -f elf32 rdrand.S -DX86 -g -o rdrand-x86.o
nasm -f elfx32 rdrand.S -DX32 -g -o rdrand-x32.o
nasm -f elf64 rdrand.S -DX64 -g -o rdrand-x64.o
nasm -f elf32 rdrand.s -DX86 -g -o rdrand-x86.o
nasm -f elfx32 rdrand.s -DX32 -g -o rdrand-x32.o
nasm -f elf64 rdrand.s -DX64 -g -o rdrand-x64.o
SUCCESS=1
fi
if [ "$IS_OPENBSD" -eq "1" ] || [ "$IS_NETBSD" -eq "1" ] || [ "$IS_FREEBSD" -eq "1" ] || [ "$IS_DRAGONFLY" -eq "1" ]; then
echo "Building rdrand and rdseed modules for BSD"
nasm -f elf32 rdrand.S -DX86 -g -o rdrand-x86.o
nasm -f elfx32 rdrand.S -DX32 -g -o rdrand-x32.o
nasm -f elf64 rdrand.S -DX64 -g -o rdrand-x64.o
nasm -f elf32 rdrand.s -DX86 -g -o rdrand-x86.o
nasm -f elfx32 rdrand.s -DX32 -g -o rdrand-x32.o
nasm -f elf64 rdrand.s -DX64 -g -o rdrand-x64.o
SUCCESS=1
fi
if [ "$IS_SOLARIS" -eq "1" ]; then
echo "Building rdrand and rdseed modules for Solaris"
nasm -f elf32 rdrand.S -DX86 -o rdrand-x86.o
nasm -f elfx32 rdrand.S -DX32 -o rdrand-x32.o
nasm -f elf64 rdrand.S -DX64 -o rdrand-x64.o
nasm -f elf32 rdrand.s -DX86 -o rdrand-x86.o
nasm -f elfx32 rdrand.s -DX32 -o rdrand-x32.o
nasm -f elf64 rdrand.s -DX64 -o rdrand-x64.o
SUCCESS=1
fi
if [ "$IS_DARWIN" -eq "1" ]; then
echo "Building rdrand and rdseed modules for Darwin"
nasm -f macho32 rdrand.S -DDARWIN -DX86 -g -o rdrand-x86.o
nasm -f macho64 rdrand.S -DDARWIN -DX64 -g -o rdrand-x64.o
nasm -f macho32 rdrand.s -DDARWIN -DX86 -g -o rdrand-x86.o
nasm -f macho64 rdrand.s -DDARWIN -DX64 -g -o rdrand-x64.o
SUCCESS=1
fi
if [ "$IS_CYGWIN" -eq "1" ]; then
echo "Building rdrand and rdseed modules for Cygwin"
nasm -f win32 rdrand.S -DCYGWIN -DX86 -g -o rdrand-x86.o
nasm -f win64 rdrand.S -DCYGWIN -DX64 -g -o rdrand-x64.o
nasm -f win32 rdrand.s -DCYGWIN -DX86 -g -o rdrand-x86.o
nasm -f win64 rdrand.s -DCYGWIN -DX64 -g -o rdrand-x64.o
SUCCESS=1
fi

93
rdrand.cpp
View File

@ -7,10 +7,6 @@
#include "rdrand.h"
#include "cpu.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4100)
#endif
// This file (and friends) provides both RDRAND and RDSEED. They were added at
// Crypto++ 5.6.3. At compile time, it uses CRYPTOPP_BOOL_{X86|X32|X64}
// to select an implementation or "throw NotImplemented". The class does not
@ -73,12 +69,12 @@
# define GCC_RDSEED_ASM_AVAILABLE 1
# endif
# elif defined(CRYPTOPP_GCC_VERSION)
# if defined(__RDRND__) && (CRYPTOPP_GCC_VERSION >= 40600)
# if defined(__RDRND__) && (CRYPTOPP_GCC_VERSION >= 40600) && !defined(__OPTIMIZE__)
# define ALL_RDRAND_INTRIN_AVAILABLE 1
# else
# define GCC_RDRAND_ASM_AVAILABLE 1
# endif
# if defined(__RDSEED__) && (CRYPTOPP_GCC_VERSION >= 40600)
# if defined(__RDSEED__) && (CRYPTOPP_GCC_VERSION >= 40600) && !defined(__OPTIMIZE__)
# define ALL_RDSEED_INTRIN_AVAILABLE 1
# else
# define GCC_RDSEED_ASM_AVAILABLE 1
@ -122,14 +118,17 @@ extern "C" void NASM_RDSEED_GenerateBlock(byte*, size_t);
NAMESPACE_BEGIN(CryptoPP)
#if defined(CRYPTOPP_CPUID_AVAILABLE)
// Fills 4 bytes
inline void RDRAND32(void* output)
{
#if defined(__SUNPRO_CC)
__asm__ __volatile__
(
"1:\n"
".byte 0x0f, 0xc7, 0xf0;\n"
".byte 0x73, 0xfb;\n"
"jnc 1b;\n"
: "=a" (*reinterpret_cast<word32*>(output))
: : "cc"
);
@ -147,8 +146,9 @@ inline void RDRAND32(void* output)
#elif defined(GCC_RDRAND_ASM_AVAILABLE) && (CRYPTOPP_GCC_VERSION >= 30200)
__asm__ __volatile__
(
"1:\n"
".byte 0x0f, 0xc7, 0xf0;\n"
".byte 0x73, 0xfb;\n"
"jnc 1b;\n"
: "=a" (*reinterpret_cast<word32*>(output))
: : "cc"
);
@ -164,6 +164,7 @@ inline void RDRAND32(void* output)
while(!_rdrand32_step(reinterpret_cast<word32*>(output))) {}
#else
// RDRAND not detected at compile time, or no suitable compiler found
CRYPTOPP_UNUSED(output);
throw NotImplemented("RDRAND: failed to find an implementation");
#endif
}
@ -175,8 +176,9 @@ inline void RDRAND64(void* output)
#if defined(__SUNPRO_CC) && (__SUNPRO_CC >= 0x5100)
__asm__ __volatile__
(
"1:\n"
".byte 0x48, 0x0f, 0xc7, 0xf0;\n"
".byte 0x73, 0xfa;\n"
"jnc 1b;\n"
: "=a" (*reinterpret_cast<word64*>(output))
: : "cc"
);
@ -194,8 +196,9 @@ inline void RDRAND64(void* output)
#elif defined(GCC_RDRAND_ASM_AVAILABLE) && (CRYPTOPP_GCC_VERSION >= 30200)
__asm__ __volatile__
(
"1:\n"
".byte 0x48, 0x0f, 0xc7, 0xf0;\n"
".byte 0x73, 0xfa;\n"
"jnc 1b;\n"
: "=a" (*reinterpret_cast<word64*>(output))
: : "cc"
);
@ -211,11 +214,18 @@ inline void RDRAND64(void* output)
while(!_rdrand64_step(reinterpret_cast<unsigned long long*>(output))) {}
#else
// RDRAND not detected at compile time, or no suitable compiler found
CRYPTOPP_UNUSED(output);
throw NotImplemented("RDRAND: failed to find an implementation");
#endif
}
#endif // CRYPTOPP_BOOL_X64, CRYPTOPP_BOOL_X32 and RDRAND64
RDRAND::RDRAND()
{
if (!HasRDRAND())
throw RDRAND_Err("HasRDRAND");
}
void RDRAND::GenerateBlock(byte *output, size_t size)
{
CRYPTOPP_ASSERT((output && size) || !(output || size));
@ -241,7 +251,7 @@ void RDRAND::GenerateBlock(byte *output, size_t size)
{
word64 val;
RDRAND64(&val);
std::memcpy(output, &val, size);
::memcpy(output, &val, size);
}
#elif CRYPTOPP_BOOL_X86
size_t i = 0;
@ -255,10 +265,11 @@ void RDRAND::GenerateBlock(byte *output, size_t size)
{
word32 val;
RDRAND32(&val);
std::memcpy(output, &val, size);
::memcpy(output, &val, size);
}
#else
// RDRAND not detected at compile time, or no suitable compiler found
CRYPTOPP_UNUSED(output);
throw NotImplemented("RDRAND: failed to find a suitable implementation");
#endif
}
@ -288,8 +299,9 @@ inline void RDSEED32(void* output)
#if defined(__SUNPRO_CC)
__asm__ __volatile__
(
"1:\n"
".byte 0x0f, 0xc7, 0xf8;\n"
".byte 0x73, 0xfb;\n"
"jnc 1b;\n"
: "=a" (*reinterpret_cast<word32*>(output))
: : "cc"
);
@ -307,8 +319,9 @@ inline void RDSEED32(void* output)
#elif defined(GCC_RDSEED_ASM_AVAILABLE) && (CRYPTOPP_GCC_VERSION >= 30200)
__asm__ __volatile__
(
"1:\n"
".byte 0x0f, 0xc7, 0xf8;\n"
".byte 0x73, 0xfb;\n"
"jnc 1b;\n"
: "=a" (*reinterpret_cast<word32*>(output))
: : "cc"
);
@ -324,6 +337,7 @@ inline void RDSEED32(void* output)
while(!_rdseed32_step(reinterpret_cast<word32*>(output))) {}
#else
// RDSEED not detected at compile time, or no suitable compiler found
CRYPTOPP_UNUSED(output);
throw NotImplemented("RDSEED: failed to find an implementation");
#endif
}
@ -335,8 +349,9 @@ inline void RDSEED64(void* output)
#if defined(__SUNPRO_CC) && (__SUNPRO_CC >= 0x5100)
__asm__ __volatile__
(
"1:\n"
".byte 0x48, 0x0f, 0xc7, 0xf8;\n"
".byte 0x73, 0xfa;\n"
"jnc 1b;\n"
: "=a" (*reinterpret_cast<word64*>(output))
: : "cc"
);
@ -354,8 +369,9 @@ inline void RDSEED64(void* output)
#elif defined(GCC_RDSEED_ASM_AVAILABLE) && (CRYPTOPP_GCC_VERSION >= 30200)
__asm__ __volatile__
(
"1:\n"
".byte 0x48, 0x0f, 0xc7, 0xf8;\n"
".byte 0x73, 0xfa;\n"
"jnc 1b;\n"
: "=a" (*reinterpret_cast<word64*>(output))
: : "cc"
);
@ -371,11 +387,18 @@ inline void RDSEED64(void* output)
while(!_rdseed64_step(reinterpret_cast<unsigned long long*>(output))) {}
#else
// RDSEED not detected at compile time, or no suitable compiler found
CRYPTOPP_UNUSED(output);
throw NotImplemented("RDSEED: failed to find an implementation");
#endif
}
#endif // CRYPTOPP_BOOL_X64 and RDSEED64
RDSEED::RDSEED()
{
if (!HasRDSEED())
throw RDSEED_Err("HasRDSEED");
}
void RDSEED::GenerateBlock(byte *output, size_t size)
{
CRYPTOPP_ASSERT((output && size) || !(output || size));
@ -401,7 +424,7 @@ void RDSEED::GenerateBlock(byte *output, size_t size)
{
word64 val;
RDSEED64(&val);
std::memcpy(output, &val, size);
::memcpy(output, &val, size);
}
#elif CRYPTOPP_BOOL_X86
size_t i = 0;
@ -415,7 +438,7 @@ void RDSEED::GenerateBlock(byte *output, size_t size)
{
word32 val;
RDSEED32(&val);
std::memcpy(output, &val, size);
::memcpy(output, &val, size);
}
#endif // CRYPTOPP_BOOL_X64, CRYPTOPP_BOOL_X32 and RDSEED64
}
@ -436,4 +459,38 @@ void RDSEED::DiscardBytes(size_t n)
}
}
#else // CRYPTOPP_CPUID_AVAILABLE
RDRAND::RDRAND()
{
throw RDRAND_Err("HasRDRAND");
}
void RDRAND::GenerateBlock(byte *output, size_t size)
{
CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(size);
}
void RDRAND::DiscardBytes(size_t n)
{
CRYPTOPP_UNUSED(n);
}
RDSEED::RDSEED()
{
throw RDSEED_Err("HasRDSEED");
}
void RDSEED::GenerateBlock(byte *output, size_t size)
{
CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(size);
}
void RDSEED::DiscardBytes(size_t n)
{
CRYPTOPP_UNUSED(n);
}
#endif
NAMESPACE_END

22
rdrand.h
View File

@ -9,12 +9,11 @@
#include "cryptlib.h"
// This file (and friends) provides both RDRAND and RDSEED. They were added at
// This class file provides both RDRAND and RDSEED. They were added at
// Crypto++ 5.6.3. At compile time, it uses CRYPTOPP_BOOL_{X86|X32|X64}
// to select an implementation or "throw NotImplemented". The class does not
// use CPUID to determine if RDRAND or RDSEED are available. If not available,
// then a SIGILL will result. Users of the classes should call HasRDRAND() or
// HasRDSEED() to determine if a generator is available.
// to select an implementation or "throw NotImplemented". At runtime the
// constructor will throw RDRAND_Err or RDSEED_Err if a generator is
// is not available.
// The original classes accepted a retry count. Retries were superflous for
// RDRAND, and RDSEED encountered a failure about 1 in 256 bytes depending
// on the processor. Retries were removed at Crypto++ 6.0 because
@ -28,8 +27,8 @@
// during testing with Athlon X4 845. The Bulldozer v4 only performed at 1 MiB/s.
// Microsoft added RDRAND in August 2012, VS2012; RDSEED in October 2013, VS2013.
// GCC added RDRAND in December 2010, GCC 4.6. LLVM added RDRAND in July 2012, Clang 3.2.
// Intel added RDRAND in September 2011, ICC 12.1.
// GCC added RDRAND in December 2010, GCC 4.6. LLVM added RDRAND in July 2012,
// Clang 3.2. Intel added RDRAND in September 2011, ICC 12.1.
NAMESPACE_BEGIN(CryptoPP)
@ -56,9 +55,9 @@ public:
//! \brief Construct a RDRAND generator
//! \details According to DJ of Intel, the Intel RDRAND circuit does not underflow.
//! If it did hypothetically underflow, then it would return 0 for the random value.
//! AMD's RDRAND implementation appears to provide the same behavior except the
//! values are not generated consistent with FIPS 140.
RDRAND() {}
//! AMD's RDRAND implementation appears to provide the same behavior.
//! \throws RDRAND_Err if the random number generator is not available
RDRAND();
//! \brief Generate random array of bytes
//! \param output the byte buffer
@ -107,7 +106,8 @@ public:
//! \details Empirical testing under a 6th generaton i7 (6200U) shows RDSEED fails
//! to fulfill requests at about once every for every 256 bytes requested.
//! The generator runs about 4 times slower than RDRAND.
RDSEED() {}
//! \throws RDSEED_Err if the random number generator is not available
RDSEED();
//! \brief Generate random array of bytes
//! \param output the byte buffer

6
rdrand.S → rdrand.s
View File

@ -6,9 +6,9 @@
;; of intrinsics. The routines below run a little faster than the intrinsic
;; based routines.
;; nasm -f elf32 rdrand.S -DX86 -g -o rdrand-x86.o
;; nasm -f elfx32 rdrand.S -DX32 -g -o rdrand-x32.o
;; nasm -f elf64 rdrand.S -DX64 -g -o rdrand-x64.o
;; nasm -f elf32 rdrand.s -DX86 -g -o rdrand-x86.o
;; nasm -f elfx32 rdrand.s -DX32 -g -o rdrand-x32.o
;; nasm -f elf64 rdrand.s -DX64 -g -o rdrand-x64.o
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

119
regtest1.cpp Normal file
View File

@ -0,0 +1,119 @@
// regtest1.cpp - originally written and placed in the public domain by Wei Dai
// regtest.cpp split into 3 files due to OOM kills by JW in April 2017
#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
#include "cryptlib.h"
#include "factory.h"
#include "bench.h"
#include "cpu.h"
#include "crc.h"
#include "adler32.h"
#include "md2.h"
#include "md5.h"
#include "keccak.h"
#include "sha3.h"
#include "blake2.h"
#include "sha.h"
#include "tiger.h"
#include "ripemd.h"
#include "panama.h"
#include "whrlpool.h"
#include "osrng.h"
#include "drbg.h"
#include "mersenne.h"
#include "rdrand.h"
#include "modes.h"
#include "aes.h"
// Aggressive stack checking with VS2005 SP1 and above.
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
USING_NAMESPACE(CryptoPP)
// Unkeyed ciphers
void RegisterFactories1();
// Shared key ciphers
void RegisterFactories2();
// Public key ciphers
void RegisterFactories3();
void RegisterFactories(Test::TestClass suites)
{
static bool s_registered = false;
if (s_registered)
return;
if ((suites & Test::Unkeyed) == Test::Unkeyed)
RegisterFactories1();
if ((suites & Test::SharedKeyMAC) == Test::SharedKeyMAC ||
(suites & Test::SharedKeyMAC) == Test::SharedKeyStream ||
(suites & Test::SharedKeyMAC) == Test::SharedKeyBlock)
RegisterFactories2();
if ((suites & Test::PublicKey) == Test::PublicKey)
RegisterFactories3();
s_registered = true;
}
// Unkeyed ciphers
void RegisterFactories1()
{
RegisterDefaultFactoryFor<HashTransformation, CRC32>();
RegisterDefaultFactoryFor<HashTransformation, CRC32C>();
RegisterDefaultFactoryFor<HashTransformation, Adler32>();
RegisterDefaultFactoryFor<HashTransformation, Weak::MD5>();
RegisterDefaultFactoryFor<HashTransformation, SHA1>();
RegisterDefaultFactoryFor<HashTransformation, SHA224>();
RegisterDefaultFactoryFor<HashTransformation, SHA256>();
RegisterDefaultFactoryFor<HashTransformation, SHA384>();
RegisterDefaultFactoryFor<HashTransformation, SHA512>();
RegisterDefaultFactoryFor<HashTransformation, Whirlpool>();
RegisterDefaultFactoryFor<HashTransformation, Tiger>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD160>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD320>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD128>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD256>();
RegisterDefaultFactoryFor<HashTransformation, Weak::PanamaHash<LittleEndian> >();
RegisterDefaultFactoryFor<HashTransformation, Weak::PanamaHash<BigEndian> >();
RegisterDefaultFactoryFor<HashTransformation, Keccak_224>();
RegisterDefaultFactoryFor<HashTransformation, Keccak_256>();
RegisterDefaultFactoryFor<HashTransformation, Keccak_384>();
RegisterDefaultFactoryFor<HashTransformation, Keccak_512>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_224>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_256>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_384>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_512>();
RegisterDefaultFactoryFor<HashTransformation, BLAKE2s>();
RegisterDefaultFactoryFor<HashTransformation, BLAKE2b>();
#ifdef BLOCKING_RNG_AVAILABLE
RegisterDefaultFactoryFor<RandomNumberGenerator, BlockingRng>();
#endif
#ifdef NONBLOCKING_RNG_AVAILABLE
RegisterDefaultFactoryFor<RandomNumberGenerator, NonblockingRng>();
#endif
#ifdef OS_RNG_AVAILABLE
RegisterDefaultFactoryFor<RandomNumberGenerator, AutoSeededRandomPool>();
RegisterDefaultFactoryFor<RandomNumberGenerator, AutoSeededX917RNG<AES> >();
#endif
RegisterDefaultFactoryFor<RandomNumberGenerator, MT19937>();
#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
if (HasRDRAND())
RegisterDefaultFactoryFor<RandomNumberGenerator, RDRAND>();
if (HasRDSEED())
RegisterDefaultFactoryFor<RandomNumberGenerator, RDSEED>();
#endif
RegisterDefaultFactoryFor<RandomNumberGenerator, OFB_Mode<AES>::Encryption >("AES/OFB RNG");
RegisterDefaultFactoryFor<NIST_DRBG, Hash_DRBG<SHA1> >("Hash_DRBG(SHA1)");
RegisterDefaultFactoryFor<NIST_DRBG, Hash_DRBG<SHA256> >("Hash_DRBG(SHA256)");
RegisterDefaultFactoryFor<NIST_DRBG, HMAC_DRBG<SHA1> >("HMAC_DRBG(SHA1)");
RegisterDefaultFactoryFor<NIST_DRBG, HMAC_DRBG<SHA256> >("HMAC_DRBG(SHA256)");
}

129
regtest.cpp → regtest2.cpp
View File

@ -1,33 +1,25 @@
// regtest.cpp - originally written and placed in the public domain by Wei Dai
// regtest2.cpp - originally written and placed in the public domain by Wei Dai
// regtest.cpp split into 3 files due to OOM kills by JW in April 2017
#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
#include "cryptlib.h"
#include "factory.h"
#include "bench.h"
#include "cpu.h"
#include "modes.h"
#include "dh.h"
#include "esign.h"
#include "md2.h"
#include "rw.h"
#include "md5.h"
#include "rsa.h"
#include "ripemd.h"
#include "dsa.h"
#include "seal.h"
#include "whrlpool.h"
#include "ttmac.h"
#include "aria.h"
#include "camellia.h"
#include "shacal2.h"
#include "tea.h"
#include "panama.h"
#include "pssr.h"
#include "aes.h"
#include "salsa.h"
#include "chacha.h"
#include "vmac.h"
#include "tiger.h"
#include "md5.h"
#include "sosemanuk.h"
#include "arc4.h"
#include "ccm.h"
@ -38,6 +30,8 @@
#include "cast.h"
#include "rc6.h"
#include "mars.h"
#include "kalyna.h"
#include "threefish.h"
#include "des.h"
#include "idea.h"
#include "rc5.h"
@ -48,62 +42,30 @@
#include "blowfish.h"
#include "seed.h"
#include "wake.h"
#include "seal.h"
#include "crc.h"
#include "adler32.h"
#include "hkdf.h"
// For HMAC's
#include "md5.h"
#include "keccak.h"
#include "sha.h"
#include "sha3.h"
#include "blake2.h"
#include "ripemd.h"
#include "poly1305.h"
#include "hkdf.h"
#include "siphash.h"
#include "osrng.h"
#include "drbg.h"
#include "mersenne.h"
#include "rdrand.h"
#include "whrlpool.h"
#include "panama.h"
// Aggressive stack checking with VS2005 SP1 and above.
#if (CRYPTOPP_MSC_VERSION >= 1410)
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
USING_NAMESPACE(CryptoPP)
void RegisterFactories()
// Shared key ciphers
void RegisterFactories2()
{
static bool s_registered = false;
if (s_registered)
return;
RegisterDefaultFactoryFor<SimpleKeyAgreementDomain, DH>();
RegisterDefaultFactoryFor<HashTransformation, CRC32>();
RegisterDefaultFactoryFor<HashTransformation, CRC32C>();
RegisterDefaultFactoryFor<HashTransformation, Adler32>();
RegisterDefaultFactoryFor<HashTransformation, Weak::MD5>();
RegisterDefaultFactoryFor<HashTransformation, SHA1>();
RegisterDefaultFactoryFor<HashTransformation, SHA224>();
RegisterDefaultFactoryFor<HashTransformation, SHA256>();
RegisterDefaultFactoryFor<HashTransformation, SHA384>();
RegisterDefaultFactoryFor<HashTransformation, SHA512>();
RegisterDefaultFactoryFor<HashTransformation, Whirlpool>();
RegisterDefaultFactoryFor<HashTransformation, Tiger>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD160>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD320>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD128>();
RegisterDefaultFactoryFor<HashTransformation, RIPEMD256>();
RegisterDefaultFactoryFor<HashTransformation, Weak::PanamaHash<LittleEndian> >();
RegisterDefaultFactoryFor<HashTransformation, Weak::PanamaHash<BigEndian> >();
RegisterDefaultFactoryFor<HashTransformation, Keccak_224>();
RegisterDefaultFactoryFor<HashTransformation, Keccak_256>();
RegisterDefaultFactoryFor<HashTransformation, Keccak_384>();
RegisterDefaultFactoryFor<HashTransformation, Keccak_512>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_224>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_256>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_384>();
RegisterDefaultFactoryFor<HashTransformation, SHA3_512>();
RegisterDefaultFactoryFor<HashTransformation, BLAKE2s>();
RegisterDefaultFactoryFor<HashTransformation, BLAKE2b>();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<Weak::MD5> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA1> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<RIPEMD160> >();
@ -124,27 +86,10 @@ void RegisterFactories()
RegisterDefaultFactoryFor<MessageAuthenticationCode, BLAKE2b>();
RegisterDefaultFactoryFor<MessageAuthenticationCode, SipHash<2,4> >();
RegisterDefaultFactoryFor<MessageAuthenticationCode, SipHash<4,8> >();
RegisterAsymmetricCipherDefaultFactories<RSAES<OAEP<SHA1> > >("RSA/OAEP-MGF1(SHA-1)");
RegisterAsymmetricCipherDefaultFactories<DLIES<> >("DLIES(NoCofactorMultiplication, KDF2(SHA-1), XOR, HMAC(SHA-1), DHAES)");
RegisterSignatureSchemeDefaultFactories<DSA>();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA224> >();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA256> >();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA384> >();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA512> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA1> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA224> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA256> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA384> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA512> >();
RegisterSignatureSchemeDefaultFactories<NR<SHA1> >("NR(1363)/EMSA1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<GDSA<SHA1> >("DSA-1363/EMSA1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, Weak::MD2> >("RSA/PKCS1-1.5(MD2)");
RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, SHA1> >("RSA/PKCS1-1.5(SHA-1)");
RegisterSignatureSchemeDefaultFactories<ESIGN<SHA1> >("ESIGN/EMSA5-MGF1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<RWSS<P1363_EMSA2, SHA1> >("RW/EMSA2(SHA-1)");
RegisterSignatureSchemeDefaultFactories<RSASS<PSS, SHA1> >("RSA/PSS-MGF1(SHA-1)");
RegisterSymmetricCipherDefaultFactories<SEAL<> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SHACAL2> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<ARIA> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Camellia> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<TEA> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<XTEA> >();
@ -168,6 +113,8 @@ void RegisterFactories()
RegisterAuthenticatedSymmetricCipherDefaultFactories<CCM<AES> >();
RegisterAuthenticatedSymmetricCipherDefaultFactories<GCM<AES> >();
RegisterAuthenticatedSymmetricCipherDefaultFactories<EAX<AES> >();
RegisterSymmetricCipherDefaultFactories<CBC_Mode<ARIA> >(); // For test vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<ARIA> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Camellia> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Twofish> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Serpent> >();
@ -188,33 +135,15 @@ void RegisterFactories()
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Blowfish> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<SEED> >();
RegisterSymmetricCipherDefaultFactories<CTR_Mode<SEED> >();
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Kalyna> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Kalyna> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Kalyna> >(); // Benchmarks
RegisterSymmetricCipherDefaultFactories<ECB_Mode<Threefish> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CBC_Mode<Threefish> >(); // Test Vectors
RegisterSymmetricCipherDefaultFactories<CTR_Mode<Threefish> >(); // Benchmarks
RegisterDefaultFactoryFor<KeyDerivationFunction, HKDF<SHA1> >();
RegisterDefaultFactoryFor<KeyDerivationFunction, HKDF<SHA256> >();
RegisterDefaultFactoryFor<KeyDerivationFunction, HKDF<SHA512> >();
RegisterDefaultFactoryFor<KeyDerivationFunction, HKDF<Whirlpool> >();
#ifdef BLOCKING_RNG_AVAILABLE
RegisterDefaultFactoryFor<RandomNumberGenerator, BlockingRng>();
#endif
#ifdef NONBLOCKING_RNG_AVAILABLE
RegisterDefaultFactoryFor<RandomNumberGenerator, NonblockingRng>();
#endif
#ifdef OS_RNG_AVAILABLE
RegisterDefaultFactoryFor<RandomNumberGenerator, AutoSeededRandomPool>();
RegisterDefaultFactoryFor<RandomNumberGenerator, AutoSeededX917RNG<AES> >();
#endif
RegisterDefaultFactoryFor<RandomNumberGenerator, MT19937>();
#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
if (HasRDRAND())
RegisterDefaultFactoryFor<RandomNumberGenerator, RDRAND>();
if (HasRDSEED())
RegisterDefaultFactoryFor<RandomNumberGenerator, RDSEED>();
#endif
RegisterDefaultFactoryFor<RandomNumberGenerator, OFB_Mode<AES>::Encryption >("AES/OFB RNG");
RegisterDefaultFactoryFor<NIST_DRBG, Hash_DRBG<SHA1> >("Hash_DRBG(SHA1)");
RegisterDefaultFactoryFor<NIST_DRBG, Hash_DRBG<SHA256> >("Hash_DRBG(SHA256)");
RegisterDefaultFactoryFor<NIST_DRBG, HMAC_DRBG<SHA1> >("HMAC_DRBG(SHA1)");
RegisterDefaultFactoryFor<NIST_DRBG, HMAC_DRBG<SHA256> >("HMAC_DRBG(SHA256)");
s_registered = true;
}

53
regtest3.cpp Normal file
View File

@ -0,0 +1,53 @@
// regtest.cpp - originally written and placed in the public domain by Wei Dai
// regtest.cpp split into 3 files due to OOM kills by JW in April 2017
#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
#include "cryptlib.h"
#include "factory.h"
#include "bench.h"
#include "cpu.h"
#include "dh.h"
#include "nr.h"
#include "rw.h"
#include "rsa.h"
#include "dsa.h"
#include "pssr.h"
#include "esign.h"
// Hashes
#include "md2.h"
#include "md5.h"
#include "sha.h"
// Aggressive stack checking with VS2005 SP1 and above.
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
USING_NAMESPACE(CryptoPP)
void RegisterFactories3()
{
RegisterDefaultFactoryFor<SimpleKeyAgreementDomain, DH>();
RegisterAsymmetricCipherDefaultFactories<RSAES<OAEP<SHA1> > >("RSA/OAEP-MGF1(SHA-1)");
RegisterAsymmetricCipherDefaultFactories<DLIES<> >("DLIES(NoCofactorMultiplication, KDF2(SHA-1), XOR, HMAC(SHA-1), DHAES)");
RegisterSignatureSchemeDefaultFactories<DSA>();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA224> >();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA256> >();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA384> >();
RegisterSignatureSchemeDefaultFactories<DSA2<SHA512> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA1> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA224> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA256> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA384> >();
RegisterSignatureSchemeDefaultFactories<DSA_RFC6979<SHA512> >();
RegisterSignatureSchemeDefaultFactories<NR<SHA1> >("NR(1363)/EMSA1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<GDSA<SHA1> >("DSA-1363/EMSA1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, Weak::MD2> >("RSA/PKCS1-1.5(MD2)");
RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, SHA1> >("RSA/PKCS1-1.5(SHA-1)");
RegisterSignatureSchemeDefaultFactories<ESIGN<SHA1> >("ESIGN/EMSA5-MGF1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<RWSS<P1363_EMSA2, SHA1> >("RW/EMSA2(SHA-1)");
RegisterSignatureSchemeDefaultFactories<RSASS<PSS, SHA1> >("RSA/PSS-MGF1(SHA-1)");
}

22
rsa.cpp
View File

@ -15,13 +15,13 @@
NAMESPACE_BEGIN(CryptoPP)
void RSA_TestInstantiations()
{
RSASS<PKCS1v15, SHA>::Verifier x1(1, 1);
RSASS<PKCS1v15, SHA>::Signer x2(NullRNG(), 1);
RSASS<PKCS1v15, SHA>::Verifier x3(x2);
RSASS<PKCS1v15, SHA>::Verifier x4(x2.GetKey());
RSASS<PSS, SHA>::Verifier x5(x3);
RSASS<PKCS1v15, SHA1>::Verifier x1(1, 1);
RSASS<PKCS1v15, SHA1>::Signer x2(NullRNG(), 1);
RSASS<PKCS1v15, SHA1>::Verifier x3(x2);
RSASS<PKCS1v15, SHA1>::Verifier x4(x2.GetKey());
RSASS<PSS, SHA1>::Verifier x5(x3);
#ifndef __MWERKS__
RSASS<PSSR, SHA>::Signer x6 = x2;
RSASS<PSSR, SHA1>::Signer x6 = x2;
x3 = x2;
x6 = x2;
#endif
@ -29,7 +29,7 @@ void RSA_TestInstantiations()
#ifndef __GNUC__
RSAES<PKCS1v15>::Encryptor x8(x3);
#endif
RSAES<OAEP<SHA> >::Encryptor x9(x2);
RSAES<OAEP<SHA1> >::Encryptor x9(x2);
x4 = x2.GetKey();
}
@ -136,12 +136,12 @@ void InvertibleRSAFunction::GenerateRandom(RandomNumberGenerator &rng, const Nam
if (FIPS_140_2_ComplianceEnabled())
{
RSASS<PKCS1v15, SHA>::Signer signer(*this);
RSASS<PKCS1v15, SHA>::Verifier verifier(signer);
RSASS<PKCS1v15, SHA1>::Signer signer(*this);
RSASS<PKCS1v15, SHA1>::Verifier verifier(signer);
SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier);
RSAES<OAEP<SHA> >::Decryptor decryptor(*this);
RSAES<OAEP<SHA> >::Encryptor encryptor(decryptor);
RSAES<OAEP<SHA1> >::Decryptor decryptor(*this);
RSAES<OAEP<SHA1> >::Encryptor encryptor(decryptor);
EncryptionPairwiseConsistencyTest_FIPS_140_Only(encryptor, decryptor);
}
}

20
rsa.h
View File

@ -217,22 +217,22 @@ DOCUMENTED_TYPEDEF(RSAES<PKCS1v15>::Decryptor, RSAES_PKCS1v15_Decryptor);
//! \details RSA encryption scheme defined in PKCS #1 v2.0
DOCUMENTED_TYPEDEF(RSAES<PKCS1v15>::Encryptor, RSAES_PKCS1v15_Encryptor);
//! \brief \ref RSAES<STANDARD> "RSAES<OAEP<SHA>>::Decryptor" typedef
//! \brief \ref RSAES<STANDARD> "RSAES<OAEP<SHA1>>::Decryptor" typedef
//! \details RSA encryption scheme defined in PKCS #1 v2.0
DOCUMENTED_TYPEDEF(RSAES<OAEP<SHA> >::Decryptor, RSAES_OAEP_SHA_Decryptor);
//! \brief \ref RSAES<STANDARD> "RSAES<OAEP<SHA>>::Encryptor" typedef
DOCUMENTED_TYPEDEF(RSAES<OAEP<SHA1> >::Decryptor, RSAES_OAEP_SHA_Decryptor);
//! \brief \ref RSAES<STANDARD> "RSAES<OAEP<SHA1>>::Encryptor" typedef
//! \details RSA encryption scheme defined in PKCS #1 v2.0
DOCUMENTED_TYPEDEF(RSAES<OAEP<SHA> >::Encryptor, RSAES_OAEP_SHA_Encryptor);
DOCUMENTED_TYPEDEF(RSAES<OAEP<SHA1> >::Encryptor, RSAES_OAEP_SHA_Encryptor);
#ifdef CRYPTOPP_DOXYGEN_PROCESSING
//! \brief \ref RSASS<STANDARD,HASH> "RSASS<PKCS1v15,SHA>::Signer" typedef
//! \brief \ref RSASS<STANDARD,HASH> "RSASS<PKCS1v15,SHA1>::Signer" typedef
//! \details RSA signature schemes defined in PKCS #1 v2.0
//! \since Crypto++ 1.0
class RSASSA_PKCS1v15_SHA_Signer : public RSASS<PKCS1v15,SHA>::Signer {};
//! \brief \ref RSASS<STANDARD,HASH> "RSASS<PKCS1v15,SHA>::Verifier" typedef
class RSASSA_PKCS1v15_SHA_Signer : public RSASS<PKCS1v15,SHA1>::Signer {};
//! \brief \ref RSASS<STANDARD,HASH> "RSASS<PKCS1v15,SHA1>::Verifier" typedef
//! \details RSA signature schemes defined in PKCS #1 v2.0
//! \since Crypto++ 1.0
class RSASSA_PKCS1v15_SHA_Verifier : public RSASS<PKCS1v15,SHA>::Verifier {};
class RSASSA_PKCS1v15_SHA_Verifier : public RSASS<PKCS1v15,SHA1>::Verifier {};
namespace Weak {
@ -256,8 +256,8 @@ class RSASSA_PKCS1v15_MD5_Verifier : public RSASS<PKCS1v15, Weak1::MD5>::Verifie
}
#else
typedef RSASS<PKCS1v15,SHA>::Signer RSASSA_PKCS1v15_SHA_Signer;
typedef RSASS<PKCS1v15,SHA>::Verifier RSASSA_PKCS1v15_SHA_Verifier;
typedef RSASS<PKCS1v15,SHA1>::Signer RSASSA_PKCS1v15_SHA_Signer;
typedef RSASS<PKCS1v15,SHA1>::Verifier RSASSA_PKCS1v15_SHA_Verifier;
namespace Weak {
typedef RSASS<PKCS1v15, Weak1::MD2>::Signer RSASSA_PKCS1v15_MD2_Signer;

2
seal.cpp
View File

@ -39,7 +39,7 @@ word32 SEAL_Gamma::Apply(word32 i)
{
memcpy(Z, H, 20);
D[0] = shaIndex;
SHA::Transform(Z, D);
SHA1::Transform(Z, D);
lastIndex = shaIndex;
}
return Z[i%5];

175
seckey.h
View File

@ -42,6 +42,29 @@ class FixedBlockSize
public:
//! \brief The block size of the algorithm provided as a constant.
CRYPTOPP_CONSTANT(BLOCKSIZE = N)
//! \brief The default blocksize for the algorithm provided as a constant.
CRYPTOPP_CONSTANT(DEFAULT_BLOCKSIZE = N)
//! \brief The minimum blocksize for the algorithm provided as a constant.
CRYPTOPP_CONSTANT(MIN_BLOCKSIZE = N)
//! \brief The maximum blocksize for the algorithm provided as a constant.
CRYPTOPP_CONSTANT(MAX_BLOCKSIZE = N)
//! \brief The default block size for the algorithm provided by a static function.
//! \param blocksize the block size, in bytes
//! \details The default implementation returns BLOCKSIZE. blocksize is unused
//! in the default implementation.
CRYPTOPP_STATIC_CONSTEXPR size_t CRYPTOPP_API StaticGetValidBlockSize(size_t blocksize)
{
return CRYPTOPP_UNUSED(blocksize), static_cast<size_t>(BLOCKSIZE);
}
//! \brief The default block size under a key provided by a static function.
//! \param keylength the size of the key, in bytes
//! \param blocksize the block size, in bytes
//! \details The default implementation returns BLOCKSIZE. blocksize is unused
//! in the default implementation.
CRYPTOPP_STATIC_CONSTEXPR size_t CRYPTOPP_API StaticGetValidBlockSize(size_t keylength, size_t blocksize)
{
return CRYPTOPP_UNUSED(keylength), CRYPTOPP_UNUSED(blocksize), static_cast<size_t>(BLOCKSIZE);
}
};
// ************** rounds ***************
@ -111,10 +134,127 @@ protected:
{
int rounds = param.GetIntValueWithDefault("Rounds", DEFAULT_ROUNDS);
ThrowIfInvalidRounds(rounds, alg);
return (unsigned int)rounds;
return static_cast<unsigned int>(rounds);
}
};
//! \class VariableBlockSize
//! \brief Inherited by algorithms with variable blocksize
//! \tparam D Default blocksize
//! \tparam N Minimum blocksize
//! \tparam M Maximum blocksize
template <unsigned int D, unsigned int N=1, unsigned int M=INT_MAX> // use INT_MAX here because enums are treated as signed ints
class VariableBlockSize
{
public:
//! \brief The default blocksize for the algorithm provided as a constant.
CRYPTOPP_CONSTANT(DEFAULT_BLOCKSIZE = D)
//! \brief The minimum blocksize for the algorithm provided as a constant.
CRYPTOPP_CONSTANT(MIN_BLOCKSIZE = N)
//! \brief The maximum blocksize for the algorithm provided as a constant.
CRYPTOPP_CONSTANT(MAX_BLOCKSIZE = M)
//! \brief The default block size for the algorithm provided by a static function.
//! \param blocksize the block size, in bytes
//! \details The default implementation returns BLOCKSIZE. blocksize is unused
//! in the default implementation.
CRYPTOPP_STATIC_CONSTEXPR size_t CRYPTOPP_API StaticGetValidBlockSize(size_t blocksize)
{
return CRYPTOPP_UNUSED(blocksize), static_cast<size_t>(DEFAULT_BLOCKSIZE);
}
//! \brief The default block size under a key provided by a static function.
//! \param keylength the size of the key, in bytes
//! \param blocksize the block size, in bytes
//! \details The default implementation returns BLOCKSIZE. blocksize is unused
//! in the default implementation.
CRYPTOPP_STATIC_CONSTEXPR size_t CRYPTOPP_API StaticGetValidBlockSize(size_t keylength, size_t blocksize)
{
return CRYPTOPP_UNUSED(keylength), CRYPTOPP_UNUSED(blocksize), static_cast<size_t>(DEFAULT_BLOCKSIZE);
}
protected:
//! \brief Validates the blocksize for an algorithm.
//! \param blocksize the candidate blocksize
//! \param alg an Algorithm object used if the blocksize is invalid
//! \throws InvalidBlockSize if the blocksize is invalid
//! \details ThrowIfInvalidBlockSize() validates the blocksize and throws if invalid.
inline void ThrowIfInvalidBlockSize(int blocksize, const Algorithm *alg)
{
if (M == INT_MAX) // Coverity and result_independent_of_operands
{
if (blocksize < MIN_BLOCKSIZE)
throw InvalidBlockSize(alg ? alg->AlgorithmName() : std::string("VariableBlockSize"), blocksize);
}
else
{
if (blocksize < MIN_BLOCKSIZE || blocksize > MAX_BLOCKSIZE)
throw InvalidBlockSize(alg ? alg->AlgorithmName() : std::string("VariableBlockSize"), blocksize);
}
}
//! \brief Validates the blocksize for an algorithm
//! \param param the candidate blocksize
//! \param alg an Algorithm object used if the blocksize is invalid
//! \returns the blocksize for the algorithm
//! \throws InvalidBlockSize if the blocksize is invalid
//! \details GetBlockSizeAndThrowIfInvalid() validates the blocksize and throws if invalid.
inline unsigned int GetBlockSizeAndThrowIfInvalid(const NameValuePairs &param, const Algorithm *alg)
{
int keylength = param.GetIntValueWithDefault("KeySize", 0);
int blocksize = param.GetIntValueWithDefault("BlockSize", DEFAULT_BLOCKSIZE);
if (keylength > 0)
ThrowIfInvalidBlockSize(keylength, blocksize, alg);
else
ThrowIfInvalidBlockSize(blocksize, alg);
return static_cast<unsigned int>(blocksize);
}
//! Provides the block size of the cipher
//! \return the block size, in bytes
//! \details The sematics of BlockSize() is return DEFAULT_BLOCKSIZE if the default blocksize
//! is in effect. If the blocksize has changed, then the value returned is the BlockSize()
//! parameter used during SetKey().
//! \details DEFAULT_BLOCKSIZE should be paired with DEFAULT_KEYLENGTH, and it is the same as
//! BLOCKSIZE in a FixedBlockSize cipher.
virtual unsigned int BlockSize() const =0;
//! Provides the minimum block size of the cipher
//! \return the minimum block size, in bytes
//! \details MinBlockSize() returns the smallest blocksize a cipher can use. The size can
//! be affected by the key length. For example, Threefish has key sizes of 256, 512 and 1024 bits,
//! and the blocksize follows the key length. If a 512-bit key is used, then the block size is 512
//! bits. Once keyed, the minimum block size of 256 is not accurate, nor is a block size of 1024 bit.
virtual unsigned int MinBlockSize() const
{ return MIN_BLOCKSIZE; }
//! Provides the maximum block size of the cipher
//! \return the maximum block size, in bytes
//! \details MaxBlockSize() returns the largest blocksize a cipher can use. The size can
//! be affected by the key length. For example, Threefish has key sizes of 256, 512 and 1024 bits,
//! and the blocksize follows the key length. If a 512-bit key is used, then the block size is 512
//! bits. Once keyed, the minimum block size of 256 is not accurate, nor is a block size of 1024 bit.
virtual unsigned int MaxBlockSize() const
{ return MAX_BLOCKSIZE; }
//! Provides the initialization vector length of the cipher
//! \return the initialization vector length, in bytes
//! \details The sematics of IVSize() is return IV_LENGTH if the default blocksize is
//! in effect. If the blocksize has changed, then the default implentation returns the value of
//! the BlockSize() parameter used during SetKey().
//! \details Derived classes may override the behavior such that a different value is returned.
//! This may happen with a cipher that requires an IV that is twice the block size.
virtual unsigned int IVSize() const =0;
//! \brief Provides the minimum size of an IV
//! \return minimal length of IVs accepted by this cipher, in bytes
virtual unsigned int MinIVLength() const
{ return MIN_BLOCKSIZE; }
//! \brief Provides the maximum size of an IV
//! \return maximal length of IVs accepted by this cipher, in bytes
virtual unsigned int MaxIVLength() const
{ return MAX_BLOCKSIZE; }
};
// ************** key length ***************
//! \class FixedKeyLength
@ -316,6 +456,39 @@ public:
unsigned int BlockSize() const {return this->BLOCKSIZE;}
};
//! \class VariableBlockCipherImpl
//! \brief Provides a base implementation of Algorithm and SimpleKeyingInterface for block ciphers with varibale block sizes
//! \tparam INFO a SimpleKeyingInterface derived class
//! \tparam BASE a SimpleKeyingInterface derived class
//! \details VariableBlockCipherImpl() provides a default implementation for block ciphers with varibale block sizes using AlgorithmImpl()
//! and SimpleKeyingInterfaceImpl().
//! \sa Algorithm(), SimpleKeyingInterface(), AlgorithmImpl(), SimpleKeyingInterfaceImpl()
template <class INFO, class BASE = BlockCipher>
class CRYPTOPP_NO_VTABLE VariableBlockCipherImpl : public AlgorithmImpl<SimpleKeyingInterfaceImpl<TwoBases<BASE, INFO> > >
{
public:
VariableBlockCipherImpl() : m_blocksize(0), m_ivlength(0) {}
VariableBlockCipherImpl(unsigned int blockSize) : m_blocksize(blockSize), m_ivlength(blockSize) {}
VariableBlockCipherImpl(unsigned int blockSize, unsigned int ivLength) : m_blocksize(blockSize), m_ivlength(ivLength) {}
//! Provides the block size of the algorithm
//! \returns the block size, in bytes
unsigned int BlockSize() const {
return m_blocksize ? m_blocksize : this->DEFAULT_BLOCKSIZE;
}
//! Provides the initialization vector length of the algorithm
//! \returns the initialization vector length, in bytes
unsigned int IVSize() const {
if (!this->IsResynchronizable())
throw NotImplemented(this->GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");
return m_ivlength ? m_ivlength : this->IV_LENGTH;
}
protected:
unsigned int m_blocksize, m_ivlength;
};
//! \class BlockCipherFinal
//! \brief Provides class member functions to key a block cipher
//! \tparam DIR a CipherDir

8
sha.cpp
View File

@ -108,17 +108,11 @@ static void SHA1_SSE_SHA_Transform(word32 *state, const word32 *data)
__m128i ABCD, ABCD_SAVE, E0, E0_SAVE, E1;
__m128i MASK, MSG0, MSG1, MSG2, MSG3;
// IteratedHashBase<T> has code to perform this step before HashEndianCorrectedBlock()
// is called, but the design does not lend itself to optional hardware components
// where SHA1 needs reversing, but SHA256 does not.
word32* dataBuf = const_cast<word32*>(data);
ByteReverse(dataBuf, dataBuf, 64);
// Load initial values
ABCD = _mm_loadu_si128((__m128i*) state);
E0 = _mm_set_epi32(state[4], 0, 0, 0);
ABCD = _mm_shuffle_epi32(ABCD, 0x1B);
MASK = _mm_set_epi64x(W64LIT(0x0001020304050607), W64LIT(0x08090a0b0c0d0e0f));
MASK = _mm_set_epi8(3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12);
// Save current hash
ABCD_SAVE = ABCD;

2
sha.h
View File

@ -30,8 +30,6 @@ public:
CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-1";}
};
typedef SHA1 SHA; // for backwards compatibility
//! \class SHA256
//! \brief SHA-256 message digest
//! \sa <a href="http://www.weidai.com/scan-mirror/md.html#SHA-256">SHA-256</a>

8
simple.h
View File

@ -58,6 +58,14 @@ public:
explicit InvalidRounds(const std::string &algorithm, unsigned int rounds) : InvalidArgument(algorithm + ": " + IntToString(rounds) + " is not a valid number of rounds") {}
};
//! \class InvalidBlockSize
//! \brief Exception thrown when an invalid block size is encountered
class CRYPTOPP_DLL InvalidBlockSize : public InvalidArgument
{
public:
explicit InvalidBlockSize(const std::string &algorithm, size_t length) : InvalidArgument(algorithm + ": " + IntToString(length) + " is not a valid block size") {}
};
//! \class InvalidPersonalizationLength
//! \brief Exception thrown when an invalid personalization string length is encountered
class CRYPTOPP_DLL InvalidPersonalizationLength : public InvalidArgument

103
test.cpp
View File

@ -62,7 +62,7 @@
#endif
// Aggressive stack checking with VS2005 SP1 and above.
#if (CRYPTOPP_MSC_VERSION >= 1410)
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
@ -70,7 +70,7 @@ USING_NAMESPACE(CryptoPP)
const int MAX_PHRASE_LENGTH=250;
void RegisterFactories();
void RegisterFactories(Test::TestClass suites);
void PrintSeedAndThreads(const std::string& seed);
void GenerateRSAKey(unsigned int keyLength, const char *privFilename, const char *pubFilename, const char *seed);
@ -117,43 +117,6 @@ int (*AdhocTest)(int argc, char *argv[]) = NULLPTR;
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(Test)
// Coverity finding
template <class T, bool NON_NEGATIVE>
T StringToValue(const std::string& str)
{
std::istringstream iss(str);
// Arbitrary, but we need to clear a Coverity finding TAINTED_SCALAR
if (iss.str().length() > 25)
throw InvalidArgument(str + "' is too long");
T value;
iss >> std::noskipws >> value;
// Use fail(), not bad()
if (iss.fail() || !iss.eof())
throw InvalidArgument(str + "' is not a value");
if (NON_NEGATIVE && value < 0)
throw InvalidArgument(str + "' is negative");
return value;
}
// Coverity finding
template<>
int StringToValue<int, true>(const std::string& str)
{
Integer n(str.c_str());
long l = n.ConvertToLong();
int r;
if (!SafeConvert(l, r))
throw InvalidArgument(str + "' is not an integer value");
return r;
}
ANONYMOUS_NAMESPACE_BEGIN
OFB_Mode<AES>::Encryption s_globalRNG;
NAMESPACE_END
@ -180,13 +143,9 @@ int CRYPTOPP_API main(int argc, char *argv[])
_CrtSetDbgFlag( tempflag );
#endif
#if defined(__MWERKS__) && defined(macintosh)
argc = ccommand(&argv);
#endif
try
{
RegisterFactories();
RegisterFactories(Test::All);
// Some editors have problems with the '\0' character when redirecting output.
std::string seed = IntToString(time(NULLPTR));
@ -403,14 +362,8 @@ int CRYPTOPP_API main(int argc, char *argv[])
InformationRecoverFile(argc-3, argv[2], argv+3);
else if (command == "v" || command == "vv")
return !Validate(argc>2 ? Test::StringToValue<int, true>(argv[2]) : 0, argv[1][1] == 'v', argc>3 ? argv[3] : NULLPTR);
else if (command == "b") // All benchmarks
Test::Benchmark(7, argc<3 ? 1 : Test::StringToValue<float, true>(argv[2]), argc<4 ? 0.0f : Test::StringToValue<float, true>(argv[3])*1e9);
else if (command == "b3") // Public key algorithms
Test::Benchmark(4, argc<3 ? 1 : Test::StringToValue<float, true>(argv[2]), argc<4 ? 0.0f : Test::StringToValue<float, true>(argv[3])*1e9);
else if (command == "b2") // Shared key algorithms
Test::Benchmark(2, argc<3 ? 1 : Test::StringToValue<float, true>(argv[2]), argc<4 ? 0.0f : Test::StringToValue<float, true>(argv[3])*1e9);
else if (command == "b1") // Unkeyed algorithms
Test::Benchmark(1, argc<3 ? 1 : Test::StringToValue<float, true>(argv[2]), argc<4 ? 0.0f : Test::StringToValue<float, true>(argv[3])*1e9);
else if (command.substr(0,1) == "b") // "b", "b1", "b2", ...
Test::BenchmarkWithCommand(argc, argv);
else if (command == "z")
GzipFile(argv[3], argv[4], argv[2][0]-'0');
else if (command == "u")
@ -439,6 +392,7 @@ int CRYPTOPP_API main(int argc, char *argv[])
{
FileSource usage(CRYPTOPP_DATA_DIR "TestData/usage.dat", true, new FileSink(std::cout));
return 1;
return 1;
}
else if (command == "V")
{
@ -461,7 +415,7 @@ int CRYPTOPP_API main(int argc, char *argv[])
std::cout << "\nstd::exception caught: " << e.what() << std::endl;
return -2;
}
} // End main()
} // main()
void FIPS140_GenerateRandomFiles()
{
@ -542,14 +496,14 @@ std::string RSADecryptString(const char *privFilename, const char *ciphertext)
void RSASignFile(const char *privFilename, const char *messageFilename, const char *signatureFilename)
{
FileSource privFile(privFilename, true, new HexDecoder);
RSASS<PKCS1v15, SHA>::Signer priv(privFile);
RSASS<PKCS1v15, SHA1>::Signer priv(privFile);
FileSource f(messageFilename, true, new SignerFilter(Test::GlobalRNG(), priv, new HexEncoder(new FileSink(signatureFilename))));
}
bool RSAVerifyFile(const char *pubFilename, const char *messageFilename, const char *signatureFilename)
{
FileSource pubFile(pubFilename, true, new HexDecoder);
RSASS<PKCS1v15, SHA>::Verifier pub(pubFile);
RSASS<PKCS1v15, SHA1>::Verifier pub(pubFile);
FileSource signatureFile(signatureFilename, true, new HexDecoder);
if (signatureFile.MaxRetrievable() != pub.SignatureLength())
@ -665,6 +619,8 @@ void SecretShareFile(int threshold, int nShares, const char *filename, const cha
ChannelSwitch *channelSwitch = NULLPTR;
FileSource source(filename, false, new SecretSharing(rng, threshold, nShares, channelSwitch = new ChannelSwitch));
// Be careful of the type of Sink used. An ArraySink will stop writing data once the array
// is full. Also see http://groups.google.com/forum/#!topic/cryptopp-users/XEKKLCEFH3Y.
vector_member_ptrs<FileSink> fileSinks(nShares);
std::string channel;
for (int i=0; i<nShares; i++)
@ -719,6 +675,8 @@ void InformationDisperseFile(int threshold, int nShares, const char *filename)
ChannelSwitch *channelSwitch = NULLPTR;
FileSource source(filename, false, new InformationDispersal(threshold, nShares, channelSwitch = new ChannelSwitch));
// Be careful of the type of Sink used. An ArraySink will stop writing data once the array
// is full. Also see http://groups.google.com/forum/#!topic/cryptopp-users/XEKKLCEFH3Y.
vector_member_ptrs<FileSink> fileSinks(nShares);
std::string channel;
for (int i=0; i<nShares; i++)
@ -971,24 +929,25 @@ bool Validate(int alg, bool thorough, const char *seedInput)
case 60: result = Test::ValidateDLIES(); break;
case 61: result = Test::ValidateBaseCode(); break;
case 62: result = Test::ValidateSHACAL2(); break;
case 63: result = Test::ValidateCamellia(); break;
case 64: result = Test::ValidateWhirlpool(); break;
case 65: result = Test::ValidateTTMAC(); break;
case 66: result = Test::ValidateSalsa(); break;
case 67: result = Test::ValidateSosemanuk(); break;
case 68: result = Test::ValidateVMAC(); break;
case 69: result = Test::ValidateCCM(); break;
case 70: result = Test::ValidateGCM(); break;
case 71: result = Test::ValidateCMAC(); break;
case 72: result = Test::ValidateHKDF(); break;
case 73: result = Test::ValidateBLAKE2s(); break;
case 74: result = Test::ValidateBLAKE2b(); break;
case 75: result = Test::ValidatePoly1305(); break;
case 76: result = Test::ValidateSipHash(); break;
case 77: result = Test::ValidateHashDRBG(); break;
case 78: result = Test::ValidateHmacDRBG(); break;
case 63: result = Test::ValidateARIA(); break;
case 64: result = Test::ValidateCamellia(); break;
case 65: result = Test::ValidateWhirlpool(); break;
case 66: result = Test::ValidateTTMAC(); break;
case 67: result = Test::ValidateSalsa(); break;
case 68: result = Test::ValidateSosemanuk(); break;
case 69: result = Test::ValidateVMAC(); break;
case 70: result = Test::ValidateCCM(); break;
case 71: result = Test::ValidateGCM(); break;
case 72: result = Test::ValidateCMAC(); break;
case 73: result = Test::ValidateHKDF(); break;
case 74: result = Test::ValidateBLAKE2s(); break;
case 75: result = Test::ValidateBLAKE2b(); break;
case 76: result = Test::ValidatePoly1305(); break;
case 77: result = Test::ValidateSipHash(); break;
case 78: result = Test::ValidateHashDRBG(); break;
case 79: result = Test::ValidateHmacDRBG(); break;
#if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_IMPORTS)
#if defined(CRYPTOPP_EXTENDED_VALIDATION)
// http://github.com/weidai11/cryptopp/issues/92
case 9999: result = Test::TestSecBlock(); break;
// http://github.com/weidai11/cryptopp/issues/64

467
threefish.cpp Normal file
View File

@ -0,0 +1,467 @@
// threefish.cpp - written and placed in the public domain by Jeffrey Walton
// Based on public domain code by Keru Kuro. Kuro's code is
// available at http://cppcrypto.sourceforge.net/.
#include "pch.h"
#include "config.h"
#include "threefish.h"
#include "misc.h"
#include "cpu.h"
#include "algparam.h"
#include "argnames.h"
ANONYMOUS_NAMESPACE_BEGIN
#if defined(__clang__)
# define rotatel64(x,y) rotlVariable(x,y)
# define rotater64(x,y) rotrVariable(x,y)
#else
# define rotatel64(x,y) rotlFixed(x,y)
# define rotater64(x,y) rotrFixed(x,y)
#endif
#define G256(G0, G1, G2, G3, C0, C1) \
G0 += G1; \
G1 = rotatel64(G1, C0) ^ G0; \
G2 += G3; \
G3 = rotatel64(G3, C1) ^ G2;
#define IG256(G0, G1, G2, G3, C0, C1) \
G3 = rotater64(G3 ^ G2, C1); \
G2 -= G3; \
G1 = rotater64(G1 ^ G0, C0); \
G0 -= G1; \
#define KS256(r) \
G0 += m_rkey[(r + 1) % 5]; \
G1 += m_rkey[(r + 2) % 5] + m_tweak[(r + 1) % 3]; \
G2 += m_rkey[(r + 3) % 5] + m_tweak[(r + 2) % 3]; \
G3 += m_rkey[(r + 4) % 5] + r + 1;
#define IKS256(r) \
G0 -= m_rkey[(r + 1) % 5]; \
G1 -= (m_rkey[(r + 2) % 5] + m_tweak[(r + 1) % 3]); \
G2 -= (m_rkey[(r + 3) % 5] + m_tweak[(r + 2) % 3]); \
G3 -= (m_rkey[(r + 4) % 5] + r + 1);
#define G256x8(r) \
G256(G0, G1, G2, G3, 14, 16); \
G256(G0, G3, G2, G1, 52, 57); \
G256(G0, G1, G2, G3, 23, 40); \
G256(G0, G3, G2, G1, 5, 37); \
KS256(r); \
G256(G0, G1, G2, G3, 25, 33); \
G256(G0, G3, G2, G1, 46, 12); \
G256(G0, G1, G2, G3, 58, 22); \
G256(G0, G3, G2, G1, 32, 32); \
KS256(r + 1);
#define IG256x8(r) \
IG256(G0, G3, G2, G1, 32, 32); \
IG256(G0, G1, G2, G3, 58, 22); \
IG256(G0, G3, G2, G1, 46, 12); \
IG256(G0, G1, G2, G3, 25, 33); \
IKS256(r); \
IG256(G0, G3, G2, G1, 5, 37); \
IG256(G0, G1, G2, G3, 23, 40); \
IG256(G0, G3, G2, G1, 52, 57); \
IG256(G0, G1, G2, G3, 14, 16); \
IKS256(r - 1);
#define IG512(G0, G1, G2, G3, G4, G5, G6, G7, C0, C1, C2, C3) \
G7 = rotater64(G7 ^ G6, C3); \
G6 -= G7; \
G5 = rotater64(G5 ^ G4, C2); \
G4 -= G5; \
G3 = rotater64(G3 ^ G2, C1); \
G2 -= G3; \
G1 = rotater64(G1 ^ G0, C0); \
G0 -= G1;
#define G512(G0, G1, G2, G3, G4, G5, G6, G7, C0, C1, C2, C3) \
G0 += G1; \
G1 = rotatel64(G1, C0) ^ G0; \
G2 += G3; \
G3 = rotatel64(G3, C1) ^ G2; \
G4 += G5; \
G5 = rotatel64(G5, C2) ^ G4; \
G6 += G7; \
G7 = rotatel64(G7, C3) ^ G6;
#define IKS512(r) \
G0 -= m_rkey[(r + 1) % 9]; \
G1 -= m_rkey[(r + 2) % 9]; \
G2 -= m_rkey[(r + 3) % 9]; \
G3 -= m_rkey[(r + 4) % 9]; \
G4 -= m_rkey[(r + 5) % 9]; \
G5 -= (m_rkey[(r + 6) % 9] + m_tweak[(r + 1) % 3]); \
G6 -= (m_rkey[(r + 7) % 9] + m_tweak[(r + 2) % 3]); \
G7 -= (m_rkey[(r + 8) % 9] + r + 1);
#define KS512(r) \
G0 += m_rkey[(r + 1) % 9]; \
G1 += m_rkey[(r + 2) % 9]; \
G2 += m_rkey[(r + 3) % 9]; \
G3 += m_rkey[(r + 4) % 9]; \
G4 += m_rkey[(r + 5) % 9]; \
G5 += m_rkey[(r + 6) % 9] + m_tweak[(r + 1) % 3]; \
G6 += m_rkey[(r + 7) % 9] + m_tweak[(r + 2) % 3]; \
G7 += m_rkey[(r + 8) % 9] + r + 1;
#define IG512x8(r) \
IG512(G6, G1, G0, G7, G2, G5, G4, G3, 8, 35, 56, 22); \
IG512(G4, G1, G6, G3, G0, G5, G2, G7, 25, 29, 39, 43); \
IG512(G2, G1, G4, G7, G6, G5, G0, G3, 13, 50, 10, 17); \
IG512(G0, G1, G2, G3, G4, G5, G6, G7, 39, 30, 34, 24); \
IKS512(r) \
IG512(G6, G1, G0, G7, G2, G5, G4, G3, 44, 9, 54, 56); \
IG512(G4, G1, G6, G3, G0, G5, G2, G7, 17, 49, 36, 39); \
IG512(G2, G1, G4, G7, G6, G5, G0, G3, 33, 27, 14, 42); \
IG512(G0, G1, G2, G3, G4, G5, G6, G7, 46, 36, 19, 37); \
IKS512(r - 1)
#define G512x8(r) \
G512(G0, G1, G2, G3, G4, G5, G6, G7, 46, 36, 19, 37); \
G512(G2, G1, G4, G7, G6, G5, G0, G3, 33, 27, 14, 42); \
G512(G4, G1, G6, G3, G0, G5, G2, G7, 17, 49, 36, 39); \
G512(G6, G1, G0, G7, G2, G5, G4, G3, 44, 9, 54, 56); \
KS512(r) \
G512(G0, G1, G2, G3, G4, G5, G6, G7, 39, 30, 34, 24); \
G512(G2, G1, G4, G7, G6, G5, G0, G3, 13, 50, 10, 17); \
G512(G4, G1, G6, G3, G0, G5, G2, G7, 25, 29, 39, 43); \
G512(G6, G1, G0, G7, G2, G5, G4, G3, 8, 35, 56, 22); \
KS512(r + 1)
#define IG1024(G0, G1, G2, G3, G4, G5, G6, G7, G8, G9, G10, G11, G12, G13, G14, G15, C1, C2, C3, C4, C5, C6, C7, C8) \
G15 = rotater64(G15 ^ G14, C8); \
G14 -= G15; \
G13 = rotater64(G13 ^ G12, C7); \
G12 -= G13; \
G11 = rotater64(G11 ^ G10, C6); \
G10 -= G11; \
G9 = rotater64(G9 ^ G8, C5); \
G8 -= G9; \
G7 = rotater64(G7 ^ G6, C4); \
G6 -= G7; \
G5 = rotater64(G5 ^ G4, C3); \
G4 -= G5; \
G3 = rotater64(G3 ^ G2, C2); \
G2 -= G3; \
G1 = rotater64(G1 ^ G0, C1); \
G0 -= G1;
#define G1024(G0, G1, G2, G3, G4, G5, G6, G7, G8, G9, G10, G11, G12, G13, G14, G15, C1, C2, C3, C4, C5, C6, C7, C8) \
G0 += G1; \
G1 = rotatel64(G1, C1) ^ G0; \
G2 += G3; \
G3 = rotatel64(G3, C2) ^ G2; \
G4 += G5; \
G5 = rotatel64(G5, C3) ^ G4; \
G6 += G7; \
G7 = rotatel64(G7, C4) ^ G6; \
G8 += G9; \
G9 = rotatel64(G9, C5) ^ G8; \
G10 += G11; \
G11 = rotatel64(G11, C6) ^ G10; \
G12 += G13; \
G13 = rotatel64(G13, C7) ^ G12; \
G14 += G15; \
G15 = rotatel64(G15, C8) ^ G14;
#define IKS1024(r) \
G0 -= m_rkey[(r + 1) % 17]; \
G1 -= m_rkey[(r + 2) % 17]; \
G2 -= m_rkey[(r + 3) % 17]; \
G3 -= m_rkey[(r + 4) % 17]; \
G4 -= m_rkey[(r + 5) % 17]; \
G5 -= m_rkey[(r + 6) % 17]; \
G6 -= m_rkey[(r + 7) % 17]; \
G7 -= m_rkey[(r + 8) % 17]; \
G8 -= m_rkey[(r + 9) % 17]; \
G9 -= m_rkey[(r + 10) % 17]; \
G10 -= m_rkey[(r + 11) % 17]; \
G11 -= m_rkey[(r + 12) % 17]; \
G12 -= m_rkey[(r + 13) % 17]; \
G13 -= (m_rkey[(r + 14) % 17] + m_tweak[(r + 1) % 3]); \
G14 -= (m_rkey[(r + 15) % 17] + m_tweak[(r + 2) % 3]); \
G15 -= (m_rkey[(r + 16) % 17] + r + 1);
#define KS1024(r) \
G0 += m_rkey[(r + 1) % 17]; \
G1 += m_rkey[(r + 2) % 17]; \
G2 += m_rkey[(r + 3) % 17]; \
G3 += m_rkey[(r + 4) % 17]; \
G4 += m_rkey[(r + 5) % 17]; \
G5 += m_rkey[(r + 6) % 17]; \
G6 += m_rkey[(r + 7) % 17]; \
G7 += m_rkey[(r + 8) % 17]; \
G8 += m_rkey[(r + 9) % 17]; \
G9 += m_rkey[(r + 10) % 17]; \
G10 += m_rkey[(r + 11) % 17]; \
G11 += m_rkey[(r + 12) % 17]; \
G12 += m_rkey[(r + 13) % 17]; \
G13 += m_rkey[(r + 14) % 17] + m_tweak[(r + 1) % 3]; \
G14 += m_rkey[(r + 15) % 17] + m_tweak[(r + 2) % 3]; \
G15 += m_rkey[(r + 16) % 17] + r + 1;
#define IG1024x8(r) \
IG1024(G0, G15, G2, G11, G6, G13, G4, G9, G14, G1, G8, G5, G10, G3, G12, G7, 9, 48, 35, 52, 23, 31, 37, 20); \
IG1024(G0, G7, G2, G5, G4, G3, G6, G1, G12, G15, G14, G13, G8, G11, G10, G9, 31, 44, 47, 46, 19, 42, 44, 25); \
IG1024(G0, G9, G2, G13, G6, G11, G4, G15, G10, G7, G12, G3, G14, G5, G8, G1, 16, 34, 56, 51, 4, 53, 42, 41); \
IG1024(G0, G1, G2, G3, G4, G5, G6, G7, G8, G9, G10, G11, G12, G13, G14, G15, 41, 9, 37, 31, 12, 47, 44, 30); \
IKS1024(r); \
IG1024(G0, G15, G2, G11, G6, G13, G4, G9, G14, G1, G8, G5, G10, G3, G12, G7, 5, 20, 48, 41, 47, 28, 16, 25); \
IG1024(G0, G7, G2, G5, G4, G3, G6, G1, G12, G15, G14, G13, G8, G11, G10, G9, 33, 4, 51, 13, 34, 41, 59, 17); \
IG1024(G0, G9, G2, G13, G6, G11, G4, G15, G10, G7, G12, G3, G14, G5, G8, G1, 38, 19, 10, 55, 49, 18, 23, 52); \
IG1024(G0, G1, G2, G3, G4, G5, G6, G7, G8, G9, G10, G11, G12, G13, G14, G15, 24, 13, 8, 47, 8, 17, 22, 37); \
IKS1024(r - 1);
#define G1024x8(r) \
G1024(G0, G1, G2, G3, G4, G5, G6, G7, G8, G9, G10, G11, G12, G13, G14, G15, 24, 13, 8, 47, 8, 17, 22, 37); \
G1024(G0, G9, G2, G13, G6, G11, G4, G15, G10, G7, G12, G3, G14, G5, G8, G1, 38, 19, 10, 55, 49, 18, 23, 52); \
G1024(G0, G7, G2, G5, G4, G3, G6, G1, G12, G15, G14, G13, G8, G11, G10, G9, 33, 4, 51, 13, 34, 41, 59, 17); \
G1024(G0, G15, G2, G11, G6, G13, G4, G9, G14, G1, G8, G5, G10, G3, G12, G7, 5, 20, 48, 41, 47, 28, 16, 25); \
KS1024(r); \
G1024(G0, G1, G2, G3, G4, G5, G6, G7, G8, G9, G10, G11, G12, G13, G14, G15, 41, 9, 37, 31, 12, 47, 44, 30); \
G1024(G0, G9, G2, G13, G6, G11, G4, G15, G10, G7, G12, G3, G14, G5, G8, G1, 16, 34, 56, 51, 4, 53, 42, 41); \
G1024(G0, G7, G2, G5, G4, G3, G6, G1, G12, G15, G14, G13, G8, G11, G10, G9, 31, 44, 47, 46, 19, 42, 44, 25); \
G1024(G0, G15, G2, G11, G6, G13, G4, G9, G14, G1, G8, G5, G10, G3, G12, G7, 9, 48, 35, 52, 23, 31, 37, 20); \
KS1024(r + 1);
ANONYMOUS_NAMESPACE_END
///////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////
NAMESPACE_BEGIN(CryptoPP)
void Threefish::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params)
{
switch (keylen)
{
case 32: // 256
m_rkey.New(5);
m_wspace.New(4);
m_blocksize = 32;
GetUserKey(LITTLE_ENDIAN_ORDER, m_rkey.begin(), 4, key, 32);
m_rkey[4] = W64LIT(0x1BD11BDAA9FC1A22) ^ m_rkey[0] ^ m_rkey[1] ^ m_rkey[2] ^ m_rkey[3];
break;
case 64: // 512
m_rkey.New(9);
m_wspace.New(8);
m_blocksize = 64;
GetUserKey(LITTLE_ENDIAN_ORDER, m_rkey.begin(), 8, key, 64);
m_rkey[8] = W64LIT(0x1BD11BDAA9FC1A22) ^ m_rkey[0] ^ m_rkey[1] ^ m_rkey[2] ^ m_rkey[3] ^ m_rkey[4] ^
m_rkey[5] ^ m_rkey[6] ^ m_rkey[7];
break;
case 128: // 128
m_rkey.New(17);
m_wspace.New(16);
m_blocksize = 128;
GetUserKey(LITTLE_ENDIAN_ORDER, m_rkey.begin(), 16, key, 128);
m_rkey[16] = W64LIT(0x1BD11BDAA9FC1A22) ^ m_rkey[0] ^ m_rkey[1] ^ m_rkey[2] ^ m_rkey[3] ^ m_rkey[4] ^
m_rkey[5] ^ m_rkey[6] ^ m_rkey[7] ^ m_rkey[8] ^ m_rkey[9] ^ m_rkey[10] ^ m_rkey[11] ^ m_rkey[12] ^
m_rkey[13] ^ m_rkey[14] ^ m_rkey[15];
break;
default:
CRYPTOPP_ASSERT(0);
}
m_tweak.New(3);
ConstByteArrayParameter t;
if (params.GetValue(Name::Tweak(), t))
{
CRYPTOPP_ASSERT(t.size() == 16);
GetUserKey(LITTLE_ENDIAN_ORDER, m_tweak.begin(), 2, t.begin(), 16);
m_tweak[2] = m_tweak[0] ^ m_tweak[1];
}
else
{
::memset(m_tweak.begin(), 0x00, 24);
}
}
void Threefish::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
switch(m_blocksize)
{
case 32:
ProcessAndXorBlock_256(inBlock, xorBlock, outBlock);
break;
case 64:
ProcessAndXorBlock_512(inBlock, xorBlock, outBlock);
break;
case 128:
ProcessAndXorBlock_1024(inBlock, xorBlock, outBlock);
break;
default:
CRYPTOPP_ASSERT(0);
}
}
void Threefish::Enc::ProcessAndXorBlock_256(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
word64 &G0=m_wspace[0], &G1=m_wspace[1], &G2=m_wspace[2], &G3=m_wspace[3];
// Reverse bytes on BigEndian; Align pointer on LittleEndian
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock);
iblk(G0)(G1)(G2)(G3);
G0 += m_rkey[0]; G1 += m_rkey[1]; G2 += m_rkey[2]; G3 += m_rkey[3];
G1 += m_tweak[0]; G2 += m_tweak[1];
G256x8(0); G256x8(2); G256x8(4); G256x8(6); G256x8(8);
G256x8(10); G256x8(12); G256x8(14); G256x8(16);
// Reverse bytes on BigEndian; Align pointer on LittleEndian
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock);
oblk(G0)(G1)(G2)(G3);
}
void Threefish::Enc::ProcessAndXorBlock_512(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
word64 &G0=m_wspace[0], &G1=m_wspace[1], &G2=m_wspace[2], &G3=m_wspace[3];
word64 &G4=m_wspace[4], &G5=m_wspace[5], &G6=m_wspace[6], &G7=m_wspace[7];
// Reverse bytes on BigEndian; Align pointer on LittleEndian
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock);
iblk(G0)(G1)(G2)(G3)(G4)(G5)(G6)(G7);
// 34 integer instructions total
G0 += m_rkey[0]; G1 += m_rkey[1]; G2 += m_rkey[2]; G3 += m_rkey[3];
G4 += m_rkey[4]; G5 += m_rkey[5]; G6 += m_rkey[6]; G7 += m_rkey[7];
G5 += m_tweak[0]; G6 += m_tweak[1];
G512x8(0); G512x8(2); G512x8(4); G512x8(6); G512x8(8);
G512x8(10); G512x8(12); G512x8(14); G512x8(16);
// Reverse bytes on BigEndian; Align pointer on LittleEndian
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock);
oblk(G0)(G1)(G2)(G3)(G4)(G5)(G6)(G7);
}
void Threefish::Enc::ProcessAndXorBlock_1024(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
word64 &G0=m_wspace[0], &G1=m_wspace[1], &G2=m_wspace[2], &G3=m_wspace[3];
word64 &G4=m_wspace[4], &G5=m_wspace[5], &G6=m_wspace[6], &G7=m_wspace[7];
word64 &G8=m_wspace[8], &G9=m_wspace[9], &G10=m_wspace[10], &G11=m_wspace[11];
word64 &G12=m_wspace[12], &G13=m_wspace[13], &G14=m_wspace[14], &G15=m_wspace[15];
// Reverse bytes on BigEndian; Align pointer on LittleEndian
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock);
iblk(G0)(G1)(G2)(G3)(G4)(G5)(G6)(G7)(G8)(G9)(G10)(G11)(G12)(G13)(G14)(G15);
G0 += m_rkey[0]; G1 += m_rkey[1]; G2 += m_rkey[2]; G3 += m_rkey[3];
G4 += m_rkey[4]; G5 += m_rkey[5]; G6 += m_rkey[6]; G7 += m_rkey[7];
G8 += m_rkey[8]; G9 += m_rkey[9]; G10 += m_rkey[10]; G11 += m_rkey[11];
G12 += m_rkey[12]; G13 += m_rkey[13]; G14 += m_rkey[14]; G15 += m_rkey[15];
G13 += m_tweak[0]; G14 += m_tweak[1];
G1024x8(0); G1024x8(2); G1024x8(4); G1024x8(6); G1024x8(8);
G1024x8(10); G1024x8(12); G1024x8(14); G1024x8(16); G1024x8(18);
// Reverse bytes on BigEndian; Align pointer on LittleEndian
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock);
oblk(G0)(G1)(G2)(G3)(G4)(G5)(G6)(G7)(G8)(G9)(G10)(G11)(G12)(G13)(G14)(G15);
}
void Threefish::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
switch(m_blocksize)
{
case 32:
ProcessAndXorBlock_256(inBlock, xorBlock, outBlock);
break;
case 64:
ProcessAndXorBlock_512(inBlock, xorBlock, outBlock);
break;
case 128:
ProcessAndXorBlock_1024(inBlock, xorBlock, outBlock);
break;
default:
CRYPTOPP_ASSERT(0);
}
}
void Threefish::Dec::ProcessAndXorBlock_256(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
word64 &G0=m_wspace[0], &G1=m_wspace[1], &G2=m_wspace[2], &G3=m_wspace[3];
// Reverse bytes on BigEndian; Align pointer on LittleEndian
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock);
iblk(G0)(G1)(G2)(G3);
G0 -= m_rkey[3]; G1 -= m_rkey[4]; G2 -= m_rkey[0]; G3 -= m_rkey[1];
G1 -= m_tweak[0]; G2 -= m_tweak[1]; G3 -= 18;
IG256x8(16); IG256x8(14); IG256x8(12); IG256x8(10);
IG256x8(8); IG256x8(6); IG256x8(4); IG256x8(2); IG256x8(0);
// Reverse bytes on BigEndian; Align pointer on LittleEndian
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock);
oblk(G0)(G1)(G2)(G3);
}
void Threefish::Dec::ProcessAndXorBlock_512(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
word64 &G0=m_wspace[0], &G1=m_wspace[1], &G2=m_wspace[2], &G3=m_wspace[3];
word64 &G4=m_wspace[4], &G5=m_wspace[5], &G6=m_wspace[6], &G7=m_wspace[7];
// Reverse bytes on BigEndian; Align pointer on LittleEndian
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock);
iblk(G0)(G1)(G2)(G3)(G4)(G5)(G6)(G7);
G0 -= m_rkey[0]; G1 -= m_rkey[1]; G2 -= m_rkey[2]; G3 -= m_rkey[3];
G4 -= m_rkey[4]; G5 -= m_rkey[5]; G6 -= m_rkey[6]; G7 -= m_rkey[7];
G5 -= m_tweak[0]; G6 -= m_tweak[1]; G7 -= 18;
IG512x8(16); IG512x8(14); IG512x8(12); IG512x8(10);
IG512x8(8); IG512x8(6); IG512x8(4); IG512x8(2); IG512x8(0);
// Reverse bytes on BigEndian; Align pointer on LittleEndian
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock);
oblk(G0)(G1)(G2)(G3)(G4)(G5)(G6)(G7);
}
void Threefish::Dec::ProcessAndXorBlock_1024(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
word64 &G0=m_wspace[0], &G1=m_wspace[1], &G2=m_wspace[2], &G3=m_wspace[3];
word64 &G4=m_wspace[4], &G5=m_wspace[5], &G6=m_wspace[6], &G7=m_wspace[7];
word64 &G8=m_wspace[8], &G9=m_wspace[9], &G10=m_wspace[10], &G11=m_wspace[11];
word64 &G12=m_wspace[12], &G13=m_wspace[13], &G14=m_wspace[14], &G15=m_wspace[15];
// Reverse bytes on BigEndian; Align pointer on LittleEndian
typedef GetBlock<word64, LittleEndian, false> InBlock;
InBlock iblk(inBlock);
iblk(G0)(G1)(G2)(G3)(G4)(G5)(G6)(G7)(G8)(G9)(G10)(G11)(G12)(G13)(G14)(G15);
G0 -= m_rkey[3]; G1 -= m_rkey[4]; G2 -= m_rkey[5]; G3 -= m_rkey[6];
G4 -= m_rkey[7]; G5 -= m_rkey[8]; G6 -= m_rkey[9]; G7 -= m_rkey[10];
G8 -= m_rkey[11]; G9 -= m_rkey[12]; G10 -= m_rkey[13]; G11 -= m_rkey[14];
G12 -= m_rkey[15]; G13 -= m_rkey[16]; G14 -= m_rkey[0]; G15 -= m_rkey[1];
G13 -= m_tweak[2]; G14 -= m_tweak[0]; G15 -= 20;
IG1024x8(18); IG1024x8(16); IG1024x8(14); IG1024x8(12); IG1024x8(10);
IG1024x8(8); IG1024x8(6); IG1024x8(4); IG1024x8(2); IG1024x8(0);
// Reverse bytes on BigEndian; Align pointer on LittleEndian
typedef PutBlock<word64, LittleEndian, false> OutBlock;
OutBlock oblk(xorBlock, outBlock);
oblk(G0)(G1)(G2)(G3)(G4)(G5)(G6)(G7)(G8)(G9)(G10)(G11)(G12)(G13)(G14)(G15);
}
NAMESPACE_END

118
threefish.h Normal file
View File

@ -0,0 +1,118 @@
// threefish.h - written and placed in the public domain by Jeffrey Walton
// Based on public domain code by Keru Kuro. Kuro's code is
// available at http://cppcrypto.sourceforge.net/.
//! \file Threefish.h
//! \brief Classes for the Threefish block cipher
//! \since Crypto++ 6.0
#ifndef CRYPTOPP_THREEFISH_H
#define CRYPTOPP_THREEFISH_H
#include "config.h"
#include "seckey.h"
#include "secblock.h"
NAMESPACE_BEGIN(CryptoPP)
//! \class Threefish_Info
//! \brief Threefish block cipher information
//! \tparam SIZE block and key size, in bytes
//! \note Crypto++ provides a byte oriented implementation
//! \since Crypto++ 6.0
struct Threefish_Info : public VariableBlockSize<32, 32, 128>
{
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "Threefish";}
//! \brief The minimum key length used by the algorithm provided as a constant
//! \details MIN_KEYLENGTH is provided in bytes, not bits
CRYPTOPP_CONSTANT(MIN_KEYLENGTH=32)
//! \brief The maximum key length used by the algorithm provided as a constant
//! \details MIN_KEYLENGTH is provided in bytes, not bits
CRYPTOPP_CONSTANT(MAX_KEYLENGTH=128)
//! \brief The default key length used by the algorithm provided as a constant
//! \details MIN_KEYLENGTH is provided in bytes, not bits
CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=32)
//! \brief The default IV requirements for the algorithm provided as a constant
//! \details The default value is NOT_RESYNCHRONIZABLE. See IV_Requirement
//! in cryptlib.h for allowed values.
CRYPTOPP_CONSTANT(IV_REQUIREMENT=SimpleKeyingInterface::UNIQUE_IV)
//! \brief The default initialization vector length for the algorithm provided as a constant
//! \details IV_LENGTH is provided in bytes, not bits.
CRYPTOPP_CONSTANT(IV_LENGTH=32)
//! \brief Provides a valid key length for the algorithm provided by a static function.
//! \param keylength the size of the key, in bytes
//! \details Threefish uses 256, 512 and 1024-bit keys. The block size follows key length.
CRYPTOPP_STATIC_CONSTEXPR size_t CRYPTOPP_API StaticGetValidKeyLength(size_t keylength)
{
// Valid key lengths are 256, 512 and 1024 bits
return (keylength >= 128) ? 128 :
(keylength >= 64) ? 64 : 32;
}
CRYPTOPP_STATIC_CONSTEXPR size_t CRYPTOPP_API StaticGetValidBlockSize(size_t keylength)
{
return (keylength >= 128) ? 128 :
(keylength >= 64) ? 64 : 32;
}
};
//! \class Threefish1024
//! \brief Threefish-1024 block cipher
//! \sa <a href="http://www.weidai.com/scan-mirror/cs.html#Threefish">Threefish</a>
//! \since Crypto++ 6.0
class Threefish : public Threefish_Info, public BlockCipherDocumentation
{
public:
class CRYPTOPP_NO_VTABLE Base : public VariableBlockCipherImpl<Threefish_Info>
{
public:
std::string AlgorithmName() const {
// Key length is the same as blocksize
return m_blocksize ? "Threefish-" + IntToString(m_blocksize*8) : StaticAlgorithmName();
}
unsigned int OptimalDataAlignment() const {
return GetAlignmentOf<word64>();
}
protected:
void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params);
typedef SecBlock<word64, AllocatorWithCleanup<word64, true> > AlignedSecBlock64;
mutable AlignedSecBlock64 m_wspace; // workspace
AlignedSecBlock64 m_rkey; // keys
AlignedSecBlock64 m_tweak;
};
class CRYPTOPP_NO_VTABLE Enc : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
void ProcessAndXorBlock_256(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
void ProcessAndXorBlock_512(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
void ProcessAndXorBlock_1024(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
class CRYPTOPP_NO_VTABLE Dec : public Base
{
protected:
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
void ProcessAndXorBlock_256(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
void ProcessAndXorBlock_512(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
void ProcessAndXorBlock_1024(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
};
public:
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
};
typedef Threefish::Encryption ThreefishEncryption;
typedef Threefish::Decryption ThreefishDecryption;
NAMESPACE_END
#endif // CRYPTOPP_THREEFISH_H

4767
validat0.cpp
View File

File diff suppressed because it is too large Load Diff

784
validat1.cpp
View File

File diff suppressed because it is too large Load Diff

160
validat2.cpp
View File

@ -47,7 +47,7 @@
#include "validate.h"
// Aggressive stack checking with VS2005 SP1 and above.
#if (CRYPTOPP_MSC_VERSION >= 1410)
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
@ -322,8 +322,8 @@ bool ValidateRSA()
pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
}
{
RSAES<OAEP<SHA> >::Decryptor rsaPriv(GlobalRNG(), 512);
RSAES<OAEP<SHA> >::Encryptor rsaPub(rsaPriv);
RSAES<OAEP<SHA1> >::Decryptor rsaPriv(GlobalRNG(), 512);
RSAES<OAEP<SHA1> >::Encryptor rsaPub(rsaPriv);
pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
}
@ -679,16 +679,16 @@ bool ValidateNR()
bool pass = true;
{
FileSource f(CRYPTOPP_DATA_DIR "TestData/nr2048.dat", true, new HexDecoder);
NR<SHA>::Signer privS(f);
NR<SHA1>::Signer privS(f);
privS.AccessKey().Precompute();
NR<SHA>::Verifier pubS(privS);
NR<SHA1>::Verifier pubS(privS);
pass = SignatureValidate(privS, pubS) && pass;
}
{
std::cout << "Generating new signature key..." << std::endl;
NR<SHA>::Signer privS(GlobalRNG(), 256);
NR<SHA>::Verifier pubS(privS);
NR<SHA1>::Signer privS(GlobalRNG(), 256);
NR<SHA1>::Verifier pubS(privS);
pass = SignatureValidate(privS, pubS) && pass;
}
@ -736,8 +736,8 @@ bool ValidateLUC_DL()
std::cout << "\nLUC-HMP validation suite running...\n\n";
FileSource f(CRYPTOPP_DATA_DIR "TestData/lucs512.dat", true, new HexDecoder);
LUC_HMP<SHA>::Signer privS(f);
LUC_HMP<SHA>::Verifier pubS(privS);
LUC_HMP<SHA1>::Signer privS(f);
LUC_HMP<SHA1>::Verifier pubS(privS);
bool pass = SignatureValidate(privS, pubS);
std::cout << "\nLUC-IES validation suite running...\n\n";
@ -757,13 +757,13 @@ bool ValidateRabin()
{
FileSource f(CRYPTOPP_DATA_DIR "TestData/rabi1024.dat", true, new HexDecoder);
RabinSS<PSSR, SHA>::Signer priv(f);
RabinSS<PSSR, SHA>::Verifier pub(priv);
RabinSS<PSSR, SHA1>::Signer priv(f);
RabinSS<PSSR, SHA1>::Verifier pub(priv);
pass = SignatureValidate(priv, pub) && pass;
}
{
RabinES<OAEP<SHA> >::Decryptor priv(GlobalRNG(), 512);
RabinES<OAEP<SHA> >::Encryptor pub(priv);
RabinES<OAEP<SHA1> >::Decryptor priv(GlobalRNG(), 512);
RabinES<OAEP<SHA1> >::Encryptor pub(priv);
pass = CryptoSystemValidate(priv, pub) && pass;
}
return pass;
@ -774,8 +774,8 @@ bool ValidateRW()
std::cout << "\nRW validation suite running...\n\n";
FileSource f(CRYPTOPP_DATA_DIR "TestData/rw1024.dat", true, new HexDecoder);
RWSS<PSSR, SHA>::Signer priv(f);
RWSS<PSSR, SHA>::Verifier pub(priv);
RWSS<PSSR, SHA1>::Signer priv(f);
RWSS<PSSR, SHA1>::Verifier pub(priv);
return SignatureValidate(priv, pub);
}
@ -793,120 +793,6 @@ bool ValidateBlumGoldwasser()
}
*/
#if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_IMPORTS)
// Issue 64: "PolynomialMod2::operator<<=", http://github.com/weidai11/cryptopp/issues/64
bool TestPolynomialMod2()
{
bool pass1 = true, pass2 = true, pass3 = true;
std::cout << "\nTesting PolynomialMod2 bit operations...\n\n";
static const unsigned int start = 0;
static const unsigned int stop = 4 * WORD_BITS + 1;
for (unsigned int i=start; i < stop; i++)
{
PolynomialMod2 p(1);
p <<= i;
Integer n(Integer::One());
n <<= i;
std::ostringstream oss1;
oss1 << p;
std::string str1, str2;
// str1 needs the commas removed used for grouping
str1 = oss1.str();
str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
// str1 needs the trailing 'b' removed
str1.erase(str1.end() - 1);
// str2 is fine as-is
str2 = IntToString(n, 2);
pass1 &= (str1 == str2);
}
for (unsigned int i=start; i < stop; i++)
{
const word w((word)SIZE_MAX);
PolynomialMod2 p(w);
p <<= i;
Integer n(Integer::POSITIVE, static_cast<lword>(w));
n <<= i;
std::ostringstream oss1;
oss1 << p;
std::string str1, str2;
// str1 needs the commas removed used for grouping
str1 = oss1.str();
str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
// str1 needs the trailing 'b' removed
str1.erase(str1.end() - 1);
// str2 is fine as-is
str2 = IntToString(n, 2);
pass2 &= (str1 == str2);
}
RandomNumberGenerator& prng = GlobalRNG();
for (unsigned int i=start; i < stop; i++)
{
word w; // Cast to lword due to Visual Studio
prng.GenerateBlock((byte*)&w, sizeof(w));
PolynomialMod2 p(w);
p <<= i;
Integer n(Integer::POSITIVE, static_cast<lword>(w));
n <<= i;
std::ostringstream oss1;
oss1 << p;
std::string str1, str2;
// str1 needs the commas removed used for grouping
str1 = oss1.str();
str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
// str1 needs the trailing 'b' removed
str1.erase(str1.end() - 1);
// str2 is fine as-is
str2 = IntToString(n, 2);
if (str1 != str2)
{
std::cout << " Oops..." << "\n";
std::cout << " random: " << std::hex << n << std::dec << "\n";
std::cout << " str1: " << str1 << "\n";
std::cout << " str2: " << str2 << "\n";
}
pass3 &= (str1 == str2);
}
std::cout << (!pass1 ? "FAILED" : "passed") << ": " << "1 shifted over range [" << std::dec << start << "," << stop << "]" << "\n";
std::cout << (!pass2 ? "FAILED" : "passed") << ": " << "0x" << std::hex << word(SIZE_MAX) << std::dec << " shifted over range [" << start << "," << stop << "]" << "\n";
std::cout << (!pass3 ? "FAILED" : "passed") << ": " << "random values shifted over range [" << std::dec << start << "," << stop << "]" << "\n";
if (!(pass1 && pass2 && pass3))
std::cout.flush();
return pass1 && pass2 && pass3;
}
#endif
bool ValidateECP()
{
std::cout << "\nECP validation suite running...\n\n";
@ -917,8 +803,8 @@ bool ValidateECP()
cpriv.GetKey().DEREncode(bq);
cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
cpub.GetKey().DEREncode(bq);
ECDSA<ECP, SHA>::Signer spriv(bq);
ECDSA<ECP, SHA>::Verifier spub(bq);
ECDSA<ECP, SHA1>::Signer spriv(bq);
ECDSA<ECP, SHA1>::Verifier spub(bq);
ECDH<ECP>::Domain ecdhc(ASN1::secp192r1());
ECMQV<ECP>::Domain ecmqvc(ASN1::secp192r1());
@ -966,8 +852,8 @@ bool ValidateEC2N()
cpriv.DEREncode(bq);
cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
cpub.DEREncode(bq);
ECDSA<EC2N, SHA>::Signer spriv(bq);
ECDSA<EC2N, SHA>::Verifier spub(bq);
ECDSA<EC2N, SHA1>::Signer spriv(bq);
ECDSA<EC2N, SHA1>::Verifier spub(bq);
ECDH<EC2N>::Domain ecdhc(ASN1::sect193r1());
ECMQV<EC2N>::Domain ecmqvc(ASN1::sect193r1());
@ -1023,8 +909,8 @@ bool ValidateECDSA()
Integer n("40000000000000000000000004a20e90c39067c893bbb9a5H");
Integer d("340562e1dda332f9d2aec168249b5696ee39d0ed4d03760fH");
EC2N::Point Q(ec.Multiply(d, P));
ECDSA<EC2N, SHA>::Signer priv(ec, P, n, d);
ECDSA<EC2N, SHA>::Verifier pub(priv);
ECDSA<EC2N, SHA1>::Signer priv(ec, P, n, d);
ECDSA<EC2N, SHA1>::Verifier pub(priv);
Integer h("A9993E364706816ABA3E25717850C26C9CD0D89DH");
Integer k("3eeace72b4919d991738d521879f787cb590aff8189d2b69H");
@ -1416,8 +1302,8 @@ bool ValidateESIGN()
"\x79\xA2\xE5\x52\x20\x5D\x97\x5E\xFE\x39\xAE\x21\x10\xFB\x35\xF4\x80\x81\x41\x13\xDD\xE8\x5F\xCA\x1E\x4F\xF8\x9B\xB2\x68\xFB\x28";
FileSource keys(CRYPTOPP_DATA_DIR "TestData/esig1536.dat", true, new HexDecoder);
ESIGN<SHA>::Signer signer(keys);
ESIGN<SHA>::Verifier verifier(signer);
ESIGN<SHA1>::Signer signer(keys);
ESIGN<SHA1>::Verifier verifier(signer);
fail = !SignatureValidate(signer, verifier);
pass = pass && !fail;

118
validat3.cpp
View File

@ -40,7 +40,7 @@
#include "validate.h"
// Aggressive stack checking with VS2005 SP1 and above.
#if (CRYPTOPP_MSC_VERSION >= 1410)
#if (_MSC_FULL_VER >= 140050727)
# pragma strict_gs_check (on)
#endif
@ -106,7 +106,7 @@ bool ValidateCRC32()
CRC32 crc;
std::cout << "\nCRC-32 validation suite running...\n\n";
return HashModuleTest(crc, testSet, sizeof(testSet)/sizeof(testSet[0]));
return HashModuleTest(crc, testSet, COUNTOF(testSet));
}
bool ValidateCRC32C()
@ -126,7 +126,7 @@ bool ValidateCRC32C()
CRC32C crc;
std::cout << "\nCRC-32C validation suite running...\n\n";
return HashModuleTest(crc, testSet, sizeof(testSet)/sizeof(testSet[0]));
return HashModuleTest(crc, testSet, COUNTOF(testSet));
}
bool ValidateAdler32()
@ -145,7 +145,7 @@ bool ValidateAdler32()
Adler32 md;
std::cout << "\nAdler-32 validation suite running...\n\n";
return HashModuleTest(md, testSet, sizeof(testSet)/sizeof(testSet[0]));
return HashModuleTest(md, testSet, COUNTOF(testSet));
}
bool ValidateMD2()
@ -164,7 +164,7 @@ bool ValidateMD2()
Weak::MD2 md2;
std::cout << "\nMD2 validation suite running...\n\n";
return HashModuleTest(md2, testSet, sizeof(testSet)/sizeof(testSet[0]));
return HashModuleTest(md2, testSet, COUNTOF(testSet));
}
bool ValidateMD4()
@ -183,7 +183,7 @@ bool ValidateMD4()
Weak::MD4 md4;
std::cout << "\nMD4 validation suite running...\n\n";
return HashModuleTest(md4, testSet, sizeof(testSet)/sizeof(testSet[0]));
return HashModuleTest(md4, testSet, COUNTOF(testSet));
}
bool ValidateMD5()
@ -202,7 +202,7 @@ bool ValidateMD5()
Weak::MD5 md5;
std::cout << "\nMD5 validation suite running...\n\n";
return HashModuleTest(md5, testSet, sizeof(testSet)/sizeof(testSet[0]));
return HashModuleTest(md5, testSet, COUNTOF(testSet));
}
bool ValidateSHA()
@ -236,7 +236,7 @@ bool ValidateTiger()
Tiger tiger;
return HashModuleTest(tiger, testSet, sizeof(testSet)/sizeof(testSet[0]));
return HashModuleTest(tiger, testSet, COUNTOF(testSet));
}
bool ValidateRIPEMD()
@ -297,19 +297,19 @@ bool ValidateRIPEMD()
std::cout << "\nRIPEMD-128 validation suite running...\n\n";
RIPEMD128 md128;
pass = HashModuleTest(md128, testSet128, sizeof(testSet128)/sizeof(testSet128[0])) && pass;
pass = HashModuleTest(md128, testSet128, COUNTOF(testSet128)) && pass;
std::cout << "\nRIPEMD-160 validation suite running...\n\n";
RIPEMD160 md160;
pass = HashModuleTest(md160, testSet160, sizeof(testSet160)/sizeof(testSet160[0])) && pass;
pass = HashModuleTest(md160, testSet160, COUNTOF(testSet160)) && pass;
std::cout << "\nRIPEMD-256 validation suite running...\n\n";
RIPEMD256 md256;
pass = HashModuleTest(md256, testSet256, sizeof(testSet256)/sizeof(testSet256[0])) && pass;
pass = HashModuleTest(md256, testSet256, COUNTOF(testSet256)) && pass;
std::cout << "\nRIPEMD-320 validation suite running...\n\n";
RIPEMD320 md320;
pass = HashModuleTest(md320, testSet320, sizeof(testSet320)/sizeof(testSet320[0])) && pass;
pass = HashModuleTest(md320, testSet320, COUNTOF(testSet320)) && pass;
return pass;
}
@ -543,7 +543,7 @@ bool ValidateTTMAC()
std::cout << "\nTwo-Track-MAC validation suite running...\n";
TTMAC mac(key, sizeof(key));
for (unsigned int k=0; k<sizeof(TestVals)/sizeof(TestVals[0]); k++)
for (unsigned int k = 0; k<COUNTOF(TestVals); k++)
{
mac.Update((byte *)TestVals[k], strlen(TestVals[k]));
mac.Final(digest);
@ -619,7 +619,7 @@ bool ValidatePBKDF()
PKCS12_PBKDF<SHA1> pbkdf;
std::cout << "\nPKCS #12 PBKDF validation suite running...\n\n";
pass = TestPBKDF(pbkdf, testSet, sizeof(testSet)/sizeof(testSet[0])) && pass;
pass = TestPBKDF(pbkdf, testSet, COUNTOF(testSet)) && pass;
}
{
@ -633,7 +633,7 @@ bool ValidatePBKDF()
PKCS5_PBKDF2_HMAC<SHA1> pbkdf;
std::cout << "\nPKCS #5 PBKDF2 validation suite running...\n\n";
pass = TestPBKDF(pbkdf, testSet, sizeof(testSet)/sizeof(testSet[0])) && pass;
pass = TestPBKDF(pbkdf, testSet, COUNTOF(testSet)) && pass;
}
return pass;
@ -1085,6 +1085,30 @@ bool ValidateBLAKE2s()
}
static const BLAKE2_TestTuples tests[] = {
{
NULLPTR,
NULLPTR,
"\x8F\x38",
0, 0, 2
},
{
NULLPTR,
NULLPTR,
"\x36\xE9\xD2\x46",
0, 0, 4
},
{
NULLPTR,
NULLPTR,
"\xEF\x2A\x8B\x78\xDD\x80\xDA\x9C",
0, 0, 8
},
{
NULLPTR,
NULLPTR,
"\x64\x55\x0D\x6F\xFE\x2C\x0A\x01\xA1\x4A\xBA\x1E\xAD\xE0\x20\x0C",
0, 0, 16
},
{
NULLPTR,
NULLPTR,
@ -1450,11 +1474,23 @@ bool ValidateBLAKE2s()
byte digest[BLAKE2s::DIGESTSIZE];
for (unsigned int i=0; i<COUNTOF(tests); ++i)
{
BLAKE2s blake2s((const byte*)tests[i].key, tests[i].klen);
blake2s.Update((const byte*)tests[i].message, tests[i].mlen);
blake2s.Final(digest);
// the condition is written in a way which for non-default digest sizes
// tests the BLAKE2_Base(bool treeMode, unsigned int digestSize) constructor.
// See https://github.com/weidai11/cryptopp/issues/415
if (tests[i].dlen < BLAKE2s::DIGESTSIZE && tests[i].key == NULLPTR)
{
BLAKE2s blake2s(false, (unsigned int)tests[i].dlen);
blake2s.Update((const byte*)tests[i].message, tests[i].mlen);
blake2s.Final(digest);
}
else
{
BLAKE2s blake2s((const byte*)tests[i].key, tests[i].klen, NULLPTR, 0, NULLPTR, 0, false, (unsigned int)tests[i].dlen);
blake2s.Update((const byte*)tests[i].message, tests[i].mlen);
blake2s.Final(digest);
}
fail = !!memcmp(digest, tests[i].digest, sizeof(digest)) != 0;
fail = !!memcmp(digest, tests[i].digest, tests[i].dlen) != 0;
if (fail)
{
std::cout << "FAILED " << "BLAKE2s test set " << i << std::endl;
@ -1480,6 +1516,30 @@ bool ValidateBLAKE2b()
}
static const BLAKE2_TestTuples tests[] = {
{
NULLPTR,
NULLPTR,
"\x12\x71\xCF\x25",
0, 0, 4
},
{
NULLPTR,
NULLPTR,
"\xE4\xA6\xA0\x57\x74\x79\xB2\xB4",
0, 0, 8
},
{
NULLPTR,
NULLPTR,
"\xCA\xE6\x69\x41\xD9\xEF\xBD\x40\x4E\x4D\x88\x75\x8E\xA6\x76\x70",
0, 0, 16
},
{
NULLPTR,
NULLPTR,
"\x0E\x57\x51\xC0\x26\xE5\x43\xB2\xE8\xAB\x2E\xB0\x60\x99\xDA\xA1\xD1\xE5\xDF\x47\x77\x8F\x77\x87\xFA\xAB\x45\xCD\xF1\x2F\xE3\xA8",
0, 0, 32
},
{
NULLPTR,
NULLPTR,
@ -1845,11 +1905,23 @@ bool ValidateBLAKE2b()
byte digest[BLAKE2b::DIGESTSIZE];
for (unsigned int i=0; i<COUNTOF(tests); ++i)
{
BLAKE2b blake2b((const byte*)tests[i].key, tests[i].klen);
blake2b.Update((const byte*)tests[i].message, tests[i].mlen);
blake2b.Final(digest);
// the condition is written in a way which for non-default digest sizes
// tests the BLAKE2_Base(bool treeMode, unsigned int digestSize) constructor.
// See https://github.com/weidai11/cryptopp/issues/415
if (tests[i].dlen < BLAKE2b::DIGESTSIZE && tests[i].key == NULLPTR)
{
BLAKE2b blake2b(false, (unsigned int)tests[i].dlen);
blake2b.Update((const byte*)tests[i].message, tests[i].mlen);
blake2b.Final(digest);
}
else
{
BLAKE2b blake2b((const byte*)tests[i].key, tests[i].klen, NULLPTR, 0, NULLPTR, 0, false, (unsigned int)tests[i].dlen);
blake2b.Update((const byte*)tests[i].message, tests[i].mlen);
blake2b.Final(digest);
}
fail = !!memcmp(digest, tests[i].digest, sizeof(digest)) != 0;
fail = !!memcmp(digest, tests[i].digest, tests[i].dlen) != 0;
if (fail)
{
std::cout << "FAILED " << "BLAKE2b test set " << i << std::endl;

66
validate.h
View File

@ -5,8 +5,11 @@
#define CRYPTOPP_VALIDATE_H
#include "cryptlib.h"
#include "integer.h"
#include "misc.h"
#include <iostream>
#include <sstream>
#include <iomanip>
#include <ctime>
#include <cctype>
@ -18,13 +21,12 @@ bool ValidateAll(bool thorough);
bool TestSettings();
bool TestOS_RNG();
// bool TestSecRandom();
bool TestAutoSeeded();
bool TestRandomPool();
#if !defined(NO_OS_DEPENDENCE)
bool TestAutoSeededX917();
#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
#endif
bool TestRDRAND();
bool TestRDSEED();
#endif
bool ValidateBaseCode();
bool ValidateCRC32();
@ -73,6 +75,7 @@ bool ValidateRijndael();
bool ValidateTwofish();
bool ValidateSerpent();
bool ValidateSHACAL2();
bool ValidateARIA();
bool ValidateCamellia();
bool ValidateSalsa();
bool ValidateSosemanuk();
@ -106,7 +109,12 @@ bool ValidateESIGN();
bool ValidateHashDRBG();
bool ValidateHmacDRBG();
#if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_IMPORTS)
// If CRYPTOPP_DEBUG or CRYPTOPP_COVERAGE is in effect, then perform additional tests
#if (defined(CRYPTOPP_DEBUG) || defined(CRYPTOPP_COVERAGE) || defined(CRYPTOPP_VALGRIND)) && !defined(CRYPTOPP_IMPORTS)
# define CRYPTOPP_EXTENDED_VALIDATION 1
#endif
#if defined(CRYPTOPP_EXTENDED_VALIDATION)
// http://github.com/weidai11/cryptopp/issues/92
bool TestSecBlock();
// http://github.com/weidai11/cryptopp/issues/64
@ -119,9 +127,14 @@ bool TestRounding();
bool TestHuffmanCodes();
// http://github.com/weidai11/cryptopp/issues/346
bool TestASN1Parse();
// Additional tests due to no coverage
bool TestCompressors();
bool TestEncryptors();
bool TestMersenne();
bool TestSharing();
#endif
#if 0
#if 1
// Coverity findings in benchmark and validation routines
class StreamState
{
@ -148,6 +161,7 @@ private:
};
#endif
#if 0
class StreamState
{
public:
@ -166,9 +180,10 @@ private:
std::ostream& m_out;
std::ios m_state;
};
#endif
// Safer functions on Windows for C&A, https://github.com/weidai11/cryptopp/issues/55
static std::string TimeToString(const time_t& t)
inline std::string TimeToString(const time_t& t)
{
#if (CRYPTOPP_MSC_VERSION >= 1400)
tm localTime = {};
@ -195,6 +210,43 @@ static std::string TimeToString(const time_t& t)
return str;
}
// Coverity finding
template <class T, bool NON_NEGATIVE>
inline T StringToValue(const std::string& str)
{
std::istringstream iss(str);
// Arbitrary, but we need to clear a Coverity finding TAINTED_SCALAR
if (iss.str().length() > 25)
throw InvalidArgument(str + "' is too long");
T value;
iss >> std::noskipws >> value;
// Use fail(), not bad()
if (iss.fail() || !iss.eof())
throw InvalidArgument(str + "' is not a value");
if (NON_NEGATIVE && value < 0)
throw InvalidArgument(str + "' is negative");
return value;
}
// Coverity finding
template<>
inline int StringToValue<int, true>(const std::string& str)
{
Integer n(str.c_str());
long l = n.ConvertToLong();
int r;
if (!SafeConvert(l, r))
throw InvalidArgument(str + "' is not an integer value");
return r;
}
// Functions that need a RNG; uses AES inf CFB mode with Seed.
CryptoPP::RandomNumberGenerator & GlobalRNG();

16
zinflate.cpp
View File

@ -128,6 +128,7 @@ void HuffmanDecoder::Initialize(const unsigned int *codeBits, unsigned int nCode
unsigned int len = codeBits[i];
if (len != 0)
{
CRYPTOPP_ASSERT(j < m_codeToValue.size());
code = NormalizeCode(nextCode[len]++, len);
m_codeToValue[j].code = code;
m_codeToValue[j].len = len;
@ -181,7 +182,7 @@ void HuffmanDecoder::FillCacheEntry(LookupEntry &entry, code_t normalizedCode) c
inline unsigned int HuffmanDecoder::Decode(code_t code, /* out */ value_t &value) const
{
CRYPTOPP_ASSERT(m_codeToValue.size() > 0);
CRYPTOPP_ASSERT(((int)(code & m_cacheMask)) < m_cache.size());
LookupEntry &entry = m_cache[code & m_cacheMask];
code_t normalizedCode = 0;
@ -406,7 +407,10 @@ void Inflator::DecodeHeader()
16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};
std::fill(codeLengths.begin(), codeLengths+19, 0);
for (i=0; i<hclen+4; i++)
{
CRYPTOPP_ASSERT(border[i] < codeLengths.size());
codeLengths[border[i]] = m_reader.GetBits(3);
}
try
{
@ -536,12 +540,14 @@ bool Inflator::DecodeBody()
throw BadBlockErr();
unsigned int bits;
case LENGTH_BITS:
CRYPTOPP_ASSERT(m_literal-257 < COUNTOF(lengthExtraBits));
bits = lengthExtraBits[m_literal-257];
if (!m_reader.FillBuffer(bits))
{
m_nextDecode = LENGTH_BITS;
break;
}
CRYPTOPP_ASSERT(m_literal-257 < COUNTOF(lengthStarts));
m_literal = m_reader.GetBits(bits) + lengthStarts[m_literal-257];
case DISTANCE:
if (!distanceDecoder.Decode(m_reader, m_distance))
@ -550,12 +556,20 @@ bool Inflator::DecodeBody()
break;
}
case DISTANCE_BITS:
// TODO: this surfaced during fuzzing. What do we do???
CRYPTOPP_ASSERT(m_distance < COUNTOF(distanceExtraBits));
if (m_distance >= COUNTOF(distanceExtraBits))
throw BadDistanceErr();
bits = distanceExtraBits[m_distance];
if (!m_reader.FillBuffer(bits))
{
m_nextDecode = DISTANCE_BITS;
break;
}
// TODO: this surfaced during fuzzing. What do we do???
CRYPTOPP_ASSERT(m_distance < COUNTOF(distanceStarts));
if (m_distance >= COUNTOF(distanceStarts))
throw BadDistanceErr();
m_distance = m_reader.GetBits(bits) + distanceStarts[m_distance];
OutputPast(m_literal, m_distance);
}

4
zinflate.h
View File

@ -98,8 +98,12 @@ public:
Err(ErrorType e, const std::string &s)
: Exception(e, s) {}
};
//! \brief Exception thrown when a truncated stream is encountered
class UnexpectedEndErr : public Err {public: UnexpectedEndErr() : Err(INVALID_DATA_FORMAT, "Inflator: unexpected end of compressed block") {}};
//! \brief Exception thrown when a bad block is encountered
class BadBlockErr : public Err {public: BadBlockErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in compressed block") {}};
//! \brief Exception thrown when an invalid distance is encountered
class BadDistanceErr : public Err {public: BadDistanceErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in bit distance") {}};
//! \brief RFC 1951 Decompressor
//! \param attachment the filter's attached transformation